Fedora 8 Update: setroubleshoot-2.0.5-2.fc8

Thu Feb 28 21:43:59 UTC 2008

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2100
2008-02-28 21:14:27
--------------------------------------------------------------------------------

Name        : setroubleshoot
Product     : Fedora 8
Version     : 2.0.5
Release     : 2.fc8
URL         : https://fedorahosted.org/setroubleshoot
Summary     : Helps troubleshoot SELinux problems
Description :
setroubleshoot gui. Application that allows you to view setroubleshoot-server
messages.
Provides tools to help diagnose SELinux problems. When AVC messages
are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.

--------------------------------------------------------------------------------
Update Information:

This is a major upgrade of setroubleshoot. The primary difference is  how audit
data is captured, analyzed, and stored. Security  vulnerabilities, performance,
usability, and robustness have been  addressed in addition to general bug fixes.
Important Installation Notes: The format of the persistent data store  has
changed, after installation the alert database will be newly  initialized and
previous alerts will be lost. For most users this will  not be an issue since
alerts are ephemeral and if the alerting issue  persists a new alert will be
generated in the new format the next time  it occurs. Also, some users may
experience an error dialog from  sealert during installation due to the order in
which files are  installed, this may safely be ignored and is a known issue.
After  installation the sealert desktop component should be restarted, this  can
be achieved by logging out of your desktop sesson or by issuing  the following
commands from within the desktop session.    % sealert -q  % sealert -s
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 22 2008 <jdennis at redhat.com> - 2.0.5-2
- bump rev for build
* Wed Feb  6 2008 John Dennis <jdennis at redhat.com> - 2.0.5-1
- allow sealert -l lookup to accept * wildcard
	- add a few more audit fields needing special decode handling
* Thu Jan 31 2008 <jdennis at redhat.com> - 2.0.4-1
- Resolve bug #430421: audit_listener_database.xml:3029: parser error in xmlParseDoc()
	  rewrite the audit_msg_decode logic to beaware of specific audit fields
	- add new template substitution $SOURCE, a friendly name, $SOURCE_PATH still exists
	  and is the full path name of $SOURCE, also add 'source' attribute in AVC class,
	  fix how source and source_path are computed from audit's comm and exe fields
	- fix the computation of tpath to also look at the audit name field, formerly
	  it had only been looking at path, fixes <Unknown> showing up for many targets
	- add exception handling around xml file writes (Alan Cox reports problem when /var is full)
	- add testing documentation
	- Resolve bug #430845: obsolete URL in setroubleshoot package description
	- Resolve bug #428960: Permissive message makes no sense.
	- init script now allows extra test options
	- show_browser() now opens and raises the window (e.g. presents) rather than just
	  assuring it's realized (e.g. iconified, or hidden)
	- sealert -l message in syslog converts from html before writing to syslog
	- Resolve bug #320881: export setroubleshoot_selinux_symposium in PDF format
	- add code to verify all async rpc's have been cleared from the async rpc cache
	- add code to set a default rpc method return if the interface does not define a callback
	  (methods which did not have a callback were not returning anything and hence were not
	   getting cleared from the cache)
* Fri Jan 11 2008 <jdennis at redhat.com> - 2.0.2-1
- Resolve bug #428252: Problem with update/remove old version
	- Add code to validate xml database version, if file is incompatible it is not read,
	  the next time the database is written it will be in the new version format.
	  This means the database contents are not preserved across database version upgrades.
	- Remove postun trigger from spec file used to clear database between incompatible versions
	  the new database version check during database read will handle this instead
	- bullet proof exit status in init script and rpm scriptlets
	- Resolve bug #247302: setroubleshoot's autostart .desktop file fails to start under a KDE session
	- Resolve bug #376041: Cannot check setroubleshoot service status as non-root
	- Resolve bug #332281: remove obsolete translation
	- Resolve bug #344331: No description in gnome-session-properties
	- Resolve bug #358581: missing libuser-python dependency
	- Resolve bug #426586: Renaming translation po file from sr at Latn to sr at latin
	- Resolve bug #427260: German Translation
	- enhance the sealert man page
* Fri Jan  4 2008 <jdennis at redhat.com> - 2.0.1-1
- make connection error message persist instead of timeout in browser
	- updated Brazilian Portuguese translation: Igor Pires Soares <igor at fedoraproject.org>
	- implement uid,username checks
	- rpc methods now check for authenticated state
	- fix html handling of summary string
	- add 'named' messages to status bar, make sure all messages either timeout or are named
	- fix ordering of menus, resolves bug #427418
	- add 'hide quiet' to browser view filtering, resolves bug #427421
	- tweak siginfo text formatting
	- add logon to SECommandLine so that sealert -l <local_id> works
* Fri Dec 28 2007 <jdennis at redhat.com> - 2.0.0-1
- prepare for v2 test release
	- Completed most work for version 2 of setroubleshoot, prepare for test release
	- import Dan's changes from the mainline
	  primarily allow_postfix_local_write_mail_spool plugin
	- escape html, fix siginfo.format_html(), siginfo.format_text()
	- add async-error signal
	- change identity to just username
	- make sure set_filter user validation works and reports error in browser
	- fix generation of line numbers and host when connected to audispd
	- add permissive notification, resolves bug #231334: Wording doesn't change for permissive mode
	- resolves bug #244345: avc path information incomplete
	- get the uid,gid when a client connects to the server
	- set_filter now verifies the filter is owned by the user,
	- resolves bug #288261: setroubleshoot lack of user authentication
	- remove filter options which weren't being used
	- change '@' in audit data hostname to '.'
	- remove restart dialog
	  resolves bug #321171: sealert's dialog after update is higly confusing
	- fix rpc xml arg
	- fix handling of host value
	- tweak what fields are in signature
	- move data items which had been in 'avc' object into siginfo
	- clean up siginfo format
	- large parts of new audit data pipeline working, checkpoint
	- fix duplicate xml nodes when generating xml tree
	- audit event can now be xml serialized
	- switch from using int's for audit record types to strings
	- avoid conversion headaches and possibilty of not being
	  able to convert a new unknown type
	- add logic to allow XmlSerialize to be subclassed and init_from_xml_node to be overridden
	- add support to xml serialize classes AuditEventID, AuditEvent, AuditRecord
	- use metaclass for xml class init
	- start adding xml support to audit data classes
	- Use metaclass to wrap class init
	- move xml serialization code from signature.py to xml_serialize.py
	- simplify aspect of the serialization code
	- add unstructured xml mapping, each xml element name has its content mapped to obj.name
	- modify xml serialization to be driven by xml contents
	- general clean up
	- checkpoint conversion of serialization to use metaclasses
	- clean up class/data specifications for XmlSerializable
	- add support for client rpc testing
	- add changelog entry
	- add SubProcess class to setroubleshootd in preparation to
	- run daemon as subprocess so we can gather results and
	  compare them to the expected data we sent
	- rewrite all plugins to use new v2 audit data
	- add SubProcess class to setroubleshootd in preparation to 
          run daemon as subprocess so we can gather results and
          compare them to the expected data we sent
	- add new test support: add config section 'test', add boolean 'analyze' to
	  config test section, add class TestPluginReportReceiver which is installed
	  if test.analyze is True, it prints analysis report. In test_setroubleshootd
	  send AUDIT_EOE to assure sequential event processing so analysis results
	  have same ordering as events that are sent by test_setroubleshootd
	- alert signatures now include host information, alerts will be grouped by host
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #416351 - setroubleshoot does not escape regex chars in suggested cmds
        https://bugzilla.redhat.com/show_bug.cgi?id=416351
  [ 2 ] Bug #430421 - setroubleshoot - audit_listener_database.xml:3029: parser error in xmlParseDoc()
        https://bugzilla.redhat.com/show_bug.cgi?id=430421
  [ 3 ] Bug #430845 - obsolete URL in setroubleshoot package description
        https://bugzilla.redhat.com/show_bug.cgi?id=430845
  [ 4 ] Bug #428960 - Message makes no sense.
        https://bugzilla.redhat.com/show_bug.cgi?id=428960
  [ 5 ] Bug #320881 - Somebody just didn't get it!
        https://bugzilla.redhat.com/show_bug.cgi?id=320881
  [ 6 ] Bug #428252 - Problem with update/remove old version
        https://bugzilla.redhat.com/show_bug.cgi?id=428252
  [ 7 ] Bug #247302 - setroubleshoot's autostart .desktop file fails to start under a KDE session
        https://bugzilla.redhat.com/show_bug.cgi?id=247302
  [ 8 ] Bug #376041 - Cannot check setroubleshoot service status as non-root
        https://bugzilla.redhat.com/show_bug.cgi?id=376041
  [ 9 ] Bug #332281 - remove obsolete translation
        https://bugzilla.redhat.com/show_bug.cgi?id=332281
  [ 10 ] Bug #344331 - No description in gnome-session-properties
        https://bugzilla.redhat.com/show_bug.cgi?id=344331
  [ 11 ] Bug #358581 - missing libuser-python dependency
        https://bugzilla.redhat.com/show_bug.cgi?id=358581
  [ 12 ] Bug #426586 - Renaming translation po file from sr at Latn to sr at latin
        https://bugzilla.redhat.com/show_bug.cgi?id=426586
  [ 13 ] Bug #427260 - German Translation
        https://bugzilla.redhat.com/show_bug.cgi?id=427260
  [ 14 ] Bug #427418 - Menu layout is not GNOME HIG compliant
        https://bugzilla.redhat.com/show_bug.cgi?id=427418
  [ 15 ] Bug #427421 - Need a way to permanently ignore specific AVC logs
        https://bugzilla.redhat.com/show_bug.cgi?id=427421
  [ 16 ] Bug #231334
        https://bugzilla.redhat.com/show_bug.cgi?id=231334
  [ 17 ] Bug #244345 - missing filename in setroubleshoot (AVC.get_path() returns incomplete path)
        https://bugzilla.redhat.com/show_bug.cgi?id=244345
  [ 18 ] Bug #288261
        https://bugzilla.redhat.com/show_bug.cgi?id=288261
  [ 19 ] Bug #321171 - sealert's dialog after update is higly confusing
        https://bugzilla.redhat.com/show_bug.cgi?id=321171
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update setroubleshoot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------