1 |
commit: 0970c507b3eda2d1909614026385bf8767766322 |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Mar 30 05:20:46 2016 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 30 05:21:34 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0970c507 |
7 |
|
8 |
sys-apps/sandbox: fix execvpe handling #578516 |
9 |
|
10 |
sys-apps/sandbox/files/sandbox-2.11-execvpe.patch | 30 ++++++++++++++++++++++ |
11 |
...ndbox-2.11-r1.ebuild => sandbox-2.11-r2.ebuild} | 1 + |
12 |
2 files changed, 31 insertions(+) |
13 |
|
14 |
diff --git a/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch |
15 |
new file mode 100644 |
16 |
index 0000000..7e8130b |
17 |
--- /dev/null |
18 |
+++ b/sys-apps/sandbox/files/sandbox-2.11-execvpe.patch |
19 |
@@ -0,0 +1,30 @@ |
20 |
+From 31a135d261a9bc1d65b1fa484345a858bab84db8 Mon Sep 17 00:00:00 2001 |
21 |
+From: Mike Frysinger <vapier@g.o> |
22 |
+Date: Wed, 30 Mar 2016 01:17:21 -0400 |
23 |
+Subject: [PATCH] libsandbox: whitelist execvpe |
24 |
+MIME-Version: 1.0 |
25 |
+Content-Type: text/plain; charset=UTF-8 |
26 |
+Content-Transfer-Encoding: 8bit |
27 |
+ |
28 |
+URL: https://bugs.gentoo.org/578516 |
29 |
+Reported-by: Toralf Förster <toralf.foerster@×××.de> |
30 |
+Signed-off-by: Mike Frysinger <vapier@g.o> |
31 |
+--- |
32 |
+ libsandbox/libsandbox.c | 1 + |
33 |
+ 1 file changed, 1 insertion(+) |
34 |
+ |
35 |
+diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c |
36 |
+index cbe1aa1..e809308 100644 |
37 |
+--- a/libsandbox/libsandbox.c |
38 |
++++ b/libsandbox/libsandbox.c |
39 |
+@@ -710,6 +710,7 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, |
40 |
+ sb_nr == SB_NR_EXECV || |
41 |
+ sb_nr == SB_NR_EXECVP || |
42 |
+ sb_nr == SB_NR_EXECVE || |
43 |
++ sb_nr == SB_NR_EXECVPE || |
44 |
+ sb_nr == SB_NR_FEXECVE)) |
45 |
+ { |
46 |
+ retval = check_prefixes(sbcontext->read_prefixes, |
47 |
+-- |
48 |
+2.7.4 |
49 |
+ |
50 |
|
51 |
diff --git a/sys-apps/sandbox/sandbox-2.11-r1.ebuild b/sys-apps/sandbox/sandbox-2.11-r2.ebuild |
52 |
similarity index 97% |
53 |
rename from sys-apps/sandbox/sandbox-2.11-r1.ebuild |
54 |
rename to sys-apps/sandbox/sandbox-2.11-r2.ebuild |
55 |
index 8001316..4f9884f 100644 |
56 |
--- a/sys-apps/sandbox/sandbox-2.11-r1.ebuild |
57 |
+++ b/sys-apps/sandbox/sandbox-2.11-r2.ebuild |
58 |
@@ -32,6 +32,7 @@ sandbox_death_notice() { |
59 |
} |
60 |
|
61 |
src_prepare() { |
62 |
+ epatch "${FILESDIR}"/${P}-execvpe.patch #578516 |
63 |
epatch "${FILESDIR}"/${P}-exec-hash.patch #578524 |
64 |
epatch_user |
65 |
} |