package/libselinux: bump version to 3.9

Release notes:

https://github.com/SELinuxProject/selinux/releases/tag/3.9

For libselinux:

libselinux: Fix local literal fcontext definitions priority
libselinux: Fix order for path substitutions

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/libselinux/0003-Inject-matchpathcon_filespec_add64-if-defined-__INO_.patch

@@ -1,84 +0,0 @@
-From daecc54878e6768b3e6a2b2a0061d2690a63dea4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
-Date: Thu, 20 Mar 2025 16:55:17 +0100
-Subject: [PATCH] Inject matchpathcon_filespec_add64() if
- !defined(__INO_T_MATCHES_INO64_T) instead of using __BITS_PER_LONG < 64 as
- proxy
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The __INO_T_MATCHES_INO64_T is defined
-if ino_t would be the same size as ino64_t
-if -D_FILE_OFFSET_BITS=64 were not defined.
-
-This is /exactly/ what
-  /* ABI backwards-compatible shim for non-LFS 32-bit systems */
-  #if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64
-is trying to get at, but currently fails because x32/RV32 are "LFS"
-with 32-bit longs and 64-bit time_ts natively.
-
-Thus, the
-  static_assert(sizeof(unsigned long) == sizeof(__ino_t), "inode size mismatch");
-assertion fails (__ino_t is the "kernel ino_t" type,
-which generally corresponds to the kernel's ulong, which is u64 on x32).
-
-glibc headers allow us to check the condition we care about directly.
-
-Fixes: commit 9395cc0322 ("Always build for LFS mode on 32-bit archs.")
-Closes: #463
-Closes: Debian#1098481
-Signed-off-by: наб <nabijaczleweli@nabijaczleweli.xyz>
-Cc: Alba Mendez <me@alba.sh>
-Acked-by: James Carter <jwcart2@gmail.com>
-Upstream: 5c3fcbd931b7f9752b5ce29cec3b6813991d61c0
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- include/selinux/selinux.h | 2 +-
- src/matchpathcon.c        | 8 ++++++--
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/include/selinux/selinux.h b/include/selinux/selinux.h
-index f3cf5a20..f64896b7 100644
---- a/include/selinux/selinux.h
-+++ b/include/selinux/selinux.h
-@@ -537,7 +537,7 @@ extern int matchpathcon_index(const char *path,
-    with the same inode (e.g. due to multiple hard links).  If so, then
-    use the latter of the two specifications based on their order in the 
-    file contexts configuration.  Return the used specification index. */
--#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64
-+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && !defined(__INO_T_MATCHES_INO64_T)
- #define matchpathcon_filespec_add matchpathcon_filespec_add64
- #endif
- extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
-diff --git a/src/matchpathcon.c b/src/matchpathcon.c
-index 51f0e4ff..a4f65045 100644
---- a/src/matchpathcon.c
-+++ b/src/matchpathcon.c
-@@ -261,7 +261,7 @@ int matchpathcon_filespec_add(ino_t ino, int specind, const char *file)
- 	return -1;
- }
- 
--#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && __BITS_PER_LONG < 64
-+#if (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) && !defined(__INO_T_MATCHES_INO64_T)
- /* alias defined in the public header but we undefine it here */
- #undef matchpathcon_filespec_add
- 
-@@ -280,9 +280,13 @@ int matchpathcon_filespec_add(unsigned long ino, int specind,
- {
- 	return matchpathcon_filespec_add64(ino, specind, file);
- }
-+#elif (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) || defined(__INO_T_MATCHES_INO64_T)
-+
-+static_assert(sizeof(uint64_t) == sizeof(ino_t), "inode size mismatch");
-+
- #else
- 
--static_assert(sizeof(unsigned long) == sizeof(ino_t), "inode size mismatch");
-+static_assert(sizeof(uint32_t) == sizeof(ino_t), "inode size mismatch");
- 
- #endif
- 
--- 
-2.51.0
-

package/libselinux/0004-libselinux-be-careful-with-non-portable-LFS-macro.patch

@@ -1,56 +0,0 @@
-From bfcdaf2ff36d69a57810470f5405e5f27e51e01c Mon Sep 17 00:00:00 2001
-From: Alyssa Ross <hi@alyssa.is>
-Date: Sat, 26 Apr 2025 17:13:57 +0200
-Subject: [PATCH] libselinux: be careful with non-portable LFS macro
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-musl does not provide the obsolete LFS64 APIs (like ino64_t) — ino_t
-has always been 64-bit on all platforms there.  That means there's
-also no __INO_T_MATCHES_INO64_T macro, meaning the check would pass
-and reach the static asserts for the shim, which would fail due to
-there being no ino64_t to check the size of.  Fix this by only
-assuming the absense of __INO_T_MATCHES_INO64_t is meaningful when
-another non-portable Glibc macro, __INO64_T_TYPE, is defined.  If both
-are missing, that probably just means there is no ino64_t.
-
-Fixes: 5c3fcbd9 ("Inject matchpathcon_filespec_add64() if !defined(__INO_T_MATCHES_INO64_T) instead of using __BITS_PER_LONG < 64 as proxy")
-Signed-off-by: Alyssa Ross <hi@alyssa.is>
-Acked-by: James Carter <jwcart2@gmail.com>
-Upstream: 21dd00713ae99b13e36c632992cb171c6ec1abce
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- include/selinux/selinux.h | 2 +-
- src/matchpathcon.c        | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/include/selinux/selinux.h b/include/selinux/selinux.h
-index f64896b7..b1431e5d 100644
---- a/include/selinux/selinux.h
-+++ b/include/selinux/selinux.h
-@@ -537,7 +537,7 @@ extern int matchpathcon_index(const char *path,
-    with the same inode (e.g. due to multiple hard links).  If so, then
-    use the latter of the two specifications based on their order in the 
-    file contexts configuration.  Return the used specification index. */
--#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && !defined(__INO_T_MATCHES_INO64_T)
-+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64 && defined(__INO64_T_TYPE) && !defined(__INO_T_MATCHES_INO64_T)
- #define matchpathcon_filespec_add matchpathcon_filespec_add64
- #endif
- extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
-diff --git a/src/matchpathcon.c b/src/matchpathcon.c
-index a4f65045..240c9fa7 100644
---- a/src/matchpathcon.c
-+++ b/src/matchpathcon.c
-@@ -261,7 +261,7 @@ int matchpathcon_filespec_add(ino_t ino, int specind, const char *file)
- 	return -1;
- }
- 
--#if (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) && !defined(__INO_T_MATCHES_INO64_T)
-+#if (defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS == 64) && defined(__INO64_T_TYPE) && !defined(__INO_T_MATCHES_INO64_T)
- /* alias defined in the public header but we undefine it here */
- #undef matchpathcon_filespec_add
- 
--- 
-2.51.0
-

package/libselinux/libselinux.hash

@@ -1,5 +1,5 @@
 # From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256  ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c  libselinux-3.8.1.tar.gz
+sha256  e7ee2c01dba64a0c35c9d7c9c0e06209d8186b325b0638a0d83f915cc3c101e8  libselinux-3.9.tar.gz
 
 # Hash for license file
 sha256  86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364  LICENSE

package/libselinux/libselinux.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBSELINUX_VERSION = 3.8.1
+LIBSELINUX_VERSION = 3.9
 LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(LIBSELINUX_VERSION)
 LIBSELINUX_LICENSE = Public Domain
 LIBSELINUX_LICENSE_FILES = LICENSE