aboutsummaryrefslogtreecommitdiff
path: root/package/libseccomp/0001-remove-static.patch
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2019-03-21 08:40:43 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-03-24 09:01:02 +0100
commit02300786c2fcba2cf641a040a2d87c4022ddb7fc (patch)
treece6dfd4c87cfb43999974083f1b4558399583f2f /package/libseccomp/0001-remove-static.patch
parentecc2c563696abf584ac78d00c2293648a7cfed89 (diff)
downloadbuildroot-02300786c2fcba2cf641a040a2d87c4022ddb7fc.tar.gz
buildroot-02300786c2fcba2cf641a040a2d87c4022ddb7fc.tar.bz2
package/libseccomp: security bump to version 2.4.0
>From the advisory: Jann Horn identified a problem in current versions of libseccomp where the library did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE). Jann has done a search using codesearch.debian.net and it would appear that only systemd and Tor are using libseccomp in such a way as to trigger the bad code. In the case of systemd this appears to affect the socket address family and scheduling class filters. In the case of Tor it appears that the bad filters could impact the memory addresses passed to mprotect(2). The libseccomp v2.4.0 release fixes this problem, and should be a direct drop-in replacement for previous v2.x releases. https://www.openwall.com/lists/oss-security/2019/03/15/1 v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch to match. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libseccomp/0001-remove-static.patch')
-rw-r--r--package/libseccomp/0001-remove-static.patch18
1 files changed, 11 insertions, 7 deletions
diff --git a/package/libseccomp/0001-remove-static.patch b/package/libseccomp/0001-remove-static.patch
index 9f0ac210c7..60a1ff00b6 100644
--- a/package/libseccomp/0001-remove-static.patch
+++ b/package/libseccomp/0001-remove-static.patch
@@ -1,4 +1,4 @@
-From 8632287cf6863b580340f846ac14adf2609abdb0 Mon Sep 17 00:00:00 2001
+From 5d010fb06eae43b284e5ccc322f6de47eb42b751 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sat, 2 Jun 2018 13:45:22 +0200
Subject: [PATCH] remove static
@@ -14,16 +14,18 @@ and slighly updated to work with 2.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Peter: updated for v2.4.0 which adds scmp_api_level]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
- tools/Makefile.am | 2 --
- 1 file changed, 2 deletions(-)
+ tools/Makefile.am | 3 ---
+ 1 file changed, 3 deletions(-)
diff --git a/tools/Makefile.am b/tools/Makefile.am
-index 70b4aed..ef74270 100644
+index f768365..5f9d571 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
-@@ -35,8 +35,6 @@ scmp_bpf_disasm_SOURCES = scmp_bpf_disasm.c bpf.h util.h
- scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
+@@ -37,10 +37,7 @@ scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
+ scmp_api_level_SOURCES = scmp_api_level.c
scmp_sys_resolver_LDADD = ../src/libseccomp.la
-scmp_sys_resolver_LDFLAGS = -static
@@ -31,6 +33,8 @@ index 70b4aed..ef74270 100644
-scmp_arch_detect_LDFLAGS = -static
scmp_bpf_disasm_LDADD = util.la
scmp_bpf_sim_LDADD = util.la
+ scmp_api_level_LDADD = ../src/libseccomp.la
+-scmp_api_level_LDFLAGS = -static
--
-2.14.1
+2.11.0