Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-CC: Michael Vogt <m...@debian.org>
Please unblock package golang-github-seccomp-libseccomp-golang unblock golang-github-seccomp-libseccomp-golang/0.9.0-2 When I look the diff of unstable and testing of Go packages, I think this could not be reverted. The changes are small and only contain bug fix. diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog 2017-08-09 06:22:22.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog 2019-04-30 15:29:24.000000000 +0800 @@ -1,3 +1,15 @@ +golang-github-seccomp-libseccomp-golang (0.9.0-2) unstable; urgency=medium + + [ Alexandre Viau ] + * Point Vcs-* urls to salsa.debian.org. + + [ Michael Vogt ] + * debian/patches/06e7a2-fix-multi-args.patch: + - Cherry pick 06e7a29 to fix incorrect argument filtering when + using multiple arguments + + -- Michael Vogt <m...@debian.org> Tue, 30 Apr 2019 09:29:24 +0200 + golang-github-seccomp-libseccomp-golang (0.9.0-1) unstable; urgency=medium [ Team upload ] diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/control golang-github-seccomp-libseccomp-golang-0.9.0/debian/control --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/control 2017-08-09 06:22:22.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/control 2019-04-30 15:29:24.000000000 +0800 @@ -6,8 +6,8 @@ Build-Depends: debhelper (>= 9), dh-golang, golang-any, libseccomp-dev, pkg-config Standards-Version: 3.9.8 Homepage: https://github.com/seccomp/libseccomp-golang -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git -Vcs-Git: https://anonscm.debian.org/git/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git +Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang +Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang.git XS-Go-Import-Path: github.com/seccomp/libseccomp-golang Package: golang-github-seccomp-libseccomp-golang-dev diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml 1970-01-01 08:00:00.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml 2019-04-30 15:29:24.000000000 +0800 [omitted] diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch 1970-01-01 08:00:00.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch 2019-04-30 15:29:24.000000000 +0800 @@ -0,0 +1,123 @@ +commit 06e7a29f36a34b8cf419aeb87b979ee508e58f9e +Author: Matthew Heon <matthew.h...@gmail.com> +Date: Wed Apr 19 16:28:29 2017 -0400 + + golang: Resolve bug with handling of multiple argument rules + + In the upstream library, when added with a single API call, + multiple syscall argument rules should be matched with AND + logic - if all of them match, the rule matches. + + At present, the Golang bindings apply OR logic to this case. + This commit resolves this and reverts to the behavior of the + main library. + + Signed-off-by: Matthew Heon <matthew.h...@gmail.com> + +diff --git a/seccomp_internal.go b/seccomp_internal.go +index c9fd616..369f194 100644 +--- a/seccomp_internal.go ++++ b/seccomp_internal.go +@@ -120,23 +120,27 @@ unsigned int get_micro_version() + + typedef struct scmp_arg_cmp* scmp_cast_t; + +-// Wrapper to create an scmp_arg_cmp struct +-void* +-make_struct_arg_cmp( +- unsigned int arg, +- int compare, +- uint64_t a, +- uint64_t b +- ) ++void* make_arg_cmp_array(unsigned int length) + { +- struct scmp_arg_cmp *s = malloc(sizeof(struct scmp_arg_cmp)); ++ return calloc(length, sizeof(struct scmp_arg_cmp)); ++} + +- s->arg = arg; +- s->op = compare; +- s->datum_a = a; +- s->datum_b = b; ++// Wrapper to add an scmp_arg_cmp struct to an existing arg_cmp array ++void add_struct_arg_cmp( ++ struct scmp_arg_cmp* arr, ++ unsigned int pos, ++ unsigned int arg, ++ int compare, ++ uint64_t a, ++ uint64_t b ++ ) ++{ ++ arr[pos].arg = arg; ++ arr[pos].op = compare; ++ arr[pos].datum_a = a; ++ arr[pos].datum_b = b; + +- return s; ++ return; + } + */ + import "C" +@@ -239,12 +243,9 @@ func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr, value C.uint32_t) error + // DOES NOT LOCK OR CHECK VALIDITY + // Assumes caller has already done this + // Wrapper for seccomp_rule_add_... functions +-func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, cond C.scmp_cast_t) error { +- var length C.uint +- if cond != nil { +- length = 1 +- } else { +- length = 0 ++func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, length C.uint, cond C.scmp_cast_t) error { ++ if length != 0 && cond == nil { ++ return fmt.Errorf("null conditions list, but length is nonzero") + } + + var retCode C.int +@@ -258,6 +259,8 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b + return fmt.Errorf("unrecognized syscall") + } else if syscall.Errno(-1*retCode) == syscall.EPERM { + return fmt.Errorf("requested action matches default action of filter") ++ } else if syscall.Errno(-1*retCode) == syscall.EINVAL { ++ return fmt.Errorf("two checks on same syscall argument") + } else if retCode != 0 { + return syscall.Errno(-1 * retCode) + } +@@ -275,7 +278,7 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b + } + + if len(conds) == 0 { +- if err := f.addRuleWrapper(call, action, exact, nil); err != nil { ++ if err := f.addRuleWrapper(call, action, exact, 0, nil); err != nil { + return err + } + } else { +@@ -287,13 +290,20 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b + } + } + +- for _, cond := range conds { +- cmpStruct := C.make_struct_arg_cmp(C.uint(cond.Argument), cond.Op.toNative(), C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2)) +- defer C.free(cmpStruct) ++ argsArr := C.make_arg_cmp_array(C.uint(len(conds))) ++ if argsArr == nil { ++ return fmt.Errorf("error allocating memory for conditions") ++ } ++ defer C.free(argsArr) ++ ++ for i, cond := range conds { ++ C.add_struct_arg_cmp(C.scmp_cast_t(argsArr), C.uint(i), ++ C.uint(cond.Argument), cond.Op.toNative(), ++ C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2)) ++ } + +- if err := f.addRuleWrapper(call, action, exact, C.scmp_cast_t(cmpStruct)); err != nil { +- return err +- } ++ if err := f.addRuleWrapper(call, action, exact, C.uint(len(conds)), C.scmp_cast_t(argsArr)); err != nil { ++ return err + } + } + diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series 2017-08-09 06:22:22.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series 2019-04-30 15:29:24.000000000 +0800 @@ -1 +1,2 @@ 0001-Fix-unit-test-failures-on-32-bit-systems.patch +06e7a2-fix-multi-args.patch
signature.asc
Description: PGP signature
