selinux: upgrade 3.7 -> 3.8

ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.8

* libsemanage: Preserve file context and ownership in policy store
* libselinux: deprecate security_disable(3)
* libsepol: Support nlmsg extended permissions
* libsepol: Add policy capability netlink_xperm
* libsemanage: Optionally allow duplicate declarations
* policycoreutils: introduce unsetfiles
* libselinux/utils: introduce selabel_compare
* improved selabel_lookup performance
* libselinux: support parallel usage of selabel_lookup(3)
* libsepol: add support for xperms in conditional policies
* Improved man pages
* Code improvements and bug fixes
* Always build for LFS mode on 32-bit archs.
* libsemanage: Mute error messages from selinux_restorecon introduced in
  3.8-rc1
* Regex spec ordering is restored to pre 3.8-rc1
* Binary fcontext files format changed, files using old format are ignored
* Code improvements and bug fixes

License-Update: White space cleanup for libsemanage/LICENSE

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@siemens.com>

recipes-security/selinux/libselinux-python_3.8.bb

@@ -15,7 +15,6 @@ SRC_URI += "\
         file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
         file://0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
         file://0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch \
-        file://0001-libselinux-fix-swig-bindings-for-4.3.0.patch \
         "
 
 S = "${WORKDIR}/git/libselinux"

recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch

@@ -1,4 +1,4 @@
-From dff260851ccecf9723a6ddfce0103e09f3ba4613 Mon Sep 17 00:00:00 2001
+From 626d07afcb8e8b3a68158e8a3ea1654620769644 Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Mon, 13 Apr 2020 12:44:23 +0800
 Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,10 +11,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index d3b981f..265f1be 100644
+index 213c7d3..92227cb 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -191,7 +191,7 @@ install: all
+@@ -193,7 +193,7 @@ install: all
  	ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
  
  install-pywrap: pywrap

recipes-security/selinux/libselinux/0001-libselinux-fix-swig-bindings-for-4.3.0.patch

@@ -1,91 +0,0 @@
-From 8e0e718bae53fff30831b92cd784151d475a20da Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <lautrbach@redhat.com>
-Date: Wed, 16 Oct 2024 20:48:11 +0200
-Subject: [PATCH] libselinux: fix swig bindings for 4.3.0
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-https://github.com/swig/swig/blob/master/CHANGES.current
-
-"[Python] #2907 Fix returning null from functions with output
-parameters.  Ensures OUTPUT and INOUT typemaps are handled
-consistently wrt return type.
-
-New declaration of SWIG_Python_AppendOutput is now:
-
-  SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void);
-
-The 3rd parameter is new and the new $isvoid special variable
-should be passed to it, indicating whether or not the wrapped
-function returns void.
-
-Also consider replacing with:
-
-  SWIG_AppendOutput(PyObject* result, PyObject* obj);
-
-which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid
-for final parameter."
-
-Fixes: https://github.com/SELinuxProject/selinux/issues/447
-
-    selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user’:
-    selinuxswig_python_wrap.c:11499:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
-    11499 |     resultobj = SWIG_Python_AppendOutput(resultobj, plist);
-          |                 ^~~~~~~~~~~~~~~~~~~~~~~~
-    selinuxswig_python_wrap.c:1248:1: note: declared here
-     1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
-          | ^~~~~~~~~~~~~~~~~~~~~~~~
-    selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user_raw’:
-    selinuxswig_python_wrap.c:11570:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
-    11570 |     resultobj = SWIG_Python_AppendOutput(resultobj, plist);
-          |                 ^~~~~~~~~~~~~~~~~~~~~~~~
-    selinuxswig_python_wrap.c:1248:1: note: declared here
-     1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
-          | ^~~~~~~~~~~~~~~~~~~~~~~~
-    selinuxswig_python_wrap.c: In function ‘_wrap_security_get_boolean_names’:
-    selinuxswig_python_wrap.c:12470:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
-    12470 |     resultobj = SWIG_Python_AppendOutput(resultobj, list);
-          |                 ^~~~~~~~~~~~~~~~~~~~~~~~
-    selinuxswig_python_wrap.c:1248:1: note: declared here
-     1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
-          | ^~~~~~~~~~~~~~~~~~~~~~~~
-    error: command '/usr/bin/gcc' failed with exit code 1
-
-Suggested-by: Jitka Plesnikova <jplesnik@redhat.com>
-Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
-Acked-by: James Carter <jwcart2@gmail.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/8e0e718bae53fff30831b92cd784151d475a20da]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/selinuxswig_python.i | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/selinuxswig_python.i b/src/selinuxswig_python.i
-index 17e03b9e..03ed296d 100644
---- a/src/selinuxswig_python.i
-+++ b/src/selinuxswig_python.i
-@@ -71,7 +71,7 @@ def install(src, dest):
- 	for (i = 0; i < *$2; i++) {
- 		PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
- 	}
--	$result = SWIG_Python_AppendOutput($result, list);
-+	$result = SWIG_AppendOutput($result, list);
- }
- 
- /* return a sid along with the result */
-@@ -108,7 +108,7 @@ def install(src, dest):
- 		plist = PyList_New(0);
- 	}
- 
--	$result = SWIG_Python_AppendOutput($result, plist);
-+	$result = SWIG_AppendOutput($result, plist);
- }
- 
- /* Makes functions in get_context_list.h return a Python list of contexts */
--- 
-2.25.1
-

recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch

@@ -1,4 +1,4 @@
-From 303d8dfe53fcd02ea5818f976369cdb629bc1114 Mon Sep 17 00:00:00 2001
+From 1048b80be8fe800fa343f26db833a6e89b5ba9ab Mon Sep 17 00:00:00 2001
 From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 Date: Fri, 25 Oct 2019 13:37:14 +0200
 Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,7 +27,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
  1 file changed, 1 insertion(+), 2 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index 265f1be..47e51d6 100644
+index 92227cb..7c71c65 100644
 --- a/src/Makefile
 +++ b/src/Makefile
 @@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
@@ -38,7 +38,7 @@ index 265f1be..47e51d6 100644
  RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
  RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
  RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -193,7 +192,7 @@ install: all
+@@ -195,7 +194,7 @@ install: all
  install-pywrap: pywrap
  	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) --root $(DESTDIR) --ignore-installed --no-deps $(PYTHON_SETUP_ARGS) .
  	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py

recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch

@@ -1,4 +1,4 @@
-From 6c2af45ec8cff9b282d599dc098db0ca127bdc59 Mon Sep 17 00:00:00 2001
+From f33b426680492629d3d8ed664049cbe584f26f18 Mon Sep 17 00:00:00 2001
 From: Renato Caldas <renato@calgera.com>
 Date: Thu, 29 Jun 2023 13:59:11 +0100
 Subject: [PATCH] libselinux: restore: drop the obsolete LSF transitional API.
@@ -14,10 +14,10 @@ Signed-off-by: Renato Caldas <renato@calgera.com>
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
-index 38f10f1..5b3d035 100644
+index bc6ed93..3bc0d8d 100644
 --- a/src/selinux_restorecon.c
 +++ b/src/selinux_restorecon.c
-@@ -436,7 +436,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
+@@ -438,7 +438,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
  	file_spec_t *prevfl, *fl;
  	uint32_t h;
  	int ret;
@@ -26,7 +26,7 @@ index 38f10f1..5b3d035 100644
  
  	__pthread_mutex_lock(&fl_mutex);
  
-@@ -450,7 +450,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
+@@ -452,7 +452,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
  	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
  	     prevfl = fl, fl = fl->next) {
  		if (ino == fl->ino) {

recipes-security/selinux/libsemanage/0001-libsemanage-fix-swig-bindings-for-4.3.0.patch

@@ -1,422 +0,0 @@
-From e38815d7b44cac435195c82a54d2bf2517bc4b1a Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <lautrbach@redhat.com>
-Date: Wed, 16 Oct 2024 20:48:12 +0200
-Subject: [PATCH] libsemanage: fix swig bindings for 4.3.0
-
-https://github.com/swig/swig/blob/master/CHANGES.current
-
-"[Python] #2907 Fix returning null from functions with output
-parameters.  Ensures OUTPUT and INOUT typemaps are handled
-consistently wrt return type.
-
-New declaration of SWIG_Python_AppendOutput is now:
-
-  SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void);
-
-The 3rd parameter is new and the new $isvoid special variable
-should be passed to it, indicating whether or not the wrapped
-function returns void.
-
-Also consider replacing with:
-
-  SWIG_AppendOutput(PyObject* result, PyObject* obj);
-
-which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid
-for final parameter."
-
-Fixes: https://github.com/SELinuxProject/selinux/issues/447
-
-Suggested-by: Jitka Plesnikova <jplesnik@redhat.com>
-Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
-Acked-by: James Carter <jwcart2@gmail.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/e38815d7b44cac435195c82a54d2bf2517bc4b1a]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/semanageswig_python.i | 64 +++++++++++++--------------
- src/semanageswig_ruby.i   | 32 +++++++-------
- 2 files changed, 48 insertions(+), 48 deletions(-)
-
-diff --git a/src/semanageswig_python.i b/src/semanageswig_python.i
-index 5f011396..0e27424f 100644
---- a/src/semanageswig_python.i
-+++ b/src/semanageswig_python.i
-@@ -111,7 +111,7 @@
- }
- 
- %typemap(argout) char** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_FromCharPtr(*$1));
-+	$result = SWIG_AppendOutput($result, SWIG_FromCharPtr(*$1));
- 	free(*$1);
- }
- 
-@@ -134,7 +134,7 @@
-                         	NULL, NULL, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -148,7 +148,7 @@
- }
- 
- %typemap(argout) semanage_module_info_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- /** module key typemaps **/
-@@ -160,7 +160,7 @@
- }
- 
- %typemap(argout) semanage_module_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- /** context typemaps **/
-@@ -172,7 +172,7 @@
- }
- 
- %typemap(argout) semanage_context_t** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- /** boolean typemaps **/
-@@ -197,7 +197,7 @@
- 				(void (*) (void*)) &semanage_bool_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--		   	        $result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -207,11 +207,11 @@
- }
- 
- %typemap(argout) semanage_bool_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_bool_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) {
-@@ -240,7 +240,7 @@
- 				(void (*) (void*)) &semanage_fcontext_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -250,11 +250,11 @@
- }
- 
- %typemap(argout) semanage_fcontext_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_fcontext_key_t ** {
--        $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) {
-@@ -284,7 +284,7 @@
- 				(void (*) (void*)) &semanage_iface_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -294,11 +294,11 @@
- }
- 
- %typemap(argout) semanage_iface_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_iface_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) {
-@@ -328,7 +328,7 @@
- 				(void (*) (void*)) &semanage_seuser_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -338,11 +338,11 @@
- }
- 
- %typemap(argout) semanage_seuser_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_seuser_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) {
-@@ -371,7 +371,7 @@
- 				(void (*) (void*)) &semanage_user_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -381,11 +381,11 @@
- }
- 
- %typemap(argout) semanage_user_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_user_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) {
-@@ -414,7 +414,7 @@
- 				(void (*) (void*)) &semanage_port_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -424,11 +424,11 @@
- }
- 
- %typemap(argout) semanage_port_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_port_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) {
-@@ -457,7 +457,7 @@
- 				(void (*) (void*)) &semanage_ibpkey_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -467,11 +467,11 @@
- }
- 
- %typemap(argout) semanage_ibpkey_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_ibpkey_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) {
-@@ -500,7 +500,7 @@
- 				(void (*) (void*)) &semanage_ibendport_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -510,11 +510,11 @@
- }
- 
- %typemap(argout) semanage_ibendport_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_ibendport_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) {
-@@ -543,7 +543,7 @@
- 				(void (*) (void*)) &semanage_node_free, &plist) < 0)
- 				$result = SWIG_From_int(STATUS_ERR);
- 			else
--				$result = SWIG_Python_AppendOutput($result, plist);
-+				$result = SWIG_AppendOutput($result, plist);
- 		}
- 	}
- }
-@@ -553,12 +553,12 @@
- }
- 
- %typemap(argout) semanage_node_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- 
- %typemap(argout) semanage_node_key_t ** {
--	$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+	$result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) {
-diff --git a/src/semanageswig_ruby.i b/src/semanageswig_ruby.i
-index e030e4ae..9010b545 100644
---- a/src/semanageswig_ruby.i
-+++ b/src/semanageswig_ruby.i
-@@ -38,7 +38,7 @@
- }
- 
- %typemap(argout) semanage_module_info_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- /** context typemaps **/
-@@ -50,7 +50,7 @@
- }
- 
- %typemap(argout) semanage_context_t** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- /** boolean typemaps **/
-@@ -66,11 +66,11 @@
- }
- 
- %typemap(argout) semanage_bool_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_bool_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_bool_key_t **(semanage_bool_key_t *temp=NULL) {
-@@ -90,11 +90,11 @@
- }
- 
- %typemap(argout) semanage_fcontext_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_fcontext_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_fcontext_key_t **(semanage_fcontext_key_t *temp=NULL) {
-@@ -114,11 +114,11 @@
- }
- 
- %typemap(argout) semanage_iface_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_iface_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_iface_key_t **(semanage_iface_key_t *temp=NULL) {
-@@ -138,11 +138,11 @@
- }
- 
- %typemap(argout) semanage_seuser_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_seuser_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_seuser_key_t **(semanage_seuser_key_t *temp=NULL) {
-@@ -162,11 +162,11 @@
- }
- 
- %typemap(argout) semanage_user_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_user_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_user_key_t **(semanage_user_key_t *temp=NULL) {
-@@ -186,11 +186,11 @@
- }
- 
- %typemap(argout) semanage_port_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(argout) semanage_port_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_port_key_t **(semanage_port_key_t *temp=NULL) {
-@@ -210,12 +210,12 @@
- }
- 
- %typemap(argout) semanage_node_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- 
- %typemap(argout) semanage_node_key_t ** {
--        $result = SWIG_Ruby_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
-+        $result = SWIG_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
- }
- 
- %typemap(in, numinputs=0) semanage_node_key_t **(semanage_node_key_t *temp=NULL) {
--- 
-2.25.1
-

recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch

@@ -1,4 +1,4 @@
-From a91134e98ba4b3b6645d12bb68a07976b60f86c8 Mon Sep 17 00:00:00 2001
+From 418a2736fd7da15758ab84f9448e7517e3ad82c1 Mon Sep 17 00:00:00 2001
 From: Xin Ouyang <Xin.Ouyang@windriver.com>
 Date: Mon, 26 Mar 2012 15:15:16 +0800
 Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -17,10 +17,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 27c5d34..519f298 100644
+index 2ca2e90..914d720 100644
 --- a/src/semanage_store.c
 +++ b/src/semanage_store.c
-@@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1445,7 +1445,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
  	if (forkval == 0) {
  		/* child process.  file descriptors will be closed
  		 * because they were set as close-on-exec. */

recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch

@@ -1,4 +1,4 @@
-From c96010440e7a2a87787a535fd0f9ccf26a2b4a5e Mon Sep 17 00:00:00 2001
+From 0fddb654b4193e91b8534cbbeaa5fd9b6aa1ead2 Mon Sep 17 00:00:00 2001
 From: Wenzong Fan <wenzong.fan@windriver.com>
 Date: Mon, 20 Jan 2014 03:53:48 -0500
 Subject: [PATCH] libsemanage: allow to disable audit support
@@ -13,7 +13,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
  3 files changed, 31 insertions(+), 2 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index d525996..2f5e159 100644
+index 8dfbd76..4012f28 100644
 --- a/src/Makefile
 +++ b/src/Makefile
 @@ -27,6 +27,14 @@ ifeq ($(DEBUG),1)
@@ -41,7 +41,7 @@ index d525996..2f5e159 100644
  
  $(LIBPC): $(LIBPC).in ../VERSION
 diff --git a/src/seusers_local.c b/src/seusers_local.c
-index 795a33d..6539cdf 100644
+index eb3f82b..45da825 100644
 --- a/src/seusers_local.c
 +++ b/src/seusers_local.c
 @@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
@@ -72,7 +72,7 @@ index 795a33d..6539cdf 100644
  
  int semanage_seuser_modify_local(semanage_handle_t * handle,
  				 const semanage_seuser_key_t * key,
-@@ -164,8 +170,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
+@@ -165,8 +171,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
  	(void) semanage_seuser_query(handle, key, &previous);
  	handle->msg_callback = callback;
  	rc = dbase_modify(handle, dconfig, key, new);
@@ -84,7 +84,7 @@ index 795a33d..6539cdf 100644
  err:
  	if (previous)
  		semanage_seuser_free(previous);
-@@ -181,8 +190,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
+@@ -182,8 +191,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
  	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
  	rc = dbase_del(handle, dconfig, key);
  	semanage_seuser_query(handle, key, &seuser);
@@ -98,7 +98,7 @@ index 795a33d..6539cdf 100644
  		semanage_seuser_free(seuser);
  	return rc;
 diff --git a/tests/Makefile b/tests/Makefile
-index 69f49a3..f914492 100644
+index 241ff17..fa03fb6 100644
 --- a/tests/Makefile
 +++ b/tests/Makefile
 @@ -4,10 +4,18 @@ CILS = $(sort $(wildcard *.cil))
@@ -114,7 +114,7 @@ index 69f49a3..f914492 100644
 +endif
 +
  EXECUTABLE = libsemanage-tests
- CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+ CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
  override CFLAGS += -I../src -I../include
 -override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol
 +override LDLIBS += -lcunit -lbz2 $(LIBAUDIT) -lselinux -lsepol

recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch

@@ -1,4 +1,4 @@
-From 7af73c1684ce0e30ce0cd58b51708bde1e3a1984 Mon Sep 17 00:00:00 2001
+From af4948d5a1cfb41338a7539dcd80735b5c250e58 Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe@deserted.net>
 Date: Wed, 7 May 2014 11:36:27 -0400
 Subject: [PATCH] libsemanage: disable expand-check on policy load

recipes-security/selinux/libsemanage_3.8.bb

@@ -5,7 +5,7 @@ as by programs like load_policy that need to perform specific transformations \
 on binary policies such as customizing policy boolean settings."
 SECTION = "base"
 LICENSE = "LGPL-2.1-or-later"
-LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=a6f89e2100d9b6cdffcea4f398e37343"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=03068f550c635f6520e0f0252da412fc"
 
 require selinux_common.inc
 
@@ -14,7 +14,6 @@ inherit lib_package python3native
 SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
             file://libsemanage-allow-to-disable-audit-support.patch \
             file://libsemanage-disable-expand-check-on-policy-load.patch \
-            file://0001-libsemanage-fix-swig-bindings-for-4.3.0.patch \
            "
 
 DEPENDS = "libsepol libselinux python3 bison-native swig-native"

recipes-security/selinux/mcstrans_3.8.bb

@@ -31,7 +31,7 @@ do_install:append() {
 
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
         install -d ${D}${sysconfdir}/tmpfiles.d
-        echo "d ${localstatedir}/run/setrans - - - -" \
+        echo "d ${runtimedir}/setrans - - - -" \
             > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
     else
         install -d ${D}${sysconfdir}/default/volatiles

recipes-security/selinux/selinux_common.inc

@@ -1,7 +1,7 @@
 HOMEPAGE = "https://github.com/SELinuxProject"
 
 SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=main;protocol=https"
-SRCREV = "2eb286bc0841791043567437ba5413f3014fb94e"
+SRCREV = "71aec30d068789e856e7cc429b620ae1cfa890f1"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"