[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/

[Mike Gilbert]

commit:     d58730757b79ce429d5fbe8f35dede6074d4c243
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 13 17:05:00 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Apr 13 17:10:47 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5873075

sys-libs/libseccomp: backport fix for arch-syscall-check

Bug: https://bugs.gentoo.org/926648
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../libseccomp-2.5.5-arch-syscall-check.patch      | 45 ++++++++++++++++++++++
 sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild     |  1 +
 2 files changed, 46 insertions(+)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch b/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch
new file mode 100644
index 000000000000..238098ad4c9e
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch
@@ -0,0 +1,45 @@
+From 744c9a897b74ad66d065791593e25a05e4b6f6a1 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 1 Nov 2022 11:59:51 +0100
+Subject: [PATCH] src: Make arch-syscall-check work in VPATH build
+
+The aim of arch-syscall-check test is to check for syscalls
+missing implementation. It does so by comparing two files:
+
+  1) src/syscalls.csv
+  2) include/seccomp-syscalls.h
+
+However, due to use of relative paths these files are not found
+when doing a VPATH build. But, we can re-use an idea from GNU
+coreutils and get an absolute path to the source dir. All that's
+needed then is to prefix those two paths with the source dir
+path.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ src/arch-syscall-check | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/arch-syscall-check b/src/arch-syscall-check
+index ae67daa..9c7fd41 100755
+--- a/src/arch-syscall-check
++++ b/src/arch-syscall-check
+@@ -22,8 +22,11 @@
+ # along with this library; if not, see <http://www.gnu.org/licenses>.
+ #
+ 
+-SYSCALL_CSV="./syscalls.csv"
+-SYSCALL_HDR="../include/seccomp-syscalls.h"
++# Based on an idea from GNU coreutils
++abs_topsrcdir="$(unset CDPATH; cd $(dirname $0)/.. && pwd)"
++
++SYSCALL_CSV="$abs_topsrcdir/src/syscalls.csv"
++SYSCALL_HDR="$abs_topsrcdir/include/seccomp-syscalls.h"
+ 
+ function check_snr() {
+ 	(export LC_ALL=C; diff \
+-- 
+2.44.0
+

diff --git a/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild
index 6d3ea7b07d2b..4c007df8cdfd 100644
--- a/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild
@@ -49,6 +49,7 @@ PATCHES=(
 	"${FILESDIR}"/libseccomp-python-shared.patch
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
 	"${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch
+	"${FILESDIR}"/libseccomp-2.5.5-arch-syscall-check.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/

[Sam James]

commit:     78093ece632bf44fccff975a3e382f7a82d9330d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 19 02:16:17 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 19 02:17:12 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78093ece

sys-libs/libseccomp: more correctness fixes

* Use latest (and merged) version of aliasing patch
* Add another patch for out of bounds access (shows up as musl test failure)

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libseccomp-2.6.0-aliasing.patch          | 50 ++++++++++++++++------
 .../libseccomp/files/libseccomp-2.6.0-bounds.patch | 38 ++++++++++++++++
 ...-2.6.0-r1.ebuild => libseccomp-2.6.0-r2.ebuild} |  3 +-
 3 files changed, 77 insertions(+), 14 deletions(-)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
index f946dc468822..f1f13454c890 100644
--- a/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
@@ -1,9 +1,9 @@
-https://github.com/seccomp/libseccomp/pull/459
+https://github.com/seccomp/libseccomp/commit/84005ecc603fd0186188c4113452fd8e8a0c9bb3
 
-From e6904da422e68031b0237c1e005fc5e98c12e2cf Mon Sep 17 00:00:00 2001
+From 84005ecc603fd0186188c4113452fd8e8a0c9bb3 Mon Sep 17 00:00:00 2001
 From: Romain Geissler <romain.geissler@amadeus.com>
 Date: Tue, 18 Feb 2025 22:29:05 +0000
-Subject: [PATCH] Fix strict aliasing UB in MurMur hash implementation.
+Subject: [PATCH] hash: fix strict aliasing UB in MurMur hash implementation
 
 This was spotted when trying to upgrade the libseccomp fedora package to
 version 2.6.0 in fedora rawhide. It comes with gcc 15 and LTO enabled by
@@ -24,20 +24,26 @@ errors in valgrind:
 ==265507==    at 0x409590: _hsh_add (gen_bpf.c:573)
 
 Investigating this a bit, it seems that because of LTO the MurMur hash
-implementation is being inlined in _hsh_add. The way we call getblock32
-with the explicit cast to const uint32_t* is a strict aliasing
-violation.
+implementation is being inlined in _hsh_add. The two buffers data and
+blocks to point at the same underlying data, but via incompatible type,
+which is a strict aliasing violation. Instead, remove the getblock32
+function and inline the copy with memcpy.
 
 This is reproducible on a "fedora:rawhide" container (gcc 15) and using:
 export CFLAGS='-O2 -flto=auto -ffat-lto-objects -g'
 
 Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
+Reviewed-by: Sam James <sam@gentoo.org>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+[PM: subject line tweak]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+(imported from commit 614530bc8b3c9f49aa59d7eaef4863b746504c23)
 ---
- src/hash.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
+ src/hash.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
 
 diff --git a/src/hash.c b/src/hash.c
-index 4435900f..301abfc9 100644
+index 4435900f..01ff9399 100644
 --- a/src/hash.c
 +++ b/src/hash.c
 @@ -12,15 +12,11 @@
@@ -57,13 +63,31 @@ index 4435900f..301abfc9 100644
  static inline uint32_t rotl32(uint32_t x, int8_t r)
  {
  	return (x << r) | (x >> (32 - r));
-@@ -56,7 +52,7 @@ uint32_t hash(const void *key, size_t length)
+@@ -41,7 +37,6 @@ static inline uint32_t fmix32(uint32_t h)
+ uint32_t hash(const void *key, size_t length)
+ {
+ 	const uint8_t *data = (const uint8_t *)key;
+-	const uint32_t *blocks;
+ 	const uint8_t *tail;
+ 	const int nblocks = length / 4;
+ 	const uint32_t c1 = 0xcc9e2d51;
+@@ -54,9 +49,8 @@ uint32_t hash(const void *key, size_t length)
+ 	uint32_t h1 = 0;
+ 
  	/* body */
- 	blocks = (const uint32_t *)(data + nblocks * 4);
+-	blocks = (const uint32_t *)(data + nblocks * 4);
  	for(i = -nblocks; i; i++) {
 -		k1 = getblock32(blocks, i);
-+		memcpy(&k1, &blocks[i], sizeof(uint32_t));
++		memcpy(&k1, data + (nblocks + i) * sizeof(uint32_t), sizeof(uint32_t));
  
  		k1 *= c1;
  		k1 = rotl32(k1, 15);
-
+@@ -68,7 +62,7 @@ uint32_t hash(const void *key, size_t length)
+ 	}
+ 
+ 	/* tail */
+-	tail = (const uint8_t *)(data + nblocks * 4);
++	tail = data + nblocks * sizeof(uint32_t);
+ 	switch(length & 3) {
+ 	case 3:
+ 		k2 ^= tail[2] << 16;

diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-bounds.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-bounds.patch
new file mode 100644
index 000000000000..3f53cd7b1f28
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-bounds.patch
@@ -0,0 +1,38 @@
+https://github.com/seccomp/libseccomp/commit/dd759e8c4f5685b526638fba9ec4fc24c37c9aec
+
+From dd759e8c4f5685b526638fba9ec4fc24c37c9aec Mon Sep 17 00:00:00 2001
+From: Alyssa Ross <hi@alyssa.is>
+Date: Thu, 13 Feb 2025 12:05:17 +0100
+Subject: [PATCH] api: fix seccomp_export_bpf_mem out-of-bounds read
+
+*len is the length of the destination buffer, but program->blks is
+probably not anywhere near that long.  It's already been checked above
+that BPF_PGM_SIZE(program) is less than or equal to *len, so that's
+the correct value to use here to avoid either reading or writing too
+much.
+
+I noticed this because tests/11-basic-basic_errors started failing on
+musl after e797591 ("all: add seccomp_precompute() functionality").
+
+Signed-off-by: Alyssa Ross <hi@alyssa.is>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+(imported from commit e8dbc6b555fb936bdfb8ab86f9a45fda96a8b7a2)
+---
+ src/api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/api.c b/src/api.c
+index adccef32..65a277a4 100644
+--- a/src/api.c
++++ b/src/api.c
+@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf,
+ 		if (BPF_PGM_SIZE(program) > *len)
+ 			rc = _rc_filter(-ERANGE);
+ 		else
+-			memcpy(buf, program->blks, *len);
++			memcpy(buf, program->blks, BPF_PGM_SIZE(program));
+ 	}
+ 	*len = BPF_PGM_SIZE(program);
+ 
+

diff --git a/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.6.0-r2.ebuild
similarity index 97%
rename from sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
rename to sys-libs/libseccomp/libseccomp-2.6.0-r2.ebuild
index cbdd8dc79a61..ef1c9999b334 100644
--- a/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.6.0-r2.ebuild
@@ -48,7 +48,8 @@ PATCHES=(
 	"${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
 	"${FILESDIR}"/${P}-drop-bogus-test.patch
-	"${FILESDIR}"/${PN}-2.6.0-aliasing.patch
+	"${FILESDIR}"/${P}-aliasing.patch
+	"${FILESDIR}"/${P}-bounds.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/

[Sam James]

commit:     1b1023ec6bee0475caa7ec6d74a2983bfb8a0238
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 10 00:14:15 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 10 00:14:15 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b1023ec

sys-libs/libseccomp: fix aliasing violation

The patch isn't perfect so may revbump with a tweaked version later.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libseccomp-2.6.0-aliasing.patch          |  69 +++++++++++++
 sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild     | 108 +++++++++++++++++++++
 2 files changed, 177 insertions(+)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
new file mode 100644
index 000000000000..f946dc468822
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
@@ -0,0 +1,69 @@
+https://github.com/seccomp/libseccomp/pull/459
+
+From e6904da422e68031b0237c1e005fc5e98c12e2cf Mon Sep 17 00:00:00 2001
+From: Romain Geissler <romain.geissler@amadeus.com>
+Date: Tue, 18 Feb 2025 22:29:05 +0000
+Subject: [PATCH] Fix strict aliasing UB in MurMur hash implementation.
+
+This was spotted when trying to upgrade the libseccomp fedora package to
+version 2.6.0 in fedora rawhide. It comes with gcc 15 and LTO enabled by
+default. When running the test 61-sim-transactions we get plenty of such
+errors in valgrind:
+
+==265507== Use of uninitialised value of size 8
+==265507==    at 0x4096AD: _hsh_add (gen_bpf.c:599)
+==265507==    by 0x40A557: UnknownInlinedFun (gen_bpf.c:2016)
+==265507==    by 0x40A557: gen_bpf_generate (gen_bpf.c:2341)
+==265507==    by 0x400CDE: UnknownInlinedFun (db.c:2685)
+==265507==    by 0x400CDE: UnknownInlinedFun (db.c:2682)
+==265507==    by 0x400CDE: UnknownInlinedFun (api.c:756)
+==265507==    by 0x400CDE: UnknownInlinedFun (util.c:162)
+==265507==    by 0x400CDE: UnknownInlinedFun (util.c:153)
+==265507==    by 0x400CDE: main (61-sim-transactions.c:128)
+==265507==  Uninitialised value was created by a stack allocation
+==265507==    at 0x409590: _hsh_add (gen_bpf.c:573)
+
+Investigating this a bit, it seems that because of LTO the MurMur hash
+implementation is being inlined in _hsh_add. The way we call getblock32
+with the explicit cast to const uint32_t* is a strict aliasing
+violation.
+
+This is reproducible on a "fedora:rawhide" container (gcc 15) and using:
+export CFLAGS='-O2 -flto=auto -ffat-lto-objects -g'
+
+Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
+---
+ src/hash.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/hash.c b/src/hash.c
+index 4435900f..301abfc9 100644
+--- a/src/hash.c
++++ b/src/hash.c
+@@ -12,15 +12,11 @@
+  */
+ 
+ #include <stdlib.h>
++#include <string.h>
+ #include <inttypes.h>
+ 
+ #include "hash.h"
+ 
+-static inline uint32_t getblock32(const uint32_t *p, int i)
+-{
+-	return p[i];
+-}
+-
+ static inline uint32_t rotl32(uint32_t x, int8_t r)
+ {
+ 	return (x << r) | (x >> (32 - r));
+@@ -56,7 +52,7 @@ uint32_t hash(const void *key, size_t length)
+ 	/* body */
+ 	blocks = (const uint32_t *)(data + nblocks * 4);
+ 	for(i = -nblocks; i; i++) {
+-		k1 = getblock32(blocks, i);
++		memcpy(&k1, &blocks[i], sizeof(uint32_t));
+ 
+ 		k1 *= c1;
+ 		k1 = rotl32(k1, 15);
+

diff --git a/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
new file mode 100644
index 000000000000..cbdd8dc79a61
--- /dev/null
+++ b/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_EXT=1
+DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit distutils-r1 multilib-minimal
+
+DESCRIPTION="High level interface to Linux seccomp filter"
+HOMEPAGE="https://github.com/seccomp/libseccomp"
+
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git"
+	PRERELEASE="2.6.0"
+	inherit autotools git-r3
+else
+	SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz"
+	KEYWORDS="-* ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux"
+fi
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+IUSE="python static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# We need newer kernel headers; we don't keep strict control of the exact
+# version here, just be safe and pull in the latest stable ones. bug #551248
+DEPEND="
+	>=sys-kernel/linux-headers-5.15
+	python? ( ${PYTHON_DEPS} )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+	${DEPEND}
+	dev-util/gperf
+	python? (
+		${DISTUTILS_DEPS}
+		dev-python/cython[${PYTHON_USEDEP}]
+	)
+"
+
+PATCHES=(
+	"${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
+	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
+	"${FILESDIR}"/${P}-drop-bogus-test.patch
+	"${FILESDIR}"/${PN}-2.6.0-aliasing.patch
+)
+
+src_prepare() {
+	default
+
+	if [[ ${PV} == *9999 ]] ; then
+		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
+
+		eautoreconf
+	fi
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		$(use_enable static-libs static)
+		--disable-python
+	)
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake
+
+	if multilib_is_native_abi && use python ; then
+		# setup.py expects libseccomp.so to live in "../.libs"
+		# Copy the python files to the right place for this.
+		rm -r "${BUILD_DIR}"/src/python || die
+		cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die
+		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+
+		# setup.py reads VERSION_RELEASE from the environment
+		local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+
+		pushd "${BUILD_DIR}/src/python" >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
+	fi
+}
+
+multilib_src_test() {
+	emake -Onone check
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if multilib_is_native_abi && use python ; then
+		distutils-r1_src_install
+	fi
+}
+
+multilib_src_install_all() {
+	find "${ED}" -type f -name "${PN}.la" -delete || die
+
+	einstalldocs
+}

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/

[Sam James]

commit:     f1d0273dc3070fd511e8f65017ea87481934d0b2
Author:     Michal Privoznik <michal.privoznik <AT> gmail <DOT> com>
AuthorDate: Tue Oct 25 12:43:59 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 30 09:40:40 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1d0273d

sys-libs/libseccomp: Rebase libseccomp-python-shared.patch

The libseccomp-python-shared.patch that makes python module
depend on libseccomp.so instead of linking it statically in
does no longer apply cleanly. Rebase it.

Signed-off-by: Michal Privoznik <michal.privoznik <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/27943
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libseccomp-2.6.0-python-shared.patch     | 25 ++++++++++++++++++++++
 sys-libs/libseccomp/libseccomp-9999.ebuild         |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-python-shared.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-python-shared.patch
new file mode 100644
index 000000000000..34b12db22112
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-python-shared.patch
@@ -0,0 +1,25 @@
+From 594fecb16833c693ac0cff8f857aec0edd097077 Mon Sep 17 00:00:00 2001
+Message-Id: <594fecb16833c693ac0cff8f857aec0edd097077.1666701554.git.mprivozn@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 25 Oct 2022 14:39:07 +0200
+Subject: [PATCH] Link python module against shared library
+
+---
+ src/python/setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/python/setup.py b/src/python/setup.py
+index 46f9a73..85deb03 100755
+--- a/src/python/setup.py
++++ b/src/python/setup.py
+@@ -40,6 +40,6 @@ setup(
+ 	ext_modules = cythonize([
+ 		Extension("seccomp", ["seccomp.pyx"],
+ 			# unable to handle libtool libraries directly
+-			extra_objects=["../.libs/libseccomp.a"]),
++			extra_objects=["../.libs/libseccomp.so"]),
+ 	])
+ )
+-- 
+2.37.4
+

diff --git a/sys-libs/libseccomp/libseccomp-9999.ebuild b/sys-libs/libseccomp/libseccomp-9999.ebuild
index fed0b3c8f425..e97b661f1bb0 100644
--- a/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sys-libs/libseccomp/libseccomp-9999.ebuild
@@ -37,7 +37,7 @@ BDEPEND="${DEPEND}
 	python? ( dev-python/cython[${PYTHON_USEDEP}] )"
 
 PATCHES=(
-	"${FILESDIR}"/libseccomp-python-shared.patch
+	"${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
 )