sys-apps/file: backport a seccomp fix for musl

Closes: https://bugs.gentoo.org/728978
Signed-off-by: Mike Gilbert <floppym@gentoo.org>

4 files changed, 64 insertions, 39 deletions

diff --git a/sys-apps/file/files/file-5.39-add-missing-termios.patch b/sys-apps/file/files/file-5.39-add-missing-termios.patch
index e6cba0d4c28c..0614f52dd275 100644
--- a/sys-apps/file/files/file-5.39-add-missing-termios.patch
+++ b/sys-apps/file/files/file-5.39-add-missing-termios.patch
@@ -1,27 +1,30 @@
-From 769e9868c17a471323b81b12cab851c9fd22baf4 Mon Sep 17 00:00:00 2001
-From: Georgy Yakovlev <gyakovlev@gentoo.org>
-Date: Mon, 15 Jun 2020 14:18:45 -0700
-Subject: [PATCH] add missing termios.h include
+From 471e2c6c61ecd30ba6e304ae0444d364cfd44254 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Thu, 18 Jun 2020 16:25:12 +0000
+Subject: [PATCH] PR/168: gyakovlev: Include <termios.h>
 
-on ppc, TCGETS relies on struct termios being complete, on other
-architectures it does not.
-so termios.h should be included before ioctl.h
 ---
- src/seccomp.c      |   1 +
- 1 file changed, 1 insertion(+)
+ src/seccomp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/src/seccomp.c b/src/seccomp.c
-index e667adf..296f5b3 100644
+index e667adfe4..68c56485d 100644
 --- a/src/seccomp.c
 +++ b/src/seccomp.c
-@@ -33,6 +33,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
+@@ -27,7 +27,7 @@
+ #include "file.h"
+ 
+ #ifndef	lint
+-FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
++FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $")
+ #endif	/* lint */
+ 
  #if HAVE_LIBSECCOMP
- #include <seccomp.h> /* libseccomp */
+@@ -35,6 +35,7 @@ FILE_RCSID("@(#)$File: seccomp.c,v 1.15 2020/05/30 23:56:26 christos Exp $")
  #include <sys/prctl.h> /* prctl */
-+#include <termios.h>
  #include <sys/ioctl.h>
  #include <sys/socket.h>
++#include <termios.h>
  #include <fcntl.h>
--- 
-2.27.0
-
+ #include <stdlib.h>
+ #include <errno.h>
diff --git a/sys-apps/file/files/file-5.39-portage_sandbox.patch b/sys-apps/file/files/file-5.39-portage-sandbox.patch
index ff2caed413fc..3ea26641671f 100644
--- a/sys-apps/file/files/file-5.39-portage_sandbox.patch
+++ b/sys-apps/file/files/file-5.39-portage-sandbox.patch
@@ -1,28 +1,26 @@
-From 7e1d9d51329a0e0f3d9cd1dbc3f9509251950e81 Mon Sep 17 00:00:00 2001
+From 81765a2d4fcce23f42495d5ec03bbfecb2a3c381 Mon Sep 17 00:00:00 2001
 From: tka <tka@kamph.org>
 Date: Wed, 24 Jun 2020 11:18:45 +0200
 Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox
 
-Gentoo-bug: https://bugs.gentoo.org/728978
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+Bug: https://bugs.gentoo.org/728978
 ---
- src/seccomp.c | 3 +++
- 1 file changed, 3 insertions(+)
+ src/seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
 
 diff --git a/src/seccomp.c b/src/seccomp.c
-index 68c56485..af55918e 100644
+index db9364ae..7f5d6f26 100644
 --- a/src/seccomp.c
 +++ b/src/seccomp.c
-@@ -227,6 +227,9 @@ enable_sandbox_full(void)
- 	ALLOW_RULE(unlink);
+@@ -229,6 +229,8 @@ enable_sandbox_full(void)
  	ALLOW_RULE(write);
+ 	ALLOW_RULE(writev);
  
 +	// needed by Gentoo's portage sandbox
 +	ALLOW_RULE(getcwd);
-+
  
  #if 0
  	// needed by valgrind
 -- 
-2.27.0
+2.28.0
 
diff --git a/sys-apps/file/files/file-5.39-seccomp-musl.patch b/sys-apps/file/files/file-5.39-seccomp-musl.patch
new file mode 100644
index 000000000000..72836de67e58
--- /dev/null
+++ b/sys-apps/file/files/file-5.39-seccomp-musl.patch
@@ -0,0 +1,37 @@
+From 93c91e2ba8042d499fee168e27cbd526438454c6 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Sat, 5 Sep 2020 17:20:32 +0000
+Subject: [PATCH] PR/194: puchuu: Handle muslc syscalls
+
+---
+ src/seccomp.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index 68c56485d..db9364ae4 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -27,7 +27,7 @@
+ #include "file.h"
+ 
+ #ifndef	lint
+-FILE_RCSID("@(#)$File: seccomp.c,v 1.16 2020/06/18 16:25:12 christos Exp $")
++FILE_RCSID("@(#)$File: seccomp.c,v 1.17 2020/09/05 17:20:32 christos Exp $")
+ #endif	/* lint */
+ 
+ #if HAVE_LIBSECCOMP
+@@ -220,12 +220,14 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(rt_sigreturn);
+ 	ALLOW_RULE(select);
+ 	ALLOW_RULE(stat);
++	ALLOW_RULE(statx);
+ 	ALLOW_RULE(stat64);
+ 	ALLOW_RULE(sysinfo);
+ 	ALLOW_RULE(umask);	// Used in file_pipe2file()
+ 	ALLOW_RULE(getpid);	// Used by glibc in file_pipe2file()
+ 	ALLOW_RULE(unlink);
+ 	ALLOW_RULE(write);
++	ALLOW_RULE(writev);
+ 
+ 
+ #if 0
diff --git a/sys-apps/file/files/file-5.39-seccomp_sandbox.patch b/sys-apps/file/files/file-5.39-seccomp_sandbox.patch
deleted file mode 100644
index da0a0ff1f284..000000000000
--- a/sys-apps/file/files/file-5.39-seccomp_sandbox.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Don't call file with seccomp in portage sandbox. This will fail:
-
-  make[2]: *** [Makefile:834: magic.mgc] Bad system call
-
---- file-5.39/magic/Makefile.am
-+++ file-5.39/magic/Makefile.am
-@@ -352,5 +352,5 @@
- 		exit 1; \
- 	    fi; \
- 	  fi)
--	$(FILE_COMPILE) -C -m magic
-+	$(FILE_COMPILE) -S -C -m magic
- 	@rm -fr magic