File policycoreutils.changes of Package policycoreutils.10737

Overview Repositories Revisions Requests Users Attributes Meta

File policycoreutils.changes of Package policycoreutils.10737

-------------------------------------------------------------------
Wed Mar 27 14:47:12 UTC 2019 - jsegitz@suse.com

- Add a Requires for policycoreutils-python to policycoreutils, so
  that the expected binaries are present (bsc#1130097)
- Add Requires for python2-setools, python-enum34, python2-setuptools
  and python2-selinux to policycoreutils-python to ensure that it has
  all dependencies met

-------------------------------------------------------------------
Thu Mar 21 14:41:09 UTC 2019 - jsegitz@suse.com

- Add Requires: for policycoreutils-python. policycoreutils-python 
  contains binaries necessary for SELinux administration. Packaging
  is suboptimal here, it's already changed in newer versions. For
  now we we just require it to ensure users have the binaries they
  expect (bsc#1130097)

-------------------------------------------------------------------
Thu Apr 26 11:37:36 UTC 2018 - jsegitz@suse.com

- SLE 15 doesn't have the necessary files for policycoreutils-gui,
  don't build it there

-------------------------------------------------------------------
Wed Apr 25 14:31:29 UTC 2018 - jsegitz@suse.com

- Drop the requirement for selinux-policy for the gui tools.

-------------------------------------------------------------------
Tue Mar 27 13:46:37 UTC 2018 - tchvatal@suse.com

- Drop SLE11 support, needs the audit that is not present on SLE11
- Fix service link to actually work on current releases
- Drop SUSE_ASNEEDED=0 as it seems to build fine without it
- Do not depend on systemd, just systemd-rpm-macros

-------------------------------------------------------------------
Wed Mar 21 11:32:47 UTC 2018 - jsegitz@suse.com

- Added CVE-2018-1063.patch to prevent chcon from following symlinks in
  /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063)

-------------------------------------------------------------------
Tue Mar 20 12:01:55 UTC 2018 - jsegitz@suse.com

- Remove BuildRequires for libcgroup-devel (bsc#1085837)

-------------------------------------------------------------------
Thu Dec 21 14:29:30 UTC 2017 - jsegitz@suse.com

- Removed BuildRequires for setools-devel and added new
  runtime requirement for python2-networkx

-------------------------------------------------------------------
Mon Nov 27 14:23:12 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Fri Nov 24 09:21:51 UTC 2017 - jsegitz@suse.com

- Update to policycoreutils version 2.6. Notable changes:
  * setfiles: reverse the sense of -D option
  * sandbox: Use dbus-run-session instead of dbus-launch when available
  * setfiles: Utility to find security.restorecon_last entries
  * setfiles: Add option to stop setting the digest
  * hll/pp: Change warning for module name not matching filename to match new behavior
  * sepolicy: convert to setools4
  * sandbox: create a new session for sandboxed processes
  * sandbox: do not try to setup directories without -X or -M
  * sandbox: do not run xmodmap in a new X session
  * sandbox: fix file labels on copied files
  * semanage: Fix semanage fcontext -D
  * semanage: Default serange to "s0" for port modify
  * semanage: Use socket.getprotobyname for protocol
  * semanage: Add auditing of changes in records
  * Improve compatibility with Python 3
  * Update sandbox types in sandbox manual
  * hll/pp: Warn if module name different than output filename
- Update to sepolgen version 2.6. Notable changes:
  * Add support for TYPEBOUNDS statement in INTERFACE policy files
- Dropped CVE-2016-7545_sandbox_escape.patch

-------------------------------------------------------------------
Mon Dec 19 07:21:22 UTC 2016 - jsegitz@novell.com
 
- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998
  Sandboxed session could have escaped to the parent session

-------------------------------------------------------------------
Sat Jul 23 05:47:50 UTC 2016 - jengelh@inai.de

- Trim description in line with other selinux packages

-------------------------------------------------------------------
Thu Jul 14 08:45:45 UTC 2016 - jsegitz@novell.com

- Changes submitted by MargueriteSu:
  Update to version 2.5
  * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss.
  * sepolicy: Rename policy global variable conflict, from Nicolas Iooss.
  * newrole: Add missing defined in #if, from Nicolas Iooss.
  * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec.
  * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec
  * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach.
  * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville.
  * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach.
  * semanage: replace string.join() with str.join(), from Petr Lautrbach.
  * Man page warning fixes, from Ville Skyttä.
  * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl.
  * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach.
  * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach.
  * audit2allow/why: ignore setlocale errors, from Petr Lautrbach.
  * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy.
  * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach.
  * Fix PEP8 issues, from Jason Zaman.
  * semanage: fix moduleRecords deleteall method, from Stephen Smalley.
  * Improve compatibility with Python 3, from Michal Srb.
  * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville.
  * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach.
  * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen.
  * mcstransd: don't reinvent getpeercon, from Stephen Smalley.
  * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach.
  * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley.
  * hll: Move core functions of pp to libsepol, from James Carter
  * run_init: Use a ring buffer in open_init_pty, from Jason Zaman.
  * run_init: fix open_init_pty availability check, from Nicolas Iooss.
  * Widen Xen IOMEM context entries, from Daniel De Graaf.
  * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
  * Fixed typo/grammatical error, from Christopher Peterson.
  * Fix typo in semanage-port man page, from Andrew Spiers.
  Update to version 2.4
  * Fix bugs found by hardened gcc flags, from Nicolas Iooss.
  * Improve support for building with different versions of python from
    Nicolas Iooss.
  * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare,
    from Dan Walsh
  * Remove cgroups from sandbox, from Dan Walsh
  * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski
  * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley
  * Add a store root path in semodule, from Yuli Khodorkovskiy
  * Add a flag to ignore cached CIL files and recompile HLL modules, from
    Yuli Khodorkovskiy
  * Add and install HLL compiler for policy packages to CIL. The compiler is
    installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence
  * Fixes to pp compiler to better support roles and type attributes, from
    Yuli Khodorkovskiy
  * Deprecate base/upgrade/version in semodule. Calling these commands will
    now call --install on the backend, from Yuli Khodorkovskiy
  * Add ability to install modules with a specified priority, from Caleb
    Case
  * Use /tmp for permissive module creation, by Caleb Case
  * Update semanage to use new source policy infrastructure, from Jason Dana
  * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent
    Bigonville

-------------------------------------------------------------------
Wed Nov  5 14:04:30 UTC 2014 - jsegitz@novell.com

- added Requires: python-yum, yum-metadata-parser to fix sepolicy
  (bnc#903841)

-------------------------------------------------------------------
Mon Sep  8 08:04:51 UTC 2014 - jsegitz@suse.com

- removed execute permission from systemd unit file

-------------------------------------------------------------------
Sun May 18 00:33:58 UTC 2014 - crrodriguez@opensuse.org

- Version 2.3
sepolgen: Add back attributes flag to fix exception crash from Dan Walsh.
(drop policycoreutils-sepolgen_missing_attributes.patch)
* Add -P semodule option to man page from Dan Walsh.
* selinux_current_policy_path will return none on a disabled SELinux system
* Add new icons for sepolicy gui from Dan Walsh.
* Only return writeable files that are enabled from Dan Walsh.
* Add domain to short list of domains, when -t and -d from Dan Walsh.
* Fix up desktop files to match current standards from Dan Walsh.
* Add support to return sensitivities and categories for python from Dan Walsh.
* Cleanup whitespace from Dan Walsh.
* Add message to tell user to install sandbox policy from Dan Walsh.
* Add systemd unit file for mcstrans from Laurent Bigonville.
* Improve restorecond systemd unit file from Laurent Bigonville.
* Minor man pages improvements from Laurent Bigonville.
* Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.

-------------------------------------------------------------------
Fri Dec 13 14:13:32 UTC 2013 - vcizek@suse.com

- sepolgen: add back attributes
  * fixes build of selinux-policy
  * policycoreutils-sepolgen_missing_attributes.patch

-------------------------------------------------------------------
Mon Dec  9 11:20:57 UTC 2013 - vcizek@suse.com

- fix issues which prevented accepting to Factory
  * mention the dropped patches (merged upstream):
    - policycoreutils-rhat.patch
    - policycoreutils-sepolgen.patch

-------------------------------------------------------------------
Thu Oct 31 14:48:31 UTC 2013 - p.drouand@gmail.com

- update to version 2.2
  * Properly build the swig exception file
  * Fix man pages
	* Support overriding PATH and INITDIR in Makefile
	* Fix LDFLAGS usage
	* Fix init_policy warning
	* Fix semanage logging
	* Open newrole stdin as read/write
	* Fix sepolicy transition
	* Support overriding CFLAGS
	* Create correct man directory for run_init
	* restorecon GLOB_BRACE change
	* Extend audit2why to report additional constraint information.
	* Catch IOError errors within audit2allow
	* semanage export/import fixes
	* Improve setfiles progress reporting
	* Document setfiles -o option in usage
	* Change setfiles to always return -1 on failure
	* Improve setsebool error r eporting
	* Major overhaul of gui
	* Fix sepolicy handling of non-MLS policy
	* Support returning type aliases
	* Add sepolicy tests
	* Add org.selinux.config.policy
	* Improve range and user input checking by semanage
	* Prevent source or target arguments that end with / for substitutions
	* Allow use of <<none>> for semanage fcontext
	* Report customized user levels
	* Support deleteall for restoring disabled modules
	* Improve semanage error reporting
	* Only list disabled modules for module locallist
	* Fix logging
	* Define new constants for file type character codes
	* Improve bash completions
	* Convert semanage to argparse
	* Add semanage tests
	* Split semanage man pages
	* Move bash completion scripts
	* Replace genhomedircon script with a link to semodule
	* Fix fixfiles
	* Add support for systemd service for restorecon
	* Spelling corrections
	* Improve sandbox support for home dir symlinks and file caps
	* Switch sandbox to openbox window manager
	* Coalesce audit2why and audit2allow
	* Change audit2allow to append to output file
	* Update translations
	* Change audit2why to use selinux_current_policy_path
- Update sepolgen to version 1.2
  * Return additional constraint information.
  * Fix bug in calls to attributes
  * Add support for filename transitions
  * Fix sepolgen tests
- Remove restorecond.service; use upstream service file
- Don't provide support for sysvinit and systemd on a same system
  Use either one or the other
  
-------------------------------------------------------------------
Thu Jun 27 14:51:08 UTC 2013 - vcizek@suse.com

- change the source url to the official release tarballs

-------------------------------------------------------------------
Wed Apr  3 10:06:06 UTC 2013 - vcizek@suse.com

- fixed source url
- removed old tarball

-------------------------------------------------------------------
Fri Mar 29 13:13:19 UTC 2013 - vcizek@suse.com

- update to 2.1.14
   * setfiles: estimate percent progress
   * load_policy: make link at the destination directory
   * Rebuild polgen.glade with glade-3
   * sepolicy: new command to unite small utilities
   * sepolicy: Update Makefiles and po files
   * sandbox: use sepolicy to look for sandbox_t
   * gui: switch to use sepolicy
   * gui: sepolgen: use sepolicy to generate
   * semanage: use sepolicy for boolean dictionary
   * add po file configuration information
   * po: stop running update-po on all
   * semanage: seobject verify policy types before allowing you to assign them.
   * gui: Start using Popen, instead of os.spawnl
   * sandbox: Copy /var/tmp to /tmp as they are the same inside
   * qualifier to shred content
   * semanage: Fix handling of boolean_sub names when using the -F flag
   * semanage: man: roles instead of role
   * gui: system-config-selinux: Catch no DISPLAY= error
   * setfiles: print error if no default label found
   * semanage: list logins file entries in semanage login -l
   * semanage: good error message is sepolgen python module missing
   * gui: system-config-selinux: do not use lokkit
   * secon: add support for setrans color information in prompt output
   * restorecond: remove /etc/mtab from default list
   * gui: If you are not able to read enforcemode set it to False
   * genhomedircon: regenerate genhomedircon more often
   * restorecond: Add /etc/udpatedb.conf to restorecond.conf
   * genhomedircon generation to allow spec file to pass in SEMODULE_PATH
   * fixfiles: relabel only after specific date
   * po: update translations
   * sandbox: seunshare: do not reassign realloc value
   * seunshare: do checking on setfsuid
   * sestatus: rewrite to shut up coverity
- removed policycoreutils-glibc217.patch (upstream fix)
- added patches:
   * policycoreutils-rhat.patch
   * policycoreutils-sepolgen.patch
   * loadpolicy_path.patch

-------------------------------------------------------------------
Wed Jan 30 12:10:23 UTC 2013 - vcizek@suse.com

- update to 2.1.13
  - drop policycoreutils-po.patch.bz2 (updated upstream)
  - drop policycoreutils-gui.patch.bz2 (added to upstream)
  - drop sandbox init scripts (shouldn't be needed anymore)
  - numerous other changes

-------------------------------------------------------------------
Tue Dec 11 15:11:12 UTC 2012 - vcizek@suse.com

- added service unit for restorecond

-------------------------------------------------------------------
Wed Dec  5 13:41:33 UTC 2012 - vcizek@suse.com

- semanage needs python-xml and python-ipy to run

-------------------------------------------------------------------
Sat Nov 17 06:58:05 UTC 2012 - aj@suse.de

- Fix compilation with glibc 2.17 (add patch policycoreutils-glibc217.patch
  extracted from Fedora)

-------------------------------------------------------------------
Tue Aug  7 15:30:58 UTC 2012 - meissner@suse.com

- updated policycoreutils to 2.1.10
  - adapated patches
- updated sepolgen to 1.1.5

-------------------------------------------------------------------
Tue Feb 14 09:57:15 UTC 2012 - mvyskocil@suse.cz

- fix seceral rpmlint errors and warnings
  * use /var/adm/fillup-template for sandbox
  * don't use /var/lock/subsys in any of init script
  * use set_permissions macro and add correct Requires(pre)
  * fix the languages to new -lang package
  * fix policycoreutils-sandbox Group
  * remove runlevel 4 from inint scripts

-------------------------------------------------------------------
Mon Feb 13 10:53:53 UTC 2012 - coolo@suse.com

- patch license to follow spdx.org standard

-------------------------------------------------------------------
Mon Mar 14 15:16:51 UTC 2011 - prusnak@opensuse.org

- updated to 2.0.85
  * changes too numerous to list

-------------------------------------------------------------------
Fri Feb  4 00:09:42 UTC 2011 - toddrme2178@gmail.com

- fix a typo in the package group

-------------------------------------------------------------------
Fri Jun  4 13:19:27 UTC 2010 - prusnak@opensuse.org

- remove usermode-gtk from Requires of -gui subpackage

-------------------------------------------------------------------
Fri May  7 14:01:05 CEST 2010 - meissner@suse.de

- remove incorrect and unnecessary rpmlintrc.

-------------------------------------------------------------------
Mon Mar 22 15:47:14 UTC 2010 - prusnak@suse.cz

- fix build by moving _GNU_SOURCE define (gnusource.patch), thx darix

-------------------------------------------------------------------
Thu Feb 25 15:28:18 UTC 2010 - prusnak@suse.cz

- updated to 2.0.79
  * changes too numerous to list

-------------------------------------------------------------------
Wed Jul 15 13:31:00 CEST 2009 - prusnak@suse.cz

- disable Requires usermode-gtk

-------------------------------------------------------------------
Fri Jun 19 13:42:09 CEST 2009 - prusnak@suse.cz

- added libsepol-static-devel to BuildRequires

-------------------------------------------------------------------
Wed May 27 14:24:47 CEST 2009 - prusnak@suse.cz

- updated to 2.0.62
  * Add btrfs to fixfiles from Dan Walsh.
  * Remove restorecond error for matching globs with multiple hard links
    and fix some error messages from Dan Walsh.
  * Make removing a non-existant module a warning rather than an error
    from Dan Walsh.
  * Man page fixes from Dan Walsh.

-------------------------------------------------------------------
Wed Feb 11 01:09:12 CET 2009 - ro@suse.de

- use sr@latin instead of sr@Latn

-------------------------------------------------------------------
Wed Jan 14 14:12:53 CET 2009 - prusnak@suse.cz

- updated to 2.0.61
  * semanage: use semanage_mls_enabled() from Stephen Smalley
  * fix error checking in restorecond, for inotify_add_watch
  * change md5 to hashlib.md5 in sepolgen
  * fix Japanese translations
  * fix audit2allow man page
  * don't error out when removing a non existing module
  * chcat: cut categories at arbitrary point (25) from Dan Walsh
  * semodule: use new interfaces in libsemanage for compressed
    files from Dan Walsh
  * audit2allow: string changes for usage

-------------------------------------------------------------------
Mon Dec  1 11:23:02 CET 2008 - prusnak@suse.cz

- updated to 2.0.59
  * Fix text in newrole
  * Fix revertbutton on booleans page in system-config-selinux
  * Fix system-config-selinux booleanspage throwing and exception
  * Allow addition of local modifications of fcontext policy
  * Handle selinux disabled correctly
  * Handle manipulation of fcontext file correctly
  * Fix traceback in audit2why

-------------------------------------------------------------------
Mon Nov 10 16:51:16 CET 2008 - ro@suse.de

- package "newrole" with permissions matching
  "secure" permissions mode

-------------------------------------------------------------------
Fri Nov  7 02:44:25 CET 2008 - ro@suse.de

- buildfix: prevent regeneration of policycoreutils.pot

-------------------------------------------------------------------
Fri Oct 31 15:57:57 CET 2008 - prusnak@suse.cz

- use permissions for newrole

-------------------------------------------------------------------
Mon Oct 20 11:48:40 CEST 2008 - prusnak@suse.cz

- updated to 2.0.57
  * Update po files from Dan Walsh.
- updated to 2.0.56
  * fixfiles will now remove all files in /tmp and will check for
    unlabeled_t in /tmp and /var/tmp from Dan Walsh.
  * add glob support to restorecond from Dan Walsh.
  * allow semanage to handle multi-line commands in a single transaction
    from Dan Walsh.

-------------------------------------------------------------------
Mon Sep  8 14:18:48 CEST 2008 - prusnak@suse.cz

- fix scriptlets

-------------------------------------------------------------------
Tue Sep  2 12:25:39 CEST 2008 - prusnak@suse.cz

- updated to 2.0.55
  * Merged semanage node support from Christian Kuester.
- updated to 2.0.54
  * Add support for boolean files and group support for seusers from Dan Walsh.
  * Ensure that setfiles -p output is newline terminated from Russell Coker.
- updated to 2.0.53
  * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
- updated sepolgen to 1.0.13
  * Only append s0 suffix if MLS is enabled from Karl MacMillan.
- added missing preun/post/postun scriptlets

-------------------------------------------------------------------
Mon Aug  4 01:00:45 CEST 2008 - ro@suse.de

- add directory to filelist to fix build

-------------------------------------------------------------------
Tue Jul 15 18:11:09 CEST 2008 - prusnak@suse.cz

- initial version 2.0.52
  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>

Places

File policycoreutils.changes of Package policycoreutils.10737

Places