[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/, profiles/

2022-04-02 Thread Michał Górny 
commit: 530aaa039c7d23c9f5e0eae7ebafd4b7814d9310
Author: Michał Górny  gentoo  org>
AuthorDate: Sat Apr  2 22:00:45 2022 +
Commit: Michał Górny  gentoo  org>
CommitDate: Sat Apr  2 22:04:46 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530aaa03

sys-apps/sandbox: Remove permanently broken sandbox 3.0+

The unreviewed changes in sandbox 3.0 has broken a number of packages,
and the versions have been masked since November 2021.  It seems
that the author is not interested in fixing them, so remove them.

Signed-off-by: Michał Górny  gentoo.org>

 profiles/package.mask  |  8 ---
 sys-apps/sandbox/Manifest  |  2 -
 .../sandbox/files/sandbox-3.1-label-decl.patch | 41 --
 sys-apps/sandbox/sandbox-3.0.ebuild| 62 
 sys-apps/sandbox/sandbox-3.1.ebuild| 66 --
 5 files changed, 179 deletions(-)

diff --git a/profiles/package.mask b/profiles/package.mask
index 1f333a383968..556faa3898f7 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -410,14 +410,6 @@ dev-tex/pdfannotextractor
 dev-lang/vala:0.54
 dev-lang/vala:0.56
 
-# Sam James  (2021-11-03)
-# Known issues with YAMA (kernel.yama.ptrace_scope=1) which is on by default
-# in at least the sys-kernel/gento-kernel kernel config.
-# Work is in progress to fix these but latest sandbox versions still seem
-# to cause hangs in some situations. Mask for now to avoid duplicate reports.
-# bug #821532, bug #821523 (and bug #821403 but shouldn't be in 3.1+).
->=sys-apps/sandbox-3.0
-
 # Ionen Wolkens  (2021-10-09)
 # Vulkan beta driver branch aimed at Vulkan developers for testing
 # new features. Beside vulkan, it is typically behind the main branch

diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index b3f61f637d3e..50fedc869e8e 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -4,5 +4,3 @@ DIST sandbox-2.26.tar.xz 12 BLAKE2B 
3bc88d86ba4e2522895c4448dff6da2cffceb912
 DIST sandbox-2.27.tar.xz 448948 BLAKE2B 
03a311c8c7c8719bac398e39ce49e7149bdaa1d5b2811f395eb2251a32aabba995f97c3d5d27461aadb64bf43adf2b0cbaa7c2f141dd86f64f8dd326422ac104
 SHA512 
2a53e6fc87cec975962737b1fadc447d86985d27b18ad2caed76da2ba435f54db0f7dadb02664b2638b9dc77752831cd4820390f5c3e61a42429e13462a7
 DIST sandbox-2.28.tar.xz 450840 BLAKE2B 
1a144db1dcd140ce393f47b224c4389693bd3db6d056749968a9e78730b1075192148aa63fdfd5ab93893dfb96a87bcc36bee8b4540abefca0590a8def8365f2
 SHA512 
eaac54fbc35f51da3c94bfa10e0556f0fd39c20660fea2aa7d3cbf76dd3e4c9fb4a16cc198425988b79313f9331af030e1dca431c3f057ee4a04927c96897895
 DIST sandbox-2.29.tar.xz 452784 BLAKE2B 
388f5d9c49134696bafbc6b882581396a9fa2e7caa6ccfb4376706d653f836ce18e0d77527c4c4f2ff753c0b920ab5ab60e151dd8a4e399e13dbc3fe7c0533d6
 SHA512 
15c0e6b71e8b8547b8188f857568c99b1925d5a837a289b21c4f842341361bf7119b96083697dc83546caf530daab700fb8c2704974e7cfb804d64bb5257a4b4
-DIST sandbox-3.0.tar.xz 454384 BLAKE2B 
b4f38b7c5ed2dc52e558f1b7e36d2308e6017c9d14861c60eace0f240a909f11184e259b2359ea96cad81d21234cc9a6bcd9f313ce56bd2f3bb1ce836f006a50
 SHA512 
3a35ee0b19a356b1986468ef5d2ecd553b88cbdaf287ce31a211b4072097a9844fca413ffa0f2858b9a4e75ead822fe9d9834f17c241ba32c2f14e02619a70b3
-DIST sandbox-3.1.tar.xz 454404 BLAKE2B 
f8cc2960f1c7b3367d375952f0a7ca978c1a2cc27b63137046152d1080a1a7b6b99d356af0776d3b57a5c260b2d89f0b7bfb127967407b537642be04e92b8603
 SHA512 
e57c0fc1ddb5a63012abd02080770d49deaa1d0168508a794df2eaa25b2b7a4fa6c505e8b93572a3745912819202c264cdf980f10dc7101c487a9b03e7f65815

diff --git a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch 
b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
deleted file mode 100644
index b17f4b866f5a..
--- a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger 
-Date: Wed, 3 Nov 2021 12:25:10 -0400
-Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings
-
-Looks like gcc is inconsistent in when it chokes on this code:
-> a label can only be part of a statement and a declaration is not a statement
-
-Hoist the decl up to the top of scope to avoid the issue.
-
-Bug: https://bugs.gentoo.org/821433
-Signed-off-by: Mike Frysinger 

- libsandbox/trace.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/libsandbox/trace.c b/libsandbox/trace.c
-index f3390d99822e..d2899b743048 100644
 a/libsandbox/trace.c
-+++ b/libsandbox/trace.c
-@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[])
- 
- bool trace_possible(const char *filename, char *const argv[], const void 
*data)
- {
-+  char *args;
-+
-   /* If YAMA ptrace_scope is very high, then we can't trace at all.  
#771360 */
-   int yama = trace_yama_level();
-   if (yama >= 2) {
-@@ -721,7 +723,7 @@ bool trace_possible(const char

[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

2021-11-03 Thread Mike Frysinger 
commit: 36d4dacd971f39bd0ecde7d93216de68c8efe31a
Author: Mike Frysinger  gentoo  org>
AuthorDate: Wed Nov  3 16:42:47 2021 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Wed Nov  3 16:42:59 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36d4dacd

sys-apps/sandbox: fix build failures in some compiler configurations #821433

Closes: https://bugs.gentoo.org/821433
Signed-off-by: Mike Frysinger  gentoo.org>

 .../sandbox/files/sandbox-3.1-label-decl.patch | 41 ++
 sys-apps/sandbox/sandbox-3.1.ebuild|  4 +++
 2 files changed, 45 insertions(+)

diff --git a/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch 
b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
new file mode 100644
index 000..b17f4b866f5
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch
@@ -0,0 +1,41 @@
+From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger 
+Date: Wed, 3 Nov 2021 12:25:10 -0400
+Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings
+
+Looks like gcc is inconsistent in when it chokes on this code:
+> a label can only be part of a statement and a declaration is not a statement
+
+Hoist the decl up to the top of scope to avoid the issue.
+
+Bug: https://bugs.gentoo.org/821433
+Signed-off-by: Mike Frysinger 
+---
+ libsandbox/trace.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libsandbox/trace.c b/libsandbox/trace.c
+index f3390d99822e..d2899b743048 100644
+--- a/libsandbox/trace.c
 b/libsandbox/trace.c
+@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[])
+ 
+ bool trace_possible(const char *filename, char *const argv[], const void 
*data)
+ {
++  char *args;
++
+   /* If YAMA ptrace_scope is very high, then we can't trace at all.  
#771360 */
+   int yama = trace_yama_level();
+   if (yama >= 2) {
+@@ -721,7 +723,7 @@ bool trace_possible(const char *filename, char *const 
argv[], const void *data)
+   }
+ 
+  fail:
+-  char *args = flatten_args(argv);
++  args = flatten_args(argv);
+   sb_eqawarn("Unable to trace static ELF: %s: %s\n", filename, args);
+   free(args);
+   return false;
+-- 
+2.33.0
+

diff --git a/sys-apps/sandbox/sandbox-3.1.ebuild 
b/sys-apps/sandbox/sandbox-3.1.ebuild
index 83e90898881..1c11a7faf15 100644
--- a/sys-apps/sandbox/sandbox-3.1.ebuild
+++ b/sys-apps/sandbox/sandbox-3.1.ebuild
@@ -18,6 +18,10 @@ DEPEND="app-arch/xz-utils
>=app-misc/pax-utils-0.1.19" #265376
 RDEPEND=""
 
+PATCHES=(
+   "${FILESDIR}"/${P}-label-decl.patch #821433
+)
+
 has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" 
sandbox_death_notice"
 
 sandbox_death_notice() {

[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

2019-07-12 Thread Sergei Trofimovich 
commit: 44a8ff0d8ea8e992e7956f99f9665f6d7439b84a
Author: Sergei Trofimovich  gentoo  org>
AuthorDate: Fri Jul 12 06:48:30 2019 +
Commit: Sergei Trofimovich  gentoo  org>
CommitDate: Fri Jul 12 06:48:46 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44a8ff0d

sys-apps/sandbox: bump up to 2.18, bug #549108

The main change from 2.17 is basic musl support.

Closes: https://bugs.gentoo.org/549108
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Sergei Trofimovich  gentoo.org>

 sys-apps/sandbox/Manifest|  1 +
 sys-apps/sandbox/files/musl.patch| 42 
 sys-apps/sandbox/sandbox-2.18.ebuild | 74 
 3 files changed, 117 insertions(+)

diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 974844caf43..bcb90be6572 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -3,3 +3,4 @@ DIST sandbox-2.13.tar.xz 424968 BLAKE2B 
efcbf527853e8cfe8b3fec026041f55f51cba780
 DIST sandbox-2.14.tar.xz 426992 BLAKE2B 
a30984f613b773cb5e53b2b0297ada32d11797699418aebf3014e11f3ec2b69a1c4b4e22ce96c28b1df022617cab6787cfe61f84b37ed61e966ac425eae1c7eb
 SHA512 
b84584cffc54678646798bc58d8b60cdc10a0a58c9f1a49276dcac205a06dd7a2e664d2a9c40c78b48eae8ac36e3ac498ba35674f10e6e06c3c2bab777e05ced
 DIST sandbox-2.15.tar.xz 426948 BLAKE2B 
e40bb728192ef3793a9129bc88a63878516b0977a19effd5b02ded644ec6fe1627fab34786b22024957d96725fc5c53f488f7b09119be7b7ca91692dcee985dc
 SHA512 
7249b594864267311ce8e2c04275df49c6d8e8e811dde5780f7f676cb43928728b9abed77beb8f5ee32061efcdb03753cce44d5bf1827bd519d6be8fa54912e6
 DIST sandbox-2.17.tar.xz 431700 BLAKE2B 
461404f5b98ac83d9e5bc63fc7251cdfbb04a0ccedb340a7a5b8595b68ab34034a56c0a0cfa8478961c9282f6450de89ef5b512b13d427a7f63c17a4141cbcbf
 SHA512 
b5d7a76d894471f6610b41aa05f007d257c69ae5c90f8db455d626e0d1209b9d276678c36e90d2e4214d15074512be182b4f5f905ed2b7e236ff714cbf51958f
+DIST sandbox-2.18.tar.xz 427760 BLAKE2B 
26199ff8f919dcecdfdb74d508e0802e2e929a003ff1caddc54c1ea0f7887938c4f69065e585d61f7e96b29be26a34a1cdb62b397309e993511097ecaebe0620
 SHA512 
1775d4d6f80d414ab94eafae73966c12c4dd80857e21f0849703a3230ddb80501d8e574b14296e554932766cd71aa7b48a802fc388aaab43ba882ee7d005a60d

diff --git a/sys-apps/sandbox/files/musl.patch 
b/sys-apps/sandbox/files/musl.patch
new file mode 100644
index 000..419d067f2a2
--- /dev/null
+++ b/sys-apps/sandbox/files/musl.patch
@@ -0,0 +1,42 @@
+--- a/libsandbox/trace.c
 b/libsandbox/trace.c
+@@ -10,7 +10,16 @@
+ #include "sb_nr.h"
+ 
+ static long do_peekdata(long offset);
+-static long _do_ptrace(enum __ptrace_request request, const char *srequest, 
void *addr, void *data);
++/* Note on _do_ptrace argument types:
++   glibc defines ptrace as:
++ long ptrace(enum __ptrace_request request, pid_t pid, void *addr, void 
*data);
++   musl defines ptrace as:
++ long ptrace(int, ...);
++
++   Let's clobber to 'int' lowest common denominator.
++ */
++typedef int sb_ptrace_req_t;
++static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void 
*addr, void *data);
+ #define do_ptrace(request, addr, data) _do_ptrace(request, #request, addr, 
data)
+ #define _trace_possible(data) true
+ 
+@@ -44,7 +53,7 @@ static void trace_exit(int status)
+   _exit(status);
+ }
+ 
+-static long _do_ptrace(enum __ptrace_request request, const char *srequest, 
void *addr, void *data)
++static long _do_ptrace(sb_ptrace_req_t request, const char *srequest, void 
*addr, void *data)
+ {
+   long ret;
+  try_again:
+--- a/scripts/gen_symbol_header.awk
 b/scripts/gen_symbol_header.awk
+@@ -117,6 +117,10 @@ END {
+   gsub(/@|\./, "_", sym_real_name);
+   }
+ 
++  # Avoid libc's symbol rename via #define. musl defines 
aliases as:
++  # #define mkstemp64 mkstemp
++  # #define mkstemps64 mkstemps
++  printf("#undef %s\n", sym_index);
+   printf("#define symname_%s \"%s\"\n", sym_real_name, 
sym_index);
+ 
+   # We handle non-versioned libc's by setting symver_*

diff --git a/sys-apps/sandbox/sandbox-2.18.ebuild 
b/sys-apps/sandbox/sandbox-2.18.ebuild
new file mode 100644
index 000..179163388c4
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.18.ebuild
@@ -0,0 +1,74 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/;
+SRC_URI="https://dev.gentoo.org/~slyfox/distfiles/${P}.tar.xz;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+DEPEND="app-arch/xz-utils
+   >=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+has

[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

2017-03-10 Thread Mike Frysinger 
commit: 94f5df1e61d1b6159a32f020e1780427fba6d98c
Author: Mike Frysinger  gentoo  org>
AuthorDate: Fri Mar 10 18:49:39 2017 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Fri Mar 10 18:50:54 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94f5df1e

sys-apps/sandbox: fix handling of symlinks w/symlinkat/renameat #612202

 .../files/sandbox-2.11-symlinkat-renameat.patch| 124 +
 sys-apps/sandbox/sandbox-2.10-r4.ebuild|  85 ++
 sys-apps/sandbox/sandbox-2.11-r5.ebuild|  86 ++
 3 files changed, 295 insertions(+)

diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch 
b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
new file mode 100644
index 000..e33011f7495
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
@@ -0,0 +1,124 @@
+From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
+From: Mike Frysinger 
+Date: Fri, 10 Mar 2017 10:15:50 -0800
+Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
+
+These funcs don't deref their path args, so flag them as such.
+
+URL: https://bugs.gentoo.org/612202
+Signed-off-by: Mike Frysinger 
+---
+ libsandbox/libsandbox.c |  4 +++-
+ tests/renameat-2.sh | 12 
+ tests/renameat-3.sh | 11 +++
+ tests/renameat.at   |  2 ++
+ tests/symlinkat-2.sh| 10 ++
+ tests/symlinkat-3.sh|  9 +
+ tests/symlinkat.at  |  2 ++
+ 7 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100755 tests/renameat-2.sh
+ create mode 100755 tests/renameat-3.sh
+ create mode 100755 tests/symlinkat-2.sh
+ create mode 100755 tests/symlinkat-3.sh
+
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
+index e809308d717d..de48bd79ba53 100644
+--- a/libsandbox/libsandbox.c
 b/libsandbox/libsandbox.c
+@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char 
*abs_path)
+ sb_nr == SB_NR_LCHOWN   ||
+ sb_nr == SB_NR_REMOVE   ||
+ sb_nr == SB_NR_RENAME   ||
++sb_nr == SB_NR_RENAMEAT ||
+ sb_nr == SB_NR_RMDIR||
+-sb_nr == SB_NR_SYMLINK))
++sb_nr == SB_NR_SYMLINK  ||
++sb_nr == SB_NR_SYMLINKAT))
+   {
+   /* These funcs sometimes operate on symlinks */
+   if (!((sb_nr == SB_NR_FCHOWNAT ||
+diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
+new file mode 100755
+index ..d0fbe8ae4574
+--- /dev/null
 b/tests/renameat-2.sh
+@@ -0,0 +1,12 @@
++#!/bin/sh
++# make sure we can clobber symlinks #612202
++
++addwrite $PWD
++
++ln -s /asdf sym || exit 1
++touch file
++renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1
++[ ! -e file ]
++[ ! -L sym ]
++[ -e sym ]
++test ! -s "${SANDBOX_LOG}"
+diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
+new file mode 100755
+index ..9ae5c9a6511a
+--- /dev/null
 b/tests/renameat-3.sh
+@@ -0,0 +1,11 @@
++#!/bin/sh
++# make sure we reject bad renames #612202
++
++addwrite $PWD
++mkdir deny
++adddeny $PWD/deny
++
++touch file
++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1
++[ -e file ]
++test -s "${SANDBOX_LOG}"
+diff --git a/tests/renameat.at b/tests/renameat.at
+index 081d7d20277e..eec4638deeaa 100644
+--- a/tests/renameat.at
 b/tests/renameat.at
+@@ -1 +1,3 @@
+ SB_CHECK(1)
++SB_CHECK(2)
++SB_CHECK(3)
+diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
+new file mode 100755
+index ..168362e8806f
+--- /dev/null
 b/tests/symlinkat-2.sh
+@@ -0,0 +1,10 @@
++#!/bin/sh
++# make sure we can clobber symlinks #612202
++
++addwrite $PWD
++
++symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1
++[ -L sym ]
++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1
++[ -L sym ]
++test ! -s "${SANDBOX_LOG}"
+diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
+new file mode 100755
+index ..a01c750dd2b6
+--- /dev/null
 b/tests/symlinkat-3.sh
+@@ -0,0 +1,9 @@
++#!/bin/sh
++# make sure we reject bad symlinks #612202
++
++addwrite $PWD
++mkdir deny
++adddeny $PWD/deny
++
++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1
++test -s "${SANDBOX_LOG}"
+diff --git a/tests/symlinkat.at b/tests/symlinkat.at
+index 081d7d20277e..eec4638deeaa 100644
+--- a/tests/symlinkat.at
 b/tests/symlinkat.at
+@@ -1 +1,3 @@
+ SB_CHECK(1)
++SB_CHECK(2)
++SB_CHECK(3)
+-- 
+2.12.0
+

diff --git a/sys-apps/sandbox/sandbox-2.10-r4.ebuild 
b/sys-apps/sandbox/sandbox-2.10-r4.ebuild
new file mode 100644
index 000..0f792910204
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-2.10-r4.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+EAPI="5"
+
+inherit eutils flag-o-matic

[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

2016-03-29 Thread Mike Frysinger 
commit: 0970c507b3eda2d1909614026385bf8767766322
Author: Mike Frysinger  gentoo  org>
AuthorDate: Wed Mar 30 05:20:46 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Wed Mar 30 05:21:34 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0970c507

sys-apps/sandbox: fix execvpe handling #578516

 sys-apps/sandbox/files/sandbox-2.11-execvpe.patch  | 30 ++
 ...ndbox-2.11-r1.ebuild => sandbox-2.11-r2.ebuild} |  1 +
 2 files changed, 31 insertions(+)

diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch 
b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
new file mode 100644
index 000..7e8130b
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
@@ -0,0 +1,30 @@
+From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger 
+Date: Wed, 30 Mar 2016 01:17:21 -0400
+Subject: [PATCH] libsandbox: whitelist execvpe
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+URL: https://bugs.gentoo.org/578516
+Reported-by: Toralf Förster 
+Signed-off-by: Mike Frysinger 
+---
+ libsandbox/libsandbox.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
+index cbe1aa1..e809308 100644
+--- a/libsandbox/libsandbox.c
 b/libsandbox/libsandbox.c
+@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, 
const char *func,
+sb_nr == SB_NR_EXECV ||
+sb_nr == SB_NR_EXECVP||
+sb_nr == SB_NR_EXECVE||
++   sb_nr == SB_NR_EXECVPE   ||
+sb_nr == SB_NR_FEXECVE))
+   {
+   retval = check_prefixes(sbcontext->read_prefixes,
+-- 
+2.7.4
+

diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild 
b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
similarity index 97%
rename from sys-apps/sandbox/sandbox-2.11-r1.ebuild
rename to sys-apps/sandbox/sandbox-2.11-r2.ebuild
index 8001316..4f9884f 100644
--- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild
+++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
@@ -32,6 +32,7 @@ sandbox_death_notice() {
 }
 
 src_prepare() {
+   epatch "${FILESDIR}"/${P}-execvpe.patch #578516
epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
epatch_user
 }

[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

2016-01-17 Thread Mike Frysinger 
commit: 4994c7667bd2d9e54fa79f705a51a9fbd1af5522
Author: Mike Frysinger  gentoo  org>
AuthorDate: Sun Jan 17 20:09:22 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Sun Jan 17 20:12:12 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4994c766

sys-apps/sandbox: drop versions <2.6

 sys-apps/sandbox/Manifest  |   4 -
 .../files/sandbox-1.6-disable-pthread.patch|  37 ---
 .../files/sandbox-1.6-disable-qa-static.patch  |  13 ---
 sys-apps/sandbox/sandbox-1.6-r2.ebuild | 104 --
 sys-apps/sandbox/sandbox-2.3-r1.ebuild | 103 --
 sys-apps/sandbox/sandbox-2.4.ebuild| 100 --
 sys-apps/sandbox/sandbox-2.5.ebuild| 117 -
 7 files changed, 478 deletions(-)

diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 38fb2ea..fa19c3f 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -1,8 +1,4 @@
-DIST sandbox-1.6.tar.lzma 307014 SHA256 
52cfd286da3d5d51f3b6e012e409e931b21e32b4f2f16ba5677e46328680f4f4 SHA512 
f470599a67443fa107612fef1cc73b64b3146003ae21bb5ae5abd852c4c37aec93ac09be646fda9d55d4c3aeef0cf28a42fa675f2acbb53c1d903e400538ba4c
 WHIRLPOOL 
7c7fbe57cc831d0eb7853476e264a85bb8113620948e761563a872d3d55fd3c0ff063332397199001ea9dcb8258f348b827f337b876b2a26f727f10abbc8f712
 DIST sandbox-2.10.tar.xz 417068 SHA256 
019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 
178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305
 WHIRLPOOL 
5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192
-DIST sandbox-2.3.tar.xz 344260 SHA256 
8670f7508453c2fd300ca29ad2eb457691c3df01c4c22fa27d4a7c880fd291d5 SHA512 
06ddaa6dc0822474c263650e95284af6cb69c60c9443b5caaf95af8140283f937d5594849064847fe3a4ad89b29b6ef6d6e909a9b85bb5d7fcf8b427d0e9c7e4
 WHIRLPOOL 
5d3f45a0bbb1aeffb8c83f8978bea65764aa438a5abcb50c66b5f66232d972bde84013694f6806fcc0026cd6d37420c69655d66ec5984a1c6f71a68dcfc95d11
-DIST sandbox-2.4.tar.xz 344664 SHA256 
450599cb3052296d42f81a04dbbda82d220415fc2d16f5dc6e26b042d580fd3e SHA512 
c0f8b789bcabd48e03a20a97c9daa82c48f264d7641ecfa51dff7a2d2c34be398cf1db6235eb0211bf0fa78b07bd6e633e06bc102904bf9dd8a95f9fde1ca615
 WHIRLPOOL 
22f0f55f6e638275781ab5afa29b1a7f5e7f3335a3d2ff37d9fcce0bf9284b271bf1d69b98bcd4b06fdb9ff1528d044f9fb111a58c2a1a5ce33cbe28c0cb869d
-DIST sandbox-2.5.tar.xz 355680 SHA256 
c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 
7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0
 WHIRLPOOL 
887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53
 DIST sandbox-2.6.tar.xz 366356 SHA256 
95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 
32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371
 WHIRLPOOL 
bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03
 DIST sandbox-2.7.tar.xz 390304 SHA256 
d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 
81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a
 WHIRLPOOL 
ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554
 DIST sandbox-2.8.tar.xz 410588 SHA256 
f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 
73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e
 WHIRLPOOL 
6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74

diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch 
b/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch
deleted file mode 100644
index 490bc41..000
--- a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-http://bugs.gentoo.org/263657
-
-disable pthread locks ... this is how stable has always worked, so there
-wont be any regressions ...
-
-diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
-index 034d0e7..595d17f 100644
 a/libsandbox/libsandbox.c
-+++ b/libsandbox/libsandbox.c
-@@ -814,9 +814,6 @@
-   return result;
- }
- 
--/* Need to protect the global sbcontext structure */
--static pthread_mutex_t sb_syscall_lock = PTHREAD_MUTEX_INITIALIZER;
--
- bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, 
int flags)
- {
-   int old_errno = errno;
-@@ -843,8

[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/

2015-12-19 Thread Mike Frysinger 
commit: 33a9bf25d218173400e1115011ed867e84b4bf38
Author: Mike Frysinger  gentoo  org>
AuthorDate: Sat Dec 19 18:15:05 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Sat Dec 19 18:15:25 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33a9bf25

sys-apps/sandbox: fix memory corruption #568714

 .../files/sandbox-2.10-memory-corruption.patch | 42 ++
 ...{sandbox-2.10.ebuild => sandbox-2.10-r1.ebuild} |  1 +
 2 files changed, 43 insertions(+)

diff --git a/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch 
b/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch
new file mode 100644
index 000..7dd27c9
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch
@@ -0,0 +1,42 @@
+From 529a388ebb1b4e9d6ad8a1bb61dd8211833a5976 Mon Sep 17 00:00:00 2001
+From: Denis Lisov 
+Date: Sat, 19 Dec 2015 19:13:58 +0300
+Subject: [PATCH] libsandbox: fix old_malloc_size check on realloc
+
+Realloc uses SB_MALLOC_TO_SIZE assuming it returns the usable size,
+while it is really the mmap size, which is greater. Thus it may fail
+to reallocate even if required.
+
+URL: https://bugs.gentoo.org/568714
+Signed-off-by: Denis Lisov 
+Signed-off-by: Mike Frysinger 
+---
+ libsandbox/memory.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libsandbox/memory.c b/libsandbox/memory.c
+index 8581128..a2d69a2 100644
+--- a/libsandbox/memory.c
 b/libsandbox/memory.c
+@@ -40,7 +40,8 @@ static int sb_munmap(void *addr, size_t length)
+ 
+ #define SB_MALLOC_TO_MMAP(ptr) ((void*)((uintptr_t)(ptr) - MIN_ALIGN))
+ #define SB_MMAP_TO_MALLOC(ptr) ((void*)((uintptr_t)(ptr) + MIN_ALIGN))
+-#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))
++#define SB_MALLOC_TO_MMAP_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr)))
++#define SB_MALLOC_TO_SIZE(ptr) (SB_MALLOC_TO_MMAP_SIZE(ptr) - MIN_ALIGN)
+ 
+ void *malloc(size_t size)
+ {
+@@ -57,7 +58,7 @@ void free(void *ptr)
+ {
+   if (ptr == NULL)
+   return;
+-  if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr)))
++  if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_MMAP_SIZE(ptr)))
+   sb_ebort("sandbox memory corruption with free(%p): %s\n",
+   ptr, strerror(errno));
+ }
+-- 
+2.6.2
+

diff --git a/sys-apps/sandbox/sandbox-2.10.ebuild 
b/sys-apps/sandbox/sandbox-2.10-r1.ebuild
similarity index 97%
rename from sys-apps/sandbox/sandbox-2.10.ebuild
rename to sys-apps/sandbox/sandbox-2.10-r1.ebuild
index 2550852..9df5d29 100644
--- a/sys-apps/sandbox/sandbox-2.10.ebuild
+++ b/sys-apps/sandbox/sandbox-2.10-r1.ebuild
@@ -46,6 +46,7 @@ sb_foreach_abi() {
 src_unpack() {
unpacker
cd "${S}"
+   epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714
epatch_user
 }