diff -ur audit-1.5.6.orig/system-config-audit/ChangeLog audit-1.5.6/system-config-audit/ChangeLog
--- audit-1.5.6.orig/system-config-audit/ChangeLog	2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/ChangeLog	2007-08-28 14:20:16.000000000 -0400
@@ -1,3 +1,21 @@
+2007-08-28  Miloslav Trmač  <mitr@redhat.com>
+
+	* configure.ac: Release 0.4.3.
+	* NEWS: Update.
+
+	* src/audit_rules.py (Field.option_text): New parameter rule.  Use
+	-p only in rules with -w, -F perm= otherwise.
+	(Rule.command_text): Add -k only after -S.
+
+2007-08-02  Miloslav Trmač  <mitr@redhat.com>
+
+	* src/main_window.py (N_): Remove useless definition.
+
+2007-07-23  Miloslav Trmač  <mitr@redhat.com>
+
+	* src/watch_list_dialog.py (_WatchTable._validate_rule): Fix a
+	crash when the rule has no AUDIT_WATCH or AUDIT_PERM field.
+
 2007-07-17  Miloslav Trmač  <mitr@redhat.com>
 
 	* system-config-audit.desktop.in (Categories): Add System, to move the
diff -ur audit-1.5.6.orig/system-config-audit/configure.ac audit-1.5.6/system-config-audit/configure.ac
--- audit-1.5.6.orig/system-config-audit/configure.ac	2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/configure.ac	2007-08-28 14:08:59.000000000 -0400
@@ -1,5 +1,5 @@
 # Process this file with autoconf to produce a configure script.
-AC_INIT([system-config-audit], [0.4.2], [mitr@redhat.com])
+AC_INIT([system-config-audit], [0.4.3], [mitr@redhat.com])
 AC_COPYRIGHT(
 [Copyright (C) 2007 Red Hat, Inc.  All rights reserved.
 
diff -ur audit-1.5.6.orig/system-config-audit/NEWS audit-1.5.6/system-config-audit/NEWS
--- audit-1.5.6.orig/system-config-audit/NEWS	2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/NEWS	2007-08-28 14:08:59.000000000 -0400
@@ -1,5 +1,10 @@
+Changes in release 0.4.3:
+* Fix order of -k and -S, and using -p without -w, in audit rules
+* Fix a crash validating a non-watch rule
+* Move the menu entry to the Administration submenu in GNOME
+
 Changes in release 0.4.2:
-* Modify to run on RHEL 5.
+* Modify to run on RHEL 5
 
 Changes in release 0.4.1:
 * Add an install-fedora Makefile target
diff -ur audit-1.5.6.orig/system-config-audit/src/audit_rules.py audit-1.5.6/system-config-audit/src/audit_rules.py
--- audit-1.5.6.orig/system-config-audit/src/audit_rules.py	2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/src/audit_rules.py	2007-08-28 14:08:59.000000000 -0400
@@ -347,13 +347,18 @@
         self.op = self.OP_EQ
         self.value = self.get_field_type(self.var).parse_value(string, self.op)
 
-    def option_text(self):
-        '''Return a string representing this field as an auditctl option.'''
+    def option_text(self, rule):
+        '''Return a string representing this field as an auditctl option.
+
+        Use rule to determine the correct syntax.
+
+        '''
         val = self._value_text()
         if self.var == audit.AUDIT_FILTERKEY:
             assert self.op == self.OP_EQ
             return '-k %s' % val
-        elif self.var == audit.AUDIT_PERM:
+        elif (self.var == audit.AUDIT_PERM and
+              len([f for f in rule.fields if f.var == audit.AUDIT_WATCH]) == 1):
             assert self.op == self.OP_EQ
             return '-p %s' % val
         else:
@@ -443,16 +448,21 @@
             o.append('-w %s' % watches[0].value)
             watch_used = True
         # Add fields before syscalls because -F arch=... may change the meaning
-        # of syscall names
+        # of syscall names.  But add AUDIT_FILTERKEY only after -S, auditctl
+        # stubbornly insists on that order.
         for f in self.fields:
-            if f.var != audit.AUDIT_WATCH or not watch_used:
-                o.append(f.option_text())
+            if (f.var != audit.AUDIT_FILTERKEY and
+                (f.var != audit.AUDIT_WATCH or not watch_used)):
+                o.append(f.option_text(self))
         if list is not rules.exclude_rules:
             for s in self.syscalls:
                 if s == self.SYSCALLS_ALL:
                     o.append('-S all')
                 else:
                     o.append('-S %s' % util.syscall_string(s, self.machine))
+        for f in self.fields:
+            if f.var == audit.AUDIT_FILTERKEY:
+                o.append(f.option_text(self))
         return ' '.join(o)
 
     def __eq__(self, rule):
diff -ur audit-1.5.6.orig/system-config-audit/src/main_window.py audit-1.5.6/system-config-audit/src/main_window.py
--- audit-1.5.6.orig/system-config-audit/src/main_window.py	2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/src/main_window.py	2007-08-28 14:08:59.000000000 -0400
@@ -32,8 +32,6 @@
 import settings
 import util
 
-def N_(s): return s
-
 def exit_watch_rules(rules):
     '''Split exit rules to lists for WatchListDialog and RuleListDialog.
 
diff -ur audit-1.5.6.orig/system-config-audit/src/server.c audit-1.5.6/system-config-audit/src/server.c
--- audit-1.5.6.orig/system-config-audit/src/server.c	2007-08-28 14:08:15.000000000 -0400
+++ audit-1.5.6/system-config-audit/src/server.c	2007-08-28 14:08:59.000000000 -0400
@@ -200,7 +200,7 @@
       err = errno;
       goto err_fd;
     }
-  if (st.st_size > SIZE_MAX)
+  if (st.st_size > (off_t)SIZE_MAX)
     {
       err = EFBIG;
       goto err_fd;