* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2
- big reworking of the support-multiple-python-builds patch to deal with
PEP 3149: the latest Python 3.2 onwards uses include paths and library names
that don't fit prior naming patterns, and so we must query python3-config for
this information. To complicate things further, python 2's python-config
doesn't understand all of the options needed ("--extension-suffix"). I've
thus added new Makefile variables as needed, to be supplied by the specfile by
invoking the appropriate config tool (or by hardcoding the old value for
"--extension-suffix" i.e. ".so")
- rework python3 manifest for PEP 3149, and rebuild for newer python3
Add enable/disable patch support from Dan Walsh.
Add usepasswd flag to semanage.conf to disable genhomedircon using passwd
from Dan Walsh.
regenerate swig wrappers
Change semodule upgrade behavior to install even if the module is not
present from Dan Walsh.
Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
Enable configuration of bzip behavior from Stephen Smalley.
bzip-blocksize=0 to disable compression and decompression support.
bzip-blocksize=1..9 to set the blocksize for compression.
bzip-small=true to reduce memory usage for decompression.
Modify genhomedircon to skip %groupname entries. Ultimately we need to
expand them to the list of users to support per-role homedir labeling
when using the %groupname syntax.
Call rmdir() rather than remove() on directory removal so that errno isn't
polluted from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
Smalley.
Call rmdir() rather than remove() on directory removal so that errno isn't
polluted from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
Smalley.
Fix error checking on getpw*_r functions from Todd Miller.
Make genhomedircon skip invalid homedir contexts from Todd Miller.
Set default user and prefix from seusers from Dan Walsh.
Add swigify Makefile target from Dan Walsh.
Pass CFLAGS to CC even on link command, per Dennis Gilmore.
Clear errno on non-fatal errors to avoid reporting them upon a later error
that does not set errno.
Improve reporting of system errors, e.g. full filesystem or read-only
filesystem from Stephen Smalley.
Merged optimizations from Stephen Smalley.
- do not set all booleans upon commit, only those whose values have changed
- only install the sandbox upon commit if something was rebuilt
Merged Makefile test target patch from Caleb Case.
Merged get_commit_number function rename patch from Caleb Case.
Merged strnlen -> strlen patch from Todd Miller.
Merged patch to optionally reduce disk usage by removing the backup module
store and linked policy from Karl MacMillan
Merged patch to correctly propagate return values in libsemanage
Merged patch to optionally reduce disk usage by removing the backup module
store and linked policy from Karl MacMillan
Merged patch to correctly propagate return values in libsemanage
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
prevent hitting the global offest table limit. Patch changed to include
libselinux and libsemanage in addition to libsepol.
dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache:
clear fp to avoid double fclose semanage_fc_sort: destroy temp on error
paths
Merged updated file context sorting patch from Christopher Ashworth, with
bug fix for escaped character flag.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
- Upgrade to latest from NSA
Merged abort early on merge errors patch from Ivan Gyurdiev.
Cleaned up error handling in semanage_split_fc based on a patch by Serge
Hallyn (IBM) and suggestions by Ivan Gyurdiev.
Merged MLS handling fixes from Ivan Gyurdiev.
Merged paths array patch from Ivan Gyurdiev.
Merged bug fix patch from Ivan Gyurdiev.
Merged improve bindings patch from Ivan Gyurdiev.
Merged use PyList patch from Ivan Gyurdiev.
Merged memory leak fix patch from Ivan Gyurdiev.
Merged nodecon support patch from Ivan Gyurdiev.
Merged cleanups patch from Ivan Gyurdiev.
Merged split swig patch from Ivan Gyurdiev.
Merged optionals in base patch from Joshua Brindle.
Merged treat seusers/users_extra as optional sections patch from Ivan
Gyurdiev.
Merged parse_optional fixes from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
