1 |
slyfox 11/02/05 15:37:16 |
2 |
|
3 |
Added: |
4 |
ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch |
5 |
Log: |
6 |
Backported libffi fix from upstream. It fixes GHCi operation on GRSEC kernel for TPE restricted users. Thanks to klondike! |
7 |
|
8 |
(Portage version: 2.1.9.25/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 dev-lang/ghc/files/ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/ghc/files/ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-lang/ghc/files/ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: ghc-6.12.3-libffi-incorrect-detection-of-selinux.patch |
17 |
=================================================================== |
18 |
From 6d011f0865dc99d9306b5768ccd1eaa0355d994e Mon Sep 17 00:00:00 2001 |
19 |
From: Sergei Trofimovich <slyfox@g.o> |
20 |
Date: Sat, 5 Feb 2011 11:53:33 +0200 |
21 |
Subject: [PATCH] libffi: backport incorrect detection of selinux |
22 |
|
23 |
This patch unbreaks ghci on GRSEC kernels hardened with |
24 |
TPE (Trusted Path Execution) protection. |
25 |
|
26 |
TPE forbids mmap('rwx') files opened for writes: |
27 |
fd = open (a_file_in_tmp, O_RDWR); |
28 |
mmap (..., PROT_READ | PROT_WRITE | PROT_EXEC, fd); |
29 |
|
30 |
while allows anonymous RWX mappings: |
31 |
mmap (...MAP_ANONYMOUS , PROT_READ | PROT_WRITE | PROT_EXEC, -1); |
32 |
|
33 |
Thanks to klondike for finding it out. |
34 |
|
35 |
Signed-off-by: Sergei Trofimovich <slyfox@g.o> |
36 |
--- |
37 |
libffi/ghc.mk | 2 ++ |
38 |
libffi/libffi.selinux-detection-3.0.8.patch | 15 +++++++++++++++ |
39 |
2 files changed, 17 insertions(+), 0 deletions(-) |
40 |
create mode 100644 libffi/libffi.selinux-detection-3.0.8.patch |
41 |
|
42 |
diff --git a/libffi/ghc.mk b/libffi/ghc.mk |
43 |
index 1b1b118..a40f23c 100644 |
44 |
--- a/libffi/ghc.mk |
45 |
+++ b/libffi/ghc.mk |
46 |
@@ -117,6 +117,8 @@ $(libffi_STAMP_CONFIGURE): |
47 |
# This patch is just the resulting delta from running |
48 |
# automake && autoreconf && libtoolize --force --copy |
49 |
cd libffi/build && "$(PATCH)" -p1 < ../libffi.autotools-update-3.0.8.patch |
50 |
+ # don't report nonselinux systems as selinux |
51 |
+ cd libffi/build && "$(PATCH)" -p0 < ../libffi.selinux-detection-3.0.8.patch |
52 |
|
53 |
# Because -Werror may be in SRC_CC_OPTS/SRC_LD_OPTS, we need to turn |
54 |
# warnings off or the compilation of libffi might fail due to warnings |
55 |
diff --git a/libffi/libffi.selinux-detection-3.0.8.patch b/libffi/libffi.selinux-detection-3.0.8.patch |
56 |
new file mode 100644 |
57 |
index 0000000..a919f28 |
58 |
--- /dev/null |
59 |
+++ b/libffi/libffi.selinux-detection-3.0.8.patch |
60 |
@@ -0,0 +1,15 @@ |
61 |
+src/closures.c (selinux_enabled_check): Fix strncmp usage bug. |
62 |
+ |
63 |
+http://github.com/atgreen/libffi/commit/eaf444eabc4c78703c0f98ac0197b1619c1b1bef |
64 |
+ |
65 |
+--- src/closures.c |
66 |
++++ src/closures.c |
67 |
+@@ -146,7 +146,7 @@ |
68 |
+ p = strchr (p + 1, ' '); |
69 |
+ if (p == NULL) |
70 |
+ break; |
71 |
+- if (strncmp (p + 1, "selinuxfs ", 10) != 0) |
72 |
++ if (strncmp (p + 1, "selinuxfs ", 10) == 0) |
73 |
+ { |
74 |
+ free (buf); |
75 |
+ fclose (f); |
76 |
-- |
77 |
1.7.3.4 |