1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144 | diff -Nru libseccomp-2.2.3/debian/changelog libseccomp-2.2.3/debian/changelog
--- libseccomp-2.2.3/debian/changelog 2015-12-14 16:20:04.000000000 +0000
+++ libseccomp-2.2.3/debian/changelog 2015-12-16 14:54:24.000000000 +0000
@@ -1,3 +1,10 @@
+libseccomp (2.2.3-2ubuntu3) xenial; urgency=low
+
+ * debian/patches/add-x86-32bit-socket-calls.patch: add the newly
+ connected direct socket calls. (LP: #1526358)
+
+ -- Andy Whitcroft <apw@ubuntu.com> Wed, 16 Dec 2015 14:30:17 +0000
+
libseccomp (2.2.3-2ubuntu2) xenial; urgency=medium
* debian/add-membarrier.patch: add membarrier syscall. This can be dropped
diff -Nru libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch
--- libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch 1970-01-01 01:00:00.000000000 +0100
+++ libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch 2015-12-16 14:53:15.000000000 +0000
@@ -0,0 +1,118 @@
+Description: add newly connected x86 32bit direct socket calls
+ x86 recently connected up the direct socket calls to allow simpler
+ seccomp mitigation for them. Add these to the 23bit x86 syscalls table
+ to match.
+Author: Andy Whitcroft <apw@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526358
+
+--- libseccomp-2.2.3.orig/src/arch-x86-syscalls.c
++++ libseccomp-2.2.3/src/arch-x86-syscalls.c
+@@ -32,7 +32,7 @@ const struct arch_syscall_def x86_syscal
+ { "_newselect", 142 },
+ { "_sysctl", 149 },
+ { "accept", __PNR_accept },
+- { "accept4", __PNR_accept4 },
++ { "accept4", 364 },
+ { "access", 33 },
+ { "acct", 51 },
+ { "add_key", 286 },
+@@ -43,7 +43,7 @@ const struct arch_syscall_def x86_syscal
+ { "arm_sync_file_range", __PNR_arm_sync_file_range },
+ { "arch_prctl", __PNR_arch_prctl },
+ { "bdflush", 134 },
+- { "bind", __PNR_bind },
++ { "bind", 361 },
+ { "bpf", 357 },
+ { "break", 17 },
+ { "breakpoint", __PNR_breakpoint },
+@@ -64,7 +64,7 @@ const struct arch_syscall_def x86_syscal
+ { "clock_settime", 264 },
+ { "clone", 120 },
+ { "close", 6 },
+- { "connect", __PNR_connect },
++ { "connect", 362 },
+ { "creat", 8 },
+ { "create_module", 127 },
+ { "delete_module", 129 },
+@@ -134,7 +134,7 @@ const struct arch_syscall_def x86_syscal
+ { "getgroups", 80 },
+ { "getgroups32", 205 },
+ { "getitimer", 105 },
+- { "getpeername", __PNR_getpeername },
++ { "getpeername", 368 },
+ { "getpgid", 132 },
+ { "getpgrp", 65 },
+ { "getpid", 20 },
+@@ -149,8 +149,8 @@ const struct arch_syscall_def x86_syscal
+ { "getrlimit", 76 },
+ { "getrusage", 77 },
+ { "getsid", 147 },
+- { "getsockname", __PNR_getsockname },
+- { "getsockopt", __PNR_getsockopt },
++ { "getsockname", 367 },
++ { "getsockopt", 365 },
+ { "gettid", 224 },
+ { "gettimeofday", 78 },
+ { "getuid", 24 },
+@@ -184,7 +184,7 @@ const struct arch_syscall_def x86_syscal
+ { "lgetxattr", 230 },
+ { "link", 9 },
+ { "linkat", 303 },
+- { "listen", __PNR_listen },
++ { "listen", 363 },
+ { "listxattr", 232 },
+ { "llistxattr", 233 },
+ { "lock", 53 },
+@@ -277,9 +277,9 @@ const struct arch_syscall_def x86_syscal
+ { "readv", 145 },
+ { "reboot", 88 },
+ { "recv", __PNR_recv },
+- { "recvfrom", __PNR_recvfrom },
++ { "recvfrom", 371 },
+ { "recvmmsg", 337 },
+- { "recvmsg", __PNR_recvmsg },
++ { "recvmsg", 372 },
+ { "remap_file_pages", 257 },
+ { "removexattr", 235 },
+ { "rename", 38 },
+@@ -321,8 +321,8 @@ const struct arch_syscall_def x86_syscal
+ { "sendfile", 187 },
+ { "sendfile64", 239 },
+ { "sendmmsg", 345 },
+- { "sendmsg", __PNR_sendmsg },
+- { "sendto", __PNR_sendto },
++ { "sendmsg", 370 },
++ { "sendto", 369 },
+ { "set_mempolicy", 276 },
+ { "set_robust_list", 311 },
+ { "set_thread_area", 243 },
+@@ -352,7 +352,7 @@ const struct arch_syscall_def x86_syscal
+ { "setreuid32", 203 },
+ { "setrlimit", 75 },
+ { "setsid", 66 },
+- { "setsockopt", __PNR_setsockopt },
++ { "setsockopt", 366 },
+ { "settimeofday", 79 },
+ { "setuid", 23 },
+ { "setuid32", 213 },
+@@ -362,7 +362,7 @@ const struct arch_syscall_def x86_syscal
+ { "shmctl", __PNR_shmctl },
+ { "shmdt", __PNR_shmdt },
+ { "shmget", __PNR_shmget },
+- { "shutdown", __PNR_shutdown },
++ { "shutdown", 373 },
+ { "sigaction", 67 },
+ { "sigaltstack", 186 },
+ { "signal", 48 },
+@@ -372,9 +372,9 @@ const struct arch_syscall_def x86_syscal
+ { "sigprocmask", 126 },
+ { "sigreturn", 119 },
+ { "sigsuspend", 72 },
+- { "socket", __PNR_socket },
++ { "socket", 359 },
+ { "socketcall", 102 },
+- { "socketpair", __PNR_socketpair },
++ { "socketpair", 360 },
+ { "splice", 313 },
+ { "spu_create", __PNR_spu_create },
+ { "spu_run", __PNR_spu_run },
diff -Nru libseccomp-2.2.3/debian/patches/series libseccomp-2.2.3/debian/patches/series
--- libseccomp-2.2.3/debian/patches/series 2015-12-14 16:03:14.000000000 +0000
+++ libseccomp-2.2.3/debian/patches/series 2015-12-16 14:53:42.000000000 +0000
@@ -7,3 +7,4 @@
git-a8fe571909e381b34d0ae0237aad71513f8739de.diff
add-membarrier.patch
+add-x86-32bit-socket-calls.patch
|