Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libselinux1 | Distribution: SUSE Linux Framework One |
Version: 3.5 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.1.9 | Build date: Fri Aug 23 16:40:33 2024 |
Group: System/Libraries | Build host: h03-ch2a |
Size: 174440 | Source RPM: libselinux-3.5-slfo.1.1.9.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://github.com/SELinuxProject/selinux/wiki/Releases | |
Summary: SELinux runtime library |
libselinux provides an interface to get and set process and file security contexts and to obtain security policy decisions. (Security-enhanced Linux is a feature of the kernel and some utilities that implement mandatory access control policies, such as Type Enforcement, Role-based Access Control and Multi-Level Security.)
SUSE-Public-Domain
* Thu May 04 2023 fcrozat@suse.com - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. * Fri Mar 24 2023 jsegitz@suse.com - Add -ffat-lto-objects to CFLAGS to prevent rpmlint errors because of LTO * Thu Mar 23 2023 mliska@suse.cz - Enable LTO as it works fine now. * Fri Feb 24 2023 jsegitz@suse.com - Update to version 3.5: * check for truncations * avoid newline in avc message * bail out on path truncations * add getpidprevcon to gather the previous context before the last exec of a given process * Workaround for heap overhead of pcre * fix memory leaks on the audit2why module init * ignore invalid class name lookup - Drop restorecon_pin_file.patch, is upstream - Added additional developer key (Jason Zaman) * Thu Jul 07 2022 jsegitz@suse.com - Fixed initrd check in selinux-ready (bnc#1186127) * Tue May 31 2022 jsegitz@suse.com - Added restorecon_pin_file.patch. Fixes issus when running fixfiles/restorecon * Mon May 09 2022 jsegitz@suse.com - Update to version 3.4: * Use PCRE2 by default * Make selinux_log() and is_context_customizable() thread-safe * Prevent leakeing file descriptors * Correctly hash specfiles larger than 4G - Refreshed skip_cycles.patch * Tue Feb 15 2022 jsegitz@suse.com - Add Requires for exact libselinux1 version for selinux-tools - Simplyfied check for correct boot paramaters in selinux-ready (bsc#1195361) * Thu Nov 11 2021 jsegitz@suse.com - Update to version 3.3: * Lots of smaller issues fixed found by fuzzing * Sun Jul 18 2021 gmbr3@opensuse.org - Add missing libselinux-utils Provides to selinux-tools so that %selinux_requires works * Mon Apr 26 2021 jsegitz@suse.com - Remove Recommends for selinux-autorelabel. It's better to have this in the policy package itself (bsc#1181837) * Wed Mar 17 2021 dimstar@opensuse.org - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. + Replace pkgconfig(libpcre) Requires in -devel static with pkgconfig(libpcre2-8). * Tue Mar 09 2021 jsegitz@suse.com - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. * Sat Feb 06 2021 mcepl@suse.com - Add Recommends: selinux-autorelabel, which is very important for healthy use of the SELinux on the system (/.autorelabel mechanism) (bsc#1181837). * Thu Oct 29 2020 lnussel@suse.de - install to /usr (boo#1029961) * Tue Jul 14 2020 jsegitz@suse.com - Update to version 3.1: * selinux/flask.h, selinux/av_permissions.h and sepol/policydb/flask.h were removed. All userspace object managers should have been updated to use the dynamic class/perm mapping support. Use string_to_security_class(3) and string_to_av_perm(3) to map the class and permission names to their policy values, or selinux_set_mapping(3) to create a mapping from class and permission index values used by the application to the policy values. * Removed restrictions in libsepol and checkpolicy that required all declared initial SIDs to be assigned a context. * Support for new policy capability genfs_seclabel_symlinks * selinuxfs is mounted with noexec and nosuid * `security_compute_user()` was deprecated * Thu Mar 26 2020 jsegitz@suse.de - Added skip_cycles.patch to skip directory cycles and not error out * Tue Mar 03 2020 jsegitz@suse.de - Update to version 3.0 * Ignore the stem when looking up all matches in file context * Save digest of all partial matches for directory * Use Python distutils to install SELinux python bindings * ensure that digest_len is not zero * fix string conversion of unknown perms * mark all exported function "extern" Dropped Use-Python-distutils-to-install-SELinux.patch, included upstream * Wed Nov 13 2019 jsegitz@suse.de - Added Use-Python-distutils-to-install-SELinux.patch to use Python's distutils instead of building and installing python bindings manually * Mon Jun 03 2019 jsegitz@suse.com - In selinux-ready * Removed check for selinux-policy package as we don't ship one (bsc#1136845) * Add check that restorecond is installed and enabled * Fri May 24 2019 jsegitz@suse.com - Set License: to correct value (bsc#1135710) * Thu Apr 25 2019 mliska@suse.cz - Disable LTO (boo#1133244). * Wed Mar 20 2019 jsegitz@suse.com - Update to version 2.9 * Add security_reject_unknown(3) man page * Change matchpathcon usage to match with matchpathcon manpage * Do not define gettid() if glibc >= 2.30 is used * Fix RESOURCE_LEAK defects reported by coverity scan * Fix line wrapping in selabel_file.5 * Do not dereference symlink with statfs in selinux_restorecon * Fix overly strict validation of file_contexts.bin * Fix selinux_restorecon() on non-SELinux hosts * Fix the whatis line for the selinux_boolean_sub.3 manpage * Fix printf format string specifier for uint64_t * Fix handling of unknown classes/perms * Set an appropriate errno in booleans.c - Dropped python3.patch, is now upstream * Fri Jan 04 2019 jsegitz@suse.com - Remove unneeded build requires for python3 (bsc#1120255) * Wed Oct 17 2018 jsegitz@suse.com - Update to version 2.8 (bsc#1111732) For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt - ran spec-cleaner on spec files * Mon May 14 2018 mcepl@cepl.eu - Update to version 2.7. * %files needed to be heavily modified * Based expressly on python3, not just python For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt * Fri Nov 24 2017 jsegitz@suse.com - Update to version 2.6. Notable changes: * selinux_restorecon: fix realpath logic * sefcontext_compile: invert semantics of "-r" flag * sefcontext_compile: Add "-i" flag * Introduce configurable backends * Add function to find security.restorecon_last entries * Add openrc_contexts functions * Add support for pcre2 * Handle NULL pcre study data * Add setfiles support to selinux_restorecon(3) * Evaluate inodes in selinux_restorecon(3) * Change the location of _selinux.so * Explain how to free policy type from selinux_getpolicytype() * Compare absolute pathname in matchpathcon -V * Add selinux_snapperd_contexts_path() * Modify audit2why analyze function to use loaded policy * Avoid mounting /proc outside of selinux_init_load_policy() * Fix location of selinuxfs mount point * Only mount /proc if necessary * procattr: return einval for <= 0 pid args * procattr: return error on invalid pid_t input - Dropped * libselinux-2.2-ruby.patch * libselinux-proc-mount-only-if-needed.patch * python-selinux-swig-3.10.patch * Wed Jul 05 2017 schwab@suse.de - readv-proto.patch: include <sys/uio.h> for readv prototype * Sun Jul 24 2016 crrodriguez@opensuse.org - -devel static subpackage requires libpcre-devel and libsepol-devel * Sun Jul 24 2016 crrodriguez@opensuse.org - Avoid mounting /proc outside of selinux_init_load_policy(). (Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes among other things systemd seccomp sandboxing otherwise all filters must allow mount(2) (libselinux-proc-mount-only-if-needed.patch) * Sun Jul 17 2016 jengelh@inai.de - Update RPM groups, trim description and combine filelist entries. * Thu Jul 14 2016 jsegitz@novell.com - Adjusted source link * Tue Jul 05 2016 i@marguerite.su - add patch: python-selinux-swig-3.10.patch, fixed boo#985368 * swig-3.10 in Factory use importlib instead of imp to find _selinux.so. imp searched the same directory as __init__.py is while importlib searchs only standard paths. so we have to move _selinux.so. fixed by upstream - update version 2.5 * Add selinux_restorecon function * read_spec_entry: fail on non-ascii * Add man information about thread specific functions * Don't wrap rpm_execcon with DISABLE_RPM with SWIG * Correct line count for property and service context files * label_file: fix memory leaks and uninitialized jump * Replace selabel_digest hash function * Fix selabel_open(3) services if no digest requested * Add selabel_digest function * Flush the class/perm string mapping cache on policy reload * Fix restorecon when path has no context * Free memory when processing media and x specfiles * Fix mmap memory release for file labeling * Add policy context validation to sefcontext_compile * Do not treat an empty file_contexts(.local) as an error * Fail hard on invalid property_contexts entries * Fail hard on invalid file_contexts entries * Support context validation on file_contexts.bin * Add selabel_cmp interface and label_file backend * Support specifying file_contexts.bin file path * Support file_contexts.bin without file_contexts * Simplify procattr cache * Use /proc/thread-self when available * Add const to selinux_opt for label backends * Fix binary file labels for regexes with metachars * Fix file labels for regexes with metachars * Fix if file_contexts not '\n' terminated * Enhance file context support * Fix property processing and cleanup formatting * Add read_spec_entries function to replace sscanf * Support consistent mode size for bin files * Fix more bin file processing core dumps * add selinux_openssh_contexts_path() * setrans_client: minimize overhead when mcstransd is not present * Ensure selabel_lookup_best_match links NULL terminated * Fix core dumps with corrupt *.bin files * Add selabel partial and best match APIs * Use os.walk() instead of the deprecated os.path.walk() * Remove deprecated mudflap option * Mount procfs before checking /proc/filesystems * Fix -Wformat errors with gcc-5.0.0 * label_file: handle newlines in file names * Fix audit2why error handling if SELinux is disabled * pcre_study can return NULL without error * Only check SELinux enabled status once in selinux_check_access - changes in 2.4 * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR * Fix bugs found by hardened gcc flags * Set the system to permissive if failing to disable SELinux because policy has already been loaded * Add db_exception and db_datatype support to label_db backend * Log an error on unknown classes and permissions * Add pcre version string to the compiled file_contexts format * Deprecate use of flask.h and av_permissions.h * Compiled file_context files and the original should have the same DAC permissions * Thu Jul 30 2015 jsegitz@novell.com - fixed selinux-ready to work with initrd files created by dracut (bsc#940006) * Mon Sep 08 2014 jsegitz@suse.com - updated selinux-ready script to handle initrd files compressed with xz * Sun May 18 2014 crrodriguez@opensuse.org - Update to version 2.3 * Get rid of security_context_t and fix const declarations. * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. * Thu Oct 31 2013 p.drouand@gmail.com - Update to version 2.2 * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. * Support overriding Makefile RANLIB * Update pkgconfig definition * Mount sysfs before trying to mount selinuxfs. * Fix man pages * Support overriding PATH and LIBBASE in Makefile * Fix LDFLAGS usage * Avoid shadowing stat in load_mmap * Support building on older PCRE libraries * Fix handling of temporary file in sefcontext_compile * Fix procattr cache * Define python constants for getenforce result * Fix label substitution handling of / * Add selinux_current_policy_path from * Change get_context_list to only return good matches * Support udev-197 and higher * Add support for local substitutions * Change setfilecon to not return ENOSUP if context is already correct * Python wrapper leak fixes * Export SELINUX_TRANS_DIR definition in selinux.h * Add selinux_systemd_contexts_path * Add selinux_set_policy_root * Add man page for sefcontext_compile - Remove libselinux-rhat.patch; merged on upstream - Adapt libselinux-ruby.patch to upstream changes - Use fdupes to symlink duplicate manpages * Thu Jun 27 2013 vcizek@suse.com - change the source url to the official 2.1.13 release tarball * Wed May 22 2013 jengelh@inai.de - Reuse implicit dependencies injected by pkgconfig * Thu Apr 04 2013 vcizek@suse.com - fixed source url in libselinux-bindings.spec - removed old tarball * Wed Apr 03 2013 vcizek@suse.com - fix source url - document changes in libselinux-rhat.patch from previous submission: (most code of the removed code was integrated upstream) * Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root * Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files * Fri Mar 29 2013 vcizek@suse.com -update to 2.1.13 * audit2why: make sure path is nul terminated * utils: new file context regex compiler * label_file: use precompiled filecontext when possible * do not leak mmapfd * sefcontontext_compile: Add error handling to help debug problems in libsemanage. * man: make selinux.8 mention service man pages * audit2why: Fix segfault if finish() called twice * audit2why: do not leak on multiple init() calls * mode_to_security_class: interface to translate a mode_t in to a security class * audit2why: Cleanup audit2why analysys function * man: Fix program synopsis and function prototypes in man pages * man: Fix man pages formatting * man: Fix typo in man page * man: Add references and man page links to _raw function variants * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions * man: context_new(3): fix the return value description * selinux_status_open: handle error from sysconf * selinux_status_open: do not leak statusfd on exec * Fix errors found by coverity * Change boooleans.subs to booleans.subs_dist. * optimize set*con functions * pkg-config do not specifc ruby version * unmap file contexts on selabel_close() * do not leak file contexts with mmap'd backend * sefcontext_compile: do not leak fd on error * matchmediacon: do not leak fd * src/label_android_property: do not leak fd on error * Wed Jan 30 2013 vcizek@suse.com - update to 2.1.12 - added the recent libselinux-rhat.patch * Add support for lxc_contexts_path * utils: add service to getdefaultcon * libsemanage: do not set soname needlessly * libsemanage: remove PYTHONLIBDIR and ruby equivalent * boolean name equivalency * getsebool: support boolean name substitution * Add man page for new selinux_boolean_sub function. * expose selinux_boolean_sub * matchpathcon: add -m option to force file type check * utils: avcstat: clear sa_mask set * seusers: Check for strchr failure * booleans: initialize pointer to silence coveriety * stop messages when SELinux disabled * Ensure that we only close the selinux netlink socket once. * improve the file_contexts.5 manual page * Fortify source now requires all code to be compiled with -O flag * asprintf return code must be checked * avc_netlink_recieve handle EINTR * audit2why: silence -Wmissing-prototypes warning * libsemanage: remove build warning when build swig c files * matchpathcon: bad handling of symlinks in / * seusers: remove unused lineno * seusers: getseuser: gracefully handle NULL service * New Android property labeling backend * label_android_property whitespace cleanups * additional makefile support for rubywrap * Remove jump over variable declaration * Fix old style function definitions * Fix const-correctness * Remove unused flush_class_cache method * Add prototype decl for destructor * Add more printf format annotations * Add printf format attribute annotation to die() method * Fix const-ness of parameters & make usage() methods static * Enable many more gcc warnings for libselinux/src/ builds * utils: Enable many more gcc warnings for libselinux/utils builds * Change annotation on include/selinux/avc.h to avoid upsetting SWIG * Ensure there is a prototype for 'matchpathcon_lib_destructor' * Update Makefiles to handle /usrmove * utils: Stop separating out matchpathcon as something special * pkg-config to figure out where ruby include files are located * build with either ruby 1.9 or ruby 1.8 * assert if avc_init() not called * take security_deny_unknown into account * security_compute_create_name(3) * Do not link against python library, this is considered * bad practice in debian * Hide unnecessarily-exported library destructors * Mon Jan 07 2013 jengelh@inai.de - Remove obsolete defines/sections * Tue Dec 11 2012 vcizek@suse.com - update selinux-ready script * use -L when stat()ing /etc/selinux/config * make sure that SELINUX isn't disabled in /etc/selinux/config * look for either of /sys/fs/selinux and /selinux directory * use systemctl to check for restorecond * don't look for booleans file (deprecated) * Tue Nov 27 2012 vcizek@suse.com - update selinux-ready script * Wed Jul 25 2012 meissner@suse.com - updated to 2.1.9 again (see below) * Wed Jun 13 2012 coolo@suse.com - go back even more - everything else requires the full SELinux stack (too late for 12.2) * Mon Jun 11 2012 factory-maintainer@kulow.org - revert back to 2.0.98 for 12.2 * Fri Jun 01 2012 mls@suse.de - update to libselinux-2.1.9 * better man pages * selinux_status interfaces * simple interface for access checks * multiple bug fixes * Wed Oct 05 2011 uli@suse.com - cross-build fix: use %__cc macro * Mon Jun 28 2010 jengelh@medozas.de - use %_smp_mflags * Mon May 03 2010 prusnak@suse.cz - don't package /var/run/setrans in libselinux1 package - Feature#303793 - the directory will be created in initscript of mcstrans package * Sat Apr 24 2010 coolo@novell.com - buildrequire pkg-config to fix provides * Fri Apr 09 2010 thomas@novell.com - selinux-ready: added function to check for restorecond in runlevel 3/5 * Thu Apr 08 2010 thomas@novell.com - selinux-ready: added functions for checking PAM config and policy boolean init_upstart * Wed Apr 07 2010 thomas@novell.com - selinux-ready: fixed init ramfs checking * Wed Apr 07 2010 thomas@novell.com - added new selinux-ready script * Thu Feb 25 2010 prusnak@suse.cz - updated to 2.0.91 * changes too numerous to list * Sat Dec 12 2009 jengelh@medozas.de - add baselibs.conf as a source * Fri Jul 24 2009 thomas@novell.com - updated selinux-ready script * Wed Jul 22 2009 prusnak@suse.cz - change libsepol-devel to libsepol-devel-static in dependencies of python bindings * Wed Jul 01 2009 prusnak@suse.cz - put libsepol-devel back to Requires of libselinux-devel * Mon Jun 29 2009 prusnak@suse.cz - added selinux-ready tool to selinux-tools package * Tue Jun 09 2009 crrodriguez@suse.de - remove static libraries - libselinux-devel does not require libsepol-devel * Wed May 27 2009 prusnak@suse.cz - updated to 2.0.80 * deny_unknown wrapper function from KaiGai Kohei * security_compute_av_flags API from KaiGai Kohei * Netlink socket management and callbacks from KaiGai Kohei * Netlink socket handoff patch from Adam Jackson * AVC caching of compute_create results by Eric Paris * fix incorrect conversion in discover_class code * Fri Apr 17 2009 prusnak@suse.cz - fixed memory leak (memleak.patch) * Wed Jan 14 2009 prusnak@suse.cz - updated to 2.0.77 * add new function getseuser which will take username and service and return seuser and level; ipa will populate file in future * change selinuxdefcon to return just the context by default * fix segfault if seusers file does not work * strip trailing / for matchpathcon * fix restorecon python code * Mon Dec 01 2008 prusnak@suse.cz - updated to 2.0.76 * allow shell-style wildcarding in X names * add Restorecon/Install python functions * correct message types in AVC log messages * make matchpathcon -V pass mode * add man page for selinux_file_context_cmp * update flask headers from refpolicy trunk * Wed Oct 22 2008 mrueckert@suse.de - fix debug_packages_requires define * Tue Sep 23 2008 prusnak@suse.cz - require only version, not release [bnc#429053] * Tue Sep 02 2008 prusnak@suse.cz - updated to 2.0.71 * Add group support to seusers using %groupname syntax from Dan Walsh. * Mark setrans socket close-on-exec from Stephen Smalley. * Only apply nodups checking to base file contexts from Stephen Smalley. * Merge ruby bindings from Dan Walsh. * Mon Sep 01 2008 aj@suse.de - Fix build of debuginfo. * Fri Aug 22 2008 prusnak@suse.cz - added baselibs.conf file - split bindings into separate subpackage (libselinux-bindings) - split tools into separate subpackage (selinux-tools) * Fri Aug 01 2008 ro@suse.de - fix requires for debuginfo package * Tue Jul 15 2008 prusnak@suse.cz - initial version 2.0.67 * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
/usr/lib64/libselinux.so.1
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 4 00:15:39 2024