[gentoo-commits] repo/gentoo:master commit in: sys-apps/file/files/, sys-apps/file/ - gentoo-commits

From:	Mike Gilbert <floppym@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-apps/file/files/, sys-apps/file/
Date:	Fri, 23 Apr 2021 19:11:30
Message-Id:	`1619205009.0813d843cb2a43c748fdf6c9d5ac6dc882104dcf.floppym@gentoo`

1

commit:     0813d843cb2a43c748fdf6c9d5ac6dc882104dcf

2

Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

3

AuthorDate: Fri Apr 23 19:10:09 2021 +0000

4

Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>

5

CommitDate: Fri Apr 23 19:10:09 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0813d843

7

8

sys-apps/file: allow faccessat and fstatat64 syscalls

9

10

Closes: https://bugs.gentoo.org/784857

11

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

12

13

 .../{file-5.40-r1.ebuild => file-5.40-r2.ebuild}   |  2 ++

14

 .../file/files/file-5.40-seccomp-faccessat.patch   | 34 ++++++++++++++++++++++

15

 .../file/files/file-5.40-seccomp-fstatat64.patch   | 29 ++++++++++++++++++

16

 3 files changed, 65 insertions(+)

17

18

diff --git a/sys-apps/file/file-5.40-r1.ebuild b/sys-apps/file/file-5.40-r2.ebuild

19

similarity index 96%

20

rename from sys-apps/file/file-5.40-r1.ebuild

21

rename to sys-apps/file/file-5.40-r2.ebuild

22

index a901c2a4003..f46a59bccfa 100644

23

--- a/sys-apps/file/file-5.40-r1.ebuild

24

+++ b/sys-apps/file/file-5.40-r2.ebuild

25

@@ -39,6 +39,8 @@ RDEPEND="${DEPEND}

26

 PATCHES=(

27

 	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978

28

 	"${FILESDIR}/file-5.40-xz_magic.patch" #784773

29

+	"${FILESDIR}/file-5.40-seccomp-faccessat.patch"

30

+	"${FILESDIR}/file-5.40-seccomp-fstatat64.patch" #784857

31

)

32

33

 src_prepare() {

34

35

diff --git a/sys-apps/file/files/file-5.40-seccomp-faccessat.patch b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch

36

new file mode 100644

37

index 00000000000..4aeb88cfe87

38

--- /dev/null

39

+++ b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch

40

@@ -0,0 +1,34 @@

41

+From abcd583135bb0762e6bfd0f2e06c50bea1fb3cd0 Mon Sep 17 00:00:00 2001

42

+From: Christos Zoulas <christos@××××××.com>

43

+Date: Tue, 6 Apr 2021 22:02:17 +0000

44

+Subject: [PATCH] On ARM64 Linux access() syscall is no longer a real syscall

45

+ to the kernel. Instead it's emulated by glibc with a new faccessat() syscall.

46

+ (Icenowy Zheng)

47

+

48

+---

49

+ src/seccomp.c | 5 ++++-

50

+ 1 file changed, 4 insertions(+), 1 deletion(-)

51

+

52

+diff --git a/src/seccomp.c b/src/seccomp.c

53

+index 0da907ff7..81842cf5c 100644

54

+--- a/src/seccomp.c

55

++++ b/src/seccomp.c

56

+@@ -27,7 +27,7 @@

57

+ #include "file.h"

58

+

59

+ #ifndef	lint

60

+-FILE_RCSID("@(#)$File: seccomp.c,v 1.18 2021/03/14 17:01:58 christos Exp $")

61

++FILE_RCSID("@(#)$File: seccomp.c,v 1.19 2021/04/06 22:02:17 christos Exp $")

62

+ #endif	/* lint */

63

+

64

+ #if HAVE_LIBSECCOMP

65

+@@ -171,6 +171,9 @@ enable_sandbox_full(void)

66

+ 	ALLOW_RULE(dup2);

67

+ 	ALLOW_RULE(exit);

68

+ 	ALLOW_RULE(exit_group);

69

++#ifdef __NR_faccessat

70

++	ALLOW_RULE(faccessat);

71

++#endif

72

+ 	ALLOW_RULE(fcntl);

73

+  	ALLOW_RULE(fcntl64);

74

+ 	ALLOW_RULE(fstat);

75

76

diff --git a/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch

77

new file mode 100644

78

index 00000000000..57d04e5f40c

79

--- /dev/null

80

+++ b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch

81

@@ -0,0 +1,29 @@

82

+From e3d0265a147878b6c2903bcc83b9842dff68ceb4 Mon Sep 17 00:00:00 2001

83

+From: Mike Gilbert <floppym@g.o>

84

+Date: Fri, 23 Apr 2021 15:00:42 -0400

85

+Subject: [PATCH] seccomp: allow fstatat64

86

+

87

+This is needed for the libsandbox LD_PRELOAD wrapper on Gentoo Linux.

88

+

89

+Bug: https://bugs.gentoo.org/784857

90

+---

91

+ src/seccomp.c | 3 +++

92

+ 1 file changed, 3 insertions(+)

93

+

94

+diff --git a/src/seccomp.c b/src/seccomp.c

95

+index 81842cf5..43abc684 100644

96

+--- a/src/seccomp.c

97

++++ b/src/seccomp.c

98

+@@ -178,6 +178,9 @@ enable_sandbox_full(void)

99

+  	ALLOW_RULE(fcntl64);

100

+ 	ALLOW_RULE(fstat);

101

+  	ALLOW_RULE(fstat64);

102

++#ifdef __NR_fstatat64

103

++	ALLOW_RULE(fstatat64);

104

++#endif

105

+ 	ALLOW_RULE(futex);

106

+ 	ALLOW_RULE(getdents);

107

+ #ifdef __NR_getdents64

108

+--

109

+2.31.1

110

+

1	commit: 0813d843cb2a43c748fdf6c9d5ac6dc882104dcf
2	Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3	AuthorDate: Fri Apr 23 19:10:09 2021 +0000
4	Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5	CommitDate: Fri Apr 23 19:10:09 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0813d843
7
8	sys-apps/file: allow faccessat and fstatat64 syscalls
9
10	Closes: https://bugs.gentoo.org/784857
11	Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
12
13	.../{file-5.40-r1.ebuild => file-5.40-r2.ebuild} \| 2 ++
14	.../file/files/file-5.40-seccomp-faccessat.patch \| 34 ++++++++++++++++++++++
15	.../file/files/file-5.40-seccomp-fstatat64.patch \| 29 ++++++++++++++++++
16	3 files changed, 65 insertions(+)
17
18	diff --git a/sys-apps/file/file-5.40-r1.ebuild b/sys-apps/file/file-5.40-r2.ebuild
19	similarity index 96%
20	rename from sys-apps/file/file-5.40-r1.ebuild
21	rename to sys-apps/file/file-5.40-r2.ebuild
22	index a901c2a4003..f46a59bccfa 100644
23	--- a/sys-apps/file/file-5.40-r1.ebuild
24	+++ b/sys-apps/file/file-5.40-r2.ebuild
25	@@ -39,6 +39,8 @@ RDEPEND="${DEPEND}
26	PATCHES=(
27	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
28	"${FILESDIR}/file-5.40-xz_magic.patch" #784773
29	+ "${FILESDIR}/file-5.40-seccomp-faccessat.patch"
30	+ "${FILESDIR}/file-5.40-seccomp-fstatat64.patch" #784857
31	)
32
33	src_prepare() {
34
35	diff --git a/sys-apps/file/files/file-5.40-seccomp-faccessat.patch b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch
36	new file mode 100644
37	index 00000000000..4aeb88cfe87
38	--- /dev/null
39	+++ b/sys-apps/file/files/file-5.40-seccomp-faccessat.patch
40	@@ -0,0 +1,34 @@
41	+From abcd583135bb0762e6bfd0f2e06c50bea1fb3cd0 Mon Sep 17 00:00:00 2001
42	+From: Christos Zoulas <christos@××××××.com>
43	+Date: Tue, 6 Apr 2021 22:02:17 +0000
44	+Subject: [PATCH] On ARM64 Linux access() syscall is no longer a real syscall
45	+ to the kernel. Instead it's emulated by glibc with a new faccessat() syscall.
46	+ (Icenowy Zheng)
47	+
48	+---
49	+ src/seccomp.c \| 5 ++++-
50	+ 1 file changed, 4 insertions(+), 1 deletion(-)
51	+
52	+diff --git a/src/seccomp.c b/src/seccomp.c
53	+index 0da907ff7..81842cf5c 100644
54	+--- a/src/seccomp.c
55	++++ b/src/seccomp.c
56	+@@ -27,7 +27,7 @@
57	+ #include "file.h"
58	+
59	+ #ifndef lint
60	+-FILE_RCSID("@(#)$File: seccomp.c,v 1.18 2021/03/14 17:01:58 christos Exp $")
61	++FILE_RCSID("@(#)$File: seccomp.c,v 1.19 2021/04/06 22:02:17 christos Exp $")
62	+ #endif /* lint */
63	+
64	+ #if HAVE_LIBSECCOMP
65	+@@ -171,6 +171,9 @@ enable_sandbox_full(void)
66	+ ALLOW_RULE(dup2);
67	+ ALLOW_RULE(exit);
68	+ ALLOW_RULE(exit_group);
69	++#ifdef __NR_faccessat
70	++ ALLOW_RULE(faccessat);
71	++#endif
72	+ ALLOW_RULE(fcntl);
73	+ ALLOW_RULE(fcntl64);
74	+ ALLOW_RULE(fstat);
75
76	diff --git a/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch
77	new file mode 100644
78	index 00000000000..57d04e5f40c
79	--- /dev/null
80	+++ b/sys-apps/file/files/file-5.40-seccomp-fstatat64.patch
81	@@ -0,0 +1,29 @@
82	+From e3d0265a147878b6c2903bcc83b9842dff68ceb4 Mon Sep 17 00:00:00 2001
83	+From: Mike Gilbert <floppym@g.o>
84	+Date: Fri, 23 Apr 2021 15:00:42 -0400
85	+Subject: [PATCH] seccomp: allow fstatat64
86	+
87	+This is needed for the libsandbox LD_PRELOAD wrapper on Gentoo Linux.
88	+
89	+Bug: https://bugs.gentoo.org/784857
90	+---
91	+ src/seccomp.c \| 3 +++
92	+ 1 file changed, 3 insertions(+)
93	+
94	+diff --git a/src/seccomp.c b/src/seccomp.c
95	+index 81842cf5..43abc684 100644
96	+--- a/src/seccomp.c
97	++++ b/src/seccomp.c
98	+@@ -178,6 +178,9 @@ enable_sandbox_full(void)
99	+ ALLOW_RULE(fcntl64);
100	+ ALLOW_RULE(fstat);
101	+ ALLOW_RULE(fstat64);
102	++#ifdef __NR_fstatat64
103	++ ALLOW_RULE(fstatat64);
104	++#endif
105	+ ALLOW_RULE(futex);
106	+ ALLOW_RULE(getdents);
107	+ #ifdef __NR_getdents64
108	+--
109	+2.31.1
110	+

Gentoo Archives: gentoo-commits