From patchwork Tue Sep 15 19:44:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Korsgaard X-Patchwork-Id: 1364620 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=korsgaard.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=P47bORQa; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BrYbL25lgz9sTS for ; Wed, 16 Sep 2020 05:44:46 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 85E7586B12; Tue, 15 Sep 2020 19:44:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I+wj+juJsnbT; Tue, 15 Sep 2020 19:44:42 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 8D07986B05; Tue, 15 Sep 2020 19:44:42 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 68B501BF350 for ; Tue, 15 Sep 2020 19:44:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 612AC86B05 for ; Tue, 15 Sep 2020 19:44:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zUqFU6xuRwi for ; Tue, 15 Sep 2020 19:44:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) by whitealder.osuosl.org (Postfix) with ESMTPS id E021686AE7 for ; Tue, 15 Sep 2020 19:44:38 +0000 (UTC) Received: by mail-ed1-f65.google.com with SMTP id b12so4186942edz.11 for ; Tue, 15 Sep 2020 12:44:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uWqAFrO2uHOZQZzsiwVmqweVY3VnH1aRt/3zyBS+TBI=; b=P47bORQa8O0d7tT29AT7B8lGdfic5yecBXneSxbDWBA4gIP+q91zUKjb+TQgOpjznD PzgRdxe8WUNy1/t4wGJjxyWDgKcGYXygeUgx/H1n3Z2l35fxrz30k0UyzVaBMJSvJI4z LoAHTXcxM418+RNTv0Yi8GXMMDH9uykKp0xri7NvbRL6Ho8U30quPW/S5gc1hzzDnjxw eLrwbiJVXY/oTUpGKNQdXe133ThHgNsB1K/IPw0V9LAj5yg/3nU9zb5PM6jX3esZciX/ 3t5wwZfWY3azI2rtFxrROcdcMPoEEJlgZOCcL9/HbuZ8fekqw/xhpfT+pZQU001amaK1 oU+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=uWqAFrO2uHOZQZzsiwVmqweVY3VnH1aRt/3zyBS+TBI=; b=DouQa7ZEerUFcs9iTJgalK5/aSIRPySHSLXX4pgqJHIrgp3oBWBibhYnyfhna8fUaa qikRSusIVRlxc5BqWCPR1pq0SpeZlMqtBeSrDbZCWlDDdpwr6VIK9bBZynZun8zTIH0c qS7gmjGSuG8N3GueMPv58qXWyDIPK1osTMXX4IlNoxEar4lnHcHJLaz2/++fgpzMSyph 6x5acKnOk9pXKpiDzQkf1F2/57Nm/hhxT08alG3m/i3UufT1rlpUCKIBoUklMRZdv4VQ 0jKI6oY6X+4S36o3CiUxQkIeR2tqRK3oqaK32DqWjobdQWy4X1p94lGZRIPvfq5nMuY2 9LHQ== X-Gm-Message-State: AOAM530lQbUcqWH388wPe4D1YY/1XMUvp+lXT97mBIEAnnuy6bG/0bW2 qByr/2oJbOpZ4dmhwHe0cPBlN+B+RvM= X-Google-Smtp-Source: ABdhPJxUdrJHJO6VQQrpLyzL4+rs3IEQIpBnfUMakacuzU+OGOibtOcd219Ew41VuIJRcbRD2n8jgA== X-Received: by 2002:a50:ed94:: with SMTP id h20mr24062316edr.184.1600199076826; Tue, 15 Sep 2020 12:44:36 -0700 (PDT) Received: from dell.be.48ers.dk (d51a5bc31.access.telenet.be. [81.165.188.49]) by smtp.gmail.com with ESMTPSA id f17sm12468788eds.45.2020.09.15.12.44.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Sep 2020 12:44:36 -0700 (PDT) Received: from peko by dell.be.48ers.dk with local (Exim 4.92) (envelope-from ) id 1kIGsV-0002VL-JH; Tue, 15 Sep 2020 21:44:35 +0200 From: Peter Korsgaard To: buildroot@buildroot.org Date: Tue, 15 Sep 2020 21:44:26 +0200 Message-Id: <20200915194426.9571-1-peter@korsgaard.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH] package/libseccomp: bump version to 2.4.4 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Peter Korsgaard , Fabrice Fontaine , Carlos Santos , "Yann E. MORIN" Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Brings support for 5.8 syscalls and adds various fixes. Drop 0001-remove-static.patch as it is upstream since 2.4.3: https://github.com/seccomp/libseccomp/commit/2a1b67825842c6c75ca898f09f0d9c99339e1fa8 Drop 0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch as the uClibc-ng issue is fixed in 1.0.33: https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=01e863c89fc772a406fe56c6dddb39f71a570c06 Download upstream uploaded tarball rather than using the github macro, and use upstream hash and reformat hash file. Signed-off-by: Peter Korsgaard --- package/libseccomp/0001-remove-static.patch | 40 ---------- ...n-uClibc-ng-syscall-on-x86_64-system.patch | 80 ------------------- package/libseccomp/libseccomp.hash | 5 +- package/libseccomp/libseccomp.mk | 4 +- 4 files changed, 5 insertions(+), 124 deletions(-) delete mode 100644 package/libseccomp/0001-remove-static.patch delete mode 100644 package/libseccomp/0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch diff --git a/package/libseccomp/0001-remove-static.patch b/package/libseccomp/0001-remove-static.patch deleted file mode 100644 index 60a1ff00b6..0000000000 --- a/package/libseccomp/0001-remove-static.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5d010fb06eae43b284e5ccc322f6de47eb42b751 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Sat, 2 Jun 2018 13:45:22 +0200 -Subject: [PATCH] remove static - -Do not force static link of tools, it breaks build with: -BR2_SHARED_LIBS=y - -Patch retrieved from -https://git.buildroot.net/buildroot/tree/package/libseccomp/0001-remove-static.patch -and slighly updated to work with 2.3.3 - -[Upstream status: https://github.com/seccomp/libseccomp/pull/121] - -Signed-off-by: Bernd Kuhls -Signed-off-by: Fabrice Fontaine -[Peter: updated for v2.4.0 which adds scmp_api_level] -Signed-off-by: Peter Korsgaard ---- - tools/Makefile.am | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/tools/Makefile.am b/tools/Makefile.am -index f768365..5f9d571 100644 ---- a/tools/Makefile.am -+++ b/tools/Makefile.am -@@ -37,10 +37,7 @@ scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h - scmp_api_level_SOURCES = scmp_api_level.c - - scmp_sys_resolver_LDADD = ../src/libseccomp.la --scmp_sys_resolver_LDFLAGS = -static - scmp_arch_detect_LDADD = ../src/libseccomp.la --scmp_arch_detect_LDFLAGS = -static - scmp_bpf_disasm_LDADD = util.la - scmp_bpf_sim_LDADD = util.la - scmp_api_level_LDADD = ../src/libseccomp.la --scmp_api_level_LDFLAGS = -static --- -2.11.0 - diff --git a/package/libseccomp/0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch b/package/libseccomp/0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch deleted file mode 100644 index 6ac9b08a76..0000000000 --- a/package/libseccomp/0002-Circumvent-bug-in-uClibc-ng-syscall-on-x86_64-system.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 613e601bb4b50dc359b41f162a5b629449e4bbea Mon Sep 17 00:00:00 2001 -From: Carlos Santos -Date: Fri, 18 Oct 2019 22:02:49 -0300 -Subject: [PATCH] Circumvent bug in uClibc-ng syscall() on x86_64 systems - -On uClibc at least up to v1.0.32, syscall() for x86_64 is defined in -libc/sysdeps/linux/x86_64/syscall.S as - -syscall: - movq %rdi, %rax /* Syscall number -> rax. */ - movq %rsi, %rdi /* shift arg1 - arg5. */ - movq %rdx, %rsi - movq %rcx, %rdx - movq %r8, %r10 - movq %r9, %r8 - movq 8(%rsp),%r9 /* arg6 is on the stack. */ - syscall /* Do the system call. */ - cmpq $-4095, %rax /* Check %rax for error. */ - jae __syscall_error /* Branch forward if it failed. */ - ret /* Return to caller. */ - -And __syscall_error is defined in -libc/sysdeps/linux/x86_64/__syscall_error.c as - -int __syscall_error(void) attribute_hidden; -int __syscall_error(void) -{ - register int err_no __asm__ ("%rcx"); - __asm__ ("mov %rax, %rcx\n\t" - "neg %rcx"); - __set_errno(err_no); - return -1; -} - -Notice that __syscall_error returns -1 as a 32-bit int in %rax, a 64-bit -register i.e. 0x00000000ffffffff (decimal 4294967295). When this value -is compared to -1 in _sys_chk_seccomp_flag_kernel() the result is false, -leading the function to always return 0. - -Prevent the error by coercing the return value of syscall() to int in a -temporary variable before comparing it to -1. We could use just an (int) -cast but the variable makes the code more readable and the machine code -generated by the compiler is the same in both cases. - -All other syscall() invocations were inspected and they either already -coerce the result to int or do not compare it to -1. - -The same problem probably occurs on other 64-bit systems but so far only -x86_64 was tested. - -A bug report is being submitted to uClibc. - -Signed-off-by: Carlos Santos ---- - src/system.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/system.c b/src/system.c -index 8e5aafc..811b401 100644 ---- a/src/system.c -+++ b/src/system.c -@@ -215,10 +215,12 @@ static int _sys_chk_seccomp_flag_kernel(int flag) - /* this is an invalid seccomp(2) call because the last argument - * is NULL, but depending on the errno value of EFAULT we can - * guess if the filter flag is supported or not */ -- if (sys_chk_seccomp_syscall() == 1 && -- syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flag, NULL) == -1 && -- errno == EFAULT) -+ int rc; -+ if (sys_chk_seccomp_syscall() == 1) { -+ rc = syscall(_nr_seccomp, SECCOMP_SET_MODE_FILTER, flag, NULL); -+ if (rc == -1 && errno == EFAULT) - return 1; -+ } - - return 0; - } --- -2.18.1 - diff --git a/package/libseccomp/libseccomp.hash b/package/libseccomp/libseccomp.hash index 39c5f8aa38..2d07c1c1fa 100644 --- a/package/libseccomp/libseccomp.hash +++ b/package/libseccomp/libseccomp.hash @@ -1,3 +1,4 @@ +# From https://github.com/seccomp/libseccomp/releases/tag/v2.4.4 +sha256 4e79738d1ef3c9b7ca9769f1f8b8d84fc17143c2c1c432e53b9c64787e0ff3eb libseccomp-2.4.4.tar.gz # Locally calculated -sha256 36aa502c0461ae9efc6c93ec2430d6badd9bf91ecbe73806baf7b7c6f687ab4f libseccomp-2.4.1.tar.gz -sha256 102900208eef27b766380135906d431dba87edaa7ec6aa72e6ebd3dd67f3a97b LICENSE +sha256 102900208eef27b766380135906d431dba87edaa7ec6aa72e6ebd3dd67f3a97b LICENSE diff --git a/package/libseccomp/libseccomp.mk b/package/libseccomp/libseccomp.mk index 491e51b375..38e0361a08 100644 --- a/package/libseccomp/libseccomp.mk +++ b/package/libseccomp/libseccomp.mk @@ -4,8 +4,8 @@ # ################################################################################ -LIBSECCOMP_VERSION = 2.4.1 -LIBSECCOMP_SITE = $(call github,seccomp,libseccomp,v$(LIBSECCOMP_VERSION)) +LIBSECCOMP_VERSION = 2.4.4 +LIBSECCOMP_SITE = https://github.com/seccomp/libseccomp/releases/download/v$(LIBSECCOMP_VERSION) LIBSECCOMP_LICENSE = LGPL-2.1 LIBSECCOMP_LICENSE_FILES = LICENSE LIBSECCOMP_INSTALL_STAGING = YES