From 9f31861b9976881c0535bb7be5df1bbc6e3330aa Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 21 Jan 2020 16:10:21 -0500 Subject: [PATCH] import setroubleshoot-3.3.21-1.el8 --- .gitignore | 2 +- .setroubleshoot.metadata | 2 +- ...ix-translation-of-hex-values-in-AVCs.patch | 184 ------ ...tive-polling-for-acquiring-policy-fi.patch | 75 --- ...ate-missing-scripts-to-automake-1.15.patch | 537 ------------------ SPECS/setroubleshoot.spec | 21 +- 6 files changed, 17 insertions(+), 804 deletions(-) delete mode 100644 SOURCES/0001-framework-Fix-translation-of-hex-values-in-AVCs.patch delete mode 100644 SOURCES/0002-framework-Add-active-polling-for-acquiring-policy-fi.patch delete mode 100644 SOURCES/0003-Update-missing-scripts-to-automake-1.15.patch diff --git a/.gitignore b/.gitignore index 38f18f7..0eead1b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/setroubleshoot-3.3.19.tar.gz +SOURCES/setroubleshoot-3.3.21.tar.gz diff --git a/.setroubleshoot.metadata b/.setroubleshoot.metadata index 1749a5a..55bddc9 100644 --- a/.setroubleshoot.metadata +++ b/.setroubleshoot.metadata @@ -1 +1 @@ -4205b63e367ccab3a8b671fc46602c519e161862 SOURCES/setroubleshoot-3.3.19.tar.gz +7953c5ee1c9afc998fa162cadbe0f3443b3884c0 SOURCES/setroubleshoot-3.3.21.tar.gz diff --git a/SOURCES/0001-framework-Fix-translation-of-hex-values-in-AVCs.patch b/SOURCES/0001-framework-Fix-translation-of-hex-values-in-AVCs.patch deleted file mode 100644 index 500d7ea..0000000 --- a/SOURCES/0001-framework-Fix-translation-of-hex-values-in-AVCs.patch +++ /dev/null @@ -1,184 +0,0 @@ -From c2991d1595aa57e7851bf91e2f8f7503c86af6dd Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 13 Feb 2019 10:31:15 +0100 -Subject: [PATCH 1/3] framework: Fix translation of hex values in AVCs - -Audit encloses plain text values of path, name or exe fields in double -quotes to distinguish them from hex encoded values. Use this instead of -trying to hex-translate all values. The translation is done immediately -after parsing the AVC, hence all other attempts to hex translate could -be removed. - -Use bytearray.fromhex(path).decode('utf-8') in python 3 -(str.decode('hex') is invalid). -Keep using str.decode('hex') on python 2 to avoid issues with unicode -strings (which are not accepted by libselinux functions). - -Fixes: - https://bugzilla.redhat.com/show_bug.cgi?id=1477236 - -Signed-off-by: Vit Mojzis ---- - framework/src/setroubleshoot/audit_data.py | 70 ++++++---------------- - framework/src/setroubleshoot/util.py | 11 +++- - 2 files changed, 28 insertions(+), 53 deletions(-) - -diff --git a/framework/src/setroubleshoot/audit_data.py b/framework/src/setroubleshoot/audit_data.py -index faf36f7..0d07911 100644 ---- a/framework/src/setroubleshoot/audit_data.py -+++ b/framework/src/setroubleshoot/audit_data.py -@@ -1,6 +1,7 @@ - from __future__ import absolute_import - import six - from six.moves import range -+import sys - # Authors: John Dennis - # Thomas Liu -Date: Fri, 4 Jan 2019 11:20:37 +0100 -Subject: [PATCH 2/3] framework: Add active polling for acquiring policy file - -setroubleshoot server crashes when the policy file is used by other -process. Include 10s active polling for the policy file. - -Failure to open /sys/fs/selinux/policy by sepolicy results in ValueError -"unable to open /sys/fs/selinux/policy: Device or resource busy". -As a result of a bug in audit2why.c, SystemError is currently raised -instead of ValueError. - -Resolves: rhbz#1583241 ---- - framework/src/setroubleshoot/server.py | 34 ++++++++++++++++++++++++-- - 1 file changed, 32 insertions(+), 2 deletions(-) - -diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py -index b598d32..9f25a48 100755 ---- a/framework/src/setroubleshoot/server.py -+++ b/framework/src/setroubleshoot/server.py -@@ -115,6 +115,13 @@ def sighandler(signum, frame): - return - - -+def polling_failed_handler(signum, frame): -+ log_debug("received signal=%s" % signum) -+ syslog.syslog(syslog.LOG_ERR, "/sys/fs/selinux/policy is in use by another process. Exiting!") -+ os._exit(1) -+ # TODO: change to sys.exit(1) when the bug in audti2why is fixed -+ -+ - def make_instance_id(): - import time - hostname = get_hostname() -@@ -717,10 +724,33 @@ def goodbye(database): - - - def RunFaultServer(timeout=10): -- # FIXME -- audit2why.init() -+ signal.alarm(timeout) -+ sigalrm_handler = signal.signal(signal.SIGALRM, polling_failed_handler) -+ # polling for /sys/fs/selinux/policy file -+ while True: -+ try: -+ audit2why.init() -+ signal.alarm(0) -+ break -+ # retry if init() failed to open /sys/fs/selinux/policy -+ except ValueError as e: -+ # The value error contains the following error message, -+ # followed by strerror string (which can differ with localization) -+ if "unable to open /sys/fs/selinux/policy" in str(e): -+ continue -+ raise e -+ except SystemError as e: -+ # As a result of a bug in audit2why.c, SystemError is raised instead of ValueError. -+ # Python reports: "SystemError occurs as a direct cause of ValueError" -+ # Error message of the ValueError is stored in __context__ -+ # TODO: remove this except clause when the bug in audti2why is fixed -+ if "unable to open /sys/fs/selinux/policy" in str(getattr(e, "__context__", "")): -+ continue -+ raise e -+ - global host_database, analysis_queue, email_recipients - -+ signal.signal(signal.SIGALRM, sigalrm_handler) - signal.signal(signal.SIGHUP, sighandler) - - #interface_registry.dump_interfaces() --- -2.17.2 - diff --git a/SOURCES/0003-Update-missing-scripts-to-automake-1.15.patch b/SOURCES/0003-Update-missing-scripts-to-automake-1.15.patch deleted file mode 100644 index f439277..0000000 --- a/SOURCES/0003-Update-missing-scripts-to-automake-1.15.patch +++ /dev/null @@ -1,537 +0,0 @@ -From ed93fab98bfd0b52bb407ce294b0ffdafca8389a Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 25 Mar 2019 14:01:49 +0100 -Subject: [PATCH 3/3] Update "missing" scripts to automake-1.15 - -Fixes: - $./framework/autogen.sh - ... - setroubleshoot/framework/missing: Unknown `--is-lightweight' option - Try `setroubleshoot/framework/missing --help' for more information - configure: WARNING: 'missing' script is too old or missing - ... - -Signed-off-by: Vit Mojzis ---- - framework/missing | 465 +++++++++++++++------------------------------- - 1 file changed, 152 insertions(+), 313 deletions(-) - -diff --git a/framework/missing b/framework/missing -index 28055d2..b7e571e 100755 ---- a/framework/missing -+++ b/framework/missing -@@ -1,11 +1,10 @@ --#! /bin/sh --# Common stub for a few missing GNU programs while installing. -+#!/bin/sh -+# Common wrapper for a few potentially missing GNU programs. - --scriptversion=2009-04-28.21; # UTC -+scriptversion=2016-01-11.22; # UTC - --# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, --# 2008, 2009 Free Software Foundation, Inc. --# Originally by Fran,cois Pinard , 1996. -+# Copyright (C) 1996-2017 Free Software Foundation, Inc. -+# Originally written by Fran,cois Pinard , 1996. - - # This program is free software; you can redistribute it and/or modify - # it under the terms of the GNU General Public License as published by -@@ -26,69 +25,40 @@ scriptversion=2009-04-28.21; # UTC - # the same distribution terms that you use for the rest of that program. - - if test $# -eq 0; then -- echo 1>&2 "Try \`$0 --help' for more information" -+ echo 1>&2 "Try '$0 --help' for more information" - exit 1 - fi - --run=: --sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' --sed_minuso='s/.* -o \([^ ]*\).*/\1/p' -- --# In the cases where this matters, `missing' is being run in the --# srcdir already. --if test -f configure.ac; then -- configure_ac=configure.ac --else -- configure_ac=configure.in --fi -+case $1 in - --msg="missing on your system" -+ --is-lightweight) -+ # Used by our autoconf macros to check whether the available missing -+ # script is modern enough. -+ exit 0 -+ ;; - --case $1 in ----run) -- # Try to run requested program, and just exit if it succeeds. -- run= -- shift -- "$@" && exit 0 -- # Exit code 63 means version mismatch. This often happens -- # when the user try to use an ancient version of a tool on -- # a file that requires a minimum version. In this case we -- # we should proceed has if the program had been absent, or -- # if --run hadn't been passed. -- if test $? = 63; then -- run=: -- msg="probably too old" -- fi -- ;; -+ --run) -+ # Back-compat with the calling convention used by older automake. -+ shift -+ ;; - - -h|--h|--he|--hel|--help) - echo "\ - $0 [OPTION]... PROGRAM [ARGUMENT]... - --Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an --error status if there is no known handling for PROGRAM. -+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due -+to PROGRAM being missing or too old. - - Options: - -h, --help display this help and exit - -v, --version output version information and exit -- --run try to run the given command, and emulate it if it fails - - Supported PROGRAM values: -- aclocal touch file \`aclocal.m4' -- autoconf touch file \`configure' -- autoheader touch file \`config.h.in' -- autom4te touch the output file, or create a stub one -- automake touch all \`Makefile.in' files -- bison create \`y.tab.[ch]', if possible, from existing .[ch] -- flex create \`lex.yy.c', if possible, from existing .c -- help2man touch the output file -- lex create \`lex.yy.c', if possible, from existing .c -- makeinfo touch the output file -- tar try tar, gnutar, gtar, then tar without non-portable flags -- yacc create \`y.tab.[ch]', if possible, from existing .[ch] -+ aclocal autoconf autoheader autom4te automake makeinfo -+ bison yacc flex lex help2man - --Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and --\`g' are ignored when checking the name. -+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and -+'g' are ignored when checking the name. - - Send bug reports to ." - exit $? -@@ -100,277 +70,146 @@ Send bug reports to ." - ;; - - -*) -- echo 1>&2 "$0: Unknown \`$1' option" -- echo 1>&2 "Try \`$0 --help' for more information" -+ echo 1>&2 "$0: unknown '$1' option" -+ echo 1>&2 "Try '$0 --help' for more information" - exit 1 - ;; - - esac - --# normalize program name to check for. --program=`echo "$1" | sed ' -- s/^gnu-//; t -- s/^gnu//; t -- s/^g//; t'` -- --# Now exit if we have it, but it failed. Also exit now if we --# don't have it and --version was passed (most likely to detect --# the program). This is about non-GNU programs, so use $1 not --# $program. --case $1 in -- lex*|yacc*) -- # Not GNU programs, they don't have --version. -- ;; -- -- tar*) -- if test -n "$run"; then -- echo 1>&2 "ERROR: \`tar' requires --run" -- exit 1 -- elif test "x$2" = "x--version" || test "x$2" = "x--help"; then -- exit 1 -- fi -- ;; -- -- *) -- if test -z "$run" && ($1 --version) > /dev/null 2>&1; then -- # We have it, but it failed. -- exit 1 -- elif test "x$2" = "x--version" || test "x$2" = "x--help"; then -- # Could not run --version or --help. This is probably someone -- # running `$TOOL --version' or `$TOOL --help' to check whether -- # $TOOL exists and not knowing $TOOL uses missing. -- exit 1 -- fi -- ;; --esac -- --# If it does not exist, or fails to run (possibly an outdated version), --# try to emulate it. --case $program in -- aclocal*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified \`acinclude.m4' or \`${configure_ac}'. You might want -- to install the \`Automake' and \`Perl' packages. Grab them from -- any GNU archive site." -- touch aclocal.m4 -- ;; -- -- autoconf*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified \`${configure_ac}'. You might want to install the -- \`Autoconf' and \`GNU m4' packages. Grab them from any GNU -- archive site." -- touch configure -- ;; -- -- autoheader*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified \`acconfig.h' or \`${configure_ac}'. You might want -- to install the \`Autoconf' and \`GNU m4' packages. Grab them -- from any GNU archive site." -- files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` -- test -z "$files" && files="config.h" -- touch_files= -- for f in $files; do -- case $f in -- *:*) touch_files="$touch_files "`echo "$f" | -- sed -e 's/^[^:]*://' -e 's/:.*//'`;; -- *) touch_files="$touch_files $f.in";; -- esac -- done -- touch $touch_files -- ;; -- -- automake*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. -- You might want to install the \`Automake' and \`Perl' packages. -- Grab them from any GNU archive site." -- find . -type f -name Makefile.am -print | -- sed 's/\.am$/.in/' | -- while read f; do touch "$f"; done -- ;; -- -- autom4te*) -- echo 1>&2 "\ --WARNING: \`$1' is needed, but is $msg. -- You might have modified some files without having the -- proper tools for further handling them. -- You can get \`$1' as part of \`Autoconf' from any GNU -- archive site." -- -- file=`echo "$*" | sed -n "$sed_output"` -- test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` -- if test -f "$file"; then -- touch $file -- else -- test -z "$file" || exec >$file -- echo "#! /bin/sh" -- echo "# Created by GNU Automake missing as a replacement of" -- echo "# $ $@" -- echo "exit 0" -- chmod +x $file -- exit 1 -- fi -- ;; -- -- bison*|yacc*) -- echo 1>&2 "\ --WARNING: \`$1' $msg. You should only need it if -- you modified a \`.y' file. You may need the \`Bison' package -- in order for those modifications to take effect. You can get -- \`Bison' from any GNU archive site." -- rm -f y.tab.c y.tab.h -- if test $# -ne 1; then -- eval LASTARG="\${$#}" -- case $LASTARG in -- *.y) -- SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` -- if test -f "$SRCFILE"; then -- cp "$SRCFILE" y.tab.c -- fi -- SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` -- if test -f "$SRCFILE"; then -- cp "$SRCFILE" y.tab.h -- fi -- ;; -- esac -- fi -- if test ! -f y.tab.h; then -- echo >y.tab.h -- fi -- if test ! -f y.tab.c; then -- echo 'main() { return 0; }' >y.tab.c -- fi -- ;; -- -- lex*|flex*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified a \`.l' file. You may need the \`Flex' package -- in order for those modifications to take effect. You can get -- \`Flex' from any GNU archive site." -- rm -f lex.yy.c -- if test $# -ne 1; then -- eval LASTARG="\${$#}" -- case $LASTARG in -- *.l) -- SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` -- if test -f "$SRCFILE"; then -- cp "$SRCFILE" lex.yy.c -- fi -- ;; -- esac -- fi -- if test ! -f lex.yy.c; then -- echo 'main() { return 0; }' >lex.yy.c -- fi -- ;; -- -- help2man*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified a dependency of a manual page. You may need the -- \`Help2man' package in order for those modifications to take -- effect. You can get \`Help2man' from any GNU archive site." -- -- file=`echo "$*" | sed -n "$sed_output"` -- test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` -- if test -f "$file"; then -- touch $file -- else -- test -z "$file" || exec >$file -- echo ".ab help2man is required to generate this page" -- exit $? -- fi -- ;; -- -- makeinfo*) -- echo 1>&2 "\ --WARNING: \`$1' is $msg. You should only need it if -- you modified a \`.texi' or \`.texinfo' file, or any other file -- indirectly affecting the aspect of the manual. The spurious -- call might also be the consequence of using a buggy \`make' (AIX, -- DU, IRIX). You might want to install the \`Texinfo' package or -- the \`GNU make' package. Grab either from any GNU archive site." -- # The file to touch is that specified with -o ... -- file=`echo "$*" | sed -n "$sed_output"` -- test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` -- if test -z "$file"; then -- # ... or it is the one specified with @setfilename ... -- infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` -- file=`sed -n ' -- /^@setfilename/{ -- s/.* \([^ ]*\) *$/\1/ -- p -- q -- }' $infile` -- # ... or it is derived from the source name (dir/f.texi becomes f.info) -- test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info -- fi -- # If the file does not exist, the user really needs makeinfo; -- # let's fail without touching anything. -- test -f $file || exit 1 -- touch $file -- ;; -- -- tar*) -- shift -- -- # We have already tried tar in the generic part. -- # Look for gnutar/gtar before invocation to avoid ugly error -- # messages. -- if (gnutar --version > /dev/null 2>&1); then -- gnutar "$@" && exit 0 -- fi -- if (gtar --version > /dev/null 2>&1); then -- gtar "$@" && exit 0 -- fi -- firstarg="$1" -- if shift; then -- case $firstarg in -- *o*) -- firstarg=`echo "$firstarg" | sed s/o//` -- tar "$firstarg" "$@" && exit 0 -- ;; -- esac -- case $firstarg in -- *h*) -- firstarg=`echo "$firstarg" | sed s/h//` -- tar "$firstarg" "$@" && exit 0 -- ;; -- esac -- fi -- -- echo 1>&2 "\ --WARNING: I can't seem to be able to run \`tar' with the given arguments. -- You may want to install GNU tar or Free paxutils, or check the -- command line arguments." -- exit 1 -- ;; -- -- *) -- echo 1>&2 "\ --WARNING: \`$1' is needed, and is $msg. -- You might have modified some files without having the -- proper tools for further handling them. Check the \`README' file, -- it often tells you about the needed prerequisites for installing -- this package. You may also peek at any GNU archive site, in case -- some other package would contain this missing \`$1' program." -- exit 1 -- ;; --esac -+# Run the given program, remember its exit status. -+"$@"; st=$? -+ -+# If it succeeded, we are done. -+test $st -eq 0 && exit 0 -+ -+# Also exit now if we it failed (or wasn't found), and '--version' was -+# passed; such an option is passed most likely to detect whether the -+# program is present and works. -+case $2 in --version|--help) exit $st;; esac -+ -+# Exit code 63 means version mismatch. This often happens when the user -+# tries to use an ancient version of a tool on a file that requires a -+# minimum version. -+if test $st -eq 63; then -+ msg="probably too old" -+elif test $st -eq 127; then -+ # Program was missing. -+ msg="missing on your system" -+else -+ # Program was found and executed, but failed. Give up. -+ exit $st -+fi - --exit 0 -+perl_URL=http://www.perl.org/ -+flex_URL=http://flex.sourceforge.net/ -+gnu_software_URL=http://www.gnu.org/software -+ -+program_details () -+{ -+ case $1 in -+ aclocal|automake) -+ echo "The '$1' program is part of the GNU Automake package:" -+ echo "<$gnu_software_URL/automake>" -+ echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" -+ echo "<$gnu_software_URL/autoconf>" -+ echo "<$gnu_software_URL/m4/>" -+ echo "<$perl_URL>" -+ ;; -+ autoconf|autom4te|autoheader) -+ echo "The '$1' program is part of the GNU Autoconf package:" -+ echo "<$gnu_software_URL/autoconf/>" -+ echo "It also requires GNU m4 and Perl in order to run:" -+ echo "<$gnu_software_URL/m4/>" -+ echo "<$perl_URL>" -+ ;; -+ esac -+} -+ -+give_advice () -+{ -+ # Normalize program name to check for. -+ normalized_program=`echo "$1" | sed ' -+ s/^gnu-//; t -+ s/^gnu//; t -+ s/^g//; t'` -+ -+ printf '%s\n' "'$1' is $msg." -+ -+ configure_deps="'configure.ac' or m4 files included by 'configure.ac'" -+ case $normalized_program in -+ autoconf*) -+ echo "You should only need it if you modified 'configure.ac'," -+ echo "or m4 files included by it." -+ program_details 'autoconf' -+ ;; -+ autoheader*) -+ echo "You should only need it if you modified 'acconfig.h' or" -+ echo "$configure_deps." -+ program_details 'autoheader' -+ ;; -+ automake*) -+ echo "You should only need it if you modified 'Makefile.am' or" -+ echo "$configure_deps." -+ program_details 'automake' -+ ;; -+ aclocal*) -+ echo "You should only need it if you modified 'acinclude.m4' or" -+ echo "$configure_deps." -+ program_details 'aclocal' -+ ;; -+ autom4te*) -+ echo "You might have modified some maintainer files that require" -+ echo "the 'autom4te' program to be rebuilt." -+ program_details 'autom4te' -+ ;; -+ bison*|yacc*) -+ echo "You should only need it if you modified a '.y' file." -+ echo "You may want to install the GNU Bison package:" -+ echo "<$gnu_software_URL/bison/>" -+ ;; -+ lex*|flex*) -+ echo "You should only need it if you modified a '.l' file." -+ echo "You may want to install the Fast Lexical Analyzer package:" -+ echo "<$flex_URL>" -+ ;; -+ help2man*) -+ echo "You should only need it if you modified a dependency" \ -+ "of a man page." -+ echo "You may want to install the GNU Help2man package:" -+ echo "<$gnu_software_URL/help2man/>" -+ ;; -+ makeinfo*) -+ echo "You should only need it if you modified a '.texi' file, or" -+ echo "any other file indirectly affecting the aspect of the manual." -+ echo "You might want to install the Texinfo package:" -+ echo "<$gnu_software_URL/texinfo/>" -+ echo "The spurious makeinfo call might also be the consequence of" -+ echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" -+ echo "want to install GNU make:" -+ echo "<$gnu_software_URL/make/>" -+ ;; -+ *) -+ echo "You might have modified some files without having the proper" -+ echo "tools for further handling them. Check the 'README' file, it" -+ echo "often tells you about the needed prerequisites for installing" -+ echo "this package. You may also peek at any GNU archive site, in" -+ echo "case some other package contains this missing '$1' program." -+ ;; -+ esac -+} -+ -+give_advice "$1" | sed -e '1s/^/WARNING: /' \ -+ -e '2,$s/^/ /' >&2 -+ -+# Propagate the correct exit status (expected to be 127 for a program -+# not found, 63 for a program that failed due to version mismatch). -+exit $st - - # Local variables: - # eval: (add-hook 'write-file-hooks 'time-stamp) - # time-stamp-start: "scriptversion=" - # time-stamp-format: "%:y-%02m-%02d.%02H" --# time-stamp-time-zone: "UTC" -+# time-stamp-time-zone: "UTC0" - # time-stamp-end: "; # UTC" - # End: --- -2.17.2 - diff --git a/SPECS/setroubleshoot.spec b/SPECS/setroubleshoot.spec index 5b90d56..8b79e71 100644 --- a/SPECS/setroubleshoot.spec +++ b/SPECS/setroubleshoot.spec @@ -1,14 +1,11 @@ Summary: Helps troubleshoot SELinux problems Name: setroubleshoot -Version: 3.3.19 -Release: 2%{?dist} +Version: 3.3.21 +Release: 1%{?dist} License: GPLv2+ URL: https://pagure.io/setroubleshoot Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz Source1: %{name}.tmpfiles -Patch0: 0001-framework-Fix-translation-of-hex-values-in-AVCs.patch -Patch1: 0002-framework-Add-active-polling-for-acquiring-policy-fi.patch -Patch2: 0003-Update-missing-scripts-to-automake-1.15.patch BuildRequires: gcc BuildRequires: libcap-ng-devel BuildRequires: intltool gettext python3 python3-devel @@ -179,7 +176,8 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir} %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf %attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir} %ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase} -%ghost %attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients +%ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients +%{_mandir}/man1/seapplet.1.gz %{_mandir}/man8/sealert.8.gz %{_mandir}/man8/sedispatch.8.gz %{_mandir}/man8/setroubleshootd.8.gz @@ -205,6 +203,17 @@ SELinux troubleshoot legacy applet %{_bindir}/seappletlegacy %changelog +* Wed Dec 11 2019 Vit Mojzis - 3.3.21-1 +- Use dbus.mainloop.glib.DBusGMainLoop() instead of dbus.glib +- Fix AVC.__typeMatch to handle aliases properly +- Handle sockets with abstract path properly (#1775135) + +* Fri Aug 16 2019 Vit Mojzis - 3.3.20-2 +- Fix file mode of email_alert_recipients (#1741960) + +* Wed Jul 17 2019 Vit Mojzis - 3.3.20-1 +- Add man page for seapplet (#1612529) + * Tue May 14 2019 Vit Mojzis - 3.3.19-2 - Update "missing" scripts to automake-1.15 - Add active polling for acquiring policy file