Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libsepol-utils-3.5-slfo.1.1.8 RPM for s390x

From OpenSuSE Leap 16.0 for s390x

Name: libsepol-utils Distribution: SUSE Linux Framework One
Version: 3.5 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.8 Build date: Fri Aug 23 16:52:51 2024
Group: System/Base Build host: s390zl32
Size: 64503 Source RPM: libsepol-3.5-slfo.1.1.8.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
Summary: SELinux binary policy manipulation tools
 
libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing
policy boolean settings.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Fri Feb 24 2023 jsegitz@suse.com
  - Update to version 3.5
    * Stricter policy validation
    * do not write empty class definitions to allow simpler round-trip tests
    * reject attributes in type av rules for kernel policies
  - Added additional developer key (Jason Zaman)
* Mon May 09 2022 jsegitz@suse.com
  - Update to version 3.4
    * Add 'ioctl_skip_cloexec' policy capability
    * Add sepol_av_perm_to_string
    * Add policy utilities
    * Support IPv4/IPv6 address embedding
    * Hardened/added many validations
    * Add support for file types in writing out policy.conf
    * Allow optional file type in genfscon rules
* Thu Nov 11 2021 jsegitz@suse.com
  - Update to version 3.3
    * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
      are all included
    * Lot of smaller fixes identified by fuzzing
* Wed Jul 21 2021 jsegitz@suse.com
  - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
    Added CVE-2021-36087.patch
* Mon Jul 05 2021 jsegitz@suse.com
  - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
    Added CVE-2021-36085.patch
  - Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
    Added CVE-2021-36086.patch
* Tue Mar 09 2021 jsegitz@suse.com
  - Update to version 3.2
    * more space-efficient form of storing filename transitions in the binary
      policy and reduced the size of the binary policy
    * dropped old and deprecated symbols and functions. Version was bumped to
      libsepol.so.2
* Thu Oct 29 2020 lnussel@suse.de
  - install to /usr (boo#1029961)
* Tue Jul 14 2020 jsegitz@suse.com
  - Update to version 3.1
    * Add support for new polcap genfs_seclabel_symlinks
    * Initialize the multiple_decls field of the cil db
    * Return error when identifier declared as both type and attribute
    * Write CIL default MLS rules on separate lines
    * Sort portcon rules consistently
    * Remove leftovers of cil_mem_error_handler
    * Drop remove_cil_mem_error_handler.patch, is included
* Mon Apr 27 2020 mliska@suse.cz
  - Enable -fcommon in order to fix boo#1160874.
* Tue Mar 03 2020 jsegitz@suse.de
  - Update to version 3.0
    * cil: Allow validatetrans rules to be resolved
    * cil: Report disabling an optional block only at high verbose levels
    * cil: do not dereference perm_value_to_cil when it has not been allocated
    * cil: fix mlsconstrain segfault
    * Further improve binary policy optimization
    * Make an unknown permission an error in CIL
    * Remove cil_mem_error_handler() function pointer
    * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
    * Add a function to optimize kernel policy
    * Add ebitmap_for_each_set_bit macro
    Dropped fnocommon.patch as it's included upstream
* Thu Jan 30 2020 jsegitz@suse.de
  - Add fnocommon.patch to prevent build failures on gcc10 and
    remove_cil_mem_error_handler.patch to prevent build failures due to
    leftovers from the removal of cil_mem_error_handler (bsc#1160874)
* Thu Jun 20 2019 mliska@suse.cz
  - Disable LTO due to symbol versioning (boo#1138813).
* Wed Mar 20 2019 jsegitz@suse.com
  - Update to version 2.9
    * Add two new Xen initial SIDs
    * Check that initial sid indexes are within the valid range
    * Create policydb_sort_ocontexts()
    * Eliminate initial sid string definitions in module_to_cil.c
    * Rename kernel_to_common.c stack functions
    * add missing ibendport port validity check
    * destroy the copied va_list
    * do not call malloc with 0 byte
    * do not leak memory if list_prepend fails
    * do not use uninitialized value for low_value
    * fix endianity in ibpkey range checks
    * ibpkeys.c: fix printf format string specifiers for subnet_prefix
    * mark permissive types when loading a binary policy
* Thu Nov 08 2018 jengelh@inai.de
  - Use more %make_install.
* Thu Nov 08 2018 jsegitz@suse.com
  - Adjusted source urls (bsc#1115052)
* Wed Oct 17 2018 jsegitz@suse.com
  - Update to version 2.8 (bsc#1111732)
    For changes please see
    https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
* Wed May 16 2018 mcepl@suse.com
  - Rebase to 2.7
    For changes please see
    https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
* Fri Nov 24 2017 jsegitz@suse.com
  - Update to version 2.6. Notable changes:
    * Add support for converting extended permissions to CIL
    * Create user and role caches when building binary policy
    * Check for too many permissions in classes and commons in CIL
    * Fix xperm mapping between avrule and avtab
    * Produce more meaningful error messages for conflicting type rules in CIL
    * Change which attributes CIL keeps in the binary policy
    * Warn instead of fail if permission is not resolved
    * Ignore object_r when adding userrole mappings to policydb
    * Correctly detect unknown classes in sepol_string_to_security_class
    * Fix neverallowxperm checking on attributes
    * Only apply bounds checking to source types in rules
    * Fix CIL and not add an attribute as a type in the attr_type_map
    * Fix extended permissions neverallow checking
    * Fix CIL neverallow and bounds checking
    * Add support for portcon dccp protocol
* Fri Jul 15 2016 jengelh@inai.de
  - Update RPM groups, trim description and combine filelist entries.
* Thu Jul 14 2016 mpluskal@suse.com
  - Cleanup spec file with spec-cleaner
  - Make spec file a bit more easy
  - Ship new supbackage (-tools)
* Thu Jul 14 2016 jsegitz@novell.com
  - Without bug number no submit to SLE 12 SP2 is possible, so to make
    sle-changelog-checker happy: bsc#988977
* Thu Jul 14 2016 jsegitz@novell.com
  - Adjusted source link
* Tue Jul 05 2016 i@marguerite.su
  - update version 2.5
    * Fix unused variable annotations
    * Fix uninitialized variable in CIL
    * Validate extended avrules and permissionxs in CIL
    * Add support in CIL for neverallowx
    * Fully expand neverallowxperm rules
    * Add support for unordered classes to CIL
    * Add neverallow support for ioctl extended permissions
    * Improve CIL block and macro call recursion detection
    * Fix CIL uninitialized false positive in cil_binary
    * Provide error in CIL if classperms are empty
    * Add userattribute{set} functionality to CIL
    * fix CIL blockinherit copying segfault and add macro restrictions
    * fix CIL NULL pointer dereference when copying classpermission/set
    * Add CIL support for ioctl whitelists
    * Fix memory leak when destroying avtab
    * Replace sscanf in module_to_cil
    * Improve CIL resolution error messages
    * Fix policydb_read for policy versions < 24
    * Added CIL bounds checking and refactored CIL Neverallow checking
    * Refactored libsepol Neverallow and bounds (hierarchy) checking
    * Treat types like an attribute in the attr_type_map
    * Add new ebitmap function named ebitmap_match_any()
    * switch operations to extended perms
    * Write auditadm_r and secadm_r roles to base module when writing CIL
    * Fix module to CIL to only associate declared roleattributes with in-scope types
    * Don't allow categories/sensitivities inside blocks in CIL
    * Replace fmemopen() with internal function in libsepol
    * Verify users prior to evaluating users in cil
    * Binary modules do not support ioctl rules
    * Add support for ioctl command whitelisting
    * Don't use symbol versioning for static object files
    * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(),
      and sepol_ppfile_to_module_package()
    * Move secilc out of libsepol
    * fix building Xen policy with devicetreecon, and add devicetreecon
      CIL documentation
    * bool_copy_callback set state on creation
    * Add device tree ocontext nodes to Xen policy
    * Widen Xen IOMEM context entries
    * Fix error path in mls_semantic_level_expand()
    * Update to latest CIL, includes new name resolution and fixes ordering
      issues with blockinherit statements, and bug fixes
  - changes in 2.4
    * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
    * Fix bugs found by hardened gcc flags
    * Build CIL into libsepol. libsepol can be built without CIL by setting the
      DISABLE_CIL flag to 'y'
    * Add an API function to set target_platform
    * Report all neverallow violations
    * Improve check_assertions performance
    * Allow libsepol C++ static library on device
* Fri May 16 2014 vcizek@suse.com
  - update to 2.3
    * Improve error message for name-based transition conflicts.
    * Revert libsepol: filename_trans: use some better sorting to compare and merge.
    * Report source file and line information for neverallow failures.
    * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
    * Add sepol_validate_transition_reason_buffer function from Richard Haines.
  - dropped libsepol-2.1.4-role_fix_callback.patch (upstream)
* Thu Oct 31 2013 p.drouand@gmail.com
  - Update to version 2.2
    * Allow constraint denial cause to be determined
    - Add kernel policy version 29.
    - Add modular policy version 17.
    - Add sepol_compute_av_reason_buffer(), sepol_string_to_security
      _class(), sepol_string_to_av_perm().
    * Support overriding Makefile RANLIB
    * Fix man pages
  - Remove libsepol-rhat.patch; merged on upstream
* Thu Jun 27 2013 vcizek@suse.com
  - change the source url to the official 2.1.9 release tarball
* Sat Jun 22 2013 crrodriguez@opensuse.org
  - Build with LFS_CFLAGS for 32 bit archs
* Fri Apr 05 2013 vcizek@suse.com
  - remove a debugging artifact in spec
* Thu Apr 04 2013 vcizek@suse.com
  - fixed source url
* Wed Feb 13 2013 vcizek@suse.com
  - update to 2.1.9
    * filename_trans: use some better sorting to compare and merge
    * coverity fixes
    * implement default type policy syntax
    * Fix memory leak issues found by Klocwork
  - added libsepol-rhat.patch
* Mon Jan 07 2013 jengelh@inai.de
  - Remove obsolete defines/sections
* Mon Dec 10 2012 p.drouand@gmail.com
  - Update to 2.1.8 version:
    * fix neverallow checking on attributes
    * Move context_copy() after switch block in ocontext_copy_*().
    * check for missing initial SID labeling statement.
    * Add always_check_network policy capability
    * role_fix_callback skips out-of-scope roles during expansion.
* Thu Oct 25 2012 vcizek@suse.com
  - skip roles which are out of scope when expanding attributes
  - needed for building selinux-policy
* Wed Jul 25 2012 meissner@suse.com
  - updated to 2.1.4
    - lots of updates
* Wed Oct 05 2011 uli@suse.com
  - cross-build fix: use %__cc macro
* Mon Jun 28 2010 jengelh@medozas.de
  - use %_smp_mflags
* Sat Apr 24 2010 coolo@novell.com
  - buildrequire pkg-config to fix provides
* Thu Feb 25 2010 prusnak@suse.cz
  - updated to 2.0.41
    * changes too numerous to list
* Sun Dec 13 2009 jengelh@medozas.de
  - add baselibs.conf as a source
* Wed Nov 11 2009 crrodriguez@opensuse.org
  - libsepol-devel Requires glibc-devel
* Fri Jun 19 2009 prusnak@suse.cz
  - put static library in libsepol-devel-static
* Wed May 27 2009 prusnak@suse.cz
  - updated to 2.0.36
    * fix alias field in module format, caused by boundary format
      change from Caleb Case
    * fix boolean state smashing from Joshua Brindle
* Mon Dec 01 2008 prusnak@suse.cz
  - updated to 2.0.34
    * add bounds support
    * fix invalid aliases bug
* Wed Oct 22 2008 mrueckert@suse.de
  - fix debug_packages_requires define
* Tue Sep 23 2008 prusnak@suse.cz
  - require only version, not release [bnc#429053]
* Fri Aug 22 2008 prusnak@suse.cz
  - added baselibs.conf file
* Fri Aug 01 2008 ro@suse.de
  - fix requires for debuginfo package
* Tue Jul 15 2008 prusnak@suse.cz
  - initial version 2.0.32
    * based on Fedora package by Dan Walsh <dwalsh@redhat.com>

Files

/usr/bin/chkcon
/usr/bin/sepol_check_access
/usr/bin/sepol_compute_av
/usr/bin/sepol_compute_member
/usr/bin/sepol_compute_relabel
/usr/bin/sepol_validate_transition
/usr/share/man/man8/chkcon.8.gz
/usr/share/man/man8/genpolbools.8.gz
/usr/share/man/man8/genpolusers.8.gz
/usr/share/man/ru/man8/chkcon.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Sep 16 00:17:41 2024