Allow open() on non-existent files to fail in the normal way without violation. Fixes bug #135745.

Package-Manager: portage-2.1.3.14

5 files changed, 246 insertions, 5 deletions

diff --git a/sys-apps/sandbox/ChangeLog b/sys-apps/sandbox/ChangeLog
index 8f07f32713dd..22c3b23d5707 100644
--- a/sys-apps/sandbox/ChangeLog
+++ b/sys-apps/sandbox/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-apps/sandbox
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/ChangeLog,v 1.76 2007/10/15 14:53:56 corsair Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/ChangeLog,v 1.77 2007/10/17 15:55:16 dsd Exp $
+
+*sandbox-1.2.18.1-r1 (17 Oct 2007)
+
+  17 Oct 2007; Daniel Drake <dsd@gentoo.org>
+  +files/sandbox-1.2.18.1-open-normal-fail.patch,
+  +sandbox-1.2.18.1-r1.ebuild:
+  Allow open() on non-existent files to fail in the normal way without
+  violation. Fixes bug #135745.
 
   15 Oct 2007; Markus Rothe <corsair@gentoo.org> sandbox-1.2.18.1.ebuild:
   Stable on ppc64
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
index 88d1aa3eea12..7c44cfc3e637 100644
--- a/sys-apps/sandbox/Manifest
+++ b/sys-apps/sandbox/Manifest
@@ -2,6 +2,10 @@ AUX 09sandbox 37 RMD160 75e8b6114feb9c3186fe983e9cf7544b67519d37 SHA1 d1d52cd307
 MD5 1e4d8cd352642245a1af233d6b9b4e2f files/09sandbox 37
 RMD160 75e8b6114feb9c3186fe983e9cf7544b67519d37 files/09sandbox 37
 SHA256 73e9e9d12ba54f1c649813ec86107924050528852c890a8ba1e2853796781bbe files/09sandbox 37
+AUX sandbox-1.2.18.1-open-normal-fail.patch 3144 RMD160 8a4653312e5f22fcf6e08204536c911d492be28f SHA1 fe1cc6ad1e113109a957391a954bd89742051450 SHA256 9c3b6c4c5595b95f6a00fa9e94f72bbcb41cd5ba689a8a29ebf61c6024e73449
+MD5 a48cef118a8c24ef1bcceaba2d51dff7 files/sandbox-1.2.18.1-open-normal-fail.patch 3144
+RMD160 8a4653312e5f22fcf6e08204536c911d492be28f files/sandbox-1.2.18.1-open-normal-fail.patch 3144
+SHA256 9c3b6c4c5595b95f6a00fa9e94f72bbcb41cd5ba689a8a29ebf61c6024e73449 files/sandbox-1.2.18.1-open-normal-fail.patch 3144
 DIST sandbox-1.2.12.tar.bz2 222632 RMD160 aced23dace2aa126eff4e4696b4af729a4bf43d4 SHA1 16c04c8d40a759fe356a004b28532da01e45348f SHA256 000ffe824ae563a60df2ffeb17ff5855bb58ffdd762d809148a1eab456ce5c69
 DIST sandbox-1.2.16.tar.bz2 232260 RMD160 7f6a8b8e6eacebae69affc325ceceb5c0ca6e1c8 SHA1 3690c61dd53f8f9197a835324efaf87b57901dbd SHA256 301edf523cff0acc040cd2e7bd2ebcf9ef32776bb6634179e8c1193f0fe15862
 DIST sandbox-1.2.17.tar.bz2 233461 RMD160 ba050d0c972796b2096e2c623264b979fce134dd SHA1 81980a91e09963b239ec18948eae57dcca4d0492 SHA256 1ed993eb4e34e75ac70a02df27056464b2b696c1d0fcf24a8d034923c79b3de8
@@ -22,6 +26,10 @@ EBUILD sandbox-1.2.17.ebuild 3020 RMD160 6405e0d4dbe11f9d3763ce429093c296a62a3d8
 MD5 efd6a01cc7008263eee9bfeb25489b44 sandbox-1.2.17.ebuild 3020
 RMD160 6405e0d4dbe11f9d3763ce429093c296a62a3d86 sandbox-1.2.17.ebuild 3020
 SHA256 74be0790363573ffd3474fda8a1fce06c0392e309ac504196c3ff226196eeb25 sandbox-1.2.17.ebuild 3020
+EBUILD sandbox-1.2.18.1-r1.ebuild 3007 RMD160 81c28f4cbb472fd2e373235b762196ee6efc6502 SHA1 9985f2d7bc4e8191f1e5277218817fa6172b20eb SHA256 978437ed290e771bdf7adb0c68ba9e058cc418667ac6d233c9cebf75c9dbea08
+MD5 5721d35dddb5b04fa6a989d22c1a9299 sandbox-1.2.18.1-r1.ebuild 3007
+RMD160 81c28f4cbb472fd2e373235b762196ee6efc6502 sandbox-1.2.18.1-r1.ebuild 3007
+SHA256 978437ed290e771bdf7adb0c68ba9e058cc418667ac6d233c9cebf75c9dbea08 sandbox-1.2.18.1-r1.ebuild 3007
 EBUILD sandbox-1.2.18.1.ebuild 2945 RMD160 9cb706febadfbabc777045d2407e69136607f02f SHA1 068c759e39db22fb25ad13e276caeda1783d09a4 SHA256 d0cbee404fca3aa5655427deb8d63ced658f0379fd81b8102f4cfceeff5b1af7
 MD5 29829d7ef94972dfc17144f3b6674e1d sandbox-1.2.18.1.ebuild 2945
 RMD160 9cb706febadfbabc777045d2407e69136607f02f sandbox-1.2.18.1.ebuild 2945
@@ -38,10 +46,10 @@ EBUILD sandbox-1.2.20_alpha2.ebuild 3311 RMD160 095366a13d7b84ef8e84c2f3a66685a3
 MD5 d1b9a715855c7e8172d2100f2083bf1c sandbox-1.2.20_alpha2.ebuild 3311
 RMD160 095366a13d7b84ef8e84c2f3a66685a336e92b2c sandbox-1.2.20_alpha2.ebuild 3311
 SHA256 594099cafb47cec4f2c825fce6106f356d0df1173ce7a22420bedcfab1996663 sandbox-1.2.20_alpha2.ebuild 3311
-MISC ChangeLog 10204 RMD160 831e9bbf92adc737ef227be07af10af98cd2fbb1 SHA1 9aafec41c9691fa4405dbd9a61a38c033f9fef51 SHA256 66c19ce3b9d2ee9d22ebf6d2079e634122f4c5f17287ef6a234fb884f611cdc2
-MD5 b73ff15bd90014c2fdf7fbc5628836e4 ChangeLog 10204
-RMD160 831e9bbf92adc737ef227be07af10af98cd2fbb1 ChangeLog 10204
-SHA256 66c19ce3b9d2ee9d22ebf6d2079e634122f4c5f17287ef6a234fb884f611cdc2 ChangeLog 10204
+MISC ChangeLog 10466 RMD160 32f514cde29898654e3f1f4e5581ae4e950d0a62 SHA1 6060ced4d69bf03cfb7fc4af2cc119df19be9d7c SHA256 2cef1e16cb4b17ef39ec4d94b44c814ba04916825c5f542307569b1aac58c185
+MD5 2b93b138c1fe0e3ede16411f5653a02f ChangeLog 10466
+RMD160 32f514cde29898654e3f1f4e5581ae4e950d0a62 ChangeLog 10466
+SHA256 2cef1e16cb4b17ef39ec4d94b44c814ba04916825c5f542307569b1aac58c185 ChangeLog 10466
 MISC metadata.xml 337 RMD160 c70000494a436cc0f8256d428f86d42b0fdf6017 SHA1 d81a50fa4047e6c0ecf1ab16e4fa6214895c5e9c SHA256 575b378bf8db5526847e6839a3351ec72769d75ed1c5b392559d57f6e6b4294f
 MD5 4a6b419321a7e1ee609c8af41905ff1b metadata.xml 337
 RMD160 c70000494a436cc0f8256d428f86d42b0fdf6017 metadata.xml 337
@@ -61,6 +69,9 @@ SHA256 6707c7c578ca80a4df0c073c7d7a12fd5a3cf85af072d96169e90941b29e69b4 files/di
 MD5 97542900fffd5ddceb03ac5cf7b9eb52 files/digest-sandbox-1.2.18.1 253
 RMD160 241481cf56ce1fb1f8cdbb07545f9055f0af9a65 files/digest-sandbox-1.2.18.1 253
 SHA256 0bab4b68b71b653265a17720073d927350749a95a482b8ae18a441efb8ee554d files/digest-sandbox-1.2.18.1 253
+MD5 97542900fffd5ddceb03ac5cf7b9eb52 files/digest-sandbox-1.2.18.1-r1 253
+RMD160 241481cf56ce1fb1f8cdbb07545f9055f0af9a65 files/digest-sandbox-1.2.18.1-r1 253
+SHA256 0bab4b68b71b653265a17720073d927350749a95a482b8ae18a441efb8ee554d files/digest-sandbox-1.2.18.1-r1 253
 MD5 7cc4a98b40559e1cae429de1f3bf221d files/digest-sandbox-1.2.20_alpha1-r2 560
 RMD160 800ef0043b9fe1e638a1c79d8ecf3db1df5d5185 files/digest-sandbox-1.2.20_alpha1-r2 560
 SHA256 7d453d052ed64233f6cdddd915e70c15ef022b13e4b42eaefe111fa1a76833ae files/digest-sandbox-1.2.20_alpha1-r2 560
diff --git a/sys-apps/sandbox/files/digest-sandbox-1.2.18.1-r1 b/sys-apps/sandbox/files/digest-sandbox-1.2.18.1-r1
new file mode 100644
index 000000000000..f894e17eaa8e
--- /dev/null
+++ b/sys-apps/sandbox/files/digest-sandbox-1.2.18.1-r1
@@ -0,0 +1,3 @@
+MD5 8637808ea8fa55fe10c57d335911e847 sandbox-1.2.18.1.tar.bz2 236755
+RMD160 62e1e33d7f64db14d9c34d103d50256934a6d253 sandbox-1.2.18.1.tar.bz2 236755
+SHA256 3404381bfdea3042e6ddb7c309eaef08201d8731d8e0a756c42cd389edda14c0 sandbox-1.2.18.1.tar.bz2 236755
diff --git a/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch
new file mode 100644
index 000000000000..49b57e41a17b
--- /dev/null
+++ b/sys-apps/sandbox/files/sandbox-1.2.18.1-open-normal-fail.patch
@@ -0,0 +1,99 @@
+Patch from Kevin F. Quinn at https://bugs.gentoo.org/show_bug.cgi?id=135745
+Already applied in sandbox svn
+
+Makes sandboxed open() calls return the normal error conditions if the
+file in question does not exist, without causing a sandbox violation.
+This allows programs to use open() to test for file existance, regardless
+of read-write flags. This is not revealing any further information about
+the backing system because this data was already available through stat().
+
+Index: src/libsandbox.c
+===================================================================
+--- src/libsandbox.c.orig
++++ src/libsandbox.c
+@@ -80,6 +80,9 @@
+ #define FUNCTION_SANDBOX_SAFE_ACCESS(_func, _path, _flags) \
+ 	((0 == is_sandbox_on()) || (1 == before_syscall_access(_func, _path, _flags)))
+ 
++#define FUNCTION_SANDBOX_FAIL_OPEN_INT(_func, _path, _flags) \
++	((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags)))
++
+ #define FUNCTION_SANDBOX_SAFE_OPEN_INT(_func, _path, _flags) \
+ 	((0 == is_sandbox_on()) || (1 == before_syscall_open_int(_func, _path, _flags)))
+ 
+@@ -388,6 +391,16 @@ static FILE * (*true_ ## _name) (const c
+ FILE *_name(const char *pathname, const char *mode) \
+ { \
+ 	FILE *result = NULL; \
++	int my_errno = errno; \
++	struct stat st; \
++\
++	if (mode!=NULL && mode[0]=='r') { \
++		/* If we're trying to read, fail normally if file does not stat */\
++		if (-1 == stat(pathname, &st)) { \
++			return NULL; \
++		} \
++	} \
++	errno = my_errno; \
+ \
+ 	if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen", pathname, mode) { \
+ 		check_dlsym(_name); \
+@@ -561,12 +574,20 @@ int _name(const char *pathname, int flag
+ 	va_list ap; \
+ 	int mode = 0; \
+ 	int result = -1; \
++	int my_errno = errno; \
++	struct stat st; \
+ \
+ 	if (flags & O_CREAT) { \
+ 		va_start(ap, flags); \
+ 		mode = va_arg(ap, int); \
+ 		va_end(ap); \
++	} else { \
++		/* If we're not trying to create, fail normally if file does not stat */\
++		if (-1 == stat(pathname, &st)) { \
++			return -1; \
++		} \
+ 	} \
++	errno = my_errno; \
+ \
+ 	if FUNCTION_SANDBOX_SAFE_OPEN_INT("open", pathname, flags) { \
+ 		check_dlsym(_name); \
+@@ -726,6 +747,16 @@ static FILE * (*true_ ## _name) (const c
+ FILE *_name(const char *pathname, const char *mode) \
+ { \
+ 	FILE *result = NULL; \
++	int my_errno = errno; \
++	struct stat64 st; \
++\
++	if (mode!=NULL && mode[0]=='r') { \
++		/* If we're trying to read, fail normally if file does not stat */\
++		if (-1 == stat64(pathname, &st)) { \
++			return NULL; \
++		} \
++	} \
++	errno = my_errno; \
+ \
+ 	if FUNCTION_SANDBOX_SAFE_OPEN_CHAR("fopen64", pathname, mode) { \
+ 		check_dlsym(_name); \
+@@ -746,12 +777,20 @@ int _name(const char *pathname, int flag
+ 	va_list ap; \
+ 	int mode = 0; \
+ 	int result = -1; \
++	int my_errno = errno; \
++	struct stat64 st; \
+ \
+ 	if (flags & O_CREAT) { \
+ 		va_start(ap, flags); \
+ 		mode = va_arg(ap, int); \
+ 		va_end(ap); \
++	} else { \
++		/* If we're not trying to create, fail normally if file does not stat */\
++		if (-1 == stat64(pathname, &st)) { \
++			return -1; \
++		} \
+ 	} \
++	errno = my_errno; \
+ \
+ 	if FUNCTION_SANDBOX_SAFE_OPEN_INT("open64", pathname, flags) { \
+ 		check_dlsym(_name); \
diff --git a/sys-apps/sandbox/sandbox-1.2.18.1-r1.ebuild b/sys-apps/sandbox/sandbox-1.2.18.1-r1.ebuild
new file mode 100644
index 000000000000..857c123f9c08
--- /dev/null
+++ b/sys-apps/sandbox/sandbox-1.2.18.1-r1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sandbox/sandbox-1.2.18.1-r1.ebuild,v 1.1 2007/10/17 15:55:16 dsd Exp $
+
+#
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+inherit eutils flag-o-matic eutils toolchain-funcs multilib
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="http://www.gentoo.org/"
+SRC_URI="mirror://gentoo/${P}.tar.bz2
+	http://dev.gentoo.org/~azarah/sandbox/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE=""
+
+DEPEND=""
+
+EMULTILIB_PKG="true"
+
+setup_multilib() {
+	if use amd64 && has_m32 && [[ ${CONF_MULTILIBDIR} == "lib32" ]]; then
+		export DEFAULT_ABI="amd64"
+		export MULTILIB_ABIS="x86 amd64"
+		export CFLAGS_amd64=${CFLAGS_amd64:-"-m64"}
+		export CFLAGS_x86=${CFLAGS_x86-"-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"}
+		export CHOST_amd64="x86_64-pc-linux-gnu"
+		export CHOST_x86="i686-pc-linux-gnu"
+		export LIBDIR_amd64=${LIBDIR_amd64-${CONF_LIBDIR}}
+		export LIBDIR_x86=${LIBDIR_x86-${CONF_MULTILIBDIR}}
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-open-normal-fail.patch
+}
+
+abi_fail_check() {
+	local ABI=$1
+	if [[ ${ABI} == "x86" ]] ; then
+		echo
+		eerror "Building failed for ABI=x86!.  This usually means a broken"
+		eerror "multilib setup.  Please fix that before filling a bugreport"
+		eerror "against sandbox."
+		echo
+	fi
+}
+
+src_compile() {
+	local myconf
+	local iscross=0
+
+	setup_multilib
+
+	filter-lfs-flags #90228
+
+	has_multilib_profile && myconf="--enable-multilib"
+
+	ewarn "If configure fails with a 'cannot run C compiled programs' error, try this:"
+	ewarn "FEATURES=-sandbox emerge sandbox"
+
+	[[ -n ${CBUILD} && ${CBUILD} != ${CHOST} ]] && iscross=1
+
+	OABI=${ABI}
+	OCHOST=${CHOST}
+	for ABI in $(get_install_abis); do
+		mkdir "${WORKDIR}/build-${ABI}-${OCHOST}"
+		cd "${WORKDIR}/build-${ABI}-${OCHOST}"
+
+		# Needed for older broken portage versions (bug #109036)
+		has_version '<sys-apps/portage-2.0.51.22' && \
+			unset EXTRA_ECONF
+
+		export ABI
+		export CHOST=$(get_abi_CHOST)
+		[[ ${iscross} == 0 ]] && export CBUILD=${CHOST}
+
+		einfo "Configuring sandbox for ABI=${ABI}..."
+		ECONF_SOURCE="../${P}/" \
+		econf --libdir="/usr/$(get_libdir)" ${myconf}
+		einfo "Building sandbox for ABI=${ABI}..."
+		emake || {
+			abi_fail_check "${ABI}"
+			die "emake failed for ${ABI}"
+		}
+	done
+	ABI=${OABI}
+	CHOST=${OCHOST}
+}
+
+src_install() {
+	setup_multilib
+
+	OABI=${ABI}
+	for ABI in $(get_install_abis); do
+		cd "${WORKDIR}/build-${ABI}-${CHOST}"
+		einfo "Installing sandbox for ABI=${ABI}..."
+		make DESTDIR="${D}" install || die "make install failed for ${ABI}"
+	done
+	ABI=${OABI}
+
+	keepdir /var/log/sandbox
+	fowners root:portage /var/log/sandbox
+	fperms 0770 /var/log/sandbox
+
+	cd ${S}
+	dodoc AUTHORS ChangeLog NEWS README
+}
+
+pkg_preinst() {
+	chown root:portage ${D}/var/log/sandbox
+	chmod 0770 ${D}/var/log/sandbox
+}