File libselinux.changes of Package libselinux.10737

-------------------------------------------------------------------
Fri Nov 24 09:09:02 UTC 2017 - jsegitz@suse.com

- Update to version 2.6. Notable changes:
  * selinux_restorecon: fix realpath logic
  * sefcontext_compile: invert semantics of "-r" flag
  * sefcontext_compile: Add "-i" flag
  * Introduce configurable backends
  * Add function to find security.restorecon_last entries
  * Add openrc_contexts functions
  * Add support for pcre2
  * Handle NULL pcre study data
  * Add setfiles support to selinux_restorecon(3)
  * Evaluate inodes in selinux_restorecon(3)
  * Change the location of _selinux.so
  * Explain how to free policy type from selinux_getpolicytype()
  * Compare absolute pathname in matchpathcon -V
  * Add selinux_snapperd_contexts_path()
  * Modify audit2why analyze function to use loaded policy
  * Avoid mounting /proc outside of selinux_init_load_policy()
  * Fix location of selinuxfs mount point
  * Only mount /proc if necessary
  * procattr: return einval for <= 0 pid args
  * procattr: return error on invalid pid_t input
- Dropped
  * libselinux-2.2-ruby.patch 
  * libselinux-proc-mount-only-if-needed.patch 
  * python-selinux-swig-3.10.patch

-------------------------------------------------------------------
Wed Jul  5 10:30:57 UTC 2017 - schwab@suse.de

- readv-proto.patch: include <sys/uio.h> for readv prototype

-------------------------------------------------------------------
Sun Jul 24 19:33:42 UTC 2016 - crrodriguez@opensuse.org

- -devel static subpackage requires libpcre-devel and libsepol-devel

-------------------------------------------------------------------
Sun Jul 24 19:05:35 UTC 2016 - crrodriguez@opensuse.org

- Avoid mounting /proc outside of selinux_init_load_policy().
  (Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes
  among other things systemd seccomp sandboxing otherwise all
  filters must allow mount(2)
  (libselinux-proc-mount-only-if-needed.patch)

-------------------------------------------------------------------
Sun Jul 17 15:30:05 UTC 2016 - jengelh@inai.de

- Update RPM groups, trim description and combine filelist entries.

-------------------------------------------------------------------
Thu Jul 14 07:58:49 UTC 2016 - jsegitz@novell.com

- Adjusted source link

-------------------------------------------------------------------
Tue Jul  5 16:42:03 UTC 2016 - i@marguerite.su

- add patch: python-selinux-swig-3.10.patch, fixed boo#985368
  * swig-3.10 in Factory use importlib instead of imp to find
    _selinux.so. imp searched the same directory as __init__.py
    is while importlib searchs only standard paths. so we have
    to move _selinux.so. fixed by upstream
- update version 2.5
  * Add selinux_restorecon function
  * read_spec_entry: fail on non-ascii
  * Add man information about thread specific functions
  * Don't wrap rpm_execcon with DISABLE_RPM with SWIG
  * Correct line count for property and service context files
  * label_file: fix memory leaks and uninitialized jump
  * Replace selabel_digest hash function
  * Fix selabel_open(3) services if no digest requested
  * Add selabel_digest function
  * Flush the class/perm string mapping cache on policy reload
  * Fix restorecon when path has no context
  * Free memory when processing media and x specfiles
  * Fix mmap memory release for file labeling
  * Add policy context validation to sefcontext_compile
  * Do not treat an empty file_contexts(.local) as an error
  * Fail hard on invalid property_contexts entries
  * Fail hard on invalid file_contexts entries
  * Support context validation on file_contexts.bin
  * Add selabel_cmp interface and label_file backend
  * Support specifying file_contexts.bin file path
  * Support file_contexts.bin without file_contexts
  * Simplify procattr cache
  * Use /proc/thread-self when available
  * Add const to selinux_opt for label backends
  * Fix binary file labels for regexes with metachars
  * Fix file labels for regexes with metachars
  * Fix if file_contexts not '\n' terminated
  * Enhance file context support
  * Fix property processing and cleanup formatting
  * Add read_spec_entries function to replace sscanf
  * Support consistent mode size for bin files
  * Fix more bin file processing core dumps
  * add selinux_openssh_contexts_path()
  * setrans_client: minimize overhead when mcstransd is not present
  * Ensure selabel_lookup_best_match links NULL terminated
  * Fix core dumps with corrupt *.bin files
  * Add selabel partial and best match APIs
  * Use os.walk() instead of the deprecated os.path.walk()
  * Remove deprecated mudflap option
  * Mount procfs before checking /proc/filesystems
  * Fix -Wformat errors with gcc-5.0.0
  * label_file:  handle newlines in file names
  * Fix audit2why error handling if SELinux is disabled
  * pcre_study can return NULL without error
  * Only check SELinux enabled status once in selinux_check_access
- changes in 2.4
  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
  * Fix bugs found by hardened gcc flags
  * Set the system to permissive if failing to disable SELinux because
    policy has already been loaded
  * Add db_exception and db_datatype support to label_db backend
  * Log an error on unknown classes and permissions
  * Add pcre version string to the compiled file_contexts format
  * Deprecate use of flask.h and av_permissions.h
  * Compiled file_context files and the original should have the same DAC
    permissions

-------------------------------------------------------------------
Thu Jul 30 12:00:27 UTC 2015 - jsegitz@novell.com

- fixed selinux-ready to work with initrd files created by dracut (bsc#940006)

-------------------------------------------------------------------
Mon Sep  8 08:25:11 UTC 2014 - jsegitz@suse.com

- updated selinux-ready script to handle initrd files compressed with xz

-------------------------------------------------------------------
Sun May 18 00:15:17 UTC 2014 - crrodriguez@opensuse.org

- Update to version 2.3 
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.

-------------------------------------------------------------------
Thu Oct 31 13:43:41 UTC 2013 - p.drouand@gmail.com

- Update to version 2.2
  * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
  * Support overriding Makefile RANLIB
  * Update pkgconfig definition
  * Mount sysfs before trying to mount selinuxfs.
  * Fix man pages
  * Support overriding PATH  and LIBBASE in Makefile
  * Fix LDFLAGS usage
  * Avoid shadowing stat in load_mmap
  * Support building on older PCRE libraries
  * Fix handling of temporary file in sefcontext_compile
  * Fix procattr cache
  * Define python constants for getenforce result
  * Fix label substitution handling of /
  * Add selinux_current_policy_path from
  * Change get_context_list to only return good matches
  * Support udev-197 and higher
  * Add support for local substitutions
  * Change setfilecon to not return ENOSUP if context is already correct
  * Python wrapper leak fixes
  * Export SELINUX_TRANS_DIR definition in selinux.h
  * Add selinux_systemd_contexts_path
  * Add selinux_set_policy_root
  * Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages
  
-------------------------------------------------------------------
Thu Jun 27 14:42:01 UTC 2013 - vcizek@suse.com

- change the source url to the official 2.1.13 release tarball

-------------------------------------------------------------------
Wed May 22 23:50:58 UTC 2013 - jengelh@inai.de

- Reuse implicit dependencies injected by pkgconfig

-------------------------------------------------------------------
Thu Apr  4 19:16:35 UTC 2013 - vcizek@suse.com

- fixed source url in libselinux-bindings.spec
- removed old tarball

-------------------------------------------------------------------
Wed Apr  3 10:17:21 UTC 2013 - vcizek@suse.com

- fix source url
- document changes in libselinux-rhat.patch from previous submission:
  (most code of the removed code was integrated upstream)
  * Add matchpathcon -P /etc/selinux/mls support by allowing users
    to set alternate root
  * Add new constant SETRANS_DIR which points to the directory
    where mstransd can find the socket and libvirt can write its
    translations files

-------------------------------------------------------------------
Fri Mar 29 15:12:50 UTC 2013 - vcizek@suse.com

-update to 2.1.13
 * audit2why: make sure path is nul terminated
 * utils: new file context regex compiler
 * label_file: use precompiled filecontext when possible
 * do not leak mmapfd
 * sefcontontext_compile: Add error handling to help debug problems in libsemanage.
 * man: make selinux.8 mention service man pages
 * audit2why: Fix segfault if finish() called twice
 * audit2why: do not leak on multiple init() calls
 * mode_to_security_class: interface to translate a mode_t in to a security class
 * audit2why: Cleanup audit2why analysys function
 * man: Fix program synopsis and function prototypes in man pages
 * man: Fix man pages formatting
 * man: Fix typo in man page
 * man: Add references and man page links to _raw function variants
 * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
 * man: context_new(3): fix the return value description
 * selinux_status_open: handle error from sysconf
 * selinux_status_open: do not leak statusfd on exec
 * Fix errors found by coverity
 * Change boooleans.subs to booleans.subs_dist.
 * optimize set*con functions
 * pkg-config do not specifc ruby version
 * unmap file contexts on selabel_close()
 * do not leak file contexts with mmap'd backend
 * sefcontext_compile: do not leak fd on error
 * matchmediacon: do not leak fd
 * src/label_android_property: do not leak fd on error

-------------------------------------------------------------------
Wed Jan 30 11:44:45 UTC 2013 - vcizek@suse.com

- update to 2.1.12
  - added the recent libselinux-rhat.patch
  * Add support for lxc_contexts_path
  * utils: add service to getdefaultcon
  * libsemanage: do not set soname needlessly
  * libsemanage: remove PYTHONLIBDIR and ruby equivalent
  * boolean name equivalency
  * getsebool: support boolean name substitution
  * Add man page for new selinux_boolean_sub function.
  * expose selinux_boolean_sub
  * matchpathcon: add -m option to force file type check
  * utils: avcstat: clear sa_mask set
  * seusers: Check for strchr failure
  * booleans: initialize pointer to silence coveriety
  * stop messages when SELinux disabled
  * Ensure that we only close the selinux netlink socket once.
  * improve the file_contexts.5 manual page
  * Fortify source now requires all code to be compiled with -O flag
  * asprintf return code must be checked
  * avc_netlink_recieve handle EINTR
  * audit2why: silence -Wmissing-prototypes warning
  * libsemanage: remove build warning when build swig c files
  * matchpathcon: bad handling of symlinks in /
  * seusers: remove unused lineno
  * seusers: getseuser: gracefully handle NULL service
  * New Android property labeling backend
  * label_android_property whitespace cleanups
  * additional makefile support for rubywrap
  * Remove jump over variable declaration
  * Fix old style function definitions
  * Fix const-correctness
  * Remove unused flush_class_cache method
  * Add prototype decl for destructor
  * Add more printf format annotations
  * Add printf format attribute annotation to die() method
  * Fix const-ness of parameters & make usage() methods static
  * Enable many more gcc warnings for libselinux/src/ builds
  * utils: Enable many more gcc warnings for libselinux/utils builds
  * Change annotation on include/selinux/avc.h to avoid upsetting SWIG
  * Ensure there is a prototype for 'matchpathcon_lib_destructor'
  * Update Makefiles to handle /usrmove
  * utils: Stop separating out matchpathcon as something special
  * pkg-config to figure out where ruby include files are located
  * build with either ruby 1.9 or ruby 1.8
  * assert if avc_init() not called
  * take security_deny_unknown into account
  * security_compute_create_name(3)
  * Do not link against python library, this is considered
  * bad practice in debian
  * Hide unnecessarily-exported library destructors

-------------------------------------------------------------------
Mon Jan  7 22:34:03 UTC 2013 - jengelh@inai.de

- Remove obsolete defines/sections

-------------------------------------------------------------------
Tue Dec 11 16:15:52 UTC 2012 - vcizek@suse.com

- update selinux-ready script
  * use -L when stat()ing /etc/selinux/config
  * make sure that SELINUX isn't disabled in /etc/selinux/config
  * look for either of /sys/fs/selinux and /selinux directory
  * use systemctl to check for restorecond
  * don't look for booleans file (deprecated)

-------------------------------------------------------------------
Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com

- update selinux-ready script

-------------------------------------------------------------------
Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com

- updated to 2.1.9 again (see below)

-------------------------------------------------------------------
Wed Jun 13 08:56:36 UTC 2012 - coolo@suse.com

- go back even more - everything else requires the full SELinux stack
  (too late for 12.2)

-------------------------------------------------------------------
Mon Jun 11 09:06:55 UTC 2012 - factory-maintainer@kulow.org

- revert back to 2.0.98 for 12.2

-------------------------------------------------------------------
Fri Jun  1 18:34:04 CEST 2012 - mls@suse.de

- update to libselinux-2.1.9
  * better man pages
  * selinux_status interfaces
  * simple interface for access checks
  * multiple bug fixes

-------------------------------------------------------------------
Wed Oct  5 15:09:25 UTC 2011 - uli@suse.com

- cross-build fix: use %__cc macro

-------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

- use %_smp_mflags

-------------------------------------------------------------------
Mon May  3 10:30:40 UTC 2010 - prusnak@suse.cz

- don't package /var/run/setrans in libselinux1 package
  - Feature#303793
  - the directory will be created in initscript of mcstrans package

-------------------------------------------------------------------
Sat Apr 24 09:53:28 UTC 2010 - coolo@novell.com

- buildrequire pkg-config to fix provides

-------------------------------------------------------------------
Fri Apr  9 07:27:27 UTC 2010 - thomas@novell.com

- selinux-ready: added function to check for restorecond in
                 runlevel 3/5 

-------------------------------------------------------------------
Thu Apr  8 06:37:34 UTC 2010 - thomas@novell.com

- selinux-ready: added functions for checking PAM config and
                 policy boolean init_upstart 

-------------------------------------------------------------------
Wed Apr  7 13:26:59 UTC 2010 - thomas@novell.com

- selinux-ready: fixed init ramfs checking 

-------------------------------------------------------------------
Wed Apr  7 12:59:41 UTC 2010 - thomas@novell.com

- added new selinux-ready script 

-------------------------------------------------------------------
Thu Feb 25 14:57:16 UTC 2010 - prusnak@suse.cz

- updated to 2.0.91
  * changes too numerous to list

-------------------------------------------------------------------
Sat Dec 12 16:43:54 CET 2009 - jengelh@medozas.de

- add baselibs.conf as a source

-------------------------------------------------------------------
Fri Jul 24 17:09:50 CEST 2009 - thomas@novell.com

- updated selinux-ready script

-------------------------------------------------------------------
Wed Jul 22 15:17:25 CEST 2009 - prusnak@suse.cz

- change libsepol-devel to libsepol-devel-static in dependencies
  of python bindings

-------------------------------------------------------------------
Wed Jul  1 12:26:48 CEST 2009 - prusnak@suse.cz

- put libsepol-devel back to Requires of libselinux-devel

-------------------------------------------------------------------
Mon Jun 29 21:24:16 CEST 2009 - prusnak@suse.cz

- added selinux-ready tool to selinux-tools package

-------------------------------------------------------------------
Tue Jun  9 20:17:54 CEST 2009 - crrodriguez@suse.de

- remove static libraries
- libselinux-devel does not require libsepol-devel

-------------------------------------------------------------------
Wed May 27 14:06:14 CEST 2009 - prusnak@suse.cz

- updated to 2.0.80
  * deny_unknown wrapper function from KaiGai Kohei
  * security_compute_av_flags API from KaiGai Kohei
  * Netlink socket management and callbacks from KaiGai Kohei
  * Netlink socket handoff patch from Adam Jackson
  * AVC caching of compute_create results by Eric Paris
  * fix incorrect conversion in discover_class code

-------------------------------------------------------------------
Fri Apr 17 17:12:06 CEST 2009 - prusnak@suse.cz

- fixed memory leak (memleak.patch)

-------------------------------------------------------------------
Wed Jan 14 14:04:30 CET 2009 - prusnak@suse.cz

- updated to 2.0.77
  * add new function getseuser which will take username and service
    and return seuser and level; ipa will populate file in future
  * change selinuxdefcon to return just the context by default
  * fix segfault if seusers file does not work
  * strip trailing / for matchpathcon
  * fix restorecon python code

-------------------------------------------------------------------
Mon Dec  1 11:32:50 CET 2008 - prusnak@suse.cz

- updated to 2.0.76
  * allow shell-style wildcarding in X names
  * add Restorecon/Install python functions
  * correct message types in AVC log messages
  * make matchpathcon -V pass mode
  * add man page for selinux_file_context_cmp
  * update flask headers from refpolicy trunk

-------------------------------------------------------------------
Wed Oct 22 16:28:59 CEST 2008 - mrueckert@suse.de

- fix debug_packages_requires define

-------------------------------------------------------------------
Tue Sep 23 12:51:10 CEST 2008 - prusnak@suse.cz

- require only version, not release [bnc#429053]

-------------------------------------------------------------------
Tue Sep  2 12:09:22 CEST 2008 - prusnak@suse.cz

- updated to 2.0.71
  * Add group support to seusers using %groupname syntax from Dan Walsh.
  * Mark setrans socket close-on-exec from Stephen Smalley.
  * Only apply nodups checking to base file contexts from Stephen Smalley.
  * Merge ruby bindings from Dan Walsh.

-------------------------------------------------------------------
Mon Sep  1 07:35:00 CEST 2008 - aj@suse.de

- Fix build of debuginfo.

-------------------------------------------------------------------
Fri Aug 22 14:45:29 CEST 2008 - prusnak@suse.cz

- added baselibs.conf file
- split bindings into separate subpackage (libselinux-bindings)
- split tools into separate subpackage (selinux-tools)

-------------------------------------------------------------------
Fri Aug  1 17:32:20 CEST 2008 - ro@suse.de

- fix requires for debuginfo package

-------------------------------------------------------------------
Tue Jul 15 16:26:31 CEST 2008 - prusnak@suse.cz

- initial version 2.0.67
  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>