From 51630b4efee144e5ce9849a7beb0c6d7f7341a8a Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Sun, 6 Feb 2022 22:08:54 +0100 Subject: [PATCH] - new Source0, updated to 0.42.2 - updated coverity,fread patches from Fedora - removed obsolete 0.41 patches --- libcgroup-0.40.rc1-coverity.patch | 56 +++---- libcgroup-0.40.rc1-fread.patch | 17 +- libcgroup-0.41-CVE-2018-14348.patch | 33 ---- ...order-of-memory-subsystem-parameters.patch | 66 -------- ...group-0.41-api.c-preserve-dirty-flag.patch | 33 ---- ...r-setting-multiline-values-in-contro.patch | 150 ------------------ libcgroup-0.41-fix-infinite-loop.patch | 40 ----- libcgroup-0.41-fix-log-level.patch | 38 ----- libcgroup-0.41-lex.patch | 25 --- libcgroup-0.41-prevent-buffer-overflow.patch | 46 ------ ...group-0.41-size-of-controller-values.patch | 142 ----------------- libcgroup-0.41-tasks-file-warning.patch | 49 ------ libcgroup.spec | 40 ++--- 13 files changed, 39 insertions(+), 696 deletions(-) delete mode 100644 libcgroup-0.41-CVE-2018-14348.patch delete mode 100644 libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch delete mode 100644 libcgroup-0.41-api.c-preserve-dirty-flag.patch delete mode 100644 libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch delete mode 100644 libcgroup-0.41-fix-infinite-loop.patch delete mode 100644 libcgroup-0.41-fix-log-level.patch delete mode 100644 libcgroup-0.41-lex.patch delete mode 100644 libcgroup-0.41-prevent-buffer-overflow.patch delete mode 100644 libcgroup-0.41-size-of-controller-values.patch delete mode 100644 libcgroup-0.41-tasks-file-warning.patch diff --git a/libcgroup-0.40.rc1-coverity.patch b/libcgroup-0.40.rc1-coverity.patch index 439abf1..b75a230 100644 --- a/libcgroup-0.40.rc1-coverity.patch +++ b/libcgroup-0.40.rc1-coverity.patch @@ -1,18 +1,8 @@ -diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.coverity 2014-01-13 20:52:49.853838149 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 20:52:49.854838142 +0100 -@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group( - if (group_name == NULL) { - ret = ECGOTHER; - last_errno = errno; -- free(template_name); - goto end; - } - -diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c ---- libcgroup-0.41/src/config.c.coverity 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/config.c 2014-01-13 20:52:49.854838142 +0100 -@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty +diff --git a/src/config.c b/src/config.c +index 3ffa263..b5d51b3 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -326,7 +326,7 @@ int config_group_task_perm(char *perm_type, char *value, int flag) long val = atoi(value); char buffer[CGROUP_BUFFER_LEN]; struct cgroup *config_cgroup; @@ -21,7 +11,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c switch (flag) { case CGROUP: -@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty +@@ -370,10 +370,10 @@ int config_group_task_perm(char *perm_type, char *value, int flag) if (!group) goto group_task_error; @@ -34,7 +24,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c free(group); goto group_task_error; } -@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t +@@ -439,7 +439,7 @@ int config_group_admin_perm(char *perm_type, char *value, int flag) struct cgroup *config_cgroup; long val = atoi(value); char buffer[CGROUP_BUFFER_LEN]; @@ -43,7 +33,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c switch (flag) { case CGROUP: -@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t +@@ -482,10 +482,10 @@ int config_group_admin_perm(char *perm_type, char *value, int flag) if (!group) goto admin_error; @@ -56,10 +46,11 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c free(group); goto admin_error; } -diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c ---- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/daemon/cgrulesengd.c 2014-01-13 20:52:49.854838142 +0100 -@@ -646,7 +646,7 @@ close: +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c +index 4cef53e..90920d1 100644 +--- a/src/daemon/cgrulesengd.c ++++ b/src/daemon/cgrulesengd.c +@@ -654,7 +654,7 @@ close: static int cgre_create_netlink_socket_process_msg(void) { @@ -68,22 +59,11 @@ diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/dae struct sockaddr_nl my_nla; char buff[BUFF_SIZE]; int rc = -1; -@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr - } - - close_and_exit: -- if (sk_nl > 0) -+ if (sk_nl > -1) - close(sk_nl); -- if (sk_unix > 0) -+ if (sk_unix > -1) - close(sk_unix); - return rc; - } -diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c ---- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200 -+++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100 -@@ -97,11 +97,11 @@ static int display_controller_data(char +diff --git a/src/tools/lscgroup.c b/src/tools/lscgroup.c +index bfb1724..d15a0c2 100644 +--- a/src/tools/lscgroup.c ++++ b/src/tools/lscgroup.c +@@ -96,11 +96,11 @@ static int display_controller_data(char *input_path, char *controller, char *nam if (ret != 0) return ret; diff --git a/libcgroup-0.40.rc1-fread.patch b/libcgroup-0.40.rc1-fread.patch index acc7eba..c02d824 100644 --- a/libcgroup-0.40.rc1-fread.patch +++ b/libcgroup-0.40.rc1-fread.patch @@ -1,7 +1,8 @@ -diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.fread 2014-01-13 21:01:32.067067615 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 21:01:32.070067594 +0100 -@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s +diff --git a/src/api.c b/src/api.c +index 54a6736..1557393 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -2482,29 +2482,29 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, const char *file, char **value) { char path[FILENAME_MAX]; @@ -20,7 +21,7 @@ diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c + if (ctrl_file < 0) return ECGROUPVALUENOTEXIST; - *value = calloc(CG_VALUE_MAX, 1); + *value = calloc(CG_CONTROL_VALUE_MAX, 1); if (!*value) { - fclose(ctrl_file); + close(ctrl_file); @@ -33,12 +34,12 @@ diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c + * using %as or fread crashes when we try to read from files like * memory.stat */ -- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file); -+ ret = read(ctrl_file, *value, CG_VALUE_MAX-1); +- ret = fread(*value, 1, CG_CONTROL_VALUE_MAX-1, ctrl_file); ++ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1); if (ret < 0) { free(*value); *value = NULL; -@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s +@@ -2514,7 +2514,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, (*value)[ret-1] = '\0'; } diff --git a/libcgroup-0.41-CVE-2018-14348.patch b/libcgroup-0.41-CVE-2018-14348.patch deleted file mode 100644 index e43bca9..0000000 --- a/libcgroup-0.41-CVE-2018-14348.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 94e9dcead2e8bce00deeef08ea364ec6dc7e1f45 Mon Sep 17 00:00:00 2001 -From: Michal Hocko -Date: Wed, 18 Jul 2018 11:24:29 +0200 -Subject: [PATCH] cgrulesengd: remove umask(0) - -One of our partners has noticed that cgred daemon is creating a log file -(/var/log/cgred) with too wide permissions (0666) and that is seen as -a security bug because an untrusted user can write to otherwise -restricted area. CVE-2018-14348 has been assigned to this issue. - -Signed-off-by: Michal Hocko -Acked-by: Balbir Singh ---- - src/daemon/cgrulesengd.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c -index 170837a..41aadd4 100644 ---- a/src/daemon/cgrulesengd.c -+++ b/src/daemon/cgrulesengd.c -@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf, - } else if (pid > 0) { - exit(EXIT_SUCCESS); - } -- -- /* Change the file mode mask. */ -- umask(0); - } else { - flog(LOG_DEBUG, "Not using daemon mode\n"); - pid = getpid(); --- -2.17.1 - diff --git a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch b/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch deleted file mode 100644 index 9700530..0000000 --- a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 72a9e0c3d4f8daca9f7dc389edbc1013d7c0d808 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Fri, 8 Apr 2016 17:00:19 +0200 -Subject: [PATCH] api.c: fix order of memory subsystem parameters generated by - cgsnapshot -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Order of parameters usually doesn't matter, but that's not the case with -memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter -is first in the list of parameters, the resulting configuration is not -loadable with cgconfigparser. - -This happens because when a cgroup is created, both memory.limit_in_bytes -and memory.memsw.limit_in_bytes parameters are initialized to highest -value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes -must be always higher or equal to memory.limit_in_bytes, it's impossible -to change its value first. - -Make sure that after constructing parameter list of memory subsystem, -the mentioned parameters are in correct order. - -Signed-off-by: Nikola Forró ---- - src/api.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/src/api.c b/src/api.c -index 0bf0615..f5da553 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2651,6 +2651,30 @@ int cgroup_get_cgroup(struct cgroup *cgroup) - } - } - closedir(dir); -+ -+ if (! strcmp(cgc->name, "memory")) { -+ /* -+ * Make sure that memory.limit_in_bytes is placed before -+ * memory.memsw.limit_in_bytes in the list of values -+ */ -+ int memsw_limit = -1; -+ int mem_limit = -1; -+ -+ for (j = 0; j < cgc->index; j++) { -+ if (! strcmp(cgc->values[j]->name, -+ "memory.memsw.limit_in_bytes")) -+ memsw_limit = j; -+ else if (! strcmp(cgc->values[j]->name, -+ "memory.limit_in_bytes")) -+ mem_limit = j; -+ } -+ -+ if (memsw_limit >= 0 && memsw_limit < mem_limit) { -+ struct control_value *val = cgc->values[memsw_limit]; -+ cgc->values[memsw_limit] = cgc->values[mem_limit]; -+ cgc->values[mem_limit] = val; -+ } -+ } - } - - /* Check if the group really exists or not */ --- -2.4.11 - diff --git a/libcgroup-0.41-api.c-preserve-dirty-flag.patch b/libcgroup-0.41-api.c-preserve-dirty-flag.patch deleted file mode 100644 index 0836334..0000000 --- a/libcgroup-0.41-api.c-preserve-dirty-flag.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ad27a46d8c0e180f71b4606d7b2a3bd3bebd7bbf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Thu, 13 Oct 2016 13:42:30 +0200 -Subject: [PATCH] api.c: preserve dirty flag when copying controller values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When setting cgroup parameters with cgset fails, no error is reported. -This is caused by the fact that cgroup_copy_controller_values is not -preserving dirty flags of the values, so it's making all errors -considered non-fatal. - -Signed-off-by: Nikola Forró ---- - src/api.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/api.c b/src/api.c -index 0bf0615..daf4ef0 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1687,6 +1687,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, - dst_val = dst->values[i]; - strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); - strncpy(dst_val->name, src_val->name, FILENAME_MAX); -+ dst_val->dirty = src_val->dirty; - } - err: - return ret; --- -2.7.4 - diff --git a/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch b/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch deleted file mode 100644 index fba6b9b..0000000 --- a/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 691430206f1104b752b0e52386f317e639137788 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 15 Sep 2014 13:29:39 +0200 -Subject: [PATCH] api.c: support for setting multiline values in control files - -As of now, libcgroup does not support multiline values setting from configuration files. i.e. values in a form: - -net_prio.ifpriomap="lo 7 -eth0 66 -eth1 5 -eth2 4 -eth3 3"; - -Thus, setting of more network interfaces can not be done from configuration file. Or - -devices.allow="a *:* w -c 8:* r"; - -thus setting list of allow devices can not be set as well. The only way is to set it from userspace, e.g.: -# echo "lo 7" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 0" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 1" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 2" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 3" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap - -This patch allows setting of multiline variables. - -How this support works: -Multiline value is broken in lines and each line is set by write (man 2 write) syscall (without bufferring). -This implies change of fopen with open, fclose with close. -There is no control on multiline value, thus "eth0\n \t\n" can be set. However, setting -of " \t" will fail as write command returns -1. Thus administrator has to set correct -multiline values. - -Tested on virtual machine with fedora and rhel with network interface lo, eth0-eth3. Configuration file: - -# cat /etc/cgconfig.conf -group testGroup { - net_prio { - net_prio.ifpriomap="lo 7 -eth0 66 -eth1 5 -eth2 4 -eth3 3"; - } -} - -net_prio has to be created before: -# modprobe netprio_cgroup -# mkdir /sys/fs/cgroup/net_prio -# mount -t cgroup -onet_prio none /sys/fs/cgroup/net_prio - -Changelog: - test of success of strdup call - free str_val before return (str_val is changing in while cycle, - thus str_start_val points to the start of str_val before while) - -Signed-off-by: Jan Chaloupka ---- - src/api.c | 50 ++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 44 insertions(+), 6 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 5751b8f..d6c9d3a 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1495,13 +1495,18 @@ static int cg_create_control_group(const char *path) - */ - static int cg_set_control_value(char *path, const char *val) - { -- FILE *control_file = NULL; -+ int ctl_file; -+ char *str_val; -+ char *str_val_start; -+ char *pos; -+ size_t len; -+ - if (!cg_test_mounted_fs()) - return ECGROUPNOTMOUNTED; - -- control_file = fopen(path, "r+e"); -+ ctl_file = open(path, O_RDWR | O_CLOEXEC); - -- if (!control_file) { -+ if (ctl_file == -1) { - if (errno == EPERM) { - /* - * We need to set the correct error value, does the -@@ -1512,6 +1517,7 @@ static int cg_set_control_value(char *path, const char *val) - */ - char *path_dir_end; - char *tasks_path; -+ FILE *control_file; - - path_dir_end = strrchr(path, '/'); - if (path_dir_end == NULL) -@@ -1543,15 +1549,47 @@ static int cg_set_control_value(char *path, const char *val) - return ECGROUPVALUENOTEXIST; - } - -- if (fprintf(control_file, "%s", val) < 0) { -+ /* Split the multiline value into lines. */ -+ /* One line is a special case of multiline value. */ -+ str_val = strdup(val); -+ if (str_val == NULL) { - last_errno = errno; -- fclose(control_file); -+ close(ctl_file); - return ECGOTHER; - } -- if (fclose(control_file) < 0) { -+ -+ str_val_start = str_val; -+ pos = str_val; -+ -+ do { -+ str_val = pos; -+ pos = strchr(str_val, '\n'); -+ -+ if (pos) { -+ *pos = '\0'; -+ ++pos; -+ } -+ -+ len = strlen(str_val); -+ if (len > 0) { -+ if (write(ctl_file, str_val, len) == -1) { -+ last_errno = errno; -+ free(str_val_start); -+ close(ctl_file); -+ return ECGOTHER; -+ } -+ } else -+ cgroup_warn("Warning: skipping empty line for %s\n", -+ path); -+ } while(pos); -+ -+ if (close(ctl_file)) { - last_errno = errno; -+ free(str_val_start); - return ECGOTHER; - } -+ -+ free(str_val_start); - return 0; - } - --- -1.9.3 - diff --git a/libcgroup-0.41-fix-infinite-loop.patch b/libcgroup-0.41-fix-infinite-loop.patch deleted file mode 100644 index a41347b..0000000 --- a/libcgroup-0.41-fix-infinite-loop.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 62bab9d121d4fb416205f5ac53ad342184ae42b6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 8 Dec 2015 16:53:41 +0100 -Subject: [PATCH 2/6] api.c: fix infinite loop - -If getgrnam or getpwuid functions failed, the program entered -an infinite loop, because the rule pointer was never advanced. -This is now fixed by updating the pointer before continuing -to the next iteration. ---- - src/api.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index df90a6f..217d6c9 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2664,13 +2664,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid, - /* Get the group data. */ - sp = &(rule->username[1]); - grp = getgrnam(sp); -- if (!grp) -+ if (!grp) { -+ rule = rule->next; - continue; -+ } - - /* Get the data for UID. */ - usr = getpwuid(uid); -- if (!usr) -+ if (!usr) { -+ rule = rule->next; - continue; -+ } - - /* If UID is a member of group, we matched. */ - for (i = 0; grp->gr_mem[i]; i++) { --- -2.17.0 - diff --git a/libcgroup-0.41-fix-log-level.patch b/libcgroup-0.41-fix-log-level.patch deleted file mode 100644 index 30055e3..0000000 --- a/libcgroup-0.41-fix-log-level.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7c99c167f41d3f8810808436d2ac58afc3a7d6c7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:33:03 +0200 -Subject: [PATCH 5/6] api.c: Fix level of failed user/group lookup warnings -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Nikola Forró ---- - src/api.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 51081b4..efde2d1 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -639,7 +639,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, - uid = CGRULE_INVALID; - gid = grp->gr_gid; - } else { -- cgroup_dbg("Warning: Entry for %s not" -+ cgroup_warn("Warning: Entry for %s not" - "found. Skipping rule on line" - " %d.\n", itr, linenum); - skipped = true; -@@ -656,7 +656,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, - uid = pwd->pw_uid; - gid = CGRULE_INVALID; - } else { -- cgroup_dbg("Warning: Entry for %s not" -+ cgroup_warn("Warning: Entry for %s not" - "found. Skipping rule on line" - " %d.\n", user, linenum); - skipped = true; --- -2.17.0 - diff --git a/libcgroup-0.41-lex.patch b/libcgroup-0.41-lex.patch deleted file mode 100644 index bcd536a..0000000 --- a/libcgroup-0.41-lex.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a8c2e967e74d280cd3b8554af0c95d823647d1c0 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Thu, 6 Feb 2014 11:43:18 +0100 -Subject: [PATCH] lex updated, additional '\' char for ID token - ---- - libcgroup-0.41/src/lex.l | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libcgroup-0.41/src/lex.l b/libcgroup-0.41/src/lex.l -index 1b357db..d7bf575 100644 ---- a/libcgroup-0.41/src/lex.l -+++ b/libcgroup-0.41/src/lex.l -@@ -43,7 +43,7 @@ jmp_buf parser_error_env; - "namespace" {return NAMESPACE;} - "template" {return TEMPLATE;} - "default" {return DEFAULT;} --[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;} -+[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;} - \"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; } - . {return yytext[0];} - %% --- -1.8.5.3 - diff --git a/libcgroup-0.41-prevent-buffer-overflow.patch b/libcgroup-0.41-prevent-buffer-overflow.patch deleted file mode 100644 index d405159..0000000 --- a/libcgroup-0.41-prevent-buffer-overflow.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Wed, 22 Jun 2016 14:12:46 +0200 -Subject: [PATCH 3/6] api.c: fix potential buffer overflow -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It is assumed that arguments read from /proc//cmdline don't exceed -buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's -not always the case. - -Add check to prevent buffer overflow and discard the excessive part of -an argument. - -Signed-off-by: Nikola Forró ---- - src/api.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/api.c b/src/api.c -index 217d6c9..4d98081 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, - - while (c != EOF) { - c = fgetc(f); -- if ((c != EOF) && (c != '\0')) { -+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { - buf_pname[len] = c; - len++; - continue; - } - buf_pname[len] = '\0'; - -+ if (len == FILENAME_MAX - 1) -+ while ((c != EOF) && (c != '\0')) -+ c = fgetc(f); -+ - /* - * The taken process name from /proc//status is - * shortened to 15 characters if it is over. So the --- -2.17.0 - diff --git a/libcgroup-0.41-size-of-controller-values.patch b/libcgroup-0.41-size-of-controller-values.patch deleted file mode 100644 index 08aba87..0000000 --- a/libcgroup-0.41-size-of-controller-values.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 5a64a79144e58a62426a34ef51b14e891f042fa2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:54:38 +0200 -Subject: [PATCH 6/6] Increase maximal size of controller values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Maximal length of a controller value is determined by CG_VALUE_MAX, -which is equal to 100. That is not sufficient in some cases. - -Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API) -and set it to 4096, which is usually equal to the amount of bytes that -can be written to a sysctl file directly. - -Add warning message about exceeding the limit while parsing -configuration file. - -Signed-off-by: Nikola Forró ---- - src/api.c | 6 +++--- - src/libcgroup-internal.h | 5 ++++- - src/tools/cgset.c | 4 ++-- - src/wrapper.c | 17 ++++++++++++----- - 4 files changed, 21 insertions(+), 11 deletions(-) - -diff --git a/src/api.c b/src/api.c -index efde2d1..1cd30df 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1561,7 +1561,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, - } - - dst_val = dst->values[i]; -- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); -+ strncpy(dst_val->value, src_val->value, CG_CONTROL_VALUE_MAX); - strncpy(dst_val->name, src_val->name, FILENAME_MAX); - dst_val->dirty = src_val->dirty; - } -@@ -2286,7 +2286,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, - if (ctrl_file < 0) - return ECGROUPVALUENOTEXIST; - -- *value = calloc(CG_VALUE_MAX, 1); -+ *value = calloc(CG_CONTROL_VALUE_MAX, 1); - if (!*value) { - close(ctrl_file); - last_errno = errno; -@@ -2297,7 +2297,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, - * using %as or fread crashes when we try to read from files like - * memory.stat - */ -- ret = read(ctrl_file, *value, CG_VALUE_MAX-1); -+ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1); - if (ret < 0) { - free(*value); - *value = NULL; -diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h -index 4c0f46c..3a8e336 100644 ---- a/src/libcgroup-internal.h -+++ b/src/libcgroup-internal.h -@@ -32,6 +32,9 @@ __BEGIN_DECLS - /* Estimated number of groups created */ - #define MAX_GROUP_ELEMENTS 128 - -+/* Maximum length of a value */ -+#define CG_CONTROL_VALUE_MAX 4096 -+ - #define CG_NV_MAX 100 - #define CG_CONTROLLER_MAX 100 - /* Max number of mounted hierarchies. Event if one controller is mounted per -@@ -73,7 +76,7 @@ __BEGIN_DECLS - - struct control_value { - char name[FILENAME_MAX]; -- char value[CG_VALUE_MAX]; -+ char value[CG_CONTROL_VALUE_MAX]; - bool dirty; - }; - -diff --git a/src/tools/cgset.c b/src/tools/cgset.c -index ea9f90d..3d3c8cc 100644 ---- a/src/tools/cgset.c -+++ b/src/tools/cgset.c -@@ -151,8 +151,8 @@ int main(int argc, char *argv[]) - goto err; - } - -- strncpy(name_value[nv_number].value, buf, CG_VALUE_MAX); -- name_value[nv_number].value[CG_VALUE_MAX-1] = '\0'; -+ strncpy(name_value[nv_number].value, buf, CG_CONTROL_VALUE_MAX); -+ name_value[nv_number].value[CG_CONTROL_VALUE_MAX-1] = '\0'; - - nv_number++; - break; -diff --git a/src/wrapper.c b/src/wrapper.c -index c03472a..0952823 100644 ---- a/src/wrapper.c -+++ b/src/wrapper.c -@@ -132,10 +132,10 @@ int cgroup_add_value_string(struct cgroup_controller *controller, - if (!controller) - return ECGINVAL; - -- if (controller->index >= CG_VALUE_MAX) -+ if (controller->index >= CG_NV_MAX) - return ECGMAXVALUESEXCEEDED; - -- for (i = 0; i < controller->index && i < CG_VALUE_MAX; i++) { -+ for (i = 0; i < controller->index && i < CG_NV_MAX; i++) { - if (!strcmp(controller->values[i]->name, name)) - return ECGVALUEEXISTS; - } -@@ -145,8 +145,15 @@ int cgroup_add_value_string(struct cgroup_controller *controller, - if (!cntl_value) - return ECGCONTROLLERCREATEFAILED; - -- strncpy(cntl_value->name, name, sizeof(cntl_value->name)); -- strncpy(cntl_value->value, value, sizeof(cntl_value->value)); -+ if (strlen(value) >= sizeof(cntl_value->value)) { -+ fprintf(stderr, "value exceeds the maximum of %d characters\n", -+ sizeof(cntl_value->value)); -+ free(cntl_value); -+ return ECGCONFIGPARSEFAIL; -+ } -+ -+ strncpy(cntl_value->name, name, sizeof(cntl_value->name) - 1); -+ strncpy(cntl_value->value, value, sizeof(cntl_value->value) - 1); - cntl_value->dirty = true; - controller->values[controller->index] = cntl_value; - controller->index++; -@@ -356,7 +363,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller, - for (i = 0; i < controller->index; i++) { - struct control_value *val = controller->values[i]; - if (!strcmp(val->name, name)) { -- strncpy(val->value, value, CG_VALUE_MAX); -+ strncpy(val->value, value, CG_CONTROL_VALUE_MAX - 1); - val->dirty = true; - return 0; - } --- -2.17.0 - diff --git a/libcgroup-0.41-tasks-file-warning.patch b/libcgroup-0.41-tasks-file-warning.patch deleted file mode 100644 index e094613..0000000 --- a/libcgroup-0.41-tasks-file-warning.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 437b68f34c459d136c806e61dafb5825d2f97170 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:32:28 +0200 -Subject: [PATCH 4/6] api.c: Show warning when tasks file can not be opened -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Nikola Forró ---- - src/api.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 4d98081..51081b4 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1190,12 +1190,15 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) - if (!tasks) { - switch (errno) { - case EPERM: -- return ECGROUPNOTOWNER; -+ ret = ECGROUPNOTOWNER; -+ break; - case ENOENT: -- return ECGROUPNOTEXIST; -+ ret = ECGROUPNOTEXIST; -+ break; - default: -- return ECGROUPNOTALLOWED; -+ ret = ECGROUPNOTALLOWED; - } -+ goto err; - } - ret = fprintf(tasks, "%d", tid); - if (ret < 0) { -@@ -1214,7 +1217,8 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) - err: - cgroup_warn("Warning: cannot write tid %d to %s:%s\n", - tid, path, strerror(errno)); -- fclose(tasks); -+ if (tasks) -+ fclose(tasks); - return ret; - } - --- -2.17.0 - diff --git a/libcgroup.spec b/libcgroup.spec index 145c2e7..fddc12d 100644 --- a/libcgroup.spec +++ b/libcgroup.spec @@ -1,12 +1,13 @@ Summary: Tools and library to control and monitor control groups Summary(pl.UTF-8): Narzędzia i biblioteka do kontrolowania i monitorowania grup kontroli Name: libcgroup -Version: 0.41 -Release: 5 +Version: 0.42.2 +Release: 1 License: LGPL v2+ Group: Applications/System -Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2 -# Source0-md5: 3dea9d50b8a5b73ff0bf1cdcb210f63f +#Source0Download: https://github.com/libcgroup/libcgroup/releases +Source0: https://github.com/libcgroup/libcgroup/releases/download/v%{version}/%{name}-%{version}.tar.bz2 +# Source0-md5: 8311f5ea60c99756533fea40ee2e8a85 Source1: cgconfig.init Source2: cgred.init Source3: cgconfig.service @@ -19,24 +20,14 @@ Patch3: %{name}-0.37-chmod.patch Patch4: %{name}-0.40.rc1-coverity.patch Patch5: %{name}-0.40.rc1-fread.patch Patch6: %{name}-0.40.rc1-templates-fix.patch -Patch7: %{name}-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch -Patch8: %{name}-0.41-api.c-preserve-dirty-flag.patch -Patch9: %{name}-0.41-api.c-support-for-setting-multiline-values-in-contro.patch -Patch10: %{name}-0.41-change-cgroup-of-threads.patch -Patch11: %{name}-0.41-CVE-2018-14348.patch -Patch12: %{name}-0.41-fix-infinite-loop.patch -Patch13: %{name}-0.41-fix-log-level.patch -Patch14: %{name}-0.41-lex.patch -Patch15: %{name}-0.41-prevent-buffer-overflow.patch -Patch16: %{name}-0.41-size-of-controller-values.patch -Patch17: %{name}-0.41-tasks-file-warning.patch +Patch7: %{name}-0.41-change-cgroup-of-threads.patch URL: http://libcg.sourceforge.net/ -BuildRequires: autoconf >= 2.61 +BuildRequires: autoconf >= 2.69 BuildRequires: automake BuildRequires: bison BuildRequires: flex BuildRequires: libstdc++-devel -BuildRequires: libtool +BuildRequires: libtool >= 2:2 BuildRequires: pam-devel BuildRequires: python-devel >= 2 BuildRequires: rpmbuild(macros) >= 1.626 @@ -130,16 +121,6 @@ Wiązania Pythona do biblioteki libcgroup. %patch5 -p1 %patch6 -p1 %patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p2 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 %build %{__libtoolize} @@ -149,6 +130,7 @@ Wiązania Pythona do biblioteki libcgroup. %{__automake} %configure \ --disable-silent-rules \ + --disable-static \ --enable-bindings \ --enable-initscript-install \ --enable-opaque-hierarchy="name=systemd" \ @@ -172,9 +154,11 @@ cp -p %{SOURCE4} $RPM_BUILD_ROOT%{systemdunitdir}/cgred.service cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/cgred cp -a samples/cg{config,rules,snapshot_blacklist}.conf $RPM_BUILD_ROOT%{_sysconfdir} -mv $RPM_BUILD_ROOT%{_libdir}/libcgroup.so.* $RPM_BUILD_ROOT/%{_lib} +%{__mv} $RPM_BUILD_ROOT%{_libdir}/libcgroup.so.* $RPM_BUILD_ROOT/%{_lib} ln -snf ../../%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcgroup.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libcgroup.so +%{__rm} $RPM_BUILD_ROOT%{_libdir}/libcgroupfortesting.* + install -d $RPM_BUILD_ROOT%{py_sitedir} %{__mv} $RPM_BUILD_ROOT%{_libdir}/_libcgroup.so $RPM_BUILD_ROOT%{py_sitedir} %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/pam_cgroup.la -- 2.44.0