Your message dated Thu, 6 Jun 2019 14:03:06 +0200
with message-id <9e0ff1f8-7bbf-2730-fb36-15f60ef78...@debian.org>
and subject line Re: unblock: golang-github-seccomp-libseccomp-golang/0.9.0-2
has caused the Debian Bug report #929591,
regarding unblock: golang-github-seccomp-libseccomp-golang/0.9.0-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
929591: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929591
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-CC: Michael Vogt <m...@debian.org>
Please unblock package golang-github-seccomp-libseccomp-golang
unblock golang-github-seccomp-libseccomp-golang/0.9.0-2
When I look the diff of unstable and testing of Go packages, I think
this could not be reverted. The changes are small and only contain bug
fix.
diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog
golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog
--- golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog
2017-08-09 06:22:22.000000000 +0800
+++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog
2019-04-30 15:29:24.000000000 +0800
@@ -1,3 +1,15 @@
+golang-github-seccomp-libseccomp-golang (0.9.0-2) unstable; urgency=medium
+
+ [ Alexandre Viau ]
+ * Point Vcs-* urls to salsa.debian.org.
+
+ [ Michael Vogt ]
+ * debian/patches/06e7a2-fix-multi-args.patch:
+ - Cherry pick 06e7a29 to fix incorrect argument filtering when
+ using multiple arguments
+
+ -- Michael Vogt <m...@debian.org> Tue, 30 Apr 2019 09:29:24 +0200
+
golang-github-seccomp-libseccomp-golang (0.9.0-1) unstable; urgency=medium
[ Team upload ]
diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/control
golang-github-seccomp-libseccomp-golang-0.9.0/debian/control
--- golang-github-seccomp-libseccomp-golang-0.9.0/debian/control
2017-08-09 06:22:22.000000000 +0800
+++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/control
2019-04-30 15:29:24.000000000 +0800
@@ -6,8 +6,8 @@
Build-Depends: debhelper (>= 9), dh-golang, golang-any, libseccomp-dev,
pkg-config
Standards-Version: 3.9.8
Homepage: https://github.com/seccomp/libseccomp-golang
-Vcs-Browser:
https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git
-Vcs-Git:
https://anonscm.debian.org/git/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git
+Vcs-Browser:
https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang
+Vcs-Git:
https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang.git
XS-Go-Import-Path: github.com/seccomp/libseccomp-golang
Package: golang-github-seccomp-libseccomp-golang-dev
diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml
golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml
--- golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml
1970-01-01 08:00:00.000000000 +0800
+++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml
2019-04-30 15:29:24.000000000 +0800
[omitted]
diff -Nru
golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch
golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch
---
golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch
1970-01-01 08:00:00.000000000 +0800
+++
golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch
2019-04-30 15:29:24.000000000 +0800
@@ -0,0 +1,123 @@
+commit 06e7a29f36a34b8cf419aeb87b979ee508e58f9e
+Author: Matthew Heon <matthew.h...@gmail.com>
+Date: Wed Apr 19 16:28:29 2017 -0400
+
+ golang: Resolve bug with handling of multiple argument rules
+
+ In the upstream library, when added with a single API call,
+ multiple syscall argument rules should be matched with AND
+ logic - if all of them match, the rule matches.
+
+ At present, the Golang bindings apply OR logic to this case.
+ This commit resolves this and reverts to the behavior of the
+ main library.
+
+ Signed-off-by: Matthew Heon <matthew.h...@gmail.com>
+
+diff --git a/seccomp_internal.go b/seccomp_internal.go
+index c9fd616..369f194 100644
+--- a/seccomp_internal.go
++++ b/seccomp_internal.go
+@@ -120,23 +120,27 @@ unsigned int get_micro_version()
+
+ typedef struct scmp_arg_cmp* scmp_cast_t;
+
+-// Wrapper to create an scmp_arg_cmp struct
+-void*
+-make_struct_arg_cmp(
+- unsigned int arg,
+- int compare,
+- uint64_t a,
+- uint64_t b
+- )
++void* make_arg_cmp_array(unsigned int length)
+ {
+- struct scmp_arg_cmp *s = malloc(sizeof(struct scmp_arg_cmp));
++ return calloc(length, sizeof(struct scmp_arg_cmp));
++}
+
+- s->arg = arg;
+- s->op = compare;
+- s->datum_a = a;
+- s->datum_b = b;
++// Wrapper to add an scmp_arg_cmp struct to an existing arg_cmp array
++void add_struct_arg_cmp(
++ struct scmp_arg_cmp* arr,
++ unsigned int pos,
++ unsigned int arg,
++ int compare,
++ uint64_t a,
++ uint64_t b
++ )
++{
++ arr[pos].arg = arg;
++ arr[pos].op = compare;
++ arr[pos].datum_a = a;
++ arr[pos].datum_b = b;
+
+- return s;
++ return;
+ }
+ */
+ import "C"
+@@ -239,12 +243,9 @@ func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr,
value C.uint32_t) error
+ // DOES NOT LOCK OR CHECK VALIDITY
+ // Assumes caller has already done this
+ // Wrapper for seccomp_rule_add_... functions
+-func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction,
exact bool, cond C.scmp_cast_t) error {
+- var length C.uint
+- if cond != nil {
+- length = 1
+- } else {
+- length = 0
++func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction,
exact bool, length C.uint, cond C.scmp_cast_t) error {
++ if length != 0 && cond == nil {
++ return fmt.Errorf("null conditions list, but length is nonzero")
+ }
+
+ var retCode C.int
+@@ -258,6 +259,8 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall,
action ScmpAction, exact b
+ return fmt.Errorf("unrecognized syscall")
+ } else if syscall.Errno(-1*retCode) == syscall.EPERM {
+ return fmt.Errorf("requested action matches default action of
filter")
++ } else if syscall.Errno(-1*retCode) == syscall.EINVAL {
++ return fmt.Errorf("two checks on same syscall argument")
+ } else if retCode != 0 {
+ return syscall.Errno(-1 * retCode)
+ }
+@@ -275,7 +278,7 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall,
action ScmpAction, exact b
+ }
+
+ if len(conds) == 0 {
+- if err := f.addRuleWrapper(call, action, exact, nil); err !=
nil {
++ if err := f.addRuleWrapper(call, action, exact, 0, nil); err !=
nil {
+ return err
+ }
+ } else {
+@@ -287,13 +290,20 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall,
action ScmpAction, exact b
+ }
+ }
+
+- for _, cond := range conds {
+- cmpStruct :=
C.make_struct_arg_cmp(C.uint(cond.Argument), cond.Op.toNative(),
C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2))
+- defer C.free(cmpStruct)
++ argsArr := C.make_arg_cmp_array(C.uint(len(conds)))
++ if argsArr == nil {
++ return fmt.Errorf("error allocating memory for
conditions")
++ }
++ defer C.free(argsArr)
++
++ for i, cond := range conds {
++ C.add_struct_arg_cmp(C.scmp_cast_t(argsArr), C.uint(i),
++ C.uint(cond.Argument), cond.Op.toNative(),
++ C.uint64_t(cond.Operand1),
C.uint64_t(cond.Operand2))
++ }
+
+- if err := f.addRuleWrapper(call, action, exact,
C.scmp_cast_t(cmpStruct)); err != nil {
+- return err
+- }
++ if err := f.addRuleWrapper(call, action, exact,
C.uint(len(conds)), C.scmp_cast_t(argsArr)); err != nil {
++ return err
+ }
+ }
+
diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series
golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series
--- golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series
2017-08-09 06:22:22.000000000 +0800
+++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series
2019-04-30 15:29:24.000000000 +0800
@@ -1 +1,2 @@
0001-Fix-unit-test-failures-on-32-bit-systems.patch
+06e7a2-fix-multi-args.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hi,
On 29-05-2019 23:15, Paul Gevers wrote:
> Control: tags -1 moreinfo
>
> On 28-05-2019 21:35, Shengjing Zhu wrote:
>>> I'll binNMU that first, let's see if it doesn't pick up anything else.
>>> Otherwise, you know the drill by now.
>>
>> It(snapd) would,
>>
>> snapd Build-Dpends golang-golang-x-sys.
>>
>> Let's binNMU after the mess is cleaned up.
>
> Ok, please remove the moreinfo tag when that is done.
I have scheduled a binNMU of snapd, so this package can migrate.
Paul
signature.asc
Description: OpenPGP digital signature
--- End Message ---
