projects / libseccomp.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
libseccomp.git
8 months ago[PATCH] api: fix seccomp_export_bpf_mem out-of-bounds read
commit | commitdiff | tree
Alyssa Ross [Thu, 13 Feb 2025 11:05:17 +0000 (12:05 +0100)]
[PATCH] api: fix seccomp_export_bpf_mem out-of-bounds read

*len is the length of the destination buffer, but program->blks is
probably not anywhere near that long.  It's already been checked above
that BPF_PGM_SIZE(program) is less than or equal to *len, so that's
the correct value to use here to avoid either reading or writing too
much.

I noticed this because tests/11-basic-basic_errors started failing on
musl after e797591 ("all: add seccomp_precompute() functionality").

Signed-off-by: Alyssa Ross <hi@alyssa.is>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Gbp-Pq: Name api_fix_seccomp_export_bpf_mem_out-of-bounds_read.patch

8 months ago[PATCH] tests: remove the fuzzer from test 62-sim-arch_transactions
commit | commitdiff | tree
Paul Moore [Sat, 25 Jan 2025 16:12:55 +0000 (11:12 -0500)]
[PATCH] tests: remove the fuzzer from test 62-sim-arch_transactions

We can't reliably run the bpf-sim-fuzz tests on tests which manipulate
the filters arch/ABIs unless the filter is safe to run on all arch/ABIs,
which is more or less impossible.  Remove the bpf-sim-fuzz test section
in test #62 to work around this, just as we do with the other similar
tests.

Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
(cherry picked from commit 7db46d72f13c172b290818f624c2966bd0db5677)

Gbp-Pq: Name tests_remove_the_fuzzer_from_test_62-sim-arch_transactions.patch

8 months agopython_single_version_externally_managed
commit | commitdiff | tree
Kees Cook [Thu, 20 Mar 2025 21:12:14 +0000 (22:12 +0100)]
python_single_version_externally_managed

Fix building with setuptools instead of distutils.

Gbp-Pq: Name python_single_version_externally_managed.patch

8 months agolibseccomp (2.6.0-2) unstable; urgency=medium
commit | commitdiff | tree
Felix Geyer [Thu, 20 Mar 2025 21:12:14 +0000 (22:12 +0100)]
libseccomp (2.6.0-2) unstable; urgency=medium

  * Upload to unstable.
  * Disable valgrind unit tests, it's not stable enough.
  * Cherry-pick upstream fixes:
    - tests_remove_the_fuzzer_from_test_62-sim-arch_transactions.patch
    - hash_fix_strict_aliasing_UB_in_MurMur_hash_implementation.patch
    - api_fix_seccomp_export_bpf_mem_out-of-bounds_read.patch

[dgit import unpatched libseccomp 2.6.0-2]

8 months agoImport libseccomp_2.6.0-2.debian.tar.xz
commit | commitdiff | tree
Felix Geyer [Thu, 20 Mar 2025 21:12:14 +0000 (22:12 +0100)]
Import libseccomp_2.6.0-2.debian.tar.xz

[dgit import tarball libseccomp 2.6.0-2 libseccomp_2.6.0-2.debian.tar.xz]

10 months agoImport libseccomp_2.6.0.orig.tar.gz
commit | commitdiff | tree
Felix Geyer [Fri, 24 Jan 2025 21:10:51 +0000 (22:10 +0100)]
Import libseccomp_2.6.0.orig.tar.gz

[dgit import orig libseccomp_2.6.0.orig.tar.gz]

Unnamed repository; edit this file 'description' to name the repository.