Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-firewall
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2011-06-20 08:26:05 +0000
committerPeter Volkov <pva@gentoo.org>2011-06-20 08:26:05 +0000
commit8067d7526c8d517f7b9bdde3d79ff2052aaf323d (patch)
tree86565079f04ad54ddfd9b5b8f446ca7c6fda2820 /net-firewall
parentx86 stable wrt bug #371763 (diff)
downloadgentoo-2-8067d7526c8d517f7b9bdde3d79ff2052aaf323d.tar.gz
gentoo-2-8067d7526c8d517f7b9bdde3d79ff2052aaf323d.tar.bz2
gentoo-2-8067d7526c8d517f7b9bdde3d79ff2052aaf323d.zip
Fix sandbox violations reported by Marcin Mirosław in byg 371997.
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/xtables-addons/ChangeLog7
-rw-r--r--net-firewall/xtables-addons/files/xtables-addons-1.36-absolute-M.patch32
-rw-r--r--net-firewall/xtables-addons/files/xtables-addons-1.36-kernel-detection.patch13
-rw-r--r--net-firewall/xtables-addons/xtables-addons-1.36.ebuild8
4 files changed, 57 insertions, 3 deletions
diff --git a/net-firewall/xtables-addons/ChangeLog b/net-firewall/xtables-addons/ChangeLog
index 6f22eb53446f..19d50b1079b7 100644
--- a/net-firewall/xtables-addons/ChangeLog
+++ b/net-firewall/xtables-addons/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for net-firewall/xtables-addons
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/xtables-addons/ChangeLog,v 1.17 2011/06/16 13:50:06 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/xtables-addons/ChangeLog,v 1.18 2011/06/20 08:26:05 pva Exp $
+
+ 20 Jun 2011; Peter Volkov <pva@gentoo.org> xtables-addons-1.36.ebuild,
+ +files/xtables-addons-1.36-absolute-M.patch,
+ +files/xtables-addons-1.36-kernel-detection.patch:
+ Fix sandbox violations reported by Marcin Mirosław in byg 371997.
*xtables-addons-1.36 (16 Jun 2011)
diff --git a/net-firewall/xtables-addons/files/xtables-addons-1.36-absolute-M.patch b/net-firewall/xtables-addons/files/xtables-addons-1.36-absolute-M.patch
new file mode 100644
index 000000000000..3dd3b1f86631
--- /dev/null
+++ b/net-firewall/xtables-addons/files/xtables-addons-1.36-absolute-M.patch
@@ -0,0 +1,32 @@
+From 146395e3dac0015850d0fd61f9db206499161e1c Mon Sep 17 00:00:00 2001
+From: Peter Volkov <pva@gentoo.org>
+Date: Mon, 20 Jun 2011 10:50:29 +0400
+Subject: [PATCH] build: use absolute path for M=
+
+Use absolute path for M during checking kernelrelease. This will force
+temporary objects be built in the current directory and not $kbuilddir
+as it happenes with the current kernel scripts/Kbuild.include, where
+e.g. try-run target called with TMPOUT=M=. while at the time it is
+called pwd=$kbuilddir. This should fix sandbox violation (modification
+of files outside build dir) in Gentoo:
+https://bugs.gentoo.org/show_bug.cgi?id=371997
+---
+ configure.ac | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0660eea..6361e48 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -42,7 +42,7 @@ regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
+
+ if test -n "$kbuilddir"; then
+ AC_MSG_CHECKING([kernel version that we will build against])
+- krel="$(make -sC "$kbuilddir" M=. kernelrelease)";
++ krel="$(make -sC "$kbuilddir" M="$(pwd)" kernelrelease)";
+ kmajor="${krel%%[[^0-9]]*}";
+ kmajor="$(($kmajor+0))";
+ krel="${krel:${#kmajor}}";
+--
+1.7.3.4
+
diff --git a/net-firewall/xtables-addons/files/xtables-addons-1.36-kernel-detection.patch b/net-firewall/xtables-addons/files/xtables-addons-1.36-kernel-detection.patch
new file mode 100644
index 000000000000..0d6098eabf81
--- /dev/null
+++ b/net-firewall/xtables-addons/files/xtables-addons-1.36-kernel-detection.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index ff0e171..0660eea 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -65,7 +65,7 @@ if test -n "$kbuilddir"; then
+ echo "WARNING: You are trying a newer kernel. Results may vary. :-)";
+ elif test "$kmajor" -eq 3; then
+ :;
+- elif test "$kmajor" -eq 2 -a "$kminor" -ge 29; then
++ elif test "$kmajor" -eq 2 -a "$kminor" -eq 6 -a "$kmicro" -ge 29; then
+ :;
+ else
+ echo "WARNING: That kernel version is not supported.";
diff --git a/net-firewall/xtables-addons/xtables-addons-1.36.ebuild b/net-firewall/xtables-addons/xtables-addons-1.36.ebuild
index 015baa75581d..381f60e5a551 100644
--- a/net-firewall/xtables-addons/xtables-addons-1.36.ebuild
+++ b/net-firewall/xtables-addons/xtables-addons-1.36.ebuild
@@ -1,9 +1,9 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/xtables-addons/xtables-addons-1.36.ebuild,v 1.1 2011/06/16 13:50:06 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/xtables-addons/xtables-addons-1.36.ebuild,v 1.2 2011/06/20 08:26:05 pva Exp $
EAPI="4"
-inherit eutils linux-info linux-mod multilib
+inherit eutils linux-info linux-mod multilib autotools
DESCRIPTION="extensions not yet accepted in the main kernel/iptables (patch-o-matic(-ng) successor)"
HOMEPAGE="http://xtables-addons.sourceforge.net/"
@@ -107,6 +107,10 @@ XA_get_module_name() {
}
src_prepare() {
+ epatch "${FILESDIR}/${P}-kernel-detection.patch"
+ epatch "${FILESDIR}/${P}-absolute-M.patch"
+ eautoreconf
+
XA_qa_check
XA_has_something_to_build