commit 4661efa74df34afc042e7822547a4d6f2f06e68b Author: MSVSphere Packaging Team Date: Tue Nov 26 19:17:27 2024 +0300 import setroubleshoot-plugins-3.3.14-10.el10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e34202f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/setroubleshoot-plugins-3.3.14.tar.gz diff --git a/.setroubleshoot-plugins.metadata b/.setroubleshoot-plugins.metadata new file mode 100644 index 0000000..d8dff25 --- /dev/null +++ b/.setroubleshoot-plugins.metadata @@ -0,0 +1 @@ +3ab5cfea9ae81f50f0e103d9eadd6a596140158d SOURCES/setroubleshoot-plugins-3.3.14.tar.gz diff --git a/SOURCES/0001-restorecon.py-exclude-more-paths.patch b/SOURCES/0001-restorecon.py-exclude-more-paths.patch new file mode 100644 index 0000000..2189d21 --- /dev/null +++ b/SOURCES/0001-restorecon.py-exclude-more-paths.patch @@ -0,0 +1,26 @@ +From 0f508191647a41f92264c0c8fc877b0110bbd468 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 10 Aug 2021 20:11:20 +0200 +Subject: [PATCH] restorecon.py: exclude more paths + +It doesn't make sense to run restorecon on /sys/ /proc/ and /memfd: +--- + src/restorecon.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/restorecon.py b/src/restorecon.py +index e3044c742367..9594c0d59d96 100644 +--- a/src/restorecon.py ++++ b/src/restorecon.py +@@ -39,7 +39,7 @@ def customizable(target): + + + # List of path prefixes for which this plugin is not executed +-excluded_paths = ["/sys/fs"] ++excluded_paths = ["/sys/", "/proc/", "/memfd:"] + # Test if the specified path starts with some excluded prefix + def excluded_path(target_path): + for path in excluded_paths: +-- +2.32.0 + diff --git a/SOURCES/0002-Improve-disable_ipv6-plugin-then_text.patch b/SOURCES/0002-Improve-disable_ipv6-plugin-then_text.patch new file mode 100644 index 0000000..697aabd --- /dev/null +++ b/SOURCES/0002-Improve-disable_ipv6-plugin-then_text.patch @@ -0,0 +1,29 @@ +From f8a5ef9b783f4be5fcb2fa711dd3b550b312a629 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 23 Nov 2022 18:25:20 +0100 +Subject: [PATCH] Improve disable_ipv6 plugin then_text +Content-type: text/plain + +Use more conscious language and be more explicit. + +Signed-off-by: Vit Mojzis +--- + src/disable_ipv6.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/disable_ipv6.py b/src/disable_ipv6.py +index 1c858213ddea..ca0b9cc7f49f 100644 +--- a/src/disable_ipv6.py ++++ b/src/disable_ipv6.py +@@ -38,7 +38,7 @@ Disable IPV6 properly. + fix_cmd = "" + + if_text = _("If you want to disable IPV6 on this machine") +- then_text = _("you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not blacklist the module'") ++ then_text = _("you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not disable the ipv6 kernel module'") + do_text = _("""Add + net.ipv6.conf.all.disable_ipv6 = 1 + to /etc/sysctl.conf +-- +2.41.0 + diff --git a/SOURCES/0003-Update-generated-configuration-files.patch b/SOURCES/0003-Update-generated-configuration-files.patch new file mode 100644 index 0000000..75b7aed --- /dev/null +++ b/SOURCES/0003-Update-generated-configuration-files.patch @@ -0,0 +1,1036 @@ +From 9e54f6a661330070ad25a0e86f197b3530bfc5c7 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Wed, 26 Jul 2023 10:30:07 +0200 +Subject: [PATCH] Update generated configuration files +Content-type: text/plain + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2226425 + + Traceback (most recent call last): + File "", line 2, in + ModuleNotFoundError: No module named 'imp' + make[2]: *** [Makefile:372: install-pluginPYTHON] Error 1 +--- + INSTALL | 320 ++++++++++++++++++++++++++--------------------------- + install-sh | 174 ++++++++++++++++++----------- + missing | 16 +-- + py-compile | 59 ++++++---- + 4 files changed, 313 insertions(+), 256 deletions(-) + +diff --git a/INSTALL b/INSTALL +index 2099840756e6..e82fd21de2ea 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -1,8 +1,8 @@ + Installation Instructions + ************************* + +-Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, +-Inc. ++ Copyright (C) 1994-1996, 1999-2002, 2004-2017, 2020-2021 Free ++Software Foundation, Inc. + + Copying and distribution of this file, with or without modification, + are permitted in any medium without royalty provided the copyright +@@ -12,97 +12,96 @@ without warranty of any kind. + Basic Installation + ================== + +- Briefly, the shell command `./configure && make && make install' ++ Briefly, the shell command './configure && make && make install' + should configure, build, and install this package. The following +-more-detailed instructions are generic; see the `README' file for ++more-detailed instructions are generic; see the 'README' file for + instructions specific to this package. Some packages provide this +-`INSTALL' file but do not implement all of the features documented ++'INSTALL' file but do not implement all of the features documented + below. The lack of an optional feature in a given package is not + necessarily a bug. More recommendations for GNU packages can be found + in *note Makefile Conventions: (standards)Makefile Conventions. + +- The `configure' shell script attempts to guess correct values for ++ The 'configure' shell script attempts to guess correct values for + various system-dependent variables used during compilation. It uses +-those values to create a `Makefile' in each directory of the package. +-It may also create one or more `.h' files containing system-dependent +-definitions. Finally, it creates a shell script `config.status' that ++those values to create a 'Makefile' in each directory of the package. ++It may also create one or more '.h' files containing system-dependent ++definitions. Finally, it creates a shell script 'config.status' that + you can run in the future to recreate the current configuration, and a +-file `config.log' containing compiler output (useful mainly for +-debugging `configure'). ++file 'config.log' containing compiler output (useful mainly for ++debugging 'configure'). + +- It can also use an optional file (typically called `config.cache' +-and enabled with `--cache-file=config.cache' or simply `-C') that saves +-the results of its tests to speed up reconfiguring. Caching is +-disabled by default to prevent problems with accidental use of stale +-cache files. ++ It can also use an optional file (typically called 'config.cache' and ++enabled with '--cache-file=config.cache' or simply '-C') that saves the ++results of its tests to speed up reconfiguring. Caching is disabled by ++default to prevent problems with accidental use of stale cache files. + + If you need to do unusual things to compile the package, please try +-to figure out how `configure' could check whether to do them, and mail +-diffs or instructions to the address given in the `README' so they can ++to figure out how 'configure' could check whether to do them, and mail ++diffs or instructions to the address given in the 'README' so they can + be considered for the next release. If you are using the cache, and at +-some point `config.cache' contains results you don't want to keep, you ++some point 'config.cache' contains results you don't want to keep, you + may remove or edit it. + +- The file `configure.ac' (or `configure.in') is used to create +-`configure' by a program called `autoconf'. You need `configure.ac' if +-you want to change it or regenerate `configure' using a newer version +-of `autoconf'. ++ The file 'configure.ac' (or 'configure.in') is used to create ++'configure' by a program called 'autoconf'. You need 'configure.ac' if ++you want to change it or regenerate 'configure' using a newer version of ++'autoconf'. + + The simplest way to compile this package is: + +- 1. `cd' to the directory containing the package's source code and type +- `./configure' to configure the package for your system. ++ 1. 'cd' to the directory containing the package's source code and type ++ './configure' to configure the package for your system. + +- Running `configure' might take a while. While running, it prints ++ Running 'configure' might take a while. While running, it prints + some messages telling which features it is checking for. + +- 2. Type `make' to compile the package. ++ 2. Type 'make' to compile the package. + +- 3. Optionally, type `make check' to run any self-tests that come with ++ 3. Optionally, type 'make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + +- 4. Type `make install' to install the programs and any data files and ++ 4. Type 'make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular +- user, and only the `make install' phase executed with root ++ user, and only the 'make install' phase executed with root + privileges. + +- 5. Optionally, type `make installcheck' to repeat any self-tests, but ++ 5. Optionally, type 'make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a +- regular user, particularly if the prior `make install' required ++ regular user, particularly if the prior 'make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the +- source code directory by typing `make clean'. To also remove the +- files that `configure' created (so you can compile the package for +- a different kind of computer), type `make distclean'. There is +- also a `make maintainer-clean' target, but that is intended mainly ++ source code directory by typing 'make clean'. To also remove the ++ files that 'configure' created (so you can compile the package for ++ a different kind of computer), type 'make distclean'. There is ++ also a 'make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + +- 7. Often, you can also type `make uninstall' to remove the installed ++ 7. Often, you can also type 'make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + +- 8. Some packages, particularly those that use Automake, provide `make ++ 8. Some packages, particularly those that use Automake, provide 'make + distcheck', which can by used by developers to test that all other +- targets like `make install' and `make uninstall' work correctly. ++ targets like 'make install' and 'make uninstall' work correctly. + This target is generally not run by end users. + + Compilers and Options + ===================== + + Some systems require unusual options for compilation or linking that +-the `configure' script does not know about. Run `./configure --help' ++the 'configure' script does not know about. Run './configure --help' + for details on some of the pertinent environment variables. + +- You can give `configure' initial values for configuration parameters +-by setting variables in the command line or in the environment. Here +-is an example: ++ You can give 'configure' initial values for configuration parameters ++by setting variables in the command line or in the environment. Here is ++an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + +@@ -113,21 +112,21 @@ Compiling For Multiple Architectures + + You can compile the package for more than one kind of computer at the + same time, by placing the object files for each architecture in their +-own directory. To do this, you can use GNU `make'. `cd' to the ++own directory. To do this, you can use GNU 'make'. 'cd' to the + directory where you want the object files and executables to go and run +-the `configure' script. `configure' automatically checks for the +-source code in the directory that `configure' is in and in `..'. This +-is known as a "VPATH" build. ++the 'configure' script. 'configure' automatically checks for the source ++code in the directory that 'configure' is in and in '..'. This is known ++as a "VPATH" build. + +- With a non-GNU `make', it is safer to compile the package for one ++ With a non-GNU 'make', it is safer to compile the package for one + architecture at a time in the source code directory. After you have +-installed the package for one architecture, use `make distclean' before ++installed the package for one architecture, use 'make distclean' before + reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and + executables that work on multiple system types--known as "fat" or +-"universal" binaries--by specifying multiple `-arch' options to the +-compiler but only a single `-arch' option to the preprocessor. Like ++"universal" binaries--by specifying multiple '-arch' options to the ++compiler but only a single '-arch' option to the preprocessor. Like + this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ +@@ -136,105 +135,104 @@ this: + + This is not guaranteed to produce working output in all cases, you + may have to build one architecture at a time and combine the results +-using the `lipo' tool if you have problems. ++using the 'lipo' tool if you have problems. + + Installation Names + ================== + +- By default, `make install' installs the package's commands under +-`/usr/local/bin', include files under `/usr/local/include', etc. You +-can specify an installation prefix other than `/usr/local' by giving +-`configure' the option `--prefix=PREFIX', where PREFIX must be an ++ By default, 'make install' installs the package's commands under ++'/usr/local/bin', include files under '/usr/local/include', etc. You ++can specify an installation prefix other than '/usr/local' by giving ++'configure' the option '--prefix=PREFIX', where PREFIX must be an + absolute file name. + + You can specify separate installation prefixes for + architecture-specific files and architecture-independent files. If you +-pass the option `--exec-prefix=PREFIX' to `configure', the package uses ++pass the option '--exec-prefix=PREFIX' to 'configure', the package uses + PREFIX as the prefix for installing programs and libraries. + Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +-options like `--bindir=DIR' to specify different values for particular +-kinds of files. Run `configure --help' for a list of the directories +-you can set and what kinds of files go in them. In general, the +-default for these options is expressed in terms of `${prefix}', so that +-specifying just `--prefix' will affect all of the other directory ++options like '--bindir=DIR' to specify different values for particular ++kinds of files. Run 'configure --help' for a list of the directories ++you can set and what kinds of files go in them. In general, the default ++for these options is expressed in terms of '${prefix}', so that ++specifying just '--prefix' will affect all of the other directory + specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +-correct locations to `configure'; however, many packages provide one or ++correct locations to 'configure'; however, many packages provide one or + both of the following shortcuts of passing variable assignments to the +-`make install' command line to change installation locations without ++'make install' command line to change installation locations without + having to reconfigure or recompile. + + The first method involves providing an override variable for each +-affected directory. For example, `make install ++affected directory. For example, 'make install + prefix=/alternate/directory' will choose an alternate location for all + directory configuration variables that were expressed in terms of +-`${prefix}'. Any directories that were specified during `configure', +-but not in terms of `${prefix}', must each be overridden at install +-time for the entire installation to be relocated. The approach of +-makefile variable overrides for each directory variable is required by +-the GNU Coding Standards, and ideally causes no recompilation. +-However, some platforms have known limitations with the semantics of +-shared libraries that end up requiring recompilation when using this +-method, particularly noticeable in packages that use GNU Libtool. +- +- The second method involves providing the `DESTDIR' variable. For +-example, `make install DESTDIR=/alternate/directory' will prepend +-`/alternate/directory' before all installation names. The approach of +-`DESTDIR' overrides is not required by the GNU Coding Standards, and ++'${prefix}'. Any directories that were specified during 'configure', ++but not in terms of '${prefix}', must each be overridden at install time ++for the entire installation to be relocated. The approach of makefile ++variable overrides for each directory variable is required by the GNU ++Coding Standards, and ideally causes no recompilation. However, some ++platforms have known limitations with the semantics of shared libraries ++that end up requiring recompilation when using this method, particularly ++noticeable in packages that use GNU Libtool. ++ ++ The second method involves providing the 'DESTDIR' variable. For ++example, 'make install DESTDIR=/alternate/directory' will prepend ++'/alternate/directory' before all installation names. The approach of ++'DESTDIR' overrides is not required by the GNU Coding Standards, and + does not work on platforms that have drive letters. On the other hand, + it does better at avoiding recompilation issues, and works well even +-when some directory options were not specified in terms of `${prefix}' +-at `configure' time. ++when some directory options were not specified in terms of '${prefix}' ++at 'configure' time. + + Optional Features + ================= + + If the package supports it, you can cause programs to be installed +-with an extra prefix or suffix on their names by giving `configure' the +-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +- +- Some packages pay attention to `--enable-FEATURE' options to +-`configure', where FEATURE indicates an optional part of the package. +-They may also pay attention to `--with-PACKAGE' options, where PACKAGE +-is something like `gnu-as' or `x' (for the X Window System). The +-`README' should mention any `--enable-' and `--with-' options that the ++with an extra prefix or suffix on their names by giving 'configure' the ++option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. ++ ++ Some packages pay attention to '--enable-FEATURE' options to ++'configure', where FEATURE indicates an optional part of the package. ++They may also pay attention to '--with-PACKAGE' options, where PACKAGE ++is something like 'gnu-as' or 'x' (for the X Window System). The ++'README' should mention any '--enable-' and '--with-' options that the + package recognizes. + +- For packages that use the X Window System, `configure' can usually ++ For packages that use the X Window System, 'configure' can usually + find the X include and library files automatically, but if it doesn't, +-you can use the `configure' options `--x-includes=DIR' and +-`--x-libraries=DIR' to specify their locations. ++you can use the 'configure' options '--x-includes=DIR' and ++'--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +-execution of `make' will be. For these packages, running `./configure ++execution of 'make' will be. For these packages, running './configure + --enable-silent-rules' sets the default to minimal output, which can be +-overridden with `make V=1'; while running `./configure ++overridden with 'make V=1'; while running './configure + --disable-silent-rules' sets the default to verbose, which can be +-overridden with `make V=0'. ++overridden with 'make V=0'. + + Particular systems + ================== + +- On HP-UX, the default C compiler is not ANSI C compatible. If GNU +-CC is not installed, it is recommended to use the following options in ++ On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC ++is not installed, it is recommended to use the following options in + order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + + and if that doesn't work, install pre-built binaries of GCC for HP-UX. + +- HP-UX `make' updates targets which have the same time stamps as +-their prerequisites, which makes it generally unusable when shipped +-generated files such as `configure' are involved. Use GNU `make' +-instead. ++ HP-UX 'make' updates targets which have the same timestamps as their ++prerequisites, which makes it generally unusable when shipped generated ++files such as 'configure' are involved. Use GNU 'make' instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +-parse its `' header file. The option `-nodtk' can be used as +-a workaround. If GNU CC is not installed, it is therefore recommended +-to try ++parse its '' header file. The option '-nodtk' can be used as a ++workaround. If GNU CC is not installed, it is therefore recommended to ++try + + ./configure CC="cc" + +@@ -242,26 +240,26 @@ and if that doesn't work, try + + ./configure CC="cc -nodtk" + +- On Solaris, don't put `/usr/ucb' early in your `PATH'. This ++ On Solaris, don't put '/usr/ucb' early in your 'PATH'. This + directory contains several dysfunctional programs; working variants of +-these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +-in your `PATH', put it _after_ `/usr/bin'. ++these programs are available in '/usr/bin'. So, if you need '/usr/ucb' ++in your 'PATH', put it _after_ '/usr/bin'. + +- On Haiku, software installed for all users goes in `/boot/common', +-not `/usr/local'. It is recommended to use the following options: ++ On Haiku, software installed for all users goes in '/boot/common', ++not '/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + + Specifying the System Type + ========================== + +- There may be some features `configure' cannot figure out ++ There may be some features 'configure' cannot figure out + automatically, but needs to determine by the type of machine the package + will run on. Usually, assuming the package is built to be run on the +-_same_ architectures, `configure' can figure that out, but if it prints ++_same_ architectures, 'configure' can figure that out, but if it prints + a message saying it cannot guess the machine type, give it the +-`--build=TYPE' option. TYPE can either be a short name for the system +-type, such as `sun4', or a canonical name which has the form: ++'--build=TYPE' option. TYPE can either be a short name for the system ++type, such as 'sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +@@ -270,101 +268,101 @@ where SYSTEM can have one of these forms: + OS + KERNEL-OS + +- See the file `config.sub' for the possible values of each field. If +-`config.sub' isn't included in this package, then this package doesn't ++ See the file 'config.sub' for the possible values of each field. If ++'config.sub' isn't included in this package, then this package doesn't + need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +-use the option `--target=TYPE' to select the type of system they will ++use the option '--target=TYPE' to select the type of system they will + produce code for. + + If you want to _use_ a cross compiler, that generates code for a + platform different from the build platform, you should specify the + "host" platform (i.e., that on which the generated programs will +-eventually be run) with `--host=TYPE'. ++eventually be run) with '--host=TYPE'. + + Sharing Defaults + ================ + +- If you want to set default values for `configure' scripts to share, +-you can create a site shell script called `config.site' that gives +-default values for variables like `CC', `cache_file', and `prefix'. +-`configure' looks for `PREFIX/share/config.site' if it exists, then +-`PREFIX/etc/config.site' if it exists. Or, you can set the +-`CONFIG_SITE' environment variable to the location of the site script. +-A warning: not all `configure' scripts look for a site script. ++ If you want to set default values for 'configure' scripts to share, ++you can create a site shell script called 'config.site' that gives ++default values for variables like 'CC', 'cache_file', and 'prefix'. ++'configure' looks for 'PREFIX/share/config.site' if it exists, then ++'PREFIX/etc/config.site' if it exists. Or, you can set the ++'CONFIG_SITE' environment variable to the location of the site script. ++A warning: not all 'configure' scripts look for a site script. + + Defining Variables + ================== + + Variables not defined in a site shell script can be set in the +-environment passed to `configure'. However, some packages may run ++environment passed to 'configure'. However, some packages may run + configure again during the build, and the customized values of these + variables may be lost. In order to avoid this problem, you should set +-them in the `configure' command line, using `VAR=value'. For example: ++them in the 'configure' command line, using 'VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +-causes the specified `gcc' to be used as the C compiler (unless it is ++causes the specified 'gcc' to be used as the C compiler (unless it is + overridden in the site shell script). + +-Unfortunately, this technique does not work for `CONFIG_SHELL' due to +-an Autoconf limitation. Until the limitation is lifted, you can use +-this workaround: ++Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an ++Autoconf limitation. Until the limitation is lifted, you can use this ++workaround: + + CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash + +-`configure' Invocation ++'configure' Invocation + ====================== + +- `configure' recognizes the following options to control how it ++ 'configure' recognizes the following options to control how it + operates. + +-`--help' +-`-h' +- Print a summary of all of the options to `configure', and exit. ++'--help' ++'-h' ++ Print a summary of all of the options to 'configure', and exit. + +-`--help=short' +-`--help=recursive' ++'--help=short' ++'--help=recursive' + Print a summary of the options unique to this package's +- `configure', and exit. The `short' variant lists options used +- only in the top level, while the `recursive' variant lists options +- also present in any nested packages. ++ 'configure', and exit. The 'short' variant lists options used only ++ in the top level, while the 'recursive' variant lists options also ++ present in any nested packages. + +-`--version' +-`-V' +- Print the version of Autoconf used to generate the `configure' ++'--version' ++'-V' ++ Print the version of Autoconf used to generate the 'configure' + script, and exit. + +-`--cache-file=FILE' ++'--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, +- traditionally `config.cache'. FILE defaults to `/dev/null' to ++ traditionally 'config.cache'. FILE defaults to '/dev/null' to + disable caching. + +-`--config-cache' +-`-C' +- Alias for `--cache-file=config.cache'. ++'--config-cache' ++'-C' ++ Alias for '--cache-file=config.cache'. + +-`--quiet' +-`--silent' +-`-q' ++'--quiet' ++'--silent' ++'-q' + Do not print messages saying which checks are being made. To +- suppress all normal output, redirect it to `/dev/null' (any error ++ suppress all normal output, redirect it to '/dev/null' (any error + messages will still be shown). + +-`--srcdir=DIR' ++'--srcdir=DIR' + Look for the package's source code in directory DIR. Usually +- `configure' can determine that directory automatically. ++ 'configure' can determine that directory automatically. + +-`--prefix=DIR' +- Use DIR as the installation prefix. *note Installation Names:: +- for more details, including other options available for fine-tuning +- the installation locations. ++'--prefix=DIR' ++ Use DIR as the installation prefix. *note Installation Names:: for ++ more details, including other options available for fine-tuning the ++ installation locations. + +-`--no-create' +-`-n' ++'--no-create' ++'-n' + Run the configure checks, but stop before creating any output + files. + +-`configure' also accepts some other, not widely useful, options. Run +-`configure --help' for more details. ++'configure' also accepts some other, not widely useful, options. Run ++'configure --help' for more details. +diff --git a/install-sh b/install-sh +index 0b0fdcbba69a..ec298b537402 100755 +--- a/install-sh ++++ b/install-sh +@@ -1,7 +1,7 @@ + #!/bin/sh + # install - install a program, script, or datafile + +-scriptversion=2013-12-25.23; # UTC ++scriptversion=2020-11-14.01; # UTC + + # This originates from X11R5 (mit/util/scripts/install.sh), which was + # later released in X11R6 (xc/config/util/install.sh) with the +@@ -69,6 +69,11 @@ posix_mkdir= + # Desired mode of installed file. + mode=0755 + ++# Create dirs (including intermediate dirs) using mode 755. ++# This is like GNU 'install' as of coreutils 8.32 (2020). ++mkdir_umask=22 ++ ++backupsuffix= + chgrpcmd= + chmodcmd=$chmodprog + chowncmd= +@@ -99,18 +104,28 @@ Options: + --version display version info and exit. + + -c (ignored) +- -C install only if different (preserve the last data modification time) ++ -C install only if different (preserve data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. ++ -p pass -p to $cpprog. + -s $stripprog installed files. ++ -S SUFFIX attempt to back up existing files, with suffix SUFFIX. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + + Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG ++ ++By default, rm is invoked with -f; when overridden with RMPROG, ++it's up to you to specify -f if you want it. ++ ++If -S is not specified, no backups are attempted. ++ ++Email bug reports to bug-automake@gnu.org. ++Automake home page: https://www.gnu.org/software/automake/ + " + + while test $# -ne 0; do +@@ -137,8 +152,13 @@ while test $# -ne 0; do + -o) chowncmd="$chownprog $2" + shift;; + ++ -p) cpprog="$cpprog -p";; ++ + -s) stripcmd=$stripprog;; + ++ -S) backupsuffix="$2" ++ shift;; ++ + -t) + is_target_a_directory=always + dst_arg=$2 +@@ -255,6 +275,10 @@ do + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? ++ # Don't chown directories that already exist. ++ if test $dstdir_status = 0; then ++ chowncmd="" ++ fi + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command +@@ -271,15 +295,18 @@ do + fi + dst=$dst_arg + +- # If destination is a directory, append the input filename; won't work +- # if double slashes aren't ignored. ++ # If destination is a directory, append the input filename. + if test -d "$dst"; then + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst +- dst=$dstdir/`basename "$src"` ++ dstbase=`basename "$src"` ++ case $dst in ++ */) dst=$dst$dstbase;; ++ *) dst=$dst/$dstbase;; ++ esac + dstdir_status=0 + else + dstdir=`dirname "$dst"` +@@ -288,27 +315,16 @@ do + fi + fi + ++ case $dstdir in ++ */) dstdirslash=$dstdir;; ++ *) dstdirslash=$dstdir/;; ++ esac ++ + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') +- # Create intermediate dirs using mode 755 as modified by the umask. +- # This is like FreeBSD 'install' as of 1997-10-28. +- umask=`umask` +- case $stripcmd.$umask in +- # Optimize common cases. +- *[2367][2367]) mkdir_umask=$umask;; +- .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; +- +- *[0-7]) +- mkdir_umask=`expr $umask + 22 \ +- - $umask % 100 % 40 + $umask % 20 \ +- - $umask % 10 % 4 + $umask % 2 +- `;; +- *) mkdir_umask=$umask,go-w;; +- esac +- + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then +@@ -318,43 +334,49 @@ do + fi + + posix_mkdir=false +- case $umask in +- *[123567][0-7][0-7]) +- # POSIX mkdir -p sets u+wx bits regardless of umask, which +- # is incompatible with FreeBSD 'install' when (umask & 300) != 0. +- ;; +- *) +- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ +- trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 +- +- if (umask $mkdir_umask && +- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 +- then +- if test -z "$dir_arg" || { +- # Check for POSIX incompatibilities with -m. +- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or +- # other-writable bit of parent directory when it shouldn't. +- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. +- ls_ld_tmpdir=`ls -ld "$tmpdir"` +- case $ls_ld_tmpdir in +- d????-?r-*) different_mode=700;; +- d????-?--*) different_mode=755;; +- *) false;; +- esac && +- $mkdirprog -m$different_mode -p -- "$tmpdir" && { +- ls_ld_tmpdir_1=`ls -ld "$tmpdir"` +- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" +- } +- } +- then posix_mkdir=: +- fi +- rmdir "$tmpdir/d" "$tmpdir" +- else +- # Remove any dirs left behind by ancient mkdir implementations. +- rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null +- fi +- trap '' 0;; +- esac;; ++ # The $RANDOM variable is not portable (e.g., dash). Use it ++ # here however when possible just to lower collision chance. ++ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ ++ ++ trap ' ++ ret=$? ++ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null ++ exit $ret ++ ' 0 ++ ++ # Because "mkdir -p" follows existing symlinks and we likely work ++ # directly in world-writeable /tmp, make sure that the '$tmpdir' ++ # directory is successfully created first before we actually test ++ # 'mkdir -p'. ++ if (umask $mkdir_umask && ++ $mkdirprog $mkdir_mode "$tmpdir" && ++ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 ++ then ++ if test -z "$dir_arg" || { ++ # Check for POSIX incompatibilities with -m. ++ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or ++ # other-writable bit of parent directory when it shouldn't. ++ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ++ test_tmpdir="$tmpdir/a" ++ ls_ld_tmpdir=`ls -ld "$test_tmpdir"` ++ case $ls_ld_tmpdir in ++ d????-?r-*) different_mode=700;; ++ d????-?--*) different_mode=755;; ++ *) false;; ++ esac && ++ $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { ++ ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` ++ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" ++ } ++ } ++ then posix_mkdir=: ++ fi ++ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" ++ else ++ # Remove any dirs left behind by ancient mkdir implementations. ++ rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null ++ fi ++ trap '' 0;; + esac + + if +@@ -365,7 +387,7 @@ do + then : + else + +- # The umask is ridiculous, or mkdir does not conform to POSIX, ++ # mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + +@@ -394,7 +416,7 @@ do + prefixes= + else + if $posix_mkdir; then +- (umask=$mkdir_umask && ++ (umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 +@@ -427,14 +449,25 @@ do + else + + # Make a couple of temp file names in the proper directory. +- dsttmp=$dstdir/_inst.$$_ +- rmtmp=$dstdir/_rm.$$_ ++ dsttmp=${dstdirslash}_inst.$$_ ++ rmtmp=${dstdirslash}_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. +- (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && ++ (umask $cp_umask && ++ { test -z "$stripcmd" || { ++ # Create $dsttmp read-write so that cp doesn't create it read-only, ++ # which would cause strip to fail. ++ if test -z "$doit"; then ++ : >"$dsttmp" # No need to fork-exec 'touch'. ++ else ++ $doit touch "$dsttmp" ++ fi ++ } ++ } && ++ $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # +@@ -460,6 +493,13 @@ do + then + rm -f "$dsttmp" + else ++ # If $backupsuffix is set, and the file being installed ++ # already exists, attempt a backup. Don't worry if it fails, ++ # e.g., if mv doesn't support -f. ++ if test -n "$backupsuffix" && test -f "$dst"; then ++ $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null ++ fi ++ + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + +@@ -474,9 +514,9 @@ do + # file should still install successfully. + { + test ! -f "$dst" || +- $doit $rmcmd -f "$dst" 2>/dev/null || ++ $doit $rmcmd "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && +- { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } ++ { $doit $rmcmd "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 +@@ -493,9 +533,9 @@ do + done + + # Local variables: +-# eval: (add-hook 'write-file-hooks 'time-stamp) ++# eval: (add-hook 'before-save-hook 'time-stamp) + # time-stamp-start: "scriptversion=" + # time-stamp-format: "%:y-%02m-%02d.%02H" +-# time-stamp-time-zone: "UTC" ++# time-stamp-time-zone: "UTC0" + # time-stamp-end: "; # UTC" + # End: +diff --git a/missing b/missing +index b7e571efa44e..1fe1611f1851 100755 +--- a/missing ++++ b/missing +@@ -1,9 +1,9 @@ +-#!/bin/sh ++#! /bin/sh + # Common wrapper for a few potentially missing GNU programs. + +-scriptversion=2016-01-11.22; # UTC ++scriptversion=2018-03-07.03; # UTC + +-# Copyright (C) 1996-2017 Free Software Foundation, Inc. ++# Copyright (C) 1996-2021 Free Software Foundation, Inc. + # Originally written by Fran,cois Pinard , 1996. + + # This program is free software; you can redistribute it and/or modify +@@ -17,7 +17,7 @@ scriptversion=2016-01-11.22; # UTC + # GNU General Public License for more details. + + # You should have received a copy of the GNU General Public License +-# along with this program. If not, see . ++# along with this program. If not, see . + + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -101,9 +101,9 @@ else + exit $st + fi + +-perl_URL=http://www.perl.org/ +-flex_URL=http://flex.sourceforge.net/ +-gnu_software_URL=http://www.gnu.org/software ++perl_URL=https://www.perl.org/ ++flex_URL=https://github.com/westes/flex ++gnu_software_URL=https://www.gnu.org/software + + program_details () + { +@@ -207,7 +207,7 @@ give_advice "$1" | sed -e '1s/^/WARNING: /' \ + exit $st + + # Local variables: +-# eval: (add-hook 'write-file-hooks 'time-stamp) ++# eval: (add-hook 'before-save-hook 'time-stamp) + # time-stamp-start: "scriptversion=" + # time-stamp-format: "%:y-%02m-%02d.%02H" + # time-stamp-time-zone: "UTC0" +diff --git a/py-compile b/py-compile +index bc2039140b6c..81b122b0a546 100755 +--- a/py-compile ++++ b/py-compile +@@ -1,9 +1,9 @@ + #!/bin/sh + # py-compile - Compile a Python program + +-scriptversion=2011-06-08.12; # UTC ++scriptversion=2021-02-27.01; # UTC + +-# Copyright (C) 2000-2014 Free Software Foundation, Inc. ++# Copyright (C) 2000-2021 Free Software Foundation, Inc. + + # This program is free software; you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by +@@ -16,7 +16,7 @@ scriptversion=2011-06-08.12; # UTC + # GNU General Public License for more details. + + # You should have received a copy of the GNU General Public License +-# along with this program. If not, see . ++# along with this program. If not, see . + + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -27,7 +27,7 @@ scriptversion=2011-06-08.12; # UTC + # bugs to or send patches to + # . + +-if [ -z "$PYTHON" ]; then ++if test -z "$PYTHON"; then + PYTHON=python + fi + +@@ -96,27 +96,46 @@ done + + files=$* + if test -z "$files"; then +- usage_error "no files given" ++ usage_error "no files given" + fi + + # if basedir was given, then it should be prepended to filenames before + # byte compilation. +-if [ -z "$basedir" ]; then +- pathtrans="path = file" ++if test -z "$basedir"; then ++ pathtrans="path = file" + else +- pathtrans="path = os.path.join('$basedir', file)" ++ pathtrans="path = os.path.join('$basedir', file)" + fi + + # if destdir was given, then it needs to be prepended to the filename to + # byte compile but not go into the compiled file. +-if [ -z "$destdir" ]; then +- filetrans="filepath = path" ++if test -z "$destdir"; then ++ filetrans="filepath = path" + else +- filetrans="filepath = os.path.normpath('$destdir' + os.sep + path)" ++ filetrans="filepath = os.path.normpath('$destdir' + os.sep + path)" ++fi ++ ++python_major=`$PYTHON -V 2>&1 | sed -e 's/.* //;s/\..*$//;1q'` ++if test -z "$python_major"; then ++ echo "$me: could not determine $PYTHON major version, guessing 3" >&2 ++ python_major=3 ++fi ++ ++# The old way to import libraries was deprecated. ++if test "$python_major" -le 2; then ++ import_lib=imp ++ import_test="hasattr(imp, 'get_tag')" ++ import_call=imp.cache_from_source ++ import_arg2=', False' # needed in one call and not the other ++else ++ import_lib=importlib ++ import_test="hasattr(sys.implementation, 'cache_tag')" ++ import_call=importlib.util.cache_from_source ++ import_arg2= + fi + + $PYTHON -c " +-import sys, os, py_compile, imp ++import sys, os, py_compile, $import_lib + + files = '''$files''' + +@@ -129,15 +148,15 @@ for file in files.split(): + continue + sys.stdout.write(file) + sys.stdout.flush() +- if hasattr(imp, 'get_tag'): +- py_compile.compile(filepath, imp.cache_from_source(filepath), path) ++ if $import_test: ++ py_compile.compile(filepath, $import_call(filepath), path) + else: + py_compile.compile(filepath, filepath + 'c', path) + sys.stdout.write('\n')" || exit $? + + # this will fail for python < 1.5, but that doesn't matter ... + $PYTHON -O -c " +-import sys, os, py_compile, imp ++import sys, os, py_compile, $import_lib + + # pypy does not use .pyo optimization + if hasattr(sys, 'pypy_translation_info'): +@@ -153,18 +172,18 @@ for file in files.split(): + continue + sys.stdout.write(file) + sys.stdout.flush() +- if hasattr(imp, 'get_tag'): +- py_compile.compile(filepath, imp.cache_from_source(filepath, False), path) ++ if $import_test: ++ py_compile.compile(filepath, $import_call(filepath$import_arg2), path) + else: + py_compile.compile(filepath, filepath + 'o', path) +-sys.stdout.write('\n')" 2>/dev/null || : ++sys.stdout.write('\n')" 2>/dev/null || exit $? + + # Local Variables: + # mode: shell-script + # sh-indentation: 2 +-# eval: (add-hook 'write-file-hooks 'time-stamp) ++# eval: (add-hook 'before-save-hook 'time-stamp) + # time-stamp-start: "scriptversion=" + # time-stamp-format: "%:y-%02m-%02d.%02H" +-# time-stamp-time-zone: "UTC" ++# time-stamp-time-zone: "UTC0" + # time-stamp-end: "; # UTC" + # End: +-- +2.41.0 + diff --git a/SPECS/setroubleshoot-plugins.spec b/SPECS/setroubleshoot-plugins.spec new file mode 100644 index 0000000..a96299b --- /dev/null +++ b/SPECS/setroubleshoot-plugins.spec @@ -0,0 +1,647 @@ +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} + +# Disable automatic compilation of Python files in extra directories +%global _python_bytecompile_extra 0 + +Summary: Analysis plugins for use with setroubleshoot +Name: setroubleshoot-plugins +Version: 3.3.14 +Release: 10%{?dist} +License: GPL-2.0-or-later +URL: https://github.com/fedora-selinux/setroubleshoot +Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz +# git format-patch -N setroubleshoot-plugins- -- plugins +# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +Patch0001: 0001-restorecon.py-exclude-more-paths.patch +Patch0002: 0002-Improve-disable_ipv6-plugin-then_text.patch +Patch0003: 0003-Update-generated-configuration-files.patch +BuildArch: noarch + +# gcc is needed only for ./configure +# Remove it when the build process is fixed +BuildRequires: gcc +BuildRequires: make +BuildRequires: perl-XML-Parser +BuildRequires: intltool gettext python3-devel +# Introduction of get_package_nvr functions +Requires: setroubleshoot-server >= 3.3.23 + +%description +This package provides a set of analysis plugins for use with +setroubleshoot. Each plugin has the capacity to analyze SELinux AVC +data and system data to provide user friendly reports describing how +to interpret SELinux AVC denials. + +%prep +%autosetup -p 1 + +%build +%configure PYTHON=%{__python3} +make PYTHON=%{__python3} + +%install +rm -rf %{buildroot} +%make_install PYTHON=%{__python3} pkgdocdir=%{_pkgdocdir} +%find_lang %{name} +# Manually invoke the python byte compile macro for each path that needs byte +# compilation. +%py_byte_compile %{__python3} %{buildroot}%{_datadir}/setroubleshoot/plugins + +%files -f %{name}.lang +%doc %{_pkgdocdir} +%{_datadir}/setroubleshoot/plugins + +%changelog +* Mon Jun 24 2024 Troy Dawson - 3.3.14-10 +- Bump release for June 2024 mass rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 3.3.14-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 26 2023 Petr Lautrbach - 3.3.14-8 +- Update generated configuration files (rhbz#2226425) +- Improve disable_ipv6 plugin then_text + +* Sat Jul 22 2023 Fedora Release Engineering - 3.3.14-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat Jan 21 2023 Fedora Release Engineering - 3.3.14-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Jul 23 2022 Fedora Release Engineering - 3.3.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 3.3.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Sep 3 2021 Petr Lautrbach - 3.3.14-3 +- restorecon.py: exclude more paths (#1960136) + +* Fri Jul 23 2021 Fedora Release Engineering - 3.3.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Mar 29 2021 Vit Mojzis - 3.3.14-1 +- Update translations + +* Wed Jan 27 2021 Fedora Release Engineering - 3.3.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 3.3.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Tom Stellard - 3.3.12-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Apr 21 2020 Vit Mojzis - 3.3.12-1 +- Use get_package_nvr* functions instead of get_rpm_nvr* +- Update deprecated type references +- Update translations + +* Thu Jan 30 2020 Vit Mojzis - 3.3.11-1 +- Add plugin which analyzes execmem denials +- Add missing "If " strings +- Update qemu_blk_image and qemu_file_image +- Update "xen_image" plugin +- Update "file" plugin +- Update "missing" scripts to automake-1.15 + +* Thu Jan 30 2020 Fedora Release Engineering - 3.3.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 3.3.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering - 3.3.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Dec 8 2018 Petr Lautrbach - 3.3.10-1 +- Handle no "allowed_target_types" properly +- bind_ports: Do not use when there are no allowed_target_types +- Fix summary and "if" text for AVCs with unknown target path +- plugins: Update translations + +* Sat Jul 14 2018 Fedora Release Engineering - 3.3.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 19 2018 Miro Hrončok - 3.3.9-5 +- Rebuilt for Python 3.7 + +* Fri Feb 09 2018 Fedora Release Engineering - 3.3.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 23 2017 Petr Lautrbach - 3.3.9-3 +- Update translations + +* Mon Nov 20 2017 Petr Lautrbach - 3.3.9-2 +- Update translations + +* Sat Nov 18 2017 Petr Lautrbach - 3.3.9-1 +- Fix catchall plugin message for process2 + +* Fri Sep 15 2017 Petr Lautrbach - 3.3.8-1 +- Do not split If sentences to framework and plugins - requires + setroubleshoot 3.3.13 at least - (rhbz#1210243, rhbz#1322734, rhbz#1115510) +- Update translations + +* Thu Jul 27 2017 Fedora Release Engineering - 3.3.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 13 2017 Petr Lautrbach - 3.3.7-1 +- cvs_data: Add "fix_cmd" and enable "fix" button +- chrome: Update "fix_cmd" and enable "fix" button +- automount_exec_config: Update messages and enable "fix" button +- allow_ftpd_use_*: Update messages and enable "fix" button +- allow_execmod: Update messages and enable "fix" button +- catchall_boolean: fix import of boolean_desc (#1444549) +- restorecon: fix "then" text +- Spelling fixes + +* Sat Feb 11 2017 Fedora Release Engineering - 3.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Sep 01 2016 Petr Lautrbach 3.3.6-1 +- Fix catchall plugin message for capability2 (#1360392) +- Stop executing restorecon plugin on specified path prefixes (#1270778) +- Update translations + +* Wed Jun 22 2016 Petr Lautrbach - 3.3.5.1-1 +- Catch all subprocess exceptions +- Use subprocess.check_output() with a sequence of program arguments +- Fix location of selinuxfs mount point + +* Fri May 06 2016 Petr Lautrbach - 3.3.4-1 +- Suggest my-.pp modules instead of mypol.pp (#1329037) +- Suggest priority 300 for modules created by audit2allow + +* Mon Apr 04 2016 Petr Lautrbach - 3.3.3-1 +- Fix sshd_root.py setroubleshoot plugin to cover only /root/.ssh path as intended. +- Suggest to use ausearch instead of grep +- Update translations + +* Thu Feb 04 2016 Fedora Release Engineering - 3.3.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Fedora Release Engineering - 3.3.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Tue Oct 06 2015 Petr Lautrbach 3.3.2-1 +- Update restorecon plugin to to identify a mislabeling of executable (BZ#1257682) + +* Tue Aug 18 2015 Petr Lautrbach 3.3.1-0.1 +- port setroubleshoot-plugins to Python 3 + +* Fri Jun 19 2015 Fedora Release Engineering - 3.0.61-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Feb 16 2015 Miroslav Grepl - 3.0.61-1 +- Fix catchall_boolean plugin to show correct man page for source type. + +* Sun Jun 08 2014 Fedora Release Engineering - 3.0.60-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Jan 23 2014 Dan Walsh - 3.0.60-1 +- Change file.py plugin to handle alias between file_t and unlabeled_t + +* Wed Dec 4 2013 Dan Walsh - 3.0.59-1 +- Update Translations + +* Thu Aug 22 2013 Dan Walsh - 3.0.58-1 +- Update Translations + +* Fri Aug 16 2013 Dan Walsh - 3.0.57-1 +- Add restorecon_source plugin, to check the source program is labeled correclty. +- Fix restorecon.py to handle customized_files properly. +- Update Translations + +* Fri Jul 26 2013 Ville Skyttä - 3.0.55-2 +- Install docs to %%{_pkgdocdir} where available. + +* Sun Jul 21 2013 Dan Walsh - 3.0.55-1 +- Fix debug message in sandbox-connect plugin +- Update Translations + +* Thu Jun 27 2013 Dan Walsh - 3.0.54-1 +- Add sandbox-connect plugin +- Update Translations + +* Mon Jun 24 2013 Dan Walsh - 3.0.53-1 +- Update Translations +- Add sandbox_connect plugin to point out the use of alternate types with the sandbox -X command. + +* Tue May 7 2013 Dan Walsh - 3.0.52-1 +- Update Translations +- Only translate catchall_boolean descritpions if the are not unicode to start with. + +* Fri Apr 19 2013 Dan Walsh - 3.0.51-1 +- Update Translations + +* Wed Mar 6 2013 Dan Walsh - 3.0.50-1 +- Add chrome.py and update mozplugger.py to indicate how to disable plugin protection + +* Tue Mar 5 2013 Dan Walsh - 3.0.49-1 +- Fix restorecon plugin to check customizable types + +* Fri Feb 15 2013 Dan Walsh - 3.0.48-1 +- Fix connect_ports and bind_ports to specify semanage command if only 1 port is available rather then to suggest user choices +- Update translations + +* Thu Feb 14 2013 Fedora Release Engineering - 3.0.47-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 7 2013 - 3.0.47-1 +- Update translations +- Fix sys_resource.py to mention all types of resources +- Fix unicode calls so catchall_booleans.py does not crash sealert + +* Mon Nov 5 2012 - 3.0.46-1 +- Fix catchall_boolean.py to refer to correct SELinux man page + +* Fri Sep 28 2012 - 3.0.45-1 +- Update translations +- Update mozplugger plugins to handle spice-xpi + +* Thu Sep 20 2012 - 3.0.44-1 +- Update translations +- Add two new mozplugger plugins + +* Mon Aug 13 2012 - 3.0.43-1 +- Update translations +- Use system setroubleshoot check_for_man + +* Thu Jun 14 2012 - 3.0.42-1 +- Fix leaks plugin to only fire or write and append + +* Fri Jun 8 2012 - 3.0.41-1 +- Update-translations + +* Sat May 12 2012 - 3.0.40-1 +- Update-translations + +* Wed May 9 2012 - 3.0.39-1 +- Update-translations + +* Thu Apr 26 2012 - 3.0.38-1 +- Update-translations +- Have catchall_booleans report the correct man page if it exists + +* Wed Mar 28 2012 - 3.0.36-1 +- Update-translations +- Fix leaks and catchall_labels to better detect leaks + +* Mon Mar 19 2012 - 3.0.35-1 +- Update-translations + +* Sat Mar 17 2012 - 3.0.34-1 +- Add associate.py plugin +- Update-translations + +* Thu Mar 8 2012 - 3.0.33-1 +- Update-translations + +* Thu Mar 1 2012 - 3.0.30-1 +- Update-translations + +* Wed Feb 22 2012 - 3.0.28-1 +- Update-translations + +* Tue Feb 14 2012 - 3.0.27-1 +- Update-translations + +* Tue Feb 7 2012 - 3.0.24-1 +- Update-translations, + +* Wed Feb 1 2012 - 3.0.23-1 +- Update-translations, +- Fix a couple of typos + +* Fri Jan 27 2012 - 3.0.22-1 +- Update-translations, +- Fix a couple of typos + +* Mon Jan 23 2012 - 3.0.21-1 +- Change catchall_booleans to include reference to man page if available +- Update trans + +* Sat Jan 14 2012 Fedora Release Engineering - 3.0.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 14 2011 - 3.0.18-1 +- connect_port and bind_ports should handle unreserved_port_t + +* Wed Nov 9 2011 - 3.0.17-1 +- restorecon plugin should not fire on nfs_t or cifs_t directories + +* Tue Apr 19 2011 - 3.0.16-1 +- Update translations +- Change allow_execmod plugin to only fire if target_path is lib_t +- Ignore errors from disabled IPv6 +Resolves: #674770 + +* Wed Feb 09 2011 Fedora Release Engineering - 3.0.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Feb 4 2011 - 3.0.14-1 +- Fix spelling mistakes, patch from Yuri Chornoivan +- Update translations + +* Wed Feb 2 2011 - 3.0.13-1 +- Update Translations +- Fix allow_execstack plugin to be backwards compatable + +* Mon Jan 24 2011 - 3.0.12-1 +- Update translations + +* Tue Jan 18 2011 - 3.0.11-1 +- Update translations +- Add findexecstack to allow_execstack to find offending libraries + +* Wed Jan 12 2011 - 3.0.10-1 +- Add dac_override plugin and update po + +* Mon Jan 3 2011 - 3.0.9-1 +- Change catchall plugin to use just the SOURCE not the Full path for the grep example + +* Mon Dec 13 2010 - 3.0.8-1 +- Update Translations + +* Thu Dec 2 2010 - 3.0.7-1 +- Update translations +- Fix Restorecon plugin + +* Tue Nov 30 2010 - 3.0.6-1 +- Update translations +- Fix openvpn plugin + +* Mon Nov 29 2010 - 3.0.5-1 +- Add plugin openvpn that looks for mislabeled cert files in homedir +- Update translations + +* Tue Nov 23 2010 - 3.0.4-1 +- Update translations +- Fix boolean descriptions + +* Mon Nov 22 2010 - 3.0.3-1 +- Update translations +- Fix catchall plugin to give better messages on capabilities and process avcs + +* Mon Nov 15 2010 - 3.0.2-1 +- Fix crash in restorecon plugin + +* Mon Nov 1 2010 - 3.0.1-1 +- Fix file_t to bring back multiple solutions + +* Wed Oct 27 2010 - 3.0.0-1 +- Redesign of setroubleshoot + +* Mon Jul 26 2010 - 2.1.55-1 +- Update translations + +* Tue Jun 29 2010 - 2.1.54-1 +- Update translations +Resolves: #589181 + +* Fri May 21 2010 - 2.1.52-1 +- Remove allow_mount_anyfile boolean plugin + +* Mon May 10 2010 - 2.1.51-1 +- Update translations +Resolves: #575686 + +* Mon Apr 26 2010 - 2.1.50-1 +- Change use_nfs_home_dirs priority to happen after catchall_boolean +- Update translations + +* Tue Apr 6 2010 - 2.1.49-1 +- Update translations + +* Wed Mar 24 2010 - 2.1.47-1 +- Fix disable_ipv6 and update po + +* Tue Mar 23 2010 - 2.1.46-1 +- add restorecon_source_context.py +- add sys_resource.py + +* Mon Mar 15 2010 - 2.1.45-1 +- Add disable_ipv6 plugin +- Update translations + +* Mon Mar 8 2010 - 2.1.43-1 +- Change priority on httpd_bad_labels + +* Fri Mar 5 2010 - 2.1.42-1 +- Update translations +- Add sshd_root plugin + +* Mon Feb 22 2010 - 2.1.41-1 +- Update translations + +* Thu Feb 4 2010 - 2.1.40-1 +- Update translations + +* Fri Jan 29 2010 - 2.1.39-1 +- Add Fuzzy translations + +* Wed Jan 27 2010 - 2.1.38-1 +- Remove audit2why from catchall_booleans + +* Mon Jan 18 2010 - 2.1.37-1 +- Fix FAQ pointer +- Fix handling of translations + +* Mon Nov 30 2009 - 2.1.35-1 +- Remove plugin httpd_unified and httpd_tmp_bad_labels. +- Change priority on restorecon plugin + +* Fri Nov 20 2009 - 2.1.33-1 +- Remove report bugzilla button on lots of sealerts where there is a boolean to set. + +* Tue Nov 17 2009 - 2.1.32-1 +- Remove httpd_connect_all plugin + +* Mon Nov 9 2009 - 2.1.30-1 +- Update-po +- Add privoxy_connect_any plugin + +* Mon Oct 26 2009 - 2.1.29-1 +- Update-po +- Add httpd_write_content plugin + +* Thu Oct 15 2009 - 2.1.28-1 +- Update-po + +* Tue Oct 13 2009 - 2.1.27-1 +- Add vbetool plugin + +* Thu Oct 8 2009 - 2.1.26-1 +- Add wine plugin + +* Thu Oct 8 2009 - 2.1.25-1 +- Fix http_can_senmail to look for "sendmail" in command + +* Thu Oct 1 2009 - 2.1.24-2 +- Add support for Green Plugins + +* Mon Sep 28 2009 - 2.1.23-1 +- Fix translations + +* Tue Sep 22 2009 - 2.1.22-1 +- Remove allow_daemon_user_term plugin + +* Thu Sep 17 2009 - 2.1.21-1 +- Remove allow_execmem plugin +- Add Firefox Plugin + +* Fri Sep 11 2009 - 2.1.20-1 +- Fix priority on allow_execmod +- Update po + +* Thu Sep 10 2009 - 2.1.19-1 +- Change summary to use full path for source + +* Thu Sep 10 2009 - 2.1.18-1 +- Update po +- Fix "compromized plugins" to report more data in summary + +* Tue Sep 1 2009 - 2.1.17-1 +- Plugin cleanup + +* Sat Aug 22 2009 - 2.1.16-1 +- Fix subject to not include types + +* Wed Aug 19 2009 - 2.1.15-1 + - Fix mislabeled_file.py + +* Tue Aug 18 2009 - 2.1.14-1 + - Change priority on mmap_zero to happen after catchall_booleans + +* Tue Aug 11 2009 - 2.1.13-1 + - Change priority on restorecon and leaks + +* Thu Jul 30 2009 - 2.1.12-1 +- Add leaks.py and tftpd_write_content.py plugin +- Check execmod protection + +* Sun Jul 26 2009 Fedora Release Engineering - 2.1.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun Jul 19 2009 - 2.1.11-1 +- Remove allow_default_t boolean +- Fix global_ssp.py to report boolean name + +* Thu Jul 9 2009 - 2.1.9-1 + - Add Scott Radvan. doc cleanup + +* Tue Jul 7 2009 - 2.1.8-1 + - Add avc.source=sendmail to httpd_can_sendmail + +* Mon Jul 6 2009 - 2.1.7-1 + - Remove stunnel_is_daemon plugin + - Add httpd_can_sendmail + +* Mon Jun 29 2009 - 2.1.5-1 + - Add open calls + - Fix restorecon plugin + - Fix qemu calls to include checking for write + +* Wed Jun 24 2009 - 2.1.3-1 +- Add sesearch capability to plugins + +* Sat Jun 20 2009 - 2.1.2-1 +- Fix Makefile + +* Fri Jun 19 2009 - 2.1.1-1 +- Add first plugins which will launch Red Star +- Add Thomas Liu change to allow restorecon to execute fixit button + * 2009-06-19 Dan Walsh + - Add setenforce.py from Thomas Liu + - Add sys_module.py, mmap_zero.py, kernel_modules.py, selinuxpolicy.py + - Allow restorecon to execute fixit command + +* Fri Jun 5 2009 - 2.0.18-1 + - Execute catchall_boolean.py before allow_daemons_use_tty + - Fix chcon lines to match current policy + +* Mon Apr 13 2009 - 2.0.16-1 +- Change priority on restorecon plugin to happen before public_content + +* Fri Apr 3 2009 - 2.0.15-1 +- Update po files + +* Wed Feb 25 2009 Fedora Release Engineering - 2.0.14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 23 2009 - 2.0.14-1 +- Fix allow_smbd_anon_write typo +- Remove catchall_file plugin + +* Wed Dec 3 2008 - 2.0.12-1 +- Fix restorecon plugin + +* Mon Dec 01 2008 Ignacio Vazquez-Abrams - 2.0.11-2 +- Rebuild for Python 2.6 + +* Wed Nov 5 2008 - 2.0.11-1 +- Fix catchall_booleans +- Fix priority on samba plugins + +* Thu Oct 23 2008 - 2.0.10-1 +- Add qemu plugins for real + +* Wed Oct 15 2008 - 2.0.9-1 +- Fix catchall_plugin + +* Wed Sep 10 2008 - 2.0.8-1 +- Add qemu plugins + +* Tue Sep 9 2008 - 2.0.7-1 +- Add catchall_booleans plugin, fix spelling + +* Fri Apr 4 2008 John Dennis - 2.0.4-5 + - bump rev for build + +* Mon Mar 3 2008 John Dennis - 2.0.4-4 + - Resolve bug #435644: change requires setroubleshoot to requires setroubleshoot-server + +* Fri Feb 22 2008 - 2.0.4-3 + - bump rev for build + +* Mon Feb 18 2008 John Dennis - 2.0.4-2 + - Fix policycoreutils dependency, should only be F-9 + +* Thu Jan 31 2008 - 2.0.4-1 + - Resolve bug #416351: setroubleshoot does not escape regex chars in suggested cmds + - add new template substitution $SOURCE, a friendly name, $SOURCE_PATH still exists + and is the full path name of $SOURCE + +* Tue Jan 15 2008 - 2.0.2-1 + - Add catchall_boolean.py plugin + +* Fri Jan 11 2008 - 2.0.1-1 + - Resolve bug #332281: remove obsolete translation + - Resolve bug #426586: Renaming translation po file from sr@Latn to sr@latin + +* Fri Dec 28 2007 - 2.0.0-1 + - prepare for v2 test release + +* Tue Nov 13 2007 Dan Walsh - 1.10.4-1 + - Add allow_postfix_local_write_mail_spool plugin + - Fix execute typo + +* Wed Oct 10 2007 John Dennis - 1.10.3-1 + - rewrite all plugins to use new v2 audit data + +* Mon Sep 24 2007 John Dennis - 1.10.3-1 + - Resolves bug #231762: Original PO strings bugs + +* Thu Sep 6 2007 Dan Walsh - 1.10.2-1 + - Change priority on use_nfs_home_dir to 55 + +* Thu Aug 23 2007 John Dennis - 1.10.1-1 + - add BuildRequires perl-XML-Parser + +* Fri Jul 20 2007 John Dennis - 1.10.0-1 + - move all plugins and their translations from setroubleshoot-server + package to this new independent package to allow easier updating + of just the plugins +