Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libsepol-utils-3.7-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libsepol-utils Distribution: openSUSE Tumbleweed
Version: 3.7 Vendor: openSUSE
Release: 1.1 Build date: Mon Jul 1 10:01:08 2024
Group: System/Base Build host: reproducible
Size: 88816 Source RPM: libsepol-3.7-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
Summary: SELinux binary policy manipulation tools
 
libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing
policy boolean settings.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Mon Jul 01 2024 Cathy Hu <cathy.hu@suse.com>
  - Update to version 3.7
    https://github.com/SELinuxProject/selinux/releases/tag/3.7
    * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
    * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
    * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()
* Tue Dec 19 2023 Cathy Hu <cathy.hu@suse.com>
  - Update to version 3.6
    https://github.com/SELinuxProject/selinux/releases/tag/3.6
    * struct cond_expr_t bool renamed to boolean
      The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro
    * Add notself support for neverallow rules
    * Improve man pages
    * man pages: Remove the Russian translations
    * Add notself and other support to CIL
    * Add support for deny rules
    * Translations updated from
      https://translate.fedoraproject.org/projects/selinux/
    * Bug fixes
  - Remove keys from keyring since they expired:
    - E853C1848B0185CF42864DF363A8AD4B982C4373
      Petr Lautrbach <plautrba@redhat.com>
    - 63191CE94183098689CAB8DB7EF137EC935B0EAF
      Jason Zaman <jasonzaman@gmail.com>
  - Add key to keyring:
    - B8682847764DF60DF52D992CBC3905F235179CF1
      Petr Lautrbach <lautrbach@redhat.com>
* Thu Mar 23 2023 Martin Liška <mliska@suse.cz>
  - Enable LTO now (boo#1138813).
* Fri Feb 24 2023 Johannes Segitz <jsegitz@suse.com>
  - Update to version 3.5
    * Stricter policy validation
    * do not write empty class definitions to allow simpler round-trip tests
    * reject attributes in type av rules for kernel policies
  - Added additional developer key (Jason Zaman)
* Mon May 09 2022 Johannes Segitz <jsegitz@suse.com>
  - Update to version 3.4
    * Add 'ioctl_skip_cloexec' policy capability
    * Add sepol_av_perm_to_string
    * Add policy utilities
    * Support IPv4/IPv6 address embedding
    * Hardened/added many validations
    * Add support for file types in writing out policy.conf
    * Allow optional file type in genfscon rules
* Thu Nov 11 2021 Johannes Segitz <jsegitz@suse.com>
  - Update to version 3.3
    * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
      are all included
    * Lot of smaller fixes identified by fuzzing
* Wed Jul 21 2021 Johannes Segitz <jsegitz@suse.com>
  - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
    Added CVE-2021-36087.patch
* Mon Jul 05 2021 Johannes Segitz <jsegitz@suse.com>
  - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
    Added CVE-2021-36085.patch
  - Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
    Added CVE-2021-36086.patch
* Tue Mar 09 2021 Johannes Segitz <jsegitz@suse.com>
  - Update to version 3.2
    * more space-efficient form of storing filename transitions in the binary
      policy and reduced the size of the binary policy
    * dropped old and deprecated symbols and functions. Version was bumped to
      libsepol.so.2
* Thu Oct 29 2020 Ludwig Nussel <lnussel@suse.de>
  - install to /usr (boo#1029961)

Files

/usr/bin/chkcon
/usr/bin/sepol_check_access
/usr/bin/sepol_compute_av
/usr/bin/sepol_compute_member
/usr/bin/sepol_compute_relabel
/usr/bin/sepol_validate_transition
/usr/share/man/man8/chkcon.8.gz
/usr/share/man/man8/genpolbools.8.gz
/usr/share/man/man8/genpolusers.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jul 26 23:43:58 2024