refpolicy (2:0.0.20080702-1) unstable; urgency=low
* Update to latest upstream and take over the package as Manoj seems busy
on other things.
* Change the policy package names to selinux-policy-default and
selinux-policy-mls. Made selinux-policy-default do strict and targeted
(targeted by default).
* Optimise module loading to halve postinst time.
* Depend on the latest policycoreutils (which sets the right default in
/etc/selinux/config).
refpolicy (0.0.20080314-1) unstable; urgency=low
* New upstream SVN HEAD
- Add wireshark module based on ethereal module.
- Revise upstart support in init module to use a tunable, as upstart is now
used in Fedora too.
- Add iferror.m4 rather generate it out of the Makefiles.
- Definitions for open permisson on file and similar objects from Eric
Paris.
- Apt updates for ptys and logs, from Martin Orr.
- RPC update from Vaclav Ovsik.
- Exim updates on Debian from Devin Carrawy.
- Pam and samba updates from Stefan Schulze Frielinghaus.
- Backup update on Debian from Vaclav Ovsik.
- Cracklib update on Debian from Vaclav Ovsik.
- Label /proc/kallsyms with system_map_t.
- 64-bit capabilities from Stephen Smalley.
- Labeled networking peer object class updates.
* refpolicy includes an Exim policy, but did not install it on a fresh
refpolicy installation, because the module package is exim.pp, while
Debian calls its exim package 'exim4'. Thanks to Devin Carraway for
the heavy lifting. Closes: #465208
* Bug fix: "selinux-policy-refpolicy-dev: Installed build.conf specifies
MCS build type", thanks to Devin Carraway. Closes: #465215
* Bug fix: "newer policycoreutils required", thanks to Max Kellermann
Closes: #469123
* The latest set of packages also seem to resolve the consolekit
issues. Bug fix: "consolekit gives error messages when running with SELinux
enabled", thanks to Ritesh Raj Sarraf. Closes: #463995
* Bug fix: "selinux-policy-refpolicy-targeted: descriptions seems to
misplace '.' to split paragraphs (debian/control)", thanks to
Felipe Augusto van de Wiel (faw). Closes: #466638,#466978
refpolicy (0.0.20071214-1) unstable; urgency=low
* New upstream release. This has updated policy for ssh, which
Closes: #433972
* The new policy also permits postfix to read files on anon_inodefs file
systems, which then Closes: #435497
* Allow use of wildcards when trying to map package names to policy
modules. Thanks to Vaclav Ovsik for the heavy lifting. Closes: #427906
* Debian puts hpssd.py in /usr/lib -- not /usr/share. Thanks to Frodo
Looijaard. Closes: #443177
* Alsa needs changes in file context as well. Thanks to Martin Orr
for pointing this out. Closes: #428464
* Allow apache to read munin files. Thanks to Vesa-Pekka Palmu for
pointing this out. Closes: #433886
* Fix targeted policies priority in control file. Thanks to Stas
Myasnikov for pointing this out. Closes: #447253
* Several files in /usr/lib/cups/backend are hard links to files in
/usr/lib/cups/backend-available. In the cups.fc, only the files in
backend are tagged with the cupsd_exec_t, so the files in
backend-available are tagged with lib_t. This results in somewhat
undefined behaviour: depending on the order of directory traversal the
files are tagged with either lib_t or cupsd_exec_t. Thanks to Frodo
Looijaard. Closes: #442898
* selinux-policy-refpolicy-dev now also depends on make and m4, since
those are required to actually build policy. Thanks to Erik
Johansson. Closes: #449203
* Similarly, the source package recommends make and gcc, since those
are needed to build policy. Closes: #436211
* The bug mentioned in 437139 does not exist in the new policy. A
versioned close will allow the bug to remain open for Etch.
Closes: #437139
* The duplicate declaration of system_chkpwd_t does not appear to be in
the sources, based in a find/grep. Closes: #463818
* There was a spurious + sign in policy/modules/kernel/devices.if.
Thanks to Frans Pop for pointing this out. Closes: #438887
-- Scott Kitterman <email address hidden> Tue, 15 Jul 2008 13:30:55 +0100
