import setroubleshoot-3.3.28-2.el9

.gitignore

@@ -1 +1 @@
-SOURCES/setroubleshoot-3.3.26.tar.gz
+SOURCES/setroubleshoot-3.3.28.tar.gz

.setroubleshoot.metadata

@@ -1 +1 @@
-dab49dd85f3d8489fef60d2b94c4931cc9c473ea SOURCES/setroubleshoot-3.3.26.tar.gz
+eb4157d8dd3dd8e09ef7d34bc863d37898ef2d27 SOURCES/setroubleshoot-3.3.28.tar.gz

SOURCES/0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch

@@ -1,45 +0,0 @@
-From 56cf1525b5ebeb3591d4a3ded5299fe82d0f9208 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Wed, 14 Apr 2021 17:03:39 +0200
-Subject: [PATCH] Stop SetroubleshootFixit after 10 seconds of inactivity
-
----
- framework/src/SetroubleshootFixit.py | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
-index 15c6cab1cda4..f7cbf95f182f 100644
---- a/framework/src/SetroubleshootFixit.py
-+++ b/framework/src/SetroubleshootFixit.py
-@@ -7,6 +7,7 @@ from gi.repository import GLib
- import slip.dbus.service
- from slip.dbus import polkit
- import os
-+import signal
- 
- 
- class RunFix(slip.dbus.service.Object):
-@@ -14,12 +15,20 @@ class RunFix(slip.dbus.service.Object):
- 
-     def __init__(self, *p, **k):
-         super(RunFix, self).__init__(*p, **k)
-+        self.timeout = 10
-+        self.alarm(self.timeout)
-+
-+    def alarm(self, timeout=10):
-+        signal.alarm(timeout)
-+
- 
-     @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
-     def run_fix(self, local_id, analysis_id):
-         import subprocess
-+        self.alarm(0)
-         command = ["sealert", "-f", local_id, "-P", analysis_id]
-         return subprocess.check_output(command, universal_newlines=True)
-+        self.alarm(self.timeout)
- 
- if __name__ == "__main__":
-     mainloop = GLib.MainLoop()
--- 
-2.31.1
-

SOURCES/0002-Do-not-use-Python-slip-package.patch

@@ -1,103 +0,0 @@
-From 65145c512908badc45fbab8f3b329e9923b42fb1 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Wed, 14 Apr 2021 17:04:59 +0200
-Subject: [PATCH] Do not use Python slip package
-
-It's not maintained anymore and it allows us to drop dependency on
-Python slip package
-
-Use DBUS polkit interface instead -
-https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html
----
- framework/src/SetroubleshootFixit.py    | 35 ++++++++++++++++++-------
- framework/src/setroubleshoot/browser.py |  3 ---
- 2 files changed, 25 insertions(+), 13 deletions(-)
-
-diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
-index f7cbf95f182f..ab0ad2bf632c 100644
---- a/framework/src/SetroubleshootFixit.py
-+++ b/framework/src/SetroubleshootFixit.py
-@@ -4,13 +4,11 @@ import dbus
- import dbus.service
- import dbus.mainloop.glib
- from gi.repository import GLib
--import slip.dbus.service
--from slip.dbus import polkit
- import os
- import signal
-+import subprocess
- 
--
--class RunFix(slip.dbus.service.Object):
-+class RunFix(dbus.service.Object):
-     default_polkit_auth_required = "org.fedoraproject.setroubleshootfixit.write"
- 
-     def __init__(self, *p, **k):
-@@ -21,14 +19,32 @@ class RunFix(slip.dbus.service.Object):
-     def alarm(self, timeout=10):
-         signal.alarm(timeout)
- 
--
--    @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
--    def run_fix(self, local_id, analysis_id):
--        import subprocess
-+    def is_authorized(self, sender):
-+        bus = dbus.SystemBus()
-+
-+        proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
-+        authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
-+        subject = ('system-bus-name', {'name' : sender})
-+        action_id = 'org.fedoraproject.setroubleshootfixit.write'
-+        details = {}
-+        flags = 1            # AllowUserInteraction flag
-+        cancellation_id = '' # No cancellation id
-+        result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)
-+        return result[0]
-+
-+    @dbus.service.method("org.fedoraproject.SetroubleshootFixit", sender_keyword="sender", in_signature='ss', out_signature='s')
-+    def run_fix(self, local_id, analysis_id, sender):
-         self.alarm(0)
-         command = ["sealert", "-f", local_id, "-P", analysis_id]
--        return subprocess.check_output(command, universal_newlines=True)
-+
-+        if self.is_authorized(sender):
-+            result = subprocess.check_output(command, universal_newlines=True)
-+        else:
-+            result = "Authorization failed"
-+
-         self.alarm(self.timeout)
-+        return result
-+
- 
- if __name__ == "__main__":
-     mainloop = GLib.MainLoop()
-@@ -36,5 +52,4 @@ if __name__ == "__main__":
-     system_bus = dbus.SystemBus()
-     name = dbus.service.BusName("org.fedoraproject.SetroubleshootFixit", system_bus)
-     object = RunFix(system_bus, "/org/fedoraproject/SetroubleshootFixit/object")
--    slip.dbus.service.set_mainloop(mainloop)
-     mainloop.run()
-diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
-index 2d37bb43df02..3203f75e0c17 100644
---- a/framework/src/setroubleshoot/browser.py
-+++ b/framework/src/setroubleshoot/browser.py
-@@ -65,8 +65,6 @@ from setroubleshoot.util import *
- from setroubleshoot.html_util import html_to_text
- import re
- import dbus
--import slip.dbus.service
--from slip.dbus import polkit
- import report
- import report.io
- import report.io.GTKIO
-@@ -933,7 +931,6 @@ class DBusProxy (object):
-         self.bus = dbus.SystemBus()
-         self.dbus_object = self.bus.get_object("org.fedoraproject.SetroubleshootFixit", "/org/fedoraproject/SetroubleshootFixit/object")
- 
--    @polkit.enable_proxy
-     def run_fix(self, local_id, plugin_name):
-         return self.dbus_object.run_fix(local_id, plugin_name, dbus_interface="org.fedoraproject.SetroubleshootFixit")
- 
--- 
-2.31.1
-

SOURCES/0003-sedispatch-improve-performance.patch

@@ -1,163 +0,0 @@
-From 46369d08223e06fb7884a4e65ff47a3b0b828f25 Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Thu, 15 Jul 2021 13:22:59 +0200
-Subject: [PATCH] sedispatch: improve performance
-
-sedispatch is pretty much the slowest audit relatedplugin. It was mixing
-descriptors (select) and FILE functions (fgets) which is not a good recipe.
-
-It's reworked to only use descriptors. Also the flow is updated to
-follow the latest plugin recommendations. This makes it run almost twice
-as fast. The call to auparse_set_eoe_timeout() requires audit 3.0.1.
----
- src/sedispatch.c | 72 +++++++++++++++++++++++++-----------------------
- 1 file changed, 38 insertions(+), 34 deletions(-)
-
-diff --git a/framework/src/sedispatch.c b/framework/src/sedispatch.c
-index 2fa94fd85cc3..49c2fce2a333 100644
---- a/framework/src/sedispatch.c
-+++ b/framework/src/sedispatch.c
-@@ -1,5 +1,5 @@
- /* sedispatch.c --
-- * Copyright 2009 Red Hat Inc., Durham, North Carolina.
-+ * Copyright 2009,2021 Red Hat Inc.
-  * All Rights Reserved.
-  *
-  * This program is free software; you can redistribute it and/or modify
-@@ -30,14 +30,14 @@
-  *
-  */
- 
--#define _GNU_SOURCE
--#include <stdio.h>
- #include <stdlib.h>
- #include <signal.h>
- #include <string.h>
- #include <sys/time.h>
- #include <sys/types.h>
- #include <unistd.h>
-+#include <fcntl.h>
-+#include <errno.h>
- #include "libaudit.h"
- #include "auparse.h"
- #include "sedbus.h"
-@@ -101,8 +101,6 @@ int main(int argc __attribute__((unused)), char *argv[] __attribute__((unused)))
- {
- 	char tmp[MAX_AUDIT_MESSAGE_LENGTH+1];
- 	struct sigaction sa;
--	fd_set rfds;
--	struct timeval tv;
- 
- 	/* Register sighandlers */
- 	sa.sa_flags = 0;
-@@ -113,6 +111,9 @@ int main(int argc __attribute__((unused)), char *argv[] __attribute__((unused)))
- 	sa.sa_handler = hup_handler;
- 	sigaction(SIGHUP, &sa, NULL);
- 
-+	/* Set STDIN non-blocking */
-+	fcntl(0, F_SETFL, O_NONBLOCK);
-+
- 	/* Initialize the auparse library */
- 	au = auparse_init(AUSOURCE_FEED, 0);
- 	if (au == NULL) {
-@@ -120,37 +121,49 @@ int main(int argc __attribute__((unused)), char *argv[] __attribute__((unused)))
- 		return -1;
- 	}
- 
-+	auparse_set_eoe_timeout(2);
- 	auparse_add_callback(au, handle_event, NULL, NULL);
-+
- #ifdef HAVE_LIBCAP_NG
- 	capng_clear(CAPNG_SELECT_BOTH);
- 	capng_apply(CAPNG_SELECT_BOTH);
- #endif
-+
- 	do {
-+		fd_set rfds;
-+		int retval;
-+		int read_size = 1; /* Set to 1 so it's not EOF */
-+
- 		/* Load configuration */
- 		if (hup) {
- 			reload_config();
- 		}
- 
--		/* Now the event loop */
--		while (fgets_unlocked(tmp, MAX_AUDIT_MESSAGE_LENGTH, stdin) &&
--							hup==0 && stop==0) {
--			auparse_feed(au, tmp, strnlen(tmp,
--						MAX_AUDIT_MESSAGE_LENGTH));
--
--			/* Wait for 3 seconds and if nothing has happen expect that the event
--			 * is complete and flush parser's feed
--			 * FIXME: in future, libaudit will provide a better mechanism for aging
--			 * events
--			 */
-+		do {
- 			FD_ZERO(&rfds);
- 			FD_SET(0, &rfds);
--			tv.tv_sec = 3;
--			tv.tv_usec = 0;
--			if (select(1, &rfds, NULL, NULL, &tv) == 0)
--				/* The timeout occurred, the event is probably complete */
--				auparse_flush_feed(au);
-+
-+			if (auparse_feed_has_data(au)) {
-+				// We'll do a 1 second timeout to try to
-+				// age events as quick as possible
-+				struct timeval tv;
-+				tv.tv_sec = 1;
-+				tv.tv_usec = 0;
-+				retval = select(1, &rfds, NULL, NULL, &tv);
-+			} else
-+				retval = select(1, &rfds, NULL, NULL, NULL);
-+
-+			/* If we timed out & have events, shake them loose */
-+			if (retval == 0 && auparse_feed_has_data(au))
-+				auparse_feed_age_events(au);
-+		} while (retval == -1 && errno == EINTR && !hup && !stop);
-+
-+		/* Handle the event */
-+		if (!hup && !stop && retval > 0) {
-+			read_size = read(0, tmp, MAX_AUDIT_MESSAGE_LENGTH);
-+			auparse_feed(au, tmp, read_size);
- 		}
--		if (feof(stdin))
-+		if (read_size == 0) /* EOF */
- 			break;
- 	} while (stop == 0);
- 
-@@ -178,7 +191,6 @@ static void dump_whole_record(auparse_state_t *au, void *conn)
- {
- 	size_t size = 1;
-         char *tmp = NULL, *end=NULL;
--	int i = 0;
- 	const char * rec = NULL;
- 	const char *scon = auparse_find_field(au, "scontext");
- 	const char *tcon = auparse_find_field(au, "tcontext");
-@@ -234,19 +246,11 @@ static void handle_event(auparse_state_t *au,
- 	   move the cursor accidentally skipping a record. */
- 	while (auparse_goto_record_num(au, num) > 0) {
- 		type = auparse_get_type(au);
--		/* Now we can branch based on what record type we find.
--		   This is just a few suggestions, but it could be anything. */
-+		/* Only handle AVCs. */
- 		switch (type) {
- 			case AUDIT_AVC:
--				dump_whole_record(au, conn); 
--				break;
--			case AUDIT_SYSCALL:
--				break;
--			case AUDIT_USER_LOGIN:
--				break;
--			case AUDIT_ANOM_ABEND:
--				break;
--			case AUDIT_MAC_STATUS:
-+				dump_whole_record(au, conn);
-+				return;
- 				break;
- 			default:
- 				break;
--- 
-2.32.0
-

SOURCES/0004-sedispatch-improve-performance-using-cache-friendly-.patch

@@ -1,83 +0,0 @@
-From ed6c940c8b05baaf8a4318beccde896893cc32dd Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Thu, 15 Jul 2021 13:29:32 +0200
-Subject: [PATCH] sedispatch: improve performance using cache friendly api
-
-It turns out that using auparse_goto_record_num() is not cache friendly.
-Since it is only processing AVC events, there is no chance of seeking
-around and missing the AVC record. So, that part of the program is
-switched out to use auparse_next_record() which only moves through the
-event once.
-
-Also unused variables were remove and the loop simplified.
-
-This change gets about 9% more speed. For reference, this
-is how I checked the speed:
-
-time ./sedispatch < /var/log/audit/audit.log >/dev/null
----
- src/sedispatch.c | 36 +++++++++++-------------------------
- 1 file changed, 11 insertions(+), 25 deletions(-)
-
-diff --git a/framework/src/sedispatch.c b/framework/src/sedispatch.c
-index 49c2fce2a333..f2e9fbaf0743 100644
---- a/framework/src/sedispatch.c
-+++ b/framework/src/sedispatch.c
-@@ -187,7 +187,7 @@ static int is_setroubleshoot(const char *context) {
- }
- 
- /* This function shows how to dump a whole record's text */
--static void dump_whole_record(auparse_state_t *au, void *conn)
-+static void dump_whole_record(auparse_state_t *au)
- {
- 	size_t size = 1;
-         char *tmp = NULL, *end=NULL;
-@@ -228,35 +228,21 @@ static void dump_whole_record(auparse_state_t *au, void *conn)
- }
- 
- 
--/* This function receives a single complete event at a time from the auparse
-- * library. This is where the main analysis code would be added. */
-+/* This function receives a single complete event from auparse. Internal
-+ * cursors are on the first record. This is where the analysis occurs. */
- static void handle_event(auparse_state_t *au,
- 		auparse_cb_event_t cb_event_type, void *user_data)
- {
--	int type, num=0;
--
--	DBusConnection* conn = 
--		(DBusConnection*) user_data; 
--
--	if (cb_event_type != AUPARSE_CB_EVENT_READY)
--		return;
--
--	/* Loop through the records in the event looking for one to process.
--	   We use physical record number because we may search around and
--	   move the cursor accidentally skipping a record. */
--	while (auparse_goto_record_num(au, num) > 0) {
--		type = auparse_get_type(au);
-+	/* Loop through the records looking for an AVC. If we ever process
-+	 * other record types without directly returning, we may need to use
-+	 * auparse_goto_record_num() to ensure seeing each record. */
-+	do {
- 		/* Only handle AVCs. */
--		switch (type) {
--			case AUDIT_AVC:
--				dump_whole_record(au, conn);
--				return;
--				break;
--			default:
--				break;
-+		if (auparse_get_type(au) == AUDIT_AVC) {
-+			dump_whole_record(au);
-+			return;
- 		}
--		num++;
--	}
-+	} while (auparse_next_record(au) > 0);
- }
- 
- #ifdef NOTUSED
--- 
-2.32.0
-

SOURCES/0005-auparse_set_eoe_timeout-requires-audit-libauparse-3..patch

@@ -1,25 +0,0 @@
-From 4041744bc94ee94a5d6ba59dd398e2eaae790b97 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Fri, 16 Jul 2021 11:03:47 +0200
-Subject: [PATCH] auparse_set_eoe_timeout() requires audit / libauparse 3.0.1
-
----
- configure.ac | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/framework/configure.ac b/framework/configure.ac
-index d1d01766e4a0..0fba58dca9d2 100644
---- a/framework/configure.ac
-+++ b/framework/configure.ac
-@@ -13,6 +13,8 @@ PKG_CHECK_MODULES([NOTIFY], [libnotify])
- PKG_CHECK_MODULES([SEAPPLETLEGACY], [gtk+-2.0 gio-unix-2.0 libnotify dbus-glib-1],
- 				    [seappletlegacy=yes], [seappletlegacy=no])
- PKG_CHECK_MODULES([SEAPPLET], [gtk+-3.0])
-+# auparse_set_eoe_timeout() requires libauparse 3.0.1
-+PKG_CHECK_MODULES([SEDISPATCH], [auparse >= 3.0.1])
- 
- # make sure we keep ACLOCAL_FLAGS around for maintainer builds to work
- AC_SUBST(ACLOCAL_AMFLAGS, "\${ACLOCAL_FLAGS}")
--- 
-2.32.0
-

SOURCES/setroubleshoot.sysusers

@@ -0,0 +1 @@
+u setroubleshoot - "SELinux troubleshoot server" /var/lib/setroubleshoot

SOURCES/setroubleshoot.tmpfiles

@@ -1 +1,2 @@
 d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
+Z /var/lib/setroubleshoot - setroubleshoot setroubleshoot -

SPECS/setroubleshoot.spec

@@ -3,19 +3,15 @@
 
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
-Version: 3.3.26
+Version: 3.3.28
-Release: 5%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
-URL: https://pagure.io/setroubleshoot
+URL: https://gitlab.com/setroubleshoot/setroubleshoot
-Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
+Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
 Source1: %{name}.tmpfiles
-# git format-patch -N setroubleshoot-3.3.26 -- framework
+Source2: %{name}.sysusers
+# git format-patch -N 3.3.27
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
-Patch0001: 0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
-Patch0002: 0002-Do-not-use-Python-slip-package.patch
-Patch0003: 0003-sedispatch-improve-performance.patch
-Patch0004: 0004-sedispatch-improve-performance-using-cache-friendly-.patch
-Patch0005: 0005-auparse_set_eoe_timeout-requires-audit-libauparse-3..patch
 BuildRequires: gcc
 BuildRequires: make
 BuildRequires: libcap-ng-devel
@@ -23,6 +19,8 @@ BuildRequires: intltool gettext python3 python3-devel
 BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel libselinux-devel polkit-devel
 BuildRequires: audit-libs-devel >= 3.0.1
 BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
+# for the _tmpfilesdir macro
+BuildRequires: systemd-rpm-macros
 Requires: %{name}-server = %{version}-%{release}
 Requires: gtk3, libnotify
 Requires: libreport-gtk >= 2.2.1-2, python3-libreport
@@ -42,7 +40,6 @@ Requires: xdg-utils
 %global pkgvardatadir %{_localstatedir}/lib/%{name}
 %global pkgconfigdir  %{_sysconfdir}/%{name}
 %global pkgdatabase   %{pkgvardatadir}/setroubleshoot_database.xml
-%global username      setroubleshoot
 
 %description
 setroubleshoot GUI. Application that allows you to view setroubleshoot-server
@@ -68,10 +65,10 @@ to user preference. The same tools can be run on existing log files.
 
 
 %prep
-%autosetup -p 2
+%autosetup -p 1
 
 %build
-autoreconf -f
+./autogen.sh
 %configure PYTHON=%{__python3} --enable-seappletlegacy=no --with-auditpluginsdir=/etc/audit/plugins.d
 make
 
@@ -84,7 +81,7 @@ touch %{buildroot}%{pkgdatabase}
 touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
 rm -rf %{buildroot}/usr/share/doc/
 # create /run/setroubleshoot on boot
-install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
+install -p -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
 
 
 %find_lang %{name}
@@ -106,6 +103,7 @@ Requires: python3-gobject-base >= 3.11
 Requires: dbus
 Requires: python3-dbus python3-dasbus
 Requires: polkit
+Requires: initscripts-service
 Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
 
 %description server
@@ -115,7 +113,7 @@ about the problem and help track its resolution. Alerts can be configured
 to user preference. The same tools can be run on existing log files.
 
 %pre server
-getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
+%sysusers_create_compat %{SOURCE2}
 
 %post server
 /sbin/service auditd reload >/dev/null 2>&1 || :
@@ -123,9 +121,6 @@ getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgv
 %postun server
 /sbin/service auditd reload >/dev/null 2>&1 || :
 
-%triggerun server -- %{name}-server < 3.2.24-4
-chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
-
 %files server -f %{name}.lang
 %{_bindir}/sealert
 %{_sbindir}/sedispatch
@@ -194,6 +189,27 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
 %doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
 
 %changelog
+* Tue Feb  8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-2
+- Use %sysusers_create_compat instead of useradd
+- Set right ownership on /var/lib/setroubleshoot
+
+* Tue Feb  8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-1
+- Look for modules in /usr/share/selinux/packages
+- Always use rpm source package for reporting
+- Improve after_first email filter behavior
+
+* Wed Jan 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-2
+- Improve DSP module reporting
+- Require initscripts-service - /sbin/service
+
+* Thu Jan 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-1
+- sedispatch: check read_size
+- SafeConfigParser is deprecated and will be dropped
+- Fix typos in --help, man pages and developer's guide
+- Improve Python 3.10 compatibility
+  https://pagure.io/setroubleshoot/issue/58
+- Update translations
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.26-5
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688