1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497
|
libselinux (2.6-3) unstable; urgency=medium
* Team upload.
[ Christian Seiler ]
* Add libselinux1-udeb (depended on by libmount1-udeb) (Closes: #835503)
-- Laurent Bigonville <bigon@debian.org> Sun, 06 Nov 2016 18:22:28 +0100
libselinux (2.6-2) unstable; urgency=medium
* Team upload.
* Fix python binding under python3, some strings were represented as arrays
of bytes instead of python strings
-- Laurent Bigonville <bigon@debian.org> Sun, 06 Nov 2016 13:52:19 +0100
libselinux (2.6-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Bump libsepol1-dev build-dependency to >= 2.6 to match the release
- Make the build reproducible (Closes: #825655)
- Drop 0003-Avoid-mounting-proc-outside-of-selinux_init_load_pol.patch,
merged upstream
- debian/patches/fix-makefile-bugs.patch,
debian/patches/fix-cross-compile.patch: Refreshed
- debian/python.mk: Fix python wrapper build
- debian/libselinux1.symbols: Adjust the .symbols files, myprintf and
obj_class_compat were never part of the public API
* debian/libselinux1.symbols: Add the Build-Depends-Package field
* debian/gbp.conf: Rename git-buildpackage section to buildpackage
-- Laurent Bigonville <bigon@debian.org> Sat, 29 Oct 2016 02:31:28 +0200
libselinux (2.5-3) unstable; urgency=medium
* Team upload.
* Do not try to mount /proc during the libselinux initialization, in some
use cases /proc is not mounted at early boot and mounting/unmounting it
later might cause race conditions. (Closes: #823184)
-- Laurent Bigonville <bigon@debian.org> Tue, 17 May 2016 14:04:22 +0200
libselinux (2.5-2) unstable; urgency=medium
* Team upload.
* d/p/only-mount-procfs-necessary.patch: Only mount /proc if necessary
(Closes: #822679)
-- Laurent Bigonville <bigon@debian.org> Sat, 30 Apr 2016 11:56:40 +0200
libselinux (2.5-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Bump libsepol1-dev build-dependency to >= 2.5 to match the release
- debian/patches/fix-makefile-bugs.patch,
debian/patches/fix-cross-compile.patch: Refreshed
- Mount procfs before checking /proc/filesystems (Closes: #789218)
- debian/libselinux1.symbols: Add new exported symbols
* debian/gbp.conf: Sign tags by default
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/control: Fix Vcs-* URL's to please lintian (again)
* debian/patches/fix-makefile-bugs.patch: Properly cleanup the files in
clean-pywrap target, this way we are sure the python module is built with
the correct version of python.
-- Laurent Bigonville <bigon@debian.org> Mon, 25 Apr 2016 13:18:24 +0200
libselinux (2.4-3) unstable; urgency=medium
* Team upload.
* Upload to unstable
* debian/python.mk: Add $(PYTHON3_VERSIONS) to the PHONY target
-- Laurent Bigonville <bigon@debian.org> Wed, 18 Nov 2015 18:11:37 +0100
libselinux (2.4-2) experimental; urgency=medium
* Team upload.
* debian/control: Also bump the dependency against libsepol1-dev to 2.4
* Start building python 3 packages
-- Laurent Bigonville <bigon@debian.org> Fri, 10 Jul 2015 22:02:08 +0200
libselinux (2.4-1) experimental; urgency=medium
* Team upload.
* New upstream release
- Bump libsepol1-dev build-dependency to >= 2.4 to match the release
- Drop d/p/Add-pcre-version-string.patch,
d/p/Log-an-error-on-unknown-classes.patch and
d/p/libselinux-man-Add-missing-manpage-links-to-security.patch: Applied
upstream.
- debian/patches/fix-makefile-bugs.patch: Refreshed
* debian/watch: Update watch file URL
* debian/control: Bump Standards-Version to 3.9.6 (no further changes)
-- Laurent Bigonville <bigon@debian.org> Wed, 03 Jun 2015 08:18:37 +0200
libselinux (2.3-2) unstable; urgency=medium
* Team upload.
* Add debian/patches/Add-pcre-version-string.patch: Add pcre version string
to the compiled file_contexts format. This is necesarry to detect the
cases where the internal libpcre representation has changed, if it's the
case libselinux will rely on the non-compiled file (Closes: #756826)
* Add debian/patches/Log-an-error-on-unknown-classes.patch: Log an error on
unknown classes and permissions.
* d/p/libselinux-man-Add-missing-manpage-links-to-security.patch: Add the
missing manpage links for selinux_mkload_policy(3) and
selinux_init_load_policy(3) (Closes: #753803)
* Drop debian/libselinux1.postinst: Reloading systemd during an upgrade in
an uncontroled way might endup with unwanted side effects (Closes: #753726)
-- Laurent Bigonville <bigon@debian.org> Sun, 31 Aug 2014 20:57:58 +0200
libselinux (2.3-1) unstable; urgency=medium
* Team upload.
* New upstream release
- debian/control: Bump {build-}dependencies to match new release
- debian/libselinux1.symbols: Add new setexecfilecon() function
* debian/ruby.mk: Rework the makefile, it should handle changes in the
supported ruby versions by binNMU now (Closes: #747683)
* Add Built-Using field for python-selinux as audit2why.so is statically
linking against libsepol
-- Laurent Bigonville <bigon@debian.org> Wed, 14 May 2014 20:13:57 +0200
libselinux (2.2.2-2) unstable; urgency=medium
* Team upload.
[ Laurent Bigonville ]
* debian/rules: Do not require ruby or python dh helpers when bootstrapping
thanks to Daniel Schepler <dschepler@gmail.com> (Closes: #738148)
[ Hideki Yamane ]
* debian/{ruby.mk,ruby-selinux.install}
- drop related to ruby1.9.1 and add ruby2.1.0 instead (Closes: #746024)
-- Laurent Bigonville <bigon@debian.org> Fri, 02 May 2014 01:47:58 +0200
libselinux (2.2.2-1) unstable; urgency=medium
* Team upload.
* New upstream release
* debian/control: Mark -dev package as Multi-arch: same. (Closes: #732098)
* debian/control: Bump Standards-Version to 3.9.5 (no further changes)
* debian/rules: Fix cross build, no need for a different prefix.
-- Laurent Bigonville <bigon@debian.org> Sat, 11 Jan 2014 18:44:53 +0100
libselinux (2.2.1-1) unstable; urgency=low
* Team upload.
* New upstream release
* Drop debian/patches/link_pthread.patch: Upstream disagreed with this
solution, this will unfortunately require to rebuild some of the
rdependencies
-- Laurent Bigonville <bigon@debian.org> Sun, 10 Nov 2013 20:33:34 +0100
libselinux (2.2-2) unstable; urgency=low
* Team upload.
* debian/patches/link_pthread.patch: Explicitly link against -lpthread as
libselinux is using it internally, without this ld.so is asserting in a
weird way for some executables (Closes: #728529)
-- Laurent Bigonville <bigon@debian.org> Sat, 02 Nov 2013 22:42:37 +0100
libselinux (2.2-1) unstable; urgency=low
* Team upload.
* New upstream release
- Fix avc_has_perm() returns -1 even when SELinux is permissive.
(Closes: #727766)
- debian/control: Bump {build-}dependencies to match new release
- debian/patches/fix-makefile-bugs.patch: Refreshed
- Drop debian/patches/fix-manpages.patch: Not needed anymore
- debian/patches/fix-cross-compile.patch: Refreshed
- Drop debian/patches/allow-libbase-override.patch: Merged upstream
- Drop debian/patches/fix_pcre_link.patch: Fixed upstream
- Drop debian/patches/add_missing_private_pc.patch: Fixed upstream
- Adjust debian/libselinux1.symbols: Add new symbols
* debian/rules: getenforce and selinuxenabled executable are installed in
/usr/sbin, keep their manpages in section 8
-- Laurent Bigonville <bigon@debian.org> Fri, 01 Nov 2013 17:02:00 +0100
libselinux (2.1.13-3) unstable; urgency=low
* Team upload.
* debian/ruby.mk: Stop building binding for ruby 1.8 and start building it
for ruby 2.0 (Closes: #720247)
* debian/control: Bump Standards-Version to 3.9.4 (no further changes)
* debian/control: Use canonical URL for VCS-Git field
* debian/control, debian/rules: Drop libselinux-ruby1.8 transitional package
-- Laurent Bigonville <bigon@debian.org> Wed, 02 Oct 2013 18:32:57 +0200
libselinux (2.1.13-2) unstable; urgency=low
* Team upload.
* debian/patches/add_missing_private_pc.patch: Add missing dependencies to
the .pc file. This fix FTBFS of pkg that link statically against us
(Closes: #708435)
* debian/control: Add Dependency against libpcre3-dev on libselinux1-dev
package
-- Laurent Bigonville <bigon@debian.org> Mon, 20 May 2013 17:36:35 +0200
libselinux (2.1.13-1) unstable; urgency=low
* Team upload.
* New upstream release
- debian/control: Bump libsepol1-dev (build-)dependency to match the release
- Refresh the patches
- debian/libselinux1.symbols: Add new symbol
* debian/control: Add Homepage field
-- Laurent Bigonville <bigon@debian.org> Thu, 09 May 2013 18:55:50 +0200
libselinux (2.1.12-1) experimental; urgency=low
* Team upload.
* New upstream release
- Drop debian/patches/python-include and fix debian/python.mk instead
- Drop debian/patches/python-link, applied upstream
- Drop debian/patches/hide-library-destructors.patch, applied upstream
- Refresh debian/patches/allow-libbase-override.patch
- Drop debian/patches/add-includededir this patch was actually reverting
debian/patches/fix-cross-compile.patch
- Refresh debian/patches/fix-cross-compile.patch
- Bump libsepol1 {build-}dependency to match the new released version
- Add libpcre3-dev build-dependency
- Add debian/patches/fix_pcre_link.patch: Fix LDFLAGS and libpcre linking
- Refresh debian/patches/fix-makefile-bugs.patch
- Fix debian/ruby.mk: Add missing -I to RUBYINC variabale
- Adjust debian/libselinux1.symbols symbols file, dropped unused symbol:
flush_class_cache
- debian/selinux-utils.install: matchpathcon exec has moved to /usr/sbin
* Update debian/watch file
* debian/gbp.conf: change the debian-branch to "debian" instead of "upstream"
* Drop /selinux directory, selinuxfs should now be mounted in
/sys/fs/selinux (Closes: #658070)
-- Laurent Bigonville <bigon@debian.org> Tue, 25 Sep 2012 23:32:29 +0200
libselinux (2.1.9-5) unstable; urgency=low
* Team upload.
* Do not Conflicts with ruby transitional package, use versionized Breaks
instead (Closes: #670058)
* debian/ruby.mk: Also build for ruby1.9.1 now that's the default version
* debian/gbp.conf: Change default git-buildpackage build-directory
-- Laurent Bigonville <bigon@debian.org> Sun, 10 Jun 2012 08:33:05 +0200
libselinux (2.1.9-4) unstable; urgency=low
* Team upload.
* debian/control: Re-add Conflicts/Provides for libselinux1-dev, the Provides
is still used.
-- Laurent Bigonville <bigon@debian.org> Wed, 28 Mar 2012 14:03:32 +0200
libselinux (2.1.9-3) unstable; urgency=low
* Team upload.
* debian/control:
- Bump debhelper build-dependency to 9
- Move libselinux-ruby1.8 to Priority extra as it's a transitional package
- Bump Standards-Version to 3.9.3 (no further changes)
- Drop really old Conflicts/Replaces
- Bump libselinux1-dev dependency on libsepol1-dev
- Update Vcs-* fields
- Bump libsepol1-dev build-dependency so we are sure libdir path is
correct
- Put under the Debian SELinux team maintenance
* debian/libselinux1.lintian-overrides: Drop unused override
* debian/patches/fix-manpages.patch: Fix section of selinuxexeccon.8
* debian/patches/allow-libbase-override.patch: Fix .pc file to use multiarch
path
* debian/patches/python-link: Do not link against python library
(Closes: #664291)
* Add debian/gbp.conf file
* Drop debian/patches/fix_FTBFS.patch: libsepol.pc is now giving libdir path
* debian/rules: Append CPPFLAGS hardening flags to CFLAGS
-- Laurent Bigonville <bigon@debian.org> Tue, 27 Mar 2012 21:47:29 +0200
libselinux (2.1.9-2) unstable; urgency=low
* Moved the python libraries out of the multiarch directory because
multiarch doesn't seem to work with python.
-- Russell Coker <russell@coker.com.au> Tue, 28 Feb 2012 14:19:24 +1100
libselinux (2.1.9-1) unstable; urgency=low
* New upstream version, lots of man page changes, python related changes,
and lots of bug fixes.
* Hacked the build to support multiarch, not sure if it does everything
that is desired but at least it builds.
* Added new libselinux1 symbols realpath_not_final, selabel_subs_init,
selinux_check_access, and selinuxfs_exists.
-- Russell Coker <russell@coker.com.au> Mon, 20 Feb 2012 17:31:08 +1100
libselinux (2.1.0-4.1) unstable; urgency=low
* Non-maintainer upload.
* debian/control
- remove comment line since it prevents dch execution
* debian/patches
- add fix_FTBFS.patch to adjust path (Closes: #653680)
-- Hideki Yamane <henrich@debian.org> Mon, 02 Jan 2012 18:34:40 +0900
libselinux (2.1.0-4) unstable; urgency=low
* Put /selinux back in libselinux1
Closes: #647035
-- Russell Coker <russell@coker.com.au> Mon, 31 Oct 2011 13:50:56 +1100
libselinux (2.1.0-3) unstable; urgency=low
* Accept Kyle's changes.
Closes: #645121
* Merge Steve McIntyre's patch for cross compilation.
Closes: #630626
* Use two paragraphs for long description.
Closes: #637369
-- Russell Coker <russell@coker.com.au> Fri, 28 Oct 2011 23:17:30 +1100
libselinux (2.1.0-2) UNRELEASED; urgency=low
* Move manpages for privileged commands "setenforce" and "togglesebool" to
section 8 where they belong.
* Fix other manpages which refer to "selinuxenabled" and "getenforce" to
find them in section 1.
* Convert to Debian source format "3.0 (quilt)". This allows us to break
apart the changes-to-upstream into multiple patches with descriptions.
- fix-makefile-bugs.patch
- fix-manpages.patch
- hide-library-destructors.patch
* Change "Architecture" to "linux-any" to reflect build requirements.
* Completely rewrite Debian packaging to use debhelper. This has a very
positive effect on the build time (97 sec => 64 sec) and dramatically
reduces the size of the packaging metadata:
46 files changed, 441 insertions(+), 2833 deletions(-)
Note that half of the inserted lines are the new broken-out patches.
* Comply with new Ruby packaging conventions (using gem2deb/dh_ruby)
- Rename ruby package to "ruby-selinux"
- Add support for ruby1.9.1
* Comply with new Python packaging conventions (use dh_python2)
-- Kyle Moffett <Kyle.D.Moffett@boeing.com> Thu, 13 Oct 2011 13:25:54 -0400
libselinux (2.1.0-1) unstable; urgency=low
* New upstream release
* Add symbols fini_selinuxmnt selinux_file_context_subs_dist_path
selinux_status_close selinux_status_deny_unknown selinux_status_getenforce
selinux_status_open selinux_status_policyload selinux_status_updated
* Remove symbol selabelsublist which should never have been exported (it
couldn't be used by outside code).
* Made myself the maintainer as Manoj has been busy with paid work.
* Made it build-depend on the latest libsepol1-dev.
-- Russell Coker <russell@coker.com.au> Tue, 30 Aug 2011 14:33:45 +1000
libselinux (2.0.98-1.1) unstable; urgency=low
* Non-maintainer upload with permission of the maintainer.
* Build for multiarch, setting Pre-Depends multiarch-support in our shared
lib package.
* Always use -n with gzip, to avoid encoding timestamps in the gzip file;
this ensures compressed docs and other files are identical across
multiple builds, required for multiarch.
-- Steve Langasek <vorlon@debian.org> Tue, 21 Jun 2011 07:24:02 +0000
libselinux (2.0.98-1) unstable; urgency=low
* New upstream release
+ Turn off default user handling when computing user contexts by Dan Walsh
+ Thread local storage fixes from Eamon Walsh.
* Added myself to the uploaders and changed the source URL.
* Made selabelsublist optional in the libselinux1.symbols file, it was
supposed to be private and there seems no possibility that anyone could
have used it without causing a crash so there seems no harm in removing it.
-- Russell Coker <russell@coker.com.au> Thu, 31 Mar 2011 23:14:03 +1100
libselinux (2.0.96-1) unstable; urgency=low
* New upstream release
+ Add const qualifiers to public API where appropriate by KaiGai
Kohei.
+ Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
+ Adds a chcon method to the libselinux python bindings from Steve Lawrence
-- Manoj Srivastava <srivasta@debian.org> Tue, 20 Jul 2010 23:27:20 -0700
libselinux (2.0.94-1) unstable; urgency=low
* New upstream release
* Set errno=EINVAL for invalid contexts from Dan Walsh.
* Show strerror for security_getenforce() by Colin Walters.
* Merged selabel database support by KaiGai Kohei.
* Modify netlink socket blocking code by KaiGai Kohei.
* Fix from Eric Paris to fix leak on non-selinux systems.
* regenerate swig wrappers
* pkgconfig fix to respect LIBDIR from Dan Walsh.
* Change the AVC to only audit the permissions specified by the
policy, excluding any permissions specified via dontaudit or not
specified via auditallow.
* Fix compilation of label_file.c with latest glibc headers.
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
* Change exception.sh to be called with bash by Manoj Srivastava
<srivasta@debian.org>
* Bug fix: "memory leak", thanks to Sam Hocevar. Upstream fixed bug
a wee bit differently. (Closes: #570639).
-- Manoj Srivastava <srivasta@debian.org> Sun, 28 Mar 2010 08:40:37 -0700
libselinux (2.0.89-4) unstable; urgency=low
* Revert decision not to ship /selinux; instead, ask policy folks to add
an exception. Closes: #496752
-- Manoj Srivastava <srivasta@debian.org> Fri, 20 Nov 2009 13:00:47 -0600
libselinux (2.0.89-3) unstable; urgency=low
* Fix breakage in python-selinux.
-- Manoj Srivastava <srivasta@debian.org> Thu, 19 Nov 2009 23:58:10 -0600
libselinux (2.0.89-2) unstable; urgency=low
* [libselinux 16a76cd]: Do not ship /selinux
Shipping /selinux is a violation of the FHS, and is proscribed by
Debian policy. There is nothing that actually depends on /selinux
being present, possibly apart from user scripts. From this point on,
the machine operator will have to decide where to locate the mount
point for selinuxfs, and modify /etc/fstab accordingly. SELinux
modules scan for selinuxfs in /proc/mounts, so everything should
adjust to the location of the selinuxfs mount automatically.
Bug fix: "/selinux not in FHS", thanks to Kees Cook (Closes: #556972).
-- Manoj Srivastava <srivasta@debian.org> Thu, 19 Nov 2009 01:16:30 -0600
libselinux (2.0.89-1) unstable; urgency=low
* New upstream point release
+ Add pkgconfig file. This eliminates a patch we have been carrying fr
a while.
* Update build dependency on libsepol so we pick up the typo fix in
libsepol.
-- Manoj Srivastava <srivasta@debian.org> Tue, 17 Nov 2009 13:31:24 -0600
libselinux (2.0.88-1) unstable; urgency=low
* New upstream point release
+ Rename and export selinux_reset_config()
-- Manoj Srivastava <srivasta@debian.org> Sun, 25 Oct 2009 12:13:46 -0500
libselinux (2.0.87-3) unstable; urgency=low
* [8dc8610]: [topic--exception-fix] exception.sh contains bashisms Use
bash to run exception.sh (fails with non bash /bin/sh. Also, one now
has to make swigify before building in ./src; this is the poximate
cause of the bug.
Bug fix: "python-selinux python modules are missing", thanks to Kees
Cook (Closes: #551664).
-- Manoj Srivastava <srivasta@debian.org> Mon, 19 Oct 2009 19:05:26 -0500
libselinux (2.0.87-2) unstable; urgency=high
* [937ad58]: [libselinux] Add pkg-config as a build dependency
* Bug fix: "python-selinux python modules are missing", thanks to Kees
Cook (Closes: #551664).
-- Manoj Srivastava <srivasta@debian.org> Mon, 19 Oct 2009 17:45:51 -0500
libselinux (2.0.87-1) unstable; urgency=low
* New upstream point release
+ Add exception handling in libselinux from Dan Walsh. This uses a
shell script called exception.sh to generate a swig interface file.
+ Make matchpathcon print <<none>> if path not found in fcontext file.
+ Removal of reference counting on userspace AVC SID's.
* Bug fix: "cross-build fixes", thanks to Colin Watson (Closes: #550731).
-- Manoj Srivastava <srivasta@debian.org> Tue, 13 Oct 2009 23:53:30 -0500
libselinux (2.0.85-4) unstable; urgency=high
* Handle the ase of init=/bin/sh in postinst. We now make sure that
/proc/init/exe is actually /sbin/init, and that we have /dev/initctl,
before calling tellinit.
Bug fix: "postinst script fails if there is no /dev/initctl", thanks
to Johannes Schauer (Closes: #545647).
Bug fix: "postinst script fails if there is no /dev/initctl", thanks
to Johannes Schauer (Closes: #545673).
-- Manoj Srivastava <srivasta@debian.org> Tue, 08 Sep 2009 12:40:15 -0500
libselinux (2.0.85-3) unstable; urgency=low
* First cut at providing symbols files.
Bug fix: "please distribute a .symbols file", thanks to Marco
d'Itri (Closes: #544364).
* Check for extra libraries and shlib version numbers. Unless there is
a nocheck option in the deb build options variable, now we look to see
if there are extra libraries we have linked to. Might need to back
this out later, if this causes problems on the buildds.
-- Manoj Srivastava <srivasta@debian.org> Tue, 01 Sep 2009 23:04:59 -0500
libselinux (2.0.85-2) unstable; urgency=low
* Re-nenable building in parallel, which was disabled in the last
upload.
-- Manoj Srivastava <srivasta@debian.org> Sat, 22 Aug 2009 18:42:50 -0500
libselinux (2.0.85-1) unstable; urgency=low
* New upstream release
+ Reverted Tomas Mraz's fix for freeing thread local storage to avoid
pthread dependency.
+ Removed fini_context_translations() altogether.
+ Merged lazy init patch from Stephen Smalley based on original patch
by Steve Grubb.
+ Add per-service seuser support from Dan Walsh.
+ Let load_policy gracefully handle selinuxfs being mounted from
Stephen Smalley.
+ Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
Paris.
* Bug fix: "parallel building fails sometimes", thanks to Kees Cook
Disabled for now. (Closes: #536840).
* Bug fix: "It fails to install into an (experimental) chroot", thanks
to Francesco Paolo Lovergine. Stole chroot detection code from udev's
postinst. In effect, we stat / and ensure that is the same as
/proc/1/root's lstat value. (Closes: #537888).
-- Manoj Srivastava <srivasta@debian.org> Fri, 14 Aug 2009 00:57:32 -0500
libselinux (2.0.82-1) unstable; urgency=low
* New upstream release
+ Fix improper use of thread local storage from Tomas Mraz
<tmraz@redhat.com>.
Bug fix: "ends with Segmentation fault", thanks to Greg Auger
(Closes: #505920).
+ Label substitution support from Dan Walsh.
+ Support for labeling virtual machine images from Dan Walsh.
-- Manoj Srivastava <srivasta@debian.org> Wed, 24 Jun 2009 14:06:41 -0500
libselinux (2.0.81-1) unstable; urgency=low
* New upstream release
+ Trim / from the end of input paths to matchpathcon from Dan Walsh.
+ Fix leak in process_line in label_file.c from Hiroshi Shinji.
+ Move matchpathcon to /sbin, add matchpathcon to clean target from
Dan Walsh.
+ getdefaultcon to print just the correct match and add verbose option
from Dan Walsh.
* [9d523e1]: [topic--debian]: The matchpathcon symbolic link should be
absolute As per Debian policy.
-- Manoj Srivastava <srivasta@debian.org> Sat, 20 Jun 2009 22:50:21 -0500
libselinux (2.0.80-1) unstable; urgency=low
* New upstream release
+ deny_unknown wrapper function from KaiGai Kohei.
+ security_compute_av_flags API from KaiGai Kohei.
+ Netlink socket management and callbacks from KaiGai Kohei.
+ Netlink socket handoff patch from Adam Jackson.
+ AVC caching of compute_create results by Eric Paris.
+ Fix incorrect conversion in discover_class code.
+ add restorecon to python bindings from Dan Walsh.
+ Client support for translating raw contexts to colors via setrans.
+ Allow shell-style wildcards in x_contexts file.
+ Correct message types in AVC log messages.
+ Make matchpathcon -V pass mode from Dan Walsh.
+ Add man page for selinux_file_context_cmp from Dan Walsh.
+ New man pages from Dan Walsh.
+ Update flask headers from refpolicy trunk from Dan Walsh.
-- Manoj Srivastava <srivasta@debian.org> Thu, 30 Apr 2009 00:39:00 -0500
libselinux (2.0.71-1) unstable; urgency=low
* New upstream release
+ Add group support to seusers using %groupname syntax from Dan Walsh.
+ Mark setrans socket close-on-exec from Stephen Smalley.
+ Only apply nodups checking to base file contexts from Stephen
Smalley.
+ Merge ruby bindings from Dan Walsh.
+ Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
+ Fix audit2why shadowed variables from Stephen Smalley.
+ Note that freecon NULL is legal in man page from Karel Zak.
+ New and revised AVC, label, and mapping man pages from Eamon
Walsh.
+ Add swig python bindings for avc interfaces from Dan Walsh.
* Added ruby bindings package
* Updated the watch file
* Updated the build system to the make -j friendly, non-double-colon
taget based system. This should make building the package more
robust.
-- Manoj Srivastava <srivasta@debian.org> Tue, 10 Feb 2009 11:48:35 -0600
libselinux (2.0.65-5) unstable; urgency=high
* Bug fix: "Python errors during upgrade", thanks to Frans Pop
This is a serious bug. (Closes: #499086).
* mount point /selinux does not exist. Fixed, though I believe it should
go into base-files. But we need the fix for lenny, and I am not
interested in bug-pong. (Closes: #498010)
* Updated Standards-Version: No changes required.
-- Manoj Srivastava <srivasta@debian.org> Tue, 16 Sep 2008 00:51:17 -0500
libselinux (2.0.65-4) unstable; urgency=high
* Set urgency=high for Lenny
-- Russell Coker <russell@coker.com.au> Sat, 02 Aug 2008 15:52:31 +1000
libselinux (2.0.65-3) unstable; urgency=low
* Added patch from Josselin Mouette to fix build problem.
Closes: #493316
-- Russell Coker <russell@coker.com.au> Sat, 02 Aug 2008 15:46:31 +1000
libselinux (2.0.65-2) unstable; urgency=low
* Added exec_prefix to libselinux.pc.
Closes: #489724
-- Russell Coker <russell@coker.com.au> Sat, 12 Jul 2008 10:24:02 +1000
libselinux (2.0.65-1) unstable; urgency=low
* Non-maintainer upload.
* New release needed for the latest policy.
-- Russell Coker <russell@coker.com.au> Sat, 12 Jul 2008 00:02:04 +1000
libselinux (2.0.59-1) unstable; urgency=high
* New upstream release
* Merged new X label "poly_selection" namespace from Eamon Walsh.
* Merged reset_selinux_config() for load policy from Dan Walsh.
* Merged avc_has_perm() errno fix from Eamon Walsh.
* Regenerated Flask headers from refpolicy flask definitions.
* Merged compute_member AVC function and manpages from Eamon Walsh.
* Provide more error reporting on load policy failures from Stephen Smalley.
* Merged new X label "poly_prop" namespace from Eamon Walsh.
* Disable setlocaldefs if no local boolean or users files are present
from Stephen Smalley.
* Skip userspace preservebools processing for Linux >= 2.6.22 from
Stephen Smalley.
* Merged fix for audit2why from Dan Walsh.
* Merged audit2why python binding from Dan Walsh.
* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
* Fix for the avc: granted null message bug from Stephen Smalley.
* matchpathcon(8) man page update from Dan Walsh.
* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
* Based on a suggestion from Ulrich Drepper, defer regex compilation
until we have a stem match, by Stephen Smalley.
A further optimization would be to defer regex compilation until we
have a complete match of the constant prefix of the regex - TBD.
* Regenerated Flask headers from policy.
* AVC enforcing mode override patch from Eamon Walsh.
* Aligned attributes in AVC netlink code from Eamon Walsh.
* Merged refactored AVC netlink code from Eamon Walsh.
* Merged new X label namespaces from Eamon Walsh.
* Bux fix and minor refactoring in string representation code.
* Merged selinux_get_callback, avc_open, empty string mapping from
Eamon Walsh.
* Fix segfault resulting from missing file_contexts file.
* Bug fix: "libselinux: selinux_default_type_path implicitly converted
to pointer", thanks to dann frazier . Closed by the new upstream
release. (Closes: #465287).
-- Manoj Srivastava <srivasta@debian.org> Mon, 17 Mar 2008 16:30:52 -0500
libselinux (2.0.35-1) unstable; urgency=low
* New upstream release
* Make netlink socket close-on-exec to avoid descriptor leakage from
Dan Walsh.
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
* Fix selabel option flag setting for 64-bit from Stephen Smalley.
* Re-map a getxattr return value of 0 to a getfilecon return value of
-1 with errno EOPNOTSUPP from Stephen Smalley.
* Fall back to the compat code for security_class_to_string and
security_av_perm_to_string from Stephen Smalley.
* Fix swig binding for rpm_execcon from James Athey.
* Fix file_contexts.homedirs path from Todd Miller.
* Fix segfault resulting from uninitialized print-callback pointer.
* Added x_contexts path function patch from Eamon Walsh.
* Fix build for EMBEDDED=y from Yuichi Nakamura.
* Fix markup problems in selinux man pages from Dan Walsh.
* Updated av_permissions.h and flask.h to include new nscd permissions
from Dan Walsh.
* Added swigify to top-level Makefile from Dan Walsh.
* Fix for string_to_security_class segfault on x86_64 from Stephen
Smalley.
* Fix for getfilecon() for zero-length contexts from Stephen Smalley.
* Refactored SWIG bindings from James Athey.
* Labeling and callback interface patches from Eamon Walsh.
* Class and permission mapping support patches from Eamon Walsh.
* Object class discovery support patches from Chris PeBenito.
* Refactoring and errno support in string representation code.
* Merged patch to reduce size of libselinux and remove need for
libsepol for embedded systems from Yuichi Nakamura.
This patch also turns the link-time dependency on libsepol into a
runtime (dlopen) dependency even in the non-embedded case.
* Updated Lindent script and reindented two header files.
* Merged additional swig python bindings from Dan Walsh.
* When selinux_init_load_policy calls mount() it "knows" when selinux is
not wanted due to being disabled or having no kernel device handle and
sets *enforce to 0, but still allows the following fprintf to display
a rather misleading error message. The solution was provided by Kel
Modderman, but has been refactored slightly.
Closes: Bug#424011, Bug#447762
* Reverted the fix for bug#448008 fixed in an NMU, and applied a
different fix for the issue. Thanks for the NMU, Clint Adams.
-- Manoj Srivastava <srivasta@debian.org> Wed, 06 Feb 2008 12:55:41 -0600
libselinux (2.0.15-2) unstable; urgency=low
* Fix accidental deletion of selinux.py while building.
* Bump the version of python supported, since we no longer build for
python 2.3
-- Manoj Srivastava <srivasta@debian.org> Mon, 7 May 2007 14:32:39 -0500
libselinux (2.0.15-1) unstable; urgency=low
* New upstream SVN HEAD.
+ Merged class/av string conversion and avc_compute_create patch from
Eamon Walsh.
+ Merged sidput(NULL) patch from Eamon Walsh.
+ Merged userspace AVC patch to follow kernel's behavior for permissive
mode in caching previous denials from Eamon Walsh.
+ Merged support for getting initial contexts from James Carter.
+ Merged rpm_execcon python binding fix, matchpathcon man page fix, and
getsebool -a handling for EACCES from Dan Walsh.
+ Merged build fix for avc_internal.c from Joshua Brindle.
+ Merged helpful message when selinuxfs mount fails patch from Dax
Kelson.
-- Manoj Srivastava <srivasta@debian.org> Sun, 6 May 2007 17:35:24 -0500
libselinux (2.0.8-1) unstable; urgency=low
* New upstream trunk release. Bumped shlibs.
* Merged patch to drop support for CACHETRANS=0 config option from
Steve Grubb.
* Merged patch to drop support for old /etc/sysconfig/selinux and
/etc/security policy file layout from Steve Grubb.
* Merged init_selinuxmnt() and is_selinux_enabled() improvements from
Steve Grubb.
-- Manoj Srivastava <srivasta@debian.org> Thu, 19 Apr 2007 17:48:44 -0500
libselinux (1.34.7-1) unstable; urgency=low
* New upstream release
* Merged fix for avc.h #include's from Eamon Walsh.
* Removed sending of setrans init message.
* Merged matchpathcon memory leak fix from Steve Grubb.
* Merged more swig initializers from Dan Walsh.
* Merged patch from Todd Miller to convert int types over to C99 style.
* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
of the use of the non-standard format %as. (original patch changed
for style).
* Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
* Merged python binding fixes from Dan Walsh.
* Updated version for stable branch.
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
* Merged getdefaultcon utility from Dan Walsh.
* Merged selinux_check_securetty_context() and support from Dan Walsh.
* Merged patch for matchpathcon utility to use file mode information
when available from Dan Walsh.
* Merged patch to compile with -fPIC instead of -fpic from
Manoj Srivastava to prevent hitting the global offset table
limit. Patch changed to include libsepol and libsemanage in
addition to libselinux.
* Merged updated flask definitions from Darrel Goeddel.
This adds the context security class, and also adds
the string definitions for setsockcreate and polmatch.
* Added XS-VCS-Arch and XS-VCS-Browse to debian/control
-- Manoj Srivastava <srivasta@debian.org> Wed, 18 Apr 2007 23:43:43 -0500
libselinux (1.32-3) unstable; urgency=high
* Bug fix: "python-selinux: package almost empty (except on i386)",
thanks to Martin Dickopp. Actually, any time the sources are built
straight from the .dsc, there exists a possibility that that the swig
output .x file could be older than the source; and while it is
feasible to use "touch" and md5sums of source files to fix this, it is
far less kludgy to just build depend on swig. No other changes are
made, and the swig output is only used by the python-selinux package.
This fixes a grave bug on python-selinux (Closes: #395915).
-- Manoj Srivastava <srivasta@debian.org> Sun, 5 Nov 2006 13:19:27 -0600
libselinux (1.32-2) unstable; urgency=medium
* Fix an instance of dpkg-shlibs being called with no arguments on some
arches (I am not sure why it works for me on i386 UML's, but not on
the buildd's, but the current version fixes the obvious bug).
-- Manoj Srivastava <srivasta@debian.org> Fri, 20 Oct 2006 14:40:36 -0500
libselinux (1.32-1) unstable; urgency=low
* New upstream release
* Merged av_permissions.h update from Steve Grubb, adding
setsockcreate and polmatch definitions.
* Merged patch from Darrel Goeddel to always use untranslated contexts
in the userspace AVC.
* Updated version for release.
-- Manoj Srivastava <srivasta@debian.org> Fri, 20 Oct 2006 12:43:14 -0500
libselinux (1.30.28-2) unstable; urgency=high
* Bug fix: "dpkg FTBFS", thanks to Nicolas François. Urgency high, since
it makes an unrelated essential package FTBS, (Closes: #389291).
-- Manoj Srivastava <srivasta@debian.org> Tue, 26 Sep 2006 01:11:35 -0500
libselinux (1.30.28-1) unstable; urgency=high
* New upstream point release
* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
* Merged c++ class identifier fix from Joe Nall.
* Bug fix: "libselinux1-dev: pkgconfig file needs Libs.private:
-lpthread", thanks to Daniel Schepler . Since this is a serious bug,
and makes important libraries FTBS, I am making the urgency high.
(Closes: #388375).
-- Manoj Srivastava <srivasta@debian.org> Wed, 20 Sep 2006 13:20:24 -0500
libselinux (1.30.27-3) unstable; urgency=low
* Recompile with new libsepol1 version, to fix dependencies.
-- Manoj Srivastava <srivasta@debian.org> Mon, 11 Sep 2006 15:37:51 -0500
libselinux (1.30.27-2) unstable; urgency=low
* The strategy of not building setrans_client on machines that lack
tls support fell flat on its face, so switch to using posix thread
mutexes instead.
-- Manoj Srivastava <srivasta@debian.org> Thu, 7 Sep 2006 02:12:49 -0500
libselinux (1.30.27-1) unstable; urgency=low
* New upstream point release
* Merged patch to not log avc stats upon a reset from Steve Grubb.
* Applied patch to revert compat_net setting upon policy load.
* Provide md5sums
* Bug fix: "FTBFS on architectures lacking TLS support", thanks to Marco
d'Itri. We don't build setrans_client on machines that lack tls
support, and matchpathcon has been fixed to not require thread local
storage. (Closes: #384667).
* Bug fix: "libselinux: .version file for python package
(python-selinux) contains spaces", thanks to Rudolph Pereira
(Closes: #385099).
-- Manoj Srivastava <srivasta@debian.org> Wed, 6 Sep 2006 23:55:37 -0500
libselinux (1.30.26-2) unstable; urgency=low
* Fix wrong directory the extensions were installed in.
-- Manoj Srivastava <srivasta@debian.org> Tue, 15 Aug 2006 00:04:39 -0500
libselinux (1.30.26-1) unstable; urgency=low
* New upstream point release
* Merged file context homedir and local path functions from Chris
PeBenito.
* Rework functions that access /proc/pid/attr to access the per-thread
nodes, and unify the code to simplify maintenance.
* Merged return value fix for *getfilecon() from Dan Walsh.
* Merged sockcreate interfaces from Eric Paris.
-- Manoj Srivastava <srivasta@debian.org> Sun, 13 Aug 2006 00:24:19 -0500
libselinux (1.30.22-2) unstable; urgency=low
* Fix a thinko in the python dependency generation code.
-- Manoj Srivastava <srivasta@debian.org> Fri, 11 Aug 2006 09:35:56 -0500
libselinux (1.30.22-1) unstable; urgency=low
* New upstream point release
* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
* Merged netfilter_contexts support patch from Chris PeBenito.
* Merged context_*_set errno patch from Jim Meyering.
* Bug fix: "libselinux: FTBFS on powerpc (refers to PAGE_SIZE not
supplied by ppc kernel-headers)", thanks to Devin Carraway. This was
fixed in the point release. (Closes: #381666).
* Bug fix: "libselinux1: Should run "telinit u" in postinst script",
thanks to Piotr Kaczuba (Closes: #382021).
* Moved the package to the new Python policy. This means that the old
python2.4-selinux package is now a virtual package, and now we provide
python packages for all supported versions of python, determining the
depends and the provides relationships of the python package
dynamically. The build depends has been changed to acoomodate it. The
package uses the python-support utility to help with byte compilation
and other modules handling.
-- Manoj Srivastava <srivasta@debian.org> Wed, 9 Aug 2006 21:22:21 -0500
libselinux (1.30.19-1) unstable; urgency=low
* New upstream point release.
* Lindent.
* Merged {get,set}procattrcon patch set from Eric Paris.
* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
* Regenerated Flask headers from refpolicy.
* Merged patch from Dan Walsh with:
- Added selinux_file_context_{cmp,verify}.
- Added selinux_lsetfilecon_default.
- Delay translation of contexts in matchpathcon.
* Merged patch from Dan Walsh with:
* Added selinux_getpolicytype() function.
* Modified setrans code to skip processing if !mls_enabled.
* Set errno in the !selinux_mnt case.
* Allocate large buffers from the heap, not on stack.
Affects is_context_customizable, selinux_init_load_policy,
and selinux_getenforcemode.
* Merged !selinux_mnt checks from Ian Kent.
* Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn.
* Merged simple setrans client cache from Dan Walsh.
Merged avcstat patch from Russell Coker.
* Modified selinux_mkload_policy() to also set /selinux/compat_net
appropriately for the loaded policy.
* Added matchpathcon_fini() function to free memory allocated by
matchpathcon_init().
* Merged setrans client cleanup patch from Steve Grubb.
* Merged getfscreatecon man page fix from Dan Walsh.
* Updated booleans(8) man page to drop references to the old
booleans file and to note that setsebool can be used to set
the boot-time defaults via -P.
* Merged fix warnings patch from Karl MacMillan.
* Merged setrans client support from Dan Walsh.
This removes use of libsetrans.
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
* Merged swig typemap fixes from Glauber de Oliveira Costa.
* Added distclean target to Makefile.
* Regenerated swig files.
* Changed matchpathcon_init to verify that the spec file is
a regular file.
* Merged python binding t_output_helper removal patch from Dan Walsh.
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
-- Manoj Srivastava <srivasta@debian.org> Wed, 19 Jul 2006 16:19:43 -0500
libselinux (1.30-1) unstable; urgency=low
* New upstream release
* Updated version for release.
* Altered rpm_execcon fallback logic for permissive mode to also
handle case where /selinux/enforce is not available.
* Merged install-pywrap Makefile patch from Joshua Brindle.
* Merged pywrap Makefile patch from Dan Walsh.
* Added getseuser test program.
* Added format attribute to myprintf in matchpathcon.c and
removed obsoleted rootlen variable in init_selinux_config().
* Merged several fixes and improvements from Ulrich Drepper
(Red Hat), including:
- corrected use of getline
- further calls to __fsetlocking for local files
- use of strdupa and asprintf
- proper handling of dirent in booleans code
- use of -z relro
- several other optimizations
* Merged getpidcon python wrapper from Dan Walsh (Red Hat).
* Merged call to finish_context_translations from Dan Walsh.
This eliminates a memory leak from failing to release memory
allocated by libsetrans.
* Merged patch for swig interfaces from Dan Walsh.
-- Manoj Srivastava <srivasta@debian.org> Wed, 22 Mar 2006 17:25:54 -0600
libselinux (1.28-4) unstable; urgency=low
* Bug fix: "libselinux: please include a pkg-config file", thanks to
Guillem Jover. Really include it this time. (Closes: #348961).
-- Manoj Srivastava <srivasta@debian.org> Tue, 7 Feb 2006 11:32:21 -0600
libselinux (1.28-3) unstable; urgency=low
* Bug fix: "libselinux: please include a pkg-config file", thanks to
Guillem Jover In Debian, dpkg compiles in libselinux statically -- in
order to prevent dependency loops. Now, as libselinux acquired a build
time dependency on libsepol, automated dpkg builds failed -- since
there was no way for packages to detect the transitive dependencies
when linking statically. This patch fixes that issue -- by generating
a .pc file to be used with pkg-config.
pkg-config --static --libs libselinux
libsepol has also been modified to provide a .pc file (Closes: #348961).
-- Manoj Srivastava <srivasta@debian.org> Sat, 28 Jan 2006 21:44:44 -0600
libselinux (1.28-2) unstable; urgency=low
* Create a new python2.4-selinux package to hold the python bindings
-- Manoj Srivastava <srivasta@debian.org> Sun, 1 Jan 2006 00:33:50 -0600
libselinux (1.28-1) unstable; urgency=low
* New upstream release
* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
modified matchpathcon implementation to make context validation/
canonicalization optional at matchpathcon_init time, deferring it
to a successful matchpathcon by default unless the new flag is set
by the caller.
* Added matchpathcon_init_prefix() interface, and
reworked matchpathcon implementation to support selective
loading of file contexts entries based on prefix matching
between the pathname regex stems and the specified path
prefix (stem must be a prefix of the specified path prefix).
* Merged getsebool patch from Dan Walsh.
* Added -f file_contexts option to matchpathcon util.
Fixed warning message in matchpathcon_init().
* Merged Makefile python definitions patch from Dan Walsh.
* Merged swigify patch from Dan Walsh.
* Merged make failure in rpm_execcon non-fatal in permissive mode
patch from Ivan Gyurdiev.
* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
and modified matchpathcon_init() to skip context translation
if it is set by the caller.
* Added security_canonicalize_context() interface and
set_matchpathcon_canoncon() interface for obtaining
canonical contexts. Changed matchpathcon internals
to obtain canonical contexts by default. Provided
fallback for kernels that lack extended selinuxfs context
interface.
* Merged seusers parser changes from Ivan Gyurdiev.
* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
* Changed seusers parser to reject empty fields.
* Merged seusers empty level handling patch from Jonathan Kim (TCS).
* Changed default entry for seusers to use __default__ to avoid
ambiguity with users named "default".
* Fixed init_selinux_config() handling of missing /etc/selinux/config
or missing SELINUXTYPE= definition.
* Merged selinux_translations_path() patch from Dan Walsh.
* Added hidden_proto/def for get_default_context_with_role.
* Merged selinux_path() and selinux_homedir_context_path()
functions from Joshua Brindle.
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
* Merged get_default_context_with_rolelevel and man pages from
Dan Walsh (Red Hat).
* Updated call to sepol_policydb_to_image for sepol changes.
* Changed getseuserbyname to ignore empty lines and to handle
no matching entry in the same manner as no seusers file.
* Changed selinux_mkload_policy to try downgrading the
latest policy version available to the kernel-supported version.
* Changed selinux_mkload_policy to fall back to the maximum
policy version supported by libsepol if the kernel policy version
falls outside of the supported range.
* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn't exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.
* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface.
* Merged fix for matchpathcon (regcomp error checking) from Johan
Fischer. Also added use of regerror to obtain the error string
for inclusion in the error message.
* Changed getseuserbyname to not require (and ignore if present)
the MLS level in seusers.conf if MLS is disabled, setting *level
to NULL in this case.
* Merged getseuserbyname patch from Dan Walsh.
* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
This allows file_contexts with MLS fields to be processed on
non-MLS-enabled systems with policies that are otherwise
identical (e.g. same type definitions).
* Merged get_ordered_context_list_with_level() function from
Dan Walsh, and added get_default_context_with_level().
This allows MLS level selection for users other than the
default level.
-- Manoj Srivastava <srivasta@debian.org> Sat, 10 Dec 2005 13:30:12 -0600
libselinux (1.26-1) unstable; urgency=low
* New upstream release
* Updated version for release.
* Merged modified form of patch to avoid dlopen/dlclose by
the static libselinux from Dan Walsh. Users of the static libselinux
will not have any context translation by default.
* Added public functions to export context translation to
users of libselinux (selinux_trans_to_raw_context,
selinux_raw_to_trans_context).
* Remove special definition for context_range_set; use
common code.
* Hid translation-related symbols entirely and ensured that
raw functions have hidden definitions for internal use.
* Allowed setting NULL via context_set* functions.
* Allowed whitespace in MLS component of context.
* Changed rpm_execcon to use translated functions to workaround
lack of MLS level on upgraded systems.
* Merged context translation patch, originally by TCS,
with modifications by Dan Walsh (Red Hat).
* Merged several fixes for error handling paths in the
AVC sidtab, matchpathcon, booleans, context, and get_context_list
code from Serge Hallyn (IBM). Bugs found by Coverity.
* Removed setupns; migrated to pam.
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
Original symbol is temporarily retained for compatibility until
all callers are updated.
* Bump shlibs
-- Manoj Srivastava <srivasta@debian.org> Wed, 14 Sep 2005 10:35:52 -0500
libselinux (1.24-4) unstable; urgency=low
* Bug fix: "Bad section for libselinux1-dev and selinux-utils", thanks
to Vincent Lefevre (Closes: #321959).
-- Manoj Srivastava <srivasta@debian.org> Wed, 10 Aug 2005 12:36:16 -0500
libselinux (1.24-3) unstable; urgency=low
* Aaargh. I should have used the patch provided in the BTS.
* Fix FTBFS on ia64 : _syscall2 is not available on ia64, use
INLINE_SYSCALL as defined in glibc sources to define clone(). Credit
for this fix goes to Florian Weimer <fw@deneb.enyo.de> and Adeodato Simó.
(closes: #320193)
-- Manoj Srivastava <srivasta@debian.org> Sun, 7 Aug 2005 09:25:18 -0500
libselinux (1.24-2) unstable; urgency=low
* Bug fix: "doesn't compile on ia64", thanks to Andreas
Barth. Apparently, we cannot use __clone2 because it requires a callback
and automatically invokes _exit in the child. Even if we used longjmp
to work around this problem, we are still using an internal GNU libc
interface. So, we include a GNU libc excerpt to implement a clone
look alike for IA64. Thanks to Florian Weimer for the fix.
(Closes: #320193).
-- Manoj Srivastava <srivasta@debian.org> Sat, 6 Aug 2005 09:24:12 -0500
libselinux (1.24-1) unstable; urgency=low
* New upstream release.
* Updated version for release.
* Merged security_setupns() from Chad Sellers.
* Merged avcstat and selinux man page from Dan Walsh.
* Changed security_load_booleans to process booleans.local
even if booleans file doesn't exist.
* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
* Rewrote get_ordered_context_list and helpers, including
changing logic to allow variable MLS fields.
* Merged matchpathcon and man page patch from Dan Walsh.
* Changed boolean functions to return -1 with errno ENOENT
rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
mounted).
* Fixed bug in matchpathcon_filespec_destroy.
* Fixed bug in rpm_execcon error handling path.
* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
* Merged fix for getconlist utility from Andreas Steinmetz.
* Merged security_set_boolean_list patch from Dan Walsh.
This introduces booleans.local support for setsebool.
* Merged destructors patch from Tomas Mraz.
* Added set_matchpathcon_flags() function for setting flags
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
means only process the base file_contexts file, not
file_contexts.homedirs or file_contexts.local, and is for use by
setfiles -c.
* Updated matchpathcon.3 man page.
-- Manoj Srivastava <srivasta@debian.org> Sun, 26 Jun 2005 00:27:09 -0500
libselinux (1.22-1) unstable; urgency=low
* New upstream release
* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
* Changed matchpathcon_common to ignore any non-format bits in the mode.
* Merged several fixes from Ulrich Drepper.
* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
* Added selinux_users_path() for path to directory containing
system.users and local.users.
* Changed relabel Makefile target to use restorecon.
* Regenerated av_permissions.h.
* Modified avc_dump_av to explicitly check for any permissions that
cannot be mapped to string names and display them as a hex value.
* Regenerated av_permissions.h.
* Generalized matchpathcon internals, exported more interfaces,
and moved additional code from setfiles into libselinux so that
setfiles can directly use matchpathcon.
* Prevent overflow of spec array in matchpathcon.
* Fixed several uses of internal functions to avoid relocations.
* Changed rpm_execcon to check is_selinux_enabled() and fallback to
a regular execve if not enabled (or unable to determine due to a lack
of /proc, e.g. chroot'd environment).
* Merged minor fix for avcstat from Dan Walsh.
* Merged patch from Dan Walsh, including:
- new is_context_customizable function
- changed matchpathcon to also use file_contexts.local if present
- man page cleanups
* Changed matchpathcon to return -1 with errno ENOENT for
<<none>> entries, and also for an empty file_contexts configuration.
* Removed some trivial utils that were not useful or redundant.
* Changed BINDIR default to /usr/sbin to match change in Fedora.
* Added security_compute_member.
* Added man page for setcon.
* Merged more man pages from Dan Walsh.
* Merged avcstat from James Morris.
* Merged build fix for mips from Manoj Srivastava.
* Merged C++ support from John Ramsdell of MITRE.
* Merged setcon() function from Darrel Goeddel of TCS.
* Merged setsebool/togglesebool enhancement from Steve Grubb.
* Merged cleanup patches from Steve Grubb.
-- Manoj Srivastava <srivasta@debian.org> Sat, 12 Mar 2005 16:19:39 -0600
libselinux (1.20-1) unstable; urgency=low
* New upstream release. Excerpted changes:
* Changed matchpathcon to return -1 with errno ENOENT for
<<none>> entries, and also for an empty file_contexts configuration.
* Removed some trivial utils that were not useful or redundant.
* Changed BINDIR default to /usr/sbin to match change in Fedora.
* Added security_compute_member.
* Added man page for setcon.
* Merged more man pages from Dan Walsh.
* Merged avcstat from James Morris.
* Merged build fix for mips from Manoj Srivastava.
* Merged C++ support from John Ramsdell of MITRE.
* Merged setcon() function from Darrel Goeddel of TCS.
* Merged setsebool/togglesebool enhancement from Steve Grubb.
* Merged cleanup patches from Steve Grubb.
* Bug fix: "should have man pages for all the functions", thanks to
Colin Walters A lot of man pages were included in this upstream
release. (Closes: #207028).
-- Manoj Srivastava <srivasta@debian.org> Wed, 12 Jan 2005 14:33:16 -0600
libselinux (1.18-3) unstable; urgency=low
* Update download location and copyright file, since the locations we
were pointing to are now forbidden (return a code 403). Bug fix:
"libselinux1: update upstream location in the copyright file", thanks
to Adrian Bunk (Closes: #282736).
-- Manoj Srivastava <srivasta@debian.org> Wed, 24 Nov 2004 14:03:21 -0600
libselinux (1.18-2) unstable; urgency=low
* Bug fix: "libselinux doesn't build on mips and mipsel", thanks to
Adrian Bunk. (Closes: #281464).
-- Manoj Srivastava <srivasta@debian.org> Tue, 16 Nov 2004 01:34:13 -0600
libselinux (1.18-1) unstable; urgency=low
* New upstream release. Excerpted changes:
* Merged cleanup patches from Steve Grubb.
* Added rpm_execcon.
* Merged setenforce and removable context patch from Dan Walsh.
* Merged build fix for alpha from Ulrich Drepper.
* Removed copyright/license from selinux_netlink.h - definitions only.
* Merged matchmediacon from Dan Walsh.
* Regenerated headers for new nscd permissions.
* Added get_default_context_with_role.
* Added set_matchpathcon_printf.
* Reworked av_inherit.h to allow easier re-use by kernel.
* Changed avc_has_perm_noaudit to not fail on netlink errors.
* Changed avc netlink code to check pid based on patch by Steve Grubb.
* Merged second optimization patch from Ulrich Drepper.
* Changed matchpathcon to skip invalid file_contexts entries.
* Made string tables private to libselinux.
* Merged strcat->stpcpy patch from Ulrich Drepper.
* Merged matchpathcon man page from Dan Walsh.
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
* Autobind netlink socket.
* Dropped compatibility code from security_compute_user.
* Merged fix for context_range_set from Chad Hanson.
* Merged allocation failure checking patch from Chad Hanson.
* Merged avc netlink error message patch from Colin Walters.
-- Manoj Srivastava <srivasta@debian.org> Wed, 3 Nov 2004 17:03:06 -0600
libselinux (1.16-8) unstable; urgency=low
* The dev package was missing a lib.
-- Manoj Srivastava <srivasta@debian.org> Wed, 27 Oct 2004 11:41:37 -0500
libselinux (1.16-7) unstable; urgency=low
* The section 3 man pages should be in the -dev package.
-- Manoj Srivastava <srivasta@debian.org> Wed, 27 Oct 2004 10:59:55 -0500
libselinux (1.16-6) unstable; urgency=low
* Sigh. Getting late. Remember to sign the upload, this time.
-- Manoj Srivastava <srivasta@debian.org> Wed, 27 Oct 2004 02:57:52 -0500
libselinux (1.16-5) unstable; urgency=low
* Added shlibs.local to allow bootstrapping selinux-utils on buildd's.
-- Manoj Srivastava <srivasta@debian.org> Wed, 27 Oct 2004 02:27:23 -0500
libselinux (1.16-4) unstable; urgency=low
* Bug fix: "libselinux_1.16-3: FTBFS: dpkg-shlibdeps: need at least one
executable", thanks to Anibal Monsalve Salazar. Actually, the problem
is that we need to build depend on file. (Closes: #278355).
-- Manoj Srivastava <srivasta@debian.org> Wed, 27 Oct 2004 02:19:00 -0500
libselinux (1.16-3) unstable; urgency=low
* New maintainer, and new build system.
* Bug fix: "libselinux1: package should not contain libselinux.so file",
thanks to Patrick Caulfield (Closes: #252124).
* Bug fix: "lvm2: FTBFS", thanks to Frederik Schueler (Closes: #251936).
* Bug fix: "lvm2: FTBFS when libselinux1 installed and libselinux1-dev
not.", thanks to Kurt Roeckx (Closes: #265325).
-- Manoj Srivastava <srivasta@debian.org> Tue, 26 Oct 2004 04:40:38 -0500
libselinux (1.16-2) unstable; urgency=low
* Patch to catch malloc() failures from Chad Hanson.
-- Russell Coker <russell@coker.com.au> Tue, 24 Aug 2004 16:51:00 +1000
libselinux (1.16-1) unstable; urgency=low
* New upstream with better boolean support.
-- Russell Coker <russell@coker.com.au> Fri, 20 Aug 2004 18:12:00 +1000
libselinux (1.14-3) unstable; urgency=low
* Rebuild to get the man page links correct.
-- Russell Coker <russell@coker.com.au> Tue, 10 Aug 2004 13:12:00 +1000
libselinux (1.14-2) unstable; urgency=low
* Changed selinux_file_context_path to refer to the Debian location.
-- Russell Coker <russell@coker.com.au> Tue, 13 Jul 2004 15:05:00 +1000
libselinux (1.14-1) unstable; urgency=low
* New upstream version, more and better man pages, and a bug fix that doesn't
affect Debian.
-- Russell Coker <russell@coker.com.au> Wed, 30 Jun 2004 14:33:00 +1000
libselinux (1.12-1) unstable; urgency=low
* New upstream version, fixes some minor bugs and adds SE-X security classes.
-- Russell Coker <russell@coker.com.au> Sat, 15 May 2004 16:07:00 +1000
libselinux (1.10-1) unstable; urgency=low
* Take over the package from Colin and make it required/base.
-- Russell Coker <russell@coker.com.au> Thu, 13 May 2004 08:14:00 +1000
libselinux (1.10-0.1) unstable; urgency=low
* New upstream version.
-- Russell Coker <russell@coker.com.au> Fri, 9 Apr 2004 14:22:00 +1000
libselinux (1.8-0.3) unstable; urgency=low
* Applied a better fix from Steve.
-- Russell Coker <russell@coker.com.au> Wed, 24 Mar 2004 15:23:00 +1100
libselinux (1.8-0.2) unstable; urgency=low
* Fixed bug where "selinuxfs" device is mounted.
-- Russell Coker <russell@coker.com.au> Tue, 23 Mar 2004 21:19:00 +1100
libselinux (1.8-0.1) unstable; urgency=low
* NMU for new upstream version and to put in some man page links.
-- Russell Coker <russell@coker.com.au> Sun, 14 Mar 2004 18:49:00 +1100
libselinux (1.6-1) unstable; urgency=low
* debian/rules:
- Make classes.pl executable (Closes: #235011).
-- Colin Walters <walters@debian.org> Tue, 2 Mar 2004 16:51:48 +0000
libselinux (1.6-0.1) unstable; urgency=low
* NMU for new upstream version.
* Added man pages.
-- Russell Coker <russell@coker.com.au> Thu, 26 Feb 2004 21:14:00 +1100
libselinux (1.4-0.1) unstable; urgency=low
* New upstream release.
-- Russell Coker <russell@coker.com.au> Sat, 6 Dec 2003 22:34:00 +1100
libselinux (1.2-1.2) unstable; urgency=low
* Made libselinux1-dev depend on libselinux1.
-- Russell Coker <russell@coker.com.au> Sat, 6 Dec 2003 17:38:00 +1100
libselinux (1.2-1.1) unstable; urgency=low
* NMU to fix some const issues.
-- Russell Coker <russell@coker.com.au> Sun, 9 Nov 2003 13:31:00 +1100
libselinux (1.2-1) unstable; urgency=low
* New upstream release.
* debian/libselinux1.install:
- Install libraries in /lib.
- Install libselinux.so here instead of in -dev.
* debian/control:
- Build-depend on cdbs 0.4.12.
-- Colin Walters <walters@debian.org> Wed, 8 Oct 2003 09:38:04 -0400
libselinux (1.1-2) unstable; urgency=low
* libselinux1-dev.install:
* libselinux1.install:
- Install headers in libselinux1-dev, not libselinux1.
-- Colin Walters <walters@debian.org> Sun, 24 Aug 2003 13:35:36 -0400
libselinux (1.1-1) unstable; urgency=low
* New upstream release.
-- Colin Walters <walters@debian.org> Thu, 21 Aug 2003 23:42:55 -0400
libselinux (1.0-1) unstable; urgency=low
* Initial version.
-- Colin Walters <walters@debian.org> Thu, 3 Jul 2003 17:16:19 -0400
|