diff --git a/0001-api-define-__SNR_ppoll-again.patch b/0001-api-define-__SNR_ppoll-again.patch new file mode 100644 index 0000000..7dc8bce --- /dev/null +++ b/0001-api-define-__SNR_ppoll-again.patch @@ -0,0 +1,44 @@ +From e3647f5b6b52996bf30d0c2c1d1248e4182e1c1c Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Wed, 13 Nov 2019 13:36:10 +0100 +Subject: [PATCH] api: define __SNR_ppoll again + +Commit bf747eb21e428c2b3ead6ebcca27951b681963a0 accidentally removed the +__SNR_ppoll definition. Add it back, using a PNR value if disabled in +the kernel headers. + +Signed-off-by: Miroslav Lichvar +Acked-by: Tom Hromatka +Signed-off-by: Paul Moore +--- + include/seccomp-syscalls.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h +index 6457592..3c958df 100644 +--- a/include/seccomp-syscalls.h ++++ b/include/seccomp-syscalls.h +@@ -272,6 +272,7 @@ + #define __PNR_timerfd_gettime64 -10238 + #define __PNR_timerfd_settime64 -10239 + #define __PNR_utimensat_time64 -10240 ++#define __PNR_ppoll -10241 + + /* + * libseccomp syscall definitions +@@ -1359,6 +1360,12 @@ + #define __SNR_poll __PNR_poll + #endif + ++#ifdef __NR_ppoll ++#define __SNR_ppoll __NR_ppoll ++#else ++#define __SNR_ppoll __PNR_ppoll ++#endif ++ + #ifdef __NR_ppoll_time64 + #define __SNR_ppoll_time64 __NR_ppoll_time64 + #else +-- +2.23.0 + diff --git a/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch b/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch new file mode 100644 index 0000000..d978f32 --- /dev/null +++ b/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch @@ -0,0 +1,40 @@ +From 1ecdddb2a5b61cf527d1f238f88a9d129239f87a Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Tue, 5 Nov 2019 15:11:11 -0500 +Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls + +We recently changed how libseccomp handles syscall numbers that are +not defined natively, but we missed test #15. + +Acked-by: Tom Hromatka +Signed-off-by: Paul Moore +--- + tests/15-basic-resolver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c +index 6badef1..0c1eefe 100644 +--- a/tests/15-basic-resolver.c ++++ b/tests/15-basic-resolver.c +@@ -55,15 +55,15 @@ int main(int argc, char *argv[]) + unsigned int arch; + char *name = NULL; + +- if (seccomp_syscall_resolve_name("open") != __NR_open) ++ if (seccomp_syscall_resolve_name("open") != __SNR_open) + goto fail; +- if (seccomp_syscall_resolve_name("read") != __NR_read) ++ if (seccomp_syscall_resolve_name("read") != __SNR_read) + goto fail; + if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) + goto fail; + + rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); +- if (rc != __NR_openat) ++ if (rc != __SNR_openat) + goto fail; + + while ((arch = arch_list[iter++]) != -1) { +-- +2.23.0 + diff --git a/0001-tests-use-openat-instead-of-open.patch b/0001-tests-use-openat-instead-of-open.patch deleted file mode 100644 index 3f6c996..0000000 --- a/0001-tests-use-openat-instead-of-open.patch +++ /dev/null @@ -1,27 +0,0 @@ -From cc21c1b48d35f9d34ef2da0e184af3855bfeee5f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 20 Nov 2019 14:11:12 -0500 -Subject: [PATCH] tests: use openat instead of open - -On arm64, __NR_open is not defined, openat is always used. Let's use openat -instead, which is defined for architectures currently. ---- - tests/15-basic-resolver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c -index 6badef11fa..4884faf623 100644 ---- a/tests/15-basic-resolver.c -+++ b/tests/15-basic-resolver.c -@@ -55,7 +55,7 @@ int main(int argc, char *argv[]) - unsigned int arch; - char *name = NULL; - -- if (seccomp_syscall_resolve_name("open") != __NR_open) -+ if (seccomp_syscall_resolve_name("openat") != __NR_openat) - goto fail; - if (seccomp_syscall_resolve_name("read") != __NR_read) - goto fail; --- -2.23.0 - diff --git a/libseccomp.spec b/libseccomp.spec index bef8d35..0ab30ea 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -1,18 +1,22 @@ -Summary: Enhanced seccomp library -Name: libseccomp -Version: 2.4.2 -Release: 1%{?dist} -ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x -License: LGPLv2 -Source: https://github.com/seccomp/libseccomp/releases/download/v%{version}/%{name}-%{version}.tar.gz -# https://github.com/seccomp/libseccomp/pull/191 -Patch0001: 0001-tests-use-openat-instead-of-open.patch -URL: https://github.com/seccomp/libseccomp +Name: libseccomp +Version: 2.4.2 +Release: 2%{?dist} +Summary: Enhanced seccomp library +License: LGPLv2 +URL: https://github.com/seccomp/libseccomp +Source0: %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz + +# Backports from upstream +Patch0001: 0001-api-define-__SNR_ppoll-again.patch +Patch0002: 0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch + +BuildRequires: gcc +BuildRequires: make + %ifnarch riscv64 s390 # Versions prior to 3.13.0-4 do not work on ARM with newer glibc 2.25.0-6 # See https://bugzilla.redhat.com/show_bug.cgi?id=1466017 -BuildRequires: gcc -BuildRequires: valgrind >= 1:3.13.0-4 +BuildRequires: valgrind >= 1:3.13.0-4 %endif %description @@ -23,8 +27,8 @@ application is allowed to execute, all of which are enforced by the Linux Kernel. %package devel -Summary: Development files used to build applications with libseccomp support -Requires: %{name}%{?_isa} = %{version}-%{release} pkgconfig +Summary: Development files used to build applications with libseccomp support +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel The libseccomp library provides an easy to use interface to the Linux Kernel's @@ -34,8 +38,8 @@ application is allowed to execute, all of which are enforced by the Linux Kernel. %package static -Summary: Enhanced seccomp static library -Requires: %{name}-devel%{?_isa} = %{version}-%{release} pkgconfig +Summary: Enhanced seccomp static library +Requires: %{name}-devel%{?_isa} = %{version}-%{release} %description static The libseccomp library provides an easy to use interface to the Linux Kernel's @@ -49,15 +53,16 @@ Kernel. %build %configure -make V=1 %{?_smp_mflags} +%make_build %install -rm -rf "%{buildroot}" -mkdir -p "%{buildroot}/%{_libdir}" -mkdir -p "%{buildroot}/%{_includedir}" -mkdir -p "%{buildroot}/%{_mandir}" -make V=1 DESTDIR="%{buildroot}" install -rm -f "%{buildroot}/%{_libdir}/libseccomp.la" +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}/%{_includedir} +mkdir -p %{buildroot}/%{_mandir} + +%make_install + +rm -f %{buildroot}/%{_libdir}/libseccomp.la %check # Tests 36 and 37 fail on the build systems for the arches below and I'm not @@ -65,15 +70,12 @@ rm -f "%{buildroot}/%{_libdir}/libseccomp.la" %ifarch i686 ppc64le s390x rm -f tests/36-sim-ipc_syscalls.tests tests/37-sim-ipc_syscalls_be.tests %endif -make V=1 check +%make_build check + %files -%{!?_licensedir:%global license %%doc} %license LICENSE -%doc CREDITS -%doc README.md -%doc CHANGELOG -%doc CONTRIBUTING.md +%doc CREDITS README.md CHANGELOG CONTRIBUTING.md %{_libdir}/libseccomp.so.* %files devel @@ -89,6 +91,11 @@ make V=1 check %{_libdir}/libseccomp.a %changelog +* Mon Dec 16 2019 Neal Gompa - 2.4.2-2 +- Modernize spec +- Backport fix for missing __SNR_ppoll symbol (#1777889) +- Refresh patch to build on aarch64 with upstream version + * Wed Nov 20 2019 Zbigniew Jędrzejewski-Szmek - 2.4.2-1 - New upstream version (#1765314) @@ -213,4 +220,3 @@ make V=1 check * Tue Jun 12 2012 Paul Moore - 0.1.0-0 - Initial version -