Blame SPECS/checkpolicy.spec

fff686
%define libselinuxver 2.5-14.1
fff686
%define libsepolver 2.5-10
fff686
Summary: SELinux policy compiler
fff686
Name: checkpolicy
fff686
Version: 2.5
fff686
Release: 8%{?dist}
fff686
License: GPLv2
fff686
Group: Development/System
fff686
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/checkpolicy-2.5.tar.gz
fff686
# HEAD bfaa258580f74440ca92d68828ac31f58656f5ef
fff686
Patch1: checkpolicy-rhel.patch
fff686
fff686
BuildRoot: %{_tmppath}/%{name}-buildroot
fff686
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel  >= %{libselinuxver} 
fff686
fff686
%description
fff686
Security-enhanced Linux is a feature of the Linux® kernel and a number
fff686
of utilities with enhanced security functionality designed to add
fff686
mandatory access controls to Linux.  The Security-enhanced Linux
fff686
kernel contains new architectural components originally developed to
fff686
improve the security of the Flask operating system. These
fff686
architectural components provide general support for the enforcement
fff686
of many kinds of mandatory access control policies, including those
fff686
based on the concepts of Type Enforcement®, Role-based Access
fff686
Control, and Multi-level Security.
fff686
fff686
This package contains checkpolicy, the SELinux policy compiler.  
fff686
Only required for building policies. 
fff686
fff686
%prep
fff686
%setup -q -n checkpolicy-2.5
fff686
%patch1 -p1 -b .rhel
fff686
fff686
%build
fff686
make clean
fff686
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" 
fff686
cd test
fff686
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" 
fff686
fff686
%install
fff686
rm -rf ${RPM_BUILD_ROOT}
fff686
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
fff686
make LIBDIR="%{_libdir}" DESTDIR="${RPM_BUILD_ROOT}" install
fff686
install test/dismod ${RPM_BUILD_ROOT}%{_bindir}/sedismod
fff686
install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
fff686
fff686
%clean
fff686
rm -rf ${RPM_BUILD_ROOT}
fff686
fff686
%files
fff686
%defattr(-,root,root)
fff686
%{!?_licensedir:%global license %%doc}
fff686
%license COPYING
fff686
%{_bindir}/checkpolicy
fff686
%{_bindir}/checkmodule
fff686
%{_mandir}/man8/checkpolicy.8.gz
fff686
%{_mandir}/man8/checkmodule.8.gz
fff686
%{_bindir}/sedismod
fff686
%{_bindir}/sedispol
fff686
fff686
%changelog
fff686
* Thu Jul 26 2018 Vit Mojzis <vmojzis@redhat.com> - 2.5-8
fff686
- Add support for the SCTP portcon keyword (#1572269)
fff686
fff686
* Fri May 11 2018 Vit Mojzis <vmojzis@redhat.com> - 2.5-7
fff686
- Incorporate support for extended_socket_class from libsepol (#1572269)
fff686
fff686
* Thu Oct 19 2017 Vit Mojzis <vmojzis@redhat.com> - 2.5-6
fff686
- Add ibendport ocontext handling
fff686
- Add support for ibendportcon labels
fff686
- Add ibpkey ocontext handling
fff686
- Add support for ibpkeycon labels
fff686
- Add binary module support for xperms
fff686
fff686
* Mon Sep 25 2017 Vit Mojzis <vmojzis@redhat.com> - 2.5-5
fff686
- Rebuild to incorporate cgroup_seclabel capability introduced in libsepol (rhbz#1494179)
fff686
fff686
* Thu Aug 11 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-4
fff686
- Extend checkpolicy pathname matching
fff686
fff686
* Mon Jun 27 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
fff686
- Fix typos in test/dispol
fff686
- Set flex as default lexer
fff686
- Fix checkmodule output message
fff686
- Build policy on systems not supporting DCCP protocol
fff686
- Fail if module name different than output base filename
fff686
fff686
* Mon Apr 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-2
fff686
- Add support for portcon dccp protocol
fff686
fff686
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
fff686
- Update to upstream release 2016-02-23
fff686
fff686
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.1.12-6
fff686
- Mass rebuild 2014-01-24
fff686
fff686
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.1.12-5
fff686
- Mass rebuild 2013-12-27
fff686
fff686
* Tue Jul 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-4
fff686
- Fix a segmentation fault if the --handle-unknown option was set without
fff686
arguments.
fff686
- Thanks to Alexandre Rebert and his team at Carnegie Mellon University
fff686
for detecting this crash.
fff686
fff686
* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3
fff686
- ":" should be allowed for file trans names
fff686
fff686
* Tue Mar 12 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2
fff686
- Space should be allowed for file trans names
fff686
fff686
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
fff686
- Update to upstream 
fff686
        * Fix errors found by coverity
fff686
        * implement default type policy syntax
fff686
        * Free allocated memory when clean up / exit.
fff686
fff686
* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> -  2.1.11-3
fff686
- Update to latest patches from eparis/Upstream
fff686
-   checkpolicy: libsepol: implement default type policy syntax
fff686
-   
fff686
-   We currently have a mechanism in which the default user, role, and range
fff686
-   can be picked up from the source or the target object.  This implements
fff686
-   the same thing for types.  The kernel will override this with type
fff686
-   transition rules and similar.  This is just the default if nothing
fff686
-   specific is given.
fff686
    
fff686
fff686
* Wed Sep 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-2
fff686
- Rebuild with fixed libsepol
fff686
fff686
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
fff686
- Update to upstream 
fff686
	* fd leak reading policy
fff686
	* check return code on ebitmap_set_bit
fff686
fff686
* Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
fff686
- Rebuild to grab latest libsepol
fff686
fff686
* Tue Jul 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
fff686
- Rebuild to grab latest libsepol
fff686
fff686
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.10-2
fff686
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
fff686
fff686
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
fff686
- Update to upstream 
fff686
	* sepolgen: We need to support files that have a + in them
fff686
	* Android/MacOS X build support
fff686
fff686
* Mon Apr 23 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-4
fff686
- Rebuild to get latest libsepol which fixes the file_name transition problems
fff686
fff686
* Tue Apr 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-3
fff686
- Recompile with libsepol that has support for ptrace_child
fff686
fff686
* Tue Apr 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2
fff686
- Allow checkpolicy to use + in a file name
fff686
fff686
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
fff686
- Update to upstream 
fff686
	* implement new default labeling behaviors for usr, role, range
fff686
	* Fix dead links to www.nsa.gov/selinux
fff686
fff686
* Mon Jan 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
fff686
- Fix man page to link to www.nsa.giv/research/selinux
fff686
fff686
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.8-2
fff686
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
fff686
fff686
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
fff686
-Update to upstream
fff686
	* add ignoredirs config for genhomedircon
fff686
	* Fallback_user_level can be NULL if you are not using MLS
fff686
fff686
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
fff686
- default_rules should be optional
fff686
fff686
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
fff686
- Rebuild with latest libsepol
fff686
fff686
* Tue Dec 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
fff686
- Upgrade to upstream
fff686
	* dis* fixed signed vs unsigned errors
fff686
	* dismod: fix unused parameter errors
fff686
	* test: Makefile: include -W and -Werror
fff686
	* allow ~ in filename transition rules
fff686
- Allow policy to specify the source of target for generating the default user,role 
fff686
- or mls label for a new target.
fff686
fff686
* Mon Nov 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
fff686
- Allow ~ in a filename 
fff686
fff686
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
fff686
- Upgrade to upstream
fff686
	* Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
fff686
	* drop libsepol dynamic link in checkpolicy
fff686
fff686
* Tue Sep 20 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
fff686
- Fix checkpolicy to ignore '"' in filename trans rules
fff686
fff686
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
fff686
-Update to upstream
fff686
	* Separate tunable from boolean during compile.
fff686
fff686
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-0
fff686
-Update to upstream
fff686
	* checkpolicy: fix spacing in output message
fff686
fff686
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-0
fff686
	* add missing ; to attribute_role_def
fff686
	*Redo filename/filesystem syntax to support filename trans
fff686
fff686
* Wed Aug 3 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-0
fff686
-Update to upstream
fff686
	* .gitignore changes
fff686
	* dispol output of role trans
fff686
	* man page update: build a module with an older policy version
fff686
fff686
* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.1-0
fff686
-Update to upstream
fff686
	* Minor updates to filename trans rule output in dis{mod,pol}
fff686
fff686
* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1
fff686
-Update to upstream
fff686
fff686
* Mon May 23 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1
fff686
-Update to upstream
fff686
	* Wrap file names in filename transitions with quotes by Steve Lawrence.
fff686
	* Allow filesystem names to start with a digit by James Carter.
fff686
	* Add support for using the last path compnent in type transitions by Eric
fff686
fff686
* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2
fff686
* Fixes for new role_transition class field by Eric Paris.
fff686
fff686
* Fri Apr 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.24-2
fff686
- Add "-" as a file type
fff686
fff686
* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.24-1
fff686
-Update to upstream
fff686
	* Add new class field in role_transition by Harry Ciao.
fff686
fff686
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-5
fff686
- Fix type_transition to allow all files
fff686
fff686
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-4
fff686
- Patches from Eric Paris 
fff686
We just use random numbers to make menu selections.  Use #defines and
fff686
names that make some sense instead.
fff686
fff686
This patch adds support for using the last path component as part of the
fff686
information in making labeling decisions for new objects.  A example
fff686
rule looks like so:
fff686
fff686
type_transition unconfined_t etc_t:file system_conf_t eric;
fff686
fff686
This rule says if unconfined_t creates a file in a directory labeled
fff686
etc_t and the last path component is "eric" (no globbing, no matching
fff686
magic, just exact strcmp) it should be labeled system_conf_t.
fff686
fff686
The kernel and policy representation does not have support for such
fff686
rules in conditionals, and thus policy explicitly notes that fact if
fff686
such a rule is added to a conditional.
fff686
fff686
fff686
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.23-3
fff686
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
fff686
fff686
* Wed Jan 12 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-2
fff686
- Add James Carters Patch
fff686
  *This patch is needed because some filesystem names (such as 9p) start
fff686
  with a digit.
fff686
fff686
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1
fff686
- Latest update from NSA
fff686
  * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
fff686
fff686
* Wed Dec 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-2
fff686
- Rebuild to make sure it will build in Fedora 
fff686
fff686
* Wed Jun 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
fff686
- Latest update from NSA
fff686
	* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
fff686
- Allow policy version to be one number
fff686
fff686
* Mon May 3 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.21-2
fff686
- Fix checkmodule man page and usage statements
fff686
fff686
* Sun Nov 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.21-1
fff686
- Latest update from NSA
fff686
	* Add support for building Xen policies from Paul Nuzzi.
fff686
	* Add long options to checkpolicy and checkmodule by Guido
fff686
	  Trentalancia <guido@trentalancia.com>
fff686
fff686
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-3
fff686
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
fff686
fff686
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-2
fff686
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
fff686
fff686
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.19-1
fff686
- Latest update from NSA
fff686
	* Fix alias field in module format, caused by boundary format change
fff686
	  from Caleb Case.
fff686
fff686
* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1
fff686
- Latest update from NSA
fff686
	* Properly escape regex symbols in the lexer from Stephen Smalley.
fff686
	* Add bounds support from KaiGai Kohei.
fff686
fff686
* Tue Oct 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-4
fff686
fff686
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-3
fff686
- Rebuild with new libsepol
fff686
fff686
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.16-2
fff686
- fix license tag
fff686
fff686
* Wed May 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-1
fff686
- Latest update from NSA
fff686
	* Update checkpolicy for user and role mapping support from Joshua Brindle.
fff686
fff686
* Fri May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1
fff686
- Latest update from NSA
fff686
	* Fix for policy module versions that look like IPv4 addresses from Jim Carter.
fff686
	  Resolves bug 444451.
fff686
fff686
* Fri May 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
fff686
- Allow modules with 4 sections or more
fff686
fff686
* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
fff686
- Latest update from NSA
fff686
	* Add permissive domain support from Eric Paris.
fff686
fff686
* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.13-1
fff686
- Latest update from NSA
fff686
	* Split out non-grammar parts of policy_parse.yacc into
fff686
	  policy_define.c and policy_define.h from Todd C. Miller.
fff686
	* Initialize struct policy_file before using it, from Todd C. Miller.
fff686
	* Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller.
fff686
fff686
* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.10-1
fff686
- Latest update from NSA
fff686
	* Use yyerror2() where appropriate from Todd C. Miller.
fff686
- Build against latest libsepol
fff686
fff686
* Fri Feb 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.9-2
fff686
- Start shipping sedismod and sedispol
fff686
fff686
* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1
fff686
- Latest update from NSA
fff686
	* Update dispol for libsepol avtab changes from Stephen Smalley.
fff686
fff686
* Fri Jan 25 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.8-1
fff686
- Latest update from NSA
fff686
	* Deprecate role dominance in parser.
fff686
fff686
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.7-2
fff686
- Update to use libsepol-static library
fff686
fff686
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.7-1
fff686
- Latest update from NSA
fff686
	* Added support for policy capabilities from Todd Miller.
fff686
fff686
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-1
fff686
- Latest update from NSA
fff686
	* Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source".
fff686
	* Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter.
fff686
fff686
* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.4-1
fff686
	* Merged handle unknown policydb flag support from Eric Paris.
fff686
	  Adds new command line options -U {allow, reject, deny} for selecting
fff686
	  the flag when a base module or kernel policy is built.
fff686
fff686
* Tue Aug 28 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 2.0.3-3
fff686
- Rebuild for selinux ppc32 issue.
fff686
fff686
* Mon Jun 18 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2
fff686
- Rebuild with the latest libsepol
fff686
fff686
* Sun Jun 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1
fff686
- Latest update from NSA
fff686
	* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
fff686
	* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
fff686
fff686
* Thu Apr 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1
fff686
- Latest update from NSA
fff686
	* Merged checkmodule man page fix from Dan Walsh.
fff686
fff686
* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-3
fff686
- Rebuild with new libsepol
fff686
fff686
* Wed Mar 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2
fff686
- Rebuild with new libsepol
fff686
fff686
* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
fff686
- Latest update from NSA
fff686
	* Merged patch to allow dots in class identifiers from Caleb Case.
fff686
fff686
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
fff686
- Latest update from NSA
fff686
	* Merged patch to use new libsepol error codes by Karl MacMillan.
fff686
	* Updated version for stable branch.
fff686
fff686
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-2
fff686
- Rebuild for new libraries
fff686
fff686
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-1
fff686
- Latest update from NSA
fff686
	* Collapse user identifiers and identifiers together.
fff686
fff686
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.32-1
fff686
- Latest update from NSA
fff686
	* Updated version for release.
fff686
fff686
* Thu Sep 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.12-1
fff686
- Latest update from NSA
fff686
	* Merged user and range_transition support for modules from 
fff686
	  Darrel Goeddel
fff686
fff686
* Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.11-1
fff686
- Latest update from NSA
fff686
	* merged range_transition enhancements and user module format
fff686
	  changes from Darrel Goeddel
fff686
	* Merged symtab datum patch from Karl MacMillan.
fff686
fff686
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.30.9-1.1
fff686
- rebuild
fff686
fff686
* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.8-1
fff686
- Latest upgrade from NSA
fff686
	* Lindent.
fff686
	* Merged patch to remove TE rule conflict checking from the parser
fff686
	  from Joshua Brindle.  This can only be done properly by the 
fff686
	  expander.
fff686
	* Merged patch to make checkpolicy/checkmodule handling of
fff686
	  duplicate/conflicting TE rules the same as the expander 
fff686
	  from Joshua Brindle.
fff686
	* Merged optionals in base take 2 patch set from Joshua Brindle.
fff686
fff686
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.5-1
fff686
- Latest upgrade from NSA
fff686
	* Merged compiler cleanup patch from Karl MacMillan.
fff686
	* Merged fix warnings patch from Karl MacMillan.	
fff686
fff686
* Wed Apr 5 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.4-1
fff686
- Latest upgrade from NSA
fff686
	* Changed require_class to reject permissions that have not been
fff686
	  declared if building a base module.
fff686
fff686
* Tue Mar 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.3-1
fff686
- Latest upgrade from NSA
fff686
	* Fixed checkmodule to call link_modules prior to expand_module
fff686
	  to handle optionals.
fff686
	* Fixed require_class to avoid shadowing permissions already defined
fff686
	  in an inherited common definition.
fff686
fff686
* Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.1-2
fff686
- Rebuild with new libsepol
fff686
fff686
* Thu Mar 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.1-1
fff686
- Latest upgrade from NSA
fff686
	* Moved processing of role and user require statements to 2nd pass.
fff686
fff686
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.30-1
fff686
- Latest upgrade from NSA
fff686
	* Updated version for release.
fff686
	* Fixed bug in role dominance (define_role_dom).
fff686
fff686
* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.29.4-1
fff686
- Latest upgrade from NSA
fff686
	* Added a check for failure to declare each sensitivity in
fff686
	  a level definition.
fff686
	* Changed to clone level data for aliased sensitivities to
fff686
	  avoid double free upon sens_destroy.  Bug reported by Kevin
fff686
	  Carr of Tresys Technology.
fff686
fff686
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.29.2-1
fff686
- Latest upgrade from NSA
fff686
	* Merged optionals in base patch from Joshua Brindle.
fff686
fff686
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.29.1-1.2
fff686
- Need to build againi
fff686
fff686
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.29.1-1.1
fff686
- bump again for double-long bug on ppc(64)
fff686
fff686
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> 1.29.1-1
fff686
- Latest upgrade from NSA
fff686
	* Merged sepol_av_to_string patch from Joshua Brindle.
fff686
fff686
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.28-5.1
fff686
- rebuilt for new gcc4.1 snapshot and glibc changes
fff686
fff686
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.28-5
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.28-5
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.28-4
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.28-3
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Fri Dec 16 2005 Dan Walsh <dwalsh@redhat.com> 1.28-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
fff686
- rebuilt
fff686
fff686
* Fri Dec 9 2005 Dan Walsh <dwalsh@redhat.com> 1.28-1
fff686
- Latest upgrade from NSA
fff686
fff686
* Sun Dec 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.20-1
fff686
- Latest upgrade from NSA
fff686
	* Merged checkmodule man page from Dan Walsh, and edited it.
fff686
fff686
* Thu Dec 1 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
fff686
- Latest upgrade from NSA
fff686
	* Added error checking of all ebitmap_set_bit calls for out of
fff686
	  memory conditions.
fff686
	* Merged removal of compatibility handling of netlink classes
fff686
	  (requirement that policies with newer versions include the
fff686
	   netlink class definitions, remapping of fine-grained netlink
fff686
	   classes in newer source policies to single netlink class when
fff686
	   generating older policies) from George Coker.
fff686
fff686
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-7
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-1
fff686
- Latest upgrade from NSA
fff686
	* Merged dismod fix from Joshua Brindle.
fff686
fff686
* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.16-1
fff686
- Latest upgrade from NSA
fff686
	* Removed obsolete cond_check_type_rules() function and call and 
fff686
	  cond_optimize_lists() call from checkpolicy.c; these are handled
fff686
	  during parsing and expansion now.
fff686
	* Updated calls to expand_module for interface change.
fff686
	* Changed checkmodule to verify that expand_module succeeds 
fff686
	  when building base modules.
fff686
	* Merged module compiler fixes from Joshua Brindle.
fff686
	* Removed direct calls to hierarchy_check_constraints() and 
fff686
	  check_assertions() from checkpolicy since they are now called 
fff686
	  internally by expand_module().
fff686
fff686
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.27.11-1
fff686
- Latest upgrade from NSA
fff686
	* Updated for changes to sepol policydb_index_others interface.
fff686
fff686
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.27.10-1
fff686
- Latest upgrade from NSA
fff686
	* Updated for changes to sepol expand_module and link_modules interfaces.
fff686
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-1
fff686
- Latest upgrade from NSA
fff686
	* Merged support for require blocks inside conditionals from
fff686
	Joshua Brindle (Tresys).
fff686
fff686
* Wed Oct 12 2005 Karsten Hopp <karsten@redhat.de> 1.27.8-2
fff686
- add buildrequirement for libselinux-devel for dispol
fff686
fff686
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.27.8-1
fff686
- Latest upgrade from NSA
fff686
	* Updated for changes to libsepol.
fff686
fff686
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
fff686
- Latest upgrade from NSA
fff686
	* Merged several bug fixes from Joshua Brindle (Tresys).
fff686
fff686
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.6-1
fff686
- Latest upgrade from NSA
fff686
	* Merged MLS in modules patch from Joshua Brindle (Tresys).
fff686
fff686
* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-1
fff686
- Latest upgrade from NSA
fff686
	* Merged error handling improvement in checkmodule from Karl MacMillan (Tresys).
fff686
fff686
* Tue Sep 27 2005 Dan Walsh <dwalsh@redhat.com> 1.27.4-1
fff686
- Latest upgrade from NSA
fff686
	* Merged bugfix for dup role transition error messages from
fff686
	Karl MacMillan (Tresys).
fff686
fff686
* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-1
fff686
- Latest upgrade from NSA
fff686
	* Merged policyver/modulever patches from Joshua Brindle (Tresys).
fff686
fff686
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-1
fff686
- Latest upgrade from NSA
fff686
	* Fixed parse_categories handling of undefined category.
fff686
fff686
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Sat Sep 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-1
fff686
- Latest upgrade from NSA
fff686
	* Merged bug fix for role dominance handling from Darrel Goeddel (TCS). 
fff686
* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-1
fff686
- Latest upgrade from NSA
fff686
	* Updated version for release.
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.25.12-3
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Mon Aug 29 2005 Dan Walsh <dwalsh@redhat.com> 1.25.12-2
fff686
- Rebuild to get latest libsepol
fff686
fff686
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.12-1
fff686
- Update to NSA Release
fff686
	* Fixed handling of validatetrans constraint expressions.
fff686
	Bug reported by Dan Walsh for checkpolicy -M.
fff686
fff686
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-2
fff686
- Fix mls crash
fff686
fff686
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.25.11-1
fff686
- Update to NSA Release
fff686
	* Merged use-after-free fix from Serge Hallyn (IBM).  
fff686
	  Bug found by Coverity.
fff686
fff686
* Sun Aug 14 2005 Dan Walsh <dwalsh@redhat.com> 1.25.10-1
fff686
- Update to NSA Release
fff686
	* Fixed further memory leaks found by valgrind.
fff686
	* Changed checkpolicy to destroy the policydbs prior to exit
fff686
	  to allow leak detection.
fff686
	* Fixed several memory leaks found by valgrind.
fff686
fff686
* Sun Aug 14 2005 Dan Walsh <dwalsh@redhat.com> 1.25.8-3
fff686
- Rebuild to get latest libsepol changes
fff686
fff686
* Sat Aug 13 2005 Dan Walsh <dwalsh@redhat.com> 1.25.8-2
fff686
- Rebuild to get latest libsepol changes
fff686
fff686
* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.25.8-1
fff686
- Update to NSA Release
fff686
	* Updated checkpolicy and dispol for the new avtab format.
fff686
	  Converted users of ebitmaps to new inline operators.
fff686
  	  Note:  The binary policy format version has been incremented to 
fff686
	  version 20 as a result of these changes.  To build a policy
fff686
	  for a kernel that does not yet include these changes, use
fff686
	  the -c 19 option to checkpolicy.
fff686
	* Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys).
fff686
	* Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
fff686
fff686
* Wed Aug 10 2005 Dan Walsh <dwalsh@redhat.com> 1.25.5-1
fff686
- Update to NSA Release
fff686
	* Fixed call to hierarchy checking code to pass the right policydb.
fff686
	* Merged patch to update dismod for the relocation of the
fff686
	  module read/write code from libsemanage to libsepol, and
fff686
	  to enable build of test subdirectory from Jason Tang (Tresys).
fff686
fff686
* Thu Jul 28 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
fff686
- Update to NSA Release
fff686
	* Merged hierarchy check fix from Joshua Brindle (Tresys).
fff686
fff686
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-1
fff686
- Update to NSA Release
fff686
	* Merged loadable module support from Tresys Technology.
fff686
	* Merged patch to prohibit the use of * and ~ in type sets 
fff686
	  (other than in neverallow statements) and in role sets
fff686
	  from Joshua Brindle (Tresys).
fff686
	* Updated version for release.
fff686
fff686
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23-4-1
fff686
- Update to NSA Release
fff686
	* Merged cleanup patch from Dan Walsh.
fff686
fff686
* Thu May 19 2005 Dan Walsh <dwalsh@redhat.com> 1.23-3-1
fff686
- Update to NSA Release
fff686
	* Added sepol_ prefix to Flask types to avoid namespace
fff686
	  collision with libselinux.
fff686
fff686
* Sat May 7 2005 Dan Walsh <dwalsh@redhat.com> 1.23-2-1
fff686
- Update to NSA Release
fff686
	* Merged identifier fix from Joshua Brindle (Tresys).
fff686
fff686
* Thu Apr 14 2005 Dan Walsh <dwalsh@redhat.com> 1.23,1-1
fff686
	* Merged hierarchical type/role patch from Tresys Technology.
fff686
	* Merged MLS fixes from Darrel Goeddel of TCS.
fff686
fff686
* Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.22-1
fff686
- Update to NSA Release
fff686
fff686
* Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-2
fff686
- Rebuild for FC4
fff686
fff686
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-1
fff686
	* Merged define_user() cleanup patch from Darrel Goeddel (TCS).
fff686
	* Moved genpolusers utility to libsepol.
fff686
	* Merged range_transition support from Darrel Goeddel (TCS).
fff686
fff686
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.2-1
fff686
- Latest from NSA
fff686
	* Changed relabel Makefile target to use restorecon.
fff686
fff686
* Mon Feb 7 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
fff686
- Latest from NSA
fff686
	* Merged enhanced MLS support from Darrel Goeddel (TCS).
fff686
fff686
* Fri Jan 7 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-1
fff686
- Update for version increase at NSA
fff686
fff686
* Mon Dec 20 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
fff686
- Latest from NSA
fff686
	* Merged typeattribute statement patch from Darrel Goeddel of TCS.
fff686
	* Changed genpolusers to handle multiple user config files.
fff686
	* Merged nodecon ordering patch from Chad Hanson of TCS.
fff686
fff686
* Thu Nov 11 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-1
fff686
- Latest from NSA
fff686
	* Merged nodecon ordering patch from Chad Hanson of TCS.
fff686
fff686
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-1
fff686
- Latest from NSA
fff686
	* MLS build fix.
fff686
fff686
* Sat Sep 4 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
fff686
- Latest from NSA
fff686
	* Fixed Makefile dependencies (Chris PeBenito).
fff686
fff686
* Sat Sep 4 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
fff686
- Latest from NSA
fff686
	* Fixed Makefile dependencies (Chris PeBenito).
fff686
fff686
* Sat Sep 4 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-1
fff686
- Latest from NSA
fff686
	* Merged fix for role dominance ordering issue from Chad Hanson of TCS.
fff686
fff686
* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
fff686
- Latest from NSA
fff686
fff686
* Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.16.3-1
fff686
- Fix NSA package to not include y.tab files.
fff686
fff686
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.16.2-1
fff686
- Latest from NSA
fff686
- Allow port ranges to overlap
fff686
fff686
* Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.16.1-1
fff686
- Latest from NSA
fff686
fff686
* Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.6-1
fff686
- Latest from NSA
fff686
fff686
* Fri Aug 13 2004 Dan Walsh <dwalsh@redhat.com> 1.15.5-1
fff686
- Latest from NSA
fff686
fff686
* Wed Aug 11 2004 Dan Walsh <dwalsh@redhat.com> 1.15.4-1
fff686
- Latest from NSA
fff686
fff686
* Sat Aug 7 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
fff686
- Latest from NSA
fff686
fff686
* Wed Aug 4 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
fff686
- Latest from NSA
fff686
fff686
* Sat Jul 31 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
fff686
- Latest from NSA
fff686
fff686
* Tue Jul 27 2004 Dan Walsh <dwalsh@redhat.com> 1.14.2-1
fff686
- Latest from NSA
fff686
fff686
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
fff686
- Latest from NSA
fff686
fff686
* Fri Jun 18 2004 Dan Walsh <dwalsh@redhat.com> 1.12.2-1
fff686
- Latest from NSA
fff686
fff686
* Thu Jun 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12.1-1
fff686
- Update to latest from NSA
fff686
fff686
* Wed Jun 16 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
fff686
- Update to latest from NSA
fff686
fff686
* Wed Jun 16 2004 Dan Walsh <dwalsh@redhat.com> 1.10-5
fff686
- Add nlclass patch
fff686
fff686
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
fff686
- rebuilt
fff686
fff686
* Fri Jun 4 2004 Dan Walsh <dwalsh@redhat.com> 1.10-3
fff686
- Add BuildRequires flex
fff686
fff686
* Thu Apr 8 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
fff686
- Add BuildRequires byacc
fff686
fff686
* Thu Apr 8 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
fff686
- Upgrade to the latest from NSA
fff686
fff686
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.8-1
fff686
- Upgrade to the latest from NSA
fff686
fff686
* Tue Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
fff686
- Upgrade to the latest from NSA
fff686
fff686
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
fff686
- rebuilt
fff686
fff686
* Tue Jan 20 2004 Dan Walsh <dwalsh@redhat.com> 1.4-6
fff686
- Add typealias patch
fff686
fff686
* Tue Jan 20 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
fff686
- Update excludetypes with negset-final patch
fff686
fff686
* Wed Jan 14 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
fff686
- Add excludetypes patch
fff686
fff686
* Wed Jan 14 2004 Dan Walsh <dwalsh@redhat.com> 1.4-3
fff686
- Add Colin Walter's lineno patch
fff686
fff686
* Wed Jan 7 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
fff686
- Remove check for roles transition
fff686
fff686
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
fff686
- upgrade to 1.4
fff686
fff686
* Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.2-1
fff686
- upgrade to 1.2
fff686
fff686
* Thu Aug 28 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
fff686
- upgrade to 1.1
fff686
fff686
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
fff686
- Initial version