From e195558cc814f91230e3a8543f51672b9dc17727 Mon Sep 17 00:00:00 2001 From: John Date: Sat, 28 Jan 2023 21:31:03 +0100 Subject: [PATCH] openbsd-file: patch seccomp filter for new glibc, add riscv64 --- srcpkgs/openbsd-file/patches/glibc.patch | 27 +++++++++++++++++++ .../openbsd-file/patches/no-x86-seccomp.patch | 4 ++- srcpkgs/openbsd-file/template | 2 +- 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/openbsd-file/patches/glibc.patch diff --git a/srcpkgs/openbsd-file/patches/glibc.patch b/srcpkgs/openbsd-file/patches/glibc.patch new file mode 100644 index 00000000000..113d156ac46 --- /dev/null +++ b/srcpkgs/openbsd-file/patches/glibc.patch @@ -0,0 +1,27 @@ +From 62ee6ab013285b8f6dce1f729d97a1c31abf5071 Mon Sep 17 00:00:00 2001 +From: Bryan Steele +Date: Tue, 3 Aug 2021 21:16:44 -0400 +Subject: [PATCH] portable; Non-fatally deny newfstatat/statx(2) syscalls used + by newer glibc. + +--- + seccomp-sandbox.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/seccomp-sandbox.c b/seccomp-sandbox.c +index d65b813..03d70dd 100644 +--- a/seccomp-sandbox.c ++++ b/seccomp-sandbox.c +@@ -132,6 +132,12 @@ static const struct sock_filter filt_insns[] = { + #ifdef __NR_openat + SC_DENY(__NR_openat, EACCES), + #endif ++#ifdef __NR_newfstatat ++ SC_DENY(__NR_newfstatat, EACCES), ++#endif ++#ifdef __NR_statx ++ SC_DENY(__NR_statx, EACCES), ++#endif + + /* Syscalls to permit. */ + #ifdef __NR_brk diff --git a/srcpkgs/openbsd-file/patches/no-x86-seccomp.patch b/srcpkgs/openbsd-file/patches/no-x86-seccomp.patch index 3402d4cfd4d..1d0e68b3326 100644 --- a/srcpkgs/openbsd-file/patches/no-x86-seccomp.patch +++ b/srcpkgs/openbsd-file/patches/no-x86-seccomp.patch @@ -1,6 +1,6 @@ --- a/seccomp-sandbox.c 2020-01-30 15:59:29.517540311 +0100 +++ b/seccomp-sandbox.c 2020-01-30 16:03:43.046273793 +0100 -@@ -40,6 +40,16 @@ +@@ -40,6 +40,18 @@ #define SECCOMP_AUDIT_ARCH AUDIT_ARCH_I386 #elif defined __x86_64__ || defined __amd64__ #define SECCOMP_AUDIT_ARCH AUDIT_ARCH_X86_64 @@ -14,6 +14,8 @@ +#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64 +#elif defined __powerpc__ +#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC ++#elif defined(__riscv) && defined(__riscv_xlen) && __riscv_xlen == 64 ++#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_RISCV64 #endif #endif /* SECCOMP_AUDIT_ARCH */ diff --git a/srcpkgs/openbsd-file/template b/srcpkgs/openbsd-file/template index 933ee23ed8b..4c4518798cb 100644 --- a/srcpkgs/openbsd-file/template +++ b/srcpkgs/openbsd-file/template @@ -1,7 +1,7 @@ # Template file for 'openbsd-file' pkgname=openbsd-file version=6.2 -revision=3 +revision=4 build_style=gnu-configure configure_args="--program-prefix=openbsd-" hostmakedepends="automake libtool"