kcgi: update to 0.13.1.

2023-11-20 22:03:52 +01:00 · 2023-11-20 22:03:52 +01:00 · f159b9354a
parent e03f76784a
commit f159b9354a
4 changed files with 38 additions and 105 deletions
--- a/srcpkgs/kcgi/patches/3f41e39c020d5b135e98fe025f259a5ac999129e.patch
+++ b/srcpkgs/kcgi/patches/3f41e39c020d5b135e98fe025f259a5ac999129e.patch
@ -0,0 +1,36 @@
+From 3f41e39c020d5b135e98fe025f259a5ac999129e Mon Sep 17 00:00:00 2001
+From: Duncan Overbruck <mail@duncano.de>
+Date: Mon, 20 Nov 2023 21:59:50 +0100
+Subject: [PATCH] allow some missing syscalls for i386 with glibc
+
+---
+ sandbox-seccomp-filter.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index a2e009d..46db374 100644
+--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
+@@ -102,6 +102,9 @@ static const struct sock_filter preauth_ctrl[] = {
+ #endif
+ #ifdef __NR_accept /* not defined for __i386__ (linux) */
+ 	SC_ALLOW(accept),
+#endif
+#ifdef __NR_socketcall /* used for accept on __i386__ (linux) */
+	SC_ALLOW(socketcall),
+ #endif
+ 	SC_ALLOW(fcntl),
+ #ifdef __NR_fcntl64 /* only noted on arm */
+@@ -190,6 +193,9 @@ static const struct sock_filter preauth_work[] = {
+ 	SC_ALLOW(fstat), /* for kutil_openlog logging */
+ #ifdef __NR_newfstatat
+ 	SC_ALLOW(newfstatat), /* for kutil_openlog logging */
+#endif
+#ifdef __NR_statx
+	SC_ALLOW(statx), /* for kutil_openlog logging */
+ #endif
+ 	SC_ALLOW(write),
+ 	SC_ALLOW(writev),
+-- 
+2.42.0
+
--- a/srcpkgs/kcgi/patches/ppc-sandbox.patch
+++ b/srcpkgs/kcgi/patches/ppc-sandbox.patch
@ -1,18 +0,0 @@
--- a/configure
-+++ b/configure
-@@ -444,6 +444,15 @@ if [ ${HAVE_SECCOMP_FILTER} -eq 1 ]; then
- 		arm*)
- 			echo "#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_ARM"
- 			;;
-+		ppc64le)
-+			echo "#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE"
-+			;;
-+		ppc64)
-+			echo "#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64"
-+			;;
-+		ppc)
-+			echo "#define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC"
-+			;;
- 	esac
- fi
- 
--- a/srcpkgs/kcgi/patches/seccomp.patch
+++ b/srcpkgs/kcgi/patches/seccomp.patch
@ -1,85 +0,0 @@
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -89,7 +89,12 @@
- 	/* Load the syscall number for checking. */
- 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
- 		offsetof(struct seccomp_data, nr)),
-+#ifdef __NR_open
- 	SC_DENY(open, EACCES),
-+#endif
-+#ifdef __NR_openat
-+	SC_DENY(openat, EACCES),
-+#endif
- 	SC_ALLOW(getpid),
- 	SC_ALLOW(gettimeofday),
- 	SC_ALLOW(clock_gettime),
-@@ -121,12 +126,16 @@
- #ifdef __NR_ppoll
- 	SC_ALLOW(ppoll),
- #endif
-+#ifdef __NR_poll
- 	SC_ALLOW(poll),
-+#endif
- #ifdef __NR__newselect
- 	SC_ALLOW(_newselect),
- #else
-+#ifdef __NR_select
- 	SC_ALLOW(select),
- #endif
-+#endif
- 	SC_ALLOW(madvise),
- #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
- 	SC_ALLOW(mmap2),
-@@ -159,7 +168,12 @@
- 	/* Load the syscall number for checking. */
- 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS,
- 		offsetof(struct seccomp_data, nr)),
-+#ifdef __NR_open
- 	SC_DENY(open, EACCES),
-+#endif
-+#ifdef __NR_openat
-+	SC_DENY(openat, EACCES),
-+#endif
- 	SC_ALLOW(getpid),
- #ifdef __NR_getrandom
- 	SC_ALLOW(getrandom),
-@@ -184,11 +198,15 @@
- #ifdef __NR_ppoll
- 	SC_ALLOW(ppoll),
- #endif
-+#ifdef __NR_poll
- 	SC_ALLOW(poll),
-+#endif
- #ifdef __NR__newselect
- 	SC_ALLOW(_newselect),
- #else
-+#ifdef __NR_select
- 	SC_ALLOW(select),
-+#endif
- #endif
- 	SC_ALLOW(madvise),
- #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -122,6 +122,9 @@
- #ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
- 	SC_ALLOW(shutdown),
- #endif
-+#ifdef __NR_socketcall
-+	SC_ALLOW(socketcall),
-+#endif
- 	SC_ALLOW(brk),
- #ifdef __NR_ppoll
- 	SC_ALLOW(ppoll),
--- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -193,6 +193,9 @@
- #ifdef __NR_newfstatat
- 	SC_ALLOW(newfstatat), /* for kutil_openlog logging */
- #endif
-+#ifdef __NR_fstat64
-+	SC_ALLOW(fstat64), /* for kutil_openlog logging */
-+#endif
- 	SC_ALLOW(write),
- 	SC_ALLOW(writev),
- 	SC_ALLOW(close),
--- a/srcpkgs/kcgi/template
+++ b/srcpkgs/kcgi/template
@ -1,6 +1,6 @@
 # Template file for 'kcgi'
 pkgname=kcgi
-version=0.13.0
+version=0.13.1
 revision=1
 build_style=configure
 configure_args="PREFIX=/usr MANDIR=/usr/share/man SBINDIR=/usr/bin"
@ -15,7 +15,7 @@ license="ISC"
 homepage="http://kristaps.bsd.lv/kcgi/"
 changelog="https://kristaps.bsd.lv/kcgi/archive.html"
 distfiles="http://kristaps.bsd.lv/kcgi/snapshots/kcgi-${version}.tgz"
-checksum=d886e5700f5ec72b00cb668e9f06b7b3906b6ccdc5bab4c89e436d4cc4c0c7a1
+checksum=3246ee78a091b496f7040c5f29fb9e45a7aa2873f4d8d77a30b6437f07db4d49

 export CFLAGS="-DENABLE_SECCOMP_FILTER=1"