From e603841c80b33ba50f46bba6c639df5a6f174a39 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Sun, 23 Nov 2025 18:07:03 +0100 Subject: [PATCH] libselinux: update to 3.9 Release Notes: https://github.com/SELinuxProject/selinux/wiki/Releases#release-39 Remove upstreamed: - 0001-Inject-matchpathcon_filespec_add64-if-defined-__INO_.patch -> https://github.com/SELinuxProject/selinux/commit/5c3fcbd931b7f9752b5ce29cec3b6813991d61c0 - 100-v2-libselinux-be-careful-with-non-portable-LFS-macro.patch -> https://github.com/SELinuxProject/selinux/commit/21dd00713ae99b13e36c632992cb171c6ec1abce Link: https://github.com/openwrt/openwrt/pull/20908 Signed-off-by: Nick Hainke --- package/libs/libselinux/Makefile | 4 +- ...con_filespec_add64-if-defined-__INO_.patch | 75 --------- ...-careful-with-non-portable-LFS-macro.patch | 158 ------------------ 3 files changed, 2 insertions(+), 235 deletions(-) delete mode 100644 package/libs/libselinux/patches/0001-Inject-matchpathcon_filespec_add64-if-defined-__INO_.patch delete mode 100644 package/libs/libselinux/patches/100-v2-libselinux-be-careful-with-non-portable-LFS-macro.patch diff --git a/package/libs/libselinux/Makefile b/package/libs/libselinux/Makefile index 9f65f5bf65..a486448218 100644 --- a/package/libs/libselinux/Makefile +++ b/package/libs/libselinux/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libselinux -PKG_VERSION:=3.8.1 +PKG_VERSION:=3.9 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c +PKG_HASH:=e7ee2c01dba64a0c35c9d7c9c0e06209d8186b325b0638a0d83f915cc3c101e8 PKG_LICENSE:=libselinux-1.0 PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/libselinux/patches/0001-Inject-matchpathcon_filespec_add64-if-defined-__INO_.patch b/package/libs/libselinux/patches/0001-Inject-matchpathcon_filespec_add64-if-defined-__INO_.patch deleted file mode 100644 index 1f9bc445a0..0000000000 --- a/package/libs/libselinux/patches/0001-Inject-matchpathcon_filespec_add64-if-defined-__INO_.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 5c3fcbd931b7f9752b5ce29cec3b6813991d61c0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= -Date: Thu, 20 Mar 2025 16:55:17 +0100 -Subject: [PATCH] Inject matchpathcon_filespec_add64() if - !defined(__INO_T_MATCHES_INO64_T) instead of using __BITS_PER_LONG < 64 as - proxy -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The __INO_T_MATCHES_INO64_T is defined -if ino_t would be the same size as ino64_t -if -D_FILE_OFFSET_BITS=64 were not defined. - -This is /exactly/ what - /* ABI backwards-compatible shim for non-LFS 32-bit systems */ - #if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64 -is trying to get at, but currently fails because x32/RV32 are "LFS" -with 32-bit longs and 64-bit time_ts natively. - -Thus, the - static_assert(sizeof(unsigned long) == sizeof(__ino_t), "inode size mismatch"); -assertion fails (__ino_t is the "kernel ino_t" type, -which generally corresponds to the kernel's ulong, which is u64 on x32). - -glibc headers allow us to check the condition we care about directly. - -Fixes: commit 9395cc0322 ("Always build for LFS mode on 32-bit archs.") -Closes: #463 -Closes: Debian#1098481 -Signed-off-by: наб -Cc: Alba Mendez -Acked-by: James Carter ---- - include/selinux/selinux.h | 2 +- - src/matchpathcon.c | 8 ++++++-- - 2 files changed, 7 insertions(+), 3 deletions(-) - ---- a/include/selinux/selinux.h -+++ b/include/selinux/selinux.h -@@ -537,7 +537,7 @@ extern int matchpathcon_index(const char - with the same inode (e.g. due to multiple hard links). If so, then - use the latter of the two specifications based on their order in the - file contexts configuration. Return the used specification index. */ --#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64 -+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && !defined(__INO_T_MATCHES_INO64_T) - #define matchpathcon_filespec_add matchpathcon_filespec_add64 - #endif - extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file); ---- a/src/matchpathcon.c -+++ b/src/matchpathcon.c -@@ -261,7 +261,7 @@ int matchpathcon_filespec_add(ino_t ino, - return -1; - } - --#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64 -+#if (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) && !defined(__INO_T_MATCHES_INO64_T) - /* alias defined in the public header but we undefine it here */ - #undef matchpathcon_filespec_add - -@@ -280,9 +280,13 @@ int matchpathcon_filespec_add(unsigned l - { - return matchpathcon_filespec_add64(ino, specind, file); - } -+#elif (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) || defined(__INO_T_MATCHES_INO64_T) -+ -+static_assert(sizeof(uint64_t) == sizeof(ino_t), "inode size mismatch"); -+ - #else - --static_assert(sizeof(unsigned long) == sizeof(ino_t), "inode size mismatch"); -+static_assert(sizeof(uint32_t) == sizeof(ino_t), "inode size mismatch"); - - #endif - diff --git a/package/libs/libselinux/patches/100-v2-libselinux-be-careful-with-non-portable-LFS-macro.patch b/package/libs/libselinux/patches/100-v2-libselinux-be-careful-with-non-portable-LFS-macro.patch deleted file mode 100644 index 157703aaf6..0000000000 --- a/package/libs/libselinux/patches/100-v2-libselinux-be-careful-with-non-portable-LFS-macro.patch +++ /dev/null @@ -1,158 +0,0 @@ -From patchwork Sat Apr 26 15:13:57 2025 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 8bit -X-Patchwork-Submitter: Alyssa Ross -X-Patchwork-Id: 14067708 -Received: from fhigh-b7-smtp.messagingengine.com - (fhigh-b7-smtp.messagingengine.com [202.12.124.158]) - (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) - (No client certificate requested) - by smtp.subspace.kernel.org (Postfix) with ESMTPS id 33F71A31 - for ; Sat, 26 Apr 2025 15:15:54 +0000 (UTC) -Authentication-Results: smtp.subspace.kernel.org; - arc=none smtp.client-ip=202.12.124.158 -ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; - t=1745680559; cv=none; - b=Pq1cEfDSDJ0fkBMv6QVCQI8UUqLnYGihmK9UeuLduv0kwLuwpvD6WOxM/TSLMRIywjgR8gd2c853qlcX7DDrHAnyddbljBfUmT7TClUWm+eES9n51wREeMkgpjwZEvuOCVXfWzMNnBJNztbAVx+10PtGeluwXSHG1odCX/NjgQI= -ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; - s=arc-20240116; t=1745680559; c=relaxed/simple; - bh=pJMDSW9OyFQkw5+mTn23RDQ0ioaHtTd6I+0qBZvmwP4=; - h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; - b=VY6d+x8V7xkeJ2uh/a5R7YERgjbG4KKpSH0LL+z/D5ebQqDoQYyVyuQAhANwGBuFP81lunmLcZc2wMIkhtTTIzrFJyVwMsKJnPT2vLUBI6Um9ow9ZAwrpU3bMzV3KjnKaTZMGAZ87fAstIzB5jJaPIF2rhU9NiBHjpTAn5ofXYo= -ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; - dmarc=none (p=none dis=none) header.from=alyssa.is; - spf=pass smtp.mailfrom=alyssa.is; - dkim=pass (2048-bit key) header.d=alyssa.is header.i=@alyssa.is - header.b=sVvu9/jU; - dkim=pass (2048-bit key) header.d=messagingengine.com - header.i=@messagingengine.com - header.b=Oe16/9D7; arc=none smtp.client-ip=202.12.124.158 -Authentication-Results: smtp.subspace.kernel.org; - dmarc=none (p=none dis=none) header.from=alyssa.is -Authentication-Results: smtp.subspace.kernel.org; - spf=pass smtp.mailfrom=alyssa.is -Authentication-Results: smtp.subspace.kernel.org; - dkim=pass (2048-bit key) header.d=alyssa.is header.i=@alyssa.is - header.b="sVvu9/jU"; - dkim=pass (2048-bit key) header.d=messagingengine.com - header.i=@messagingengine.com header.b="Oe16/9D7" -Received: from phl-compute-02.internal (phl-compute-02.phl.internal - [10.202.2.42]) - by mailfhigh.stl.internal (Postfix) with ESMTP id ED5B02540205; - Sat, 26 Apr 2025 11:15:53 -0400 (EDT) -Received: from phl-mailfrontend-02 ([10.202.2.163]) - by phl-compute-02.internal (MEProxy); Sat, 26 Apr 2025 11:15:54 -0400 -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc - :cc:content-transfer-encoding:content-type:content-type:date - :date:from:from:in-reply-to:message-id:mime-version:reply-to - :subject:subject:to:to; s=fm2; t=1745680553; x=1745766953; bh=rW - uOFM2rzwdFfxgV2+EnHMjhI780MNjU9R+9eFq8dvg=; b=sVvu9/jU9LemQ6RFQI - DtSKhUj2+dsfX0he1Ov1CofCaTdNc+esuMzB8dGEgQnIY6sfB7FHrPAuDDQaCTEb - Qb0MW0FQNzuTyNO94P8IXvcPEN7XWpcH1UKkWyohOsX/DRQYs8YP/oyrZB7gy8h+ - LPbqcyracjmJriUdC8aesJ3FKHmyQiXY8ka08VFQyiVrksvEwfM7tleNW0mQVrVG - VpHxDigwP71zXB3gHl0ogks6VloaqH0f3EKo1nT19xuzWGcMPKtBrs3jHJFSgy8X - 9+jY/qFSAq6OvItkKnwXf08McbuKVuPnYZrrsVgx3NZFcaCo+tklqEvWJUJCPxnz - BfXw== -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= - messagingengine.com; h=cc:cc:content-transfer-encoding - :content-type:content-type:date:date:feedback-id:feedback-id - :from:from:in-reply-to:message-id:mime-version:reply-to:subject - :subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= - fm3; t=1745680553; x=1745766953; bh=rWuOFM2rzwdFfxgV2+EnHMjhI780 - MNjU9R+9eFq8dvg=; b=Oe16/9D7/7d67cUSyAPHmj+rekiHlxK3tMneIFP/5hTG - MlpQlyg5QLsVRSUxfGn/OjX1vvg5VrpRpeGYaxJyNU/oPy2jFBSwUmB1lR7/W4Lz - M4NYele9Nufotym19hpJylkMpOi266PNIqG1lT4OfK7d+ZEJSoZygq/tnsgE08ql - 2AFSMbYbTQC6YM8sk+9tk2ypCjb7W1NouIshFQ33J7LNniu67KJDcPtH3VqfkG6q - RYkGhc21tTZl/e9EQ6m8Z4c6yWk8kDqozOBI0lOh6GrhAaDEj1+/2v0DF7OAcqwG - KhqGnYTkH2Qj8pshvMSctbOWckywkqxX+fREJWN9Gw== -X-ME-Sender: - -X-ME-Received: - -X-ME-Proxy-Cause: - gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvheehheefucetufdoteggodetrf - dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv - pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih - gvnhhtshculddquddttddmnecujfgurhephffvvefufffkofggtgfgsehtkeertdertdej - necuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenuc - ggtffrrghtthgvrhhnpeevieegveegkeefieekffeuuddtuefhtdfhgfdvfeeugfffvdeh - tdekveeufedtjeenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrh - fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhs - pdhnsggprhgtphhtthhopeegpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehmvg - esrghlsggrrdhshhdprhgtphhtthhopehjfigtrghrthdvsehgmhgrihhlrdgtohhmpdhr - tghpthhtohepnhgrsghijhgrtgiilhgvfigvlhhisehnrggsihhjrggtiihlvgifvghlih - drgiihiidprhgtphhtthhopehsvghlihhnuhigsehvghgvrhdrkhgvrhhnvghlrdhorhhg -X-ME-Proxy: - - - - -Feedback-ID: i12284293:Fastmail -Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, - 26 Apr 2025 11:15:52 -0400 (EDT) -Received: by mbp.qyliss.net (Postfix, from userid 1000) - id E07A2117F8; Sat, 26 Apr 2025 17:15:46 +0200 (CEST) -From: Alyssa Ross -To: selinux@vger.kernel.org -Cc: =?utf-8?b?0L3QsNCx?= , - James Carter , Alba Mendez -Subject: [PATCH v2] libselinux: be careful with non-portable LFS macro -Date: Sat, 26 Apr 2025 17:13:57 +0200 -Message-ID: <20250426151356.7116-2-hi@alyssa.is> -X-Mailer: git-send-email 2.47.2 -Precedence: bulk -X-Mailing-List: selinux@vger.kernel.org -List-Id: -List-Subscribe: -List-Unsubscribe: -MIME-Version: 1.0 - -musl does not provide the obsolete LFS64 APIs (like ino64_t) — ino_t -has always been 64-bit on all platforms there. That means there's -also no __INO_T_MATCHES_INO64_T macro, meaning the check would pass -and reach the static asserts for the shim, which would fail due to -there being no ino64_t to check the size of. Fix this by only -assuming the absense of __INO_T_MATCHES_INO64_t is meaningful when -another non-portable Glibc macro, __INO64_T_TYPE, is defined. If both -are missing, that probably just means there is no ino64_t. - -Fixes: 5c3fcbd9 ("Inject matchpathcon_filespec_add64() if !defined(__INO_T_MATCHES_INO64_T) instead of using __BITS_PER_LONG < 64 as proxy") -Signed-off-by: Alyssa Ross -Acked-by: James Carter ---- -v2: Made the same change to the condition in the header, as suggested - in a GitHub comment. The omission didn't seem to break anything, - but it makes sense to change it there too. - https://github.com/NixOS/nixpkgs/pull/391728#issuecomment-2832282846 - - include/selinux/selinux.h | 2 +- - src/matchpathcon.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - - -base-commit: 2647cc0fdca326b81ee3c08718cbe19b7866b53a - ---- a/include/selinux/selinux.h -+++ b/include/selinux/selinux.h -@@ -537,7 +537,7 @@ extern int matchpathcon_index(const char - with the same inode (e.g. due to multiple hard links). If so, then - use the latter of the two specifications based on their order in the - file contexts configuration. Return the used specification index. */ --#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && !defined(__INO_T_MATCHES_INO64_T) -+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && defined(__INO64_T_TYPE) && !defined(__INO_T_MATCHES_INO64_T) - #define matchpathcon_filespec_add matchpathcon_filespec_add64 - #endif - extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file); ---- a/src/matchpathcon.c -+++ b/src/matchpathcon.c -@@ -261,7 +261,7 @@ int matchpathcon_filespec_add(ino_t ino, - return -1; - } - --#if (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) && !defined(__INO_T_MATCHES_INO64_T) -+#if (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) && defined(__INO64_T_TYPE) && !defined(__INO_T_MATCHES_INO64_T) - /* alias defined in the public header but we undefine it here */ - #undef matchpathcon_filespec_add - -- 2.30.2