diff --git a/SOURCES/0001-Fix-selinux-man-page-to-refer-seinfo-and-sesearch-to.patch b/SOURCES/0001-Fix-selinux-man-page-to-refer-seinfo-and-sesearch-to.patch
index f68a699..f6343b4 100644
--- a/SOURCES/0001-Fix-selinux-man-page-to-refer-seinfo-and-sesearch-to.patch
+++ b/SOURCES/0001-Fix-selinux-man-page-to-refer-seinfo-and-sesearch-to.patch
@@ -1,7 +1,7 @@
From f71fc47524bef3c4cd8a412e43d13daebd1c418b Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Wed, 16 Jul 2014 08:28:03 +0200
-Subject: [PATCH 1/5] Fix selinux man page to refer seinfo and sesearch tools.
+Subject: [PATCH] Fix selinux man page to refer seinfo and sesearch tools.
---
libselinux/man/man8/selinux.8 | 4 +++-
diff --git a/SOURCES/0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch b/SOURCES/0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch
index 7a0a001..24f28e6 100644
--- a/SOURCES/0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch
+++ b/SOURCES/0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch
@@ -1,7 +1,7 @@
From ad3d3a0bf819f5895a6884357c2d0e18ea1ef314 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 23 Dec 2013 09:50:54 -0500
-Subject: [PATCH 2/5] Verify context input to funtions to make sure the context
+Subject: [PATCH] Verify context input to funtions to make sure the context
field is not null.
Return errno EINVAL, to prevent segfault.
diff --git a/SOURCES/0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch b/SOURCES/0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch
index 0c8d92c..9a11fa7 100644
--- a/SOURCES/0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch
+++ b/SOURCES/0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch
@@ -1,8 +1,8 @@
-From 431f72836d6c02450725cf6ffb1c7223b9fa6acc Mon Sep 17 00:00:00 2001
+From a6e839be2c5a77c22a8c72cad001e3f87eaedf2e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 11 Mar 2019 15:26:43 +0100
-Subject: [PATCH 3/5] libselinux: Allow to override OVERRIDE_GETTID from
- command line
+Subject: [PATCH] libselinux: Allow to override OVERRIDE_GETTID from command
+ line
$ make CFLAGS="$CFLAGS -DOVERRIDE_GETTID=0" ...
diff --git a/SOURCES/0004-Bring-some-old-permission-and-flask-constants-back-t.patch b/SOURCES/0004-Bring-some-old-permission-and-flask-constants-back-t.patch
index c0d7f6a..f238dd0 100644
--- a/SOURCES/0004-Bring-some-old-permission-and-flask-constants-back-t.patch
+++ b/SOURCES/0004-Bring-some-old-permission-and-flask-constants-back-t.patch
@@ -1,8 +1,8 @@
-From dca54ca1a8ab0b256e7834f7f5e97375427fbfd9 Mon Sep 17 00:00:00 2001
+From be420729fbf4adc8b32ca3722fa6ca46bb51413d Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 27 Feb 2019 09:37:17 +0100
-Subject: [PATCH 4/5] Bring some old permission and flask constants back to
- Python bindings
+Subject: [PATCH] Bring some old permission and flask constants back to Python
+ bindings
---
libselinux/src/selinuxswig.i | 4 ++++
diff --git a/SOURCES/0005-libselinux-add-missing-av_permission-values.patch b/SOURCES/0005-libselinux-add-missing-av_permission-values.patch
index 721e127..34acc85 100644
--- a/SOURCES/0005-libselinux-add-missing-av_permission-values.patch
+++ b/SOURCES/0005-libselinux-add-missing-av_permission-values.patch
@@ -1,7 +1,7 @@
-From 8384ffa7a371c8845c145951363da5d978ab98b5 Mon Sep 17 00:00:00 2001
+From 903c54bf62ffba3c95e22e74c9c43838cd3935a0 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Tue, 28 Feb 2017 16:12:43 +0100
-Subject: [PATCH 5/5] libselinux: add missing av_permission values
+Subject: [PATCH] libselinux: add missing av_permission values
Add missing av_permission values to av_permissions.h for the sake of
completeness (this interface is obsolete - these values are now
diff --git a/SOURCES/0006-libselinux-Use-Python-distutils-to-install-SELinux-p.patch b/SOURCES/0006-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
new file mode 100644
index 0000000..b4306d8
--- /dev/null
+++ b/SOURCES/0006-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
@@ -0,0 +1,177 @@
+From 67d490a38a319126f371eaf66a5fc922d7005b1f Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 16 May 2019 15:01:59 +0200
+Subject: [PATCH] libselinux: Use Python distutils to install SELinux python
+ bindings
+
+SWIG-4.0 changed its behavior so that it uses: from . import _selinux which
+looks for _selinux module in the same directory as where __init__.py is -
+$(PYLIBDIR)/site-packages/selinux. But _selinux module is installed into
+$(PYLIBDIR)/site-packages/ since a9604c30a5e2f ("libselinux: Change the location
+of _selinux.so").
+
+In order to prevent such breakage in future use Python's distutils instead of
+building and installing python bindings manually in Makefile.
+
+Fixes:
+>>> import selinux
+Traceback (most recent call last):
+ File "<stdin>", line 1, in <module>
+ File "/usr/lib64/python3.7/site-packages/selinux/__init__.py", line 13, in <module>
+ from . import _selinux
+ImportError: cannot import name '_selinux' from 'selinux' (/usr/lib64/python3.7/site-packages/selinux/__init__.py)
+>>>
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ libselinux/src/.gitignore | 2 +-
+ libselinux/src/Makefile | 37 ++++++++-----------------------------
+ libselinux/src/setup.py | 24 ++++++++++++++++++++++++
+ 3 files changed, 33 insertions(+), 30 deletions(-)
+ create mode 100644 libselinux/src/setup.py
+
+diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore
+index 4dcc3b3b..428afe5a 100644
+--- a/libselinux/src/.gitignore
++++ b/libselinux/src/.gitignore
+@@ -1,4 +1,4 @@
+ selinux.py
+-selinuxswig_wrap.c
++selinuxswig_python_wrap.c
+ selinuxswig_python_exception.i
+ selinuxswig_ruby_wrap.c
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index e9ed0383..826c830c 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -36,7 +36,7 @@ TARGET=libselinux.so
+ LIBPC=libselinux.pc
+ SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
+ SWIGRUBYIF= selinuxswig_ruby.i
+-SWIGCOUT= selinuxswig_wrap.c
++SWIGCOUT= selinuxswig_python_wrap.c
+ SWIGPYOUT= selinux.py
+ SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
+ SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
+@@ -55,7 +55,7 @@ ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+ endif
+
+-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
++GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
+ SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
+
+ MAX_STACK_SIZE=32768
+@@ -125,25 +125,18 @@ DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
+ SRCS:= $(filter-out label_backends_android.c, $(SRCS))
+ endif
+
+-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
+-
+ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
+
+ all: $(LIBA) $(LIBSO) $(LIBPC)
+
+-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
++pywrap: all selinuxswig_python_exception.i
++ CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
+
+ rubywrap: all $(SWIGRUBYSO)
+
+-$(SWIGLOBJ): $(SWIGCOUT)
+- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+-
+ $(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+
+-$(SWIGSO): $(SWIGLOBJ)
+- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
+-
+ $(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
+
+@@ -161,29 +154,15 @@ $(LIBPC): $(LIBPC).in ../VERSION
+ selinuxswig_python_exception.i: ../include/selinux/selinux.h
+ bash -e exception.sh > $@ || (rm -f $@ ; false)
+
+-$(AUDIT2WHYLOBJ): audit2why.c
+- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
+-
+-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
+- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
+-
+ %.o: %.c policy.h
+ $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+
+ %.lo: %.c policy.h
+ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+-$(SWIGCOUT): $(SWIGIF)
+- $(SWIG) $<
+-
+-$(SWIGPYOUT): $(SWIGCOUT)
+-
+ $(SWIGRUBYCOUT): $(SWIGRUBYIF)
+ $(SWIGRUBY) $<
+
+-swigify: $(SWIGIF)
+- $(SWIG) $<
+-
+ install: all
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+@@ -194,10 +173,8 @@ install: all
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+
+ install-pywrap: pywrap
+- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
+- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
+- install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
++ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++ install -m 644 selinux.py $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+
+ install-rubywrap: rubywrap
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+@@ -208,6 +185,8 @@ relabel:
+
+ clean-pywrap:
+ -rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
++ $(PYTHON) setup.py clean
++ -rm -rf build *~ \#* *pyc .#*
+
+ clean-rubywrap:
+ -rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
+diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
+new file mode 100644
+index 00000000..b12e7869
+--- /dev/null
++++ b/libselinux/src/setup.py
+@@ -0,0 +1,24 @@
++#!/usr/bin/python3
++
++from distutils.core import Extension, setup
++
++setup(
++ name="selinux",
++ version="2.9",
++ description="SELinux python 3 bindings",
++ author="SELinux Project",
++ author_email="selinux@vger.kernel.org",
++ ext_modules=[
++ Extension('selinux._selinux',
++ sources=['selinuxswig_python.i'],
++ include_dirs=['../include'],
++ library_dirs=['.'],
++ libraries=['selinux']),
++ Extension('selinux.audit2why',
++ sources=['audit2why.c'],
++ include_dirs=['../include'],
++ library_dirs=['.'],
++ libraries=['selinux'],
++ extra_link_args=['-l:libsepol.a'])
++ ],
++)
+--
+2.21.0
+
diff --git a/SOURCES/0007-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch b/SOURCES/0007-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch
new file mode 100644
index 0000000..a064418
--- /dev/null
+++ b/SOURCES/0007-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch
@@ -0,0 +1,44 @@
+From 6ec8116ee64a25a0c5eb543f0b12ed25f1348c45 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 27 Jun 2019 11:17:13 +0200
+Subject: [PATCH] libselinux: Do not use SWIG_CFLAGS when Python bindings are
+ built
+
+Fixes:
+https://rpmdiff.engineering.redhat.com/run/410372/7/
+
+Detecting usr/lib64/python3.6/site-packages/selinux/audit2why.cpython-36m-x86_64-linux-gnu.so with not-hardened warnings '
+Hardened: audit2why.cpython-36m-x86_64-linux-gnu.so: FAIL: Gaps were detected in the annobin coverage. Run with -v to list.
+' on x86_64
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ libselinux/src/Makefile | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 826c830c..f64f23a8 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -104,9 +104,6 @@ FTS_LDLIBS ?=
+
+ override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
+
+-SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
+- -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
+-
+ RANLIB ?= ranlib
+
+ ARCH := $(patsubst i%86,i386,$(shell uname -m))
+@@ -130,7 +127,7 @@ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
+ all: $(LIBA) $(LIBSO) $(LIBPC)
+
+ pywrap: all selinuxswig_python_exception.i
+- CFLAGS="$(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
++ $(PYTHON) setup.py build_ext -I $(DESTDIR)$(INCLUDEDIR) -L $(DESTDIR)$(LIBDIR)
+
+ rubywrap: all $(SWIGRUBYSO)
+
+--
+2.21.0
+
diff --git a/SOURCES/0008-Fix-mcstrans-secolor-examples.patch b/SOURCES/0008-Fix-mcstrans-secolor-examples.patch
new file mode 100644
index 0000000..d2c91ef
--- /dev/null
+++ b/SOURCES/0008-Fix-mcstrans-secolor-examples.patch
@@ -0,0 +1,66 @@
+From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 2 Jul 2019 14:09:05 +0200
+Subject: [PATCH] Fix mcstrans secolor examples
+
+According to "check_dominance" function:
+Range defined as "s15:c0.c1023" does not dominate any other range than
+ "s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
+While range defined as "s15-s15:c0.c1023" dominates all of the above.
+
+This is either a bug, or "s15:c0.c1023" should not be used in the
+examples.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ libselinux/man/man5/secolor.conf.5 | 4 ++--
+ libselinux/man/ru/man5/secolor.conf.5 | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libselinux/man/man5/secolor.conf.5 b/libselinux/man/man5/secolor.conf.5
+index b834577a..a3bf2da1 100644
+--- a/libselinux/man/man5/secolor.conf.5
++++ b/libselinux/man/man5/secolor.conf.5
+@@ -123,7 +123,7 @@ range s7\-s7:c0.c1023 = black red
+ .br
+ range s9\-s9:c0.c1023 = black orange
+ .br
+-range s15:c0.c1023 = black yellow
++range s15\-s15:c0.c1023 = black yellow
+ .RE
+
+ .sp
+@@ -165,7 +165,7 @@ type xguest_t = black green
+ .br
+ user sysadm_u = white black
+ .br
+-range s0:c0.c1023 = black white
++range s0-s0:c0.c1023 = black white
+ .br
+ user * = black white
+ .br
+diff --git a/libselinux/man/ru/man5/secolor.conf.5 b/libselinux/man/ru/man5/secolor.conf.5
+index 4c1236ae..bcae80c1 100644
+--- a/libselinux/man/ru/man5/secolor.conf.5
++++ b/libselinux/man/ru/man5/secolor.conf.5
+@@ -121,7 +121,7 @@ range s7\-s7:c0.c1023 = black red
+ .br
+ range s9\-s9:c0.c1023 = black orange
+ .br
+-range s15:c0.c1023 = black yellow
++range s15\-s15:c0.c1023 = black yellow
+ .RE
+
+ .sp
+@@ -163,7 +163,7 @@ type xguest_t = black green
+ .br
+ user sysadm_u = white black
+ .br
+-range s0:c0.c1023 = black white
++range s0\-s0:c0.c1023 = black white
+ .br
+ user * = black white
+ .br
+--
+2.21.0
+
diff --git a/SPECS/libselinux.spec b/SPECS/libselinux.spec
index 5205b43..83af24c 100644
--- a/SPECS/libselinux.spec
+++ b/SPECS/libselinux.spec
@@ -6,7 +6,7 @@
%endif
%define libsepolver 2.9-1
-%define libselinuxrelease 1
+%define libselinuxrelease 3
Summary: SELinux library and simple utilities
Name: libselinux
@@ -24,6 +24,9 @@ Patch0002: 0002-Verify-context-input-to-funtions-to-make-sure-the-co.patch
Patch0003: 0003-libselinux-Allow-to-override-OVERRIDE_GETTID-from-co.patch
Patch0004: 0004-Bring-some-old-permission-and-flask-constants-back-t.patch
Patch0005: 0005-libselinux-add-missing-av_permission-values.patch
+Patch0006: 0006-libselinux-Use-Python-distutils-to-install-SELinux-p.patch
+Patch0007: 0007-libselinux-Do-not-use-SWIG_CFLAGS-when-Python-bindin.patch
+Patch0008: 0008-Fix-mcstrans-secolor-examples.patch
BuildRequires: gcc
%if 0%{?with_ruby}
@@ -55,7 +58,7 @@ process and file security contexts and to obtain security policy
decisions. Required for any applications that use the SELinux API.
%package utils
-Summary: SELinux libselinux utilies
+Summary: SELinux libselinux utilities
Requires: %{name}%{?_isa} = %{version}-%{release}
%description utils
@@ -182,8 +185,10 @@ echo "d %{_rundir}/setrans 0755 root root" > %{buildroot}%{_tmpfilesdir}/libseli
%if 0%{?with_python2}
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
InstallPythonWrapper %{__python2}
+mv %{buildroot}%{python2_sitearch}/selinux/_selinux.so %{buildroot}%{python2_sitearch}/
%endif
InstallPythonWrapper %{__python3}
+mv %{buildroot}%{python3_sitearch}/selinux/_selinux.*.so %{buildroot}%{python3_sitearch}/
%if 0%{?with_ruby}
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" BINDIR="%{_bindir}" SBINDIR="%{_sbindir}" RUBYINSTALL=%{ruby_vendorarchdir} install install-rubywrap
@@ -219,7 +224,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%license LICENSE
%{_libdir}/libselinux.so.*
%dir %{_rundir}/setrans/
-%{_sbindir}/sefcontext_compile
%{_tmpfilesdir}/libselinux.conf
%files utils
@@ -227,6 +231,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/getenforce
%{_sbindir}/getsebool
%{_sbindir}/matchpathcon
+%{_sbindir}/sefcontext_compile
%{_sbindir}/selinuxconlist
%{_sbindir}/selinuxdefcon
%{_sbindir}/selinuxexeccon
@@ -255,11 +260,13 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%files -n libselinux-python
%{python2_sitearch}/selinux/
%{python2_sitearch}/_selinux.so
+%{python2_sitearch}/selinux-%{version}-*
%endif
%files -n python3-libselinux
%{python3_sitearch}/selinux/
%{python3_sitearch}/_selinux.*.so
+%{python3_sitearch}/selinux-%{version}-*
%if 0%{?with_ruby}
%files ruby
@@ -267,6 +274,13 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%endif
%changelog
+* Fri Nov 08 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
+- Fix mcstrans secolor examples in secolor.conf man page (#1770270)
+
+* Mon Jun 24 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2.1
+- Use Python distutils to install SELinux python bindings (#1719771)
+- Move sefcontext_compile to -utils package (#1612518)
+
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release