Change log for libsepol package in Ubuntu
| 1 → 57 of 57 results | First • Previous • Next • Last |
libsepol (3.5-2build1) noble; urgency=high * No change rebuild for 64-bit time_t and frame pointers. -- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 18:07:01 +0200
Available diffs
- diff from 3.5-2 (in Debian) to 3.5-2build1 (606 bytes)
libsepol (3.5-2) unstable; urgency=medium
* Move libsepol.so.2 to /usr.
The move is done directly (without using dh_movetousr) as I don't think
we'll have to backport this package. (Closes: #1055921)
-- Laurent Bigonville <email address hidden> Fri, 24 Nov 2023 15:46:38 +0100
Available diffs
- diff from 3.5-1 to 3.5-2 (605 bytes)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
libsepol (3.5-1) unstable; urgency=medium
* New upstream release
- Drop d/p/0001-libsepol-fix-validation-of-user-declarations-in-modu.patch:
applied upstream
* debian/upstream/signing-key.asc: Add public key of Jason Zaman
* debian/control: Bump Standards-Version to 4.6.2 (no further changes)
-- Laurent Bigonville <email address hidden> Sat, 08 Jul 2023 22:44:16 +0200
Available diffs
- diff from 3.4-2.1 to 3.5-1 (45.8 KiB)
libsepol (3.4-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix "Inaccurate copyright file" (Closes: #1031798) -- Tobias Frost <email address hidden> Wed, 24 May 2023 16:43:03 +0200
Available diffs
- diff from 3.4-2 to 3.4-2.1 (2.1 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
libsepol (3.4-2) unstable; urgency=medium
* fix validation of user declarations in modules, patch proposed upstream
(Closes: #1012503)
-- Laurent Bigonville <email address hidden> Wed, 15 Jun 2022 09:56:48 +0200
Available diffs
- diff from 3.4-1 to 3.4-2 (1.5 KiB)
libsepol (3.4-1) unstable; urgency=medium
* New upstream release
- debian/libsepol2.symbols: Add newly exported symbols
* Enable GPG key validation of the upstream tarball
* debian/control: Bump Standards-Version to 4.6.0 (no further changes)
-- Laurent Bigonville <email address hidden> Sat, 04 Jun 2022 11:12:29 +0200
Available diffs
libsepol (3.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36084.patch: alter destruction of
classperms list when resetting classpermission by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36084
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36085.patch: alter destruction of
classperms when resetting a perm by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36085
* SECURITY UPDATE: use-after-free in cil_reset_classpermission
- debian/patches/CVE-2021-36086.patch: prevent
cil_reset_classperms_set from resetting classpermission by
setting it to NULL in cil/src/cil_reset_ast.c
- CVE-2021-36086
* SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
- debian/patches/CVE-2021-36087.patch: check if a tunable
declaration, in-statement, block, blockabstract, or macro definition
is found within an optional in cil/src/cil_build_ast.c and
cil/src/cil_resolve_ast.c
- CVE-2021-36087
-- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 11:21:29 +0200
Available diffs
libsepol (3.1-1ubuntu2.1) impish-security; urgency=medium
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36084.patch: alter destruction of
classperms list when resetting classpermission by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36084
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36085.patch: alter destruction of
classperms when resetting a perm by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36085
* SECURITY UPDATE: use-after-free in cil_reset_classpermission
- debian/patches/CVE-2021-36086.patch: prevent
cil_reset_classperms_set from resetting classpermission by
setting it to NULL in cil/src/cil_reset_ast.c
- CVE-2021-36086
* SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
- debian/patches/CVE-2021-36087.patch: check if a tunable
declaration, in-statement, block, blockabstract, or macro definition
is found within an optional in cil/src/cil_build_ast.c and
cil/src/cil_resolve_ast.c
- CVE-2021-36087
-- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 12:52:40 +0200
Available diffs
libsepol (2.7-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36084.patch: alter destruction of
classperms list when resetting classpermission by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36084
* SECURITY UPDATE: use-after-free in __cil_verify_classperms
- debian/patches/CVE-2021-36085.patch: alter destruction of
classperms when resetting a perm by avoiding
deleting the inner data in cil/src/cil_reset_ast.c
- CVE-2021-36085
* SECURITY UPDATE: use-after-free in cil_reset_classpermission
- debian/patches/CVE-2021-36086.patch: prevent
cil_reset_classperms_set from resetting classpermission by
setting it to NULL in cil/src/cil_reset_ast.c
- CVE-2021-36086
* SECURITY UPDATE: heap-based buffer over-read in ebitmap_match_any
- debian/patches/CVE-2021-36087.patch: check if a tunable
declaration, in-statement, block, blockabstract, or macro definition
is found within an optional in cil/src/cil_build_ast.c and
cil/src/cil_resolve_ast.c
- CVE-2021-36087
-- David Fernandez Gonzalez <email address hidden> Tue, 26 Apr 2022 12:52:52 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
libsepol (3.3-1build1) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode <email address hidden> Thu, 24 Mar 2022 17:13:49 +0100
Available diffs
- diff from 3.1-1ubuntu2 (in Ubuntu) to 3.3-1build1 (85.1 KiB)
- diff from 3.3-1 (in Debian) to 3.3-1build1 (623 bytes)
libsepol (3.3-1) unstable; urgency=medium
* debian/libsepol2.symbols: Fix the name of the -dev package, ouupsie
* New upstream version 3.3 (Closes: #989434, #990526, CVE-2021-36084,
CVE-2021-36085, CVE-2021-36086, CVE-2021-36087)
* debian/libsepol2.symbols: Add newly exported symbols
-- Laurent Bigonville <email address hidden> Sun, 07 Nov 2021 22:40:09 +0100
Available diffs
- diff from 3.1-1ubuntu2 (in Ubuntu) to 3.3-1 (85.0 KiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
libsepol (3.1-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:18:08 +0200
Available diffs
- diff from 3.1-1ubuntu1 to 3.1-1ubuntu2 (352 bytes)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
libsepol (3.1-1ubuntu1) hirsute; urgency=medium
* Don't build with lto. Fedora has a patch enabling this, but also
removing some symbols.
-- Matthias Klose <email address hidden> Mon, 22 Mar 2021 21:39:25 +0100
Available diffs
- diff from 3.1-1 (in Debian) to 3.1-1ubuntu1 (599 bytes)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
libsepol (3.1-1) unstable; urgency=medium
* New upstream release
* debian/rules: Add -fno-semantic-interposition to the CFLAGS
(Closes: #961329)
-- Laurent Bigonville <email address hidden> Tue, 14 Jul 2020 15:44:40 +0200
Available diffs
- diff from 3.0-1 to 3.1-1 (29.3 KiB)
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
libsepol (3.0-1) unstable; urgency=medium
* New upstream release
- debian/libsepol1.symbols: Add newly exported symbols
* debian/control: Bump Standards-Version to 4.4.1 (no further changes)
* Bump debhelper compatibility to 12, remove override for dh_missing
* debian/control: Drop explicit build-dep against dpkg-dev (>= 1.16.0), that
version is available for age
-- Laurent Bigonville <email address hidden> Tue, 10 Dec 2019 15:47:14 +0100
Available diffs
- diff from 2.9-2 to 3.0-1 (26.7 KiB)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
libsepol (2.9-2) unstable; urgency=medium * Upload to unstable -- Laurent Bigonville <email address hidden> Sat, 06 Jul 2019 17:57:55 +0200
Available diffs
- diff from 2.9-1 to 2.9-2 (288 bytes)
libsepol (2.9-1) experimental; urgency=medium * New upstream release * debian/watch: Adjust the URL * debian/control: Bump Standards-Version to 4.3.0 (no further changes) * debian/sepol-utils.install: Install manpages in Russian -- Laurent Bigonville <email address hidden> Sun, 17 Mar 2019 19:09:02 +0100
Available diffs
- diff from 2.8-1 to 2.9-1 (9.1 KiB)
| Superseded in eoan-release |
| Obsolete in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
libsepol (2.8-1) unstable; urgency=medium
* New upstream release
- Drop debian/patches/sctp, merged upstream
- debian/libsepol1.symbols: Add new exported symbols
* debian/control: Point Vcs-* fields to new (salsa) machine
* debian/control: Bump Standards-Version to 4.1.4 (no further changes)
* debian/rules: Adjust to match upstream changes to the build system
* debian/rules: Use dh_missing --list-missing instead of dh_install
* debian/control: Downgrade libsepol1 to Priority: optional
* debian/copyright: Fix a spelling error, thanks to lintian
-- Laurent Bigonville <email address hidden> Mon, 28 May 2018 14:52:00 +0200
Available diffs
- diff from 2.7-2 to 2.8-1 (12.1 KiB)
libsepol (2.7-2) unstable; urgency=medium
* https://marc.info/?l=selinux&m=152078548332657&q=raw
Add the above patch for sctp support as part of fixing bug 895988.
-- Russell Coker <email address hidden> Sat, 19 May 2018 10:08:20 +1000
Available diffs
- diff from 2.7-1 to 2.7-2 (2.0 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
libsepol (2.7-1) unstable; urgency=medium
* New upstream release
* debian/control: Remove Manoj from the uploader list and add myself
instead. Thanks to him for all the work in the past.
* Bump debhelper compatibility to 10
* Bump Standards-Version to 4.1.0 (no further changes)
-- Laurent Bigonville <email address hidden> Sat, 09 Sep 2017 22:10:08 +0200
Available diffs
- diff from 2.6-2 to 2.7-1 (109.7 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
libsepol (2.6-2) unstable; urgency=medium
* Team upload.
* debian/patches/fix_use-after-free_python3.patch: Fix use-after-free when
using python3 bindings, this was preventing to modify/delete
bool|iface|user, from upstream (Closes: #846484)
-- Laurent Bigonville <email address hidden> Sun, 04 Dec 2016 00:19:56 +0100
Available diffs
- diff from 2.6-1 to 2.6-2 (1.3 KiB)
libsepol (2.6-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Make the build reproducible (Closes: #825656)
- Produce more meaningful error messages for conflicting type rules
(Closes: #832331)
* debian/libsepol1.symbols: Add the Build-Depends-Package field
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/gbp.conf: Rename git-buildpackage section to buildpackage
-- Laurent Bigonville <email address hidden> Thu, 27 Oct 2016 15:54:09 +0200
Available diffs
- diff from 2.5-1 to 2.6-1 (29.9 KiB)
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
libsepol (2.5-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Adjust .symbols file. The symbols are now versioned
* debian/gbp.conf: Sign tags by default
* debian/control: Bump Standards-Version to 3.9.7 (no further changes)
* debian/control: Fix Vcs-* URL's to please lintian (again)
* debian/rules: Pass --list-missing to dh_install
-- Laurent Bigonville <email address hidden> Sun, 24 Apr 2016 15:15:01 +0200
Available diffs
- diff from 2.4-2 to 2.5-1 (131.6 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
libsepol (2.4-2) unstable; urgency=medium
* Team upload.
* Upload to unstable
* debian/control: Use ${misc:Pre-Depends} instead of pre-depending directly
against multiarch-support
-- Laurent Bigonville <email address hidden> Wed, 18 Nov 2015 17:53:15 +0100
Available diffs
- diff from 2.3-2 to 2.4-2 (236.0 KiB)
libsepol (2.2-1ubuntu0.1) trusty; urgency=medium
[ Laurent Bigonville ]
* Drop debian/libsepol1.postinst: Which had unguarded `telinit u' call,
which is not strictly needed and otherwise causes unwatned side
effects to the init process. (Closes: #753727) (LP: #1331555)
-- Dimitri John Ledkov <email address hidden> Wed, 26 Nov 2014 00:26:53 +0000
Available diffs
- diff from 2.2-1 (in Debian) to 2.2-1ubuntu0.1 (655 bytes)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
libsepol (2.3-2) unstable; urgency=medium
* Drop debian/libsepol1.postinst: Reloading systemd during an upgrade in an
uncontroled way might endup with unwanted side effects (Closes: #753727)
-- Laurent Bigonville <email address hidden> Sun, 31 Aug 2014 20:02:14 +0200
Available diffs
- diff from 2.3-1 to 2.3-2 (572 bytes)
libsepol (2.3-1) unstable; urgency=medium * Team upload. * New upstream release * debian/control: Mark -dev package as Multi-arch: same. (Closes: #738049) * debian/control: Bump Standards-Version to 3.9.5 (no further changes) -- Laurent Bigonville <email address hidden> Tue, 13 May 2014 17:35:24 +0200
Available diffs
- diff from 2.2-1 to 2.3-1 (5.3 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
libsepol (2.2-1) unstable; urgency=low
* Team upload.
* New upstream release
- Drop debian/patches/fix-pc-file.patch: Merged upstream
* debian/control: Bump Standards-Version to 3.9.4 (no further changes)
* debian/control: Use canonical URL for VCS-Git field
-- Laurent Bigonville <email address hidden> Fri, 01 Nov 2013 13:02:59 +0100
Available diffs
- diff from 2.1.9-2 to 2.2-1 (10.8 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
libsepol (2.1.9-2) unstable; urgency=low * Team upload. * debian/rules: Really fix cross-compilation (Closes: #688878) -- Laurent Bigonville <email address hidden> Mon, 20 May 2013 16:21:35 +0200
Available diffs
libsepol (2.1.9-1ubuntu1) saucy; urgency=low
* Resynchronise with Debian. Remaining changes:
- Touch /var/run/init.upgraded rather than calling 'telinit u' in the
postinst, which causes a reboot when called in an Upstart chroot with
busybox init.
* Export CC as well as setting it, so that cross-builds work.
Available diffs
- diff from 2.1.4-3ubuntu2 to 2.1.9-1ubuntu1 (11.6 KiB)
libsepol (2.1.4-3ubuntu2) quantal; urgency=low * Specify CC so cross-builds work (LP: #1056975) -- Wookey <email address hidden> Wed, 26 Sep 2012 16:34:20 +0100
Available diffs
- diff from 2.1.4-3ubuntu1 to 2.1.4-3ubuntu2 (591 bytes)
| Superseded in quantal-release |
libsepol (2.1.4-3ubuntu1) quantal; urgency=low
* Touch /var/run/init.upgraded rather than calling 'telinit u' in the
postinst, which causes a reboot when called in an Upstart chroot with
busybox init.
-- Colin Watson <email address hidden> Tue, 18 Sep 2012 18:43:01 +0100
Available diffs
- diff from 2.1.4-3 (in Debian) to 2.1.4-3ubuntu1 (990 bytes)
libsepol (2.1.4-3) unstable; urgency=low * Team upload. * debian/rules: Append CPPFLAGS hardening flags to CFLAGS (Closes: #665316) * debian/control: Re-add Conflicts/Provides for the libsepol1-dev package -- Laurent Bigonville <email address hidden> Sun, 01 Apr 2012 00:56:03 +0200
Available diffs
- diff from 2.1.0-1.2 (in Ubuntu) to 2.1.4-3 (29.3 KiB)
libsepol (2.1.0-1.2) unstable; urgency=low
* Non-maintainer upload since maintainer is busy
* Build for multiarch, setting Pre-Depends multiarch-support in our shared
lib package, closes: #638018
* Always use -n with gzip, to avoid encoding timestamps in the gzip file;
this ensures compressed docs and other files are identical across
multiple builds, required for multiarch.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 27 Dec 2011 20:44:42 +0000
Available diffs
- diff from 2.1.0-1.1 to 2.1.0-1.2 (1.7 KiB)
libsepol (2.1.0-1.1) unstable; urgency=low * Made it NOT be a Debian native package. * Made myself the maintainer as Manoj has been busy for a while.
Available diffs
- diff from 2.0.42-1 to 2.1.0-1.1 (10.3 KiB)
libsepol (2.0.42-1) unstable; urgency=low * New Upstream ver: Fix compliation under GCC 4.6 by Justin Mattock -- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:10:30 +0000
Available diffs
- diff from 2.0.41-1 to 2.0.42-1 (1.5 KiB)
libsepol (2.0.41-1) unstable; urgency=low
* Added myself to the uploaders.
* This version is a trivial new upstream release, so it seems that we might
as well just include it for Squeeze.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 27 May 2010 09:25:41 +0100
Available diffs
- diff from 2.0.40-2 to 2.0.41-1 (1.3 KiB)
libsepol (2.0.40-2) unstable; urgency=low
* Fix typo found by lintian.
* [25329c6]: [spelling fix]: cannnot -> cannot and suport -> support
This was reported after a lintian check found this on any package
linked with libsepol. Closes: #556390
Available diffs
- diff from 2.0.39-1 to 2.0.40-2 (2.0 KiB)
libsepol (2.0.39-1) unstable; urgency=low
* New upstream point release. Adds support for building Xen policies
from Paul Nuzzi.
Available diffs
- diff from 2.0.37-1 to 2.0.39-1 (13.3 KiB)
libsepol (2.0.37-1) unstable; urgency=low
* New upstream release
+ Add method to check disable dontaudit flag from Christopher Pardy.
-- Bhavani Shankar <email address hidden> Mon, 24 Aug 2009 13:04:43 +0100
Available diffs
- diff from 2.0.36-1 to 2.0.37-1 (5.3 KiB)
libsepol (2.0.36-1) unstable; urgency=low
* New upstream release
+ Fix boolean state smashing from Joshua Brindle.
+ Fix alias field in module format, caused by boundary format change
from Caleb Case.
+ Add bounds support from KaiGai Kohei.
+ Fix invalid aliases bug from Joshua Brindle.
+ Revert patch that removed expand_rule.
-- Muharem Hrnjadovic <email address hidden> Mon, 29 Jun 2009 22:46:38 +0100
Available diffs
- diff from 2.0.32-1ubuntu1 to 2.0.36-1 (10.1 KiB)
| Superseded in karmic-release |
libsepol (2.0.32-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
* Boolean state was not being read correctly from modules resulting in an
invalid compiled policy (LP: #344959).
Patch: http://userspace.selinuxproject.org/trac/changeset/3df79fc5ebf08a35aaa095b2ee3fd24b3ece6ae5
Available diffs
libsepol (2.0.30-2ubuntu1) jaunty; urgency=low
* Boolean state was not being read correctly from modules resulting in an
invalid compiled policy (LP: #344959).
-- Caleb Case <email address hidden> Tue, 17 Mar 2009 16:50:58 -0400
Available diffs
- diff from 2.0.30-2 to 2.0.30-2ubuntu1 (1019 bytes)
libsepol (2.0.30-2) unstable; urgency=low
* Added exec_prefix to libselinux.pc.
Closes: #489724
Available diffs
- diff from 2.0.20-0ubuntu3 to 2.0.30-2 (34.5 KiB)
libsepol (2.0.20-0ubuntu3) hardy; urgency=low
* src/libsepol.pc.in, src/Makefile:
- moved to a patch
* debian/patches/pc.patch, debian/patches/series:
- support for pkg-config minus changes to DESTDIR
-- Caleb Case <email address hidden> Fri, 29 Feb 2008 12:20:37 -0500
| Superseded in hardy-release |
libsepol (2.0.20-0ubuntu2) hardy; urgency=low
* src/libsepol.pc.in, src/Makefile, debian/libsepol1-dev.install:
Re-add missing libsepol.pc file for dpkg builds (LP: #194455).
* debian/sepol-utils.install: Re-add missing man pages.
-- Kees Cook <email address hidden> Sun, 24 Feb 2008 00:27:05 -0800
| Superseded in hardy-release |
libsepol (2.0.20-0ubuntu1) hardy; urgency=low
[ Caleb Case ]
* New upstream merge SVN HEAD.
+ Added support for policy capabilities from Todd Miller.
+ Prevent generation of policy.18 with MLS enabled from Todd Miller.
+ print module magic number in hex on mismatch, from Todd Miller.
+ clarify and reduce neverallow error reporting from Stephen Smalley.
+ Reject self aliasing at link time from Stephen Smalley.
+ Allow handle_unknown in base to be overridden by semanage.conf from
Stephen Smalley.
+ Fixed bug in require checking from Stephen Smalley.
+ Added user hierarchy checking from Todd Miller.
+ Pass CFLAGS to CC even on link command, per Dennis Gilmore.
+ Merged support for the handle_unknown policydb flag from Eric Paris.
+ Moved next_entry and put_entry out-of-line to reduce code size from
Ulrich Drepper.
+ Fixed module_package_read_offsets bug introduced by the prior patch.
+ Eliminate unaligned accesses from policy reading code from Stephen
Smalley.
+ Allow dontaudits to be turned off during policy expansion from
Joshua Brindle.
+ Fix sepol_context_clone to handle a NULL context correctly.
This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
to set the file context entry to "<<none>>".
+ Merged error handling patch from Eamon Walsh.
[ Joseph Jackson IV ]
* debian/control
- Update Debian Maintainer field
-- Caleb Case <email address hidden> Sat, 09 Feb 2008 21:36:22 -0500
libsepol (2.0.3-1) unstable; urgency=low
* New upstream bugfix SVN HEAD.
+ Merged fix from Karl to remap booleans at expand time to avoid holes
in the symbol table.
+ Merged add boolmap argument to expand_module_avrules() from Chris
PeBenito.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 08 May 2007 07:56:57 +0100
libsepol (2.0.1-1) unstable; urgency=low * New upstream release. This is the trunk, or development, version. * Merged patch to add errcodes.h to libsepol by Karl MacMillan.
libsepol (1.14-2build1) feisty; urgency=low * Rebuild for changes in the amd64 toolchain. -- Matthias Klose <email address hidden> Mon, 5 Mar 2007 01:21:22 +0000
libsepol (1.14-2) unstable; urgency=high
* Compile with -fPIC instead of -fpic. This fixes a FTBS for rpm on
sparc.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 16 Nov 2006 17:05:52 +0000
libsepol (1.14-1) unstable; urgency=medium
* New upstream release
* Build libsepol's static object files with -fpic
* Updated version for release.
libsepol (1.12-1) unstable; urgency=low
* New upstream release
* Updated version for release.
* Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
* Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
* Merged sepol_policydb_mls_enabled interface and error handling
changes from Ivan Gyurdiev.
* Merged node_expand_addr bugfix and node_compare* change from
Ivan Gyurdiev.
* Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
* Merged bug fix patch from Ivan Gyurdiev.
* Added a defined flag to level_datum_t for use by checkpolicy.
* Merged nodecon support patch from Ivan Gyurdiev.
* Merged cleanups patch from Ivan Gyurdiev.
* Merged optionals in base patch from Joshua Brindle.
* Merged seuser/user_extra support patch from Joshua Brindle.
* Merged fix patch from Ivan Gyurdiev.
* Merged clone record on set_con patch from Ivan Gyurdiev.
* Merged assertion copying bugfix from Joshua Brindle.
* Merged sepol_av_to_string patch from Joshua Brindle.
* Merged cond_expr mapping and package section count bug fixes
from Joshua Brindle.
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
* Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
* Merged 2nd const in APIs patch from Ivan Gyurdiev.
* Merged const in APIs patch from Ivan Gyurdiev.
* Merged compare2 function patch from Ivan Gyurdiev.
* Fixed hierarchy checker to only check allow rules.
* Merged further fixes from Russell Coker, specifically:
- av_to_string overflow checking
- sepol_context_to_string error handling
- hierarchy checking memory leak fixes and optimizations
- avrule_block_read variable initialization
* Marked deprecated code in genbools and genusers.
* Merged bugfix for sepol_port_modify from Russell Coker.
* Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
* Merged port ordering patch from Ivan Gyurdiev.
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- support ordering of records in compare function
- enable port interfaces
- add interfaces for context validity and range checks
- add include guards
* Fixed mls_range_cpy bug.
| Superseded in edgy-release |
| Obsolete in dapper-release |
| Superseded in dapper-release |
| Superseded in dapper-release |
libsepol (1.10-1) unstable; urgency=low
* New upstream release
* Updated version for release.
* Dropped handle from user_del_role interface.
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
* Merged module function and map file cleanup from Ivan Gyurdiev.
* Merged MLS and genusers cleanups from Ivan Gyurdiev.
Prepare for removal of booleans* and *.users files.
* Cleaned up sepol_genbools to not regenerate the image if
there were no changes in the boolean values, including the
degenerate case where there are no booleans or booleans.local
files.
* Cleaned up sepol_genusers to not warn on missing local.users.
* Removed sepol_port_* from libsepol.map, as the port interfaces
are not yet stable.
* Merged context destroy cleanup patch from Ivan Gyurdiev.
* Merged context_to_string interface change patch from Ivan Gyurdiev.
* Added src/dso.h and src/*_internal.h.
Added hidden_def for exported symbols used within libsepol.
Added hidden for symbols that should not be exported by
the wildcards in libsepol.map.
* Merged record interface, record bugfix, and set_roles patches
from Ivan Gyurdiev.
* Merged count specification change from Ivan Gyurdiev.
* Added further checking and error reporting to
sepol_module_package_read and _info.
* Merged sepol handle passing, DEBUG conversion, and memory leak
fix patches from Ivan Gyurdiev.
* Removed processing of system.users from sepol_genusers and
dropped delusers logic.
* Removed policydb_destroy from error path of policydb_read,
since create/init/destroy/free of policydb is handled by the
caller now.
* Fixed sepol_module_package_read to handle a failed policydb_read
properly.
* Merged query/exists and count patches from Ivan Gyurdiev.
* Merged fix for pruned types in expand code from Joshua Brindle.
* Merged new module package format code from Joshua Brindle.
* Merged context interface cleanup, record conversion code,
key passing, and bug fix patches from Ivan Gyurdiev.
* Merged users cleanup patch from Ivan Gyurdiev.
* Merged user record memory leak fix from Ivan Gyurdiev.
* Merged reorganize users patch from Ivan Gyurdiev.
* Added check flag to expand_module() to control assertion
and hierarchy checking on expansion.
* Reworked check_assertions() and hierarchy_check_constraints()
to take handles and use callback-based error reporting.
* Changed expand_module() to call check_assertions() and
hierarchy_check_constraints() prior to returning the expanded
policy.
* Changed sepol_module_package_set_file_contexts to copy the
file contexts data since it is internally managed.
* Added sepol_policy_file_set_handle interface to associate
a handle with a policy file.
* Added handle argument to policydb_from_image/to_image.
* Added sepol_module_package_set_file_contexts interface.
* Dropped sepol_module_package_create_file interface.
* Reworked policydb_read/write, policydb_from_image/to_image,
and sepol_module_package_read/write to use callback-based error
reporting system rather than DEBUG.
* Reworked link_packages, link_modules, and expand_module to use
callback-based error reporting system rather than error buffering.
* Merged conditional expression mapping fix in the module linking
code from Joshua Brindle.
* Hid sepol_module_package type definition, and added get interfaces.
* Merged new callback-based error reporting system from Ivan
Gyurdiev.
* Merged support for require blocks inside conditionals from
Joshua Brindle (Tresys).
* Fixed use of policydb_from_image/to_image to ensure proper
init of policydb.
* Isolated policydb internal headers under <sepol/policydb/*.h>.
These headers should only be used by users of the static libsepol.
Created new <sepol/policydb.h> with new public types and interfaces
for shared libsepol.
Created new <sepol/module.h> with public types and interfaces moved
or wrapped from old module.h, link.h, and expand.h, adjusted for
new public types for policydb and policy_file.
Added public interfaces to libsepol.map.
Some implementation changes visible to users of the static libsepol:
1) policydb_read no longer calls policydb_init.
Caller must do so first.
2) policydb_init no longer takes policy_type argument.
Caller must set policy_type separately.
3) expand_module automatically enables the global branch.
Caller no longer needs to do so.
4) policydb_write uses the policy_type and policyvers from the
policydb itself, and sepol_set_policyvers() has been removed.
* Merged function renaming and static cleanup from Ivan Gyurdiev.
* Merged bug fix for check_assertions handling of no assertions
from Joshua Brindle (Tresys).
* Merged iterate patch from Ivan Gyurdiev.
* Merged MLS in modules patch from Joshua Brindle (Tresys).
* Merged pointer typedef elimination patch from Ivan Gyurdiev.
* Merged user list function, new mls functions, and bugfix patch
from Ivan Gyurdiev.
* Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
* Merged bug fix patches from Joshua Brindle (Tresys).
* Merged boolean record and memory leak fix patches from Ivan
Gyurdiev.
* Merged interface record patch from Ivan Gyurdiev.
* Merged fix for sepol_enable/disable_debug from Ivan
Gyurdiev.
* Merged stddef.h patch and debug conversion patch from
Ivan Gyurdiev.
* Fixed expand_avtab and expand_cond_av_list to keep separate
entries with identical keys but different enabled flags.
-- Manoj Srivastava <email address hidden> Sat, 10 Dec 2005 17:49:28 -0600
libsepol (1.8-1) unstable; urgency=low
* New upstream release
* Updated version for release.
* Fixed symtab_insert return value for duplicate declarations.
* Merged fix for memory error in policy_module_destroy from
Jason Tang (Tresys).
* Merged fix for memory leak in sepol_context_to_sid from
Jason Tang (Tresys).
* Merged fixes for resource leaks on error paths and
change to scope_destroy from Joshua Brindle (Tresys).
* Merged more fixes for resource leaks on error paths
from Serge Hallyn (IBM). Bugs found by Coverity.
* Changed to treat all type conflicts as fatal errors.
* Merged several error handling fixes from
Serge Hallyn (IBM). Bugs found by Coverity.
* Fixed further memory leaks found by valgrind.
* Fixed several memory leaks found by valgrind.
* Fixed empty list test in cond_write_av_list. Bug found by
Coverity, reported by Serge Hallyn (IBM).
* Merged patch to policydb_write to check errors
when writing the type->attribute reverse map from
Serge Hallyn (IBM). Bug found by Coverity.
* Fixed policydb_destroy to properly handle NULL type_attr_map
or attr_type_map.
* Fixed use of uninitialized data by expand_avtab_node by
clearing type_val_to_struct in policydb_index_others.
* Improved memory use by SELinux by both reducing the avtab
node size and reducing the number of avtab nodes (by not
expanding attributes in TE rules when possible). Added
expand_avtab and expand_cond_av_list functions for use by
assertion checker, hierarchy checker, compatibility code,
and dispol. Added new inline ebitmap operators and converted
existing users of ebitmaps to the new operators for greater
efficiency.
Note: The binary policy format version has been incremented to
version 20 as a result of these changes.
* Fixed bug in constraint_node_clone handling of name sets.
* Fix range_trans_clone to map the type values properly.
* Merged patch to move module read/write code from libsemanage
to libsepol from Jason Tang (Tresys).
* Enabled further compiler warning flags and fixed them.
* Merged user, context, port records patch from Ivan Gyurdiev.
* Merged key extract function patch from Ivan Gyurdiev.
* Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
* Merged context reorganization, memory leak fixes,
port and interface loading, replacements for genusers and
genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
* Merged uninitialized variable bugfix from Dan Walsh.
* Merged debug support, policydb conversion functions from Ivan
Gyurdiev (Red Hat).
* Removed genpolbools and genpolusers utilities.
* Merged hierarchy check fix from Joshua Brindle (Tresys).
* Merged header file cleanup and memory leak fix from Ivan Gyurdiev
(Red Hat).
* Merged genbools debugging message cleanup from Red Hat.
* Merged loadable module support from Tresys Technology.
* libsepol1: Priority should be required, thanks to Matt Kraai.
(Closes: 328041)
-- Manoj Srivastava <email address hidden> Wed, 14 Sep 2005 15:36:54 -0500
libsepol (1.6-1) unstable; urgency=low
* New upstream release
* Updated version for release.
* License changed to LGPL v2.1, see COPYING.
* Added sepol_genbools_policydb and sepol_genusers_policydb for
audit2why.
* Added sepol_ prefix to Flask types to avoid
namespace collision with libselinux.
* Added sepol_compute_av_reason() for audit2why.
* Fixed bug in role hierarchy checker.
* Merged hierarchical type/role patch from Tresys Technology.
* Merged MLS fixes from Darrel Goeddel of TCS.
* Changed sepol_genusers to not delete users by default,
and added a sepol_set_delusers function to enable deletion.
Also, removed special case handling of system_u and user_u.
* Merged booleans.local patch from Dan Walsh.
* Added man page for sepol_check_context.
* Added man page for sepol_genusers function.
* Merged man pages for genpolusers and chkcon from Manoj Srivastava.
-- Manoj Srivastava <email address hidden> Mon, 27 Jun 2005 13:40:28 -0500
libsepol (1.2-2) unstable; urgency=low
* Update download location and copyright file, since the locations we
were pointing to are now forbidden (return a code 403).
-- Manoj Srivastava <email address hidden> Wed, 24 Nov 2004 14:02:32 -0600
| 1 → 57 of 57 results | First • Previous • Next • Last |
