From c630d5476d7b4aeecf4c8abefdc3f7f7adce1a50 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 11 Dec 2019 13:51:56 +0800 Subject: libseccomp: upgrade 2.4.1 -> 2.4.2 Backport a patch to fix ptest build failure on arm64. Signed-off-by: Yi Zhao Signed-off-by: Armin Kuster --- ...on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch | 45 ++++++++++++++++++++++ recipes-security/libseccomp/libseccomp_2.4.1.bb | 43 --------------------- recipes-security/libseccomp/libseccomp_2.4.2.bb | 44 +++++++++++++++++++++ 3 files changed, 89 insertions(+), 43 deletions(-) create mode 100644 recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch delete mode 100644 recipes-security/libseccomp/libseccomp_2.4.1.bb create mode 100644 recipes-security/libseccomp/libseccomp_2.4.2.bb diff --git a/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch b/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch new file mode 100644 index 0000000..a53433f --- /dev/null +++ b/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch @@ -0,0 +1,45 @@ +From 1ecdddb2a5b61cf527d1f238f88a9d129239f87a Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Tue, 5 Nov 2019 15:11:11 -0500 +Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls + +We recently changed how libseccomp handles syscall numbers that are +not defined natively, but we missed test #15. + +Acked-by: Tom Hromatka +Signed-off-by: Paul Moore + +Upstream-Status: Backport +[https://github.com/seccomp/libseccomp/commit/1ecdddb2a5b61cf527d1f238f88a9d129239f87a] + +Signed-off-by: Yi Zhao +--- + tests/15-basic-resolver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c +index 6badef1..0c1eefe 100644 +--- a/tests/15-basic-resolver.c ++++ b/tests/15-basic-resolver.c +@@ -55,15 +55,15 @@ int main(int argc, char *argv[]) + unsigned int arch; + char *name = NULL; + +- if (seccomp_syscall_resolve_name("open") != __NR_open) ++ if (seccomp_syscall_resolve_name("open") != __SNR_open) + goto fail; +- if (seccomp_syscall_resolve_name("read") != __NR_read) ++ if (seccomp_syscall_resolve_name("read") != __SNR_read) + goto fail; + if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) + goto fail; + + rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); +- if (rc != __NR_openat) ++ if (rc != __SNR_openat) + goto fail; + + while ((arch = arch_list[iter++]) != -1) { +-- +2.17.1 + diff --git a/recipes-security/libseccomp/libseccomp_2.4.1.bb b/recipes-security/libseccomp/libseccomp_2.4.1.bb deleted file mode 100644 index 37a7982..0000000 --- a/recipes-security/libseccomp/libseccomp_2.4.1.bb +++ /dev/null @@ -1,43 +0,0 @@ -SUMMARY = "interface to seccomp filtering mechanism" -DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." -SECTION = "security" -LICENSE = "LGPL-2.1" -LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f" - -SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3" - -SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \ - file://run-ptest \ -" - -S = "${WORKDIR}/git" - -inherit autotools-brokensep pkgconfig ptest - -PACKAGECONFIG ??= "" -PACKAGECONFIG[python] = "--enable-python, --disable-python, python" - -DISABLE_STATIC = "" - -do_compile_ptest() { - oe_runmake -C tests check-build -} - -do_install_ptest() { - install -d ${D}${PTEST_PATH}/tests - install -d ${D}${PTEST_PATH}/tools - for file in $(find tests/* -executable -type f); do - install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests - done - for file in $(find tests/*.tests -type f); do - install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests - done - for file in $(find tools/* -executable -type f); do - install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools - done -} - -FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*" -FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug" - -RDEPENDS_${PN}-ptest = "bash" diff --git a/recipes-security/libseccomp/libseccomp_2.4.2.bb b/recipes-security/libseccomp/libseccomp_2.4.2.bb new file mode 100644 index 0000000..07db82a --- /dev/null +++ b/recipes-security/libseccomp/libseccomp_2.4.2.bb @@ -0,0 +1,44 @@ +SUMMARY = "interface to seccomp filtering mechanism" +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." +SECTION = "security" +LICENSE = "LGPL-2.1" +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f" + +SRCREV = "1b6cfd1fc0b7499a28c24299a93a80bd18619563" + +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \ + file://0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch \ + file://run-ptest \ +" + +S = "${WORKDIR}/git" + +inherit autotools-brokensep pkgconfig ptest + +PACKAGECONFIG ??= "" +PACKAGECONFIG[python] = "--enable-python, --disable-python, python" + +DISABLE_STATIC = "" + +do_compile_ptest() { + oe_runmake -C tests check-build +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + install -d ${D}${PTEST_PATH}/tools + for file in $(find tests/* -executable -type f); do + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests + done + for file in $(find tests/*.tests -type f); do + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests + done + for file in $(find tools/* -executable -type f); do + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools + done +} + +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*" +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug" + +RDEPENDS_${PN}-ptest = "bash" -- cgit v1.2.3-54-g00ecf