File checkpolicy.changes of Package checkpolicy
-------------------------------------------------------------------
Thu Jul 17 15:40:49 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.9
  * Add support for wildcard netifcon names
  * Abort on mismatched declarations
  * Introduce neveraudit types
-------------------------------------------------------------------
Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.8.1
  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
  * no source change
-------------------------------------------------------------------
Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
- Update to version 3.8
  https://github.com/SELinuxProject/selinux/releases/tag/3.8
  * Code improvements and bug fixes
- For a more in depth list of changes see
  https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
  * removed 0xBC3905F235179CF1 (expired: 2024-10-25)
  * added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
-------------------------------------------------------------------
Mon Jul  1 07:45:50 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * checkpolicy: support CIDR notation for nodecon statements
    * checkpolicy: provide more descriptive error messages and improve error handling
  * Bugfixes:
    * checkpolicy: handle unprintable token
    * checkpolicy: avoid assigning garbage values
    * checkpolicy: free temporary bounds type
    * checkpolicy: perform contiguous check in host byte order
    * checkpolicy: include <ctype.h> for isprint(3)
  * oss-fuzz fixes:
    * checkpolicy: add libfuzz based fuzzer
    * checkpolicy: free complete role_allow_rule on error
    * checkpolicy: free identifiers on invalid typebounds
    * checkpolicy: return YYerror on invalid character
    * checkpolicy: clone level only once
-------------------------------------------------------------------
Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
  https://github.com/SELinuxProject/selinux/releases/tag/3.6
  * checkpolicy: Add the command line argument -N, --disable-neverallow
  * dispol: add option to display users, drop duplicate option to display booleans,
show number of entries before listing them
  * dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
  * dispol: add options: --actions ACTIONS, --help
  * dismod: add options: --actions ACTIONS, --help
  * Add notself support for neverallow rules
  * Improve man pages
  * man pages: Remove the Russian translations
  * Add notself and other support to CIL
  * Add support for deny rules  
  * Translations updated from  
    https://translate.fedoraproject.org/projects/selinux/    
  * Bug fixes  
- Remove keys from keyring since they expired:  
  - E853C1848B0185CF42864DF363A8AD4B982C4373  
    Petr Lautrbach <plautrba@redhat.com>  
  - 63191CE94183098689CAB8DB7EF137EC935B0EAF  
    Jason Zaman <jasonzaman@gmail.com>  
- Add key to keyring:   
  - B8682847764DF60DF52D992CBC3905F235179CF1   
    Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
  * error out if required permission would exceed limit
  * Improve error message for type bounds
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May  9 10:09:06 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
  * warn on bogus IP address or netmask in nodecon statement
  * allow wildcard permissions in constraints
  * mention class name on invalid permission
-------------------------------------------------------------------
Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
  * When reading a binary policy by checkpolicy, do not automatically change the version
    to the max policy version supported by libsepol or, if specified, the value given
    using the "-c" flag.
  * Updated documentation
  * Prints the reason why opening a source policy file failed
-------------------------------------------------------------------
Tue Mar  9 08:59:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
  * Fix a memleak and an integer overflow
-------------------------------------------------------------------
Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
  * checkpolicy treats invalid characters as an error - might break rare use
    cases (intentionally)
  * Drop extern_te_assert_t.patch, is upstream
-------------------------------------------------------------------
Tue Mar  3 12:19:40 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
  * add flag to enable policy optimization
  * allow to write policy to stdout
  * remove a redundant if-condition
-------------------------------------------------------------------
Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Add extern_te_assert_t.patch to mark te_assert_t as extern. 
  Prevents build failures on gcc10 (bsc#1160259)
-------------------------------------------------------------------
Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
  * Add option to sort contexts when creating a binary policy
  * Update manpage
  * check the result value of hashtable_search
  * destroy the class datum if it fails to initialize
  * remove extraneous policy build noise
-------------------------------------------------------------------
Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
  (RPM_LD_FLAGS is always empty).
-------------------------------------------------------------------
Wed Nov  7 16:26:24 UTC 2018 - jsegitz@suse.com
- Source URL was invalid (bsc#1115052)
-------------------------------------------------------------------
Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732). 
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
  building on SLE 15
-------------------------------------------------------------------
Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com
- checkpolicy-build.patch was added in the former change to fix build
  failures
-------------------------------------------------------------------
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
- Rebase to 2.7. 
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
-------------------------------------------------------------------
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
  * Add types associated to a role in the current scope when parsing
  * Extend checkpolicy pathname matching
  * Set flex as default lexer
  * Fix checkmodule output message
  * Fail if module name different than output base filename
  * Add support for portcon dccp protocol
-------------------------------------------------------------------
Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com
- Use plain flex
-------------------------------------------------------------------
Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de
- Trim/update description
-------------------------------------------------------------------
Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Fri Jul  8 16:22:15 UTC 2016 - i@marguerite.su
- update version 2.5
  * Add neverallow support for ioctl extended permissions
  * fix double free on name-based type transitions
  * switch operations to extended perms
  * policy_define.c: fix compiler warnings
  * Remove uses of -Wno-return-type
  * Fix -Wreturn-type issues
  * dispol: display operations as ranges
  * dispol: Extend to display operations
  * Add support for ioctl command whitelisting
  * Add option to write CIL policy
  * Add device tree ocontext nodes to Xen policy
  * Widen Xen IOMEM context entries
  * Expand allowed character set in paths
  * Fix precedence between number and filesystem tokens
  * dispol/dismod fgets function warnings fix
- changes in 2.4
  * Fix bugs found by hardened gcc flags
  * Add missing semicolon in cond_else parser rule
  * Clear errno before call to strtol(3)
  * Global C++11 compatibility
  * Allow libsepol C++ static library on device
-------------------------------------------------------------------
Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Report source file and line information for neverallow failures.
* Prevent incompatible option combinations for checkmodule.
* Drop -lselinux from LDLIBS for test programs; not used.
* Add debug feature to display constraints/validatetrans from Richard Haines.
-------------------------------------------------------------------
Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
  * Fix hyphen usage in man pages
  * handle-unknown / -U required argument fix
  * Support overriding Makefile PATH and LIBDIR
  * Support space and : in filenames
- Remove checkpolicy-rhat.patch; fixed on upstream
-------------------------------------------------------------------
Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.12 release tarball
-------------------------------------------------------------------
Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com
- update to 2.1.12
	* Fix errors found by coverity
	* implement default type policy syntax
	* Free allocated memory when clean up / exit.
- changes in checkpolicy-rhat.patch:
        * original hunk was merged upstream
	* space should be allowed for file trans names
-------------------------------------------------------------------
Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com
- update to 2.1.11
	* fd leak reading policy
	* check return code on ebitmap_set_bit
	* sepolgen: We need to support files that have a + in them
	* implement new default labeling behaviors for usr, role, range
-------------------------------------------------------------------
Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com
- updated to 2.1.8
  - various fixes
-------------------------------------------------------------------
Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
-------------------------------------------------------------------
Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz
- updated to 2.0.21
  * Add support for building Xen policies from Paul Nuzzi.
  * Add long options to checkpolicy and checkmodule by Guido
    Trentalancia <guido@trentalancia.com>
-------------------------------------------------------------------
Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz
- require libsepol-devel-static
-------------------------------------------------------------------
Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz
- updated to 2.0.19
  * fix alias field in module format, caused by boundary format change
    from Caleb Case
  * properly escape regex symbols in the lexer from Stephen Smalley
  * add bounds support from KaiGai Kohei
-------------------------------------------------------------------
Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz
- use flex-old for building (using flex does not build refpolicy)
-------------------------------------------------------------------
Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz
- initial version 2.0.16
  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>