Sync from SUSE:SLFO:Main file revision 20359537aa30df4012c84361f10a59ef

This commit is contained in:
2025-03-26 11:07:43 +01:00
parent 7848f8e7ae
commit ea88ae3534
6 changed files with 87 additions and 10 deletions

22
boo1237209.patch Normal file
View File

@@ -0,0 +1,22 @@
From b3384a1fbfa1fee99986e5750ab8e700de4f24ad Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Thu, 5 Dec 2024 18:35:40 +0000
Subject: [PATCH] PR/579: net147: Fix stack overrun.
---
src/readelf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/readelf.c b/src/readelf.c
index fe4cf5413..d209d86df 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -1728,7 +1728,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
Elf64_Phdr ph64;
const char *linking_style;
unsigned char nbuf[NBUFSIZE];
- char interp[128];
+ char interp[NBUFSIZE];
ssize_t bufsize;
size_t offset, align, need = 0;
int pie = 0, dynamic = 0;

29
file-seccomp-ppc.patch Normal file
View File

@@ -0,0 +1,29 @@
The glibc does not provide the real value of TCGETS as e.g.
used by tcgetattr(3). Therefore as a dirty workaround for
the correct struct termios from ppc specific includes has to
loaded before including ioctl.h. Simply to get the the final
correct value of TCGETS aka _IOR('t', 19, struct termios).
---
src/seccomp.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/seccomp.c b/src/seccomp.c
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -33,9 +33,13 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.29
#if HAVE_LIBSECCOMP
#include <seccomp.h> /* libseccomp */
#include <sys/prctl.h> /* prctl */
-#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <termios.h>
+#ifdef __powerpc64__
+# include <asm/termbits.h>
+#else
+# include <termios.h>
+#endif
+#include <sys/ioctl.h>
#include <fcntl.h>
#include <stdlib.h>
#include <errno.h>

View File

@@ -11,25 +11,24 @@ export GLIBC_TUNABLES=glibc.mem.decorate_maps=1
make check
```
Remove the dumb prctl allow rule as for glibc malloc the prctl PR_SET_VMA
with flag PR_SET_VMA_ANON_NAME is already allowed
Signed-off-by: Werner Fink <werner@suse.de>
---
src/seccomp.c | 3 +++
1 file changed, 3 insertions(+)
src/seccomp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/seccomp.c b/src/seccomp.c
index ce824330..8a2c8a4c 100644
--- a/src/seccomp.c
+++ b/src/seccomp.c
@@ -80,6 +80,9 @@ enable_sandbox(void)
@@ -80,6 +80,8 @@ enable_sandbox(void)
if (ctx == NULL)
return -1;
+ ALLOW_RULE(prctl);
+ ALLOW_RULE(getrandom);
+ ALLOW_RULE(rseq);
ALLOW_RULE(access);
ALLOW_RULE(brk);
ALLOW_RULE(close);
--
2.43.0

View File

@@ -1,3 +1,24 @@
-------------------------------------------------------------------
Wed Mar 19 09:31:52 UTC 2025 - Dr. Werner Fink <werner@suse.de>
- Change patch file-seccomp.patch
* Remove the dumb prctl allow rule as for glibc malloc the prctl
PR_SET_VMA with flag PR_SET_VMA_ANON_NAME is already allowed
- Require at build zlib-devel to enable direct uncompresion of
zip'ed files as well
-------------------------------------------------------------------
Tue Mar 18 10:40:11 UTC 2025 - Dr. Werner Fink <werner@suse.de>
- Add patch file-seccomp-ppc.patch
* Minimal patch to work around of wrong provide of used TCGETS
-------------------------------------------------------------------
Fri Feb 21 07:27:07 UTC 2025 - Dr. Werner Fink <werner@suse.de>
- Add patch boo1237209.patch temporary
* Fix stack overrun (boo#1237209)
-------------------------------------------------------------------
Thu Nov 28 10:51:57 UTC 2024 - Dr. Werner Fink <werner@suse.de>

View File

@@ -1,7 +1,7 @@
#
# spec file for package file
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,9 @@
Name: file
BuildRequires: bash >= 4.0
BuildRequires: libtool
BuildRequires: lzlib-devel
BuildRequires: pkgconfig(bzip2)
BuildRequires: pkgconfig(liblz4)
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(libzstd)
@@ -63,7 +65,9 @@ Patch31: file-5.19-biorad.dif
Patch32: file-5.19-clicfs.dif
Patch37: file-secure_getenv.patch
Patch39: file-5.28-btrfs-image.dif
Patch42: boo1237209.patch
Patch43: file-seccomp.patch
Patch44: file-seccomp-ppc.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%global _sysconfdir /etc
%global magicdir %{_datadir}/file
@@ -127,7 +131,9 @@ to develop applications that require the magic "file" interface.
%patch -P 37 -p1 -b .getenv
%patch -P 39 -p1 -b .btrfs
%patch -P 0 -b .0
%patch -P 42 -p1
%patch -P 43 -p1 -b .seccomp
%patch -P 44 -p1 -b .ppc
test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
rm -fv src/magic.h

View File

@@ -1,7 +1,7 @@
#
# spec file for package python-magic
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed