Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Frysinger <vapier@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/, sys-apps/sandbox/files/
Date: Wed, 30 Mar 2016 05:21:55
Message-Id: 1459315294.0970c507b3eda2d1909614026385bf8767766322.vapier@gentoo
1 commit: 0970c507b3eda2d1909614026385bf8767766322
2 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
3 AuthorDate: Wed Mar 30 05:20:46 2016 +0000
4 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
5 CommitDate: Wed Mar 30 05:21:34 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0970c507
7
8 sys-apps/sandbox: fix execvpe handling #578516
9
10 sys-apps/sandbox/files/sandbox-2.11-execvpe.patch | 30 ++++++++++++++++++++++
11 ...ndbox-2.11-r1.ebuild => sandbox-2.11-r2.ebuild} | 1 +
12 2 files changed, 31 insertions(+)
13
14 diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
15 new file mode 100644
16 index 0000000..7e8130b
17 --- /dev/null
18 +++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch
19 @@ -0,0 +1,30 @@
20 +From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001
21 +From: Mike Frysinger <vapier@g.o>
22 +Date: Wed, 30 Mar 2016 01:17:21 -0400
23 +Subject: [PATCH] libsandbox: whitelist execvpe
24 +MIME-Version: 1.0
25 +Content-Type: text/plain; charset=UTF-8
26 +Content-Transfer-Encoding: 8bit
27 +
28 +URL: https://bugs.gentoo.org/578516
29 +Reported-by: Toralf Förster <toralf.foerster@×××.de>
30 +Signed-off-by: Mike Frysinger <vapier@g.o>
31 +---
32 + libsandbox/libsandbox.c | 1 +
33 + 1 file changed, 1 insertion(+)
34 +
35 +diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
36 +index cbe1aa1..e809308 100644
37 +--- a/libsandbox/libsandbox.c
38 ++++ b/libsandbox/libsandbox.c
39 +@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func,
40 + sb_nr == SB_NR_EXECV ||
41 + sb_nr == SB_NR_EXECVP ||
42 + sb_nr == SB_NR_EXECVE ||
43 ++ sb_nr == SB_NR_EXECVPE ||
44 + sb_nr == SB_NR_FEXECVE))
45 + {
46 + retval = check_prefixes(sbcontext->read_prefixes,
47 +--
48 +2.7.4
49 +
50
51 diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
52 similarity index 97%
53 rename from sys-apps/sandbox/sandbox-2.11-r1.ebuild
54 rename to sys-apps/sandbox/sandbox-2.11-r2.ebuild
55 index 8001316..4f9884f 100644
56 --- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild
57 +++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild
58 @@ -32,6 +32,7 @@ sandbox_death_notice() {
59 }
60
61 src_prepare() {
62 + epatch "${FILESDIR}"/${P}-execvpe.patch #578516
63 epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
64 epatch_user
65 }
Report Message
Find on MARC Find on Google Groups