xref: /external/selinux/libsemanage/ChangeLog

2.5-rc1 2016-01-07
	* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so, from Laurent Bigonville.
	* Store homedir_template and users_extra in policy store, from Steve Lawrence
	* Fix null pointer dereference in semanage_module_key_destroy, from Yuli Khodorkovskiy.
	* Add semanage_module_extract() to extract a module as CIL or HLL, from Yuli Khodorkovskiy.
	* semanage_migrate_store: add -r <root> option for migrating inside chroots, from Petr Lautrbach.
	* Add file_contexts and seusers to the store, from Yuli Khodorkovskiy.
	* Add policy binary and file_contexts.local to the store, from Yuli Khodorkovskiy.
	* Allow to install compressed modules without a compression extension,
	  from Petr Lautrbach.
	* Do not copy contexts in semanage_migrate_store, from Jason Zaman.
	* Fix logic in bunzip for uncompressed pp files, from Thomas Hurd.
	* Fix fname[] initialization in test_utilities.c, from Petr Lautrbach.
	* Add remove-hll semanage.conf option to remove HLL files after
	  compilation to CIL, from Yuli Khodorkovskiy
	* Fix memory leaks when parsing semanage.conf, from Yuli Khodorkovskiy
	* Change bunzip to use heap instead of stack to prevent segfault on
	  systems with small stack size, from Thomas Hurd.

2.4 2015-02-02
	* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
	  directories, from Steve Lawrence
	* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
	* Add missing manpage links to security_load_policy, from Laurent
	  Bigonville.
	* Fix failing libsemanage pywrap tests, from Nicolas Iooss
	* Fix deprecation warning for bison, from Ilya Frolov
	* Skip policy module relink when only setting booleans, from Stephen
	  Smalley
	* Fix typo in tests makefile, from Caleb Case
	* Only try to compile file contexts if they exist, from Steve Lawrence
	* Fix memory leak when setting a custom store path, from Yuli
	  Khodorkovskiy
	* Add semodule option to set store root path in semanage.conf and the
	  semodule command, from Yuli Khodorkovskiy
	* Add semanage.conf option to set an alternative root path for policy
	  store, from Yuli Khodorkovskiy
	* Add support for High Level Language (HLL) to CIL compilers. The HLL
	  compiler path is configurable, but should be placed in
	  /usr/libexec/selinux/hll by default, from Yuli Khodorkovskiy
	* Create a policy migration script for migrating the policy store from
	  /etc/selinux to /var/lib/selinux, from Caleb Case
	* Add python3 support to the migration script, from Jason Zaman
	* Use libcil to compile modules, from Steve Lawrence
	* Use symbolic versioning to maintain ABI compatibility for old install
	  functions, from Yuli Khodorkovskiy
	* Add a target-platform option to semanage.conf to control how policies
	  are built, from Steve Lawrence
	* Add API to handle modules and source policies, moving module store to
	  /var/lib/selinux, from Caleb Case
	* Only try to compile file contexts if they exist, from Steve Lawrence

2.3 2014-05-06
	* Fix memory leak in semanage_genhomedircon from Thomas Hurd.

2.2 2013-10-30
	* Avoid duplicate list entries from Dan Walsh.
	* Add audit support to libsemanage from Dan Walsh.
	* Remove policy.kern and replace with symlink from Dan Walsh.
	* Apply a MAX_UID check for genhomedircon from Laurent Bigonville.
	* Fix man pages from Laurent Bigonville.

2.1.10 2013-02-01
	* Add sefcontext_compile to compile regex everytime policy is rebuilt
	* Cleanup/fix enable/disable/remove module.
	* redo genhomedircon minuid
	* fixes from coverity
	* semanage_store: do not leak memory in semanage_exec_prog
	* genhomedircon: remove useless conditional in get_home_dirs
	* genhomedircon: double free in get_home_dirs
	* fcontext_record: do not leak on error in semanage_fcontext_key_create
	* genhomedircon: do not leak on failure in write_gen_home_dir_context
	* semanage_store: do not leak fd
	* genhomedircon: do not leak shells list
	* semanage_store: do not leak on strdup failure
	* semanage_store: rewrite for readability

2.1.9 2012-09-13
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* do boolean name substitution
	* Fix segfault for building standard policies.

2.1.8 2012-06-28
	* remove build warning when build swig c files
	* additional makefile support for rubywrap
	* ignore 80 column limit for readability
	* semanage_store: fix snprintf length argument by using asprintf
	* Use default semanage.conf as a fallback
	* use after free in python bindings

2.1.7 2012-03-28
	* Alternate path for semanage.conf
	* do not link against libpython, this is considered bad in Debian
	* Allow to build for several ruby version
	* fallback-user-level

2.1.6 2011-12-21
	* add ignoredirs config for genhomedircon
	* Fallback_user_level can be NULL if you are not using MLS

2.1.5 2011-11-03
	* regenerate .pc on VERSION change
	* maintain mode even if umask is tighter
	* semanage.conf man page
	* create man5dir if not exist

2.1.4 2011-09-15
	* Create a new preserve_tunables flag
	* tree: default make target to all not
	* fix semanage_store_access_check calling arguments

2.1.3 2011-08-26
	* python wrapper makefile changes

2.1.2 2011-08-17
	* print error debug info for buggy fc
	* introduce semanage_set_root and friends
	* throw exceptions in python rather than return
	* python3 support.
	* patch for MCS/MLS in user files

2.1.1 2011-08-01
	* Remove generated files, expand .gitignore
	* Use -Werror and change a few prototypes to support it

2.1.0 2011-07-27
	* Release, minor version bump

2.0.46 2010-12-16
	* Fix compliation under GCC 4.6 by Justin Mattock

2.0.45 2010-03-06
	* Add enable/disable patch support from Dan Walsh.
	* Add usepasswd flag to semanage.conf to disable genhomedircon using
	  passwd from Dan Walsh.
	* regenerate swig wrappers

2.0.44 2010-02-02
	* Replace usage of fmemopen() with sepol_policy_file_set_mem() since
	  glibc < 2.9 does not support binary mode ('b') for fmemopen'd
	  streams.

2.0.43 2009-11-27
	* Move libsemanage.so to /usr/lib
	* Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>

2.0.42 2009-11-18
	* Move load_policy from /usr/sbin to /sbin from Dan Walsh.

2.0.41 2009-10-29
	* Add pkgconfig file from Eamon Walsh.

2.0.40 2009-10-22
	* Add semanage_set_check_contexts() function to disable calling
	  setfiles

2.0.39 2009-09-24
	* make swigify

2.0.38 2009-09-16
	* Change semodule upgrade behavior to install even if the module
	  is not present from Dan Walsh.
	* Make genhomedircon trim excess '/' from homedirs from Dan Walsh.

2.0.37 2009-09-04
        * Fix persistent dontaudit support to rebuild policy if the
          dontaudit state is changed from Chad Sellers.

2.0.36 2009-08-24
	* Changed bzip-blocksize=0 handling to support existing compressed
	modules in the store.

2.0.35 2009-08-05
	* Revert hard linking of files between tmp/active/previous.

2.0.34 2009-08-05
	* Enable configuration of bzip behavior from Stephen Smalley.
	  bzip-blocksize=0 to disable compression and decompression support.
	  bzip-blocksize=1..9 to set the blocksize for compression.
	  bzip-small=true to reduce memory usage for decompression.

2.0.33 2009-07-07
	* Maintain disable dontaudit state from Christopher Pardy.

2.0.32 2009-05-28
	* Ruby bindings from David Quigley.

2.0.31 2009-01-12
	* Policy module compression (bzip) support from Dan Walsh.
	* Hard link files between tmp/active/previous from Dan Walsh.

2.0.30 2008-11-12
	* Add semanage_mls_enabled() interface from Stephen Smalley.

2.0.29 2008-11-11
	* Add USER to lines to homedir_template context file from Chris PeBenito.

2.0.28 2008-09-15
	* allow fcontext and seuser changes without rebuilding the policy from Dan Walsh

2.0.27 2008-08-05
	* Modify genhomedircon to skip %groupname entries.
	  Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax.

2.0.26 2008-07-29
	* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
	  Strip any trailing slash before appending /*$.

2.0.25 2008-04-21
	* Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
	  Fixes semanage boolean -D seg fault (bug 441379).

2.0.24 2008-02-26
	* make swigify

2.0.23 2008-02-04
	* Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.

2.0.22 2008-02-04
	* Free policydb before fork from Joshua Brindle.

2.0.21 2008-02-04
	* Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.

2.0.12 2008-02-02
	* Use sepol_set_expand_consume_base to reduce peak memory usage when
	  using semodule from Joshua Brindle.

2.0.19 2008-01-31
	* Fix genhomedircon to not override a file context with a homedir context from Todd Miller.

2.0.18 2008-01-28
	* Fix spurious out of memory error reports.

2.0.17 2008-01-25
	* Merged second version of fix for genhomedircon handling from Caleb Case.

2.0.16 2008-01-24
	* Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.

2.0.15 2007-12-05
	* Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
	* Copy the store path in semanage_select_store from Dan Walsh.

2.0.14 2007-11-05
	* Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.

2.0.13 2007-11-05
	* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.

2.0.12 2007-10-05
	* ustr cleanups from James Antill.
	* Ensure that /root gets labeled even if using the default context from Dan Walsh.

2.0.11 2007-09-28
	* Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.

2.0.10 2007-09-28
	* Fix error checking on getpw*_r functions from Todd Miller.
	* Make genhomedircon skip invalid homedir contexts from Todd Miller.
	* Set default user and prefix from seusers from Dan Walsh.
	* Add swigify Makefile target from Dan Walsh.

2.0.9 2007-09-24
	* Pass CFLAGS to CC even on link command, per Dennis Gilmore.

2.0.8 2007-09-19
	* Clear errno on non-fatal errors to avoid reporting them upon a
	  later error that does not set errno.

2.0.7 2007-09-19
	* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.

2.0.6 2007-09-10
	* Change to use getpw* function calls to the _r versions from Todd Miller.

2.0.5 2007-08-23
	* Replace genhomedircon script with equivalent functionality within
	  libsemanage and introduce disable-genhomedircon option in
	  semanage.conf from Todd Miller.
	  Note:  Depends on ustr.

2.0.4 2007-08-16
	* Allow dontaudits to be turned off via semanage interface when
	  updating policy from Joshua Brindle.

2.0.3 2007-04-25
	* Fix to libsemanage man patches so whatis will work better from Dan Walsh

2.0.2 2007-04-24
	* Merged optimizations from Stephen Smalley.
	  - do not set all booleans upon commit, only those whose values have changed
	  - only install the sandbox upon commit if something was rebuilt

2.0.1 2007-03-12
	* Merged dbase_file_flush patch from Dan Walsh.
	  This removes any mention of specific tools (e.g. semanage)
	  from the comment header of the auto-generated files,
	  since there are multiple front-end tools.

2.0.0 2007-02-20
	* Merged Makefile test target patch from Caleb Case.
	* Merged get_commit_number function rename patch from Caleb Case.
	* Merged strnlen -> strlen patch from Todd Miller.

1.10.1 2007-01-26
	* Merged python binding fix from Dan Walsh.

1.10.0 2007-01-18
	* Updated version for stable branch.

1.9.2 2007-01-08
	* Merged patch to optionally reduce disk usage by removing
	  the backup module store and linked policy from Karl MacMillan
	* Merged patch to correctly propagate return values in libsemanage

1.9.1 2006-11-27
	* Merged patch to compile wit -fPIC instead of -fpic from
	  Manoj Srivastava to prevent hitting the global offest table
	  limit. Patch changed to include libselinux and libsemanage in
	  addition to libsepol.

1.8 2006-10-17
	* Updated version for release.

1.6.17 2006-09-29
	* Merged patch to skip reload if no active store exists and
	  the store path doesn't match the active store path from Dan Walsh.
	* Merged patch to not destroy sepol handle on error path of
	  connect from James Athey.
	* Merged patch to add genhomedircon path to semanage.conf from
	  James Athey.

1.6.16 2006-08-14
	* Make most copy errors fatal, but allow exceptions for
	  file_contexts.local, seusers, and netfilter_contexts if
	  the source file does not exist in the store.

1.6.15 2006-08-11
	* Merged separate local file contexts patch from Chris PeBenito.

1.6.14 2006-08-11
	* Merged patch to make most copy errors non-fatal from Dan Walsh.

1.6.13 2006-08-03
	* Merged netfilter contexts support from Chris PeBenito.

1.6.12 2006-07-11
	* Merged support for read operations on read-only fs from
	  Caleb Case (Tresys Technology).

1.6.11 2006-06-29
	* Lindent.

1.6.10 2006-06-26
	* Merged setfiles location check patch from Dan Walsh.

1.6.9 2006-06-16
	* Merged several fixes from Serge Hallyn:
	     dbase_file_cache:  deref of uninit data on error path.
	     dbase_policydb_cache:  clear fp to avoid double fclose
	     semanage_fc_sort:  destroy temp on error paths

1.6.8 2006-06-02
	* Updated default location for setfiles to /sbin to
	  match policycoreutils.  This can also be adjusted via
	  semanage.conf using the syntax:
	  [setfiles]
	  path = /path/to/setfiles
	  args = -q -c $@ $<
	  [end]

1.6.7 2006-05-05
	* Merged fix warnings patch from Karl MacMillan.

1.6.6 2006-04-14
	* Merged updated file context sorting patch from Christopher
	  Ashworth, with bug fix for escaped character flag.

1.6.5 2006-04-13
	* Merged file context sorting code from Christopher Ashworth
	  (Tresys Technology), based on fc_sort.c code in refpolicy.

1.6.4 2006-04-12
	* Merged python binding t_output_helper removal patch from Dan Walsh.
	* Regenerated swig files.

1.6.3 2006-03-30
	* Merged corrected fix for descriptor leak from Dan Walsh.

1.6.2 2006-03-20
	* Merged Makefile PYLIBVER definition patch from Dan Walsh.

1.6.1 2006-03-20
	* Merged man page reorganization from Ivan Gyurdiev.

1.6 2006-03-14
	* Updated version for release.

1.5.31 2006-03-09
	* Merged abort early on merge errors patch from Ivan Gyurdiev.

1.5.30 2006-03-08
	* Cleaned up error handling in semanage_split_fc based on a patch
	  by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.

1.5.29 2006-02-21
	* Merged MLS handling fixes from Ivan Gyurdiev.

1.5.28 2006-02-16
	* Merged bug fix for fcontext validate handler from Ivan Gyurdiev.

1.5.27 2006-02-16
	* Merged base_merge_components changes from Ivan Gyurdiev.

1.5.26 2006-02-15
	* Merged paths array patch from Ivan Gyurdiev.
	* Merged bug fix patch from Ivan Gyurdiev.

1.5.25 2006-02-14
	* Merged improve bindings patch from Ivan Gyurdiev.

1.5.24 2006-02-14
	* Merged use PyList patch from Ivan Gyurdiev.
	* Merged memory leak fix patch from Ivan Gyurdiev.
	* Merged nodecon support patch from Ivan Gyurdiev.
	* Merged cleanups patch from Ivan Gyurdiev.
	* Merged split swig patch from Ivan Gyurdiev.

1.5.23 2006-02-13
	* Merged optionals in base patch from Joshua Brindle.

1.5.22 2006-02-13
	* Merged treat seusers/users_extra as optional sections patch from
	  Ivan Gyurdiev.
	* Merged parse_optional fixes from Ivan Gyurdiev.

1.5.21 2006-02-07
	* Merged seuser/user_extra support patch from Joshua Brindle.
	* Merged remote system dbase patch from Ivan Gyurdiev.

1.5.20 2006-02-02
	* Merged clone record on set_con patch from Ivan Gyurdiev.

1.5.19 2006-01-30
	* Merged fname parameter patch from Ivan Gyurdiev.
	* Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
	* Merged seusers.system patch from Ivan Gyurdiev.
	* Merged improve port/fcontext API patch from Ivan Gyurdiev.

1.5.18 2006-01-27
	* Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.

1.5.17 2006-01-27
	* Merged set_create_store, access_check, and is_connected interfaces
	  from Joshua Brindle.

1.5.16 2006-01-19
	* Regenerate python wrappers.

1.5.15 2006-01-18
	* Merged pywrap Makefile diff from Dan Walsh.
	* Merged cache management patch from Ivan Gyurdiev.
	* Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
	* Merged remove apply_local function patch from Ivan Gyurdiev.
	* Merged only do read locking in direct case patch from Ivan Gyurdiev.
	* Merged cache error path memory leak fix from Ivan Gyurdiev.
	* Merged auto-generated file header patch from Ivan Gyurdiev.
	* Merged pywrap test update from Ivan Gyurdiev.
	* Merged hidden defs update from Ivan Gyurdiev.

1.5.14 2006-01-13
	* Merged disallow port overlap patch from Ivan Gyurdiev.

1.5.13 2006-01-12
	* Merged join prereq and implementation patches from Ivan Gyurdiev.
	* Merged join user extra data part 2 patch from Ivan Gyurdiev.
	* Merged bugfix patch from Ivan Gyurdiev.

1.5.12 2006-01-12
	* Merged remove add_local/set_local patch from Ivan Gyurdiev.
	* Merged user extra data part 1 patch from Ivan Gyurdiev.
	* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
	* Merged calloc check in semanage_store patch from Ivan Gyurdiev,
	  bug noticed by Steve Grubb.
	* Merged cleanups after add/set removal patch from Ivan Gyurdiev.

1.5.11 2006-01-09
	* Merged fcontext compare fix from Ivan Gyurdiev.

1.5.10 2006-01-06
	* Fixed commit to return the commit number aka policy sequence number.

1.5.9 2006-01-06
	* Merged const in APIs patch from Ivan Gyurdiev.
	* Merged validation of local file contexts patch from Ivan Gyurdiev.
	* Merged compare2 function patch from Ivan Gyurdiev.
	* Merged hidden def/proto update patch from Ivan Gyurdiev.

1.5.8 2006-01-05
	* Re-applied string and file optimization patch from Russell Coker,
	  with bug fix.

1.5.7 2006-01-05
	* Reverted string and file optimization patch from Russell Coker.

1.5.6 2006-01-05
	* Clarified error messages from parse_module_headers and
	  parse_base_headers for base/module mismatches.

1.5.5 2006-01-05
	* Merged string and file optimization patch from Russell Coker.
	* Merged swig header reordering patch from Ivan Gyurdiev.
	* Merged toggle modify on add patch from Ivan Gyurdiev.
	* Merged ports parser bugfix patch from Ivan Gyurdiev.
	* Merged fcontext swig patch from Ivan Gyurdiev.
	* Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
	* Merged man pages for dbase functions patch from Ivan Gyurdiev.
	* Merged pywrap tests patch from Ivan Gyurdiev.

1.5.4 2006-01-04
	* Merged patch series from Ivan Gyurdiev.
	  This includes patches to:
	  - separate file rw code from linked list
	  - annotate objects
	  - fold together internal headers
	  - support ordering of records in compare function
	  - add active dbase backend, active booleans
	  - return commit numbers for ro database calls
	  - use modified flags to skip rebuild whenever possible
	  - enable port interfaces
	  - update swig interfaces and typemaps
	  - add an API for file_contexts.local and file_contexts
	  - flip the traversal order in iterate/list
	  - reorganize sandbox_expand
	  - add seusers MLS validation
	  - improve dbase spec/documentation
	  - clone record on set/add/modify

1.5.3 2005-12-14
	* Merged further header cleanups from Ivan Gyurdiev.

1.5.2 2005-12-13
	* Merged toggle modified flag in policydb_modify, fix memory leak
	  in clear_obsolete, polymorphism vs headers fix, and include guards
	  for internal headers patches from Ivan Gyurdiev.

1.5.1 2005-12-12
	* Added file-mode= setting to semanage.conf, default to 0644.
	  Changed semanage_copy_file and callers to use this mode when
	  installing policy files to runtime locations.

1.4 2005-12-07
	* Updated version for release.

1.3.64 2005-12-06
	* Changed semanage_handle_create() to set do_reload based on
	  is_selinux_enabled().  This prevents improper attempts to
	  load policy on a non-SELinux system.

1.3.63 2005-12-05
	* Dropped handle from user_del_role interface.

1.3.62 2005-12-05
	* Removed defrole interfaces.

1.3.61 2005-11-29
	* Merged Makefile python definitions patch from Dan Walsh.

1.3.60 2005-11-29
	* Removed is_selinux_mls_enabled() conditionals in seusers and users
	  file parsers.

1.3.59 2005-11-28
	* Merged wrap char*** for user_get_roles patch from Joshua Brindle.

1.3.58 2005-11-28
	* Merged remove defrole from sepol patch from Ivan Gyurdiev.

1.3.57 2005-11-28
	* Merged swig wrappers for modifying users and seusers from Joshua Brindle.

1.3.56 2005-11-16
	* Fixed free->key_free bug.

1.3.55 2005-11-16
	* Merged clear obsolete patch from Ivan Gyurdiev.

1.3.54 2005-11-15
	* Merged modified swigify patch from Dan Walsh
	  (original patch from Joshua Brindle).
	* Merged move genhomedircon call patch from Chad Sellers.

1.3.53 2005-11-10
	* Merged move seuser validation patch from Ivan Gyurdiev.
	* Merged hidden declaration fixes from Ivan Gyurdiev,
	  with minor corrections.

1.3.52 2005-11-09
	* Merged cleanup patch from Ivan Gyurdiev.
	  This renames semanage_module_conn to semanage_direct_handle,
	  and moves sepol handle create/destroy into semanage handle
	  create/destroy to allow use even when disconnected (for the
	  record interfaces).

1.3.51 2005-11-08
	* Clear modules modified flag upon disconnect and commit.

1.3.50 2005-11-08
        * Added tracking of module modifications and use it to
	  determine whether expand-time checks should be applied
	  on commit.

1.3.49 2005-11-08
	* Reverted semanage_set_reload_bools() interface.

1.3.48 2005-11-08
	* Disabled calls to port dbase for merge and commit and stubbed
	  out calls to sepol_port interfaces since they are not exported.

1.3.47 2005-11-08
	* Merged rename instead of copy patch from Joshua Brindle (Tresys).

1.3.46 2005-11-07
	* Added hidden_def/hidden_proto for exported symbols used within
	  libsemanage to eliminate relocations.  Wrapped type definitions
	  in exported headers as needed to avoid conflicts.  Added
	  src/context_internal.h and src/iface_internal.h.

1.3.45 2005-11-07
	* Added semanage_is_managed() interface to allow detection of whether
	  the policy is managed via libsemanage.  This enables proper handling
	  in setsebool for non-managed systems.

1.3.44 2005-11-07
	* Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
	  to enable runtime control over preserving active boolean values
	  versus reloading their saved settings upon commit.

1.3.43 2005-11-04
	* Merged seuser parser resync, dbase tracking and cleanup, strtol
	  bug, copyright, and assert space patches from Ivan Gyurdiev.

1.3.42 2005-11-04
	* Added src/*_internal.h in preparation for other changes.
 	* Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
          src/seusers.[hc].

1.3.41 2005-11-03
	* Merged interface parse/print, context_to_string interface change,
	  move assert_noeof, and order preserving patches from Ivan Gyurdiev.
        * Added src/dso.h in preparation for other changes.

1.3.40 2005-11-01
	* Merged install seusers, handle/error messages, MLS parsing,
	  and seusers validation patches from Ivan Gyurdiev.

1.3.39 2005-10-31
	* Merged record interface, dbase flush, common database code,
	  and record bugfix patches from Ivan Gyurdiev.

1.3.38 2005-10-27
	* Merged dbase policydb list and count change from Ivan Gyurdiev.

1.3.37 2005-10-27
	* Merged enable dbase and set relay patches from Ivan Gyurdiev.

1.3.36 2005-10-27
	* Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.

1.3.35 2005-10-26
	* Merged sepol handle passing, seusers support, and policydb cache
	  patches from Ivan Gyurdiev.

1.3.34 2005-10-25
	* Merged resync to sepol changes and booleans fixes/improvements
	  patches from Ivan Gyurdiev.

1.3.33 2005-10-25
	* Merged support for genhomedircon/homedir template, store selection,
	  explicit policy reload, and semanage.conf relocation from Joshua
	  Brindle.

1.3.32 2005-10-24
	* Merged resync to sepol changes and transaction fix patches from
	  Ivan Gyurdiev.

1.3.31 2005-10-21
	* Merged reorganize users patch from Ivan Gyurdiev.
	* Merged remove unused relay functions patch from Ivan Gyurdiev.

1.3.30 2005-10-20
	* Fixed policy file leaks in semanage_load_module and
	  semanage_write_module.
	* Merged further database work from Ivan Gyurdiev.

1.3.29 2005-10-20
	* Fixed bug in semanage_direct_disconnect.

1.3.28 2005-10-20
	* Merged interface renaming patch from Ivan Gyurdiev.
	* Merged policy component patch from Ivan Gyurdiev.

1.3.27 2005-10-20
	* Renamed 'check=' configuration value to 'expand-check=' for
	  clarity.
	* Changed semanage_commit_sandbox to check for and report errors
	  on rename(2) calls performed during rollback.

1.3.26 2005-10-19
	* Added optional check= configuration value to semanage.conf
	  and updated call to sepol_expand_module to pass its value
	  to control assertion and hierarchy checking on module expansion.

1.3.25 2005-10-19
	* Merged fixes for make DESTDIR= builds from Joshua Brindle.

1.3.24 2005-10-19
	* Merged default database from Ivan Gyurdiev.
	* Merged removal of connect requirement in policydb backend from
	  Ivan Gyurdiev.
	* Merged commit locking fix and lock rename from Joshua Brindle.
	* Merged transaction rollback in lock patch from Joshua Brindle.

1.3.23 2005-10-18
	* Changed default args for load_policy to be null, as it no longer
	  takes a pathname argument and we want to preserve booleans.

1.3.22 2005-10-18
	* Merged move local dbase initialization patch from Ivan Gyurdiev.
	* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
	* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.

1.3.21 2005-10-18
	* Added calls to sepol_policy_file_set_handle interface prior
	  to invoking sepol operations on policy files.
	* Updated call to sepol_policydb_from_image to pass the handle.

1.3.20 2005-10-17
	* Merged user and port APIs - policy database patch from Ivan
	Gyurdiev.

1.3.19 2005-10-17
	* Converted calls to sepol link_packages and expand_module interfaces
	from using buffers to using sepol handles for error reporting, and
	changed direct_connect/disconnect to create/destroy sepol handles.

1.3.18 2005-10-14
	* Merged bugfix patch from Ivan Gyurdiev.

1.3.17 2005-10-14
	* Merged seuser database patch from Ivan Gyurdiev.
	Merged direct user/port databases to the handle from Ivan Gyurdiev.

1.3.16 2005-10-14
	* Removed obsolete include/semanage/commit_api.h (leftover).
	Merged seuser record patch from Ivan Gyurdiev.

1.3.15 2005-10-14
	* Merged boolean and interface databases from Ivan Gyurdiev.

1.3.14 2005-10-13
	* Updated to use get interfaces for hidden sepol_module_package type.

1.3.13 2005-10-13
	* Changed semanage_expand_sandbox and semanage_install_active
	to generate/install the latest policy version supported	by libsepol
	by default (unless overridden by semanage.conf), since libselinux
	will now downgrade automatically for load_policy.

1.3.12 2005-10-13
	* Merged new callback-based error reporting system and ongoing
	database work from Ivan Gyurdiev.

1.3.11 2005-10-11
	* Fixed semanage_install_active() to use the same logic for
	selecting a policy version as semanage_expand_sandbox().  Dropped
	dead code from semanage_install_sandbox().

1.3.10 2005-10-07
	* Updated for changes to libsepol, and to only use types and interfaces
	provided by the shared libsepol.

1.3.9 2005-10-06
	* Merged further database work from Ivan Gyurdiev.

1.3.8 2005-10-04
	* Merged iterate, redistribute, and dbase split patches from
	Ivan Gyurdiev.

1.3.7 2005-09-30
	* Merged patch series from Ivan Gyurdiev.
	  (pointer typedef elimination, file renames, dbase work, backend
	   separation)

1.3.6 2005-09-28
	* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
	* Separated handle create from connect interface.
	* Added a constructor for initialization.
	* Moved up src/include/*.h to src.
	* Created a symbol map file; dropped dso.h and hidden markings.

1.3.5 2005-09-28
	* Merged major update to libsemanage organization and functionality
	from Karl MacMillan (Tresys).

1.3.4 2005-09-23
	* Merged dbase redesign patch from Ivan Gyurdiev.

1.3.3 2005-09-21
	* Merged boolean record, stub record handler, and status codes
	  patches from Ivan Gyurdiev.

1.3.2 2005-09-16
	* Merged stub iterator functionality from Ivan Gyurdiev.
	* Merged interface record patch from Ivan Gyurdiev.

1.3.1 2005-09-14
	* Merged stub functionality for managing user and port records,
	and record table code from Ivan Gyurdiev.

1.2 2005-09-06
	* Updated version for release.

1.1.6 2005-08-31
	* Merged semod.conf template patch from Dan Walsh (Red Hat),
	but restored location to /usr/share/semod/semod.conf.

1.1.5 2005-08-30
	* Fixed several bugs found by valgrind.
	* Fixed bug in prior patch for the semod_build_module_list leak.

1.1.4 2005-08-25
	* Merged errno fix from Joshua Brindle (Tresys).
	* Merged fix for semod_build_modules_list leak on error path
	  from Serge Hallyn (IBM).  Bug found by Coverity.

1.1.3 2005-08-22
	* Merged several fixes from Serge Hallyn (IBM).  Bugs found by
	  Coverity.
	* Fixed several other bugs and warnings.

1.1.2 2005-08-02
	* Merged patch to move module read/write code from libsemanage
	  to libsepol from Jason Tang (Tresys).

1.1.1 2005-08-02
	* Merged relay records patch from Ivan Gyurdiev.
	* Merged key extract patch from Ivan Gyurdiev.

1.0 2005-07-27
	* Initial version.