file 5.37-4 (x86_64;aarch64;i686;armv7hnl;znver1) 2019-7507
9999
Status | published | |||||||||||||||||||||||||||||||||||||||||||||
Submitter | nobodydead [@T] gmail.com | |||||||||||||||||||||||||||||||||||||||||||||
Platform | rolling | |||||||||||||||||||||||||||||||||||||||||||||
Repository | main | |||||||||||||||||||||||||||||||||||||||||||||
URL | https://abf.openmandriva.org/build_lists/615788 | |||||||||||||||||||||||||||||||||||||||||||||
Packages |
|
|||||||||||||||||||||||||||||||||||||||||||||
Build Date | 2019-10-11 19:15:14 +0000 UTC | |||||||||||||||||||||||||||||||||||||||||||||
Last Updated | 2019-10-12 10:49:04.852312472 +0000 UTC |
$ git show --format=fuller --patch-with-stat --summary 32a18195bb258e31d671c2e6a6a4fcf7e59d0e28 commit 32a18195bb258e31d671c2e6a6a4fcf7e59d0e28 Author: tpgxyz <tpgxyz@gmail.com> AuthorDate: Fri Oct 11 20:43:07 2019 +0200 Commit: tpgxyz <tpgxyz@gmail.com> CommitDate: Fri Oct 11 20:43:07 2019 +0200 sync patches with ClearLinux --- 0003-Whitelist-more-syscalls-for-seccomp.patch | 50 ++++++++++++++++++++++++++ 0003-Whitelist-syscall-futex-for-seccomp.patch | 25 ------------- 0004-allow-madvise.patch | 10 ------ file.spec | 5 ++- 4 files changed, 52 insertions(+), 38 deletions(-) create mode 100644 0003-Whitelist-more-syscalls-for-seccomp.patch delete mode 100644 0003-Whitelist-syscall-futex-for-seccomp.patch delete mode 100644 0004-allow-madvise.patch diff --git a/0003-Whitelist-more-syscalls-for-seccomp.patch b/0003-Whitelist-more-syscalls-for-seccomp.patch new file mode 100644 index 0000000..43d60ce --- /dev/null +++ b/0003-Whitelist-more-syscalls-for-seccomp.patch @@ -0,0 +1,50 @@ +From 336e21c87ddf170cb09bff77084df5f0300b13a2 Mon Sep 17 00:00:00 2001 +From: Patrick McCarty <patrick.mccarty@intel.com> +Date: Tue, 6 Aug 2019 12:30:59 -0700 +Subject: [PATCH] Whitelist more syscalls for seccomp + +Linking to libpthread directly has the side-effect of futex() getting +called, so it needs to be whitelisted. + +Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com> +Signed-off-by: Thiago Macieira <thiago.macieira@intel.com> +--- + src/seccomp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 1b9d9b85..250e3662 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -167,10 +167,12 @@ enable_sandbox_full(void) + ALLOW_RULE(fcntl64); + ALLOW_RULE(fstat); + ALLOW_RULE(fstat64); ++ ALLOW_RULE(futex); + ALLOW_RULE(getdents); + #ifdef __NR_getdents64 + ALLOW_RULE(getdents64); + #endif ++ ALLOW_RULE(getpid); + ALLOW_RULE(ioctl); + ALLOW_RULE(lseek); + ALLOW_RULE(_llseek); +@@ -197,6 +199,7 @@ enable_sandbox_full(void) + ALLOW_RULE(stat); + ALLOW_RULE(stat64); + ALLOW_RULE(sysinfo); ++ ALLOW_RULE(umask); + ALLOW_RULE(unlink); + ALLOW_RULE(write); + +@@ -204,7 +207,6 @@ enable_sandbox_full(void) + #if 0 + // needed by valgrind + ALLOW_RULE(gettid); +- ALLOW_RULE(getpid); + ALLOW_RULE(rt_sigtimedwait); + #endif + +-- +2.23.0 + diff --git a/0003-Whitelist-syscall-futex-for-seccomp.patch b/0003-Whitelist-syscall-futex-for-seccomp.patch deleted file mode 100644 index f47e9a9..0000000 --- a/0003-Whitelist-syscall-futex-for-seccomp.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Patrick McCarty <patrick.mccarty@intel.com> -Date: Tue, 6 Aug 2019 12:30:59 -0700 -Subject: [PATCH] Whitelist syscall futex() for seccomp - -Linking to libpthread directly has the side-effect of futex() getting -called, so it needs to be whitelisted. - -Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com> ---- - src/seccomp.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/seccomp.c b/src/seccomp.c -index 1b9d9b8..54ea144 100644 ---- a/src/seccomp.c -+++ b/src/seccomp.c -@@ -167,6 +167,7 @@ enable_sandbox_full(void) - ALLOW_RULE(fcntl64); - ALLOW_RULE(fstat); - ALLOW_RULE(fstat64); -+ ALLOW_RULE(futex); - ALLOW_RULE(getdents); - #ifdef __NR_getdents64 - ALLOW_RULE(getdents64); diff --git a/0004-allow-madvise.patch b/0004-allow-madvise.patch deleted file mode 100644 index 5f0ba7d..0000000 --- a/0004-allow-madvise.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/src/seccomp.c 2018-09-10 17:35:40.000000000 -0700 -+++ b/src/seccomp.c 2019-02-21 12:53:06.114685404 -0800 -@@ -179,6 +179,7 @@ - ALLOW_RULE(mmap); - ALLOW_RULE(mmap2); - ALLOW_RULE(mprotect); -+ ALLOW_RULE(madvise); - ALLOW_RULE(mremap); - ALLOW_RULE(munmap); - #ifdef __NR_newfstatat diff --git a/file.spec b/file.spec index 50c9130..ddd9c51 100644 --- a/file.spec +++ b/file.spec @@ -6,7 +6,7 @@ Summary: A utility for determining file types Name: file Version: 5.37 -Release: 3 +Release: 4 License: BSD Group: File tools Url: http://www.darwinsys.com/file/ @@ -25,8 +25,7 @@ Patch103: file-4.17-rpm-name.patch Patch104: file-5.04-volume_key.patch # ClearLinux patches -Patch111: 0004-allow-madvise.patch -Patch113: 0003-Whitelist-syscall-futex-for-seccomp.patch +Patch113: 0003-Whitelist-more-syscalls-for-seccomp.patch BuildRequires: pkgconfig(python2) BuildRequires: python2-pkg-resources BuildRequires: pkgconfig(python3)
Not Available
benbullard79 [@T] cox.net | These look ready to move, need to get them out of way of Qt/KF | 1657d 13hrs |
benbullard79 [@T] cox.net | No Comment. | 1657d 12hrs |
benbullard79 [@T] cox.net | No Comment. | 1657d 12hrs |
benbullard79 [@T] cox.net | No Comment. | 1657d 12hrs |