commit: 10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86 Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> AuthorDate: Wed Mar 31 21:24:54 2021 +0000 Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org> CommitDate: Wed Mar 31 22:17:40 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10a9d09e
app-misc/mc: backport file seccomp failure Reported-by: Anton Bolshakov Closes: https://bugs.gentoo.org/776988 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org> app-misc/mc/files/mc-4.8.26-file-seccomp.patch | 142 +++++++++++++++++++++++++ app-misc/mc/mc-4.8.26-r2.ebuild | 118 ++++++++++++++++++++ 2 files changed, 260 insertions(+) diff --git a/app-misc/mc/files/mc-4.8.26-file-seccomp.patch b/app-misc/mc/files/mc-4.8.26-file-seccomp.patch new file mode 100644 index 00000000000..0a36f47f3a4 --- /dev/null +++ b/app-misc/mc/files/mc-4.8.26-file-seccomp.patch @@ -0,0 +1,142 @@ +https://bugs.gentoo.org/776988 +https://github.com/MidnightCommander/mc/commit/1ed638d66cf803f69ac12ee80a72d217f2146e43 + +From 1ed638d66cf803f69ac12ee80a72d217f2146e43 Mon Sep 17 00:00:00 2001 +From: Andrew Borodin <aboro...@vmail.ru> +Date: Tue, 16 Feb 2021 16:29:51 +0300 +Subject: [PATCH] Ticket #4180: fix zip handling. + +After 8857423e4ebb770b6f0ea3103abf5d35c85fcbe8 zip archives opened with +an error: + + file -L -z archive.zip: Bad system call + +This caused by using /usr/bin/file with -z option, because seccomp (a +security sandbox) doesn't allow it.. + +Solution: use -S option together with -z one. + +The file command accepts the -S option since 5.33. + +Signed-off-by: Andrew Borodin <aboro...@vmail.ru> +--- + configure.ac | 66 +++++++++++++++++++++++++++++++++++-------- + src/filemanager/ext.c | 7 +++-- + src/setup.c | 2 ++ + 3 files changed, 60 insertions(+), 15 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5f372dc3f5..f2351c99ad 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -115,23 +115,65 @@ fi + AC_SUBST(MANDOC) + AC_SUBST(MAN_FLAGS) + +-dnl Check for -L option to file ++dnl Check for -z, -L, and -S options to file + AC_CHECK_PROG(HAVE_FILECMD, file, true, false) + if $HAVE_FILECMD; then +- AC_MSG_CHECKING([for -L option to file command]) +- AC_CACHE_VAL(mc_cv_filel, [ +- file -L . > /dev/null 2>&1 +- if test $? = 0; then +- mc_cv_filel=yes ++ dnl Don't use the file command if it doesn't accept the -z option ++ AC_MSG_CHECKING([for -z option to file command]) ++ AC_CACHE_VAL(mc_cv_file_z, [ ++ file -z . > /dev/null 2>&1 ++ if test $? = 0; then ++ mc_cv_file_z=yes ++ else ++ mc_cv_file_z=no ++ fi ++ ]) ++ AC_MSG_RESULT([$mc_cv_file_z]) ++ ++ if test x$mc_cv_file_z = xyes; then ++ AC_DEFINE(USE_FILE_CMD, 1, [Define if the file command accepts the -z option]) + else +- mc_cv_filel=no ++ AC_MSG_WARN([The file command doesn't accept the -z option and will not be used]) + fi +- ]) +- if test x$mc_cv_filel = xyes; then +- AC_DEFINE(FILE_L, 1, [Define if the file command accepts the -L option]) ++ ++ if test x$mc_cv_file_z = xyes; then ++ dnl file is used; check -L and -S options ++ ++ AC_MSG_CHECKING([for -L option to file command]) ++ AC_CACHE_VAL(mc_cv_file_L, [ ++ file -L . > /dev/null 2>&1 ++ if test $? = 0; then ++ mc_cv_file_L=yes ++ else ++ mc_cv_file_L=no ++ fi ++ ]) ++ AC_MSG_RESULT([$mc_cv_file_L]) ++ ++ if test x$mc_cv_file_L = xyes; then ++ AC_DEFINE(FILE_L, "-L ", [Define if the file command accepts the -L option]) ++ else ++ AC_DEFINE(FILE_L, "", [Define if the file command accepts the -L option]) ++ fi ++ ++ dnl The file command accepts the -S option since 5.33 ++ AC_MSG_CHECKING([for -S option to file command]) ++ AC_CACHE_VAL(mc_cv_file_S, [ ++ file -S . > /dev/null 2>&1 ++ if test $? = 0; then ++ mc_cv_file_S=yes ++ else ++ mc_cv_file_S=no ++ fi ++ ]) ++ AC_MSG_RESULT([$mc_cv_file_S]) ++ ++ if test x$mc_cv_file_S = xyes; then ++ AC_DEFINE(FILE_S, "-S ", [Define if file command accepts the -S option]) ++ else ++ AC_DEFINE(FILE_S, "", [Define if file command accepts the -S option]) ++ fi + fi +- filel=$mc_cv_filel +- AC_MSG_RESULT([$filel]) + fi + + dnl Only list browsers here that can be run in background (i.e. with `&') +diff --git a/src/filemanager/ext.c b/src/filemanager/ext.c +index 4e6f10c6c5..d6a09df7bb 100644 +--- a/src/filemanager/ext.c ++++ b/src/filemanager/ext.c +@@ -71,10 +71,11 @@ + + /*** file scope macro definitions ****************************************************************/ + +-#ifdef FILE_L +-#define FILE_CMD "file -L -z " ++#ifdef USE_FILE_CMD ++#define FILE_CMD "file -z " FILE_S FILE_L + #else +-#define FILE_CMD "file -z " ++/* actually file is unused, but define some reasonable command */ ++#define FILE_CMD "file " + #endif + + /*** file scope type declarations ****************************************************************/ +diff --git a/src/setup.c b/src/setup.c +index 77c07649d5..2ef07f2569 100644 +--- a/src/setup.c ++++ b/src/setup.c +@@ -317,7 +317,9 @@ static const struct + { "old_esc_mode", &old_esc_mode }, + { "cd_symlinks", &mc_global.vfs.cd_symlinks }, + { "show_all_if_ambiguous", &mc_global.widget.show_all_if_ambiguous }, ++#ifdef USE_FILE_CMD + { "use_file_to_guess_type", &use_file_to_check_type }, ++#endif + { "alternate_plus_minus", &mc_global.tty.alternate_plus_minus }, + { "only_leading_plus_minus", &only_leading_plus_minus }, + { "show_output_starts_shell", &output_starts_shell }, diff --git a/app-misc/mc/mc-4.8.26-r2.ebuild b/app-misc/mc/mc-4.8.26-r2.ebuild new file mode 100644 index 00000000000..9bd2fbe7d5e --- /dev/null +++ b/app-misc/mc/mc-4.8.26-r2.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic + +MY_P=${P/_/-} + +DESCRIPTION="GNU Midnight Commander is a text based file manager" +HOMEPAGE="https://www.midnight-commander.org"; +SRC_URI="http://ftp.midnight-commander.org/${MY_P}.tar.xz"; + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris" +IUSE="+edit gpm nls samba sftp +slang spell test unicode X +xdg" + +REQUIRED_USE="spell? ( edit )" + +RDEPEND=">=dev-libs/glib-2.26.0:2 + gpm? ( sys-libs/gpm ) + kernel_linux? ( sys-fs/e2fsprogs ) + samba? ( net-fs/samba ) + sftp? ( net-libs/libssh2 ) + slang? ( >=sys-libs/slang-2 ) + !slang? ( sys-libs/ncurses:0=[unicode?] ) + spell? ( app-text/aspell ) + X? ( x11-libs/libX11 + x11-libs/libICE + x11-libs/libXau + x11-libs/libXdmcp + x11-libs/libSM )" +DEPEND="${RDEPEND} + app-arch/xz-utils + virtual/pkgconfig + nls? ( sys-devel/gettext ) + test? ( dev-libs/check ) + " + +PATCHES=( + "${FILESDIR}"/${P}-shadow-crash.patch + "${FILESDIR}"/${P}-file-seccomp.patch +) + +RESTRICT="!test? ( test )" + +S="${WORKDIR}/${MY_P}" + +pkg_pretend() { + if use slang && use unicode ; then + ewarn "\"unicode\" USE flag only takes effect when the \"slang\" USE flag is disabled." + fi +} + +src_prepare() { + default + + # patch touches configure.ac + eautoreconf +} + +src_configure() { + [[ ${CHOST} == *-solaris* ]] && append-ldflags "-lnsl -lsocket" + + local myeconfargs=( + --enable-charset + --enable-vfs + --with-homedir=$(usex xdg 'XDG' '.mc') + --with-screen=$(usex slang 'slang' "ncurses$(usex unicode 'w' '')") + $(use_enable kernel_linux vfs-undelfs) + # Today mclib does not expose any headers and is linked to + # single 'mc' binary. Thus there is no advantage of having + # a library. Let's avoid shared library altogether + # as it also conflicts with sci-libs/mc: bug #685938 + --disable-mclib + $(use_enable nls) + $(use_enable samba vfs-smb) + $(use_enable sftp vfs-sftp) + $(use_enable spell aspell) + $(use_enable test tests) + $(use_with gpm gpm-mouse) + $(use_with X x) + $(use_with edit internal-edit) + ) + econf "${myeconfargs[@]}" +} + +src_test() { + # CK_FORK=no to avoid using fork() in check library + # as mc mocks fork() itself: bug #644462. + # + # VERBOSE=1 to make test failures contain detailed + # information. + CK_FORK=no emake check VERBOSE=1 +} + +src_install() { + emake DESTDIR="${D}" install + dodoc AUTHORS README NEWS + + # fix bug #334383 + if use kernel_linux && [[ ${EUID} == 0 ]] ; then + fowners root:tty /usr/libexec/mc/cons.saver + fperms g+s /usr/libexec/mc/cons.saver + fi + + if ! use xdg ; then + sed 's@MC_XDG_OPEN="xdg-open"@MC_XDG_OPEN="/bin/false"@' \ + -i "${ED}"/usr/libexec/mc/ext.d/*.sh || die + fi +} + +pkg_postinst() { + elog "To enable exiting to latest working directory," + elog "put this into your ~/.bashrc:" + elog ". ${EPREFIX}/usr/libexec/mc/mc.sh" +}
