[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/ - gentoo-commits

From:	Mike Gilbert <floppym@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/
Date:	Wed, 23 Dec 2020 19:15:08
Message-Id:	`1608750831.de6efe6b3e28eea299401244e7b506a6f9c22d51.floppym@gentoo`

1

commit:     de6efe6b3e28eea299401244e7b506a6f9c22d51

2

Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

3

AuthorDate: Wed Dec 23 19:13:51 2020 +0000

4

Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

5

CommitDate: Wed Dec 23 19:13:51 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de6efe6b

7

8

sys-apps/man-db: allow clock_gettime64 syscall

9

10

Closes: https://bugs.gentoo.org/744712

11

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

12

13

 .../files/man-db-2.9.3-clock_gettime64.patch       | 44 ++++++++++++++++++++++

14

 .../{man-db-9999.ebuild => man-db-2.9.3-r1.ebuild} |  5 ++-

15

 sys-apps/man-db/man-db-9999.ebuild                 |  4 +-

16

 3 files changed, 51 insertions(+), 2 deletions(-)

17

18

diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch

19

new file mode 100644

20

index 00000000000..0da1b2c5b2b

21

--- /dev/null

22

+++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch

23

@@ -0,0 +1,44 @@

24

+From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001

25

+From: "S. Gilles" <sgilles@×××.edu>

26

+Date: Wed, 12 Aug 2020 16:40:07 -0400

27

+Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks

28

+

29

+libcs such as musl expect ENOSYS to be returned (not EPERM) in their

30

+fallback code, so change the seccomp filter to be more agreeable to

31

+them.

32

+

33

+At the same time, clock_gettime is permitted in the filter, so permit

34

+clock_gettime64 as well -- it will be needed by 2038 in any case.

35

+

36

+* lib/sandbox.c (make_seccomp_filter): Set default action to

37

+SCMP_ACT_ERRNO (ENOSYS).  Allow clock_gettime64.

38

+* NEWS: Document this.

39

+---

40

+ NEWS          | 9 +++++++++

41

+ lib/sandbox.c | 3 ++-

42

+ 2 files changed, 11 insertions(+), 1 deletion(-)

43

+

44

+diff --git a/lib/sandbox.c b/lib/sandbox.c

45

+index 21ec28aa..d934a0f9 100644

46

+--- a/lib/sandbox.c

47

++++ b/lib/sandbox.c

48

+@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)

49

+ 		;

50

+

51

+ 	debug ("initialising seccomp filter (permissive: %d)\n", permissive);

52

+-	ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM));

53

++	ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS));

54

+ 	if (!ctx)

55

+ 		error (FATAL, errno, "can't initialise seccomp filter");

56

+

57

+@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)

58

+ 	/* systemd: SystemCallFilter=@default */

59

+ 	SC_ALLOW ("clock_getres");

60

+ 	SC_ALLOW ("clock_gettime");

61

++	SC_ALLOW ("clock_gettime64");

62

+ 	SC_ALLOW ("clock_nanosleep");

63

+ 	SC_ALLOW ("execve");

64

+ 	SC_ALLOW ("exit");

65

+--

66

+cgit v1.2.1

67

+

68

69

diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild

70

similarity index 97%

71

copy from sys-apps/man-db/man-db-9999.ebuild

72

copy to sys-apps/man-db/man-db-2.9.3-r1.ebuild

73

index 25d02ea5f57..35e2bb5d6ce 100644

74

--- a/sys-apps/man-db/man-db-9999.ebuild

75

+++ b/sys-apps/man-db/man-db-2.9.3-r1.ebuild

76

@@ -46,7 +46,10 @@ RDEPEND="

77

"

78

 PDEPEND="manpager? ( app-text/manpager )"

79

80

-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )

81

+PATCHES=(

82

+	"${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch

83

+	"${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch

84

+)

85

86

 pkg_setup() {

87

 	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150

88

89

diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-9999.ebuild

90

index 25d02ea5f57..cf3711365b0 100644

91

--- a/sys-apps/man-db/man-db-9999.ebuild

92

+++ b/sys-apps/man-db/man-db-9999.ebuild

93

@@ -46,7 +46,9 @@ RDEPEND="

94

"

95

 PDEPEND="manpager? ( app-text/manpager )"

96

97

-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )

98

+PATCHES=(

99

+	"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch

100

+)

101

102

 pkg_setup() {

103

 	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150

1	commit: de6efe6b3e28eea299401244e7b506a6f9c22d51
2	Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3	AuthorDate: Wed Dec 23 19:13:51 2020 +0000
4	Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5	CommitDate: Wed Dec 23 19:13:51 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de6efe6b
7
8	sys-apps/man-db: allow clock_gettime64 syscall
9
10	Closes: https://bugs.gentoo.org/744712
11	Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
12
13	.../files/man-db-2.9.3-clock_gettime64.patch \| 44 ++++++++++++++++++++++
14	.../{man-db-9999.ebuild => man-db-2.9.3-r1.ebuild} \| 5 ++-
15	sys-apps/man-db/man-db-9999.ebuild \| 4 +-
16	3 files changed, 51 insertions(+), 2 deletions(-)
17
18	diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch
19	new file mode 100644
20	index 00000000000..0da1b2c5b2b
21	--- /dev/null
22	+++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch
23	@@ -0,0 +1,44 @@
24	+From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001
25	+From: "S. Gilles" <sgilles@×××.edu>
26	+Date: Wed, 12 Aug 2020 16:40:07 -0400
27	+Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks
28	+
29	+libcs such as musl expect ENOSYS to be returned (not EPERM) in their
30	+fallback code, so change the seccomp filter to be more agreeable to
31	+them.
32	+
33	+At the same time, clock_gettime is permitted in the filter, so permit
34	+clock_gettime64 as well -- it will be needed by 2038 in any case.
35	+
36	+* lib/sandbox.c (make_seccomp_filter): Set default action to
37	+SCMP_ACT_ERRNO (ENOSYS). Allow clock_gettime64.
38	+* NEWS: Document this.
39	+---
40	+ NEWS \| 9 +++++++++
41	+ lib/sandbox.c \| 3 ++-
42	+ 2 files changed, 11 insertions(+), 1 deletion(-)
43	+
44	+diff --git a/lib/sandbox.c b/lib/sandbox.c
45	+index 21ec28aa..d934a0f9 100644
46	+--- a/lib/sandbox.c
47	++++ b/lib/sandbox.c
48	+@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
49	+ ;
50	+
51	+ debug ("initialising seccomp filter (permissive: %d)\n", permissive);
52	+- ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM));
53	++ ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS));
54	+ if (!ctx)
55	+ error (FATAL, errno, "can't initialise seccomp filter");
56	+
57	+@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
58	+ /* systemd: SystemCallFilter=@default */
59	+ SC_ALLOW ("clock_getres");
60	+ SC_ALLOW ("clock_gettime");
61	++ SC_ALLOW ("clock_gettime64");
62	+ SC_ALLOW ("clock_nanosleep");
63	+ SC_ALLOW ("execve");
64	+ SC_ALLOW ("exit");
65	+--
66	+cgit v1.2.1
67	+
68
69	diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild
70	similarity index 97%
71	copy from sys-apps/man-db/man-db-9999.ebuild
72	copy to sys-apps/man-db/man-db-2.9.3-r1.ebuild
73	index 25d02ea5f57..35e2bb5d6ce 100644
74	--- a/sys-apps/man-db/man-db-9999.ebuild
75	+++ b/sys-apps/man-db/man-db-2.9.3-r1.ebuild
76	@@ -46,7 +46,10 @@ RDEPEND="
77	"
78	PDEPEND="manpager? ( app-text/manpager )"
79
80	-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )
81	+PATCHES=(
82	+ "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch
83	+ "${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch
84	+)
85
86	pkg_setup() {
87	if (use gdbm && use berkdb) \|\| (use !gdbm && use !berkdb) ; then #496150
88
89	diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-9999.ebuild
90	index 25d02ea5f57..cf3711365b0 100644
91	--- a/sys-apps/man-db/man-db-9999.ebuild
92	+++ b/sys-apps/man-db/man-db-9999.ebuild
93	@@ -46,7 +46,9 @@ RDEPEND="
94	"
95	PDEPEND="manpager? ( app-text/manpager )"
96
97	-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )
98	+PATCHES=(
99	+ "${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
100	+)
101
102	pkg_setup() {
103	if (use gdbm && use berkdb) \|\| (use !gdbm && use !berkdb) ; then #496150

Gentoo Archives: gentoo-commits