From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 401481382C5 for ; Wed, 23 Dec 2020 19:15:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 70DE4E0BC5; Wed, 23 Dec 2020 19:15:07 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 52CB6E0BC5 for ; Wed, 23 Dec 2020 19:15:07 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EB7623411D9 for ; Wed, 23 Dec 2020 19:15:05 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 574E149 for ; Wed, 23 Dec 2020 19:15:04 +0000 (UTC) From: "Mike Gilbert" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Gilbert" Message-ID: <1608750831.de6efe6b3e28eea299401244e7b506a6f9c22d51.floppym@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/man-db/, sys-apps/man-db/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch sys-apps/man-db/man-db-2.9.3-r1.ebuild sys-apps/man-db/man-db-9999.ebuild X-VCS-Directories: sys-apps/man-db/files/ sys-apps/man-db/ X-VCS-Committer: floppym X-VCS-Committer-Name: Mike Gilbert X-VCS-Revision: de6efe6b3e28eea299401244e7b506a6f9c22d51 X-VCS-Branch: master Date: Wed, 23 Dec 2020 19:15:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 05c2be21-80e9-4b24-9b4b-056917950226 X-Archives-Hash: 74f699f4ba9cb640a89565e812bd1fc4 commit: de6efe6b3e28eea299401244e7b506a6f9c22d51 Author: Mike Gilbert gentoo org> AuthorDate: Wed Dec 23 19:13:51 2020 +0000 Commit: Mike Gilbert gentoo org> CommitDate: Wed Dec 23 19:13:51 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=de6efe6b sys-apps/man-db: allow clock_gettime64 syscall Closes: https://bugs.gentoo.org/744712 Signed-off-by: Mike Gilbert gentoo.org> .../files/man-db-2.9.3-clock_gettime64.patch | 44 ++++++++++++++++++++++ .../{man-db-9999.ebuild => man-db-2.9.3-r1.ebuild} | 5 ++- sys-apps/man-db/man-db-9999.ebuild | 4 +- 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch new file mode 100644 index 00000000000..0da1b2c5b2b --- /dev/null +++ b/sys-apps/man-db/files/man-db-2.9.3-clock_gettime64.patch @@ -0,0 +1,44 @@ +From 7315a9475d8fa37af49e9e7ed11e1534f23ef70b Mon Sep 17 00:00:00 2001 +From: "S. Gilles" +Date: Wed, 12 Aug 2020 16:40:07 -0400 +Subject: Allow clock_gettime64; return ENOSYS so libcs can engage fallbacks + +libcs such as musl expect ENOSYS to be returned (not EPERM) in their +fallback code, so change the seccomp filter to be more agreeable to +them. + +At the same time, clock_gettime is permitted in the filter, so permit +clock_gettime64 as well -- it will be needed by 2038 in any case. + +* lib/sandbox.c (make_seccomp_filter): Set default action to +SCMP_ACT_ERRNO (ENOSYS). Allow clock_gettime64. +* NEWS: Document this. +--- + NEWS | 9 +++++++++ + lib/sandbox.c | 3 ++- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/lib/sandbox.c b/lib/sandbox.c +index 21ec28aa..d934a0f9 100644 +--- a/lib/sandbox.c ++++ b/lib/sandbox.c +@@ -232,7 +232,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) + ; + + debug ("initialising seccomp filter (permissive: %d)\n", permissive); +- ctx = seccomp_init (SCMP_ACT_ERRNO (EPERM)); ++ ctx = seccomp_init (SCMP_ACT_ERRNO (ENOSYS)); + if (!ctx) + error (FATAL, errno, "can't initialise seccomp filter"); + +@@ -271,6 +271,7 @@ static scmp_filter_ctx make_seccomp_filter (int permissive) + /* systemd: SystemCallFilter=@default */ + SC_ALLOW ("clock_getres"); + SC_ALLOW ("clock_gettime"); ++ SC_ALLOW ("clock_gettime64"); + SC_ALLOW ("clock_nanosleep"); + SC_ALLOW ("execve"); + SC_ALLOW ("exit"); +-- +cgit v1.2.1 + diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-2.9.3-r1.ebuild similarity index 97% copy from sys-apps/man-db/man-db-9999.ebuild copy to sys-apps/man-db/man-db-2.9.3-r1.ebuild index 25d02ea5f57..35e2bb5d6ce 100644 --- a/sys-apps/man-db/man-db-9999.ebuild +++ b/sys-apps/man-db/man-db-2.9.3-r1.ebuild @@ -46,7 +46,10 @@ RDEPEND=" " PDEPEND="manpager? ( app-text/manpager )" -PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch ) +PATCHES=( + "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch + "${FILESDIR}"/man-db-2.9.3-clock_gettime64.patch +) pkg_setup() { if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150 diff --git a/sys-apps/man-db/man-db-9999.ebuild b/sys-apps/man-db/man-db-9999.ebuild index 25d02ea5f57..cf3711365b0 100644 --- a/sys-apps/man-db/man-db-9999.ebuild +++ b/sys-apps/man-db/man-db-9999.ebuild @@ -46,7 +46,9 @@ RDEPEND=" " PDEPEND="manpager? ( app-text/manpager )" -PATCHES=( "${FILESDIR}"/${PN}-2.9.3-sandbox-env-tests.patch ) +PATCHES=( + "${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch +) pkg_setup() { if (use gdbm && use berkdb) || (use !gdbm && use !berkdb) ; then #496150