[arch-commits] Commit in file/trunk (PKGBUILD file-5.38-seccomp-tcgets.patch)
Levente Polyak
anthraxx at archlinux.org
Thu Jan 23 19:19:11 UTC 2020
Date: Thursday, January 23, 2020 @ 19:19:10
Author: anthraxx
Revision: 373851
upgpkg: file 5.38-2: fix TCGETS call libseccomp sandbox
- sandbox blocks required TCGETS on console with glibc
Added:
file/trunk/file-5.38-seccomp-tcgets.patch
Modified:
file/trunk/PKGBUILD
--------------------------------+
PKGBUILD | 8 +++++---
file-5.38-seccomp-tcgets.patch | 28 ++++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-01-23 19:17:19 UTC (rev 373850)
+++ PKGBUILD 2020-01-23 19:19:10 UTC (rev 373851)
@@ -4,7 +4,7 @@
pkgname=file
pkgver=5.38
-pkgrel=1
+pkgrel=2
pkgdesc='File type identification utility'
arch=('x86_64')
license=('custom')
@@ -12,10 +12,12 @@
url='https://www.darwinsys.com/file/'
depends=('glibc' 'zlib' 'xz' 'bzip2' 'libseccomp' 'libseccomp.so')
provides=('libmagic.so')
-source=("ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"{,.asc})
+source=("ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"{,.asc}
+ file-5.38-seccomp-tcgets.patch)
validpgpkeys=('BE04995BA8F90ED0C0C176C471112AB16CB33B3A') # Christos Zoulas
sha256sums=('593c2ffc2ab349c5aea0f55fedfe4d681737b6b62376a9b3ad1e77b2cc19fa34'
- 'SKIP')
+ 'SKIP'
+ 'da6197e89ca53bd4f0d9009fa3a18c6fdb66dc07eb92e6bd77207eadb4548cfe')
prepare() {
cd $pkgname-$pkgver
Added: file-5.38-seccomp-tcgets.patch
===================================================================
--- file-5.38-seccomp-tcgets.patch (rev 0)
+++ file-5.38-seccomp-tcgets.patch 2020-01-23 19:19:10 UTC (rev 373851)
@@ -0,0 +1,28 @@
+From 78573ec1c43346064661169c5c8df32e7c3bd6d6 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos at zoulas.com>
+Date: Fri, 17 Jan 2020 17:12:58 +0000
+Subject: [PATCH] PR/130: tobias: adjust seccomp for ioctl on hardwired
+ terminal
+
+---
+ src/seccomp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index ebf3ea1cb..0ba17233b 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -186,8 +186,12 @@ enable_sandbox_full(void)
+ ALLOW_IOCTL_RULE(FIONREAD);
+ #endif
+ #ifdef TIOCGWINSZ
+- // musl libc may call ioctl TIOCGWINSZ when calling stdout
++ // musl libc may call ioctl TIOCGWINSZ on stdout
+ ALLOW_IOCTL_RULE(TIOCGWINSZ);
++#endif
++#ifdef TCGETS
++ // glibc may call ioctl TCGETS on stdout on physical terminal
++ ALLOW_IOCTL_RULE(TCGETS);
+ #endif
+ ALLOW_RULE(lseek);
+ ALLOW_RULE(_llseek);
More information about the arch-commits
mailing list