forked from SELinuxProject/setools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
216 lines (163 loc) · 8.3 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
*setools-4-4.3 (27 Jul 2023)
* Fix compilation with Cython 3.0.0.
* Improve man pages.
* Remove neverallow options in sediff.
* Add -r option to seinfoflow to get flows into the source type.
* Reject a rule with no permissions as invalid policy.
*setools-4-4.2 (19 Apr 2023)
* Make NetworkX optional. sedta and seinfoflow tools, along with the
equivalent analyses in apol require NetworkX.
* Changed unit test runner to pytest, as setuptools' test command is
deprecated.
* Remove neverallow options in sesearch and apol. These are not usable
since they are removed in the final binary policy.
* Unit tests and CI tests improvements.
*setools-4.4.1 (6 Feb 2023)
* Replace deprecated NetworkX function use in information flow and domain
transition analysis. This function was removed in NetworkX 3.0.
* Fix bug in apol copy and cut functions when copying from a tree view.
* Fix bug with extended permission set construction when a range includes
0x0.
* Add sesearch -Sp option for permission subset match.
* Fix error in man page description for sesearch -ep option.
* Improve output stability in constraint, common, class, role, and user
queries.
* Updated permission map.
* Fix bug in sechecker parsing of multiline values.
* Other code cleanups not visible to users.
*setools-4.4.0 (5 Mar 2021)
* Updated policy representation to handle policydb version 33, compressed
filename transitions.
* Changed apol tab registry to use metaclasses rather than having a multiple static
dictionaries in the code.
* Fixed bug in queries where checks that permissions were part of the specified
object class would incorrectly raise exceptions when the object class
criteria is a regex.
* Reduced aggressiveness of default compiler flags. Since the C code is generated
by Cython, there typically isn't anything SETools can do when Cython causes
compiler warnings.
* Added type annotations to the code and added static type checking for
continuous integration tests.
* Added support for old Boolean name substitution in seinfo and sesearch.
* Added sechecker tool which is a configuration file driven analysis tool.
*setools-4.3.0 (1 Apr 2020)
* Revised sediff method for TE rules. This drastically reduced memory and run time.
* Added infiniband context support to seinfo, sediff, and apol.
* Added apol configuration for location of Qt assistant.
* Fixed sediff issue where properties header would display when not requested.
* Fixed sediff issue with type_transition file name comparison.
* Fixed permission map socket sendto information flow direction.
* Added methods to TypeAttribute class to make it a complete Python collection.
* Genfscon now will look up classes rather than using fixed values which
were dropped from libsepol.
*setools-4.2.2 (15 Jun 2019)
* Remove source policy references from man pages, as loading source policies
is no longer supported.
* Fixed a performance regression in alias loading after alias dereferencing
fixes in 4.2.1.
*setools-4.2.1 (4 Feb 2019)
* Set SIGPIPE handler for CLI tools.
* Fixed alias dereferencing in TypeQuery and type, category, and sensitivity
lookups.
* Fixed sediff bug for rendering modified nodecons.
* Fixed devicetreecon count output.
* Fixed policy target platform check.
* Fixed bug in creating permission set intersection in apol.
*setools-4.2.0 (10 Nov 2018)
This release focused on improving performance and reducing memory usage.
A Cython-based policy representation replaced the
Python/SWIG/static-linked-libsepol implemention. SETools no longer statically
links to libsepol, though it is strongly suggested that users rebuild SETools
after updating libsepol, in case the policy structure changes.
Building on the policy representation change, refinements in sediff yielded
as much as a 90% reduction in memory use, depending on the policies.
This release of SETools has different dependencies than previous versions.
See README.md for more details. Support for Python 2.7 was dropped because
all current SELinux-supporting distributions provide Python 3.
Other smaller changes included:
* Added support for SCTP portcons.
* Updated permission maps.
* Policy symbol names are now available as the name attribute (e.g.
Boolean.name, Type.name, etc.)
* Revised some apol layouts to increase the size of text entry fields.
* Revised package structure to make policyrep a module of the setools
package.
* Moved constraint expression to its own class.
* Made Conditional.evaluate() more useful and added BaseTERule.enabled()
method to determine if a rule is enabled.
Changes since v4.2.0-rc:
* Restored missing statement() methods in some policyrep classes
* Fixed NULL pointer dereference when iterating over type attributes when
the policy has none.
* Added xdp_socket permission mapping.
*setools-4.2.0-rc (29 Sep 2018)
Changes since v4.2.0-beta:
* Fixed performance regressions.
* Made further memory usage improvements.
* Fixed build issues with clean target and runtime_library_dirs.
* Revised package structure to make policyrep a module of the setools
package.
* Symbol names are now available as the name attribute (e.g.
Boolean.name, Type.name, etc.)
* Fixed some apol layouts to increase the size of text fields.
* Move constraint expression to its own class.
* Made Conditional.evaluate() more useful and added BaseTERule.enabled()
method to determine if a rule is enabled.
*setools-4.2.0-beta (10 Jul 2018)
Changes since v4.1.1:
* Replaced the Python/SWIG/static-linked-libsepol policyrep module with
a Cython implementation. This will have performance and memory-usage
improvements and breaks the static linking to libsepol.
* Significant memory usage reduction in sediff (approximately 60%,
depending on the policies).
* Added support for SCTP portcons.
* Updated permission maps.
* Support for Python 2.7 was dropped.
This release of SETools has changed dependencies since 4.1.1. See README.md for more details.
*setools-4.1.1 (5 Aug 2017)
This release has three changes since 4.1.0:
* Update for libsepol 2.7
* Update to permission maps
* Fixes for apol help files
*setools-4.1.0 (23 Jan 2017)
This release primarily focused on adding features to apol, but has several
library enhancements. There is also one important bugfix in sediff. There
were no changes since 4.1.0-rc.
Note This will not compile on the master branch of libsepol (what will
be libsepol 2.7). A future release of SETools will have this support
(when libsepol 2.7 is released).
*setools-4.1.0-rc (11 Dec 2016)
Library:
* Implemented support for alternate install prefixes.
* Implemented support for building setools with a locally-built libsepol.
* Fixed an sediff bug with unioning rules after expansion.
* Improved sediff memory usage.
* Patch from Nicolas Iooss to make more stable output in TE rule permission lists.
* Replaced string representations (e.g. rule types) with enumerations.
Requires the enum34 (not enum) Python package if using Python < 3.4.
Apol:
* Implemented context menu option for exporting the information flow
and domain transition analysis tree browser views.
* Implemented CSV export of table results.
* Implemented (clipboard) copy from table results.
* Added missing "clear" button in object class query.
* Implemented save/load settings for tabs.
* Implemented save/load workspace (save all tabs settings).
* Fixed include/exclude type dialog to keep its place when
adding or removing types from an analysis.
* Implemented filter on include/exclude type dialog to filter
the lists by attribute.
*setools-4.0.1 (17 May 2016)
Library:
* Fixed a compile error on 32bit systems.
* Changed domain transition analysis output to use lists instead
of generators. This fixes a display problem in apol's DTA browser.
Apol:
* Replaced icons with stock Qt icons to remove license issues
with some distributions.
Sesearch:
* Changed xperm options to bring in line with sediff, e.g. --allowx
changed to --allowxperm. Python's argument parser will still detect
--allowx as an abbreviation of --allowxperm, so compatibility is preserved.
*setools-4.0.0 (04 May 2016)
First 4.0 release. SETools is reimplemented in Python.