summaryrefslogtreecommitdiffstats
path: root/CHANGELOG
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGELOG')
-rw-r--r--CHANGELOG203
1 files changed, 203 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 0000000..46ea28a
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,203 @@
+libseccomp: Releases
+===============================================================================
+https://github.com/seccomp/libseccomp
+
+* Version 2.5.5 - December 1, 2023
+* Update the syscall table for Linux v6.7-rc3
+
+* Version 2.5.4 - April 21, 2022
+- Update the syscall table for Linux v5.17
+- Fix minor issues with binary tree testing and with empty binary trees
+- Minor documentation improvements including retiring the mailing list
+
+* Version 2.5.3 - November 5, 2021
+- Update the syscall table for Linux v5.15
+- Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
+- Document that seccomp_rule_add() may return -EACCES
+- Fix issues with test 11-basic-basic_errors on old kernels (API level < 5)
+
+* Version 2.5.2 - August 31, 2021
+- Update the syscall table for Linux v5.14-rc7
+- Add a function, get_notify_fd(), to the Python bindings to get the
+ nofication file descriptor
+- Consolidate multiplexed syscall handling for all architectures into one
+ location
+- Add multiplexed syscall support to PPC
+- Add multiplexed syscall support to MIPS
+- The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel.
+ Modify the libseccomp file descriptor notification logic to support the
+ kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID
+
+* Version 2.5.1 - November 20, 2020
+- Fix a bug where seccomp_load() could only be called once
+- Change the notification fd handling to only request a notification fd if
+ the filter has a _NOTIFY action
+- Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
+- Clarify the maintainers' GPG keys
+
+* Version 2.5.0 - July 20, 2020
+- Add support for the seccomp user notifications, see the
+ seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3)
+ manpages for more information
+- Add support for new filter optimization approaches, including a balanced tree
+ optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more
+ information
+- Add support for the 64-bit RISC-V architecture
+- Performance improvements when adding new rules to a filter thanks to the use
+ of internal shadow transactions and improved syscall lookup tables
+- Properly document the libseccomp API return values and include them in the
+ stable API promise
+- Improvements to the s390 and s390x multiplexed syscall handling
+- Multiple fixes and improvements to the libseccomp manpages
+- Moved from manually maintained syscall tables to an automatically generated
+ syscall table in CSV format
+- Update the syscall tables to Linux v5.8.0-rc5
+- Python bindings and build now default to Python 3.x
+- Improvements to the tests have boosted code coverage to over 93%
+- Enable Travis CI testing on the aarch64 and ppc64le architectures
+- Add code inspection via lgtm.com
+
+* Version 2.4.3 - March 4, 2020
+- Add list of authorized release signatures to README.md
+- Fix multiplexing issue with s390/s390x shm* syscalls
+- Remove the static flag from libseccomp tools compilation
+- Add define for __SNR_ppoll
+- Update our Travis CI configuration to use Ubuntu 18.04
+- Disable live python tests in Travis CI
+- Use default python, rather than nightly python, in TravisCI
+- Fix potential memory leak identified by clang in the scmp_bpf_sim tool
+
+* Version 2.4.2 - November 7, 2019
+- Update the syscall table for Linux v5.4-rc4
+- Stop defining __NR_x values for syscalls that don't exist. Libseccomp
+ now uses __SNR_x internally
+- Update the Cython language level to "3str"
+- Add support for io-uring related system calls
+- Clarify the maintainer documentation and release process
+- Fix python module name issue introduced in the v2.4.0 release. The module
+ is now named "seccomp" as it was previously
+- Deliver the SECURITY.md file in releases
+
+* Version 2.4.1 - April 17, 2019
+- Fix a BPF generation bug where the optimizer mistakenly identified duplicate
+ BPF code blocks
+
+* Version 2.4.0 - March 14, 2019
+- Update the syscall table for Linux v5.0-rc5
+- Added support for the SCMP_ACT_KILL_PROCESS action
+- Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute
+- Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument
+ comparison macros to help protect against unexpected sign extension
+- Added support for the parisc and parisc64 architectures
+- Added the ability to query and set the libseccomp API level via
+ seccomp_api_get(3) and seccomp_api_set(3)
+- Return -EDOM on an endian mismatch when adding an architecture to a filter
+- Renumber the pseudo syscall number for subpage_prot() so it no longer
+ conflicts with spu_run()
+- Fix PFC generation when a syscall is prioritized, but no rule exists
+- Numerous fixes to the seccomp-bpf filter generation code
+- Switch our internal hashing function to jhash/Lookup3 to MurmurHash3
+- Numerous tests added to the included test suite, coverage now at ~92%
+- Update our Travis CI configuration to use Ubuntu 16.04
+- Numerous documentation fixes and updates
+
+* Version 2.3.3 - January 10, 2018
+- Updated the syscall table for Linux v4.15-rc7
+
+* Version 2.3.2 - February 27, 2017
+- Achieved full compliance with the CII Best Practices program
+- Added Travis CI builds to the GitHub repository
+- Added code coverage reporting with the "--enable-code-coverage" configure
+ flag and added Coveralls to the GitHub repository
+- Updated the syscall tables to match Linux v4.10-rc6+
+- Support for building with Python v3.x
+- Allow rules with the -1 syscall if the SCMP_FLTATR_API_TSKIP attribute is
+ set to true
+- Several small documentation fixes
+
+* Version 2.3.1 - April 20, 2016
+- Fixed a problem with 32-bit x86 socket syscalls on some systems
+- Fixed problems with ipc syscalls on 32-bit x86
+- Fixed problems with socket and ipc syscalls on s390 and s390x
+
+* Version 2.3.0 - February 29, 2016
+- Added support for the s390 and s390x architectures
+- Added support for the ppc, ppc64, and ppc64le architectures
+- Update the internal syscall tables to match the Linux 4.5-rcX releases
+- Filter generation for both multiplexed and direct socket syscalls on x86
+- Support for the musl libc implementation
+- Additions to the API to enable runtime version checking of the library
+- Enable the use of seccomp() instead of prctl() on supported systems
+- Added additional tests to the regression test suite
+
+* Version 2.2.3 - July 8, 2015
+- Fix a problem with 'make check' on 32-bit ARM systems
+
+* Version 2.2.2 - July 6, 2015
+- Fix a problem with the masked equality operator
+- Fix a problem on x86_64/x32 involving invalid architectures
+- Fix a problem with the ARM specific syscalls
+- Fix a build problem when the source and build directories differ
+
+* Version 2.2.1 - May 13, 2015
+- Fix a problem with syscall argument filtering on 64-bit systems
+- Fix some problems with the 32-bit ARM syscall table
+- Fix build problems on very old systems
+- Update the README file with the GitHub and Google Groups information
+
+* Version 2.2.0 - February 12, 2015
+- Migrated the build system to autotools
+- Added support for the aarch64 architecture
+- Added support for the mips, mips64, and mips64n32 architectures for both big
+ and little endian systems
+- Added support for using the new seccomp() syscall and the thread sync
+ functionality
+- Added Python bindings
+- Updated the internal syscall tables to Linux v3.19
+- Added documentation to help contributors wishing to submit patches
+- Migrated to GitHub for git hosting and Google Groups for the mailing list
+- Numerous minor bug fixes
+
+* Version 2.1.1 - October 31, 2013
+- Build system improvements
+- Automated test improvements, including a "check" target for use by
+ packagers to verify the build
+- Numerous bug fixes related to the filter's internal rule database which
+ affect those creating rules with syscall arguments
+- Introduced tools to verify the style/formatting of the code, including a
+ "check-syntax" target for use by developers
+- Non-public symbols are now hidden in the library
+
+* Version 2.1.0 - June 11, 2013
+- Add support for the x32 and ARM architectures
+- Improvements to the regression tests, including support for live tests
+- More verbose PFC output, including translation of syscall numbers to names
+- Several assorted bugfixes affecting the seccomp BPF generation
+- The syscall number/name resolver tool is now available to install
+
+* Version 2.0.0 - January 28, 2013
+- Fixes for the x86 multiplexed syscalls
+- Additions to the API to better support non-native architectures
+- Additions to the API to support multiple architectures in one filter
+- Additions to the API to resolve syscall name/number mappings
+- Assorted minor bug fixes
+- Improved build messages regardless of build verbosity
+- More automated tests added as well as a number of improvements to the test
+ harness
+
+* Version 1.0.1 - November 12, 2012
+- The header file is now easier to use with C++ compilers
+- Minor documentation fixes
+- Minor memory leak fixes
+- Corrected x86 filter generation on x86_64 systems
+- Corrected problems with small filters and filters with arguments
+
+* Version 1.0.0 - July 31, 2012
+- Change the API to be context-aware; eliminates all internal state but breaks
+ compatibility with the previous 0.1.0 release
+- Added support for multiple build jobs ("make -j8") and verbose builds using
+ the "V=1" build variable ("make V=1")
+- Minor tweaks to the regression test script output
+
+* Version 0.1.0 - June 8, 2012
+- Initial release
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 20:58:16 +0000