[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

Tue, 29 Mar 2016 22:22:14 -0700 

commit:     0970c507b3eda2d1909614026385bf8767766322
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 30 05:20:46 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Mar 30 05:21:34 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0970c507

sys-apps/sandbox: fix execvpe handling #578516

 sys-apps/sandbox/files/sandbox-2.11-execvpe.patch  | 30 ++++++++++++++++++++++
 ...ndbox-2.11-r1.ebuild => sandbox-2.11-r2.ebuild} |  1 +
 2 files changed, 31 insertions(+)

diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch 
b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
new file mode 100644
index 0000000..7e8130b
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
@@ -0,0 +1,30 @@
+From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@gentoo.org>
+Date: Wed, 30 Mar 2016 01:17:21 -0400
+Subject: [PATCH] libsandbox: whitelist execvpe
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+URL: https://bugs.gentoo.org/578516
+Reported-by: Toralf Förster <toralf.foers...@gmx.de>
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+---
+ libsandbox/libsandbox.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
+index cbe1aa1..e809308 100644
+--- a/libsandbox/libsandbox.c
++++ b/libsandbox/libsandbox.c
+@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, 
const char *func,
+            sb_nr == SB_NR_EXECV     ||
+            sb_nr == SB_NR_EXECVP    ||
+            sb_nr == SB_NR_EXECVE    ||
++           sb_nr == SB_NR_EXECVPE   ||
+            sb_nr == SB_NR_FEXECVE))
+       {
+               retval = check_prefixes(sbcontext->read_prefixes,
+-- 
+2.7.4
+

diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild 
b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
similarity index 97%
rename from sys-apps/sandbox/sandbox-2.11-r1.ebuild
rename to sys-apps/sandbox/sandbox-2.11-r2.ebuild
index 8001316..4f9884f 100644
--- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild
+++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
@@ -32,6 +32,7 @@ sandbox_death_notice() {
 }
 
 src_prepare() {
+       epatch "${FILESDIR}"/${P}-execvpe.patch #578516
        epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
        epatch_user
 }

Reply via email to