[gentoo-commits] repo/gentoo:master commit in: net-vpn/ocserv/, net-vpn/ocserv/files/

Wed, 06 Nov 2024 11:03:34 -0800 

commit:     f583425b1b4bb47028bedf14ae72d375705b02d4
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  6 19:01:52 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Nov  6 19:01:52 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f583425b

net-vpn/ocserv: fix tests on arm64

Closes: https://bugs.gentoo.org/942899
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/ocserv-1.3.0-seccomp-readlinkat.patch    | 31 ++++++++++++++++++++++
 ...{ocserv-1.3.0.ebuild => ocserv-1.3.0-r1.ebuild} |  4 +++
 2 files changed, 35 insertions(+)

diff --git a/net-vpn/ocserv/files/ocserv-1.3.0-seccomp-readlinkat.patch 
b/net-vpn/ocserv/files/ocserv-1.3.0-seccomp-readlinkat.patch
new file mode 100644
index 000000000000..e26e93140ccc
--- /dev/null
+++ b/net-vpn/ocserv/files/ocserv-1.3.0-seccomp-readlinkat.patch
@@ -0,0 +1,31 @@
+https://gitlab.com/openconnect/ocserv/-/merge_requests/444
+https://bugs.gentoo.org/942899
+
+From e58139e49752dffb6983b3ccc5455d612912dd66 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <[email protected]>
+Date: Wed, 6 Nov 2024 13:53:51 -0500
+Subject: [PATCH] Allow the readlinkat syscall when socket_wrapper is in use
+
+On arm64, the realpath function calls readlinkat instead of readlink.
+
+Fixes: https://gitlab.com/openconnect/ocserv/-/issues/627
+Signed-off-by: Mike Gilbert <[email protected]>
+---
+ src/worker-privs.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/worker-privs.c b/src/worker-privs.c
+index 54985999b..6e0762780 100644
+--- a/src/worker-privs.c
++++ b/src/worker-privs.c
+@@ -105,6 +105,7 @@ int disable_system_calls(struct worker_st *ws)
+        * them when socket wrapper is active */
+       if (getenv("SOCKET_WRAPPER_DIR") != NULL) {
+               ADD_SYSCALL(readlink, 0);
++              ADD_SYSCALL(readlinkat, 0);
+       }
+ 
+       /* we use quite some system calls here, and in the end
+-- 
+GitLab
+

diff --git a/net-vpn/ocserv/ocserv-1.3.0.ebuild 
b/net-vpn/ocserv/ocserv-1.3.0-r1.ebuild
similarity index 97%
rename from net-vpn/ocserv/ocserv-1.3.0.ebuild
rename to net-vpn/ocserv/ocserv-1.3.0-r1.ebuild
index c354d7bae7ad..ddfef2cd45cc 100644
--- a/net-vpn/ocserv/ocserv-1.3.0.ebuild
+++ b/net-vpn/ocserv/ocserv-1.3.0-r1.ebuild
@@ -59,6 +59,10 @@ DEPEND="
 "
 RDEPEND="${DEPEND}"
 
+PATCHES=(
+       "${FILESDIR}"/ocserv-1.3.0-seccomp-readlinkat.patch
+)
+
 src_prepare() {
        default
        if [[ ${PV} == 9999 ]]; then

Reply via email to