File libsemanage.changes of Package libsemanage
-------------------------------------------------------------------
Fri Mar  7 14:10:50 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.8.1 
  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
  * libsemanage: improved performance of semanage store rebuild 
-------------------------------------------------------------------
Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
- Update to version 3.8
  https://github.com/SELinuxProject/selinux/releases/tag/3.8
  * libsemanage: Preserve file context and ownership in policy store
  * libsemanage: Optionally allow duplicate declarations
  * Improved man pages
  * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1
  * Code improvements and bug fixes
- For a more in depth list of changes see
  https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
  * removed 0xBC3905F235179CF1 (expired: 2024-10-25)
  * added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
-------------------------------------------------------------------
Mon Oct 21 11:19:44 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
- Not conflict but obsolete libsemanage1 (bsc#1229757)
-------------------------------------------------------------------
Mon Jul  1 07:57:45 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * Bugfixes: 
    * libsemanage: support huge passwd entries
-------------------------------------------------------------------
Tue Dec 19 11:12:21 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
  https://github.com/SELinuxProject/selinux/releases/tag/3.6
  * Add notself support for neverallow rules
  * Improve man pages
  * man pages: Remove the Russian translations
  * Add notself and other support to CIL
  * Add support for deny rules
  * Translations updated from
    https://translate.fedoraproject.org/projects/selinux/
  * Bug fixes
- Remove keys from keyring since they expired:
  - E853C1848B0185CF42864DF363A8AD4B982C4373
    Petr Lautrbach <plautrba@redhat.com>
  - 63191CE94183098689CAB8DB7EF137EC935B0EAF
    Jason Zaman <jasonzaman@gmail.com>  
- Add key to keyring:   
  - B8682847764DF60DF52D992CBC3905F235179CF1   
    Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Mon Nov 27 09:51:42 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
- Remove dependency on /usr/bin/python3, making scripts to depends on
  the real python3 binary, not the link. bsc#1212476
-------------------------------------------------------------------
Mon Aug 14 08:07:46 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Remove build counter syncing for real
-------------------------------------------------------------------
Thu May  4 14:20:40 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.
-------------------------------------------------------------------
Fri Mar 24 13:54:12 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because
  of LTO
-------------------------------------------------------------------
Thu Mar 23 13:06:51 UTC 2023 - Martin Liška <mliska@suse.cz>
- Enable LTO now (boo#1138812).
-------------------------------------------------------------------
Fri Feb 24 07:48:05 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
  * Allow user to set SYSCONFDIR
  * always write kernel policy when check_ext_changes is specified
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May  9 10:37:17 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
  * Optionally rebuild policy when modules are changed externally
  * Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
  * Allow spaces in user/group names
-------------------------------------------------------------------
Thu Feb 10 12:37:14 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Drop Buildrequires for libustr-devel, not needed anymore
-------------------------------------------------------------------
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
  * Fixed use-after-free in parse_module_store()
  * Fixed use_after_free in semanage_direct_write_langext()
-------------------------------------------------------------------
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Link to correct so version
- Minor spec file cleanups
-------------------------------------------------------------------
Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Move configuration file to separate libsemanage-conf package to allow
  for parallel installation in future versions
-------------------------------------------------------------------
Tue Mar  9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
  * dropped old and deprecated symbols and functions
    libsemanage version was bumped to libsemanage.so.2
  * libsemanage tries to sync data to prevent empty files in SELinux module
    store
-------------------------------------------------------------------
Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Add /var/lib/selinux
-------------------------------------------------------------------
Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
  the submission. Keeping the snippet in the spec file in case we try to 
  enable LTO again
-------------------------------------------------------------------
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
  * Improved manpage
  * fsync final files before rename
-------------------------------------------------------------------
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Disabled LTO again. This breaks e.g. shadow and also other packages
  in security:SELinux
-------------------------------------------------------------------
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Fix build with LTO: [bsc#1133102]
  * Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
  * Update map file to include new symbols and remove wildcards
- Add libsemanage-update-map-file.patch
-------------------------------------------------------------------
Thu Jun  4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop suse_path.patch: replace it with a grep/sed logic replacing
  /usr/libexec in all files with the correct value for all distros
  (taking into account that openSUSE is in progress of migrating
  from /usr/lib to /usr/libexec).
-------------------------------------------------------------------
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Apply suse_path.patch only for older distributions. Newer
  use libexec
-------------------------------------------------------------------
Tue Mar  3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
  * Add support for DCCP and SCTP protocols
  * include internal header to use the hidden function prototypes
  * mark all exported function "extern"
  * optionally optimize policy on rebuild
  Refreshed suse_path.patch
-------------------------------------------------------------------
Thu Jun 20 10:22:04 UTC 2019 - Martin Liška <mliska@suse.cz>
- Disable LTO due to symbol versioning (boo#1138812).
-------------------------------------------------------------------
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
  * Always set errno to 0 before calling getpwent()
  * Include user name in ROLE_REMOVE audit events
  * genhomedircon - improve handling large groups
  * improve semanage_migrate_store import failure
  * reset umask before creating directories
  * set selinux policy root around calls to selinux_boolean_sub
  * use previous seuser when getting the previous name
-------------------------------------------------------------------
Thu Nov  8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Use more %make_install.
-------------------------------------------------------------------
Thu Nov  8 07:19:24 UTC 2018 - jsegitz@suse.com
- Adjusted source urls (bsc#1115052)
-------------------------------------------------------------------
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
- update to version 2.8
  * semanage fcontext -l now also lists home directory entries from
    file_contexts.homedirs.
  * libsemanage no longer deletes the tmp directory if there is an error
    while committing the policy transaction, so that any temporary files
    can be further inspected for debugging purposes (e.g. to examine a
    particular line of the generated CIL module).  The tmp directory will
    be deleted upon the next transaction, so no manual removal is needed.
  * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
    DESTDIR has to be removed from the definition. For example on Arch
    Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
  * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
- Clened with spec-cleaner
-------------------------------------------------------------------
Thu Mar  8 19:07:16 UTC 2018 - rgoldwyn@suse.com
- Update to version 2.7. Changes:
  * IB support
  * saves linked policy and skips relinking whenever possible
-------------------------------------------------------------------
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
  * genhomedircon: do not suppress logging from libsepol
  * genhomedircon: use userprefix as the role for homedir
  * Fix bug preventing the installation of base modules
  * Use pp module name instead of filename when installing module
  * genhomedircon: remove hardcoded refpolicy strings
  * genhomedircon: add support for %group syntax
  * genhomedircon: generate contexts for logins mapped to the default user
  * Validate and compile file contexts before installing
  * Swap tcp and udp protocol numbers
  * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
-------------------------------------------------------------------
Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org
- Split out the Policy Store Migration tool into
  libsemanage-store-migrate: it is not a devel tool to start with.
  Additionally, it causes the -devel package to depend on python,
  which we want to avoid (libsemanabe being part of the core build
  cycle). The library suggests libsemanage-store-migrate.
-------------------------------------------------------------------
Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de
- Update RPM groups, trim description, combine filelist entries,
  ensure pkgconfig() symbols are generated.
-------------------------------------------------------------------
Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com
- Added suse_path.patch to fix path to hll compiler
-------------------------------------------------------------------
Fri Jul  8 15:24:49 UTC 2016 - i@marguerite.su
- update version 2.5
  * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
  * Fix uninitialized variable in direct_commit and direct_api
  * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
  * Store homedir_template and users_extra in policy store
  * Fix null pointer dereference in semanage_module_key_destroy
  * Add semanage_module_extract() to extract a module as CIL or HLL
  * semanage_migrate_store: add -r <root> option for migrating inside chroots
  * Add file_contexts and seusers to the store
  * Add policy binary and file_contexts.local to the store
  * Allow to install compressed modules without a compression extension
  * Do not copy contexts in semanage_migrate_store
  * Fix logic in bunzip for uncompressed pp files
  * Fix fname[] initialization in test_utilities.c
  * Add remove-hll semanage.conf option to remove HLL files after
	compilation to CIL
  * Fix memory leaks when parsing semanage.conf
  * Change bunzip to use heap instead of stack to prevent segfault on
	systems with small stack size
- changes in 2.4
  * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
	directories
  * Fix bugs found by hardened gcc flags
  * Add missing manpage links to security_load_policy
  * Fix failing libsemanage pywrap tests
  * Fix deprecation warning for bison
  * Skip policy module relink when only setting booleans
  * Only try to compile file contexts if they exist
  * Fix memory leak when setting a custom store path
  * Add semodule option to set store root path in semanage.conf and the
	semodule command
  * Add semanage.conf option to set an alternative root path for policy
	store
  * Add support for High Level Language (HLL) to CIL compilers. The HLL
	compiler path is configurable, but should be placed in 
	/usr/libexec/selinux/hll by default
  * Create a policy migration script for migrating the policy store from
	/etc/selinux to /var/lib/selinux
  * Add python3 support to the migration script
  * Use libcil to compile modules
  * Use symbolic versioning to maintain ABI compatibility for old install
	functions
  * Add a target-platform option to semanage.conf to control how policies
	are built
  * Add API to handle modules and source policies, moving module store to
	/var/lib/selinux
  * Only try to compile file contexts if they exist
-------------------------------------------------------------------
Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
-------------------------------------------------------------------
Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com
- add semanage.conf as SOURCE and install it instead of the default
  one
-------------------------------------------------------------------
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
  * Avoid duplicate list entries
  * Add audit support to libsemanage
  * Remove policy.kern and replace with symlink
  * Apply a MAX_UID check for genhomedircon
  * Fix man pages
- Add audit-devel BuildRequires; new dependency
- Add fdupes BuildRequires and use it to symlink duplicate manpages
-------------------------------------------------------------------
Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.10 release tarball
-------------------------------------------------------------------
Thu Apr  4 19:29:33 UTC 2013 - vcizek@suse.com
- fixed source url
- removed old tarball
-------------------------------------------------------------------
Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
- update to 2.1.10
  * Add sefcontext_compile to compile regex everytime policy is rebuilt
  * Cleanup/fix enable/disable/remove module.
  * redo genhomedircon minuid
  * fixes from coverity
  * semanage_store: do not leak memory in semanage_exec_prog
  * genhomedircon: remove useless conditional in get_home_dirs
  * genhomedircon: double free in get_home_dirs
  * fcontext_record: do not leak on error in semanage_fcontext_key_create
  * genhomedircon: do not leak on failure in write_gen_home_dir_context
  * semanage_store: do not leak fd
  * genhomedircon: do not leak shells list
  * semanage_store: do not leak on strdup failure
  * semanage_store: rewrite for readability
-------------------------------------------------------------------
Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com
- update to 2.1.9
  * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream)
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* do boolean name substitution
	* Fix segfault for building standard policies.
	* remove build warning when build swig c files
	* additional makefile support for rubywrap
	* ignore 80 column limit for readability
	* semanage_store: fix snprintf length argument by using asprintf
	* Use default semanage.conf as a fallback
	* use after free in python bindings
	* Alternate path for semanage.conf
	* do not link against libpython, this is considered bad in Debian
	* Allow to build for several ruby version
	* fallback-user-level
-------------------------------------------------------------------
Mon Jan  7 21:43:31 UTC 2013 - jengelh@inai.de
- Remove obsolete defines/sections
-------------------------------------------------------------------
Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com
- when building "standard" (not MCS/MLS) selinux-policies,
  libsemanage will crash, because "level" is NULL
  (libsemanage-2.1.6-NULL_level_fix.patch)
-------------------------------------------------------------------
Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
  Could not find any LGPL-2.1 "only" licensed files in the pacakge
-------------------------------------------------------------------
Wed Aug  1 07:54:33 UTC 2012 - meissner@suse.com
- Updated to 2.1.6
  * changes too numerous to list
-------------------------------------------------------------------
Wed Oct  5 15:10:27 UTC 2011 - uli@suse.com
- cross-build fix: use %__cc macro
-------------------------------------------------------------------
Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de
- buildrequire libbz2-devel
-------------------------------------------------------------------
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
- split off python bindings to separate package to reduce build
  dependencies for rpm [bnc#695436]
-------------------------------------------------------------------
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
- add baselibs.conf for rpm-32bit to use
-------------------------------------------------------------------
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
- disable parallel build, it breaks too often
-------------------------------------------------------------------
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
- updated to 2.0.43
  * changes too numerous to list
-------------------------------------------------------------------
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
- fix assignment of wrong context [bnc#466793]
-------------------------------------------------------------------
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
- updated to 2.0.31
  * policy module compression (bzip) support from Dan Walsh
  * hard link files between tmp/active/previous from Dan Walsh
  * add semanage_mls_enabled() interface from Stephen Smalley
-------------------------------------------------------------------
Mon Dec  1 11:35:58 CET 2008 - prusnak@suse.cz
- updated to 2.0.29
  * add USER to lines to homedir_template context file
  * add compression support
  * allow fcontext and seuser changes without rebuilding the policy
  * don't rebuild on fcontext or seuser modifications
  * modify genhomedircon to skip %groupname entries
-------------------------------------------------------------------
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
- fix debug_packages_requires define
-------------------------------------------------------------------
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
- require only version, not release [bnc#429053]
-------------------------------------------------------------------
Tue Sep  2 12:13:42 CEST 2008 - prusnak@suse.cz
- updated to 2.0.27
  * Modify genhomedircon to skip %groupname entries.
    Ultimately we need to expand them to the list of users to support
    per-role homedir labeling when using the %groupname syntax.
- updated to 2.0.26
  * Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
    Strip any trailing slash before appending /*$.
-------------------------------------------------------------------
Fri Aug  1 17:32:21 CEST 2008 - ro@suse.de
- fix requires for debuginfo package
-------------------------------------------------------------------
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
-  initial version 2.0.25
  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>