diff --git a/libseccomp-2.5.0.tar.gz b/libseccomp-2.5.0.tar.gz deleted file mode 100644 index bb59156..0000000 --- a/libseccomp-2.5.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ffa7038d2720ad191919816db3479295a4bcca1ec14e02f672539f4983014f3 -size 638793 diff --git a/libseccomp-2.5.0.tar.gz.asc b/libseccomp-2.5.0.tar.gz.asc deleted file mode 100644 index dd458cd..0000000 --- a/libseccomp-2.5.0.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEES0KozwfymdVUl37v6iDy2pc3iXMFAl8V6OcACgkQ6iDy2pc3 -iXPwsRAAn1lwUBaMNoh8xdpfvD03KWRoj6qZBREn4vEhT583qW49QSoucd7YuI84 -wukM87hadGv/0jRNWqopBHYedFwmr38ApkftRl5sp0KaG+5c8n6USUAvcQ92h/gV -Iduik0fytd9h/XeQqoL3tkLL+YqRaWPNucK1Osu5FGcAjLgon0Vh/S2sILhrVF9k -7uISL10aGKiCEWYyDsMrmFe72W6BHZNlwYeFT2Tu8TKyh3qB500zj8IV9VV0EiHJ -3H8w4z3V+zEJOQOI9gyELQsFvKP5qHQZvkHv16L+mKDiHp8WjNF13T7OIpJJ9Ur/ -NqWcRzJ2VJA/EIKsQFTvyk4Mclx/viyNPTdTMvExFWAInPebxqDwqY1LYq+ZmU1s -q/rGl1WKMdcFZsWj7sSAxqo9KQiObgjk3uAc4IdyTm97wFwLrcLDB90TH1DP0zZp -5z2nNBZeegav1bKnm2aU1h2BTT8bHIRfQZO7912ITiPXbpvWVdvJSUlcwZtnv3yC -uB5WgemZZR+29rLCC6jCFr7fxRO7eKJhy+klDxFKqicn6MX5hKkyE1oDeM/PNYtD -8hy2Rn2zfwjkyMeAlNIBpKrJYS1XHg1O7Bfd0OEwpH9cFxdLodnOqxm++0AgXol/ -PzuaOI8AnOLYO87oYH3D808+80nnZFKi9RRkOzfetOgeKBsWdCE= -=0Ew0 ------END PGP SIGNATURE----- diff --git a/libseccomp-2.5.1.tar.gz b/libseccomp-2.5.1.tar.gz new file mode 100644 index 0000000..61413bd --- /dev/null +++ b/libseccomp-2.5.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ee307e383c77aa7995abc5ada544d51c9723ae399768a97667d4cdb3c3a30d55 +size 638811 diff --git a/libseccomp-2.5.1.tar.gz.asc b/libseccomp-2.5.1.tar.gz.asc new file mode 100644 index 0000000..6f5afb3 --- /dev/null +++ b/libseccomp-2.5.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEER6aPzjfH1wJP1l4RNWzmLCtSQJkFAl+zEjYACgkQNWzmLCtS +QJlb0w/+NWl66HL4eGEqhPjAo2v8hM0MFIuOyC4Y8mD8jHYVokwNOwSPX02LgsEC +uZcdRxo8cuokPc/4tAUWuRBt8wggAAupVOsp8ris8uFRcGDxQzuhO0LxreJUYljN +sqLScDQgVlP2cEIWxzygj8/wOkAxjXf4UuZ/tY9/swBjD7SKuSC28hsyFUr/zlCq +npqMTO/ozPymtMX1wm8fbICAxQ2GVsA51UFm8lgBQ7FOo9TLeMLZaOAQPGB8e3Xr +/YmSwKBwtQlYgmg4ksJKBzXR5z0HEaU5zvGJgyHcUWbYVwbLcRYQwDilQO6HcSmL +8YRXoH38lSZfmKZpIgh6xI9/uJY43KEBD1+EODB+xjXZjvFRPIacc2uoDMluLC7O +NUEPV3Gq7ioMAYuBI662zTgD5vCLCNCtyqyWh3QUkBrgne0fnfQL1P5H1Ujvkbwk +P0X3A/AOC+X+aEFbdC9fzBa0cnc7AyjGGkLVFSYD+2qhL63h5zFrJo7rRylug8Ce +FTM8TtjKSeHk5O7DLVEw60nC6AY4ocVy+CIEW1wBytwIBsdgcY52FAjfEoNOSI6/ +igB2xxVjEjzECq+oIApjFKp59kmb+C08Z+8EExr8BaHzQZU0tq35ur7cZqyxh/Ot +gwcMSmAYGleZTCYkOKOa8GzaTvoiDUEB4VClguACP5BzWoJGAlQ= +=wT8z +-----END PGP SIGNATURE----- diff --git a/libseccomp.changes b/libseccomp.changes index 60581e3..a46850c 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sat Nov 21 16:59:46 UTC 2020 - Dirk Mueller + +- update to 2.5.1: + * Fix a bug where seccomp_load() could only be called once + * Change the notification fd handling to only request a notification fd if + * the filter has a _NOTIFY action + * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage + * Clarify the maintainers' GPG keys +- remove testsuite-riscv64-missing-syscalls.patch + ------------------------------------------------------------------- Wed Sep 9 13:49:55 UTC 2020 - Dominique Leuenberger diff --git a/libseccomp.keyring b/libseccomp.keyring index ab72b2a..a0fa211 100644 --- a/libseccomp.keyring +++ b/libseccomp.keyring @@ -668,6 +668,53 @@ vfBg/wCK92wJ26L3rzU42scKTvCpTDS4QDamLRoxZYbnBn0I1TsTlNHN0C9cASeb NGzZbc+QvC6gkaaoyXON79wn0PyGc6mfoOdcCVloDfcAI+tnaA+MeiZVYNewGZul kaBkI7Jcg1LgRN2bWXdl16XOz/625n2UAnK9VtYfJqAZJ21Nnjo4v3FC4BjN2PFu Vd0cDYA+yBRwyq9SNfT8gRDK/kJPilR6bMNPUsTraiR3Y7Ssczq4C9Kxvp9FWMen -Zdi7eA== -=qH7J +Zdi7eJkCDQRdwuAJARAA0MaeI38Zmyd7f2binLFeCcRvJobhlwZMzAdJNrhlCwqW +OMoe3bDeDwVOz7h4FDJMSZyZW4NMVUdp7sdtCDc66GJ/Mc0Xvo0pik1tH07zR/jc +cq+JPioKplWQnH8r8F7i+yDnxuZbnP6ElyVetrvixz/PdXVXCZVTdBH/YuUs/YkZ +JDFJJ8KE6zivatZ2TTgPl6CzIQiHcliD8eoxZj8X2aYBCcOmCHsjkkSD2LR+LcLg +4+dG80Lk030N6YfRXXF1S2MD9wWsr3xWrBocienGqlVvRqTA2vzj77XjZrdlm6mk +YHF/QlljiqJ4RapGlgF49JWBZDOuQ080lCqTbaIdjEVQO6shmds5R6HDVkqZUPFS +ZZcunIfTveVBF5UiCRcQIv+zQTbhvwnpB0McUGYXbJVHuyyLLo5SkvBctG6WLEwz +2/4Pq1LiB1gjoRAvgdKjmFRH/sHHPY00I2X+jT98yFeHTvjHPRlU/ndys9MtdYNT +jdG/Nqstjjb0crNTZqlwtrwp18ygkOlEx0WLfhHVdJ5aOfRvpaJQp0/LdbFu3s7g +cgOM1jCOoS8pNDS2/McDyvQU+99kRoc22u2uxGgK0wbDwN61rzmwtZEFkmsPrpXu +a5p0y+UOCcN6g4YDPW9gYN4S2D+f1FNCDau5Kx+Ndyop9AtvU9WjZi3zE35kuRMA +EQEAAbQmVG9tIEhyb21hdGthIDx0b20uaHJvbWF0a2FAb3JhY2xlLmNvbT6JAk4E +EwEIADgWIQRHpo/ON8fXAk/WXhE1bOYsK1JAmQUCXcLgCQIbAwULCQgHAgYVCgkI +CwIEFgIDAQIeAQIXgAAKCRA1bOYsK1JAmTS9D/9yhcq1l1uaLj7gM1njDFGa0Jss +99U+9IlUkvD7T1m/EtkMUHc4KXVT678U/sH6ucyW3c91+bj73Tl1Hsr9GwEEamEF +V/7ZM9dM7uvpvgYMdB+iOV5PRexA72oNRAw7PwQ0i4fVW7E5ZUmjaS4RY0kY9HVZ +hNQ4GlA1+Reup6WDIEiLKbAIxCNTGdTw2EH4aMsRDIs9JXdeMr+hxO4QT3pHEFtp +gFs5aWZoMPTVSHKkoct85yTRhqUFGyxLRm67/8ETDVoxljycnxOXSw75H0I63bE0 +Vr+fknef8938KdBvHVKtYlnnoLuphXtCkSwec95XHPkCUpVnrcsqGFjoatSc59EB +42pGadjW+K7aff2/U3Ybw+XDo6bBApi+ajK4tZp/4+BetwBuMi0GmK8MI1sw3M/o +0PMDbspe3F0BQ+lGG8sAtbQvQxNFaaVdpzoq7Uzj8/PnrVzMerIONEkyeHW2J/4C +S4YsnEmlAKhpEh6QtuBW3L5FcCs+TAVGLixIDR90cjSlYJ2+SVmaHxO3oTlQnPlQ +JszMqG4xPu9RUV5T3Zqg/4puL2A7Ks29ecF+/VbF6iNG4o/sVWGkexqEG031UNGu +n+rJVnsej5ijp2U43yy+7BLtSYQLXqpSPSNDZTSQRf8t9k+pUKTvtwiRoWPtq0og +qZyN9TTLrAJHLn58arkCDQRdwuAJARAAvUXjs2H+p68ky5/JRoOjNJKTF9z+7/Bp +TldYWfIUw5VBE6aPscUdxbzY1hAzcrmsAqbzc/D7tziqsSgyIr8lXSTRHN9+YJbD +GOwZgHry7wLcn429Kzszl6i34XbJ9dPDa+gIvpZDLPMZStocRiN6qQx8yJjmJoVg ++CdfNYMZY+Rmo/HzslfCWb32OgGXHotrc5Zh6Y/Ukoeyufba1GbWlA5Y1HlQBD+C +n1NbCxGMtwVM0vnm+EMNbZXrovvPRPyeMz64MMLi4OTlPknE4oH2xBf9OTDFAMko +ionioafCBbE+NfhVzpaLQZdMM+iW6OB8TbWOT7a6b+gTqwZWH4X4WXgDZOPsuTpy +6kY44E739afQh5rILOrMf5ZDcl6c6MSkfPUc8R8Z64FAE0mvNCSvaP9LT2ZDd9xy +iZZEp3T0BDOLi607CMbzbAUjjyCgtPbIjG2wXiNLfNdT9aTIfM7050ZdhUkI4rpi +6FYa/scWdsFoj8c7VUJDC7rll5M3MUFH7sOZxEAh/lnamCjZleq8NpFOo9dKtJL7 +7KVjzE27CP7wWNysoj9RfHU6F4sLpTU9VNOTRidtGG8xB52BCmrQavWSCy8et3PH +i2elaaZABNGZZoLDr5/syHL/NT+MfZgy77qkzs0Y/0bgwGOqiR7iAqbFdxeQNN8/ +Z3v2fbtJsEsAEQEAAYkCNgQYAQgAIBYhBEemj843x9cCT9ZeETVs5iwrUkCZBQJd +wuAJAhsMAAoJEDVs5iwrUkCZIkAP/AptO20H9hSCk3cERAiTu6b6bnN8xNV7Eri8 +ruNKqbFl9uC5fe0u3KTiu6zdo0melA6F6TYF1Yjs5mucogvhjulFFsa/MRPwg13r +msMR1LdF65/lEJ1rIq7K2Yn41T5F6Lu9UDPpGkPal8uJYjqUWiY3/Ae4s94pYDFA +ApzHMDlZ/o27MC0KTXrbCpPr6y8EJSCz5FnChsSLtSK6NxO1qCD6Ixx7U+wqO5kk +c2jSNNFVO4zMGcFxUC/yG3hrCpWgMsYdQc0S5y3TzfIcYmLRKtiBuulKtxJooLcD +r4dOnf0Iv4AR+glsXWoUZOx8AE8qzb2433bszZ4RfpTwN/YiqyOfiBmrCui6fR5J +VCQ9EPSSu8mnP3FI+S6bWPzwRQu3iShyS8qIZr5V2IEUngFxJu7hqVOZP41GQzOG +daOSW6IjVUKKg1rOog2CW/NnEYyipbwtndpRSsbQTkd8SWVFLCKaEK7LcZ9SwOQ3 +AaLD73fSEsiGbN/FMiTU89OxlHnRKXhN2IS5HrHOp9oi/Q9mI8/0uADbpMZfWGQ1 +vhBUvC7U3IbytdTh1rm71sVhVe7cSxZpAWEMJNpKwotjFYLkWRo/G6Hao7ctR/GT +HwOTWMACnskJrJkx6jZkdVrP3HUAle/t6vUbq5VLWNQFcceC7Z0tehl/jlQsm1s2 +ytbqi636 +=l1C4 -----END PGP PUBLIC KEY BLOCK----- diff --git a/libseccomp.spec b/libseccomp.spec index c643e7b..5f1a5fa 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -1,7 +1,7 @@ # # spec file for package libseccomp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define lname libseccomp2 Name: libseccomp -Version: 2.5.0 +Version: 2.5.1 Release: 0 Summary: A Seccomp (mode 2) helper library License: LGPL-2.1-only @@ -28,7 +28,6 @@ Source: https://github.com/seccomp/libseccomp/releases/download/v%versio Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/libseccomp-%version.tar.gz.asc Source3: %name.keyring Source99: baselibs.conf -Patch: testsuite-riscv64-missing-syscalls.patch BuildRequires: autoconf BuildRequires: automake >= 1.11 BuildRequires: fdupes @@ -51,16 +50,6 @@ syscall filtering mechanism, seccomp. The libseccomp API abstracts away the underlying BPF-based syscall filter language and presents a more conventional function-call based filtering interface. -%package -n python-%name -Summary: Python bindings for Seccomp (mode 2) -Group: Development/Languages/Python - -%description -n python-%name -The libseccomp library provides an interface to the Linux Kernel's -syscall filtering mechanism, seccomp. The libseccomp API abstracts -away the underlying BPF-based syscall filter language and presents a -more conventional function-call based filtering interface. - %package devel Summary: Development files for libseccomp, an enhanced Seccomp (mode 2) helper library Group: Development/Libraries/C and C++ diff --git a/testsuite-riscv64-missing-syscalls.patch b/testsuite-riscv64-missing-syscalls.patch deleted file mode 100644 index d4b447d..0000000 --- a/testsuite-riscv64-missing-syscalls.patch +++ /dev/null @@ -1,141 +0,0 @@ -From cc580a514f05a7fc1f412f66ed002dd8aee89618 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Tue, 18 Aug 2020 15:59:54 +0200 -Subject: [PATCH] tests: use openat and fstat instead of open and stat syscalls - in tests 04 and 06 - -Architectures like aarch64 and riscv64, and all future architectures that -use the generic syscall table, do not support the open and stat syscalls. -Use the openat and fstat syscalls instead. - -Signed-off-by: Andreas Schwab -Acked-by: Tom Hromatka -Signed-off-by: Paul Moore -(imported from commit a317fabc1fd915f19f7e7326bf7dcb77493f1210) ---- - tests/04-sim-multilevel_chains.c | 2 +- - tests/04-sim-multilevel_chains.py | 2 +- - tests/04-sim-multilevel_chains.tests | 8 +++++--- - tests/06-sim-actions.c | 4 ++-- - tests/06-sim-actions.py | 4 ++-- - tests/06-sim-actions.tests | 16 +++++++++------- - 6 files changed, 20 insertions(+), 16 deletions(-) - -diff --git a/tests/04-sim-multilevel_chains.c b/tests/04-sim-multilevel_chains.c -index a660b40..e3e4f9b 100644 ---- a/tests/04-sim-multilevel_chains.c -+++ b/tests/04-sim-multilevel_chains.c -@@ -41,7 +41,7 @@ int main(int argc, char *argv[]) - if (ctx == NULL) - return ENOMEM; - -- rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0); -+ rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0); - if (rc != 0) - goto out; - -diff --git a/tests/04-sim-multilevel_chains.py b/tests/04-sim-multilevel_chains.py -index bcf1ee4..a5127a2 100755 ---- a/tests/04-sim-multilevel_chains.py -+++ b/tests/04-sim-multilevel_chains.py -@@ -30,7 +30,7 @@ from seccomp import * - - def test(args): - f = SyscallFilter(KILL) -- f.add_rule(ALLOW, "open") -+ f.add_rule(ALLOW, "openat") - f.add_rule(ALLOW, "close") - f.add_rule(ALLOW, "read", - Arg(0, EQ, sys.stdin.fileno()), -diff --git a/tests/04-sim-multilevel_chains.tests b/tests/04-sim-multilevel_chains.tests -index 6613f9a..b6f7576 100644 ---- a/tests/04-sim-multilevel_chains.tests -+++ b/tests/04-sim-multilevel_chains.tests -@@ -8,7 +8,7 @@ - test type: bpf-sim - - # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result --04-sim-multilevel_chains all,-aarch64 open 0x856B008 4 N N N N ALLOW -+04-sim-multilevel_chains all openat 0 0x856B008 4 N N N ALLOW - 04-sim-multilevel_chains all close 4 N N N N N ALLOW - 04-sim-multilevel_chains x86 read 0 0x856B008 0x7FFFFFFE N N N ALLOW - 04-sim-multilevel_chains x86_64 read 0 0x856B008 0x7FFFFFFFFFFFFFFE N N N ALLOW -@@ -27,9 +27,11 @@ test type: bpf-sim - 04-sim-multilevel_chains all rt_sigreturn N N N N N N ALLOW - 04-sim-multilevel_chains x86 0-2 N N N N N N KILL - 04-sim-multilevel_chains x86 7-172 N N N N N N KILL --04-sim-multilevel_chains x86 174-350 N N N N N N KILL -+04-sim-multilevel_chains x86 174-294 N N N N N N KILL -+04-sim-multilevel_chains x86 296-350 N N N N N N KILL - 04-sim-multilevel_chains x86_64 4-14 N N N N N N KILL --04-sim-multilevel_chains x86_64 16-350 N N N N N N KILL -+04-sim-multilevel_chains x86_64 16-256 N N N N N N KILL -+04-sim-multilevel_chains x86_64 258-350 N N N N N N KILL - - test type: bpf-sim-fuzz - -diff --git a/tests/06-sim-actions.c b/tests/06-sim-actions.c -index 10b366c..da636c9 100644 ---- a/tests/06-sim-actions.c -+++ b/tests/06-sim-actions.c -@@ -60,11 +60,11 @@ int main(int argc, char *argv[]) - if (rc != 0) - goto out; - -- rc = seccomp_rule_add(ctx, SCMP_ACT_TRACE(1234), SCMP_SYS(open), 0); -+ rc = seccomp_rule_add(ctx, SCMP_ACT_TRACE(1234), SCMP_SYS(openat), 0); - if (rc != 0) - goto out; - -- rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS, SCMP_SYS(stat), 0); -+ rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS, SCMP_SYS(fstat), 0); - if (rc != 0) - goto out; - -diff --git a/tests/06-sim-actions.py b/tests/06-sim-actions.py -index f14d6ed..253061d 100755 ---- a/tests/06-sim-actions.py -+++ b/tests/06-sim-actions.py -@@ -37,8 +37,8 @@ def test(args): - f.add_rule(LOG, "rt_sigreturn") - f.add_rule(ERRNO(errno.EPERM), "write") - f.add_rule(TRAP, "close") -- f.add_rule(TRACE(1234), "open") -- f.add_rule(KILL_PROCESS, "stat") -+ f.add_rule(TRACE(1234), "openat") -+ f.add_rule(KILL_PROCESS, "fstat") - return f - - args = util.get_opt() -diff --git a/tests/06-sim-actions.tests b/tests/06-sim-actions.tests -index b830917..1ef38b3 100644 ---- a/tests/06-sim-actions.tests -+++ b/tests/06-sim-actions.tests -@@ -11,15 +11,17 @@ test type: bpf-sim - 06-sim-actions all read 4 0x856B008 80 N N N ALLOW - 06-sim-actions all write 1 0x856B008 N N N N ERRNO(1) - 06-sim-actions all close 4 N N N N N TRAP --06-sim-actions all,-aarch64 open 0x856B008 4 N N N N TRACE(1234) --06-sim-actions all,-aarch64 stat N N N N N N KILL_PROCESS -+06-sim-actions all openat 0 0x856B008 4 N N N TRACE(1234) -+06-sim-actions all fstat N N N N N N KILL_PROCESS - 06-sim-actions all rt_sigreturn N N N N N N LOG - 06-sim-actions x86 0-2 N N N N N N KILL --06-sim-actions x86 7-105 N N N N N N KILL --06-sim-actions x86 107-172 N N N N N N KILL --06-sim-actions x86 174-350 N N N N N N KILL --06-sim-actions x86_64 5-14 N N N N N N KILL --06-sim-actions x86_64 16-350 N N N N N N KILL -+06-sim-actions x86 7-107 N N N N N N KILL -+06-sim-actions x86 109-172 N N N N N N KILL -+06-sim-actions x86 174-294 N N N N N N KILL -+06-sim-actions x86 296-350 N N N N N N KILL -+06-sim-actions x86_64 6-14 N N N N N N KILL -+06-sim-actions x86_64 16-256 N N N N N N KILL -+06-sim-actions x86_64 258-350 N N N N N N KILL - - test type: bpf-sim-fuzz - --- -2.28.0 -