musl compilation has been broken since systemd: fix CVE-2018-6954. Fixing this
by placing #ifdef for glob definition.
Signed-off-by: Sinan Kaya <ok...@kernel.org>
---
.../systemd/0002-Make-tmpfiles-safe.patch | 88 +++++++++++--------
1 file changed, 51 insertions(+), 37 deletions(-)
diff --git a/meta/recipes-core/systemd/systemd/0002-Make-tmpfiles-safe.patch
b/meta/recipes-core/systemd/systemd/0002-Make-tmpfiles-safe.patch
index 80d27c141b7..bc0a5b123d7 100644
--- a/meta/recipes-core/systemd/systemd/0002-Make-tmpfiles-safe.patch
+++ b/meta/recipes-core/systemd/systemd/0002-Make-tmpfiles-safe.patch
@@ -1,4 +1,4 @@
-From fb95c890cf5116e698347c6a7bb3daeeb2d28cf9 Mon Sep 17 00:00:00 2001
+From 218b6fa682084860f649e79fe32d055bd624523a Mon Sep 17 00:00:00 2001
From: George McCollister <george.mccollis...@gmail.com>
Date: Thu, 21 Feb 2019 18:04:37 -0600
Subject: [PATCH] Make tmpfiles safe
@@ -21,6 +21,10 @@ CVE: CVE-2018-6954
Upstream-Status: Backport
Signed-off-by: George McCollister <george.mccollis...@gmail.com>
+[okaya:Fix musl compilation]
+Signed-off-by: Sinan Kaya <ok...@kernel.org>
+
+%% original patch: 0002-Make-tmpfiles-safe.patch
---
src/basic/btrfs-util.c | 26 +-
src/basic/btrfs-util.h | 1 +
@@ -33,18 +37,18 @@ Signed-off-by: George McCollister
<george.mccollis...@gmail.com>
src/basic/mkdir.h | 1 +
src/basic/path-util.c | 5 +-
src/basic/path-util.h | 4 +
- src/basic/selinux-util.c | 84 +++--
+ src/basic/selinux-util.c | 84 +++-
src/basic/selinux-util.h | 1 +
- src/basic/smack-util.c | 119 +++++--
+ src/basic/smack-util.c | 119 ++++--
src/basic/smack-util.h | 1 +
src/basic/stat-util.c | 11 +
src/basic/stat-util.h | 1 +
src/test/test-fs-util.c | 25 ++
- src/tmpfiles/tmpfiles.c | 902 ++++++++++++++++++++++++++++++++---------------
- 19 files changed, 882 insertions(+), 357 deletions(-)
+ src/tmpfiles/tmpfiles.c | 904 ++++++++++++++++++++++++++-------------
+ 19 files changed, 884 insertions(+), 357 deletions(-)
diff --git a/src/basic/btrfs-util.c b/src/basic/btrfs-util.c
-index 19d385ab7c..26b088f52b 100644
+index 19d385ab7..26b088f52 100644
--- a/src/basic/btrfs-util.c
+++ b/src/basic/btrfs-util.c
@@ -150,8 +150,25 @@ int btrfs_is_subvol(const char *path) {
@@ -89,7 +93,7 @@ index 19d385ab7c..26b088f52b 100644
int btrfs_subvol_set_read_only_fd(int fd, bool b) {
diff --git a/src/basic/btrfs-util.h b/src/basic/btrfs-util.h
-index 952b3c26da..e92687bc57 100644
+index 952b3c26d..e92687bc5 100644
--- a/src/basic/btrfs-util.h
+++ b/src/basic/btrfs-util.h
@@ -84,6 +84,7 @@ int btrfs_resize_loopback_fd(int fd, uint64_t size, bool
grow_only);
@@ -101,7 +105,7 @@ index 952b3c26da..e92687bc57 100644
int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path,
BtrfsSnapshotFlags flags);
int btrfs_subvol_snapshot(const char *old_path, const char *new_path,
BtrfsSnapshotFlags flags);
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
-index 26d6174664..1c7e23332f 100644
+index 26d617466..1c7e23332 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -1304,7 +1304,10 @@ int tempfn_random_child(const char *p, const char
*extra, char **ret) {
@@ -117,7 +121,7 @@ index 26d6174664..1c7e23332f 100644
u = random_u64();
for (i = 0; i < 16; i++) {
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
-index a8e50d4c78..c96a8813ea 100644
+index a8e50d4c7..c96a8813e 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -465,6 +465,31 @@ int mkfifo_atomic(const char *path, mode_t mode) {
@@ -162,7 +166,7 @@ index a8e50d4c78..c96a8813ea 100644
_cleanup_free_ char *destination = NULL;
diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h
-index 9c4b02eccd..121345e74d 100644
+index 9c4b02ecc..121345e74 100644
--- a/src/basic/fs-util.h
+++ b/src/basic/fs-util.h
@@ -80,6 +80,7 @@ int symlink_idempotent(const char *from, const char *to);
@@ -182,7 +186,7 @@ index 9c4b02eccd..121345e74d 100644
int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret);
diff --git a/src/basic/label.h b/src/basic/label.h
-index d73dacec4f..3ecfed72c6 100644
+index d73dacec4..3ecfed72c 100644
--- a/src/basic/label.h
+++ b/src/basic/label.h
@@ -26,6 +26,7 @@
@@ -194,7 +198,7 @@ index d73dacec4f..3ecfed72c6 100644
int btrfs_subvol_make_label(const char *path);
diff --git a/src/basic/mkdir-label.c b/src/basic/mkdir-label.c
-index 6f3a46f467..3c1a227bfa 100644
+index 6f3a46f46..3c1a227bf 100644
--- a/src/basic/mkdir-label.c
+++ b/src/basic/mkdir-label.c
@@ -47,6 +47,23 @@ int mkdir_label(const char *path, mode_t mode) {
@@ -222,7 +226,7 @@ index 6f3a46f467..3c1a227bfa 100644
return mkdir_safe_internal(path, mode, uid, gid, follow_symlink,
mkdir_label);
}
diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c
-index d51518a5a7..418945ad4a 100644
+index d51518a5a..418945ad4 100644
--- a/src/basic/mkdir.c
+++ b/src/basic/mkdir.c
@@ -77,6 +77,12 @@ int mkdir_errno_wrapper(const char *pathname, mode_t mode)
{
@@ -239,7 +243,7 @@ index d51518a5a7..418945ad4a 100644
return mkdir_safe_internal(path, mode, uid, gid, follow_symlink,
mkdir_errno_wrapper);
}
diff --git a/src/basic/mkdir.h b/src/basic/mkdir.h
-index d6c2d579a3..3ec6f3ed2d 100644
+index d6c2d579a..3ec6f3ed2 100644
--- a/src/basic/mkdir.h
+++ b/src/basic/mkdir.h
@@ -24,6 +24,7 @@
@@ -251,7 +255,7 @@ index d6c2d579a3..3ec6f3ed2d 100644
int mkdir_parents(const char *path, mode_t mode);
int mkdir_p(const char *path, mode_t mode);
diff --git a/src/basic/path-util.c b/src/basic/path-util.c
-index df94629385..84404f7ee1 100644
+index df9462938..84404f7ee 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -127,10 +127,7 @@ int path_make_absolute_cwd(const char *p, char **ret) {
@@ -267,7 +271,7 @@ index df94629385..84404f7ee1 100644
if (!c)
return -ENOMEM;
diff --git a/src/basic/path-util.h b/src/basic/path-util.h
-index 89c285e076..1094baca12 100644
+index 89c285e07..1094baca1 100644
--- a/src/basic/path-util.h
+++ b/src/basic/path-util.h
@@ -156,3 +156,7 @@ static inline const char *skip_dev_prefix(const char *p) {
@@ -279,7 +283,7 @@ index 89c285e076..1094baca12 100644
+}
+
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
-index 0c6e99b1d7..bdef7d148b 100644
+index 0c6e99b1d..bdef7d148 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -34,6 +34,7 @@
@@ -402,7 +406,7 @@ index 0c6e99b1d7..bdef7d148b 100644
void mac_selinux_create_file_clear(void) {
diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
-index 9780dca81e..84a8bf9729 100644
+index 9780dca81..84a8bf972 100644
--- a/src/basic/selinux-util.h
+++ b/src/basic/selinux-util.h
@@ -41,6 +41,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const
char *exe, const char *
@@ -414,7 +418,7 @@ index 9780dca81e..84a8bf9729 100644
int mac_selinux_create_socket_prepare(const char *label);
diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
-index f0018f013f..ea0af3e45f 100644
+index f0018f013..ea0af3e45 100644
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@@ -21,18 +21,21 @@
@@ -593,7 +597,7 @@ index f0018f013f..ea0af3e45f 100644
return 0;
}
diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h
-index e4d46d7736..0c214bbbc0 100644
+index e4d46d773..0c214bbbc 100644
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@@ -44,6 +44,7 @@ typedef enum SmackAttr {
@@ -605,7 +609,7 @@ index e4d46d7736..0c214bbbc0 100644
const char* smack_attr_to_string(SmackAttr i) _const_;
SmackAttr smack_attr_from_string(const char *s) _pure_;
diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c
-index 3a54103f1b..801889ae5b 100644
+index 3a54103f1..801889ae5 100644
--- a/src/basic/stat-util.c
+++ b/src/basic/stat-util.c
@@ -63,6 +63,17 @@ int is_dir(const char* path, bool follow) {
@@ -627,7 +631,7 @@ index 3a54103f1b..801889ae5b 100644
struct stat info;
diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h
-index d8d3c20496..7ea68abfa3 100644
+index d8d3c2049..7ea68abfa 100644
--- a/src/basic/stat-util.h
+++ b/src/basic/stat-util.h
@@ -31,6 +31,7 @@
@@ -639,7 +643,7 @@ index d8d3c20496..7ea68abfa3 100644
int dir_is_empty(const char *path);
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
-index 9f3a500080..a76d6d0f8b 100644
+index 9f3a50008..a76d6d0f8 100644
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@@ -40,6 +40,7 @@ static void test_chase_symlinks(void) {
@@ -682,7 +686,7 @@ index 9f3a500080..a76d6d0f8b 100644
}
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
-index 613d418eb3..d59ccbaa39 100644
+index 613d418eb..8d1ab0767 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -794,6 +794,7 @@ static bool hardlink_vulnerable(struct stat *st) {
@@ -1064,16 +1068,16 @@ index 613d418eb3..d59ccbaa39 100644
+ log_error("Cannot create file %s on a read-only
file system.", path);
+ return -EROFS;
+ }
-
-- fd = safe_close(fd);
++
+ return log_error_errno(errno, "Failed to re-open file %s:
%m", path);
+ }
--done:
-- if (stat(path, &st) < 0)
+- fd = safe_close(fd);
+ erofs = true;
+ }
-+
+
+-done:
+- if (stat(path, &st) < 0)
+ if (fstat(fd, &stbuf) < 0)
return log_error_errno(errno, "stat(%s) failed: %m", path);
@@ -1489,7 +1493,17 @@ index 613d418eb3..d59ccbaa39 100644
else
q = -errno;
-@@ -1406,7 +1910,6 @@ static int glob_item_recursively(Item *i, fdaction_t action) {
+@@ -1395,7 +1899,9 @@ static int glob_item(Item *i, action_t action) {
+
+ static int glob_item_recursively(Item *i, fdaction_t action) {
+ _cleanup_globfree_ glob_t g = {
++#ifdef GLOB_ALTDIRFUNC
+ .gl_opendir = (void *(*)(const char *)) opendir_nomod,
++#endif
+ };
+ int r = 0, k;
+ char **fn;
+@@ -1406,7 +1912,6 @@ static int glob_item_recursively(Item *i, fdaction_t
action) {
STRV_FOREACH(fn, g.gl_pathv) {
_cleanup_close_ int fd = -1;
@@ -1497,7 +1511,7 @@ index 613d418eb3..d59ccbaa39 100644
/* Make sure we won't trigger/follow file object (such as
* device nodes, automounts, ...) pointed out by 'fn' with
-@@ -1419,12 +1922,7 @@ static int glob_item_recursively(Item *i, fdaction_t
action) {
+@@ -1419,12 +1924,7 @@ static int glob_item_recursively(Item *i, fdaction_t
action) {
continue;
}
@@ -1511,7 +1525,7 @@ index 613d418eb3..d59ccbaa39 100644
if (k < 0 && r == 0)
r = k;
-@@ -1435,27 +1933,9 @@ static int glob_item_recursively(Item *i, fdaction_t action) {
+@@ -1435,27 +1935,9 @@ static int glob_item_recursively(Item *i, fdaction_t
action) {
return r;
}
@@ -1540,7 +1554,7 @@ index 613d418eb3..d59ccbaa39 100644
assert(i);
-@@ -1470,51 +1950,31 @@ static int create_item(Item *i) {
+@@ -1470,51 +1952,31 @@ static int create_item(Item *i) {
return 0;
case CREATE_FILE:
@@ -1602,7 +1616,7 @@ index 613d418eb3..d59ccbaa39 100644
break;
case WRITE_FILE:
-@@ -1526,132 +1986,39 @@ static int create_item(Item *i) {
+@@ -1526,132 +1988,39 @@ static int create_item(Item *i) {
case CREATE_DIRECTORY:
case TRUNCATE_DIRECTORY:
@@ -1750,7 +1764,7 @@ index 613d418eb3..d59ccbaa39 100644
break;
}
-@@ -1704,9 +2071,7 @@ static int create_item(Item *i) {
+@@ -1704,9 +2073,7 @@ static int create_item(Item *i) {
}
case CREATE_BLOCK_DEVICE:
@@ -1761,7 +1775,7 @@ index 613d418eb3..d59ccbaa39 100644
if (have_effective_cap(CAP_MKNOD) == 0) {
/* In a container we lack CAP_MKNOD. We
shouldn't attempt to create the device node in
-@@ -1720,60 +2085,11 @@ static int create_item(Item *i) {
+@@ -1720,60 +2087,11 @@ static int create_item(Item *i) {
RUN_WITH_UMASK(0000)
(void) mkdir_parents_label(i->path, 0755);
@@ -1824,5 +1838,5 @@ index 613d418eb3..d59ccbaa39 100644
case ADJUST_MODE:
case RELABEL_PATH:
--
-2.11.0
+2.21.0
