Fedora Update Notification
2008-02-28 21:14:27

Name        : setroubleshoot
Product     : Fedora 8
Version     : 2.0.5
Release     : 2.fc8
URL         : https://fedorahosted.org/setroubleshoot
Summary     : Helps troubleshoot SELinux problems
Description :
setroubleshoot gui. Application that allows you to view setroubleshoot-server
Provides tools to help diagnose SELinux problems. When AVC messages
are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.

Update Information:

This is a major upgrade of setroubleshoot. The primary difference is  how audit
data is captured, analyzed, and stored. Security  vulnerabilities, performance,
usability, and robustness have been  addressed in addition to general bug fixes.
Important Installation Notes: The format of the persistent data store  has
changed, after installation the alert database will be newly  initialized and
previous alerts will be lost. For most users this will  not be an issue since
alerts are ephemeral and if the alerting issue  persists a new alert will be
generated in the new format the next time  it occurs. Also, some users may
experience an error dialog from  sealert during installation due to the order in
which files are  installed, this may safely be ignored and is a known issue.
After  installation the sealert desktop component should be restarted, this  can
be achieved by logging out of your desktop sesson or by issuing  the following
commands from within the desktop session.    % sealert -q  % sealert -s

* Fri Feb 22 2008 <[EMAIL PROTECTED]> - 2.0.5-2
- bump rev for build
* Wed Feb  6 2008 John Dennis <[EMAIL PROTECTED]> - 2.0.5-1
- allow sealert -l lookup to accept * wildcard
        - add a few more audit fields needing special decode handling
* Thu Jan 31 2008 <[EMAIL PROTECTED]> - 2.0.4-1
- Resolve bug #430421: audit_listener_database.xml:3029: parser error in 
          rewrite the audit_msg_decode logic to beaware of specific audit fields
        - add new template substitution $SOURCE, a friendly name, $SOURCE_PATH 
still exists
          and is the full path name of $SOURCE, also add 'source' attribute in 
AVC class,
          fix how source and source_path are computed from audit's comm and exe 
        - fix the computation of tpath to also look at the audit name field, 
          it had only been looking at path, fixes <Unknown> showing up for many 
        - add exception handling around xml file writes (Alan Cox reports 
problem when /var is full)
        - add testing documentation
        - Resolve bug #430845: obsolete URL in setroubleshoot package 
        - Resolve bug #428960: Permissive message makes no sense.
        - init script now allows extra test options
        - show_browser() now opens and raises the window (e.g. presents) rather 
than just
          assuring it's realized (e.g. iconified, or hidden)
        - sealert -l message in syslog converts from html before writing to 
        - Resolve bug #320881: export setroubleshoot_selinux_symposium in PDF 
        - add code to verify all async rpc's have been cleared from the async 
rpc cache
        - add code to set a default rpc method return if the interface does not 
define a callback
          (methods which did not have a callback were not returning anything 
and hence were not
           getting cleared from the cache)
* Fri Jan 11 2008 <[EMAIL PROTECTED]> - 2.0.2-1
- Resolve bug #428252: Problem with update/remove old version
        - Add code to validate xml database version, if file is incompatible it 
is not read,
          the next time the database is written it will be in the new version 
          This means the database contents are not preserved across database 
version upgrades.
        - Remove postun trigger from spec file used to clear database between 
incompatible versions
          the new database version check during database read will handle this 
        - bullet proof exit status in init script and rpm scriptlets
        - Resolve bug #247302: setroubleshoot's autostart .desktop file fails 
to start under a KDE session
        - Resolve bug #376041: Cannot check setroubleshoot service status as 
        - Resolve bug #332281: remove obsolete translation
        - Resolve bug #344331: No description in gnome-session-properties
        - Resolve bug #358581: missing libuser-python dependency
        - Resolve bug #426586: Renaming translation po file from [EMAIL 
        - Resolve bug #427260: German Translation
        - enhance the sealert man page
* Fri Jan  4 2008 <[EMAIL PROTECTED]> - 2.0.1-1
- make connection error message persist instead of timeout in browser
        - updated Brazilian Portuguese translation: Igor Pires Soares <[EMAIL 
        - implement uid,username checks
        - rpc methods now check for authenticated state
        - fix html handling of summary string
        - add 'named' messages to status bar, make sure all messages either 
timeout or are named
        - fix ordering of menus, resolves bug #427418
        - add 'hide quiet' to browser view filtering, resolves bug #427421
        - tweak siginfo text formatting
        - add logon to SECommandLine so that sealert -l <local_id> works
* Fri Dec 28 2007 <[EMAIL PROTECTED]> - 2.0.0-1
- prepare for v2 test release
        - Completed most work for version 2 of setroubleshoot, prepare for test 
        - import Dan's changes from the mainline
          primarily allow_postfix_local_write_mail_spool plugin
        - escape html, fix siginfo.format_html(), siginfo.format_text()
        - add async-error signal
        - change identity to just username
        - make sure set_filter user validation works and reports error in 
        - fix generation of line numbers and host when connected to audispd
        - add permissive notification, resolves bug #231334: Wording doesn't 
change for permissive mode
        - resolves bug #244345: avc path information incomplete
        - get the uid,gid when a client connects to the server
        - set_filter now verifies the filter is owned by the user,
        - resolves bug #288261: setroubleshoot lack of user authentication
        - remove filter options which weren't being used
        - change '@' in audit data hostname to '.'
        - remove restart dialog
          resolves bug #321171: sealert's dialog after update is higly confusing
        - fix rpc xml arg
        - fix handling of host value
        - tweak what fields are in signature
        - move data items which had been in 'avc' object into siginfo
        - clean up siginfo format
        - large parts of new audit data pipeline working, checkpoint
        - fix duplicate xml nodes when generating xml tree
        - audit event can now be xml serialized
        - switch from using int's for audit record types to strings
        - avoid conversion headaches and possibilty of not being
          able to convert a new unknown type
        - add logic to allow XmlSerialize to be subclassed and 
init_from_xml_node to be overridden
        - add support to xml serialize classes AuditEventID, AuditEvent, 
        - use metaclass for xml class init
        - start adding xml support to audit data classes
        - Use metaclass to wrap class init
        - move xml serialization code from signature.py to xml_serialize.py
        - simplify aspect of the serialization code
        - add unstructured xml mapping, each xml element name has its content 
mapped to obj.name
        - modify xml serialization to be driven by xml contents
        - general clean up
        - checkpoint conversion of serialization to use metaclasses
        - clean up class/data specifications for XmlSerializable
        - add support for client rpc testing
        - add changelog entry
        - add SubProcess class to setroubleshootd in preparation to
        - run daemon as subprocess so we can gather results and
          compare them to the expected data we sent
        - rewrite all plugins to use new v2 audit data
        - add SubProcess class to setroubleshootd in preparation to 
          run daemon as subprocess so we can gather results and
          compare them to the expected data we sent
        - add new test support: add config section 'test', add boolean 
'analyze' to
          config test section, add class TestPluginReportReceiver which is 
          if test.analyze is True, it prints analysis report. In 
          send AUDIT_EOE to assure sequential event processing so analysis 
          have same ordering as events that are sent by test_setroubleshootd
        - alert signatures now include host information, alerts will be grouped 
by host

  [ 1 ] Bug #416351 - setroubleshoot does not escape regex chars in suggested 
  [ 2 ] Bug #430421 - setroubleshoot - audit_listener_database.xml:3029: parser 
error in xmlParseDoc()
  [ 3 ] Bug #430845 - obsolete URL in setroubleshoot package description
  [ 4 ] Bug #428960 - Message makes no sense.
  [ 5 ] Bug #320881 - Somebody just didn't get it!
  [ 6 ] Bug #428252 - Problem with update/remove old version
  [ 7 ] Bug #247302 - setroubleshoot's autostart .desktop file fails to start 
under a KDE session
  [ 8 ] Bug #376041 - Cannot check setroubleshoot service status as non-root
  [ 9 ] Bug #332281 - remove obsolete translation
  [ 10 ] Bug #344331 - No description in gnome-session-properties
  [ 11 ] Bug #358581 - missing libuser-python dependency
  [ 12 ] Bug #426586 - Renaming translation po file from [EMAIL PROTECTED] to 
  [ 13 ] Bug #427260 - German Translation
  [ 14 ] Bug #427418 - Menu layout is not GNOME HIG compliant
  [ 15 ] Bug #427421 - Need a way to permanently ignore specific AVC logs
  [ 16 ] Bug #231334
  [ 17 ] Bug #244345 - missing filename in setroubleshoot (AVC.get_path() 
returns incomplete path)
  [ 18 ] Bug #288261
  [ 19 ] Bug #321171 - sealert's dialog after update is higly confusing

This update can be installed with the "yum" update program.  Use 
su -c 'yum update setroubleshoot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

Fedora-package-announce mailing list

Reply via email to