debian/0000755000000000000000000000000012235026701007164 5ustar debian/changelog0000644000000000000000000004620312235026701011043 0ustar checkpolicy (2.2-1) unstable; urgency=low * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the release - debian/patches/multiarch.patch: Refreshed * debian/control: - Bump Standards-Version to 3.9.4 (no further changes) - Use canonical URL for VCS-Git field -- Laurent Bigonville Fri, 01 Nov 2013 23:39:52 +0100 checkpolicy (2.1.12-1) unstable; urgency=low * Team upload. * New upstream release - debian/control: Bump build-dependencies to match the release * Update debian/watch file -- Laurent Bigonville Thu, 09 May 2013 23:30:40 +0200 checkpolicy (2.1.11-1) experimental; urgency=low * Team upload. * New upstream release - Bump libsepol1-dev and libselinux1-dev build-dependencies * debian/gbp.conf: Change default git-buildpackage build-directory and the debian-branch to "debian" instead of "upstream" -- Laurent Bigonville Wed, 26 Sep 2012 13:42:02 +0200 checkpolicy (2.1.8-2) unstable; urgency=low * Team upload. * Switch to debhelper sequence * debian/control: - Bump Standards-Version to 3.9.3 - Add Homepage field - Update Vcs-* fields - Make checkpolicy arch linux-any - Put under the Debian SELinux team maintenance * Add debian/gbp.conf file * debian/rules: Append CPPFLAGS hardening flags to CFLAGS as build system is not using CPPFLAGS -- Laurent Bigonville Tue, 27 Mar 2012 20:22:24 +0200 checkpolicy (2.1.8-1) unstable; urgency=low * New upstream version, added filename trans rule support. -- Russell Coker Tue, 28 Feb 2012 16:21:32 +1100 checkpolicy (2.1.0-1.1) unstable; urgency=low * Non-maintainer upload. * debian/rules,debian/patches/multiarch.patch - add multiarch support to fix FTBFS (#652748) * debian/source/format - add it to support quilt -- Hideki Yamane Fri, 30 Dec 2011 10:52:06 +0900 checkpolicy (2.1.0-1) unstable; urgency=low * New upstream release. Support role transitions, filename transitions, and single digit module versions among other things. * Made it build-depend on the latest libsepol1-dev and libselinux1-dev -- Russell Coker Tue, 30 Aug 2011 15:17:56 +1000 checkpolicy (2.0.23-1) unstable; urgency=low * Made myself the maintainer and made Manoj an uploader as he hasn't done an upload for a while * New upstream release + Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock * Used the latest versions of libsepol1-dev and libselinux1-dev in build-depends -- Russell Coker Thu, 31 Mar 2011 23:35:30 +1100 checkpolicy (2.0.22-1) unstable; urgency=low * New upstream release. Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence -- Manoj Srivastava Wed, 21 Jul 2010 00:28:52 -0700 checkpolicy (2.0.21-1) unstable; urgency=low * New upstream release + Add long options to checkpolicy and checkmodule by Guido Trentalancia -- Manoj Srivastava Sun, 28 Mar 2010 09:59:27 -0700 checkpolicy (2.0.20-1) unstable; urgency=low * New upstream point release. Add support for building Xen policies from Paul Nuzzi. -- Manoj Srivastava Thu, 15 Oct 2009 23:10:12 -0500 checkpolicy (2.0.19-1) unstable; urgency=low * New upstream release * Fix alias field in module format, caused by boundary format change from Caleb Case. * Properly escape regex symbols in the lexer from Stephen Smalley. * Add bounds support from KaiGai Kohei. -- Manoj Srivastava Mon, 15 Jun 2009 14:12:44 -0500 checkpolicy (2.0.16-4) unstable; urgency=low * Updated the location of the sources in the watch file. * Fixed a race condition in the debian rules file, and allow an override for parallel builds. -- Manoj Srivastava Thu, 16 Apr 2009 12:55:26 -0500 checkpolicy (2.0.16-3) unstable; urgency=low * [cb135a2] Removed obsolete dependencies (Closes: #505737) -- Manoj Srivastava Thu, 20 Nov 2008 02:52:53 -0600 checkpolicy (2.0.16-2) unstable; urgency=low * Move to the new, make -j friendly, streamlined targets in the build system. This should make building this more robust, and faster. * Record the new VCS repository location for the package. * NMU ack. -- Manoj Srivastava Sat, 30 Aug 2008 02:09:26 -0500 checkpolicy (2.0.16-1) unstable; urgency=low * Non-maintainer upload. * New upstream version needed for latest policy. -- Russell Coker Sat, 12 Jul 2008 00:16:59 +1000 checkpolicy (2.0.12-1) unstable; urgency=low * New upstream release * Initialize struct policy_file before using it, from Todd C. Miller. * Remove unused define, move variable out of .y file, simplify COND_ERR, from Todd C. Miller. * Use yyerror2() where appropriate from Todd C. Miller. * Update dispol for libsepol avtab changes from Stephen Smalley. * Deprecate role dominance in parser. * Added support for policy capabilities from Todd Miller. * Initialize the source file name from the command line argument so that checkpolicy/checkmodule report something more useful than "unknown source". * Merged remove use of REJECT and trailing context in lex rules; make ipv4 address parsing like ipv6 from James Carter. -- Manoj Srivastava Tue, 18 Mar 2008 01:34:42 -0500 checkpolicy (2.0.4-1) unstable; urgency=low * New upstream release * Merged handle unknown policydb flag support from Eric Paris. Adds new command line options -U {allow, reject, deny} for selecting the flag when a base module or kernel policy is built. * Merged fix for segfault on duplicate require of sensitivity from Caleb Case. * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh. -- Manoj Srivastava Wed, 06 Feb 2008 14:25:41 -0600 checkpolicy (2.0.2-1) unstable; urgency=low * New upstream SVN HEAD. + Merged checkmodule man page fix from Dan Walsh. -- Manoj Srivastava Sun, 6 May 2007 17:48:06 -0500 checkpolicy (2.0.1-1) unstable; urgency=low * New upstream trunk release * Merged patch to use new libsepol error codes by Karl MacMillan. -- Manoj Srivastava Thu, 19 Apr 2007 18:51:02 -0500 checkpolicy (1.34.1-1) unstable; urgency=low * New upstream release * Merged patch to allow dots in class identifiers from Caleb Case. * Updated version for stable branch. * Collapse user identifiers and identifiers together. * Added XS-VCS-Arch and XS-VCS-Browse to debian/control, and up0dated the build depends -- Manoj Srivastava Thu, 19 Apr 2007 00:46:26 -0500 checkpolicy (1.32-1) unstable; urgency=low * New upstream release * Merged user and range_transition support for modules from Darrel Goeddel * Updated version for release. -- Manoj Srivastava Fri, 20 Oct 2006 17:51:00 -0500 checkpolicy (1.30.11-2) unstable; urgency=low * Bug fix: "checkpolicy: Checkpolicy fails with old version of libsepol1", thanks to Simon Richard Grint (Closes: #387029). * Relink to the new version of libsepol, since that has the proper shlibs bump. -- Manoj Srivastava Mon, 11 Sep 2006 16:06:19 -0500 checkpolicy (1.30.11-1) unstable; urgency=low * New upstream point release * merged range_transition enhancements and user module format changes from Darrel Goeddel -- Manoj Srivastava Thu, 7 Sep 2006 10:18:48 -0500 checkpolicy (1.30.10-2) unstable; urgency=low * checkpolicy_1.30.10-1(ia64/unstable): FTBFS: missing build-depends? Actually, no. the package asks for bison -- but it is not around, so Make just picks yacc as default (which is also missing). So I think this is a buildd bug -- but there is no harm in being a little more robust, and being able to prove it is not a package bug is bonus. (Closes: #382646) -- Manoj Srivastava Sun, 13 Aug 2006 00:11:08 -0500 checkpolicy (1.30.10-1) unstable; urgency=low * New upstream point release * Merged symtab datum patch from Karl MacMillan. -- Manoj Srivastava Sat, 12 Aug 2006 04:24:44 -0500 checkpolicy (1.30.9-1) unstable; urgency=low * New upstream point release * Lindent. * Merged patch to remove TE rule conflict checking from the parser from Joshua Brindle. This can only be done properly by the expander. * Merged patch to make checkpolicy/checkmodule handling of duplicate/conflicting TE rules the same as the expander from Joshua Brindle. * Merged optionals in base take 2 patch set from Joshua Brindle. * Merged compiler cleanup patch from Karl MacMillan. * Merged fix warnings patch from Karl MacMillan. * Changed require_class to reject permissions that have not been declared if building a base module. -- Manoj Srivastava Wed, 19 Jul 2006 18:01:32 -0500 checkpolicy (1.30.3-1) unstable; urgency=low * Synchronize with latest CVS; needed for reference policy. -- Manoj Srivastava Mon, 8 May 2006 14:02:46 -0500 checkpolicy (1.30-1) unstable; urgency=low * New upstream release * Updated version for release. * Fixed bug in role dominance (define_role_dom). * Added a check for failure to declare each sensitivity in a level definition. * Changed to clone level data for aliased sensitivities to avoid double free upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology. * Merged optionals in base patch from Joshua Brindle. * Merged sepol_av_to_string patch from Joshua Brindle. -- Manoj Srivastava Mon, 10 Apr 2006 16:18:24 -0500 checkpolicy (1.28-1) unstable; urgency=low * New upstream release * Updated version for release. * Merged checkmodule man page from Dan Walsh, and edited it. * Added error checking of all ebitmap_set_bit calls for out of memory conditions. * Merged removal of compatibility handling of netlink classes (requirement that policies with newer versions include the netlink class definitions, remapping of fine-grained netlink classes in newer source policies to single netlink class when generating older policies) from George Coker. * Merged dismod fix from Joshua Brindle. * Removed obsolete cond_check_type_rules() function and call and cond_optimize_lists() call from checkpolicy.c; these are handled during parsing and expansion now. * Updated calls to expand_module for interface change. * Changed checkmodule to verify that expand_module succeeds when building base modules. * Merged module compiler fixes from Joshua Brindle. * Removed direct calls to hierarchy_check_constraints() and check_assertions() from checkpolicy since they are now called internally by expand_module(). * Updated for changes to sepol policydb_index_others interface. * Updated for changes to sepol expand_module and link_modules interfaces. * Merged support for require blocks inside conditionals from Joshua Brindle (Tresys). * Updated for changes to libsepol. * Merged several bug fixes from Joshua Brindle (Tresys). * Merged MLS in modules patch from Joshua Brindle (Tresys). * Merged error handling improvement in checkmodule from Karl MacMillan (Tresys). * Merged bugfix for dup role transition error messages from Karl MacMillan (Tresys). * Merged policyver/modulever patches from Joshua Brindle (Tresys). * Fixed parse_categories handling of undefined category. * Merged bug fix for role dominance handling from Darrel Goeddel (TCS). -- Manoj Srivastava Thu, 29 Dec 2005 23:57:12 -0600 checkpolicy (1.27.4-1) unstable; urgency=low * New upstream CVS point release, required for the latest SELinux policy package. Various bug fixes, and retooled for the new avtab format. -- Manoj Srivastava Fri, 30 Sep 2005 14:41:04 -0500 checkpolicy (1.26-1) unstable; urgency=low * New upstream release * Updated version for release. * Fixed handling of validatetrans constraint expressions. Bug reported by Dan Walsh for checkpolicy -M. * Merged use-after-free fix from Serge Hallyn (IBM). Bug found by Coverity. * Fixed further memory leaks found by valgrind. * Changed checkpolicy to destroy the policydbs prior to exit to allow leak detection. * Fixed several memory leaks found by valgrind. * Updated checkpolicy and dispol for the new avtab format. Converted users of ebitmaps to new inline operators. Note: The binary policy format version has been incremented to version 20 as a result of these changes. To build a policy for a kernel that does not yet include these changes, use the -c 19 option to checkpolicy. * Merged patch to prohibit use of "self" as a type name from Jason Tang (Tresys). * Merged patch to fix dismod compilation from Joshua Brindle (Tresys). * Fixed call to hierarchy checking code to pass the right policydb. * Merged patch to update dismod for the relocation of the module read/write code from libsemanage to libsepol, and to enable build of test subdirectory from Jason Tang (Tresys). * Merged hierarchy check fix from Joshua Brindle (Tresys). * Merged loadable module support from Tresys Technology. * Merged patch to prohibit the use of * and ~ in type sets (other than in neverallow statements) and in role sets from Joshua Brindle (Tresys). -- Manoj Srivastava Wed, 14 Sep 2005 23:59:18 -0500 checkpolicy (1.24-2) unstable; urgency=low * Bug fix: "FTBFS: build-depends not strict enough", thanks to Christian T. Steigies (Closes: #316439). -- Manoj Srivastava Thu, 7 Jul 2005 13:18:14 -0500 checkpolicy (1.24-1) unstable; urgency=low * New upstream release * Updated version for release. * Merged cleanup patch from Dan Walsh. * Added sepol_ prefix to Flask types to avoid namespace collision with libselinux. * Merged identifier fix from Joshua Brindle (Tresys). * Merged hierarchical type/role patch from Tresys Technology. * Merged MLS fixes from Darrel Goeddel of TCS. -- Manoj Srivastava Mon, 27 Jun 2005 14:42:10 -0500 checkpolicy (1.22-2) unstable; urgency=low * Bug fix: "checkpolicy: FTBFS due to undeclared functions", thanks to Christian T. Steigies. The build dependency needed to be versioned. (Closes: #299337). -- Manoj Srivastava Sun, 13 Mar 2005 13:06:42 -0600 checkpolicy (1.22-1) unstable; urgency=low * New upstream release * Merged typeattribute statement patch from Darrel Goeddel of TCS. * Changed genpolusers to handle multiple user config files. * Merged nodecon ordering patch from Chad Hanson of TCS. * Merged enhanced MLS support from Darrel Goeddel (TCS). * Changed relabel Makefile target to use restorecon. * Merged define_user() cleanup patch from Darrel Goeddel (TCS). * Merged range_transition support from Darrel Goeddel (TCS). * Moved genpolusers utility to libsepol. -- Manoj Srivastava Sat, 12 Mar 2005 16:10:54 -0600 checkpolicy (1.20-1) unstable; urgency=low * New upstream release * Merged typeattribute statement patch from Darrel Goeddel of TCS. * Changed genpolusers to handle multiple user config files. * Merged nodecon ordering patch from Chad Hanson of TCS. -- Manoj Srivastava Wed, 12 Jan 2005 16:46:34 -0600 checkpolicy (1.18-2) unstable; urgency=low * Update download location and copyright file, since the locations we were pointing to are now forbidden (return a code 403). -- Manoj Srivastava Wed, 24 Nov 2004 14:01:41 -0600 checkpolicy (1.18-1) unstable; urgency=low * New upstream release. * MLS build fix. * Fixed Makefile dependencies (Chris PeBenito). * Merged fix for role dominance ordering issue from Chad Hanson of TCS. * Preserve portcon ordering and apply more checking. -- Manoj Srivastava Thu, 4 Nov 2004 20:43:52 -0600 checkpolicy (1.16-1) unstable; urgency=low * New upstream version, plus patches to 1.17 CVS. -- Russell Coker Tue, 26 Oct 2004 22:47:00 +1000 checkpolicy (1.14-2) unstable; urgency=low * Patch from Tresys to fix a bug in conditional code compilation. -- Russell Coker Sun, 8 Aug 2004 22:26:00 +1000 checkpolicy (1.14-1) unstable; urgency=low * New upstream version that adds fine-grained netlink support and fixes some minur bugs. -- Russell Coker Wed, 30 Jun 2004 15:03:00 +1000 checkpolicy (1.10-1) unstable; urgency=low * New ustream version, includes support for policy V17 and changes to the -c option for backward compatability. * Taking the package over from Colin. -- Russell Coker Thu, 20 May 2004 04:32:00 +1000 checkpolicy (1.6-0.1) unstable; urgency=low * NMU with latest release (same as CVS). -- Russell Coker Thu, 26 Feb 2004 21:19:00 +1100 checkpolicy (1.4-2.1) unstable; urgency=low * NMU to update to latest CVS, needed by new policy. * Merged conditional policy extensions from Tresys Technology. * Added typealias declaration support per Russell Coker's request. * Added support for excluding types from type sets based on a patch by David Caplan, but reimplemented as a change to the policy grammar. * Merged patch from Colin Walters to report source file name and line number for errors when available. * Un-deprecated role transitions. -- Russell Coker Mon, 23 Feb 2004 21:09:00 +1100 checkpolicy (1.4-2) unstable; urgency=low * debian/control: - Apply patch from ddtp to fix typo in description (Closes: #218528) -- Colin Walters Fri, 9 Jan 2004 06:00:52 +0000 checkpolicy (1.4-1) unstable; urgency=low * New upstream release. * debian/patches/lineno.patch: - Add patch from CVS to display source line numbers on error. -- Colin Walters Fri, 9 Jan 2004 05:30:22 +0000 checkpolicy (1.1-1) unstable; urgency=low * New upstream release. -- Colin Walters Thu, 21 Aug 2003 23:55:39 -0400 checkpolicy (1.0-2) unstable; urgency=low * debian/control: - Add Build-Depends on bison, flex (Closes: #205831) -- Colin Walters Tue, 5 Aug 2003 18:37:17 -0400 checkpolicy (1.0-1) unstable; urgency=low * Initial version. -- Colin Walters Tue, 5 Aug 2003 01:35:18 -0400 debian/compat0000644000000000000000000000000212235026701010362 0ustar 9 debian/control0000644000000000000000000000313412235026701010570 0ustar Source: checkpolicy VCS-Git: git://anonscm.debian.org/selinux/checkpolicy.git VCS-Browser: http://anonscm.debian.org/gitweb/?p=selinux/checkpolicy.git;a=summary Priority: optional Section: utils Maintainer: Debian SELinux maintainers Uploaders: Manoj Srivastava , Russell Coker Standards-Version: 3.9.4 Build-Depends: bison, debhelper (>= 9), flex, libselinux1-dev (>= 2.2), libsepol1-dev (>= 2.2) Homepage: http://userspace.selinuxproject.org/ Package: checkpolicy Architecture: linux-any Depends: ${misc:Depends}, ${shlibs:Depends} Description: SELinux policy compiler Security-enhanced Linux is a patch of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. . This package contains checkpolicy, the SELinux policy compiler. Only required for building policies. It uses libsepol to generate the binary policy. checkpolicy uses the static libsepol since it deals with low level details of the policy that have not been encapsulated/abstracted by a proper shared library interface. debian/rules0000755000000000000000000000044412235026701010246 0ustar #!/usr/bin/make -f # -*- makefile -*- # # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # The build system doesn't use CPPFLAGS, pass them to CFLAGS to enable the # missing (hardening) flags. export DEB_CFLAGS_MAINT_APPEND = $(shell dpkg-buildflags --get CPPFLAGS) %: dh $@ debian/watch0000644000000000000000000000012612235026701010214 0ustar version=3 http://userspace.selinuxproject.org/releases/(\d+)/checkpolicy-(.*).tar.gz debian/gbp.conf0000644000000000000000000000023312235026701010601 0ustar [DEFAULT] debian-branch = debian upstream-branch = upstream pristine-tar = True [git-buildpackage] tarball-dir = ../tarballs/ export-dir = ../build-area/ debian/patches/0000755000000000000000000000000012235026701010613 5ustar debian/patches/multiarch.patch0000644000000000000000000000101512235026701013621 0ustar --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ PREFIX ?= $(DESTDIR)/usr BINDIR ?= $(PREFIX)/bin MANDIR ?= $(PREFIX)/share/man -LIBDIR ?= $(PREFIX)/lib +LIBDIR ?= $(PREFIX)/lib/$(DEB_HOST_MULTIARCH) INCLUDEDIR ?= $(PREFIX)/include TARGETS = checkpolicy checkmodule --- a/test/Makefile +++ b/test/Makefile @@ -3,7 +3,7 @@ # PREFIX ?= $(DESTDIR)/usr BINDIR=$(PREFIX)/bin -LIBDIR ?= $(PREFIX)/lib +LIBDIR ?= $(PREFIX)/lib/$(DEB_HOST_MULTIARCH) INCLUDEDIR ?= $(PREFIX)/include CFLAGS ?= -g -Wall -W -Werror -O2 -pipe debian/patches/series0000644000000000000000000000002012235026701012020 0ustar multiarch.patch debian/source/0000755000000000000000000000000012235026701010464 5ustar debian/source/format0000644000000000000000000000001412235026701011672 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000322412235026701011120 0ustar This is the Debian packe for checkpolicy, and it is built from sources obtained from: http://www.nsa.gov/selinux/code/download5.cfm. This package was debianized by Colin Walters on Thu, 3 Jul 2003 17:10:57 -0400. checkpolicy is Copyright © 2002, 2003, 2004 Stephen Smalley Copyright © 2003-2008 Tresys Technology, LLC Copyright © 2003,2007 Red Hat, Inc. Copyright © 2003-2005 James Morris Copyright © 2004-2005 Trusted Computer Solutions, Inc This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This package is maintained by Manoj Srivastava . The Debian specific changes are © 2005-2009, Manoj Srivastava , and distributed under the terms of the GNU General Public License, version 2. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. A copy of the GNU General Public License is also available at . You may also obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Manoj Srivastava arch-tag: d4250e44-a0e0-4ee0-adb9-2bd74f6eeb27