backport patches from upstream

(cherry picked from commit 9139570c68657015f0e23d3d2a8bdbf9f3f8bc1f)

backport-restorecond-compatible-with-the-use-of-EUID.patch

@@ -0,0 +1,34 @@
+From ca76a8813e9ac9536f09b5611b09b2b21064f984 Mon Sep 17 00:00:00 2001
+From: Huizhao Wang <wanghuizhao1@huawei.com>
+Date: Sat, 5 Aug 2023 15:06:50 +0800
+Subject: [PATCH] restorecond: compatible with the use of EUID
+
+The `EUID` does not exist in some shell environments. To ensure compatibility,
+use `id -u` instead of `EUID` when `EUID` does not exist.
+
+Signed-off-by: Huizhao Wang <wanghuizhao1@huawei.com>
+Acked-by: Petr Lautrbach <lautrbach@redhat.com>
+---
+ restorecond/restorecond.init | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/restorecond/restorecond.init b/restorecond/restorecond.init
+index c1cbb247..4e71a2c6 100644
+--- a/restorecond/restorecond.init
++++ b/restorecond/restorecond.init
+@@ -29,7 +29,11 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin
+ [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+ 
+ # Check that we are root ... so non-root users stop here
+-test $EUID = 0  || exit 4
++if [ $EUID  ]; then
++	test $EUID = 0  || exit 4
++else
++	test `id -u` = 0  || exit 4
++fi
+ 
+ test -x /usr/sbin/restorecond  || exit 5
+ test -f /etc/selinux/restorecond.conf  || exit 6
+-- 
+2.27.0
+

backport-sepolicy-manpage.py-make-output-deterministic.patch

@@ -0,0 +1,37 @@
+From 84e0884260c550ef840de6d09573444d93fb209a Mon Sep 17 00:00:00 2001
+From: Cathy Hu <cahu@suse.de>
+Date: Wed, 25 Oct 2023 15:18:58 +0200
+Subject: [PATCH] sepolicy/manpage.py: make output deterministic
+
+The list entries in the alphabetically grouped dict are
+not sorted, which results in non-deterministic output for
+index.html.
+
+Sort entries of those lists to make the output deterministic
+to be able to have reproducible builds.
+
+See https://reproducible-builds.org/ for reasoning.
+This patch was done while working on reproducible builds for openSUSE.
+
+Signed-off-by: Cathy Hu <cahu@suse.de>
+Acked-by: Petr Lautrbach <lautrbach@redhat.com>
+---
+ python/sepolicy/sepolicy/manpage.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index a488dcbf..62999019 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -156,7 +156,7 @@ def get_alphabet_manpages(manpage_list):
+             if j.split("/")[-1][0] == i:
+                 temp.append(j.split("/")[-1])
+ 
+-        alphabet_manpages[i] = temp
++        alphabet_manpages[i] = sorted(temp)
+ 
+     return alphabet_manpages
+ 
+-- 
+2.27.0
+

policycoreutils.spec

@@ -3,7 +3,7 @@
 
 Name:      policycoreutils
 Version:   3.3
-Release:   7
+Release:   8
 Summary:   Policy core utilities of selinux
 License:   GPLv2
 URL:       https://github.com/SELinuxProject
@@ -31,6 +31,8 @@ Patch6010:    backport-python-sepolicy-add-missing-booleans-to-man-pages.patch
 Patch6011:    backport-python-sepolicy-Cache-conditional-rule-queries.patch
 Patch6012:    backport-restorecond-add-check-for-strdup-in-strings_list_add.patch
 Patch6013:    backport-python-Use-isinstance-instead-of-type.patch
+Patch6014:    backport-restorecond-compatible-with-the-use-of-EUID.patch
+Patch6015:    backport-sepolicy-manpage.py-make-output-deterministic.patch
 
 BuildRequires: gcc
 BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3  libcap-devel audit-libs-devel  gettext
@@ -271,6 +273,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
 %{_mandir}/*
 
 %changelog
+* Thu Dec 14 2023 yixiangzhike <yixiangzhike007@163.com> -3.3-8
+- backport patches from upstream
+
 * Mon Sep 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> -3.3-7
 - backport patches from upstream