summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch34
-rw-r--r--PKGBUILD11
3 files changed, 43 insertions, 6 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 8220f7521b67..483a115c2739 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = snapd
pkgdesc = Service and tools for management of snap packages.
pkgver = 2.31
- pkgrel = 2
+ pkgrel = 3
url = https://github.com/snapcore/snapd
install = snapd.install
arch = x86_64
@@ -21,7 +21,9 @@ pkgbase = snapd
options = !strip
options = emptydirs
source = snapd-2.31::https://github.com/snapcore/snapd/archive/2.31.tar.gz
+ source = 0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch
sha256sums = 973e7e8098f5780d71a0633a0fa7c3371ef7fb7ae120d464b2e25af9588c1f89
+ sha256sums = ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d
pkgname = snapd
diff --git a/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch
new file mode 100644
index 000000000000..4a58cd226bee
--- /dev/null
+++ b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch
@@ -0,0 +1,34 @@
+From 3286baf646fa7974c165efd9b63c690d08dff6b7 Mon Sep 17 00:00:00 2001
+Message-Id: <3286baf646fa7974c165efd9b63c690d08dff6b7.1518102033.git.maciej.zenon.borzecki@canonical.com>
+From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
+Date: Thu, 8 Feb 2018 15:57:13 +0100
+Subject: [PATCH] cmd/snap-seccomp: drop link flags that will be rejected by
+ go1.9.4
+
+Due to CVE-2018-6574 Go rejects a number of previously allowed flags cgo flags.
+Drop any flags passed to pkg-config. Drop static link flags for libseccomp as
+those are not supported on Arch anyway.
+
+Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
+---
+ cmd/snap-seccomp/main.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cmd/snap-seccomp/main.go b/cmd/snap-seccomp/main.go
+index 935b3098b434053808c87efe9cefe682124a09a4..ffb9bb3bcc55c9c327b4f1937bd8a86b498e74ec 100644
+--- a/cmd/snap-seccomp/main.go
++++ b/cmd/snap-seccomp/main.go
+@@ -20,8 +20,8 @@
+ package main
+
+ //#cgo CFLAGS: -D_FILE_OFFSET_BITS=64
+-//#cgo pkg-config: --static --cflags libseccomp
+-//#cgo LDFLAGS: -Wl,-Bstatic -lseccomp -Wl,-Bdynamic
++//#cgo pkg-config: libseccomp
++//#cgo LDFLAGS: -lseccomp
+ //
+ //#include <asm/ioctls.h>
+ //#include <ctype.h>
+--
+2.16.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 06c8ee28d37a..ea463e52a7cd 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,7 +8,7 @@ pkgdesc="Service and tools for management of snap packages."
depends=('squashfs-tools' 'libseccomp' 'libsystemd')
optdepends=('bash-completion: bash completion support')
pkgver=2.31
-pkgrel=2
+pkgrel=3
arch=('x86_64')
url="https://github.com/snapcore/snapd"
license=('GPL3')
@@ -16,8 +16,10 @@ makedepends=('git' 'go-pie' 'go-tools' 'libseccomp' 'libcap' 'systemd' 'xfsprogs
conflicts=('snap-confine')
options=('!strip' 'emptydirs')
install=snapd.install
-source=("$pkgname-$pkgver::https://github.com/snapcore/${pkgname}/archive/$pkgver.tar.gz")
-sha256sums=('973e7e8098f5780d71a0633a0fa7c3371ef7fb7ae120d464b2e25af9588c1f89')
+source=("$pkgname-$pkgver::https://github.com/snapcore/${pkgname}/archive/$pkgver.tar.gz"
+ "0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch")
+sha256sums=('973e7e8098f5780d71a0633a0fa7c3371ef7fb7ae120d464b2e25af9588c1f89'
+ 'ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d')
_gourl=github.com/snapcore/snapd
@@ -33,8 +35,7 @@ prepare() {
mkdir -p "$(dirname "$GOPATH/src/${_gourl}")"
ln --no-target-directory -fs "$srcdir/$pkgname-$pkgver" "$GOPATH/src/${_gourl}"
- # Patch snap-seccomp build flags not to link libseccomp statically.
- sed -i -e 's/-Wl,-Bstatic -lseccomp -Wl,-Bdynamic/-lseccomp/' "cmd/snap-seccomp/main.go"
+ patch -Np1 -i "${srcdir}/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch"
}
build() {