# # spec file for package libseccomp # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define lname libseccomp2 Name: libseccomp Version: 2.4.2 Release: 3.1 Summary: A Seccomp (mode 2) helper library License: LGPL-2.1-only Group: Development/Libraries/C and C++ URL: https://github.com/seccomp/libseccomp Source: https://github.com/seccomp/libseccomp/releases/download/v%version/libseccomp-%version.tar.gz # no fitting key found #Source2: https://github.com/seccomp/libseccomp/releases/download/v%version/libseccomp-%version.tar.gz.asc Source3: %name.keyring Source99: baselibs.conf Patch1: no-static.diff Patch2: libseccomp-fix_aarch64-test.patch Patch3: SNR_ppoll.patch BuildRequires: autoconf BuildRequires: automake >= 1.11 BuildRequires: fdupes BuildRequires: libtool >= 2 BuildRequires: pkgconfig %description The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. The libseccomp API abstracts away the underlying BPF-based syscall filter language and presents a more conventional function-call based filtering interface. %package -n %lname Summary: An enhanced Seccomp (mode 2) helper library Group: System/Libraries %description -n %lname The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. The libseccomp API abstracts away the underlying BPF-based syscall filter language and presents a more conventional function-call based filtering interface. %package -n python-%name Summary: Python bindings for Seccomp (mode 2) Group: Development/Languages/Python %description -n python-%name The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. The libseccomp API abstracts away the underlying BPF-based syscall filter language and presents a more conventional function-call based filtering interface. %package devel Summary: Development files for libseccomp, an enhanced Seccomp (mode 2) helper library Group: Development/Libraries/C and C++ Requires: %lname = %version %description devel The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. The libseccomp API abstracts away the underlying BPF-based syscall filter language and presents a more conventional function-call based filtering interface. This package contains the development files for libseccomp. %package tools Summary: Utilities for the seccomp API Group: Development/Tools/Debuggers %description tools The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. This subpackage contains debug utilities for the seccomp interface. %prep %autosetup -p1 %build if [ ! -f configure ]; then perl -i -pe 's{\QAC_INIT([libseccomp], [0.0.0])\E}{AC_INIT([libseccomp], [%version])}' configure.ac fi autoreconf -fiv %configure \ --includedir="%_includedir/%name" \ --disable-static \ --disable-silent-rules make %{?_smp_mflags} %install %make_install find "%buildroot/%_libdir" -type f -name "*.la" -delete %fdupes %buildroot/%_prefix %check make check %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files -n %lname %_libdir/%name.so.2* %license LICENSE %files devel %_mandir/man3/seccomp_*.3* %_includedir/%name/ %_libdir/%name.so %_libdir/pkgconfig/%name.pc %files tools %_bindir/scmp_sys_resolver %_mandir/man1/scmp_sys_resolver.1* %changelog * Mon Feb 17 2020 Tomáš Chvátal - Add patch to fix ntpsec and others build (accidental drop of symbols): * SNR_ppoll.patch * Tue Jan 7 2020 Andreas Schwab - Tests are passing on all architectures * Mon Jan 6 2020 Guillaume GARDET - Backport patch to fix test on aarch64: * libseccomp-fix_aarch64-test.patch * Thu Dec 19 2019 Jan Engelhardt - Update to release 2.4.2 * Add support for io-uring related system calls * Wed Jul 24 2019 Michel Normand - ignore make check error for ppc64/ppc64le, bypass boo#1142614 * Sun Jun 2 2019 Jan Engelhardt - Update to new upstream release 2.4.1 * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. * Sun Mar 17 2019 Marcus Meissner - updated to 2.4.0 (bsc#1128828 CVE-2019-9893) - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92%% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates - now gpg signed, added key of Paul Moore from keyserver. * Mon Jan 14 2019 kukuk@suse.de - Use %%license instead of %%doc [bsc#1082318] * Sat Feb 24 2018 asarai@suse.com - Update to release 2.3.3: * Updated the syscall table for Linux v4.15-rc7 * Sun May 21 2017 jengelh@inai.de - Unconditionally rerun autoreconf because of patches * Sun May 21 2017 tchvatal@suse.com - Update to release 2.3.2: * Achieved full compliance with the CII Best Practices program * Added Travis CI builds to the GitHub repository * Added code coverage reporting with the "--enable-code-coverage" configure flag and added Coveralls to the GitHub repository * Updated the syscall tables to match Linux v4.10-rc6+ * Support for building with Python v3.x * Allow rules with the -1 syscall if the SCMP\_FLTATR\_API\_TSKIP attribute is set to true * Several small documentation fixes - Remove service file as we are not based on git * Sat May 7 2016 jengelh@inai.de - Update to new upstream release 2.3.1 * arch: fix the multiplexed ipc() syscalls * s390: handle multiplexed syscalls correctly - Remove 0001-arch-fix-a-number-of-32-bit-x86-failures-related-to-.patch, 0001-tests-replace-socket-syscall-references-in-15-basic-.patch (fixed upstream) * Tue Apr 19 2016 jengelh@inai.de - Add 0001-tests-replace-socket-syscall-references-in-15-basic-.patch * Sun Apr 10 2016 jengelh@inai.de - Add 0001-arch-fix-a-number-of-32-bit-x86-failures-related-to-.patch * Wed Mar 23 2016 meissner@suse.com - updated to final 2.3.0 release - builderror-k316.diff: fixed upstream - i586 testsuite fails, disable for now * Wed Feb 24 2016 jengelh@inai.de - Update to git snapshot 2.3.0~g96 * have libseccomp build with newer linux-glibc-devel; "multiplexed and direct socket syscalls" - Drop libseccomp-s390x-support.patch, libseccomp-ppc64le.patch (no longer apply - merged upstream) - Add builderror-k316.diff * Fri Sep 25 2015 dimstar@opensuse.org - Add baselibs.conf: systemd-32bit-224+ links against libseccomp.so.2. * Mon Aug 31 2015 jengelh@inai.de - Update to new upstream release 2.2.3 * Fix a problem with the masked equality operator * Fix a problem on x86_64/x32 involving invalid architectures * Fix a problem with the ARM specific syscalls * Sat May 30 2015 jengelh@inai.de - Update to new upstream release 2.2.1 * Fix a problem with syscall argument filtering on 64-bit systems * Fix some problems with the 32-bit ARM syscall table - Drop 0001-tools-add-the-missing-elf.h-header-file.patch, libseccomp-arm-syscall-fixes.patch (applied upstream) * Mon Apr 13 2015 dvaleev@suse.com - Fix ppc64le build: libseccomp-ppc64le.patch * Fri Apr 10 2015 afaerber@suse.de - Fix some arm syscall constants libseccomp-arm-syscall-fixes.patch * Sun Mar 29 2015 jengelh@inai.de - Update to new upstream release 2.2.0 * Added support for aarch64, mips, mips64, mips64n32 (BE/LE). * Added support for using the new seccomp() syscall and the thread sync functionality. * Added Python bindings - Remove 0001-build-use-autotools-as-build-system.patch (merged). Add no-static.diff. Add 0001-tools-add-the-missing-elf.h-header-file.patch * Sat Jul 12 2014 meissner@suse.com - updated ppc64le patch * Wed Mar 5 2014 meissner@suse.com - libseccomp-s390x-support.patch: support s390,s390x,ppc,ppc64 too. bnc#866526 (arm64 not yet done) - disabled testsuite on the new platforms, as there are still some failures. s390 32bit: passed: 3823 / failed: 91 / errored: 43 s390x: passed: 2410 / failed: 879 / errored: 68 ppc64le: passed: 3914 / failed: 0 / errored: 43 * Tue Jun 18 2013 jengelh@inai.de - Update to new upstream release 2.1.0 * Add support for the x32 and ARM architectures * More verbose PFC output, including translation of syscall numbers to names * Several assorted bugfixes affecting the seccomp BPF generation * The syscall number/name resolver tool is now installed * Fixes for the x86 multiplexed syscalls * Additions to the API to better support non-native architecures * Additions to the API to support multiple architecures in one filter * Additions to the API to resolve syscall name/number mappings - Remove 0001-build-use-ac-variables-in-pkgconfig-file.patch (merged into 0001-build-use-autotools-as-build-system.patch) * Fri Dec 21 2012 jengelh@inai.de - Make 0001-build-use-autotools-as-build-system.patch apply again * Fri Dec 14 2012 dvaleev@suse.com - code is only x86 capable. Set ExclusiveArch: %%{ix86} x86_64 * Thu Nov 15 2012 jengelh@inai.de - Restore autotools patch (0001-build-use-autotools-as-build-system.patch) that was previously embodied in the files in the tarball * Tue Nov 13 2012 meissner@suse.com - updated to 1.0.1 release - The header file is now easier to use with C++ compilers - Minor documentation fixes - Minor memory leak fixes - Corrected x86 filter generation on x86_64 systems - Corrected problems with small filters and filters with arguments - use public downloadable tarball * Sat Sep 8 2012 jengelh@inai.de - Initial package (version 1.0.0) for build.opensuse.org