| 1 |
commit: dbc0cc1a246bd7680fdaa81da3ee493366cf3115 |
| 2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
| 3 |
AuthorDate: Sat Aug 5 16:59:42 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Sep 8 22:48:51 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=dbc0cc1a |
| 7 |
|
| 8 |
Update Changelog for release. |
| 9 |
|
| 10 |
policy/modules/contrib/Changelog | 171 +++++++++++++++++++++++++++++++++++++++ |
| 11 |
1 file changed, 171 insertions(+) |
| 12 |
|
| 13 |
diff --git a/policy/modules/contrib/Changelog b/policy/modules/contrib/Changelog |
| 14 |
index 907847ca..2a6e15b4 100644 |
| 15 |
--- a/policy/modules/contrib/Changelog |
| 16 |
+++ b/policy/modules/contrib/Changelog |
| 17 |
@@ -1,3 +1,174 @@ |
| 18 |
+* Sat Aug 05 2017 Chris PeBenito <pebenito@××××.org> - 2.20170805 |
| 19 |
+Chris PeBenito (82): |
| 20 |
+ Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. |
| 21 |
+ Module version bump for usrmerge FC fixes from Jason Zaman. |
| 22 |
+ mon policy from Russell Coker. |
| 23 |
+ Module version bump for cups patches from Guido Trentalancia. |
| 24 |
+ Module version bump for tbird and mozilla printing from Guido |
| 25 |
+ Trentalancia. |
| 26 |
+ Revert "cups/lpd: read permission for cupsd_var_run_t socket files" |
| 27 |
+ Module version bump for cups revert. |
| 28 |
+ Sort capabilities permissions from Russell Coker. |
| 29 |
+ Little misc patch from Russell Coker. |
| 30 |
+ mon: Fix deprecated interface usage. |
| 31 |
+ dpkg: Updates from Russell Coker. |
| 32 |
+ Monit policy from Russell Coker and cgzones. |
| 33 |
+ monit: Fix build error. |
| 34 |
+ fetchmail, mysql, tor: Misc fixes from Russell Coker. |
| 35 |
+ Merge branch 'alsa_module' of git://github.com/cgzones/refpolicy-contrib |
| 36 |
+ Merge branch 'vnstat_module' of git://github.com/cgzones/refpolicy-contrib |
| 37 |
+ Module version bump for alsa and vnstatd fixes from cgzones. |
| 38 |
+ Merge branch 'ntp_module' of git://github.com/cgzones/refpolicy-contrib |
| 39 |
+ Module version bump for ntp fixes from cgzones. |
| 40 |
+ samba: A few line moves. |
| 41 |
+ Module version bump for samba patch from Russell Coker. |
| 42 |
+ Systemd fixes from Russell Coker. |
| 43 |
+ Xen fixes from Russell Coker. |
| 44 |
+ mailman: Fixes from Russell Coker. |
| 45 |
+ MTA fixes from Russell Coker. |
| 46 |
+ Network daemon patches from Russell Coker. |
| 47 |
+ apache: Fix CI error. |
| 48 |
+ Merge branch 'modutils_adapt_interfaces' of |
| 49 |
+ git://github.com/cgzones/refpolicy-contrib |
| 50 |
+ Merge branch 'corecmd_read_bin_symlinks' of |
| 51 |
+ git://github.com/cgzones/refpolicy-contrib |
| 52 |
+ Module version bumps for fixes from cgzones. |
| 53 |
+ Merge branch 'mandb' of git://github.com/cgzones/refpolicy-contrib |
| 54 |
+ Merge branch 'dphysswapfile' of git://github.com/cgzones/refpolicy-contrib |
| 55 |
+ Module version bump for dphysswapfile and mandb fixes from cgzones. |
| 56 |
+ Merge branch 'var_run_filecontext' of |
| 57 |
+ git://github.com/cgzones/refpolicy-contrib |
| 58 |
+ Merge branch 'vnstatd' of git://github.com/cgzones/refpolicy-contrib |
| 59 |
+ Module version bump for fixes from cgzones. |
| 60 |
+ dontaudit net_admin for SO_SNDBUFFORCE |
| 61 |
+ /var/run -> /run again |
| 62 |
+ Merge branch 'monit' of git://github.com/cgzones/refpolicy-contrib |
| 63 |
+ Module version bump for monit patch from cgzones. |
| 64 |
+ systemd-resolvd, sessions, and tmpfiles take2 |
| 65 |
+ Misc fc changes from Russell Coker. |
| 66 |
+ Systemd-related changes from Russell Coker. |
| 67 |
+ networkmanager: adjust interface docs format. |
| 68 |
+ wm: interface docs adjustment. |
| 69 |
+ Module version bump for misc fixes from Guido Trentalancia. |
| 70 |
+ systemd init from Russell Coker |
| 71 |
+ misc daemons from Russell Coker. |
| 72 |
+ logging patches from Russell Coker |
| 73 |
+ kmod, lvm, brctl patches from Russell Coker |
| 74 |
+ devicekit, mount, xserver, and selinuxutil from Russell Coker |
| 75 |
+ some userdomain patches from Russell Coker |
| 76 |
+ Module version bump for gnome fix from Guido Trentalancia. |
| 77 |
+ apache: Move blocks. No rule changes. |
| 78 |
+ Module version bump for changes from Sven Vermeulen and Guido |
| 79 |
+ Trentalancia. |
| 80 |
+ login take 4 from Russell Coker. |
| 81 |
+ Rename apm to acpi from Russell Coker. |
| 82 |
+ Module version bump for patches from Russell Coker. |
| 83 |
+ some little misc things from Russell Coker. |
| 84 |
+ apt/dpkg strict patches from Russell Coker. |
| 85 |
+ Module version bump for minor fixes from Guido Trentalancia. |
| 86 |
+ Merge branch 'usr_bin_fc' of |
| 87 |
+ git://github.com/fishilico/selinux-refpolicy-contrib |
| 88 |
+ Module version bump for /usr/bin fc fixes from Nicolas Iooss. |
| 89 |
+ Module version bump for chronyd changes from Luis Ressel. |
| 90 |
+ openoffice: Move ooffice_rw_tmp_files() implementation. |
| 91 |
+ Module version bump for openoffice fix from Guido Trentalancia. |
| 92 |
+ libmtp: move lines |
| 93 |
+ Module version bump for fixes from Guido Trentalancia. |
| 94 |
+ Module version bump for mmap fixes from Stephen Smalley. |
| 95 |
+ Module version bump for misc patches from Guido Trentalancia. |
| 96 |
+ gpg: Fix overspecified dependencies in gpg_agent_tmp_filetrans. |
| 97 |
+ dirmngr: Whitespace fixes. |
| 98 |
+ Module version bumps for patches from Jason Zaman. |
| 99 |
+ cgmanager: Move lines |
| 100 |
+ Module version bumps for patches from Jason Zaman. |
| 101 |
+ gpg: Module version bump for patch from Guido Trentalancia. |
| 102 |
+ mozilla: Module version bump for patch from Luis Ressel. |
| 103 |
+ rkhunter: Fix module version and move lines. |
| 104 |
+ Module version bump for patches from cgzones. |
| 105 |
+ chkrootkit: Fix module version. |
| 106 |
+ Module version bump for patches from cgzones. |
| 107 |
+ Bump module versions for release. |
| 108 |
+ |
| 109 |
+Guido Trentalancia (28): |
| 110 |
+ cups: read permission for cupsd_var_run_t socket files in |
| 111 |
+ cups_stream_connect() |
| 112 |
+ cups/lpd: read permission for cupsd_var_run_t socket files |
| 113 |
+ thunderbird: allow stream connections to cups so that it can print |
| 114 |
+ mozilla: allow stream connections to cups so that it can print |
| 115 |
+ java: enable interactive use |
| 116 |
+ evolution: add dbus acquire service permission |
| 117 |
+ evolution: do not audit kernel read state |
| 118 |
+ evolution: add some critical permissions |
| 119 |
+ mozilla: read hardware state information |
| 120 |
+ mozilla: add a permission |
| 121 |
+ wm: load the NetworkManager applet |
| 122 |
+ wm: interactive start |
| 123 |
+ Gnome and Evolution dbus chat permissions |
| 124 |
+ openoffice: support starting it from the window manager |
| 125 |
+ evolution: minor fixes and updates |
| 126 |
+ java: error messages terminal printout |
| 127 |
+ loadkeys: use init fds (system bootup) |
| 128 |
+ plymouth: pid interface usability |
| 129 |
+ shutdown: send msg to syslog |
| 130 |
+ openoffice: open files retrieved using mozilla |
| 131 |
+ contrib: new libmtp module |
| 132 |
+ openoffice: minor update |
| 133 |
+ gnome: improved integration with openoffice |
| 134 |
+ cups: let hplip read udev pid files |
| 135 |
+ dbus: let session bus daemon manage user runtime dirs |
| 136 |
+ zabbix: Grant zabbix_agent_t to call setrlimit on self |
| 137 |
+ ntp: fix the drift file context and transition |
| 138 |
+ gpg: manage user runtime socket files and directories |
| 139 |
+ |
| 140 |
+Jason Zaman (12): |
| 141 |
+ usrmerge: Add missed /usr fcontexts |
| 142 |
+ java: update fcontexts for new versions of icedtea |
| 143 |
+ dirmngr: add to roles and allow gpg to domtrans |
| 144 |
+ gpg dirmngr: create and connect to socket |
| 145 |
+ dirmngr: fcontext for ~/.gnupg/crls.d/ |
| 146 |
+ dirmngr: Network rules to connect to keyserver |
| 147 |
+ cgmanager: add policy from gentoo |
| 148 |
+ consolekit: Add support for consolekit2 |
| 149 |
+ consolekit: allow purging tmp |
| 150 |
+ consolekit: introduce consolekit_use_inhibit_lock interface |
| 151 |
+ dbus: use consolekit inhibit locks |
| 152 |
+ networkmanager: use consolekit inhibit locks |
| 153 |
+ |
| 154 |
+Luis Ressel (3): |
| 155 |
+ chronyd: Re-align fc file |
| 156 |
+ chronyd: Allow init scripts to create /run/chrony |
| 157 |
+ mozilla: Add fc for the files used by the firefox addon "vimperator" |
| 158 |
+ |
| 159 |
+Nicolas Iooss (1): |
| 160 |
+ Support systems with a single /usr/bin directory |
| 161 |
+ |
| 162 |
+Russell Coker (1): |
| 163 |
+ patch for samba |
| 164 |
+ |
| 165 |
+Stephen Smalley (1): |
| 166 |
+ contrib: allow map permission where needed |
| 167 |
+ |
| 168 |
+Sven Vermeulen (1): |
| 169 |
+ rpc_* interfaces should be wrapped by optional_policy() |
| 170 |
+ |
| 171 |
+cgzones (16): |
| 172 |
+ update ntp module |
| 173 |
+ update alsa module |
| 174 |
+ vnstatd: update module |
| 175 |
+ corecmd_read_bin_symlinks(): remove deprecated and redundant calls |
| 176 |
+ modutils: adopt calls to new interfaces |
| 177 |
+ vnstatd: update |
| 178 |
+ dphysswapfile: update |
| 179 |
+ monit: update |
| 180 |
+ mandb: update |
| 181 |
+ logrotate: reload monit after log rotation |
| 182 |
+ remove /var/run file context lefovers, add dbus exception |
| 183 |
+ monit: add syslog access and support for monit systemd service |
| 184 |
+ rkhunter: add policy module |
| 185 |
+ arpwatch: align file contexts |
| 186 |
+ chkrootkit: add policy module |
| 187 |
+ arpwatch: update |
| 188 |
+ |
| 189 |
* Sat Feb 04 2017 Chris PeBenito <pebenito@××××.org> - 2.20170204 |
| 190 |
Chris PeBenito (41): |
| 191 |
Module version bump for patches from Jason Zaman. |
Archives