Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at Thu Jul 9 10:47:06 CEST 2009.
--------
--- policycoreutils/policycoreutils.changes 2009-02-11 01:09:28.000000000 +0100
+++ policycoreutils/policycoreutils.changes 2009-06-19 13:42:26.000000000 +0200
@@ -1,0 +2,16 @@
+Fri Jun 19 13:42:09 CEST 2009 - prusnak@suse.cz
+
+- added libsepol-static-devel to BuildRequires
+
+-------------------------------------------------------------------
+Wed May 27 14:24:47 CEST 2009 - prusnak@suse.cz
+
+- updated to 2.0.62
+ * Add btrfs to fixfiles from Dan Walsh.
+ * Remove restorecond error for matching globs with multiple hard links
+ and fix some error messages from Dan Walsh.
+ * Make removing a non-existant module a warning rather than an error
+ from Dan Walsh.
+ * Man page fixes from Dan Walsh.
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
policycoreutils-2.0.61.tar.bz2
sepolgen-1.0.14.tar.bz2
New:
----
policycoreutils-2.0.62.tar.bz2
sepolgen-1.0.16.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ policycoreutils.spec ++++++
--- /var/tmp/diff_new_pack.qMgesj/_old 2009-07-09 10:46:35.000000000 +0200
+++ /var/tmp/diff_new_pack.qMgesj/_new 2009-07-09 10:46:35.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package policycoreutils (Version 2.0.61)
+# spec file for package policycoreutils (Version 2.0.62)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -21,11 +21,11 @@
%define libsepol_ver 2.0.19
%define libsemanage_ver 2.0.28
%define libselinux_ver 2.0.46
-%define sepolgen_ver 1.0.14
+%define sepolgen_ver 1.0.16
Name: policycoreutils
-Version: 2.0.61
-Release: 2
+Version: 2.0.62
+Release: 1
Url: http://www.nsa.gov/selinux/
License: GPL v2 or later
Group: Productivity/Security
@@ -47,7 +47,7 @@
Patch5: policycoreutils-pam-common.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gettext libcap-devel pam-devel python-devel update-desktop-files
-BuildRequires: libsepol-devel >= %{libsepol_ver}
+BuildRequires: libsepol-devel-static >= %{libsepol_ver}
BuildRequires: libsemanage-devel >= %{libsemanage_ver}
BuildRequires: libselinux-devel >= %{libselinux_ver}
BuildRequires: audit-devel >= %{libaudit_ver}
@@ -226,60 +226,3 @@
# %config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui
%changelog
-* Wed Feb 11 2009 ro@suse.de
-- use sr@latin instead of sr@Latn
-* Wed Jan 14 2009 prusnak@suse.cz
-- updated to 2.0.61
- * semanage: use semanage_mls_enabled() from Stephen Smalley
- * fix error checking in restorecond, for inotify_add_watch
- * change md5 to hashlib.md5 in sepolgen
- * fix Japanese translations
- * fix audit2allow man page
- * don't error out when removing a non existing module
- * chcat: cut categories at arbitrary point (25) from Dan Walsh
- * semodule: use new interfaces in libsemanage for compressed
- files from Dan Walsh
- * audit2allow: string changes for usage
-* Mon Dec 01 2008 prusnak@suse.cz
-- updated to 2.0.59
- * Fix text in newrole
- * Fix revertbutton on booleans page in system-config-selinux
- * Fix system-config-selinux booleanspage throwing and exception
- * Allow addition of local modifications of fcontext policy
- * Handle selinux disabled correctly
- * Handle manipulation of fcontext file correctly
- * Fix traceback in audit2why
-* Mon Nov 10 2008 ro@suse.de
-- package "newrole" with permissions matching
- "secure" permissions mode
-* Fri Nov 07 2008 ro@suse.de
-- buildfix: prevent regeneration of policycoreutils.pot
-* Fri Oct 31 2008 prusnak@suse.cz
-- use permissions for newrole
-* Mon Oct 20 2008 prusnak@suse.cz
-- updated to 2.0.57
- * Update po files from Dan Walsh.
-- updated to 2.0.56
- * fixfiles will now remove all files in /tmp and will check for
- unlabeled_t in /tmp and /var/tmp from Dan Walsh.
- * add glob support to restorecond from Dan Walsh.
- * allow semanage to handle multi-line commands in a single transaction
- from Dan Walsh.
-* Mon Sep 08 2008 prusnak@suse.cz
-- fix scriptlets
-* Tue Sep 02 2008 prusnak@suse.cz
-- updated to 2.0.55
- * Merged semanage node support from Christian Kuester.
-- updated to 2.0.54
- * Add support for boolean files and group support for seusers from Dan Walsh.
- * Ensure that setfiles -p output is newline terminated from Russell Coker.
-- updated to 2.0.53
- * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
-- updated sepolgen to 1.0.13
- * Only append s0 suffix if MLS is enabled from Karl MacMillan.
-- added missing preun/post/postun scriptlets
-* Mon Aug 04 2008 ro@suse.de
-- add directory to filelist to fix build
-* Tue Jul 15 2008 prusnak@suse.cz
-- initial version 2.0.52
- * based on Fedora package by Dan Walsh
++++++ policycoreutils-2.0.61.tar.bz2 -> policycoreutils-2.0.62.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/#ChangeLog# new/policycoreutils-2.0.62/#ChangeLog#
--- old/policycoreutils-2.0.61/#ChangeLog# 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/#ChangeLog# 1970-01-01 01:00:00.000000000 +0100
@@ -1,946 +0,0 @@
-2.0.59 2008-11-11
- * fcontext add checked local records twice, fix from Dan Walsh.
-
-2.0.58 2008-11-09
- * Allow local file context entries to override policy entries in
- semanage from Dan Walsh.
- * Newrole error message corrections from Dan Walsh.
- * Add exception to audit2why call in audit2allow from Dan Walsh.
-
-2.0.57 2008-09-18
- * Update po files from Dan Walsh.
-
-2.0.56 2008-09-12
- * fixfiles will now remove all files in /tmp and will check for
- unlabeled_t in /tmp and /var/tmp from Dan Walsh.
- * add glob support to restorecond from Dan Walsh.
- * allow semanage to handle multi-line commands in a single transaction
- from Dan Walsh.
-
-2.0.55 2008-08-26
- * Merged semanage node support from Christian Kuester.
-
-2.0.54 2008-08-05
- * Add support for boolean files and group support for seusers from Dan Walsh.
- * Ensure that setfiles -p output is newline terminated from Russell Coker.
-
-2.0.53 2008-07-29
- * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
-
-2.0.52 2008-07-02
- * Add permissive domain capability to semanage from Dan Walsh.
-
-2.0.51 2008-06-28
- * Add onboot option to fixfiles from Dan Walsh.
- * Change restorecon.init to not run on boot by default from Dan Walsh.
-
-2.0.50 2008-06-30
- * Fix audit2allow generation of role-type rules from Karl MacMillan.
-
-2.0.49 2008-05-16
- * Remove security_check_context calls for prefix validation from semanage.
-
-2.0.48 2008-05-16
- * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
-
-2.0.47 2008-04-18
- * Update semanage man page for booleans from Dan Walsh.
- * Add further error checking to seobject.py for setting booleans.
-
-2.0.46 2008-03-18
- * Update audit2allow to report dontaudit cases from Dan Walsh.
-
-2.0.45 2008-03-18
- * Fix semanage port to use --proto from Caleb Case.
-
-2.0.44 2008-02-22
- * Fixed semodule to correctly handle error when unable to create a handle.
-
-2.0.43 2008-02-08
- * Merged fix fixfiles option processing from Vaclav Ovsik.
-
-2.0.42 2008-02-02
- * Make semodule_expand use sepol_set_expand_consume_base to reduce
- peak memory usage.
-
-2.0.41 2008-01-28
- * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
-
-2.0.40 2008-01-25
- * Merged a second fixfiles -C fix from Marshall Miller.
-
-2.0.39 2008-01-24
- * Merged fixfiles -C fix from Marshall Miller.
-
-2.0.38 2008-01-24
- * Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
- * Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
- * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
-
-2.0.37 2008-01-23
- * Merged replacement for audit2why from Dan Walsh.
-
-2.0.36 2008-01-23
- * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
-
-2.0.35 2007-12-21
- * Merged support for non-interactive newrole command invocation from Tim Reed.
-
-2.0.34 2007-12-14
- * Update Makefile to not build restorecond if
- /usr/include/sys/inotify.h is not present
-
-2.0.33 2007-12-07
- * Drop verbose output on fixfiles -C from Dan Walsh.
- * Fix argument handling in fixfiles from Dan Walsh.
- * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
-
-2.0.32 2007-10-16
- * load_policy initial load option from Chad Sellers.
-
-2.0.31 2007-10-15
- * Fix semodule option handling from Dan Walsh.
-
-2.0.30 2007-10-11
- * Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
-
-2.0.29 2007-10-05
- * Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
-
-2.0.28 2007-10-05
- * Update semodule man page for -D from Dan Walsh.
- * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
-
-2.0.27 2007-09-19
- * Improve semodule reporting of system errors from Stephen Smalley.
-
-2.0.26 2007-09-18
- * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
-
-2.0.25 2007-08-23
- * Remove genhomedircon script (functionality is now provided
- within libsemanage) from Todd Miller.
-
-2.0.24 2007-08-23
- * Fix genhomedircon searching for USER from Todd Miller
- * Install run_init with mode 0755 from Dan Walsh.
- * Fix chcat from Dan Walsh.
- * Fix fixfiles pattern expansion and error reporting from Dan Walsh.
- * Optimize genhomedircon to compile regexes once from Dan Walsh.
- * Fix semanage gettext call from Dan Walsh.
-
-2.0.23 2007-08-16
- * Disable dontaudits via semodule -D
-
-2.0.22 2007-06-20
- * Rebase setfiles to use new labeling interface.
-
-2.0.21 2007-06-13
- * Fixed setsebool (falling through to error path on success).
-
-2.0.20 2007-06-05
- * Merged genhomedircon fixes from Dan Walsh.
- * Merged setfiles -c usage fix from Dan Walsh.
- * Merged restorecon fix from Yuichi Nakamura.
- * Dropped -lsepol where no longer needed.
-
-2.0.19 2007-05-11
- * Merge newrole support for alternate pam configs from Ted X Toth.
-
-2.0.18 2007-05-11
- * Merged merging of restorecon into setfiles from Stephen Smalley.
-
-2.0.17 2007-05-09
- * Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
-
-2.0.16 2007-05-03
- * Merged support for modifying the prefix via semanage from Dan Walsh.
-
-2.0.15 2007-04-26
- * Merged move of audit2why to /usr/bin from Dan Walsh.
-
-2.0.14 2007-04-25
- * Build fix for setsebool.
-
-2.0.13 2007-04-24
- * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
-
-2.0.12 2007-04-24
- * Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
-
-2.0.11 2007-04-24
- * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
-
-2.0.10 2007-04-24
- * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
-
-2.0.9 2007-04-12
- * Merged seobject setransRecords patch to return the first alias from Xavier Toth.
-
-2.0.8 2007-04-10
- * Merged updates to sepolgen-ifgen from Karl MacMillan.
-
-2.0.7 2007-03-01
- * Merged restorecond init script LSB compliance patch from Steve Grubb.
-
-2.0.6 2007-02-22
- * Merged newrole O_NONBLOCK fix from Linda Knippers.
-
-2.0.5 2007-02-22
- * Merged sepolgen and audit2allow patches to leave generated files
- in the current directory from Karl MacMillan.
-
-2.0.4 2007-02-22
- * Merged restorecond memory leak fix from Steve Grubb.
-
-2.0.3 2007-02-21
- * Merged translations update from Dan Walsh.
- * Merged chcat fixes from Dan Walsh.
- * Merged man page fixes from Dan Walsh.
- * Merged seobject prefix validity checking from Dan Walsh.
-
-2.0.2 2007-02-20
- * Merged seobject exception handler fix from Caleb Case.
- * Merged setfiles memory leak patch from Todd Miller.
-
-2.0.1 2007-02-08
- * Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
-
-2.0.0 2007-02-05
- * Merged new audit2allow from Karl MacMillan.
- This audit2allow depends on the new sepolgen python module.
- Note that you must run the sepolgen-ifgen tool to generate
- the data needed by audit2allow to generate refpolicy.
-
-1.34.1 2007-01-22
- * Fixed newrole non-pam build.
-
-1.34.0 2007-01-18
- * Updated version for stable branch.
-
-1.33.16 2007-01-18
- * Merged po file updates from Dan Walsh.
- * Removed update-po from all target in po/Makefile.
-
-1.33.15 2007-01-17
- * Merged unicode-to-string fix for seobject audit from Dan Walsh.
- * Merged man page updates to make "apropos selinux" work from Dan Walsh.
-
-1.33.14 2007-01-16
- * Merged newrole man page patch from Michael Thompson.
-
-1.33.13 2007-01-16
- * Merged patch to fix python unicode problem from Dan Walsh.
-
-1.33.12 2007-01-11
- * Merged newrole securetty check from Dan Walsh.
- * Merged semodule patch to generalize list support from Karl MacMillan.
-
-1.33.11 2007-01-09
- * Merged fixfiles and seobject fixes from Dan Walsh.
- * Merged semodule support for list of modules after -i from Karl MacMillan.
-
-1.33.10 2007-01-08
- * Merged patch to correctly handle a failure during semanage handle
- creation from Karl MacMillan.
-
-1.33.9 2007-01-05
- * Merged patch to fix seobject role modification from Dan Walsh.
-
-1.33.8 2007-01-04
- * Merged patches from Dan Walsh to:
- - omit the optional name from audit2allow
- - use the installed python version in the Makefiles
- - re-open the tty with O_RDWR in newrole
-
-1.33.7 2007-01-03
- * Patch from Dan Walsh to correctly suppress warnings in load_policy.
-
-1.33.6 2006-11-29
- * Patch from Dan Walsh to add an pam_acct_msg call to run_init
- * Patch from Dan Walsh to fix error code returns in newrole
- * Patch from Dan Walsh to remove verbose flag from semanage man page
- * Patch from Dan Walsh to make audit2allow use refpolicy Makefile
- in /usr/share/selinux/<SELINUXTYPE>
-
-1.33.5 2006-11-27
- * Merged patch from Michael C Thompson to clean up genhomedircon
- error handling.
-1.33.4 2006-11-21
- * Merged po file updates from Dan Walsh.
-
-1.33.3 2006-11-21
- * Merged setsebool patch from Karl MacMillan.
- This fixes a bug reported by Yuichi Nakamura with
- always setting booleans persistently on an unmanaged system.
-
-1.33.2 2006-11-20
- * Merged patch from Dan Walsh (via Karl MacMillan):
- * Added newrole audit message on login failure
- * Add /var/log/wtmp to restorecond.conf watch list
- * Fix genhomedircon, semanage, semodule_expand man pages.
-
-1.33.1 2006-11-13
- * Merged newrole patch set from Michael Thompson.
-
-1.32 2006-10-17
- * Updated version for release.
-
-1.30.31 2006-10-17
- * Merged audit2allow -l fix from Yuichi Nakamura.
- * Merged restorecon -i and -o - support from Karl MacMillan.
- * Merged semanage/seobject fix from Dan Walsh.
- * Merged fixfiles -R and verify changes from Dan Walsh.
-
-1.30.30 2006-09-29
- * Merged newrole auditing of failures due to user actions from
- Michael Thompson.
-
-1.30.29 2006-09-13
- * Man page corrections from Dan Walsh
- * Change all python invocations to /usr/bin/python -E
- * Add missing getopt flags to genhomedircon
-
-1.30.28 2006-09-01
- * Merged fix for restorecon // handling from Erich Schubert.
- * Merged translations update and fixfiles fix from Dan Walsh.
-
-1.30.27 2006-08-24
- * Merged fix for restorecon symlink handling from Erich Schubert.
-
-1.30.26 2006-08-11
- * Merged semanage local file contexts patch from Chris PeBenito.
-
-1.30.25 2006-08-03
- * Merged patch from Dan Walsh with:
- * audit2allow: process MAC_POLICY_LOAD events
- * newrole: run shell with - prefix to start a login shell
- * po: po file updates
- * restorecond: bail if SELinux not enabled
- * fixfiles: omit -q
- * genhomedircon: fix exit code if non-root
- * semodule_deps: install man page
-
-1.30.24 2006-08-03
- * Merged secon Makefile fix from Joshua Brindle.
-
-1.30.23 2006-08-03
- * Merged netfilter contexts support patch from Chris PeBenito.
-
-1.30.22 2006-07-28
- * Merged restorecond size_t fix from Joshua Brindle.
-
-1.30.21 2006-07-28
- * Merged secon keycreate patch from Michael LeMay.
-
-1.30.20 2006-07-26
- * Merged restorecond fixes from Dan Walsh.
- Merged updated po files from Dan Walsh.
-
-1.30.19 2006-07-26
- * Merged python gettext patch from Stephen Bennett.
-
-1.30.18 2006-07-25
- * Merged semodule_deps from Karl MacMillan.
-
-1.30.17 2006-06-29
- * Lindent.
-
-1.30.16 2006-06-26
- * Merged patch from Dan Walsh with:
- * -p option (progress) for setfiles and restorecon.
- * disable context translation for setfiles and restorecon.
- * on/off values for setsebool.
-
-1.30.15 2006-06-26
- * Merged setfiles and semodule_link fixes from Joshua Brindle.
-
-1.30.14 2006-06-16
- * Merged fix for setsebool error path from Serge Hallyn.
-
-1.30.13 2006-06-16
- * Merged patch from Dan Walsh with:
- * Updated po files.
- * Fixes for genhomedircon and seobject.
- * Audit message for mass relabel by setfiles.
-
-1.30.12 2006-06-02
- * Updated fixfiles script for new setfiles location in /sbin.
-
-1.30.11 2006-05-26
- * Merged more translations from Dan Walsh.
- * Merged patch to relocate setfiles to /sbin for early relabel
- when /usr might not be mounted from Dan Walsh.
- * Merged semanage/seobject patch to preserve fcontext ordering in list.
- * Merged secon patch from James Antill.
-
-1.30.10 2006-05-22
- * Merged patch with updates to audit2allow, secon, genhomedircon,
- and semanage from Dan Walsh.
-
-1.30.9 2006-05-08
- * Fixed audit2allow and po Makefiles for DESTDIR= builds.
- * Merged .po file patch from Dan Walsh.
- * Merged bug fix for genhomedircon.
-
-1.30.8 2006-05-08
- * Merged patch from Dan Walsh.
- This includes audit2allow changes for analysis plugins,
- internationalization support for several additional programs
- and added po files, some fixes for semanage, and several cleanups.
- It also adds a new secon utility.
-
-1.30.7 2006-05-05
- * Merged fix warnings patch from Karl MacMillan.
-
-1.30.6 2006-04-14
- * Merged semanage prefix support from Russell Coker.
-
-1.30.5 2006-04-11
- * Added a test to setfiles to check that the spec file is
- a regular file.
-
-1.30.4 2006-03-29
- * Merged audit2allow fixes for refpolicy from Dan Walsh.
- * Merged fixfiles patch from Dan Walsh.
- * Merged restorecond daemon from Dan Walsh.
-
-1.30.3 2006-03-29
- * Merged semanage non-MLS fixes from Chris PeBenito.
-
-1.30.2 2006-03-29
- * Merged semanage and semodule man page examples from Thomas Bleher.
-
-1.30.1 2006-03-20
- * Merged semanage labeling prefix patch from Ivan Gyurdiev.
-
-1.30 2006-03-14
- * Updated version for release.
-
-1.29.28 2006-03-13
- * Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
-
-1.29.27 2006-03-08
- * Merged audit2allow -R support, chcat fix, semanage MLS checks
- and semanage audit calls from Dan Walsh.
-
-1.29.26 2006-02-15
- * Merged semanage bug fix patch from Ivan Gyurdiev.
-
-1.29.25 2006-02-14
- * Merged improve bindings patch from Ivan Gyurdiev.
-
-1.29.24 2006-02-14
- * Merged semanage usage patch from Ivan Gyurdiev.
- * Merged use PyList patch from Ivan Gyurdiev.
-
-1.29.23 2006-02-13
- * Merged newrole -V/--version support from Glauber de Oliveira Costa.
-
-1.29.22 2006-02-13
- * Merged genhomedircon prefix patch from Dan Walsh.
-
-1.29.21 2006-02-13
- * Merged optionals in base patch from Joshua Brindle.
-
-1.29.20 2006-02-07
- * Merged seuser/user_extra support patch to semodule_package
- from Joshua Brindle.
-
-1.29.19 2006-02-06
- * Merged getopt type fix for semodule_link/expand and sestatus
- from Chris PeBenito.
-
-1.29.18 2006-02-02
- * Merged clone record on set_con patch from Ivan Gyurdiev.
-
-1.29.17 2006-01-30
- * Merged genhomedircon fix from Dan Walsh.
-
-1.29.16 2006-01-30
- * Merged seusers.system patch from Ivan Gyurdiev.
- * Merged improve port/fcontext API patch from Ivan Gyurdiev.
- * Merged genhomedircon patch from Dan Walsh.
-
-1.29.15 2006-01-27
- * Merged newrole audit patch from Steve Grubb.
-
-1.29.14 2006-01-27
- * Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
-
-1.29.13 2006-01-27
- * Merged semanage and semodule access check patches from Joshua Brindle.
-
-1.29.12 2006-01-26
- * Merged restorecon, chcat, and semanage patches from Dan Walsh.
-
-1.29.11 2006-01-25
- * Modified newrole and run_init to use the loginuid when
- supported to obtain the Linux user identity to re-authenticate,
- and to fall back to real uid. Dropped the use of the SELinux
- user identity, as Linux users are now mapped to SELinux users
- via seusers and the SELinux user identity space is separate.
-
-1.29.10 2006-01-20
- * Merged semanage bug fixes from Ivan Gyurdiev.
- * Merged semanage fixes from Russell Coker.
- * Merged chcat.8 and genhomedircon patches from Dan Walsh.
-
-1.29.9 2006-01-19
- * Merged chcat, semanage, and setsebool patches from Dan Walsh.
-
-1.29.8 2006-01-18
- * Merged semanage fixes from Ivan Gyurdiev.
- * Merged semanage fixes from Russell Coker.
- * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
-
-1.29.7 2006-01-13
- * Merged newrole cleanup patch from Steve Grubb.
- * Merged setfiles/restorecon performance patch from Russell Coker.
- * Merged genhomedircon and semanage patches from Dan Walsh.
-
-1.29.6 2006-01-12
- * Merged remove add_local/set_local patch from Ivan Gyurdiev.
-
-1.29.5 2006-01-05
- * Added filename to semodule error reporting.
-
-1.29.4 2006-01-05
- * Merged genhomedircon and semanage patch from Dan Walsh.
- * Changed semodule error reporting to include argv[0].
-
-1.29.3 2006-01-04
- * Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
- * Merged patch series from Ivan Gyurdiev.
- This includes patches to:
- - cleanup setsebool
- - update setsebool to apply active booleans through libsemanage
- - update semodule to use the new semanage_set_rebuild() interface
- - fix various bugs in semanage
- * Merged patch from Dan Walsh (Red Hat).
- This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
- and semanage.
-
-1.29.2 2005-12-14
- * Merged patch for chcat script from Dan Walsh.
-
-1.29.1 2005-12-08
- * Merged fix for audit2allow long option list from Dan Walsh.
- * Merged -r option for restorecon (alias for -R) from Dan Walsh.
- * Merged chcat script and man page from Dan Walsh.
-
-1.28 2005-12-07
- * Updated version for release.
-
-1.27.37 2005-12-07
- * Clarified the genhomedircon warning message.
-
-1.27.36 2005-12-05
- * Changed genhomedircon to warn on use of ROLE in homedir_template
- if using managed policy, as libsemanage does not yet support it.
-
-1.27.35 2005-12-02
- * Merged genhomedircon bug fix from Dan Walsh.
-
-1.27.34 2005-12-02
- * Revised semodule* man pages to refer to checkmodule and
- to include example sections.
-
-1.27.33 2005-12-01
- * Merged audit2allow --tefile and --fcfile support from Dan Walsh.
- * Merged genhomedircon fix from Dan Walsh.
- * Merged semodule* man pages from Dan Walsh, and edited them.
-
-1.27.32 2005-12-01
- * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
- retain validation/canonicalization of contexts during init.
-
-1.27.31 2005-11-29
- * Changed genhomedircon to always use user_r for the role in the
- managed case since user_get_defrole is broken.
-
-1.27.30 2005-11-29
- * Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
- * Fixed semodule -v option.
-
-1.27.29 2005-11-28
- * Merged audit2allow python script from Dan Walsh.
- (old script moved to audit2allow.perl, will be removed later).
- * Merged genhomedircon fixes from Dan Walsh.
- * Merged semodule quieting patch from Dan Walsh
- (inverts default, use -v to restore original behavior).
-
-1.27.28 2005-11-15
- * Merged genhomedircon rewrite from Dan Walsh.
-
-1.27.27 2005-11-09
- * Merged setsebool cleanup patch from Ivan Gyurdiev.
-
-1.27.26 2005-11-09
- * Added -B (--build) option to semodule to force a rebuild.
-
-1.27.25 2005-11-08
- * Reverted setsebool patch to call semanage_set_reload_bools().
- * Changed setsebool to disable policy reload and to call
- security_set_boolean_list to update the runtime booleans.
-
-1.27.24 2005-11-08
- * Changed setfiles -c to use new flag to set_matchpathcon_flags()
- to disable context translation by matchpathcon_init().
-
-1.27.23 2005-11-07
- * Changed setfiles for the context canonicalization support.
-
-1.27.22 2005-11-07
- * Changed setsebool to call semanage_is_managed() interface
- and fall back to security_set_boolean_list() if policy is
- not managed.
-
-1.27.21 2005-11-07
- * Merged setsebool memory leak fix from Ivan Gyurdiev.
- * Merged setsebool patch to call semanage_set_reload_bools()
- interface from Ivan Gyurdiev.
-
-1.27.20 2005-11-04
- * Merged setsebool patch from Ivan Gyurdiev.
- This moves setsebool from libselinux/utils to policycoreutils,
- and rewrites it to use libsemanage for permanent boolean changes.
-
-1.27.19 2005-10-25
- * Merged semodule support for reload, noreload, and store options
- from Joshua Brindle.
- * Merged semodule_package rewrite from Joshua Brindle.
-
-1.27.18 2005-10-20
- * Cleaned up usage and error messages and releasing of memory by
- semodule_* utilities.
-
-1.27.17 2005-10-20
- * Corrected error reporting by semodule.
-
-1.27.16 2005-10-19
- * Updated semodule_expand for change to sepol interface.
-
-1.27.15 2005-10-19
- * Merged fixes for make DESTDIR= builds from Joshua Brindle.
-
-1.27.14 2005-10-18
- * Updated semodule_package for sepol interface changes.
-
-1.27.13 2005-10-17
- * Updated semodule_expand/link for sepol interface changes.
-
-1.27.12 2005-10-14
- * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
-
-1.27.11 2005-10-13
- * Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
-
-1.27.10 2005-10-13
- * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
-
-1.27.9 2005-10-13
- * Merged fixfiles patch from Dan Walsh (Red Hat).
-
-1.27.8 2005-10-13
- * Updated semodule for removal of semanage_strerror.
-
-1.27.7 2005-10-11
- * Updated semodule_link and semodule_expand to use shared libsepol.
- Fixed audit2why to call policydb_init prior to policydb_read (still
- uses the static libsepol).
-
-1.27.6 2005-10-07
- * Updated for changes to libsepol.
- Changed semodule and semodule_package to use the shared libsepol.
- Disabled build of semodule_link and semodule_expand for now.
- Updated audit2why for relocated policydb internal headers,
- still needs to be converted to a shared lib interface.
-
-1.27.5 2005-10-06
- * Fixed warnings in load_policy.
-
-1.27.4 2005-10-06
- * Rewrote load_policy to use the new selinux_mkload_policy()
- interface provided by libselinux.
-
-1.27.3 2005-09-28
- * Merged patch to update semodule to the new libsemanage API
- and improve the user interface from Karl MacMillan (Tresys).
- * Modified semodule for the create/connect API split.
-
-1.27.2 2005-09-20
- * Merged run_init open_init_pty bug fix from Manoj Srivastava
- (unblock SIGCHLD). Bug reported by Erich Schubert.
-
-1.27.1 2005-09-20
- * Merged error shadowing bug fix for restorecon from Dan Walsh.
- * Merged setfiles usage/man page update for -r option from Dan Walsh.
- * Merged fixfiles -C patch to ignore :s0 addition on update
- to a MCS/MLS policy from Dan Walsh.
-
-1.26 2005-09-06
- * Updated version for release.
-
-1.25.9 2005-08-31
- * Changed setfiles -c to translate the context to raw format
- prior to calling libsepol.
-
-1.25.8 2005-08-31
- * Changed semodule to report errors even without -v,
- to detect extraneous arguments, and corrected usage message.
-
-1.25.7 2005-08-25
- * Merged patch for fixfiles -C from Dan Walsh.
-
-1.25.6 2005-08-22
- * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
- Bugs found by Coverity.
-
-1.25.5 2005-08-02
- * Merged patch to move module read/write code from libsemanage
- to libsepol from Jason Tang (Tresys).
-
-1.25.4 2005-07-27
- * Changed semodule* to link with libsemanage.
-
-1.25.3 2005-07-26
- * Merged restorecon patch from Ivan Gyurdiev.
-
-1.25.2 2005-07-11
- * Merged load_policy, newrole, and genhomedircon patches from Red Hat.
-
-1.25.1 2005-07-06
- * Merged loadable module support from Tresys Technology.
-
-1.24 2005-06-20
- * Updated version for release.
-
-1.23.11 2005-05-19
- * Merged fixfiles and newrole patch from Dan Walsh.
- * Merged audit2why man page from Dan Walsh.
-
-1.23.10 2005-05-16
- * Extended audit2why to incorporate booleans and local user
- settings when analyzing audit messages.
-
-1.23.9 2005-05-13
- * Updated audit2why for sepol_ prefixes on Flask types to
- avoid namespace collision with libselinux, and to
- include now.
-
-1.23.8 2005-05-13
- * Added audit2why utility.
-
-1.23.7 2005-04-29
- * Merged patch for fixfiles from Dan Walsh.
- Allow passing -F to force reset of customizable contexts.
-
-1.23.6 2005-04-13
- * Fixed signed/unsigned pointer bug in load_policy.
- * Reverted context validation patch for genhomedircon.
-
-1.23.5 2005-04-12
- * Reverted load_policy is_selinux_enabled patch from Dan Walsh.
- Otherwise, an initial policy load cannot be performed using
- load_policy, e.g. for anaconda.
-
-1.23.4 2005-04-08
- * Merged load_policy is_selinux_enabled patch from Dan Walsh.
- * Merged restorecon verbose output patch from Dan Walsh.
- * Merged setfiles altroot patch from Chris PeBenito.
-
-1.23.3 2005-03-17
- * Merged context validation patch for genhomedircon from Eric Paris.
-
-1.23.2 2005-03-16
- * Changed setfiles -c to call set_matchpathcon_flags(3) to
- turn off processing of .homedirs and .local.
-
-1.23.1 2005-03-14
- * Merged rewrite of genhomedircon by Eric Paris.
- * Changed fixfiles to relabel jfs since it now supports security xattrs
- (as of 2.6.11). Removed reiserfs until 2.6.12 is released with
- fixed support for reiserfs and selinux.
-
-1.22 2005-03-09
- * Updated version for release.
-
-1.21.22 2005-03-07
- * Merged restorecon and genhomedircon patch from Dan Walsh.
-
-1.21.21 2005-02-28
- * Merged load_policy and genhomedircon patch from Dan Walsh.
-
-1.21.20 2005-02-24
- * Merged fixfiles and genhomedircon patch from Dan Walsh.
-
-1.21.19 2005-02-22
- * Merged several fixes from Ulrich Drepper.
-
-1.21.18 2005-02-18
- * Changed load_policy to fall back to the original policy upon
- an error from sepol_genusers().
-
-1.21.17 2005-02-17
- * Merged new genhomedircon script from Dan Walsh.
-
-1.21.16 2005-02-17
- * Changed load_policy to call sepol_genusers().
-
-1.21.15 2005-02-09
- * Changed relabel Makefile target to use restorecon.
-
-1.21.14 2005-02-08
- * Merged restorecon patch from Dan Walsh.
-
-1.21.13 2005-02-07
- * Merged sestatus patch from Dan Walsh.
- * Merged further change to fixfiles -C from Dan Walsh.
-
-1.21.12 2005-02-02
- * Merged further patches for restorecon/setfiles -e and fixfiles -C.
-
-1.21.11 2005-02-02
- * Merged patch for fixfiles -C option from Dan Walsh.
- * Merged patch -e support for restorecon from Dan Walsh.
- * Merged updated -e support for setfiles from Dan Walsh.
-
-1.21.10 2005-01-31
- * Merged patch for open_init_pty from Manoj Srivastava.
-
-1.21.9 2005-01-28
- * Merged updated fixfiles script from Dan Walsh.
- * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
- * Reverted fixfiles patch for file_contexts.local;
- obsoleted by setfiles rewrite.
- * Merged error handling patch for restorecon from Dan Walsh.
- * Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
-
-1.21.8 2005-01-28
- * Rewrote setfiles to use matchpathcon and the new interfaces
- exported by libselinux (>= 1.21.5).
-
-1.21.7 2005-01-27
- * Prevent overflow of spec array in setfiles.
-
-1.21.6 2005-01-27
- * Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
-
-1.21.5 2005-01-26
- * Merged newrole -l support from Darrel Goeddel (TCS).
-
-1.21.4 2005-01-25
- * Merged fixfiles patch for file_contexts.local from Dan Walsh.
-
-1.21.3 2005-01-21
- * Fixed restorecon to not treat errors from is_context_customizable()
- as a customizable context.
- * Merged setfiles/restorecon patch to not reset user field unless
- -F option is specified from Dan Walsh.
-
-1.21.2 2005-01-21
- * Merged open_init_pty helper for run_init from Manoj Srivastava.
- * Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
-
-1.21.1 2005-01-19
- * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
-
-1.20 2005-01-06
- * Merged fixfiles rewrite from Dan Walsh.
- * Merged restorecon patch from Dan Walsh.
- * Merged fixfiles and restorecon patches from Dan Walsh.
- * Changed restorecon to ignore ENOENT errors from matchpathcon.
- * Merged nonls patch from Chris PeBenito.
- * Removed fixfiles.cron.
- * Merged run_init.8 patch from Dan Walsh.
-
-1.18 2004-11-01
- * Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
- * Merged sestatus patch from Steve Grubb.
- * Merged fixfiles patch from Dan Walsh.
- * Added -l option to setfiles to log changes via syslog.
- * Merged -e option to setfiles to exclude directories.
- * Merged -R option to restorecon for recursive descent.
- * Merged sestatus patch from Steve Grubb via Dan Walsh.
- * Merged load_policy and fixfiles.cron patches from Dan Walsh.
- * Merged fix for setfiles context validation patch from Colin Walters.
- * Merged setfiles context validation patch from Colin Walters.
- * Merged genhomedircon patch from Russell Coker.
- * Merged restorecon patch from Russell Coker.
-
-1.16 2004-08-13
- * Merged audit2allow fix from Tom London.
- * Merged load_policy man page from Dan Walsh.
- * Merged newrole bug fix from Chad Hanson.
- * Changed load_policy to preserve booleans by default.
- * Changed load_policy to invoke sepol_genbools() instead.
- * Changed load_policy to also invoke security_load_booleans().
- * Merged genhomedircon fixes from Dan Walsh.
- * Changed restorecon to use realpath.
- * Merged fixfiles patch from Dan Walsh.
- * Merged genhomedircon patch from Russell Coker and Dan Walsh.
- * Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
- * Merged stat fix for setfiles -s from Russell Coker.
-
-1.14 2004-06-25
- * Merged fix for fixfiles.
- * Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
- * Merged updated genhomedircon script from Russell Coker.
- * Merged run_init patch to find initrc_context from Dan Walsh.
- * Merged fixfiles patch for /etc/selinux from Dan Walsh.
- * Merged restorecon patch from Dan Walsh.
- * Merged fixfiles patch from Dan Walsh.
-
-1.12 2004-05-10
- * Merged newrole patch from Colin Walters.
- * Merged fixfiles from Dan Walsh.
-
-1.10 2004-04-05
- * Changed setfiles to not abort upon lsetfilecon failures.
- * Merged sestatus from Chris PeBenito.
- * Merged fixes for restorecon.
- * Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
- * Merged restorecon patch from Dan Walsh.
- * Revert add_assoc change from setfiles.
- * Moved restorecon to /sbin.
- * Disable add_assoc in setfiles by default, use -a to enable.
- * Merged genhomedircon patch from Dan Walsh.
- * Merged restorecon patch from Dan Walsh.
- * Merged setfiles buffer size change from Dan Walsh.
- * Merged genhomedircon fix from Karl MacMillan of Tresys.
- This generates separate lines for each prefix.
-
-1.8 2004-03-09
- * Merged genhomedircon patch from Karl MacMillan of Tresys.
- * Removed checkcon script (obsoleted by restorecon -nv).
- * Replaced restorecon script with C program from Dan Walsh.
- Uses the new matchpathcon function from libselinux.
-
-1.6 2004-02-18
- * Fixed setfiles sorting problem reported by Colin Walters.
- * Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
- * Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
- * Quiet warning about duplicate same specifications if -q is used.
- * Fixed usage message of audit2allow.
-
-1.4 2003-12-01
- * Merged patch from Russell Coker.
- * Added audit2allow (formerly newrules.pl from policy).
- * Dropped -lattr from Makefiles.
- * Merged setfiles check type first patch by Russell Coker.
-
-1.2 2003-09-30
- * Merged run_init close file patch from Chris PeBenito.
- * Merged setfiles stem compression patch by Russell Coker.
- * Merged setfiles usage/getopt/err patch by Russell Coker.
- * Merged setfiles altroot patch by Hardened Gentoo team.
- * Merged i18n patch by Dan Walsh.
- * Changed Makefiles to allow non-root rpm builds.
-
-1.1 2003-08-13
- * Dropped obsolete psid code from setfiles.
-
-1.0 2003-07-11
- * Initial public release.
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/ChangeLog new/policycoreutils-2.0.62/ChangeLog
--- old/policycoreutils-2.0.61/ChangeLog 2009-01-13 14:45:56.000000000 +0100
+++ new/policycoreutils-2.0.62/ChangeLog 2009-02-18 22:45:00.000000000 +0100
@@ -1,3 +1,11 @@
+2.0.62 2009-02-19
+ * Add btrfs to fixfiles from Dan Walsh.
+ * Remove restorecond error for matching globs with multiple hard links
+ and fix some error messages from Dan Walsh.
+ * Make removing a non-existant module a warning rather than an error
+ from Dan Walsh.
+ * Man page fixes from Dan Walsh.
+
2.0.61 2009-01-12
* chcat: cut categories at arbitrary point (25) from Dan Walsh
* semodule: use new interfaces in libsemanage for compressed files
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/VERSION new/policycoreutils-2.0.62/VERSION
--- old/policycoreutils-2.0.61/VERSION 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/VERSION 2009-02-18 22:45:01.000000000 +0100
@@ -1 +1 @@
-2.0.61
+2.0.62
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/audit2allow/audit2allow.1 new/policycoreutils-2.0.62/audit2allow/audit2allow.1
--- old/policycoreutils-2.0.61/audit2allow/audit2allow.1 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/audit2allow/audit2allow.1 2009-02-18 22:45:01.000000000 +0100
@@ -75,9 +75,6 @@
Generate reference policy using installed macros.
This attempts to match denials against interfaces and may be inaccurate.
.TP
-.B "\-t " | "\-\-tefile"
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
-.TP
.B "\-w" | "\-\-why"
Translates SELinux audit messages into a description of why the access was denied
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/restorecond/Makefile new/policycoreutils-2.0.62/restorecond/Makefile
--- old/policycoreutils-2.0.61/restorecond/Makefile 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/restorecond/Makefile 2009-02-18 22:45:01.000000000 +0100
@@ -20,7 +20,7 @@
install -m 755 restorecond $(SBINDIR)
install -m 644 restorecond.8 $(MANDIR)/man8
-mkdir -p $(INITDIR)
- install -m 644 restorecond.init $(INITDIR)/restorecond
+ install -m 755 restorecond.init $(INITDIR)/restorecond
-mkdir -p $(SELINUXDIR)
install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/restorecond/restorecond.c new/policycoreutils-2.0.62/restorecond/restorecond.c
--- old/policycoreutils-2.0.61/restorecond/restorecond.c 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/restorecond/restorecond.c 2009-02-18 22:45:01.000000000 +0100
@@ -1,7 +1,7 @@
/*
* restorecond
*
- * Copyright (C) 2006 Red Hat
+ * Copyright (C) 2006-2009 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or
@@ -75,7 +75,7 @@
static int debug_mode = 0;
static int verbose_mode = 0;
-static void restore(const char *filename);
+static void restore(const char *filename, int exact);
struct watchList {
struct watchList *next;
@@ -113,12 +113,13 @@
printf("%d: File=%s\n", wd, file);
while (ptr != NULL) {
if (ptr->wd == wd) {
- if (strings_list_find(ptr->files, file) == 0) {
+ int exact=0;
+ if (strings_list_find(ptr->files, file, &exact) == 0) {
char *path = NULL;
if (asprintf(&path, "%s/%s", ptr->dir, file) <
0)
exitApp("Error allocating memory.");
- restore(path);
+ restore(path, exact);
free(path);
return 0;
}
@@ -155,7 +156,7 @@
Set the file context to the default file context for this system.
Same as restorecon.
*/
-static void restore(const char *filename)
+static void restore(const char *filename, int exact)
{
int retcontext = 0;
security_context_t scontext = NULL;
@@ -181,9 +182,11 @@
}
if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
- syslog(LOG_ERR,
- "Will not restore a file with more than one hard link (%s) %s\n",
- filename, strerror(errno));
+ if (exact) {
+ syslog(LOG_ERR,
+ "Will not restore a file with more than one hard link (%s) %s\n",
+ filename, strerror(errno));
+ }
close(fd);
return;
}
@@ -283,6 +286,8 @@
inotify_rm_watch(fd, master_wd);
master_wd =
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
}
/*
@@ -396,7 +401,7 @@
char *file = basename(path);
ptr = firstDir;
- restore(path);
+ restore(path, 1);
while (ptr != NULL) {
if (strcmp(dir, ptr->dir) == 0) {
@@ -411,7 +416,14 @@
if (!ptr)
exitApp("Out of Memory");
+
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+ if (ptr->wd == -1) {
+ free(ptr);
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+ path, strerror(errno));
+ return;
+ }
ptr->dir = strdup(dir);
if (!ptr->dir)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/restorecond/restorecond.conf new/policycoreutils-2.0.62/restorecond/restorecond.conf
--- old/policycoreutils-2.0.61/restorecond/restorecond.conf 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/restorecond/restorecond.conf 2009-02-18 22:45:01.000000000 +0100
@@ -5,4 +5,3 @@
/var/run/utmp
/var/log/wtmp
~/*
-~/.mozilla/plugins/libflashplayer.so
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/restorecond/stringslist.c new/policycoreutils-2.0.62/restorecond/stringslist.c
--- old/policycoreutils-2.0.61/restorecond/stringslist.c 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/restorecond/stringslist.c 2009-02-18 22:45:01.000000000 +0100
@@ -55,9 +55,10 @@
*list = newptr;
}
-int strings_list_find(struct stringsList *ptr, const char *string)
+int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
{
while (ptr) {
+ *exact = strcmp(ptr->string, string) == 0;
int cmp = fnmatch(ptr->string, string, 0);
if (cmp == 0)
return 0; /* Match found */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/restorecond/stringslist.h new/policycoreutils-2.0.62/restorecond/stringslist.h
--- old/policycoreutils-2.0.61/restorecond/stringslist.h 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/restorecond/stringslist.h 2009-02-18 22:45:01.000000000 +0100
@@ -31,7 +31,7 @@
void strings_list_free(struct stringsList *list);
void strings_list_add(struct stringsList **list, const char *string);
void strings_list_print(struct stringsList *list);
-int strings_list_find(struct stringsList *list, const char *string);
+int strings_list_find(struct stringsList *list, const char *string, int *exact);
int strings_list_diff(struct stringsList *from, struct stringsList *to);
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/restorecond/utmpwatcher.c new/policycoreutils-2.0.62/restorecond/utmpwatcher.c
--- old/policycoreutils-2.0.61/restorecond/utmpwatcher.c 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/restorecond/utmpwatcher.c 2009-02-18 22:45:01.000000000 +0100
@@ -57,7 +57,7 @@
utmp_ptr = NULL;
FILE *cfg = fopen(utmp_path, "r");
if (!cfg)
- exitApp("Error reading config file.");
+ exitApp("Error reading utmp file.");
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
if (u.ut_type == USER_PROCESS)
@@ -69,6 +69,9 @@
utmp_wd =
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
+ if (utmp_wd == -1)
+ exitApp("Error watching utmp file.");
+
if (prev_utmp_ptr) {
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
strings_list_free(prev_utmp_ptr);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/scripts/fixfiles new/policycoreutils-2.0.62/scripts/fixfiles
--- old/policycoreutils-2.0.61/scripts/fixfiles 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/scripts/fixfiles 2009-02-18 22:45:01.000000000 +0100
@@ -3,7 +3,7 @@
#
# Script to restore labels on a SELinux box
#
-# Copyright (C) 2004 Red Hat, Inc.
+# Copyright (C) 2004-2009 Red Hat, Inc.
# Authors: Dan Walsh
#
# This program is free software; you can redistribute it and/or modify
@@ -36,8 +36,8 @@
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs ).*\(ro/{print $3}';`
+FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
+FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/semanage/semanage new/policycoreutils-2.0.62/semanage/semanage
--- old/policycoreutils-2.0.61/semanage/semanage 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/semanage/semanage 2009-02-18 22:45:01.000000000 +0100
@@ -219,6 +219,7 @@
'seuser=',
'store=',
'range=',
+ 'locallist=',
'level=',
'roles=',
'type=',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/policycoreutils-2.0.61/semodule/semodule.c new/policycoreutils-2.0.62/semodule/semodule.c
--- old/policycoreutils-2.0.61/semodule/semodule.c 2009-01-13 14:45:57.000000000 +0100
+++ new/policycoreutils-2.0.62/semodule/semodule.c 2009-02-18 22:45:01.000000000 +0100
@@ -359,6 +359,9 @@
mode_arg);
}
result = semanage_module_remove(sh, mode_arg);
+ if ( result == -2 ) {
+ continue;
+ }
break;
}
case LIST_M:{
++++++ policycoreutils-gui.patch.bz2 ++++++
++++ 1377 lines (skipped)
++++ between policycoreutils/policycoreutils-gui.patch.bz2
++++ and policycoreutils/policycoreutils-gui.patch.bz2
++++++ policycoreutils-po.patch.bz2 ++++++
++++ 212071 lines (skipped)
++++ between policycoreutils/policycoreutils-po.patch.bz2
++++ and policycoreutils/policycoreutils-po.patch.bz2
++++++ policycoreutils-rhat.patch ++++++
++++ 1224 lines (skipped)
++++ between policycoreutils/policycoreutils-rhat.patch
++++ and policycoreutils/policycoreutils-rhat.patch
++++++ policycoreutils-sepolgen.patch ++++++
--- /var/tmp/diff_new_pack.qMgesj/_old 2009-07-09 10:46:38.000000000 +0200
+++ /var/tmp/diff_new_pack.qMgesj/_new 2009-07-09 10:46:38.000000000 +0200
@@ -1,6 +1,39 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
+--- nsasepolgen/src/sepolgen/access.py 2009-01-13 08:45:35.000000000 -0500
++++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py 2009-04-21 14:54:12.000000000 -0400
+@@ -313,7 +313,7 @@
+
+ def __len__(self):
+ """Return the unique number of role allow statements."""
+- return len(self.role_type.keys())
++ return len(self.role_types.keys())
+
+ def add(self, role, type):
+ if self.role_types.has_key(role):
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py 2009-04-24 13:19:39.000000000 -0400
+@@ -47,6 +47,17 @@
+ stdout=subprocess.PIPE).communicate()[0]
+ return output
+
++def get_log_msgs():
++ """Obtain all of the avc and policy load messages from /var/log/messages.
++
++ Returns:
++ string contain all of the audit messages returned by /var/log/messages.
++ """
++ import subprocess
++ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
++ stdout=subprocess.PIPE).communicate()[0]
++ return output
++
+ # Classes representing audit messages
+
+ class AuditMessage:
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
--- nsasepolgen/src/sepolgen/refparser.py 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/refparser.py 2008-12-15 15:34:55.000000000 -0500
++++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py 2009-04-21 14:54:12.000000000 -0400
@@ -919,7 +919,7 @@
def list_headers(root):
modules = []
@@ -10,24 +43,3 @@
for dirpath, dirnames, filenames in os.walk(root):
for name in filenames:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/yacc.py policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py
---- nsasepolgen/src/sepolgen/yacc.py 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/sepolgen-1.0.14/src/sepolgen/yacc.py 2008-12-15 15:34:55.000000000 -0500
-@@ -67,7 +67,7 @@
-
- error_count = 3 # Number of symbols that must be shifted to leave recovery mode
-
--import re, types, sys, cStringIO, md5, os.path
-+import re, types, sys, cStringIO, hashlib, os.path
-
- # Exception raised for yacc-related errors
- class YaccError(Exception): pass
-@@ -506,7 +506,7 @@
-
- Errorfunc = None # User defined error handler
-
-- Signature = md5.new() # Digital signature of the grammar rules, precedence
-+ Signature = hashlib.md5() # Digital signature of the grammar rules, precedence
- # and other information. Used to determined when a
- # parsing table needs to be regenerated.
-
++++++ sepolgen-1.0.14.tar.bz2 -> sepolgen-1.0.16.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.14/ChangeLog new/sepolgen-1.0.16/ChangeLog
--- old/sepolgen-1.0.14/ChangeLog 2008-12-01 17:44:58.000000000 +0100
+++ new/sepolgen-1.0.16/ChangeLog 2009-02-18 22:50:21.000000000 +0100
@@ -1,3 +1,10 @@
+1.0.16 2009-02-18
+ * Convert sepolgen to using hashlib instead of the deprecated md5
+ module from Dan Walsh.
+
+1.0.15 2009-01-12
+ * fix to return length of role dict for len(roles) from Dan Walsh.
+
1.0.14 2008-09-12
* fix multiple gen_requires block generation from Dan Walsh.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.14/VERSION new/sepolgen-1.0.16/VERSION
--- old/sepolgen-1.0.14/VERSION 2008-12-01 17:44:58.000000000 +0100
+++ new/sepolgen-1.0.16/VERSION 2009-02-18 22:50:21.000000000 +0100
@@ -1 +1 @@
-1.0.14
+1.0.16
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.14/src/sepolgen/access.py new/sepolgen-1.0.16/src/sepolgen/access.py
--- old/sepolgen-1.0.14/src/sepolgen/access.py 2008-12-01 17:44:58.000000000 +0100
+++ new/sepolgen-1.0.16/src/sepolgen/access.py 2009-02-18 22:50:21.000000000 +0100
@@ -313,7 +313,7 @@
def __len__(self):
"""Return the unique number of role allow statements."""
- return len(self.roles)
+ return len(self.role_type.keys())
def add(self, role, type):
if self.role_types.has_key(role):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sepolgen-1.0.14/src/sepolgen/yacc.py new/sepolgen-1.0.16/src/sepolgen/yacc.py
--- old/sepolgen-1.0.14/src/sepolgen/yacc.py 2008-12-01 17:44:58.000000000 +0100
+++ new/sepolgen-1.0.16/src/sepolgen/yacc.py 2009-02-18 22:50:21.000000000 +0100
@@ -67,7 +67,7 @@
error_count = 3 # Number of symbols that must be shifted to leave recovery mode
-import re, types, sys, cStringIO, md5, os.path
+import re, types, sys, cStringIO, hashlib, os.path
# Exception raised for yacc-related errors
class YaccError(Exception): pass
@@ -506,7 +506,7 @@
Errorfunc = None # User defined error handler
- Signature = md5.new() # Digital signature of the grammar rules, precedence
+ Signature = hashlib.md5() # Digital signature of the grammar rules, precedence
# and other information. Used to determined when a
# parsing table needs to be regenerated.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org