From 91e1cc5cccfaf37a80b5c79966b8e5623bcd4d62 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 9 May 2023 05:40:53 +0000
Subject: [PATCH] import policycoreutils-3.5-1.el9

---
 .gitignore                                    |   2 +-
 .policycoreutils.metadata                     |   2 +-
 ...t-to-Xephyr-as-it-works-better-with-.patch |   4 +-
 ...RD_FILE_CONTEXT-section-in-man-pages.patch |  12 +-
 ...xecutable-we-don-t-want-to-print-a-p.patch |   8 +-
 ...-be-verbose-if-you-are-not-on-a-tty.patch} |   6 +-
 ...sepolicy-manpage-web-functionality.-.patch | 170 ---------
 ...e-the-trailing-newline-for-etc-syste.patch |  27 --
 ...ate-Handle-more-reserved-port-types.patch} |   8 +-
 ...-in-manpage.py-to-not-contain-online.patch |  26 --
 ...box-window-manager-instead-of-openb.patch} |  14 +-
 ... => 0007-Use-SHA-2-instead-of-SHA-1.patch} |  12 +-
 ...-interface-file_type_is_executable-.patch} |  10 +-
 ...andle-unsupported-languages-properly.patch | 349 ------------------
 ...rebuild-if-modules-changed-to-refres.patch |  82 ----
 ...emanage-import-into-two-transactions.patch |  65 ----
 SOURCES/selinux-autorelabel-generator.sh      |   9 +
 SPECS/policycoreutils.spec                    |  82 ++--
 18 files changed, 85 insertions(+), 803 deletions(-)
 rename SOURCES/{0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch => 0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch} (83%)
 delete mode 100644 SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
 delete mode 100644 SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
 rename SOURCES/{0008-sepolicy-generate-Handle-more-reserved-port-types.patch => 0005-sepolicy-generate-Handle-more-reserved-port-types.patch} (94%)
 delete mode 100644 SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch
 rename SOURCES/{0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch => 0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch} (88%)
 rename SOURCES/{0010-Use-SHA-2-instead-of-SHA-1.patch => 0007-Use-SHA-2-instead-of-SHA-1.patch} (98%)
 rename SOURCES/{0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch => 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch} (90%)
 delete mode 100644 SOURCES/0012-gettext-handle-unsupported-languages-properly.patch
 delete mode 100644 SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch
 delete mode 100644 SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch

diff --git a/.gitignore b/.gitignore
index 0d989de..bf1fee5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,6 @@ SOURCES/gui-po.tgz
 SOURCES/policycoreutils-po.tgz
 SOURCES/python-po.tgz
 SOURCES/sandbox-po.tgz
-SOURCES/selinux-3.4.tar.gz
+SOURCES/selinux-3.5.tar.gz
 SOURCES/sepolicy-icons.tgz
 SOURCES/system-config-selinux.png
diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata
index 779bfae..298caa7 100644
--- a/.policycoreutils.metadata
+++ b/.policycoreutils.metadata
@@ -2,6 +2,6 @@ f9342645227d02f617924de0bb0dbfa9c67ebb43 SOURCES/gui-po.tgz
 04e31eca7c25edb3a896637aba5b81b61d572995 SOURCES/policycoreutils-po.tgz
 2395f9e7d3a01715f103a04fed37468ba0d3da5a SOURCES/python-po.tgz
 65f89d944d50c59dd5a35453e9a94916db076b3d SOURCES/sandbox-po.tgz
-3c789c6783738e17f74221efa475cbb878183379 SOURCES/selinux-3.4.tar.gz
+28e8c0a58e01436b1c931559da3844d5774f8186 SOURCES/selinux-3.5.tar.gz
 d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
 611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png
diff --git a/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
index 1b5b9c9..f14e1a2 100644
--- a/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
+++ b/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@@ -1,4 +1,4 @@
-From f361ee407490bc74b43ec408b1edc70cd647d4e0 Mon Sep 17 00:00:00 2001
+From 31ccf6f0fc5e77870f496fac4bea94a6ba2e5c30 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Thu, 20 Aug 2015 12:58:41 +0200
 Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
@@ -23,5 +23,5 @@ index eaa500d08143..4774528027ef 100644
      cat > ~/seremote << __EOF
  #!/bin/sh
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
index 998345e..35b81ac 100644
--- a/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
+++ b/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
@@ -1,4 +1,4 @@
-From 71a2f14767c0ec70c23ecce43d7cbc5404c95552 Mon Sep 17 00:00:00 2001
+From 837c347bbee5db90d11144363525113edc8baed3 Mon Sep 17 00:00:00 2001
 From: Dan Walsh <dwalsh@redhat.com>
 Date: Mon, 21 Apr 2014 13:54:40 -0400
 Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
@@ -10,10 +10,10 @@ Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
  1 file changed, 5 insertions(+), 2 deletions(-)
 
 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 3e61e333193f..82338aeeef32 100755
+index a488dcbf54f2..7d90ffb5a22f 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
-@@ -737,10 +737,13 @@ Default Defined Ports:""")
+@@ -679,10 +679,13 @@ Default Defined Ports:""")
  
      def _file_context(self):
          flist = []
@@ -27,9 +27,9 @@ index 3e61e333193f..82338aeeef32 100755
                  if f in self.fcdict:
                      mpaths = mpaths + self.fcdict[f]["regex"]
          if len(mpaths) == 0:
-@@ -799,12 +802,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+@@ -741,12 +744,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
  SELinux defines the file context types for the %(domainname)s, if you wanted to
- store files with these types in a diffent paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk.
+ store files with these types in a different paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk.
  
 -.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
 +.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
@@ -43,5 +43,5 @@ index 3e61e333193f..82338aeeef32 100755
          self.fd.write(r"""
  .I The following file types are defined for %(domainname)s:
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
index aca9199..c31d159 100644
--- a/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
+++ b/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
@@ -1,4 +1,4 @@
-From d55a06c002641dce1301b9b5639bd8e206460724 Mon Sep 17 00:00:00 2001
+From f21d5f9316094015c81339d25d69d3dc7150bd8a Mon Sep 17 00:00:00 2001
 From: Miroslav Grepl <mgrepl@redhat.com>
 Date: Mon, 12 May 2014 14:11:22 +0200
 Subject: [PATCH] If there is no executable we don't want to print a part of
@@ -10,10 +10,10 @@ Content-type: text/plain
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 82338aeeef32..ec8aa1cb94a2 100755
+index 7d90ffb5a22f..11809dcede43 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
-@@ -795,7 +795,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+@@ -737,7 +737,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
  .PP
  """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
  
@@ -24,5 +24,5 @@ index 82338aeeef32..ec8aa1cb94a2 100755
  .B STANDARD FILE CONTEXT
  
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/SOURCES/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
similarity index 83%
rename from SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
rename to SOURCES/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
index ba39b4d..5caf30f 100644
--- a/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
+++ b/SOURCES/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
@@ -1,4 +1,4 @@
-From f204dd292340689c2d7ab75612b9fd81337fcbc3 Mon Sep 17 00:00:00 2001
+From 9e22ab3619d68277c89926f3f31e37a9101ca082 Mon Sep 17 00:00:00 2001
 From: Dan Walsh <dwalsh@redhat.com>
 Date: Fri, 14 Feb 2014 12:32:12 -0500
 Subject: [PATCH] Don't be verbose if you are not on a tty
@@ -9,7 +9,7 @@ Content-type: text/plain
  1 file changed, 1 insertion(+)
 
 diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index c72ca0eb9d61..163ebcd1f232 100755
+index 166af6f360a2..ebe64563c7d7 100755
 --- a/policycoreutils/scripts/fixfiles
 +++ b/policycoreutils/scripts/fixfiles
 @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
@@ -21,5 +21,5 @@ index c72ca0eb9d61..163ebcd1f232 100755
  THREADS=""
  RPMFILES=""
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
deleted file mode 100644
index 045c033..0000000
--- a/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-From b180f7679c5e09535416f47d48afd0c0738f5fa9 Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Thu, 19 Feb 2015 17:45:15 +0100
-Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
- system_release is no longer hardcoded and it creates only index.html and html
- man pages in the directory for the system release.
-Content-type: text/plain
-
----
- python/sepolicy/sepolicy/__init__.py | 25 +++--------
- python/sepolicy/sepolicy/manpage.py  | 65 +++-------------------------
- 2 files changed, 13 insertions(+), 77 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
-index 203ca25f4210..9447812b7450 100644
---- a/python/sepolicy/sepolicy/__init__.py
-+++ b/python/sepolicy/sepolicy/__init__.py
-@@ -1225,27 +1225,14 @@ def boolean_desc(boolean):
- 
- 
- def get_os_version():
--    os_version = ""
--    pkg_name = "selinux-policy"
-+    system_release = ""
-     try:
--        try:
--            from commands import getstatusoutput
--        except ImportError:
--            from subprocess import getstatusoutput
--        rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
--        if rc == 0:
--            os_version = output.split(".")[-2]
--    except:
--        os_version = ""
--
--    if os_version[0:2] == "fc":
--        os_version = "Fedora" + os_version[2:]
--    elif os_version[0:2] == "el":
--        os_version = "RHEL" + os_version[2:]
--    else:
--        os_version = ""
-+        with open('/etc/system-release') as f:
-+            system_release = f.readline()
-+    except IOError:
-+        system_release = "Misc"
- 
--    return os_version
-+    return system_release
- 
- 
- def reinit():
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index ec8aa1cb94a2..c632d05dbb1b 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -151,10 +151,6 @@ def prettyprint(f, trim):
- manpage_domains = []
- manpage_roles = []
- 
--fedora_releases = ["Fedora17", "Fedora18"]
--rhel_releases = ["RHEL6", "RHEL7"]
--
--
- def get_alphabet_manpages(manpage_list):
-     alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
-     for i in string.ascii_letters:
-@@ -184,7 +180,7 @@ def convert_manpage_to_html(html_manpage, manpage):
- class HTMLManPages:
- 
-     """
--            Generate a HHTML Manpages on an given SELinux domains
-+            Generate a HTML Manpages on an given SELinux domains
-     """
- 
-     def __init__(self, manpage_roles, manpage_domains, path, os_version):
-@@ -192,9 +188,9 @@ class HTMLManPages:
-         self.manpage_domains = get_alphabet_manpages(manpage_domains)
-         self.os_version = os_version
-         self.old_path = path + "/"
--        self.new_path = self.old_path + self.os_version + "/"
-+        self.new_path = self.old_path
- 
--        if self.os_version in fedora_releases or self.os_version in rhel_releases:
-+        if self.os_version:
-             self.__gen_html_manpages()
-         else:
-             print("SELinux HTML man pages can not be generated for this %s" % os_version)
-@@ -203,7 +199,6 @@ class HTMLManPages:
-     def __gen_html_manpages(self):
-         self._write_html_manpage()
-         self._gen_index()
--        self._gen_body()
-         self._gen_css()
- 
-     def _write_html_manpage(self):
-@@ -221,67 +216,21 @@ class HTMLManPages:
-                     convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
- 
-     def _gen_index(self):
--        index = self.old_path + "index.html"
--        fd = open(index, 'w')
--        fd.write("""
--<html>
--<head>
--    <link rel=stylesheet type="text/css" href="style.css" title="style">
--    <title>SELinux man pages online</title>
--</head>
--<body>
--<h1>SELinux man pages</h1>
--<br></br>
--Fedora or Red Hat Enterprise Linux Man Pages.</h2>
--<br></br>
--<hr>
--<h3>Fedora</h3>
--<table><tr>
--<td valign="middle">
--</td>
--</tr></table>
--<pre>
--""")
--        for f in fedora_releases:
--            fd.write("""
--<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
--
--        fd.write("""
--</pre>
--<hr>
--<h3>RHEL</h3>
--<table><tr>
--<td valign="middle">
--</td>
--</tr></table>
--<pre>
--""")
--        for r in rhel_releases:
--            fd.write("""
--<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
--
--        fd.write("""
--</pre>
--	""")
--        fd.close()
--        print("%s has been created" % index)
--
--    def _gen_body(self):
-         html = self.new_path + self.os_version + ".html"
-         fd = open(html, 'w')
-         fd.write("""
- <html>
- <head>
--	<link rel=stylesheet type="text/css" href="../style.css" title="style">
--	<title>Linux man-pages online for Fedora18</title>
-+	<link rel=stylesheet type="text/css" href="style.css" title="style">
-+	<title>SELinux man pages online</title>
- </head>
- <body>
--<h1>SELinux man pages for Fedora18</h1>
-+<h1>SELinux man pages for %s</h1>
- <hr>
- <table><tr>
- <td valign="middle">
- <h3>SELinux roles</h3>
--""")
-+""" % self.os_version)
-         for letter in self.manpage_roles:
-             if len(self.manpage_roles[letter]):
-                 fd.write("""
--- 
-2.35.1
-
diff --git a/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
deleted file mode 100644
index 948881f..0000000
--- a/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 1747f59fece8183772e5591ce5b5feb5f421f602 Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Fri, 20 Feb 2015 16:42:01 +0100
-Subject: [PATCH] We want to remove the trailing newline for
- /etc/system_release.
-Content-type: text/plain
-
----
- python/sepolicy/sepolicy/__init__.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
-index 9447812b7450..aa8beda313c8 100644
---- a/python/sepolicy/sepolicy/__init__.py
-+++ b/python/sepolicy/sepolicy/__init__.py
-@@ -1228,7 +1228,7 @@ def get_os_version():
-     system_release = ""
-     try:
-         with open('/etc/system-release') as f:
--            system_release = f.readline()
-+            system_release = f.readline().rstrip()
-     except IOError:
-         system_release = "Misc"
- 
--- 
-2.35.1
-
diff --git a/SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch b/SOURCES/0005-sepolicy-generate-Handle-more-reserved-port-types.patch
similarity index 94%
rename from SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch
rename to SOURCES/0005-sepolicy-generate-Handle-more-reserved-port-types.patch
index 0e45be3..361e47b 100644
--- a/SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch
+++ b/SOURCES/0005-sepolicy-generate-Handle-more-reserved-port-types.patch
@@ -1,4 +1,4 @@
-From d8f51aa7d299383247213b69ec7cbb68c1fa3bc4 Mon Sep 17 00:00:00 2001
+From be8bd714f37e6114661f02df4ddb7cb7b25cd0a1 Mon Sep 17 00:00:00 2001
 From: Masatake YAMATO <yamato@redhat.com>
 Date: Thu, 14 Dec 2017 15:57:58 +0900
 Subject: [PATCH] sepolicy-generate: Handle more reserved port types
@@ -53,10 +53,10 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index 43180ca6fda4..d60a08e1d72c 100644
+index b6df3e91160b..36a3ea1196b1 100644
 --- a/python/sepolicy/sepolicy/generate.py
 +++ b/python/sepolicy/sepolicy/generate.py
-@@ -99,7 +99,9 @@ def get_all_ports():
+@@ -100,7 +100,9 @@ def get_all_ports():
      for p in sepolicy.info(sepolicy.PORT):
          if p['type'] == "reserved_port_t" or \
                  p['type'] == "port_t" or \
@@ -68,5 +68,5 @@ index 43180ca6fda4..d60a08e1d72c 100644
          dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
      return dict
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch
deleted file mode 100644
index 9b31464..0000000
--- a/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 0bd28bc715034c644405d3c03f160d69ae710500 Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Fri, 20 Feb 2015 16:42:53 +0100
-Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
-Content-type: text/plain
-
----
- python/sepolicy/sepolicy/manpage.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index c632d05dbb1b..3ae2f42b2fdf 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -222,7 +222,7 @@ class HTMLManPages:
- <html>
- <head>
- 	<link rel=stylesheet type="text/css" href="style.css" title="style">
--	<title>SELinux man pages online</title>
-+	<title>SELinux man pages</title>
- </head>
- <body>
- <h1>SELinux man pages for %s</h1>
--- 
-2.35.1
-
diff --git a/SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/SOURCES/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
similarity index 88%
rename from SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
rename to SOURCES/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
index e8a52b2..f1c27fa 100644
--- a/SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
+++ b/SOURCES/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
@@ -1,4 +1,4 @@
-From 8054dc44cf105b959864a1424fe857fac3ba3d73 Mon Sep 17 00:00:00 2001
+From f4b78eeb59ae1ef4b5926c004debce04ee28dfe7 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Wed, 18 Jul 2018 09:09:35 +0200
 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
@@ -11,10 +11,10 @@ Content-type: text/plain
  3 files changed, 3 insertions(+), 17 deletions(-)
 
 diff --git a/sandbox/sandbox b/sandbox/sandbox
-index 16c43b51eaaa..7709a6585665 100644
+index a2762a7d215a..a32a33ea3cf6 100644
 --- a/sandbox/sandbox
 +++ b/sandbox/sandbox
-@@ -268,7 +268,7 @@ class Sandbox:
+@@ -270,7 +270,7 @@ class Sandbox:
              copyfile(f, "/tmp", self.__tmpdir)
              copyfile(f, "/var/tmp", self.__tmpdir)
  
@@ -23,7 +23,7 @@ index 16c43b51eaaa..7709a6585665 100644
          execfile = self.__homedir + "/.sandboxrc"
          fd = open(execfile, "w+")
          if self.__options.session:
-@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -369,7 +369,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
  
          parser.add_option("-W", "--windowmanager", dest="wm",
                            type="string",
@@ -33,10 +33,10 @@ index 16c43b51eaaa..7709a6585665 100644
  
          parser.add_option("-l", "--level", dest="level",
 diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
-index d83fee76f335..90ef4951c8c2 100644
+index 1ee0ecea96d1..775e4b231204 100644
 --- a/sandbox/sandbox.8
 +++ b/sandbox/sandbox.8
-@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
+@@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
  \fB\-W\fR \fB\-\-windowmanager\fR
  Select alternative window manager to run within 
  .B sandbox \-X.
@@ -71,5 +71,5 @@ index 4774528027ef..c211ebc14549 100644
      export DISPLAY=:$D
      cat > ~/seremote << __EOF
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch b/SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch
similarity index 98%
rename from SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch
rename to SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch
index 812028f..8c2398e 100644
--- a/SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch
+++ b/SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch
@@ -1,4 +1,4 @@
-From 53d085d8d6edc05886d473e412a8025b7f8d9ce4 Mon Sep 17 00:00:00 2001
+From 604a275f53750e4c1e1101bd53c4fd448cc0b5e3 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
@@ -254,10 +254,10 @@ index 910101452625..7f2daa09191b 100644
  , и, при условии, что НЕ установлен параметр
  .B \-n
 diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
-index 19b59a2cc90d..bad9f37a9ac4 100644
+index bf26e161a71d..36fe6b369548 100644
 --- a/policycoreutils/setfiles/setfiles.8
 +++ b/policycoreutils/setfiles/setfiles.8
-@@ -87,14 +87,14 @@ display usage information and exit.
+@@ -95,14 +95,14 @@ display usage information and exit.
  ignore files that do not exist.
  .TP
  .B \-I
@@ -275,7 +275,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644
  enable usage of the
  .IR security.sehash
  extended attribute.
-@@ -239,7 +239,7 @@ the
+@@ -261,7 +261,7 @@ the
  .B \-D
  option to
  .B setfiles
@@ -284,7 +284,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644
  .B spec_file
  set in an extended attribute named
  .IR security.sehash
-@@ -260,7 +260,7 @@ for further details.
+@@ -282,7 +282,7 @@ for further details.
  .sp
  The
  .B \-I
@@ -294,5 +294,5 @@ index 19b59a2cc90d..bad9f37a9ac4 100644
  and provided the
  .B \-n
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
similarity index 90%
rename from SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
rename to SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
index c4e1fe1..cf694e9 100644
--- a/SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
+++ b/SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
@@ -1,4 +1,4 @@
-From 3748b7eab7434698998edfcf613fe738cf19d5c9 Mon Sep 17 00:00:00 2001
+From b9b94a3254905518f00c4746c0bd712921af31cb Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Mon, 27 Feb 2017 17:12:39 +0100
 Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
@@ -12,7 +12,7 @@ Content-type: text/plain
  1 file changed, 20 insertions(+), 2 deletions(-)
 
 diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 3ae2f42b2fdf..5a434bd360ae 100755
+index 11809dcede43..543fef6c8d13 100755
 --- a/python/sepolicy/sepolicy/manpage.py
 +++ b/python/sepolicy/sepolicy/manpage.py
 @@ -127,8 +127,24 @@ def gen_domains():
@@ -41,7 +41,7 @@ index 3ae2f42b2fdf..5a434bd360ae 100755
  
  def _gen_types():
      global types
-@@ -374,6 +390,8 @@ class ManPage:
+@@ -368,6 +384,8 @@ class ManPage:
          self.all_file_types = sepolicy.get_all_file_types()
          self.role_allows = sepolicy.get_all_role_allows()
          self.types = _gen_types()
@@ -50,7 +50,7 @@ index 3ae2f42b2fdf..5a434bd360ae 100755
  
          if self.source_files:
              self.fcpath = self.root + "file_contexts"
-@@ -691,7 +709,7 @@ Default Defined Ports:""")
+@@ -684,7 +702,7 @@ Default Defined Ports:""")
          for f in self.all_file_types:
              if f.startswith(self.domainname):
                  flist.append(f)
@@ -60,5 +60,5 @@ index 3ae2f42b2fdf..5a434bd360ae 100755
                  if f in self.fcdict:
                      mpaths = mpaths + self.fcdict[f]["regex"]
 -- 
-2.35.1
+2.39.1
 
diff --git a/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch b/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch
deleted file mode 100644
index 9f194b8..0000000
--- a/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch
+++ /dev/null
@@ -1,349 +0,0 @@
-From f62227788b28e3afd2016b47af248f8ecefa8155 Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Fri, 24 Jun 2022 16:24:25 +0200
-Subject: [PATCH] gettext: handle unsupported languages properly
-Content-type: text/plain
-
-With "fallback=True" gettext.translation behaves the same as
-gettext.install and uses NullTranslations in case the
-translation file for given language was not found (as opposed to
-throwing an exception).
-
-Fixes:
-  # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
-  $ chcat --help
-  Traceback (most recent call last):
-  File "/usr/bin/chcat", line 39, in <module>
-    t = gettext.translation(PROGNAME,
-  File "/usr/lib64/python3.9/gettext.py", line 592, in translation
-    raise FileNotFoundError(ENOENT,
-  FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
-
-Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
-Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
-Acked-by: Petr Lautrbach <plautrba@redhat.com>
----
- gui/booleansPage.py                          | 3 ++-
- gui/domainsPage.py                           | 3 ++-
- gui/fcontextPage.py                          | 3 ++-
- gui/loginsPage.py                            | 3 ++-
- gui/modulesPage.py                           | 3 ++-
- gui/polgengui.py                             | 3 ++-
- gui/portsPage.py                             | 3 ++-
- gui/semanagePage.py                          | 3 ++-
- gui/statusPage.py                            | 3 ++-
- gui/system-config-selinux.py                 | 3 ++-
- gui/usersPage.py                             | 3 ++-
- python/chcat/chcat                           | 5 +++--
- python/semanage/semanage                     | 3 ++-
- python/semanage/seobject.py                  | 3 ++-
- python/sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++-
- python/sepolicy/sepolicy.py                  | 3 ++-
- python/sepolicy/sepolicy/__init__.py         | 3 ++-
- python/sepolicy/sepolicy/generate.py         | 3 ++-
- python/sepolicy/sepolicy/gui.py              | 3 ++-
- python/sepolicy/sepolicy/interface.py        | 3 ++-
- sandbox/sandbox                              | 3 ++-
- 21 files changed, 44 insertions(+), 22 deletions(-)
-
-diff --git a/gui/booleansPage.py b/gui/booleansPage.py
-index 5beec58bc360..ad11a9b24c79 100644
---- a/gui/booleansPage.py
-+++ b/gui/booleansPage.py
-@@ -46,7 +46,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/domainsPage.py b/gui/domainsPage.py
-index e08f34b4d3a9..e6eadd61c1bc 100644
---- a/gui/domainsPage.py
-+++ b/gui/domainsPage.py
-@@ -38,7 +38,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
-index bac2bec3ebbd..767664f26ec8 100644
---- a/gui/fcontextPage.py
-+++ b/gui/fcontextPage.py
-@@ -55,7 +55,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/loginsPage.py b/gui/loginsPage.py
-index 18b93d8c9756..7e08232a90b5 100644
---- a/gui/loginsPage.py
-+++ b/gui/loginsPage.py
-@@ -37,7 +37,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/modulesPage.py b/gui/modulesPage.py
-index c546d455d4cd..02b79f150a13 100644
---- a/gui/modulesPage.py
-+++ b/gui/modulesPage.py
-@@ -38,7 +38,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/polgengui.py b/gui/polgengui.py
-index a18f1cba17b9..7a3ecd50c91c 100644
---- a/gui/polgengui.py
-+++ b/gui/polgengui.py
-@@ -71,7 +71,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/portsPage.py b/gui/portsPage.py
-index 54aa80ded327..bee2bdf17b99 100644
---- a/gui/portsPage.py
-+++ b/gui/portsPage.py
-@@ -43,7 +43,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/semanagePage.py b/gui/semanagePage.py
-index 1371d4e7dabe..efad14d9b375 100644
---- a/gui/semanagePage.py
-+++ b/gui/semanagePage.py
-@@ -30,7 +30,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/statusPage.py b/gui/statusPage.py
-index c241ef83dfa0..832849e60d60 100644
---- a/gui/statusPage.py
-+++ b/gui/statusPage.py
-@@ -43,7 +43,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
-index 1b460c99363b..9f53b7fe9020 100644
---- a/gui/system-config-selinux.py
-+++ b/gui/system-config-selinux.py
-@@ -53,7 +53,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/gui/usersPage.py b/gui/usersPage.py
-index d51bd968b77e..9acd3b844056 100644
---- a/gui/usersPage.py
-+++ b/gui/usersPage.py
-@@ -37,7 +37,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/chcat/chcat b/python/chcat/chcat
-index e779fcc6ebd7..952cb8187599 100755
---- a/python/chcat/chcat
-+++ b/python/chcat/chcat
-@@ -38,9 +38,10 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
--except ImportError:
-+except:
-     try:
-         import builtins
-         builtins.__dict__['_'] = str
-diff --git a/python/semanage/semanage b/python/semanage/semanage
-index 8f4e44a7a9cd..f45061a601f9 100644
---- a/python/semanage/semanage
-+++ b/python/semanage/semanage
-@@ -38,7 +38,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
-index ff8f4e9c3008..0782c082dc0c 100644
---- a/python/semanage/seobject.py
-+++ b/python/semanage/seobject.py
-@@ -42,7 +42,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
-index 56ebd807c69c..1ff307d9b27d 100644
---- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
-+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
-@@ -19,7 +19,9 @@
- 
- try: 
-     import gettext
--    t = gettext.translation( 'selinux-python' )
-+    t = gettext.translation("selinux-python",
-+                        localedir="/usr/share/locale",
-+                        fallback=True)
-     _ = t.gettext
- except:
-     def _(str):
-diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
-index 7ebe0efa88a1..c7a70e094b0c 100755
---- a/python/sepolicy/sepolicy.py
-+++ b/python/sepolicy/sepolicy.py
-@@ -36,7 +36,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
-index 95520f9bc35d..6bde1971fd7c 100644
---- a/python/sepolicy/sepolicy/__init__.py
-+++ b/python/sepolicy/sepolicy/__init__.py
-@@ -31,7 +31,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index 3e8b9f9c291d..eff3a8973917 100644
---- a/python/sepolicy/sepolicy/generate.py
-+++ b/python/sepolicy/sepolicy/generate.py
-@@ -56,7 +56,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
-index b0263740a79f..5bdbfebade1d 100644
---- a/python/sepolicy/sepolicy/gui.py
-+++ b/python/sepolicy/sepolicy/gui.py
-@@ -49,7 +49,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
-index 599f97fdc6e7..43f86443f2c8 100644
---- a/python/sepolicy/sepolicy/interface.py
-+++ b/python/sepolicy/sepolicy/interface.py
-@@ -38,7 +38,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
-diff --git a/sandbox/sandbox b/sandbox/sandbox
-index 3ef444a12561..53cc504149c9 100644
---- a/sandbox/sandbox
-+++ b/sandbox/sandbox
-@@ -45,7 +45,8 @@ try:
-         kwargs['unicode'] = True
-     t = gettext.translation(PROGNAME,
-                     localedir="/usr/share/locale",
--                    **kwargs)
-+                    **kwargs,
-+                    fallback=True)
-     _ = t.gettext
- except:
-     try:
--- 
-2.36.1
-
diff --git a/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch b/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch
deleted file mode 100644
index 0db14f7..0000000
--- a/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From dc99f08e121ee21650a4179e3deaea8c04ae40c9 Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Wed, 8 Jun 2022 19:09:54 +0200
-Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh
-Content-type: text/plain
-
-After the last commit this option's name and description no longer
-matches the semantic, so give it a new one and update the descriptions.
-The old name is still recognized and aliased to the new one for
-backwards compatibility.
-
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
----
- policycoreutils/semodule/semodule.8 | 12 ++++++------
- policycoreutils/semodule/semodule.c | 13 ++++++++++---
- 2 files changed, 16 insertions(+), 9 deletions(-)
-
-diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
-index d1735d216276..c56e580f27b8 100644
---- a/policycoreutils/semodule/semodule.8
-+++ b/policycoreutils/semodule/semodule.8
-@@ -23,12 +23,12 @@ force a reload of policy
- .B \-B, \-\-build
- force a rebuild of policy (also reloads unless \-n is used)
- .TP
--.B \-\-rebuild-if-modules-changed
--Force a rebuild of the policy if any changes to module content are detected
--(by comparing with checksum from the last transaction).  One can use this
--instead of \-B to ensure that any changes to the module store done by an
--external tool (e.g. a package manager) are applied, while automatically
--skipping the rebuild if there are no new changes.
-+.B \-\-refresh
-+Like \-\-build, but reuses existing linked policy if no changes to module
-+files are detected (by comparing with checksum from the last transaction).
-+One can use this instead of \-B to ensure that any changes to the module
-+store done by an external tool (e.g. a package manager) are applied, while
-+automatically skipping the module re-linking if there are no module changes.
- .TP
- .B \-D, \-\-disable_dontaudit
- Temporarily remove dontaudits from policy.  Reverts whenever policy is rebuilt
-diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
-index 1ed8e69054e0..ec0794866daa 100644
---- a/policycoreutils/semodule/semodule.c
-+++ b/policycoreutils/semodule/semodule.c
-@@ -150,9 +150,12 @@ static void usage(char *progname)
- 	printf("  -c, --cil extract module as cil. This only affects module extraction.\n");
- 	printf("  -H, --hll extract module as hll. This only affects module extraction.\n");
- 	printf("  -m, --checksum   print module checksum (SHA256).\n");
--	printf("      --rebuild-if-modules-changed\n"
--	       "                   force policy rebuild if module content changed since\n"
--	       "                   last rebuild (based on checksum)\n");
-+	printf("      --refresh    like --build, but reuses existing linked policy if no\n"
-+	       "                   changes to module files are detected (via checksum)\n");
-+	printf("Deprecated options:\n");
-+	printf("  -b,--base	   same as --install\n");
-+	printf("  --rebuild-if-modules-changed\n"
-+	       "                   same as --refresh\n");
- }
- 
- /* Sets the global mode variable to new_mode, but only if no other
-@@ -185,6 +188,7 @@ static void parse_command_line(int argc, char **argv)
- {
- 	static struct option opts[] = {
- 		{"rebuild-if-modules-changed", 0, NULL, '\0'},
-+		{"refresh", 0, NULL, '\0'},
- 		{"store", required_argument, NULL, 's'},
- 		{"base", required_argument, NULL, 'b'},
- 		{"help", 0, NULL, 'h'},
-@@ -225,6 +229,9 @@ static void parse_command_line(int argc, char **argv)
- 		case '\0':
- 			switch(longind) {
- 			case 0: /* --rebuild-if-modules-changed */
-+				fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n");
-+				/* fallthrough */
-+			case 1: /* --refresh */
- 				check_ext_changes = 1;
- 				break;
- 			default:
--- 
-2.36.1
-
diff --git a/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch b/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch
deleted file mode 100644
index 6ef58aa..0000000
--- a/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 8abaf61849ce9688dddc3b27ef4df3cc23af0109 Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Mon, 30 May 2022 14:20:21 +0200
-Subject: [PATCH] python: Split "semanage import" into two transactions
-Content-type: text/plain
-
-First transaction applies all deletion operations, so that there are no
-collisions when applying the rest of the changes.
-
-Fixes:
-  # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024
-  # semanage export | semanage import
-  ValueError: Port tcp/3024 already defined
-
-Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
----
- python/semanage/semanage | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/python/semanage/semanage b/python/semanage/semanage
-index f45061a601f9..4e8d64d6863a 100644
---- a/python/semanage/semanage
-+++ b/python/semanage/semanage
-@@ -853,10 +853,29 @@ def handleImport(args):
-     trans = seobject.semanageRecords(args)
-     trans.start()
- 
-+    deleteCommands = []
-+    commands = []
-+    # separate commands for deletion from the rest so they can be
-+    # applied in a separate transaction
-     for l in sys.stdin.readlines():
-         if len(l.strip()) == 0:
-             continue
-+        if "-d" in l or "-D" in l:
-+            deleteCommands.append(l)
-+        else:
-+            commands.append(l)
-+
-+    if deleteCommands:
-+        importHelper(deleteCommands)
-+        trans.finish()
-+        trans.start()
-+
-+    importHelper(commands)
-+    trans.finish()
- 
-+
-+def importHelper(commands):
-+    for l in commands:
-         try:
-             commandParser = createCommandParser()
-             args = commandParser.parse_args(mkargv(l))
-@@ -870,8 +889,6 @@ def handleImport(args):
-         except KeyboardInterrupt:
-             sys.exit(0)
- 
--    trans.finish()
--
- 
- def setupImportParser(subparsers):
-     importParser = subparsers.add_parser('import', help=_('Import local customizations'))
--- 
-2.36.1
-
diff --git a/SOURCES/selinux-autorelabel-generator.sh b/SOURCES/selinux-autorelabel-generator.sh
index be60487..d9380b8 100644
--- a/SOURCES/selinux-autorelabel-generator.sh
+++ b/SOURCES/selinux-autorelabel-generator.sh
@@ -18,6 +18,15 @@ fi
 set_target ()
 {
     ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
+    AUTORELABEL="1"
+    source /etc/selinux/config
+    if [ "$AUTORELABEL" = "0" ]; then
+        mkdir -p "$earlydir/selinux-autorelabel.service.d"
+        cat > "$earlydir/selinux-autorelabel.service.d/tty.conf" <<EOF
+[Service]
+StandardInput=tty
+EOF
+    fi
 }
 
 if selinuxenabled; then
diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec
index e067d23..b02a178 100644
--- a/SPECS/policycoreutils.spec
+++ b/SPECS/policycoreutils.spec
@@ -1,7 +1,7 @@
 %global libauditver     3.0
-%global libsepolver     3.4-1
-%global libsemanagever  3.4-1
-%global libselinuxver   3.4-1
+%global libsepolver     3.5-1
+%global libsemanagever  3.5-1
+%global libselinuxver   3.5-1
 
 %global generatorsdir %{_prefix}/lib/systemd/system-generators
 
@@ -10,11 +10,11 @@
 
 Summary: SELinux policy core utilities
 Name:    policycoreutils
-Version: 3.4
-Release: 4%{?dist}
-License: GPLv2
+Version: 3.5
+Release: 1%{?dist}
+License: GPL-2.0-or-later
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/selinux-3.4.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/selinux-3.5.tar.gz
 URL:     https://github.com/SELinuxProject/selinux
 Source13: system-config-selinux.png
 Source14: sepolicy-icons.tgz
@@ -28,23 +28,17 @@ Source21: python-po.tgz
 Source22: gui-po.tgz
 Source23: sandbox-po.tgz
 # https://github.com/fedora-selinux/selinux
-# $ git format-patch -N 3.4 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
+# $ git format-patch -N 3.5 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
 # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
 # Patch list start
 Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
 Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
 Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
-Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
-Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
-Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch
-Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
-Patch0008: 0008-sepolicy-generate-Handle-more-reserved-port-types.patch
-Patch0009: 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
-Patch0010: 0010-Use-SHA-2-instead-of-SHA-1.patch
-Patch0011: 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch
-Patch0012: 0012-gettext-handle-unsupported-languages-properly.patch
-Patch0013: 0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch
-Patch0014: 0014-python-Split-semanage-import-into-two-transactions.patch
+Patch0004: 0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
+Patch0005: 0005-sepolicy-generate-Handle-more-reserved-port-types.patch
+Patch0006: 0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
+Patch0007: 0007-Use-SHA-2-instead-of-SHA-1.patch
+Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
 # Patch list end
 Obsoletes: policycoreutils < 2.0.61-2
 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@@ -56,7 +50,7 @@ Provides: /sbin/restorecon
 BuildRequires: gcc make
 BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
 BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
-BuildRequires: python3-devel
+BuildRequires: python3-devel python3-pip
 BuildRequires: systemd
 BuildRequires: git-core
 Requires: util-linux grep gawk diffutils rpm sed
@@ -79,7 +73,7 @@ load_policy to load policies, setfiles to label filesystems, newrole
 to switch roles.
 
 %prep -p /usr/bin/bash
-%autosetup -n selinux-%{version} -p 1
+%autosetup -p 1 -n selinux-%{version}
 
 cp %{SOURCE13} gui/
 tar -xvf %{SOURCE14} -C python/sepolicy/
@@ -150,27 +144,6 @@ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
 install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
 install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
 
-# change /usr/bin/python to %%{__python3} in policycoreutils-python3
-pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
-
-# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils
-pathfix.py -i "%{__python3} -Es" -p \
-    %{buildroot}%{_sbindir}/semanage \
-    %{buildroot}%{_bindir}/chcat \
-    %{buildroot}%{_bindir}/sandbox \
-    %{buildroot}%{_datadir}/sandbox/start \
-    %{buildroot}%{_bindir}/audit2allow \
-    %{buildroot}%{_bindir}/sepolicy \
-    %{buildroot}%{_bindir}/sepolgen-ifgen \
-    %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
-    %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
-    %nil
-
-# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
-find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
-     %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
-     -type f -name '*~' | xargs rm -f
-
 # Manually invoke the python byte compile macro for each path that needs byte
 # compilation.
 %py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
@@ -239,6 +212,7 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
 Requires:audit-libs-python3 >=  %{libauditver}
 Requires: checkpolicy
 Requires: python3-setools >= 4.4.0
+Requires: python3-distro
 BuildArch: noarch
 
 %description -n python3-policycoreutils
@@ -430,7 +404,7 @@ system-config-selinux is a utility for managing the SELinux environment
 %dir %{_datadir}/bash-completion
 %{_datadir}/bash-completion/completions/setsebool
 %{!?_licensedir:%global license %%doc}
-%license policycoreutils/COPYING
+%license policycoreutils/LICENSE
 %doc %{_usr}/share/doc/%{name}
 
 %package restorecond
@@ -452,7 +426,7 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_mandir}/ru/man8/restorecond.8*
 
 %{!?_licensedir:%global license %%doc}
-%license policycoreutils/COPYING
+%license policycoreutils/LICENSE
 
 %post
 %systemd_post selinux-autorelabel-mark.service
@@ -470,6 +444,24 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
+- SELinux userspace 3.5 release
+
+* Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1.1
+- SELinux userspace 3.5-rc3 release
+
+* Wed Feb  8 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.3
+- Attach tty to selinux-autorelabel.service when AUTORELABEL=0
+
+* Thu Jan 26 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-0.rc2.2
+- python/sepolicy: Cache conditional rule queries
+
+* Tue Jan 17 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
+- SELinux userspace 3.5-rc2 release
+
+* Mon Jan  2 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.2
+- SELinux userspace 3.5-rc1 release
+
 * Tue Sep 06 2022 Vit Mojzis <vmojzis@redhat.com> - 3.4-4
 - Update translations (#2062630)
 
@@ -489,7 +481,7 @@ The policycoreutils-restorecond package contains the restorecond service.
 * Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-4.2
 - semodule: add command-line option to detect module changes
 
-* Tue Feb 22 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-5
+* Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-5
 - Improve error message when selabel_open fails
 
 * Mon Feb 14 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-3