• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
12.5-rc1 2016-01-07
2	* Add man information about thread specific functions, from Dan Waslh.
3	* Don't wrap rpm_execcon with DISABLE_RPM with SWIG, from Petr Lautrbach.
4	* Correct line count for property and service context files, from Richard Haines.
5	* Man page warning fixes, from Ville Skyttä.
6	* label_file: fix memory leaks and uninitialized jump, from William Roberts.
7	* Replace selabel_digest hash function, from Richard Haines.
8	* Fix selabel_open(3) services if no digest requested, from Richard Haines.
9	* Add selabel_digest function, from Richard Haines.
10	* Fix parallel build with swig python, from Jason Zaman.
11	* Flush the class/perm string mapping cache on policy reload, from Stephen Smalley.
12	* Fix restorecon when path has no context, from Nir Soffer.
13	* Free memory when processing media and x specfiles, from Richard Haines.
14	* Fix mmap memory release for file labeling, from Richard Haines.
15	* Add explicit dependency for pywrap on selinux.py, from Wenzong Fan.
16	* Add policy context validation to sefcontext_compile, from Richard Haines.
17	* Do not treat an empty file_contexts(.local) as an error, from Stephen Smalley.
18	* Fail hard on invalid property_contexts entries, from Stephen Smalley.
19	* Fail hard on invalid file_contexts entries, from Stephen Smalley.
20	* Support context validation on file_contexts.bin, from Stephen Smalley.
21	* Test for file_contexts.bin format by magic number, from Stephen Smalley.
22	* Add selabel_cmp interface and label_file backend, from Stephen Smalley.
23	* Support specifying file_contexts.bin file path, from Stephen Smalley.
24	* Support file_contexts.bin without file_contexts, from Stephen Smalley.
25	* Simplify procattr cache, from Stephen Smalley.
26	* Use /proc/thread-self when available, from Stephen Smalley.
27	* Add const to selinux_opt for label backends, from Richard Haines.
28	* Fix binary file labels for regexes with metachars, from Richard Haines.
29	* Fix file labels for regexes with metachars, from Jeff Vander Stoep.
30	* Fix if file_contexts not '\n' terminated, from Richard Haines.
31	* Enhance file context support, from Richard Haines.
32	* Fix property processing and cleanup formatting, from Richard Haines.
33	* Add read_spec_entries function to replace sscanf, from Richard Haines.
34	* Support consistent mode size for bin files, from Richard Haines.
35	* Expunge remaining references to flask.h and av_permissions.h, from Stephen Smalley.
36	* Fix more bin file processing core dumps, from Richard Haines.
37	* add selinux_openssh_contexts_path(), from Petr Lautrbach.
38	* setrans_client: minimize overhead when mcstransd is not present, from Stephen Smalley.
39	* Ensure selabel_lookup_best_match links NULL terminated, from Richard Haines.
40	* is_selinux_enabled:  Add /etc/selinux/config test, from Stephen Smalley.
41	* matchpathcon/selabel_file: Fix man pages, from Stephen Smalley.
42	* Fix core dumps with corrupt *.bin files, from Richard Haines.
43	* Add selabel partial and best match APIs, from Richard Haines.
44	* Use os.walk() instead of the deprecated os.path.walk(), from Petr
45	  Lautrbach & Miro Hrončok
46	* is_selinux_enabled(): drop no-policy-loaded test, from Stephen Smalley.
47	* Remove deprecated mudflap option, from Stephen Smalley.
48	* Mount procfs before checking /proc/filesystems, from Ben Shelton.
49	* Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
50	* label_file:  handle newlines in file names, from Nick Kralevich.
51	* getcon.3:  Fix setcon description, from Stephen Smalley.
52	* Fix audit2why error handling if SELinux is disabled, from Stephen Smalley.
53	* pcre_study can return NULL without error, from Stephen Smalley.
54	* Android property backend validation support, from Robert Craig.
55	* Only check SELinux enabled status once in selinux_check_access, from Stephen Smalley.
56
572.4 2015-02-02
58	* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve
59	  Lawrence
60	* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
61	* Set the system to permissive if failing to disable SELinux because
62	  policy has already been loaded, from Will Woods.
63	* Fix type in selinux.8 manpage, from Nicolas Iooss
64	* Add db_exception and db_datatype support to label_db backend, from Artyom
65	  Smirnov
66	* Log an error on unknown classes and permissions, from Stephen Smalley
67	* Add pcre version string to the compiled file_contexts format, from
68	  Stephen Smalley
69	* Deprecate use of flask.h and av_permissions.h, from Stephen Smalley
70	* Compiled file_context files and the original should have the same DAC
71	  permissions, from Dan Walsh
72
732.3 2014-05-06
74	* Get rid of security_context_t and fix const declarations.
75	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
76
772.2.2 2013-12-30
78	* Fix userspace AVC handling of per-domain permissive mode.
79
802.2.1 2013-11-06
81	* Remove -lpthread from pkg-config file; it is not required.
82
832.2 2013-10-30
84	* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
85	* Support overriding Makefile RANLIB from Sven Vermeulen.
86	* Update pkgconfig definition from Sven Vermeulen.
87	* Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.
88	* Fix man pages from Laurent Bigonville.
89	* Support overriding PATH  and LIBBASE in Makefiles from Laurent Bigonville.
90	* Fix LDFLAGS usage from Laurent Bigonville
91	* Avoid shadowing stat in load_mmap from Joe MacDonald.
92	* Support building on older PCRE libraries from Joe MacDonald.
93	* Fix handling of temporary file in sefcontext_compile from Dan Walsh.
94	* Fix procattr cache from Dan Walsh.
95	* Define python constants for getenforce result from Dan Walsh.
96	* Fix label substitution handling of / from Dan Walsh.
97	* Add selinux_current_policy_path from Dan Walsh.
98	* Change get_context_list to only return good matches from Dan Walsh.
99	* Support udev-197 and higher from Sven Vermeulen and Dan Walsh.
100	* Add support for local substitutions from Dan Walsh.
101	* Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh.
102	* Python wrapper leak fixes from Dan Walsh.
103	* Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh.
104	* Add selinux_systemd_contexts_path from Dan Walsh.
105	* Add selinux_set_policy_root from Dan Walsh.
106	* Add man page for sefcontext_compile from Dan Walsh.
107
1082.1.13 2013-02-01
109	* audit2why: make sure path is nul terminated
110	* utils: new file context regex compiler
111	* label_file: use precompiled filecontext when possible
112	* do not leak mmapfd
113	* sefcontontext_compile: Add error handling to help debug problems in libsemanage.
114	* man: make selinux.8 mention service man pages
115	* audit2why: Fix segfault if finish() called twice
116	* audit2why: do not leak on multiple init() calls
117	* mode_to_security_class: interface to translate a mode_t in to a security class
118	* audit2why: Cleanup audit2why analysys function
119	* man: Fix program synopsis and function prototypes in man pages
120	* man: Fix man pages formatting
121	* man: Fix typo in man page
122	* man: Add references and man page links to _raw function variants
123	* Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
124	* man: context_new(3): fix the return value description
125	* selinux_status_open: handle error from sysconf
126	* selinux_status_open: do not leak statusfd on exec
127	* Fix errors found by coverity
128	* Change boooleans.subs to booleans.subs_dist.
129	* optimize set*con functions
130	* pkg-config do not specifc ruby version
131	* unmap file contexts on selabel_close()
132	* do not leak file contexts with mmap'd backend
133	* sefcontext_compile: do not leak fd on error
134	* matchmediacon: do not leak fd
135	* src/label_android_property: do not leak fd on error
136
1372.1.12 2012-09-13
138	* Add support for lxc_contexts_path
139	* utils: add service to getdefaultcon
140	* libsemanage: do not set soname needlessly
141	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
142	* boolean name equivalency
143	* getsebool: support boolean name substitution
144	* Add man page for new selinux_boolean_sub function.
145	* expose selinux_boolean_sub
146	* matchpathcon: add -m option to force file type check
147	* utils: avcstat: clear sa_mask set
148	* seusers: Check for strchr failure
149	* booleans: initialize pointer to silence coveriety
150	* stop messages when SELinux disabled
151	* label_file: use PCRE instead of glibc regex functions
152	* label_file: remove all typedefs
153	* label_file: move definitions to include file
154	* label_file: do string to mode_t conversion in a helper function
155	* label_file: move error reporting back into caller
156	* label_file: move stem/spec handling to header
157	* label_file: drop useless ncomp field from label_file data
158	* label_file: move spec_hasMetaChars to header
159	* label_file: fix potential read past buffer in spec_hasMetaChars
160	* label_file: move regex sorting to the header
161	* label_file: add accessors for the pcre extra data
162	* label_file: only run regex files one time
163	* label_file: new process_file function
164	* label_file: break up find_stem_from_spec
165	* label_file: struct reorg
166	* label_file: only run array once when sorting
167	* Ensure that we only close the selinux netlink socket once.
168	* improve the file_contexts.5 manual page
169
1702.1.11 2012-06-28
171	* Fortify source now requires all code to be compiled with -O flag
172	* asprintf return code must be checked
173	* avc_netlink_recieve handle EINTR
174	* audit2why: silence -Wmissing-prototypes warning
175	* libsemanage: remove build warning when build swig c files
176	* matchpathcon: bad handling of symlinks in /
177	* seusers: remove unused lineno
178	* seusers: getseuser: gracefully handle NULL service
179	* New Android property labeling backend
180	* label_android_property whitespace cleanups
181	* additional makefile support for rubywrap
182
183
1842.1.10 2012-03-28
185	* Fix dead links to www.nsa.gov/selinux
186	* Remove jump over variable declaration
187	* Fix old style function definitions
188	* Fix const-correctness
189	* Remove unused flush_class_cache method
190	* Add prototype decl for destructor
191	* Add more printf format annotations
192	* Add printf format attribute annotation to die() method
193	* Fix const-ness of parameters & make usage() methods static
194	* Enable many more gcc warnings for libselinux/src/ builds
195	* utils: Enable many more gcc warnings for libselinux/utils builds
196	* Change annotation on include/selinux/avc.h to avoid upsetting SWIG
197	* Ensure there is a prototype for 'matchpathcon_lib_destructor'
198	* Update Makefiles to handle /usrmove
199	* utils: Stop separating out matchpathcon as something special
200	* pkg-config to figure out where ruby include files are located
201	* build with either ruby 1.9 or ruby 1.8
202	* assert if avc_init() not called
203	* take security_deny_unknown into account
204	* security_compute_create_name(3)
205	* Do not link against python library, this is considered
206	* bad practice in debian
207	* Hide unnecessarily-exported library destructors
208
2092.1.9 2011-12-21
210	* Fix setenforce man page to refer to selinux man page
211	* Cleanup Man pages
212	* merge freecon with getcon man page
213
2142.1.8 2011-12-05
215	* selinuxswig_python.i: don't make syscall if it won't change anything
216	* Remove assert in security_get_boolean_names(3)
217	* Mapped compute functions now obey deny_unknown flag
218	* get_default_type now sets EINVAL if no entry.
219	* return EINVAL if invalid role selected
220	* Updated selabel_file(5) man page
221	* Updated selabel_db(5) man page
222	* Updated selabel_media(5) man page
223	* Updated selabel_x(5) man page
224	* Add man/man5 man pages
225	* Add man/man5 man pages
226	* Add man/man5 man pages
227	* use -W and -Werror in utils
228
2292.1.7 2011-11-03
230	* Makefiles: syntax, convert all ${VAR} to $(VAR)
231	* load_policy: handle selinux=0 and /sys/fs/selinux not exist
232	* regenerate .pc on VERSION change
233	* label: cosmetic cleanups
234	* simple interface for access checks
235	* Don't reinitialize avc_init if it has been called previously
236	* seusers: fix to handle large sets of groups
237	* audit2why: close fd on enomem
238	* rename and export symlink_realpath
239	* label_file: style changes to make Eric happy.
240
2412.1.6 2011-09-15
242	* utils: matchpathcon: remove duplicate declaration
243	* src: matchpathcon: use myprintf not fprintf
244	* src: matchpathcon: make sure resolved path starts
245	* put libselinux.so.1 in /lib not /usr/lib
246	* tree: default make target to all not
247
2482.1.5 2011-0826
249	* selinux_file_context_verify function returns wrong value.
250	* move realpath helper to matchpathcon library
251	* python wrapper makefile changes
252
2532.1.4 2011-0817
254	* mapping fix for invalid class/perms after selinux_set_mapping
255	* audit2why: work around python bug not defining
256	* resolv symlinks and dot directories before matching
257
2582.1.2 2011-0803
259	* audit2allow: do not print statistics
260	* make python bindings for restorecon work on relative path
261	* fix python audit2why binding error
262	* support new python3 functions
263	* do not check fcontext duplicates on use
264	* Patch for python3 for libselinux
265
2662.1.1 2011-08-02
267	* move .gitignore into utils
268	* new setexecon utility
269	* selabel_open fix processing of substitution files
270	* mountpoint changing patch.
271	* simplify SRCS in Makefile
272
2732.1.1 2011-08-01
274	* Remove generated files, introduce more .gitignore
275
2762.1.0 2011-07-27
277	* Release, minor version bump
278
2792.0.102 2011-04-11
280	* Give correct names to mount points in load_policy by Dan Walsh.
281	* Make sure selinux state is reported correctly if selinux is disabled or
282	fails to load by Dan Walsh.
283	* Fix crash if selinux_key_create was never called by Dan Walsh.
284	* Add new file_context.subs_dist for distro specific filecon substitutions
285	by Dan Walsh.
286	* Update man pages for selinux_color_* functions by Richard Haines.
287
2882.0.101 2011-03-23
289	* db_language object class support for selabel_lookup from KaiGai
290	Kohei.
291
2922.0.100 2011-03-09
293	* Library destructors for thread local storage keys from Eamon Walsh.
294
2952.0.99 2011-03-01
296	* SELinux man page fixes from Dan Walsh.
297	* selinux_status interfaces from KaiGai Kohei.
298
2992.0.98 2010-12-16
300	* Turn off default user handling when computing user contexts by Dan Walsh
301
3022.0.97 2010-12-02
303	* Thread local storage fixes from Eamon Walsh.
304
3052.0.96 2010-06-14
306	* Add const qualifiers to public API where appropriate by KaiGai Kohei.
307
3082.0.95 2010-06-10
309	* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
310	* Adds a chcon method to the libselinux python bindings from Steve Lawrence
311
3122.0.94 2010-03-24
313	* Set errno=EINVAL for invalid contexts from Dan Walsh.
314
3152.0.93 2010-03-15
316	* Show strerror for security_getenforce() by Colin Walters.
317	* Merged selabel database support by KaiGai Kohei.
318	* Modify netlink socket blocking code by KaiGai Kohei.
319
3202.0.92 2010-03-06
321	* Fix from Eric Paris to fix leak on non-selinux systems.
322	* regenerate swig wrappers
323	* pkgconfig fix to respect LIBDIR from Dan Walsh.
324
3252.0.91 2010-02-22
326	* Change the AVC to only audit the permissions specified by the
327	policy, excluding any permissions specified via dontaudit or not
328	specified via auditallow.
329	* Fix compilation of label_file.c with latest glibc headers.
330
3312.0.90 2009-11-27
332	* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
333	* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
334
3352.0.89 2009-10-29
336	* Add pkgconfig file from Eamon Walsh.
337
3382.0.88 2009-10-22
339	* Rename and export selinux_reset_config()
340
3412.0.87 2009-09-25
342	* Add exception handling in libselinux from Dan Walsh. This uses a
343	  shell script called exception.sh to generate a swig interface file.
344	* make swigify
345	* Make matchpathcon print <<none>> if path not found in fcontext file.
346
3472.0.86 2009-09-02
348	* Removal of reference counting on userspace AVC SID's.
349
3502.0.85 2009-07-14
351	* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
352	pthread dependency.
353	* Removed fini_context_translations() altogether.
354	* Merged lazy init patch from Stephen Smalley based on original patch
355	by Steve Grubb.
356
3572.0.84 2009-07-07
358	* Add per-service seuser support from Dan Walsh.
359	* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
360
3612.0.83 2009-07-07
362	* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
363	Paris.
364
3652.0.82 2009-06-19
366	* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
367	* Label substitution support from Dan Walsh.
368	* Support for labeling virtual machine images from Dan Walsh.
369
3702.0.81 2009-05-15
371	* Trim / from the end of input paths to matchpathcon from Dan Walsh.
372	* Fix leak in process_line in label_file.c from Hiroshi Shinji.
373	* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
374	* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
375
3762.0.80 2009-04-07
377	* deny_unknown wrapper function from KaiGai Kohei.
378	* security_compute_av_flags API from KaiGai Kohei.
379	* Netlink socket management and callbacks from KaiGai Kohei.
380
3812.0.79 2009-03-11
382	* Netlink socket handoff patch from Adam Jackson.
383	* AVC caching of compute_create results by Eric Paris.
384
3852.0.78 2009-02-27
386	* Fix incorrect conversion in discover_class code.
387
3882.0.77 2009-01-12
389	* add restorecon to python bindings from Dan Walsh.
390
3912.0.76 2009-01-08
392	* Client support for translating raw contexts to colors via setrans.
393
3942.0.75 2008-11-18
395	* Allow shell-style wildcards in x_contexts file.
396
3972.0.74 2008-11-03
398	* Correct message types in AVC log messages.
399
4002.0.73 2008-10-14
401	* Make matchpathcon -V pass mode from Dan Walsh.
402	* Add man page for selinux_file_context_cmp from Dan Walsh.
403
4042.0.72 2008-09-29
405	* New man pages from Dan Walsh.
406	* Update flask headers from refpolicy trunk from Dan Walsh.
407
4082.0.71 2008-08-05
409	* Add group support to seusers using %groupname syntax from Dan Walsh.
410	* Mark setrans socket close-on-exec from Stephen Smalley.
411	* Only apply nodups checking to base file contexts from Stephen Smalley.
412
4132.0.70 2008-07-30
414	* Merge ruby bindings from Dan Walsh.
415
4162.0.69 2008-07-29
417	* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
418	  This prevents adding them via semanage.
419
4202.0.68 2008-07-18
421	* Fix audit2why shadowed variables from Stephen Smalley.
422	* Note that freecon NULL is legal in man page from Karel Zak.
423
4242.0.67 2008-06-13
425	* New and revised AVC, label, and mapping man pages from Eamon Walsh.
426
4272.0.66 2008-06-11
428	* Add swig python bindings for avc interfaces from Dan Walsh.
429
4302.0.65 2008-05-27
431	* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
432	* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
433
4342.0.64 2008-04-21
435	* Fixed selinux_set_callback man page.
436
4372.0.63 2008-04-18
438	* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
439
4402.0.62 2008-04-18
441	* Fix memory leaks in matchpathcon from Eamon Walsh.
442
4432.0.61 2008-03-31
444	* Man page typo fix from Jim Meyering.
445
4462.0.60 2008-03-20
447	* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
448
4492.0.59 2008-02-29
450	* Merged new X label "poly_selection" namespace from Eamon Walsh.
451
4522.0.58 2008-02-28
453	* Merged reset_selinux_config() for load policy from Dan Walsh.
454
4552.0.57 2008-02-25
456	* Merged avc_has_perm() errno fix from Eamon Walsh.
457
4582.0.56 2008-02-21
459	* Regenerated Flask headers from refpolicy flask definitions.
460
4612.0.55 2008-02-08
462	* Merged compute_member AVC function and manpages from Eamon Walsh.
463
4642.0.54 2008-02-08
465	* Provide more error reporting on load policy failures from Stephen Smalley.
466
4672.0.53 2008-02-07
468	* Merged new X label "poly_prop" namespace from Eamon Walsh.
469
4702.0.52 2008-02-06
471	* Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.
472
4732.0.51 2008-02-05
474	* Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
475
4762.0.50 2008-01-28
477	* Merged fix for audit2why from Dan Walsh.
478
4792.0.49 2008-01-23
480	* Merged audit2why python binding from Dan Walsh.
481
4822.0.48 2008-01-23
483	* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
484
4852.0.47 2007-12-21
486	* Fix for the avc:  granted null message bug from Stephen Smalley.
487
4882.0.46 2007-12-07
489	* matchpathcon(8) man page update from Dan Walsh.
490
4912.0.45 2007-11-20
492	* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
493
4942.0.44 2007-11-20
495	* Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
496	  A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
497
4982.0.43 2007-11-15
499	* Regenerated Flask headers from policy.
500
5012.0.42 2007-11-08
502	* AVC enforcing mode override patch from Eamon Walsh.
503
5042.0.41 2007-11-06
505	* Aligned attributes in AVC netlink code from Eamon Walsh.
506
5072.0.40 2007-11-01
508	* Merged refactored AVC netlink code from Eamon Walsh.
509
5102.0.39 2007-10-19
511	* Merged new X label namespaces from Eamon Walsh.
512
5132.0.38 2007-10-15
514	* Bux fix and minor refactoring in string representation code.
515
5162.0.37 2007-10-05
517	* Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
518
5192.0.36 2007-09-27
520	* Fix segfault resulting from missing file_contexts file.
521
5222.0.35 2007-09-24
523	* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
524	* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
525
5262.0.34 2007-09-18
527	* Fix selabel option flag setting for 64-bit from Stephen Smalley.
528
5292.0.33 2007-09-12
530	* Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
531	* Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
532
5332.0.32 2007-09-10
534	* Fix swig binding for rpm_execcon from James Athey.
535
5362.0.31 2007-08-23
537	* Fix file_contexts.homedirs path from Todd Miller.
538
5392.0.30 2007-08-06
540	* Fix segfault resulting from uninitialized print-callback pointer.
541
5422.0.29 2007-08-02
543	* Added x_contexts path function patch from Eamon Walsh.
544
5452.0.28 2007-08-01
546	* Fix build for EMBEDDED=y from Yuichi Nakamura.
547
5482.0.27 2007-07-25
549	* Fix markup problems in selinux man pages from Dan Walsh.
550
5512.0.26 2007-07-23
552	* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
553	* Added swigify to top-level Makefile from Dan Walsh.
554
5552.0.25 2007-07-23
556	* Fix for string_to_security_class segfault on x86_64 from Stephen
557	  Smalley.
558
5592.0.24 2007-09-07
560	* Fix for getfilecon() for zero-length contexts from Stephen Smalley.
561
5622.0.23 2007-06-22
563	* Refactored SWIG bindings from James Athey.
564
5652.0.22 2007-06-20
566	* Labeling and callback interface patches from Eamon Walsh.
567
5682.0.21 2007-06-11
569	* Class and permission mapping support patches from Eamon Walsh.
570
5712.0.20 2007-06-07
572	* Object class discovery support patches from Chris PeBenito.
573
5742.0.19 2007-06-05
575	* Refactoring and errno support in string representation code.
576
5772.0.18 2007-05-31
578	* Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
579	  This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
580
5812.0.17 2007-05-31
582	* Updated Lindent script and reindented two header files.
583
5842.0.16 2007-05-09
585	* Merged additional swig python bindings from Dan Walsh.
586
5872.0.15 2007-04-27
588	* Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
589
5902.0.14 2007-04-24
591	* Merged build fix for avc_internal.c from Joshua Brindle.
592
5932.0.13 2007-04-12
594	* Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
595
5962.0.12 2007-04-09
597	* Merged support for getting initial contexts from James Carter.
598
5992.0.11 2007-04-05
600	* Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
601
602
6032.0.10 2007-04-05
604	* Merged sidput(NULL) patch from Eamon Walsh.
605
6062.0.9 2007-03-30
607	* Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
608
6092.0.8 2007-03-20
610	* Merged fix for avc.h #include's from Eamon Walsh.
611
6122.0.7 2007-03-12
613	* Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
614
6152.0.6 2007-03-12
616	* Merged patch to drop support for old /etc/sysconfig/selinux and
617	  /etc/security policy file layout from Steve Grubb.
618
6192.0.5 2007-02-27
620	* Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
621
6222.0.4 2007-02-23
623	* Removed sending of setrans init message.
624
6252.0.3 2007-02-22
626	* Merged matchpathcon memory leak fix from Steve Grubb.
627
6282.0.2 2007-02-21
629	* Merged more swig initializers from Dan Walsh.
630
6312.0.1 2007-02-20
632	* Merged patch from Todd Miller to convert int types over to C99 style.
633
6342.0.0 2007-02-01
635	* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
636	  of the use of the non-standard format %as. (original patch changed
637	  for style).
638	* Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
639
6401.34.1 2007-01-26
641	* Merged python binding fixes from Dan Walsh.
642
6431.34.0 2007-01-18
644	* Updated version for stable branch.
645
6461.33.6 2007-01-17
647	* Merged man page updates to make "apropos selinux" work from Dan Walsh.
648
6491.33.5 2007-01-16
650	* Merged getdefaultcon utility from Dan Walsh.
651
6521.33.4 2007-01-11
653	* Merged selinux_check_securetty_context() and support from Dan Walsh.
654
6551.33.3 2007-01-04
656	* Merged patch for matchpathcon utility to use file mode information
657	  when available from Dan Walsh.
658
6591.33.2 2006-11-27
660	* Merged patch to compile with -fPIC instead of -fpic from
661	  Manoj Srivastava to prevent hitting the global offset table
662	  limit. Patch changed to include libsepol and libsemanage in
663	  addition to libselinux.
664
6651.33.1 2006-10-19
666	* Merged updated flask definitions from Darrel Goeddel.
667 	  This adds the context security class, and also adds
668	  the string definitions for setsockcreate and polmatch.
669
6701.32 2006-10-17
671	* Updated version for release.
672
6731.30.30 2006-10-05
674	* Merged patch from Darrel Goeddel to always use untranslated
675	  contexts in the userspace AVC.
676
6771.30.29 2006-09-29
678	* Merged av_permissions.h update from Steve Grubb,
679	  adding setsockcreate and polmatch definitions.
680
6811.30.28 2006-09-13
682	* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
683	* Merged c++ class identifier fix from Joe Nall.
684
6851.30.27 2006-08-24
686	* Merged patch to not log avc stats upon a reset from Steve Grubb.
687	* Applied patch to revert compat_net setting upon policy load.
688
6891.30.26 2006-08-11
690	* Merged file context homedir and local path functions from
691	  Chris PeBenito.
692
6931.30.25 2006-08-11
694	* Rework functions that access /proc/pid/attr to access the
695	  per-thread nodes, and unify the code to simplify maintenance.
696
6971.30.24 2006-08-10
698	* Merged return value fix for *getfilecon() from Dan Walsh.
699
7001.30.23 2006-08-10
701	* Merged sockcreate interfaces from Eric Paris.
702
7031.30.22 2006-08-03
704	* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
705
7061.30.21 2006-08-03
707	* Merged netfilter_contexts support patch from Chris PeBenito.
708
7091.30.20 2006-08-01
710	* Merged context_*_set errno patch from Jim Meyering.
711
7121.30.19 2006-06-29
713	* Lindent.
714
7151.30.18 2006-06-27
716	* Merged {get,set}procattrcon patch set from Eric Paris.
717	* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
718
7191.30.17 2006-06-27
720	* Regenerated Flask headers from refpolicy.
721
7221.30.16 2006-06-26
723	* Merged patch from Dan Walsh with:
724	  - Added selinux_file_context_{cmp,verify}.
725	  - Added selinux_lsetfilecon_default.
726	  - Delay translation of contexts in matchpathcon.
727
7281.30.15 2006-06-16
729	* Merged patch from Dan Walsh with:
730	*   Added selinux_getpolicytype() function.
731	*   Modified setrans code to skip processing if !mls_enabled.
732
7331.30.14 2006-06-16
734	* Set errno in the !selinux_mnt case.
735
7361.30.13 2006-06-02
737	* Allocate large buffers from the heap, not on stack.
738	  Affects is_context_customizable, selinux_init_load_policy,
739	  and selinux_getenforcemode.
740
7411.30.12 2006-06-02
742	* Merged !selinux_mnt checks from Ian Kent.
743
7441.30.11 2006-05-24
745	* Merged matchmediacon and trans_to_raw_context fixes from
746	  Serge Hallyn.
747
7481.30.10 2006-05-22
749	* Merged simple setrans client cache from Dan Walsh.
750	  Merged avcstat patch from Russell Coker.
751
7521.30.9 2006-05-22
753	* Modified selinux_mkload_policy() to also set /selinux/compat_net
754	  appropriately for the loaded policy.
755
7561.30.8 2006-05-17
757	* Added matchpathcon_fini() function to free memory allocated by
758	  matchpathcon_init().
759
7601.30.7 2006-05-16
761	* Merged setrans client cleanup patch from Steve Grubb.
762
7631.30.6 2006-05-08
764	* Merged getfscreatecon man page fix from Dan Walsh.
765	* Updated booleans(8) man page to drop references to the old
766	  booleans file and to note that setsebool can be used to set
767	  the boot-time defaults via -P.
768
7691.30.5 2006-05-05
770	* Merged fix warnings patch from Karl MacMillan.
771
7721.30.4 2006-05-05
773	* Merged setrans client support from Dan Walsh.
774	  This removes use of libsetrans.
775	* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
776	* Merged swig typemap fixes from Glauber de Oliveira Costa.
777
7781.30.3 2006-04-12
779	* Added distclean target to Makefile.
780	* Regenerated swig files.
781
7821.30.2 2006-04-11
783	* Changed matchpathcon_init to verify that the spec file is
784	  a regular file.
785	* Merged python binding t_output_helper removal patch from Dan Walsh.
786
7871.30.1 2006-03-20
788	* Merged Makefile PYLIBVER definition patch from Dan Walsh.
789
7901.30 2006-03-14
791	* Updated version for release.
792
7931.29.8 2006-02-27
794	* Altered rpm_execcon fallback logic for permissive mode to also
795	  handle case where /selinux/enforce is not available.
796
7971.29.7 2006-01-20
798	* Merged install-pywrap Makefile patch from Joshua Brindle.
799
8001.29.6 2006-01-18
801	* Merged pywrap Makefile patch from Dan Walsh.
802
8031.29.5 2006-01-11
804	* Added getseuser test program.
805
8061.29.4 2006-01-06
807	* Added format attribute to myprintf in matchpathcon.c and
808	  removed obsoleted rootlen variable in init_selinux_config().
809
8101.29.3 2006-01-04
811	* Merged several fixes and improvements from Ulrich Drepper
812	  (Red Hat), including:
813	  - corrected use of getline
814	  - further calls to __fsetlocking for local files
815	  - use of strdupa and asprintf
816	  - proper handling of dirent in booleans code
817	  - use of -z relro
818	  - several other optimizations
819	* Merged getpidcon python wrapper from Dan Walsh (Red Hat).
820
8211.29.2 2005-12-14
822	* Merged call to finish_context_translations from Dan Walsh.
823	  This eliminates a memory leak from failing to release memory
824	  allocated by libsetrans.
825
8261.29.1 2005-12-08
827	* Merged patch for swig interfaces from Dan Walsh.
828
8291.28 2005-12-07
830	* Updated version for release.
831
8321.27.28 2005-12-01
833	* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
834	  modified matchpathcon implementation to make context validation/
835	  canonicalization optional at matchpathcon_init time, deferring it
836	  to a successful matchpathcon by default unless the new flag is set
837	  by the caller.
838
8391.27.27 2005-12-01
840	* Added matchpathcon_init_prefix() interface, and
841	  reworked matchpathcon implementation to support selective
842	  loading of file contexts entries based on prefix matching
843	  between the pathname regex stems and the specified path
844	  prefix (stem must be a prefix of the specified path prefix).
845
8461.27.26 2005-11-29
847	* Merged getsebool patch from Dan Walsh.
848
8491.27.25 2005-11-29
850	* Added -f file_contexts option to matchpathcon util.
851	  Fixed warning message in matchpathcon_init().
852
8531.27.24 2005-11-29
854	* Merged Makefile python definitions patch from Dan Walsh.
855
8561.27.23 2005-11-28
857	* Merged swigify patch from Dan Walsh.
858
8591.27.22 2005-11-15
860	* Merged make failure in rpm_execcon non-fatal in permissive mode
861	  patch from Ivan Gyurdiev.
862
8631.27.21 2005-11-08
864	* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
865	  and modified matchpathcon_init() to skip context translation
866	  if it is set by the caller.
867
8681.27.20 2005-11-07
869	* Added security_canonicalize_context() interface and
870	  set_matchpathcon_canoncon() interface for obtaining
871	  canonical contexts.  Changed matchpathcon internals
872	  to obtain canonical contexts by default.  Provided
873	  fallback for kernels that lack extended selinuxfs context
874	  interface.
875
8761.27.19 2005-11-04
877	* Merged seusers parser changes from Ivan Gyurdiev.
878	* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
879	* Changed seusers parser to reject empty fields.
880
8811.27.18 2005-11-03
882	* Merged seusers empty level handling patch from Jonathan Kim (TCS).
883
8841.27.17 2005-10-27
885	* Changed default entry for seusers to use __default__ to avoid
886	  ambiguity with users named "default".
887
8881.27.16 2005-10-27
889	* Fixed init_selinux_config() handling of missing /etc/selinux/config
890	  or missing SELINUXTYPE= definition.
891	* Merged selinux_translations_path() patch from Dan Walsh.
892
8931.27.15 2005-10-25
894	* Added hidden_proto/def for get_default_context_with_role.
895
8961.27.14 2005-10-25
897	* Merged selinux_path() and selinux_homedir_context_path()
898	  functions from Joshua Brindle.
899
9001.27.13 2005-10-19
901	* Merged fixes for make DESTDIR= builds from Joshua Brindle.
902
9031.27.12 2005-10-18
904	* Merged get_default_context_with_rolelevel and man pages from
905	  Dan Walsh (Red Hat).
906
9071.27.11 2005-10-18
908	* Updated call to sepol_policydb_to_image for sepol changes.
909
9101.27.10 2005-10-17
911	* Changed getseuserbyname to ignore empty lines and to handle
912	no matching entry in the same manner as no seusers file.
913
9141.27.9 2005-10-13
915	* Changed selinux_mkload_policy to try downgrading the
916	latest policy version available to the kernel-supported version.
917
9181.27.8 2005-10-11
919	* Changed selinux_mkload_policy to fall back to the maximum
920	policy version supported by libsepol if the kernel policy version
921	falls outside of the supported range.
922
9231.27.7 2005-10-06
924	* Changed getseuserbyname to fall back to the Linux username and
925	NULL level if seusers config file doesn't exist unless
926	REQUIRESEUSERS=1 is set in /etc/selinux/config.
927	* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
928
9291.27.6 2005-10-06
930	* Added selinux_init_load_policy() function as an even higher level
931	interface for the initial policy load by /sbin/init.  This obsoletes
932	the load_policy() function in the sysvinit-selinux.patch.
933
9341.27.5 2005-10-06
935	* Added selinux_mkload_policy() function as a higher level interface
936	for loading policy than the security_load_policy() interface.
937
9381.27.4 2005-10-05
939	* Merged fix for matchpathcon (regcomp error checking) from Johan
940	Fischer.  Also added use of regerror to obtain the error string
941	for inclusion in the error message.
942
9431.27.3 2005-10-03
944	* Changed getseuserbyname to not require (and ignore if present)
945	the MLS level in seusers.conf if MLS is disabled, setting *level
946	to NULL in this case.
947
9481.27.2 2005-09-30
949	* Merged getseuserbyname patch from Dan Walsh.
950
9511.27.1 2005-09-19
952	* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
953	  This allows file_contexts with MLS fields to be processed on
954	  non-MLS-enabled systems with policies that are otherwise
955	  identical (e.g. same type definitions).
956	* Merged get_ordered_context_list_with_level() function from
957	  Dan Walsh, and added get_default_context_with_level().
958	  This allows MLS level selection for users other than the
959	  default level.
960
9611.26 2005-09-06
962	* Updated version for release.
963
9641.25.7 2005-09-01
965	* Merged modified form of patch to avoid dlopen/dlclose by
966	the static libselinux from Dan Walsh.  Users of the static libselinux
967	will not have any context translation by default.
968
9691.25.6 2005-08-31
970	* Added public functions to export context translation to
971	users of libselinux (selinux_trans_to_raw_context,
972	selinux_raw_to_trans_context).
973
9741.25.5 2005-08-26
975	* Remove special definition for context_range_set; use
976	common code.
977
9781.25.4 2005-08-25
979	* Hid translation-related symbols entirely and ensured that
980	raw functions have hidden definitions for internal use.
981	* Allowed setting NULL via context_set* functions.
982	* Allowed whitespace in MLS component of context.
983	* Changed rpm_execcon to use translated functions to workaround
984	lack of MLS level on upgraded systems.
985
9861.25.3 2005-08-23
987	* Merged context translation patch, originally by TCS,
988	  with modifications by Dan Walsh (Red Hat).
989
9901.25.2 2005-08-11
991	* Merged several fixes for error handling paths in the
992	  AVC sidtab, matchpathcon, booleans, context, and get_context_list
993	  code from Serge Hallyn (IBM).   Bugs found by Coverity.
994
9951.25.1 2005-08-10
996	* Removed setupns; migrated to pam.
997	* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
998	  Original symbol is temporarily retained for compatibility until
999	  all callers are updated.
1000
10011.24 2005-06-20
1002	* Updated version for release.
1003
10041.23.12 2005-06-13
1005	* Merged security_setupns() from Chad Sellers.
1006
10071.23.11 2005-05-19
1008	* Merged avcstat and selinux man page from Dan Walsh.
1009	* Changed security_load_booleans to process booleans.local
1010	  even if booleans file doesn't exist.
1011
10121.23.10 2005-04-29
1013	* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
1014
10151.23.9 2005-04-26
1016	* Rewrote get_ordered_context_list and helpers, including
1017	  changing logic to allow variable MLS fields.
1018
10191.23.8 2005-04-25
1020	* Merged matchpathcon and man page patch from Dan Walsh.
1021
10221.23.7 2005-04-12
1023	* Changed boolean functions to return -1 with errno ENOENT
1024	  rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
1025	  mounted).
1026
10271.23.6 2005-04-08
1028	* Fixed bug in matchpathcon_filespec_destroy.
1029
10301.23.5 2005-04-05
1031	* Fixed bug in rpm_execcon error handling path.
1032
10331.23.4 2005-04-04
1034	* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
1035	* Merged fix for getconlist utility from Andreas Steinmetz.
1036
10371.23.3 2005-03-29
1038	* Merged security_set_boolean_list patch from Dan Walsh.
1039	  This introduces booleans.local support for setsebool.
1040
10411.23.2 2005-03-17
1042	* Merged destructors patch from Tomas Mraz.
1043
10441.23.1 2005-03-16
1045	* Added set_matchpathcon_flags() function for setting flags
1046	  controlling operation of matchpathcon.  MATCHPATHCON_BASEONLY
1047	  means only process the base file_contexts file, not
1048	  file_contexts.homedirs or file_contexts.local, and is for use by
1049	  setfiles -c.
1050	* Updated matchpathcon.3 man page.
1051
10521.22 2005-03-09
1053	* Updated version for release.
1054
10551.21.13 2005-03-08
1056	* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
1057
10581.21.12 2005-03-01
1059	* Changed matchpathcon_common to ignore any non-format bits in the mode.
1060
10611.21.11 2005-02-22
1062	* Merged several fixes from Ulrich Drepper.
1063
10641.21.10 2005-02-17
1065	* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
1066	* Added selinux_users_path() for path to directory containing
1067	  system.users and local.users.
1068
10691.21.9 2005-02-09
1070	* Changed relabel Makefile target to use restorecon.
1071
10721.21.8 2005-02-07
1073	* Regenerated av_permissions.h.
1074
10751.21.7 2005-02-01
1076	* Modified avc_dump_av to explicitly check for any permissions that
1077	  cannot be mapped to string names and display them as a hex value.
1078
10791.21.6 2005-01-31
1080	* Regenerated av_permissions.h.
1081
10821.21.5 2005-01-28
1083	* Generalized matchpathcon internals, exported more interfaces,
1084	  and moved additional code from setfiles into libselinux so that
1085	  setfiles can directly use matchpathcon.
1086
10871.21.4 2005-01-27
1088	* Prevent overflow of spec array in matchpathcon.
1089
10901.21.3 2005-01-26
1091	* Fixed several uses of internal functions to avoid relocations.
1092	* Changed rpm_execcon to check is_selinux_enabled() and fallback to
1093	  a regular execve if not enabled (or unable to determine due to a lack
1094	  of /proc, e.g. chroot'd environment).
1095
1096
10971.21.2 2005-01-24
1098	* Merged minor fix for avcstat from Dan Walsh.
1099
11001.21.1 2005-01-19
1101	* Merged patch from Dan Walsh, including:
1102	     - new is_context_customizable function
1103	     - changed matchpathcon to also use file_contexts.local if present
1104	     - man page cleanups
1105
11061.20 2005-01-04
1107	* Changed matchpathcon to return -1 with errno ENOENT for
1108	  <<none>> entries, and also for an empty file_contexts configuration.
1109	* Removed some trivial utils that were not useful or redundant.
1110	* Changed BINDIR default to /usr/sbin to match change in Fedora.
1111	* Added security_compute_member.
1112	* Added man page for setcon.
1113	* Merged more man pages from Dan Walsh.
1114	* Merged avcstat from James Morris.
1115	* Merged build fix for mips from Manoj Srivastava.
1116	* Merged C++ support from John Ramsdell of MITRE.
1117	* Merged setcon() function from Darrel Goeddel of TCS.
1118	* Merged setsebool/togglesebool enhancement from Steve Grubb.
1119	* Merged cleanup patches from Steve Grubb.
1120
11211.18 2004-11-01
1122	* Merged cleanup patches from Steve Grubb.
1123	* Added rpm_execcon.
1124	* Merged setenforce and removable context patch from Dan Walsh.
1125	* Merged build fix for alpha from Ulrich Drepper.
1126	* Removed copyright/license from selinux_netlink.h - definitions only.
1127	* Merged matchmediacon from Dan Walsh.
1128	* Regenerated headers for new nscd permissions.
1129	* Added get_default_context_with_role.
1130	* Added set_matchpathcon_printf.
1131	* Reworked av_inherit.h to allow easier re-use by kernel.
1132	* Changed avc_has_perm_noaudit to not fail on netlink errors.
1133	* Changed avc netlink code to check pid based on patch by Steve Grubb.
1134	* Merged second optimization patch from Ulrich Drepper.
1135	* Changed matchpathcon to skip invalid file_contexts entries.
1136	* Made string tables private to libselinux.
1137	* Merged strcat->stpcpy patch from Ulrich Drepper.
1138	* Merged matchpathcon man page from Dan Walsh.
1139	* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
1140	* Autobind netlink socket.
1141	* Dropped compatibility code from security_compute_user.
1142	* Merged fix for context_range_set from Chad Hanson.
1143	* Merged allocation failure checking patch from Chad Hanson.
1144	* Merged avc netlink error message patch from Colin Walters.
1145
11461.16 2004-08-19
1147	* Regenerated headers for nscd class.
1148	* Merged man pages from Dan Walsh.
1149	* Merged context_new bug fix for MLS ranges from Chad Hanson.
1150	* Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
1151	* Renamed change_bool and show_bools to setsebool and getsebool.
1152	* Merged security_load_booleans() function from Dan Walsh.
1153	* Added selinux_booleans_path() function.
1154	* Changed avc_init function prototype to use const.
1155	* Regenerated headers for crontab permission.
1156	* Added checkAccess from Dan Walsh.
1157	* Merged getenforce patch from Dan Walsh.
1158	* Regenerated headers for dbus classes.
1159
11601.14 2004-06-16
1161	* Regenerated headers for fine-grained netlink classes.
1162	* Merged selinux_config bug fix from Dan Walsh.
1163	* Added userspace AVC man pages.
1164	* Added man links for API calls to existing man pages documenting them.
1165	* Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
1166	* Merged patch to determine config file paths at runtime to support
1167	  reorganized layout.
1168	* Regenerated flask headers with stable ordering.
1169	* Merged patch for man pages from Russell Coker.
1170
11711.12 2004-05-10
1172	* Updated flask files to include new SE-X security classes.
1173	* Added security_disable function for runtime disable of SELinux prior
1174	  to initial policy load (for /sbin/init).
1175	* Changed get_ordered_context_list to omit any reachable contexts
1176	  that are not explicitly listed in default_contexts, unless there
1177	  are no matches.
1178	* Merged man pages from Russell Coker and Dan Walsh.
1179	* Merged memory leak fixes from Dan Walsh.
1180	* Merged policyvers errno patch from Chris PeBenito.
1181
11821.10 2004-04-05
1183	* Merged getenforce patch from Dan Walsh.
1184	* Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
1185	  the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
1186	  Based on a patch by Russell Coker.
1187	* Merged matchpathcon buffer size fix from Dan Walsh.
1188
11891.8 2004-03-09
1190	* Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
1191	* Added matchpathcon function.
1192	* Updated userspace AVC to handle netlink selinux notifications.
1193
11941.6 2004-02-18
1195	* Merged conditional policy extensions from Tresys Technology.
1196	* Added userspace avc and SID table implementation.
1197	* Fixed type on size in getpeercon per Thorsten Kukuk's advice.
1198	* Fixed use of getpwnam_r per Thorsten Kukuk's advice.
1199	* Changed to use getpwnam_r rather than getpwnam internally to
1200	  avoid clobbering any existing pwd struct obtained by the caller.
1201	* Added getpeercon function to encapsulate getsockopt SO_PEERSEC
1202	  and handle allocation ala getfilecon.
1203	* Changed is_selinux_enabled to return -1 on errors.
1204	* Changed to discover selinuxfs mount point via /proc/mounts
1205	  so that the mount point can be changed without rebuilding.
1206
12071.4 2003-12-01
1208	* Merged another cleanup patch from Bastian Blank and Joerg Hoh.
1209	* Regenerate headers for new permissions.
1210	* Merged static lib build patch from Bastian Blank and Joerg Hoh.
1211	* Export SELINUXMNT definition, add SELINUXPOLICY definition.
1212	* Add functions to provide access to enforce and policyvers.
1213	* Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
1214	* Fixed type for 'size' in *getfilecon.
1215	* Dropped -lattr and changed #include's to <sys/xattr.h>
1216	* Merged patch to move shared library to /lib from Dan Walsh.
1217	* Changed get_ordered_context_list to support a failsafe context.
1218	* Added selinuxenabled utility.
1219	* Merged const patch from Thorsten Kukuk.
1220
12211.2 2003-09-30
1222        * Change is_selinux_enabled to fail if policy isn't loaded.
1223	* Changed Makefiles to allow non-root rpm builds.
1224	* Added -lattr for libselinux.so to ensure proper binding.
1225
12261.1 2003-08-13
1227	* Ensure that context strings are padded with a null byte
1228	  in case the kernel didn't include one.
1229	* Regenerate headers, update helpers.c for code cleanup.
1230	* Pass soname flag to linker (Colin Walters).
1231	* Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
1232
12331.0 2003-07-11
1234	* Initial public release.
1235