Update Changelog and VERSION for release.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>

1 files changed, 216 insertions, 0 deletions

diff --git a/Changelog b/Changelog
index a5ba6ca6..59037863 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,219 @@
+* Tue Aug 18 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200818
+Alexander Miroshnichenko (2):
+      openvpn: more versatile file context regex for ipp.txt
+      openvpn: update file context regex for ipp.txt
+
+Chris PeBenito (153):
+      Makefile: Warn if policy.xml xmllint check does not run.
+      networkmanager: Fix interface commenting.
+      Makefile: Remove shell brace expansion in ctags target.
+      dbus: Rename tunable to dbus_pass_tuntap_fd.
+      spamassassin: Move systemd interfaces.
+      spamassassin: Rename systemd interfaces.
+      spamassassin: Add missing class requires in systemd interfaces.
+      spamassassin: Remove unnecessary brackets in type alias.
+      pulseaudio: Drop call to nonexistant interface.
+      genhomedircon: Drop Python 2 compatibility code.
+      systemd: Merge generator domains.
+      .travis.yml: Add CI tests with no unconfined.
+      Rename "pid" interfaces to "runtime" interfaces.
+      Update callers for "pid" to "runtime" interface rename.
+      Move user definitions to the right place during compilation.
+      Makefile: Give a value to build options so they can be used in ifelse.
+      init: Revise init_startstop_service() build option blocks.
+      kernel: Drop unlabeled_t as a files_mountpoint().
+      selinuxuntil, userdomain: Restore relabelfrom access for unlabeled files.
+      files: Restore mounton access to files_mounton_all_mountpoints().
+      filesystem: Create a filesystem image concept.
+      kernel, fstools, lvm, mount: Update to use filesystem image interfaces.
+      Bump module versions for release.
+
+Christian Göttsche (29):
+      Rules: allow the usage of class sets in context_defaults
+      Correct estimate kernel version for polcap genfs_seclabel_symlinks
+      Makefile: generate temporary documentation files in separate directory
+      Ignore temporary documentation file directory in git
+      Override old all_interfaces.conf.tmp file
+      samba: fix wrong interface context smbd_runtime_t
+      chromium: drop dead conditional block
+      example: use module name matching file name
+      consolesetup: drop unused requires
+      unconfined: clarify unconfined_t stub usage in unconfined_domain_noaudit()
+      portage: drop bizarre conditional TODO blocks
+      init/systemd: move systemd_manage_all_units to init_manage_all_units
+      tpm2: small fixes
+      files/logging: move var_run_t filecontext to defining module
+      files/miscfiles: move usr_t filecontext to defining module
+      chromium/libraries: move lib_t filecontext to defining module
+      apache: use correct content types in apache_manage_all_user_content()
+      can_exec(): move from misc_macros to misc_patterns
+      Makefile: remove obsolete .SUFFIXES
+      Makefile: add target build-interface-db
+      devices/storage: quote arguments to tunable_policy
+      apache: quote gen_tunable name argument
+      Correct some misspellings
+      Fix several misspellings
+      whitespace cleanup
+      travis-ci: add SELint
+      work on SELint issues
+      files/modutils: unify modules_object_t usage into files module
+      travis: resolve Linter tags
+
+Daniel Burgener (10):
+      Add dnl to end of interface declaration.  This reduces the number of blank
+         lines in intermediate files and matches the way templates are defined.
+      Allow systemd-coredump to stat mountpoints.
+      Change incorrect template definitions into interface definitions
+      Add divert to generated_definitions creation, and fix all_interfaces.conf
+         divert creation.
+      Fix mismatches between object class and permission macro.
+      Switch pipe reading on domtrans to inherited only
+      Simplify collection of ssh rules to domtrans_pattern macro
+      Fix a few places where command line applications were only granted one of
+         tty or pty permissions and could be used from either
+      Remove the second copy of a permission in instances where the exact same
+         permission is repeated twice in a row
+      Remove out of date "hack" from stunnel.  The underlying problem needing a
+         require was fixed back in 2011, so using corenet_tcp_bind_stunnel_port
+         would be an option now, but stunnel_t already has
+         corenet_tcp_bind_all_ports, so this access is redundant.
+
+Dave Sugar (8):
+      Add interface to read/write /dev/ipmi
+      Update labeling in /dev/
+      Setup generic generator attribute and change generator types.
+      fix require from 5b78c1c86bedf322fa6a08e5d68e7e8a6b85f026
+      Setup domain for tpm2_* binaries
+      Interfaces needed to support IMA/EVM keys
+      Resolve neverallow failure introduced in #273
+      Interfaces for tpm2
+
+David Sommerseth (1):
+      dbus: Add tunable - dbus_can_pass_tuntap_fd
+
+Florian Schmidt (1):
+      corenetwork: fix winshadow port number
+
+Guido Trentalancia (5):
+      This patch improves a previous commit by restricting down the permissions
+         to write the wireless device in order to prevent a possible Denial of
+         Service (DoS) attack from an unprivileged process bringing down the
+         wireless interfaces.
+      mozilla: add watch perms
+      wm: add watch perms
+      getty: add watch perms
+      userdomain: add watch perms
+
+Laurent Bigonville (5):
+      Add an interface to allow the specified domain to mmap the general network
+         configuration files
+      Add policy for apt-cacher-ng
+      Add policy for acngtool
+      Label bluetooth daemon as bluetooth_exec_t
+      Label /usr/libexec/packagekitd as apt_exec_t on debian
+
+McSim85 (1):
+      add rule for the management socket file fixed comments from  @bauen1
+
+Nicolas Iooss (5):
+      Vagrantfile: remove older installed modules before "make install"
+      systemd: make systemd --user run generators without transition
+      systemd: allow sd-executor to manage its memfd files
+      devices: label /dev/sysdig0
+      sysnetwork: allow using "ip netns"
+
+Russell Coker (2):
+      pulseaudio patch
+      latest ver of trivial mail server patch
+
+Topi Miettinen (13):
+      Make raw memory access tunable
+      Add usbguard
+      Don't allow creating regular files in /dev
+      Python string fix
+      gennetfilter: generate nft tables with --nft
+      gennetfilter: handle port ranges
+      Allow systemd-networkd to handle ICMP and DHCP packets
+      gennetfilter: add rules for ICMP/ICMPv6 packets
+      wm: add KWin
+      Build and install Netfilter rules
+      bootloader: add rEFInd and systemd-boot
+      netutils: allow ping to send and receive ICMP packets
+      Remove unlabeled packet access
+
+Vilgot (1):
+      Portage update
+
+Vilgot Fredenberg (1):
+      Remove old exception
+
+Yi Zhao (2):
+      Remove duplicated rules
+      xserver: allow xserver_t to connect to resmgrd
+
+bauen1 (59):
+      logging: allow syslogd to remove stale socket file
+      systemd-user-runtime-dir: add required permissions
+      mozilla: allow firefox to use user namespaces for sandboxing
+      modutils: allow init to execute kmod with nnp
+      fix unescaped dot introduced by 47b44a0fc720cecf6df576e274f610514203a5da
+      allow init_t access to own keyring
+      allow init_t to link kernel_t key
+      allow normal users to use 'systemd-run'
+      ssh: fix for debian wrapper script
+      bird: fixes for bird 2.0
+      apache: add nginx to policy
+      ntpd: fixes for systemd-timesyncd after linux 5.4
+      define lockdown class and access
+      dirmngr: allow to probe for tor
+      dirmngr: also requires access to /dev/urandom
+      dirmngr: ~/.gnupg/crls.d might not exist
+      application: applications can be executed from ssh without pty
+      systemd: allow regular users to run systemd-analyze
+      quota: allow quota to modify /aquota even if immutable
+      init: read default context during boot
+      lvm: create /etc/lvm/archive if it doesn't exist
+      corecommands: fix atrild label
+      systemd-fstab-generator needs to know about all mountpoints
+      semanage: create directories for new policies
+      dnsmasq: watch for new dns resolvers
+      init: allow systemd to setup mount namespaces
+      init: make initrc_t a init_domain to simplify the policy
+      init: allow systemd to activate journald-audit.socket
+      setrans: allow label translation for all domains.
+      files: add files_watch_etc_symlinks interface
+      init: watch /etc/localtime even if it's a symlink
+      corecommands: proper label for unattended-upgrades helpers
+      filesystem: pathcon for matching tracefs mount
+      lvm-activation-generator also needs to execute lvm
+      systemd: allow systemd-user-runtime-dir to do its job
+      init: fix init_manage_pid_symlinks to grant more than just create
+         permissions
+      init: replace call to init_domtrans_script
+      systemd-sysusers: add policy
+      allow most common permissions for systemd sandboxing options
+      terminal: cleanup term_create interfaces
+      logrotate.service sandbox required permissions
+      udev.service sandbox required permissions
+      systemd-timesyncd.service sandbox requried permissions
+      systemd-logind.service sandbox required permissions
+      init: fix systemd boot
+      postfix: add filetrans for sendmail and postfix for aliases db operations
+      systemd: fixed systemd_rfkill_t denial spam
+      thunderbird: label files under /tmp
+      init: systemd will run chkpwd to start user@1000
+      authlogin: unix_chkpwd is linked to libselinux
+      systemd: maintain /memfd:systemd-state
+      dpkg: allow dpkg frontends to acquire lock by labeling it correctly
+      systemd: systemd --user add essential permissions
+      dpkg: dpkg scripts are part of dpkg and therefor also an application
+         domain
+      gpg: don't allow gpg-agent to read /proc/kcore
+      corecommands: correct label for debian ssh-agent helper script
+      systemd: systemd-tempfiles will relabel tmpfs if mounted over e.g. /tmp
+      Remove the ada module, it is unecessary and not touched since ~2008
+      dpkg: domaintrans to sysusers if necessary
+
 * Sat Feb 29 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200229
 Alexander Miroshnichenko (1):
       Add knot module