[gentoo-commits] proj/musl:master commit in: sys-apps/sandbox/files/, sys-apps/sandbox/

Sat, 28 Oct 2017 20:17:02 -0700 

commit:     f347f9d1b05fe115584e07ca93470afc19ab6690
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 29 03:15:54 2017 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Oct 29 03:15:54 2017 +0000
URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=f347f9d1

sys-apps/sandbox - add missing sandbox-2.11-symlinkat-renameat.patch
patch

 sys-apps/sandbox/Manifest                          |   1 +
 .../files/sandbox-2.11-symlinkat-renameat.patch    | 124 +++++++++++++++++++++
 2 files changed, 125 insertions(+)

diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 5fc228f..1a3dacc 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -4,6 +4,7 @@ AUX sandbox-2.10-fix-opendir.patch 3311 SHA256 
33e31a0331d75985e6fb254001d657988
 AUX sandbox-2.10-fix-visibility-musl.patch 573 SHA256 
67f70fa39867eeeee45b343db78c73fdb6e63b8a1b52d3dc288894402239dd12 SHA512 
a740e0b1a68c0609dc3080e88ab8ab87885fe05f5e0864d10ed76e8e7000f7879cb206342c38d4097c691a7c85d1936e98802b206084eb2af9f78bd43158d759
 WHIRLPOOL 
0c226daa4b6d36c2df001d3d67b9e4023944c5b010d1bc311d731c121dd94b533546479a7b1b77bcb8be608ecf70508fb7dd65b22bafdb2d13a2860c9c0659da
 AUX sandbox-2.10-memory-corruption.patch 1515 SHA256 
4876cc9962d56d3c5fc5418fe12ef1a399e34ff0272f12640c4a5c5b775e8888 SHA512 
1eb650824cc7a876fabef382cafb451a507326a8422fb7bb5014699046b64ea8f4cf2bba9efcb75d7a2eac4eff493d06153422f85c119f49635ac0840071660c
 WHIRLPOOL 
db2c834119c7887ed746154e73e88cc09bf2a31184b3cda2732b70cb43dd8bc7f59f1072a4cc56ebcf593ba67330b9888832dc186ee55e009428d607f62293ab
 AUX sandbox-2.11-musl.patch 1851 SHA256 
1f2586e81a06daf7b69642d9c5fbf53563832a4ccd769ec696d9c2baabd2874c SHA512 
2800191fbf312d9b8858ef29975355ae51a4aff05ccc7c425f5168fe2db24562e4cf164e8ee35ecc77e0777be9d37cc52d66fdd4bf3eaeb0fc4c68c240a0cb61
 WHIRLPOOL 
9c2abfcd5f68391c4890beeaf99020a9160635c888de7b45238174e7ac51ffac393150698feb0061fd3104e71a6825f9be98e5495a415ede8d2493a77f3e35e8
+AUX sandbox-2.11-symlinkat-renameat.patch 3418 SHA256 
74036803fd8cc07e903abdc2202167cff5e03a82d0db64ad8969b642201a993e SHA512 
cbefae8aa9c289db0bfe7b2429f64aa4c437be0e269eaa657eb3b22a3086db1fca45a624cb181978b4157f0cb9b475b4ece2eb9337285bf8bede709ad4431c52
 WHIRLPOOL 
d8943c3f4cda8428c7ab1a75decd67c5e743e5ca998d7e0ae8ba8828923b1c9dc4429c293af4dc9655d3a45e189020fd754f8152471f1626b113a50f69886c9b
 AUX sandbox-2.6-musl.patch 1821 SHA256 
df08faebffbfade91a2620ff8b56c2087e4a34506fbff3dcf9bc35c2d5bd467c SHA512 
69d11e80c97a844c0d84404e802950c876edda8eb7909c90f6f5d4b3fe8a33b5bc884ecc3741c10c8bd7e0871db2db1853cfac969a153d162423b3f3c94039c9
 WHIRLPOOL 
7120eaf3062cb18c3b13a61fe2b6f839a5f267650d9aa809fafc6d25e8faaadd7af3d5fb41cce66ecf71668555847d264ea977442f03f4dfe7b88b98cf86f78e
 DIST sandbox-2.10.tar.xz 417068 SHA256 
019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 
178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305
 WHIRLPOOL 
5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192
 DIST sandbox-2.12.tar.xz 424252 SHA256 
265a490a8c528237c55ad26dfd7f62336fa5727c82358fc9cfbaa2e52c47fc50 SHA512 
98bd2ee8807d81e65ee0c9f11cfaf2b37da2ee4d8763c68d18c0ff6b14f3cc847ae2d3a0aa30cbe86063a2108ed4d4dcf7cc3fc4f37cb7549d266d4c1989c2a9
 WHIRLPOOL 
4f3089746a11616c60057165f387122b74e8d2f30a2d77db296405a2b6f401fc625645bca73092436162f5d98a88bfb2a3b42909b0eceb9a59ab810d803441b0

diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch 
b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
new file mode 100644
index 0000000..e33011f
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
@@ -0,0 +1,124 @@
+From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <[email protected]>
+Date: Fri, 10 Mar 2017 10:15:50 -0800
+Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
+
+These funcs don't deref their path args, so flag them as such.
+
+URL: https://bugs.gentoo.org/612202
+Signed-off-by: Mike Frysinger <[email protected]>
+---
+ libsandbox/libsandbox.c |  4 +++-
+ tests/renameat-2.sh     | 12 ++++++++++++
+ tests/renameat-3.sh     | 11 +++++++++++
+ tests/renameat.at       |  2 ++
+ tests/symlinkat-2.sh    | 10 ++++++++++
+ tests/symlinkat-3.sh    |  9 +++++++++
+ tests/symlinkat.at      |  2 ++
+ 7 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100755 tests/renameat-2.sh
+ create mode 100755 tests/renameat-3.sh
+ create mode 100755 tests/symlinkat-2.sh
+ create mode 100755 tests/symlinkat-3.sh
+
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
+index e809308d717d..de48bd79ba53 100644
+--- a/libsandbox/libsandbox.c
++++ b/libsandbox/libsandbox.c
+@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char 
*abs_path)
+             sb_nr == SB_NR_LCHOWN   ||
+             sb_nr == SB_NR_REMOVE   ||
+             sb_nr == SB_NR_RENAME   ||
++            sb_nr == SB_NR_RENAMEAT ||
+             sb_nr == SB_NR_RMDIR    ||
+-            sb_nr == SB_NR_SYMLINK))
++            sb_nr == SB_NR_SYMLINK  ||
++            sb_nr == SB_NR_SYMLINKAT))
+       {
+               /* These funcs sometimes operate on symlinks */
+               if (!((sb_nr == SB_NR_FCHOWNAT ||
+diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
+new file mode 100755
+index 000000000000..d0fbe8ae4574
+--- /dev/null
++++ b/tests/renameat-2.sh
+@@ -0,0 +1,12 @@
++#!/bin/sh
++# make sure we can clobber symlinks #612202
++
++addwrite $PWD
++
++ln -s /asdf sym || exit 1
++touch file
++renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1
++[ ! -e file ]
++[ ! -L sym ]
++[ -e sym ]
++test ! -s "${SANDBOX_LOG}"
+diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
+new file mode 100755
+index 000000000000..9ae5c9a6511a
+--- /dev/null
++++ b/tests/renameat-3.sh
+@@ -0,0 +1,11 @@
++#!/bin/sh
++# make sure we reject bad renames #612202
++
++addwrite $PWD
++mkdir deny
++adddeny $PWD/deny
++
++touch file
++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1
++[ -e file ]
++test -s "${SANDBOX_LOG}"
+diff --git a/tests/renameat.at b/tests/renameat.at
+index 081d7d20277e..eec4638deeaa 100644
+--- a/tests/renameat.at
++++ b/tests/renameat.at
+@@ -1 +1,3 @@
+ SB_CHECK(1)
++SB_CHECK(2)
++SB_CHECK(3)
+diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
+new file mode 100755
+index 000000000000..168362e8806f
+--- /dev/null
++++ b/tests/symlinkat-2.sh
+@@ -0,0 +1,10 @@
++#!/bin/sh
++# make sure we can clobber symlinks #612202
++
++addwrite $PWD
++
++symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1
++[ -L sym ]
++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1
++[ -L sym ]
++test ! -s "${SANDBOX_LOG}"
+diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
+new file mode 100755
+index 000000000000..a01c750dd2b6
+--- /dev/null
++++ b/tests/symlinkat-3.sh
+@@ -0,0 +1,9 @@
++#!/bin/sh
++# make sure we reject bad symlinks #612202
++
++addwrite $PWD
++mkdir deny
++adddeny $PWD/deny
++
++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1
++test -s "${SANDBOX_LOG}"
+diff --git a/tests/symlinkat.at b/tests/symlinkat.at
+index 081d7d20277e..eec4638deeaa 100644
+--- a/tests/symlinkat.at
++++ b/tests/symlinkat.at
+@@ -1 +1,3 @@
+ SB_CHECK(1)
++SB_CHECK(2)
++SB_CHECK(3)
+-- 
+2.12.0
+

Reply via email to