From 67efaff61522aeb024152ab6cddf7c40ffacb530 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Thu, 19 Oct 2023 21:52:41 +0100
Subject: gentoo auto-resync : 19:10:2023 - 21:52:41

---
 sys-apps/file/Manifest                             |   3 +-
 sys-apps/file/file-5.45-r1.ebuild                  | 180 ---------------------
 sys-apps/file/file-5.45-r3.ebuild                  | 180 +++++++++++++++++++++
 .../file/files/file-5.45-seccomp-sandbox.patch     |  56 +++++++
 4 files changed, 238 insertions(+), 181 deletions(-)
 delete mode 100644 sys-apps/file/file-5.45-r1.ebuild
 create mode 100644 sys-apps/file/file-5.45-r3.ebuild
 create mode 100644 sys-apps/file/files/file-5.45-seccomp-sandbox.patch

(limited to 'sys-apps/file')

diff --git a/sys-apps/file/Manifest b/sys-apps/file/Manifest
index 426194814900..1f30306c7d50 100644
--- a/sys-apps/file/Manifest
+++ b/sys-apps/file/Manifest
@@ -5,13 +5,14 @@ AUX file-5.44-limits-solaris.patch 443 BLAKE2B d7481f0669b48d6c1a94e50706b652363
 AUX file-5.44-seccomp-utimes.patch 587 BLAKE2B c1d2a8861034e9de0d4b1d0440935bd1ce25b789de0ac7f573378a1ef5d409f4c879deb0fd8dc89c48674d5af795cf8b99f7da870c9e5d54cec7a2d400b803f5 SHA512 e41b80f2e858ecc3e100b128d41c2d2e948a334f87523ae5d0c3b50916c678f37d6f26948d0b51a1bbdea9b0ab2683a3955004df2736d1240dcf80ee14390d9f
 AUX file-5.45-32-bit-time_t-deux.patch 929 BLAKE2B 3798fe20be6deb8df058c51d916760233c08fa405cfc880de0b325d0878a70045b2164a6cd660a28b19e154da83140fd49cf19d96cc2f9867657c6e53dddeb17 SHA512 31c158dd610913da5fb6d51951ffc474b9ca25c34701c74c058b9edffd4a061d92ea72dbe0bd459b3cfc2a143ddbc2a1b88a8f93319974b5543155b74808508d
 AUX file-5.45-32-bit-time_t.patch 1164 BLAKE2B a2840cb4a14c8e0bd35e4bf054b336a52b6f26d3d041f87deb3a3a02be31d0fa60e731b964bedc3a22a2e52f5fa8e4b5e7b017247d838c32f2c09d2985397eae SHA512 0059736fec00a33d41005891524553c4b89b2c3d78f5b30c58737be0d7b8e3d26b17591fe52cb570b21d0b39203614055221f726e1914c053dcf5dcc8ad02da1
+AUX file-5.45-seccomp-sandbox.patch 1354 BLAKE2B 5b84be7d9a8ac3a99a6414895afab07fb3a135b646890c960bf02b6276cfc0bacb8b1cf1f2cabb34017ce3e7389b8bf023779b15b8b8d2e89c4da2734fa6b9ac SHA512 cb3973a5165641acd32dc5101f8e07f93e5a05b0b90cb1f03502dda6ba54e5f59c74efec45b430000c61996436c0b973b68553351400aabbec4355d9ebd091fc
 AUX file-5.45-weak-magic-shell.patch 1166 BLAKE2B 715d220e472a6ea1c6374f8b0f789699f0cb4292c25768808d23503104e660ad07946e5e6466cc391eb7ffd87fbca1966e13da39440046576183f56b8c013bc9 SHA512 532bbd9d643badb50977b3ff168a77dbd282f9e83f11716d1f863bcf2ef29402a2e6d488a79e175d24a36bdcad68f9ef940478bc658bad0bc2ddcdc34f26148d
 DIST file-5.44.tar.gz 1186437 BLAKE2B a90ccae738a95315d75a0aaee7bbff3624425cc9267daf18ba9147b7c9b9ebfb31288b54c63a73e4695eca0e876f206e40bcb81c422f1bf572b976e753b25a42 SHA512 26c3b9c7a6950649d0b2de896bfeca54289febe4cd487c0f91aa6ff1857fa49f9077f8738a17b86100125668a31dae05b586615c564f78da47ac20a1e4a74f63
 DIST file-5.44.tar.gz.asc 195 BLAKE2B a0905d42fec0fa052d75fb5b267c6ae223176451c0f1d3346006d4b760c3d858f2dcda5f0a30c6aa4b09b5afee427b75bc4debd5033d978f39dc1da01d3e1bd1 SHA512 1a4dc39283f4859581441aa35b3ed72b323c4e05ca0960d17126d1b9ec18465c695c0545e24f09f8437a60ab52e582be67b6cbbc656bbb676de00148c3644d23
 DIST file-5.45.tar.gz 1246503 BLAKE2B 30fc77c091e6624f2e9a950f4c6fe69ea6aa46d4a8ad9f20d49320a3675617c5bfbc9ff1ebba5eeb2cf4435c38d71b47b8beeb5146c9f55fe3bac11fe65e89bd SHA512 12611a59ff766c22a55db4b4a9f80f95a0a2e916a1d8593612c6ead32c247102a8fdc23693c6bf81bda9b604d951a62c0051e91580b1b79e190a3504c0efc20a
 DIST file-5.45.tar.gz.asc 163 BLAKE2B 1405080c63412e9c66bfe06086ecee28b276b77cc2ddacb20cfd370c539a0d983812fd29dcf7a33bad69d6490cd439ef8d1219bfaf3928fb835a38da85013af3 SHA512 56bf131b2f35e896788be19b4d8cd1c7ec942c794fb584d5e589375d22fbccebdd04c03e779fafc0c10840586dc41e64251b3de1767ae9ab95f5d3300f9af254
 EBUILD file-5.44-r3.ebuild 4137 BLAKE2B 4226f9be97736eb6540ccada16b16c50b949516af7546dec4d4999bb77bf03f70c84307b44d9e9be27d890a2e64676acb17c26f25f65da1408475192a7eb09bc SHA512 0aadc7dc621d374f6f0fdd796cd27357330d15814b2c833e1db4ebd188b3b14c185a29769b5ebf81265ab8793fc05a56d53625d17906a29f1dc54dcd90b6c791
-EBUILD file-5.45-r1.ebuild 4173 BLAKE2B 842661f1538aed08a494d8f0c57ec30629e91a8cf89930187e9c7413d5796eb497d8e77663edcc550b3a6c2ee6536348675735f90a777498fa94086721fbf97a SHA512 74dae7d5bc33323ed7136effbb97e4a0f74bbe28f8b7fcbddba2f32d49d205db33614a5cd9bc3aa109ae3f1836cd54d6165dd79a180eea164b31ab37cd58be0a
+EBUILD file-5.45-r3.ebuild 4165 BLAKE2B 7ee7f5a382af54b86ccfc2fc5d06037f3a5bffb3e4e1dfd229e341b323549174907f2b859adfa9b47766d7a7258d0259da6c47a22240a1af500c6562a096c27a SHA512 08baf6e4cbc901d4e8f61bc1a1363d62dca7c46821747fcf40c7ad76f92ac165bfe98ccd40699f5321a52a9b6e4f52b2a7b292ad834619b179e8906315409952
 EBUILD file-5.45.ebuild 3963 BLAKE2B 422373b76dc8423cbb0397914a3c9504d7167168e49264fa02a6878e5ee7230806f14933eb716ddc7cc82a82220318a2bf029535add9da22a6e52afe3a7f074e SHA512 b9ebc61cf356d624117618ea3b16477797120d204bba2ebc9f3309b489838b9c2750673431b05c0bb07968ec9cbe8ed7567b519daa697a237728e0e9b30213ea
 EBUILD file-9999.ebuild 3963 BLAKE2B 422373b76dc8423cbb0397914a3c9504d7167168e49264fa02a6878e5ee7230806f14933eb716ddc7cc82a82220318a2bf029535add9da22a6e52afe3a7f074e SHA512 b9ebc61cf356d624117618ea3b16477797120d204bba2ebc9f3309b489838b9c2750673431b05c0bb07968ec9cbe8ed7567b519daa697a237728e0e9b30213ea
 MISC metadata.xml 565 BLAKE2B 737512e354fedb4483608b04c594a486c0d8a0f70d23d306c59c78dedb0c8116f80ff558926444b9d9b9ef15805b3826163523b5644c88f01a330be1b8c9a76f SHA512 f240bf9e064c6e6f5b63e3265dfe3adf5b1d2c2b5b2456b79ea7451580150271ccb4097d33967de57ba767fecbdbea51fb62ccb683fcc5e1cca101be660ffd19
diff --git a/sys-apps/file/file-5.45-r1.ebuild b/sys-apps/file/file-5.45-r1.ebuild
deleted file mode 100644
index 84d29bfbdf00..000000000000
--- a/sys-apps/file/file-5.45-r1.ebuild
+++ /dev/null
@@ -1,180 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_USE_PEP517=setuptools
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python3_{10..11} )
-
-inherit distutils-r1 toolchain-funcs multilib-minimal
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/glensc/file.git"
-	inherit autotools git-r3
-else
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/file.asc
-	inherit autotools verify-sig
-	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
-	SRC_URI+=" verify-sig? ( ftp://ftp.astron.com/pub/file/${P}.tar.gz.asc )"
-
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-file )"
-fi
-
-DESCRIPTION="Identify a file's format by scanning binary data for patterns"
-HOMEPAGE="https://www.darwinsys.com/file/"
-
-LICENSE="BSD-2"
-SLOT="0"
-IUSE="bzip2 lzip lzma python seccomp static-libs zlib zstd"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-DEPEND="
-	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
-	lzip? ( app-arch/lzlib )
-	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
-	python? (
-		${PYTHON_DEPS}
-		dev-python/setuptools[${PYTHON_USEDEP}]
-	)
-	seccomp? ( >=sys-libs/libseccomp-2.5.4[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
-"
-RDEPEND="
-	${DEPEND}
-	python? ( !dev-python/python-magic )
-	seccomp? ( >=sys-libs/libseccomp-2.5.4[${MULTILIB_USEDEP}] )
-"
-BDEPEND+="
-	python? (
-		${PYTHON_DEPS}
-		${DISTUTILS_DEPS}
-	)
-"
-
-# https://bugs.gentoo.org/898676
-QA_CONFIG_IMPL_DECL_SKIP=( makedev )
-
-PATCHES=(
-	"${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet
-	"${FILESDIR}/file-5.43-portage-sandbox.patch" #889046
-	"${FILESDIR}/${P}-32-bit-time_t.patch"
-	"${FILESDIR}/${P}-32-bit-time_t-deux.patch"
-	"${FILESDIR}/${P}-weak-magic-shell.patch" #908401
-)
-
-src_prepare() {
-	default
-
-	#if [[ ${PV} == 9999 ]] ; then
-	#	eautoreconf
-	#else
-	#	elibtoolize
-	#fi
-	# Just for file-5.45-32-bit-time_t-deux.patch, drop in 5.46
-	eautoreconf
-
-	# Don't let python README kill main README, bug #60043
-	mv python/README.md python/README.python.md || die
-
-	# bug #662090
-	sed -i 's@README.md@README.python.md@' python/setup.py || die
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		--enable-fsect-man5
-		$(use_enable bzip2 bzlib)
-		$(multilib_native_use_enable lzip lzlib)
-		$(use_enable lzma xzlib)
-		$(use_enable seccomp libseccomp)
-		$(use_enable static-libs static)
-		$(use_enable zlib)
-		$(use_enable zstd zstdlib)
-	)
-
-	econf "${myeconfargs[@]}"
-}
-
-build_src_configure() {
-	local myeconfargs=(
-		--disable-shared
-		--disable-libseccomp
-		--disable-bzlib
-		--disable-xzlib
-		--disable-zlib
-	)
-
-	econf_build "${myeconfargs[@]}"
-}
-
-need_build_file() {
-	# When cross-compiling, we need to build up our own file
-	# because people often don't keep matching host/target
-	# file versions, bug #362941
-	tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
-}
-
-src_configure() {
-	local ECONF_SOURCE="${S}"
-
-	if need_build_file ; then
-		mkdir -p "${WORKDIR}"/build || die
-		cd "${WORKDIR}"/build || die
-		build_src_configure
-	fi
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_compile() {
-	if multilib_is_native_abi ; then
-		emake
-	else
-		# bug #586444
-		emake -C src magic.h
-		emake -C src libmagic.la
-	fi
-}
-
-src_compile() {
-	if need_build_file ; then
-		# bug #586444
-		emake -C "${WORKDIR}"/build/src magic.h
-		emake -C "${WORKDIR}"/build/src file
-		local -x PATH="${WORKDIR}/build/src:${PATH}"
-	fi
-
-	multilib-minimal_src_compile
-
-	if use python ; then
-		cd python || die
-		distutils-r1_src_compile
-	fi
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi ; then
-		default
-	else
-		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
-	fi
-}
-
-multilib_src_install_all() {
-	dodoc ChangeLog MAINT # README
-
-	# Required for `file -C`
-	insinto /usr/share/misc/magic
-	doins -r magic/Magdir/*
-
-	if use python ; then
-		cd python || die
-		distutils-r1_src_install
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
diff --git a/sys-apps/file/file-5.45-r3.ebuild b/sys-apps/file/file-5.45-r3.ebuild
new file mode 100644
index 000000000000..6626b607e4b4
--- /dev/null
+++ b/sys-apps/file/file-5.45-r3.ebuild
@@ -0,0 +1,180 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+DISTUTILS_OPTIONAL=1
+PYTHON_COMPAT=( python3_{10..11} )
+
+inherit distutils-r1 toolchain-funcs multilib-minimal
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/glensc/file.git"
+	inherit autotools git-r3
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/file.asc
+	inherit autotools verify-sig
+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
+	SRC_URI+=" verify-sig? ( ftp://ftp.astron.com/pub/file/${P}.tar.gz.asc )"
+
+	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+
+	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-file )"
+fi
+
+DESCRIPTION="Identify a file's format by scanning binary data for patterns"
+HOMEPAGE="https://www.darwinsys.com/file/"
+
+LICENSE="BSD-2"
+SLOT="0"
+IUSE="bzip2 lzip lzma python seccomp static-libs zlib zstd"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DEPEND="
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	lzip? ( app-arch/lzlib )
+	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
+	python? (
+		${PYTHON_DEPS}
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)
+	seccomp? ( >=sys-libs/libseccomp-2.5.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+RDEPEND="
+	${DEPEND}
+	python? ( !dev-python/python-magic )
+	seccomp? ( >=sys-libs/libseccomp-2.5.4[${MULTILIB_USEDEP}] )
+"
+BDEPEND+="
+	python? (
+		${PYTHON_DEPS}
+		${DISTUTILS_DEPS}
+	)
+"
+
+# https://bugs.gentoo.org/898676
+QA_CONFIG_IMPL_DECL_SKIP=( makedev )
+
+PATCHES=(
+	"${FILESDIR}/file-5.43-seccomp-fstatat64-musl.patch" #789336, not upstream yet
+	"${FILESDIR}/file-5.45-seccomp-sandbox.patch"
+	"${FILESDIR}/${P}-32-bit-time_t.patch"
+	"${FILESDIR}/${P}-32-bit-time_t-deux.patch"
+	"${FILESDIR}/${P}-weak-magic-shell.patch" #908401
+)
+
+src_prepare() {
+	default
+
+	#if [[ ${PV} == 9999 ]] ; then
+	#	eautoreconf
+	#else
+	#	elibtoolize
+	#fi
+	# Just for file-5.45-32-bit-time_t-deux.patch, drop in 5.46
+	eautoreconf
+
+	# Don't let python README kill main README, bug #60043
+	mv python/README.md python/README.python.md || die
+
+	# bug #662090
+	sed -i 's@README.md@README.python.md@' python/setup.py || die
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--enable-fsect-man5
+		$(use_enable bzip2 bzlib)
+		$(multilib_native_use_enable lzip lzlib)
+		$(use_enable lzma xzlib)
+		$(use_enable seccomp libseccomp)
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+		$(use_enable zstd zstdlib)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+build_src_configure() {
+	local myeconfargs=(
+		--disable-shared
+		--disable-libseccomp
+		--disable-bzlib
+		--disable-xzlib
+		--disable-zlib
+	)
+
+	econf_build "${myeconfargs[@]}"
+}
+
+need_build_file() {
+	# When cross-compiling, we need to build up our own file
+	# because people often don't keep matching host/target
+	# file versions, bug #362941
+	tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
+}
+
+src_configure() {
+	local ECONF_SOURCE="${S}"
+
+	if need_build_file ; then
+		mkdir -p "${WORKDIR}"/build || die
+		cd "${WORKDIR}"/build || die
+		build_src_configure
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		# bug #586444
+		emake -C src magic.h
+		emake -C src libmagic.la
+	fi
+}
+
+src_compile() {
+	if need_build_file ; then
+		# bug #586444
+		emake -C "${WORKDIR}"/build/src magic.h
+		emake -C "${WORKDIR}"/build/src file
+		local -x PATH="${WORKDIR}/build/src:${PATH}"
+	fi
+
+	multilib-minimal_src_compile
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_compile
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		default
+	else
+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc ChangeLog MAINT # README
+
+	# Required for `file -C`
+	insinto /usr/share/misc/magic
+	doins -r magic/Magdir/*
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_install
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
diff --git a/sys-apps/file/files/file-5.45-seccomp-sandbox.patch b/sys-apps/file/files/file-5.45-seccomp-sandbox.patch
new file mode 100644
index 000000000000..d5f499d395f5
--- /dev/null
+++ b/sys-apps/file/files/file-5.45-seccomp-sandbox.patch
@@ -0,0 +1,56 @@
+From b05f904dc5df267f90c6489817a379cb7f7f62ee Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Thu, 19 Oct 2023 13:58:20 -0400
+Subject: [PATCH] seccomp: allow syscalls used by Gentoo's LD_PRELOAD sandbox
+
+Bug: https://bugs.gentoo.org/728978
+Bug: https://bugs.gentoo.org/889046
+Bug: https://bugs.gentoo.org/915890
+---
+ src/seccomp.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index 87d4c49e..f1804660 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -174,6 +174,9 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(exit_group);
+ #ifdef __NR_faccessat
+ 	ALLOW_RULE(faccessat);
++#endif
++#ifdef __NR_faccessat2
++        ALLOW_RULE(faccessat2);
+ #endif
+ 	ALLOW_RULE(fcntl);
+  	ALLOW_RULE(fcntl64);
+@@ -185,9 +188,26 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(fstatat64);
+ #endif
+ 	ALLOW_RULE(futex);
++	ALLOW_RULE(getcwd);
+ 	ALLOW_RULE(getdents);
+ #ifdef __NR_getdents64
+ 	ALLOW_RULE(getdents64);
++#endif
++	ALLOW_RULE(getegid);
++#ifdef __NR_getegid32
++	ALLOW_RULE(getegid32);
++#endif
++	ALLOW_RULE(geteuid);
++#ifdef __NR_geteuid32
++	ALLOW_RULE(geteuid32);
++#endif
++	ALLOW_RULE(getgid);
++#ifdef __NR_getgid32
++	ALLOW_RULE(getgid32);
++#endif
++	ALLOW_RULE(getuid);
++#ifdef __NR_getuid32
++	ALLOW_RULE(getuid32);
+ #endif
+ #ifdef FIONREAD
+ 	// called in src/compress.c under sread
+-- 
+2.42.0
+
-- 
cgit v1.2.3