Fix post-rebase issues

- Remove 0141-tests-change-sockopt-timestamp-test-to-use-syscall-_.patch
   (v5.13-10-g0211fdc "tests: change sockopt-timestamp test to use syscall(__NR_recvmsg)")
 - Remove 0150-filter_qualify-free-allocated-data-on-the-error-path.patch
   (v5.13-55-g6b2191f "filter_qualify: free allocated data on the error path exit of parse_poke_token")
 - Remove 0151-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch
   (v5.13-56-g80dc60c "macros: expand BIT macros, add MASK macros; add *_SAFE macros")
 - Remove 0152-trie-use-BIT-and-MASK-macros.patch
   (v5.13-58-g94ae5c2 "trie: use BIT* and MASK* macros")
 - Remove 0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
   (v5.13-65-g41b753e "tee: rewrite num_params access in tee_fetch_buf_data")
 - Remove 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch
   (v5.14~12 "tests: call setsockopt directly in sockopt-timestamp")
 - Remove 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
   (v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition")
 - Remove 0168-m4-fix-st_SELINUX-check.patch
   (v5.15~18 "m4: fix st_SELINUX check")
 - Remove 0169-Implement-displaying-of-expected-context-upon-mismat.patch
   (v5.16~31 "Implement displaying of expected context upon mismatch")
 - Remove 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
   (v5.17~42 "tests/linkat: reset errno before SELinux context manipulation")
 - Remove 0171-tests-secontext-add-secontext-field-getters.patch
   (v5.17~41 "tests/secontext: add secontext field getters")
 - Remove 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
   (v5.17~40 "tests/linkat: provide fallback values for secontext fields changes")
 - Remove 0173-tests-secontext-eliminate-separate-secontext_format-.patch
   (v5.17~39 "tests/secontext: eliminate separate secontext_format declaration")
 - Remove 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
   (v5.17~38 "tests/linkat: reset context to the expected one if a mismatch has been detected")

* .gitignore (/strace-5.17.tar.xz): Remove.
(/strace-5.18.tar.xz): New record.
* 0141-tests-change-sockopt-timestamp-test-to-use-syscall-_.patch:
Remove.
* 0150-filter_qualify-free-allocated-data-on-the-error-path.patch:
Likewise.
* 0151-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch:
Likewise.
* 0152-trie-use-BIT-and-MASK-macros.patch: Likewise.
* 0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch:
Likewise.
* 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch:
Likewise.
* 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch: Likewise.
* 0168-m4-fix-st_SELINUX-check.patch: Likewise.
* 0169-Implement-displaying-of-expected-context-upon-mismat.patch:
Likewise.
* 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch:
Likewise.
* 0171-tests-secontext-add-secontext-field-getters.patch: Likewise.
* 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch:
Likewise.
* 0173-tests-secontext-eliminate-separate-secontext_format-.patch:
Likewise.
* 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch:
Likewise.
* sources (strace-5.13.tar.xz): Replace with...
(strace-5.18.tar.xz): ...this version.
* strace.spec (Version): Bump to 5.18.
(Release): Reset to 1.
(Patch141, Patch150, Patch151, Patch152, Patch153, Patch154, Patch167,
Patch168, Patch169, Patch170, Patch171, Patch172, Patch173, Patch174):
Remove.
(%prep): Do not apply them;  adjust man page date generation in accordance
with strace.spec.in changes.
(%changelog): New record about 5.18-1.

Resolves: #2084002
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>

.gitignore

@@ -1 +1 @@
-/strace-5.10.tar.xz
+/strace-5.18.tar.xz

.strace.metadata

@@ -0,0 +1 @@
+e038ea9fc29366ce6119cde27d8cf16ac554a353 strace-5.18.tar.xz

0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch

@@ -0,0 +1,58 @@
+From 2bf069698a384ff2bc62d2a10544d49d766b4d7f Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Mon, 27 Jun 2022 18:00:17 +0200
+Subject: [PATCH] src/xlat: remove remnants of unnecessary idx usage in xlookup
+
+As there is no idx saving between calls anymore, there's no need to use
+(and update) idx in the XT_SORTED case.  Reported by clang as a dead store:
+
+    Error: CLANG_WARNING:
+    strace-5.18/src/xlat.c:84:4: warning[deadcode.DeadStores]: Value stored to 'idx' is never read
+
+* src/xlat.c (xlookup): Remove idx declaration;  declare idx inside
+of the for loop in the XT_NORMAL case; do not offset x->data and x->size
+by offs in the XT_SORTED case and do not update idx upon successful
+lookup.
+
+Complements: v5.15~164 "xlat: no longer interpret NULL xlat as continuation"
+---
+ src/xlat.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+Index: strace-5.18/src/xlat.c
+===================================================================
+--- strace-5.18.orig/src/xlat.c	2022-07-12 17:11:52.660927011 +0200
++++ strace-5.18/src/xlat.c	2022-07-12 17:16:18.116794139 +0200
+@@ -61,7 +61,6 @@
+ const char *
+ xlookup(const struct xlat *x, const uint64_t val)
+ {
+-	size_t idx = 0;
+ 	const struct xlat_data *e;
+ 
+ 	if (!x || !x->data)
+@@ -69,21 +68,18 @@
+ 
+ 	switch (x->type) {
+ 	case XT_NORMAL:
+-		for (; idx < x->size; idx++)
++		for (size_t idx = 0; idx < x->size; idx++)
+ 			if (x->data[idx].val == val)
+ 				return x->data[idx].str;
+ 		break;
+ 
+ 	case XT_SORTED:
+ 		e = bsearch((const void *) &val,
+-			    x->data + idx,
+-			    x->size - idx,
++			    x->data, x->size,
+ 			    sizeof(x->data[0]),
+ 			    xlat_bsearch_compare);
+-		if (e) {
+-			idx = e - x->data;
++		if (e)
+ 			return e->str;
+-		}
+ 		break;
+ 
+ 	case XT_INDEXED:

0176-strauss-tips-whitespace-and-phrasing-cleanups.patch

@@ -0,0 +1,56 @@
+From e604d7bfd18cf5f29e6723091cc1db2945c918c9 Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Tue, 28 Jun 2022 16:46:53 +0200
+Subject: [PATCH] strauss: tips whitespace and phrasing cleanups
+
+* src/strauss.c (tips_tricks_tweaks): Fix some whitespace and phrasing
+issues.
+---
+ src/strauss.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+Index: strace-5.18/src/strauss.c
+===================================================================
+--- strace-5.18.orig/src/strauss.c	2022-07-12 17:17:08.712197019 +0200
++++ strace-5.18/src/strauss.c	2022-07-12 17:17:20.685055717 +0200
+@@ -128,8 +128,8 @@
+ 	{ "strace is about as old as the Linux kernel.",
+ 	  "It has been originally written for SunOS",
+ 	  "by Paul Kranenburg in 1991.  The support",
+-	  "for all OSes except Linux has been dropped",
+-	  "since 2012, though, in strace 4.7." },
++	  "for all OSes except Linux was dropped"
++	  "in 2012, though, in strace 4.7." },
+ 	{ "strace is able to decode netlink messages.",
+ 	  "It does so automatically for I/O performed",
+ 	  "on netlink sockets.  Try it yourself:", "",
+@@ -187,7 +187,7 @@
+ 	  "want to try --seccomp-bpf option, maybe you",
+ 	  "will feel better." },
+ 	{ "-v is a shorthand for -e abbrev=none and not",
+-	  " for -e verbose=all. It is idiosyncratic,",
++	  "for -e verbose=all.  It is idiosyncratic,",
+ 	  "but it is the historic behaviour." },
+ 	{ "strace uses netlink for printing",
+ 	  "protocol-specific information about socket",
+@@ -254,7 +254,7 @@
+ 	  "by invoking it with the following options:", "",
+ 	  "    strace -DDDqqq -enone --signal=none" },
+ 	{ "Historically, supplying -o option to strace",
+-	  "led to silencing of messages about tracee",
++	  "leads to silencing of messages about tracee",
+ 	  "attach/detach and personality changes.",
+ 	  "It can be now overridden with --quiet=none",
+ 	  "option." },
+@@ -285,8 +285,9 @@
+ 	  "will trace all syscalls related to accessing",
+ 	  "and modifying process's user/group IDs",
+ 	  "and capability sets.  Other pre-defined",
+-	  "syscall classes include %clock, %desc,%file,",
+-	  "%ipc,%memory, %net,%process, and %signal." },
++	  "syscall classes include %clock, %desc,"
++	  "%file, %ipc, %memory, %net, %process,"
++	  "and %signal." },
+ 	{ "Trying to figure out communication between",
+ 	  "tracees inside a different PID namespace",
+ 	  "(in so-called \"containers\", for example)?",

0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch

@@ -0,0 +1,48 @@
+From 968789d5426442ac43b96eabd65f3e5c0c141e62 Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Tue, 28 Jun 2022 16:47:56 +0200
+Subject: [PATCH] strauss: fix off-by-one error in strauss array access
+
+It has to be limited with strauss_lines - 1, not strauss_lines.
+Reported by covscan:
+
+    Error: OVERRUN (CWE-119):
+    strace-5.18/src/strauss.c:380: cond_at_least: Checking "4UL + i < 37UL"
+    implies that "i" is at least 33 on the false branch.
+    strace-5.18/src/strauss.c:380: overrun-local: Overrunning array "strauss"
+    of 37 8-byte elements at element index 37 (byte offset 303) using index
+    "(4UL + i < 37UL) ? 4UL + i : 37UL" (which evaluates to 37).
+
+* src/strauss.c (print_totd): Limit strauss array accesses to
+strauss_lines - 1 instead of strauss_lines.
+---
+ src/strauss.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/strauss.c b/src/strauss.c
+index 98af183..b22ab6a 100644
+--- a/src/strauss.c
++++ b/src/strauss.c
+@@ -373,16 +373,16 @@ print_totd(void)
+ 			tip_left[MIN(i + 1, ARRAY_SIZE(tip_left) - 1)],
+ 			w, w, tips_tricks_tweaks[id][i] ?: "",
+ 			tip_right[MIN(i + 1, ARRAY_SIZE(tip_right) - 1)],
+-			strauss[MIN(3 + i, strauss_lines)]);
++			strauss[MIN(3 + i, strauss_lines - 1)]);
+ 	}
+ 	fprintf(stderr, "%s%s\n",
+-		tip_bottom, strauss[MIN(3 + i, strauss_lines)]);
++		tip_bottom, strauss[MIN(3 + i, strauss_lines - 1)]);
+ 	do {
+ 		fprintf(stderr, "%*s%*s%*s%s\n",
+ 			(int) strlen(tip_left[0]), "",
+ 			w, "",
+ 			(int) strlen(tip_right[0]), "",
+-			strauss[MIN(4 + i, strauss_lines)]);
++			strauss[MIN(4 + i, strauss_lines - 1)]);
+ 	} while ((show_tips == TIPS_FULL) && (4 + ++i < strauss_lines));
+ 
+ 	printed = true;
+-- 
+2.1.4
+

0178-util-add-offs-sanity-check-to-print_clock_t.patch

@@ -0,0 +1,62 @@
+From 6d3e97e83a7d61cbb2f5109efb4b519383a55712 Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Tue, 28 Jun 2022 16:55:49 +0200
+Subject: [PATCH] util: add offs sanity check to print_clock_t
+
+While it is not strictly needed right now, the code that uses
+the calculated offs value lacks any checks for possible buf overruns,
+which is not defensive enough, so let's add them.  Reported by covscan:
+
+    Error: OVERRUN (CWE-119):
+    strace-5.18/src/util.c:248: assignment: Assigning:
+    "offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
+    16 and 31 (inclusive).
+    strace-5.18/src/util.c:249: overrun-local: Overrunning array of 30 bytes
+    at byte offset 31 by dereferencing pointer "buf + offs". [Note: The source
+    code implementation of the function has been overridden by a builtin model.]
+
+    Error: OVERRUN (CWE-119):
+    strace-5.18/src/util.c:248: assignment: Assigning:
+    "offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
+    16 and 31 (inclusive).
+    strace-5.18/src/util.c:253: overrun-buffer-arg: Overrunning array "buf"
+    of 30 bytes by passing it to a function which accesses it at byte offset
+    32 using argument "offs + 2UL" (which evaluates to 33). [Note: The source
+    code implementation of the function has been overridden by a builtin model.]
+
+    Error: OVERRUN (CWE-119):
+    strace-5.18/src/util.c:248: assignment: Assigning:
+    "offs" = "ilog10(val / clk_tck)". The value of "offs" is now between
+    16 and 31 (inclusive).
+    strace-5.18/src/util.c:254: overrun-local: Overrunning array "buf"
+    of 30 bytes at byte offset 32 using index "offs + 1UL" (which evaluates
+    to 32).
+
+* src/util.c (print_clock_t): Add check that offs is small enough
+for it and "offs + 2" not to overrun buf.
+---
+ src/util.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/util.c b/src/util.c
+index 5f87acb..93aa7b3 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -246,6 +246,14 @@ print_clock_t(uint64_t val)
+ 		 */
+ 		char buf[sizeof(uint64_t) * 3 + sizeof("0.0 s")];
+ 		size_t offs = ilog10(val / clk_tck);
++		/*
++		 * This check is mostly to appease covscan, which thinks
++		 * that offs can go as high as 31 (it cannot), but since
++		 * there is no proper sanity checks against offs overrunning
++		 * buf down the code, it may as well be here.
++		 */
++		if (offs > (sizeof(buf) - sizeof("0.0 s")))
++			return;
+ 		int ret = snprintf(buf + offs, sizeof(buf) - offs, "%.*f s",
+ 				   frac_width,
+ 				   (double) (val % clk_tck) / clk_tck);
+-- 
+2.1.4
+

0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch

@@ -0,0 +1,882 @@
+From 960e78f208b4f6d48962bbc9cad45588cc8c90ad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
+Date: Tue, 21 Jun 2022 08:43:00 +0200
+Subject: [PATCH] secontext: print context of Unix socket's sun_path field
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
+
+* src/sockaddr.c: Include "secontext.h".
+(print_sockaddr_data_un): Print the SELinux context of sun_path field
+using selinux_printfilecon.
+* NEWS: Mention this change.
+* tests/secontext.c (raw_secontext_full_fd, get_secontext_field_fd,
+raw_secontext_short_fd, secontext_full_fd, secontext_short_fd): New
+functions.
+* tests/secontext.h (secontext_full_fd, secontext_short_fd,
+get_secontext_field_fd): New prototypes.
+(SECONTEXT_FD): New macro.
+* tests/sockname.c: Include "secontext.h".
+(test_sockname_syscall): Update expected output.
+* tests/gen_tests.in (getsockname--secontext,
+getsockname--secontext_full, getsockname--secontext_full_mismatch,
+getsockname--secontext_mismatch): New tests.
+
+Resolves: https://github.com/strace/strace/pull/214
+---
+ NEWS               |  1 +
+ src/sockaddr.c     |  3 +++
+ tests/gen_tests.in |  4 ++++
+ tests/secontext.c  | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
+ tests/secontext.h  | 12 ++++++++++++
+ tests/sockname.c   | 54 +++++++++++++++++++++++++++++++++++-------------------
+ 6 files changed, 104 insertions(+), 19 deletions(-)
+
+Index: strace-5.18/NEWS
+===================================================================
+--- strace-5.18.orig/NEWS	2022-07-12 18:20:18.495470531 +0200
++++ strace-5.18/NEWS	2022-07-12 18:20:44.531163262 +0200
+@@ -5,6 +5,7 @@
+   * Added an interface of raising des Strausses awareness.
+   * Added --tips option to print strace tips, tricks, and tweaks
+     at the end of the tracing session.
++  * Implemented printing of Unix socket sun_path field's SELinux context.
+   * Enhanced decoding of bpf and io_uring_register syscalls.
+   * Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl
+     commands.
+Index: strace-5.18/src/sockaddr.c
+===================================================================
+--- strace-5.18.orig/src/sockaddr.c	2022-07-12 18:17:36.745379483 +0200
++++ strace-5.18/src/sockaddr.c	2022-07-12 18:20:18.495470531 +0200
+@@ -63,6 +63,8 @@
+ #include "xlat/mctp_addrs.h"
+ #include "xlat/mctp_nets.h"
+ 
++#include "secontext.h"
++
+ #define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family)
+ 
+ struct sockaddr_rxrpc {
+@@ -115,6 +117,7 @@
+ 	if (sa_un->sun_path[0]) {
+ 		print_quoted_string(sa_un->sun_path, path_len + 1,
+ 				    QUOTE_0_TERMINATED);
++		selinux_printfilecon(tcp, sa_un->sun_path);
+ 	} else {
+ 		tprints("@");
+ 		print_quoted_string(sa_un->sun_path + 1, path_len - 1, 0);
+Index: strace-5.18/tests/gen_tests.in
+===================================================================
+--- strace-5.18.orig/tests/gen_tests.in	2022-07-12 18:17:36.746379471 +0200
++++ strace-5.18/tests/gen_tests.in	2022-07-12 18:20:18.496470519 +0200
+@@ -225,6 +225,10 @@
+ getsid	-a10
+ getsid--pidns-translation	test_pidns -e trace=getsid -a10
+ getsockname	-a27
++getsockname--secontext	-a27 --secontext -e trace=getsockname
++getsockname--secontext_full	-a27 --secontext=full -e trace=getsockname
++getsockname--secontext_full_mismatch	-a27 --secontext=full,mismatch -e trace=getsockname
++getsockname--secontext_mismatch	-a27 --secontext=mismatch -e trace=getsockname
+ gettid	-a9
+ getuid-creds	+getuid.test
+ getuid32	+getuid.test
+Index: strace-5.18/tests/secontext.c
+===================================================================
+--- strace-5.18.orig/tests/secontext.c	2022-07-12 18:17:36.747379459 +0200
++++ strace-5.18/tests/secontext.c	2022-07-12 18:20:18.496470519 +0200
+@@ -141,6 +141,21 @@
+ 	return full_secontext;
+ }
+ 
++static char *
++raw_secontext_full_fd(int fd)
++{
++	int saved_errno = errno;
++	char *full_secontext = NULL;
++	char *secontext;
++
++	if (fgetfilecon(fd, &secontext) >= 0) {
++		full_secontext = strip_trailing_newlines(xstrdup(secontext));
++		freecon(secontext);
++	}
++	errno = saved_errno;
++	return full_secontext;
++}
++
+ char *
+ get_secontext_field_file(const char *file, enum secontext_field field)
+ {
+@@ -151,6 +166,16 @@
+ 	return type;
+ }
+ 
++char *
++get_secontext_field_fd(int fd, enum secontext_field field)
++{
++	char *ctx = raw_secontext_full_fd(fd);
++	char *type =  get_secontext_field(ctx, field);
++	free(ctx);
++
++	return type;
++}
++
+ static char *
+ raw_secontext_short_file(const char *filename)
+ {
+@@ -158,6 +183,12 @@
+ }
+ 
+ static char *
++raw_secontext_short_fd(int fd)
++{
++	return get_secontext_field_fd(fd, SECONTEXT_TYPE);
++}
++
++static char *
+ raw_secontext_full_pid(pid_t pid)
+ {
+ 	int saved_errno = errno;
+@@ -205,6 +236,15 @@
+ }
+ 
+ char *
++secontext_full_fd(int fd)
++{
++	int saved_errno = errno;
++	char *context = raw_secontext_full_fd(fd);
++	errno = saved_errno;
++	return FORMAT_SPACE_BEFORE(context);
++}
++
++char *
+ secontext_full_pid(pid_t pid)
+ {
+ 	return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
+@@ -228,6 +268,15 @@
+ 	errno = saved_errno;
+ 	return FORMAT_SPACE_BEFORE(context);
+ }
++
++char *
++secontext_short_fd(int fd)
++{
++	int saved_errno = errno;
++	char *context = raw_secontext_short_fd(fd);
++	errno = saved_errno;
++	return FORMAT_SPACE_BEFORE(context);
++}
+ 
+ char *
+ secontext_short_pid(pid_t pid)
+Index: strace-5.18/tests/secontext.h
+===================================================================
+--- strace-5.18.orig/tests/secontext.h	2022-07-12 18:17:36.747379459 +0200
++++ strace-5.18/tests/secontext.h	2022-07-12 18:20:18.496470519 +0200
+@@ -9,9 +9,11 @@
+ #include "xmalloc.h"
+ #include <unistd.h>
+ 
++char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
+ char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
+ char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+ 
++char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
+ char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
+ char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
+ 
+@@ -30,6 +32,7 @@
+  */
+ char *get_secontext_field(const char *full_context, enum secontext_field field);
+ 
++char *get_secontext_field_fd(int fd, enum secontext_field field);
+ char *get_secontext_field_file(const char *file, enum secontext_field field);
+ 
+ void reset_secontext_file(const char *file);
+@@ -44,6 +47,7 @@
+ #  else
+ #   define SECONTEXT_FILE(filename)	secontext_full_file(filename, false)
+ #  endif
++#  define SECONTEXT_FD(fd)		secontext_full_fd(fd)
+ #  define SECONTEXT_PID(pid)		secontext_full_pid(pid)
+ 
+ # else
+@@ -53,6 +57,7 @@
+ #  else
+ #   define SECONTEXT_FILE(filename)	secontext_short_file(filename, false)
+ #  endif
++#  define SECONTEXT_FD(fd)		secontext_short_fd(fd)
+ #  define SECONTEXT_PID(pid)		secontext_short_pid(pid)
+ 
+ # endif
+@@ -65,6 +70,12 @@
+ 	return NULL;
+ }
+ static inline char *
++get_secontext_field_fd(int fd, enum secontext_field field)
++{
++	return NULL;
++}
++
++static inline char *
+ get_secontext_field_file(const char *file, enum secontext_field field)
+ {
+ 	return NULL;
+@@ -81,6 +92,7 @@
+ {
+ }
+ 
++# define SECONTEXT_FD(fd)			xstrdup("")
+ # define SECONTEXT_FILE(filename)		xstrdup("")
+ # define SECONTEXT_PID(pid)			xstrdup("")
+ 
+Index: strace-5.18/tests/sockname.c
+===================================================================
+--- strace-5.18.orig/tests/sockname.c	2022-07-12 18:17:36.748379448 +0200
++++ strace-5.18/tests/sockname.c	2022-07-12 18:20:18.496470519 +0200
+@@ -18,6 +18,8 @@
+ #include <sys/socket.h>
+ #include <sys/un.h>
+ 
++#include "secontext.h"
++
+ #ifndef TEST_SYSCALL_NAME
+ # error TEST_SYSCALL_NAME must be defined
+ #endif
+@@ -59,14 +61,19 @@
+ 	*plen = sizeof(struct sockaddr_un);
+ 	struct sockaddr_un *addr = tail_alloc(*plen);
+ 
++	char *my_secontext = SECONTEXT_PID_MY();
++	char *fd_secontext = SECONTEXT_FD(fd);
++
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
+ 				   plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
+ 	       ", [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ 	       (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
+ 
+ 	memset(addr, 0, sizeof(*addr));
+@@ -75,28 +82,34 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
+ 	       ", [%d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ 	       (int) *plen, SUFFIX_STR, rc);
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, NULL%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
+-	       sprintrc(rc));
++	printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
++	       addr, SUFFIX_STR, sprintrc(rc));
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
+-	printf("%s(%d%s, NULL, NULL%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
++	printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext,
++	       rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ 	       SUFFIX_STR, sprintrc(rc));
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
+ 			       plen + 1 SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, %p%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
++	printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
+ 	       plen + 1, SUFFIX_STR, sprintrc(rc));
+ 
+ 	const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
+@@ -108,8 +121,9 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR,
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ 	       (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
+ 
+ 	++addr;
+@@ -121,17 +135,19 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
+ 	       ", [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ 	       (int) (sizeof(struct sockaddr) - offsetof_sun_path),
+-	       addr->sun_path, (int) sizeof(struct sockaddr),
+-	       (int) *plen, SUFFIX_STR, rc);
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
++	       (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
+ 			       plen SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, [%d]%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
++	printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
+ 	       *plen, SUFFIX_STR, sprintrc(rc));
+ }
+Index: strace-5.18/tests-m32/secontext.c
+===================================================================
+--- strace-5.18.orig/tests-m32/secontext.c	2022-07-12 18:17:36.747379459 +0200
++++ strace-5.18/tests-m32/secontext.c	2022-07-12 18:20:18.496470519 +0200
+@@ -141,6 +141,21 @@
+ 	return full_secontext;
+ }
+ 
++static char *
++raw_secontext_full_fd(int fd)
++{
++	int saved_errno = errno;
++	char *full_secontext = NULL;
++	char *secontext;
++
++	if (fgetfilecon(fd, &secontext) >= 0) {
++		full_secontext = strip_trailing_newlines(xstrdup(secontext));
++		freecon(secontext);
++	}
++	errno = saved_errno;
++	return full_secontext;
++}
++
+ char *
+ get_secontext_field_file(const char *file, enum secontext_field field)
+ {
+@@ -151,6 +166,16 @@
+ 	return type;
+ }
+ 
++char *
++get_secontext_field_fd(int fd, enum secontext_field field)
++{
++	char *ctx = raw_secontext_full_fd(fd);
++	char *type =  get_secontext_field(ctx, field);
++	free(ctx);
++
++	return type;
++}
++
+ static char *
+ raw_secontext_short_file(const char *filename)
+ {
+@@ -158,6 +183,12 @@
+ }
+ 
+ static char *
++raw_secontext_short_fd(int fd)
++{
++	return get_secontext_field_fd(fd, SECONTEXT_TYPE);
++}
++
++static char *
+ raw_secontext_full_pid(pid_t pid)
+ {
+ 	int saved_errno = errno;
+@@ -205,6 +236,15 @@
+ }
+ 
+ char *
++secontext_full_fd(int fd)
++{
++	int saved_errno = errno;
++	char *context = raw_secontext_full_fd(fd);
++	errno = saved_errno;
++	return FORMAT_SPACE_BEFORE(context);
++}
++
++char *
+ secontext_full_pid(pid_t pid)
+ {
+ 	return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
+@@ -228,6 +268,15 @@
+ 	errno = saved_errno;
+ 	return FORMAT_SPACE_BEFORE(context);
+ }
++
++char *
++secontext_short_fd(int fd)
++{
++	int saved_errno = errno;
++	char *context = raw_secontext_short_fd(fd);
++	errno = saved_errno;
++	return FORMAT_SPACE_BEFORE(context);
++}
+ 
+ char *
+ secontext_short_pid(pid_t pid)
+Index: strace-5.18/tests-m32/secontext.h
+===================================================================
+--- strace-5.18.orig/tests-m32/secontext.h	2022-07-12 18:17:36.747379459 +0200
++++ strace-5.18/tests-m32/secontext.h	2022-07-12 18:20:18.496470519 +0200
+@@ -9,9 +9,11 @@
+ #include "xmalloc.h"
+ #include <unistd.h>
+ 
++char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
+ char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
+ char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+ 
++char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
+ char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
+ char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
+ 
+@@ -30,6 +32,7 @@
+  */
+ char *get_secontext_field(const char *full_context, enum secontext_field field);
+ 
++char *get_secontext_field_fd(int fd, enum secontext_field field);
+ char *get_secontext_field_file(const char *file, enum secontext_field field);
+ 
+ void reset_secontext_file(const char *file);
+@@ -44,6 +47,7 @@
+ #  else
+ #   define SECONTEXT_FILE(filename)	secontext_full_file(filename, false)
+ #  endif
++#  define SECONTEXT_FD(fd)		secontext_full_fd(fd)
+ #  define SECONTEXT_PID(pid)		secontext_full_pid(pid)
+ 
+ # else
+@@ -53,6 +57,7 @@
+ #  else
+ #   define SECONTEXT_FILE(filename)	secontext_short_file(filename, false)
+ #  endif
++#  define SECONTEXT_FD(fd)		secontext_short_fd(fd)
+ #  define SECONTEXT_PID(pid)		secontext_short_pid(pid)
+ 
+ # endif
+@@ -65,6 +70,12 @@
+ 	return NULL;
+ }
+ static inline char *
++get_secontext_field_fd(int fd, enum secontext_field field)
++{
++	return NULL;
++}
++
++static inline char *
+ get_secontext_field_file(const char *file, enum secontext_field field)
+ {
+ 	return NULL;
+@@ -81,6 +92,7 @@
+ {
+ }
+ 
++# define SECONTEXT_FD(fd)			xstrdup("")
+ # define SECONTEXT_FILE(filename)		xstrdup("")
+ # define SECONTEXT_PID(pid)			xstrdup("")
+ 
+Index: strace-5.18/tests-m32/sockname.c
+===================================================================
+--- strace-5.18.orig/tests-m32/sockname.c	2022-07-12 18:17:36.748379448 +0200
++++ strace-5.18/tests-m32/sockname.c	2022-07-12 18:20:18.496470519 +0200
+@@ -18,6 +18,8 @@
+ #include <sys/socket.h>
+ #include <sys/un.h>
+ 
++#include "secontext.h"
++
+ #ifndef TEST_SYSCALL_NAME
+ # error TEST_SYSCALL_NAME must be defined
+ #endif
+@@ -59,14 +61,19 @@
+ 	*plen = sizeof(struct sockaddr_un);
+ 	struct sockaddr_un *addr = tail_alloc(*plen);
+ 
++	char *my_secontext = SECONTEXT_PID_MY();
++	char *fd_secontext = SECONTEXT_FD(fd);
++
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
+ 				   plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
+ 	       ", [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ 	       (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
+ 
+ 	memset(addr, 0, sizeof(*addr));
+@@ -75,28 +82,34 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
+ 	       ", [%d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ 	       (int) *plen, SUFFIX_STR, rc);
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, NULL%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
+-	       sprintrc(rc));
++	printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
++	       addr, SUFFIX_STR, sprintrc(rc));
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
+-	printf("%s(%d%s, NULL, NULL%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
++	printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext,
++	       rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ 	       SUFFIX_STR, sprintrc(rc));
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
+ 			       plen + 1 SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, %p%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
++	printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
+ 	       plen + 1, SUFFIX_STR, sprintrc(rc));
+ 
+ 	const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
+@@ -108,8 +121,9 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR,
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ 	       (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
+ 
+ 	++addr;
+@@ -121,17 +135,19 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
+ 	       ", [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ 	       (int) (sizeof(struct sockaddr) - offsetof_sun_path),
+-	       addr->sun_path, (int) sizeof(struct sockaddr),
+-	       (int) *plen, SUFFIX_STR, rc);
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
++	       (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
+ 			       plen SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, [%d]%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
++	printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
+ 	       *plen, SUFFIX_STR, sprintrc(rc));
+ }
+Index: strace-5.18/tests-mx32/secontext.c
+===================================================================
+--- strace-5.18.orig/tests-mx32/secontext.c	2022-07-12 18:17:36.747379459 +0200
++++ strace-5.18/tests-mx32/secontext.c	2022-07-12 18:20:18.496470519 +0200
+@@ -141,6 +141,21 @@
+ 	return full_secontext;
+ }
+ 
++static char *
++raw_secontext_full_fd(int fd)
++{
++	int saved_errno = errno;
++	char *full_secontext = NULL;
++	char *secontext;
++
++	if (fgetfilecon(fd, &secontext) >= 0) {
++		full_secontext = strip_trailing_newlines(xstrdup(secontext));
++		freecon(secontext);
++	}
++	errno = saved_errno;
++	return full_secontext;
++}
++
+ char *
+ get_secontext_field_file(const char *file, enum secontext_field field)
+ {
+@@ -151,6 +166,16 @@
+ 	return type;
+ }
+ 
++char *
++get_secontext_field_fd(int fd, enum secontext_field field)
++{
++	char *ctx = raw_secontext_full_fd(fd);
++	char *type =  get_secontext_field(ctx, field);
++	free(ctx);
++
++	return type;
++}
++
+ static char *
+ raw_secontext_short_file(const char *filename)
+ {
+@@ -158,6 +183,12 @@
+ }
+ 
+ static char *
++raw_secontext_short_fd(int fd)
++{
++	return get_secontext_field_fd(fd, SECONTEXT_TYPE);
++}
++
++static char *
+ raw_secontext_full_pid(pid_t pid)
+ {
+ 	int saved_errno = errno;
+@@ -205,6 +236,15 @@
+ }
+ 
+ char *
++secontext_full_fd(int fd)
++{
++	int saved_errno = errno;
++	char *context = raw_secontext_full_fd(fd);
++	errno = saved_errno;
++	return FORMAT_SPACE_BEFORE(context);
++}
++
++char *
+ secontext_full_pid(pid_t pid)
+ {
+ 	return FORMAT_SPACE_AFTER(raw_secontext_full_pid(pid));
+@@ -228,6 +268,15 @@
+ 	errno = saved_errno;
+ 	return FORMAT_SPACE_BEFORE(context);
+ }
++
++char *
++secontext_short_fd(int fd)
++{
++	int saved_errno = errno;
++	char *context = raw_secontext_short_fd(fd);
++	errno = saved_errno;
++	return FORMAT_SPACE_BEFORE(context);
++}
+ 
+ char *
+ secontext_short_pid(pid_t pid)
+Index: strace-5.18/tests-mx32/secontext.h
+===================================================================
+--- strace-5.18.orig/tests-mx32/secontext.h	2022-07-12 18:17:36.747379459 +0200
++++ strace-5.18/tests-mx32/secontext.h	2022-07-12 18:20:18.496470519 +0200
+@@ -9,9 +9,11 @@
+ #include "xmalloc.h"
+ #include <unistd.h>
+ 
++char *secontext_full_fd(int) ATTRIBUTE_MALLOC;
+ char *secontext_full_file(const char *, bool) ATTRIBUTE_MALLOC;
+ char *secontext_full_pid(pid_t) ATTRIBUTE_MALLOC;
+ 
++char *secontext_short_fd(int) ATTRIBUTE_MALLOC;
+ char *secontext_short_file(const char *, bool) ATTRIBUTE_MALLOC;
+ char *secontext_short_pid(pid_t) ATTRIBUTE_MALLOC;
+ 
+@@ -30,6 +32,7 @@
+  */
+ char *get_secontext_field(const char *full_context, enum secontext_field field);
+ 
++char *get_secontext_field_fd(int fd, enum secontext_field field);
+ char *get_secontext_field_file(const char *file, enum secontext_field field);
+ 
+ void reset_secontext_file(const char *file);
+@@ -44,6 +47,7 @@
+ #  else
+ #   define SECONTEXT_FILE(filename)	secontext_full_file(filename, false)
+ #  endif
++#  define SECONTEXT_FD(fd)		secontext_full_fd(fd)
+ #  define SECONTEXT_PID(pid)		secontext_full_pid(pid)
+ 
+ # else
+@@ -53,6 +57,7 @@
+ #  else
+ #   define SECONTEXT_FILE(filename)	secontext_short_file(filename, false)
+ #  endif
++#  define SECONTEXT_FD(fd)		secontext_short_fd(fd)
+ #  define SECONTEXT_PID(pid)		secontext_short_pid(pid)
+ 
+ # endif
+@@ -65,6 +70,12 @@
+ 	return NULL;
+ }
+ static inline char *
++get_secontext_field_fd(int fd, enum secontext_field field)
++{
++	return NULL;
++}
++
++static inline char *
+ get_secontext_field_file(const char *file, enum secontext_field field)
+ {
+ 	return NULL;
+@@ -81,6 +92,7 @@
+ {
+ }
+ 
++# define SECONTEXT_FD(fd)			xstrdup("")
+ # define SECONTEXT_FILE(filename)		xstrdup("")
+ # define SECONTEXT_PID(pid)			xstrdup("")
+ 
+Index: strace-5.18/tests-mx32/sockname.c
+===================================================================
+--- strace-5.18.orig/tests-mx32/sockname.c	2022-07-12 18:17:36.748379448 +0200
++++ strace-5.18/tests-mx32/sockname.c	2022-07-12 18:20:18.496470519 +0200
+@@ -18,6 +18,8 @@
+ #include <sys/socket.h>
+ #include <sys/un.h>
+ 
++#include "secontext.h"
++
+ #ifndef TEST_SYSCALL_NAME
+ # error TEST_SYSCALL_NAME must be defined
+ #endif
+@@ -59,14 +61,19 @@
+ 	*plen = sizeof(struct sockaddr_un);
+ 	struct sockaddr_un *addr = tail_alloc(*plen);
+ 
++	char *my_secontext = SECONTEXT_PID_MY();
++	char *fd_secontext = SECONTEXT_FD(fd);
++
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	int rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, (void *) addr,
+ 				   plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
+ 	       ", [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ 	       (int) sizeof(struct sockaddr_un), (int) *plen, SUFFIX_STR, rc);
+ 
+ 	memset(addr, 0, sizeof(*addr));
+@@ -75,28 +82,34 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%s\"%s}"
+ 	       ", [%d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR, addr->sun_path,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
+ 	       (int) *plen, SUFFIX_STR, rc);
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr, 0 SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, NULL%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr, SUFFIX_STR,
+-	       sprintrc(rc));
++	printf("%s%s(%d%s%s, %p, NULL%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR,
++	       addr, SUFFIX_STR, sprintrc(rc));
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_S_ARGS, 0, 0 SUFFIX_ARGS);
+-	printf("%s(%d%s, NULL, NULL%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
++	printf("%s%s(%d%s%s, NULL, NULL%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext,
++	       rc == -1 ? PREFIX_F_STR : PREFIX_S_STR,
+ 	       SUFFIX_STR, sprintrc(rc));
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
+ 			       plen + 1 SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, %p%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
++	printf("%s%s(%d%s%s, %p, %p%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
+ 	       plen + 1, SUFFIX_STR, sprintrc(rc));
+ 
+ 	const size_t offsetof_sun_path = offsetof(struct sockaddr_un, sun_path);
+@@ -108,8 +121,9 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR,
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX}, [%d => %d]%s) = %d\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ 	       (int) offsetof_sun_path, (int) *plen, SUFFIX_STR, rc);
+ 
+ 	++addr;
+@@ -121,17 +135,19 @@
+ 			       plen SUFFIX_ARGS);
+ 	if (rc < 0)
+ 		perror_msg_and_skip(TEST_SYSCALL_STR);
+-	printf("%s(%d%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"}"
++	printf("%s%s(%d%s%s, {sa_family=AF_UNIX, sun_path=\"%.*s\"%s}"
+ 	       ", [%d => %d]%s) = %d\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_S_STR,
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_S_STR,
+ 	       (int) (sizeof(struct sockaddr) - offsetof_sun_path),
+-	       addr->sun_path, (int) sizeof(struct sockaddr),
+-	       (int) *plen, SUFFIX_STR, rc);
++	       addr->sun_path, SECONTEXT_FILE(addr->sun_path),
++	       (int) sizeof(struct sockaddr), (int) *plen, SUFFIX_STR, rc);
+ 
+ 	PREPARE_TEST_SYSCALL_INVOCATION;
+ 	rc = TEST_SYSCALL_NAME(fd PREFIX_F_ARGS, (void *) addr,
+ 			       plen SUFFIX_ARGS);
+-	printf("%s(%d%s, %p, [%d]%s) = %s\n",
+-	       TEST_SYSCALL_STR, fd, PREFIX_F_STR, addr,
++	printf("%s%s(%d%s%s, %p, [%d]%s) = %s\n",
++	       my_secontext,
++	       TEST_SYSCALL_STR, fd, fd_secontext, PREFIX_F_STR, addr,
+ 	       *plen, SUFFIX_STR, sprintrc(rc));
+ }

0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch

@@ -0,0 +1,374 @@
+From 676979fa9cc7920e5e4d547814f9c0edb597fa0d Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Thu, 30 Jun 2022 16:01:05 +0200
+Subject: [PATCH] pathtrace, util: do not print " (deleted)" as part of the
+ path
+
+In order to allow to discern the unlinked paths from the paths that
+do indeed end with " (deleted)".
+
+* src/defs.h (getfdpath_pid): Add deleted parameter.
+(getfdpath): Pass NULL as deleted parameter to getfdpath_pid.
+* src/largefile_wrappers.h (lstat_file): New macro.
+* src/pathtrace.c: Include <sys/stat.h>, <sys/types.h>, <unistd.h>,
+and "largefile_wrappers.h".
+(getfdpath_pid): Add deleted parameter, check if path ends with
+" (deleted)", and if it is, try to figure out if it is a part
+of the path by comparing device/inode numbers of the file procfs
+link resolves into and the file pointed by the path read;  strip
+" (deleted)";  set deleted (if it is non-NULL) to true if the fd
+is turned out to be deleted and to false otherwise.
+* src/util.c (print_quoted_string_in_angle_brackets): Add deleted
+parameter, print "(deleted)" after the closing angle bracket if it is
+non-NULL.
+(printfd_pid): Add deleted local variable, pass it to getfdpath_pid
+and print_quoted_string_in_angle_brackets calls.
+* tests/fchmod.c: Add checks for a file with " (deleted)" in the path,
+update expected output.
+* NEWS: Mention the change.
+---
+ NEWS                     |  5 +++++
+ src/defs.h               |  5 +++--
+ src/largefile_wrappers.h |  2 ++
+ src/pathtrace.c          | 48 +++++++++++++++++++++++++++++++++++++++++++++---
+ src/util.c               | 10 +++++++---
+ tests/fchmod.c           | 47 +++++++++++++++++++++++++++++++++++++++++++----
+ 6 files changed, 105 insertions(+), 12 deletions(-)
+
+Index: strace-5.18/NEWS
+===================================================================
+--- strace-5.18.orig/NEWS	2022-07-13 12:52:48.219784860 +0200
++++ strace-5.18/NEWS	2022-07-13 12:52:48.451782122 +0200
+@@ -1,6 +1,11 @@
+ Noteworthy changes in release 5.18 (2022-06-18)
+ ===============================================
+ 
++* Changes in behaviour
++  * The "(deleted)" marker for unlinked paths of file descriptors is now printed
++    outside angle brackets;  the matching of unlinked paths of file descriptors
++    no longer includes the " (deleted)" part into consideration.
++
+ * Improvements
+   * Added an interface of raising des Strausses awareness.
+   * Added --tips option to print strace tips, tricks, and tweaks
+Index: strace-5.18/src/defs.h
+===================================================================
+--- strace-5.18.orig/src/defs.h	2022-07-13 12:52:29.405006910 +0200
++++ strace-5.18/src/defs.h	2022-07-13 12:52:54.532710356 +0200
+@@ -785,12 +785,13 @@
+ 	return pathtrace_match_set(tcp, &global_path_set);
+ }
+ 
+-extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize);
++extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
++			 bool *deleted);
+ 
+ static inline int
+ getfdpath(struct tcb *tcp, int fd, char *buf, unsigned bufsize)
+ {
+-	return getfdpath_pid(tcp->pid, fd, buf, bufsize);
++	return getfdpath_pid(tcp->pid, fd, buf, bufsize, NULL);
+ }
+ 
+ extern unsigned long getfdinode(struct tcb *, int);
+Index: strace-5.18/src/largefile_wrappers.h
+===================================================================
+--- strace-5.18.orig/src/largefile_wrappers.h	2022-07-13 12:52:29.405006910 +0200
++++ strace-5.18/src/largefile_wrappers.h	2022-07-13 12:52:48.451782122 +0200
+@@ -31,6 +31,7 @@
+ #  endif
+ #  define fstat_fd fstat64
+ #  define strace_stat_t struct stat64
++#  define lstat_file lstat64
+ #  define stat_file stat64
+ #  define struct_dirent struct dirent64
+ #  define read_dir readdir64
+@@ -42,6 +43,7 @@
+ #  define fcntl_fd fcntl
+ #  define fstat_fd fstat
+ #  define strace_stat_t struct stat
++#  define lstat_file lstat
+ #  define stat_file stat
+ #  define struct_dirent struct dirent
+ #  define read_dir readdir
+Index: strace-5.18/src/pathtrace.c
+===================================================================
+--- strace-5.18.orig/src/pathtrace.c	2022-07-13 12:52:29.405006910 +0200
++++ strace-5.18/src/pathtrace.c	2022-07-13 12:52:54.532710356 +0200
+@@ -10,7 +10,11 @@
+ #include "defs.h"
+ #include <limits.h>
+ #include <poll.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <unistd.h>
+ 
++#include "largefile_wrappers.h"
+ #include "number_set.h"
+ #include "sen.h"
+ #include "xstring.h"
+@@ -77,7 +81,7 @@
+  * Get path associated with fd of a process with pid.
+  */
+ int
+-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize)
++getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
+ {
+ 	char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
+ 	ssize_t n;
+@@ -91,12 +95,50 @@
+ 
+ 	xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
+ 	n = readlink(linkpath, buf, bufsize - 1);
++	if (n < 0)
++		goto end;
++
+ 	/*
+ 	 * NB: if buf is too small, readlink doesn't fail,
+ 	 * it returns truncated result (IOW: n == bufsize - 1).
+ 	 */
+-	if (n >= 0)
+-		buf[n] = '\0';
++	buf[n] = '\0';
++	if (deleted)
++		*deleted = false;
++
++	/*
++	 * Try to figure out if the kernel has appended " (deleted)"
++	 * to the end of a potentially unlinked path and set deleted
++	 * if it is the case.
++	 */
++	static const char del_sfx[] = " (deleted)";
++	if ((size_t) n <= sizeof(del_sfx))
++		goto end;
++
++	char *del = buf + n + 1 - sizeof(del_sfx);
++
++	if (memcmp(del, del_sfx, sizeof(del_sfx)))
++		goto end;
++
++	strace_stat_t st_link;
++	strace_stat_t st_path;
++	int rc = stat_file(linkpath, &st_link);
++
++	if (rc)
++		goto end;
++
++	rc = lstat_file(buf, &st_path);
++
++	if (rc ||
++	    (st_link.st_ino != st_path.st_ino) ||
++	    (st_link.st_dev != st_path.st_dev)) {
++		*del = '\0';
++		n = del - buf + 1;
++		if (deleted)
++			*deleted = true;
++	}
++
++end:
+ 	return n;
+ }
+ 
+Index: strace-5.18/src/util.c
+===================================================================
+--- strace-5.18.orig/src/util.c	2022-07-13 12:52:47.989787575 +0200
++++ strace-5.18/src/util.c	2022-07-13 12:52:48.452782111 +0200
+@@ -735,12 +735,15 @@
+ }
+ 
+ static void
+-print_quoted_string_in_angle_brackets(const char *str)
++print_quoted_string_in_angle_brackets(const char *str, const bool deleted)
+ {
+ 	tprints("<");
+ 	print_quoted_string_ex(str, strlen(str),
+ 			       QUOTE_OMIT_LEADING_TRAILING_QUOTES, "<>");
+ 	tprints(">");
++
++	if (deleted)
++		tprints("(deleted)");
+ }
+ 
+ void
+@@ -749,8 +752,9 @@
+ 	PRINT_VAL_D(fd);
+ 
+ 	char path[PATH_MAX + 1];
++	bool deleted;
+ 	if (pid > 0 && !number_set_array_is_empty(decode_fd_set, 0)
+-	    && getfdpath_pid(pid, fd, path, sizeof(path)) >= 0) {
++	    && getfdpath_pid(pid, fd, path, sizeof(path), &deleted) >= 0) {
+ 		if (is_number_in_set(DECODE_FD_SOCKET, decode_fd_set) &&
+ 		    printsocket(tcp, fd, path))
+ 			goto printed;
+@@ -761,7 +765,7 @@
+ 		    printpidfd(pid, fd, path))
+ 			goto printed;
+ 		if (is_number_in_set(DECODE_FD_PATH, decode_fd_set))
+-			print_quoted_string_in_angle_brackets(path);
++			print_quoted_string_in_angle_brackets(path, deleted);
+ printed:	;
+ 	}
+ 
+Index: strace-5.18/tests/fchmod.c
+===================================================================
+--- strace-5.18.orig/tests/fchmod.c	2022-07-13 12:52:29.405006910 +0200
++++ strace-5.18/tests/fchmod.c	2022-07-13 12:52:48.452782111 +0200
+@@ -35,10 +35,17 @@
+ 	(void) unlink(sample);
+ 	int fd = open(sample, O_CREAT|O_RDONLY, 0400);
+ 	if (fd == -1)
+-		perror_msg_and_fail("open");
++		perror_msg_and_fail("open(\"%s\")", sample);
++
++	static const char sample_del[] = "fchmod_sample_file (deleted)";
++	(void) unlink(sample_del);
++	int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
++	if (fd_del == -1)
++		perror_msg_and_fail("open(\"%s\")", sample);
+ 
+ # ifdef YFLAG
+ 	char *sample_realpath = get_fd_path(fd);
++	char *sample_del_realpath = get_fd_path(fd_del);
+ # endif
+ 
+ 	const char *sample_secontext = SECONTEXT_FILE(sample);
+@@ -56,12 +63,27 @@
+ 	       sample_secontext,
+ 	       sprintrc(rc));
+ 
++	const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
++	rc = syscall(__NR_fchmod, fd_del, 0600);
++# ifdef YFLAG
++	printf("%s%s(%d<%s>%s, 0600) = %s\n",
++# else
++	printf("%s%s(%d%s, 0600) = %s\n",
++# endif
++	       my_secontext, "fchmod",
++	       fd_del,
++# ifdef YFLAG
++	       sample_del_realpath,
++# endif
++	       sample_del_secontext,
++	       sprintrc(rc));
++
+ 	if (unlink(sample))
+-		perror_msg_and_fail("unlink");
++		perror_msg_and_fail("unlink(\"%s\")", sample);
+ 
+ 	rc = syscall(__NR_fchmod, fd, 051);
+ # ifdef YFLAG
+-	printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
++	printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+ # else
+ 	printf("%s%s(%d%s, 051) = %s\n",
+ # endif
+@@ -73,9 +95,26 @@
+ 	       sample_secontext,
+ 	       sprintrc(rc));
+ 
++	if (unlink(sample_del))
++		perror_msg_and_fail("unlink(\"%s\")", sample_del);
++
++	rc = syscall(__NR_fchmod, fd_del, 051);
++# ifdef YFLAG
++	printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
++# else
++	printf("%s%s(%d%s, 051) = %s\n",
++# endif
++	       my_secontext, "fchmod",
++	       fd_del,
++# ifdef YFLAG
++	       sample_del_realpath,
++# endif
++	       sample_del_secontext,
++	       sprintrc(rc));
++
+ 	rc = syscall(__NR_fchmod, fd, 004);
+ # ifdef YFLAG
+-	printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
++	printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
+ # else
+ 	printf("%s%s(%d%s, 004) = %s\n",
+ # endif
+Index: strace-5.18/tests-m32/fchmod.c
+===================================================================
+--- strace-5.18.orig/tests-m32/fchmod.c	2022-07-13 12:52:29.405006910 +0200
++++ strace-5.18/tests-m32/fchmod.c	2022-07-13 12:52:48.452782111 +0200
+@@ -35,10 +35,17 @@
+ 	(void) unlink(sample);
+ 	int fd = open(sample, O_CREAT|O_RDONLY, 0400);
+ 	if (fd == -1)
+-		perror_msg_and_fail("open");
++		perror_msg_and_fail("open(\"%s\")", sample);
++
++	static const char sample_del[] = "fchmod_sample_file (deleted)";
++	(void) unlink(sample_del);
++	int fd_del = open(sample_del, O_CREAT|O_RDONLY, 0400);
++	if (fd_del == -1)
++		perror_msg_and_fail("open(\"%s\")", sample);
+ 
+ # ifdef YFLAG
+ 	char *sample_realpath = get_fd_path(fd);
++	char *sample_del_realpath = get_fd_path(fd_del);
+ # endif
+ 
+ 	const char *sample_secontext = SECONTEXT_FILE(sample);
+@@ -56,12 +63,27 @@
+ 	       sample_secontext,
+ 	       sprintrc(rc));
+ 
++	const char *sample_del_secontext = SECONTEXT_FILE(sample_del);
++	rc = syscall(__NR_fchmod, fd_del, 0600);
++# ifdef YFLAG
++	printf("%s%s(%d<%s>%s, 0600) = %s\n",
++# else
++	printf("%s%s(%d%s, 0600) = %s\n",
++# endif
++	       my_secontext, "fchmod",
++	       fd_del,
++# ifdef YFLAG
++	       sample_del_realpath,
++# endif
++	       sample_del_secontext,
++	       sprintrc(rc));
++
+ 	if (unlink(sample))
+-		perror_msg_and_fail("unlink");
++		perror_msg_and_fail("unlink(\"%s\")", sample);
+ 
+ 	rc = syscall(__NR_fchmod, fd, 051);
+ # ifdef YFLAG
+-	printf("%s%s(%d<%s (deleted)>%s, 051) = %s\n",
++	printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
+ # else
+ 	printf("%s%s(%d%s, 051) = %s\n",
+ # endif
+@@ -73,9 +95,26 @@
+ 	       sample_secontext,
+ 	       sprintrc(rc));
+ 
++	if (unlink(sample_del))
++		perror_msg_and_fail("unlink(\"%s\")", sample_del);
++
++	rc = syscall(__NR_fchmod, fd_del, 051);
++# ifdef YFLAG
++	printf("%s%s(%d<%s>(deleted)%s, 051) = %s\n",
++# else
++	printf("%s%s(%d%s, 051) = %s\n",
++# endif
++	       my_secontext, "fchmod",
++	       fd_del,
++# ifdef YFLAG
++	       sample_del_realpath,
++# endif
++	       sample_del_secontext,
++	       sprintrc(rc));
++
+ 	rc = syscall(__NR_fchmod, fd, 004);
+ # ifdef YFLAG
+-	printf("%s%s(%d<%s (deleted)>%s, 004) = %s\n",
++	printf("%s%s(%d<%s>(deleted)%s, 004) = %s\n",
+ # else
+ 	printf("%s%s(%d%s, 004) = %s\n",
+ # endif

0181-secontext-fix-expected-SELinux-context-check-for-unl.patch

@@ -0,0 +1,209 @@
+From 3f0e5340b651da98251a58cc7923525d69f96032 Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Fri, 1 Jul 2022 10:45:48 +0200
+Subject: [PATCH] secontext: fix expected SELinux context check for unlinked
+ FDs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+selinux_getfdcon open-coded a part of getfdpath_pid since it tries
+to do the same job, figure out a path associated with an FD, for slightly
+different purpose: to get the expected SELinux context for it.  As the previous
+commit shows, it's a bit more complicated in cases when the path ends
+with the " (deleted)" string, which is also used for designated unlinked paths
+in procfs.  Otherwise, it may manifest in test failures such as this:
+
+     [unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 0600) = 0
+    -[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 051) = 0
+    -[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0!!system_u:object_r:admin_home_t:s0], 004) = 0
+    +[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 051) = 0
+    +[unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023] fchmod(4</root/rpmbuild/BUILD/strace-5.13/tests/fchmod-y--secontext_full_mismatch.dir/fchmod_subdir/fchmod_sample_file (deleted)> [unconfined_u:object_r:admin_home_t:s0], 004) = 0
+     +++ exited with 0 +++
+    + fail_ '../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+    + warn_ 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+    + printf '%s\n' 'fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch'
+    fchmod-y--secontext_full_mismatch.gen.test: failed test: ../../src/strace -a15 -y --secontext=full,mismatch -e trace=fchmod ../fchmod-y--secontext_full_mismatch output mismatch
+    + exit 1
+    FAIL fchmod-y--secontext_full_mismatch.gen.test (exit status: 1)
+
+that happens due to the fact that the get_expected_filecontext() call
+is made against the path with the " (deleted)" part, which is wrong (it
+is more wrong than shown above when a file with the path that ends with
+" (deleted)" exists).  Moreover, it would be incorrect to call stat()
+on that path.
+
+Let's factor out the common part of the code and simply call it
+from selinux_getfdcon, then use the st_mode from the procfs link.
+
+* src/defs.h (get_proc_pid_fd_path): New declaration.
+* src/pathtrace.c (get)proc_pid_fd_path): New function, part
+of getfdpath_pid that performs link resolution and processing
+of the result.
+(getfdpath_pid): Call get_proc_pid_fd_path after PID resolution.
+* src/secontext.c (get_expected_filecontext): Add mode parameter, use
+it in selabel_lookup call instead of retrieveing file mode using stat()
+if it is not -1.
+(selinux_getfdcon): Call get_proc_pid_fd_path instead
+of open-coding path resolution code, call stat() on the procfs link
+and pass the retrieved st_mode to the get_expected_filecontext call.
+(selinux_getfilecon): Pass -1 as mode in the get_expected_filecontext
+call.
+
+Reported-by: Václav Kadlčík <vkadlcik@redhat.com>
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2087693
+---
+ src/defs.h      | 15 +++++++++++++++
+ src/pathtrace.c | 26 ++++++++++++++++++--------
+ src/secontext.c | 35 +++++++++++++++++++++--------------
+ 3 files changed, 54 insertions(+), 22 deletions(-)
+
+Index: strace-5.18/src/defs.h
+===================================================================
+--- strace-5.18.orig/src/defs.h	2022-07-12 18:22:01.563254140 +0200
++++ strace-5.18/src/defs.h	2022-07-12 18:22:06.202199392 +0200
+@@ -785,6 +785,21 @@
+ 	return pathtrace_match_set(tcp, &global_path_set);
+ }
+ 
++/**
++ * Resolves a path for a fd procfs PID proc_pid (the one got from
++ * get_proc_pid()).
++ *
++ * @param proc_pid PID number in /proc, obtained with get_proc_pid().
++ * @param fd       FD to resolve path for.
++ * @param buf      Buffer to store the resolved path in.
++ * @param bufsize  The size of buf.
++ * @param deleted  If non-NULL, set to true if the path associated with the FD
++ *                 seems to have been unlinked and to false otherwise.
++ * @return         Number of bytes written including terminating '\0'.
++ */
++extern int get_proc_pid_fd_path(int proc_pid, int fd, char *buf,
++				unsigned bufsize, bool *deleted);
++
+ extern int getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize,
+ 			 bool *deleted);
+ 
+Index: strace-5.18/src/pathtrace.c
+===================================================================
+--- strace-5.18.orig/src/pathtrace.c	2022-07-12 18:22:01.532254506 +0200
++++ strace-5.18/src/pathtrace.c	2022-07-12 18:22:06.202199392 +0200
+@@ -77,11 +77,9 @@
+ 	set->paths_selected[set->num_selected++] = path;
+ }
+ 
+-/*
+- * Get path associated with fd of a process with pid.
+- */
+ int
+-getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
++get_proc_pid_fd_path(int proc_pid, int fd, char *buf, unsigned bufsize,
++		     bool *deleted)
+ {
+ 	char linkpath[sizeof("/proc/%u/fd/%u") + 2 * sizeof(int)*3];
+ 	ssize_t n;
+@@ -89,10 +87,6 @@
+ 	if (fd < 0)
+ 		return -1;
+ 
+-	int proc_pid = get_proc_pid(pid);
+-	if (!proc_pid)
+-		return -1;
+-
+ 	xsprintf(linkpath, "/proc/%u/fd/%u", proc_pid, fd);
+ 	n = readlink(linkpath, buf, bufsize - 1);
+ 	if (n < 0)
+@@ -143,6 +137,22 @@
+ }
+ 
+ /*
++ * Get path associated with fd of a process with pid.
++ */
++int
++getfdpath_pid(pid_t pid, int fd, char *buf, unsigned bufsize, bool *deleted)
++{
++	if (fd < 0)
++		return -1;
++
++	int proc_pid = get_proc_pid(pid);
++	if (!proc_pid)
++		return -1;
++
++	return get_proc_pid_fd_path(proc_pid, fd, buf, bufsize, deleted);
++}
++
++/*
+  * Add a path to the set we're tracing.  Also add the canonicalized
+  * version of the path.  Specifying NULL will delete all paths.
+  */
+Index: strace-5.18/src/secontext.c
+===================================================================
+--- strace-5.18.orig/src/secontext.c	2022-07-12 18:22:01.564254128 +0200
++++ strace-5.18/src/secontext.c	2022-07-12 18:22:06.203199380 +0200
+@@ -62,7 +62,7 @@
+ }
+ 
+ static int
+-get_expected_filecontext(const char *path, char **secontext)
++get_expected_filecontext(const char *path, char **secontext, int mode)
+ {
+ 	static struct selabel_handle *hdl;
+ 
+@@ -80,12 +80,7 @@
+ 		}
+ 	}
+ 
+-	strace_stat_t stb;
+-	if (stat_file(path, &stb) < 0) {
+-		return -1;
+-	}
+-
+-	return selabel_lookup(hdl, secontext, path, stb.st_mode);
++	return selabel_lookup(hdl, secontext, path, mode);
+ }
+ 
+ /*
+@@ -130,16 +125,22 @@
+ 
+ 	/*
+ 	 * We need to resolve the path, because selabel_lookup() doesn't
+-	 * resolve anything.  Using readlink() is sufficient here.
++	 * resolve anything.
+ 	 */
++	char buf[PATH_MAX + 1];
++	ssize_t n = get_proc_pid_fd_path(proc_pid, fd, buf, sizeof(buf), NULL);
++	if ((size_t) n >= (sizeof(buf) - 1))
++		return 0;
+ 
+-	char buf[PATH_MAX];
+-	ssize_t n = readlink(linkpath, buf, sizeof(buf));
+-	if ((size_t) n >= sizeof(buf))
++	/*
++	 * We retrieve stat() here since the path the procfs link resolves into
++	 * may be reused by a different file with different context.
++	 */
++	strace_stat_t st;
++	if (stat_file(linkpath, &st))
+ 		return 0;
+-	buf[n] = '\0';
+ 
+-	get_expected_filecontext(buf, expected);
++	get_expected_filecontext(buf, expected, st.st_mode);
+ 
+ 	return 0;
+ }
+@@ -190,7 +191,13 @@
+ 	if (!resolved)
+ 		return 0;
+ 
+-	get_expected_filecontext(resolved, expected);
++	strace_stat_t st;
++	if (stat_file(resolved, &st) < 0)
++		goto out;
++
++	get_expected_filecontext(resolved, expected, st.st_mode);
++
++out:
+ 	free(resolved);
+ 
+ 	return 0;

0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch

@@ -0,0 +1,70 @@
+From 5338636cd9ae7f53ed73f1a7909db03189ea2ff3 Mon Sep 17 00:00:00 2001
+From: Eugene Syromyatnikov <evgsyr@gmail.com>
+Date: Mon, 4 Jul 2022 12:29:22 +0200
+Subject: [PATCH] tests/bpf: fix sloppy low FD number usage
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+FD 42 can already be opened, so close it.  Otherwise, it may lead
+to the following test failure:
+
+    -bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
+    +bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}], iter_info_len=5}}, 28) = 841540765612359407 (INJECTED)
+     bpf(BPF_LINK_CREATE, 0x3ff95574fe5, 28) = 841540765612359407 (INJECTED)
+    -bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
+    +bpf(BPF_LINK_CREATE, {link_create={prog_fd=0</dev/full>, target_fd=0</dev/full>, attach_type=BPF_TRACE_ITER, flags=0, iter_info=[{map={map_fd=0</dev/full>}}, {map={map_fd=42</var/tmp/restraintd/logs/146893626/task.log>}}, {map={map_fd=314159265}}, {map={map_fd=-1159983635}}, {map={map_fd=-1}}, ... /* 0x3ff9555d000 */], iter_info_len=6}}, 28) = 841540765612359407 (INJECTED)
+    [...]
+    FAIL bpf-success-long-y.test (exit status: 1)
+
+* tests/bpf.c (init_BPF_LINK_CREATE_attr7): Close iter_info_data[1] fd.
+
+Fixes: v5.18~18 "bpf: improve bpf(BPF_LINK_CREATE) decoding"
+Reported-by: Lenka Špačková <lkuprova@redhat.com>
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103137
+---
+ tests/bpf.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tests/bpf.c b/tests/bpf.c
+index 82d870e..6c1ffd4 100644
+--- a/tests/bpf.c
++++ b/tests/bpf.c
+@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
+ {
+ 	struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ 
++	close(iter_info_data[1]);
++
+ 	if (!iter_info_data_p) {
+ 		iter_info_data_p = tail_memdup(iter_info_data,
+ 					       sizeof(iter_info_data));
+diff --git a/tests-m32/bpf.c b/tests-m32/bpf.c
+index 82d870e..6c1ffd4 100644
+--- a/tests-m32/bpf.c
++++ b/tests-m32/bpf.c
+@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
+ {
+ 	struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ 
++	close(iter_info_data[1]);
++
+ 	if (!iter_info_data_p) {
+ 		iter_info_data_p = tail_memdup(iter_info_data,
+ 					       sizeof(iter_info_data));
+diff --git a/tests-mx32/bpf.c b/tests-mx32/bpf.c
+index 82d870e..6c1ffd4 100644
+--- a/tests-mx32/bpf.c
++++ b/tests-mx32/bpf.c
+@@ -1557,6 +1557,8 @@ init_BPF_LINK_CREATE_attr7(struct bpf_attr_check *check, size_t idx)
+ {
+ 	struct BPF_LINK_CREATE_struct *attr = &check->data.BPF_LINK_CREATE_data;
+ 
++	close(iter_info_data[1]);
++
+ 	if (!iter_info_data_p) {
+ 		iter_info_data_p = tail_memdup(iter_info_data,
+ 					       sizeof(iter_info_data));
+-- 
+2.1.4
+

sources

@@ -1 +1 @@
-SHA512 (strace-5.10.tar.xz) = 1baa41b6d52f2e40e42a22850beee1ae278fafe712796694631898f06a7540d8f2c3fa70807e0062734f0976ebbd0824457c733ccda248f017c218387366ed48
+SHA512 (strace-5.18.tar.xz) = 99418b84a5e2049cb6fe32eed19ddcb61bbefb25220550c67d92cd7bc3d44ae5d87ac228b3e1c207166b9bfdae55c624a0f4e603004599fb7ea3143bbccc749e

strace.spec

@@ -1,9 +1,9 @@
 Summary: Tracks and displays system calls associated with a running process
 Name: strace
-Version: 5.10
+Version: 5.18
 Release: 2%{?dist}
 # The test suite is GPLv2+, all the rest is LGPLv2.1+.
-License: LGPL-2.1+ and GPL-2.0+
+License: LGPL-2.1-or-later and GPL-2.0-or-later
 # Some distros require Group tag to be present,
 # some require Group tag to be absent,
 # some do not care about Group tag at all,
@@ -18,7 +18,7 @@ BuildRequires: xz
 %else
 Source: strace-%{version}.tar.gz
 %endif
-BuildRequires: gcc gzip
+BuildRequires: gcc gzip make
 
 # Install Bluetooth headers for AF_BLUETOOTH sockets decoding.
 %if 0%{?fedora} >= 18 || 0%{?centos} >= 6 || 0%{?rhel} >= 8 || 0%{?suse_version} >= 1200
@@ -29,16 +29,67 @@ BuildRequires: pkgconfig(bluez)
 # Install binutils-devel to enable symbol demangling.
 %if 0%{?fedora} >= 20 || 0%{?centos} >= 6 || 0%{?rhel} >= 6
 %define buildrequires_stacktrace BuildRequires: elfutils-devel binutils-devel
+%define buildrequires_selinux BuildRequires: libselinux-devel
 %endif
 %if 0%{?suse_version} >= 1100
 %define buildrequires_stacktrace BuildRequires: libdw-devel binutils-devel
+%define buildrequires_selinux BuildRequires: libselinux-devel
 %endif
 %{?buildrequires_stacktrace}
+%{?buildrequires_selinux}
 
 # OBS compatibility
 %{?!buildroot:BuildRoot: %_tmppath/buildroot-%name-%version-%release}
 %define maybe_use_defattr %{?suse_version:%%defattr(-,root,root)}
 
+## v5.13-10-g0211fdc "tests: change sockopt-timestamp test to use syscall(__NR_recvmsg)"
+#Patch141: 0141-tests-change-sockopt-timestamp-test-to-use-syscall-_.patch
+## v5.13-55-g6b2191f "filter_qualify: free allocated data on the error path exit of parse_poke_token"
+#Patch150: 0150-filter_qualify-free-allocated-data-on-the-error-path.patch
+## v5.13-56-g80dc60c "macros: expand BIT macros, add MASK macros; add *_SAFE macros"
+#Patch151: 0151-macros-expand-BIT-macros-add-MASK-macros-add-_SAFE-m.patch
+## v5.13-58-g94ae5c2 "trie: use BIT* and MASK* macros"
+#Patch152: 0152-trie-use-BIT-and-MASK-macros.patch
+## v5.13-65-g41b753e "tee: rewrite num_params access in tee_fetch_buf_data"
+#Patch153: 0153-tee-rewrite-num_params-access-in-tee_fetch_buf_data.patch
+## v5.14~12 "tests: call setsockopt directly in sockopt-timestamp"
+#Patch154: 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch
+
+## v5.15~1 "print_ifindex: fix IFNAME_QUOTED_SZ definition"
+#Patch167: 0167-print_ifindex-fix-IFNAME_QUOTED_SZ-definition.patch
+
+## v5.15~18 "m4: fix st_SELINUX check"
+#Patch168: 0168-m4-fix-st_SELINUX-check.patch
+## v5.16~31 "Implement displaying of expected context upon mismatch"
+#Patch169: 0169-Implement-displaying-of-expected-context-upon-mismat.patch
+#Patch170: 0170-tests-linkat-reset-errno-before-SELinux-context-mani.patch
+#Patch171: 0171-tests-secontext-add-secontext-field-getters.patch
+#Patch172: 0172-tests-linkat-provide-fallback-values-for-secontext-f.patch
+#Patch173: 0173-tests-secontext-eliminate-separate-secontext_format-.patch
+#Patch174: 0174-tests-linkat-reset-context-to-the-expected-one-if-a-.patch
+
+## https://bugzilla.redhat.com/2103068 covscan fixes
+# v5.18-5-g2bf0696 "src/xlat: remove remnants of unnecessary idx usage in xlookup"
+Patch175: 0175-src-xlat-remove-remnants-of-unnecessary-idx-usage-in.patch
+# v5.18-7-ge604d7b "strauss: tips whitespace and phrasing cleanups"
+Patch176: 0176-strauss-tips-whitespace-and-phrasing-cleanups.patch
+# v5.18-8-g968789d "strauss: fix off-by-one error in strauss array access"
+Patch177: 0177-strauss-fix-off-by-one-error-in-strauss-array-access.patch
+# v5.18-9-g6d3e97e "util: add offs sanity check to print_clock_t"
+Patch178: 0178-util-add-offs-sanity-check-to-print_clock_t.patch
+
+## https://bugzilla.redhat.com/2087693
+# v5.18-13-g960e78f "secontext: print context of Unix socket's sun_path field"
+Patch179: 0179-secontext-print-context-of-Unix-socket-s-sun_path-fi.patch
+# v5.18-18-g676979f "pathtrace, util: do not print " (deleted)" as part of the path"
+Patch180: 0180-pathtrace-util-do-not-print-deleted-as-part-of-the-p.patch
+# v5.18-19-g3f0e534 "secontext: fix expected SELinux context check for unlinked FDs"
+Patch181: 0181-secontext-fix-expected-SELinux-context-check-for-unl.patch
+
+## https://bugzilla.redhat.com/2103137
+# v5.18-21-g5338636 "tests/bpf: fix sloppy low FD number usage"
+Patch182: 0182-tests-bpf-fix-sloppy-low-FD-number-usage.patch
+
 # Fallback definitions for make_build/make_install macros
 %{?!__make:       %global __make %_bindir/make}
 %{?!__install:    %global __install %_bindir/install}
@@ -57,9 +108,39 @@ received by a process.
 
 %prep
 %setup -q
+
+#%patch141 -p1
+#%patch150 -p1
+#%patch151 -p1
+#%patch152 -p1
+#%patch153 -p1
+#%patch154 -p1
+
+#%patch167 -p1
+
+#%patch168 -p1
+#%patch169 -p1
+#%patch170 -p1
+#%patch171 -p1
+#%patch172 -p1
+#%patch173 -p1
+#%patch174 -p1
+
+%patch175 -p1
+%patch176 -p1
+%patch177 -p1
+%patch178 -p1
+%patch179 -p1
+%patch180 -p1
+%patch181 -p1
+%patch182 -p1
+
+chmod a+x tests/*.test
+
 echo -n %version-%release > .tarball-version
-echo -n 2020 > .year
-echo -n 2020-11-29 > .strace.1.in.date
+echo -n 2022 > .year
+echo -n 2022-06-22 > doc/.strace.1.in.date
+echo -n 2022-06-22 > doc/.strace-log-merge.1.in.date
 
 %build
 echo 'BEGIN OF BUILD ENVIRONMENT INFORMATION'
@@ -73,6 +154,16 @@ kver="$(printf '%%s\n%%s\n' '#include <linux/version.h>' 'LINUX_VERSION_CODE' |
 printf 'kernel-headers %%s.%%s.%%s\n' $(($kver/65536)) $(($kver/256%%256)) $(($kver%%256))
 echo 'END OF BUILD ENVIRONMENT INFORMATION'
 
+CFLAGS="$RPM_OPT_FLAGS $LDFLAGS"
+# Removing explicit -m64 as it breaks mpers
+[ "x${CFLAGS#*-m64}" = "x${CFLAGS}" ] || CFLAGS=$(echo "$CFLAGS" | sed 's/-m64//g')
+export CFLAGS
+
+CPPFLAGS="-isystem %{_includedir} %{optflags}"
+# Removing explicit -m64 as it breaks mpers
+[ "x${CPPFLAGS#*-m64}" = "x${CPPFLAGS}" ] || CPPFLAGS=$(echo "$CPPFLAGS" | sed 's/-m64//g')
+export CPPFLAGS
+
 CFLAGS_FOR_BUILD="$RPM_OPT_FLAGS"; export CFLAGS_FOR_BUILD
 %configure --enable-mpers=check
 %make_build
@@ -80,9 +171,6 @@ CFLAGS_FOR_BUILD="$RPM_OPT_FLAGS"; export CFLAGS_FOR_BUILD
 %install
 %make_install
 
-# remove unpackaged files from the buildroot
-rm -f %{buildroot}%{_bindir}/strace-graph
-
 # some say uncompressed changelog files are too big
 for f in ChangeLog ChangeLog-CVS; do
 	gzip -9n < "$f" > "$f".gz &
@@ -106,6 +194,41 @@ echo 'END OF TEST SUITE INFORMATION'
 %{_mandir}/man1/*
 
 %changelog
+* Mon Jul 11 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-2
+- Fix the issues reported by covscan (#2103068).
+- Fix SELinux context matching for the deleted paths (#2087693).
+- Fix sloppy FD usage in the bpf test (#2103137).
+- Cater for RHEL 9 license requirement idiosyncrasies (#2103032).
+
+* Wed Jun 22 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.18-1
+- Rebase to v5.18; drop upstream patches on top of 5.13 (#2084002).
+
+* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-7
+- Update tests-m32 and tests-mx32 with --secontext=mismatch option support
+  changes (#2046264).
+
+* Wed Jan 19 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-6
+- Add --secontext=mismatch option support (#2038965).
+
+* Wed Jan 05 2022 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-5
+- Fix incorrect ifname printing buffer size (#2028166).
+
+* Mon Aug 23 2021 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-3
+- Address some issues reported by covscan (#1996691).
+- Replace 0141-tests-disable-sockopt-timestamp-on-new-glibc-with-__.patch
+  with upstream v5.13-10-g0211fdc "tests: change sockopt-timestamp test
+  to use syscall(__NR_recvmsg)"
+  and 0154-tests-call-setsockopt-directly-in-sockopt-timestamp.patch.
+- Undo forceful injection of -m64 into CFLAGS/CPPFLAGS to avoid breaking
+  mpers and its tests (#1996676).
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.13-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Tue Jul 20 2021 Eugene Syromiatnikov <esyr@redhat.com> - 5.13-1
+- Rebase to v5.13 (#1925722, #1925967, #1928305, #1973048).
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.10-2
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937