import libffi-3.1-22.el8

SOURCES/libffi-3.1-libffi_tmpdir.patch

@@ -0,0 +1,17 @@
+Most temp file directories need to be hardened against execution, but
+libffi needs execute privileges.  Add a libffi-specific temp directory
+that can be set up by sysadmins as needed with suitable permissions.
+This both ensures that libffi will have a valid temp directory to use
+as well as preventing attempts to access other directories.
+
+diff -rup a/src/closures.c b/src/closures.c
+--- a/src/closures.c	2014-05-11 09:54:19.000000000 -0400
++++ b/src/closures.c	2020-04-29 20:50:00.454853909 -0400
+@@ -362,6 +362,7 @@ static struct
+   const char *arg;
+   int repeat;
+ } open_temp_exec_file_opts[] = {
++  { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
+   { open_temp_exec_file_env, "TMPDIR", 0 },
+   { open_temp_exec_file_dir, "/tmp", 0 },
+   { open_temp_exec_file_dir, "/var/tmp", 0 },

SPECS/libffi.spec

@@ -2,7 +2,7 @@
 
 Name:		libffi
 Version:	3.1
-Release:	21%{?dist}
+Release:	22%{?dist}
 Summary:	A portable foreign function interface library
 
 Group:		System Environment/Libraries
@@ -16,6 +16,7 @@ Patch1:		libffi-3.1-fix-exec-stack.patch
 Patch2:		libffi-aarch64-rhbz1174037.patch
 Patch3:		libffi-3.1-aarch64-fix-exec-stack.patch
 Patch5:		libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch
+Patch6:		libffi-3.1-libffi_tmpdir.patch
 
 %description
 Compilers for high level languages generate code that follow certain
@@ -65,6 +66,7 @@ developing applications that use %{name}.
 %patch2 -p1 -b .aarch64
 %patch3 -p1 -b .aarch64execstack
 %patch5 -p1
+%patch6 -p1
 
 
 %build
@@ -125,6 +127,9 @@ fi
 %{_infodir}/libffi.info.gz
 
 %changelog
+* Wed May 6 2020 DJ Delorie <dj@redhat.com> - 3.1-22
+- Add $LIBFFI_TMPDIR environment variable support (#1723951)
+
 * Thu Aug 1 2019 DJ Delorie <dj@redhat.com> - 3.1-21
 - Revert 1652930 until 1721569 can be fixed (#1652930)