| 1 |
slyfox 11/02/05 15:37:16 |
| 2 |
|
| 3 |
Added: |
| 4 |
ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch |
| 5 |
Log: |
| 6 |
Backported libffi fix from upstream. It fixes GHCi operation on GRSEC kernel for TPE restricted users. Thanks to klondike! |
| 7 |
|
| 8 |
(Portage version: 2.1.9.25/cvs/Linux x86_64) |
| 9 |
|
| 10 |
Revision Changes Path |
| 11 |
1.1 dev-lang/ghc/files/ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch |
| 12 |
|
| 13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/ghc/files/ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch?rev=1.1&view=markup |
| 14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/ghc/files/ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch?rev=1.1&content-type=text/plain |
| 15 |
|
| 16 |
Index: ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch |
| 17 |
=================================================================== |
| 18 |
From 6d011f0865dc99d9306b5768ccd1eaa0355d994e Mon Sep 17 00:00:00 2001 |
| 19 |
From: Sergei Trofimovich <slyfox@g.o> |
| 20 |
Date: Sat, 5 Feb 2011 11:53:33 +0200 |
| 21 |
Subject: [PATCH] libffi: backport incorrect detection of selinux |
| 22 |
|
| 23 |
This patch unbreaks ghci on GRSEC kernels hardened with |
| 24 |
TPE (Trusted Path Execution) protection. |
| 25 |
|
| 26 |
TPE forbids mmap('rwx') files opened for writes: |
| 27 |
fd = open (a_file_in_tmp, O_RDWR); |
| 28 |
mmap (..., PROT_READ | PROT_WRITE | PROT_EXEC, fd); |
| 29 |
|
| 30 |
while allows anonymous RWX mappings: |
| 31 |
mmap (...MAP_ANONYMOUS , PROT_READ | PROT_WRITE | PROT_EXEC, -1); |
| 32 |
|
| 33 |
Thanks to klondike for finding it out. |
| 34 |
|
| 35 |
Signed-off-by: Sergei Trofimovich <slyfox@g.o> |
| 36 |
--- |
| 37 |
libffi/ghc.mk | 2 ++ |
| 38 |
libffi/libffi.selinux-detection-3.0.8.patch | 15 +++++++++++++++ |
| 39 |
2 files changed, 17 insertions(+), 0 deletions(-) |
| 40 |
create mode 100644 libffi/libffi.selinux-detection-3.0.8.patch |
| 41 |
|
| 42 |
diff --git a/libffi/ghc.mk b/libffi/ghc.mk |
| 43 |
index 1b1b118..a40f23c 100644 |
| 44 |
--- a/libffi/ghc.mk |
| 45 |
+++ b/libffi/ghc.mk |
| 46 |
@@ -117,6 +117,8 @@ $(libffi_STAMP_CONFIGURE): |
| 47 |
# This patch is just the resulting delta from running |
| 48 |
# automake && autoreconf && libtoolize --force --copy |
| 49 |
cd libffi/build && "$(PATCH)" -p1 < ../libffi.autotools-update-3.0.8.patch |
| 50 |
+ # don't report nonselinux systems as selinux |
| 51 |
+ cd libffi/build && "$(PATCH)" -p0 < ../libffi.selinux-detection-3.0.8.patch |
| 52 |
|
| 53 |
# Because -Werror may be in SRC_CC_OPTS/SRC_LD_OPTS, we need to turn |
| 54 |
# warnings off or the compilation of libffi might fail due to warnings |
| 55 |
diff --git a/libffi/libffi.selinux-detection-3.0.8.patch b/libffi/libffi.selinux-detection-3.0.8.patch |
| 56 |
new file mode 100644 |
| 57 |
index 0000000..a919f28 |
| 58 |
--- /dev/null |
| 59 |
+++ b/libffi/libffi.selinux-detection-3.0.8.patch |
| 60 |
@@ -0,0 +1,15 @@ |
| 61 |
+src/closures.c (selinux_enabled_check): Fix strncmp usage bug. |
| 62 |
+ |
| 63 |
+http://github.com/atgreen/libffi/commit/eaf444eabc4c78703c0f98ac0197b1619c1b1bef |
| 64 |
+ |
| 65 |
+--- src/closures.c |
| 66 |
++++ src/closures.c |
| 67 |
+@@ -146,7 +146,7 @@ |
| 68 |
+ p = strchr (p + 1, ' '); |
| 69 |
+ if (p == NULL) |
| 70 |
+ break; |
| 71 |
+- if (strncmp (p + 1, "selinuxfs ", 10) != 0) |
| 72 |
++ if (strncmp (p + 1, "selinuxfs ", 10) == 0) |
| 73 |
+ { |
| 74 |
+ free (buf); |
| 75 |
+ fclose (f); |
| 76 |
-- |
| 77 |
1.7.3.4 |
Archives