summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gilbert <floppym@gentoo.org>2020-01-16 16:18:12 -0500
committerMike Gilbert <floppym@gentoo.org>2020-01-17 11:02:35 -0500
commit1b0f89267a0f0b1d9d7312efe988aaf8d8f84bd2 (patch)
treecd570e72011266bab0f2d2c21abb6b120ae7b8a9 /sys-apps
parentsys-apps/mawk: remove old (diff)
downloadgentoo-1b0f89267a0f0b1d9d7312efe988aaf8d8f84bd2.tar.gz
gentoo-1b0f89267a0f0b1d9d7312efe988aaf8d8f84bd2.tar.bz2
gentoo-1b0f89267a0f0b1d9d7312efe988aaf8d8f84bd2.zip
sys-apps/mawk: remove sandbox patches
We can pick up this feature if/when upstream supports it. Closes: https://github.com/gentoo/gentoo/pull/14359 Package-Manager: Portage-2.3.84_p2, Repoman-2.3.20_p24 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Diffstat (limited to 'sys-apps')
-rw-r--r--sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch91
-rw-r--r--sys-apps/mawk/files/mawk-1.3.4-sandbox.patch141
-rw-r--r--sys-apps/mawk/mawk-1.3.4_p20190203-r1.ebuild (renamed from sys-apps/mawk/mawk-1.3.4_p20190203.ebuild)10
-rw-r--r--sys-apps/mawk/mawk-1.3.4_p20200106-r1.ebuild (renamed from sys-apps/mawk/mawk-1.3.4_p20200106.ebuild)8
-rw-r--r--sys-apps/mawk/metadata.xml3
5 files changed, 3 insertions, 250 deletions
diff --git a/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch b/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch
deleted file mode 100644
index c3b0fc1c892d..000000000000
--- a/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-https://github.com/ThomasDickey/original-mawk/issues/49
-
-Note: We hand modify the configure file here because the version of autotools
-used by upstream is very old/finicky, and it's a simple enough change.
-
-From 1ac333b97615c451d7a4743b4724edd46d37a8b2 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@chromium.org>
-Date: Tue, 7 Nov 2017 01:07:47 -0500
-Subject: [PATCH 2/2] add a configure flag to lock sandbox by default
-
-This lets us deploy systems with the sandbox always enabled.
----
- configure | 23 +++++++++++++++++++++++
- configure.in | 11 +++++++++++
- init.c | 4 ++++
- 3 files changed, 38 insertions(+)
-
-diff --git a/configure.in b/configure.in
-index 8b795fbd264b..770092005386 100644
---- a/configure.in
-+++ b/configure.in
-@@ -112,6 +112,17 @@ fi
- AC_MSG_RESULT($with_init_srand)
-
- ###############################################################################
-+AC_MSG_CHECKING(if you want mawk to always run in sandbox mode)
-+CF_ARG_ENABLE([forced-sandbox],
-+[ --enable-forced-sandbox always run in sandbox mode],
-+ [with_forced_sandbox=yes],
-+ [with_forced_sandbox=no])
-+if test "x${with_forced_sandbox}" != xno; then
-+ CPPFLAGS="$CPPFLAGS -DFORCED_SANDBOX"
-+fi
-+AC_MSG_RESULT($with_forced_sandbox)
-+
-+###############################################################################
-
- AC_PROG_YACC
- CF_PROG_LINT
-diff --git a/init.c b/init.c
-index f7babb337e04..e035d6ea2fc0 100644
---- a/init.c
-+++ b/init.c
-@@ -492,6 +492,10 @@ process_cmdline(int argc, char **argv)
-
- no_more_opts:
-
-+#ifdef FORCED_SANDBOX
-+ sandbox_flag = 1;
-+#endif
-+
- tail->link = (PFILE *) 0;
- pfile_list = dummy.link;
-
-diff --git a/configure b/configure
-index a3bf42fe9245..442875b8e58a 100755
---- a/configure
-+++ b/configure
-@@ -4132,6 +4132,29 @@ echo "$as_me:4131: result: $with_init_srand" >&5
- echo "${ECHO_T}$with_init_srand" >&6
-
- ###############################################################################
-+echo "$as_me:4109: checking if you want mawk to always run in sandbox mode" >&5
-+echo $ECHO_N "checking if you want mawk to always run in sandbox mode... $ECHO_C" >&6
-+
-+if test "${enable_forced_sandbox+set}" = set; then
-+ enableval="$enable_forced_sandbox"
-+ test "$enableval" != yes && enableval=no
-+ if test "$enableval" != "no" ; then
-+ with_forced_sandbox=yes
-+ else
-+ with_forced_sandbox=no
-+ fi
-+else
-+ enableval=no
-+ with_forced_sandbox=no
-+
-+fi;
-+if test "x${with_forced_sandbox}" != xno; then
-+ CPPFLAGS="$CPPFLAGS -DFORCED_SANDBOX"
-+fi
-+echo "$as_me:4131: result: $with_forced_sandbox" >&5
-+echo "${ECHO_T}$with_forced_sandbox" >&6
-+
-+###############################################################################
-
- for ac_prog in 'bison -y' byacc
- do
---
-2.13.5
-
diff --git a/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch b/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch
deleted file mode 100644
index ae2ccbd50ec1..000000000000
--- a/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-https://github.com/ThomasDickey/original-mawk/issues/49
-
-From ae3a324a5af1350aa1a6f648e10b9d6656d9fde4 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@chromium.org>
-Date: Tue, 7 Nov 2017 00:41:36 -0500
-Subject: [PATCH 1/2] add a -W sandbox mode
-
-This is like gawk's sandbox mode where arbitrary code execution and
-file redirection are locked down. This way awk can be a more secure
-input/output mode.
----
- bi_funct.c | 3 +++
- init.c | 8 ++++++++
- man/mawk.1 | 4 ++++
- mawk.h | 2 +-
- scan.c | 6 ++++++
- 5 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/bi_funct.c b/bi_funct.c
-index 7742308c72a5..b524ac8dac8b 100644
---- a/bi_funct.c
-+++ b/bi_funct.c
-@@ -908,6 +908,9 @@ bi_system(CELL *sp GCC_UNUSED)
- #ifdef HAVE_REAL_PIPES
- int ret_val;
-
-+ if (sandbox_flag)
-+ rt_error("'system' function not allowed in sandbox mode");
-+
- TRACE_FUNC("bi_system", sp);
-
- if (sp->type < C_STRING)
-diff --git a/init.c b/init.c
-index 0ab17b003f20..f7babb337e04 100644
---- a/init.c
-+++ b/init.c
-@@ -40,6 +40,7 @@ typedef enum {
- W_RANDOM,
- W_SPRINTF,
- W_POSIX_SPACE,
-+ W_SANDBOX,
- W_USAGE
- } W_OPTIONS;
-
-@@ -96,6 +97,7 @@ initialize(int argc, char **argv)
-
- int dump_code_flag; /* if on dump internal code */
- short posix_space_flag;
-+short sandbox_flag;
-
- #ifdef DEBUG
- int dump_RE = 1; /* if on dump compiled REs */
-@@ -153,6 +155,7 @@ usage(void)
- " -W random=number set initial random seed.",
- " -W sprintf=number adjust size of sprintf buffer.",
- " -W posix_space do not consider \"\\n\" a space.",
-+ " -W sandbox disable system() and I/O redirection.",
- " -W usage show this message and exit.",
- };
- size_t n;
-@@ -255,6 +258,7 @@ parse_w_opt(char *source, char **next)
- DATA(RANDOM),
- DATA(SPRINTF),
- DATA(POSIX_SPACE),
-+ DATA(SANDBOX),
- DATA(USAGE)
- };
- #undef DATA
-@@ -389,6 +393,10 @@ process_cmdline(int argc, char **argv)
- posix_space_flag = 1;
- break;
-
-+ case W_SANDBOX:
-+ sandbox_flag = 1;
-+ break;
-+
- case W_RANDOM:
- if (haveValue(optNext)) {
- int x = atoi(optNext + 1);
-diff --git a/man/mawk.1 b/man/mawk.1
-index a3c794167dc9..0915d9d7ed5d 100644
---- a/man/mawk.1
-+++ b/man/mawk.1
-@@ -150,6 +150,10 @@ forces
- \fB\*n\fP
- not to consider '\en' to be space.
- .TP
-+\-\fBW \fRsandbox
-+runs in a restricted mode where system(), input redirection (e.g. getline),
-+output redirection (e.g. print and printf), and pipelines are disabled.
-+.TP
- \-\fBW \fRrandom=\fInum\fR
- calls \fBsrand\fP with the given parameter
- (and overrides the auto-seeding behavior).
-diff --git a/mawk.h b/mawk.h
-index 2d04be1adb34..a6ccc0071ecc 100644
---- a/mawk.h
-+++ b/mawk.h
-@@ -63,7 +63,7 @@ extern int dump_RE;
- #define USE_BINMODE 0
- #endif
-
--extern short posix_space_flag, interactive_flag;
-+extern short posix_space_flag, interactive_flag, sandbox_flag;
-
- /*----------------
- * GLOBAL VARIABLES
-diff --git a/scan.c b/scan.c
-index 3a8fc9181ab8..c1833b8b7315 100644
---- a/scan.c
-+++ b/scan.c
-@@ -455,6 +455,8 @@ yylex(void)
- un_next();
-
- if (getline_flag) {
-+ if (sandbox_flag)
-+ rt_error("redirection not allowed in sandbox mode");
- getline_flag = 0;
- ct_ret(IO_IN);
- } else
-@@ -462,6 +464,8 @@ yylex(void)
-
- case SC_GT: /* '>' */
- if (print_flag && paren_cnt == 0) {
-+ if (sandbox_flag)
-+ rt_error("redirection not allowed in sandbox mode");
- print_flag = 0;
- /* there are 3 types of IO_OUT
- -- build the error string in string_buff */
-@@ -488,6 +492,8 @@ yylex(void)
- un_next();
-
- if (print_flag && paren_cnt == 0) {
-+ if (sandbox_flag)
-+ rt_error("pipe execution not allowed in sandbox mode");
- print_flag = 0;
- yylval.ival = PIPE_OUT;
- string_buff[0] = '|';
---
-2.13.5
-
diff --git a/sys-apps/mawk/mawk-1.3.4_p20190203.ebuild b/sys-apps/mawk/mawk-1.3.4_p20190203-r1.ebuild
index 84b29b099fcf..110cbc7c9a0f 100644
--- a/sys-apps/mawk/mawk-1.3.4_p20190203.ebuild
+++ b/sys-apps/mawk/mawk-1.3.4_p20190203-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -13,7 +13,6 @@ SRC_URI="ftp://ftp.invisible-island.net/mawk/${MY_P}.tgz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="forced-sandbox"
RDEPEND="app-eselect/eselect-awk"
DEPEND="${RDEPEND}"
@@ -22,14 +21,9 @@ S="${WORKDIR}/${MY_P}"
DOCS=( ACKNOWLEDGMENT CHANGES README )
-PATCHES=(
- "${FILESDIR}"/${PN}-1.3.4-sandbox.patch
- "${FILESDIR}"/${PN}-1.3.4-sandbox-default.patch
-)
-
src_configure() {
tc-export BUILD_CC
- econf $(use_enable forced-sandbox)
+ econf
}
src_install() {
diff --git a/sys-apps/mawk/mawk-1.3.4_p20200106.ebuild b/sys-apps/mawk/mawk-1.3.4_p20200106-r1.ebuild
index c0ef9e890ec4..7645505ca1f2 100644
--- a/sys-apps/mawk/mawk-1.3.4_p20200106.ebuild
+++ b/sys-apps/mawk/mawk-1.3.4_p20200106-r1.ebuild
@@ -13,7 +13,6 @@ SRC_URI="https://invisible-mirror.net/archives/${PN}/${MY_P}.tgz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="forced-sandbox"
RDEPEND="app-eselect/eselect-awk"
DEPEND="${RDEPEND}"
@@ -22,14 +21,9 @@ S="${WORKDIR}/${MY_P}"
DOCS=( ACKNOWLEDGMENT CHANGES README )
-PATCHES=(
- "${FILESDIR}"/${PN}-1.3.4-sandbox.patch
- "${FILESDIR}"/${PN}-1.3.4-sandbox-default.patch
-)
-
src_configure() {
tc-export BUILD_CC
- econf $(use_enable forced-sandbox)
+ econf
}
src_install() {
diff --git a/sys-apps/mawk/metadata.xml b/sys-apps/mawk/metadata.xml
index fb5ddc9df936..56c124413057 100644
--- a/sys-apps/mawk/metadata.xml
+++ b/sys-apps/mawk/metadata.xml
@@ -5,7 +5,4 @@
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
-<use>
- <flag name="forced-sandbox">Always enable -W sandbox mode for simpler/secure runtime</flag>
-</use>
</pkgmetadata>