Paul Moore pcmoore

## libseccomp-issues_204_1
arch: rework/fix the arch-syscall-validate script

From: Paul Moore <paul@paul-moore.com>

Update the arch-syscall-validate script to be "CSV friendly" in
preparation for follow-up work to move the libseccomp internal
syscall tables into a single CVS file.  This is a rather crude
effort, but it works and should serve to get things moving; we can
optimize it later.

## nm-dispatcher-chrony
#!/bin/bash

# NetworkManager dispatcher script to update chrony's status and add NTP servers
# obtained via DHCP.  Based on the AUR networkmanager-dispatcher-chrony script.

INTERFACE=$1
STATUS=$2

# make sure we're always getting the standard response strings
LANG='C'

## libseccomp-issues_148_4
#
# pseudo filter code start
#
# filter for arch x86_64 (3221225534)
if ($arch == 3221225534)
  # filter for syscall "fstat64" (4294957286) [priority: 65535]
  if ($syscall == 4294957286)
    action ALLOW;
  # filter for syscall "getegid32" (4294957281) [priority: 65535]
  if ($syscall == 4294957281)

## libseccomp-issues_148_3
 line  OP   JT   JF   K
=================================
 0000: 0x20 0x00 0x00 0x00000004   ld  $data[4]
 0001: 0x15 0x00 0x7f 0xc000003e   jeq 3221225534 true:0002 false:0129
 0002: 0x20 0x00 0x00 0x00000000   ld  $data[0]
 0003: 0x35 0x00 0x01 0x40000000   jge 1073741824 true:0004 false:0005
 0004: 0x15 0x00 0x7c 0xffffffff   jeq 4294967295 true:0005 false:0129
 0005: 0x15 0x0f 0x00 0x00000000   jeq 0    true:0021 false:0006
 0006: 0x15 0x0e 0x00 0x00000001   jeq 1    true:0021 false:0007
 0007: 0x15 0x0d 0x00 0x00000003   jeq 3    true:0021 false:0008

## libseccomp-issues_148_2
#
# pseudo filter code start
#
# filter for arch x86_64 (3221225534)
if ($arch == 3221225534)
  # filter for syscall "fstat64" (4294957286) [priority: 65535]
  if ($syscall == 4294957286)
    action ALLOW;
  # filter for syscall "getegid32" (4294957281) [priority: 65535]
  if ($syscall == 4294957281)

## libseccomp-issues_148_1
 line  OP   JT   JF   K
=================================
 0000: 0x20 0x00 0x00 0x00000004   ld  $data[4]
 0001: 0x15 0x00 0x85 0xc000003e   jeq 3221225534 true:0002 false:0135
 0002: 0x20 0x00 0x00 0x00000000   ld  $data[0]
 0003: 0x35 0x00 0x01 0x40000000   jge 1073741824 true:0004 false:0005
 0004: 0x15 0x00 0x82 0xffffffff   jeq 4294967295 true:0005 false:0135
 0005: 0x15 0x11 0x00 0x00000000   jeq 0    true:0023 false:0006
 0006: 0x15 0x10 0x00 0x00000001   jeq 1    true:0023 false:0007
 0007: 0x15 0x0f 0x00 0x00000003   jeq 3    true:0023 false:0008

## userstyle-gmail_monospace
/**
 * Working as of June 18, 2018
 */

/* .a3s used when reading email */
.a3s {
    font-family: monospace !important;
}
/* .LW-avf used when composing, (!important is critial) */
.LW-avf {

## aur-1
diff --git a/PKGBUILD b/PKGBUILD
index 0a0eb8f..9ae9a29 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -6,7 +6,7 @@
 # $ curl -s https://bluejeans.com/downloads | grep 'desktop/linux'

 pkgname=bluejeans
-pkgver=1.32.7
+pkgver=1.33.15

## scratch-1
XXX - work in progress, do not submit/push!

From: Paul Moore <paul@paul-moore.com>

things to do:

* investigate _db_tree_prune(), that likely needs some logic (lt/gt)
  flipping to compensate for the changes in _db_tree_add()
* run the full regression test to ensure we aren't accidentally breaking
  anything

## ipv6-scm_security_support.patch
From: Paul Moore <paul@paul-moore.com>

ipv6: add support for SOL_IPV6/IPV6_PASSSEC

XXX - needs commit description
XXX - https://github.com/SELinuxProject/selinux-kernel/issues/24

Signed-off-by: XXX
---
 include/linux/ipv6.h     |    4 ++--
	arch: rework/fix the arch-syscall-validate script

	From: Paul Moore <paul@paul-moore.com>

	Update the arch-syscall-validate script to be "CSV friendly" in
	preparation for follow-up work to move the libseccomp internal
	syscall tables into a single CVS file. This is a rather crude
	effort, but it works and should serve to get things moving; we can
	optimize it later.
	#!/bin/bash

	# NetworkManager dispatcher script to update chrony's status and add NTP servers
	# obtained via DHCP. Based on the AUR networkmanager-dispatcher-chrony script.

	INTERFACE=$1
	STATUS=$2

	# make sure we're always getting the standard response strings
	LANG='C'
	#
	# pseudo filter code start
	#
	# filter for arch x86_64 (3221225534)
	if ($arch == 3221225534)
	# filter for syscall "fstat64" (4294957286) [priority: 65535]
	if ($syscall == 4294957286)
	action ALLOW;
	# filter for syscall "getegid32" (4294957281) [priority: 65535]
	if ($syscall == 4294957281)
	line OP JT JF K
	=================================
	0000: 0x20 0x00 0x00 0x00000004 ld $data[4]
	0001: 0x15 0x00 0x7f 0xc000003e jeq 3221225534 true:0002 false:0129
	0002: 0x20 0x00 0x00 0x00000000 ld $data[0]
	0003: 0x35 0x00 0x01 0x40000000 jge 1073741824 true:0004 false:0005
	0004: 0x15 0x00 0x7c 0xffffffff jeq 4294967295 true:0005 false:0129
	0005: 0x15 0x0f 0x00 0x00000000 jeq 0 true:0021 false:0006
	0006: 0x15 0x0e 0x00 0x00000001 jeq 1 true:0021 false:0007
	0007: 0x15 0x0d 0x00 0x00000003 jeq 3 true:0021 false:0008
	/**
	* Working as of June 18, 2018
	*/

	/* .a3s used when reading email */
	.a3s {
	font-family: monospace !important;
	}
	/* .LW-avf used when composing, (!important is critial) */
	.LW-avf {
	diff --git a/PKGBUILD b/PKGBUILD
	index 0a0eb8f..9ae9a29 100644
	--- a/PKGBUILD
	+++ b/PKGBUILD
	@@ -6,7 +6,7 @@
	# $ curl -s https://bluejeans.com/downloads \| grep 'desktop/linux'

	pkgname=bluejeans
	-pkgver=1.32.7
	+pkgver=1.33.15
	XXX - work in progress, do not submit/push!

	From: Paul Moore <paul@paul-moore.com>

	things to do:

	* investigate _db_tree_prune(), that likely needs some logic (lt/gt)
	flipping to compensate for the changes in _db_tree_add()
	* run the full regression test to ensure we aren't accidentally breaking
	anything
	From: Paul Moore <paul@paul-moore.com>

	ipv6: add support for SOL_IPV6/IPV6_PASSSEC

	XXX - needs commit description
	XXX - https://github.com/SELinuxProject/selinux-kernel/issues/24

	Signed-off-by: XXX
	---
	include/linux/ipv6.h \| 4 ++--