diff -Nru selint-1.4.0/debian/changelog selint-1.4.0/debian/changelog
--- selint-1.4.0/debian/changelog	2023-02-08 16:08:27.000000000 +0000
+++ selint-1.4.0/debian/changelog	2023-03-27 21:16:46.000000000 +0000
@@ -1,3 +1,12 @@
+selint (1.4.0-3) unstable; urgency=medium
+
+  * d/patches: cherry-pick upstream fixes
+    + Clean up message for W-11 so that it's clearer (cf48b46e)
+    + Allow forward slash in quoted string token (5aa17d1f)
+    + Support genfscon partial paths to be a quoted string (20ef6ffb)
+
+ -- Christian Göttsche <cgzones@googlemail.com>  Mon, 27 Mar 2023 23:16:46 +0200
+
 selint (1.4.0-2) unstable; urgency=medium
 
   * d/patches: add: skip valgrind tests if valgrind is not available
diff -Nru selint-1.4.0/debian/patches/0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch selint-1.4.0/debian/patches/0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch
--- selint-1.4.0/debian/patches/0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch	1970-01-01 00:00:00.000000000 +0000
+++ selint-1.4.0/debian/patches/0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch	2023-03-27 21:16:46.000000000 +0000
@@ -0,0 +1,34 @@
+From: Daniel Burgener <dburgener@linux.microsoft.com>
+Date: Thu, 16 Mar 2023 15:41:34 -0400
+Subject: Clean up message for W-11 so that it's clearer.
+Applied-Upstream: https://github.com/SELinuxProject/selint/commit/cf48b46eba1825b97a76d09c01de2986c9c08bd6
+
+The type is "required" at the point of the message, not "declared", and
+"own module" sounds like "the module declaring the type", but we mean
+the module where the interface is.
+---
+ src/if_checks.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/if_checks.c b/src/if_checks.c
+index 414ec65..d49ce16 100644
+--- a/src/if_checks.c
++++ b/src/if_checks.c
+@@ -504,7 +504,7 @@ struct check_result *check_required_declaration_own(const struct
+ 	if (!modname_orig_decl) {
+ 		return make_check_result('W',
+ 			                 W_ID_IF_DECL_NOT_OWN,
+-			                 "Definition of declared %s %s not found in any module",
++			                 "Definition of required %s %s not found in any module",
+ 			                 decl_flavor_to_string(flavor),
+ 			                 name);
+ 	}
+@@ -520,7 +520,7 @@ struct check_result *check_required_declaration_own(const struct
+ 
+ 	return make_check_result('W',
+ 			         W_ID_IF_DECL_NOT_OWN,
+-			         "Definition of declared %s %s not found in own module, but in module %s",
++			         "Definition of required %s %s not found in this interface's module, but in module %s",
+ 			         decl_flavor_to_string(flavor),
+ 			         name,
+ 			         modname_orig_decl);
diff -Nru selint-1.4.0/debian/patches/0003-Allow-forward-slash-in-quoted-string-token.patch selint-1.4.0/debian/patches/0003-Allow-forward-slash-in-quoted-string-token.patch
--- selint-1.4.0/debian/patches/0003-Allow-forward-slash-in-quoted-string-token.patch	1970-01-01 00:00:00.000000000 +0000
+++ selint-1.4.0/debian/patches/0003-Allow-forward-slash-in-quoted-string-token.patch	2023-03-27 21:16:46.000000000 +0000
@@ -0,0 +1,23 @@
+From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Mon, 20 Mar 2023 14:28:30 +0100
+Subject: Allow forward slash in quoted string token
+Applied-Upstream: https://github.com/SELinuxProject/selint/commit/5aa17d1f645264285bc4e1a27651ff5b83429dc6
+
+Needed for genfscon partial paths.
+---
+ src/lex.l | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lex.l b/src/lex.l
+index aaa1519..6d18611 100644
+--- a/src/lex.l
++++ b/src/lex.l
+@@ -157,7 +157,7 @@ userdebug_or_eng { return USERDEBUG_OR_ENG; }
+ [0-9a-zA-Z\$\/][a-zA-Z0-9_\$\*\/\-]* { yylval->string = xstrdup(yytext); return NUM_STRING; }
+ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} { yylval->string = xstrdup(yytext); return IPV4; }
+ ([0-9A-Fa-f]{1,4})?\:([0-9A-Fa-f\:])*\:([0-9A-Fa-f]{1,4})?(\:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})? { yylval->string = xstrdup(yytext); return IPV6; }
+-\"[a-zA-Z0-9_\.\-\:~\$\[\]]*\" { yylval->string = xstrdup(yytext); return QUOTED_STRING; }
++\"[a-zA-Z0-9_\.\-\:~\$\[\]\/]*\" { yylval->string = xstrdup(yytext); return QUOTED_STRING; }
+ \-[\-ldbcsp][ \t] { return FILE_TYPE_SPECIFIER; }
+ \( { return OPEN_PAREN; }
+ \) { return CLOSE_PAREN; }
diff -Nru selint-1.4.0/debian/patches/0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch selint-1.4.0/debian/patches/0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch
--- selint-1.4.0/debian/patches/0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch	1970-01-01 00:00:00.000000000 +0000
+++ selint-1.4.0/debian/patches/0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch	2023-03-27 21:16:46.000000000 +0000
@@ -0,0 +1,71 @@
+From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Mon, 20 Mar 2023 14:29:09 +0100
+Subject: Support genfscon partial paths to be a quoted string
+Applied-Upstream: https://github.com/SELinuxProject/selint/commit/20ef6ffbefb85e371f3ec9c173086f2491f0b991
+
+Required if the path contains a dot.
+---
+ src/parse.y                           | 15 ++++++++++-----
+ tests/sample_policy_files/uncommon.te |  1 +
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/src/parse.y b/src/parse.y
+index 6f15d13..0fb9c30 100644
+--- a/src/parse.y
++++ b/src/parse.y
+@@ -178,6 +178,7 @@
+ %type<sl> xperm_items
+ %type<sl> spt_contents
+ %type<sl> spt_content
++%type<string> string_or_quoted_string
+ %type<string> sl_item
+ %type<string> xperm_item
+ %type<sl> arg_list
+@@ -484,16 +485,20 @@ strings:
+ 	sl_item { $$ = sl_from_str_consume($1); }
+ 	;
+ 
+-sl_item:
++string_or_quoted_string:
+ 	STRING
+ 	|
++	QUOTED_STRING
++	;
++
++sl_item:
++	string_or_quoted_string
++	|
+ 	DASH STRING { $$ = xmalloc(sizeof(char) * (strlen($2) + 2));
+ 			$$[0] = '-';
+ 			$$[1] = '\0';
+ 			strcat($$, $2);
+ 			free($2);}
+-	|
+-	QUOTED_STRING
+ 	;
+ 
+ comma_string_list:
+@@ -869,9 +874,9 @@ tunable_block:
+ 	;
+ 
+ genfscon:
+-	GENFSCON STRING STRING genfscon_context { free($2); free($3); }
++	GENFSCON STRING string_or_quoted_string genfscon_context { free($2); free($3); }
+ 	|
+-	GENFSCON NUM_STRING STRING genfscon_context { free($2); free($3); }
++	GENFSCON NUM_STRING string_or_quoted_string genfscon_context { free($2); free($3); }
+ 	;
+ 
+ genfscon_context:
+diff --git a/tests/sample_policy_files/uncommon.te b/tests/sample_policy_files/uncommon.te
+index b437cd4..0131ffc 100644
+--- a/tests/sample_policy_files/uncommon.te
++++ b/tests/sample_policy_files/uncommon.te
+@@ -20,6 +20,7 @@ portcon udp 7007 gen_context(system_u:object_r:afs_bos_port_t,s0,s1:c0.c225)
+ portcon udp 7007-7008 gen_context(system_u:object_r:afs_bos_port_t,s0)
+ fs_use_trans devtmpfs gen_context(system_u:object_r:device_t,s0);
+ genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
++genfscon cgroup "/system.slice" -d gen_context(system_u:object_r:cgroup_system_slice_t,s0)
+ fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0);
+ fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0);
+ 
diff -Nru selint-1.4.0/debian/patches/series selint-1.4.0/debian/patches/series
--- selint-1.4.0/debian/patches/series	2023-02-08 16:08:27.000000000 +0000
+++ selint-1.4.0/debian/patches/series	2023-03-27 21:16:46.000000000 +0000
@@ -1 +1,4 @@
 0001-tests-skip-valgrind-tests-if-valgrind-is-not-availab.patch
+0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch
+0003-Allow-forward-slash-in-quoted-string-token.patch
+0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch