From a238311906a6024f436a36a0e7e359a7dd37c7b3572ae185d854cf6df774f19b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 8 Jun 2015 05:29:15 +0000 Subject: [PATCH] Accepting request 309331 from home:jengelh:branches:security - Update to new upstream release 2.2.1 OBS-URL: https://build.opensuse.org/request/show/309331 OBS-URL: https://build.opensuse.org/package/show/security/libseccomp?expand=0&rev=34 --- ...ls-add-the-missing-elf.h-header-file.patch | 25 - libseccomp-2.2.0.tar.gz | 3 - libseccomp-2.2.0.tar.gz.SHA256SUM.asc | 21 - libseccomp-2.2.1.tar.gz | 3 + libseccomp-2.2.1.tar.gz.SHA256SUM.asc | 21 + libseccomp-arm-syscall-fixes.patch | 179 ------ libseccomp-ppc64le.patch | 598 +++++++++--------- libseccomp.changes | 10 + libseccomp.spec | 6 +- 9 files changed, 347 insertions(+), 519 deletions(-) delete mode 100644 0001-tools-add-the-missing-elf.h-header-file.patch delete mode 100644 libseccomp-2.2.0.tar.gz delete mode 100644 libseccomp-2.2.0.tar.gz.SHA256SUM.asc create mode 100644 libseccomp-2.2.1.tar.gz create mode 100644 libseccomp-2.2.1.tar.gz.SHA256SUM.asc delete mode 100644 libseccomp-arm-syscall-fixes.patch diff --git a/0001-tools-add-the-missing-elf.h-header-file.patch b/0001-tools-add-the-missing-elf.h-header-file.patch deleted file mode 100644 index f12a6ea..0000000 --- a/0001-tools-add-the-missing-elf.h-header-file.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7a7a83a24491f636d422e951f9e0547caaa68967 Mon Sep 17 00:00:00 2001 -From: Paul Moore -Date: Fri, 13 Feb 2015 11:57:43 -0500 -Subject: [PATCH] tools: add the missing elf.h header file - -Signed-off-by: Paul Moore ---- - tools/util.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tools/util.h b/tools/util.h -index 13ef59f..261320f 100644 ---- a/tools/util.h -+++ b/tools/util.h -@@ -22,6 +22,7 @@ - #ifndef _UTIL_H - #define _UTIL_H - -+#include - #include - #include - --- -2.1.4 - diff --git a/libseccomp-2.2.0.tar.gz b/libseccomp-2.2.0.tar.gz deleted file mode 100644 index c3ce148..0000000 --- a/libseccomp-2.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10 -size 516697 diff --git a/libseccomp-2.2.0.tar.gz.SHA256SUM.asc b/libseccomp-2.2.0.tar.gz.SHA256SUM.asc deleted file mode 100644 index a977813..0000000 --- a/libseccomp-2.2.0.tar.gz.SHA256SUM.asc +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -5aa8a230f8529d6ee777098550245e43d2247395fdfd5a2176e28cf7236f1b10 libseccomp-2.2.0.tar.gz ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAEBAgAGBQJU3Q+YAAoJEFXkWlroynyKWsMP/3H+nI7/PEdsxrwb3kNK+wS0 -LEKguUufhizAhp2J+6POejqyapxj/ge+QWRR4EZlbXUBzK8Mlu0OCexW7ic20QR3 -reua7B/Dg363fGyBpx9vWnI8/l7DUuxlz97sYvYFbBZ0XeOeLFc6bxic8SvYJLzT -5A5oyd7oESAFH99C83oIcoJOxJanZXALOEN3J5fd5HXVtnHa0gQ1JlaIAldiXBlX -VrhS9FmAzJ/hpqGG9kP7piaUvrqNZRkuj0KsB6Ty2hE43pV/FgEzoMcScAdMS1E2 -9L+K6RXT0Dcv5pB6avMz37chXMcfginh/pl6PL3QG0130ivbv0VJKKjkI1JVTadp -mUIYx7kOjZO/ZrdsRrh6hzDg9+kNlmtaCnzne7O1dttnlPNbz09KDmxN+e5/i5kA -6Vss+09ruO9fLTnlepfDcPujrZ6sxbqn4qvNJQd1nqdencbZl5DYJsUJCa6sxL2t -i/7+xo1zKXtVaeeEgAYn9MrpxtKbganorP05RlY2ecDf7rX0/pUHVcXjKUUrWgGl -By+PnD0Rg6OELmbNpPhcgNgUEYzGKdOhKkYfL/IH29zSSUmuVqskpGoQH7HRd2vo -oNz4oRcGi4vGeQAkp6hHaRPNpP4kylRxv0HzLigkuwhIRUtrDZBQ/A+KB0vBWh8O -36DpNMxzhPTBM3qdCbNa -=mufN ------END PGP SIGNATURE----- diff --git a/libseccomp-2.2.1.tar.gz b/libseccomp-2.2.1.tar.gz new file mode 100644 index 0000000..c6daf96 --- /dev/null +++ b/libseccomp-2.2.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0ba1789f54786c644af54cdffc9fd0dd0a8bb2b2ee153933f658855d2851a740 +size 520471 diff --git a/libseccomp-2.2.1.tar.gz.SHA256SUM.asc b/libseccomp-2.2.1.tar.gz.SHA256SUM.asc new file mode 100644 index 0000000..d99e6ad --- /dev/null +++ b/libseccomp-2.2.1.tar.gz.SHA256SUM.asc @@ -0,0 +1,21 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +0ba1789f54786c644af54cdffc9fd0dd0a8bb2b2ee153933f658855d2851a740 libseccomp-2.2.1.tar.gz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAEBCAAGBQJVU1U1AAoJEFXkWlroynyKbAQP/jULx5gNQx7UePtk+jSem8lG +tjwEZyrxUgk96xFkGp5Vonn10Hynj7h2+W4OicjbUtiu5k+jhzHADt9OtqqWugZq +bX6D4QdGXTsCYFvP2ocKzFztvi1lGdKcEegiRUVSbE1fWei+KViCPy2sStN94cOs +cLRj77bHBlYp0//RMUc6jSNjnKQeaZjeBtraGlZacJdoSma+v80jWuUz7T41WAR6 +LotmsIMAKJFmKRHAt+2+W4Nq759IR2PpmY7UOwVjaWUydWJvir7lzjrunqbTwFWV +1nzQReN2C37o4lJGcuVg267VVuwNpIMsk2Qd0gbqsPCRQ1lKRsatUxu5rTdHApJ+ +4H3dhY1Qw6RIdyj6AyJ0xtkZpWFbgYuaT0uY0jDGFOQAVd8rR08XApK57ON/h3O1 +wGlr553z/7DdvSLJhkDIRc+kG+1PQ7oI/iiqMOy5q/dCRpRV4Hh/ZJXs9jisAynu +tDUnS6S/8ZwMAf2sjlrpjG92RKkW9DLegpiBeshF8I6k3h7tULYCDzyBsZjdo6kO +VbSdr6PQr5wuOuf+fVhAG5t6uHbiX3a7i08jsFOQKzBmdVYg+4KuRwKybpihmFvs +vrc6WvVqzRGUyTQBcZUK00aMGPfu+70/idTcBHn+xKuUczRBk7BX0gQYyRcp4ZJ0 +hl03hK5IAoR6fqbTg5IJ +=ZQpd +-----END PGP SIGNATURE----- diff --git a/libseccomp-arm-syscall-fixes.patch b/libseccomp-arm-syscall-fixes.patch deleted file mode 100644 index 981c8aa..0000000 --- a/libseccomp-arm-syscall-fixes.patch +++ /dev/null @@ -1,179 +0,0 @@ -From d1019115acdc8460c9a1f8a878768001a3c32431 Mon Sep 17 00:00:00 2001 -From: Paul Moore -Date: Fri, 10 Apr 2015 10:31:04 -0400 -Subject: [PATCH] arm: fix some problems with the syscall table - -The 32-bit ARM syscall table mistakenly included syscall definitions -for the syscalls below. This patch redefines those syscalls to -libseccomp's pseudo-syscall numbers and corrects the -arch-syscall-validate to correctly list the 32-bit ARM syscalls. - - * time - * umount - * stime - * alarm - * utime - * getrlimit - * select - * readdir - * mmap - * socketcall - * syscall - * ipc - -Reported-by: Andreas Farber -Signed-off-by: Paul Moore ---- - include/seccomp.h.in | 10 ++++++++++ - src/arch-arm-syscalls.c | 24 ++++++++++++------------ - src/arch-syscall-validate | 2 +- - 3 files changed, 23 insertions(+), 13 deletions(-) - -diff --git a/include/seccomp.h.in b/include/seccomp.h.in -index 6a115d1..9a28e4a 100644 ---- a/include/seccomp.h.in -+++ b/include/seccomp.h.in -@@ -1424,6 +1424,16 @@ int seccomp_export_bpf(const scmp_filter_ctx ctx, int fd); - #define __NR_utimes __PNR_utimes - #endif /* __NR_utimes */ - -+#define __PNR_getrlimit -10180 -+#ifndef __NR_getrlimit -+#define __NR_getrlimit __PNR_getrlimit -+#endif /* __NR_utimes */ -+ -+#define __PNR_mmap -10181 -+#ifndef __NR_mmap -+#define __NR_mmap __PNR_mmap -+#endif /* __NR_utimes */ -+ - #ifdef __cplusplus - } - #endif -diff --git a/src/arch-arm-syscalls.c b/src/arch-arm-syscalls.c -index 8876135..b574ccc 100644 ---- a/src/arch-arm-syscalls.c -+++ b/src/arch-arm-syscalls.c -@@ -49,7 +49,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "add_key", (__NR_SYSCALL_BASE + 309) }, - { "adjtimex", (__NR_SYSCALL_BASE + 124) }, - { "afs_syscall", __PNR_afs_syscall }, -- { "alarm", (__NR_SYSCALL_BASE + 27) }, -+ { "alarm", __PNR_alarm }, - { "arm_fadvise64_64", (__NR_SYSCALL_BASE + 270) }, - { "arm_sync_file_range", (__NR_SYSCALL_BASE + 341) }, - { "arch_prctl", __PNR_arch_prctl }, -@@ -156,7 +156,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "getresgid32", (__NR_SYSCALL_BASE + 211) }, - { "getresuid", (__NR_SYSCALL_BASE + 165) }, - { "getresuid32", (__NR_SYSCALL_BASE + 209) }, -- { "getrlimit", (__NR_SYSCALL_BASE + 76) }, -+ { "getrlimit", __PNR_getrlimit }, - { "getrusage", (__NR_SYSCALL_BASE + 77) }, - { "getsid", (__NR_SYSCALL_BASE + 147) }, - { "getsockname", (__NR_SYSCALL_BASE + 286) }, -@@ -183,7 +183,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "iopl", __PNR_iopl }, - { "ioprio_get", (__NR_SYSCALL_BASE + 315) }, - { "ioprio_set", (__NR_SYSCALL_BASE + 314) }, -- { "ipc", (__NR_SYSCALL_BASE + 117) }, -+ { "ipc", __PNR_ipc }, - { "kcmp", (__NR_SYSCALL_BASE + 378) }, - { "kexec_file_load", __PNR_kexec_file_load }, - { "kexec_load", (__NR_SYSCALL_BASE + 347) }, -@@ -215,7 +215,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "mknodat", (__NR_SYSCALL_BASE + 324) }, - { "mlock", (__NR_SYSCALL_BASE + 150) }, - { "mlockall", (__NR_SYSCALL_BASE + 152) }, -- { "mmap", (__NR_SYSCALL_BASE + 90) }, -+ { "mmap", __PNR_mmap }, - { "mmap2", (__NR_SYSCALL_BASE + 192) }, - { "modify_ldt", __PNR_modify_ldt }, - { "mount", (__NR_SYSCALL_BASE + 21) }, -@@ -279,7 +279,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "quotactl", (__NR_SYSCALL_BASE + 131) }, - { "read", (__NR_SYSCALL_BASE + 3) }, - { "readahead", (__NR_SYSCALL_BASE + 225) }, -- { "readdir", (__NR_SYSCALL_BASE + 89) }, -+ { "readdir", __PNR_readdir }, - { "readlink", (__NR_SYSCALL_BASE + 85) }, - { "readlinkat", (__NR_SYSCALL_BASE + 332) }, - { "readv", (__NR_SYSCALL_BASE + 145) }, -@@ -318,7 +318,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "sched_yield", (__NR_SYSCALL_BASE + 158) }, - { "seccomp", (__NR_SYSCALL_BASE + 383) }, - { "security", __PNR_security }, -- { "select", (__NR_SYSCALL_BASE + 82) }, -+ { "select", __PNR_select }, - { "semctl", (__NR_SYSCALL_BASE + 300) }, - { "semget", (__NR_SYSCALL_BASE + 299) }, - { "semop", (__NR_SYSCALL_BASE + 298) }, -@@ -378,7 +378,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "sigreturn", (__NR_SYSCALL_BASE + 119) }, - { "sigsuspend", (__NR_SYSCALL_BASE + 72) }, - { "socket", (__NR_SYSCALL_BASE + 281) }, -- { "socketcall", (__NR_SYSCALL_BASE + 102) }, -+ { "socketcall", __PNR_socketcall }, - { "socketpair", (__NR_SYSCALL_BASE + 288) }, - { "splice", (__NR_SYSCALL_BASE + 340) }, - { "ssetmask", __PNR_ssetmask }, -@@ -386,7 +386,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "stat64", (__NR_SYSCALL_BASE + 195) }, - { "statfs", (__NR_SYSCALL_BASE + 99) }, - { "statfs64", (__NR_SYSCALL_BASE + 266) }, -- { "stime", (__NR_SYSCALL_BASE + 25) }, -+ { "stime", __PNR_stime }, - { "stty", __PNR_stty }, - { "swapoff", (__NR_SYSCALL_BASE + 115) }, - { "swapon", (__NR_SYSCALL_BASE + 87) }, -@@ -396,14 +396,14 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "sync_file_range", __PNR_sync_file_range }, - { "sync_file_range2", (__NR_SYSCALL_BASE + 341) }, - { "syncfs", (__NR_SYSCALL_BASE + 373) }, -- { "syscall", (__NR_SYSCALL_BASE + 113) }, -+ { "syscall", __PNR_syscall }, - { "sysfs", (__NR_SYSCALL_BASE + 135) }, - { "sysinfo", (__NR_SYSCALL_BASE + 116) }, - { "syslog", (__NR_SYSCALL_BASE + 103) }, - { "sysmips", __PNR_sysmips }, - { "tee", (__NR_SYSCALL_BASE + 342) }, - { "tgkill", (__NR_SYSCALL_BASE + 268) }, -- { "time", (__NR_SYSCALL_BASE + 13) }, -+ { "time", __PNR_time }, - { "timer_create", (__NR_SYSCALL_BASE + 257) }, - { "timer_delete", (__NR_SYSCALL_BASE + 261) }, - { "timer_getoverrun", (__NR_SYSCALL_BASE + 260) }, -@@ -421,7 +421,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "ugetrlimit", (__NR_SYSCALL_BASE + 191) }, - { "ulimit", __PNR_ulimit }, - { "umask", (__NR_SYSCALL_BASE + 60) }, -- { "umount", (__NR_SYSCALL_BASE + 22) }, -+ { "umount", __PNR_umount }, - { "umount2", (__NR_SYSCALL_BASE + 52) }, - { "uname", (__NR_SYSCALL_BASE + 122) }, - { "unlink", (__NR_SYSCALL_BASE + 10) }, -@@ -429,7 +429,7 @@ const struct arch_syscall_def arm_syscall_table[] = { \ - { "unshare", (__NR_SYSCALL_BASE + 337) }, - { "uselib", (__NR_SYSCALL_BASE + 86) }, - { "ustat", (__NR_SYSCALL_BASE + 62) }, -- { "utime", (__NR_SYSCALL_BASE + 30) }, -+ { "utime", __PNR_utime }, - { "utimensat", (__NR_SYSCALL_BASE + 348) }, - { "utimes", (__NR_SYSCALL_BASE + 269) }, - { "vfork", (__NR_SYSCALL_BASE + 190) }, -diff --git a/src/arch-syscall-validate b/src/arch-syscall-validate -index 2cbf696..1616c9f 100755 ---- a/src/arch-syscall-validate -+++ b/src/arch-syscall-validate -@@ -146,7 +146,7 @@ function dump_lib_x32() { - # - function dump_sys_arm() { - # NOTE: arm_sync_file_range() and sync_file_range2() share values -- cat $1/arch/arm/include/uapi/asm/unistd.h | \ -+ gcc -E -dM -D __ARM_EABI__ $1/arch/arm/include/uapi/asm/unistd.h | \ - grep "^#define __NR_" | sort | \ - grep -v "^#define __NR_OABI_SYSCALL_BASE" | \ - grep -v "^#define __NR_SYSCALL_BASE" | \ --- -2.1.4 - diff --git a/libseccomp-ppc64le.patch b/libseccomp-ppc64le.patch index 4335c20..6acde44 100644 --- a/libseccomp-ppc64le.patch +++ b/libseccomp-ppc64le.patch @@ -1,8 +1,67 @@ -Index: libseccomp-2.2.0/include/seccomp.h.in +--- + include/seccomp.h | 24 ++++++++++++++++++++++++ + include/seccomp.h.in | 4 ++++ + src/arch-ppc64-syscalls.c | 13 +++++++++++++ + src/arch-ppc64.c | 11 +++++++---- + src/arch-ppc64.h | 12 ++---------- + src/arch-syscall-dump.c | 5 +++++ + src/arch-syscall-validate | 37 ++++++++++++++++++++++++++++++++++++- + src/arch.c | 12 +++++++++++- + src/gen_pfc.c | 2 ++ + tests/16-sim-arch_basic.c | 3 +++ + tests/16-sim-arch_basic.py | 2 ++ + tests/23-sim-arch_all_le_basic.c | 3 +++ + tests/23-sim-arch_all_le_basic.py | 1 + + tests/26-sim-arch_all_be_basic.c | 3 +++ + tests/26-sim-arch_all_be_basic.py | 1 + + tests/regression | 4 ++-- + tools/scmp_arch_detect.c | 3 +++ + tools/scmp_bpf_disasm.c | 4 ++++ + tools/scmp_bpf_sim.c | 10 ++++++---- + tools/util.c | 4 +++- + tools/util.h | 4 ++++ + 21 files changed, 139 insertions(+), 23 deletions(-) + +Index: libseccomp-2.2.1/include/seccomp.h =================================================================== ---- libseccomp-2.2.0.orig/include/seccomp.h.in -+++ libseccomp-2.2.0/include/seccomp.h.in -@@ -169,6 +169,10 @@ struct scmp_arg_cmp { +--- libseccomp-2.2.1.orig/include/seccomp.h ++++ libseccomp-2.2.1/include/seccomp.h +@@ -163,6 +163,30 @@ struct scmp_arg_cmp { + #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32 + + /** ++ * The S390X architecture token ++ */ ++#define SCMP_ARCH_S390X AUDIT_ARCH_S390X ++ ++/** ++ * The S390 architecture token ++ */ ++#define SCMP_ARCH_S390 AUDIT_ARCH_S390 ++ ++/** ++ * The PowerPC architecture token ++ */ ++#define SCMP_ARCH_PPC AUDIT_ARCH_PPC ++ ++/** ++ * The PowerPC64 architecture token ++ */ ++#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 ++#ifndef AUDIT_ARCH_PPC64LE ++#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE ++ ++/** + * Convert a syscall name into the associated syscall number + * @param x the syscall name + */ +Index: libseccomp-2.2.1/include/seccomp.h.in +=================================================================== +--- libseccomp-2.2.1.orig/include/seccomp.h.in ++++ libseccomp-2.2.1/include/seccomp.h.in +@@ -181,6 +181,10 @@ struct scmp_arg_cmp { * The PowerPC64 architecture token */ #define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 @@ -13,10 +72,31 @@ Index: libseccomp-2.2.0/include/seccomp.h.in /** * Convert a syscall name into the associated syscall number -Index: libseccomp-2.2.0/src/arch-ppc64.c +Index: libseccomp-2.2.1/src/arch-ppc64-syscalls.c =================================================================== ---- libseccomp-2.2.0.orig/src/arch-ppc64.c -+++ libseccomp-2.2.0/src/arch-ppc64.c +--- libseccomp-2.2.1.orig/src/arch-ppc64-syscalls.c ++++ libseccomp-2.2.1/src/arch-ppc64-syscalls.c +@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in + + return NULL; + } ++/** ++ * Iterate through the syscall table and return the syscall name ++ * @param spot the offset into the syscall table ++ * ++ * Return the syscall name at position @spot or NULL on failure. This function ++ * should only ever be used internally by libseccomp. ++ * ++ */ ++const char *ppc64_syscall_iterate_name(unsigned int spot) ++{ ++ /* XXX - no safety checks here */ ++ return ppc64_syscall_table[spot].name; ++} +Index: libseccomp-2.2.1/src/arch-ppc64.c +=================================================================== +--- libseccomp-2.2.1.orig/src/arch-ppc64.c ++++ libseccomp-2.2.1/src/arch-ppc64.c @@ -30,9 +30,12 @@ const struct arch_def arch_def_ppc64 = { .token = SCMP_ARCH_PPC64, .token_bpf = AUDIT_ARCH_PPC64, @@ -34,10 +114,10 @@ Index: libseccomp-2.2.0/src/arch-ppc64.c + .size = ARCH_SIZE_64, + .endian = ARCH_ENDIAN_LITTLE, }; -Index: libseccomp-2.2.0/src/arch-ppc64.h +Index: libseccomp-2.2.1/src/arch-ppc64.h =================================================================== ---- libseccomp-2.2.0.orig/src/arch-ppc64.h -+++ libseccomp-2.2.0/src/arch-ppc64.h +--- libseccomp-2.2.1.orig/src/arch-ppc64.h ++++ libseccomp-2.2.1/src/arch-ppc64.h @@ -27,19 +27,11 @@ #include "arch.h" #include "system.h" @@ -60,10 +140,102 @@ Index: libseccomp-2.2.0/src/arch-ppc64.h +const char *ppc64_syscall_iterate_name(unsigned int spot); #endif -Index: libseccomp-2.2.0/src/arch.c +Index: libseccomp-2.2.1/src/arch-syscall-dump.c =================================================================== ---- libseccomp-2.2.0.orig/src/arch.c -+++ libseccomp-2.2.0/src/arch.c +--- libseccomp-2.2.1.orig/src/arch-syscall-dump.c ++++ libseccomp-2.2.1/src/arch-syscall-dump.c +@@ -38,6 +38,7 @@ + #include "arch-mips64.h" + #include "arch-mips64n32.h" + #include "arch-aarch64.h" ++#include "arch-ppc64.h" + + /** + * Print the usage information to stderr and exit +@@ -112,6 +113,10 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_AARCH64: + sys_name = aarch64_syscall_iterate_name(iter); + break; ++ case SCMP_ARCH_PPC64: ++ case SCMP_ARCH_PPC64LE: ++ sys_name = ppc64_syscall_iterate_name(iter); ++ break; + default: + /* invalid arch */ + exit_usage(argv[0]); +Index: libseccomp-2.2.1/src/arch-syscall-validate +=================================================================== +--- libseccomp-2.2.1.orig/src/arch-syscall-validate ++++ libseccomp-2.2.1/src/arch-syscall-validate +@@ -317,6 +317,35 @@ function dump_lib_mips64n32() { + } + + # ++# Dump the ppc64 system syscall table ++# ++# Arguments: ++# 1 path to the kernel source ++# ++# Dump the architecture's syscall table to stdout. ++# ++function dump_sys_ppc64() { ++ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \ ++ grep "^#define __NR_" | sort | \ ++ grep -v "^#define __NR_O32_" | \ ++ grep -v "^#define __NR_N32_" | \ ++ grep -v "^#define __NR_64_" | \ ++ grep -v "^#define __NR_Linux" | \ ++ grep -v "^#define __NR_unused" | \ ++ grep -v "^#define __NR_reserved" | \ ++ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' ++} ++ ++# ++# Dump the ppc64 library syscall table ++# ++# Dump the library's syscall table to stdout. ++# ++function dump_lib_ppc64() { ++ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d' ++} ++ ++# + # Dump the system syscall table + # + # Arguments: +@@ -351,6 +380,9 @@ function dump_sys() { + mips64n32) + dump_sys_mips64n32 "$2" + ;; ++ ppc64) ++ dump_sys_ppc64 "$2" ++ ;; + *) + echo "" + ;; +@@ -391,6 +423,9 @@ function dump_lib() { + mips64n32) + dump_lib_mips64n32 "$2" + ;; ++ ppc64) ++ dump_lib_ppc64 "$2" ++ ;; + *) + echo "" + ;; +@@ -427,7 +462,7 @@ shift $(($OPTIND - 1)) + + # defaults + if [[ $arches == "" ]]; then +- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32" ++ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64" + fi + + # sanity checks +Index: libseccomp-2.2.1/src/arch.c +=================================================================== +--- libseccomp-2.2.1.orig/src/arch.c ++++ libseccomp-2.2.1/src/arch.c @@ -82,8 +82,10 @@ const struct arch_def *arch_def_native = const struct arch_def *arch_def_native = &arch_def_s390; #elif __s390x__ @@ -112,10 +284,10 @@ Index: libseccomp-2.2.0/src/arch.c return ppc64_syscall_resolve_num(num); case SCMP_ARCH_PPC: return ppc_syscall_resolve_num(num); -Index: libseccomp-2.2.0/src/gen_pfc.c +Index: libseccomp-2.2.1/src/gen_pfc.c =================================================================== ---- libseccomp-2.2.0.orig/src/gen_pfc.c -+++ libseccomp-2.2.0/src/gen_pfc.c +--- libseccomp-2.2.1.orig/src/gen_pfc.c ++++ libseccomp-2.2.1/src/gen_pfc.c @@ -79,6 +79,8 @@ static const char *_pfc_arch(const struc return "ppc"; case SCMP_ARCH_PPC64: @@ -125,10 +297,104 @@ Index: libseccomp-2.2.0/src/gen_pfc.c default: return "UNKNOWN"; } -Index: libseccomp-2.2.0/tools/scmp_arch_detect.c +Index: libseccomp-2.2.1/tests/16-sim-arch_basic.c =================================================================== ---- libseccomp-2.2.0.orig/tools/scmp_arch_detect.c -+++ libseccomp-2.2.0/tools/scmp_arch_detect.c +--- libseccomp-2.2.1.orig/tests/16-sim-arch_basic.c ++++ libseccomp-2.2.1/tests/16-sim-arch_basic.c +@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.1/tests/16-sim-arch_basic.py +=================================================================== +--- libseccomp-2.2.1.orig/tests/16-sim-arch_basic.py ++++ libseccomp-2.2.1/tests/16-sim-arch_basic.py +@@ -39,6 +39,8 @@ def test(args): + f.add_arch(Arch("mipsel")) + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64")) ++ f.add_arch(Arch("ppc64le")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.c +=================================================================== +--- libseccomp-2.2.1.orig/tests/23-sim-arch_all_le_basic.c ++++ libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.c +@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32")); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.py +=================================================================== +--- libseccomp-2.2.1.orig/tests/23-sim-arch_all_le_basic.py ++++ libseccomp-2.2.1/tests/23-sim-arch_all_le_basic.py +@@ -39,6 +39,7 @@ def test(args): + f.add_arch(Arch("mipsel")) + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) ++ f.add_arch(Arch("ppc64le")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.c +=================================================================== +--- libseccomp-2.2.1.orig/tests/26-sim-arch_all_be_basic.c ++++ libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.c +@@ -52,6 +52,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); + if (rc != 0) + goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64")); ++ if (rc != 0) ++ goto out; + + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, + SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); +Index: libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.py +=================================================================== +--- libseccomp-2.2.1.orig/tests/26-sim-arch_all_be_basic.py ++++ libseccomp-2.2.1/tests/26-sim-arch_all_be_basic.py +@@ -33,6 +33,7 @@ def test(args): + f.add_arch(Arch("mips")) + f.add_arch(Arch("mips64")) + f.add_arch(Arch("mips64n32")) ++ f.add_arch(Arch("ppc64")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +Index: libseccomp-2.2.1/tests/regression +=================================================================== +--- libseccomp-2.2.1.orig/tests/regression ++++ libseccomp-2.2.1/tests/regression +@@ -21,8 +21,8 @@ + # along with this library; if not, see . + # + +-GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32" +-GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32" ++GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le" ++GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64" + + GLBL_SYS_ARCH="../tools/scmp_arch_detect" + GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver" +Index: libseccomp-2.2.1/tools/scmp_arch_detect.c +=================================================================== +--- libseccomp-2.2.1.orig/tools/scmp_arch_detect.c ++++ libseccomp-2.2.1/tools/scmp_arch_detect.c @@ -111,6 +111,9 @@ int main(int argc, char *argv[]) case SCMP_ARCH_PPC64: printf("ppc64\n"); @@ -139,10 +405,25 @@ Index: libseccomp-2.2.0/tools/scmp_arch_detect.c default: printf("unknown\n"); } -Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c +Index: libseccomp-2.2.1/tools/scmp_bpf_disasm.c =================================================================== ---- libseccomp-2.2.0.orig/tools/scmp_bpf_sim.c -+++ libseccomp-2.2.0/tools/scmp_bpf_sim.c +--- libseccomp-2.2.1.orig/tools/scmp_bpf_disasm.c ++++ libseccomp-2.2.1/tools/scmp_bpf_disasm.c +@@ -334,6 +334,10 @@ int main(int argc, char *argv[]) + arch = AUDIT_ARCH_MIPS64N32; + else if (strcmp(optarg, "mipsel64n32") == 0) + arch = AUDIT_ARCH_MIPSEL64N32; ++ else if (strcmp(optarg, "ppc64") == 0) ++ arch = AUDIT_ARCH_PPC64; ++ else if (strcmp(optarg, "ppc64le") == 0) ++ arch = AUDIT_ARCH_PPC64LE; + else + exit_usage(argv[0]); + break; +Index: libseccomp-2.2.1/tools/scmp_bpf_sim.c +=================================================================== +--- libseccomp-2.2.1.orig/tools/scmp_bpf_sim.c ++++ libseccomp-2.2.1/tools/scmp_bpf_sim.c @@ -250,13 +250,15 @@ int main(int argc, char *argv[]) else if (strcmp(optarg, "mipsel64n32") == 0) arch = AUDIT_ARCH_MIPSEL64N32; @@ -163,10 +444,10 @@ Index: libseccomp-2.2.0/tools/scmp_bpf_sim.c else exit_fault(EINVAL); break; -Index: libseccomp-2.2.0/tools/util.c +Index: libseccomp-2.2.1/tools/util.c =================================================================== ---- libseccomp-2.2.0.orig/tools/util.c -+++ libseccomp-2.2.0/tools/util.c +--- libseccomp-2.2.1.orig/tools/util.c ++++ libseccomp-2.2.1/tools/util.c @@ -66,8 +66,10 @@ #define ARCH_NATIVE AUDIT_ARCH_S390 #elif __s390x__ @@ -179,47 +460,12 @@ Index: libseccomp-2.2.0/tools/util.c #elif __powerpc__ #define ARCH_NATIVE AUDIT_ARCH_PPC #else -Index: libseccomp-2.2.0/include/seccomp.h +Index: libseccomp-2.2.1/tools/util.h =================================================================== ---- libseccomp-2.2.0.orig/include/seccomp.h -+++ libseccomp-2.2.0/include/seccomp.h -@@ -151,6 +151,30 @@ struct scmp_arg_cmp { - #define SCMP_ARCH_MIPSEL64N32 AUDIT_ARCH_MIPSEL64N32 - - /** -+ * The S390X architecture token -+ */ -+#define SCMP_ARCH_S390X AUDIT_ARCH_S390X -+ -+/** -+ * The S390 architecture token -+ */ -+#define SCMP_ARCH_S390 AUDIT_ARCH_S390 -+ -+/** -+ * The PowerPC architecture token -+ */ -+#define SCMP_ARCH_PPC AUDIT_ARCH_PPC -+ -+/** -+ * The PowerPC64 architecture token -+ */ -+#define SCMP_ARCH_PPC64 AUDIT_ARCH_PPC64 -+#ifndef AUDIT_ARCH_PPC64LE -+#define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) -+#endif -+#define SCMP_ARCH_PPC64LE AUDIT_ARCH_PPC64LE -+ -+/** - * Convert a syscall name into the associated syscall number - * @param x the syscall name - */ -Index: libseccomp-2.2.0/tools/util.h -=================================================================== ---- libseccomp-2.2.0.orig/tools/util.h -+++ libseccomp-2.2.0/tools/util.h -@@ -47,6 +47,10 @@ - #define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) +--- libseccomp-2.2.1.orig/tools/util.h ++++ libseccomp-2.2.1/tools/util.h +@@ -63,6 +63,10 @@ + __AUDIT_ARCH_CONVENTION_MIPS64_N32) #endif +#ifndef AUDIT_ARCH_PPC64LE @@ -229,225 +475,3 @@ Index: libseccomp-2.2.0/tools/util.h extern uint32_t arch; void exit_usage(const char *program); -Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c -=================================================================== ---- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.c -+++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.c -@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) - rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mipsel64n32")); - if (rc != 0) - goto out; -+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); -+ if (rc != 0) -+ goto out; - - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, - SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); -Index: libseccomp-2.2.0/tests/16-sim-arch_basic.c -=================================================================== ---- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.c -+++ libseccomp-2.2.0/tests/16-sim-arch_basic.c -@@ -68,6 +68,9 @@ int main(int argc, char *argv[]) - rc = seccomp_arch_add(ctx, SCMP_ARCH_MIPSEL64N32); - if (rc != 0) - goto out; -+ rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); -+ if (rc != 0) -+ goto out; - - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, - SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); -Index: libseccomp-2.2.0/src/arch-syscall-dump.c -=================================================================== ---- libseccomp-2.2.0.orig/src/arch-syscall-dump.c -+++ libseccomp-2.2.0/src/arch-syscall-dump.c -@@ -38,6 +38,7 @@ - #include "arch-mips64.h" - #include "arch-mips64n32.h" - #include "arch-aarch64.h" -+#include "arch-ppc64.h" - - /** - * Print the usage information to stderr and exit -@@ -112,6 +113,10 @@ int main(int argc, char *argv[]) - case SCMP_ARCH_AARCH64: - sys_name = aarch64_syscall_iterate_name(iter); - break; -+ case SCMP_ARCH_PPC64: -+ case SCMP_ARCH_PPC64LE: -+ sys_name = ppc64_syscall_iterate_name(iter); -+ break; - default: - /* invalid arch */ - exit_usage(argv[0]); -Index: libseccomp-2.2.0/src/arch-ppc64-syscalls.c -=================================================================== ---- libseccomp-2.2.0.orig/src/arch-ppc64-syscalls.c -+++ libseccomp-2.2.0/src/arch-ppc64-syscalls.c -@@ -425,3 +425,16 @@ const char *ppc64_syscall_resolve_num(in - - return NULL; - } -+/** -+ * Iterate through the syscall table and return the syscall name -+ * @param spot the offset into the syscall table -+ * -+ * Return the syscall name at position @spot or NULL on failure. This function -+ * should only ever be used internally by libseccomp. -+ * -+ */ -+const char *ppc64_syscall_iterate_name(unsigned int spot) -+{ -+ /* XXX - no safety checks here */ -+ return ppc64_syscall_table[spot].name; -+} -Index: libseccomp-2.2.0/tests/16-sim-arch_basic.py -=================================================================== ---- libseccomp-2.2.0.orig/tests/16-sim-arch_basic.py -+++ libseccomp-2.2.0/tests/16-sim-arch_basic.py -@@ -39,6 +39,8 @@ def test(args): - f.add_arch(Arch("mipsel")) - f.add_arch(Arch("mipsel64")) - f.add_arch(Arch("mipsel64n32")) -+ f.add_arch(Arch("ppc64")) -+ f.add_arch(Arch("ppc64le")) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) -Index: libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py -=================================================================== ---- libseccomp-2.2.0.orig/tests/23-sim-arch_all_le_basic.py -+++ libseccomp-2.2.0/tests/23-sim-arch_all_le_basic.py -@@ -39,6 +39,7 @@ def test(args): - f.add_arch(Arch("mipsel")) - f.add_arch(Arch("mipsel64")) - f.add_arch(Arch("mipsel64n32")) -+ f.add_arch(Arch("ppc64le")) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) -Index: libseccomp-2.2.0/tools/scmp_bpf_disasm.c -=================================================================== ---- libseccomp-2.2.0.orig/tools/scmp_bpf_disasm.c -+++ libseccomp-2.2.0/tools/scmp_bpf_disasm.c -@@ -334,6 +334,10 @@ int main(int argc, char *argv[]) - arch = AUDIT_ARCH_MIPS64N32; - else if (strcmp(optarg, "mipsel64n32") == 0) - arch = AUDIT_ARCH_MIPSEL64N32; -+ else if (strcmp(optarg, "ppc64") == 0) -+ arch = AUDIT_ARCH_PPC64; -+ else if (strcmp(optarg, "ppc64le") == 0) -+ arch = AUDIT_ARCH_PPC64LE; - else - exit_usage(argv[0]); - break; -Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c -=================================================================== ---- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.c -+++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.c -@@ -52,6 +52,9 @@ int main(int argc, char *argv[]) - rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); - if (rc != 0) - goto out; -+ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64")); -+ if (rc != 0) -+ goto out; - - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 1, - SCMP_A0(SCMP_CMP_EQ, STDIN_FILENO)); -Index: libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py -=================================================================== ---- libseccomp-2.2.0.orig/tests/26-sim-arch_all_be_basic.py -+++ libseccomp-2.2.0/tests/26-sim-arch_all_be_basic.py -@@ -33,6 +33,7 @@ def test(args): - f.add_arch(Arch("mips")) - f.add_arch(Arch("mips64")) - f.add_arch(Arch("mips64n32")) -+ f.add_arch(Arch("ppc64")) - f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) - f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) -Index: libseccomp-2.2.0/src/arch-syscall-validate -=================================================================== ---- libseccomp-2.2.0.orig/src/arch-syscall-validate -+++ libseccomp-2.2.0/src/arch-syscall-validate -@@ -303,6 +303,35 @@ function dump_lib_mips64n32() { - } - - # -+# Dump the ppc64 system syscall table -+# -+# Arguments: -+# 1 path to the kernel source -+# -+# Dump the architecture's syscall table to stdout. -+# -+function dump_sys_ppc64() { -+ gcc -E -dM -I$1/arch/powerpc/include/uapi $1/arch/powerpc/include/uapi/asm/unistd.h | \ -+ grep "^#define __NR_" | sort | \ -+ grep -v "^#define __NR_O32_" | \ -+ grep -v "^#define __NR_N32_" | \ -+ grep -v "^#define __NR_64_" | \ -+ grep -v "^#define __NR_Linux" | \ -+ grep -v "^#define __NR_unused" | \ -+ grep -v "^#define __NR_reserved" | \ -+ sed -e 's/#define[ \t]\+__NR_\([^ \t]\+\)[ \t]\+(__NR_Linux[ \t]*+[ \t]*\([0-9]\+\)).*/\1\t\2/' -+} -+ -+# -+# Dump the ppc64 library syscall table -+# -+# Dump the library's syscall table to stdout. -+# -+function dump_lib_ppc64() { -+ $LIB_SYS_DUMP -a ppc64 | sed -e '/[^\t]\+\t-[0-9]\+/d' -+} -+ -+# - # Dump the system syscall table - # - # Arguments: -@@ -337,6 +366,9 @@ function dump_sys() { - mips64n32) - dump_sys_mips64n32 "$2" - ;; -+ ppc64) -+ dump_sys_ppc64 "$2" -+ ;; - *) - echo "" - ;; -@@ -377,6 +409,9 @@ function dump_lib() { - mips64n32) - dump_lib_mips64n32 "$2" - ;; -+ ppc64) -+ dump_lib_ppc64 "$2" -+ ;; - *) - echo "" - ;; -@@ -413,7 +448,7 @@ shift $(($OPTIND - 1)) - - # defaults - if [[ $arches == "" ]]; then -- arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32" -+ arches="x86 x86_64 x32 arm aarch64 mips mips64 mips64n32 ppc64" - fi - - # sanity checks -Index: libseccomp-2.2.0/tests/regression -=================================================================== ---- libseccomp-2.2.0.orig/tests/regression -+++ libseccomp-2.2.0/tests/regression -@@ -21,8 +21,8 @@ - # along with this library; if not, see . - # - --GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32" --GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32" -+GLBL_ARCH_LE_SUPPORT="x86 x86_64 x32 arm aarch64 mipsel mipsel64 mipsel64n32 ppc64le" -+GLBL_ARCH_BE_SUPPORT="mips mips64 mips64n32 ppc64" - - GLBL_SYS_ARCH="../tools/scmp_arch_detect" - GLBL_SYS_RESOLVER="../tools/scmp_sys_resolver" diff --git a/libseccomp.changes b/libseccomp.changes index 27fca77..610932b 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat May 30 10:20:06 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 2.2.1 +* Fix a problem with syscall argument filtering on 64-bit systems +* Fix some problems with the 32-bit ARM syscall table +- Drop 0001-tools-add-the-missing-elf.h-header-file.patch, + libseccomp-arm-syscall-fixes.patch + (applied upstream) + ------------------------------------------------------------------- Mon Apr 13 15:05:05 UTC 2015 - dvaleev@suse.com diff --git a/libseccomp.spec b/libseccomp.spec index 832dbbe..ed75365 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -18,7 +18,7 @@ Name: libseccomp %define lname libseccomp2 -Version: 2.2.0 +Version: 2.2.1 Release: 0 Summary: An enhanced Seccomp (mode 2) helper library License: LGPL-2.1 @@ -29,9 +29,7 @@ Url: http://github.com/seccomp Source: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/%name-%version.tar.gz.SHA256SUM.asc Patch1: no-static.diff -Patch2: 0001-tools-add-the-missing-elf.h-header-file.patch Patch3: libseccomp-s390x-support.patch -Patch4: libseccomp-arm-syscall-fixes.patch Patch5: libseccomp-ppc64le.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf @@ -100,7 +98,7 @@ This subpackage contains debug utilities for the seccomp interface. %prep %setup -q -%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 +%patch -P 1 -P 3 -P 5 -p1 %build autoreconf -fi