File: ChangeLog

package info (click to toggle)
libselinux 2.6-3
  • links: PTS, VCS
  • area: main
  • in suites: stretch, stretch-proposed-updates
  • size: 2,172 kB
  • ctags: 2,529
  • sloc: ansic: 16,149; makefile: 339; sh: 20
file content (1288 lines) | stat: -rw-r--r-- 49,124 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
2.6 2016-10-14
	* selinux_restorecon: fix realpath logic, from Stephen Smalley.
	* query for python site-packages dir directly, from Jason Zaman.
	* versioned ruby pkg-config and query vendorarchdir properly, from Jason Zaman.
	* Revert 'Set DISABLE_RPM default to y', from Stephen Smalley.
	* Re-introduce DISABLE_BOOL=y, from William Roberts.
	* make android label backends configurable, from Janis Danisevskis.
	* android: fix lax service context lookup, from Janis Danisevskis.
	* Rename android label backend source file, from Janis Danisevskis.
	* Add ANDROID_HOST=y build option, from William Roberts.
	* Set DISABLE_RPM default to y, from William Roberts.
	* Rename EMFLAGS to DISABLE_FLAGS, from William Roberts.
	* Fix unused variable error, from William Roberts.
	* Drop build config EMBEDDED=y, DISABLE_AVC=y and DISABLE_BOOL=y, from William Roberts.
	* sefcontext_compile: invert semantics of "-r" flag, from Janis Danisevskis.
	* sefcontext_compile: Add "-i" flag, from Janis Danisevskis.
	* Add architecture string to file_contexts.bin, from Janis Danisevskis.
	* sefcontext_compile: do not fail silently, from Stephen Smalley.
	* Add ifdef'ing for ANDROID and BUILD_HOST, from William Roberts.
	* Introduce configurable backends, from William Roberts.
	* Add function to find security.restorecon_last entries, from Richard Haines.
	* Fix -Wsign-compare warnings, from Nicolas Iooss.
	* Drop unused stdio_ext.h header file, from William Roberts.
	* Kill logging check for selinux_enabled(), from William Roberts.
	* Drop usage of _D_ALLOC_NAMLEN, from William Roberts.
	* Add openrc_contexts functions, from Jason Zaman.
	* Fix redefinition of XATTR_NAME_SELINUX, from William Roberts.
	* sefcontext_compile: cleanup confusing usage message, from Janis Danisevskis.
	* Correct error path to always try text, from William Roberts.
	* Add support for pcre2, from Janis Danisevskis.
	* Clean up process_file(), from William Roberts.
	* Handle NULL pcre study data, from Stephen Smalley.
	* Add setfiles support to selinux_restorecon(3), from Richard Haines.
	* Evaluate inodes in selinux_restorecon(3), from Richard Haines.
	* Fix in tree compilation of utils that depend on libsepol, from Laurent Bigonville.
	* Change the location of _selinux.so, from Petr Lautrbach.
	* Clarify is_selinux_mls_enabled() description, from David King.
	* Explain how to free policy type from selinux_getpolicytype(), from David King.
	* Compare absolute pathname in matchpathcon -V, from Petr Lautrbach.
	* Add selinux_snapperd_contexts_path(), from Petr Lautrbach.
	* Modify audit2why analyze function to use loaded policy, from Joshua Brindle.
	* Sort object files for deterministic linking order, from Laurent Bigonville.
	* Respect CC and PKG_CONFIG environment variable, from Julien Pivotto.
	* Avoid mounting /proc outside of selinux_init_load_policy(), from Stephen Smalley.
	* Fix multiple spelling errors, from Laurent Bigonville.
	* Fix typo in sefcontext_compile.8, from Petr Lautrbach and Milos Malik
	* Fix location of selinuxfs mount point, from Dan Walsh.
	* Only mount /proc if necessary, from Stephen Smalley.
	* procattr: return einval for <= 0 pid args, from Daniel Cashman.
	* procattr: return error on invalid pid_t input, from Daniel Cashman.

2.5 2016-02-23
	* selinux_restorecon.3 man page corrections, from Richard Haines.
	* Add selinux_restorecon function, from Richard Haines.
	* read_spec_entry: fail on non-ascii, from William Roberts.
	* Add man information about thread specific functions, from Dan Waslh.
	* Don't wrap rpm_execcon with DISABLE_RPM with SWIG, from Petr Lautrbach.
	* Correct line count for property and service context files, from Richard Haines.
	* Man page warning fixes, from Ville Skyttä.
	* label_file: fix memory leaks and uninitialized jump, from William Roberts.
	* Replace selabel_digest hash function, from Richard Haines.
	* Fix selabel_open(3) services if no digest requested, from Richard Haines.
	* Add selabel_digest function, from Richard Haines.
	* Fix parallel build with swig python, from Jason Zaman.
	* Flush the class/perm string mapping cache on policy reload, from Stephen Smalley.
	* Fix restorecon when path has no context, from Nir Soffer.
	* Free memory when processing media and x specfiles, from Richard Haines.
	* Fix mmap memory release for file labeling, from Richard Haines.
	* Add explicit dependency for pywrap on selinux.py, from Wenzong Fan.
	* Add policy context validation to sefcontext_compile, from Richard Haines.
	* Do not treat an empty file_contexts(.local) as an error, from Stephen Smalley.
	* Fail hard on invalid property_contexts entries, from Stephen Smalley.
	* Fail hard on invalid file_contexts entries, from Stephen Smalley.
	* Support context validation on file_contexts.bin, from Stephen Smalley.
	* Test for file_contexts.bin format by magic number, from Stephen Smalley.
	* Add selabel_cmp interface and label_file backend, from Stephen Smalley.
	* Support specifying file_contexts.bin file path, from Stephen Smalley.
	* Support file_contexts.bin without file_contexts, from Stephen Smalley.
	* Simplify procattr cache, from Stephen Smalley.
	* Use /proc/thread-self when available, from Stephen Smalley.
	* Add const to selinux_opt for label backends, from Richard Haines.
	* Fix binary file labels for regexes with metachars, from Richard Haines.
	* Fix file labels for regexes with metachars, from Jeff Vander Stoep.
	* Fix if file_contexts not '\n' terminated, from Richard Haines.
	* Enhance file context support, from Richard Haines.
	* Fix property processing and cleanup formatting, from Richard Haines.
	* Add read_spec_entries function to replace sscanf, from Richard Haines.
	* Support consistent mode size for bin files, from Richard Haines.
	* Expunge remaining references to flask.h and av_permissions.h, from Stephen Smalley.
	* Fix more bin file processing core dumps, from Richard Haines.
	* add selinux_openssh_contexts_path(), from Petr Lautrbach.
	* setrans_client: minimize overhead when mcstransd is not present, from Stephen Smalley.
	* Ensure selabel_lookup_best_match links NULL terminated, from Richard Haines.
	* is_selinux_enabled:  Add /etc/selinux/config test, from Stephen Smalley.
	* matchpathcon/selabel_file: Fix man pages, from Stephen Smalley.
	* Fix core dumps with corrupt *.bin files, from Richard Haines.
	* Add selabel partial and best match APIs, from Richard Haines.
	* Use os.walk() instead of the deprecated os.path.walk(), from Petr
	  Lautrbach & Miro Hrončok
	* is_selinux_enabled(): drop no-policy-loaded test, from Stephen Smalley.
	* Remove deprecated mudflap option, from Stephen Smalley.
	* Mount procfs before checking /proc/filesystems, from Ben Shelton.
	* Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
	* label_file:  handle newlines in file names, from Nick Kralevich.
	* getcon.3:  Fix setcon description, from Stephen Smalley.
	* Fix audit2why error handling if SELinux is disabled, from Stephen Smalley.
	* pcre_study can return NULL without error, from Stephen Smalley.
	* Android property backend validation support, from Robert Craig.
	* Only check SELinux enabled status once in selinux_check_access, from Stephen Smalley.

2.4 2015-02-02
	* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve
	  Lawrence
	* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
	* Set the system to permissive if failing to disable SELinux because
	  policy has already been loaded, from Will Woods.
	* Fix type in selinux.8 manpage, from Nicolas Iooss
	* Add db_exception and db_datatype support to label_db backend, from Artyom
	  Smirnov
	* Log an error on unknown classes and permissions, from Stephen Smalley
	* Add pcre version string to the compiled file_contexts format, from
	  Stephen Smalley
	* Deprecate use of flask.h and av_permissions.h, from Stephen Smalley
	* Compiled file_context files and the original should have the same DAC
	  permissions, from Dan Walsh

2.3 2014-05-06
	* Get rid of security_context_t and fix const declarations.
	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.

2.2.2 2013-12-30
	* Fix userspace AVC handling of per-domain permissive mode.

2.2.1 2013-11-06
	* Remove -lpthread from pkg-config file; it is not required.

2.2 2013-10-30
	* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
	* Support overriding Makefile RANLIB from Sven Vermeulen.
	* Update pkgconfig definition from Sven Vermeulen.
	* Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.
	* Fix man pages from Laurent Bigonville.
	* Support overriding PATH  and LIBBASE in Makefiles from Laurent Bigonville.
	* Fix LDFLAGS usage from Laurent Bigonville
	* Avoid shadowing stat in load_mmap from Joe MacDonald.
	* Support building on older PCRE libraries from Joe MacDonald.
	* Fix handling of temporary file in sefcontext_compile from Dan Walsh.
	* Fix procattr cache from Dan Walsh.
	* Define python constants for getenforce result from Dan Walsh.
	* Fix label substitution handling of / from Dan Walsh.
	* Add selinux_current_policy_path from Dan Walsh.
	* Change get_context_list to only return good matches from Dan Walsh.
	* Support udev-197 and higher from Sven Vermeulen and Dan Walsh.
	* Add support for local substitutions from Dan Walsh.
	* Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh.
	* Python wrapper leak fixes from Dan Walsh.
	* Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh.
	* Add selinux_systemd_contexts_path from Dan Walsh.
	* Add selinux_set_policy_root from Dan Walsh.
	* Add man page for sefcontext_compile from Dan Walsh.

2.1.13 2013-02-01
	* audit2why: make sure path is nul terminated
	* utils: new file context regex compiler
	* label_file: use precompiled filecontext when possible
	* do not leak mmapfd
	* sefcontontext_compile: Add error handling to help debug problems in libsemanage.
	* man: make selinux.8 mention service man pages
	* audit2why: Fix segfault if finish() called twice
	* audit2why: do not leak on multiple init() calls
	* mode_to_security_class: interface to translate a mode_t in to a security class
	* audit2why: Cleanup audit2why analysys function
	* man: Fix program synopsis and function prototypes in man pages
	* man: Fix man pages formatting
	* man: Fix typo in man page
	* man: Add references and man page links to _raw function variants
	* Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
	* man: context_new(3): fix the return value description
	* selinux_status_open: handle error from sysconf
	* selinux_status_open: do not leak statusfd on exec
	* Fix errors found by coverity
	* Change boooleans.subs to booleans.subs_dist.
	* optimize set*con functions
	* pkg-config do not specifc ruby version
	* unmap file contexts on selabel_close()
	* do not leak file contexts with mmap'd backend
	* sefcontext_compile: do not leak fd on error
	* matchmediacon: do not leak fd 
	* src/label_android_property: do not leak fd on error

2.1.12 2012-09-13
	* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page

2.1.11 2012-06-28
	* Fortify source now requires all code to be compiled with -O flag
	* asprintf return code must be checked
	* avc_netlink_recieve handle EINTR
	* audit2why: silence -Wmissing-prototypes warning
	* libsemanage: remove build warning when build swig c files
	* matchpathcon: bad handling of symlinks in /
	* seusers: remove unused lineno
	* seusers: getseuser: gracefully handle NULL service
	* New Android property labeling backend
	* label_android_property whitespace cleanups
	* additional makefile support for rubywrap


2.1.10 2012-03-28
	* Fix dead links to www.nsa.gov/selinux
	* Remove jump over variable declaration
	* Fix old style function definitions
	* Fix const-correctness
	* Remove unused flush_class_cache method
	* Add prototype decl for destructor
	* Add more printf format annotations
	* Add printf format attribute annotation to die() method
	* Fix const-ness of parameters & make usage() methods static
	* Enable many more gcc warnings for libselinux/src/ builds
	* utils: Enable many more gcc warnings for libselinux/utils builds
	* Change annotation on include/selinux/avc.h to avoid upsetting SWIG
	* Ensure there is a prototype for 'matchpathcon_lib_destructor'
	* Update Makefiles to handle /usrmove
	* utils: Stop separating out matchpathcon as something special
	* pkg-config to figure out where ruby include files are located
	* build with either ruby 1.9 or ruby 1.8
	* assert if avc_init() not called
	* take security_deny_unknown into account
	* security_compute_create_name(3)
	* Do not link against python library, this is considered
	* bad practice in debian
	* Hide unnecessarily-exported library destructors

2.1.9 2011-12-21
	* Fix setenforce man page to refer to selinux man page
	* Cleanup Man pages
	* merge freecon with getcon man page

2.1.8 2011-12-05
	* selinuxswig_python.i: don't make syscall if it won't change anything
	* Remove assert in security_get_boolean_names(3)
	* Mapped compute functions now obey deny_unknown flag
	* get_default_type now sets EINVAL if no entry.
	* return EINVAL if invalid role selected
	* Updated selabel_file(5) man page
	* Updated selabel_db(5) man page
	* Updated selabel_media(5) man page
	* Updated selabel_x(5) man page
	* Add man/man5 man pages
	* Add man/man5 man pages
	* Add man/man5 man pages
	* use -W and -Werror in utils

2.1.7 2011-11-03
	* Makefiles: syntax, convert all ${VAR} to $(VAR)
	* load_policy: handle selinux=0 and /sys/fs/selinux not exist
	* regenerate .pc on VERSION change
	* label: cosmetic cleanups
	* simple interface for access checks
	* Don't reinitialize avc_init if it has been called previously
	* seusers: fix to handle large sets of groups
	* audit2why: close fd on enomem
	* rename and export symlink_realpath
	* label_file: style changes to make Eric happy.

2.1.6 2011-09-15
	* utils: matchpathcon: remove duplicate declaration
	* src: matchpathcon: use myprintf not fprintf
	* src: matchpathcon: make sure resolved path starts
	* put libselinux.so.1 in /lib not /usr/lib
	* tree: default make target to all not

2.1.5 2011-0826
	* selinux_file_context_verify function returns wrong value.
	* move realpath helper to matchpathcon library
	* python wrapper makefile changes

2.1.4 2011-0817
	* mapping fix for invalid class/perms after selinux_set_mapping
	* audit2why: work around python bug not defining
	* resolv symlinks and dot directories before matching

2.1.2 2011-0803
	* audit2allow: do not print statistics
	* make python bindings for restorecon work on relative path
	* fix python audit2why binding error
	* support new python3 functions
	* do not check fcontext duplicates on use
	* Patch for python3 for libselinux

2.1.1 2011-08-02
	* move .gitignore into utils
	* new setexecon utility
	* selabel_open fix processing of substitution files
	* mountpoint changing patch.
	* simplify SRCS in Makefile

2.1.1 2011-08-01
	* Remove generated files, introduce more .gitignore

2.1.0 2011-07-27
	* Release, minor version bump

2.0.102 2011-04-11
	* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.

2.0.101 2011-03-23
	* db_language object class support for selabel_lookup from KaiGai
	Kohei.

2.0.100 2011-03-09
	* Library destructors for thread local storage keys from Eamon Walsh.

2.0.99 2011-03-01
	* SELinux man page fixes from Dan Walsh.
	* selinux_status interfaces from KaiGai Kohei.

2.0.98 2010-12-16
	* Turn off default user handling when computing user contexts by Dan Walsh

2.0.97 2010-12-02
	* Thread local storage fixes from Eamon Walsh.

2.0.96 2010-06-14
	* Add const qualifiers to public API where appropriate by KaiGai Kohei.

2.0.95 2010-06-10
	* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
	* Adds a chcon method to the libselinux python bindings from Steve Lawrence

2.0.94 2010-03-24
	* Set errno=EINVAL for invalid contexts from Dan Walsh.

2.0.93 2010-03-15
	* Show strerror for security_getenforce() by Colin Walters.
	* Merged selabel database support by KaiGai Kohei.
	* Modify netlink socket blocking code by KaiGai Kohei.

2.0.92 2010-03-06
	* Fix from Eric Paris to fix leak on non-selinux systems.
	* regenerate swig wrappers
	* pkgconfig fix to respect LIBDIR from Dan Walsh.

2.0.91 2010-02-22
	* Change the AVC to only audit the permissions specified by the
	policy, excluding any permissions specified via dontaudit or not
	specified via auditallow.
	* Fix compilation of label_file.c with latest glibc headers.

2.0.90 2009-11-27
	* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
	* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>

2.0.89 2009-10-29
	* Add pkgconfig file from Eamon Walsh.

2.0.88 2009-10-22
	* Rename and export selinux_reset_config()

2.0.87 2009-09-25
	* Add exception handling in libselinux from Dan Walsh. This uses a
	  shell script called exception.sh to generate a swig interface file.
	* make swigify
	* Make matchpathcon print <<none>> if path not found in fcontext file.

2.0.86 2009-09-02
	* Removal of reference counting on userspace AVC SID's.

2.0.85 2009-07-14
	* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
	pthread dependency.
	* Removed fini_context_translations() altogether.
	* Merged lazy init patch from Stephen Smalley based on original patch
	by Steve Grubb.

2.0.84 2009-07-07
	* Add per-service seuser support from Dan Walsh.
	* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.

2.0.83 2009-07-07
	* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
	Paris.

2.0.82 2009-06-19
	* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
	* Label substitution support from Dan Walsh.
	* Support for labeling virtual machine images from Dan Walsh.

2.0.81 2009-05-15
	* Trim / from the end of input paths to matchpathcon from Dan Walsh.
	* Fix leak in process_line in label_file.c from Hiroshi Shinji.
	* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
	* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.

2.0.80 2009-04-07
	* deny_unknown wrapper function from KaiGai Kohei.
	* security_compute_av_flags API from KaiGai Kohei.
	* Netlink socket management and callbacks from KaiGai Kohei.

2.0.79 2009-03-11
	* Netlink socket handoff patch from Adam Jackson.
	* AVC caching of compute_create results by Eric Paris.

2.0.78 2009-02-27
	* Fix incorrect conversion in discover_class code.

2.0.77 2009-01-12
	* add restorecon to python bindings from Dan Walsh.

2.0.76 2009-01-08
	* Client support for translating raw contexts to colors via setrans.

2.0.75 2008-11-18
	* Allow shell-style wildcards in x_contexts file.

2.0.74 2008-11-03
	* Correct message types in AVC log messages.

2.0.73 2008-10-14
	* Make matchpathcon -V pass mode from Dan Walsh.
	* Add man page for selinux_file_context_cmp from Dan Walsh.

2.0.72 2008-09-29
	* New man pages from Dan Walsh.
	* Update flask headers from refpolicy trunk from Dan Walsh.

2.0.71 2008-08-05
	* Add group support to seusers using %groupname syntax from Dan Walsh.
	* Mark setrans socket close-on-exec from Stephen Smalley.
	* Only apply nodups checking to base file contexts from Stephen Smalley.

2.0.70 2008-07-30
	* Merge ruby bindings from Dan Walsh.

2.0.69 2008-07-29
	* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
	  This prevents adding them via semanage.

2.0.68 2008-07-18
	* Fix audit2why shadowed variables from Stephen Smalley.
	* Note that freecon NULL is legal in man page from Karel Zak.

2.0.67 2008-06-13
	* New and revised AVC, label, and mapping man pages from Eamon Walsh.

2.0.66 2008-06-11
	* Add swig python bindings for avc interfaces from Dan Walsh.

2.0.65 2008-05-27
	* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
	* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.

2.0.64 2008-04-21
	* Fixed selinux_set_callback man page.

2.0.63 2008-04-18
	* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.

2.0.62 2008-04-18
	* Fix memory leaks in matchpathcon from Eamon Walsh.

2.0.61 2008-03-31
	* Man page typo fix from Jim Meyering.

2.0.60 2008-03-20
	* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.

2.0.59 2008-02-29
	* Merged new X label "poly_selection" namespace from Eamon Walsh.

2.0.58 2008-02-28
	* Merged reset_selinux_config() for load policy from Dan Walsh.

2.0.57 2008-02-25
	* Merged avc_has_perm() errno fix from Eamon Walsh.

2.0.56 2008-02-21
	* Regenerated Flask headers from refpolicy flask definitions.

2.0.55 2008-02-08
	* Merged compute_member AVC function and manpages from Eamon Walsh.

2.0.54 2008-02-08
	* Provide more error reporting on load policy failures from Stephen Smalley.

2.0.53 2008-02-07
	* Merged new X label "poly_prop" namespace from Eamon Walsh.

2.0.52 2008-02-06
	* Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.

2.0.51 2008-02-05
	* Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.

2.0.50 2008-01-28
	* Merged fix for audit2why from Dan Walsh.

2.0.49 2008-01-23
	* Merged audit2why python binding from Dan Walsh.

2.0.48 2008-01-23
	* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.

2.0.47 2007-12-21
	* Fix for the avc:  granted null message bug from Stephen Smalley.

2.0.46 2007-12-07
	* matchpathcon(8) man page update from Dan Walsh.

2.0.45 2007-11-20
	* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.

2.0.44 2007-11-20
	* Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
	  A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.

2.0.43 2007-11-15
	* Regenerated Flask headers from policy.

2.0.42 2007-11-08
	* AVC enforcing mode override patch from Eamon Walsh.

2.0.41 2007-11-06
	* Aligned attributes in AVC netlink code from Eamon Walsh.

2.0.40 2007-11-01
	* Merged refactored AVC netlink code from Eamon Walsh.

2.0.39 2007-10-19
	* Merged new X label namespaces from Eamon Walsh.

2.0.38 2007-10-15
	* Bux fix and minor refactoring in string representation code.

2.0.37 2007-10-05
	* Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.

2.0.36 2007-09-27
	* Fix segfault resulting from missing file_contexts file.

2.0.35 2007-09-24
	* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
	* Pass CFLAGS when using gcc for linking from Dennis Gilmore. 

2.0.34 2007-09-18
	* Fix selabel option flag setting for 64-bit from Stephen Smalley.

2.0.33 2007-09-12
	* Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
	* Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.

2.0.32 2007-09-10
	* Fix swig binding for rpm_execcon from James Athey.

2.0.31 2007-08-23
	* Fix file_contexts.homedirs path from Todd Miller.

2.0.30 2007-08-06
	* Fix segfault resulting from uninitialized print-callback pointer.

2.0.29 2007-08-02
	* Added x_contexts path function patch from Eamon Walsh.

2.0.28 2007-08-01
	* Fix build for EMBEDDED=y from Yuichi Nakamura.

2.0.27 2007-07-25
	* Fix markup problems in selinux man pages from Dan Walsh.

2.0.26 2007-07-23
	* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
	* Added swigify to top-level Makefile from Dan Walsh.

2.0.25 2007-07-23
	* Fix for string_to_security_class segfault on x86_64 from Stephen
	  Smalley.

2.0.24 2007-09-07
	* Fix for getfilecon() for zero-length contexts from Stephen Smalley.

2.0.23 2007-06-22
	* Refactored SWIG bindings from James Athey.

2.0.22 2007-06-20
	* Labeling and callback interface patches from Eamon Walsh.

2.0.21 2007-06-11
	* Class and permission mapping support patches from Eamon Walsh.

2.0.20 2007-06-07
	* Object class discovery support patches from Chris PeBenito.

2.0.19 2007-06-05
	* Refactoring and errno support in string representation code.

2.0.18 2007-05-31
	* Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
	  This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.

2.0.17 2007-05-31
	* Updated Lindent script and reindented two header files.

2.0.16 2007-05-09
	* Merged additional swig python bindings from Dan Walsh.

2.0.15 2007-04-27
	* Merged helpful message when selinuxfs mount fails patch from Dax Kelson.

2.0.14 2007-04-24
	* Merged build fix for avc_internal.c from Joshua Brindle.

2.0.13 2007-04-12
	* Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.

2.0.12 2007-04-09
	* Merged support for getting initial contexts from James Carter.

2.0.11 2007-04-05
	* Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.


2.0.10 2007-04-05
	* Merged sidput(NULL) patch from Eamon Walsh.

2.0.9 2007-03-30
	* Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.

2.0.8 2007-03-20
	* Merged fix for avc.h #include's from Eamon Walsh.

2.0.7 2007-03-12
	* Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.

2.0.6 2007-03-12
	* Merged patch to drop support for old /etc/sysconfig/selinux and
	  /etc/security policy file layout from Steve Grubb.

2.0.5 2007-02-27
	* Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.

2.0.4 2007-02-23
	* Removed sending of setrans init message.

2.0.3 2007-02-22
	* Merged matchpathcon memory leak fix from Steve Grubb.

2.0.2 2007-02-21
	* Merged more swig initializers from Dan Walsh.

2.0.1 2007-02-20
	* Merged patch from Todd Miller to convert int types over to C99 style.

2.0.0 2007-02-01
	* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
	  of the use of the non-standard format %as. (original patch changed
	  for style).
	* Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
	
1.34.1 2007-01-26
	* Merged python binding fixes from Dan Walsh.

1.34.0 2007-01-18
	* Updated version for stable branch.	

1.33.6 2007-01-17
	* Merged man page updates to make "apropos selinux" work from Dan Walsh.

1.33.5 2007-01-16
	* Merged getdefaultcon utility from Dan Walsh.

1.33.4 2007-01-11
	* Merged selinux_check_securetty_context() and support from Dan Walsh.

1.33.3 2007-01-04
	* Merged patch for matchpathcon utility to use file mode information
	  when available from Dan Walsh.

1.33.2 2006-11-27
	* Merged patch to compile with -fPIC instead of -fpic from
	  Manoj Srivastava to prevent hitting the global offset table
	  limit. Patch changed to include libsepol and libsemanage in
	  addition to libselinux.

1.33.1 2006-10-19
	* Merged updated flask definitions from Darrel Goeddel.
 	  This adds the context security class, and also adds
	  the string definitions for setsockcreate and polmatch.

1.32 2006-10-17
	* Updated version for release.

1.30.30 2006-10-05
	* Merged patch from Darrel Goeddel to always use untranslated
	  contexts in the userspace AVC.

1.30.29 2006-09-29
	* Merged av_permissions.h update from Steve Grubb,
	  adding setsockcreate and polmatch definitions.

1.30.28 2006-09-13
	* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
	* Merged c++ class identifier fix from Joe Nall.

1.30.27 2006-08-24
	* Merged patch to not log avc stats upon a reset from Steve Grubb.
	* Applied patch to revert compat_net setting upon policy load.

1.30.26 2006-08-11
	* Merged file context homedir and local path functions from
	  Chris PeBenito.

1.30.25 2006-08-11
	* Rework functions that access /proc/pid/attr to access the
	  per-thread nodes, and unify the code to simplify maintenance.

1.30.24 2006-08-10
	* Merged return value fix for *getfilecon() from Dan Walsh.

1.30.23 2006-08-10
	* Merged sockcreate interfaces from Eric Paris.

1.30.22 2006-08-03
	* Merged no-tls-direct-seg-refs patch from Jeremy Katz.

1.30.21 2006-08-03
	* Merged netfilter_contexts support patch from Chris PeBenito.

1.30.20 2006-08-01
	* Merged context_*_set errno patch from Jim Meyering.

1.30.19 2006-06-29
	* Lindent.

1.30.18 2006-06-27
	* Merged {get,set}procattrcon patch set from Eric Paris.
	* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.

1.30.17 2006-06-27
	* Regenerated Flask headers from refpolicy.

1.30.16 2006-06-26
	* Merged patch from Dan Walsh with:
	  - Added selinux_file_context_{cmp,verify}.
	  - Added selinux_lsetfilecon_default.
	  - Delay translation of contexts in matchpathcon.

1.30.15 2006-06-16
	* Merged patch from Dan Walsh with:
	*   Added selinux_getpolicytype() function.
	*   Modified setrans code to skip processing if !mls_enabled.

1.30.14 2006-06-16
	* Set errno in the !selinux_mnt case.

1.30.13 2006-06-02
	* Allocate large buffers from the heap, not on stack.
	  Affects is_context_customizable, selinux_init_load_policy,
	  and selinux_getenforcemode.

1.30.12 2006-06-02
	* Merged !selinux_mnt checks from Ian Kent.

1.30.11 2006-05-24
	* Merged matchmediacon and trans_to_raw_context fixes from 
	  Serge Hallyn.

1.30.10 2006-05-22
	* Merged simple setrans client cache from Dan Walsh.
	  Merged avcstat patch from Russell Coker.

1.30.9 2006-05-22
	* Modified selinux_mkload_policy() to also set /selinux/compat_net
	  appropriately for the loaded policy.

1.30.8 2006-05-17
	* Added matchpathcon_fini() function to free memory allocated by
	  matchpathcon_init().

1.30.7 2006-05-16
	* Merged setrans client cleanup patch from Steve Grubb.

1.30.6 2006-05-08
	* Merged getfscreatecon man page fix from Dan Walsh.
	* Updated booleans(8) man page to drop references to the old
	  booleans file and to note that setsebool can be used to set
	  the boot-time defaults via -P.

1.30.5 2006-05-05
	* Merged fix warnings patch from Karl MacMillan.	

1.30.4 2006-05-05
	* Merged setrans client support from Dan Walsh.
	  This removes use of libsetrans.
	* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
	* Merged swig typemap fixes from Glauber de Oliveira Costa.

1.30.3 2006-04-12
	* Added distclean target to Makefile.
	* Regenerated swig files.

1.30.2 2006-04-11
	* Changed matchpathcon_init to verify that the spec file is
	  a regular file.
	* Merged python binding t_output_helper removal patch from Dan Walsh.

1.30.1 2006-03-20
	* Merged Makefile PYLIBVER definition patch from Dan Walsh.

1.30 2006-03-14
	* Updated version for release.

1.29.8 2006-02-27
	* Altered rpm_execcon fallback logic for permissive mode to also
	  handle case where /selinux/enforce is not available.

1.29.7 2006-01-20
	* Merged install-pywrap Makefile patch from Joshua Brindle.

1.29.6 2006-01-18
	* Merged pywrap Makefile patch from Dan Walsh.

1.29.5 2006-01-11
	* Added getseuser test program.

1.29.4 2006-01-06
	* Added format attribute to myprintf in matchpathcon.c and
	  removed obsoleted rootlen variable in init_selinux_config().

1.29.3 2006-01-04
	* Merged several fixes and improvements from Ulrich Drepper
	  (Red Hat), including:
	  - corrected use of getline
	  - further calls to __fsetlocking for local files
	  - use of strdupa and asprintf
	  - proper handling of dirent in booleans code
	  - use of -z relro
	  - several other optimizations
	* Merged getpidcon python wrapper from Dan Walsh (Red Hat).

1.29.2 2005-12-14
	* Merged call to finish_context_translations from Dan Walsh.
	  This eliminates a memory leak from failing to release memory
	  allocated by libsetrans.

1.29.1 2005-12-08
	* Merged patch for swig interfaces from Dan Walsh.

1.28 2005-12-07
	* Updated version for release.

1.27.28 2005-12-01
	* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
	  modified matchpathcon implementation to make context validation/
	  canonicalization optional at matchpathcon_init time, deferring it
	  to a successful matchpathcon by default unless the new flag is set
	  by the caller.

1.27.27 2005-12-01
	* Added matchpathcon_init_prefix() interface, and
	  reworked matchpathcon implementation to support selective
	  loading of file contexts entries based on prefix matching
	  between the pathname regex stems and the specified path
	  prefix (stem must be a prefix of the specified path prefix).

1.27.26 2005-11-29
	* Merged getsebool patch from Dan Walsh.

1.27.25 2005-11-29
	* Added -f file_contexts option to matchpathcon util.
	  Fixed warning message in matchpathcon_init().

1.27.24 2005-11-29
	* Merged Makefile python definitions patch from Dan Walsh.

1.27.23 2005-11-28
	* Merged swigify patch from Dan Walsh.

1.27.22 2005-11-15
	* Merged make failure in rpm_execcon non-fatal in permissive mode
	  patch from Ivan Gyurdiev.

1.27.21 2005-11-08
	* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
	  and modified matchpathcon_init() to skip context translation
	  if it is set by the caller.

1.27.20 2005-11-07
	* Added security_canonicalize_context() interface and
	  set_matchpathcon_canoncon() interface for obtaining
	  canonical contexts.  Changed matchpathcon internals
	  to obtain canonical contexts by default.  Provided
	  fallback for kernels that lack extended selinuxfs context
	  interface.

1.27.19 2005-11-04
	* Merged seusers parser changes from Ivan Gyurdiev.
	* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
	* Changed seusers parser to reject empty fields.

1.27.18 2005-11-03
	* Merged seusers empty level handling patch from Jonathan Kim (TCS).

1.27.17 2005-10-27
	* Changed default entry for seusers to use __default__ to avoid
	  ambiguity with users named "default".

1.27.16 2005-10-27
	* Fixed init_selinux_config() handling of missing /etc/selinux/config
	  or missing SELINUXTYPE= definition.
	* Merged selinux_translations_path() patch from Dan Walsh.

1.27.15 2005-10-25
	* Added hidden_proto/def for get_default_context_with_role.

1.27.14 2005-10-25
	* Merged selinux_path() and selinux_homedir_context_path()
	  functions from Joshua Brindle.
	
1.27.13 2005-10-19
	* Merged fixes for make DESTDIR= builds from Joshua Brindle.

1.27.12 2005-10-18
	* Merged get_default_context_with_rolelevel and man pages from
	  Dan Walsh (Red Hat).

1.27.11 2005-10-18
	* Updated call to sepol_policydb_to_image for sepol changes.

1.27.10 2005-10-17
	* Changed getseuserbyname to ignore empty lines and to handle
	no matching entry in the same manner as no seusers file.

1.27.9 2005-10-13
	* Changed selinux_mkload_policy to try downgrading the
	latest policy version available to the kernel-supported version.

1.27.8 2005-10-11
	* Changed selinux_mkload_policy to fall back to the maximum
	policy version supported by libsepol if the kernel policy version
	falls outside of the supported range.

1.27.7 2005-10-06
	* Changed getseuserbyname to fall back to the Linux username and
	NULL level if seusers config file doesn't exist unless 
	REQUIRESEUSERS=1 is set in /etc/selinux/config.
	* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.

1.27.6 2005-10-06
	* Added selinux_init_load_policy() function as an even higher level
	interface for the initial policy load by /sbin/init.  This obsoletes
	the load_policy() function in the sysvinit-selinux.patch. 

1.27.5 2005-10-06
	* Added selinux_mkload_policy() function as a higher level interface
	for loading policy than the security_load_policy() interface.

1.27.4 2005-10-05
	* Merged fix for matchpathcon (regcomp error checking) from Johan
	Fischer.  Also added use of regerror to obtain the error string
	for inclusion in the error message.

1.27.3 2005-10-03
	* Changed getseuserbyname to not require (and ignore if present)
	the MLS level in seusers.conf if MLS is disabled, setting *level
	to NULL in this case.

1.27.2 2005-09-30
	* Merged getseuserbyname patch from Dan Walsh.

1.27.1 2005-09-19
	* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.  
	  This allows file_contexts with MLS fields to be processed on 
	  non-MLS-enabled systems with policies that are otherwise 
	  identical (e.g. same type definitions).
	* Merged get_ordered_context_list_with_level() function from
	  Dan Walsh, and added get_default_context_with_level().
	  This allows MLS level selection for users other than the
	  default level.

1.26 2005-09-06
	* Updated version for release.
	
1.25.7 2005-09-01
	* Merged modified form of patch to avoid dlopen/dlclose by
	the static libselinux from Dan Walsh.  Users of the static libselinux
	will not have any context translation by default.

1.25.6 2005-08-31
	* Added public functions to export context translation to
	users of libselinux (selinux_trans_to_raw_context,
	selinux_raw_to_trans_context).

1.25.5 2005-08-26
	* Remove special definition for context_range_set; use
	common code.

1.25.4 2005-08-25
	* Hid translation-related symbols entirely and ensured that 
	raw functions have hidden definitions for internal use.
	* Allowed setting NULL via context_set* functions.
	* Allowed whitespace in MLS component of context.
	* Changed rpm_execcon to use translated functions to workaround
	lack of MLS level on upgraded systems.

1.25.3 2005-08-23
	* Merged context translation patch, originally by TCS,
	  with modifications by Dan Walsh (Red Hat).

1.25.2 2005-08-11
	* Merged several fixes for error handling paths in the
	  AVC sidtab, matchpathcon, booleans, context, and get_context_list
	  code from Serge Hallyn (IBM).   Bugs found by Coverity.

1.25.1 2005-08-10
	* Removed setupns; migrated to pam.
	* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
	  Original symbol is temporarily retained for compatibility until 
	  all callers are updated.

1.24 2005-06-20
	* Updated version for release.
	
1.23.12 2005-06-13
	* Merged security_setupns() from Chad Sellers.

1.23.11 2005-05-19
	* Merged avcstat and selinux man page from Dan Walsh.
	* Changed security_load_booleans to process booleans.local 
	  even if booleans file doesn't exist.
	
1.23.10 2005-04-29
	* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).

1.23.9 2005-04-26
	* Rewrote get_ordered_context_list and helpers, including
	  changing logic to allow variable MLS fields.
	
1.23.8 2005-04-25
	* Merged matchpathcon and man page patch from Dan Walsh.

1.23.7 2005-04-12
	* Changed boolean functions to return -1 with errno ENOENT 
	  rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
	  mounted).

1.23.6 2005-04-08
	* Fixed bug in matchpathcon_filespec_destroy.
	
1.23.5 2005-04-05
	* Fixed bug in rpm_execcon error handling path.

1.23.4 2005-04-04
	* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
	* Merged fix for getconlist utility from Andreas Steinmetz.

1.23.3 2005-03-29
	* Merged security_set_boolean_list patch from Dan Walsh.
	  This introduces booleans.local support for setsebool.

1.23.2 2005-03-17
	* Merged destructors patch from Tomas Mraz.

1.23.1 2005-03-16
	* Added set_matchpathcon_flags() function for setting flags
	  controlling operation of matchpathcon.  MATCHPATHCON_BASEONLY
	  means only process the base file_contexts file, not 
	  file_contexts.homedirs or file_contexts.local, and is for use by
	  setfiles -c.
	* Updated matchpathcon.3 man page.

1.22 2005-03-09
	* Updated version for release.

1.21.13 2005-03-08
	* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.

1.21.12 2005-03-01
	* Changed matchpathcon_common to ignore any non-format bits in the mode.

1.21.11 2005-02-22
	* Merged several fixes from Ulrich Drepper.

1.21.10 2005-02-17
	* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
	* Added selinux_users_path() for path to directory containing
	  system.users and local.users.

1.21.9 2005-02-09
	* Changed relabel Makefile target to use restorecon.

1.21.8 2005-02-07
	* Regenerated av_permissions.h.

1.21.7 2005-02-01
	* Modified avc_dump_av to explicitly check for any permissions that
	  cannot be mapped to string names and display them as a hex value.

1.21.6 2005-01-31
	* Regenerated av_permissions.h.

1.21.5 2005-01-28
	* Generalized matchpathcon internals, exported more interfaces,
	  and moved additional code from setfiles into libselinux so that
	  setfiles can directly use matchpathcon.
	
1.21.4 2005-01-27
	* Prevent overflow of spec array in matchpathcon.

1.21.3 2005-01-26
	* Fixed several uses of internal functions to avoid relocations.
	* Changed rpm_execcon to check is_selinux_enabled() and fallback to
	  a regular execve if not enabled (or unable to determine due to a lack
	  of /proc, e.g. chroot'd environment).
	  

1.21.2 2005-01-24
	* Merged minor fix for avcstat from Dan Walsh.

1.21.1 2005-01-19
	* Merged patch from Dan Walsh, including:
	     - new is_context_customizable function
	     - changed matchpathcon to also use file_contexts.local if present
	     - man page cleanups

1.20 2005-01-04
	* Changed matchpathcon to return -1 with errno ENOENT for 
	  <<none>> entries, and also for an empty file_contexts configuration.
	* Removed some trivial utils that were not useful or redundant.
	* Changed BINDIR default to /usr/sbin to match change in Fedora.
	* Added security_compute_member.
	* Added man page for setcon.
	* Merged more man pages from Dan Walsh.
	* Merged avcstat from James Morris.
	* Merged build fix for mips from Manoj Srivastava.
	* Merged C++ support from John Ramsdell of MITRE.
	* Merged setcon() function from Darrel Goeddel of TCS.
	* Merged setsebool/togglesebool enhancement from Steve Grubb.
	* Merged cleanup patches from Steve Grubb.

1.18 2004-11-01
	* Merged cleanup patches from Steve Grubb.
	* Added rpm_execcon.
	* Merged setenforce and removable context patch from Dan Walsh.
	* Merged build fix for alpha from Ulrich Drepper.
	* Removed copyright/license from selinux_netlink.h - definitions only.
	* Merged matchmediacon from Dan Walsh.
	* Regenerated headers for new nscd permissions.
	* Added get_default_context_with_role.
	* Added set_matchpathcon_printf.	
	* Reworked av_inherit.h to allow easier re-use by kernel. 
	* Changed avc_has_perm_noaudit to not fail on netlink errors.
	* Changed avc netlink code to check pid based on patch by Steve Grubb.
	* Merged second optimization patch from Ulrich Drepper.
	* Changed matchpathcon to skip invalid file_contexts entries.
	* Made string tables private to libselinux.
	* Merged strcat->stpcpy patch from Ulrich Drepper.
	* Merged matchpathcon man page from Dan Walsh.
	* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
	* Autobind netlink socket.
	* Dropped compatibility code from security_compute_user.
	* Merged fix for context_range_set from Chad Hanson.
	* Merged allocation failure checking patch from Chad Hanson.
	* Merged avc netlink error message patch from Colin Walters.

1.16 2004-08-19
	* Regenerated headers for nscd class.
	* Merged man pages from Dan Walsh.
	* Merged context_new bug fix for MLS ranges from Chad Hanson.
	* Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
	* Renamed change_bool and show_bools to setsebool and getsebool.
	* Merged security_load_booleans() function from Dan Walsh.
	* Added selinux_booleans_path() function.
	* Changed avc_init function prototype to use const.
	* Regenerated headers for crontab permission.
	* Added checkAccess from Dan Walsh.
	* Merged getenforce patch from Dan Walsh.
	* Regenerated headers for dbus classes.

1.14 2004-06-16
	* Regenerated headers for fine-grained netlink classes.
	* Merged selinux_config bug fix from Dan Walsh.
	* Added userspace AVC man pages.
	* Added man links for API calls to existing man pages documenting them.
	* Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
	* Merged patch to determine config file paths at runtime to support
	  reorganized layout.
	* Regenerated flask headers with stable ordering.
	* Merged patch for man pages from Russell Coker. 

1.12 2004-05-10
	* Updated flask files to include new SE-X security classes.
	* Added security_disable function for runtime disable of SELinux prior
	  to initial policy load (for /sbin/init).
	* Changed get_ordered_context_list to omit any reachable contexts
	  that are not explicitly listed in default_contexts, unless there
	  are no matches.
	* Merged man pages from Russell Coker and Dan Walsh.
	* Merged memory leak fixes from Dan Walsh.
	* Merged policyvers errno patch from Chris PeBenito.

1.10 2004-04-05
	* Merged getenforce patch from Dan Walsh.
	* Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
	  the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
	  Based on a patch by Russell Coker.
	* Merged matchpathcon buffer size fix from Dan Walsh.

1.8 2004-03-09
	* Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
	* Added matchpathcon function.
	* Updated userspace AVC to handle netlink selinux notifications. 

1.6 2004-02-18
	* Merged conditional policy extensions from Tresys Technology.
	* Added userspace avc and SID table implementation.	
	* Fixed type on size in getpeercon per Thorsten Kukuk's advice.
	* Fixed use of getpwnam_r per Thorsten Kukuk's advice.
	* Changed to use getpwnam_r rather than getpwnam internally to 
	  avoid clobbering any existing pwd struct obtained by the caller.
	* Added getpeercon function to encapsulate getsockopt SO_PEERSEC
	  and handle allocation ala getfilecon.
	* Changed is_selinux_enabled to return -1 on errors.
	* Changed to discover selinuxfs mount point via /proc/mounts 
	  so that the mount point can be changed without rebuilding.

1.4 2003-12-01
	* Merged another cleanup patch from Bastian Blank and Joerg Hoh.
	* Regenerate headers for new permissions. 
	* Merged static lib build patch from Bastian Blank and Joerg Hoh.
	* Export SELINUXMNT definition, add SELINUXPOLICY definition.
	* Add functions to provide access to enforce and policyvers.
	* Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
	* Fixed type for 'size' in *getfilecon. 
	* Dropped -lattr and changed #include's to <sys/xattr.h>
	* Merged patch to move shared library to /lib from Dan Walsh.
	* Changed get_ordered_context_list to support a failsafe context.
	* Added selinuxenabled utility.
	* Merged const patch from Thorsten Kukuk.

1.2 2003-09-30
        * Change is_selinux_enabled to fail if policy isn't loaded.
	* Changed Makefiles to allow non-root rpm builds.
	* Added -lattr for libselinux.so to ensure proper binding.

1.1 2003-08-13
	* Ensure that context strings are padded with a null byte
	  in case the kernel didn't include one.
	* Regenerate headers, update helpers.c for code cleanup.
	* Pass soname flag to linker (Colin Walters).
	* Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
	  
1.0 2003-07-11
	* Initial public release.