commit: 728f8c43b8b540f37871be3080ac63c05a9cf6a7 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Mon Sep 7 16:55:11 2020 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Mon Sep 7 16:55:11 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=728f8c43
sys-apps/file: backport a seccomp fix for musl Closes: https://bugs.gentoo.org/728978 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> sys-apps/file/file-5.39-r1.ebuild | 140 --------------------- .../{file-5.39-r2.ebuild => file-5.39-r3.ebuild} | 5 +- sys-apps/file/file-5.39.ebuild | 140 --------------------- .../file/files/file-5.39-add-missing-termios.patch | 35 +++--- ...ndbox.patch => file-5.39-portage-sandbox.patch} | 18 ++- sys-apps/file/files/file-5.39-seccomp-musl.patch | 37 ++++++ .../file/files/file-5.39-seccomp_sandbox.patch | 13 -- 7 files changed, 67 insertions(+), 321 deletions(-) diff --git a/sys-apps/file/file-5.39-r1.ebuild b/sys-apps/file/file-5.39-r1.ebuild deleted file mode 100644 index 8333fd922e2..00000000000 --- a/sys-apps/file/file-5.39-r1.ebuild +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..9} ) -DISTUTILS_OPTIONAL=1 - -inherit autotools distutils-r1 libtool toolchain-funcs multilib-minimal - -if [[ ${PV} == "9999" ]] ; then - EGIT_REPO_URI="https://github.com/glensc/file.git"; - inherit git-r3 -else - SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"; - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -fi - -DESCRIPTION="identify a file's format by scanning binary data for patterns" -HOMEPAGE="https://www.darwinsys.com/file/"; - -LICENSE="BSD-2" -SLOT="0" -IUSE="bzip2 lzma python seccomp static-libs zlib" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -DEPEND=" - bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) - lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] ) - python? ( - ${PYTHON_DEPS} - dev-python/setuptools[${PYTHON_USEDEP}] - ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" -RDEPEND="${DEPEND} - python? ( !dev-python/python-magic ) - seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )" - -PATCHES=( - "${FILESDIR}/${PN}-5.39-portage_sandbox.patch" #713710 #728978 -) - -src_prepare() { - default - eautoreconf - elibtoolize - - # don't let python README kill main README #60043 - mv python/README.md python/README.python.md || die - sed '[email protected]@README.python.md@' -i python/setup.py || die #662090 -} - -multilib_src_configure() { - local myeconfargs=( - --enable-fsect-man5 - $(use_enable bzip2 bzlib) - $(use_enable lzma xzlib) - $(use_enable seccomp libseccomp) - $(use_enable static-libs static) - $(use_enable zlib) - ) - econf "${myeconfargs[@]}" -} - -build_src_configure() { - local myeconfargs=( - --disable-shared - --disable-libseccomp - --disable-bzlib - --disable-xzlib - --disable-zlib - ) - tc-env_build econf "${myeconfargs[@]}" -} - -need_build_file() { - # when cross-compiling, we need to build up our own file - # because people often don't keep matching host/target - # file versions #362941 - tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}" -} - -src_configure() { - local ECONF_SOURCE=${S} - - if need_build_file; then - mkdir -p "${WORKDIR}"/build || die - cd "${WORKDIR}"/build || die - build_src_configure - fi - - multilib-minimal_src_configure -} - -multilib_src_compile() { - if multilib_is_native_abi ; then - emake - else - cd src || die - emake magic.h #586444 - emake libmagic.la - fi -} - -src_compile() { - if need_build_file; then - emake -C "${WORKDIR}"/build/src magic.h #586444 - emake -C "${WORKDIR}"/build/src file - local -x PATH="${WORKDIR}/build/src:${PATH}" - fi - multilib-minimal_src_compile - - if use python ; then - cd python || die - distutils-r1_src_compile - fi -} - -multilib_src_install() { - if multilib_is_native_abi ; then - default - else - emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}" - fi -} - -multilib_src_install_all() { - dodoc ChangeLog MAINT README - - # Required for `file -C` - dodir /usr/share/misc/magic - insinto /usr/share/misc/magic - doins -r magic/Magdir/* - - if use python ; then - cd python || die - distutils-r1_src_install - fi - find "${ED}" -type f -name "*.la" -delete || die -} diff --git a/sys-apps/file/file-5.39-r2.ebuild b/sys-apps/file/file-5.39-r3.ebuild similarity index 95% rename from sys-apps/file/file-5.39-r2.ebuild rename to sys-apps/file/file-5.39-r3.ebuild index 645a8516962..c8425291ed7 100644 --- a/sys-apps/file/file-5.39-r2.ebuild +++ b/sys-apps/file/file-5.39-r3.ebuild @@ -37,8 +37,9 @@ RDEPEND="${DEPEND} seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )" PATCHES=( - "${FILESDIR}/${PN}-5.39-portage_sandbox.patch" #713710 #728978 - "${FILESDIR}/${P}-add-missing-termios.patch" #728416 + "${FILESDIR}/file-5.39-add-missing-termios.patch" #728416 + "${FILESDIR}/file-5.39-seccomp-musl.patch" + "${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978 ) src_prepare() { diff --git a/sys-apps/file/file-5.39.ebuild b/sys-apps/file/file-5.39.ebuild deleted file mode 100644 index 98499a3c73d..00000000000 --- a/sys-apps/file/file-5.39.ebuild +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..9} ) -DISTUTILS_OPTIONAL=1 - -inherit autotools distutils-r1 libtool toolchain-funcs multilib-minimal - -if [[ ${PV} == "9999" ]] ; then - EGIT_REPO_URI="https://github.com/glensc/file.git"; - inherit git-r3 -else - SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"; - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -fi - -DESCRIPTION="identify a file's format by scanning binary data for patterns" -HOMEPAGE="https://www.darwinsys.com/file/"; - -LICENSE="BSD-2" -SLOT="0" -IUSE="bzip2 lzma python seccomp static-libs zlib" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -DEPEND=" - bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) - lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] ) - python? ( - ${PYTHON_DEPS} - dev-python/setuptools[${PYTHON_USEDEP}] - ) - zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" -RDEPEND="${DEPEND} - python? ( !dev-python/python-magic ) - seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )" - -PATCHES=( - "${FILESDIR}/${PN}-5.39-seccomp_sandbox.patch" #713710 -) - -src_prepare() { - default - eautoreconf - elibtoolize - - # don't let python README kill main README #60043 - mv python/README.md python/README.python.md || die - sed '[email protected]@README.python.md@' -i python/setup.py || die #662090 -} - -multilib_src_configure() { - local myeconfargs=( - --enable-fsect-man5 - $(use_enable bzip2 bzlib) - $(use_enable lzma xzlib) - $(use_enable seccomp libseccomp) - $(use_enable static-libs static) - $(use_enable zlib) - ) - econf "${myeconfargs[@]}" -} - -build_src_configure() { - local myeconfargs=( - --disable-shared - --disable-libseccomp - --disable-bzlib - --disable-xzlib - --disable-zlib - ) - tc-env_build econf "${myeconfargs[@]}" -} - -need_build_file() { - # when cross-compiling, we need to build up our own file - # because people often don't keep matching host/target - # file versions #362941 - tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}" -} - -src_configure() { - local ECONF_SOURCE=${S} - - if need_build_file; then - mkdir -p "${WORKDIR}"/build || die - cd "${WORKDIR}"/build || die - build_src_configure - fi - - multilib-minimal_src_configure -} - -multilib_src_compile() { - if multilib_is_native_abi ; then - emake - else - cd src || die - emake magic.h #586444 - emake libmagic.la - fi -} - -src_compile() { - if need_build_file; then - emake -C "${WORKDIR}"/build/src magic.h #586444 - emake -C "${WORKDIR}"/build/src file - local -x PATH="${WORKDIR}/build/src:${PATH}" - fi - multilib-minimal_src_compile - - if use python ; then - cd python || die - distutils-r1_src_compile - fi -} - -multilib_src_install() { - if multilib_is_native_abi ; then - default - else - emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}" - fi -} - -multilib_src_install_all() { - dodoc ChangeLog MAINT README - - # Required for `file -C` - dodir /usr/share/misc/magic - insinto /usr/share/misc/magic - doins -r magic/Magdir/* - - if use python ; then - cd python || die - distutils-r1_src_install - fi - find "${ED}" -type f -name "*.la" -delete || die -} diff --git a/sys-apps/file/files/file-5.39-add-missing-termios.patch b/sys-apps/file/files/file-5.39-add-missing-termios.patch index e6cba0d4c28..0614f52dd27 100644 --- a/sys-apps/file/files/file-5.39-add-missing-termios.patch +++ b/sys-apps/file/files/file-5.39-add-missing-termios.patch @@ -1,27 +1,30 @@ -From 769e9868c17a471323b81b12cab851c9fd22baf4 Mon Sep 17 00:00:00 2001 -From: Georgy Yakovlev <[email protected]> -Date: Mon, 15 Jun 2020 14:18:45 -0700 -Subject: [PATCH] add missing termios.h include +From 471e2c6c61ecd30ba6e304ae0444d364cfd44254 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas <[email protected]> +Date: Thu, 18 Jun 2020 16:25:12 +0000 +Subject: [PATCH] PR/168: gyakovlev: Include <termios.h> -on ppc, TCGETS relies on struct termios being complete, on other -architectures it does not. -so termios.h should be included before ioctl.h --- - src/seccomp.c | 1 + - 1 file changed, 1 insertion(+) + src/seccomp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/seccomp.c b/src/seccomp.c -index e667adf..296f5b3 100644 +index e667adfe4..68c56485d 100644 --- a/src/seccomp.c +++ b/src/seccomp.c -@@ -33,6 +33,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $") +@@ -27,7 +27,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $") ++FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $") + #endif /* lint */ + #if HAVE_LIBSECCOMP - #include <seccomp.h> /* libseccomp */ +@@ -35,6 +35,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $") #include <sys/prctl.h> /* prctl */ -+#include <termios.h> #include <sys/ioctl.h> #include <sys/socket.h> ++#include <termios.h> #include <fcntl.h> --- -2.27.0 - + #include <stdlib.h> + #include <errno.h> diff --git a/sys-apps/file/files/file-5.39-portage_sandbox.patch b/sys-apps/file/files/file-5.39-portage-sandbox.patch similarity index 51% rename from sys-apps/file/files/file-5.39-portage_sandbox.patch rename to sys-apps/file/files/file-5.39-portage-sandbox.patch index ff2caed413f..3ea26641671 100644 --- a/sys-apps/file/files/file-5.39-portage_sandbox.patch +++ b/sys-apps/file/files/file-5.39-portage-sandbox.patch @@ -1,28 +1,26 @@ -From 7e1d9d51329a0e0f3d9cd1dbc3f9509251950e81 Mon Sep 17 00:00:00 2001 +From 81765a2d4fcce23f42495d5ec03bbfecb2a3c381 Mon Sep 17 00:00:00 2001 From: tka <[email protected]> Date: Wed, 24 Jun 2020 11:18:45 +0200 Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox -Gentoo-bug: https://bugs.gentoo.org/728978 -Signed-off-by: Lars Wendler <[email protected]> +Bug: https://bugs.gentoo.org/728978 --- - src/seccomp.c | 3 +++ - 1 file changed, 3 insertions(+) + src/seccomp.c | 2 ++ + 1 file changed, 2 insertions(+) diff --git a/src/seccomp.c b/src/seccomp.c -index 68c56485..af55918e 100644 +index db9364ae..7f5d6f26 100644 --- a/src/seccomp.c +++ b/src/seccomp.c -@@ -227,6 +227,9 @@ enable_sandbox_full(void) - ALLOW_RULE(unlink); +@@ -229,6 +229,8 @@ enable_sandbox_full(void) ALLOW_RULE(write); + ALLOW_RULE(writev); + // needed by Gentoo's portage sandbox + ALLOW_RULE(getcwd); -+ #if 0 // needed by valgrind -- -2.27.0 +2.28.0 diff --git a/sys-apps/file/files/file-5.39-seccomp-musl.patch b/sys-apps/file/files/file-5.39-seccomp-musl.patch new file mode 100644 index 00000000000..72836de67e5 --- /dev/null +++ b/sys-apps/file/files/file-5.39-seccomp-musl.patch @@ -0,0 +1,37 @@ +From 93c91e2ba8042d499fee168e27cbd526438454c6 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas <[email protected]> +Date: Sat, 5 Sep 2020 17:20:32 +0000 +Subject: [PATCH] PR/194: puchuu: Handle muslc syscalls + +--- + src/seccomp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 68c56485d..db9364ae4 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -27,7 +27,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $") ++FILE_RCSID("@(#)$File: seccomp.c,v 1.17 2020/09/05 17:20:32 christos Exp $") + #endif /* lint */ + + #if HAVE_LIBSECCOMP +@@ -220,12 +220,14 @@ enable_sandbox_full(void) + ALLOW_RULE(rt_sigreturn); + ALLOW_RULE(select); + ALLOW_RULE(stat); ++ ALLOW_RULE(statx); + ALLOW_RULE(stat64); + ALLOW_RULE(sysinfo); + ALLOW_RULE(umask); // Used in file_pipe2file() + ALLOW_RULE(getpid); // Used by glibc in file_pipe2file() + ALLOW_RULE(unlink); + ALLOW_RULE(write); ++ ALLOW_RULE(writev); + + + #if 0 diff --git a/sys-apps/file/files/file-5.39-seccomp_sandbox.patch b/sys-apps/file/files/file-5.39-seccomp_sandbox.patch deleted file mode 100644 index da0a0ff1f28..00000000000 --- a/sys-apps/file/files/file-5.39-seccomp_sandbox.patch +++ /dev/null @@ -1,13 +0,0 @@ -Don't call file with seccomp in portage sandbox. This will fail: - - make[2]: *** [Makefile:834: magic.mgc] Bad system call - ---- file-5.39/magic/Makefile.am -+++ file-5.39/magic/Makefile.am -@@ -352,5 +352,5 @@ - exit 1; \ - fi; \ - fi) -- $(FILE_COMPILE) -C -m magic -+ $(FILE_COMPILE) -S -C -m magic - @rm -fr magic
