Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libsepol2-3.4-1.3 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libsepol2 Distribution: openSUSE Tumbleweed
Version: 3.4 Vendor: openSUSE
Release: 1.3 Build date: Wed Aug 31 18:14:13 2022
Group: System/Libraries Build host: sheep85
Size: 752040 Source RPM: libsepol-3.4-1.3.src.rpm
Summary: SELinux binary policy manipulation library
libsepol provides an API for the manipulation of SELinux binary
policies. It is used by checkpolicy (the policy compiler) and similar
tools, as well as by programs like load_policy that need to perform
specific transformations on binary policies such as customizing
policy boolean settings.

(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level






* Mon May 09 2022 Johannes Segitz <>
  - Update to version 3.4
    * Add 'ioctl_skip_cloexec' policy capability
    * Add sepol_av_perm_to_string
    * Add policy utilities
    * Support IPv4/IPv6 address embedding
    * Hardened/added many validations
    * Add support for file types in writing out policy.conf
    * Allow optional file type in genfscon rules
* Thu Nov 11 2021 Johannes Segitz <>
  - Update to version 3.3
    * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
      are all included
    * Lot of smaller fixes identified by fuzzing
* Wed Jul 21 2021 Johannes Segitz <>
  - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
    Added CVE-2021-36087.patch
* Mon Jul 05 2021 Johannes Segitz <>
  - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
    Added CVE-2021-36085.patch
  - Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
    Added CVE-2021-36086.patch
* Tue Mar 09 2021 Johannes Segitz <>
  - Update to version 3.2
    * more space-efficient form of storing filename transitions in the binary
      policy and reduced the size of the binary policy
    * dropped old and deprecated symbols and functions. Version was bumped to
* Thu Oct 29 2020 Ludwig Nussel <>
  - install to /usr (boo#1029961)
* Tue Jul 14 2020 Johannes Segitz <>
  - Update to version 3.1
    * Add support for new polcap genfs_seclabel_symlinks
    * Initialize the multiple_decls field of the cil db
    * Return error when identifier declared as both type and attribute
    * Write CIL default MLS rules on separate lines
    * Sort portcon rules consistently
    * Remove leftovers of cil_mem_error_handler
    * Drop remove_cil_mem_error_handler.patch, is included
* Mon Apr 27 2020 Martin Liška <>
  - Enable -fcommon in order to fix boo#1160874.
* Tue Mar 03 2020 Johannes Segitz <>
  - Update to version 3.0
    * cil: Allow validatetrans rules to be resolved
    * cil: Report disabling an optional block only at high verbose levels
    * cil: do not dereference perm_value_to_cil when it has not been allocated
    * cil: fix mlsconstrain segfault
    * Further improve binary policy optimization
    * Make an unknown permission an error in CIL
    * Remove cil_mem_error_handler() function pointer
    * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
    * Add a function to optimize kernel policy
    * Add ebitmap_for_each_set_bit macro
    Dropped fnocommon.patch as it's included upstream
* Thu Jan 30 2020 Johannes Segitz <>
  - Add fnocommon.patch to prevent build failures on gcc10 and
    remove_cil_mem_error_handler.patch to prevent build failures due to
    leftovers from the removal of cil_mem_error_handler (bsc#1160874)
* Thu Jun 20 2019 Martin Liška <>
  - Disable LTO due to symbol versioning (boo#1138813).
* Wed Mar 20 2019
  - Update to version 2.9
    * Add two new Xen initial SIDs
    * Check that initial sid indexes are within the valid range
    * Create policydb_sort_ocontexts()
    * Eliminate initial sid string definitions in module_to_cil.c
    * Rename kernel_to_common.c stack functions
    * add missing ibendport port validity check
    * destroy the copied va_list
    * do not call malloc with 0 byte
    * do not leak memory if list_prepend fails
    * do not use uninitialized value for low_value
    * fix endianity in ibpkey range checks
    * ibpkeys.c: fix printf format string specifiers for subnet_prefix
    * mark permissive types when loading a binary policy



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Nov 28 23:40:52 2022