require gnulib-l10n for translations of gnulib messages

Resolves: rhbz#2393892

coreutils-8.32-DIR_COLORS.patch

@@ -1,4 +1,4 @@
-From bca11e30e8a6281a8cbddc9fb196dd86ab09c955 Mon Sep 17 00:00:00 2001
+From c7b13f5e1a7ad012c510a8bdd5a8943ab4b55833 Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Fri, 17 Jun 2016 16:58:18 +0200
 Subject: [PATCH] downstream changes to default DIR_COLORS
@@ -9,7 +9,7 @@ Subject: [PATCH] downstream changes to default DIR_COLORS
  2 files changed, 23 insertions(+), 7 deletions(-)
 
 diff --git a/DIR_COLORS b/DIR_COLORS
-index 540f6cd..b4785b6 100644
+index b465771..ad42b09 100644
 --- a/DIR_COLORS
 +++ b/DIR_COLORS
 @@ -1,3 +1,7 @@
@@ -30,7 +30,7 @@ index 540f6cd..b4785b6 100644
  # ===================================================================
  # Terminal filters
  # ===================================================================
-@@ -70,7 +77,7 @@ DOOR 01;35	# door
+@@ -69,7 +76,7 @@ DOOR 01;35	# door
  BLK 40;33;01	# block device driver
  CHR 40;33;01	# character device driver
  ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file ...
@@ -40,7 +40,7 @@ index 540f6cd..b4785b6 100644
  SETGID 30;43	# regular file that is setgid (g+s)
  CAPABILITY 00	# regular file with capability (very expensive to lookup)
 diff --git a/DIR_COLORS.lightbgcolor b/DIR_COLORS.lightbgcolor
-index e3b0ec3..39a0a4c 100644
+index eab6258..1627b63 100644
 --- a/DIR_COLORS.lightbgcolor
 +++ b/DIR_COLORS.lightbgcolor
 @@ -1,3 +1,9 @@
@@ -63,7 +63,7 @@ index e3b0ec3..39a0a4c 100644
  # ===================================================================
  # Terminal filters
  # ===================================================================
-@@ -60,17 +69,17 @@ TERM xterm*
+@@ -59,17 +68,17 @@ TERM xterm*
  #NORMAL 00	# no color code at all
  #FILE 00	# regular file: use no color at all
  RESET 0		# reset to "normal" color
@@ -86,7 +86,7 @@ index e3b0ec3..39a0a4c 100644
  SETUID 37;41	# regular file that is setuid (u+s)
  SETGID 30;43	# regular file that is setgid (g+s)
  CAPABILITY 00	# regular file with capability (very expensive to lookup)
-@@ -79,7 +88,7 @@ OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky
+@@ -78,7 +87,7 @@ OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky
  STICKY 37;44	# dir with the sticky bit set (+t) and not other-writable
  
  # This is for regular files with execute permission:
@@ -96,5 +96,5 @@ index e3b0ec3..39a0a4c 100644
  # ===================================================================
  # File extension attributes
 -- 
-2.49.0
+2.34.1
 

coreutils-9.6-cp-improve-nfsv4-acl-support.patch

@@ -0,0 +1,573 @@
+From 1cddf45cbba44b2afa34291b1b605d39c8cb061c Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Mon, 7 Apr 2025 01:45:17 -0700
+Subject: [PATCH 1/3] file-has-acl: port symlink code to Cygwin
+
+Problem reported by Corinna Vinschen in:
+https://lists.gnu.org/r/bug-gnulib/2025-03/msg00112.html
+* lib/file-has-acl.c (acl_get_link_np): New static function,
+defined only if needed; include <fcntl.h> if needed for this.
+(HAVE_ACL_GET_LINK_NP): Define this if defining acl_get_link_np.
+
+(cherry picked from commit 41e7b7e0d159d8ac0eb385964119f350ac9dfc3f)
+---
+ lib/file-has-acl.c | 25 ++++++++++++++++++++++++-
+ 1 file changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c
+index c02cfee..59ad9b9 100644
+--- a/lib/file-has-acl.c
++++ b/lib/file-has-acl.c
+@@ -363,6 +363,29 @@ acl_nfs4_nontrivial (uint32_t *xattr, ssize_t nbytes)
+ }
+ #endif
+ 
++#if (!USE_LINUX_XATTR && USE_ACL && HAVE_ACL_GET_FD \
++     && !HAVE_ACL_EXTENDED_FILE && !HAVE_ACL_TYPE_EXTENDED \
++     && !HAVE_ACL_GET_LINK_NP)
++# include <fcntl.h>
++# ifdef O_PATH
++
++/* Like acl_get_file, but do not follow symbolic links.  */
++static acl_t
++acl_get_link_np (char const *name, acl_type_t type)
++{
++  int fd = open (name, O_PATH | O_NOFOLLOW);
++  if (fd < 0)
++    return NULL;
++  acl_t r = acl_get_fd (fd);
++  int err = errno;
++  close (fd);
++  errno = err;
++  return r;
++}
++#  define HAVE_ACL_GET_LINK_NP 1
++# endif
++#endif
++
+ /* Return 1 if NAME has a nontrivial access control list,
+    0 if ACLs are not supported, or if NAME has no or only a base ACL,
+    and -1 (setting errno) on error.  Note callers can determine
+@@ -468,7 +491,7 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+       ret = -1;
+ #   else /* FreeBSD, NetBSD >= 10, IRIX, Tru64, Cygwin >= 2.5 */
+     acl_t (*acl_get_file_or_link) (char const *, acl_type_t) = acl_get_file;
+-#    if HAVE_ACL_GET_LINK_NP /* FreeBSD, NetBSD >= 10 */
++#    if HAVE_ACL_GET_LINK_NP /* FreeBSD, NetBSD >= 10, Cygwin >= 2.5 */
+     if (! (flags & ACL_SYMLINK_FOLLOW))
+       acl_get_file_or_link = acl_get_link_np;
+ #    endif
+-- 
+2.49.0
+
+From a0e61926b04ff6ec0449607ba306c1b5770660d3 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri, 9 May 2025 18:02:29 -0700
+Subject: [PATCH 2/3] qcopy-acl: port better to NFSv4 on GNU/Linux
+
+Problem reported by Ian Dall in <https://bugs.gnu.org/78328>
+and by Thomas Clark in <https://bugzilla.redhat.com/2363149>.
+* lib/file-has-acl.c (smack_new_label_from_file) [!HAVE_SMACK]:
+New dummy function.
+(has_xattr, get_aclinfo): New arg FD.  All callers changed.
+Remove some unnecessary MAYBE_UNUSEDs.
+(acl_get_fd_np): Fall back on acl_get_fd if this function is
+needed but not available.
+(acl_get_fdfile): New function, if needed.
+(file_has_aclinfo): Reimplement in terms of ...
+(fdfile_has_aclinfo): ... this new function,
+which also has an FD argument.
+* lib/qcopy-acl.c [USE_XATTR]: Include dirent.h, for DT_DIR etc.
+(qcopy_acl): If attr_copy_file or attr_copy_fd fail with EOPNOTSUPP,
+don’t fail if the source has a trivial ACL (this is the part
+that fixes the bug; the rest is optimization).
+
+(cherry picked from commit 8a356b77717a2e4f735ec06e326880ca1f61aadb)
+---
+ lib/acl.h          |   2 +
+ lib/copy-acl.c     |   1 +
+ lib/file-has-acl.c | 172 ++++++++++++++++++++++++++++++++-------------
+ lib/qcopy-acl.c    |  29 ++++++--
+ 4 files changed, 152 insertions(+), 52 deletions(-)
+
+diff --git a/lib/acl.h b/lib/acl.h
+index 90fd24e..e3c134f 100644
+--- a/lib/acl.h
++++ b/lib/acl.h
+@@ -79,6 +79,8 @@ struct aclinfo
+ bool acl_errno_valid (int) _GL_ATTRIBUTE_CONST;
+ int file_has_acl (char const *, struct stat const *);
+ int file_has_aclinfo (char const *restrict, struct aclinfo *restrict, int);
++int fdfile_has_aclinfo (int, char const *restrict,
++                        struct aclinfo *restrict, int);
+ 
+ #if HAVE_LINUX_XATTR_H && HAVE_LISTXATTR
+ bool aclinfo_has_xattr (struct aclinfo const *, char const *)
+diff --git a/lib/copy-acl.c b/lib/copy-acl.c
+index c36f64e..2fce6c7 100644
+--- a/lib/copy-acl.c
++++ b/lib/copy-acl.c
+@@ -33,6 +33,7 @@
+    a valid file descriptor, use file descriptor operations, else use
+    filename based operations on SRC_NAME. Likewise for DEST_DESC and
+    DST_NAME.
++   MODE should be the source file's st_mode.
+    If access control lists are not available, fchmod the target file to
+    MODE.  Also sets the non-permission bits of the destination file
+    (S_ISUID, S_ISGID, S_ISVTX) to those from MODE if any are set.
+diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c
+index 59ad9b9..afd951a 100644
+--- a/lib/file-has-acl.c
++++ b/lib/file-has-acl.c
+@@ -86,6 +86,13 @@ smack_new_label_from_path (MAYBE_UNUSED const char *path,
+ {
+   return -1;
+ }
++static ssize_t
++smack_new_label_from_file (MAYBE_UNUSED int fd,
++                           MAYBE_UNUSED const char *xattr,
++                           MAYBE_UNUSED char **label)
++{
++  return -1;
++}
+ # endif
+ static bool
+ is_smack_enabled (void)
+@@ -116,14 +123,16 @@ aclinfo_may_indicate_xattr (struct aclinfo const *ai)
+ 
+ static bool
+ has_xattr (char const *xattr, struct aclinfo const *ai,
+-           MAYBE_UNUSED char const *restrict name, MAYBE_UNUSED int flags)
++           int fd, char const *restrict name, int flags)
+ {
+   if (ai && aclinfo_has_xattr (ai, xattr))
+     return true;
+   else if (!ai || aclinfo_may_indicate_xattr (ai))
+     {
+-      int ret = ((flags & ACL_SYMLINK_FOLLOW ? getxattr : lgetxattr)
+-                (name, xattr, NULL, 0));
++      int ret = (fd < 0
++                 ? ((flags & ACL_SYMLINK_FOLLOW ? getxattr : lgetxattr)
++                    (name, xattr, NULL, 0))
++                 : fgetxattr (fd, xattr, NULL, 0));
+       if (0 <= ret || (errno == ERANGE || errno == E2BIG))
+         return true;
+     }
+@@ -146,11 +155,12 @@ aclinfo_has_xattr (struct aclinfo const *ai, char const *xattr)
+   return false;
+ }
+ 
+-/* Get attributes of the file NAME into AI, if USE_ACL.
++/* Get attributes of the file FD aka NAME into AI, if USE_ACL.
++   Ignore FD if it is negative.
+    If FLAGS & ACL_GET_SCONTEXT, also get security context.
+    If FLAGS & ACL_SYMLINK_FOLLOW, follow symbolic links.  */
+ static void
+-get_aclinfo (char const *name, struct aclinfo *ai, int flags)
++get_aclinfo (int fd, char const *name, struct aclinfo *ai, int flags)
+ {
+   int scontext_err = ENOTSUP;
+   ai->buf = ai->u.__gl_acl_ch;
+@@ -164,7 +174,9 @@ get_aclinfo (char const *name, struct aclinfo *ai, int flags)
+         = (flags & ACL_SYMLINK_FOLLOW ? listxattr : llistxattr);
+       while (true)
+         {
+-          ai->size = lsxattr (name, ai->buf, acl_alloc);
++          ai->size = (fd < 0
++                      ? lsxattr (name, ai->buf, acl_alloc)
++                      : flistxattr (fd, ai->buf, acl_alloc));
+           if (0 < ai->size)
+             break;
+           ai->u.err = ai->size < 0 ? errno : 0;
+@@ -172,7 +184,9 @@ get_aclinfo (char const *name, struct aclinfo *ai, int flags)
+             break;
+ 
+           /* The buffer was too small.  Find how large it should have been.  */
+-          ssize_t size = lsxattr (name, NULL, 0);
++          ssize_t size = (fd < 0
++                          ? lsxattr (name, NULL, 0)
++                          : flistxattr (fd, NULL, 0));
+           if (size <= 0)
+             {
+               ai->size = size;
+@@ -215,9 +229,13 @@ get_aclinfo (char const *name, struct aclinfo *ai, int flags)
+         {
+           if (ai->size < 0 || aclinfo_has_xattr (ai, XATTR_NAME_SMACK))
+             {
+-              ssize_t r = smack_new_label_from_path (name, "security.SMACK64",
+-                                                     flags & ACL_SYMLINK_FOLLOW,
+-                                                     &ai->scontext);
++              static char const SMACK64[] = "security.SMACK64";
++              ssize_t r =
++                (fd < 0
++                 ? smack_new_label_from_path (name, SMACK64,
++                                              flags & ACL_SYMLINK_FOLLOW,
++                                              &ai->scontext)
++                 : smack_new_label_from_file (fd, SMACK64, &ai->scontext));
+               scontext_err = r < 0 ? errno : 0;
+             }
+         }
+@@ -227,8 +245,10 @@ get_aclinfo (char const *name, struct aclinfo *ai, int flags)
+           if (ai->size < 0 || aclinfo_has_xattr (ai, XATTR_NAME_SELINUX))
+             {
+               ssize_t r =
+-                ((flags & ACL_SYMLINK_FOLLOW ? getfilecon : lgetfilecon)
+-                 (name, &ai->scontext));
++                (fd < 0
++                 ? ((flags & ACL_SYMLINK_FOLLOW ? getfilecon : lgetfilecon)
++                    (name, &ai->scontext))
++                 : fgetfilecon (fd, &ai->scontext));
+               scontext_err = r < 0 ? errno : 0;
+ #  ifndef SE_SELINUX_INLINE
+               /* Gnulib's selinux-h module is not in use, so getfilecon and
+@@ -363,11 +383,13 @@ acl_nfs4_nontrivial (uint32_t *xattr, ssize_t nbytes)
+ }
+ #endif
+ 
+-#if (!USE_LINUX_XATTR && USE_ACL && HAVE_ACL_GET_FD \
+-     && !HAVE_ACL_EXTENDED_FILE && !HAVE_ACL_TYPE_EXTENDED \
+-     && !HAVE_ACL_GET_LINK_NP)
+-# include <fcntl.h>
+-# ifdef O_PATH
++#if (!USE_LINUX_XATTR && USE_ACL && !HAVE_ACL_EXTENDED_FILE \
++     && !HAVE_ACL_TYPE_EXTENDED)
++
++# if HAVE_ACL_GET_FD && !HAVE_ACL_GET_LINK_NP
++#  include <fcntl.h>
++#  ifdef O_PATH
++#   define acl_get_fd_np(fd, type) acl_get_fd (fd)
+ 
+ /* Like acl_get_file, but do not follow symbolic links.  */
+ static acl_t
+@@ -382,8 +404,24 @@ acl_get_link_np (char const *name, acl_type_t type)
+   errno = err;
+   return r;
+ }
+-#  define HAVE_ACL_GET_LINK_NP 1
++#   define HAVE_ACL_GET_LINK_NP 1
++#  endif
+ # endif
++
++static acl_t
++acl_get_fdfile (int fd, char const *name, acl_type_t type, int flags)
++{
++  acl_t (*get) (char const *, acl_type_t) = acl_get_file;
++# if HAVE_ACL_GET_LINK_NP /* FreeBSD, NetBSD >= 10, Cygwin >= 2.5 */
++  if (0 <= fd)
++    return acl_get_fd_np (fd, type);
++  if (! (flags & ACL_SYMLINK_FOLLOW))
++    get = acl_get_link_np;
++# else
++  /* Ignore FD and FLAGS, unfortunately.  */
++# endif
++  return get (name, type);
++}
+ #endif
+ 
+ /* Return 1 if NAME has a nontrivial access control list,
+@@ -399,14 +437,35 @@ acl_get_link_np (char const *name, acl_type_t type)
+    If the d_type value is not known, use DT_UNKNOWN though this may be less
+    efficient.  */
+ int
+-file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
++file_has_aclinfo (char const *restrict name,
+                   struct aclinfo *restrict ai, int flags)
++{
++  return fdfile_has_aclinfo (-1, name, ai, flags);
++}
++
++/* Return 1 if FD aka NAME has a nontrivial access control list,
++   0 if ACLs are not supported, or if NAME has no or only a base ACL,
++   and -1 (setting errno) on error.  Note callers can determine
++   if ACLs are not supported as errno is set in that case also.
++   Ignore FD if it is negative.
++   Set *AI to ACL info regardless of return value.
++   FLAGS should be a <dirent.h> d_type value, optionally ORed with
++     - _GL_DT_NOTDIR if it is known that NAME is not a directory,
++     - ACL_GET_SCONTEXT to retrieve security context and return 1 if present,
++     - ACL_SYMLINK_FOLLOW to follow the link if NAME is a symbolic link;
++       otherwise do not follow them if possible.
++   If the d_type value is not known, use DT_UNKNOWN though this may be less
++   efficient.  */
++int
++fdfile_has_aclinfo (MAYBE_UNUSED int fd,
++                    MAYBE_UNUSED char const *restrict name,
++                    struct aclinfo *restrict ai, int flags)
+ {
+   MAYBE_UNUSED unsigned char d_type = flags & UCHAR_MAX;
+ 
+ #if USE_LINUX_XATTR
+   int initial_errno = errno;
+-  get_aclinfo (name, ai, flags);
++  get_aclinfo (fd, name, ai, flags);
+ 
+   if (!aclinfo_may_indicate_xattr (ai) && ai->size <= 0)
+     {
+@@ -419,11 +478,11 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+      In earlier Fedora the two types of ACLs were mutually exclusive.
+      Attempt to work correctly on both kinds of systems.  */
+ 
+-  if (!has_xattr (XATTR_NAME_NFSV4_ACL, ai, name, flags))
++  if (!has_xattr (XATTR_NAME_NFSV4_ACL, ai, fd, name, flags))
+     return
+-      (has_xattr (XATTR_NAME_POSIX_ACL_ACCESS, ai, name, flags)
++      (has_xattr (XATTR_NAME_POSIX_ACL_ACCESS, ai, fd, name, flags)
+        || ((d_type == DT_DIR || d_type == DT_UNKNOWN)
+-           && has_xattr (XATTR_NAME_POSIX_ACL_DEFAULT, ai, name, flags)));
++           && has_xattr (XATTR_NAME_POSIX_ACL_DEFAULT, ai, fd, name, flags)));
+ 
+   /* A buffer large enough to hold any trivial NFSv4 ACL.
+      The max length of a trivial NFSv4 ACL is 6 words for owner,
+@@ -433,8 +492,10 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+      everyone is another word to hold "EVERYONE@".  */
+   uint32_t buf[2 * (6 + 6 + 7)];
+ 
+-  int ret = ((flags & ACL_SYMLINK_FOLLOW ? getxattr : lgetxattr)
+-             (name, XATTR_NAME_NFSV4_ACL, buf, sizeof buf));
++  int ret = (fd < 0
++             ? ((flags & ACL_SYMLINK_FOLLOW ? getxattr : lgetxattr)
++                (name, XATTR_NAME_NFSV4_ACL, buf, sizeof buf))
++             : fgetxattr (fd, XATTR_NAME_NFSV4_ACL, buf, sizeof buf));
+   if (ret < 0)
+     switch (errno)
+       {
+@@ -468,20 +529,23 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+       /* On Linux, acl_extended_file is an optimized function: It only
+          makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
+          ACL_TYPE_DEFAULT.  */
+-    ret = ((flags & ACL_SYMLINK_FOLLOW
+-            ? acl_extended_file
+-            : acl_extended_file_nofollow)
+-           (name));
++    ret = (fd < 0
++           ? ((flags & ACL_SYMLINK_FOLLOW
++               ? acl_extended_file
++               : acl_extended_file_nofollow)
++              (name))
++           : acl_extended_fd (fd));
+ #   elif HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
+     /* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS)
+        and acl_get_file (name, ACL_TYPE_DEFAULT)
+        always return NULL / EINVAL.  There is no point in making
+        these two useless calls.  The real ACL is retrieved through
+-       acl_get_file (name, ACL_TYPE_EXTENDED).  */
+-    acl_t acl = ((flags & ACL_SYMLINK_FOLLOW
+-                  ? acl_get_file
+-                  : acl_get_link_np)
+-                 (name, ACL_TYPE_EXTENDED));
++       ACL_TYPE_EXTENDED.  */
++    acl_t acl =
++      (fd < 0
++       ? ((flags & ACL_SYMLINK_FOLLOW ? acl_get_file : acl_get_link_np)
++          (name, ACL_TYPE_EXTENDED))
++       : acl_get_fd_np (fd, ACL_TYPE_EXTENDED));
+     if (acl)
+       {
+         ret = acl_extended_nontrivial (acl);
+@@ -490,13 +554,8 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+     else
+       ret = -1;
+ #   else /* FreeBSD, NetBSD >= 10, IRIX, Tru64, Cygwin >= 2.5 */
+-    acl_t (*acl_get_file_or_link) (char const *, acl_type_t) = acl_get_file;
+-#    if HAVE_ACL_GET_LINK_NP /* FreeBSD, NetBSD >= 10, Cygwin >= 2.5 */
+-    if (! (flags & ACL_SYMLINK_FOLLOW))
+-      acl_get_file_or_link = acl_get_link_np;
+-#    endif
+ 
+-    acl_t acl = acl_get_file_or_link (name, ACL_TYPE_ACCESS);
++    acl_t acl = acl_get_fdfile (fd, name, ACL_TYPE_ACCESS, flags);
+     if (acl)
+       {
+         ret = acl_access_nontrivial (acl);
+@@ -518,7 +577,7 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+             && (d_type == DT_DIR
+                 || (d_type == DT_UNKNOWN && !(flags & _GL_DT_NOTDIR))))
+           {
+-            acl = acl_get_file_or_link (name, ACL_TYPE_DEFAULT);
++            acl = acl_get_fdfile (fd, name, ACL_TYPE_DEFAULT, flags);
+             if (acl)
+               {
+ #     ifdef __CYGWIN__ /* Cygwin >= 2.5 */
+@@ -563,7 +622,10 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+ 
+       /* Solaris 10 (newer version), which has additional API declared in
+          <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial,
+-         acl_fromtext, ...).  */
++         acl_fromtext, ...).
++
++         Ignore FD, unfortunately.  That is better than mishandling
++         ZFS-style ACLs, as the general case code does.  */
+       return acl_trivial (name);
+ 
+ #    else /* Solaris, Cygwin, general case */
+@@ -587,7 +649,9 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+ 
+         for (;;)
+           {
+-            count = acl (name, GETACL, alloc, entries);
++            count = (fd < 0
++                     ? acl (name, GETACL, alloc, entries)
++                     : facl (fd, GETACL, alloc, entries));
+             if (count < 0 && errno == ENOSPC)
+               {
+                 /* Increase the size of the buffer.  */
+@@ -658,7 +722,9 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+ 
+         for (;;)
+           {
+-            count = acl (name, ACE_GETACL, alloc, entries);
++            count = (fd < 0
++                     ? acl (name, ACE_GETACL, alloc, entries)
++                     : facl (fd, ACE_GETACL, alloc, entries));
+             if (count < 0 && errno == ENOSPC)
+               {
+                 /* Increase the size of the buffer.  */
+@@ -723,7 +789,9 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+         struct acl_entry entries[NACLENTRIES];
+         int count;
+ 
+-        count = getacl (name, NACLENTRIES, entries);
++        count = (fd < 0
++                 ? getacl (name, NACLENTRIES, entries)
++                 : fgetacl (fd, NACLENTRIES, entries));
+ 
+         if (count < 0)
+           {
+@@ -752,7 +820,8 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+             {
+               struct stat statbuf;
+ 
+-              if (stat (name, &statbuf) == -1 && errno != EOVERFLOW)
++              if ((fd < 0 ? stat (name, &statbuf) : fstat (fd, &statbuf)) < 0
++                  && errno != EOVERFLOW)
+                 return -1;
+ 
+               return acl_nontrivial (count, entries);
+@@ -766,6 +835,7 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+         struct acl entries[NACLVENTRIES];
+         int count;
+ 
++        /* Ignore FD, unfortunately.  */
+         count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries);
+ 
+         if (count < 0)
+@@ -810,7 +880,9 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+           /* The docs say that type being 0 is equivalent to ACL_ANY, but it
+              is not true, in AIX 5.3.  */
+           type.u64 = ACL_ANY;
+-          if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0)
++          if (0 <= (fd < 0
++                    ? aclx_get (name, 0, &type, aclbuf, &aclsize, &mode)
++                    : aclx_fget (fd, 0, &type, aclbuf, &aclsize, &mode)))
+             break;
+           if (errno == ENOSYS)
+             return 0;
+@@ -856,7 +928,10 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+ 
+       union { struct acl a; char room[4096]; } u;
+ 
+-      if (statacl ((char *) name, STX_NORMAL, &u.a, sizeof (u)) < 0)
++      if ((fd < 0
++           ? statacl ((char *) name, STX_NORMAL, &u.a, sizeof u)
++           : fstatacl (fd, STX_NORMAL, &u.a, sizeof u))
++          < 0)
+         return -1;
+ 
+       return acl_nontrivial (&u.a);
+@@ -867,6 +942,7 @@ file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
+         struct acl entries[NACLENTRIES];
+         int count;
+ 
++        /* Ignore FD, unfortunately.  */
+         count = acl ((char *) name, ACL_GET, NACLENTRIES, entries);
+ 
+         if (count < 0)
+diff --git a/lib/qcopy-acl.c b/lib/qcopy-acl.c
+index ad79661..282f4b2 100644
+--- a/lib/qcopy-acl.c
++++ b/lib/qcopy-acl.c
+@@ -26,6 +26,7 @@
+ #if USE_XATTR
+ 
+ # include <attr/libattr.h>
++# include <dirent.h>
+ # include <string.h>
+ 
+ # if HAVE_LINUX_XATTR_H
+@@ -61,6 +62,7 @@ is_attr_permissions (const char *name, struct error_context *ctx)
+    a valid file descriptor, use file descriptor operations, else use
+    filename based operations on SRC_NAME. Likewise for DEST_DESC and
+    DST_NAME.
++   MODE should be the source file's st_mode.
+    If access control lists are not available, fchmod the target file to
+    MODE.  Also sets the non-permission bits of the destination file
+    (S_ISUID, S_ISGID, S_ISVTX) to those from MODE if any are set.
+@@ -86,10 +88,29 @@ qcopy_acl (const char *src_name, int source_desc, const char *dst_name,
+      Functions attr_copy_* return 0 in case we copied something OR nothing
+      to copy */
+   if (ret == 0)
+-    ret = source_desc <= 0 || dest_desc <= 0
+-      ? attr_copy_file (src_name, dst_name, is_attr_permissions, NULL)
+-      : attr_copy_fd (src_name, source_desc, dst_name, dest_desc,
+-                      is_attr_permissions, NULL);
++    {
++      ret = source_desc <= 0 || dest_desc <= 0
++        ? attr_copy_file (src_name, dst_name, is_attr_permissions, NULL)
++        : attr_copy_fd (src_name, source_desc, dst_name, dest_desc,
++                        is_attr_permissions, NULL);
++
++      /* Copying can fail with EOPNOTSUPP even when the source
++         permissions are trivial (Bug#78328).  Don't report an error
++         in this case, as the chmod_or_fchmod suffices.  */
++      if (ret < 0 && errno == EOPNOTSUPP)
++        {
++          /* fdfile_has_aclinfo cares only about DT_DIR, _GL_DT_NOTDIR,
++             and DT_LNK (but DT_LNK is not possible here),
++             so use _GL_DT_NOTDIR | DT_UNKNOWN for other file types.  */
++          int flags = S_ISDIR (mode) ? DT_DIR : _GL_DT_NOTDIR | DT_UNKNOWN;
++
++          struct aclinfo ai;
++          if (!fdfile_has_aclinfo (source_desc, src_name, &ai, flags))
++            ret = 0;
++          aclinfo_free (&ai);
++          errno = EOPNOTSUPP;
++        }
++    }
+ #else
+   /* no XATTR, so we proceed the old dusty way */
+   struct permission_context ctx;
+-- 
+2.49.0
+
+From 6595a08347c03321e1061ae747f02e4fe67e2073 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri, 9 May 2025 18:48:03 -0700
+Subject: [PATCH 3/3] acl-tests: link with $(FILE_HAS_ACL_LIB)
+
+* modules/acl-tests (test_copy_acl_LDADD): Add
+$(FILE_HAS_ACL_LIB), since qcopy-acl depends on file-has-acl.
+Although this suggests that QCOPY_ACL_LIB should contain
+FILE_HAS_ACL_LIB, I’m not sure whether that’s the right course of
+action and anyway this is good enough for coreutils.
+
+(cherry picked from commit 955360a66c99bdd9ac3688519a8b521b06958fd3)
+---
+ gnulib-tests/gnulib.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gnulib-tests/gnulib.mk b/gnulib-tests/gnulib.mk
+index eab1c6b..a5fd178 100644
+--- a/gnulib-tests/gnulib.mk
++++ b/gnulib-tests/gnulib.mk
+@@ -99,7 +99,7 @@ TESTS += \
+ TESTS_ENVIRONMENT += USE_ACL=$(USE_ACL)
+ check_PROGRAMS += test-set-mode-acl test-copy-acl test-sameacls
+ test_set_mode_acl_LDADD = $(LDADD) $(LIB_ACL) $(LIBUNISTRING) @LIBINTL@ $(MBRTOWC_LIB) $(LIBC32CONV)
+-test_copy_acl_LDADD = $(LDADD) $(LIB_ACL) $(QCOPY_ACL_LIB) $(LIBUNISTRING) @LIBINTL@ $(MBRTOWC_LIB) $(LIBC32CONV)
++test_copy_acl_LDADD = $(LDADD) $(LIB_ACL) $(QCOPY_ACL_LIB) $(FILE_HAS_ACL_LIB) $(LIBUNISTRING) @LIBINTL@ $(MBRTOWC_LIB) $(LIBC32CONV)
+ test_sameacls_LDADD = $(LDADD) $(LIB_ACL) @LIBINTL@ $(MBRTOWC_LIB)
+ EXTRA_DIST += test-set-mode-acl.sh test-set-mode-acl-1.sh test-set-mode-acl-2.sh test-copy-acl.sh test-copy-acl-1.sh test-copy-acl-2.sh test-set-mode-acl.c test-copy-acl.c test-sameacls.c macros.h
+ 
+-- 
+2.49.0
+

coreutils-9.6-ls-selinux-crash-2.patch

@@ -0,0 +1,37 @@
+From b54c3d30b0447b69d9bb405d2adb830ae1172dce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Thu, 20 Mar 2025 18:40:01 +0000
+Subject: [PATCH] ls: fix crash on systems with SELinux but without xattr
+ support
+
+This was seen on termux on Android with ./configure --disable-xattr
+where listxattr() and getxattr() returned ENOTSUP.
+Then the valid security context obtained by file_has_aclinfo()
+was discounted, and problematically then freed multiple times.
+Reported at https://github.com/termux/termux-packages/issues/23752
+
+* src/ls.c (file_has_aclinfo_cache): Only discount the returned
+acl info when all components are defaulted due to being unsupported.
+
+(cherry picked from commit cb2abbac7f9e40e0f0d6183bf9b11e80b0cad8ef)
+---
+ src/ls.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/ls.c b/src/ls.c
+index f67167f..97cf46a 100644
+--- a/src/ls.c
++++ b/src/ls.c
+@@ -3322,7 +3322,8 @@ file_has_aclinfo_cache (char const *file, struct fileinfo *f,
+   errno = 0;
+   int n = file_has_aclinfo (file, ai, flags);
+   int err = errno;
+-  if (f->stat_ok && n <= 0 && !acl_errno_valid (err))
++  if (f->stat_ok && n <= 0 && !acl_errno_valid (err)
++      && (!(flags & ACL_GET_SCONTEXT) || !acl_errno_valid (ai->scontext_err)))
+     {
+       unsupported_return = n;
+       unsupported_scontext = ai->scontext;
+-- 
+2.50.0
+

coreutils-9.6-ls-selinux-crash.patch

@@ -0,0 +1,77 @@
+From 915004f403cb25fadb207ddfdbe6a2f43bd44fac Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Fri, 17 Jan 2025 17:29:34 +0000
+Subject: [PATCH] ls: fix crash with --context
+
+* src/ls.c (main): Flag that we need to stat()
+if we're going to get security context (call file_has_aclinfo_cache).
+(file_has_aclinfo_cache): Be defensive and only lookup the device
+for the file if the stat has been performed.
+(has_capability_cache): Likewise.
+* tests/ls/selinux-segfault.sh: Add a test case.
+Reported by Bruno Haible.
+---
+ src/ls.c                     | 10 +++++-----
+ tests/ls/selinux-segfault.sh |  3 +++
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/ls.c b/src/ls.c
+index 3215360216..f67167f160 100644
+--- a/src/ls.c
++++ b/src/ls.c
+@@ -1768,7 +1768,7 @@ main (int argc, char **argv)
+ 
+   format_needs_stat = ((sort_type == sort_time) | (sort_type == sort_size)
+                        | (format == long_format)
+-                       | print_block_size | print_hyperlink);
++                       | print_block_size | print_hyperlink | print_scontext);
+   format_needs_type = ((! format_needs_stat)
+                        & (recursive | print_with_color | print_scontext
+                           | directories_first
+@@ -3309,7 +3309,7 @@ file_has_aclinfo_cache (char const *file, struct fileinfo *f,
+   static int unsupported_scontext_err;
+   static dev_t unsupported_device;
+ 
+-  if (f->stat.st_dev == unsupported_device)
++  if (f->stat_ok && f->stat.st_dev == unsupported_device)
+     {
+       ai->buf = ai->u.__gl_acl_ch;
+       ai->size = 0;
+@@ -3322,7 +3322,7 @@ file_has_aclinfo_cache (char const *file, struct fileinfo *f,
+   errno = 0;
+   int n = file_has_aclinfo (file, ai, flags);
+   int err = errno;
+-  if (n <= 0 && !acl_errno_valid (err))
++  if (f->stat_ok && n <= 0 && !acl_errno_valid (err))
+     {
+       unsupported_return = n;
+       unsupported_scontext = ai->scontext;
+@@ -3342,14 +3342,14 @@ has_capability_cache (char const *file, struct fileinfo *f)
+      found that has_capability fails indicating lack of support.  */
+   static dev_t unsupported_device;
+ 
+-  if (f->stat.st_dev == unsupported_device)
++  if (f->stat_ok && f->stat.st_dev == unsupported_device)
+     {
+       errno = ENOTSUP;
+       return 0;
+     }
+ 
+   bool b = has_capability (file);
+-  if ( !b && !acl_errno_valid (errno))
++  if (f->stat_ok && !b && !acl_errno_valid (errno))
+     unsupported_device = f->stat.st_dev;
+   return b;
+ }
+diff --git a/tests/ls/selinux-segfault.sh b/tests/ls/selinux-segfault.sh
+index 11623acb3f..1cac2b5fc0 100755
+--- a/tests/ls/selinux-segfault.sh
++++ b/tests/ls/selinux-segfault.sh
+@@ -30,4 +30,7 @@ mkdir sedir || framework_failure_
+ ln -sf missing sedir/broken || framework_failure_
+ returns_ 1 ls -L -R -Z -m sedir > out || fail=1
+ 
++# ls 9.6 would segfault with the following
++ls -Z . > out || fail=1
++
+ Exit $fail

coreutils-9.6-who-m-systemd.patch

@@ -0,0 +1,25 @@
+From 24450e5eecf012bc1ea8cab8d677a45fa42c1778 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= <lzaoral@redhat.com>
+Date: Mon, 24 Feb 2025 10:36:35 +0100
+Subject: who: fix -m with guessed tty names
+
+* who.c (scan_entries): Account for guessed tty names (e.g.
+'sshd pts/1') from the readutmp module when using the systemd backend.
+Addresses https://bugzilla.redhat.com/2343998
+---
+ src/who.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/who.c b/src/who.c
+index b56a1ac..17c1e34 100644
+--- a/src/who.c
++++ b/src/who.c
+@@ -583,7 +583,7 @@ scan_entries (idx_t n, struct gl_utmp const *utmp_buf)
+   while (n--)
+     {
+       if (!my_line_only
+-          || STREQ (ttyname_b, utmp_buf->ut_line))
++          || str_endswith (utmp_buf->ut_line, ttyname_b))
+         {
+           if (need_users && IS_USER_PROCESS (utmp_buf))
+             print_user (utmp_buf, boottime);

coreutils-9.9-fix-cut-test-aarch64.patch

@@ -1,28 +0,0 @@
-From 95044cb5eaea83d02f768feb5ab79fcf5e6ad782 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Mon, 22 Dec 2025 17:12:48 +0000
-Subject: [PATCH] tests: avoid false failure due to ulimit on aarch64
-
-* tests/cut/cut-huge-range.sh: Add an extra 1MiB headroom,
-which was seen with aarch64.
-Reported at https://bugzilla.redhat.com/2424302
-
-Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
-Upstream-commit: 95044cb5eaea83d02f768feb5ab79fcf5e6ad782
----
- tests/cut/cut-huge-range.sh | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tests/cut/cut-huge-range.sh b/tests/cut/cut-huge-range.sh
-index 4bd1b129d8..98d7e8f0b9 100755
---- a/tests/cut/cut-huge-range.sh
-+++ b/tests/cut/cut-huge-range.sh
-@@ -22,6 +22,7 @@ getlimits_
- 
- vm=$(get_min_ulimit_v_ returns_ 0 cut -b1 /dev/null) \
-   || skip_ 'shell lacks ulimit, or ASAN enabled'
-+vm=$(($vm+1000))  # https://bugzilla.redhat.com/2424302
- 
- # Ensure we can cut up to our sentinel value.
- # Don't use expr to subtract one,
-

coreutils-9.9-gnulib-c23.patch

@@ -1,169 +0,0 @@
-From 891761bca1aa78336e5b18c121075b6e4696c5d4 Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Sun, 23 Nov 2025 00:50:40 -0800
-Subject: [PATCH] Port to C23 qualifier-generic fns like strchr
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This ports Gnulib to strict C23 platforms that reject code
-like ‘char *q = strchr (P, 'x');’ when P is a pointer to const,
-because in C23 strchr is a qualifier-generic function so
-strchr (P, 'x') returns char const *.
-This patch does not attempt to do the following two things,
-which might be useful in the future:
-1. When compiling on non-C23 platforms, check user code for
-portability to platforms that define qualifier-generic functions.
-2. Port Gnulib to platforms that have qualifier-generic functions
-not listed in the C23 standard, e.g., strchrnul.  I don’t know
-of any such platforms.
-* lib/mbschr.c (mbschr):
-* lib/memchr2.c (memchr2):
-Port to C23, where functions like strchr are qualifier-generic.
-* lib/c++defs.h (_GL_FUNCDECL_SYS_NAME): New macro.
-* lib/c++defs.h (_GL_FUNCDECL_SYS):
-* lib/stdlib.in.h (bsearch):
-Use it, to prevent C23 names like strchr from acting like macros.
-* lib/string.in.h (memchr, strchr, strpbrk, strrchr):
-Do not #undef when GNULIB_POSIXCHECK is defined, as this could
-cause conforming C23 code to fail to conform.  It’s not clear why
-_GL_WARN_ON_USE_CXX; perhaps it was needed but isn’t any more?
-But for now, limit the removal of #undef to these four functions
-where #undeffing is clearly undesirable in C23.
-* lib/wchar.in.h (wmemchr): Parenthesize function name in decl,
-to prevent it from acting like a macro.
-
-Cherry-picked-by: Lukáš Zaoral <lzaoral@redhat.com>
-Upstream-commit: df17f4f37ed3ca373d23ad42eae51122bdb96626
----
- lib/c++defs.h   | 12 +++++++++++-
- lib/mbschr.c    |  2 +-
- lib/memchr2.c   |  2 +-
- lib/stdlib.in.h |  6 +++---
- lib/string.in.h |  4 ----
- lib/wchar.in.h  |  2 +-
- 6 files changed, 17 insertions(+), 11 deletions(-)
-
-diff --git a/lib/c++defs.h b/lib/c++defs.h
-index b77979a..7384457 100644
---- a/lib/c++defs.h
-+++ b/lib/c++defs.h
-@@ -127,6 +127,16 @@
- #define _GL_FUNCDECL_RPL_1(rpl_func,rettype,parameters,...) \
-   _GL_EXTERN_C_FUNC __VA_ARGS__ rettype rpl_func parameters
- 
-+/* _GL_FUNCDECL_SYS_NAME (func) expands to plain func if C++, and to
-+   parenthsized func otherwise.  Parenthesization is needed in C23 if
-+   the function is like strchr and so is a qualifier-generic macro
-+   that expands to something more complicated.  */
-+#ifdef __cplusplus
-+# define _GL_FUNCDECL_SYS_NAME(func) func
-+#else
-+# define _GL_FUNCDECL_SYS_NAME(func) (func)
-+#endif
-+
- /* _GL_FUNCDECL_SYS (func, rettype, parameters, [attributes]);
-    declares the system function, named func, with the given prototype,
-    consisting of return type, parameters, and attributes.
-@@ -139,7 +149,7 @@
-      _GL_FUNCDECL_SYS (posix_openpt, int, (int flags), _GL_ATTRIBUTE_NODISCARD);
-  */
- #define _GL_FUNCDECL_SYS(func,rettype,parameters,...) \
--  _GL_EXTERN_C_FUNC __VA_ARGS__ rettype func parameters
-+  _GL_EXTERN_C_FUNC __VA_ARGS__ rettype _GL_FUNCDECL_SYS_NAME (func) parameters
- 
- /* _GL_CXXALIAS_RPL (func, rettype, parameters);
-    declares a C++ alias called GNULIB_NAMESPACE::func
-diff --git a/lib/mbschr.c b/lib/mbschr.c
-index c9e14b5..6582134 100644
---- a/lib/mbschr.c
-+++ b/lib/mbschr.c
-@@ -65,5 +65,5 @@ mbschr (const char *string, int c)
-       return NULL;
-     }
-   else
--    return strchr (string, c);
-+    return (char *) strchr (string, c);
- }
-diff --git a/lib/memchr2.c b/lib/memchr2.c
-index 7493823..d7724ae 100644
---- a/lib/memchr2.c
-+++ b/lib/memchr2.c
-@@ -55,7 +55,7 @@ memchr2 (void const *s, int c1_in, int c2_in, size_t n)
-   c2 = (unsigned char) c2_in;
- 
-   if (c1 == c2)
--    return memchr (s, c1, n);
-+    return (void *) memchr (s, c1, n);
- 
-   /* Handle the first few bytes by reading one byte at a time.
-      Do this until VOID_PTR is aligned on a longword boundary.  */
-diff --git a/lib/stdlib.in.h b/lib/stdlib.in.h
-index bef0aaa..fd0e1e0 100644
---- a/lib/stdlib.in.h
-+++ b/lib/stdlib.in.h
-@@ -224,9 +224,9 @@ _GL_INLINE_HEADER_BEGIN
- 
- /* Declarations for ISO C N3322.  */
- #if defined __GNUC__ && __GNUC__ >= 15 && !defined __clang__
--_GL_EXTERN_C void *bsearch (const void *__key,
--                            const void *__base, size_t __nmemb, size_t __size,
--                            int (*__compare) (const void *, const void *))
-+_GL_EXTERN_C void *_GL_FUNCDECL_SYS_NAME (bsearch)
-+  (const void *__key, const void *__base, size_t __nmemb, size_t __size,
-+   int (*__compare) (const void *, const void *))
-   _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3) _GL_ARG_NONNULL ((5));
- _GL_EXTERN_C void qsort (void *__base, size_t __nmemb, size_t __size,
-                          int (*__compare) (const void *, const void *))
-diff --git a/lib/string.in.h b/lib/string.in.h
-index fdcdd21..8b56acf 100644
---- a/lib/string.in.h
-+++ b/lib/string.in.h
-@@ -409,7 +409,6 @@ _GL_CXXALIASWARN1 (memchr, void const *,
- _GL_CXXALIASWARN (memchr);
- # endif
- #elif defined GNULIB_POSIXCHECK
--# undef memchr
- /* Assume memchr is always declared.  */
- _GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
-                  "use gnulib module memchr for portability" );
-@@ -674,7 +673,6 @@ _GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
- #if defined GNULIB_POSIXCHECK
- /* strchr() does not work with multibyte strings if the locale encoding is
-    GB18030 and the character to be searched is a digit.  */
--# undef strchr
- /* Assume strchr is always declared.  */
- _GL_WARN_ON_USE_CXX (strchr,
-                      const char *, char *, (const char *, int),
-@@ -981,7 +979,6 @@ _GL_CXXALIASWARN (strpbrk);
-    Even in this simple case, it does not work with multibyte strings if the
-    locale encoding is GB18030 and one of the characters to be searched is a
-    digit.  */
--#  undef strpbrk
- _GL_WARN_ON_USE_CXX (strpbrk,
-                      const char *, char *, (const char *, const char *),
-                      "strpbrk cannot work correctly on character strings "
-@@ -1011,7 +1008,6 @@ _GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
- #if defined GNULIB_POSIXCHECK
- /* strrchr() does not work with multibyte strings if the locale encoding is
-    GB18030 and the character to be searched is a digit.  */
--# undef strrchr
- /* Assume strrchr is always declared.  */
- _GL_WARN_ON_USE_CXX (strrchr,
-                      const char *, char *, (const char *, int),
-diff --git a/lib/wchar.in.h b/lib/wchar.in.h
-index ab602a2..6be4515 100644
---- a/lib/wchar.in.h
-+++ b/lib/wchar.in.h
-@@ -301,7 +301,7 @@ _GL_EXTERN_C int wcsncmp (const wchar_t *__s1, const wchar_t *__s2, size_t __n)
-   _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3)
-   _GL_ATTRIBUTE_NONNULL_IF_NONZERO (2, 3);
- # ifndef __cplusplus
--_GL_EXTERN_C wchar_t *wmemchr (const wchar_t *__s, wchar_t __wc, size_t __n)
-+_GL_EXTERN_C wchar_t *(wmemchr) (const wchar_t *__s, wchar_t __wc, size_t __n)
-   _GL_ATTRIBUTE_NONNULL_IF_NONZERO (1, 3);
- # endif
- _GL_EXTERN_C wchar_t *wmemset (wchar_t *__s, wchar_t __wc, size_t __n)
--- 
-2.52.0
-

coreutils-CVE-2025-5278.patch

@@ -0,0 +1,107 @@
+From 701a9bdbf78f869e0fb778ed5aede00e42517add Mon Sep 17 00:00:00 2001
+From: Pádraig Brady <P@draigBrady.com>
+Date: Tue, 20 May 2025 16:03:44 +0100
+Subject: [PATCH] sort: fix buffer under-read (CWE-127)
+
+* src/sort.c (begfield): Check pointer adjustment
+to avoid Out-of-range pointer offset (CWE-823).
+(limfield): Likewise.
+* tests/sort/sort-field-limit.sh: Add a new test,
+which triggers with ASAN or Valgrind.
+* tests/local.mk: Reference the new test.
+Fixes https://bugs.gnu.org/78507
+
+(cherry picked from commit 8c9602e3a145e9596dc1a63c6ed67865814b6633)
+---
+ src/sort.c                     | 12 ++++++++++--
+ tests/local.mk                 |  1 +
+ tests/sort/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
+ 3 files changed, 46 insertions(+), 2 deletions(-)
+ create mode 100755 tests/sort/sort-field-limit.sh
+
+diff --git a/src/sort.c b/src/sort.c
+index b10183b..7af1a25 100644
+--- a/src/sort.c
++++ b/src/sort.c
+@@ -1644,7 +1644,11 @@ begfield (struct line const *line, struct keyfield const *key)
+       ++ptr;
+ 
+   /* Advance PTR by SCHAR (if possible), but no further than LIM.  */
+-  ptr = MIN (lim, ptr + schar);
++  size_t remaining_bytes = lim - ptr;
++  if (schar < remaining_bytes)
++    ptr += schar;
++  else
++    ptr = lim;
+ 
+   return ptr;
+ }
+@@ -1746,7 +1750,11 @@ limfield (struct line const *line, struct keyfield const *key)
+           ++ptr;
+ 
+       /* Advance PTR by ECHAR (if possible), but no further than LIM.  */
+-      ptr = MIN (lim, ptr + echar);
++      size_t remaining_bytes = lim - ptr;
++      if (echar < remaining_bytes)
++        ptr += echar;
++      else
++        ptr = lim;
+     }
+ 
+   return ptr;
+diff --git a/tests/local.mk b/tests/local.mk
+index 4da6756..642d225 100644
+--- a/tests/local.mk
++++ b/tests/local.mk
+@@ -388,6 +388,7 @@ all_tests =					\
+   tests/sort/sort-debug-keys.sh			\
+   tests/sort/sort-debug-warn.sh			\
+   tests/sort/sort-discrim.sh			\
++  tests/sort/sort-field-limit.sh		\
+   tests/sort/sort-files0-from.pl		\
+   tests/sort/sort-float.sh			\
+   tests/sort/sort-h-thousands-sep.sh		\
+diff --git a/tests/sort/sort-field-limit.sh b/tests/sort/sort-field-limit.sh
+new file mode 100755
+index 0000000..52d8e1d
+--- /dev/null
++++ b/tests/sort/sort-field-limit.sh
+@@ -0,0 +1,35 @@
++#!/bin/sh
++# From 7.2-9.7, this would trigger an out of bounds mem read
++
++# Copyright (C) 2025 Free Software Foundation, Inc.
++
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <https://www.gnu.org/licenses/>.
++
++. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
++print_ver_ sort
++getlimits_
++
++# This issue triggers with valgrind or ASAN
++valgrind --error-exitcode=1 sort --version 2>/dev/null &&
++  VALGRIND='valgrind --error-exitcode=1'
++
++{ printf '%s\n' aa bb; } > in || framework_failure_
++
++_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
++compare in out || fail=1
++
++Exit $fail
+-- 
+2.49.0
+

coreutils-df-direct.patch

@@ -1,4 +1,4 @@
-From 91be1a584108a6a3d96f64382bbf206c4213b3db Mon Sep 17 00:00:00 2001
+From d179da4730f414069dd2c0ac995a32398718916c Mon Sep 17 00:00:00 2001
 From: Kamil Dudka <kdudka@redhat.com>
 Date: Mon, 29 Mar 2010 17:20:34 +0000
 Subject: [PATCH] coreutils-df-direct.patch
@@ -11,10 +11,10 @@ Subject: [PATCH] coreutils-df-direct.patch
  create mode 100755 tests/df/direct.sh
 
 diff --git a/doc/coreutils.texi b/doc/coreutils.texi
-index b420606..0ccb368 100644
+index ec58f6c..17cda80 100644
 --- a/doc/coreutils.texi
 +++ b/doc/coreutils.texi
-@@ -12597,6 +12597,13 @@ some systems (notably Solaris), doing this yields more up to date results,
+@@ -12467,6 +12467,13 @@ some systems (notably Solaris), doing this yields more up to date results,
  but in general this option makes @command{df} much slower, especially when
  there are many or very busy file systems.
  
@@ -29,10 +29,10 @@ index b420606..0ccb368 100644
  @opindex --total
  @cindex grand total of file system size, usage and available space
 diff --git a/src/df.c b/src/df.c
-index 75e638c..ef9f0a7 100644
+index 5c7efd8..52ece19 100644
 --- a/src/df.c
 +++ b/src/df.c
-@@ -121,6 +121,9 @@ static bool print_type;
+@@ -122,6 +122,9 @@ static bool print_type;
  /* If true, print a grand total at the end.  */
  static bool print_grand_total;
  
@@ -42,7 +42,7 @@ index 75e638c..ef9f0a7 100644
  /* Grand total data.  */
  static struct fs_usage grand_fsu;
  
-@@ -248,13 +251,15 @@ enum
+@@ -249,13 +252,15 @@ enum
    NO_SYNC_OPTION = CHAR_MAX + 1,
    SYNC_OPTION,
    TOTAL_OPTION,
@@ -71,7 +71,7 @@ index 75e638c..ef9f0a7 100644
  
        if (columns[col]->field == SIZE_FIELD
            && (header_mode == DEFAULT_MODE
-@@ -1446,6 +1454,17 @@ get_point (char const *point, const struct stat *statp)
+@@ -1452,6 +1460,17 @@ get_point (char const *point, const struct stat *statp)
  static void
  get_entry (char const *name, struct stat const *statp)
  {
@@ -89,7 +89,7 @@ index 75e638c..ef9f0a7 100644
    if ((S_ISBLK (statp->st_mode) || S_ISCHR (statp->st_mode))
        && get_device (name))
      return;
-@@ -1516,6 +1535,7 @@ or all file systems by default.\n\
+@@ -1522,6 +1541,7 @@ or all file systems by default.\n\
    -B, --block-size=SIZE  scale sizes by SIZE before printing them; e.g.,\n\
                             '-BM' prints sizes in units of 1,048,576 bytes;\n\
                             see SIZE format below\n\
@@ -97,7 +97,7 @@ index 75e638c..ef9f0a7 100644
    -h, --human-readable  print sizes in powers of 1024 (e.g., 1023M)\n\
    -H, --si              print sizes in powers of 1000 (e.g., 1.1G)\n\
  "), stdout);
-@@ -1610,6 +1630,9 @@ main (int argc, char **argv)
+@@ -1616,6 +1636,9 @@ main (int argc, char **argv)
                xstrtol_fatal (e, oi, c, long_options, optarg);
            }
            break;
@@ -107,7 +107,7 @@ index 75e638c..ef9f0a7 100644
          case 'i':
            if (header_mode == OUTPUT_MODE)
              {
-@@ -1706,6 +1729,13 @@ main (int argc, char **argv)
+@@ -1712,6 +1735,13 @@ main (int argc, char **argv)
          }
      }
  
@@ -183,5 +183,5 @@ index 0000000..8e4cfb8
 +
 +Exit $fail
 -- 
-2.52.0
+2.48.1
 

coreutils-python3.patch

@@ -1,4 +1,4 @@
-From 8927d505ecb5334f09c48ef98ef1f464f581d0f7 Mon Sep 17 00:00:00 2001
+From f1a6e8d840a28eb2ab7a488e0d06450b7192c76d Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Tue, 2 Apr 2024 14:11:26 +0100
 Subject: [PATCH] coreutils-python3.patch
@@ -10,10 +10,10 @@ Subject: [PATCH] coreutils-python3.patch
  3 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/init.cfg b/init.cfg
-index ac05f7b..26d9516 100644
+index 612d287..9a6fa2d 100644
 --- a/init.cfg
 +++ b/init.cfg
-@@ -601,10 +601,10 @@ seek_data_capable_()
+@@ -597,10 +597,10 @@ seek_data_capable_()
  # Skip the current test if "." lacks d_type support.
  require_dirent_d_type_()
  {
@@ -37,7 +37,7 @@ index 1a2f76f..42d3924 100644
  # Intended to exit 0 only on Linux/GNU systems.
  import os
 diff --git a/tests/du/move-dir-while-traversing.sh b/tests/du/move-dir-while-traversing.sh
-index adf482b..cf9214a 100755
+index 1d0a359..bd03542 100755
 --- a/tests/du/move-dir-while-traversing.sh
 +++ b/tests/du/move-dir-while-traversing.sh
 @@ -21,8 +21,8 @@ print_ver_ du
@@ -61,5 +61,5 @@ index adf482b..cf9214a 100755
  import os,sys
  
 -- 
-2.51.0
+2.48.1
 

coreutils-selinux.patch

@@ -0,0 +1,87 @@
+From fc96cab095d704e8bf9934812dd8d6f87fbf4be4 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 30 Aug 2023 17:19:58 +0200
+Subject: [PATCH] coreutils-selinux.patch
+
+---
+ src/cp.c      | 19 ++++++++++++++++++-
+ src/install.c | 12 +++++++++++-
+ 2 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/src/cp.c b/src/cp.c
+index a0ec067..1169c6a 100644
+--- a/src/cp.c
++++ b/src/cp.c
+@@ -996,7 +996,7 @@ main (int argc, char **argv)
+   selinux_enabled = (0 < is_selinux_enabled ());
+   cp_option_init (&x);
+ 
+-  while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:TZ",
++  while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ",
+                            long_opts, nullptr))
+          != -1)
+     {
+@@ -1048,6 +1048,23 @@ main (int argc, char **argv)
+           copy_contents = true;
+           break;
+ 
++        case 'c':
++          fprintf (stderr, "%s: warning: option '-c' is deprecated,"
++                  " please use '--preserve=context' instead\n", argv[0]);
++          if (x.set_security_context)
++            {
++              fprintf (stderr,
++                      "%s: cannot force target context and preserve it\n",
++                      argv[0]);
++              exit (1);
++            }
++          else if (selinux_enabled)
++            {
++              x.preserve_security_context = true;
++              x.require_preserve_context = true;
++            }
++          break;
++
+         case 'd':
+           x.preserve_links = true;
+           x.dereference = DEREF_NEVER;
+diff --git a/src/install.c b/src/install.c
+index b3b26ab..2d2f072 100644
+--- a/src/install.c
++++ b/src/install.c
+@@ -807,7 +807,7 @@ main (int argc, char **argv)
+   dir_arg = false;
+   umask (0);
+ 
+-  while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z", long_options,
++  while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z", long_options,
+                               nullptr))
+          != -1)
+     {
+@@ -872,6 +872,9 @@ main (int argc, char **argv)
+           no_target_directory = true;
+           break;
+ 
++        case 'P':
++          fprintf (stderr, "%s: warning: option '-P' is deprecated,"
++                  " please use '--preserve-context' instead\n", argv[0]);
+         case PRESERVE_CONTEXT_OPTION:
+           if (! selinux_enabled)
+             {
+@@ -879,6 +882,13 @@ main (int argc, char **argv)
+                              "this kernel is not SELinux-enabled"));
+               break;
+             }
++          if (x.set_security_context)
++            {
++              fprintf (stderr,
++                      "%s: cannot force target context and preserve it\n",
++                      argv[0]);
++              exit (1);
++            }
+           x.preserve_security_context = true;
+           use_default_selinux_context = false;
+           break;
+-- 
+2.48.1
+

coreutils.spec

@@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
-Version: 9.9
-Release: 2%{?dist}
+Version: 9.6
+Release: 6%{?dist}
 # some used parts of gnulib are under various variants of LGPL
 License: GPL-3.0-or-later AND GFDL-1.3-no-invariants-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later
 Url:     https://www.gnu.org/software/coreutils/
@@ -32,17 +32,34 @@ Patch103: coreutils-python3.patch
 # df --direct
 Patch104: coreutils-df-direct.patch
 
-# gnulib C23 support
-# https://github.com/coreutils/gnulib/commit/df17f4f37ed3ca373d23ad42eae51122bdb96626
-Patch105: coreutils-9.9-gnulib-c23.patch
+# ls: fix crash with --context
+# https://git.savannah.gnu.org/cgit/coreutils.git/patch/?id=915004f403cb25fadb207ddfdbe6a2f43bd44fac
+Patch105: coreutils-9.6-ls-selinux-crash.patch
 
-# fix cut test failure on aarch64 rawhide (rhbz#2424302)
-# https://github.com/coreutils/coreutils/commit/95044cb5eaea83d02f768feb5ab79fcf5e6ad782
-Patch106: coreutils-9.9-fix-cut-test-aarch64.patch
+# who: fix -m with guessed tty names (rhbz#2343998)
+# https://git.savannah.gnu.org/cgit/coreutils.git/patch/?id=24450e5eecf012bc1ea8cab8d677a45fa42c1778
+Patch106: coreutils-9.6-who-m-systemd.patch
+
+# cp/mv: do not fail when copying of trivial NFSv4 ACLs fails (rhbz#2363149)
+# https://git.savannah.gnu.org/cgit/gnulib.git/patch?id=41e7b7e0d159d8ac0eb385964119f350ac9dfc3f
+# https://git.savannah.gnu.org/cgit/gnulib.git/patch?id=8a356b77717a2e4f735ec06e326880ca1f61aadb
+# https://git.savannah.gnu.org/cgit/gnulib.git/patch?id=955360a66c99bdd9ac3688519a8b521b06958fd3
+Patch107: coreutils-9.6-cp-improve-nfsv4-acl-support.patch
+
+# sort: fix buffer under-read (CVE-2025-5278)
+# https://cgit.git.savannah.gnu.org/cgit/coreutils.git/patch/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
+Patch108: coreutils-CVE-2025-5278.patch
+
+# ls: fix crash on systems with SELinux but without xattr support (rhbz#2376721)
+# https://cgit.git.savannah.gnu.org/cgit/coreutils.git/patch/?id=cb2abbac7f9e40e0f0d6183bf9b11e80b0cad8ef
+Patch109: coreutils-9.6-ls-selinux-crash-2.patch
 
 # (sb) lin18nux/lsb compliance - multibyte functionality patch
 Patch800: coreutils-i18n.patch
 
+# downstream SELinux options deprecated since 2009
+Patch950: coreutils-selinux.patch
+
 Conflicts: filesystem < 3
 
 # To avoid clobbering installs
@@ -164,7 +181,7 @@ find tests -name '*.sh' -perm 0644 -print -exec chmod 0755 '{}' '+'
 
 # FIXME: Force a newer gettext version to workaround `autoreconf -i` errors
 # with coreutils 9.6 and bundled gettext 0.19.2 from gettext-common-devel.
-sed -i "s/0.19.2/$(rpm -q --queryformat '%%{VERSION}\n' gettext-devel)/" bootstrap.conf configure.ac
+sed -i 's/0.19.2/0.22.5/' bootstrap.conf configure.ac
 
 autoreconf -fiv
 
@@ -286,37 +303,18 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %license COPYING
 
 %changelog
-* Tue Jan 13 2026 Lukáš Zaoral <lzaoral@redhat.com> - 9.9-2
-- fix cut test failure on aarch64 rawhide (rhbz#2424302)
-
-* Wed Nov 26 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.9-1
-- rebase to latest upstream release (rhbz#2413803)
-
-* Mon Sep 29 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.8-3
+* Mon Sep 29 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.6-6
 - require gnulib-l10n for translations of gnulib messages (rhbz#2393892)
 
-* Thu Sep 25 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.8-2
-- tail: fix tailing larger number of lines in regular files (rhbz#2398008)
+* Tue Jul 08 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.6-5
+- ls: fix crash on systems with SELinux but without xattr support (rhbz#2376721)
 
-* Wed Sep 24 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.8-1
-- rebase to latest upstream release (rhbz#2397467)
-- remove downstream patch for selinux options deprecated since 2009
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 9.7-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Mon Jun 30 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.7-4
-- stty: add support for arbitrary baud rates (rhbz#2375439)
-
-* Wed May 28 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.7-3
+* Wed May 28 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.6-4
 - sort: fix buffer under-read (CVE-2025-5278)
 
-* Mon May 19 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.7-2
+* Mon May 19 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.6-3
 - cp/mv: do not fail when copying of trivial NFSv4 ACLs fails (rhbz#2363149)
 
-* Wed Apr 09 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.7-1
-- rebase to latest upstream release (rhbz#2358624)
-
 * Tue Feb 25 2025 Lukáš Zaoral <lzaoral@redhat.com> - 9.6-2
 - fix 'who -m' with guessed tty names (rhbz#2343998)
 

sources

@@ -1,2 +1,2 @@
-SHA512 (coreutils-9.9.tar.xz.sig) = 0a3dfdfa6b4234e2e1d42142269f959bdf3cf8f6605a50270a27eff84dd22588f182121f7dd3eeb04be45f5109d02690215065b3d3b43882874d0e165a1435d0
-SHA512 (coreutils-9.9.tar.xz) = e7b0e59f7732d2c098ea4934014f470248bd5c4764210e9200a698010a8e3b95bbb26e543f0cd73ed5a4b8e1f8cda932c73f39954d68175e4deaa47526610c65
+SHA512 (coreutils-9.6.tar.xz) = 398391d7f9d77e6117b750abb8711eebdd9cd2549e7846cab26884fb2dd522b6bcfb8bf7fef35a12683e213ada7f89b817bf615628628d42aee3fa3102647b28
+SHA512 (coreutils-9.6.tar.xz.sig) = a8e578b5e1d053b49e3e2c5dc94431d17c6a14662f459b2174cea23865ccca32e5ae5c13fedb0a8345d25269a9b98cb7f463a897c9663f9f9bcaf61e5c781378