Blame SPECS/libsemanage.spec

fec72c
%define libsepolver 3.3-1
fec72c
%define libselinuxver 3.3-1
01a89f
01a89f
Summary: SELinux binary policy manipulation library
01a89f
Name: libsemanage
fec72c
Version: 3.3
e2ef9d
Release: 2%{?dist}
01a89f
License: LGPLv2+
fec72c
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libsemanage-3.3.tar.gz
fec72c
# fedora-selinux/selinux: git format-patch -N 3.3 -- libsemanage
01a89f
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
01a89f
# Patch list start
fec72c
Patch0001: 0001-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
e2ef9d
Patch0002: 0002-libsemanage-add-missing-include-to-boolean_record.c.patch
e2ef9d
Patch0003: 0003-semodule-libsemanage-move-module-hashing-into-libsem.patch
e2ef9d
Patch0004: 0004-libsemanage-move-compressed-file-handling-into-a-sep.patch
e2ef9d
Patch0005: 0005-libsemanage-clean-up-semanage_direct_commit-a-bit.patch
e2ef9d
Patch0006: 0006-libsemanage-optionally-rebuild-policy-when-modules-a.patch
01a89f
# Patch list end
01a89f
URL: https://github.com/SELinuxProject/selinux/wiki
01a89f
Source1: semanage.conf
01a89f
01a89f
BuildRequires: gcc make
01a89f
BuildRequires: libselinux-devel >= %{libselinuxver} swig
01a89f
BuildRequires: libsepol-devel >= %{libsepolver} 
01a89f
BuildRequires: audit-libs-devel
01a89f
BuildRequires: bison flex bzip2-devel
01a89f
01a89f
BuildRequires: python3
01a89f
BuildRequires: python3-devel
01a89f
01a89f
Requires: bzip2-libs audit-libs
01a89f
Requires: libselinux%{?_isa} >= %{libselinuxver}
01a89f
Obsoletes: libsemanage-compat = 3.1-4
01a89f
01a89f
%description
01a89f
Security-enhanced Linux is a feature of the Linux® kernel and a number
01a89f
of utilities with enhanced security functionality designed to add
01a89f
mandatory access controls to Linux.  The Security-enhanced Linux
01a89f
kernel contains new architectural components originally developed to
01a89f
improve the security of the Flask operating system. These
01a89f
architectural components provide general support for the enforcement
01a89f
of many kinds of mandatory access control policies, including those
01a89f
based on the concepts of Type Enforcement®, Role-based Access
01a89f
Control, and Multi-level Security.
01a89f
01a89f
libsemanage provides an API for the manipulation of SELinux binary policies.
01a89f
It is used by checkpolicy (the policy compiler) and similar tools, as well
01a89f
as by programs like load_policy that need to perform specific transformations
01a89f
on binary policies such as customizing policy boolean settings.
01a89f
01a89f
%package static
01a89f
Summary: Static library used to build policy manipulation tools
01a89f
Requires: libsemanage-devel%{_isa} = %{version}-%{release}
01a89f
01a89f
%description static
01a89f
The semanage-static package contains the static libraries 
01a89f
needed for developing applications that manipulate binary policies. 
01a89f
01a89f
%package devel
01a89f
Summary: Header files and libraries used to build policy manipulation tools
01a89f
Requires: %{name}%{?_isa} = %{version}-%{release}
01a89f
01a89f
%description devel
01a89f
The semanage-devel package contains the libraries and header files
01a89f
needed for developing applications that manipulate binary policies. 
01a89f
01a89f
%package -n python3-libsemanage
01a89f
Summary: semanage python 3 bindings for libsemanage
01a89f
Requires: %{name}%{?_isa} = %{version}-%{release}
01a89f
Requires: libselinux-python3
01a89f
%{?python_provide:%python_provide python3-libsemanage}
01a89f
# Remove before F30
01a89f
Provides: %{name}-python3 = %{version}-%{release}
01a89f
Provides: %{name}-python3%{?_isa} = %{version}-%{release}
01a89f
Obsoletes: %{name}-python3 < %{version}-%{release}
01a89f
01a89f
%description -n python3-libsemanage
01a89f
The libsemanage-python3 package contains the python 3 bindings for developing
01a89f
SELinux management applications.
01a89f
01a89f
%prep
01a89f
%autosetup -n libsemanage-%{version} -p 2
01a89f
01a89f
01a89f
%build
01a89f
%set_build_flags
01a89f
CFLAGS="$CFLAGS -fno-semantic-interposition"
01a89f
01a89f
# To support building the Python wrapper against multiple Python runtimes
01a89f
# Define a function, for how to perform a "build" of the python wrapper against
01a89f
# a specific runtime:
01a89f
BuildPythonWrapper() {
01a89f
  BinaryName=$1
01a89f
01a89f
  # Perform the build from the upstream Makefile:
01a89f
  make \
01a89f
    PYTHON=$BinaryName \
01a89f
    LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
01a89f
    pywrap
01a89f
}
01a89f
01a89f
make clean
01a89f
make swigify
01a89f
%make_build LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
01a89f
01a89f
BuildPythonWrapper \
01a89f
  %{__python3}
01a89f
01a89f
%install
01a89f
InstallPythonWrapper() {
01a89f
  BinaryName=$1
01a89f
01a89f
  make \
01a89f
    PYTHON=$BinaryName \
01a89f
    DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" \
01a89f
    install-pywrap
01a89f
}
01a89f
01a89f
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
01a89f
mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 
01a89f
mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux
01a89f
mkdir -p ${RPM_BUILD_ROOT}%{_sharedstatedir}/selinux/tmp
01a89f
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"
01a89f
01a89f
InstallPythonWrapper \
01a89f
  %{__python3} \
01a89f
  $(python3-config --extension-suffix)
01a89f
  
01a89f
cp %{SOURCE1} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
01a89f
01a89f
%files
01a89f
%license COPYING
01a89f
%dir %{_sysconfdir}/selinux
01a89f
%config(noreplace) %{_sysconfdir}/selinux/semanage.conf
01a89f
%{_libdir}/libsemanage.so.2
01a89f
%{_mandir}/man5/*
01a89f
%{_mandir}/ru/man5/*
01a89f
%dir %{_libexecdir}/selinux
01a89f
%dir %{_sharedstatedir}/selinux
01a89f
%dir %{_sharedstatedir}/selinux/tmp
01a89f
01a89f
%ldconfig_scriptlets
01a89f
01a89f
%files static
01a89f
%{_libdir}/libsemanage.a
01a89f
01a89f
%files devel
01a89f
%{_libdir}/libsemanage.so
01a89f
%{_libdir}/pkgconfig/libsemanage.pc
01a89f
%dir %{_includedir}/semanage
01a89f
%{_includedir}/semanage/*.h
01a89f
%{_mandir}/man3/*
01a89f
01a89f
%files -n python3-libsemanage
01a89f
%{python3_sitearch}/*.so
01a89f
%{python3_sitearch}/semanage.py*
01a89f
%{python3_sitearch}/__pycache__/semanage*
01a89f
%{_libexecdir}/selinux/semanage_migrate_store
01a89f
01a89f
%changelog
e2ef9d
* Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
e2ef9d
- optionally rebuild policy when modules are changed externally
e2ef9d
fec72c
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
fec72c
- SELinux userspace 3.3 release
fec72c
fec72c
* Sun Oct 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
fec72c
- SELinux userspace 3.3-rc3 release
fec72c
fec72c
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
fec72c
- SELinux userspace 3.3-rc2 release
fec72c
01a89f
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-4
01a89f
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
01a89f
  Related: rhbz#1991688
01a89f
01a89f
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
01a89f
- Rebase on upstream commit 32611aea6543
01a89f
01a89f
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
01a89f
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
01a89f
01a89f
* Mon Mar  8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
01a89f
- SELinux userspace 3.2 release
01a89f
01a89f
* Fri Feb  5 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
01a89f
- SELinux userspace 3.2-rc2 release
01a89f
01a89f
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
01a89f
01a89f
* Wed Jan 20 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
01a89f
- SELinux userspace 3.2-rc1 release
01a89f
01a89f
* Fri Dec 18 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
01a89f
- Drop "genhomedircon: check usepasswd" patch
01a89f
- genhomedircon to ignore
01a89f
  /root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var by default
01a89f
- Fix usepasswd=False explanation in semanage.conf
01a89f
01a89f
* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
01a89f
- Drop and obsolete libsemanage-compat
01a89f
- genhomedircon: check usepasswd
01a89f
01a89f
* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4
01a89f
- Drop deprecated functions and duplicated symbols
01a89f
- Change library version to libsemanage.so.2
01a89f
- Temporary ship -compat with libsemanage.so.1
01a89f
- Based on upstream db0f2f382e31
01a89f
- Re-enable lto flags
01a89f
01a89f
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
01a89f
- Use make macros
01a89f
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
01a89f
- Use -fno-semantic-interposition and more make macros
01a89f
01a89f
* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
01a89f
- SELinux userspace 3.1 release
01a89f
01a89f
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-4
01a89f
- Rebuilt for Python 3.9
01a89f
01a89f
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-3
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
01a89f
01a89f
* Wed Jan 22 2020 Ondrej Mosnacek <omosnace@redhat.com> - 3.0-2
01a89f
- Enable policy optimization
01a89f
01a89f
* Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
01a89f
- SELinux userspace 3.0 release
01a89f
01a89f
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
01a89f
- SELinux userspace 3.0-rc1 release candidate
01a89f
01a89f
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-5
01a89f
- Rebuilt for Python 3.8.0rc1 (#1748018)
01a89f
01a89f
* Sun Aug 18 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.9-4
01a89f
- Rebuilt for Python 3.8
01a89f
01a89f
* Tue Aug 13 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
01a89f
- Drop python2-libsemanage (#1738466)
01a89f
01a89f
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
01a89f
01a89f
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
01a89f
- SELinux userspace 2.9 release
01a89f
01a89f
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
01a89f
- SELinux userspace 2.9-rc2 release
01a89f
01a89f
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
01a89f
01a89f
* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
01a89f
- SELinux userspace 2.9-rc1 release
01a89f
01a89f
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-8
01a89f
- Always set errno to 0 before calling getpwent()
01a89f
- Set selinux policy root around calls to selinux_boolean_sub
01a89f
01a89f
* Mon Dec 10 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
01a89f
- genhomedircon - improve handling large groups
01a89f
01a89f
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6
01a89f
- Fix RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects
01a89f
01a89f
* Mon Sep 17 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
01a89f
- Include user name in ROLE_REMOVE audit events
01a89f
01a89f
* Tue Sep  4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
01a89f
- Reset umask before creating directories (#1186422)
01a89f
01a89f
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-3
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
01a89f
01a89f
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.8-2
01a89f
- Rebuilt for Python 3.7
01a89f
01a89f
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
01a89f
- SELinux userspace 2.8 release
01a89f
01a89f
* Mon May 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.1
01a89f
- SELinux userspace 2.8-rc3 release candidate
01a89f
01a89f
* Fri May  4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc2.1
01a89f
- SELinux userspace 2.8-rc2 release candidate
01a89f
01a89f
* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc1.1
01a89f
- SELinux userspace 2.8-rc1 release candidate
01a89f
01a89f
* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-12
01a89f
- build: Replace PYSITEDIR with PYTHONLIBDIR
01a89f
- direct_api.c: Fix iterating over array (#1557468)
01a89f
01a89f
* Fri Mar 16 2018 Petr Lautrbach <plautrba@workstation> - 2.7-11
01a89f
- Revert "remove access() check to make setuid programs work" (#1557468)
01a89f
01a89f
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-10
01a89f
- properly check return value of iterate function
01a89f
- Use umask(0077) for fopen() write operations
01a89f
- Return commit number if save-previous false
01a89f
- Allow tmp files to be kept if a compile fails
01a89f
- build: follow standard semantics for DESTDIR and PREFIX
01a89f
- Improve warning for installing disabled module
01a89f
- silence clang static analyzer report
01a89f
- remove access() check to make setuid programs work
01a89f
01a89f
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-9
01a89f
- Escape macros in %%changelog
01a89f
01a89f
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-8
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
01a89f
01a89f
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-7
01a89f
- Switch to %%ldconfig_scriptlets
01a89f
01a89f
* Tue Jan 09 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.7-6
01a89f
- Update Python 2 dependency declarations to new packaging standards
01a89f
  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
01a89f
01a89f
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
01a89f
- free genhomedircon fallback user
01a89f
- Rebuild with libsepol-2.7-3 and libselinux-2.7-6
01a89f
01a89f
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
01a89f
- Add support for listing fcontext.homedirs file (#1409813)
01a89f
01a89f
* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
01a89f
- Add Provides for the old names without %%_isa
01a89f
01a89f
* Thu Aug 10 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-2
01a89f
- Python 2 binary package renamed to python2-libsemanage
01a89f
  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
01a89f
- Python 3 binary package renamed to python3-libsemanage
01a89f
01a89f
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
01a89f
- Update to upstream release 2017-08-04
01a89f
- Use 'sefcontext_compile -r' when it's run during SELinux policy build
01a89f
01a89f
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-6
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
01a89f
01a89f
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-5
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
01a89f
01a89f
* Fri Apr 28 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-4
01a89f
- Follow upstream and rename _semanage.so to _semanage.cpython-36m-x86_64-linux-gnu.so
01a89f
01a89f
* Tue Apr 18 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-3
01a89f
- Do not list duplicate port entries after setting a boolean (#1439875)
01a89f
01a89f
* Thu Mar 02 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-2
01a89f
- Fix FTBFS - fatal error (#1427903)
01a89f
01a89f
* Mon Feb 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1.1
01a89f
- Update to upstream release 2016-10-14
01a89f
01a89f
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-10
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
01a89f
01a89f
* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 2.5-9
01a89f
- Rebuild for Python 3.6
01a89f
01a89f
* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-8
01a89f
- Fixes bug preventing the installation of base modules
01a89f
- make distclean target work
01a89f
- Do not always print a module name warning
01a89f
- Use pp module name instead of filename when installing module
01a89f
- tests: Do not force using gcc
01a89f
- genhomedircon: remove hardcoded refpolicy strings
01a89f
- genhomedircon: add support for %%group syntax
01a89f
- genhomedircon: generate contexts for logins mapped to the default user
01a89f
- Validate and compile file contexts before installing
01a89f
- Swap tcp and udp protocol numbers
01a89f
01a89f
* Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-7
01a89f
- Rebuilt with libsepol-2.5-9 and libselinux-2.5-11
01a89f
01a89f
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5-6
01a89f
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
01a89f
01a89f
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
01a89f
- Sort object files for deterministic linking order
01a89f
- Support overriding Makefile RANLIB
01a89f
- Respect CC and PKG_CONFIG environment variable
01a89f
01a89f
* Fri May 06 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
01a89f
- Fix multiple spelling errors
01a89f
- genhomedircon: %%{USERID} and %%{USERNAME} support and code cleanup
01a89f
01a89f
* Mon Mar 21 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
01a89f
- Enable expand-check by default (#1319652)
01a89f
01a89f
* Sun Feb 28 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-2
01a89f
- Use fully versioned arch-specific requires
01a89f
01a89f
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
01a89f
- Update to upstream release 2016-02-23
01a89f
01a89f
* Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1
01a89f
- Update to upstream rc1 release 2016-01-07
01a89f
01a89f
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-6
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
01a89f
01a89f
* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 2.4-5
01a89f
- Rebuilt for Python3.5 rebuild
01a89f
01a89f
* Fri Sep 04 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-4
01a89f
- Save homedir_template in the policy store for genhomedircon
01a89f
  https://bugs.gentoo.org/558686
01a89f
01a89f
* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-3
01a89f
- Pass ldflags into the build so hardening works
01a89f
01a89f
* Thu Jul 30 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-2
01a89f
- semanage_migrate_store: use /usr/bin/python3
01a89f
- move semanage_migrate_store script to libsemanage-python3
01a89f
01a89f
* Wed Jun 24 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.6
01a89f
- Allow to use compressed modules without a compression extension
01a89f
01a89f
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-7
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
01a89f
01a89f
* Tue Jun 16 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.5
01a89f
- add /var/lib/selinux/tmp directory
01a89f
01a89f
* Tue May 12 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4
01a89f
- semanage_migrate_store: add -r <root> option for migrating inside chroots
01a89f
01a89f
* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.3
01a89f
- Update to upstream release 2.4
01a89f
01a89f
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-6
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
01a89f
01a89f
* Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5
01a89f
- Skip policy module re-link when only setting booleans.
01a89f
    * patch from Stephen Smalley
01a89f
01a89f
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-4
01a89f
- fix license handling
01a89f
01a89f
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-3
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
01a89f
01a89f
* Wed May 28 2014 Kalev Lember <kalevlember@gmail.com> - 2.3-2
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
01a89f
01a89f
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
01a89f
- Update to upstream 
01a89f
	* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
01a89f
01a89f
* Sun Mar 30 2014 Dan Walsh <dwalsh@redhat.com> - 2.2-3
01a89f
- libsemanage: fix memory leak in semanage_genhomedircon
01a89f
- Patch from THomas Hurd
01a89f
01a89f
* Tue Feb 11 2014 Dan Walsh <dwalsh@redhat.com> - 2.2-2
01a89f
- Move semanage.conf man page from devel package to main package
01a89f
01a89f
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
01a89f
- Update to upstream 
01a89f
	* Avoid duplicate list entries from Dan Walsh.
01a89f
	* Add audit support to libsemanage from Dan Walsh.
01a89f
	* Remove policy.kern and replace with symlink from Dan Walsh.
01a89f
	* Apply a MAX_UID check for genhomedircon from Laurent Bigonville.
01a89f
	* Fix man pages from Laurent Bigonville.
01a89f
01a89f
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-14
01a89f
- Cleanup handling of missing mls_range to fix problems with useradd -Z
01a89f
- Fix auditing of login record changes, roles were not working correctly.
01a89f
Resolves: #952237
01a89f
01a89f
* Fri Oct 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-13
01a89f
- Fix errors found by coverity
01a89f
Resolves: #952237
01a89f
01a89f
* Wed Sep 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-12
01a89f
- Do not fail on missing SELinux User Record when adding login record
01a89f
01a89f
* Mon Sep 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-11
01a89f
- Add msg to audit records
01a89f
01a89f
* Thu Sep 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-10
01a89f
- Do not write error message to screen when looking for previous record for auditing.
01a89f
- Add mls_range from user record if the MLS range is not specified by the seuser add record.
01a89f
- Error out if seuser or mls range is not specified when adding user records
01a89f
01a89f
* Mon Sep 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-9
01a89f
- Create symlink from policy.kern to active kernel.
01a89f
01a89f
* Fri Sep 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-8
01a89f
- Unlink policy.kern when done to save space.
01a89f
01a89f
* Fri Jul 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-7
01a89f
- Move handling of role audit records into the library
01a89f
- Patch stops semanage from removing user record while in use
01a89f
01a89f
* Tue Jul 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-6
01a89f
- Remove dependance on selinux-policy, /etc/selinux should be owned by libsemanage, and selinux-policy can require it.
01a89f
01a89f
* Fri Jun 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
01a89f
- Allways build python3 version
01a89f
01a89f
* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
01a89f
- 
01a89f
01a89f
* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
01a89f
- Fix test suite to build
01a89f
01a89f
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-2
01a89f
- Revert some changes which are causing the wrong policy version file to be created
01a89f
01a89f
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
01a89f
- Update to upstream 
01a89f
	* Add sefcontext_compile to compile regex everytime policy is rebuilt
01a89f
	* Cleanup/fix enable/disable/remove module.
01a89f
	* redo genhomedircon minuid
01a89f
	* fixes from coverity
01a89f
	* semanage_store: do not leak memory in semanage_exec_prog
01a89f
	* genhomedircon: remove useless conditional in get_home_dirs
01a89f
	* genhomedircon: double free in get_home_dirs
01a89f
	* fcontext_record: do not leak on error in semanage_fcontext_key_create
01a89f
	* genhomedircon: do not leak on failure in write_gen_home_dir_context
01a89f
	* semanage_store: do not leak fd 
01a89f
	* genhomedircon: do not leak shells list
01a89f
	* semanage_store: do not leak on strdup failure 
01a89f
	* semanage_store: rewrite for readability
01a89f
01a89f
* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> 2.1.9-4
01a89f
- Add selinux-policy as a requires to get /etc/selinux owned
01a89f
01a89f
* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> 2.1.9-3
01a89f
- Update to latest patches from eparis/Upstream
01a89f
-    libsemanage: fixes from coverity
01a89f
-    libsemange: redo genhomedircon minuid
01a89f
01a89f
* Wed Nov 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2
01a89f
- Fix handling of missing semanage permissive -d foo, not failing correctly
01a89f
- Previous to this fix the first module beginning with foo would get deleted.
01a89f
01a89f
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
01a89f
- Update to upstream 
01a89f
	* libsemanage: do not set soname needlessly
01a89f
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
01a89f
	* do boolean name substitution
01a89f
	* Fix segfault for building standard policies.
01a89f
01a89f
* Fri Aug 03 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.8-6
01a89f
- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
01a89f
01a89f
* Wed Aug  1 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.8-5
01a89f
- remove rhel logic from with_python3 conditional
01a89f
01a89f
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.8-4
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
01a89f
01a89f
* Fri Jul 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
01a89f
- Attempt to allocate memory for selinux_binary_policy_path and free memory 
01a89f
- allocated by asprintf.
01a89f
01a89f
* Thu Jul 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2
01a89f
- Fix asprintf within an asprintf call
01a89f
01a89f
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
01a89f
- Update to upstream 
01a89f
	* remove build warning when build swig c files
01a89f
	* additional makefile support for rubywrap
01a89f
	* ignore 80 column limit for readability
01a89f
	* semanage_store: fix snprintf length argument by using asprintf
01a89f
	* Use default semanage.conf as a fallback
01a89f
	* use after free in python bindings
01a89f
01a89f
* Tue May 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
01a89f
- Apply patch from Sven Vermeulen to fix problem with python3 bindings.
01a89f
01a89f
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
01a89f
- Update to upstream 
01a89f
	* Alternate path for semanage.conf
01a89f
	* do not link against libpython, this is considered bad in Debian
01a89f
	* Allow to build for several ruby version
01a89f
	* fallback-user-level
01a89f
01a89f
* Wed Feb 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3
01a89f
- Check in correct patch.
01a89f
01a89f
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.6-2
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
01a89f
01a89f
* Fri Jan 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
01a89f
- Add patch form Xin Ouyang to make library use private semanage.conf 
01a89f
01a89f
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
01a89f
-Update to upstream
01a89f
	* add ignoredirs config for genhomedircon
01a89f
	* Fallback_user_level can be NULL if you are not using MLS
01a89f
01a89f
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4
01a89f
- Rebuild with latest libsepol
01a89f
01a89f
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
01a89f
- Rebuild with latest libsepol
01a89f
01a89f
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
01a89f
- Add support for ignoredirs param in /etc/selinux/semanage.conf
01a89f
01a89f
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
01a89f
- Upgrade to upstream
01a89f
	* regenerate .pc on VERSION change
01a89f
	* maintain mode even if umask is tighter
01a89f
	* semanage.conf man page
01a89f
	* create man5dir if not exist
01a89f
01a89f
* Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
01a89f
-    Fix handling of umask, so files get created with the correct label.
01a89f
01a89f
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
01a89f
-    Add Guido Trentalancia semanage.conf man page
01a89f
01a89f
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
01a89f
-Update to upstream
01a89f
	* Create a new preserve_tunables flag
01a89f
	* tree: default make target to all not
01a89f
	* fix semanage_store_access_check calling arguments
01a89f
01a89f
* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-2
01a89f
- Add support for preserving tunables
01a89f
01a89f
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-1
01a89f
-Update to upstream
01a89f
	* python wrapper makefile changes
01a89f
01a89f
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-1
01a89f
-Update to upstream
01a89f
2.1.2 2011-08-17
01a89f
	* print error debug info for buggy fc
01a89f
	* introduce semanage_set_root and friends
01a89f
	* throw exceptions in python rather than return
01a89f
	* python3 support.
01a89f
	* patch for MCS/MLS in user files
01a89f
01a89f
2.1.1 2011-08-01
01a89f
	* Remove generated files, expand .gitignore
01a89f
	* Use -Werror and change a few prototypes to support it
01a89f
01a89f
* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1
01a89f
- Update to upstream
01a89f
	* Release, minor version bump
01a89f
01a89f
* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6
01a89f
- More fixes for disabled modules
01a89f
01a89f
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5
01a89f
- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module 
01a89f
indicating the module is disabled.  MODULE.pp.disabled, it will no longer rename the module.  This way we can
01a89f
ship active modules in rpm.
01a89f
01a89f
* Wed Jun 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-4
01a89f
- Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools
01a89f
01a89f
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.46-3
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
01a89f
01a89f
* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2
01a89f
- big reworking of the support-multiple-python-builds patch to deal with
01a89f
PEP 3149: the latest Python 3.2 onwards uses include paths and library names
01a89f
that don't fit prior naming patterns, and so we must query python3-config for
01a89f
this information.  To complicate things further, python 2's python-config
01a89f
doesn't understand all of the options needed ("--extension-suffix").  I've
01a89f
thus added new Makefile variables as needed, to be supplied by the specfile by
01a89f
invoking the appropriate config tool (or by hardcoding the old value for
01a89f
"--extension-suffix" i.e. ".so")
01a89f
- rework python3 manifest for PEP 3149, and rebuild for newer python3
01a89f
01a89f
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
01a89f
- Update to upstream
01a89f
  * Fix compliation under GCC 4.6 by Justin Mattock
01a89f
01a89f
* Wed Aug 25 2010 Thomas Spura <tomspur@fedoraproject.org> - 2.0.45-6
01a89f
- rebuild with python3.2
01a89f
  http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html
01a89f
01a89f
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-5
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
01a89f
01a89f
* Tue Apr 27 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-4
01a89f
- add python3 subpackage
01a89f
01a89f
* Wed Apr 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-3
01a89f
- Fix -devel package to point at the correct shared library
01a89f
01a89f
* Fri Mar 26 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-2
01a89f
- Move shared library to /usr/lib
01a89f
01a89f
* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-1
01a89f
- Update to upstream
01a89f
	* Add enable/disable patch support from Dan Walsh.
01a89f
	* Add usepasswd flag to semanage.conf to disable genhomedircon using
01a89f
	  passwd from Dan Walsh.
01a89f
	* regenerate swig wrappers
01a89f
01a89f
* Thu Feb 25 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-2
01a89f
- Allow disable of usepasswd
01a89f
01a89f
* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-1
01a89f
- Update to upstream
01a89f
	* Replace usage of fmemopen() with sepol_policy_file_set_mem() since
01a89f
	  glibc < 2.9 does not support binary mode ('b') for fmemopen'd
01a89f
	  streams.
01a89f
01a89f
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-4
01a89f
- Cleanup spec file
01a89f
01a89f
* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-3
01a89f
- Splect libsemanage.a into a static subpackage to keep fedora packaging guidelines happy
01a89f
01a89f
* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-2
01a89f
- Rebuild all c programs with -fPIC
01a89f
01a89f
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-1
01a89f
- Update to upstream
01a89f
  * Move libsemanage.so to /usr/lib
01a89f
  * Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>
01a89f
01a89f
* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.42-1
01a89f
- Update to upstream
01a89f
  * Move load_policy from /usr/sbin to /sbin from Dan Walsh.
01a89f
01a89f
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.41-1
01a89f
- Update to upstream
01a89f
  * Add pkgconfig file from Eamon Walsh.
01a89f
  * Add semanage_set_check_contexts() function to disable calling
01a89f
  setfiles
01a89f
01a89f
* Mon Sep 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.39-1
01a89f
- Update to upstream
01a89f
  * make swigify
01a89f
01a89f
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-2
01a89f
- Dont relabel /root with genhomedircon
01a89f
01a89f
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-1
01a89f
- Update to upstream
01a89f
  * Change semodule upgrade behavior to install even if the module
01a89f
    is not present from Dan Walsh.
01a89f
  * Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
01a89f
01a89f
* Wed Sep 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.37-1
01a89f
- Update to upstream
01a89f
  * Fix persistent dontaudit support to rebuild policy if the 
01a89f
        dontaudit state is changed from Chad Sellers.
01a89f
- Move load_policy to /sbin
01a89f
01a89f
* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-2
01a89f
- Add enable/disable modules
01a89f
01a89f
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-1
01a89f
- Update to upstream
01a89f
  * Changed bzip-blocksize=0 handling to support existing compressed
01a89f
  modules in the store.
01a89f
01a89f
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-2
01a89f
- Make sure /root is not used in genhomedircon
01a89f
01a89f
* Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
01a89f
- Revert hard linking of files between tmp/active/previous.
01a89f
- Enable configuration of bzip behavior from Stephen Smalley.
01a89f
-   bzip-blocksize=0 to disable compression and decompression support.
01a89f
-   bzip-blocksize=1..9 to set the blocksize for compression.
01a89f
-   bzip-small=true to reduce memory usage for decompression.
01a89f
01a89f
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.33-3
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
01a89f
01a89f
* Fri Jul 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-2
01a89f
- Put check for /root back into genhomedircon
01a89f
01a89f
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-1
01a89f
- Update to upstream
01a89f
01a89f
* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.32-1
01a89f
- Update to upstream
01a89f
  * Ruby bindings from David Quigley.
01a89f
01a89f
* Thu Apr 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-5
01a89f
- Return error on invalid file
01a89f
01a89f
* Wed Mar 11 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-4
01a89f
- Fix typo
01a89f
01a89f
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.31-3
01a89f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
01a89f
01a89f
* Thu Jan 15 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-2
01a89f
- Fix link to only link on sandbox
01a89f
01a89f
* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-1
01a89f
- Update to upstream
01a89f
  * Policy module compression (bzip) support from Dan Walsh.
01a89f
  * Hard link files between tmp/active/previous from Dan Walsh.
01a89f
01a89f
* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.30-3
01a89f
- Fix up patch to get it upstreamed
01a89f
01a89f
* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.30-2
01a89f
- Rebuild for Python 2.6
01a89f
01a89f
* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
01a89f
- Add semanage_mls_enabled() interface from Stephen Smalley.
01a89f
01a89f
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.29-2
01a89f
- Rebuild for Python 2.6
01a89f
01a89f
* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1
01a89f
- Update to upstream
01a89f
  * Add USER to lines to homedir_template context file from Chris PeBenito.
01a89f
01a89f
* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-2
01a89f
- Add compression support
01a89f
01a89f
* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1
01a89f
- Update to upstream
01a89f
  * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
01a89f
01a89f
* Wed Sep 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-3
01a89f
- Additional fixes for Don't rebuild on fcontext or seuser modifications
01a89f
01a89f
* Tue Sep 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-2
01a89f
- Don't rebuild on fcontext or seuser modifications
01a89f
01a89f
* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-1
01a89f
- Update to upstream
01a89f
  * Modify genhomedircon to skip groupname entries.
01a89f
  Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax.
01a89f
01a89f
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1
01a89f
- Update to upstream
01a89f
  * Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
01a89f
  Strip any trailing slash before appending /*$.
01a89f
01a89f
* Tue Jun 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-3
01a89f
- Another fix for genhomedircon
01a89f
01a89f
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.25-2
01a89f
- fix license tag
01a89f
01a89f
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-1
01a89f
- Update to upstream
01a89f
  * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
01a89f
    Fixes semanage boolean -D seg fault (bug 441379).
01a89f
01a89f
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.24-1
01a89f
- Update to upstream
01a89f
  * make swigify
01a89f
01a89f
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1
01a89f
- Update to upstream
01a89f
  * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
01a89f
01a89f
* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
01a89f
- Update to upstream
01a89f
  * Free policydb before fork from Joshua Brindle.
01a89f
  * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.
01a89f
01a89f
* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.20-1
01a89f
- Update to upstream
01a89f
  * Use sepol_set_expand_consume_base to reduce peak memory usage when
01a89f
  using semodule
01a89f
01a89f
* Fri Feb 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.19-1
01a89f
- Update to upstream
01a89f
  * Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
01a89f
01a89f
* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1
01a89f
- Update to upstream
01a89f
  * Fix spurious out of memory error reports.
01a89f
  * Merged second version of fix for genhomedircon handling from Caleb Case.
01a89f
01a89f
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-1
01a89f
- Update to upstream
01a89f
  * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
01a89f
01a89f
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-2
01a89f
- Stop differentiating on user for homedir labeling
01a89f
01a89f
* Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1
01a89f
- Update to upstream
01a89f
  * Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
01a89f
  * Copy the store path in semanage_select_store from Dan Walsh.
01a89f
- Add expand-check=0 to semanage.conf
01a89f
01a89f
* Mon Dec 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-5
01a89f
- Fix handling of /etc/shells so genhomedircon will work
01a89f
01a89f
* Thu Nov 29 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-3
01a89f
- Allow semanage_genhomedircon to work with out a USER int homedir.template
01a89f
01a89f
* Sat Nov 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
01a89f
- Fix semanage_select_store to allocate memory, fixes crash on invalid store
01a89f
01a89f
* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.
01a89f
  * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
01a89f
01a89f
* Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.12-1
01a89f
- Upgrade to latest from NSA
01a89f
  * ustr cleanups from James Antill.
01a89f
  * Ensure that /root gets labeled even if using the default context from Dan Walsh.
01a89f
01a89f
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.11-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
01a89f
01a89f
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-2
01a89f
- Fix sort order on generated homedir context
01a89f
01a89f
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Fix error checking on getpw*_r functions from Todd Miller.
01a89f
  * Make genhomedircon skip invalid homedir contexts from Todd Miller.
01a89f
  * Set default user and prefix from seusers from Dan Walsh.
01a89f
  * Add swigify Makefile target from Dan Walsh.
01a89f
01a89f
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
01a89f
  * Clear errno on non-fatal errors to avoid reporting them upon a
01a89f
    later error that does not set errno.
01a89f
  * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
01a89f
01a89f
- Fix segfault in genhomedircon when using bad user names
01a89f
01a89f
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-2
01a89f
- Fix genhomedircon code to only generate valid context
01a89f
- Fixes autorelabel problem
01a89f
01a89f
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Change to use getpw* function calls to the _r versions from Todd Miller.
01a89f
01a89f
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.5-1
01a89f
- Upgrade to latest from NSA
01a89f
01a89f
* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.4-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Allow dontaudits to be turned off via semanage interface when
01a89f
    updating policy
01a89f
01a89f
* Sat Aug 11 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-5
01a89f
- Add ability to load a policy without dontaudit rules
01a89f
-
01a89f
01a89f
* Tue Jun 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-4
01a89f
- Rebuild to fix segfault on x86 platforms, swigify on each build
01a89f
01a89f
* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-3
01a89f
- Rebuild for rawhide
01a89f
01a89f
* Thu May 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2
01a89f
- Apply patch to fix dependencies in spec file from Robert Scheck
01a89f
01a89f
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Fix to libsemanage man patches so whatis will work better from Dan Walsh
01a89f
01a89f
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1
01a89f
- Upgrade to latest from NSA
01a89f
- Merged optimizations from Stephen Smalley.
01a89f
-    do not set all booleans upon commit, only those whose values have changed
01a89f
-    only install the sandbox upon commit if something was rebuilt
01a89f
01a89f
* Sat Mar 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2
01a89f
- Add SELinux to Man page Names so man -k will work
01a89f
01a89f
* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
01a89f
- Merged dbase_file_flush patch from Dan Walsh.
01a89f
- This removes any mention of specific tools (e.g. semanage)
01a89f
- from the comment header of the auto-generated files,
01a89f
- since there are multiple front-end tools.
01a89f
01a89f
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged Makefile test target patch from Caleb Case.
01a89f
  * Merged get_commit_number function rename patch from Caleb Case.
01a89f
  * Merged strnlen -> strlen patch from Todd Miller.
01a89f
01a89f
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.10.1-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged python binding fix from Dan Walsh.
01a89f
  * Updated version for stable branch.
01a89f
01a89f
* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.2-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged patch to optionally reduce disk usage by removing 
01a89f
    the backup module store and linked policy from Karl MacMillan
01a89f
  * Merged patch to correctly propagate return values in libsemanage
01a89f
01a89f
* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-3
01a89f
- Apply Karl MacMillan patch to get proper error codes.
01a89f
01a89f
* Thu Dec  7 2006 Jeremy Katz <katzj@redhat.com> - 1.9.1-2
01a89f
- rebuild against python 2.5
01a89f
01a89f
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged patch to compile wit -fPIC instead of -fpic from
01a89f
    Manoj Srivastava to prevent hitting the global offest table
01a89f
    limit. Patch changed to include libselinux and libsemanage in
01a89f
    addition to libsepol.
01a89f
01a89f
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.8-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Updated version for release.
01a89f
01a89f
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.17-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged patch to skip reload if no active store exists and
01a89f
    the store path doesn't match the active store path from Dan Walsh.
01a89f
  * Merged patch to not destroy sepol handle on error path of
01a89f
    connect from James Athey.
01a89f
  * Merged patch to add genhomedircon path to semanage.conf from
01a89f
    James Athey. 
01a89f
01a89f
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-3
01a89f
- Fix semanage to not load if is not the correct policy type and it is installing
01a89f
01a89f
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-2
01a89f
- Fix requires lines
01a89f
01a89f
* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Make most copy errors fatal, but allow exceptions for
01a89f
    file_contexts.local, seusers, and netfilter_contexts if
01a89f
    the source file does not exist in the store.
01a89f
01a89f
* Sat Aug 12 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.15-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged separate local file contexts patch from Chris PeBenito.
01a89f
  * Merged patch to make most copy errors non-fatal from Dan Walsh.
01a89f
01a89f
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-3
01a89f
- Change other updates to be non-fatal
01a89f
01a89f
* Wed Aug 9 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-2
01a89f
- Change netfilter stuff to be non-fatal so update can proceed.
01a89f
01a89f
* Thu Aug 3 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged netfilter contexts support from Chris PeBenito.
01a89f
01a89f
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.12-2
01a89f
- Rebuild for new gcc
01a89f
01a89f
* Tue Jul 11 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.12-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged support for read operations on read-only fs from 
01a89f
    Caleb Case (Tresys Technology).
01a89f
01a89f
* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.11-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Lindent.
01a89f
  * Merged setfiles location check patch from Dan Walsh.
01a89f
01a89f
* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.9-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged several fixes from Serge Hallyn:
01a89f
       dbase_file_cache:  deref of uninit data on error path.
01a89f
       dbase_policydb_cache:  clear fp to avoid double fclose
01a89f
       semanage_fc_sort:  destroy temp on error paths
01a89f
01a89f
* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.8-2
01a89f
- Handle setfiles being in /sbin or /usr/sbin
01a89f
01a89f
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.8-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Updated default location for setfiles to /sbin to
01a89f
    match policycoreutils.  This can also be adjusted via 
01a89f
    semanage.conf using the syntax:
01a89f
    [setfiles]
01a89f
    path = /path/to/setfiles
01a89f
    args = -q -c $@ $<
01a89f
    [end]
01a89f
01a89f
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-3
01a89f
- Spec file cleanup from n0dalus+redhat@gmail.com
01a89f
01a89f
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-2
01a89f
- Add /usr/include/semanage to spec file
01a89f
01a89f
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged fix warnings patch from Karl MacMillan.
01a89f
01a89f
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.6-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged updated file context sorting patch from Christopher
01a89f
    Ashworth, with bug fix for escaped character flag.
01a89f
  * Merged file context sorting code from Christopher Ashworth 
01a89f
    (Tresys Technology), based on fc_sort.c code in refpolicy.
01a89f
  * Merged python binding t_output_helper removal patch from Dan Walsh.
01a89f
  * Regenerated swig files.
01a89f
01a89f
* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.3-1
01a89f
- Fix to work with new version of swig
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged corrected fix for descriptor leak from Dan Walsh.
01a89f
01a89f
* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.2-2
01a89f
- Fix leaky descriptor
01a89f
01a89f
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.2-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged Makefile PYLIBVER definition patch from Dan Walsh.
01a89f
  * Merged man page reorganization from Ivan Gyurdiev.
01a89f
01a89f
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.6-1
01a89f
- Make work on RHEL4
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged abort early on merge errors patch from Ivan Gyurdiev.
01a89f
  * Cleaned up error handling in semanage_split_fc based on a patch
01a89f
    by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
01a89f
  * Merged MLS handling fixes from Ivan Gyurdiev.
01a89f
01a89f
* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.28-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
01a89f
  * Merged base_merge_components changes from Ivan Gyurdiev.
01a89f
01a89f
* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.26-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged paths array patch from Ivan Gyurdiev.
01a89f
  * Merged bug fix patch from Ivan Gyurdiev.
01a89f
  * Merged improve bindings patch from Ivan Gyurdiev.
01a89f
  * Merged use PyList patch from Ivan Gyurdiev.  
01a89f
  * Merged memory leak fix patch from Ivan Gyurdiev.
01a89f
  * Merged nodecon support patch from Ivan Gyurdiev.
01a89f
  * Merged cleanups patch from Ivan Gyurdiev.
01a89f
  * Merged split swig patch from Ivan Gyurdiev.
01a89f
01a89f
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.23-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged optionals in base patch from Joshua Brindle.
01a89f
  * Merged treat seusers/users_extra as optional sections patch from
01a89f
    Ivan Gyurdiev.
01a89f
  * Merged parse_optional fixes from Ivan Gyurdiev.
01a89f
01a89f
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.5.21-2.1
01a89f
- bump again for double-long bug on ppc(64)
01a89f
01a89f
* Fri Feb 10 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.21-2
01a89f
- Fix handling of seusers and users_map file
01a89f
01a89f
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.21-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged seuser/user_extra support patch from Joshua Brindle.
01a89f
  * Merged remote system dbase patch from Ivan Gyurdiev.  
01a89f
01a89f
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.5.20-1.1
01a89f
- rebuilt for new gcc4.1 snapshot and glibc changes
01a89f
01a89f
* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.5.20-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged clone record on set_con patch from Ivan Gyurdiev.  
01a89f
01a89f
* Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.5.19-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged fname parameter patch from Ivan Gyurdiev.
01a89f
  * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
01a89f
  * Merged seusers.system patch from Ivan Gyurdiev.
01a89f
  * Merged improve port/fcontext API patch from Ivan Gyurdiev.  
01a89f
01a89f
* Fri Jan 27 2006 Dan Walsh <dwalsh@redhat.com> 1.5.18-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
01a89f
  * Merged set_create_store, access_check, and is_connected interfaces
01a89f
    from Joshua Brindle.
01a89f
01a89f
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.16-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Regenerate python wrappers.
01a89f
01a89f
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.15-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged pywrap Makefile diff from Dan Walsh.
01a89f
  * Merged cache management patch from Ivan Gyurdiev.
01a89f
  * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
01a89f
  * Merged remove apply_local function patch from Ivan Gyurdiev.
01a89f
  * Merged only do read locking in direct case patch from Ivan Gyurdiev.
01a89f
  * Merged cache error path memory leak fix from Ivan Gyurdiev.
01a89f
  * Merged auto-generated file header patch from Ivan Gyurdiev.
01a89f
  * Merged pywrap test update from Ivan Gyurdiev.
01a89f
  * Merged hidden defs update from Ivan Gyurdiev.
01a89f
01a89f
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.14-2
01a89f
- Break out python out of regular Makefile
01a89f
01a89f
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.14-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged disallow port overlap patch from Ivan Gyurdiev.
01a89f
  * Merged join prereq and implementation patches from Ivan Gyurdiev.
01a89f
  * Merged join user extra data part 2 patch from Ivan Gyurdiev.
01a89f
  * Merged bugfix patch from Ivan Gyurdiev.
01a89f
  * Merged remove add_local/set_local patch from Ivan Gyurdiev.
01a89f
  * Merged user extra data part 1 patch from Ivan Gyurdiev.
01a89f
  * Merged size_t -> unsigned int patch from Ivan Gyurdiev.
01a89f
  * Merged calloc check in semanage_store patch from Ivan Gyurdiev,
01a89f
    bug noticed by Steve Grubb.
01a89f
  * Merged cleanups after add/set removal patch from Ivan Gyurdiev.
01a89f
01a89f
* Sat Jan 7 2006 Dan Walsh <dwalsh@redhat.com> 1.5.9-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged const in APIs patch from Ivan Gyurdiev.
01a89f
  * Merged validation of local file contexts patch from Ivan Gyurdiev.
01a89f
  * Merged compare2 function patch from Ivan Gyurdiev.
01a89f
  * Merged hidden def/proto update patch from Ivan Gyurdiev.
01a89f
01a89f
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Re-applied string and file optimization patch from Russell Coker,
01a89f
    with bug fix.
01a89f
  * Reverted string and file optimization patch from Russell Coker.
01a89f
  * Clarified error messages from parse_module_headers and 
01a89f
    parse_base_headers for base/module mismatches.
01a89f
01a89f
* Fri Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.6-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Clarified error messages from parse_module_headers and 
01a89f
    parse_base_headers for base/module mismatches.
01a89f
  * Merged string and file optimization patch from Russell Coker.
01a89f
  * Merged swig header reordering patch from Ivan Gyurdiev.
01a89f
  * Merged toggle modify on add patch from Ivan Gyurdiev.
01a89f
  * Merged ports parser bugfix patch from Ivan Gyurdiev.
01a89f
  * Merged fcontext swig patch from Ivan Gyurdiev.
01a89f
  * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
01a89f
  * Merged man pages for dbase functions patch from Ivan Gyurdiev.
01a89f
  * Merged pywrap tests patch from Ivan Gyurdiev.
01a89f
01a89f
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-2
01a89f
- Patch to fix add
01a89f
01a89f
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged patch series from Ivan Gyurdiev.
01a89f
    This includes patches to:
01a89f
    - separate file rw code from linked list
01a89f
    - annotate objects
01a89f
    - fold together internal headers
01a89f
    - support ordering of records in compare function
01a89f
    - add active dbase backend, active booleans
01a89f
    - return commit numbers for ro database calls
01a89f
    - use modified flags to skip rebuild whenever possible
01a89f
    - enable port interfaces
01a89f
    - update swig interfaces and typemaps
01a89f
    - add an API for file_contexts.local and file_contexts
01a89f
    - flip the traversal order in iterate/list
01a89f
    - reorganize sandbox_expand
01a89f
    - add seusers MLS validation
01a89f
    - improve dbase spec/documentation
01a89f
    - clone record on set/add/modify
01a89f
01a89f
* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-3
01a89f
- Add Ivans patch to turn on ports
01a89f
01a89f
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-2
01a89f
- Remove patch since upstream does the right thing
01a89f
01a89f
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged further header cleanups from Ivan Gyurdiev.
01a89f
  * Merged toggle modified flag in policydb_modify, fix memory leak
01a89f
    in clear_obsolete, polymorphism vs headers fix, and include guards
01a89f
    for internal headers patches from Ivan Gyurdiev.
01a89f
01a89f
* Tue Dec 13 2005 Dan Walsh <dwalsh@redhat.com> 1.5.1-2
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged toggle modified flag in policydb_modify, fix memory leak
01a89f
    in clear_obsolete, polymorphism vs headers fix, and include guards
01a89f
    for internal headers patches from Ivan Gyurdiev.
01a89f
01a89f
* Mon Dec 12 2005 Dan Walsh <dwalsh@redhat.com> 1.5.1-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Added file-mode= setting to semanage.conf, default to 0644.
01a89f
    Changed semanage_copy_file and callers to use this mode when
01a89f
    installing policy files to runtime locations.
01a89f
01a89f
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
01a89f
- rebuilt
01a89f
01a89f
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.4-1
01a89f
- Fix mode of output seusers file
01a89f
01a89f
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.3.64-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Changed semanage_handle_create() to set do_reload based on
01a89f
    is_selinux_enabled().  This prevents improper attempts to
01a89f
    load policy on a non-SELinux system.
01a89f
01a89f
* Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.3.63-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Dropped handle from user_del_role interface.
01a89f
  * Removed defrole interfaces.
01a89f
01a89f
* Tue Nov 29 2005 Dan Walsh <dwalsh@redhat.com> 1.3.61-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged Makefile python definitions patch from Dan Walsh.
01a89f
  * Removed is_selinux_mls_enabled() conditionals in seusers and users
01a89f
    file parsers. 
01a89f
01a89f
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.59-1
01a89f
- Add additional swig objects
01a89f
  * Merged wrap char*** for user_get_roles patch from Joshua Brindle.
01a89f
  * Merged remove defrole from sepol patch from Ivan Gyurdiev.
01a89f
  * Merged swig wrappers for modifying users and seusers from Joshua Brindle.
01a89f
01a89f
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-2
01a89f
- Add additional swig objects
01a89f
01a89f
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Fixed free->key_free bug.
01a89f
  * Merged clear obsolete patch from Ivan Gyurdiev.
01a89f
  * Merged modified swigify patch from Dan Walsh 
01a89f
    (original patch from Joshua Brindle).
01a89f
  * Merged move genhomedircon call patch from Chad Sellers.
01a89f
01a89f
* Mon Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-3
01a89f
- Add genhomedircon patch from Joshua Brindle
01a89f
01a89f
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-2
01a89f
- Add swigify patch from Joshua Brindle
01a89f
01a89f
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged move seuser validation patch from Ivan Gyurdiev.
01a89f
  * Merged hidden declaration fixes from Ivan Gyurdiev,
01a89f
    with minor corrections.
01a89f
01a89f
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.3.52-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged cleanup patch from Ivan Gyurdiev.
01a89f
    This renames semanage_module_conn to semanage_direct_handle,
01a89f
    and moves sepol handle create/destroy into semanage handle
01a89f
    create/destroy to allow use even when disconnected (for the
01a89f
    record interfaces).
01a89f
01a89f
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.51-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Clear modules modified flag upon disconnect and commit.
01a89f
        * Added tracking of module modifications and use it to
01a89f
    determine whether expand-time checks should be applied
01a89f
    on commit.
01a89f
  * Reverted semanage_set_reload_bools() interface.
01a89f
01a89f
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.48-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Disabled calls to port dbase for merge and commit and stubbed
01a89f
    out calls to sepol_port interfaces since they are not exported.
01a89f
  * Merged rename instead of copy patch from Joshua Brindle (Tresys).
01a89f
  * Added hidden_def/hidden_proto for exported symbols used within 
01a89f
    libsemanage to eliminate relocations.  Wrapped type definitions
01a89f
    in exported headers as needed to avoid conflicts.  Added
01a89f
    src/context_internal.h and src/iface_internal.h.
01a89f
  * Added semanage_is_managed() interface to allow detection of whether
01a89f
    the policy is managed via libsemanage.  This enables proper handling
01a89f
    in setsebool for non-managed systems.
01a89f
  * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
01a89f
    to enable runtime control over preserving active boolean values
01a89f
    versus reloading their saved settings upon commit.
01a89f
01a89f
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.43-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged seuser parser resync, dbase tracking and cleanup, strtol
01a89f
    bug, copyright, and assert space patches from Ivan Gyurdiev.
01a89f
  * Added src/*_internal.h in preparation for other changes.
01a89f
   * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
01a89f
          src/seusers.[hc].
01a89f
01a89f
01a89f
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.41-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged interface parse/print, context_to_string interface change,
01a89f
    move assert_noeof, and order preserving patches from Ivan Gyurdiev.
01a89f
        * Added src/dso.h in preparation for other changes.
01a89f
  * Merged install seusers, handle/error messages, MLS parsing,
01a89f
    and seusers validation patches from Ivan Gyurdiev.
01a89f
01a89f
* Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.3.39-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged record interface, dbase flush, common database code,
01a89f
    and record bugfix patches from Ivan Gyurdiev.
01a89f
01a89f
* Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.38-1
01a89f
- Upgrade to latest from NSA
01a89f
  * Merged dbase policydb list and count change from Ivan Gyurdiev.
01a89f
  * Merged enable dbase and set relay patches from Ivan Gyurdiev.
01a89f
01a89f
* Thu Oct 27 2005 Dan Walsh <dwalsh@redhat.com> 1.3.36-1
01a89f
- Update from NSA
01a89f
  * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
01a89f
01a89f
* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.3.35-1
01a89f
- Update from NSA
01a89f
  * Merged sepol handle passing, seusers support, and policydb cache
01a89f
    patches from Ivan Gyurdiev.
01a89f
01a89f
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.3.34-1
01a89f
- Update from NSA
01a89f
  * Merged resync to sepol changes and booleans fixes/improvements 
01a89f
    patches from Ivan Gyurdiev.
01a89f
  * Merged support for genhomedircon/homedir template, store selection,
01a89f
    explicit policy reload, and semanage.conf relocation from Joshua
01a89f
    Brindle.
01a89f
01a89f
* Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.3.32-1
01a89f
- Update from NSA
01a89f
  * Merged resync to sepol changes and transaction fix patches from
01a89f
    Ivan Gyurdiev.
01a89f
  * Merged reorganize users patch from Ivan Gyurdiev.
01a89f
  * Merged remove unused relay functions patch from Ivan Gyurdiev.
01a89f
01a89f
* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.30-1
01a89f
- Update from NSA
01a89f
  * Fixed policy file leaks in semanage_load_module and
01a89f
    semanage_write_module.
01a89f
  * Merged further database work from Ivan Gyurdiev.
01a89f
  * Fixed bug in semanage_direct_disconnect.
01a89f
01a89f
* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.28-1
01a89f
- Update from NSA
01a89f
  * Merged interface renaming patch from Ivan Gyurdiev.
01a89f
  * Merged policy component patch from Ivan Gyurdiev.
01a89f
  * Renamed 'check=' configuration value to 'expand-check=' for 
01a89f
    clarity.
01a89f
  * Changed semanage_commit_sandbox to check for and report errors 
01a89f
    on rename(2) calls performed during rollback.
01a89f
  * Added optional check= configuration value to semanage.conf 
01a89f
    and updated call to sepol_expand_module to pass its value
01a89f
    to control assertion and hierarchy checking on module expansion.
01a89f
  * Merged fixes for make DESTDIR= builds from Joshua Brindle.
01a89f
01a89f
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.24-1
01a89f
- Update from NSA
01a89f
  * Merged default database from Ivan Gyurdiev.
01a89f
  * Merged removal of connect requirement in policydb backend from
01a89f
    Ivan Gyurdiev.
01a89f
  * Merged commit locking fix and lock rename from Joshua Brindle.
01a89f
  * Merged transaction rollback in lock patch from Joshua Brindle.
01a89f
  * Changed default args for load_policy to be null, as it no longer
01a89f
    takes a pathname argument and we want to preserve booleans.
01a89f
  * Merged move local dbase initialization patch from Ivan Gyurdiev.
01a89f
  * Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
01a89f
  * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
01a89f
  * Added calls to sepol_policy_file_set_handle interface prior
01a89f
    to invoking sepol operations on policy files.
01a89f
  * Updated call to sepol_policydb_from_image to pass the handle.
01a89f
01a89f
01a89f
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
01a89f
- Update from NSA
01a89f
  * Changed default args for load_policy to be null, as it no longer
01a89f
    takes a pathname argument and we want to preserve booleans.
01a89f
  * Merged move local dbase initialization patch from Ivan Gyurdiev.
01a89f
  * Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
01a89f
  * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
01a89f
  * Added calls to sepol_policy_file_set_handle interface prior
01a89f
    to invoking sepol operations on policy files.
01a89f
  * Updated call to sepol_policydb_from_image to pass the handle.
01a89f
01a89f
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
01a89f
- Update from NSA
01a89f
  * Merged user and port APIs - policy database patch from Ivan
01a89f
  Gyurdiev.
01a89f
  * Converted calls to sepol link_packages and expand_module interfaces
01a89f
  from using buffers to using sepol handles for error reporting, and 
01a89f
  changed direct_connect/disconnect to create/destroy sepol handles.
01a89f
01a89f
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.3.18-1
01a89f
- Update from NSA
01a89f
  * Merged bugfix patch from Ivan Gyurdiev.
01a89f
  * Merged seuser database patch from Ivan Gyurdiev.
01a89f
  Merged direct user/port databases to the handle from Ivan Gyurdiev.
01a89f
  * Removed obsolete include/semanage/commit_api.h (leftover).
01a89f
  Merged seuser record patch from Ivan Gyurdiev.
01a89f
  * Merged boolean and interface databases from Ivan Gyurdiev.
01a89f
01a89f
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.14-1
01a89f
- Update from NSA
01a89f
  * Updated to use get interfaces for hidden sepol_module_package type.
01a89f
  * Changed semanage_expand_sandbox and semanage_install_active
01a89f
  to generate/install the latest policy version supported  by libsepol
01a89f
  by default (unless overridden by semanage.conf), since libselinux
01a89f
  will now downgrade automatically for load_policy.
01a89f
  * Merged new callback-based error reporting system and ongoing
01a89f
  database work from Ivan Gyurdiev.
01a89f
01a89f
* Wed Oct 12 2005 Dan Walsh <dwalsh@redhat.com> 1.3.11-1
01a89f
- Update from NSA
01a89f
  * Fixed semanage_install_active() to use the same logic for
01a89f
  selecting a policy version as semanage_expand_sandbox().  Dropped
01a89f
  dead code from semanage_install_sandbox().
01a89f
01a89f
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.3.10-1
01a89f
- Update from NSA
01a89f
  * Updated for changes to libsepol, and to only use types and interfaces
01a89f
  provided by the shared libsepol.
01a89f
01a89f
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.9-1
01a89f
- Update from NSA
01a89f
  * Merged further database work from Ivan Gyurdiev.
01a89f
01a89f
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.3.8-1
01a89f
- Update from NSA
01a89f
  * Merged iterate, redistribute, and dbase split patches from
01a89f
  Ivan Gyurdiev.
01a89f
01a89f
* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.7-1
01a89f
- Update from NSA
01a89f
  * Merged patch series from Ivan Gyurdiev.
01a89f
    (pointer typedef elimination, file renames, dbase work, backend
01a89f
     separation)
01a89f
  * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
01a89f
  * Separated handle create from connect interface.
01a89f
  * Added a constructor for initialization.
01a89f
  * Moved up src/include/*.h to src.
01a89f
  * Created a symbol map file; dropped dso.h and hidden markings.
01a89f
01a89f
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.5-1
01a89f
- Update from NSA
01a89f
  * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
01a89f
  * Separated handle create from connect interface.
01a89f
  * Added a constructor for initialization.
01a89f
  * Moved up src/include/*.h to src.
01a89f
  * Created a symbol map file; dropped dso.h and hidden markings.
01a89f
01a89f
* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.4-1
01a89f
- Update from NSA
01a89f
  * Merged dbase redesign patch from Ivan Gyurdiev.
01a89f
01a89f
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.3-1
01a89f
- Update from NSA
01a89f
  * Merged boolean record, stub record handler, and status codes 
01a89f
    patches from Ivan Gyurdiev.
01a89f
01a89f
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.2-1
01a89f
- Update from NSA
01a89f
  * Merged stub iterator functionality from Ivan Gyurdiev.
01a89f
  * Merged interface record patch from Ivan Gyurdiev.
01a89f
01a89f
* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.1-1
01a89f
- Update from NSA
01a89f
  * Merged stub functionality for managing user and port records,
01a89f
  and record table code from Ivan Gyurdiev.
01a89f
  * Updated version for release.
01a89f
01a89f
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.1.6-1
01a89f
- Update from NSA
01a89f
  * Merged semod.conf template patch from Dan Walsh (Red Hat),
01a89f
  but restored location to /usr/share/semod/semod.conf.
01a89f
  * Fixed several bugs found by valgrind.
01a89f
  * Fixed bug in prior patch for the semod_build_module_list leak.
01a89f
  * Merged errno fix from Joshua Brindle (Tresys).
01a89f
  * Merged fix for semod_build_modules_list leak on error path
01a89f
    from Serge Hallyn (IBM).  Bug found by Coverity.
01a89f
01a89f
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.1.3-1
01a89f
- Update from NSA
01a89f
  * Merged errno fix from Joshua Brindle (Tresys).
01a89f
  * Merged fix for semod_build_modules_list leak on error path
01a89f
    from Serge Hallyn (IBM).  Bug found by Coverity.
01a89f
  * Merged several fixes from Serge Hallyn (IBM).  Bugs found by
01a89f
    Coverity.
01a89f
  * Fixed several other bugs and warnings.
01a89f
  * Merged patch to move module read/write code from libsemanage
01a89f
    to libsepol from Jason Tang (Tresys).  
01a89f
  * Merged relay records patch from Ivan Gyurdiev.
01a89f
  * Merged key extract patch from Ivan Gyurdiev.
01a89f
01a89f
- Initial version
01a89f
- Created by Stephen Smalley <sds@epoch.ncsc.mil>