diff options
Diffstat (limited to 'meta/recipes-core/libcgroup')
4 files changed, 33 insertions, 318 deletions
diff --git a/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch b/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch deleted file mode 100644 index d133703dec..0000000000 --- a/meta/recipes-core/libcgroup/libcgroup/CVE-2018-14348.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001 -From: Michal Hocko <mhocko@suse.com> -Date: Wed, 18 Jul 2018 11:24:29 +0200 -Subject: [PATCH] cgrulesengd: remove umask(0) - -One of our partners has noticed that cgred daemon is creating a log file -(/var/log/cgred) with too wide permissions (0666) and that is seen as -a security bug because an untrusted user can write to otherwise -restricted area. CVE-2018-14348 has been assigned to this issue. - -CVE: CVE-2018-14348 -Upstream-Status: Backport [https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590] - -Signed-off-by: Michal Hocko <mhocko@suse.com> -Acked-by: Balbir Singh <bsingharora@gmail.com> -Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> ---- - src/daemon/cgrulesengd.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c -index ea51f11..0d288f3 100644 ---- a/src/daemon/cgrulesengd.c -+++ b/src/daemon/cgrulesengd.c -@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf, - } else if (pid > 0) { - exit(EXIT_SUCCESS); - } -- -- /* Change the file mode mask. */ -- umask(0); - } else { - flog(LOG_DEBUG, "Not using daemon mode\n"); - pid = getpid(); --- -2.13.3 - diff --git a/meta/recipes-core/libcgroup/libcgroup/musl-decls-compat.patch b/meta/recipes-core/libcgroup/libcgroup/musl-decls-compat.patch deleted file mode 100644 index 65f4ef9a55..0000000000 --- a/meta/recipes-core/libcgroup/libcgroup/musl-decls-compat.patch +++ /dev/null @@ -1,235 +0,0 @@ -commit ca780b4f7f71abeeb04a585f2a4d889caaa985fa -Author: Isaac Dunham <ibid.ag@gmail.com> -Date: Fri Sep 5 22:35:32 2014 -0700 - - Remove __.*DECLS nonsense - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: libcgroup-0.41/include/libcgroup/config.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/config.h -+++ libcgroup-0.41/include/libcgroup/config.h -@@ -9,7 +9,9 @@ - #include <features.h> - #endif - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** - * @defgroup group_config 5. Configuration -@@ -107,6 +109,8 @@ int cgroup_config_create_template_group( - * @} - * @} - */ --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /*_LIBCGROUP_CONFIG_H*/ -Index: libcgroup-0.41/include/libcgroup/error.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/error.h -+++ libcgroup-0.41/include/libcgroup/error.h -@@ -9,7 +9,9 @@ - #include <features.h> - #endif - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** - * @defgroup group_errors 6. Error handling -@@ -99,6 +101,8 @@ int cgroup_get_last_errno(void); - * @} - * @} - */ --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _LIBCGROUP_INIT_H */ -Index: libcgroup-0.41/include/libcgroup/groups.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/groups.h -+++ libcgroup-0.41/include/libcgroup/groups.h -@@ -11,7 +11,9 @@ - #include <stdbool.h> - #endif - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** - * Flags for cgroup_delete_cgroup_ext(). -@@ -577,6 +579,8 @@ char *cgroup_get_cgroup_name(struct cgro - */ - - --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _LIBCGROUP_GROUPS_H */ -Index: libcgroup-0.41/include/libcgroup/init.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/init.h -+++ libcgroup-0.41/include/libcgroup/init.h -@@ -9,7 +9,9 @@ - #include <features.h> - #endif - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** - * @defgroup group_init 1. Initialization -@@ -58,6 +60,8 @@ int cgroup_get_subsys_mount_point(const - * @} - * @} - */ --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _LIBCGROUP_INIT_H */ -Index: libcgroup-0.41/include/libcgroup/iterators.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/iterators.h -+++ libcgroup-0.41/include/libcgroup/iterators.h -@@ -11,7 +11,9 @@ - #include <features.h> - #endif - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** - * @defgroup group_iterators 3. Iterators -@@ -423,6 +425,8 @@ int cgroup_get_subsys_mount_point_end(vo - * @} - */ - --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _LIBCGROUP_ITERATORS_H */ -Index: libcgroup-0.41/include/libcgroup/tasks.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/tasks.h -+++ libcgroup-0.41/include/libcgroup/tasks.h -@@ -12,7 +12,9 @@ - #include <stdbool.h> - #endif - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** Flags for cgroup_change_cgroup_uid_gid(). */ - enum cgflags { -@@ -204,6 +206,8 @@ int cgroup_register_unchanged_process(pi - * @} - * @} - */ --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _LIBCGROUP_TASKS_H */ -Index: libcgroup-0.41/src/daemon/cgrulesengd.h -=================================================================== ---- libcgroup-0.41.orig/src/daemon/cgrulesengd.h -+++ libcgroup-0.41/src/daemon/cgrulesengd.h -@@ -17,7 +17,9 @@ - - #include <features.h> - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - #include "config.h" - #include "libcgroup.h" -@@ -119,7 +121,9 @@ void cgre_flash_templates(int signum); - */ - void cgre_catch_term(int signum); - --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _CGRULESENGD_H */ - -Index: libcgroup-0.41/src/libcgroup-internal.h -=================================================================== ---- libcgroup-0.41.orig/src/libcgroup-internal.h -+++ libcgroup-0.41/src/libcgroup-internal.h -@@ -16,7 +16,9 @@ - - #define __LIBCG_INTERNAL - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - #include "config.h" - #include <fts.h> -@@ -279,6 +281,8 @@ extern void cgroup_dictionary_iterator_e - */ - int cg_chmod_path(const char *path, mode_t mode, int owner_is_umask); - --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif -Index: libcgroup-0.41/include/libcgroup/log.h -=================================================================== ---- libcgroup-0.41.orig/include/libcgroup/log.h -+++ libcgroup-0.41/include/libcgroup/log.h -@@ -11,7 +11,9 @@ - - #include <stdarg.h> - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /** - * @defgroup group_log 7. Logging -@@ -142,6 +144,8 @@ extern int cgroup_parse_log_level_str(co - * @} - * @} - */ --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* _LIBCGROUP_LOG_H */ diff --git a/meta/recipes-core/libcgroup/libcgroup_0.41.bb b/meta/recipes-core/libcgroup/libcgroup_0.41.bb deleted file mode 100644 index 92d7261b0d..0000000000 --- a/meta/recipes-core/libcgroup/libcgroup_0.41.bb +++ /dev/null @@ -1,46 +0,0 @@ -SUMMARY = "Linux control group abstraction library" -HOMEPAGE = "http://libcg.sourceforge.net/" -DESCRIPTION = "libcgroup is a library that abstracts the control group file system \ -in Linux. Control groups allow you to limit, account and isolate resource usage \ -(CPU, memory, disk I/O, etc.) of groups of processes." -SECTION = "libs" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1" - -inherit autotools pkgconfig - -DEPENDS = "bison-native flex-native" - -SRC_URI = "${SOURCEFORGE_MIRROR}/project/libcg/${BPN}/v0.41/${BPN}-${PV}.tar.bz2 \ - file://CVE-2018-14348.patch" -SRC_URI_append_libc-musl = " file://musl-decls-compat.patch" - -SRC_URI[md5sum] = "3dea9d50b8a5b73ff0bf1cdcb210f63f" -SRC_URI[sha256sum] = "e4e38bdc7ef70645ce33740ddcca051248d56b53283c0dc6d404e17706f6fb51" - -UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libcg/files/libcgroup/" - -DEPENDS_append_libc-musl = " fts " -EXTRA_OEMAKE_append_libc-musl = " LIBS=-lfts" - -PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG[pam] = "--enable-pam-module-dir=${base_libdir}/security --enable-pam=yes,--enable-pam=no,libpam" - -PACKAGES =+ "cgroups-pam-plugin" -FILES_cgroups-pam-plugin = "${base_libdir}/security/pam_cgroup.so*" -FILES_${PN}-dev += "${base_libdir}/security/*.la" - -do_install_append() { - # Moving libcgroup to base_libdir - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mkdir -p ${D}/${base_libdir}/ - mv -f ${D}${libdir}/libcgroup.so.* ${D}${base_libdir}/ - rm -f ${D}${libdir}/libcgroup.so - lnr ${D}${base_libdir}/libcgroup.so.1 ${D}${libdir}/libcgroup.so - fi - # pam modules in ${base_libdir}/security/ should be binary .so files, not symlinks. - if [ -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ]; then - mv -f ${D}${base_libdir}/security/pam_cgroup.so.0.0.0 ${D}${base_libdir}/security/pam_cgroup.so - rm -f ${D}${base_libdir}/security/pam_cgroup.so.* - fi -} diff --git a/meta/recipes-core/libcgroup/libcgroup_2.0.1.bb b/meta/recipes-core/libcgroup/libcgroup_2.0.1.bb new file mode 100644 index 0000000000..857a4e86fd --- /dev/null +++ b/meta/recipes-core/libcgroup/libcgroup_2.0.1.bb @@ -0,0 +1,33 @@ +SUMMARY = "Linux control group abstraction library" +HOMEPAGE = "http://libcg.sourceforge.net/" +DESCRIPTION = "libcgroup is a library that abstracts the control group file system \ +in Linux. Control groups allow you to limit, account and isolate resource usage \ +(CPU, memory, disk I/O, etc.) of groups of processes." +SECTION = "libs" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1" + +inherit autotools pkgconfig + +DEPENDS = "bison-native flex-native" + +SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz" + +SRC_URI[sha256sum] = "2dd9c566a90a053e7a5f47607e225648ba7aa9bb7763514dd4778e2ed530fe90" +UPSTREAM_CHECK_URI = "https://github.com/libcgroup/libcgroup/releases/" + +DEPENDS:append:libc-musl = " fts " +EXTRA_OEMAKE:append:libc-musl = " LIBS=-lfts" + +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG[pam] = "--enable-pam-module-dir=${base_libdir}/security --enable-pam=yes,--enable-pam=no,libpam" + +PACKAGES =+ "cgroups-pam-plugin" +FILES:cgroups-pam-plugin = "${base_libdir}/security/pam_cgroup.so*" +FILES:${PN}-dev += "${base_libdir}/security/*.la" +FILES:${PN}-staticdev += "${base_libdir}/security/pam_cgroup.a" + +do_install:append() { + # Until we ship the test suite, this library isn't useful + rm -f ${D}${libdir}/libcgroupfortesting.* +} |