Summary: SELinux binary policy manipulation library

Name: libsepol

Version: 3.5

Release: 0.rc2.1%{?dist}

License: LGPL-2.1-or-later

Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5-rc2/libsepol-3.5-rc2.tar.gz

URL: https://github.com/SELinuxProject/selinux/wiki

# $ git clone https://github.com/fedora-selinux/selinux.git

# $ cd selinux

# $ git format-patch -N libsepol-3.5-rc2 -- libsepol

# $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done

# Patch list start

# Patch list end

BuildRequires: make

BuildRequires: gcc

BuildRequires: flex

Obsoletes: %{name}-compat = 3.1-4

%description

Security-enhanced Linux is a feature of the Linux® kernel and a number

of utilities with enhanced security functionality designed to add

mandatory access controls to Linux.  The Security-enhanced Linux

kernel contains new architectural components originally developed to

improve the security of the Flask operating system. These

architectural components provide general support for the enforcement

of many kinds of mandatory access control policies, including those

based on the concepts of Type Enforcement®, Role-based Access

Control, and Multi-level Security.

libsepol provides an API for the manipulation of SELinux binary policies.

It is used by checkpolicy (the policy compiler) and similar tools, as well

as by programs like load_policy that need to perform specific transformations

on binary policies such as customizing policy boolean settings.

%package devel

Summary: Header files and libraries used to build policy manipulation tools

Requires: %{name}%{?_isa} = %{version}-%{release}

%description devel

The libsepol-devel package contains the libraries and header files

needed for developing applications that manipulate binary policies. 

%package static

Summary: static libraries used to build policy manipulation tools

Requires: %{name}-devel%{?_isa} = %{version}-%{release}

%description static

The libsepol-static package contains the static libraries and header files

needed for developing applications that manipulate binary policies. 

%package utils

Summary: SELinux libsepol utilities

Requires: %{name}%{?_isa} = %{version}-%{release}

%description utils

The libsepol-utils package contains the utilities

%prep

%autosetup -p 2 -n libsepol-%{version}-rc2

# sparc64 is an -fPIC arch, so we need to fix it here

%ifarch sparc64

sed -i 's/fpic/fPIC/g' src/Makefile

%endif

%build

%set_build_flags

CFLAGS="$CFLAGS -fno-semantic-interposition"

%make_build LIBDIR="%{_libdir}"

%install

mkdir -p ${RPM_BUILD_ROOT}%{_libdir} 

mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 

mkdir -p ${RPM_BUILD_ROOT}%{_bindir} 

mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man3

mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8

%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"

rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man8/gen*

rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8

%files static

%{_libdir}/libsepol.a

%files devel

%{_libdir}/libsepol.so

%{_libdir}/pkgconfig/libsepol.pc

%{_includedir}/sepol/*.h

%{_mandir}/man3/*.3.gz

%dir %{_includedir}/sepol

%dir %{_includedir}/sepol/policydb

%{_includedir}/sepol/policydb/*.h

%dir %{_includedir}/sepol/cil

%{_includedir}/sepol/cil/*.h

%files

%license LICENSE

%{_libdir}/libsepol.so.2

%files utils

%{_bindir}/chkcon

%{_bindir}/sepol_check_access

%{_bindir}/sepol_compute_av

%{_bindir}/sepol_compute_member

%{_bindir}/sepol_compute_relabel

%{_bindir}/sepol_validate_transition

%{_mandir}/man8/chkcon.8.gz

%changelog

* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1

- SELinux userspace 3.5-rc2 release

* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1

- SELinux userspace 3.5-rc1 release

* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-4

- Rebase on upstream f56a72ac9e86

* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2

- rebuilt

* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1

- SELinux userspace 3.4 release

* Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1

- SELinux userspace 3.4-rc3 release

* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1

- SELinux userspace 3.4-rc2 release

* Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1

- SELinux userspace 3.4-rc1 release

* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Thu Nov 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2

- Use correct libdir in libsepol.pc (#2018492)

* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1

- SELinux userspace 3.3 release

* Thu Oct  7 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1

- SELinux userspace 3.3-rc3 release

* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1

- SELinux userspace 3.3-rc2 release

* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3

- Rebase on upstream commit 32611aea6543

* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Mon Mar  8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1

- SELinux userspace 3.2 release

* Fri Feb  5 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1

- SELinux userspace 3.2-rc2 release

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Wed Jan 20 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1

- SELinux userspace 3.2-rc1 release

* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5

- Drop and obsolete libsepol-compat subpackage

- cil: Give error for more than one true or false block

* Fri Oct 23 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-4

- Drop deprecated functions and duplicated symbols

- Dange library version to libsepol.so.2

- temporary ship -compat with libsepol.so.1

- Re-enable LTO flags

* Mon Jul 27 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-3

- Disable LTO cflags

- Drop telinit from % post sciptlet

* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2

- Use make macros

- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro

- Use set_build_flags and -fno-semantic-interposition

* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1

- SELinux userspace 3.1 release

* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Tue Jan 28 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-2

- Fix -fno-common issues discovered by GCC 10

* Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1

- SELinux userspace 3.0 release

* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc.1

- SELinux userspace 3.0-rc1 release

* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1

- SELinux userspace 2.9 release

* Wed Mar  6 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1

- SELinux userspace 2.9-rc2 release

* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1

- SELinux userspace 2.9-rc1 release

* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-3

- Fix RESOURCE_LEAK coverity scan defects

* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri May 25 2018 Petr Lautrbach <plautrba@workstation> - 2.8-1

- SELinux userspace 2.8 release

* Mon May 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-0.rc3.1

- SELinux userspace 2.8-rc1 release candidate

* Mon Apr 23 2018 Petr Lautrbach <plautrba@redhat.com> - 2.0-0.rc1.1

- SELinux userspace 2.8-rc1 release candidate

* Wed Mar 21 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-6

- Prevent freeing unitialized value in ibendport handling

- Add support for the SCTP portcon keyword

- Export sepol_polcap_getnum/name functions

* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-5

- cil: Create new keep field for type attribute sets

- build: follow standard semantics for DESTDIR and PREFIX

- cil: show an error when cil_expr_to_string() fails

* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-3

- free ibendport device names

* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-2

- reset pointer after free in cil_strpool_destroy()

- cil: Add ability to redeclare types[attributes]

- cil: Keep attributes used by generated attributes in neverallow rules

- use IN6ADDR_ANY_INIT to initialize IPv6 addresses

- fix memory leak in sepol_bool_query()

- cil: drop wrong unused attribute

- cil: fix -Wwrite-strings warning

- cil: __cil_post_db_neverallow_attr_helper() does not use extra_args

* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1

- Update to upstream release 2017-08-04

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Sun Jul 30 2017 Florian Weimer <fweimer@redhat.com> - 2.6-4

- Rebuild with binutils fix for ppc64le (#1475636)

* Fri Jul 28 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-3

- Fix neverallow bug when checking conditional policy

- Destroy the expanded level when mls_semantic_level_expand() fails

- Do not seg fault on sepol_*_key_free(NULL)

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sun Feb 12 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1

- Update to upstream release 2016-10-14

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-11

- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-10

- Check for too many permissions in classes and commons in CIL

- Fix xperm mapping between avrule and avtab

- tests: Fix mispelling of optimization option

- Fix unused/uninitialized variables on mac build

- Produce more meaningful error messages for conflicting type rules in CIL

- make "make test" fail when a CUnit test fails

- tests: fix g_b_role_2 test

- Change which attributes CIL keeps in the binary policy

- Port str_read() from kernel and remove multiple occurances of similar code

- Use calloc instead of malloc for all the *_to_val_structs

- Fix bugs found by AFL

- Fix memory leak in expand.c

- Fix invalid read when policy file is corrupt

- Fix possible use of uninitialized variables

* Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-9

- Warn instead of fail if permission is not resolved

- Ignore object_r when adding userrole mappings to policydb

* Thu Jul 14 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-8

- Add missing return to sepol_node_query()

- Add missing <stdarg.h> include

* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-7

- Correctly detect unknown classes in sepol_string_to_security_class

- Sort object files for deterministic linking order

- Fix neverallowxperm checking on attributes

- Remove libsepol.map when cleaning

- Add high-level language line marking support to CIL

* Fri May 06 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-6

- Change logic of bounds checking to match change in kernel

- Fix multiple spelling errors

* Mon May 02 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5

- Only apply bounds checking to source types in rules

- Fix CIL and not add an attribute as a type in the attr_type_map

* Fri Apr 29 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4

- Build policy on systems not supporting DCCP protocol

- Fix extended permissions neverallow checking

- Fix CIL neverallow and bounds checking

- Android.mk: Add -D_GNU_SOURCE to common_cflags

* Fri Apr 08 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3

- Fix bug in CIL when resetting classes

- Add support for portcon dccp protocol

* Sun Feb 28 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-2

- Use fully versioned arch-specific requires

* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1

- Update to upstream release 2016-02-23

* Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1

- Update to upstream rc1 release 2016-01-07

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Aug 25 2015 Michal Srb <msrb@redhat.com> - 2.4-3

- Improve compatibility with Python 3 SWIG bindings

- Resolves: rhbz#1247714

* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-2

- Pass ldflags to make so hardening works

* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.1

- Update to upstream release 2.4

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-3

- fix license handling

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1

- Update to upstream 

	* Improve error message for name-based transition conflicts.

	* Revert libsepol: filename_trans: use some better sorting to compare and merge.

	* Report source file and line information for neverallow failures.

	* Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.

	* Add sepol_validate_transition_reason_buffer function from Richard Haines.

* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1

- Update to upstream 

- Richard Haines patch V1 Allow constraint denials to be determined.

- Add separate role declarations as required by modern checkpolicy.

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.9-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1

- Update to upstream 

- filename_trans: use some better sorting to compare and merge

- coverity fixes

- implement default type policy syntax

- Fix memory leak issues found by Klocwork

- Add CONTRAINT_NAMES to the kernel 

* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-8

- Update to latest patches from eparis/Upstream

* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-7

- Update to latest patches from eparis/Upstream

* Tue Jan 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-6

- Fix libsepol.stack messages in audit2allow/audit2why

* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5

- Update to latest patches from eparis/Upstream

* Tue Nov 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4

- Update Richard Haines patch to show constraint information

* Mon Nov 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3

- Add sepol_compute_av_reason_buffer patch from Richard Haines

* Wed Sep 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2

- Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules

* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1

- Update to upstream 

	* fix neverallow checking on attributes

	* Move context_copy() after switch block in ocontext_copy_*().

	* check for missing initial SID labeling statement.

	* Add always_check_network policy capability

	* role_fix_callback skips out-of-scope roles during expansion.

* Mon Jul 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-4

- Try new patches

* Tue Jul 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3

- Revert patches

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.7-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1

- Update to upstream 

	* reserve policycapability for redhat testing of ptrace child

	* cosmetic changes to make the source easier to read

	* prepend instead of append to filename_trans list

	* Android/MacOS X build support

	* allocate enough space to hold filename in trans rules

* Mon Apr 23 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3

- Fix off by one error that is causing file_name transition rules to be expanded- incorrectly on i686 machines

* Tue Apr 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2

- Add support for ptrace_child

* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1

- Update to upstream 

  * checkpolicy: implement new default labeling behaviors

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.4-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-5

- Update to match eparis pool

* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-4

- Additional fix for default transitioning labeling for semodule

* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-3

- Add Eparis patch for handling of default transition labeling

* Mon Dec 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2

- Allow policy to specify the source of target for generating the default user,role 

- or mls label for a new target.

* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1

- Update to upstream 

	* regenerate .pc on VERSION change

	* Move ebitmap_* functions from mcstrans to libsepol

	* expand: do filename_trans type comparison on mapped representation

* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-2

-The filename_trans code had a bug where duplicate detection was being

done between the unmapped type value of a new rule and the type value of

rules already in policy.  This meant that duplicates were not being

silently dropped and were instead outputting a message that there was a

problem.  It made things hard because the message WAS using the mapped

type to convert to the string representation, so it didn't look like a

dup!

* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-1

-Update to upstream

	* Skip writing role attributes for policy.X and

	* Indicate when boolean is indeed a tunable.

	* Separate tunable from boolean during compile.

	* Write and read TUNABLE flags in related

	* Copy and check the cond_bool_datum_t.flags during link.

	* Permanently discard disabled branches of tunables in

	* Skip tunable identifier and cond_node_t in expansion.

	* Create a new preserve_tunables flag

	* Preserve tunables when required by semodule program.

	* setools expects expand_module_avrules to be an exported

	* tree: default make target to all not

* Thu Sep 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-3

- Add patch to handle preserving tunables

* Thu Sep 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-2

- export expand_module_avrules 

* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-0

- Update to upstream 

	* Only call role_fix_callback for base.p_roles during expansion.

	* use mapped role number instead of module role number

* Mon Aug 1 2011 Dan Walsh <dwalsh@redhat.com> 2.1.1-1

- Update to upstream 

	* Minor fix to reading policy with filename transition rules

* Wed Jul 27 2011 Dan Walsh <dwalsh@redhat.com> 2.1.0-1

- Update to upstream 

	* Release, minor version bump

* Tue May 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.45-1

- Update to upstream 

  * Warn if filename_trans rules are dropped by Steve Lawrence.

* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.44-2

- Fixes for new role_transition class field by Eric Paris.

* Thu Apr 14 2011 Dan Walsh <dwalsh@redhat.com> 2.0.44-1

-Update to upstream

	* Fixes for new role_transition class field by Eric Paris.

	* Add libsepol support for filename_trans rules by Eric Paris.

* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-3

- re-add Erics patch for filename transitions

* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1

-Update to upstream

	* Add new class field in role_transition by Harry Ciao.

* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.42-3

- Apply Eparis Patch

  This patch add libsepol support for filename_trans rules.  These rules

allow on to make labeling decisions for new objects based partially on

the last path component.  They are stored in a list.  If we find that

the number of rules grows to an significant size I will likely choose to

store these in a hash, both in libsepol and in the kernel.  But as long

as the number of such rules stays small, this should be good.

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.42-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.42-1

- Upgrade to latest from NSA

  * Fix compliation under GCC 4.6 by Justin Mattock

* Thu Feb 18 2010 Dan Walsh <dwalsh@redhat.com> 2.0.41-3

- Fix libsepol.pc file

* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.41-2

- Resolve specfile problems

Resolves: #555835

* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.41-1

- Upgrade to latest from NSA

  * Fixed typo in error message from Manoj Srivastava.

* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.40-1

- Upgrade to latest from NSA

  * Add pkgconfig file from Eamon Walsh.

* Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.39-1

- Upgrade to latest from NSA

  * Add support for building Xen policies from Paul Nuzzi.

* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.38-1

- Upgrade to latest from NSA

  * Check last offset in the module package against the file size.

  Reported by Manoj Srivastava for bug filed by Max Kellermann.

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.37-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> 2.0.37-1

- Upgrade to latest from NSA

  * Add method to check disable dontaudit flag from Christopher Pardy.

* Wed Mar 25 2009 Dan Walsh <dwalsh@redhat.com> 2.0.36-1

- Upgrade to latest from NSA

  * Fix boolean state smashing from Joshua Brindle.

* Thu Mar 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.35-3

- Fix license specification to be LGPL instead of GPL

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-2

* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.35-1

- Upgrade to latest from NSA

        * Fix alias field in module format, caused by boundary format change

          from Caleb Case.

* Tue Oct 14 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-1

- Upgrade to latest from NSA

  * Add bounds support from KaiGai Kohei.

  * Fix invalid aliases bug from Joshua Brindle.

* Tue Sep 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.33-1

- Upgrade to latest from NSA

  * Revert patch that removed expand_rule.

* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.32-1

- Upgrade to latest from NSA

  * Allow require then declare in the source policy from Joshua Brindle.

* Sun Jun 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.31-1

- Upgrade to latest from NSA

  * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.

* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.30-1

- Upgrade to latest from NSA

  * Fix endianness bug in the handling of network node addresses from Stephen Smalley.

    Only affects big endian platforms.

    Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.

* Wed May 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.29-1

- Upgrade to latest from NSA

  * Merge user and role mapping support from Joshua Brindle.

* Mon May 19 2008 Dan Walsh <dwalsh@redhat.com> 2.0.28-1

- Upgrade to latest from NSA

  * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.

  * Belatedly merge test for policy downgrade from Todd Miller.

* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.26-1

- Upgrade to latest from NSA

  * Add permissive domain support from Eric Paris.

* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.25-1

- Upgrade to latest from NSA

  * Drop unused ->buffer field from struct policy_file.

  * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.

* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.23-1

- Upgrade to latest from NSA

  * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.

  * Add support for open_perms policy capability from Eric Paris.

* Wed Feb 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.21-1

- Upgrade to latest from NSA

  * Fix invalid memory allocation in policydb_index_others() from Jason Tang.

* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> 2.0.20-1

- Upgrade to latest from NSA

  * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.

* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.19-1

- Upgrade to latest from NSA

  * Add support for consuming avrule_blocks during expansion to reduce

    peak memory usage.

* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 2.0.18-2

- Fixed for spec review

* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.18-1

- Upgrade to latest from NSA

  * Added support for policy capabilities from Todd Miller.

  * Prevent generation of policy.18 with MLS enabled from Todd Miller.

* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1

- Upgrade to latest from NSA

  * print module magic number in hex on mismatch, from Todd Miller.

* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.15-1

- Upgrade to latest from NSA

  * clarify and reduce neverallow error reporting from Stephen Smalley.

* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> 2.0.14-1

- Upgrade to latest from NSA

  * Reject self aliasing at link time from Stephen Smalley.

  * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.

  * Fixed bug in require checking from Stephen Smalley.

  * Added user hierarchy checking from Todd Miller.  

* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.11-1

  * Pass CFLAGS to CC even on link command, per Dennis Gilmore.

* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.10-1

- Upgrade to latest from NSA

  * Merged support for the handle_unknown policydb flag from Eric Paris.

* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-1

- Upgrade to latest from NSA

  * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.

  * Fixed module_package_read_offsets bug introduced by the prior patch.

* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-1

- Upgrade to latest from NSA

  * Eliminate unaligned accesses from policy reading code from Stephen Smalley.

* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-1

- Upgrade to latest from NSA

  * Allow dontaudits to be turned off during policy expansion

* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.5-1

- Upgrade to latest from NSA

     * Fix sepol_context_clone to handle a NULL context correctly.

          This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)

    to set the file context entry to "<<none>>".

- Apply patch from Joshua Brindle to disable dontaudit rules

* Thu Jun 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.4-1

- Upgrade to latest from NSA

  * Merged error handling patch from Eamon Walsh.

* Tue Apr 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1

- Upgrade to latest from NSA

  * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.

* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1

- Upgrade to latest from NSA

  * Merged fix from Karl to remap booleans at expand time to 

    avoid holes in the symbol table.

* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-1

- Upgrade to latest from NSA

  * Merged libsepol segfault fix from Stephen Smalley for when

    sensitivities are required but not present in the base.

  * Merged patch to add errcodes.h to libsepol by Karl MacMillan.

* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1

- Upgrade to latest from NSA

  * Updated version for stable branch.

* Tue Dec 12 2006 Adam Jackson <ajax@redhat.com> 1.15.3-1

- Add dist tag and rebuild, fixes 6 to 7 upgrades.

* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 1.15.3-1

- Upgrade to latest from NSA