From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1472847-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A9E7015800D
	for <garchives@archives.gentoo.org>; Sat, 31 Dec 2022 12:58:11 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C4452E03DF;
	Sat, 31 Dec 2022 12:58:10 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id A36A3E03DF
	for <gentoo-commits@lists.gentoo.org>; Sat, 31 Dec 2022 12:58:10 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C9AC7340D4D
	for <gentoo-commits@lists.gentoo.org>; Sat, 31 Dec 2022 12:58:09 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 2F4836F2
	for <gentoo-commits@lists.gentoo.org>; Sat, 31 Dec 2022 12:58:08 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1672491130.0a43a1114f05d985cef96402cab1451580a6339b.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/file/, sys-apps/file/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/file/file-5.43-r1.ebuild sys-apps/file/file-5.43-r2.ebuild sys-apps/file/file-5.44-r1.ebuild sys-apps/file/file-5.44.ebuild sys-apps/file/file-9999.ebuild sys-apps/file/files/file-5.43-portage-sandbox.patch sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch sys-apps/file/files/file-5.44-seccomp-utimes.patch
X-VCS-Directories: sys-apps/file/ sys-apps/file/files/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 0a43a1114f05d985cef96402cab1451580a6339b
X-VCS-Branch: master
Date: Sat, 31 Dec 2022 12:58:08 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: db7fdc65-b362-4bac-85de-e58192a7eb21
X-Archives-Hash: 23030506865a61249b9b38e6c544fc26

commit:     0a43a1114f05d985cef96402cab1451580a6339b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 31 12:51:36 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 31 12:52:10 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a43a111

sys-apps/file: allow faccessat2 syscall in seccomp for sandbox-2.30

Closes: https://bugs.gentoo.org/889046
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../{file-5.43-r1.ebuild => file-5.43-r2.ebuild}   |  4 ++--
 .../file/{file-5.44.ebuild => file-5.44-r1.ebuild} |  5 ++--
 sys-apps/file/file-9999.ebuild                     |  6 ++---
 .../file/files/file-5.43-portage-sandbox.patch     | 28 ++++++++++++++++++++++
 .../files/file-5.43-seccomp-fstatat64-musl.patch   | 22 +++++++++++++++++
 sys-apps/file/files/file-5.44-seccomp-utimes.patch | 18 ++++++++++++++
 6 files changed, 76 insertions(+), 7 deletions(-)

diff --git a/sys-apps/file/file-5.43-r1.ebuild b/sys-apps/file/file-5.43-r2.ebuild
similarity index 96%
rename from sys-apps/file/file-5.43-r1.ebuild
rename to sys-apps/file/file-5.43-r2.ebuild
index 10bf50a18e4f..610753073aa6 100644
--- a/sys-apps/file/file-5.43-r1.ebuild
+++ b/sys-apps/file/file-5.43-r2.ebuild
@@ -49,8 +49,8 @@ BDEPEND+="
 	)"
 
 PATCHES=(
-	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
-	"${FILESDIR}/file-5.40-seccomp-fstatat64-musl.patch" #789336, not upstream yet
+	"${FILESDIR}/file-5.43-portage-sandbox.patch" #713710 #728978
+	"${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet
 	"${FILESDIR}/${P}-configure-clang16.patch"
 )
 

diff --git a/sys-apps/file/file-5.44.ebuild b/sys-apps/file/file-5.44-r1.ebuild
similarity index 95%
rename from sys-apps/file/file-5.44.ebuild
rename to sys-apps/file/file-5.44-r1.ebuild
index 99d5b362b9c5..c29778951f51 100644
--- a/sys-apps/file/file-5.44.ebuild
+++ b/sys-apps/file/file-5.44-r1.ebuild
@@ -52,9 +52,10 @@ BDEPEND+="
 	)"
 
 PATCHES=(
-	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
-	"${FILESDIR}/file-5.40-seccomp-fstatat64-musl.patch" #789336, not upstream yet
+	"${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet
+	"${FILESDIR}/file-5.43-portage-sandbox.patch" #889046
 	"${FILESDIR}/file-5.44-limits-solaris.patch" # applied upstream
+	"${FILESDIR}/file-5.44-seccomp-utimes.patch" # upstream
 )
 
 src_prepare() {

diff --git a/sys-apps/file/file-9999.ebuild b/sys-apps/file/file-9999.ebuild
index 81f60050024c..c83ce4f71f81 100644
--- a/sys-apps/file/file-9999.ebuild
+++ b/sys-apps/file/file-9999.ebuild
@@ -18,7 +18,7 @@ else
 	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
 	SRC_URI+=" verify-sig? ( ftp://ftp.astron.com/pub/file/${P}.tar.gz.asc )"
 
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 
 	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-file )"
 fi
@@ -52,8 +52,8 @@ BDEPEND+="
 	)"
 
 PATCHES=(
-	"${FILESDIR}/file-5.39-portage-sandbox.patch" #713710 #728978
-	"${FILESDIR}/file-5.40-seccomp-fstatat64-musl.patch" #789336, not upstream yet
+	"${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet
+	"${FILESDIR}/file-5.43-portage-sandbox.patch" #889046
 )
 
 src_prepare() {

diff --git a/sys-apps/file/files/file-5.43-portage-sandbox.patch b/sys-apps/file/files/file-5.43-portage-sandbox.patch
new file mode 100644
index 000000000000..f9e715cc366f
--- /dev/null
+++ b/sys-apps/file/files/file-5.43-portage-sandbox.patch
@@ -0,0 +1,28 @@
+Allow syscalls for Gentoo's portage sandbox
+
+- Add getcwd (bug #728978)
+- Add faccessat2 (bug #889046)
+
+Bug: https://bugs.gentoo.org/728978
+Bug: https://bugs.gentoo.org/889046
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -174,6 +174,9 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(exit_group);
+ #ifdef __NR_faccessat
+ 	ALLOW_RULE(faccessat);
++#endif
++#ifdef __NR_faccessat2
++        ALLOW_RULE(faccessat2);
+ #endif
+ 	ALLOW_RULE(fcntl);
+  	ALLOW_RULE(fcntl64);
+@@ -237,6 +240,8 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(write);
+ 	ALLOW_RULE(writev);
+ 
++	// needed by Gentoo's portage sandbox
++	ALLOW_RULE(getcwd);
+ 
+ #if 0
+ 	// needed by valgrind

diff --git a/sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch b/sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch
new file mode 100644
index 000000000000..a039882ac8d7
--- /dev/null
+++ b/sys-apps/file/files/file-5.43-seccomp-fstatat64-musl.patch
@@ -0,0 +1,22 @@
+From 8c13923a8e17a02be0989649b2edc20124816729 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 15 Jun 2021 16:08:22 -0400
+Subject: [PATCH] seccomp: undef fstatat64 to avoid build failure on musl
+
+sys/stat.h in musl does this:
+
+  #define fstatat64 fstatat
+
+Counteract this with an #undef.
+
+Bug: https://bugs.gentoo.org/789336
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -182,6 +182,7 @@ enable_sandbox_full(void)
+ #endif
+  	ALLOW_RULE(fstat64);
+ #ifdef __NR_fstatat64
++#undef fstatat64
+ 	ALLOW_RULE(fstatat64);
+ #endif
+ 	ALLOW_RULE(futex);

diff --git a/sys-apps/file/files/file-5.44-seccomp-utimes.patch b/sys-apps/file/files/file-5.44-seccomp-utimes.patch
new file mode 100644
index 000000000000..49f1c2e4b739
--- /dev/null
+++ b/sys-apps/file/files/file-5.44-seccomp-utimes.patch
@@ -0,0 +1,18 @@
+https://github.com/file/file/commit/1590a653b520123d47070a47436abfba42d4c943
+
+From 1590a653b520123d47070a47436abfba42d4c943 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Dec 2022 18:57:29 +0000
+Subject: [PATCH] PR/408: SpraxDev: Add utimes to the allow list for -p
+
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -233,6 +233,7 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(umask);	// Used in file_pipe2file()
+ 	ALLOW_RULE(getpid);	// Used by glibc in file_pipe2file()
+ 	ALLOW_RULE(unlink);
++	ALLOW_RULE(utimes);
+ 	ALLOW_RULE(write);
+ 	ALLOW_RULE(writev);
+ 
+