forked from seccomp/libseccomp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
138 lines (121 loc) · 6.14 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
libseccomp: Releases
===============================================================================
https://github.com/seccomp/libseccomp
* Version 2.4.2 - November 7, 2019
- Update the syscall table for Linux v5.4-rc4
- Stop defining __NR_x values for syscalls that don't exist. Libseccomp
now uses __SNR_x internally
- Update the Cython language level to "3str"
- Add support for io-uring related system calls
- Clarify the maintainer documentation and release process
- Fix python module name issue introduced in the v2.4.0 release. The module
is now named "seccomp" as it was previously
- Deliver the SECURITY.md file in releases
* Version 2.4.1 - April 17, 2019
- Fix a BPF generation bug where the optimizer mistakenly identified duplicate
BPF code blocks
* Version 2.4.0 - March 14, 2019
- Update the syscall table for Linux v5.0-rc5
- Added support for the SCMP_ACT_KILL_PROCESS action
- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument
comparison macros to help protect against unexpected sign extension
- Added support for the parisc and parisc64 architectures
- Added the ability to query and set the libseccomp API level via
seccomp_api_get(3) and seccomp_api_set(3)
- Return -EDOM on an endian mismatch when adding an architecture to a filter
- Renumber the pseudo syscall number for subpage_prot() so it no longer
conflicts with spu_run()
- Fix PFC generation when a syscall is prioritized, but no rule exists
- Numerous fixes to the seccomp-bpf filter generation code
- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
- Numerous tests added to the included test suite, coverage now at ~92%
- Update our Travis CI configuration to use Ubuntu 16.04
- Numerous documentation fixes and updates
* Version 2.3.3 - January 10, 2018
- Updated the syscall table for Linux v4.15-rc7
* Version 2.3.2 - February 27, 2017
- Achieved full compliance with the CII Best Practices program
- Added Travis CI builds to the GitHub repository
- Added code coverage reporting with the "--enable-code-coverage" configure
flag and added Coveralls to the GitHub repository
- Updated the syscall tables to match Linux v4.10-rc6+
- Support for building with Python v3.x
- Allow rules with the -1 syscall if the SCMP_FLTATR_API_TSKIP attribute is
set to true
- Several small documentation fixes
* Version 2.3.1 - April 20, 2016
- Fixed a problem with 32-bit x86 socket syscalls on some systems
- Fixed problems with ipc syscalls on 32-bit x86
- Fixed problems with socket and ipc syscalls on s390 and s390x
* Version 2.3.0 - February 29, 2016
- Added support for the s390 and s390x architectures
- Added support for the ppc, ppc64, and ppc64le architectures
- Update the internal syscall tables to match the Linux 4.5-rcX releases
- Filter generation for both multiplexed and direct socket syscalls on x86
- Support for the musl libc implementation
- Additions to the API to enable runtime version checking of the library
- Enable the use of seccomp() instead of prctl() on supported systems
- Added additional tests to the regression test suite
* Version 2.2.3 - July 8, 2015
- Fix a problem with 'make check' on 32-bit ARM systems
* Version 2.2.2 - July 6, 2015
- Fix a problem with the masked equality operator
- Fix a problem on x86_64/x32 involving invalid architectures
- Fix a problem with the ARM specific syscalls
- Fix a build problem when the source and build directories differ
* Version 2.2.1 - May 13, 2015
- Fix a problem with syscall argument filtering on 64-bit systems
- Fix some problems with the 32-bit ARM syscall table
- Fix build problems on very old systems
- Update the README file with the GitHub and Google Groups information
* Version 2.2.0 - February 12, 2015
- Migrated the build system to autotools
- Added support for the aarch64 architecture
- Added support for the mips, mips64, and mips64n32 architectures for both big
and little endian systems
- Added support for using the new seccomp() syscall and the thread sync
functionality
- Added Python bindings
- Updated the internal syscall tables to Linux v3.19
- Added documentation to help contributors wishing to submit patches
- Migrated to GitHub for git hosting and Google Groups for the mailing list
- Numerous minor bug fixes
* Version 2.1.1 - October 31, 2013
- Build system improvements
- Automated test improvements, including a "check" target for use by
packagers to verify the build
- Numerous bug fixes related to the filter's internal rule database which
affect those creating rules with syscall arguments
- Introduced tools to verify the style/formatting of the code, including a
"check-syntax" target for use by developers
- Non-public symbols are now hidden in the library
* Version 2.1.0 - June 11, 2013
- Add support for the x32 and ARM architectures
- Improvements to the regression tests, including support for live tests
- More verbose PFC output, including translation of syscall numbers to names
- Several assorted bugfixes affecting the seccomp BPF generation
- The syscall number/name resolver tool is now available to install
* Version 2.0.0 - January 28, 2013
- Fixes for the x86 multiplexed syscalls
- Additions to the API to better support non-native architectures
- Additions to the API to support multiple architectures in one filter
- Additions to the API to resolve syscall name/number mappings
- Assorted minor bug fixes
- Improved build messages regardless of build verbosity
- More automated tests added as well as a number of improvements to the test
harness
* Version 1.0.1 - November 12, 2012
- The header file is now easier to use with C++ compilers
- Minor documentation fixes
- Minor memory leak fixes
- Corrected x86 filter generation on x86_64 systems
- Corrected problems with small filters and filters with arguments
* Version 1.0.0 - July 31, 2012
- Change the API to be context-aware; eliminates all internal state but breaks
compatibility with the previous 0.1.0 release
- Added support for multiple build jobs ("make -j8") and verbose builds using
the "V=1" build variable ("make V=1")
- Minor tweaks to the regression test script output
* Version 0.1.0 - June 8, 2012
- Initial release