mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-09 07:39:07 +00:00
44121f6624
Bump checkpolicy to 2.1.0 Bump libselinux to 2.1.0 Bump libsepol to 2.1.0 Bump libsemanage to 2.1.0 Bump policycoreutils to 2.1.0 Bump sepolgen to 1.1.0
398 lines
12 KiB
Plaintext
398 lines
12 KiB
Plaintext
2.1.0 2011-07-27
|
|
* Release, minor version bump
|
|
|
|
2.0.27 2011-07-25
|
|
* Add role attribute support by Harry Ciao
|
|
|
|
2.0.26 2011-05-16
|
|
* Wrap file names in filename transitions with quotes by Steve Lawrence.
|
|
* Allow filesystem names to start with a digit by James Carter.
|
|
|
|
2.0.25 2011-05-02
|
|
* Add support for using the last path compnent in type transitions by Eric
|
|
Paris.
|
|
* Allow single digit module versions by Daniel Walsh.
|
|
* Use better filename identifier for filenames by Daniel Walsh.
|
|
* Use #defines for dismod selections by Eric Paris.
|
|
|
|
2.0.24 2011-04-11
|
|
* Add new class field in role_transition by Harry Ciao.
|
|
|
|
2.0.23 2010-12-16
|
|
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
|
|
|
|
2.0.22 2010-06-14
|
|
* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
|
|
|
|
2.0.21 2009-11-27
|
|
* Add long options to checkpolicy and checkmodule by Guido
|
|
Trentalancia <guido@trentalancia.com>
|
|
|
|
2.0.20 2009-10-14
|
|
* Add support for building Xen policies from Paul Nuzzi.
|
|
|
|
2.0.19 2009-02-18
|
|
* Fix alias field in module format, caused by boundary format change
|
|
from Caleb Case.
|
|
|
|
2.0.18 2008-10-14
|
|
* Properly escape regex symbols in the lexer from Stephen Smalley.
|
|
|
|
2.0.17 2008-10-09
|
|
* Add bounds support from KaiGai Kohei.
|
|
|
|
2.0.16 2008-05-27
|
|
* Update checkpolicy for user and role mapping support from Joshua Brindle.
|
|
|
|
2.0.15 2008-05-05
|
|
* Fix for policy module versions that look like IPv4 addresses from Jim Carter.
|
|
Resolves bug 444451.
|
|
|
|
2.0.14 2008-03-24
|
|
* Add permissive domain support from Eric Paris.
|
|
|
|
2.0.13 2008-03-05
|
|
* Split out non-grammar parts of policy_parse.yacc into
|
|
policy_define.c and policy_define.h from Todd C. Miller.
|
|
|
|
2.0.12 2008-03-04
|
|
* Initialize struct policy_file before using it, from Todd C. Miller.
|
|
|
|
2.0.11 2008-03-03
|
|
* Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller.
|
|
|
|
2.0.10 2008-02-28
|
|
* Use yyerror2() where appropriate from Todd C. Miller.
|
|
|
|
2.0.9 2008-02-04
|
|
* Update dispol for libsepol avtab changes from Stephen Smalley.
|
|
|
|
2.0.8 2008-01-24
|
|
* Deprecate role dominance in parser.
|
|
|
|
2.0.7 2008-01-02
|
|
* Added support for policy capabilities from Todd Miller.
|
|
|
|
2.0.6 2007-11-15
|
|
* Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source".
|
|
|
|
2.0.5 2007-11-01
|
|
* Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter.
|
|
|
|
2.0.4 2007-09-18
|
|
* Merged handle unknown policydb flag support from Eric Paris.
|
|
Adds new command line options -U {allow, reject, deny} for selecting
|
|
the flag when a base module or kernel policy is built.
|
|
|
|
2.0.3 2007-05-31
|
|
* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
|
|
* Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
|
|
|
|
2.0.2 2007-04-12
|
|
* Merged checkmodule man page fix from Dan Walsh.
|
|
|
|
2.0.1 2007-02-20
|
|
* Merged patch to allow dots in class identifiers from Caleb Case.
|
|
|
|
2.0.0 2007-02-01
|
|
* Merged patch to use new libsepol error codes by Karl MacMillan.
|
|
|
|
1.34.0 2007-01-18
|
|
* Updated version for stable branch.
|
|
|
|
1.33.1 2006-11-13
|
|
* Collapse user identifiers and identifiers together.
|
|
|
|
1.32 2006-10-17
|
|
* Updated version for release.
|
|
|
|
1.30.12 2006-09-28
|
|
* Merged user and range_transition support for modules from
|
|
Darrel Goeddel
|
|
|
|
1.30.11 2006-09-05
|
|
* merged range_transition enhancements and user module format
|
|
changes from Darrel Goeddel
|
|
|
|
1.30.10 2006-08-03
|
|
* Merged symtab datum patch from Karl MacMillan.
|
|
|
|
1.30.9 2006-06-29
|
|
* Lindent.
|
|
|
|
1.30.8 2006-06-29
|
|
* Merged patch to remove TE rule conflict checking from the parser
|
|
from Joshua Brindle. This can only be done properly by the
|
|
expander.
|
|
|
|
1.30.7 2006-06-27
|
|
* Merged patch to make checkpolicy/checkmodule handling of
|
|
duplicate/conflicting TE rules the same as the expander
|
|
from Joshua Brindle.
|
|
|
|
1.30.6 2006-06-26
|
|
* Merged optionals in base take 2 patch set from Joshua Brindle.
|
|
|
|
1.30.5 2006-05-05
|
|
* Merged compiler cleanup patch from Karl MacMillan.
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
|
|
1.30.4 2006-04-05
|
|
* Changed require_class to reject permissions that have not been
|
|
declared if building a base module.
|
|
|
|
1.30.3 2006-03-28
|
|
* Fixed checkmodule to call link_modules prior to expand_module
|
|
to handle optionals.
|
|
|
|
1.30.2 2006-03-28
|
|
* Fixed require_class to avoid shadowing permissions already defined
|
|
in an inherited common definition.
|
|
|
|
1.30.1 2006-03-22
|
|
* Moved processing of role and user require statements to 2nd pass.
|
|
|
|
1.30 2006-03-14
|
|
* Updated version for release.
|
|
|
|
1.29.5 2006-03-09
|
|
* Fixed bug in role dominance (define_role_dom).
|
|
|
|
1.29.4 2006-02-14
|
|
* Added a check for failure to declare each sensitivity in
|
|
a level definition.
|
|
|
|
1.29.3 2006-02-13
|
|
* Changed to clone level data for aliased sensitivities to
|
|
avoid double free upon sens_destroy. Bug reported by Kevin
|
|
Carr of Tresys Technology.
|
|
|
|
1.29.2 2006-02-13
|
|
* Merged optionals in base patch from Joshua Brindle.
|
|
|
|
1.29.1 2006-02-01
|
|
* Merged sepol_av_to_string patch from Joshua Brindle.
|
|
|
|
1.28 2005-12-07
|
|
* Updated version for release.
|
|
|
|
1.27.20 2005-12-02
|
|
* Merged checkmodule man page from Dan Walsh, and edited it.
|
|
|
|
1.27.19 2005-12-01
|
|
* Added error checking of all ebitmap_set_bit calls for out of
|
|
memory conditions.
|
|
|
|
1.27.18 2005-12-01
|
|
* Merged removal of compatibility handling of netlink classes
|
|
(requirement that policies with newer versions include the
|
|
netlink class definitions, remapping of fine-grained netlink
|
|
classes in newer source policies to single netlink class when
|
|
generating older policies) from George Coker.
|
|
|
|
1.27.17 2005-10-25
|
|
* Merged dismod fix from Joshua Brindle.
|
|
|
|
1.27.16 2005-10-20
|
|
* Removed obsolete cond_check_type_rules() function and call and
|
|
cond_optimize_lists() call from checkpolicy.c; these are handled
|
|
during parsing and expansion now.
|
|
|
|
1.27.15 2005-10-19
|
|
* Updated calls to expand_module for interface change.
|
|
|
|
1.27.14 2005-10-19
|
|
* Changed checkmodule to verify that expand_module succeeds
|
|
when building base modules.
|
|
|
|
1.27.13 2005-10-19
|
|
* Merged module compiler fixes from Joshua Brindle.
|
|
|
|
1.27.12 2005-10-19
|
|
* Removed direct calls to hierarchy_check_constraints() and
|
|
check_assertions() from checkpolicy since they are now called
|
|
internally by expand_module().
|
|
|
|
1.27.11 2005-10-18
|
|
* Updated for changes to sepol policydb_index_others interface.
|
|
|
|
1.27.10 2005-10-17
|
|
* Updated for changes to sepol expand_module and link_modules interfaces.
|
|
|
|
1.27.9 2005-10-13
|
|
* Merged support for require blocks inside conditionals from
|
|
Joshua Brindle (Tresys).
|
|
|
|
1.27.8 2005-10-06
|
|
* Updated for changes to libsepol.
|
|
|
|
1.27.7 2005-10-05
|
|
* Merged several bug fixes from Joshua Brindle (Tresys).
|
|
|
|
1.27.6 2005-10-03
|
|
* Merged MLS in modules patch from Joshua Brindle (Tresys).
|
|
|
|
1.27.5 2005-09-28
|
|
* Merged error handling improvement in checkmodule from Karl MacMillan (Tresys).
|
|
|
|
1.27.4 2005-09-26
|
|
* Merged bugfix for dup role transition error messages from
|
|
Karl MacMillan (Tresys).
|
|
|
|
1.27.3 2005-09-23
|
|
* Merged policyver/modulever patches from Joshua Brindle (Tresys).
|
|
|
|
1.27.2 2005-09-20
|
|
* Fixed parse_categories handling of undefined category.
|
|
|
|
1.27.1 2005-09-16
|
|
* Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
|
|
|
|
1.26 2005-09-06
|
|
* Updated version for release.
|
|
|
|
1.25.12 2005-08-22
|
|
* Fixed handling of validatetrans constraint expressions.
|
|
Bug reported by Dan Walsh for checkpolicy -M.
|
|
|
|
1.25.11 2005-08-18
|
|
* Merged use-after-free fix from Serge Hallyn (IBM).
|
|
Bug found by Coverity.
|
|
|
|
1.25.10 2005-08-15
|
|
* Fixed further memory leaks found by valgrind.
|
|
|
|
1.25.9 2005-08-15
|
|
* Changed checkpolicy to destroy the policydbs prior to exit
|
|
to allow leak detection.
|
|
* Fixed several memory leaks found by valgrind.
|
|
|
|
1.25.8 2005-08-11
|
|
* Updated checkpolicy and dispol for the new avtab format.
|
|
Converted users of ebitmaps to new inline operators.
|
|
Note: The binary policy format version has been incremented to
|
|
version 20 as a result of these changes. To build a policy
|
|
for a kernel that does not yet include these changes, use
|
|
the -c 19 option to checkpolicy.
|
|
|
|
1.25.7 2005-08-11
|
|
* Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys).
|
|
|
|
1.25.6 2005-08-10
|
|
* Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
|
|
|
|
1.25.5 2005-08-09
|
|
* Fixed call to hierarchy checking code to pass the right policydb.
|
|
|
|
1.25.4 2005-08-02
|
|
* Merged patch to update dismod for the relocation of the
|
|
module read/write code from libsemanage to libsepol, and
|
|
to enable build of test subdirectory from Jason Tang (Tresys).
|
|
|
|
1.25.3 2005-07-18
|
|
* Merged hierarchy check fix from Joshua Brindle (Tresys).
|
|
|
|
1.25.2 2005-07-06
|
|
* Merged loadable module support from Tresys Technology.
|
|
|
|
1.25.1 2005-06-24
|
|
* Merged patch to prohibit the use of * and ~ in type sets
|
|
(other than in neverallow statements) and in role sets
|
|
from Joshua Brindle (Tresys).
|
|
|
|
1.24 2005-06-20
|
|
* Updated version for release.
|
|
|
|
1.23.4 2005-05-19
|
|
* Merged cleanup patch from Dan Walsh.
|
|
|
|
1.23.3 2005-05-13
|
|
* Added sepol_ prefix to Flask types to avoid namespace
|
|
collision with libselinux.
|
|
|
|
1.23.2 2005-04-29
|
|
* Merged identifier fix from Joshua Brindle (Tresys).
|
|
|
|
1.23.1 2005-04-13
|
|
* Merged hierarchical type/role patch from Tresys Technology.
|
|
* Merged MLS fixes from Darrel Goeddel of TCS.
|
|
|
|
1.22 2005-03-09
|
|
* Updated version for release.
|
|
|
|
1.21.4 2005-02-17
|
|
* Moved genpolusers utility to libsepol.
|
|
* Merged range_transition support from Darrel Goeddel (TCS).
|
|
|
|
1.21.3 2005-02-16
|
|
* Merged define_user() cleanup patch from Darrel Goeddel (TCS).
|
|
|
|
1.21.2 2005-02-09
|
|
* Changed relabel Makefile target to use restorecon.
|
|
|
|
1.21.1 2005-01-26
|
|
* Merged enhanced MLS support from Darrel Goeddel (TCS).
|
|
|
|
1.20 2005-01-04
|
|
* Merged typeattribute statement patch from Darrel Goeddel of TCS.
|
|
* Changed genpolusers to handle multiple user config files.
|
|
* Merged nodecon ordering patch from Chad Hanson of TCS.
|
|
|
|
1.18 2004-10-07
|
|
* MLS build fix.
|
|
* Fixed Makefile dependencies (Chris PeBenito).
|
|
* Merged fix for role dominance ordering issue from Chad Hanson of TCS.
|
|
* Preserve portcon ordering and apply more checking.
|
|
|
|
1.16 2004-08-13
|
|
* Allow empty conditional clauses.
|
|
* Moved genpolbools utility to libsepol.
|
|
* Updated for libsepol set functions.
|
|
* Changed to link with libsepol.a.
|
|
* Moved core functionality into libsepol.
|
|
* Merged bug fix for conditional self handling from Karl MacMillan, Dave Caplan, and Joshua Brindle of Tresys.
|
|
* Added genpolusers program.
|
|
* Fixed bug in checkpolicy conditional code.
|
|
|
|
1.14 2004-06-28
|
|
* Merged fix for MLS logic from Daniel Thayer of TCS.
|
|
* Require semicolon terminator for typealias statement.
|
|
|
|
1.12 2004-06-16
|
|
* Merged fine-grained netlink class support.
|
|
|
|
1.10 2004-04-07
|
|
* Merged ipv6 support from James Morris of RedHat.
|
|
* Fixed compute_av bug discovered by Chad Hanson of TCS.
|
|
|
|
1.8 2004-03-09
|
|
* Merged policydb MLS patch from Chad Hanson of TCS.
|
|
* Fixed mmap of policy file.
|
|
|
|
1.6 2004-02-18
|
|
* Merged conditional policy extensions from Tresys Technology.
|
|
* Added typealias declaration support per Russell Coker's request.
|
|
* Added support for excluding types from type sets based on
|
|
a patch by David Caplan, but reimplemented as a change to the
|
|
policy grammar.
|
|
* Merged patch from Colin Walters to report source file name and line
|
|
number for errors when available.
|
|
* Un-deprecated role transitions.
|
|
|
|
1.4 2003-12-01
|
|
* Regenerated headers.
|
|
* Merged patches from Bastian Blank and Joerg Hoh.
|
|
|
|
1.2 2003-09-30
|
|
* Merged MLS build patch from Karl MacMillan of Tresys.
|
|
* Merged checkpolicy man page from Magosanyi Arpad.
|
|
|
|
1.1 2003-08-13
|
|
* Fixed endian bug in policydb_write for behavior value.
|
|
* License -> GPL.
|
|
* Merged coding style cleanups from James Morris.
|
|
|
|
1.0 2003-07-11
|
|
* Initial public release.
|
|
|