libffi: backport incorrect detection of selinux

This patch unbreaks ghci on GRSEC kernels hardened with
TPE (Trusted Path Execution) protection.

TPE forbids mmap('rwx') files opened for writes:
    fd = open (a_file_in_tmp, O_RDWR);
    mmap (...,               PROT_READ | PROT_WRITE | PROT_EXEC, fd);

while allows anonymous RWX mappings:
    mmap (...MAP_ANONYMOUS , PROT_READ | PROT_WRITE | PROT_EXEC, -1);

Thanks to klondike for finding it out.

The result of a horrible typo.

(unreleased yet) upstream also has the patch:

http://github.com/atgreen/libffi/commit/eaf444eabc4c78703c0f98ac0197b1619c1b1bef

diff --git a/libffi/ghc.mk b/libffi/ghc.mk
index 6dfef8f..080c43f 100644 (file)
--- a/libffi/ghc.mk
+++ b/libffi/ghc.mk
@@ -107,6 +107,8 @@ $(libffi_STAMP_CONFIGURE):
        cat ghc-tarballs/libffi/libffi*.tar.gz | $(GZIP_CMD) -d | { cd libffi && $(TAR_CMD) -xf - ; }
        mv libffi/libffi-* libffi/build
        chmod +x libffi/ln
+       # don't report nonselinux systems as selinux
+       cd libffi/build && "$(PATCH_CMD)" -p0 < ../libffi.selinux-detection-3.0.8.patch
 
 # Because -Werror may be in SRC_CC_OPTS/SRC_LD_OPTS, we need to turn
 # warnings off or the compilation of libffi might fail due to warnings

diff --git a/libffi/libffi.selinux-detection-3.0.8.patch b/libffi/libffi.selinux-detection-3.0.8.patch
new file mode 100644 (file)
index 0000000..a919f28
--- /dev/null
+++ b/libffi/libffi.selinux-detection-3.0.8.patch
@@ -0,0 +1,15 @@
+src/closures.c (selinux_enabled_check): Fix strncmp usage bug.
+
+http://github.com/atgreen/libffi/commit/eaf444eabc4c78703c0f98ac0197b1619c1b1bef
+
+--- src/closures.c
++++ src/closures.c
+@@ -146,7 +146,7 @@
+       p = strchr (p + 1, ' ');
+       if (p == NULL)
+         break;
+-      if (strncmp (p + 1, "selinuxfs ", 10) != 0)
++      if (strncmp (p + 1, "selinuxfs ", 10) == 0)
+         {
+           free (buf);
+           fclose (f);