libseccomp v2.6.0

ChangeLog

• Version 2.6.0 - January 23, 2025
  • New features
    • Add support for new architectures
      • SuperH little endian
      • SuperH big endian
      • LoongArch
      • 32-bit Motorola 68000
    • Add multiplexed syscall support for more architectures
      • MIPS
      • SuperH
      • PPC
    • Consolidate and simplify handling of multiplexed syscalls
    • Add support for the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag
    • Add support for transactions with the seccomp_transaction_start(), seccomp_transaction_commit(), and seccomp_transaction_reject() APIs
    • Improved tooling to help track syscall table updates in the Linux kernel
    • Update the syscall table for Linux v6.13
  • Performance improvements
    • Add a seccomp_precompute() API to generate the seccomp BPF filter prior to seccomp_load() or seccomp_export_bpf_mem()
  • Bug fixes
    • Handle EINVAL error from the kernel when the WAIT_KILLABLE_RECV flag is erroneously provided to the kernel
    • Add support for binary tree filters without syscalls
    • Add support for the kernel’s implementation change of SECCOMP_IOCTL_NOTIF_ID_VALID
    • Fix a seccomp userspace notification issue where the file descriptor was being requested more than once
    • Fix a bug where the internal filter state could be corrupted when a filter rule addition fails
    • Fix potential memory leak in the internal management of filter snapshots
  • Python bindings
    • Add support for retrieving the notification file descriptor
    • Utilize Cython rather than distutils, due to distutils’ deprecation
  • Many test and CI improvements and fixes
  • Many documentation improvements and updates

Checksum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

83b6085232d1588c379dc9b9cae47bb37407cf262e6e74993c61ba72d2a784dc  libseccomp-2.6.0.tar.gz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmeS4dkACgkQ6iDy2pc3
iXNA2g/+KfaAHm8Uc+HAxHXcDUhw2XB4KQVZvRzLboiBcJu1N0N3ZM9NAtBlB/3Y
b/tOv3PfrTxij4a93Tgt81rOFNha9Ditq3CI/2wDeunNJR2hSZEELyg+S+7x2eyl
6oixUbpWw3nSgaoYyAjqXy7GBCL0k1PibNzVFlHp2SOWZp979nhhhTdNUZAs6hjQ
sMFrEo7lU5HSqDCEJU88K2pKSSCwNMIDJrg9qmd47JOfmSHXTbhMzUPwGyBpVfgB
LYcw4auZUSpYxEBJj97NaXtuW2Bqqu0zBsVBC9bAOF5BbokXCV2jaKzMv6X1e5jI
CpHMBKjLHu8pZKjtSdLagNN6u6Y16tsQQ0TdvBkK5h2WWGVdagB3kj/pcIUqd/gC
po6w5HP0y3MPmy3I7ZbVMYMTTJFCli/d3zEEnKyktfAbhqDZ45zspg/7+LXlh1/x
zNc1CjwRj9ceouU2dvXFmVyEB645abLarDDqizzxnZYANozLJ3acJoBp1I7msaxy
1kmzyoRYroiuZeIlIEht+fnthesE5/x5ZPaugcAIT/oPxtxU1n/08C6rXYZWIL5N
u+NBUfqgsDMEN16bNv4On5siATWes5VVLbvFeOnM2pDdbfBlK2cRgP+1+aCAtokV
i6cl9bjvPqqWgJ518CYraHiLeH5gqqAtzhFy9rDtCJAF7sFZM0k=
=pDHk
-----END PGP SIGNATURE-----