diff options
author | J0WI <J0WI@users.noreply.github.com> | 2019-03-21 09:42:17 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-01-23 17:08:13 +0100 |
commit | d7288e99061f0ea9be587cba5712912f10de33f9 (patch) | |
tree | 71aaf030ac81cee59527056481583c085973249e /main | |
parent | 45e394536a3bf2a562ad861feeca530477d4dfd0 (diff) | |
download | aports-d7288e99061f0ea9be587cba5712912f10de33f9.tar.bz2 aports-d7288e99061f0ea9be587cba5712912f10de33f9.tar.xz |
main/libseccomp: upgrade to 2.4.2 (CVE-2019-9893)
fixes #10867
Diffstat (limited to 'main')
-rw-r--r-- | main/libseccomp/APKBUILD | 33 | ||||
-rw-r--r-- | main/libseccomp/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-syscalls.patch | 36 |
2 files changed, 58 insertions, 11 deletions
diff --git a/main/libseccomp/APKBUILD b/main/libseccomp/APKBUILD index f6eddb18f7..8be0cbfcd7 100644 --- a/main/libseccomp/APKBUILD +++ b/main/libseccomp/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Contributor: Dan Williams <dan@ma.ssive.co> pkgname=libseccomp -pkgver=2.3.3 -pkgrel=1 +pkgver=2.4.2 +pkgrel=2 pkgdesc="An interface to the Linux Kernel's syscall filtering mechanism" url="https://github.com/seccomp/libseccomp" arch="all" @@ -13,8 +13,13 @@ makedepends="$depends_dev" checkdepends="bash" subpackages="$pkgname-dev $pkgname-doc" source="https://github.com/seccomp/libseccomp/releases/download/v$pkgver/libseccomp-$pkgver.tar.gz - remove-redefinition-prctl.patch" -builddir="$srcdir/libseccomp-$pkgver" + remove-redefinition-prctl.patch + tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-syscalls.patch + " + +# secfixes: +# 2.4.0-r0: +# - CVE-2019-9893 build() { cd "$builddir" @@ -25,20 +30,26 @@ build() { --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ - --localstatedir=/var \ - || return 1 - make || return 1 + --localstatedir=/var + make } check() { cd "$builddir" - make check || return 1 + # commit be65b26b67099be2b2b4890d736dbd1ad15adf36 adapted to new kernel 5.x syscalls + # as long as we are at 4.19 kernel, we need this change + case "$CARCH" in + ppc64le|s390x) rm -f tests/36-sim-ipc_syscalls.tests \ + tests/37-sim-ipc_syscalls_be.tests;; + esac + make check } package() { cd "$builddir" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install } -sha512sums="845c7e0e916b5f5ad74da446ceff3250148b745c909185f6d5059e807d1b42fa6b74f356cce2a396bff0d4c7a3120e7cdad98d490a97d549327c7693fe1918be libseccomp-2.3.3.tar.gz -f2c31dcafdc9a1ad78e32e76b75e1c1603071eaa3f979e1f2483b879a34ad07e0a4ef3642196a695415cdf81e1ed2bf325175872fb4e203ef9d0e668c287493f remove-redefinition-prctl.patch" +sha512sums="375a3c7c658be6a08b9bb30963e10bb49e8e066119e0be6d3d97faac3db18b8e2c6938d8b5d3874b2f5331ec8295170112fbae83b5a3b5a5bebc0d6705bdfdbb libseccomp-2.4.2.tar.gz +f2c31dcafdc9a1ad78e32e76b75e1c1603071eaa3f979e1f2483b879a34ad07e0a4ef3642196a695415cdf81e1ed2bf325175872fb4e203ef9d0e668c287493f remove-redefinition-prctl.patch +e9c6adbc424c310802851ec486df23aedd8121397a9742f3a5ed4754a5eee7ec1701a6f5e220bb37911b8c48626ba00d70943fad43e489d740d0295e6e9b0dff tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-syscalls.patch" diff --git a/main/libseccomp/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-syscalls.patch b/main/libseccomp/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-syscalls.patch new file mode 100644 index 0000000000..5f688a4a7d --- /dev/null +++ b/main/libseccomp/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-syscalls.patch @@ -0,0 +1,36 @@ +From 35803ceb43c453762a3ab5177c5f8d5dbb813478 Mon Sep 17 00:00:00 2001 +From: Paul Moore <paul@paul-moore.com> +Date: Tue, 5 Nov 2019 15:11:11 -0500 +Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls + +We recently changed how libseccomp handles syscall numbers that are +not defined natively, but we missed test #15. + +Signed-off-by: Paul Moore <paul@paul-moore.com> +--- + tests/15-basic-resolver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c +index 6badef1..0c1eefe 100644 +--- a/tests/15-basic-resolver.c ++++ b/tests/15-basic-resolver.c +@@ -55,15 +55,15 @@ int main(int argc, char *argv[]) + unsigned int arch; + char *name = NULL; + +- if (seccomp_syscall_resolve_name("open") != __NR_open) ++ if (seccomp_syscall_resolve_name("open") != __SNR_open) + goto fail; +- if (seccomp_syscall_resolve_name("read") != __NR_read) ++ if (seccomp_syscall_resolve_name("read") != __SNR_read) + goto fail; + if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) + goto fail; + + rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); +- if (rc != __NR_openat) ++ if (rc != __SNR_openat) + goto fail; + + while ((arch = arch_list[iter++]) != -1) { |