1 |
commit: 3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5 |
2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Dec 30 08:35:38 2016 +0000 |
4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Dec 30 08:49:48 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a9eb02c |
7 |
|
8 |
sys-apps/sandbox: Fix opendir sandbox abort with long paths |
9 |
|
10 |
Shell globbing code could end up calling opendir on a whole command line |
11 |
with arguments, exceeding 8k characters - for example when libtool gets |
12 |
passed an -export-symbols-regex with a wildcard. |
13 |
Due to the length exceeding sandbox internal SB_PATH_MAX, it gets trimmed |
14 |
internally in sandbox syscall checks (even though opendir isn't an actual |
15 |
syscall), gets confused and throws an ISE abort. |
16 |
Fix it by adding a precheck that simply fails early with ENAMETOOLONG on |
17 |
too long paths, as the real glibc function would do the same. |
18 |
|
19 |
Fixes large projects hitting sandbox abort inside the driving POSIX shell |
20 |
globbing function due to a long list of linker arguments (such as many object |
21 |
files) being passed to libtool together with an -export-symbols-regex with |
22 |
a wildcard. Known affected packages include graphicsmagick and newer |
23 |
gnome-builder. |
24 |
|
25 |
p.masked for a short time as a maintainer timeout, seeking independent |
26 |
validation as a critical packages non-maintainer revbump. |
27 |
|
28 |
Gentoo-Bug: 553092 |
29 |
Package-Manager: portage-2.3.3 |
30 |
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org> |
31 |
|
32 |
profiles/package.mask | 4 + |
33 |
.../sandbox/files/sandbox-2.10-fix-opendir.patch | 79 ++++++++++++++++++++ |
34 |
sys-apps/sandbox/sandbox-2.10-r3.ebuild | 84 +++++++++++++++++++++ |
35 |
sys-apps/sandbox/sandbox-2.11-r4.ebuild | 85 ++++++++++++++++++++++ |
36 |
4 files changed, 252 insertions(+) |
37 |
|
38 |
diff --git a/profiles/package.mask b/profiles/package.mask |
39 |
index 438ba4f..979a785 100644 |
40 |
--- a/profiles/package.mask |
41 |
+++ b/profiles/package.mask |
42 |
@@ -30,6 +30,10 @@ |
43 |
|
44 |
#--- END OF EXAMPLES --- |
45 |
|
46 |
+# Mart Raudsepp <leio@g.o> (30 Dec 2016) |
47 |
+# Temporary testing mask for non-maintainer commit of a bugfix, #553092 |
48 |
+=sys-apps/sandbox-2.10-r3 |
49 |
+ |
50 |
# David Seifert <soap@g.o> (29 Dec 2016) |
51 |
# Ancient codebase, maintenance nightmare, dead |
52 |
# upstream, games-emulation/vbam is spiritual successor |
53 |
|
54 |
diff --git a/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch |
55 |
new file mode 100644 |
56 |
index 00000000..2ff89bc |
57 |
--- /dev/null |
58 |
+++ b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch |
59 |
@@ -0,0 +1,79 @@ |
60 |
+From 3f668dc6ba1910085e61b3a24167ab1352c60d92 Mon Sep 17 00:00:00 2001 |
61 |
+From: Mart Raudsepp <leio@g.o> |
62 |
+Date: Fri, 11 Nov 2016 12:34:48 +0200 |
63 |
+Subject: [PATCH] libsandbox: do not abort with a long name to opendir |
64 |
+ |
65 |
+Add a pre-check for opendir that catches too long name arguments |
66 |
+given to opendir, as it would get messed up and abort before it |
67 |
+even gets to the open*() syscall (which would handle it correctly), |
68 |
+due to opendir going through before_syscall/check_syscall, even |
69 |
+though it isn't a true syscall and it getting cut to SB_PATH_MAX |
70 |
+inbetween and getting confused somewhere. |
71 |
+ |
72 |
+URL: https://bugs.gentoo.org/553092 |
73 |
+Signed-off-by: Mart Raudsepp <leio@g.o> |
74 |
+--- |
75 |
+ libsandbox/wrapper-funcs/opendir.c | 2 ++ |
76 |
+ libsandbox/wrapper-funcs/opendir_pre_check.c | 26 ++++++++++++++++++++++++++ |
77 |
+ libsandbox/wrappers.h | 1 + |
78 |
+ 3 files changed, 29 insertions(+) |
79 |
+ create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c |
80 |
+ |
81 |
+diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c |
82 |
+index 7670775..70c2692 100644 |
83 |
+--- a/libsandbox/wrapper-funcs/opendir.c |
84 |
++++ b/libsandbox/wrapper-funcs/opendir.c |
85 |
+@@ -10,4 +10,6 @@ |
86 |
+ #define WRAPPER_SAFE() SB_SAFE(name) |
87 |
+ #define WRAPPER_RET_TYPE DIR * |
88 |
+ #define WRAPPER_RET_DEFAULT NULL |
89 |
++#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name) |
90 |
++ |
91 |
+ #include "__wrapper_simple.c" |
92 |
+diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c |
93 |
+new file mode 100644 |
94 |
+index 0000000..60c869f |
95 |
+--- /dev/null |
96 |
++++ b/libsandbox/wrapper-funcs/opendir_pre_check.c |
97 |
+@@ -0,0 +1,26 @@ |
98 |
++/* |
99 |
++ * opendir() pre-check. |
100 |
++ * |
101 |
++ * Copyright 1999-2016 Gentoo Foundation |
102 |
++ * Licensed under the GPL-2 |
103 |
++ */ |
104 |
++ |
105 |
++bool sb_opendir_pre_check(const char *func, const char *name) |
106 |
++{ |
107 |
++ /* If length of name is larger than PATH_MAX, we would mess it up |
108 |
++ * before it reaches the open syscall, which would cleanly error out |
109 |
++ * via sandbox as well (actually with much smaller lengths than even |
110 |
++ * PATH_MAX). |
111 |
++ * So error out early in this case, in order to avoid an abort in |
112 |
++ * check_syscall later on, which gets ran for opendir, despite it not |
113 |
++ * being a syscall. |
114 |
++ */ |
115 |
++ if (strnlen(name, PATH_MAX) == PATH_MAX) { |
116 |
++ errno = ENAMETOOLONG; |
117 |
++ sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", |
118 |
++ func, name, strerror(errno)); |
119 |
++ return false; |
120 |
++ } |
121 |
++ |
122 |
++ return true; |
123 |
++} |
124 |
+diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h |
125 |
+index 0aa58bb..bf5bf64 100644 |
126 |
+--- a/libsandbox/wrappers.h |
127 |
++++ b/libsandbox/wrappers.h |
128 |
+@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check (const char *func, const char *pathn |
129 |
+ attribute_hidden bool sb_mkdirat_pre_check (const char *func, const char *pathname, int dirfd); |
130 |
+ attribute_hidden bool sb_openat_pre_check (const char *func, const char *pathname, int dirfd, int flags); |
131 |
+ attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags); |
132 |
++attribute_hidden bool sb_opendir_pre_check (const char *func, const char *name); |
133 |
+ attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd); |
134 |
+ attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, |
135 |
+ char *dirfd_path, size_t dirfd_path_len); |
136 |
+-- |
137 |
+2.9.0 |
138 |
+ |
139 |
|
140 |
diff --git a/sys-apps/sandbox/sandbox-2.10-r3.ebuild b/sys-apps/sandbox/sandbox-2.10-r3.ebuild |
141 |
new file mode 100644 |
142 |
index 00000000..910a931 |
143 |
--- /dev/null |
144 |
+++ b/sys-apps/sandbox/sandbox-2.10-r3.ebuild |
145 |
@@ -0,0 +1,84 @@ |
146 |
+# Copyright 1999-2016 Gentoo Foundation |
147 |
+# Distributed under the terms of the GNU General Public License v2 |
148 |
+ |
149 |
+# |
150 |
+# don't monkey with this ebuild unless contacting portage devs. |
151 |
+# period. |
152 |
+# |
153 |
+ |
154 |
+EAPI="5" |
155 |
+ |
156 |
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils |
157 |
+ |
158 |
+DESCRIPTION="sandbox'd LD_PRELOAD hack" |
159 |
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" |
160 |
+SRC_URI="mirror://gentoo/${P}.tar.xz |
161 |
+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" |
162 |
+ |
163 |
+LICENSE="GPL-2" |
164 |
+SLOT="0" |
165 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
166 |
+IUSE="" |
167 |
+ |
168 |
+DEPEND="app-arch/xz-utils |
169 |
+ >=app-misc/pax-utils-0.1.19" #265376 |
170 |
+RDEPEND="" |
171 |
+ |
172 |
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" |
173 |
+ |
174 |
+sandbox_death_notice() { |
175 |
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" |
176 |
+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" |
177 |
+} |
178 |
+ |
179 |
+src_prepare() { |
180 |
+ epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714 |
181 |
+ epatch "${FILESDIR}"/${P}-disable-same.patch |
182 |
+ epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092 |
183 |
+ epatch_user |
184 |
+} |
185 |
+ |
186 |
+multilib_src_configure() { |
187 |
+ filter-lfs-flags #90228 |
188 |
+ |
189 |
+ local myconf=() |
190 |
+ host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092 |
191 |
+ |
192 |
+ ECONF_SOURCE="${S}" \ |
193 |
+ econf "${myconf[@]}" |
194 |
+} |
195 |
+ |
196 |
+multilib_src_test() { |
197 |
+ # Default sandbox build will run with --jobs set to # cpus. |
198 |
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" |
199 |
+} |
200 |
+ |
201 |
+multilib_src_install_all() { |
202 |
+ doenvd "${FILESDIR}"/09sandbox |
203 |
+ |
204 |
+ keepdir /var/log/sandbox |
205 |
+ fowners root:portage /var/log/sandbox |
206 |
+ fperms 0770 /var/log/sandbox |
207 |
+ |
208 |
+ cd "${S}" |
209 |
+ dodoc AUTHORS ChangeLog* NEWS README |
210 |
+} |
211 |
+ |
212 |
+pkg_preinst() { |
213 |
+ chown root:portage "${ED}"/var/log/sandbox |
214 |
+ chmod 0770 "${ED}"/var/log/sandbox |
215 |
+ |
216 |
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then |
217 |
+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') |
218 |
+ if [[ -n ${old} ]] ; then |
219 |
+ elog "Removing old sandbox libraries for you:" |
220 |
+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete |
221 |
+ fi |
222 |
+ fi |
223 |
+} |
224 |
+ |
225 |
+pkg_postinst() { |
226 |
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then |
227 |
+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376 |
228 |
+ fi |
229 |
+} |
230 |
|
231 |
diff --git a/sys-apps/sandbox/sandbox-2.11-r4.ebuild b/sys-apps/sandbox/sandbox-2.11-r4.ebuild |
232 |
new file mode 100644 |
233 |
index 00000000..0cba4b7 |
234 |
--- /dev/null |
235 |
+++ b/sys-apps/sandbox/sandbox-2.11-r4.ebuild |
236 |
@@ -0,0 +1,85 @@ |
237 |
+# Copyright 1999-2016 Gentoo Foundation |
238 |
+# Distributed under the terms of the GNU General Public License v2 |
239 |
+ |
240 |
+# |
241 |
+# don't monkey with this ebuild unless contacting portage devs. |
242 |
+# period. |
243 |
+# |
244 |
+ |
245 |
+EAPI="5" |
246 |
+ |
247 |
+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils |
248 |
+ |
249 |
+DESCRIPTION="sandbox'd LD_PRELOAD hack" |
250 |
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" |
251 |
+SRC_URI="mirror://gentoo/${P}.tar.xz |
252 |
+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" |
253 |
+ |
254 |
+LICENSE="GPL-2" |
255 |
+SLOT="0" |
256 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
257 |
+IUSE="" |
258 |
+ |
259 |
+DEPEND="app-arch/xz-utils |
260 |
+ >=app-misc/pax-utils-0.1.19" #265376 |
261 |
+RDEPEND="" |
262 |
+ |
263 |
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" |
264 |
+ |
265 |
+sandbox_death_notice() { |
266 |
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" |
267 |
+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" |
268 |
+} |
269 |
+ |
270 |
+src_prepare() { |
271 |
+ epatch "${FILESDIR}"/${P}-execvpe.patch #578516 |
272 |
+ epatch "${FILESDIR}"/${P}-exec-hash.patch #578524 |
273 |
+ epatch "${FILESDIR}"/${P}-exec-prelink.patch #599894 |
274 |
+ epatch "${FILESDIR}"/${PN}-2.10-fix-opendir.patch #553092 |
275 |
+ epatch_user |
276 |
+} |
277 |
+ |
278 |
+multilib_src_configure() { |
279 |
+ filter-lfs-flags #90228 |
280 |
+ |
281 |
+ local myconf=() |
282 |
+ host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092 |
283 |
+ |
284 |
+ ECONF_SOURCE="${S}" \ |
285 |
+ econf "${myconf[@]}" |
286 |
+} |
287 |
+ |
288 |
+multilib_src_test() { |
289 |
+ # Default sandbox build will run with --jobs set to # cpus. |
290 |
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" |
291 |
+} |
292 |
+ |
293 |
+multilib_src_install_all() { |
294 |
+ doenvd "${FILESDIR}"/09sandbox |
295 |
+ |
296 |
+ keepdir /var/log/sandbox |
297 |
+ fowners root:portage /var/log/sandbox |
298 |
+ fperms 0770 /var/log/sandbox |
299 |
+ |
300 |
+ cd "${S}" |
301 |
+ dodoc AUTHORS ChangeLog* NEWS README |
302 |
+} |
303 |
+ |
304 |
+pkg_preinst() { |
305 |
+ chown root:portage "${ED}"/var/log/sandbox |
306 |
+ chmod 0770 "${ED}"/var/log/sandbox |
307 |
+ |
308 |
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then |
309 |
+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') |
310 |
+ if [[ -n ${old} ]] ; then |
311 |
+ elog "Removing old sandbox libraries for you:" |
312 |
+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete |
313 |
+ fi |
314 |
+ fi |
315 |
+} |
316 |
+ |
317 |
+pkg_postinst() { |
318 |
+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then |
319 |
+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376 |
320 |
+ fi |
321 |
+} |