commit: f5d11861eeca182157bc9928fc7ace8cce514f49 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Sun Jun 9 18:05:20 2019 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Jul 13 06:43:14 2019 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f5d11861
Update Changelog and VERSION for release. Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org> Signed-off-by: Jason Zaman <jason <AT> perfinion.com> Changelog | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ VERSION | 2 +- 2 files changed, 134 insertions(+), 1 deletion(-) diff --git a/Changelog b/Changelog index 75d5fae0..9ecb9c1f 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,136 @@ +* Sun Jun 09 2019 Chris PeBenito <[email protected]> - 2.20190609 +Chris PeBenito (70): + systemd: Module version bump. + Merge branch 'sysadm-dynamic-users' of + git://github.com/fishilico/selinux-refpolicy + sysadm: Module version bump. + Merge branch 'stubby-daemon' of + git://github.com/fishilico/selinux-refpolicy + corenetwork: Module version bump. + systemd: Remove unnecessary brackets. + init, systemd, cdrecord: Module version bump. + logging, miscfiles, authlogin: Module version bump. + Merge branch 'systemd-journald-signull' of + git://github.com/fishilico/selinux-refpolicy + Merge branch 'restorecond-no-read-all' of + git://github.com/fishilico/selinux-refpolicy + logging, selinuxutil: Module version bump. + Merge branch 'systemd-update-done' of + git://github.com/fishilico/selinux-refpolicy + systemd: Module version bump. + aide, clamav: Module version bump. + filesystem, cron, authlogin: Module version bump. + Remove incorrect comment about capability2:mac_admin. + usermanage: Move kernel_dgram_send(passwd_t) to systemd block. + systemd, udev, usermanage: Module version bump. + genhomedircon.py: Fix top-level exception handling. + udev: Whitespace fix. + udev: Move one line and remove a redundant line. + sysadm, udev: Module version bump. + Merge pull request #35 from pebenito/master + systemd: Drop unconfined kernel access for systemd_nspawn. + udev: Drop write by udev to its executable. + init: Remove duplicate setenforce rule for init scripts. + authlogin, dbus, ntp: Module version bump. + ntp, init, lvm: Module version bump. + Merge pull request #37 from pebenito/master + kernel, init, systemd, udev: Module version bump. + init: Revise conditions in init_startstop_service(). + Merge pull request #39 from pebenito/revise-init-stopstart + init: Module version bump. + kernel: Module version bump. + Merge pull request #40 from gtrentalancia/master + xserver: Module version bump. + various: Module version bump + apache: Make MTA optional. + systemd: Remove unnecessary names in systemd-update-done filetrans. + Merge pull request #42 from dsugar100/master + kernel, devices, plymouthd, xserver: Module version bump. + storage: Label /dev/mmcblk* character nodes. + devices: Label /dev/tpmrm[0-9]. + devices: Add type for GPIO chips, /dev/gpiochip[0-9] + devices: Change netcontrol devices to pmqos. + systemd: Add initial policy for systemd --user. + Merge pull request #43 from pebenito/various-device-labels + Merge pull request #44 from pebenito/http-mta-optional + Merge pull request #45 from pebenito/systemd-update-done-tweak + Merge pull request #46 from pebenito/systemd-user + various: Module version bump. + Merge pull request #47 from dsugar100/master + Merge pull request #48 from bigon/dovecot_lmtp + Merge pull request #49 from bigon/fail2ban_logrotate + dovecot, logrotate: Module version bump. + logrotate: Make MTA optional. + Merge pull request #51 from pebenito/logrotate-optional-mta + Merge pull request #53 from WOnder93/makefile-fix + logrotate: Module version bump. + init: Add systemd block to init_script_domain(). + systemd: modules-load updates. + apache: Web content rules simplification. + storage: Add fc entry for /dev/pmem* + devices: Add type for /dev/daxX.Y. + Merge pull request #54 from pebenito/init-script-systemd + Merge pull request #55 from pebenito/modules-load + Merge pull request #56 from pebenito/apache-simplify + Merge pull request #57 from pebenito/pmem-dax + various: Module version bump. + Bump module versions for release. + +Dave Sugar (3): + Allow xdm (lightdm) start plymouth + Changes to support plymouth working in enforcing + create interfaces for NetworkManager units + +Guido Trentalancia (1): + The Qt library version 5 requires to write xserver_tmp_t files upon + starting up applications (tested on version 5.12.1). + +Laurent Bigonville (2): + Add dovecot to listen to LMTP port + Allow logrotate to execute fail2ban-client + +Lukas Vrabec (1): + Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t + +Nicolas Iooss (6): + sysadm: allow resolving dynamic users + Add policy for stubby DNS resolver + Allow systemd-journald to use kill(pid, 0) on its clients + Allow restorecond to read customizable_types + Remove a broad read-files rule for restorecond + Update systemd-update-done policy + +Ondrej Mosnacek (1): + Fix find commands in Makefiles + +Sugar, David (26): + Allow systemd-networkd to get IP address from dhcp server + Separate domain for systemd-modules-load + Allow init_t to read net_conf_t + Allow systemd-hostnamed to set the hostname + Add interface to run cdrecord in caller domain + Add interface to get status of rsyslog service + New interface to dontaudit access to cert_t + Fix incorrect type in clamav_enableddisable_clamd interface + Allow freshclam to read sysctl_crypto_t + Add interfaces to run freshclam + Allow AIDE to sendto kernel datagram socket + Allow AIDE to read kernel sysctl_crypto_t + Allow AIDE to mmap files + Add interface to allow relabeling of iso 9660 filesystems. + Update cron use to pam interface + Allow additional map permission when reading hwdb + Resolve denial while changing password + Separate out udevadm into a new domain + Add interface ntp_dbus_chat + Allow ntpd to update chronyd service + Allow ntpd to update timezone symlink + Resolve denial about logging to journal from chkpwd + Resolve denial about logging to journal from dbus + Allow ntpd to read unit files + Denial of cryptsetup reading cracklib database + Add kernel_dgram_send() into logging_send_syslog_msg() + * Fri Feb 01 2019 Chris PeBenito <[email protected]> - 2.20190201 Alexander Miroshnichenko (16): Add signal_perms setpgid setsched permissions to syncthing_t. diff --git a/VERSION b/VERSION index b93d30a8..11e2526a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.20190201 +2.20190609
