Accepting request 1067536 from home:jsegitz:branches:security:SELinux_toolchain

- Update to version 3.5: * check for truncations * avoid newline in avc message * bail out on path truncations * add getpidprevcon to gather the previous context before the last exec of a given process * Workaround for heap overhead of pcre * fix memory leaks on the audit2why module init * ignore invalid class name lookup - Drop restorecon_pin_file.patch, is upstream - Added additional developer key (Jason Zaman) - Update to version 3.5: * check for truncations * avoid newline in avc message * bail out on path truncations * add getpidprevcon to gather the previous context before the last exec of a given process * Workaround for heap overhead of pcre * fix memory leaks on the audit2why module init * ignore invalid class name lookup - Drop restorecon_pin_file.patch, is upstream - Added additional developer key (Jason Zaman) OBS-URL: https://build.opensuse.org/request/show/1067536 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libselinux?expand=0&rev=145
2023-02-24 08:43:11 +00:00 · 2023-02-24 08:43:11 +00:00 · 5bc0b87998
commit 5bc0b87998
parent e9ab567ff0
10 changed files with 195 additions and 167 deletions
--- a/libselinux-3.4.tar.gz
+++ b/libselinux-3.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:77c294a927e6795c2e98f74b5c3adde9c8839690e9255b767c5fca6acff9b779
-size 210061
--- a/libselinux-3.4.tar.gz.asc
+++ b/libselinux-3.4.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE1qW2HJpVNBaCkttnviIJHj72InUFAmKFCEsACgkQviIJHj72
-InXlLhAAtklDK8OvcL08fYu8Hw2EYI6wWopn4KctGiZN0axNRxLTqzljWJCU2MjM
-jqRDqQ4M1i+Bp4NKDKxYLJSMq8gABoC3L9pvM5Tm24Lw9R/A85FcBtTAr7fSevd1
-hu42yDrjZI1pdAY1kSATipo57JiL4O8WA4qJdNGxJepsMNG49dFSezhO2VyBj4Tl
-IVG4smxF/5PEPGVJfjH0dorYarRtsXVVQxrzT739x/9jE8YBe0ONbGrnzxL6ga5G
-dlAMEyRyHTn1sLBp6mxi3KxvkgkLZ8hFH28JeQ+8zyOs/FjCQOSk/akOewsLOUMV
-S/f4ydgaPHSjmN+etv03P1iOPWxiH8DdIez/GA7DRrwY80xfbIfO5M51fNKIBzXM
-M2Co24kGHyaythzzFgwClw41SLB3SGkHPQcb0Hm1uFeSVCdIPUCwCWmQcFABZaZ0
-SHDC47zZ0E22A4y33tT0/SbYtqEJLPfVCBYGWK+wRnKzGMTdUYzVoW4tr9p+yDhQ
-SN0+m84Ryz8cfYWuE3WB53V4z0Pk5alk43XkmtHXNRgI2hGjXs1Q3UxEdB/YEpun
-tGh6oA4oMj4brPWXb6PE/egpvYJzW6k6Z1JHAIY8Sj2zx5LtJgf5yfiX3iI9kfSf
-2iF9s6Y+eNgTceKkQ55PIOI0NhcArMQxwIlBZb63xsrYqTTA+xw=
-=Oane
-----END PGP SIGNATURE-----
--- a/libselinux-3.5.tar.gz
+++ b/libselinux-3.5.tar.gz
--- a/libselinux-3.5.tar.gz.asc
+++ b/libselinux-3.5.tar.gz.asc
@ -0,0 +1,19 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQKTBAABCgB9FiEE4WLerRzN0RPwSz1JK77Zyxpo71UFAmP3a11fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEUx
+NjJERUFEMUNDREQxMTNGMDRCM0Q0OTJCQkVEOUNCMUE2OEVGNTUACgkQK77Zyxpo
+71Uajg//WGv3IopVYrtph3FgRUU5V+QGwvd0rdsL/+ZhNGYKi/Br1Pqdi8nHzg4j
+jXX9B6uek1A9S1WC76uEtoG0pqc3KNXxAgZAVGpJBp29QCXftWbmMEu5obN+cST8
+H1HaCm0MUdMB01Yyc8pNSujV7AezsKv60cxLNITdYXGjEFDIM73oYxc61qNrYbpm
+dQabXqnGxp0FkzbRbO0JsOiwIMJuLBZEe7UyHPlF6Z9OemDe3ro5YbtyUJrzHIjO
+nIyWZ8ApWXZ6Q8vJyk9RGBO1fNiAHlH5UCELK1Mj4vDMNkSmrOUkoz0DWJ8+vnkf
+Bb7wC7STzWMXTb8R/Zx0GuQ/3VsM5Y9ebYFz2XV3Brttxrp4WAKZjwXduDOHOSLX
+EOMM3/c20z3LYAl6aAvo36DQSYJ7zAm6qF1ZF5JmH0DYBSZevXMRF14x0EZLchgS
+TSIzfFlIT7SYlxIGZX54hwN9FQidhlK//onHE16Ri/GyOSJa8/uUhntrJb0lgoh+
+5FllC+dgXuLMNpCE7ltqWFHgMLsEaKBi4Z6mOONL54iYJUUzfHHjXoi+cLRO6eUU
+9zQhQfQ7+HANcQt691EUBo0efiNT1upI4H4C6CFojobMX4pVUsKouMfjAg8Jl/is
+Z63fXRJWBGS6NGR7ZxodV6wF5OzVMH4IDO6Rdf5X6Apcinshs8U=
+=NKC3
+-----END PGP SIGNATURE-----
--- a/libselinux-bindings.changes
+++ b/libselinux-bindings.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Feb 24 07:42:25 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.5:
+  * check for truncations
+  * avoid newline in avc message
+  * bail out on path truncations
+  * add getpidprevcon to gather the previous context before the last
+    exec of a given process
+  * Workaround for heap overhead of pcre
+  * fix memory leaks on the audit2why module init
+  * ignore invalid class name lookup
+- Drop restorecon_pin_file.patch, is upstream
+- Added additional developer key (Jason Zaman)
+
 -------------------------------------------------------------------
 Mon May  9 10:23:32 UTC 2022 - Johannes Segitz <jsegitz@suse.com>

--- a/libselinux-bindings.spec
+++ b/libselinux-bindings.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libselinux-bindings
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,9 +17,9 @@


 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
-%define libsepol_ver 3.4
+%define libsepol_ver 3.5
 Name:           libselinux-bindings
-Version:        3.4
+Version:        3.5
 Release:        0
 Summary:        SELinux runtime library and simple utilities
 License:        SUSE-Public-Domain
@ -36,7 +36,6 @@ Patch4:         readv-proto.patch
 # Make linking working even when default pkg-config doesn’t provide -lpython<ver>
 Patch5:         python3.8-compat.patch
 Patch6:         swig4_moduleimport.patch
-Patch7:         restorecon_pin_file.patch
 BuildRequires:  libsepol-devel-static >= %{libsepol_ver}
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-devel
--- a/libselinux.changes
+++ b/libselinux.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Feb 24 07:42:25 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.5:
+  * check for truncations
+  * avoid newline in avc message
+  * bail out on path truncations
+  * add getpidprevcon to gather the previous context before the last
+    exec of a given process
+  * Workaround for heap overhead of pcre
+  * fix memory leaks on the audit2why module init
+  * ignore invalid class name lookup
+- Drop restorecon_pin_file.patch, is upstream
+- Added additional developer key (Jason Zaman)
+
 -------------------------------------------------------------------
 Thu Jul  7 12:16:45 UTC 2022 - Johannes Segitz <jsegitz@suse.com>

--- a/libselinux.keyring
+++ b/libselinux.keyring
@ -167,3 +167,139 @@ et3lz04U61v8ajHBqX/pRfPtrraNnvAM2knD3E58Lf95f/nr7p0tV59EWP8s4i72
 t4zhuhOJjZ2YaPVALQ==
 =UVQc
 -----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFMyh7gBEADHbVdNWxivgqISiinIAE7gOl9vFemvnqfzn7hdfw2y02hUzojd
+0HzEJsyqxGBYHpdNYoiLbCYNubMDA/Xd0Att2D7fIAuNFo3gnKEm27xLSzjC02bk
+h2Pxp9d92dxPXsk+zDvY74Vwem74Yon824ESurH4gTK/HsiX2Y+7+5z3Ep07xC7p
+IA0RzD3zlKhfT9dpS0QR2LP1utFcT40eEjSZY8QK3iKapNtyvIrpKpkWx0tZTWwX
+F8IoL9MzJBi5L/pS8fyUOkyBVIwdRXLNuX+sle+llH7i+6DWsWHEphiZ3ObiXDm
+iXKBu/I0useEE4K7TmOLqqeEZl+CTU6YWJLPpD38pq+p64TlAcT7rZSmRUr7zY0a
+X1gsXqm7e95Txm6UYy3Xth1jmZ0PuHjCBIvy8foxZVKGsR34ntAYcZzZhDca+J2S
+WyL/YcQbSFhad1N1ZpCXj4eYGQIg57b1OLrabopdSQ73s8uGdS12aNQKcehkAvKs
+Pab45Qxk7PWGNXuvHGYFCvedl8Gh/MUy3UqlXE58GBob9ldB+7eaO5VgR0GydSFO
+cbRDDpXBdWbsq4u0BDT3uB4FZTqYC3i83NFdCSppxG6aXDl4Hux+Fq7FcjFV7scw
+e/ndpnLMzj0oSyOmq6GZfvbZKRbyPztYxrEIoDw1mgvJQhm2AnfnhoOWVwARAQAB
+tCJKYXNvbiBaYW1hbiA8amFzb256YW1hbkBnbWFpbC5jb20+iQJXBBMBCABBAhsD
+Ah4BAheABQsJCAcDBRUKCQgLBRYCAwEAAhkBFiEEYxkc6UGDCYaJyrjbfvE37JNb
+Dq8FAl1mIt8FCQw1xCcACgkQfvE37JNbDq8mKA/7BnUyy3K0nEboJfXKP7mbI7vH
+hnDYP9ojwi6Lv7BJLOGNVmHDrZa9HA8uzH7AZIIf1XLOWd+bABqHETETElckXK+x
+gtE9GUQO0DQRVH2gCyJUaLtYgK/VD2GRXLlFRUA81XLmU0pNZVIRL6u5P1RbHjdd
+G01NgzH2sDKtmAtIashj25YD5m2RukTDfGYDMujjxR2bBRp8QnNiDHp93pYmF6oR
+iElJKrUOhBS7Mw2Cuy7GhcvPmFsUY7o/Kq+4bu9DzZOMrPTmVQMF//PV5JChWCou
+Aqv1Qybrt5I4/OzOVX+9bID7xowueMbTlak/1yqmgGNmFA5jN5XDuwZxoOX7F/m2
+ITJPRADEvZZLNF0kdj4zcLvk+/C8ofwcPcltO9SmDYwi3aKuMifVHqQnaG+Tu4qI
+okSA+Vngamvy0BFBLjjZ1DZhRBS4GELzprzQ4brBqmdFnwtGnc3GOHK5Q8teZeRW
+SbCh1u7CNBNXIdnTX5VlGonxjAO27ISDP7oaQyiJetnMy2W2qEG1DIDnLJtlPwDR
+UFO5kBHdJSnuTnCl20XUADeH0tx4jHAAYcIyx0tvJCuOWylMG8yVadxS73IA6a9
+GA+fOku9XBh4eP5vIoMRfuVwDDu2y2n5J68OCfshs3JllGImrWUzR8hpZmjXmpAZ
+VjN4Ft83ZEvUEntlI620NUphc29uIFphbWFuIChHZW50b28gRGV2ZWxvcGVyKSA8
+cGVyZmluaW9uQGdlbnRvby5vcmc+iQJUBBMBCAA+AhsDBQsJCAcDBRUKCQgLBRYD
+AgEAAh4BAheAFiEEYxkc6UGDCYaJyrjbfvE37JNbDq8FAl1mIucFCQw1xCcACgkQ
+fvE37JNbDq8dtA//cUEBx8rIvXyO14TcUu5o3Cc2DRhFxLwVIPOnw6cfZYhRrIKr
+2wegsllvV4vJ+KJoIBvlw83VAunHt07N2+hF72LM6qPWkX055gY5PkFSGPBpybZk
+oevE9rI+8p7aOqu0Qns4O3juDMava+nSnHjmZCJO7wnjrkGC57eBwI7Z3H32EFIU
+b+IvOivBFA6iSeXkmEg1ub3iaA2vXdKOGDfoxrEjSJWt04q8VDUmtscKRkRrc1AX
+XToVzcSd4w8C6j4tlOk8DbCLfyf8M3cDeETzyD6ICYWkSN1OxYFopNvsty2L9xQ2
+oTCp/1CjJTO2mxOY7K75vLr8MNYnVrYPzCruazt0YetOY74raTMFhnA6mQapcM+c
+L0DKylIOHra/jSj7WQCy/xujMWZKDg8LfcfTuknSFPXVL6s95TYwBayRkVhFs73c
+Z5Tpk4dAxSLZI040uExlFmzqwaMRoAhLJShhe/QRGu5rBnjtaKRYl08Hnb2gLc+0
+LH1gsGIvrsB89coa4y5Grues0mw9Bbk5tjGJHWlSgGG6NPds/L2RWCsXgkb4qn6p
+Prsq6dyA8qp7O4LiZkzvKpFxmpO3ggIeIh17N21piUs9awnFySLR68gv0E6OnLdL
+s2fpRYclaw2DxS4WHloWfW2MoV/b4K+GzovlVGAi19gwzBVk1uHneB504eW0IUph
+c29uIFphbWFuIDxqYXNvbkBwZXJmaW5pb24uY29tPokCVAQTAQgAPgIbAwIeAQIX
+gAULCQgHAwUVCgkICwUWAgMBABYhBGMZHOlBgwmGicq4237xN+yTWw6vBQJdZiLm
+BQkMNcQnAAoJEH7xN+yTWw6vzScQAMABgqR/v0b/Cj/qhUGhW5ReUoqDGkPTWqT/
+ZJHoEtG21v8zmFaGJSw0hGzR8LBKPUcBIgcoe4ahPoNkD8ThvY/FgNV/VbjPmbwM
+QqCEy8J3ZR3Tgrv03SGhW4BbWPkLwKEsXQc6hhvJxUMo35ORwUX549DrKb4/jSZs
+6El3ONkeyeShnrc8dtKZeL+w4p01WbZ13Z4cwhM9bEsyMDVSv64y8QQZXeK8V0lK
+jMbLNywf39AjjHKAo4o09hL75/BC8XW9Eqi5IKGRD8uWdvBB7o+xaAVY5WBMLQqL
+GEaXvcc4r7tod17At0E59OfBQyJpp5vfEZXPzmkjC97iIXfUzhdqfuuEBfkfoZc9
+aqBo0chedltXatlwHbr1BZ2zP/LtIPH0+G8/t/iP/KoKWMUXzqPOQmK9XP9ryDvN
+HCMogbDMAOYzbGAvY9+eDwW1Oc++eMRrRmbPxY5jRShYMYxzAG3iYEUST62Pxxu4
+tNzYdKc1t0JZHx1S+9jVTpplGuUnRbcLbrwaoqVxmikCdSHbZ3Q75NizFr4zC2n8
+VXj7WNHiCVh4E2hD/aXINbyFHfaukojVVSe2NjSHaCQx64CJbFKeaks25f4+m9GR
+ZPTceAlYub9A6lcVlyugdAI0flQCnjz3gOye9CoIWjloOzfH7RXpKol7BrnBISme
+L9kh6fIduQINBFzabgEBEADm+3+ZRXtW1Y7KB0QO3iG6tXG0acc95bh2rO6djhP8
+xV4vV6a6hI691SQorLxKCjpZSzshczJlmMZ3SRuMh7VSefc7w59ElBLoWDhuEKs5
+c3gtxAmzxICWNo/IJnnb5h1s3hG8kmPzKdaskdbAttQq4YGk2GAYS9LvmKLPwAu/
+iSaGfAr7RJPSQxvW2i2y1OdhF4ibuVJT1TGa8z1IsU8rf5Ybx1AdkjPnazoE16+j
+rs763tnSzT3kpJeymMppkHMJIkO7u7D4bDR+qi10EsfF0inzmhimH5k/ng87+qi6
+UwryvUorJPSbjRLq/n07y2LDwkdOrW3XsLyU7RAfgZ4FUfvpUqkLZqB+GmgVccsy
+2bC/T7JMSPZsIlk/KysIl3kK2wg7oNRKJqtMTPhpzEiIGaEjJNa1S7c8jswSL97y
+/S/ok8iYaluHTSTHMJrdzriSP0irWzC8MJJNcUZgsP2NGWfjc9l0VlMqOdyW1mtf
+PXY+uONeAlM8x5KwMJ/r4nsixodozkI7BOx16F59fjMfc9ywZH3o/rNOoG/+P9rS
+ABO6p/zg0e8uNyAE2KobjAfvWxYLoaT6ngYbXGgC4E6DKjnxI3n0EEMjdfALzcmK
+SNiYtxtUQ4g3rFcOxt8U43ObZO85yuTI8TCQT+03/vLzzMOTTAfwn3Slu8ORsVq
+tQARAQABiQI8BBgBCAAmAhsgFiEEYxkc6UGDCYaJyrjbfvE37JNbDq8FAl1mIxUF
+CQKN3hQACgkQfvE37JNbDq/P6BAAlt4eEQcxin9m5eayHEvnSgjYk99FT1asgfqD
+z8d6qVBTKsFxNXvm19Ps294bD2oO02hzScyVlY28dKH38MkGOmslxkMB7yO/6vAh
+/d1IixZNz+dQeWtb7XmNySj4/AVH8ODRK2gs0rVrcAH5gsjWlgBFzywmdODFE5iQ
+VH8OJ6msT00gvkkvKaKU2K0q7A3DOGTy9Lzk8A3co39JzzR8E44kgJzLC1JASuoL
+1LaIe5Fg8VMkDpr5Uchzi2NnaXtuaNNerappRf9Jrga54vQDdAmW02NCcea4Oj4O
+zKpC0bOU6N50HsmeQjKEk0sgJrIKdg65k8rlrF2uQl0wBsy9EyWgJgL0rPYOceD6
+d6yEfy9i3G8fPvzCIoBUntZHGGpHDx8ZpYjP2qhg6Vj/ultHfQBk+A7D4V+NU2qy
+4+RSTMyIJjUAAgX4WWlxipuy1mRnfJGf/ZuLBAOVST2Igtk4E6cKNagCv3vJEfJi
+aak8TQhi/Z9hFsHpN+RhEldqaPOd4yym2iKnoYX98wJsryrsZc2tHIwGQXi+lkNe
+cLJYokWXbKnLdlfwkWrziTFAAekIBdQ2HrhXFq9EdfIWgv4PHA+goPXDjIzyhFD2
+5D5NX3YxUGfMWzWyxfg36hJAjbyv/wcdPDJVaYGxSK2Dap4KZOGA+L0lE0mLZN+T
+28FSbHO5Ag0EVCGdywEQAMzu5hN79Cwleh7TvQueT6WjsajCVZ8wm4JfZ+D/uCmu
+V3z9TKIzJ9TyZ1qAhCGetXUvocq6ZCq18Zii/qBDmfN3e7RvcNrcRNuR51frgPIt
+HGHFnjsW2vaVnIARJyHOtKYW5u7m2tUa9JMHFpzRqwNiu2nFw/LZhfO+DeAjAMd5
+1mdJSCuWww7l+xZWQPha1pyxS6BQCB8qC4BOTdW2EkBSIUAaucHX3iaiGQINXuFG
+OUVcsPhtcsmmDzqD8JuxuGfzit8LZ4qauh+CeKsACt0fRWjGsSO+veihOaSUxv6N
+6jwvOO1oCZzA5lI2zN4QQQs9JPmSt+W+ePBUeCFOCT5lELu4+P4WWc9el6LhHj/O
+fsMongI6jvpGWnirzmw9joLKWMaam8MT2S1c9nmYtNramI1lzeJWYU3VFgJpc5DZ
+klb6IROb0oEgmbUSIZwap/MB/G9N216mr3V15AKEnt4vqu6ol0CKB3jrMafGCDrH
+UIoOd8FCwK1VBRWsnjKLXa+mgGCaWSPau6hcvOuV2/Zq6s77iaQQ82+0qkdno6l9
+nhdmZsLxnZuGOUfwtn1PFdjQ4/3/mgL0KxloqSwdMHpgancOMT+tJnebOCGg/iFC
+yXSSNm8zek/lREGevH+3AUIKTY3JhfdvG7qo3zW7u+C0QlFnrj/pUSFs6JMW3hMB
+ABEBAAGJBFsEGAEIACYCGwIWIQRjGRzpQYMJhonKuNt+8Tfsk1sOrwUCXWYjCQUJ
+C0auPgIpwV0gBBkBAgAGBQJUIZ3LAAoJECu+2csaaO9VpE8P/2FSNpVsqHNxejzF
+JYRjpbsOOhIUj/wovCTz9q7nvbGxd2Tq4Cs91aXPmjhZhO/9q+RySCDFKsmmxx54
+nyC6nZaxN4XAvxi5CVNKYdSq+WfuVuex2czF4l9irFYZsrAxxBdQeE47zJNKDEKL
+kMnonGBxeJ3NBJWB7HOSsiz4LARfYLohOAqAd500ek8tAHpDLopsD6YQxZv+zgD2
+SzqaQYLtL996OE47+WnZpFVdmnj7JFCfJbDi7w+dhlf/+HPf+r78TQPpl1btlfeE
+kSyQr50XRLw6ctJGA62Co7eHVIMDvsidTUo2yMdUQjd9huepSoIq0spPF5yX79xK
+6KdnjpkPvmgN3XqJUQVd+JlIEGisMmn01Bz5OeJl0OkWO5aIIJ93pisU7sJJhMw7
+YsZCovzguqFXNnI/nus9SNRtrvMTItiDkOocrPfEff8IpJ/956iZPH3bIaez53gi
+XSEvaZXbVhyVYlbVW2Wgwkm/64K4G5+9cUguTomIGcDovXuEHSg0n3QnZ2FFjfsv
+VwQ38G3abEErF7APDx36WUJ3GbA2FFr0xqmHN1YQpObIcepWwkXQUCC7CHLQWRcl
+CnYvSgtX/pFJ3qt+rrL0vMhosBGGIUJORadPjABPugG5Nf/WV64pBZHOq9A5dZKM
+OJg2vpgqVi3YlNHG66oE1oSupFVzCRB+8Tfsk1sOr/zyD/9rLFX27Blv1D8DjqV6
+P9IzWR/YDC4AhYG+fdllq4+N/XO2gG8bYHlbh+rd5KHrCn/t3OYg1xOAqdO8lCqP
+1jhkjbOdw2aIsL8pdh7/zZEwPXFCJREWWa30a4IqfvQG2f+kiPBYOtMFy5dmZj6j
+N4mD75jbU6Nfhlb2UX7L0T0wLUtOOQhrlqBfXNKASbDAOn5zrvtz0tjRMcE7xPsF
+o9/3x+/xElkLkJnUzF1LH/n6T24ZseBqB6WNCPi9nqWbx1AGTK9jeWDjQJ1/Nvj+
+YX6PPOfwpZquKvLi6ZiS5nR1wssz9iv93iL78o90Hd/z0wM9Dimi5njwEyl3Eocf
+ZbpATMt8zWVDNxmrkYT33PRYy9V7G/O8aJnTkuSTOglo7akHMlJEhYfDLrmZtQnM
+X2H5A/vO1JkJntC6kG7mIKn2q2U8CSYwfMqdscYDEHXaKTSPj225S6Xskw9nSuj8
+HcboihKRosViuoX5NLF2Wu/hXryd0grv0WgHjpuqClQbMlmsd1mcVThzh84KLSlu
+QgkabK3rbvDviEOOQ7fxfTj1MR3FzfYovY4TVrO8fjTAk5Rj4f/nlcgiiaCpQlFl
+wTwcxDBL1s6MXv7aoAzyqpTBQ6vSFXWK5Ur+7roEkTAUEj8akgmxC9JzJqComHrw
+vebSMV7XavdmfCvUXszFeQ/jNbkCDQRTMoe4ARAAz6Zr1rgM2fwNSuaOM9jmYRkU
+GM6km1DIDLl/PiFJ/54jGn46pX5nQE+oiZ7Dr4hFIfxn8eEwlQVFGo0lzcNn5JP1
+RGJFdAfLamTmaKrXl1cWayOtTvouuKfFEXH+BC/pPyy87tNiCki0NkzN59j8Plcc
+ZZ0LRZWsyhLSQcBQh5xkei9Zvaen+nPTLSg6eIF1hFLoSa8lPZqBX8D2OMJxutKV
+umhlO1DPzRX/mIpo0LwiYYu8/CX3ptaBMrrlnk7rZHIVk0vDjB0eVg2DEt+vEU3k
+5FQkV/1RYgSlBA0kP8tgKBrve1I4KUorJLAZmX5i0BRrzAqpL1DWdhR+9IpYRKae
+a6PYjBMghkWRw7st0XVB7x/boZE6eKswaxywGoc0kw3luR1RpF3Gg95N+2hfHixQ
+1OhoPeqzQ+3AHlkr/vbhjtakkiPqLfuk+Ux9B6MISIeuWF/EKtyurWyDMTryKOgg
+tj7YuTMtaDV7r8gLbOlMPpGGjBiBh566GR1SKDAUNGlGzp1dKOhWXVqaMwFt9Mja
+y8ESH6hEJreQx2Q6R6XgXzWysQqM0RBMXh8p8yEV6mr3Ma8lNJM45tmOTfrazlrm
+9PM1kzV646J72mxXr6qr4Q1cvr+xJQdvbXOocdYMmW/R+f1tPcvnlRkMyB7wzEtS
+OGi9G6ErhhvNUSoZtlUAEQEAAYkCPAQYAQgAJgIbDBYhBGMZHOlBgwmGicq4237x
+N+yTWw6vBQJdZiL4BQkMNcRAAAoJEH7xN+yTWw6vfCkQAIxkDpI+rVDrstPN+uoe
+pfnaOlYCBVrzITIG+HYAeGj1nuZHMeg2AztVoeJ9FWq9z2xVuo4GIFyfFggZMEVS
+Dyjgjojq0d8jEmOaUKFNnPMAAErGJEVHmQSAbp67lkwtcHZkkWgXKQ9FLx6z17U0
+66H4svf/RTNiAxqgFu5UdLgfxULbnvoqI6+rWYggVWdlbm2dmoUwLRJsQrI6GMBS
+jL6nWwu8tAQBk9Vzo1nj0l5M5i0R/PhbcsnUynlWxBVCGNxnMYydNbjpzNC2qnSy
+ibyx0exiJM5HjYlDy82yr4LI9iN28wKmSxTOvCHN+QaQZ5adlDquhGwFm8TRRsm1
+FDsVcmrjPTcGUsKfIAOyeiSHZO2tMU/CTvEYRNw09geVeOvIwNSXS8oblC1b3P1j
+UP67CKVAYBnBFx7bMujlGyNJY8jGNEEBrDqxfYEAIEhyKNd0tWc86B1tqz/ArRvc
+XfPof/cQcFVHpfpJ/NS+b4KrRvJHzV884N709JmrFZVVAR/2I/GmZ0wdCmBoZtH8
+IpwyMey0HIfa5dOtZw6jAAB5mkCBEs/P7VPrwzTpXcPBKFfj1R/iqpT7YvNk8Gh
+l4xDVhZI8IpQ7j1RtJoULvAwmH0z/M5kS2N0ADxEo3mPgm1CaFudP4JijV3HX7Rx
+IuOUseqwzF197kqA16in1P25
+=f80i
+-----END PGP PUBLIC KEY BLOCK-----
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libselinux
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,9 +16,9 @@
 #


-%define libsepol_ver 3.4
+%define libsepol_ver 3.5
 Name:           libselinux
-Version:        3.4
+Version:        3.5
 Release:        0
 Summary:        SELinux runtime library and utilities
 License:        SUSE-Public-Domain
@ -32,7 +32,6 @@ Source4:        baselibs.conf
 # PATCH-FIX-UPSTREAM Include <sys/uio.h> for readv prototype
 Patch4:         readv-proto.patch
 Patch5:         skip_cycles.patch
-Patch7:         restorecon_pin_file.patch
 BuildRequires:  fdupes
 BuildRequires:  libsepol-devel >= %{libsepol_ver}
 BuildRequires:  pkgconfig
@ -102,7 +101,6 @@ necessary to develop your own software using libselinux.
 %setup -q -n libselinux-%{version}
 %patch4 -p1
 %patch5 -p1
-%patch7 -p1

 %build
 %define _lto_cflags %{nil}
@ -150,6 +148,7 @@ install -m 0755 %{SOURCE3} %{buildroot}%{_sbindir}/selinux-ready
 %{_sbindir}/selinux_check_securetty_context
 %{_sbindir}/selabel_get_digests_all_partial_matches
 %{_sbindir}/validatetrans
+%{_sbindir}/getpidprevcon
 %{_mandir}/man5/*
 %{_mandir}/ru/man5/*
 %{_mandir}/man8/*
--- a/restorecon_pin_file.patch
+++ b/restorecon_pin_file.patch
@ -1,139 +0,0 @@
-Index: libselinux-3.4/src/selinux_restorecon.c
-===================================================================
--- libselinux-3.4.orig/src/selinux_restorecon.c
-+++ libselinux-3.4/src/selinux_restorecon.c
-@@ -623,13 +623,13 @@ out:
- 	return rc;
- }
- 
-static int restorecon_sb(const char *pathname, struct rest_flags *flags, bool first)
-+static int restorecon_sb(const char *pathname, const struct stat *sb,
-+			    struct rest_flags *flags, bool first)
- {
- 	char *newcon = NULL;
- 	char *curcon = NULL;
- 	char *newtypecon = NULL;
-	int fd = -1, rc;
-	struct stat stat_buf;
-+	int rc;
- 	bool updated = false;
- 	const char *lookup_path = pathname;
- 	float pc;
-@@ -644,21 +644,13 @@ static int restorecon_sb(const char *pat
- 		lookup_path += rootpathlen;
- 	}
- 
-	fd = open(pathname, O_PATH | O_NOFOLLOW | O_EXCL);
-	if (fd < 0)
-		goto err;
-
-	rc = fstat(fd, &stat_buf);
-	if (rc < 0)
-		goto err;
-
- 	if (rootpath != NULL && lookup_path[0] == '\0')
- 		/* this is actually the root dir of the alt root. */
- 		rc = selabel_lookup_raw(fc_sehandle, &newcon, "/",
-						    stat_buf.st_mode);
-+						    sb->st_mode);
- 	else
- 		rc = selabel_lookup_raw(fc_sehandle, &newcon, lookup_path,
-						    stat_buf.st_mode);
-+						    sb->st_mode);
- 
- 	if (rc < 0) {
- 		if (errno == ENOENT) {
-@@ -667,10 +659,10 @@ static int restorecon_sb(const char *pat
- 					    "Warning no default label for %s\n",
- 					    lookup_path);
- 
-			goto out; /* no match, but not an error */
-+			return 0; /* no match, but not an error */
- 		}
- 
-		goto err;
-+		return -1;
- 	}
- 
- 	if (flags->progress) {
-@@ -690,17 +682,19 @@ static int restorecon_sb(const char *pat
- 	}
- 
- 	if (flags->add_assoc) {
-		rc = filespec_add(stat_buf.st_ino, newcon, pathname, flags);
-+		rc = filespec_add(sb->st_ino, newcon, pathname, flags);
- 
- 		if (rc < 0) {
- 			selinux_log(SELINUX_ERROR,
- 				    "filespec_add error: %s\n", pathname);
-			goto out1;
-+			freecon(newcon);
-+			return -1;
- 		}
- 
- 		if (rc > 0) {
- 			/* Already an association and it took precedence. */
-			goto out;
-+			freecon(newcon);
-+			return 0;
- 		}
- 	}
- 
-@@ -708,7 +702,7 @@ static int restorecon_sb(const char *pat
- 		selinux_log(SELINUX_INFO, "%s matched by %s\n",
- 			    pathname, newcon);
- 
-	if (fgetfilecon_raw(fd, &curcon) < 0) {
-+	if (lgetfilecon_raw(pathname, &curcon) < 0) {
- 		if (errno != ENODATA)
- 			goto err;
- 
-@@ -741,7 +735,7 @@ static int restorecon_sb(const char *pat
- 		}
- 
- 		if (!flags->nochange) {
-			if (fsetfilecon(fd, newcon) < 0)
-+			if (lsetfilecon(pathname, newcon) < 0)
- 				goto err;
- 			updated = true;
- 		}
-@@ -766,8 +760,6 @@ static int restorecon_sb(const char *pat
- out:
- 	rc = 0;
- out1:
-	if (fd >= 0)
-		close(fd);
- 	freecon(curcon);
- 	freecon(newcon);
- 	return rc;
-@@ -865,6 +857,7 @@ static void *selinux_restorecon_thread(v
- 	FTSENT *ftsent;
- 	int error;
- 	char ent_path[PATH_MAX];
-+	struct stat ent_st;
- 	bool first = false;
- 
- 	if (state->parallel)
-@@ -963,11 +956,11 @@ loop_body:
- 			/* fall through */
- 		default:
- 			strcpy(ent_path, ftsent->fts_path);
-
-+			ent_st = *ftsent->fts_statp;
- 			if (state->parallel)
- 				pthread_mutex_unlock(&state->mutex);
- 
-			error = restorecon_sb(ent_path, &state->flags,
-+			error = restorecon_sb(ent_path, &ent_st, &state->flags,
- 					      first);
- 
- 			if (state->parallel) {
-@@ -1163,7 +1156,7 @@ static int selinux_restorecon_common(con
- 			goto cleanup;
- 		}
- 
-		error = restorecon_sb(pathname, &state.flags, true);
-+		error = restorecon_sb(pathname, &sb, &state.flags, true);
- 		goto cleanup;
- 	}
-