From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-998375-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 6B29C138206
	for <garchives@archives.gentoo.org>; Thu, 18 Jan 2018 16:37:16 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id EEDB6E08D4;
	Thu, 18 Jan 2018 16:37:12 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BEC97E08D4
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 Jan 2018 16:37:12 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 8D580335C46
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 Jan 2018 16:37:11 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id B4D0B1CA
	for <gentoo-commits@lists.gentoo.org>; Thu, 18 Jan 2018 16:37:07 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1516292775.d356cc2603d590a9ad14d47b09fb3a84ff7f2fce.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/Changelog
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: d356cc2603d590a9ad14d47b09fb3a84ff7f2fce
X-VCS-Branch: master
Date: Thu, 18 Jan 2018 16:37:07 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: bf72f1d0-fe66-47d8-a651-0ece8cbda824
X-Archives-Hash: 8c71f5e54bab363dff985beb1defbc8a

commit:     d356cc2603d590a9ad14d47b09fb3a84ff7f2fce
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Jan 14 19:08:09 2018 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Jan 18 16:26:15 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d356cc26

Update Changelog for release.

 policy/modules/contrib/Changelog | 156 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 156 insertions(+)

diff --git a/policy/modules/contrib/Changelog b/policy/modules/contrib/Changelog
index 2a6e15b4..1596ba77 100644
--- a/policy/modules/contrib/Changelog
+++ b/policy/modules/contrib/Changelog
@@ -1,3 +1,159 @@
+* Sun Jan 14 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180114
+Chad Hanson (1):
+      Allow rpm to relabel files at all levels
+
+Chris PeBenito (46):
+      Remove deprecated interfaces more than one year old.
+      Remove complement and wildcard in allow rules.
+      Merge branch 'master' of git://github.com/teg/refpolicy-contrib
+      dbus: Module version bump for dbus-broker patch from Tom Gundersen.
+      Module version bump for patches from Guido Trentalancia.
+      Module version bumps for patches from David Sugar.
+      dhcp, logrotate: Module version bump.
+      Module version bumps for chkrootkit, dkim, dmidecode, portage, and
+         rkhunter.
+      Module version bumps.
+      spamassassin: Move lines.
+      mandb, spamassassin: Module version bumps.
+      spamassassin: Fix build error.
+      spamassassin: Add missing requirement in spamassassin_admin().
+      dphysswapfile: Module version bump.
+      gpg, pulseaudio, rpc: Module version bump.
+      dnsmasq, gnome, mon, mta, openoffice, pulseaudio, wm: Version bumps.
+      Revert "postfix: Some table drivers (notably cdb) need to mmap() their
+         databases"
+      java, mozilla, mta, postfix: Module version bump.
+      portage: Fix usr_t map interface usage.
+      apache, portage: Module version bump.
+      dbus, policykit, wm: Module version bump.
+      dbus: Add comment.
+      Merge branch 'nm_audit' of git://github.com/bigon/refpolicy-contrib
+      networkmanager: Module version bump.
+      virt: Move a line.
+      alsa, mon, virt: Module version bump.
+      gpg, mozilla, rpc: Module version bump.
+      Several module version bumps.
+      blueman, evolution, gpg, mozilla, openoffice, thunderbird, wireshark, wm:
+         Module version bump.
+      wm: Module version bump.
+      networkmanager: Move line.
+      networkmanager: Module version bump.
+      Merge branch 'pkcs' of https://github.com/dodys/refpolicy-contrib
+      pkcs: Rename pkcs_slotd_unit_file_t.
+      pkcs: Module version bump.
+      accountsd, policykit: Module version bump.
+      dbus, devicekit, modemmanager, networkmanager, virt: Module version bump.
+      modemmanager: Move lines.
+      rpm: Module version bump.
+      cachefilesd, dbus, dirmngr, gnome, gpg, pulseaudio: Module version bump.
+      Replace deprecated mmap perm sets and pattern usage.
+      gssproxy: Module version bump.
+      monit: Module version bump.
+      apache, dkim, monit: Module version bump.
+      spamassassin: Module version bump.
+      Bump module versions for release.
+
+Christian Göttsche (20):
+      dkim: align filecontexts
+      dkim: update
+      milter: align filecontexts
+      apache: align filecontexts
+      dmidecode: use userdom_use_inherited_user_terminals
+      spamassassin: align filecontexts
+      chkrootkit: update
+      rkhunter: add several missing permission
+      fakehwclock: update
+      milter: update
+      mandb: fixes for systemd timer and /usr/local/man label
+      spamassassin: update
+      dphysswapfile: fix swapfile creation
+      apache: update
+      monit: update
+      dkim: align file contexts
+      dkim: update
+      apache: update
+      monit: read /usr/share/ca-certificates for cert verification
+      spamassassin: fix missing perms
+
+Daniel Jurgens (1):
+      networkmanager: Grant access to unlabeled PKeys
+
+David Sugar (5):
+      mon: move rpc_* into optional
+      wm: consolidate networkmanger interface calls into single optional
+      cron: optional_policy for mta_* interfaces
+      Label /usr/bin/mutter
+      Allow to read /proc/sys/crypto/fips_enabled
+
+Eduardo Barretto (2):
+      Update pkcs policy to include pkccsslotd.service
+      Update missing permissions for pkcs
+
+Guido Trentalancia (13):
+      libmtp: read symlinks in user home directories
+      spamassassin: update rules for the Bayesian classifier trainer
+      wm: let gnome-shell start properly
+      gnome: keyring daemon dbus policy update
+      gnome: keyring daemon read SELinux config
+      openoffice: improve temporary directories' operations
+      pulseaudio: general update
+      wm: gnome-shell SELinux integration
+      mozilla: run Java Web Start applications
+      wm: run PolicyKit
+      dbus: read user home content files
+      mozilla: read generic SSL certificates
+      contrib: use the new SSL private keys type (was: "let the mozilla and
+         other domains read generic SSL certificates")
+
+Jason Zaman (12):
+      cgmanager: Apply auth_use_nsswitch interface
+      alsa: needs to map its tmpfs files
+      virt: add policy for virtlogd
+      virt: updated perms for starting guests
+      gssproxy: add policy
+      rpc: Allow stream connect to gssproxy
+      gpg: search dir when connecting to agent socket
+      dirmngr: allow filetrans in gpg_runtime_t
+      gpg: Add gpg_agent_use_card boolean for OpenPGP cards
+      cachefilesd: make cachefilesd_cache_t a mountpoint
+      Set user_runtime_content_type for all remaining types in /run/user/%{UID}/
+      gssproxy: allow writing kerberos rcache
+
+Jason Zaman via refpolicy (3):
+      pulseaudio: Add neccessary map permissions
+      gpg: add fcontexts for user runtime sockets
+      rpc: add sm-notify pid fcontext
+
+Laurent Bigonville (2):
+      Allow NetworkManager to write to audit
+      Call systemd_write_inherited_logind_inhibit_pipes() where needed
+
+Luis Ressel (12):
+      portage: Allow portage_t and portage_sandbox_t to access locale_t
+      postfix: Some table drivers (notably cdb) need to mmap() their databases
+      portage: Grant the map permissions neccessary for git and install
+      alsa: alsactl needs to map its configuration
+      mozilla: Add neccessary map permissions
+      mandb: man-db needs to map its 'index.db' cache
+      portage: Remove nonsensical dontaudit of an allowed permission
+      portage: Transition to ldconfig_t when calling ldconfig
+      postfix: Some table drivers (notably cdb) need to mmap() their databases
+      postfix: Silence cap_dac_read_search denials
+      portage: Grant portage the map permission on usr_t
+      Allow gtk apps to map usr_t files
+
+Nicolas Iooss (2):
+      dbus: move comments out of the file context definitions
+      logrotate: allow systemd to start logrotate
+
+Russell Coker (3):
+      udev and dhcpd
+      minor nspawn, dnsmasq, and mon patches
+      refpolicy and certs
+
+Tom Gundersen (1):
+      dbus: add policy for dbus-broker
+
 * Sat Aug 05 2017 Chris PeBenito <pebenito@ieee.org> - 2.20170805
 Chris PeBenito (82):
       Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.