Update to 2.61

2021-11-25 18:43:16 +08:00 · 2021-11-25 18:43:16 +08:00 · f29e5ff517
commit f29e5ff517
parent af901cb018
7 changed files with 22 additions and 293 deletions
--- a/Avoid-segfaulting-when-the-kernel-is-ahead-of-libcap.patch
+++ b/Avoid-segfaulting-when-the-kernel-is-ahead-of-libcap.patch
@ -1,58 +0,0 @@
-From 2f72ffb7c9f28fbd143010dd68730b73ad1596f4 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Sat, 2 May 2020 17:10:25 -0700
-Subject: [PATCH] Avoid segfaulting when the kernel is ahead of libcap.
-
-Fixes bug report from Heiner Kallweit:
-
-  https://bugzilla.kernel.org/show_bug.cgi?id=207549
-
-This bug was triggered when the kernel being run knows about
-more capabilities than the running build of libcap does. The
-issue is that in two places libcap assumed that _cap_names[]
-was long enough to name cap_max_bits() worth of capabilities.
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
- libcap/cap_text.c | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/libcap/cap_text.c b/libcap/cap_text.c
-index 00fbbc6..8ea4b05 100644
--- a/libcap/cap_text.c
-+++ b/libcap/cap_text.c
-@@ -57,8 +57,9 @@ static char const *namcmp(char const *str, char const *nam)
- }
- 
- /*
- * forceall forces all of the named capabilities to be assigned the
- * masked value, and zeroed otherwise.
-+ * forceall forces all of the kernel named capabilities to be assigned
-+ * the masked value, and zeroed otherwise. Note, if the kernel is ahead
-+ * of libcap, the upper bits will be referred to by number.
-  */
- static void forceall(__u32 *flat, __u32 value, unsigned blks)
- {
-@@ -112,13 +113,16 @@ static int lookupname(char const **strp)
- 	}
- #else /* ie., ndef GPERF_DOWNCASE */
- 	char const *s;
-	unsigned n;
-
-	for (n = cap_max_bits(); n--; )
-+	unsigned n = cap_max_bits();
-+	if (n > __CAP_BITS) {
-+	    n = __CAP_BITS;
-+	}
-+	while (n--) {
- 	    if (_cap_names[n] && (s = namcmp(str.constp, _cap_names[n]))) {
- 		*strp = s;
- 		return n;
- 	    }
-+	}
- #endif /* def GPERF_DOWNCASE */
- 
- 	return -1;   	/* No definition available */
-- 
-2.27.GIT
-
--- a/backport-capsh-better-error-handling-for-integer-parsing.patch
+++ b/backport-capsh-better-error-handling-for-integer-parsing.patch
@ -1,141 +0,0 @@
-From 9c4997d6592e5daf046a6968ac83cf615c51fbe1 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Sat, 6 Nov 2021 08:45:06 -0700
-Subject: [PATCH] capsh: better error handling for integer parsing.
-
-Bug reported by meitingli:
-
-   https://bugzilla.kernel.org/show_bug.cgi?id=214911
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
- progs/capsh.c | 49 ++++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 40 insertions(+), 9 deletions(-)
-
-diff --git a/progs/capsh.c b/progs/capsh.c
-index 2295359..4f568c3 100644
--- a/progs/capsh.c
-+++ b/progs/capsh.c
-@@ -40,6 +40,35 @@
- 
- #define MAX_GROUPS       100   /* max number of supplementary groups for user */
- 
-+/* parse a non-negative integer with some error handling */
-+static unsigned long nonneg_uint(const char *text, const char *prefix, int *ok)
-+{
-+    char *remains;
-+    unsigned long value;
-+    ssize_t len = strlen(text);
-+
-+    if (len == 0 || *text == '-') {
-+	goto fail;
-+    }
-+    value = strtoul(text, &remains, 0);
-+    if (*remains) {
-+	goto fail;
-+    }
-+    if (ok != NULL) {
-+	*ok = 1;
-+    }
-+    return value;
-+
-+fail:
-+    if (ok == NULL) {
-+	fprintf(stderr, "%s: want non-negative integer, got \"%s\"\n",
-+		prefix, text);
-+	exit(1);
-+    }
-+    *ok = 0;
-+    return 0;
-+}
-+
- static char *binary(unsigned long value)
- {
-     static char string[8*sizeof(unsigned long) + 1];
-@@ -667,7 +696,7 @@ int main(int argc, char *argv[], char *envp[])
- 	    unsigned value;
- 	    int set;
- 
-	    value = strtoul(argv[i]+7, NULL, 0);
-+	    value = nonneg_uint(argv[i]+7, "invalid --keep value", NULL);
- 	    set = prctl(PR_SET_KEEPCAPS, value);
- 	    if (set < 0) {
- 		fprintf(stderr, "prctl(PR_SET_KEEPCAPS, %u) failed: %s\n",
-@@ -724,7 +753,7 @@ int main(int argc, char *argv[], char *envp[])
- 	} else if (!strncmp("--secbits=", argv[i], 10)) {
- 	    unsigned value;
- 	    int status;
-	    value = strtoul(argv[i]+10, NULL, 0);
-+	    value = nonneg_uint(argv[i]+10, "invalid --secbits value", NULL);
- 	    status = cap_set_secbits(value);
- 	    if (status < 0) {
- 		fprintf(stderr, "failed to set securebits to 0%o/0x%x\n",
-@@ -737,8 +766,9 @@ int main(int argc, char *argv[], char *envp[])
- 		fprintf(stderr, "already forked\n");
- 		exit(1);
- 	    }
-	    value = strtoul(argv[i]+10, NULL, 0);
-+	    value = nonneg_uint(argv[i]+10, "invalid --forkfor value", NULL);
- 	    if (value == 0) {
-+		fprintf(stderr, "require non-zero --forkfor value\n");
- 		goto usage;
- 	    }
- 	    child = fork();
-@@ -753,7 +783,8 @@ int main(int argc, char *argv[], char *envp[])
- 	    pid_t result;
- 	    unsigned value;
- 
-	    value = strtoul(argv[i]+9, NULL, 0);
-+	    value = nonneg_uint(argv[i]+9, "invalid --killit signo value",
-+				NULL);
- 	    if (!child) {
- 		fprintf(stderr, "no forked process to kill\n");
- 		exit(1);
-@@ -779,7 +810,7 @@ int main(int argc, char *argv[], char *envp[])
- 	    unsigned value;
- 	    int status;
- 
-	    value = strtoul(argv[i]+6, NULL, 0);
-+	    value = nonneg_uint(argv[i]+6, "invalid --uid value", NULL);
- 	    status = setuid(value);
- 	    if (status < 0) {
- 		fprintf(stderr, "Failed to set uid=%u: %s\n",
-@@ -790,7 +821,7 @@ int main(int argc, char *argv[], char *envp[])
- 	    unsigned value;
- 	    int status;
- 
-	    value = strtoul(argv[i]+10, NULL, 0);
-+	    value = nonneg_uint(argv[i]+10, "invalid --cap-uid value", NULL);
- 	    status = cap_setuid(value);
- 	    if (status < 0) {
- 		fprintf(stderr, "Failed to cap_setuid(%u): %s\n",
-@@ -801,7 +832,7 @@ int main(int argc, char *argv[], char *envp[])
- 	    unsigned value;
- 	    int status;
- 
-	    value = strtoul(argv[i]+6, NULL, 0);
-+	    value = nonneg_uint(argv[i]+6, "invalid --gid value", NULL);
- 	    status = setgid(value);
- 	    if (status < 0) {
- 		fprintf(stderr, "Failed to set gid=%u: %s\n",
-@@ -1009,7 +1040,7 @@ int main(int argc, char *argv[], char *envp[])
- 	} else if (!strncmp("--is-uid=", argv[i], 9)) {
- 	    unsigned value;
- 	    uid_t uid;
-	    value = strtoul(argv[i]+9, NULL, 0);
-+	    value = nonneg_uint(argv[i]+9, "invalid --is-uid value", NULL);
- 	    uid = getuid();
- 	    if (uid != value) {
- 		fprintf(stderr, "uid: got=%d, want=%d\n", uid, value);
-@@ -1018,7 +1049,7 @@ int main(int argc, char *argv[], char *envp[])
- 	} else if (!strncmp("--is-gid=", argv[i], 9)) {
- 	    unsigned value;
- 	    gid_t gid;
-	    value = strtoul(argv[i]+9, NULL, 0);
-+	    value = nonneg_uint(argv[i]+9, "invalid --is-gid value", NULL);
- 	    gid = getgid();
- 	    if (gid != value) {
- 		fprintf(stderr, "gid: got=%d, want=%d\n", gid, value);
-- 
-1.8.3.1
-
--- a/backport-setcap-clean-up-error-handling-of-the-ns-rootid-argument.patch
+++ b/backport-setcap-clean-up-error-handling-of-the-ns-rootid-argument.patch
@ -1,70 +0,0 @@
-From 8e1e967bc8d99a3233d51f67f6b88620cdff78dc Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Sat, 6 Nov 2021 08:02:20 -0700
-Subject: [PATCH] setcap: clean up error handling of the ns rootid argument.
-
-Bug reported by Artem S. Tashkinov:
-
-https://bugzilla.kernel.org/show_bug.cgi?id=214909
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
- progs/setcap.c | 35 ++++++++++++++++++++++++++++++-----
- 1 file changed, 30 insertions(+), 5 deletions(-)
-
-diff --git a/progs/setcap.c b/progs/setcap.c
-index 442685d..fe985cd 100644
--- a/progs/setcap.c
-+++ b/progs/setcap.c
-@@ -22,6 +22,35 @@ static void usage(void)
-     exit(1);
- }
- 
-+/* parse a positive integer with some error handling */
-+static unsigned long pos_uint(const char *text, const char *prefix, int *ok)
-+{
-+    char *remains;
-+    unsigned long value;
-+    ssize_t len = strlen(text);
-+
-+    if (len == 0 || *text == '-') {
-+       goto fail;
-+    }
-+    value = strtoul(text, &remains, 0);
-+    if (*remains || value == 0) {
-+       goto fail;
-+    }
-+    if (ok != NULL) {
-+       *ok = 1;
-+    }
-+    return value;
-+
-+fail:
-+    if (ok == NULL) {
-+       fprintf(stderr, "%s: want positive integer, got \"%s\"\n",
-+               prefix, text);
-+       exit(1);
-+    }
-+    *ok = 0;
-+    return 0;
-+}
-+
- #define MAXCAP  2048
- 
- static int read_caps(int quiet, const char *filename, char *buffer)
-@@ -93,11 +122,7 @@ int main(int argc, char **argv)
- 		exit(1);
- 	    }
- 	    --argc;
-	    rootid = (uid_t) atoi(*++argv);
-	    if (rootid+1 < 2) {
-		fprintf(stderr, "invalid rootid!=0 of '%s'", *argv);
-		exit(1);
-	    }
-+           rootid = (uid_t) pos_uint(*++argv, "bad ns rootid", NULL);
- 	    continue;
- 	}
- 
-- 
-1.8.3.1
-
--- a/libcap-2.32.tar.gz
+++ b/libcap-2.32.tar.gz
--- a/libcap-2.61.tar.gz
+++ b/libcap-2.61.tar.gz
--- a/libcap-buildflags.patch
+++ b/libcap-buildflags.patch
@ -1,34 +1,29 @@
 From 11bdd43001c41d96769e437498bc57e8665ada2f Mon Sep 17 00:00:00 2001
 From: zhangchenfeng <zhangchenfeng1@huawei.com>
 Date: Fri, 17 Apr 2020 10:21:28 +0800
-Subject: [PATCH] bcap-2.32-buildflags
+Subject: [PATCH] libcap-2.61-buildflags

 ---
 Make.Rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/Make.Rules b/Make.Rules
-index f02c770..b5d682b 100644
+index 70d5829..2160012 100644
 --- a/Make.Rules
 +++ b/Make.Rules
-@@ -50,7 +50,7 @@ KERNEL_HEADERS := $(topdir)/libcap/include/uapi
- IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
- 
- CC := gcc
-CFLAGS := -O2 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-+CFLAGS := $(RPM_OPT_FLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
- BUILD_CC := $(CC)
- BUILD_CFLAGS := $(CFLAGS) $(IPATH)
- AR := ar
-@@ -61,7 +61,7 @@ WARNINGS=-Wall -Wwrite-strings \
-         -Wstrict-prototypes -Wmissing-prototypes \
-         -Wnested-externs -Winline -Wshadow
- LD=$(CC) -Wl,-x -shared
-LDFLAGS := #-g
-+LDFLAGS := $(RPM_LD_FLAGS) #-g
- LIBCAPLIB := -L$(topdir)/libcap -lcap
- LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread
+@@ -81,10 +81,10 @@ WARNINGS=-Wall -Wwrite-strings -Wpointer-arith -Wcast-qual -Wcast-align \
+ 	-Wstrict-prototypes -Wmissing-prototypes -Wnested-externs       \
+ 	-Winline -Wshadow -Wunreachable-code
+ COPTS ?= -O2
+-CFLAGS ?= $(COPTS) $(DEBUG)
+CFLAGS ?= $(RPM_OPT_FLAGS) $(DEBUG)
+ CFLAGS += $(WARNINGS)
+ CPPFLAGS += -Dlinux $(DEFINES) $(LIBCAP_INCLUDES)
+-LDFLAGS ?= # -g
+LDFLAGS ?= $(RPM_OPT_FLAGS) 
 
+ BUILD_CC ?= $(CC)
+ BUILD_LD ?= $(BUILD_CC) -Wl,-x -shared
 -- 
 1.8.3.1

--- a/libcap.spec
+++ b/libcap.spec
@ -1,15 +1,12 @@
 Name:     libcap
-Version:  2.32
-Release:  3
+Version:  2.61
+Release:  1
 Summary:  A library for getting and setting POSIX.1e draft 15 capabilities        
 License:  GPLv2
 URL:      https://sites.google.com/site/fullycapable
 Source0:  https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/%{name}-%{version}.tar.gz

 Patch0:   libcap-buildflags.patch
-Patch1:   Avoid-segfaulting-when-the-kernel-is-ahead-of-libcap.patch
-Patch2:   backport-capsh-better-error-handling-for-integer-parsing.patch
-Patch3:   backport-setcap-clean-up-error-handling-of-the-ns-rootid-argument.patch

 BuildRequires: libattr-devel pam-devel perl-interpreter gcc

@ -40,6 +37,9 @@ mkdir -p %{buildroot}/%{_mandir}/man{2,3,8}
 mv -f doc/*.3 %{buildroot}/%{_mandir}/man3/
 chmod +x %{buildroot}/%{_libdir}/*.so.*

+%check
+%make_build COPTS="%{optflags}" test
+
 %pre

 %preun
@ -70,6 +70,9 @@ chmod +x %{buildroot}/%{_libdir}/*.so.*
 %{_mandir}/man8/*.gz

 %changelog
+* Fri Dec 24 2021 yixiangzhike <yixiangzhike007@163.com> - 2.61-1
+- update to 2.61
+
 * Mon Nov 8 2021 yixiangzhike <yixiangzhike007@163.com> - 2.32-3
 - capsh better error handling for integer parsing
 - setcap clean up error handling of the ns rootid argument