diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2010-11-24 07:46:17 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2010-11-24 07:46:17 +0000 |
| commit | b1123d1fa04000204df8df9a9c964e53967935e9 (patch) | |
| tree | a6638553a1c879f1c95959d12eb3d9ca5050511d /sys-apps/sandbox | |
| parent | Version bump. (diff) | |
| download | gentoo-2-b1123d1fa04000204df8df9a9c964e53967935e9.tar.gz gentoo-2-b1123d1fa04000204df8df9a9c964e53967935e9.tar.bz2 gentoo-2-b1123d1fa04000204df8df9a9c964e53967935e9.zip | |
Fix hardened issues #339157 and flesh out *at func handling some more #342983.
(Portage version: 2.2.0_alpha4/cvs/Linux x86_64)
Diffstat (limited to 'sys-apps/sandbox')
| -rw-r--r-- | sys-apps/sandbox/ChangeLog | 8 | ||||
| -rw-r--r-- | sys-apps/sandbox/sandbox-2.4.ebuild | 108 |
2 files changed, 115 insertions, 1 deletions
diff --git a/sys-apps/sandbox/ChangeLog b/sys-apps/sandbox/ChangeLog index 7daa7b6d9f1d..6191ef9f379d 100644 --- a/sys-apps/sandbox/ChangeLog +++ b/sys-apps/sandbox/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-apps/sandbox # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/ChangeLog,v 1.142 2010/11/23 02:57:21 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/ChangeLog,v 1.143 2010/11/24 07:46:17 vapier Exp $ + +*sandbox-2.4 (24 Nov 2010) + + 24 Nov 2010; Mike Frysinger <vapier@gentoo.org> +sandbox-2.4.ebuild: + Fix hardened issues #339157 and flesh out *at func handling some more + #342983. 23 Nov 2010; Mike Frysinger <vapier@gentoo.org> sandbox-2.3-r1.ebuild: Add back ~sparc since it has its ptrace disabled. diff --git a/sys-apps/sandbox/sandbox-2.4.ebuild b/sys-apps/sandbox/sandbox-2.4.ebuild new file mode 100644 index 000000000000..8e8600919ada --- /dev/null +++ b/sys-apps/sandbox/sandbox-2.4.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-2.4.ebuild,v 1.1 2010/11/24 07:46:17 vapier Exp $ + +# +# don't monkey with this ebuild unless contacting portage devs. +# period. +# + +inherit eutils flag-o-matic toolchain-funcs multilib + +DESCRIPTION="sandbox'd LD_PRELOAD hack" +HOMEPAGE="http://www.gentoo.org/" +SRC_URI="mirror://gentoo/${P}.tar.xz + http://dev.gentoo.org/~vapier/dist/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd -x86-fbsd" +IUSE="multilib" + +DEPEND="app-arch/xz-utils + >=app-misc/pax-utils-0.1.19" #265376 +RDEPEND="" + +EMULTILIB_PKG="true" +has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" + +sandbox_death_notice() { + ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" + ewarn "FEATURES=-sandbox emerge sandbox" +} + +sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } + +src_unpack() { + unpack ${A} + if [[ ! -d ${S} ]] ; then + # When upgrading from older version, xz unpack may not work #271543 + xz -dc "${DISTDIR}/${A}" | tar xf - || die + fi +} + +src_compile() { + filter-lfs-flags #90228 + + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + mkdir "${WORKDIR}/build-${ABI}" + cd "${WORKDIR}/build-${ABI}" + + use multilib && multilib_toolchain_setup ${ABI} + + einfo "Configuring sandbox for ABI=${ABI}..." + ECONF_SOURCE="../${P}/" \ + econf ${myconf} || die + einfo "Building sandbox for ABI=${ABI}..." + emake || die + done + ABI=${OABI} +} + +src_test() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Checking sandbox for ABI=${ABI}..." + emake check || die "make check failed for ${ABI}" + done + ABI=${OABI} +} + +src_install() { + local OABI=${ABI} + for ABI in $(sb_get_install_abis) ; do + cd "${WORKDIR}/build-${ABI}" + einfo "Installing sandbox for ABI=${ABI}..." + emake DESTDIR="${D}" install || die "make install failed for ${ABI}" + insinto /etc/sandbox.d #333131 + doins etc/sandbox.d/00default || die + done + ABI=${OABI} + + doenvd "${FILESDIR}"/09sandbox + + keepdir /var/log/sandbox + fowners root:portage /var/log/sandbox + fperms 0770 /var/log/sandbox + + cd "${S}" + dodoc AUTHORS ChangeLog* NEWS README +} + +pkg_preinst() { + chown root:portage "${D}"/var/log/sandbox + chmod 0770 "${D}"/var/log/sandbox + + local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*') + if [[ -n ${old} ]] ; then + elog "Removing old sandbox libraries for you:" + elog ${old//${ROOT}} + find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; + fi +} + +pkg_postinst() { + chmod 0755 "${ROOT}"/etc/sandbox.d #265376 +} |