[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/, profiles/
commit: 530aaa039c7d23c9f5e0eae7ebafd4b7814d9310 Author: Michał Górny gentoo org> AuthorDate: Sat Apr 2 22:00:45 2022 + Commit: Michał Górny gentoo org> CommitDate: Sat Apr 2 22:04:46 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530aaa03 sys-apps/sandbox: Remove permanently broken sandbox 3.0+ The unreviewed changes in sandbox 3.0 has broken a number of packages, and the versions have been masked since November 2021. It seems that the author is not interested in fixing them, so remove them. Signed-off-by: Michał Górny gentoo.org> profiles/package.mask | 8 --- sys-apps/sandbox/Manifest | 2 - .../sandbox/files/sandbox-3.1-label-decl.patch | 41 -- sys-apps/sandbox/sandbox-3.0.ebuild| 62 sys-apps/sandbox/sandbox-3.1.ebuild| 66 -- 5 files changed, 179 deletions(-) diff --git a/profiles/package.mask b/profiles/package.mask index 1f333a383968..556faa3898f7 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -410,14 +410,6 @@ dev-tex/pdfannotextractor dev-lang/vala:0.54 dev-lang/vala:0.56 -# Sam James (2021-11-03) -# Known issues with YAMA (kernel.yama.ptrace_scope=1) which is on by default -# in at least the sys-kernel/gento-kernel kernel config. -# Work is in progress to fix these but latest sandbox versions still seem -# to cause hangs in some situations. Mask for now to avoid duplicate reports. -# bug #821532, bug #821523 (and bug #821403 but shouldn't be in 3.1+). ->=sys-apps/sandbox-3.0 - # Ionen Wolkens (2021-10-09) # Vulkan beta driver branch aimed at Vulkan developers for testing # new features. Beside vulkan, it is typically behind the main branch diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest index b3f61f637d3e..50fedc869e8e 100644 --- a/sys-apps/sandbox/Manifest +++ b/sys-apps/sandbox/Manifest @@ -4,5 +4,3 @@ DIST sandbox-2.26.tar.xz 12 BLAKE2B 3bc88d86ba4e2522895c4448dff6da2cffceb912 DIST sandbox-2.27.tar.xz 448948 BLAKE2B 03a311c8c7c8719bac398e39ce49e7149bdaa1d5b2811f395eb2251a32aabba995f97c3d5d27461aadb64bf43adf2b0cbaa7c2f141dd86f64f8dd326422ac104 SHA512 2a53e6fc87cec975962737b1fadc447d86985d27b18ad2caed76da2ba435f54db0f7dadb02664b2638b9dc77752831cd4820390f5c3e61a42429e13462a7 DIST sandbox-2.28.tar.xz 450840 BLAKE2B 1a144db1dcd140ce393f47b224c4389693bd3db6d056749968a9e78730b1075192148aa63fdfd5ab93893dfb96a87bcc36bee8b4540abefca0590a8def8365f2 SHA512 eaac54fbc35f51da3c94bfa10e0556f0fd39c20660fea2aa7d3cbf76dd3e4c9fb4a16cc198425988b79313f9331af030e1dca431c3f057ee4a04927c96897895 DIST sandbox-2.29.tar.xz 452784 BLAKE2B 388f5d9c49134696bafbc6b882581396a9fa2e7caa6ccfb4376706d653f836ce18e0d77527c4c4f2ff753c0b920ab5ab60e151dd8a4e399e13dbc3fe7c0533d6 SHA512 15c0e6b71e8b8547b8188f857568c99b1925d5a837a289b21c4f842341361bf7119b96083697dc83546caf530daab700fb8c2704974e7cfb804d64bb5257a4b4 -DIST sandbox-3.0.tar.xz 454384 BLAKE2B b4f38b7c5ed2dc52e558f1b7e36d2308e6017c9d14861c60eace0f240a909f11184e259b2359ea96cad81d21234cc9a6bcd9f313ce56bd2f3bb1ce836f006a50 SHA512 3a35ee0b19a356b1986468ef5d2ecd553b88cbdaf287ce31a211b4072097a9844fca413ffa0f2858b9a4e75ead822fe9d9834f17c241ba32c2f14e02619a70b3 -DIST sandbox-3.1.tar.xz 454404 BLAKE2B f8cc2960f1c7b3367d375952f0a7ca978c1a2cc27b63137046152d1080a1a7b6b99d356af0776d3b57a5c260b2d89f0b7bfb127967407b537642be04e92b8603 SHA512 e57c0fc1ddb5a63012abd02080770d49deaa1d0168508a794df2eaa25b2b7a4fa6c505e8b93572a3745912819202c264cdf980f10dc7101c487a9b03e7f65815 diff --git a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch deleted file mode 100644 index b17f4b866f5a.. --- a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Wed, 3 Nov 2021 12:25:10 -0400 -Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings - -Looks like gcc is inconsistent in when it chokes on this code: -> a label can only be part of a statement and a declaration is not a statement - -Hoist the decl up to the top of scope to avoid the issue. - -Bug: https://bugs.gentoo.org/821433 -Signed-off-by: Mike Frysinger - libsandbox/trace.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/libsandbox/trace.c b/libsandbox/trace.c -index f3390d99822e..d2899b743048 100644 a/libsandbox/trace.c -+++ b/libsandbox/trace.c -@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[]) - - bool trace_possible(const char *filename, char *const argv[], const void *data) - { -+ char *args; -+ - /* If YAMA ptrace_scope is very high, then we can't trace at all. #771360 */ - int yama = trace_yama_level(); - if (yama >= 2) { -@@ -721,7 +723,7 @@ bool trace_possible(const char
[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
commit: 36d4dacd971f39bd0ecde7d93216de68c8efe31a Author: Mike Frysinger gentoo org> AuthorDate: Wed Nov 3 16:42:47 2021 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Nov 3 16:42:59 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36d4dacd sys-apps/sandbox: fix build failures in some compiler configurations #821433 Closes: https://bugs.gentoo.org/821433 Signed-off-by: Mike Frysinger gentoo.org> .../sandbox/files/sandbox-3.1-label-decl.patch | 41 ++ sys-apps/sandbox/sandbox-3.1.ebuild| 4 +++ 2 files changed, 45 insertions(+) diff --git a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch new file mode 100644 index 000..b17f4b866f5 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch @@ -0,0 +1,41 @@ +From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Wed, 3 Nov 2021 12:25:10 -0400 +Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings + +Looks like gcc is inconsistent in when it chokes on this code: +> a label can only be part of a statement and a declaration is not a statement + +Hoist the decl up to the top of scope to avoid the issue. + +Bug: https://bugs.gentoo.org/821433 +Signed-off-by: Mike Frysinger +--- + libsandbox/trace.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libsandbox/trace.c b/libsandbox/trace.c +index f3390d99822e..d2899b743048 100644 +--- a/libsandbox/trace.c b/libsandbox/trace.c +@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[]) + + bool trace_possible(const char *filename, char *const argv[], const void *data) + { ++ char *args; ++ + /* If YAMA ptrace_scope is very high, then we can't trace at all. #771360 */ + int yama = trace_yama_level(); + if (yama >= 2) { +@@ -721,7 +723,7 @@ bool trace_possible(const char *filename, char *const argv[], const void *data) + } + + fail: +- char *args = flatten_args(argv); ++ args = flatten_args(argv); + sb_eqawarn("Unable to trace static ELF: %s: %s\n", filename, args); + free(args); + return false; +-- +2.33.0 + diff --git a/sys-apps/sandbox/sandbox-3.1.ebuild b/sys-apps/sandbox/sandbox-3.1.ebuild index 83e90898881..1c11a7faf15 100644 --- a/sys-apps/sandbox/sandbox-3.1.ebuild +++ b/sys-apps/sandbox/sandbox-3.1.ebuild @@ -18,6 +18,10 @@ DEPEND="app-arch/xz-utils >=app-misc/pax-utils-0.1.19" #265376 RDEPEND="" +PATCHES=( + "${FILESDIR}"/${P}-label-decl.patch #821433 +) + has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" sandbox_death_notice() {
[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
commit: 44a8ff0d8ea8e992e7956f99f9665f6d7439b84a Author: Sergei Trofimovich gentoo org> AuthorDate: Fri Jul 12 06:48:30 2019 + Commit: Sergei Trofimovich gentoo org> CommitDate: Fri Jul 12 06:48:46 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44a8ff0d sys-apps/sandbox: bump up to 2.18, bug #549108 The main change from 2.17 is basic musl support. Closes: https://bugs.gentoo.org/549108 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Sergei Trofimovich gentoo.org> sys-apps/sandbox/Manifest| 1 + sys-apps/sandbox/files/musl.patch| 42 sys-apps/sandbox/sandbox-2.18.ebuild | 74 3 files changed, 117 insertions(+) diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest index 974844caf43..bcb90be6572 100644 --- a/sys-apps/sandbox/Manifest +++ b/sys-apps/sandbox/Manifest @@ -3,3 +3,4 @@ DIST sandbox-2.13.tar.xz 424968 BLAKE2B efcbf527853e8cfe8b3fec026041f55f51cba780 DIST sandbox-2.14.tar.xz 426992 BLAKE2B a30984f613b773cb5e53b2b0297ada32d11797699418aebf3014e11f3ec2b69a1c4b4e22ce96c28b1df022617cab6787cfe61f84b37ed61e966ac425eae1c7eb SHA512 b84584cffc54678646798bc58d8b60cdc10a0a58c9f1a49276dcac205a06dd7a2e664d2a9c40c78b48eae8ac36e3ac498ba35674f10e6e06c3c2bab777e05ced DIST sandbox-2.15.tar.xz 426948 BLAKE2B e40bb728192ef3793a9129bc88a63878516b0977a19effd5b02ded644ec6fe1627fab34786b22024957d96725fc5c53f488f7b09119be7b7ca91692dcee985dc SHA512 7249b594864267311ce8e2c04275df49c6d8e8e811dde5780f7f676cb43928728b9abed77beb8f5ee32061efcdb03753cce44d5bf1827bd519d6be8fa54912e6 DIST sandbox-2.17.tar.xz 431700 BLAKE2B 461404f5b98ac83d9e5bc63fc7251cdfbb04a0ccedb340a7a5b8595b68ab34034a56c0a0cfa8478961c9282f6450de89ef5b512b13d427a7f63c17a4141cbcbf SHA512 b5d7a76d894471f6610b41aa05f007d257c69ae5c90f8db455d626e0d1209b9d276678c36e90d2e4214d15074512be182b4f5f905ed2b7e236ff714cbf51958f +DIST sandbox-2.18.tar.xz 427760 BLAKE2B 26199ff8f919dcecdfdb74d508e0802e2e929a003ff1caddc54c1ea0f7887938c4f69065e585d61f7e96b29be26a34a1cdb62b397309e993511097ecaebe0620 SHA512 1775d4d6f80d414ab94eafae73966c12c4dd80857e21f0849703a3230ddb80501d8e574b14296e554932766cd71aa7b48a802fc388aaab43ba882ee7d005a60d diff --git a/sys-apps/sandbox/files/musl.patch b/sys-apps/sandbox/files/musl.patch new file mode 100644 index 000..419d067f2a2 --- /dev/null +++ b/sys-apps/sandbox/files/musl.patch @@ -0,0 +1,42 @@ +--- a/libsandbox/trace.c b/libsandbox/trace.c +@@ -10,7 +10,16 @@ + #include "sb_nr.h" + + static long do_peekdata(long offset); +-static long _do_ptrace(enum __ptrace_request request, const char *srequest, void *addr, void *data); ++/* Note on _do_ptrace argument types: ++ glibc defines ptrace as: ++ long ptrace(enum __ptrace_request request, pid_t pid, void *addr, void *data); ++ musl defines ptrace as: ++ long ptrace(int, ...); ++ ++ Let's clobber to 'int' lowest common denominator. ++ */ ++typedef int sb_ptrace_req_t; ++static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void *addr, void *data); + #define do_ptrace(request, addr, data) _do_ptrace(request, #request, addr, data) + #define _trace_possible(data) true + +@@ -44,7 +53,7 @@ static void trace_exit(int status) + _exit(status); + } + +-static long _do_ptrace(enum __ptrace_request request, const char *srequest, void *addr, void *data) ++static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void *addr, void *data) + { + long ret; + try_again: +--- a/scripts/gen_symbol_header.awk b/scripts/gen_symbol_header.awk +@@ -117,6 +117,10 @@ END { + gsub(/@|\./, "_", sym_real_name); + } + ++ # Avoid libc's symbol rename via #define. musl defines aliases as: ++ # #define mkstemp64 mkstemp ++ # #define mkstemps64 mkstemps ++ printf("#undef %s\n", sym_index); + printf("#define symname_%s \"%s\"\n", sym_real_name, sym_index); + + # We handle non-versioned libc's by setting symver_* diff --git a/sys-apps/sandbox/sandbox-2.18.ebuild b/sys-apps/sandbox/sandbox-2.18.ebuild new file mode 100644 index 000..179163388c4 --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.18.ebuild @@ -0,0 +1,74 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/; +SRC_URI="https://dev.gentoo.org/~slyfox/distfiles/${P}.tar.xz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86" +IUSE="" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has
[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
commit: 94f5df1e61d1b6159a32f020e1780427fba6d98c Author: Mike Frysinger gentoo org> AuthorDate: Fri Mar 10 18:49:39 2017 + Commit: Mike Frysinger gentoo org> CommitDate: Fri Mar 10 18:50:54 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94f5df1e sys-apps/sandbox: fix handling of symlinks w/symlinkat/renameat #612202 .../files/sandbox-2.11-symlinkat-renameat.patch| 124 + sys-apps/sandbox/sandbox-2.10-r4.ebuild| 85 ++ sys-apps/sandbox/sandbox-2.11-r5.ebuild| 86 ++ 3 files changed, 295 insertions(+) diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch new file mode 100644 index 000..e33011f7495 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch @@ -0,0 +1,124 @@ +From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001 +From: Mike Frysinger+Date: Fri, 10 Mar 2017 10:15:50 -0800 +Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs + +These funcs don't deref their path args, so flag them as such. + +URL: https://bugs.gentoo.org/612202 +Signed-off-by: Mike Frysinger +--- + libsandbox/libsandbox.c | 4 +++- + tests/renameat-2.sh | 12 + tests/renameat-3.sh | 11 +++ + tests/renameat.at | 2 ++ + tests/symlinkat-2.sh| 10 ++ + tests/symlinkat-3.sh| 9 + + tests/symlinkat.at | 2 ++ + 7 files changed, 49 insertions(+), 1 deletion(-) + create mode 100755 tests/renameat-2.sh + create mode 100755 tests/renameat-3.sh + create mode 100755 tests/symlinkat-2.sh + create mode 100755 tests/symlinkat-3.sh + +diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +index e809308d717d..de48bd79ba53 100644 +--- a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) + sb_nr == SB_NR_LCHOWN || + sb_nr == SB_NR_REMOVE || + sb_nr == SB_NR_RENAME || ++sb_nr == SB_NR_RENAMEAT || + sb_nr == SB_NR_RMDIR|| +-sb_nr == SB_NR_SYMLINK)) ++sb_nr == SB_NR_SYMLINK || ++sb_nr == SB_NR_SYMLINKAT)) + { + /* These funcs sometimes operate on symlinks */ + if (!((sb_nr == SB_NR_FCHOWNAT || +diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh +new file mode 100755 +index ..d0fbe8ae4574 +--- /dev/null b/tests/renameat-2.sh +@@ -0,0 +1,12 @@ ++#!/bin/sh ++# make sure we can clobber symlinks #612202 ++ ++addwrite $PWD ++ ++ln -s /asdf sym || exit 1 ++touch file ++renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1 ++[ ! -e file ] ++[ ! -L sym ] ++[ -e sym ] ++test ! -s "${SANDBOX_LOG}" +diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh +new file mode 100755 +index ..9ae5c9a6511a +--- /dev/null b/tests/renameat-3.sh +@@ -0,0 +1,11 @@ ++#!/bin/sh ++# make sure we reject bad renames #612202 ++ ++addwrite $PWD ++mkdir deny ++adddeny $PWD/deny ++ ++touch file ++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1 ++[ -e file ] ++test -s "${SANDBOX_LOG}" +diff --git a/tests/renameat.at b/tests/renameat.at +index 081d7d20277e..eec4638deeaa 100644 +--- a/tests/renameat.at b/tests/renameat.at +@@ -1 +1,3 @@ + SB_CHECK(1) ++SB_CHECK(2) ++SB_CHECK(3) +diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh +new file mode 100755 +index ..168362e8806f +--- /dev/null b/tests/symlinkat-2.sh +@@ -0,0 +1,10 @@ ++#!/bin/sh ++# make sure we can clobber symlinks #612202 ++ ++addwrite $PWD ++ ++symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1 ++[ -L sym ] ++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1 ++[ -L sym ] ++test ! -s "${SANDBOX_LOG}" +diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh +new file mode 100755 +index ..a01c750dd2b6 +--- /dev/null b/tests/symlinkat-3.sh +@@ -0,0 +1,9 @@ ++#!/bin/sh ++# make sure we reject bad symlinks #612202 ++ ++addwrite $PWD ++mkdir deny ++adddeny $PWD/deny ++ ++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1 ++test -s "${SANDBOX_LOG}" +diff --git a/tests/symlinkat.at b/tests/symlinkat.at +index 081d7d20277e..eec4638deeaa 100644 +--- a/tests/symlinkat.at b/tests/symlinkat.at +@@ -1 +1,3 @@ + SB_CHECK(1) ++SB_CHECK(2) ++SB_CHECK(3) +-- +2.12.0 + diff --git a/sys-apps/sandbox/sandbox-2.10-r4.ebuild b/sys-apps/sandbox/sandbox-2.10-r4.ebuild new file mode 100644 index 000..0f792910204 --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.10-r4.ebuild @@ -0,0 +1,85 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +EAPI="5" + +inherit eutils flag-o-matic
[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
commit: 0970c507b3eda2d1909614026385bf8767766322 Author: Mike Frysinger gentoo org> AuthorDate: Wed Mar 30 05:20:46 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Mar 30 05:21:34 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0970c507 sys-apps/sandbox: fix execvpe handling #578516 sys-apps/sandbox/files/sandbox-2.11-execvpe.patch | 30 ++ ...ndbox-2.11-r1.ebuild => sandbox-2.11-r2.ebuild} | 1 + 2 files changed, 31 insertions(+) diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch new file mode 100644 index 000..7e8130b --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch @@ -0,0 +1,30 @@ +From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger+Date: Wed, 30 Mar 2016 01:17:21 -0400 +Subject: [PATCH] libsandbox: whitelist execvpe +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +URL: https://bugs.gentoo.org/578516 +Reported-by: Toralf Förster +Signed-off-by: Mike Frysinger +--- + libsandbox/libsandbox.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +index cbe1aa1..e809308 100644 +--- a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, +sb_nr == SB_NR_EXECV || +sb_nr == SB_NR_EXECVP|| +sb_nr == SB_NR_EXECVE|| ++ sb_nr == SB_NR_EXECVPE || +sb_nr == SB_NR_FEXECVE)) + { + retval = check_prefixes(sbcontext->read_prefixes, +-- +2.7.4 + diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild b/sys-apps/sandbox/sandbox-2.11-r2.ebuild similarity index 97% rename from sys-apps/sandbox/sandbox-2.11-r1.ebuild rename to sys-apps/sandbox/sandbox-2.11-r2.ebuild index 8001316..4f9884f 100644 --- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild +++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild @@ -32,6 +32,7 @@ sandbox_death_notice() { } src_prepare() { + epatch "${FILESDIR}"/${P}-execvpe.patch #578516 epatch "${FILESDIR}"/${P}-exec-hash.patch #578524 epatch_user }
[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
commit: 4994c7667bd2d9e54fa79f705a51a9fbd1af5522 Author: Mike Frysinger gentoo org> AuthorDate: Sun Jan 17 20:09:22 2016 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Jan 17 20:12:12 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4994c766 sys-apps/sandbox: drop versions <2.6 sys-apps/sandbox/Manifest | 4 - .../files/sandbox-1.6-disable-pthread.patch| 37 --- .../files/sandbox-1.6-disable-qa-static.patch | 13 --- sys-apps/sandbox/sandbox-1.6-r2.ebuild | 104 -- sys-apps/sandbox/sandbox-2.3-r1.ebuild | 103 -- sys-apps/sandbox/sandbox-2.4.ebuild| 100 -- sys-apps/sandbox/sandbox-2.5.ebuild| 117 - 7 files changed, 478 deletions(-) diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest index 38fb2ea..fa19c3f 100644 --- a/sys-apps/sandbox/Manifest +++ b/sys-apps/sandbox/Manifest @@ -1,8 +1,4 @@ -DIST sandbox-1.6.tar.lzma 307014 SHA256 52cfd286da3d5d51f3b6e012e409e931b21e32b4f2f16ba5677e46328680f4f4 SHA512 f470599a67443fa107612fef1cc73b64b3146003ae21bb5ae5abd852c4c37aec93ac09be646fda9d55d4c3aeef0cf28a42fa675f2acbb53c1d903e400538ba4c WHIRLPOOL 7c7fbe57cc831d0eb7853476e264a85bb8113620948e761563a872d3d55fd3c0ff063332397199001ea9dcb8258f348b827f337b876b2a26f727f10abbc8f712 DIST sandbox-2.10.tar.xz 417068 SHA256 019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 WHIRLPOOL 5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192 -DIST sandbox-2.3.tar.xz 344260 SHA256 8670f7508453c2fd300ca29ad2eb457691c3df01c4c22fa27d4a7c880fd291d5 SHA512 06ddaa6dc0822474c263650e95284af6cb69c60c9443b5caaf95af8140283f937d5594849064847fe3a4ad89b29b6ef6d6e909a9b85bb5d7fcf8b427d0e9c7e4 WHIRLPOOL 5d3f45a0bbb1aeffb8c83f8978bea65764aa438a5abcb50c66b5f66232d972bde84013694f6806fcc0026cd6d37420c69655d66ec5984a1c6f71a68dcfc95d11 -DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d16f5dc6e26b042d580fd3e SHA512 c0f8b789bcabd48e03a20a97c9daa82c48f264d7641ecfa51dff7a2d2c34be398cf1db6235eb0211bf0fa78b07bd6e633e06bc102904bf9dd8a95f9fde1ca615 WHIRLPOOL 22f0f55f6e638275781ab5afa29b1a7f5e7f3335a3d2ff37d9fcce0bf9284b271bf1d69b98bcd4b06fdb9ff1528d044f9fb111a58c2a1a5ce33cbe28c0cb869d -DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53 DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03 DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554 DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74 diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch deleted file mode 100644 index 490bc41..000 --- a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch +++ /dev/null @@ -1,37 +0,0 @@ -http://bugs.gentoo.org/263657 - -disable pthread locks ... this is how stable has always worked, so there -wont be any regressions ... - -diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c -index 034d0e7..595d17f 100644 a/libsandbox/libsandbox.c -+++ b/libsandbox/libsandbox.c -@@ -814,9 +814,6 @@ - return result; - } - --/* Need to protect the global sbcontext structure */ --static pthread_mutex_t sb_syscall_lock = PTHREAD_MUTEX_INITIALIZER; -- - bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, int flags) - { - int old_errno = errno; -@@ -843,8
[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
commit: 33a9bf25d218173400e1115011ed867e84b4bf38 Author: Mike Frysinger gentoo org> AuthorDate: Sat Dec 19 18:15:05 2015 + Commit: Mike Frysinger gentoo org> CommitDate: Sat Dec 19 18:15:25 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33a9bf25 sys-apps/sandbox: fix memory corruption #568714 .../files/sandbox-2.10-memory-corruption.patch | 42 ++ ...{sandbox-2.10.ebuild => sandbox-2.10-r1.ebuild} | 1 + 2 files changed, 43 insertions(+) diff --git a/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch b/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch new file mode 100644 index 000..7dd27c9 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch @@ -0,0 +1,42 @@ +From 529a388ebb1b4e9d6ad8a1bb61dd8211833a5976 Mon Sep 17 00:00:00 2001 +From: Denis Lisov+Date: Sat, 19 Dec 2015 19:13:58 +0300 +Subject: [PATCH] libsandbox: fix old_malloc_size check on realloc + +Realloc uses SB_MALLOC_TO_SIZE assuming it returns the usable size, +while it is really the mmap size, which is greater. Thus it may fail +to reallocate even if required. + +URL: https://bugs.gentoo.org/568714 +Signed-off-by: Denis Lisov +Signed-off-by: Mike Frysinger +--- + libsandbox/memory.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libsandbox/memory.c b/libsandbox/memory.c +index 8581128..a2d69a2 100644 +--- a/libsandbox/memory.c b/libsandbox/memory.c +@@ -40,7 +40,8 @@ static int sb_munmap(void *addr, size_t length) + + #define SB_MALLOC_TO_MMAP(ptr) ((void*)((uintptr_t)(ptr) - MIN_ALIGN)) + #define SB_MMAP_TO_MALLOC(ptr) ((void*)((uintptr_t)(ptr) + MIN_ALIGN)) +-#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr))) ++#define SB_MALLOC_TO_MMAP_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr))) ++#define SB_MALLOC_TO_SIZE(ptr) (SB_MALLOC_TO_MMAP_SIZE(ptr) - MIN_ALIGN) + + void *malloc(size_t size) + { +@@ -57,7 +58,7 @@ void free(void *ptr) + { + if (ptr == NULL) + return; +- if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr))) ++ if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_MMAP_SIZE(ptr))) + sb_ebort("sandbox memory corruption with free(%p): %s\n", + ptr, strerror(errno)); + } +-- +2.6.2 + diff --git a/sys-apps/sandbox/sandbox-2.10.ebuild b/sys-apps/sandbox/sandbox-2.10-r1.ebuild similarity index 97% rename from sys-apps/sandbox/sandbox-2.10.ebuild rename to sys-apps/sandbox/sandbox-2.10-r1.ebuild index 2550852..9df5d29 100644 --- a/sys-apps/sandbox/sandbox-2.10.ebuild +++ b/sys-apps/sandbox/sandbox-2.10-r1.ebuild @@ -46,6 +46,7 @@ sb_foreach_abi() { src_unpack() { unpacker cd "${S}" + epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714 epatch_user }