From patchwork Tue Mar 18 21:20:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8536 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZHPry5Tprz3xPk for ; Tue, 18 Mar 2025 21:20:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZHPrs54YZz5cW for ; Tue, 18 Mar 2025 21:20:45 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZHPrj0Vpmz37Q8 for ; Tue, 18 Mar 2025 21:20:37 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZHPrf09d9z37Jh for ; Tue, 18 Mar 2025 21:20:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZHPrc1jhBz5gr; Tue, 18 Mar 2025 21:20:32 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1742332832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bjGqzgPHT+yZYOwp8ZgtkeWSnjHaDxTO/AYvqckLvRQ=; b=sFcFHeQpIs2I6RNKqanMfs87q3xd53/zPXVtuEixpLrT3piFbxu92O4R4trKlMGMgKNrxa /+wv8h1EZ4nh0LDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1742332832; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bjGqzgPHT+yZYOwp8ZgtkeWSnjHaDxTO/AYvqckLvRQ=; b=t9NDZN2pguvkV2Mhr/Bf/kMht72GG+CgpiFFM2aHrN9oDLv4O173/j0yY6b5BQ5UG89dN9 orTaM9dQB9V/EKIvu0ZyQ12wCfHYHxWhV4Fto9COunh8ZYQT9ROvV3tXQuvA6T0TRhTst1 QZq56OYzJJBREEK4SrtoqjVeyeqLmNtjXbYNJ+bm2qK8c56g8TTPKEfiFKrTKR8QfO+quz ZnFOYQOFzj7bp95urBvEXgIj9yeNh3CrFH1Rp1dR9jYXJ17eOVkVftPesxgNhsoO+4FPaU Prgog7bR3w/RBvsS6Xsby1Bn3ro4HNt5qlXyjQQA2Bf0pVeuTyod/v76HwJJWw== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] libseccomp: Update to version 2.6.0 Date: Tue, 18 Mar 2025 22:20:15 +0100 Message-ID: <20250318212018.3324141-12-adolf.belka@ipfire.org> In-Reply-To: <20250318212018.3324141-1-adolf.belka@ipfire.org> References: <20250318212018.3324141-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 2.5.5 to 2.6.0 - Update of rootfile - Changelog 2.6.0 - Update the syscall table for Linux v6.13 - Add support for new arches: SuperH little and big endian, LoongArch, and 32-bit Motorola 68000 - Add multiplexed syscall support for more arches: MIPS, SuperH, and PPC - Consolidate and simplify handling of multiplexed syscalls - Add support for the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag - Add support for transactions with the seccomp_transaction_start(), seccomp_transaction_commit(), and seccomp_transaction_reject() APIs - Add a seccomp_precompute() API to generate the seccomp BPF filter prior to seccomp_load() or seccomp_export_bpf_mem() - Add support for binary tree filters without syscalls - Add support for the kernel’s implementation change of SECCOMP_IOCTL_NOTIF_ID_VALID - Add Python binding support for retrieving the notification file descriptor - Improved tooling to help track syscall table updates in the Linux kernel - Handle EINVAL error from the kernel when the WAIT_KILLABLE_RECV flag is erroneously provided to the kernel - Fix a seccomp userspace notification issue where the file descriptor was being requested more than once - Fix a bug where the internal filter state could be corrupted when a filter rule addition fails - Fix potential memory leak in the internal management of filter snapshots - Utilize Cython rather than distutils in the Python bindings, due to distutils’ deprecation - Many test and CI improvements and fixes - Many documentation improvements and updates Signed-off-by: Adolf Belka --- config/rootfiles/packages/libseccomp | 4 +++- lfs/libseccomp | 13 ++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/config/rootfiles/packages/libseccomp b/config/rootfiles/packages/libseccomp index f1bc3961f..a936edefc 100644 --- a/config/rootfiles/packages/libseccomp +++ b/config/rootfiles/packages/libseccomp @@ -4,7 +4,7 @@ usr/bin/scmp_sys_resolver #usr/lib/libseccomp.la #usr/lib/libseccomp.so usr/lib/libseccomp.so.2 -usr/lib/libseccomp.so.2.5.5 +usr/lib/libseccomp.so.2.6.0 #usr/lib/pkgconfig/libseccomp.pc #usr/share/man/man1/scmp_sys_resolver.1 #usr/share/man/man3/seccomp_api_get.3 @@ -17,6 +17,7 @@ usr/lib/libseccomp.so.2.5.5 #usr/share/man/man3/seccomp_attr_get.3 #usr/share/man/man3/seccomp_attr_set.3 #usr/share/man/man3/seccomp_export_bpf.3 +#usr/share/man/man3/seccomp_export_bpf_mem.3 #usr/share/man/man3/seccomp_export_pfc.3 #usr/share/man/man3/seccomp_init.3 #usr/share/man/man3/seccomp_load.3 @@ -27,6 +28,7 @@ usr/lib/libseccomp.so.2.5.5 #usr/share/man/man3/seccomp_notify_id_valid.3 #usr/share/man/man3/seccomp_notify_receive.3 #usr/share/man/man3/seccomp_notify_respond.3 +#usr/share/man/man3/seccomp_precompute.3 #usr/share/man/man3/seccomp_release.3 #usr/share/man/man3/seccomp_reset.3 #usr/share/man/man3/seccomp_rule_add.3 diff --git a/lfs/libseccomp b/lfs/libseccomp index fa65f2259..436918323 100644 --- a/lfs/libseccomp +++ b/lfs/libseccomp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = A Seccomp (mode 2) helper library -VER = 2.5.5 +VER = 2.6.0 THISAPP = libseccomp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libseccomp -PAK_VER = 10 +PAK_VER = 11 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = d770cee1f3e02fbbcd9f25655b360ab38160ad800e2829a67f2b9da62b095a90be99ac851a67344cf95bd6810a6268da4655dc1d37d996e58239c4999eb41998 +$(DL_FILE)_BLAKE2 = 45c4f4dd67db5848bb536613e8929633f95cfbeb8738525381a76631187e7b0fc2c02f1a103579cd0f4135e9c175250fe2d784b85cc85424ec3125b4dafcf11c install : $(TARGET) @@ -82,9 +82,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar vxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --disable-static - + --prefix=/usr \ + --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP)