diff options
| author |   Martin Jansa <martin.jansa@gmail.com> | 2020-03-06 18:36:46 +0100 |
|---|---|---|
| committer | Martin Jansa <Martin.Jansa@gmail.com> | 2020-06-29 19:33:55 +0200 |
| commit | 5ab1e24fb08515ecc9470d70612993447aa689d7 (patch) | |
| tree | 96e105f230a24b0f3a4247de8c3b7e479bcd0b15 /meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-7212.patch | |
| parent | b7d545c2c5290a68425011112edea84d3f2e6030 (diff) | |
| download | meta-openembedded-contrib-5ab1e24fb08515ecc9470d70612993447aa689d7.tar.gz | |
daemontools: remove native BBCLASSEXTEND
* it was used only to provide chkshsgr which is now replaced with no-op call
since
commit 50d526d06a742fa69ff698d7c2eefffb56e13afa
Author: Khem Raj <raj.khem@gmail.com>
Date: Tue Jan 28 11:28:52 2020 -0800
daemontools: Disable the chkshsgr tests
Running the chkhsgr test during cross compile fails
./chkshsgr || ( cat warn-shsgr; exit 1 )
Oops. Your getgroups() returned 0, and setgroups() failed; this means
that I can't reliably do my shsgr test. Please either ``make'' as root
or ``make'' while you're in one or more supplementary groups.
All OE based targets have working getgroups()/setgroups()
implementation, so its a safe assumption and therefore make the test
to be a dummy
* the native chkshsgr from daemontools-native was actually being
called only because of this chunk of cross-compile.patch:
- ./chkshsgr || ( cat warn-shsgr; exit 1 )
+ chkshsgr || ( cat warn-shsgr; exit 1 )
but all chkshsgr does is:
short x[4];
x[0] = x[1] = 0;
if (getgroups(1,x) == 0) if (setgroups(1,x) == -1) _exit(1);
_exit(0);
which running on host system, doesn't say anything useful about the
cross compile target, so it's easier to just remove the call in
cross-compile.patch and simplify all this nonsense
* I came across this because daemontools-native was failing for me
in "bitbake world" with zeus, which might be the same case as what
Khem was seeing - just the final commit message doesn't reflect that
* daemontools-native fails to build without the above commit in
zeus as well, when building inside docker container where my
build user is in fewer groups (just 1) so the
getgroups(1,x) call doesn't fail, but on more average OS the
user will be in more than 4 groups and
getgroups(1,x) would fail with errno 22 EINVAL
- so setgroups isn't even called to return 1 error when chkshsgr is called
http://man7.org/linux/man-pages/man2/setgroups.2.html
If the calling process is a member of more than size
supplementary groups, then an error results.
if I increase the size of x enough for x to hold all groups, then setgroups
will fail with errno 1 EPERM, which is the same error as shown
under docker container where getgroups doesn't fail, because
in both cases I'm using unprivileged user for builds
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-urllib3/CVE-2020-7212.patch')
0 files changed, 0 insertions, 0 deletions