community/firejail: upgrade to 0.9.52

https://firejail.wordpress.com/download-2/release-notes/

2 files changed, 4 insertions, 81 deletions

diff --git a/community/firejail/APKBUILD b/community/firejail/APKBUILD
index ba303b4c8f..cde4d1c5bf 100644
--- a/community/firejail/APKBUILD
+++ b/community/firejail/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Stuart Cardall <developer@it-offshore.co.uk>
 # Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
 pkgname=firejail
-pkgver=0.9.50
-pkgrel=1
+pkgver=0.9.52
+pkgrel=0
 pkgdesc="Linux namespaces and seccomp-bpf sandbox"
 url="https://firejail.wordpress.com/"
 arch="all"
@@ -12,9 +12,7 @@ makedepends="linux-headers"
 checkdepends="expect"
 options="suid"
 subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
-source="$pkgname-$pkgver.tar.gz::https://github.com/netblue30/$pkgname/archive/$pkgver.tar.gz
-	aarch64.patch
-	"
+source="$pkgname-$pkgver.tar.gz::https://github.com/netblue30/$pkgname/archive/$pkgver.tar.gz"
 builddir="$srcdir/$pkgname-$pkgver"
 
 prepare() {
@@ -57,5 +55,4 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="350e32cf4766dbf42eea6639f895c6b9d0a7cafd3cbd4311f1faa0f56d7be8af30b93befdf0909c34e468bebe4fc5cc9f2023640bab062d6aa33e41446701d2f  firejail-0.9.50.tar.gz
-4f1aa9de49c84bb5860ae0e5df3e139afa430974dce8e4b796284f4c2ef8bac47c989c1d3fc9163bac7575fa79bb9aa04c2205247edd38520e4003f98516205c  aarch64.patch"
+sha512sums="1aca0e210a29ea4c38b82027549b6dcc9c0d50e2bf9f15bd449c6c70b96a4974e1a557ad2ea40a9caefc078ae3f6afafa62d06652fe871b7597d57d24c1705ca  firejail-0.9.52.tar.gz"
diff --git a/community/firejail/aarch64.patch b/community/firejail/aarch64.patch
deleted file mode 100644
index bfb5f49a8d..0000000000
--- a/community/firejail/aarch64.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From c3acf2d222589bf9d94cacfe180ab38fa46c9cb1 Mon Sep 17 00:00:00 2001
-From: Topi Miettinen <toiwoton@gmail.com>
-Date: Sun, 10 Sep 2017 10:34:42 +0300
-Subject: [PATCH] Improve seccomp architecture support
-
----
- src/fseccomp/syscall.c |  6 ++++++
- src/include/seccomp.h  | 26 ++++++++++++++++++++++++++
- 2 files changed, 32 insertions(+)
-
-diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
-index d0692b2ef..69b6e5271 100644
---- a/src/fseccomp/syscall.c
-+++ b/src/fseccomp/syscall.c
-@@ -274,6 +274,9 @@ static const SyscallGroupList sysgroups[] = {
- #ifdef SYS_vserver
- 	  "vserver"
- #endif
-+#if !defined(SYS__sysctl) && !defined(SYS_afs_syscall) && !defined(SYS_bdflush) && !defined(SYS_break) && !defined(SYS_create_module) && !defined(SYS_ftime) && !defined(SYS_get_kernel_syms) && !defined(SYS_getpmsg) && !defined(SYS_gtty) && !defined(SYS_lock) && !defined(SYS_mpx) && !defined(SYS_prof) && !defined(SYS_profil) && !defined(SYS_putpmsg) && !defined(SYS_query_module) && !defined(SYS_security) && !defined(SYS_sgetmask) && !defined(SYS_ssetmask) && !defined(SYS_stty) && !defined(SYS_sysfs) && !defined(SYS_tuxcall) && !defined(SYS_ulimit) && !defined(SYS_uselib) && !defined(SYS_ustat) && !defined(SYS_vserver)
-+	  "__dummy_syscall__" // workaround for arm64 which doesn't have any of above defined and empty syscall lists are not allowed
-+#endif
- 	},
- 	{ .name = "@privileged", .list =
- 	  "@clock,"
-@@ -334,6 +337,9 @@ static const SyscallGroupList sysgroups[] = {
- #ifdef SYS_s390_mmio_write
- 	  "s390_mmio_write"
- #endif
-+#if !defined(SYS_ioperm) && !defined(SYS_iopl) && !defined(SYS_pciconfig_iobase) && !defined(SYS_pciconfig_read) && !defined(SYS_pciconfig_write) && !defined(SYS_s390_mmio_read) && !defined(SYS_s390_mmio_write)
-+	  "__dummy_syscall__" // workaround for s390x which doesn't have any of above defined and empty syscall lists are not allowed
-+#endif
- 	},
- 	{ .name = "@reboot", .list =
- #ifdef SYS_kexec_load
-diff --git a/src/include/seccomp.h b/src/include/seccomp.h
-index 133b6ce72..b8bfce96b 100644
---- a/src/include/seccomp.h
-+++ b/src/include/seccomp.h
-@@ -149,9 +149,35 @@ struct seccomp_data {
- # define ARCH_NR	AUDIT_ARCH_S390
- # define ARCH_32	AUDIT_ARCH_S390
- # define ARCH_64	AUDIT_ARCH_S390X
-+#elif defined(__sh64__) && __BYTE_ORDER == __BIG_ENDIAN
-+# define ARCH_NR	AUDIT_ARCH_SH64
-+# define ARCH_32	AUDIT_ARCH_SH
-+# define ARCH_64	AUDIT_ARCH_SH64
-+#elif defined(__sh64__) && __BYTE_ORDER == __LITTLE_ENDIAN
-+# define ARCH_NR	AUDIT_ARCH_SHEL64
-+# define ARCH_32	AUDIT_ARCH_SHEL
-+# define ARCH_64	AUDIT_ARCH_SHEL64
-+#elif defined(__sh__) && __BYTE_ORDER == __BIG_ENDIAN
-+# define ARCH_NR	AUDIT_ARCH_SH
-+# define ARCH_32	AUDIT_ARCH_SH
-+# define ARCH_64	AUDIT_ARCH_SH64
-+#elif defined(__sh__) && __BYTE_ORDER == __LITTLE_ENDIAN
-+# define ARCH_NR	AUDIT_ARCH_SHEL
-+# define ARCH_32	AUDIT_ARCH_SHEL
-+# define ARCH_64	AUDIT_ARCH_SHEL64
-+#elif defined(__sparc64__)
-+# define ARCH_NR	AUDIT_ARCH_SPARC64
-+# define ARCH_32	AUDIT_ARCH_SPARC
-+# define ARCH_64	AUDIT_ARCH_SPARC64
-+#elif defined(__sparc__)
-+# define ARCH_NR	AUDIT_ARCH_SPARC
-+# define ARCH_32	AUDIT_ARCH_SPARC
-+# define ARCH_64	AUDIT_ARCH_SPARC64
- #else
- # warning "Platform does not support seccomp filter yet"
- # define ARCH_NR	0
-+# define ARCH_32	0
-+# define ARCH_64	0
- #endif
- 
- #define VALIDATE_ARCHITECTURE \