[gentoo-commits] repo/gentoo:master commit in: sys-devel/bc/files/, sys-devel/bc/

Fri, 17 Jan 2020 08:03:51 -0800 

commit:     6e26b426580233576f8be84d8c26f43776e200fa
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 16 21:03:18 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jan 17 16:02:35 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e26b426

sys-devel/bc: remove sandbox patch

We can pick this up if/when upstream supports it.

Package-Manager: Portage-2.3.84_p2, Repoman-2.3.20_p24
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../{bc-1.07.1-r2.ebuild => bc-1.07.1-r3.ebuild}   |  11 +-
 sys-devel/bc/files/bc-1.07.1-sandbox.patch         | 121 ---------------------
 sys-devel/bc/metadata.xml                          |   3 -
 3 files changed, 2 insertions(+), 133 deletions(-)

diff --git a/sys-devel/bc/bc-1.07.1-r2.ebuild b/sys-devel/bc/bc-1.07.1-r3.ebuild
similarity index 79%
rename from sys-devel/bc/bc-1.07.1-r2.ebuild
rename to sys-devel/bc/bc-1.07.1-r3.ebuild
index 14782c7a397..33e7244ef02 100644
--- a/sys-devel/bc/bc-1.07.1-r2.ebuild
+++ b/sys-devel/bc/bc-1.07.1-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/bc/${P}.tar.gz"
 LICENSE="GPL-2 LGPL-2.1"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv 
~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos 
~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris 
~x86-solaris"
-IUSE="forced-sandbox libedit readline static"
+IUSE="libedit readline static"
 
 RDEPEND="
        !readline? ( libedit? ( dev-libs/libedit:= ) )
@@ -28,7 +28,6 @@ DEPEND="
 "
 
 PATCHES=(
-       "${FILESDIR}/${PN}-1.07.1-sandbox.patch"
        "${FILESDIR}/${PN}-1.07.1-no-ed-its-sed.patch"
 )
 
@@ -37,12 +36,6 @@ src_prepare() {
 
        # Avoid bad build tool usage when cross-compiling.  #627126
        tc-is-cross-compiler && eapply 
"${FILESDIR}/${PN}-1.07.1-use-system-bc.patch"
-
-       # A patch to make this into a configure option has been sent upstream,
-       # but lets avoid regenerating all the autotools just for this.
-       if use forced-sandbox ; then
-               sed -i '/dc_sandbox_enabled = 0/s:0:1:' dc/dc.c || die
-       fi
 }
 
 src_configure() {

diff --git a/sys-devel/bc/files/bc-1.07.1-sandbox.patch 
b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
deleted file mode 100644
index ec5c406645b..00000000000
--- a/sys-devel/bc/files/bc-1.07.1-sandbox.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-this has been sent upstream, but they don't have a mailing list or project site
-to link to.  oh well.
-
-From e641584767c3c7cc1ff544805acc2562fc56cda9 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <[email protected]>
-Date: Mon, 17 Sep 2018 18:57:57 -0400
-Subject: [PATCH 1/2] dc: add a --sandbox option
-
-Other GNU projects (like sed & gawk) have a --sandbox flag whereby
-access to files and system() are disabled.  This allows people to
-run arbitrary scripts without worrying about them "escaping" and
-executing arbitrary commands on the system.
----
- dc/dc.c     | 9 ++++++++-
- dc/dc.h     | 3 +++
- dc/misc.c   | 6 ++++++
- doc/dc.1    | 5 +++++
- doc/dc.texi | 4 ++++
- 5 files changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/dc/dc.c b/dc/dc.c
-index 6a2bb2639235..592a76be71da 100644
---- a/dc/dc.c
-+++ b/dc/dc.c
-@@ -54,6 +54,7 @@
- #endif
- 
- const char *progname; /* basename of program invocation */
-+int dc_sandbox_enabled;       /* whether sandbox mode is enabled */
- 
- static void
- bug_report_info DC_DECLVOID()
-@@ -80,6 +81,7 @@ usage DC_DECLARG((f))
- Usage: %s [OPTION] [file ...]\n\
-   -e, --expression=EXPR    evaluate expression\n\
-   -f, --file=FILE          evaluate contents of file\n\
-+  -S, --sandbox            disable the ! (system) command\n\
-   -h, --help               display this help and exit\n\
-   -V, --version            output version information and exit\n\
- \n\
-@@ -252,6 +254,7 @@ main DC_DECLARG((argc, argv))
-       static struct option const long_opts[] = {
-               {"expression", required_argument, NULL, 'e'},
-               {"file", required_argument, NULL, 'f'},
-+              {"sandbox", no_argument, NULL, 'S'},
-               {"help", no_argument, NULL, 'h'},
-               {"version", no_argument, NULL, 'V'},
-               {NULL, 0, NULL, 0}
-@@ -260,12 +263,13 @@ main DC_DECLARG((argc, argv))
-       int c;
- 
-       progname = r1bindex(*argv, '/');
-+      dc_sandbox_enabled = 0;
-       dc_math_init();
-       dc_string_init();
-       dc_register_init();
-       dc_array_init();
- 
--      while ((c = getopt_long(argc, argv, "hVe:f:", long_opts, (int *)0)) != 
EOF) {
-+      while ((c = getopt_long(argc, argv, "hVe:f:S", long_opts, (int *)0)) != 
EOF) {
-               switch (c) {
-               case 'e':
-                       {       dc_data string = dc_makestring(optarg, 
strlen(optarg));
-@@ -279,6 +283,9 @@ main DC_DECLARG((argc, argv))
-                       try_file(optarg);
-                       did_eval = 1;
-                       break;
-+              case 'S':
-+                      dc_sandbox_enabled = 1;
-+                      break;
-               case 'h':
-                       usage(stdout);
-                       return flush_okay();
-diff --git a/dc/dc.h b/dc/dc.h
-index 6a871ad612a5..a148df467a92 100644
---- a/dc/dc.h
-+++ b/dc/dc.h
-@@ -76,4 +76,7 @@ typedef struct {
- /* This is dc's only global variable: */
- extern const char *progname;  /* basename of program invocation */
- 
-+/* Whether to run in sandbox mode. */
-+extern int dc_sandbox_enabled;
-+
- #endif /* not DC_DEFS_H */
-diff --git a/dc/misc.c b/dc/misc.c
-index cd23602fce32..115be90b03bf 100644
---- a/dc/misc.c
-+++ b/dc/misc.c
-@@ -131,6 +131,12 @@ dc_system DC_DECLARG((s))
-       char *tmpstr;
-       size_t len;
- 
-+      if (dc_sandbox_enabled) {
-+              fprintf(stderr, "%s: ! command disabled in sandbox mode\n",
-+                              progname);
-+              exit(EXIT_FAILURE);
-+      }
-+
-       p = strchr(s, '\n');
-       if (p != NULL) {
-               len = (size_t) (p - s);
-diff --git a/doc/dc.1 b/doc/dc.1
-index 1c666493e00a..7c4b6fffd616 100644
---- a/doc/dc.1
-+++ b/doc/dc.1
-@@ -84,6 +84,11 @@ to the set of commands to be run while processing the input.
- Add the commands contained in the file
- .I script-file
- to the set of commands to be run while processing the input.
-+.TP
-+.B -S
-+.TP
-+.B --sandbox
-+Run in sandbox mode where access to \fB!\fR for the system function.
- .PP
- If any command-line parameters remain after processing the above,
- these parameters are interpreted as the names of input files to
--- 
-2.17.1
-

diff --git a/sys-devel/bc/metadata.xml b/sys-devel/bc/metadata.xml
index 5bdfef6846f..56c12441305 100644
--- a/sys-devel/bc/metadata.xml
+++ b/sys-devel/bc/metadata.xml
@@ -5,7 +5,4 @@
        <email>[email protected]</email>
        <name>Gentoo Base System</name>
 </maintainer>
-<use>
-       <flag name="forced-sandbox">Always enable --sandbox mode for 
simpler/secure runtime (disables the ! command in dc)</flag>
-</use>
 </pkgmetadata>

Reply via email to