Sync from SUSE:SLFO:Main file revision 20359537aa30df4012c84361f10a59ef
This commit is contained in:
22
boo1237209.patch
Normal file
22
boo1237209.patch
Normal file
@@ -0,0 +1,22 @@
|
||||
From b3384a1fbfa1fee99986e5750ab8e700de4f24ad Mon Sep 17 00:00:00 2001
|
||||
From: Christos Zoulas <christos@zoulas.com>
|
||||
Date: Thu, 5 Dec 2024 18:35:40 +0000
|
||||
Subject: [PATCH] PR/579: net147: Fix stack overrun.
|
||||
|
||||
---
|
||||
src/readelf.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/readelf.c b/src/readelf.c
|
||||
index fe4cf5413..d209d86df 100644
|
||||
--- a/src/readelf.c
|
||||
+++ b/src/readelf.c
|
||||
@@ -1728,7 +1728,7 @@ dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
|
||||
Elf64_Phdr ph64;
|
||||
const char *linking_style;
|
||||
unsigned char nbuf[NBUFSIZE];
|
||||
- char interp[128];
|
||||
+ char interp[NBUFSIZE];
|
||||
ssize_t bufsize;
|
||||
size_t offset, align, need = 0;
|
||||
int pie = 0, dynamic = 0;
|
29
file-seccomp-ppc.patch
Normal file
29
file-seccomp-ppc.patch
Normal file
@@ -0,0 +1,29 @@
|
||||
The glibc does not provide the real value of TCGETS as e.g.
|
||||
used by tcgetattr(3). Therefore as a dirty workaround for
|
||||
the correct struct termios from ppc specific includes has to
|
||||
loaded before including ioctl.h. Simply to get the the final
|
||||
correct value of TCGETS aka _IOR('t', 19, struct termios).
|
||||
|
||||
---
|
||||
src/seccomp.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/seccomp.c b/src/seccomp.c
|
||||
--- a/src/seccomp.c
|
||||
+++ b/src/seccomp.c
|
||||
@@ -33,9 +33,13 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.29
|
||||
#if HAVE_LIBSECCOMP
|
||||
#include <seccomp.h> /* libseccomp */
|
||||
#include <sys/prctl.h> /* prctl */
|
||||
-#include <sys/ioctl.h>
|
||||
#include <sys/socket.h>
|
||||
-#include <termios.h>
|
||||
+#ifdef __powerpc64__
|
||||
+# include <asm/termbits.h>
|
||||
+#else
|
||||
+# include <termios.h>
|
||||
+#endif
|
||||
+#include <sys/ioctl.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
@@ -11,25 +11,24 @@ export GLIBC_TUNABLES=glibc.mem.decorate_maps=1
|
||||
make check
|
||||
```
|
||||
|
||||
Remove the dumb prctl allow rule as for glibc malloc the prctl PR_SET_VMA
|
||||
with flag PR_SET_VMA_ANON_NAME is already allowed
|
||||
|
||||
Signed-off-by: Werner Fink <werner@suse.de>
|
||||
|
||||
---
|
||||
src/seccomp.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
src/seccomp.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/seccomp.c b/src/seccomp.c
|
||||
index ce824330..8a2c8a4c 100644
|
||||
--- a/src/seccomp.c
|
||||
+++ b/src/seccomp.c
|
||||
@@ -80,6 +80,9 @@ enable_sandbox(void)
|
||||
@@ -80,6 +80,8 @@ enable_sandbox(void)
|
||||
if (ctx == NULL)
|
||||
return -1;
|
||||
|
||||
+ ALLOW_RULE(prctl);
|
||||
+ ALLOW_RULE(getrandom);
|
||||
+ ALLOW_RULE(rseq);
|
||||
ALLOW_RULE(access);
|
||||
ALLOW_RULE(brk);
|
||||
ALLOW_RULE(close);
|
||||
--
|
||||
2.43.0
|
||||
|
||||
|
21
file.changes
21
file.changes
@@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 19 09:31:52 UTC 2025 - Dr. Werner Fink <werner@suse.de>
|
||||
|
||||
- Change patch file-seccomp.patch
|
||||
* Remove the dumb prctl allow rule as for glibc malloc the prctl
|
||||
PR_SET_VMA with flag PR_SET_VMA_ANON_NAME is already allowed
|
||||
- Require at build zlib-devel to enable direct uncompresion of
|
||||
zip'ed files as well
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 18 10:40:11 UTC 2025 - Dr. Werner Fink <werner@suse.de>
|
||||
|
||||
- Add patch file-seccomp-ppc.patch
|
||||
* Minimal patch to work around of wrong provide of used TCGETS
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 21 07:27:07 UTC 2025 - Dr. Werner Fink <werner@suse.de>
|
||||
|
||||
- Add patch boo1237209.patch temporary
|
||||
* Fix stack overrun (boo#1237209)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 28 10:51:57 UTC 2024 - Dr. Werner Fink <werner@suse.de>
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package file
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -22,7 +22,9 @@
|
||||
Name: file
|
||||
BuildRequires: bash >= 4.0
|
||||
BuildRequires: libtool
|
||||
BuildRequires: lzlib-devel
|
||||
BuildRequires: pkgconfig(bzip2)
|
||||
BuildRequires: pkgconfig(liblz4)
|
||||
BuildRequires: pkgconfig(liblzma)
|
||||
BuildRequires: pkgconfig(libseccomp)
|
||||
BuildRequires: pkgconfig(libzstd)
|
||||
@@ -63,7 +65,9 @@ Patch31: file-5.19-biorad.dif
|
||||
Patch32: file-5.19-clicfs.dif
|
||||
Patch37: file-secure_getenv.patch
|
||||
Patch39: file-5.28-btrfs-image.dif
|
||||
Patch42: boo1237209.patch
|
||||
Patch43: file-seccomp.patch
|
||||
Patch44: file-seccomp-ppc.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
%global _sysconfdir /etc
|
||||
%global magicdir %{_datadir}/file
|
||||
@@ -127,7 +131,9 @@ to develop applications that require the magic "file" interface.
|
||||
%patch -P 37 -p1 -b .getenv
|
||||
%patch -P 39 -p1 -b .btrfs
|
||||
%patch -P 0 -b .0
|
||||
%patch -P 42 -p1
|
||||
%patch -P 43 -p1 -b .seccomp
|
||||
%patch -P 44 -p1 -b .ppc
|
||||
test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in
|
||||
rm -fv src/magic.h
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package python-magic
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
|
Reference in New Issue
Block a user