diff options
author | Maciek Borzecki | 2018-02-12 11:53:24 +0100 |
---|---|---|
committer | Maciek Borzecki | 2018-02-12 11:54:24 +0100 |
commit | 50599aa5706b4309fc1e3502c63b3b4f9a544c7f (patch) | |
tree | e6eed22927eb68d32c2bc5170bd8f229bd33fd02 | |
parent | d18c161aa9f342e902f27e5a778f84294d988c69 (diff) | |
download | aur-50599aa5706b4309fc1e3502c63b3b4f9a544c7f.tar.gz |
snapd: bump base version, patch snap-seccomp to remove libseccomp/pkg-config
Signed-off-by: Maciek Borzecki <maciek.borzecki@gmail.com>
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | 0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch | 34 | ||||
-rw-r--r-- | PKGBUILD | 12 |
3 files changed, 45 insertions, 7 deletions
@@ -1,6 +1,6 @@ pkgbase = snapd-git pkgdesc = Service and tools for management of snap packages. - pkgver = 2.31.r152.gf586f737d + pkgver = 2.31.r188.g74843c18e pkgrel = 1 url = https://github.com/snapcore/snapd install = snapd.install @@ -23,7 +23,9 @@ pkgbase = snapd-git options = !strip options = emptydirs source = git+https://github.com/snapcore/snapd.git - md5sums = SKIP + source = 0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch + sha256sums = SKIP + sha256sums = ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d pkgname = snapd-git diff --git a/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch new file mode 100644 index 000000000000..4a58cd226bee --- /dev/null +++ b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch @@ -0,0 +1,34 @@ +From 3286baf646fa7974c165efd9b63c690d08dff6b7 Mon Sep 17 00:00:00 2001 +Message-Id: <3286baf646fa7974c165efd9b63c690d08dff6b7.1518102033.git.maciej.zenon.borzecki@canonical.com> +From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> +Date: Thu, 8 Feb 2018 15:57:13 +0100 +Subject: [PATCH] cmd/snap-seccomp: drop link flags that will be rejected by + go1.9.4 + +Due to CVE-2018-6574 Go rejects a number of previously allowed flags cgo flags. +Drop any flags passed to pkg-config. Drop static link flags for libseccomp as +those are not supported on Arch anyway. + +Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> +--- + cmd/snap-seccomp/main.go | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cmd/snap-seccomp/main.go b/cmd/snap-seccomp/main.go +index 935b3098b434053808c87efe9cefe682124a09a4..ffb9bb3bcc55c9c327b4f1937bd8a86b498e74ec 100644 +--- a/cmd/snap-seccomp/main.go ++++ b/cmd/snap-seccomp/main.go +@@ -20,8 +20,8 @@ + package main + + //#cgo CFLAGS: -D_FILE_OFFSET_BITS=64 +-//#cgo pkg-config: --static --cflags libseccomp +-//#cgo LDFLAGS: -Wl,-Bstatic -lseccomp -Wl,-Bdynamic ++//#cgo pkg-config: libseccomp ++//#cgo LDFLAGS: -lseccomp + // + //#include <asm/ioctls.h> + //#include <ctype.h> +-- +2.16.1 + @@ -7,7 +7,7 @@ pkgname=snapd-git pkgdesc="Service and tools for management of snap packages." depends=('squashfs-tools' 'libseccomp' 'libsystemd') optdepends=('bash-completion: bash completion support') -pkgver=2.31.r152.gf586f737d +pkgver=2.31.r188.g74843c18e pkgrel=1 arch=('x86_64') url="https://github.com/snapcore/snapd" @@ -21,8 +21,10 @@ makedepends=('git' 'go-pie' 'go-tools' 'libseccomp' 'libcap' 'systemd' 'xfsprogs conflicts=($_pkgbase 'snap-confine') options=('!strip' 'emptydirs') install=snapd.install -source=("git+https://github.com/snapcore/$_pkgbase.git") -md5sums=('SKIP') +source=("git+https://github.com/snapcore/$_pkgbase.git" + "0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch") +sha256sums=('SKIP' + 'ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d') provides=($_pkgbase) @@ -44,8 +46,8 @@ prepare() { # above describes. mkdir -p "$(dirname "$GOPATH/src/${_gourl}")" ln --no-target-directory -fs "$srcdir/$_pkgbase" "$GOPATH/src/${_gourl}" - # Patch snap-seccomp build flags not to link libseccomp statically. - sed -i -e 's/-Wl,-Bstatic -lseccomp -Wl,-Bdynamic/-lseccomp/' "cmd/snap-seccomp/main.go" + + patch -Np1 -i "${srcdir}/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch" } build() { |