Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tracker-miners for openSUSE:Factory checked in at 2022-02-27 22:42:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tracker-miners (Old) and /work/SRC/openSUSE:Factory/.tracker-miners.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tracker-miners" Sun Feb 27 22:42:46 2022 rev:34 rq:957761 version:3.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tracker-miners/tracker-miners.changes 2021-12-12 00:56:26.950536571 +0100 +++ /work/SRC/openSUSE:Factory/.tracker-miners.new.1958/tracker-miners.changes 2022-02-27 22:42:53.506626935 +0100 @@ -1,0 +2,7 @@ +Fri Feb 25 18:01:53 UTC 2022 - Michael Gorse <[email protected]> + +- Add tracker-miners-allow-rseq.patch and + tracker-miners-allow-mbind.patch: allow system calls used by + gstreamer (boo#1196205 glgo#GNOME/tracker-miners#210). + +------------------------------------------------------------------- New: ---- tracker-miners-allow-mbind.patch tracker-miners-allow-rseq.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tracker-miners.spec ++++++ --- /var/tmp/diff_new_pack.CG3v9A/_old 2022-02-27 22:42:54.090627105 +0100 +++ /var/tmp/diff_new_pack.CG3v9A/_new 2022-02-27 22:42:54.094627105 +0100 @@ -1,7 +1,7 @@ # # spec file for package tracker-miners # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,10 @@ Group: System/GUI/GNOME URL: https://wiki.gnome.org/Projects/Tracker Source0: https://download.gnome.org/sources/tracker-miners/3.2/%{name}-%{version}.tar.xz +# PATCH-FIX-UPSTREAM tracker-miners-allow-rseq.patch boo#1196205 [email protected] -- allow rseq() syscall in seccomp. +Patch0: tracker-miners-allow-rseq.patch +# PATCH-FIX-UPSTREAM tracker-miners-allow-mbind.patch boo#1196205 [email protected] -- allow mbind() syscall in seccomp. +Patch1: tracker-miners-allow-mbind.patch ### NOTE: Keep please SLE-only patches at bottom (starting on 1000). # PATCH-FIX-SLE tracker-miners-drop-syscalls-in-seccomp.patch bsc#1192567 [email protected] -- Revert some syscalls in seccomp since Leap and SLE do not have them Patch1000: tracker-miners-drop-syscalls-in-seccomp.patch @@ -95,6 +99,8 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 # SLE and Leap only patches start at 1000 %if 0%{?sle_version} ++++++ tracker-miners-allow-mbind.patch ++++++ >From 923494626c8a4f3fc8619b284b7d267dc3458734 Mon Sep 17 00:00:00 2001 From: Carlos Garnacho <[email protected]> Date: Wed, 5 Jan 2022 11:52:27 +0100 Subject: [PATCH 2/2] libtracker-miners-common: Allow 'mbind' syscall in seccomp This syscall allows setting the NUMA policy for the pages allocated in mmap-ed memory. This seems a fair thing to do, given the scary features of this syscall are still under CAP_SYS_ADMIN. This was seen through GStreamer in Ubuntu 22.04 Fixes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/210 --- src/libtracker-miners-common/tracker-seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c index 5567233e6..1768ef1a1 100644 --- a/src/libtracker-miners-common/tracker-seccomp.c +++ b/src/libtracker-miners-common/tracker-seccomp.c @@ -108,6 +108,7 @@ tracker_seccomp_init (void) ALLOW_RULE (mremap); ALLOW_RULE (mprotect); ALLOW_RULE (madvise); + ALLOW_RULE (mbind); ERROR_RULE (mlock, EPERM); ERROR_RULE (mlock2, EPERM); ERROR_RULE (munlock, EPERM); -- 2.35.1 ++++++ tracker-miners-allow-rseq.patch ++++++ >From 1982471a4605430eca05ec99ed9998246fabc3d2 Mon Sep 17 00:00:00 2001 From: Carlos Garnacho <[email protected]> Date: Wed, 5 Jan 2022 11:31:16 +0100 Subject: [PATCH 1/2] libtracker-miners-common: Allow 'rseq' syscall in seccomp Allow this syscall for restartable sequences, a faster approach to critical sections. At the moment spotted via GStreamer in Fedora Rawhide, tt can be expected that more applications will be using this syscall. --- src/libtracker-miners-common/tracker-seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c index 7d88395da..5567233e6 100644 --- a/src/libtracker-miners-common/tracker-seccomp.c +++ b/src/libtracker-miners-common/tracker-seccomp.c @@ -156,6 +156,7 @@ tracker_seccomp_init (void) ALLOW_RULE (futex); ALLOW_RULE (futex_time64); ALLOW_RULE (set_robust_list); + ALLOW_RULE (rseq); ALLOW_RULE (rt_sigaction); ALLOW_RULE (rt_sigprocmask); ALLOW_RULE (sched_yield); -- 2.35.1
