Eric Paris | 14e4b70 | 2011-11-03 15:26:36 -0400 | [diff] [blame] | 1 | 2.1.4 2011-10-03 |
| 2 | * regenerate .pc on VERSION change |
| 3 | * Move ebitmap_* functions from mcstrans to libsepol |
| 4 | * expand: do filename_trans type comparison on mapped representation |
| 5 | |
Eric Paris | 418dbc7 | 2011-09-16 15:34:36 -0400 | [diff] [blame] | 6 | 2.1.3 2011-09-15 |
| 7 | * Skip writing role attributes for policy.X and |
| 8 | * Indicate when boolean is indeed a tunable. |
| 9 | * Separate tunable from boolean during compile. |
| 10 | * Write and read TUNABLE flags in related |
| 11 | * Copy and check the cond_bool_datum_t.flags during link. |
| 12 | * Permanently discard disabled branches of tunables in |
| 13 | * Skip tunable identifier and cond_node_t in expansion. |
| 14 | * Create a new preserve_tunables flag |
| 15 | * Preserve tunables when required by semodule program. |
| 16 | * setools expects expand_module_avrules to be an exported |
| 17 | * tree: default make target to all not |
| 18 | |
Eric Paris | 4749940 | 2011-08-03 18:09:02 -0400 | [diff] [blame] | 19 | 2.1.2 2011-08-03 |
| 20 | * Only call role_fix_callback for base.p_roles during expansion. |
| 21 | * use mapped role number instead of module role number |
| 22 | |
Eric Paris | 510003b | 2011-08-01 13:49:21 -0400 | [diff] [blame] | 23 | 2.1.1 2011-08-01 |
| 24 | * Minor fix to reading policy with filename transition rules |
| 25 | |
Steve Lawrence | 44121f6 | 2011-07-26 09:39:09 -0400 | [diff] [blame] | 26 | 2.1.0 2011-07-27 |
| 27 | * Release, minor version bump |
| 28 | |
Steve Lawrence | 5050408 | 2011-07-25 10:12:15 -0400 | [diff] [blame] | 29 | 2.0.46 2011-07-25 |
| 30 | * Add role attribute support by Harry Ciao |
| 31 | |
Steve Lawrence | 2ecb2bf | 2011-04-29 15:56:00 -0400 | [diff] [blame] | 32 | 2.0.45 2011-05-02 |
| 33 | * Warn if filename_trans rules are dropped by Steve Lawrence. |
| 34 | |
Steve Lawrence | 16c6605 | 2011-04-13 15:18:51 -0400 | [diff] [blame] | 35 | 2.0.44 2011-04-13 |
| 36 | * Fixes for new role_transition class field by Eric Paris. |
| 37 | * Add libsepol support for filename_trans rules by Eric Paris. |
| 38 | |
Steve Lawrence | c7512cf | 2011-04-11 16:10:04 -0400 | [diff] [blame] | 39 | 2.0.43 2011-04-11 |
| 40 | * Add new class field in role_transition by Harry Ciao. |
| 41 | |
Chad Sellers | d17ed0d | 2010-12-16 14:11:57 -0500 | [diff] [blame] | 42 | 2.0.42 2010-12-16 |
| 43 | * Fix compliation under GCC 4.6 by Justin Mattock |
| 44 | |
Chad Sellers | 88a57ca | 2009-11-18 16:44:55 -0500 | [diff] [blame] | 45 | 2.0.41 2009-11-18 |
| 46 | * Fixed typo in error message from Manoj Srivastava. |
| 47 | |
Eamon Walsh | 7cdfd6e | 2009-10-29 15:33:37 -0400 | [diff] [blame] | 48 | 2.0.40 2009-10-29 |
| 49 | * Add pkgconfig file from Eamon Walsh. |
| 50 | |
Joshua Brindle | f3c3bbd | 2009-10-14 15:54:16 -0400 | [diff] [blame] | 51 | 2.0.39 2009-10-14 |
| 52 | * Add support for building Xen policies from Paul Nuzzi. |
| 53 | |
Stephen Smalley | acc3a04 | 2009-09-01 10:03:46 -0400 | [diff] [blame] | 54 | 2.0.38 2009-09-01 |
| 55 | * Check last offset in the module package against the file size. |
| 56 | Reported by Manoj Srivastava for bug filed by Max Kellermann. |
| 57 | |
Stephen Smalley | 667edaa | 2009-07-07 14:25:12 -0400 | [diff] [blame] | 58 | 2.0.37 2009-07-07 |
| 59 | * Add method to check disable dontaudit flag from Christopher Pardy. |
| 60 | |
Joshua Brindle | 94dd685 | 2009-03-21 11:13:59 -0400 | [diff] [blame] | 61 | 2.0.36 2009-03-25 |
| 62 | * Fix boolean state smashing from Joshua Brindle. |
| 63 | |
Joshua Brindle | 46d0b2c | 2009-02-17 12:23:41 -0500 | [diff] [blame] | 64 | 2.0.35 2009-02-19 |
| 65 | * Fix alias field in module format, caused by boundary format change |
| 66 | from Caleb Case. |
| 67 | |
Joshua Brindle | b04f2af | 2008-10-09 08:31:43 -0400 | [diff] [blame] | 68 | 2.0.34 2008-10-09 |
| 69 | * Add bounds support from KaiGai Kohei. |
| 70 | * Fix invalid aliases bug from Joshua Brindle. |
| 71 | |
Joshua Brindle | 57671a5 | 2008-09-29 21:11:42 -0400 | [diff] [blame] | 72 | 2.0.33 2008-09-29 |
| 73 | * Revert patch that removed expand_rule. |
| 74 | |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 75 | 2.0.32 2008-07-07 |
| 76 | * Allow require then declare in the source policy from Joshua Brindle. |
| 77 | |
| 78 | 2.0.31 2008-06-13 |
| 79 | * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley. |
| 80 | |
| 81 | 2.0.30 2008-06-06 |
| 82 | * Fix endianness bug in the handling of network node addresses from Stephen Smalley. |
| 83 | Only affects big endian platforms. |
| 84 | Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc. |
| 85 | |
| 86 | 2.0.29 2008-05-27 |
| 87 | * Merge user and role mapping support from Joshua Brindle. |
| 88 | |
| 89 | 2.0.28 2008-05-05 |
| 90 | * Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley. |
| 91 | |
| 92 | 2.0.27 2008-04-18 |
| 93 | * Belatedly merge test for policy downgrade from Todd Miller. |
| 94 | |
| 95 | 2.0.26 2008-03-24 |
| 96 | * Add permissive domain support from Eric Paris. |
| 97 | |
| 98 | 2.0.25 2008-03-04 |
| 99 | * Drop unused ->buffer field from struct policy_file. |
| 100 | |
| 101 | 2.0.24 2008-03-04 |
| 102 | * Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller. |
| 103 | |
| 104 | 2.0.23 2008-02-28 |
| 105 | * Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley. |
| 106 | |
| 107 | 2.0.22 2008-02-28 |
| 108 | * Add support for open_perms policy capability from Eric Paris. |
| 109 | |
| 110 | 2.0.21 2008-02-20 |
| 111 | * Fix invalid memory allocation in policydb_index_others() from Jason Tang. |
| 112 | |
| 113 | 2.0.20 2008-02-04 |
| 114 | * Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley. |
| 115 | |
| 116 | 2.0.19 2008-02-02 |
| 117 | * Add support for consuming avrule_blocks during expansion to reduce |
| 118 | peak memory usage from Joshua Brindle. |
| 119 | |
| 120 | 2.0.18 2008-01-02 |
| 121 | * Added support for policy capabilities from Todd Miller. |
| 122 | |
| 123 | 2.0.17 2007-12-21 |
| 124 | * Prevent generation of policy.18 with MLS enabled from Todd Miller. |
| 125 | |
| 126 | 2.0.16 2007-12-07 |
| 127 | * print module magic number in hex on mismatch, from Todd Miller. |
| 128 | |
| 129 | 2.0.15 2007-11-29 |
| 130 | * clarify and reduce neverallow error reporting from Stephen Smalley. |
| 131 | |
| 132 | 2.0.14 2007-11-05 |
| 133 | * Reject self aliasing at link time from Stephen Smalley. |
| 134 | |
| 135 | 2.0.13 2007-11-05 |
| 136 | * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. |
| 137 | |
| 138 | 2.0.12 2007-10-11 |
| 139 | * Fixed bug in require checking from Stephen Smalley. |
| 140 | * Added user hierarchy checking from Todd Miller. |
| 141 | |
| 142 | 2.0.11 2007-09-24 |
| 143 | * Pass CFLAGS to CC even on link command, per Dennis Gilmore. |
| 144 | |
| 145 | 2.0.10 2007-09-18 |
| 146 | * Merged support for the handle_unknown policydb flag from Eric Paris. |
| 147 | |
| 148 | 2.0.9 2007-08-29 |
| 149 | * Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper. |
| 150 | |
| 151 | 2.0.8 2007-08-28 |
| 152 | * Fixed module_package_read_offsets bug introduced by the prior patch. |
| 153 | |
| 154 | 2.0.7 2007-08-23 |
| 155 | * Eliminate unaligned accesses from policy reading code from Stephen Smalley. |
| 156 | |
| 157 | 2.0.6 2007-08-16 |
| 158 | * Allow dontaudits to be turned off during policy expansion from |
| 159 | Joshua Brindle. |
| 160 | |
| 161 | 2.0.5 2007-08-01 |
| 162 | * Fix sepol_context_clone to handle a NULL context correctly. |
| 163 | This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) |
| 164 | to set the file context entry to "<<none>>". |
| 165 | |
| 166 | 2.0.4 2007-06-20 |
| 167 | * Merged error handling patch from Eamon Walsh. |
| 168 | |
| 169 | 2.0.3 2007-04-13 |
| 170 | * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito. |
| 171 | |
| 172 | 2.0.2 2007-03-30 |
| 173 | * Merged fix from Karl to remap booleans at expand time to |
| 174 | avoid holes in the symbol table. |
| 175 | |
| 176 | 2.0.1 2007-02-06 |
| 177 | * Merged libsepol segfault fix from Stephen Smalley for when |
| 178 | sensitivities are required but not present in the base. |
| 179 | |
| 180 | 2.0.0 2007-02-01 |
| 181 | * Merged patch to add errcodes.h to libsepol by Karl MacMillan. |
| 182 | |
| 183 | 1.16.0 2007-01-18 |
| 184 | * Updated version for stable branch. |
| 185 | |
| 186 | 1.15.3 2006-11-27 |
| 187 | * Merged patch to compile wit -fPIC instead of -fpic from |
| 188 | Manoj Srivastava to prevent hitting the global offest table |
| 189 | limit. Patch changed to include libselinux and libsemanage in |
| 190 | addition to libselinux. |
| 191 | 1.15.2 2006-10-31 |
| 192 | * Merged fix from Karl MacMillan for a segfault when linking |
| 193 | non-MLS modules with users in them. |
| 194 | |
| 195 | 1.15.1 2006-10-24 |
| 196 | * Merged fix for version comparison that was preventing range |
| 197 | transition rules from being written for a version 5 base policy |
| 198 | from Darrel Goeddel. |
| 199 | |
| 200 | 1.14 2006-10-17 |
| 201 | * Updated version for release. |
| 202 | |
| 203 | 1.12.28 2006-09-28 |
| 204 | * Build libsepol's static object files with -fpic |
| 205 | |
| 206 | 1.12.27 2006-09-28 |
| 207 | * Merged mls user and range_transition support in modules |
| 208 | from Darrel Goeddel |
| 209 | |
| 210 | 1.12.26 2006-09-05 |
| 211 | * Merged range transition enhancements and user format changes |
| 212 | Darrel Goeddel |
| 213 | |
| 214 | 1.12.25 2006-08-24 |
| 215 | * Merged conditionally expand neverallows patch from Jeremy Mowery. |
| 216 | * Merged refactor expander patch from Jeremy Mowery. |
| 217 | |
| 218 | 1.12.24 2006-08-03 |
| 219 | * Merged libsepol unit tests from Joshua Brindle. |
| 220 | |
| 221 | 1.12.23 2006-08-03 |
| 222 | * Merged symtab datum patch from Karl MacMillan. |
| 223 | |
| 224 | 1.12.22 2006-08-03 |
| 225 | * Merged netfilter contexts support from Chris PeBenito. |
| 226 | |
| 227 | 1.12.21 2006-07-28 |
| 228 | * Merged helpful hierarchy check errors patch from Joshua Brindle. |
| 229 | |
| 230 | 1.12.20 2006-07-25 |
| 231 | * Merged semodule_deps patch from Karl MacMillan. |
| 232 | This adds source module names to the avrule decls. |
| 233 | |
| 234 | 1.12.19 2006-06-29 |
| 235 | * Lindent. |
| 236 | |
| 237 | 1.12.18 2006-06-26 |
| 238 | * Merged optionals in base take 2 patch set from Joshua Brindle. |
| 239 | |
| 240 | 1.12.17 2006-05-30 |
| 241 | * Revert 1.12.16. |
| 242 | |
| 243 | 1.12.16 2006-05-30 |
| 244 | * Merged cleaner fix for bool_ids overflow from Karl MacMillan, |
| 245 | replacing the prior patch. |
| 246 | |
| 247 | 1.12.15 2006-05-30 |
| 248 | * Merged fixes for several memory leaks in the error paths during |
| 249 | policy read from Serge Hallyn. |
| 250 | |
| 251 | 1.12.14 2006-05-25 |
| 252 | * Fixed bool_ids overflow bug in cond_node_find and cond_copy_list, |
| 253 | based on bug report and suggested fix by Cedric Roux. |
| 254 | |
| 255 | 1.12.13 2006-05-24 |
| 256 | * Merged sens_copy_callback, check_role_hierarchy_callback, |
| 257 | and node_from_record fixes from Serge Hallyn. |
| 258 | |
| 259 | 1.12.12 2006-05-22 |
| 260 | * Added sepol_policydb_compat_net() interface for testing whether |
| 261 | a policy requires the compatibility support for network checks |
| 262 | to be enabled in the kernel. |
| 263 | |
| 264 | 1.12.11 2006-05-17 |
| 265 | * Merged patch to initialize sym_val_to_name arrays from Kevin Carr. |
| 266 | Reworked to use calloc in the first place, and converted some other |
| 267 | malloc/memset pairs to calloc calls. |
| 268 | |
| 269 | 1.12.10 2006-05-08 |
| 270 | * Merged patch to revert role/user decl upgrade from Karl MacMillan. |
| 271 | |
| 272 | 1.12.9 2006-05-08 |
| 273 | * Dropped tests from all Makefile target. |
| 274 | |
| 275 | 1.12.8 2006-05-05 |
| 276 | * Merged fix warnings patch from Karl MacMillan. |
| 277 | |
| 278 | 1.12.7 2006-05-05 |
| 279 | * Merged libsepol test framework patch from Karl MacMillan. |
| 280 | |
| 281 | 1.12.6 2006-04-28 |
| 282 | * Fixed cond_normalize to traverse the entire cond list at link time. |
| 283 | |
| 284 | 1.12.5 2006-04-03 |
| 285 | * Merged fix for leak of optional package sections from Ivan Gyurdiev. |
| 286 | |
| 287 | 1.12.4 2006-03-29 |
| 288 | * Generalize test for bitmap overflow in ebitmap_set_bit. |
| 289 | |
| 290 | 1.12.3 2006-03-27 |
| 291 | * Fixed attr_convert_callback and expand_convert_type_set |
| 292 | typemap bug. |
| 293 | |
| 294 | 1.12.2 2006-03-24 |
| 295 | * Fixed avrule_block_write num_decls endian bug. |
| 296 | |
| 297 | 1.12.1 2006-03-20 |
| 298 | * Fixed sepol_module_package_write buffer overflow bug. |
| 299 | |
| 300 | 1.12 2006-03-14 |
| 301 | * Updated version for release. |
| 302 | |
| 303 | 1.11.20 2006-03-08 |
| 304 | * Merged cond_evaluate_expr fix from Serge Hallyn (IBM). |
| 305 | * Fixed bug in copy_avrule_list reported by Ivan Gyurdiev. |
| 306 | |
| 307 | 1.11.19 2006-02-21 |
| 308 | * Merged sepol_policydb_mls_enabled interface and error handling |
| 309 | changes from Ivan Gyurdiev. |
| 310 | |
| 311 | 1.11.18 2006-02-16 |
| 312 | * Merged node_expand_addr bugfix and node_compare* change from |
| 313 | Ivan Gyurdiev. |
| 314 | |
| 315 | 1.11.17 2006-02-15 |
| 316 | * Merged nodes, ports: always prepend patch from Ivan Gyurdiev. |
| 317 | * Merged bug fix patch from Ivan Gyurdiev. |
| 318 | |
| 319 | 1.11.16 2006-02-14 |
| 320 | * Added a defined flag to level_datum_t for use by checkpolicy. |
| 321 | |
| 322 | 1.11.15 2006-02-14 |
| 323 | * Merged nodecon support patch from Ivan Gyurdiev. |
| 324 | * Merged cleanups patch from Ivan Gyurdiev. |
| 325 | |
| 326 | 1.11.14 2006-02-13 |
| 327 | * Merged optionals in base patch from Joshua Brindle. |
| 328 | |
| 329 | 1.11.13 2006-02-07 |
| 330 | * Merged seuser/user_extra support patch from Joshua Brindle. |
| 331 | * Merged fix patch from Ivan Gyurdiev. |
| 332 | |
| 333 | 1.11.12 2006-02-02 |
| 334 | * Merged clone record on set_con patch from Ivan Gyurdiev. |
| 335 | |
| 336 | 1.11.11 2006-02-01 |
| 337 | * Merged assertion copying bugfix from Joshua Brindle. |
| 338 | * Merged sepol_av_to_string patch from Joshua Brindle. |
| 339 | |
| 340 | 1.11.10 2006-01-30 |
| 341 | * Merged cond_expr mapping and package section count bug fixes |
| 342 | from Joshua Brindle. |
| 343 | * Merged improve port/fcontext API patch from Ivan Gyurdiev. |
| 344 | * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev. |
| 345 | |
| 346 | 1.11.9 2006-01-12 |
| 347 | * Merged size_t -> unsigned int patch from Ivan Gyurdiev. |
| 348 | |
| 349 | 1.11.8 2006-01-09 |
| 350 | * Merged 2nd const in APIs patch from Ivan Gyurdiev. |
| 351 | |
| 352 | 1.11.7 2006-01-06 |
| 353 | * Merged const in APIs patch from Ivan Gyurdiev. |
| 354 | * Merged compare2 function patch from Ivan Gyurdiev. |
| 355 | |
| 356 | 1.11.6 2006-01-06 |
| 357 | * Fixed hierarchy checker to only check allow rules. |
| 358 | |
| 359 | 1.11.5 2006-01-05 |
| 360 | * Merged further fixes from Russell Coker, specifically: |
| 361 | - av_to_string overflow checking |
| 362 | - sepol_context_to_string error handling |
| 363 | - hierarchy checking memory leak fixes and optimizations |
| 364 | - avrule_block_read variable initialization |
| 365 | * Marked deprecated code in genbools and genusers. |
| 366 | |
| 367 | 1.11.4 2006-01-05 |
| 368 | * Merged bugfix for sepol_port_modify from Russell Coker. |
| 369 | |
| 370 | 1.11.3 2006-01-05 |
| 371 | * Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev. |
| 372 | * Merged port ordering patch from Ivan Gyurdiev. |
| 373 | |
| 374 | 1.11.2 2006-01-04 |
| 375 | * Merged patch series from Ivan Gyurdiev. |
| 376 | This includes patches to: |
| 377 | - support ordering of records in compare function |
| 378 | - enable port interfaces |
| 379 | - add interfaces for context validity and range checks |
| 380 | - add include guards |
| 381 | |
| 382 | 1.11.1 2005-12-16 |
| 383 | * Fixed mls_range_cpy bug. |
| 384 | |
| 385 | 1.10 2005-12-07 |
| 386 | * Updated version for release. |
| 387 | |
| 388 | 1.9.42 2005-12-05 |
| 389 | * Dropped handle from user_del_role interface. |
| 390 | |
| 391 | 1.9.41 2005-11-28 |
| 392 | * Merged remove defrole from sepol patch from Ivan Gyurdiev. |
| 393 | |
| 394 | 1.9.40 2005-11-15 |
| 395 | * Merged module function and map file cleanup from Ivan Gyurdiev. |
| 396 | * Merged MLS and genusers cleanups from Ivan Gyurdiev. |
| 397 | |
| 398 | 1.9.39 2005-11-09 |
| 399 | Prepare for removal of booleans* and *.users files. |
| 400 | * Cleaned up sepol_genbools to not regenerate the image if |
| 401 | there were no changes in the boolean values, including the |
| 402 | degenerate case where there are no booleans or booleans.local |
| 403 | files. |
| 404 | * Cleaned up sepol_genusers to not warn on missing local.users. |
| 405 | |
| 406 | 1.9.38 2005-11-08 |
| 407 | * Removed sepol_port_* from libsepol.map, as the port interfaces |
| 408 | are not yet stable. |
| 409 | |
| 410 | 1.9.37 2005-11-04 |
| 411 | * Merged context destroy cleanup patch from Ivan Gyurdiev. |
| 412 | |
| 413 | 1.9.36 2005-11-03 |
| 414 | * Merged context_to_string interface change patch from Ivan Gyurdiev. |
| 415 | |
| 416 | 1.9.35 2005-11-01 |
| 417 | * Added src/dso.h and src/*_internal.h. |
| 418 | Added hidden_def for exported symbols used within libsepol. |
| 419 | Added hidden for symbols that should not be exported by |
| 420 | the wildcards in libsepol.map. |
| 421 | |
| 422 | 1.9.34 2005-10-31 |
| 423 | * Merged record interface, record bugfix, and set_roles patches |
| 424 | from Ivan Gyurdiev. |
| 425 | |
| 426 | 1.9.33 2005-10-27 |
| 427 | * Merged count specification change from Ivan Gyurdiev. |
| 428 | |
| 429 | 1.9.32 2005-10-26 |
| 430 | * Added further checking and error reporting to |
| 431 | sepol_module_package_read and _info. |
| 432 | |
| 433 | 1.9.31 2005-10-26 |
| 434 | * Merged sepol handle passing, DEBUG conversion, and memory leak |
| 435 | fix patches from Ivan Gyurdiev. |
| 436 | |
| 437 | 1.9.30 2005-10-25 |
| 438 | * Removed processing of system.users from sepol_genusers and |
| 439 | dropped delusers logic. |
| 440 | |
| 441 | 1.9.29 2005-10-25 |
| 442 | * Removed policydb_destroy from error path of policydb_read, |
| 443 | since create/init/destroy/free of policydb is handled by the |
| 444 | caller now. |
| 445 | * Fixed sepol_module_package_read to handle a failed policydb_read |
| 446 | properly. |
| 447 | |
| 448 | 1.9.28 2005-10-25 |
| 449 | * Merged query/exists and count patches from Ivan Gyurdiev. |
| 450 | |
| 451 | 1.9.27 2005-10-25 |
| 452 | * Merged fix for pruned types in expand code from Joshua Brindle. |
| 453 | * Merged new module package format code from Joshua Brindle. |
| 454 | |
| 455 | 1.9.26 2005-10-24 |
| 456 | * Merged context interface cleanup, record conversion code, |
| 457 | key passing, and bug fix patches from Ivan Gyurdiev. |
| 458 | |
| 459 | 1.9.25 2005-10-21 |
| 460 | * Merged users cleanup patch from Ivan Gyurdiev. |
| 461 | |
| 462 | 1.9.24 2005-10-21 |
| 463 | * Merged user record memory leak fix from Ivan Gyurdiev. |
| 464 | * Merged reorganize users patch from Ivan Gyurdiev. |
| 465 | |
| 466 | 1.9.23 2005-10-19 |
| 467 | * Added check flag to expand_module() to control assertion |
| 468 | and hierarchy checking on expansion. |
| 469 | |
| 470 | 1.9.22 2005-10-19 |
| 471 | * Reworked check_assertions() and hierarchy_check_constraints() |
| 472 | to take handles and use callback-based error reporting. |
| 473 | * Changed expand_module() to call check_assertions() and |
| 474 | hierarchy_check_constraints() prior to returning the expanded |
| 475 | policy. |
| 476 | |
| 477 | 1.9.21 2005-10-18 |
| 478 | * Changed sepol_module_package_set_file_contexts to copy the |
| 479 | file contexts data since it is internally managed. |
| 480 | |
| 481 | 1.9.20 2005-10-18 |
| 482 | * Added sepol_policy_file_set_handle interface to associate |
| 483 | a handle with a policy file. |
| 484 | * Added handle argument to policydb_from_image/to_image. |
| 485 | * Added sepol_module_package_set_file_contexts interface. |
| 486 | * Dropped sepol_module_package_create_file interface. |
| 487 | * Reworked policydb_read/write, policydb_from_image/to_image, |
| 488 | and sepol_module_package_read/write to use callback-based error |
| 489 | reporting system rather than DEBUG. |
| 490 | |
| 491 | 1.9.19 2005-10-17 |
| 492 | * Reworked link_packages, link_modules, and expand_module to use |
| 493 | callback-based error reporting system rather than error buffering. |
| 494 | |
| 495 | 1.9.18 2005-10-14 |
| 496 | * Merged conditional expression mapping fix in the module linking |
| 497 | code from Joshua Brindle. |
| 498 | |
| 499 | 1.9.17 2005-10-13 |
| 500 | * Hid sepol_module_package type definition, and added get interfaces. |
| 501 | |
| 502 | 1.9.16 2005-10-13 |
| 503 | * Merged new callback-based error reporting system from Ivan |
| 504 | Gyurdiev. |
| 505 | |
| 506 | 1.9.15 2005-10-13 |
| 507 | * Merged support for require blocks inside conditionals from |
| 508 | Joshua Brindle (Tresys). |
| 509 | |
| 510 | 1.9.14 2005-10-07 |
| 511 | * Fixed use of policydb_from_image/to_image to ensure proper |
| 512 | init of policydb. |
| 513 | |
| 514 | 1.9.13 2005-10-07 |
| 515 | * Isolated policydb internal headers under <sepol/policydb/*.h>. |
| 516 | These headers should only be used by users of the static libsepol. |
| 517 | Created new <sepol/policydb.h> with new public types and interfaces |
| 518 | for shared libsepol. |
| 519 | Created new <sepol/module.h> with public types and interfaces moved |
| 520 | or wrapped from old module.h, link.h, and expand.h, adjusted for |
| 521 | new public types for policydb and policy_file. |
| 522 | Added public interfaces to libsepol.map. |
| 523 | Some implementation changes visible to users of the static libsepol: |
| 524 | 1) policydb_read no longer calls policydb_init. |
| 525 | Caller must do so first. |
| 526 | 2) policydb_init no longer takes policy_type argument. |
| 527 | Caller must set policy_type separately. |
| 528 | 3) expand_module automatically enables the global branch. |
| 529 | Caller no longer needs to do so. |
| 530 | 4) policydb_write uses the policy_type and policyvers from the |
| 531 | policydb itself, and sepol_set_policyvers() has been removed. |
| 532 | |
| 533 | 1.9.12 2005-10-06 |
| 534 | * Merged function renaming and static cleanup from Ivan Gyurdiev. |
| 535 | |
| 536 | 1.9.11 2005-10-05 |
| 537 | * Merged bug fix for check_assertions handling of no assertions |
| 538 | from Joshua Brindle (Tresys). |
| 539 | |
| 540 | 1.9.10 2005-10-04 |
| 541 | * Merged iterate patch from Ivan Gyurdiev. |
| 542 | |
| 543 | 1.9.9 2005-10-03 |
| 544 | * Merged MLS in modules patch from Joshua Brindle (Tresys). |
| 545 | |
| 546 | 1.9.8 2005-09-30 |
| 547 | * Merged pointer typedef elimination patch from Ivan Gyurdiev. |
| 548 | * Merged user list function, new mls functions, and bugfix patch |
| 549 | from Ivan Gyurdiev. |
| 550 | |
| 551 | 1.9.7 2005-09-28 |
| 552 | * Merged sepol_get_num_roles fix from Karl MacMillan (Tresys). |
| 553 | |
| 554 | 1.9.6 2005-09-23 |
| 555 | * Merged bug fix patches from Joshua Brindle (Tresys). |
| 556 | |
| 557 | 1.9.5 2005-09-21 |
| 558 | * Merged boolean record and memory leak fix patches from Ivan |
| 559 | Gyurdiev. |
| 560 | |
| 561 | 1.9.4 2005-09-19 |
| 562 | * Merged interface record patch from Ivan Gyurdiev. |
| 563 | |
| 564 | 1.9.3 2005-09-14 |
| 565 | * Merged fix for sepol_enable/disable_debug from Ivan |
| 566 | Gyurdiev. |
| 567 | |
| 568 | 1.9.2 2005-09-14 |
| 569 | * Merged stddef.h patch and debug conversion patch from |
| 570 | Ivan Gyurdiev. |
| 571 | |
| 572 | 1.9.1 2005-09-09 |
| 573 | * Fixed expand_avtab and expand_cond_av_list to keep separate |
| 574 | entries with identical keys but different enabled flags. |
| 575 | |
| 576 | 1.8 2005-09-06 |
| 577 | * Updated version for release. |
| 578 | |
| 579 | 1.7.24 2005-08-31 |
| 580 | * Fixed symtab_insert return value for duplicate declarations. |
| 581 | |
| 582 | 1.7.23 2005-08-31 |
| 583 | * Merged fix for memory error in policy_module_destroy from |
| 584 | Jason Tang (Tresys). |
| 585 | |
| 586 | 1.7.22 2005-08-26 |
| 587 | * Merged fix for memory leak in sepol_context_to_sid from |
| 588 | Jason Tang (Tresys). |
| 589 | |
| 590 | 1.7.21 2005-08-25 |
| 591 | * Merged fixes for resource leaks on error paths and |
| 592 | change to scope_destroy from Joshua Brindle (Tresys). |
| 593 | |
| 594 | 1.7.20 2005-08-23 |
| 595 | * Merged more fixes for resource leaks on error paths |
| 596 | from Serge Hallyn (IBM). Bugs found by Coverity. |
| 597 | |
| 598 | 1.7.19 2005-08-19 |
| 599 | * Changed to treat all type conflicts as fatal errors. |
| 600 | |
| 601 | 1.7.18 2005-08-18 |
| 602 | * Merged several error handling fixes from |
| 603 | Serge Hallyn (IBM). Bugs found by Coverity. |
| 604 | |
| 605 | 1.7.17 2005-08-15 |
| 606 | * Fixed further memory leaks found by valgrind. |
| 607 | |
| 608 | 1.7.16 2005-08-15 |
| 609 | * Fixed several memory leaks found by valgrind. |
| 610 | |
| 611 | 1.7.15 2005-08-12 |
| 612 | * Fixed empty list test in cond_write_av_list. Bug found by |
| 613 | Coverity, reported by Serge Hallyn (IBM). |
| 614 | * Merged patch to policydb_write to check errors |
| 615 | when writing the type->attribute reverse map from |
| 616 | Serge Hallyn (IBM). Bug found by Coverity. |
| 617 | * Fixed policydb_destroy to properly handle NULL type_attr_map |
| 618 | or attr_type_map. |
| 619 | |
| 620 | 1.7.14 2005-08-12 |
| 621 | * Fixed use of uninitialized data by expand_avtab_node by |
| 622 | clearing type_val_to_struct in policydb_index_others. |
| 623 | |
| 624 | 1.7.13 2005-08-11 |
| 625 | * Improved memory use by SELinux by both reducing the avtab |
| 626 | node size and reducing the number of avtab nodes (by not |
| 627 | expanding attributes in TE rules when possible). Added |
| 628 | expand_avtab and expand_cond_av_list functions for use by |
| 629 | assertion checker, hierarchy checker, compatibility code, |
| 630 | and dispol. Added new inline ebitmap operators and converted |
| 631 | existing users of ebitmaps to the new operators for greater |
| 632 | efficiency. |
| 633 | Note: The binary policy format version has been incremented to |
| 634 | version 20 as a result of these changes. |
| 635 | |
| 636 | 1.7.12 2005-08-10 |
| 637 | * Fixed bug in constraint_node_clone handling of name sets. |
| 638 | |
| 639 | 1.7.11 2005-08-08 |
| 640 | * Fix range_trans_clone to map the type values properly. |
| 641 | |
| 642 | 1.7.10 2005-08-02 |
| 643 | * Merged patch to move module read/write code from libsemanage |
| 644 | to libsepol from Jason Tang (Tresys). |
| 645 | |
| 646 | 1.7.9 2005-08-02 |
| 647 | * Enabled further compiler warning flags and fixed them. |
| 648 | |
| 649 | 1.7.8 2005-08-02 |
| 650 | * Merged user, context, port records patch from Ivan Gyurdiev. |
| 651 | * Merged key extract function patch from Ivan Gyurdiev. |
| 652 | |
| 653 | 1.7.7 2005-07-27 |
| 654 | * Merged mls_context_to_sid bugfix from Ivan Gyurdiev. |
| 655 | |
| 656 | 1.7.6 2005-07-26 |
| 657 | * Merged context reorganization, memory leak fixes, |
| 658 | port and interface loading, replacements for genusers and |
| 659 | genbools, debug traceback, and bugfix patches from Ivan Gyurdiev. |
| 660 | * Merged uninitialized variable bugfix from Dan Walsh. |
| 661 | |
| 662 | 1.7.5 2005-07-18 |
| 663 | * Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat). |
| 664 | * Removed genpolbools and genpolusers utilities. |
| 665 | |
| 666 | 1.7.4 2005-07-18 |
| 667 | * Merged hierarchy check fix from Joshua Brindle (Tresys). |
| 668 | |
| 669 | 1.7.3 2005-07-13 |
| 670 | * Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat). |
| 671 | |
| 672 | 1.7.2 2005-07-11 |
| 673 | * Merged genbools debugging message cleanup from Red Hat. |
| 674 | |
| 675 | 1.7.1 2005-07-06 |
| 676 | * Merged loadable module support from Tresys Technology. |
| 677 | |
| 678 | 1.6 2005-06-20 |
| 679 | * Updated version for release. |
| 680 | |
| 681 | 1.5.10 2005-05-19 |
| 682 | * License changed to LGPL v2.1, see COPYING. |
| 683 | |
| 684 | 1.5.9 2005-05-16 |
| 685 | * Added sepol_genbools_policydb and sepol_genusers_policydb for |
| 686 | audit2why. |
| 687 | |
| 688 | 1.5.8 2005-05-13 |
| 689 | * Added sepol_ prefix to Flask types to avoid |
| 690 | namespace collision with libselinux. |
| 691 | |
| 692 | 1.5.7 2005-05-13 |
| 693 | * Added sepol_compute_av_reason() for audit2why. |
| 694 | |
| 695 | 1.5.6 2005-04-25 |
| 696 | * Fixed bug in role hierarchy checker. |
| 697 | |
| 698 | 1.5.5 2005-04-13 |
| 699 | * Merged hierarchical type/role patch from Tresys Technology. |
| 700 | * Merged MLS fixes from Darrel Goeddel of TCS. |
| 701 | |
| 702 | 1.5.4 2005-04-13 |
| 703 | * Changed sepol_genusers to not delete users by default, |
| 704 | and added a sepol_set_delusers function to enable deletion. |
| 705 | Also, removed special case handling of system_u and user_u. |
| 706 | |
| 707 | 1.5.3 2005-03-29 |
| 708 | * Merged booleans.local patch from Dan Walsh. |
| 709 | |
| 710 | 1.5.2 2005-03-16 |
| 711 | * Added man page for sepol_check_context. |
| 712 | |
| 713 | 1.5.1 2005-03-15 |
| 714 | * Added man page for sepol_genusers function. |
| 715 | * Merged man pages for genpolusers and chkcon from Manoj Srivastava. |
| 716 | |
| 717 | 1.4 2005-03-09 |
| 718 | * Updated version for release. |
| 719 | |
| 720 | 1.3.8 2005-03-08 |
| 721 | * Cleaned up error handling in sepol_genusers and sepol_genbools. |
| 722 | |
| 723 | 1.3.7 2005-02-28 |
| 724 | * Merged sepol_debug and fclose patch from Dan Walsh. |
| 725 | |
| 726 | 1.3.6 2005-02-22 |
| 727 | * Changed sepol_genusers to also use getline and correctly handle |
| 728 | EOL. |
| 729 | |
| 730 | 1.3.5 2005-02-17 |
| 731 | * Merged range_transition support from Darrel Goeddel (TCS). |
| 732 | |
| 733 | 1.3.4 2005-02-16 |
| 734 | * Added sepol_genusers function. |
| 735 | |
| 736 | 1.3.3 2005-02-14 |
| 737 | * Merged endianness and compute_av patches from Darrel Goeddel (TCS). |
| 738 | |
| 739 | 1.3.2 2005-02-09 |
| 740 | * Changed relabel Makefile target to use restorecon. |
| 741 | |
| 742 | 1.3.1 2005-01-26 |
| 743 | * Merged enhanced MLS support from Darrel Goeddel (TCS). |
| 744 | |
| 745 | 1.2.1 2005-01-19 |
| 746 | * Merged build fix patch from Manoj Srivastava. |
| 747 | |
| 748 | 1.2 2004-10-07 |
| 749 | * MLS build fixes. |
| 750 | * Added sepol_set_policydb_from_file and sepol_check_context for setfiles. |
| 751 | |
| 752 | 1.0 2004-08-19 |
| 753 | * Initial public release. |
| 754 | |
| 755 | 0.4 2004-08-13 |
| 756 | * Merged patch from Dan Walsh to ignore case on booleans. |
| 757 | * Changed sepol_genbools* to preserve the original policy version. |
| 758 | * Replaced exported global variables with set functions. |
| 759 | * Moved genpolbools utility from checkpolicy to libsepol. |
| 760 | * Added man pages for sepol_genbools* and genpolbools. |
| 761 | |
| 762 | 0.3 2004-08-10 |
| 763 | * Added ChangeLog, COPYING, spec file. |
| 764 | * Added sepol_genbools_array() for load_policy. |
| 765 | * Created libsepol.map to limit exported symbols in shared library. |
| 766 | |
| 767 | 0.2 2004-08-09 |
| 768 | * Exported other functions for checkpolicy and friends. |
| 769 | * Renamed service and sidtab functions to avoid libselinux conflict. |
| 770 | * Removed original code from checkpolicy, which now uses libsepol. |
| 771 | * Code cleanup: kill legacy references to kernel types/functions. |
| 772 | |
| 773 | 0.1 2004-08-06 |
| 774 | * Moved checkpolicy core logic into a library. |
| 775 | * Exported sepol_genbools() for load_policy. |