Reject self aliasing at link time from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
Smalley.
Fixed bug in require checking from Stephen Smalley.
Added user hierarchy checking from Todd Miller.
Moved next_entry and put_entry out-of-line to reduce code size from Ulrich
Drepper.
Fixed module_package_read_offsets bug introduced by the prior patch.
Moved next_entry and put_entry out-of-line to reduce code size from Ulrich
Drepper.
Fixed module_package_read_offsets bug introduced by the prior patch.
Fix sepol_context_clone to handle a NULL context correctly. This happens
for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) to set the file
context entry to "<<none>>".
- Apply patch from Joshua Brindle to disable dontaudit rules
- Upgrade to latest from NSA
Merged libsepol segfault fix from Stephen Smalley for when sensitivities
are required but not present in the base.
Merged patch to add errcodes.h to libsepol by Karl MacMillan.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA
Updated version for stable branch.
Merged libsepol segfault fix from Stephen Smalley for when sensitivities
are required but not present in the base.
Merged patch to add errcodes.h to libsepol by Karl MacMillan.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA
Updated version for stable branch.
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
prevent hitting the global offest table limit. Patch changed to include
libselinux and libsemanage in addition to libselinux.
Merged helpful hierarchy check errors patch from Joshua Brindle.
Merged semodule_deps patch from Karl MacMillan. This adds source module
names to the avrule decls.
Revert 1.12.16.
Merged cleaner fix for bool_ids overflow from Karl MacMillan, replacing the
prior patch.
Merged fixes for several memory leaks in the error paths during policy read
from Serge Hallyn.
Fixed bool_ids overflow bug in cond_node_find and cond_copy_list, based on
bug report and suggested fix by Cedric Roux.
Merged sens_copy_callback, check_role_hierarchy_callback, and
node_from_record fixes from Serge Hallyn.
Added sepol_policydb_compat_net() interface for testing whether a policy
requires the compatibility support for network checks to be enabled in
the kernel.
Merged patch to initialize sym_val_to_name arrays from Kevin Carr. Reworked
to use calloc in the first place, and converted some other
malloc/memset pairs to calloc calls.
