* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/
@ 2024-04-13 17:11 Mike Gilbert
0 siblings, 0 replies; 3+ messages in thread
From: Mike Gilbert @ 2024-04-13 17:11 UTC (permalink / raw
To: gentoo-commits
commit: d58730757b79ce429d5fbe8f35dede6074d4c243
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 13 17:05:00 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Apr 13 17:10:47 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5873075
sys-libs/libseccomp: backport fix for arch-syscall-check
Bug: https://bugs.gentoo.org/926648
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../libseccomp-2.5.5-arch-syscall-check.patch | 45 ++++++++++++++++++++++
sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild | 1 +
2 files changed, 46 insertions(+)
diff --git a/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch b/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch
new file mode 100644
index 000000000000..238098ad4c9e
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch
@@ -0,0 +1,45 @@
+From 744c9a897b74ad66d065791593e25a05e4b6f6a1 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 1 Nov 2022 11:59:51 +0100
+Subject: [PATCH] src: Make arch-syscall-check work in VPATH build
+
+The aim of arch-syscall-check test is to check for syscalls
+missing implementation. It does so by comparing two files:
+
+ 1) src/syscalls.csv
+ 2) include/seccomp-syscalls.h
+
+However, due to use of relative paths these files are not found
+when doing a VPATH build. But, we can re-use an idea from GNU
+coreutils and get an absolute path to the source dir. All that's
+needed then is to prefix those two paths with the source dir
+path.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ src/arch-syscall-check | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/arch-syscall-check b/src/arch-syscall-check
+index ae67daa..9c7fd41 100755
+--- a/src/arch-syscall-check
++++ b/src/arch-syscall-check
+@@ -22,8 +22,11 @@
+ # along with this library; if not, see <http://www.gnu.org/licenses>.
+ #
+
+-SYSCALL_CSV="./syscalls.csv"
+-SYSCALL_HDR="../include/seccomp-syscalls.h"
++# Based on an idea from GNU coreutils
++abs_topsrcdir="$(unset CDPATH; cd $(dirname $0)/.. && pwd)"
++
++SYSCALL_CSV="$abs_topsrcdir/src/syscalls.csv"
++SYSCALL_HDR="$abs_topsrcdir/include/seccomp-syscalls.h"
+
+ function check_snr() {
+ (export LC_ALL=C; diff \
+--
+2.44.0
+
diff --git a/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild
index 6d3ea7b07d2b..4c007df8cdfd 100644
--- a/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.5.5-r1.ebuild
@@ -49,6 +49,7 @@ PATCHES=(
"${FILESDIR}"/libseccomp-python-shared.patch
"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
"${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch
+ "${FILESDIR}"/libseccomp-2.5.5-arch-syscall-check.patch
)
src_prepare() {
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/
@ 2025-03-10 0:15 Sam James
0 siblings, 0 replies; 3+ messages in thread
From: Sam James @ 2025-03-10 0:15 UTC (permalink / raw
To: gentoo-commits
commit: 1b1023ec6bee0475caa7ec6d74a2983bfb8a0238
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 10 00:14:15 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 10 00:14:15 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b1023ec
sys-libs/libseccomp: fix aliasing violation
The patch isn't perfect so may revbump with a tweaked version later.
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/libseccomp-2.6.0-aliasing.patch | 69 +++++++++++++
sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild | 108 +++++++++++++++++++++
2 files changed, 177 insertions(+)
diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
new file mode 100644
index 000000000000..f946dc468822
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
@@ -0,0 +1,69 @@
+https://github.com/seccomp/libseccomp/pull/459
+
+From e6904da422e68031b0237c1e005fc5e98c12e2cf Mon Sep 17 00:00:00 2001
+From: Romain Geissler <romain.geissler@amadeus.com>
+Date: Tue, 18 Feb 2025 22:29:05 +0000
+Subject: [PATCH] Fix strict aliasing UB in MurMur hash implementation.
+
+This was spotted when trying to upgrade the libseccomp fedora package to
+version 2.6.0 in fedora rawhide. It comes with gcc 15 and LTO enabled by
+default. When running the test 61-sim-transactions we get plenty of such
+errors in valgrind:
+
+==265507== Use of uninitialised value of size 8
+==265507== at 0x4096AD: _hsh_add (gen_bpf.c:599)
+==265507== by 0x40A557: UnknownInlinedFun (gen_bpf.c:2016)
+==265507== by 0x40A557: gen_bpf_generate (gen_bpf.c:2341)
+==265507== by 0x400CDE: UnknownInlinedFun (db.c:2685)
+==265507== by 0x400CDE: UnknownInlinedFun (db.c:2682)
+==265507== by 0x400CDE: UnknownInlinedFun (api.c:756)
+==265507== by 0x400CDE: UnknownInlinedFun (util.c:162)
+==265507== by 0x400CDE: UnknownInlinedFun (util.c:153)
+==265507== by 0x400CDE: main (61-sim-transactions.c:128)
+==265507== Uninitialised value was created by a stack allocation
+==265507== at 0x409590: _hsh_add (gen_bpf.c:573)
+
+Investigating this a bit, it seems that because of LTO the MurMur hash
+implementation is being inlined in _hsh_add. The way we call getblock32
+with the explicit cast to const uint32_t* is a strict aliasing
+violation.
+
+This is reproducible on a "fedora:rawhide" container (gcc 15) and using:
+export CFLAGS='-O2 -flto=auto -ffat-lto-objects -g'
+
+Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
+---
+ src/hash.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/hash.c b/src/hash.c
+index 4435900f..301abfc9 100644
+--- a/src/hash.c
++++ b/src/hash.c
+@@ -12,15 +12,11 @@
+ */
+
+ #include <stdlib.h>
++#include <string.h>
+ #include <inttypes.h>
+
+ #include "hash.h"
+
+-static inline uint32_t getblock32(const uint32_t *p, int i)
+-{
+- return p[i];
+-}
+-
+ static inline uint32_t rotl32(uint32_t x, int8_t r)
+ {
+ return (x << r) | (x >> (32 - r));
+@@ -56,7 +52,7 @@ uint32_t hash(const void *key, size_t length)
+ /* body */
+ blocks = (const uint32_t *)(data + nblocks * 4);
+ for(i = -nblocks; i; i++) {
+- k1 = getblock32(blocks, i);
++ memcpy(&k1, &blocks[i], sizeof(uint32_t));
+
+ k1 *= c1;
+ k1 = rotl32(k1, 15);
+
diff --git a/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
new file mode 100644
index 000000000000..cbdd8dc79a61
--- /dev/null
+++ b/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_EXT=1
+DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit distutils-r1 multilib-minimal
+
+DESCRIPTION="High level interface to Linux seccomp filter"
+HOMEPAGE="https://github.com/seccomp/libseccomp"
+
+if [[ ${PV} == *9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git"
+ PRERELEASE="2.6.0"
+ inherit autotools git-r3
+else
+ SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz"
+ KEYWORDS="-* ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux"
+fi
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+IUSE="python static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# We need newer kernel headers; we don't keep strict control of the exact
+# version here, just be safe and pull in the latest stable ones. bug #551248
+DEPEND="
+ >=sys-kernel/linux-headers-5.15
+ python? ( ${PYTHON_DEPS} )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+ ${DEPEND}
+ dev-util/gperf
+ python? (
+ ${DISTUTILS_DEPS}
+ dev-python/cython[${PYTHON_USEDEP}]
+ )
+"
+
+PATCHES=(
+ "${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
+ "${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
+ "${FILESDIR}"/${P}-drop-bogus-test.patch
+ "${FILESDIR}"/${PN}-2.6.0-aliasing.patch
+)
+
+src_prepare() {
+ default
+
+ if [[ ${PV} == *9999 ]] ; then
+ sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
+
+ eautoreconf
+ fi
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ $(use_enable static-libs static)
+ --disable-python
+ )
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ emake
+
+ if multilib_is_native_abi && use python ; then
+ # setup.py expects libseccomp.so to live in "../.libs"
+ # Copy the python files to the right place for this.
+ rm -r "${BUILD_DIR}"/src/python || die
+ cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die
+ local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+
+ # setup.py reads VERSION_RELEASE from the environment
+ local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+
+ pushd "${BUILD_DIR}/src/python" >/dev/null || die
+ distutils-r1_src_compile
+ popd >/dev/null || die
+ fi
+}
+
+multilib_src_test() {
+ emake -Onone check
+}
+
+multilib_src_install() {
+ emake DESTDIR="${D}" install
+
+ if multilib_is_native_abi && use python ; then
+ distutils-r1_src_install
+ fi
+}
+
+multilib_src_install_all() {
+ find "${ED}" -type f -name "${PN}.la" -delete || die
+
+ einstalldocs
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/
@ 2022-10-30 9:43 Sam James
0 siblings, 0 replies; 3+ messages in thread
From: Sam James @ 2022-10-30 9:43 UTC (permalink / raw
To: gentoo-commits
commit: f1d0273dc3070fd511e8f65017ea87481934d0b2
Author: Michal Privoznik <michal.privoznik <AT> gmail <DOT> com>
AuthorDate: Tue Oct 25 12:43:59 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 30 09:40:40 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1d0273d
sys-libs/libseccomp: Rebase libseccomp-python-shared.patch
The libseccomp-python-shared.patch that makes python module
depend on libseccomp.so instead of linking it statically in
does no longer apply cleanly. Rebase it.
Signed-off-by: Michal Privoznik <michal.privoznik <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/27943
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/libseccomp-2.6.0-python-shared.patch | 25 ++++++++++++++++++++++
sys-libs/libseccomp/libseccomp-9999.ebuild | 2 +-
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-python-shared.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-python-shared.patch
new file mode 100644
index 000000000000..34b12db22112
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-python-shared.patch
@@ -0,0 +1,25 @@
+From 594fecb16833c693ac0cff8f857aec0edd097077 Mon Sep 17 00:00:00 2001
+Message-Id: <594fecb16833c693ac0cff8f857aec0edd097077.1666701554.git.mprivozn@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 25 Oct 2022 14:39:07 +0200
+Subject: [PATCH] Link python module against shared library
+
+---
+ src/python/setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/python/setup.py b/src/python/setup.py
+index 46f9a73..85deb03 100755
+--- a/src/python/setup.py
++++ b/src/python/setup.py
+@@ -40,6 +40,6 @@ setup(
+ ext_modules = cythonize([
+ Extension("seccomp", ["seccomp.pyx"],
+ # unable to handle libtool libraries directly
+- extra_objects=["../.libs/libseccomp.a"]),
++ extra_objects=["../.libs/libseccomp.so"]),
+ ])
+ )
+--
+2.37.4
+
diff --git a/sys-libs/libseccomp/libseccomp-9999.ebuild b/sys-libs/libseccomp/libseccomp-9999.ebuild
index fed0b3c8f425..e97b661f1bb0 100644
--- a/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sys-libs/libseccomp/libseccomp-9999.ebuild
@@ -37,7 +37,7 @@ BDEPEND="${DEPEND}
python? ( dev-python/cython[${PYTHON_USEDEP}] )"
PATCHES=(
- "${FILESDIR}"/libseccomp-python-shared.patch
+ "${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
)
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-10 0:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-13 17:11 [gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/, sys-libs/libseccomp/files/ Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
2025-03-10 0:15 Sam James
2022-10-30 9:43 Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox