From f651bb6fdc298d3f6d5f120c1feba8eda76a5897 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jun 09 2010 21:31:42 +0000 Subject: - Lots of random fixes --- diff --git a/policy-F14.patch b/policy-F14.patch index 95890d3..bf26b9a 100644 --- a/policy-F14.patch +++ b/policy-F14.patch @@ -556,6 +556,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota cron_system_entry(logrotate_t, logrotate_exec_t) cron_search_spool(logrotate_t) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.8.3/policy/modules/admin/logwatch.fc +--- nsaserefpolicy/policy/modules/admin/logwatch.fc 2009-07-14 14:19:57.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/admin/logwatch.fc 2010-06-09 16:17:01.000000000 -0400 +@@ -1,7 +1,9 @@ + /usr/sbin/logcheck -- gen_context(system_u:object_r:logwatch_exec_t,s0) ++/usr/sbin/epylog -- gen_context(system_u:object_r:logwatch_exec_t,s0) + + /usr/share/logwatch/scripts/logwatch\.pl -- gen_context(system_u:object_r:logwatch_exec_t, s0) + + /var/cache/logwatch(/.*)? gen_context(system_u:object_r:logwatch_cache_t, s0) + /var/lib/logcheck(/.*)? gen_context(system_u:object_r:logwatch_cache_t,s0) ++/var/lib/epylog(/.*)? gen_context(system_u:object_r:logwatch_cache_t,s0) + /var/log/logcheck/.+ -- gen_context(system_u:object_r:logwatch_lock_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.te serefpolicy-3.8.3/policy/modules/admin/mcelog.te --- nsaserefpolicy/policy/modules/admin/mcelog.te 2010-03-18 06:48:09.000000000 -0400 +++ serefpolicy-3.8.3/policy/modules/admin/mcelog.te 2010-06-08 11:32:10.000000000 -0400 @@ -6810,7 +6823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device +/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.8.3/policy/modules/kernel/devices.if --- nsaserefpolicy/policy/modules/kernel/devices.if 2010-06-08 10:35:48.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/kernel/devices.if 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/kernel/devices.if 2010-06-09 16:40:03.000000000 -0400 @@ -606,6 +606,24 @@ ######################################## @@ -6904,11 +6917,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device ## Get the attributes of sysfs directories. ## ## -@@ -4166,6 +4238,7 @@ +@@ -4161,11 +4233,10 @@ + # + interface(`dev_rw_vhost',` + gen_require(` +- type vhost_device_t; ++ type device_t, vhost_device_t; + ') - list_dirs_pattern($1, vhost_device_t, vhost_device_t) - rw_files_pattern($1, vhost_device_t, vhost_device_t) -+ read_lnk_files_pattern($1, vhost_device_t, vhost_device_t) +- list_dirs_pattern($1, vhost_device_t, vhost_device_t) +- rw_files_pattern($1, vhost_device_t, vhost_device_t) ++ rw_chr_files_pattern($1, device_t, vhost_device_t) ') ######################################## @@ -10715,7 +10734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt ## All of the rules required to administrate diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.8.3/policy/modules/services/abrt.te --- nsaserefpolicy/policy/modules/services/abrt.te 2010-05-25 16:28:22.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/services/abrt.te 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/abrt.te 2010-06-09 15:57:41.000000000 -0400 @@ -70,16 +70,19 @@ manage_dirs_pattern(abrt_t, abrt_tmp_t, abrt_tmp_t) manage_files_pattern(abrt_t, abrt_tmp_t, abrt_tmp_t) @@ -11102,7 +11121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.8.3/policy/modules/services/apache.if --- nsaserefpolicy/policy/modules/services/apache.if 2010-04-06 15:15:38.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/services/apache.if 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/apache.if 2010-06-09 16:00:04.000000000 -0400 @@ -13,17 +13,13 @@ # template(`apache_content_template',` @@ -12096,6 +12115,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah allow $1 avahi_t:dbus send_msg; allow avahi_t $1:dbus send_msg; ') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.8.3/policy/modules/services/bitlbee.te +--- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-05-25 16:28:22.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/bitlbee.te 2010-06-09 16:59:35.000000000 -0400 +@@ -28,6 +28,7 @@ + # Local policy + # + # ++allow bitlbee_t self:capability { setgid setuid }; + + allow bitlbee_t self:udp_socket create_socket_perms; + allow bitlbee_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms }; +@@ -81,6 +82,10 @@ + + libs_legacy_use_shared_libs(bitlbee_t) + ++auth_use_nsswitch(bitlbee_t) ++ ++logging_send_syslog_msg(bitlbee_t) ++ + miscfiles_read_localization(bitlbee_t) + + sysnet_dns_name_resolve(bitlbee_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.8.3/policy/modules/services/bluetooth.if --- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-01-07 14:53:53.000000000 -0500 +++ serefpolicy-3.8.3/policy/modules/services/bluetooth.if 2010-06-08 11:32:10.000000000 -0400 @@ -14348,7 +14389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.8.3/policy/modules/services/ftp.te --- nsaserefpolicy/policy/modules/services/ftp.te 2010-05-25 16:28:22.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/services/ftp.te 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/ftp.te 2010-06-09 15:55:42.000000000 -0400 @@ -41,6 +41,13 @@ ## @@ -14394,7 +14435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. # -allow ftpd_t self:capability { chown fowner fsetid setgid setuid sys_chroot sys_nice sys_resource }; -+allow ftpd_t self:capability { chown fowner fsetid setgid setuid sys_chroot sys_admin sys_nice sys_resource }; ++allow ftpd_t self:capability { chown fowner fsetid ipc_lock setgid setuid sys_chroot sys_admin sys_nice sys_resource }; dontaudit ftpd_t self:capability sys_tty_config; allow ftpd_t self:process { getcap getpgid setcap setsched setrlimit signal_perms }; allow ftpd_t self:fifo_file rw_fifo_file_perms; @@ -15296,7 +15337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.8.3/policy/modules/services/hal.te --- nsaserefpolicy/policy/modules/services/hal.te 2010-05-25 16:28:22.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/services/hal.te 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/hal.te 2010-06-08 15:41:48.000000000 -0400 @@ -55,6 +55,9 @@ type hald_var_lib_t; files_type(hald_var_lib_t) @@ -15324,7 +15365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. dev_rw_generic_usb_dev(hald_t) dev_setattr_generic_usb_dev(hald_t) dev_setattr_usbfs_files(hald_t) -@@ -212,10 +216,12 @@ +@@ -212,10 +216,13 @@ seutil_read_default_contexts(hald_t) seutil_read_file_contexts(hald_t) @@ -15335,10 +15376,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. +sysnet_read_config(hald_t) sysnet_read_dhcp_config(hald_t) +sysnet_read_dhcpc_pid(hald_t) ++sysnet_signal_dhcpc(hald_t) userdom_dontaudit_use_unpriv_user_fds(hald_t) userdom_dontaudit_search_user_home_dirs(hald_t) -@@ -269,6 +275,10 @@ +@@ -269,6 +276,10 @@ ') optional_policy(` @@ -15349,7 +15391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. gpm_dontaudit_getattr_gpmctl(hald_t) ') -@@ -319,6 +329,10 @@ +@@ -319,6 +330,10 @@ ') optional_policy(` @@ -15360,7 +15402,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. udev_domtrans(hald_t) udev_read_db(hald_t) ') -@@ -339,6 +353,10 @@ +@@ -339,6 +354,10 @@ virt_manage_images(hald_t) ') @@ -15371,7 +15413,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. ######################################## # # Hal acl local policy -@@ -359,6 +377,7 @@ +@@ -359,6 +378,7 @@ manage_dirs_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t) manage_files_pattern(hald_acl_t, hald_var_run_t, hald_var_run_t) files_pid_filetrans(hald_acl_t, hald_var_run_t, { dir file }) @@ -15379,7 +15421,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. corecmd_exec_bin(hald_acl_t) -@@ -471,6 +490,10 @@ +@@ -471,6 +491,10 @@ miscfiles_read_localization(hald_keymap_t) @@ -15401,6 +15443,28 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddt # read hddtemp db file files_read_usr_files(hddtemp_t) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.8.3/policy/modules/services/icecast.te +--- nsaserefpolicy/policy/modules/services/icecast.te 2010-03-23 10:55:15.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/icecast.te 2010-06-09 16:01:05.000000000 -0400 +@@ -38,6 +38,8 @@ + manage_files_pattern(icecast_t, icecast_var_run_t, icecast_var_run_t) + files_pid_filetrans(icecast_t, icecast_var_run_t, { file dir }) + ++kernel_read_system_state(icecast_t) ++ + corenet_tcp_bind_soundd_port(icecast_t) + + # Init script handling +@@ -52,5 +54,9 @@ + sysnet_dns_name_resolve(icecast_t) + + optional_policy(` ++ apache_read_sys_content(icecast_t) ++') ++ ++optional_policy(` + rtkit_scheduled(icecast_t) + ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.8.3/policy/modules/services/inn.te --- nsaserefpolicy/policy/modules/services/inn.te 2009-08-14 16:14:31.000000000 -0400 +++ serefpolicy-3.8.3/policy/modules/services/inn.te 2010-06-08 11:32:10.000000000 -0400 @@ -15439,7 +15503,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.8.3/policy/modules/services/kerberos.te --- nsaserefpolicy/policy/modules/services/kerberos.te 2010-05-25 16:28:22.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/services/kerberos.te 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/kerberos.te 2010-06-08 16:40:37.000000000 -0400 @@ -127,10 +127,13 @@ corenet_tcp_bind_generic_node(kadmind_t) corenet_udp_bind_generic_node(kadmind_t) @@ -15454,6 +15518,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb dev_read_sysfs(kadmind_t) dev_read_rand(kadmind_t) +@@ -199,8 +202,7 @@ + allow krb5kdc_t krb5kdc_log_t:file manage_file_perms; + logging_log_filetrans(krb5kdc_t, krb5kdc_log_t, file) + +-allow krb5kdc_t krb5kdc_principal_t:file read_file_perms; +-dontaudit krb5kdc_t krb5kdc_principal_t:file write; ++allow krb5kdc_t krb5kdc_principal_t:file rw_file_perms; + + manage_dirs_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t) + manage_files_pattern(krb5kdc_t, krb5kdc_tmp_t, krb5kdc_tmp_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.8.3/policy/modules/services/ksmtuned.fc --- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-03-29 15:04:22.000000000 -0400 +++ serefpolicy-3.8.3/policy/modules/services/ksmtuned.fc 2010-06-08 11:32:10.000000000 -0400 @@ -16636,7 +16710,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.8.3/policy/modules/services/networkmanager.te --- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-05-25 16:28:22.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/services/networkmanager.te 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/networkmanager.te 2010-06-09 16:09:47.000000000 -0400 @@ -36,7 +36,7 @@ # networkmanager will ptrace itself if gdb is installed @@ -16705,7 +16779,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw ') optional_policy(` -@@ -264,6 +275,7 @@ +@@ -203,6 +214,10 @@ + ') + + optional_policy(` ++ ipsec_domtrans_mgmt(NetworkManager_t) ++') ++ ++optional_policy(` + iptables_domtrans(NetworkManager_t) + ') + +@@ -264,6 +279,7 @@ vpn_kill(NetworkManager_t) vpn_signal(NetworkManager_t) vpn_signull(NetworkManager_t) @@ -19234,6 +19319,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog remotelogin_domtrans(rlogind_t) remotelogin_signal(rlogind_t) +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.8.3/policy/modules/services/rpcbind.te +--- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-05-25 16:28:22.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/services/rpcbind.te 2010-06-09 16:49:41.000000000 -0400 +@@ -72,3 +72,7 @@ + ifdef(`hide_broken_symptoms',` + dontaudit rpcbind_t self:udp_socket listen; + ') ++ ++optional_policy(` ++ nis_use_ypbind(rpcbind_t) ++') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.8.3/policy/modules/services/rpc.if --- nsaserefpolicy/policy/modules/services/rpc.if 2010-04-06 15:15:38.000000000 -0400 +++ serefpolicy-3.8.3/policy/modules/services/rpc.if 2010-06-08 11:32:10.000000000 -0400 @@ -23535,7 +23631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f # /var diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.8.3/policy/modules/system/init.if --- nsaserefpolicy/policy/modules/system/init.if 2010-03-18 10:35:11.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/system/init.if 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/system/init.if 2010-06-09 16:31:07.000000000 -0400 @@ -193,8 +193,10 @@ gen_require(` attribute direct_run_init, direct_init, direct_init_entry; @@ -24228,6 +24324,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t +optional_policy(` + fail2ban_read_lib_files(daemon) +') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.8.3/policy/modules/system/ipsec.if +--- nsaserefpolicy/policy/modules/system/ipsec.if 2010-03-18 06:48:09.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/system/ipsec.if 2010-06-09 16:06:08.000000000 -0400 +@@ -20,6 +20,24 @@ + + ######################################## + ## ++## Execute ipsec in the ipsec mgmt domain. ++## ++## ++## ++## The type of the process performing this action. ++## ++## ++# ++interface(`ipsec_domtrans_mgmt',` ++ gen_require(` ++ type ipsec_mgmt_t, ipsec_mgmt_exec_t; ++ ') ++ ++ domtrans_pattern($1, ipsec_mgmt_exec_t, ipsec_mgmt_t) ++') ++ ++######################################## ++## + ## Connect to IPSEC using a unix domain stream socket. + ## + ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.8.3/policy/modules/system/ipsec.te --- nsaserefpolicy/policy/modules/system/ipsec.te 2010-05-25 16:28:22.000000000 -0400 +++ serefpolicy-3.8.3/policy/modules/system/ipsec.te 2010-06-08 11:32:10.000000000 -0400 @@ -24457,6 +24581,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi. + + allow $1 iscsid_t:sem create_sem_perms; +') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.8.3/policy/modules/system/iscsi.te +--- nsaserefpolicy/policy/modules/system/iscsi.te 2010-05-25 16:28:22.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/system/iscsi.te 2010-06-09 16:41:53.000000000 -0400 +@@ -77,6 +77,8 @@ + + dev_rw_sysfs(iscsid_t) + dev_rw_userio_dev(iscsid_t) ++dev_read_raw_memory(iscsid_t) ++dev_write_raw_memory(iscsid_t) + + domain_use_interactive_fds(iscsid_t) + domain_dontaudit_read_all_domains_state(iscsid_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.8.3/policy/modules/system/libraries.fc --- nsaserefpolicy/policy/modules/system/libraries.fc 2010-03-23 11:19:40.000000000 -0400 +++ serefpolicy-3.8.3/policy/modules/system/libraries.fc 2010-06-08 11:32:10.000000000 -0400 @@ -24919,7 +25055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin domain_system_change_exemption($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.8.3/policy/modules/system/logging.te --- nsaserefpolicy/policy/modules/system/logging.te 2010-05-25 16:28:22.000000000 -0400 -+++ serefpolicy-3.8.3/policy/modules/system/logging.te 2010-06-08 11:32:10.000000000 -0400 ++++ serefpolicy-3.8.3/policy/modules/system/logging.te 2010-06-09 16:35:41.000000000 -0400 @@ -61,6 +61,7 @@ type syslogd_t; type syslogd_exec_t; @@ -24960,7 +25096,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin ') ######################################## -@@ -268,6 +279,8 @@ +@@ -252,6 +263,7 @@ + # Audit remote logger local policy + # + ++allow audisp_remote_t self:process { getcap setcap }; + allow audisp_remote_t self:tcp_socket create_socket_perms; + + corenet_all_recvfrom_unlabeled(audisp_remote_t) +@@ -268,8 +280,12 @@ logging_send_syslog_msg(audisp_remote_t) @@ -24968,8 +25112,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin + miscfiles_read_localization(audisp_remote_t) ++init_telinit(audisp_remote_t) ++ sysnet_dns_name_resolve(audisp_remote_t) -@@ -373,8 +386,10 @@ + + ######################################## +@@ -373,8 +389,10 @@ manage_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t) files_search_var_lib(syslogd_t) @@ -24982,7 +25130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin # manage pid file manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t) -@@ -492,6 +507,10 @@ +@@ -492,6 +510,10 @@ ') optional_policy(` diff --git a/selinux-policy.spec b/selinux-policy.spec index 1982883..fbc1780 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.8.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -469,6 +469,9 @@ exit 0 %endif %changelog +* Wed Jun 9 2010 Dan Walsh 3.8.3-2 +- Lots of random fixes + * Tue Jun 8 2010 Dan Walsh 3.8.3-1 - Update to upstream