From 7cd573d8dbffae8d2ffbadb277c2cd129fa1c746 Mon Sep 17 00:00:00 2001
From: Piraty <piraty1@inbox.ru>
Date: Thu, 9 Jan 2020 14:38:31 +0100
Subject: [PATCH] proot: fix undumpable tracees

* backport the patch from upstream.
* fix crosscompilation (how did it ever work?)

Closes #17764
---
 ...ent-tracees-from-becoming-undumpable.patch | 48 +++++++++++++++++++
 srcpkgs/proot/patches/makefile-fix-vars.patch |  7 ++-
 srcpkgs/proot/template                        |  2 +-
 3 files changed, 54 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch

diff --git a/srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch b/srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch
new file mode 100644
index 00000000000..e7053abd3b6
--- /dev/null
+++ b/srcpkgs/proot/patches/1001-prevent-tracees-from-becoming-undumpable.patch
@@ -0,0 +1,48 @@
+# upstream: yes
+# https://github.com/proot-me/proot/pull/203
+
+# adapted to fit proot's old release
+
+From 2e796c5a0ed3c04d0816405422c8d6a25eccf5c2 Mon Sep 17 00:00:00 2001
+From: Michal Bednarski <bednarski.michal2@gmail.com>
+Date: Thu, 5 Sep 2019 15:19:08 +0200
+Subject: [PATCH] Prevent tracees from becoming undumpable
+
+--- src/syscall/enter.c
++++ src/syscall/enter.c
+@@ -26,7 +26,8 @@
+ #include <linux/net.h>   /* SYS_*, */
+ #include <fcntl.h>       /* AT_FDCWD, */
+ #include <limits.h>      /* PATH_MAX, */
+-
++#include <string.h>      /* strcpy */
++#include <sys/prctl.h>   /* PR_SET_DUMPABLE */
+ #include "syscall/syscall.h"
+ #include "syscall/sysnum.h"
+ #include "syscall/socket.h"
+@@ -563,6 +564,15 @@
+ 
+ 		status = translate_path2(tracee, newdirfd, newpath, SYSARG_3, SYMLINK);
+ 		break;
++
++	case PR_prctl:
++		/* Prevent tracees from setting dumpable flag.
++		* (Otherwise it could break tracee memory access)  */
++		if (peek_reg(tracee, CURRENT, SYSARG_1) == PR_SET_DUMPABLE) {
++			set_sysnum(tracee, PR_void);
++			status = 0;
++		}
++		break;
+ 	}
+ 
+ end:
+--- src/syscall/seccomp.c
++++ src/syscall/seccomp.c
+@@ -377,6 +377,7 @@
+ 	{ PR_open,		0 },
+ 	{ PR_openat,		0 },
+ 	{ PR_pivot_root,	0 },
++	{ PR_prctl,         0 },
+ 	{ PR_ptrace,		FILTER_SYSEXIT },
+ 	{ PR_readlink,		FILTER_SYSEXIT },
+ 	{ PR_readlinkat,	FILTER_SYSEXIT },
diff --git a/srcpkgs/proot/patches/makefile-fix-vars.patch b/srcpkgs/proot/patches/makefile-fix-vars.patch
index d866121719d..5620507cb3c 100644
--- a/srcpkgs/proot/patches/makefile-fix-vars.patch
+++ b/srcpkgs/proot/patches/makefile-fix-vars.patch
@@ -1,8 +1,11 @@
 --- src/GNUmakefile
 +++ src/GNUmakefile
-@@ -10,9 +10,9 @@
+@@ -8,11 +8,11 @@
+ GIT      = git
+ RM       = rm
  INSTALL  = install
- CC       = $(CROSS_COMPILE)gcc
+-CC       = $(CROSS_COMPILE)gcc
++CC       ?= $(CROSS_COMPILE)gcc
  LD       = $(CC)
 -STRIP    = $(CROSS_COMPILE)strip
 -OBJCOPY  = $(CROSS_COMPILE)objcopy
diff --git a/srcpkgs/proot/template b/srcpkgs/proot/template
index c7243d12edc..c3812ca5e77 100644
--- a/srcpkgs/proot/template
+++ b/srcpkgs/proot/template
@@ -1,7 +1,7 @@
 # Template file for 'proot'
 pkgname=proot
 version=5.1.0
-revision=6
+revision=7
 archs="x86_64* i686* aarch64* arm*"
 build_wrksrc=src
 build_style=gnu-makefile