Ubuntu Pastebin

Paste from apw at Wed, 16 Dec 2015 14:56:04 +0000

Download as text 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
diff -Nru libseccomp-2.2.3/debian/changelog libseccomp-2.2.3/debian/changelog
--- libseccomp-2.2.3/debian/changelog	2015-12-14 16:20:04.000000000 +0000
+++ libseccomp-2.2.3/debian/changelog	2015-12-16 14:54:24.000000000 +0000
@@ -1,3 +1,10 @@
+libseccomp (2.2.3-2ubuntu3) xenial; urgency=low
+
+  * debian/patches/add-x86-32bit-socket-calls.patch: add the newly
+    connected direct socket calls.  (LP: #1526358)
+
+ -- Andy Whitcroft <apw@ubuntu.com>  Wed, 16 Dec 2015 14:30:17 +0000
+
 libseccomp (2.2.3-2ubuntu2) xenial; urgency=medium
 
   * debian/add-membarrier.patch: add membarrier syscall. This can be dropped
diff -Nru libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch
--- libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch	1970-01-01 01:00:00.000000000 +0100
+++ libseccomp-2.2.3/debian/patches/add-x86-32bit-socket-calls.patch	2015-12-16 14:53:15.000000000 +0000
@@ -0,0 +1,118 @@
+Description: add newly connected x86 32bit direct socket calls
+ x86 recently connected up the direct socket calls to allow simpler
+ seccomp mitigation for them.  Add these to the 23bit x86 syscalls table
+ to match.
+Author: Andy Whitcroft <apw@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526358
+
+--- libseccomp-2.2.3.orig/src/arch-x86-syscalls.c
++++ libseccomp-2.2.3/src/arch-x86-syscalls.c
+@@ -32,7 +32,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "_newselect", 142 },
+ 	{ "_sysctl", 149 },
+ 	{ "accept", __PNR_accept },
+-	{ "accept4", __PNR_accept4 },
++	{ "accept4", 364 },
+ 	{ "access", 33 },
+ 	{ "acct", 51 },
+ 	{ "add_key", 286 },
+@@ -43,7 +43,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "arm_sync_file_range", __PNR_arm_sync_file_range },
+ 	{ "arch_prctl", __PNR_arch_prctl },
+ 	{ "bdflush", 134 },
+-	{ "bind", __PNR_bind },
++	{ "bind", 361 },
+ 	{ "bpf", 357 },
+ 	{ "break", 17 },
+ 	{ "breakpoint", __PNR_breakpoint },
+@@ -64,7 +64,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "clock_settime", 264 },
+ 	{ "clone", 120 },
+ 	{ "close", 6 },
+-	{ "connect", __PNR_connect },
++	{ "connect", 362 },
+ 	{ "creat", 8 },
+ 	{ "create_module", 127 },
+ 	{ "delete_module", 129 },
+@@ -134,7 +134,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "getgroups", 80 },
+ 	{ "getgroups32", 205 },
+ 	{ "getitimer", 105 },
+-	{ "getpeername", __PNR_getpeername },
++	{ "getpeername", 368 },
+ 	{ "getpgid", 132 },
+ 	{ "getpgrp", 65 },
+ 	{ "getpid", 20 },
+@@ -149,8 +149,8 @@ const struct arch_syscall_def x86_syscal
+ 	{ "getrlimit", 76 },
+ 	{ "getrusage", 77 },
+ 	{ "getsid", 147 },
+-	{ "getsockname", __PNR_getsockname },
+-	{ "getsockopt", __PNR_getsockopt },
++	{ "getsockname", 367 },
++	{ "getsockopt", 365 },
+ 	{ "gettid", 224 },
+ 	{ "gettimeofday", 78 },
+ 	{ "getuid", 24 },
+@@ -184,7 +184,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "lgetxattr", 230 },
+ 	{ "link", 9 },
+ 	{ "linkat", 303 },
+-	{ "listen", __PNR_listen },
++	{ "listen", 363 },
+ 	{ "listxattr", 232 },
+ 	{ "llistxattr", 233 },
+ 	{ "lock", 53 },
+@@ -277,9 +277,9 @@ const struct arch_syscall_def x86_syscal
+ 	{ "readv", 145 },
+ 	{ "reboot", 88 },
+ 	{ "recv", __PNR_recv },
+-	{ "recvfrom", __PNR_recvfrom },
++	{ "recvfrom", 371 },
+ 	{ "recvmmsg", 337 },
+-	{ "recvmsg", __PNR_recvmsg },
++	{ "recvmsg", 372 },
+ 	{ "remap_file_pages", 257 },
+ 	{ "removexattr", 235 },
+ 	{ "rename", 38 },
+@@ -321,8 +321,8 @@ const struct arch_syscall_def x86_syscal
+ 	{ "sendfile", 187 },
+ 	{ "sendfile64", 239 },
+ 	{ "sendmmsg", 345 },
+-	{ "sendmsg", __PNR_sendmsg },
+-	{ "sendto", __PNR_sendto },
++	{ "sendmsg", 370 },
++	{ "sendto", 369 },
+ 	{ "set_mempolicy", 276 },
+ 	{ "set_robust_list", 311 },
+ 	{ "set_thread_area", 243 },
+@@ -352,7 +352,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "setreuid32", 203 },
+ 	{ "setrlimit", 75 },
+ 	{ "setsid", 66 },
+-	{ "setsockopt", __PNR_setsockopt },
++	{ "setsockopt", 366 },
+ 	{ "settimeofday", 79 },
+ 	{ "setuid", 23 },
+ 	{ "setuid32", 213 },
+@@ -362,7 +362,7 @@ const struct arch_syscall_def x86_syscal
+ 	{ "shmctl", __PNR_shmctl },
+ 	{ "shmdt", __PNR_shmdt },
+ 	{ "shmget", __PNR_shmget },
+-	{ "shutdown", __PNR_shutdown },
++	{ "shutdown", 373 },
+ 	{ "sigaction", 67 },
+ 	{ "sigaltstack", 186 },
+ 	{ "signal", 48 },
+@@ -372,9 +372,9 @@ const struct arch_syscall_def x86_syscal
+ 	{ "sigprocmask", 126 },
+ 	{ "sigreturn", 119 },
+ 	{ "sigsuspend", 72 },
+-	{ "socket", __PNR_socket },
++	{ "socket", 359 },
+ 	{ "socketcall", 102 },
+-	{ "socketpair", __PNR_socketpair },
++	{ "socketpair", 360 },
+ 	{ "splice", 313 },
+ 	{ "spu_create", __PNR_spu_create },
+ 	{ "spu_run", __PNR_spu_run },
diff -Nru libseccomp-2.2.3/debian/patches/series libseccomp-2.2.3/debian/patches/series
--- libseccomp-2.2.3/debian/patches/series	2015-12-14 16:03:14.000000000 +0000
+++ libseccomp-2.2.3/debian/patches/series	2015-12-16 14:53:42.000000000 +0000
@@ -7,3 +7,4 @@
 
 git-a8fe571909e381b34d0ae0237aad71513f8739de.diff
 add-membarrier.patch
+add-x86-32bit-socket-calls.patch
Download as text