Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libsepol-devel-3.5-150600.1.49 RPM for x86_64

From OpenSuSE Leap 15.6 for x86_64

Name: libsepol-devel Distribution: SUSE Linux Enterprise 15
Version: 3.5 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150600.1.49 Build date: Thu May 9 10:31:01 2024
Group: Development/Libraries/C and C++ Build host: h03-ch2c
Size: 122672 Source RPM: libsepol-3.5-150600.1.49.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
Summary: Development files for SELinux's binary policy manipulation library
The libsepol-devel package contains the libraries and header files
needed for developing applications that manipulate binary SELinux
policies.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Thu Mar 23 2023 mliska@suse.cz
  - Enable LTO now (boo#1138813).
* Fri Feb 24 2023 jsegitz@suse.com
  - Update to version 3.5
    * Stricter policy validation
    * do not write empty class definitions to allow simpler round-trip tests
    * reject attributes in type av rules for kernel policies
  - Added additional developer key (Jason Zaman)
* Mon May 09 2022 jsegitz@suse.com
  - Update to version 3.4
    * Add 'ioctl_skip_cloexec' policy capability
    * Add sepol_av_perm_to_string
    * Add policy utilities
    * Support IPv4/IPv6 address embedding
    * Hardened/added many validations
    * Add support for file types in writing out policy.conf
    * Allow optional file type in genfscon rules
* Thu Nov 11 2021 jsegitz@suse.com
  - Update to version 3.3
    * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
      are all included
    * Lot of smaller fixes identified by fuzzing
* Wed Jul 21 2021 jsegitz@suse.com
  - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
    Added CVE-2021-36087.patch
* Mon Jul 05 2021 jsegitz@suse.com
  - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
    Added CVE-2021-36085.patch
  - Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
    Added CVE-2021-36086.patch
* Tue Mar 09 2021 jsegitz@suse.com
  - Update to version 3.2
    * more space-efficient form of storing filename transitions in the binary
      policy and reduced the size of the binary policy
    * dropped old and deprecated symbols and functions. Version was bumped to
      libsepol.so.2
* Thu Oct 29 2020 lnussel@suse.de
  - install to /usr (boo#1029961)
* Tue Jul 14 2020 jsegitz@suse.com
  - Update to version 3.1
    * Add support for new polcap genfs_seclabel_symlinks
    * Initialize the multiple_decls field of the cil db
    * Return error when identifier declared as both type and attribute
    * Write CIL default MLS rules on separate lines
    * Sort portcon rules consistently
    * Remove leftovers of cil_mem_error_handler
    * Drop remove_cil_mem_error_handler.patch, is included
* Mon Apr 27 2020 mliska@suse.cz
  - Enable -fcommon in order to fix boo#1160874.
* Tue Mar 03 2020 jsegitz@suse.de
  - Update to version 3.0
    * cil: Allow validatetrans rules to be resolved
    * cil: Report disabling an optional block only at high verbose levels
    * cil: do not dereference perm_value_to_cil when it has not been allocated
    * cil: fix mlsconstrain segfault
    * Further improve binary policy optimization
    * Make an unknown permission an error in CIL
    * Remove cil_mem_error_handler() function pointer
    * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
    * Add a function to optimize kernel policy
    * Add ebitmap_for_each_set_bit macro
    Dropped fnocommon.patch as it's included upstream
* Thu Jan 30 2020 jsegitz@suse.de
  - Add fnocommon.patch to prevent build failures on gcc10 and
    remove_cil_mem_error_handler.patch to prevent build failures due to
    leftovers from the removal of cil_mem_error_handler (bsc#1160874)
* Thu Jun 20 2019 mliska@suse.cz
  - Disable LTO due to symbol versioning (boo#1138813).
* Wed Mar 20 2019 jsegitz@suse.com
  - Update to version 2.9
    * Add two new Xen initial SIDs
    * Check that initial sid indexes are within the valid range
    * Create policydb_sort_ocontexts()
    * Eliminate initial sid string definitions in module_to_cil.c
    * Rename kernel_to_common.c stack functions
    * add missing ibendport port validity check
    * destroy the copied va_list
    * do not call malloc with 0 byte
    * do not leak memory if list_prepend fails
    * do not use uninitialized value for low_value
    * fix endianity in ibpkey range checks
    * ibpkeys.c: fix printf format string specifiers for subnet_prefix
    * mark permissive types when loading a binary policy
* Thu Nov 08 2018 jengelh@inai.de
  - Use more %make_install.
* Thu Nov 08 2018 jsegitz@suse.com
  - Adjusted source urls (bsc#1115052)
* Wed Oct 17 2018 jsegitz@suse.com
  - Update to version 2.8 (bsc#1111732)
    For changes please see
    https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
* Wed May 16 2018 mcepl@suse.com
  - Rebase to 2.7
    For changes please see
    https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
* Fri Nov 24 2017 jsegitz@suse.com
  - Update to version 2.6. Notable changes:
    * Add support for converting extended permissions to CIL
    * Create user and role caches when building binary policy
    * Check for too many permissions in classes and commons in CIL
    * Fix xperm mapping between avrule and avtab
    * Produce more meaningful error messages for conflicting type rules in CIL
    * Change which attributes CIL keeps in the binary policy
    * Warn instead of fail if permission is not resolved
    * Ignore object_r when adding userrole mappings to policydb
    * Correctly detect unknown classes in sepol_string_to_security_class
    * Fix neverallowxperm checking on attributes
    * Only apply bounds checking to source types in rules
    * Fix CIL and not add an attribute as a type in the attr_type_map
    * Fix extended permissions neverallow checking
    * Fix CIL neverallow and bounds checking
    * Add support for portcon dccp protocol
* Fri Jul 15 2016 jengelh@inai.de
  - Update RPM groups, trim description and combine filelist entries.
* Thu Jul 14 2016 mpluskal@suse.com
  - Cleanup spec file with spec-cleaner
  - Make spec file a bit more easy
  - Ship new supbackage (-tools)
* Thu Jul 14 2016 jsegitz@novell.com
  - Without bug number no submit to SLE 12 SP2 is possible, so to make
    sle-changelog-checker happy: bsc#988977
* Thu Jul 14 2016 jsegitz@novell.com
  - Adjusted source link
* Tue Jul 05 2016 i@marguerite.su
  - update version 2.5
    * Fix unused variable annotations
    * Fix uninitialized variable in CIL
    * Validate extended avrules and permissionxs in CIL
    * Add support in CIL for neverallowx
    * Fully expand neverallowxperm rules
    * Add support for unordered classes to CIL
    * Add neverallow support for ioctl extended permissions
    * Improve CIL block and macro call recursion detection
    * Fix CIL uninitialized false positive in cil_binary
    * Provide error in CIL if classperms are empty
    * Add userattribute{set} functionality to CIL
    * fix CIL blockinherit copying segfault and add macro restrictions
    * fix CIL NULL pointer dereference when copying classpermission/set
    * Add CIL support for ioctl whitelists
    * Fix memory leak when destroying avtab
    * Replace sscanf in module_to_cil
    * Improve CIL resolution error messages
    * Fix policydb_read for policy versions < 24
    * Added CIL bounds checking and refactored CIL Neverallow checking
    * Refactored libsepol Neverallow and bounds (hierarchy) checking
    * Treat types like an attribute in the attr_type_map
    * Add new ebitmap function named ebitmap_match_any()
    * switch operations to extended perms
    * Write auditadm_r and secadm_r roles to base module when writing CIL
    * Fix module to CIL to only associate declared roleattributes with in-scope types
    * Don't allow categories/sensitivities inside blocks in CIL
    * Replace fmemopen() with internal function in libsepol
    * Verify users prior to evaluating users in cil
    * Binary modules do not support ioctl rules
    * Add support for ioctl command whitelisting
    * Don't use symbol versioning for static object files
    * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(),
      and sepol_ppfile_to_module_package()
    * Move secilc out of libsepol
    * fix building Xen policy with devicetreecon, and add devicetreecon
      CIL documentation
    * bool_copy_callback set state on creation
    * Add device tree ocontext nodes to Xen policy
    * Widen Xen IOMEM context entries
    * Fix error path in mls_semantic_level_expand()
    * Update to latest CIL, includes new name resolution and fixes ordering
      issues with blockinherit statements, and bug fixes
  - changes in 2.4
    * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
    * Fix bugs found by hardened gcc flags
    * Build CIL into libsepol. libsepol can be built without CIL by setting the
      DISABLE_CIL flag to 'y'
    * Add an API function to set target_platform
    * Report all neverallow violations
    * Improve check_assertions performance
    * Allow libsepol C++ static library on device

Files

/usr/include/sepol
/usr/include/sepol/boolean_record.h
/usr/include/sepol/booleans.h
/usr/include/sepol/cil
/usr/include/sepol/cil/cil.h
/usr/include/sepol/context.h
/usr/include/sepol/context_record.h
/usr/include/sepol/debug.h
/usr/include/sepol/errcodes.h
/usr/include/sepol/handle.h
/usr/include/sepol/ibendport_record.h
/usr/include/sepol/ibendports.h
/usr/include/sepol/ibpkey_record.h
/usr/include/sepol/ibpkeys.h
/usr/include/sepol/iface_record.h
/usr/include/sepol/interfaces.h
/usr/include/sepol/kernel_to_cil.h
/usr/include/sepol/kernel_to_conf.h
/usr/include/sepol/module.h
/usr/include/sepol/module_to_cil.h
/usr/include/sepol/node_record.h
/usr/include/sepol/nodes.h
/usr/include/sepol/policydb
/usr/include/sepol/policydb.h
/usr/include/sepol/policydb/avrule_block.h
/usr/include/sepol/policydb/avtab.h
/usr/include/sepol/policydb/conditional.h
/usr/include/sepol/policydb/constraint.h
/usr/include/sepol/policydb/context.h
/usr/include/sepol/policydb/ebitmap.h
/usr/include/sepol/policydb/expand.h
/usr/include/sepol/policydb/flask_types.h
/usr/include/sepol/policydb/hashtab.h
/usr/include/sepol/policydb/hierarchy.h
/usr/include/sepol/policydb/link.h
/usr/include/sepol/policydb/mls_types.h
/usr/include/sepol/policydb/module.h
/usr/include/sepol/policydb/polcaps.h
/usr/include/sepol/policydb/policydb.h
/usr/include/sepol/policydb/services.h
/usr/include/sepol/policydb/sidtab.h
/usr/include/sepol/policydb/symtab.h
/usr/include/sepol/policydb/util.h
/usr/include/sepol/port_record.h
/usr/include/sepol/ports.h
/usr/include/sepol/sepol.h
/usr/include/sepol/user_record.h
/usr/include/sepol/users.h
/usr/lib64/libsepol.so
/usr/lib64/pkgconfig/libsepol.pc
/usr/share/man/man3/sepol_check_context.3.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 20:06:21 2024