10 changed files with 869 additions and 158 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/libselinux-3.5.tar.gz
+SOURCES/libselinux-3.7.tar.gz
--- a/.libselinux.metadata
+++ b/.libselinux.metadata
@ -1 +1 @@
-9f1ca79a767b2a69e63e01b82d13cff9bc712f4a SOURCES/libselinux-3.5.tar.gz
+b4e13ef41333377644b50810c8b3b225f63366d0 SOURCES/libselinux-3.7.tar.gz
--- a/SOURCES/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/SOURCES/0001-Use-SHA-2-instead-of-SHA-1.patch
@ -1,4 +1,4 @@
-From 1dbd23dc2566b3fe9113bf09fd9e190dfd4651b6 Mon Sep 17 00:00:00 2001
+From 4884c917237e53e34d3fc75dcf4f07217cfd7584 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
@ -17,20 +17,20 @@ The use of SHA-1 in RHEL9 is deprecated
 libselinux/src/label_internal.h               |  10 +-
 libselinux/src/label_support.c                |  10 +-
 libselinux/src/selinux_restorecon.c           |  24 +-
- libselinux/src/sha1.c                         | 220 -------------
+ libselinux/src/sha1.c                         | 223 -------------
 libselinux/src/sha1.h                         |  85 -----
 libselinux/src/sha256.c                       | 294 ++++++++++++++++++
 libselinux/src/sha256.h                       |  89 ++++++
 libselinux/utils/selabel_digest.c             |  26 +-
 .../selabel_get_digests_all_partial_matches.c |  28 +-
- 17 files changed, 471 insertions(+), 393 deletions(-)
+ 17 files changed, 471 insertions(+), 396 deletions(-)
 delete mode 100644 libselinux/src/sha1.c
 delete mode 100644 libselinux/src/sha1.h
 create mode 100644 libselinux/src/sha256.c
 create mode 100644 libselinux/src/sha256.h
 diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
-index e8983606d93b..a35d84d63b0a 100644
+index ce189a3ae2fe..ce77d32dfed1 100644
 --- a/libselinux/include/selinux/label.h
 +++ b/libselinux/include/selinux/label.h
@@ -120,13 +120,13 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
@ -185,23 +185,23 @@ index c56326814b94..098c840fc59b 100644
 .BR selabel_open (3)
 must be called specifying the required
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index 70ba063ada5d..0c803d8d4aae 100644
+index 41cfbdca490c..658a4c3d80e0 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
-@@ -125,7 +125,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
+@@ -130,7 +130,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
 	-DBUILD_HOST
 SRCS= callbacks.c freecon.c label.c label_file.c \
 	label_backends_android.c regex.c label_support.c \
 -	matchpathcon.c setrans_client.c sha1.c booleans.c
 +	matchpathcon.c setrans_client.c sha256.c booleans.c
 else
 LABEL_BACKEND_ANDROID=y
 endif
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 74ae9b9feb70..33d395e414f0 100644
+index 2732972e61cf..6c6fe328b353 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
-@@ -1010,7 +1010,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
+@@ -1105,7 +1105,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
 /*
  * Returns true if the digest of all partial matched contexts is the same as
@ -210,7 +210,7 @@ index 74ae9b9feb70..33d395e414f0 100644
  * digest will always be returned. The caller must free any returned digests.
  */
 static bool get_digests_all_partial_matches(struct selabel_handle *rec,
-@@ -1019,39 +1019,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
+@@ -1114,39 +1114,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
 					    uint8_t **xattr_digest,
 					    size_t *digest_len)
 {
@ -261,7 +261,7 @@ index 74ae9b9feb70..33d395e414f0 100644
 		return true;
 	return false;
-@@ -1071,22 +1071,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
+@@ -1166,22 +1166,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
 		return false;
 	}
@ -293,7 +293,7 @@ index 74ae9b9feb70..33d395e414f0 100644
 	free(matches);
 	return true;
 diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
-index 782c6aa8cc0c..304e8d96490a 100644
+index ea60cd9a058f..77ac8173c7a9 100644
 --- a/libselinux/src/label_internal.h
 +++ b/libselinux/src/label_internal.h
@@ -13,7 +13,7 @@
@ -334,10 +334,10 @@ index 782c6aa8cc0c..304e8d96490a 100644
 };
 diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
-index 54fd49a5b7b9..4003eb8dc7af 100644
+index f7ab9292562e..1c3c1728f6ba 100644
 --- a/libselinux/src/label_support.c
 +++ b/libselinux/src/label_support.c
-@@ -115,7 +115,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
+@@ -114,7 +114,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
 /* Once all the specfiles are in the hash_buf, generate the hash. */
 void  digest_gen_hash(struct selabel_digest *digest)
 {
@ -346,7 +346,7 @@ index 54fd49a5b7b9..4003eb8dc7af 100644
 	size_t remaining_size;
 	const unsigned char *ptr;
-@@ -123,19 +123,19 @@ void  digest_gen_hash(struct selabel_digest *digest)
+@@ -122,19 +122,19 @@ void  digest_gen_hash(struct selabel_digest *digest)
 	if (!digest)
 		return;
@ -369,9 +369,9 @@ index 54fd49a5b7b9..4003eb8dc7af 100644
 +	Sha256Finalise(&context, (SHA256_HASH *)digest->digest);
 	free(digest->hashbuf);
 	digest->hashbuf = NULL;
- 	return;
+ }
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
-index 6b5f6921b82b..24604776974e 100644
+index acb729c8ad96..2422b415008e 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@
@ -383,7 +383,7 @@ index 6b5f6921b82b..24604776974e 100644
 #define STAR_COUNT 1024
-@@ -305,7 +305,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
+@@ -306,7 +306,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
 static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 			   bool delete_all)
 {
@ -392,7 +392,7 @@ index 6b5f6921b82b..24604776974e 100644
 	size_t i, digest_len = 0;
 	int rc;
 	enum digest_result digest_result;
-@@ -329,15 +329,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -330,15 +330,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	}
 	/* Convert entry to a hex encoded string. */
@ -411,7 +411,7 @@ index 6b5f6921b82b..24604776974e 100644
 	digest_result = match ? MATCH : NOMATCH;
-@@ -357,7 +357,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -358,7 +358,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	/* Now add entries to link list. */
 	new_entry = malloc(sizeof(struct dir_xattr));
 	if (!new_entry) {
@ -420,7 +420,7 @@ index 6b5f6921b82b..24604776974e 100644
 		goto oom;
 	}
 	new_entry->next = NULL;
-@@ -365,15 +365,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -366,15 +366,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	new_entry->directory = strdup(directory);
 	if (!new_entry->directory) {
 		free(new_entry);
@ -439,7 +439,7 @@ index 6b5f6921b82b..24604776974e 100644
 		goto oom;
 	}
-@@ -387,7 +387,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -388,7 +388,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 		dir_xattr_last = new_entry;
 	}
@ -448,7 +448,7 @@ index 6b5f6921b82b..24604776974e 100644
 	return 0;
 oom:
-@@ -775,7 +775,7 @@ err:
+@@ -778,7 +778,7 @@ err:
 struct dir_hash_node {
 	char *path;
@ -457,7 +457,7 @@ index 6b5f6921b82b..24604776974e 100644
 	struct dir_hash_node *next;
 };
 /*
-@@ -1281,7 +1281,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
+@@ -1284,7 +1284,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
 			if (setxattr(current->path,
 			    RESTORECON_PARTIAL_MATCH_DIGEST,
 			    current->digest,
@ -468,10 +468,10 @@ index 6b5f6921b82b..24604776974e 100644
 					    current->path);
 diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c
 deleted file mode 100644
-index 9d51e04ac331..000000000000
+index 452b0cc2ad5a..000000000000
 --- a/libselinux/src/sha1.c
 +++ /dev/null
-@@ -1,220 +0,0 @@
+@@ -1,223 +0,0 @@
 -///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 -//  LibSha1
 -//
@ -500,6 +500,8 @@ index 9d51e04ac331..000000000000
 -#include "sha1.h"
 -#include <memory.h>
 -
 -#include "selinux_internal.h"
 -
 -///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 -//  TYPES
 -///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@ -536,6 +538,7 @@ index 9d51e04ac331..000000000000
 -//
 -//  Hash a single 512-bit block. This is the core of the algorithm
 -///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 -ignore_unsigned_overflow_
 -static
 -void
 -    TransformFunction
@ -1179,10 +1182,10 @@ index 000000000000..406ed869cd82
 +        SHA256_HASH*        Digest          // [in]
 +    );
 diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
-index 6a8313a2c88d..a69331f1c6b5 100644
+index 47aad21ff1fb..8bcd44a1dc73 100644
 --- a/libselinux/utils/selabel_digest.c
 +++ b/libselinux/utils/selabel_digest.c
-@@ -15,8 +15,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
+@@ -13,8 +13,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
 		"Where:\n\t"
 		"-b  The backend - \"file\", \"media\", \"x\", \"db\" or "
 			"\"prop\"\n\t"
@ -1193,22 +1196,22 @@ index 6a8313a2c88d..a69331f1c6b5 100644
 		"-B  Use base specfiles only (valid for \"-b file\" only).\n\t"
 		"-i  Do not request a digest.\n\t"
 		"-f  Optional file containing the specs (defaults to\n\t"
-@@ -62,12 +62,12 @@ int main(int argc, char **argv)
+@@ -61,12 +61,12 @@ int main(int argc, char **argv)
- 	int backend = 0, rc, opt, validate = 0;
+ 	int rc, opt, validate = 0;
 	char *baseonly = NULL, *file = NULL, *digest = (char *)1;
 	char **specfiles = NULL;
 -	unsigned char *sha1_digest = NULL;
 +	unsigned char *sha256_digest = NULL;
- 	size_t i, num_specfiles;
+ 	size_t digest_len, i, num_specfiles;
 	char cmd_buf[4096];
 	char *cmd_ptr;
-	char *sha1_buf;
+-	char *sha1_buf = NULL;
-+	char *sha256_buf;
+	char *sha256_buf = NULL;
 	struct selabel_handle *hnd;
 	struct selinux_opt selabel_option[] = {
-@@ -137,7 +137,7 @@ int main(int argc, char **argv)
+@@ -136,7 +136,7 @@ int main(int argc, char **argv)
 		return -1;
 	}
@ -1217,7 +1220,7 @@ index 6a8313a2c88d..a69331f1c6b5 100644
 							    &num_specfiles);
 	if (rc) {
-@@ -152,19 +152,19 @@ int main(int argc, char **argv)
+@@ -151,19 +151,19 @@ int main(int argc, char **argv)
 		goto err;
 	}
@ -1242,28 +1245,34 @@ index 6a8313a2c88d..a69331f1c6b5 100644
 	printf("calculated using the following specfile(s):\n");
 	if (specfiles) {
-@@ -177,13 +177,13 @@ int main(int argc, char **argv)
+@@ -198,19 +198,19 @@ int main(int argc, char **argv)
 			cmd_ptr += strlen(specfiles[i]) + 1;
 			printf("%s\n", specfiles[i]);
 		}
 -		sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha1 -hex");
 +		sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha256 -hex");
- 		if (validate)
+ 		if (validate) {
-			rc = run_check_digest(cmd_buf, sha1_buf);
+-			ret = snprintf(cmd_ptr, cmd_rem, "| /usr/bin/openssl dgst -sha1 -hex");
-+			rc = run_check_digest(cmd_buf, sha256_buf);
+			ret = snprintf(cmd_ptr, cmd_rem, "| /usr/bin/openssl dgst -sha256 -hex");
 			if (ret < 0 || (size_t)ret >= cmd_rem) {
 				fprintf(stderr, "Could not format validate command\n");
 				rc = -1;
 				goto err;
 			}
 -			rc = run_check_digest(cmd_buf, sha1_buf, digest_len);
 +			rc = run_check_digest(cmd_buf, sha256_buf, digest_len);
 		}
 	}
 err:
 -	free(sha1_buf);
 +	free(sha256_buf);
 err:
 	selabel_close(hnd);
 	return rc;
 }
 diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
-index c4e0f836b260..80723f714264 100644
+index e2733b4195ff..98e533dc2692 100644
 --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
 +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
-@@ -18,8 +18,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
+@@ -16,8 +16,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
 		"-v  Validate file_contxts entries against loaded policy.\n\t"
 		"-r  Recursively descend directories.\n\t"
 		"-f  Optional file_contexts file (defaults to current policy).\n\t"
@ -1274,7 +1283,7 @@ index c4e0f836b260..80723f714264 100644
 		"<path> against\na newly generated digest based on the "
 		"file_context entries for that node\n(using the regx, mode "
 		"and path entries).\n", progname);
-@@ -37,7 +37,7 @@ int main(int argc, char **argv)
+@@ -35,7 +35,7 @@ int main(int argc, char **argv)
 	char *paths[2] = { NULL, NULL };
 	uint8_t *xattr_digest = NULL;
 	uint8_t *calculated_digest = NULL;
@ -1283,7 +1292,7 @@ index c4e0f836b260..80723f714264 100644
 	struct selabel_handle *hnd;
 	struct selinux_opt selabel_option[] = {
-@@ -106,27 +106,27 @@ int main(int argc, char **argv)
+@@ -104,27 +104,27 @@ int main(int argc, char **argv)
 							 &xattr_digest,
 							 &digest_len);
@ -1317,7 +1326,7 @@ index c4e0f836b260..80723f714264 100644
 					       ftsent->fts_path);
 					printf("as file_context entry is \"<<none>>\"\n");
 					goto cleanup;
-@@ -136,25 +136,25 @@ int main(int argc, char **argv)
+@@ -134,25 +134,25 @@ int main(int argc, char **argv)
 				       ftsent->fts_path);
 				for (i = 0; i < digest_len; i++)
@ -1349,5 +1358,5 @@ index c4e0f836b260..80723f714264 100644
 		}
 		default:
 -- 
-2.39.0
+2.45.2
--- a/SOURCES/0002-libselinux-set-free-d-data-to-NULL.patch
+++ b/SOURCES/0002-libselinux-set-free-d-data-to-NULL.patch
@ -0,0 +1,78 @@
 From bd6a803553a82238a9f618d1bb22f288682f8195 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <lautrbach@redhat.com>
 Date: Tue, 9 Jul 2024 21:13:36 +0200
 Subject: [PATCH] libselinux: set free'd data to NULL
 Content-type: text/plain
 Fixes segfault in selabel_open() on systems with SELinux disabled and without any
 SELinux policy installed introduced by commit 5876aca0484f ("libselinux: free
 data on selabel open failure"):
    $ sestatus
    SELinux status:                 disabled
    $ cat /etc/selinux/config
    cat: /etc/selinux/config: No such file or directory
    $ matchpathcon /abc
    [1]    907999 segmentation fault (core dumped)  matchpathcon /abc
 Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
 ---
 libselinux/src/label_backends_android.c | 1 +
 libselinux/src/label_file.c             | 1 +
 libselinux/src/label_media.c            | 1 +
 libselinux/src/label_x.c                | 1 +
 4 files changed, 4 insertions(+)
 diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
 index 49a87686de4c..5bad24f20d73 100644
 --- a/libselinux/src/label_backends_android.c
 +++ b/libselinux/src/label_backends_android.c
@@ -260,6 +260,7 @@ static void closef(struct selabel_handle *rec)
 		free(data->spec_arr);
 	free(data);
 +	rec->data = NULL;
 }
 static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec,
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
 index 6c6fe328b353..87dbd0e90f2b 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec)
 		free(last_area);
 	}
 	free(data);
 +	rec->data = NULL;
 }
 // Finds all the matches of |key| in the given context. Returns the result in
 diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
 index 852aeada8ff4..bae065c12a55 100644
 --- a/libselinux/src/label_media.c
 +++ b/libselinux/src/label_media.c
@@ -183,6 +183,7 @@ static void close(struct selabel_handle *rec)
 	    free(spec_arr);
 	free(data);
 +	rec->data = NULL;
 }
 static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
 diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
 index a8decc7a0093..ddae4f6c22b6 100644
 --- a/libselinux/src/label_x.c
 +++ b/libselinux/src/label_x.c
@@ -210,6 +210,7 @@ static void close(struct selabel_handle *rec)
 	    free(spec_arr);
 	free(data);
 +	rec->data = NULL;
 }
 static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
 -- 
 2.45.2
--- a/SOURCES/0003-libselinux-restorecon-Include-selinux-label.h.patch
+++ b/SOURCES/0003-libselinux-restorecon-Include-selinux-label.h.patch
@ -0,0 +1,48 @@
 From b0d8e4c5d6f1652cb103305f773ad5fae8a91304 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Fri, 26 Jul 2024 17:59:15 +0200
 Subject: [PATCH] libselinux/restorecon: Include <selinux/label.h>
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 restorecon.h uses types defined in label.h, so it needs to include
 label.h (or code using restorecon.h also needs to include label.h,
 which is not practical).
 Fixes:
  $ make DESTDIR=~/obj install > make.out
 In file included from semanage_store.c:39:
 /home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error:
 ‘struct selabel_handle’ declared inside parameter list will not be
 visible outside of this definition or declaration [-Werror]
  137 | extern void selinux_restorecon_set_sehandle(struct
 selabel_handle *hndl);
      |                                                    ^~~~~~~~~~~~~~
 cc1: all warnings being treated as errors
 make[2]: *** [Makefile:111: semanage_store.o] Error 1
 make[1]: *** [Makefile:15: install] Error 2
 make: *** [Makefile:40: install] Error 1
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
 ---
 libselinux/include/selinux/restorecon.h | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
 index 8df47445..210f65fd 100644
 --- a/libselinux/include/selinux/restorecon.h
 +++ b/libselinux/include/selinux/restorecon.h
@@ -1,6 +1,8 @@
 #ifndef _RESTORECON_H_
 #define _RESTORECON_H_
 +#include <selinux/label.h>
 +
 #include <sys/types.h>
 #include <stddef.h>
 #include <stdarg.h>
 -- 
 2.45.2
--- a/SOURCES/0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
+++ b/SOURCES/0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
@ -0,0 +1,62 @@
 From c89965eb2854db11b7b484b171beae092476ef0b Mon Sep 17 00:00:00 2001
 From: James Carter <jwcart2@gmail.com>
 Date: Mon, 1 Jul 2024 14:27:32 -0400
 Subject: [PATCH] libselinux: Fix integer comparison issues when compiling for
 32-bit
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Trying to compile libselinux for 32-bit produces the following error:
 selinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare]
 1194 |         if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
      |                               ^~
 Since RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32,
 cast both as uint32_t for the comparison.
 Reported-by: Daniel Schepler
 Signed-off-by: James Carter <jwcart2@gmail.com>
 Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
 Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
 ---
 libselinux/src/selinux_restorecon.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
 index 2422b415..93bd7779 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -1191,8 +1191,8 @@ static int selinux_restorecon_common(const char *pathname_orig,
 	}
 	/* Skip digest on in-memory filesystems and /sys */
 -	if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||
 -	    state.sfsb.f_type == SYSFS_MAGIC)
 +	if ((uint32_t)state.sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
 +		state.sfsb.f_type == TMPFS_MAGIC || state.sfsb.f_type == SYSFS_MAGIC)
 		state.setrestorecondigest = false;
 	if (state.flags.set_xdev)
@@ -1490,7 +1490,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
 	if (!recurse) {
 		if (statfs(pathname, &sfsb) == 0) {
 -			if (sfsb.f_type == RAMFS_MAGIC ||
 +			if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
 			    sfsb.f_type == TMPFS_MAGIC)
 				return 0;
 		}
@@ -1525,7 +1525,7 @@ int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
 			continue;
 		case FTS_D:
 			if (statfs(ftsent->fts_path, &sfsb) == 0) {
 -				if (sfsb.f_type == RAMFS_MAGIC ||
 +				if ((uint32_t)sfsb.f_type == (uint32_t)RAMFS_MAGIC ||
 				    sfsb.f_type == TMPFS_MAGIC)
 					continue;
 			}
 -- 
 2.45.2
--- a/SOURCES/0006-libselinux-fix-swig-bindings-for-4.3.0.patch
+++ b/SOURCES/0006-libselinux-fix-swig-bindings-for-4.3.0.patch
@ -0,0 +1,86 @@
 From 2ce1276a0476c7c44d3dad0423f1fde3a0f6d2ce Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <lautrbach@redhat.com>
 Date: Wed, 16 Oct 2024 19:57:10 +0200
 Subject: [PATCH] libselinux: fix swig bindings for 4.3.0
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Content-type: text/plain
 https://github.com/swig/swig/blob/master/CHANGES.current
 "[Python] #2907 Fix returning null from functions with output
 parameters.  Ensures OUTPUT and INOUT typemaps are handled
 consistently wrt return type.
 New declaration of SWIG_Python_AppendOutput is now:
  SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void);
 The 3rd parameter is new and the new $isvoid special variable
 should be passed to it, indicating whether or not the wrapped
 function returns void.
 Also consider replacing with:
  SWIG_AppendOutput(PyObject* result, PyObject* obj);
 which calls SWIG_Python_AppendOutput with same parameters but adding $isvoid
 for final parameter."
 Fixes: https://github.com/SELinuxProject/selinux/issues/447
    selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user’:
    selinuxswig_python_wrap.c:11499:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
    11499 |     resultobj = SWIG_Python_AppendOutput(resultobj, plist);
          |                 ^~~~~~~~~~~~~~~~~~~~~~~~
    selinuxswig_python_wrap.c:1248:1: note: declared here
     1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
          | ^~~~~~~~~~~~~~~~~~~~~~~~
    selinuxswig_python_wrap.c: In function ‘_wrap_security_compute_user_raw’:
    selinuxswig_python_wrap.c:11570:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
    11570 |     resultobj = SWIG_Python_AppendOutput(resultobj, plist);
          |                 ^~~~~~~~~~~~~~~~~~~~~~~~
    selinuxswig_python_wrap.c:1248:1: note: declared here
     1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
          | ^~~~~~~~~~~~~~~~~~~~~~~~
    selinuxswig_python_wrap.c: In function ‘_wrap_security_get_boolean_names’:
    selinuxswig_python_wrap.c:12470:17: error: too few arguments to function ‘SWIG_Python_AppendOutput’
    12470 |     resultobj = SWIG_Python_AppendOutput(resultobj, list);
          |                 ^~~~~~~~~~~~~~~~~~~~~~~~
    selinuxswig_python_wrap.c:1248:1: note: declared here
     1248 | SWIG_Python_AppendOutput(PyObject* result, PyObject* obj, int is_void) {
          | ^~~~~~~~~~~~~~~~~~~~~~~~
    error: command '/usr/bin/gcc' failed with exit code 1
 Suggested-by: Jitka Plesnikova <jplesnik@redhat.com>
 Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
 ---
 libselinux/src/selinuxswig_python.i | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
 index 17e03b9e36a5..03ed296d5b85 100644
 --- a/libselinux/src/selinuxswig_python.i
 +++ b/libselinux/src/selinuxswig_python.i
@@ -71,7 +71,7 @@ def install(src, dest):
 	for (i = 0; i < *$2; i++) {
 		PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
 	}
 -	$result = SWIG_Python_AppendOutput($result, list);
 +	$result = SWIG_AppendOutput($result, list);
 }
 /* return a sid along with the result */
@@ -108,7 +108,7 @@ def install(src, dest):
 		plist = PyList_New(0);
 	}
 -	$result = SWIG_Python_AppendOutput($result, plist);
 +	$result = SWIG_AppendOutput($result, plist);
 }
 /* Makes functions in get_context_list.h return a Python list of contexts */
 -- 
 2.47.0
--- a/SOURCES/bachradsusi.gpg
+++ b/SOURCES/bachradsusi.gpg
@ -0,0 +1,321 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
 qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
 vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
 K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
 lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
 CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
 AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
 3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
 kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
 TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
 Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
 tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6JAjgEEwECACIF
 Ak97JQcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGOorUuYLENzy1MP
 /2c4fH8eXWbqoot/vLE+hJ14k0leYOQhVSo4lNlxRlbKNd5MQSX/QjkQgJNECbB3
 LM0KxE/zwVOZ+umvmxLxNskOxjubE6NzoF7Sm9ydoqjwzenIpR9BVtg71mfjBOoL
 PNrst7tHRE5btSnnnOS9ddt/y9JOIvQpkjtBTI2TfVcp2b4Domg7i4qU/hJ7hu45
 5oAi6rPPkr0pcGiDKTqi46l7+9orsj9Mxs1XTmrTMMB/eV6PCU7Fo4WJNXS8SXd3
 sEVxXvpyYjUTTnDuewjT1q8NL7anrsckS16WYSVGKzRhqtP1Vudt1F/D5cWKVqQp
 vQl/XW/uQS2IsgEWsbRmIAEZIUOy4TnuF494C/A+1BbJBdUr4Nl9zPH2bjrJeqYk
 TsvGQr1icgO4pUg5oC456htkqCxCuPRqqrGDAZBx54TldgPwvCo31+aPQJlOlWvI
 uWD/depp0De3oTK9FDnHh3swE0vyn4Ht96+vM+KNnDYgJ1FEaw1efYePFACobvEB
 o2ZpLbnDyqAT4MzfHpHSbwzUOk52ZOnkl/KrUIOxhXtf4dxRS6J70Rzb+HWS3rY/
 LgaMO5Q0BJfbvknguKmE8dO8jx0pTlVER9ujqp+bVPXmFMha1j8vyGhJ3eLJZaRL
 k3jgfRjiUUb4lNp+hXpvBwIYeFWl5kFVKg2aPywgnnFWiEYEExECAAYFAlBq4WgA
 CgkQ4J/vJdlkhKxmjQCfevlawFaGTx58nDFN+4j/2U6uaGcAn2g1sZcTUrEEYHdL
 byAyw1GNLksOiF4EEBEIAAYFAk99mCMACgkQ/2iSBAM3HxDivAD+Lu8U54iGgL5+
 h9KpeV+ZlHgIpj4cD+BVL85L6AQ3GP0A/1TwZ1tS6Ag3ut2G6AL2wewR3v9Mgu68
 E0M5esz5of4oiQEcBBMBAgAGBQJPh9ZuAAoJEBliWhMliBCHMSUH/30V/E930OTT
 oWeq+QKkTJuMF0lrA5NaAy+xWtrynMKoiAuM0KFNGPfrPehkoxR4D+MKXH+xh0j2
 bHl6fXOHJCKZLhCtsC/o8j7kkjIJjixBlwYMul21rxecke7Zt4XpxHARJx4208Lk
 ztpzOd7ZnDP6KYav3itpxK8Eyj4g8N2omoTQ2Dcd+sCa0jgRkyskpPxdt0fK0D04
 XW7b1LZkxwzwrAGSpjAZVzpKBXANcSmUQDAaIhGvYSKoiwVe2eaE5lUmvAaJQaTr
 Ud/LCIwFofTLSaBRX8fEOe+UwvW36VtynPyETyROeTMp//Cm5e2CQVPoDv79soyi
 E/oUW9DFDhCJARwEEwECAAYFAk+Oe6EACgkQlGXZM5TcxIlIRwf/VjfbN3eVf648
 vXvDctsXfucl37i6Yue2COJiGYuZOrN7wYxVvH2to8P3V53YV9OqDpJl2NXUro1V
 iUjFHuIKp23VbtyBAYsrLeTMmHLjnXlaUPSr6JUDHUQhCF34BTk17e9y7tXlEshF
 YVyPlGum7JhyarHB2rRdjQk8kyTqmQ4yHjw/nP/HlvVxdgb+mTmudTPVBafOT1R9
 MJ/SN2x4bclT4cQ0hjNEy/TsFzVduQj8yNOMFG9r6p1Vb+u1wn3BTANIh55R9aDh
 3JFFIV/jBTkxukxR5iyGQiR53nl0e0qnQFxpfhFGclh0RktjrHZ3DBAzcuYXp540
 Vu9aq9QuPIkCHAQQAQIABgUCT4bdRgAKCRDCPZG7HYJE34FtEACfqPwWSItk1lNX
 E0HOM1YuHXFfMGURF1AotskJatwtjGy9oDUQkjfsPROnWjgH9s0xD2UmlTrjJfWi
 BdH0kTLiExVUOmvnM9VFMRhYxQZMwiHecm4FZ5IWUz4e05oGCkHFbMswXEoEG+qq
 btOfLNpX67yy/JM6We+8PiXV/c2vaErpH5S8YChb5wD9lEWNM2aPBOUmbzONM1/f
 EFd8AF6fUVYN7htuyG1n5zTv+oowmO2c0terJRGmMgVuLugIEnKKhaQ+H1K6bdZJ
 7mX4xxx5izEyYeYhi9DhBHSwCLhWR+Yilqkc5U0nrF+3Z+Cb9THHppi071OIQ7pX
 rGsQSpDzGRXCw0nKEBm0Li13re8cOoHMlPD0RHWZEIRZGSYX1YKBtVuv4kpSq8GN
 85lZSDKGRNtbJBS7Qj4vyOlOrBO1eyyd4lepQCe2Ri3gU97rek52tOM+fAIibz7V
 b4a0qbbphrz6PVMbDGiBxM92+YpdDyZGyL7wJ4g6DhRRcEUQahlZ1n7y+YQ60ETs
 zt7+kD08Zi2BoJpiMHsFfoas2pot7VePFxGutwvq0p+OHSVlwkLgOaORPHumLA8u
 J3BGlJTHsErUB2EEgdc/Tv1vsZzEI3Zi+hqw1gcbke21Ii8aDfshbeKW9hYJAhnW
 m8VdF3n80UX5Eg56iybrLCjEyiAEYYkCHAQQAQIABgUCT7yYRAAKCRBOBfZjp6Qb
 nnyTD/4gVbq8H5ka7fVdSAnX65/kFn5xkqGzbpCkjcqe/5uI2CvdYtjeQ4K6sm7I
 5RLoyu/EE/JPbCRHiucsEak42WAZSRte/Wn2yTQpIb0mQ0wXJvuM+Hx7DSx2R12P
 9rIZ4mGo/rEtdG7Y9Vog9M/XGx7w5IqSw2DF2yiYQJXsOzHjphfYB8JfoqjW/73k
 n4E2IRJtCuWhfiJZJ+GEGceSBIredH3o01ThtbAeh/gzPRF3FU1361zyA1sXtmGe
 qwnhNL1spHRlpub3cvAXQ8RSYrNdiFZB5zohNt+iL+qzVWaUJo+vYZal1Co5/roI
 HN5nJef8kp1ngaYKvf1hIVvsdQsilVQIXKFWMd47aU6W8gPr1W2+U4yw+q+OXari
 eo7gpH7/OvMSe/3wOhGVD8KJrMwAVnr3M4wo2CM6zlwxPGdltQI+IxDD8NTGTmNT
 rRARYRQaFQyqd1SrVt4sSkeoegrpOG4oWXya/v4SeXHD4vt8vvvX3A4szB73a355
 IfbyRXDER3EfFfW5c+BnR3bxhfATTE6T0AKz1Gq30Xm2ycTGYCAZ2yBKewaegTpx
 3O/E6APTXUnVWTIPQay8T4iVUiLFs7W1UFMY/RvmIvKKFIQWcm5O0L+27PJK+YSx
 Uoo1Ivt1pclTuetbRbN8VnR3K9Pp5uZ4KLz6ZkffmJg2sOSu74kCHAQSAQgABgUC
 WWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0nr47rA12X6dJ6+KIBE+XB
 QxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVdzvUa1m2yeNCFHOTjln6Q
 GjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaqZt38I2u0Pi+/qHDt0kLy
 RSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk2HUerg8VCAyQrxYtZtHc
 coyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROFm257MiH6gvG/V8CTrJfz
 lpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erxe+biBauFErYQPw3bg6xL
 1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZRHwRUPGRN07SbbEO1lDk5
 uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4V9d4uVDX3SsktOLMvtWg
 nL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zjq5eqotVq90HMBO9kqcjC
 YsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBprk5DSjD7F0/wnQPoq8PY
 HIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ8fvo6B91COe9jTF/H/i3
 A7NjR4kCHAQTAQgABgUCUQZ8hwAKCRDZsFd72T6Y/MoUD/9xxmXbPL2Zto6qECXs
 Q1GFuydiYlURxDsVUiuc1tSgEoDb8XcXl37l/IKX1QmcpvHMPzeT0g8sNwIXSnL6
 BNCnFcfrd0tEz8uBPxVnzMiGwaHP1kB6Vs6sNV31+CJcTz8BHHbOdXZnhHqXSb02
 SonqAYeWVSlE08Ejvq0HIWRn6NIGdGqv6icBExryJjS3ZChRFpvgAJwsVO5f6BKH
 oZnEn79uQR4XPHwuxRbm4hf6iYEbOhE7Hod6kTzS9vYIhyuTFTz5Kz/YxlMoZX/j
 TIYsX0nZ3r+Tshur8iUXJhKvvXVlGyrGO2HXfEuIpJqEx4/qM9jUNP0EE7aPzZ6f
 BP7Xq49Dx9lnZuSQ1jeXxEEpO+AND2xmnjCHr3EfgYZrrhCSxMQhvJh7wypkzu30
 D41BHPOPSotmM7WLceHWmYui0Wuq9X2hom5jq11XwACEtmNiP/odXjF0ovfK0d8l
 j/kivgrXAZdN/ONJapVSLkRMS71S6eln+urR9HfswEfM7IPt0cRwN1oNIhXmK14+
 XBWvvwvalfuxG2UfxD8K0JXMwARlpGlV8lXpuzDV8EcrvLipKpqiQWaJer64kaQb
 8qHEtT6+JNoGkymohrfeVagxKmPzDWR4v1a9lgZwY1FTRHNVPM0P8LWlN9q0CrYc
 poBwkhTMV1YJ1OBSrkM9IM2vsokCMwQTAQgAHRYhBGMZHOlBgwmGicq4237xN+yT
 Ww6vBQJjLRkzAAoJEH7xN+yTWw6vZSYP/36Bt4QhRtIh6HPWbHraFSl4omnuISu6
 lTHsqhik81nbIUiLZ5e/KN6ONSgD2jfMVQOLiPTQFOoxVZvOjaHmHvMuF7BCbr90
 Afh1qXW9txuPbVkhtC6hqIMn87b8UHEnt1l5MiafQnPHhoociqaqwfls/iu0nJGu
 Jf5eVMXpdeWRk+ckGkqP+tXp/0G933jibSdYqwG1Tsw9D98xnGV3a/+zIqRtJflp
 HPEjHPT6rVKAZxk7gkYSSsv6ONBwZHqwe9W1I+U4t6OPkGo5kNbMPBORB6/7B2Qo
 LHx3+KYZs1j6glI+F/8IX2+JSFs07saMnsDhE7w5FzmwWV2JcUt42RSf8DVub438
 jgA/Ht5yPROEJ87de78aD/t/gPq/Gm3bnUz1BW0jxBidjqg1qPOMYjC7n4dH8X0N
 cRfX6tWOdSXmDBbPg/vQi6CEIhsGVisKlnrgYi1wDZExU6UVMnBNvllUu9PXye+7
 51cIbrb+fwAWiwmu+AsL0qsjxZYo+9ozOLh9wLUhxOY5MZM82alN/mlUGzEiXN3R
 i7D3rDrNFHdI4LGGLbO2hjPYrG4hdNHS+6WbU6qYcpBEhrqBtnUjoVqIKP2boBLR
 ara7hHqVO120s8kgGtf/AoYpggD0H4qqUy4EFNjVdcL5T08w6ldQIYo7CEa1iHFt
 ML4bsPcJh8lciQIzBBIBCAAdFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAmMsvIwA
 CgkQVeRaWujKfIqNXA//fjCpyIPPd6RnJhagWH8XCp5NB4cCT+LqAIR5yZfz1QE8
 Qbzpoobz9ysgXZ5XjLp/lbVffGyg986j0wUtSW1+g3kJcYXBUKjSWoBwwmZgyZky
 95U+uklY8CdPjSeuzr2I5X/LogHNH1378d9aEmQXBfX1uW5g4Aqgnl0OOgkCVzgs
 FFOO2o1j6svrrDVG52/mwXhNRm0yYK/hFB8T3PO2IvMQGDGJLHl6N5Kl7P2jtkyF
 Isi4AEzJeop/2GJYXQ+VkUTSNRKQj8oOS5qe9/0RkF9uqeamoc81n2But8MZN2fv
 R7ug2EuG2LHp9/pwu5ekohXmY8EtMbVbU7TYKgduK0FMBaK36jXN4Bapakfxr1z5
 pwdDjN4QiqUefBQlG1CJ6fGrqbdAupzRRDqN974rs5HafnbxioYRYjoo4H0zC8XN
 UwgmA2wrwIIY/cyNCSnUuT8yVAnroPiFgmMoL8RM7C5pHQYh0u3fXPfvNBswjXmR
 pJ6mhTqG6SS4qIaPhqoZqA1iyA6+Ua3YLBDT5wqvuqNMnfLtLUvMuridmlj97cRc
 srQIr022NdpafDQVAiVhZO0CRyFd/++XT35iiDoiv20+LewC0VVza466AE1fkAme
 rKlurlET8U/+U0JB6IP77ErjMgCzotV8e1DJkp/M37nMeNzazAb//ovsdkNM6P6J
 AjMEEwEIAB0WIQRFaBEoRJtl+IDGF5c6hKlGtLpirgUCYy3RvAAKCRA6hKlGtLpi
 rvhHD/99Lvgf+CjbhwC87CoKX84MyAyBlYACCSuySQBnEsVigz8sCVyTYDx52h1h
 /SEj7XfTylAfIl1CjUedH4w3hk+7IN4scmhf5eeEMvQd8q+Q/hWQcXIUpwgKOcVD
 NbUgYcbakJAPtilK1CeQvDdBD+aYoMsJTsII/f7FJzwjPM1XGf5EoODUC8BtQf/W
 KAVoESwwAUwN6Y5XeYSwMqu1s7IHs3yNYLV8C6A7EQPVaVVlORqI+33rKyqAhK5X
 ErNvAREQPYJMfRnQlIW7alSORwdG0JBgVLgV+jvoFo4a1AQImHDDtKxs2X5BCVG1
 I687uYDBy5Assl/VxRMIUpx5+zWvXyDZX/6nlL7AMokTlyosgP4iiifBS+5KMhan
 phMgnDXYIJE10V46Bdw2tjd7wMKey6BcKgfbZSvU5z+SuVnQXCyl3/blRML54I5o
 EomXPg6lgVxSb6BBnaJXzx4JKgLer5uom1OGsLgPMqEHRoO3bucr2xFdtq1Zegw4
 9S3qDhQ3bn8pg9JlYwmAAhBd3Xy5cPv01mV6ompOQ38SlMCJzcAGASdMw5scaxUl
 7MloV2Nl32HIzPjK47bF7aVOFX7Tz+rEFLmJCchqmUSdxi42rJyHKVRqiAlNfZ9S
 9FeaEfU+vBxOHsLNqVO7ErvrTafT5fjphZqvUTqZGCUiJUjPnYkCMwQTAQgAHRYh
 BOJeJUyO5NMDVUv1r+xwGh2klMXrBQJjL1NOAAoJEOxwGh2klMXrYaIP/ifHM9eU
 UT6JD0m6Oa3P3T161NhOvNqr71LDSztClsWo3XX0+ZK3wpjoC6vKqgx0Cc8OL1S2
 GqwCaxb5JqWpsoqR3NW6bTqTTUGREj/e0JHDeBzv57OEUTe4ea7qzqjhCX6iyzHa
 qDP9fiAogMQ7uT2oCghDV5yo4JUrG5brw8GkMLEvRSs2BEv7xFAySRaGwNj+oziZ
 VzL7sBzp1bCr5cwNZVYxoo3VAv6FUcExp1TydxzPVB8/VvxOa4zrht+hFTn6mjUi
 NHBc7DYECgh4jlDR6TnAdvpg0FsujTXiN6A0obOUl9jGz2uFmdY+2ojlVtzqKXoP
 +PDz8o2zMrRoQYkni9VyIc536E4OFIhfO6CrThMjJjPNn22Tq+fzRYkWTrlJom9b
 nOldQ1BdUXQt2QNigdzqjhZTIgF5OEOTERh80dvwIbZ+7vN00BOsuncR5GUBQerU
 F6+SksVRAaOg2lyoDdxUQ+Z28RU8R/n7VjMV8ctFkQvHHLBqKkpET8LRh0C/jSNh
 gB8zLPc3Oa4wTf2xZWO58S18esbYMr74vRYrsACbmwxH5Tz+L6Br70Fmcz608+IQ
 ESKW3657gemZgFud3AGokzKG5AuWykSinydiZbK8MRGLsdfPUojaVIgXFqnWKtkH
 At9gkD8YbqGYzuVwBnljBNRdTUMk0ClgV6pjuQINBFom2R0BEAC9k1Ky6AIe9sPP
 xrgsrXRe0dyYcoHufzeU3jFssl3+S4cRuvYCzdZfRfdjfHa4n+CxTaOd7xkefwJg
 GpaR9KJbu8dqHm61GIiS5ZbMCRU8FAW6ohVeDqEwFrPAzZjtO41OTpeXCrPu5H5A
 Tg/kDnabzlD2H8JWAqr0DYRRhFtJUihXUey9zK03wSjUi5E1+YHUC/fOpbS+msNN
 945CeQNBN4Ljap9Q183Fkh0Wm4Q8C0OS1WN8a0XtqSALRCGAZ+EV6UrmQVP9PCC4
 /J0hoKQPv2bfpBAsrUGAO3Fnsw7804i2TY7O3JA8gGDYX6fwOVJMUXdD7FX7LM2P
 pESqAdPrjqmPqHT8cPfq27GYgqHv3N4hP9Rjt9wxmHYFbJT0YCHw2ZMiAO/VcvvN
 miGr590ZFiQEb1MJN1r+h5UDE1CtF6nTieirSXi9oMilHlo2NY5nAItv/T9PKk4X
 +kaH3UoicMxrkT34tACGwxi4VIRYWL+ZquxE+bwXqAvbGJ0p3XbyREURCaO96J/2
 w951EvZErpFRQu4zzClmoMiNbwkQ8QdesSaqjMirlHyFI8T9BZrXbPazdVNUwfyR
 LFil1q/kgXjXeJDoje73UiyGhqhlVOlEbunGzCwEBzrtQdPTDeFQr476/4pe0v4u
 gdNYkL/gY8Izodn47d1XH68AuRSrzwARAQABiQI2BBgBCgAgFiEE6FPBhIsBhc9C
 hk3zY6itS5gsQ3MFAlom2R0CGyAACgkQY6itS5gsQ3PQSA/8CZGTxQDbD2oLkGb6
 tyECIs5A1RsfwJ9aj0R/HuEO39ki8yM88fwi8F5AfzNcmYwp0rxyYDDYM0itObSv
 A9WBB8YFZ2PKT1YHrwTzWbne+spmQYDRdFt+0Kx0JLvgv7SYvQ1jNdCazixH1SAM
 9O+Tn5oFybVHjRavWsQYHp1CvXY5kOHOEDHhz37pGwFvyVyFdSYS5PWT0+0XU/g6
 Uq2HeFCurhUGuDXJ6WA6Ipvmu0vbi8GpyeiWCRoG76sqbBfQ7dd0oDMUHitewWGq
 LP1Kioke9hu5p9CbkjYwGZjJWZEV6WHxOmICfFcBRPeIJyO8Kfa/vVBfQZj9fhqs
 3sHSfAGIdKIB3tX0qKhMRdu/QoM14YQ1yK80JTUUOcrKLDt6QJinF1UQ/OcYQqGB
 CXaRk1OKGFuuij16QudnX56+aYbNPltf7cLs1O7aodQcRxmMSgxSE/2ckthPYBsX
 PWuDMYZCb3e6JMWsdnCI7iPpoPFAJmId7SWJebXZxntoX6YwZ7Tx58/QMLEqxMfE
 ExQTAFg8/owvxCG12KaharLr4GpLx0aU39QEJenG1LqGLwiQh9Vxsejw+MkebZJE
 6zhs7XBpenrd5c9OFOtb/Goxwal/6UXz7a62jZ7wDNpJw9xOfC3/eX/56+6dLVef
 RFj/LOIu9reM4boTiY2dmGj1QC25Ag0EWibSSgEQAMhQB2Q329FSozPk7V6dYBO+
 jDBMr1jHWvNMCR/2DkwXfDAKK3haSWSqr51/wua9skFRezQvc9PhgvOIJi1jsxRf
 xNoM82a2OpYJdj16FG5RVQ/ApojiywNvp1YPJbmq4DfXSuUA6q+OephsFLrx2cPY
 nyDQaI6mrqTBecET4cdQTZK0nKKUPj3U2bI96zTBIYK8Kr7GMKXm8R1eV8bktwHT
 HyDjI7hN5EjZViYqZYDQ3jt2vC1Aj6XpFw5K7Sv6f0l91zyjfcu6Llsfo8xtRhAl
 lub8EBuO6ljJ5uWqDgjqTOkDXcIAUkhUCg8ztweR15zgJQQ/On0XDcHLtyi7zuQd
 xNaKYKkD3oROTqce+YbNN3qnP4bV0qa0JLlTOrE/0/zmif7Q1zYOidcmMgGeF6Gp
 pGQkkxY4gSKet8kD8h4AZXGlpFu4e9sue1ENDRmgWaqSzIWudMRZ3z0/s9EGNNiW
 60nwJ1NBoySeQEmnwMzAHXneRM9pRGQ1S3/CKttq/0eWEH3Y/Td9xi4DNvTXcvgJ
 uUUwoclWP2PCPg3zE+EQ1q/Kt2oYrT8NcemM9EO8btNzJ/Y1wSDLFAFNikHwYjTM
 86jWoeGhSM3fD9HJjfqoB41gDKvNIVlhQavhe6df4+AoCo/mGosLYAPFaHHdkmqn
 eT0Y0BnTRIS9yLcO8CBVABEBAAGJBGwEGAEIACAWIQToU8GEiwGFz0KGTfNjqK1L
 mCxDcwUCWibSSgIbAgJACRBjqK1LmCxDc8F0IAQZAQgAHRYhBNalthyaVTQWgpLb
 Z74iCR4+9iJ1BQJaJtJKAAoJEL4iCR4+9iJ1D2AP/1VMC8KOmzPYyiFY+1xHu2rv
 siB0f80GH1jXwDSM/IKvsH1axCD0hMV5sSi52epCov37czSlR3MpQjo0xK32wJB9
 26AgbzJYZO48qulDUXUhPWJ9bxiyIcxI/3KEspY1RMoWv8AfYA/qSma1cSdT4IMo
 SGJzPh3RyrUpeFP5QT02oGa5TuSQPiJwy/b9u+RVOi1SSqzHMJdKzZehGays65Pd
 jC8Xtf4ipdYRBr6mIyUISOB+FBkY2MttFzNDUBdDrOepyjStQLZ1vUXnYKIiSRHX
 o3XTW/W8fh72o26zeDbQcALywQMZqnwtrZluzKHZxF07whKmXvw9pUHXX6hbJDvm
 GVMxnB/F6grPNi/V+Bv75sKOdImgnJBUp1Jz7288SPbNQwrqFKV2ZD3f0PFmolFj
 Cz/Oc+UUk+swfnsT3pV6LClTThsOH8WlKJYxZLneX75HuVx4CmT+qv6GlFQuixjc
 H0LtsbbSjAx7J2LRNVtfI+2DfMcIi8KJxe69MAKGqqxDyDPSWeFrs0MHmyD6/6m+
 GTovgUT5jOZbR6GVKelW054bmby0zQevWnRieANVeFoFsnwclJnqKIRzQiGod1p1
 b8HhSCw4nOeOQSifaOf3zcnFhYyByDMOtl3/AqGoLp/61u3Bk9h+BP4VPR3RUWzc
 ggjmxJM0MrLzjaSXSedjzuQQAIq9g35FGpnaB8d/EjufED1TVSOkvNK/qJ+dD4Xz
 f5RvnbprofMnzfEyy8jJ1Vqc3QZQU3IDQt/Un2ZywX0OboKGAIn/gyfwdkpnxJ0j
 JoxRBuMplNpfNBw+oe0nFuozO9idFozKM+SWoE051/jvGHp1FqEPLnAAGeSbWB0L
 RlAsnMjc5u6+SKHeFGRKYg7U0sO7ZKbVIT4ZmRnsQLDakHwbAgfcIakh9Whj0Ou5
 r78Cs+DcM3XAdtZ04d81jV5TsveR8/Cn473c6dvPIfnA2P4uClTCaCDv+jXG2f9a
 FIuJhYCO+TdYs7qjAsXWngJUebRFiHbfSuYDw92/eqLdKD1Hoff4MnW5YOtDpp6E
 sdCDuINeRtUtnidw2vIPezX+xdmycXIq9Fb+GvKrIDsKu0VO8HObVviLa/RE11ds
 EHYlrarj4mqzS2MhvmU79Bazg9rDDB4WVs502n3uJaf6Sod/+ke1c3ff7AUPox2n
 pjH/bVmkZJsOq5EqcvlH3m2FZUHSFWS/yTR1rPuJoHBMHVc4OPlTuSqT3qmKL2vb
 vD1l3D4zHZs1paRLddYXiaex4qPU/0YpP61XU070MmFGYE8Z43TbMPHu/6LYBpw9
 p5Vj3VZwn2edNl4LGx+05hIABzM23I7JoQ44uPoTbohmYXF/DUGJ6h2LYdp81AVC
 lSFWuQINBE97JQcBEACpbBqvDl8J65jEhPjOWczcDVB+WfG7GBHB7T6RxSNFIahy
 mDqzx73zZD6n4NnZogPDPopYdRJ56u5AfF0bDZlgebl8+VEgPHGoay74Gf6k0B+c
 pEkp5PaWQHHEqXINotVg29hTsf1u0sb+yjgcc+9WHw3MtpChsgk8Rc5N8Xvr1FJc
 L+xynSvUCcLIwfgvLHYPPBYGIRpvz4ek/zgHvaGftDfnyMwrMbgi8kadrSb7PQgc
 eWeTL7CQN1B88TPJFqKt/QxMdXaPy+Cr3P4XVy5V3/QEVFUizrtCCqJgxHMAeCP5
 QxwYEWmA2zxUzGA/t/QUDFbccKt2BdpdKBFtHLliE+yn9FHw98JayjhAJxxeCkrp
 MED9N2aGHI1q44sbmeLKQ8EuIbCamfq7fqLXgkEy8jgivv2J9YfXejjjEobGLkss
 Jlxaq9JeQgFEVl6f0jJ0PgkYPd11RxTcVLy4RB417cxc9LHcoKdAtcgBTcZXPPYO
 L+eM9S7rTvFTna9IdF4bbnJFNjHDMhb/9XomxxBsekpTUXEm2DGoTpO2W/jwWcZY
 LVrdhikkkF8b88EdWk94fUTcFA90I+Ch0YbS8XGM/WIklrMGa0JpA4OQW5oMhKDn
 gqAcV7gxRYt6ylBPVh94/AIMz++wmfqBxETFP8HMgTVEApLBLjwru9B/4lRStwAR
 AQABiQIfBBgBAgAJBQJPeyUHAhsMAAoJEGOorUuYLENzegsQAL6NuhGuzQf2GELc
 O5J8/BW2yF9sxHWDLrw0Pntq8D35kgGfZLB52tN3DI4NwL0vE931bXC7ovi4kHPS
 sazv+WPUckYfJ7qskWVD1yDtHsADduwudJpAflfZ4VIvMJqJ7FUw5Fy9ennw/Idp
 H7LC+ubn6XT6Kh9oKvVmp+BQEOsdisjVw848Thik+gS08WvAjK9m+g7++FFwKy08
 5iXuuqZpvi94eU1QPvzxzzRZz6M4gQaz+pCq/5yf6I+Hu8G+5nq2foFN+G7FRkx7
 KJmJ3SAEsG3M23V9MKWON49ZbhTe5xW+1at/TKKoNGzNIYs07jApR2/E4J57yMWj
 zsAqg77hTDRiV0jhHl0DJw3RHFi3z+SrK+6ie6mrq8WEPj62q9qdM8dFs+y5X3UT
 x0nxly7GjOxxhi+Nt83PAG2wVFpqmhVLuyPnruvxzyrVFc8Dvx46DiKCzt4PPK/Y
 +jnVIQ7Jr2Jm2ZCpzZZT5QNJuDp46mKHlNBkvSy3q3+pM6cM8vKSuCFd9+dw3dX/
 GptLebMrPOvLVDl4Bm9hSmG7rLpJy8U8Ns8pYSS1zaxHM8KqMaPuS/Zlx1SRIj/E
 afefnHd5fIlmsH9C2O5fb18SFjmD14FCLcVTG7bwh3ZfbGo9sOJSShPxppPW2OoT
 jwfANmj1cSg/VFr1d4HAEc83jFgumQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa
 /Fvc4T49tqxcc/sY4uVlGo6oSi4fQcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6L
 yYFmX2U9VRTcyITdmJs8itkEaDwq8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1Gx
 uV44Ihlh6v2YyqSzDG/rZur771hke8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYq
 OeQhxGIxDOHo7QhzTG+SlX+uQq6mzACKygVJJl33toaUwVAX5R02a0u67A5wC0wh
 AoLSHInc3P7ayivWV/iESAz+gMIkuvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQSc
 qA8F0x4OChCixbZGZn6Mr0u8+01VCEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20L
 GHSbjJLcnqLLFx3LDpI5dAxo5K2kFvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpU
 maPnMTiD5yvnFzEihM5L9DuaWqSK3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMt
 aKWf0HkAsCP0BLJcS9Oc1/0I0+gC4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+
 gi34CxWMl2Q34OSqtS37mzzBu+UZxffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoy
 eG4J2ox9JRANZXLh/i7mNwARAQABtCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNo
 QHJlZGhhdC5jb20+iQJXBBMBCABBFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZ
 jyYCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUX
 nPGeAA//ScQ3kJMqI6FRULXo0aF7CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXR
 BSjstWkmOXP/UqkN7bNeXH/S3D3GCJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kW
 vuBuLvUdm23cntv49gAzj+ElDqCxtT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK
 9Dt8tHriQyI410qFRMbi3QxU+iTJ79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4
 knt9E6zhegUWN6zErl2HY8FBM2P9eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1R
 UUl1V9WFEaMiLg/Z2rmbD8LX9YtfYlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsq
 I/2XS3BTLPyjuqAYnXxrk+T/Cydcg4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46V
 SDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCk
 Dczs1rxd/o8Wfjo1vwRHW84jZrCP3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwl
 V103RpRUK4JidwHsmYDVk6pgeUH69hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7
 hBj2l+pV/uzeA0akL2dkgfJc9pAf6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPJgEQ
 AMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0P1/I7SfcJU9D3wX8c4vm
 xkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9XQEuU9OtJsZn1ZJ+Ynh6i
 5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64G2u8Xtxr5yqlQJEUThV6
 280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3QhlWhHVjJlJ5hCLiktwF
 DyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJMoADqBThf4B69BxjJ7Yg
 7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO17w1qScrOPRj6G1IXP1R
 5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvCJvPctDE6EV2vaiRy5N1f
 QjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQlDdeHRRd1q03TKAg/byP
 auAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XTxMOjB34SzqPRWzmLPLF6
 YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd7w+/qUYbfKwO9eJOWzuU
 WajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQpABEBAAGJAjwEGAEIACYW
 IQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJA8JnAAAKCRC8OQXyNRec
 8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB56Cu7ElIpr74sk0R98Ia
 1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKThz33waTru9IfLhCrRSNd0
 ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzYeikqVUYzS143cSzMEwtv
 PSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3q5OlpYxxw+X62vslZ2OM
 iKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKhC/BcWpEYSjfPpVua2oKb
 ccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDyBGOAxBeiOaOnZ8vLBzy7
 2HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62FG3I4zK985GtrXAHEzN/F
 fd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutYzVE8lF+uqcduPuq/rTcU
 BuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1xpPueDBTzvoGDQRqc2eoX
 pJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr6RFgWdD008PsGxUevIDg
 MAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBiTakEP7kCDQRjWY9xARAA
 rEkjlUH4hoSQAkVJCWWk+nF+daAP5IszrGEQH7TyOVwXbRZndSPFSUqKU2kEgHbM
 m+wFYoZe95h9tjDh2sLCs338pVu5Chhz3dNseTF7/rbckw2rCU+JbalEiwck7tKL
 qobvbh77jnrbQnkrZNc+nMeHHLrYyc5gHW6cSn4UlU42MKmTlSeOG4Ly9wXhgaKC
 heIXNX3U/D682Tffl7Gopcm7pPZF92dwY4nIpCxU2ATimkSyulbhzk2CjZ1JYUJ1
 LHctMHm9F0LEGtc1GxDShzVZP8dOWpDs9BBwZDLXxCzC4rvZ+z5BJCDFbuNTKZQ5
 JEoW2sM8yP1LLZGXz44hsab1aPrvB3vcdS5ETP6bqT5267ZiotdhUifU/pTV5ze4
 7wNuaZenQtGd9olyh2dAqOk2DQrcBQFA0gRp55b4U62hLTYXxT+7jEbSVAxeXDPR
 qPvqh/4kVn86llYjV6dAoASN1wWz423QH3u4ZK+S6g8HZ0HrY2+NBYgqthb6H/X6
 FiF5VcHWstkk967g4Xt0PgN/rlCtpXh4WK9sScX/CFdOURsHlb78ZN2LexaYaVBq
 QuqvfHaAPJaIElXqMheZ8aYrO6Df4yzJ+6eTs3s4PqM6EMir5waFonx5Gh50X4xL
 9p7IVqgNPhQsU8Z5U5hGYbmUH766GtENv4CI1upFA1cAEQEAAYkCPAQYAQgAJhYh
 BLhoKEd2TfYN9S2ZLLw5BfI1F5zxBQJjWY9xAhsgBQkDwmcAAAoJELw5BfI1F5zx
 4cMP+wbjKu2xCr63oyn+lo7NqMDLBYl4zHunYTZhG/egDakVWp5Ikj5/k3i+hVSY
 fUyUhqQ/b/H096ropB7GA6EzS44GS+hLMdQOJOmEbjvAP/9dJDX2FQnYZzaA2f/e
 Ikgaw283oOLnmYz0x7YAW/oxlnPn+7Sg7DGGqqn3nKofDUUrowfX0tQGwkGmJJqQ
 gOH/ZfU4t51UCKzF6hWRbberBI8ezp24vYngA2kGef1fCUC+EIFhoYcdHHCtC1Ti
 KmOUaeB9ZMiVXkP60fmCLKObwcKTyYpAFPqM05xgsMPFaXN+fQ7YVAGpCdthk53N
 5Go+QqehwLoJk77CHZxIWJIf43p3UiuH1FsuXF7OdExzIhUSiUum6MoCI8BpVwn9
 uSKfXKLOdGDR6IJI8jqdC9LYoXqxZtDhpcqD70hFWJwJzZg+U2SvxZyhOqwtKXtD
 TDtee3yGzPacSAJD7mFURc/DRi62UBMiFcqO1YW/5LgC4yjtzo7MTQPkaGbQLduH
 IlCKa8pHWPqaLFdMawwqNrTNHWXCD4XxijJYwdAue3NUG/utekNm82mqnbbWw/AX
 URIzefQsbyqiNYMztudJ9hAS8yCdkfb9SKVIvWYPQ77tHltOZF7K/NzOGeJaJr8l
 vqZCfXpWmOduTpWaD2kIvU2Kx7gB4jXdMa2ai9N+/Hdr3lLouQINBGNZj8YBEADg
 Y6HOawiThxQVI+0uvAAU9yisew1SSVO6mAsQtZM7s7BpLA3RGPj3UGojZIeejA+k
 fq7A+PVLBhz/kSBTtw9/s3o4rlqNzz7SLaix6XKWCpHOBs84n3/LF6u9KMMVk9vT
 sjKz8iDF9mBR2bmCfLvEk0HDiMyApv5SbOsZMB8k5PWyK8HYPyMI5umEaOsaC3tA
 eihO3nzAxEf3oZl53J1pIw+ecdrQLbWbH0aqKngfCddD8Q0oMr/Iwly3W49+5eqJ
 oelR9/dut/dg0a3Nn1wIGYRzC62CCsF5IZwKdyPh7nilEUFpA5Vlz+HfIFch2LfR
 F3Q/GZD8fKzKxhjDIdgyaWSTsMbityKxX2G/pcjshyMsZT7I3Hx7SwQfFro58s2D
 FsFLEZgBhJv+nW/HckeedaveXmXdHKjtsa8+rvGADti4wohOl+N5tbpYW3/zR3AY
 qlh47hG0ikUJ8Tusnu865j3Z5mE+KqS68ypRVBMRrdJl2lGPDCnXGhl2720VPNMC
 /jB2Mgm/L1mvQM1jPfdC3KgokDAH5NMzKvav6A71aLSUJli3UdkGHkX5d5urs3k3
 WmCt7XeTb30MBvNzBcSYTbw2UGIRE8G0CFc3wtiWWiQKPeFXYhn0+COCoW/EXpIC
 VaAuMPMgcsldM13bKGyGo3NngsNEdopNFfr0KKW5XwARAQABiQRyBBgBCAAmFiEE
 uGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj8YCGwIFCQPCZwACQAkQvDkF8jUXnPHB
 dCAEGQEIAB0WIQQb4sD/CJSWIxAv0lZGlYgcJUUI0QUCY1mPxgAKCRBGlYgcJUUI
 0ZkHD/9TlRvAaZETf+pv4/IceeL3KHwj5lrC/gojXxN0AjhAXljLSRCu0EyICxZy
 3158h4k0vwjdv8699yHEN97PdF84m81mqxOz+juKBRHFK/EwAAgOdSlzGnUYgNkm
 mCROFWtjeneNWaFdEnq9MItx1OascPeyxnWMjq7LLYMSESP4tgUV5KdlaVAXR6q/
 833u27/NodkDcNH2UK+IyT+Kt/uCOoIIL4ttxo/PvZTphzV8n6s0sJJE3/BrRxgv
 CTkVU6zosyJsyau8/vayQYGPuBuEQVs4Tr+vZ42izbkHgElcZv9oYjJsxaqZqqMz
 fWPte7m6Pl/pvtmlhPmpZ+ej7y8SRysBV+3aHNXaE1J3sIOmYxighlgZapSjHl/A
 9N/KXdoLAjIZtBAOQ2ZFyRz/c2+VUqJgwiwdxoaFaYn2eUM+HSTbZfdGXBS/yyZL
 YsM+L4M2aizQvDIRXzy8vG0vpHQEvPlXL0Gg0gyk0fox0OsAP5CfXmHC/AvYOHM8
 y81X2QqDf33Au1RIgog4cLqq2wpXEARWbAj0BAMIeJoCDCu9Mz2juK1ui2wr8AZ0
 42PCUgZK6CdUI18AsvApUhPsNunF7ZOc5mFMuaEGjjWJvrTG3qyrCY73ySBiGXWo
 92ZB7FXu2MzgujPBEigByqeF6IV2x0EBHw/VrcxXq6Slgmik6G0SD/48l5mGCxM0
 Wr91raB9zQlwDbtD3PCbjA6DtkMrRyAq+81g75N6uiztGPCVw9n1HoGOSjN1hAhe
 SgQQlcXbDLpzfdPFowDEHclFFfUODCIOuF+FgmxlAz5Exr9JkJdozBFqRZ4iF/tf
 E5sHB0rzeUcY3J6VjTsjULjE4GSg5trsOc8GHUnFn9wwwkf9nR/Mr1RYcX0GkTcy
 iUskw+AoRz6svOfAWIDJY450wgD0MHZK08IfUUsYTGecoXcvWf/hITtv/Af5MpQA
 wuGEDltVDeu9EAu65SZlMkkMuQD1h3KOQjUJ6nY4a4M2CQ51ggs/c+vsemxsuYlG
 vSuhrfXt6HGD3dhsOEeyEvIcjjpP1Ku5mqrPhqXFli1swfohhYGGVO+fM7G3l7wF
 kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
 5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
 IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
 1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
 TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg==
 =I8Dr
 -----END PGP PUBLIC KEY BLOCK-----
--- a/SOURCES/libselinux-3.7.tar.gz.asc
+++ b/SOURCES/libselinux-3.7.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeAACgkQRpWIHCVF
 CNF3fA//Ypv/FVd6BDBmpZkWqui1kHUFv+TSKGfuObrOPfX8RXVnO4GWUKjnwJZF
 u5FWu5lXZGPFGLKyZJD+OPAGofC5GGApr175eBlxqokhfj7UfZMrdK8ARUgQTuIE
 QEh4LGR/7gzpc/HY8YL7rbzeAlXsFtuZoSlUfmyNs2tmXiOJ9dBQVxic91Q282Lr
 Y2CLv1fAlOUT3h7fw3+YfBGALdn3CMrOJvr1npEcfnXHxAN/w4OKNAKQIcoAjZCw
 w4EGA1FyvaT+hSOQZDzMBpYheSXCBxPg4OEIWNxge6jP/+J/mHqx1QHrDERa9vwA
 Qpd01uI5C7LthMNc2INy1m5jrSBL7/5yjboj8O+53JSDLRH/8j2ykMXBvvje5y+Z
 8optL/C7VEawaRWGVm4TCwm6adF28T2NoGWYnNymVLWc7oe/p7QpYxtNMDieeVAy
 bnl9OX8S1VoDo4momyG9Ya4d9fAKCvaN+LIPeyYB6qqrmMCAzAU3J25vzLElXA+1
 fNhFrQFuKt455OFy8LB94abWuwBTa/f+HkU6++6Ksr5B1ZBKsluCYVWONUHMLwDF
 ZN6SHwBq37v3sz+4i+Cy0K0uYA6DQanB8yQYC98rwUtatqaTajIUCKyxJO3GIX4R
 lBPwCC2/T1jOTG8u8jT5KcWFtETbjfSCePjdnhi67totbc1kST8=
 =eK5w
 -----END PGP SIGNATURE-----
--- a/SPECS/libselinux.spec
+++ b/SPECS/libselinux.spec
@ -1,27 +1,40 @@
 ## START: Set by rpmautospec
 ## (rpmautospec version 0.6.5)
 ## RPMAUTOSPEC: autochangelog
 ## END: Set by rpmautospec
 %define ruby_inc %(pkg-config --cflags ruby)
-%define libsepolver 3.5-1
+%define libsepolver 3.7-1
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 3.5
+Version: 3.7
-Release: 1%{?dist}
+Release: 3%{?dist}.inferit
-License: Public Domain
+License: LicenseRef-Fedora-Public-Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libselinux-3.5.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz
-Source1: selinuxconlist.8
+Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc
-Source2: selinuxdefcon.8
+Source2: https://github.com/bachradsusi.gpg
 Source3: selinuxconlist.8
 Source4: selinuxdefcon.8
 Url: https://github.com/SELinuxProject/selinux/wiki
 # $ git clone https://github.com/fedora-selinux/selinux.git
 # $ cd selinux
-# $ git format-patch -N 3.5 -- libselinux
+# $ git format-patch -N 3.7 -- libselinux
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
 Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
 Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
 Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
 Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
 Patch0006: 0006-libselinux-fix-swig-bindings-for-4.3.0.patch
 # Patch list end
 BuildRequires: gcc make
-BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
+BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
-BuildRequires: python3 python3-devel python3-pip
+BuildRequires: python3 python3-devel python3-setuptools python3-wheel python3-pip
 BuildRequires: systemd
 BuildRequires: gnupg2
 Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -87,6 +100,7 @@ The libselinux-static package contains the static libraries
 needed for developing SELinux applications. 
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p 2 -n libselinux-%{version}
 %build
@ -160,8 +174,8 @@ rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
 mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
 mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 install -d %{buildroot}%{_mandir}/man8/
-install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/
+install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/
-install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
+install -m 644 %{SOURCE4} %{buildroot}%{_mandir}/man8/
 rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %ldconfig_scriptlets
@ -176,6 +190,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{_sbindir}/avcstat
 %{_sbindir}/getenforce
 %{_sbindir}/getpidprevcon
 %{_sbindir}/getpolicyload
 %{_sbindir}/getsebool
 %{_sbindir}/matchpathcon
 %{_sbindir}/sefcontext_compile
@ -193,8 +208,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{_sbindir}/validatetrans
 %{_mandir}/man5/*
 %{_mandir}/man8/*
 %{_mandir}/ru/man5/*
 %{_mandir}/ru/man8/*
 %files devel
 %{_libdir}/libselinux.so
@ -214,27 +227,112 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so
 %changelog
-* Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
+* Wed Dec 18 2024 Arkady L. Shane <tigro@msvsphere-os.ru> 3.7-3.inferit
 - Fix build for SWIG 4.3.0
 * Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.7-3
 - Rebuilt for MSVSphere 10
 ## START: Generated by rpmautospec
 * Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-5
 - libselinux-3.7-3
 - restorecon: Include <selinux/label.h>
 - Fix integer comparison issues when compiling for 32-bit
 * Tue Jul 09 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2
 - set free'd data to NULL (#2295428)
 * Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
 - SELinux userspace 3.7 release
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.6-6
 - Bump release for June 2024 mass rebuild
 * Mon Apr 01 2024 Christoph Erhardt <fedora@sicherha.de> - 3.6-5
 - Drop unused `xz-devel` build dependency
 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 * Wed Jan 03 2024 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.6-2
 - Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.3
 * Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
 - SELinux userspace 3.6 release
 * Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
 - SELinux userspace 3.6-rc2 release
 * Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
 - SELinux userspace 3.6-rc1 release
 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Thu Jun 22 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-4
 - Add examples to man pages
 * Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.5-3
 - Rebuilt for Python 3.12
 * Fri May 26 2023 Miro Hrončok <mhroncok@redhat.com> - 3.5-2
 - Fix build with pip 23.1.2+
 - Fixes: rhbz#2209019
 * Fri Feb 24 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
 - SELinux userspace 3.5 release
-* Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
+* Mon Feb 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
 - SELinux userspace 3.5-rc3 release
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-0.rc2.1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
 - SELinux userspace 3.5-rc2 release
-* Mon Jan  2 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
+* Wed Jan 04 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.5-0.rc1.1.1
 - Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2
 * Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
 - SELinux userspace 3.5-rc1 release
-* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
+* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
- Drop SHA-1 from selinux_restorecon.3
+- Rebase on upstream f56a72ac9e86
 * Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.4-4
 - Rebuilt for Python 3.11
 * Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
 - Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
 * Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
 - rebuilt
 * Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
 - SELinux userspace 3.4 release
 * Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1
 - SELinux userspace 3.4-rc3 release
 * Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
 - SELinux userspace 3.4-rc2 release
 * Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
 - SELinux userspace 3.4-rc1 release
 * Thu Jan 27 2022 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.3-4
 - F-36: rebuild against ruby31
 * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
 - Introduce selinux_restorecon_parallel(3)
@ -247,23 +345,14 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 * Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
 - SELinux userspace 3.3-rc2 release
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-6
+* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-5
 - Rebase on upstream commit 32611aea6543
-* Fri Jun 25 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-3
- Use SHA-2 instead of SHA-1 (#1934964)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-* Tue May 25 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
+* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 3.2-2
- selinux_check_passwd_access_internal(): respect deny_unknown
+- Rebuilt for Python 3.10
 - Silence -Wstringop-overflow warning from gcc 10.3.1
 - Fixed misc compiler and static analyzer findings
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Mon Mar  8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
 - SELinux userspace 3.2 release
@ -602,7 +691,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
 * Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
- Update to upstream 
+- Update to upstream
 	* Get rid of security_context_t and fix const declarations.
 	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
@ -632,7 +721,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 - Add ghost flag for /var/run/setrans
 * Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-1
- Update to upstream 
+- Update to upstream
      * Fix userspace AVC handling of per-domain permissive mode.
 - Verify context is not null when passed into *setfilecon_raw
@ -652,12 +741,12 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 - Remove togglesebool man page
 * Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1
- Update to upstream 
+- Update to upstream
 	* Remove -lpthread from pkg-config file; it is not required.
 - Add support for policy compressed with xv
 * Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
- Update to upstream 
+- Update to upstream
 	* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
 	* Support overriding Makefile RANLIB from Sven Vermeulen.
 	* Update pkgconfig definition from Sven Vermeulen.
@ -687,7 +776,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 - Do substitutions on a local sub followed by a dist sub
 * Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek 
+- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
 Resolves #1013801
 * Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19
@ -716,7 +805,7 @@ Resolves #1013801
 - Add Eric Paris patch to fix procattr calls after a fork.
 * Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12
- Move secolor.conf.5 into mcstrans package and out of libselinux 
+- Move secolor.conf.5 into mcstrans package and out of libselinux
 * Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11
 - Fix python bindings for selinux_check_access
@ -752,7 +841,7 @@ Resolves #1013801
 - Revert some changes which are causing the wrong policy version file to be created
 * Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1
- Update to upstream 
+- Update to upstream
        * audit2why: make sure path is nul terminated
        * utils: new file context regex compiler
        * label_file: use precompiled filecontext when possible
@ -778,7 +867,7 @@ Resolves #1013801
        * unmap file contexts on selabel_close()
        * do not leak file contexts with mmap'd backend
        * sefcontext_compile: do not leak fd on error
-        * matchmediacon: do not leak fd 
+        * matchmediacon: do not leak fd
        * src/label_android_property: do not leak fd on error
 * Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
@ -847,7 +936,7 @@ Resolves #1013801
 - Rebuild with fixed libsepol
 * Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
- Update to upstream 
+- Update to upstream
 	* Add support for lxc_contexts_path
 	* utils: add service to getdefaultcon
 	* libsemanage: do not set soname needlessly
@ -896,7 +985,7 @@ Resolves #1013801
 - Revert Eric Paris Patch for selinux_binary_policy_path
 * Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
- Update to upstream 
+- Update to upstream
 	* Fortify source now requires all code to be compiled with -O flag
 	* asprintf return code must be checked
 	* avc_netlink_recieve handle EINTR
@ -910,7 +999,7 @@ Resolves #1013801
 	* additional makefile support for rubywrap
 * Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
- Fix booleans.subs name, change function name to selinux_boolean_sub, 
+- Fix booleans.subs name, change function name to selinux_boolean_sub,
  add man page, minor fixes to the function
 * Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
@ -926,7 +1015,7 @@ Resolves #1013801
 - Add support fot boolean subs file
 * Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
- Update to upstream 
+- Update to upstream
 	* Fix dead links to www.nsa.gov/selinux
 	* Remove jump over variable declaration
 	* Fix old style function definitions
@ -962,7 +1051,7 @@ Resolves #1013801
 - Make work with ruby-1.9
 * Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather 
+- avc_netlink_recieve should continue to poll if it receinves an EINTR rather
 * Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6
 - use /sbin/ldconfig, glibc does not provide
@ -1042,7 +1131,7 @@ Resolves #1013801
 - Add selinux_check_access function. Needed for passwd, chfn, chsh
 * Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
- Handle situation where selinux=0 passed to the kernel and both /selinux and 
+- Handle situation where selinux=0 passed to the kernel and both /selinux and
 * Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
 -Update to upstream
@ -1062,8 +1151,8 @@ Resolves #1013801
 - Fix handling of subset labeling that is causing segfault in restorecon
 * Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial 
+- Change matchpathcon_init_prefix and selabel_open to allow multiple initial
-prefixes.  Now you can specify a ";" separated list of prefixes and the 
+prefixes.  Now you can specify a ";" separated list of prefixes and the
 labeling system will only load regular expressions that match these prefixes.
 * Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
@ -1116,7 +1205,7 @@ labeling system will only load regular expressions that match these prefixes.
 	* Update man pages for selinux_color_* functions by Richard Haines.
 * Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6
- Only call dups check within selabel/matchpathcon if you are validating the 
+- Only call dups check within selabel/matchpathcon if you are validating the
 context
 - This seems to speed the loading of labels by 4 times.
@ -1155,15 +1244,15 @@ context
 * Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4
 Add patch from dbhole@redhat.com to initialize thread keys to -1
 Errors were being seen in libpthread/libdl that were related
-to corrupt thread specific keys. Global destructors that are called on dl 
+to corrupt thread specific keys. Global destructors that are called on dl
-unload. During destruction delete a thread specific key without checking 
+unload. During destruction delete a thread specific key without checking
-if it has been initialized. Since the constructor is not called each time 
+if it has been initialized. Since the constructor is not called each time
-(i.e. key is not initialized with pthread_key_create each time), and the 
+(i.e. key is not initialized with pthread_key_create each time), and the
-default is 0, there is a possibility that key 0 for an active thread gets 
+default is 0, there is a possibility that key 0 for an active thread gets
 deleted. This is exactly what is happening in case of OpenJDK.
 Workaround patch that initializes the key to -1. Thus if the constructor is not
-called, the destructor tries to delete key -1 which is deemed invalid by 
+called, the destructor tries to delete key -1 which is deemed invalid by
 pthread_key_delete, and is ignored.
 * Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3
@ -1186,11 +1275,11 @@ pthread_key_delete, and is ignored.
 - Fix Makefile to use pkg-config --cflags python3 to discover include paths
 * Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1
- Update to upstream 
+- Update to upstream
  - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
 * Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1
- Update to upstream 
+- Update to upstream
 	* Thread local storage fixes from Eamon Walsh.
 * Sat Dec 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-9
@ -1218,31 +1307,31 @@ pthread_key_delete, and is ignored.
 - Turn off messages in audit2why
 * Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-1
- Update to upstream 
+- Update to upstream
 	* Add const qualifiers to public API where appropriate by KaiGai Kohei.
 2.0.95 2010-06-10
 	* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
 	* Adds a chcon method to the libselinux python bindings from Steve Lawrence
- add python3 subpackage from David Malcolm 
+- add python3 subpackage from David Malcolm
 * Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
 * Set errno=EINVAL for invalid contexts from Dan Walsh.
 * Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
- Update to upstream 
+- Update to upstream
 	* Show strerror for security_getenforce() by Colin Waters.
 	* Merged selabel database support by KaiGai Kohei.
 	* Modify netlink socket blocking code by KaiGai Kohei.
 * Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1
- Update to upstream 
+- Update to upstream
 	* Fix from Eric Paris to fix leak on non-selinux systems.
 	* regenerate swig wrappers
 	* pkgconfig fix to respect LIBDIR from Dan Walsh.
 * Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
- Update to upstream 
+- Update to upstream
 	* Change the AVC to only audit the permissions specified by the
 	policy, excluding any permissions specified via dontaudit or not
 	specified via auditallow.
@ -1261,7 +1350,7 @@ pthread_key_delete, and is ignored.
 - Free memory on disabled selinux boxes
 * Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.90-1
- Update to upstream 
+- Update to upstream
 	* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
 	* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
@ -1269,15 +1358,15 @@ pthread_key_delete, and is ignored.
 - Fix selinuxdefcon man page
 * Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.89-1
- Update to upstream 
+- Update to upstream
 	* Add pkgconfig file from Eamon Walsh.
 * Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.88-1
- Update to upstream 
+- Update to upstream
 	* Rename and export selinux_reset_config()
 * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.87-1
- Update to upstream 
+- Update to upstream
 	* Add exception handling in libselinux from Dan Walsh. This uses a
 	  shell script called exception.sh to generate a swig interface file.
 	* make swigify
@ -1287,14 +1376,14 @@ pthread_key_delete, and is ignored.
 - Eliminate -pthread switch in Makefile
 * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.86-1
- Update to upstream 
+- Update to upstream
 	* Removal of reference counting on userspace AVC SID's.
 * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
 * Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.85-1
- Update to upstream 
+- Update to upstream
 	* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
 	pthread dependency.
 	* Removed fini_context_translations() altogether.
@ -1302,7 +1391,7 @@ pthread_key_delete, and is ignored.
 	by Steve Grubb.
 * Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1
- Update to upstream 
+- Update to upstream
 	* Add per-service seuser support from Dan Walsh.
 	* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
 	* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
@ -1312,20 +1401,20 @@ pthread_key_delete, and is ignored.
 - Add provices ruby(selinux)
 * Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-1
- Update to upstream 
+- Update to upstream
 	* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
 	* Label substitution support from Dan Walsh.
 	* Support for labeling virtual machine images from Dan Walsh.
 * Mon May 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.81-1
- Update to upstream 
+- Update to upstream
 	* Trim / from the end of input paths to matchpathcon from Dan Walsh.
 	* Fix leak in process_line in label_file.c from Hiroshi Shinji.
 	* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
 	* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
 * Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1
- Update to upstream 
+- Update to upstream
 	* deny_unknown wrapper function from KaiGai Kohei.
 	* security_compute_av_flags API from KaiGai Kohei.
 	* Netlink socket management and callbacks from KaiGai Kohei.
@ -1343,22 +1432,22 @@ pthread_key_delete, and is ignored.
 - Add back in av_decision to python swig
 * Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1
- Update to upstream 
+- Update to upstream
 	* Netlink socket handoff patch from Adam Jackson.
 	* AVC caching of compute_create results by Eric Paris.
 * Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5
- Add patch from ajax to accellerate X SELinux 
+- Add patch from ajax to accellerate X SELinux
 - Update eparis patch
 * Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4
 - Add eparis patch to accellerate Xwindows performance
 * Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3
- Fix URL 
+- Fix URL
 * Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2
- Add substitute pattern 
+- Add substitute pattern
 - matchpathcon output <<none>> on ENOENT
 * Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1
@ -1369,7 +1458,7 @@ pthread_key_delete, and is ignored.
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
 * Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5
- Add 
+- Add
  - selinux_virtual_domain_context_path
  - selinux_virtual_image_context_path
@ -1416,7 +1505,7 @@ pthread_key_delete, and is ignored.
 	* Update flask headers from refpolicy trunk from Dan Walsh.
 * Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6
- Fix matchpathcon -V call 
+- Fix matchpathcon -V call
 * Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5
 - Add flask definitions for open, X and nlmsg_tty_audit
@ -1576,7 +1665,7 @@ pthread_key_delete, and is ignored.
 - smp_mflag
 * Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2
- Fix spec file caused by spec review 
+- Fix spec file caused by spec review
 * Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
 - Upgrade to upstream
@ -1618,7 +1707,7 @@ pthread_key_delete, and is ignored.
 * Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
 - Upgrade to upstream
 	* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
-	* Pass CFLAGS when using gcc for linking from Dennis Gilmore. 
+	* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
 * Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.34-3
 - Add sparc patch to from Dennis Gilmore to build on Sparc platform
@ -1650,7 +1739,7 @@ pthread_key_delete, and is ignored.
 	* Fix file_contexts.homedirs path from Todd Miller.
 * Tue Aug 21 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-2
- Remove requirement on setransd,  Moved to selinux-policy-mls 
+- Remove requirement on setransd,  Moved to selinux-policy-mls
 * Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
 - Move libselinux.so into devel package
@ -1662,7 +1751,7 @@ pthread_key_delete, and is ignored.
 * Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1
 - Upgrade to upstream
-	* Updated version for stable branch.	
+	* Updated version for stable branch.
 	* Added x_contexts path function patch from Eamon Walsh.
 	* Fix build for EMBEDDED=y from Yuichi Nakamura.
 	* Fix markup problems in selinux man pages from Dan Walsh.
@ -1783,13 +1872,13 @@ pthread_key_delete, and is ignored.
  of the use of the non-standard format (original patch changed
  for style).
 - Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
-	
+
 * Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
 - Add context function to python to split context into 4 parts
 * Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-1
 - Upgrade to upstream
-	* Updated version for stable branch.	
+	* Updated version for stable branch.
 * Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.6-1
 - Upgrade to upstream
@ -1910,8 +1999,8 @@ Resolves: #200110
 - only build non-fpic objects with -mno-tls-direct-seg-refs
 * Tue Aug  1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering 
+- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
-  segfaults with xen (#200783)  
+  segfaults with xen (#200783)
 * Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3
 - Rebuild for new gcc
@ -1963,7 +2052,7 @@ Resolves: #200110
 - Check for selinux_mnt == NULL
 * Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
- Merged matchmediacon and trans_to_raw_context fixes from 
+- Merged matchmediacon and trans_to_raw_context fixes from
  Serge Hallyn.
 * Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
@ -2007,7 +2096,7 @@ Resolves: #200110
 * Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
 - Upgrade to latest from NSA
-	* Merged fix warnings patch from Karl MacMillan.	
+	* Merged fix warnings patch from Karl MacMillan.
 	* Merged setrans client support from Dan Walsh.
 	  This removes use of libsetrans.
 	* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
@ -2099,7 +2188,7 @@ Resolves: #200110
 	  allocated by libsetrans.
 * Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3
- update to latest libsetrans  
+- update to latest libsetrans
 - Fix potential memory leak
 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
@ -2234,7 +2323,7 @@ Resolves: #200110
 * Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
 - Update to latest from NSA
 	* Changed getseuserbyname to fall back to the Linux username and
-	NULL level if seusers config file doesn't exist unless 
+	NULL level if seusers config file doesn't exist unless
 	REQUIRESEUSERS=1 is set in /etc/selinux/config.
 	* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
@ -2242,7 +2331,7 @@ Resolves: #200110
 - Update to latest from NSA
 	* Added selinux_init_load_policy() function as an even higher level
 	interface for the initial policy load by /sbin/init.  This obsoletes
-	the load_policy() function in the sysvinit-selinux.patch. 
+	the load_policy() function in the sysvinit-selinux.patch.
 	* Added selinux_mkload_policy() function as a higher level interface
 	for loading policy than the security_load_policy() interface.
@ -2300,7 +2389,7 @@ Resolves: #200110
 * Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
 - Update from NSA
-	* Hid translation-related symbols entirely and ensured that 
+	* Hid translation-related symbols entirely and ensured that
 	raw functions have hidden definitions for internal use.
 	* Allowed setting NULL via context_set* functions.
 	* Allowed whitespace in MLS component of context.
@ -2324,7 +2413,7 @@ Resolves: #200110
 	  code from Serge Hallyn (IBM). Bugs found by Coverity.
 	* Removed setupns; migrated to pam.
 	* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
-	  Original symbol is temporarily retained for compatibility until 
+	  Original symbol is temporarily retained for compatibility until
 	  all callers are updated.
 * Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1
@ -2338,9 +2427,9 @@ Resolves: #200110
 * Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
 - Update from NSA
 	* Merged avcstat and selinux man page from Dan Walsh.
-	* Changed security_load_booleans to process booleans.local 
+	* Changed security_load_booleans to process booleans.local
 	  even if booleans file doesn't exist.
-	
+
 * Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
 - Fix avcstat to clear totals
@ -2392,7 +2481,7 @@ Resolves: #200110
 - Update from NSA
 	* Added set_matchpathcon_flags() function for setting flags
 	  controlling operation of matchpathcon.  MATCHPATHCON_BASEONLY
-	  means only process the base file_contexts file, not 
+	  means only process the base file_contexts file, not
 	  file_contexts.homedirs or file_contexts.local, and is for use by
 	  setfiles -c.
 	* Updated matchpathcon.3 man page.
@ -2480,7 +2569,7 @@ Resolves: #200110
 * Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1
 - Update to latest from upstream
-	* Changed matchpathcon to return -1 with errno ENOENT for 
+	* Changed matchpathcon to return -1 with errno ENOENT for
 	  <<none>> entries, and also for an empty file_contexts configuration.
 * Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3
@ -2512,7 +2601,7 @@ Resolves: #200110
 - Update from upstream, fix setsebool -P segfault
 * Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5
- Add a patch from upstream. Fixes signed/unsigned issues, and 
+- Add a patch from upstream. Fixes signed/unsigned issues, and
  incomplete structure copy.
 * Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4
@ -2584,11 +2673,11 @@ Resolves: #200110
 * Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1
 - Update from NSA
-	* Added set_matchpathcon_printf.	
+	* Added set_matchpathcon_printf.
 * Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
 - Update from NSA
-	* Reworked av_inherit.h to allow easier re-use by kernel. 
+	* Reworked av_inherit.h to allow easier re-use by kernel.
 * Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
 - Add strcasecmp in selinux_config
@ -2713,11 +2802,11 @@ Resolves: #200110
 - Update with latest from NSA
 * Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
- Add changes for relaxed policy 
+- Add changes for relaxed policy
- Update to match NSA 
+- Update to match NSA
 * Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
- Add relaxed policy changes 
+- Add relaxed policy changes
 * Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
 - Sync with NSA
@ -2790,7 +2879,7 @@ Resolves: #200110
 - Add mntpoint patch for SysVinit
 * Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Add -r -u -t to getcon 
+- Add -r -u -t to getcon
 * Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
 - Upgrade to latest from NSA
@ -2830,3 +2919,5 @@ Resolves: #200110
 * Tue May 27 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
 - Initial version
 ## END: Generated by rpmautospec
`@ -1 +1 @@`
	`SOURCES/libselinux-3.5.tar.gz`	`SOURCES/libselinux-3.7.tar.gz`
`@ -1 +1 @@`
	`9f1ca79a767b2a69e63e01b82d13cff9bc712f4a SOURCES/libselinux-3.5.tar.gz`	`b4e13ef41333377644b50810c8b3b225f63366d0 SOURCES/libselinux-3.7.tar.gz`