Hello community, here is the log from the commit of package libseccomp for openSUSE:Factory checked in at 2020-09-14 12:02:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libseccomp (Old) and /work/SRC/openSUSE:Factory/.libseccomp.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libseccomp" Mon Sep 14 12:02:31 2020 rev:29 rq:833243 version:2.5.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libseccomp/libseccomp.changes 2020-06-11 10:00:01.002255927 +0200 +++ /work/SRC/openSUSE:Factory/.libseccomp.new.4249/libseccomp.changes 2020-09-14 12:03:18.755624926 +0200 @@ -1,0 +2,38 @@ +Wed Sep 9 13:49:55 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org> + +- Do not rely on gperf: pass GPERF=/bin/true to configure and + remove gperf BuildRequires. The syscalls.perf file it would + generate is part of the tarball already. + +------------------------------------------------------------------- +Tue Sep 8 15:00:01 UTC 2020 - Andreas Schwab <sch...@suse.de> + +- testsuite-riscv64-missing-syscalls.patch: Fix testsuite failure on + riscv64 +- Ignore failure of tests/52-basic-load on qemu linux-user emulation + +------------------------------------------------------------------- +Tue Sep 8 14:00:13 UTC 2020 - Ralf Haferkamp <rha...@suse.com> + +- Update to release 2.5.0 + * Add support for the seccomp user notifications, see the + seccomp_notify_alloc(3), seccomp_notify_receive(3), + seccomp_notify_respond(3) manpages for more information + * Add support for new filter optimization approaches, including a balanced + tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for + more information + * Add support for the 64-bit RISC-V architecture + * Performance improvements when adding new rules to a filter thanks to the + use of internal shadow transactions and improved syscall lookup tables + * Properly document the libseccomp API return values and include them in the + stable API promise + * Improvements to the s390 and s390x multiplexed syscall handling + * Multiple fixes and improvements to the libseccomp manpages + * Moved from manually maintained syscall tables to an automatically generated + syscall table in CSV format + * Update the syscall tables to Linux v5.8.0-rc5 + * Python bindings and build now default to Python 3.x + * Improvements to the tests have boosted code coverage to over 93% +- libseccomp.keyring: replaced by Paul Moore <pmo...@redhat.com> key. + +------------------------------------------------------------------- Old: ---- libseccomp-2.4.3.tar.gz libseccomp-2.4.3.tar.gz.asc New: ---- libseccomp-2.5.0.tar.gz libseccomp-2.5.0.tar.gz.asc testsuite-riscv64-missing-syscalls.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libseccomp.spec ++++++ --- /var/tmp/diff_new_pack.Wj2XOd/_old 2020-09-14 12:03:39.323646070 +0200 +++ /var/tmp/diff_new_pack.Wj2XOd/_new 2020-09-14 12:03:39.323646070 +0200 @@ -18,7 +18,7 @@ %define lname libseccomp2 Name: libseccomp -Version: 2.4.3 +Version: 2.5.0 Release: 0 Summary: A Seccomp (mode 2) helper library License: LGPL-2.1-only @@ -28,6 +28,7 @@ Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/libseccomp-%version.tar.gz.asc Source3: %name.keyring Source99: baselibs.conf +Patch: testsuite-riscv64-missing-syscalls.patch BuildRequires: autoconf BuildRequires: automake >= 1.11 BuildRequires: fdupes @@ -86,6 +87,12 @@ %prep %autosetup -p1 +%if 0%{?qemu_user_space_build} +# The qemu linux-user emulation does not allow executing +# prctl(PR_SET_SECCOMP), which breaks this test. Stub it out. +echo 'int main () { return 0; }' >tests/52-basic-load.c +%endif + %build if [ ! -f configure ]; then perl -i -pe 's{\QAC_INIT([libseccomp], [0.0.0])\E}{AC_INIT([libseccomp], [%version])}' configure.ac @@ -94,7 +101,8 @@ %configure \ --includedir="%_includedir/%name" \ --disable-static \ - --disable-silent-rules + --disable-silent-rules \ + GPERF=/bin/true make %{?_smp_mflags} %install ++++++ libseccomp-2.4.3.tar.gz -> libseccomp-2.5.0.tar.gz ++++++ ++++ 28221 lines of diff (skipped) ++++++ libseccomp.keyring ++++++ ++++ 725 lines (skipped) ++++ between libseccomp.keyring ++++ and /work/SRC/openSUSE:Factory/.libseccomp.new.4249/libseccomp.keyring ++++++ testsuite-riscv64-missing-syscalls.patch ++++++ >From cc580a514f05a7fc1f412f66ed002dd8aee89618 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <sch...@suse.de> Date: Tue, 18 Aug 2020 15:59:54 +0200 Subject: [PATCH] tests: use openat and fstat instead of open and stat syscalls in tests 04 and 06 Architectures like aarch64 and riscv64, and all future architectures that use the generic syscall table, do not support the open and stat syscalls. Use the openat and fstat syscalls instead. Signed-off-by: Andreas Schwab <sch...@suse.de> Acked-by: Tom Hromatka <tom.hroma...@oracle.com> Signed-off-by: Paul Moore <p...@paul-moore.com> (imported from commit a317fabc1fd915f19f7e7326bf7dcb77493f1210) --- tests/04-sim-multilevel_chains.c | 2 +- tests/04-sim-multilevel_chains.py | 2 +- tests/04-sim-multilevel_chains.tests | 8 +++++--- tests/06-sim-actions.c | 4 ++-- tests/06-sim-actions.py | 4 ++-- tests/06-sim-actions.tests | 16 +++++++++------- 6 files changed, 20 insertions(+), 16 deletions(-) diff --git a/tests/04-sim-multilevel_chains.c b/tests/04-sim-multilevel_chains.c index a660b40..e3e4f9b 100644 --- a/tests/04-sim-multilevel_chains.c +++ b/tests/04-sim-multilevel_chains.c @@ -41,7 +41,7 @@ int main(int argc, char *argv[]) if (ctx == NULL) return ENOMEM; - rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0); + rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0); if (rc != 0) goto out; diff --git a/tests/04-sim-multilevel_chains.py b/tests/04-sim-multilevel_chains.py index bcf1ee4..a5127a2 100755 --- a/tests/04-sim-multilevel_chains.py +++ b/tests/04-sim-multilevel_chains.py @@ -30,7 +30,7 @@ from seccomp import * def test(args): f = SyscallFilter(KILL) - f.add_rule(ALLOW, "open") + f.add_rule(ALLOW, "openat") f.add_rule(ALLOW, "close") f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno()), diff --git a/tests/04-sim-multilevel_chains.tests b/tests/04-sim-multilevel_chains.tests index 6613f9a..b6f7576 100644 --- a/tests/04-sim-multilevel_chains.tests +++ b/tests/04-sim-multilevel_chains.tests @@ -8,7 +8,7 @@ test type: bpf-sim # Testname Arch Syscall Arg0 Arg1 Arg2 Arg3 Arg4 Arg5 Result -04-sim-multilevel_chains all,-aarch64 open 0x856B008 4 N N N N ALLOW +04-sim-multilevel_chains all openat 0 0x856B008 4 N N N ALLOW 04-sim-multilevel_chains all close 4 N N N N N ALLOW 04-sim-multilevel_chains x86 read 0 0x856B008 0x7FFFFFFE N N N ALLOW 04-sim-multilevel_chains x86_64 read 0 0x856B008 0x7FFFFFFFFFFFFFFE N N N ALLOW @@ -27,9 +27,11 @@ test type: bpf-sim 04-sim-multilevel_chains all rt_sigreturn N N N N N N ALLOW 04-sim-multilevel_chains x86 0-2 N N N N N N KILL 04-sim-multilevel_chains x86 7-172 N N N N N N KILL -04-sim-multilevel_chains x86 174-350 N N N N N N KILL +04-sim-multilevel_chains x86 174-294 N N N N N N KILL +04-sim-multilevel_chains x86 296-350 N N N N N N KILL 04-sim-multilevel_chains x86_64 4-14 N N N N N N KILL -04-sim-multilevel_chains x86_64 16-350 N N N N N N KILL +04-sim-multilevel_chains x86_64 16-256 N N N N N N KILL +04-sim-multilevel_chains x86_64 258-350 N N N N N N KILL test type: bpf-sim-fuzz diff --git a/tests/06-sim-actions.c b/tests/06-sim-actions.c index 10b366c..da636c9 100644 --- a/tests/06-sim-actions.c +++ b/tests/06-sim-actions.c @@ -60,11 +60,11 @@ int main(int argc, char *argv[]) if (rc != 0) goto out; - rc = seccomp_rule_add(ctx, SCMP_ACT_TRACE(1234), SCMP_SYS(open), 0); + rc = seccomp_rule_add(ctx, SCMP_ACT_TRACE(1234), SCMP_SYS(openat), 0); if (rc != 0) goto out; - rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS, SCMP_SYS(stat), 0); + rc = seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS, SCMP_SYS(fstat), 0); if (rc != 0) goto out; diff --git a/tests/06-sim-actions.py b/tests/06-sim-actions.py index f14d6ed..253061d 100755 --- a/tests/06-sim-actions.py +++ b/tests/06-sim-actions.py @@ -37,8 +37,8 @@ def test(args): f.add_rule(LOG, "rt_sigreturn") f.add_rule(ERRNO(errno.EPERM), "write") f.add_rule(TRAP, "close") - f.add_rule(TRACE(1234), "open") - f.add_rule(KILL_PROCESS, "stat") + f.add_rule(TRACE(1234), "openat") + f.add_rule(KILL_PROCESS, "fstat") return f args = util.get_opt() diff --git a/tests/06-sim-actions.tests b/tests/06-sim-actions.tests index b830917..1ef38b3 100644 --- a/tests/06-sim-actions.tests +++ b/tests/06-sim-actions.tests @@ -11,15 +11,17 @@ test type: bpf-sim 06-sim-actions all read 4 0x856B008 80 N N N ALLOW 06-sim-actions all write 1 0x856B008 N N N N ERRNO(1) 06-sim-actions all close 4 N N N N N TRAP -06-sim-actions all,-aarch64 open 0x856B008 4 N N N N TRACE(1234) -06-sim-actions all,-aarch64 stat N N N N N N KILL_PROCESS +06-sim-actions all openat 0 0x856B008 4 N N N TRACE(1234) +06-sim-actions all fstat N N N N N N KILL_PROCESS 06-sim-actions all rt_sigreturn N N N N N N LOG 06-sim-actions x86 0-2 N N N N N N KILL -06-sim-actions x86 7-105 N N N N N N KILL -06-sim-actions x86 107-172 N N N N N N KILL -06-sim-actions x86 174-350 N N N N N N KILL -06-sim-actions x86_64 5-14 N N N N N N KILL -06-sim-actions x86_64 16-350 N N N N N N KILL +06-sim-actions x86 7-107 N N N N N N KILL +06-sim-actions x86 109-172 N N N N N N KILL +06-sim-actions x86 174-294 N N N N N N KILL +06-sim-actions x86 296-350 N N N N N N KILL +06-sim-actions x86_64 6-14 N N N N N N KILL +06-sim-actions x86_64 16-256 N N N N N N KILL +06-sim-actions x86_64 258-350 N N N N N N KILL test type: bpf-sim-fuzz -- 2.28.0