From da9f8ef093a2da6e0d72f1b0b61efe3af117f49c Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 2 Mar 2022 17:19:17 +0100 Subject: [PATCH] sys-apps/sandbox: Sync with gentoo It's from gentoo commit 36d4dacd971f39bd0ecde7d93216de68c8efe31a. --- .../portage-stable/sys-apps/sandbox/Manifest | 21 ++- .../files/sandbox-2.10-disable-same.patch | 77 ----------- .../files/sandbox-2.10-fix-opendir.patch | 79 ----------- .../sandbox-2.10-memory-corruption.patch | 42 ------ .../sandbox-2.11-symlinkat-renameat.patch | 124 ------------------ .../files/sandbox-3.1-label-decl.patch | 41 ++++++ .../sys-apps/sandbox/metadata.xml | 5 +- .../sys-apps/sandbox/sandbox-2.10-r3.ebuild | 84 ------------ .../sys-apps/sandbox/sandbox-2.10-r4.ebuild | 85 ------------ .../sys-apps/sandbox/sandbox-2.12.ebuild | 76 ----------- .../sys-apps/sandbox/sandbox-2.13.ebuild | 76 ----------- .../sys-apps/sandbox/sandbox-2.24.ebuild | 63 +++++++++ .../sys-apps/sandbox/sandbox-2.25.ebuild | 63 +++++++++ .../sys-apps/sandbox/sandbox-2.26.ebuild | 58 ++++++++ .../sys-apps/sandbox/sandbox-2.27.ebuild | 62 +++++++++ .../sys-apps/sandbox/sandbox-2.28.ebuild | 62 +++++++++ .../sys-apps/sandbox/sandbox-2.29.ebuild | 62 +++++++++ .../sys-apps/sandbox/sandbox-3.0.ebuild | 62 +++++++++ .../sys-apps/sandbox/sandbox-3.1.ebuild | 66 ++++++++++ 19 files changed, 551 insertions(+), 657 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-disable-same.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r3.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r4.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.12.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.13.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest index db59a075f6..b3f61f637d 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/Manifest @@ -1,13 +1,8 @@ -AUX 09sandbox 37 BLAKE2B 181213e2cc0bcfa328310cced40bfaba4530d8d2f80e892cb5649d5277c5d59d345ce96ca802a5529a22892c929bafac04c616458fa147a3bee5c89d31b0baf1 SHA512 4e8a9c58debde6480224a45559c5f2db4765213d151e47937f9142f110cac3681bf6402acaf21249a37bb17398e7bc00ae7feee68ecdb5b9363c432eac1b052a -AUX sandbox-2.10-disable-same.patch 2547 BLAKE2B 72976e698d1e95cc9153745744e3e9790ade9923ade2459b66969fdd04b0532fad70f08babaf5bbf2240deba9fb92a4a1090cfaec7b2d9a85d6d98adb23926f9 SHA512 bf005fbde7b6ba88df36bb75064658764e488dd2f3c96a6f92c69ad3f2e8d2db12ba2c7bafa9656326b7fde73301c330f68bd064efa0fce2a7eb28fff6ce0a1e -AUX sandbox-2.10-fix-opendir.patch 3311 BLAKE2B d8a604720da1c623e7299215298d6ce3502b58641006e2667047a2477a85e4c071426ae30e5f0a436dfe3d74cc4f34de7fab6729dafec6acddb44974edffe619 SHA512 5c0650d6838b8171a87409ebd8565a90a42603874893708c2cdee5b50535e637f145fa2e51142db857c35a9bc11713b45b7e50c31f96f9ecd6ba342ce8d87928 -AUX sandbox-2.10-memory-corruption.patch 1515 BLAKE2B 2c0ef4ca1899efd2d525aafb26dcb7ecaf40c3b107e38e3c5d1a39455dd2cd36f8ac8fff43bb1dec22b910e479f328fa139a02f5a8f584ecefcf0ed86e60ad6a SHA512 1eb650824cc7a876fabef382cafb451a507326a8422fb7bb5014699046b64ea8f4cf2bba9efcb75d7a2eac4eff493d06153422f85c119f49635ac0840071660c -AUX sandbox-2.11-symlinkat-renameat.patch 3418 BLAKE2B 4864dd5794abbf70d70f30949ee39921f9dafea4445f4cd49d88a5bef9b19769ed0c2c37a7a30fd6e241c159b21aad4f6465ef159ec1652cbb0d4a65e6531869 SHA512 cbefae8aa9c289db0bfe7b2429f64aa4c437be0e269eaa657eb3b22a3086db1fca45a624cb181978b4157f0cb9b475b4ece2eb9337285bf8bede709ad4431c52 -DIST sandbox-2.10.tar.xz 417068 BLAKE2B 78bb5b29b520d41c582e7f7cb444ce580f9f8f05ce80795986ff8e1f84f9320e21fda0c5ae092cce8e5a3dc1c0efa48e1ce69c21107e541d2c569e6369ccb5b0 SHA512 178b3b8fcb54e6ff67df1c8101866739b49e4d31a66717c21ef502dd2ab609fca70f1a0c662b913e207bfc1ba6994cefdcf5c92ff32add9dd98bd9707f301305 -DIST sandbox-2.12.tar.xz 424252 BLAKE2B 55eb06cbc15ad9ff8b0c272b8d071591ce3533a6ff807719df79131e6c966d60c3b37d9d8e4e1d466df0992836c4594bf6927b496ecb343a71d7b0656219a6d7 SHA512 98bd2ee8807d81e65ee0c9f11cfaf2b37da2ee4d8763c68d18c0ff6b14f3cc847ae2d3a0aa30cbe86063a2108ed4d4dcf7cc3fc4f37cb7549d266d4c1989c2a9 -DIST sandbox-2.13.tar.xz 424968 BLAKE2B efcbf527853e8cfe8b3fec026041f55f51cba78029f92195ec76a45e84cb2b6cc129267c6e50608584607de72a86b2e7836e77f20677de9b94bb5c40999e4712 SHA512 46ad79335e51a1ec0aaa34ab5eeabe9d007818c518682409c5aaf97d49ec23021ece8fa53264ce5332cdd04ef6b3fd9beff0dc0a3cb5dfe2f9b6a6e359f8c1cf -EBUILD sandbox-2.10-r3.ebuild 2156 BLAKE2B fecdef4a769d481e6479c82c341626de5d935f031b33df13eaae51b2041e0793a9854f3726ae90586586dc7d0008230f7ba6ae948c48d145d5c05bd4fd0aa027 SHA512 a08a00c80dcd282c929078c7c3afed16a7c30d710294e1621cf2ca1841f01f95872dd92a0bea1f3d7bb8850c05cffcefb68c58a36c9b1eac1960d1d4b04e3224 -EBUILD sandbox-2.10-r4.ebuild 2222 BLAKE2B 5f0e178bafb0f28dcf320452c64317d9883afee0a68c09190e3293bd857b5ee816e4656b01b5e1dbb7664802d0e13a05540ab4ba61a04c93788dc1d21cee7c95 SHA512 dca8808e22888f5542a1233604a84b0a5e9952bf6e8792b24a716e477b254fc90ac1efc0cff0eccf832f10026cf56341011e227001c70f0d5eaab36c89b5a23c -EBUILD sandbox-2.12.ebuild 1931 BLAKE2B cd545ca0c7b3b1ca9672e7a0562da03b9eae5dbef36cec7d1eb59d452785ee8f11c03b9a25a9cfe0862a923d5b0f9349c15c6076f9735062cb43505607520b73 SHA512 2a5ec9b1aacfb63d3c4d8f64d067091ab28c7f54ca295a857d14d11d1f4e410c5475cf32d0801cfa1362ce57045da0ef5e1f413a1b56dc541c5efe56d4410d7c -EBUILD sandbox-2.13.ebuild 1938 BLAKE2B 26db9bc8c8334a4a20bcb09765861f6ed6b6a3da6edd02cc9438943fc18271a9ffa90a26d37e2f648cdd5073a22de71decc21417db1ea331833f11d146f5ce4d SHA512 11cd256384d562de308cd579a04c3742dc436a8e3f4e30cc66d837373c2352b99b23bd4fbfee6fa61b74b7e1eaae95b7ffec1f0fb9785979b783c17f420cdbe7 -MISC metadata.xml 252 BLAKE2B d709f9b334b2810c5ffe7d73ef430f0f347f26f7649bca4bb8803c8e0be106534bcee6efae4f80b6fb1781b09284bb3dbc32d8dff4a3aa01a924fd3437b9da7c SHA512 de8b6a78dcc379d1d34960caecdab8da9fdb9a9f010ec8611cab79487b5f28f6ae80c8b0884731fa91c4ae98482a195faa8d1ec911b1d95fafdfe9cd622cc5d9 +DIST sandbox-2.24.tar.xz 438408 BLAKE2B 5e725d17da0abc06d56216f4df2f4034076f50163db1c3bbddbf4fd07dbd5b7d92ef2f1b2c01eb77ff6cf531c5cc6a05e60b028f585310ac56eef96240882843 SHA512 8df5414e334a15f367acfd218ba1b74ba618b93d7bdeca8a039b69cbd81ab048ec5a6cecb24df09fa9a5f4fe214d647acf5138004defd45e6396eec5ae7c93d0 +DIST sandbox-2.25.tar.xz 436004 BLAKE2B c9c7d351cdefbb2b1a585904c38742a5a3bde50d3d690c57cff9cdc71ffb822e78a2b56c47afd03fbc70834de5dda13c5a300d9d6b35e09ec400a050d4f8e82c SHA512 4e998c4d9ba6eb69369cc49849060a2e90535eae91fbb64c4d46371fe0ed5182413b14674f10c773fd997b6895bc870ccb23586351f5bb06b69dc11a0cddbe1d +DIST sandbox-2.26.tar.xz 444412 BLAKE2B 3bc88d86ba4e2522895c4448dff6da2cffceb912e5ff9610fe4c3aea255ffd9b9ca9bbe8e45d94508f45e9c141aa6945a9a8d82cba0f3ca102ff6a1624c84161 SHA512 f20766daf2ce43753772a184c86a7b6847f96ab7b60b202616e15d791bc1f770162035a9b1ffe38765dff8d2567ad971a9a2bdeba9a8769845a758fcd95206fa +DIST sandbox-2.27.tar.xz 448948 BLAKE2B 03a311c8c7c8719bac398e39ce49e7149bdaa1d5b2811f395eb2251a32aabba995f97c3d5d27461aadb64bf43adf2b0cbaa7c2f141dd86f64f8dd326422ac104 SHA512 2a53e6fc87cec975962737b1fadc447d86985d27b18ad2caed711116da2ba435f54db0f7dadb02664b2638b9dc77752831cd4820390f5c3e61a42429e13462a7 +DIST sandbox-2.28.tar.xz 450840 BLAKE2B 1a144db1dcd140ce393f47b224c4389693bd3db6d056749968a9e78730b1075192148aa63fdfd5ab93893dfb96a87bcc36bee8b4540abefca0590a8def8365f2 SHA512 eaac54fbc35f51da3c94bfa10e0556f0fd39c20660fea2aa7d3cbf76dd3e4c9fb4a16cc198425988b79313f9331af030e1dca431c3f057ee4a04927c96897895 +DIST sandbox-2.29.tar.xz 452784 BLAKE2B 388f5d9c49134696bafbc6b882581396a9fa2e7caa6ccfb4376706d653f836ce18e0d77527c4c4f2ff753c0b920ab5ab60e151dd8a4e399e13dbc3fe7c0533d6 SHA512 15c0e6b71e8b8547b8188f857568c99b1925d5a837a289b21c4f842341361bf7119b96083697dc83546caf530daab700fb8c2704974e7cfb804d64bb5257a4b4 +DIST sandbox-3.0.tar.xz 454384 BLAKE2B b4f38b7c5ed2dc52e558f1b7e36d2308e6017c9d14861c60eace0f240a909f11184e259b2359ea96cad81d21234cc9a6bcd9f313ce56bd2f3bb1ce836f006a50 SHA512 3a35ee0b19a356b1986468ef5d2ecd553b88cbdaf287ce31a211b4072097a9844fca413ffa0f2858b9a4e75ead822fe9d9834f17c241ba32c2f14e02619a70b3 +DIST sandbox-3.1.tar.xz 454404 BLAKE2B f8cc2960f1c7b3367d375952f0a7ca978c1a2cc27b63137046152d1080a1a7b6b99d356af0776d3b57a5c260b2d89f0b7bfb127967407b537642be04e92b8603 SHA512 e57c0fc1ddb5a63012abd02080770d49deaa1d0168508a794df2eaa25b2b7a4fa6c505e8b93572a3745912819202c264cdf980f10dc7101c487a9b03e7f65815 diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-disable-same.patch b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-disable-same.patch deleted file mode 100644 index 296b322b0c..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-disable-same.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 7a923f646ce10b7dec3c7ae5fe2079c10aa21752 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Sun, 20 Dec 2015 16:08:16 -0500 -Subject: [PATCH] libsbutil: gnulib: hand disable same_name usage - -We don't provide same_name because the one caller we don't use, but it -relies on gc-sections to avoid link errors. That flag doesn't work on -ia64 though, so we need to hand delete the one caller. Ugh. - -Signed-off-by: Mike Frysinger ---- - libsbutil/gnulib/hash-triple.c | 9 --------- - libsbutil/gnulib/same.h | 25 ------------------------- - 2 files changed, 34 deletions(-) - delete mode 100644 libsbutil/gnulib/same.h - -diff --git a/libsbutil/gnulib/hash-triple.c b/libsbutil/gnulib/hash-triple.c -index c3b6d9f..06cfbdf 100644 ---- a/libsbutil/gnulib/hash-triple.c -+++ b/libsbutil/gnulib/hash-triple.c -@@ -24,7 +24,6 @@ - #include - - #include "hash-pjw.h" --#include "same.h" - #include "same-inode.h" - - #define STREQ(a, b) (strcmp (a, b) == 0) -@@ -52,14 +51,6 @@ triple_hash_no_name (void const *x, size_t table_size) - - /* Compare two F_triple structs. */ - bool --triple_compare (void const *x, void const *y) --{ -- struct F_triple const *a = x; -- struct F_triple const *b = y; -- return (SAME_INODE (*a, *b) && same_name (a->name, b->name)) ? true : false; --} -- --bool - triple_compare_ino_str (void const *x, void const *y) - { - struct F_triple const *a = x; -diff --git a/libsbutil/gnulib/same.h b/libsbutil/gnulib/same.h -deleted file mode 100644 -index ee313c5..0000000 ---- a/libsbutil/gnulib/same.h -+++ /dev/null -@@ -1,25 +0,0 @@ --/* Determine whether two file names refer to the same file. -- -- Copyright (C) 1997-2000, 2003-2004, 2009-2015 Free Software Foundation, Inc. -- -- This program is free software: you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 3 of the License, or -- (at your option) any later version. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program. If not, see . */ -- --#ifndef SAME_H_ --# define SAME_H_ 1 -- --# include -- --bool same_name (const char *source, const char *dest); -- --#endif /* SAME_H_ */ --- -2.6.2 - diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch deleted file mode 100644 index 2ff89bcdfc..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 3f668dc6ba1910085e61b3a24167ab1352c60d92 Mon Sep 17 00:00:00 2001 -From: Mart Raudsepp -Date: Fri, 11 Nov 2016 12:34:48 +0200 -Subject: [PATCH] libsandbox: do not abort with a long name to opendir - -Add a pre-check for opendir that catches too long name arguments -given to opendir, as it would get messed up and abort before it -even gets to the open*() syscall (which would handle it correctly), -due to opendir going through before_syscall/check_syscall, even -though it isn't a true syscall and it getting cut to SB_PATH_MAX -inbetween and getting confused somewhere. - -URL: https://bugs.gentoo.org/553092 -Signed-off-by: Mart Raudsepp ---- - libsandbox/wrapper-funcs/opendir.c | 2 ++ - libsandbox/wrapper-funcs/opendir_pre_check.c | 26 ++++++++++++++++++++++++++ - libsandbox/wrappers.h | 1 + - 3 files changed, 29 insertions(+) - create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c - -diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c -index 7670775..70c2692 100644 ---- a/libsandbox/wrapper-funcs/opendir.c -+++ b/libsandbox/wrapper-funcs/opendir.c -@@ -10,4 +10,6 @@ - #define WRAPPER_SAFE() SB_SAFE(name) - #define WRAPPER_RET_TYPE DIR * - #define WRAPPER_RET_DEFAULT NULL -+#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name) -+ - #include "__wrapper_simple.c" -diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c -new file mode 100644 -index 0000000..60c869f ---- /dev/null -+++ b/libsandbox/wrapper-funcs/opendir_pre_check.c -@@ -0,0 +1,26 @@ -+/* -+ * opendir() pre-check. -+ * -+ * Copyright 1999-2016 Gentoo Foundation -+ * Licensed under the GPL-2 -+ */ -+ -+bool sb_opendir_pre_check(const char *func, const char *name) -+{ -+ /* If length of name is larger than PATH_MAX, we would mess it up -+ * before it reaches the open syscall, which would cleanly error out -+ * via sandbox as well (actually with much smaller lengths than even -+ * PATH_MAX). -+ * So error out early in this case, in order to avoid an abort in -+ * check_syscall later on, which gets ran for opendir, despite it not -+ * being a syscall. -+ */ -+ if (strnlen(name, PATH_MAX) == PATH_MAX) { -+ errno = ENAMETOOLONG; -+ sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", -+ func, name, strerror(errno)); -+ return false; -+ } -+ -+ return true; -+} -diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h -index 0aa58bb..bf5bf64 100644 ---- a/libsandbox/wrappers.h -+++ b/libsandbox/wrappers.h -@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check (const char *func, const char *pathn - attribute_hidden bool sb_mkdirat_pre_check (const char *func, const char *pathname, int dirfd); - attribute_hidden bool sb_openat_pre_check (const char *func, const char *pathname, int dirfd, int flags); - attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags); -+attribute_hidden bool sb_opendir_pre_check (const char *func, const char *name); - attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd); - attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, - char *dirfd_path, size_t dirfd_path_len); --- -2.9.0 - diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch deleted file mode 100644 index 7dd27c9d22..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.10-memory-corruption.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 529a388ebb1b4e9d6ad8a1bb61dd8211833a5976 Mon Sep 17 00:00:00 2001 -From: Denis Lisov -Date: Sat, 19 Dec 2015 19:13:58 +0300 -Subject: [PATCH] libsandbox: fix old_malloc_size check on realloc - -Realloc uses SB_MALLOC_TO_SIZE assuming it returns the usable size, -while it is really the mmap size, which is greater. Thus it may fail -to reallocate even if required. - -URL: https://bugs.gentoo.org/568714 -Signed-off-by: Denis Lisov -Signed-off-by: Mike Frysinger ---- - libsandbox/memory.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/libsandbox/memory.c b/libsandbox/memory.c -index 8581128..a2d69a2 100644 ---- a/libsandbox/memory.c -+++ b/libsandbox/memory.c -@@ -40,7 +40,8 @@ static int sb_munmap(void *addr, size_t length) - - #define SB_MALLOC_TO_MMAP(ptr) ((void*)((uintptr_t)(ptr) - MIN_ALIGN)) - #define SB_MMAP_TO_MALLOC(ptr) ((void*)((uintptr_t)(ptr) + MIN_ALIGN)) --#define SB_MALLOC_TO_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr))) -+#define SB_MALLOC_TO_MMAP_SIZE(ptr) (*((size_t*)SB_MALLOC_TO_MMAP(ptr))) -+#define SB_MALLOC_TO_SIZE(ptr) (SB_MALLOC_TO_MMAP_SIZE(ptr) - MIN_ALIGN) - - void *malloc(size_t size) - { -@@ -57,7 +58,7 @@ void free(void *ptr) - { - if (ptr == NULL) - return; -- if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_SIZE(ptr))) -+ if (munmap(SB_MALLOC_TO_MMAP(ptr), SB_MALLOC_TO_MMAP_SIZE(ptr))) - sb_ebort("sandbox memory corruption with free(%p): %s\n", - ptr, strerror(errno)); - } --- -2.6.2 - diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch deleted file mode 100644 index e33011f749..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-2.11-symlinkat-renameat.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 4c47cfa22802fd8201586bef233d8161df4ff61b Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Fri, 10 Mar 2017 10:15:50 -0800 -Subject: [PATCH] libsandbox: whitelist renameat/symlinkat as symlink funcs - -These funcs don't deref their path args, so flag them as such. - -URL: https://bugs.gentoo.org/612202 -Signed-off-by: Mike Frysinger ---- - libsandbox/libsandbox.c | 4 +++- - tests/renameat-2.sh | 12 ++++++++++++ - tests/renameat-3.sh | 11 +++++++++++ - tests/renameat.at | 2 ++ - tests/symlinkat-2.sh | 10 ++++++++++ - tests/symlinkat-3.sh | 9 +++++++++ - tests/symlinkat.at | 2 ++ - 7 files changed, 49 insertions(+), 1 deletion(-) - create mode 100755 tests/renameat-2.sh - create mode 100755 tests/renameat-3.sh - create mode 100755 tests/symlinkat-2.sh - create mode 100755 tests/symlinkat-3.sh - -diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c -index e809308d717d..de48bd79ba53 100644 ---- a/libsandbox/libsandbox.c -+++ b/libsandbox/libsandbox.c -@@ -650,8 +650,10 @@ static bool symlink_func(int sb_nr, int flags, const char *abs_path) - sb_nr == SB_NR_LCHOWN || - sb_nr == SB_NR_REMOVE || - sb_nr == SB_NR_RENAME || -+ sb_nr == SB_NR_RENAMEAT || - sb_nr == SB_NR_RMDIR || -- sb_nr == SB_NR_SYMLINK)) -+ sb_nr == SB_NR_SYMLINK || -+ sb_nr == SB_NR_SYMLINKAT)) - { - /* These funcs sometimes operate on symlinks */ - if (!((sb_nr == SB_NR_FCHOWNAT || -diff --git a/tests/renameat-2.sh b/tests/renameat-2.sh -new file mode 100755 -index 000000000000..d0fbe8ae4574 ---- /dev/null -+++ b/tests/renameat-2.sh -@@ -0,0 +1,12 @@ -+#!/bin/sh -+# make sure we can clobber symlinks #612202 -+ -+addwrite $PWD -+ -+ln -s /asdf sym || exit 1 -+touch file -+renameat-0 0 AT_FDCWD file AT_FDCWD sym || exit 1 -+[ ! -e file ] -+[ ! -L sym ] -+[ -e sym ] -+test ! -s "${SANDBOX_LOG}" -diff --git a/tests/renameat-3.sh b/tests/renameat-3.sh -new file mode 100755 -index 000000000000..9ae5c9a6511a ---- /dev/null -+++ b/tests/renameat-3.sh -@@ -0,0 +1,11 @@ -+#!/bin/sh -+# make sure we reject bad renames #612202 -+ -+addwrite $PWD -+mkdir deny -+adddeny $PWD/deny -+ -+touch file -+renameat-0 -1,EACCES AT_FDCWD file AT_FDCWD deny/file || exit 1 -+[ -e file ] -+test -s "${SANDBOX_LOG}" -diff --git a/tests/renameat.at b/tests/renameat.at -index 081d7d20277e..eec4638deeaa 100644 ---- a/tests/renameat.at -+++ b/tests/renameat.at -@@ -1 +1,3 @@ - SB_CHECK(1) -+SB_CHECK(2) -+SB_CHECK(3) -diff --git a/tests/symlinkat-2.sh b/tests/symlinkat-2.sh -new file mode 100755 -index 000000000000..168362e8806f ---- /dev/null -+++ b/tests/symlinkat-2.sh -@@ -0,0 +1,10 @@ -+#!/bin/sh -+# make sure we can clobber symlinks #612202 -+ -+addwrite $PWD -+ -+symlinkat-0 0 /asdf AT_FDCWD ./sym || exit 1 -+[ -L sym ] -+symlinkat-0 -1,EEXIST /asdf AT_FDCWD ./sym || exit 1 -+[ -L sym ] -+test ! -s "${SANDBOX_LOG}" -diff --git a/tests/symlinkat-3.sh b/tests/symlinkat-3.sh -new file mode 100755 -index 000000000000..a01c750dd2b6 ---- /dev/null -+++ b/tests/symlinkat-3.sh -@@ -0,0 +1,9 @@ -+#!/bin/sh -+# make sure we reject bad symlinks #612202 -+ -+addwrite $PWD -+mkdir deny -+adddeny $PWD/deny -+ -+symlinkat-0 -1,EACCES ./ AT_FDCWD deny/sym || exit 1 -+test -s "${SANDBOX_LOG}" -diff --git a/tests/symlinkat.at b/tests/symlinkat.at -index 081d7d20277e..eec4638deeaa 100644 ---- a/tests/symlinkat.at -+++ b/tests/symlinkat.at -@@ -1 +1,3 @@ - SB_CHECK(1) -+SB_CHECK(2) -+SB_CHECK(3) --- -2.12.0 - diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch new file mode 100644 index 0000000000..b17f4b866f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/files/sandbox-3.1-label-decl.patch @@ -0,0 +1,41 @@ +From 82f6d876660ba1132d75ccfef5c4301d123ea505 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger +Date: Wed, 3 Nov 2021 12:25:10 -0400 +Subject: [PATCH] libsandbox: tweak label/decl code for some compiler settings + +Looks like gcc is inconsistent in when it chokes on this code: +> a label can only be part of a statement and a declaration is not a statement + +Hoist the decl up to the top of scope to avoid the issue. + +Bug: https://bugs.gentoo.org/821433 +Signed-off-by: Mike Frysinger +--- + libsandbox/trace.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libsandbox/trace.c b/libsandbox/trace.c +index f3390d99822e..d2899b743048 100644 +--- a/libsandbox/trace.c ++++ b/libsandbox/trace.c +@@ -704,6 +704,8 @@ static char *flatten_args(char *const argv[]) + + bool trace_possible(const char *filename, char *const argv[], const void *data) + { ++ char *args; ++ + /* If YAMA ptrace_scope is very high, then we can't trace at all. #771360 */ + int yama = trace_yama_level(); + if (yama >= 2) { +@@ -721,7 +723,7 @@ bool trace_possible(const char *filename, char *const argv[], const void *data) + } + + fail: +- char *args = flatten_args(argv); ++ args = flatten_args(argv); + sb_eqawarn("Unable to trace static ELF: %s: %s\n", filename, args); + free(args); + return false; +-- +2.33.0 + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml index 1cdc968e40..11e084f7c9 100644 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/metadata.xml @@ -1,8 +1,11 @@ - + sandbox@gentoo.org Sandbox Maintainers + + Enable NO_NEW_PRIVS which blocks set*id programs from gaining privileges (e.g. sudo) + diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r3.ebuild deleted file mode 100644 index 49e172c3c5..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r3.ebuild +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -EAPI="5" - -inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" -SRC_URI="mirror://gentoo/${P}.tar.xz - https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" -IUSE="" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" -} - -src_prepare() { - epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714 - epatch "${FILESDIR}"/${P}-disable-same.patch - epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092 - epatch_user -} - -multilib_src_configure() { - filter-lfs-flags #90228 - - local myconf=() - host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092 - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" -} - -multilib_src_test() { - # Default sandbox build will run with --jobs set to # cpus. - emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" -} - -multilib_src_install_all() { - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete - fi - fi -} - -pkg_postinst() { - if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 - fi -} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r4.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r4.ebuild deleted file mode 100644 index 29827378c0..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.10-r4.ebuild +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# -# don't monkey with this ebuild unless contacting portage devs. -# period. -# - -EAPI="5" - -inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" -SRC_URI="mirror://gentoo/${P}.tar.xz - https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" -IUSE="" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" -} - -src_prepare() { - epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714 - epatch "${FILESDIR}"/${P}-disable-same.patch - epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092 - epatch "${FILESDIR}"/${PN}-2.11-symlinkat-renameat.patch #612202 - epatch_user -} - -multilib_src_configure() { - filter-lfs-flags #90228 - - local myconf=() - host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092 - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" -} - -multilib_src_test() { - # Default sandbox build will run with --jobs set to # cpus. - emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" -} - -multilib_src_install_all() { - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - cd "${S}" - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete - fi - fi -} - -pkg_postinst() { - if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 - fi -} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.12.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.12.ebuild deleted file mode 100644 index 2a7f3ce6be..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.12.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" -SRC_URI="https://dev.gentoo.org/~mgorny/dist/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd" -IUSE="" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" -} - -multilib_src_configure() { - filter-lfs-flags #90228 - - local myconf=() - host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092 - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" -} - -multilib_src_test() { - # Default sandbox build will run with --jobs set to # cpus. - emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" -} - -multilib_src_install_all() { - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - local v - for v in ${REPLACING_VERSIONS}; do - if [[ ${v} == 1.* ]] ; then - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete - fi - fi - done -} - -pkg_postinst() { - local v - for v in ${REPLACING_VERSIONS}; do - if [[ ${v} == 1.* ]] ; then - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 - fi - done -} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.13.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.13.ebuild deleted file mode 100644 index 37b52a70e2..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.13.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils - -DESCRIPTION="sandbox'd LD_PRELOAD hack" -HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" -SRC_URI="https://dev.gentoo.org/~mgorny/dist/${P}.tar.xz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" -IUSE="" - -DEPEND="app-arch/xz-utils - >=app-misc/pax-utils-0.1.19" #265376 -RDEPEND="" - -has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" - -sandbox_death_notice() { - ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" - ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" -} - -multilib_src_configure() { - filter-lfs-flags #90228 - - local myconf=() - host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092 - - ECONF_SOURCE="${S}" \ - econf "${myconf[@]}" -} - -multilib_src_test() { - # Default sandbox build will run with --jobs set to # cpus. - emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" -} - -multilib_src_install_all() { - doenvd "${FILESDIR}"/09sandbox - - keepdir /var/log/sandbox - fowners root:portage /var/log/sandbox - fperms 0770 /var/log/sandbox - - dodoc AUTHORS ChangeLog* NEWS README -} - -pkg_preinst() { - chown root:portage "${ED}"/var/log/sandbox - chmod 0770 "${ED}"/var/log/sandbox - - local v - for v in ${REPLACING_VERSIONS}; do - if [[ ${v} == 1.* ]] ; then - local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') - if [[ -n ${old} ]] ; then - elog "Removing old sandbox libraries for you:" - find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete - fi - fi - done -} - -pkg_postinst() { - local v - for v in ${REPLACING_VERSIONS}; do - if [[ ${v} == 1.* ]] ; then - chmod 0755 "${EROOT}"/etc/sandbox.d #265376 - fi - done -} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild new file mode 100644 index 0000000000..e95d6bc812 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.24.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~sam/distfiles/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + # -j1 to prevent test faiures caused by file descriptor + # injection GNU make does. + emake -j1 check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_postinst() { + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild new file mode 100644 index 0000000000..70179abd1b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.25.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~mgorny/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + # -j1 to prevent test faiures caused by file descriptor + # injection GNU make does. + emake -j1 check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_postinst() { + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild new file mode 100644 index 0000000000..414c257602 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.26.ebuild @@ -0,0 +1,58 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + dodoc AUTHORS ChangeLog* README.md +} + +pkg_postinst() { + mkdir -p "${EROOT}"/var/log/sandbox + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild new file mode 100644 index 0000000000..83e9089888 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.27.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+nnp" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + if ! use nnp ; then + sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die + fi + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + dodoc AUTHORS ChangeLog* README.md +} + +pkg_postinst() { + mkdir -p "${EROOT}"/var/log/sandbox + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild new file mode 100644 index 0000000000..83e9089888 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.28.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+nnp" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + if ! use nnp ; then + sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die + fi + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + dodoc AUTHORS ChangeLog* README.md +} + +pkg_postinst() { + mkdir -p "${EROOT}"/var/log/sandbox + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild new file mode 100644 index 0000000000..83e9089888 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-2.29.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+nnp" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + if ! use nnp ; then + sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die + fi + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + dodoc AUTHORS ChangeLog* README.md +} + +pkg_postinst() { + mkdir -p "${EROOT}"/var/log/sandbox + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild new file mode 100644 index 0000000000..83e9089888 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.0.ebuild @@ -0,0 +1,62 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+nnp" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + if ! use nnp ; then + sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die + fi + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + dodoc AUTHORS ChangeLog* README.md +} + +pkg_postinst() { + mkdir -p "${EROOT}"/var/log/sandbox + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +} diff --git a/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild new file mode 100644 index 0000000000..1c11a7faf1 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-apps/sandbox/sandbox-3.1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit flag-o-matic multilib-minimal multiprocessing + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Sandbox" +SRC_URI="https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+nnp" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +PATCHES=( + "${FILESDIR}"/${P}-label-decl.patch #821433 +) + +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS+=" sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox" +} + +src_prepare() { + default + + if ! use nnp ; then + sed -i 's:PR_SET_NO_NEW_PRIVS:___disable_nnp_hack:' src/sandbox.c || die + fi + + # sandbox uses `__asm__ (".symver "...` which does + # not play well with gcc's LTO: https://gcc.gnu.org/PR48200 + append-flags -fno-lto + append-ldflags -fno-lto +} + +multilib_src_configure() { + filter-lfs-flags #90228 + + ECONF_SOURCE="${S}" econf +} + +multilib_src_test() { + # Default sandbox build will run with --jobs set to # cpus. + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +multilib_src_install_all() { + doenvd "${FILESDIR}"/09sandbox + + dodoc AUTHORS ChangeLog* README.md +} + +pkg_postinst() { + mkdir -p "${EROOT}"/var/log/sandbox + chown root:portage "${EROOT}"/var/log/sandbox + chmod 0770 "${EROOT}"/var/log/sandbox +}