From: Felix Geyer Date: Sun, 10 Feb 2019 11:25:44 +0000 (+0000) Subject: libseccomp (2.3.3-4) unstable; urgency=medium X-Git-Tag: archive/raspbian/2.4.2-2+rpi1~1^2^2~5 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b1ad5d779ebf932e58652a3c9967df0e4a28212e;p=libseccomp.git libseccomp (2.3.3-4) unstable; urgency=medium [ Ondřej Nový ] * d/copyright: Change Format URL to correct one [ Helmut Grohne ] * Fix FTCBFS: (Closes: #903556) + Multiarchify python Build-Depends. + Annotate cython dependencies with :native for now. + Drop noop dh_auto_build invocations. + Pass a suitable PYTHONPATH for python2. + Pass _PYTHON_SYSCONFIGDATA_NAME for python3. [dgit import unpatched libseccomp 2.3.3-4] --- b1ad5d779ebf932e58652a3c9967df0e4a28212e diff --cc debian/changelog index 0000000,0000000..d841f08 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,200 @@@ ++libseccomp (2.3.3-4) unstable; urgency=medium ++ ++ [ Ondřej Nový ] ++ * d/copyright: Change Format URL to correct one ++ ++ [ Helmut Grohne ] ++ * Fix FTCBFS: (Closes: #903556) ++ + Multiarchify python Build-Depends. ++ + Annotate cython dependencies with :native for now. ++ + Drop noop dh_auto_build invocations. ++ + Pass a suitable PYTHONPATH for python2. ++ + Pass _PYTHON_SYSCONFIGDATA_NAME for python3. ++ ++ -- Felix Geyer Sun, 10 Feb 2019 12:25:44 +0100 ++ ++libseccomp (2.3.3-3) unstable; urgency=medium ++ ++ * Fix FTBFS: Adapt to renamed README file. (Closes: #902767) ++ ++ -- Felix Geyer Sun, 01 Jul 2018 20:32:03 +0200 ++ ++libseccomp (2.3.3-2) unstable; urgency=medium ++ ++ [ Helmut Grohne ] ++ * Support the nopython build profile. (Closes: #897057) ++ ++ [ Felix Geyer ] ++ * Run upstream "live" tests in an autopkgtest. ++ ++ -- Felix Geyer Sun, 13 May 2018 09:53:08 +0200 ++ ++libseccomp (2.3.3-1) unstable; urgency=medium ++ ++ * New upstream release. (Closes: #895417) ++ - Adds pkey_mprotect syscall. (Closes: #893722) ++ * Refresh parisc patch. ++ * Move libseccomp2 back to /usr/lib. (Closes: #894988) ++ * Make test failures cause the build to fail. (Closes: 877901) ++ * Build python bindings. (Closes: #810712) ++ * Switch to debhelper compat level 10. ++ * Move git repo to salsa.debian.org ++ * Add myself to Uploaders. ++ ++ -- Felix Geyer Sun, 22 Apr 2018 23:55:03 +0200 ++ ++libseccomp (2.3.1-2.1) unstable; urgency=medium ++ ++ [ Martin Pitt ] ++ * Non-maintainer upload with Kees' consent. ++ ++ [ Laurent Bigonville ] ++ * Ensure strict enough generated dependencies (Closes: #844496) ++ ++ -- Martin Pitt Thu, 17 Nov 2016 10:16:44 +0100 ++ ++libseccomp (2.3.1-2) unstable; urgency=medium ++ ++ * Add hppa (parisc) support (Closes: #820501) ++ ++ -- Luca Bruno Sat, 28 May 2016 20:05:01 +0200 ++ ++libseccomp (2.3.1-1) unstable; urgency=medium ++ ++ * New upstream release ++ * control: add Vcs-* fields ++ ++ -- Luca Bruno Tue, 05 Apr 2016 22:16:55 +0200 ++ ++libseccomp (2.3.0-1) unstable; urgency=medium ++ ++ * New upstream release ++ + drop all patches, applied upstream ++ * libseccomp2: update symbols file ++ * control: add myself to uploaders ++ * control: bump policy version ++ ++ -- Luca Bruno Sun, 03 Apr 2016 00:31:09 +0200 ++ ++libseccomp (2.2.3-3) unstable; urgency=medium ++ ++ [ Martin Pitt ] ++ * debian/patches/add-x86-32bit-socket-calls.patch: add the newly ++ connected direct socket calls. (Closes: #809556) ++ * debian/add-membarrier.patch: add membarrier syscall. ++ * Backport patches for ppc/ppc64 and s390x. (Closes: #800818) ++ ++ -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 ++ ++libseccomp (2.2.3-2) unstable; urgency=medium ++ ++ * debian/control: enable mips64, mips64el, and x32 architectures, ++ thanks to Helmut Grohne (Closes: 797383). ++ ++ -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 ++ ++libseccomp (2.2.3-1) unstable; urgency=medium ++ ++ * New upstream release (Closes: 793032). ++ * debian/control: update Homepage (Closes: 793033). ++ ++ -- Kees Cook Mon, 03 Aug 2015 15:06:08 -0700 ++ ++libseccomp (2.2.1-2) unstable; urgency=medium ++ ++ * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl ++ (Closes: 788923). ++ ++ -- Kees Cook Tue, 16 Jun 2015 12:45:08 -0700 ++ ++libseccomp (2.2.1-1) unstable; urgency=medium ++ ++ * New upstream release (Closes: 785428). ++ - debian/patches dropped: incorporated upstream. ++ * debian/libseccomp2.symbols: include only documented symbols. ++ * debian/libseccomp-dev.install: include static library (Closes: 698508). ++ * debian/control: ++ - add newly supported arm64, mips, and mipsel. ++ - bump standards version, no changes needed. ++ ++ -- Kees Cook Sat, 16 May 2015 08:15:26 -0700 ++ ++libseccomp (2.1.1-1) unstable; urgency=low ++ ++ * New upstream release (Closes: 733293). ++ * copyright: add a few missed people. ++ * rules: adjusted for new test target. ++ * libseccomp2.symbols: drop accidentally exported functions. ++ * control: ++ - bump standards, no changes needed. ++ - add armel target ++ ++ -- Kees Cook Sat, 12 Apr 2014 10:44:22 -0700 ++ ++libseccomp (2.1.0+dfsg-1) unstable; urgency=low ++ ++ * Rebuild source package without accidental binaries (Closes: 725617). ++ - debian/watch: mangle upstream version check. ++ * debian/rules: make tests non-fatal while upstream fixes them ++ (Closes: 721292). ++ ++ -- Kees Cook Sun, 06 Oct 2013 15:05:51 -0700 ++ ++libseccomp (2.1.0-1) unstable; urgency=low ++ ++ * New upstream release (Closes: 718398): ++ - dropped debian/patches/manpage-dashes.patch: taken upstream. ++ - dropped debian/patches/include-unistd.patch: not needed. ++ - debian/patches/testsuite-x86-write.patch: taken upstream. ++ - ABI bump: moved from libseccomp1 to libseccomp2. ++ * debian/control: ++ - added Arch: armhf, now supported upstream. ++ - added seccomp binary package for helper tools. ++ * Added debian/patches/manpage-typo.patch: spelling fix. ++ * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling. ++ ++ -- Kees Cook Tue, 13 Aug 2013 00:02:01 -0700 ++ ++libseccomp (1.0.1-2) unstable; urgency=low ++ ++ * debian/rules: enable testsuite at build time, thanks to ++ Stéphane Graber (Closes: 698803). ++ * Added debian/patches/include-unistd.patch: detect location of ++ asm/unistd.h correctly. ++ * Added debian/patches/testsuite-x86-write.patch: skip the "write" ++ syscall correctly on x86. ++ * debian/control: bump standards to 3.9.4, no changes needed. ++ ++ -- Kees Cook Wed, 23 Jan 2013 13:11:53 -0800 ++ ++libseccomp (1.0.1-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/control: only build on amd64 and i386 (Closes: 687368). ++ ++ -- Kees Cook Fri, 07 Dec 2012 11:38:03 -0800 ++ ++libseccomp (1.0.0-1) unstable; urgency=low ++ ++ * New upstream release. ++ - bump ABI. ++ - drop build verbosity patch, use upstream V=1 instead. ++ * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471). ++ * debian/patches/pkgconfig-macro.patch: use literals for macro. ++ ++ -- Kees Cook Fri, 03 Aug 2012 16:59:41 -0700 ++ ++libseccomp (0.1.0-1) unstable; urgency=low ++ ++ * New upstream release. ++ - drop patches taken upstream: ++ - libexecdir.patch ++ - pass-flags.patch ++ ++ -- Kees Cook Fri, 08 Jun 2012 12:32:22 -0700 ++ ++libseccomp (0.0.0~20120605-1) unstable; urgency=low ++ ++ * Initial release (Closes: #676257). ++ ++ -- Kees Cook Tue, 05 Jun 2012 11:28:07 -0700 diff --cc debian/compat index 0000000,0000000..f599e28 new file mode 100644 --- /dev/null +++ b/debian/compat @@@ -1,0 -1,0 +1,1 @@@ ++10 diff --cc debian/control index 0000000,0000000..b9f40df new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,74 @@@ ++Source: libseccomp ++Section: libs ++Priority: optional ++Maintainer: Kees Cook ++Uploaders: Luca Bruno , Felix Geyer ++Build-Depends: debhelper (>= 10~), ++ linux-libc-dev, ++ dh-python , ++ python-all-dev:any , ++ libpython-all-dev , ++ python3-all-dev:any , ++ libpython3-all-dev , ++ cython:native , ++ cython3:native ++Standards-Version: 3.9.7 ++Homepage: https://github.com/seccomp/libseccomp ++Vcs-Git: https://salsa.debian.org/debian/libseccomp.git ++Vcs-Browser: https://salsa.debian.org/debian/libseccomp ++ ++Package: libseccomp-dev ++Section: libdevel ++Architecture: linux-any ++Multi-Arch: same ++Pre-Depends: ${misc:Pre-Depends} ++Depends: libseccomp2 (= ${binary:Version}), ${misc:Depends} ++Suggests: seccomp ++Description: high level interface to Linux seccomp filter (development files) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ . ++ This package contains the development files. ++ ++Package: libseccomp2 ++Architecture: linux-any ++Multi-Arch: same ++Pre-Depends: ${misc:Pre-Depends} ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Description: high level interface to Linux seccomp filter ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ ++Package: seccomp ++Section: utils ++Architecture: linux-any ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Suggests: libseccomp-dev ++Description: helper tools for high level interface to Linux seccomp filter ++ Provides helper tools for interacting with libseccomp. Currently, only ++ a single tool exists, providing a way to easily enumerate syscalls across ++ the supported architectures. ++ ++Package: python-seccomp ++Build-Profiles: ++Architecture: linux-any ++Multi-Arch: same ++Section: python ++Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} ++Description: high level interface to Linux seccomp filter (Python 2 bindings) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. ++ ++Package: python3-seccomp ++Build-Profiles: ++Architecture: linux-any ++Multi-Arch: same ++Section: python ++Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} ++Description: high level interface to Linux seccomp filter (Python 3 bindings) ++ This library provides a high level interface to constructing, analyzing ++ and installing seccomp filters via a BPF passed to the Linux Kernel's ++ prctl() syscall. diff --cc debian/copyright index 0000000,0000000..307817f new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,39 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: libseccomp ++Source: https://sourceforge.net/projects/libseccomp/ ++ ++Files: * ++Copyright: 2012 Paul Moore ++ 2012 Ashley Lai ++ 2012 Corey Bryant ++ 2012 Eduardo Otubo ++ 2012 Eric Paris ++License: LGPL-2.1 ++ ++Files: tests/22-sim-basic_chains_array.tests ++Copyright: 2013 Vitaly Shukela ++License: LGPL-2.1 ++ ++Files: src/hash.* ++Copyright: 2006 Bob Jenkins ++License: LGPL-2.1 ++ ++Files: debian/* ++Copyright: 2012 Kees Cook ++License: LGPL-2.1 ++ ++License: LGPL-2.1 ++ This library is free software; you can redistribute it and/or modify it ++ under the terms of version 2.1 of the GNU Lesser General Public License as ++ published by the Free Software Foundation. ++ . ++ This library is distributed in the hope that it will be useful, but WITHOUT ++ ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ for more details. ++ . ++ You should have received a copy of the GNU Lesser General Public License ++ along with this library; if not, see . ++ . ++ On Debian systems, the complete text of the GNU Lesser General ++ Public License can be found in "/usr/share/common-licenses/LGPL-2.1". diff --cc debian/docs index 0000000,0000000..b43bf86 new file mode 100644 --- /dev/null +++ b/debian/docs @@@ -1,0 -1,0 +1,1 @@@ ++README.md diff --cc debian/gbp.conf index 0000000,0000000..c16083c new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,9 @@@ ++[DEFAULT] ++upstream-tag = upstream/%(version)s ++debian-tag = debian/%(version)s ++pristine-tar = True ++upstream-branch = upstream ++debian-branch = debian/sid ++ ++[buildpackage] ++submodules = True diff --cc debian/libseccomp-dev.install index 0000000,0000000..b973af4 new file mode 100644 --- /dev/null +++ b/debian/libseccomp-dev.install @@@ -1,0 -1,0 +1,4 @@@ ++usr/include/* ++usr/lib/*/lib*.so ++usr/lib/*/lib*.a ++usr/lib/*/pkgconfig/* diff --cc debian/libseccomp-dev.manpages index 0000000,0000000..7c72677 new file mode 100644 --- /dev/null +++ b/debian/libseccomp-dev.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man3/* diff --cc debian/libseccomp2.install index 0000000,0000000..3ddde58 new file mode 100644 --- /dev/null +++ b/debian/libseccomp2.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/*/lib*.so.* diff --cc debian/libseccomp2.symbols index 0000000,0000000..4d6a1cd new file mode 100644 --- /dev/null +++ b/debian/libseccomp2.symbols @@@ -1,0 -1,0 +1,26 @@@ ++libseccomp.so.2 libseccomp2 #MINVER# ++* Build-Depends-Package: libseccomp-dev ++ seccomp_attr_get@Base 0.0.0~20120605 ++ seccomp_attr_set@Base 0.0.0~20120605 ++ seccomp_export_bpf@Base 0.0.0~20120605 ++ seccomp_export_pfc@Base 0.0.0~20120605 ++ seccomp_init@Base 0.0.0~20120605 ++ seccomp_load@Base 0.0.0~20120605 ++ seccomp_release@Base 0.0.0~20120605 ++ seccomp_reset@Base 0.0.0~20120605 ++ seccomp_rule_add@Base 0.0.0~20120605 ++ seccomp_rule_add_exact@Base 0.0.0~20120605 ++ seccomp_syscall_priority@Base 0.0.0~20120605 ++ seccomp_syscall_resolve_name@Base 1.0.1 ++ seccomp_merge@Base 1.0.1 ++ seccomp_arch_add@Base 1.0.1 ++ seccomp_arch_exist@Base 1.0.1 ++ seccomp_arch_remove@Base 1.0.1 ++ seccomp_arch_native@Base 2.1.0 ++ seccomp_rule_add_array@Base 2.1.0 ++ seccomp_rule_add_exact_array@Base 2.1.0 ++ seccomp_syscall_resolve_name_arch@Base 2.1.0 ++ seccomp_syscall_resolve_num_arch@Base 2.1.0 ++ seccomp_arch_resolve_name@Base 2.2.1 ++ seccomp_syscall_resolve_name_rewrite@Base 2.2.1 ++ seccomp_version@Base 2.3.0 diff --cc debian/patches/28-parisc_support.patch index 0000000,0000000..d5ec846 new file mode 100644 --- /dev/null +++ b/debian/patches/28-parisc_support.patch @@@ -1,0 -1,0 +1,982 @@@ ++From c86e1f565537b28b73ebd63f0239b4a446925534 Mon Sep 17 00:00:00 2001 ++From: Helge Deller ++Date: Wed, 25 May 2016 16:53:39 +0200 ++Subject: [PATCH] arch: Add parisc architecture support ++ ++This patch (v4) adds support for the parisc and parisc64 architectures ++to libseccomp. ++ ++I didn't split up the patch, because it's pretty trivial. ++Those parisc-specific files gets added: ++ src/arch-parisc-syscalls.c ++ src/arch-parisc.c ++ src/arch-parisc.h ++ src/arch-parisc64.c ++ ++All other changes are trivial because they simply add parisc-specific ++case statements in variouse switch statements. ++ ++I did ran a "make check" on x86-64 and parisc and all testcases succeeded. ++All live testcases succeed as well when running "./regression -T live". ++ ++The patch applies cleanly to current libseccomp git head. ++ ++Changes between v4 and v3 of this patch: ++- Added parisc arch to arch-syscall-check.c and fixup syscall table as ++ needed ++- Fixed copyright notices in parisc files as suggested by Mike Frysinger ++ ++Changes between v3 and v2 of this patch: ++- Stripped out patch which reports if a check was skipped because ++ valgrind isn't installed. ++- Added tuxcall pseudo syscall for 19-sim-missing_syscalls testcase ++- Added sysmips pseudo syscall for 29-sim-pseudo_syscall testcase ++ ++Changes between v2 and v1 of this patch: ++- Enabled seccomp mode 2 regression tests on parisc. Kernel support for ++ hppa was added in kernel 4.6-rc1 and backported into the kernel v4.5.2 ++ stable series. ++ ++Signed-off-by: Helge Deller ++[PM: corrected a number or errors from 'make check-syntax'] ++Signed-off-by: Paul Moore ++--- ++ include/seccomp.h.in | 6 + ++ src/Makefile.am | 2 + ++ src/arch-parisc-syscalls.c | 499 ++++++++++++++++++++++++++++++++++++++ ++ src/arch-parisc.c | 22 ++ ++ src/arch-parisc.h | 38 +++ ++ src/arch-parisc64.c | 22 ++ ++ src/arch-syscall-check.c | 11 + ++ src/arch-syscall-dump.c | 5 + ++ src/arch.c | 13 + ++ src/gen_pfc.c | 4 + ++ src/python/libseccomp.pxd | 2 + ++ src/python/seccomp.pyx | 8 + ++ tests/26-sim-arch_all_be_basic.c | 6 + ++ tests/26-sim-arch_all_be_basic.py | 2 + ++ tests/regression | 3 +- ++ tools/scmp_arch_detect.c | 6 + ++ tools/scmp_bpf_sim.c | 4 + ++ tools/util.c | 4 + ++ 18 files changed, 656 insertions(+), 1 deletion(-) ++ create mode 100644 src/arch-parisc-syscalls.c ++ create mode 100644 src/arch-parisc.c ++ create mode 100644 src/arch-parisc.h ++ create mode 100644 src/arch-parisc64.c ++ ++Index: libseccomp/include/seccomp.h.in ++=================================================================== ++--- libseccomp.orig/include/seccomp.h.in 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/include/seccomp.h.in 2016-05-28 19:57:02.038592653 +0200 ++@@ -185,6 +185,12 @@ ++ #define SCMP_ARCH_S390X AUDIT_ARCH_S390X ++ ++ /** +++ * The PA-RISC hppa architecture tokens +++ */ +++#define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC +++#define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64 +++ +++/** ++ * Convert a syscall name into the associated syscall number ++ * @param x the syscall name ++ */ ++Index: libseccomp/src/Makefile.am ++=================================================================== ++--- libseccomp.orig/src/Makefile.am 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/Makefile.am 2016-05-28 19:57:02.038592653 +0200 ++@@ -35,6 +35,8 @@ ++ arch-mips.h arch-mips.c arch-mips-syscalls.c \ ++ arch-mips64.h arch-mips64.c arch-mips64-syscalls.c \ ++ arch-mips64n32.h arch-mips64n32.c arch-mips64n32-syscalls.c \ +++ arch-parisc.h arch-parisc.c arch-parisc-syscalls.c \ +++ arch-parisc64.h arch-parisc64.c \ ++ arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \ ++ arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \ ++ arch-s390.h arch-s390.c arch-s390-syscalls.c \ ++Index: libseccomp/src/arch-parisc-syscalls.c ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ libseccomp/src/arch-parisc-syscalls.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -0,0 +1,499 @@ +++/* +++ * Copyright (c) 2016 Helge Deller +++ * Author: Helge Deller +++ */ +++ +++#include +++ +++#include +++ +++#include "arch.h" +++#include "arch-parisc.h" +++ +++/* NOTE: based on Linux 4.5-rc4 */ +++const struct arch_syscall_def parisc_syscall_table[] = { \ +++ { "_llseek", 140 }, +++ { "_newselect", 142 }, +++ { "_sysctl", 149 }, +++ { "accept", 35 }, +++ { "accept4", 320 }, +++ { "access", 33 }, +++ { "acct", 51 }, +++ { "add_key", 264 }, +++ { "adjtimex", 124 }, +++ { "afs_syscall", 137 }, +++ { "alarm", 27 }, +++ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, +++ { "arm_sync_file_range", __PNR_arm_sync_file_range }, +++ { "arch_prctl", __PNR_arch_prctl }, +++ { "bdflush", 134 }, +++ { "bind", 22 }, +++ { "bpf", 341 }, +++ { "break", __PNR_break }, +++ { "breakpoint", __PNR_breakpoint }, +++ { "brk", 45 }, +++ { "cachectl", __PNR_cachectl }, +++ { "cacheflush", __PNR_cacheflush }, +++ { "capget", 106 }, +++ { "capset", 107 }, +++ { "chdir", 12 }, +++ { "chmod", 15 }, +++ { "chown", 180 }, +++ { "chown32", __PNR_chown32 }, +++ { "chroot", 61 }, +++ { "clock_adjtime", 324 }, +++ { "clock_getres", 257 }, +++ { "clock_gettime", 256 }, +++ { "clock_nanosleep", 258 }, +++ { "clock_settime", 255 }, +++ { "clone", 120 }, +++ { "close", 6 }, +++ { "connect", 31 }, +++ { "copy_file_range", 346 }, +++ { "creat", 8 }, +++ { "create_module", 127 }, +++ { "delete_module", 129 }, +++ { "dup", 41 }, +++ { "dup2", 63 }, +++ { "dup3", 312 }, +++ { "epoll_create", 224 }, +++ { "epoll_create1", 311 }, +++ { "epoll_ctl", 225 }, +++ { "epoll_ctl_old", __PNR_epoll_ctl_old }, +++ { "epoll_pwait", 297 }, +++ { "epoll_wait", 226 }, +++ { "epoll_wait_old", __PNR_epoll_wait_old }, +++ { "eventfd", 304 }, +++ { "eventfd2", 310 }, +++ { "execve", 11 }, +++ { "execveat", 342 }, +++ { "exit", 1 }, +++ { "exit_group", 222 }, +++ { "faccessat", 287 }, +++ { "fadvise64", __PNR_fadvise64 }, +++ { "fadvise64_64", 236 }, +++ { "fallocate", 305 }, +++ { "fanotify_init", 322 }, +++ { "fanotify_mark", 323 }, +++ { "fchdir", 133 }, +++ { "fchmod", 94 }, +++ { "fchmodat", 286 }, +++ { "fchown", 95 }, +++ { "fchown32", __PNR_fchown32 }, +++ { "fchownat", 278 }, +++ { "fcntl", 55 }, +++ { "fcntl64", 202 }, +++ { "fdatasync", 148 }, +++ { "fgetxattr", 243 }, +++ { "finit_module", 333 }, +++ { "flistxattr", 246 }, +++ { "flock", 143 }, +++ { "fork", 2 }, +++ { "fremovexattr", 249 }, +++ { "fsetxattr", 240 }, +++ { "fstat", 28 }, +++ { "fstat64", 112 }, +++ { "fstatat64", 280 }, +++ { "fstatfs", 100 }, +++ { "fstatfs64", 299 }, +++ { "fsync", 118 }, +++ { "ftime", __PNR_ftime }, +++ { "ftruncate", 93 }, +++ { "ftruncate64", 200 }, +++ { "futex", 210 }, +++ { "futimesat", 279 }, +++ { "get_kernel_syms", 130 }, +++ { "get_mempolicy", 261 }, +++ { "get_robust_list", 290 }, +++ { "get_thread_area", 214 }, +++ { "getcpu", 296 }, +++ { "getcwd", 110 }, +++ { "getdents", 141 }, +++ { "getdents64", 201 }, +++ { "getegid", 50 }, +++ { "getegid32", __PNR_getegid32 }, +++ { "geteuid", 49 }, +++ { "geteuid32", __PNR_geteuid32 }, +++ { "getgid", 47 }, +++ { "getgid32", __PNR_getgid32 }, +++ { "getgroups", 80 }, +++ { "getgroups32", __PNR_getgroups32 }, +++ { "getitimer", 105 }, +++ { "getpeername", 53 }, +++ { "getpgid", 132 }, +++ { "getpgrp", 65 }, +++ { "getpid", 20 }, +++ { "getpmsg", 196 }, +++ { "getppid", 64 }, +++ { "getpriority", 96 }, +++ { "getrandom", 339 }, +++ { "getresgid", 171 }, +++ { "getresgid32", __PNR_getresgid32 }, +++ { "getresuid", 165 }, +++ { "getresuid32", __PNR_getresuid32 }, +++ { "getrlimit", 76 }, +++ { "getrusage", 77 }, +++ { "getsid", 147 }, +++ { "getsockname", 44 }, +++ { "getsockopt", 182 }, +++ { "gettid", 206 }, +++ { "gettimeofday", 78 }, +++ { "getuid", 24 }, +++ { "getuid32", __PNR_getuid32 }, +++ { "getxattr", 241 }, +++ { "gtty", __PNR_gtty }, +++ { "idle", __PNR_idle }, +++ { "init_module", 128 }, +++ { "inotify_add_watch", 270 }, +++ { "inotify_init", 269 }, +++ { "inotify_init1", 314 }, +++ { "inotify_rm_watch", 271 }, +++ { "io_cancel", 219 }, +++ { "io_destroy", 216 }, +++ { "io_getevents", 217 }, +++ { "io_setup", 215 }, +++ { "io_submit", 218 }, +++ { "ioctl", 54 }, +++ { "ioperm", __PNR_ioperm }, +++ { "iopl", __PNR_iopl }, +++ { "ioprio_get", 268 }, +++ { "ioprio_set", 267 }, +++ { "ipc", __PNR_ipc }, +++ { "kcmp", 332 }, +++ { "kexec_file_load", __PNR_kexec_file_load }, +++ { "kexec_load", 300 }, +++ { "keyctl", 266 }, +++ { "kill", 37 }, +++ { "lchown", 16 }, +++ { "lchown32", __PNR_lchown32 }, +++ { "lgetxattr", 242 }, +++ { "link", 9 }, +++ { "linkat", 283 }, +++ { "listen", 32 }, +++ { "listxattr", 244 }, +++ { "llistxattr", 245 }, +++ { "lock", __PNR_lock }, +++ { "lookup_dcookie", 223 }, +++ { "lremovexattr", 248 }, +++ { "lseek", 19 }, +++ { "lsetxattr", 239 }, +++ { "lstat", 84 }, +++ { "lstat64", 198 }, +++ { "madvise", 119 }, +++ { "mbind", 260 }, +++ { "membarrier", 343 }, +++ { "memfd_create", 340 }, +++ { "migrate_pages", 272 }, +++ { "mincore", 72 }, +++ { "mkdir", 39 }, +++ { "mkdirat", 276 }, +++ { "mknod", 14 }, +++ { "mknodat", 277 }, +++ { "mlock", 150 }, +++ { "mlock2", 345 }, +++ { "mlockall", 152 }, +++ { "mmap", 90 }, +++ { "mmap2", 89 }, +++ { "modify_ldt", __PNR_modify_ldt }, +++ { "mount", 21 }, +++ { "move_pages", 295 }, +++ { "mprotect", 125 }, +++ { "mpx", __PNR_mpx }, +++ { "mq_getsetattr", 234 }, +++ { "mq_notify", 233 }, +++ { "mq_open", 229 }, +++ { "mq_timedreceive", 232 }, +++ { "mq_timedsend", 231 }, +++ { "mq_unlink", 230 }, +++ { "mremap", 163 }, +++ { "msgctl", 191 }, +++ { "msgget", 190 }, +++ { "msgrcv", 189 }, +++ { "msgsnd", 188 }, +++ { "msync", 144 }, +++ { "multiplexer", __PNR_multiplexer }, +++ { "munlock", 151 }, +++ { "munlockall", 153 }, +++ { "munmap", 91 }, +++ { "name_to_handle_at", 325 }, +++ { "nanosleep", 162 }, +++ { "newfstatat", __PNR_newfstatat }, +++ { "nfsservctl", 169 }, +++ { "nice", 34 }, +++ { "oldfstat", __PNR_oldfstat }, +++ { "oldlstat", __PNR_oldlstat }, +++ { "oldolduname", __PNR_oldolduname }, +++ { "oldstat", __PNR_oldstat }, +++ { "olduname", __PNR_olduname }, +++ { "oldwait4", __PNR_oldwait4 }, +++ { "open", 5 }, +++ { "open_by_handle_at", 326 }, +++ { "openat", 275 }, +++ { "pause", 29 }, +++ { "pciconfig_iobase", __PNR_pciconfig_iobase }, +++ { "pciconfig_read", __PNR_pciconfig_read }, +++ { "pciconfig_write", __PNR_pciconfig_write }, +++ { "perf_event_open", 318 }, +++ { "personality", 136 }, +++ { "pipe", 42 }, +++ { "pipe2", 313 }, +++ { "pivot_root", 67 }, +++ { "poll", 168 }, +++ { "ppoll", 274 }, +++ { "prctl", 172 }, +++ { "pread64", 108 }, +++ { "preadv", 315 }, +++ { "prlimit64", 321 }, +++ { "process_vm_readv", 330 }, +++ { "process_vm_writev", 331 }, +++ { "prof", __PNR_prof }, +++ { "profil", __PNR_profil }, +++ { "pselect6", 273 }, +++ { "ptrace", 26 }, +++ { "putpmsg", 197 }, +++ { "pwrite64", 109 }, +++ { "pwritev", 316 }, +++ { "query_module", 167 }, +++ { "quotactl", 131 }, +++ { "read", 3 }, +++ { "readahead", 207 }, +++ { "readdir", __PNR_readdir }, +++ { "readlink", 85 }, +++ { "readlinkat", 285 }, +++ { "readv", 145 }, +++ { "reboot", 88 }, +++ { "recv", 98 }, +++ { "recvfrom", 123 }, +++ { "recvmmsg", 319 }, +++ { "recvmsg", 184 }, +++ { "remap_file_pages", 227 }, +++ { "removexattr", 247 }, +++ { "rename", 38 }, +++ { "renameat", 282 }, +++ { "renameat2", 337 }, +++ { "request_key", 265 }, +++ { "restart_syscall", 0 }, +++ { "rmdir", 40 }, +++ { "rt_sigaction", 174 }, +++ { "rt_sigpending", 176 }, +++ { "rt_sigprocmask", 175 }, +++ { "rt_sigqueueinfo", 178 }, +++ { "rt_sigreturn", 173 }, +++ { "rt_sigsuspend", 179 }, +++ { "rt_sigtimedwait", 177 }, +++ { "rt_tgsigqueueinfo", 317 }, +++ { "rtas", __PNR_rtas }, +++ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, +++ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, +++ { "s390_runtime_instr", __PNR_s390_runtime_instr }, +++ { "sched_get_priority_max", 159 }, +++ { "sched_get_priority_min", 160 }, +++ { "sched_getaffinity", 212 }, +++ { "sched_getattr", 335 }, +++ { "sched_getparam", 155 }, +++ { "sched_getscheduler", 157 }, +++ { "sched_rr_get_interval", 161 }, +++ { "sched_setaffinity", 211 }, +++ { "sched_setattr", 334 }, +++ { "sched_setparam", 154 }, +++ { "sched_setscheduler", 156 }, +++ { "sched_yield", 158 }, +++ { "seccomp", 338 }, +++ { "security", __PNR_security }, +++ { "select", __PNR_select }, +++ { "semctl", 187 }, +++ { "semget", 186 }, +++ { "semop", 185 }, +++ { "semtimedop", 228 }, +++ { "send", 58 }, +++ { "sendfile", 122 }, +++ { "sendfile64", 209 }, +++ { "sendmmsg", 329 }, +++ { "sendmsg", 183 }, +++ { "sendto", 82 }, +++ { "set_mempolicy", 262 }, +++ { "set_robust_list", 289 }, +++ { "set_thread_area", 213 }, +++ { "set_tid_address", 237 }, +++ { "set_tls", __PNR_set_tls }, +++ { "setdomainname", 121 }, +++ { "setfsgid", 139 }, +++ { "setfsgid32", __PNR_setfsgid32 }, +++ { "setfsuid", 138 }, +++ { "setfsuid32", __PNR_setfsuid32 }, +++ { "setgid", 46 }, +++ { "setgid32", __PNR_setgid32 }, +++ { "setgroups", 81 }, +++ { "setgroups32", __PNR_setgroups32}, +++ { "sethostname", 74 }, +++ { "setitimer", 104 }, +++ { "setns", 328 }, +++ { "setpgid", 57 }, +++ { "setpriority", 97 }, +++ { "setregid", 71 }, +++ { "setregid32", __PNR_setregid32 }, +++ { "setresgid", 170 }, +++ { "setresgid32", __PNR_setresgid32 }, +++ { "setresuid", 164 }, +++ { "setresuid32", __PNR_setresuid32 }, +++ { "setreuid", 70 }, +++ { "setreuid32", __PNR_setreuid32 }, +++ { "setrlimit", 75 }, +++ { "setsid", 66 }, +++ { "setsockopt", 181 }, +++ { "settimeofday", 79 }, +++ { "setuid", 23 }, +++ { "setuid32", __PNR_setuid32 }, +++ { "setxattr", 238 }, +++ { "sgetmask", 68 }, +++ { "shmat", 192 }, +++ { "shmctl", 195 }, +++ { "shmdt", 193 }, +++ { "shmget", 194 }, +++ { "shutdown", 117 }, +++ { "sigaction", __PNR_sigaction }, +++ { "sigaltstack", 166 }, +++ { "signal", 48 }, +++ { "signalfd", 302 }, +++ { "signalfd4", 309 }, +++ { "sigpending", 73 }, +++ { "sigprocmask", 126 }, +++ { "sigreturn", __PNR_sigreturn }, +++ { "sigsuspend", __PNR_sigsuspend }, +++ { "socket", 17 }, +++ { "socketcall", __PNR_socketcall }, +++ { "socketpair", 56 }, +++ { "splice", 291 }, +++ { "spu_create", __PNR_spu_create }, +++ { "spu_run", __PNR_spu_run }, +++ { "ssetmask", 69 }, +++ { "stat", 18 }, +++ { "stat64", 101 }, +++ { "statfs", 99 }, +++ { "statfs64", 298 }, +++ { "stime", 25 }, +++ { "stty", __PNR_stty }, +++ { "subpage_prot", __PNR_subpage_prot }, +++ { "swapcontext", __PNR_swapcontext }, +++ { "swapoff", 115 }, +++ { "swapon", 87 }, +++ { "switch_endian", __PNR_switch_endian }, +++ { "symlink", 83 }, +++ { "symlinkat", 284 }, +++ { "sync", 36 }, +++ { "sync_file_range", 292 }, +++ { "sync_file_range2", __PNR_sync_file_range2 }, +++ { "syncfs", 327 }, +++ { "syscall", __PNR_syscall }, +++ { "sys_debug_setcontext", __PNR_sys_debug_setcontext }, +++ { "sysfs", 135 }, +++ { "sysinfo", 116 }, +++ { "syslog", 103 }, +++ { "sysmips", __PNR_sysmips }, +++ { "tee", 293 }, +++ { "tgkill", 259 }, +++ { "time", 13 }, +++ { "timer_create", 250 }, +++ { "timer_delete", 254 }, +++ { "timer_getoverrun", 253 }, +++ { "timer_gettime", 252 }, +++ { "timer_settime", 251 }, +++ { "timerfd", 303 }, +++ { "timerfd_create", 306 }, +++ { "timerfd_gettime", 308 }, +++ { "timerfd_settime", 307 }, +++ { "times", 43 }, +++ { "tkill", 208 }, +++ { "truncate", 92 }, +++ { "truncate64", 199 }, +++ { "tuxcall", __PNR_tuxcall }, +++ { "ugetrlimit", __PNR_ugetrlimit }, +++ { "ulimit", __PNR_ulimit }, +++ { "umask", 60 }, +++ { "umount", __PNR_umount }, +++ { "umount2", 52 }, +++ { "uname", 59 }, +++ { "unlink", 10 }, +++ { "unlinkat", 281 }, +++ { "unshare", 288 }, +++ { "uselib", 86 }, +++ { "userfaultfd", 344 }, +++ { "usr26", __PNR_usr26 }, +++ { "usr32", __PNR_usr32 }, +++ { "ustat", 62 }, +++ { "utime", 30 }, +++ { "utimensat", 301 }, +++ { "utimes", 336 }, +++ { "vfork", 113 }, +++ { "vhangup", 111 }, +++ { "vm86", __PNR_vm86 }, +++ { "vm86old", __PNR_vm86old }, +++ { "vmsplice", 294 }, +++ { "vserver", 263 }, +++ { "wait4", 114 }, +++ { "waitid", 235 }, +++ { "waitpid", 7 }, +++ { "write", 4 }, +++ { "writev", 146 }, +++ { NULL, __NR_SCMP_ERROR }, +++}; +++ +++/** +++ * Resolve a syscall name to a number +++ * @param name the syscall name +++ * +++ * Resolve the given syscall name to the syscall number using the syscall table. +++ * Returns the syscall number on success, including negative pseudo syscall +++ * numbers; returns __NR_SCMP_ERROR on failure. +++ * +++ */ +++int parisc_syscall_resolve_name(const char *name) +++{ +++ unsigned int iter; +++ const struct arch_syscall_def *table = parisc_syscall_table; +++ +++ /* XXX - plenty of room for future improvement here */ +++ for (iter = 0; table[iter].name != NULL; iter++) { +++ if (strcmp(name, table[iter].name) == 0) +++ return table[iter].num; +++ } +++ +++ return __NR_SCMP_ERROR; +++} +++ +++/** +++ * Resolve a syscall number to a name +++ * @param num the syscall number +++ * +++ * Resolve the given syscall number to the syscall name using the syscall table. +++ * Returns a pointer to the syscall name string on success, including pseudo +++ * syscall names; returns NULL on failure. +++ * +++ */ +++const char *parisc_syscall_resolve_num(int num) +++{ +++ unsigned int iter; +++ const struct arch_syscall_def *table = parisc_syscall_table; +++ +++ /* XXX - plenty of room for future improvement here */ +++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { +++ if (num == table[iter].num) +++ return table[iter].name; +++ } +++ +++ return NULL; +++} +++ +++/** +++ * Iterate through the syscall table and return the syscall name +++ * @param spot the offset into the syscall table +++ * +++ * Return the syscall name at position @spot or NULL on failure. This function +++ * should only ever be used internally by libseccomp. +++ * +++ */ +++const struct arch_syscall_def *parisc_syscall_iterate(unsigned int spot) +++{ +++ /* XXX - no safety checks here */ +++ return &parisc_syscall_table[spot]; +++} ++Index: libseccomp/src/arch-parisc.c ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ libseccomp/src/arch-parisc.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -0,0 +1,22 @@ +++/* +++ * Copyright (c) 2016 Helge Deller +++ * Author: Helge Deller +++ */ +++ +++#include +++#include +++#include +++ +++#include "arch.h" +++#include "arch-parisc.h" +++ +++const struct arch_def arch_def_parisc = { +++ .token = SCMP_ARCH_PARISC, +++ .token_bpf = AUDIT_ARCH_PARISC, +++ .size = ARCH_SIZE_32, +++ .endian = ARCH_ENDIAN_BIG, +++ .syscall_resolve_name = parisc_syscall_resolve_name, +++ .syscall_resolve_num = parisc_syscall_resolve_num, +++ .syscall_rewrite = NULL, +++ .rule_add = NULL, +++}; ++Index: libseccomp/src/arch-parisc.h ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ libseccomp/src/arch-parisc.h 2016-05-28 19:57:02.042592678 +0200 ++@@ -0,0 +1,38 @@ +++/** +++ * Enhanced Seccomp PARISC Specific Code +++ * +++ * Copyright (c) 2016 Helge Deller +++ * +++ */ +++ +++/* +++ * This library is free software; you can redistribute it and/or modify it +++ * under the terms of version 2.1 of the GNU Lesser General Public License as +++ * published by the Free Software Foundation. +++ * +++ * This library is distributed in the hope that it will be useful, but WITHOUT +++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +++ * for more details. +++ * +++ * You should have received a copy of the GNU Lesser General Public License +++ * along with this library; if not, see . +++ */ +++ +++#ifndef _ARCH_PARISC_H +++#define _ARCH_PARISC_H +++ +++#include +++ +++#include "arch.h" +++#include "system.h" +++ +++extern const struct arch_def arch_def_parisc; +++extern const struct arch_def arch_def_parisc64; +++ +++int parisc_syscall_resolve_name(const char *name); +++const char *parisc_syscall_resolve_num(int num); +++ +++const struct arch_syscall_def *parisc_syscall_iterate(unsigned int spot); +++ +++#endif ++Index: libseccomp/src/arch-parisc64.c ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ libseccomp/src/arch-parisc64.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -0,0 +1,22 @@ +++/* +++ * Copyright (c) 2016 Helge Deller +++ * Author: Helge Deller +++*/ +++ +++#include +++#include +++#include +++ +++#include "arch.h" +++#include "arch-parisc.h" +++ +++const struct arch_def arch_def_parisc64 = { +++ .token = SCMP_ARCH_PARISC64, +++ .token_bpf = AUDIT_ARCH_PARISC64, +++ .size = ARCH_SIZE_64, +++ .endian = ARCH_ENDIAN_BIG, +++ .syscall_resolve_name = parisc_syscall_resolve_name, +++ .syscall_resolve_num = parisc_syscall_resolve_num, +++ .syscall_rewrite = NULL, +++ .rule_add = NULL, +++}; ++Index: libseccomp/src/arch-syscall-check.c ++=================================================================== ++--- libseccomp.orig/src/arch-syscall-check.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/arch-syscall-check.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -33,6 +33,7 @@ ++ #include "arch-mips.h" ++ #include "arch-mips64.h" ++ #include "arch-mips64n32.h" +++#include "arch-parisc.h" ++ #include "arch-ppc.h" ++ #include "arch-ppc64.h" ++ #include "arch-s390.h" ++@@ -71,6 +72,7 @@ ++ int i_mips = 0; ++ int i_mips64 = 0; ++ int i_mips64n32 = 0; +++ int i_parisc = 0; ++ int i_ppc = 0; ++ int i_ppc64 = 0; ++ int i_s390 = 0; ++@@ -101,6 +103,8 @@ ++ mips64_syscall_iterate(i_mips64)); ++ syscall_check(str_miss, sys_name, "mips64n32", ++ mips64n32_syscall_iterate(i_mips64n32)); +++ syscall_check(str_miss, sys_name, "parisc", +++ parisc_syscall_iterate(i_parisc)); ++ syscall_check(str_miss, sys_name, "ppc", ++ ppc_syscall_iterate(i_ppc)); ++ syscall_check(str_miss, sys_name, "ppc64", ++@@ -135,6 +139,8 @@ ++ i_mips64 = -1; ++ if (!mips64n32_syscall_iterate(++i_mips64n32)->name) ++ i_mips64n32 = -1; +++ if (!parisc_syscall_iterate(++i_parisc)->name) +++ i_parisc = -1; ++ if (!ppc_syscall_iterate(++i_ppc)->name) ++ i_ppc = -1; ++ if (!ppc64_syscall_iterate(++i_ppc64)->name) ++@@ -146,6 +152,7 @@ ++ } while (i_x86_64 >= 0 && i_x32 >= 0 && ++ i_arm >= 0 && i_aarch64 >= 0 && ++ i_mips >= 0 && i_mips64 >= 0 && i_mips64n32 >= 0 && +++ i_parisc >= 0 && ++ i_ppc >= 0 && i_ppc64 >= 0 && ++ i_s390 >= 0 && i_s390x >= 0); ++ ++@@ -190,6 +197,10 @@ ++ printf("ERROR, mips64n32 has additional syscalls\n"); ++ return 1; ++ } +++ if (i_parisc >= 0) { +++ printf("ERROR, parisc has additional syscalls\n"); +++ return 1; +++ } ++ if (i_ppc >= 0) { ++ printf("ERROR, ppc has additional syscalls\n"); ++ return 1; ++Index: libseccomp/src/arch-syscall-dump.c ++=================================================================== ++--- libseccomp.orig/src/arch-syscall-dump.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/arch-syscall-dump.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -38,6 +38,7 @@ ++ #include "arch-mips64.h" ++ #include "arch-mips64n32.h" ++ #include "arch-aarch64.h" +++#include "arch-parisc.h" ++ #include "arch-ppc.h" ++ #include "arch-ppc64.h" ++ #include "arch-s390.h" ++@@ -116,6 +117,10 @@ ++ case SCMP_ARCH_MIPSEL64N32: ++ sys = mips64n32_syscall_iterate(iter); ++ break; +++ case SCMP_ARCH_PARISC: +++ case SCMP_ARCH_PARISC64: +++ sys = parisc_syscall_iterate(iter); +++ break; ++ case SCMP_ARCH_PPC: ++ sys = ppc_syscall_iterate(iter); ++ break; ++Index: libseccomp/src/arch.c ++=================================================================== ++--- libseccomp.orig/src/arch.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/arch.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -38,6 +38,7 @@ ++ #include "arch-mips.h" ++ #include "arch-mips64.h" ++ #include "arch-mips64n32.h" +++#include "arch-parisc.h" ++ #include "arch-ppc.h" ++ #include "arch-ppc64.h" ++ #include "arch-s390.h" ++@@ -79,6 +80,10 @@ ++ #elif __MIPSEL__ ++ const struct arch_def *arch_def_native = &arch_def_mipsel64n32; ++ #endif /* _MIPS_SIM_NABI32 */ +++#elif __hppa64__ /* hppa64 must be checked before hppa */ +++const struct arch_def *arch_def_native = &arch_def_parisc64; +++#elif __hppa__ +++const struct arch_def *arch_def_native = &arch_def_parisc; ++ #elif __PPC64__ ++ #ifdef __BIG_ENDIAN__ ++ const struct arch_def *arch_def_native = &arch_def_ppc64; ++@@ -139,6 +144,10 @@ ++ return &arch_def_mips64n32; ++ case SCMP_ARCH_MIPSEL64N32: ++ return &arch_def_mipsel64n32; +++ case SCMP_ARCH_PARISC: +++ return &arch_def_parisc; +++ case SCMP_ARCH_PARISC64: +++ return &arch_def_parisc64; ++ case SCMP_ARCH_PPC: ++ return &arch_def_ppc; ++ case SCMP_ARCH_PPC64: ++@@ -185,6 +194,10 @@ ++ return &arch_def_mips64n32; ++ else if (strcmp(arch_name, "mipsel64n32") == 0) ++ return &arch_def_mipsel64n32; +++ else if (strcmp(arch_name, "parisc64") == 0) +++ return &arch_def_parisc64; +++ else if (strcmp(arch_name, "parisc") == 0) +++ return &arch_def_parisc; ++ else if (strcmp(arch_name, "ppc") == 0) ++ return &arch_def_ppc; ++ else if (strcmp(arch_name, "ppc64") == 0) ++Index: libseccomp/src/gen_pfc.c ++=================================================================== ++--- libseccomp.orig/src/gen_pfc.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/gen_pfc.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -71,6 +71,10 @@ ++ return "mips64n32"; ++ case SCMP_ARCH_MIPSEL64N32: ++ return "mipsel64n32"; +++ case SCMP_ARCH_PARISC: +++ return "parisc"; +++ case SCMP_ARCH_PARISC64: +++ return "parisc64"; ++ case SCMP_ARCH_PPC64: ++ return "ppc64"; ++ case SCMP_ARCH_PPC64LE: ++Index: libseccomp/src/python/libseccomp.pxd ++=================================================================== ++--- libseccomp.orig/src/python/libseccomp.pxd 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/python/libseccomp.pxd 2016-05-28 19:57:02.042592678 +0200 ++@@ -43,6 +43,8 @@ ++ SCMP_ARCH_MIPSEL ++ SCMP_ARCH_MIPSEL64 ++ SCMP_ARCH_MIPSEL64N32 +++ SCMP_ARCH_PARISC +++ SCMP_ARCH_PARISC64 ++ SCMP_ARCH_PPC ++ SCMP_ARCH_PPC64 ++ SCMP_ARCH_PPC64LE ++Index: libseccomp/src/python/seccomp.pyx ++=================================================================== ++--- libseccomp.orig/src/python/seccomp.pyx 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/src/python/seccomp.pyx 2016-05-28 19:57:02.042592678 +0200 ++@@ -147,6 +147,8 @@ ++ MIPSEL - MIPS little endian O32 ABI ++ MIPSEL64 - MIPS little endian 64-bit ABI ++ MIPSEL64N32 - MIPS little endian N32 ABI +++ PARISC - 32-bit PA-RISC +++ PARISC64 - 64-bit PA-RISC ++ PPC64 - 64-bit PowerPC ++ PPC - 32-bit PowerPC ++ """ ++@@ -165,6 +167,8 @@ ++ MIPSEL = libseccomp.SCMP_ARCH_MIPSEL ++ MIPSEL64 = libseccomp.SCMP_ARCH_MIPSEL64 ++ MIPSEL64N32 = libseccomp.SCMP_ARCH_MIPSEL64N32 +++ PARISC = libseccomp.SCMP_ARCH_PARISC +++ PARISC64 = libseccomp.SCMP_ARCH_PARISC64 ++ PPC = libseccomp.SCMP_ARCH_PPC ++ PPC64 = libseccomp.SCMP_ARCH_PPC64 ++ PPC64LE = libseccomp.SCMP_ARCH_PPC64LE ++@@ -205,6 +209,10 @@ ++ self._token = libseccomp.SCMP_ARCH_MIPSEL64 ++ elif arch == libseccomp.SCMP_ARCH_MIPSEL64N32: ++ self._token = libseccomp.SCMP_ARCH_MIPSEL64N32 +++ elif arch == libseccomp.SCMP_ARCH_PARISC: +++ self._token = libseccomp.SCMP_ARCH_PARISC +++ elif arch == libseccomp.SCMP_ARCH_PARISC64: +++ self._token = libseccomp.SCMP_ARCH_PARISC64 ++ elif arch == libseccomp.SCMP_ARCH_PPC: ++ self._token = libseccomp.SCMP_ARCH_PPC ++ elif arch == libseccomp.SCMP_ARCH_PPC64: ++Index: libseccomp/tests/26-sim-arch_all_be_basic.c ++=================================================================== ++--- libseccomp.orig/tests/26-sim-arch_all_be_basic.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/tests/26-sim-arch_all_be_basic.c 2016-05-28 19:57:02.042592678 +0200 ++@@ -52,6 +52,12 @@ ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("mips64n32")); ++ if (rc != 0) ++ goto out; +++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc")); +++ if (rc != 0) +++ goto out; +++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("parisc64")); +++ if (rc != 0) +++ goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc")); ++ if (rc != 0) ++ goto out; ++Index: libseccomp/tests/26-sim-arch_all_be_basic.py ++=================================================================== ++--- libseccomp.orig/tests/26-sim-arch_all_be_basic.py 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/tests/26-sim-arch_all_be_basic.py 2016-05-28 19:57:02.046592702 +0200 ++@@ -33,6 +33,8 @@ ++ f.add_arch(Arch("mips")) ++ f.add_arch(Arch("mips64")) ++ f.add_arch(Arch("mips64n32")) +++ f.add_arch(Arch("parisc")) +++ f.add_arch(Arch("parisc64")) ++ f.add_arch(Arch("ppc")) ++ f.add_arch(Arch("ppc64")) ++ f.add_arch(Arch("s390")) ++Index: libseccomp/tests/regression ++=================================================================== ++--- libseccomp.orig/tests/regression 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/tests/regression 2016-05-28 19:57:02.046592702 +0200 ++@@ -28,6 +28,7 @@ ++ ppc64le" ++ GLBL_ARCH_BE_SUPPORT=" \ ++ mips mips64 mips64n32 \ +++ parisc parisc64 \ ++ ppc ppc64 \ ++ s390 s390x" ++ ++@@ -701,7 +702,7 @@ ++ ++ # setup the arch specific return values ++ case "$arch" in ++- x86|x86_64|x32|arm|aarch64|ppc|ppc64|ppc64le|ppc|s390|s390x) +++ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x) ++ rc_kill=159 ++ rc_allow=160 ++ rc_trap=161 ++Index: libseccomp/tools/scmp_arch_detect.c ++=================================================================== ++--- libseccomp.orig/tools/scmp_arch_detect.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/tools/scmp_arch_detect.c 2016-05-28 19:57:02.046592702 +0200 ++@@ -99,6 +99,12 @@ ++ case SCMP_ARCH_MIPSEL64N32: ++ printf("mipsel64n32\n"); ++ break; +++ case SCMP_ARCH_PARISC: +++ printf("parisc\n"); +++ break; +++ case SCMP_ARCH_PARISC64: +++ printf("parisc64\n"); +++ break; ++ case SCMP_ARCH_PPC: ++ printf("ppc\n"); ++ break; ++Index: libseccomp/tools/scmp_bpf_sim.c ++=================================================================== ++--- libseccomp.orig/tools/scmp_bpf_sim.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/tools/scmp_bpf_sim.c 2016-05-28 19:57:02.046592702 +0200 ++@@ -265,6 +265,10 @@ ++ arch = AUDIT_ARCH_MIPS64N32; ++ else if (strcmp(optarg, "mipsel64n32") == 0) ++ arch = AUDIT_ARCH_MIPSEL64N32; +++ else if (strcmp(optarg, "parisc") == 0) +++ arch = AUDIT_ARCH_PARISC; +++ else if (strcmp(optarg, "parisc64") == 0) +++ arch = AUDIT_ARCH_PARISC64; ++ else if (strcmp(optarg, "ppc") == 0) ++ arch = AUDIT_ARCH_PPC; ++ else if (strcmp(optarg, "ppc64") == 0) ++Index: libseccomp/tools/util.c ++=================================================================== ++--- libseccomp.orig/tools/util.c 2016-05-28 19:57:02.050592727 +0200 +++++ libseccomp/tools/util.c 2016-05-28 19:57:02.046592702 +0200 ++@@ -62,6 +62,10 @@ ++ #elif __MIPSEL__ ++ #define ARCH_NATIVE AUDIT_ARCH_MIPSEL64N32 ++ #endif /* _MIPS_SIM_NABI32 */ +++#elif __hppa64__ +++#define ARCH_NATIVE AUDIT_ARCH_PARISC64 +++#elif __hppa__ +++#define ARCH_NATIVE AUDIT_ARCH_PARISC ++ #elif __PPC64__ ++ #ifdef __BIG_ENDIAN__ ++ #define ARCH_NATIVE AUDIT_ARCH_PPC64 diff --cc debian/patches/29-parisc_syscalls_linux49.patch index 0000000,0000000..69533ff new file mode 100644 --- /dev/null +++ b/debian/patches/29-parisc_syscalls_linux49.patch @@@ -1,0 -1,0 +1,40 @@@ ++Description: update syscalls for Linux 4.9 ++Origin: cherry-picked parts from d9102f12fd39bd77151a1f630fcfc8c80f86c55c ++ ++diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c ++index ad50820..4690577 100644 ++--- a/src/arch-parisc-syscalls.c +++++ b/src/arch-parisc-syscalls.c ++@@ -10,7 +10,7 @@ ++ #include "arch.h" ++ #include "arch-parisc.h" ++ ++-/* NOTE: based on Linux 4.5-rc4 */ +++/* NOTE: based on Linux 4.9 */ ++ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "_llseek", 140 }, ++ { "_newselect", 142 }, ++@@ -238,11 +238,15 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "pipe", 42 }, ++ { "pipe2", 313 }, ++ { "pivot_root", 67 }, +++ { "pkey_alloc", __PNR_pkey_alloc }, +++ { "pkey_free", __PNR_pkey_free }, +++ { "pkey_mprotect", __PNR_pkey_mprotect }, ++ { "poll", 168 }, ++ { "ppoll", 274 }, ++ { "prctl", 172 }, ++ { "pread64", 108 }, ++ { "preadv", 315 }, +++ { "preadv2", 347 }, ++ { "prlimit64", 321 }, ++ { "process_vm_readv", 330 }, ++ { "process_vm_writev", 331 }, ++@@ -253,6 +257,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "putpmsg", 197 }, ++ { "pwrite64", 109 }, ++ { "pwritev", 316 }, +++ { "pwritev2", 348 }, ++ { "query_module", 167 }, ++ { "quotactl", 131 }, ++ { "read", 3 }, diff --cc debian/patches/30-parisc_syscalls_linux414.patch index 0000000,0000000..d6102b1 new file mode 100644 --- /dev/null +++ b/debian/patches/30-parisc_syscalls_linux414.patch @@@ -1,0 -1,0 +1,22 @@@ ++Description: arch: add the statx syscall ++Origin: cherry-picked parts from 4793ea990ea80ee26ed63e2a20723fdb417abf5b ++ ++--- a/src/arch-parisc-syscalls.c +++++ b/src/arch-parisc-syscalls.c ++@@ -10,7 +10,7 @@ ++ #include "arch.h" ++ #include "arch-parisc.h" ++ ++-/* NOTE: based on Linux 4.9 */ +++/* NOTE: based on Linux 4.14 */ ++ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "_llseek", 140 }, ++ { "_newselect", 142 }, ++@@ -376,6 +376,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "stat64", 101 }, ++ { "statfs", 99 }, ++ { "statfs64", 298 }, +++ { "statx", 349 }, ++ { "stime", 25 }, ++ { "stty", __PNR_stty }, ++ { "subpage_prot", __PNR_subpage_prot }, diff --cc debian/patches/31-parisc_syscalls_linux415.patch index 0000000,0000000..530fd5f new file mode 100644 --- /dev/null +++ b/debian/patches/31-parisc_syscalls_linux415.patch @@@ -1,0 -1,0 +1,34 @@@ ++Description: arch: update the syscalls for Linux v4.15-rc7 ++Origin: cherry-picked parts from c842c2f6c203ad9da37ca60219172aa0be68d26a ++ ++--- a/src/arch-parisc-syscalls.c +++++ b/src/arch-parisc-syscalls.c ++@@ -10,7 +10,7 @@ ++ #include "arch.h" ++ #include "arch-parisc.h" ++ ++-/* NOTE: based on Linux 4.14 */ +++/* NOTE: based on Linux 4.15-rc7 */ ++ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "_llseek", 140 }, ++ { "_newselect", 142 }, ++@@ -106,6 +106,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "get_mempolicy", 261 }, ++ { "get_robust_list", 290 }, ++ { "get_thread_area", 214 }, +++ { "get_tls", __PNR_get_tls }, ++ { "getcpu", 296 }, ++ { "getcwd", 110 }, ++ { "getdents", 141 }, ++@@ -288,9 +289,11 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ ++ { "rt_sigtimedwait", 177 }, ++ { "rt_tgsigqueueinfo", 317 }, ++ { "rtas", __PNR_rtas }, +++ { "s390_guarded_storage", __PNR_s390_guarded_storage }, ++ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, ++ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, ++ { "s390_runtime_instr", __PNR_s390_runtime_instr }, +++ { "s390_sthyi", __PNR_s390_sthyi }, ++ { "sched_get_priority_max", 159 }, ++ { "sched_get_priority_min", 160 }, ++ { "sched_getaffinity", 212 }, diff --cc debian/patches/series index 0000000,0000000..68ed7c8 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,4 @@@ ++28-parisc_support.patch ++29-parisc_syscalls_linux49.patch ++30-parisc_syscalls_linux414.patch ++31-parisc_syscalls_linux415.patch diff --cc debian/python-seccomp.install index 0000000,0000000..01c56cf new file mode 100644 --- /dev/null +++ b/debian/python-seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/python2.*/site-packages/seccomp.so diff --cc debian/python3-seccomp.install index 0000000,0000000..97a45dc new file mode 100644 --- /dev/null +++ b/debian/python3-seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/python3.*/site-packages/seccomp.cpython-*.so diff --cc debian/rules index 0000000,0000000..75f5402 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,35 @@@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++ ++# Uncomment this to turn on verbose mode. ++#export DH_VERBOSE=1 ++ ++# Enable verbose build details. ++export V=1 ++ ++include /usr/share/dpkg/architecture.mk ++ ++%: ++ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) ++ dh $@ --with python2,python3 ++else ++ dh $@ ++endif ++ ++ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) ++override_dh_auto_configure: ++ dh_auto_configure -- --enable-python ++ ++override_dh_auto_build: ++ PYTHONPATH="/usr/lib/python2.7/plat-${DEB_HOST_GNU_TYPE}$${PYTHONPATH:+:$$PYTHONPATH}" dh_auto_build ++ ++override_dh_auto_install: ++ dh_auto_install ++ set -e && for pyver in `py3versions -s`; do \ ++ _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata_m_${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}' dh_auto_install --sourcedirectory=src/python -- PYTHON=$$pyver; \ ++ done ++endif ++ ++override_dh_auto_clean: ++ dh_auto_clean ++ rm -f regression.out diff --cc debian/seccomp.install index 0000000,0000000..1df36c6 new file mode 100644 --- /dev/null +++ b/debian/seccomp.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/bin/* diff --cc debian/seccomp.manpages index 0000000,0000000..5ea05fe new file mode 100644 --- /dev/null +++ b/debian/seccomp.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/* diff --cc debian/source/format index 0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/tests/control index 0000000,0000000..cd5c8ff new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,3 @@@ ++Tests: testsuite-live ++Depends: libseccomp-dev, build-essential ++Restrictions: isolation-machine diff --cc debian/tests/testsuite-live index 0000000,0000000..538ffb9 new file mode 100644 --- /dev/null +++ b/debian/tests/testsuite-live @@@ -1,0 -1,0 +1,28 @@@ ++#!/bin/sh ++ ++set -eu ++ ++SRCDIR="$(pwd)" ++ ++mkdir "$AUTOPKGTEST_TMP/tests" "$AUTOPKGTEST_TMP/tools" ++cp -a tests/. "$AUTOPKGTEST_TMP/tests/" ++ ++cd "$AUTOPKGTEST_TMP/tests" ++ ++# manually build necessary files against the installed libseccomp ++ ++# build live tests ++for filename in *-live-*.tests; do ++ testname=$(echo "$filename" | cut -f 1 -d '.') ++ echo "Building $testname ..." ++ gcc -O2 -g "${testname}.c" util.c -lseccomp -o "$testname" ++done ++ ++# build tools needed for tests ++for tool in scmp_arch_detect scmp_sys_resolver; do ++ echo "Building $tool ..." ++ gcc -O2 -g "$SRCDIR/tools/$tool.c" "$SRCDIR/tools/util.c" -lseccomp -o ../tools/$tool ++done ++ ++echo "Running test suite ..." ++./regression -T live diff --cc debian/watch index 0000000,0000000..5689edc new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,6 @@@ ++# See uscan(1) for format ++version=3 ++opts=dversionmangle=s/\+dfsg// \ ++https://github.com/seccomp/libseccomp/releases \ ++ /download/v.*/libseccomp-(.*)\.tar\.gz \ ++ debian uupdate