[arch-commits] Commit in file/trunk (PKGBUILD file-5.38-seccomp-tcgets.patch)

Levente Polyak anthraxx at archlinux.org
Thu Jan 23 19:19:11 UTC 2020


    Date: Thursday, January 23, 2020 @ 19:19:10
  Author: anthraxx
Revision: 373851

upgpkg: file 5.38-2: fix TCGETS call libseccomp sandbox

- sandbox blocks required TCGETS on console with glibc

Added:
  file/trunk/file-5.38-seccomp-tcgets.patch
Modified:
  file/trunk/PKGBUILD

--------------------------------+
 PKGBUILD                       |    8 +++++---
 file-5.38-seccomp-tcgets.patch |   28 ++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-01-23 19:17:19 UTC (rev 373850)
+++ PKGBUILD	2020-01-23 19:19:10 UTC (rev 373851)
@@ -4,7 +4,7 @@
 
 pkgname=file
 pkgver=5.38
-pkgrel=1
+pkgrel=2
 pkgdesc='File type identification utility'
 arch=('x86_64')
 license=('custom')
@@ -12,10 +12,12 @@
 url='https://www.darwinsys.com/file/'
 depends=('glibc' 'zlib' 'xz' 'bzip2' 'libseccomp' 'libseccomp.so')
 provides=('libmagic.so')
-source=("ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"{,.asc})
+source=("ftp://ftp.astron.com/pub/$pkgname/$pkgname-$pkgver.tar.gz"{,.asc}
+        file-5.38-seccomp-tcgets.patch)
 validpgpkeys=('BE04995BA8F90ED0C0C176C471112AB16CB33B3A') # Christos Zoulas
 sha256sums=('593c2ffc2ab349c5aea0f55fedfe4d681737b6b62376a9b3ad1e77b2cc19fa34'
-            'SKIP')
+            'SKIP'
+            'da6197e89ca53bd4f0d9009fa3a18c6fdb66dc07eb92e6bd77207eadb4548cfe')
 
 prepare() {
   cd $pkgname-$pkgver

Added: file-5.38-seccomp-tcgets.patch
===================================================================
--- file-5.38-seccomp-tcgets.patch	                        (rev 0)
+++ file-5.38-seccomp-tcgets.patch	2020-01-23 19:19:10 UTC (rev 373851)
@@ -0,0 +1,28 @@
+From 78573ec1c43346064661169c5c8df32e7c3bd6d6 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos at zoulas.com>
+Date: Fri, 17 Jan 2020 17:12:58 +0000
+Subject: [PATCH] PR/130: tobias: adjust seccomp for ioctl on hardwired
+ terminal
+
+---
+ src/seccomp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index ebf3ea1cb..0ba17233b 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -186,8 +186,12 @@ enable_sandbox_full(void)
+ 	ALLOW_IOCTL_RULE(FIONREAD);
+ #endif
+ #ifdef TIOCGWINSZ
+-	// musl libc may call ioctl TIOCGWINSZ when calling stdout
++	// musl libc may call ioctl TIOCGWINSZ on stdout
+ 	ALLOW_IOCTL_RULE(TIOCGWINSZ);
++#endif
++#ifdef TCGETS
++	// glibc may call ioctl TCGETS on stdout on physical terminal
++	ALLOW_IOCTL_RULE(TCGETS);
+ #endif
+ 	ALLOW_RULE(lseek);
+  	ALLOW_RULE(_llseek);



More information about the arch-commits mailing list