summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2018-11-22 16:41:51 +0100
committerAndreas Baumann <mail@andreasbaumann.cc>2018-11-22 16:41:51 +0100
commit7f2280ce8ee4e6bc9bebb57258a0ff9dab7001fd (patch)
tree42d9ebbec05b6f0e904b324468bb98819380f256
parent7acbb1633b7f621728a26e8c5f8871986f0143f7 (diff)
downloadpackages-7f2280ce8ee4e6bc9bebb57258a0ff9dab7001fd.tar.xz
extra/ctags: hotfix for seccomp sandbox
-rw-r--r--extra/ctags/PKGBUILD13
-rw-r--r--extra/ctags/ctags-seccomp32.patch16
2 files changed, 29 insertions, 0 deletions
diff --git a/extra/ctags/PKGBUILD b/extra/ctags/PKGBUILD
new file mode 100644
index 00000000..e6235180
--- /dev/null
+++ b/extra/ctags/PKGBUILD
@@ -0,0 +1,13 @@
+# See https://github.com/universal-ctags/ctags/issues/1937 and
+# https://github.com/universal-ctags/ctags/pull/1938
+
+source+=('ctags-seccomp32.patch')
+sha512sums+=('749f3db52c17a6af85a725a76e625c06ecf9bd1fd785e1c268800fb882a88f6229cbbab3c9af01a1e4a01ed00de5d887f8616942f77322c1bdc3b626b9165ba0')
+
+eval "$(
+ declare -f prepare | \
+ sed '
+ /}/ i \
+ patch -Np1 < ${srcdir}/ctags-seccomp32.patch
+ '
+)"
diff --git a/extra/ctags/ctags-seccomp32.patch b/extra/ctags/ctags-seccomp32.patch
new file mode 100644
index 00000000..f371b969
--- /dev/null
+++ b/extra/ctags/ctags-seccomp32.patch
@@ -0,0 +1,16 @@
+diff -rauN ctags/main/seccomp.c ctags-seccomp32-patch/main/seccomp.c
+--- ctags/main/seccomp.c 2018-11-22 16:36:35.366666457 +0100
++++ ctags-seccomp32-patch/main/seccomp.c 2018-11-22 16:37:05.683333126 +0100
+@@ -41,10 +41,12 @@
+
+ // The bowels of stdio want to know the size of a file, even for stdout.
+ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat), 0);
++ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (fstat64), 0);
+
+ // seems unnecessary, but this comes from
+ // main/parse.c:2764 : tagFilePosition (&tagfpos);
+ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (lseek), 0);
++ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (_llseek), 0);
+
+ // libxml2 uses pthread_once, which in turn uses a futex
+ seccomp_rule_add (ctx, SCMP_ACT_ALLOW, SCMP_SYS (futex), 0);