diff options
| author |   Sam James <sam@gentoo.org> | 2024-10-06 15:59:25 +0100 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2024-10-07 03:39:24 +0100 |
| commit | 00b81b84504c9de0c8bc7c9c9071afaf80cc6042 (patch) | |
| tree | d83beedacbf627c9a24ab08afa54f1e35f8aa1ca /sys-libs/libseccomp | |
| parent | sys-libs/tdb: enable py3.13 (diff) | |
| download | gentoo-00b81b84504c9de0c8bc7c9c9071afaf80cc6042.tar.gz gentoo-00b81b84504c9de0c8bc7c9c9071afaf80cc6042.tar.bz2 gentoo-00b81b84504c9de0c8bc7c9c9071afaf80cc6042.zip | |
sys-libs/libseccomp: backport aliasing fix
I thought I'd backported this already, sorry.
Closes: https://bugs.gentoo.org/926648
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sys-libs/libseccomp')
| -rw-r--r-- | sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch | 30 | ||||
| -rw-r--r-- | sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild | 127 |
2 files changed, 157 insertions, 0 deletions
diff --git a/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch b/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch new file mode 100644 index 000000000000..60190702d381 --- /dev/null +++ b/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch @@ -0,0 +1,30 @@ +https://github.com/seccomp/libseccomp/commit/2847f10dddca72167309c04cd09f326fd3b78e2f + +From 2847f10dddca72167309c04cd09f326fd3b78e2f Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sun, 24 Dec 2023 20:38:06 +0100 +Subject: [PATCH] scmp_bpf_sim: fix aliasing UB + +See https://github.com/seccomp/libseccomp/pull/425. + +Punning sys_data_b between uint32_t* and struct* seccomp_data isn't legal, +use memcpy to fix the testsuite with Clang 17. + +Modern compilers recognise this idiom and optimise it out anyway. + +Signed-off-by: Sam James <sam@gentoo.org> +Acked-by: Tom Hromatka <tom.hromatka@oracle.com> +Signed-off-by: Paul Moore <paul@paul-moore.com> +--- a/tools/scmp_bpf_sim.c ++++ b/tools/scmp_bpf_sim.c +@@ -182,7 +182,8 @@ static void bpf_execute(const struct bpf_program *prg, + switch (code) { + case BPF_LD+BPF_W+BPF_ABS: + if (k < BPF_SYSCALL_MAX) { +- uint32_t val = *((uint32_t *)&sys_data_b[k]); ++ uint32_t val; ++ memcpy(&val, &sys_data_b[k], sizeof(val)); + state.acc = ttoh32(arch, val); + } else + exit_error(ERANGE, ip_c); + diff --git a/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild b/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild new file mode 100644 index 000000000000..3baf6b3db7a2 --- /dev/null +++ b/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild @@ -0,0 +1,127 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_EXT=1 +DISTUTILS_OPTIONAL=1 +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..12} ) + +inherit distutils-r1 multilib-minimal + +DESCRIPTION="High level interface to Linux seccomp filter" +HOMEPAGE="https://github.com/seccomp/libseccomp" + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git" + PRERELEASE="2.6.0" + AUTOTOOLS_AUTO_DEPEND=yes + inherit autotools git-r3 +else + AUTOTOOLS_AUTO_DEPEND=no + inherit autotools libtool + SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz + experimental-loong? ( https://github.com/matoro/libseccomp/compare/v${PV}..loongarch-r1.patch + -> ${P}-loongarch-r1.patch )" + KEYWORDS="-* ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux" +fi + +LICENSE="LGPL-2.1" +SLOT="0" +IUSE="experimental-loong python static-libs test" +RESTRICT="!test? ( test )" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +# We need newer kernel headers; we don't keep strict control of the exact +# version here, just be safe and pull in the latest stable ones. bug #551248 +DEPEND=" + >=sys-kernel/linux-headers-5.15 + python? ( ${PYTHON_DEPS} ) +" +RDEPEND="${DEPEND}" +BDEPEND=" + ${DEPEND} + dev-util/gperf + experimental-loong? ( ${AUTOTOOLS_DEPEND} ) + python? ( + ${DISTUTILS_DEPS} + dev-python/cython[${PYTHON_USEDEP}] + ) +" + +PATCHES=( + "${FILESDIR}"/libseccomp-python-shared.patch + "${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch + "${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch + "${FILESDIR}"/libseccomp-2.5.5-arch-syscall-check.patch + "${FILESDIR}"/libseccomp-2.5.5-aliasing.patch +) + +src_prepare() { + if use experimental-loong; then + PATCHES+=( "${DISTDIR}/${P}-loongarch-r1.patch" ) + fi + + default + + if [[ ${PV} == *9999 ]] ; then + sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die + fi + + if use experimental-loong; then + # touch generated files to avoid activating maintainer mode + # remove when loong-fix-build.patch is no longer necessary + touch ./aclocal.m4 ./configure ./configure.h.in || die + find . -name Makefile.in -exec touch {} + || die + fi + + if [[ ${PV} == *9999 ]] || use experimental-loong; then + rm -f "include/seccomp.h" || die + eautoreconf + else + elibtoolize + fi +} + +multilib_src_configure() { + local myeconfargs=( + $(use_enable static-libs static) + --disable-python + ) + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake + + if multilib_is_native_abi && use python ; then + # setup.py expects libseccomp.so to live in "../.libs" + # Copy the python files to the right place for this. + rm -r "${BUILD_DIR}"/src/python || die + cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die + local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}" + + # setup.py reads VERSION_RELEASE from the environment + local -x VERSION_RELEASE=${PRERELEASE-${PV}} + + pushd "${BUILD_DIR}/src/python" >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +multilib_src_install() { + emake DESTDIR="${D}" install + + if multilib_is_native_abi && use python ; then + distutils-r1_src_install + fi +} + +multilib_src_install_all() { + find "${ED}" -type f -name "${PN}.la" -delete || die + + einstalldocs +} |