1
0
forked from jengelh/libseccomp

Accepting request 179373 from security

- Update to new upstream release 2.1.0

OBS-URL: https://build.opensuse.org/request/show/179373
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libseccomp?expand=0&rev=6
This commit is contained in:
Stephan Kulow 2013-06-18 08:32:04 +00:00 committed by Git OBS Bridge
commit 56bf300644
6 changed files with 276 additions and 155 deletions

View File

@ -1,36 +0,0 @@
From 788415e60f153bdf438c70ada9d294da95ef16e0 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sat, 8 Sep 2012 05:55:42 +0200
Subject: [PATCH] build: use ac variables in pkgconfig file
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
---
libseccomp.pc.in | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/libseccomp.pc.in b/libseccomp.pc.in
index c195831..a863351 100644
--- a/libseccomp.pc.in
+++ b/libseccomp.pc.in
@@ -19,13 +19,14 @@
# along with this library; if not, see <http://www.gnu.org/licenses>.
#
-prefix=%%INSTALL_PREFIX%%
-libdir=%%INSTALL_LIBDIR%%
-includedir=${prefix}/include
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
Name: libseccomp
Description: The enhanced seccomp library
URL: http://libseccomp.sf.net
-Version: %%VERSION_RELEASE%%
+Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lseccomp
--
1.7.7

View File

@ -1,97 +1,89 @@
From 239b65fde203011208ad63f9f63ef85ddec49ca9 Mon Sep 17 00:00:00 2001
From c22e0366049884637b6f92e0f39c0d6579c7ca1f Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 14 Nov 2012 21:30:16 +0100
Subject: [PATCH] build: use autotools as build system
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
---
Makefile.am | 27
autogen.sh | 5
configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++-
Makefile.am | 27
autogen.sh | 5
configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++-
Makefile.am | 27
autogen.sh | 5
configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++-
Makefile | 1078 +++
Makefile.am | 23
autogen.sh | 5
configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++-
Makefile.am | 23 +++++++++++++++++++++++
.gitignore | 25 +++++++++++++++++--------
Makefile.am | 31 +++++++++++++++++++++++++++++++
autogen.sh | 5 +++++
configure.ac | 28 ++++++++++++++++++++++++++++
configure.ac | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
include/seccomp.h.in | 6 +++---
libseccomp.pc.in | 9 +++++----
m4/.gitignore | 2 ++
src/Makefile.am | 9 +++++++++
src/Makefile.am | 16 ++++++++++++++++
src/python/.gitignore | 5 +++--
src/python/Makefile.am | 24 ++++++++++++++++++++++++
src/python/setup.py | 2 +-
src/system.h | 4 ++--
tests/Makefile.am | 29 +++++++++++++++++++++++++++++
tools/Makefile.am | 6 ++++++
8 files changed, 104 insertions(+), 2 deletions(-)
delete mode 100644 Makefile
tests/Makefile.am | 44 ++++++++++++++++++++++++++++++++++++++++++++
tools/Makefile.am | 9 +++++++++
14 files changed, 211 insertions(+), 20 deletions(-)
create mode 100644 Makefile.am
create mode 100755 autogen.sh
delete mode 100755 configure
create mode 100644 configure.ac
delete mode 100644 doc/Makefile
delete mode 100644 include/Makefile
delete mode 100644 install.mk
create mode 100644 m4/.gitignore
delete mode 100644 macros.mk
delete mode 100644 src/.gitignore
delete mode 100644 src/Makefile
create mode 100644 src/Makefile.am
delete mode 100644 src/python/Makefile
create mode 100644 src/python/Makefile.am
delete mode 100644 tests/Makefile
create mode 100644 tests/Makefile.am
delete mode 100644 tools/Makefile
create mode 100644 tools/Makefile.am
delete mode 100644 version_info
Index: libseccomp-1.0.1/Makefile.am
===================================================================
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..bf0a4ea
--- /dev/null
+++ libseccomp-1.0.1/Makefile.am
@@ -0,0 +1,23 @@
+++ b/Makefile.am
@@ -0,0 +1,31 @@
+# -*- Makefile -*-
+
+SUBDIRS = src tools tests
+
+ACLOCAL_AMFLAGS = -I m4
+SUBDIRS = src tools tests
+
+pkgconfdir = ${libdir}/pkgconfig
+pkgconf_DATA = libseccomp.pc
+
+include_HEADERS = include/seccomp.h
+nodist_include_HEADERS = include/seccomp.h
+
+man_MANS = \
+dist_man_MANS = \
+ doc/man/man1/scmp_sys_resolver.1 \
+ doc/man/man3/seccomp_arch_add.3 \
+ doc/man/man3/seccomp_arch_exist.3 \
+ doc/man/man3/seccomp_arch_native.3 \
+ doc/man/man3/seccomp_arch_remove.3 \
+ doc/man/man3/seccomp_attr_get.3 \
+ doc/man/man3/seccomp_attr_set.3 \
+ doc/man/man3/seccomp_export_bpf.3 \
+ doc/man/man3/seccomp_export_pfc.3 \
+ doc/man/man3/seccomp_init.3 \
+ doc/man/man3/seccomp_load.3 \
+ doc/man/man3/seccomp_merge.3 \
+ doc/man/man3/seccomp_release.3 \
+ doc/man/man3/seccomp_reset.3 \
+ doc/man/man3/seccomp_rule_add.3 \
+ doc/man/man3/seccomp_rule_add_exact.3 \
+ doc/man/man3/seccomp_syscall_priority.3
Index: libseccomp-1.0.1/autogen.sh
===================================================================
+ doc/man/man3/seccomp_syscall_priority.3 \
+ doc/man/man3/seccomp_syscall_resolve_name.3 \
+ doc/man/man3/seccomp_syscall_resolve_name_arch.3 \
+ doc/man/man3/seccomp_syscall_resolve_num_arch.3
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000..37e4b23
--- /dev/null
+++ libseccomp-1.0.1/autogen.sh
+++ b/autogen.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+autoreconf -fi;
+rm -Rf autom4te.cache;
+# do not call configure - this is unexpected
Index: libseccomp-1.0.1/configure.ac
===================================================================
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..fa7bd5b
--- /dev/null
+++ libseccomp-1.0.1/configure.ac
@@ -0,0 +1,28 @@
+AC_INIT([libseccomp], [1.0.0])
+++ b/configure.ac
@@ -0,0 +1,49 @@
+AC_INIT([libseccomp], [2.1.0])
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_HEADERS([configure.h])
+AC_CONFIG_MACRO_DIR([m4])
@ -112,38 +104,150 @@ Index: libseccomp-1.0.1/configure.ac
+AC_SUBST([AM_CFLAGS])
+AC_SUBST([AM_LDFLAGS])
+
+AC_ARG_ENABLE([python],
+ [AS_HELP_STRING([build the python bindings, requires cython])])
+AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes])
+VERSION_MAJOR="${VERSION%%.*}"
+VERSION_MINOR="${VERSION#*.}"
+VERSION_MICRO="${VERSION_MINOR#*.}"
+VERSION_MINOR="${VERSION_MINOR%%.*}"
+VERSION_MICRO="${VERSION_MICRO%%.*}"
+AC_SUBST([VERSION_MAJOR])
+AC_SUBST([VERSION_MINOR])
+AC_SUBST([VERSION_MICRO])
+
+AC_CONFIG_FILES([Makefile src/Makefile tools/Makefile
+ tests/Makefile libseccomp.pc])
+dnl AC_ARG_ENABLE([python],
+dnl [AS_HELP_STRING([--enable-python], [build the python bindings, requires cython])])
+enable_python=no
+AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes])
+cython_ver=$(which cython >/dev/null 2>/dev/null && cython -V 2>&1 | cut -d' ' -f3)
+cython_maj=$(echo "$cython_ver" | cut -d'.' -f1)
+cython_min=$(echo "$cython_ver" | cut -d'.' -f2)
+AS_IF([test "$enable_python" = yes], [
+ recent=""
+ AS_IF([test -n "$cython_maj" -a -n "$cython_min" &&
+ ! test "$cython_maj" -eq 0 -a "$cython_min" -lt 16], [recent=yes])
+ AS_IF([test -z "$recent"], [
+ AC_MSG_ERROR([python bindings require cython 0.16 or higher])
+ ])
+])
+
+AC_CONFIG_FILES([Makefile src/Makefile src/python/Makefile tools/Makefile
+ tests/Makefile include/seccomp.h libseccomp.pc])
+AC_OUTPUT
Index: libseccomp-1.0.1/m4/.gitignore
===================================================================
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 7897cbf..e14c1f5 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -35,9 +35,9 @@ extern "C" {
* version information
*/
-#define SCMP_VER_MAJOR %%VERSION_MAJOR%%
-#define SCMP_VER_MINOR %%VERSION_MINOR%%
-#define SCMP_VER_MICRO %%VERSION_MICRO%%
+#define SCMP_VER_MAJOR @VERSION_MAJOR@
+#define SCMP_VER_MINOR @VERSION_MINOR@
+#define SCMP_VER_MICRO @VERSION_MICRO@
/*
* types
diff --git a/libseccomp.pc.in b/libseccomp.pc.in
index c195831..a863351 100644
--- a/libseccomp.pc.in
+++ b/libseccomp.pc.in
@@ -19,13 +19,14 @@
# along with this library; if not, see <http://www.gnu.org/licenses>.
#
-prefix=%%INSTALL_PREFIX%%
-libdir=%%INSTALL_LIBDIR%%
-includedir=${prefix}/include
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
Name: libseccomp
Description: The enhanced seccomp library
URL: http://libseccomp.sf.net
-Version: %%VERSION_RELEASE%%
+Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lseccomp
diff --git a/m4/.gitignore b/m4/.gitignore
new file mode 100644
index 0000000..64d9bbc
--- /dev/null
+++ libseccomp-1.0.1/m4/.gitignore
+++ b/m4/.gitignore
@@ -0,0 +1,2 @@
+/libtool.m4
+/lt*.m4
Index: libseccomp-1.0.1/src/Makefile.am
===================================================================
diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644
index 0000000..91b1519
--- /dev/null
+++ libseccomp-1.0.1/src/Makefile.am
@@ -0,0 +1,9 @@
+++ b/src/Makefile.am
@@ -0,0 +1,16 @@
+# -*- Makefile -*-
+
+SUBDIRS = .
+if ENABLE_PYTHON
+SUBDIRS += python
+endif
+
+lib_LTLIBRARIES = libseccomp.la
+
+libseccomp_la_SOURCES = api.c arch.c arch-i386.c arch-i386-syscalls.c \
+ arch-x86_64.c arch-x86_64-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c
+libseccomp_la_LDFLAGS = -version-info 1:0:0
Index: libseccomp-1.0.1/src/system.h
===================================================================
--- libseccomp-1.0.1.orig/src/system.h
+++ libseccomp-1.0.1/src/system.h
+libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \
+ arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \
+ arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \
+ \
+ arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \
+ db.h gen_bpf.h gen_pfc.h hash.h system.h
+libseccomp_la_LDFLAGS = -version-number 2:1:0
diff --git a/src/python/Makefile.am b/src/python/Makefile.am
new file mode 100644
index 0000000..400b354
--- /dev/null
+++ b/src/python/Makefile.am
@@ -0,0 +1,24 @@
+# -*- Makefile -*-
+
+PYTHON = /usr/bin/env python
+pyverbose_0 = -q
+pyverbose_ = ${pyverbose_0}
+
+PY_DISTUTILS = \
+ VERSION_RELEASE="${VERSION_RELEASE}" \
+ CFLAGS="-I\${top_srcdir}/include ${CFLAGS} ${CPPFLAGS}" \
+ LDFLAGS="${LDFLAGS}" \
+ ${PYTHON} ./setup.py
+PY_BUILD = ${PY_DISTUTILS} build ${pyverbose_${V}}
+PY_INSTALL = ${PY_DISTUTILS} install ${pyverbose_${V}}
+
+all-local: python-build
+
+python-build: ../libseccomp.la libseccomp.pxd seccomp.pyx
+ ${AM_V_GEN}${PY_DISTUTILS} build && touch $@
+
+install-exec-local:
+ ${PY_DISTUTILS} install --prefix=${DESTDIR}/${prefix}
+
+clean-local:
+ rm -Rf python-build seccomp.c
diff --git a/src/python/setup.py b/src/python/setup.py
index 872642e..62ba24a 100644
--- a/src/python/setup.py
+++ b/src/python/setup.py
@@ -40,6 +40,6 @@ setup(
cmdclass = {'build_ext': build_ext},
ext_modules = [
Extension("seccomp", ["seccomp.pyx"],
- extra_objects=["../libseccomp.a"])
+ extra_objects=["../.libs/libseccomp.so"])
]
)
diff --git a/src/system.h b/src/system.h
index cb14f65..11303cf 100644
--- a/src/system.h
+++ b/src/system.h
@@ -25,9 +25,9 @@
#include <linux/filter.h>
#include <linux/prctl.h>
@ -156,48 +260,71 @@ Index: libseccomp-1.0.1/src/system.h
/* system header file */
#include <linux/seccomp.h>
Index: libseccomp-1.0.1/tests/Makefile.am
===================================================================
diff --git a/tests/Makefile.am b/tests/Makefile.am
new file mode 100644
index 0000000..236abee
--- /dev/null
+++ libseccomp-1.0.1/tests/Makefile.am
@@ -0,0 +1,29 @@
+++ b/tests/Makefile.am
@@ -0,0 +1,44 @@
+# -*- Makefile -*-
+
+AM_LDFLAGS = -static
+LDADD = util.la ../src/libseccomp.la
+
+check_LTLIBRARIES = util.la
+util_la_SOURCES = util.c
+util_la_SOURCES = util.c util.h
+util_la_LDFLAGS = -module
+
+TESTS = regression
+
+EXTRA_DIST = regression *.tests
+BUILT_SOURCES = 00-test.c
+
+check_PROGRAMS = \
+ 01-allow \
+ 02-basic \
+ 03-basic-chains \
+ 04-multilevel-chains \
+ 05-long-jumps \
+ 06-actions \
+ 07-db-bug-looping \
+ 08-subtree-checks \
+ 09-syscall-priority-pre \
+ 10-syscall-priority-post \
+ 11-basic-errors \
+ 12-basic-masked-ops \
+ 13-attrs \
+ 14-reset \
+ 15-resolver \
+ 16-arch-basic \
+ 17-arch-merge
Index: libseccomp-1.0.1/tools/Makefile.am
===================================================================
+ 00-test \
+ 01-sim-allow \
+ 02-sim-basic \
+ 03-sim-basic_chains \
+ 04-sim-multilevel_chains \
+ 05-sim-long_jumps \
+ 06-sim-actions \
+ 07-sim-db_bug_looping \
+ 08-sim-subtree_checks \
+ 09-sim-syscall_priority_pre \
+ 10-sim-syscall_priority_post \
+ 11-basic-basic_errors \
+ 12-sim-basic_masked_ops \
+ 13-basic-attrs \
+ 14-sim-reset \
+ 15-basic-resolver \
+ 16-sim-arch_basic \
+ 17-sim-arch_merge \
+ 18-sim-basic_whitelist \
+ 19-sim-missing_syscalls \
+ 20-live-basic_die \
+ 21-live-basic_allow \
+ 22-sim-basic_chains_array \
+ 23-sim-arch_all_basic \
+ 24-live-arg_allow \
+ 25-sim-multilevel_chains_adv
+
+00-test.c:
+ if ! test -e $@; then echo "int main(void) { return 0; }" >$@; fi
diff --git a/tools/Makefile.am b/tools/Makefile.am
new file mode 100644
index 0000000..ed74f39
--- /dev/null
+++ libseccomp-1.0.1/tools/Makefile.am
@@ -0,0 +1,6 @@
+++ b/tools/Makefile.am
@@ -0,0 +1,9 @@
+# -*- Makefile -*-
+
+noinst_PROGRAMS = bpf_disasm bpf_sim
+bin_PROGRAMS = scmp_sys_resolver
+noinst_PROGRAMS = scmp_arch_detect scmp_bpf_disasm scmp_bpf_sim
+
+bpf_disasm_SOURCES = bpf_disasm.c
+bpf_sim_SOURCES = bpf_sim.c
+scmp_sys_resolver_LDADD = ../src/libseccomp.la
+scmp_arch_detect_LDADD = ../src/libseccomp.la
+
+EXTRA_DIST = bpf.h
--
1.8.2

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7c38fa4bcb92ec48179132e9532feee65f9dc3a00b733328a21551f028b62966
size 129602

3
libseccomp-2.1.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b0d6e4f0984e6632a04f0cf33c6babdb011674ba15ff208e196f037e0e09905e
size 216834

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Tue Jun 18 01:14:06 UTC 2013 - jengelh@inai.de
- Update to new upstream release 2.1.0
* Add support for the x32 and ARM architectures
* More verbose PFC output, including translation of syscall
numbers to names
* Several assorted bugfixes affecting the seccomp BPF generation
* The syscall number/name resolver tool is now installed
* Fixes for the x86 multiplexed syscalls
* Additions to the API to better support non-native architecures
* Additions to the API to support multiple architecures in one filter
* Additions to the API to resolve syscall name/number mappings
- Remove 0001-build-use-ac-variables-in-pkgconfig-file.patch
(merged into 0001-build-use-autotools-as-build-system.patch)
-------------------------------------------------------------------
Fri Dec 21 05:47:29 UTC 2012 - jengelh@inai.de

View File

@ -1,7 +1,7 @@
#
# spec file for package libseccomp
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,28 +17,25 @@
Name: libseccomp
%define lname libseccomp1
Version: 1.0.1
%define lname libseccomp2
Version: 2.1.0
Release: 0
Summary: An enhanced Seccomp (mode 2) helper library
License: LGPL-2.1
Group: Development/Libraries/C and C++
Url: http://sf.net/projects/seccomp/
Url: http://sf.net/projects/libseccomp/
#DL-URL: http://downloads.sf.net/libseccomp/libseccomp-1.0.1.tar.gz
#Git-Clone: git://git.code.sf.net/p/libseccomp/libseccomp
#Git-Clone: git://git.inai.de/libseccomp
Source: http://downloads.sf.net/libseccomp/libseccomp-%{version}.tar.gz
Patch1: 0001-build-use-ac-variables-in-pkgconfig-file.patch
Patch2: 0001-build-use-autotools-as-build-system.patch
Patch1: 0001-build-use-autotools-as-build-system.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf
BuildRequires: automake >= 1.10
BuildRequires: fdupes
BuildRequires: libtool >= 2
BuildRequires: pkgconfig
BuildRequires: python-Cython
BuildRequires: python-devel
ExclusiveArch: %ix86 x86_64
ExclusiveArch: %ix86 x86_64 x32 %arm
%description
The libseccomp library provides and easy to use, platform
@ -87,37 +84,54 @@ familiar to, and easily adopted by application developers.
This package contains the development files for libseccomp.
%package tools
Summary: Utilities for the seccomp API
Group: Development/Tools/Debuggers
%description tools
The libseccomp library provides and easy to use, platform
independent, interface to the Linux Kernel's syscall filtering
mechanism: seccomp.
This subpackage contains debug utilities for the seccomp interface.
%prep
%setup -q
%patch -P 1 -P 2 -p1
%patch -P 1 -p1
%build
chmod a+x autogen.sh;
./autogen.sh;
%configure --includedir="%_includedir/%name-%version" --enable-python
%configure --includedir="%_includedir/pkg/%name"
make %{?_smp_mflags};
%install
b="%buildroot";
make install DESTDIR="$b";
find "$b/%_libdir" -type f -name "*.la" -delete;
%fdupes %buildroot/%_prefix
%check
make check || :;
%post -n %lname -p /sbin/ldconfig
%postun -n %lname -p /sbin/ldconfig
%files -n %lname
%defattr(-,root,root)
%_libdir/%name.so.*
%_libdir/%name.so.2*
%doc LICENSE
%files devel
%defattr(-,root,root)
%_mandir/man3/seccomp_*.3*
%_includedir/%name-%version
%_includedir/pkg/
%_libdir/%name.so
%_libdir/pkgconfig/%name.pc
%files tools
%defattr(-,root,root)
%_bindir/scmp_sys_resolver
%_mandir/man1/scmp_sys_resolver.1*
%changelog