5 files changed, 80 insertions, 16 deletions

diff --git a/sys-libs/Manifest.gz b/sys-libs/Manifest.gz
index 397602930cde..fa6546264405 100644
--- a/sys-libs/Manifest.gz
+++ b/sys-libs/Manifest.gz
diff --git a/sys-libs/libseccomp/Manifest b/sys-libs/libseccomp/Manifest
index 61e63e1821a6..e12a3ec1ce57 100644
--- a/sys-libs/libseccomp/Manifest
+++ b/sys-libs/libseccomp/Manifest
@@ -2,7 +2,8 @@ AUX libseccomp-2.5.3-skip-valgrind.patch 516 BLAKE2B d5dc87fcca8e20b7edd427c434d
 AUX libseccomp-2.5.5-aliasing.patch 1065 BLAKE2B 22b25db6d1ebf6f3f6a54b49341f4457bcad7c3e43d7509241408bc237451e899be8a38ecb9f704826efeccc265b0bc9bc4fe89d3da76707bd2338e0fe146fe0 SHA512 f618af56ebb02e4f8115d84890679cf00f8f5062c181a6cad8a5604316c282b022ba078a61adfd4bc412f79ad805cb35e71e5cc191390502306e515eaf97009b
 AUX libseccomp-2.5.5-arch-syscall-check.patch 1485 BLAKE2B c94cd88060e51e1ba4962fc56603a958bd8fe314adc6d038a271d8f661db1f421026a180d5aa6deccc42422818a95cf8ec46a2a4e961325ef74d342d17f24e2a SHA512 c14f351e9d7dbdf1be43f031cd7a9a5b192b2e358574054aabba1d08a0ccc1cf8f1138b1462d0b7eac899ac801039aa03e748ff52a8020174801b26ee47b69b1
 AUX libseccomp-2.5.5-which-hunt.patch 1779 BLAKE2B 00ac7f24b718f450c258c0d69f600a739360ac6cce45acdca51d413e07396d16ffa50d64fda2744968171e33e3a0e2ac17fa01c6016a95fab6774a4f6c7ba7c4 SHA512 b077a3f1075664fdfec6fecc077bd53685823794f037315a559f205cb6dc78a7d5e720ea4587dfdb605bfbeae79cf964d083157fbfae2085ca1d9e2995015067
-AUX libseccomp-2.6.0-aliasing.patch 2364 BLAKE2B 784390b5044f47b5a7de61c7d79fb5608112d790a34122f1c302d7bf7d2ea6af70d41c00d6c7d598ad9287d8aff7a8fe6acebabb886ac7738cff47f32b82086f SHA512 9aa25491b008b37c8b9c74d222cabb79e88aecae17652d20bc48a121a74b90cd3b2430782e6cdc876fbc423633b38afab178d37964652088b9bb46513f2a435b
+AUX libseccomp-2.6.0-aliasing.patch 3300 BLAKE2B 19e45511d4b9e73d50b10651243da0e748512e1e836580872e3138ae3930ab9553d5aacbf0e70cff0432697a2b10dc2e4b7e7a162e3d23380b2b2802999a6f28 SHA512 029b0597f7364ecbb232fbfbe7d5f208683ff59106864f55834b6cd181b536554771366113b99bdb7f26c30ab983acab5f54607af2506da815caaa6732587cb5
+AUX libseccomp-2.6.0-bounds.patch 1387 BLAKE2B 3a51933c60071a59e3a0c922156d4dd0f3245bee73d4c3eb8ee4f5afb545d71069a9786101e18e676e50589c4cf725bd7eef4b6003903fb6c6b7ab9dc0e07b71 SHA512 a4d8f0c9ddefc722adb42a187f9911e4d7a66bae636f2ee692b8271aa120244993540e2dc1ecb19d8aebe4e5f71ce658e2e36f5266c9c2b6ccc6a62781749776
 AUX libseccomp-2.6.0-drop-bogus-test.patch 1143 BLAKE2B ea049b69f5198ea2570f524431f766a182c8a7d6ea8f9d73ba0fede458f7c7a976d6b18ede12f8a53ba2fddf8160c3b794df13776e4295f673803f840625395a SHA512 7d3a70a46aed20dff0fa88a421b27c303bc9f3a5779f1762c60a90006a6294c5b0ee6364e4e2fd8b3ab7f6218d40598f79a070bae06419e191d3a98e61a2b452
 AUX libseccomp-2.6.0-python-shared.patch 778 BLAKE2B 343bcb6c8e8cfc9bab3e0439d391ddfae023587f64f23860c1594cacb60d3af58e031edd5f37ba705bf3da01799ed12ab931a4b9a98e9063922f16cab814d5e6 SHA512 029b1403a3b0af5931833837d9b640d8d9ee172972f927f756137ca51bdbfd3f9cd42657029397fdb2cb727a5065356e05ca196fcb2170484f807bb65cd5a398
 AUX libseccomp-python-shared.patch 759 BLAKE2B e2c42e18ca93fe5fddbc3a5b47ac0e6a29e566292fd62b87e6b45f6cb230570a2d1907a8b192e80b32c1900d069a4f10a866fa50bd9b88f5b78abff4206bd4cb SHA512 74548c7969869ff8f937a75eac720f1c654fad87dc17aed1c041bcb765586b4ee978a3ff7c6281be03277f6c74f2ec32624f91beb55afec3066a06a9e51483e2
@@ -10,7 +11,7 @@ DIST libseccomp-2.5.5-loongarch-r1.patch 119822 BLAKE2B 4aa75c1ac87b2ca25cf6be38
 DIST libseccomp-2.5.5.tar.gz 642445 BLAKE2B d770cee1f3e02fbbcd9f25655b360ab38160ad800e2829a67f2b9da62b095a90be99ac851a67344cf95bd6810a6268da4655dc1d37d996e58239c4999eb41998 SHA512 f630e7a7e53a21b7ccb4d3e7b37616b89aeceba916677c8e3032830411d77a14c2d74dcf594cd193b1acc11f52595072e28316dc44300e54083d5d7b314a38da
 DIST libseccomp-2.6.0.tar.gz 685655 BLAKE2B 45c4f4dd67db5848bb536613e8929633f95cfbeb8738525381a76631187e7b0fc2c02f1a103579cd0f4135e9c175250fe2d784b85cc85424ec3125b4dafcf11c SHA512 9039478656d9b670af2ff4cb67b6b1fa315821e59d2f82ba6247e988859ddc7e3d15fea159eccca161bf2890828bb62aa6ab4d6b7ff55f27a9d6bd9532eeee1b
 EBUILD libseccomp-2.5.5-r2.ebuild 3320 BLAKE2B dd3464cbde08c57809e23c39b199e4a2bb9cc2ebbe743cee71884a653fe0d491596c1e177ce6fa6105e9981f813b1e2336bad74b60174aa229876f9e889c049f SHA512 23c82d3ca67731fd620c35523810b6f38f0252e15eeaf5b501e8e122f788a47065295f389598d705f826b4fcd15b41111d0fd043a517774afbcc7d760647cf93
-EBUILD libseccomp-2.6.0-r1.ebuild 2562 BLAKE2B f35c616cd80e3c9195819a4a54d67db693a9bcbef19b22d98a70098bfe6d2009198584ced16a4821374ab872d3601d4b41f22d46808784d77d1be239de688d78 SHA512 ed130428b6be53744f28bb6671c0990bcaafff34367c9585ca8b2cc558fa725e3a9217cf285c3f311549d1d14bf17be7e54f2a0537dceb987ca5e6db810e074a
+EBUILD libseccomp-2.6.0-r2.ebuild 2588 BLAKE2B 489b45e4848d14626b94aa9506d29a76b63f567e7aca8a358b995632c74b44919746145b5b8dfc4a1e40dd48287f0b398da956a106371aa9abd8f7ecac7ad8c8 SHA512 39d85fa9e9d642a94996623415abbd3fd05d858aa7a6768287a0584208106c6ba720af98a1ec23c092f36b63819c802b7b0fb5e7d99308fdbca2f1aa108ef6e6
 EBUILD libseccomp-2.6.0.ebuild 2513 BLAKE2B 327d5fc52314d994c96abb20766fb9d3962f96f0fc4d9714c50062d5674d1a959fa248a47005966504e9f2fb982a33a3f93b76f8f1d44f2704c864a506f3e77f SHA512 434286bbefdaec62e4fcfeae6bcd8ebaa23c5d837d38c1f4ff0c8cdf1584b7687b92d14a4b6710047f15e4415c70f8c2d4066936bbaf6f74a333746274166f66
 EBUILD libseccomp-9999.ebuild 2478 BLAKE2B e89d99162cb2d0c8f1f97d7a2364d9ec922beade6e332b2144fc9c466999bbccbedc5c7b157be9a18f4243b4156833bcdc048e669b4bd292acf69f555de77ea2 SHA512 bee65ea98d5093df55dcb4de55a32ef74c15fc819506488c20c8f02a98afae23d4043639cee6a1caab7dee16b0a8745e51a1c97363e330e908fcefcb3d0dc8b0
 MISC metadata.xml 506 BLAKE2B 44dc13629234226f9314270c05d5c7c87575639fe12282e73697ead63d016ee9b52a89d673be5881bfcbf4d605024ecfcc3e19510581d334a6d5737df6a36b50 SHA512 93b0a53783499eab6b6264867a049830d765ee56d19b0c60e764f6651dff9f0d11efbec0783fdeb17c2c64d3f409bb4b1b1f74f267022775b992b61a1df03100
diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
index f946dc468822..f1f13454c890 100644
--- a/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-aliasing.patch
@@ -1,9 +1,9 @@
-https://github.com/seccomp/libseccomp/pull/459
+https://github.com/seccomp/libseccomp/commit/84005ecc603fd0186188c4113452fd8e8a0c9bb3
 
-From e6904da422e68031b0237c1e005fc5e98c12e2cf Mon Sep 17 00:00:00 2001
+From 84005ecc603fd0186188c4113452fd8e8a0c9bb3 Mon Sep 17 00:00:00 2001
 From: Romain Geissler <romain.geissler@amadeus.com>
 Date: Tue, 18 Feb 2025 22:29:05 +0000
-Subject: [PATCH] Fix strict aliasing UB in MurMur hash implementation.
+Subject: [PATCH] hash: fix strict aliasing UB in MurMur hash implementation
 
 This was spotted when trying to upgrade the libseccomp fedora package to
 version 2.6.0 in fedora rawhide. It comes with gcc 15 and LTO enabled by
@@ -24,20 +24,26 @@ errors in valgrind:
 ==265507==    at 0x409590: _hsh_add (gen_bpf.c:573)
 
 Investigating this a bit, it seems that because of LTO the MurMur hash
-implementation is being inlined in _hsh_add. The way we call getblock32
-with the explicit cast to const uint32_t* is a strict aliasing
-violation.
+implementation is being inlined in _hsh_add. The two buffers data and
+blocks to point at the same underlying data, but via incompatible type,
+which is a strict aliasing violation. Instead, remove the getblock32
+function and inline the copy with memcpy.
 
 This is reproducible on a "fedora:rawhide" container (gcc 15) and using:
 export CFLAGS='-O2 -flto=auto -ffat-lto-objects -g'
 
 Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
+Reviewed-by: Sam James <sam@gentoo.org>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+[PM: subject line tweak]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+(imported from commit 614530bc8b3c9f49aa59d7eaef4863b746504c23)
 ---
- src/hash.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
+ src/hash.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
 
 diff --git a/src/hash.c b/src/hash.c
-index 4435900f..301abfc9 100644
+index 4435900f..01ff9399 100644
 --- a/src/hash.c
 +++ b/src/hash.c
 @@ -12,15 +12,11 @@
@@ -57,13 +63,31 @@ index 4435900f..301abfc9 100644
  static inline uint32_t rotl32(uint32_t x, int8_t r)
  {
  	return (x << r) | (x >> (32 - r));
-@@ -56,7 +52,7 @@ uint32_t hash(const void *key, size_t length)
+@@ -41,7 +37,6 @@ static inline uint32_t fmix32(uint32_t h)
+ uint32_t hash(const void *key, size_t length)
+ {
+ 	const uint8_t *data = (const uint8_t *)key;
+-	const uint32_t *blocks;
+ 	const uint8_t *tail;
+ 	const int nblocks = length / 4;
+ 	const uint32_t c1 = 0xcc9e2d51;
+@@ -54,9 +49,8 @@ uint32_t hash(const void *key, size_t length)
+ 	uint32_t h1 = 0;
+ 
  	/* body */
- 	blocks = (const uint32_t *)(data + nblocks * 4);
+-	blocks = (const uint32_t *)(data + nblocks * 4);
  	for(i = -nblocks; i; i++) {
 -		k1 = getblock32(blocks, i);
-+		memcpy(&k1, &blocks[i], sizeof(uint32_t));
++		memcpy(&k1, data + (nblocks + i) * sizeof(uint32_t), sizeof(uint32_t));
  
  		k1 *= c1;
  		k1 = rotl32(k1, 15);
-
+@@ -68,7 +62,7 @@ uint32_t hash(const void *key, size_t length)
+ 	}
+ 
+ 	/* tail */
+-	tail = (const uint8_t *)(data + nblocks * 4);
++	tail = data + nblocks * sizeof(uint32_t);
+ 	switch(length & 3) {
+ 	case 3:
+ 		k2 ^= tail[2] << 16;
diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-bounds.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-bounds.patch
new file mode 100644
index 000000000000..3f53cd7b1f28
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-bounds.patch
@@ -0,0 +1,38 @@
+https://github.com/seccomp/libseccomp/commit/dd759e8c4f5685b526638fba9ec4fc24c37c9aec
+
+From dd759e8c4f5685b526638fba9ec4fc24c37c9aec Mon Sep 17 00:00:00 2001
+From: Alyssa Ross <hi@alyssa.is>
+Date: Thu, 13 Feb 2025 12:05:17 +0100
+Subject: [PATCH] api: fix seccomp_export_bpf_mem out-of-bounds read
+
+*len is the length of the destination buffer, but program->blks is
+probably not anywhere near that long.  It's already been checked above
+that BPF_PGM_SIZE(program) is less than or equal to *len, so that's
+the correct value to use here to avoid either reading or writing too
+much.
+
+I noticed this because tests/11-basic-basic_errors started failing on
+musl after e797591 ("all: add seccomp_precompute() functionality").
+
+Signed-off-by: Alyssa Ross <hi@alyssa.is>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+(imported from commit e8dbc6b555fb936bdfb8ab86f9a45fda96a8b7a2)
+---
+ src/api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/api.c b/src/api.c
+index adccef32..65a277a4 100644
+--- a/src/api.c
++++ b/src/api.c
+@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf,
+ 		if (BPF_PGM_SIZE(program) > *len)
+ 			rc = _rc_filter(-ERANGE);
+ 		else
+-			memcpy(buf, program->blks, *len);
++			memcpy(buf, program->blks, BPF_PGM_SIZE(program));
+ 	}
+ 	*len = BPF_PGM_SIZE(program);
+ 
+
diff --git a/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.6.0-r2.ebuild
index cbdd8dc79a61..ef1c9999b334 100644
--- a/sys-libs/libseccomp/libseccomp-2.6.0-r1.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.6.0-r2.ebuild
@@ -48,7 +48,8 @@ PATCHES=(
 	"${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
 	"${FILESDIR}"/${P}-drop-bogus-test.patch
-	"${FILESDIR}"/${PN}-2.6.0-aliasing.patch
+	"${FILESDIR}"/${P}-aliasing.patch
+	"${FILESDIR}"/${P}-bounds.patch
 )
 
 src_prepare() {