1 |
commit: 0f4f85ee3c19ff3acbcf724bf49a52db0766c7a5 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 31 14:40:47 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 31 14:45:35 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=0f4f85ee |
7 |
|
8 |
bin: pass -S to file to disable seccomp |
9 |
|
10 |
Files being installed by Portage are generally trusted but also the |
11 |
syscalls allowed by file are quite broad anyway. |
12 |
|
13 |
Things can go catastrophically wrong if file misses valid input, |
14 |
as we may have invalid VDB metadata. |
15 |
|
16 |
Bug: https://bugs.gentoo.org/811462 |
17 |
Bug: https://bugs.gentoo.org/815877 |
18 |
Bug: https://bugs.gentoo.org/889046 |
19 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
20 |
|
21 |
NEWS | 16 +++++++++++++--- |
22 |
bin/estrip | 2 +- |
23 |
bin/install-qa-check.d/10ignored-flags | 2 +- |
24 |
bin/misc-functions.sh | 2 +- |
25 |
4 files changed, 16 insertions(+), 6 deletions(-) |
26 |
|
27 |
diff --git a/NEWS b/NEWS |
28 |
index 77fd317b7..773df02b0 100644 |
29 |
--- a/NEWS |
30 |
+++ b/NEWS |
31 |
@@ -6,15 +6,25 @@ Features: |
32 |
|
33 |
Bug fixes: |
34 |
* checksum: Rewrite Whirlpool implementation as a C extension to substantially improve |
35 |
- performance. This only takes effect with OpenSSL 3 and newer. See bug #885909. |
36 |
+ performance (bug #885909). |
37 |
+ |
38 |
+ This only takes effect with OpenSSL 3 and newer (unnecessary otherwise). |
39 |
|
40 |
Whirlpool is considered deprecated within Portage and we recommend that |
41 |
repository maintainers remove it from `metadata/layout.conf`! |
42 |
|
43 |
* sync: git: Fix "is shallow git repository" check. |
44 |
|
45 |
-* bin/*: Rewrite signal handling which will now correctly rethrow SIGINT |
46 |
- and not confuse shells. See bug #887817. |
47 |
+* bin: Rewrite signal handling which will now correctly rethrow SIGINT |
48 |
+ and not confuse shells (bug #887817). |
49 |
+ |
50 |
+* bin: Pass -S to file(1) to avoid seccomp sandbox issues (bug #811462, bug #889046). |
51 |
+ |
52 |
+ Files being installed by Portage are generally trusted but also the |
53 |
+ syscalls allowed by file are quite broad anyway. |
54 |
+ |
55 |
+ Things can go catastrophically wrong if file misses valid input, |
56 |
+ as we may have invalid VDB metadata. |
57 |
|
58 |
portage-3.0.42 (2022-12-26) |
59 |
-------------- |
60 |
|
61 |
diff --git a/bin/estrip b/bin/estrip |
62 |
index 6738fb4d3..cb4caca3e 100755 |
63 |
--- a/bin/estrip |
64 |
+++ b/bin/estrip |
65 |
@@ -489,7 +489,7 @@ do |
66 |
|
67 |
( |
68 |
__multijob_child_init |
69 |
- f=$(file "${x}") || exit 0 |
70 |
+ f=$(file -S "${x}") || exit 0 |
71 |
[[ -z ${f} ]] && exit 0 |
72 |
|
73 |
if ${SKIP_STRIP} ; then |
74 |
|
75 |
diff --git a/bin/install-qa-check.d/10ignored-flags b/bin/install-qa-check.d/10ignored-flags |
76 |
index 0bda8eced..b55b074e1 100644 |
77 |
--- a/bin/install-qa-check.d/10ignored-flags |
78 |
+++ b/bin/install-qa-check.d/10ignored-flags |
79 |
@@ -31,7 +31,7 @@ ignored_flag_check() { |
80 |
# Separate out file types that are known to support |
81 |
# .GCC.command.line sections, using the `file` command |
82 |
# similar to how prepstrip uses it. |
83 |
- f=$(file "${x}") || continue |
84 |
+ f=$(file -S "${x}") || continue |
85 |
[[ -z ${f} ]] && continue |
86 |
if [[ ${f} == *"SB executable"* || ${f} == *"SB pie executable"* || |
87 |
${f} == *"SB shared object"* ]] ; then |
88 |
|
89 |
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh |
90 |
index fc2a36fb3..55c4afe73 100755 |
91 |
--- a/bin/misc-functions.sh |
92 |
+++ b/bin/misc-functions.sh |
93 |
@@ -212,7 +212,7 @@ install_qa_check() { |
94 |
needed=${l%%;*}; l=${l#*;} |
95 |
|
96 |
# Infer implicit soname from basename (bug 715162). |
97 |
- if [[ -z ${soname} && $(file "${D%/}${obj}") == *"SB shared object"* ]]; then |
98 |
+ if [[ -z ${soname} && $(file -S "${D%/}${obj}") == *"SB shared object"* ]]; then |
99 |
soname=${obj##*/} |
100 |
fi |