From 530cabaf819c72a02269ff8dd07b04529e08f3a9 Mon Sep 17 00:00:00 2001
From: hugel <2712504175@qq.com>
Date: Thu, 14 Aug 2025 11:25:34 +0800
Subject: [PATCH] backport upstream patches

(cherry picked from commit 283c97ce7c2f6af70e57ea1ded2700dcb2c493bb)
---
 ...alize-regex-arch-string-in-a-thread-.patch | 86 +++++++++++++++++++
 libselinux.spec                               |  6 +-
 2 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 backport-libselinux-initialize-regex-arch-string-in-a-thread-.patch

diff --git a/backport-libselinux-initialize-regex-arch-string-in-a-thread-.patch b/backport-libselinux-initialize-regex-arch-string-in-a-thread-.patch
new file mode 100644
index 0000000..0b41dbf
--- /dev/null
+++ b/backport-libselinux-initialize-regex-arch-string-in-a-thread-.patch
@@ -0,0 +1,86 @@
+From f5a8e059e312a31dfcfc0fd6e8d08eabcdea535c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 14 Mar 2025 14:17:49 +0100
+Subject: [PATCH] libselinux: initialize regex arch string in a thread safe way
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Synchronize the initialization of the regex architecture string.
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+
+Conflict:NA
+Reference:https://github.com/SELinuxProject/selinux/commit/f5a8e059e312a31dfcfc0fd6e8d08eabcdea535c
+
+---
+ src/regex.c | 46 ++++++++++++++++++++++++------------------
+ 1 file changed, 26 insertions(+), 20 deletions(-)
+
+diff --git a/src/regex.c b/src/regex.c
+index 182c8c89..976f00d4 100644
+--- a/src/regex.c
++++ b/src/regex.c
+@@ -30,32 +30,38 @@
+ #endif
+ 
+ #ifdef USE_PCRE2
+-char const *regex_arch_string(void)
++static pthread_once_t once = PTHREAD_ONCE_INIT;
++static char arch_string_buffer[32];
++
++static void regex_arch_string_init(void)
+ {
+-	static char arch_string_buffer[32];
+-	static char const *arch_string = "";
+-	char const *endianness = NULL;
++	char const *endianness;
+ 	int rc;
+ 
+-	if (arch_string[0] == '\0') {
+-		if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
+-			endianness = "el";
+-		else if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
+-			endianness = "eb";
++	if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
++		endianness = "el";
++	else if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)
++		endianness = "eb";
++	else {
++		arch_string_buffer[0] = '\0';
++		return;
++	}
+ 
+-		if (!endianness)
+-			return NULL;
++	rc = snprintf(arch_string_buffer, sizeof(arch_string_buffer),
++			"%zu-%zu-%s", sizeof(void *),
++			sizeof(REGEX_ARCH_SIZE_T),
++			endianness);
++	if (rc < 0 || (size_t)rc >= sizeof(arch_string_buffer)) {
++		arch_string_buffer[0] = '\0';
++		return;
++	}
++}
+ 
+-		rc = snprintf(arch_string_buffer, sizeof(arch_string_buffer),
+-				"%zu-%zu-%s", sizeof(void *),
+-				sizeof(REGEX_ARCH_SIZE_T),
+-				endianness);
+-		if (rc < 0)
+-			abort();
++const char *regex_arch_string(void)
++{
++	__selinux_once(once, regex_arch_string_init);
+ 
+-		arch_string = &arch_string_buffer[0];
+-	}
+-	return arch_string;
++	return arch_string_buffer[0] != '\0' ? arch_string_buffer : NULL;
+ }
+ 
+ struct regex_data {
+-- 
+2.43.0
+
diff --git a/libselinux.spec b/libselinux.spec
index 8904621..8e7a5f6 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -3,7 +3,7 @@
 
 Name:    libselinux
 Version: 3.5
-Release: 4
+Release: 5
 License: Public Domain
 Summary: SELinux library and simple utilities
 Url:     https://github.com/SELinuxProject/selinux/wiki
@@ -24,6 +24,7 @@ Patch0012: backport-libselinux-avoid-pointer-dereference-before-check.patch
 Patch0013: backport-libselinux-set-free-d-data-to-NULL.patch
 Patch0014: backport-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch
 Patch0015: backport-libselinux-Close-old-selabel-handle-when-setting-a-n.patch
+Patch0016: backport-libselinux-initialize-regex-arch-string-in-a-thread-.patch
 
 Patch9000: do-malloc-trim-after-load-policy.patch
 
@@ -144,6 +145,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 %{_mandir}/ru/man8/*
 
 %changelog
+* Thu Aug 14 2025 hugel <gengqihu2@h-partners.com> - 3.5-5
+- backport upstream patches
+
 * Fri Mar 14 2025 yixiangzhike <yixiangzhike007@163.com> - 3.5-4
 - backport upstream patches
 
-- 
Gitee