app-misc/mc: backport file seccomp failure

Reported-by: Anton Bolshakov Closes: https://bugs.gentoo.org/776988 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
author: Sergei Trofimovich <slyfox@gentoo.org> 2021-03-31 22:24:54 +0100
committer: Sergei Trofimovich <slyfox@gentoo.org> 2021-03-31 23:17:40 +0100
commit: 10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86 (patch)
tree: 98465b60ba448c5cd071ed8323cc7ba047231f23
parent: app-text/ghostscript-gpl: fix docdir (diff)
download: gentoo-10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86.tar.gz
gentoo-10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86.tar.bz2
gentoo-10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86.zip
2 files changed, 260 insertions, 0 deletions
diff --git a/app-misc/mc/files/mc-4.8.26-file-seccomp.patch b/app-misc/mc/files/mc-4.8.26-file-seccomp.patch
new file mode 100644
index 000000000000..0a36f47f3a40
--- /dev/null
+++ b/app-misc/mc/files/mc-4.8.26-file-seccomp.patch
@@ -0,0 +1,142 @@
+https://bugs.gentoo.org/776988
+https://github.com/MidnightCommander/mc/commit/1ed638d66cf803f69ac12ee80a72d217f2146e43
+
+From 1ed638d66cf803f69ac12ee80a72d217f2146e43 Mon Sep 17 00:00:00 2001
+From: Andrew Borodin <aborodin@vmail.ru>
+Date: Tue, 16 Feb 2021 16:29:51 +0300
+Subject: [PATCH] Ticket #4180: fix zip handling.
+
+After 8857423e4ebb770b6f0ea3103abf5d35c85fcbe8 zip archives opened with
+an error:
+
+    file -L -z archive.zip: Bad system call
+
+This caused by using /usr/bin/file with -z option, because seccomp (a
+security sandbox) doesn't allow it..
+
+Solution: use -S option together with -z one.
+
+The file command accepts the -S option since 5.33.
+
+Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
+---
+ configure.ac          | 66 +++++++++++++++++++++++++++++++++++--------
+ src/filemanager/ext.c |  7 +++--
+ src/setup.c           |  2 ++
+ 3 files changed, 60 insertions(+), 15 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5f372dc3f5..f2351c99ad 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -115,23 +115,65 @@ fi
+ AC_SUBST(MANDOC)
+ AC_SUBST(MAN_FLAGS)
+ 
+-dnl Check for -L option to file
++dnl Check for -z, -L, and -S options to file
+ AC_CHECK_PROG(HAVE_FILECMD, file, true, false)
+ if $HAVE_FILECMD; then
+-    AC_MSG_CHECKING([for -L option to file command])
+-    AC_CACHE_VAL(mc_cv_filel, [
+-    file -L . > /dev/null 2>&1
+-    if test $? = 0; then
+-	mc_cv_filel=yes
++    dnl Don't use the file command if it doesn't accept the -z option
++    AC_MSG_CHECKING([for -z option to file command])
++    AC_CACHE_VAL(mc_cv_file_z, [
++        file -z . > /dev/null 2>&1
++        if test $? = 0; then
++            mc_cv_file_z=yes
++        else
++            mc_cv_file_z=no
++        fi
++    ])
++    AC_MSG_RESULT([$mc_cv_file_z])
++
++    if test x$mc_cv_file_z = xyes; then
++        AC_DEFINE(USE_FILE_CMD, 1, [Define if the file command accepts the -z option])
+     else
+-	mc_cv_filel=no
++        AC_MSG_WARN([The file command doesn't accept the -z option and will not be used])
+     fi
+-    ])
+-    if test x$mc_cv_filel = xyes; then
+-	AC_DEFINE(FILE_L, 1, [Define if the file command accepts the -L option])
++
++    if test x$mc_cv_file_z = xyes; then
++        dnl file is used; check -L and -S options
++
++        AC_MSG_CHECKING([for -L option to file command])
++        AC_CACHE_VAL(mc_cv_file_L, [
++            file -L . > /dev/null 2>&1
++            if test $? = 0; then
++                mc_cv_file_L=yes
++            else
++                mc_cv_file_L=no
++            fi
++        ])
++        AC_MSG_RESULT([$mc_cv_file_L])
++
++        if test x$mc_cv_file_L = xyes; then
++            AC_DEFINE(FILE_L, "-L ", [Define if the file command accepts the -L option])
++        else
++            AC_DEFINE(FILE_L, "", [Define if the file command accepts the -L option])
++        fi
++
++        dnl The file command accepts the -S option since 5.33
++        AC_MSG_CHECKING([for -S option to file command])
++        AC_CACHE_VAL(mc_cv_file_S, [
++            file -S . > /dev/null 2>&1
++            if test $? = 0; then
++                mc_cv_file_S=yes
++            else
++                mc_cv_file_S=no
++            fi
++        ])
++        AC_MSG_RESULT([$mc_cv_file_S])
++
++        if test x$mc_cv_file_S = xyes; then
++            AC_DEFINE(FILE_S, "-S ", [Define if file command accepts the -S option])
++        else
++            AC_DEFINE(FILE_S, "", [Define if file command accepts the -S option])
++        fi
+     fi
+-    filel=$mc_cv_filel
+-    AC_MSG_RESULT([$filel])
+ fi
+ 
+ dnl Only list browsers here that can be run in background (i.e. with `&')
+diff --git a/src/filemanager/ext.c b/src/filemanager/ext.c
+index 4e6f10c6c5..d6a09df7bb 100644
+--- a/src/filemanager/ext.c
++++ b/src/filemanager/ext.c
+@@ -71,10 +71,11 @@
+ 
+ /*** file scope macro definitions ****************************************************************/
+ 
+-#ifdef FILE_L
+-#define FILE_CMD "file -L -z "
++#ifdef USE_FILE_CMD
++#define FILE_CMD "file -z " FILE_S FILE_L
+ #else
+-#define FILE_CMD "file -z "
++/* actually file is unused, but define some reasonable command */
++#define FILE_CMD "file "
+ #endif
+ 
+ /*** file scope type declarations ****************************************************************/
+diff --git a/src/setup.c b/src/setup.c
+index 77c07649d5..2ef07f2569 100644
+--- a/src/setup.c
++++ b/src/setup.c
+@@ -317,7 +317,9 @@ static const struct
+     { "old_esc_mode", &old_esc_mode },
+     { "cd_symlinks", &mc_global.vfs.cd_symlinks },
+     { "show_all_if_ambiguous", &mc_global.widget.show_all_if_ambiguous },
++#ifdef USE_FILE_CMD
+     { "use_file_to_guess_type", &use_file_to_check_type },
++#endif
+     { "alternate_plus_minus", &mc_global.tty.alternate_plus_minus },
+     { "only_leading_plus_minus", &only_leading_plus_minus },
+     { "show_output_starts_shell", &output_starts_shell },
diff --git a/app-misc/mc/mc-4.8.26-r2.ebuild b/app-misc/mc/mc-4.8.26-r2.ebuild
new file mode 100644
index 000000000000..9bd2fbe7d5ed
--- /dev/null
+++ b/app-misc/mc/mc-4.8.26-r2.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic
+
+MY_P=${P/_/-}
+
+DESCRIPTION="GNU Midnight Commander is a text based file manager"
+HOMEPAGE="https://www.midnight-commander.org"
+SRC_URI="http://ftp.midnight-commander.org/${MY_P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x86-solaris"
+IUSE="+edit gpm nls samba sftp +slang spell test unicode X +xdg"
+
+REQUIRED_USE="spell? ( edit )"
+
+RDEPEND=">=dev-libs/glib-2.26.0:2
+	gpm? ( sys-libs/gpm )
+	kernel_linux? ( sys-fs/e2fsprogs )
+	samba? ( net-fs/samba )
+	sftp? ( net-libs/libssh2 )
+	slang? ( >=sys-libs/slang-2 )
+	!slang? ( sys-libs/ncurses:0=[unicode?] )
+	spell? ( app-text/aspell )
+	X? ( x11-libs/libX11
+		x11-libs/libICE
+		x11-libs/libXau
+		x11-libs/libXdmcp
+		x11-libs/libSM )"
+DEPEND="${RDEPEND}
+	app-arch/xz-utils
+	virtual/pkgconfig
+	nls? ( sys-devel/gettext )
+	test? ( dev-libs/check )
+	"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-shadow-crash.patch
+	"${FILESDIR}"/${P}-file-seccomp.patch
+)
+
+RESTRICT="!test? ( test )"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_pretend() {
+	if use slang && use unicode ; then
+		ewarn "\"unicode\" USE flag only takes effect when the \"slang\" USE flag is disabled."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# patch touches configure.ac
+	eautoreconf
+}
+
+src_configure() {
+	[[ ${CHOST} == *-solaris* ]] && append-ldflags "-lnsl -lsocket"
+
+	local myeconfargs=(
+		--enable-charset
+		--enable-vfs
+		--with-homedir=$(usex xdg 'XDG' '.mc')
+		--with-screen=$(usex slang 'slang' "ncurses$(usex unicode 'w' '')")
+		$(use_enable kernel_linux vfs-undelfs)
+		# Today mclib does not expose any headers and is linked to
+		# single 'mc' binary. Thus there is no advantage of having
+		# a library. Let's avoid shared library altogether
+		# as it also conflicts with sci-libs/mc: bug #685938
+		--disable-mclib
+		$(use_enable nls)
+		$(use_enable samba vfs-smb)
+		$(use_enable sftp vfs-sftp)
+		$(use_enable spell aspell)
+		$(use_enable test tests)
+		$(use_with gpm gpm-mouse)
+		$(use_with X x)
+		$(use_with edit internal-edit)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	# CK_FORK=no to avoid using fork() in check library
+	# as mc mocks fork() itself: bug #644462.
+	#
+	# VERBOSE=1 to make test failures contain detailed
+	# information.
+	CK_FORK=no emake check VERBOSE=1
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	dodoc AUTHORS README NEWS
+
+	# fix bug #334383
+	if use kernel_linux && [[ ${EUID} == 0 ]] ; then
+		fowners root:tty /usr/libexec/mc/cons.saver
+		fperms g+s /usr/libexec/mc/cons.saver
+	fi
+
+	if ! use xdg ; then
+		sed 's@MC_XDG_OPEN="xdg-open"@MC_XDG_OPEN="/bin/false"@' \
+			-i "${ED}"/usr/libexec/mc/ext.d/*.sh || die
+	fi
+}
+
+pkg_postinst() {
+	elog "To enable exiting to latest working directory,"
+	elog "put this into your ~/.bashrc:"
+	elog ". ${EPREFIX}/usr/libexec/mc/mc.sh"
+}
author	Sergei Trofimovich <slyfox@gentoo.org>	2021-03-31 22:24:54 +0100
committer	Sergei Trofimovich <slyfox@gentoo.org>	2021-03-31 23:17:40 +0100
commit	10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86 (patch)
tree	98465b60ba448c5cd071ed8323cc7ba047231f23
parent	app-text/ghostscript-gpl: fix docdir (diff)
download	gentoo-10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86.tar.gz gentoo-10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86.tar.bz2 gentoo-10a9d09e7c28f9a838a2bf4ad27a6e657aee7e86.zip