From e3872864be25f7421015bef2732fa57c0c9fb726 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 4 Aug 2018 08:53:53 +0100 Subject: gentoo resync : 04.08.2018 --- sys-apps/proot/Manifest | 17 +- .../proot/files/proot-2.3.1-lib-paths-fix.patch | 4 +- sys-apps/proot/files/proot-3.2.1-makefile.patch | 11 - sys-apps/proot/files/proot-3.2.2-build-care.patch | 20 -- sys-apps/proot/files/proot-4.0.1-argv.patch | 125 ---------- sys-apps/proot/files/proot-5.1.0-loader.patch | 272 +++++++++++++++++++++ sys-apps/proot/files/proot-5.1.0-makefile.patch | 22 ++ sys-apps/proot/proot-3.2.2-r1.ebuild | 72 ------ sys-apps/proot/proot-4.0.1.ebuild | 67 ----- sys-apps/proot/proot-4.0.3.ebuild | 68 ------ sys-apps/proot/proot-5.0.0.ebuild | 68 ------ sys-apps/proot/proot-5.1.0-r1.ebuild | 73 ++++++ sys-apps/proot/proot-5.1.0.ebuild | 68 ------ 13 files changed, 373 insertions(+), 514 deletions(-) delete mode 100644 sys-apps/proot/files/proot-3.2.1-makefile.patch delete mode 100644 sys-apps/proot/files/proot-3.2.2-build-care.patch delete mode 100644 sys-apps/proot/files/proot-4.0.1-argv.patch create mode 100644 sys-apps/proot/files/proot-5.1.0-loader.patch create mode 100644 sys-apps/proot/files/proot-5.1.0-makefile.patch delete mode 100644 sys-apps/proot/proot-3.2.2-r1.ebuild delete mode 100644 sys-apps/proot/proot-4.0.1.ebuild delete mode 100644 sys-apps/proot/proot-4.0.3.ebuild delete mode 100644 sys-apps/proot/proot-5.0.0.ebuild create mode 100644 sys-apps/proot/proot-5.1.0-r1.ebuild delete mode 100644 sys-apps/proot/proot-5.1.0.ebuild (limited to 'sys-apps/proot') diff --git a/sys-apps/proot/Manifest b/sys-apps/proot/Manifest index 2e2ae20236a2..d7192faf9bb2 100644 --- a/sys-apps/proot/Manifest +++ b/sys-apps/proot/Manifest @@ -1,15 +1,6 @@ -AUX proot-2.3.1-lib-paths-fix.patch 700 BLAKE2B eace0a2dbd277197961992ff0e94ebd8aa466808f0714d74ffabca632d62aadc27a2786b48e5840ea55696f66313e2a04df927947fc5b077393cffe32f25628c SHA512 90c5b6fa8d9e98de79d2c1344508a82be22ccc334cfcf8b6d60a2004a445a1c683fa538dd57958ba6491e26a1997fcfa8daa44f3a8001424470c85ece56c34a9 -AUX proot-3.2.1-makefile.patch 327 BLAKE2B 202b3180885595c18264e26dc78e71ca0ea33b07eb309688831f82629c739ea14508ac6bf6b7e79a7da765630aa667089e277760920510a07bcc369fa0cb67ed SHA512 8c1614b5c47ffddbbf59f1a47d60d7fa43c03a31612a1b8c699c8ea9c0a4f319ab326bb713e0c0dc6bcb8d7b38282a181e89f7429c7aaccc7340da0769235a57 -AUX proot-3.2.2-build-care.patch 630 BLAKE2B 90f6e8d0cfa544cec4207a7fa1f9cb3024bb19da7d0d551976144094cd8873a6e542514a9984cdf506b3b6bc0132251c4db7284aaa37da726995a235fd60c74e SHA512 394d647a9b5054ca31b7c18a0993adb9d811123cc54fb9f9ea5560016562260966e61f73f3290697af1dc141482dd75d3bb4cbb7c84995af58e246f8977169b6 -AUX proot-4.0.1-argv.patch 3833 BLAKE2B 911d3299e62223a90bbb930c5a0b7b518d815120d97adb0b343f4942eda17c3b75c774378fbf7a4ecedd0ece6f28cb7e86981b71372fd1ef8920adde6de36923 SHA512 d0be9f636ecfd75fef3987d2ebb4c693aa134371e2fee6d975373ac89b0da79ad017301c388b4893667101db405f98d54a8de2cc851413356b1616337d274a14 -DIST proot-3.2.2.tar.gz 171047 BLAKE2B a99f7e27e57bc63508cd31b39d15cade0ffadc6b92a4f9acdf92d41afcbc9e294962d8f7b0114eade568f15b0262065ae20b3308f5b5d03a973c896ecffecaea SHA512 baf8df06a463978f0faf36f9d81935d6583b99b7e8c54b8ac330478ed92bb3a5d5cd624e028247c50bb9bc6fbe1300c5736a38c0aff250b23614aa52f922dfdd -DIST proot-4.0.1.tar.gz 218732 BLAKE2B 2df499190bf4ffc2c60a9b4dcff21b21aa23647e958c49731679d0a8ca4ac33f8ffb2c52729179efd4dd6d0df78c92861e17061145527f0bc1aba574350a45c4 SHA512 df6ea412856268af65ed5fd3ede8ae099c70e9b08d7875e3e2d8e44e9d4288de93e3844aa361db0b7b579b68b5e7a983989ec0742a6d31d7bef889f739db2158 -DIST proot-4.0.3.tar.gz 222716 BLAKE2B 40a0f99926db386f4018612035812246b67e2070ebd343183dfc6f1e5a53f1c3718352e1042e9727d9e617c0591b6fdcb90745d8d359d607dec95e015ac2704e SHA512 1c74219d44ea79a4573c6dd21a5b62df8e93522886cadb1175044b782f40a711193af348763663d24ab634fbe13b67264f0bff061a980947810e38850d0133f8 -DIST proot-5.0.0.tar.gz 250005 BLAKE2B 89b4f9cb5507b87ae52e82502846fa66a0083618672599068620f7f21ea750524f56f9159e81e1e96bee2ac476b1c49aeb58429178b70c01f26f34065f443fdf SHA512 0617142d5bfe40329c12f5cbe3c850d01b82f10a8b44d63acb64e7e880af652fb60d05610fb91ce317353986eb30f031d82114661e5d58a38696d242ccd366ee +AUX proot-2.3.1-lib-paths-fix.patch 704 BLAKE2B 2ec5d90122914299dd892001a2b100b7b263dc83f9a43533ee5d7ee7575f9a33e6703265da58d04b68c2f84d511e0206b43dbb4d5e8d9366c6bb52fbaa3ded88 SHA512 be372a1f7865a22f76f6eddcd348806a4c5351d4a9ffc4657ad41826ceadcb6f6cc3987d8e81ccaa022df01567066c9d5b450f315bb29cd01a266f8ae9141306 +AUX proot-5.1.0-loader.patch 8308 BLAKE2B 097a5a3dbf46160a940acf194004443529b720fd8d323bb39057263cb294905e729f0d441a80bc52427e1108a9c1c4fe7dea7e84d39064258d98a3e832522ae0 SHA512 6c3018a4b44149260f2d9f9b8f892f972c0f85482fdc6b7d2858ab6ad16fdc68a9ea619dbcb80c1cb7b4a6d0af2b90329b4560f44baaf3fae29f3c624966ef12 +AUX proot-5.1.0-makefile.patch 779 BLAKE2B a70e16c8f61501253adcd4cb40f69e315548d4394828af537c646fd46878ec75a5f3d24270458a1dfcb9bc70c2468efbcc6e629f848172a678fea27e9f4a5e2c SHA512 3ee5566e2209e0c3cc12ba9dbbbbc93d0080e66039aacbdc3c30974acf5380d4f855bee81a49976ea9c0a67f904456104a2d18777e5c0c10f530debae6e42df7 DIST proot-5.1.0.tar.gz 253251 BLAKE2B 8dc147d6c6ee303baf0c86f2fa4a8c17a58e76d9da9432635fc70ee06a65aa748ad617735012a1a18a520775fbe38c2264dcccefb681e8e829a5e7e1ddb05cca SHA512 26be26d405a8bcbe94377c3e9c18a571e4b61e3074f0716b0db3517d147d9d4a07c80f7312171cf9580ac7748e72e688efaf1b8e4a0ca3bfc31c802aa351346f -EBUILD proot-3.2.2-r1.ebuild 1675 BLAKE2B d219c5565aaa7ce20f3ec6d3dc674d302b484120411f03224a895f1a07304aa457e264f28109e3c209630c0dabb5522e0aa6db5d2418f3aeff896dd735f3b38d SHA512 0b15670f67c14e86cd3af2238412d8a3d2c86a252d3228666497633096344eed528da23e6701ae06fb1f9190e0a3fc8f2f8493535b11369eea203a54cdc5bd5a -EBUILD proot-4.0.1.ebuild 1616 BLAKE2B bc34c263697ee1eefb81576421d29ae3344494e896c576d6b8a7df8392101a5304fc32ea91fc1c5fd5a46153d81aac74d5794efcc19e005f22006689558d109c SHA512 8a6b2da2143283965926b722a661fdf820da7f868a347667c0d7e8ffd00e0dee2d9085861358accceb0e4461eb52f114b6e944ba8ab2adea937a43eb33eaed17 -EBUILD proot-4.0.3.ebuild 1563 BLAKE2B 5b1a8c584360ddcd0219d97527c40c886bda2be3bbe4bc250ca97989996a59d04dee5f54a82090865dbee6e9ce171d3b2787cec7d07efb2b0aff61146a13dc58 SHA512 a8f5aba5498c1bdb6f2d74574a5a53408b6be26164137be29bfd20760767b374470f8c7f28d1c9393d0737548a689df11881c9ed09cb0b97e4eae7fbd37fa1bc -EBUILD proot-5.0.0.ebuild 1563 BLAKE2B 5b1a8c584360ddcd0219d97527c40c886bda2be3bbe4bc250ca97989996a59d04dee5f54a82090865dbee6e9ce171d3b2787cec7d07efb2b0aff61146a13dc58 SHA512 a8f5aba5498c1bdb6f2d74574a5a53408b6be26164137be29bfd20760767b374470f8c7f28d1c9393d0737548a689df11881c9ed09cb0b97e4eae7fbd37fa1bc -EBUILD proot-5.1.0.ebuild 1563 BLAKE2B 5b1a8c584360ddcd0219d97527c40c886bda2be3bbe4bc250ca97989996a59d04dee5f54a82090865dbee6e9ce171d3b2787cec7d07efb2b0aff61146a13dc58 SHA512 a8f5aba5498c1bdb6f2d74574a5a53408b6be26164137be29bfd20760767b374470f8c7f28d1c9393d0737548a689df11881c9ed09cb0b97e4eae7fbd37fa1bc +EBUILD proot-5.1.0-r1.ebuild 1744 BLAKE2B 4494e0f0c9eafc9f36e75f9e48f30126d65476b0067472325cd5168d5920b7bb6d552274b96dd314f7c05b0efc1e8932b8adb0d037acead4bf80b75122d927ae SHA512 fe10a94938cb13d4140b6a7633794d756f04ebb84f04494d53f44443727e9530c596bd91ed2b9660a31063cbf2cc5b150820b689516b9497ce261d4ab8405a13 MISC metadata.xml 969 BLAKE2B 23deaf1895522b9bddab5b184c088b74b0ca883ccd1a28bd925418203c4cd5c1ddf3dba7f395828ce198ea4e3bbcedd14539ad1268e6bf10cc52624f5d334635 SHA512 447fb399976f554931c6983af60c33567518fa21e40ef4b1732c9e7615dcf9796ab8bc1356b84eef947455f8e25111bdee0dfc5025d686fe978aa6f6e7343145 diff --git a/sys-apps/proot/files/proot-2.3.1-lib-paths-fix.patch b/sys-apps/proot/files/proot-2.3.1-lib-paths-fix.patch index 43c0d03d978a..647f19183a9d 100644 --- a/sys-apps/proot/files/proot-2.3.1-lib-paths-fix.patch +++ b/sys-apps/proot/files/proot-2.3.1-lib-paths-fix.patch @@ -1,5 +1,5 @@ ---- src/execve/ldso.c 2013-01-23 16:22:37.870287856 +0400 -+++ src/execve/ldso.c 2013-01-23 16:31:40.219283675 +0400 +--- a/src/execve/ldso.c 2013-01-23 16:22:37.870287856 +0400 ++++ b/src/execve/ldso.c 2013-01-23 16:31:40.219283675 +0400 @@ -285,16 +285,10 @@ /* 6. /lib, /usr/lib + /usr/local/lib */ if (IS_CLASS32(elf_header)) diff --git a/sys-apps/proot/files/proot-3.2.1-makefile.patch b/sys-apps/proot/files/proot-3.2.1-makefile.patch deleted file mode 100644 index 854c48ef0817..000000000000 --- a/sys-apps/proot/files/proot-3.2.1-makefile.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- src/GNUmakefile.orig 2013-12-06 10:47:18.554784621 +0400 -+++ src/GNUmakefile 2013-12-06 10:47:43.129785804 +0400 -@@ -9,7 +9,7 @@ - CC = gcc - LD = $(CC) - CPPFLAGS += -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I. -I$(VPATH) --CFLAGS += -Wall -Wextra -O2 -+CFLAGS += -Wall -Wextra - LDFLAGS += -ltalloc - - OBJECTS = \ diff --git a/sys-apps/proot/files/proot-3.2.2-build-care.patch b/sys-apps/proot/files/proot-3.2.2-build-care.patch deleted file mode 100644 index c52a39cf787b..000000000000 --- a/sys-apps/proot/files/proot-3.2.2-build-care.patch +++ /dev/null @@ -1,20 +0,0 @@ -Skip check for building care, patch by Patrick Lauer - ---- src/GNUmakefile 2014-02-25 16:42:04.336863622 +0800 -+++ src/GNUmakefile.new 2014-02-25 16:42:26.063050467 +0800 -@@ -54,15 +54,6 @@ - all: proot - - ###################################################################### --# Sanity checks -- --ifneq (,$(findstring care,$(MAKECMDGOALS))) --ifneq ($(CARE_BUILD_ENV),ok) --$(error care is supposed to be built with: http://build.reproducible.io) --endif --endif -- --###################################################################### - # Beautified output - - quiet_GEN = @echo " GEN $@"; $(GEN) diff --git a/sys-apps/proot/files/proot-4.0.1-argv.patch b/sys-apps/proot/files/proot-4.0.1-argv.patch deleted file mode 100644 index df580563458c..000000000000 --- a/sys-apps/proot/files/proot-4.0.1-argv.patch +++ /dev/null @@ -1,125 +0,0 @@ -commit 520fa3601c36dd0a3c84e310bd2a1189259000bd -Author: Cédric VINCENT -Date: Thu Aug 7 14:29:37 2014 +0200 - - Don't dereference argv[0] when launching a script through a symlink. - - Reported-by: Joakim Tjernlund - Ref: https://bugs.gentoo.org/show_bug.cgi?id=517496 - - Also, don't complain about non-regular or non-executable files that - are not explicitely candidates. - -diff --git a/src/path/path.c b/src/path/path.c -index 4225876..ecdef70 100644 ---- a/src/path/path.c -+++ b/src/path/path.c -@@ -219,17 +219,21 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], char *con - /* Is the command available without any $PATH look-up? */ - status = realpath2(tracee, host_path, command, true); - if (status == 0 && stat(host_path, &statr) == 0) { -- if (!S_ISREG(statr.st_mode)) { -+ if (is_explicit && !S_ISREG(statr.st_mode)) { - notice(tracee, ERROR, USER, "'%s' is not a regular file", command); - return -EACCES; - } - -- if ((statr.st_mode & S_IXUSR) == 0) { -+ if (is_explicit && (statr.st_mode & S_IXUSR) == 0) { - notice(tracee, ERROR, USER, "'%s' is not executable", command); - return -EACCES; - } - - found = true; -+ -+ /* Don't dereference the final component to preserve -+ * argv0 in case it is a symlink to script. */ -+ (void) realpath2(tracee, host_path, command, false); - } - else - found = false; -@@ -274,8 +278,12 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], char *con - if (status == 0 - && stat(host_path, &statr) == 0 - && S_ISREG(statr.st_mode) -- && (statr.st_mode & S_IXUSR) != 0) -- return 0; -+ && (statr.st_mode & S_IXUSR) != 0) { -+ /* Don't dereference the final component to preserve -+ * argv0 in case it is a symlink to script. */ -+ (void) realpath2(tracee, host_path, path, false); -+ return 0; -+ } - } while (*(cursor - 1) != '\0'); - - not_found: -diff --git a/src/tracee/event.c b/src/tracee/event.c -index 70668d6..5905c43 100644 ---- a/src/tracee/event.c -+++ b/src/tracee/event.c -@@ -92,7 +92,7 @@ int launch_process(Tracee *tracee) - * guest rootfs. Note: Valgrind can't handle execve(2) on - * "foreign" binaries (ENOEXEC) but can handle execvp(3) on such - * binaries. */ -- execvp(tracee->exe, tracee->cmdline); -+ execv(tracee->exe, tracee->cmdline); - return -errno; - - default: /* parent */ -diff --git a/tests/test-713b6910.sh b/tests/test-713b6910.sh -new file mode 100644 -index 0000000..82e01fd ---- /dev/null -+++ b/tests/test-713b6910.sh -@@ -0,0 +1,51 @@ -+if [ -z `which mcookie` ] || [ -z `which rm` ] || [ -z `which cat` ] || [ -z `which chmod` ] || [ -z `which ln` ] || [ -z `which grep` ] || [ -z `which mkdir` ] || [ ! -x ${ROOTFS}/bin/readlink ]; then -+ exit 125; -+fi -+ -+###################################################################### -+ -+TMP1=/tmp/$(mcookie) -+TMP2=/tmp/$(mcookie) -+TMP3=/tmp/$(mcookie) -+TMP4=/tmp/$(mcookie) -+ -+rm -fr ${TMP1} ${TMP2} ${TMP3} ${TMP4} -+ -+###################################################################### -+ -+cat > ${TMP1} <<'EOF' -+#!/bin/sh -+echo $0 -+EOF -+ -+chmod +x ${TMP1} -+ln -s ${TMP1} ${TMP2} -+ -+${PROOT} ${TMP2} | grep -v ${TMP1} -+${PROOT} ${TMP2} | grep ${TMP2} -+ -+###################################################################### -+ -+mkdir -p ${TMP3} -+cd ${TMP3} -+ -+ln -s $(which true) false -+! ${PROOT} false -+ -+echo "#!$(which false)" > true -+chmod a-x true -+${PROOT} true -+ -+###################################################################### -+ -+ln -s ${ROOTFS}/bin/readlink ${TMP4} -+ -+TEST1=$(${PROOT} ${ROOTFS}/bin/readlink /proc/self/exe) -+TEST2=$(${PROOT} ${TMP4} /proc/self/exe) -+ -+test "${TEST1}" = "${TEST2}" -+ -+###################################################################### -+ -+cd / -+rm -fr ${TMP1} ${TMP2} ${TMP3} ${TMP4} diff --git a/sys-apps/proot/files/proot-5.1.0-loader.patch b/sys-apps/proot/files/proot-5.1.0-loader.patch new file mode 100644 index 000000000000..e74cfaa7807b --- /dev/null +++ b/sys-apps/proot/files/proot-5.1.0-loader.patch @@ -0,0 +1,272 @@ +commit 77d5ba4e5bb35f91d026a3240ad0a91a2d4b662a +Author: Cédric VINCENT +Date: Fri Feb 20 14:28:55 2015 +0100 + + Set tracee's stack executable when the loaded program requires this. + + This is required for UMEQ and for some older versions of PRoot. For + example: + + $ proot -q umeq-arm64-dce01957 -R ~/gentoo-arm64-20140718 + + Before: + + proot info: vpid 1 terminated with signal 11 + + Now, it is OK. + +diff --git a/src/compat.h b/src/compat.h +index 2b603f1..5009490 100644 +--- a/src/compat.h ++++ b/src/compat.h +@@ -243,5 +243,17 @@ + # ifndef MAP_ANONYMOUS + # define MAP_ANONYMOUS 0x20 + # endif ++# ifndef PROT_READ ++# define PROT_READ 0x1 ++# endif ++# ifndef PROT_WRITE ++# define PROT_WRITE 0x2 ++# endif ++# ifndef PROT_EXEC ++# define PROT_EXEC 0x4 ++# endif ++# ifndef PROT_GROWSDOWN ++# define PROT_GROWSDOWN 0x01000000 ++# endif + + #endif /* COMPAT_H */ +diff --git a/src/execve/elf.h b/src/execve/elf.h +index 3ced10c..a5b367b 100644 +--- a/src/execve/elf.h ++++ b/src/execve/elf.h +@@ -108,7 +108,8 @@ typedef union { + typedef enum { + PT_LOAD = 1, + PT_DYNAMIC = 2, +- PT_INTERP = 3 ++ PT_INTERP = 3, ++ PT_GNU_STACK = 0x6474e551, + } SegmentType; + + typedef struct { +diff --git a/src/execve/enter.c b/src/execve/enter.c +index cb84ec6..f0f3e7f 100644 +--- a/src/execve/enter.c ++++ b/src/execve/enter.c +@@ -252,6 +252,11 @@ static int add_load_info(const ElfHeader *elf_header, + return status; + break; + ++ case PT_GNU_STACK: ++ data->load_info->needs_executable_stack |= ++ ((PROGRAM_FIELD(*elf_header, *program_header, flags) & PF_X) != 0); ++ break; ++ + default: + break; + } +diff --git a/src/execve/execve.h b/src/execve/execve.h +index 11eca10..98b8d03 100644 +--- a/src/execve/execve.h ++++ b/src/execve/execve.h +@@ -49,6 +49,7 @@ typedef struct load_info { + char *raw_path; + Mapping *mappings; + ElfHeader elf_header; ++ bool needs_executable_stack; + + struct load_info *interp; + } LoadInfo; +diff --git a/src/execve/exit.c b/src/execve/exit.c +index e6eff44..36cc51f 100644 +--- a/src/execve/exit.c ++++ b/src/execve/exit.c +@@ -174,6 +174,9 @@ static void *transcript_mappings(void *cursor, const Mapping *mappings) + static int transfer_load_script(Tracee *tracee) + { + const word_t stack_pointer = peek_reg(tracee, CURRENT, STACK_POINTER); ++ static word_t page_size = 0; ++ static word_t page_mask = 0; ++ + word_t entry_point; + + size_t script_size; +@@ -190,10 +193,22 @@ static int transfer_load_script(Tracee *tracee) + void *buffer; + size_t buffer_size; + ++ bool needs_executable_stack; + LoadStatement *statement; + void *cursor; + int status; + ++ if (page_size == 0) { ++ page_size = sysconf(_SC_PAGE_SIZE); ++ if ((int) page_size <= 0) ++ page_size = 0x1000; ++ page_mask = ~(page_size - 1); ++ } ++ ++ needs_executable_stack = (tracee->load_info->needs_executable_stack ++ || ( tracee->load_info->interp != NULL ++ && tracee->load_info->interp->needs_executable_stack)); ++ + /* Strings addresses are required to generate the load script, + * for "open" actions. Since I want to generate it in one + * pass, these strings will be put right below the current +@@ -208,7 +223,7 @@ static int transfer_load_script(Tracee *tracee) + : strlen(tracee->load_info->raw_path) + 1); + + /* A padding will be appended at the end of the load script +- * (a.k.a "strings area") to ensure this latter is aligned on ++ * (a.k.a "strings area") to ensure this latter is aligned to + * a word boundary, for sake of performance. */ + padding_size = (stack_pointer - string1_size - string2_size - string3_size) + % sizeof_word(tracee); +@@ -229,6 +244,7 @@ static int transfer_load_script(Tracee *tracee) + : LOAD_STATEMENT_SIZE(*statement, open) + + (LOAD_STATEMENT_SIZE(*statement, mmap) + * talloc_array_length(tracee->load_info->interp->mappings))) ++ + (needs_executable_stack ? LOAD_STATEMENT_SIZE(*statement, make_stack_exec) : 0) + + LOAD_STATEMENT_SIZE(*statement, start); + + /* Allocate enough room for both the load script and the +@@ -266,6 +282,16 @@ static int transfer_load_script(Tracee *tracee) + else + entry_point = ELF_FIELD(tracee->load_info->elf_header, entry); + ++ if (needs_executable_stack) { ++ /* Load script statement: stack_exec. */ ++ statement = cursor; ++ ++ statement->action = LOAD_ACTION_MAKE_STACK_EXEC; ++ statement->make_stack_exec.start = stack_pointer & page_mask; ++ ++ cursor += LOAD_STATEMENT_SIZE(*statement, make_stack_exec); ++ } ++ + /* Load script statement: start. */ + statement = cursor; + +@@ -352,7 +378,7 @@ static int transfer_load_script(Tracee *tracee) + * | mmap file | + * +------------+ + * | open | +- * +------------+ <- stack pointer, sysarg1 (word aligned) ++ * +------------+ <- stack pointer, userarg1 (word aligned) + */ + + /* Remember we are in the sysexit stage, so be sure the +diff --git a/src/loader/assembly-arm.h b/src/loader/assembly-arm.h +index ee5bb85..59a7fe0 100644 +--- a/src/loader/assembly-arm.h ++++ b/src/loader/assembly-arm.h +@@ -89,4 +89,5 @@ + #define EXECVE 11 + #define EXIT 1 + #define PRCTL 172 ++#define MPROTECT 125 + +diff --git a/src/loader/assembly-x86.h b/src/loader/assembly-x86.h +index c83b3ef..4045144 100644 +--- a/src/loader/assembly-x86.h ++++ b/src/loader/assembly-x86.h +@@ -65,3 +65,4 @@ extern word_t syscall_1(word_t number, word_t arg1); + #define EXECVE 11 + #define EXIT 1 + #define PRCTL 172 ++#define MPROTECT 125 +diff --git a/src/loader/assembly-x86_64.h b/src/loader/assembly-x86_64.h +index c581208..6f431be 100644 +--- a/src/loader/assembly-x86_64.h ++++ b/src/loader/assembly-x86_64.h +@@ -93,3 +93,4 @@ + #define EXECVE 59 + #define EXIT 60 + #define PRCTL 157 ++#define MPROTECT 10 +diff --git a/src/loader/loader.c b/src/loader/loader.c +index 5b31b02..9c2037b 100644 +--- a/src/loader/loader.c ++++ b/src/loader/loader.c +@@ -171,6 +171,14 @@ void _start(void *cursor) + cursor += LOAD_STATEMENT_SIZE(*stmt, mmap); + break; + ++ case LOAD_ACTION_MAKE_STACK_EXEC: ++ SYSCALL(MPROTECT, 3, ++ stmt->make_stack_exec.start, 1, ++ PROT_READ | PROT_WRITE | PROT_EXEC | PROT_GROWSDOWN); ++ ++ cursor += LOAD_STATEMENT_SIZE(*stmt, make_stack_exec); ++ break; ++ + case LOAD_ACTION_START_TRACED: + traced = true; + /* Fall through. */ +diff --git a/src/loader/script.h b/src/loader/script.h +index bb48af5..6ae7621 100644 +--- a/src/loader/script.h ++++ b/src/loader/script.h +@@ -42,6 +42,10 @@ struct load_statement { + word_t clear_length; + } mmap; + ++ struct { ++ word_t start; ++ } make_stack_exec; ++ + struct { + word_t stack_pointer; + word_t entry_point; +@@ -67,7 +71,8 @@ typedef struct load_statement LoadStatement; + #define LOAD_ACTION_OPEN 1 + #define LOAD_ACTION_MMAP_FILE 2 + #define LOAD_ACTION_MMAP_ANON 3 +-#define LOAD_ACTION_START_TRACED 4 +-#define LOAD_ACTION_START 5 ++#define LOAD_ACTION_MAKE_STACK_EXEC 4 ++#define LOAD_ACTION_START_TRACED 5 ++#define LOAD_ACTION_START 6 + + #endif /* SCRIPT */ + +commit d649854ddb66779950954aac99d960379c631a71 +Author: Nicolas Cornu +Date: Wed Jul 29 14:52:57 2015 +0200 + + Fix use of size + +diff --git a/src/execve/enter.c b/src/execve/enter.c +index 8f22d9c..4c163a1 100644 +--- a/src/execve/enter.c ++++ b/src/execve/enter.c +@@ -454,10 +454,10 @@ static int expand_runner(Tracee* tracee, char host_path[PATH_MAX], char user_pat + } + + extern unsigned char _binary_loader_exe_start; +-extern unsigned char _binary_loader_exe_size; ++extern unsigned char _binary_loader_exe_end; + + extern unsigned char WEAK _binary_loader_m32_exe_start; +-extern unsigned char WEAK _binary_loader_m32_exe_size; ++extern unsigned char WEAK _binary_loader_m32_exe_end; + + /** + * Extract the built-in loader. This function returns NULL if an +@@ -483,11 +483,11 @@ static char *extract_loader(const Tracee *tracee, bool wants_32bit_version) + + if (wants_32bit_version) { + start = (void *) &_binary_loader_m32_exe_start; +- size = (size_t) &_binary_loader_m32_exe_size; ++ size = (size_t)(&_binary_loader_m32_exe_end-&_binary_loader_m32_exe_start); + } + else { + start = (void *) &_binary_loader_exe_start; +- size = (size_t) &_binary_loader_exe_size; ++ size = (size_t) (&_binary_loader_exe_end-&_binary_loader_exe_start); + } + + status2 = write(fd, start, size); diff --git a/sys-apps/proot/files/proot-5.1.0-makefile.patch b/sys-apps/proot/files/proot-5.1.0-makefile.patch new file mode 100644 index 000000000000..414cb29010cb --- /dev/null +++ b/sys-apps/proot/files/proot-5.1.0-makefile.patch @@ -0,0 +1,22 @@ +--- a/src/GNUmakefile 2018-08-01 16:30:00.957743804 +0300 ++++ b/src/GNUmakefile 2018-08-01 16:30:34.876741798 +0300 +@@ -15,8 +15,8 @@ + OBJDUMP = $(CROSS_COMPILE)objdump + + CPPFLAGS += -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I. -I$(VPATH) +-CFLAGS += -Wall -Wextra -O2 +-LDFLAGS += -ltalloc ++CFLAGS += -Wall -Wextra ++LDFLAGS += -ltalloc -Wl,-z,noexecstack + + CARE_LDFLAGS = -larchive + +@@ -182,7 +182,7 @@ + $(eval $(call define_from_arch.h,$1,LOADER_ADDRESS)) + + LOADER_CFLAGS$1 += -fPIC -ffreestanding $(LOADER_ARCH_CFLAGS$1) +-LOADER_LDFLAGS$1 += -static -nostdlib -Wl$(BUILD_ID_NONE),-Ttext=$(LOADER_ADDRESS$1) ++LOADER_LDFLAGS$1 += -static -nostdlib -Wl$(BUILD_ID_NONE),-Ttext=$(LOADER_ADDRESS$1),-z,noexecstack + + loader/loader$1.o: loader/loader.c + @mkdir -p $$(dir $$@) diff --git a/sys-apps/proot/proot-3.2.2-r1.ebuild b/sys-apps/proot/proot-3.2.2-r1.ebuild deleted file mode 100644 index ef14402f0834..000000000000 --- a/sys-apps/proot/proot-3.2.2-r1.ebuild +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -MY_PN="PRoot" - -inherit eutils pax-utils toolchain-funcs - -DESCRIPTION="User-space implementation of chroot, mount --bind, and binfmt_misc" -HOMEPAGE="https://proot-me.github.io/" -SRC_URI="https://github.com/proot-me/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="care test" - -RDEPEND="care? ( app-arch/libarchive:0= ) - sys-libs/talloc" -DEPEND="${RDEPEND} - care? ( dev-libs/uthash ) - test? ( dev-util/valgrind )" - -# Breaks sandbox -RESTRICT="test" - -S="${WORKDIR}/${MY_PN}-${PV}" - -src_prepare() { - epatch "${FILESDIR}/${PN}-3.2.1-makefile.patch" \ - "${FILESDIR}/${PN}-2.3.1-lib-paths-fix.patch" \ - "${FILESDIR}/${P}-build-care.patch" - epatch_user -} - -src_compile() { - # build the proot and care targets - emake -C src V=1 \ - CC="$(tc-getCC)" \ - CHECK_VERSION="true" \ - CAREBUILDENV="ok" \ - proot $(usex care "care" "" "" "") -} - -src_install() { - if use care; then - # Workaround for bug #493416 - pax-mark -Emp src/care - dobin src/care - fi - # Workaround for bug #493416 - pax-mark -Emp src/proot - - dobin src/proot - doman doc/proot.1 - dodoc doc/*.txt doc/articles/* -} - -src_test() { - emake -C tests -j1 CC="$(tc-getCC)" -} - -pkg_postinst() { - if use care; then - elog "You have enabled 'care' USE flag, that builds and installs" - elog "dynamically linked care binary." - elog "Upstream does NOT support such way of building CARE," - elog "it provides only prebuilt binaries." - elog "CARE also has known problems on hardened systems" - elog "Please do NOT file bugs about them to https://bugs.gentoo.org" - fi -} diff --git a/sys-apps/proot/proot-4.0.1.ebuild b/sys-apps/proot/proot-4.0.1.ebuild deleted file mode 100644 index 33b2ca7192b2..000000000000 --- a/sys-apps/proot/proot-4.0.1.ebuild +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -MY_PN="PRoot" - -inherit eutils toolchain-funcs - -DESCRIPTION="User-space implementation of chroot, mount --bind, and binfmt_misc" -HOMEPAGE="https://proot-me.github.io/" -SRC_URI="https://github.com/proot-me/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="care test" - -RDEPEND="care? ( app-arch/libarchive:0= ) - sys-libs/talloc" -DEPEND="${RDEPEND} - care? ( dev-libs/uthash ) - test? ( dev-util/valgrind )" - -# Breaks sandbox -RESTRICT="test" - -S="${WORKDIR}/${MY_PN}-${PV}" - -src_prepare() { - epatch "${FILESDIR}/${PN}-3.2.1-makefile.patch" \ - "${FILESDIR}/${PN}-2.3.1-lib-paths-fix.patch" \ - "${FILESDIR}/${PN}-3.2.2-build-care.patch" \ - "${FILESDIR}/${PN}-4.0.1-argv.patch" - epatch_user -} - -src_compile() { - # build the proot and care targets - emake -C src V=1 \ - CC="$(tc-getCC)" \ - CHECK_VERSION="true" \ - CAREBUILDENV="ok" \ - proot $(use care && echo "care") -} - -src_install() { - use care && dobin src/care - dobin src/proot - newman doc/proot/man.1 proot.1 - dodoc doc/proot/*.txt - dodoc -r doc/articles -} - -src_test() { - emake -C tests -j1 CC="$(tc-getCC)" -} - -pkg_postinst() { - if use care; then - elog "You have enabled 'care' USE flag, that builds and installs" - elog "dynamically linked care binary." - elog "Upstream does NOT support such way of building CARE," - elog "it provides only prebuilt binaries." - elog "CARE also has known problems on hardened systems" - elog "Please do NOT file bugs about them to https://bugs.gentoo.org" - fi -} diff --git a/sys-apps/proot/proot-4.0.3.ebuild b/sys-apps/proot/proot-4.0.3.ebuild deleted file mode 100644 index 6e07802ddcba..000000000000 --- a/sys-apps/proot/proot-4.0.3.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -MY_PN="PRoot" - -inherit eutils toolchain-funcs - -DESCRIPTION="User-space implementation of chroot, mount --bind, and binfmt_misc" -HOMEPAGE="https://proot-me.github.io/" -SRC_URI="https://github.com/proot-me/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="care test" - -RDEPEND="care? ( app-arch/libarchive:0= ) - sys-libs/talloc" -DEPEND="${RDEPEND} - care? ( dev-libs/uthash ) - test? ( dev-util/valgrind )" - -# Breaks sandbox -RESTRICT="test" - -S="${WORKDIR}/${MY_PN}-${PV}" - -src_prepare() { - epatch "${FILESDIR}/${PN}-3.2.1-makefile.patch" \ - "${FILESDIR}/${PN}-2.3.1-lib-paths-fix.patch" - epatch_user -} - -src_compile() { - # build the proot and care targets - emake -C src V=1 \ - CC="$(tc-getCC)" \ - CHECK_VERSION="true" \ - CAREBUILDENV="ok" \ - proot $(use care && echo "care") -} - -src_install() { - if use care; then - dobin src/care - dodoc doc/care/*.txt - fi - dobin src/proot - newman doc/proot/man.1 proot.1 - dodoc doc/proot/*.txt - dodoc -r doc/articles -} - -src_test() { - emake -C tests -j1 CC="$(tc-getCC)" -} - -pkg_postinst() { - if use care; then - elog "You have enabled 'care' USE flag, that builds and installs" - elog "dynamically linked care binary." - elog "Upstream does NOT support such way of building CARE," - elog "it provides only prebuilt binaries." - elog "CARE also has known problems on hardened systems" - elog "Please do NOT file bugs about them to https://bugs.gentoo.org" - fi -} diff --git a/sys-apps/proot/proot-5.0.0.ebuild b/sys-apps/proot/proot-5.0.0.ebuild deleted file mode 100644 index 6e07802ddcba..000000000000 --- a/sys-apps/proot/proot-5.0.0.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -MY_PN="PRoot" - -inherit eutils toolchain-funcs - -DESCRIPTION="User-space implementation of chroot, mount --bind, and binfmt_misc" -HOMEPAGE="https://proot-me.github.io/" -SRC_URI="https://github.com/proot-me/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="care test" - -RDEPEND="care? ( app-arch/libarchive:0= ) - sys-libs/talloc" -DEPEND="${RDEPEND} - care? ( dev-libs/uthash ) - test? ( dev-util/valgrind )" - -# Breaks sandbox -RESTRICT="test" - -S="${WORKDIR}/${MY_PN}-${PV}" - -src_prepare() { - epatch "${FILESDIR}/${PN}-3.2.1-makefile.patch" \ - "${FILESDIR}/${PN}-2.3.1-lib-paths-fix.patch" - epatch_user -} - -src_compile() { - # build the proot and care targets - emake -C src V=1 \ - CC="$(tc-getCC)" \ - CHECK_VERSION="true" \ - CAREBUILDENV="ok" \ - proot $(use care && echo "care") -} - -src_install() { - if use care; then - dobin src/care - dodoc doc/care/*.txt - fi - dobin src/proot - newman doc/proot/man.1 proot.1 - dodoc doc/proot/*.txt - dodoc -r doc/articles -} - -src_test() { - emake -C tests -j1 CC="$(tc-getCC)" -} - -pkg_postinst() { - if use care; then - elog "You have enabled 'care' USE flag, that builds and installs" - elog "dynamically linked care binary." - elog "Upstream does NOT support such way of building CARE," - elog "it provides only prebuilt binaries." - elog "CARE also has known problems on hardened systems" - elog "Please do NOT file bugs about them to https://bugs.gentoo.org" - fi -} diff --git a/sys-apps/proot/proot-5.1.0-r1.ebuild b/sys-apps/proot/proot-5.1.0-r1.ebuild new file mode 100644 index 000000000000..d8436f733386 --- /dev/null +++ b/sys-apps/proot/proot-5.1.0-r1.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +MY_PN="PRoot" + +inherit eutils toolchain-funcs + +DESCRIPTION="User-space implementation of chroot, mount --bind, and binfmt_misc" +HOMEPAGE="https://proot-me.github.io/" +SRC_URI="https://github.com/proot-me/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="care test" + +RDEPEND="care? ( app-arch/libarchive:0= ) + sys-libs/talloc" +DEPEND="${RDEPEND} + care? ( dev-libs/uthash ) + test? ( dev-util/valgrind )" + +# Breaks sandbox +RESTRICT="test" + +S="${WORKDIR}/${MY_PN}-${PV}" + +PATCHES=( + "${FILESDIR}/${PN}-5.1.0-makefile.patch" + "${FILESDIR}/${PN}-2.3.1-lib-paths-fix.patch" + "${FILESDIR}/${PN}-5.1.0-loader.patch" +) + +src_compile() { + # build the proot and care targets + emake -C src V=1 \ + CC="$(tc-getCC)" \ + CHECK_VERSION="true" \ + CAREBUILDENV="ok" \ + proot $(use care && echo "care") +} + +src_install() { + if use care; then + dobin src/care + dodoc doc/care/*.txt + fi + dobin src/proot + newman doc/proot/man.1 proot.1 + dodoc doc/proot/*.txt + dodoc -r doc/articles +} + +src_test() { + emake -C tests -j1 CC="$(tc-getCC)" +} + +pkg_postinst() { + elog "If you have segfaults on recent (>4.8) kernels" + elog "try to disable seccomp support like so:" + elog "'export PROOT_NO_SECCOMP=1'" + elog "prior to running proot" + + if use care; then + elog "You have enabled 'care' USE flag, that builds and installs" + elog "dynamically linked care binary." + elog "Upstream does NOT support such way of building CARE," + elog "it provides only prebuilt binaries." + elog "CARE also has known problems on hardened systems" + elog "Please do NOT file bugs about them to https://bugs.gentoo.org" + fi +} diff --git a/sys-apps/proot/proot-5.1.0.ebuild b/sys-apps/proot/proot-5.1.0.ebuild deleted file mode 100644 index 6e07802ddcba..000000000000 --- a/sys-apps/proot/proot-5.1.0.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -MY_PN="PRoot" - -inherit eutils toolchain-funcs - -DESCRIPTION="User-space implementation of chroot, mount --bind, and binfmt_misc" -HOMEPAGE="https://proot-me.github.io/" -SRC_URI="https://github.com/proot-me/${MY_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="care test" - -RDEPEND="care? ( app-arch/libarchive:0= ) - sys-libs/talloc" -DEPEND="${RDEPEND} - care? ( dev-libs/uthash ) - test? ( dev-util/valgrind )" - -# Breaks sandbox -RESTRICT="test" - -S="${WORKDIR}/${MY_PN}-${PV}" - -src_prepare() { - epatch "${FILESDIR}/${PN}-3.2.1-makefile.patch" \ - "${FILESDIR}/${PN}-2.3.1-lib-paths-fix.patch" - epatch_user -} - -src_compile() { - # build the proot and care targets - emake -C src V=1 \ - CC="$(tc-getCC)" \ - CHECK_VERSION="true" \ - CAREBUILDENV="ok" \ - proot $(use care && echo "care") -} - -src_install() { - if use care; then - dobin src/care - dodoc doc/care/*.txt - fi - dobin src/proot - newman doc/proot/man.1 proot.1 - dodoc doc/proot/*.txt - dodoc -r doc/articles -} - -src_test() { - emake -C tests -j1 CC="$(tc-getCC)" -} - -pkg_postinst() { - if use care; then - elog "You have enabled 'care' USE flag, that builds and installs" - elog "dynamically linked care binary." - elog "Upstream does NOT support such way of building CARE," - elog "it provides only prebuilt binaries." - elog "CARE also has known problems on hardened systems" - elog "Please do NOT file bugs about them to https://bugs.gentoo.org" - fi -} -- cgit v1.2.3