diff options
| author |   Benda Xu <heroxbd@gentoo.org> | 2013-10-30 12:17:38 +0900 |
|---|---|---|
| committer | Benda Xu <heroxbd@gentoo.org> | 2013-10-30 12:17:38 +0900 |
| commit | 3b676104682034e837ff8674c72b133382f3ff7c (patch) | |
| tree | 3762cfd806d4710a400ff155abf05ad7d305a7e7 /sys-apps | |
| parent | track bootstrap script (diff) | |
| download | android-3b676104682034e837ff8674c72b133382f3ff7c.tar.gz android-3b676104682034e837ff8674c72b133382f3ff7c.tar.bz2 android-3b676104682034e837ff8674c72b133382f3ff7c.zip | |
track sandbox
Diffstat (limited to 'sys-apps')
29 files changed, 2516 insertions, 0 deletions
diff --git a/sys-apps/sandbox/ChangeLog b/sys-apps/sandbox/ChangeLog new file mode 100644 index 0000000..76303db --- /dev/null +++ b/sys-apps/sandbox/ChangeLog @@ -0,0 +1,689 @@ +# ChangeLog for sys-apps/sandbox +# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/ChangeLog,v 1.165 2012/07/06 19:53:10 vapier Exp $ + + 06 Jul 2012; Mike Frysinger <vapier@gentoo.org> + +files/sandbox-2.6-trace-hppa.patch, sandbox-2.6.ebuild: + Fix building of trace code for hppa #425062 by Jeroen Roovers. + +*sandbox-2.6 (03 Jul 2012) + + 03 Jul 2012; Mike Frysinger <vapier@gentoo.org> +sandbox-2.6.ebuild: + Various fixes, and x32 support. + + 24 Jun 2012; Mike Frysinger <vapier@gentoo.org> sandbox-2.5.ebuild: + Parallelize configure steps for multiple ABIs, and run tests in parallel. + + 30 Mar 2012; Alexis Ballier <aballier@gentoo.org> sandbox-1.6-r2.ebuild: + keyword -x86-fbsd for bug #374425, sandbox is broken of fbsd and this leaves + us with nothing. + + 05 Feb 2012; Mike Frysinger <vapier@gentoo.org> sandbox-1.6-r2.ebuild, + sandbox-2.3-r1.ebuild, sandbox-2.4.ebuild, sandbox-2.5.ebuild: + Move to new unpacker eclass. + + 02 Feb 2012; Samuli Suominen <ssuominen@gentoo.org> sandbox-2.5.ebuild: + ppc/ppc64 stable wrt #389981 + + 03 Dec 2011; Raúl Porcel <armin76@gentoo.org> sandbox-2.5.ebuild: + alpha/ia64/m68k/s390/sh/sparc stable wrt #389981 + + 13 Nov 2011; Markus Meier <maekke@gentoo.org> sandbox-2.5.ebuild: + arm stable, bug #389981 + + 11 Nov 2011; Pawel Hajdan jr <phajdan.jr@gentoo.org> sandbox-2.5.ebuild: + x86 stable wrt bug #389981 + + 10 Nov 2011; Jeroen Roovers <jer@gentoo.org> sandbox-2.5.ebuild: + Stable for HPPA (bug #389981). + + 10 Nov 2011; Tony Vroon <chainsaw@gentoo.org> sandbox-2.5.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & + Elijah "Armageddon" El Lazkani in bug #389981. + + 10 May 2011; Jeremy Olexa <darkside@gentoo.org> sandbox-2.4.ebuild, + sandbox-2.5.ebuild: + Don't restore ownership while extracting, bug 366759 + +*sandbox-2.5 (14 Feb 2011) + + 14 Feb 2011; Mike Frysinger <vapier@gentoo.org> +sandbox-2.5.ebuild: + Version bump. + + 12 Feb 2011; Raúl Porcel <armin76@gentoo.org> sandbox-2.4.ebuild: + sparc stable wrt #348549 + + 02 Jan 2011; Mike Frysinger <vapier@gentoo.org> sandbox-2.4.ebuild: + Mark alpha/ia64/s390/sh stable #348549. + + 21 Dec 2010; Markus Meier <maekke@gentoo.org> sandbox-2.4.ebuild: + arm stable, bug #348549 + + 19 Dec 2010; Samuli Suominen <ssuominen@gentoo.org> sandbox-2.4.ebuild: + ppc64 stable wrt #348549 + + 14 Dec 2010; Markos Chandras <hwoarang@gentoo.org> sandbox-2.4.ebuild: + Stable on amd64 wrt bug #348549 + + 13 Dec 2010; Jeroen Roovers <jer@gentoo.org> sandbox-2.4.ebuild: + Stable for HPPA PPC (bug #348549). + + 13 Dec 2010; Jeroen Roovers <jer@gentoo.org> sandbox-2.4.ebuild: + Stable for HPPA (bug #348549). + + 12 Dec 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org> sandbox-2.4.ebuild: + x86 stable wrt bug #348549 + + 30 Nov 2010; Michael Weber <xmw@gentoo.org> sandbox-2.3-r1.ebuild: + sparc stable (bug 338113) + +*sandbox-2.4 (24 Nov 2010) + + 24 Nov 2010; Mike Frysinger <vapier@gentoo.org> +sandbox-2.4.ebuild: + Fix hardened issues #339157 and flesh out *at func handling some more + #342983. + + 23 Nov 2010; Mike Frysinger <vapier@gentoo.org> sandbox-2.3-r1.ebuild: + Add back ~sparc since it has its ptrace disabled. + + 16 Oct 2010; Brent Baude <ranger@gentoo.org> sandbox-2.3-r1.ebuild: + stable ppc, bug 338113 + + 10 Oct 2010; Samuli Suominen <ssuominen@gentoo.org> sandbox-2.3-r1.ebuild: + ppc64 stable wrt #338113 + + 10 Oct 2010; Raúl Porcel <armin76@gentoo.org> sandbox-2.3-r1.ebuild: + alpha/arm/ia64/m68k/s390/sh stable wrt #338113 + + 05 Oct 2010; Markus Meier <maekke@gentoo.org> sandbox-2.3-r1.ebuild: + x86 stable, bug #338113 + + 29 Sep 2010; Jeroen Roovers <jer@gentoo.org> sandbox-2.3-r1.ebuild: + Stable for HPPA (bug #338113). + + 24 Sep 2010; Markos Chandras <hwoarang@gentoo.org> sandbox-2.3-r1.ebuild: + Stable on amd64 wrt bug #338113 + +*sandbox-2.3-r1 (17 Aug 2010) + + 17 Aug 2010; Mike Frysinger <vapier@gentoo.org> +sandbox-2.3-r1.ebuild: + Fix sandbox.d config install #333131 by Hans Nieser. + +*sandbox-2.3 (17 Aug 2010) + + 17 Aug 2010; Mike Frysinger <vapier@gentoo.org> +sandbox-2.3.ebuild: + Version bump. Lots o fixes. + + 15 Aug 2010; Mike Frysinger <vapier@gentoo.org> sandbox-1.6-r2.ebuild, + sandbox-2.2.ebuild: + Manually decompress the lzma archive if host PM cannot #271543. + + 21 Nov 2009; Raúl Porcel <armin76@gentoo.org> sandbox-2.2.ebuild: + Mark 2.2 -sparc as it doesn't work very well, bug #293632 + +*sandbox-2.2 (26 Oct 2009) + + 26 Oct 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-2.2.ebuild: + Version bump (includes fixes for #202765 #288227 #288863 and SPARC + ptrace). + + 27 Sep 2009; Mike Frysinger <vapier@gentoo.org> sandbox-2.1.ebuild: + Fix new multilib code on non-multilib systems #286599 by Norman Yarvin. + + 25 Sep 2009; Thomas Sachau (Tommy[D]) <tommy@gentoo.org> + sandbox-2.1.ebuild: + Add multilib useflag for multilib building with ok from vapier + +*sandbox-2.1 (25 Aug 2009) + + 25 Aug 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-2.1.ebuild: + Version bump. + + 13 Aug 2009; Mike Frysinger <vapier@gentoo.org> + sandbox-1.2.18.1-r2.ebuild, sandbox-1.2.18.1-r3.ebuild, + sandbox-1.2.20_alpha2-r1.ebuild, sandbox-1.3.0.ebuild, + sandbox-1.3.1.ebuild, sandbox-1.3.2.ebuild, sandbox-1.3.3.ebuild, + sandbox-1.3.4.ebuild, sandbox-1.3.5.ebuild, sandbox-1.3.6.ebuild, + sandbox-1.3.7.ebuild, sandbox-1.3.8.ebuild, sandbox-1.3.9.ebuild, + sandbox-1.4.ebuild, sandbox-1.5.ebuild, sandbox-1.6.ebuild, + sandbox-1.6-r1.ebuild, sandbox-1.6-r2.ebuild, sandbox-1.7.ebuild, + sandbox-1.8.ebuild, sandbox-1.9.ebuild, sandbox-2.0.ebuild: + Drop duplicate eutils inherit #279607 by Justin Lecher. + +*sandbox-2.0 (04 Jun 2009) + + 04 Jun 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-2.0.ebuild: + Version bump to improve static tracing. + + 17 May 2009; Diego E. Pettenò <flameeyes@gentoo.org> sandbox-1.7.ebuild, + sandbox-1.8.ebuild, sandbox-1.9.ebuild: + Remove x86-fbsd keyword for sandbox versions that are known incompatible + with FreeBSD. + + 26 Apr 2009; Brent Baude <ranger@gentoo.org> sandbox-1.6-r2.ebuild: + stable ppc, bug 265376 + + 20 Apr 2009; Raúl Porcel <armin76@gentoo.org> sandbox-1.6-r2.ebuild: + ia64 stable wrt #265376 + + 18 Apr 2009; Mike Frysinger <vapier@gentoo.org> sandbox-1.6-r2.ebuild, + sandbox-1.9.ebuild: + Force latest stable pax-utils as some people are lazy and dont upgrade + #265376 by Jerome Potts. + + 18 Apr 2009; Raúl Porcel <armin76@gentoo.org> sandbox-1.6-r2.ebuild: + arm/m68k/s390/sh stable wrt #265376 + + 15 Apr 2009; Markus Meier <maekke@gentoo.org> sandbox-1.6-r2.ebuild: + amd64/x86 stable, bug #265376 + + 13 Apr 2009; Jeroen Roovers <jer@gentoo.org> sandbox-1.6-r2.ebuild: + Stable for HPPA (bug #265376). + + 12 Apr 2009; Brent Baude <ranger@gentoo.org> sandbox-1.6-r2.ebuild: + stable ppc64, bug 265376 + + 12 Apr 2009; Tobias Klausmann <klausman@gentoo.org> sandbox-1.6-r2.ebuild: + Stable on alpha, bug #265376 + + 09 Apr 2009; Friedrich Oslage <bluebird@gentoo.org> sandbox-1.6-r2.ebuild: + Stable on sparc, bug #265376 + + 09 Apr 2009; Mike Frysinger <vapier@gentoo.org> sandbox-1.6-r2.ebuild, + sandbox-1.9.ebuild: + Make sure /etc/sandbox.d has 0755 perms #265376 by Friedrich Oslage. + +*sandbox-1.9 (09 Apr 2009) + + 09 Apr 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.9.ebuild: + Version bump. + +*sandbox-1.8 (05 Apr 2009) + + 05 Apr 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.8.ebuild: + Version bump to fix #263657 #264399 #264476 #264478 #264676. + +*sandbox-1.6-r2 (02 Apr 2009) + + 02 Apr 2009; Mike Frysinger <vapier@gentoo.org> + +files/sandbox-1.6-disable-pthread.patch, +sandbox-1.6-r2.ebuild: + Disable pthread locks to make 1.6 regression free #264476. + +*sandbox-1.6-r1 (31 Mar 2009) + + 31 Mar 2009; Mike Frysinger <vapier@gentoo.org> + +files/sandbox-1.6-disable-qa-static.patch, + +files/0001-libsandbox-handle-more-at-functions.patch, + +sandbox-1.6-r1.ebuild: + Backport a fix or two so we can stabilize this version. + +*sandbox-1.7 (31 Mar 2009) + + 31 Mar 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.7.ebuild: + Version bump. + +*sandbox-1.6 (12 Mar 2009) + + 12 Mar 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.6.ebuild: + Version bump. + +*sandbox-1.5 (11 Mar 2009) + + 11 Mar 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.5.ebuild: + Version bump. + +*sandbox-1.4 (08 Mar 2009) + + 08 Mar 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.4.ebuild: + Version bump. + +*sandbox-1.3.9 (05 Mar 2009) + + 05 Mar 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.9.ebuild: + Version bump. + +*sandbox-1.3.8 (20 Feb 2009) + + 20 Feb 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.8.ebuild: + Version bump. + +*sandbox-1.3.7 (14 Feb 2009) + + 14 Feb 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.7.ebuild: + Version bump + +*sandbox-1.3.6 (11 Feb 2009) + + 11 Feb 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.6.ebuild: + Version bump. + +*sandbox-1.3.5 (08 Feb 2009) + + 08 Feb 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.5.ebuild: + Version bump for regressions. + + 07 Feb 2009; Mike Frysinger <vapier@gentoo.org> + +files/0001-sandbox-fix-typo-in-struct-sandbox_info_t-decl.patch, + sandbox-1.3.4.ebuild: + Fix for hardened systems #258031. + +*sandbox-1.3.4 (07 Feb 2009) + + 07 Feb 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.4.ebuild: + Version bump. + + 29 Jan 2009; Javier Villavicencio <the_paya@gentoo.org> + sandbox-1.3.3.ebuild: + Keyword -sparc/x86-fbsd til next version bump, bug 256741. + +*sandbox-1.3.3 (28 Jan 2009) + + 28 Jan 2009; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.3.ebuild: + Version bump. + + 26 Dec 2008; Mike Frysinger <vapier@gentoo.org> sandbox-1.3.2.ebuild: + Add lzma-utils to DEPEND #252598 by Albert W. Hopkins. + +*sandbox-1.3.2 (23 Dec 2008) + + 23 Dec 2008; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.2.ebuild: + Fix some portability issues and more *at updates. + + 09 Dec 2008; Alexis Ballier <aballier@gentoo.org> sandbox-1.3.0.ebuild, + sandbox-1.3.1.ebuild: + Keyword -sparc/x86-fbsd versions that do not build there, lets keep with + the half broken but half working old version, bug #250366 + +*sandbox-1.3.1 (29 Nov 2008) + + 29 Nov 2008; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.1.ebuild: + Fix up #248254 and #248263. + +*sandbox-1.3.0 (16 Nov 2008) + + 16 Nov 2008; Mike Frysinger <vapier@gentoo.org> +sandbox-1.3.0.ebuild: + Version bump. + + 09 Nov 2008; Mike Frysinger <vapier@gentoo.org> + sandbox-1.2.20_alpha2-r1.ebuild: + Use EBUILD_DEATH_HOOKS #113780 by Petteri Räty. + + 09 Nov 2008; Mike Frysinger <vapier@gentoo.org> + +files/sandbox-1.2.20_alpha2-parallel.patch, + sandbox-1.2.20_alpha2-r1.ebuild: + Rewrite multilib handling and apply parallel build fix by Jose Luis Rivero + #190051 by David Pykee. + + 09 Nov 2008; Harald van Dijk <truedfx@gentoo.org> + sandbox-1.2.18.1-r3.ebuild, sandbox-1.2.20_alpha2-r1.ebuild: + Avoid bashism in configure script (#236868) + +*sandbox-1.2.18.1-r3 (27 Jun 2008) + + 27 Jun 2008; Robin H. Johnson <robbat2@gentoo.org> + +files/sandbox-1.2.18.1-rtld-validation.patch, + +sandbox-1.2.18.1-r3.ebuild: + Fix for bug #206678. Variations of it have been running on infra boxes for + two months now, we seem to have traced it down to RTLD_NEXT not always + having a usable value under hardened on new libc. + +*sandbox-1.2.20_alpha2-r1 (04 Nov 2007) + + 04 Nov 2007; Diego Pettenò <flameeyes@gentoo.org> + +sandbox-1.2.20_alpha2-r1.ebuild: + Fix the problem with GLIBC 2.7 even for the alpha version. + + 27 Oct 2007; Jose Luis Rivero <yoswink@gentoo.org> + sandbox-1.2.18.1-r2.ebuild: + Stable on alpha wrt #182361 + + 27 Oct 2007; Raúl Porcel <armin76@gentoo.org> sandbox-1.2.18.1-r2.ebuild: + ia64 stable wrt #182361 + + 26 Oct 2007; nixnut <nixnut@gentoo.org> sandbox-1.2.18.1-r2.ebuild: + Stable on ppc wrt bug 182361 + + 25 Oct 2007; Dawid Węgliński <cla@gentoo.org> + sandbox-1.2.18.1-r2.ebuild: + Stable on x86 (bug #182361) + + 25 Oct 2007; Daniel Gryniewicz <dang@gentoo.org> + sandbox-1.2.18.1-r2.ebuild: + Marked stable on amd64 for bug #182361 + + 25 Oct 2007; Markus Rothe <corsair@gentoo.org> sandbox-1.2.18.1-r2.ebuild: + Stable on ppc64; bug #182361 + + 25 Oct 2007; Christian Faulhammer <opfer@gentoo.org> + sandbox-1.2.18.1-r1.ebuild: + stable x86, bug 180985 + + 25 Oct 2007; Jeroen Roovers <jer@gentoo.org> sandbox-1.2.18.1-r2.ebuild: + Stable for SPARC (bug #182361). + + 25 Oct 2007; Jeroen Roovers <jer@gentoo.org> sandbox-1.2.18.1-r2.ebuild: + Stable for HPPA (bug #182361). Fixed quoting issues. + +*sandbox-1.2.18.1-r2 (23 Oct 2007) + + 23 Oct 2007; Mike Frysinger <vapier@gentoo.org> + +files/sandbox-1.2.18.1-open-cloexec.patch, +sandbox-1.2.18.1-r2.ebuild: + Work with new "e" fopen() flag in glibc-2.7 #196720. + +*sandbox-1.2.18.1-r1 (17 Oct 2007) + + 17 Oct 2007; Daniel Drake <dsd@gentoo.org> + +files/sandbox-1.2.18.1-open-normal-fail.patch, + +sandbox-1.2.18.1-r1.ebuild: + Allow open() on non-existent files to fail in the normal way without + violation. Fixes bug #135745. + + 15 Oct 2007; Markus Rothe <corsair@gentoo.org> sandbox-1.2.18.1.ebuild: + Stable on ppc64 + + 06 Jul 2007; Jose Luis Rivero <yoswink@gentoo.org> + sandbox-1.2.18.1.ebuild: + Stable on alpha. See bug #183673 + + 01 Jul 2007; Piotr Jaroszyński <peper@gentoo.org> sandbox-1.2.12.ebuild, + sandbox-1.2.16.ebuild, sandbox-1.2.17.ebuild, sandbox-1.2.18.ebuild, + sandbox-1.2.18.1.ebuild, sandbox-1.2.20_alpha1-r2.ebuild, + sandbox-1.2.20_alpha2.ebuild: + (QA) RESTRICT="multilib-pkg-force" -> EMULTILIB_PKG="true" + + 24 Jun 2007; Piotr Jaroszyński <peper@gentoo.org> sandbox-1.2.18.ebuild: + (QA) Don't use KEYWORDS="-*". bug #160519. + + 22 Nov 2006; Diego Pettenò <flameeyes@gentoo.org> + sandbox-1.2.20_alpha2.ebuild: + Add ~sparc-fbsd keyword. + + 04 Sep 2006; Diego Pettenò <flameeyes@gentoo.org> + sandbox-1.2.20_alpha2.ebuild: + Add ~x86-fbsd keyword. + +*sandbox-1.2.20_alpha2 (11 Jul 2006) + + 11 Jul 2006; Martin Schlemmer <azarah@gentoo.org> + +sandbox-1.2.20_alpha2.ebuild: + New testing version. + + 09 Jul 2006; Joshua Kinard <kumba@gentoo.org> sandbox-1.2.17.ebuild: + Marked stable on mips (even though it doesn't even work, best to keep up...) + +*sandbox-1.2.20_alpha1-r2 (08 Jul 2006) +*sandbox-1.2.20_alpha1-r1 (08 Jul 2006) + + 08 Jul 2006; Martin Schlemmer <azarah@gentoo.org> + +files/sandbox-1.2.20_alpha1-double-free.patch, + +sandbox-1.2.20_alpha1-r1.ebuild, +sandbox-1.2.20_alpha1-r2.ebuild: + More bugfixes. + +*sandbox-1.2.20_alpha1 (07 Jul 2006) + + 07 Jul 2006; Martin Schlemmer <azarah@gentoo.org> +files/09sandbox, + +sandbox-1.2.20_alpha1.ebuild: + Testing release for feedback. Check package.mask for details. + + 20 May 2006; Bryan Østergaard <kloeri@gentoo.org> sandbox-1.2.17.ebuild: + Stable on ia64. + + 20 May 2006; Bryan Østergaard <kloeri@gentoo.org> sandbox-1.2.17.ebuild: + Stable on alpha. + +*sandbox-1.2.18.1 (19 May 2006) + + 19 May 2006; Martin Schlemmer <azarah@gentoo.org> + +sandbox-1.2.18.1.ebuild: + New bugfix release. + + 11 May 2006; Joshua Jackson <tsunam@gentoo.org> sandbox-1.2.17.ebuild: + stable x86; bug #132025 + + 10 May 2006; Martin Schlemmer <azarah@gentoo.org> sandbox-1.2.18.ebuild: + Mask 1.2.18 for now, as it have a double-free issue. + + 03 May 2006; Joseph Jezak <josejx@gentoo.org> sandbox-1.2.17.ebuild: + Marked ppc stable for bug #132025. + + 03 May 2006; Patrick McLean <chutzpah@gentoo.org> sandbox-1.2.17.ebuild: + Stable on amd64 (bug #132025) + + 03 May 2006; Gustavo Zacarias <gustavoz@gentoo.org> sandbox-1.2.17.ebuild: + Stable on hppa wrt #132025 + +*sandbox-1.2.18 (03 May 2006) + + 03 May 2006; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.18.ebuild: + New release. + + 03 May 2006; Markus Rothe <corsair@gentoo.org> sandbox-1.2.17.ebuild: + Stable on ppc64; bug #132025 + + 02 May 2006; Gustavo Zacarias <gustavoz@gentoo.org> sandbox-1.2.17.ebuild: + Stable on sparc wrt #132025 + + 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> sandbox-1.2.12.ebuild: + Marked stable on mips (doesn't actually work well, but we disable it in + profiles). + + 06 Feb 2006; Martin Schlemmer <azarah@gentoo.org> sandbox-1.2.17.ebuild: + Fix docs installation. + +*sandbox-1.2.17 (05 Dec 2005) + + 05 Dec 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.17.ebuild: + New release. + +*sandbox-1.2.16 (02 Dec 2005) + + 02 Dec 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.16.ebuild: + New release. + +*sandbox-1.2.15 (01 Dec 2005) + + 01 Dec 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.15.ebuild: + New release. + +*sandbox-1.2.14 (28 Nov 2005) + + 28 Nov 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.14.ebuild: + New release. + + 14 Nov 2005; Martin Schlemmer <azarah@gentoo.org> sandbox-1.2.13.ebuild: + Simplify multilib building logic. Other cleanups. + + 13 Oct 2005; Martin Schlemmer <azarah@gentoo.org> sandbox-1.2.12.ebuild, + sandbox-1.2.13.ebuild: + Add workaround for bug #109036. + + 07 Oct 2005; Jeremy Huddleston <eradicator@gentoo.org> + sandbox-1.2.9.ebuild, sandbox-1.2.10.ebuild, sandbox-1.2.11.ebuild, + sandbox-1.2.12.ebuild, sandbox-1.2.13.ebuild: + Some changes for amd64 2006.0. + +*sandbox-1.2.13 (12 Sep 2005) + + 12 Sep 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.13.ebuild: + New release. + + 30 Aug 2005; Fernando J. Pereda <ferdy@gentoo.org> sandbox-1.2.12.ebuild: + stable on alpha wrt bug #101433 + + 16 Aug 2005; Gustavo Zacarias <gustavoz@gentoo.org> sandbox-1.2.12.ebuild: + Stable on sparc wrt #101433 + + 15 Aug 2005; Danny van Dyk <kugelfang@gentoo.org> sandbox-1.2.12.ebuild: + Marked stable on amd64. + + 15 Aug 2005; Michael Hanselmann <hansmi@gentoo.org> sandbox-1.2.12.ebuild: + Stable on ppc and hppa. + + 15 Aug 2005; Ian Leitch <port001@gentoo.org> sandbox-1.2.12.ebuild: + Stable on x86, #101433 + + 15 Aug 2005; Markus Rothe <corsair@gentoo.org> sandbox-1.2.12.ebuild: + Stable on ppc64 (bug #101433) + +*sandbox-1.2.12 (05 Aug 2005) + + 05 Aug 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.12.ebuild: + New release. + + 23 Jul 2005; MATSUU Takuto <matsuu@gentoo.org> sandbox-1.2.11.ebuild: + Stable on sh. + + 22 Jul 2005; Jason Stubbs <jstubbs@gentoo.org> sandbox-1.2.11.ebuild: + Stable on mips per hardave's request. #96782 + + 21 Jul 2005; Rene Nussbaumer <killerfox@gentoo.org> sandbox-1.2.11.ebuild: + Stable on hppa. bug #96782 + + 21 Jul 2005; Aron Griffis <agriffis@gentoo.org> sandbox-1.2.11.ebuild: + stable on alpha + + 21 Jul 2005; Aron Griffis <agriffis@gentoo.org> sandbox-1.2.11.ebuild: + stable on ia64 + + 21 Jul 2005; Chris Gianelloni <wolf31o2@gentoo.org> sandbox-1.2.11.ebuild: + Marking stable on x86 for bug #96782. + + 21 Jul 2005; Joseph Jezak <josejx@gentoo.org> sandbox-1.2.11.ebuild: + Marked ppc stable for bug #96782. + + 20 Jul 2005; Markus Rothe <corsair@gentoo.org> sandbox-1.2.11.ebuild: + Stable on ppc64 (bug #96782) + + 20 Jul 2005; Gustavo Zacarias <gustavoz@gentoo.org> sandbox-1.2.11.ebuild: + Stable on sparc wrt #96782 + + 20 Jul 2005; Danny van Dyk <kugelfang@gentoo.org> sandbox-1.2.11.ebuild: + Marked stable on amd64. + + 18 Jul 2005; Guy Martin <gmsoft@gentoo.org> sandbox-1.2.10.ebuild: + Stable on hppa. + + 15 Jul 2005; Bryan Østergaard <kloeri@gentoo.org> sandbox-1.2.10.ebuild: + Stable on alpha + ia64, bug 99019. + + 14 Jul 2005; Gustavo Zacarias <gustavoz@gentoo.org> sandbox-1.2.10.ebuild: + Stable on sparc wrt #99019 + + 14 Jul 2005; Joseph Jezak <josejx@gentoo.org> sandbox-1.2.10.ebuild: + Marked ppc stable for bug #99019. + + 15 Jul 2005; Jason Stubbs <jstubbs@gentoo.org> sandbox-1.2.9.ebuild, + sandbox-1.2.10.ebuild, sandbox-1.2.11.ebuild: + Removed ppc-macos from keywords as sandbox does not work there yet. + +*sandbox-1.2.11 (14 Jul 2005) + + 14 Jul 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.11.ebuild: + New release. + + 14 Jul 2005; Jeremy Huddleston <eradicator@gentoo.org> + sandbox-1.2.10.ebuild: + Stable amd64. + + 12 Jul 2005; Markus Rothe <corsair@gentoo.org> sandbox-1.2.10.ebuild: + Stable on ppc64 + + 10 Jul 2005; Martin Schlemmer <azarah@gentoo.org> + +files/sandbox-1.2.9-uclibc-getcwd.patch, + +files/sandbox-1.2.10-uclibc-getcwd.patch, sandbox-1.2.9.ebuild, + sandbox-1.2.10.ebuild: + Add some fixes to the getcwd implementation, bug #98419. + + 05 Jul 2005; Jeremy Huddleston <eradicator@gentoo.org> + sandbox-1.2.9.ebuild: + Stable amd64 for 2005.1 + +*sandbox-1.2.10 (03 Jul 2005) + + 03 Jul 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.10.ebuild: + Update version. + +*sandbox-1.2.9 (09 Jun 2005) + + 09 Jun 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.9.ebuild: + Update version. + +*sandbox-1.2.8 (13 May 2005) + + 13 May 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.8.ebuild: + Cleanups and hopefully finally kill bug #91541. Fix bug #92478. + +*sandbox-1.2.7 (12 May 2005) + + 12 May 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.7.ebuild: + Lots of cleanups and fixes - see ChangeLog in /usr/share/doc. + +*sandbox-1.2.6 (10 May 2005) + + 10 May 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.6.ebuild: + Workaround for tsocks incompatability, bug #91541. + +*sandbox-1.2.5-r2 (09 May 2005) + + 09 May 2005; Jeremy Huddleston <eradicator@gentoo.org> + +sandbox-1.2.5-r2.ebuild: + On some versions of portage, CFLAGS_* do not survive across ebuild.sh + stages, so we must ensure the multilib setup always gets rerun for each + stage. + +*sandbox-1.2.5-r1 (06 May 2005) + + 06 May 2005; Jeremy Huddleston <eradicator@gentoo.org> + +sandbox-1.2.5-r1.ebuild: + Revbump to fix problems with amd64 2004.3's multilib. Cleaned up multilib + handling in general. 2004.3 amd64 users should have working 32bit sandbox + again. + + 04 May 2005; Mike Frysinger <vapier@gentoo.org> sandbox-1.2.5.ebuild: + Fix multilib building on amd64/2004.3 profiles. + +*sandbox-1.2.5 (04 May 2005) + + 04 May 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.5.ebuild: + General fixes. Fix for bug #91431. + +*sandbox-1.2.4 (03 May 2005) + + 03 May 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.4.ebuild: + Some speedups (bug #91040) and uclibc fixes. + +*sandbox-1.2.3 (29 Apr 2005) + + 29 Apr 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.3.ebuild: + Fixup libc detection. Fix bug or two. + +*sandbox-1.2.2 (28 Apr 2005) + + 28 Apr 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.2.ebuild: + Bug fixes for bug #90592. + +*sandbox-1.2.1-r3 (24 Apr 2005) + + 24 Apr 2005; Jeremy Huddleston <eradicator@gentoo.org> + +sandbox-1.2.1-r3.ebuild: + Fix multilib. + +*sandbox-1.2.1 (24 Apr 2005) + 24 Apr 2005; Brian Harring <ferringb@gentoo.org> +sandbox-1.2.1-r2.ebuild: + Amd64 fix for 90135. + +*sandbox-1.2.1 (24 Apr 2005) + + 24 Apr 2005; Jason Stubbs <jstubbs@gentoo.org> +sandbox-1.2.1-r1.ebuild: + Added missing check_multilib function. + +*sandbox-1.2.1 (23 Apr 2005) + + 23 Apr 2005; Martin Schlemmer <azarah@gentoo.org> +sandbox-1.2.1.ebuild: + Fix for bug #90153. + +*sandbox-1.2 (Apr 23 2005) + + 23 Apr 2005; Brian Harring <ferringb@gentoo.org>; sandbox-1.2.ebuild + Initial import of cvs head sandbox code. Multilib portion of it + could stand testing. diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest new file mode 100644 index 0000000..5b23996 --- /dev/null +++ b/sys-apps/sandbox/Manifest @@ -0,0 +1,33 @@ +AUX 0001-libsandbox-handle-more-at-functions.patch 1473 SHA256 7681e867bb4dea26d165f9a066dca798519e2fd57b49c7b31c0c2fc254037523 SHA512 ec3655a6fd12347ffd454648428be16a02394f6dfd592075753bb794771a15824675f612ed22206b0e14665706aa24405f8d9aa94a099238344c1525803de72a WHIRLPOOL dc4918171f8501cdab072cb8dc953056bfcb24c1b4f78e683fb01902a7029d1aed4fd47f42e6e0d493bceacbed99535c2ef9bf4c4df57fdb6d789821b1479888 +AUX 09sandbox 37 SHA256 73e9e9d12ba54f1c649813ec86107924050528852c890a8ba1e2853796781bbe SHA512 4e8a9c58debde6480224a45559c5f2db4765213d151e47937f9142f110cac3681bf6402acaf21249a37bb17398e7bc00ae7feee68ecdb5b9363c432eac1b052a WHIRLPOOL 80d55a34d3faf3314f2b9de2200d4b46a800128514be9e30eb59e5f03fb7a0a5197a9e5b5ab33d6b68d35bf83c86a1bd7ba734a33ccd382fe0af3b2c2a11d0bd +AUX sandbox-1.2.17-prefix.patch 8201 SHA256 344fe4dd9f217aba3216f9564cc96d2ff5986158397c1e0e9921b41f3daa6a83 SHA512 ef5fbd258b804a108d06557432f4ae0b7f629f2f82f2a57fb20b0c75112744294c8428c9b7f9cb011b0e8275829eca2578072dbd50a0ae379bb2f094569e2052 WHIRLPOOL 3ae92b2453d7faf87d52027777b1f226dfa7ca1aab2b766dae9e177b9c8c85026461d0ae6e9841342aa36adee1af68ca029b1ae1add73620d6af4512b4978a26 +AUX sandbox-1.2.18.1-open-cloexec.patch 492 SHA256 922cf7277af89bbfa03633f515beeb309b4bd53e9856504f714f7833821b54cf SHA512 f88bacd0a65b10fa9f08348e7f81215e307aac57deb702178c7f0a9ebc7b98d1211ebbfc00b987d0b876d2a24eace4379314c734115bfbc995331535c80b8b50 WHIRLPOOL 152c687a774f05111f8761440d509ea58bac972da6820d9de922e19c7707e9f3a7171f1d690686a9f1eedfdca5400466cba9cc9e934f47ee4d1947c6c0d3af34 +AUX sandbox-1.2.18.1-open-normal-fail.patch 3144 SHA256 9c3b6c4c5595b95f6a00fa9e94f72bbcb41cd5ba689a8a29ebf61c6024e73449 SHA512 3ac8d20efddf5d14bcef0f322e7b8cee31ddfbf68b649965a78c2e17c6535f270be7fe01e2b83379fa2a85455b9b37bd9750118fefe132be61fea52120252d9c WHIRLPOOL 318ccbd7c66ff4a7a4833371678f4567f2eea5a8aaa6f882d38bda4c566976e231f31520a780df4bcd2671d5e3cd612e4ab901f5ae96f446efeb9426a030c776 +AUX sandbox-1.2.18.1-rtld-validation.patch 1415 SHA256 821c22ce76c4a75ad4e5bde186744811bbf73de341c16c5890edfd8b20c95cf5 SHA512 54aee3a194b02c32bbd89caddddde0923494ffb47ddfeabb1ca42635946b7dc4b187f09c30a86cd052651dad1618e7e6cc19e715291e6eaf1a64e70c48f053ba WHIRLPOOL a71e9d0fa136a34c59e5095cf07cde56f70319977196f5c74482153dd4a72a9a443bee688dec77c9caa5ffafed4fd74e4ee2770d91d9936c8bb47c844225a7ee +AUX sandbox-1.2.20_alpha2-parallel.patch 259 SHA256 e14bf149853ae5d276a852b2aac66d0ec53ad9b0fc5babda61e112ca59a9b862 SHA512 9b7a3885d74b247502792277abfc342a5cfcc52358a2263b9f00852f7a1fb96708cac6800206900c8aa36d81a770b2b5576ef6390c39caed5588dd2faa318418 WHIRLPOOL c8e1365c70d4e56a5c6ca24ef1b5d3be41c1325b65afafb0a167704c28342271bc6f7f4a2051a59bdaf7b124bdaf3269a32f0b594a9b6e0d581bee9bd347515c +AUX sandbox-1.6-disable-pthread.patch 959 SHA256 c4fefddab05d440b3b1c2df766c5b2abd7c543cd2aa4cf1e61c0d3c3dd905f0c SHA512 3cbb244f7c8e77030dd2194770a2dcae7b052c302d9b4cb0549465ebfb18f719d93daefbd6d1cdee2a630fc077b04e83c5b7c7f72b667adb6b8e322dee6d7056 WHIRLPOOL 1c603db0b7d810715dc5461740103ac29061e1eace2459bfb59ed576f45f81aadb9883a1afedf0ddde51bcda56b23abd26936426fd2a6ae3becb7e0c6054fc9e +AUX sandbox-1.6-disable-qa-static.patch 332 SHA256 060afa33dcfb6836676dc0febd5bc272b66b55e3753f739b56664e9ebce0eb20 SHA512 8839d4e279be41f1ee118b897c7eae8fd4058e4b7ecc1b5872450c177e09b5eefe569964efc294bd6f3e4ea92a3b4ba9840852d2be8db14810cd4578640ca6c4 WHIRLPOOL 6730b53afc16033911527492b0bf14a35f0e4b0b7cf3d42b1af299e9caa4a82f5e424e514aec81720da53a497cbc31b4f3928fc85dc8b04f979b726dce5ff2d8 +AUX sandbox-1.9-setoptions.patch 634 SHA256 4d09691f682d232add061eeb4de61eadbf1586fd1b8f3c2351bbb08766d117a0 SHA512 4880541186d24dbf216601293f8c41e1bba1032f454f4e1bf8bc2e352dde0520e025f178b651e600a6ce4ce2b2afaa3a7741f8de7695e27fa09e14c07da95809 WHIRLPOOL 4e050fa85f4b7f8192df984849522ef267ad93a6e53bc0981ce46faa1a835924cea6c9682c9b0ec9e77c44072b1df679d7c0c807e6dc5b848a0a10dfe22a6195 +AUX sandbox-2.0-prefix.patch 1716 SHA256 29724ac6605bc6404d68e28a81d0303b0572d1990d8b37ca01b665b5b66f1ad2 SHA512 8b47e5ecc0367f25fa539be0ebe09844b2fb7e643ea21b6134b9c4cfe7c0b2b8f00c15da82e19cbdc7a2b98f48e92fe967d18e2579700738f01d778f99818dc8 WHIRLPOOL 3228316ffc48001011ed29862df9dd88724a63edeee29eb49a5ebbf28479ea38fb9258298fd2a413ad0c7cbc6e2f8dc69ad046ad386390eaa8391b4f06333b79 +AUX sandbox-2.0-setoptions.patch 517 SHA256 ce365c6ab54ab60ac539728b3419e28499512a2e3ced5de3bf0455c2c35d93d5 SHA512 5b80bcb3ffcf3cf105780b72a86af8260784e544dd71ff88b5e5c85d5f95558db64cc86454b9371b2069f2e644b3841fa0ad6df967eeb42ef168851a4690cf6e WHIRLPOOL c1f70a21f901aa1089455925cf0c434660506a5be8f952837428bb15fc91fb31b2d0b3cc83d78024001c2b8198b17fc23539485c4060715ea523c6cb4872a5ee +AUX sandbox-2.2-prefix.patch 881 SHA256 fa51c7876c7a95ff3a0fda5f84563d83720e011ec93fc8b5860a92a90f725afa SHA512 72095e1237a19918255aa94898e3871248d20df9f6d0fef22ecb29036b65dd508c23cb8d716d0afc1627c79a3afa09d1022b20ca8d22636229df9d791d5df6fc WHIRLPOOL dd5555c75e6b30c20f29c47ed267fd99b7faf924e0afdd8b5652008fa7ebdeeb298edc88067a29e596f8e6d2070768bc048813bb38dc410ddea4281ca9d49275 +AUX sandbox-2.6-check-empty-paths-at.patch 7454 SHA256 a48759a4d3e9a70713473b6fad59bdd750b5cd37e7d632c786205ff20004ae2c SHA512 5eba7915dedf57f44c37881e9c6b48db8733d1493779a33127d08bb9ea77056d788ec9ace72c13eb101f42f01c95309c7cebca6c76212a8c99a8655372c0b7d7 WHIRLPOOL 46eb3a8ef8f22030cd793f3b16adc190b5750019c0df83e161c6918f08555a8ad890c1425b03cbf7e53ebcd34a07a9dd9b594d0c0fe31834656ffce3d58fa284 +AUX sandbox-2.6-desktop.patch 875 SHA256 2eecf67790aeac210f9aa899a86f7664776ed65d9b55159e1b359162dfb9ff74 SHA512 b72ec7f414d19bf513dfb1aea10523fa5dc07a1375d8f08f664d204b64b23c891a79ca14987528c595936f441e1f595b366aabbc57313667c7639d73d089ed9a WHIRLPOOL 7f787b8be9b5712eb2b2a0cd2ff825df1045ebf1cc4e73a50f610e620d30752045690a5c28835465d0ab0c3c4a9eaf8b92a5c123cd741ad69dfedb31aa457fa0 +AUX sandbox-2.6-log-var.patch 2039 SHA256 f464a29cdd9de0c510277310f4febc8f96515ff2ff03fc92df1c75b9cbd75619 SHA512 cf6f900b4078eff5870b63b2bc7c81c5b00488e030d7e9ce3007693e9d1339ac6201ddacfaff552c6c9b99b6d32383229133c80190404b7e4fde06ad376b2050 WHIRLPOOL db99737a6567788194f7b37b12b92fcfb4c263df40f40aef9e0a3ef2b6a1523331313b791fffa2b26775b646795364ab1db1711eb4329cda3337df27aebfeffa +AUX sandbox-2.6-open-nofollow.patch 2027 SHA256 c8816ae4e1991f9941abd43ec4bfdbf4e99cf36ee90694f77ab88754c53785ce SHA512 dd5222f32a40def38c9719363a24c48d5b112e3560b44c5f32afc3daa0614fe9bc5cb68ca8ac69032cc8d6299f09b25d4d7c72e16892188b42768ffb28c19f07 WHIRLPOOL 03cb5fb9df04a8d7f92855c292a6c431d01d330fecae198f2c4b95d824454f10ce1ad66db1a9d54d1bef5f74989cf6debb2d98de28ee0c2c6a09c1a0752b5519 +AUX sandbox-2.6-prefix.patch 2945 SHA256 4d2d241a0e8a7f98d8bf9f2fa546b45ce3242155eb0be34397e1930452d29f6f SHA512 d0ec7ce9d3d0ec76691e027d769b355608bf8ef51b395338f41bbb22d46c4cc73516e22d1b9c28b336b5a1f6369b438599032cc8dbc3cfea66c7e77fdfdff47c WHIRLPOOL 388974a38cfbd382f69a209ec124021b669bf6ed8c85b1e2227bc89345e84f1c02de8105d93ecca2a0076dc10138633915fd58c40e192c53277c53a5e49eb54b +AUX sandbox-2.6-static-close-fd.patch 2945 SHA256 807eb4dc1ba6543c94a90a9a53bb89f42079ea20ed7c196f82d65f280e5de96a SHA512 e2f57c4d80816241f3ba4828c2b27c67d1d604b14b2d575888a978e5c4e8e47e60e3a609d81e59c615bc5b7cee6194cc362e255ae8508f632862a35180c30de8 WHIRLPOOL e08f60227fe954894d3a3a01297e9988f4d7722ea75ffbd2b0f3971d38c8ce00af230fcaecb1f53243a868d54f48bb680e2d547bbeb2ee3e5a11f8942d2084fd +AUX sandbox-2.6-trace-hppa.patch 850 SHA256 20688b2f33162f95af4af5e3c7d3700f2e7776e454b785ac1398f0870f84efa9 SHA512 fb7bf2202f960e952edc1e52fe4b6b085042158223d96b9baa899e871abcdef711ede3122c971120f55f71cc1aad71496a6079222dbaaa6c14b0c6f7ea182454 WHIRLPOOL 80f7fb529b912d19d81b9d71ee4a648db7b217583f2e8f2054cc666839030ea7d0112d69d52a2bf35c4d3549ffbd81dbd0cd39d5993bfabbb43bcb6a4455ade4 +DIST sandbox-1.6.tar.lzma 307014 SHA256 52cfd286da3d5d51f3b6e012e409e931b21e32b4f2f16ba5677e46328680f4f4 SHA512 f470599a67443fa107612fef1cc73b64b3146003ae21bb5ae5abd852c4c37aec93ac09be646fda9d55d4c3aeef0cf28a42fa675f2acbb53c1d903e400538ba4c WHIRLPOOL 7c7fbe57cc831d0eb7853476e264a85bb8113620948e761563a872d3d55fd3c0ff063332397199001ea9dcb8258f348b827f337b876b2a26f727f10abbc8f712 +DIST sandbox-2.3.tar.xz 344260 SHA256 8670f7508453c2fd300ca29ad2eb457691c3df01c4c22fa27d4a7c880fd291d5 SHA512 06ddaa6dc0822474c263650e95284af6cb69c60c9443b5caaf95af8140283f937d5594849064847fe3a4ad89b29b6ef6d6e909a9b85bb5d7fcf8b427d0e9c7e4 WHIRLPOOL 5d3f45a0bbb1aeffb8c83f8978bea65764aa438a5abcb50c66b5f66232d972bde84013694f6806fcc0026cd6d37420c69655d66ec5984a1c6f71a68dcfc95d11 +DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d16f5dc6e26b042d580fd3e SHA512 c0f8b789bcabd48e03a20a97c9daa82c48f264d7641ecfa51dff7a2d2c34be398cf1db6235eb0211bf0fa78b07bd6e633e06bc102904bf9dd8a95f9fde1ca615 WHIRLPOOL 22f0f55f6e638275781ab5afa29b1a7f5e7f3335a3d2ff37d9fcce0bf9284b271bf1d69b98bcd4b06fdb9ff1528d044f9fb111a58c2a1a5ce33cbe28c0cb869d +DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53 +DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03 +EBUILD sandbox-1.6-r2.ebuild 2672 SHA256 a7a497c9ce58cb2d2162af3f9e1d1d757c1a4c6d57b4d5377fb87c589f2d3036 SHA512 0db86a82a84316495ef22ab9955789af2f9799948ea77c07808464cf7b7cd77140f66a937235f9a784472f541681fcbeb072105a5f0a53c493770e544ae0c511 WHIRLPOOL d1c4d10b1531b4ddb9a8f723014a3e58b1047c6aa981f806416fc95800c7adf00bf65588e4d37755590a8ce97d8f056fe86511a2bb32ad55cd79340352e713a7 +EBUILD sandbox-2.3-r1.ebuild 2713 SHA256 58eb10e050f4321b703d71cfdd8d83de61ab76e748046dde724e64ca21dc253f SHA512 2b054563f3bfa7998460af78e04c8a6ba2adf56180163dbd6af54d205bc25e37d02691c745a829a4470f1246e72522e7dd15c0c27fcae6948323dc620abea5c3 WHIRLPOOL ba54a9573f25e15d57a80f01c61ffe8aabb8a5f52183f85ccdf82d6c8732a6bb2c1985773d6cf4833284260060478c8e28d7d29149d3385520712b6140196590 +EBUILD sandbox-2.4.ebuild 2639 SHA256 d5b852481f07dbbf5b1f5f4761a4c16137aea8f4d8f047c27edd898cc713272e SHA512 5069787fae2e983e2af0155799792b1b6f0911e48c8a89d21fea6ae26a0cf1d08f54d34b2e3a8a0476d88f71aebc5af9da4c3151d07120c0503ffae7da9f12ac WHIRLPOOL b81f145e951fe19665eaab48450fb1fba0a97182f8a97c476048f0ee0df82ff0f36f99fa97101b9f360c66a0698c97a0b837ea855dadc07bce43e1e0f1a9f050 +EBUILD sandbox-2.5.ebuild 2880 SHA256 93a6a2d280b6aa7de27b051b3e656ffff0b903ed05e912f9c741b51083efd9be SHA512 960f9412e5c1fcc0debd53f4153b0bd001748442455a6e97e5880159d6ee7defa86baa01c8fa4f5978fccb4a60a0442d3c6e811bc91336ca1c0c8bae0d200250 WHIRLPOOL bc2787c9284651285f0c0b2458e644ccac6f34274227dd8eb4fc9246acd146f1430216b05963bffc007e3909703609ed4e6f40b45e56087ff3e7e40b42550507 +EBUILD sandbox-2.6-r1.ebuild 3140 SHA256 cfa830df1301600a9c35f4beca7af5ae8d4cf0a0d0e0e9dda22c3f7b85bf22c5 SHA512 f9947cb97329bb0fe567768e5e3d7617df0f0572c1edf0c230bb1dd6562f5d9850ea3677297fe0eca5ed9bba62dc9a49967b43140ce7d28928feb65ea268468b WHIRLPOOL a9ae16dffbef562e054cc01bb2cfda54dd59a7efa628d511332674413f0e2070333719781c8fe60f09eecce1b7ffccbb83ca44db9fffc7ea402dd45b87b6adec +EBUILD sandbox-2.6.ebuild 2970 SHA256 2afd4648e2cc4307bed2ea5c7e2d931bfd43f7f7701d42aa79b4e8f34ae6fe4a SHA512 44494b344830b87261f87a7a5c61fcaa2d230598a620aff1b846e59ecc1b9f25ad5a6430ec3710d9a4ddefa150428bda9d8f24ef31199d4007034402fd8cd658 WHIRLPOOL 9d6f02c395c28aeb520293f38079e4015d6750200196bebac894f6088537b8532e2655bfd8ac3426a5bedd02857964cfef8157f2310340ce90643c66e3fac36c +MISC ChangeLog 22966 SHA256 2b5ee0df6e4d4a7267e9b90acf607c3e21f24491044b930e2fc31d6c58683f3e SHA512 32acc2c923d0af305e379ef25c7229ffb2432da0024d6b2f24b7ad017cf9a93eb13d9d776f61058c070a77ed0436fd3c12f90be2a833d739c35a589ce87e9983 WHIRLPOOL 33bac5ef0161ece31c9fa5333142e70ce44eee0fde65468e7a03e0829eb7255350f4bced36eb4756e5bc12dde46c6b44170a7a4eae1bd90e042ede9b9fee2906 +MISC metadata.xml 316 SHA256 488f8a1ba1e1d07a159d22ac198aefee5dfa9ded04de2969019f177161abef1b SHA512 2b4ddea0bb5a40cac834a09b89624049b8561a4a4f648b4d5072c413d4eca78b5cc24859664fa746be36c8b60188e88f2ae38c2c5af30d91dc6273c0f85de278 WHIRLPOOL 64ed27fc7abb1b3b82621f6bb91f03d0070933d0423f9d323ac803354fc6acf2182df1dd85a083fa047d63561a5e92d44287ef4935a11a733244d4393edf8f6f diff --git a/sys-apps/sandbox/files/0001-libsandbox-handle-more-at-functions.patch b/sys-apps/sandbox/files/0001-libsandbox-handle-more-at-functions.patch new file mode 100644 index 0000000..09462b7 --- /dev/null +++ b/sys-apps/sandbox/files/0001-libsandbox-handle-more-at-functions.patch @@ -0,0 +1,42 @@ +From 25425878243c5ca1ff21e6f479e585c60b943930 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Mon, 30 Mar 2009 19:56:29 -0400 +Subject: [PATCH] libsandbox: handle more *at functions + +Add some more *at functions to the main checking code. + +URL: http://bugs.gentoo.org/264320 +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +Reported-by: Harald van Dijk <truedfx@gentoo.org> +--- + libsandbox/libsandbox.c | 5 +++++ + 1 files changed, 5 insertions(+), 0 deletions(-) + +diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +index 88248af..c3f0b55 100644 +--- a/libsandbox/libsandbox.c ++++ b/libsandbox/libsandbox.c +@@ -681,15 +681,20 @@ static int check_access(sbcontext_t *sbcontext, int sb_nr, const char *func, + sb_nr == SB_NR_CREAT || + sb_nr == SB_NR_CREAT64 || + sb_nr == SB_NR_MKDIR || ++ sb_nr == SB_NR_MKDIRAT || + sb_nr == SB_NR_MKNOD || + sb_nr == SB_NR_MKNODAT || + sb_nr == SB_NR__XMKNOD || + sb_nr == SB_NR___XMKNOD || + sb_nr == SB_NR___XMKNODAT || + sb_nr == SB_NR_MKFIFO || ++ sb_nr == SB_NR_MKFIFOAT || + sb_nr == SB_NR_LINK || ++ sb_nr == SB_NR_LINKAT || + sb_nr == SB_NR_SYMLINK || ++ sb_nr == SB_NR_SYMLINKAT || + sb_nr == SB_NR_RENAME || ++ sb_nr == SB_NR_RENAMEAT || + sb_nr == SB_NR_LUTIMES || + sb_nr == SB_NR_UTIMENSAT || + sb_nr == SB_NR_UTIME || +-- +1.6.2 + diff --git a/sys-apps/sandbox/files/09sandbox b/sys-apps/sandbox/files/09sandbox new file mode 100644 index 0000000..9181eb0 --- /dev/null +++ b/sys-apps/sandbox/files/09sandbox @@ -0,0 +1 @@ +CONFIG_PROTECT_MASK="/etc/sandbox.d" diff --git a/sys-apps/sandbox/files/sandbox-1.2.17-prefix.patch b/sys-apps/sandbox/files/sandbox-1.2.17-prefix.patch new file mode 100644 index 0000000..9834855 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.2.17-prefix.patch @@ -0,0 +1,209 @@ +* Michael Haubenwallner <michael.haubenwallner@salomon.at> + Prefix awareness for sandbox + +diff -ruN sandbox-1.2.17.orig/configure.ac sandbox-1.2.17/configure.ac +--- sandbox-1.2.17.orig/configure.ac 2005-12-05 15:03:35.000000000 +0100 ++++ sandbox-1.2.17/configure.ac 2006-07-27 16:14:28.000000000 +0200 +@@ -156,5 +156,7 @@ + Makefile + scripts/Makefile + data/Makefile ++ data/sandbox.bashrc ++ data/sandbox.profile + src/Makefile + ]) +diff -ruN sandbox-1.2.17.orig/data/sandbox.bashrc sandbox-1.2.17/data/sandbox.bashrc +--- sandbox-1.2.17.orig/data/sandbox.bashrc 2005-12-01 00:14:28.000000000 +0100 ++++ sandbox-1.2.17/data/sandbox.bashrc 1970-01-01 01:00:00.000000000 +0100 +@@ -1,18 +0,0 @@ +-# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com +-# Distributed under the terms of the GNU General Public License, v2 or later +-# Author : Geert Bevin <gbevin@uwyn.com> +-# $Header$ +-source /etc/profile +- +-if [[ -n ${LD_PRELOAD} && ${LD_PRELOAD} != *$SANDBOX_LIB* ]] ; then +- export LD_PRELOAD="${SANDBOX_LIB} ${LD_PRELOAD}" +-elif [[ -z ${LD_PRELOAD} ]] ; then +- export LD_PRELOAD="${SANDBOX_LIB}" +-fi +- +-export BASH_ENV="${SANDBOX_BASHRC}" +- +-alias make="make LD_PRELOAD=${LD_PRELOAD}" +-alias su="su -c '/bin/bash -rcfile ${SANDBOX_BASHRC}'" +- +-declare -r SANDBOX_ACTIVE +diff -ruN sandbox-1.2.17.orig/data/sandbox.bashrc.in sandbox-1.2.17/data/sandbox.bashrc.in +--- sandbox-1.2.17.orig/data/sandbox.bashrc.in 1970-01-01 01:00:00.000000000 +0100 ++++ sandbox-1.2.17/data/sandbox.bashrc.in 2006-07-27 16:13:40.000000000 +0200 +@@ -0,0 +1,17 @@ ++# Copyright (C) 2001 Geert Bevin, Uwyn, http://www.uwyn.com ++# Distributed under the terms of the GNU General Public License, v2 or later ++# Author : Geert Bevin <gbevin@uwyn.com> ++# $Header$ ++ ++if [[ -n ${LD_PRELOAD} && ${LD_PRELOAD} != *$SANDBOX_LIB* ]] ; then ++ export LD_PRELOAD="${SANDBOX_LIB} ${LD_PRELOAD}" ++elif [[ -z ${LD_PRELOAD} ]] ; then ++ export LD_PRELOAD="${SANDBOX_LIB}" ++fi ++ ++export BASH_ENV="${SANDBOX_BASHRC}" ++ ++alias make="make LD_PRELOAD=${LD_PRELOAD}" ++alias su="su -c '@CU_BASH@ -rcfile ${SANDBOX_PROFILE}'" ++ ++declare -r SANDBOX_ACTIVE +diff -ruN sandbox-1.2.17.orig/data/sandbox.profile.in sandbox-1.2.17/data/sandbox.profile.in +--- sandbox-1.2.17.orig/data/sandbox.profile.in 1970-01-01 01:00:00.000000000 +0100 ++++ sandbox-1.2.17/data/sandbox.profile.in 2006-07-27 16:12:05.000000000 +0200 +@@ -0,0 +1,7 @@ ++# Copyright (C) 2001 Michael Haubenwallner, Salomon Automation, http://www.salomon.at ++# Distributed under the terms of the GNU General Public License, v2 or later ++# Author : Michael Haubenwallner <michael.haubenwallner@salomon.at> ++# $Header$ ++ ++source @sysconfdir@/profile ++source "${SANDBOX_BASHRC}" +diff -ruN sandbox-1.2.17.orig/src/Makefile.am sandbox-1.2.17/src/Makefile.am +--- sandbox-1.2.17.orig/src/Makefile.am 2005-12-05 14:16:52.000000000 +0100 ++++ sandbox-1.2.17/src/Makefile.am 2006-07-27 16:12:05.000000000 +0200 +@@ -7,6 +7,7 @@ + -DPIC -fPIC -D_REENTRANT \ + -DLIBSANDBOX_PATH=\"$(libdir)\" \ + -DSANDBOX_BASHRC_PATH=\"$(pkgdatadir)\" \ ++ -DLOCALSTATEDIR=\"$(localstatedir)\" \ + -I$(top_srcdir) -Wall + + LOCAL_INCLUDES = $(top_srcdir)/localdecls.h +diff -ruN sandbox-1.2.17.orig/src/sandbox.c sandbox-1.2.17/src/sandbox.c +--- sandbox-1.2.17.orig/src/sandbox.c 2005-12-05 14:15:45.000000000 +0100 ++++ sandbox-1.2.17/src/sandbox.c 2006-07-27 16:12:05.000000000 +0200 +@@ -33,6 +33,7 @@ + char sandbox_debug_log[SB_PATH_MAX]; + char sandbox_lib[SB_PATH_MAX]; + char sandbox_rc[SB_PATH_MAX]; ++ char sandbox_profile[SB_PATH_MAX]; + char work_dir[SB_PATH_MAX]; + char var_tmp_dir[SB_PATH_MAX]; + char tmp_dir[SB_PATH_MAX]; +@@ -81,6 +82,9 @@ + /* Generate sandbox bashrc path */ + get_sandbox_rc(sandbox_info->sandbox_rc); + ++ /* Generate sandbox bashprofile path */ ++ get_sandbox_profile(sandbox_info->sandbox_profile); ++ + /* Generate sandbox log full path */ + get_sandbox_log(sandbox_info->sandbox_log); + if (1 == exists(sandbox_info->sandbox_log)) { +@@ -278,6 +282,7 @@ + unsetenv(ENV_SANDBOX_ON); + unsetenv(ENV_SANDBOX_LIB); + unsetenv(ENV_SANDBOX_BASHRC); ++ unsetenv(ENV_SANDBOX_PROFILE); + unsetenv(ENV_SANDBOX_LOG); + unsetenv(ENV_SANDBOX_DEBUG_LOG); + +@@ -322,6 +327,7 @@ + sandbox_setenv(new_environ, ENV_SANDBOX_ON, "1"); + sandbox_setenv(new_environ, ENV_SANDBOX_LIB, sandbox_info->sandbox_lib); + sandbox_setenv(new_environ, ENV_SANDBOX_BASHRC, sandbox_info->sandbox_rc); ++ sandbox_setenv(new_environ, ENV_SANDBOX_PROFILE, sandbox_info->sandbox_profile); + sandbox_setenv(new_environ, ENV_SANDBOX_LOG, sandbox_info->sandbox_log); + sandbox_setenv(new_environ, ENV_SANDBOX_DEBUG_LOG, + sandbox_info->sandbox_debug_log); +@@ -458,6 +464,11 @@ + exit(EXIT_FAILURE); + } + ++ if (0 >= exists(sandbox_info.sandbox_profile)) { ++ perror("sandbox: Could not open the sandbox profile file"); ++ exit(EXIT_FAILURE); ++ } ++ + /* set up the required environment variables */ + if (print_debug) + printf("Setting up the required environment variables.\n"); +@@ -476,7 +487,7 @@ + argv_bash = (char **)malloc(6 * sizeof(char *)); + argv_bash[0] = strdup("/bin/bash"); + argv_bash[1] = strdup("-rcfile"); +- argv_bash[2] = strdup(sandbox_info.sandbox_rc); ++ argv_bash[2] = strdup(sandbox_info.sandbox_profile); + + if (argc < 2) + argv_bash[3] = NULL; +diff -ruN sandbox-1.2.17.orig/src/sandbox.h sandbox-1.2.17/src/sandbox.h +--- sandbox-1.2.17.orig/src/sandbox.h 2005-12-05 14:23:13.000000000 +0100 ++++ sandbox-1.2.17/src/sandbox.h 2006-07-27 16:12:05.000000000 +0200 +@@ -17,10 +17,11 @@ + #define LD_PRELOAD_FILE "/etc/ld.so.preload" + #define LIB_NAME "libsandbox.so" + #define BASHRC_NAME "sandbox.bashrc" ++#define BASHPROFILE_NAME "sandbox.profile" + #define TMPDIR "/tmp" +-#define VAR_TMPDIR "/var/tmp" +-#define PORTAGE_TMPDIR "/var/tmp/portage" +-#define SANDBOX_LOG_LOCATION "/var/log/sandbox" ++#define VAR_TMPDIR LOCALSTATEDIR "/tmp" ++#define PORTAGE_TMPDIR VAR_TMPDIR "/portage" ++#define SANDBOX_LOG_LOCATION LOCALSTATEDIR "/log/sandbox" + #define LOG_FILE_PREFIX "/sandbox-" + #define DEBUG_LOG_FILE_PREFIX "/sandbox-debug-" + #define LOG_FILE_EXT ".log" +@@ -38,6 +39,7 @@ + + #define ENV_SANDBOX_LIB "SANDBOX_LIB" + #define ENV_SANDBOX_BASHRC "SANDBOX_BASHRC" ++#define ENV_SANDBOX_PROFILE "SANDBOX_PROFILE" + #define ENV_SANDBOX_LOG "SANDBOX_LOG" + #define ENV_SANDBOX_DEBUG_LOG "SANDBOX_DEBUG_LOG" + +diff -ruN sandbox-1.2.17.orig/src/sandbox_utils.c sandbox-1.2.17/src/sandbox_utils.c +--- sandbox-1.2.17.orig/src/sandbox_utils.c 2005-12-05 09:36:32.000000000 +0100 ++++ sandbox-1.2.17/src/sandbox_utils.c 2006-07-27 16:12:05.000000000 +0200 +@@ -42,6 +42,11 @@ + snprintf(path, SB_PATH_MAX, "%s/%s", SANDBOX_BASHRC_PATH, BASHRC_NAME); + } + ++void get_sandbox_profile(char *path) ++{ ++ snprintf(path, SB_PATH_MAX, "%s/%s", SANDBOX_BASHRC_PATH, BASHPROFILE_NAME); ++} ++ + void get_sandbox_log(char *path) + { + char *sandbox_log_env = NULL; +--- sandbox-1.2.17/data/Makefile.am.orig 2006-07-27 16:25:09.000000000 +0200 ++++ sandbox-1.2.17/data/Makefile.am 2006-07-27 16:25:18.000000000 +0200 +@@ -1,3 +1 @@ +-dist_pkgdata_DATA = sandbox.bashrc +- +-EXTRA_DIST = sandbox.bashrc ++dist_pkgdata_DATA = sandbox.bashrc sandbox.profile +diff -ru sandbox-1.2.17.orig/configure.ac sandbox-1.2.17/configure.ac +--- sandbox-1.2.17.orig/configure.ac 2005-12-05 15:03:35.000000000 +0100 ++++ sandbox-1.2.17/configure.ac 2006-07-21 13:12:39.000000000 +0200 +@@ -10,6 +10,8 @@ + AC_PROG_MAKE_SET + AC_PROG_AWK + AC_CHECK_PROGS([READELF], [readelf], [false]) ++AC_PATH_PROGS([CU_BASH], [bash], [/bin/bash]) ++AC_DEFINE_UNQUOTED([CU_BASH], ["${CU_BASH}"], [path to bash binary]) + + AC_ENABLE_SHARED + AC_DISABLE_STATIC +diff -ru sandbox-1.2.17.orig/src/sandbox.c sandbox-1.2.17/src/sandbox.c +--- sandbox-1.2.17.orig/src/sandbox.c 2005-12-05 14:15:45.000000000 +0100 ++++ sandbox-1.2.17/src/sandbox.c 2006-07-21 13:15:29.000000000 +0200 +@@ -474,7 +474,7 @@ + chdir(sandbox_info.work_dir); + + argv_bash = (char **)malloc(6 * sizeof(char *)); +- argv_bash[0] = strdup("/bin/bash"); ++ argv_bash[0] = strdup(CU_BASH); + argv_bash[1] = strdup("-rcfile"); + argv_bash[2] = strdup(sandbox_info.sandbox_rc); + diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch new file mode 100644 index 0000000..806f1a3 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-cloexec.patch @@ -0,0 +1,15 @@ +http://bugs.gentoo.org/196720 + +mark the new "e" fopen() flag as safe + +--- sandbox-1.2.18.1/src/libsandbox.c ++++ sandbox-1.2.18.1/src/libsandbox.c +@@ -1595,7 +1595,7 @@ + { + if (*mode == 'r' && (0 == (strcmp(mode, "r")) || + /* The strspn accept args are known non-writable modifiers */ +- (strlen(++mode) == strspn(mode, "xbtmc")))) { ++ (strlen(++mode) == strspn(mode, "xbtmce")))) { + return before_syscall("open_rd", file); + } else { + return before_syscall("open_wr", file); diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch new file mode 100644 index 0000000..49b57e4 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch @@ -0,0 +1,99 @@ +Patch from Kevin F. Quinn at https://bugs.gentoo.org/show_bug.cgi?id=135745 +Already applied in sandbox svn + +Makes sandboxed open() calls return the normal error conditions if the +file in question does not exist, without causing a sandbox violation. +This allows programs to use open() to test for file existance, regardless +of read-write flags. This is not revealing any further information about +the backing system because this data was already available through stat(). + +Index: src/libsandbox.c +=================================================================== +--- src/libsandbox.c.orig ++++ src/libsandbox.c +@@ -80,6 +80,9 @@ + #define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \ + ((0 == is_sandbox_on()) || (1 == before_syscall_access(_func, _path, _flags))) + ++#define FUNCTION_SANDBOX_FAIL_OPEN_INT(_func, _path, _flags) \ ++ ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags))) ++ + #define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \ + ((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags))) + +@@ -388,6 +391,16 @@ static FILE * (*true_ ## _name) (const c + FILE *_name(const char *pathname, const char *mode) \ + { \ + FILE *result = NULL; \ ++ int my_errno = errno; \ ++ struct stat st; \ ++\ ++ if (mode!=NULL && mode[0]=='r') { \ ++ /* If we're trying to read, fail normally if file does not stat */\ ++ if (-1 == stat(pathname, &st)) { \ ++ return NULL; \ ++ } \ ++ } \ ++ errno = my_errno; \ + \ + if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \ + check_dlsym(_name); \ +@@ -561,12 +574,20 @@ int _name(const char *pathname, int flag + va_list ap; \ + int mode = 0; \ + int result = -1; \ ++ int my_errno = errno; \ ++ struct stat st; \ + \ + if (flags & O_CREAT) { \ + va_start(ap, flags); \ + mode = va_arg(ap, int); \ + va_end(ap); \ ++ } else { \ ++ /* If we're not trying to create, fail normally if file does not stat */\ ++ if (-1 == stat(pathname, &st)) { \ ++ return -1; \ ++ } \ + } \ ++ errno = my_errno; \ + \ + if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \ + check_dlsym(_name); \ +@@ -726,6 +747,16 @@ static FILE * (*true_ ## _name) (const c + FILE *_name(const char *pathname, const char *mode) \ + { \ + FILE *result = NULL; \ ++ int my_errno = errno; \ ++ struct stat64 st; \ ++\ ++ if (mode!=NULL && mode[0]=='r') { \ ++ /* If we're trying to read, fail normally if file does not stat */\ ++ if (-1 == stat64(pathname, &st)) { \ ++ return NULL; \ ++ } \ ++ } \ ++ errno = my_errno; \ + \ + if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \ + check_dlsym(_name); \ +@@ -746,12 +777,20 @@ int _name(const char *pathname, int flag + va_list ap; \ + int mode = 0; \ + int result = -1; \ ++ int my_errno = errno; \ ++ struct stat64 st; \ + \ + if (flags & O_CREAT) { \ + va_start(ap, flags); \ + mode = va_arg(ap, int); \ + va_end(ap); \ ++ } else { \ ++ /* If we're not trying to create, fail normally if file does not stat */\ ++ if (-1 == stat64(pathname, &st)) { \ ++ return -1; \ ++ } \ + } \ ++ errno = my_errno; \ + \ + if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \ + check_dlsym(_name); \ diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch new file mode 100644 index 0000000..36e96f5 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.2.18.1-rtld-validation.patch @@ -0,0 +1,43 @@ +From: Robin H. Johnson <robbat2@gentoo.org> +Gentoo-Bug: 206678 +X-Gentoo-URL: http://bugs.gentoo.org/show_bug.cgi?id=206678 +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +Based on a previous revision by solar@gentoo.org. +It seems that on hardened systems, USE_RTLD_NEXT is not always usable, and this +trips up sandbox. + +diff -Nuar sandbox-1.2.18.1.orig/src/libsandbox.c sandbox-1.2.18.1/src/libsandbox.c +--- sandbox-1.2.18.1.orig/src/libsandbox.c 2008-06-27 16:15:53.000000000 +0000 ++++ sandbox-1.2.18.1/src/libsandbox.c 2008-06-27 16:20:26.000000000 +0000 +@@ -192,18 +192,24 @@ + { + void *symaddr = NULL; + +- if (NULL == libc_handle) { +-#if !defined(USE_RTLD_NEXT) ++#if defined(USE_RTLD_NEXT) ++ libc_handle = RTLD_NEXT; ++#endif ++ ++ /* Checking for -1UL is significent on hardened! ++ * USE_RTLD_NEXT returns it as a sign of being unusable. ++ * However using !x or NULL checks does NOT pick it up! ++ */ ++#define INVALID_LIBC_HANDLE(x) (!x || NULL == x || -1UL == x) ++ if (INVALID_LIBC_HANDLE(libc_handle)) { + libc_handle = dlopen(LIBC_VERSION, RTLD_LAZY); +- if (!libc_handle) { ++ if (INVALID_LIBC_HANDLE(libc_handle)) { + fprintf(stderr, "libsandbox: Can't dlopen libc: %s\n", + dlerror()); + exit(EXIT_FAILURE); + } +-#else +- libc_handle = RTLD_NEXT; +-#endif + } ++#undef INVALID_LIBC_HANDLE + + if (NULL == symver) + symaddr = dlsym(libc_handle, symname); diff --git a/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch b/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch new file mode 100644 index 0000000..cbf769f --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.2.20_alpha2-parallel.patch @@ -0,0 +1,12 @@ +http://bugs.gentooorg/190051 + +--- libsandbox/Makefile.in ++++ libsandbox/Makefile.in +@@ -517,6 +517,7 @@ + + + libsandbox.c: libsandbox.map symbols.h ++wrappers.c: symbols.h + + libsandbox.map: $(SYMBOLS_FILE) $(GEN_VERSION_MAP_SCRIPT) + @echo "Generating $@"; \ diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch new file mode 100644 index 0000000..490bc41 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.6-disable-pthread.patch @@ -0,0 +1,37 @@ +http://bugs.gentoo.org/263657 + +disable pthread locks ... this is how stable has always worked, so there +wont be any regressions ... + +diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c +index 034d0e7..595d17f 100644 +--- a/libsandbox/libsandbox.c ++++ b/libsandbox/libsandbox.c +@@ -814,9 +814,6 @@ + return result; + } + +-/* Need to protect the global sbcontext structure */ +-static pthread_mutex_t sb_syscall_lock = PTHREAD_MUTEX_INITIALIZER; +- + bool before_syscall(int dirfd, int sb_nr, const char *func, const char *file, int flags) + { + int old_errno = errno; +@@ -843,8 +840,6 @@ + file = at_file_buf; + } + +- pthread_mutex_lock(&sb_syscall_lock); +- + if (!sb_init) { + init_context(&sbcontext); + sb_init = true; +@@ -885,8 +880,6 @@ + + result = check_syscall(&sbcontext, sb_nr, func, file, flags); + +- pthread_mutex_unlock(&sb_syscall_lock); +- + if (0 == result) { + if ((NULL != getenv(ENV_SANDBOX_PID)) && (is_env_on(ENV_SANDBOX_ABORT))) + diff --git a/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch b/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch new file mode 100644 index 0000000..754ef01 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.6-disable-qa-static.patch @@ -0,0 +1,13 @@ +sandbox-1.7 traces static apps so disable the qa notice as it just scares +users ... dont want scary stuff in stable! + +--- libsandbox/wrapper-funcs/__wrapper_exec.c ++++ libsandbox/wrapper-funcs/__wrapper_exec.c +@@ -221,7 +221,6 @@ + if (!FUNCTION_SANDBOX_SAFE(path)) + return result; + +- sb_check_exec(path, argv); + } + #endif + diff --git a/sys-apps/sandbox/files/sandbox-1.9-setoptions.patch b/sys-apps/sandbox/files/sandbox-1.9-setoptions.patch new file mode 100644 index 0000000..34e8722 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-1.9-setoptions.patch @@ -0,0 +1,15 @@ + Fix undefined PTRACE_SETOPTIONS error, patch by grobian + +diff --git a/libsandbox/trace.c b/libsandbox/trace.c +index 7c5ec17..eaf520f 100644 +--- a/libsandbox/trace.c ++++ b/libsandbox/trace.c +@@ -425,7 +425,7 @@ void trace_main(const char *filename, char *const argv[]) + SB_DEBUG("parent waiting for child (pid=%i) to signal", trace_pid); + while (!child_stopped) + sched_yield(); +-#ifdef PTRACE_O_TRACESYSGOOD ++#if defined(PTRACE_O_TRACESYSGOOD) && defined(PTRACE_SETOPTIONS) + /* Not all kernel versions support this, so ignore return */ + ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void *)PTRACE_O_TRACESYSGOOD); + #endif diff --git a/sys-apps/sandbox/files/sandbox-2.0-prefix.patch b/sys-apps/sandbox/files/sandbox-2.0-prefix.patch new file mode 100644 index 0000000..5e32912 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.0-prefix.patch @@ -0,0 +1,37 @@ +* heiko's way of getting this thing going +http://repo.or.cz/w/heikos-i-prolly-break-your-prefix-overlay.git?a=blob;f=sys-apps/sandbox/files/sandbox-2.0-prefix.patch;h=7b4f568679522682ba784853829a0f2b1272b21d;hb=HEAD + +diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c +index b64a5ac..1cf4832 100644 +--- a/libsbutil/get_sandbox_lib.c ++++ b/libsbutil/get_sandbox_lib.c +@@ -22,6 +22,7 @@ + void get_sandbox_lib(char *path) + { + save_errno(); ++#ifndef GENTOO_PREFIX + strcpy(path, LIB_NAME); + if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) { + void *hndl = dlopen(path, RTLD_LAZY); +@@ -30,5 +31,10 @@ void get_sandbox_lib(char *path) + else + dlclose(hndl); + } ++#else ++ /* Gentoo Prefix always needs the absolute path due to DT_R*PATH usage ++ * within dlopen(). */ ++ snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); ++#endif + restore_errno(); + } +--- a/etc/sandbox.d/00default.orig 2009-06-22 14:10:30.000000000 +0200 ++++ a/etc/sandbox.d/00default 2009-06-22 14:11:41.000000000 +0200 +@@ -14,7 +14,7 @@ + # Finally add current directory if interactive + SANDBOX_WRITE="${SANDBOX_WORKDIR}" + # Needed for configure tests +-SANDBOX_WRITE="/usr/tmp/conftest:/usr/lib/conftest:/usr/lib32/conftest:/usr/lib64/conftest:/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf" ++SANDBOX_WRITE="@GENTOO_PORTAGE_EPREFIX@/usr/tmp/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/lib/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/lib32/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/lib64/conftest:@GENTOO_PORTAGE_EPREFIX@/usr/tmp/cf:@GENTOO_PORTAGE_EPREFIX@/usr/lib/cf:@GENTOO_PORTAGE_EPREFIX@/usr/lib32/cf:@GENTOO_PORTAGE_EPREFIX@/usr/lib64/cf" + + # Usually writes in /home should not cause violations + SANDBOX_PREDICT="${HOME}" diff --git a/sys-apps/sandbox/files/sandbox-2.0-setoptions.patch b/sys-apps/sandbox/files/sandbox-2.0-setoptions.patch new file mode 100644 index 0000000..9430dbb --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.0-setoptions.patch @@ -0,0 +1,11 @@ +--- libsandbox/trace.c.old 2009-06-30 10:11:40.000000000 -0500 ++++ libsandbox/trace.c 2009-06-30 10:11:58.000000000 -0500 +@@ -476,7 +476,7 @@ + } else if (trace_pid) { + SB_DEBUG("parent waiting for child (pid=%i) to signal", trace_pid); + waitpid(trace_pid, NULL, 0); +-#ifdef PTRACE_O_TRACESYSGOOD ++#if defined(PTRACE_SETOPTIONS) && defined(PTRACE_O_TRACESYSGOOD) + /* Not all kernel versions support this, so ignore return */ + ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void *)PTRACE_O_TRACESYSGOOD); + #endif diff --git a/sys-apps/sandbox/files/sandbox-2.2-prefix.patch b/sys-apps/sandbox/files/sandbox-2.2-prefix.patch new file mode 100644 index 0000000..0cd5f3f --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.2-prefix.patch @@ -0,0 +1,26 @@ +* heiko's way of getting this thing going +http://repo.or.cz/w/heikos-i-prolly-break-your-prefix-overlay.git?a=blob;f=sys-apps/sandbox/files/sandbox-2.0-prefix.patch;h=7b4f568679522682ba784853829a0f2b1272b21d;hb=HEAD + +diff --git a/libsbutil/get_sandbox_lib.c b/libsbutil/get_sandbox_lib.c +index b64a5ac..1cf4832 100644 +--- a/libsbutil/get_sandbox_lib.c ++++ b/libsbutil/get_sandbox_lib.c +@@ -22,6 +22,7 @@ + void get_sandbox_lib(char *path) + { + save_errno(); ++#ifndef GENTOO_PREFIX + strcpy(path, LIB_NAME); + if (strncmp("/usr/lib", LIBSANDBOX_PATH, 8)) { + void *hndl = dlopen(path, RTLD_LAZY); +@@ -30,5 +31,10 @@ void get_sandbox_lib(char *path) + else + dlclose(hndl); + } ++#else ++ /* Gentoo Prefix always needs the absolute path due to DT_R*PATH usage ++ * within dlopen(). */ ++ snprintf(path, SB_PATH_MAX, "%s/%s", LIBSANDBOX_PATH, LIB_NAME); ++#endif + restore_errno(); + } diff --git a/sys-apps/sandbox/files/sandbox-2.6-check-empty-paths-at.patch b/sys-apps/sandbox/files/sandbox-2.6-check-empty-paths-at.patch new file mode 100755 index 0000000..e4dc529 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-check-empty-paths-at.patch @@ -0,0 +1,201 @@ +From dd726dcc6a95355d0e0cc949018d9c8aefc89a02 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Mon, 24 Dec 2012 19:41:49 -0500 +Subject: [PATCH 1/2] libsandbox: reject "" paths with *at funcs before + checking the dirfd + +When it comes to processing errors, an empty path is checked before +an invalid dirfd. Make sure sandbox matches that behavior for the +random testsuites out there that look for this. + +URL: https://bugs.gentoo.org/346929 +Reported-by: Marien Zwart <marienz@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsandbox/wrapper-funcs/__pre_check.c | 2 ++ + libsandbox/wrapper-funcs/mkdirat_pre_check.c | 17 +++++------------ + libsandbox/wrapper-funcs/openat_pre_check.c | 15 ++++----------- + libsandbox/wrapper-funcs/unlinkat_pre_check.c | 17 +++++------------ + libsandbox/wrappers.h | 2 ++ + tests/mkdirat-3.sh | 7 +++++++ + tests/mkdirat.at | 1 + + tests/openat-2.sh | 9 +++++++++ + tests/openat.at | 1 + + tests/unlinkat-4.sh | 7 +++++++ + tests/unlinkat.at | 1 + + 11 files changed, 44 insertions(+), 35 deletions(-) + create mode 100755 tests/mkdirat-3.sh + create mode 100755 tests/openat-2.sh + create mode 100755 tests/unlinkat-4.sh + +diff --git a/libsandbox/wrapper-funcs/__pre_check.c b/libsandbox/wrapper-funcs/__pre_check.c +index 2d5711f..28ad91f 100644 +--- a/libsandbox/wrapper-funcs/__pre_check.c ++++ b/libsandbox/wrapper-funcs/__pre_check.c +@@ -20,3 +20,5 @@ + #if SB_NR_UNLINK != SB_NR_UNDEF && SB_NR_UNLINKAT == SB_NR_UNDEF + # include "unlinkat_pre_check.c" + #endif ++ ++#include "__pre_at_check.c" +diff --git a/libsandbox/wrapper-funcs/mkdirat_pre_check.c b/libsandbox/wrapper-funcs/mkdirat_pre_check.c +index 77a65df..0b48d1f 100644 +--- a/libsandbox/wrapper-funcs/mkdirat_pre_check.c ++++ b/libsandbox/wrapper-funcs/mkdirat_pre_check.c +@@ -1,20 +1,13 @@ + bool sb_mkdirat_pre_check(const char *func, const char *pathname, int dirfd) + { + char canonic[SB_PATH_MAX]; +- char dirfd_path[SB_PATH_MAX]; + + save_errno(); + +- /* Expand the dirfd path first */ +- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { +- case -1: +- sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", +- func, pathname, strerror(errno)); +- return false; +- case 0: +- pathname = dirfd_path; +- break; +- } ++ /* Check incoming args against common *at issues */ ++ char dirfd_path[SB_PATH_MAX]; ++ if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) ++ return false; + + /* Then break down any relative/symlink paths */ + if (-1 == canonicalize(pathname, canonic)) +diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c +index 0127708..5fd5eaa 100644 +--- a/libsandbox/wrapper-funcs/openat_pre_check.c ++++ b/libsandbox/wrapper-funcs/openat_pre_check.c +@@ -15,17 +15,10 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int + + save_errno(); + +- /* Expand the dirfd path first */ ++ /* Check incoming args against common *at issues */ + char dirfd_path[SB_PATH_MAX]; +- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { +- case -1: +- sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", +- func, pathname, strerror(errno)); +- return false; +- case 0: +- pathname = dirfd_path; +- break; +- } ++ if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) ++ return false; + + /* Doesn't exist -> skip permission checks */ + struct stat st; +diff --git a/libsandbox/wrapper-funcs/unlinkat_pre_check.c b/libsandbox/wrapper-funcs/unlinkat_pre_check.c +index 9f5e7d7..c004d15 100644 +--- a/libsandbox/wrapper-funcs/unlinkat_pre_check.c ++++ b/libsandbox/wrapper-funcs/unlinkat_pre_check.c +@@ -1,20 +1,13 @@ + bool sb_unlinkat_pre_check(const char *func, const char *pathname, int dirfd) + { + char canonic[SB_PATH_MAX]; +- char dirfd_path[SB_PATH_MAX]; + + save_errno(); + +- /* Expand the dirfd path first */ +- switch (resolve_dirfd_path(dirfd, pathname, dirfd_path, sizeof(dirfd_path))) { +- case -1: +- sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", +- func, pathname, strerror(errno)); +- return false; +- case 0: +- pathname = dirfd_path; +- break; +- } ++ /* Check incoming args against common *at issues */ ++ char dirfd_path[SB_PATH_MAX]; ++ if (!sb_common_at_pre_check(func, &pathname, dirfd, dirfd_path, sizeof(dirfd_path))) ++ return false; + + /* Then break down any relative/symlink paths */ + if (-1 == canonicalize(pathname, canonic)) +diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h +index 5b97787..0aa58bb 100644 +--- a/libsandbox/wrappers.h ++++ b/libsandbox/wrappers.h +@@ -28,5 +28,7 @@ attribute_hidden bool sb_mkdirat_pre_check (const char *func, const char *pathn + attribute_hidden bool sb_openat_pre_check (const char *func, const char *pathname, int dirfd, int flags); + attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags); + attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd); ++attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, ++ char *dirfd_path, size_t dirfd_path_len); + + #endif +-- +1.8.1.2 + +From 0b8a6d9773cc0e6d86bf1187f46817d5716698fe Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Mon, 24 Dec 2012 19:41:49 -0500 +Subject: [PATCH 2/2] libsandbox: reject "" paths with *at funcs before + checking the dirfd [missing file] + +When it comes to processing errors, an empty path is checked before +an invalid dirfd. Make sure sandbox matches that behavior for the +random testsuites out there that look for this. + +Forgot to `git add` in the previous commit :/. + +URL: https://bugs.gentoo.org/346929 +Reported-by: Marien Zwart <marienz@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsandbox/wrapper-funcs/__pre_at_check.c | 34 +++++++++++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + create mode 100644 libsandbox/wrapper-funcs/__pre_at_check.c + +diff --git a/libsandbox/wrapper-funcs/__pre_at_check.c b/libsandbox/wrapper-funcs/__pre_at_check.c +new file mode 100644 +index 0000000..f72c40c +--- /dev/null ++++ b/libsandbox/wrapper-funcs/__pre_at_check.c +@@ -0,0 +1,34 @@ ++/* ++ * common *at() pre-checks. ++ * ++ * Copyright 1999-2012 Gentoo Foundation ++ * Licensed under the GPL-2 ++ */ ++ ++/* We assume the parent has nested use with save/restore errno */ ++bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd, ++ char *dirfd_path, size_t dirfd_path_len) ++{ ++ /* the empty path name should fail with ENOENT before any dirfd ++ * checks get a chance to run #346929 ++ */ ++ if (*pathname && *pathname[0] == '\0') { ++ errno = ENOENT; ++ sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", ++ func, *pathname, strerror(errno)); ++ return false; ++ } ++ ++ /* Expand the dirfd path first */ ++ switch (resolve_dirfd_path(dirfd, *pathname, dirfd_path, dirfd_path_len)) { ++ case -1: ++ sb_debug_dyn("EARLY FAIL: %s(%s) @ resolve_dirfd_path: %s\n", ++ func, *pathname, strerror(errno)); ++ return false; ++ case 0: ++ *pathname = dirfd_path; ++ break; ++ } ++ ++ return true; ++} +-- +1.8.1.2 + diff --git a/sys-apps/sandbox/files/sandbox-2.6-desktop.patch b/sys-apps/sandbox/files/sandbox-2.6-desktop.patch new file mode 100755 index 0000000..fbecb07 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-desktop.patch @@ -0,0 +1,30 @@ +From 00044ab0c8aaaabf048b5ff0ec2da5b3d7d25752 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 17 Nov 2012 14:14:26 -0500 +Subject: [PATCH] sandbox.desktop: drop .svg from Icon field +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +URL: http://bugs.gentoo.org/443672 +Reported-by: Petteri Räty <betelgeuse@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + data/sandbox.desktop | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/sandbox.desktop b/data/sandbox.desktop +index 5b5b576..27a887e 100644 +--- a/data/sandbox.desktop ++++ b/data/sandbox.desktop +@@ -5,6 +5,6 @@ Type=Application + Comment=launch a sandboxed shell ... useful for debugging ebuilds + Exec=sandbox + TryExec=sandbox +-Icon=sandbox.svg ++Icon=sandbox + Categories=Development; + Terminal=true +-- +1.8.1.2 + diff --git a/sys-apps/sandbox/files/sandbox-2.6-log-var.patch b/sys-apps/sandbox/files/sandbox-2.6-log-var.patch new file mode 100755 index 0000000..bfea9e5 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-log-var.patch @@ -0,0 +1,51 @@ +From 853b42c86432eefc6d4cfba86197fb37d446366d Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sun, 3 Mar 2013 05:34:09 -0500 +Subject: [PATCH] sandbox: accept SANDBOX_LOG vars whatever their values + +Commit 40abb498ca4a24495fe34e133379382ce8c3eaca subtly broke the sandbox +with portage. It changed how the sandbox log env var was accessed by +moving from getenv() to get_sandbox_log(). The latter has path checking +and will kick out values that contain a slash. That means every time a +new process starts, a new sandbox log path will be generated, and when a +program triggers a violation, it'll write to the new file. Meanwhile, +portage itself watches the original one which never gets updated. + +This code has been around forever w/out documentation, and I can't think +of a reason we need it. So punt it. + +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsbutil/get_sandbox_log.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/libsbutil/get_sandbox_log.c b/libsbutil/get_sandbox_log.c +index a79b399..bdb4278 100644 +--- a/libsbutil/get_sandbox_log.c ++++ b/libsbutil/get_sandbox_log.c +@@ -21,17 +21,13 @@ static void _get_sb_log(char *path, const char *tmpdir, const char *env, const c + + sandbox_log_env = getenv(env); + +- if (sandbox_log_env && is_env_on(ENV_SANDBOX_TESTING)) { +- /* When testing, just use what the env says to */ ++ if (sandbox_log_env) { ++ /* If the env is viable, roll with it. We aren't really ++ * about people breaking the security of the sandbox by ++ * exporting SANDBOX_LOG=/dev/null. ++ */ + strncpy(path, sandbox_log_env, SB_PATH_MAX); + } else { +- /* THIS CHUNK BREAK THINGS BY DOING THIS: +- * SANDBOX_LOG=/tmp/sandbox-app-admin/superadduser-1.0.7-11063.log +- */ +- if ((NULL != sandbox_log_env) && +- (NULL != strchr(sandbox_log_env, '/'))) +- sandbox_log_env = NULL; +- + snprintf(path, SB_PATH_MAX, "%s%s%s%s%d%s", + SANDBOX_LOG_LOCATION, prefix, + (sandbox_log_env == NULL ? "" : sandbox_log_env), +-- +1.8.1.2 + diff --git a/sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch b/sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch new file mode 100755 index 0000000..0101ece --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-open-nofollow.patch @@ -0,0 +1,54 @@ +From 45fa8714a1d35e6555083d88a71851ada2aacac4 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Mon, 24 Dec 2012 18:46:29 -0500 +Subject: [PATCH] libsandbox: handle open(O_NOFOLLOW) + +We don't check for O_NOFOLLOW in the open wrappers, so we end up +returning the wrong error when operating on broken symlinks. + +URL: https://bugs.gentoo.org/413441 +Reported-by: Marien Zwart <marienz@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsandbox/wrapper-funcs/__64_post.h | 1 + + libsandbox/wrapper-funcs/__64_pre.h | 1 + + libsandbox/wrapper-funcs/openat_pre_check.c | 2 +- + tests/open-2.sh | 10 ++++++++++ + tests/open.at | 1 + + 5 files changed, 14 insertions(+), 1 deletion(-) + create mode 100755 tests/open-2.sh + +diff --git a/libsandbox/wrapper-funcs/__64_post.h b/libsandbox/wrapper-funcs/__64_post.h +index 2fd2182..82d2a16 100644 +--- a/libsandbox/wrapper-funcs/__64_post.h ++++ b/libsandbox/wrapper-funcs/__64_post.h +@@ -1,3 +1,4 @@ + #undef SB64 + #undef stat ++#undef lstat + #undef off_t +diff --git a/libsandbox/wrapper-funcs/__64_pre.h b/libsandbox/wrapper-funcs/__64_pre.h +index 2132110..0b34b25 100644 +--- a/libsandbox/wrapper-funcs/__64_pre.h ++++ b/libsandbox/wrapper-funcs/__64_pre.h +@@ -1,3 +1,4 @@ + #define SB64 + #define stat stat64 ++#define lstat lstat64 + #define off_t off64_t +diff --git a/libsandbox/wrapper-funcs/openat_pre_check.c b/libsandbox/wrapper-funcs/openat_pre_check.c +index c827ee6..0127708 100644 +--- a/libsandbox/wrapper-funcs/openat_pre_check.c ++++ b/libsandbox/wrapper-funcs/openat_pre_check.c +@@ -29,7 +29,7 @@ bool sb_openat_pre_check(const char *func, const char *pathname, int dirfd, int + + /* Doesn't exist -> skip permission checks */ + struct stat st; +- if (-1 == stat(pathname, &st)) { ++ if (((flags & O_NOFOLLOW) ? lstat(pathname, &st) : stat(pathname, &st)) == -1) { + sb_debug_dyn("EARLY FAIL: %s(%s): %s\n", + func, pathname, strerror(errno)); + return false; +-- +1.8.1.2 + diff --git a/sys-apps/sandbox/files/sandbox-2.6-prefix.patch b/sys-apps/sandbox/files/sandbox-2.6-prefix.patch new file mode 100644 index 0000000..d3861c0 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-prefix.patch @@ -0,0 +1,70 @@ +Index: sandbox-2.6/data/sandbox.bashrc +=================================================================== +--- sandbox-2.6.orig/data/sandbox.bashrc ++++ sandbox-2.6/data/sandbox.bashrc +@@ -10,7 +10,7 @@ fi + export BASH_ENV="${SANDBOX_BASHRC}" + + alias make="make LD_PRELOAD=${LD_PRELOAD}" +-alias su="su -c '/bin/bash -rcfile ${SANDBOX_BASHRC}'" ++alias su="su -c '@GENTOO_PORTAGE_EPREFIX@/bin/bash -rcfile ${SANDBOX_BASHRC}'" + + declare -r SANDBOX_ACTIVE + +@@ -29,7 +29,7 @@ if [[ ${SANDBOX_INTRACTV} == "1" && -t 1 + ( + [[ ${NOCOLOR} == "true" || ${NOCOLOR} == "yes" || ${NOCOLOR} == "1" ]] && \ + export RC_NOCOLOR="yes" +- source /etc/init.d/functions.sh ++ source @GENTOO_PORTAGE_EPREFIX@/etc/init.d/functions.sh + if [ $? -ne 0 ] ; then + einfo() { echo " INFO: $*"; } + ewarn() { echo " WARN: $*"; } +@@ -55,7 +55,7 @@ if [[ ${SANDBOX_INTRACTV} == "1" && -t 1 + #sbs_pdir=$(portageq envvar PORTAGE_TMPDIR)/portage/ #portageq takes too long imo + if [[ -z ${PORTAGE_TMPDIR} ]] ; then + sbs_pdir=$( +- for f in /etc/{,portage/}make.globals /etc/{,portage/}make.conf ; do ++ for f in @GENTOO_PORTAGE_EPREFIX@/etc/{,portage/}make.globals @GENTOO_PORTAGE_EPREFIX@/etc/{,portage/}make.conf ; do + [[ -e ${f} ]] && source ${f} + done + echo $PORTAGE_TMPDIR +@@ -63,7 +63,7 @@ if [[ ${SANDBOX_INTRACTV} == "1" && -t 1 + else + sbs_pdir=${PORTAGE_TMPDIR} + fi +- : ${sbs_pdir:=/var/tmp} ++ : ${sbs_pdir:=@GENTOO_PORTAGE_EPREFIX@/var/tmp} + sbs_pdir=${sbs_pdir}/portage/ + + if [[ ${PWD:0:${#sbs_pdir}} == "${sbs_pdir}" ]] ; then +Index: sandbox-2.6/src/sandbox.c +=================================================================== +--- sandbox-2.6.orig/src/sandbox.c ++++ sandbox-2.6/src/sandbox.c +@@ -269,7 +269,7 @@ int main(int argc, char **argv) + goto oom_error; + + /* Setup bash argv */ +- str_list_add_item_copy(argv_bash, "/bin/bash", oom_error); ++ str_list_add_item_copy(argv_bash, "@GENTOO_PORTAGE_EPREFIX@/bin/bash", oom_error); + str_list_add_item_copy(argv_bash, "-rcfile", oom_error); + str_list_add_item_copy(argv_bash, sandbox_info.sandbox_rc, oom_error); + if (argc >= 2) { +Index: sandbox-2.6/libsbutil/sbutil.h +=================================================================== +--- sandbox-2.6.orig/libsbutil/sbutil.h ++++ sandbox-2.6/libsbutil/sbutil.h +@@ -22,9 +22,9 @@ + #define LD_PRELOAD_EQ "LD_PRELOAD=" + #define LIB_NAME "libsandbox.so" + #define BASHRC_NAME "sandbox.bashrc" +-#define TMPDIR "/tmp" +-#define PORTAGE_TMPDIR "/var/tmp/portage" +-#define SANDBOX_LOG_LOCATION "/var/log/sandbox" ++#define TMPDIR "@GENTOO_PORTAGE_EPREFIX@/tmp" ++#define PORTAGE_TMPDIR "@GENTOO_PORTAGE_EPREFIX@/var/tmp/portage" ++#define SANDBOX_LOG_LOCATION "@GENTOO_PORTAGE_EPREFIX@/var/log/sandbox" + #define LOG_FILE_PREFIX "/sandbox-" + #define DEBUG_LOG_FILE_PREFIX "/sandbox-debug-" + #define LOG_FILE_EXT ".log" diff --git a/sys-apps/sandbox/files/sandbox-2.6-static-close-fd.patch b/sys-apps/sandbox/files/sandbox-2.6-static-close-fd.patch new file mode 100755 index 0000000..7fc0972 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-static-close-fd.patch @@ -0,0 +1,93 @@ +From a3ff1534945c3898332b2481c9fd355dfbd56e1f Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Sat, 23 Jun 2012 11:52:51 -0700 +Subject: [PATCH] libsandbox: clean up open file handles in parent tracing + process + +Currently, if a non-static app sets up a pipe (with cloexec enabled) and +executes a static app, the handle to that pipe is left open in the parent +process. This causes trouble when the parent is waiting for that to be +closed immediately. + +Since none of the fds in the forked parent process matter to us, we can +just go ahead and clean up all fds before we start tracing the child. + +URL: http://bugs.gentoo.org/364877 +Reported-by: Victor Stinner <victor.stinner@haypocalc.com> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsandbox/trace.c | 3 +- + libsbutil/sb_close.c | 26 +++++++++++- + libsbutil/sbutil.h | 1 + + tests/Makefile.am | 2 + + tests/pipe-fork_static_tst.c | 18 +++++++++ + tests/pipe-fork_tst.c | 95 ++++++++++++++++++++++++++++++++++++++++++++ + tests/script-9.sh | 5 +++ + tests/script.at | 1 + + 8 files changed, 149 insertions(+), 2 deletions(-) + create mode 100644 tests/pipe-fork_static_tst.c + create mode 100644 tests/pipe-fork_tst.c + create mode 100755 tests/script-9.sh + +diff --git a/libsandbox/trace.c b/libsandbox/trace.c +index 32ad2d6..dfbab18 100644 +--- a/libsandbox/trace.c ++++ b/libsandbox/trace.c +@@ -504,8 +504,9 @@ void trace_main(const char *filename, char *const argv[]) + /* Not all kernel versions support this, so ignore return */ + ptrace(PTRACE_SETOPTIONS, trace_pid, NULL, (void *)PTRACE_O_TRACESYSGOOD); + #endif ++ sb_close_all_fds(); + trace_loop(); +- return; ++ sb_ebort("ISE: child should have quit, as should we\n"); + } + + sb_debug("child setting up ..."); +diff --git a/libsbutil/sb_close.c b/libsbutil/sb_close.c +index 17a4560..5379197 100644 +--- a/libsbutil/sb_close.c ++++ b/libsbutil/sb_close.c +@@ -29,3 +29,27 @@ int sb_close(int fd) + + return res; + } ++ ++/* Quickly close all the open fds (good for daemonization) */ ++void sb_close_all_fds(void) ++{ ++ DIR *dirp; ++ struct dirent *de; ++ int dfd, fd; ++ const char *fd_dir = sb_get_fd_dir(); ++ ++ dirp = opendir(fd_dir); ++ if (!dirp) ++ sb_ebort("could not process %s\n", fd_dir); ++ dfd = dirfd(dirp); ++ ++ while ((de = readdir(dirp)) != NULL) { ++ if (de->d_name[0] == '.') ++ continue; ++ fd = atoi(de->d_name); ++ if (fd != dfd) ++ close(fd); ++ } ++ ++ closedir(dirp); ++} +diff --git a/libsbutil/sbutil.h b/libsbutil/sbutil.h +index 02b88cb..479734b 100644 +--- a/libsbutil/sbutil.h ++++ b/libsbutil/sbutil.h +@@ -97,6 +97,7 @@ int sb_open(const char *path, int flags, mode_t mode); + size_t sb_read(int fd, void *buf, size_t count); + size_t sb_write(int fd, const void *buf, size_t count); + int sb_close(int fd); ++void sb_close_all_fds(void); + int sb_copy_file_to_fd(const char *file, int ofd); + + /* Reliable output */ +-- +1.8.1.2 + diff --git a/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch b/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch new file mode 100644 index 0000000..7e73822 --- /dev/null +++ b/sys-apps/sandbox/files/sandbox-2.6-trace-hppa.patch @@ -0,0 +1,27 @@ +From 7b01f6103a9baddaf0252e7f850a4cef91a48b67 Mon Sep 17 00:00:00 2001 +From: Mike Frysinger <vapier@gentoo.org> +Date: Fri, 6 Jul 2012 14:58:16 -0400 +Subject: [PATCH] libsandbox: fix hppa trace code + +URL: https://bugs.gentoo.org/425062 +Reported-by: Jeroen Roovers <jer@gentoo.org> +Signed-off-by: Mike Frysinger <vapier@gentoo.org> +--- + libsandbox/trace/linux/hppa.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsandbox/trace/linux/hppa.c b/libsandbox/trace/linux/hppa.c +index d23b0d1..5414354 100644 +--- a/libsandbox/trace/linux/hppa.c ++++ b/libsandbox/trace/linux/hppa.c +@@ -1,5 +1,5 @@ +-#define trace_reg_sysnum (20 * 4) /* PT_GR20 */ +-#define trace_reg_ret (28 * 4) /* PT_GR28 */ ++#define trace_reg_sysnum gr[20] ++#define trace_reg_ret gr[28] + + static unsigned long trace_arg(void *vregs, int num) + { +-- +1.7.9.7 + diff --git a/sys-apps/sandbox/metadata.xml b/sys-apps/sandbox/metadata.xml new file mode 100644 index 0000000..9e13eae --- /dev/null +++ b/sys-apps/sandbox/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + +<!-- portage lacks a herd. correct this when we have one. --> + +<maintainer> + <email>sandbox@gentoo.org</email> + <description>Sandbox Maintainers</description> +</maintainer> +</pkgmetadata> diff --git a/sys-apps/sandbox/sandbox-1.6-r2.ebuild b/sys-apps/sandbox/sandbox-1.6-r2.ebuild new file mode 100644 index 0000000..0ab72fc --- /dev/null +++ b/sys-apps/sandbox/sandbox-1.6-r2.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-1.6-r2.ebuild,v 1.17 2012/03/30 15:58:53 aballier Exp $ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.lzma + http://dev.gentoo.org/~vapier/dist/${P}.tar.lzma" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux" +IUSE="" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +src_unpack() { + unpacker_src_unpack + cd "${S}" + epatch "${FILESDIR}"/${P}-disable-qa-static.patch + epatch "${FILESDIR}"/${P}-disable-pthread.patch + epatch "${FILESDIR}"/0001-libsandbox-handle-more-at-functions.patch +} + +src_compile() { + filter-lfs-flags #90228 + + local OABI=${ABI} + for ABI in $(get_install_abis) ; do + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} || die + einfo "Building sandbox for ABI=${ABI}..." + emake || die + done + ABI=${OABI} +} + +src_test() { + local OABI=${ABI} + for ABI in $(get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Checking sandbox for ABI=${ABI}..." + emake check || die "make check failed for ${ABI}" + done + ABI=${OABI} +} + +src_install() { + local OABI=${ABI} + for ABI in $(get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Installing sandbox for ABI=${ABI}..." + emake DESTDIR="${D}" install || die "make install failed for ${ABI}" + done + ABI=${OABI} + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + use prefix || fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + use prefix || chown root:portage "${ED}"/var/log/sandbox + chmod 0770 "${ED}"/var/log/sandbox + + local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${EROOT}} + find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${EROOT}"/etc/sandbox.d #265376 +} diff --git a/sys-apps/sandbox/sandbox-2.3-r1.ebuild b/sys-apps/sandbox/sandbox-2.3-r1.ebuild new file mode 100755 index 0000000..ede162c --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.3-r1.ebuild @@ -0,0 +1,103 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.3-r1.ebuild,v 1.10 2012/02/05 04:50:08 vapier Exp $ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.xz + http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +src_compile() { + filter-lfs-flags #90228 + + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} || die + einfo "Building sandbox for ABI=${ABI}..." + emake || die + done + ABI=${OABI} +} + +src_test() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Checking sandbox for ABI=${ABI}..." + emake check || die "make check failed for ${ABI}" + done + ABI=${OABI} +} + +src_install() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Installing sandbox for ABI=${ABI}..." + emake DESTDIR="${D}" install || die "make install failed for ${ABI}" + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default || die + done + ABI=${OABI} + + doenvd "${FILESDIR}"/09sandbox + + # fix 00default install #333131 + rm "${D}"/etc/sandbox.d/*.in || die + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + chown root:portage "${D}"/var/log/sandbox + chmod 0770 "${D}"/var/log/sandbox + + local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${ROOT}} + find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${ROOT}"/etc/sandbox.d #265376 +} diff --git a/sys-apps/sandbox/sandbox-2.4.ebuild b/sys-apps/sandbox/sandbox-2.4.ebuild new file mode 100755 index 0000000..b008ab3 --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.4.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.4.ebuild,v 1.11 2012/02/05 04:50:08 vapier Exp $ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.xz + http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +src_compile() { + filter-lfs-flags #90228 + + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} || die + einfo "Building sandbox for ABI=${ABI}..." + emake || die + done + ABI=${OABI} +} + +src_test() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Checking sandbox for ABI=${ABI}..." + emake check || die "make check failed for ${ABI}" + done + ABI=${OABI} +} + +src_install() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Installing sandbox for ABI=${ABI}..." + emake DESTDIR="${D}" install || die "make install failed for ${ABI}" + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default || die + done + ABI=${OABI} + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + chown root:portage "${D}"/var/log/sandbox + chmod 0770 "${D}"/var/log/sandbox + + local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${ROOT}} + find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${ROOT}"/etc/sandbox.d #265376 +} diff --git a/sys-apps/sandbox/sandbox-2.5.ebuild b/sys-apps/sandbox/sandbox-2.5.ebuild new file mode 100644 index 0000000..cad9a5d --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.5.ebuild @@ -0,0 +1,126 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.5.ebuild,v 1.10 2012/06/24 05:35:02 vapier Exp $ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing prefix + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.xz + http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +src_unpack() { + unpacker_src_unpack + cd "${S}" + epatch "${FILESDIR}"/${PN}-2.2-prefix.patch +} + +sb_foreach_abi() { + # enable usage of absolute libpath in prefix + use prefix && append-flags -DGENTOO_PREFIX + + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Running $1 for ABI=${ABI}..." + "$@" + done + ABI=${OABI} +} + +sb_configure() { + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} || die +} + +sb_compile() { + emake || die +} + +src_compile() { + filter-lfs-flags #90228 + + # Run configures in parallel! + multijob_init + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + multijob_child_init sb_configure + done + ABI=${OABI} + multijob_finish + + sb_foreach_abi sb_compile +} + +sb_test() { + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die +} + +src_test() { + sb_foreach_abi sb_test +} + +sb_install() { + emake DESTDIR="${D}" install || die + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default || die +} + +src_install() { + sb_foreach_abi sb_install + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + use prefix || fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + use prefix || chown root:portage "${ED}"/var/log/sandbox + chmod 0770 "${ED}"/var/log/sandbox + + local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${EROOT}} + find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${EROOT}"/etc/sandbox.d #265376 +} diff --git a/sys-apps/sandbox/sandbox-2.6-r1.ebuild b/sys-apps/sandbox/sandbox-2.6-r1.ebuild new file mode 100755 index 0000000..b61254b --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.6-r1.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.6-r1.ebuild,v 1.13 2013/09/05 09:54:16 vapier Exp $ + +EAPI=5 +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing prefix + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.xz + http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd -x86-fbsd" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +sb_foreach_abi() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Running $1 for ABI=${ABI}..." + "$@" + done + ABI=${OABI} +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-trace-hppa.patch #425062 + epatch "${FILESDIR}"/${P}-log-var.patch + epatch "${FILESDIR}"/${P}-static-close-fd.patch #364877 + epatch "${FILESDIR}"/${P}-desktop.patch #443672 + epatch "${FILESDIR}"/${P}-open-nofollow.patch #413441 + epatch "${FILESDIR}"/${P}-check-empty-paths-at.patch #346929 + epatch "${FILESDIR}"/${P}-prefix.patch + eprefixify data/sandbox.bashrc src/sandbox.c libsbutil/sbutil.h + epatch_user +} + +sb_configure() { + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} +} + +src_configure() { + filter-lfs-flags #90228 + + # Run configures in parallel! + multijob_init + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + multijob_child_init sb_configure + done + ABI=${OABI} + multijob_finish +} + +sb_compile() { + emake +} + +src_compile() { + sb_foreach_abi sb_compile +} + +sb_test() { + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" +} + +src_test() { + sb_foreach_abi sb_test +} + +sb_install() { + emake DESTDIR="${D}" install + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default +} + +src_install() { + sb_foreach_abi sb_install + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${ROOT}} + find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${EROOT}"/etc/sandbox.d #265376 +} diff --git a/sys-apps/sandbox/sandbox-2.6.ebuild b/sys-apps/sandbox/sandbox-2.6.ebuild new file mode 100644 index 0000000..7fa9050 --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.6.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.6.ebuild,v 1.2 2012/07/06 19:53:10 vapier Exp $ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing prefix + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.xz + http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +src_unpack() { + unpacker_src_unpack + cd "${S}" + epatch "${FILESDIR}"/${PN}-2.2-prefix.patch +} + +sb_foreach_abi() { + # enable usage of absolute libpath in prefix + use prefix && append-flags -DGENTOO_PREFIX + + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Running $1 for ABI=${ABI}..." + "$@" + done + ABI=${OABI} +} + +src_unpack() { + unpacker + cd "${S}" + epatch "${FILESDIR}"/${P}-trace-hppa.patch #425062 +} + +sb_configure() { + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} || die +} + +sb_compile() { + emake || die +} + +src_compile() { + filter-lfs-flags #90228 + + # Run configures in parallel! + multijob_init + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + multijob_child_init sb_configure + done + ABI=${OABI} + multijob_finish + + sb_foreach_abi sb_compile +} + +sb_test() { + emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die +} + +src_test() { + sb_foreach_abi sb_test +} + +sb_install() { + emake DESTDIR="${D}" install || die + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default || die +} + +src_install() { + sb_foreach_abi sb_install + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + use prefix || fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + use prefix || chown root:portage "${ED}"/var/log/sandbox + chmod 0770 "${ED}"/var/log/sandbox + + local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${EROOT}} + find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${EROOT}"/etc/sandbox.d #265376 +} |