upgrade version to 2.5.4

backport-bpf-pfc-Add-handling-for-0-syscalls-in-the-binary-tr.patch

@@ -1,49 +0,0 @@
-From 2de3b87122c18b58b3e2b32ab2e81ac43774a7aa Mon Sep 17 00:00:00 2001
-From: Tom Hromatka <tom.hromatka@oracle.com>
-Date: Wed, 16 Mar 2022 11:19:14 -0600
-Subject: [PATCH] bpf: pfc: Add handling for 0 syscalls in the binary tree
-
-Handle the unlikely case where a user has chosen the
-binary tree optimization but has zero syscalls in their
-filter.
-
-Fixes: https://github.com/seccomp/libseccomp/issues/370
-Fixes: a3732b32b8e67 ("bpf:pfc: Add optimization option to use a binary tree")
-Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
-Acked-by: Paul Moore <paul@paul-moore.com>
----
- src/gen_bpf.c | 3 +++
- src/gen_pfc.c | 3 +++
- 2 files changed, 6 insertions(+)
-
-diff --git a/src/gen_bpf.c b/src/gen_bpf.c
-index c878f44..7131761 100644
---- a/src/gen_bpf.c
-+++ b/src/gen_bpf.c
-@@ -1348,6 +1348,9 @@ static int _get_bintree_levels(unsigned int syscall_cnt)
- {
- 	unsigned int i = 2, max_level = SYSCALLS_PER_NODE * 2;
- 
-+	if (syscall_cnt == 0)
-+		return 0;
-+
- 	while (max_level < syscall_cnt) {
- 		max_level <<= 1;
- 		i++;
-diff --git a/src/gen_pfc.c b/src/gen_pfc.c
-index c7fb536..4916055 100644
---- a/src/gen_pfc.c
-+++ b/src/gen_pfc.c
-@@ -275,6 +275,9 @@ static int _get_bintree_levels(unsigned int syscall_cnt,
- 		/* Only use a binary tree if requested */
- 		return 0;
- 
-+	if (syscall_cnt == 0)
-+		return 0;
-+
- 	do {
- 		max_level = SYSCALLS_PER_NODE << i;
- 		i++;
--- 
-2.27.0
-

backport-tests-Add-a-binary-tree-test-with-zero-syscalls.patch

@@ -1,187 +0,0 @@
-From 5731dd9f73df9025b2c8924e2f4ce78a7d94af00 Mon Sep 17 00:00:00 2001
-From: Tom Hromatka <tom.hromatka@oracle.com>
-Date: Wed, 16 Mar 2022 11:24:40 -0600
-Subject: [PATCH] tests: Add a binary tree test with zero syscalls
-
-Add a test that exercises the binary tree optimization but
-the seccomp filter has zero syscalls in it.
-
-Related-bug: https://github.com/seccomp/libseccomp/issues/370
-Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
-Acked-by: Paul Moore <paul@paul-moore.com>
----
- tests/59-basic-empty_binary_tree.c     | 54 ++++++++++++++++++++++++++
- tests/59-basic-empty_binary_tree.py    | 41 +++++++++++++++++++
- tests/59-basic-empty_binary_tree.tests | 16 ++++++++
- tests/Makefile.am                      |  9 +++--
- 4 files changed, 117 insertions(+), 3 deletions(-)
- create mode 100644 tests/59-basic-empty_binary_tree.c
- create mode 100755 tests/59-basic-empty_binary_tree.py
- create mode 100644 tests/59-basic-empty_binary_tree.tests
-
-diff --git a/tests/59-basic-empty_binary_tree.c b/tests/59-basic-empty_binary_tree.c
-new file mode 100644
-index 0000000..6b6485e
---- /dev/null
-+++ b/tests/59-basic-empty_binary_tree.c
-@@ -0,0 +1,54 @@
-+/**
-+ * Seccomp Library test program
-+ *
-+ * Copyright (c) 2018-2020 Oracle and/or its affiliates.
-+ * Author: Tom Hromatka <tom.hromatka@oracle.com>
-+ */
-+
-+/*
-+ * This library is free software; you can redistribute it and/or modify it
-+ * under the terms of version 2.1 of the GNU Lesser General Public License as
-+ * published by the Free Software Foundation.
-+ *
-+ * This library is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+ * for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public License
-+ * along with this library; if not, see <http://www.gnu.org/licenses>.
-+ */
-+
-+#include <errno.h>
-+#include <unistd.h>
-+
-+#include <seccomp.h>
-+
-+#include "util.h"
-+
-+int main(int argc, char *argv[])
-+{
-+	int rc;
-+	struct util_options opts;
-+	scmp_filter_ctx ctx = NULL;
-+
-+	rc = util_getopt(argc, argv, &opts);
-+	if (rc < 0)
-+		goto out;
-+
-+	ctx = seccomp_init(SCMP_ACT_ALLOW);
-+	if (ctx == NULL)
-+		return ENOMEM;
-+
-+	rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_OPTIMIZE, 2);
-+	if (rc < 0)
-+		goto out;
-+
-+	rc = util_filter_output(&opts, ctx);
-+	if (rc)
-+		goto out;
-+
-+out:
-+	seccomp_release(ctx);
-+	return (rc < 0 ? -rc : rc);
-+}
-diff --git a/tests/59-basic-empty_binary_tree.py b/tests/59-basic-empty_binary_tree.py
-new file mode 100755
-index 0000000..5acbbd4
---- /dev/null
-+++ b/tests/59-basic-empty_binary_tree.py
-@@ -0,0 +1,41 @@
-+#!/usr/bin/env python
-+
-+#
-+# Seccomp Library test program
-+#
-+# Copyright (c) 2022 Oracle and/or its affiliates.
-+# Author: Tom Hromatka <tom.hromatka@oracle.com>
-+#
-+
-+#
-+# This library is free software; you can redistribute it and/or modify it
-+# under the terms of version 2.1 of the GNU Lesser General Public License as
-+# published by the Free Software Foundation.
-+#
-+# This library is distributed in the hope that it will be useful, but WITHOUT
-+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License
-+# for more details.
-+#
-+# You should have received a copy of the GNU Lesser General Public License
-+# along with this library; if not, see <http://www.gnu.org/licenses>.
-+#
-+
-+import argparse
-+import sys
-+
-+import util
-+
-+from seccomp import *
-+
-+def test(args):
-+    f = SyscallFilter(ALLOW)
-+    f.set_attr(Attr.CTL_OPTIMIZE, 2)
-+    return f
-+
-+args = util.get_opt()
-+ctx = test(args)
-+util.filter_output(args, ctx)
-+
-+# kate: syntax python;
-+# kate: indent-mode python; space-indent on; indent-width 4; mixedindent off;
-diff --git a/tests/59-basic-empty_binary_tree.tests b/tests/59-basic-empty_binary_tree.tests
-new file mode 100644
-index 0000000..ff6dbc3
---- /dev/null
-+++ b/tests/59-basic-empty_binary_tree.tests
-@@ -0,0 +1,16 @@
-+#
-+# libseccomp regression test automation data
-+#
-+# Copyright (c) 2022 Oracle and/or its affiliates.
-+# Author: Tom Hromatka <tom.hromatka@oracle.com>
-+#
-+
-+test type: bpf-sim
-+
-+# Testname	Arch		Syscall	Arg0	Arg1	Arg2	Arg3	Arg4	Arg5	Result
-+59-basic-empty_binary_tree	all,-x32	0-350	N	N	N	N	N	N	ALLOW
-+
-+test type: bpf-valgrind
-+
-+# Testname
-+59-basic-empty_binary_tree
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index b39ee06..f0a1f8e 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -93,7 +93,8 @@ check_PROGRAMS = \
- 	55-basic-pfc_binary_tree \
- 	56-basic-iterate_syscalls \
- 	57-basic-rawsysrc \
--	58-live-tsync_notify
-+	58-live-tsync_notify \
-+	59-basic-empty_binary_tree
- 
- EXTRA_DIST_TESTPYTHON = \
- 	util.py \
-@@ -152,7 +153,8 @@ EXTRA_DIST_TESTPYTHON = \
- 	54-live-binary_tree.py \
- 	56-basic-iterate_syscalls.py \
- 	57-basic-rawsysrc.py \
--	58-live-tsync_notify.py
-+	58-live-tsync_notify.py \
-+	59-basic-empty_binary_tree.py
- 
- EXTRA_DIST_TESTCFGS = \
- 	01-sim-allow.tests \
-@@ -212,7 +214,8 @@ EXTRA_DIST_TESTCFGS = \
- 	55-basic-pfc_binary_tree.tests \
- 	56-basic-iterate_syscalls.tests \
- 	57-basic-rawsysrc.tests \
--	58-live-tsync_notify.tests
-+	58-live-tsync_notify.tests \
-+	59-basic-empty_binary_tree.tests
- 
- EXTRA_DIST_TESTSCRIPTS = \
- 	38-basic-pfc_coverage.sh 38-basic-pfc_coverage.pfc \
--- 
-2.27.0
-

libseccomp.spec

@@ -1,13 +1,11 @@
 Name:		libseccomp
-Version:	2.5.3
-Release:        3
+Version:	2.5.4
+Release:        1
 Summary:	Interface to the syscall filtering mechanism
 License:	LGPLv2
 URL:		https://github.com/seccomp/libseccomp
 Source0:	https://github.com/seccomp/libseccomp/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
-Patch0:         backport-bpf-pfc-Add-handling-for-0-syscalls-in-the-binary-tr.patch
-Patch1:         backport-tests-Add-a-binary-tree-test-with-zero-syscalls.patch
 Patch2:         backport-arch-disambiguate-in-arch-syscall-validate.patch
 
 BuildRequires:	gcc gperf autoconf automake
@@ -72,6 +70,9 @@ make check
 %{_mandir}/man*/*
 
 %changelog
+* Sat Jan 28 2023 shixuantong <shixuantong1@huawei.com> - 2.5.4-1
+- upgrade version to 2.5.4
+
 * Mon Nov 14 2022 shixuantong <shixuantong1@huawei.com> - 2.5.3-3
 - arch: disambiguate in arch-syscall-validate