[gentoo-commits] proj/musl:master commit in: sys-apps/sandbox/files/, sys-apps/sandbox/ - gentoo-commits

From:	Jory Pratt <anarchy@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/musl:master commit in: sys-apps/sandbox/files/, sys-apps/sandbox/
Date:	Sun, 29 Oct 2017 03:16:34
Message-Id:	`1509246954.f347f9d1b05fe115584e07ca93470afc19ab6690.anarchy@gentoo`

1

commit:     f347f9d1b05fe115584e07ca93470afc19ab6690

2

Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>

3

AuthorDate: Sun Oct 29 03:15:54 2017 +0000

4

Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>

5

CommitDate: Sun Oct 29 03:15:54 2017 +0000

6

URL:        https://gitweb.gentoo.org/proj/musl.git/commit/?id=f347f9d1

7

8

sys-apps/sandbox - add missing sandbox-2.11-symlinkat-renameat.patch

9

patch

10

11

 sys-apps/sandbox/Manifest                          |   1 +

12

 .../files/sandbox-2.11-symlinkat-renameat.patch    | 124 +++++++++++++++++++++

13

 2 files changed, 125 insertions(+)

14

15

diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest

16

index 5fc228f..1a3dacc 100644

17

--- a/sys-apps/sandbox/Manifest

18

+++ b/sys-apps/sandbox/Manifest

19

@@ -4,6 +4,7 @@ AUX sandbox-2.10-fix-opendir.patch 3311 SHA256 33e31a0331d75985e6fb254001d657988

20

 AUX sandbox-2.10-fix-visibility-musl.patch 573 SHA256 67f70fa39867eeeee45b343db78c73fdb6e63b8a1b52d3dc288894402239dd12 SHA512 a740e0b1a68c0609dc3080e88ab8ab87885fe05f5e0864d10ed76e8e7000f7879cb206342c38d4097c691a7c85d1936e98802b206084eb2af9f78bd43158d759 WHIRLPOOL 0c226daa4b6d36c2df001d3d67b9e4023944c5b010d1bc311d731c121dd94b533546479a7b1b77bcb8be608ecf70508fb7dd65b22bafdb2d13a2860c9c0659da

21

 AUX sandbox-2.10-memory-corruption.patch 1515 SHA256 4876cc9962d56d3c5fc5418fe12ef1a399e34ff0272f12640c4a5c5b775e8888 SHA512 1eb650824cc7a876fabef382cafb451a507326a8422fb7bb5014699046b64ea8f4cf2bba9efcb75d7a2eac4eff493d06153422f85c119f49635ac0840071660c WHIRLPOOL db2c834119c7887ed746154e73e88cc09bf2a31184b3cda2732b70cb43dd8bc7f59f1072a4cc56ebcf593ba67330b9888832dc186ee55e009428d607f62293ab

22

 AUX sandbox-2.11-musl.patch 1851 SHA256 1f2586e81a06daf7b69642d9c5fbf53563832a4ccd769ec696d9c2baabd2874c SHA512 2800191fbf312d9b8858ef29975355ae51a4aff05ccc7c425f5168fe2db24562e4cf164e8ee35ecc77e0777be9d37cc52d66fdd4bf3eaeb0fc4c68c240a0cb61 WHIRLPOOL 9c2abfcd5f68391c4890beeaf99020a9160635c888de7b45238174e7ac51ffac393150698feb0061fd3104e71a6825f9be98e5495a415ede8d2493a77f3e35e8

23

+AUX sandbox-2.11-symlinkat-renameat.patch 3418 SHA256 74036803fd8cc07e903abdc2202167cff5e03a82d0db64ad8969b642201a993e SHA512 cbefae8aa9c289db0bfe7b2429f64aa4c437be0e269eaa657eb3b22a3086db1fca45a624cb181978b4157f0cb9b475b4ece2eb9337285bf8bede709ad4431c52 WHIRLPOOL d8943c3f4cda8428c7ab1a75decd67c5e743e5ca998d7e0ae8ba8828923b1c9dc4429c293af4dc9655d3a45e189020fd754f8152471f1626b113a50f69886c9b

24

 AUX sandbox-2.6-musl.patch 1821 SHA256 df08faebffbfade91a2620ff8b56c2087e4a34506fbff3dcf9bc35c2d5bd467c SHA512 69d11e80c97a844c0d84404e802950c876edda8eb7909c90f6f5d4b3fe8a33b5bc884ecc3741c10c8bd7e0871db2db1853cfac969a153d162423b3f3c94039c9 WHIRLPOOL 7120eaf3062cb18c3b13a61fe2b6f839a5f267650d9aa809fafc6d25e8faaadd7af3d5fb41cce66ecf71668555847d264ea977442f03f4dfe7b88b98cf86f78e

25

 DIST sandbox-2.10.tar.xz 417068 SHA256 019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 WHIRLPOOL 5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192

26

 DIST sandbox-2.12.tar.xz 424252 SHA256 265a490a8c528237c55ad26dfd7f62336fa5727c82358fc9cfbaa2e52c47fc50 SHA512 98bd2ee8807d81e65ee0c9f11cfaf2b37da2ee4d8763c68d18c0ff6b14f3cc847ae2d3a0aa30cbe86063a2108ed4d4dcf7cc3fc4f37cb7549d266d4c1989c2a9 WHIRLPOOL 4f3089746a11616c60057165f387122b74e8d2f30a2d77db296405a2b6f401fc625645bca73092436162f5d98a88bfb2a3b42909b0eceb9a59ab810d803441b0

27

28

diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch

29

new file mode 100644

30

index 0000000..e33011f

31

--- /dev/null

32

+++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch

33

@@ -0,0 +1,124 @@

34

+From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001

35

+From: Mike Frysinger <vapier@g.o>

36

+Date: Fri, 10 Mar 2017 10:15:50 -0800

37

+Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs

38

+

39

+These funcs don't deref their path args, so flag them as such.

40

+

41

+URL: https://bugs.gentoo.org/612202

42

+Signed-off-by: Mike Frysinger <vapier@g.o>

43

+---

44

+ libsandbox/libsandbox.c |  4 +++-

45

+ tests/renameat-2.sh     | 12 ++++++++++++

46

+ tests/renameat-3.sh     | 11 +++++++++++

47

+ tests/renameat.at       |  2 ++

48

+ tests/symlinkat-2.sh    | 10 ++++++++++

49

+ tests/symlinkat-3.sh    |  9 +++++++++

50

+ tests/symlinkat.at      |  2 ++

51

+ 7 files changed, 49 insertions(+), 1 deletion(-)

52

+ create mode 100755 tests/renameat-2.sh

53

+ create mode 100755 tests/renameat-3.sh

54

+ create mode 100755 tests/symlinkat-2.sh

55

+ create mode 100755 tests/symlinkat-3.sh

56

+

57

+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c

58

+index e809308d717d..de48bd79ba53 100644

59

+--- a/libsandbox/libsandbox.c

60

++++ b/libsandbox/libsandbox.c

61

+@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)

62

+ 	      sb_nr == SB_NR_LCHOWN   ||

63

+ 	      sb_nr == SB_NR_REMOVE   ||

64

+ 	      sb_nr == SB_NR_RENAME   ||

65

++	      sb_nr == SB_NR_RENAMEAT ||

66

+ 	      sb_nr == SB_NR_RMDIR    ||

67

+-	      sb_nr == SB_NR_SYMLINK))

68

++	      sb_nr == SB_NR_SYMLINK  ||

69

++	      sb_nr == SB_NR_SYMLINKAT))

70

+ 	{

71

+ 		/* These funcs sometimes operate on symlinks */

72

+ 		if (!((sb_nr == SB_NR_FCHOWNAT ||

73

+diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh

74

+new file mode 100755

75

+index 000000000000..d0fbe8ae4574

76

+--- /dev/null

77

++++ b/tests/renameat-2.sh

78

+@@ -0,0 +1,12 @@

79

++#!/bin/sh

80

++# make sure we can clobber symlinks #612202

81

++

82

++addwrite $PWD

83

++

84

++ln -s /asdf sym || exit 1

85

++touch file

86

++renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1

87

++[ ! -e file ]

88

++[ ! -L sym ]

89

++[ -e sym ]

90

++test ! -s "${SANDBOX_LOG}"

91

+diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh

92

+new file mode 100755

93

+index 000000000000..9ae5c9a6511a

94

+--- /dev/null

95

++++ b/tests/renameat-3.sh

96

+@@ -0,0 +1,11 @@

97

++#!/bin/sh

98

++# make sure we reject bad renames #612202

99

++

100

++addwrite $PWD

101

++mkdir deny

102

++adddeny $PWD/deny

103

++

104

++touch file

105

++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1

106

++[ -e file ]

107

++test -s "${SANDBOX_LOG}"

108

+diff --git a/tests/renameat.at b/tests/renameat.at

109

+index 081d7d20277e..eec4638deeaa 100644

110

+--- a/tests/renameat.at

111

++++ b/tests/renameat.at

112

+@@ -1 +1,3 @@

113

+ SB_CHECK(1)

114

++SB_CHECK(2)

115

++SB_CHECK(3)

116

+diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh

117

+new file mode 100755

118

+index 000000000000..168362e8806f

119

+--- /dev/null

120

++++ b/tests/symlinkat-2.sh

121

+@@ -0,0 +1,10 @@

122

++#!/bin/sh

123

++# make sure we can clobber symlinks #612202

124

++

125

++addwrite $PWD

126

++

127

++symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1

128

++[ -L sym ]

129

++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1

130

++[ -L sym ]

131

++test ! -s "${SANDBOX_LOG}"

132

+diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh

133

+new file mode 100755

134

+index 000000000000..a01c750dd2b6

135

+--- /dev/null

136

++++ b/tests/symlinkat-3.sh

137

+@@ -0,0 +1,9 @@

138

++#!/bin/sh

139

++# make sure we reject bad symlinks #612202

140

++

141

++addwrite $PWD

142

++mkdir deny

143

++adddeny $PWD/deny

144

++

145

++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1

146

++test -s "${SANDBOX_LOG}"

147

+diff --git a/tests/symlinkat.at b/tests/symlinkat.at

148

+index 081d7d20277e..eec4638deeaa 100644

149

+--- a/tests/symlinkat.at

150

++++ b/tests/symlinkat.at

151

+@@ -1 +1,3 @@

152

+ SB_CHECK(1)

153

++SB_CHECK(2)

154

++SB_CHECK(3)

155

+--

156

+2.12.0

157

+

1	commit: f347f9d1b05fe115584e07ca93470afc19ab6690
2	Author: Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
3	AuthorDate: Sun Oct 29 03:15:54 2017 +0000
4	Commit: Jory Pratt <anarchy <AT> gentoo <DOT> org>
5	CommitDate: Sun Oct 29 03:15:54 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=f347f9d1
7
8	sys-apps/sandbox - add missing sandbox-2.11-symlinkat-renameat.patch
9	patch
10
11	sys-apps/sandbox/Manifest \| 1 +
12	.../files/sandbox-2.11-symlinkat-renameat.patch \| 124 +++++++++++++++++++++
13	2 files changed, 125 insertions(+)
14
15	diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
16	index 5fc228f..1a3dacc 100644
17	--- a/sys-apps/sandbox/Manifest
18	+++ b/sys-apps/sandbox/Manifest
19	@@ -4,6 +4,7 @@ AUX sandbox-2.10-fix-opendir.patch 3311 SHA256 33e31a0331d75985e6fb254001d657988
20	AUX sandbox-2.10-fix-visibility-musl.patch 573 SHA256 67f70fa39867eeeee45b343db78c73fdb6e63b8a1b52d3dc288894402239dd12 SHA512 a740e0b1a68c0609dc3080e88ab8ab87885fe05f5e0864d10ed76e8e7000f7879cb206342c38d4097c691a7c85d1936e98802b206084eb2af9f78bd43158d759 WHIRLPOOL 0c226daa4b6d36c2df001d3d67b9e4023944c5b010d1bc311d731c121dd94b533546479a7b1b77bcb8be608ecf70508fb7dd65b22bafdb2d13a2860c9c0659da
21	AUX sandbox-2.10-memory-corruption.patch 1515 SHA256 4876cc9962d56d3c5fc5418fe12ef1a399e34ff0272f12640c4a5c5b775e8888 SHA512 1eb650824cc7a876fabef382cafb451a507326a8422fb7bb5014699046b64ea8f4cf2bba9efcb75d7a2eac4eff493d06153422f85c119f49635ac0840071660c WHIRLPOOL db2c834119c7887ed746154e73e88cc09bf2a31184b3cda2732b70cb43dd8bc7f59f1072a4cc56ebcf593ba67330b9888832dc186ee55e009428d607f62293ab
22	AUX sandbox-2.11-musl.patch 1851 SHA256 1f2586e81a06daf7b69642d9c5fbf53563832a4ccd769ec696d9c2baabd2874c SHA512 2800191fbf312d9b8858ef29975355ae51a4aff05ccc7c425f5168fe2db24562e4cf164e8ee35ecc77e0777be9d37cc52d66fdd4bf3eaeb0fc4c68c240a0cb61 WHIRLPOOL 9c2abfcd5f68391c4890beeaf99020a9160635c888de7b45238174e7ac51ffac393150698feb0061fd3104e71a6825f9be98e5495a415ede8d2493a77f3e35e8
23	+AUX sandbox-2.11-symlinkat-renameat.patch 3418 SHA256 74036803fd8cc07e903abdc2202167cff5e03a82d0db64ad8969b642201a993e SHA512 cbefae8aa9c289db0bfe7b2429f64aa4c437be0e269eaa657eb3b22a3086db1fca45a624cb181978b4157f0cb9b475b4ece2eb9337285bf8bede709ad4431c52 WHIRLPOOL d8943c3f4cda8428c7ab1a75decd67c5e743e5ca998d7e0ae8ba8828923b1c9dc4429c293af4dc9655d3a45e189020fd754f8152471f1626b113a50f69886c9b
24	AUX sandbox-2.6-musl.patch 1821 SHA256 df08faebffbfade91a2620ff8b56c2087e4a34506fbff3dcf9bc35c2d5bd467c SHA512 69d11e80c97a844c0d84404e802950c876edda8eb7909c90f6f5d4b3fe8a33b5bc884ecc3741c10c8bd7e0871db2db1853cfac969a153d162423b3f3c94039c9 WHIRLPOOL 7120eaf3062cb18c3b13a61fe2b6f839a5f267650d9aa809fafc6d25e8faaadd7af3d5fb41cce66ecf71668555847d264ea977442f03f4dfe7b88b98cf86f78e
25	DIST sandbox-2.10.tar.xz 417068 SHA256 019d6a2646b3a5f9b6fc3fcb6ff99332901017eb845442bec8573b9901506fa6 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 WHIRLPOOL 5d6cffa7317cafeba02af75de9ae914d4365a62b54d3dfcc14cb272e621f2f76a60a945591ccb57dd59d6750152087cb2f21e43ded3ec181d6b42df173147192
26	DIST sandbox-2.12.tar.xz 424252 SHA256 265a490a8c528237c55ad26dfd7f62336fa5727c82358fc9cfbaa2e52c47fc50 SHA512 98bd2ee8807d81e65ee0c9f11cfaf2b37da2ee4d8763c68d18c0ff6b14f3cc847ae2d3a0aa30cbe86063a2108ed4d4dcf7cc3fc4f37cb7549d266d4c1989c2a9 WHIRLPOOL 4f3089746a11616c60057165f387122b74e8d2f30a2d77db296405a2b6f401fc625645bca73092436162f5d98a88bfb2a3b42909b0eceb9a59ab810d803441b0
27
28	diff --git a/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
29	new file mode 100644
30	index 0000000..e33011f
31	--- /dev/null
32	+++ b/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch
33	@@ -0,0 +1,124 @@
34	+From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001
35	+From: Mike Frysinger <vapier@g.o>
36	+Date: Fri, 10 Mar 2017 10:15:50 -0800
37	+Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs
38	+
39	+These funcs don't deref their path args, so flag them as such.
40	+
41	+URL: https://bugs.gentoo.org/612202
42	+Signed-off-by: Mike Frysinger <vapier@g.o>
43	+---
44	+ libsandbox/libsandbox.c \| 4 +++-
45	+ tests/renameat-2.sh \| 12 ++++++++++++
46	+ tests/renameat-3.sh \| 11 +++++++++++
47	+ tests/renameat.at \| 2 ++
48	+ tests/symlinkat-2.sh \| 10 ++++++++++
49	+ tests/symlinkat-3.sh \| 9 +++++++++
50	+ tests/symlinkat.at \| 2 ++
51	+ 7 files changed, 49 insertions(+), 1 deletion(-)
52	+ create mode 100755 tests/renameat-2.sh
53	+ create mode 100755 tests/renameat-3.sh
54	+ create mode 100755 tests/symlinkat-2.sh
55	+ create mode 100755 tests/symlinkat-3.sh
56	+
57	+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
58	+index e809308d717d..de48bd79ba53 100644
59	+--- a/libsandbox/libsandbox.c
60	++++ b/libsandbox/libsandbox.c
61	+@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path)
62	+ sb_nr == SB_NR_LCHOWN \|\|
63	+ sb_nr == SB_NR_REMOVE \|\|
64	+ sb_nr == SB_NR_RENAME \|\|
65	++ sb_nr == SB_NR_RENAMEAT \|\|
66	+ sb_nr == SB_NR_RMDIR \|\|
67	+- sb_nr == SB_NR_SYMLINK))
68	++ sb_nr == SB_NR_SYMLINK \|\|
69	++ sb_nr == SB_NR_SYMLINKAT))
70	+ {
71	+ /* These funcs sometimes operate on symlinks */
72	+ if (!((sb_nr == SB_NR_FCHOWNAT \|\|
73	+diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh
74	+new file mode 100755
75	+index 000000000000..d0fbe8ae4574
76	+--- /dev/null
77	++++ b/tests/renameat-2.sh
78	+@@ -0,0 +1,12 @@
79	++#!/bin/sh
80	++# make sure we can clobber symlinks #612202
81	++
82	++addwrite $PWD
83	++
84	++ln -s /asdf sym \|\| exit 1
85	++touch file
86	++renameat-0 0 AT_FDCWD file AT_FDCWD sym \|\| exit 1
87	++[ ! -e file ]
88	++[ ! -L sym ]
89	++[ -e sym ]
90	++test ! -s "${SANDBOX_LOG}"
91	+diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh
92	+new file mode 100755
93	+index 000000000000..9ae5c9a6511a
94	+--- /dev/null
95	++++ b/tests/renameat-3.sh
96	+@@ -0,0 +1,11 @@
97	++#!/bin/sh
98	++# make sure we reject bad renames #612202
99	++
100	++addwrite $PWD
101	++mkdir deny
102	++adddeny $PWD/deny
103	++
104	++touch file
105	++renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file \|\| exit 1
106	++[ -e file ]
107	++test -s "${SANDBOX_LOG}"
108	+diff --git a/tests/renameat.at b/tests/renameat.at
109	+index 081d7d20277e..eec4638deeaa 100644
110	+--- a/tests/renameat.at
111	++++ b/tests/renameat.at
112	+@@ -1 +1,3 @@
113	+ SB_CHECK(1)
114	++SB_CHECK(2)
115	++SB_CHECK(3)
116	+diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh
117	+new file mode 100755
118	+index 000000000000..168362e8806f
119	+--- /dev/null
120	++++ b/tests/symlinkat-2.sh
121	+@@ -0,0 +1,10 @@
122	++#!/bin/sh
123	++# make sure we can clobber symlinks #612202
124	++
125	++addwrite $PWD
126	++
127	++symlinkat-0 0 /asdf AT_FDCWD ./sym \|\| exit 1
128	++[ -L sym ]
129	++symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym \|\| exit 1
130	++[ -L sym ]
131	++test ! -s "${SANDBOX_LOG}"
132	+diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh
133	+new file mode 100755
134	+index 000000000000..a01c750dd2b6
135	+--- /dev/null
136	++++ b/tests/symlinkat-3.sh
137	+@@ -0,0 +1,9 @@
138	++#!/bin/sh
139	++# make sure we reject bad symlinks #612202
140	++
141	++addwrite $PWD
142	++mkdir deny
143	++adddeny $PWD/deny
144	++
145	++symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym \|\| exit 1
146	++test -s "${SANDBOX_LOG}"
147	+diff --git a/tests/symlinkat.at b/tests/symlinkat.at
148	+index 081d7d20277e..eec4638deeaa 100644
149	+--- a/tests/symlinkat.at
150	++++ b/tests/symlinkat.at
151	+@@ -1 +1,3 @@
152	+ SB_CHECK(1)
153	++SB_CHECK(2)
154	++SB_CHECK(3)
155	+--
156	+2.12.0
157	+

Gentoo Archives: gentoo-commits