Fix sepol_context_clone to handle a NULL context correctly. This happens
for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) to set the file
context entry to "<<none>>".
- Apply patch from Joshua Brindle to disable dontaudit rules
Merged libsepol segfault fix from Stephen Smalley for when sensitivities
are required but not present in the base.
Merged patch to add errcodes.h to libsepol by Karl MacMillan.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA
Updated version for stable branch.
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
prevent hitting the global offest table limit. Patch changed to include
libselinux and libsemanage in addition to libselinux.
Merged helpful hierarchy check errors patch from Joshua Brindle.
Merged semodule_deps patch from Karl MacMillan. This adds source module
names to the avrule decls.
Revert 1.12.16.
Merged cleaner fix for bool_ids overflow from Karl MacMillan, replacing the
prior patch.
Merged fixes for several memory leaks in the error paths during policy read
from Serge Hallyn.
Fixed bool_ids overflow bug in cond_node_find and cond_copy_list, based on
bug report and suggested fix by Cedric Roux.
Merged sens_copy_callback, check_role_hierarchy_callback, and
node_from_record fixes from Serge Hallyn.
Added sepol_policydb_compat_net() interface for testing whether a policy
requires the compatibility support for network checks to be enabled in
the kernel.
Merged patch to initialize sym_val_to_name arrays from Kevin Carr. Reworked
to use calloc in the first place, and converted some other
malloc/memset pairs to calloc calls.
Updated version for release.
Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
Merged sepol_policydb_mls_enabled interface and error handling changes from
Ivan Gyurdiev.
always prepend patch from Ivan Gyurdiev.
Merged bug fix patch from Ivan Gyurdiev.
Added a defined flag to level_datum_t for use by checkpolicy.
Merged nodecon support patch from Ivan Gyurdiev.
Merged cleanups patch from Ivan Gyurdiev.
Merged assertion copying bugfix from Joshua Brindle.
Merged sepol_av_to_string patch from Joshua Brindle.
Merged clone record on set_con patch from Ivan Gyurdiev.
Merged cond_expr mapping and package section count bug fixes from Joshua
Brindle.
Merged improve port/fcontext API patch from Ivan Gyurdiev.
Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
Merged bugfix for sepol_port_modify from Russell Coker.
Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
Merged port ordering patch from Ivan Gyurdiev.
files.
Cleaned up sepol_genbools to not regenerate the image if there were no
changes in the boolean values, including the degenerate case where
there are no booleans or booleans.local files.
Cleaned up sepol_genusers to not warn on missing local.users.
Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.9.38-1
- Upgrade to latest from NSA
Removed sepol_port_* from libsepol.map, as the port interfaces are not yet
stable.
Added src/dso.h and src/*_internal.h. Added hidden_def for exported symbols
used within libsepol. Added hidden for symbols that should not be
exported by the wildcards in libsepol.map.
Added further checking and error reporting to sepol_module_package_read and
_info.
Merged sepol handle passing, DEBUG conversion, and memory leak fix patches
from Ivan Gyurdiev.
Removed processing of system.users from sepol_genusers and dropped delusers
logic.
Removed policydb_destroy from error path of policydb_read, since
create/init/destroy/free of policydb is handled by the caller now.
Fixed sepol_module_package_read to handle a failed policydb_read properly.
Merged query/exists and count patches from Ivan Gyurdiev.
Merged fix for pruned types in expand code from Joshua Brindle.
Merged new module package format code from Joshua Brindle.
Merged users cleanup patch from Ivan Gyurdiev.
Merged user record memory leak fix from Ivan Gyurdiev.
Merged reorganize users patch from Ivan Gyurdiev.
checking on expansion.
Reworked check_assertions() and hierarchy_check_constraints() to take
handles and use callback-based error reporting.
Changed expand_module() to call check_assertions() and
hierarchy_check_constraints() prior to returning the expanded policy.
Changed sepol_module_package_set_file_contexts to copy the file contexts
data since it is internally managed.
Added sepol_policy_file_set_handle interface to associate a handle with a
policy file.
Added handle argument to policydb_from_image/to_image.
Added sepol_module_package_set_file_contexts interface.
Dropped sepol_module_package_create_file interface.
Reworked policydb_read/write, policydb_from_image/to_image, and
sepol_module_package_read/write to use callback-based error reporting
system rather than DEBUG.
Hid sepol_module_package type definition, and added get interfaces.
Merged new callback-based error reporting system from Ivan Gyurdiev.
Merged support for require blocks inside conditionals from Joshua Brindle
(Tresys).
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Fixed use of policydb_from_image/to_image to ensure proper init of
policydb.
1) policydb_read no longer calls policydb_init. Caller must do so first.
2) policydb_init no longer takes policy_type argument. Caller must set
policy_type separately.
3) expand_module automatically enables the global branch. Caller no longer
needs to do so.
4) policydb_write uses the policy_type and policyvers from the policydb
itself, and sepol_set_policyvers() has been removed.
Merged bug fix for check_assertions handling of no assertions from Joshua
Brindle (Tresys).
Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.9.10-1
- Upgrade to latest from NSA
Merged iterate patch from Ivan Gyurdiev.
Merged MLS in modules patch from Joshua Brindle (Tresys).
Merged fix for memory leak in sepol_context_to_sid from Jason Tang
(Tresys).
Merged fixes for resource leaks on error paths and change to scope_destroy
from Joshua Brindle (Tresys).
Fixed empty list test in cond_write_av_list. Bug found by Coverity,
reported by Serge Hallyn (IBM).
Merged patch to policydb_write to check errors when writing the
type->attribute reverse map from Serge Hallyn (IBM). Bug found by
Coverity.
Fixed policydb_destroy to properly handle NULL type_attr_map or
attr_type_map.
Fixed empty list test in cond_write_av_list. Bug found by Coverity,
reported by Serge Hallyn (IBM).
Merged patch to policydb_write to check errors when writing the
type->attribute reverse map from Serge Hallyn (IBM). Bug found by
Coverity.
Fixed policydb_destroy to properly handle NULL type_attr_map or
attr_type_map.
Enabled further compiler warning flags and fixed them.
Merged user, context, port records patch from Ivan Gyurdiev.
Merged key extract function patch from Ivan Gyurdiev.
Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
Merged context reorganization, memory leak fixes, port and interface
loading, replacements for genusers and genbools, debug traceback, and
bugfix patches from Ivan Gyurdiev.
Merged uninitialized variable bugfix from Dan Walsh.