* [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
@ 2015-12-19 18:15 Mike Frysinger
0 siblings, 0 replies; 6+ messages in thread
From: Mike Frysinger @ 2015-12-19 18:15 UTC (permalink / raw
To: gentoo-commits
commit: 33a9bf25d218173400e1115011ed867e84b4bf38
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 18:15:05 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 18:15:25 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33a9bf25
sys-apps/sandbox: fix memory corruption #568714
.../files/sandbox-2.10-memory-corruption.patch | 42 ++++++++++++++++++++++
...{sandbox-2.10.ebuild => sandbox-2.10-r1.ebuild} | 1 +
2 files changed, 43 insertions(+)
diff --git a/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch b/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch
new file mode 100644
index 0000000..7dd27c9
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch
@@ -0,0 +1,42 @@
+From 529a388ebb1b4e9d6ad8a1bb61dd8211833a5976 Mon Sep 17 00:00:00 2001
+From: Denis Lisov <dennis.lissov@gmail.com>
+Date: Sat, 19 Dec 2015 19:13:58 +0300
+Subject: [PATCH] libsandbox: fix old_malloc_size check on realloc
+
+Realloc uses SB_MALLOC_TO_SIZE assuming it returns the usable size,
+while it is really the mmap size, which is greater. Thus it may fail
+to reallocate even if required.
+
+URL: https://bugs.gentoo.org/568714
+Signed-off-by: Denis Lisov <dennis.lissov@gmail.com>
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ libsandbox/memory.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libsandbox/memory.c b/libsandbox/memory.c
+index 8581128..a2d69a2 100644
+--- a/libsandbox/memory.c
++++ b/libsandbox/memory.c
+@@ -40,7 +40,8 @@ static int sb_munmap(void *addr, size_t length)
+
+ #define SB_MALLOC_TO_MMAP(ptr) ((void*)((uintptr_t)(ptr) - MIN_ALIGN))
+ #define SB_MMAP_TO_MALLOC(ptr) ((void*)((uintptr_t)(ptr) + MIN_ALIGN))
+-#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))
++#define SB_MALLOC_TO_MMAP_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))
++#define SB_MALLOC_TO_SIZE(ptr) (SB_MALLOC_TO_MMAP_SIZE(ptr) - MIN_ALIGN)
+
+ void *malloc(size_t size)
+ {
+@@ -57,7 +58,7 @@ void free(void *ptr)
+ {
+ if (ptr == NULL)
+ return;
+- if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr)))
++ if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_MMAP_SIZE(ptr)))
+ sb_ebort("sandbox memory corruption with free(%p): %s\n",
+ ptr, strerror(errno));
+ }
+--
+2.6.2
+
diff --git a/sys-apps/sandbox/sandbox-2.10.ebuild b/sys-apps/sandbox/sandbox-2.10-r1.ebuild
similarity index 97%
rename from sys-apps/sandbox/sandbox-2.10.ebuild
rename to sys-apps/sandbox/sandbox-2.10-r1.ebuild
index 2550852..9df5d29 100644
--- a/sys-apps/sandbox/sandbox-2.10.ebuild
+++ b/sys-apps/sandbox/sandbox-2.10-r1.ebuild
@@ -46,6 +46,7 @@ sb_foreach_abi() {
src_unpack() {
unpacker
cd "${S}"
+ epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714
epatch_user
}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
@ 2016-01-17 20:12 Mike Frysinger
0 siblings, 0 replies; 6+ messages in thread
From: Mike Frysinger @ 2016-01-17 20:12 UTC (permalink / raw
To: gentoo-commits
commit: 4994c7667bd2d9e54fa79f705a51a9fbd1af5522
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 17 20:09:22 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun Jan 17 20:12:12 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4994c766
sys-apps/sandbox: drop versions <2.6
sys-apps/sandbox/Manifest | 4 -
.../files/sandbox-1.6-disable-pthread.patch | 37 -------
.../files/sandbox-1.6-disable-qa-static.patch | 13 ---
sys-apps/sandbox/sandbox-1.6-r2.ebuild | 104 ------------------
sys-apps/sandbox/sandbox-2.3-r1.ebuild | 103 ------------------
sys-apps/sandbox/sandbox-2.4.ebuild | 100 ------------------
sys-apps/sandbox/sandbox-2.5.ebuild | 117 ---------------------
7 files changed, 478 deletions(-)
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 38fb2ea..fa19c3f 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -1,8 +1,4 @@
-DIST sandbox-1.6.tar.lzma 307014 SHA256 52cfd286da3d5d51f3b6e012e409e931b21e32b4f2f16ba5677e46328680f4f4 SHA512 f470599a67443fa107612fef1cc73b64b3146003ae21bb5ae5abd852c4c37aec93ac09be646fda9d55d4c3aeef0cf28a42fa675f2acbb53c1d903e400538ba4c WHIRLPOOL 7c7fbe57cc831d0eb7853476e264a85bb8113620948e761563a872d3d55fd3c0ff063332397199001ea9dcb8258f348b827f337b876b2a26f727f10abbc8f712
DIST sandbox-2.10.tar.xz 417068 SHA256 019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 WHIRLPOOL 5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192
-DIST sandbox-2.3.tar.xz 344260 SHA256 8670f7508453c2fd300ca29ad2eb457691c3df01c4c22fa27d4a7c880fd291d5 SHA512 06ddaa6dc0822474c263650e95284af6cb69c60c9443b5caaf95af8140283f937d5594849064847fe3a4ad89b29b6ef6d6e909a9b85bb5d7fcf8b427d0e9c7e4 WHIRLPOOL 5d3f45a0bbb1aeffb8c83f8978bea65764aa438a5abcb50c66b5f66232d972bde84013694f6806fcc0026cd6d37420c69655d66ec5984a1c6f71a68dcfc95d11
-DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d16f5dc6e26b042d580fd3e SHA512 c0f8b789bcabd48e03a20a97c9daa82c48f264d7641ecfa51dff7a2d2c34be398cf1db6235eb0211bf0fa78b07bd6e633e06bc102904bf9dd8a95f9fde1ca615 WHIRLPOOL 22f0f55f6e638275781ab5afa29b1a7f5e7f3335a3d2ff37d9fcce0bf9284b271bf1d69b98bcd4b06fdb9ff1528d044f9fb111a58c2a1a5ce33cbe28c0cb869d
-DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53
DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03
DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554
DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74
diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch
deleted file mode 100644
index 490bc41..0000000
--- a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-http://bugs.gentoo.org/263657
-
-disable pthread locks ... this is how stable has always worked, so there
-wont be any regressions ...
-
-diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
-index 034d0e7..595d17f 100644
---- a/libsandbox/libsandbox.c
-+++ b/libsandbox/libsandbox.c
-@@ -814,9 +814,6 @@
- return result;
- }
-
--/* Need to protect the global sbcontext structure */
--static pthread_mutex_t sb_syscall_lock = PTHREAD_MUTEX_INITIALIZER;
--
- bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, int flags)
- {
- int old_errno = errno;
-@@ -843,8 +840,6 @@
- file = at_file_buf;
- }
-
-- pthread_mutex_lock(&sb_syscall_lock);
--
- if (!sb_init) {
- init_context(&sbcontext);
- sb_init = true;
-@@ -885,8 +880,6 @@
-
- result = check_syscall(&sbcontext, sb_nr, func, file, flags);
-
-- pthread_mutex_unlock(&sb_syscall_lock);
--
- if (0 == result) {
- if ((NULL != getenv(ENV_SANDBOX_PID)) && (is_env_on(ENV_SANDBOX_ABORT)))
-
diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch
deleted file mode 100644
index 754ef01..0000000
--- a/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-sandbox-1.7 traces static apps so disable the qa notice as it just scares
-users ... dont want scary stuff in stable!
-
---- libsandbox/wrapper-funcs/__wrapper_exec.c
-+++ libsandbox/wrapper-funcs/__wrapper_exec.c
-@@ -221,7 +221,6 @@
- if (!FUNCTION_SANDBOX_SAFE(path))
- return result;
-
-- sb_check_exec(path, argv);
- }
- #endif
-
diff --git a/sys-apps/sandbox/sandbox-1.6-r2.ebuild b/sys-apps/sandbox/sandbox-1.6-r2.ebuild
deleted file mode 100644
index d59b16e..0000000
--- a/sys-apps/sandbox/sandbox-1.6-r2.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-#
-# don't monkey with this ebuild unless contacting portage devs.
-# period.
-#
-
-inherit eutils flag-o-matic toolchain-funcs multilib unpacker
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
-SRC_URI="mirror://gentoo/${P}.tar.lzma
- https://dev.gentoo.org/~vapier/dist/${P}.tar.lzma"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd"
-IUSE=""
-
-DEPEND="app-arch/xz-utils
- >=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-EMULTILIB_PKG="true"
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
-
-sandbox_death_notice() {
- ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
- ewarn "FEATURES=-sandbox emerge sandbox"
-}
-
-src_unpack() {
- unpacker_src_unpack
- cd "${S}"
- epatch "${FILESDIR}"/${P}-disable-qa-static.patch
- epatch "${FILESDIR}"/${P}-disable-pthread.patch
- epatch "${FILESDIR}"/0001-libsandbox-handle-more-at-functions.patch
-}
-
-src_compile() {
- filter-lfs-flags #90228
-
- local OABI=${ABI}
- for ABI in $(get_install_abis) ; do
- mkdir "${WORKDIR}/build-${ABI}"
- cd "${WORKDIR}/build-${ABI}"
-
- multilib_toolchain_setup ${ABI}
-
- einfo "Configuring sandbox for ABI=${ABI}..."
- ECONF_SOURCE="../${P}/" \
- econf ${myconf} || die
- einfo "Building sandbox for ABI=${ABI}..."
- emake || die
- done
- ABI=${OABI}
-}
-
-src_test() {
- local OABI=${ABI}
- for ABI in $(get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Checking sandbox for ABI=${ABI}..."
- emake check || die "make check failed for ${ABI}"
- done
- ABI=${OABI}
-}
-
-src_install() {
- local OABI=${ABI}
- for ABI in $(get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Installing sandbox for ABI=${ABI}..."
- emake DESTDIR="${D}" install || die "make install failed for ${ABI}"
- done
- ABI=${OABI}
-
- doenvd "${FILESDIR}"/09sandbox
-
- keepdir /var/log/sandbox
- fowners root:portage /var/log/sandbox
- fperms 0770 /var/log/sandbox
-
- cd "${S}"
- dodoc AUTHORS ChangeLog* NEWS README
-}
-
-pkg_preinst() {
- chown root:portage "${D}"/var/log/sandbox
- chmod 0770 "${D}"/var/log/sandbox
-
- local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
- if [[ -n ${old} ]] ; then
- elog "Removing old sandbox libraries for you:"
- elog ${old//${ROOT}}
- find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
- fi
-}
-
-pkg_postinst() {
- chmod 0755 "${ROOT}"/etc/sandbox.d #265376
-}
diff --git a/sys-apps/sandbox/sandbox-2.3-r1.ebuild b/sys-apps/sandbox/sandbox-2.3-r1.ebuild
deleted file mode 100644
index 30c85db..0000000
--- a/sys-apps/sandbox/sandbox-2.3-r1.ebuild
+++ /dev/null
@@ -1,103 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-#
-# don't monkey with this ebuild unless contacting portage devs.
-# period.
-#
-
-inherit eutils flag-o-matic toolchain-funcs multilib unpacker
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
-SRC_URI="mirror://gentoo/${P}.tar.xz
- https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd"
-IUSE="multilib"
-
-DEPEND="app-arch/xz-utils
- >=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-EMULTILIB_PKG="true"
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
-
-sandbox_death_notice() {
- ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
- ewarn "FEATURES=-sandbox emerge sandbox"
-}
-
-sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; }
-
-src_compile() {
- filter-lfs-flags #90228
-
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- mkdir "${WORKDIR}/build-${ABI}"
- cd "${WORKDIR}/build-${ABI}"
-
- use multilib && multilib_toolchain_setup ${ABI}
-
- einfo "Configuring sandbox for ABI=${ABI}..."
- ECONF_SOURCE="../${P}/" \
- econf ${myconf} || die
- einfo "Building sandbox for ABI=${ABI}..."
- emake || die
- done
- ABI=${OABI}
-}
-
-src_test() {
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Checking sandbox for ABI=${ABI}..."
- emake check || die "make check failed for ${ABI}"
- done
- ABI=${OABI}
-}
-
-src_install() {
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Installing sandbox for ABI=${ABI}..."
- emake DESTDIR="${D}" install || die "make install failed for ${ABI}"
- insinto /etc/sandbox.d #333131
- doins etc/sandbox.d/00default || die
- done
- ABI=${OABI}
-
- doenvd "${FILESDIR}"/09sandbox
-
- # fix 00default install #333131
- rm "${D}"/etc/sandbox.d/*.in || die
-
- keepdir /var/log/sandbox
- fowners root:portage /var/log/sandbox
- fperms 0770 /var/log/sandbox
-
- cd "${S}"
- dodoc AUTHORS ChangeLog* NEWS README
-}
-
-pkg_preinst() {
- chown root:portage "${D}"/var/log/sandbox
- chmod 0770 "${D}"/var/log/sandbox
-
- local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
- if [[ -n ${old} ]] ; then
- elog "Removing old sandbox libraries for you:"
- elog ${old//${ROOT}}
- find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
- fi
-}
-
-pkg_postinst() {
- chmod 0755 "${ROOT}"/etc/sandbox.d #265376
-}
diff --git a/sys-apps/sandbox/sandbox-2.4.ebuild b/sys-apps/sandbox/sandbox-2.4.ebuild
deleted file mode 100644
index bb5a592..0000000
--- a/sys-apps/sandbox/sandbox-2.4.ebuild
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-#
-# don't monkey with this ebuild unless contacting portage devs.
-# period.
-#
-
-inherit eutils flag-o-matic toolchain-funcs multilib unpacker
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
-SRC_URI="mirror://gentoo/${P}.tar.xz
- https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd"
-IUSE="multilib"
-
-DEPEND="app-arch/xz-utils
- >=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-EMULTILIB_PKG="true"
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
-
-sandbox_death_notice() {
- ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
- ewarn "FEATURES=-sandbox emerge sandbox"
-}
-
-sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; }
-
-src_compile() {
- filter-lfs-flags #90228
-
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- mkdir "${WORKDIR}/build-${ABI}"
- cd "${WORKDIR}/build-${ABI}"
-
- use multilib && multilib_toolchain_setup ${ABI}
-
- einfo "Configuring sandbox for ABI=${ABI}..."
- ECONF_SOURCE="../${P}/" \
- econf ${myconf} || die
- einfo "Building sandbox for ABI=${ABI}..."
- emake || die
- done
- ABI=${OABI}
-}
-
-src_test() {
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Checking sandbox for ABI=${ABI}..."
- emake check || die "make check failed for ${ABI}"
- done
- ABI=${OABI}
-}
-
-src_install() {
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Installing sandbox for ABI=${ABI}..."
- emake DESTDIR="${D}" install || die "make install failed for ${ABI}"
- insinto /etc/sandbox.d #333131
- doins etc/sandbox.d/00default || die
- done
- ABI=${OABI}
-
- doenvd "${FILESDIR}"/09sandbox
-
- keepdir /var/log/sandbox
- fowners root:portage /var/log/sandbox
- fperms 0770 /var/log/sandbox
-
- cd "${S}"
- dodoc AUTHORS ChangeLog* NEWS README
-}
-
-pkg_preinst() {
- chown root:portage "${D}"/var/log/sandbox
- chmod 0770 "${D}"/var/log/sandbox
-
- local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
- if [[ -n ${old} ]] ; then
- elog "Removing old sandbox libraries for you:"
- elog ${old//${ROOT}}
- find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
- fi
-}
-
-pkg_postinst() {
- chmod 0755 "${ROOT}"/etc/sandbox.d #265376
-}
diff --git a/sys-apps/sandbox/sandbox-2.5.ebuild b/sys-apps/sandbox/sandbox-2.5.ebuild
deleted file mode 100644
index 9047ea0..0000000
--- a/sys-apps/sandbox/sandbox-2.5.ebuild
+++ /dev/null
@@ -1,117 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-#
-# don't monkey with this ebuild unless contacting portage devs.
-# period.
-#
-
-inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing
-
-DESCRIPTION="sandbox'd LD_PRELOAD hack"
-HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
-SRC_URI="mirror://gentoo/${P}.tar.xz
- https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd"
-IUSE="multilib"
-
-DEPEND="app-arch/xz-utils
- >=app-misc/pax-utils-0.1.19" #265376
-RDEPEND=""
-
-EMULTILIB_PKG="true"
-has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
-
-sandbox_death_notice() {
- ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
- ewarn "FEATURES=-sandbox emerge sandbox"
-}
-
-sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; }
-
-sb_foreach_abi() {
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- cd "${WORKDIR}/build-${ABI}"
- einfo "Running $1 for ABI=${ABI}..."
- "$@"
- done
- ABI=${OABI}
-}
-
-sb_configure() {
- mkdir "${WORKDIR}/build-${ABI}"
- cd "${WORKDIR}/build-${ABI}"
-
- use multilib && multilib_toolchain_setup ${ABI}
-
- einfo "Configuring sandbox for ABI=${ABI}..."
- ECONF_SOURCE="../${P}/" \
- econf ${myconf} || die
-}
-
-sb_compile() {
- emake || die
-}
-
-src_compile() {
- filter-lfs-flags #90228
-
- # Run configures in parallel!
- multijob_init
- local OABI=${ABI}
- for ABI in $(sb_get_install_abis) ; do
- multijob_child_init sb_configure
- done
- ABI=${OABI}
- multijob_finish
-
- sb_foreach_abi sb_compile
-}
-
-sb_test() {
- emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die
-}
-
-src_test() {
- sb_foreach_abi sb_test
-}
-
-sb_install() {
- emake DESTDIR="${D}" install || die
- insinto /etc/sandbox.d #333131
- doins etc/sandbox.d/00default || die
-}
-
-src_install() {
- sb_foreach_abi sb_install
-
- doenvd "${FILESDIR}"/09sandbox
-
- keepdir /var/log/sandbox
- fowners root:portage /var/log/sandbox
- fperms 0770 /var/log/sandbox
-
- cd "${S}"
- dodoc AUTHORS ChangeLog* NEWS README
-}
-
-pkg_preinst() {
- chown root:portage "${D}"/var/log/sandbox
- chmod 0770 "${D}"/var/log/sandbox
-
- local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
- if [[ -n ${old} ]] ; then
- elog "Removing old sandbox libraries for you:"
- elog ${old//${ROOT}}
- find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
- fi
-}
-
-pkg_postinst() {
- chmod 0755 "${ROOT}"/etc/sandbox.d #265376
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
@ 2016-03-30 5:21 Mike Frysinger
0 siblings, 0 replies; 6+ messages in thread
From: Mike Frysinger @ 2016-03-30 5:21 UTC (permalink / raw
To: gentoo-commits
commit: 0970c507b3eda2d1909614026385bf8767766322
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 30 05:20:46 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Mar 30 05:21:34 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0970c507
sys-apps/sandbox: fix execvpe handling #578516
sys-apps/sandbox/files/sandbox-2.11-execvpe.patch | 30 ++++++++++++++++++++++
...ndbox-2.11-r1.ebuild => sandbox-2.11-r2.ebuild} | 1 +
2 files changed, 31 insertions(+)
diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
new file mode 100644
index 0000000..7e8130b
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
@@ -0,0 +1,30 @@
+From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Wed, 30 Mar 2016 01:17:21 -0400
+Subject: [PATCH] libsandbox: whitelist execvpe
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+URL: https://bugs.gentoo.org/578516
+Reported-by: Toralf Förster <toralf.foerster@gmx.de>
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ libsandbox/libsandbox.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
+index cbe1aa1..e809308 100644
+--- a/libsandbox/libsandbox.c
++++ b/libsandbox/libsandbox.c
+@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
+ sb_nr == SB_NR_EXECV ||
+ sb_nr == SB_NR_EXECVP ||
+ sb_nr == SB_NR_EXECVE ||
++ sb_nr == SB_NR_EXECVPE ||
+ sb_nr == SB_NR_FEXECVE))
+ {
+ retval = check_prefixes(sbcontext->read_prefixes,
+--
+2.7.4
+
diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
similarity index 97%
rename from sys-apps/sandbox/sandbox-2.11-r1.ebuild
rename to sys-apps/sandbox/sandbox-2.11-r2.ebuild
index 8001316..4f9884f 100644
--- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild
+++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
@@ -32,6 +32,7 @@ sandbox_death_notice() {
}
src_prepare() {
+ epatch "${FILESDIR}"/${P}-execvpe.patch #578516
epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
epatch_user
}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
@ 2017-03-10 18:51 Mike Frysinger
0 siblings, 0 replies; 6+ messages in thread
From: Mike Frysinger @ 2017-03-10 18:51 UTC (permalink / raw
To: gentoo-commits
commit: 94f5df1e61d1b6159a32f020e1780427fba6d98c
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 18:49:39 2017 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 18:50:54 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94f5df1e
sys-apps/sandbox: fix handling of symlinks w/symlinkat/renameat #612202
.../files/sandbox-2.11-symlinkat-renameat.patch | 124 +++++++++++++++++++++
sys-apps/sandbox/sandbox-2.10-r4.ebuild | 85 ++++++++++++++
sys-apps/sandbox/sandbox-2.11-r5.ebuild | 86 ++++++++++++++
3 files changed, 295 insertions(+)
diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
new file mode 100644
index 00000000000..e33011f7495
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
@@ -0,0 +1,124 @@
+From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 10 Mar 2017 10:15:50 -0800
+Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
+
+These funcs don't deref their path args, so flag them as such.
+
+URL: https://bugs.gentoo.org/612202
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ libsandbox/libsandbox.c | 4 +++-
+ tests/renameat-2.sh | 12 ++++++++++++
+ tests/renameat-3.sh | 11 +++++++++++
+ tests/renameat.at | 2 ++
+ tests/symlinkat-2.sh | 10 ++++++++++
+ tests/symlinkat-3.sh | 9 +++++++++
+ tests/symlinkat.at | 2 ++
+ 7 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100755 tests/renameat-2.sh
+ create mode 100755 tests/renameat-3.sh
+ create mode 100755 tests/symlinkat-2.sh
+ create mode 100755 tests/symlinkat-3.sh
+
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
+index e809308d717d..de48bd79ba53 100644
+--- a/libsandbox/libsandbox.c
++++ b/libsandbox/libsandbox.c
+@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
+ sb_nr == SB_NR_LCHOWN ||
+ sb_nr == SB_NR_REMOVE ||
+ sb_nr == SB_NR_RENAME ||
++ sb_nr == SB_NR_RENAMEAT ||
+ sb_nr == SB_NR_RMDIR ||
+- sb_nr == SB_NR_SYMLINK))
++ sb_nr == SB_NR_SYMLINK ||
++ sb_nr == SB_NR_SYMLINKAT))
+ {
+ /* These funcs sometimes operate on symlinks */
+ if (!((sb_nr == SB_NR_FCHOWNAT ||
+diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
+new file mode 100755
+index 000000000000..d0fbe8ae4574
+--- /dev/null
++++ b/tests/renameat-2.sh
+@@ -0,0 +1,12 @@
++#!/bin/sh
++# make sure we can clobber symlinks #612202
++
++addwrite $PWD
++
++ln -s /asdf sym || exit 1
++touch file
++renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1
++[ ! -e file ]
++[ ! -L sym ]
++[ -e sym ]
++test ! -s "${SANDBOX_LOG}"
+diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
+new file mode 100755
+index 000000000000..9ae5c9a6511a
+--- /dev/null
++++ b/tests/renameat-3.sh
+@@ -0,0 +1,11 @@
++#!/bin/sh
++# make sure we reject bad renames #612202
++
++addwrite $PWD
++mkdir deny
++adddeny $PWD/deny
++
++touch file
++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1
++[ -e file ]
++test -s "${SANDBOX_LOG}"
+diff --git a/tests/renameat.at b/tests/renameat.at
+index 081d7d20277e..eec4638deeaa 100644
+--- a/tests/renameat.at
++++ b/tests/renameat.at
+@@ -1 +1,3 @@
+ SB_CHECK(1)
++SB_CHECK(2)
++SB_CHECK(3)
+diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
+new file mode 100755
+index 000000000000..168362e8806f
+--- /dev/null
++++ b/tests/symlinkat-2.sh
+@@ -0,0 +1,10 @@
++#!/bin/sh
++# make sure we can clobber symlinks #612202
++
++addwrite $PWD
++
++symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1
++[ -L sym ]
++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1
++[ -L sym ]
++test ! -s "${SANDBOX_LOG}"
+diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
+new file mode 100755
+index 000000000000..a01c750dd2b6
+--- /dev/null
++++ b/tests/symlinkat-3.sh
+@@ -0,0 +1,9 @@
++#!/bin/sh
++# make sure we reject bad symlinks #612202
++
++addwrite $PWD
++mkdir deny
++adddeny $PWD/deny
++
++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1
++test -s "${SANDBOX_LOG}"
+diff --git a/tests/symlinkat.at b/tests/symlinkat.at
+index 081d7d20277e..eec4638deeaa 100644
+--- a/tests/symlinkat.at
++++ b/tests/symlinkat.at
+@@ -1 +1,3 @@
+ SB_CHECK(1)
++SB_CHECK(2)
++SB_CHECK(3)
+--
+2.12.0
+
diff --git a/sys-apps/sandbox/sandbox-2.10-r4.ebuild b/sys-apps/sandbox/sandbox-2.10-r4.ebuild
new file mode 100644
index 00000000000..0f792910204
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.10-r4.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+ >=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714
+ epatch "${FILESDIR}"/${P}-disable-same.patch
+ epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092
+ epatch "${FILESDIR}"/${PN}-2.11-symlinkat-renameat.patch #612202
+ epatch_user
+}
+
+multilib_src_configure() {
+ filter-lfs-flags #90228
+
+ local myconf=()
+ host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092
+
+ ECONF_SOURCE="${S}" \
+ econf "${myconf[@]}"
+}
+
+multilib_src_test() {
+ # Default sandbox build will run with --jobs set to # cpus.
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
+}
+
+multilib_src_install_all() {
+ doenvd "${FILESDIR}"/09sandbox
+
+ keepdir /var/log/sandbox
+ fowners root:portage /var/log/sandbox
+ fperms 0770 /var/log/sandbox
+
+ cd "${S}"
+ dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+ chown root:portage "${ED}"/var/log/sandbox
+ chmod 0770 "${ED}"/var/log/sandbox
+
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+ if [[ -n ${old} ]] ; then
+ elog "Removing old sandbox libraries for you:"
+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+ fi
+ fi
+}
+
+pkg_postinst() {
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376
+ fi
+}
diff --git a/sys-apps/sandbox/sandbox-2.11-r5.ebuild b/sys-apps/sandbox/sandbox-2.11-r5.ebuild
new file mode 100644
index 00000000000..48dd1a7ad99
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.11-r5.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+EAPI="5"
+
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+ >=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-execvpe.patch #578516
+ epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
+ epatch "${FILESDIR}"/${P}-exec-prelink.patch #599894
+ epatch "${FILESDIR}"/${PN}-2.10-fix-opendir.patch #553092
+ epatch "${FILESDIR}"/${P}-symlinkat-renameat.patch #612202
+ epatch_user
+}
+
+multilib_src_configure() {
+ filter-lfs-flags #90228
+
+ local myconf=()
+ host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092
+
+ ECONF_SOURCE="${S}" \
+ econf "${myconf[@]}"
+}
+
+multilib_src_test() {
+ # Default sandbox build will run with --jobs set to # cpus.
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
+}
+
+multilib_src_install_all() {
+ doenvd "${FILESDIR}"/09sandbox
+
+ keepdir /var/log/sandbox
+ fowners root:portage /var/log/sandbox
+ fperms 0770 /var/log/sandbox
+
+ cd "${S}"
+ dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+ chown root:portage "${ED}"/var/log/sandbox
+ chmod 0770 "${ED}"/var/log/sandbox
+
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+ if [[ -n ${old} ]] ; then
+ elog "Removing old sandbox libraries for you:"
+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+ fi
+ fi
+}
+
+pkg_postinst() {
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
@ 2019-07-12 6:49 Sergei Trofimovich
0 siblings, 0 replies; 6+ messages in thread
From: Sergei Trofimovich @ 2019-07-12 6:49 UTC (permalink / raw
To: gentoo-commits
commit: 44a8ff0d8ea8e992e7956f99f9665f6d7439b84a
Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 12 06:48:30 2019 +0000
Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Jul 12 06:48:46 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44a8ff0d
sys-apps/sandbox: bump up to 2.18, bug #549108
The main change from 2.17 is basic musl support.
Closes: https://bugs.gentoo.org/549108
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Sergei Trofimovich <slyfox <AT> gentoo.org>
sys-apps/sandbox/Manifest | 1 +
sys-apps/sandbox/files/musl.patch | 42 ++++++++++++++++++++
sys-apps/sandbox/sandbox-2.18.ebuild | 74 ++++++++++++++++++++++++++++++++++++
3 files changed, 117 insertions(+)
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 974844caf43..bcb90be6572 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -3,3 +3,4 @@ DIST sandbox-2.13.tar.xz 424968 BLAKE2B efcbf527853e8cfe8b3fec026041f55f51cba780
DIST sandbox-2.14.tar.xz 426992 BLAKE2B a30984f613b773cb5e53b2b0297ada32d11797699418aebf3014e11f3ec2b69a1c4b4e22ce96c28b1df022617cab6787cfe61f84b37ed61e966ac425eae1c7eb SHA512 b84584cffc54678646798bc58d8b60cdc10a0a58c9f1a49276dcac205a06dd7a2e664d2a9c40c78b48eae8ac36e3ac498ba35674f10e6e06c3c2bab777e05ced
DIST sandbox-2.15.tar.xz 426948 BLAKE2B e40bb728192ef3793a9129bc88a63878516b0977a19effd5b02ded644ec6fe1627fab34786b22024957d96725fc5c53f488f7b09119be7b7ca91692dcee985dc SHA512 7249b594864267311ce8e2c04275df49c6d8e8e811dde5780f7f676cb43928728b9abed77beb8f5ee32061efcdb03753cce44d5bf1827bd519d6be8fa54912e6
DIST sandbox-2.17.tar.xz 431700 BLAKE2B 461404f5b98ac83d9e5bc63fc7251cdfbb04a0ccedb340a7a5b8595b68ab34034a56c0a0cfa8478961c9282f6450de89ef5b512b13d427a7f63c17a4141cbcbf SHA512 b5d7a76d894471f6610b41aa05f007d257c69ae5c90f8db455d626e0d1209b9d276678c36e90d2e4214d15074512be182b4f5f905ed2b7e236ff714cbf51958f
+DIST sandbox-2.18.tar.xz 427760 BLAKE2B 26199ff8f919dcecdfdb74d508e0802e2e929a003ff1caddc54c1ea0f7887938c4f69065e585d61f7e96b29be26a34a1cdb62b397309e993511097ecaebe0620 SHA512 1775d4d6f80d414ab94eafae73966c12c4dd80857e21f0849703a3230ddb80501d8e574b14296e554932766cd71aa7b48a802fc388aaab43ba882ee7d005a60d
diff --git a/sys-apps/sandbox/files/musl.patch b/sys-apps/sandbox/files/musl.patch
new file mode 100644
index 00000000000..419d067f2a2
--- /dev/null
+++ b/sys-apps/sandbox/files/musl.patch
@@ -0,0 +1,42 @@
+--- a/libsandbox/trace.c
++++ b/libsandbox/trace.c
+@@ -10,7 +10,16 @@
+ #include "sb_nr.h"
+
+ static long do_peekdata(long offset);
+-static long _do_ptrace(enum __ptrace_request request, const char *srequest, void *addr, void *data);
++/* Note on _do_ptrace argument types:
++ glibc defines ptrace as:
++ long ptrace(enum __ptrace_request request, pid_t pid, void *addr, void *data);
++ musl defines ptrace as:
++ long ptrace(int, ...);
++
++ Let's clobber to 'int' lowest common denominator.
++ */
++typedef int sb_ptrace_req_t;
++static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void *addr, void *data);
+ #define do_ptrace(request, addr, data) _do_ptrace(request, #request, addr, data)
+ #define _trace_possible(data) true
+
+@@ -44,7 +53,7 @@ static void trace_exit(int status)
+ _exit(status);
+ }
+
+-static long _do_ptrace(enum __ptrace_request request, const char *srequest, void *addr, void *data)
++static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void *addr, void *data)
+ {
+ long ret;
+ try_again:
+--- a/scripts/gen_symbol_header.awk
++++ b/scripts/gen_symbol_header.awk
+@@ -117,6 +117,10 @@ END {
+ gsub(/@|\./, "_", sym_real_name);
+ }
+
++ # Avoid libc's symbol rename via #define. musl defines aliases as:
++ # #define mkstemp64 mkstemp
++ # #define mkstemps64 mkstemps
++ printf("#undef %s\n", sym_index);
+ printf("#define symname_%s \"%s\"\n", sym_real_name, sym_index);
+
+ # We handle non-versioned libc's by setting symver_*
diff --git a/sys-apps/sandbox/sandbox-2.18.ebuild b/sys-apps/sandbox/sandbox-2.18.ebuild
new file mode 100644
index 00000000000..179163388c4
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.18.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
+SRC_URI="https://dev.gentoo.org/~slyfox/distfiles/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+ >=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
+}
+
+multilib_src_configure() {
+ filter-lfs-flags #90228
+
+ ECONF_SOURCE="${S}" econf
+}
+
+multilib_src_test() {
+ # Default sandbox build will run with --jobs set to # cpus.
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
+}
+
+multilib_src_install_all() {
+ doenvd "${FILESDIR}"/09sandbox
+
+ keepdir /var/log/sandbox
+ fowners root:portage /var/log/sandbox
+ fperms 0770 /var/log/sandbox
+
+ dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+ chown root:portage "${ED}"/var/log/sandbox
+ chmod 0770 "${ED}"/var/log/sandbox
+
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ # 1.x was removed from ::gentoo in 2016
+ if [[ ${v} == 1.* ]] ; then
+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+ if [[ -n ${old} ]] ; then
+ elog "Removing old sandbox libraries for you:"
+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
+ fi
+ fi
+ done
+}
+
+pkg_postinst() {
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ # 1.x was removed from ::gentoo in 2016
+ if [[ ${v} == 1.* ]] ; then
+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376
+ fi
+ done
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
@ 2021-11-03 16:43 Mike Frysinger
0 siblings, 0 replies; 6+ messages in thread
From: Mike Frysinger @ 2021-11-03 16:43 UTC (permalink / raw
To: gentoo-commits
commit: 36d4dacd971f39bd0ecde7d93216de68c8efe31a
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 3 16:42:47 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Nov 3 16:42:59 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36d4dacd
sys-apps/sandbox: fix build failures in some compiler configurations #821433
Closes: https://bugs.gentoo.org/821433
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
.../sandbox/files/sandbox-3.1-label-decl.patch | 41 ++++++++++++++++++++++
sys-apps/sandbox/sandbox-3.1.ebuild | 4 +++
2 files changed, 45 insertions(+)
diff --git a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
new file mode 100644
index 00000000000..b17f4b866f5
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
@@ -0,0 +1,41 @@
+From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Wed, 3 Nov 2021 12:25:10 -0400
+Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings
+
+Looks like gcc is inconsistent in when it chokes on this code:
+> a label can only be part of a statement and a declaration is not a statement
+
+Hoist the decl up to the top of scope to avoid the issue.
+
+Bug: https://bugs.gentoo.org/821433
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ libsandbox/trace.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libsandbox/trace.c b/libsandbox/trace.c
+index f3390d99822e..d2899b743048 100644
+--- a/libsandbox/trace.c
++++ b/libsandbox/trace.c
+@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[])
+
+ bool trace_possible(const char *filename, char *const argv[], const void *data)
+ {
++ char *args;
++
+ /* If YAMA ptrace_scope is very high, then we can't trace at all. #771360 */
+ int yama = trace_yama_level();
+ if (yama >= 2) {
+@@ -721,7 +723,7 @@ bool trace_possible(const char *filename, char *const argv[], const void *data)
+ }
+
+ fail:
+- char *args = flatten_args(argv);
++ args = flatten_args(argv);
+ sb_eqawarn("Unable to trace static ELF: %s: %s\n", filename, args);
+ free(args);
+ return false;
+--
+2.33.0
+
diff --git a/sys-apps/sandbox/sandbox-3.1.ebuild b/sys-apps/sandbox/sandbox-3.1.ebuild
index 83e90898881..1c11a7faf15 100644
--- a/sys-apps/sandbox/sandbox-3.1.ebuild
+++ b/sys-apps/sandbox/sandbox-3.1.ebuild
@@ -18,6 +18,10 @@ DEPEND="app-arch/xz-utils
>=app-misc/pax-utils-0.1.19" #265376
RDEPEND=""
+PATCHES=(
+ "${FILESDIR}"/${P}-label-decl.patch #821433
+)
+
has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice"
sandbox_death_notice() {
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-11-03 16:43 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-03 16:43 [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/ Mike Frysinger
-- strict thread matches above, loose matches on Subject: below --
2019-07-12 6:49 Sergei Trofimovich
2017-03-10 18:51 Mike Frysinger
2016-03-30 5:21 Mike Frysinger
2016-01-17 20:12 Mike Frysinger
2015-12-19 18:15 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox