[Bug 248178] [NEW] Please sync libselinux 2.0.65-2 (main) from Debian unstable (main).

Scott Kitterman ubuntu at kitterman.com
Sun Jul 13 18:56:51 BST 2008

Public bug reported:

Hash: SHA1

 affects ubuntu/libselinux
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync libselinux 2.0.65-2 (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be dropped:

Discussed with kees and agreed we want to rebase on the Debian packages
and work from there.

Changelog since current intrepid version 2.0.55-0ubuntu4:

libselinux (2.0.65-2) unstable; urgency=low

  * Added exec_prefix to libselinux.pc.
    Closes: #489724

 -- Russell Coker <russell at coker.com.au>  Sat, 12 Jul 2008 10:24:02

libselinux (2.0.65-1) unstable; urgency=low

  * Non-maintainer upload.
  * New release needed for the latest policy.

 -- Russell Coker <russell at coker.com.au>  Sat, 12 Jul 2008 00:02:04

libselinux (2.0.59-1) unstable; urgency=high

  * New upstream release
    * Merged new X label "poly_selection" namespace from Eamon Walsh.
    * Merged reset_selinux_config() for load policy from Dan Walsh.
    * Merged avc_has_perm() errno fix from Eamon Walsh.
    * Regenerated Flask headers from refpolicy flask definitions.
    * Merged compute_member AVC function and manpages from Eamon Walsh.
    * Provide more error reporting on load policy failures from Stephen Smalley.
    * Merged new X label "poly_prop" namespace from Eamon Walsh.
    * Disable setlocaldefs if no local boolean or users files are present
      from Stephen Smalley. 
    * Skip userspace preservebools processing for Linux >= 2.6.22 from
      Stephen Smalley. 
    * Merged fix for audit2why from Dan Walsh.
    * Merged audit2why python binding from Dan Walsh.
    * Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
    * Fix for the avc:  granted null message bug from Stephen Smalley.
    * matchpathcon(8) man page update from Dan Walsh.
    * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
    * Based on a suggestion from Ulrich Drepper, defer regex compilation
      until we have a stem match, by Stephen Smalley. 
      A further optimization would be to defer regex compilation until we
      have a complete match of the constant prefix of the regex - TBD. 
    * Regenerated Flask headers from policy.
    * AVC enforcing mode override patch from Eamon Walsh.
    * Aligned attributes in AVC netlink code from Eamon Walsh.
    * Merged refactored AVC netlink code from Eamon Walsh.
    * Merged new X label namespaces from Eamon Walsh.
    * Bux fix and minor refactoring in string representation code.
    * Merged selinux_get_callback, avc_open, empty string mapping from
      Eamon Walsh. 
    * Fix segfault resulting from missing file_contexts file.
  * Bug fix: "libselinux: selinux_default_type_path implicitly converted
    to pointer", thanks to dann frazier . Closed by the new upstream
    release.                                                  (Closes: #465287).

 -- Manoj Srivastava <srivasta at debian.org>  Mon, 17 Mar 2008 16:30:52

libselinux (2.0.35-1) unstable; urgency=low

  * New upstream release
    * Make netlink socket close-on-exec to avoid descriptor leakage from
      Dan Walsh. 
    * Pass CFLAGS when using gcc for linking from Dennis Gilmore. 
    * Fix selabel option flag setting for 64-bit from Stephen Smalley.
    * Re-map a getxattr return value of 0 to a getfilecon return value of
      -1 with errno EOPNOTSUPP from Stephen Smalley. 
    * Fall back to the compat code for security_class_to_string and
      security_av_perm_to_string from Stephen Smalley. 
    * Fix swig binding for rpm_execcon from James Athey.
    * Fix file_contexts.homedirs path from Todd Miller.
    * Fix segfault resulting from uninitialized print-callback pointer.
    * Added x_contexts path function patch from Eamon Walsh.
    * Fix build for EMBEDDED=y from Yuichi Nakamura.
    * Fix markup problems in selinux man pages from Dan Walsh.
    * Updated av_permissions.h and flask.h to include new nscd permissions
      from Dan Walsh. 
    * Added swigify to top-level Makefile from Dan Walsh.
    * Fix for string_to_security_class segfault on x86_64 from Stephen
    * Fix for getfilecon() for zero-length contexts from Stephen Smalley.
    * Refactored SWIG bindings from James Athey.
    * Labeling and callback interface patches from Eamon Walsh.
    * Class and permission mapping support patches from Eamon Walsh.
    * Object class discovery support patches from Chris PeBenito.
    * Refactoring and errno support in string representation code.
    * Merged patch to reduce size of libselinux and remove need for
      libsepol for embedded systems from Yuichi Nakamura. 
      This patch also turns the link-time dependency on libsepol into a
      runtime (dlopen) dependency even in the non-embedded case. 
    * Updated Lindent script and reindented two header files.
    * Merged additional swig python bindings from Dan Walsh.
  * When selinux_init_load_policy calls mount() it "knows" when selinux is
    not wanted due to being disabled or having no kernel device handle and
    sets *enforce to 0, but still allows the following fprintf to display
    a rather misleading error message. The solution was provided by  Kel
    Modderman, but has been refactored slightly.
                                             Closes: Bug#424011, Bug#447762
  * Reverted the fix for bug#448008 fixed in an NMU, and applied a
    different fix for the issue.  Thanks for the NMU, Clint Adams.

 -- Manoj Srivastava <srivasta at debian.org>  Wed, 06 Feb 2008 12:55:41

Version: GnuPG v1.4.6 (GNU/Linux)


** Affects: libselinux (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

Please sync libselinux 2.0.65-2 (main) from Debian unstable (main).
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list