1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
sepolgen (1.1.5-3) unstable; urgency=low
* Team upload.
* Bump python-setools dependency to >= 3.3.7-2
-- Laurent Bigonville <bigon@debian.org> Tue, 20 Mar 2012 19:39:48 +0100
sepolgen (1.1.5-2) unstable; urgency=low
* Team upload.
* Move to dh sequence and dh_python2
* debian/control:
- Bump Standards-Version to 3.9.3 (no further change)
- Restructure long description and remove leading article of short
description to please lintian
- Drop C/P/R for sepolgen binary package, it's gone for a long time
- Add python-selinux and python-setools as build-dependency
- Add python-selinux and python-setools as dependency (Closes: #662600)
- Update Vcs-* fields
- Put the package under Debian SELinux team maintenance
* Switch to dpkg-source 3.0 (quilt) format
* Add debian/gbp.conf file
-- Laurent Bigonville <bigon@debian.org> Wed, 14 Mar 2012 23:07:45 +0100
sepolgen (1.1.5-1) unstable; urgency=low
* New upstream version, adds support for filename trans and some small
fixes.
-- Russell Coker <russell@coker.com.au> Tue, 28 Feb 2012 16:48:11 +1100
sepolgen (1.1.0-1) unstable; urgency=low
* New upstream release for version bump
-- Russell Coker <russell@coker.com.au> Tue, 30 Aug 2011 15:28:37 +1000
sepolgen (1.0.23-1) unstable; urgency=low
* New upstream release
+ Fix unit tests from Dan Walsh.
+ improve parser error recovery from Karl MacMillan.
+ Add since-last-boot option to audit2allow from Dan Walsh.
+ Fix sepolgen output to match what Chris expects for upstream
refpolicy from Dan Walsh.
+ Add dontaudit flag to audit2allow from Dan Walsh.
+ fix sepolgen to read a "type 1403" msg as a policy load by Stephen
Smalley <sds@tycho.nsa.gov>
-- Manoj Srivastava <srivasta@debian.org> Sun, 28 Mar 2010 10:31:28 -0700
sepolgen (1.0.18-1) unstable; urgency=low
* New upstream point release. Add support for Xen ocontexts from Paul
Nuzzi.
-- Manoj Srivastava <srivasta@debian.org> Thu, 15 Oct 2009 23:28:53 -0500
sepolgen (1.0.17-3) unstable; urgency=low
* [a1816e2]: [topic--audit-msg-fix]: fix detection of policy loads
Originally audit2allow used the avc: allowed message generated by
auditallow statement for load_policy to identify policy reloads.
Later it was switched to use the MAC_POLICY_LOAD events generated by
the audit framework. Those events should still get logged via printk
if auditd is not running, but it appears that the code
(audit_printk_skb) will then log the type= field as an integer
rather than a string, and audit2allow/sepolgen only looks for the
string MAC_POLICY_LOAD. So I suspect that this would be resolved by
modifying sepolgen/audit.py to also match on type=1403 for load
messages.
Bug fix: "audit2allow -l doesn't work", thanks to Russell Coker
(Closes: #503252).
-- Manoj Srivastava <srivasta@debian.org> Wed, 14 Oct 2009 02:42:59 -0500
sepolgen (1.0.17-2) unstable; urgency=low
* [8ed32c1]:policycoreutils, sepolgen (sepolgen-ifgen) issues
I am running into an issue with sepolgen. Debian ships more
than one version of the refpolicy, a default one, and a MLS enabled
one. So, the include files live in either
/usr/share/selinux/{default,mls}/include sepolgen (in
src/sepolgen/defaults.py) sets refpolicy_devel() to a single
location -- and thus, only one version of the security policy may be
supported. So, sepolgen-ifgen from policycoreutils can only work
with one policy, which may not be the one installed on the target
machine. Could this be made configurable, somehow? As far as I can
see, sepolgen's python library does not offer any way to set the
value. This change fixes that. Now you may set the path to look for
development headers in /etc/selinux/sepolgen.conf, in the variable
SELINUX_DEVEL_PATH. The builtin default will have it work on Debian
and fedora machines out of the box.
Bug fix: "sepolgen-ifgen fails", thanks to Martin Godisch
(Closes: #534305).
-- Manoj Srivastava <srivasta@debian.org> Sun, 23 Aug 2009 12:57:50 -0500
sepolgen (1.0.17-1) unstable; urgency=low
* New upstream point release
+ Fix typo in RoleTypeSet from Marshall Miller.
-- Manoj Srivastava <srivasta@debian.org> Sat, 20 Jun 2009 18:04:02 -0500
sepolgen (1.0.16-1) unstable; urgency=low
* New upstream release
+ Convert sepolgen to using hashlib instead of the deprecated md5
module from Dan Walsh.
+ fix to return length of role dict for len(roles) from Dan Walsh.
Bug fix: "python2.6 and python-sepolgen", thanks to Kees Cook
Patch incorporated upstream. (Closes: #525197).
+ fix multiple gen_requires block generation from Dan Walsh.
* [e171cfe]: Updated standards version. no changes.
-- Manoj Srivastava <srivasta@debian.org> Mon, 15 Jun 2009 14:30:39 -0500
sepolgen (1.0.13-1) unstable; urgency=low
* New upstream release
+ Only append s0 suffix if MLS is enabled from Karl MacMillan.
+ Fix generation of role-type and role allow rules from Karl
MacMillan.
-- Manoj Srivastava <srivasta@debian.org> Mon, 09 Feb 2009 23:31:58 -0600
sepolgen (1.0.11-5) unstable; urgency=low
* Bug fix: "Python errors during upgrade", thanks to Frans Pop
This is a serious bug. (Closes: #499087).
* Bug fix: "typo in package description", thanks to Andreas Juch
This is a documentation bug with a one character fix.
(Closes: #495595).
-- Manoj Srivastava <srivasta@debian.org> Tue, 16 Sep 2008 01:53:54 -0500
sepolgen (1.0.11-4) unstable; urgency=high
* Include patch from Jan Hülsbergen to fix module naming.
Closes: #487212
* This patch is necessary for full SE Linux functionality in Lenny.
-- Russell Coker <russell@coker.com.au> Wed, 30 Jul 2008 08:03:00 +1000
sepolgen (1.0.11-3) unstable; urgency=low
* Record the fact that this package has moved to a new git repository.
* Move to the new, make -j friendly targets in debian/rules.
-- Manoj Srivastava <srivasta@debian.org> Mon, 02 Jun 2008 09:53:56 -0500
sepolgen (1.0.11-2) unstable; urgency=low
* Change the name of the binary package, since this is a pure python
library package, and that is the nascent python convention. Also,
Ubuntu has named it python-sepolgen, so here goes for cross
distribution cooperation.
-- Manoj Srivastava <srivasta@debian.org> Thu, 03 Apr 2008 01:25:45 -0500
sepolgen (1.0.11-1) unstable; urgency=low
* New upstream release
* Merged sepolgen fixes from Dan Walsh.
-- Manoj Srivastava <srivasta@debian.org> Tue, 18 Mar 2008 02:01:32 -0500
sepolgen (1.0.10-1) unstable; urgency=low
* New upstream release
* Expand the sepolgen parser to parse all current refpolicy modules
from Karl MacMillan.
* Suppress generation of rules for non-denials from Karl MacMillan
(take 3).
-- Manoj Srivastava <srivasta@debian.org> Wed, 06 Feb 2008 14:11:08 -0600
sepolgen (1.0.8-1) unstable; urgency=low
* New upstream SVN HEAD.
+ Merged patch to discard self from types when generating requires
from Karl MacMillan.
+ Merged updates to sepolgen parser and tools from Karl
MacMillan. This includes improved debugging support, handling of
interface calls with list parameters, support for role transition
rules, updated range transition rule support, and looser matching.
-- Manoj Srivastava <srivasta@debian.org> Sun, 6 May 2007 17:49:44 -0500
sepolgen (1.0.6-1) unstable; urgency=low
* Initial upload of python libraries for SELinux policy parsing and
generation.
-- Manoj Srivastava <srivasta@debian.org> Fri, 20 Apr 2007 08:44:22 -0500
|
