1 |
commit: f347f9d1b05fe115584e07ca93470afc19ab6690 |
2 |
Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 29 03:15:54 2017 +0000 |
4 |
Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 29 03:15:54 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=f347f9d1 |
7 |
|
8 |
sys-apps/sandbox - add missing sandbox-2.11-symlinkat-renameat.patch |
9 |
patch |
10 |
|
11 |
sys-apps/sandbox/Manifest | 1 + |
12 |
.../files/sandbox-2.11-symlinkat-renameat.patch | 124 +++++++++++++++++++++ |
13 |
2 files changed, 125 insertions(+) |
14 |
|
15 |
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest |
16 |
index 5fc228f..1a3dacc 100644 |
17 |
--- a/sys-apps/sandbox/Manifest |
18 |
+++ b/sys-apps/sandbox/Manifest |
19 |
@@ -4,6 +4,7 @@ AUX sandbox-2.10-fix-opendir.patch 3311 SHA256 33e31a0331d75985e6fb254001d657988 |
20 |
AUX sandbox-2.10-fix-visibility-musl.patch 573 SHA256 67f70fa39867eeeee45b343db78c73fdb6e63b8a1b52d3dc288894402239dd12 SHA512 a740e0b1a68c0609dc3080e88ab8ab87885fe05f5e0864d10ed76e8e7000f7879cb206342c38d4097c691a7c85d1936e98802b206084eb2af9f78bd43158d759 WHIRLPOOL 0c226daa4b6d36c2df001d3d67b9e4023944c5b010d1bc311d731c121dd94b533546479a7b1b77bcb8be608ecf70508fb7dd65b22bafdb2d13a2860c9c0659da |
21 |
AUX sandbox-2.10-memory-corruption.patch 1515 SHA256 4876cc9962d56d3c5fc5418fe12ef1a399e34ff0272f12640c4a5c5b775e8888 SHA512 1eb650824cc7a876fabef382cafb451a507326a8422fb7bb5014699046b64ea8f4cf2bba9efcb75d7a2eac4eff493d06153422f85c119f49635ac0840071660c WHIRLPOOL db2c834119c7887ed746154e73e88cc09bf2a31184b3cda2732b70cb43dd8bc7f59f1072a4cc56ebcf593ba67330b9888832dc186ee55e009428d607f62293ab |
22 |
AUX sandbox-2.11-musl.patch 1851 SHA256 1f2586e81a06daf7b69642d9c5fbf53563832a4ccd769ec696d9c2baabd2874c SHA512 2800191fbf312d9b8858ef29975355ae51a4aff05ccc7c425f5168fe2db24562e4cf164e8ee35ecc77e0777be9d37cc52d66fdd4bf3eaeb0fc4c68c240a0cb61 WHIRLPOOL 9c2abfcd5f68391c4890beeaf99020a9160635c888de7b45238174e7ac51ffac393150698feb0061fd3104e71a6825f9be98e5495a415ede8d2493a77f3e35e8 |
23 |
+AUX sandbox-2.11-symlinkat-renameat.patch 3418 SHA256 74036803fd8cc07e903abdc2202167cff5e03a82d0db64ad8969b642201a993e SHA512 cbefae8aa9c289db0bfe7b2429f64aa4c437be0e269eaa657eb3b22a3086db1fca45a624cb181978b4157f0cb9b475b4ece2eb9337285bf8bede709ad4431c52 WHIRLPOOL d8943c3f4cda8428c7ab1a75decd67c5e743e5ca998d7e0ae8ba8828923b1c9dc4429c293af4dc9655d3a45e189020fd754f8152471f1626b113a50f69886c9b |
24 |
AUX sandbox-2.6-musl.patch 1821 SHA256 df08faebffbfade91a2620ff8b56c2087e4a34506fbff3dcf9bc35c2d5bd467c SHA512 69d11e80c97a844c0d84404e802950c876edda8eb7909c90f6f5d4b3fe8a33b5bc884ecc3741c10c8bd7e0871db2db1853cfac969a153d162423b3f3c94039c9 WHIRLPOOL 7120eaf3062cb18c3b13a61fe2b6f839a5f267650d9aa809fafc6d25e8faaadd7af3d5fb41cce66ecf71668555847d264ea977442f03f4dfe7b88b98cf86f78e |
25 |
DIST sandbox-2.10.tar.xz 417068 SHA256 019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 WHIRLPOOL 5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192 |
26 |
DIST sandbox-2.12.tar.xz 424252 SHA256 265a490a8c528237c55ad26dfd7f62336fa5727c82358fc9cfbaa2e52c47fc50 SHA512 98bd2ee8807d81e65ee0c9f11cfaf2b37da2ee4d8763c68d18c0ff6b14f3cc847ae2d3a0aa30cbe86063a2108ed4d4dcf7cc3fc4f37cb7549d266d4c1989c2a9 WHIRLPOOL 4f3089746a11616c60057165f387122b74e8d2f30a2d77db296405a2b6f401fc625645bca73092436162f5d98a88bfb2a3b42909b0eceb9a59ab810d803441b0 |
27 |
|
28 |
diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch |
29 |
new file mode 100644 |
30 |
index 0000000..e33011f |
31 |
--- /dev/null |
32 |
+++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch |
33 |
@@ -0,0 +1,124 @@ |
34 |
+From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001 |
35 |
+From: Mike Frysinger <vapier@g.o> |
36 |
+Date: Fri, 10 Mar 2017 10:15:50 -0800 |
37 |
+Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs |
38 |
+ |
39 |
+These funcs don't deref their path args, so flag them as such. |
40 |
+ |
41 |
+URL: https://bugs.gentoo.org/612202 |
42 |
+Signed-off-by: Mike Frysinger <vapier@g.o> |
43 |
+--- |
44 |
+ libsandbox/libsandbox.c | 4 +++- |
45 |
+ tests/renameat-2.sh | 12 ++++++++++++ |
46 |
+ tests/renameat-3.sh | 11 +++++++++++ |
47 |
+ tests/renameat.at | 2 ++ |
48 |
+ tests/symlinkat-2.sh | 10 ++++++++++ |
49 |
+ tests/symlinkat-3.sh | 9 +++++++++ |
50 |
+ tests/symlinkat.at | 2 ++ |
51 |
+ 7 files changed, 49 insertions(+), 1 deletion(-) |
52 |
+ create mode 100755 tests/renameat-2.sh |
53 |
+ create mode 100755 tests/renameat-3.sh |
54 |
+ create mode 100755 tests/symlinkat-2.sh |
55 |
+ create mode 100755 tests/symlinkat-3.sh |
56 |
+ |
57 |
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c |
58 |
+index e809308d717d..de48bd79ba53 100644 |
59 |
+--- a/libsandbox/libsandbox.c |
60 |
++++ b/libsandbox/libsandbox.c |
61 |
+@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) |
62 |
+ sb_nr == SB_NR_LCHOWN || |
63 |
+ sb_nr == SB_NR_REMOVE || |
64 |
+ sb_nr == SB_NR_RENAME || |
65 |
++ sb_nr == SB_NR_RENAMEAT || |
66 |
+ sb_nr == SB_NR_RMDIR || |
67 |
+- sb_nr == SB_NR_SYMLINK)) |
68 |
++ sb_nr == SB_NR_SYMLINK || |
69 |
++ sb_nr == SB_NR_SYMLINKAT)) |
70 |
+ { |
71 |
+ /* These funcs sometimes operate on symlinks */ |
72 |
+ if (!((sb_nr == SB_NR_FCHOWNAT || |
73 |
+diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh |
74 |
+new file mode 100755 |
75 |
+index 000000000000..d0fbe8ae4574 |
76 |
+--- /dev/null |
77 |
++++ b/tests/renameat-2.sh |
78 |
+@@ -0,0 +1,12 @@ |
79 |
++#!/bin/sh |
80 |
++# make sure we can clobber symlinks #612202 |
81 |
++ |
82 |
++addwrite $PWD |
83 |
++ |
84 |
++ln -s /asdf sym || exit 1 |
85 |
++touch file |
86 |
++renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1 |
87 |
++[ ! -e file ] |
88 |
++[ ! -L sym ] |
89 |
++[ -e sym ] |
90 |
++test ! -s "${SANDBOX_LOG}" |
91 |
+diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh |
92 |
+new file mode 100755 |
93 |
+index 000000000000..9ae5c9a6511a |
94 |
+--- /dev/null |
95 |
++++ b/tests/renameat-3.sh |
96 |
+@@ -0,0 +1,11 @@ |
97 |
++#!/bin/sh |
98 |
++# make sure we reject bad renames #612202 |
99 |
++ |
100 |
++addwrite $PWD |
101 |
++mkdir deny |
102 |
++adddeny $PWD/deny |
103 |
++ |
104 |
++touch file |
105 |
++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1 |
106 |
++[ -e file ] |
107 |
++test -s "${SANDBOX_LOG}" |
108 |
+diff --git a/tests/renameat.at b/tests/renameat.at |
109 |
+index 081d7d20277e..eec4638deeaa 100644 |
110 |
+--- a/tests/renameat.at |
111 |
++++ b/tests/renameat.at |
112 |
+@@ -1 +1,3 @@ |
113 |
+ SB_CHECK(1) |
114 |
++SB_CHECK(2) |
115 |
++SB_CHECK(3) |
116 |
+diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh |
117 |
+new file mode 100755 |
118 |
+index 000000000000..168362e8806f |
119 |
+--- /dev/null |
120 |
++++ b/tests/symlinkat-2.sh |
121 |
+@@ -0,0 +1,10 @@ |
122 |
++#!/bin/sh |
123 |
++# make sure we can clobber symlinks #612202 |
124 |
++ |
125 |
++addwrite $PWD |
126 |
++ |
127 |
++symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1 |
128 |
++[ -L sym ] |
129 |
++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1 |
130 |
++[ -L sym ] |
131 |
++test ! -s "${SANDBOX_LOG}" |
132 |
+diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh |
133 |
+new file mode 100755 |
134 |
+index 000000000000..a01c750dd2b6 |
135 |
+--- /dev/null |
136 |
++++ b/tests/symlinkat-3.sh |
137 |
+@@ -0,0 +1,9 @@ |
138 |
++#!/bin/sh |
139 |
++# make sure we reject bad symlinks #612202 |
140 |
++ |
141 |
++addwrite $PWD |
142 |
++mkdir deny |
143 |
++adddeny $PWD/deny |
144 |
++ |
145 |
++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1 |
146 |
++test -s "${SANDBOX_LOG}" |
147 |
+diff --git a/tests/symlinkat.at b/tests/symlinkat.at |
148 |
+index 081d7d20277e..eec4638deeaa 100644 |
149 |
+--- a/tests/symlinkat.at |
150 |
++++ b/tests/symlinkat.at |
151 |
+@@ -1 +1,3 @@ |
152 |
+ SB_CHECK(1) |
153 |
++SB_CHECK(2) |
154 |
++SB_CHECK(3) |
155 |
+-- |
156 |
+2.12.0 |
157 |
+ |