diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2011-02-14 06:18:59 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2011-02-14 06:18:59 +0000 |
| commit | 446d35317bc77b3fc52de5f28c4bc1a89d521ee3 (patch) | |
| tree | bdfcac43629a215316bb36c55b8584bbe4e2e03f /sys-apps/sandbox | |
| parent | 0.7.45 version bump. (diff) | |
| download | gentoo-2-446d35317bc77b3fc52de5f28c4bc1a89d521ee3.tar.gz gentoo-2-446d35317bc77b3fc52de5f28c4bc1a89d521ee3.tar.bz2 gentoo-2-446d35317bc77b3fc52de5f28c4bc1a89d521ee3.zip | |
old
Diffstat (limited to 'sys-apps/sandbox')
7 files changed, 0 insertions, 519 deletions
diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch deleted file mode 100644 index 806f1a3a6773..000000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch +++ /dev/null @@ -1,15 +0,0 @@ -http://bugs.gentoo.org/196720 - -mark the new "e" fopen() flag as safe - ---- sandbox-1.2.18.1/src/libsandbox.c -+++ sandbox-1.2.18.1/src/libsandbox.c -@@ -1595,7 +1595,7 @@ - { - if (*mode == 'r' && (0 == (strcmp(mode, "r")) || - /* The strspn accept args are known non-writable modifiers */ -- (strlen(++mode) == strspn(mode, "xbtmc")))) { -+ (strlen(++mode) == strspn(mode, "xbtmce")))) { - return before_syscall("open_rd", file); - } else { - return before_syscall("open_wr", file); diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch deleted file mode 100644 index 49b57e41a17b..000000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch +++ /dev/null @@ -1,99 +0,0 @@ -Patch from Kevin F. Quinn at https://bugs.gentoo.org/show_bug.cgi?id=135745 -Already applied in sandbox svn - -Makes sandboxed open() calls return the normal error conditions if the -file in question does not exist, without causing a sandbox violation. -This allows programs to use open() to test for file existance, regardless -of read-write flags. This is not revealing any further information about -the backing system because this data was already available through stat(). - -Index: src/libsandbox.c -=================================================================== ---- src/libsandbox.c.orig -+++ src/libsandbox.c -@@ -80,6 +80,9 @@ - #define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_access(_func, _path, _flags))) - -+#define FUNCTION_SANDBOX_FAIL_OPEN_INT(_func, _path, _flags) \ -+ ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags))) -+ - #define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \ - ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags))) - -@@ -388,6 +391,16 @@ static FILE * (*true_ ## _name) (const c - FILE *_name(const char *pathname, const char *mode) \ - { \ - FILE *result = NULL; \ -+ int my_errno = errno; \ -+ struct stat st; \ -+\ -+ if (mode!=NULL && mode[0]=='r') { \ -+ /* If we're trying to read, fail normally if file does not stat */\ -+ if (-1 == stat(pathname, &st)) { \ -+ return NULL; \ -+ } \ -+ } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \ - check_dlsym(_name); \ -@@ -561,12 +574,20 @@ int _name(const char *pathname, int flag - va_list ap; \ - int mode = 0; \ - int result = -1; \ -+ int my_errno = errno; \ -+ struct stat st; \ - \ - if (flags & O_CREAT) { \ - va_start(ap, flags); \ - mode = va_arg(ap, int); \ - va_end(ap); \ -+ } else { \ -+ /* If we're not trying to create, fail normally if file does not stat */\ -+ if (-1 == stat(pathname, &st)) { \ -+ return -1; \ -+ } \ - } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \ - check_dlsym(_name); \ -@@ -726,6 +747,16 @@ static FILE * (*true_ ## _name) (const c - FILE *_name(const char *pathname, const char *mode) \ - { \ - FILE *result = NULL; \ -+ int my_errno = errno; \ -+ struct stat64 st; \ -+\ -+ if (mode!=NULL && mode[0]=='r') { \ -+ /* If we're trying to read, fail normally if file does not stat */\ -+ if (-1 == stat64(pathname, &st)) { \ -+ return NULL; \ -+ } \ -+ } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \ - check_dlsym(_name); \ -@@ -746,12 +777,20 @@ int _name(const char *pathname, int flag - va_list ap; \ - int mode = 0; \ - int result = -1; \ -+ int my_errno = errno; \ -+ struct stat64 st; \ - \ - if (flags & O_CREAT) { \ - va_start(ap, flags); \ - mode = va_arg(ap, int); \ - va_end(ap); \ -+ } else { \ -+ /* If we're not trying to create, fail normally if file does not stat */\ -+ if (-1 == stat64(pathname, &st)) { \ -+ return -1; \ -+ } \ - } \ -+ errno = my_errno; \ - \ - if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \ - check_dlsym(_name); \ diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch deleted file mode 100644 index 36e96f5779c9..000000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Robin H. Johnson <robbat2@gentoo.org> -Gentoo-Bug: 206678 -X-Gentoo-URL: http://bugs.gentoo.org/show_bug.cgi?id=206678 -Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> - -Based on a previous revision by solar@gentoo.org. -It seems that on hardened systems, USE_RTLD_NEXT is not always usable, and this -trips up sandbox. - -diff -Nuar sandbox-1.2.18.1.orig/src/libsandbox.c sandbox-1.2.18.1/src/libsandbox.c ---- sandbox-1.2.18.1.orig/src/libsandbox.c 2008-06-27 16:15:53.000000000 +0000 -+++ sandbox-1.2.18.1/src/libsandbox.c 2008-06-27 16:20:26.000000000 +0000 -@@ -192,18 +192,24 @@ - { - void *symaddr = NULL; - -- if (NULL == libc_handle) { --#if !defined(USE_RTLD_NEXT) -+#if defined(USE_RTLD_NEXT) -+ libc_handle = RTLD_NEXT; -+#endif -+ -+ /* Checking for -1UL is significent on hardened! -+ * USE_RTLD_NEXT returns it as a sign of being unusable. -+ * However using !x or NULL checks does NOT pick it up! -+ */ -+#define INVALID_LIBC_HANDLE(x) (!x || NULL == x || -1UL == x) -+ if (INVALID_LIBC_HANDLE(libc_handle)) { - libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); -- if (!libc_handle) { -+ if (INVALID_LIBC_HANDLE(libc_handle)) { - fprintf(stderr, "libsandbox: Can't dlopen libc: %s\n", - dlerror()); - exit(EXIT_FAILURE); - } --#else -- libc_handle = RTLD_NEXT; --#endif - } -+#undef INVALID_LIBC_HANDLE - - if (NULL == symver) - symaddr = dlsym(libc_handle, symname); diff --git a/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch b/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch deleted file mode 100644 index cbf769fc4e1b..000000000000 --- a/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch +++ /dev/null @@ -1,12 +0,0 @@ -http://bugs.gentooorg/190051 - ---- libsandbox/Makefile.in -+++ libsandbox/Makefile.in -@@ -517,6 +517,7 @@ - - - libsandbox.c: libsandbox.map symbols.h -+wrappers.c: symbols.h - - libsandbox.map: $(SYMBOLS_FILE) $(GEN_VERSION_MAP_SCRIPT) - @echo "Generating $@"; \ diff --git a/sys-apps/sandbox/sandbox-1.2.18.1-r2.ebuild b/sys-apps/sandbox/sandbox-1.2.18.1-r2.ebuild deleted file mode 100644 index 51afcb59f04b..000000000000 --- a/sys-apps/sandbox/sandbox-1.2.18.1-r2.ebuild +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-1.2.18.1-r2.ebuild,v 1.11 2009/08/13 10:49:15 vapier Exp $ - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -inherit eutils flag-o-matic toolchain-funcs multilib - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="http://www.gentoo.org/" -SRC_URI="mirror://gentoo/${P}.tar.bz2 - http://dev.gentoo.org/~azarah/sandbox/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" -IUSE="" - -DEPEND="" - -EMULTILIB_PKG="true" - -setup_multilib() { - if use amd64 && has_m32 && [[ ${CONF_MULTILIBDIR} == "lib32" ]]; then - export DEFAULT_ABI="amd64" - export MULTILIB_ABIS="x86 amd64" - export CFLAGS_amd64=${CFLAGS_amd64:-"-m64"} - export CFLAGS_x86=${CFLAGS_x86-"-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"} - export CHOST_amd64="x86_64-pc-linux-gnu" - export CHOST_x86="i686-pc-linux-gnu" - export LIBDIR_amd64=${LIBDIR_amd64-${CONF_LIBDIR}} - export LIBDIR_x86=${LIBDIR_x86-${CONF_MULTILIBDIR}} - fi -} - -src_unpack() { - unpack ${A} - cd "${S}" - epatch "${FILESDIR}"/${P}-open-normal-fail.patch #135745 - epatch "${FILESDIR}"/${P}-open-cloexec.patch #196720 -} - -abi_fail_check() { - local ABI=$1 - if [[ ${ABI} == "x86" ]] ; then - echo - eerror "Building failed for ABI=x86!. This usually means a broken" - eerror "multilib setup. Please fix that before filling a bugreport" - eerror "against sandbox." - echo - fi -} - -src_compile() { - local myconf - local iscross=0 - - setup_multilib - - filter-lfs-flags #90228 - - has_multilib_profile && myconf="--enable-multilib" - - ewarn "If configure fails with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES=-sandbox emerge sandbox" - - [[ -n ${CBUILD} && ${CBUILD} != ${CHOST} ]] && iscross=1 - - OABI=${ABI} - OCHOST=${CHOST} - for ABI in $(get_install_abis); do - mkdir "${WORKDIR}/build-${ABI}-${OCHOST}" - cd "${WORKDIR}/build-${ABI}-${OCHOST}" - - # Needed for older broken portage versions (bug #109036) - has_version '<sys-apps/portage-2.0.51.22' && \ - unset EXTRA_ECONF - - export ABI - export CHOST=$(get_abi_CHOST) - [[ ${iscross} == 0 ]] && export CBUILD=${CHOST} - - einfo "Configuring sandbox for ABI=${ABI}..." - ECONF_SOURCE="../${P}/" \ - econf --libdir="/usr/$(get_libdir)" ${myconf} - einfo "Building sandbox for ABI=${ABI}..." - emake || { - abi_fail_check "${ABI}" - die "emake failed for ${ABI}" - } - done - ABI=${OABI} - CHOST=${OCHOST} -} - -src_install() { - setup_multilib - - OABI=${ABI} - for ABI in $(get_install_abis); do - cd "${WORKDIR}/build-${ABI}-${CHOST}" - einfo "Installing sandbox for ABI=${ABI}..." - make DESTDIR="${D}" install || die "make install failed for ${ABI}" - done - ABI=${OABI} - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog NEWS README -} - -pkg_preinst() { - chown root:portage "${D}"/var/log/sandbox - chmod 0770 "${D}"/var/log/sandbox -} diff --git a/sys-apps/sandbox/sandbox-1.2.18.1-r3.ebuild b/sys-apps/sandbox/sandbox-1.2.18.1-r3.ebuild deleted file mode 100644 index 3d327734d3db..000000000000 --- a/sys-apps/sandbox/sandbox-1.2.18.1-r3.ebuild +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-1.2.18.1-r3.ebuild,v 1.3 2009/08/13 10:49:15 vapier Exp $ - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -inherit eutils flag-o-matic toolchain-funcs multilib - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="http://www.gentoo.org/" -SRC_URI="mirror://gentoo/${P}.tar.bz2 - http://dev.gentoo.org/~azarah/sandbox/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" -IUSE="" - -DEPEND="" - -EMULTILIB_PKG="true" - -setup_multilib() { - if use amd64 && has_m32 && [[ ${CONF_MULTILIBDIR} == "lib32" ]]; then - export DEFAULT_ABI="amd64" - export MULTILIB_ABIS="x86 amd64" - export CFLAGS_amd64=${CFLAGS_amd64:-"-m64"} - export CFLAGS_x86=${CFLAGS_x86-"-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"} - export CHOST_amd64="x86_64-pc-linux-gnu" - export CHOST_x86="i686-pc-linux-gnu" - export LIBDIR_amd64=${LIBDIR_amd64-${CONF_LIBDIR}} - export LIBDIR_x86=${LIBDIR_x86-${CONF_MULTILIBDIR}} - fi -} - -src_unpack() { - unpack ${A} - cd "${S}" - epatch "${FILESDIR}"/${P}-open-normal-fail.patch #135745 - epatch "${FILESDIR}"/${P}-open-cloexec.patch #196720 - epatch "${FILESDIR}"/${P}-rtld-validation.patch #206678 - sed -i -e 's/&> libctest.log/>libctest.log 2>\&1/g' configure || die "sed failed" #236868 -} - -abi_fail_check() { - local ABI=$1 - if [[ ${ABI} == "x86" ]] ; then - echo - eerror "Building failed for ABI=x86!. This usually means a broken" - eerror "multilib setup. Please fix that before filling a bugreport" - eerror "against sandbox." - echo - fi -} - -src_compile() { - local myconf - local iscross=0 - - setup_multilib - - filter-lfs-flags #90228 - - has_multilib_profile && myconf="--enable-multilib" - - ewarn "If configure fails with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES=-sandbox emerge sandbox" - - [[ -n ${CBUILD} && ${CBUILD} != ${CHOST} ]] && iscross=1 - - OABI=${ABI} - OCHOST=${CHOST} - for ABI in $(get_install_abis); do - mkdir "${WORKDIR}/build-${ABI}-${OCHOST}" - cd "${WORKDIR}/build-${ABI}-${OCHOST}" - - # Needed for older broken portage versions (bug #109036) - has_version '<sys-apps/portage-2.0.51.22' && \ - unset EXTRA_ECONF - - export ABI - export CHOST=$(get_abi_CHOST) - [[ ${iscross} == 0 ]] && export CBUILD=${CHOST} - - einfo "Configuring sandbox for ABI=${ABI}..." - ECONF_SOURCE="../${P}/" \ - econf --libdir="/usr/$(get_libdir)" ${myconf} - einfo "Building sandbox for ABI=${ABI}..." - emake || { - abi_fail_check "${ABI}" - die "emake failed for ${ABI}" - } - done - ABI=${OABI} - CHOST=${OCHOST} -} - -src_install() { - setup_multilib - - OABI=${ABI} - for ABI in $(get_install_abis); do - cd "${WORKDIR}/build-${ABI}-${CHOST}" - einfo "Installing sandbox for ABI=${ABI}..." - make DESTDIR="${D}" install || die "make install failed for ${ABI}" - done - ABI=${OABI} - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog NEWS README -} - -pkg_preinst() { - chown root:portage "${D}"/var/log/sandbox - chmod 0770 "${D}"/var/log/sandbox -} diff --git a/sys-apps/sandbox/sandbox-1.2.20_alpha2-r1.ebuild b/sys-apps/sandbox/sandbox-1.2.20_alpha2-r1.ebuild deleted file mode 100644 index f11725512bf2..000000000000 --- a/sys-apps/sandbox/sandbox-1.2.20_alpha2-r1.ebuild +++ /dev/null @@ -1,106 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-1.2.20_alpha2-r1.ebuild,v 1.6 2009/08/13 10:49:15 vapier Exp $ - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -inherit eutils flag-o-matic toolchain-funcs multilib - -PVER= - -MY_P="${P/_/}" -S="${WORKDIR}/${MY_P}" -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="http://www.gentoo.org/" -SRC_URI="mirror://gentoo/${MY_P}.tar.bz2 - http://dev.gentoo.org/~azarah/sandbox/${MY_P}.tar.bz2" -if [[ -n ${PVER} ]] ; then - SRC_URI="${SRC_URI} - mirror://gentoo/${MY_P}-patches-${PVER}.tar.bz2 - http://dev.gentoo.org/~azarah/sandbox/${MY_P}-patches-${PVER}.tar.bz2" -fi - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" -IUSE="" - -DEPEND="" - -EMULTILIB_PKG="true" -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES=-sandbox emerge sandbox" -} - -src_unpack() { - unpack ${A} - - if [[ -n ${PVER} ]] ; then - cd "${S}" - epatch "${WORKDIR}/patch" - fi - - cd "${S}" - sed -i -e 's/&> libctest.log/>libctest.log 2>\&1/g' configure || die "sed failed" #236868 - - cd "${S}/libsandbox" - epatch "${FILESDIR}"/${PN}-1.2.18.1-open-cloexec.patch - epatch "${FILESDIR}"/${P}-parallel.patch #190051 -} - -src_compile() { - local myconf - - filter-lfs-flags #90228 - - has_multilib_profile && myconf="--enable-multilib" - - local OABI=${ABI} - for ABI in $(get_install_abis) ; do - mkdir "${WORKDIR}/build-${ABI}" - cd "${WORKDIR}/build-${ABI}" - - multilib_toolchain_setup ${ABI} - - # Needed for older broken portage versions (bug #109036) - has_version '<sys-apps/portage-2.0.51.22' && \ - unset EXTRA_ECONF - - einfo "Configuring sandbox for ABI=${ABI}..." - ECONF_SOURCE="../${MY_P}/" \ - econf ${myconf} || die - einfo "Building sandbox for ABI=${ABI}..." - emake || die - done - ABI=${OABI} -} - -src_install() { - local OABI=${ABI} - for ABI in $(get_install_abis) ; do - cd "${WORKDIR}/build-${ABI}" - einfo "Installing sandbox for ABI=${ABI}..." - emake DESTDIR="${D}" install || die "make install failed for ${ABI}" - done - ABI=${OABI} - - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog NEWS README -} - -pkg_preinst() { - chown root:portage "${D}"/var/log/sandbox - chmod 0770 "${D}"/var/log/sandbox -} |