Accepting request 293615 from security

- Update to new upstream release 2.2.0

OBS-URL: https://build.opensuse.org/request/show/293615
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libseccomp?expand=0&rev=10
This commit is contained in:
Dominique Leuenberger 2015-04-02 14:01:33 +00:00 committed by Git OBS Bridge
commit e0c9cf176e
9 changed files with 1845 additions and 2199 deletions

View File

@ -1,330 +0,0 @@
From c22e0366049884637b6f92e0f39c0d6579c7ca1f Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 14 Nov 2012 21:30:16 +0100
Subject: [PATCH] build: use autotools as build system
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
---
.gitignore | 25 +++++++++++++++++--------
Makefile.am | 31 +++++++++++++++++++++++++++++++
autogen.sh | 5 +++++
configure.ac | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
include/seccomp.h.in | 6 +++---
libseccomp.pc.in | 9 +++++----
m4/.gitignore | 2 ++
src/Makefile.am | 16 ++++++++++++++++
src/python/.gitignore | 5 +++--
src/python/Makefile.am | 24 ++++++++++++++++++++++++
src/python/setup.py | 2 +-
src/system.h | 4 ++--
tests/Makefile.am | 44 ++++++++++++++++++++++++++++++++++++++++++++
tools/Makefile.am | 9 +++++++++
14 files changed, 211 insertions(+), 20 deletions(-)
create mode 100644 Makefile.am
create mode 100755 autogen.sh
create mode 100644 configure.ac
create mode 100644 m4/.gitignore
create mode 100644 src/Makefile.am
create mode 100644 src/python/Makefile.am
create mode 100644 tests/Makefile.am
create mode 100644 tools/Makefile.am
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..bf0a4ea
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,31 @@
+# -*- Makefile -*-
+
+ACLOCAL_AMFLAGS = -I m4
+SUBDIRS = src tools tests
+
+pkgconfdir = ${libdir}/pkgconfig
+pkgconf_DATA = libseccomp.pc
+
+nodist_include_HEADERS = include/seccomp.h
+
+dist_man_MANS = \
+ doc/man/man1/scmp_sys_resolver.1 \
+ doc/man/man3/seccomp_arch_add.3 \
+ doc/man/man3/seccomp_arch_exist.3 \
+ doc/man/man3/seccomp_arch_native.3 \
+ doc/man/man3/seccomp_arch_remove.3 \
+ doc/man/man3/seccomp_attr_get.3 \
+ doc/man/man3/seccomp_attr_set.3 \
+ doc/man/man3/seccomp_export_bpf.3 \
+ doc/man/man3/seccomp_export_pfc.3 \
+ doc/man/man3/seccomp_init.3 \
+ doc/man/man3/seccomp_load.3 \
+ doc/man/man3/seccomp_merge.3 \
+ doc/man/man3/seccomp_release.3 \
+ doc/man/man3/seccomp_reset.3 \
+ doc/man/man3/seccomp_rule_add.3 \
+ doc/man/man3/seccomp_rule_add_exact.3 \
+ doc/man/man3/seccomp_syscall_priority.3 \
+ doc/man/man3/seccomp_syscall_resolve_name.3 \
+ doc/man/man3/seccomp_syscall_resolve_name_arch.3 \
+ doc/man/man3/seccomp_syscall_resolve_num_arch.3
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000..37e4b23
--- /dev/null
+++ b/autogen.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+autoreconf -fi;
+rm -Rf autom4te.cache;
+# do not call configure - this is unexpected
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..fa7bd5b
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,49 @@
+AC_INIT([libseccomp], [2.1.0])
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_HEADERS([configure.h])
+AC_CONFIG_MACRO_DIR([m4])
+AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax no-dist-gzip dist-xz])
+AC_PROG_CC
+AM_PROG_CC_C_O
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
+AC_DISABLE_STATIC
+LT_INIT
+
+AC_CHECK_HEADER([linux/seccomp.h])
+
+AM_CPPFLAGS="-I\${top_srcdir}/include"
+AM_CFLAGS="-Wall"
+AM_LDFLAGS="-Wl,-z -Wl,relro"
+AC_SUBST([AM_CPPFLAGS])
+AC_SUBST([AM_CFLAGS])
+AC_SUBST([AM_LDFLAGS])
+
+VERSION_MAJOR="${VERSION%%.*}"
+VERSION_MINOR="${VERSION#*.}"
+VERSION_MICRO="${VERSION_MINOR#*.}"
+VERSION_MINOR="${VERSION_MINOR%%.*}"
+VERSION_MICRO="${VERSION_MICRO%%.*}"
+AC_SUBST([VERSION_MAJOR])
+AC_SUBST([VERSION_MINOR])
+AC_SUBST([VERSION_MICRO])
+
+dnl AC_ARG_ENABLE([python],
+dnl [AS_HELP_STRING([--enable-python], [build the python bindings, requires cython])])
+enable_python=no
+AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes])
+cython_ver=$(which cython >/dev/null 2>/dev/null && cython -V 2>&1 | cut -d' ' -f3)
+cython_maj=$(echo "$cython_ver" | cut -d'.' -f1)
+cython_min=$(echo "$cython_ver" | cut -d'.' -f2)
+AS_IF([test "$enable_python" = yes], [
+ recent=""
+ AS_IF([test -n "$cython_maj" -a -n "$cython_min" &&
+ ! test "$cython_maj" -eq 0 -a "$cython_min" -lt 16], [recent=yes])
+ AS_IF([test -z "$recent"], [
+ AC_MSG_ERROR([python bindings require cython 0.16 or higher])
+ ])
+])
+
+AC_CONFIG_FILES([Makefile src/Makefile src/python/Makefile tools/Makefile
+ tests/Makefile include/seccomp.h libseccomp.pc])
+AC_OUTPUT
diff --git a/include/seccomp.h.in b/include/seccomp.h.in
index 7897cbf..e14c1f5 100644
--- a/include/seccomp.h.in
+++ b/include/seccomp.h.in
@@ -35,9 +35,9 @@ extern "C" {
* version information
*/
-#define SCMP_VER_MAJOR %%VERSION_MAJOR%%
-#define SCMP_VER_MINOR %%VERSION_MINOR%%
-#define SCMP_VER_MICRO %%VERSION_MICRO%%
+#define SCMP_VER_MAJOR @VERSION_MAJOR@
+#define SCMP_VER_MINOR @VERSION_MINOR@
+#define SCMP_VER_MICRO @VERSION_MICRO@
/*
* types
diff --git a/libseccomp.pc.in b/libseccomp.pc.in
index c195831..a863351 100644
--- a/libseccomp.pc.in
+++ b/libseccomp.pc.in
@@ -19,13 +19,14 @@
# along with this library; if not, see <http://www.gnu.org/licenses>.
#
-prefix=%%INSTALL_PREFIX%%
-libdir=%%INSTALL_LIBDIR%%
-includedir=${prefix}/include
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
Name: libseccomp
Description: The enhanced seccomp library
URL: http://libseccomp.sf.net
-Version: %%VERSION_RELEASE%%
+Version: @PACKAGE_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lseccomp
diff --git a/m4/.gitignore b/m4/.gitignore
new file mode 100644
index 0000000..64d9bbc
--- /dev/null
+++ b/m4/.gitignore
@@ -0,0 +1,2 @@
+/libtool.m4
+/lt*.m4
diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644
index 0000000..91b1519
--- /dev/null
+++ b/src/Makefile.am
@@ -0,0 +1,16 @@
+# -*- Makefile -*-
+
+SUBDIRS = .
+if ENABLE_PYTHON
+SUBDIRS += python
+endif
+
+lib_LTLIBRARIES = libseccomp.la
+
+libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \
+ arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \
+ arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \
+ \
+ arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \
+ db.h gen_bpf.h gen_pfc.h hash.h system.h
+libseccomp_la_LDFLAGS = -version-number 2:1:0
diff --git a/src/python/Makefile.am b/src/python/Makefile.am
new file mode 100644
index 0000000..400b354
--- /dev/null
+++ b/src/python/Makefile.am
@@ -0,0 +1,24 @@
+# -*- Makefile -*-
+
+PYTHON = /usr/bin/env python
+pyverbose_0 = -q
+pyverbose_ = ${pyverbose_0}
+
+PY_DISTUTILS = \
+ VERSION_RELEASE="${VERSION_RELEASE}" \
+ CFLAGS="-I\${top_srcdir}/include ${CFLAGS} ${CPPFLAGS}" \
+ LDFLAGS="${LDFLAGS}" \
+ ${PYTHON} ./setup.py
+PY_BUILD = ${PY_DISTUTILS} build ${pyverbose_${V}}
+PY_INSTALL = ${PY_DISTUTILS} install ${pyverbose_${V}}
+
+all-local: python-build
+
+python-build: ../libseccomp.la libseccomp.pxd seccomp.pyx
+ ${AM_V_GEN}${PY_DISTUTILS} build && touch $@
+
+install-exec-local:
+ ${PY_DISTUTILS} install --prefix=${DESTDIR}/${prefix}
+
+clean-local:
+ rm -Rf python-build seccomp.c
diff --git a/src/python/setup.py b/src/python/setup.py
index 872642e..62ba24a 100644
--- a/src/python/setup.py
+++ b/src/python/setup.py
@@ -40,6 +40,6 @@ setup(
cmdclass = {'build_ext': build_ext},
ext_modules = [
Extension("seccomp", ["seccomp.pyx"],
- extra_objects=["../libseccomp.a"])
+ extra_objects=["../.libs/libseccomp.so"])
]
)
diff --git a/src/system.h b/src/system.h
index cb14f65..11303cf 100644
--- a/src/system.h
+++ b/src/system.h
@@ -25,9 +25,9 @@
#include <linux/filter.h>
#include <linux/prctl.h>
-#include <configure.h>
+#include "configure.h"
-#ifdef CONF_SYSINC_SECCOMP
+#ifdef HAVE_LINUX_SECCOMP_H
/* system header file */
#include <linux/seccomp.h>
diff --git a/tests/Makefile.am b/tests/Makefile.am
new file mode 100644
index 0000000..236abee
--- /dev/null
+++ b/tests/Makefile.am
@@ -0,0 +1,44 @@
+# -*- Makefile -*-
+
+AM_LDFLAGS = -static
+LDADD = util.la ../src/libseccomp.la
+
+check_LTLIBRARIES = util.la
+util_la_SOURCES = util.c util.h
+util_la_LDFLAGS = -module
+
+TESTS = regression
+
+EXTRA_DIST = regression *.tests
+BUILT_SOURCES = 00-test.c
+
+check_PROGRAMS = \
+ 00-test \
+ 01-sim-allow \
+ 02-sim-basic \
+ 03-sim-basic_chains \
+ 04-sim-multilevel_chains \
+ 05-sim-long_jumps \
+ 06-sim-actions \
+ 07-sim-db_bug_looping \
+ 08-sim-subtree_checks \
+ 09-sim-syscall_priority_pre \
+ 10-sim-syscall_priority_post \
+ 11-basic-basic_errors \
+ 12-sim-basic_masked_ops \
+ 13-basic-attrs \
+ 14-sim-reset \
+ 15-basic-resolver \
+ 16-sim-arch_basic \
+ 17-sim-arch_merge \
+ 18-sim-basic_whitelist \
+ 19-sim-missing_syscalls \
+ 20-live-basic_die \
+ 21-live-basic_allow \
+ 22-sim-basic_chains_array \
+ 23-sim-arch_all_basic \
+ 24-live-arg_allow \
+ 25-sim-multilevel_chains_adv
+
+00-test.c:
+ if ! test -e $@; then echo "int main(void) { return 0; }" >$@; fi
diff --git a/tools/Makefile.am b/tools/Makefile.am
new file mode 100644
index 0000000..ed74f39
--- /dev/null
+++ b/tools/Makefile.am
@@ -0,0 +1,9 @@
+# -*- Makefile -*-
+
+bin_PROGRAMS = scmp_sys_resolver
+noinst_PROGRAMS = scmp_arch_detect scmp_bpf_disasm scmp_bpf_sim
+
+scmp_sys_resolver_LDADD = ../src/libseccomp.la
+scmp_arch_detect_LDADD = ../src/libseccomp.la
+
+EXTRA_DIST = bpf.h
--
1.8.2

View File

@ -0,0 +1,25 @@
From 7a7a83a24491f636d422e951f9e0547caaa68967 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Fri, 13 Feb 2015 11:57:43 -0500
Subject: [PATCH] tools: add the missing elf.h header file
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
tools/util.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/util.h b/tools/util.h
index 13ef59f..261320f 100644
--- a/tools/util.h
+++ b/tools/util.h
@@ -22,6 +22,7 @@
#ifndef _UTIL_H
#define _UTIL_H
+#include <elf.h>
#include <inttypes.h>
#include <linux/audit.h>
--
2.1.4

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8812c11e407c383f5ad6afb84a88e5a0224477bcfe8ff03f0c548e5abaac841c
size 113133

3
libseccomp-2.2.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10
size 516697

View File

@ -0,0 +1,21 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10 libseccomp-2.2.0.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJU3Q+YAAoJEFXkWlroynyKWsMP/3H+nI7/PEdsxrwb3kNK+wS0
LEKguUufhizAhp2J+6POejqyapxj/ge+QWRR4EZlbXUBzK8Mlu0OCexW7ic20QR3
reua7B/Dg363fGyBpx9vWnI8/l7DUuxlz97sYvYFbBZ0XeOeLFc6bxic8SvYJLzT
5A5oyd7oESAFH99C83oIcoJOxJanZXALOEN3J5fd5HXVtnHa0gQ1JlaIAldiXBlX
VrhS9FmAzJ/hpqGG9kP7piaUvrqNZRkuj0KsB6Ty2hE43pV/FgEzoMcScAdMS1E2
9L+K6RXT0Dcv5pB6avMz37chXMcfginh/pl6PL3QG0130ivbv0VJKKjkI1JVTadp
mUIYx7kOjZO/ZrdsRrh6hzDg9+kNlmtaCnzne7O1dttnlPNbz09KDmxN+e5/i5kA
6Vss+09ruO9fLTnlepfDcPujrZ6sxbqn4qvNJQd1nqdencbZl5DYJsUJCa6sxL2t
i/7+xo1zKXtVaeeEgAYn9MrpxtKbganorP05RlY2ecDf7rX0/pUHVcXjKUUrWgGl
By+PnD0Rg6OELmbNpPhcgNgUEYzGKdOhKkYfL/IH29zSSUmuVqskpGoQH7HRd2vo
oNz4oRcGi4vGeQAkp6hHaRPNpP4kylRxv0HzLigkuwhIRUtrDZBQ/A+KB0vBWh8O
36DpNMxzhPTBM3qdCbNa
=mufN
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Sun Mar 29 00:28:59 UTC 2015 - jengelh@inai.de
- Update to new upstream release 2.2.0
* Added support for aarch64, mips, mips64, mips64n32 (BE/LE).
* Added support for using the new seccomp() syscall and the thread
sync functionality.
* Added Python bindings
- Remove 0001-build-use-autotools-as-build-system.patch
(merged). Add no-static.diff.
Add 0001-tools-add-the-missing-elf.h-header-file.patch
-------------------------------------------------------------------
Sat Jul 12 11:26:10 UTC 2014 - meissner@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package libseccomp
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,21 +18,22 @@
Name: libseccomp
%define lname libseccomp2
Version: 2.1.1
Version: 2.2.0
Release: 0
Summary: An enhanced Seccomp (mode 2) helper library
License: LGPL-2.1
Group: Development/Libraries/C and C++
Url: http://sf.net/projects/libseccomp/
Url: http://github.com/seccomp
#Git-Clone: git://git.code.sf.net/p/libseccomp/libseccomp
#Git-Clone: git://git.inai.de/libseccomp
Source: http://downloads.sf.net/libseccomp/libseccomp-%{version}.tar.gz
Patch1: 0001-build-use-autotools-as-build-system.patch
Patch2: libseccomp-s390x-support.patch
#Git-Clone: git://github.com/seccomp/libseccomp
Source: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz
Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz.SHA256SUM.asc
Patch1: no-static.diff
Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch
Patch3: libseccomp-s390x-support.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf
BuildRequires: automake >= 1.10
BuildRequires: automake >= 1.11
BuildRequires: fdupes
BuildRequires: libtool >= 2
BuildRequires: pkgconfig
@ -97,19 +98,16 @@ This subpackage contains debug utilities for the seccomp interface.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch -P 1 -P 2 -P 3 -p1
%build
chmod a+x autogen.sh;
./autogen.sh;
%configure --includedir="%_includedir/pkg/%name"
autoreconf -fi
%configure --includedir="%_includedir/%name" --disable-static
make %{?_smp_mflags};
%install
b="%buildroot";
make install DESTDIR="$b";
find "$b/%_libdir" -type f -name "*.la" -delete;
%make_install
find "%buildroot/%_libdir" -type f -name "*.la" -delete
%fdupes %buildroot/%_prefix
%check
@ -133,7 +131,7 @@ make check
%files devel
%defattr(-,root,root)
%_mandir/man3/seccomp_*.3*
%_includedir/pkg/
%_includedir/%name/
%_libdir/%name.so
%_libdir/pkgconfig/%name.pc

23
no-static.diff Normal file
View File

@ -0,0 +1,23 @@
RPM's brp checks say:
ERROR: RPATH "/home/abuild/rpmbuild/BUILD/libseccomp-2.2.0/src/.libs"
on <buildroot>/usr/bin/scmp_sys_resolver is not allowed
---
tools/Makefile.am | 2 --
1 file changed, 2 deletions(-)
Index: libseccomp-2.2.0/tools/Makefile.am
===================================================================
--- libseccomp-2.2.0.orig/tools/Makefile.am
+++ libseccomp-2.2.0/tools/Makefile.am
@@ -33,8 +33,6 @@ scmp_bpf_disasm_SOURCES = scmp_bpf_disas
scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
scmp_sys_resolver_LDADD = ../src/libseccomp.la
-scmp_sys_resolver_LDFLAGS = -static
scmp_arch_detect_LDADD = ../src/libseccomp.la
-scmp_arch_detect_LDFLAGS = -static
scmp_bpf_disasm_LDADD = util.la
scmp_bpf_sim_LDADD = util.la