From patchwork Mon Nov 23 19:17:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Thiery X-Patchwork-Id: 1404998 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=c6usoScD; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Cfxkk6fn0z9sRK for ; Tue, 24 Nov 2020 06:18:06 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 0C7EF204C3; Mon, 23 Nov 2020 19:18:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e5qPJF+QDo1k; Mon, 23 Nov 2020 19:18:01 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 5974620013; Mon, 23 Nov 2020 19:18:01 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id D190A1BF3F3 for ; Mon, 23 Nov 2020 19:17:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id B90FE20013 for ; Mon, 23 Nov 2020 19:17:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FMiN3NKfgSbB for ; Mon, 23 Nov 2020 19:17:58 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by silver.osuosl.org (Postfix) with ESMTPS id 698451FEE0 for ; Mon, 23 Nov 2020 19:17:58 +0000 (UTC) Received: by mail-wm1-f49.google.com with SMTP id x22so232584wmc.5 for ; Mon, 23 Nov 2020 11:17:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=FXXHduzKRYeZsm1jDdyVYEBDU5J3CBMOLxx4ppbWzAk=; b=c6usoScDyzk+0W8qgvZGsYgQF99itRxB/2JIx3L+Zug/xgRLnzDBAUuglVNbbJxq3T xkXe436Es/4U4kCUUchMWXo30++3TEA2Q4Bm3nhxkJzwVTe5WV8RXL/gGTnY25sJJjRQ Q7MULD7aChrae3DeZnoM40VugFR9yp+3ab0TNSDUARzJPPs7Wp29GL7rJ/zieTerxoSw zH1uN3ZQBUMQXkJiSsDJ6u2L3RXmVRT/m41wMZYbgNij6C5Z3dQJyRIxWg72N64hy4Kc YgPTjO9zbWn6pk6V09xeTTrMDE0+muCjbkDjVnHYmZ3lTpEfo69IlcKNe0y8CmVAs+2A TByA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=FXXHduzKRYeZsm1jDdyVYEBDU5J3CBMOLxx4ppbWzAk=; b=slH9fqRJz1NUPKWpiuKej2JqaD4j3JHgb+pMjG8HA/G9YOTTtbupUORcVHfihmfX8d gHmD/L4khFs5lfYQ9d3VobqZxNKDcRG5Te58JmTo/Hs2QQsftYQPqVhH2KawhiBAQc30 US2I20TOEBADwdZyU4xlAcDYne4FWuh6HDUPBqzC0beiXFK9HR0WSXHLVvSjpP24s7Hh QP1SYfYkmz1mf3OfsTP6rpitvGt5DSprG+rHuLj+4XEQlqLQ3uxI3ZO/NDIQJH/PoOxQ bwLJwj2uIs2YTztHT+BF6dOn37XaGAoMd3rnUK7pI/Y5WZGf1gUBG3hQ1mmMYZilbxGI UpDQ== X-Gm-Message-State: AOAM5334Np2yvX61h0VjWjalWHkw5DlBGfHd0AF/K/hK63yCsn8NMqjJ 7WorQ7onhXwuczTGWTORR+bD1o8i7zkC1Q== X-Google-Smtp-Source: ABdhPJy9fyoBaRycZ35YfI56C9BvLJaZJDHCPL/xnQbiNFqKXX0S3bpuXNRNkWTJL7QMt7Kdixshfw== X-Received: by 2002:a1c:b787:: with SMTP id h129mr375625wmf.67.1606159076249; Mon, 23 Nov 2020 11:17:56 -0800 (PST) Received: from t450s.fritz.box (ip5b426f26.dynamic.kabel-deutschland.de. [91.66.111.38]) by smtp.gmail.com with ESMTPSA id d13sm23350448wrb.39.2020.11.23.11.17.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Nov 2020 11:17:55 -0800 (PST) From: Heiko Thiery To: buildroot@buildroot.org Date: Mon, 23 Nov 2020 20:17:27 +0100 Message-Id: <20201123191729.2557-1-heiko.thiery@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/2] package/openrc: fix build with gcc 10 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Heiko Thiery , =?utf-8?b?TWljaGHFgiDFgXlzemN6?= =?utf-8?b?ZWs=?= , mscdex@mscdex.net Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Fixes: - https://bugs.busybox.net/show_bug.cgi?id=13331 Cc: mscdex@mscdex.net Signed-off-by: Heiko Thiery --- ...r.h-fix-build-failure-against-gcc-10.patch | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch diff --git a/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch b/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch new file mode 100644 index 0000000000..9fded3ca90 --- /dev/null +++ b/package/openrc/0006-src-rc-rc-logger.h-fix-build-failure-against-gcc-10.patch @@ -0,0 +1,52 @@ +From 375ef42393f3dc6edbaa2cb70c79b2366072db38 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Sun, 19 Jan 2020 15:24:20 +0000 +Subject: [PATCH] src/rc/rc-logger.h: fix build failure against gcc-10 + +On gcc-10 (and gcc-9 -fno-common) build fails as: + +``` +cc -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \ + -Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \ + -Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \ + -Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \ + -Wsequence-point -Werror=implicit-function-declaration \ + -Wl,-rpath=/lib -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl +ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16: + multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here +ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17: + multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here +``` + +gcc-10 will change the default from -fcommon to fno-common: +https://gcc.gnu.org/PR85678. + +The error also happens if CFLAGS=-fno-common passed explicitly. + +This fixes #348. + +[Patch taken from upstream: +https://github.com/OpenRC/openrc/commit/375ef42393f3dc6edbaa2cb70c79b2366072db38] +Signed-off-by: Heiko Thiery +--- + src/rc/rc-logger.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/rc/rc-logger.h b/src/rc/rc-logger.h +index bf6e3e57..1da294b0 100644 +--- a/src/rc/rc-logger.h ++++ b/src/rc/rc-logger.h +@@ -13,8 +13,8 @@ + #ifndef RC_LOGGER_H + #define RC_LOGGER_H + +-pid_t rc_logger_pid; +-int rc_logger_tty; ++extern pid_t rc_logger_pid; ++extern int rc_logger_tty; + extern bool rc_in_logger; + + void rc_logger_open(const char *runlevel); +-- +2.20.1 + From patchwork Mon Nov 23 19:17:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heiko Thiery X-Patchwork-Id: 1404999 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=hEBTpVsL; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CfxlJ2bkTz9sRK for ; Tue, 24 Nov 2020 06:18:36 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 05D1885868; Mon, 23 Nov 2020 19:18:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NCVkeYaXw7vq; Mon, 23 Nov 2020 19:18:32 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id C093D85817; Mon, 23 Nov 2020 19:18:32 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 96B591BF3F3 for ; Mon, 23 Nov 2020 19:18:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 93B6286274 for ; Mon, 23 Nov 2020 19:18:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQsa7449iU6l for ; Mon, 23 Nov 2020 19:18:29 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by whitealder.osuosl.org (Postfix) with ESMTPS id 4960686272 for ; Mon, 23 Nov 2020 19:18:29 +0000 (UTC) Received: by mail-wr1-f41.google.com with SMTP id m6so19695018wrg.7 for ; Mon, 23 Nov 2020 11:18:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iXW1PTfBg5s2Me1uLAAESWyTQmojOreMubEXYe6u7FQ=; b=hEBTpVsLubD80D3NOqlqcTyu6HLKP6+Ag+3Ux36lqcRupNrFcNUfpt37vbLtfK4FkA VJUXcc6oJWpj/8mguLWSLesCMabBZz9/jX2XoYf1auQ/BSZf7W6u50D3oD6ydxK8+7+c kRPtuaykNp/HYdFCMXjwFnh/rg/dQjDoIcLM8NU3s8jmHlMjI0qrKX9rGbbhhM456iOK PXR/dYcY+wGTnu+4Ubt9Yn4qolWNOdKT22/QCajA5N4RO3PUwsYkPCTsTOPFfplCGaT5 FnD+mLgYItLIFpcX9mnyx0v86nQwKzjsTo7FrlbqhWte5iVPpyROIM0gZiJr78DgrbXC V+CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iXW1PTfBg5s2Me1uLAAESWyTQmojOreMubEXYe6u7FQ=; b=K0+qDZRZGOIwMz+1QewaZxeVGKBX83nKCpWqiBdBlh157H0Uup6+fT2rems+NgoO/y 7LP016P8s5w91JuXezkU4kZZWZp6XNVKeUjf/DjzYWgRcQUoovh9bdqg3sl7mYJruDbB TqhMPAW+jt05qOigJEcy0owx3WPsXGC7M6VWijrTOM4k1wX4h9gX/DAyxt7EGcOc4X22 safk8e2VXp3/qLKSTlNWjuIsicBCFR3Bj6x8RzujfDZjGRC2LEqZ0ooAqSBcq05CdtvO W0yXQUD+kx4CqjdlF+4bOmpQ7ZF7j1Ws16ZFH13FIdyPGEdZzEA6lmXQynC4NI1FJBAo Hzvw== X-Gm-Message-State: AOAM532yfL2F5g7gDoLRJPhSOCntGxvfF8cw4w6xItKlLxSN1q+ipGUu Y8cXSbw7AqX1RjUy+U8hwDq3diRG9u3naA== X-Google-Smtp-Source: ABdhPJy6h+VymQWuCB4cM7aP9gMFVWQpEbw/DzhKMb2sJG+ONG0cE7MoiUuHftl5cpn+7XvahqekIw== X-Received: by 2002:a5d:6286:: with SMTP id k6mr1171343wru.309.1606159107316; Mon, 23 Nov 2020 11:18:27 -0800 (PST) Received: from t450s.fritz.box (ip5b426f26.dynamic.kabel-deutschland.de. [91.66.111.38]) by smtp.gmail.com with ESMTPSA id d13sm23350448wrb.39.2020.11.23.11.18.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Nov 2020 11:18:26 -0800 (PST) From: Heiko Thiery To: buildroot@buildroot.org Date: Mon, 23 Nov 2020 20:17:29 +0100 Message-Id: <20201123191729.2557-2-heiko.thiery@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201123191729.2557-1-heiko.thiery@gmail.com> References: <20201123191729.2557-1-heiko.thiery@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 2/2] package/openrc: add upstream security fix for CVE-2018-21269 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Heiko Thiery , Peter Korsgaard , =?utf-8?b?TWljaGHFgiDFgXlzemN6ZWs=?= Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Cc: Peter Korsgaard Signed-off-by: Heiko Thiery --- .../0007-checkpath-fix-CVE-2018-21269.patch | 251 ++++++++++++++++++ package/openrc/openrc.mk | 3 + 2 files changed, 254 insertions(+) create mode 100644 package/openrc/0007-checkpath-fix-CVE-2018-21269.patch diff --git a/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch b/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch new file mode 100644 index 0000000000..121f229864 --- /dev/null +++ b/package/openrc/0007-checkpath-fix-CVE-2018-21269.patch @@ -0,0 +1,251 @@ +From b6fef599bf8493480664b766040fa9b0d4b1e335 Mon Sep 17 00:00:00 2001 +From: William Hubbs +Date: Fri, 20 Nov 2020 09:15:59 -0600 +Subject: [PATCH] checkpath: fix CVE-2018-21269 + +This walks the directory path to the file we are going to manipulate to make +sure that when we create the file and change the ownership and permissions +we are working on the same file. +Also, all non-terminal symbolic links must be owned by root. This will +keep a non-root user from making a symbolic link as described in the +bug. If root creates the symbolic link, it is assumed to be trusted. + +On non-linux platforms, we no longer follow non-terminal symbolic links +by default. If you need to do that, add the -s option on the checkpath +command line, but keep in mind that this is not secure. + +This fixes #201. + +[Patch taken from upstream: +https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335] +Signed-off-by: Heiko Thiery +--- + man/openrc-run.8 | 6 +++ + src/rc/checkpath.c | 103 ++++++++++++++++++++++++++++++++++++++++++--- + 2 files changed, 102 insertions(+), 7 deletions(-) + +diff --git a/man/openrc-run.8 b/man/openrc-run.8 +index 1102daaa..ec4b88de 100644 +--- a/man/openrc-run.8 ++++ b/man/openrc-run.8 +@@ -461,6 +461,7 @@ Mark the service as inactive. + .Op Fl p , -pipe + .Op Fl m , -mode Ar mode + .Op Fl o , -owner Ar owner ++.Op Fl s , -symlinks + .Op Fl W , -writable + .Op Fl q , -quiet + .Ar path ... +@@ -481,6 +482,11 @@ or with names, and are separated by a colon. + The truncate options (-D and -F) cause the directory or file to be + cleared of all contents. + .Pp ++If -s is not specified on a non-linux platform, checkpath will refuse to ++allow non-terminal symbolic links to exist in the path. This is for ++security reasons so that a non-root user can't create a symbolic link to ++a root-owned file and take ownership of that file. ++.Pp + If -W is specified, checkpath checks to see if the first path given on + the command line is writable. This is different from how the test + command in the shell works, because it also checks to make sure the file +diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c +index 448c9cf8..ff54a892 100644 +--- a/src/rc/checkpath.c ++++ b/src/rc/checkpath.c +@@ -16,6 +16,7 @@ + * except according to the terms contained in the LICENSE file. + */ + ++#define _GNU_SOURCE + #include + #include + +@@ -23,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -44,7 +46,7 @@ typedef enum { + + const char *applet = NULL; + const char *extraopts ="path1 [path2] [...]"; +-const char *getoptstring = "dDfFpm:o:W" getoptstring_COMMON; ++const char *getoptstring = "dDfFpm:o:sW" getoptstring_COMMON; + const struct option longopts[] = { + { "directory", 0, NULL, 'd'}, + { "directory-truncate", 0, NULL, 'D'}, +@@ -53,6 +55,7 @@ const struct option longopts[] = { + { "pipe", 0, NULL, 'p'}, + { "mode", 1, NULL, 'm'}, + { "owner", 1, NULL, 'o'}, ++ { "symlinks", 0, NULL, 's'}, + { "writable", 0, NULL, 'W'}, + longopts_COMMON + }; +@@ -64,15 +67,92 @@ const char * const longopts_help[] = { + "Create a named pipe (FIFO) if not exists", + "Mode to check", + "Owner to check (user:group)", ++ "follow symbolic links (irrelivent on linux)", + "Check whether the path is writable or not", + longopts_help_COMMON + }; + const char *usagestring = NULL; + ++static int get_dirfd(char *path, bool symlinks) { ++ char *ch; ++ char *item; ++ char *linkpath = NULL; ++ char *path_dupe; ++ char *str; ++ int components = 0; ++ int dirfd; ++ int flags = 0; ++ int new_dirfd; ++ struct stat st; ++ ssize_t linksize; ++ ++ if (!path || *path != '/') ++ eerrorx("%s: empty or relative path", applet); ++ dirfd = openat(dirfd, "/", O_RDONLY); ++ if (dirfd == -1) ++ eerrorx("%s: unable to open the root directory: %s", ++ applet, strerror(errno)); ++ path_dupe = xstrdup(path); ++ ch = path_dupe; ++ while (*ch) { ++ if (*ch == '/') ++ components++; ++ ch++; ++ } ++ item = strtok(path_dupe, "/"); ++#ifdef O_PATH ++ flags |= O_PATH; ++#endif ++ if (!symlinks) ++ flags |= O_NOFOLLOW; ++ flags |= O_RDONLY; ++ while (dirfd > 0 && item && components > 1) { ++ str = xstrdup(linkpath ? linkpath : item); ++ new_dirfd = openat(dirfd, str, flags); ++ if (new_dirfd == -1) ++ eerrorx("%s: %s: could not open %s: %s", applet, path, str, ++ strerror(errno)); ++ if (fstat(new_dirfd, &st) == -1) ++ eerrorx("%s: %s: unable to stat %s: %s", applet, path, item, ++ strerror(errno)); ++ if (S_ISLNK(st.st_mode) ) { ++ if (st.st_uid != 0) ++ eerrorx("%s: %s: synbolic link %s not owned by root", ++ applet, path, str); ++ linksize = st.st_size+1; ++ if (linkpath) ++ free(linkpath); ++ linkpath = xmalloc(linksize); ++ memset(linkpath, 0, linksize); ++ if (readlinkat(new_dirfd, "", linkpath, linksize) != st.st_size) ++ eerrorx("%s: symbolic link destination changed", applet); ++ /* ++ * now follow the symlink. ++ */ ++ close(new_dirfd); ++ } else { ++ close(dirfd); ++ dirfd = new_dirfd; ++ free(linkpath); ++ linkpath = NULL; ++ item = strtok(NULL, "/"); ++ components--; ++ } ++ } ++ free(path_dupe); ++ if (linkpath) { ++ free(linkpath); ++ linkpath = NULL; ++ } ++ return dirfd; ++} ++ + static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, +- inode_t type, bool trunc, bool chowner, bool selinux_on) ++ inode_t type, bool trunc, bool chowner, bool symlinks, bool selinux_on) + { + struct stat st; ++ char *name = NULL; ++ int dirfd; + int fd; + int flags; + int r; +@@ -93,14 +173,16 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, + #endif + if (trunc) + flags |= O_TRUNC; +- readfd = open(path, readflags); ++ xasprintf(&name, "%s", basename_c(path)); ++ dirfd = get_dirfd(path, symlinks); ++ readfd = openat(dirfd, name, readflags); + if (readfd == -1 || (type == inode_file && trunc)) { + if (type == inode_file) { + einfo("%s: creating file", path); + if (!mode) /* 664 */ + mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; + u = umask(0); +- fd = open(path, flags, mode); ++ fd = openat(dirfd, name, flags, mode); + umask(u); + if (fd == -1) { + eerror("%s: open: %s", applet, strerror(errno)); +@@ -122,7 +204,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, + strerror (errno)); + return -1; + } +- readfd = open(path, readflags); ++ readfd = openat(dirfd, name, readflags); + if (readfd == -1) { + eerror("%s: unable to open directory: %s", applet, + strerror(errno)); +@@ -140,7 +222,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode, + strerror (errno)); + return -1; + } +- readfd = open(path, readflags); ++ readfd = openat(dirfd, name, readflags); + if (readfd == -1) { + eerror("%s: unable to open fifo: %s", applet, + strerror(errno)); +@@ -259,6 +341,7 @@ int main(int argc, char **argv) + int retval = EXIT_SUCCESS; + bool trunc = false; + bool chowner = false; ++ bool symlinks = false; + bool writable = false; + bool selinux_on = false; + +@@ -293,6 +376,11 @@ int main(int argc, char **argv) + eerrorx("%s: owner `%s' not found", + applet, optarg); + break; ++ case 's': ++#ifndef O_PATH ++ symlinks = true; ++#endif ++ break; + case 'W': + writable = true; + break; +@@ -320,7 +408,8 @@ int main(int argc, char **argv) + while (optind < argc) { + if (writable) + exit(!is_writable(argv[optind])); +- if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, selinux_on)) ++ if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, ++ symlinks, selinux_on)) + retval = EXIT_FAILURE; + optind++; + } +-- +2.20.1 + diff --git a/package/openrc/openrc.mk b/package/openrc/openrc.mk index 97536dad37..ba1691e70f 100644 --- a/package/openrc/openrc.mk +++ b/package/openrc/openrc.mk @@ -9,6 +9,9 @@ OPENRC_SITE = $(call github,OpenRC,openrc,$(OPENRC_VERSION)) OPENRC_LICENSE = BSD-2-Clause OPENRC_LICENSE_FILES = LICENSE +# 0007-checkpath-fix-CVE-2018-21269.patch +OPENRC_IGNORE_CVES += CVE-2018-21269 + OPENRC_DEPENDENCIES = ncurses # set LIBNAME so openrc puts files in proper directories and sets proper