libsemanage (3.7-2) unstable; urgency=medium * Make libsemanage-dev depend on libselinux1-dev -- Russell Coker Fri, 30 Aug 2024 13:44:45 +1000 libsemanage (3.7-1) unstable; urgency=medium * New upstream release * Change libsemanage-dev to depend on libselinux-dev * Add extra upstream signing key for Petr Lautrbach * Remove libsemanage-common.install line for russian man pages -- Russell Coker Sun, 25 Aug 2024 21:21:22 +1000 libsemanage (3.5-1) unstable; urgency=medium [ Laurent Bigonville ] * New upstream release - debian/rules: Properly set the install layout for the python module - debian/control: Bump {build-}dependencies to match new release * debian/upstream/signing-key.asc: Add public key of Jason Zaman * debian/control: Bump Standards-Version to 4.6.2 (no further changes) * debian/control: Drop ancient Breaks/Replaces * debian/control: Drop dependency against ruby | ruby-interpreter, to please lintian [ Helmut Grohne ] * Fix FTCBFS: Support cross building python and ruby extensions. (Closes: #1022967) [ Bastian Germann ] * Fix "Inaccurate copyright file" (Closes: #1031797) -- Laurent Bigonville Mon, 10 Jul 2023 20:43:07 +0200 libsemanage (3.4-1) unstable; urgency=medium * New upstream release - debian/control: Bump {build-}dependencies to match new release - debian/libsemanage2.symbols: Add newly exported symbols * Enable GPG key validation of the upstream tarball -- Laurent Bigonville Sat, 04 Jun 2022 19:10:35 +0200 libsemanage (3.3-1) unstable; urgency=medium [ Christian Göttsche ] * d/gitlab-ci.yml: Use Debian recipe * d/control: Bump debhelper compat to level 13 * d/control: Bump Standards-Version to 4.5.1 (no further changes) * d/control: Update homepage * d/rules: Enable build hardening * d/rules: Enable -Wall -Wextra * d/control: Convert cute fields * d/control: Declare semanage-utils Architecture all [ Laurent Bigonville ] * debian/control: Properly depend against libsepol2 instead of libsepol1 * New upstream version 3.3 - debian/control: Bump {build-}dependencies to match new release * debian/control: Bump Standards-Version to 4.6.0 (no further changes) * debian/control: Relax the versioned dependency against -common a bit -- Laurent Bigonville Mon, 08 Nov 2021 15:01:36 +0100 libsemanage (3.2-1) experimental; urgency=medium * New upstream version - debian/control: Bump {build-}dependencies to match new release - Bump the soname from 1 to 2, drop the soname from the -dev package * debian/watch: Update the URL to follow the new tagging format * debian/control: Drop ancients Breaks against selinux-policy-default and selinux-policy-mls * debian/patches/fix_tests.patch: Add the Forwarded tag to please lintian -- Laurent Bigonville Sat, 24 Apr 2021 13:52:18 +0200 libsemanage (3.1-1) unstable; urgency=medium [ Debian Janitor ] * Trim trailing whitespace. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Repository, Repository- Browse. [ Laurent Bigonville ] * New upstream release - debian/control: Bump {build-}dependencies to match new release * Set upstream metadata fields: Bug-Submit. * debian/gitlab-ci.yml: Add salsa CI * debian/rules: Clean the ruby bindings built for all versions, this fixes the ability to build the package twice (Closes: #951630) * debian/rules: Call dh_auto_clean even if we are not building any bindings * debian/rules: Add support to run make in parallel * Move semanage_migrate_store to /usr/libexec/selinux * debian/control: Set Rules-Requires-Root: no * debian/rules: Add -fno-semantic-interposition to the CFLAGS [ Debian Janitor ] * Wrap long lines in changelog entries: 1.6-1. * Update standards version to 4.5.0, no changes needed. -- Laurent Bigonville Wed, 15 Jul 2020 09:58:16 +0200 libsemanage (3.0-1) unstable; urgency=medium * New upstream release - debian/control: Bump {build-}dependencies to match new release - d/p/fix_tests.patch: Fix the tests to run from the released tarball and add secilc to the Build-dependencies * Bump Standards-Version to 4.4.1 (no further changes) * Bump debhelper compatibility to 12 * Drop d/p/libexec-path.patch: look for hll compiler in /usr/libexec add Breaks against policycoreutils << 3.0 to be sure the exec is installed -- Laurent Bigonville Thu, 12 Dec 2019 11:47:10 +0100 libsemanage (2.9-3) unstable; urgency=medium * Drop python-semanage package, python 2 is EOL and it has not rdeps * Bump Standards-Version to 4.4.0 (no further changes) -- Laurent Bigonville Mon, 22 Jul 2019 01:51:03 +0200 libsemanage (2.9-2) unstable; urgency=medium * Upload to unstable * debian/control: Mark libsemanage1-dev and ruby-semanage as Multi-Arch same -- Laurent Bigonville Sun, 07 Jul 2019 23:18:44 +0200 libsemanage (2.9-1) experimental; urgency=medium * New upstream release - debian/control: Bump {build-}dependencies to match new release * debian/watch: Adjust the URL * debian/patches/semigrate-store.patch: Refreshed * d/p/0001-libsemanage-Always-set-errno-to-0-before-calling-get.patch: Dropped, applied upstream * debian/libsemanage-common.install: Install manpages in Russian * debian/patches/libexec-path.patch: Also fix the path in the Russian manpage -- Laurent Bigonville Mon, 18 Mar 2019 14:30:12 +0100 libsemanage (2.8-2) unstable; urgency=medium * d/p/0001-libsemanage-Always-set-errno-to-0-before-calling-get.patch: Fix bogus error message when calling genhomedircon * Bump Standards-Version to 4.3.0 (no further changes) -- Laurent Bigonville Sun, 06 Jan 2019 13:09:51 +0100 libsemanage (2.8-1) unstable; urgency=medium * New upstream release - debian/control: Bump {build-}dependencies to match new release - debian/libsemanage1.symbols: Add new exported symbol * debian/control: Point Vcs-* fields to new (salsa) machine * debian/rules: Adjust to match upstream changes to the build system * debian/copyright: Fix a spelling error, thanks to lintian * debian/control: Bump Standards-Version to 4.1.4 (no further changes) * debian/rules: Use dh_missing --list-missing instead of dh_install * debian/control: Remove X-Python(3)-Version fields as the required version is already in oldstable, to please lintian -- Laurent Bigonville Tue, 29 May 2018 12:05:37 +0200 libsemanage (2.7-2) unstable; urgency=medium [ Laurent Bigonville ] * debian/control: Drop libustr-dev (build-)dependency, not used anymore * debian/rules: Make the tests failures fatal again, tests don't seems to fail anymore [ Helmut Grohne ] * Support being built with multiple build profiles. (Closes: #875551) * Support nocheck build profile. (Closes: #875558) * Fix stage1 FTCBFS: Export triplet-prefixed CC. (Closes: #875559) * Use profiles nopython and noruby rather than stage1. (Closes: #875562) -- Laurent Bigonville Fri, 15 Sep 2017 15:14:34 +0200 libsemanage (2.7-1) unstable; urgency=medium * New upstream release - debian/control: Bump {build-}dependencies to match new release * debian/control: Remove Manoj from the uploader list and add myself instead. Thanks to him for all the work in the past. * Bump debhelper compatibility to 10 * Bump Standards-Version to 4.1.0 (no further changes) * Convert DEB_STAGE to DEB_BUILD_PROFILES -- Laurent Bigonville Sun, 10 Sep 2017 01:07:48 +0200 libsemanage (2.7~rc2-1) experimental; urgency=medium * Team upload. * New upstream release candidate - debian/control: Bump {build-}dependencies to match new release - Drop debian/patches/fix_use-after-free_python3.patch, applied upstream - Drop debian/patches/tests-makefile: Not needed anymore - debian/libsemanage1.symbols: Update the exported symbols list * Use python3 for semanage_migrate_store * debian/watch: Add support for rc releases and use macros * debian/control: Bump Standards-Version to 4.0.0 (no further changes) * debian/rules: Fix the build of the ruby binding * debian/rules: Fix the build of the python binding -- Laurent Bigonville Wed, 21 Jun 2017 21:56:16 +0200 libsemanage (2.6-2) unstable; urgency=medium * Team upload. * debian/patches/fix_use-after-free_python3.patch: Fix use-after-free when using python3 bindings, this was preventing to modify/delete login mappings, from upstream (Closes: #848232) -- Laurent Bigonville Fri, 30 Dec 2016 16:42:09 +0100 libsemanage (2.6-1) unstable; urgency=medium * Team upload. * New upstream release - Make the build reproducible (Closes: #825674) - debian/control: Bump {build-}dependencies to match new release * debian/libsemanage1.symbols: Add the Build-Depends-Package field * debian/gbp.conf: Rename git-buildpackage section to buildpackage -- Laurent Bigonville Sat, 29 Oct 2016 19:47:52 +0200 libsemanage (2.5-1) unstable; urgency=medium * Team upload. * New upstream release - debian/control: Bump {build-}dependencies to match new release - debian/patches/semigrate-store.patch: Refreshed - debian/libsemanage1.symbols: Add new exported symbol * debian/gbp.conf: Sign tags by default * debian/control: Bump Standards-Version to 3.9.8 (no further changes) * debian/control: Update the Vcs-* URL's to please lintian (again) -- Laurent Bigonville Mon, 25 Apr 2016 20:14:10 +0200 libsemanage (2.4-3) unstable; urgency=medium * Team upload. * Upload to unstable * debian/control: - Add a Breaks against policycoreutils << 2.4, if the package is installed, let's be sure we have the correct version. - Add Breaks against the policy packages, libsemanage 2.4 introduce a new location for the policy store and the maintainer scripts from the policy packages need to be adjusted. -- Laurent Bigonville Thu, 19 Nov 2015 01:58:47 +0100 libsemanage (2.4-2) experimental; urgency=medium * Team upload. * Create a new semanage-utils package and install semanage_migrate_store utility in it. This utility can be used to migrate the policy store to the new format and location. * Add d/p/semigrate-store.patch: Fix the soname of the libsepol library and debianize the name of the packages to install in an error message -- Laurent Bigonville Tue, 27 Oct 2015 17:12:24 +0100 libsemanage (2.4-1) experimental; urgency=medium * Team upload. * New upstream release - debian/patches/disable-expand-check.patch: Refreshed - debian/control: Bump {build-}dependencies to match new release - Adjust the debian/libsemanage1.symbols file * debian/watch: Update watch file URL * debian/control: Bump Standards-Version to 3.9.6 (no further changes) * Do not look for hll compiler in /usr/libexec * Start building python3 packages -- Laurent Bigonville Fri, 31 Jul 2015 16:21:13 +0200 libsemanage (2.3-1) unstable; urgency=medium * Team upload. * New upstream release - debian/control: Bump {build-}dependencies to match new release * debian/rules: Do not require ruby or python dh helpers when bootstrapping * debian/rules: Rework the makefile, it should handle changes in the supported ruby versions by binNMU now (Closes: #747685) * debian/rules: Fix path in the override_dh_fixperms target -- Laurent Bigonville Fri, 16 May 2014 16:27:12 +0200 libsemanage (2.2-2) unstable; urgency=medium * Team upload. [ Hideki Yamane ] * debian/{rules,ruby-semanage.install} - remove ruby1.9.1 (however, it's just a workaround since it specifies only ruby2.0, and we'll move to ruby2.1) (Closes: #746025) [ Laurent Bigonville ] * debian/rules: Build ruby 2.1 bindings too * debian/control: Bump Standards-Version to 3.9.5 (no further changes) -- Laurent Bigonville Fri, 02 May 2014 02:06:36 +0200 libsemanage (2.2-1) unstable; urgency=low * Team upload. * New upstream release - Drop debian/patches/max-uid: Merged upstream - Drop debian/patches/fix_swig_python_exception.patch: Merged upstream - debian/control: + Bump {build-}dependencies to match new release + Add libaudit-dev to the build-dependencies -- Laurent Bigonville Fri, 01 Nov 2013 23:24:34 +0100 libsemanage (2.1.10-3) unstable; urgency=low * Team upload. * debian/patches/disable-expand-check.patch: Disable expand-check option by default to speedup semodule operations (Closes: #724999) * debian/control: Bump Standards-Version to 3.9.4 (no further changes) * debian/rules: Stop building binding for ruby 1.8 and start building it for ruby 2.0 (Closes: #720220) * debian/control, debian/rules: Drop libsemanage-ruby1.8 transitional package * debian/control: Use canonical URL for VCS-Git field -- Laurent Bigonville Wed, 02 Oct 2013 21:25:16 +0200 libsemanage (2.1.10-2) unstable; urgency=low * Team upload. * debian/control: Add Build-dependency against pkg-config * debian/rules: Do not build the bindings if we are in "stage1", this help to bootstrap new architectures (Closes: #708404) * debian/rules: Fix FTBFS with multiarched python * debian/patches/fix_swig_python_exception.patch: Fix the generation of the semanageswig_python_exception.i file -- Laurent Bigonville Mon, 20 May 2013 19:21:45 +0200 libsemanage (2.1.10-1) unstable; urgency=low * Team upload. * New upstream release - debian/control: Bump (build-) dependencies to match the release - debian/patches/max-uid: Refreshed -- Laurent Bigonville Fri, 10 May 2013 00:04:07 +0200 libsemanage (2.1.9-1) experimental; urgency=low * Team upload. * New upstream release - Drop debian/patches/fallback-user-level, applied upstream - Drop debian/patches/no-link-libpython.patch, applied upstream - Refreshed debian/patches/makefile - Drop debian/patches/prefix-rubymodule.patch, applied upstream - Drop debian/patches/python-semanage-make, not needed anymore - debian/patches/max-uid: Drop useless changes - Bump libsepol1 and libselinux1 {build-}dependencies - debian/rules: Also pass RUBYINC for ruby 1.8 and add missing -I for 1.9 - Drop debian/patches/makefile, not needed anymore * Update debian/watch file * debian/gbp.conf: Change the debian-branch to "debian" instead of "upstream" -- Laurent Bigonville Wed, 26 Sep 2012 14:38:38 +0200 libsemanage (2.1.6-6) unstable; urgency=low * Team upload. * Do not Conflicts with ruby transitional package, use versionized Breaks instead (Closes: #667066) * debian/gbp.conf: Change default git-buildpackage build-directory -- Laurent Bigonville Sun, 10 Jun 2012 08:47:37 +0200 libsemanage (2.1.6-5) unstable; urgency=low * Team upload. * debian/rules: Do not make tests failures fatal -- Laurent Bigonville Thu, 29 Mar 2012 15:44:35 +0200 libsemanage (2.1.6-4) unstable; urgency=low * Team upload. * debian/control: Re-add Conflicts/Provides for the libsemanage1-dev package * debian/rules: Fix FTBFS, all architectures are not x86_64-linux -- Laurent Bigonville Wed, 28 Mar 2012 22:05:33 +0200 libsemanage (2.1.6-3) unstable; urgency=low * Team upload. * Switch to dh sequence, dh_python2, new ruby policy and multiarch * debian/control: - Bump Standards-Version to 3.9.3 (no further changes) - Drop useless Conflicts/Replaces/Provides - Add missing dependencies on the -dev package - Add Homepage field - Fix short Description to please lintian - Update Vcs-* fields - Add strict version on dependency against libsemanage-common - Make binary packages arch:linux-any - Put under the Debian SELinux team maintenance * Move semanage.conf manpage to libsemanage-common package * Add debian/gbp.conf file * debian/rules: Append CPPFLAGS hardening flags to CFLAGS as build system is not using CPPFLAGS -- Laurent Bigonville Tue, 27 Mar 2012 17:33:12 +0200 libsemanage (2.1.6-2) unstable; urgency=low * Make the python shared objects build correctly. -- Russell Coker Tue, 28 Feb 2012 16:12:45 +1100 libsemanage (2.1.6-1) unstable; urgency=low * New upstream version, add support for MCS/MLS levels for restorecon and lots of little changes. * Added new symbols semanage_get_preserve_tunables, semanage_set_preserve_tunables, and semanage_set_root. * Removed more generated files in the clean process. * Made tests/Makefile multi-arch aware. * Switch to dpkg-source 3.0 (quilt) format -- Russell Coker Mon, 20 Feb 2012 18:27:21 +1100 libsemanage (2.1.0-2) unstable; urgency=low * s/policymanagement/policy management/ and removed needless space Closes: #639809, #639810 -- Russell Coker Wed, 31 Aug 2011 16:02:17 +1000 libsemanage (2.1.0-1) unstable; urgency=low * New upstream version, just a version bump. * Made it build-depend on the latest libselinux1-dev and libsepol1-dev. * Made myself the maintainer. -- Russell Coker Tue, 30 Aug 2011 15:08:50 +1000 libsemanage (2.0.46-2) unstable; urgency=low * Change level support in file contexts to support no MLS label Closes: #589515 -- Russell Coker Mon, 29 Aug 2011 20:18:29 +1000 libsemanage (2.0.46-1) unstable; urgency=low * New upstream version. * Add support for using the level in generated file contexts. -- Russell Coker Wed, 05 Jan 2011 18:11:56 +1100 libsemanage (2.0.45-1) unstable; urgency=low * New upstream release * Add enable/disable patch support from Dan Walsh. * Add usepasswd flag to semanage.conf to disable genhomedircon using passwd from Dan Walsh. * regenerate swig wrappers * Replace usage of fmemopen() with sepol_policy_file_set_mem() since glibc < 2.9 does not support binary mode ('b') for fmemopen'd streams. * Move libsemanage.so to /usr/lib * Add NAME lines to man pages from Manoj Srivastava -- Manoj Srivastava Sun, 28 Mar 2010 09:11:30 -0700 libsemanage (2.0.42-1) unstable; urgency=low * New upstream release. Move load_policy from /usr/sbin to /sbin from Dan Walsh. -- Manoj Srivastava Fri, 20 Nov 2009 01:33:34 -0600 libsemanage (2.0.41-2) unstable; urgency=low * Pull out the common files under /etc from the shared library package, since it is a policy violation. Added a -common package to hold the file. -- Manoj Srivastava Tue, 17 Nov 2009 23:51:50 -0600 libsemanage (2.0.41-1) unstable; urgency=low * New upstream point release + Add pkgconfig file. -- Manoj Srivastava Tue, 17 Nov 2009 13:41:57 -0600 libsemanage (2.0.40-1) unstable; urgency=low * New upstream point release + Add semanage_set_check_contexts() function to disable calling setfiles -- Manoj Srivastava Sun, 25 Oct 2009 14:02:11 -0500 libsemanage (2.0.39-1) unstable; urgency=low * New upstream point release + Change semodule upgrade behavior to install even if the module is not present from Dan Walsh. + Make genhomedircon trim excess '/' from homedirs from Dan Walsh. + Fix persistent dontaudit support to rebuild policy if the dontaudit state is changed from Chad Sellers. The first change is nice, since now you may just isntall a policy module using semodule, without having to check if the module was already in policy (ie, no distinction between install/update) * Bug fix: "/lib shlib links to /usr/lib shlib", thanks to Raphael Geissert. Moved libsemanage to /usr/lib (Closes: #549610). * Pass CC, CFLAGS, Ans LDFLAGS along when compiling the python bindings (should help cross compilation) -- Manoj Srivastava Wed, 14 Oct 2009 00:45:52 -0500 libsemanage (2.0.36-2) unstable; urgency=low * First cut at providing symbols files. * Check for extra libraries and shlib version numbers. Unless there is a nocheck option in the deb build options variable, now we look to see if there are extra libraries we have linked to. Might need to back this out later, if this causes problems on the buildds. -- Manoj Srivastava Tue, 01 Sep 2009 23:30:27 -0500 libsemanage (2.0.36-1) unstable; urgency=low * New upstream point release + Changed bzip-blocksize=0 handling to support existing compressed modules in the store. + Revert hard linking of files between tmp/active/previous. + Enable configuration of bzip behavior from Stephen Smalley. bzip-blocksize=0 to disable compression and decompression support. bzip-blocksize=1..9 to set the blocksize for compression. bzip-small=true to reduce memory usage for decompression. * Also, make package build error out on non linux platforms for now. -- Manoj Srivastava Thu, 27 Aug 2009 12:52:52 -0500 libsemanage (2.0.33-2) unstable; urgency=low * Hmm. More timing issues with building in parallel. With the new changes, the jobserver no longer seems disabled, which should take care of this. In any case, I can't reproduce it even when building in parallel now. Bug fix: "FTBFS: <stdout>:496: error: expected expression at end of input", thanks to Lucas Nussbaum (Closes: #542970). -- Manoj Srivastava Sat, 22 Aug 2009 17:19:53 -0500 libsemanage (2.0.33-1) unstable; urgency=low * New upstream release. + Maintain disable dontaudit state from Christopher Pardy. -- Manoj Srivastava Fri, 14 Aug 2009 01:32:45 -0500 libsemanage (2.0.32-1) unstable; urgency=low * New upstream release * [dee68bd]: [topic-debian]: Modify makefile to use installed versions of libraries * [97f1895]: [libsemanage]: Add a new package providing ruby bindings. [c00b158]: [7641bb1]: Support for above. -- Manoj Srivastava Sat, 20 Jun 2009 12:41:35 -0500 libsemanage (2.0.31-1) unstable; urgency=low * New upstream release + Policy module compression (bzip) support from Dan Walsh. + Hard link files between tmp/active/previous from Dan Walsh. + Add semanage_mls_enabled() interface from Stephen Smalley. + Add USER to lines to homedir_template context file from Chris PeBenito. + allow fcontext and seuser changes without rebuilding the policy from Dan Walsh * [337fae6]: [libsemanage]: Added libbz2-dev as a build dependency Updated the other version build depends, and the standards version. -- Manoj Srivastava Mon, 15 Jun 2009 14:01:31 -0500 libsemanage (2.0.27-1) unstable; urgency=low * New upstream release + Modify genhomedircon to skip %groupname entries. Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax. + Fix bug in genhomedircon fcontext matches logic from Dan Walsh. Strip any trailing slash before appending /*$. -- Manoj Srivastava Wed, 11 Feb 2009 11:57:17 -0600 libsemanage (2.0.25-3) unstable; urgency=high * [bab6644]: Also check for the uppoer bound on user ids in login.defs Some non-Debian packages (like qmail, shudder) create users not below MIN_UID, but above MAX_UID, in /etc/login.defs (non-system users are supposed to have uids between MIN_UID and MAX_UID. genhomedircon.c:gethomedirs() checks pwent.pw_uid against MIN_UID in /etc/login.defs to exclude system users from generating homedir contexts. But unfortunately it does not check it against MAX_UID setting from the same file. This gets us lines like the following in the contexts/files/file_contexts.homedirs file: ,---- | # | # Home Context for user user_u | # | /var/qmail/[^/]*/.+ user_u:object_r:user_home_t:s0 | /var/qmail/[^/]*/\.ssh(/.*)? user_u:object_r:user_home_ssh_t:s0 | /var/qmail/[^/]*/\.gnupg(/.+)? user_u:object_r:user_gpg_secret_t:s0 | /var/qmail/[^/]* -d user_u:object_r:user_home_dir_t:s0 | /var/qmail/lost\+found/.* <> | /var/qmail -d system_u:object_r:home_root_t:s0 | /var/qmail/\.journal <> | /var/qmail/lost\+found -d system_u:object_r:lost_found_t:s0 | /tmp/gconfd-.* -d user_u:object_r:user_tmp_t:s0 `---- This commit adds checking uid value againt MAX_UID too. Bug fix: "login.defs:MAX_UID have no effect on generating list of valid users, but MIN_UID does have.", thanks to root (Closes: #510134). -- Manoj Srivastava Mon, 05 Jan 2009 16:53:48 -0600 libsemanage (2.0.25-2) unstable; urgency=high * Bug fix: "Python errors during upgrade", thanks to Frans Pop. This is a serious bug. (Closes: #499023). -- Manoj Srivastava Tue, 16 Sep 2008 01:24:25 -0500 libsemanage (2.0.25-1) unstable; urgency=low * Non-maintainer upload. * New version needed for the latest policy. -- Russell Coker Sat, 12 Jul 2008 00:09:33 +1000 libsemanage (2.0.24-2) unstable; urgency=low * Record the new location of the repository for this package (moved to a new git repository) * Move to the new, make -j friendly targets in debian/rules. * Bug fix: "python-semanage: depends on python2.4 *and python2.5", thanks to Jean-Charles Bagneris I have no idea why that happened, but it seems to have gone away now. (Closes: #476799). -- Manoj Srivastava Sun, 01 Jun 2008 12:29:22 -0500 libsemanage (2.0.24-1) unstable; urgency=low * New upstream release * make swigify * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. * Free policydb before fork from Joshua Brindle. * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. * Use sepol_set_expand_consume_base to reduce peak memory usage when using semodule from Joshua Brindle. * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. * Fix spurious out of memory error reports. * Merged second version of fix for genhomedircon handling from Caleb Case. * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. * Copy the store path in semanage_select_store from Dan Walsh. * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. * ustr cleanups from James Antill. * Ensure that /root gets labeled even if using the default context from Dan Walsh. * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. * Fix error checking on getpw*_r functions from Todd Miller. * Make genhomedircon skip invalid homedir contexts from Todd Miller. * Set default user and prefix from seusers from Dan Walsh. * Add swigify Makefile target from Dan Walsh. -- Manoj Srivastava Tue, 18 Mar 2008 01:12:13 -0500 libsemanage (2.0.9-2) unstable; urgency=low * Add swig to build dependencies. Closes: #465053 -- Manoj Srivastava Thu, 21 Feb 2008 11:58:40 -0600 libsemanage (2.0.9-1) unstable; urgency=low * New upstream release * Pass CFLAGS to CC even on link command, per Dennis Gilmore. * Clear errno on non-fatal errors to avoid reporting them upon a later error that does not set errno. * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. * Change to use getpw* function calls to the _r versions from Todd Miller. * Replace genhomedircon script with equivalent functionality within libsemanage and introduce disable-genhomedircon option in semanage.conf from Todd Miller. Note: Depends on ustr. * Allow dontaudits to be turned off via semanage interface when updating policy from Joshua Brindle. * The changes cause an shlib bump. Also, update build dependencies. -- Manoj Srivastava Wed, 06 Feb 2008 13:42:27 -0600 libsemanage (2.0.3-1) unstable; urgency=low * New upstream SVN HEAD + Merged optimizations from Stephen Smalley. - do not set all booleans upon commit, only those whose values have changed - only install the sandbox upon commit if something was rebuilt + Fix to libsemanage man patches so whatis will work better from Dan Walsh -- Manoj Srivastava Sun, 6 May 2007 17:26:26 -0500 libsemanage (2.0.1-1) unstable; urgency=low * New upstream release. This is the trunk, or development, version. * Merged Makefile test target patch from Caleb Case. * Merged get_commit_number function rename patch from Caleb Case. * Merged strnlen -> strlen patch from Todd Miller. * Merged dbase_file_flush patch from Dan Walsh. This removes any mention of specific tools (e.g. semanage) from the comment header of the auto-generated files, since there are multiple front-end tools. -- Manoj Srivastava Thu, 19 Apr 2007 17:20:26 -0500 libsemanage (1.10.3-1) unstable; urgency=low * New upstream release * Merged dbase_file_flush patch from Dan Walsh. This removes any mention of specific tools (e.g. semanage) from the comment header of the auto-generated files, since there are multiple front-end tools. * Merged Makefile test target patch from Caleb Case. * Merged get_commit_number function rename patch from Caleb Case. * Merged strnlen -> strlen patch from Todd Miller. * Merged python binding fix from Dan Walsh. * Updated version for stable branch. * Merged patch to optionally reduce disk usage by removing the backup module store and linked policy from Karl MacMillan * Merged patch to correctly propagate return values in libsemanage * Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to prevent hitting the global offest table limit. Patch changed to include libselinux and libsemanage in addition to libsepol. * Added XS-VCS-Arch and XS-VCS-Browse to debian/control * Bumped shlibs, and reset depends for the latest version -- Manoj Srivastava Thu, 19 Apr 2007 00:13:33 -0500 libsemanage (1.8-1) unstable; urgency=low * New upstream release * Merged patch to skip reload if no active store exists and the store path doesn't match the active store path from Dan Walsh. * Merged patch to not destroy sepol handle on error path of connect from James Athey. * Merged patch to add genhomedircon path to semanage.conf from James Athey. * Updated version for release. * Bug fix: "'Conflicts: python2.4-semanage' has incorrect version", thanks to Max Bowsher (Closes: #391596). -- Manoj Srivastava Fri, 20 Oct 2006 13:21:59 -0500 libsemanage (1.6.16-3) unstable; urgency=low * Set the policy version compiled to version 20, the highest supported by kernel version 2.6.17, which is the latest currently released one. (Closes: #386928) -- Manoj Srivastava Tue, 12 Sep 2006 03:09:04 -0500 libsemanage (1.6.16-2) unstable; urgency=low * Update with new builddepends, to compile with the newest libsepol -- Manoj Srivastava Mon, 11 Sep 2006 15:57:58 -0500 libsemanage (1.6.16-1) unstable; urgency=low * New upstream point release * Make most copy errors fatal, but allow exceptions for file_contexts.local, seusers, and netfilter_contexts if the source file does not exist in the store. * Add md5sums * Bug fix: "libsemanage: .version file for python package (python-semanage) contains spaces", thanks to Rudolph Pereira (Closes: #385098). -- Manoj Srivastava Thu, 7 Sep 2006 01:02:45 -0500 libsemanage (1.6.15-2) unstable; urgency=low * Fix wrong directory the extensions were installed in. * Bug fix: "python-semanage: Description says "Python2.4 bindings" but it's both 2.3 and 2.4", thanks to Erich Schubert (Closes: #382878). -- Manoj Srivastava Tue, 15 Aug 2006 00:32:55 -0500 libsemanage (1.6.15-1) unstable; urgency=low * New upstream point release * Merged separate local file contexts patch from Chris PeBenito. * Merged patch to make most copy errors non-fatal from Dan Walsh. -- Manoj Srivastava Sun, 13 Aug 2006 00:36:51 -0500 libsemanage (1.6.13-1) unstable; urgency=low * New upstream point release * Merged netfilter contexts support from Chris PeBenito. * Moved the package over to the new python policy. This means that the old python2.4-semanage package is now a virtual package, and now we provide python packages for all supported versions of python, determining the depends and the provides relationships of the python package dynamically. The build depends has been changed to acoomodate it. The package uses the python-support utility to help with byte compilation and other modules handling. (Closes: #380865) * Python transition (#2): you are building a private python module ! * Bug fix: "setup.py file for building the python extension", thanks to Matthias Klose. Thanks for the hint about -z,defs; however, I have elected to stick close to the upstream Makefile and not use setup.py. (Closes: #382581). -- Manoj Srivastava Sat, 12 Aug 2006 01:05:45 -0500 libsemanage (1.6.12-1) unstable; urgency=low * New upstream point release * Merged support for read operations on read-only fs from Caleb Case (Tresys Technology). * Lindent. * Merged setfiles location check patch from Dan Walsh. * Merged several fixes from Serge Hallyn: dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache: clear fp to avoid double fclose semanage_fc_sort: destroy temp on error paths * Updated default location for setfiles to /sbin to match policycoreutils. This can also be adjusted via semanage.conf using the syntax: [setfiles] path = /path/to/setfiles args = -q -c $@ $< [end] * Merged fix warnings patch from Karl MacMillan. * Merged updated file context sorting patch from Christopher Ashworth, with bug fix for escaped character flag. * Merged file context sorting code from Christopher Ashworth (Tresys Technology), based on fc_sort.c code in refpolicy. * Merged python binding t_output_helper removal patch from Dan Walsh. * Regenerated swig files. * Merged corrected fix for descriptor leak from Dan Walsh. * Merged Makefile PYLIBVER definition patch from Dan Walsh. * Merged man page reorganization from Ivan Gyurdiev. -- Manoj Srivastava Wed, 19 Jul 2006 17:46:54 -0500 libsemanage (1.6-1) unstable; urgency=low * New upstream release * Updated version for release. * Merged abort early on merge errors patch from Ivan Gyurdiev. * Cleaned up error handling in semanage_split_fc based on a patch by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. * Merged MLS handling fixes from Ivan Gyurdiev. * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. * Merged base_merge_components changes from Ivan Gyurdiev. * Merged paths array patch from Ivan Gyurdiev. * Merged bug fix patch from Ivan Gyurdiev. * Merged improve bindings patch from Ivan Gyurdiev. * Merged use PyList patch from Ivan Gyurdiev. * Merged memory leak fix patch from Ivan Gyurdiev. * Merged nodecon support patch from Ivan Gyurdiev. * Merged cleanups patch from Ivan Gyurdiev. * Merged split swig patch from Ivan Gyurdiev. * Merged optionals in base patch from Joshua Brindle. * Merged treat seusers/users_extra as optional sections patch from Ivan Gyurdiev. * Merged parse_optional fixes from Ivan Gyurdiev. * Merged seuser/user_extra support patch from Joshua Brindle. * Merged remote system dbase patch from Ivan Gyurdiev. * Merged clone record on set_con patch from Ivan Gyurdiev. * Merged fname parameter patch from Ivan Gyurdiev. * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. * Merged seusers.system patch from Ivan Gyurdiev. * Merged improve port/fcontext API patch from Ivan Gyurdiev. * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. * Merged set_create_store, access_check, and is_connected interfaces from Joshua Brindle. * Regenerate python wrappers. * Merged pywrap Makefile diff from Dan Walsh. * Merged cache management patch from Ivan Gyurdiev. * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. * Merged remove apply_local function patch from Ivan Gyurdiev. * Merged only do read locking in direct case patch from Ivan Gyurdiev. * Merged cache error path memory leak fix from Ivan Gyurdiev. * Merged auto-generated file header patch from Ivan Gyurdiev. * Merged pywrap test update from Ivan Gyurdiev. * Merged hidden defs update from Ivan Gyurdiev. * Merged disallow port overlap patch from Ivan Gyurdiev. * Merged join prereq and implementation patches from Ivan Gyurdiev. * Merged join user extra data part 2 patch from Ivan Gyurdiev. * Merged bugfix patch from Ivan Gyurdiev. * Merged remove add_local/set_local patch from Ivan Gyurdiev. * Merged user extra data part 1 patch from Ivan Gyurdiev. * Merged size_t -> unsigned int patch from Ivan Gyurdiev. * Merged calloc check in semanage_store patch from Ivan Gyurdiev, bug noticed by Steve Grubb. * Merged cleanups after add/set removal patch from Ivan Gyurdiev. * Merged fcontext compare fix from Ivan Gyurdiev. * Fixed commit to return the commit number aka policy sequence number. * Merged const in APIs patch from Ivan Gyurdiev. * Merged validation of local file contexts patch from Ivan Gyurdiev. * Merged compare2 function patch from Ivan Gyurdiev. * Merged hidden def/proto update patch from Ivan Gyurdiev. * Re-applied string and file optimization patch from Russell Coker, with bug fix. * Reverted string and file optimization patch from Russell Coker. * Clarified error messages from parse_module_headers and parse_base_headers for base/module mismatches. * Merged string and file optimization patch from Russell Coker. * Merged swig header reordering patch from Ivan Gyurdiev. * Merged toggle modify on add patch from Ivan Gyurdiev. * Merged ports parser bugfix patch from Ivan Gyurdiev. * Merged fcontext swig patch from Ivan Gyurdiev. * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. * Merged man pages for dbase functions patch from Ivan Gyurdiev. * Merged pywrap tests patch from Ivan Gyurdiev. -- Manoj Srivastava Wed, 22 Mar 2006 23:34:44 -0600 libsemanage (1.4-4) unstable; urgency=low * Bug fix: "python2.4-semanage: Cannot be installed. Conflicting file with libsemanage-dev", thanks to Tomasz Rybak (Closes: #348050). -- Manoj Srivastava Mon, 23 Jan 2006 13:49:56 -0600 libsemanage (1.4-3) unstable; urgency=low * Split out python2.4-semanage into a separate package, since the python bindings should not be in a -dev package. -- Manoj Srivastava Sun, 1 Jan 2006 09:19:05 -0600 libsemanage (1.4-2) unstable; urgency=low * Fix dependencies to facilitate backports. * Bug fix: "libsemanage: Build dependencies shouldn't contain debian revision numbers", thanks to Erich Schubert (Closes: #345461). -- Manoj Srivastava Sat, 31 Dec 2005 14:01:41 -0600 libsemanage (1.4-1) unstable; urgency=low * New upstream release * Updated version for release. * Changed semanage_handle_create() to set do_reload based on is_selinux_enabled(). This prevents improper attempts to load policy on a non-SELinux system. * Dropped handle from user_del_role interface. * Removed defrole interfaces. * Merged Makefile python definitions patch from Dan Walsh. * Removed is_selinux_mls_enabled() conditionals in seusers and users file parsers. * Merged wrap char*** for user_get_roles patch from Joshua Brindle. * Merged remove defrole from sepol patch from Ivan Gyurdiev. * Merged swig wrappers for modifying users and seusers from Joshua Brindle. * Fixed free->key_free bug. * Merged clear obsolete patch from Ivan Gyurdiev. * Merged modified swigify patch from Dan Walsh (original patch from Joshua Brindle). * Merged move genhomedircon call patch from Chad Sellers. * Merged move seuser validation patch from Ivan Gyurdiev. * Merged hidden declaration fixes from Ivan Gyurdiev, with minor corrections. * Merged cleanup patch from Ivan Gyurdiev. This renames semanage_module_conn to semanage_direct_handle, and moves sepol handle create/destroy into semanage handle create/destroy to allow use even when disconnected (for the record interfaces). * Clear modules modified flag upon disconnect and commit. * Added tracking of module modifications and use it to determine whether expand-time checks should be applied on commit. * Reverted semanage_set_reload_bools() interface. * Disabled calls to port dbase for merge and commit and stubbed out calls to sepol_port interfaces since they are not exported. * Merged rename instead of copy patch from Joshua Brindle (Tresys). * Added hidden_def/hidden_proto for exported symbols used within libsemanage to eliminate relocations. Wrapped type definitions in exported headers as needed to avoid conflicts. Added src/context_internal.h and src/iface_internal.h. * Added semanage_is_managed() interface to allow detection of whether the policy is managed via libsemanage. This enables proper handling in setsebool for non-managed systems. * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, to enable runtime control over preserving active boolean values versus reloading their saved settings upon commit. * Merged seuser parser resync, dbase tracking and cleanup, strtol bug, copyright, and assert space patches from Ivan Gyurdiev. * Added src/*_internal.h in preparation for other changes. * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and src/seusers.[hc]. * Merged interface parse/print, context_to_string interface change, move assert_noeof, and order preserving patches from Ivan Gyurdiev. * Added src/dso.h in preparation for other changes. * Merged install seusers, handle/error messages, MLS parsing, and seusers validation patches from Ivan Gyurdiev. * Merged record interface, dbase flush, common database code, and record bugfix patches from Ivan Gyurdiev. * Merged dbase policydb list and count change from Ivan Gyurdiev. * Merged enable dbase and set relay patches from Ivan Gyurdiev. * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. * Merged sepol handle passing, seusers support, and policydb cache patches from Ivan Gyurdiev. * Merged resync to sepol changes and booleans fixes/improvements patches from Ivan Gyurdiev. * Merged support for genhomedircon/homedir template, store selection, explicit policy reload, and semanage.conf relocation from Joshua Brindle. * Merged resync to sepol changes and transaction fix patches from Ivan Gyurdiev. * Merged reorganize users patch from Ivan Gyurdiev. * Merged remove unused relay functions patch from Ivan Gyurdiev. * Fixed policy file leaks in semanage_load_module and semanage_write_module. * Merged further database work from Ivan Gyurdiev. * Fixed bug in semanage_direct_disconnect. * Merged interface renaming patch from Ivan Gyurdiev. * Merged policy component patch from Ivan Gyurdiev. * Renamed 'check=' configuration value to 'expand-check=' for clarity. * Changed semanage_commit_sandbox to check for and report errors on rename(2) calls performed during rollback. * Added optional check= configuration value to semanage.conf and updated call to sepol_expand_module to pass its value to control assertion and hierarchy checking on module expansion. * Merged fixes for make DESTDIR= builds from Joshua Brindle. * Merged default database from Ivan Gyurdiev. * Merged removal of connect requirement in policydb backend from Ivan Gyurdiev. * Merged commit locking fix and lock rename from Joshua Brindle. * Merged transaction rollback in lock patch from Joshua Brindle. * Changed default args for load_policy to be null, as it no longer takes a pathname argument and we want to preserve booleans. * Merged move local dbase initialization patch from Ivan Gyurdiev. * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. * Added calls to sepol_policy_file_set_handle interface prior to invoking sepol operations on policy files. * Updated call to sepol_policydb_from_image to pass the handle. * Merged user and port APIs - policy database patch from Ivan Gyurdiev. * Converted calls to sepol link_packages and expand_module interfaces from using buffers to using sepol handles for error reporting, and changed direct_connect/disconnect to create/destroy sepol handles. * Merged bugfix patch from Ivan Gyurdiev. * Merged seuser database patch from Ivan Gyurdiev. Merged direct user/port databases to the handle from Ivan Gyurdiev. * Removed obsolete include/semanage/commit_api.h (leftover). Merged seuser record patch from Ivan Gyurdiev. * Merged boolean and interface databases from Ivan Gyurdiev. * Updated to use get interfaces for hidden sepol_module_package type. * Changed semanage_expand_sandbox and semanage_install_active to generate/install the latest policy version supported by libsepol by default (unless overridden by semanage.conf), since libselinux will now downgrade automatically for load_policy. * Merged new callback-based error reporting system and ongoing database work from Ivan Gyurdiev. * Fixed semanage_install_active() to use the same logic for selecting a policy version as semanage_expand_sandbox(). Dropped dead code from semanage_install_sandbox(). * Updated for changes to libsepol, and to only use types and interfaces provided by the shared libsepol. * Merged further database work from Ivan Gyurdiev. * Merged iterate, redistribute, and dbase split patches from Ivan Gyurdiev. * Merged patch series from Ivan Gyurdiev. (pointer typedef elimination, file renames, dbase work, backend separation) * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. * Separated handle create from connect interface. * Added a constructor for initialization. * Moved up src/include/*.h to src. * Created a symbol map file; dropped dso.h and hidden markings. * Merged major update to libsemanage organization and functionality from Karl MacMillan (Tresys). * Merged dbase redesign patch from Ivan Gyurdiev. * Merged boolean record, stub record handler, and status codes patches from Ivan Gyurdiev. * Merged stub iterator functionality from Ivan Gyurdiev. * Merged interface record patch from Ivan Gyurdiev. * Merged stub functionality for managing user and port records, and record table code from Ivan Gyurdiev. -- Manoj Srivastava Sun, 11 Dec 2005 00:53:26 -0600 libsemanage (1.2-1) unstable; urgency=low * New package. -- Manoj Srivastava Wed, 14 Sep 2005 23:21:42 -0500