Changelog for selinux-tools-2.5-104.6.x86_64.rpm :
Wed Jul 5 14:00:00 2017
- readv-proto.patch: include for readv prototype

Sun Jul 24 14:00:00 2016
- -devel static subpackage requires libpcre-devel and libsepol-devel

Sun Jul 24 14:00:00 2016
- Avoid mounting /proc outside of selinux_init_load_policy().
(Stephen Smalley) reverts upstream 5a8d8c4, 9df4988, fixes
among other things systemd seccomp sandboxing otherwise all
filters must allow mount(2)

Sun Jul 17 14:00:00 2016
- Update RPM groups, trim description and combine filelist entries.

Thu Jul 14 14:00:00 2016
- Adjusted source link

Tue Jul 5 14:00:00 2016
- add patch: python-selinux-swig-3.10.patch, fixed boo#985368

* swig-3.10 in Factory use importlib instead of imp to find imp searched the same directory as
is while importlib searchs only standard paths. so we have
to move fixed by upstream
- update version 2.5

* Add selinux_restorecon function

* read_spec_entry: fail on non-ascii

* Add man information about thread specific functions

* Don\'t wrap rpm_execcon with DISABLE_RPM with SWIG

* Correct line count for property and service context files

* label_file: fix memory leaks and uninitialized jump

* Replace selabel_digest hash function

* Fix selabel_open(3) services if no digest requested

* Add selabel_digest function

* Flush the class/perm string mapping cache on policy reload

* Fix restorecon when path has no context

* Free memory when processing media and x specfiles

* Fix mmap memory release for file labeling

* Add policy context validation to sefcontext_compile

* Do not treat an empty file_contexts(.local) as an error

* Fail hard on invalid property_contexts entries

* Fail hard on invalid file_contexts entries

* Support context validation on file_contexts.bin

* Add selabel_cmp interface and label_file backend

* Support specifying file_contexts.bin file path

* Support file_contexts.bin without file_contexts

* Simplify procattr cache

* Use /proc/thread-self when available

* Add const to selinux_opt for label backends

* Fix binary file labels for regexes with metachars

* Fix file labels for regexes with metachars

* Fix if file_contexts not \'\
\' terminated

* Enhance file context support

* Fix property processing and cleanup formatting

* Add read_spec_entries function to replace sscanf

* Support consistent mode size for bin files

* Fix more bin file processing core dumps

* add selinux_openssh_contexts_path()

* setrans_client: minimize overhead when mcstransd is not present

* Ensure selabel_lookup_best_match links NULL terminated

* Fix core dumps with corrupt
*.bin files

* Add selabel partial and best match APIs

* Use os.walk() instead of the deprecated os.path.walk()

* Remove deprecated mudflap option

* Mount procfs before checking /proc/filesystems

* Fix -Wformat errors with gcc-5.0.0

* label_file: handle newlines in file names

* Fix audit2why error handling if SELinux is disabled

* pcre_study can return NULL without error

* Only check SELinux enabled status once in selinux_check_access
- changes in 2.4

* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR

* Fix bugs found by hardened gcc flags

* Set the system to permissive if failing to disable SELinux because
policy has already been loaded

* Add db_exception and db_datatype support to label_db backend

* Log an error on unknown classes and permissions

* Add pcre version string to the compiled file_contexts format

* Deprecate use of flask.h and av_permissions.h

* Compiled file_context files and the original should have the same DAC

Thu Jul 30 14:00:00 2015
- fixed selinux-ready to work with initrd files created by dracut (bsc#940006)

Mon Sep 8 14:00:00 2014
- updated selinux-ready script to handle initrd files compressed with xz

Sun May 18 14:00:00 2014
- Update to version 2.3

* Get rid of security_context_t and fix const declarations.

* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.

Thu Oct 31 13:00:00 2013
- Update to version 2.2

* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.

* Support overriding Makefile RANLIB

* Update pkgconfig definition

* Mount sysfs before trying to mount selinuxfs.

* Fix man pages

* Support overriding PATH and LIBBASE in Makefile

* Fix LDFLAGS usage

* Avoid shadowing stat in load_mmap

* Support building on older PCRE libraries

* Fix handling of temporary file in sefcontext_compile

* Fix procattr cache

* Define python constants for getenforce result

* Fix label substitution handling of /

* Add selinux_current_policy_path from

* Change get_context_list to only return good matches

* Support udev-197 and higher

* Add support for local substitutions

* Change setfilecon to not return ENOSUP if context is already correct

* Python wrapper leak fixes

* Export SELINUX_TRANS_DIR definition in selinux.h

* Add selinux_systemd_contexts_path

* Add selinux_set_policy_root

* Add man page for sefcontext_compile
- Remove libselinux-rhat.patch; merged on upstream
- Adapt libselinux-ruby.patch to upstream changes
- Use fdupes to symlink duplicate manpages

Thu Jun 27 14:00:00 2013
- change the source url to the official 2.1.13 release tarball

Wed May 22 14:00:00 2013
- Reuse implicit dependencies injected by pkgconfig

Thu Apr 4 14:00:00 2013
- fixed source url in libselinux-bindings.spec
- removed old tarball

Wed Apr 3 14:00:00 2013
- fix source url
- document changes in libselinux-rhat.patch from previous submission:
(most code of the removed code was integrated upstream)

* Add matchpathcon -P /etc/selinux/mls support by allowing users
to set alternate root

* Add new constant SETRANS_DIR which points to the directory
where mstransd can find the socket and libvirt can write its
translations files

Fri Mar 29 13:00:00 2013
-update to 2.1.13

* audit2why: make sure path is nul terminated

* utils: new file context regex compiler

* label_file: use precompiled filecontext when possible

* do not leak mmapfd

* sefcontontext_compile: Add error handling to help debug problems in libsemanage.

* man: make selinux.8 mention service man pages

* audit2why: Fix segfault if finish() called twice

* audit2why: do not leak on multiple init() calls

* mode_to_security_class: interface to translate a mode_t in to a security class

* audit2why: Cleanup audit2why analysys function

* man: Fix program synopsis and function prototypes in man pages

* man: Fix man pages formatting

* man: Fix typo in man page

* man: Add references and man page links to _raw function variants

* Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions

* man: context_new(3): fix the return value description

* selinux_status_open: handle error from sysconf

* selinux_status_open: do not leak statusfd on exec

* Fix errors found by coverity

* Change boooleans.subs to booleans.subs_dist.

* optimize set
*con functions

* pkg-config do not specifc ruby version

* unmap file contexts on selabel_close()

* do not leak file contexts with mmap\'d backend

* sefcontext_compile: do not leak fd on error

* matchmediacon: do not leak fd

* src/label_android_property: do not leak fd on error

Wed Jan 30 13:00:00 2013
- update to 2.1.12
- added the recent libselinux-rhat.patch

* Add support for lxc_contexts_path

* utils: add service to getdefaultcon

* libsemanage: do not set soname needlessly

* libsemanage: remove PYTHONLIBDIR and ruby equivalent

* boolean name equivalency

* getsebool: support boolean name substitution

* Add man page for new selinux_boolean_sub function.

* expose selinux_boolean_sub

* matchpathcon: add -m option to force file type check

* utils: avcstat: clear sa_mask set

* seusers: Check for strchr failure

* booleans: initialize pointer to silence coveriety

* stop messages when SELinux disabled

* Ensure that we only close the selinux netlink socket once.

* improve the file_contexts.5 manual page

* Fortify source now requires all code to be compiled with -O flag

* asprintf return code must be checked

* avc_netlink_recieve handle EINTR

* audit2why: silence -Wmissing-prototypes warning

* libsemanage: remove build warning when build swig c files

* matchpathcon: bad handling of symlinks in /

* seusers: remove unused lineno

* seusers: getseuser: gracefully handle NULL service

* New Android property labeling backend

* label_android_property whitespace cleanups

* additional makefile support for rubywrap

* Remove jump over variable declaration

* Fix old style function definitions

* Fix const-correctness

* Remove unused flush_class_cache method

* Add prototype decl for destructor

* Add more printf format annotations

* Add printf format attribute annotation to die() method

* Fix const-ness of parameters & make usage() methods static

* Enable many more gcc warnings for libselinux/src/ builds

* utils: Enable many more gcc warnings for libselinux/utils builds

* Change annotation on include/selinux/avc.h to avoid upsetting SWIG

* Ensure there is a prototype for \'matchpathcon_lib_destructor\'

* Update Makefiles to handle /usrmove

* utils: Stop separating out matchpathcon as something special

* pkg-config to figure out where ruby include files are located

* build with either ruby 1.9 or ruby 1.8

* assert if avc_init() not called

* take security_deny_unknown into account

* security_compute_create_name(3)

* Do not link against python library, this is considered

* bad practice in debian

* Hide unnecessarily-exported library destructors

Mon Jan 7 13:00:00 2013
- Remove obsolete defines/sections

Tue Dec 11 13:00:00 2012
- update selinux-ready script

* use -L when stat()ing /etc/selinux/config

* make sure that SELINUX isn\'t disabled in /etc/selinux/config

* look for either of /sys/fs/selinux and /selinux directory

* use systemctl to check for restorecond

* don\'t look for booleans file (deprecated)

Tue Nov 27 13:00:00 2012
- update selinux-ready script

Wed Jul 25 14:00:00 2012
- updated to 2.1.9 again (see below)

Wed Jun 13 14:00:00 2012
- go back even more - everything else requires the full SELinux stack
(too late for 12.2)

Mon Jun 11 14:00:00 2012
- revert back to 2.0.98 for 12.2

Fri Jun 1 14:00:00 2012
- update to libselinux-2.1.9

* better man pages

* selinux_status interfaces

* simple interface for access checks

* multiple bug fixes

Wed Oct 5 14:00:00 2011
- cross-build fix: use %__cc macro

Mon Jun 28 14:00:00 2010
- use %_smp_mflags

Mon May 3 14:00:00 2010
- don\'t package /var/run/setrans in libselinux1 package
- Feature#303793
- the directory will be created in initscript of mcstrans package

Sat Apr 24 14:00:00 2010
- buildrequire pkg-config to fix provides

Fri Apr 9 14:00:00 2010
- selinux-ready: added function to check for restorecond in
runlevel 3/5

Thu Apr 8 14:00:00 2010
- selinux-ready: added functions for checking PAM config and
policy boolean init_upstart

Wed Apr 7 14:00:00 2010
- selinux-ready: fixed init ramfs checking

Wed Apr 7 14:00:00 2010
- added new selinux-ready script

Thu Feb 25 13:00:00 2010
- updated to 2.0.91

* changes too numerous to list

Sat Dec 12 13:00:00 2009
- add baselibs.conf as a source

Fri Jul 24 14:00:00 2009
- updated selinux-ready script

Wed Jul 22 14:00:00 2009
- change libsepol-devel to libsepol-devel-static in dependencies
of python bindings

Wed Jul 1 14:00:00 2009
- put libsepol-devel back to Requires of libselinux-devel

Mon Jun 29 14:00:00 2009
- added selinux-ready tool to selinux-tools package

Tue Jun 9 14:00:00 2009
- remove static libraries
- libselinux-devel does not require libsepol-devel

Wed May 27 14:00:00 2009
- updated to 2.0.80

* deny_unknown wrapper function from KaiGai Kohei

* security_compute_av_flags API from KaiGai Kohei

* Netlink socket management and callbacks from KaiGai Kohei

* Netlink socket handoff patch from Adam Jackson

* AVC caching of compute_create results by Eric Paris

* fix incorrect conversion in discover_class code

Fri Apr 17 14:00:00 2009
- fixed memory leak (memleak.patch)