Fedora Core 6 Test Update: checkpolicy-1.32-1.fc6

Daniel Walsh dwalsh at redhat.com
Mon Nov 6 16:01:22 UTC 2006


---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2006-1175
2006-11-06
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : checkpolicy
Version     : 1.32
Release     : 1.fc6
Summary     : SELinux policy compiler
Description :
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

This package contains checkpolicy, the SELinux policy compiler.
Only required for building policies.

---------------------------------------------------------------------

* Tue Oct 17 2006 Dan Walsh <dwalsh at redhat.com> - 1.32-1
- Latest update from NSA
	* Updated version for release.
* Thu Sep 28 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.12-1
- Latest update from NSA
	* Merged user and range_transition support for modules from 
	  Darrel Goeddel
* Wed Sep  6 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.11-1
- Latest update from NSA
	* merged range_transition enhancements and user module format
	  changes from Darrel Goeddel
	* Merged symtab datum patch from Karl MacMillan.
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.30.9-1.1
- rebuild
* Tue Jul  4 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.8-1
- Latest upgrade from NSA
	* Lindent.
	* Merged patch to remove TE rule conflict checking from the parser
	  from Joshua Brindle.  This can only be done properly by the 
	  expander.
	* Merged patch to make checkpolicy/checkmodule handling of
	  duplicate/conflicting TE rules the same as the expander 
	  from Joshua Brindle.
	* Merged optionals in base take 2 patch set from Joshua Brindle.
* Tue May 23 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.5-1
- Latest upgrade from NSA
	* Merged compiler cleanup patch from Karl MacMillan.
	* Merged fix warnings patch from Karl MacMillan.
* Wed Apr  5 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.4-1
- Latest upgrade from NSA
	* Changed require_class to reject permissions that have not been
	  declared if building a base module.
* Tue Mar 28 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.3-1
- Latest upgrade from NSA
	* Fixed checkmodule to call link_modules prior to expand_module
	  to handle optionals.
	* Fixed require_class to avoid shadowing permissions already defined
	  in an inherited common definition.
* Mon Mar 27 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.1-2
- Rebuild with new libsepol
* Thu Mar 23 2006 Dan Walsh <dwalsh at redhat.com> - 1.30.1-1
- Latest upgrade from NSA
	* Moved processing of role and user require statements to 2nd pass.
* Fri Mar 17 2006 Dan Walsh <dwalsh at redhat.com> - 1.30-1
- Latest upgrade from NSA
	* Updated version for release.
	* Fixed bug in role dominance (define_role_dom).
* Fri Feb 17 2006 Dan Walsh <dwalsh at redhat.com> - 1.29.4-1
- Latest upgrade from NSA
	* Added a check for failure to declare each sensitivity in
	  a level definition.
	* Changed to clone level data for aliased sensitivities to
	  avoid double free upon sens_destroy.  Bug reported by Kevin
	  Carr of Tresys Technology.
* Mon Feb 13 2006 Dan Walsh <dwalsh at redhat.com> - 1.29.2-1
- Latest upgrade from NSA
	* Merged optionals in base patch from Joshua Brindle.
* Mon Feb 13 2006 Dan Walsh <dwalsh at redhat.com> - 1.29.1-1.2
- Need to build againi
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.29.1-1.1
- bump again for double-long bug on ppc(64)
* Tue Feb  7 2006 Dan Walsh <dwalsh at redhat.com> 1.29.1-1
- Latest upgrade from NSA
	* Merged sepol_av_to_string patch from Joshua Brindle.
* Tue Feb  7 2006 Jesse Keating <jkeating at redhat.com> - 1.28-5.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Jan 13 2006 Dan Walsh <dwalsh at redhat.com> 1.28-5
- Rebuild to get latest libsepol
* Fri Jan 13 2006 Dan Walsh <dwalsh at redhat.com> 1.28-5
- Rebuild to get latest libsepol
* Thu Jan  5 2006 Dan Walsh <dwalsh at redhat.com> 1.28-4
- Rebuild to get latest libsepol
* Wed Jan  4 2006 Dan Walsh <dwalsh at redhat.com> 1.28-3
- Rebuild to get latest libsepol
* Fri Dec 16 2005 Dan Walsh <dwalsh at redhat.com> 1.28-2
- Rebuild to get latest libsepol
* Fri Dec  9 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
* Fri Dec  9 2005 Dan Walsh <dwalsh at redhat.com> 1.28-1
- Latest upgrade from NSA
* Sun Dec  4 2005 Dan Walsh <dwalsh at redhat.com> 1.27.20-1
- Latest upgrade from NSA
	* Merged checkmodule man page from Dan Walsh, and edited it.
* Thu Dec  1 2005 Dan Walsh <dwalsh at redhat.com> 1.27.19-1
- Latest upgrade from NSA
	* Added error checking of all ebitmap_set_bit calls for out of
	  memory conditions.
	* Merged removal of compatibility handling of netlink classes
	  (requirement that policies with newer versions include the
	   netlink class definitions, remapping of fine-grained netlink
	   classes in newer source policies to single netlink class when
	   generating older policies) from George Coker.
* Tue Nov  8 2005 Dan Walsh <dwalsh at redhat.com> 1.27.17-7
- Rebuild to get latest libsepol
* Tue Oct 25 2005 Dan Walsh <dwalsh at redhat.com> 1.27.17-1
- Latest upgrade from NSA
	* Merged dismod fix from Joshua Brindle.
* Thu Oct 20 2005 Dan Walsh <dwalsh at redhat.com> 1.27.16-1
- Latest upgrade from NSA
	* Removed obsolete cond_check_type_rules() function and call and 
	  cond_optimize_lists() call from checkpolicy.c; these are handled
	  during parsing and expansion now.
	* Updated calls to expand_module for interface change.
	* Changed checkmodule to verify that expand_module succeeds 
	  when building base modules.
	* Merged module compiler fixes from Joshua Brindle.
	* Removed direct calls to hierarchy_check_constraints() and 
	  check_assertions() from checkpolicy since they are now called 
	  internally by expand_module().
* Tue Oct 18 2005 Dan Walsh <dwalsh at redhat.com> 1.27.11-1
- Latest upgrade from NSA
	* Updated for changes to sepol policydb_index_others interface.
* Tue Oct 18 2005 Dan Walsh <dwalsh at redhat.com> 1.27.10-1
- Latest upgrade from NSA
	* Updated for changes to sepol expand_module and link_modules interfaces.
* Sat Oct 15 2005 Dan Walsh <dwalsh at redhat.com> 1.27.9-2
- Rebuild to get latest libsepol
* Fri Oct 14 2005 Dan Walsh <dwalsh at redhat.com> 1.27.9-1
- Latest upgrade from NSA
	* Merged support for require blocks inside conditionals from
	Joshua Brindle (Tresys).
* Wed Oct 12 2005 Karsten Hopp <karsten at redhat.de> 1.27.8-2
- add buildrequirement for libselinux-devel for dispol
* Mon Oct 10 2005 Dan Walsh <dwalsh at redhat.com> 1.27.8-1
- Latest upgrade from NSA
	* Updated for changes to libsepol.
* Fri Oct  7 2005 Dan Walsh <dwalsh at redhat.com> 1.27.7-2
- Rebuild to get latest libsepol
* Thu Oct  6 2005 Dan Walsh <dwalsh at redhat.com> 1.27.7-1
- Latest upgrade from NSA
	* Merged several bug fixes from Joshua Brindle (Tresys).
* Tue Oct  4 2005 Dan Walsh <dwalsh at redhat.com> 1.27.6-1
- Latest upgrade from NSA
	* Merged MLS in modules patch from Joshua Brindle (Tresys).
* Mon Oct  3 2005 Dan Walsh <dwalsh at redhat.com> 1.27.5-2
- Rebuild to get latest libsepol
* Wed Sep 28 2005 Dan Walsh <dwalsh at redhat.com> 1.27.5-1
- Latest upgrade from NSA
	* Merged error handling improvement in checkmodule from Karl MacMillan (Tresys).
* Tue Sep 27 2005 Dan Walsh <dwalsh at redhat.com> 1.27.4-1
- Latest upgrade from NSA
	* Merged bugfix for dup role transition error messages from
	Karl MacMillan (Tresys).
* Fri Sep 23 2005 Dan Walsh <dwalsh at redhat.com> 1.27.3-1
- Latest upgrade from NSA
	* Merged policyver/modulever patches from Joshua Brindle (Tresys).
* Wed Sep 21 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-2
- Rebuild to get latest libsepol
* Wed Sep 21 2005 Dan Walsh <dwalsh at redhat.com> 1.27.2-1
- Latest upgrade from NSA
	* Fixed parse_categories handling of undefined category.
* Tue Sep 20 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-2
- Rebuild to get latest libsepol
* Sat Sep 17 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-1
- Latest upgrade from NSA
	* Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
* Wed Sep 14 2005 Dan Walsh <dwalsh at redhat.com> 1.26-2
- Rebuild to get latest libsepol
* Mon Sep 12 2005 Dan Walsh <dwalsh at redhat.com> 1.26-1
- Latest upgrade from NSA
	* Updated version for release.
- Rebuild to get latest libsepol
* Thu Sep  1 2005 Dan Walsh <dwalsh at redhat.com> 1.25.12-3
- Rebuild to get latest libsepol
* Mon Aug 29 2005 Dan Walsh <dwalsh at redhat.com> 1.25.12-2
- Rebuild to get latest libsepol
* Mon Aug 22 2005 Dan Walsh <dwalsh at redhat.com> 1.25.12-1
- Update to NSA Release
	* Fixed handling of validatetrans constraint expressions.
	Bug reported by Dan Walsh for checkpolicy -M.
* Mon Aug 22 2005 Dan Walsh <dwalsh at redhat.com> 1.25.11-2
- Fix mls crash
* Fri Aug 19 2005 Dan Walsh <dwalsh at redhat.com> 1.25.11-1
- Update to NSA Release
	* Merged use-after-free fix from Serge Hallyn (IBM).  
	  Bug found by Coverity.
* Sun Aug 14 2005 Dan Walsh <dwalsh at redhat.com> 1.25.10-1
- Update to NSA Release
	* Fixed further memory leaks found by valgrind.
	* Changed checkpolicy to destroy the policydbs prior to exit
	  to allow leak detection.
	* Fixed several memory leaks found by valgrind.
* Sun Aug 14 2005 Dan Walsh <dwalsh at redhat.com> 1.25.8-3
- Rebuild to get latest libsepol changes
* Sat Aug 13 2005 Dan Walsh <dwalsh at redhat.com> 1.25.8-2
- Rebuild to get latest libsepol changes
* Thu Aug 11 2005 Dan Walsh <dwalsh at redhat.com> 1.25.8-1
- Update to NSA Release
	* Updated checkpolicy and dispol for the new avtab format.
	  Converted users of ebitmaps to new inline operators.
  	  Note:  The binary policy format version has been incremented to 
	  version 20 as a result of these changes.  To build a policy
	  for a kernel that does not yet include these changes, use
	  the -c 19 option to checkpolicy.
	* Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys).
	* Merged patch to fix dismod compilation from Joshua Brindle (Tresys).
* Wed Aug 10 2005 Dan Walsh <dwalsh at redhat.com> 1.25.5-1
- Update to NSA Release
	* Fixed call to hierarchy checking code to pass the right policydb.
	* Merged patch to update dismod for the relocation of the
	  module read/write code from libsemanage to libsepol, and
	  to enable build of test subdirectory from Jason Tang (Tresys).
* Thu Jul 28 2005 Dan Walsh <dwalsh at redhat.com> 1.25.3-1
- Update to NSA Release
	* Merged hierarchy check fix from Joshua Brindle (Tresys).
* Thu Jul  7 2005 Dan Walsh <dwalsh at redhat.com> 1.25.2-1
- Update to NSA Release
	* Merged loadable module support from Tresys Technology.
	* Merged patch to prohibit the use of * and ~ in type sets 
	  (other than in neverallow statements) and in role sets
	  from Joshua Brindle (Tresys).
	* Updated version for release.
* Fri May 20 2005 Dan Walsh <dwalsh at redhat.com> 1.23-4-1
- Update to NSA Release
	* Merged cleanup patch from Dan Walsh.
* Thu May 19 2005 Dan Walsh <dwalsh at redhat.com> 1.23-3-1
- Update to NSA Release
	* Added sepol_ prefix to Flask types to avoid namespace
	  collision with libselinux.
* Sat May  7 2005 Dan Walsh <dwalsh at redhat.com> 1.23-2-1
- Update to NSA Release
	* Merged identifier fix from Joshua Brindle (Tresys).
* Thu Apr 14 2005 Dan Walsh <dwalsh at redhat.com> 1.23,1-1
* Merged hierarchical type/role patch from Tresys Technology.
	* Merged MLS fixes from Darrel Goeddel of TCS.
* Thu Mar 10 2005 Dan Walsh <dwalsh at redhat.com> 1.22-1
- Update to NSA Release
* Tue Mar  1 2005 Dan Walsh <dwalsh at redhat.com> 1.21.4-2
- Rebuild for FC4
* Thu Feb 17 2005 Dan Walsh <dwalsh at redhat.com> 1.21.4-1
* Merged define_user() cleanup patch from Darrel Goeddel (TCS).
	* Moved genpolusers utility to libsepol.
	* Merged range_transition support from Darrel Goeddel (TCS).
* Thu Feb 10 2005 Dan Walsh <dwalsh at redhat.com> 1.21.2-1
- Latest from NSA
	* Changed relabel Makefile target to use restorecon.
* Mon Feb  7 2005 Dan Walsh <dwalsh at redhat.com> 1.21.1-1
- Latest from NSA
	* Merged enhanced MLS support from Darrel Goeddel (TCS).
* Fri Jan  7 2005 Dan Walsh <dwalsh at redhat.com> 1.20.1-1
- Update for version increase at NSA
* Mon Dec 20 2004 Dan Walsh <dwalsh at redhat.com> 1.19.2-1
- Latest from NSA
	* Merged typeattribute statement patch from Darrel Goeddel of TCS.
	* Changed genpolusers to handle multiple user config files.
	* Merged nodecon ordering patch from Chad Hanson of TCS.
* Thu Nov 11 2004 Dan Walsh <dwalsh at redhat.com> 1.19.1-1
- Latest from NSA
	* Merged nodecon ordering patch from Chad Hanson of TCS.
* Thu Nov  4 2004 Dan Walsh <dwalsh at redhat.com> 1.18.1-1
- Latest from NSA
	* MLS build fix.
* Sat Sep  4 2004 Dan Walsh <dwalsh at redhat.com> 1.17.5-1
- Latest from NSA
	* Fixed Makefile dependencies (Chris PeBenito).
* Sat Sep  4 2004 Dan Walsh <dwalsh at redhat.com> 1.17.4-1
- Latest from NSA
	* Fixed Makefile dependencies (Chris PeBenito).
* Sat Sep  4 2004 Dan Walsh <dwalsh at redhat.com> 1.17.3-1
- Latest from NSA
	* Merged fix for role dominance ordering issue from Chad Hanson of TCS.
* Mon Aug 30 2004 Dan Walsh <dwalsh at redhat.com> 1.17.2-1
- Latest from NSA
* Thu Aug 26 2004 Dan Walsh <dwalsh at redhat.com> 1.16.3-1
- Fix NSA package to not include y.tab files.
* Tue Aug 24 2004 Dan Walsh <dwalsh at redhat.com> 1.16.2-1
- Latest from NSA
- Allow port ranges to overlap
* Sun Aug 22 2004 Dan Walsh <dwalsh at redhat.com> 1.16.1-1
- Latest from NSA
* Mon Aug 16 2004 Dan Walsh <dwalsh at redhat.com> 1.15.6-1
- Latest from NSA
* Fri Aug 13 2004 Dan Walsh <dwalsh at redhat.com> 1.15.5-1
- Latest from NSA
* Wed Aug 11 2004 Dan Walsh <dwalsh at redhat.com> 1.15.4-1
- Latest from NSA
* Sun Aug  8 2004 Dan Walsh <dwalsh at redhat.com> 1.15.3-1
- Latest from NSA
* Wed Aug  4 2004 Dan Walsh <dwalsh at redhat.com> 1.15.2-1
- Latest from NSA
* Sat Jul 31 2004 Dan Walsh <dwalsh at redhat.com> 1.15.1-1
- Latest from NSA
* Tue Jul 27 2004 Dan Walsh <dwalsh at redhat.com> 1.14.2-1
- Latest from NSA
* Wed Jun 30 2004 Dan Walsh <dwalsh at redhat.com> 1.14.1-1
- Latest from NSA
* Fri Jun 18 2004 Dan Walsh <dwalsh at redhat.com> 1.12.2-1
- Latest from NSA
* Thu Jun 17 2004 Dan Walsh <dwalsh at redhat.com> 1.12.1-1
- Update to latest from NSA
* Wed Jun 16 2004 Dan Walsh <dwalsh at redhat.com> 1.12-1
- Update to latest from NSA
* Wed Jun 16 2004 Dan Walsh <dwalsh at redhat.com> 1.10-5
- Add nlclass patch
* Tue Jun 15 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Fri Jun  4 2004 Dan Walsh <dwalsh at redhat.com> 1.10-3
- Add BuildRequires flex
* Thu Apr  8 2004 Dan Walsh <dwalsh at redhat.com> 1.10-2
- Add BuildRequires byacc
* Thu Apr  8 2004 Dan Walsh <dwalsh at redhat.com> 1.10-1
- Upgrade to the latest from NSA
* Mon Mar 15 2004 Dan Walsh <dwalsh at redhat.com> 1.8-1
- Upgrade to the latest from NSA
* Tue Feb 24 2004 Dan Walsh <dwalsh at redhat.com> 1.6-1
- Upgrade to the latest from NSA
* Fri Feb 13 2004 Elliot Lee <sopwith at redhat.com>
- rebuilt
* Tue Jan 20 2004 Dan Walsh <dwalsh at redhat.com> 1.4-6
- Add typealias patch
* Tue Jan 20 2004 Dan Walsh <dwalsh at redhat.com> 1.4-5
- Update excludetypes with negset-final patch
* Wed Jan 14 2004 Dan Walsh <dwalsh at redhat.com> 1.4-4
- Add excludetypes patch
* Wed Jan 14 2004 Dan Walsh <dwalsh at redhat.com> 1.4-3
- Add Colin Walter's lineno patch
* Wed Jan  7 2004 Dan Walsh <dwalsh at redhat.com> 1.4-2
- Remove check for roles transition
* Sat Dec  6 2003 Dan Walsh <dwalsh at redhat.com> 1.4-1
- upgrade to 1.4
* Wed Oct  1 2003 Dan Walsh <dwalsh at redhat.com> 1.2-1
- upgrade to 1.2
* Thu Aug 28 2003 Dan Walsh <dwalsh at redhat.com> 1.1-2
- upgrade to 1.1
* Mon Jun  2 2003 Dan Walsh <dwalsh at redhat.com> 1.0-1
- Initial version

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/

7ef1cf0c7be825c4331a719c3d6a983f1602e75f  SRPMS/checkpolicy-1.32-1.fc6.src.rpm
7ef1cf0c7be825c4331a719c3d6a983f1602e75f  noarch/checkpolicy-1.32-1.fc6.src.rpm
8a1d88a04fd9f5d81db66c2cccc360d1d340d569  ppc/checkpolicy-1.32-1.fc6.ppc.rpm
1669c621ead9d0c55cd6fc69ca91e95e07befa3e  ppc/debug/checkpolicy-debuginfo-1.32-1.fc6.ppc.rpm
3e3a52a5e021f934ebaf9589da093f59521a4cca  x86_64/debug/checkpolicy-debuginfo-1.32-1.fc6.x86_64.rpm
30e62c0fd1c0ed4c115b30bc5e734da6177c0e50  x86_64/checkpolicy-1.32-1.fc6.x86_64.rpm
43adfb8ca5023e7b7a946150487e3924d1638234  i386/checkpolicy-1.32-1.fc6.i386.rpm
d8a4a021d324affcd453d76fcd4ad38c1e513480  i386/debug/checkpolicy-debuginfo-1.32-1.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------




More information about the fedora-test-list mailing list