packages/glibc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!42 Disable warnings due to deprecated libselinux symbols used by nss and nscd

Browse Source 
Merge pull request !42 from wswsamao/mymaster
This commit is contained in:
openeuler-ci-bot 2020-07-25 16:34:12 +08:00 committed by Gitee
commit b991e5dd47
2 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
Disable-warnings-due-to-deprecated-libselinux-symbol.patch Normal file
View File

@ -0,0 +1,104 @@
From 04726be814c6fd6d9cf974e15d684dd3ac1a180e Mon Sep 17 00:00:00 2001
From: Arjun Shankar <arjun@redhat.com>
Date: Thu, 23 Jul 2020 12:20:38 +0200
Subject: [PATCH] Disable warnings due to deprecated libselinux symbols used by
nss and nscd
The SELinux API deprecated several symbols in its 3.1 release, including
security_context_t, matchpathcon, avc_init, and sidput, which are used in
makedb and nscd. While the usage of these should eventually be replaced by
newer interfaces, this commit disables GCC warnings due to the use of the
above symbols.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>
---
nscd/selinux.c | 15 +++++++++++++++
nss/makedb.c | 9 +++++++++
2 files changed, 24 insertions(+)
diff --git a/nscd/selinux.c b/nscd/selinux.c
index a4ea8008e2..1ebf924826 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -33,6 +33,7 @@
#ifdef HAVE_LIBAUDIT
# include <libaudit.h>
#endif
+#include <libc-diag.h>
#include "dbg_log.h"
#include "selinux.h"
@@ -320,6 +321,12 @@ avc_free_lock (void *lock)
}
+/* avc_init (along with several other symbols) was marked as deprecated by the
+ SELinux API starting from version 3.1. We use it here, but should
+ eventually switch to the newer API. */
+DIAG_PUSH_NEEDS_COMMENT
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
+
/* Initialize the user space access vector cache (AVC) for NSCD along with
log/thread/lock callbacks. */
void
@@ -335,7 +342,14 @@ nscd_avc_init (void)
audit_init ();
#endif
}
+DIAG_POP_NEEDS_COMMENT
+
+/* security_context_t and sidput (along with several other symbols) were marked
+ as deprecated by the SELinux API starting from version 3.1. We use them
+ here, but should eventually switch to the newer API. */
+DIAG_PUSH_NEEDS_COMMENT
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
/* Check the permission from the caller (via getpeercon) to nscd.
Returns 0 if access is allowed, 1 if denied, and -1 on error.
@@ -422,6 +436,7 @@ out:
return rc;
}
+DIAG_POP_NEEDS_COMMENT
/* Wrapper to get AVC statistics. */
diff --git a/nss/makedb.c b/nss/makedb.c
index 8e389a1683..8e1e8ec9ad 100644
--- a/nss/makedb.c
+++ b/nss/makedb.c
@@ -38,6 +38,7 @@
#include <sys/stat.h>
#include <sys/uio.h>
#include "nss_db/nss_db.h"
+#include <libc-diag.h>
/* Get libc version number. */
#include "../version.h"
@@ -841,6 +842,13 @@ print_database (int fd)
#ifdef HAVE_SELINUX
+
+/* security_context_t and matchpathcon (along with several other symbols) were
+ marked as deprecated by the SELinux API starting from version 3.1. We use
+ them here, but should eventually switch to the newer API. */
+DIAG_PUSH_NEEDS_COMMENT
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
+
static void
set_file_creation_context (const char *outname, mode_t mode)
{
@@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode)
freecon (ctx);
}
}
+DIAG_POP_NEEDS_COMMENT
static void
reset_file_creation_context (void)
--
2.23.0

7
glibc.spec
View File

@ -59,7 +59,7 @@
############################################################################## ##############################################################################
Name: glibc Name: glibc
Version: 2.31 Version: 2.31
Release: 2 Release: 3
Summary: The GNU libc libraries Summary: The GNU libc libraries
License: %{all_license} License: %{all_license}
URL: http://www.gnu.org/software/glibc/ URL: http://www.gnu.org/software/glibc/
@ -89,6 +89,7 @@ Patch6010: Fix-double-free-in-__printf_fp_l-bug-26214.patch
Patch6011: Fix-memory-leak-in-__printf_fp_l-bug-26215.patch Patch6011: Fix-memory-leak-in-__printf_fp_l-bug-26215.patch
Patch6012: Fix-CVE-2020-6096-001.patch Patch6012: Fix-CVE-2020-6096-001.patch
Patch6013: Fix-CVE-2020-6096-002.patch Patch6013: Fix-CVE-2020-6096-002.patch
Patch6014: Disable-warnings-due-to-deprecated-libselinux-symbol.patch
Patch9000: delete-no-hard-link-to-avoid-all_language-package-to.patch Patch9000: delete-no-hard-link-to-avoid-all_language-package-to.patch
@ -1167,6 +1168,10 @@ fi
%doc hesiod/README.hesiod %doc hesiod/README.hesiod
%changelog %changelog
* Fri Jul 24 2020 Wang Shuo<wangshuo_1994@foxmail.com> - 2.31-3
- backport patch to disable warnings due to deprecated libselinux
- symbols used by nss and nscd
* Fri Jul 24 2020 Wang Shuo<wangshuo_1994@foxmail.com> - 2.31-2 * Fri Jul 24 2020 Wang Shuo<wangshuo_1994@foxmail.com> - 2.31-2
- fix CVE-2020-6096 - fix CVE-2020-6096
- fix bugzilla 26137, 26214 and 26215 - fix bugzilla 26137, 26214 and 26215