diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-14 10:07:33 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-14 10:09:56 +0100 |
commit | 949214761998a93fc6b8b009f1cdad0db3bfa5db (patch) | |
tree | b1d6fca24e961f6931f3ca4094d0245663600def /meta | |
parent | 3e8ade8c0772c4492efd93824f78cb043281d235 (diff) | |
download | openembedded-core-949214761998a93fc6b8b009f1cdad0db3bfa5db.tar.gz openembedded-core-949214761998a93fc6b8b009f1cdad0db3bfa5db.tar.bz2 openembedded-core-949214761998a93fc6b8b009f1cdad0db3bfa5db.zip |
pseudo: Backport two upstream fixes
Backport fixes from pseudo master for an acl issue and more importantly, a segfault
issue with bash which can be triggered by the recent useradd changes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
3 files changed, 149 insertions, 0 deletions
diff --git a/meta/recipes-devtools/pseudo/files/b6b68db896f9963558334aff7fca61adde4ec10f.patch b/meta/recipes-devtools/pseudo/files/b6b68db896f9963558334aff7fca61adde4ec10f.patch new file mode 100644 index 0000000000..3045a3b736 --- /dev/null +++ b/meta/recipes-devtools/pseudo/files/b6b68db896f9963558334aff7fca61adde4ec10f.patch @@ -0,0 +1,48 @@ +From b6b68db896f9963558334aff7fca61adde4ec10f Mon Sep 17 00:00:00 2001 +From: Seebs <seebs@seebs.net> +Date: Thu, 13 Apr 2017 18:12:01 -0500 +Subject: Prevent bash from segfaulting when unloading pseudo + +bash's extremely fancy internal awareness of how the environment looks +means that, if you directly call the underlying libc "unsetenv" on +a variable, bash can end up trying to access a null pointer. Fixing +this generically is actually rather hard; you can't really avoid +writing to environ on fork() or popen(), even if you change all +execv*() functions to use the execv*e() variants. So for now, instead +of unsetting the variable, set it to an empty string. + +Thanks to Saur in IRC for spotting this and helping debug it. + +Signed-off-by: Seebs <seebs@seebs.net> + +Upstream-Status: Backport + +diff --git a/ChangeLog.txt b/ChangeLog.txt +index a2d30e9..8ba1ffa 100644 +--- a/ChangeLog.txt ++++ b/ChangeLog.txt +@@ -1,3 +1,8 @@ ++2017-04-13: ++ * (seebs) don't unset LD_PRELOAD or the like, because if you ++ do that, bash can segfault because it "knows" how many ++ fields are in environ. ++ + 2017-02-24: + * (seebs) import posix_acl_default fix from Anton Gerasimov + <anton@advancedtelematic.com> +diff --git a/pseudo_util.c b/pseudo_util.c +index 172990b..6a1fac2 100644 +--- a/pseudo_util.c ++++ b/pseudo_util.c +@@ -844,7 +844,7 @@ void pseudo_dropenv() { + if (ld_preload && strlen(ld_preload)) { + SETENV(PRELINK_LIBRARIES, ld_preload, 1); + } else { +- UNSETENV(PRELINK_LIBRARIES); ++ SETENV(PRELINK_LIBRARIES, "", 1); + } + } + } +-- +cgit v0.10.2 + diff --git a/meta/recipes-devtools/pseudo/files/efe0be279901006f939cd357ccee47b651c786da.patch b/meta/recipes-devtools/pseudo/files/efe0be279901006f939cd357ccee47b651c786da.patch new file mode 100644 index 0000000000..64fc58c4fe --- /dev/null +++ b/meta/recipes-devtools/pseudo/files/efe0be279901006f939cd357ccee47b651c786da.patch @@ -0,0 +1,99 @@ +From efe0be279901006f939cd357ccee47b651c786da Mon Sep 17 00:00:00 2001 +From: Seebs <seebs@seebs.net> +Date: Fri, 24 Feb 2017 12:47:38 -0600 +Subject: Don't try to record 0-length posix_acl_default xattrs + +Based on a submission from Anton Gerasimov <anton@advancedtelematic.com> + +On some systems, with some kernel configs, "cp -a" apparently tries to +set an empty ACL list, with a valid header but no contents, which causes +strange and mysterious behavior later if we actually create such an entry. +So filter that out, also sanity-check a couple of other things. + +Signed-off-by: Seebs <seebs@seebs.net> + +Upstream-Status: Backport + +diff --git a/ChangeLog.txt b/ChangeLog.txt +index ae2a6e9..a2d30e9 100644 +--- a/ChangeLog.txt ++++ b/ChangeLog.txt +@@ -1,3 +1,6 @@ ++2017-02-24: ++ * (seebs) import posix_acl_default fix from Anton Gerasimov ++ <anton@advancedtelematic.com> + 2017-02-01: + * (seebs) handle xattr deletion slightly more carefully. + * (seebs) tag this as 1.8.2 +diff --git a/ports/linux/xattr/pseudo_wrappers.c b/ports/linux/xattr/pseudo_wrappers.c +index 46bc053..d69d53e 100644 +--- a/ports/linux/xattr/pseudo_wrappers.c ++++ b/ports/linux/xattr/pseudo_wrappers.c +@@ -62,9 +62,9 @@ static int + posix_permissions(const acl_header *header, int entries, int *extra, int *mode) { + int acl_seen = 0; + if (le32(header->version) != 2) { +- pseudo_diag("Fatal: ACL support no available for header version %d.\n", ++ pseudo_diag("Fatal: ACL support not available for header version %d.\n", + le32(header->version)); +- return 1; ++ return -1; + } + *mode = 0; + *extra = 0; +@@ -140,12 +140,38 @@ static int shared_setxattr(const char *path, int fd, const char *name, const voi + pseudo_debug(PDBGF_XATTR, "setxattr(%s [fd %d], %s => '%.*s')\n", + path ? path : "<no path>", fd, name, (int) size, (char *) value); + ++ /* Filter out erroneous sizes for POSIX ACL ++ * see posix_acl_xattr_count in include/linux/posix_acl_xattr.h of Linux source code */ ++ /* I don't think there's any posix_acl_* values that aren't in this format */ ++ if (!strncmp(name, "system.posix_acl_", 17)) { ++ // ACL is corrupt, issue an error ++ if(size < sizeof(acl_header) || (size - sizeof(acl_header)) % sizeof(acl_entry) != 0) { ++ pseudo_debug(PDBGF_XATTR, "invalid data size for %s: %d\n", ++ name, (int) size); ++ errno = EINVAL; ++ return -1; ++ } ++ ++ // ACL is empty, do nothing ++ if((size - sizeof(acl_header)) / sizeof(acl_entry) == 0) { ++ /* on some systems, "cp -a" will attempt to clone the ++ * posix_acl_default entry for a directory (which would specify ++ * default ACLs for new files in that directory), but if the ++ * original was empty, we get a header but no entries. With ++ * real xattr, that ends up being silently discarded, apparently, ++ * so we discard it too. ++ */ ++ pseudo_debug(PDBGF_XATTR, "0-length ACL entry %s.\n", name); ++ return 0; ++ } ++ } + /* this may be a plain chmod */ + if (!strcmp(name, "system.posix_acl_access")) { + int extra; + int mode; + int entries = (size - sizeof(acl_header)) / sizeof(acl_entry); +- if (!posix_permissions(value, entries, &extra, &mode)) { ++ int res = posix_permissions(value, entries, &extra, &mode); ++ if (res == 0) { + pseudo_debug(PDBGF_XATTR, "posix_acl_access translated to mode %04o. Remaining attribute(s): %d.\n", + mode, extra); + buf.st_mode = mode; +@@ -164,8 +190,12 @@ static int shared_setxattr(const char *path, int fd, const char *name, const voi + if (!extra) { + return 0; + } ++ } else if (res == -1) { ++ errno = EOPNOTSUPP; ++ return -1; + } + } ++ + if (!strcmp(name, "user.pseudo_data")) { + pseudo_debug(PDBGF_XATTR | PDBGF_XATTRDB, "user.pseudo_data xattribute does not get to go in database.\n"); + return -1; +-- +cgit v0.10.2 + diff --git a/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb index 9e0213a9e0..b427b9ac3c 100644 --- a/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb +++ b/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb @@ -5,6 +5,8 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/pseudo/${BPN}-${PV}.tar.bz file://fallback-passwd \ file://fallback-group \ file://moreretries.patch \ + file://efe0be279901006f939cd357ccee47b651c786da.patch \ + file://b6b68db896f9963558334aff7fca61adde4ec10f.patch \ " SRC_URI[md5sum] = "7d41e72188fbea1f696c399c1a435675" |