!42 Disable warnings due to deprecated libselinux symbols used by nss and nscd
Merge pull request !42 from wswsamao/mymaster
This commit is contained in:
openeuler-ci-bot
Gitee
commit
b991e5dd47
104
Disable-warnings-due-to-deprecated-libselinux-symbol.patch
Normal file
104
Disable-warnings-due-to-deprecated-libselinux-symbol.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From 04726be814c6fd6d9cf974e15d684dd3ac1a180e Mon Sep 17 00:00:00 2001
|
||||
From: Arjun Shankar <arjun@redhat.com>
|
||||
Date: Thu, 23 Jul 2020 12:20:38 +0200
|
||||
Subject: [PATCH] Disable warnings due to deprecated libselinux symbols used by
|
||||
nss and nscd
|
||||
|
||||
The SELinux API deprecated several symbols in its 3.1 release, including
|
||||
security_context_t, matchpathcon, avc_init, and sidput, which are used in
|
||||
makedb and nscd. While the usage of these should eventually be replaced by
|
||||
newer interfaces, this commit disables GCC warnings due to the use of the
|
||||
above symbols.
|
||||
|
||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||
Tested-by: Carlos O'Donell <carlos@redhat.com>
|
||||
---
|
||||
nscd/selinux.c | 15 +++++++++++++++
|
||||
nss/makedb.c | 9 +++++++++
|
||||
2 files changed, 24 insertions(+)
|
||||
|
||||
diff --git a/nscd/selinux.c b/nscd/selinux.c
|
||||
index a4ea8008e2..1ebf924826 100644
|
||||
--- a/nscd/selinux.c
|
||||
+++ b/nscd/selinux.c
|
||||
@@ -33,6 +33,7 @@
|
||||
#ifdef HAVE_LIBAUDIT
|
||||
# include <libaudit.h>
|
||||
#endif
|
||||
+#include <libc-diag.h>
|
||||
|
||||
#include "dbg_log.h"
|
||||
#include "selinux.h"
|
||||
@@ -320,6 +321,12 @@ avc_free_lock (void *lock)
|
||||
}
|
||||
|
||||
|
||||
+/* avc_init (along with several other symbols) was marked as deprecated by the
|
||||
+ SELinux API starting from version 3.1. We use it here, but should
|
||||
+ eventually switch to the newer API. */
|
||||
+DIAG_PUSH_NEEDS_COMMENT
|
||||
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
|
||||
+
|
||||
/* Initialize the user space access vector cache (AVC) for NSCD along with
|
||||
log/thread/lock callbacks. */
|
||||
void
|
||||
@@ -335,7 +342,14 @@ nscd_avc_init (void)
|
||||
audit_init ();
|
||||
#endif
|
||||
}
|
||||
+DIAG_POP_NEEDS_COMMENT
|
||||
+
|
||||
|
||||
+/* security_context_t and sidput (along with several other symbols) were marked
|
||||
+ as deprecated by the SELinux API starting from version 3.1. We use them
|
||||
+ here, but should eventually switch to the newer API. */
|
||||
+DIAG_PUSH_NEEDS_COMMENT
|
||||
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
|
||||
|
||||
/* Check the permission from the caller (via getpeercon) to nscd.
|
||||
Returns 0 if access is allowed, 1 if denied, and -1 on error.
|
||||
@@ -422,6 +436,7 @@ out:
|
||||
|
||||
return rc;
|
||||
}
|
||||
+DIAG_POP_NEEDS_COMMENT
|
||||
|
||||
|
||||
/* Wrapper to get AVC statistics. */
|
||||
diff --git a/nss/makedb.c b/nss/makedb.c
|
||||
index 8e389a1683..8e1e8ec9ad 100644
|
||||
--- a/nss/makedb.c
|
||||
+++ b/nss/makedb.c
|
||||
@@ -38,6 +38,7 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/uio.h>
|
||||
#include "nss_db/nss_db.h"
|
||||
+#include <libc-diag.h>
|
||||
|
||||
/* Get libc version number. */
|
||||
#include "../version.h"
|
||||
@@ -841,6 +842,13 @@ print_database (int fd)
|
||||
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
+
|
||||
+/* security_context_t and matchpathcon (along with several other symbols) were
|
||||
+ marked as deprecated by the SELinux API starting from version 3.1. We use
|
||||
+ them here, but should eventually switch to the newer API. */
|
||||
+DIAG_PUSH_NEEDS_COMMENT
|
||||
+DIAG_IGNORE_NEEDS_COMMENT (10, "-Wdeprecated-declarations");
|
||||
+
|
||||
static void
|
||||
set_file_creation_context (const char *outname, mode_t mode)
|
||||
{
|
||||
@@ -870,6 +878,7 @@ set_file_creation_context (const char *outname, mode_t mode)
|
||||
freecon (ctx);
|
||||
}
|
||||
}
|
||||
+DIAG_POP_NEEDS_COMMENT
|
||||
|
||||
static void
|
||||
reset_file_creation_context (void)
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -59,7 +59,7 @@
|
||||
##############################################################################
|
||||
Name: glibc
|
||||
Version: 2.31
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: The GNU libc libraries
|
||||
License: %{all_license}
|
||||
URL: http://www.gnu.org/software/glibc/
|
||||
@ -89,6 +89,7 @@ Patch6010: Fix-double-free-in-__printf_fp_l-bug-26214.patch
|
||||
Patch6011: Fix-memory-leak-in-__printf_fp_l-bug-26215.patch
|
||||
Patch6012: Fix-CVE-2020-6096-001.patch
|
||||
Patch6013: Fix-CVE-2020-6096-002.patch
|
||||
Patch6014: Disable-warnings-due-to-deprecated-libselinux-symbol.patch
|
||||
|
||||
Patch9000: delete-no-hard-link-to-avoid-all_language-package-to.patch
|
||||
|
||||
@ -1167,6 +1168,10 @@ fi
|
||||
%doc hesiod/README.hesiod
|
||||
|
||||
%changelog
|
||||
* Fri Jul 24 2020 Wang Shuo<wangshuo_1994@foxmail.com> - 2.31-3
|
||||
- backport patch to disable warnings due to deprecated libselinux
|
||||
- symbols used by nss and nscd
|
||||
|
||||
* Fri Jul 24 2020 Wang Shuo<wangshuo_1994@foxmail.com> - 2.31-2
|
||||
- fix CVE-2020-6096
|
||||
- fix bugzilla 26137, 26214 and 26215
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user