Update Changelog and VERSION for release.

Changelog

@@ -1,3 +1,236 @@
+* Sat Aug 05 2017 Chris PeBenito <pebenito@ieee.org> - 2.20170805
+Chris PeBenito (134):
+      Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.
+      usrmerge FC fixes from Russell Coker.
+      Systemd tmpfiles fix for kmod.conf from Russell Coker.
+      Update contrib.
+      mon policy from Russell Coker.
+      Fix contrib commit.
+      Revert "bootloader: stricter permissions and more tailored file contexts"
+      Module version bump for bootloader patch revert.  Plus compat alias.
+      Update contrib.
+      Sort capabilities permissions from Russell Coker.
+      Update contrib.
+      Little misc patches from Russell Coker.
+      Implement WERROR build option to treat warnings as errors.
+      Fix Travis-CI WERROR support.
+      Travis-CI: Terminate build immediately on error.
+      mon: Fix deprecated interface usage.
+      Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy
+      Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy
+      Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy
+      Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy
+      Module version bump for changes from cgzones.
+      Merge pull request #98 from cgzones/admin_process_pattern
+      Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy
+      Module version bump for hostname fix from cgzones.
+      Only display the WERROR notice if there actually are errors.
+      Merge branch 'master' of github.com:TresysTechnology/refpolicy
+      dpkg: Updates from Russell Coker.
+      Monit policy from Russell Coker and cgzones.
+      monit: Fix build error.
+      fetchmail, mysql, tor: Misc fixes from Russell Coker.
+      Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy
+      Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy
+      Module version bump for selinuxutil and systmd changes from cgzones.
+      Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy
+      Module version bump for cgroups systemd fix from cgzones.
+      alsa, vnstat: Updates from cgzones.
+      Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy
+      Module version bump for ntp fixes from cgzones.
+      Systemd fixes from Russell Coker.
+      Fix CI errors.
+      Module version bump for CI fixes.
+      Xen fixes from Russell Coker.
+      mailman: Fixes from Russell Coker.
+      init: Rename init_search_pid_dirs() to init_search_pids().
+      init: Move interface and whitespace change.
+      systemd: Further revisions from Russell Coker.
+      Fix typo in README.
+      Network daemon patches from Russell Coker.
+      apache: Fix CI error.
+      devices: Fix docs for dev_write_generic_sock_files().
+      Merge branch 'su_module' of git://github.com/cgzones/refpolicy
+      Merge branch 'newrole_fixes' of git://github.com/cgzones/refpolicy
+      auth: Move optional out of auth_use_pam_systemd() to callers.
+      Merge branch 'locallogin_module' of git://github.com/cgzones/refpolicy
+      Module version bump for patches from cgzones.
+      Merge branch 'userdom_terminals_permit_open' of
+         git://github.com/cgzones/refpolicy
+      Module version bump for user terminal improvments from cgzones.
+      Merge branch 'monit_depend' of git://github.com/cgzones/refpolicy
+      Module version bump for misc fixes from cgzones.
+      Merge pull request #103 from fishilico/validate_modular_fc
+      Merge branch 'getty_module' of git://github.com/cgzones/refpolicy
+      Module version bump for getty patch from cgzones.
+      Merge branch 'modutils_module' of git://github.com/cgzones/refpolicy
+      Merge branch 'fix_usr_bin_merge' of git://github.com/cgzones/refpolicy
+      Module version bumps for fixes from cgzones.
+      Merge branch 'lvm' of git://github.com/cgzones/refpolicy
+      Merge branch 'macros' of git://github.com/cgzones/refpolicy
+      Module version bump for fixes from cgzones.
+      Module version bump for fixes from cgzones.
+      dontaudit net_admin for SO_SNDBUFFORCE
+      /var/run -> /run again
+      Merge branch 'var_run' of git://github.com/cgzones/refpolicy
+      Module version bump from /var/run fixes from cgzones.
+      Merge branch 'monit' of git://github.com/cgzones/refpolicy
+      Module version bump for monit patch from cgzones
+      another version of systemd cgroups hostnamed and logind
+      Merge pull request #109 from cgzones/python3
+      systemd-resolvd, sessions, and tmpfiles take2
+      systemd-nspawn again
+      Merge pull request #112 from cgzones/remove_support/pyplate
+      Misc fc changes from Russell Coker.
+      Systemd-related changes from Russell Coker.
+      Merge pull request #115 from fishilico/python_raw_strings
+      Module version bump for misc fixes from Guido Trentalancia.
+      systemd init from Russell Coker
+      more systemd stuff from Russell Coker
+      misc daemons from Russell Coker.
+      bootloader from Russell Coker.
+      kmod, lvm, brctl patches from Russell Coker
+      devicekit, mount, xserver, and selinuxutil from Russell Coker
+      another bootloader patch from Russell Coker
+      some userdomain patches from Russell Coker
+      corecommands: Add fc escaping for previous patch.
+      Module version bump for patch from Guido Trentalancia
+      Module version bump from fixes from Guido Trentalancia.
+      xdm sigchld interface from Russell Coker.
+      Further strict systemd fixes from Russell Coker.
+      Update contrib.
+      locallogin: Move two sulogin lines.
+      Login take 4 from Russell Coker.
+      Rename apm to acpi from Russell Coker.
+      Module version bump for patches from Russell Coker and Guido Trentalancia.
+      some little misc things from Russell Coker.
+      apt/dpkg strict patches from Russell Coker.
+      little misc strict from Russell Coker.
+      locallogin: Move one line.
+      Module version bump for locallogin patch from Guido Trentalancia.
+      Module version bump for minor fixes from Guido Trentalancia.
+      Merge branch 'usr_bin_fc' of
+         git://github.com/fishilico/selinux-refpolicy-patched
+      Module version bump for /usr/bin fc fixes from Nicolas Iooss.
+      Module version bump for changes from Jason Zaman and Luis Ressel.
+      init: add comment for ProtectSystem.
+      Module version bump for systemd fix from Krzysztof Nowicki.
+      Update contrib
+      Module version bump for libmtp from Guido Trentalancia.
+      corenet/sysadm: Move lines.
+      Module version bump for infiniband policy from Daniel Jurgens.
+      Module version bump for mmap fixes from Stephen Smalley.
+      Update contrib.
+      Module version bumps for patches from Jason Zaman.
+      filesystem: Fix error in fs_cgroup_filetrans().
+      Module version bumps for patches from Jason Zaman.
+      gpg: Module version bump for patch from Guido Trentalancia.
+      miscfiles: Module version bump for patch from Luis Ressel.
+      Module version bump for patches from cgzones.
+      Module version bump for patches from cgzones.
+      netutils: Module version bump for patch from Luis Ressel.
+      README: Update build requirements.
+      travis-ci: Update to 2.7 userspace release.
+      Enable extended_socket_class policy capability;
+      Add nnp_nosuid_transition policycap and related class/perm definitions.
+      Add cgroup_seclabel policycap.
+      init: Add NoNewPerms support for systemd.
+      Bump module versions for release.
+
+Daniel Jurgens (1):
+      refpolicy: Infiniband pkeys and endports
+
+Guido Trentalancia (8):
+      userdomain: do not audit netlink socket creation attempts
+      corecommands: new file contexts for Gnome applications
+      locallogin: fix the sulogin submodule (emergency shell!)
+      locallogin: fine tune DAC override permissions
+      kernel: low-priority update
+      init: smoother system boot
+      base: role changes for the new libmtp module
+      fc_sort: avoid compiler warning/error
+
+Guido Trentalancia via refpolicy (1):
+      xserver: fix iceauth_home_t file context creation
+
+Jason Zaman (6):
+      authlogin: put interface properly inside optional
+      libraries: update wildcard /usr/lib fcontext
+      appconfig: Add openrc_contexts file
+      corecommands: add consolekit fcontexts
+      dirmngr: add to roles
+      filesystem: introduce fs_cgroup_filetrans interface
+
+Krzysztof Nowicki (1):
+      Enable /etc directory protection using ProtectSystem
+
+Luis Ressel (5):
+      system/selinuxutil: Allow semanage to execute its tmp files
+      system/miscfiles: Generalize the man_t fc's
+      netutils: Mix nmap perms in with the other traceroute_t perms
+      netutils: Add some permissions required by nmap to traceroute_t
+      netutils: Allow tcpdump to reduce its capability bounding set
+
+Nicolas Iooss (5):
+      Make "validate" target verify file contexts
+      devices: fix Debian file contexts
+      Use raw strings in regular expressions
+      Synchronize file patterns for /usr/bin/mount... and /usr/sbin/mount...
+      Support systems with a single /usr/bin directory
+
+Russell Coker (4):
+      inherited file and fifo perms
+      tiny mon patch
+      rw_inherited_file_perms
+      new init interfaces for systemd
+
+Stephen Smalley (3):
+      refpolicy: Define getrlimit permission for class process
+      refpolicy: Define smc_socket security class
+      refpolicy: Define and allow map permission
+
+cgzones (40):
+      systemd: label /run/systemd/transient as systemd_unit_t
+      setfiles: allow getattr to kernel pseudo fs
+      sysadm: fix denials
+      hostname: small adjustments
+      selinuxutil: adjustments
+      corecommands: label some binaries as bin_t
+      files: no default types for /run and /var/lock
+      add admin_process_pattern macro
+      systemd_cgroups_t: fix denials
+      locallogin: adjustments
+      authlogin: introduce auth_use_pam_systemd
+      su: some adjustments
+      newrole: fix denials
+      add corecmd_check_exec_bin_files()
+      add fs_getattr_dos_dirs()
+      update init_ACTION_all_units
+      add init_daemon_lock_file()
+      improve documentation for user_user_(inherited_)?user_terminals
+      getty: overlook module
+      modutils: format filecontexts
+      modutils: adjust interfaces after recent binaries merge
+      systemd-tmpfiles: refactor runtime configs
+      corecommands: fix corecmd_*_bin() for usr merged systems
+      corecmd_read_bin_symlinks(): remove deprecated and redundant calls
+      modutils: adopt callers to new interfaces
+      m4 errprint: add __program__ info
+      domtrans_pattern: use inherited fifo perms
+      sysadm: add monit admin permissions
+      lvm: small adjustments
+      convert build scripts to python3
+      travis: run make xml, html and install(-.*)? targets
+      fix travis and genhomedircon
+      remove /var/run file context leftovers
+      travis: move after_success tests into script section
+      clean up python3 cache on make bare
+      rkhunter: add interfaces for rkhunter module and sysadm permit
+      iptables: align file contexts
+      chkrootkit: add interfaces and sysadm permit
+      netutils: update
+      iptables: update
+
 * Sat Feb 04 2017 Chris PeBenito <pebenito@ieee.org> - 2.20170204
 Chris PeBenito (55):
       Module version bumps for patches from Guido Trentalancia.

VERSION

@@ -1 +1 @@
-2.20170204
+2.20170805

policy/modules/contrib

@@ -1 +1 @@
-Subproject commit 14334a9ccaa72cf4c8d5055ca48d717d53145f14
+Subproject commit a393275a6ecb76311323726a029767a3a01e109e