Recommended update for libseccomp, python-Cython
| Announcement ID: | SUSE-RU-2025:1347-1 |
|---|---|
| Release Date: | 2025-04-18T03:33:36Z |
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that has four fixes can now be installed.
Description:
This update for libseccomp, python-Cython fixes the following issues:
python-Cython is included in version 0.29.14 to make libseccomp build.
Changes in libseccomp:
Update to release 2.5.3:
- Update the syscall table for Linux v5.15
- Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
- Document that seccomp_rule_add() may return -EACCES
Update to release 2.5.2:
- Update the syscall table for Linux v5.14-rc7
- Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor.
- Consolidate multiplexed syscall handling for all architectures into one location.
- Add multiplexed syscall support to PPC and MIPS
- The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID.
Update to 2.5.1:
- Fix a bug where seccomp_load() could only be called once
- Change the notification fd handling to only request a notification fd if
- the filter has a _NOTIFY action
- Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
- Clarify the maintainers' GPG keys
Update to release 2.5.0:
- Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information
- Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information
- Add support for the 64-bit RISC-V architecture
- Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables (bsc#1209407)
- Properly document the libseccomp API return values and include them in the stable API promise
- Improvements to the s390 and s390x multiplexed syscall handling
- Multiple fixes and improvements to the libseccomp manpages
- Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format
- Update the syscall tables to Linux v5.8.0-rc5
- Python bindings and build now default to Python 3.x
- Improvements to the tests have boosted code coverage to over 93%
Update to release 2.4.3:
- Add list of authorized release signatures to README.md
- Fix multiplexing issue with s390/s390x shm* syscalls
- Remove the static flag from libseccomp tools compilation
- Add define for __SNR_ppoll
- Fix potential memory leak identified by clang in the scmp_bpf_sim tool
Update to release 2.4.2:
- Add support for io-uring related system calls
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1347=1 -
SUSE Linux Enterprise Server 12 SP5 LTSS
zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1347=1
Package List:
-
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
- libseccomp-debugsource-2.5.3-11.9.1
- libseccomp2-2.5.3-11.9.1
- libseccomp2-32bit-2.5.3-11.9.1
- libseccomp2-debuginfo-2.5.3-11.9.1
- libseccomp2-debuginfo-32bit-2.5.3-11.9.1
- libseccomp-devel-2.5.3-11.9.1
-
SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
- libseccomp-debugsource-2.5.3-11.9.1
- libseccomp2-debuginfo-2.5.3-11.9.1
- libseccomp2-2.5.3-11.9.1
- libseccomp-devel-2.5.3-11.9.1
-
SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64)
- libseccomp2-debuginfo-32bit-2.5.3-11.9.1
- libseccomp2-32bit-2.5.3-11.9.1