From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-920140-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 815BB139085
	for <garchives@archives.gentoo.org>; Fri, 30 Dec 2016 17:08:08 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 984C5E0C22;
	Fri, 30 Dec 2016 17:08:07 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 63554E0BFD
	for <gentoo-commits@lists.gentoo.org>; Fri, 30 Dec 2016 17:08:07 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 6BF693416DA
	for <gentoo-commits@lists.gentoo.org>; Fri, 30 Dec 2016 17:08:06 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 30FFD24EF
	for <gentoo-commits@lists.gentoo.org>; Fri, 30 Dec 2016 08:50:18 +0000 (UTC)
From: "Mart Raudsepp" <leio@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Mart Raudsepp" <leio@gentoo.org>
Message-ID: <1483087788.3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5.leio@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: profiles/, sys-apps/sandbox/files/, sys-apps/sandbox/
X-VCS-Repository: repo/gentoo
X-VCS-Files: profiles/package.mask sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch sys-apps/sandbox/sandbox-2.10-r3.ebuild sys-apps/sandbox/sandbox-2.11-r4.ebuild
X-VCS-Directories: sys-apps/sandbox/ profiles/ sys-apps/sandbox/files/
X-VCS-Committer: leio
X-VCS-Committer-Name: Mart Raudsepp
X-VCS-Revision: 3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5
X-VCS-Branch: master
Date: Fri, 30 Dec 2016 08:50:18 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 456f0e63-d70b-4dc6-ae8e-c7d974a54034
X-Archives-Hash: daa41e0888d75eb47717bb78f687c73a

commit:     3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 30 08:35:38 2016 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Fri Dec 30 08:49:48 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a9eb02c

sys-apps/sandbox: Fix opendir sandbox abort with long paths

Shell globbing code could end up calling opendir on a whole command line
with arguments, exceeding 8k characters - for example when libtool gets
passed an -export-symbols-regex with a wildcard.
Due to the length exceeding sandbox internal SB_PATH_MAX, it gets trimmed
internally in sandbox syscall checks (even though opendir isn't an actual
syscall), gets confused and throws an ISE abort.
Fix it by adding a precheck that simply fails early with ENAMETOOLONG on
too long paths, as the real glibc function would do the same.

Fixes large projects hitting sandbox abort inside the driving POSIX shell
globbing function due to a long list of linker arguments (such as many object
files) being passed to libtool together with an -export-symbols-regex with
a wildcard. Known affected packages include graphicsmagick and newer
gnome-builder.

p.masked for a short time as a maintainer timeout, seeking independent
validation as a critical packages non-maintainer revbump.

Gentoo-Bug: 553092
Package-Manager: portage-2.3.3
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 profiles/package.mask                              |  4 +
 .../sandbox/files/sandbox-2.10-fix-opendir.patch   | 79 ++++++++++++++++++++
 sys-apps/sandbox/sandbox-2.10-r3.ebuild            | 84 +++++++++++++++++++++
 sys-apps/sandbox/sandbox-2.11-r4.ebuild            | 85 ++++++++++++++++++++++
 4 files changed, 252 insertions(+)

diff --git a/profiles/package.mask b/profiles/package.mask
index 438ba4f..979a785 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -30,6 +30,10 @@
 
 #--- END OF EXAMPLES ---
 
+# Mart Raudsepp <leio@gentoo.org> (30 Dec 2016)
+# Temporary testing mask for non-maintainer commit of a bugfix, #553092
+=sys-apps/sandbox-2.10-r3
+
 # David Seifert <soap@gentoo.org> (29 Dec 2016)
 # Ancient codebase, maintenance nightmare, dead
 # upstream, games-emulation/vbam is spiritual successor

diff --git a/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch
new file mode 100644
index 00000000..2ff89bc
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch
@@ -0,0 +1,79 @@
+From 3f668dc6ba1910085e61b3a24167ab1352c60d92 Mon Sep 17 00:00:00 2001
+From: Mart Raudsepp <leio@gentoo.org>
+Date: Fri, 11 Nov 2016 12:34:48 +0200
+Subject: [PATCH] libsandbox: do not abort with a long name to opendir
+
+Add a pre-check for opendir that catches too long name arguments
+given to opendir, as it would get messed up and abort before it
+even gets to the open*() syscall (which would handle it correctly),
+due to opendir going through before_syscall/check_syscall, even
+though it isn't a true syscall and it getting cut to SB_PATH_MAX
+inbetween and getting confused somewhere.
+
+URL: https://bugs.gentoo.org/553092
+Signed-off-by: Mart Raudsepp <leio@gentoo.org>
+---
+ libsandbox/wrapper-funcs/opendir.c           |  2 ++
+ libsandbox/wrapper-funcs/opendir_pre_check.c | 26 ++++++++++++++++++++++++++
+ libsandbox/wrappers.h                        |  1 +
+ 3 files changed, 29 insertions(+)
+ create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c
+
+diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c
+index 7670775..70c2692 100644
+--- a/libsandbox/wrapper-funcs/opendir.c
++++ b/libsandbox/wrapper-funcs/opendir.c
+@@ -10,4 +10,6 @@
+ #define WRAPPER_SAFE() SB_SAFE(name)
+ #define WRAPPER_RET_TYPE DIR *
+ #define WRAPPER_RET_DEFAULT NULL
++#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name)
++
+ #include "__wrapper_simple.c"
+diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c
+new file mode 100644
+index 0000000..60c869f
+--- /dev/null
++++ b/libsandbox/wrapper-funcs/opendir_pre_check.c
+@@ -0,0 +1,26 @@
++/*
++ * opendir() pre-check.
++ *
++ * Copyright 1999-2016 Gentoo Foundation
++ * Licensed under the GPL-2
++ */
++
++bool sb_opendir_pre_check(const char *func, const char *name)
++{
++	/* If length of name is larger than PATH_MAX, we would mess it up
++	 * before it reaches the open syscall, which would cleanly error out
++	 * via sandbox as well (actually with much smaller lengths than even
++	 * PATH_MAX).
++	 * So error out early in this case, in order to avoid an abort in
++	 * check_syscall later on, which gets ran for opendir, despite it not
++	 * being a syscall.
++	 */
++	if (strnlen(name, PATH_MAX) == PATH_MAX) {
++		errno = ENAMETOOLONG;
++		sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
++			func, name, strerror(errno));
++		return false;
++	}
++
++	return true;
++}
+diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h
+index 0aa58bb..bf5bf64 100644
+--- a/libsandbox/wrappers.h
++++ b/libsandbox/wrappers.h
+@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check  (const char *func, const char *pathn
+ attribute_hidden bool sb_mkdirat_pre_check  (const char *func, const char *pathname, int dirfd);
+ attribute_hidden bool sb_openat_pre_check   (const char *func, const char *pathname, int dirfd, int flags);
+ attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags);
++attribute_hidden bool sb_opendir_pre_check  (const char *func, const char *name);
+ attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd);
+ attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd,
+                                              char *dirfd_path, size_t dirfd_path_len);
+-- 
+2.9.0
+

diff --git a/sys-apps/sandbox/sandbox-2.10-r3.ebuild b/sys-apps/sandbox/sandbox-2.10-r3.ebuild
new file mode 100644
index 00000000..910a931
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.10-r3.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+	https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+	>=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714
+	epatch "${FILESDIR}"/${P}-disable-same.patch
+	epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092
+	epatch_user
+}
+
+multilib_src_configure() {
+	filter-lfs-flags #90228
+
+	local myconf=()
+	host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092
+
+	ECONF_SOURCE="${S}" \
+	econf "${myconf[@]}"
+}
+
+multilib_src_test() {
+	# Default sandbox build will run with --jobs set to # cpus.
+	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
+}
+
+multilib_src_install_all() {
+	doenvd "${FILESDIR}"/09sandbox
+
+	keepdir /var/log/sandbox
+	fowners root:portage /var/log/sandbox
+	fperms 0770 /var/log/sandbox
+
+	cd "${S}"
+	dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+	chown root:portage "${ED}"/var/log/sandbox
+	chmod 0770 "${ED}"/var/log/sandbox
+
+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+		local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+		if [[ -n ${old} ]] ; then
+			elog "Removing old sandbox libraries for you:"
+			find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+		fi
+	fi
+}
+
+pkg_postinst() {
+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+		chmod 0755 "${EROOT}"/etc/sandbox.d #265376
+	fi
+}

diff --git a/sys-apps/sandbox/sandbox-2.11-r4.ebuild b/sys-apps/sandbox/sandbox-2.11-r4.ebuild
new file mode 100644
index 00000000..0cba4b7
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.11-r4.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+	https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+	>=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-execvpe.patch #578516
+	epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
+	epatch "${FILESDIR}"/${P}-exec-prelink.patch #599894
+	epatch "${FILESDIR}"/${PN}-2.10-fix-opendir.patch #553092
+	epatch_user
+}
+
+multilib_src_configure() {
+	filter-lfs-flags #90228
+
+	local myconf=()
+	host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092
+
+	ECONF_SOURCE="${S}" \
+	econf "${myconf[@]}"
+}
+
+multilib_src_test() {
+	# Default sandbox build will run with --jobs set to # cpus.
+	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
+}
+
+multilib_src_install_all() {
+	doenvd "${FILESDIR}"/09sandbox
+
+	keepdir /var/log/sandbox
+	fowners root:portage /var/log/sandbox
+	fperms 0770 /var/log/sandbox
+
+	cd "${S}"
+	dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+	chown root:portage "${ED}"/var/log/sandbox
+	chmod 0770 "${ED}"/var/log/sandbox
+
+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+		local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+		if [[ -n ${old} ]] ; then
+			elog "Removing old sandbox libraries for you:"
+			find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+		fi
+	fi
+}
+
+pkg_postinst() {
+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+		chmod 0755 "${EROOT}"/etc/sandbox.d #265376
+	fi
+}