checkpolicy (3.7-1) unstable; urgency=medium * New upstream release closes: #1078391 * Add extra upstream signing key for Petr Lautrbach -- Russell Coker Fri, 23 Aug 2024 19:10:10 +1000 checkpolicy (3.5-1) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Repository, Repository-Browse. * Update standards version to 4.6.2, no changes needed. [ Laurent Bigonville ] * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/upstream/signing-key.asc: Add public key of Jason Zaman -- Laurent Bigonville Mon, 10 Jul 2023 20:52:31 +0200 checkpolicy (3.4-1) unstable; urgency=medium * New upstream release - debian/control: Bump build-dependencies to match the new release * Enable GPG key validation of the upstream tarball -- Laurent Bigonville Sat, 04 Jun 2022 12:59:27 +0200 checkpolicy (3.3-1) unstable; urgency=medium [ Christian Göttsche ] * d/control: Bump debhelper compat to level 13 * d/control: Bump Standards-Version to 4.5.1 (no further changes) * d/control: Update homepage * d/gitlab-ci.yml: Use Debian recipe * d/rules: Enable -Wall and -Wextra * d/rules: Enable build hardening * d/upstream/metadata: Add fields Bug-Submit and Bug-Database * d/control: Drop cute fields [ Laurent Bigonville ] * debian/watch: Update the regex (again) * New upstream version 3.3 - Switch BD from libsepol1-dev to libsepol-dev * debian/control: Bump Standards-Version to 4.6.0 (no further changes) -- Laurent Bigonville Sun, 07 Nov 2021 23:27:55 +0100 checkpolicy (3.1-1) unstable; urgency=medium * New upstream release (Closes: #957083) - debian/control: Bump build-dependencies to match the new release * debian/gitlab-ci.yml: Try to fix the salsa CI pipeline * debian/control: Set Rules-Requires-Root: no * debian/control: Bump Standards-Version to 4.5.0 (no further changes) -- Laurent Bigonville Tue, 14 Jul 2020 19:50:16 +0200 checkpolicy (3.0-1) unstable; urgency=medium [ Laurent Bigonville ] * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/copyright: Use https for the format uri, to please lintian [ Debian Janitor ] * Update standards version to 4.4.1, no changes needed. * Bump debhelper from old 10 to 12. * Set upstream metadata fields: Repository. [ You-Sheng Yang ] * ci: enable ci -- Laurent Bigonville Wed, 11 Dec 2019 15:34:30 +0100 checkpolicy (2.9-2) unstable; urgency=medium * Upload to unstable -- Laurent Bigonville Mon, 08 Jul 2019 08:46:41 +0200 checkpolicy (2.9-1) experimental; urgency=medium * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/watch: Adjust the URL * debian/control: Bump Standards-Version to 4.3.0 (no further changes) -- Laurent Bigonville Sun, 17 Mar 2019 20:55:27 +0100 checkpolicy (2.8-1) unstable; urgency=medium * New upstream release - debian/control: Bump build-dependencies to match the new release - Drop debian/patches/sctp, merged upstream * debian/control: Point Vcs-* fields to new (salsa) machine * debian/rules: Adjust to match upstream changes to the build system * debian/control: Bump Standards-Version to 4.1.4 (no further changes) -- Laurent Bigonville Mon, 28 May 2018 15:44:57 +0200 checkpolicy (2.7-2) unstable; urgency=medium * https://marc.info/?l=selinux&m=152078548332657&q=raw Add the above patch for sctp support and build-depend on >= version 2.7-2 of libsepol1-dev. Closes: #895988 -- Russell Coker Sat, 19 May 2018 10:16:15 +1000 checkpolicy (2.7-1) unstable; urgency=medium * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/control: Remove Manoj from the uploader list and add myself instead. Thanks to him for all the work in the past. * debian/copyright: Update the copyright file * Bump debhelper compatibility to 10 * Bump Standards-Version to 4.1.0 (no further changes) -- Laurent Bigonville Sat, 09 Sep 2017 23:51:10 +0200 checkpolicy (2.7~rc2-1) experimental; urgency=medium * Team upload. * New upstream release candidate - Bump libsepol1-dev build-dependency to >= 2.7~ to match the release - Drop debian/patches/remove-lfl-from-LDLIBS.patch, applied upstream - Drop debian/patches/multiarch.patch and override LIBSEPOLA instead * debian/watch: Add support for rc releases and use macros * debian/control: Bump Standards-Version to 4.0.0 (no further changes) -- Laurent Bigonville Wed, 21 Jun 2017 15:41:28 +0200 checkpolicy (2.6-2) unstable; urgency=medium * Team upload. * debian/patches/remove-lfl-from-LDLIBS.patch: Fix FTBFS now that the flex package is not pulling libfl-dev anymore, from upstream (Closes: #846416) -- Laurent Bigonville Sun, 04 Dec 2016 23:11:35 +0100 checkpolicy (2.6-1) unstable; urgency=medium * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/gbp.conf: Rename git-buildpackage section to buildpackage -- Laurent Bigonville Fri, 28 Oct 2016 11:38:14 +0200 checkpolicy (2.5-1) unstable; urgency=medium * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/gbp.conf: Sign tags by default * debian/control: Bump Standards-Version to 3.9.8 (no further changes) * debian/control: Update the Vcs-* URL's to please lintian (again) -- Laurent Bigonville Mon, 25 Apr 2016 20:37:19 +0200 checkpolicy (2.4-2) unstable; urgency=medium * Team upload. * Upload to unstable -- Laurent Bigonville Wed, 18 Nov 2015 18:26:56 +0100 checkpolicy (2.4-1) experimental; urgency=medium * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/control: Drop libselinux-dev from the build-dependencies, it's not used * debian/watch: Update the watch file URL * debian/control: Bump Standards-Version to 3.9.6 (no further changes) -- Laurent Bigonville Wed, 03 Jun 2015 08:39:36 +0200 checkpolicy (2.3-1) unstable; urgency=medium * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the new release * debian/control: Bump Standards-Version to 3.9.5 (no further changes) * Add Built-Using field as checkpolicy is statically linking against libsepol -- Laurent Bigonville Thu, 15 May 2014 00:45:28 +0200 checkpolicy (2.2-1) unstable; urgency=low * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the release - debian/patches/multiarch.patch: Refreshed * debian/control: - Bump Standards-Version to 3.9.4 (no further changes) - Use canonical URL for VCS-Git field -- Laurent Bigonville Fri, 01 Nov 2013 23:39:52 +0100 checkpolicy (2.1.12-1) unstable; urgency=low * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the release * Update debian/watch file -- Laurent Bigonville Thu, 09 May 2013 23:30:40 +0200 checkpolicy (2.1.11-1) experimental; urgency=low * Team upload. * New upstream release - Bump libsepol1-dev and libselinux1-dev build-dependencies * debian/gbp.conf: Change default git-buildpackage build-directory and the debian-branch to "debian" instead of "upstream" -- Laurent Bigonville Wed, 26 Sep 2012 13:42:02 +0200 checkpolicy (2.1.8-2) unstable; urgency=low * Team upload. * Switch to debhelper sequence * debian/control: - Bump Standards-Version to 3.9.3 - Add Homepage field - Update Vcs-* fields - Make checkpolicy arch linux-any - Put under the Debian SELinux team maintenance * Add debian/gbp.conf file * debian/rules: Append CPPFLAGS hardening flags to CFLAGS as build system is not using CPPFLAGS -- Laurent Bigonville Tue, 27 Mar 2012 20:22:24 +0200 checkpolicy (2.1.8-1) unstable; urgency=low * New upstream version, added filename trans rule support. -- Russell Coker Tue, 28 Feb 2012 16:21:32 +1100 checkpolicy (2.1.0-1.1) unstable; urgency=low * Non-maintainer upload. * debian/rules,debian/patches/multiarch.patch - add multiarch support to fix FTBFS (#652748) * debian/source/format - add it to support quilt -- Hideki Yamane Fri, 30 Dec 2011 10:52:06 +0900 checkpolicy (2.1.0-1) unstable; urgency=low * New upstream release. Support role transitions, filename transitions, and single digit module versions among other things. * Made it build-depend on the latest libsepol1-dev and libselinux1-dev -- Russell Coker Tue, 30 Aug 2011 15:17:56 +1000 checkpolicy (2.0.23-1) unstable; urgency=low * Made myself the maintainer and made Manoj an uploader as he hasn't done an upload for a while * New upstream release + Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock * Used the latest versions of libsepol1-dev and libselinux1-dev in build-depends -- Russell Coker Thu, 31 Mar 2011 23:35:30 +1100 checkpolicy (2.0.22-1) unstable; urgency=low * New upstream release. Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence -- Manoj Srivastava Wed, 21 Jul 2010 00:28:52 -0700 checkpolicy (2.0.21-1) unstable; urgency=low * New upstream release + Add long options to checkpolicy and checkmodule by Guido Trentalancia -- Manoj Srivastava Sun, 28 Mar 2010 09:59:27 -0700 checkpolicy (2.0.20-1) unstable; urgency=low * New upstream point release. Add support for building Xen policies from Paul Nuzzi. -- Manoj Srivastava Thu, 15 Oct 2009 23:10:12 -0500 checkpolicy (2.0.19-1) unstable; urgency=low * New upstream release * Fix alias field in module format, caused by boundary format change from Caleb Case. * Properly escape regex symbols in the lexer from Stephen Smalley. * Add bounds support from KaiGai Kohei. -- Manoj Srivastava Mon, 15 Jun 2009 14:12:44 -0500 checkpolicy (2.0.16-4) unstable; urgency=low * Updated the location of the sources in the watch file. * Fixed a race condition in the debian rules file, and allow an override for parallel builds. -- Manoj Srivastava Thu, 16 Apr 2009 12:55:26 -0500 checkpolicy (2.0.16-3) unstable; urgency=low * [cb135a2] Removed obsolete dependencies (Closes: #505737) -- Manoj Srivastava Thu, 20 Nov 2008 02:52:53 -0600 checkpolicy (2.0.16-2) unstable; urgency=low * Move to the new, make -j friendly, streamlined targets in the build system. This should make building this more robust, and faster. * Record the new VCS repository location for the package. * NMU ack. -- Manoj Srivastava Sat, 30 Aug 2008 02:09:26 -0500 checkpolicy (2.0.16-1) unstable; urgency=low * Non-maintainer upload. * New upstream version needed for latest policy. -- Russell Coker Sat, 12 Jul 2008 00:16:59 +1000 checkpolicy (2.0.12-1) unstable; urgency=low * New upstream release * Initialize struct policy_file before using it, from Todd C. Miller. * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. * Use yyerror2() where appropriate from Todd C. Miller. * Update dispol for libsepol avtab changes from Stephen Smalley. * Deprecate role dominance in parser. * Added support for policy capabilities from Todd Miller. * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. -- Manoj Srivastava Tue, 18 Mar 2008 01:34:42 -0500 checkpolicy (2.0.4-1) unstable; urgency=low * New upstream release * Merged handle unknown policydb flag support from Eric Paris. Adds new command line options -U {allow, reject, deny} for selecting the flag when a base module or kernel policy is built. * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. -- Manoj Srivastava Wed, 06 Feb 2008 14:25:41 -0600 checkpolicy (2.0.2-1) unstable; urgency=low * New upstream SVN HEAD. + Merged checkmodule man page fix from Dan Walsh. -- Manoj Srivastava Sun, 6 May 2007 17:48:06 -0500 checkpolicy (2.0.1-1) unstable; urgency=low * New upstream trunk release * Merged patch to use new libsepol error codes by Karl MacMillan. -- Manoj Srivastava Thu, 19 Apr 2007 18:51:02 -0500 checkpolicy (1.34.1-1) unstable; urgency=low * New upstream release * Merged patch to allow dots in class identifiers from Caleb Case. * Updated version for stable branch. * Collapse user identifiers and identifiers together. * Added XS-VCS-Arch and XS-VCS-Browse to debian/control, and up0dated the build depends -- Manoj Srivastava Thu, 19 Apr 2007 00:46:26 -0500 checkpolicy (1.32-1) unstable; urgency=low * New upstream release * Merged user and range_transition support for modules from Darrel Goeddel * Updated version for release. -- Manoj Srivastava Fri, 20 Oct 2006 17:51:00 -0500 checkpolicy (1.30.11-2) unstable; urgency=low * Bug fix: "checkpolicy: Checkpolicy fails with old version of libsepol1", thanks to Simon Richard Grint (Closes: #387029). * Relink to the new version of libsepol, since that has the proper shlibs bump. -- Manoj Srivastava Mon, 11 Sep 2006 16:06:19 -0500 checkpolicy (1.30.11-1) unstable; urgency=low * New upstream point release * merged range_transition enhancements and user module format changes from Darrel Goeddel -- Manoj Srivastava Thu, 7 Sep 2006 10:18:48 -0500 checkpolicy (1.30.10-2) unstable; urgency=low * checkpolicy_1.30.10-1(ia64/unstable): FTBFS: missing build-depends? Actually, no. the package asks for bison -- but it is not around, so Make just picks yacc as default (which is also missing). So I think this is a buildd bug -- but there is no harm in being a little more robust, and being able to prove it is not a package bug is bonus. (Closes: #382646) -- Manoj Srivastava Sun, 13 Aug 2006 00:11:08 -0500 checkpolicy (1.30.10-1) unstable; urgency=low * New upstream point release * Merged symtab datum patch from Karl MacMillan. -- Manoj Srivastava Sat, 12 Aug 2006 04:24:44 -0500 checkpolicy (1.30.9-1) unstable; urgency=low * New upstream point release * Lindent. * Merged patch to remove TE rule conflict checking from the parser from Joshua Brindle. This can only be done properly by the expander. * Merged patch to make checkpolicy/checkmodule handling of duplicate/conflicting TE rules the same as the expander from Joshua Brindle. * Merged optionals in base take 2 patch set from Joshua Brindle. * Merged compiler cleanup patch from Karl MacMillan. * Merged fix warnings patch from Karl MacMillan. * Changed require_class to reject permissions that have not been declared if building a base module. -- Manoj Srivastava Wed, 19 Jul 2006 18:01:32 -0500 checkpolicy (1.30.3-1) unstable; urgency=low * Synchronize with latest CVS; needed for reference policy. -- Manoj Srivastava Mon, 8 May 2006 14:02:46 -0500 checkpolicy (1.30-1) unstable; urgency=low * New upstream release * Updated version for release. * Fixed bug in role dominance (define_role_dom). * Added a check for failure to declare each sensitivity in a level definition. * Changed to clone level data for aliased sensitivities to avoid double free upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology. * Merged optionals in base patch from Joshua Brindle. * Merged sepol_av_to_string patch from Joshua Brindle. -- Manoj Srivastava Mon, 10 Apr 2006 16:18:24 -0500 checkpolicy (1.28-1) unstable; urgency=low * New upstream release * Updated version for release. * Merged checkmodule man page from Dan Walsh, and edited it. * Added error checking of all ebitmap_set_bit calls for out of memory conditions. * Merged removal of compatibility handling of netlink classes (requirement that policies with newer versions include the netlink class definitions, remapping of fine-grained netlink classes in newer source policies to single netlink class when generating older policies) from George Coker. * Merged dismod fix from Joshua Brindle. * Removed obsolete cond_check_type_rules() function and call and cond_optimize_lists() call from checkpolicy.c; these are handled during parsing and expansion now. * Updated calls to expand_module for interface change. * Changed checkmodule to verify that expand_module succeeds when building base modules. * Merged module compiler fixes from Joshua Brindle. * Removed direct calls to hierarchy_check_constraints() and check_assertions() from checkpolicy since they are now called internally by expand_module(). * Updated for changes to sepol policydb_index_others interface. * Updated for changes to sepol expand_module and link_modules interfaces. * Merged support for require blocks inside conditionals from Joshua Brindle (Tresys). * Updated for changes to libsepol. * Merged several bug fixes from Joshua Brindle (Tresys). * Merged MLS in modules patch from Joshua Brindle (Tresys). * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). * Merged bugfix for dup role transition error messages from Karl MacMillan (Tresys). * Merged policyver/modulever patches from Joshua Brindle (Tresys). * Fixed parse_categories handling of undefined category. * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). -- Manoj Srivastava Thu, 29 Dec 2005 23:57:12 -0600 checkpolicy (1.27.4-1) unstable; urgency=low * New upstream CVS point release, required for the latest SELinux policy package. Various bug fixes, and retooled for the new avtab format. -- Manoj Srivastava Fri, 30 Sep 2005 14:41:04 -0500 checkpolicy (1.26-1) unstable; urgency=low * New upstream release * Updated version for release. * Fixed handling of validatetrans constraint expressions. Bug reported by Dan Walsh for checkpolicy -M. * Merged use-after-free fix from Serge Hallyn (IBM). Bug found by Coverity. * Fixed further memory leaks found by valgrind. * Changed checkpolicy to destroy the policydbs prior to exit to allow leak detection. * Fixed several memory leaks found by valgrind. * Updated checkpolicy and dispol for the new avtab format. Converted users of ebitmaps to new inline operators. Note: The binary policy format version has been incremented to version 20 as a result of these changes. To build a policy for a kernel that does not yet include these changes, use the -c 19 option to checkpolicy. * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). * Fixed call to hierarchy checking code to pass the right policydb. * Merged patch to update dismod for the relocation of the module read/write code from libsemanage to libsepol, and to enable build of test subdirectory from Jason Tang (Tresys). * Merged hierarchy check fix from Joshua Brindle (Tresys). * Merged loadable module support from Tresys Technology. * Merged patch to prohibit the use of * and ~ in type sets (other than in neverallow statements) and in role sets from Joshua Brindle (Tresys). -- Manoj Srivastava Wed, 14 Sep 2005 23:59:18 -0500 checkpolicy (1.24-2) unstable; urgency=low * Bug fix: "FTBFS: build-depends not strict enough", thanks to Christian T. Steigies (Closes: #316439). -- Manoj Srivastava Thu, 7 Jul 2005 13:18:14 -0500 checkpolicy (1.24-1) unstable; urgency=low * New upstream release * Updated version for release. * Merged cleanup patch from Dan Walsh. * Added sepol_ prefix to Flask types to avoid namespace collision with libselinux. * Merged identifier fix from Joshua Brindle (Tresys). * Merged hierarchical type/role patch from Tresys Technology. * Merged MLS fixes from Darrel Goeddel of TCS. -- Manoj Srivastava Mon, 27 Jun 2005 14:42:10 -0500 checkpolicy (1.22-2) unstable; urgency=low * Bug fix: "checkpolicy: FTBFS due to undeclared functions", thanks to Christian T. Steigies. The build dependency needed to be versioned. (Closes: #299337). -- Manoj Srivastava Sun, 13 Mar 2005 13:06:42 -0600 checkpolicy (1.22-1) unstable; urgency=low * New upstream release * Merged typeattribute statement patch from Darrel Goeddel of TCS. * Changed genpolusers to handle multiple user config files. * Merged nodecon ordering patch from Chad Hanson of TCS. * Merged enhanced MLS support from Darrel Goeddel (TCS). * Changed relabel Makefile target to use restorecon. * Merged define_user() cleanup patch from Darrel Goeddel (TCS). * Merged range_transition support from Darrel Goeddel (TCS). * Moved genpolusers utility to libsepol. -- Manoj Srivastava Sat, 12 Mar 2005 16:10:54 -0600 checkpolicy (1.20-1) unstable; urgency=low * New upstream release * Merged typeattribute statement patch from Darrel Goeddel of TCS. * Changed genpolusers to handle multiple user config files. * Merged nodecon ordering patch from Chad Hanson of TCS. -- Manoj Srivastava Wed, 12 Jan 2005 16:46:34 -0600 checkpolicy (1.18-2) unstable; urgency=low * Update download location and copyright file, since the locations we were pointing to are now forbidden (return a code 403). -- Manoj Srivastava Wed, 24 Nov 2004 14:01:41 -0600 checkpolicy (1.18-1) unstable; urgency=low * New upstream release. * MLS build fix. * Fixed Makefile dependencies (Chris PeBenito). * Merged fix for role dominance ordering issue from Chad Hanson of TCS. * Preserve portcon ordering and apply more checking. -- Manoj Srivastava Thu, 4 Nov 2004 20:43:52 -0600 checkpolicy (1.16-1) unstable; urgency=low * New upstream version, plus patches to 1.17 CVS. -- Russell Coker Tue, 26 Oct 2004 22:47:00 +1000 checkpolicy (1.14-2) unstable; urgency=low * Patch from Tresys to fix a bug in conditional code compilation. -- Russell Coker Sun, 8 Aug 2004 22:26:00 +1000 checkpolicy (1.14-1) unstable; urgency=low * New upstream version that adds fine-grained netlink support and fixes some minur bugs. -- Russell Coker Wed, 30 Jun 2004 15:03:00 +1000 checkpolicy (1.10-1) unstable; urgency=low * New ustream version, includes support for policy V17 and changes to the -c option for backward compatability. * Taking the package over from Colin. -- Russell Coker Thu, 20 May 2004 04:32:00 +1000 checkpolicy (1.6-0.1) unstable; urgency=low * NMU with latest release (same as CVS). -- Russell Coker Thu, 26 Feb 2004 21:19:00 +1100 checkpolicy (1.4-2.1) unstable; urgency=low * NMU to update to latest CVS, needed by new policy. * Merged conditional policy extensions from Tresys Technology. * Added typealias declaration support per Russell Coker's request. * Added support for excluding types from type sets based on a patch by David Caplan, but reimplemented as a change to the policy grammar. * Merged patch from Colin Walters to report source file name and line number for errors when available. * Un-deprecated role transitions. -- Russell Coker Mon, 23 Feb 2004 21:09:00 +1100 checkpolicy (1.4-2) unstable; urgency=low * debian/control: - Apply patch from ddtp to fix typo in description (Closes: #218528) -- Colin Walters Fri, 9 Jan 2004 06:00:52 +0000 checkpolicy (1.4-1) unstable; urgency=low * New upstream release. * debian/patches/lineno.patch: - Add patch from CVS to display source line numbers on error. -- Colin Walters Fri, 9 Jan 2004 05:30:22 +0000 checkpolicy (1.1-1) unstable; urgency=low * New upstream release. -- Colin Walters Thu, 21 Aug 2003 23:55:39 -0400 checkpolicy (1.0-2) unstable; urgency=low * debian/control: - Add Build-Depends on bison, flex (Closes: #205831) -- Colin Walters Tue, 5 Aug 2003 18:37:17 -0400 checkpolicy (1.0-1) unstable; urgency=low * Initial version. -- Colin Walters Tue, 5 Aug 2003 01:35:18 -0400