From: Felix Geyer Date: Fri, 15 Nov 2019 17:12:53 +0000 (+0000) Subject: libseccomp (2.4.2-2) unstable; urgency=medium X-Git-Tag: archive/raspbian/2.4.2-2+rpi1^2~4 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8936fee476196efe163e9804219ba22c049e1b32;p=libseccomp.git libseccomp (2.4.2-2) unstable; urgency=medium [ Christian Ehrhardt ] * d/rules: fix potential FTFBS after full python3 switch * d/t/control: drop python2 test following the removal of the package [ Felix Geyer ] * Remove build-dependency on valgrind for mips64el as it's broken there. * Backport patch to define __SNR_ppoll again. - Add api_define__SNR_ppoll_again.patch * Replace custom patch for cython3 with the upstream fix. [dgit import unpatched libseccomp 2.4.2-2] --- 8936fee476196efe163e9804219ba22c049e1b32 diff --cc debian/changelog index 0000000,0000000..dc5e258 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,259 @@@ ++libseccomp (2.4.2-2) unstable; urgency=medium ++ ++ [ Christian Ehrhardt ] ++ * d/rules: fix potential FTFBS after full python3 switch ++ * d/t/control: drop python2 test following the removal of the package ++ ++ [ Felix Geyer ] ++ * Remove build-dependency on valgrind for mips64el as it's broken there. ++ * Backport patch to define __SNR_ppoll again. ++ - Add api_define__SNR_ppoll_again.patch ++ * Replace custom patch for cython3 with the upstream fix. ++ ++ -- Felix Geyer Fri, 15 Nov 2019 18:12:53 +0100 ++ ++libseccomp (2.4.2-1) unstable; urgency=medium ++ ++ [ Christian Ehrhardt ] ++ * New upstream release 2.4.2 for compatibility with newer kernels and ++ fixing FTBFS (LP: #1849785). ++ - drop d/p/python_install_dir.patch (now upstream) ++ - d/rules: adapt to python 3.8 lacking the m modifier on includes ++ see https://wiki.debian.org/Python/Python3.8 ++ - d/p/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch: fix ++ build time test on arm64 ++ ++ [ Felix Geyer ] ++ * Drop Python 2 bindings. (Closes: #936917) ++ - Add cython3.patch to use the Python 3 cython variant. ++ ++ -- Felix Geyer Wed, 13 Nov 2019 00:00:49 +0100 ++ ++libseccomp (2.4.1-2) unstable; urgency=medium ++ ++ * Remove build-dependency on valgrind for mipsel and x32 as it's broken ++ on those archs. ++ * Set Rules-Requires-Root: no. ++ ++ -- Felix Geyer Fri, 19 Jul 2019 00:03:34 +0200 ++ ++libseccomp (2.4.1-1) unstable; urgency=medium ++ ++ * New upstream release. ++ - Addresses CVE-2019-9893 (Closes: #924646) ++ * Drop all patches for parisc arch support, merged upstream. ++ * Build-depend on valgrind to run more unit tests. ++ * Run dh_auto_configure for every python 3 version to install the extension ++ in the correct path. ++ * Update the symbols file. ++ * Adapt autopkgtest to new upstream version: ++ - Build against pthread ++ - Build scmp_api_level tool ++ * Upgrade to debhelper compat level 12. ++ - Add d/not-installed file ++ * Fix install path of the python module. ++ - Add python_install_dir.patch ++ * Add autopkgtest for python packages. ++ ++ -- Felix Geyer Wed, 17 Jul 2019 23:23:28 +0200 ++ ++libseccomp (2.3.3-4) unstable; urgency=medium ++ ++ [ Ondřej Nový ] ++ * d/copyright: Change Format URL to correct one ++ ++ [ Helmut Grohne ] ++ * Fix FTCBFS: (Closes: #903556) ++ + Multiarchify python Build-Depends. ++ + Annotate cython dependencies with :native for now. ++ + Drop noop dh_auto_build invocations. ++ + Pass a suitable PYTHONPATH for python2. ++ + Pass _PYTHON_SYSCONFIGDATA_NAME for python3. ++ ++ -- Felix Geyer Sun, 10 Feb 2019 12:25:44 +0100 ++ ++libseccomp (2.3.3-3) unstable; urgency=medium ++ ++ * Fix FTBFS: Adapt to renamed README file. (Closes: #902767) ++ ++ -- Felix Geyer Sun, 01 Jul 2018 20:32:03 +0200 ++ ++libseccomp (2.3.3-2) unstable; urgency=medium ++ ++ [ Helmut Grohne ] ++ * Support the nopython build profile. (Closes: #897057) ++ ++ [ Felix Geyer ] ++ * Run upstream "live" tests in an autopkgtest. ++ ++ -- Felix Geyer Sun, 13 May 2018 09:53:08 +0200 ++ ++libseccomp (2.3.3-1) unstable; urgency=medium ++ ++ * New upstream release. (Closes: #895417) ++ - Adds pkey_mprotect syscall. (Closes: #893722) ++ * Refresh parisc patch. ++ * Move libseccomp2 back to /usr/lib. (Closes: #894988) ++ * Make test failures cause the build to fail. (Closes: 877901) ++ * Build python bindings. (Closes: #810712) ++ * Switch to debhelper compat level 10. ++ * Move git repo to salsa.debian.org ++ * Add myself to Uploaders. ++ ++ -- Felix Geyer Sun, 22 Apr 2018 23:55:03 +0200 ++ ++libseccomp (2.3.1-2.1) unstable; urgency=medium ++ ++ [ Martin Pitt ] ++ * Non-maintainer upload with Kees' consent. ++ ++ [ Laurent Bigonville ] ++ * Ensure strict enough generated dependencies (Closes: #844496) ++ ++ -- Martin Pitt Thu, 17 Nov 2016 10:16:44 +0100 ++ ++libseccomp (2.3.1-2) unstable; urgency=medium ++ ++ * Add hppa (parisc) support (Closes: #820501) ++ ++ -- Luca Bruno Sat, 28 May 2016 20:05:01 +0200 ++ ++libseccomp (2.3.1-1) unstable; urgency=medium ++ ++ * New upstream release ++ * control: add Vcs-* fields ++ ++ -- Luca Bruno Tue, 05 Apr 2016 22:16:55 +0200 ++ ++libseccomp (2.3.0-1) unstable; urgency=medium ++ ++ * New upstream release ++ + drop all patches, applied upstream ++ * libseccomp2: update symbols file ++ * control: add myself to uploaders ++ * control: bump policy version ++ ++ -- Luca Bruno Sun, 03 Apr 2016 00:31:09 +0200 ++ ++libseccomp (2.2.3-3) unstable; urgency=medium ++ ++ [ Martin Pitt ] ++ * debian/patches/add-x86-32bit-socket-calls.patch: add the newly ++ connected direct socket calls. (Closes: #809556) ++ * debian/add-membarrier.patch: add membarrier syscall. ++ * Backport patches for ppc/ppc64 and s390x. (Closes: #800818) ++ ++ -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 ++ ++libseccomp (2.2.3-2) unstable; urgency=medium ++ ++ * debian/control: enable mips64, mips64el, and x32 architectures, ++ thanks to Helmut Grohne (Closes: 797383). ++ ++ -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 ++ ++libseccomp (2.2.3-1) unstable; urgency=medium ++ ++ * New upstream release (Closes: 793032). ++ * debian/control: update Homepage (Closes: 793033). ++ ++ -- Kees Cook Mon, 03 Aug 2015 15:06:08 -0700 ++ ++libseccomp (2.2.1-2) unstable; urgency=medium ++ ++ * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl ++ (Closes: 788923). ++ ++ -- Kees Cook Tue, 16 Jun 2015 12:45:08 -0700 ++ ++libseccomp (2.2.1-1) unstable; urgency=medium ++ ++ * New upstream release (Closes: 785428). ++ - debian/patches dropped: incorporated upstream. ++ * debian/libseccomp2.symbols: include only documented symbols. ++ * debian/libseccomp-dev.install: include static library (Closes: 698508). ++ * debian/control: ++ - add newly supported arm64, mips, and mipsel. ++ - bump standards version, no changes needed. ++ ++ -- Kees Cook Sat, 16 May 2015 08:15:26 -0700 ++ ++libseccomp (2.1.1-1) unstable; urgency=low ++ ++ * New upstream release (Closes: 733293). ++ * copyright: add a few missed people. ++ * rules: adjusted for new test target. ++ * libseccomp2.symbols: drop accidentally exported functions. ++ * control: ++ - bump standards, no changes needed. ++ - add armel target ++ ++ -- Kees Cook Sat, 12 Apr 2014 10:44:22 -0700 ++ ++libseccomp (2.1.0+dfsg-1) unstable; urgency=low ++ ++ * Rebuild source package without accidental binaries (Closes: 725617). ++ - debian/watch: mangle upstream version check. ++ * debian/rules: make tests non-fatal while upstream fixes them ++ (Closes: 721292). ++ ++ -- Kees Cook Sun, 06 Oct 2013 15:05:51 -0700 ++ ++libseccomp (2.1.0-1) unstable; urgency=low ++ ++ * New upstream release (Closes: 718398): ++ - dropped debian/patches/manpage-dashes.patch: taken upstream. ++ - dropped debian/patches/include-unistd.patch: not needed. ++ - debian/patches/testsuite-x86-write.patch: taken upstream. ++ - ABI bump: moved from libseccomp1 to libseccomp2. ++ * debian/control: ++ - added Arch: armhf, now supported upstream. ++ - added seccomp binary package for helper tools. ++ * Added debian/patches/manpage-typo.patch: spelling fix. ++ * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling. ++ ++ -- Kees Cook Tue, 13 Aug 2013 00:02:01 -0700 ++ ++libseccomp (1.0.1-2) unstable; urgency=low ++ ++ * debian/rules: enable testsuite at build time, thanks to ++ Stéphane Graber (Closes: 698803). ++ * Added debian/patches/include-unistd.patch: detect location of ++ asm/unistd.h correctly. ++ * Added debian/patches/testsuite-x86-write.patch: skip the "write" ++ syscall correctly on x86. ++ * debian/control: bump standards to 3.9.4, no changes needed. ++ ++ -- Kees Cook Wed, 23 Jan 2013 13:11:53 -0800 ++ ++libseccomp (1.0.1-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/control: only build on amd64 and i386 (Closes: 687368). ++ ++ -- Kees Cook Fri, 07 Dec 2012 11:38:03 -0800 ++ ++libseccomp (1.0.0-1) unstable; urgency=low ++ ++ * New upstream release. ++ - bump ABI. ++ - drop build verbosity patch, use upstream V=1 instead. ++ * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471). ++ * debian/patches/pkgconfig-macro.patch: use literals for macro. ++ ++ -- Kees Cook Fri, 03 Aug 2012 16:59:41 -0700 ++ ++libseccomp (0.1.0-1) unstable; urgency=low ++ ++ * New upstream release. ++ - drop patches taken upstream: ++ - libexecdir.patch ++ - pass-flags.patch ++ ++ -- Kees Cook Fri, 08 Jun 2012 12:32:22 -0700 ++ ++libseccomp (0.0.0~20120605-1) unstable; urgency=low ++ ++ * Initial release (Closes: #676257). ++ ++ -- Kees Cook Tue, 05 Jun 2012 11:28:07 -0700 diff --cc debian/control index 0000000,0000000..6d2dcae new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,62 @@@ ++Source: libseccomp ++Section: libs ++Priority: optional ++Maintainer: Kees Cook ++Uploaders: Luca Bruno , Felix Geyer ++Build-Depends: debhelper-compat (= 12), ++ linux-libc-dev, ++ dh-python , ++ python3-all-dev:any , ++ libpython3-all-dev , ++ cython3:native , ++ valgrind [amd64 arm64 armhf i386 mips mips64 powerpc ppc64 ppc64el s390x] ++Rules-Requires-Root: no ++Standards-Version: 3.9.7 ++Homepage: https://github.com/seccomp/libseccomp ++Vcs-Git: https://salsa.debian.org/debian/libseccomp.git ++Vcs-Browser: https://salsa.debian.org/debian/libseccomp ++ ++Package: libseccomp-dev ++Section: libdevel ++Architecture: linux-any ++Multi-Arch: same ++Pre-Depends: ${misc:Pre-Depends} ++Depends: libseccomp2 (= ${binary:Version}), ${misc:Depends} ++Suggests: seccomp ++Description: high level interface to Linux seccomp filter (development files) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ . ++ This package contains the development files. ++ ++Package: libseccomp2 ++Architecture: linux-any ++Multi-Arch: same ++Pre-Depends: ${misc:Pre-Depends} ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Description: high level interface to Linux seccomp filter ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ ++Package: seccomp ++Section: utils ++Architecture: linux-any ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Suggests: libseccomp-dev ++Description: helper tools for high level interface to Linux seccomp filter ++ Provides helper tools for interacting with libseccomp. Currently, only ++ a single tool exists, providing a way to easily enumerate syscalls across ++ the supported architectures. ++ ++Package: python3-seccomp ++Build-Profiles: ++Architecture: linux-any ++Multi-Arch: same ++Section: python ++Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} ++Description: high level interface to Linux seccomp filter (Python 3 bindings) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. diff --cc debian/copyright index 0000000,0000000..307817f new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,39 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: libseccomp ++Source: https://sourceforge.net/projects/libseccomp/ ++ ++Files: * ++Copyright: 2012 Paul Moore ++ 2012 Ashley Lai ++ 2012 Corey Bryant ++ 2012 Eduardo Otubo ++ 2012 Eric Paris ++License: LGPL-2.1 ++ ++Files: tests/22-sim-basic_chains_array.tests ++Copyright: 2013 Vitaly Shukela ++License: LGPL-2.1 ++ ++Files: src/hash.* ++Copyright: 2006 Bob Jenkins ++License: LGPL-2.1 ++ ++Files: debian/* ++Copyright: 2012 Kees Cook ++License: LGPL-2.1 ++ ++License: LGPL-2.1 ++ This library is free software; you can redistribute it and/or modify it ++ under the terms of version 2.1 of the GNU Lesser General Public License as ++ published by the Free Software Foundation. ++ . ++ This library is distributed in the hope that it will be useful, but WITHOUT ++ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ for more details. ++ . ++ You should have received a copy of the GNU Lesser General Public License ++ along with this library; if not, see . ++ . ++ On Debian systems, the complete text of the GNU Lesser General ++ Public License can be found in "/usr/share/common-licenses/LGPL-2.1". diff --cc debian/docs index 0000000,0000000..b43bf86 new file mode 100644 --- /dev/null +++ b/debian/docs @@@ -1,0 -1,0 +1,1 @@@ ++README.md diff --cc debian/gbp.conf index 0000000,0000000..c16083c new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,9 @@@ ++[DEFAULT] ++upstream-tag = upstream/%(version)s ++debian-tag = debian/%(version)s ++pristine-tar = True ++upstream-branch = upstream ++debian-branch = debian/sid ++ ++[buildpackage] ++submodules = True diff --cc debian/libseccomp-dev.install index 0000000,0000000..b973af4 new file mode 100644 --- /dev/null +++ b/debian/libseccomp-dev.install @@@ -1,0 -1,0 +1,4 @@@ ++usr/include/* ++usr/lib/*/lib*.so ++usr/lib/*/lib*.a ++usr/lib/*/pkgconfig/* diff --cc debian/libseccomp-dev.manpages index 0000000,0000000..7c72677 new file mode 100644 --- /dev/null +++ b/debian/libseccomp-dev.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man3/* diff --cc debian/libseccomp2.install index 0000000,0000000..3ddde58 new file mode 100644 --- /dev/null +++ b/debian/libseccomp2.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/*/lib*.so.* diff --cc debian/libseccomp2.symbols index 0000000,0000000..b710bf8 new file mode 100644 --- /dev/null +++ b/debian/libseccomp2.symbols @@@ -1,0 -1,0 +1,28 @@@ ++libseccomp.so.2 libseccomp2 #MINVER# ++* Build-Depends-Package: libseccomp-dev ++ seccomp_api_get@Base 2.4.1 ++ seccomp_api_set@Base 2.4.1 ++ seccomp_attr_get@Base 0.0.0~20120605 ++ seccomp_attr_set@Base 0.0.0~20120605 ++ seccomp_export_bpf@Base 0.0.0~20120605 ++ seccomp_export_pfc@Base 0.0.0~20120605 ++ seccomp_init@Base 0.0.0~20120605 ++ seccomp_load@Base 0.0.0~20120605 ++ seccomp_release@Base 0.0.0~20120605 ++ seccomp_reset@Base 0.0.0~20120605 ++ seccomp_rule_add@Base 0.0.0~20120605 ++ seccomp_rule_add_exact@Base 0.0.0~20120605 ++ seccomp_syscall_priority@Base 0.0.0~20120605 ++ seccomp_syscall_resolve_name@Base 1.0.1 ++ seccomp_merge@Base 1.0.1 ++ seccomp_arch_add@Base 1.0.1 ++ seccomp_arch_exist@Base 1.0.1 ++ seccomp_arch_remove@Base 1.0.1 ++ seccomp_arch_native@Base 2.1.0 ++ seccomp_rule_add_array@Base 2.1.0 ++ seccomp_rule_add_exact_array@Base 2.1.0 ++ seccomp_syscall_resolve_name_arch@Base 2.1.0 ++ seccomp_syscall_resolve_num_arch@Base 2.1.0 ++ seccomp_arch_resolve_name@Base 2.2.1 ++ seccomp_syscall_resolve_name_rewrite@Base 2.2.1 ++ seccomp_version@Base 2.3.0 diff --cc debian/not-installed index 0000000,0000000..4f60595 new file mode 100644 --- /dev/null +++ b/debian/not-installed @@@ -1,0 -1,0 +1,3 @@@ ++usr/lib/python*/*-packages/install_files.txt ++usr/lib/python*/*-packages/seccomp-*.egg-info ++usr/lib/*/libseccomp.la diff --cc debian/patches/api_define__SNR_ppoll_again.patch index 0000000,0000000..cc8ea1e new file mode 100644 --- /dev/null +++ b/debian/patches/api_define__SNR_ppoll_again.patch @@@ -1,0 -1,0 +1,41 @@@ ++https://github.com/seccomp/libseccomp/pull/186 ++ ++From 2e54815cd843687d750cc9822f992389bb7b76cd Mon Sep 17 00:00:00 2001 ++From: Miroslav Lichvar ++Date: Wed, 13 Nov 2019 13:36:10 +0100 ++Subject: [PATCH] api: define __SNR_ppoll again ++ ++Commit bf747eb21e428c2b3ead6ebcca27951b681963a0 accidentally removed the ++__SNR_ppoll definition. Add it back, using a PNR value if disabled in ++the kernel headers. ++ ++Signed-off-by: Miroslav Lichvar ++--- ++ include/seccomp-syscalls.h | 7 +++++++ ++ 1 file changed, 7 insertions(+) ++ ++diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h ++index 6457592..3c958df 100644 ++--- a/include/seccomp-syscalls.h +++++ b/include/seccomp-syscalls.h ++@@ -272,6 +272,7 @@ ++ #define __PNR_timerfd_gettime64 -10238 ++ #define __PNR_timerfd_settime64 -10239 ++ #define __PNR_utimensat_time64 -10240 +++#define __PNR_ppoll -10241 ++ ++ /* ++ * libseccomp syscall definitions ++@@ -1359,6 +1360,12 @@ ++ #define __SNR_poll __PNR_poll ++ #endif ++ +++#ifdef __NR_ppoll +++#define __SNR_ppoll __NR_ppoll +++#else +++#define __SNR_ppoll __PNR_ppoll +++#endif +++ ++ #ifdef __NR_ppoll_time64 ++ #define __SNR_ppoll_time64 __NR_ppoll_time64 ++ #else diff --cc debian/patches/cython3.patch index 0000000,0000000..4b749d0 new file mode 100644 --- /dev/null +++ b/debian/patches/cython3.patch @@@ -1,0 -1,0 +1,45 @@@ ++https://github.com/seccomp/libseccomp/pull/188 ++ ++From 8d09eb9314ad00aa0584345ae66d4419b38da8e0 Mon Sep 17 00:00:00 2001 ++From: Paul Moore ++Date: Wed, 13 Nov 2019 20:54:25 -0500 ++Subject: [PATCH] build: try to use explicitly marked Python 3.x tools first ++ ++Python 2.x is going EOL very soon, so let's require Python 3.x now ++and attempt to use the explicitly marked Python 3.x tools first. ++ ++Signed-off-by: Paul Moore ++--- ++ configure.ac | 12 ++++++------ ++ 1 file changed, 6 insertions(+), 6 deletions(-) ++ ++diff --git a/configure.ac b/configure.ac ++index 2ae6b2d..7d80b40 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -91,11 +91,11 @@ AC_SUBST([VERSION_MICRO]) ++ dnl #### ++ dnl cython checks ++ dnl #### ++-AC_CHECK_PROG(have_cython, cython, "yes", "no") ++-AS_IF([test "$have_cython" = yes], [ ++- AS_ECHO("checking cython version... $(cython -V 2>&1 | cut -d' ' -f 3)") ++- CYTHON_VER_MAJ=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); ++- CYTHON_VER_MIN=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); +++AC_CHECK_PROGS(cython, cython3 cython, "no") +++AS_IF([test "$cython" != no], [ +++ AS_ECHO("checking cython version... $($cython -V 2>&1 | cut -d' ' -f 3)") +++ CYTHON_VER_MAJ=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); +++ CYTHON_VER_MIN=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); ++ ],[ ++ CYTHON_VER_MAJ=0 ++ CYTHON_VER_MIN=0 ++@@ -112,7 +112,7 @@ AS_IF([test "$enable_python" = yes], [ ++ AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 29], [ ++ AC_MSG_ERROR([python bindings require cython 0.29 or higher]) ++ ]) ++- AM_PATH_PYTHON +++ AM_PATH_PYTHON([3]) ++ ]) ++ AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) ++ AC_DEFINE_UNQUOTED([ENABLE_PYTHON], diff --cc debian/patches/series index 0000000,0000000..bbdb514 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,3 @@@ ++tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch ++cython3.patch ++api_define__SNR_ppoll_again.patch diff --cc debian/patches/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch index 0000000,0000000..82c9360 new file mode 100644 --- /dev/null +++ b/debian/patches/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch @@@ -1,0 -1,0 +1,47 @@@ ++From 35803ceb43c453762a3ab5177c5f8d5dbb813478 Mon Sep 17 00:00:00 2001 ++From: Paul Moore ++Date: Tue, 5 Nov 2019 15:11:11 -0500 ++Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls ++ ++We recently changed how libseccomp handles syscall numbers that are ++not defined natively, but we missed test #15. ++ ++Signed-off-by: Paul Moore ++ ++Note: Tagged for v2.5, but needed to build 2.4.2 with newer kernels on arm ++This is part of PR: https://github.com/seccomp/libseccomp/pull/182 ++Upstream Bug: https://github.com/seccomp/libseccomp/issues/184 ++Origin: upstream, https://github.com/pcmoore/misc-libseccomp/commit/35803ceb43c453762a3ab5177c5f8d5dbb813478 ++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1849785 ++Last-Update: 2019-11-12 ++ ++--- ++ tests/15-basic-resolver.c | 6 +++--- ++ 1 file changed, 3 insertions(+), 3 deletions(-) ++ ++diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c ++index 6badef1..0c1eefe 100644 ++--- a/tests/15-basic-resolver.c +++++ b/tests/15-basic-resolver.c ++@@ -55,15 +55,15 @@ int main(int argc, char *argv[]) ++ unsigned int arch; ++ char *name = NULL; ++ ++- if (seccomp_syscall_resolve_name("open") != __NR_open) +++ if (seccomp_syscall_resolve_name("open") != __SNR_open) ++ goto fail; ++- if (seccomp_syscall_resolve_name("read") != __NR_read) +++ if (seccomp_syscall_resolve_name("read") != __SNR_read) ++ goto fail; ++ if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) ++ goto fail; ++ ++ rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); ++- if (rc != __NR_openat) +++ if (rc != __SNR_openat) ++ goto fail; ++ ++ while ((arch = arch_list[iter++]) != -1) { ++-- ++2.24.0 ++ diff --cc debian/python-seccomp.install index 0000000,0000000..a71458d new file mode 100644 --- /dev/null +++ b/debian/python-seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/python2.*/dist-packages/seccomp.so diff --cc debian/python3-seccomp.install index 0000000,0000000..97a45dc new file mode 100644 --- /dev/null +++ b/debian/python3-seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/python3.*/site-packages/seccomp.cpython-*.so diff --cc debian/rules index 0000000,0000000..54d5951 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,37 @@@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++ ++# Uncomment this to turn on verbose mode. ++#export DH_VERBOSE=1 ++ ++# Enable verbose build details. ++export V=1 ++ ++include /usr/share/dpkg/architecture.mk ++ ++%: ++ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) ++ dh $@ --with python3 ++else ++ dh $@ ++endif ++ ++ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) ++ ++override_dh_auto_install: ++ dh_auto_install ++ for pyver in `py3versions -s`; do \ ++ set -e; \ ++ if python3 -c "pyver='$$pyver'; exit(0 if float(pyver[6:]) >= 3.8 else 1)"; then \ ++ export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ ++ else \ ++ export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata_m_${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ ++ fi; \ ++ dh_auto_configure -- --enable-python PYTHON=$$pyver; \ ++ dh_auto_install --sourcedirectory=src/python -- PYTHON=$$pyver; \ ++ done ++endif ++ ++override_dh_auto_clean: ++ dh_auto_clean ++ rm -f regression.out diff --cc debian/seccomp.install index 0000000,0000000..1df36c6 new file mode 100644 --- /dev/null +++ b/debian/seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/bin/* diff --cc debian/seccomp.manpages index 0000000,0000000..5ea05fe new file mode 100644 --- /dev/null +++ b/debian/seccomp.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/* diff --cc debian/source/format index 0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/tests/common index 0000000,0000000..e02e8db new file mode 100644 --- /dev/null +++ b/debian/tests/common @@@ -1,0 -1,0 +1,12 @@@ ++SRCDIR="$(pwd)" ++ ++mkdir "$AUTOPKGTEST_TMP/tests" "$AUTOPKGTEST_TMP/tools" ++cp -a tests/. "$AUTOPKGTEST_TMP/tests/" ++ ++cd "$AUTOPKGTEST_TMP/tests" ++ ++# build tools needed for tests ++for tool in scmp_api_level scmp_arch_detect scmp_sys_resolver; do ++ echo "Building $tool ..." ++ gcc -O2 -g "$SRCDIR/tools/$tool.c" "$SRCDIR/tools/util.c" -lseccomp -o ../tools/$tool ++done diff --cc debian/tests/control index 0000000,0000000..3d2c4ba new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,7 @@@ ++Tests: testsuite-live ++Depends: libseccomp-dev, build-essential ++Restrictions: isolation-machine ++ ++Tests: testsuite-live-python3 ++Depends: libseccomp-dev, build-essential, python3-seccomp ++Restrictions: isolation-machine, allow-stderr diff --cc debian/tests/testsuite-live index 0000000,0000000..bbf20d0 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live @@@ -1,0 -1,0 +1,17 @@@ ++#!/bin/sh ++ ++set -eu ++ ++. debian/tests/common ++ ++# manually build necessary files against the installed libseccomp ++ ++# build live tests ++for filename in *-live-*.tests; do ++ testname=$(echo "$filename" | cut -f 1 -d '.') ++ echo "Building $testname ..." ++ gcc -O2 -g "${testname}.c" util.c -pthread -lseccomp -o "$testname" ++done ++ ++echo "Running test suite ..." ++./regression -T live diff --cc debian/tests/testsuite-live-python2 index 0000000,0000000..9c9ded4 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live-python2 @@@ -1,0 -1,0 +1,8 @@@ ++#!/bin/sh ++ ++set -eu ++ ++. debian/tests/common ++ ++echo "Running test suite ..." ++./regression -T live -m python diff --cc debian/tests/testsuite-live-python3 index 0000000,0000000..f4fb094 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live-python3 @@@ -1,0 -1,0 +1,13 @@@ ++#!/bin/sh ++ ++set -eu ++ ++. debian/tests/common ++ ++# make sure "python" points to python3 as this is not configurable ++# in the regression script ++mkdir python3env ++ln -s /usr/bin/python3 python3env/python ++ ++echo "Running test suite ..." ++PATH="$(pwd)/python3env:$PATH" ./regression -T live -m python diff --cc debian/watch index 0000000,0000000..5689edc new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,6 @@@ ++# See uscan(1) for format ++version=3 ++opts=dversionmangle=s/\+dfsg// \ ++https://github.com/seccomp/libseccomp/releases \ ++ /download/v.*/libseccomp-(.*)\.tar\.gz \ ++ debian uupdate