Debian Bug report logs -
#844496
seccomp "Invalid argument" due to old library version
Reported by: Stefan Bühler <stbuehler@lighttpd.net>
Date: Wed, 16 Nov 2016 10:03:02 UTC
Severity: normal
Tags: patch
Found in version 2.3.1-2
Fixed in version libseccomp/2.3.1-2.1
Done: Martin Pitt <mpitt@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Kees Cook <kees@debian.org>:
Bug#844496; Package libseccomp.
(Wed, 16 Nov 2016 10:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Bühler <stbuehler@lighttpd.net>:
New Bug report received and forwarded. Copy sent to Kees Cook <kees@debian.org>.
(Wed, 16 Nov 2016 10:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libseccomp
Version: 2.3.1-2
Hi,
pdns.service (from pdns-server in testing) didn't start anymore with
this message:
pdns.service: Failed at step SECCOMP spawning /usr/sbin/pdns_server: Invalid argument
Updating libseccomp2 from 2.1.1-1 (stable) to 2.3.1-2 (testing) fixed
it.
systemd 232-3 has a build dependency `libseccomp-dev (>= 2.2.3-3~)`, but
the resulting package only depends on `libseccomp2 (>= 2.1.0)`.
I guess systemd uses a feature from newer libseccomp versions which
wasn't tracked by the symbols file. Maybe you should consider upgrading
the minimum versions in the symbols file. (Probably broken in backports
too.)
regards,
Stefan
Information forwarded
to debian-bugs-dist@lists.debian.org, Kees Cook <kees@debian.org>:
Bug#844496; Package libseccomp.
(Wed, 16 Nov 2016 11:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Laurent Bigonville <bigon@debian.org>:
Extra info received and forwarded to list. Copy sent to Kees Cook <kees@debian.org>.
(Wed, 16 Nov 2016 11:48:03 GMT) (full text, mbox, link).
Message #10 received at 844496@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tag 844496 + patch
thanks
On Wed, 16 Nov 2016 11:02:08 +0100 =?UTF-8?Q?Stefan_B=c3=bchler?=
<stbuehler@lighttpd.net> wrote:
> Hi,
>
> pdns.service (from pdns-server in testing) didn't start anymore with
> this message:
>
> pdns.service: Failed at step SECCOMP spawning /usr/sbin/pdns_server:
Invalid argument
>
> Updating libseccomp2 from 2.1.1-1 (stable) to 2.3.1-2 (testing) fixed
> it.
>
> systemd 232-3 has a build dependency `libseccomp-dev (>= 2.2.3-3~)`, but
> the resulting package only depends on `libseccomp2 (>= 2.1.0)`.
>
> I guess systemd uses a feature from newer libseccomp versions which
> wasn't tracked by the symbols file. Maybe you should consider upgrading
> the minimum versions in the symbols file. (Probably broken in backports
> too.)
The attached patch should fix this I think
Cheers,
Laurent Bigonville
[844496.patch (text/x-patch, attachment)]
Added tag(s) patch.
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org.
(Wed, 16 Nov 2016 11:48:04 GMT) (full text, mbox, link).
Added indication that 844496 affects systemd
Request was from Laurent Bigonville <bigon@debian.org>
to control@bugs.debian.org.
(Wed, 16 Nov 2016 12:42:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Kees Cook <kees@debian.org>:
Bug#844496; Package libseccomp.
(Thu, 17 Nov 2016 15:30:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Martin Pitt <mpitt@debian.org>:
Extra info received and forwarded to list. Copy sent to Kees Cook <kees@debian.org>.
(Thu, 17 Nov 2016 15:30:06 GMT) (full text, mbox, link).
Message #19 received at 844496@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tag -1 pending
Ça va Laurent,
Laurent Bigonville [2016-11-16 12:44 +0100]:
> The attached patch should fix this I think
Indeed it does, I successfully verified that with a systemd build
against it. I got Kees' approval on IRC to NMU this, so I did that
now:
https://anonscm.debian.org/git/collab-maint/libseccomp.git/commit/?id=948040935c
https://anonscm.debian.org/git/collab-maint/libseccomp.git/commit/?id=1502f003de7
Thanks,
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
[signature.asc (application/pgp-signature, inline)]
Added tag(s) pending.
Request was from Martin Pitt <mpitt@debian.org>
to 844496-submit@bugs.debian.org.
(Thu, 17 Nov 2016 15:30:06 GMT) (full text, mbox, link).
Reply sent
to Martin Pitt <mpitt@debian.org>:
You have taken responsibility.
(Thu, 17 Nov 2016 17:15:42 GMT) (full text, mbox, link).
Notification sent
to Stefan Bühler <stbuehler@lighttpd.net>:
Bug acknowledged by developer.
(Thu, 17 Nov 2016 17:15:42 GMT) (full text, mbox, link).
Message #26 received at 844496-close@bugs.debian.org (full text, mbox, reply):
Source: libseccomp
Source-Version: 2.3.1-2.1
We believe that the bug you reported is fixed in the latest version of
libseccomp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 844496@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Pitt <mpitt@debian.org> (supplier of updated libseccomp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 17 Nov 2016 10:16:44 +0100
Source: libseccomp
Binary: libseccomp-dev libseccomp2 seccomp
Architecture: source amd64
Version: 2.3.1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Kees Cook <kees@debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
libseccomp-dev - high level interface to Linux seccomp filter (development files)
libseccomp2 - high level interface to Linux seccomp filter
seccomp - helper tools for high level interface to Linux seccomp filter
Closes: 844496
Changes:
libseccomp (2.3.1-2.1) unstable; urgency=medium
.
[ Martin Pitt ]
* Non-maintainer upload with Kees' consent.
.
[ Laurent Bigonville ]
* Ensure strict enough generated dependencies (Closes: #844496)
Checksums-Sha1:
c0e8265be90c6f7515da5d2e6ac0fddbeec7403d 2048 libseccomp_2.3.1-2.1.dsc
b2a644e9a0e582e0ae219686cc3f4f39ff4a0d8c 10572 libseccomp_2.3.1-2.1.debian.tar.xz
165a75d2b15a0ef72fc02f83cd0dde6af910b0d2 60766 libseccomp-dev_2.3.1-2.1_amd64.deb
d8154fbd3a1935b8916a455b8b7a73e63a78de82 60128 libseccomp2-dbgsym_2.3.1-2.1_amd64.deb
eb48fe845ea07d23b22f2389f3c3901bd1d20d9f 39470 libseccomp2_2.3.1-2.1_amd64.deb
d6746c3a2b7df51c9f21c122e5ffb04ce6393567 5447 libseccomp_2.3.1-2.1_20161117T105953z-1f5ccb9b.buildinfo
2aeed608aa6cdcc70619c3bad5ea45ee73882ca7 61760 seccomp-dbgsym_2.3.1-2.1_amd64.deb
8dc5c91ae5293c8fa7d3ad64f4d23cb6e5f01423 40002 seccomp_2.3.1-2.1_amd64.deb
Checksums-Sha256:
99cefa142517653fd580330f0b0aa2aa83b8d14b8d67e8ccbf53989e512600bc 2048 libseccomp_2.3.1-2.1.dsc
7343368b61c76e4f275c8de51415f466fd6f46ec53d50729b40b962386cbf6ca 10572 libseccomp_2.3.1-2.1.debian.tar.xz
9f8de21e6ff3a726e993b3870067fec2e0753dfe5e7084d23914170f78681ab6 60766 libseccomp-dev_2.3.1-2.1_amd64.deb
c25c8b81b7ed447406525c3beea36baa8990cee8d3f3de5a5d8993e12020e4dd 60128 libseccomp2-dbgsym_2.3.1-2.1_amd64.deb
d2aa0aadc06918027179d05354e656b4ad122983dc863a5ec780dab7ab155462 39470 libseccomp2_2.3.1-2.1_amd64.deb
1f70ca553c6100cb5fd2ebc9e55da9e17351a4b7fb4c663f23f07bd2611f5948 5447 libseccomp_2.3.1-2.1_20161117T105953z-1f5ccb9b.buildinfo
a40f9706409cae6bda6bc1bf82b3e4f4d7ea4cc4477176010238718386c6dead 61760 seccomp-dbgsym_2.3.1-2.1_amd64.deb
7b645d391a87d34cec2d426372227bfa92d95362246aa54b6738b881d32305b5 40002 seccomp_2.3.1-2.1_amd64.deb
Files:
d5cecfc94a1e31f346bc848b518eda72 2048 libs optional libseccomp_2.3.1-2.1.dsc
908dc693115633ae1a97aec1becf20f1 10572 libs optional libseccomp_2.3.1-2.1.debian.tar.xz
7d6bb8103418b9fff323d02b5e796c0e 60766 libdevel optional libseccomp-dev_2.3.1-2.1_amd64.deb
910570f152a7892558f2e070bf31bf83 60128 debug extra libseccomp2-dbgsym_2.3.1-2.1_amd64.deb
2e9537fc32151d93b38e93567321360f 39470 libs optional libseccomp2_2.3.1-2.1_amd64.deb
1f5ccb9bb1b34565539ac607bbac05f8 5447 libs optional libseccomp_2.3.1-2.1_20161117T105953z-1f5ccb9b.buildinfo
ba7e95a7b4d052ddc7c5d9adad33f919 61760 debug extra seccomp-dbgsym_2.3.1-2.1_amd64.deb
3928cbadd101d09e9ba3bd119affbc36 40002 utils optional seccomp_2.3.1-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYLY3NAAoJENFO8V2v4RNHMKAP/3n0uVci17vWRFmbui2SO95D
KSmTB7P4TW89CllZXHajnzE23ZmvoQbqr1FMXa2odEDxJBm5k140PSqYbQZJ8+Si
wGiBLqgXBLfFXTfJBRuev1BPb7rFu14lt5Bon0cjVKkLkVV4yF3YzQU5Mozw7YjQ
wHAoKgPe9Y+37KXP48hEQIvp2NeP8eGXz2z9OlUV8y61arBvoKaQwoIP6kyrNMsg
tp2qbGn+oDA4rqLwu4bqw21bUV9hUFLb8NkHxbytR8mW4pHQtUj/nUjxsqgST9W9
EEbZcSNZ3QumK8RcjGmI19ZwnqvyQgl3azavkNrT+l+ttg+wsUz3DqDbrDb2NhbX
7ZHWmwCcyOLCf4UXvvQUu2q3zFDLQ0C/gJl6xjt9kNYS4WnSCQphMPuv2BQ2d573
E6TrJ2Vm0xL9PFZgRruXOvGvt6DgbD7+G8A6dKhtmoRPjVeOci8vsAIQDVRs6DPb
FPYzV6miTk1ALXOIKGZZYw58WhYYrmnxLdGDdj+D+7BjtPN9so4e0lKjWcpbwHQn
8Y1o7bvN/nG1+Oqxb+ZY9p8Dqjr0FsMeAZZzqM8zTFFVwEBCvY8OKxPlq3Ow6ji8
KJi4FBNUxfEq8OhRDf7Kfp/YyW5IYlAIbt7d48zuWbeP33g1QFjNxBwAd6bTmknS
MqwkeRt4YCd6VaPOrRO8
=fvix
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 29 Dec 2016 09:54:10 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jan 6 22:25:39 2018;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.