All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2
@ 2021-04-16 20:34 Fabrice Fontaine
  2021-04-16 20:34 ` [Buildroot] [PATCH 2/2] package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR Fabrice Fontaine
  2021-04-17  6:59 ` [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2 Yann E. MORIN
  0 siblings, 2 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2021-04-16 20:34 UTC (permalink / raw)
  To: buildroot

Drop patch (already in version)

https://github.com/libcgroup/libcgroup/releases/tag/v0.42.2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../0001-cgrulesengd-remove-umask-0.patch     | 33 -------------------
 package/libcgroup/libcgroup.hash              |  6 ++--
 package/libcgroup/libcgroup.mk                |  7 ++--
 3 files changed, 6 insertions(+), 40 deletions(-)
 delete mode 100644 package/libcgroup/0001-cgrulesengd-remove-umask-0.patch

diff --git a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
deleted file mode 100644
index 1d9077a2d6..0000000000
--- a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
-From: Michal Hocko <mhocko@suse.com>
-Date: Wed, 18 Jul 2018 11:24:29 +0200
-Subject: [PATCH] cgrulesengd: remove umask(0)
-
-One of our partners has noticed that cgred daemon is creating a log file
-(/var/log/cgred) with too wide permissions (0666) and that is seen as
-a security bug because an untrusted user can write to otherwise
-restricted area. CVE-2018-14348 has been assigned to this issue.
-
-Signed-off-by: Michal Hocko <mhocko@suse.com>
-Acked-by: Balbir Singh <bsingharora@gmail.com>
-[Retrieved from:
-https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- src/daemon/cgrulesengd.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
-index ea51f11..0d288f3 100644
---- a/src/daemon/cgrulesengd.c
-+++ b/src/daemon/cgrulesengd.c
-@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
- 		} else if (pid > 0) {
- 			exit(EXIT_SUCCESS);
- 		}
--
--		/* Change the file mode mask. */
--		umask(0);
- 	} else {
- 		flog(LOG_DEBUG, "Not using daemon mode\n");
- 		pid = getpid();
diff --git a/package/libcgroup/libcgroup.hash b/package/libcgroup/libcgroup.hash
index 11423e269f..70671212ef 100644
--- a/package/libcgroup/libcgroup.hash
+++ b/package/libcgroup/libcgroup.hash
@@ -1,3 +1,5 @@
-# Locally computed:
-sha256  e4e38bdc7ef70645ce33740ddcca051248d56b53283c0dc6d404e17706f6fb51  libcgroup-0.41.tar.bz2
+# From https://github.com/libcgroup/libcgroup/releases/download/v0.42.2/libcgroup-0.42.2.tar.bz2.sha256
+sha256  18939381324d418e11be4f5fdca37b01652c18917bfaf1f6b0c505f157e18d07  libcgroup-0.42.2.tar.bz2
+
+# Hash for license file
 sha256  a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING
diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
index a26d5f2ddf..ff0639946c 100644
--- a/package/libcgroup/libcgroup.mk
+++ b/package/libcgroup/libcgroup.mk
@@ -4,17 +4,14 @@
 #
 ################################################################################
 
-LIBCGROUP_VERSION = 0.41
+LIBCGROUP_VERSION = 0.42.2
 LIBCGROUP_SOURCE = libcgroup-$(LIBCGROUP_VERSION).tar.bz2
-LIBCGROUP_SITE = http://downloads.sourceforge.net/project/libcg/libcgroup/v$(LIBCGROUP_VERSION)
+LIBCGROUP_SITE = https://github.com/libcgroup/libcgroup/releases/download/v$(LIBCGROUP_VERSION)
 LIBCGROUP_LICENSE = LGPL-2.1
 LIBCGROUP_LICENSE_FILES = COPYING
 LIBCGROUP_DEPENDENCIES = host-bison host-flex
 LIBCGROUP_INSTALL_STAGING = YES
 
-# 0001-cgrulesengd-remove-umask-0.patch
-LIBCGROUP_IGNORE_CVES += CVE-2018-14348
-
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
 # for more information.
-- 
2.30.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH 2/2] package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR
  2021-04-16 20:34 [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2 Fabrice Fontaine
@ 2021-04-16 20:34 ` Fabrice Fontaine
  2021-04-26  6:59   ` Peter Korsgaard
  2021-04-17  6:59 ` [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2 Yann E. MORIN
  1 sibling, 1 reply; 4+ messages in thread
From: Fabrice Fontaine @ 2021-04-16 20:34 UTC (permalink / raw)
  To: buildroot

cpe:2.3:a:libcgroup_project:libcgroup is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcgroup_project%3Alibcgroup

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/libcgroup/libcgroup.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
index ff0639946c..156b066162 100644
--- a/package/libcgroup/libcgroup.mk
+++ b/package/libcgroup/libcgroup.mk
@@ -9,6 +9,7 @@ LIBCGROUP_SOURCE = libcgroup-$(LIBCGROUP_VERSION).tar.bz2
 LIBCGROUP_SITE = https://github.com/libcgroup/libcgroup/releases/download/v$(LIBCGROUP_VERSION)
 LIBCGROUP_LICENSE = LGPL-2.1
 LIBCGROUP_LICENSE_FILES = COPYING
+LIBCGROUP_CPE_ID_VENDOR = libcgroup_project
 LIBCGROUP_DEPENDENCIES = host-bison host-flex
 LIBCGROUP_INSTALL_STAGING = YES
 
-- 
2.30.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2
  2021-04-16 20:34 [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2 Fabrice Fontaine
  2021-04-16 20:34 ` [Buildroot] [PATCH 2/2] package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR Fabrice Fontaine
@ 2021-04-17  6:59 ` Yann E. MORIN
  1 sibling, 0 replies; 4+ messages in thread
From: Yann E. MORIN @ 2021-04-17  6:59 UTC (permalink / raw)
  To: buildroot

Fabrice, All,

On 2021-04-16 22:34 +0200, Fabrice Fontaine spake thusly:
> Drop patch (already in version)
> 
> https://github.com/libcgroup/libcgroup/releases/tag/v0.42.2
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Series of 2 applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  .../0001-cgrulesengd-remove-umask-0.patch     | 33 -------------------
>  package/libcgroup/libcgroup.hash              |  6 ++--
>  package/libcgroup/libcgroup.mk                |  7 ++--
>  3 files changed, 6 insertions(+), 40 deletions(-)
>  delete mode 100644 package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> 
> diff --git a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch b/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> deleted file mode 100644
> index 1d9077a2d6..0000000000
> --- a/package/libcgroup/0001-cgrulesengd-remove-umask-0.patch
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -From 0d88b73d189ea3440ccaab00418d6469f76fa590 Mon Sep 17 00:00:00 2001
> -From: Michal Hocko <mhocko@suse.com>
> -Date: Wed, 18 Jul 2018 11:24:29 +0200
> -Subject: [PATCH] cgrulesengd: remove umask(0)
> -
> -One of our partners has noticed that cgred daemon is creating a log file
> -(/var/log/cgred) with too wide permissions (0666) and that is seen as
> -a security bug because an untrusted user can write to otherwise
> -restricted area. CVE-2018-14348 has been assigned to this issue.
> -
> -Signed-off-by: Michal Hocko <mhocko@suse.com>
> -Acked-by: Balbir Singh <bsingharora@gmail.com>
> -[Retrieved from:
> -https://github.com/libcgroup/libcgroup/commit/0d88b73d189ea3440ccaab00418d6469f76fa590]
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ----
> - src/daemon/cgrulesengd.c | 3 ---
> - 1 file changed, 3 deletions(-)
> -
> -diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> -index ea51f11..0d288f3 100644
> ---- a/src/daemon/cgrulesengd.c
> -+++ b/src/daemon/cgrulesengd.c
> -@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
> - 		} else if (pid > 0) {
> - 			exit(EXIT_SUCCESS);
> - 		}
> --
> --		/* Change the file mode mask. */
> --		umask(0);
> - 	} else {
> - 		flog(LOG_DEBUG, "Not using daemon mode\n");
> - 		pid = getpid();
> diff --git a/package/libcgroup/libcgroup.hash b/package/libcgroup/libcgroup.hash
> index 11423e269f..70671212ef 100644
> --- a/package/libcgroup/libcgroup.hash
> +++ b/package/libcgroup/libcgroup.hash
> @@ -1,3 +1,5 @@
> -# Locally computed:
> -sha256  e4e38bdc7ef70645ce33740ddcca051248d56b53283c0dc6d404e17706f6fb51  libcgroup-0.41.tar.bz2
> +# From https://github.com/libcgroup/libcgroup/releases/download/v0.42.2/libcgroup-0.42.2.tar.bz2.sha256
> +sha256  18939381324d418e11be4f5fdca37b01652c18917bfaf1f6b0c505f157e18d07  libcgroup-0.42.2.tar.bz2
> +
> +# Hash for license file
>  sha256  a9bdde5616ecdd1e980b44f360600ee8783b1f99b8cc83a2beb163a0a390e861  COPYING
> diff --git a/package/libcgroup/libcgroup.mk b/package/libcgroup/libcgroup.mk
> index a26d5f2ddf..ff0639946c 100644
> --- a/package/libcgroup/libcgroup.mk
> +++ b/package/libcgroup/libcgroup.mk
> @@ -4,17 +4,14 @@
>  #
>  ################################################################################
>  
> -LIBCGROUP_VERSION = 0.41
> +LIBCGROUP_VERSION = 0.42.2
>  LIBCGROUP_SOURCE = libcgroup-$(LIBCGROUP_VERSION).tar.bz2
> -LIBCGROUP_SITE = http://downloads.sourceforge.net/project/libcg/libcgroup/v$(LIBCGROUP_VERSION)
> +LIBCGROUP_SITE = https://github.com/libcgroup/libcgroup/releases/download/v$(LIBCGROUP_VERSION)
>  LIBCGROUP_LICENSE = LGPL-2.1
>  LIBCGROUP_LICENSE_FILES = COPYING
>  LIBCGROUP_DEPENDENCIES = host-bison host-flex
>  LIBCGROUP_INSTALL_STAGING = YES
>  
> -# 0001-cgrulesengd-remove-umask-0.patch
> -LIBCGROUP_IGNORE_CVES += CVE-2018-14348
> -
>  # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
>  # large file support. See https://bugzilla.redhat.com/show_bug.cgi?id=574992
>  # for more information.
> -- 
> 2.30.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [Buildroot] [PATCH 2/2] package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR
  2021-04-16 20:34 ` [Buildroot] [PATCH 2/2] package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR Fabrice Fontaine
@ 2021-04-26  6:59   ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-04-26  6:59 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > cpe:2.3:a:libcgroup_project:libcgroup is a valid CPE identifier for this
 > package:

 >   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcgroup_project%3Alibcgroup

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2021.02.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-04-26  6:59 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-16 20:34 [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2 Fabrice Fontaine
2021-04-16 20:34 ` [Buildroot] [PATCH 2/2] package/libcgroup: add LIBCGROUP_CPE_ID_VENDOR Fabrice Fontaine
2021-04-26  6:59   ` Peter Korsgaard
2021-04-17  6:59 ` [Buildroot] [PATCH 1/2] package/libcgroup: bump to version 0.42.2 Yann E. MORIN

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.