Source: libseccomp Version: 2.3.1-2.1 Severity: normal Tags: patch Hello,
please package the new upstream version 2.3.3 which adds support for the statx syscall (which is already actively used by libqt5) among others; this should also close #893722. Patch with the required changes (only unfuzzing of the parisc patch) is attached. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
diff -u -r libseccomp-2.3.1/debian/changelog libseccomp-2.3.3/debian/changelog
--- libseccomp-2.3.1/debian/changelog 2016-11-17 10:16:44.000000000 +0100
+++ libseccomp-2.3.3/debian/changelog 2018-04-11 12:09:58.258096960 +0200
@@ -1,3 +1,10 @@
+libseccomp (2.3.3-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release.
+
+ -- Simon Ruderich <si...@ruderich.org> Wed, 11 Apr 2018 12:09:39 +0200
+
libseccomp (2.3.1-2.1) unstable; urgency=medium
[ Martin Pitt ]
diff -u -r libseccomp-2.3.1/debian/patches/28-parisc_support.patch libseccomp-2.3.3/debian/patches/28-parisc_support.patch
--- libseccomp-2.3.1/debian/patches/28-parisc_support.patch 2016-11-17 10:16:44.000000000 +0100
+++ libseccomp-2.3.3/debian/patches/28-parisc_support.patch 2018-04-11 12:13:17.451686723 +0200
@@ -65,11 +65,11 @@
create mode 100644 src/arch-parisc.h
create mode 100644 src/arch-parisc64.c
-Index: libseccomp/include/seccomp.h.in
+Index: libseccomp-2.3.3/include/seccomp.h.in
===================================================================
---- libseccomp.orig/include/seccomp.h.in 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/include/seccomp.h.in 2016-05-28 19:57:02.038592653 +0200
-@@ -185,6 +185,12 @@
+--- libseccomp-2.3.3.orig/include/seccomp.h.in
++++ libseccomp-2.3.3/include/seccomp.h.in
+@@ -186,6 +186,12 @@ struct scmp_arg_cmp {
#define SCMP_ARCH_S390X AUDIT_ARCH_S390X
/**
@@ -82,11 +82,11 @@
* Convert a syscall name into the associated syscall number
* @param x the syscall name
*/
-Index: libseccomp/src/Makefile.am
+Index: libseccomp-2.3.3/src/Makefile.am
===================================================================
---- libseccomp.orig/src/Makefile.am 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/Makefile.am 2016-05-28 19:57:02.038592653 +0200
-@@ -35,6 +35,8 @@
+--- libseccomp-2.3.3.orig/src/Makefile.am
++++ libseccomp-2.3.3/src/Makefile.am
+@@ -35,6 +35,8 @@ SOURCES_ALL = \
arch-mips.h arch-mips.c arch-mips-syscalls.c \
arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \
arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \
@@ -95,10 +95,10 @@
arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \
arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \
arch-s390.h arch-s390.c arch-s390-syscalls.c \
-Index: libseccomp/src/arch-parisc-syscalls.c
+Index: libseccomp-2.3.3/src/arch-parisc-syscalls.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ libseccomp/src/arch-parisc-syscalls.c 2016-05-28 19:57:02.042592678 +0200
+--- /dev/null
++++ libseccomp-2.3.3/src/arch-parisc-syscalls.c
@@ -0,0 +1,499 @@
+/*
+ * Copyright (c) 2016 Helge Deller <del...@gmx.de>
@@ -599,10 +599,10 @@
+ /* XXX - no safety checks here */
+ return parisc_syscall_table[spot].name;
+}
-Index: libseccomp/src/arch-parisc.c
+Index: libseccomp-2.3.3/src/arch-parisc.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ libseccomp/src/arch-parisc.c 2016-05-28 19:57:02.042592678 +0200
+--- /dev/null
++++ libseccomp-2.3.3/src/arch-parisc.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2016 Helge Deller <del...@gmx.de>
@@ -626,10 +626,10 @@
+ .syscall_rewrite = NULL,
+ .rule_add = NULL,
+};
-Index: libseccomp/src/arch-parisc.h
+Index: libseccomp-2.3.3/src/arch-parisc.h
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ libseccomp/src/arch-parisc.h 2016-05-28 19:57:02.042592678 +0200
+--- /dev/null
++++ libseccomp-2.3.3/src/arch-parisc.h
@@ -0,0 +1,38 @@
+/**
+ * Enhanced Seccomp PARISC Specific Code
@@ -669,10 +669,10 @@
+const char *parisc_syscall_iterate_name(unsigned int spot);
+
+#endif
-Index: libseccomp/src/arch-parisc64.c
+Index: libseccomp-2.3.3/src/arch-parisc64.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ libseccomp/src/arch-parisc64.c 2016-05-28 19:57:02.042592678 +0200
+--- /dev/null
++++ libseccomp-2.3.3/src/arch-parisc64.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2016 Helge Deller <del...@gmx.de>
@@ -696,10 +696,10 @@
+ .syscall_rewrite = NULL,
+ .rule_add = NULL,
+};
-Index: libseccomp/src/arch-syscall-check.c
+Index: libseccomp-2.3.3/src/arch-syscall-check.c
===================================================================
---- libseccomp.orig/src/arch-syscall-check.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/arch-syscall-check.c 2016-05-28 19:57:02.042592678 +0200
+--- libseccomp-2.3.3.orig/src/arch-syscall-check.c
++++ libseccomp-2.3.3/src/arch-syscall-check.c
@@ -33,6 +33,7 @@
#include "arch-mips.h"
#include "arch-mips64.h"
@@ -708,7 +708,7 @@
#include "arch-ppc.h"
#include "arch-ppc64.h"
#include "arch-s390.h"
-@@ -71,6 +72,7 @@
+@@ -71,6 +72,7 @@ int main(int argc, char *argv[])
int i_mips = 0;
int i_mips64 = 0;
int i_mips64n32 = 0;
@@ -716,25 +716,25 @@
int i_ppc = 0;
int i_ppc64 = 0;
int i_s390 = 0;
-@@ -101,6 +103,8 @@
- mips64_syscall_iterate_name(i_mips64));
+@@ -103,6 +105,8 @@ int main(int argc, char *argv[])
+ mips64_syscall_iterate(i_mips64));
syscall_check(str_miss, sys_name, "mips64n32",
- mips64n32_syscall_iterate_name(i_mips64n32));
+ mips64n32_syscall_iterate(i_mips64n32));
+ syscall_check(str_miss, sys_name, "parisc",
+ parisc_syscall_iterate_name(i_parisc));
syscall_check(str_miss, sys_name, "ppc",
- ppc_syscall_iterate_name(i_ppc));
+ ppc_syscall_iterate(i_ppc));
syscall_check(str_miss, sys_name, "ppc64",
-@@ -135,6 +139,8 @@
+@@ -137,6 +141,8 @@ int main(int argc, char *argv[])
i_mips64 = -1;
- if (!mips64n32_syscall_iterate_name(++i_mips64n32))
+ if (!mips64n32_syscall_iterate(++i_mips64n32)->name)
i_mips64n32 = -1;
+ if (!parisc_syscall_iterate_name(++i_parisc))
+ i_parisc = -1;
- if (!ppc_syscall_iterate_name(++i_ppc))
+ if (!ppc_syscall_iterate(++i_ppc)->name)
i_ppc = -1;
- if (!ppc64_syscall_iterate_name(++i_ppc64))
-@@ -146,6 +152,7 @@
+ if (!ppc64_syscall_iterate(++i_ppc64)->name)
+@@ -148,6 +154,7 @@ int main(int argc, char *argv[])
} while (i_x86_64 >= 0 && i_x32 >= 0 &&
i_arm >= 0 && i_aarch64 >= 0 &&
i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 &&
@@ -742,8 +742,8 @@
i_ppc >= 0 && i_ppc64 >= 0 &&
i_s390 >= 0 && i_s390x >= 0);
-@@ -190,6 +197,10 @@
- mips64n32_syscall_iterate_name(i_mips64n32));
+@@ -185,6 +192,10 @@ int main(int argc, char *argv[])
+ printf("ERROR, mips64n32 has additional syscalls\n");
return 1;
}
+ if (i_parisc >= 0) {
@@ -751,12 +751,12 @@
+ parisc_syscall_iterate_name(i_parisc));
+ }
if (i_ppc >= 0) {
- printf("%s: ERROR, ppc has additional syscalls\n",
- ppc_syscall_iterate_name(i_ppc));
-Index: libseccomp/src/arch-syscall-dump.c
+ printf("ERROR, ppc has additional syscalls\n");
+ return 1;
+Index: libseccomp-2.3.3/src/arch-syscall-dump.c
===================================================================
---- libseccomp.orig/src/arch-syscall-dump.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/arch-syscall-dump.c 2016-05-28 19:57:02.042592678 +0200
+--- libseccomp-2.3.3.orig/src/arch-syscall-dump.c
++++ libseccomp-2.3.3/src/arch-syscall-dump.c
@@ -38,6 +38,7 @@
#include "arch-mips64.h"
#include "arch-mips64n32.h"
@@ -765,21 +765,21 @@
#include "arch-ppc.h"
#include "arch-ppc64.h"
#include "arch-s390.h"
-@@ -116,6 +117,10 @@
+@@ -115,6 +116,10 @@ int main(int argc, char *argv[])
case SCMP_ARCH_MIPSEL64N32:
- sys_name = mips64n32_syscall_iterate_name(iter);
+ sys = mips64n32_syscall_iterate(iter);
break;
+ case SCMP_ARCH_PARISC:
+ case SCMP_ARCH_PARISC64:
+ sys_name = parisc_syscall_iterate_name(iter);
+ break;
case SCMP_ARCH_PPC:
- sys_name = ppc_syscall_iterate_name(iter);
+ sys = ppc_syscall_iterate(iter);
break;
-Index: libseccomp/src/arch.c
+Index: libseccomp-2.3.3/src/arch.c
===================================================================
---- libseccomp.orig/src/arch.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/arch.c 2016-05-28 19:57:02.042592678 +0200
+--- libseccomp-2.3.3.orig/src/arch.c
++++ libseccomp-2.3.3/src/arch.c
@@ -38,6 +38,7 @@
#include "arch-mips.h"
#include "arch-mips64.h"
@@ -788,7 +788,7 @@
#include "arch-ppc.h"
#include "arch-ppc64.h"
#include "arch-s390.h"
-@@ -79,6 +80,10 @@
+@@ -77,6 +78,10 @@ const struct arch_def *arch_def_native =
#elif __MIPSEL__
const struct arch_def *arch_def_native = &arch_def_mipsel64n32;
#endif /* _MIPS_SIM_NABI32 */
@@ -799,7 +799,7 @@
#elif __PPC64__
#ifdef __BIG_ENDIAN__
const struct arch_def *arch_def_native = &arch_def_ppc64;
-@@ -139,6 +144,10 @@
+@@ -137,6 +142,10 @@ const struct arch_def *arch_def_lookup(u
return &arch_def_mips64n32;
case SCMP_ARCH_MIPSEL64N32:
return &arch_def_mipsel64n32;
@@ -810,7 +810,7 @@
case SCMP_ARCH_PPC:
return &arch_def_ppc;
case SCMP_ARCH_PPC64:
-@@ -185,6 +194,10 @@
+@@ -183,6 +192,10 @@ const struct arch_def *arch_def_lookup_n
return &arch_def_mips64n32;
else if (strcmp(arch_name, "mipsel64n32") == 0)
return &arch_def_mipsel64n32;
@@ -821,11 +821,11 @@
else if (strcmp(arch_name, "ppc") == 0)
return &arch_def_ppc;
else if (strcmp(arch_name, "ppc64") == 0)
-Index: libseccomp/src/gen_pfc.c
+Index: libseccomp-2.3.3/src/gen_pfc.c
===================================================================
---- libseccomp.orig/src/gen_pfc.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/gen_pfc.c 2016-05-28 19:57:02.042592678 +0200
-@@ -71,6 +71,10 @@
+--- libseccomp-2.3.3.orig/src/gen_pfc.c
++++ libseccomp-2.3.3/src/gen_pfc.c
+@@ -71,6 +71,10 @@ static const char *_pfc_arch(const struc
return "mips64n32";
case SCMP_ARCH_MIPSEL64N32:
return "mipsel64n32";
@@ -836,11 +836,11 @@
case SCMP_ARCH_PPC64:
return "ppc64";
case SCMP_ARCH_PPC64LE:
-Index: libseccomp/src/python/libseccomp.pxd
+Index: libseccomp-2.3.3/src/python/libseccomp.pxd
===================================================================
---- libseccomp.orig/src/python/libseccomp.pxd 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/python/libseccomp.pxd 2016-05-28 19:57:02.042592678 +0200
-@@ -43,6 +43,8 @@
+--- libseccomp-2.3.3.orig/src/python/libseccomp.pxd
++++ libseccomp-2.3.3/src/python/libseccomp.pxd
+@@ -43,6 +43,8 @@ cdef extern from "seccomp.h":
SCMP_ARCH_MIPSEL
SCMP_ARCH_MIPSEL64
SCMP_ARCH_MIPSEL64N32
@@ -849,11 +849,11 @@
SCMP_ARCH_PPC
SCMP_ARCH_PPC64
SCMP_ARCH_PPC64LE
-Index: libseccomp/src/python/seccomp.pyx
+Index: libseccomp-2.3.3/src/python/seccomp.pyx
===================================================================
---- libseccomp.orig/src/python/seccomp.pyx 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/src/python/seccomp.pyx 2016-05-28 19:57:02.042592678 +0200
-@@ -147,6 +147,8 @@
+--- libseccomp-2.3.3.orig/src/python/seccomp.pyx
++++ libseccomp-2.3.3/src/python/seccomp.pyx
+@@ -166,6 +166,8 @@ cdef class Arch:
MIPSEL - MIPS little endian O32 ABI
MIPSEL64 - MIPS little endian 64-bit ABI
MIPSEL64N32 - MIPS little endian N32 ABI
@@ -862,7 +862,7 @@
PPC64 - 64-bit PowerPC
PPC - 32-bit PowerPC
"""
-@@ -165,6 +167,8 @@
+@@ -184,6 +186,8 @@ cdef class Arch:
MIPSEL = libseccomp.SCMP_ARCH_MIPSEL
MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64
MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32
@@ -871,7 +871,7 @@
PPC = libseccomp.SCMP_ARCH_PPC
PPC64 = libseccomp.SCMP_ARCH_PPC64
PPC64LE = libseccomp.SCMP_ARCH_PPC64LE
-@@ -205,6 +209,10 @@
+@@ -224,6 +228,10 @@ cdef class Arch:
self._token = libseccomp.SCMP_ARCH_MIPSEL64
elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32:
self._token = libseccomp.SCMP_ARCH_MIPSEL64N32
@@ -882,11 +882,11 @@
elif arch == libseccomp.SCMP_ARCH_PPC:
self._token = libseccomp.SCMP_ARCH_PPC
elif arch == libseccomp.SCMP_ARCH_PPC64:
-Index: libseccomp/tests/26-sim-arch_all_be_basic.c
+Index: libseccomp-2.3.3/tests/26-sim-arch_all_be_basic.c
===================================================================
---- libseccomp.orig/tests/26-sim-arch_all_be_basic.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/tests/26-sim-arch_all_be_basic.c 2016-05-28 19:57:02.042592678 +0200
-@@ -52,6 +52,12 @@
+--- libseccomp-2.3.3.orig/tests/26-sim-arch_all_be_basic.c
++++ libseccomp-2.3.3/tests/26-sim-arch_all_be_basic.c
+@@ -52,6 +52,12 @@ int main(int argc, char *argv[])
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32"));
if (rc != 0)
goto out;
@@ -899,11 +899,11 @@
rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc"));
if (rc != 0)
goto out;
-Index: libseccomp/tests/26-sim-arch_all_be_basic.py
+Index: libseccomp-2.3.3/tests/26-sim-arch_all_be_basic.py
===================================================================
---- libseccomp.orig/tests/26-sim-arch_all_be_basic.py 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/tests/26-sim-arch_all_be_basic.py 2016-05-28 19:57:02.046592702 +0200
-@@ -33,6 +33,8 @@
+--- libseccomp-2.3.3.orig/tests/26-sim-arch_all_be_basic.py
++++ libseccomp-2.3.3/tests/26-sim-arch_all_be_basic.py
+@@ -33,6 +33,8 @@ def test(args):
f.add_arch(Arch("mips"))
f.add_arch(Arch("mips64"))
f.add_arch(Arch("mips64n32"))
@@ -912,11 +912,11 @@
f.add_arch(Arch("ppc"))
f.add_arch(Arch("ppc64"))
f.add_arch(Arch("s390"))
-Index: libseccomp/tests/regression
+Index: libseccomp-2.3.3/tests/regression
===================================================================
---- libseccomp.orig/tests/regression 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/tests/regression 2016-05-28 19:57:02.046592702 +0200
-@@ -28,6 +28,7 @@
+--- libseccomp-2.3.3.orig/tests/regression
++++ libseccomp-2.3.3/tests/regression
+@@ -28,6 +28,7 @@ GLBL_ARCH_LE_SUPPORT=" \
ppc64le"
GLBL_ARCH_BE_SUPPORT=" \
mips mips64 mips64n32 \
@@ -924,7 +924,7 @@
ppc ppc64 \
s390 s390x"
-@@ -701,7 +702,7 @@
+@@ -706,7 +707,7 @@ function run_test_live() {
# setup the arch specific return values
case "$arch" in
@@ -933,11 +933,11 @@
rc_kill=159
rc_allow=160
rc_trap=161
-Index: libseccomp/tools/scmp_arch_detect.c
+Index: libseccomp-2.3.3/tools/scmp_arch_detect.c
===================================================================
---- libseccomp.orig/tools/scmp_arch_detect.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/tools/scmp_arch_detect.c 2016-05-28 19:57:02.046592702 +0200
-@@ -99,6 +99,12 @@
+--- libseccomp-2.3.3.orig/tools/scmp_arch_detect.c
++++ libseccomp-2.3.3/tools/scmp_arch_detect.c
+@@ -99,6 +99,12 @@ int main(int argc, char *argv[])
case SCMP_ARCH_MIPSEL64N32:
printf("mipsel64n32\n");
break;
@@ -950,11 +950,11 @@
case SCMP_ARCH_PPC:
printf("ppc\n");
break;
-Index: libseccomp/tools/scmp_bpf_sim.c
+Index: libseccomp-2.3.3/tools/scmp_bpf_sim.c
===================================================================
---- libseccomp.orig/tools/scmp_bpf_sim.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/tools/scmp_bpf_sim.c 2016-05-28 19:57:02.046592702 +0200
-@@ -265,6 +265,10 @@
+--- libseccomp-2.3.3.orig/tools/scmp_bpf_sim.c
++++ libseccomp-2.3.3/tools/scmp_bpf_sim.c
+@@ -265,6 +265,10 @@ int main(int argc, char *argv[])
arch = AUDIT_ARCH_MIPS64N32;
else if (strcmp(optarg, "mipsel64n32") == 0)
arch = AUDIT_ARCH_MIPSEL64N32;
@@ -965,10 +965,10 @@
else if (strcmp(optarg, "ppc") == 0)
arch = AUDIT_ARCH_PPC;
else if (strcmp(optarg, "ppc64") == 0)
-Index: libseccomp/tools/util.c
+Index: libseccomp-2.3.3/tools/util.c
===================================================================
---- libseccomp.orig/tools/util.c 2016-05-28 19:57:02.050592727 +0200
-+++ libseccomp/tools/util.c 2016-05-28 19:57:02.046592702 +0200
+--- libseccomp-2.3.3.orig/tools/util.c
++++ libseccomp-2.3.3/tools/util.c
@@ -62,6 +62,10 @@
#elif __MIPSEL__
#define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32
Only in libseccomp-2.3.3/debian/patches: 28-parisc_support.patch~
signature.asc
Description: PGP signature
