Hello community, here is the log from the commit of package file for openSUSE:Factory checked in at 2020-01-20 22:48:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/file (Old) and /work/SRC/openSUSE:Factory/.file.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "file" Mon Jan 20 22:48:46 2020 rev:117 rq:764572 version:5.38 Changes: -------- --- /work/SRC/openSUSE:Factory/file/file.changes 2020-01-01 14:57:53.185918190 +0100 +++ /work/SRC/openSUSE:Factory/.file.new.26092/file.changes 2020-01-20 22:49:14.211200229 +0100 @@ -1,0 +2,19 @@ +Wed Jan 15 09:17:43 UTC 2020 - Dr. Werner Fink <[email protected]> + +- Looks like libseccomp filter stumble over decompressors like + xz (without liblmza) or zstd hence disable it (boo#1160649) +- Require at build devel packages for liblzma and libbz2 + +------------------------------------------------------------------- +Wed Jan 8 13:55:46 UTC 2020 - Marcus Meissner <[email protected]> + +- file-5.38-allow-readlinkat.dif: allow readlinkat() systemcall, + reenable sandboxing. (bsc#1160303) + +------------------------------------------------------------------- +Tue Jan 7 11:22:04 UTC 2020 - Dr. Werner Fink <[email protected]> + +- Currently file command receives SIGSYS/31 with sandboxing enabled + via libseccomp + +------------------------------------------------------------------- New: ---- file-5.38-allow-readlinkat.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ file.spec ++++++ --- /var/tmp/diff_new_pack.dkiWNN/_old 2020-01-20 22:49:17.435201470 +0100 +++ /var/tmp/diff_new_pack.dkiWNN/_new 2020-01-20 22:49:17.439201471 +0100 @@ -1,7 +1,7 @@ # # spec file for package file # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,6 +23,8 @@ BuildRequires: bash >= 4.0 BuildRequires: libtool BuildRequires: zlib-devel +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libseccomp) URL: http://www.darwinsys.com/file/ # bug437293 @@ -64,6 +66,7 @@ Patch35: file-5.24-nitpick.dif Patch37: file-secure_getenv.patch Patch39: file-5.28-btrfs-image.dif +Patch40: file-5.38-allow-readlinkat.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir /etc %global _miscdir %{_datadir}/misc @@ -129,6 +132,7 @@ %patch35 -p0 -b .nitpick %patch37 -p1 -b .getenv %patch39 -p1 -b .btrfs +%patch40 -p1 -b .readlinkat %patch -b .0 test -s src/magic.h.in || cp -p src/magic.h src/magic.h.in rm -fv src/magic.h @@ -140,7 +144,10 @@ rm -f ltcf-c.sh ltconfig ltmain.sh autoreconf -fiv export CFLAGS="%{optflags} -DHOWMANY=69632 -fPIE $(pkg-config libseccomp --cflags)" -%configure --disable-silent-rules --datadir=%{_miscdir} --disable-static --enable-fsect-man5 +%configure --disable-silent-rules --datadir=%{_miscdir} \ + --disable-static \ + --disable-libseccomp \ + --enable-fsect-man5 make %{?_smp_mflags} pkgdatadir='$(datadir)' LDFLAGS="-pie" %install ++++++ python-magic.spec ++++++ --- /var/tmp/diff_new_pack.dkiWNN/_old 2020-01-20 22:49:17.451201475 +0100 +++ /var/tmp/diff_new_pack.dkiWNN/_new 2020-01-20 22:49:17.451201475 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-magic # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ file-5.38-allow-readlinkat.dif ++++++ Index: file-5.38/src/seccomp.c =================================================================== --- file-5.38.orig/src/seccomp.c +++ file-5.38/src/seccomp.c @@ -202,6 +202,9 @@ enable_sandbox_full(void) #ifdef __NR_newfstatat ALLOW_RULE(newfstatat); #endif +#ifdef __NR_readlinkat + ALLOW_RULE(readlinkat); +#endif ALLOW_RULE(open); ALLOW_RULE(openat); ALLOW_RULE(pread64);
