From 3039bde79c55dff7801a1b83e96df62b2c3e0b39 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <pebenito@ieee.org>
Date: Sat, 29 Feb 2020 16:54:39 -0500
Subject: [PATCH] Update Changelog and VERSION for release.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
---
 Changelog | 235 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 VERSION   |   2 +-
 2 files changed, 236 insertions(+), 1 deletion(-)

diff --git a/Changelog b/Changelog
index 9ecb9c1f7..1300bc605 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,238 @@
+* Sat Feb 29 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200229
+Alexander Miroshnichenko (1):
+      Add knot module
+
+Chris PeBenito (174):
+      knot: Whitespace changes.
+      knot: Move lines.
+      devices, storage: Add fc entries for mtd char devices and ndctl devices.
+      devices: Add types for trusted execution environment interfaces.
+      ulogd: Rename ulogd_var_run_t to ulogd_runtime_t.
+      INSTALL: Fix build requirements.
+         fishilico/systemd-read-netlink_kobject_uevent_socket
+      Rename *_var_run_t types to *_runtime_t.
+      Reorder declarations based on *_runtime_t renaming.
+      Remove old aliases.
+         fishilico/filesystem-fs_rw_cgroup_files-follow-symlink
+      fc_sort.py: Use "==" for comparing integers.
+      xserver: Remove duplicate colord rule.
+      xserver: Move XDM dbus chats under main dbus optional.
+      Move open, audit_access, and execmod to file common.
+      Add file and filesystem watch access vectors.
+      Fix file common ordering and kernel version from previous commit.
+      init: Whitespace change.
+      unconfined: Add namespaced capabilities.
+      unconfined: Fix systemd --user rule.
+      Remove incorrect usages of "is" operator from Python scripts.
+      logging: Reorder lines.
+      systemd: Logind removes /run/user/* user temp files.
+      unconfined: Add watch permission for files.
+      systemd: Add filesystem watches.
+      dbus: Add directory watches.
+      udev: Watch devices.
+      init: Revise systemd bind mounts.
+      Add perf_event access vectors.
+      systemd: Whitespace fix.
+      logging: Whitespace fix.
+      Bump module versions for release.
+
+Christian Göttsche (6):
+      fix Makefile for policy-module directories with same ending
+      segenxml.py: fix format usage in warning message
+      travis: force the use of python3.5
+      travis: run check_fc_files linter with python 3.7
+      re-implement fc_sort in python
+      Add genfs_seclabel_symlinks policy capability
+
+Daniel Burgener (4):
+      Add requires to interfaces that reference types or attributes without
+         requiring them
+      Remove uneeded types from interfaces where types were added
+      Fix situations where require blocks in interfaces listed types not
+         actually referenced by that interface
+      Remove unneeded semicolons after interface and macro calls
+
+Dominick Grift (2):
+      domain: unconfined access to bpf
+      Remove shell automatic domain transitions to unconfined_t from various pam
+         login programs
+
+Guido Trentalancia (4):
+      Update the pulseaudio application module with a few user domain file read
+         and management permissions.
+      Allow userdomain to read and write the wireless devices (for example for
+         querying their state, enabling and/or disabling them using userspace
+         tools such as "rfkill" from util-linux).
+      Add an interface to allow watch permission on generic device directories.
+      Allow pulseaudio to watch generic device directories.
+
+Jason Zaman (16):
+      udev: Allow udevadm access to udev_tbl_t
+      xserver: ICEauthority can be in /run/user
+      devicekit: udisks needs access to /run/mount/utab.lock
+      dirmngr: accept unix stream socket
+      chromium: allow dbus chat to inhibit power
+      virt: Add unix socket for virtlogd/virtlockd
+      virt: allow lvm_control access
+      fstools: add zfs-auto-snapshot
+      udev: Add watch perms
+      accountsd: Add watch perms
+      cron: watch cron spool
+      colord: add watch perms
+      policykit devicekit: Add watch perms
+      dbus: add watch perms
+      chromium: watch etc dirs
+      gpg: add watch perms for agent
+
+Laurent Bigonville (9):
+      Makefile: Avoid regenerating the iftemplates at everyrun
+      Allow systemd_modules_load_t to module_request and map modules_object_t
+         files
+      Allow udevadm to read files in /run/udev/data
+      Allow udevadm_t to use dac_read_search capability
+      Allow the systemd dbus-daemon to talk to systemd
+      Allow geoclue to log in syslog
+      Allow realmd_t to read localization files
+      Allow alsa_t to create alsa_runtime_t file as well
+      Allow alsa_t to set scheduling priority and send signal to itself
+
+Luca Boccassi (2):
+      journald: allow to remove /run/log/journal
+      logging: add interface to start/stop syslog units
+
+Nicolas Iooss (75):
+      ulogd: add Debian's log directory
+      ulogd: allow creating a netlink-netfilter socket
+      ulogd: allow starting on a Debian system
+      entropyd: label the unit file of haveged
+      entropyd: allow haveged to create a Unix socket to received commands
+      ulogd: fix pattern for /run/ulog directory
+      monit: use s0 instead of s9
+      java: reduce the scope of the pattern in for java entry points
+      libraries: match a digit in Adobe Reader directories
+      drbd: fix pattern for /usr/lib/ocf/resource.d/linbit/drbd
+      rpcbind: remove redundant file context for /run/rpc.statd.pid
+      files: reduce the scope of the pattern matching /usr/include
+      Remove unescaped single dot from the policy
+      Fix use of buggy pattern (.*)?
+      libraries: drop a pattern specific to Python 2.4
+      systemd: introduce an interface for services using PrivateDevices=yes
+      Vagrantfile: upgrade VM to Fedora 30
+      Allow Debian to generate a dynamic motd when users log in
+      entropyd: haveged service uses PrivateDevices=yes
+      Check the .fc files for common typos
+      corecommands: no longer use \d
+      libraries: fix some misspellings in patterns
+      java: remove unnecessary parentheses in pattern
+      cups: add a slash to match /opt/brother/Printers/
+      Vagrantfile: build and install refpolicy on Fedora VM
+      Vagrantfile: add a Debian virtual machine
+      ntp: allow systemd-timesyncd to read network status
+      cups: use ([^/]+/)? to match a subdirectory of CUPS configuration
+      portage: really make consoletype module optional
+      Label programs in /usr/bin like /usr/sbin
+      apt: allow transition from apt_t to dpkg_t with NNP
+      apt: allow preventing shutdown by calling a systemd-logind D-Bus method
+      authlogin: label utempter correctly on Debian
+      irc: add WeeChat policy
+      systemd: allow systemd --user to receive messages from
+         netlink_kobject_uevent_socket
+      Add a policy module for WireGuard VPN
+      modutils: allow depmod to read /boot/System.map
+      modutils: allow depmod and modprobe to use the I/O provided by apt
+      systemd: allow systemd-modules-load.service to read sysfs
+      sudo: allow using use_pty flag
+      Allow using /([^/]+/)? and (/[^/]+)?/ in patterns
+      ulogd: adjust policy for Debian
+      bitlbee: allow using GetDynamicUser on Debian
+      chromium: remove distro-specific ifdef
+      systemd-networkd: allow creating a generic netlink socket
+      systemd-networkd: allow communicating with hostnamed
+      sudo: allow transmitting SIGWINCH to its child
+      sudo: allow using CAP_KILL for SIGWINCH
+      systemd: allow detecting Windows Subsystem for Linux
+      systemd: allow more accesses to systemd --user
+      systemd: remove unnecessary init_write_runtime_socket()
+      .travis.yml: update distro to Ubuntu 18.04 LTS (Bionic Beaver)
+      filesystem: allow following symlinks with fs_rw_cgroup_files()
+      systemd: allow user environment helpers to communicate with systemd --user
+      .travis.yml: check the .fc files in CI
+      systemd: make the kernel spawn systemd-coredump with a context transition
+      gpg: allow gpg-agent to read crypto.fips_enabled sysctl
+      testing/check_fc_files: allow @ character in file context patterns
+      mount: allow callers of mount to search /usr/bin
+      sysadm: allow using hostnamectl
+      init: allow systemd to mount over /dev/kmsg and /proc/kmsg
+      Add policy for CryFS, encfs and gocryptfs
+      Vagrantfile: fix configuration
+      Vagrantfile: remove sudo
+      Vagrantfile: add a specific SELinux policy module
+      systemd: allow reading options from EFI variable SystemdOptions
+      virt: allow more accesses to libvirt_leaseshelper
+      systemd-logind: allow using BootLoaderEntries DBUS property
+      storage: introduce storage_raw_read_fixed_disk_cond
+      Vagrantfile: allow unconfined and sysadm SSH login
+      Vagrant: allow VirtualBox provisionning to use dhclient and ip
+      Associate role unconfined_r to wine_t
+      systemd: add an interface to use nss-systemd
+      usermanage: allow groupadd to lookup dynamic users from systemd
+      mount: label fusermount3 like fusermount
+
+Peter Morrow (1):
+      systemd_tmpfiles_t: Allow systemd_tempfiles_t to change permissions in
+         sysfs
+
+Petr Lautrbach (1):
+      newrole: allow newrole to use setcap to drop capabilities
+
+Stephen Smalley (4):
+      access_vectors: Remove unused permissions
+      access_vectors: Remove entrypoint and execute_no_trans from chr_file
+      access_vectors: remove flow_in and flow_out permissions from packet class
+      Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes
+
+Sugar, David (13):
+      grant rpm permission to map rpm_var_lib_t
+      grant permission for rpm to write to audit log
+      grant rpm permissions to map locale_t
+      Allow rpm to map file contexts
+      Allow rpm scripts to alter systemd services
+      grant rpm_t permission to map security_t
+      Module for tpm2
+      Add missing gen_require for init_t in init_script_domain
+      resolve syslog imuxsock denial
+      Add interface to read efivarfs_t directory
+      Fix indent to match the rest of the file (space -> tab)
+      Allow systemd to getattr all files
+      audit daemon can halt system, allow this to happen.
+
+Topi Miettinen (2):
+      Consider jitterentropy to belong to entropyd family
+      Consider iwd equivalent to NetworkManager etc.
+
+Vilgot Fredenberg (1):
+      Remove obsolete gentoo specific rule
+
+bauen1 (16):
+      fix: sudo can't determine default type for sysadm_r
+      fix ifupdown2 executable mislabeled as lib_t
+      added bpf_t filesystem label
+      netutils: allow mtr to communicate with mtr-packet
+      kernel/corecommands: fix the label of xfce4 helpers (on debian)
+      systemd: remove whitespace
+      init: add interfaces for managing /run/systemd
+      systemd: add policy for systemd-fstab-generator
+      udev: remove console-setup
+      consolesetup: add policy for console-setup
+      udev: run consolesetup
+      loadkeys: remove redundant ifdef
+      init: split init_create_pid_files interface
+      ntp: watch systemd networkd runtime dirs This is required for correct
+         function after linux 5.4
+      systemd-user-runtime-dir: add policy
+      sysadm: add sysadm_allow_rw_inherited_fifo tunable to allow writing to
+         fifo_files inherited from domains allowed to change role to sysadm_r.
+
 * Sun Jun 09 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190609
 Chris PeBenito (70):
       systemd: Module version bump.
diff --git a/VERSION b/VERSION
index 11e2526a5..9f31088da 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.20190609
+2.20200229