From 78b835acc4865baff4f2c3a87c487a5ccf884adc Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sat, 12 Apr 2014 18:44:22 +0100 Subject: [PATCH 1/1] Import libseccomp_2.1.1-1.debian.tar.xz [dgit import tarball libseccomp 2.1.1-1 libseccomp_2.1.1-1.debian.tar.xz] --- changelog | 79 +++++++++++++++++++++++++++++++++++ compat | 1 + control | 41 ++++++++++++++++++ copyright | 40 ++++++++++++++++++ docs | 1 + libseccomp-dev.install | 3 ++ libseccomp-dev.manpages | 1 + libseccomp2.install | 1 + libseccomp2.symbols | 69 ++++++++++++++++++++++++++++++ patches/build-ldflags.patch | 42 +++++++++++++++++++ patches/manpage-typo.patch | 16 +++++++ patches/pkgconfig-macro.patch | 26 ++++++++++++ patches/series | 3 ++ rules | 26 ++++++++++++ seccomp.install | 1 + seccomp.manpages | 1 + source/format | 1 + watch | 5 +++ 18 files changed, 357 insertions(+) create mode 100644 changelog create mode 100644 compat create mode 100644 control create mode 100644 copyright create mode 100644 docs create mode 100644 libseccomp-dev.install create mode 100644 libseccomp-dev.manpages create mode 100644 libseccomp2.install create mode 100644 libseccomp2.symbols create mode 100644 patches/build-ldflags.patch create mode 100644 patches/manpage-typo.patch create mode 100644 patches/pkgconfig-macro.patch create mode 100644 patches/series create mode 100755 rules create mode 100644 seccomp.install create mode 100644 seccomp.manpages create mode 100644 source/format create mode 100644 watch diff --git a/changelog b/changelog new file mode 100644 index 0000000..8768ef3 --- /dev/null +++ b/changelog @@ -0,0 +1,79 @@ +libseccomp (2.1.1-1) unstable; urgency=low + + * New upstream release (Closes: 733293). + * copyright: add a few missed people. + * rules: adjusted for new test target. + * libseccomp2.symbols: drop accidentally exported functions. + * control: + - bump standards, no changes needed. + - add armel target + + -- Kees Cook Sat, 12 Apr 2014 10:44:22 -0700 + +libseccomp (2.1.0+dfsg-1) unstable; urgency=low + + * Rebuild source package without accidental binaries (Closes: 725617). + - debian/watch: mangle upstream version check. + * debian/rules: make tests non-fatal while upstream fixes them + (Closes: 721292). + + -- Kees Cook Sun, 06 Oct 2013 15:05:51 -0700 + +libseccomp (2.1.0-1) unstable; urgency=low + + * New upstream release (Closes: 718398): + - dropped debian/patches/manpage-dashes.patch: taken upstream. + - dropped debian/patches/include-unistd.patch: not needed. + - debian/patches/testsuite-x86-write.patch: taken upstream. + - ABI bump: moved from libseccomp1 to libseccomp2. + * debian/control: + - added Arch: armhf, now supported upstream. + - added seccomp binary package for helper tools. + * Added debian/patches/manpage-typo.patch: spelling fix. + * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling. + + -- Kees Cook Tue, 13 Aug 2013 00:02:01 -0700 + +libseccomp (1.0.1-2) unstable; urgency=low + + * debian/rules: enable testsuite at build time, thanks to + Stéphane Graber (Closes: 698803). + * Added debian/patches/include-unistd.patch: detect location of + asm/unistd.h correctly. + * Added debian/patches/testsuite-x86-write.patch: skip the "write" + syscall correctly on x86. + * debian/control: bump standards to 3.9.4, no changes needed. + + -- Kees Cook Wed, 23 Jan 2013 13:11:53 -0800 + +libseccomp (1.0.1-1) unstable; urgency=low + + * New upstream release. + * debian/control: only build on amd64 and i386 (Closes: 687368). + + -- Kees Cook Fri, 07 Dec 2012 11:38:03 -0800 + +libseccomp (1.0.0-1) unstable; urgency=low + + * New upstream release. + - bump ABI. + - drop build verbosity patch, use upstream V=1 instead. + * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471). + * debian/patches/pkgconfig-macro.patch: use literals for macro. + + -- Kees Cook Fri, 03 Aug 2012 16:59:41 -0700 + +libseccomp (0.1.0-1) unstable; urgency=low + + * New upstream release. + - drop patches taken upstream: + - libexecdir.patch + - pass-flags.patch + + -- Kees Cook Fri, 08 Jun 2012 12:32:22 -0700 + +libseccomp (0.0.0~20120605-1) unstable; urgency=low + + * Initial release (Closes: #676257). + + -- Kees Cook Tue, 05 Jun 2012 11:28:07 -0700 diff --git a/compat b/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +9 diff --git a/control b/control new file mode 100644 index 0000000..5cb7aab --- /dev/null +++ b/control @@ -0,0 +1,41 @@ +Source: libseccomp +Section: libs +Priority: optional +Maintainer: Kees Cook +Build-Depends: debhelper (>= 9), linux-libc-dev +Standards-Version: 3.9.5 +Homepage: https://sourceforge.net/projects/libseccomp/ + +Package: libseccomp-dev +Section: libdevel +Architecture: i386 amd64 armhf armel +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: libseccomp2 (= ${binary:Version}), ${misc:Depends} +Suggests: seccomp +Description: high level interface to Linux seccomp filter (development files) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + . + This package contains the development files. + +Package: libseccomp2 +Architecture: i386 amd64 armhf armel +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: high level interface to Linux seccomp filter + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + +Package: seccomp +Section: utils +Architecture: i386 amd64 armhf armel +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: libseccomp-dev +Description: helper tools for high level interface to Linux seccomp filter + Provides helper tools for interacting with libseccomp. Currently, only + a single tool exists, providing a way to easily enumerate syscalls across + the supported architectures. diff --git a/copyright b/copyright new file mode 100644 index 0000000..b958506 --- /dev/null +++ b/copyright @@ -0,0 +1,40 @@ +Format: http://dep.debian.net/deps/dep5 +Upstream-Name: libseccomp +Source: https://sourceforge.net/projects/libseccomp/ + +Files: * +Copyright: 2012 Paul Moore + 2012 Ashley Lai + 2012 Corey Bryant + 2012 Eduardo Otubo + 2012 Eric Paris +License: LGPL-2.0+ + +Files: tests/22-sim-basic_chains_array.tests +Copyright: 2013 Vitaly Shukela +License: LGPL-2.0+ + +Files: src/hash.* +Copyright: 2006 Bob Jenkins +License: LGPL-2.0+ + +Files: debian/* +Copyright: 2012 Kees Cook +License: LGPL-2.0+ + +License: LGPL-2.0+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2". diff --git a/docs b/docs new file mode 100644 index 0000000..e845566 --- /dev/null +++ b/docs @@ -0,0 +1 @@ +README diff --git a/libseccomp-dev.install b/libseccomp-dev.install new file mode 100644 index 0000000..7df81cd --- /dev/null +++ b/libseccomp-dev.install @@ -0,0 +1,3 @@ +usr/include/* +usr/lib/*/lib*.so +usr/lib/*/pkgconfig/* diff --git a/libseccomp-dev.manpages b/libseccomp-dev.manpages new file mode 100644 index 0000000..7c72677 --- /dev/null +++ b/libseccomp-dev.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* diff --git a/libseccomp2.install b/libseccomp2.install new file mode 100644 index 0000000..3ddde58 --- /dev/null +++ b/libseccomp2.install @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* diff --git a/libseccomp2.symbols b/libseccomp2.symbols new file mode 100644 index 0000000..76dd566 --- /dev/null +++ b/libseccomp2.symbols @@ -0,0 +1,69 @@ +libseccomp.so.2 libseccomp2 #MINVER# + arch_arg_count_max@Base 0.0.0~20120605 + arch_arg_offset_hi@Base 0.0.0~20120605 + arch_arg_offset_lo@Base 0.0.0~20120605 + arch_def_native@Base 0.0.0~20120605 + arch_filter_rewrite@Base 0.0.0~20120605 + arch_syscall_rewrite@Base 0.0.0~20120605 + db_action_valid@Base 0.0.0~20120605 + db_init@Base 0.0.0~20120605 + db_release@Base 0.0.0~20120605 + db_reset@Base 1.0.0 + db_rule_add@Base 0.0.0~20120605 + db_syscall_priority@Base 0.0.0~20120605 + gen_bpf_generate@Base 0.0.0~20120605 + gen_bpf_release@Base 0.0.0~20120605 + gen_pfc_generate@Base 0.0.0~20120605 + jhash@Base 0.0.0~20120605 + seccomp_attr_get@Base 0.0.0~20120605 + seccomp_attr_set@Base 0.0.0~20120605 + seccomp_export_bpf@Base 0.0.0~20120605 + seccomp_export_pfc@Base 0.0.0~20120605 + seccomp_init@Base 0.0.0~20120605 + seccomp_load@Base 0.0.0~20120605 + seccomp_release@Base 0.0.0~20120605 + seccomp_reset@Base 0.0.0~20120605 + seccomp_rule_add@Base 0.0.0~20120605 + seccomp_rule_add_exact@Base 0.0.0~20120605 + seccomp_syscall_priority@Base 0.0.0~20120605 + seccomp_syscall_resolve_name@Base 1.0.1 + x86_64_syscall_table@Base 1.0.1 + seccomp_merge@Base 1.0.1 + seccomp_arch_add@Base 1.0.1 + seccomp_arch_exist@Base 1.0.1 + seccomp_arch_remove@Base 1.0.1 + arch_def_lookup@Base 1.0.1 + arch_def_x86_64@Base 1.0.1 + arch_syscall_resolve_name@Base 1.0.1 + arch_syscall_resolve_num@Base 1.0.1 + arch_syscall_translate@Base 1.0.1 + arch_valid@Base 1.0.1 + db_col_arch_exist@Base 1.0.1 + db_col_attr_get@Base 1.0.1 + db_col_attr_set@Base 1.0.1 + db_col_db_add@Base 1.0.1 + db_col_db_remove@Base 1.0.1 + db_col_init@Base 1.0.1 + db_col_merge@Base 1.0.1 + db_col_release@Base 1.0.1 + db_col_reset@Base 1.0.1 + db_col_valid@Base 1.0.1 + arch_def_arm@Base 2.1.0 + arch_def_x32@Base 2.1.0 + arch_def_x86@Base 2.1.0 + arm_syscall_resolve_name@Base 2.1.0 + arm_syscall_resolve_num@Base 2.1.0 + arm_syscall_table@Base 2.1.0 + seccomp_arch_native@Base 2.1.0 + seccomp_rule_add_array@Base 2.1.0 + seccomp_rule_add_exact_array@Base 2.1.0 + seccomp_syscall_resolve_name_arch@Base 2.1.0 + seccomp_syscall_resolve_num_arch@Base 2.1.0 + x32_syscall_resolve_name@Base 2.1.0 + x32_syscall_resolve_num@Base 2.1.0 + x86_64_syscall_resolve_name@Base 2.1.0 + x86_64_syscall_resolve_num@Base 2.1.0 + x86_filter_rewrite@Base 2.1.0 + x86_syscall_resolve_name@Base 2.1.0 + x86_syscall_resolve_num@Base 2.1.0 + x86_syscall_rewrite@Base 2.1.0 diff --git a/patches/build-ldflags.patch b/patches/build-ldflags.patch new file mode 100644 index 0000000..a5a2fbd --- /dev/null +++ b/patches/build-ldflags.patch @@ -0,0 +1,42 @@ +Description: LIBFLAGS are for libraries, LDFLAGS are for linker arguments. +Author: Kees Cook + +Index: libseccomp-2.1.0/macros.mk +=================================================================== +--- libseccomp-2.1.0.orig/macros.mk 2013-08-13 00:55:29.615739819 -0700 ++++ libseccomp-2.1.0/macros.mk 2013-08-13 01:00:12.123634186 -0700 +@@ -136,7 +136,7 @@ + ifeq ($(V),0) + COMPILE_EXEC = @echo " CC $@"; + endif +-COMPILE_EXEC += $(GCC) $(CFLAGS) $(CPPFLAGS) -o $@ $< $(LDFLAGS); ++COMPILE_EXEC += $(GCC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBFLAGS); + + ifeq ($(V),0) + ARCHIVE = @echo " AR $@"; +Index: libseccomp-2.1.0/tools/Makefile +=================================================================== +--- libseccomp-2.1.0.orig/tools/Makefile 2013-05-29 11:46:02.000000000 -0700 ++++ libseccomp-2.1.0/tools/Makefile 2013-08-13 00:58:11.025965101 -0700 +@@ -32,7 +32,7 @@ + include $(TOPDIR)/configure.mk + include $(TOPDIR)/install.mk + +-LDFLAGS := ../src/libseccomp.a ++LIBFLAGS := ../src/libseccomp.a + + TOOLS = scmp_bpf_disasm \ + scmp_bpf_sim \ +Index: libseccomp-2.1.0/tests/Makefile +=================================================================== +--- libseccomp-2.1.0.orig/tests/Makefile 2013-05-23 13:53:11.000000000 -0700 ++++ libseccomp-2.1.0/tests/Makefile 2013-08-13 00:59:44.707256337 -0700 +@@ -34,7 +34,7 @@ + + OBJS = util.o + +-LDFLAGS := ../src/libseccomp.a $(OBJS) ++LIBFLAGS := ../src/libseccomp.a $(OBJS) + + TEST_PRIVATE = 00-test + diff --git a/patches/manpage-typo.patch b/patches/manpage-typo.patch new file mode 100644 index 0000000..6a747c5 --- /dev/null +++ b/patches/manpage-typo.patch @@ -0,0 +1,16 @@ +Description: fix typo in manpage, noticed by lintian. +Author: Kees Cook + +Index: libseccomp-2.1.0/doc/man/man1/scmp_sys_resolver.1 +=================================================================== +--- libseccomp-2.1.0.orig/doc/man/man1/scmp_sys_resolver.1 2013-05-29 11:46:16.000000000 -0700 ++++ libseccomp-2.1.0/doc/man/man1/scmp_sys_resolver.1 2013-08-13 00:34:46.002565608 -0700 +@@ -37,7 +37,7 @@ + values are "x86", "x86_64", "x32", and "arm". + .TP + .B \-t +-If neccessary, translate the system call name to the proper system call number, ++If necessary, translate the system call name to the proper system call number, + even if the system call name is different, e.g. socket(2) on x86. + .TP + .B \-h diff --git a/patches/pkgconfig-macro.patch b/patches/pkgconfig-macro.patch new file mode 100644 index 0000000..9531053 --- /dev/null +++ b/patches/pkgconfig-macro.patch @@ -0,0 +1,26 @@ +Description: this bash trick doesn't work for some reason, so just replace + with the needed literal "libseccomp.pc" instead. +Author: Kees Cook + +Index: libseccomp-2.1.0/macros.mk +=================================================================== +--- libseccomp-2.1.0.orig/macros.mk 2013-08-13 00:02:48.756235141 -0700 ++++ libseccomp-2.1.0/macros.mk 2013-08-13 00:02:48.752235086 -0700 +@@ -185,15 +185,13 @@ + + ifeq ($(V),0) + INSTALL_PC_MACRO = \ +- @echo " INSTALL $$(cat /proc/$$$$/cmdline | awk '{print $$(NF)}')" \ +- " ($(INSTALL_LIB_DIR)/pkgconfig)"; ++ @echo " INSTALL libseccomp.pc ($(INSTALL_LIB_DIR)/pkgconfig)"; + endif + INSTALL_PC_MACRO += \ + $(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) \ + -d "$(INSTALL_LIB_DIR)/pkgconfig"; \ + $(INSTALL) -o $(INSTALL_OWNER) -g $(INSTALL_GROUP) -m 0644 \ +- "$$(cat /proc/$$$$/cmdline | awk '{print $$(NF)}')" \ +- "$(INSTALL_LIB_DIR)/pkgconfig"; \# ++ "libseccomp.pc" "$(INSTALL_LIB_DIR)/pkgconfig"; \# + + ifeq ($(V),0) + INSTALL_INC_MACRO = @echo " INSTALL $^ ($(INSTALL_INC_DIR))"; diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..6a3a8b1 --- /dev/null +++ b/patches/series @@ -0,0 +1,3 @@ +pkgconfig-macro.patch +manpage-typo.patch +build-ldflags.patch diff --git a/rules b/rules new file mode 100755 index 0000000..2606ba6 --- /dev/null +++ b/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +# Enable verbose build details. +export V=1 + +%: + dh $@ --parallel + +override_dh_auto_clean: + $(MAKE) dist-clean + rm -f regression.out + +override_dh_auto_configure: + ./configure --prefix=/usr \ + --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) + +override_dh_auto_test: +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + make check 2>&1 | tee regression.out && \ + grep -q "^ tests failed: 0" regression.out || true +endif diff --git a/seccomp.install b/seccomp.install new file mode 100644 index 0000000..1df36c6 --- /dev/null +++ b/seccomp.install @@ -0,0 +1 @@ +usr/bin/* diff --git a/seccomp.manpages b/seccomp.manpages new file mode 100644 index 0000000..5ea05fe --- /dev/null +++ b/seccomp.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/* diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/watch b/watch new file mode 100644 index 0000000..157348e --- /dev/null +++ b/watch @@ -0,0 +1,5 @@ +# See uscan(1) for format +version=3 +opts=dversionmangle=s/\+dfsg// \ +http://sf.net/libseccomp/libseccomp-(.*)\.tar\.gz \ + debian uupdate -- 2.30.2