From 794ed7efd0eca19d0353659a1ec9d4ef4e4b751c Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sat, 5 Aug 2017 12:59:42 -0400 Subject: [PATCH] Update Changelog and VERSION for release. --- Changelog | 233 +++++++++++++++++++++++++++++++++++++++++ VERSION | 2 +- policy/modules/contrib | 2 +- 3 files changed, 235 insertions(+), 2 deletions(-) diff --git a/Changelog b/Changelog index ba14a4a6d..ed68767c2 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,236 @@ +* Sat Aug 05 2017 Chris PeBenito - 2.20170805 +Chris PeBenito (134): + Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. + usrmerge FC fixes from Russell Coker. + Systemd tmpfiles fix for kmod.conf from Russell Coker. + Update contrib. + mon policy from Russell Coker. + Fix contrib commit. + Revert "bootloader: stricter permissions and more tailored file contexts" + Module version bump for bootloader patch revert. Plus compat alias. + Update contrib. + Sort capabilities permissions from Russell Coker. + Update contrib. + Little misc patches from Russell Coker. + Implement WERROR build option to treat warnings as errors. + Fix Travis-CI WERROR support. + Travis-CI: Terminate build immediately on error. + mon: Fix deprecated interface usage. + Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy + Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy + Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy + Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy + Module version bump for changes from cgzones. + Merge pull request #98 from cgzones/admin_process_pattern + Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy + Module version bump for hostname fix from cgzones. + Only display the WERROR notice if there actually are errors. + Merge branch 'master' of github.com:TresysTechnology/refpolicy + dpkg: Updates from Russell Coker. + Monit policy from Russell Coker and cgzones. + monit: Fix build error. + fetchmail, mysql, tor: Misc fixes from Russell Coker. + Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy + Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy + Module version bump for selinuxutil and systmd changes from cgzones. + Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy + Module version bump for cgroups systemd fix from cgzones. + alsa, vnstat: Updates from cgzones. + Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy + Module version bump for ntp fixes from cgzones. + Systemd fixes from Russell Coker. + Fix CI errors. + Module version bump for CI fixes. + Xen fixes from Russell Coker. + mailman: Fixes from Russell Coker. + init: Rename init_search_pid_dirs() to init_search_pids(). + init: Move interface and whitespace change. + systemd: Further revisions from Russell Coker. + Fix typo in README. + Network daemon patches from Russell Coker. + apache: Fix CI error. + devices: Fix docs for dev_write_generic_sock_files(). + Merge branch 'su_module' of git://github.com/cgzones/refpolicy + Merge branch 'newrole_fixes' of git://github.com/cgzones/refpolicy + auth: Move optional out of auth_use_pam_systemd() to callers. + Merge branch 'locallogin_module' of git://github.com/cgzones/refpolicy + Module version bump for patches from cgzones. + Merge branch 'userdom_terminals_permit_open' of + git://github.com/cgzones/refpolicy + Module version bump for user terminal improvments from cgzones. + Merge branch 'monit_depend' of git://github.com/cgzones/refpolicy + Module version bump for misc fixes from cgzones. + Merge pull request #103 from fishilico/validate_modular_fc + Merge branch 'getty_module' of git://github.com/cgzones/refpolicy + Module version bump for getty patch from cgzones. + Merge branch 'modutils_module' of git://github.com/cgzones/refpolicy + Merge branch 'fix_usr_bin_merge' of git://github.com/cgzones/refpolicy + Module version bumps for fixes from cgzones. + Merge branch 'lvm' of git://github.com/cgzones/refpolicy + Merge branch 'macros' of git://github.com/cgzones/refpolicy + Module version bump for fixes from cgzones. + Module version bump for fixes from cgzones. + dontaudit net_admin for SO_SNDBUFFORCE + /var/run -> /run again + Merge branch 'var_run' of git://github.com/cgzones/refpolicy + Module version bump from /var/run fixes from cgzones. + Merge branch 'monit' of git://github.com/cgzones/refpolicy + Module version bump for monit patch from cgzones + another version of systemd cgroups hostnamed and logind + Merge pull request #109 from cgzones/python3 + systemd-resolvd, sessions, and tmpfiles take2 + systemd-nspawn again + Merge pull request #112 from cgzones/remove_support/pyplate + Misc fc changes from Russell Coker. + Systemd-related changes from Russell Coker. + Merge pull request #115 from fishilico/python_raw_strings + Module version bump for misc fixes from Guido Trentalancia. + systemd init from Russell Coker + more systemd stuff from Russell Coker + misc daemons from Russell Coker. + bootloader from Russell Coker. + kmod, lvm, brctl patches from Russell Coker + devicekit, mount, xserver, and selinuxutil from Russell Coker + another bootloader patch from Russell Coker + some userdomain patches from Russell Coker + corecommands: Add fc escaping for previous patch. + Module version bump for patch from Guido Trentalancia + Module version bump from fixes from Guido Trentalancia. + xdm sigchld interface from Russell Coker. + Further strict systemd fixes from Russell Coker. + Update contrib. + locallogin: Move two sulogin lines. + Login take 4 from Russell Coker. + Rename apm to acpi from Russell Coker. + Module version bump for patches from Russell Coker and Guido Trentalancia. + some little misc things from Russell Coker. + apt/dpkg strict patches from Russell Coker. + little misc strict from Russell Coker. + locallogin: Move one line. + Module version bump for locallogin patch from Guido Trentalancia. + Module version bump for minor fixes from Guido Trentalancia. + Merge branch 'usr_bin_fc' of + git://github.com/fishilico/selinux-refpolicy-patched + Module version bump for /usr/bin fc fixes from Nicolas Iooss. + Module version bump for changes from Jason Zaman and Luis Ressel. + init: add comment for ProtectSystem. + Module version bump for systemd fix from Krzysztof Nowicki. + Update contrib + Module version bump for libmtp from Guido Trentalancia. + corenet/sysadm: Move lines. + Module version bump for infiniband policy from Daniel Jurgens. + Module version bump for mmap fixes from Stephen Smalley. + Update contrib. + Module version bumps for patches from Jason Zaman. + filesystem: Fix error in fs_cgroup_filetrans(). + Module version bumps for patches from Jason Zaman. + gpg: Module version bump for patch from Guido Trentalancia. + miscfiles: Module version bump for patch from Luis Ressel. + Module version bump for patches from cgzones. + Module version bump for patches from cgzones. + netutils: Module version bump for patch from Luis Ressel. + README: Update build requirements. + travis-ci: Update to 2.7 userspace release. + Enable extended_socket_class policy capability; + Add nnp_nosuid_transition policycap and related class/perm definitions. + Add cgroup_seclabel policycap. + init: Add NoNewPerms support for systemd. + Bump module versions for release. + +Daniel Jurgens (1): + refpolicy: Infiniband pkeys and endports + +Guido Trentalancia (8): + userdomain: do not audit netlink socket creation attempts + corecommands: new file contexts for Gnome applications + locallogin: fix the sulogin submodule (emergency shell!) + locallogin: fine tune DAC override permissions + kernel: low-priority update + init: smoother system boot + base: role changes for the new libmtp module + fc_sort: avoid compiler warning/error + +Guido Trentalancia via refpolicy (1): + xserver: fix iceauth_home_t file context creation + +Jason Zaman (6): + authlogin: put interface properly inside optional + libraries: update wildcard /usr/lib fcontext + appconfig: Add openrc_contexts file + corecommands: add consolekit fcontexts + dirmngr: add to roles + filesystem: introduce fs_cgroup_filetrans interface + +Krzysztof Nowicki (1): + Enable /etc directory protection using ProtectSystem + +Luis Ressel (5): + system/selinuxutil: Allow semanage to execute its tmp files + system/miscfiles: Generalize the man_t fc's + netutils: Mix nmap perms in with the other traceroute_t perms + netutils: Add some permissions required by nmap to traceroute_t + netutils: Allow tcpdump to reduce its capability bounding set + +Nicolas Iooss (5): + Make "validate" target verify file contexts + devices: fix Debian file contexts + Use raw strings in regular expressions + Synchronize file patterns for /usr/bin/mount... and /usr/sbin/mount... + Support systems with a single /usr/bin directory + +Russell Coker (4): + inherited file and fifo perms + tiny mon patch + rw_inherited_file_perms + new init interfaces for systemd + +Stephen Smalley (3): + refpolicy: Define getrlimit permission for class process + refpolicy: Define smc_socket security class + refpolicy: Define and allow map permission + +cgzones (40): + systemd: label /run/systemd/transient as systemd_unit_t + setfiles: allow getattr to kernel pseudo fs + sysadm: fix denials + hostname: small adjustments + selinuxutil: adjustments + corecommands: label some binaries as bin_t + files: no default types for /run and /var/lock + add admin_process_pattern macro + systemd_cgroups_t: fix denials + locallogin: adjustments + authlogin: introduce auth_use_pam_systemd + su: some adjustments + newrole: fix denials + add corecmd_check_exec_bin_files() + add fs_getattr_dos_dirs() + update init_ACTION_all_units + add init_daemon_lock_file() + improve documentation for user_user_(inherited_)?user_terminals + getty: overlook module + modutils: format filecontexts + modutils: adjust interfaces after recent binaries merge + systemd-tmpfiles: refactor runtime configs + corecommands: fix corecmd_*_bin() for usr merged systems + corecmd_read_bin_symlinks(): remove deprecated and redundant calls + modutils: adopt callers to new interfaces + m4 errprint: add __program__ info + domtrans_pattern: use inherited fifo perms + sysadm: add monit admin permissions + lvm: small adjustments + convert build scripts to python3 + travis: run make xml, html and install(-.*)? targets + fix travis and genhomedircon + remove /var/run file context leftovers + travis: move after_success tests into script section + clean up python3 cache on make bare + rkhunter: add interfaces for rkhunter module and sysadm permit + iptables: align file contexts + chkrootkit: add interfaces and sysadm permit + netutils: update + iptables: update + * Sat Feb 04 2017 Chris PeBenito - 2.20170204 Chris PeBenito (55): Module version bumps for patches from Guido Trentalancia. diff --git a/VERSION b/VERSION index 395af8d5b..700349564 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.20170204 +2.20170805 diff --git a/policy/modules/contrib b/policy/modules/contrib index 14334a9cc..a393275a6 160000 --- a/policy/modules/contrib +++ b/policy/modules/contrib @@ -1 +1 @@ -Subproject commit 14334a9ccaa72cf4c8d5055ca48d717d53145f14 +Subproject commit a393275a6ecb76311323726a029767a3a01e109e