1 * Fix core dumps with corrupt *.bin files, from Richard Haines. 2 * Add selabel partial and best match APIs, from Richard Haines. 3 * Use os.walk() instead of the deprecated os.path.walk(), from Petr 4 Lautrbach & Miro Hronok 5 * is_selinux_enabled(): drop no-policy-loaded test, from Stephen Smalley. 6 * Remove deprecated mudflap option, from Stephen Smalley. 7 * Mount procfs before checking /proc/filesystems, from Ben Shelton. 8 * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. 9 * label_file: handle newlines in file names, from Nick Kralevich. 10 * getcon.3: Fix setcon description, from Stephen Smalley. 11 * Fix audit2why error handling if SELinux is disabled, from Stephen Smalley. 12 * pcre_study can return NULL without error, from Stephen Smalley. 13 * Android property backend validation support, from Robert Craig. 14 * Only check SELinux enabled status once in selinux_check_access, from Stephen Smalley. 15 16 2.4 2015-02-02 17 * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve 18 Lawrence 19 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. 20 * Set the system to permissive if failing to disable SELinux because 21 policy has already been loaded, from Will Woods. 22 * Fix type in selinux.8 manpage, from Nicolas Iooss 23 * Add db_exception and db_datatype support to label_db backend, from Artyom 24 Smirnov 25 * Log an error on unknown classes and permissions, from Stephen Smalley 26 * Add pcre version string to the compiled file_contexts format, from 27 Stephen Smalley 28 * Deprecate use of flask.h and av_permissions.h, from Stephen Smalley 29 * Compiled file_context files and the original should have the same DAC 30 permissions, from Dan Walsh 31 32 2.3 2014-05-06 33 * Get rid of security_context_t and fix const declarations. 34 * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. 35 36 2.2.2 2013-12-30 37 * Fix userspace AVC handling of per-domain permissive mode. 38 39 2.2.1 2013-11-06 40 * Remove -lpthread from pkg-config file; it is not required. 41 42 2.2 2013-10-30 43 * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. 44 * Support overriding Makefile RANLIB from Sven Vermeulen. 45 * Update pkgconfig definition from Sven Vermeulen. 46 * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen. 47 * Fix man pages from Laurent Bigonville. 48 * Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville. 49 * Fix LDFLAGS usage from Laurent Bigonville 50 * Avoid shadowing stat in load_mmap from Joe MacDonald. 51 * Support building on older PCRE libraries from Joe MacDonald. 52 * Fix handling of temporary file in sefcontext_compile from Dan Walsh. 53 * Fix procattr cache from Dan Walsh. 54 * Define python constants for getenforce result from Dan Walsh. 55 * Fix label substitution handling of / from Dan Walsh. 56 * Add selinux_current_policy_path from Dan Walsh. 57 * Change get_context_list to only return good matches from Dan Walsh. 58 * Support udev-197 and higher from Sven Vermeulen and Dan Walsh. 59 * Add support for local substitutions from Dan Walsh. 60 * Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh. 61 * Python wrapper leak fixes from Dan Walsh. 62 * Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh. 63 * Add selinux_systemd_contexts_path from Dan Walsh. 64 * Add selinux_set_policy_root from Dan Walsh. 65 * Add man page for sefcontext_compile from Dan Walsh. 66 67 2.1.13 2013-02-01 68 * audit2why: make sure path is nul terminated 69 * utils: new file context regex compiler 70 * label_file: use precompiled filecontext when possible 71 * do not leak mmapfd 72 * sefcontontext_compile: Add error handling to help debug problems in libsemanage. 73 * man: make selinux.8 mention service man pages 74 * audit2why: Fix segfault if finish() called twice 75 * audit2why: do not leak on multiple init() calls 76 * mode_to_security_class: interface to translate a mode_t in to a security class 77 * audit2why: Cleanup audit2why analysys function 78 * man: Fix program synopsis and function prototypes in man pages 79 * man: Fix man pages formatting 80 * man: Fix typo in man page 81 * man: Add references and man page links to _raw function variants 82 * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions 83 * man: context_new(3): fix the return value description 84 * selinux_status_open: handle error from sysconf 85 * selinux_status_open: do not leak statusfd on exec 86 * Fix errors found by coverity 87 * Change boooleans.subs to booleans.subs_dist. 88 * optimize set*con functions 89 * pkg-config do not specifc ruby version 90 * unmap file contexts on selabel_close() 91 * do not leak file contexts with mmap'd backend 92 * sefcontext_compile: do not leak fd on error 93 * matchmediacon: do not leak fd 94 * src/label_android_property: do not leak fd on error 95 96 2.1.12 2012-09-13 97 * Add support for lxc_contexts_path 98 * utils: add service to getdefaultcon 99 * libsemanage: do not set soname needlessly 100 * libsemanage: remove PYTHONLIBDIR and ruby equivalent 101 * boolean name equivalency 102 * getsebool: support boolean name substitution 103 * Add man page for new selinux_boolean_sub function. 104 * expose selinux_boolean_sub 105 * matchpathcon: add -m option to force file type check 106 * utils: avcstat: clear sa_mask set 107 * seusers: Check for strchr failure 108 * booleans: initialize pointer to silence coveriety 109 * stop messages when SELinux disabled 110 * label_file: use PCRE instead of glibc regex functions 111 * label_file: remove all typedefs 112 * label_file: move definitions to include file 113 * label_file: do string to mode_t conversion in a helper function 114 * label_file: move error reporting back into caller 115 * label_file: move stem/spec handling to header 116 * label_file: drop useless ncomp field from label_file data 117 * label_file: move spec_hasMetaChars to header 118 * label_file: fix potential read past buffer in spec_hasMetaChars 119 * label_file: move regex sorting to the header 120 * label_file: add accessors for the pcre extra data 121 * label_file: only run regex files one time 122 * label_file: new process_file function 123 * label_file: break up find_stem_from_spec 124 * label_file: struct reorg 125 * label_file: only run array once when sorting 126 * Ensure that we only close the selinux netlink socket once. 127 * improve the file_contexts.5 manual page 128 129 2.1.11 2012-06-28 130 * Fortify source now requires all code to be compiled with -O flag 131 * asprintf return code must be checked 132 * avc_netlink_recieve handle EINTR 133 * audit2why: silence -Wmissing-prototypes warning 134 * libsemanage: remove build warning when build swig c files 135 * matchpathcon: bad handling of symlinks in / 136 * seusers: remove unused lineno 137 * seusers: getseuser: gracefully handle NULL service 138 * New Android property labeling backend 139 * label_android_property whitespace cleanups 140 * additional makefile support for rubywrap 141 142 143 2.1.10 2012-03-28 144 * Fix dead links to www.nsa.gov/selinux 145 * Remove jump over variable declaration 146 * Fix old style function definitions 147 * Fix const-correctness 148 * Remove unused flush_class_cache method 149 * Add prototype decl for destructor 150 * Add more printf format annotations 151 * Add printf format attribute annotation to die() method 152 * Fix const-ness of parameters & make usage() methods static 153 * Enable many more gcc warnings for libselinux/src/ builds 154 * utils: Enable many more gcc warnings for libselinux/utils builds 155 * Change annotation on include/selinux/avc.h to avoid upsetting SWIG 156 * Ensure there is a prototype for 'matchpathcon_lib_destructor' 157 * Update Makefiles to handle /usrmove 158 * utils: Stop separating out matchpathcon as something special 159 * pkg-config to figure out where ruby include files are located 160 * build with either ruby 1.9 or ruby 1.8 161 * assert if avc_init() not called 162 * take security_deny_unknown into account 163 * security_compute_create_name(3) 164 * Do not link against python library, this is considered 165 * bad practice in debian 166 * Hide unnecessarily-exported library destructors 167 168 2.1.9 2011-12-21 169 * Fix setenforce man page to refer to selinux man page 170 * Cleanup Man pages 171 * merge freecon with getcon man page 172 173 2.1.8 2011-12-05 174 * selinuxswig_python.i: don't make syscall if it won't change anything 175 * Remove assert in security_get_boolean_names(3) 176 * Mapped compute functions now obey deny_unknown flag 177 * get_default_type now sets EINVAL if no entry. 178 * return EINVAL if invalid role selected 179 * Updated selabel_file(5) man page 180 * Updated selabel_db(5) man page 181 * Updated selabel_media(5) man page 182 * Updated selabel_x(5) man page 183 * Add man/man5 man pages 184 * Add man/man5 man pages 185 * Add man/man5 man pages 186 * use -W and -Werror in utils 187 188 2.1.7 2011-11-03 189 * Makefiles: syntax, convert all ${VAR} to $(VAR) 190 * load_policy: handle selinux=0 and /sys/fs/selinux not exist 191 * regenerate .pc on VERSION change 192 * label: cosmetic cleanups 193 * simple interface for access checks 194 * Don't reinitialize avc_init if it has been called previously 195 * seusers: fix to handle large sets of groups 196 * audit2why: close fd on enomem 197 * rename and export symlink_realpath 198 * label_file: style changes to make Eric happy. 199 200 2.1.6 2011-09-15 201 * utils: matchpathcon: remove duplicate declaration 202 * src: matchpathcon: use myprintf not fprintf 203 * src: matchpathcon: make sure resolved path starts 204 * put libselinux.so.1 in /lib not /usr/lib 205 * tree: default make target to all not 206 207 2.1.5 2011-0826 208 * selinux_file_context_verify function returns wrong value. 209 * move realpath helper to matchpathcon library 210 * python wrapper makefile changes 211 212 2.1.4 2011-0817 213 * mapping fix for invalid class/perms after selinux_set_mapping 214 * audit2why: work around python bug not defining 215 * resolv symlinks and dot directories before matching 216 217 2.1.2 2011-0803 218 * audit2allow: do not print statistics 219 * make python bindings for restorecon work on relative path 220 * fix python audit2why binding error 221 * support new python3 functions 222 * do not check fcontext duplicates on use 223 * Patch for python3 for libselinux 224 225 2.1.1 2011-08-02 226 * move .gitignore into utils 227 * new setexecon utility 228 * selabel_open fix processing of substitution files 229 * mountpoint changing patch. 230 * simplify SRCS in Makefile 231 232 2.1.1 2011-08-01 233 * Remove generated files, introduce more .gitignore 234 235 2.1.0 2011-07-27 236 * Release, minor version bump 237 238 2.0.102 2011-04-11 239 * Give correct names to mount points in load_policy by Dan Walsh. 240 * Make sure selinux state is reported correctly if selinux is disabled or 241 fails to load by Dan Walsh. 242 * Fix crash if selinux_key_create was never called by Dan Walsh. 243 * Add new file_context.subs_dist for distro specific filecon substitutions 244 by Dan Walsh. 245 * Update man pages for selinux_color_* functions by Richard Haines. 246 247 2.0.101 2011-03-23 248 * db_language object class support for selabel_lookup from KaiGai 249 Kohei. 250 251 2.0.100 2011-03-09 252 * Library destructors for thread local storage keys from Eamon Walsh. 253 254 2.0.99 2011-03-01 255 * SELinux man page fixes from Dan Walsh. 256 * selinux_status interfaces from KaiGai Kohei. 257 258 2.0.98 2010-12-16 259 * Turn off default user handling when computing user contexts by Dan Walsh 260 261 2.0.97 2010-12-02 262 * Thread local storage fixes from Eamon Walsh. 263 264 2.0.96 2010-06-14 265 * Add const qualifiers to public API where appropriate by KaiGai Kohei. 266 267 2.0.95 2010-06-10 268 * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers 269 * Adds a chcon method to the libselinux python bindings from Steve Lawrence 270 271 2.0.94 2010-03-24 272 * Set errno=EINVAL for invalid contexts from Dan Walsh. 273 274 2.0.93 2010-03-15 275 * Show strerror for security_getenforce() by Colin Walters. 276 * Merged selabel database support by KaiGai Kohei. 277 * Modify netlink socket blocking code by KaiGai Kohei. 278 279 2.0.92 2010-03-06 280 * Fix from Eric Paris to fix leak on non-selinux systems. 281 * regenerate swig wrappers 282 * pkgconfig fix to respect LIBDIR from Dan Walsh. 283 284 2.0.91 2010-02-22 285 * Change the AVC to only audit the permissions specified by the 286 policy, excluding any permissions specified via dontaudit or not 287 specified via auditallow. 288 * Fix compilation of label_file.c with latest glibc headers. 289 290 2.0.90 2009-11-27 291 * add/reformat man pages by Guido Trentalancia <guido (a] trentalancia.com>. 292 * Change exception.sh to be called with bash by Manoj Srivastava <srivasta (a] debian.org> 293 294 2.0.89 2009-10-29 295 * Add pkgconfig file from Eamon Walsh. 296 297 2.0.88 2009-10-22 298 * Rename and export selinux_reset_config() 299 300 2.0.87 2009-09-25 301 * Add exception handling in libselinux from Dan Walsh. This uses a 302 shell script called exception.sh to generate a swig interface file. 303 * make swigify 304 * Make matchpathcon print <<none>> if path not found in fcontext file. 305 306 2.0.86 2009-09-02 307 * Removal of reference counting on userspace AVC SID's. 308 309 2.0.85 2009-07-14 310 * Reverted Tomas Mraz's fix for freeing thread local storage to avoid 311 pthread dependency. 312 * Removed fini_context_translations() altogether. 313 * Merged lazy init patch from Stephen Smalley based on original patch 314 by Steve Grubb. 315 316 2.0.84 2009-07-07 317 * Add per-service seuser support from Dan Walsh. 318 * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. 319 320 2.0.83 2009-07-07 321 * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric 322 Paris. 323 324 2.0.82 2009-06-19 325 * Fix improper use of thread local storage from Tomas Mraz <tmraz (a] redhat.com>. 326 * Label substitution support from Dan Walsh. 327 * Support for labeling virtual machine images from Dan Walsh. 328 329 2.0.81 2009-05-15 330 * Trim / from the end of input paths to matchpathcon from Dan Walsh. 331 * Fix leak in process_line in label_file.c from Hiroshi Shinji. 332 * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. 333 * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. 334 335 2.0.80 2009-04-07 336 * deny_unknown wrapper function from KaiGai Kohei. 337 * security_compute_av_flags API from KaiGai Kohei. 338 * Netlink socket management and callbacks from KaiGai Kohei. 339 340 2.0.79 2009-03-11 341 * Netlink socket handoff patch from Adam Jackson. 342 * AVC caching of compute_create results by Eric Paris. 343 344 2.0.78 2009-02-27 345 * Fix incorrect conversion in discover_class code. 346 347 2.0.77 2009-01-12 348 * add restorecon to python bindings from Dan Walsh. 349 350 2.0.76 2009-01-08 351 * Client support for translating raw contexts to colors via setrans. 352 353 2.0.75 2008-11-18 354 * Allow shell-style wildcards in x_contexts file. 355 356 2.0.74 2008-11-03 357 * Correct message types in AVC log messages. 358 359 2.0.73 2008-10-14 360 * Make matchpathcon -V pass mode from Dan Walsh. 361 * Add man page for selinux_file_context_cmp from Dan Walsh. 362 363 2.0.72 2008-09-29 364 * New man pages from Dan Walsh. 365 * Update flask headers from refpolicy trunk from Dan Walsh. 366 367 2.0.71 2008-08-05 368 * Add group support to seusers using %groupname syntax from Dan Walsh. 369 * Mark setrans socket close-on-exec from Stephen Smalley. 370 * Only apply nodups checking to base file contexts from Stephen Smalley. 371 372 2.0.70 2008-07-30 373 * Merge ruby bindings from Dan Walsh. 374 375 2.0.69 2008-07-29 376 * Handle duplicate file context regexes as a fatal error from Stephen Smalley. 377 This prevents adding them via semanage. 378 379 2.0.68 2008-07-18 380 * Fix audit2why shadowed variables from Stephen Smalley. 381 * Note that freecon NULL is legal in man page from Karel Zak. 382 383 2.0.67 2008-06-13 384 * New and revised AVC, label, and mapping man pages from Eamon Walsh. 385 386 2.0.66 2008-06-11 387 * Add swig python bindings for avc interfaces from Dan Walsh. 388 389 2.0.65 2008-05-27 390 * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. 391 * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status. 392 393 2.0.64 2008-04-21 394 * Fixed selinux_set_callback man page. 395 396 2.0.63 2008-04-18 397 * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. 398 399 2.0.62 2008-04-18 400 * Fix memory leaks in matchpathcon from Eamon Walsh. 401 402 2.0.61 2008-03-31 403 * Man page typo fix from Jim Meyering. 404 405 2.0.60 2008-03-20 406 * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel. 407 408 2.0.59 2008-02-29 409 * Merged new X label "poly_selection" namespace from Eamon Walsh. 410 411 2.0.58 2008-02-28 412 * Merged reset_selinux_config() for load policy from Dan Walsh. 413 414 2.0.57 2008-02-25 415 * Merged avc_has_perm() errno fix from Eamon Walsh. 416 417 2.0.56 2008-02-21 418 * Regenerated Flask headers from refpolicy flask definitions. 419 420 2.0.55 2008-02-08 421 * Merged compute_member AVC function and manpages from Eamon Walsh. 422 423 2.0.54 2008-02-08 424 * Provide more error reporting on load policy failures from Stephen Smalley. 425 426 2.0.53 2008-02-07 427 * Merged new X label "poly_prop" namespace from Eamon Walsh. 428 429 2.0.52 2008-02-06 430 * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. 431 432 2.0.51 2008-02-05 433 * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley. 434 435 2.0.50 2008-01-28 436 * Merged fix for audit2why from Dan Walsh. 437 438 2.0.49 2008-01-23 439 * Merged audit2why python binding from Dan Walsh. 440 441 2.0.48 2008-01-23 442 * Merged updated swig bindings from Dan Walsh, including typemap for pid_t. 443 444 2.0.47 2007-12-21 445 * Fix for the avc: granted null message bug from Stephen Smalley. 446 447 2.0.46 2007-12-07 448 * matchpathcon(8) man page update from Dan Walsh. 449 450 2.0.45 2007-11-20 451 * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. 452 453 2.0.44 2007-11-20 454 * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. 455 A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. 456 457 2.0.43 2007-11-15 458 * Regenerated Flask headers from policy. 459 460 2.0.42 2007-11-08 461 * AVC enforcing mode override patch from Eamon Walsh. 462 463 2.0.41 2007-11-06 464 * Aligned attributes in AVC netlink code from Eamon Walsh. 465 466 2.0.40 2007-11-01 467 * Merged refactored AVC netlink code from Eamon Walsh. 468 469 2.0.39 2007-10-19 470 * Merged new X label namespaces from Eamon Walsh. 471 472 2.0.38 2007-10-15 473 * Bux fix and minor refactoring in string representation code. 474 475 2.0.37 2007-10-05 476 * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh. 477 478 2.0.36 2007-09-27 479 * Fix segfault resulting from missing file_contexts file. 480 481 2.0.35 2007-09-24 482 * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. 483 * Pass CFLAGS when using gcc for linking from Dennis Gilmore. 484 485 2.0.34 2007-09-18 486 * Fix selabel option flag setting for 64-bit from Stephen Smalley. 487 488 2.0.33 2007-09-12 489 * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley. 490 * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley. 491 492 2.0.32 2007-09-10 493 * Fix swig binding for rpm_execcon from James Athey. 494 495 2.0.31 2007-08-23 496 * Fix file_contexts.homedirs path from Todd Miller. 497 498 2.0.30 2007-08-06 499 * Fix segfault resulting from uninitialized print-callback pointer. 500 501 2.0.29 2007-08-02 502 * Added x_contexts path function patch from Eamon Walsh. 503 504 2.0.28 2007-08-01 505 * Fix build for EMBEDDED=y from Yuichi Nakamura. 506 507 2.0.27 2007-07-25 508 * Fix markup problems in selinux man pages from Dan Walsh. 509 510 2.0.26 2007-07-23 511 * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh. 512 * Added swigify to top-level Makefile from Dan Walsh. 513 514 2.0.25 2007-07-23 515 * Fix for string_to_security_class segfault on x86_64 from Stephen 516 Smalley. 517 518 2.0.24 2007-09-07 519 * Fix for getfilecon() for zero-length contexts from Stephen Smalley. 520 521 2.0.23 2007-06-22 522 * Refactored SWIG bindings from James Athey. 523 524 2.0.22 2007-06-20 525 * Labeling and callback interface patches from Eamon Walsh. 526 527 2.0.21 2007-06-11 528 * Class and permission mapping support patches from Eamon Walsh. 529 530 2.0.20 2007-06-07 531 * Object class discovery support patches from Chris PeBenito. 532 533 2.0.19 2007-06-05 534 * Refactoring and errno support in string representation code. 535 536 2.0.18 2007-05-31 537 * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. 538 This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. 539 540 2.0.17 2007-05-31 541 * Updated Lindent script and reindented two header files. 542 543 2.0.16 2007-05-09 544 * Merged additional swig python bindings from Dan Walsh. 545 546 2.0.15 2007-04-27 547 * Merged helpful message when selinuxfs mount fails patch from Dax Kelson. 548 549 2.0.14 2007-04-24 550 * Merged build fix for avc_internal.c from Joshua Brindle. 551 552 2.0.13 2007-04-12 553 * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh. 554 555 2.0.12 2007-04-09 556 * Merged support for getting initial contexts from James Carter. 557 558 2.0.11 2007-04-05 559 * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. 560 561 562 2.0.10 2007-04-05 563 * Merged sidput(NULL) patch from Eamon Walsh. 564 565 2.0.9 2007-03-30 566 * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh. 567 568 2.0.8 2007-03-20 569 * Merged fix for avc.h #include's from Eamon Walsh. 570 571 2.0.7 2007-03-12 572 * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. 573 574 2.0.6 2007-03-12 575 * Merged patch to drop support for old /etc/sysconfig/selinux and 576 /etc/security policy file layout from Steve Grubb. 577 578 2.0.5 2007-02-27 579 * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb. 580 581 2.0.4 2007-02-23 582 * Removed sending of setrans init message. 583 584 2.0.3 2007-02-22 585 * Merged matchpathcon memory leak fix from Steve Grubb. 586 587 2.0.2 2007-02-21 588 * Merged more swig initializers from Dan Walsh. 589 590 2.0.1 2007-02-20 591 * Merged patch from Todd Miller to convert int types over to C99 style. 592 593 2.0.0 2007-02-01 594 * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because 595 of the use of the non-standard format %as. (original patch changed 596 for style). 597 * Merged patch from Todd Miller to fix memory leak in matchpathcon.c. 598 599 1.34.1 2007-01-26 600 * Merged python binding fixes from Dan Walsh. 601 602 1.34.0 2007-01-18 603 * Updated version for stable branch. 604 605 1.33.6 2007-01-17 606 * Merged man page updates to make "apropos selinux" work from Dan Walsh. 607 608 1.33.5 2007-01-16 609 * Merged getdefaultcon utility from Dan Walsh. 610 611 1.33.4 2007-01-11 612 * Merged selinux_check_securetty_context() and support from Dan Walsh. 613 614 1.33.3 2007-01-04 615 * Merged patch for matchpathcon utility to use file mode information 616 when available from Dan Walsh. 617 618 1.33.2 2006-11-27 619 * Merged patch to compile with -fPIC instead of -fpic from 620 Manoj Srivastava to prevent hitting the global offset table 621 limit. Patch changed to include libsepol and libsemanage in 622 addition to libselinux. 623 624 1.33.1 2006-10-19 625 * Merged updated flask definitions from Darrel Goeddel. 626 This adds the context security class, and also adds 627 the string definitions for setsockcreate and polmatch. 628 629 1.32 2006-10-17 630 * Updated version for release. 631 632 1.30.30 2006-10-05 633 * Merged patch from Darrel Goeddel to always use untranslated 634 contexts in the userspace AVC. 635 636 1.30.29 2006-09-29 637 * Merged av_permissions.h update from Steve Grubb, 638 adding setsockcreate and polmatch definitions. 639 640 1.30.28 2006-09-13 641 * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client 642 * Merged c++ class identifier fix from Joe Nall. 643 644 1.30.27 2006-08-24 645 * Merged patch to not log avc stats upon a reset from Steve Grubb. 646 * Applied patch to revert compat_net setting upon policy load. 647 648 1.30.26 2006-08-11 649 * Merged file context homedir and local path functions from 650 Chris PeBenito. 651 652 1.30.25 2006-08-11 653 * Rework functions that access /proc/pid/attr to access the 654 per-thread nodes, and unify the code to simplify maintenance. 655 656 1.30.24 2006-08-10 657 * Merged return value fix for *getfilecon() from Dan Walsh. 658 659 1.30.23 2006-08-10 660 * Merged sockcreate interfaces from Eric Paris. 661 662 1.30.22 2006-08-03 663 * Merged no-tls-direct-seg-refs patch from Jeremy Katz. 664 665 1.30.21 2006-08-03 666 * Merged netfilter_contexts support patch from Chris PeBenito. 667 668 1.30.20 2006-08-01 669 * Merged context_*_set errno patch from Jim Meyering. 670 671 1.30.19 2006-06-29 672 * Lindent. 673 674 1.30.18 2006-06-27 675 * Merged {get,set}procattrcon patch set from Eric Paris. 676 * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris. 677 678 1.30.17 2006-06-27 679 * Regenerated Flask headers from refpolicy. 680 681 1.30.16 2006-06-26 682 * Merged patch from Dan Walsh with: 683 - Added selinux_file_context_{cmp,verify}. 684 - Added selinux_lsetfilecon_default. 685 - Delay translation of contexts in matchpathcon. 686 687 1.30.15 2006-06-16 688 * Merged patch from Dan Walsh with: 689 * Added selinux_getpolicytype() function. 690 * Modified setrans code to skip processing if !mls_enabled. 691 692 1.30.14 2006-06-16 693 * Set errno in the !selinux_mnt case. 694 695 1.30.13 2006-06-02 696 * Allocate large buffers from the heap, not on stack. 697 Affects is_context_customizable, selinux_init_load_policy, 698 and selinux_getenforcemode. 699 700 1.30.12 2006-06-02 701 * Merged !selinux_mnt checks from Ian Kent. 702 703 1.30.11 2006-05-24 704 * Merged matchmediacon and trans_to_raw_context fixes from 705 Serge Hallyn. 706 707 1.30.10 2006-05-22 708 * Merged simple setrans client cache from Dan Walsh. 709 Merged avcstat patch from Russell Coker. 710 711 1.30.9 2006-05-22 712 * Modified selinux_mkload_policy() to also set /selinux/compat_net 713 appropriately for the loaded policy. 714 715 1.30.8 2006-05-17 716 * Added matchpathcon_fini() function to free memory allocated by 717 matchpathcon_init(). 718 719 1.30.7 2006-05-16 720 * Merged setrans client cleanup patch from Steve Grubb. 721 722 1.30.6 2006-05-08 723 * Merged getfscreatecon man page fix from Dan Walsh. 724 * Updated booleans(8) man page to drop references to the old 725 booleans file and to note that setsebool can be used to set 726 the boot-time defaults via -P. 727 728 1.30.5 2006-05-05 729 * Merged fix warnings patch from Karl MacMillan. 730 731 1.30.4 2006-05-05 732 * Merged setrans client support from Dan Walsh. 733 This removes use of libsetrans. 734 * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. 735 * Merged swig typemap fixes from Glauber de Oliveira Costa. 736 737 1.30.3 2006-04-12 738 * Added distclean target to Makefile. 739 * Regenerated swig files. 740 741 1.30.2 2006-04-11 742 * Changed matchpathcon_init to verify that the spec file is 743 a regular file. 744 * Merged python binding t_output_helper removal patch from Dan Walsh. 745 746 1.30.1 2006-03-20 747 * Merged Makefile PYLIBVER definition patch from Dan Walsh. 748 749 1.30 2006-03-14 750 * Updated version for release. 751 752 1.29.8 2006-02-27 753 * Altered rpm_execcon fallback logic for permissive mode to also 754 handle case where /selinux/enforce is not available. 755 756 1.29.7 2006-01-20 757 * Merged install-pywrap Makefile patch from Joshua Brindle. 758 759 1.29.6 2006-01-18 760 * Merged pywrap Makefile patch from Dan Walsh. 761 762 1.29.5 2006-01-11 763 * Added getseuser test program. 764 765 1.29.4 2006-01-06 766 * Added format attribute to myprintf in matchpathcon.c and 767 removed obsoleted rootlen variable in init_selinux_config(). 768 769 1.29.3 2006-01-04 770 * Merged several fixes and improvements from Ulrich Drepper 771 (Red Hat), including: 772 - corrected use of getline 773 - further calls to __fsetlocking for local files 774 - use of strdupa and asprintf 775 - proper handling of dirent in booleans code 776 - use of -z relro 777 - several other optimizations 778 * Merged getpidcon python wrapper from Dan Walsh (Red Hat). 779 780 1.29.2 2005-12-14 781 * Merged call to finish_context_translations from Dan Walsh. 782 This eliminates a memory leak from failing to release memory 783 allocated by libsetrans. 784 785 1.29.1 2005-12-08 786 * Merged patch for swig interfaces from Dan Walsh. 787 788 1.28 2005-12-07 789 * Updated version for release. 790 791 1.27.28 2005-12-01 792 * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and 793 modified matchpathcon implementation to make context validation/ 794 canonicalization optional at matchpathcon_init time, deferring it 795 to a successful matchpathcon by default unless the new flag is set 796 by the caller. 797 798 1.27.27 2005-12-01 799 * Added matchpathcon_init_prefix() interface, and 800 reworked matchpathcon implementation to support selective 801 loading of file contexts entries based on prefix matching 802 between the pathname regex stems and the specified path 803 prefix (stem must be a prefix of the specified path prefix). 804 805 1.27.26 2005-11-29 806 * Merged getsebool patch from Dan Walsh. 807 808 1.27.25 2005-11-29 809 * Added -f file_contexts option to matchpathcon util. 810 Fixed warning message in matchpathcon_init(). 811 812 1.27.24 2005-11-29 813 * Merged Makefile python definitions patch from Dan Walsh. 814 815 1.27.23 2005-11-28 816 * Merged swigify patch from Dan Walsh. 817 818 1.27.22 2005-11-15 819 * Merged make failure in rpm_execcon non-fatal in permissive mode 820 patch from Ivan Gyurdiev. 821 822 1.27.21 2005-11-08 823 * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() 824 and modified matchpathcon_init() to skip context translation 825 if it is set by the caller. 826 827 1.27.20 2005-11-07 828 * Added security_canonicalize_context() interface and 829 set_matchpathcon_canoncon() interface for obtaining 830 canonical contexts. Changed matchpathcon internals 831 to obtain canonical contexts by default. Provided 832 fallback for kernels that lack extended selinuxfs context 833 interface. 834 835 1.27.19 2005-11-04 836 * Merged seusers parser changes from Ivan Gyurdiev. 837 * Merged setsebool to libsemanage patch from Ivan Gyurdiev. 838 * Changed seusers parser to reject empty fields. 839 840 1.27.18 2005-11-03 841 * Merged seusers empty level handling patch from Jonathan Kim (TCS). 842 843 1.27.17 2005-10-27 844 * Changed default entry for seusers to use __default__ to avoid 845 ambiguity with users named "default". 846 847 1.27.16 2005-10-27 848 * Fixed init_selinux_config() handling of missing /etc/selinux/config 849 or missing SELINUXTYPE= definition. 850 * Merged selinux_translations_path() patch from Dan Walsh. 851 852 1.27.15 2005-10-25 853 * Added hidden_proto/def for get_default_context_with_role. 854 855 1.27.14 2005-10-25 856 * Merged selinux_path() and selinux_homedir_context_path() 857 functions from Joshua Brindle. 858 859 1.27.13 2005-10-19 860 * Merged fixes for make DESTDIR= builds from Joshua Brindle. 861 862 1.27.12 2005-10-18 863 * Merged get_default_context_with_rolelevel and man pages from 864 Dan Walsh (Red Hat). 865 866 1.27.11 2005-10-18 867 * Updated call to sepol_policydb_to_image for sepol changes. 868 869 1.27.10 2005-10-17 870 * Changed getseuserbyname to ignore empty lines and to handle 871 no matching entry in the same manner as no seusers file. 872 873 1.27.9 2005-10-13 874 * Changed selinux_mkload_policy to try downgrading the 875 latest policy version available to the kernel-supported version. 876 877 1.27.8 2005-10-11 878 * Changed selinux_mkload_policy to fall back to the maximum 879 policy version supported by libsepol if the kernel policy version 880 falls outside of the supported range. 881 882 1.27.7 2005-10-06 883 * Changed getseuserbyname to fall back to the Linux username and 884 NULL level if seusers config file doesn't exist unless 885 REQUIRESEUSERS=1 is set in /etc/selinux/config. 886 * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. 887 888 1.27.6 2005-10-06 889 * Added selinux_init_load_policy() function as an even higher level 890 interface for the initial policy load by /sbin/init. This obsoletes 891 the load_policy() function in the sysvinit-selinux.patch. 892 893 1.27.5 2005-10-06 894 * Added selinux_mkload_policy() function as a higher level interface 895 for loading policy than the security_load_policy() interface. 896 897 1.27.4 2005-10-05 898 * Merged fix for matchpathcon (regcomp error checking) from Johan 899 Fischer. Also added use of regerror to obtain the error string 900 for inclusion in the error message. 901 902 1.27.3 2005-10-03 903 * Changed getseuserbyname to not require (and ignore if present) 904 the MLS level in seusers.conf if MLS is disabled, setting *level 905 to NULL in this case. 906 907 1.27.2 2005-09-30 908 * Merged getseuserbyname patch from Dan Walsh. 909 910 1.27.1 2005-09-19 911 * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh. 912 This allows file_contexts with MLS fields to be processed on 913 non-MLS-enabled systems with policies that are otherwise 914 identical (e.g. same type definitions). 915 * Merged get_ordered_context_list_with_level() function from 916 Dan Walsh, and added get_default_context_with_level(). 917 This allows MLS level selection for users other than the 918 default level. 919 920 1.26 2005-09-06 921 * Updated version for release. 922 923 1.25.7 2005-09-01 924 * Merged modified form of patch to avoid dlopen/dlclose by 925 the static libselinux from Dan Walsh. Users of the static libselinux 926 will not have any context translation by default. 927 928 1.25.6 2005-08-31 929 * Added public functions to export context translation to 930 users of libselinux (selinux_trans_to_raw_context, 931 selinux_raw_to_trans_context). 932 933 1.25.5 2005-08-26 934 * Remove special definition for context_range_set; use 935 common code. 936 937 1.25.4 2005-08-25 938 * Hid translation-related symbols entirely and ensured that 939 raw functions have hidden definitions for internal use. 940 * Allowed setting NULL via context_set* functions. 941 * Allowed whitespace in MLS component of context. 942 * Changed rpm_execcon to use translated functions to workaround 943 lack of MLS level on upgraded systems. 944 945 1.25.3 2005-08-23 946 * Merged context translation patch, originally by TCS, 947 with modifications by Dan Walsh (Red Hat). 948 949 1.25.2 2005-08-11 950 * Merged several fixes for error handling paths in the 951 AVC sidtab, matchpathcon, booleans, context, and get_context_list 952 code from Serge Hallyn (IBM). Bugs found by Coverity. 953 954 1.25.1 2005-08-10 955 * Removed setupns; migrated to pam. 956 * Merged patches to rename checkPasswdAccess() from Joshua Brindle. 957 Original symbol is temporarily retained for compatibility until 958 all callers are updated. 959 960 1.24 2005-06-20 961 * Updated version for release. 962 963 1.23.12 2005-06-13 964 * Merged security_setupns() from Chad Sellers. 965 966 1.23.11 2005-05-19 967 * Merged avcstat and selinux man page from Dan Walsh. 968 * Changed security_load_booleans to process booleans.local 969 even if booleans file doesn't exist. 970 971 1.23.10 2005-04-29 972 * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). 973 974 1.23.9 2005-04-26 975 * Rewrote get_ordered_context_list and helpers, including 976 changing logic to allow variable MLS fields. 977 978 1.23.8 2005-04-25 979 * Merged matchpathcon and man page patch from Dan Walsh. 980 981 1.23.7 2005-04-12 982 * Changed boolean functions to return -1 with errno ENOENT 983 rather than assert on a NULL selinux_mnt (i.e. selinuxfs not 984 mounted). 985 986 1.23.6 2005-04-08 987 * Fixed bug in matchpathcon_filespec_destroy. 988 989 1.23.5 2005-04-05 990 * Fixed bug in rpm_execcon error handling path. 991 992 1.23.4 2005-04-04 993 * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. 994 * Merged fix for getconlist utility from Andreas Steinmetz. 995 996 1.23.3 2005-03-29 997 * Merged security_set_boolean_list patch from Dan Walsh. 998 This introduces booleans.local support for setsebool. 999 1000 1.23.2 2005-03-17 1001 * Merged destructors patch from Tomas Mraz. 1002 1003 1.23.1 2005-03-16 1004 * Added set_matchpathcon_flags() function for setting flags 1005 controlling operation of matchpathcon. MATCHPATHCON_BASEONLY 1006 means only process the base file_contexts file, not 1007 file_contexts.homedirs or file_contexts.local, and is for use by 1008 setfiles -c. 1009 * Updated matchpathcon.3 man page. 1010 1011 1.22 2005-03-09 1012 * Updated version for release. 1013 1014 1.21.13 2005-03-08 1015 * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. 1016 1017 1.21.12 2005-03-01 1018 * Changed matchpathcon_common to ignore any non-format bits in the mode. 1019 1020 1.21.11 2005-02-22 1021 * Merged several fixes from Ulrich Drepper. 1022 1023 1.21.10 2005-02-17 1024 * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. 1025 * Added selinux_users_path() for path to directory containing 1026 system.users and local.users. 1027 1028 1.21.9 2005-02-09 1029 * Changed relabel Makefile target to use restorecon. 1030 1031 1.21.8 2005-02-07 1032 * Regenerated av_permissions.h. 1033 1034 1.21.7 2005-02-01 1035 * Modified avc_dump_av to explicitly check for any permissions that 1036 cannot be mapped to string names and display them as a hex value. 1037 1038 1.21.6 2005-01-31 1039 * Regenerated av_permissions.h. 1040 1041 1.21.5 2005-01-28 1042 * Generalized matchpathcon internals, exported more interfaces, 1043 and moved additional code from setfiles into libselinux so that 1044 setfiles can directly use matchpathcon. 1045 1046 1.21.4 2005-01-27 1047 * Prevent overflow of spec array in matchpathcon. 1048 1049 1.21.3 2005-01-26 1050 * Fixed several uses of internal functions to avoid relocations. 1051 * Changed rpm_execcon to check is_selinux_enabled() and fallback to 1052 a regular execve if not enabled (or unable to determine due to a lack 1053 of /proc, e.g. chroot'd environment). 1054 1055 1056 1.21.2 2005-01-24 1057 * Merged minor fix for avcstat from Dan Walsh. 1058 1059 1.21.1 2005-01-19 1060 * Merged patch from Dan Walsh, including: 1061 - new is_context_customizable function 1062 - changed matchpathcon to also use file_contexts.local if present 1063 - man page cleanups 1064 1065 1.20 2005-01-04 1066 * Changed matchpathcon to return -1 with errno ENOENT for 1067 <<none>> entries, and also for an empty file_contexts configuration. 1068 * Removed some trivial utils that were not useful or redundant. 1069 * Changed BINDIR default to /usr/sbin to match change in Fedora. 1070 * Added security_compute_member. 1071 * Added man page for setcon. 1072 * Merged more man pages from Dan Walsh. 1073 * Merged avcstat from James Morris. 1074 * Merged build fix for mips from Manoj Srivastava. 1075 * Merged C++ support from John Ramsdell of MITRE. 1076 * Merged setcon() function from Darrel Goeddel of TCS. 1077 * Merged setsebool/togglesebool enhancement from Steve Grubb. 1078 * Merged cleanup patches from Steve Grubb. 1079 1080 1.18 2004-11-01 1081 * Merged cleanup patches from Steve Grubb. 1082 * Added rpm_execcon. 1083 * Merged setenforce and removable context patch from Dan Walsh. 1084 * Merged build fix for alpha from Ulrich Drepper. 1085 * Removed copyright/license from selinux_netlink.h - definitions only. 1086 * Merged matchmediacon from Dan Walsh. 1087 * Regenerated headers for new nscd permissions. 1088 * Added get_default_context_with_role. 1089 * Added set_matchpathcon_printf. 1090 * Reworked av_inherit.h to allow easier re-use by kernel. 1091 * Changed avc_has_perm_noaudit to not fail on netlink errors. 1092 * Changed avc netlink code to check pid based on patch by Steve Grubb. 1093 * Merged second optimization patch from Ulrich Drepper. 1094 * Changed matchpathcon to skip invalid file_contexts entries. 1095 * Made string tables private to libselinux. 1096 * Merged strcat->stpcpy patch from Ulrich Drepper. 1097 * Merged matchpathcon man page from Dan Walsh. 1098 * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. 1099 * Autobind netlink socket. 1100 * Dropped compatibility code from security_compute_user. 1101 * Merged fix for context_range_set from Chad Hanson. 1102 * Merged allocation failure checking patch from Chad Hanson. 1103 * Merged avc netlink error message patch from Colin Walters. 1104 1105 1.16 2004-08-19 1106 * Regenerated headers for nscd class. 1107 * Merged man pages from Dan Walsh. 1108 * Merged context_new bug fix for MLS ranges from Chad Hanson. 1109 * Merged toggle_bool from Chris PeBenito, renamed to togglesebool. 1110 * Renamed change_bool and show_bools to setsebool and getsebool. 1111 * Merged security_load_booleans() function from Dan Walsh. 1112 * Added selinux_booleans_path() function. 1113 * Changed avc_init function prototype to use const. 1114 * Regenerated headers for crontab permission. 1115 * Added checkAccess from Dan Walsh. 1116 * Merged getenforce patch from Dan Walsh. 1117 * Regenerated headers for dbus classes. 1118 1119 1.14 2004-06-16 1120 * Regenerated headers for fine-grained netlink classes. 1121 * Merged selinux_config bug fix from Dan Walsh. 1122 * Added userspace AVC man pages. 1123 * Added man links for API calls to existing man pages documenting them. 1124 * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support. 1125 * Merged patch to determine config file paths at runtime to support 1126 reorganized layout. 1127 * Regenerated flask headers with stable ordering. 1128 * Merged patch for man pages from Russell Coker. 1129 1130 1.12 2004-05-10 1131 * Updated flask files to include new SE-X security classes. 1132 * Added security_disable function for runtime disable of SELinux prior 1133 to initial policy load (for /sbin/init). 1134 * Changed get_ordered_context_list to omit any reachable contexts 1135 that are not explicitly listed in default_contexts, unless there 1136 are no matches. 1137 * Merged man pages from Russell Coker and Dan Walsh. 1138 * Merged memory leak fixes from Dan Walsh. 1139 * Merged policyvers errno patch from Chris PeBenito. 1140 1141 1.10 2004-04-05 1142 * Merged getenforce patch from Dan Walsh. 1143 * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as 1144 the device specification, i.e. mount selinuxfs /selinux -t selinuxfs. 1145 Based on a patch by Russell Coker. 1146 * Merged matchpathcon buffer size fix from Dan Walsh. 1147 1148 1.8 2004-03-09 1149 * Merged is_selinux_mls_enabled() from Chad Hanson of TCS. 1150 * Added matchpathcon function. 1151 * Updated userspace AVC to handle netlink selinux notifications. 1152 1153 1.6 2004-02-18 1154 * Merged conditional policy extensions from Tresys Technology. 1155 * Added userspace avc and SID table implementation. 1156 * Fixed type on size in getpeercon per Thorsten Kukuk's advice. 1157 * Fixed use of getpwnam_r per Thorsten Kukuk's advice. 1158 * Changed to use getpwnam_r rather than getpwnam internally to 1159 avoid clobbering any existing pwd struct obtained by the caller. 1160 * Added getpeercon function to encapsulate getsockopt SO_PEERSEC 1161 and handle allocation ala getfilecon. 1162 * Changed is_selinux_enabled to return -1 on errors. 1163 * Changed to discover selinuxfs mount point via /proc/mounts 1164 so that the mount point can be changed without rebuilding. 1165 1166 1.4 2003-12-01 1167 * Merged another cleanup patch from Bastian Blank and Joerg Hoh. 1168 * Regenerate headers for new permissions. 1169 * Merged static lib build patch from Bastian Blank and Joerg Hoh. 1170 * Export SELINUXMNT definition, add SELINUXPOLICY definition. 1171 * Add functions to provide access to enforce and policyvers. 1172 * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs. 1173 * Fixed type for 'size' in *getfilecon. 1174 * Dropped -lattr and changed #include's to <sys/xattr.h> 1175 * Merged patch to move shared library to /lib from Dan Walsh. 1176 * Changed get_ordered_context_list to support a failsafe context. 1177 * Added selinuxenabled utility. 1178 * Merged const patch from Thorsten Kukuk. 1179 1180 1.2 2003-09-30 1181 * Change is_selinux_enabled to fail if policy isn't loaded. 1182 * Changed Makefiles to allow non-root rpm builds. 1183 * Added -lattr for libselinux.so to ensure proper binding. 1184 1185 1.1 2003-08-13 1186 * Ensure that context strings are padded with a null byte 1187 in case the kernel didn't include one. 1188 * Regenerate headers, update helpers.c for code cleanup. 1189 * Pass soname flag to linker (Colin Walters). 1190 * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters). 1191 1192 1.0 2003-07-11 1193 * Initial public release. 1194
