1.27.10 2005-10-17

	* Changed getseuserbyname to ignore empty lines and to handle

	no matching entry in the same manner as no seusers file.

1.27.9 2005-10-13

	* Changed selinux_mkload_policy to try downgrading the

	latest policy version available to the kernel-supported version.

1.27.8 2005-10-11

	* Changed selinux_mkload_policy to fall back to the maximum

	policy version supported by libsepol if the kernel policy version

	falls outside of the supported range.

1.27.7 2005-10-06

	* Changed getseuserbyname to fall back to the Linux username and

	NULL level if seusers config file doesn't exist unless 

	REQUIRESEUSERS=1 is set in /etc/selinux/config.

	* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.

1.27.6 2005-10-06

	* Added selinux_init_load_policy() function as an even higher level

	interface for the initial policy load by /sbin/init.  This obsoletes

	the load_policy() function in the sysvinit-selinux.patch. 

1.27.5 2005-10-06

	* Added selinux_mkload_policy() function as a higher level interface

	for loading policy than the security_load_policy() interface.

1.27.4 2005-10-05

	* Merged fix for matchpathcon (regcomp error checking) from Johan

	Fischer.  Also added use of regerror to obtain the error string

	for inclusion in the error message.

1.27.3 2005-10-03

	* Changed getseuserbyname to not require (and ignore if present)

	the MLS level in seusers.conf if MLS is disabled, setting *level

	to NULL in this case.

1.27.2 2005-09-30

	* Merged getseuserbyname patch from Dan Walsh.

1.27.1 2005-09-19

	* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.  

	  This allows file_contexts with MLS fields to be processed on 

	  non-MLS-enabled systems with policies that are otherwise 

	  identical (e.g. same type definitions).

	* Merged get_ordered_context_list_with_level() function from

	  Dan Walsh, and added get_default_context_with_level().

	  This allows MLS level selection for users other than the

	  default level.

1.26 2005-09-06

	* Updated version for release.

1.25.7 2005-09-01

	* Merged modified form of patch to avoid dlopen/dlclose by

	the static libselinux from Dan Walsh.  Users of the static libselinux

	will not have any context translation by default.

1.25.6 2005-08-31

	* Added public functions to export context translation to

	users of libselinux (selinux_trans_to_raw_context,

	selinux_raw_to_trans_context).

1.25.5 2005-08-26

	* Remove special definition for context_range_set; use

	common code.

1.25.4 2005-08-25

	* Hid translation-related symbols entirely and ensured that 

	raw functions have hidden definitions for internal use.

	* Allowed setting NULL via context_set* functions.

	* Allowed whitespace in MLS component of context.

	* Changed rpm_execcon to use translated functions to workaround

	lack of MLS level on upgraded systems.

1.25.3 2005-08-23

	* Merged context translation patch, originally by TCS,

	  with modifications by Dan Walsh (Red Hat).

1.25.2 2005-08-11

	* Merged several fixes for error handling paths in the

	  AVC sidtab, matchpathcon, booleans, context, and get_context_list

	  code from Serge Hallyn (IBM).   Bugs found by Coverity.

1.25.1 2005-08-10

	* Removed setupns; migrated to pam.

	* Merged patches to rename checkPasswdAccess() from Joshua Brindle.

	  Original symbol is temporarily retained for compatibility until 

	  all callers are updated.

1.24 2005-06-20

	* Updated version for release.

1.23.12 2005-06-13

	* Merged security_setupns() from Chad Sellers.

1.23.11 2005-05-19

	* Merged avcstat and selinux man page from Dan Walsh.

	* Changed security_load_booleans to process booleans.local 

	  even if booleans file doesn't exist.

1.23.10 2005-04-29

	* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).

1.23.9 2005-04-26

	* Rewrote get_ordered_context_list and helpers, including

	  changing logic to allow variable MLS fields.

1.23.8 2005-04-25

	* Merged matchpathcon and man page patch from Dan Walsh.

1.23.7 2005-04-12

	* Changed boolean functions to return -1 with errno ENOENT 

	  rather than assert on a NULL selinux_mnt (i.e. selinuxfs not

	  mounted).

1.23.6 2005-04-08

	* Fixed bug in matchpathcon_filespec_destroy.

1.23.5 2005-04-05

	* Fixed bug in rpm_execcon error handling path.

1.23.4 2005-04-04

	* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.

	* Merged fix for getconlist utility from Andreas Steinmetz.

1.23.3 2005-03-29

	* Merged security_set_boolean_list patch from Dan Walsh.

	  This introduces booleans.local support for setsebool.

1.23.2 2005-03-17

	* Merged destructors patch from Tomas Mraz.

1.23.1 2005-03-16

	* Added set_matchpathcon_flags() function for setting flags

	  controlling operation of matchpathcon.  MATCHPATHCON_BASEONLY

	  means only process the base file_contexts file, not 

	  file_contexts.homedirs or file_contexts.local, and is for use by

	  setfiles -c.

	* Updated matchpathcon.3 man page.

1.22 2005-03-09

	* Updated version for release.

1.21.13 2005-03-08

	* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.

1.21.12 2005-03-01

	* Changed matchpathcon_common to ignore any non-format bits in the mode.

1.21.11 2005-02-22

	* Merged several fixes from Ulrich Drepper.

1.21.10 2005-02-17

	* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.

	* Added selinux_users_path() for path to directory containing

	  system.users and local.users.

1.21.9 2005-02-09

	* Changed relabel Makefile target to use restorecon.

1.21.8 2005-02-07

	* Regenerated av_permissions.h.

1.21.7 2005-02-01

	* Modified avc_dump_av to explicitly check for any permissions that

	  cannot be mapped to string names and display them as a hex value.

1.21.6 2005-01-31

	* Regenerated av_permissions.h.

1.21.5 2005-01-28

	* Generalized matchpathcon internals, exported more interfaces,

	  and moved additional code from setfiles into libselinux so that

	  setfiles can directly use matchpathcon.

1.21.4 2005-01-27

	* Prevent overflow of spec array in matchpathcon.

1.21.3 2005-01-26

	* Fixed several uses of internal functions to avoid relocations.

	* Changed rpm_execcon to check is_selinux_enabled() and fallback to

	  a regular execve if not enabled (or unable to determine due to a lack

	  of /proc, e.g. chroot'd environment).

1.21.2 2005-01-24

	* Merged minor fix for avcstat from Dan Walsh.

1.21.1 2005-01-19

	* Merged patch from Dan Walsh, including:

	     - new is_context_customizable function

	     - changed matchpathcon to also use file_contexts.local if present

	     - man page cleanups

1.20 2005-01-04

	* Changed matchpathcon to return -1 with errno ENOENT for 

	  <<none>> entries, and also for an empty file_contexts configuration.

	* Removed some trivial utils that were not useful or redundant.

	* Changed BINDIR default to /usr/sbin to match change in Fedora.

	* Added security_compute_member.

	* Added man page for setcon.

	* Merged more man pages from Dan Walsh.

	* Merged avcstat from James Morris.

	* Merged build fix for mips from Manoj Srivastava.

	* Merged C++ support from John Ramsdell of MITRE.

	* Merged setcon() function from Darrel Goeddel of TCS.

	* Merged setsebool/togglesebool enhancement from Steve Grubb.

	* Merged cleanup patches from Steve Grubb.

1.18 2004-11-01

	* Merged cleanup patches from Steve Grubb.

	* Added rpm_execcon.

	* Merged setenforce and removable context patch from Dan Walsh.

	* Merged build fix for alpha from Ulrich Drepper.

	* Removed copyright/license from selinux_netlink.h - definitions only.

	* Merged matchmediacon from Dan Walsh.

	* Regenerated headers for new nscd permissions.

	* Added get_default_context_with_role.

	* Added set_matchpathcon_printf.	

	* Reworked av_inherit.h to allow easier re-use by kernel. 

	* Changed avc_has_perm_noaudit to not fail on netlink errors.

	* Changed avc netlink code to check pid based on patch by Steve Grubb.

	* Merged second optimization patch from Ulrich Drepper.

	* Changed matchpathcon to skip invalid file_contexts entries.

	* Made string tables private to libselinux.

	* Merged strcat->stpcpy patch from Ulrich Drepper.

	* Merged matchpathcon man page from Dan Walsh.

	* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.

	* Autobind netlink socket.

	* Dropped compatibility code from security_compute_user.

	* Merged fix for context_range_set from Chad Hanson.

	* Merged allocation failure checking patch from Chad Hanson.

	* Merged avc netlink error message patch from Colin Walters.

1.16 2004-08-19

	* Regenerated headers for nscd class.

	* Merged man pages from Dan Walsh.

	* Merged context_new bug fix for MLS ranges from Chad Hanson.

	* Merged toggle_bool from Chris PeBenito, renamed to togglesebool.

	* Renamed change_bool and show_bools to setsebool and getsebool.

	* Merged security_load_booleans() function from Dan Walsh.

	* Added selinux_booleans_path() function.

	* Changed avc_init function prototype to use const.

	* Regenerated headers for crontab permission.

	* Added checkAccess from Dan Walsh.

	* Merged getenforce patch from Dan Walsh.

	* Regenerated headers for dbus classes.

1.14 2004-06-16

	* Regenerated headers for fine-grained netlink classes.

	* Merged selinux_config bug fix from Dan Walsh.

	* Added userspace AVC man pages.

	* Added man links for API calls to existing man pages documenting them.

	* Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.

	* Merged patch to determine config file paths at runtime to support

	  reorganized layout.

	* Regenerated flask headers with stable ordering.

	* Merged patch for man pages from Russell Coker. 

1.12 2004-05-10

	* Updated flask files to include new SE-X security classes.

	* Added security_disable function for runtime disable of SELinux prior

	  to initial policy load (for /sbin/init).

	* Changed get_ordered_context_list to omit any reachable contexts

	  that are not explicitly listed in default_contexts, unless there

	  are no matches.

	* Merged man pages from Russell Coker and Dan Walsh.

	* Merged memory leak fixes from Dan Walsh.

	* Merged policyvers errno patch from Chris PeBenito.

1.10 2004-04-05

	* Merged getenforce patch from Dan Walsh.

	* Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as

	  the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.

	  Based on a patch by Russell Coker.

	* Merged matchpathcon buffer size fix from Dan Walsh.

1.8 2004-03-09

	* Merged is_selinux_mls_enabled() from Chad Hanson of TCS.

	* Added matchpathcon function.

	* Updated userspace AVC to handle netlink selinux notifications. 

1.6 2004-02-18

	* Merged conditional policy extensions from Tresys Technology.

	* Added userspace avc and SID table implementation.	

	* Fixed type on size in getpeercon per Thorsten Kukuk's advice.

	* Fixed use of getpwnam_r per Thorsten Kukuk's advice.

	* Changed to use getpwnam_r rather than getpwnam internally to 

	  avoid clobbering any existing pwd struct obtained by the caller.

	* Added getpeercon function to encapsulate getsockopt SO_PEERSEC

	  and handle allocation ala getfilecon.

	* Changed is_selinux_enabled to return -1 on errors.

	* Changed to discover selinuxfs mount point via /proc/mounts 

	  so that the mount point can be changed without rebuilding.

1.4 2003-12-01

	* Merged another cleanup patch from Bastian Blank and Joerg Hoh.

	* Regenerate headers for new permissions. 

	* Merged static lib build patch from Bastian Blank and Joerg Hoh.

	* Export SELINUXMNT definition, add SELINUXPOLICY definition.

	* Add functions to provide access to enforce and policyvers.

	* Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.

	* Fixed type for 'size' in *getfilecon. 

	* Dropped -lattr and changed #include's to <sys/xattr.h>

	* Merged patch to move shared library to /lib from Dan Walsh.

	* Changed get_ordered_context_list to support a failsafe context.

	* Added selinuxenabled utility.

	* Merged const patch from Thorsten Kukuk.

1.2 2003-09-30

        * Change is_selinux_enabled to fail if policy isn't loaded.

	* Changed Makefiles to allow non-root rpm builds.

	* Added -lattr for libselinux.so to ensure proper binding.

1.1 2003-08-13

	* Ensure that context strings are padded with a null byte

	  in case the kernel didn't include one.

	* Regenerate headers, update helpers.c for code cleanup.

	* Pass soname flag to linker (Colin Walters).

	* Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).

1.0 2003-07-11

	* Initial public release.