import UBI libseccomp-2.5.6-1.el10

.gitignore

@@ -1 +1 @@
-SOURCES/libseccomp-2.5.2.tar.gz
+libseccomp-2.5.6.tar.gz

.libseccomp.metadata

@@ -1 +0,0 @@
-81e6fc7b63baae9ba2b607d920588eb4d5072d6b SOURCES/libseccomp-2.5.2.tar.gz

SOURCES/0101-fix-11-basic-basic_errors-on-old-kernels.patch

@@ -1,92 +0,0 @@
-diff --color -ru a/tests/11-basic-basic_errors.c b/tests/11-basic-basic_errors.c
---- a/tests/11-basic-basic_errors.c	2021-09-01 18:57:34.018676687 +0200
-+++ b/tests/11-basic-basic_errors.c	2021-11-05 15:04:34.647739284 +0100
-@@ -29,9 +29,13 @@
- 	int rc;
- 	scmp_filter_ctx ctx;
- 	uint32_t attr;
-+	unsigned int api;
- 	struct seccomp_notif *req = NULL;
- 	struct seccomp_notif_resp *resp = NULL;
- 
-+	/* get the api level */
-+	api = seccomp_api_get();
-+
- 	/* seccomp_init errors */
- 	ctx = seccomp_init(SCMP_ACT_ALLOW + 1);
- 	if (ctx != NULL)
-@@ -199,39 +203,41 @@
- 	ctx = NULL;
- 
- 	/* seccomp notify errors */
--	ctx = seccomp_init(SCMP_ACT_ALLOW);
--	if (ctx == NULL)
--		return -1;
--	rc = seccomp_notify_alloc(NULL, NULL);
--	if (rc != 0)
--		return -1;
--	rc = seccomp_notify_alloc(&req, NULL);
--	if (rc != 0)
--		return -1;
--	rc = seccomp_notify_alloc(NULL, &resp);
--	if (rc != 0)
--		return -1;
--	seccomp_notify_free(NULL, NULL);
--	seccomp_notify_free(req, resp);
--	req = NULL;
--	resp = NULL;
--	rc = seccomp_notify_receive(-1, NULL);
--	if (rc == 0)
--		return -1;
--	rc = seccomp_notify_respond(-1, NULL);
--	if (rc == 0)
--		return -1;
--	rc = seccomp_notify_id_valid(-1, 0);
--	if (rc == 0)
--		return -1;
--	rc = seccomp_notify_fd(NULL);
--	if (rc == 0)
--		return -1;
--	rc = seccomp_notify_fd(ctx);
--	if (rc == 0)
--		return -1;
--	seccomp_release(ctx);
--	ctx = NULL;
-+	if (api >= 5) {
-+		ctx = seccomp_init(SCMP_ACT_ALLOW);
-+		if (ctx == NULL)
-+			return -1;
-+		rc = seccomp_notify_alloc(NULL, NULL);
-+		if (rc != 0)
-+			return -1;
-+		rc = seccomp_notify_alloc(&req, NULL);
-+		if (rc != 0)
-+			return -1;
-+		rc = seccomp_notify_alloc(NULL, &resp);
-+		if (rc != 0)
-+			return -1;
-+		seccomp_notify_free(NULL, NULL);
-+		seccomp_notify_free(req, resp);
-+		req = NULL;
-+		resp = NULL;
-+		rc = seccomp_notify_receive(-1, NULL);
-+		if (rc == 0)
-+			return -1;
-+		rc = seccomp_notify_respond(-1, NULL);
-+		if (rc == 0)
-+			return -1;
-+		rc = seccomp_notify_id_valid(-1, 0);
-+		if (rc == 0)
-+			return -1;
-+		rc = seccomp_notify_fd(NULL);
-+		if (rc == 0)
-+			return -1;
-+		rc = seccomp_notify_fd(ctx);
-+		if (rc == 0)
-+			return -1;
-+		seccomp_release(ctx);
-+		ctx = NULL;
-+	}
- 
- 	return 0;
- }

fix-murmur-hash-strict-aliasing-violation.patch

@@ -0,0 +1,86 @@
+From b7d0f04e63c460638eeca970ba3bb784733e2e2e Mon Sep 17 00:00:00 2001
+From: Romain Geissler <romain.geissler@amadeus.com>
+Date: Tue, 18 Feb 2025 22:29:05 +0000
+Subject: [PATCH] Fix strict aliasing UB in MurMur hash implementation.
+
+This was spotted when trying to upgrade the libseccomp fedora package to
+version 2.6.0 in fedora rawhide. It comes with gcc 15 and LTO enabled by
+default. When running the test 61-sim-transactions we get plenty of such
+errors in valgrind:
+
+==265507== Use of uninitialised value of size 8
+==265507==    at 0x4096AD: _hsh_add (gen_bpf.c:599)
+==265507==    by 0x40A557: UnknownInlinedFun (gen_bpf.c:2016)
+==265507==    by 0x40A557: gen_bpf_generate (gen_bpf.c:2341)
+==265507==    by 0x400CDE: UnknownInlinedFun (db.c:2685)
+==265507==    by 0x400CDE: UnknownInlinedFun (db.c:2682)
+==265507==    by 0x400CDE: UnknownInlinedFun (api.c:756)
+==265507==    by 0x400CDE: UnknownInlinedFun (util.c:162)
+==265507==    by 0x400CDE: UnknownInlinedFun (util.c:153)
+==265507==    by 0x400CDE: main (61-sim-transactions.c:128)
+==265507==  Uninitialised value was created by a stack allocation
+==265507==    at 0x409590: _hsh_add (gen_bpf.c:573)
+
+Investigating this a bit, it seems that because of LTO the MurMur hash
+implementation is being inlined in _hsh_add. The two buffers data and
+blocks to point at the same underlying data, but via incompatible type,
+which is a strict aliasing violation. Instead, remove the getblock32
+function and inline the copy with memcpy.
+
+This is reproducible on a "fedora:rawhide" container (gcc 15) and using:
+export CFLAGS='-O2 -flto=auto -ffat-lto-objects -g'
+
+Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
+---
+ src/hash.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+diff --git a/src/hash.c b/src/hash.c
+index 4435900f..01ff9399 100644
+--- a/src/hash.c
++++ b/src/hash.c
+@@ -12,15 +12,11 @@
+  */
+ 
+ #include <stdlib.h>
++#include <string.h>
+ #include <inttypes.h>
+ 
+ #include "hash.h"
+ 
+-static inline uint32_t getblock32(const uint32_t *p, int i)
+-{
+-	return p[i];
+-}
+-
+ static inline uint32_t rotl32(uint32_t x, int8_t r)
+ {
+ 	return (x << r) | (x >> (32 - r));
+@@ -41,7 +37,6 @@ static inline uint32_t fmix32(uint32_t h)
+ uint32_t hash(const void *key, size_t length)
+ {
+ 	const uint8_t *data = (const uint8_t *)key;
+-	const uint32_t *blocks;
+ 	const uint8_t *tail;
+ 	const int nblocks = length / 4;
+ 	const uint32_t c1 = 0xcc9e2d51;
+@@ -54,9 +49,8 @@ uint32_t hash(const void *key, size_t length)
+ 	uint32_t h1 = 0;
+ 
+ 	/* body */
+-	blocks = (const uint32_t *)(data + nblocks * 4);
+ 	for(i = -nblocks; i; i++) {
+-		k1 = getblock32(blocks, i);
++		memcpy(&k1, data + (nblocks + i) * sizeof(uint32_t), sizeof(uint32_t));
+ 
+ 		k1 *= c1;
+ 		k1 = rotl32(k1, 15);
+@@ -68,7 +62,7 @@ uint32_t hash(const void *key, size_t length)
+ 	}
+ 
+ 	/* tail */
+-	tail = (const uint8_t *)(data + nblocks * 4);
++	tail = data + nblocks * sizeof(uint32_t);
+ 	switch(length & 3) {
+ 	case 3:
+ 		k2 ^= tail[2] << 16;

libseccomp.spec

@@ -1,29 +1,24 @@
-%bcond_without check
+Name:           libseccomp
+Version:        2.5.6
+Release:        1%{?dist}
+Summary:        Enhanced seccomp library
+License:        LGPL-2.1-only
+URL:            https://github.com/seccomp/libseccomp
+Source0:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.gz
 
-Summary: Enhanced seccomp library
-Name: libseccomp
-Version: 2.5.2
-Release: 1%{?dist}
-ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
-License: LGPLv2
-Group: System Environment/Libraries
-Source: https://github.com/seccomp/libseccomp/releases/download/v%{version}/%{name}-%{version}.tar.gz
-URL: https://github.com/seccomp/libseccomp
+# Backports from upstream
 
-## From: https://github.com/seccomp/libseccomp/commit/5532444587fa5f33a43179ca5cc710f1bb05f51f
-Patch0101:     0101-fix-11-basic-basic_errors-on-old-kernels.patch
+# From https://github.com/seccomp/libseccomp/pull/459
+Patch0101:      fix-murmur-hash-strict-aliasing-violation.patch
 
-Buildrequires: gperf
-%ifarch %{valgrind_arches}
+BuildRequires:  gcc
+BuildRequires:  gperf
+BuildRequires:  make
+
+%ifnarch riscv64 s390
 # Versions prior to 3.13.0-4 do not work on ARM with newer glibc 2.25.0-6
 # See https://bugzilla.redhat.com/show_bug.cgi?id=1466017
-BuildRequires: valgrind >= 1:3.13.0-4
-%endif
-# Upstream tests are not suited to some architectures
-%ifarch s390 || s390x || ppc64le
-%global good_arch 0
-%else
-%global good_arch 1
+BuildRequires:  valgrind >= 1:3.13.0-4
 %endif
 
 %description
@@ -34,9 +29,8 @@ application is allowed to execute, all of which are enforced by the Linux
 Kernel.
 
 %package devel
-Summary: Development files used to build applications with libseccomp support
-Group: Development/Libraries
-Requires: %{name}%{?_isa} = %{version}-%{release} pkgconfig
+Summary:        Development files used to build applications with libseccomp support
+Requires:       %{name}%{?_isa} = %{version}-%{release}
 
 %description devel
 The libseccomp library provides an easy to use interface to the Linux Kernel's
@@ -46,9 +40,8 @@ application is allowed to execute, all of which are enforced by the Linux
 Kernel.
 
 %package static
-Summary: Enhanced seccomp static library
-Group: Development/Libraries
-Requires: %{name}-devel%{?_isa} = %{version}-%{release} pkgconfig
+Summary:        Enhanced seccomp static library
+Requires:       %{name}-devel%{?_isa} = %{version}-%{release}
 
 %description static
 The libseccomp library provides an easy to use interface to the Linux Kernel's
@@ -58,37 +51,28 @@ application is allowed to execute, all of which are enforced by the Linux
 Kernel.
 
 %prep
-%setup -q
-
-%patch0101 -p1
+%autosetup -p1
 
 %build
 %configure
-make V=1 %{?_smp_mflags}
+%make_build
 
 %install
-rm -rf "%{buildroot}"
-mkdir -p "%{buildroot}/%{_libdir}"
-mkdir -p "%{buildroot}/%{_includedir}"
-mkdir -p "%{buildroot}/%{_mandir}"
-make V=1 DESTDIR="%{buildroot}" install
-rm -f "%{buildroot}/%{_libdir}/libseccomp.la"
+mkdir -p %{buildroot}/%{_libdir}
+mkdir -p %{buildroot}/%{_includedir}
+mkdir -p %{buildroot}/%{_mandir}
+
+%make_install
+
+rm -f %{buildroot}/%{_libdir}/libseccomp.la
 
-%if %{with check} && %{good_arch}
 %check
-make V=1 check
-%endif
+%make_build check
 
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
 
 %files
-%{!?_licensedir:%global license %%doc}
 %license LICENSE
-%doc CREDITS
-%doc README.md
-%doc CHANGELOG
+%doc CREDITS README.md CHANGELOG CONTRIBUTING.md
 %{_libdir}/libseccomp.so.*
 
 %files devel
@@ -104,27 +88,91 @@ make V=1 check
 %{_libdir}/libseccomp.a
 
 %changelog
-* Fri Nov 05 2021 Zoltan Fridrich <zfridric@redhat.com> - 2.5.2-1
-- rebase to 2.5.2
-  resolves: rhbz#2019893
+* Tue Feb 18 2025 Romain Geissler <romain.geissler@amadeus.com> - 2.5.6-1
+- Upgrade to version 2.5.6.
+  Resolves: RHEL-80090
 
-* Thu Feb 18 2021 Radovan Sroka <rsroka@redhat.com> - 2.5.1-1
-- rebase to 2.5.1
-  resolves: rhbz#1927635
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.5.3-10
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
 
-* Tue Apr 21 2020 Jiri Vymazal <jvymazal@redhat.com> - 2.4.3-1
-- rebase to upstream version 2.4.3 
-  resolves: rhbz#1770693
-  resolves: rhbz#1768583
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.5.3-9
+- Bump release for June 2024 mass rebuild
 
-* Fri May 31 2019 Marek Tamaskovic <mtamasko@redhat.com> - 2.4.1-1
-- rebase to 2.4.1
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-* Fri May 10 2019 Daniel Kopecek <dkopecek@redhat.com> - 2.3.3-4
-- spec: make the check phase conditional
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-* Fri Aug  3 2018 Florian Weimer <fweimer@redhat.com> - 2.3.3-3
-- Honor %%{valgrind_arches}
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jun 01 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.5.3-5
+- SPDX migration
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sat Nov 06 2021 Neal Gompa <ngompa@fedoraproject.org> - 2.5.3-1
+- New upstream version (#2020824)
+
+* Wed Nov 03 2021 Debarshi Ray <rishi@fedoraproject.org> - 2.5.2-1
+- New upstream version (#1900097)
+
+* Wed Nov 03 2021 Debarshi Ray <rishi@fedoraproject.org> - 2.5.1-1
+- New upstream version (#1900097)
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Aug 05 2020 Neal Gompa <ngompa13@gmail.com> - 2.5.0-3
+- Apply fixes to change internal handling of the notification fd (#1865802)
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jul 24 2020 Neal Gompa <ngompa13@gmail.com> - 2.5.0-1
+- New upstream version (#1858965)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Dec 16 2019 Neal Gompa <ngompa13@gmail.com> - 2.4.2-2
+- Modernize spec
+- Backport fix for missing __SNR_ppoll symbol (#1777889)
+- Refresh patch to build on aarch64 with upstream version
+
+* Wed Nov 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.4.2-1
+- New upstream version (#1765314)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.1-1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Apr 17 2019 Paul Moore <paul@paul-moore.com> - 2.4.1-0
+- New upstream version
+
+* Thu Mar 14 2019 Paul Moore <paul@paul-moore.com> - 2.4.0-0
+- New upstream version
+- Added a hack to workaround test failures (see %%check above)
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Nov 07 2018 Paul Moore <paul@paul-moore.com> - 2.3.3-4
+- Remove ldconfig scriptlet, thanks to James Antill (RHBZ #1644074)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@@ -228,4 +276,3 @@ make V=1 check
 
 * Tue Jun 12 2012 Paul Moore <pmoore@redhat.com> - 0.1.0-0
 - Initial version
-

sources

@@ -0,0 +1 @@
+SHA512 (libseccomp-2.5.6.tar.gz) = c35d8d6f80ee38a96688955932c6bf369101409a470ecf0dc550013b19f57311be907a600adc4d2f4699fb8e94e8038333b4f5702edc3c26b14c36fb6e1c42fd