diff options
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | 0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch | 34 | ||||
-rw-r--r-- | PKGBUILD | 11 |
3 files changed, 43 insertions, 6 deletions
@@ -1,7 +1,7 @@ pkgbase = snapd pkgdesc = Service and tools for management of snap packages. pkgver = 2.31 - pkgrel = 2 + pkgrel = 3 url = https://github.com/snapcore/snapd install = snapd.install arch = x86_64 @@ -21,7 +21,9 @@ pkgbase = snapd options = !strip options = emptydirs source = snapd-2.31::https://github.com/snapcore/snapd/archive/2.31.tar.gz + source = 0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch sha256sums = 973e7e8098f5780d71a0633a0fa7c3371ef7fb7ae120d464b2e25af9588c1f89 + sha256sums = ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d pkgname = snapd diff --git a/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch new file mode 100644 index 000000000000..4a58cd226bee --- /dev/null +++ b/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch @@ -0,0 +1,34 @@ +From 3286baf646fa7974c165efd9b63c690d08dff6b7 Mon Sep 17 00:00:00 2001 +Message-Id: <3286baf646fa7974c165efd9b63c690d08dff6b7.1518102033.git.maciej.zenon.borzecki@canonical.com> +From: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> +Date: Thu, 8 Feb 2018 15:57:13 +0100 +Subject: [PATCH] cmd/snap-seccomp: drop link flags that will be rejected by + go1.9.4 + +Due to CVE-2018-6574 Go rejects a number of previously allowed flags cgo flags. +Drop any flags passed to pkg-config. Drop static link flags for libseccomp as +those are not supported on Arch anyway. + +Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com> +--- + cmd/snap-seccomp/main.go | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cmd/snap-seccomp/main.go b/cmd/snap-seccomp/main.go +index 935b3098b434053808c87efe9cefe682124a09a4..ffb9bb3bcc55c9c327b4f1937bd8a86b498e74ec 100644 +--- a/cmd/snap-seccomp/main.go ++++ b/cmd/snap-seccomp/main.go +@@ -20,8 +20,8 @@ + package main + + //#cgo CFLAGS: -D_FILE_OFFSET_BITS=64 +-//#cgo pkg-config: --static --cflags libseccomp +-//#cgo LDFLAGS: -Wl,-Bstatic -lseccomp -Wl,-Bdynamic ++//#cgo pkg-config: libseccomp ++//#cgo LDFLAGS: -lseccomp + // + //#include <asm/ioctls.h> + //#include <ctype.h> +-- +2.16.1 + @@ -8,7 +8,7 @@ pkgdesc="Service and tools for management of snap packages." depends=('squashfs-tools' 'libseccomp' 'libsystemd') optdepends=('bash-completion: bash completion support') pkgver=2.31 -pkgrel=2 +pkgrel=3 arch=('x86_64') url="https://github.com/snapcore/snapd" license=('GPL3') @@ -16,8 +16,10 @@ makedepends=('git' 'go-pie' 'go-tools' 'libseccomp' 'libcap' 'systemd' 'xfsprogs conflicts=('snap-confine') options=('!strip' 'emptydirs') install=snapd.install -source=("$pkgname-$pkgver::https://github.com/snapcore/${pkgname}/archive/$pkgver.tar.gz") -sha256sums=('973e7e8098f5780d71a0633a0fa7c3371ef7fb7ae120d464b2e25af9588c1f89') +source=("$pkgname-$pkgver::https://github.com/snapcore/${pkgname}/archive/$pkgver.tar.gz" + "0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch") +sha256sums=('973e7e8098f5780d71a0633a0fa7c3371ef7fb7ae120d464b2e25af9588c1f89' + 'ba4591f70b032b5e6f63d251cf6463ef93f3b963b8f19aac098b4c7dbed0309d') _gourl=github.com/snapcore/snapd @@ -33,8 +35,7 @@ prepare() { mkdir -p "$(dirname "$GOPATH/src/${_gourl}")" ln --no-target-directory -fs "$srcdir/$pkgname-$pkgver" "$GOPATH/src/${_gourl}" - # Patch snap-seccomp build flags not to link libseccomp statically. - sed -i -e 's/-Wl,-Bstatic -lseccomp -Wl,-Bdynamic/-lseccomp/' "cmd/snap-seccomp/main.go" + patch -Np1 -i "${srcdir}/0001-cmd-snap-seccomp-drop-link-flags-that-will-be-reject.patch" } build() { |