Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libsepol-utils | Distribution: openSUSE:Factory:zSystems |
Version: 3.7 | Vendor: openSUSE |
Release: 1.1 | Build date: Mon Jul 1 10:01:08 2024 |
Group: System/Base | Build host: reproducible |
Size: 63328 | Source RPM: libsepol-3.7-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/SELinuxProject/selinux/wiki/Releases | |
Summary: SELinux binary policy manipulation tools |
libsepol provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies such as customizing policy boolean settings.
LGPL-2.1-or-later
* Mon Jul 01 2024 Cathy Hu <cathy.hu@suse.com> - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * libsepol: improve policy lookup failure message * libsepol: include prefix for module policy versions * libsepol: validate type-attribute-map for old policies * libsepol: only exempt gaps checking for kernel policies * Bugfixes: * libsepol/src/Makefile: fix reallocarray detection * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) * libsepol: ensure transitivity in compare functions * oss-fuzz fixes: * libsepol: check scope permissions refer to valid class * libsepol: validate attribute-type maps * libsepol: reject self flag in type rules in old policies * libsepol: validate class permissions * libsepol: validate access vector permissions * libsepol: reject MLS support in pre-MLS policies * libsepol: Fix buffer overflow when using sepol_av_to_string() * libsepol: Use a dynamic buffer in sepol_av_to_string() * Tue Dec 19 2023 Cathy Hu <cathy.hu@suse.com> - Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6 * struct cond_expr_t bool renamed to boolean The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro * Add notself support for neverallow rules * Improve man pages * man pages: Remove the Russian translations * Add notself and other support to CIL * Add support for deny rules * Translations updated from https://translate.fedoraproject.org/projects/selinux/ * Bug fixes - Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach <plautrba@redhat.com> - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman <jasonzaman@gmail.com> - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach <lautrbach@redhat.com> * Thu Mar 23 2023 Martin Liška <mliska@suse.cz> - Enable LTO now (boo#1138813). * Fri Feb 24 2023 Johannes Segitz <jsegitz@suse.com> - Update to version 3.5 * Stricter policy validation * do not write empty class definitions to allow simpler round-trip tests * reject attributes in type av rules for kernel policies - Added additional developer key (Jason Zaman) * Mon May 09 2022 Johannes Segitz <jsegitz@suse.com> - Update to version 3.4 * Add 'ioctl_skip_cloexec' policy capability * Add sepol_av_perm_to_string * Add policy utilities * Support IPv4/IPv6 address embedding * Hardened/added many validations * Add support for file types in writing out policy.conf * Allow optional file type in genfscon rules * Thu Nov 11 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 3.3 * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch are all included * Lot of smaller fixes identified by fuzzing * Wed Jul 21 2021 Johannes Segitz <jsegitz@suse.com> - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928. Added CVE-2021-36087.patch * Mon Jul 05 2021 Johannes Segitz <jsegitz@suse.com> - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965). Added CVE-2021-36085.patch - Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964). Added CVE-2021-36086.patch * Tue Mar 09 2021 Johannes Segitz <jsegitz@suse.com> - Update to version 3.2 * more space-efficient form of storing filename transitions in the binary policy and reduced the size of the binary policy * dropped old and deprecated symbols and functions. Version was bumped to libsepol.so.2 * Thu Oct 29 2020 Ludwig Nussel <lnussel@suse.de> - install to /usr (boo#1029961)
/usr/bin/chkcon /usr/bin/sepol_check_access /usr/bin/sepol_compute_av /usr/bin/sepol_compute_member /usr/bin/sepol_compute_relabel /usr/bin/sepol_validate_transition /usr/share/man/man8/chkcon.8.gz /usr/share/man/man8/genpolbools.8.gz /usr/share/man/man8/genpolusers.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Nov 7 00:51:36 2024