SHA256
1
0
forked from pool/libseccomp
libseccomp/libseccomp.changes

354 lines
14 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Sat Apr 30 16:42:48 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Deactive python3 by default, it's just not a good idea for ring0.
-------------------------------------------------------------------
Thu Apr 21 21:23:08 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.5.4
* Update the syscall table for Linux v5.17.
* Fix minor issues with binary tree testing and with empty
binary trees.
* Minor documentation improvements including retiring the
mailing list.
-------------------------------------------------------------------
Mon Jan 17 11:08:28 UTC 2022 - Marcus Meissner <meissner@suse.com>
- buildrequire python-rpm-macros
-------------------------------------------------------------------
Thu Dec 2 12:09:38 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- reenable python bindings at least for the distro default python3
package:
- adds make-python-build.patch
-------------------------------------------------------------------
Sun Nov 7 13:23:22 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.5.3
* Update the syscall table for Linux v5.15
* Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
* Document that seccomp_rule_add() may return -EACCES
-------------------------------------------------------------------
Mon Sep 13 08:19:30 UTC 2021 - Andreas Schwab <schwab@suse.de>
- Skip 11-basic-basic_errors test on qemu linux-user emulation
-------------------------------------------------------------------
Wed Sep 1 18:48:49 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
-------------------------------------------------------------------
Sat Nov 21 16:59:46 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 2.5.1:
* Fix a bug where seccomp_load() could only be called once
* Change the notification fd handling to only request a notification fd if
* the filter has a _NOTIFY action
* Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
* Clarify the maintainers' GPG keys
- remove testsuite-riscv64-missing-syscalls.patch
-------------------------------------------------------------------
Wed Sep 9 13:49:55 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Do not rely on gperf: pass GPERF=/bin/true to configure and
remove gperf BuildRequires. The syscalls.perf file it would
generate is part of the tarball already.
-------------------------------------------------------------------
Tue Sep 8 15:00:01 UTC 2020 - Andreas Schwab <schwab@suse.de>
- testsuite-riscv64-missing-syscalls.patch: Fix testsuite failure on
riscv64
- Ignore failure of tests/52-basic-load on qemu linux-user emulation
-------------------------------------------------------------------
Tue Sep 8 14:00:13 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
- Update to release 2.5.0
* Add support for the seccomp user notifications, see the
seccomp_notify_alloc(3), seccomp_notify_receive(3),
seccomp_notify_respond(3) manpages for more information
* Add support for new filter optimization approaches, including a balanced
tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
more information
* Add support for the 64-bit RISC-V architecture
* Performance improvements when adding new rules to a filter thanks to the
use of internal shadow transactions and improved syscall lookup tables
* Properly document the libseccomp API return values and include them in the
stable API promise
* Improvements to the s390 and s390x multiplexed syscall handling
* Multiple fixes and improvements to the libseccomp manpages
* Moved from manually maintained syscall tables to an automatically generated
syscall table in CSV format
* Update the syscall tables to Linux v5.8.0-rc5
* Python bindings and build now default to Python 3.x
* Improvements to the tests have boosted code coverage to over 93%
- libseccomp.keyring: replaced by Paul Moore <pmoore@redhat.com> key.
-------------------------------------------------------------------
Fri Jun 5 13:12:29 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.4.3
* Add list of authorized release signatures to README.md
* Fix multiplexing issue with s390/s390x shm* syscalls
* Remove the static flag from libseccomp tools compilation
* Add define for __SNR_ppoll
* Fix potential memory leak identified by clang in the
scmp_bpf_sim tool
- Drop no-static.diff, libseccomp-fix_aarch64-test.patch,
SNR_ppoll.patch (merged)
-------------------------------------------------------------------
Mon Feb 17 08:10:13 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
- Add patch to fix ntpsec and others build (accidental drop of symbols):
* SNR_ppoll.patch
-------------------------------------------------------------------
Tue Jan 7 15:07:23 UTC 2020 - Andreas Schwab <schwab@suse.de>
- Tests are passing on all architectures
-------------------------------------------------------------------
Mon Jan 6 14:23:04 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Backport patch to fix test on aarch64:
* libseccomp-fix_aarch64-test.patch
-------------------------------------------------------------------
Thu Dec 19 23:06:51 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.4.2
* Add support for io-uring related system calls
-------------------------------------------------------------------
Wed Jul 24 09:37:26 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com>
- ignore make check error for ppc64/ppc64le, bypass boo#1142614
-------------------------------------------------------------------
Sun Jun 2 13:10:42 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Update to new upstream release 2.4.1
* Fix a BPF generation bug where the optimizer mistakenly
identified duplicate BPF code blocks.
-------------------------------------------------------------------
Sun Mar 17 10:06:38 UTC 2019 - Marcus Meissner <meissner@suse.com>
- updated to 2.4.0 (bsc#1128828 CVE-2019-9893)
- Update the syscall table for Linux v5.0-rc5
- Added support for the SCMP_ACT_KILL_PROCESS action
- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension
- Added support for the parisc and parisc64 architectures
- Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3)
- Return -EDOM on an endian mismatch when adding an architecture to a filter
- Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run()
- Fix PFC generation when a syscall is prioritized, but no rule exists
- Numerous fixes to the seccomp-bpf filter generation code
- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
- Numerous tests added to the included test suite, coverage now at ~92%
- Update our Travis CI configuration to use Ubuntu 16.04
- Numerous documentation fixes and updates
- now gpg signed, added key of Paul Moore from keyserver.
-------------------------------------------------------------------
Mon Jan 14 14:16:45 CET 2019 - kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
-------------------------------------------------------------------
Sat Feb 24 02:53:57 UTC 2018 - asarai@suse.com
- Update to release 2.3.3:
* Updated the syscall table for Linux v4.15-rc7
-------------------------------------------------------------------
Sun May 21 22:31:41 UTC 2017 - jengelh@inai.de
- Unconditionally rerun autoreconf because of patches
-------------------------------------------------------------------
Sun May 21 18:07:04 UTC 2017 - tchvatal@suse.com
- Update to release 2.3.2:
* Achieved full compliance with the CII Best Practices program
* Added Travis CI builds to the GitHub repository
* Added code coverage reporting with the "--enable-code-coverage" configure
flag and added Coveralls to the GitHub repository
* Updated the syscall tables to match Linux v4.10-rc6+
* Support for building with Python v3.x
* Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is
set to true
* Several small documentation fixes
- Remove service file as we are not based on git
-------------------------------------------------------------------
Sat May 7 23:11:02 UTC 2016 - jengelh@inai.de
- Update to new upstream release 2.3.1
* arch: fix the multiplexed ipc() syscalls
* s390: handle multiplexed syscalls correctly
- Remove 0001-arch-fix-a-number-of-32-bit-x86-failures-related-to-.patch,
0001-tests-replace-socket-syscall-references-in-15-basic-.patch
(fixed upstream)
-------------------------------------------------------------------
Tue Apr 19 16:00:29 UTC 2016 - jengelh@inai.de
- Add 0001-tests-replace-socket-syscall-references-in-15-basic-.patch
-------------------------------------------------------------------
Sun Apr 10 22:31:15 UTC 2016 - jengelh@inai.de
- Add 0001-arch-fix-a-number-of-32-bit-x86-failures-related-to-.patch
-------------------------------------------------------------------
Wed Mar 23 16:06:20 UTC 2016 - meissner@suse.com
- updated to final 2.3.0 release
- builderror-k316.diff: fixed upstream
- i586 testsuite fails, disable for now
-------------------------------------------------------------------
Wed Feb 24 10:11:26 UTC 2016 - jengelh@inai.de
- Update to git snapshot 2.3.0~g96
* have libseccomp build with newer linux-glibc-devel;
"multiplexed and direct socket syscalls"
- Drop libseccomp-s390x-support.patch, libseccomp-ppc64le.patch
(no longer apply - merged upstream)
- Add builderror-k316.diff
-------------------------------------------------------------------
Fri Sep 25 12:14:37 UTC 2015 - dimstar@opensuse.org
- Add baselibs.conf: systemd-32bit-224+ links against
libseccomp.so.2.
-------------------------------------------------------------------
Mon Aug 31 15:09:16 UTC 2015 - jengelh@inai.de
- Update to new upstream release 2.2.3
* Fix a problem with the masked equality operator
* Fix a problem on x86_64/x32 involving invalid architectures
* Fix a problem with the ARM specific syscalls
-------------------------------------------------------------------
Sat May 30 10:20:06 UTC 2015 - jengelh@inai.de
- Update to new upstream release 2.2.1
* Fix a problem with syscall argument filtering on 64-bit systems
* Fix some problems with the 32-bit ARM syscall table
- Drop 0001-tools-add-the-missing-elf.h-header-file.patch,
libseccomp-arm-syscall-fixes.patch
(applied upstream)
-------------------------------------------------------------------
Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com
- Fix ppc64le build: libseccomp-ppc64le.patch
-------------------------------------------------------------------
Fri Apr 10 16:52:55 UTC 2015 - afaerber@suse.de
- Fix some arm syscall constants
libseccomp-arm-syscall-fixes.patch
-------------------------------------------------------------------
Sun Mar 29 00:28:59 UTC 2015 - jengelh@inai.de
- Update to new upstream release 2.2.0
* Added support for aarch64, mips, mips64, mips64n32 (BE/LE).
* Added support for using the new seccomp() syscall and the thread
sync functionality.
* Added Python bindings
- Remove 0001-build-use-autotools-as-build-system.patch
(merged). Add no-static.diff.
Add 0001-tools-add-the-missing-elf.h-header-file.patch
-------------------------------------------------------------------
Sat Jul 12 11:26:10 UTC 2014 - meissner@suse.com
- updated ppc64le patch
-------------------------------------------------------------------
Wed Mar 5 15:13:35 UTC 2014 - meissner@suse.com
- libseccomp-s390x-support.patch:
support s390,s390x,ppc,ppc64 too. bnc#866526 (arm64 not yet done)
- disabled testsuite on the new platforms, as there
are still some failures.
s390 32bit: passed: 3823 / failed: 91 / errored: 43
s390x: passed: 2410 / failed: 879 / errored: 68
ppc64le: passed: 3914 / failed: 0 / errored: 43
-------------------------------------------------------------------
Tue Jun 18 01:14:06 UTC 2013 - jengelh@inai.de
- Update to new upstream release 2.1.0
* Add support for the x32 and ARM architectures
* More verbose PFC output, including translation of syscall
numbers to names
* Several assorted bugfixes affecting the seccomp BPF generation
* The syscall number/name resolver tool is now installed
* Fixes for the x86 multiplexed syscalls
* Additions to the API to better support non-native architecures
* Additions to the API to support multiple architecures in one filter
* Additions to the API to resolve syscall name/number mappings
- Remove 0001-build-use-ac-variables-in-pkgconfig-file.patch
(merged into 0001-build-use-autotools-as-build-system.patch)
-------------------------------------------------------------------
Fri Dec 21 05:47:29 UTC 2012 - jengelh@inai.de
- Make 0001-build-use-autotools-as-build-system.patch apply again
-------------------------------------------------------------------
Fri Dec 14 17:13:12 UTC 2012 - dvaleev@suse.com
- code is only x86 capable. Set ExclusiveArch: %{ix86} x86_64
-------------------------------------------------------------------
Thu Nov 15 00:49:40 UTC 2012 - jengelh@inai.de
- Restore autotools patch (0001-build-use-autotools-as-build-system.patch)
that was previously embodied in the files in the tarball
-------------------------------------------------------------------
Tue Nov 13 15:40:20 UTC 2012 - meissner@suse.com
- updated to 1.0.1 release
- The header file is now easier to use with C++ compilers
- Minor documentation fixes
- Minor memory leak fixes
- Corrected x86 filter generation on x86_64 systems
- Corrected problems with small filters and filters with arguments
- use public downloadable tarball
-------------------------------------------------------------------
Sat Sep 8 03:50:02 UTC 2012 - jengelh@inai.de
- Initial package (version 1.0.0) for build.opensuse.org