topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-11-23 11:39:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Drop ChangeLog files

Browse Source 
They can be generated as desired via git log.
No need to keep maintaining them by hand.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2016-11-16 12:10:58 -05:00
parent c094ca9662
commit 7935dee8f6
8 changed files with 0 additions and 5335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

493
checkpolicy/ChangeLog
View File

@ -1,493 +0,0 @@
2.6 2016-10-14
* Remove Android.mk files and only keep them in Android tree, from Bowgo Tsai.
* Add types associated to a role in the current scope when parsing, from Nicolas Iooss.
* Extend checkpolicy pathname matching, from Stephen Smalley.
* Fix typos in test/dispol, from Petr Lautrbach.
* Set flex as default lexer, from Julien Pivotto.
* Fix checkmodule output message, from Petr Lautrbach.
* Build policy on systems not supporting DCCP protocol, from Richard Haines.
* Fail if module name different than output base filename, from James Carter
* Add support for portcon dccp protocol, from Richard Haines
2.5 2016-02-23
* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
* fix double free on name-based type transitions, from Stephen Smalley.
* switch operations to extended perms, from Jeff Vander Stoep.
* policy_define.c: fix compiler warnings, from Nick Kralevich.
* Remove uses of -Wno-return-type, from Dan Albert.
* Fix -Wreturn-type issues, from Dan Albert.
* dispol: display operations as ranges, from Jeff Vander Stoep.
* dispol: Extend to display operations, from Stephen Smalley.
* Add support for ioctl command whitelisting, from Jeff Vander Stoep.
* Add option to write CIL policy, from James Carter
* Add device tree ocontext nodes to Xen policy, from Daniel De Graaf.
* Widen Xen IOMEM context entries, from Daniel De Graaf.
* Expand allowed character set in paths, from Daniel De Graaf.
* Fix precedence between number and filesystem tokens, from Stephen Smalley.
* dispol/dismod fgets function warnings fix, from Emre Can Kucukoglu.
2.4 2015-02-02
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Add missing semicolon in cond_else parser rule, from Steven Capelli.
* Clear errno before call to strtol(3) from Dan Albert.
* Global C++11 compatibility from Dan Albert.
* Allow libsepol C++ static library on device from Daniel Cashman.
2.3 2014-05-06
* Add Android support for building dispol.
* Report source file and line information for neverallow failures.
* Prevent incompatible option combinations for checkmodule.
* Drop -lselinux from LDLIBS for test programs; not used.
* Add debug feature to display constraints/validatetrans from Richard Haines.
2.2 2013-10-30
* Fix hyphen usage in man pages from Laurent Bigonville.
* handle-unknown / -U required argument fix from Laurent Bigonville.
* Support overriding Makefile PATH and LIBDIR from Laurent Bigonville.
* Support space and : in filenames from Dan Walsh.
2.1.12 2013-02-01
* Fix errors found by coverity
* implement default type policy syntax
* Free allocated memory when clean up / exit.
2.1.11 2012-09-13
* fd leak reading policy
* check return code on ebitmap_set_bit
2.1.10 2012-06-28
* sepolgen: We need to support files that have a + in them
* Android/MacOS X build support
2.1.9 2012-03-28
* implement new default labeling behaviors for usr, role, range
* Fix dead links to www.nsa.gov/selinux
2.1.8 2011-12-21
* add new helper to translate class sets into bitmaps
2.1.7 2011-12-05
* dis* fixed signed vs unsigned errors
* dismod: fix unused parameter errors
* test: Makefile: include -W and -Werror
* allow ~ in filename transition rules
2.1.6 2011-11-03
* Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
* drop libsepol dynamic link in checkpolicy
2.1.5 2011-09-15
* Separate tunable from boolean during compile.
2.1.4 2011-08-26
* checkpolicy: fix spacing in output message
2.1.3 2011-08-17
* add missing ; to attribute_role_def
*Redo filename/filesystem syntax to support filename trans
2.1.2 2011-08-02
* .gitignore changes
* dispol output of role trans
* man page update: build a module with an older policy version
2.1.1 2011-08-01
* Minor updates to filename trans rule output in dis{mod,pol}
2.1.0 2011-07-27
* Release, minor version bump
2.0.27 2011-07-25
* Add role attribute support by Harry Ciao
2.0.26 2011-05-16
* Wrap file names in filename transitions with quotes by Steve Lawrence.
* Allow filesystem names to start with a digit by James Carter.
2.0.25 2011-05-02
* Add support for using the last path compnent in type transitions by Eric
Paris.
* Allow single digit module versions by Daniel Walsh.
* Use better filename identifier for filenames by Daniel Walsh.
* Use #defines for dismod selections by Eric Paris.
2.0.24 2011-04-11
* Add new class field in role_transition by Harry Ciao.
2.0.23 2010-12-16
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
2.0.22 2010-06-14
* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
2.0.21 2009-11-27
* Add long options to checkpolicy and checkmodule by Guido
Trentalancia <guido@trentalancia.com>
2.0.20 2009-10-14
* Add support for building Xen policies from Paul Nuzzi.
2.0.19 2009-02-18
* Fix alias field in module format, caused by boundary format change
from Caleb Case.
2.0.18 2008-10-14
* Properly escape regex symbols in the lexer from Stephen Smalley.
2.0.17 2008-10-09
* Add bounds support from KaiGai Kohei.
2.0.16 2008-05-27
* Update checkpolicy for user and role mapping support from Joshua Brindle.
2.0.15 2008-05-05
* Fix for policy module versions that look like IPv4 addresses from Jim Carter.
Resolves bug 444451.
2.0.14 2008-03-24
* Add permissive domain support from Eric Paris.
2.0.13 2008-03-05
* Split out non-grammar parts of policy_parse.yacc into
policy_define.c and policy_define.h from Todd C. Miller.
2.0.12 2008-03-04
* Initialize struct policy_file before using it, from Todd C. Miller.
2.0.11 2008-03-03
* Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller.
2.0.10 2008-02-28
* Use yyerror2() where appropriate from Todd C. Miller.
2.0.9 2008-02-04
* Update dispol for libsepol avtab changes from Stephen Smalley.
2.0.8 2008-01-24
* Deprecate role dominance in parser.
2.0.7 2008-01-02
* Added support for policy capabilities from Todd Miller.
2.0.6 2007-11-15
* Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source".
2.0.5 2007-11-01
* Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter.
2.0.4 2007-09-18
* Merged handle unknown policydb flag support from Eric Paris.
Adds new command line options -U {allow, reject, deny} for selecting
the flag when a base module or kernel policy is built.
2.0.3 2007-05-31
* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
2.0.2 2007-04-12
* Merged checkmodule man page fix from Dan Walsh.
2.0.1 2007-02-20
* Merged patch to allow dots in class identifiers from Caleb Case.
2.0.0 2007-02-01
* Merged patch to use new libsepol error codes by Karl MacMillan.
1.34.0 2007-01-18
* Updated version for stable branch.
1.33.1 2006-11-13
* Collapse user identifiers and identifiers together.
1.32 2006-10-17
* Updated version for release.
1.30.12 2006-09-28
* Merged user and range_transition support for modules from
Darrel Goeddel
1.30.11 2006-09-05
* merged range_transition enhancements and user module format
changes from Darrel Goeddel
1.30.10 2006-08-03
* Merged symtab datum patch from Karl MacMillan.
1.30.9 2006-06-29
* Lindent.
1.30.8 2006-06-29
* Merged patch to remove TE rule conflict checking from the parser
from Joshua Brindle. This can only be done properly by the
expander.
1.30.7 2006-06-27
* Merged patch to make checkpolicy/checkmodule handling of
duplicate/conflicting TE rules the same as the expander
from Joshua Brindle.
1.30.6 2006-06-26
* Merged optionals in base take 2 patch set from Joshua Brindle.
1.30.5 2006-05-05
* Merged compiler cleanup patch from Karl MacMillan.
* Merged fix warnings patch from Karl MacMillan.
1.30.4 2006-04-05
* Changed require_class to reject permissions that have not been
declared if building a base module.
1.30.3 2006-03-28
* Fixed checkmodule to call link_modules prior to expand_module
to handle optionals.
1.30.2 2006-03-28
* Fixed require_class to avoid shadowing permissions already defined
in an inherited common definition.
1.30.1 2006-03-22
* Moved processing of role and user require statements to 2nd pass.
1.30 2006-03-14
* Updated version for release.
1.29.5 2006-03-09
* Fixed bug in role dominance (define_role_dom).
1.29.4 2006-02-14
* Added a check for failure to declare each sensitivity in
a level definition.
1.29.3 2006-02-13
* Changed to clone level data for aliased sensitivities to
avoid double free upon sens_destroy. Bug reported by Kevin
Carr of Tresys Technology.
1.29.2 2006-02-13
* Merged optionals in base patch from Joshua Brindle.
1.29.1 2006-02-01
* Merged sepol_av_to_string patch from Joshua Brindle.
1.28 2005-12-07
* Updated version for release.
1.27.20 2005-12-02
* Merged checkmodule man page from Dan Walsh, and edited it.
1.27.19 2005-12-01
* Added error checking of all ebitmap_set_bit calls for out of
memory conditions.
1.27.18 2005-12-01
* Merged removal of compatibility handling of netlink classes
(requirement that policies with newer versions include the
netlink class definitions, remapping of fine-grained netlink
classes in newer source policies to single netlink class when
generating older policies) from George Coker.
1.27.17 2005-10-25
* Merged dismod fix from Joshua Brindle.
1.27.16 2005-10-20
* Removed obsolete cond_check_type_rules() function and call and
cond_optimize_lists() call from checkpolicy.c; these are handled
during parsing and expansion now.
1.27.15 2005-10-19
* Updated calls to expand_module for interface change.
1.27.14 2005-10-19
* Changed checkmodule to verify that expand_module succeeds
when building base modules.
1.27.13 2005-10-19
* Merged module compiler fixes from Joshua Brindle.
1.27.12 2005-10-19
* Removed direct calls to hierarchy_check_constraints() and
check_assertions() from checkpolicy since they are now called
internally by expand_module().
1.27.11 2005-10-18
* Updated for changes to sepol policydb_index_others interface.
1.27.10 2005-10-17
* Updated for changes to sepol expand_module and link_modules interfaces.
1.27.9 2005-10-13
* Merged support for require blocks inside conditionals from
Joshua Brindle (Tresys).
1.27.8 2005-10-06
* Updated for changes to libsepol.
1.27.7 2005-10-05
* Merged several bug fixes from Joshua Brindle (Tresys).
1.27.6 2005-10-03
* Merged MLS in modules patch from Joshua Brindle (Tresys).
1.27.5 2005-09-28
* Merged error handling improvement in checkmodule from Karl MacMillan (Tresys).
1.27.4 2005-09-26
* Merged bugfix for dup role transition error messages from
Karl MacMillan (Tresys).
1.27.3 2005-09-23
* Merged policyver/modulever patches from Joshua Brindle (Tresys).
1.27.2 2005-09-20
* Fixed parse_categories handling of undefined category.
1.27.1 2005-09-16
* Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
1.26 2005-09-06
* Updated version for release.
1.25.12 2005-08-22
* Fixed handling of validatetrans constraint expressions.
Bug reported by Dan Walsh for checkpolicy -M.
1.25.11 2005-08-18
* Merged use-after-free fix from Serge Hallyn (IBM).
Bug found by Coverity.
1.25.10 2005-08-15
* Fixed further memory leaks found by valgrind.
1.25.9 2005-08-15
* Changed checkpolicy to destroy the policydbs prior to exit
to allow leak detection.
* Fixed several memory leaks found by valgrind.
1.25.8 2005-08-11
* Updated checkpolicy and dispol for the new avtab format.
Converted users of ebitmaps to new inline operators.
Note: The binary policy format version has been incremented to
version 20 as a result of these changes. To build a policy
for a kernel that does not yet include these changes, use
the -c 19 option to checkpolicy.
1.25.7 2005-08-11
* Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys).
1.25.6 2005-08-10
* Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
1.25.5 2005-08-09
* Fixed call to hierarchy checking code to pass the right policydb.
1.25.4 2005-08-02
* Merged patch to update dismod for the relocation of the
module read/write code from libsemanage to libsepol, and
to enable build of test subdirectory from Jason Tang (Tresys).
1.25.3 2005-07-18
* Merged hierarchy check fix from Joshua Brindle (Tresys).
1.25.2 2005-07-06
* Merged loadable module support from Tresys Technology.
1.25.1 2005-06-24
* Merged patch to prohibit the use of * and ~ in type sets
(other than in neverallow statements) and in role sets
from Joshua Brindle (Tresys).
1.24 2005-06-20
* Updated version for release.
1.23.4 2005-05-19
* Merged cleanup patch from Dan Walsh.
1.23.3 2005-05-13
* Added sepol_ prefix to Flask types to avoid namespace
collision with libselinux.
1.23.2 2005-04-29
* Merged identifier fix from Joshua Brindle (Tresys).
1.23.1 2005-04-13
* Merged hierarchical type/role patch from Tresys Technology.
* Merged MLS fixes from Darrel Goeddel of TCS.
1.22 2005-03-09
* Updated version for release.
1.21.4 2005-02-17
* Moved genpolusers utility to libsepol.
* Merged range_transition support from Darrel Goeddel (TCS).
1.21.3 2005-02-16
* Merged define_user() cleanup patch from Darrel Goeddel (TCS).
1.21.2 2005-02-09
* Changed relabel Makefile target to use restorecon.
1.21.1 2005-01-26
* Merged enhanced MLS support from Darrel Goeddel (TCS).
1.20 2005-01-04
* Merged typeattribute statement patch from Darrel Goeddel of TCS.
* Changed genpolusers to handle multiple user config files.
* Merged nodecon ordering patch from Chad Hanson of TCS.
1.18 2004-10-07
* MLS build fix.
* Fixed Makefile dependencies (Chris PeBenito).
* Merged fix for role dominance ordering issue from Chad Hanson of TCS.
* Preserve portcon ordering and apply more checking.
1.16 2004-08-13
* Allow empty conditional clauses.
* Moved genpolbools utility to libsepol.
* Updated for libsepol set functions.
* Changed to link with libsepol.a.
* Moved core functionality into libsepol.
* Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys.
* Added genpolusers program.
* Fixed bug in checkpolicy conditional code.
1.14 2004-06-28
* Merged fix for MLS logic from Daniel Thayer of TCS.
* Require semicolon terminator for typealias statement.
1.12 2004-06-16
* Merged fine-grained netlink class support.
1.10 2004-04-07
* Merged ipv6 support from James Morris of RedHat.
* Fixed compute_av bug discovered by Chad Hanson of TCS.
1.8 2004-03-09
* Merged policydb MLS patch from Chad Hanson of TCS.
* Fixed mmap of policy file.
1.6 2004-02-18
* Merged conditional policy extensions from Tresys Technology.
* Added typealias declaration support per Russell Coker's request.
* Added support for excluding types from type sets based on
a patch by David Caplan, but reimplemented as a change to the
policy grammar.
* Merged patch from Colin Walters to report source file name and line
number for errors when available.
* Un-deprecated role transitions.
1.4 2003-12-01
* Regenerated headers.
* Merged patches from Bastian Blank and Joerg Hoh.
1.2 2003-09-30
* Merged MLS build patch from Karl MacMillan of Tresys.
* Merged checkpolicy man page from Magosanyi Arpad.
1.1 2003-08-13
* Fixed endian bug in policydb_write for behavior value.
* License -> GPL.
* Merged coding style cleanups from James Morris.
1.0 2003-07-11
* Initial public release.

1310
libselinux/ChangeLog
View File

File diff suppressed because it is too large Load Diff

888
libsemanage/ChangeLog
View File

@ -1,888 +0,0 @@
* Use a macro prefixed with SEMANAGE to protect dso.h, from Nicolas Iooss.
* swig: use SWIG_fail when an error occurs, from Nicolas Iooss.
* Fall back to gcc in exception.sh, from Nicolas Iooss.
* Link Python wrapper with Python, from Nicolas Iooss.
* Query for python site-packages dir directly, from Nicolas Iooss.
* Link Ruby wrapper with -lruby, from Nicolas Iooss.
* Use Ruby to define RUBYINC, from Nicolas Iooss.
* semanage_seuser_key_create: copy name to avoid use-after-free in swig-generated code, from Nicolas Iooss.
* Remove *swig_python_exception.i if its creation failed, from Nicolas Iooss.
* Remove ruby_semanage.so with "make clean", from Nicolas Iooss.
* Fix kernel pathname in semanage_verify_kernel(), from Stephen Smalley.
* genhomedircon: only set MLS level if MLS is enabled, from Stephen Smalley.
2.6 2016-10-14
* genhomedircon: do not suppress logging from libsepol, from Stephen Smaley.
* genhomedircon: use userprefix as the role for homedir, from Gary Tierney.
* Fix linker scripts / map files, from Stephen Smalley.
* Fix bug preventing the installation of base modules, from James Carter.
* make distclean target work, from Nicolas Iooss.
* Do not always print a module name warning, from Miroslav Grepl.
* Use pp module name instead of filename when installing module, from Petr Lautrbach.
* tests: Do not force using gcc, from Nicolas Iooss.
* genhomedircon: remove hardcoded refpolicy strings, from Gary Tierney.
* genhomedircon: add support for %group syntax, from Gary Tierney.
* genhomedircon: generate contexts for logins mapped to the default user, from Gary Tierney.
* Validate and compile file contexts before installing, from Stephen Smalley.
* Swap tcp and udp protocol numbers, from Miroslav Vadkerti.
* Sort object files for deterministic linking order, from Laurent Bigonville.
* Support overriding Makefile RANLIB, from Julien Pivotto.
* Respect CC and PKG_CONFIG environment variable, from Julien Pivotto.
* Fix multiple spelling errors, from Laurent Bigonville.
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups, from Jason Zaman.
2.5 2016-02-23
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api, from Nicolas Iooss.
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so, from Laurent Bigonville.
* Store homedir_template and users_extra in policy store, from Steve Lawrence
* Fix null pointer dereference in semanage_module_key_destroy, from Yuli Khodorkovskiy.
* Add semanage_module_extract() to extract a module as CIL or HLL, from Yuli Khodorkovskiy.
* semanage_migrate_store: add -r <root> option for migrating inside chroots, from Petr Lautrbach.
* Add file_contexts and seusers to the store, from Yuli Khodorkovskiy.
* Add policy binary and file_contexts.local to the store, from Yuli Khodorkovskiy.
* Allow to install compressed modules without a compression extension,
from Petr Lautrbach.
* Do not copy contexts in semanage_migrate_store, from Jason Zaman.
* Fix logic in bunzip for uncompressed pp files, from Thomas Hurd.
* Fix fname[] initialization in test_utilities.c, from Petr Lautrbach.
* Add remove-hll semanage.conf option to remove HLL files after
compilation to CIL, from Yuli Khodorkovskiy
* Fix memory leaks when parsing semanage.conf, from Yuli Khodorkovskiy
* Change bunzip to use heap instead of stack to prevent segfault on
systems with small stack size, from Thomas Hurd.
2.4 2015-02-02
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
directories, from Steve Lawrence
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Add missing manpage links to security_load_policy, from Laurent
Bigonville.
* Fix failing libsemanage pywrap tests, from Nicolas Iooss
* Fix deprecation warning for bison, from Ilya Frolov
* Skip policy module relink when only setting booleans, from Stephen
Smalley
* Fix typo in tests makefile, from Caleb Case
* Only try to compile file contexts if they exist, from Steve Lawrence
* Fix memory leak when setting a custom store path, from Yuli
Khodorkovskiy
* Add semodule option to set store root path in semanage.conf and the
semodule command, from Yuli Khodorkovskiy
* Add semanage.conf option to set an alternative root path for policy
store, from Yuli Khodorkovskiy
* Add support for High Level Language (HLL) to CIL compilers. The HLL
compiler path is configurable, but should be placed in
/usr/libexec/selinux/hll by default, from Yuli Khodorkovskiy
* Create a policy migration script for migrating the policy store from
/etc/selinux to /var/lib/selinux, from Caleb Case
* Add python3 support to the migration script, from Jason Zaman
* Use libcil to compile modules, from Steve Lawrence
* Use symbolic versioning to maintain ABI compatibility for old install
functions, from Yuli Khodorkovskiy
* Add a target-platform option to semanage.conf to control how policies
are built, from Steve Lawrence
* Add API to handle modules and source policies, moving module store to
/var/lib/selinux, from Caleb Case
* Only try to compile file contexts if they exist, from Steve Lawrence
2.3 2014-05-06
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
2.2 2013-10-30
* Avoid duplicate list entries from Dan Walsh.
* Add audit support to libsemanage from Dan Walsh.
* Remove policy.kern and replace with symlink from Dan Walsh.
* Apply a MAX_UID check for genhomedircon from Laurent Bigonville.
* Fix man pages from Laurent Bigonville.
2.1.10 2013-02-01
* Add sefcontext_compile to compile regex everytime policy is rebuilt
* Cleanup/fix enable/disable/remove module.
* redo genhomedircon minuid
* fixes from coverity
* semanage_store: do not leak memory in semanage_exec_prog
* genhomedircon: remove useless conditional in get_home_dirs
* genhomedircon: double free in get_home_dirs
* fcontext_record: do not leak on error in semanage_fcontext_key_create
* genhomedircon: do not leak on failure in write_gen_home_dir_context
* semanage_store: do not leak fd
* genhomedircon: do not leak shells list
* semanage_store: do not leak on strdup failure
* semanage_store: rewrite for readability
2.1.9 2012-09-13
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* do boolean name substitution
* Fix segfault for building standard policies.
2.1.8 2012-06-28
* remove build warning when build swig c files
* additional makefile support for rubywrap
* ignore 80 column limit for readability
* semanage_store: fix snprintf length argument by using asprintf
* Use default semanage.conf as a fallback
* use after free in python bindings
2.1.7 2012-03-28
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
2.1.6 2011-12-21
* add ignoredirs config for genhomedircon
* Fallback_user_level can be NULL if you are not using MLS
2.1.5 2011-11-03
* regenerate .pc on VERSION change
* maintain mode even if umask is tighter
* semanage.conf man page
* create man5dir if not exist
2.1.4 2011-09-15
* Create a new preserve_tunables flag
* tree: default make target to all not
* fix semanage_store_access_check calling arguments
2.1.3 2011-08-26
* python wrapper makefile changes
2.1.2 2011-08-17
* print error debug info for buggy fc
* introduce semanage_set_root and friends
* throw exceptions in python rather than return
* python3 support.
* patch for MCS/MLS in user files
2.1.1 2011-08-01
* Remove generated files, expand .gitignore
* Use -Werror and change a few prototypes to support it
2.1.0 2011-07-27
* Release, minor version bump
2.0.46 2010-12-16
* Fix compliation under GCC 4.6 by Justin Mattock
2.0.45 2010-03-06
* Add enable/disable patch support from Dan Walsh.
* Add usepasswd flag to semanage.conf to disable genhomedircon using
passwd from Dan Walsh.
* regenerate swig wrappers
2.0.44 2010-02-02
* Replace usage of fmemopen() with sepol_policy_file_set_mem() since
glibc < 2.9 does not support binary mode ('b') for fmemopen'd
streams.
2.0.43 2009-11-27
* Move libsemanage.so to /usr/lib
* Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>
2.0.42 2009-11-18
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
2.0.41 2009-10-29
* Add pkgconfig file from Eamon Walsh.
2.0.40 2009-10-22
* Add semanage_set_check_contexts() function to disable calling
setfiles
2.0.39 2009-09-24
* make swigify
2.0.38 2009-09-16
* Change semodule upgrade behavior to install even if the module
is not present from Dan Walsh.
* Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
2.0.37 2009-09-04
* Fix persistent dontaudit support to rebuild policy if the
dontaudit state is changed from Chad Sellers.
2.0.36 2009-08-24
* Changed bzip-blocksize=0 handling to support existing compressed
modules in the store.
2.0.35 2009-08-05
* Revert hard linking of files between tmp/active/previous.
2.0.34 2009-08-05
* Enable configuration of bzip behavior from Stephen Smalley.
bzip-blocksize=0 to disable compression and decompression support.
bzip-blocksize=1..9 to set the blocksize for compression.
bzip-small=true to reduce memory usage for decompression.
2.0.33 2009-07-07
* Maintain disable dontaudit state from Christopher Pardy.
2.0.32 2009-05-28
* Ruby bindings from David Quigley.
2.0.31 2009-01-12
* Policy module compression (bzip) support from Dan Walsh.
* Hard link files between tmp/active/previous from Dan Walsh.
2.0.30 2008-11-12
* Add semanage_mls_enabled() interface from Stephen Smalley.
2.0.29 2008-11-11
* Add USER to lines to homedir_template context file from Chris PeBenito.
2.0.28 2008-09-15
* allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
2.0.27 2008-08-05
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax.
2.0.26 2008-07-29
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
2.0.25 2008-04-21
* Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
Fixes semanage boolean -D seg fault (bug 441379).
2.0.24 2008-02-26
* make swigify
2.0.23 2008-02-04
* Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
2.0.22 2008-02-04
* Free policydb before fork from Joshua Brindle.
2.0.21 2008-02-04
* Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.
2.0.12 2008-02-02
* Use sepol_set_expand_consume_base to reduce peak memory usage when
using semodule from Joshua Brindle.
2.0.19 2008-01-31
* Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
2.0.18 2008-01-28
* Fix spurious out of memory error reports.
2.0.17 2008-01-25
* Merged second version of fix for genhomedircon handling from Caleb Case.
2.0.16 2008-01-24
* Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
2.0.15 2007-12-05
* Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
* Copy the store path in semanage_select_store from Dan Walsh.
2.0.14 2007-11-05
* Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.
2.0.13 2007-11-05
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
2.0.12 2007-10-05
* ustr cleanups from James Antill.
* Ensure that /root gets labeled even if using the default context from Dan Walsh.
2.0.11 2007-09-28
* Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
2.0.10 2007-09-28
* Fix error checking on getpw*_r functions from Todd Miller.
* Make genhomedircon skip invalid homedir contexts from Todd Miller.
* Set default user and prefix from seusers from Dan Walsh.
* Add swigify Makefile target from Dan Walsh.
2.0.9 2007-09-24
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
2.0.8 2007-09-19
* Clear errno on non-fatal errors to avoid reporting them upon a
later error that does not set errno.
2.0.7 2007-09-19
* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
2.0.6 2007-09-10
* Change to use getpw* function calls to the _r versions from Todd Miller.
2.0.5 2007-08-23
* Replace genhomedircon script with equivalent functionality within
libsemanage and introduce disable-genhomedircon option in
semanage.conf from Todd Miller.
Note: Depends on ustr.
2.0.4 2007-08-16
* Allow dontaudits to be turned off via semanage interface when
updating policy from Joshua Brindle.
2.0.3 2007-04-25
* Fix to libsemanage man patches so whatis will work better from Dan Walsh
2.0.2 2007-04-24
* Merged optimizations from Stephen Smalley.
- do not set all booleans upon commit, only those whose values have changed
- only install the sandbox upon commit if something was rebuilt
2.0.1 2007-03-12
* Merged dbase_file_flush patch from Dan Walsh.
This removes any mention of specific tools (e.g. semanage)
from the comment header of the auto-generated files,
since there are multiple front-end tools.
2.0.0 2007-02-20
* Merged Makefile test target patch from Caleb Case.
* Merged get_commit_number function rename patch from Caleb Case.
* Merged strnlen -> strlen patch from Todd Miller.
1.10.1 2007-01-26
* Merged python binding fix from Dan Walsh.
1.10.0 2007-01-18
* Updated version for stable branch.
1.9.2 2007-01-08
* Merged patch to optionally reduce disk usage by removing
the backup module store and linked policy from Karl MacMillan
* Merged patch to correctly propagate return values in libsemanage
1.9.1 2006-11-27
* Merged patch to compile wit -fPIC instead of -fpic from
Manoj Srivastava to prevent hitting the global offest table
limit. Patch changed to include libselinux and libsemanage in
addition to libsepol.
1.8 2006-10-17
* Updated version for release.
1.6.17 2006-09-29
* Merged patch to skip reload if no active store exists and
the store path doesn't match the active store path from Dan Walsh.
* Merged patch to not destroy sepol handle on error path of
connect from James Athey.
* Merged patch to add genhomedircon path to semanage.conf from
James Athey.
1.6.16 2006-08-14
* Make most copy errors fatal, but allow exceptions for
file_contexts.local, seusers, and netfilter_contexts if
the source file does not exist in the store.
1.6.15 2006-08-11
* Merged separate local file contexts patch from Chris PeBenito.
1.6.14 2006-08-11
* Merged patch to make most copy errors non-fatal from Dan Walsh.
1.6.13 2006-08-03
* Merged netfilter contexts support from Chris PeBenito.
1.6.12 2006-07-11
* Merged support for read operations on read-only fs from
Caleb Case (Tresys Technology).
1.6.11 2006-06-29
* Lindent.
1.6.10 2006-06-26
* Merged setfiles location check patch from Dan Walsh.
1.6.9 2006-06-16
* Merged several fixes from Serge Hallyn:
dbase_file_cache: deref of uninit data on error path.
dbase_policydb_cache: clear fp to avoid double fclose
semanage_fc_sort: destroy temp on error paths
1.6.8 2006-06-02
* Updated default location for setfiles to /sbin to
match policycoreutils. This can also be adjusted via
semanage.conf using the syntax:
[setfiles]
path = /path/to/setfiles
args = -q -c $@ $<
[end]
1.6.7 2006-05-05
* Merged fix warnings patch from Karl MacMillan.
1.6.6 2006-04-14
* Merged updated file context sorting patch from Christopher
Ashworth, with bug fix for escaped character flag.
1.6.5 2006-04-13
* Merged file context sorting code from Christopher Ashworth
(Tresys Technology), based on fc_sort.c code in refpolicy.
1.6.4 2006-04-12
* Merged python binding t_output_helper removal patch from Dan Walsh.
* Regenerated swig files.
1.6.3 2006-03-30
* Merged corrected fix for descriptor leak from Dan Walsh.
1.6.2 2006-03-20
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
1.6.1 2006-03-20
* Merged man page reorganization from Ivan Gyurdiev.
1.6 2006-03-14
* Updated version for release.
1.5.31 2006-03-09
* Merged abort early on merge errors patch from Ivan Gyurdiev.
1.5.30 2006-03-08
* Cleaned up error handling in semanage_split_fc based on a patch
by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
1.5.29 2006-02-21
* Merged MLS handling fixes from Ivan Gyurdiev.
1.5.28 2006-02-16
* Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
1.5.27 2006-02-16
* Merged base_merge_components changes from Ivan Gyurdiev.
1.5.26 2006-02-15
* Merged paths array patch from Ivan Gyurdiev.
* Merged bug fix patch from Ivan Gyurdiev.
1.5.25 2006-02-14
* Merged improve bindings patch from Ivan Gyurdiev.
1.5.24 2006-02-14
* Merged use PyList patch from Ivan Gyurdiev.
* Merged memory leak fix patch from Ivan Gyurdiev.
* Merged nodecon support patch from Ivan Gyurdiev.
* Merged cleanups patch from Ivan Gyurdiev.
* Merged split swig patch from Ivan Gyurdiev.
1.5.23 2006-02-13
* Merged optionals in base patch from Joshua Brindle.
1.5.22 2006-02-13
* Merged treat seusers/users_extra as optional sections patch from
Ivan Gyurdiev.
* Merged parse_optional fixes from Ivan Gyurdiev.
1.5.21 2006-02-07
* Merged seuser/user_extra support patch from Joshua Brindle.
* Merged remote system dbase patch from Ivan Gyurdiev.
1.5.20 2006-02-02
* Merged clone record on set_con patch from Ivan Gyurdiev.
1.5.19 2006-01-30
* Merged fname parameter patch from Ivan Gyurdiev.
* Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
* Merged seusers.system patch from Ivan Gyurdiev.
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
1.5.18 2006-01-27
* Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
1.5.17 2006-01-27
* Merged set_create_store, access_check, and is_connected interfaces
from Joshua Brindle.
1.5.16 2006-01-19
* Regenerate python wrappers.
1.5.15 2006-01-18
* Merged pywrap Makefile diff from Dan Walsh.
* Merged cache management patch from Ivan Gyurdiev.
* Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
* Merged remove apply_local function patch from Ivan Gyurdiev.
* Merged only do read locking in direct case patch from Ivan Gyurdiev.
* Merged cache error path memory leak fix from Ivan Gyurdiev.
* Merged auto-generated file header patch from Ivan Gyurdiev.
* Merged pywrap test update from Ivan Gyurdiev.
* Merged hidden defs update from Ivan Gyurdiev.
1.5.14 2006-01-13
* Merged disallow port overlap patch from Ivan Gyurdiev.
1.5.13 2006-01-12
* Merged join prereq and implementation patches from Ivan Gyurdiev.
* Merged join user extra data part 2 patch from Ivan Gyurdiev.
* Merged bugfix patch from Ivan Gyurdiev.
1.5.12 2006-01-12
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
* Merged user extra data part 1 patch from Ivan Gyurdiev.
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
* Merged calloc check in semanage_store patch from Ivan Gyurdiev,
bug noticed by Steve Grubb.
* Merged cleanups after add/set removal patch from Ivan Gyurdiev.
1.5.11 2006-01-09
* Merged fcontext compare fix from Ivan Gyurdiev.
1.5.10 2006-01-06
* Fixed commit to return the commit number aka policy sequence number.
1.5.9 2006-01-06
* Merged const in APIs patch from Ivan Gyurdiev.
* Merged validation of local file contexts patch from Ivan Gyurdiev.
* Merged compare2 function patch from Ivan Gyurdiev.
* Merged hidden def/proto update patch from Ivan Gyurdiev.
1.5.8 2006-01-05
* Re-applied string and file optimization patch from Russell Coker,
with bug fix.
1.5.7 2006-01-05
* Reverted string and file optimization patch from Russell Coker.
1.5.6 2006-01-05
* Clarified error messages from parse_module_headers and
parse_base_headers for base/module mismatches.
1.5.5 2006-01-05
* Merged string and file optimization patch from Russell Coker.
* Merged swig header reordering patch from Ivan Gyurdiev.
* Merged toggle modify on add patch from Ivan Gyurdiev.
* Merged ports parser bugfix patch from Ivan Gyurdiev.
* Merged fcontext swig patch from Ivan Gyurdiev.
* Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
* Merged man pages for dbase functions patch from Ivan Gyurdiev.
* Merged pywrap tests patch from Ivan Gyurdiev.
1.5.4 2006-01-04
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
1.5.3 2005-12-14
* Merged further header cleanups from Ivan Gyurdiev.
1.5.2 2005-12-13
* Merged toggle modified flag in policydb_modify, fix memory leak
in clear_obsolete, polymorphism vs headers fix, and include guards
for internal headers patches from Ivan Gyurdiev.
1.5.1 2005-12-12
* Added file-mode= setting to semanage.conf, default to 0644.
Changed semanage_copy_file and callers to use this mode when
installing policy files to runtime locations.
1.4 2005-12-07
* Updated version for release.
1.3.64 2005-12-06
* Changed semanage_handle_create() to set do_reload based on
is_selinux_enabled(). This prevents improper attempts to
load policy on a non-SELinux system.
1.3.63 2005-12-05
* Dropped handle from user_del_role interface.
1.3.62 2005-12-05
* Removed defrole interfaces.
1.3.61 2005-11-29
* Merged Makefile python definitions patch from Dan Walsh.
1.3.60 2005-11-29
* Removed is_selinux_mls_enabled() conditionals in seusers and users
file parsers.
1.3.59 2005-11-28
* Merged wrap char*** for user_get_roles patch from Joshua Brindle.
1.3.58 2005-11-28
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
1.3.57 2005-11-28
* Merged swig wrappers for modifying users and seusers from Joshua Brindle.
1.3.56 2005-11-16
* Fixed free->key_free bug.
1.3.55 2005-11-16
* Merged clear obsolete patch from Ivan Gyurdiev.
1.3.54 2005-11-15
* Merged modified swigify patch from Dan Walsh
(original patch from Joshua Brindle).
* Merged move genhomedircon call patch from Chad Sellers.
1.3.53 2005-11-10
* Merged move seuser validation patch from Ivan Gyurdiev.
* Merged hidden declaration fixes from Ivan Gyurdiev,
with minor corrections.
1.3.52 2005-11-09
* Merged cleanup patch from Ivan Gyurdiev.
This renames semanage_module_conn to semanage_direct_handle,
and moves sepol handle create/destroy into semanage handle
create/destroy to allow use even when disconnected (for the
record interfaces).
1.3.51 2005-11-08
* Clear modules modified flag upon disconnect and commit.
1.3.50 2005-11-08
* Added tracking of module modifications and use it to
determine whether expand-time checks should be applied
on commit.
1.3.49 2005-11-08
* Reverted semanage_set_reload_bools() interface.
1.3.48 2005-11-08
* Disabled calls to port dbase for merge and commit and stubbed
out calls to sepol_port interfaces since they are not exported.
1.3.47 2005-11-08
* Merged rename instead of copy patch from Joshua Brindle (Tresys).
1.3.46 2005-11-07
* Added hidden_def/hidden_proto for exported symbols used within
libsemanage to eliminate relocations. Wrapped type definitions
in exported headers as needed to avoid conflicts. Added
src/context_internal.h and src/iface_internal.h.
1.3.45 2005-11-07
* Added semanage_is_managed() interface to allow detection of whether
the policy is managed via libsemanage. This enables proper handling
in setsebool for non-managed systems.
1.3.44 2005-11-07
* Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
to enable runtime control over preserving active boolean values
versus reloading their saved settings upon commit.
1.3.43 2005-11-04
* Merged seuser parser resync, dbase tracking and cleanup, strtol
bug, copyright, and assert space patches from Ivan Gyurdiev.
1.3.42 2005-11-04
* Added src/*_internal.h in preparation for other changes.
* Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
src/seusers.[hc].
1.3.41 2005-11-03
* Merged interface parse/print, context_to_string interface change,
move assert_noeof, and order preserving patches from Ivan Gyurdiev.
* Added src/dso.h in preparation for other changes.
1.3.40 2005-11-01
* Merged install seusers, handle/error messages, MLS parsing,
and seusers validation patches from Ivan Gyurdiev.
1.3.39 2005-10-31
* Merged record interface, dbase flush, common database code,
and record bugfix patches from Ivan Gyurdiev.
1.3.38 2005-10-27
* Merged dbase policydb list and count change from Ivan Gyurdiev.
1.3.37 2005-10-27
* Merged enable dbase and set relay patches from Ivan Gyurdiev.
1.3.36 2005-10-27
* Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
1.3.35 2005-10-26
* Merged sepol handle passing, seusers support, and policydb cache
patches from Ivan Gyurdiev.
1.3.34 2005-10-25
* Merged resync to sepol changes and booleans fixes/improvements
patches from Ivan Gyurdiev.
1.3.33 2005-10-25
* Merged support for genhomedircon/homedir template, store selection,
explicit policy reload, and semanage.conf relocation from Joshua
Brindle.
1.3.32 2005-10-24
* Merged resync to sepol changes and transaction fix patches from
Ivan Gyurdiev.
1.3.31 2005-10-21
* Merged reorganize users patch from Ivan Gyurdiev.
* Merged remove unused relay functions patch from Ivan Gyurdiev.
1.3.30 2005-10-20
* Fixed policy file leaks in semanage_load_module and
semanage_write_module.
* Merged further database work from Ivan Gyurdiev.
1.3.29 2005-10-20
* Fixed bug in semanage_direct_disconnect.
1.3.28 2005-10-20
* Merged interface renaming patch from Ivan Gyurdiev.
* Merged policy component patch from Ivan Gyurdiev.
1.3.27 2005-10-20
* Renamed 'check=' configuration value to 'expand-check=' for
clarity.
* Changed semanage_commit_sandbox to check for and report errors
on rename(2) calls performed during rollback.
1.3.26 2005-10-19
* Added optional check= configuration value to semanage.conf
and updated call to sepol_expand_module to pass its value
to control assertion and hierarchy checking on module expansion.
1.3.25 2005-10-19
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
1.3.24 2005-10-19
* Merged default database from Ivan Gyurdiev.
* Merged removal of connect requirement in policydb backend from
Ivan Gyurdiev.
* Merged commit locking fix and lock rename from Joshua Brindle.
* Merged transaction rollback in lock patch from Joshua Brindle.
1.3.23 2005-10-18
* Changed default args for load_policy to be null, as it no longer
takes a pathname argument and we want to preserve booleans.
1.3.22 2005-10-18
* Merged move local dbase initialization patch from Ivan Gyurdiev.
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
1.3.21 2005-10-18
* Added calls to sepol_policy_file_set_handle interface prior
to invoking sepol operations on policy files.
* Updated call to sepol_policydb_from_image to pass the handle.
1.3.20 2005-10-17
* Merged user and port APIs - policy database patch from Ivan
Gyurdiev.
1.3.19 2005-10-17
* Converted calls to sepol link_packages and expand_module interfaces
from using buffers to using sepol handles for error reporting, and
changed direct_connect/disconnect to create/destroy sepol handles.
1.3.18 2005-10-14
* Merged bugfix patch from Ivan Gyurdiev.
1.3.17 2005-10-14
* Merged seuser database patch from Ivan Gyurdiev.
Merged direct user/port databases to the handle from Ivan Gyurdiev.
1.3.16 2005-10-14
* Removed obsolete include/semanage/commit_api.h (leftover).
Merged seuser record patch from Ivan Gyurdiev.
1.3.15 2005-10-14
* Merged boolean and interface databases from Ivan Gyurdiev.
1.3.14 2005-10-13
* Updated to use get interfaces for hidden sepol_module_package type.
1.3.13 2005-10-13
* Changed semanage_expand_sandbox and semanage_install_active
to generate/install the latest policy version supported by libsepol
by default (unless overridden by semanage.conf), since libselinux
will now downgrade automatically for load_policy.
1.3.12 2005-10-13
* Merged new callback-based error reporting system and ongoing
database work from Ivan Gyurdiev.
1.3.11 2005-10-11
* Fixed semanage_install_active() to use the same logic for
selecting a policy version as semanage_expand_sandbox(). Dropped
dead code from semanage_install_sandbox().
1.3.10 2005-10-07
* Updated for changes to libsepol, and to only use types and interfaces
provided by the shared libsepol.
1.3.9 2005-10-06
* Merged further database work from Ivan Gyurdiev.
1.3.8 2005-10-04
* Merged iterate, redistribute, and dbase split patches from
Ivan Gyurdiev.
1.3.7 2005-09-30
* Merged patch series from Ivan Gyurdiev.
(pointer typedef elimination, file renames, dbase work, backend
separation)
1.3.6 2005-09-28
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
* Separated handle create from connect interface.
* Added a constructor for initialization.
* Moved up src/include/*.h to src.
* Created a symbol map file; dropped dso.h and hidden markings.
1.3.5 2005-09-28
* Merged major update to libsemanage organization and functionality
from Karl MacMillan (Tresys).
1.3.4 2005-09-23
* Merged dbase redesign patch from Ivan Gyurdiev.
1.3.3 2005-09-21
* Merged boolean record, stub record handler, and status codes
patches from Ivan Gyurdiev.
1.3.2 2005-09-16
* Merged stub iterator functionality from Ivan Gyurdiev.
* Merged interface record patch from Ivan Gyurdiev.
1.3.1 2005-09-14
* Merged stub functionality for managing user and port records,
and record table code from Ivan Gyurdiev.
1.2 2005-09-06
* Updated version for release.
1.1.6 2005-08-31
* Merged semod.conf template patch from Dan Walsh (Red Hat),
but restored location to /usr/share/semod/semod.conf.
1.1.5 2005-08-30
* Fixed several bugs found by valgrind.
* Fixed bug in prior patch for the semod_build_module_list leak.
1.1.4 2005-08-25
* Merged errno fix from Joshua Brindle (Tresys).
* Merged fix for semod_build_modules_list leak on error path
from Serge Hallyn (IBM). Bug found by Coverity.
1.1.3 2005-08-22
* Merged several fixes from Serge Hallyn (IBM). Bugs found by
Coverity.
* Fixed several other bugs and warnings.
1.1.2 2005-08-02
* Merged patch to move module read/write code from libsemanage
to libsepol from Jason Tang (Tresys).
1.1.1 2005-08-02
* Merged relay records patch from Ivan Gyurdiev.
* Merged key extract patch from Ivan Gyurdiev.
1.0 2005-07-27
* Initial version.

928
libsepol/ChangeLog
View File

@ -1,928 +0,0 @@
* Make parsing symbol table headers more robust, from Nicolas Iooss.
* Test for ebitmap_read() negative return value, from Nicolas Iooss.
* Replace an assert with an error message, from Nicolas Iooss.
* Fix checkpolicy dontaudit compiler bug, from William Roberts.
* Revert "libsepol: fix checkpolicy dontaudit compiler bug", from William Roberts.
* cil_lexer: make warnings non-fatal for building, from Stephen Smalley.
* cil: remove double free, from Daniel Cashman.
* Fix checkpolicy dontaudit compiler bug, from Stephen Smalley.
* sepol_{bool|iface|user}_key_create: copy name, from Stephen Smalley.
* Fail if CIL map permission is not resolved, from James Carter.
* Add symver with explicit version to build with ld.gold, from Jason Zaman.
* cil: Add support for multiple strpool users, from Daniel Cashman.
* Fix bugs found by Nicolas Iooss by fuzzing secilc with AFL, from James Carter.
* build on mac, from William Roberts.
* cil: disable symver on Mac builds, from William Roberts.
2.6 2016-10-14
* Fix linker scripts / map files, from Stephen Smalley.
* Fix bugs found by fuzzing secilc with AFL, from Nicolas Iooss.
* Add support for converting extended permissions to CIL, from James Carter.
* Create user and role caches when building binary policy, from Gary Tierney.
* Remove Android.mk files and only keep them in Android tree, from Bowgo Tsai.
* Check for too many permissions in classes and commons in CIL, from James Carter.
* Fix xperm mapping between avrule and avtab, from Jeff Vander Stoep.
* tests: Fix mispelling of optimization option, from Nicolas Iooss.
* Fix unused/uninitialized variables on mac build, from William Roberts.
* Produce more meaningful error messages for conflicting type rules in CIL, from Guido Trentalancia.
* make "make test" fail when a CUnit test fails, from Nicolas Iooss.
* tests: fix g_b_role_2 test, from Nicolas Iooss.
* Change which attributes CIL keeps in the binary policy, from James Carter.
* Port str_read() from kernel and remove multiple occurances of similar code, from William Roberts.
* Use calloc instead of malloc for all the *_to_val_structs, from William Roberts.
* Fix bugs found by AFL, from William Roberts.
* Fix memory leak in expand.c, from William Roberts.
* Fix invalid read when policy file is corrupt, from William Roberts.
* Fix possible use of uninitialized variables, from William Roberts.
* Warn instead of fail if permission is not resolved, from James Carter.
* Ignore object_r when adding userrole mappings to policydb, from Steve Lawrence.
* Add missing return to sepol_node_query(), from Petr Lautrbach.
* Add missing <stdarg.h> include, from Thomas Petazzoni.
* Correctly detect unknown classes in sepol_string_to_security_class, from Joshua Brindle.
* Sort object files for deterministic linking order, from Laurent Bigonville.
* Fix neverallowxperm checking on attributes, from Jeff Vander Stoep.
* Remove libsepol.map when cleaning, from Nicolas Iooss.
* Add high-level language line marking support to CIL, from James Carter.
* Change logic of bounds checking to match change in kernel, from James Carter.
* Fix multiple spelling errors, from Laurent Bigonville.
* Only apply bounds checking to source types in rules, from Stephen Smalley.
* Fix CIL and not add an attribute as a type in the attr_type_map, from James Carter
* Build policy on systems not supporting DCCP protocol, from Richard Haines.
* Fix extended permissions neverallow checking, from Jeff Vander Stoep.
* Fix CIL neverallow and bounds checking, from James Carter
* Android.mk: Add -D_GNU_SOURCE to common_cflags, from Nick Kralevich.
* Add support for portcon dccp protocol, from Richard Haines
* Fix bug in CIL when resetting classes, from Steve Lawrence
2.5 2016-02-23
* Fix unused variable annotations, from Nicolas Iooss.
* Fix uninitialized variable in CIL, from Nicolas Iooss.
* Validate extended avrules and permissionxs in CIL, from Steve Lawrence.
* Add support in CIL for neverallowx, from Steve Lawrence.
* Fully expand neverallowxperm rules, from Richard Haines.
* Add support for unordered classes to CIL, from Yuli Khodorkovskiy.
* Add neverallow support for ioctl extended permissions, from Jeff Vander Stoep.
* Improve CIL block and macro call recursion detection, from Steve Lawrence
* Fix CIL uninitialized false positive in cil_binary, from Yuli Khodorkovskiy
* Provide error in CIL if classperms are empty, from Yuli Khodorkovskiy
* Add userattribute{set} functionality to CIL, from Yuli Khodorkovskiy
* fix CIL blockinherit copying segfault and add macro restrictions, from Steve Lawrence
* fix CIL NULL pointer dereference when copying classpermission/set, from Steve Lawrence
* Add CIL support for ioctl whitelists, from Steve Lawrence
* Fix memory leak when destroying avtab, from Steve Lawrence
* Replace sscanf in module_to_cil, from Yuli Khodorkovskiy.
* Improve CIL resolution error messages, from Steve Lawrence
* Fix policydb_read for policy versions < 24, from Stephen Smalley.
* Added CIL bounds checking and refactored CIL Neverallow checking, from James Carter
* Refactored libsepol Neverallow and bounds (hierarchy) checking, from James Carter
* Treat types like an attribute in the attr_type_map, from James Carter
* Add new ebitmap function named ebitmap_match_any(), from James Carter
* switch operations to extended perms, from Jeff Vander Stoep.
* Write auditadm_r and secadm_r roles to base module when writing CIL, from Steve Lawrence
* Fix module to CIL to only associate declared roleattributes with in-scope types, from Steve Lawrence
* Don't allow categories/sensitivities inside blocks in CIL, from Yuli Khodorkovskiy.
* Replace fmemopen() with internal function in libsepol, from James Carter.
* Verify users prior to evaluating users in cil, from Yuli Khodorkovskiy.
* Binary modules do not support ioctl rules, from Stephen Smalley.
* Add support for ioctl command whitelisting, from Jeff Vander Stoep.
* Don't use symbol versioning for static object files, from Yuli Khodorkovskiy.
* Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter.
* Move secilc out of libsepol, from Yuli Khodorkovskiy.
* fix building Xen policy with devicetreecon, and add devicetreecon
CIL documentation, from Richard Haines.
* bool_copy_callback set state on creation, from Thomas Hurd.
* Add device tree ocontext nodes to Xen policy, from Daniel De Graaf.
* Widen Xen IOMEM context entries, from Daniel De Graaf.
* Update CIL documentation, from Richard Haines
* Fix error path in mls_semantic_level_expand(), from Chris PeBenito.
* Fix MacOS X build, from Stephen Smalley.
* Enabling building CIL in Android, from Stephen Smalley.
* Update to latest CIL, includes new name resolution and fixes ordering
issues with blockinherit statements, and bug fixes
2.4 2015-02-02
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve
Lawrence
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Build CIL into libsepol. libsepol can be built without CIL by setting the
DISABLE_CIL flag to 'y', from Steve Lawrence
* Add an API function to set target_platform, from Steve Lawrence
* Report all neverallow violations, from Stephen Smalley
* Improve check_assertions performance through hash tweaks from John Brooks.
* Allow libsepol C++ static library on device from Daniel Cashman.
2.3 2014-05-06
* Improve error message for name-based transition conflicts.
* Revert libsepol: filename_trans: use some better sorting to compare and merge.
* Report source file and line information for neverallow failures.
* Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
* Add sepol_validate_transition_reason_buffer function from Richard Haines.
2.2 2013-10-30
* Allow constraint denial cause to be determined from Richard Haines.
- Add kernel policy version 29.
- Add modular policy version 17.
- Add sepol_compute_av_reason_buffer(), sepol_string_to_security_class(), sepol_string_to_av_perm().
* Support overriding Makefile RANLIB from Sven Vermeulen.
* Fix man pages from Laurent Bigonville.
2.1.9 2013-02-01
* filename_trans: use some better sorting to compare and merge
* coverity fixes
* implement default type policy syntax
* Fix memory leak issues found by Klocwork
2.1.8 2012-09-13
* fix neverallow checking on attributes
* Move context_copy() after switch block in ocontext_copy_*().
* check for missing initial SID labeling statement.
* Add always_check_network policy capability
* role_fix_callback skips out-of-scope roles during expansion.
2.1.7 2012-06-28
* reserve policycapability for redhat testing of ptrace child
* cosmetic changes to make the source easier to read
* prepend instead of append to filename_trans list
* Android/MacOS X build support
2.1.6 2012-04-23
* allocate enough space to hold filename in trans rules
2.1.5 2012-03-28
* checkpolicy: implement new default labeling behaviors
2.1.4 2011-10-03
* regenerate .pc on VERSION change
* Move ebitmap_* functions from mcstrans to libsepol
* expand: do filename_trans type comparison on mapped representation
2.1.3 2011-09-15
* Skip writing role attributes for policy.X and
* Indicate when boolean is indeed a tunable.
* Separate tunable from boolean during compile.
* Write and read TUNABLE flags in related
* Copy and check the cond_bool_datum_t.flags during link.
* Permanently discard disabled branches of tunables in
* Skip tunable identifier and cond_node_t in expansion.
* Create a new preserve_tunables flag
* Preserve tunables when required by semodule program.
* setools expects expand_module_avrules to be an exported
* tree: default make target to all not
2.1.2 2011-08-03
* Only call role_fix_callback for base.p_roles during expansion.
* use mapped role number instead of module role number
2.1.1 2011-08-01
* Minor fix to reading policy with filename transition rules
2.1.0 2011-07-27
* Release, minor version bump
2.0.46 2011-07-25
* Add role attribute support by Harry Ciao
2.0.45 2011-05-02
* Warn if filename_trans rules are dropped by Steve Lawrence.
2.0.44 2011-04-13
* Fixes for new role_transition class field by Eric Paris.
* Add libsepol support for filename_trans rules by Eric Paris.
2.0.43 2011-04-11
* Add new class field in role_transition by Harry Ciao.
2.0.42 2010-12-16
* Fix compliation under GCC 4.6 by Justin Mattock
2.0.41 2009-11-18
* Fixed typo in error message from Manoj Srivastava.
2.0.40 2009-10-29
* Add pkgconfig file from Eamon Walsh.
2.0.39 2009-10-14
* Add support for building Xen policies from Paul Nuzzi.
2.0.38 2009-09-01
* Check last offset in the module package against the file size.
Reported by Manoj Srivastava for bug filed by Max Kellermann.
2.0.37 2009-07-07
* Add method to check disable dontaudit flag from Christopher Pardy.
2.0.36 2009-03-25
* Fix boolean state smashing from Joshua Brindle.
2.0.35 2009-02-19
* Fix alias field in module format, caused by boundary format change
from Caleb Case.
2.0.34 2008-10-09
* Add bounds support from KaiGai Kohei.
* Fix invalid aliases bug from Joshua Brindle.
2.0.33 2008-09-29
* Revert patch that removed expand_rule.
2.0.32 2008-07-07
* Allow require then declare in the source policy from Joshua Brindle.
2.0.31 2008-06-13
* Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
2.0.30 2008-06-06
* Fix endianness bug in the handling of network node addresses from Stephen Smalley.
Only affects big endian platforms.
Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.
2.0.29 2008-05-27
* Merge user and role mapping support from Joshua Brindle.
2.0.28 2008-05-05
* Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
2.0.27 2008-04-18
* Belatedly merge test for policy downgrade from Todd Miller.
2.0.26 2008-03-24
* Add permissive domain support from Eric Paris.
2.0.25 2008-03-04
* Drop unused ->buffer field from struct policy_file.
2.0.24 2008-03-04
* Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.
2.0.23 2008-02-28
* Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.
2.0.22 2008-02-28
* Add support for open_perms policy capability from Eric Paris.
2.0.21 2008-02-20
* Fix invalid memory allocation in policydb_index_others() from Jason Tang.
2.0.20 2008-02-04
* Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.
2.0.19 2008-02-02
* Add support for consuming avrule_blocks during expansion to reduce
peak memory usage from Joshua Brindle.
2.0.18 2008-01-02
* Added support for policy capabilities from Todd Miller.
2.0.17 2007-12-21
* Prevent generation of policy.18 with MLS enabled from Todd Miller.
2.0.16 2007-12-07
* print module magic number in hex on mismatch, from Todd Miller.
2.0.15 2007-11-29
* clarify and reduce neverallow error reporting from Stephen Smalley.
2.0.14 2007-11-05
* Reject self aliasing at link time from Stephen Smalley.
2.0.13 2007-11-05
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
2.0.12 2007-10-11
* Fixed bug in require checking from Stephen Smalley.
* Added user hierarchy checking from Todd Miller.
2.0.11 2007-09-24
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
2.0.10 2007-09-18
* Merged support for the handle_unknown policydb flag from Eric Paris.
2.0.9 2007-08-29
* Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.
2.0.8 2007-08-28
* Fixed module_package_read_offsets bug introduced by the prior patch.
2.0.7 2007-08-23
* Eliminate unaligned accesses from policy reading code from Stephen Smalley.
2.0.6 2007-08-16
* Allow dontaudits to be turned off during policy expansion from
Joshua Brindle.
2.0.5 2007-08-01
* Fix sepol_context_clone to handle a NULL context correctly.
This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
to set the file context entry to "<<none>>".
2.0.4 2007-06-20
* Merged error handling patch from Eamon Walsh.
2.0.3 2007-04-13
* Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
2.0.2 2007-03-30
* Merged fix from Karl to remap booleans at expand time to
avoid holes in the symbol table.
2.0.1 2007-02-06
* Merged libsepol segfault fix from Stephen Smalley for when
sensitivities are required but not present in the base.
2.0.0 2007-02-01
* Merged patch to add errcodes.h to libsepol by Karl MacMillan.
1.16.0 2007-01-18
* Updated version for stable branch.
1.15.3 2006-11-27
* Merged patch to compile wit -fPIC instead of -fpic from
Manoj Srivastava to prevent hitting the global offest table
limit. Patch changed to include libselinux and libsemanage in
addition to libselinux.
1.15.2 2006-10-31
* Merged fix from Karl MacMillan for a segfault when linking
non-MLS modules with users in them.
1.15.1 2006-10-24
* Merged fix for version comparison that was preventing range
transition rules from being written for a version 5 base policy
from Darrel Goeddel.
1.14 2006-10-17
* Updated version for release.
1.12.28 2006-09-28
* Build libsepol's static object files with -fpic
1.12.27 2006-09-28
* Merged mls user and range_transition support in modules
from Darrel Goeddel
1.12.26 2006-09-05
* Merged range transition enhancements and user format changes
Darrel Goeddel
1.12.25 2006-08-24
* Merged conditionally expand neverallows patch from Jeremy Mowery.
* Merged refactor expander patch from Jeremy Mowery.
1.12.24 2006-08-03
* Merged libsepol unit tests from Joshua Brindle.
1.12.23 2006-08-03
* Merged symtab datum patch from Karl MacMillan.
1.12.22 2006-08-03
* Merged netfilter contexts support from Chris PeBenito.
1.12.21 2006-07-28
* Merged helpful hierarchy check errors patch from Joshua Brindle.
1.12.20 2006-07-25
* Merged semodule_deps patch from Karl MacMillan.
This adds source module names to the avrule decls.
1.12.19 2006-06-29
* Lindent.
1.12.18 2006-06-26
* Merged optionals in base take 2 patch set from Joshua Brindle.
1.12.17 2006-05-30
* Revert 1.12.16.
1.12.16 2006-05-30
* Merged cleaner fix for bool_ids overflow from Karl MacMillan,
replacing the prior patch.
1.12.15 2006-05-30
* Merged fixes for several memory leaks in the error paths during
policy read from Serge Hallyn.
1.12.14 2006-05-25
* Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
based on bug report and suggested fix by Cedric Roux.
1.12.13 2006-05-24
* Merged sens_copy_callback, check_role_hierarchy_callback,
and node_from_record fixes from Serge Hallyn.
1.12.12 2006-05-22
* Added sepol_policydb_compat_net() interface for testing whether
a policy requires the compatibility support for network checks
to be enabled in the kernel.
1.12.11 2006-05-17
* Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
Reworked to use calloc in the first place, and converted some other
malloc/memset pairs to calloc calls.
1.12.10 2006-05-08
* Merged patch to revert role/user decl upgrade from Karl MacMillan.
1.12.9 2006-05-08
* Dropped tests from all Makefile target.
1.12.8 2006-05-05
* Merged fix warnings patch from Karl MacMillan.
1.12.7 2006-05-05
* Merged libsepol test framework patch from Karl MacMillan.
1.12.6 2006-04-28
* Fixed cond_normalize to traverse the entire cond list at link time.
1.12.5 2006-04-03
* Merged fix for leak of optional package sections from Ivan Gyurdiev.
1.12.4 2006-03-29
* Generalize test for bitmap overflow in ebitmap_set_bit.
1.12.3 2006-03-27
* Fixed attr_convert_callback and expand_convert_type_set
typemap bug.
1.12.2 2006-03-24
* Fixed avrule_block_write num_decls endian bug.
1.12.1 2006-03-20
* Fixed sepol_module_package_write buffer overflow bug.
1.12 2006-03-14
* Updated version for release.
1.11.20 2006-03-08
* Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
* Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
1.11.19 2006-02-21
* Merged sepol_policydb_mls_enabled interface and error handling
changes from Ivan Gyurdiev.
1.11.18 2006-02-16
* Merged node_expand_addr bugfix and node_compare* change from
Ivan Gyurdiev.
1.11.17 2006-02-15
* Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
* Merged bug fix patch from Ivan Gyurdiev.
1.11.16 2006-02-14
* Added a defined flag to level_datum_t for use by checkpolicy.
1.11.15 2006-02-14
* Merged nodecon support patch from Ivan Gyurdiev.
* Merged cleanups patch from Ivan Gyurdiev.
1.11.14 2006-02-13
* Merged optionals in base patch from Joshua Brindle.
1.11.13 2006-02-07
* Merged seuser/user_extra support patch from Joshua Brindle.
* Merged fix patch from Ivan Gyurdiev.
1.11.12 2006-02-02
* Merged clone record on set_con patch from Ivan Gyurdiev.
1.11.11 2006-02-01
* Merged assertion copying bugfix from Joshua Brindle.
* Merged sepol_av_to_string patch from Joshua Brindle.
1.11.10 2006-01-30
* Merged cond_expr mapping and package section count bug fixes
from Joshua Brindle.
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
* Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
1.11.9 2006-01-12
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
1.11.8 2006-01-09
* Merged 2nd const in APIs patch from Ivan Gyurdiev.
1.11.7 2006-01-06
* Merged const in APIs patch from Ivan Gyurdiev.
* Merged compare2 function patch from Ivan Gyurdiev.
1.11.6 2006-01-06
* Fixed hierarchy checker to only check allow rules.
1.11.5 2006-01-05
* Merged further fixes from Russell Coker, specifically:
- av_to_string overflow checking
- sepol_context_to_string error handling
- hierarchy checking memory leak fixes and optimizations
- avrule_block_read variable initialization
* Marked deprecated code in genbools and genusers.
1.11.4 2006-01-05
* Merged bugfix for sepol_port_modify from Russell Coker.
1.11.3 2006-01-05
* Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
* Merged port ordering patch from Ivan Gyurdiev.
1.11.2 2006-01-04
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- support ordering of records in compare function
- enable port interfaces
- add interfaces for context validity and range checks
- add include guards
1.11.1 2005-12-16
* Fixed mls_range_cpy bug.
1.10 2005-12-07
* Updated version for release.
1.9.42 2005-12-05
* Dropped handle from user_del_role interface.
1.9.41 2005-11-28
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
1.9.40 2005-11-15
* Merged module function and map file cleanup from Ivan Gyurdiev.
* Merged MLS and genusers cleanups from Ivan Gyurdiev.
1.9.39 2005-11-09
Prepare for removal of booleans* and *.users files.
* Cleaned up sepol_genbools to not regenerate the image if
there were no changes in the boolean values, including the
degenerate case where there are no booleans or booleans.local
files.
* Cleaned up sepol_genusers to not warn on missing local.users.
1.9.38 2005-11-08
* Removed sepol_port_* from libsepol.map, as the port interfaces
are not yet stable.
1.9.37 2005-11-04
* Merged context destroy cleanup patch from Ivan Gyurdiev.
1.9.36 2005-11-03
* Merged context_to_string interface change patch from Ivan Gyurdiev.
1.9.35 2005-11-01
* Added src/dso.h and src/*_internal.h.
Added hidden_def for exported symbols used within libsepol.
Added hidden for symbols that should not be exported by
the wildcards in libsepol.map.
1.9.34 2005-10-31
* Merged record interface, record bugfix, and set_roles patches
from Ivan Gyurdiev.
1.9.33 2005-10-27
* Merged count specification change from Ivan Gyurdiev.
1.9.32 2005-10-26
* Added further checking and error reporting to
sepol_module_package_read and _info.
1.9.31 2005-10-26
* Merged sepol handle passing, DEBUG conversion, and memory leak
fix patches from Ivan Gyurdiev.
1.9.30 2005-10-25
* Removed processing of system.users from sepol_genusers and
dropped delusers logic.
1.9.29 2005-10-25
* Removed policydb_destroy from error path of policydb_read,
since create/init/destroy/free of policydb is handled by the
caller now.
* Fixed sepol_module_package_read to handle a failed policydb_read
properly.
1.9.28 2005-10-25
* Merged query/exists and count patches from Ivan Gyurdiev.
1.9.27 2005-10-25
* Merged fix for pruned types in expand code from Joshua Brindle.
* Merged new module package format code from Joshua Brindle.
1.9.26 2005-10-24
* Merged context interface cleanup, record conversion code,
key passing, and bug fix patches from Ivan Gyurdiev.
1.9.25 2005-10-21
* Merged users cleanup patch from Ivan Gyurdiev.
1.9.24 2005-10-21
* Merged user record memory leak fix from Ivan Gyurdiev.
* Merged reorganize users patch from Ivan Gyurdiev.
1.9.23 2005-10-19
* Added check flag to expand_module() to control assertion
and hierarchy checking on expansion.
1.9.22 2005-10-19
* Reworked check_assertions() and hierarchy_check_constraints()
to take handles and use callback-based error reporting.
* Changed expand_module() to call check_assertions() and
hierarchy_check_constraints() prior to returning the expanded
policy.
1.9.21 2005-10-18
* Changed sepol_module_package_set_file_contexts to copy the
file contexts data since it is internally managed.
1.9.20 2005-10-18
* Added sepol_policy_file_set_handle interface to associate
a handle with a policy file.
* Added handle argument to policydb_from_image/to_image.
* Added sepol_module_package_set_file_contexts interface.
* Dropped sepol_module_package_create_file interface.
* Reworked policydb_read/write, policydb_from_image/to_image,
and sepol_module_package_read/write to use callback-based error
reporting system rather than DEBUG.
1.9.19 2005-10-17
* Reworked link_packages, link_modules, and expand_module to use
callback-based error reporting system rather than error buffering.
1.9.18 2005-10-14
* Merged conditional expression mapping fix in the module linking
code from Joshua Brindle.
1.9.17 2005-10-13
* Hid sepol_module_package type definition, and added get interfaces.
1.9.16 2005-10-13
* Merged new callback-based error reporting system from Ivan
Gyurdiev.
1.9.15 2005-10-13
* Merged support for require blocks inside conditionals from
Joshua Brindle (Tresys).
1.9.14 2005-10-07
* Fixed use of policydb_from_image/to_image to ensure proper
init of policydb.
1.9.13 2005-10-07
* Isolated policydb internal headers under <sepol/policydb/*.h>.
These headers should only be used by users of the static libsepol.
Created new <sepol/policydb.h> with new public types and interfaces
for shared libsepol.
Created new <sepol/module.h> with public types and interfaces moved
or wrapped from old module.h, link.h, and expand.h, adjusted for
new public types for policydb and policy_file.
Added public interfaces to libsepol.map.
Some implementation changes visible to users of the static libsepol:
1) policydb_read no longer calls policydb_init.
Caller must do so first.
2) policydb_init no longer takes policy_type argument.
Caller must set policy_type separately.
3) expand_module automatically enables the global branch.
Caller no longer needs to do so.
4) policydb_write uses the policy_type and policyvers from the
policydb itself, and sepol_set_policyvers() has been removed.
1.9.12 2005-10-06
* Merged function renaming and static cleanup from Ivan Gyurdiev.
1.9.11 2005-10-05
* Merged bug fix for check_assertions handling of no assertions
from Joshua Brindle (Tresys).
1.9.10 2005-10-04
* Merged iterate patch from Ivan Gyurdiev.
1.9.9 2005-10-03
* Merged MLS in modules patch from Joshua Brindle (Tresys).
1.9.8 2005-09-30
* Merged pointer typedef elimination patch from Ivan Gyurdiev.
* Merged user list function, new mls functions, and bugfix patch
from Ivan Gyurdiev.
1.9.7 2005-09-28
* Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
1.9.6 2005-09-23
* Merged bug fix patches from Joshua Brindle (Tresys).
1.9.5 2005-09-21
* Merged boolean record and memory leak fix patches from Ivan
Gyurdiev.
1.9.4 2005-09-19
* Merged interface record patch from Ivan Gyurdiev.
1.9.3 2005-09-14
* Merged fix for sepol_enable/disable_debug from Ivan
Gyurdiev.
1.9.2 2005-09-14
* Merged stddef.h patch and debug conversion patch from
Ivan Gyurdiev.
1.9.1 2005-09-09
* Fixed expand_avtab and expand_cond_av_list to keep separate
entries with identical keys but different enabled flags.
1.8 2005-09-06
* Updated version for release.
1.7.24 2005-08-31
* Fixed symtab_insert return value for duplicate declarations.
1.7.23 2005-08-31
* Merged fix for memory error in policy_module_destroy from
Jason Tang (Tresys).
1.7.22 2005-08-26
* Merged fix for memory leak in sepol_context_to_sid from
Jason Tang (Tresys).
1.7.21 2005-08-25
* Merged fixes for resource leaks on error paths and
change to scope_destroy from Joshua Brindle (Tresys).
1.7.20 2005-08-23
* Merged more fixes for resource leaks on error paths
from Serge Hallyn (IBM). Bugs found by Coverity.
1.7.19 2005-08-19
* Changed to treat all type conflicts as fatal errors.
1.7.18 2005-08-18
* Merged several error handling fixes from
Serge Hallyn (IBM). Bugs found by Coverity.
1.7.17 2005-08-15
* Fixed further memory leaks found by valgrind.
1.7.16 2005-08-15
* Fixed several memory leaks found by valgrind.
1.7.15 2005-08-12
* Fixed empty list test in cond_write_av_list. Bug found by
Coverity, reported by Serge Hallyn (IBM).
* Merged patch to policydb_write to check errors
when writing the type->attribute reverse map from
Serge Hallyn (IBM). Bug found by Coverity.
* Fixed policydb_destroy to properly handle NULL type_attr_map
or attr_type_map.
1.7.14 2005-08-12
* Fixed use of uninitialized data by expand_avtab_node by
clearing type_val_to_struct in policydb_index_others.
1.7.13 2005-08-11
* Improved memory use by SELinux by both reducing the avtab
node size and reducing the number of avtab nodes (by not
expanding attributes in TE rules when possible). Added
expand_avtab and expand_cond_av_list functions for use by
assertion checker, hierarchy checker, compatibility code,
and dispol. Added new inline ebitmap operators and converted
existing users of ebitmaps to the new operators for greater
efficiency.
Note: The binary policy format version has been incremented to
version 20 as a result of these changes.
1.7.12 2005-08-10
* Fixed bug in constraint_node_clone handling of name sets.
1.7.11 2005-08-08
* Fix range_trans_clone to map the type values properly.
1.7.10 2005-08-02
* Merged patch to move module read/write code from libsemanage
to libsepol from Jason Tang (Tresys).
1.7.9 2005-08-02
* Enabled further compiler warning flags and fixed them.
1.7.8 2005-08-02
* Merged user, context, port records patch from Ivan Gyurdiev.
* Merged key extract function patch from Ivan Gyurdiev.
1.7.7 2005-07-27
* Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
1.7.6 2005-07-26
* Merged context reorganization, memory leak fixes,
port and interface loading, replacements for genusers and
genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
* Merged uninitialized variable bugfix from Dan Walsh.
1.7.5 2005-07-18
* Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
* Removed genpolbools and genpolusers utilities.
1.7.4 2005-07-18
* Merged hierarchy check fix from Joshua Brindle (Tresys).
1.7.3 2005-07-13
* Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
1.7.2 2005-07-11
* Merged genbools debugging message cleanup from Red Hat.
1.7.1 2005-07-06
* Merged loadable module support from Tresys Technology.
1.6 2005-06-20
* Updated version for release.
1.5.10 2005-05-19
* License changed to LGPL v2.1, see COPYING.
1.5.9 2005-05-16
* Added sepol_genbools_policydb and sepol_genusers_policydb for
audit2why.
1.5.8 2005-05-13
* Added sepol_ prefix to Flask types to avoid
namespace collision with libselinux.
1.5.7 2005-05-13
* Added sepol_compute_av_reason() for audit2why.
1.5.6 2005-04-25
* Fixed bug in role hierarchy checker.
1.5.5 2005-04-13
* Merged hierarchical type/role patch from Tresys Technology.
* Merged MLS fixes from Darrel Goeddel of TCS.
1.5.4 2005-04-13
* Changed sepol_genusers to not delete users by default,
and added a sepol_set_delusers function to enable deletion.
Also, removed special case handling of system_u and user_u.
1.5.3 2005-03-29
* Merged booleans.local patch from Dan Walsh.
1.5.2 2005-03-16
* Added man page for sepol_check_context.
1.5.1 2005-03-15
* Added man page for sepol_genusers function.
* Merged man pages for genpolusers and chkcon from Manoj Srivastava.
1.4 2005-03-09
* Updated version for release.
1.3.8 2005-03-08
* Cleaned up error handling in sepol_genusers and sepol_genbools.
1.3.7 2005-02-28
* Merged sepol_debug and fclose patch from Dan Walsh.
1.3.6 2005-02-22
* Changed sepol_genusers to also use getline and correctly handle
EOL.
1.3.5 2005-02-17
* Merged range_transition support from Darrel Goeddel (TCS).
1.3.4 2005-02-16
* Added sepol_genusers function.
1.3.3 2005-02-14
* Merged endianness and compute_av patches from Darrel Goeddel (TCS).
1.3.2 2005-02-09
* Changed relabel Makefile target to use restorecon.
1.3.1 2005-01-26
* Merged enhanced MLS support from Darrel Goeddel (TCS).
1.2.1 2005-01-19
* Merged build fix patch from Manoj Srivastava.
1.2 2004-10-07
* MLS build fixes.
* Added sepol_set_policydb_from_file and sepol_check_context for setfiles.
1.0 2004-08-19
* Initial public release.
0.4 2004-08-13
* Merged patch from Dan Walsh to ignore case on booleans.
* Changed sepol_genbools* to preserve the original policy version.
* Replaced exported global variables with set functions.
* Moved genpolbools utility from checkpolicy to libsepol.
* Added man pages for sepol_genbools* and genpolbools.
0.3 2004-08-10
* Added ChangeLog, COPYING, spec file.
* Added sepol_genbools_array() for load_policy.
* Created libsepol.map to limit exported symbols in shared library.
0.2 2004-08-09
* Exported other functions for checkpolicy and friends.
* Renamed service and sidtab functions to avoid libselinux conflict.
* Removed original code from checkpolicy, which now uses libsepol.
* Code cleanup: kill legacy references to kernel types/functions.
0.1 2004-08-06
* Moved checkpolicy core logic into a library.
* Exported sepol_genbools() for load_policy.

18
mcstrans/ChangeLog
View File

@ -1,18 +0,0 @@
0.3.2 2010-07-19
* Add constraints.
* Add setrans.conf man page
* Fix mixed raw and translated range bug
* Moved todo comments to TODO file
0.3.1-4 2009-10-16
* Add mcstransd man page
0.3.1-3 2009-09-17
* Fix init script
0.3.0 2009-02-06
* Add inverse bit support
* Add color support from Eamon Walsh
0.2.1 2007-02-6
* Rewrite for Proper MLS Translations
0.1.8 2005-08-5
* Add Chad Hanson Patch for MLS
0.1.0 2005-08-5
* Initial public release.

1523
policycoreutils/ChangeLog
View File

File diff suppressed because it is too large Load Diff

159
python/sepolgen/ChangeLog
View File

@ -1,159 +0,0 @@
2.6 2016-10-14
* Remove additional files when cleaning, from Nicolas Iooss.
* Add support for TYPEBOUNDS statement in INTERFACE policy files, from Miroslav Grepl.
1.2.3 2016-02-23
* Support latest refpolicy interfaces, from Nicolas Iooss.
* Make sepolgen-ifgen output deterministic with Python>=3.3, from Nicolas Iooss.
* Use key function in sort(), from Petr Lautrbach.
* Reset line numbers when parsing files, from Nicolas Iooss.
* Convert cmp functions to key functions, from Robert Kuska.
* Decode output from Popen in Python3, from Robert Kuska.
* Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach.
* Add support for python3, from Robert Kuska.
* Add device tree ocontext nodes to Xen policy, from Daniel De Graaf.
1.2.2 2015-02-02
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Remove unnecessary grammar in interface call param list to fix poor
interface vectors, from Steve Lawrence
1.2.1 2013-10-31
* Add back attributes flag to fix exception crash from Dan Walsh.
1.2 2013-10-30
* Return additional constraint information.
* Fix bug in calls to attributes from Dan Walsh.
* Add support for filename transitions from Dan Walsh.
* Fix sepolgen tests from Dan Walsh.
1.1.9 2013-02-01
* audit.py: Handle times in foreign locals for audit2allow -b
* Use refpolicy_makefile() instead of hardcoding Makefile path
* understand role attributes
1.1.8 2012-09-13
* Allow returning of bastard matches
* sepolgen: return and output constraint violation information
* audit2allow: one role/type pair per line
1.1.7 2012-06-28
* Make use of setools optional within sepolgen
* We need to support files that have a + in them
1.1.6 2012-03-28
* Fix dead links to www.nsa.gov/selinux
* audit.py Dont crash if empty data is passed to sepolgen
* do not use md5 when calculating hash signatures
* fix detection of policy loads
1.1.5 2011-12-21
* better analysis of why things broke
1.1.4 2011-12-05
* Allow ~ as a file identifier
1.1.3 2011-11-03
* Ignore permissive qualifier if found in an interface
* Return name field in avc data
1.1.2 2011-09-15
* src: sepolgen: add attribute storing infrastructure
* Change perm-map and add open to try to get better results on
* look for booleans that might solve problems
* sepolgen: audit2allow is mistakakenly not allowing valid module names
* tree: default make target to all not install
1.1.1 2011-08-26
* refparser: include open among valid permissions
* refparser: add support for filename_trans rules
1.1.0 2011-07-27
* Release, minor version bump
1.0.23 2010-03-24
* Fix unit tests from Dan Walsh.
1.0.22 2010-03-23
* improve parser error recovery from Karl MacMillan.
1.0.21 2010-03-18
* Add since-last-boot option to audit2allow from Dan Walsh.
* Fix sepolgen output to match what Chris expects for upstream
refpolicy from Dan Walsh.
1.0.20 2010-03-12
* Add dontaudit flag to audit2allow from Dan Walsh.
1.0.19 2009-11-27
* fix sepolgen to read a "type 1403" msg as a policy load by Stephen
Smalley <sds@tycho.nsa.gov>
1.0.18 2009-10-14
* Add support for Xen ocontexts from Paul Nuzzi.
1.0.17 2009-05-15
* Fix typo in RoleTypeSet from Marshall Miller.
1.0.16 2009-02-18
* Convert sepolgen to using hashlib instead of the deprecated md5
module from Dan Walsh.
1.0.15 2009-01-12
* fix to return length of role dict for len(roles) from Dan Walsh.
1.0.14 2008-09-12
* fix multiple gen_requires block generation from Dan Walsh.
1.0.13 2008-07-29
* Only append s0 suffix if MLS is enabled from Karl MacMillan.
1.0.12 2008-06-30
* Fix generation of role-type and role allow rules from Karl MacMillan.
1.0.11 2008-01-23
* Merged sepolgen fixes from Dan Walsh.
1.0.10 2007-09-10
* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
1.0.9 2007-08-16
* Supress generation of rules for non-denials from Karl MacMillan.
1.0.8 2007-04-10
* Merged updates to sepolgen parser and tools from Karl MacMillan.
This includes improved debugging support, handling of interface
calls with list parameters, support for role transition rules,
updated range transition rule support, and looser matching.
1.0.7 2007-03-26
* Merged patch to discard self from types when generating requires from Karl MacMillan.
1.0.6 2007-03-21
* Merged patch to move the sepolgen runtime data from /usr/share to /var/lib to facilitate a read-only /usr from Karl MacMillan.
1.0.5 2007-03-21
* Merged patch to fix type_transition style and unit tests from Karl MacMillan.
1.0.4 2007-03-01
* Merged better matching for refpolicy style from Karl MacMillan
* Merged support for extracting interface paramaters from interface calls from Karl MacMillan
* Merged support for parsing USER_AVC audit messages from Karl MacMillan.
1.0.3 2007-02-27
* Merged support for enabling parser debugging from Karl MacMillan.
1.0.2 2007-02-22
* Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
* Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
* Merged patch to update PLY from Karl MacMillan.
* Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
1.0.1 2007-02-21
* Merged Makefile and refparser.py patch from Dan Walsh.
Fixes PYTHONLIBDIR definition and error handling on interface files.
1.0.0 2007-02-05
* Initial merge from Karl MacMillan.

16
secilc/ChangeLog
View File

@ -1,16 +0,0 @@
* Do not build secilc man page if it is up to date, from Nicolas Iooss.
2.6 2016-10-14
* secilc: correct include path of cil.h for Android, from Bowgo Tsai.
* Remove Android.mk files and only keep them in Android tree, from Bowgo Tsai.
* Add documentation and test rule for portcon dccp protocol, from Richard Haines
2.5 2016-02-23
* Convert DocBook documentation into github markdown, from Yuli Khodorkovskiy
* Add documentation for neverallowx rules, from Steve Lawrence
* Add documentation and examples for extended avrules, from Steve Lawrence
* Added neverallow and bounds checking test policies, from James Carter
* Remove uses of -Wno-return-type, from Dan Albert.
2.4 2015-02-02
* Initial release.