Your message dated Thu, 6 Jun 2019 14:03:06 +0200 with message-id <9e0ff1f8-7bbf-2730-fb36-15f60ef784d6@debian.org> and subject line Re: unblock: golang-github-seccomp-libseccomp-golang/0.9.0-2 has caused the Debian Bug report #929591, regarding unblock: golang-github-seccomp-libseccomp-golang/0.9.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 929591: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929591 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: golang-github-seccomp-libseccomp-golang/0.9.0-2
- From: Shengjing Zhu <zhsj@debian.org>
- Date: Mon, 27 May 2019 02:24:07 +0800
- Message-id: <20190526182407.GA14607@debian>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-CC: Michael Vogt <mvo@debian.org> Please unblock package golang-github-seccomp-libseccomp-golang unblock golang-github-seccomp-libseccomp-golang/0.9.0-2 When I look the diff of unstable and testing of Go packages, I think this could not be reverted. The changes are small and only contain bug fix. diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog 2017-08-09 06:22:22.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/changelog 2019-04-30 15:29:24.000000000 +0800 @@ -1,3 +1,15 @@ +golang-github-seccomp-libseccomp-golang (0.9.0-2) unstable; urgency=medium + + [ Alexandre Viau ] + * Point Vcs-* urls to salsa.debian.org. + + [ Michael Vogt ] + * debian/patches/06e7a2-fix-multi-args.patch: + - Cherry pick 06e7a29 to fix incorrect argument filtering when + using multiple arguments + + -- Michael Vogt <mvo@debian.org> Tue, 30 Apr 2019 09:29:24 +0200 + golang-github-seccomp-libseccomp-golang (0.9.0-1) unstable; urgency=medium [ Team upload ] diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/control golang-github-seccomp-libseccomp-golang-0.9.0/debian/control --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/control 2017-08-09 06:22:22.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/control 2019-04-30 15:29:24.000000000 +0800 @@ -6,8 +6,8 @@ Build-Depends: debhelper (>= 9), dh-golang, golang-any, libseccomp-dev, pkg-config Standards-Version: 3.9.8 Homepage: https://github.com/seccomp/libseccomp-golang -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git -Vcs-Git: https://anonscm.debian.org/git/pkg-go/packages/golang-github-seccomp-libseccomp-golang.git +Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang +Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang.git XS-Go-Import-Path: github.com/seccomp/libseccomp-golang Package: golang-github-seccomp-libseccomp-golang-dev diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml 1970-01-01 08:00:00.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/gitlab-ci.yml 2019-04-30 15:29:24.000000000 +0800 [omitted] diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch 1970-01-01 08:00:00.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/06e7a2-fix-multi-args.patch 2019-04-30 15:29:24.000000000 +0800 @@ -0,0 +1,123 @@ +commit 06e7a29f36a34b8cf419aeb87b979ee508e58f9e +Author: Matthew Heon <matthew.heon@gmail.com> +Date: Wed Apr 19 16:28:29 2017 -0400 + + golang: Resolve bug with handling of multiple argument rules + + In the upstream library, when added with a single API call, + multiple syscall argument rules should be matched with AND + logic - if all of them match, the rule matches. + + At present, the Golang bindings apply OR logic to this case. + This commit resolves this and reverts to the behavior of the + main library. + + Signed-off-by: Matthew Heon <matthew.heon@gmail.com> + +diff --git a/seccomp_internal.go b/seccomp_internal.go +index c9fd616..369f194 100644 +--- a/seccomp_internal.go ++++ b/seccomp_internal.go +@@ -120,23 +120,27 @@ unsigned int get_micro_version() + + typedef struct scmp_arg_cmp* scmp_cast_t; + +-// Wrapper to create an scmp_arg_cmp struct +-void* +-make_struct_arg_cmp( +- unsigned int arg, +- int compare, +- uint64_t a, +- uint64_t b +- ) ++void* make_arg_cmp_array(unsigned int length) + { +- struct scmp_arg_cmp *s = malloc(sizeof(struct scmp_arg_cmp)); ++ return calloc(length, sizeof(struct scmp_arg_cmp)); ++} + +- s->arg = arg; +- s->op = compare; +- s->datum_a = a; +- s->datum_b = b; ++// Wrapper to add an scmp_arg_cmp struct to an existing arg_cmp array ++void add_struct_arg_cmp( ++ struct scmp_arg_cmp* arr, ++ unsigned int pos, ++ unsigned int arg, ++ int compare, ++ uint64_t a, ++ uint64_t b ++ ) ++{ ++ arr[pos].arg = arg; ++ arr[pos].op = compare; ++ arr[pos].datum_a = a; ++ arr[pos].datum_b = b; + +- return s; ++ return; + } + */ + import "C" +@@ -239,12 +243,9 @@ func (f *ScmpFilter) setFilterAttr(attr scmpFilterAttr, value C.uint32_t) error + // DOES NOT LOCK OR CHECK VALIDITY + // Assumes caller has already done this + // Wrapper for seccomp_rule_add_... functions +-func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, cond C.scmp_cast_t) error { +- var length C.uint +- if cond != nil { +- length = 1 +- } else { +- length = 0 ++func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact bool, length C.uint, cond C.scmp_cast_t) error { ++ if length != 0 && cond == nil { ++ return fmt.Errorf("null conditions list, but length is nonzero") + } + + var retCode C.int +@@ -258,6 +259,8 @@ func (f *ScmpFilter) addRuleWrapper(call ScmpSyscall, action ScmpAction, exact b + return fmt.Errorf("unrecognized syscall") + } else if syscall.Errno(-1*retCode) == syscall.EPERM { + return fmt.Errorf("requested action matches default action of filter") ++ } else if syscall.Errno(-1*retCode) == syscall.EINVAL { ++ return fmt.Errorf("two checks on same syscall argument") + } else if retCode != 0 { + return syscall.Errno(-1 * retCode) + } +@@ -275,7 +278,7 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b + } + + if len(conds) == 0 { +- if err := f.addRuleWrapper(call, action, exact, nil); err != nil { ++ if err := f.addRuleWrapper(call, action, exact, 0, nil); err != nil { + return err + } + } else { +@@ -287,13 +290,20 @@ func (f *ScmpFilter) addRuleGeneric(call ScmpSyscall, action ScmpAction, exact b + } + } + +- for _, cond := range conds { +- cmpStruct := C.make_struct_arg_cmp(C.uint(cond.Argument), cond.Op.toNative(), C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2)) +- defer C.free(cmpStruct) ++ argsArr := C.make_arg_cmp_array(C.uint(len(conds))) ++ if argsArr == nil { ++ return fmt.Errorf("error allocating memory for conditions") ++ } ++ defer C.free(argsArr) ++ ++ for i, cond := range conds { ++ C.add_struct_arg_cmp(C.scmp_cast_t(argsArr), C.uint(i), ++ C.uint(cond.Argument), cond.Op.toNative(), ++ C.uint64_t(cond.Operand1), C.uint64_t(cond.Operand2)) ++ } + +- if err := f.addRuleWrapper(call, action, exact, C.scmp_cast_t(cmpStruct)); err != nil { +- return err +- } ++ if err := f.addRuleWrapper(call, action, exact, C.uint(len(conds)), C.scmp_cast_t(argsArr)); err != nil { ++ return err + } + } + diff -Nru golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series --- golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series 2017-08-09 06:22:22.000000000 +0800 +++ golang-github-seccomp-libseccomp-golang-0.9.0/debian/patches/series 2019-04-30 15:29:24.000000000 +0800 @@ -1 +1,2 @@ 0001-Fix-unit-test-failures-on-32-bit-systems.patch +06e7a2-fix-multi-args.patchAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Shengjing Zhu <zhsj@debian.org>, 929591-done@bugs.debian.org
- Subject: Re: unblock: golang-github-seccomp-libseccomp-golang/0.9.0-2
- From: Paul Gevers <elbrus@debian.org>
- Date: Thu, 6 Jun 2019 14:03:06 +0200
- Message-id: <9e0ff1f8-7bbf-2730-fb36-15f60ef784d6@debian.org>
- In-reply-to: <50495a41-bc39-abbc-8a6a-f7e241545c70@debian.org>
- References: <20190526182407.GA14607@debian> <738290a8-4a1c-7caa-4b59-50d2054041d4@debian.org> <2fa9a3d6-26e9-fe8b-d892-77175098a9b0@debian.org> <20190526182407.GA14607@debian> <CAFyCLW8FCjurt2SXBOY1Zd2ynrYsafP=bGC1euQOntbcKvkO2g@mail.gmail.com> <50495a41-bc39-abbc-8a6a-f7e241545c70@debian.org>
Hi, On 29-05-2019 23:15, Paul Gevers wrote: > Control: tags -1 moreinfo > > On 28-05-2019 21:35, Shengjing Zhu wrote: >>> I'll binNMU that first, let's see if it doesn't pick up anything else. >>> Otherwise, you know the drill by now. >> >> It(snapd) would, >> >> snapd Build-Dpends golang-golang-x-sys. >> >> Let's binNMU after the mess is cleaned up. > > Ok, please remove the moreinfo tag when that is done. I have scheduled a binNMU of snapd, so this package can migrate. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---