Accepting request 1295314 from security:SELinux

- Update to version 3.9
  * setfiles: Add -U option to modify user and role portions
  * semodule: Add [-g PATH |--config=PATH] for an alternate path for the semanage config
  * Updated usr_etc.patch

- Moved /etc/sestatus.conf to /usr/etc.
- This patch is upstream:
  https://github.com/SELinuxProject/selinux/pull/415

OBS-URL: https://build.opensuse.org/request/show/1295314
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/policycoreutils?expand=0&rev=85

get_os_version.patch

@@ -1,7 +1,7 @@
-Index: policycoreutils-3.8.1/selinux-python-3.8.1/sepolicy/sepolicy/__init__.py
+Index: policycoreutils-3.9/selinux-python-3.9/sepolicy/sepolicy/__init__.py
 ===================================================================
---- policycoreutils-3.8.1.orig/selinux-python-3.8.1/sepolicy/sepolicy/__init__.py
-+++ policycoreutils-3.8.1/selinux-python-3.8.1/sepolicy/sepolicy/__init__.py
+--- policycoreutils-3.9.orig/selinux-python-3.9/sepolicy/sepolicy/__init__.py
++++ policycoreutils-3.9/selinux-python-3.9/sepolicy/sepolicy/__init__.py
 @@ -1246,7 +1246,8 @@ def get_os_version():
          import distro
          system_release = distro.name(pretty=True)

make_targets.patch

@@ -6,5 +6,5 @@ Index: policycoreutils-2.8/Makefile
 -SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setsebool scripts po man hll unsetfiles
 +SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setsebool scripts po man hll unsetfiles sepolicy audit2allow semanage sepolgen chcat semodule_expand semodule_link semodule_package
  
- all install relabel clean indent:
- 	@for subdir in $(SUBDIRS); do \
+ PKG_CONFIG ?= pkg-config
+ 

policycoreutils-3.8.1.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
-vjF78w//UX4ALNHIyjhAYQyWcrpan9/35jDlOhyFubrU+l7ZV0s45r/ti/iibuTb
-1kTZLLn2bj8AheRDVnWwBtxtICUaOvMDKvBGQLRZYm7RkeIgZGXV8xJCTxWCBc5H
-ubJJ3wk9O46uFRJcZBZmLqnYH/T4L3WrHeatS/8JBoDeKgjRlKyTnzBiXDVnbmaj
-rGcQJXRn3Et3jTSEei50y+Ps/Bung0p/tnSN8X39Uzf9+jUWTe80GXZ2E4TxOqrP
-3gr/url7jJV4gyBqxL2oJ8GSV96LqRM9RgRMsoTjsIhRA+3l7NWxFmDeLJAVocwz
-VPyQXRwhJzdLv/JijLalB+MQblpJm5UJeLUwSqJYunOdznkHfnfCQiwD3ZXl5bsR
-kxcZDwXTyND9onOiyUDLnaTLbZw+hAGhQl9FfHclF4uEuP4lq13ayjUEQDAfEuDR
-h+W50mqquuuxDDszb2Dp18gJc5FyHUQWdNiWtjB7bjCmvoBPOxY5cwbBjYbmXQCw
-6HiB4/wRvdW1IdaKIimJ6a7q/H2yp6AoZCzuW1vEuQZ3KNyxZbBVbAJ1WKKvvWi0
-bFEQqF5H6/WzaNTRp13KsVsftGK1+HyrXn7BFnLHUjVVZdNDiOOxKz1GYgWsexZE
-a1HogyVjfI19db0Ja7ZevBkcUfFd4yTnnWzc7raa+sm1OxpN9dg=
-=9c46
------END PGP SIGNATURE-----

policycoreutils-3.9.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTYACgkQzcroySfG
+vjEFIQ/+ORNGIeG/GuTcHDOSHJcWghUfti4b+3lsHPN+MIPf01tIBEMGdZBqFtWM
+pAPTAhrtQboBrDzqe38Qhv5TI+ljq8pZGTpJTA28XCGAGcEeH6uJ4yzY9FEV6Hk3
+9HAvv8eza0uUhcfmGiGh7MJh6i4wUN64uW9yWC9RardF1lYarzpIJ0WClAOZCMnX
+D80Cr6R4UtMQwAZqriN0M6Q8TGXPu8bQZVGXqQFPK6wiQCoB1KEfUPbQ3Rxpcwv3
+ZH/wkPlOtBbfmso16z2Xrs1lA6Ft3ku9U/+ZOBe9hWfpQPXhtWO4CXsqvWcbnMxE
+32Y9LgONds44oNagH58JpUAVIviEN1o5ukHOMa0JKtqz/VDpLsxY4ZqsCuvUCmVn
+RPkFWHRT8aBVJVf5rwPVCLdLeQEOC4M2eymnTkNScL8myKvx+M4rqTeHF+BJ4DeH
+U29CisE9E6vCiVWyTnWMZf21hYY4eF0gg+42DDry6hhlPW1LIjxIzexRuT7YXfm8
+v51T6aKFbMyLkJ+4J+NUAz8YN6hkFy7Z1yTwvH/UeNj8h5WYVjt6Uq1PsHf/i9q9
+YbHL4ZiXRegcY0W8An3RAZDvfyxE2bN3TbsC3AciVCDgVzp3ie0n9KL8dKw4u1ed
+0kQhulNyM4KdUZyhMe4A2vjCIT3LdigknlVp+mdtb5f7Vrhp88g=
+=bskk
+-----END PGP SIGNATURE-----

policycoreutils.changes

@@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Thu Jul 17 15:53:34 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.9
+  * setfiles: Add -U option to modify user and role portions
+  * semodule: Add [-g PATH |--config=PATH] for an alternate path for the semanage config
+  * Updated usr_etc.patch
+
+-------------------------------------------------------------------
+Wed Jun 11 09:04:57 UTC 2025 - Stefan Schubert <schubi@suse.com>
+
+- Moved /etc/sestatus.conf to /usr/etc.
+- This patch is upstream:
+  https://github.com/SELinuxProject/selinux/pull/415
+
+-------------------------------------------------------------------
+Mon May 26 11:59:36 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Remove misleading comment from spec file about reuqires for
+  policycoreutils-devel
+
+-------------------------------------------------------------------
+Thu May 15 12:14:03 UTC 2025 - Robert Frohl <rfrohl@suse.com>
+
+- Improve policycoreutils-devel package dependencies (bsc#1236193).
+
+-------------------------------------------------------------------
+Tue May  6 15:07:51 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Change Recommends for policycoreutils-devel to the gui package to
+  Requires. This causees some system bloat for people that only
+  want to use the config GUI, but prevents errors when building
+  policy packages
+
+-------------------------------------------------------------------
+Tue May  6 07:06:59 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Properly exclude gui.py file (bsc#1242096)
+- Added Recommends for policycoreutils-devel to the gui package
+
+-------------------------------------------------------------------
+Fri Apr 11 08:06:35 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Move gui.py file to gui sub-package to prevent policycoreutil python
+  packages from having excessive requirements
+
 -------------------------------------------------------------------
 Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
 

policycoreutils.spec

@@ -30,12 +30,12 @@
 %endif
 
 %define libaudit_ver     2.2
-%define libsepol_ver     3.8.1
-%define libsemanage_ver  3.8.1
-%define libselinux_ver   3.8.1
+%define libsepol_ver     3.9
+%define libsemanage_ver  3.9
+%define libselinux_ver   3.9
 %define setools_ver      4.1.1
 Name:           policycoreutils
-Version:        3.8.1
+Version:        3.9
 Release:        0
 Summary:        SELinux policy core utilities
 License:        GPL-2.0-or-later
@@ -57,6 +57,7 @@ Source18:       policycoreutils-rpmlintrc
 Patch0:         make_targets.patch
 Patch2:         get_os_version.patch
 Patch3:         run_init.pamd.patch
+Patch4:         usr_etc.patch
 BuildRequires:  audit-devel >= %{libaudit_ver}
 BuildRequires:  bison
 BuildRequires:  dbus-1-glib-devel
@@ -149,13 +150,13 @@ Summary:        SELinux policy core policy devel utilities
 Group:          Productivity/Security
 Requires:       %{_bindir}/make
 Requires:       %{python_for_executables}-%{name} = %{version}-%{release}
+Requires:       (selinux-policy-devel if selinux-policy)
 %if 0%{?sle_version} <= 150400
 Requires:       python3-distro
 %else
 Requires:       %{python_for_executables}-distro
 %endif
 Recommends:     %{_sbindir}/ausearch
-Recommends:     selinux-policy-devel
 Conflicts:      %{name}-python <= 2.6
 
 %description devel
@@ -183,6 +184,7 @@ Requires:       %{python_for_executables}-%{name} = %{version}
 Requires:       %{python_for_executables}-gobject-Gdk
 Requires:       selinux-policy
 Requires:       setools-console
+Requires:       policycoreutils-devel
 BuildArch:      noarch
 
 %description gui
@@ -207,12 +209,17 @@ semodule_utils_pwd="$PWD/semodule-utils-%{version}"
 %patch -P0 -p1
 %patch -P2 -p1
 %patch -P3 -p1
+%patch -P4 -p2
 mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat ${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen ${setools_python_pwd}/sepolicy .
 mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link ${semodule_utils_pwd}/semodule_package .
 
 %build
 export PYTHON="%{python_binary_for_executables}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro"
+%if 0%{?suse_version} > 1500
+make %{?_smp_mflags} LIBEXECDIR="%{_libexecdir}" VENDORDIR=%{_distconfdir}
+%else
 make %{?_smp_mflags} LIBEXECDIR="%{_libexecdir}"
+%endif
 (cd selinux-python-%{version}/po && make)
 
 %install
@@ -227,6 +234,7 @@ mkdir -p %{buildroot}%{_mandir}/man1
 mkdir -p %{buildroot}%{_mandir}/man8
 %if 0%{?suse_version} > 1500
 mkdir -p %{buildroot}%{_pam_vendordir}
+mkdir -p %{buildroot}%{_distconfdir}
 %else
 mkdir -p %{buildroot}%{_sysconfdir}/pam.d
 %endif
@@ -238,6 +246,7 @@ export PYTHON="%{python_binary_for_executables}"
 cp -f %{SOURCE13} %{buildroot}%{_pam_vendordir}/newrole
 rm %{buildroot}%{_sysconfdir}/pam.d/newrole
 mv %{buildroot}%{_sysconfdir}/pam.d/run_init %{buildroot}%{_pam_vendordir}/run_init
+mv %{buildroot}%{_sysconfdir}/sestatus.conf %{buildroot}%{_distconfdir}/sestatus.conf
 %else
 cp -f %{SOURCE13} %{buildroot}%{_sysconfdir}/pam.d/newrole
 %endif
@@ -291,7 +300,7 @@ sed -i '1s@#!.*python.*@#!%{_bindir}/%{python_binary_for_executables}@' %{buildr
 %if 0%{?suse_version} > 1500
 %pre
 # Prepare for migration to /usr/etc; save any old .rpmsave
-for i in pam.d/run_init ; do
+for i in pam.d/run_init sestatus.conf ; do
      test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
 done
 
@@ -303,7 +312,7 @@ done
 
 %posttrans
 # Migration to /usr/etc, restore just created .rpmsave
-for i in pam.d/run_init ; do
+for i in pam.d/run_init sestatus.conf; do
    test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
 done
 
@@ -363,7 +372,11 @@ done
 %else
 %config(noreplace) %{_sysconfdir}/pam.d/run_init
 %endif
+%if 0%{?suse_version} > 1500
+%{_distconfdir}/sestatus.conf
+%else
 %config(noreplace) %{_sysconfdir}/sestatus.conf
+%endif
 %{_mandir}/man8/fixfiles.8%{?ext_man}
 %{_mandir}/man8/genhomedircon.8%{?ext_man}
 %{_mandir}/man8/load_policy.8%{?ext_man}
@@ -386,8 +399,11 @@ done
 %{_datadir}/bash-completion/completions/setsebool
 
 %files %{python_files policycoreutils}
-%{python_sitelib}/sepolicy
 %{python_sitelib}/sepolgen
+%{python_sitelib}/sepolicy
+%exclude %{python_sitelib}/sepolicy/gui.py
+%exclude %{python_sitelib}/sepolicy/__pycache__
+%pycache_only %{python_sitelib}/sepolicy/__pycache__
 %{python_sitelib}/sepolicy-%{version}.dist-info
 %{python_sitelib}/seobject.py
 
@@ -465,6 +481,7 @@ done
 %config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
 %config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
 %endif
+%{python_sitelib}/sepolicy/gui.py
 
 %files dbus
 %{_datadir}/dbus-1/system.d/org.selinux.conf

selinux-dbus-3.8.1.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6gACgkQzcroySfG
-vjHoGA//WmfOOSvhfxyTL/VXkGERBZXu8tUF3uD9OFLDQeNbOFleq9pkK0Ugp0mK
-xKX1py4Ut7yXNBi0q45gbMGBfFNcAbpwUepnGslor4G4mqFLUGcsw3Kh+pjYlpyw
-Fc14EXayTbLmiFtjkogXByZf4UtjS/RYABIzKQ5/RzAonTUs8w1EDW0HijfLcSD5
-/IX1ThBW9ggbyboKc35z4sgchLM9Vopu9oZhQC4u+HCK9egwhnxr6MWYsVi7jTnc
-5RktCLrGtplraG/rK0ooMOEsEl+TPp9H5brcNjOY1tGM1hyJ/GpBmvoXvuQpFYU/
-I33xQ2bjCsqhoZbXNGPmjbD8meRuYJikNRBIEfqLMhCOHtb8jH9Lc0RkBko4V27N
-eUA3GNgm1PcRP7NaVG5pUi2hmXo4QEofwBt8AJF9c4MAg+UfNKPx1iZBuoXC3Upe
-gvKgjQzstdQM9dULnqbR+vLO7Rn+3J7NH5s9PMgh5jc0eDpwWZVflGdAwtL8VseZ
-Rs22Elucw38fKVtxJMELpW8vetILbb+Z1cePi+ujPHcY3YA1AXcZEBJs8Lt5I0ji
-31QuwKTpNmaYjoVEMDREWhAnDcA1upRtt7FJmKFt5qok7hhSHDmE+j8cwGQx13YU
-RrpZMhZw7VlR0+jIZJvqUguxWJmJX92+bDx+5DLflAz7XvwzFw4=
-=dzep
------END PGP SIGNATURE-----

selinux-dbus-3.9.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTcACgkQzcroySfG
+vjHkqg//UPQzg1t6pSq8LBXvdVk9uzsVvNKehpCPAsNVURqmjlNFlEsCDkPCFMJK
+9gbEEEDnJQCgK9dFuIoiY73yUeGfE770562G8fMfPPtWrhSrZW4B2ha0Fvf2YYyU
+vSoUCEVVJHqjzh8alqiyQaBYC3QGjXTd31XdA1e0ShjoVdUp9LUbrqyQ6nZMAoSH
+1AI6ZUfvU6Gfm+H/2o1neUuNljfnC4P9fQpqOAi5DwMCAOAgamti7lw4AL1Xy8eE
+TgccP3MzcyY/yi7GKYFbtciYW6R2OxH3ihH6sHHEzaRU5gJP3tq4JbYh+yTHjRdf
+/T1EDVI5dCRuOmDS8JWFbvmBsJUEL3M1zoCs8izJYjkM0VIlfwyp7DxE0tTwGhgy
+UrD9mQkmTaadl5tLgYsUmKBFLCpLbIAW0lHdpgi/PB5RrQ5/1mIy0BdzFNmPK5yb
+LCbPFCkij2FXNghSaUAJzKQ9SuNrpvfO0KO1y4p1QXX/Omu1k+Um7OgWA6vGF2nP
+6BSdZOkn+FQ0TWl2x0h/9CK3kKSvJhESsE6wjTDJQUTIZNdhBquaEKfnhveTR6O2
+z9LGDVVDoYGAU7Xv8vbgr2iGQis930gy+Be4WqtTiMnCS4NFWSgJK+cANn0G71Pd
+WN2plk018fQoghfnbMPqO2Cj9Yv1sZdnGr0yk6eZxLwT+wra8GY=
+=qZlt
+-----END PGP SIGNATURE-----

selinux-gui-3.8.1.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6gACgkQzcroySfG
-vjE/Fw//WfsiizrJyZuCfUWJTAWFHGsFX798GZgchxUBSE2wQMhTAUatlhUYKQFm
-8mhHbpiP8WaJH6+CXy60pi6ckHggiyFQSLMNf6gQFjHJMn3ZOG9ulopjesWo2e8X
-ywMFdwZSTz+iVx3QfTGm5Y4Cqers/lBgkEsB+Qx2R7BbglLwqCT6zQy2DO6c0QZM
-yKDaKPhLQD0NUxOehRz1jH945WJ67rg3oyV+cDq5KlpEUAWMlNsQsd8irbX5uTj0
-2IHeKn2MMXan5OdGh5B7czSdA+9LDdCw7uniwvkcsx4JPNSDWtAUYTOIC/po3YuE
-xkY+PkVxGHkMR6frO1dUHWjwb3BaaBE4EO0J4LQOWPnu5VWFzTvVbisxtjqDgxSc
-3EaiWtngUwg9tmPZSjcOFolkqxWif1pr8yEjgxD7LQEUDKrvCjCl9/jieQKhVbeb
-dHiMQa21rsYBEOSv1LZ9yJJ0Z6o5uhoxa01XlOiduvUrb/K1nO58/N3FzWsqHoPk
-cJUHnKjTo81qzJFnv9Tv1+HAHYt2KcrFiXqTDQQna/ej3saOUgWEICdCDQkdwIoO
-NNal3lItVKm43mMdIzKL8ZpvVik5TZjDPssCv7cS56rBLVBkVmnfF80EauSz3s5S
-gfUFmmq5S68HyKpL7XoSSQBQI4loMfkZQycRun7lPQBf1bgGCoQ=
-=D8pg
------END PGP SIGNATURE-----

selinux-gui-3.9.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTcACgkQzcroySfG
+vjG32w/9EWoXe/fir3LbyincS0qHMf5YHWDOJ4m/VuQN3FSCkFPTkaOyZNCmJBBr
+TimcCkUDEHftWpji2yFAULUazXQSAuCp/BWlPg0iTQ6nQ5lqRThyLHXmIGfG+kis
+8WZxyYSzRsNuhoy2zSL49kfP7HsJI0Go2NV0SkReNQT4kECmzwbs1HX+XnEHPU8K
+8jsMrwnunPpANjKZVQdomRPKe67WQcwt5xuGncm4LniEme35jlZlIpTPbtuag3xY
+ZYuGTANf0oHqv5cByRRItqXTtaC2tMd/woKJhy/rhVFojZkhPhooM27H27rYtops
+/E5k8YpoR+apxSpWykhp24nV3Y+auHxiiCxB2FfvPNjW6nJbYVx6OXVv480FBCjs
+Accn3k3XL9NmioNRGpncUlI3ImsDLk/trj7B3u9Rs4a/Mw84Z5/KJyTwdYhwMX3Z
+4Ss8BnCiZv+H01UQe0YqFhK2nn2FBHlnoMNMaXrcxsJW1gaPjY91BjE1N/JInxAu
+pNYemAoG4VrIdAv9Qxj6v1Bie8vm4dD59X5dBe9gMn+XHi5mMPYG7fwZV/LWQQSv
+RuRQAq0tm5+s5P4mJ2gFGgzwrTeUK37NpSSCKZC1/0sGl+N4ruiIdaOv+6xeWUJr
+x+hsKS9DyePdQtNFBgjgqDrWNvmJjYhdimcoU2qgLH8k7hJ+1vo=
+=Gxfw
+-----END PGP SIGNATURE-----

selinux-python-3.8.1.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6gACgkQzcroySfG
-vjEIig//YtRm/eZiJDWlage+ALQt34Eij7Juo7WBcZSyDI5p/fIL9CbPp3tHdAbU
-Jr0/W6EiJlUyPK6tueIGIP07ssAi2Mtdw0EoOFctnTX/sgOE75DuAGkudGRmgeVp
-s/W/NH2zGS/v8jgq6w55+6mXhlDgq8GZDbTa6otxZbhxRQ8fRUSjYnGyx6dlzu5f
-k0lpII0tFYlcXq05ByB+Sa469QSrtUZ/YkWh3WWO1f2YSr7+3zwUFYLaXvi5nbuf
-as2JywFsm3QQmr6rwkexKP8cWTVFvPLVg1ZDUlDgIQ8toKt2PfSFXLsRlF0UKojf
-emm/DUVoqoUg7s714IeJ2Vmy4BmSpUVaUa4Z0WW/mSrFMoHTWcoBB9848aECGCTk
-FImli3sGKEowL+2riXw1O0ohszzEkQQ+XDrD+adeODWyTnWFFuntBV7/FjCFerAH
-igxG7QluV/Q3KhKU9uLYkuV6IdD1S87RuY3lo9Pqq7GrNxcD3IN5WFWmh1BewKL4
-cHll+PAtUEHHm95n9VhbFmHvPvksC5yJ+R0rG19kxDyxhLbL1YN3Kew6AqV+mCRJ
-n8bS2YDlcANfNJ3T2Ok/jEsG4sdwglsghUyFEKJuCH+AwVXGd9GCyizfjlMiJptY
-tpouSKuPmUIEl6XITYedsaNWRAO15fMgpwlyN0mNiHwk9j4VBmY=
-=4FcA
------END PGP SIGNATURE-----

selinux-python-3.9.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTgACgkQzcroySfG
+vjGUjg/8CJvsZUWAqcXNti/HorxszsMbuNLnrIMnkXeet0R8t4e4ZUc89081cng6
+V0zTsXIsGCiG6PqtzMAkA0kvRVdMQh6NsJco6iniXmgF33GWym9uIjIYzOkbUK5e
+SKlf4eUpugcEcgxaKmYYOnoytPO58idcGfOZdZ6O4LiGFMiX5YRFvLrSSFfhDUHl
+gn6rlrSeC7c0v1qYYiyZnlQWRLPf/MYY00Po/KvuAnVpwwl/O1SFI3wrRHhLZw+l
+AiNBeli8rh7L8i/xxNmJoJMPbWwSJXlBfhe6as+45t6RXNvUjVoq7fTK3SuJKU9I
+U2mR7fOQQV6fLC+ozYbhU/sycbubFzuPnmrtv8QE60uZlqNrVJgkMD7irdY1A4SI
+A3wzsrgwq3nxvEkaPthaAJ+2HSeE0c+WZJxO8iy4SIXOHPWoq5xuMPeaPUoTho3T
+H2eB1XrrX7VmeY2hK/OKB7vt8vPHlOWltD3raWCnU5MU1pwzRPoCTW5DiPOvVTM6
+XjsWxj++hsOPix5R1JsxPD065vwB9RXl8iEZh37/iTVEHeXPMpBo1aes51Jh0rEu
+sEsjcmBKDVJCW0hSCdTzdn0SwcpmNLoH5jyU9t5mSaA8BwZpeXcz7u1OYwnZb0fy
+20QA4rLxPLBnYD237haJ/nUz5Ivtae2EfV7N4gv70Hqp5512N8I=
+=rWob
+-----END PGP SIGNATURE-----

semodule-utils-3.8.1.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6gACgkQzcroySfG
-vjESYBAAiPFsZKQ2dQuzXSBf34yH9QzMf+sk8Hq+FqM5kaaNwtUjKpP4ozsmG9yF
-vNbLV0CB4Kh3lTWgPB17ZxCuSNOf5DrSQvDuCVrGLm7/pNvud7gzd7K+Fml+Pyh5
-lAvpGXqmuJXodkjqTU59jkjIZRgyUHCwhucL1QOYL7AymOkj3hBhyMMUmF+XwiKK
-937FG/D6zoJpN5/Fc5JOIP/ByWuMbQpVzV85dC+o8/xJcaOhiDNexn/y+vPSQX2N
-a1WNpIVdZ+CeTg1CohqK5KpFjsjnkP7Vce0O0t67ugkfur6tdO9iJcSUAmvjmfZ2
-wt/P0wCeQ/8jN7ZcDoWm2+HdUxcmAdERjsZzrfW5oXtVRmrUSzOSvxYkTnnoJ/CX
-Y/0diXiIrGwt8gr6T8UQysRHk2xZ06XjJi6kg12afQ/18XwzFRaujOnUoSHgTl5C
-+N1Eiwz7C5f5kPq7N0vryOiMN1+BMXv14vr3zcrpEothWW6t0mru+a34r7jQkO2t
-M4NqC/7Ic5jVfaFMzStgC1AuYKkno+r09Ya2rTTkQ8i+pn0H5ucWL4bf3oAZK4yK
-4i2yUAn2s1OEZHuaeEh37aNWW4v2jiXZmMxU8DC2CZTUjrB8M5p8fitlsljve6An
-+84PVMFfYKFfLinywrXcRAZGSYkHdUGUL6jXs352f/VrfK0CefU=
-=q9Cd
------END PGP SIGNATURE-----

semodule-utils-3.9.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTgACgkQzcroySfG
+vjEANg//Q/wHGsJjsZvesi5TrkLquPUn2HZEqNrPNiXllqKQWMx+m4JhypBoIpwm
+7EnS5WujY+HwUEtb+S1bXUVYcsYET4o5jiImY/uOSukR84OwR56vupkXKLjSxONw
+ldFHkx9bb9wERaQhZv4cDuzzHEedUiw0wI3xMkkzfGv/sVoA8kRxy+suVR6PrADY
+cXddJEI4El7l10reDMZzV+leAlfrYIhcU3Y8997FNFAPDM3G2iHFFYZh6RVZth1h
+FFTS12cQhVHhvF1UHyjRMf8/aHMY3e2B41tKFYcqdp7bRhlR8/2cOVgsjN9Jf5aO
+rpQRh8OMxyu1RtQGrR1DWTBegNxFmVE8/mG+JxPfRqkhM04eXigz6PJskvbDlF5Y
+3EWuF3yinOMiZHHjF/eeFw2VN3wYQnMJVe/4+8+vPOlY8j5zS2OihHnQyVkMMqDf
+5WSjPs/XunDhcdz+I7wJ4upM+0huGAQxbwLmIP/xP4n+2QTeQfUOBAGpvQeNJPpK
+mc5K3JKfqy27s06flBvlz9qfD+cRRHz+Z5Lyc8JSjPVWgrm3nnbkut1MsnvOsRP1
+GjSl5QLuA7T53jtlq9iS3ZX9TS0HnimThs3TnN7Z+wyrG+sg/qUJps67VVveeBX5
+jMRuWDVT8MZB6X73K3iBA2dRKK8Mr/Kr7FS8xdJWhr7JAV7UHjw=
+=/EIH
+-----END PGP SIGNATURE-----

usr_etc.patch

@@ -0,0 +1,153 @@
+From 6941162cd2a2375df8d2095abcba86a53aff7418 Mon Sep 17 00:00:00 2001
+From: Stefan Schubert <schubi@suse.de>
+Date: Fri, 15 Dec 2023 13:22:31 +0100
+Subject: [PATCH] Using vendor defined directories for configuration files
+ besides user/admin defined configuration files.
+
+Signed-off-by: Stefan Schubert <schubi@suse.de>
+---
+ policycoreutils/sestatus/Makefile        |  8 +++
+ policycoreutils/sestatus/sestatus.c      | 79 ++++++++++++++++++++++--
+ policycoreutils/sestatus/sestatus.conf.5 |  2 +-
+ 4 files changed, 90 insertions(+), 5 deletions(-)
+
+diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile
+index aebf050c2..bb1f6bda0 100644
+--- a/policycoreutils/sestatus/Makefile
++++ b/policycoreutils/sestatus/Makefile
+@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR = $(PREFIX)/share/man
+ ETCDIR ?= /etc
++LIBECONFH ?= $(shell test -f /usr/include/libeconf.h && echo y)
+ 
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I../../libselinux/include -D_FILE_OFFSET_BITS=64
+@@ -13,6 +14,13 @@ override LDLIBS += -lselinux
+ all: sestatus
+ 
+ sestatus: sestatus.o
++ifdef VENDORDIR
++ifneq ($(LIBECONFH), y)
++	(echo "VENDORDIR defined but libeconf not available."; exit 1)
++endif
++override CFLAGS += -DVENDORDIR='"${VENDORDIR}"'
++override LDLIBS += -leconf
++endif
+ 
+ install: all
+ 	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
+index 6c95828ed..f80612dcd 100644
+--- a/policycoreutils/sestatus/sestatus.c
++++ b/policycoreutils/sestatus/sestatus.c
+@@ -21,11 +21,16 @@
+ 
+ #define PROC_BASE "/proc"
+ #define MAX_CHECK 50
+-#define CONF "/etc/sestatus.conf"
++#define CONFDIR "/etc"
++#define CONFNAME "sestatus"
++#define CONFPOST "conf"
++#define CONF CONFDIR "/" CONFNAME "." CONFPOST
+ 
+ /* conf file sections */
+-#define PROCS "[process]"
+-#define FILES "[files]"
++#define SECTIONPROCS "process"
++#define SECTIONFILES "files"
++#define PROCS "[" SECTIONPROCS "]"
++#define FILES "[" SECTIONFILES "]"
+ 
+ /* buffer size for cmp_cmdline */
+ #define BUFSIZE 255
+@@ -92,9 +97,75 @@ static int pidof(const char *command)
+ 	return ret;
+ }
+ 
+-static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
++#ifdef VENDORDIR
++#include <libeconf.h>
++
++static void load_checks_with_vendor_settings(char *pc[], int *npc, char *fc[], int *nfc)
+ {
++	econf_file *key_file = NULL;
++	econf_err error;
++	char **keys;
++	size_t key_number;
++
++	error = econf_readDirs (&key_file,
++				VENDORDIR,
++				CONFDIR,
++				CONFNAME,
++				CONFPOST,
++				"", "#");
++	if (error != ECONF_SUCCESS) {
++		printf("\nCannot read settings %s.%s: %s\n",
++		       CONFNAME,
++		       CONFPOST,
++		       econf_errString( error ));
++		return;
++	}
++
++	error = econf_getKeys(key_file, SECTIONPROCS, &key_number, &keys);
++	if (error != ECONF_SUCCESS) {
++		printf("\nCannot read group %s: %s\n",
++		       SECTIONPROCS,
++		       econf_errString( error ));
++	} else {
++		for (size_t i = 0; i < key_number; i++) {
++			if (*npc >= MAX_CHECK)
++				break;
++			pc[*npc] = strdup(keys[i]);
++			if (!pc[*npc])
++				break;
++			(*npc)++;
++		}
++		econf_free (keys);
++	}
++
++	error = econf_getKeys(key_file, SECTIONFILES, &key_number, &keys);
++	if (error != ECONF_SUCCESS) {
++		printf("\nCannot read group %s: %s\n",
++		       SECTIONFILES,
++		       econf_errString( error ));
++	} else {
++		for (size_t i = 0; i < key_number; i++) {
++			if (*nfc >= MAX_CHECK)
++				break;
++			fc[*nfc] = strdup(keys[i]);
++			if (!fc[*nfc])
++				break;
++			(*nfc)++;
++		}
++		econf_free (keys);
++	}
+ 
++	econf_free (key_file);
++	return;
++}
++#endif
++
++static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
++{
++#ifdef VENDORDIR
++	load_checks_with_vendor_settings(pc, npc, fc, nfc);
++	return;
++#endif
+ 	FILE *fp = fopen(CONF, "r");
+ 	char buf[255], *bufp;
+ 	int buf_len, section = -1;
+diff --git a/policycoreutils/sestatus/sestatus.conf.5 b/policycoreutils/sestatus/sestatus.conf.5
+index acfedf6f5..01f8051d2 100644
+--- a/policycoreutils/sestatus/sestatus.conf.5
++++ b/policycoreutils/sestatus/sestatus.conf.5
+@@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by the \fBsestatus\fR(8) command with the \
+ .sp
+ The fully qualified path name of the configuration file is:
+ .RS
+-\fI/etc/sestatus.conf\fR
++\fI/etc/sestatus.conf\fR or \fI<vendordir>/sestatus.conf\fR if it is not available
+ .RE
+ .RE
+ .sp