diff --git a/0012-gettext-handle-unsupported-languages-properly.patch b/0012-gettext-handle-unsupported-languages-properly.patch new file mode 100644 index 0000000..8c72c26 --- /dev/null +++ b/0012-gettext-handle-unsupported-languages-properly.patch @@ -0,0 +1,349 @@ +From ff2aba6d202f49749cbb19a84bf0e1cdae54c5e9 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 24 Jun 2022 16:24:25 +0200 +Subject: [PATCH] gettext: handle unsupported languages properly +Content-type: text/plain + +With "fallback=True" gettext.translation behaves the same as +gettext.install and uses NullTranslations in case the +translation file for given language was not found (as opposed to +throwing an exception). + +Fixes: + # LANG is set to any "unsupported" language, e.g. en_US.UTF-8 + $ chcat --help + Traceback (most recent call last): + File "/usr/bin/chcat", line 39, in + t = gettext.translation(PROGNAME, + File "/usr/lib64/python3.9/gettext.py", line 592, in translation + raise FileNotFoundError(ENOENT, + FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python' + +Signed-off-by: Vit Mojzis +Reviewed-by: Daniel Burgener +Acked-by: Petr Lautrbach +--- + gui/booleansPage.py | 3 ++- + gui/domainsPage.py | 3 ++- + gui/fcontextPage.py | 3 ++- + gui/loginsPage.py | 3 ++- + gui/modulesPage.py | 3 ++- + gui/polgengui.py | 3 ++- + gui/portsPage.py | 3 ++- + gui/semanagePage.py | 3 ++- + gui/statusPage.py | 3 ++- + gui/system-config-selinux.py | 3 ++- + gui/usersPage.py | 3 ++- + python/chcat/chcat | 5 +++-- + python/semanage/semanage | 3 ++- + python/semanage/seobject.py | 3 ++- + python/sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++- + python/sepolicy/sepolicy.py | 3 ++- + python/sepolicy/sepolicy/__init__.py | 3 ++- + python/sepolicy/sepolicy/generate.py | 3 ++- + python/sepolicy/sepolicy/gui.py | 3 ++- + python/sepolicy/sepolicy/interface.py | 3 ++- + sandbox/sandbox | 3 ++- + 21 files changed, 44 insertions(+), 22 deletions(-) + +diff --git a/gui/booleansPage.py b/gui/booleansPage.py +index 5beec58bc360..ad11a9b24c79 100644 +--- a/gui/booleansPage.py ++++ b/gui/booleansPage.py +@@ -46,7 +46,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/domainsPage.py b/gui/domainsPage.py +index e08f34b4d3a9..e6eadd61c1bc 100644 +--- a/gui/domainsPage.py ++++ b/gui/domainsPage.py +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py +index bac2bec3ebbd..767664f26ec8 100644 +--- a/gui/fcontextPage.py ++++ b/gui/fcontextPage.py +@@ -55,7 +55,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/loginsPage.py b/gui/loginsPage.py +index 18b93d8c9756..7e08232a90b5 100644 +--- a/gui/loginsPage.py ++++ b/gui/loginsPage.py +@@ -37,7 +37,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/modulesPage.py b/gui/modulesPage.py +index c546d455d4cd..02b79f150a13 100644 +--- a/gui/modulesPage.py ++++ b/gui/modulesPage.py +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/polgengui.py b/gui/polgengui.py +index a18f1cba17b9..7a3ecd50c91c 100644 +--- a/gui/polgengui.py ++++ b/gui/polgengui.py +@@ -71,7 +71,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/portsPage.py b/gui/portsPage.py +index 54aa80ded327..bee2bdf17b99 100644 +--- a/gui/portsPage.py ++++ b/gui/portsPage.py +@@ -43,7 +43,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/semanagePage.py b/gui/semanagePage.py +index 1371d4e7dabe..efad14d9b375 100644 +--- a/gui/semanagePage.py ++++ b/gui/semanagePage.py +@@ -30,7 +30,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/statusPage.py b/gui/statusPage.py +index c241ef83dfa0..832849e60d60 100644 +--- a/gui/statusPage.py ++++ b/gui/statusPage.py +@@ -43,7 +43,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py +index 1b460c99363b..9f53b7fe9020 100644 +--- a/gui/system-config-selinux.py ++++ b/gui/system-config-selinux.py +@@ -53,7 +53,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/usersPage.py b/gui/usersPage.py +index d51bd968b77e..9acd3b844056 100644 +--- a/gui/usersPage.py ++++ b/gui/usersPage.py +@@ -37,7 +37,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/chcat/chcat b/python/chcat/chcat +index e779fcc6ebd7..952cb8187599 100755 +--- a/python/chcat/chcat ++++ b/python/chcat/chcat +@@ -38,9 +38,10 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext +-except ImportError: ++except: + try: + import builtins + builtins.__dict__['_'] = str +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 8f4e44a7a9cd..f45061a601f9 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py +index ff8f4e9c3008..0782c082dc0c 100644 +--- a/python/semanage/seobject.py ++++ b/python/semanage/seobject.py +@@ -42,7 +42,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py +index 56ebd807c69c..1ff307d9b27d 100644 +--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py ++++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py +@@ -19,7 +19,9 @@ + + try: + import gettext +- t = gettext.translation( 'selinux-python' ) ++ t = gettext.translation("selinux-python", ++ localedir="/usr/share/locale", ++ fallback=True) + _ = t.gettext + except: + def _(str): +diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py +index 7ebe0efa88a1..c7a70e094b0c 100755 +--- a/python/sepolicy/sepolicy.py ++++ b/python/sepolicy/sepolicy.py +@@ -36,7 +36,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py +index 95520f9bc35d..6bde1971fd7c 100644 +--- a/python/sepolicy/sepolicy/__init__.py ++++ b/python/sepolicy/sepolicy/__init__.py +@@ -31,7 +31,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py +index 3e8b9f9c291d..eff3a8973917 100644 +--- a/python/sepolicy/sepolicy/generate.py ++++ b/python/sepolicy/sepolicy/generate.py +@@ -56,7 +56,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py +index b0263740a79f..5bdbfebade1d 100644 +--- a/python/sepolicy/sepolicy/gui.py ++++ b/python/sepolicy/sepolicy/gui.py +@@ -49,7 +49,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py +index 599f97fdc6e7..43f86443f2c8 100644 +--- a/python/sepolicy/sepolicy/interface.py ++++ b/python/sepolicy/sepolicy/interface.py +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/sandbox/sandbox b/sandbox/sandbox +index 3ef444a12561..53cc504149c9 100644 +--- a/sandbox/sandbox ++++ b/sandbox/sandbox +@@ -45,7 +45,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +-- +2.36.1 + diff --git a/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch b/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch new file mode 100644 index 0000000..abb3572 --- /dev/null +++ b/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch @@ -0,0 +1,82 @@ +From afafe02fa9b6b7fdcce883c5e873d46b9d811d66 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Wed, 8 Jun 2022 19:09:54 +0200 +Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh +Content-type: text/plain + +After the last commit this option's name and description no longer +matches the semantic, so give it a new one and update the descriptions. +The old name is still recognized and aliased to the new one for +backwards compatibility. + +Signed-off-by: Ondrej Mosnacek +Acked-by: Nicolas Iooss +--- + policycoreutils/semodule/semodule.8 | 12 ++++++------ + policycoreutils/semodule/semodule.c | 13 ++++++++++--- + 2 files changed, 16 insertions(+), 9 deletions(-) + +diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 +index d1735d216276..c56e580f27b8 100644 +--- a/policycoreutils/semodule/semodule.8 ++++ b/policycoreutils/semodule/semodule.8 +@@ -23,12 +23,12 @@ force a reload of policy + .B \-B, \-\-build + force a rebuild of policy (also reloads unless \-n is used) + .TP +-.B \-\-rebuild-if-modules-changed +-Force a rebuild of the policy if any changes to module content are detected +-(by comparing with checksum from the last transaction). One can use this +-instead of \-B to ensure that any changes to the module store done by an +-external tool (e.g. a package manager) are applied, while automatically +-skipping the rebuild if there are no new changes. ++.B \-\-refresh ++Like \-\-build, but reuses existing linked policy if no changes to module ++files are detected (by comparing with checksum from the last transaction). ++One can use this instead of \-B to ensure that any changes to the module ++store done by an external tool (e.g. a package manager) are applied, while ++automatically skipping the module re-linking if there are no module changes. + .TP + .B \-D, \-\-disable_dontaudit + Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt +diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c +index 1ed8e69054e0..ec0794866daa 100644 +--- a/policycoreutils/semodule/semodule.c ++++ b/policycoreutils/semodule/semodule.c +@@ -150,9 +150,12 @@ static void usage(char *progname) + printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); + printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); + printf(" -m, --checksum print module checksum (SHA256).\n"); +- printf(" --rebuild-if-modules-changed\n" +- " force policy rebuild if module content changed since\n" +- " last rebuild (based on checksum)\n"); ++ printf(" --refresh like --build, but reuses existing linked policy if no\n" ++ " changes to module files are detected (via checksum)\n"); ++ printf("Deprecated options:\n"); ++ printf(" -b,--base same as --install\n"); ++ printf(" --rebuild-if-modules-changed\n" ++ " same as --refresh\n"); + } + + /* Sets the global mode variable to new_mode, but only if no other +@@ -185,6 +188,7 @@ static void parse_command_line(int argc, char **argv) + { + static struct option opts[] = { + {"rebuild-if-modules-changed", 0, NULL, '\0'}, ++ {"refresh", 0, NULL, '\0'}, + {"store", required_argument, NULL, 's'}, + {"base", required_argument, NULL, 'b'}, + {"help", 0, NULL, 'h'}, +@@ -225,6 +229,9 @@ static void parse_command_line(int argc, char **argv) + case '\0': + switch(longind) { + case 0: /* --rebuild-if-modules-changed */ ++ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n"); ++ /* fallthrough */ ++ case 1: /* --refresh */ + check_ext_changes = 1; + break; + default: +-- +2.36.1 + diff --git a/0014-python-Split-semanage-import-into-two-transactions.patch b/0014-python-Split-semanage-import-into-two-transactions.patch new file mode 100644 index 0000000..2cb27e6 --- /dev/null +++ b/0014-python-Split-semanage-import-into-two-transactions.patch @@ -0,0 +1,65 @@ +From 4a53c0c3ee0edba37ba8e62064175c4928f761a8 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Mon, 30 May 2022 14:20:21 +0200 +Subject: [PATCH] python: Split "semanage import" into two transactions +Content-type: text/plain + +First transaction applies all deletion operations, so that there are no +collisions when applying the rest of the changes. + +Fixes: + # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 + # semanage export | semanage import + ValueError: Port tcp/3024 already defined + +Signed-off-by: Vit Mojzis +--- + python/semanage/semanage | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/python/semanage/semanage b/python/semanage/semanage +index f45061a601f9..4e8d64d6863a 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -853,10 +853,29 @@ def handleImport(args): + trans = seobject.semanageRecords(args) + trans.start() + ++ deleteCommands = [] ++ commands = [] ++ # separate commands for deletion from the rest so they can be ++ # applied in a separate transaction + for l in sys.stdin.readlines(): + if len(l.strip()) == 0: + continue ++ if "-d" in l or "-D" in l: ++ deleteCommands.append(l) ++ else: ++ commands.append(l) ++ ++ if deleteCommands: ++ importHelper(deleteCommands) ++ trans.finish() ++ trans.start() ++ ++ importHelper(commands) ++ trans.finish() + ++ ++def importHelper(commands): ++ for l in commands: + try: + commandParser = createCommandParser() + args = commandParser.parse_args(mkargv(l)) +@@ -870,8 +889,6 @@ def handleImport(args): + except KeyboardInterrupt: + sys.exit(0) + +- trans.finish() +- + + def setupImportParser(subparsers): + importParser = subparsers.add_parser('import', help=_('Import local customizations')) +-- +2.36.1 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 85f3372..633fc69 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -11,7 +11,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 3.4 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/selinux-3.4.tar.gz @@ -42,6 +42,9 @@ Patch0008: 0008-sepolicy-generate-Handle-more-reserved-port-types.patch Patch0009: 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0010: 0010-Use-SHA-2-instead-of-SHA-1.patch Patch0011: 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch +Patch0012: 0012-gettext-handle-unsupported-languages-properly.patch +Patch0013: 0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch +Patch0014: 0014-python-Split-semanage-import-into-two-transactions.patch # Patch list end Obsoletes: policycoreutils < 2.0.61-2 @@ -469,6 +472,12 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Mon Jul 25 2022 Petr Lautrbach - 3.4- +- gettext: handle unsupported languages properly (#2100378) +- semodule: rename --rebuild-if-modules-changed to --refresh +- python: Split "semanage import" into two transactions (#2063353) +- selinux-autorelabel: Do not force reboot (#2093133) + * Fri Jul 22 2022 Fedora Release Engineering - 3.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild