-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 10 Dec 2005 13:30:12 -0600
Source: libselinux
Binary: libselinux1-dev selinux-utils libselinux1
Architecture: source i386
Version: 1.28-1
Distribution: unstable
Urgency: low
Maintainer: Manoj Srivastava <srivasta@debian.org>
Changed-By: Manoj Srivastava <srivasta@debian.org>
Description:
libselinux1 - SELinux shared libraries
libselinux1-dev - SELinux development headers
selinux-utils - SELinux utility programs
Changes:
libselinux (1.28-1) unstable; urgency=low
.
* New upstream release
* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
modified matchpathcon implementation to make context validation/
canonicalization optional at matchpathcon_init time, deferring it
to a successful matchpathcon by default unless the new flag is set
by the caller.
* Added matchpathcon_init_prefix() interface, and
reworked matchpathcon implementation to support selective
loading of file contexts entries based on prefix matching
between the pathname regex stems and the specified path
prefix (stem must be a prefix of the specified path prefix).
* Merged getsebool patch from Dan Walsh.
* Added -f file_contexts option to matchpathcon util.
Fixed warning message in matchpathcon_init().
* Merged Makefile python definitions patch from Dan Walsh.
* Merged swigify patch from Dan Walsh.
* Merged make failure in rpm_execcon non-fatal in permissive mode
patch from Ivan Gyurdiev.
* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
and modified matchpathcon_init() to skip context translation
if it is set by the caller.
* Added security_canonicalize_context() interface and
set_matchpathcon_canoncon() interface for obtaining
canonical contexts. Changed matchpathcon internals
to obtain canonical contexts by default. Provided
fallback for kernels that lack extended selinuxfs context
interface.
* Merged seusers parser changes from Ivan Gyurdiev.
* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
* Changed seusers parser to reject empty fields.
* Merged seusers empty level handling patch from Jonathan Kim (TCS).
* Changed default entry for seusers to use __default__ to avoid
ambiguity with users named "default".
* Fixed init_selinux_config() handling of missing /etc/selinux/config
or missing SELINUXTYPE= definition.
* Merged selinux_translations_path() patch from Dan Walsh.
* Added hidden_proto/def for get_default_context_with_role.
* Merged selinux_path() and selinux_homedir_context_path()
functions from Joshua Brindle.
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
* Merged get_default_context_with_rolelevel and man pages from
Dan Walsh (Red Hat).
* Updated call to sepol_policydb_to_image for sepol changes.
* Changed getseuserbyname to ignore empty lines and to handle
no matching entry in the same manner as no seusers file.
* Changed selinux_mkload_policy to try downgrading the
latest policy version available to the kernel-supported version.
* Changed selinux_mkload_policy to fall back to the maximum
policy version supported by libsepol if the kernel policy version
falls outside of the supported range.
* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn't exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.
* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface.
* Merged fix for matchpathcon (regcomp error checking) from Johan
Fischer. Also added use of regerror to obtain the error string
for inclusion in the error message.
* Changed getseuserbyname to not require (and ignore if present)
the MLS level in seusers.conf if MLS is disabled, setting *level
to NULL in this case.
* Merged getseuserbyname patch from Dan Walsh.
* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
This allows file_contexts with MLS fields to be processed on
non-MLS-enabled systems with policies that are otherwise
identical (e.g. same type definitions).
* Merged get_ordered_context_list_with_level() function from
Dan Walsh, and added get_default_context_with_level().
This allows MLS level selection for users other than the
default level.
Files:
dc12916106df729c7dda9f6d30815137 635 libs optional libselinux_1.28-1.dsc
7e121e125b52913237df458ff610e983 109236 libs optional libselinux_1.28.orig.tar.gz
88d2db4c3d7cb28019e4d1d7cccc0c0a 43915 libs optional libselinux_1.28-1.diff.gz
7a3cd1451140b3e4f45282ec7f6b415f 36474 admin optional selinux-utils_1.28-1_i386.deb
ac71fdf4a34e6eadbb6fb1fbf64677cf 51200 libs required libselinux1_1.28-1_i386.deb
fadf638c6d6ff7b42178c3ae27e3301d 197806 libdevel optional libselinux1-dev_1.28-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDtLWtIbrau78kQkwRAjSaAKCdnHuNxINT1Z0ZhVlUFYp50stTAgCg0+HH
Buc8Q7NdvgfMsxTr7IMjZnA=
=QqE3
-----END PGP SIGNATURE-----
Accepted:
libselinux1-dev_1.28-1_i386.deb
to pool/main/libs/libselinux/libselinux1-dev_1.28-1_i386.deb
libselinux1_1.28-1_i386.deb
to pool/main/libs/libselinux/libselinux1_1.28-1_i386.deb
libselinux_1.28-1.diff.gz
to pool/main/libs/libselinux/libselinux_1.28-1.diff.gz
libselinux_1.28-1.dsc
to pool/main/libs/libselinux/libselinux_1.28-1.dsc
libselinux_1.28.orig.tar.gz
to pool/main/libs/libselinux/libselinux_1.28.orig.tar.gz
selinux-utils_1.28-1_i386.deb
to pool/main/libs/libselinux/selinux-utils_1.28-1_i386.deb
