From: "Aric Belsito" <lluixhi@gmail.com>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/musl:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
Date: Wed, 4 Oct 2017 18:38:54 +0000 (UTC) [thread overview]
Message-ID: <1507142250.02b9f500afde29dc90f995006eb6d3e0ffc94283.lluixhi@gentoo> (raw)
commit: 02b9f500afde29dc90f995006eb6d3e0ffc94283
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Wed Oct 4 18:37:30 2017 +0000
Commit: Aric Belsito <lluixhi <AT> gmail <DOT> com>
CommitDate: Wed Oct 4 18:37:30 2017 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=02b9f500
sys-apps/sandbox: version bump to 2.12
sys-apps/sandbox/Manifest | 10 +-
.../sandbox/files/sandbox-2.11-exec-hash.patch | 96 ----------------
.../sandbox/files/sandbox-2.11-exec-prelink.patch | 107 ------------------
sys-apps/sandbox/files/sandbox-2.11-execvpe.patch | 30 -----
.../files/sandbox-2.11-symlinkat-renameat.patch | 124 ---------------------
sys-apps/sandbox/metadata.xml | 3 -
...{sandbox-2.11-r5.ebuild => sandbox-2.12.ebuild} | 48 ++++----
7 files changed, 24 insertions(+), 394 deletions(-)
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 12f24b3..3ee3198 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -3,15 +3,11 @@ AUX sandbox-2.10-disable-same.patch 2547 SHA256 09a11cf077ae69684080d1f0fd8fe836
AUX sandbox-2.10-fix-opendir.patch 3311 SHA256 33e31a0331d75985e6fb254001d657988fbe7d0ff2f79128316530636391c76d SHA512 5c0650d6838b8171a87409ebd8565a90a42603874893708c2cdee5b50535e637f145fa2e51142db857c35a9bc11713b45b7e50c31f96f9ecd6ba342ce8d87928 WHIRLPOOL fbac85063c77b26af76761f0d377fac7c7a54e1f465fe0247b7ed90b98e077b75697ce127fa6c509fd28ff6af8313d7d65a0f34ecd969a6143af8b7246687602
AUX sandbox-2.10-fix-visibility-musl.patch 573 SHA256 67f70fa39867eeeee45b343db78c73fdb6e63b8a1b52d3dc288894402239dd12 SHA512 a740e0b1a68c0609dc3080e88ab8ab87885fe05f5e0864d10ed76e8e7000f7879cb206342c38d4097c691a7c85d1936e98802b206084eb2af9f78bd43158d759 WHIRLPOOL 0c226daa4b6d36c2df001d3d67b9e4023944c5b010d1bc311d731c121dd94b533546479a7b1b77bcb8be608ecf70508fb7dd65b22bafdb2d13a2860c9c0659da
AUX sandbox-2.10-memory-corruption.patch 1515 SHA256 4876cc9962d56d3c5fc5418fe12ef1a399e34ff0272f12640c4a5c5b775e8888 SHA512 1eb650824cc7a876fabef382cafb451a507326a8422fb7bb5014699046b64ea8f4cf2bba9efcb75d7a2eac4eff493d06153422f85c119f49635ac0840071660c WHIRLPOOL db2c834119c7887ed746154e73e88cc09bf2a31184b3cda2732b70cb43dd8bc7f59f1072a4cc56ebcf593ba67330b9888832dc186ee55e009428d607f62293ab
-AUX sandbox-2.11-exec-hash.patch 4310 SHA256 e9dbdab6b1db8cbe547aa94057fce55bc6a5e59cf4bfc0b607cf35123a20b981 SHA512 8830c0a4a9c81a61ae7f749d690791a0d9f467d28872976681a1a7995e7f703d06928bd7e392d2042da5452979c39e28783f73803419d782c3ace4e949adbd70 WHIRLPOOL 053e584c1675d43ffc98d25aa5d6f897b635fb3fdb3c036287d6a4a9f9ac36ad871890390003efe87c2177e2d077f428461eb59eb880c6df7f302f1c12218a75
-AUX sandbox-2.11-exec-prelink.patch 4960 SHA256 a8dda45a024a42b7b6fbc2ee49a461879eb866ab915c268079704e1698dd0cef SHA512 9bccda3a940aa95d7542c23e3eeb3b58326bc81920fdcfa6dd3e3c40de5ca9c47948f93afe9e58753b6cf3af10342bf581116f038b29c9fa5c25fd0027c5551c WHIRLPOOL 0e99a04fe636287570ad31998c93b9be8eceeb7a6619f18089d7f4a2df4b9c400874ea132a6e8a3855fbee439607d7e7e583fcad3ef4a0fee0cc46b0b5943bf5
-AUX sandbox-2.11-execvpe.patch 986 SHA256 28574866614505b0f65dae5af4a90128997a40c402c6fbe80e809fedad93c113 SHA512 594b8e008178c1d8fa174733e95a02ad6bab1f025225b57e5c224a0b86021a0213cc30a83f607a47aff8756fa561e093b112384a89cc6c842cf2eb7f474e1213 WHIRLPOOL 7309559f0788fafefe17532b88265ed695bdba0836329aad3a4720b0e5d944ea5808dc7f08e0837edb2595da741c033a80cb67e74246a4ba63782497ffd95d7f
AUX sandbox-2.11-musl.patch 1851 SHA256 1f2586e81a06daf7b69642d9c5fbf53563832a4ccd769ec696d9c2baabd2874c SHA512 2800191fbf312d9b8858ef29975355ae51a4aff05ccc7c425f5168fe2db24562e4cf164e8ee35ecc77e0777be9d37cc52d66fdd4bf3eaeb0fc4c68c240a0cb61 WHIRLPOOL 9c2abfcd5f68391c4890beeaf99020a9160635c888de7b45238174e7ac51ffac393150698feb0061fd3104e71a6825f9be98e5495a415ede8d2493a77f3e35e8
-AUX sandbox-2.11-symlinkat-renameat.patch 3418 SHA256 74036803fd8cc07e903abdc2202167cff5e03a82d0db64ad8969b642201a993e SHA512 cbefae8aa9c289db0bfe7b2429f64aa4c437be0e269eaa657eb3b22a3086db1fca45a624cb181978b4157f0cb9b475b4ece2eb9337285bf8bede709ad4431c52 WHIRLPOOL d8943c3f4cda8428c7ab1a75decd67c5e743e5ca998d7e0ae8ba8828923b1c9dc4429c293af4dc9655d3a45e189020fd754f8152471f1626b113a50f69886c9b
AUX sandbox-2.6-musl.patch 1821 SHA256 df08faebffbfade91a2620ff8b56c2087e4a34506fbff3dcf9bc35c2d5bd467c SHA512 69d11e80c97a844c0d84404e802950c876edda8eb7909c90f6f5d4b3fe8a33b5bc884ecc3741c10c8bd7e0871db2db1853cfac969a153d162423b3f3c94039c9 WHIRLPOOL 7120eaf3062cb18c3b13a61fe2b6f839a5f267650d9aa809fafc6d25e8faaadd7af3d5fb41cce66ecf71668555847d264ea977442f03f4dfe7b88b98cf86f78e
DIST sandbox-2.10.tar.xz 417068 SHA256 019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 WHIRLPOOL 5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192
-DIST sandbox-2.11.tar.xz 423492 SHA256 a1cb203f95057176ca0c5b53b8b9dafd41d1b64a6cf5039a9e1fb4a51b17f237 SHA512 0aa6c773c109749180442d1a46d1b957dea0c30f893e4be1ac0b410e1aad48fdd2972ec591aa2da3a0c74b32d2b7bd51b7c2263bd7b26f8a34bb762d8a48ea0b WHIRLPOOL a2222cc778f2181473cf23b46a62257e5f3857edebb457dcf230f02da0d153e38a28f78a20dee67c9e564c10239d8bd6982a6e894de666f6eff4550f7ad8cdee
+DIST sandbox-2.12.tar.xz 424252 SHA256 265a490a8c528237c55ad26dfd7f62336fa5727c82358fc9cfbaa2e52c47fc50 SHA512 98bd2ee8807d81e65ee0c9f11cfaf2b37da2ee4d8763c68d18c0ff6b14f3cc847ae2d3a0aa30cbe86063a2108ed4d4dcf7cc3fc4f37cb7549d266d4c1989c2a9 WHIRLPOOL 4f3089746a11616c60057165f387122b74e8d2f30a2d77db296405a2b6f401fc625645bca73092436162f5d98a88bfb2a3b42909b0eceb9a59ab810d803441b0
EBUILD sandbox-2.10-r3.ebuild 2264 SHA256 a168ce865021a1dfe502a46d5bbe9a41bcabc3b3f30c5cee72d72ec1ed936544 SHA512 8957ae632332a6ad74fbc5c781cadfd27e3b2d26b13a5b2e94e5c4e09e7ed7714645eb655535fe42657f3ca633871e6849b9046bb5b76a99a0089ae9db4ebfcf WHIRLPOOL 0a5499e44698a4c47dd7858521ea7674885eb4a287db2a96fe9219ee521ecf8cc1125f04806d058382fb8340967484f67631a8b152ef1dda58c391e67fb9eb7e
EBUILD sandbox-2.10-r4.ebuild 2343 SHA256 f2db8de7d79e75d6a5d0bf8f803e6eea6d3c6e63758632db1c6422a288b230ba SHA512 e734b76a865c7d2c73621a3300dd7dee0eeebe54b85922b166e7960edde26c9bb0cffff88ccb30e4bc638554135967272fb8d39ca46eaa2fd7739a3d25d4a07a WHIRLPOOL e895fb01eadbacc6c96b550a5a8974e211e1a39149c280a119f65e8e0b259501caaeb368872a875266a073e97eaab71b837c4c7a59b652fb66010934f760dc5d
-EBUILD sandbox-2.11-r5.ebuild 2393 SHA256 7e1b2f4941d10ba468ecab75fbcc1fd9c4aabfc8a33f05b3788739546ba84e84 SHA512 43c6825205c07ea230135ce0fa124eb002bc89e5212ecfb1c5966dceac0460e15a6ea210e02c27f29040575a0a888a2de0c9cbbbdc980740d71df55971be0d50 WHIRLPOOL 722eea8e3b2c3d9323146617a0798ef5697a8b7bc6e0afba338d51b8cd34e0f95def6dac1cf2f042bea30a93f487e7f203a3fe4bbe113f0561968f3c678c632e
-MISC metadata.xml 331 SHA256 593acb3cb5d82507c93a39cc745aebf1aa453683a039ff7d7f9d12ad9ed042a4 SHA512 f112b562f8b2a1022c0f4eac7a0e55369046d1d7d6052ab1514d841c968fc8cb33e9c337326db23a5944f3f43a676d4743dec4413ddd6e7f5c6cf63c82969675 WHIRLPOOL 0e306bda54e820ed6883b47ea0e305c5a361a88047b8f6ccd1ba621e1ef7bec08809019e638949e05e892e3d3eeffe48568b6e31e1db8071ca9932b0ea2d9f2e
+EBUILD sandbox-2.12.ebuild 2085 SHA256 b96d877b96b467cce3647369f99eb90b07283b1946acba45cc8f2c97ea37bfaf SHA512 a5447f90c89afb33ed9d9aa22868ad594ae135e8a9d2ecc25b5f0590ba518363f48ce09567ef5b701e23ee312fece6ce9d03b7f3b1ec12c644d381b077fc2b19 WHIRLPOOL 8a59e43c587dc3ff895733b14ba7cc54c4399bc4bd41a6d57656ad4fc9b7982a41de488f06a02dd09585a4753d357004ff0a63156ca3a01d38a5ea632e94005a
+MISC metadata.xml 266 SHA256 1681f248b3477c19f9d1228ea18ff9ebfba5415d691db4c90b9debbbec9b5a3d SHA512 8dcc34d3a08407d6807bc5e30b23c6696dbfc63c19106338780d4e2a61be360e17faeb54af993c962f347ada5d24cb314de866506484b04de4c619d6a88787e3 WHIRLPOOL 6c33192203bfded051b0003a2bd7cdb9b94d1167cd33bf2068222a1101c287c636e9e50a38a0af6b51fbd0ed0ec6452e006c4e25b47c6d8f8e160b4dd2755545
diff --git a/sys-apps/sandbox/files/sandbox-2.11-exec-hash.patch b/sys-apps/sandbox/files/sandbox-2.11-exec-hash.patch
deleted file mode 100644
index 8a4cd9b..0000000
--- a/sys-apps/sandbox/files/sandbox-2.11-exec-hash.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From e11815bb7f0656f39e122073e0e3284ec7f5d021 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Tue, 29 Mar 2016 23:35:44 -0400
-Subject: [PATCH] libsandbox: fix symtab walking with some ELFs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The strtab assumption works if there is no SysV hash table.
-Add logic to handle that scenario.
-
-URL: https://bugs.gentoo.org/578524
-Reported-by: Toralf Förster <toralf.foerster@gmx.de>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- libsandbox/wrapper-funcs/__wrapper_exec.c | 30 +++++++++++++++++-------------
- 1 file changed, 17 insertions(+), 13 deletions(-)
-
-diff --git a/libsandbox/wrapper-funcs/__wrapper_exec.c b/libsandbox/wrapper-funcs/__wrapper_exec.c
-index f7f51ab..d372366 100644
---- a/libsandbox/wrapper-funcs/__wrapper_exec.c
-+++ b/libsandbox/wrapper-funcs/__wrapper_exec.c
-@@ -83,10 +83,10 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- ({ \
- Elf##n##_Ehdr *ehdr = (void *)elf; \
- Elf##n##_Phdr *phdr = (void *)(elf + ehdr->e_phoff); \
-- Elf##n##_Addr vaddr, filesz, vsym = 0, vstr = 0; \
-- Elf##n##_Off offset, symoff = 0, stroff = 0; \
-+ Elf##n##_Addr vaddr, filesz, vsym = 0, vstr = 0, vhash = 0; \
-+ Elf##n##_Off offset, symoff = 0, stroff = 0, hashoff = 0; \
- Elf##n##_Dyn *dyn; \
-- Elf##n##_Sym *sym; \
-+ Elf##n##_Sym *sym, *symend; \
- uint##n##_t ent_size = 0, str_size = 0; \
- bool dynamic = false; \
- size_t i; \
-@@ -106,6 +106,7 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- case DT_SYMENT: ent_size = dyn->d_un.d_val; break; \
- case DT_STRTAB: vstr = dyn->d_un.d_val; break; \
- case DT_STRSZ: str_size = dyn->d_un.d_val; break; \
-+ case DT_HASH: vhash = dyn->d_un.d_val; break; \
- } \
- ++dyn; \
- } \
-@@ -123,6 +124,8 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- symoff = offset + (vsym - vaddr); \
- if (vstr >= vaddr && vstr < vaddr + filesz) \
- stroff = offset + (vstr - vaddr); \
-+ if (vhash >= vaddr && vhash < vaddr + filesz) \
-+ hashoff = offset + (vhash - vaddr); \
- } \
- \
- /* Finally walk the symbol table. This should generally be fast as \
-@@ -130,18 +133,20 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- * out there do not export any symbols at all. \
- */ \
- if (symoff && stroff) { \
-- sym = (void *)(elf + symoff); \
-+ /* Hash entries are always 32-bits. */ \
-+ uint32_t *hashes = (void *)(elf + hashoff); \
- /* Nowhere is the # of symbols recorded, or the size of the symbol \
-- * table. Instead, we do what glibc does: assume that the string \
-- * table always follows the symbol table. This seems like a poor \
-- * assumption to make, but glibc has gotten by this long. We could \
-- * rely on DT_HASH and walking all the buckets to find the largest \
-- * symbol index, but that's also a bit hacky. \
-+ * table. Instead, we do what glibc does: use the sysv hash table \
-+ * if it exists, else assume that the string table always directly \
-+ * follows the symbol table. This seems like a poor assumption to \
-+ * make, but glibc has gotten by this long. \
- * \
- * We don't sanity check the ranges here as you aren't executing \
- * corrupt programs in the sandbox. \
- */ \
-- for (i = 0; i < (vstr - vsym) / ent_size; ++i) { \
-+ sym = (void *)(elf + symoff); \
-+ symend = vhash ? (sym + hashes[1]) : (void *)(elf + stroff); \
-+ while (sym < symend) { \
- char *symname = (void *)(elf + stroff + sym->st_name); \
- if (ELF##n##_ST_VISIBILITY(sym->st_other) == STV_DEFAULT && \
- sym->st_shndx != SHN_UNDEF && sym->st_shndx < SHN_LORESERVE && \
-@@ -149,9 +154,8 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- /* Minor optimization to avoid strcmp. */ \
- symname[0] == '_' && symname[1] == '_') { \
- /* Blacklist internal C library symbols. */ \
-- size_t j; \
-- for (j = 0; j < ARRAY_SIZE(libc_alloc_syms); ++j) \
-- if (!strcmp(symname, libc_alloc_syms[j])) { \
-+ for (i = 0; i < ARRAY_SIZE(libc_alloc_syms); ++i) \
-+ if (!strcmp(symname, libc_alloc_syms[i])) { \
- run_in_process = false; \
- goto use_trace; \
- } \
---
-2.7.4
-
diff --git a/sys-apps/sandbox/files/sandbox-2.11-exec-prelink.patch b/sys-apps/sandbox/files/sandbox-2.11-exec-prelink.patch
deleted file mode 100644
index 067824f..0000000
--- a/sys-apps/sandbox/files/sandbox-2.11-exec-prelink.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 5628d830548e91819953d2d14397170e219df7c6 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Wed, 16 Nov 2016 15:59:28 -0500
-Subject: [PATCH] libsandbox: fix symtab walking with prelinked ELFs
-
-When prelink runs on an ELF, it moves the string table from right
-after the symbol table to the end, and then replaces the string
-table with its liblist table. This ends up breaking sandbox's
-assumption that the string table always follows the symbol table
-leading to prelinked ELFs crashing.
-
-Update the range check to use the liblist table when available.
-Since the prelink code has this logic hardcoded (swapping the
-string table for the liblist table), this should be OK for now.
-
-URL: https://bugs.gentoo.org/599894
-Reported-by: Anders Larsson <anders.gentoo@larsson.xyz>
-Reported-by: Kenton Groombridge <rustyvega@comcast.net>
-Reported-by: Marien Zwart <marien.zwart@gmail.com>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- libsandbox/wrapper-funcs/__wrapper_exec.c | 39 ++++++++++++++++++++++---------
- 1 file changed, 28 insertions(+), 11 deletions(-)
-
-diff --git a/libsandbox/wrapper-funcs/__wrapper_exec.c b/libsandbox/wrapper-funcs/__wrapper_exec.c
-index d372366c5478..226c0c0f4407 100644
---- a/libsandbox/wrapper-funcs/__wrapper_exec.c
-+++ b/libsandbox/wrapper-funcs/__wrapper_exec.c
-@@ -83,8 +83,8 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- ({ \
- Elf##n##_Ehdr *ehdr = (void *)elf; \
- Elf##n##_Phdr *phdr = (void *)(elf + ehdr->e_phoff); \
-- Elf##n##_Addr vaddr, filesz, vsym = 0, vstr = 0, vhash = 0; \
-- Elf##n##_Off offset, symoff = 0, stroff = 0, hashoff = 0; \
-+ Elf##n##_Addr vaddr, filesz, vsym = 0, vstr = 0, vhash = 0, vliblist = 0; \
-+ Elf##n##_Off offset, symoff = 0, stroff = 0, hashoff = 0, liblistoff = 0; \
- Elf##n##_Dyn *dyn; \
- Elf##n##_Sym *sym, *symend; \
- uint##n##_t ent_size = 0, str_size = 0; \
-@@ -102,11 +102,12 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- dyn = (void *)(elf + phdr[i].p_offset); \
- while (dyn->d_tag != DT_NULL) { \
- switch (dyn->d_tag) { \
-- case DT_SYMTAB: vsym = dyn->d_un.d_val; break; \
-- case DT_SYMENT: ent_size = dyn->d_un.d_val; break; \
-- case DT_STRTAB: vstr = dyn->d_un.d_val; break; \
-- case DT_STRSZ: str_size = dyn->d_un.d_val; break; \
-- case DT_HASH: vhash = dyn->d_un.d_val; break; \
-+ case DT_SYMTAB: vsym = dyn->d_un.d_val; break; \
-+ case DT_SYMENT: ent_size = dyn->d_un.d_val; break; \
-+ case DT_STRTAB: vstr = dyn->d_un.d_val; break; \
-+ case DT_STRSZ: str_size = dyn->d_un.d_val; break; \
-+ case DT_HASH: vhash = dyn->d_un.d_val; break; \
-+ case DT_GNU_LIBLIST: vliblist = dyn->d_un.d_val; break; \
- } \
- ++dyn; \
- } \
-@@ -126,6 +127,8 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- stroff = offset + (vstr - vaddr); \
- if (vhash >= vaddr && vhash < vaddr + filesz) \
- hashoff = offset + (vhash - vaddr); \
-+ if (vliblist >= vaddr && vliblist < vaddr + filesz) \
-+ liblistoff = offset + (vliblist - vaddr); \
- } \
- \
- /* Finally walk the symbol table. This should generally be fast as \
-@@ -133,19 +136,33 @@ static bool sb_check_exec(const char *filename, char *const argv[])
- * out there do not export any symbols at all. \
- */ \
- if (symoff && stroff) { \
-- /* Hash entries are always 32-bits. */ \
-- uint32_t *hashes = (void *)(elf + hashoff); \
- /* Nowhere is the # of symbols recorded, or the size of the symbol \
- * table. Instead, we do what glibc does: use the sysv hash table \
- * if it exists, else assume that the string table always directly \
- * follows the symbol table. This seems like a poor assumption to \
-- * make, but glibc has gotten by this long. \
-+ * make, but glibc has gotten by this long. See determine_info in \
-+ * glibc's elf/dl-addr.c. \
-+ * \
-+ * Turns out prelink will violate that assumption. Fortunately it \
-+ * will insert its liblist at the same location all the time -- it \
-+ * replaces the string table with its liblist table. \
-+ * \
-+ * Long term, we should behave the same as glibc and walk the gnu \
-+ * hash table first before falling back to the raw symbol table. \
- * \
- * We don't sanity check the ranges here as you aren't executing \
- * corrupt programs in the sandbox. \
- */ \
- sym = (void *)(elf + symoff); \
-- symend = vhash ? (sym + hashes[1]) : (void *)(elf + stroff); \
-+ if (vhash) { \
-+ /* Hash entries are always 32-bits. */ \
-+ uint32_t *hashes = (void *)(elf + hashoff); \
-+ symend = sym + hashes[1]; \
-+ } else if (vliblist) \
-+ symend = (void *)(elf + liblistoff); \
-+ else \
-+ symend = (void *)(elf + stroff); \
-+ \
- while (sym < symend) { \
- char *symname = (void *)(elf + stroff + sym->st_name); \
- if (ELF##n##_ST_VISIBILITY(sym->st_other) == STV_DEFAULT && \
---
-2.10.2
-
diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
deleted file mode 100644
index 7e8130b..0000000
--- a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Wed, 30 Mar 2016 01:17:21 -0400
-Subject: [PATCH] libsandbox: whitelist execvpe
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-URL: https://bugs.gentoo.org/578516
-Reported-by: Toralf Förster <toralf.foerster@gmx.de>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- libsandbox/libsandbox.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
-index cbe1aa1..e809308 100644
---- a/libsandbox/libsandbox.c
-+++ b/libsandbox/libsandbox.c
-@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
- sb_nr == SB_NR_EXECV ||
- sb_nr == SB_NR_EXECVP ||
- sb_nr == SB_NR_EXECVE ||
-+ sb_nr == SB_NR_EXECVPE ||
- sb_nr == SB_NR_FEXECVE))
- {
- retval = check_prefixes(sbcontext->read_prefixes,
---
-2.7.4
-
diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
deleted file mode 100644
index e33011f..0000000
--- a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Fri, 10 Mar 2017 10:15:50 -0800
-Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
-
-These funcs don't deref their path args, so flag them as such.
-
-URL: https://bugs.gentoo.org/612202
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
----
- libsandbox/libsandbox.c | 4 +++-
- tests/renameat-2.sh | 12 ++++++++++++
- tests/renameat-3.sh | 11 +++++++++++
- tests/renameat.at | 2 ++
- tests/symlinkat-2.sh | 10 ++++++++++
- tests/symlinkat-3.sh | 9 +++++++++
- tests/symlinkat.at | 2 ++
- 7 files changed, 49 insertions(+), 1 deletion(-)
- create mode 100755 tests/renameat-2.sh
- create mode 100755 tests/renameat-3.sh
- create mode 100755 tests/symlinkat-2.sh
- create mode 100755 tests/symlinkat-3.sh
-
-diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
-index e809308d717d..de48bd79ba53 100644
---- a/libsandbox/libsandbox.c
-+++ b/libsandbox/libsandbox.c
-@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
- sb_nr == SB_NR_LCHOWN ||
- sb_nr == SB_NR_REMOVE ||
- sb_nr == SB_NR_RENAME ||
-+ sb_nr == SB_NR_RENAMEAT ||
- sb_nr == SB_NR_RMDIR ||
-- sb_nr == SB_NR_SYMLINK))
-+ sb_nr == SB_NR_SYMLINK ||
-+ sb_nr == SB_NR_SYMLINKAT))
- {
- /* These funcs sometimes operate on symlinks */
- if (!((sb_nr == SB_NR_FCHOWNAT ||
-diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
-new file mode 100755
-index 000000000000..d0fbe8ae4574
---- /dev/null
-+++ b/tests/renameat-2.sh
-@@ -0,0 +1,12 @@
-+#!/bin/sh
-+# make sure we can clobber symlinks #612202
-+
-+addwrite $PWD
-+
-+ln -s /asdf sym || exit 1
-+touch file
-+renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1
-+[ ! -e file ]
-+[ ! -L sym ]
-+[ -e sym ]
-+test ! -s "${SANDBOX_LOG}"
-diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
-new file mode 100755
-index 000000000000..9ae5c9a6511a
---- /dev/null
-+++ b/tests/renameat-3.sh
-@@ -0,0 +1,11 @@
-+#!/bin/sh
-+# make sure we reject bad renames #612202
-+
-+addwrite $PWD
-+mkdir deny
-+adddeny $PWD/deny
-+
-+touch file
-+renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1
-+[ -e file ]
-+test -s "${SANDBOX_LOG}"
-diff --git a/tests/renameat.at b/tests/renameat.at
-index 081d7d20277e..eec4638deeaa 100644
---- a/tests/renameat.at
-+++ b/tests/renameat.at
-@@ -1 +1,3 @@
- SB_CHECK(1)
-+SB_CHECK(2)
-+SB_CHECK(3)
-diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
-new file mode 100755
-index 000000000000..168362e8806f
---- /dev/null
-+++ b/tests/symlinkat-2.sh
-@@ -0,0 +1,10 @@
-+#!/bin/sh
-+# make sure we can clobber symlinks #612202
-+
-+addwrite $PWD
-+
-+symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1
-+[ -L sym ]
-+symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1
-+[ -L sym ]
-+test ! -s "${SANDBOX_LOG}"
-diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
-new file mode 100755
-index 000000000000..a01c750dd2b6
---- /dev/null
-+++ b/tests/symlinkat-3.sh
-@@ -0,0 +1,9 @@
-+#!/bin/sh
-+# make sure we reject bad symlinks #612202
-+
-+addwrite $PWD
-+mkdir deny
-+adddeny $PWD/deny
-+
-+symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1
-+test -s "${SANDBOX_LOG}"
-diff --git a/tests/symlinkat.at b/tests/symlinkat.at
-index 081d7d20277e..eec4638deeaa 100644
---- a/tests/symlinkat.at
-+++ b/tests/symlinkat.at
-@@ -1 +1,3 @@
- SB_CHECK(1)
-+SB_CHECK(2)
-+SB_CHECK(3)
---
-2.12.0
-
diff --git a/sys-apps/sandbox/metadata.xml b/sys-apps/sandbox/metadata.xml
index ebbf830..24b5738 100644
--- a/sys-apps/sandbox/metadata.xml
+++ b/sys-apps/sandbox/metadata.xml
@@ -1,9 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
-
-<!-- portage lacks a herd. correct this when we have one. -->
-
<maintainer type="project">
<email>sandbox@gentoo.org</email>
<description>Sandbox Maintainers</description>
diff --git a/sys-apps/sandbox/sandbox-2.11-r5.ebuild b/sys-apps/sandbox/sandbox-2.12.ebuild
similarity index 59%
rename from sys-apps/sandbox/sandbox-2.11-r5.ebuild
rename to sys-apps/sandbox/sandbox-2.12.ebuild
index b765bc5..265df32 100644
--- a/sys-apps/sandbox/sandbox-2.11-r5.ebuild
+++ b/sys-apps/sandbox/sandbox-2.12.ebuild
@@ -1,19 +1,13 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-#
-# don't monkey with this ebuild unless contacting portage devs.
-# period.
-#
-
-EAPI="5"
+EAPI="6"
inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
DESCRIPTION="sandbox'd LD_PRELOAD hack"
HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
-SRC_URI="mirror://gentoo/${P}.tar.xz
- https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+SRC_URI="https://dev.gentoo.org/~mgorny/dist/${P}.tar.xz"
LICENSE="GPL-2"
SLOT="0"
@@ -32,14 +26,9 @@ sandbox_death_notice() {
}
src_prepare() {
- epatch "${FILESDIR}"/${P}-execvpe.patch #578516
- epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
- epatch "${FILESDIR}"/${P}-exec-prelink.patch #599894
- epatch "${FILESDIR}"/${PN}-2.10-fix-opendir.patch #553092
- epatch "${FILESDIR}"/${P}-symlinkat-renameat.patch #612202
- epatch "${FILESDIR}"/${P}-musl.patch
- epatch "${FILESDIR}"/${PN}-2.10-fix-visibility-musl.patch
- epatch_user
+ eapply "${FILESDIR}"/${PN}-2.11-musl.patch
+ eapply "${FILESDIR}"/${PN}-2.10-fix-visibility-musl.patch
+ eapply_user
}
multilib_src_configure() {
@@ -64,7 +53,6 @@ multilib_src_install_all() {
fowners root:portage /var/log/sandbox
fperms 0770 /var/log/sandbox
- cd "${S}"
dodoc AUTHORS ChangeLog* NEWS README
}
@@ -72,17 +60,23 @@ pkg_preinst() {
chown root:portage "${ED}"/var/log/sandbox
chmod 0770 "${ED}"/var/log/sandbox
- if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
- local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
- if [[ -n ${old} ]] ; then
- elog "Removing old sandbox libraries for you:"
- find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if [[ ${v} == 1.* ]] ; then
+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+ if [[ -n ${old} ]] ; then
+ elog "Removing old sandbox libraries for you:"
+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+ fi
fi
- fi
+ done
}
pkg_postinst() {
- if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
- chmod 0755 "${EROOT}"/etc/sandbox.d #265376
- fi
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if [[ ${v} == 1.* ]] ; then
+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376
+ fi
+ done
}
next reply other threads:[~2017-10-04 18:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-04 18:38 Aric Belsito [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-09-09 16:38 [gentoo-commits] proj/musl:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/ Anthony G. Basile
2018-03-26 14:59 Anthony G. Basile
2017-01-03 3:44 Aric Belsito
2016-11-17 22:00 Aric Belsito
2016-01-23 4:29 Anthony G. Basile
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1507142250.02b9f500afde29dc90f995006eb6d3e0ffc94283.lluixhi@gentoo \
--to=lluixhi@gmail.com \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox