[arch-commits] Commit in pacman/trunk (2 files)
Levente Polyak
anthraxx at archlinux.org
Fri Jan 10 02:58:44 UTC 2020
Date: Friday, January 10, 2020 @ 02:58:43
Author: anthraxx
Revision: 373115
upgpkg: pacman 5.2.1-4: fix file-seccomp issue FS#65100
This issue was kind of stealthy as it didn't error out when file
is called in the strip.sh module in a subshell.
Added patch is proposed for 5.2.x tree, howver mainline replaced
the implementation by using readelf directly.
Added:
pacman/trunk/makepkg-fix-one-more-file-seccomp-issue.patch
Modified:
pacman/trunk/PKGBUILD
-----------------------------------------------+
PKGBUILD | 5 +++-
makepkg-fix-one-more-file-seccomp-issue.patch | 30 ++++++++++++++++++++++++
2 files changed, 34 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-01-10 01:27:11 UTC (rev 373114)
+++ PKGBUILD 2020-01-10 02:58:43 UTC (rev 373115)
@@ -4,7 +4,7 @@
pkgname=pacman
pkgver=5.2.1
-pkgrel=3
+pkgrel=4
pkgdesc="A library-based package manager with dependency support"
arch=('x86_64')
url="https://www.archlinux.org/pacman/"
@@ -23,11 +23,13 @@
'B8151B117037781095514CA7BBDFFC92306B1121') # Andrew Gregory (pacman) <andrew at archlinux.org>
source=(https://sources.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz{,.sig}
pacman-5.2.1-fix-pactest-package-tar-format.patch::https://git.archlinux.org/pacman.git/patch/?id=b9faf652735c603d1bdf849a570185eb721f11c1
+ makepkg-fix-one-more-file-seccomp-issue.patch
pacman.conf
makepkg.conf)
sha256sums=('1930c407265fd039cb3a8e6edc82f69e122aa9239d216d9d57b9d1b9315af312'
'SKIP'
'd268379269c9dfa6eb3358f8931d3c84ef5fa4d47fe22567022fcbac8e4638c1'
+ 'e481a161bba76729cd434c97e0b319ddfcb1d93b2e4890d72b4e8a32982531d9'
'3353f363088c73f1f86a890547c0f87c7473e5caf43bbbc768c2e9a7397f2aa2'
'8c100b64450f5a19a16325dd05c143d49395bdeb96bd957f863cde4b95d3cb86')
@@ -34,6 +36,7 @@
prepare() {
cd "$pkgname-$pkgver"
patch -Np1 < ../pacman-5.2.1-fix-pactest-package-tar-format.patch
+ patch -Np1 < ../makepkg-fix-one-more-file-seccomp-issue.patch
}
build() {
Added: makepkg-fix-one-more-file-seccomp-issue.patch
===================================================================
--- makepkg-fix-one-more-file-seccomp-issue.patch (rev 0)
+++ makepkg-fix-one-more-file-seccomp-issue.patch 2020-01-10 02:58:43 UTC (rev 373115)
@@ -0,0 +1,30 @@
+From 00cfc6c5c9700b597c384743c2f057a2ba7125e2 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz at archlinux.org>
+Date: Thu, 9 Jan 2020 20:49:17 -0500
+Subject: [pacman-dev] [PATCH] makepkg: fix one more file-seccomp issue
+
+When file is called via fakeroot, it doesn't matter whether you use -z
+or not, it is still incompatible with seccomp. Fix by configuring it
+with FILECMD when used in the fakeroot 'tidy' run.
+
+Signed-off-by: Eli Schwartz <eschwartz at archlinux.org>
+---
+ scripts/libmakepkg/tidy/strip.sh.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/libmakepkg/tidy/strip.sh.in b/scripts/libmakepkg/tidy/strip.sh.in
+index 1bd810f0..876f00f0 100644
+--- a/scripts/libmakepkg/tidy/strip.sh.in
++++ b/scripts/libmakepkg/tidy/strip.sh.in
+@@ -111,7 +111,7 @@ tidy_strip() {
+
+ local binary strip_flags
+ find . -type f -perm -u+w -print0 2>/dev/null | while IFS= read -rd '' binary ; do
+- case "$(file -bi "$binary")" in
++ case "$(@FILECMD@ -bi "$binary")" in
+ *application/x-sharedlib*) # Libraries (.so)
+ strip_flags="$STRIP_SHARED";;
+ *application/x-archive*) # Libraries (.a)
+--
+2.24.1
+
More information about the arch-commits
mailing list