[gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/

["Mike Gilbert" <floppym@gentoo.org>]

commit:     de6efe6b3e28eea299401244e7b506a6f9c22d51
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 23 19:13:51 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Dec 23 19:13:51 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de6efe6b

sys-apps/man-db: allow clock_gettime64 syscall

Closes: https://bugs.gentoo.org/744712
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/man-db-2.9.3-clock_gettime64.patch       | 44 ++++++++++++++++++++++
 .../{man-db-9999.ebuild => man-db-2.9.3-r1.ebuild} |  5 ++-
 sys-apps/man-db/man-db-9999.ebuild                 |  4 +-
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch
new file mode 100644
index 00000000000..0da1b2c5b2b
--- /dev/null
+++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch
@@ -0,0 +1,44 @@
+From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001
+From: "S. Gilles" <sgilles@umd.edu>
+Date: Wed, 12 Aug 2020 16:40:07 -0400
+Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks
+
+libcs such as musl expect ENOSYS to be returned (not EPERM) in their
+fallback code, so change the seccomp filter to be more agreeable to
+them.
+
+At the same time, clock_gettime is permitted in the filter, so permit
+clock_gettime64 as well -- it will be needed by 2038 in any case.
+
+* lib/sandbox.c (make_seccomp_filter): Set default action to
+SCMP_ACT_ERRNO (ENOSYS).  Allow clock_gettime64.
+* NEWS: Document this.
+---
+ NEWS          | 9 +++++++++
+ lib/sandbox.c | 3 ++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/lib/sandbox.c b/lib/sandbox.c
+index 21ec28aa..d934a0f9 100644
+--- a/lib/sandbox.c
++++ b/lib/sandbox.c
+@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
+ 		;
+ 
+ 	debug ("initialising seccomp filter (permissive: %d)\n", permissive);
+-	ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM));
++	ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS));
+ 	if (!ctx)
+ 		error (FATAL, errno, "can't initialise seccomp filter");
+ 
+@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive)
+ 	/* systemd: SystemCallFilter=@default */
+ 	SC_ALLOW ("clock_getres");
+ 	SC_ALLOW ("clock_gettime");
++	SC_ALLOW ("clock_gettime64");
+ 	SC_ALLOW ("clock_nanosleep");
+ 	SC_ALLOW ("execve");
+ 	SC_ALLOW ("exit");
+-- 
+cgit v1.2.1
+

diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild
similarity index 97%
copy from sys-apps/man-db/man-db-9999.ebuild
copy to sys-apps/man-db/man-db-2.9.3-r1.ebuild
index 25d02ea5f57..35e2bb5d6ce 100644
--- a/sys-apps/man-db/man-db-9999.ebuild
+++ b/sys-apps/man-db/man-db-2.9.3-r1.ebuild
@@ -46,7 +46,10 @@ RDEPEND="
 "
 PDEPEND="manpager? ( app-text/manpager )"
 
-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch
+	"${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch
+)
 
 pkg_setup() {
 	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150

diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-9999.ebuild
index 25d02ea5f57..cf3711365b0 100644
--- a/sys-apps/man-db/man-db-9999.ebuild
+++ b/sys-apps/man-db/man-db-9999.ebuild
@@ -46,7 +46,9 @@ RDEPEND="
 "
 PDEPEND="manpager? ( app-text/manpager )"
 
-PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch )
+PATCHES=(
+	"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
+)
 
 pkg_setup() {
 	if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150