diff --git a/.cvsignore b/.cvsignore
index 655b73b..febcd0d 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -41,3 +41,4 @@ libselinux-1.24.1.tgz
 libselinux-1.24.2.tgz
 libselinux-1.25.2.tgz
 libselinux-1.25.3.tgz
+libselinux-1.25.4.tgz
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index b358e88..b886b64 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,195 +1,21 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.25.3/src/compute_relabel.c
---- nsalibselinux/src/compute_relabel.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/compute_relabel.c	2005-08-24 09:13:57.000000000 -0400
-@@ -20,6 +20,7 @@
- 	size_t size;
- 	int fd, ret;
- 
-+	*newcon=NULL;
- 	snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
- 	fd = open(path, O_RDWR);
- 	if (fd < 0)
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.25.3/src/compute_user.c
---- nsalibselinux/src/compute_user.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/compute_user.c	2005-08-24 09:13:57.000000000 -0400
-@@ -21,6 +21,7 @@
- 	int fd, ret;
- 	unsigned int i, nel;
- 
-+	*con = NULL;
- 	snprintf(path, sizeof path, "%s/user", selinux_mnt);
- 	fd = open(path, O_RDWR);
- 	if (fd < 0)
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/context.c libselinux-1.25.3/src/context.c
---- nsalibselinux/src/context.c	2005-08-22 16:37:00.000000000 -0400
-+++ libselinux-1.25.3/src/context.c	2005-08-24 09:13:57.000000000 -0400
-@@ -137,19 +137,23 @@
- 
- static int set_comp(context_private_t* n,int index, const char *str)
- {
--        char *t = (char*) malloc(strlen(str)+1);
-+        char *t = NULL;
-         const char *p;
--        if ( !t ) { return 1; }
--        for ( p = str; *p; p++ ) {
--                if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
--                     (*p == ':' && index != COMP_RANGE) ) {
--                        free(t);
--                        return 1;
--                }
+--- nsalibselinux/src/context.c	2005-08-25 16:18:01.000000000 -0400
++++ libselinux-1.25.3/src/context.c	2005-08-24 16:48:20.000000000 -0400
+@@ -181,16 +180,8 @@
+ def_set(type,COMP_TYPE)
+ def_set(role,COMP_ROLE)
+ def_set(user,COMP_USER)
++def_set(range,COMP_RANGE)
+ 
+-int context_range_set(context_t context,const char* str)
+-{
+-        context_private_t *n = context->ptr;
+-        if ( ! n->component[COMP_RANGE] ) {
+-                return 0;
+-        } else {
+-                return set_comp(n,COMP_RANGE,str);
 -        }
--        conditional_free(&n->component[index]);
-+	if (str) {
-+		t=(char*) malloc(strlen(str)+1);
-+		if ( !t ) { return 1; }
-+		for ( p = str; *p; p++ ) {
-+			if ( *p == '\t' || *p == '\n' || *p == '\r' ||
-+			     ((*p == ':' || *p == ' ') && index != COMP_RANGE) ) {
-+				free(t);
-+				return 1;
-+			}
-+		}
-+	}
-+	conditional_free(&n->component[index]);
-+	if (str)
-+		strcpy(t,str);
-         n->component[index] = t;
--        strcpy(t,str);
-         return 0;
- }
- 
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.25.3/src/fgetfilecon.c
---- nsalibselinux/src/fgetfilecon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/fgetfilecon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -13,6 +13,7 @@
- 	ssize_t size;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	size = INITCONTEXTLEN+1;
- 	buf = malloc(size);
- 	if (!buf) 
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.25.3/src/getcon.c
---- nsalibselinux/src/getcon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getcon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -14,6 +14,7 @@
- 	int fd;
- 	ssize_t ret;
- 
-+	*context=NULL;
- 	fd = open("/proc/self/attr/current", O_RDONLY);
- 	if (fd < 0)
- 		return -1;
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.25.3/src/getexeccon.c
---- nsalibselinux/src/getexeccon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getexeccon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -14,6 +14,7 @@
- 	int fd;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	fd = open("/proc/self/attr/exec", O_RDONLY);
- 	if (fd < 0)
- 		return -1;
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.25.3/src/getfilecon.c
---- nsalibselinux/src/getfilecon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getfilecon.c	2005-08-24 09:15:03.000000000 -0400
-@@ -13,6 +13,7 @@
- 	ssize_t size;
- 	ssize_t ret;
- 
-+ 	*context = NULL;
- 	size = INITCONTEXTLEN+1;
- 	buf = malloc(size);
- 	if (!buf) 
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.25.3/src/getfscreatecon.c
---- nsalibselinux/src/getfscreatecon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getfscreatecon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -14,6 +14,7 @@
- 	int fd;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	fd = open("/proc/self/attr/fscreate", O_RDONLY);
- 	if (fd < 0)
- 		return -1;
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.25.3/src/getpeercon.c
---- nsalibselinux/src/getpeercon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getpeercon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -17,6 +17,7 @@
- 	socklen_t size;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	size = INITCONTEXTLEN+1;
- 	buf = malloc(size);
- 	if (!buf) 
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.25.3/src/getpidcon.c
---- nsalibselinux/src/getpidcon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getpidcon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -16,6 +16,7 @@
- 	int fd;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	snprintf(path, sizeof path, "/proc/%d/attr/current", pid);
- 
- 	fd = open(path, O_RDONLY);
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.25.3/src/getprevcon.c
---- nsalibselinux/src/getprevcon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/getprevcon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -14,6 +14,7 @@
- 	int fd;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	fd = open("/proc/self/attr/prev", O_RDONLY);
- 	if (fd < 0)
- 		return -1;
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.25.3/src/lgetfilecon.c
---- nsalibselinux/src/lgetfilecon.c	2005-08-24 09:07:11.000000000 -0400
-+++ libselinux-1.25.3/src/lgetfilecon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -13,6 +13,7 @@
- 	ssize_t size;
- 	ssize_t ret;
- 
-+	*context = NULL;
- 	size = INITCONTEXTLEN+1;
- 	buf = malloc(size);
- 	if (!buf) 
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.25.3/src/trans.c
---- nsalibselinux/src/trans.c	2005-08-23 13:34:34.000000000 -0400
-+++ libselinux-1.25.3/src/trans.c	2005-08-24 09:13:57.000000000 -0400
-@@ -6,8 +6,8 @@
- 
- int trans_to_raw_context(char *raw, char **transp)
- {
-+	*transp = NULL;
- 	if (!raw) {
--		*transp = NULL;
- 		return 0;
- 	}
- 
-@@ -19,8 +19,8 @@
- 
- int raw_to_trans_context(char *trans, char **rawp)
- {
-+	*rawp = NULL;
- 	if (!trans) {
--		*rawp = NULL;
- 		return 0;
- 	}
+-}
+ hidden_def(context_range_set)
  
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getfilecon.c libselinux-1.25.3/utils/getfilecon.c
---- nsalibselinux/utils/getfilecon.c	2005-01-20 16:05:24.000000000 -0500
-+++ libselinux-1.25.3/utils/getfilecon.c	2005-08-24 09:13:57.000000000 -0400
-@@ -21,6 +21,9 @@
- 		}
- 		printf("%s\t%s\n", argv[i], buf);
- 		freecon(buf);
-+		rc = getfilecon_raw(argv[i], &buf);
-+		printf("%s\t%s\n", argv[i], buf);
-+		freecon(buf);
- 	}
- 	exit(0);
- }
+ #ifdef L1TEST
diff --git a/libselinux.spec b/libselinux.spec
index 372fa01..e5184b8 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -1,6 +1,6 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 1.25.3
+Version: 1.25.4
 Release: 1
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
@@ -85,6 +85,18 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man8/*
 
 %changelog
+* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
+- Update from NSA
+	* Hid translation-related symbols entirely and ensured that 
+	raw functions have hidden definitions for internal use.
+	* Allowed setting NULL via context_set* functions.
+	* Allowed whitespace in MLS component of context.
+	* Changed rpm_execcon to use translated functions to workaround
+	lack of MLS level on upgraded systems.
+
+* Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-2
+- Allow set_comp on unset ranges
+
 * Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
 	* Merged context translation patch, originally by TCS,
 	  with modifications by Dan Walsh (Red Hat).
diff --git a/sources b/sources
index 5dbbc28..c7e747b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f9cd75312a4241f5855fde60d0551f88  libselinux-1.25.3.tgz
+82007f5f28bb0d7a86a93388f64b12bb  libselinux-1.25.4.tgz