From 6c8f2e60ee49e455e02bcb5e9f6cad1f22af7bf16d6dcf55b14cedf346718797 Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@suse.com>
Date: Thu, 13 Feb 2025 15:04:34 +0000
Subject: [PATCH 1/7] update selinux userspace to 3.8

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=100
---
 .gitattributes          |  23 ++
 .gitignore              |   1 +
 baselibs.conf           |   1 +
 libsepol-3.6.tar.gz     |   3 +
 libsepol-3.6.tar.gz.asc |  16 ++
 libsepol-3.7.tar.gz     |   3 +
 libsepol-3.7.tar.gz.asc |  16 ++
 libsepol-3.8.tar.gz     |   3 +
 libsepol-3.8.tar.gz.asc |  16 ++
 libsepol.changes        | 467 ++++++++++++++++++++++++++++++++++++++++
 libsepol.keyring        | 110 ++++++++++
 libsepol.spec           | 130 +++++++++++
 12 files changed, 789 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 baselibs.conf
 create mode 100644 libsepol-3.6.tar.gz
 create mode 100644 libsepol-3.6.tar.gz.asc
 create mode 100644 libsepol-3.7.tar.gz
 create mode 100644 libsepol-3.7.tar.gz.asc
 create mode 100644 libsepol-3.8.tar.gz
 create mode 100644 libsepol-3.8.tar.gz.asc
 create mode 100644 libsepol.changes
 create mode 100644 libsepol.keyring
 create mode 100644 libsepol.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/baselibs.conf b/baselibs.conf
new file mode 100644
index 0000000..3b862da
--- /dev/null
+++ b/baselibs.conf
@@ -0,0 +1 @@
+libsepol2
diff --git a/libsepol-3.6.tar.gz b/libsepol-3.6.tar.gz
new file mode 100644
index 0000000..8b64a92
--- /dev/null
+++ b/libsepol-3.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c9dc585ea94903d784d597c861cd5dce6459168f95e22b31a0eab1cdd800975a
+size 509100
diff --git a/libsepol-3.6.tar.gz.asc b/libsepol-3.6.tar.gz.asc
new file mode 100644
index 0000000..6738838
--- /dev/null
+++ b/libsepol-3.6.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF
+CNEEfg//aHKtL3/mMdGCf8nJDizS0WisFmw3wx+z6R2r0Zs6umouzv9YgjmL3pUg
+LRrSgSyqYAZKXipooK0vyXhhZOnOh6kmOY3sEjR2I+4kwWQx7IzN0DFO7p/NVUo6
+GnNmGmxFhc6mEgu6926D5ACyigoB9gysyZcQxjWGQyrRM9oAlw2bBuvN+pyic+g/
+hX7KcHgki64nNXA6dfPkoTzKE+wQ83Ni0uQmo6fzNNf+XVrb1Qw6IL3cj52Iocja
+IB91wOjSJ3WyCdYxuZ2UZu2FBJbS7DNFQCDwIskdecX2gsTrrjYF2spKK1+9Uiny
+I4nt+9H7rHg/bZltnWIMUekBKKO58DmZziJ6oEUkHkc4vRBWrNJP74DHSPSA617v
+q6y7RBP8bavehOGIfqvQ7ChXxGzGXwhjpchAOAQJ7gPEXzqnI8UgzqoXKZ1Pnyod
+mUfteWBLuJlmyPcJeZ1wXBFo3G8l7ec/3nOwZ91Fn+Aw0Tx3/HS6Sm7GOYhI/uqy
+TMk29w2tpL5LS7XEQnYgxzLEY0EH4QXHuVrR08zKbDfX+UnVSePzSGqNdaXfJyI+
+sTz9d0Uaa3LK3wucPFAGTJyeszYk8FuQi7JMfq4jh3GPtC7qCwKCkrgwPQpB1coo
+WKgd/OodA2ZzTkjT28DERI7adUYjfDxXb7HQr/oW8poWePoD7yA=
+=D1Md
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.7.tar.gz b/libsepol-3.7.tar.gz
new file mode 100644
index 0000000..3f1638f
--- /dev/null
+++ b/libsepol-3.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901
+size 511487
diff --git a/libsepol-3.7.tar.gz.asc b/libsepol-3.7.tar.gz.asc
new file mode 100644
index 0000000..5dc777c
--- /dev/null
+++ b/libsepol-3.7.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
+CNGuSQ//cFEkvjL9a7cTSPE7HI66nyYK7Kd0qj9IZfZ0356U8tC17FwBgHs4PGd5
+o2k7fMBgF9cK8Eycj5JHeu5XmyfVnn+opWn+T6K8UeostDSLxSgqaUqQ5HxK6e0E
+fR5NOR/SgNs6NDZPTAp61nXPVpUng0+N73FLDAyU9Yygy3Y3bF89elLzL0M2l9lB
+CrKv79F5WSGDG8h5YBmXloCBFiT2pzSe3D1Yse8eq34AeJAoVArz1KgQgU+dBVjW
+cldkFvzvCnOkuEoFW5M4dRpc8MEXChRVEM0RmGnzamxIpnK99qN/dlgDe3sTCYi7
+Sl42IOQuFsbVVo3Tk9Nx61oQuoPqWGe+V61ZlOTryawKm84svJ6aP74E7x0bT3KD
+V1964Yw+SbPqLYXTVHG2lpBvB2O79XjQQ00AZXys7d5b2CAallNXwTeK0HrcUT5T
+CzsBCEX4i/PLxJte6MNTIbCC4lMiyvf6AOUpus949m1WEQCtFDv/3fyHfM91uA5g
+TsGzkupwqXGepDSFZyU5lyhsCup2VC/5qh9x4zhAs4SoUb/JLTpobwiW4TwBy4mp
+xijH5y7g50u3y1k9rNcW0wNDMot+ROOdTwCRqyAzpC8rzfmaVhD7qcu4zry2CeI1
+AbGP1KH319s1Ae7wygj+/xGAiYHKR4NwL/SgdenNV4xsw/sn2gg=
+=YJy0
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.8.tar.gz b/libsepol-3.8.tar.gz
new file mode 100644
index 0000000..ee05732
--- /dev/null
+++ b/libsepol-3.8.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:844fbdbf02334b9ce03833ad8a671053f67b4076d72db4f03e0ee2665ec2eb55
+size 513780
diff --git a/libsepol-3.8.tar.gz.asc b/libsepol-3.8.tar.gz.asc
new file mode 100644
index 0000000..ec97c11
--- /dev/null
+++ b/libsepol-3.8.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmeaa/0ACgkQzcroySfG
+vjEtfQ/+N7svYoFdJeuqnwRIQyw7QcVwsKiVKBN6HQ2IS/JCKjQktBbK49chNxVM
+kNaJguPr6+5XF6c2fMVNNEoEcaLE6yhLKVx5EwccK280t0VNZZKuu8thffSRu/ws
+rFrWj/YPSZrOo/d+1D4Ew8G13irB30k9G6j9Wc1veO95orbjHIWql5Xj19WwHWqh
+C+eD/6Q8/B5a5Oz44/vjvzz3WKrBL5DUXh4ZNGmLnUxVUK8na5Hwvcpt3MR5eYRp
+PN13couFsNh8aQMqDA08MzW2KnSGAXXiV42SCZOF4xJtReLUvpJPoXTkjFaUPbOL
+Jes6SMWsj/HYu/9EbjVXBb+OKtL7usq67qVN7ejVxkSooA/Ist2bQPkSW1GfWN/O
+8iWEXN/XJ9Axglbxl8/UMIYxt/xyrDXGf1v59mK8s1jCzn2mqNekUTD1z3kN3qBK
+Jvre7IMRPNcWDH1wktwvTyrS4D+wz1wysqlxcxGQA7OucqeRAwxZL2LxGrJIhsxR
+z7Ln/ZODhAcZuU3TfeYW/U6QkIAHfjb7aFn5G+V7hxlhqCetkgS+oHDsbuGf9BkO
+t9v8ewRJYyXArkr39AZaIr8aazeqd3YcJNuWfLVGnDPgr7hyGepJsNmKcYy2Vqff
+qSrj8/IOfidSepVIfviOr5KUT3WM5HcXn4C0aSmeJbl9K/75a+U=
+=7HxV
+-----END PGP SIGNATURE-----
diff --git a/libsepol.changes b/libsepol.changes
new file mode 100644
index 0000000..4a9b7e2
--- /dev/null
+++ b/libsepol.changes
@@ -0,0 +1,467 @@
+-------------------------------------------------------------------
+Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
+
+- Update to version 3.8
+  https://github.com/SELinuxProject/selinux/releases/tag/3.8
+  * libsepol: Support nlmsg extended permissions
+  * libsepol: Add policy capability netlink_xperm
+  * libsepol: add support for xperms in conditional policies
+  * Code improvements and bug fixes
+- For a more in depth list of changes see
+  https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
+
+-------------------------------------------------------------------
+Mon Jul  1 08:01:08 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.7
+  https://github.com/SELinuxProject/selinux/releases/tag/3.7
+  * User-visible changes:
+    * libsepol: improve policy lookup failure message
+    * libsepol: include prefix for module policy versions
+    * libsepol: validate type-attribute-map for old policies
+    * libsepol: only exempt gaps checking for kernel policies
+  * Bugfixes:
+    * libsepol/src/Makefile: fix reallocarray detection
+    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
+    * libsepol: ensure transitivity in compare functions
+  * oss-fuzz fixes:
+    * libsepol: check scope permissions refer to valid class
+    * libsepol: validate attribute-type maps
+    * libsepol: reject self flag in type rules in old policies
+    * libsepol: validate class permissions
+    * libsepol: validate access vector permissions
+    * libsepol: reject MLS support in pre-MLS policies
+    * libsepol: Fix buffer overflow when using sepol_av_to_string()
+    * libsepol: Use a dynamic buffer in sepol_av_to_string()
+
+-------------------------------------------------------------------
+Tue Dec 19 09:20:58 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.6
+  https://github.com/SELinuxProject/selinux/releases/tag/3.6
+  * struct cond_expr_t bool renamed to boolean
+    The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro 
+  * Add notself support for neverallow rules
+  * Improve man pages
+  * man pages: Remove the Russian translations
+  * Add notself and other support to CIL
+  * Add support for deny rules
+  * Translations updated from
+    https://translate.fedoraproject.org/projects/selinux/
+  * Bug fixes
+- Remove keys from keyring since they expired:
+  - E853C1848B0185CF42864DF363A8AD4B982C4373
+    Petr Lautrbach <plautrba@redhat.com>
+  - 63191CE94183098689CAB8DB7EF137EC935B0EAF
+    Jason Zaman <jasonzaman@gmail.com>
+- Add key to keyring: 
+  - B8682847764DF60DF52D992CBC3905F235179CF1 
+    Petr Lautrbach <lautrbach@redhat.com> 
+
+-------------------------------------------------------------------
+Thu Mar 23 16:06:02 UTC 2023 - Martin Liška <mliska@suse.cz>
+
+- Enable LTO now (boo#1138813).
+
+-------------------------------------------------------------------
+Fri Feb 24 07:50:14 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.5
+  * Stricter policy validation
+  * do not write empty class definitions to allow simpler round-trip tests
+  * reject attributes in type av rules for kernel policies
+- Added additional developer key (Jason Zaman)
+
+-------------------------------------------------------------------
+Mon May  9 10:27:53 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.4
+  * Add 'ioctl_skip_cloexec' policy capability
+  * Add sepol_av_perm_to_string
+  * Add policy utilities
+  * Support IPv4/IPv6 address embedding
+  * Hardened/added many validations
+  * Add support for file types in writing out policy.conf
+  * Allow optional file type in genfscon rules
+
+-------------------------------------------------------------------
+Thu Nov 11 13:28:14 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.3
+  * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
+    are all included
+  * Lot of smaller fixes identified by fuzzing
+
+-------------------------------------------------------------------
+Wed Jul 21 13:16:54 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
+  Added CVE-2021-36087.patch
+
+-------------------------------------------------------------------
+Mon Jul  5 11:31:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
+  Added CVE-2021-36085.patch
+- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
+  Added CVE-2021-36086.patch
+
+-------------------------------------------------------------------
+Tue Mar  9 09:11:42 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.2
+  * more space-efficient form of storing filename transitions in the binary
+    policy and reduced the size of the binary policy
+  * dropped old and deprecated symbols and functions. Version was bumped to
+    libsepol.so.2
+
+-------------------------------------------------------------------
+Thu Oct 29 10:40:16 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
+
+- install to /usr (boo#1029961)
+
+-------------------------------------------------------------------
+Tue Jul 14 08:39:58 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.1
+  * Add support for new polcap genfs_seclabel_symlinks
+  * Initialize the multiple_decls field of the cil db
+  * Return error when identifier declared as both type and attribute
+  * Write CIL default MLS rules on separate lines
+  * Sort portcon rules consistently
+  * Remove leftovers of cil_mem_error_handler
+  * Drop remove_cil_mem_error_handler.patch, is included
+
+-------------------------------------------------------------------
+Mon Apr 27 19:35:18 UTC 2020 - Martin Liška <mliska@suse.cz>
+
+- Enable -fcommon in order to fix boo#1160874.
+
+-------------------------------------------------------------------
+Tue Mar  3 12:17:04 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Update to version 3.0
+  * cil: Allow validatetrans rules to be resolved
+  * cil: Report disabling an optional block only at high verbose levels
+  * cil: do not dereference perm_value_to_cil when it has not been allocated
+  * cil: fix mlsconstrain segfault
+  * Further improve binary policy optimization
+  * Make an unknown permission an error in CIL
+  * Remove cil_mem_error_handler() function pointer
+  * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
+  * Add a function to optimize kernel policy
+  * Add ebitmap_for_each_set_bit macro
+
+  Dropped fnocommon.patch as it's included upstream
+
+-------------------------------------------------------------------
+Thu Jan 30 14:11:56 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Add fnocommon.patch to prevent build failures on gcc10 and
+  remove_cil_mem_error_handler.patch to prevent build failures due to 
+  leftovers from the removal of cil_mem_error_handler (bsc#1160874)
+
+-------------------------------------------------------------------
+Thu Jun 20 10:25:00 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Disable LTO due to symbol versioning (boo#1138813).
+
+-------------------------------------------------------------------
+Wed Mar 20 15:12:34 UTC 2019 - jsegitz@suse.com
+
+- Update to version 2.9
+  * Add two new Xen initial SIDs
+  * Check that initial sid indexes are within the valid range
+  * Create policydb_sort_ocontexts()
+  * Eliminate initial sid string definitions in module_to_cil.c
+  * Rename kernel_to_common.c stack functions
+  * add missing ibendport port validity check
+  * destroy the copied va_list
+  * do not call malloc with 0 byte
+  * do not leak memory if list_prepend fails
+  * do not use uninitialized value for low_value
+  * fix endianity in ibpkey range checks
+  * ibpkeys.c: fix printf format string specifiers for subnet_prefix
+  * mark permissive types when loading a binary policy
+
+-------------------------------------------------------------------
+Thu Nov  8 09:34:54 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Use more %make_install.
+
+-------------------------------------------------------------------
+Thu Nov  8 07:19:24 UTC 2018 - jsegitz@suse.com
+
+- Adjusted source urls (bsc#1115052)
+
+-------------------------------------------------------------------
+Wed Oct 17 11:54:52 UTC 2018 - jsegitz@suse.com
+
+- Update to version 2.8 (bsc#1111732)
+  For changes please see
+  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
+
+-------------------------------------------------------------------
+Wed May 16 07:13:18 UTC 2018 - mcepl@suse.com
+
+- Rebase to 2.7
+  For changes please see
+  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
+
+-------------------------------------------------------------------
+Fri Nov 24 09:16:47 UTC 2017 - jsegitz@suse.com
+
+- Update to version 2.6. Notable changes:
+  * Add support for converting extended permissions to CIL
+  * Create user and role caches when building binary policy
+  * Check for too many permissions in classes and commons in CIL
+  * Fix xperm mapping between avrule and avtab
+  * Produce more meaningful error messages for conflicting type rules in CIL
+  * Change which attributes CIL keeps in the binary policy
+  * Warn instead of fail if permission is not resolved
+  * Ignore object_r when adding userrole mappings to policydb
+  * Correctly detect unknown classes in sepol_string_to_security_class
+  * Fix neverallowxperm checking on attributes
+  * Only apply bounds checking to source types in rules
+  * Fix CIL and not add an attribute as a type in the attr_type_map
+  * Fix extended permissions neverallow checking
+  * Fix CIL neverallow and bounds checking
+  * Add support for portcon dccp protocol
+
+-------------------------------------------------------------------
+Fri Jul 15 14:29:28 UTC 2016 - jengelh@inai.de
+
+- Update RPM groups, trim description and combine filelist entries.
+
+-------------------------------------------------------------------
+Thu Jul 14 14:38:09 UTC 2016 - mpluskal@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Make spec file a bit more easy
+- Ship new supbackage (-tools)
+
+-------------------------------------------------------------------
+Thu Jul 14 14:21:46 UTC 2016 - jsegitz@novell.com
+
+- Without bug number no submit to SLE 12 SP2 is possible, so to make
+  sle-changelog-checker happy: bsc#988977
+
+-------------------------------------------------------------------
+Thu Jul 14 07:57:35 UTC 2016 - jsegitz@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul  5 17:11:44 UTC 2016 - i@marguerite.su
+
+- update version 2.5
+  * Fix unused variable annotations
+  * Fix uninitialized variable in CIL
+  * Validate extended avrules and permissionxs in CIL
+  * Add support in CIL for neverallowx
+  * Fully expand neverallowxperm rules
+  * Add support for unordered classes to CIL
+  * Add neverallow support for ioctl extended permissions
+  * Improve CIL block and macro call recursion detection
+  * Fix CIL uninitialized false positive in cil_binary
+  * Provide error in CIL if classperms are empty
+  * Add userattribute{set} functionality to CIL
+  * fix CIL blockinherit copying segfault and add macro restrictions
+  * fix CIL NULL pointer dereference when copying classpermission/set
+  * Add CIL support for ioctl whitelists
+  * Fix memory leak when destroying avtab
+  * Replace sscanf in module_to_cil
+  * Improve CIL resolution error messages
+  * Fix policydb_read for policy versions < 24
+  * Added CIL bounds checking and refactored CIL Neverallow checking
+  * Refactored libsepol Neverallow and bounds (hierarchy) checking
+  * Treat types like an attribute in the attr_type_map
+  * Add new ebitmap function named ebitmap_match_any()
+  * switch operations to extended perms
+  * Write auditadm_r and secadm_r roles to base module when writing CIL
+  * Fix module to CIL to only associate declared roleattributes with in-scope types
+  * Don't allow categories/sensitivities inside blocks in CIL
+  * Replace fmemopen() with internal function in libsepol
+  * Verify users prior to evaluating users in cil
+  * Binary modules do not support ioctl rules
+  * Add support for ioctl command whitelisting
+  * Don't use symbol versioning for static object files
+  * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), 
+    and sepol_ppfile_to_module_package()
+  * Move secilc out of libsepol
+  * fix building Xen policy with devicetreecon, and add devicetreecon
+    CIL documentation
+  * bool_copy_callback set state on creation
+  * Add device tree ocontext nodes to Xen policy
+  * Widen Xen IOMEM context entries
+  * Fix error path in mls_semantic_level_expand()
+  * Update to latest CIL, includes new name resolution and fixes ordering
+    issues with blockinherit statements, and bug fixes
+- changes in 2.4
+  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+  * Fix bugs found by hardened gcc flags
+  * Build CIL into libsepol. libsepol can be built without CIL by setting the
+    DISABLE_CIL flag to 'y'
+  * Add an API function to set target_platform
+  * Report all neverallow violations
+  * Improve check_assertions performance
+  * Allow libsepol C++ static library on device
+
+-------------------------------------------------------------------
+Fri May 16 13:06:12 UTC 2014 - vcizek@suse.com
+
+- update to 2.3
+  * Improve error message for name-based transition conflicts.
+  * Revert libsepol: filename_trans: use some better sorting to compare and merge.
+  * Report source file and line information for neverallow failures.
+  * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
+  * Add sepol_validate_transition_reason_buffer function from Richard Haines.
+- dropped libsepol-2.1.4-role_fix_callback.patch (upstream)
+
+-------------------------------------------------------------------
+Thu Oct 31 13:36:48 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 2.2
+  * Allow constraint denial cause to be determined
+	  - Add kernel policy version 29.
+	  - Add modular policy version 17.
+	  - Add sepol_compute_av_reason_buffer(), sepol_string_to_security
+       _class(), sepol_string_to_av_perm().
+  * Support overriding Makefile RANLIB
+  * Fix man pages
+- Remove libsepol-rhat.patch; merged on upstream
+
+-------------------------------------------------------------------
+Thu Jun 27 14:37:12 UTC 2013 - vcizek@suse.com
+
+- change the source url to the official 2.1.9 release tarball
+
+-------------------------------------------------------------------
+Sat Jun 22 01:40:19 UTC 2013 - crrodriguez@opensuse.org
+
+- Build with LFS_CFLAGS for 32 bit archs 
+
+-------------------------------------------------------------------
+Fri Apr  5 15:31:13 UTC 2013 - vcizek@suse.com
+
+- remove a debugging artifact in spec
+
+-------------------------------------------------------------------
+Thu Apr  4 19:26:35 UTC 2013 - vcizek@suse.com
+
+- fixed source url
+
+-------------------------------------------------------------------
+Wed Feb 13 14:34:39 UTC 2013 - vcizek@suse.com
+
+- update to 2.1.9
+  * filename_trans: use some better sorting to compare and merge
+  * coverity fixes
+  * implement default type policy syntax
+  * Fix memory leak issues found by Klocwork
+- added libsepol-rhat.patch
+
+-------------------------------------------------------------------
+Mon Jan  7 22:46:48 UTC 2013 - jengelh@inai.de
+
+- Remove obsolete defines/sections
+
+-------------------------------------------------------------------
+Mon Dec 10 17:34:14 UTC 2012 - p.drouand@gmail.com
+
+- Update to 2.1.8 version:
+  * fix neverallow checking on attributes
+  * Move context_copy() after switch block in ocontext_copy_*().
+  * check for missing initial SID labeling statement.
+  * Add always_check_network policy capability
+  * role_fix_callback skips out-of-scope roles during expansion.
+
+-------------------------------------------------------------------
+Thu Oct 25 10:47:00 UTC 2012 - vcizek@suse.com
+
+- skip roles which are out of scope when expanding attributes
+- needed for building selinux-policy
+
+-------------------------------------------------------------------
+Wed Jul 25 11:16:59 UTC 2012 - meissner@suse.com
+
+- updated to 2.1.4
+  - lots of updates
+
+-------------------------------------------------------------------
+Wed Oct  5 15:11:06 UTC 2011 - uli@suse.com
+
+- cross-build fix: use %__cc macro
+
+-------------------------------------------------------------------
+Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
+
+- use %_smp_mflags
+
+-------------------------------------------------------------------
+Sat Apr 24 11:38:22 UTC 2010 - coolo@novell.com
+
+- buildrequire pkg-config to fix provides
+
+-------------------------------------------------------------------
+Thu Feb 25 15:00:29 UTC 2010 - prusnak@suse.cz
+
+- updated to 2.0.41
+  * changes too numerous to list
+
+-------------------------------------------------------------------
+Sun Dec 13 01:35:55 CET 2009 - jengelh@medozas.de
+
+- add baselibs.conf as a source
+
+-------------------------------------------------------------------
+Wed Nov 11 18:18:22 UTC 2009 - crrodriguez@opensuse.org
+
+- libsepol-devel Requires glibc-devel
+
+-------------------------------------------------------------------
+Fri Jun 19 13:26:45 CEST 2009 - prusnak@suse.cz
+
+- put static library in libsepol-devel-static
+
+-------------------------------------------------------------------
+Wed May 27 13:56:59 CEST 2009 - prusnak@suse.cz
+
+- updated to 2.0.36
+  * fix alias field in module format, caused by boundary format
+    change from Caleb Case
+  * fix boolean state smashing from Joshua Brindle
+
+-------------------------------------------------------------------
+Mon Dec  1 11:37:58 CET 2008 - prusnak@suse.cz
+
+- updated to 2.0.34
+  * add bounds support
+  * fix invalid aliases bug
+
+-------------------------------------------------------------------
+Wed Oct 22 16:17:24 CEST 2008 - mrueckert@suse.de
+
+- fix debug_packages_requires define
+
+-------------------------------------------------------------------
+Tue Sep 23 12:53:01 CEST 2008 - prusnak@suse.cz
+
+- require only version, not release [bnc#429053]
+
+-------------------------------------------------------------------
+Fri Aug 22 14:45:33 CEST 2008 - prusnak@suse.cz
+
+- added baselibs.conf file
+
+-------------------------------------------------------------------
+Fri Aug  1 17:32:23 CEST 2008 - ro@suse.de
+
+- fix requires for debuginfo package
+
+-------------------------------------------------------------------
+Tue Jul 15 15:35:54 CEST 2008 - prusnak@suse.cz
+
+- initial version 2.0.32
+  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
+
diff --git a/libsepol.keyring b/libsepol.keyring
new file mode 100644
index 0000000..0da0602
--- /dev/null
+++ b/libsepol.keyring
@@ -0,0 +1,110 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f
+QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq
+8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk
+e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m
+zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk
+uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V
+CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k
+Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK
+3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC
+4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ
+xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB
+tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
+FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7
+CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G
+CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx
+tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ
+79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9
+eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf
+YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc
+g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ
+6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP
+3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6
+9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf
+6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7
+DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu
+Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI
+zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x
+2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML
+rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw
+xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e
+Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm
+YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ
+MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ
+YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC
+w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec
+8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj
+EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5
+4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90
+XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU
+5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3
++4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4
+G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv
+LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z
+b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k
+dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb
+ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2
+6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo
+hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2
+QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV
+9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg
+ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC
+APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5
+APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO
+Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6
+is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1
+/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS
+f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m
+khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7
+8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5
+XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+
+ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV
+TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY
+BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE
+LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup
+PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT
+raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq
+DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I
+V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+
+ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD
+VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF
+CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb
+96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu
+O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec
+qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5
+/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw
+w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50
+THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY
+nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k
+uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57
+c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D
+vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378
+d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0
+P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X
+QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64
+G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3
+QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ
+MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO
+17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC
+JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ
+lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT
+xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd
+7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp
+ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ
+A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB
+56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh
+z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY
+eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3
+q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh
+C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy
+BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F
+G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY
+zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x
+pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr
+6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi
+TakEPw==
+=odM9
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/libsepol.spec b/libsepol.spec
new file mode 100644
index 0000000..2ed5626
--- /dev/null
+++ b/libsepol.spec
@@ -0,0 +1,130 @@
+#
+# spec file for package libsepol
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define libname libsepol2
+
+Name:           libsepol
+Version:        3.8
+Release:        0
+Summary:        SELinux binary policy manipulation library
+License:        LGPL-2.1-or-later
+Group:          Development/Libraries/C and C++
+URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+Source2:        libsepol.keyring
+Source3:        baselibs.conf
+BuildRequires:  flex
+BuildRequires:  pkgconfig
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+%package utils
+Summary:        SELinux binary policy manipulation tools
+Group:          System/Base
+
+%description utils
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+%package -n %{libname}
+Summary:        SELinux binary policy manipulation library
+Group:          System/Libraries
+
+%description -n %{libname}
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+(Security-enhanced Linux is a feature of the kernel and some
+utilities that implement mandatory access control policies, such as
+Type Enforcement, Role-based Access Control and Multi-Level
+Security.)
+
+%package devel
+Summary:        Development files for SELinux's binary policy manipulation library
+Group:          Development/Libraries/C and C++
+Requires:       %{libname} = %{version}
+Requires:       glibc-devel
+
+%description devel
+The libsepol-devel package contains the libraries and header files
+needed for developing applications that manipulate binary SELinux
+policies.
+
+%package devel-static
+Summary:        Static archives for SELinux's binary policy manipulation library
+Group:          Development/Libraries/C and C++
+Requires:       libsepol-devel = %{version}
+
+%description devel-static
+The libsepol-devel-static package contains the static libraries
+needed for developing applications that manipulate binary SELinux
+policies.
+
+%prep
+%setup -q
+
+%build
+%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
+export CFLAGS="%{optflags} -fcommon"
+make %{?_smp_mflags}
+
+%install
+%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"
+
+%post -n %{libname} -p /sbin/ldconfig
+%postun -n %{libname} -p /sbin/ldconfig
+
+%files utils
+%defattr(-,root,root)
+%{_bindir}/chkcon
+%{_bindir}/sepol_check_access
+%{_bindir}/sepol_compute_av
+%{_bindir}/sepol_compute_member
+%{_bindir}/sepol_compute_relabel
+%{_bindir}/sepol_validate_transition
+%{_mandir}/man8/*.8%{ext_man}
+
+%files -n %{libname}
+%defattr(-,root,root)
+%{_libdir}/libsepol.so.*
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/libsepol.so
+%{_mandir}/man3/*.3%{ext_man}
+%{_includedir}/sepol/
+%{_libdir}/pkgconfig/libsepol.pc
+
+%files devel-static
+%defattr(-,root,root)
+%{_libdir}/libsepol.a
+
+%changelog
-- 
2.51.1


From 2aa20e35ed20e61eac8fe55d19e51663e4579ab36e5f6815d467f07175be903a Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@suse.com>
Date: Fri, 14 Feb 2025 08:07:23 +0000
Subject: [PATCH 2/7] 3.8 with correct keyfiles

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=101
---
 libsepol.changes |   3 +
 libsepol.keyring | 223 +++++++++++++++++++++++++----------------------
 libsepol.spec    |   2 +-
 3 files changed, 121 insertions(+), 107 deletions(-)

diff --git a/libsepol.changes b/libsepol.changes
index 4a9b7e2..ffbc18e 100644
--- a/libsepol.changes
+++ b/libsepol.changes
@@ -9,6 +9,9 @@ Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
   * Code improvements and bug fixes
 - For a more in depth list of changes see
   https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
+- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
+  * removed 0xBC3905F235179CF1 (expired: 2024-10-25)
+  * added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
 
 -------------------------------------------------------------------
 Mon Jul  1 08:01:08 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
diff --git a/libsepol.keyring b/libsepol.keyring
index 0da0602..9db3320 100644
--- a/libsepol.keyring
+++ b/libsepol.keyring
@@ -1,110 +1,121 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-mQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa/Fvc4T49tqxcc/sY4uVlGo6oSi4f
-QcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6LyYFmX2U9VRTcyITdmJs8itkEaDwq
-8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1GxuV44Ihlh6v2YyqSzDG/rZur771hk
-e8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYqOeQhxGIxDOHo7QhzTG+SlX+uQq6m
-zACKygVJJl33toaUwVAX5R02a0u67A5wC0whAoLSHInc3P7ayivWV/iESAz+gMIk
-uvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQScqA8F0x4OChCixbZGZn6Mr0u8+01V
-CEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20LGHSbjJLcnqLLFx3LDpI5dAxo5K2k
-Fvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpUmaPnMTiD5yvnFzEihM5L9DuaWqSK
-3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMtaKWf0HkAsCP0BLJcS9Oc1/0I0+gC
-4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+gi34CxWMl2Q34OSqtS37mzzBu+UZ
-xffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoyeG4J2ox9JRANZXLh/i7mNwARAQAB
+mQINBGcpEXsBEACjkf3/pxK1vKNYV5sbqoOfqlP7i/WuVtFmjStjBaQOYQCM5kxE
+L1ImKlMJ1B40WW/ocSKIK+XduZkiqtn7O8sjpTX7Z0fuTTrE2ogUtNXTNuv61SQ7
+CymDmevn0qy40/TVYFLQQvO6c7/MeP4E4R0+DUq8HQhAW2oDBoB+6fLrti9Ov07t
+jPTtkJ9PE+0d/oUnzQU95FrQuhlidbhSZIa2bV/n1UP36p7jKFG01qdqZdQqN/wF
+PDStDCOgmFVPkyDRnqFbp+EWsPnsuB3x8GLlkcdSVHjPX6eoYJSgeUeNzQlXIryP
+x+h8pp+jD/v0hNo6oHO/4/emxj15wGDvAZo4eurNHNHEB8phE7YhoUdEaewQTwWf
+BIQvTS49XGmKJNq+sskUSOS70aY/c5jetvAg9dvDWb2ZkbXIBVtIQR/nxZJZ6gGn
+Q7qqvAB0ht2BRfgGRDxtfky1SNenm2bRK2aNCJns73VyDRW5a2t+P8jgTfG2Wg3O
+G0bZAsjizuIAvWiuEKXES5lE71qVQJJydG+GbDYOHqwHqLnp69xl1QXDExc4HLF9
+avR/FfhCVHyNiow+PtQw2PY9xxME5Be6YhbZx0YR6eL2+sT1wt9lFI0LA9YBda2v
+XNBbngnHkOMIYehtCTndnuQT4xlUCN6A5pPS7nRyWME18mii26Wfj6BsYwARAQAB
 tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
-FiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZjyYCGwMFCQPCZwAFCwkIBwICIgIG
-FQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUXnPGeAA//ScQ3kJMqI6FRULXo0aF7
-CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXRBSjstWkmOXP/UqkN7bNeXH/S3D3G
-CJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kWvuBuLvUdm23cntv49gAzj+ElDqCx
-tT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK9Dt8tHriQyI410qFRMbi3QxU+iTJ
-79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4knt9E6zhegUWN6zErl2HY8FBM2P9
-eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1RUUl1V9WFEaMiLg/Z2rmbD8LX9Ytf
-YlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsqI/2XS3BTLPyjuqAYnXxrk+T/Cydc
-g4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46VSDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ
-6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCkDczs1rxd/o8Wfjo1vwRHW84jZrCP
-3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwlV103RpRUK4JidwHsmYDVk6pgeUH6
-9hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7hBj2l+pV/uzeA0akL2dkgfJc9pAf
-6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPxgEQAOBjoc5rCJOHFBUj7S68ABT3KKx7
-DVJJU7qYCxC1kzuzsGksDdEY+PdQaiNkh56MD6R+rsD49UsGHP+RIFO3D3+zejiu
-Wo3PPtItqLHpcpYKkc4Gzziff8sXq70owxWT29OyMrPyIMX2YFHZuYJ8u8STQcOI
-zICm/lJs6xkwHyTk9bIrwdg/Iwjm6YRo6xoLe0B6KE7efMDER/ehmXncnWkjD55x
-2tAttZsfRqoqeB8J10PxDSgyv8jCXLdbj37l6omh6VH3926392DRrc2fXAgZhHML
-rYIKwXkhnAp3I+HueKURQWkDlWXP4d8gVyHYt9EXdD8ZkPx8rMrGGMMh2DJpZJOw
-xuK3IrFfYb+lyOyHIyxlPsjcfHtLBB8WujnyzYMWwUsRmAGEm/6db8dyR551q95e
-Zd0cqO2xrz6u8YAO2LjCiE6X43m1ulhbf/NHcBiqWHjuEbSKRQnxO6ye7zrmPdnm
-YT4qpLrzKlFUExGt0mXaUY8MKdcaGXbvbRU80wL+MHYyCb8vWa9AzWM990LcqCiQ
-MAfk0zMq9q/oDvVotJQmWLdR2QYeRfl3m6uzeTdaYK3td5NvfQwG83MFxJhNvDZQ
-YhETwbQIVzfC2JZaJAo94VdiGfT4I4Khb8RekgJVoC4w8yByyV0zXdsobIajc2eC
-w0R2ik0V+vQopblfABEBAAGJBHIEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec
-8QUCY1mPxgIbAgUJA8JnAAJACRC8OQXyNRec8cF0IAQZAQgAHRYhBBviwP8IlJYj
-EC/SVkaViBwlRQjRBQJjWY/GAAoJEEaViBwlRQjRmQcP/1OVG8BpkRN/6m/j8hx5
-4vcofCPmWsL+CiNfE3QCOEBeWMtJEK7QTIgLFnLfXnyHiTS/CN2/zr33IcQ33s90
-XzibzWarE7P6O4oFEcUr8TAACA51KXMadRiA2SaYJE4Va2N6d41ZoV0Ser0wi3HU
-5qxw97LGdYyOrsstgxIRI/i2BRXkp2VpUBdHqr/zfe7bv82h2QNw0fZQr4jJP4q3
-+4I6gggvi23Gj8+9lOmHNXyfqzSwkkTf8GtHGC8JORVTrOizImzJq7z+9rJBgY+4
-G4RBWzhOv69njaLNuQeASVxm/2hiMmzFqpmqozN9Y+17ubo+X+m+2aWE+aln56Pv
-LxJHKwFX7doc1doTUnewg6ZjGKCGWBlqlKMeX8D038pd2gsCMhm0EA5DZkXJHP9z
-b5VSomDCLB3GhoVpifZ5Qz4dJNtl90ZcFL/LJktiwz4vgzZqLNC8MhFfPLy8bS+k
-dAS8+VcvQaDSDKTR+jHQ6wA/kJ9eYcL8C9g4czzLzVfZCoN/fcC7VEiCiDhwuqrb
-ClcQBFZsCPQEAwh4mgIMK70zPaO4rW6LbCvwBnTjY8JSBkroJ1QjXwCy8ClSE+w2
-6cXtk5zmYUy5oQaONYm+tMberKsJjvfJIGIZdaj3ZkHsVe7YzOC6M8ESKAHKp4Xo
-hXbHQQEfD9WtzFerpKWCaKTobRIP/jyXmYYLEzRav3WtoH3NCXANu0Pc8JuMDoO2
-QytHICr7zWDvk3q6LO0Y8JXD2fUegY5KM3WECF5KBBCVxdsMunN908WjAMQdyUUV
-9Q4MIg64X4WCbGUDPkTGv0mQl2jMEWpFniIX+18TmwcHSvN5RxjcnpWNOyNQuMTg
-ZKDm2uw5zwYdScWf3DDCR/2dH8yvVFhxfQaRNzKJSyTD4ChHPqy858BYgMljjnTC
-APQwdkrTwh9RSxhMZ5yhdy9Z/+EhO2/8B/kylADC4YQOW1UN670QC7rlJmUySQy5
-APWHco5CNQnqdjhrgzYJDnWCCz9z6+x6bGy5iUa9K6Gt9e3ocYPd2Gw4R7IS8hyO
-Ok/Uq7maqs+GpcWWLWzB+iGFgYZU758zsbeXvAWQAiLQHWzOfQrXepGoEjCOdYv6
-is/UovO9zMIfrIPQVlj3QIN0y0zRUHoCpPgEWHrn7KCMDhiIDt8VgGbznXTJtRw1
-/NTeBQgnmkXwx0aLM7ni0I9IrpT6JVFjip8IV24iI5nsVRSfvxUjFBQxgyujPLuS
-f/Q9BlrsopFtcnyyDSyCtBqnCmBSN0zC5hk8Ya/UnDn/5ZQZYxsbGaWkdwQ6aw9m
-khMfnnsz+QfKT1R3SIrByIEjaYYvGJp8K4utRjhOSfM6ptmCN2WVxQbhwMERC4E7
-8ZKPUtR+uQINBGNZj3EBEACsSSOVQfiGhJACRUkJZaT6cX51oA/kizOsYRAftPI5
-XBdtFmd1I8VJSopTaQSAdsyb7AVihl73mH22MOHawsKzffylW7kKGHPd02x5MXv+
-ttyTDasJT4ltqUSLByTu0ouqhu9uHvuOettCeStk1z6cx4ccutjJzmAdbpxKfhSV
-TjYwqZOVJ44bgvL3BeGBooKF4hc1fdT8PrzZN9+Xsailybuk9kX3Z3BjicikLFTY
-BOKaRLK6VuHOTYKNnUlhQnUsdy0web0XQsQa1zUbENKHNVk/x05akOz0EHBkMtfE
-LMLiu9n7PkEkIMVu41MplDkkShbawzzI/UstkZfPjiGxpvVo+u8He9x1LkRM/pup
-PnbrtmKi12FSJ9T+lNXnN7jvA25pl6dC0Z32iXKHZ0Co6TYNCtwFAUDSBGnnlvhT
-raEtNhfFP7uMRtJUDF5cM9Go++qH/iRWfzqWViNXp0CgBI3XBbPjbdAfe7hkr5Lq
-DwdnQetjb40FiCq2Fvof9foWIXlVwday2ST3ruDhe3Q+A3+uUK2leHhYr2xJxf8I
-V05RGweVvvxk3Yt7FphpUGpC6q98doA8logSVeoyF5nxpis7oN/jLMn7p5Ozezg+
-ozoQyKvnBoWifHkaHnRfjEv2nshWqA0+FCxTxnlTmEZhuZQfvroa0Q2/gIjW6kUD
-VwARAQABiQI8BBgBCAAmFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj3ECGyAF
-CQPCZwAACgkQvDkF8jUXnPHhww/7BuMq7bEKvrejKf6Wjs2owMsFiXjMe6dhNmEb
-96ANqRVankiSPn+TeL6FVJh9TJSGpD9v8fT3quikHsYDoTNLjgZL6Esx1A4k6YRu
-O8A//10kNfYVCdhnNoDZ/94iSBrDbzeg4ueZjPTHtgBb+jGWc+f7tKDsMYaqqfec
-qh8NRSujB9fS1AbCQaYkmpCA4f9l9Ti3nVQIrMXqFZFtt6sEjx7Onbi9ieADaQZ5
-/V8JQL4QgWGhhx0ccK0LVOIqY5Rp4H1kyJVeQ/rR+YIso5vBwpPJikAU+ozTnGCw
-w8Vpc359DthUAakJ22GTnc3kaj5Cp6HAugmTvsIdnEhYkh/jendSK4fUWy5cXs50
-THMiFRKJS6boygIjwGlXCf25Ip9cos50YNHogkjyOp0L0tiherFm0OGlyoPvSEVY
-nAnNmD5TZK/FnKE6rC0pe0NMO157fIbM9pxIAkPuYVRFz8NGLrZQEyIVyo7Vhb/k
-uALjKO3OjsxNA+RoZtAt24ciUIprykdY+posV0xrDCo2tM0dZcIPhfGKMljB0C57
-c1Qb+616Q2bzaaqdttbD8BdREjN59CxvKqI1gzO250n2EBLzIJ2R9v1IpUi9Zg9D
-vu0eW05kXsr83M4Z4lomvyW+pkJ9elaY525OlZoPaQi9TYrHuAHiNd0xrZqL0378
-d2veUui5Ag0EY1mPJgEQAMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0
-P1/I7SfcJU9D3wX8c4vmxkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9X
-QEuU9OtJsZn1ZJ+Ynh6i5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64
-G2u8Xtxr5yqlQJEUThV6280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3
-QhlWhHVjJlJ5hCLiktwFDyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJ
-MoADqBThf4B69BxjJ7Yg7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO
-17w1qScrOPRj6G1IXP1R5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvC
-JvPctDE6EV2vaiRy5N1fQjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQ
-lDdeHRRd1q03TKAg/byPauAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XT
-xMOjB34SzqPRWzmLPLF6YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd
-7w+/qUYbfKwO9eJOWzuUWajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQp
-ABEBAAGJAjwEGAEIACYWIQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJ
-A8JnAAAKCRC8OQXyNRec8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB
-56Cu7ElIpr74sk0R98Ia1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKTh
-z33waTru9IfLhCrRSNd0ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzY
-eikqVUYzS143cSzMEwtvPSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3
-q5OlpYxxw+X62vslZ2OMiKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKh
-C/BcWpEYSjfPpVua2oKbccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDy
-BGOAxBeiOaOnZ8vLBzy72HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62F
-G3I4zK985GtrXAHEzN/Ffd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutY
-zVE8lF+uqcduPuq/rTcUBuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1x
-pPueDBTzvoGDQRqc2eoXpJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr
-6RFgWdD008PsGxUevIDgMAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBi
-TakEPw==
-=odM9
+FiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEXsCGwMFCQPCZwAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQ+0xoW13BwT52gxAAjmac0DxofR1945mfP82s
+zBjofuMr/6Vhq0LHTl7VN8r7PP195EqzGA/c+OPSn2KCjeMh09w3n9ieWZUR6mUO
+ZKIo4516d2+LL6wDyy6QyjTtD6bWlhY3MW3KJl35zjian0jWXuHquS0hj1cN52uU
+CQ2iDVWVR63142maBe3Y6Yk0OZh+1ZwoinLD9ktq5uNFwCbHCyfsjp1adProV+D0
+fy2txGVaKlVY/yKY7QQinALxFuG42CTGO39xV/cISnOiQXifSTeepia33Q020ZzS
+QblACVO+VS4ek1bO7O90A+0zLcoRpch+7cgRl4goLFKBZdObvNEpSfQXqMoCwteE
+r9Y4DUBrs10BTAzGsSd182ioGu6xosOWnNZTtRK/ZhP49/dpDu7WzODYnxXl6pE/
+4TzDB7nhE0KBCtwOBSrlpvKdyy+6WXcaom/O9kLv9DdOH+DlZz51FoYHPQ70UG5E
+9DCOucH3fbFbV8N/XtxJylUoC9X+PCe2lZd/udK/YzSj1+KGdMGXh3ZzYQEq1N2n
+lbQil5GXm4tp3cBiii4/pGhn78h39mA15pAof9mULGTlL0YvNiGbrrnKw5hGSHs1
++hOFG28CoB4NxMpYYMbWdCiTYoo5LKpLzU9PYCUzPsDbpHS+wf/2VDW5kUiEgZvF
+leUYRFnBd3Wz6WB9ZNsHkr6JAjMEEAEIAB0WIQS4aChHdk32DfUtmSy8OQXyNRec
+8QUCZykYBQAKCRC8OQXyNRec8V0ZD/4vu4DsQwH5iHS6uFm46W1lI22B7pv5Rstl
+N3wNGx/Tjh75nQ0lZ1DaxosGm0aEhydqzhB3SBL5CRYHuUysnfW67HXlkGMWwa3K
+or5Wgfwkg+9XwyvleiOoD5RhSlc/qewgut2RS83Ol4DnUjFi5UxZy63xJRVjOMPX
+VgbU/wsXPJ2wiZph7ux75ETzkXf/Y+iRk17R3QaHfq7J8lI0PzReuvEulE6BptCA
+c0bR2sv8MeN2hrcXRXkRSgbs0HBSuYFGVYpgItQV9b7yZCfpFUrwkhX1ZoevOL8o
+Bkuidlvl0KM7R746XXqnJSh8sDxI3sFqqN6ezyGjb3sa0Td1quReaPmnenhg+6v8
+P6hkI0gf4FgyyG3jpW0Te/pXXQ/woDboyA2jmowTVDSQLUNRiLrxw94OCtAExZr6
+cX6b2LZoZ4DKLeoOFm7TckuE5gCG/jk5VFrCb28WrIqIFEA1WiBNGv5yHjPLBpqn
+B9UtD7GLBUuqVPmf+IjNYJDSEDXl4pmAlXSRNcvg5YoF4mpI2ectWbgCFnY6kocy
+yMTsESim8J70llYUiuO1D1OuuIHI7HTdqdaSabtviVnUcoM4j8LHLPwFm9iLOjuF
+I50aMusUFMP9aTSzC+nMHg0qHkjo3uSCmlcxNpanfr4qZDHronNpmN6kaXVUw0V2
+CI/pLDqk77kCDQRnKRF7ARAArgRj7ToZ65fjAuVSoAxYKdsUQu6EFkZYUsQi8/pY
+lLVY6957jlFVylV9gyncCrKaI1FqECVEy1JD1i1dJ2UE+SG01yhX+GqNw3LAx1uz
+L5GzbulGT8MlULTJUvgAGtJKXCF81rjpfhm8+vwYYO+MBSEro1dDtatknFhH39TS
+epEa0a48EuEV7LUfrSflrE/z7Z/2kUI1sMnXcduuFWO75FR4TwarlYkjl15rlJ9i
+dcURGxP/M76nDtlppIOZYpHVrzw/oGQMPt7rdkhoBrzj0z8PP46DM0SBvJGO+Bs7
+Q4QitLbHrWUahbsX2msSDOP3s0iIG7qqk0Jgl5+Sl88Q2uT7CY5S2El+HoTu6mGW
+WJBqazp2pcBzdn7EE32MV/vhGnNWYg8r8wU2vQRxQwWBRGkG1pOuTh0YyH76/mLi
+orHHAkd/hGwYIOyAf1lkN6YrPmry4U1MjWRtOewo2353svjlT7f+ZGbiXbaDx674
+C8PpHgZ8qOzLMQULIYrtOZViPRj4QZH35htFDUZqFeq2tH9osLT0tLLFBOph8pTw
+q6yehx4RsE6KARlQ0/JunOJvAeXVURX1ytHl5Pww8eCzzF2mNDuBG4+LXZ+9zze6
+elSw0gdILFmpeiKUazPb7OlfayLc/EG0r+1OjpkVEuKOEezbnRjVqCngzJdir3UD
+ZVMAEQEAAYkCPAQYAQgAJhYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRF7AhsM
+BQkDwmcAAAoJEPtMaFtdwcE+jMYP/Rh+SS0bAara89lQj8Wxy/5WcSpW33h0GdLT
+/obJi+EjtN/zW/7vZRGVB5fxNRCjH0Hx3cCu7lvb6JKQ9y8fvQ9tjyO3/JPAe1KU
+XN/r5g8iX6jJPPsOiIgtKOs7nWe2XyAqYhvxD1bvjFXpUUgnibysfTgwoWkiXNQO
+rrrQlhAga05QW6BJ+DtotVT/SPhYooQp8B+D3fBhMop34mBEXLgVk+uJ6bse+VRK
+LZUp992utQX89fflfviIp09CgQANmLwqQxlQsO3JDpk67aGIOkCuOjmENp0ozfXh
+nrlWczXWGOISGZMXcjIYGWVvSoEiTQucFUe4xiaKoE0kRtqocuoiO7z9G8WVhX4A
+whJ4DsHrySdslxqjXeiC0Om4niGmAKOPYHWfQ1YxyO7SC167Wx+whpBtYd68fa+C
+XkskMI21Qk382hYHZSi/bvAS+yieDBjd27jROcz7l6PB/ivwPfBf4mlUICF+vc5z
+SSfDXidGoU8B7UTsM1REnzF8RX2I9ECzCjqqiHsgjE0RNQbWvLBETE23q0eyiPHR
+ZvQjQgHsKdZEr0Xqg1GnRLiRWCn4l6Fr00ZcUraGfyoEP+ulQ+yP852SIE34LsCL
+TusI17P4gp2dR9eQ4mosI7J5TAL1Y+W4U8H1GeeCFgzjGExZ/xe9Is46T++A/GKp
+HkA0s5uxuQINBGcpEuEBEAC6H5vY7GP2r5FFn6mQNV/8zo/TXIOYOHC1gfOL8tbw
+8UcLqJCXMxF7K/VHmfe4ISkBn76Z1R4KCjZOYWdh2mbESB1owhb3y6p7h+4eGhdT
+YyHh6I3uPIm9dAKyKMINjOJ+iPTcdjudNWPDj4FJK72QDf+8SpT0DliMbTUyZVIx
+ohpOupmqyfKkrqvZ7ElrthVFjBGqktgLmSyKQNUr1+11+GOeydgZLiljJ8w1IdjU
+oEykeNPvASQz4pnZZGmNNlnuc/27gt98kwqBxyVGB/7XcJ5Jol9UiGMmXEZUuSWg
+Txcls56Ha+Qrbnt70F6cQWBCfIsKkYnxg2yewlWHFTVoDrZ1PuOac5UwGGcag2Ez
+LPN+9TDRETPZVulkGSLBlF9n0xZQGzJud4fw3DNkxBAsJz/Kj+Oc+uYNL62CXgJc
+bMG2nE9RlIy5ji0dlna8FvTNx+Fjs/UKse7KVcsXOQ479dE/fDUXwjVSokKN1MqN
+2MIMX9Va150d57WISxIfE8Yfx8enhCmsEMPBng2d+KVg0cwNabpTVvOFfbKepwYC
+tBJ3U3L+gvsnMTWqgf+c2vBW85JI1YVRNcVd4vL5I5cl0UmkY/7/BX6Bh/JzOhQ/
+q+YJ0rUezXlZC8rPI/+eYtLm4uKV/FUqvFkMjpI2tLh/9eQdwadgHIUpSGrmBU3R
+lwARAQABiQRyBBgBCAAmFiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEuECGwIF
+CQPCZwACQAkQ+0xoW13BwT7BdCAEGQEIAB0WIQRyAOssP15IhGPAzp7NyujJJ8a+
+MQUCZykS4QAKCRDNyujJJ8a+MTGJD/9MpDYKL6yo1JUhzCD+TQajWLhwDuWEo11h
+EEJohOEH2Myo2DbOA/OAQsFxpUkvzHDQTbHZm8F6Mzhf55OuaR259zEdHwH/MEXy
+g+UPamCz/NmZkQ7WCrgJ1pvvIihU02t+gJlKHE4I9HbAiLFxhm23l/tnfNJeqSMh
+5zqxM551PvlleulBu8g15SS84l8wI6JqKVq68N+/yTmIlRVs/4PHW85zzxu97BUl
+xssgPgchGv89L6TUPXTMZucXvVOfEZmvtqcxkJIUIcnlZX4FLAccq3FHL5snXH0w
+vjklyvVqdNd5och5Io3MUGKAlBKAe/R656CQPdGbD4hzE1viXnfqx6Vo1HRQDDHU
+MLWqmMG2cT3+ld1MSxlDGr2QyuPR359UoWM4oANUimTHujR1nWOZtSZ2NBXIYOAc
+T4SaB13vbr/Z+1auJba495QLphmKpu28GcKfAX5pXo/WesTQFYlyEvIGMMJ7ljah
+cEBgXrHCkM98w+viixyrM9XhNZVQsGJuu1FaBLGa+KcgYXH1P3BAJV9fbnh2oFoA
+SFEwiahP9g/7p69FkqpA4NGEjjg4bu5XvUhUAnwEcQE3yHG9AzdY+zV+HAwEULIZ
++v/H9Tj9zvxH0mHGRT1XCYxssZA/tU/VCB+IepmkcyTxlSZCfoot66vNZyfA8WTC
+AU9kQPw5A4xfEACKjcOFavkoN3eYgIcAs1jQDaKlv8kfotIfG7RLcwtr9sXo9upF
+jX58oxP9wVXGWf32s1Stf6ENFtzupuEqTG8aZydeeRxMdqH1t9SCERqeUqQGvWDW
+KTfOASek7/Hf5ff06/6B73YwNrBXSeqT1H/21L5kP+mHvZD2THdl9U1IvR5bGO7A
+HMVbRnCHlMBfitpKbJAKYBeLTk7diY2KrhqtJSDmgA4xFn533oOysBLhJ22XHr8K
+4pMHMRoY9AtD3Ak0HRWZ395BZM/30phwB0jCPkEnk/Rnv7GGxWNA6e2fii2c/q83
+pG4O1itLoztMI39l4oK838bSdFpzgP4glfcJhi1heBqgO6h61Ra1zs7k/MdERNoG
+3/jqhvaXN/pxPlDJW6NN/P6LSsYRzrem9cryZX4rsEVj8Mel0SGXWkPDZhgtsGZS
+2FBZ2wvr9NW+kx7/Blp28n9vLcB5HNB66xS5y5Kj1Q03tiPy7d1GHE2CxKJT3oD9
+IWUCgHmzc6eHkrhYRUIG78g2N2L6vYEsl49KcDcjtWRET0dp/UPbyO0HObddt+3a
+uzeU7XwVwKrDqR3siHd7S1ny5Qb1QO+pMMdNQcsBa/CurfyAooC7ZExpTToDmRHz
+tFxCKLPE7AEjCIe5RYxTj8fLHp9ew4OESzQ7oAUNqs0NkZ57ZqYpMDJmkbkCDQRn
+KRPFARAA7AZXVugEPe8MuygBPracbFtKpeIGw5vGelZs2J87Mz0FQY84ikexIffY
+9kYb/4s2M10QJ/LI/VHKwfk5PuP3ZDy+BFCgbdf3zmBs6NjJlzTG8CRNK9bE6LLk
+K4Xdfywnc1J6tANfCM/2pWotWP/cUHyeRrUcVLsrMLdmj+TMKjF5nf+FXc9NYiNy
+gm+0FIIo9nI4nGdGpZ+LkE0mjdLZJHWbFX3rvNrBeJnwx54GXqsuE58IG3P2D5uq
+tdlih6e4yfkmzaZwfSFph4xJXdRYgLiSKfOvUQnGz4vX+FUJUE2KINzoNdwVejP1
+lVz2SOllM4yhlUORGTI556f7lLJr3Ari14uYMswTj6mB4cJL9ZrgqtjIRZ7s2kbV
+VORImdFL5/JgZNa3ASK7BPon1TS3V3mFvGEztgCGWc4Sc1WaprcGrfKomz0b/uCJ
+xnsIgn0kEcpMnM6cp+kaHEFI6A6gI5pZbq5ULMOp+tg+YJQgpCZqcHjjXEkUa4dU
+8wsGNWOzCgwoaQreAzooxEINhDne7qwUr4lyXwehsFJ7NUhQqkpVfchb13nTpwTQ
+WFJb829Ym/QUgxWWjILYGk6NJZWATBe2T+bdIo+yAIBwKrOLvGWWhHz4T0LbFyL1
+x0Ybl9qCGBKNo/qPSoPDD+yVE9AlzkAMh66SQ5hMKJKIPBC1uUkAEQEAAYkCMwQY
+AQgAJxYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRPFAxsgBAUJA8JnAAAANxYP
+/iolEuftNwy1EwXjdif51f47XdivEEJPifVBWaI+watRxrhWDUn62tXogywauGS2
+mJpXSp4v+SbSHTabiAQNkoPJZZd15aERcVpNXL3IKlJdRYmXmBJdNLDGuoFbJYuU
+suThRP2X2yTmYx3LQkDy6ehtXgz95dCCBHXUMveOLto7SGyrHLFeQlxrBaNUZbko
+vURqgMogn8LDE4jmKkW54whFCNC/D0Cj/DZ+rXWpVdj3OSeTqkWSn9EMct6z7BUc
+O15tl8n3FXsxvWZ/+TTd1PnoZoD9TcRe8nYV2BZH7N/5gwRr0w8MdijZQ0S+T2Y6
+Tbjszyz4557F2WQ+DIpbkDya1i5j91GPxboLiktwxZr53+8hSmbka7DQXmrQBaT3
+8VsF70cvO0R6+9Ge4deZ9Nl62j+cICJiDikKPqncmg3kIt5tHxi1ab0AkFtfWSBW
++pJTZWDBggWzEETPxa7aHvP95IJJ4iABEVtOUnpwGtGRcJXKFu/Qs9ZZR8BSqIS1
+0bGsDhfH+MqsjTYmNF1b9tmReNKRrwr5wOWlyv2LEFZbkuRaw52IvyMTF9MbDbkU
+DtZ3UeIecG/foy7/Nv7T8jrd358ur3d7eWaZXH2pAXynk6R/iiNj1iggdWQtLu30
+CAWOb+5yakQZtfHI+TYKveX5vlHjXHd0Fb2TGK5alk3d
+=uF78
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/libsepol.spec b/libsepol.spec
index 2ed5626..a76938f 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libsepol
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
-- 
2.51.1


From 967edc13d0dc4b5f6c79be7fc8f93b7aa3860669f8f050980f59dd40eded76ed Mon Sep 17 00:00:00 2001
From: Hu <cathy.hu@suse.com>
Date: Fri, 7 Mar 2025 14:39:19 +0000
Subject: [PATCH 3/7] OBS-URL:
 https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=103

---
 libsepol-3.8.1.tar.gz     |  3 +++
 libsepol-3.8.1.tar.gz.asc | 16 ++++++++++++++++
 libsepol-3.8.tar.gz       |  3 ---
 libsepol-3.8.tar.gz.asc   | 16 ----------------
 libsepol.changes          |  7 +++++++
 libsepol.spec             |  2 +-
 6 files changed, 27 insertions(+), 20 deletions(-)
 create mode 100644 libsepol-3.8.1.tar.gz
 create mode 100644 libsepol-3.8.1.tar.gz.asc
 delete mode 100644 libsepol-3.8.tar.gz
 delete mode 100644 libsepol-3.8.tar.gz.asc

diff --git a/libsepol-3.8.1.tar.gz b/libsepol-3.8.1.tar.gz
new file mode 100644
index 0000000..e0fc1af
--- /dev/null
+++ b/libsepol-3.8.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
+size 513830
diff --git a/libsepol-3.8.1.tar.gz.asc b/libsepol-3.8.1.tar.gz.asc
new file mode 100644
index 0000000..ab48c96
--- /dev/null
+++ b/libsepol-3.8.1.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
+vjHl9A/+K9OVqrdn9BhJobCOvD2YqW1DUkexPQMAAzHCVoUc6B1oLOc+dHfIh/s9
+1hiuezTl/LX1KeJWQHBT6wp1zbhVkfdV5TAdDocHy8KbCY+UE4ASXHQuFkBJkk96
+S5Bez0sc5wlQPm+PAmDM2QxEbpbKXSuCQJU+KvvLJfp2P2//nj0REks2FFnp6ds9
++Rj/0ki9wnw+fQv1aboXUlA3fpCLArZJ5D03yjJz1zzlWgWOZ6b6gQHiE4WvIMOM
+C6D/WiI1AoguOyjpl5aWKyxoKm09e4goswvw4DM+zcxpzb1vCRGzSmRopquNvJzc
+JyOvMOOige86/ZJ+CeXE00MhXiFZ1UXak9znjZax9mSUlIGHRQARq7WtW/CoQ6CI
+5Bpq4q8bhs01IHurwZTlGynW4YrF0TR66cAmfxjM0irBNNYZyD364myrupf4DIoO
+3SN4XfVDqnFQEEft0HRW9xB3zLheyVcWFCWWS+bgzNelCAc1fPsje2W000E8QBH4
+lQFxM4UTRt2uboFI5P6yJG+/v5y57XXp/M/1PgRZ6M/vUi2kwaN486wbQWAt4eO4
+GLFPXmb1EiNeAq1UBwMHRqzEHvcLan6n0z7l4gpe0TNetFqh2erunuyAVQBVo6zT
+DuAZvc1sXGJpVt0kjYEv9Api8b0gj7djoUWZQKp6C16RaHki8AA=
+=XPdp
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.8.tar.gz b/libsepol-3.8.tar.gz
deleted file mode 100644
index ee05732..0000000
--- a/libsepol-3.8.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:844fbdbf02334b9ce03833ad8a671053f67b4076d72db4f03e0ee2665ec2eb55
-size 513780
diff --git a/libsepol-3.8.tar.gz.asc b/libsepol-3.8.tar.gz.asc
deleted file mode 100644
index ec97c11..0000000
--- a/libsepol-3.8.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmeaa/0ACgkQzcroySfG
-vjEtfQ/+N7svYoFdJeuqnwRIQyw7QcVwsKiVKBN6HQ2IS/JCKjQktBbK49chNxVM
-kNaJguPr6+5XF6c2fMVNNEoEcaLE6yhLKVx5EwccK280t0VNZZKuu8thffSRu/ws
-rFrWj/YPSZrOo/d+1D4Ew8G13irB30k9G6j9Wc1veO95orbjHIWql5Xj19WwHWqh
-C+eD/6Q8/B5a5Oz44/vjvzz3WKrBL5DUXh4ZNGmLnUxVUK8na5Hwvcpt3MR5eYRp
-PN13couFsNh8aQMqDA08MzW2KnSGAXXiV42SCZOF4xJtReLUvpJPoXTkjFaUPbOL
-Jes6SMWsj/HYu/9EbjVXBb+OKtL7usq67qVN7ejVxkSooA/Ist2bQPkSW1GfWN/O
-8iWEXN/XJ9Axglbxl8/UMIYxt/xyrDXGf1v59mK8s1jCzn2mqNekUTD1z3kN3qBK
-Jvre7IMRPNcWDH1wktwvTyrS4D+wz1wysqlxcxGQA7OucqeRAwxZL2LxGrJIhsxR
-z7Ln/ZODhAcZuU3TfeYW/U6QkIAHfjb7aFn5G+V7hxlhqCetkgS+oHDsbuGf9BkO
-t9v8ewRJYyXArkr39AZaIr8aazeqd3YcJNuWfLVGnDPgr7hyGepJsNmKcYy2Vqff
-qSrj8/IOfidSepVIfviOr5KUT3WM5HcXn4C0aSmeJbl9K/75a+U=
-=7HxV
------END PGP SIGNATURE-----
diff --git a/libsepol.changes b/libsepol.changes
index ffbc18e..b7287ef 100644
--- a/libsepol.changes
+++ b/libsepol.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.8.1
+  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
+  * no source change
+
 -------------------------------------------------------------------
 Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
 
diff --git a/libsepol.spec b/libsepol.spec
index a76938f..06f03a5 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -19,7 +19,7 @@
 %define libname libsepol2
 
 Name:           libsepol
-Version:        3.8
+Version:        3.8.1
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1-or-later
-- 
2.51.1


From 7397abe451cf4bc0c4fc2544025c67b1ab7446915cd65484420391ca72f63dae Mon Sep 17 00:00:00 2001
From: Robert Frohl <rfrohl@suse.com>
Date: Fri, 18 Jul 2025 12:03:44 +0000
Subject: [PATCH 4/7] Toolchain 3.9 update

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=105
---
 libsepol-3.8.1.tar.gz     |  3 ---
 libsepol-3.8.1.tar.gz.asc | 16 ----------------
 libsepol-3.9.tar.gz       |  3 +++
 libsepol-3.9.tar.gz.asc   | 16 ++++++++++++++++
 libsepol.changes          |  9 +++++++++
 libsepol.spec             |  2 +-
 6 files changed, 29 insertions(+), 20 deletions(-)
 delete mode 100644 libsepol-3.8.1.tar.gz
 delete mode 100644 libsepol-3.8.1.tar.gz.asc
 create mode 100644 libsepol-3.9.tar.gz
 create mode 100644 libsepol-3.9.tar.gz.asc

diff --git a/libsepol-3.8.1.tar.gz b/libsepol-3.8.1.tar.gz
deleted file mode 100644
index e0fc1af..0000000
--- a/libsepol-3.8.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
-size 513830
diff --git a/libsepol-3.8.1.tar.gz.asc b/libsepol-3.8.1.tar.gz.asc
deleted file mode 100644
index ab48c96..0000000
--- a/libsepol-3.8.1.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
-vjHl9A/+K9OVqrdn9BhJobCOvD2YqW1DUkexPQMAAzHCVoUc6B1oLOc+dHfIh/s9
-1hiuezTl/LX1KeJWQHBT6wp1zbhVkfdV5TAdDocHy8KbCY+UE4ASXHQuFkBJkk96
-S5Bez0sc5wlQPm+PAmDM2QxEbpbKXSuCQJU+KvvLJfp2P2//nj0REks2FFnp6ds9
-+Rj/0ki9wnw+fQv1aboXUlA3fpCLArZJ5D03yjJz1zzlWgWOZ6b6gQHiE4WvIMOM
-C6D/WiI1AoguOyjpl5aWKyxoKm09e4goswvw4DM+zcxpzb1vCRGzSmRopquNvJzc
-JyOvMOOige86/ZJ+CeXE00MhXiFZ1UXak9znjZax9mSUlIGHRQARq7WtW/CoQ6CI
-5Bpq4q8bhs01IHurwZTlGynW4YrF0TR66cAmfxjM0irBNNYZyD364myrupf4DIoO
-3SN4XfVDqnFQEEft0HRW9xB3zLheyVcWFCWWS+bgzNelCAc1fPsje2W000E8QBH4
-lQFxM4UTRt2uboFI5P6yJG+/v5y57XXp/M/1PgRZ6M/vUi2kwaN486wbQWAt4eO4
-GLFPXmb1EiNeAq1UBwMHRqzEHvcLan6n0z7l4gpe0TNetFqh2erunuyAVQBVo6zT
-DuAZvc1sXGJpVt0kjYEv9Api8b0gj7djoUWZQKp6C16RaHki8AA=
-=XPdp
------END PGP SIGNATURE-----
diff --git a/libsepol-3.9.tar.gz b/libsepol-3.9.tar.gz
new file mode 100644
index 0000000..1ead7ff
--- /dev/null
+++ b/libsepol-3.9.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba630b59e50c5fbf9e9dd45eb3734f373cf78d689d8c10c537114c9bd769fa2e
+size 515726
diff --git a/libsepol-3.9.tar.gz.asc b/libsepol-3.9.tar.gz.asc
new file mode 100644
index 0000000..a814040
--- /dev/null
+++ b/libsepol-3.9.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTUACgkQzcroySfG
+vjFK/w//Vu+sUYvhs1DkzIT5nQhNMIIG66ZSb3Q2BrLcplbHk27Wrrkw4NRoskmA
+7KMYs0QnBBP+HA54Y3g7mZoF3uRUfQsY2dEaudfZXCx/uzUf+hLZFMGj9zF1X+08
+ox0X8R14XKvM7JEB7/TXmPnTZNN5jA6J7dwP+XQ6VJDASyXiBnNEPb3qJzwfswVj
+gka6LVDWaecK1jkhFtJRR8RhXdjr01/9gLveeXw+kbFzBReDvUeKgCGp+Rp87g5y
+Np1CqAFeMwd1gr2EwH9L1hS+AMiiH7siOJXvXmUOa8jyz85Xv3s78SLe17qXHEN3
+5c3371C6rzTjsQsqlheHfv3P2Iukm8Hk9cQ72jcGKBJjWv0jrf/z/ahisoM31djy
+KRBnWEbU+YLnFngPKm3RcV02MFB20yR3xniYFxcAA5MhWaDjOgC35ltjzNd5QsDP
+ipg1hvkbwzeLLMVXUleC8VLelmweLvMbW1gzJpK5cd/M4lKHhlUcElLrvron0wy4
+0TBvGVwTiQQc7zN9nriC3IhC60+Ys8m9Y79iVpiJeshDFXBT/qiOxiuKewddUJYD
+NjrLUorupHhnbiKj7ia6V/CJ6VzgMZplaxK+wgP7QAHVpmjZgLW2LuM2ExrF5eCZ
+6u9FK/XLbS1SaCLG/MS7c3MU7WJ+RrIMpX5Ny+Vqfp1wD6aH8Fg=
+=0PDQ
+-----END PGP SIGNATURE-----
diff --git a/libsepol.changes b/libsepol.changes
index b7287ef..ff983ff 100644
--- a/libsepol.changes
+++ b/libsepol.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Jul 17 15:49:27 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.9
+  * Add new 'netif_wildcard' policy capability
+  * Allow multiple policycap statements
+  * Support genfs_seclabel_wildcard
+  * Introduce neveraudit types
+
 -------------------------------------------------------------------
 Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
 
diff --git a/libsepol.spec b/libsepol.spec
index 06f03a5..bf70ab2 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -19,7 +19,7 @@
 %define libname libsepol2
 
 Name:           libsepol
-Version:        3.8.1
+Version:        3.9
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1-or-later
-- 
2.51.1


From 36b5e9dee5227887208dbb7a32c65281dc274d041b238ca0e4c836f2b2154b8a Mon Sep 17 00:00:00 2001
From: Ana Guerrero <ana.guerrero+factory@suse.com>
Date: Tue, 22 Jul 2025 10:20:49 +0000
Subject: [PATCH 5/7] Accepting request 1295052 from openSUSE:Factory

https://bugzilla.suse.com/show_bug.cgi?id=1246831

OBS-URL: https://build.opensuse.org/request/show/1295052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=60
---
 libsepol-3.6.tar.gz       |  3 +++
 libsepol-3.6.tar.gz.asc   | 16 ++++++++++++++++
 libsepol-3.7.tar.gz       |  3 +++
 libsepol-3.7.tar.gz.asc   | 16 ++++++++++++++++
 libsepol-3.8.1.tar.gz     |  3 +++
 libsepol-3.8.1.tar.gz.asc | 16 ++++++++++++++++
 libsepol.changes          |  9 ---------
 libsepol.spec             |  2 +-
 8 files changed, 58 insertions(+), 10 deletions(-)
 create mode 100644 libsepol-3.6.tar.gz
 create mode 100644 libsepol-3.6.tar.gz.asc
 create mode 100644 libsepol-3.7.tar.gz
 create mode 100644 libsepol-3.7.tar.gz.asc
 create mode 100644 libsepol-3.8.1.tar.gz
 create mode 100644 libsepol-3.8.1.tar.gz.asc

diff --git a/libsepol-3.6.tar.gz b/libsepol-3.6.tar.gz
new file mode 100644
index 0000000..8b64a92
--- /dev/null
+++ b/libsepol-3.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c9dc585ea94903d784d597c861cd5dce6459168f95e22b31a0eab1cdd800975a
+size 509100
diff --git a/libsepol-3.6.tar.gz.asc b/libsepol-3.6.tar.gz.asc
new file mode 100644
index 0000000..6738838
--- /dev/null
+++ b/libsepol-3.6.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF
+CNEEfg//aHKtL3/mMdGCf8nJDizS0WisFmw3wx+z6R2r0Zs6umouzv9YgjmL3pUg
+LRrSgSyqYAZKXipooK0vyXhhZOnOh6kmOY3sEjR2I+4kwWQx7IzN0DFO7p/NVUo6
+GnNmGmxFhc6mEgu6926D5ACyigoB9gysyZcQxjWGQyrRM9oAlw2bBuvN+pyic+g/
+hX7KcHgki64nNXA6dfPkoTzKE+wQ83Ni0uQmo6fzNNf+XVrb1Qw6IL3cj52Iocja
+IB91wOjSJ3WyCdYxuZ2UZu2FBJbS7DNFQCDwIskdecX2gsTrrjYF2spKK1+9Uiny
+I4nt+9H7rHg/bZltnWIMUekBKKO58DmZziJ6oEUkHkc4vRBWrNJP74DHSPSA617v
+q6y7RBP8bavehOGIfqvQ7ChXxGzGXwhjpchAOAQJ7gPEXzqnI8UgzqoXKZ1Pnyod
+mUfteWBLuJlmyPcJeZ1wXBFo3G8l7ec/3nOwZ91Fn+Aw0Tx3/HS6Sm7GOYhI/uqy
+TMk29w2tpL5LS7XEQnYgxzLEY0EH4QXHuVrR08zKbDfX+UnVSePzSGqNdaXfJyI+
+sTz9d0Uaa3LK3wucPFAGTJyeszYk8FuQi7JMfq4jh3GPtC7qCwKCkrgwPQpB1coo
+WKgd/OodA2ZzTkjT28DERI7adUYjfDxXb7HQr/oW8poWePoD7yA=
+=D1Md
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.7.tar.gz b/libsepol-3.7.tar.gz
new file mode 100644
index 0000000..3f1638f
--- /dev/null
+++ b/libsepol-3.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901
+size 511487
diff --git a/libsepol-3.7.tar.gz.asc b/libsepol-3.7.tar.gz.asc
new file mode 100644
index 0000000..5dc777c
--- /dev/null
+++ b/libsepol-3.7.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
+CNGuSQ//cFEkvjL9a7cTSPE7HI66nyYK7Kd0qj9IZfZ0356U8tC17FwBgHs4PGd5
+o2k7fMBgF9cK8Eycj5JHeu5XmyfVnn+opWn+T6K8UeostDSLxSgqaUqQ5HxK6e0E
+fR5NOR/SgNs6NDZPTAp61nXPVpUng0+N73FLDAyU9Yygy3Y3bF89elLzL0M2l9lB
+CrKv79F5WSGDG8h5YBmXloCBFiT2pzSe3D1Yse8eq34AeJAoVArz1KgQgU+dBVjW
+cldkFvzvCnOkuEoFW5M4dRpc8MEXChRVEM0RmGnzamxIpnK99qN/dlgDe3sTCYi7
+Sl42IOQuFsbVVo3Tk9Nx61oQuoPqWGe+V61ZlOTryawKm84svJ6aP74E7x0bT3KD
+V1964Yw+SbPqLYXTVHG2lpBvB2O79XjQQ00AZXys7d5b2CAallNXwTeK0HrcUT5T
+CzsBCEX4i/PLxJte6MNTIbCC4lMiyvf6AOUpus949m1WEQCtFDv/3fyHfM91uA5g
+TsGzkupwqXGepDSFZyU5lyhsCup2VC/5qh9x4zhAs4SoUb/JLTpobwiW4TwBy4mp
+xijH5y7g50u3y1k9rNcW0wNDMot+ROOdTwCRqyAzpC8rzfmaVhD7qcu4zry2CeI1
+AbGP1KH319s1Ae7wygj+/xGAiYHKR4NwL/SgdenNV4xsw/sn2gg=
+=YJy0
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.8.1.tar.gz b/libsepol-3.8.1.tar.gz
new file mode 100644
index 0000000..e0fc1af
--- /dev/null
+++ b/libsepol-3.8.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
+size 513830
diff --git a/libsepol-3.8.1.tar.gz.asc b/libsepol-3.8.1.tar.gz.asc
new file mode 100644
index 0000000..ab48c96
--- /dev/null
+++ b/libsepol-3.8.1.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
+vjHl9A/+K9OVqrdn9BhJobCOvD2YqW1DUkexPQMAAzHCVoUc6B1oLOc+dHfIh/s9
+1hiuezTl/LX1KeJWQHBT6wp1zbhVkfdV5TAdDocHy8KbCY+UE4ASXHQuFkBJkk96
+S5Bez0sc5wlQPm+PAmDM2QxEbpbKXSuCQJU+KvvLJfp2P2//nj0REks2FFnp6ds9
++Rj/0ki9wnw+fQv1aboXUlA3fpCLArZJ5D03yjJz1zzlWgWOZ6b6gQHiE4WvIMOM
+C6D/WiI1AoguOyjpl5aWKyxoKm09e4goswvw4DM+zcxpzb1vCRGzSmRopquNvJzc
+JyOvMOOige86/ZJ+CeXE00MhXiFZ1UXak9znjZax9mSUlIGHRQARq7WtW/CoQ6CI
+5Bpq4q8bhs01IHurwZTlGynW4YrF0TR66cAmfxjM0irBNNYZyD364myrupf4DIoO
+3SN4XfVDqnFQEEft0HRW9xB3zLheyVcWFCWWS+bgzNelCAc1fPsje2W000E8QBH4
+lQFxM4UTRt2uboFI5P6yJG+/v5y57XXp/M/1PgRZ6M/vUi2kwaN486wbQWAt4eO4
+GLFPXmb1EiNeAq1UBwMHRqzEHvcLan6n0z7l4gpe0TNetFqh2erunuyAVQBVo6zT
+DuAZvc1sXGJpVt0kjYEv9Api8b0gj7djoUWZQKp6C16RaHki8AA=
+=XPdp
+-----END PGP SIGNATURE-----
diff --git a/libsepol.changes b/libsepol.changes
index ff983ff..b7287ef 100644
--- a/libsepol.changes
+++ b/libsepol.changes
@@ -1,12 +1,3 @@
--------------------------------------------------------------------
-Thu Jul 17 15:49:27 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
-
-- Update to version 3.9
-  * Add new 'netif_wildcard' policy capability
-  * Allow multiple policycap statements
-  * Support genfs_seclabel_wildcard
-  * Introduce neveraudit types
-
 -------------------------------------------------------------------
 Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
 
diff --git a/libsepol.spec b/libsepol.spec
index bf70ab2..06f03a5 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -19,7 +19,7 @@
 %define libname libsepol2
 
 Name:           libsepol
-Version:        3.9
+Version:        3.8.1
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1-or-later
-- 
2.51.1


From 31d45f2471b1b4aa1a97f5d60578ae6fd1c58fd94d2d07dc616d817dfa0d8be4 Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Tue, 22 Jul 2025 10:20:49 +0000
Subject: [PATCH 6/7] Updating link to change in openSUSE:Factory/libsepol
 revision 60

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=3eda3b5c5a33d3db41efff5fe788b2e6
---
 .gitattributes            |  23 ++
 .gitignore                |   1 +
 baselibs.conf             |   1 +
 libsepol-3.6.tar.gz       |   3 +
 libsepol-3.6.tar.gz.asc   |  16 ++
 libsepol-3.7.tar.gz       |   3 +
 libsepol-3.7.tar.gz.asc   |  16 ++
 libsepol-3.8.1.tar.gz     |   3 +
 libsepol-3.8.1.tar.gz.asc |  16 ++
 libsepol-3.9.tar.gz       |   3 +
 libsepol-3.9.tar.gz.asc   |  16 ++
 libsepol.changes          | 477 ++++++++++++++++++++++++++++++++++++++
 libsepol.keyring          | 121 ++++++++++
 libsepol.spec             | 130 +++++++++++
 14 files changed, 829 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 baselibs.conf
 create mode 100644 libsepol-3.6.tar.gz
 create mode 100644 libsepol-3.6.tar.gz.asc
 create mode 100644 libsepol-3.7.tar.gz
 create mode 100644 libsepol-3.7.tar.gz.asc
 create mode 100644 libsepol-3.8.1.tar.gz
 create mode 100644 libsepol-3.8.1.tar.gz.asc
 create mode 100644 libsepol-3.9.tar.gz
 create mode 100644 libsepol-3.9.tar.gz.asc
 create mode 100644 libsepol.changes
 create mode 100644 libsepol.keyring
 create mode 100644 libsepol.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/baselibs.conf b/baselibs.conf
new file mode 100644
index 0000000..3b862da
--- /dev/null
+++ b/baselibs.conf
@@ -0,0 +1 @@
+libsepol2
diff --git a/libsepol-3.6.tar.gz b/libsepol-3.6.tar.gz
new file mode 100644
index 0000000..8b64a92
--- /dev/null
+++ b/libsepol-3.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c9dc585ea94903d784d597c861cd5dce6459168f95e22b31a0eab1cdd800975a
+size 509100
diff --git a/libsepol-3.6.tar.gz.asc b/libsepol-3.6.tar.gz.asc
new file mode 100644
index 0000000..6738838
--- /dev/null
+++ b/libsepol-3.6.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF
+CNEEfg//aHKtL3/mMdGCf8nJDizS0WisFmw3wx+z6R2r0Zs6umouzv9YgjmL3pUg
+LRrSgSyqYAZKXipooK0vyXhhZOnOh6kmOY3sEjR2I+4kwWQx7IzN0DFO7p/NVUo6
+GnNmGmxFhc6mEgu6926D5ACyigoB9gysyZcQxjWGQyrRM9oAlw2bBuvN+pyic+g/
+hX7KcHgki64nNXA6dfPkoTzKE+wQ83Ni0uQmo6fzNNf+XVrb1Qw6IL3cj52Iocja
+IB91wOjSJ3WyCdYxuZ2UZu2FBJbS7DNFQCDwIskdecX2gsTrrjYF2spKK1+9Uiny
+I4nt+9H7rHg/bZltnWIMUekBKKO58DmZziJ6oEUkHkc4vRBWrNJP74DHSPSA617v
+q6y7RBP8bavehOGIfqvQ7ChXxGzGXwhjpchAOAQJ7gPEXzqnI8UgzqoXKZ1Pnyod
+mUfteWBLuJlmyPcJeZ1wXBFo3G8l7ec/3nOwZ91Fn+Aw0Tx3/HS6Sm7GOYhI/uqy
+TMk29w2tpL5LS7XEQnYgxzLEY0EH4QXHuVrR08zKbDfX+UnVSePzSGqNdaXfJyI+
+sTz9d0Uaa3LK3wucPFAGTJyeszYk8FuQi7JMfq4jh3GPtC7qCwKCkrgwPQpB1coo
+WKgd/OodA2ZzTkjT28DERI7adUYjfDxXb7HQr/oW8poWePoD7yA=
+=D1Md
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.7.tar.gz b/libsepol-3.7.tar.gz
new file mode 100644
index 0000000..3f1638f
--- /dev/null
+++ b/libsepol-3.7.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901
+size 511487
diff --git a/libsepol-3.7.tar.gz.asc b/libsepol-3.7.tar.gz.asc
new file mode 100644
index 0000000..5dc777c
--- /dev/null
+++ b/libsepol-3.7.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
+CNGuSQ//cFEkvjL9a7cTSPE7HI66nyYK7Kd0qj9IZfZ0356U8tC17FwBgHs4PGd5
+o2k7fMBgF9cK8Eycj5JHeu5XmyfVnn+opWn+T6K8UeostDSLxSgqaUqQ5HxK6e0E
+fR5NOR/SgNs6NDZPTAp61nXPVpUng0+N73FLDAyU9Yygy3Y3bF89elLzL0M2l9lB
+CrKv79F5WSGDG8h5YBmXloCBFiT2pzSe3D1Yse8eq34AeJAoVArz1KgQgU+dBVjW
+cldkFvzvCnOkuEoFW5M4dRpc8MEXChRVEM0RmGnzamxIpnK99qN/dlgDe3sTCYi7
+Sl42IOQuFsbVVo3Tk9Nx61oQuoPqWGe+V61ZlOTryawKm84svJ6aP74E7x0bT3KD
+V1964Yw+SbPqLYXTVHG2lpBvB2O79XjQQ00AZXys7d5b2CAallNXwTeK0HrcUT5T
+CzsBCEX4i/PLxJte6MNTIbCC4lMiyvf6AOUpus949m1WEQCtFDv/3fyHfM91uA5g
+TsGzkupwqXGepDSFZyU5lyhsCup2VC/5qh9x4zhAs4SoUb/JLTpobwiW4TwBy4mp
+xijH5y7g50u3y1k9rNcW0wNDMot+ROOdTwCRqyAzpC8rzfmaVhD7qcu4zry2CeI1
+AbGP1KH319s1Ae7wygj+/xGAiYHKR4NwL/SgdenNV4xsw/sn2gg=
+=YJy0
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.8.1.tar.gz b/libsepol-3.8.1.tar.gz
new file mode 100644
index 0000000..e0fc1af
--- /dev/null
+++ b/libsepol-3.8.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
+size 513830
diff --git a/libsepol-3.8.1.tar.gz.asc b/libsepol-3.8.1.tar.gz.asc
new file mode 100644
index 0000000..ab48c96
--- /dev/null
+++ b/libsepol-3.8.1.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
+vjHl9A/+K9OVqrdn9BhJobCOvD2YqW1DUkexPQMAAzHCVoUc6B1oLOc+dHfIh/s9
+1hiuezTl/LX1KeJWQHBT6wp1zbhVkfdV5TAdDocHy8KbCY+UE4ASXHQuFkBJkk96
+S5Bez0sc5wlQPm+PAmDM2QxEbpbKXSuCQJU+KvvLJfp2P2//nj0REks2FFnp6ds9
++Rj/0ki9wnw+fQv1aboXUlA3fpCLArZJ5D03yjJz1zzlWgWOZ6b6gQHiE4WvIMOM
+C6D/WiI1AoguOyjpl5aWKyxoKm09e4goswvw4DM+zcxpzb1vCRGzSmRopquNvJzc
+JyOvMOOige86/ZJ+CeXE00MhXiFZ1UXak9znjZax9mSUlIGHRQARq7WtW/CoQ6CI
+5Bpq4q8bhs01IHurwZTlGynW4YrF0TR66cAmfxjM0irBNNYZyD364myrupf4DIoO
+3SN4XfVDqnFQEEft0HRW9xB3zLheyVcWFCWWS+bgzNelCAc1fPsje2W000E8QBH4
+lQFxM4UTRt2uboFI5P6yJG+/v5y57XXp/M/1PgRZ6M/vUi2kwaN486wbQWAt4eO4
+GLFPXmb1EiNeAq1UBwMHRqzEHvcLan6n0z7l4gpe0TNetFqh2erunuyAVQBVo6zT
+DuAZvc1sXGJpVt0kjYEv9Api8b0gj7djoUWZQKp6C16RaHki8AA=
+=XPdp
+-----END PGP SIGNATURE-----
diff --git a/libsepol-3.9.tar.gz b/libsepol-3.9.tar.gz
new file mode 100644
index 0000000..1ead7ff
--- /dev/null
+++ b/libsepol-3.9.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba630b59e50c5fbf9e9dd45eb3734f373cf78d689d8c10c537114c9bd769fa2e
+size 515726
diff --git a/libsepol-3.9.tar.gz.asc b/libsepol-3.9.tar.gz.asc
new file mode 100644
index 0000000..a814040
--- /dev/null
+++ b/libsepol-3.9.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmh3hTUACgkQzcroySfG
+vjFK/w//Vu+sUYvhs1DkzIT5nQhNMIIG66ZSb3Q2BrLcplbHk27Wrrkw4NRoskmA
+7KMYs0QnBBP+HA54Y3g7mZoF3uRUfQsY2dEaudfZXCx/uzUf+hLZFMGj9zF1X+08
+ox0X8R14XKvM7JEB7/TXmPnTZNN5jA6J7dwP+XQ6VJDASyXiBnNEPb3qJzwfswVj
+gka6LVDWaecK1jkhFtJRR8RhXdjr01/9gLveeXw+kbFzBReDvUeKgCGp+Rp87g5y
+Np1CqAFeMwd1gr2EwH9L1hS+AMiiH7siOJXvXmUOa8jyz85Xv3s78SLe17qXHEN3
+5c3371C6rzTjsQsqlheHfv3P2Iukm8Hk9cQ72jcGKBJjWv0jrf/z/ahisoM31djy
+KRBnWEbU+YLnFngPKm3RcV02MFB20yR3xniYFxcAA5MhWaDjOgC35ltjzNd5QsDP
+ipg1hvkbwzeLLMVXUleC8VLelmweLvMbW1gzJpK5cd/M4lKHhlUcElLrvron0wy4
+0TBvGVwTiQQc7zN9nriC3IhC60+Ys8m9Y79iVpiJeshDFXBT/qiOxiuKewddUJYD
+NjrLUorupHhnbiKj7ia6V/CJ6VzgMZplaxK+wgP7QAHVpmjZgLW2LuM2ExrF5eCZ
+6u9FK/XLbS1SaCLG/MS7c3MU7WJ+RrIMpX5Ny+Vqfp1wD6aH8Fg=
+=0PDQ
+-----END PGP SIGNATURE-----
diff --git a/libsepol.changes b/libsepol.changes
new file mode 100644
index 0000000..b7287ef
--- /dev/null
+++ b/libsepol.changes
@@ -0,0 +1,477 @@
+-------------------------------------------------------------------
+Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.8.1
+  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
+  * no source change
+
+-------------------------------------------------------------------
+Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
+
+- Update to version 3.8
+  https://github.com/SELinuxProject/selinux/releases/tag/3.8
+  * libsepol: Support nlmsg extended permissions
+  * libsepol: Add policy capability netlink_xperm
+  * libsepol: add support for xperms in conditional policies
+  * Code improvements and bug fixes
+- For a more in depth list of changes see
+  https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
+- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
+  * removed 0xBC3905F235179CF1 (expired: 2024-10-25)
+  * added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
+
+-------------------------------------------------------------------
+Mon Jul  1 08:01:08 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.7
+  https://github.com/SELinuxProject/selinux/releases/tag/3.7
+  * User-visible changes:
+    * libsepol: improve policy lookup failure message
+    * libsepol: include prefix for module policy versions
+    * libsepol: validate type-attribute-map for old policies
+    * libsepol: only exempt gaps checking for kernel policies
+  * Bugfixes:
+    * libsepol/src/Makefile: fix reallocarray detection
+    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
+    * libsepol: ensure transitivity in compare functions
+  * oss-fuzz fixes:
+    * libsepol: check scope permissions refer to valid class
+    * libsepol: validate attribute-type maps
+    * libsepol: reject self flag in type rules in old policies
+    * libsepol: validate class permissions
+    * libsepol: validate access vector permissions
+    * libsepol: reject MLS support in pre-MLS policies
+    * libsepol: Fix buffer overflow when using sepol_av_to_string()
+    * libsepol: Use a dynamic buffer in sepol_av_to_string()
+
+-------------------------------------------------------------------
+Tue Dec 19 09:20:58 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.6
+  https://github.com/SELinuxProject/selinux/releases/tag/3.6
+  * struct cond_expr_t bool renamed to boolean
+    The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro 
+  * Add notself support for neverallow rules
+  * Improve man pages
+  * man pages: Remove the Russian translations
+  * Add notself and other support to CIL
+  * Add support for deny rules
+  * Translations updated from
+    https://translate.fedoraproject.org/projects/selinux/
+  * Bug fixes
+- Remove keys from keyring since they expired:
+  - E853C1848B0185CF42864DF363A8AD4B982C4373
+    Petr Lautrbach <plautrba@redhat.com>
+  - 63191CE94183098689CAB8DB7EF137EC935B0EAF
+    Jason Zaman <jasonzaman@gmail.com>
+- Add key to keyring: 
+  - B8682847764DF60DF52D992CBC3905F235179CF1 
+    Petr Lautrbach <lautrbach@redhat.com> 
+
+-------------------------------------------------------------------
+Thu Mar 23 16:06:02 UTC 2023 - Martin Liška <mliska@suse.cz>
+
+- Enable LTO now (boo#1138813).
+
+-------------------------------------------------------------------
+Fri Feb 24 07:50:14 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.5
+  * Stricter policy validation
+  * do not write empty class definitions to allow simpler round-trip tests
+  * reject attributes in type av rules for kernel policies
+- Added additional developer key (Jason Zaman)
+
+-------------------------------------------------------------------
+Mon May  9 10:27:53 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.4
+  * Add 'ioctl_skip_cloexec' policy capability
+  * Add sepol_av_perm_to_string
+  * Add policy utilities
+  * Support IPv4/IPv6 address embedding
+  * Hardened/added many validations
+  * Add support for file types in writing out policy.conf
+  * Allow optional file type in genfscon rules
+
+-------------------------------------------------------------------
+Thu Nov 11 13:28:14 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.3
+  * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
+    are all included
+  * Lot of smaller fixes identified by fuzzing
+
+-------------------------------------------------------------------
+Wed Jul 21 13:16:54 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
+  Added CVE-2021-36087.patch
+
+-------------------------------------------------------------------
+Mon Jul  5 11:31:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
+  Added CVE-2021-36085.patch
+- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
+  Added CVE-2021-36086.patch
+
+-------------------------------------------------------------------
+Tue Mar  9 09:11:42 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.2
+  * more space-efficient form of storing filename transitions in the binary
+    policy and reduced the size of the binary policy
+  * dropped old and deprecated symbols and functions. Version was bumped to
+    libsepol.so.2
+
+-------------------------------------------------------------------
+Thu Oct 29 10:40:16 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
+
+- install to /usr (boo#1029961)
+
+-------------------------------------------------------------------
+Tue Jul 14 08:39:58 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.1
+  * Add support for new polcap genfs_seclabel_symlinks
+  * Initialize the multiple_decls field of the cil db
+  * Return error when identifier declared as both type and attribute
+  * Write CIL default MLS rules on separate lines
+  * Sort portcon rules consistently
+  * Remove leftovers of cil_mem_error_handler
+  * Drop remove_cil_mem_error_handler.patch, is included
+
+-------------------------------------------------------------------
+Mon Apr 27 19:35:18 UTC 2020 - Martin Liška <mliska@suse.cz>
+
+- Enable -fcommon in order to fix boo#1160874.
+
+-------------------------------------------------------------------
+Tue Mar  3 12:17:04 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Update to version 3.0
+  * cil: Allow validatetrans rules to be resolved
+  * cil: Report disabling an optional block only at high verbose levels
+  * cil: do not dereference perm_value_to_cil when it has not been allocated
+  * cil: fix mlsconstrain segfault
+  * Further improve binary policy optimization
+  * Make an unknown permission an error in CIL
+  * Remove cil_mem_error_handler() function pointer
+  * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
+  * Add a function to optimize kernel policy
+  * Add ebitmap_for_each_set_bit macro
+
+  Dropped fnocommon.patch as it's included upstream
+
+-------------------------------------------------------------------
+Thu Jan 30 14:11:56 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Add fnocommon.patch to prevent build failures on gcc10 and
+  remove_cil_mem_error_handler.patch to prevent build failures due to 
+  leftovers from the removal of cil_mem_error_handler (bsc#1160874)
+
+-------------------------------------------------------------------
+Thu Jun 20 10:25:00 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Disable LTO due to symbol versioning (boo#1138813).
+
+-------------------------------------------------------------------
+Wed Mar 20 15:12:34 UTC 2019 - jsegitz@suse.com
+
+- Update to version 2.9
+  * Add two new Xen initial SIDs
+  * Check that initial sid indexes are within the valid range
+  * Create policydb_sort_ocontexts()
+  * Eliminate initial sid string definitions in module_to_cil.c
+  * Rename kernel_to_common.c stack functions
+  * add missing ibendport port validity check
+  * destroy the copied va_list
+  * do not call malloc with 0 byte
+  * do not leak memory if list_prepend fails
+  * do not use uninitialized value for low_value
+  * fix endianity in ibpkey range checks
+  * ibpkeys.c: fix printf format string specifiers for subnet_prefix
+  * mark permissive types when loading a binary policy
+
+-------------------------------------------------------------------
+Thu Nov  8 09:34:54 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Use more %make_install.
+
+-------------------------------------------------------------------
+Thu Nov  8 07:19:24 UTC 2018 - jsegitz@suse.com
+
+- Adjusted source urls (bsc#1115052)
+
+-------------------------------------------------------------------
+Wed Oct 17 11:54:52 UTC 2018 - jsegitz@suse.com
+
+- Update to version 2.8 (bsc#1111732)
+  For changes please see
+  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
+
+-------------------------------------------------------------------
+Wed May 16 07:13:18 UTC 2018 - mcepl@suse.com
+
+- Rebase to 2.7
+  For changes please see
+  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
+
+-------------------------------------------------------------------
+Fri Nov 24 09:16:47 UTC 2017 - jsegitz@suse.com
+
+- Update to version 2.6. Notable changes:
+  * Add support for converting extended permissions to CIL
+  * Create user and role caches when building binary policy
+  * Check for too many permissions in classes and commons in CIL
+  * Fix xperm mapping between avrule and avtab
+  * Produce more meaningful error messages for conflicting type rules in CIL
+  * Change which attributes CIL keeps in the binary policy
+  * Warn instead of fail if permission is not resolved
+  * Ignore object_r when adding userrole mappings to policydb
+  * Correctly detect unknown classes in sepol_string_to_security_class
+  * Fix neverallowxperm checking on attributes
+  * Only apply bounds checking to source types in rules
+  * Fix CIL and not add an attribute as a type in the attr_type_map
+  * Fix extended permissions neverallow checking
+  * Fix CIL neverallow and bounds checking
+  * Add support for portcon dccp protocol
+
+-------------------------------------------------------------------
+Fri Jul 15 14:29:28 UTC 2016 - jengelh@inai.de
+
+- Update RPM groups, trim description and combine filelist entries.
+
+-------------------------------------------------------------------
+Thu Jul 14 14:38:09 UTC 2016 - mpluskal@suse.com
+
+- Cleanup spec file with spec-cleaner
+- Make spec file a bit more easy
+- Ship new supbackage (-tools)
+
+-------------------------------------------------------------------
+Thu Jul 14 14:21:46 UTC 2016 - jsegitz@novell.com
+
+- Without bug number no submit to SLE 12 SP2 is possible, so to make
+  sle-changelog-checker happy: bsc#988977
+
+-------------------------------------------------------------------
+Thu Jul 14 07:57:35 UTC 2016 - jsegitz@novell.com
+
+- Adjusted source link
+
+-------------------------------------------------------------------
+Tue Jul  5 17:11:44 UTC 2016 - i@marguerite.su
+
+- update version 2.5
+  * Fix unused variable annotations
+  * Fix uninitialized variable in CIL
+  * Validate extended avrules and permissionxs in CIL
+  * Add support in CIL for neverallowx
+  * Fully expand neverallowxperm rules
+  * Add support for unordered classes to CIL
+  * Add neverallow support for ioctl extended permissions
+  * Improve CIL block and macro call recursion detection
+  * Fix CIL uninitialized false positive in cil_binary
+  * Provide error in CIL if classperms are empty
+  * Add userattribute{set} functionality to CIL
+  * fix CIL blockinherit copying segfault and add macro restrictions
+  * fix CIL NULL pointer dereference when copying classpermission/set
+  * Add CIL support for ioctl whitelists
+  * Fix memory leak when destroying avtab
+  * Replace sscanf in module_to_cil
+  * Improve CIL resolution error messages
+  * Fix policydb_read for policy versions < 24
+  * Added CIL bounds checking and refactored CIL Neverallow checking
+  * Refactored libsepol Neverallow and bounds (hierarchy) checking
+  * Treat types like an attribute in the attr_type_map
+  * Add new ebitmap function named ebitmap_match_any()
+  * switch operations to extended perms
+  * Write auditadm_r and secadm_r roles to base module when writing CIL
+  * Fix module to CIL to only associate declared roleattributes with in-scope types
+  * Don't allow categories/sensitivities inside blocks in CIL
+  * Replace fmemopen() with internal function in libsepol
+  * Verify users prior to evaluating users in cil
+  * Binary modules do not support ioctl rules
+  * Add support for ioctl command whitelisting
+  * Don't use symbol versioning for static object files
+  * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), 
+    and sepol_ppfile_to_module_package()
+  * Move secilc out of libsepol
+  * fix building Xen policy with devicetreecon, and add devicetreecon
+    CIL documentation
+  * bool_copy_callback set state on creation
+  * Add device tree ocontext nodes to Xen policy
+  * Widen Xen IOMEM context entries
+  * Fix error path in mls_semantic_level_expand()
+  * Update to latest CIL, includes new name resolution and fixes ordering
+    issues with blockinherit statements, and bug fixes
+- changes in 2.4
+  * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+  * Fix bugs found by hardened gcc flags
+  * Build CIL into libsepol. libsepol can be built without CIL by setting the
+    DISABLE_CIL flag to 'y'
+  * Add an API function to set target_platform
+  * Report all neverallow violations
+  * Improve check_assertions performance
+  * Allow libsepol C++ static library on device
+
+-------------------------------------------------------------------
+Fri May 16 13:06:12 UTC 2014 - vcizek@suse.com
+
+- update to 2.3
+  * Improve error message for name-based transition conflicts.
+  * Revert libsepol: filename_trans: use some better sorting to compare and merge.
+  * Report source file and line information for neverallow failures.
+  * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
+  * Add sepol_validate_transition_reason_buffer function from Richard Haines.
+- dropped libsepol-2.1.4-role_fix_callback.patch (upstream)
+
+-------------------------------------------------------------------
+Thu Oct 31 13:36:48 UTC 2013 - p.drouand@gmail.com
+
+- Update to version 2.2
+  * Allow constraint denial cause to be determined
+	  - Add kernel policy version 29.
+	  - Add modular policy version 17.
+	  - Add sepol_compute_av_reason_buffer(), sepol_string_to_security
+       _class(), sepol_string_to_av_perm().
+  * Support overriding Makefile RANLIB
+  * Fix man pages
+- Remove libsepol-rhat.patch; merged on upstream
+
+-------------------------------------------------------------------
+Thu Jun 27 14:37:12 UTC 2013 - vcizek@suse.com
+
+- change the source url to the official 2.1.9 release tarball
+
+-------------------------------------------------------------------
+Sat Jun 22 01:40:19 UTC 2013 - crrodriguez@opensuse.org
+
+- Build with LFS_CFLAGS for 32 bit archs 
+
+-------------------------------------------------------------------
+Fri Apr  5 15:31:13 UTC 2013 - vcizek@suse.com
+
+- remove a debugging artifact in spec
+
+-------------------------------------------------------------------
+Thu Apr  4 19:26:35 UTC 2013 - vcizek@suse.com
+
+- fixed source url
+
+-------------------------------------------------------------------
+Wed Feb 13 14:34:39 UTC 2013 - vcizek@suse.com
+
+- update to 2.1.9
+  * filename_trans: use some better sorting to compare and merge
+  * coverity fixes
+  * implement default type policy syntax
+  * Fix memory leak issues found by Klocwork
+- added libsepol-rhat.patch
+
+-------------------------------------------------------------------
+Mon Jan  7 22:46:48 UTC 2013 - jengelh@inai.de
+
+- Remove obsolete defines/sections
+
+-------------------------------------------------------------------
+Mon Dec 10 17:34:14 UTC 2012 - p.drouand@gmail.com
+
+- Update to 2.1.8 version:
+  * fix neverallow checking on attributes
+  * Move context_copy() after switch block in ocontext_copy_*().
+  * check for missing initial SID labeling statement.
+  * Add always_check_network policy capability
+  * role_fix_callback skips out-of-scope roles during expansion.
+
+-------------------------------------------------------------------
+Thu Oct 25 10:47:00 UTC 2012 - vcizek@suse.com
+
+- skip roles which are out of scope when expanding attributes
+- needed for building selinux-policy
+
+-------------------------------------------------------------------
+Wed Jul 25 11:16:59 UTC 2012 - meissner@suse.com
+
+- updated to 2.1.4
+  - lots of updates
+
+-------------------------------------------------------------------
+Wed Oct  5 15:11:06 UTC 2011 - uli@suse.com
+
+- cross-build fix: use %__cc macro
+
+-------------------------------------------------------------------
+Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
+
+- use %_smp_mflags
+
+-------------------------------------------------------------------
+Sat Apr 24 11:38:22 UTC 2010 - coolo@novell.com
+
+- buildrequire pkg-config to fix provides
+
+-------------------------------------------------------------------
+Thu Feb 25 15:00:29 UTC 2010 - prusnak@suse.cz
+
+- updated to 2.0.41
+  * changes too numerous to list
+
+-------------------------------------------------------------------
+Sun Dec 13 01:35:55 CET 2009 - jengelh@medozas.de
+
+- add baselibs.conf as a source
+
+-------------------------------------------------------------------
+Wed Nov 11 18:18:22 UTC 2009 - crrodriguez@opensuse.org
+
+- libsepol-devel Requires glibc-devel
+
+-------------------------------------------------------------------
+Fri Jun 19 13:26:45 CEST 2009 - prusnak@suse.cz
+
+- put static library in libsepol-devel-static
+
+-------------------------------------------------------------------
+Wed May 27 13:56:59 CEST 2009 - prusnak@suse.cz
+
+- updated to 2.0.36
+  * fix alias field in module format, caused by boundary format
+    change from Caleb Case
+  * fix boolean state smashing from Joshua Brindle
+
+-------------------------------------------------------------------
+Mon Dec  1 11:37:58 CET 2008 - prusnak@suse.cz
+
+- updated to 2.0.34
+  * add bounds support
+  * fix invalid aliases bug
+
+-------------------------------------------------------------------
+Wed Oct 22 16:17:24 CEST 2008 - mrueckert@suse.de
+
+- fix debug_packages_requires define
+
+-------------------------------------------------------------------
+Tue Sep 23 12:53:01 CEST 2008 - prusnak@suse.cz
+
+- require only version, not release [bnc#429053]
+
+-------------------------------------------------------------------
+Fri Aug 22 14:45:33 CEST 2008 - prusnak@suse.cz
+
+- added baselibs.conf file
+
+-------------------------------------------------------------------
+Fri Aug  1 17:32:23 CEST 2008 - ro@suse.de
+
+- fix requires for debuginfo package
+
+-------------------------------------------------------------------
+Tue Jul 15 15:35:54 CEST 2008 - prusnak@suse.cz
+
+- initial version 2.0.32
+  * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
+
diff --git a/libsepol.keyring b/libsepol.keyring
new file mode 100644
index 0000000..9db3320
--- /dev/null
+++ b/libsepol.keyring
@@ -0,0 +1,121 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGcpEXsBEACjkf3/pxK1vKNYV5sbqoOfqlP7i/WuVtFmjStjBaQOYQCM5kxE
+L1ImKlMJ1B40WW/ocSKIK+XduZkiqtn7O8sjpTX7Z0fuTTrE2ogUtNXTNuv61SQ7
+CymDmevn0qy40/TVYFLQQvO6c7/MeP4E4R0+DUq8HQhAW2oDBoB+6fLrti9Ov07t
+jPTtkJ9PE+0d/oUnzQU95FrQuhlidbhSZIa2bV/n1UP36p7jKFG01qdqZdQqN/wF
+PDStDCOgmFVPkyDRnqFbp+EWsPnsuB3x8GLlkcdSVHjPX6eoYJSgeUeNzQlXIryP
+x+h8pp+jD/v0hNo6oHO/4/emxj15wGDvAZo4eurNHNHEB8phE7YhoUdEaewQTwWf
+BIQvTS49XGmKJNq+sskUSOS70aY/c5jetvAg9dvDWb2ZkbXIBVtIQR/nxZJZ6gGn
+Q7qqvAB0ht2BRfgGRDxtfky1SNenm2bRK2aNCJns73VyDRW5a2t+P8jgTfG2Wg3O
+G0bZAsjizuIAvWiuEKXES5lE71qVQJJydG+GbDYOHqwHqLnp69xl1QXDExc4HLF9
+avR/FfhCVHyNiow+PtQw2PY9xxME5Be6YhbZx0YR6eL2+sT1wt9lFI0LA9YBda2v
+XNBbngnHkOMIYehtCTndnuQT4xlUCN6A5pPS7nRyWME18mii26Wfj6BsYwARAQAB
+tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
+FiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEXsCGwMFCQPCZwAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQ+0xoW13BwT52gxAAjmac0DxofR1945mfP82s
+zBjofuMr/6Vhq0LHTl7VN8r7PP195EqzGA/c+OPSn2KCjeMh09w3n9ieWZUR6mUO
+ZKIo4516d2+LL6wDyy6QyjTtD6bWlhY3MW3KJl35zjian0jWXuHquS0hj1cN52uU
+CQ2iDVWVR63142maBe3Y6Yk0OZh+1ZwoinLD9ktq5uNFwCbHCyfsjp1adProV+D0
+fy2txGVaKlVY/yKY7QQinALxFuG42CTGO39xV/cISnOiQXifSTeepia33Q020ZzS
+QblACVO+VS4ek1bO7O90A+0zLcoRpch+7cgRl4goLFKBZdObvNEpSfQXqMoCwteE
+r9Y4DUBrs10BTAzGsSd182ioGu6xosOWnNZTtRK/ZhP49/dpDu7WzODYnxXl6pE/
+4TzDB7nhE0KBCtwOBSrlpvKdyy+6WXcaom/O9kLv9DdOH+DlZz51FoYHPQ70UG5E
+9DCOucH3fbFbV8N/XtxJylUoC9X+PCe2lZd/udK/YzSj1+KGdMGXh3ZzYQEq1N2n
+lbQil5GXm4tp3cBiii4/pGhn78h39mA15pAof9mULGTlL0YvNiGbrrnKw5hGSHs1
++hOFG28CoB4NxMpYYMbWdCiTYoo5LKpLzU9PYCUzPsDbpHS+wf/2VDW5kUiEgZvF
+leUYRFnBd3Wz6WB9ZNsHkr6JAjMEEAEIAB0WIQS4aChHdk32DfUtmSy8OQXyNRec
+8QUCZykYBQAKCRC8OQXyNRec8V0ZD/4vu4DsQwH5iHS6uFm46W1lI22B7pv5Rstl
+N3wNGx/Tjh75nQ0lZ1DaxosGm0aEhydqzhB3SBL5CRYHuUysnfW67HXlkGMWwa3K
+or5Wgfwkg+9XwyvleiOoD5RhSlc/qewgut2RS83Ol4DnUjFi5UxZy63xJRVjOMPX
+VgbU/wsXPJ2wiZph7ux75ETzkXf/Y+iRk17R3QaHfq7J8lI0PzReuvEulE6BptCA
+c0bR2sv8MeN2hrcXRXkRSgbs0HBSuYFGVYpgItQV9b7yZCfpFUrwkhX1ZoevOL8o
+Bkuidlvl0KM7R746XXqnJSh8sDxI3sFqqN6ezyGjb3sa0Td1quReaPmnenhg+6v8
+P6hkI0gf4FgyyG3jpW0Te/pXXQ/woDboyA2jmowTVDSQLUNRiLrxw94OCtAExZr6
+cX6b2LZoZ4DKLeoOFm7TckuE5gCG/jk5VFrCb28WrIqIFEA1WiBNGv5yHjPLBpqn
+B9UtD7GLBUuqVPmf+IjNYJDSEDXl4pmAlXSRNcvg5YoF4mpI2ectWbgCFnY6kocy
+yMTsESim8J70llYUiuO1D1OuuIHI7HTdqdaSabtviVnUcoM4j8LHLPwFm9iLOjuF
+I50aMusUFMP9aTSzC+nMHg0qHkjo3uSCmlcxNpanfr4qZDHronNpmN6kaXVUw0V2
+CI/pLDqk77kCDQRnKRF7ARAArgRj7ToZ65fjAuVSoAxYKdsUQu6EFkZYUsQi8/pY
+lLVY6957jlFVylV9gyncCrKaI1FqECVEy1JD1i1dJ2UE+SG01yhX+GqNw3LAx1uz
+L5GzbulGT8MlULTJUvgAGtJKXCF81rjpfhm8+vwYYO+MBSEro1dDtatknFhH39TS
+epEa0a48EuEV7LUfrSflrE/z7Z/2kUI1sMnXcduuFWO75FR4TwarlYkjl15rlJ9i
+dcURGxP/M76nDtlppIOZYpHVrzw/oGQMPt7rdkhoBrzj0z8PP46DM0SBvJGO+Bs7
+Q4QitLbHrWUahbsX2msSDOP3s0iIG7qqk0Jgl5+Sl88Q2uT7CY5S2El+HoTu6mGW
+WJBqazp2pcBzdn7EE32MV/vhGnNWYg8r8wU2vQRxQwWBRGkG1pOuTh0YyH76/mLi
+orHHAkd/hGwYIOyAf1lkN6YrPmry4U1MjWRtOewo2353svjlT7f+ZGbiXbaDx674
+C8PpHgZ8qOzLMQULIYrtOZViPRj4QZH35htFDUZqFeq2tH9osLT0tLLFBOph8pTw
+q6yehx4RsE6KARlQ0/JunOJvAeXVURX1ytHl5Pww8eCzzF2mNDuBG4+LXZ+9zze6
+elSw0gdILFmpeiKUazPb7OlfayLc/EG0r+1OjpkVEuKOEezbnRjVqCngzJdir3UD
+ZVMAEQEAAYkCPAQYAQgAJhYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRF7AhsM
+BQkDwmcAAAoJEPtMaFtdwcE+jMYP/Rh+SS0bAara89lQj8Wxy/5WcSpW33h0GdLT
+/obJi+EjtN/zW/7vZRGVB5fxNRCjH0Hx3cCu7lvb6JKQ9y8fvQ9tjyO3/JPAe1KU
+XN/r5g8iX6jJPPsOiIgtKOs7nWe2XyAqYhvxD1bvjFXpUUgnibysfTgwoWkiXNQO
+rrrQlhAga05QW6BJ+DtotVT/SPhYooQp8B+D3fBhMop34mBEXLgVk+uJ6bse+VRK
+LZUp992utQX89fflfviIp09CgQANmLwqQxlQsO3JDpk67aGIOkCuOjmENp0ozfXh
+nrlWczXWGOISGZMXcjIYGWVvSoEiTQucFUe4xiaKoE0kRtqocuoiO7z9G8WVhX4A
+whJ4DsHrySdslxqjXeiC0Om4niGmAKOPYHWfQ1YxyO7SC167Wx+whpBtYd68fa+C
+XkskMI21Qk382hYHZSi/bvAS+yieDBjd27jROcz7l6PB/ivwPfBf4mlUICF+vc5z
+SSfDXidGoU8B7UTsM1REnzF8RX2I9ECzCjqqiHsgjE0RNQbWvLBETE23q0eyiPHR
+ZvQjQgHsKdZEr0Xqg1GnRLiRWCn4l6Fr00ZcUraGfyoEP+ulQ+yP852SIE34LsCL
+TusI17P4gp2dR9eQ4mosI7J5TAL1Y+W4U8H1GeeCFgzjGExZ/xe9Is46T++A/GKp
+HkA0s5uxuQINBGcpEuEBEAC6H5vY7GP2r5FFn6mQNV/8zo/TXIOYOHC1gfOL8tbw
+8UcLqJCXMxF7K/VHmfe4ISkBn76Z1R4KCjZOYWdh2mbESB1owhb3y6p7h+4eGhdT
+YyHh6I3uPIm9dAKyKMINjOJ+iPTcdjudNWPDj4FJK72QDf+8SpT0DliMbTUyZVIx
+ohpOupmqyfKkrqvZ7ElrthVFjBGqktgLmSyKQNUr1+11+GOeydgZLiljJ8w1IdjU
+oEykeNPvASQz4pnZZGmNNlnuc/27gt98kwqBxyVGB/7XcJ5Jol9UiGMmXEZUuSWg
+Txcls56Ha+Qrbnt70F6cQWBCfIsKkYnxg2yewlWHFTVoDrZ1PuOac5UwGGcag2Ez
+LPN+9TDRETPZVulkGSLBlF9n0xZQGzJud4fw3DNkxBAsJz/Kj+Oc+uYNL62CXgJc
+bMG2nE9RlIy5ji0dlna8FvTNx+Fjs/UKse7KVcsXOQ479dE/fDUXwjVSokKN1MqN
+2MIMX9Va150d57WISxIfE8Yfx8enhCmsEMPBng2d+KVg0cwNabpTVvOFfbKepwYC
+tBJ3U3L+gvsnMTWqgf+c2vBW85JI1YVRNcVd4vL5I5cl0UmkY/7/BX6Bh/JzOhQ/
+q+YJ0rUezXlZC8rPI/+eYtLm4uKV/FUqvFkMjpI2tLh/9eQdwadgHIUpSGrmBU3R
+lwARAQABiQRyBBgBCAAmFiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEuECGwIF
+CQPCZwACQAkQ+0xoW13BwT7BdCAEGQEIAB0WIQRyAOssP15IhGPAzp7NyujJJ8a+
+MQUCZykS4QAKCRDNyujJJ8a+MTGJD/9MpDYKL6yo1JUhzCD+TQajWLhwDuWEo11h
+EEJohOEH2Myo2DbOA/OAQsFxpUkvzHDQTbHZm8F6Mzhf55OuaR259zEdHwH/MEXy
+g+UPamCz/NmZkQ7WCrgJ1pvvIihU02t+gJlKHE4I9HbAiLFxhm23l/tnfNJeqSMh
+5zqxM551PvlleulBu8g15SS84l8wI6JqKVq68N+/yTmIlRVs/4PHW85zzxu97BUl
+xssgPgchGv89L6TUPXTMZucXvVOfEZmvtqcxkJIUIcnlZX4FLAccq3FHL5snXH0w
+vjklyvVqdNd5och5Io3MUGKAlBKAe/R656CQPdGbD4hzE1viXnfqx6Vo1HRQDDHU
+MLWqmMG2cT3+ld1MSxlDGr2QyuPR359UoWM4oANUimTHujR1nWOZtSZ2NBXIYOAc
+T4SaB13vbr/Z+1auJba495QLphmKpu28GcKfAX5pXo/WesTQFYlyEvIGMMJ7ljah
+cEBgXrHCkM98w+viixyrM9XhNZVQsGJuu1FaBLGa+KcgYXH1P3BAJV9fbnh2oFoA
+SFEwiahP9g/7p69FkqpA4NGEjjg4bu5XvUhUAnwEcQE3yHG9AzdY+zV+HAwEULIZ
++v/H9Tj9zvxH0mHGRT1XCYxssZA/tU/VCB+IepmkcyTxlSZCfoot66vNZyfA8WTC
+AU9kQPw5A4xfEACKjcOFavkoN3eYgIcAs1jQDaKlv8kfotIfG7RLcwtr9sXo9upF
+jX58oxP9wVXGWf32s1Stf6ENFtzupuEqTG8aZydeeRxMdqH1t9SCERqeUqQGvWDW
+KTfOASek7/Hf5ff06/6B73YwNrBXSeqT1H/21L5kP+mHvZD2THdl9U1IvR5bGO7A
+HMVbRnCHlMBfitpKbJAKYBeLTk7diY2KrhqtJSDmgA4xFn533oOysBLhJ22XHr8K
+4pMHMRoY9AtD3Ak0HRWZ395BZM/30phwB0jCPkEnk/Rnv7GGxWNA6e2fii2c/q83
+pG4O1itLoztMI39l4oK838bSdFpzgP4glfcJhi1heBqgO6h61Ra1zs7k/MdERNoG
+3/jqhvaXN/pxPlDJW6NN/P6LSsYRzrem9cryZX4rsEVj8Mel0SGXWkPDZhgtsGZS
+2FBZ2wvr9NW+kx7/Blp28n9vLcB5HNB66xS5y5Kj1Q03tiPy7d1GHE2CxKJT3oD9
+IWUCgHmzc6eHkrhYRUIG78g2N2L6vYEsl49KcDcjtWRET0dp/UPbyO0HObddt+3a
+uzeU7XwVwKrDqR3siHd7S1ny5Qb1QO+pMMdNQcsBa/CurfyAooC7ZExpTToDmRHz
+tFxCKLPE7AEjCIe5RYxTj8fLHp9ew4OESzQ7oAUNqs0NkZ57ZqYpMDJmkbkCDQRn
+KRPFARAA7AZXVugEPe8MuygBPracbFtKpeIGw5vGelZs2J87Mz0FQY84ikexIffY
+9kYb/4s2M10QJ/LI/VHKwfk5PuP3ZDy+BFCgbdf3zmBs6NjJlzTG8CRNK9bE6LLk
+K4Xdfywnc1J6tANfCM/2pWotWP/cUHyeRrUcVLsrMLdmj+TMKjF5nf+FXc9NYiNy
+gm+0FIIo9nI4nGdGpZ+LkE0mjdLZJHWbFX3rvNrBeJnwx54GXqsuE58IG3P2D5uq
+tdlih6e4yfkmzaZwfSFph4xJXdRYgLiSKfOvUQnGz4vX+FUJUE2KINzoNdwVejP1
+lVz2SOllM4yhlUORGTI556f7lLJr3Ari14uYMswTj6mB4cJL9ZrgqtjIRZ7s2kbV
+VORImdFL5/JgZNa3ASK7BPon1TS3V3mFvGEztgCGWc4Sc1WaprcGrfKomz0b/uCJ
+xnsIgn0kEcpMnM6cp+kaHEFI6A6gI5pZbq5ULMOp+tg+YJQgpCZqcHjjXEkUa4dU
+8wsGNWOzCgwoaQreAzooxEINhDne7qwUr4lyXwehsFJ7NUhQqkpVfchb13nTpwTQ
+WFJb829Ym/QUgxWWjILYGk6NJZWATBe2T+bdIo+yAIBwKrOLvGWWhHz4T0LbFyL1
+x0Ybl9qCGBKNo/qPSoPDD+yVE9AlzkAMh66SQ5hMKJKIPBC1uUkAEQEAAYkCMwQY
+AQgAJxYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRPFAxsgBAUJA8JnAAAANxYP
+/iolEuftNwy1EwXjdif51f47XdivEEJPifVBWaI+watRxrhWDUn62tXogywauGS2
+mJpXSp4v+SbSHTabiAQNkoPJZZd15aERcVpNXL3IKlJdRYmXmBJdNLDGuoFbJYuU
+suThRP2X2yTmYx3LQkDy6ehtXgz95dCCBHXUMveOLto7SGyrHLFeQlxrBaNUZbko
+vURqgMogn8LDE4jmKkW54whFCNC/D0Cj/DZ+rXWpVdj3OSeTqkWSn9EMct6z7BUc
+O15tl8n3FXsxvWZ/+TTd1PnoZoD9TcRe8nYV2BZH7N/5gwRr0w8MdijZQ0S+T2Y6
+Tbjszyz4557F2WQ+DIpbkDya1i5j91GPxboLiktwxZr53+8hSmbka7DQXmrQBaT3
+8VsF70cvO0R6+9Ge4deZ9Nl62j+cICJiDikKPqncmg3kIt5tHxi1ab0AkFtfWSBW
++pJTZWDBggWzEETPxa7aHvP95IJJ4iABEVtOUnpwGtGRcJXKFu/Qs9ZZR8BSqIS1
+0bGsDhfH+MqsjTYmNF1b9tmReNKRrwr5wOWlyv2LEFZbkuRaw52IvyMTF9MbDbkU
+DtZ3UeIecG/foy7/Nv7T8jrd358ur3d7eWaZXH2pAXynk6R/iiNj1iggdWQtLu30
+CAWOb+5yakQZtfHI+TYKveX5vlHjXHd0Fb2TGK5alk3d
+=uF78
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/libsepol.spec b/libsepol.spec
new file mode 100644
index 0000000..06f03a5
--- /dev/null
+++ b/libsepol.spec
@@ -0,0 +1,130 @@
+#
+# spec file for package libsepol
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define libname libsepol2
+
+Name:           libsepol
+Version:        3.8.1
+Release:        0
+Summary:        SELinux binary policy manipulation library
+License:        LGPL-2.1-or-later
+Group:          Development/Libraries/C and C++
+URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+Source2:        libsepol.keyring
+Source3:        baselibs.conf
+BuildRequires:  flex
+BuildRequires:  pkgconfig
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+%description
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+%package utils
+Summary:        SELinux binary policy manipulation tools
+Group:          System/Base
+
+%description utils
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+%package -n %{libname}
+Summary:        SELinux binary policy manipulation library
+Group:          System/Libraries
+
+%description -n %{libname}
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+(Security-enhanced Linux is a feature of the kernel and some
+utilities that implement mandatory access control policies, such as
+Type Enforcement, Role-based Access Control and Multi-Level
+Security.)
+
+%package devel
+Summary:        Development files for SELinux's binary policy manipulation library
+Group:          Development/Libraries/C and C++
+Requires:       %{libname} = %{version}
+Requires:       glibc-devel
+
+%description devel
+The libsepol-devel package contains the libraries and header files
+needed for developing applications that manipulate binary SELinux
+policies.
+
+%package devel-static
+Summary:        Static archives for SELinux's binary policy manipulation library
+Group:          Development/Libraries/C and C++
+Requires:       libsepol-devel = %{version}
+
+%description devel-static
+The libsepol-devel-static package contains the static libraries
+needed for developing applications that manipulate binary SELinux
+policies.
+
+%prep
+%setup -q
+
+%build
+%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
+export CFLAGS="%{optflags} -fcommon"
+make %{?_smp_mflags}
+
+%install
+%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}"
+
+%post -n %{libname} -p /sbin/ldconfig
+%postun -n %{libname} -p /sbin/ldconfig
+
+%files utils
+%defattr(-,root,root)
+%{_bindir}/chkcon
+%{_bindir}/sepol_check_access
+%{_bindir}/sepol_compute_av
+%{_bindir}/sepol_compute_member
+%{_bindir}/sepol_compute_relabel
+%{_bindir}/sepol_validate_transition
+%{_mandir}/man8/*.8%{ext_man}
+
+%files -n %{libname}
+%defattr(-,root,root)
+%{_libdir}/libsepol.so.*
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/libsepol.so
+%{_mandir}/man3/*.3%{ext_man}
+%{_includedir}/sepol/
+%{_libdir}/pkgconfig/libsepol.pc
+
+%files devel-static
+%defattr(-,root,root)
+%{_libdir}/libsepol.a
+
+%changelog
-- 
2.51.1


From 69919129624283d516b0741cdc95dfd8f441f51e82584dd59379d0a886da3896 Mon Sep 17 00:00:00 2001
From: Johannes Segitz <jsegitz@suse.com>
Date: Wed, 23 Jul 2025 12:18:42 +0000
Subject: [PATCH 7/7] next try for 3.9 toolchain. Addition of neveraudit causes
 the issues. We will have to rebuild all existing selinux modules. Dimstar is
 aware

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=107
---
 libsepol-3.8.1.tar.gz     |  3 ---
 libsepol-3.8.1.tar.gz.asc | 16 ----------------
 libsepol.changes          |  9 +++++++++
 libsepol.spec             |  2 +-
 4 files changed, 10 insertions(+), 20 deletions(-)
 delete mode 100644 libsepol-3.8.1.tar.gz
 delete mode 100644 libsepol-3.8.1.tar.gz.asc

diff --git a/libsepol-3.8.1.tar.gz b/libsepol-3.8.1.tar.gz
deleted file mode 100644
index e0fc1af..0000000
--- a/libsepol-3.8.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
-size 513830
diff --git a/libsepol-3.8.1.tar.gz.asc b/libsepol-3.8.1.tar.gz.asc
deleted file mode 100644
index ab48c96..0000000
--- a/libsepol-3.8.1.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
-vjHl9A/+K9OVqrdn9BhJobCOvD2YqW1DUkexPQMAAzHCVoUc6B1oLOc+dHfIh/s9
-1hiuezTl/LX1KeJWQHBT6wp1zbhVkfdV5TAdDocHy8KbCY+UE4ASXHQuFkBJkk96
-S5Bez0sc5wlQPm+PAmDM2QxEbpbKXSuCQJU+KvvLJfp2P2//nj0REks2FFnp6ds9
-+Rj/0ki9wnw+fQv1aboXUlA3fpCLArZJ5D03yjJz1zzlWgWOZ6b6gQHiE4WvIMOM
-C6D/WiI1AoguOyjpl5aWKyxoKm09e4goswvw4DM+zcxpzb1vCRGzSmRopquNvJzc
-JyOvMOOige86/ZJ+CeXE00MhXiFZ1UXak9znjZax9mSUlIGHRQARq7WtW/CoQ6CI
-5Bpq4q8bhs01IHurwZTlGynW4YrF0TR66cAmfxjM0irBNNYZyD364myrupf4DIoO
-3SN4XfVDqnFQEEft0HRW9xB3zLheyVcWFCWWS+bgzNelCAc1fPsje2W000E8QBH4
-lQFxM4UTRt2uboFI5P6yJG+/v5y57XXp/M/1PgRZ6M/vUi2kwaN486wbQWAt4eO4
-GLFPXmb1EiNeAq1UBwMHRqzEHvcLan6n0z7l4gpe0TNetFqh2erunuyAVQBVo6zT
-DuAZvc1sXGJpVt0kjYEv9Api8b0gj7djoUWZQKp6C16RaHki8AA=
-=XPdp
------END PGP SIGNATURE-----
diff --git a/libsepol.changes b/libsepol.changes
index b7287ef..ff983ff 100644
--- a/libsepol.changes
+++ b/libsepol.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Jul 17 15:49:27 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.9
+  * Add new 'netif_wildcard' policy capability
+  * Allow multiple policycap statements
+  * Support genfs_seclabel_wildcard
+  * Introduce neveraudit types
+
 -------------------------------------------------------------------
 Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
 
diff --git a/libsepol.spec b/libsepol.spec
index 06f03a5..bf70ab2 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -19,7 +19,7 @@
 %define libname libsepol2
 
 Name:           libsepol
-Version:        3.8.1
+Version:        3.9
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1-or-later
-- 
2.51.1