libseccomp: Releases =============================================================================== https://github.com/seccomp/libseccomp * Version 2.4.1 - April 17, 2019 - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks * Version 2.4.0 - March 14, 2019 - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates * Version 2.3.3 - January 10, 2018 - Updated the syscall table for Linux v4.15-rc7 * Version 2.3.2 - February 27, 2017 - Achieved full compliance with the CII Best Practices program - Added Travis CI builds to the GitHub repository - Added code coverage reporting with the "--enable-code-coverage" configure flag and added Coveralls to the GitHub repository - Updated the syscall tables to match Linux v4.10-rc6+ - Support for building with Python v3.x - Allow rules with the -1 syscall if the SCMP_FLTATR_API_TSKIP attribute is set to true - Several small documentation fixes * Version 2.3.1 - April 20, 2016 - Fixed a problem with 32-bit x86 socket syscalls on some systems - Fixed problems with ipc syscalls on 32-bit x86 - Fixed problems with socket and ipc syscalls on s390 and s390x * Version 2.3.0 - February 29, 2016 - Added support for the s390 and s390x architectures - Added support for the ppc, ppc64, and ppc64le architectures - Update the internal syscall tables to match the Linux 4.5-rcX releases - Filter generation for both multiplexed and direct socket syscalls on x86 - Support for the musl libc implementation - Additions to the API to enable runtime version checking of the library - Enable the use of seccomp() instead of prctl() on supported systems - Added additional tests to the regression test suite * Version 2.2.3 - July 8, 2015 - Fix a problem with 'make check' on 32-bit ARM systems * Version 2.2.2 - July 6, 2015 - Fix a problem with the masked equality operator - Fix a problem on x86_64/x32 involving invalid architectures - Fix a problem with the ARM specific syscalls - Fix a build problem when the source and build directories differ * Version 2.2.1 - May 13, 2015 - Fix a problem with syscall argument filtering on 64-bit systems - Fix some problems with the 32-bit ARM syscall table - Fix build problems on very old systems - Update the README file with the GitHub and Google Groups information * Version 2.2.0 - February 12, 2015 - Migrated the build system to autotools - Added support for the aarch64 architecture - Added support for the mips, mips64, and mips64n32 architectures for both big and little endian systems - Added support for using the new seccomp() syscall and the thread sync functionality - Added Python bindings - Updated the internal syscall tables to Linux v3.19 - Added documentation to help contributors wishing to submit patches - Migrated to GitHub for git hosting and Google Groups for the mailing list - Numerous minor bug fixes * Version 2.1.1 - October 31, 2013 - Build system improvements - Automated test improvements, including a "check" target for use by packagers to verify the build - Numerous bug fixes related to the filter's internal rule database which affect those creating rules with syscall arguments - Introduced tools to verify the style/formatting of the code, including a "check-syntax" target for use by developers - Non-public symbols are now hidden in the library * Version 2.1.0 - June 11, 2013 - Add support for the x32 and ARM architectures - Improvements to the regression tests, including support for live tests - More verbose PFC output, including translation of syscall numbers to names - Several assorted bugfixes affecting the seccomp BPF generation - The syscall number/name resolver tool is now available to install * Version 2.0.0 - January 28, 2013 - Fixes for the x86 multiplexed syscalls - Additions to the API to better support non-native architectures - Additions to the API to support multiple architectures in one filter - Additions to the API to resolve syscall name/number mappings - Assorted minor bug fixes - Improved build messages regardless of build verbosity - More automated tests added as well as a number of improvements to the test harness * Version 1.0.1 - November 12, 2012 - The header file is now easier to use with C++ compilers - Minor documentation fixes - Minor memory leak fixes - Corrected x86 filter generation on x86_64 systems - Corrected problems with small filters and filters with arguments * Version 1.0.0 - July 31, 2012 - Change the API to be context-aware; eliminates all internal state but breaks compatibility with the previous 0.1.0 release - Added support for multiple build jobs ("make -j8") and verbose builds using the "V=1" build variable ("make V=1") - Minor tweaks to the regression test script output * Version 0.1.0 - June 8, 2012 - Initial release