236 lines
9.0 KiB
Plaintext
236 lines
9.0 KiB
Plaintext
*setools-4.5.0 (21 Mar 2024)
|
|
|
|
* Rework apol to fully generate the UI programmatically.
|
|
* Update apol to PyQt6
|
|
* Add graphical results for information flow analysis and domain
|
|
transition analysis, available in apol, sedta, and seinfoflow.
|
|
* Replace deprecated uses of pkg_resources and distutils.
|
|
* Add tooltips, What's This?, and detail popups in apol to help
|
|
cross-referencing query and analysis results along with
|
|
context-sensitive help.
|
|
* Begin adding unit tests for apol UI.
|
|
|
|
*setools-4-4.4 (07 Dec 2023)
|
|
|
|
* Update for compiling with libsepol 3.6.
|
|
* Update apol to use fully specified PyQt enums.
|
|
* Correct minor code lint issues.
|
|
|
|
*setools-4-4.3 (27 Jul 2023)
|
|
|
|
* Fix compilation with Cython 3.0.0.
|
|
* Improve man pages.
|
|
* Remove neverallow options in sediff.
|
|
* Add -r option to seinfoflow to get flows into the source type.
|
|
* Reject a rule with no permissions as invalid policy.
|
|
|
|
*setools-4-4.2 (19 Apr 2023)
|
|
|
|
* Make NetworkX optional. sedta and seinfoflow tools, along with the
|
|
equivalent analyses in apol require NetworkX.
|
|
* Changed unit test runner to pytest, as setuptools' test command is
|
|
deprecated.
|
|
* Remove neverallow options in sesearch and apol. These are not usable
|
|
since they are removed in the final binary policy.
|
|
* Unit tests and CI tests improvements.
|
|
|
|
*setools-4.4.1 (6 Feb 2023)
|
|
|
|
* Replace deprecated NetworkX function use in information flow and domain
|
|
transition analysis. This function was removed in NetworkX 3.0.
|
|
* Fix bug in apol copy and cut functions when copying from a tree view.
|
|
* Fix bug with extended permission set construction when a range includes
|
|
0x0.
|
|
* Add sesearch -Sp option for permission subset match.
|
|
* Fix error in man page description for sesearch -ep option.
|
|
* Improve output stability in constraint, common, class, role, and user
|
|
queries.
|
|
* Updated permission map.
|
|
* Fix bug in sechecker parsing of multiline values.
|
|
* Other code cleanups not visible to users.
|
|
|
|
*setools-4.4.0 (5 Mar 2021)
|
|
|
|
* Updated policy representation to handle policydb version 33, compressed
|
|
filename transitions.
|
|
* Changed apol tab registry to use metaclasses rather than having a multiple static
|
|
dictionaries in the code.
|
|
* Fixed bug in queries where checks that permissions were part of the specified
|
|
object class would incorrectly raise exceptions when the object class
|
|
criteria is a regex.
|
|
* Reduced aggressiveness of default compiler flags. Since the C code is generated
|
|
by Cython, there typically isn't anything SETools can do when Cython causes
|
|
compiler warnings.
|
|
* Added type annotations to the code and added static type checking for
|
|
continuous integration tests.
|
|
* Added support for old Boolean name substitution in seinfo and sesearch.
|
|
* Added sechecker tool which is a configuration file driven analysis tool.
|
|
|
|
*setools-4.3.0 (1 Apr 2020)
|
|
|
|
* Revised sediff method for TE rules. This drastically reduced memory and run time.
|
|
* Added infiniband context support to seinfo, sediff, and apol.
|
|
* Added apol configuration for location of Qt assistant.
|
|
* Fixed sediff issue where properties header would display when not requested.
|
|
* Fixed sediff issue with type_transition file name comparison.
|
|
* Fixed permission map socket sendto information flow direction.
|
|
* Added methods to TypeAttribute class to make it a complete Python collection.
|
|
* Genfscon now will look up classes rather than using fixed values which
|
|
were dropped from libsepol.
|
|
|
|
|
|
*setools-4.2.2 (15 Jun 2019)
|
|
|
|
* Remove source policy references from man pages, as loading source policies
|
|
is no longer supported.
|
|
* Fixed a performance regression in alias loading after alias dereferencing
|
|
fixes in 4.2.1.
|
|
|
|
|
|
*setools-4.2.1 (4 Feb 2019)
|
|
|
|
* Set SIGPIPE handler for CLI tools.
|
|
* Fixed alias dereferencing in TypeQuery and type, category, and sensitivity
|
|
lookups.
|
|
* Fixed sediff bug for rendering modified nodecons.
|
|
* Fixed devicetreecon count output.
|
|
* Fixed policy target platform check.
|
|
* Fixed bug in creating permission set intersection in apol.
|
|
|
|
|
|
*setools-4.2.0 (10 Nov 2018)
|
|
|
|
This release focused on improving performance and reducing memory usage.
|
|
|
|
A Cython-based policy representation replaced the
|
|
Python/SWIG/static-linked-libsepol implementation. SETools no longer statically
|
|
links to libsepol, though it is strongly suggested that users rebuild SETools
|
|
after updating libsepol, in case the policy structure changes.
|
|
|
|
Building on the policy representation change, refinements in sediff yielded
|
|
as much as a 90% reduction in memory use, depending on the policies.
|
|
|
|
This release of SETools has different dependencies than previous versions.
|
|
See README.md for more details. Support for Python 2.7 was dropped because
|
|
all current SELinux-supporting distributions provide Python 3.
|
|
|
|
Other smaller changes included:
|
|
|
|
* Added support for SCTP portcons.
|
|
* Updated permission maps.
|
|
* Policy symbol names are now available as the name attribute (e.g.
|
|
Boolean.name, Type.name, etc.)
|
|
* Revised some apol layouts to increase the size of text entry fields.
|
|
* Revised package structure to make policyrep a module of the setools
|
|
package.
|
|
* Moved constraint expression to its own class.
|
|
* Made Conditional.evaluate() more useful and added BaseTERule.enabled()
|
|
method to determine if a rule is enabled.
|
|
|
|
Changes since v4.2.0-rc:
|
|
|
|
* Restored missing statement() methods in some policyrep classes
|
|
* Fixed NULL pointer dereference when iterating over type attributes when
|
|
the policy has none.
|
|
* Added xdp_socket permission mapping.
|
|
|
|
|
|
*setools-4.2.0-rc (29 Sep 2018)
|
|
|
|
Changes since v4.2.0-beta:
|
|
|
|
* Fixed performance regressions.
|
|
* Made further memory usage improvements.
|
|
* Fixed build issues with clean target and runtime_library_dirs.
|
|
* Revised package structure to make policyrep a module of the setools
|
|
package.
|
|
* Symbol names are now available as the name attribute (e.g.
|
|
Boolean.name, Type.name, etc.)
|
|
* Fixed some apol layouts to increase the size of text fields.
|
|
* Move constraint expression to its own class.
|
|
* Made Conditional.evaluate() more useful and added BaseTERule.enabled()
|
|
method to determine if a rule is enabled.
|
|
|
|
|
|
*setools-4.2.0-beta (10 Jul 2018)
|
|
|
|
Changes since v4.1.1:
|
|
|
|
* Replaced the Python/SWIG/static-linked-libsepol policyrep module with
|
|
a Cython implementation. This will have performance and memory-usage
|
|
improvements and breaks the static linking to libsepol.
|
|
* Significant memory usage reduction in sediff (approximately 60%,
|
|
depending on the policies).
|
|
* Added support for SCTP portcons.
|
|
* Updated permission maps.
|
|
* Support for Python 2.7 was dropped.
|
|
|
|
This release of SETools has changed dependencies since 4.1.1. See README.md for more details.
|
|
|
|
|
|
*setools-4.1.1 (5 Aug 2017)
|
|
|
|
This release has three changes since 4.1.0:
|
|
|
|
* Update for libsepol 2.7
|
|
* Update to permission maps
|
|
* Fixes for apol help files
|
|
|
|
|
|
*setools-4.1.0 (23 Jan 2017)
|
|
|
|
This release primarily focused on adding features to apol, but has several
|
|
library enhancements. There is also one important bugfix in sediff. There
|
|
were no changes since 4.1.0-rc.
|
|
|
|
Note This will not compile on the master branch of libsepol (what will
|
|
be libsepol 2.7). A future release of SETools will have this support
|
|
(when libsepol 2.7 is released).
|
|
|
|
|
|
*setools-4.1.0-rc (11 Dec 2016)
|
|
|
|
Library:
|
|
* Implemented support for alternate install prefixes.
|
|
* Implemented support for building setools with a locally-built libsepol.
|
|
* Fixed an sediff bug with unioning rules after expansion.
|
|
* Improved sediff memory usage.
|
|
* Patch from Nicolas Iooss to make more stable output in TE rule permission lists.
|
|
* Replaced string representations (e.g. rule types) with enumerations.
|
|
Requires the enum34 (not enum) Python package if using Python < 3.4.
|
|
|
|
Apol:
|
|
* Implemented context menu option for exporting the information flow
|
|
and domain transition analysis tree browser views.
|
|
* Implemented CSV export of table results.
|
|
* Implemented (clipboard) copy from table results.
|
|
* Added missing "clear" button in object class query.
|
|
* Implemented save/load settings for tabs.
|
|
* Implemented save/load workspace (save all tabs settings).
|
|
* Fixed include/exclude type dialog to keep its place when
|
|
adding or removing types from an analysis.
|
|
* Implemented filter on include/exclude type dialog to filter
|
|
the lists by attribute.
|
|
|
|
|
|
*setools-4.0.1 (17 May 2016)
|
|
|
|
Library:
|
|
* Fixed a compile error on 32bit systems.
|
|
* Changed domain transition analysis output to use lists instead
|
|
of generators. This fixes a display problem in apol's DTA browser.
|
|
|
|
Apol:
|
|
* Replaced icons with stock Qt icons to remove license issues
|
|
with some distributions.
|
|
|
|
Sesearch:
|
|
* Changed xperm options to bring in line with sediff, e.g. --allowx
|
|
changed to --allowxperm. Python's argument parser will still detect
|
|
--allowx as an abbreviation of --allowxperm, so compatibility is preserved.
|
|
|
|
|
|
*setools-4.0.0 (04 May 2016)
|
|
|
|
First 4.0 release. SETools is reimplemented in Python.
|