* Wed Apr 08 2026 cathy.hu@suse.com
- Backport commit "libselinux: retain LIFO order for path substitutions" (bsc#1261639)
- otherwise we can not add equivalencies that overload each other
in the policy (e.g. /srv/www /var/www and /srv/www/htdocs /var/www/html
in file_contexts.subs_dist would result in /srv/www/htdocs not receiving the right labels)
- https://github.com/SELinuxProject/selinux/commit/b1802386d2ec6a2767927abef4b99b4575da4085
* Added patch: 1261639-libselinux-retain-LIFO-order-for-path-substitutions.patch
* Fri Mar 07 2025 cathy.hu@suse.com
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
* Tue Feb 04 2025 rfrohl@suse.com
- Update to version 3.8
https://github.com/SELinuxProject/selinux/releases/tag/3.8
* libselinux: deprecate security_disable(3)
* libselinux/utils: introduce selabel_compare
* improved selabel_lookup performance
* libselinux: support parallel usage of selabel_lookup(3)
* Improved man pages
* Always build for LFS mode on 32-bit archs.
* Binary fcontext files format changed, files using old format are ignored
* Code improvements and bug fixes
- For a more in depth list of changes see
https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
- Drop libselinux-set-free-d-data-to-NULL.patch: included upstream
- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
* removed 0xBC3905F235179CF1 (expired: 2024-10-25)
* added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
* Fri Jan 24 2025 jsegitz@suse.com
- Update selinux-ready to clarify that kernel options aren't necessary
on newer (open)SUSE versions
* Thu Nov 07 2024 cathy.hu@suse.com
- Drop check_runlevel from selinux-ready script and remove restorecond
from check_packages as we don't require it to be selinux-ready.
* Thu Jul 11 2024 cathy.hu@suse.com
- Fix segfault caused by upstream changes in selabel_open():
libselinux-set-free-d-data-to-NULL.patch
Can be removed once it is upstream.
* Mon Jul 01 2024 cathy.hu@suse.com
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes
* libselinux/utils/selabel_digest: drop unsupported option -d
* libselinux/utils: improve compute_av output
* libselinux: fail selabel_open(3) on invalid option
* Improved man pages
* Improvements
* libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks
* libselinux: enable usage with pedantic UB sanitizers
* libselinux: support huge passwd/group entries
* Bugfixes:
* libselinux/utils/selabel_digest: avoid buffer overflow
* libselinux: avoid pointer dereference before check
* libselinux/utils/selabel_digest: pass BASEONLY only for file backend
* libselinux: free empty scandir(3) result
* libselinux: free data on selabel open failure
* libselinux: use reentrant strtok_r(3)
* Tue Dec 19 2023 cathy.hu@suse.com
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* libselinux: performance optimization for duplicate detection
* Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
* Sun Oct 01 2023 georg.pfuetzenreuter@suse.com
- Repair initrd libselinux check in selinux-ready
* Tue Aug 08 2023 dimstar@opensuse.org
- Do not BuildRequire swig and ruby-devel in the main build phase:
those are only needed for the bindings.