diff --git a/bugfix-change-parser-match-order-fix-cgconfig-error.patch b/bugfix-change-parser-match-order-fix-cgconfig-error.patch deleted file mode 100644 index 0e062a365cc2651c2a814d5f4d9b47936d6ed50d..0000000000000000000000000000000000000000 --- a/bugfix-change-parser-match-order-fix-cgconfig-error.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur libcgroup-0.41.org/configure libcgroup-0.41/configure ---- libcgroup-0.41.org/configure 2018-08-23 04:23:34.965000000 -0400 -+++ libcgroup-0.41/configure 2018-08-23 04:24:16.706000000 -0400 -@@ -4689,7 +4689,7 @@ - fi - - --for ac_prog in 'bison -y' byacc -+for ac_prog in byacc 'bison -y' - do - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 diff --git a/config.patch b/config.patch index c79a2674f1a1a198a300433075d32bf8d4cf71d3..4bb89f6a856008a161a82693425165ed69173cc6 100644 --- a/config.patch +++ b/config.patch @@ -1,5 +1,5 @@ ---- libcgroup-0.41/samples/cgconfig.sysconfig.orig 2019-12-19 11:25:25.547000000 +0800 -+++ libcgroup-0.41/samples/cgconfig.sysconfig 2019-12-19 11:26:01.142000000 +0800 +--- libcgroup-0.42.2/samples/cgconfig.sysconfig.orig 2019-12-19 11:25:25.547000000 +0800 ++++ libcgroup-0.42.2/samples/cgconfig.sysconfig 2019-12-19 11:26:01.142000000 +0800 @@ -5,8 +5,5 @@ # controller to limit cpu.shares of this default group and allowing some more # important group take most of the CPU. diff --git a/libcgroup-0.37-chmod.patch b/libcgroup-0.37-chmod.patch index bca595f5debf81fd8bbc6640b310e2a84b46f745..70afb69ed964712b4aff3b4d6700818685cccf32 100644 --- a/libcgroup-0.37-chmod.patch +++ b/libcgroup-0.37-chmod.patch @@ -1,7 +1,8 @@ -diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.chmod 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 20:41:55.255577622 +0100 -@@ -153,6 +153,10 @@ static int cg_chown_file(FTS *fts, FTSEN +diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c +index 24ae48d..54a6736 100644 +--- libcgroup-0.42.2/src/api.c ++++ libcgroup-0.42.2/src/api.c +@@ -159,6 +159,10 @@ static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t owner, gid_t group) return ret; } @@ -12,7 +13,7 @@ diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c /* * TODO: Need to decide a better place to put this function. */ -@@ -160,6 +164,8 @@ static int cg_chown_recursive(char **pat +@@ -166,6 +170,8 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group) { int ret = 0; FTS *fts; @@ -21,7 +22,7 @@ diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c cgroup_dbg("chown: path is %s\n", *path); fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR | -@@ -177,6 +183,7 @@ static int cg_chown_recursive(char **pat +@@ -183,6 +189,7 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group) cgroup_warn("Warning: fts_read failed\n"); break; } diff --git a/libcgroup-0.40.rc1-coverity.patch b/libcgroup-0.40.rc1-coverity.patch index 439abf177ad8765ce44332fce95d0cc7742a1ec0..481358b8c7999fb7dd892773ccf5935e36b36cca 100644 --- a/libcgroup-0.40.rc1-coverity.patch +++ b/libcgroup-0.40.rc1-coverity.patch @@ -1,18 +1,8 @@ -diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.coverity 2014-01-13 20:52:49.853838149 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 20:52:49.854838142 +0100 -@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group( - if (group_name == NULL) { - ret = ECGOTHER; - last_errno = errno; -- free(template_name); - goto end; - } - -diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c ---- libcgroup-0.41/src/config.c.coverity 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/config.c 2014-01-13 20:52:49.854838142 +0100 -@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty +diff --git libcgroup-0.42.2/src/config.c libcgroup-0.42.2/src/config.c +index 3ffa263..b5d51b3 100644 +--- libcgroup-0.42.2/src/config.c ++++ libcgroup-0.42.2/src/config.c +@@ -326,7 +326,7 @@ int config_group_task_perm(char *perm_type, char *value, int flag) long val = atoi(value); char buffer[CGROUP_BUFFER_LEN]; struct cgroup *config_cgroup; @@ -21,7 +11,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c switch (flag) { case CGROUP: -@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty +@@ -370,10 +370,10 @@ int config_group_task_perm(char *perm_type, char *value, int flag) if (!group) goto group_task_error; @@ -34,7 +24,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c free(group); goto group_task_error; } -@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t +@@ -439,7 +439,7 @@ int config_group_admin_perm(char *perm_type, char *value, int flag) struct cgroup *config_cgroup; long val = atoi(value); char buffer[CGROUP_BUFFER_LEN]; @@ -43,7 +33,7 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c switch (flag) { case CGROUP: -@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t +@@ -482,10 +482,10 @@ int config_group_admin_perm(char *perm_type, char *value, int flag) if (!group) goto admin_error; @@ -56,10 +46,11 @@ diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c free(group); goto admin_error; } -diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c ---- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/daemon/cgrulesengd.c 2014-01-13 20:52:49.854838142 +0100 -@@ -646,7 +646,7 @@ close: +diff --git libcgroup-0.42.2/src/daemon/cgrulesengd.c libcgroup-0.42.2/src/daemon/cgrulesengd.c +index 4cef53e..90920d1 100644 +--- libcgroup-0.42.2/src/daemon/cgrulesengd.c ++++ libcgroup-0.42.2/src/daemon/cgrulesengd.c +@@ -654,7 +654,7 @@ close: static int cgre_create_netlink_socket_process_msg(void) { @@ -68,22 +59,11 @@ diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/dae struct sockaddr_nl my_nla; char buff[BUFF_SIZE]; int rc = -1; -@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr - } - - close_and_exit: -- if (sk_nl > 0) -+ if (sk_nl > -1) - close(sk_nl); -- if (sk_unix > 0) -+ if (sk_unix > -1) - close(sk_unix); - return rc; - } -diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c ---- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200 -+++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100 -@@ -97,11 +97,11 @@ static int display_controller_data(char +diff --git libcgroup-0.42.2/src/tools/lscgroup.c libcgroup-0.42.2/src/tools/lscgroup.c +index bfb1724..d15a0c2 100644 +--- libcgroup-0.42.2/src/tools/lscgroup.c ++++ libcgroup-0.42.2/src/tools/lscgroup.c +@@ -96,11 +96,11 @@ static int display_controller_data(char *input_path, char *controller, char *nam if (ret != 0) return ret; diff --git a/libcgroup-0.40.rc1-fread.patch b/libcgroup-0.40.rc1-fread.patch index acc7eba3b2a3ece87535e4fff5dc87d553444c74..8f1388e516f3c9893c02d7cc31f6a66b21b2b419 100644 --- a/libcgroup-0.40.rc1-fread.patch +++ b/libcgroup-0.40.rc1-fread.patch @@ -1,7 +1,8 @@ -diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.fread 2014-01-13 21:01:32.067067615 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 21:01:32.070067594 +0100 -@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s +diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c +index 54a6736..1557393 100644 +--- libcgroup-0.42.2/src/api.c ++++ libcgroup-0.42.2/src/api.c +@@ -2482,29 +2482,29 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, const char *file, char **value) { char path[FILENAME_MAX]; @@ -20,7 +21,7 @@ diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c + if (ctrl_file < 0) return ECGROUPVALUENOTEXIST; - *value = calloc(CG_VALUE_MAX, 1); + *value = calloc(CG_CONTROL_VALUE_MAX, 1); if (!*value) { - fclose(ctrl_file); + close(ctrl_file); @@ -33,12 +34,12 @@ diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c + * using %as or fread crashes when we try to read from files like * memory.stat */ -- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file); -+ ret = read(ctrl_file, *value, CG_VALUE_MAX-1); +- ret = fread(*value, 1, CG_CONTROL_VALUE_MAX-1, ctrl_file); ++ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1); if (ret < 0) { free(*value); *value = NULL; -@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s +@@ -2514,7 +2514,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, (*value)[ret-1] = '\0'; } diff --git a/libcgroup-0.40.rc1-templates-fix.patch b/libcgroup-0.40.rc1-templates-fix.patch index 50e9aea8f59b565f331a15c0a2e01e06b0eafb73..8bbfa43bc2a54cb979e8663e9f41ebf9651093a8 100644 --- a/libcgroup-0.40.rc1-templates-fix.patch +++ b/libcgroup-0.40.rc1-templates-fix.patch @@ -1,7 +1,8 @@ -diff -up libcgroup-0.41/src/api.c.templates-fix libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.templates-fix 2014-01-13 21:04:36.933747000 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 21:16:44.478580105 +0100 -@@ -2974,10 +2974,10 @@ int cgroup_change_cgroup_flags(uid_t uid +diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c +index 1557393..318a438 100644 +--- libcgroup-0.42.2/src/api.c ++++ libcgroup-0.42.2/src/api.c +@@ -3457,10 +3457,10 @@ int cgroup_change_cgroup_flags(uid_t uid, gid_t gid, available, "%d", pid); break; case 'p': diff --git a/libcgroup-0.41-CVE-2018-14348.patch b/libcgroup-0.41-CVE-2018-14348.patch deleted file mode 100644 index e43bca9addbc6855314910947ee8c711a9522273..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-CVE-2018-14348.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 94e9dcead2e8bce00deeef08ea364ec6dc7e1f45 Mon Sep 17 00:00:00 2001 -From: Michal Hocko -Date: Wed, 18 Jul 2018 11:24:29 +0200 -Subject: [PATCH] cgrulesengd: remove umask(0) - -One of our partners has noticed that cgred daemon is creating a log file -(/var/log/cgred) with too wide permissions (0666) and that is seen as -a security bug because an untrusted user can write to otherwise -restricted area. CVE-2018-14348 has been assigned to this issue. - -Signed-off-by: Michal Hocko -Acked-by: Balbir Singh ---- - src/daemon/cgrulesengd.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c -index 170837a..41aadd4 100644 ---- a/src/daemon/cgrulesengd.c -+++ b/src/daemon/cgrulesengd.c -@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf, - } else if (pid > 0) { - exit(EXIT_SUCCESS); - } -- -- /* Change the file mode mask. */ -- umask(0); - } else { - flog(LOG_DEBUG, "Not using daemon mode\n"); - pid = getpid(); --- -2.17.1 - diff --git a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch b/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch deleted file mode 100644 index 970053055ee59d400d8494ecda77ac9faa9314f7..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 72a9e0c3d4f8daca9f7dc389edbc1013d7c0d808 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Fri, 8 Apr 2016 17:00:19 +0200 -Subject: [PATCH] api.c: fix order of memory subsystem parameters generated by - cgsnapshot -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Order of parameters usually doesn't matter, but that's not the case with -memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter -is first in the list of parameters, the resulting configuration is not -loadable with cgconfigparser. - -This happens because when a cgroup is created, both memory.limit_in_bytes -and memory.memsw.limit_in_bytes parameters are initialized to highest -value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes -must be always higher or equal to memory.limit_in_bytes, it's impossible -to change its value first. - -Make sure that after constructing parameter list of memory subsystem, -the mentioned parameters are in correct order. - -Signed-off-by: Nikola Forró ---- - src/api.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/src/api.c b/src/api.c -index 0bf0615..f5da553 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2651,6 +2651,30 @@ int cgroup_get_cgroup(struct cgroup *cgroup) - } - } - closedir(dir); -+ -+ if (! strcmp(cgc->name, "memory")) { -+ /* -+ * Make sure that memory.limit_in_bytes is placed before -+ * memory.memsw.limit_in_bytes in the list of values -+ */ -+ int memsw_limit = -1; -+ int mem_limit = -1; -+ -+ for (j = 0; j < cgc->index; j++) { -+ if (! strcmp(cgc->values[j]->name, -+ "memory.memsw.limit_in_bytes")) -+ memsw_limit = j; -+ else if (! strcmp(cgc->values[j]->name, -+ "memory.limit_in_bytes")) -+ mem_limit = j; -+ } -+ -+ if (memsw_limit >= 0 && memsw_limit < mem_limit) { -+ struct control_value *val = cgc->values[memsw_limit]; -+ cgc->values[memsw_limit] = cgc->values[mem_limit]; -+ cgc->values[mem_limit] = val; -+ } -+ } - } - - /* Check if the group really exists or not */ --- -2.4.11 - diff --git a/libcgroup-0.41-api.c-preserve-dirty-flag.patch b/libcgroup-0.41-api.c-preserve-dirty-flag.patch deleted file mode 100644 index 0836334a20dcaa682656fdb956c6f5f03cfa53ec..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-api.c-preserve-dirty-flag.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ad27a46d8c0e180f71b4606d7b2a3bd3bebd7bbf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Thu, 13 Oct 2016 13:42:30 +0200 -Subject: [PATCH] api.c: preserve dirty flag when copying controller values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When setting cgroup parameters with cgset fails, no error is reported. -This is caused by the fact that cgroup_copy_controller_values is not -preserving dirty flags of the values, so it's making all errors -considered non-fatal. - -Signed-off-by: Nikola Forró ---- - src/api.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/api.c b/src/api.c -index 0bf0615..daf4ef0 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1687,6 +1687,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, - dst_val = dst->values[i]; - strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); - strncpy(dst_val->name, src_val->name, FILENAME_MAX); -+ dst_val->dirty = src_val->dirty; - } - err: - return ret; --- -2.7.4 - diff --git a/libcgroup-0.41-change-cgroup-of-threads.patch b/libcgroup-0.41-change-cgroup-of-threads.patch deleted file mode 100644 index 913ce0fa6f93b14a4b4511bbc3e21b1fa691a958..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-change-cgroup-of-threads.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 647274d80d18686a3129a2b50605869ac5178ccf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 8 Dec 2015 17:09:08 +0100 -Subject: [PATCH 1/6] api.c: change cgroup of every thread of a process - -When changing cgroup of multi-threaded process, only the main threads -cgroup actually changed. Now all threads of a process are enumerated -and cgroup is changed for each of them. ---- - src/api.c | 26 +++++++++++++++++++++----- - 1 file changed, 21 insertions(+), 5 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 0cc15c6..df90a6f 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -3177,10 +3177,13 @@ int cgroup_change_all_cgroups(void) - return -ECGOTHER; - - while ((pid_dir = readdir(dir)) != NULL) { -- int err, pid; -+ int err, pid, tid; - uid_t euid; - gid_t egid; - char *procname = NULL; -+ DIR *tdir; -+ struct dirent *tid_dir = NULL; -+ char tpath[FILENAME_MAX] = { '\0' }; - - err = sscanf(pid_dir->d_name, "%i", &pid); - if (err < 1) -@@ -3194,11 +3197,24 @@ int cgroup_change_all_cgroups(void) - if (err) - continue; - -- err = cgroup_change_cgroup_flags(euid, -- egid, procname, pid, CGFLAG_USECACHE); -- if (err) -- cgroup_dbg("cgroup change pid %i failed\n", pid); -+ snprintf(tpath, FILENAME_MAX, "%s%d/task/", path, pid); -+ -+ tdir = opendir(tpath); -+ if (!tdir) -+ continue; -+ -+ while ((tid_dir = readdir(tdir)) != NULL) { -+ err = sscanf(tid_dir->d_name, "%i", &tid); -+ if (err < 1) -+ continue; -+ -+ err = cgroup_change_cgroup_flags(euid, -+ egid, procname, tid, CGFLAG_USECACHE); -+ if (err) -+ cgroup_dbg("cgroup change tid %i failed\n", tid); -+ } - -+ closedir(tdir); - free(procname); - } - --- -2.17.0 - diff --git a/libcgroup-0.41-fix-infinite-loop.patch b/libcgroup-0.41-fix-infinite-loop.patch deleted file mode 100644 index a41347b22d0b303db10aa19238dcd1ecc2bbe0ab..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-fix-infinite-loop.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 62bab9d121d4fb416205f5ac53ad342184ae42b6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 8 Dec 2015 16:53:41 +0100 -Subject: [PATCH 2/6] api.c: fix infinite loop - -If getgrnam or getpwuid functions failed, the program entered -an infinite loop, because the rule pointer was never advanced. -This is now fixed by updating the pointer before continuing -to the next iteration. ---- - src/api.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index df90a6f..217d6c9 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2664,13 +2664,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid, - /* Get the group data. */ - sp = &(rule->username[1]); - grp = getgrnam(sp); -- if (!grp) -+ if (!grp) { -+ rule = rule->next; - continue; -+ } - - /* Get the data for UID. */ - usr = getpwuid(uid); -- if (!usr) -+ if (!usr) { -+ rule = rule->next; - continue; -+ } - - /* If UID is a member of group, we matched. */ - for (i = 0; grp->gr_mem[i]; i++) { --- -2.17.0 - diff --git a/libcgroup-0.41-fix-log-level.patch b/libcgroup-0.41-fix-log-level.patch deleted file mode 100644 index 30055e3220bd7c61f10b503a76160797bb54adc7..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-fix-log-level.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7c99c167f41d3f8810808436d2ac58afc3a7d6c7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:33:03 +0200 -Subject: [PATCH 5/6] api.c: Fix level of failed user/group lookup warnings -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Nikola Forró ---- - src/api.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 51081b4..efde2d1 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -639,7 +639,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, - uid = CGRULE_INVALID; - gid = grp->gr_gid; - } else { -- cgroup_dbg("Warning: Entry for %s not" -+ cgroup_warn("Warning: Entry for %s not" - "found. Skipping rule on line" - " %d.\n", itr, linenum); - skipped = true; -@@ -656,7 +656,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, - uid = pwd->pw_uid; - gid = CGRULE_INVALID; - } else { -- cgroup_dbg("Warning: Entry for %s not" -+ cgroup_warn("Warning: Entry for %s not" - "found. Skipping rule on line" - " %d.\n", user, linenum); - skipped = true; --- -2.17.0 - diff --git a/libcgroup-0.41-lex.patch b/libcgroup-0.41-lex.patch deleted file mode 100644 index bcd536a2e43e27b605657e12800897ced0f79369..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-lex.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a8c2e967e74d280cd3b8554af0c95d823647d1c0 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Thu, 6 Feb 2014 11:43:18 +0100 -Subject: [PATCH] lex updated, additional '\' char for ID token - ---- - libcgroup-0.41/src/lex.l | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libcgroup-0.41/src/lex.l b/libcgroup-0.41/src/lex.l -index 1b357db..d7bf575 100644 ---- a/libcgroup-0.41/src/lex.l -+++ b/libcgroup-0.41/src/lex.l -@@ -43,7 +43,7 @@ jmp_buf parser_error_env; - "namespace" {return NAMESPACE;} - "template" {return TEMPLATE;} - "default" {return DEFAULT;} --[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;} -+[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;} - \"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; } - . {return yytext[0];} - %% --- -1.8.5.3 - diff --git a/libcgroup-0.41-prevent-buffer-overflow.patch b/libcgroup-0.41-prevent-buffer-overflow.patch deleted file mode 100644 index d4051599b784676fb0b390f345ab3a9bc659a9c9..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-prevent-buffer-overflow.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Wed, 22 Jun 2016 14:12:46 +0200 -Subject: [PATCH 3/6] api.c: fix potential buffer overflow -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It is assumed that arguments read from /proc//cmdline don't exceed -buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's -not always the case. - -Add check to prevent buffer overflow and discard the excessive part of -an argument. - -Signed-off-by: Nikola Forró ---- - src/api.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/api.c b/src/api.c -index 217d6c9..4d98081 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, - - while (c != EOF) { - c = fgetc(f); -- if ((c != EOF) && (c != '\0')) { -+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { - buf_pname[len] = c; - len++; - continue; - } - buf_pname[len] = '\0'; - -+ if (len == FILENAME_MAX - 1) -+ while ((c != EOF) && (c != '\0')) -+ c = fgetc(f); -+ - /* - * The taken process name from /proc//status is - * shortened to 15 characters if it is over. So the --- -2.17.0 - diff --git a/libcgroup-0.41-size-of-controller-values.patch b/libcgroup-0.41-size-of-controller-values.patch deleted file mode 100644 index 08aba87acf04c1d649d821155a17f9d5d40deb3c..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-size-of-controller-values.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 5a64a79144e58a62426a34ef51b14e891f042fa2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:54:38 +0200 -Subject: [PATCH 6/6] Increase maximal size of controller values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Maximal length of a controller value is determined by CG_VALUE_MAX, -which is equal to 100. That is not sufficient in some cases. - -Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API) -and set it to 4096, which is usually equal to the amount of bytes that -can be written to a sysctl file directly. - -Add warning message about exceeding the limit while parsing -configuration file. - -Signed-off-by: Nikola Forró ---- - src/api.c | 6 +++--- - src/libcgroup-internal.h | 5 ++++- - src/tools/cgset.c | 4 ++-- - src/wrapper.c | 17 ++++++++++++----- - 4 files changed, 21 insertions(+), 11 deletions(-) - -diff --git a/src/api.c b/src/api.c -index efde2d1..1cd30df 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1561,7 +1561,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, - } - - dst_val = dst->values[i]; -- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); -+ strncpy(dst_val->value, src_val->value, CG_CONTROL_VALUE_MAX); - strncpy(dst_val->name, src_val->name, FILENAME_MAX); - dst_val->dirty = src_val->dirty; - } -@@ -2286,7 +2286,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, - if (ctrl_file < 0) - return ECGROUPVALUENOTEXIST; - -- *value = calloc(CG_VALUE_MAX, 1); -+ *value = calloc(CG_CONTROL_VALUE_MAX, 1); - if (!*value) { - close(ctrl_file); - last_errno = errno; -@@ -2297,7 +2297,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, - * using %as or fread crashes when we try to read from files like - * memory.stat - */ -- ret = read(ctrl_file, *value, CG_VALUE_MAX-1); -+ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1); - if (ret < 0) { - free(*value); - *value = NULL; -diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h -index 4c0f46c..3a8e336 100644 ---- a/src/libcgroup-internal.h -+++ b/src/libcgroup-internal.h -@@ -32,6 +32,9 @@ __BEGIN_DECLS - /* Estimated number of groups created */ - #define MAX_GROUP_ELEMENTS 128 - -+/* Maximum length of a value */ -+#define CG_CONTROL_VALUE_MAX 4096 -+ - #define CG_NV_MAX 100 - #define CG_CONTROLLER_MAX 100 - /* Max number of mounted hierarchies. Event if one controller is mounted per -@@ -73,7 +76,7 @@ __BEGIN_DECLS - - struct control_value { - char name[FILENAME_MAX]; -- char value[CG_VALUE_MAX]; -+ char value[CG_CONTROL_VALUE_MAX]; - bool dirty; - }; - -diff --git a/src/tools/cgset.c b/src/tools/cgset.c -index ea9f90d..3d3c8cc 100644 ---- a/src/tools/cgset.c -+++ b/src/tools/cgset.c -@@ -151,8 +151,8 @@ int main(int argc, char *argv[]) - goto err; - } - -- strncpy(name_value[nv_number].value, buf, CG_VALUE_MAX); -- name_value[nv_number].value[CG_VALUE_MAX-1] = '\0'; -+ strncpy(name_value[nv_number].value, buf, CG_CONTROL_VALUE_MAX); -+ name_value[nv_number].value[CG_CONTROL_VALUE_MAX-1] = '\0'; - - nv_number++; - break; -diff --git a/src/wrapper.c b/src/wrapper.c -index c03472a..0952823 100644 ---- a/src/wrapper.c -+++ b/src/wrapper.c -@@ -132,10 +132,10 @@ int cgroup_add_value_string(struct cgroup_controller *controller, - if (!controller) - return ECGINVAL; - -- if (controller->index >= CG_VALUE_MAX) -+ if (controller->index >= CG_NV_MAX) - return ECGMAXVALUESEXCEEDED; - -- for (i = 0; i < controller->index && i < CG_VALUE_MAX; i++) { -+ for (i = 0; i < controller->index && i < CG_NV_MAX; i++) { - if (!strcmp(controller->values[i]->name, name)) - return ECGVALUEEXISTS; - } -@@ -145,8 +145,15 @@ int cgroup_add_value_string(struct cgroup_controller *controller, - if (!cntl_value) - return ECGCONTROLLERCREATEFAILED; - -- strncpy(cntl_value->name, name, sizeof(cntl_value->name)); -- strncpy(cntl_value->value, value, sizeof(cntl_value->value)); -+ if (strlen(value) >= sizeof(cntl_value->value)) { -+ fprintf(stderr, "value exceeds the maximum of %d characters\n", -+ sizeof(cntl_value->value)); -+ free(cntl_value); -+ return ECGCONFIGPARSEFAIL; -+ } -+ -+ strncpy(cntl_value->name, name, sizeof(cntl_value->name) - 1); -+ strncpy(cntl_value->value, value, sizeof(cntl_value->value) - 1); - cntl_value->dirty = true; - controller->values[controller->index] = cntl_value; - controller->index++; -@@ -356,7 +363,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller, - for (i = 0; i < controller->index; i++) { - struct control_value *val = controller->values[i]; - if (!strcmp(val->name, name)) { -- strncpy(val->value, value, CG_VALUE_MAX); -+ strncpy(val->value, value, CG_CONTROL_VALUE_MAX - 1); - val->dirty = true; - return 0; - } --- -2.17.0 - diff --git a/libcgroup-0.41-tasks-file-warning.patch b/libcgroup-0.41-tasks-file-warning.patch deleted file mode 100644 index e094613f0b7edcfab60b32ab5a037d99290b9a16..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-tasks-file-warning.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 437b68f34c459d136c806e61dafb5825d2f97170 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:32:28 +0200 -Subject: [PATCH 4/6] api.c: Show warning when tasks file can not be opened -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Nikola Forró ---- - src/api.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 4d98081..51081b4 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1190,12 +1190,15 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) - if (!tasks) { - switch (errno) { - case EPERM: -- return ECGROUPNOTOWNER; -+ ret = ECGROUPNOTOWNER; -+ break; - case ENOENT: -- return ECGROUPNOTEXIST; -+ ret = ECGROUPNOTEXIST; -+ break; - default: -- return ECGROUPNOTALLOWED; -+ ret = ECGROUPNOTALLOWED; - } -+ goto err; - } - ret = fprintf(tasks, "%d", tid); - if (ret < 0) { -@@ -1214,7 +1217,8 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) - err: - cgroup_warn("Warning: cannot write tid %d to %s:%s\n", - tid, path, strerror(errno)); -- fclose(tasks); -+ if (tasks) -+ fclose(tasks); - return ret; - } - --- -2.17.0 - diff --git a/libcgroup-0.41.tar.bz2 b/libcgroup-0.41.tar.bz2 deleted file mode 100644 index 5bcced83f0af3021bbb69f9396ce3d86b9f1a1a4..0000000000000000000000000000000000000000 Binary files a/libcgroup-0.41.tar.bz2 and /dev/null differ diff --git a/libcgroup-v0.42.2.tar.gz b/libcgroup-v0.42.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..df41b1352ada730c4c1e247b153715ed958a792d Binary files /dev/null and b/libcgroup-v0.42.2.tar.gz differ diff --git a/libcgroup.spec b/libcgroup.spec index 52822048b064035c00ba75e84d9982523f0d04a6..5cde35ad74c492d94349df8b1b84a954d187f89a 100644 --- a/libcgroup.spec +++ b/libcgroup.spec @@ -4,11 +4,11 @@ Summary: Libcgroup is a library that abstracts the control group file system in Linux Name: libcgroup -Version: 0.41 -Release: 23 +Version: 0.42.2 +Release: 1 License: LGPLv2+ URL: http://libcg.sourceforge.net/ -Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2 +Source0: https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-v%{version}.tar.gz Source1: cgconfig.service Provides: libcgroup-pam libcgroup-tools Obsoletes: libcgroup-pam libcgroup-tools @@ -18,18 +18,8 @@ Patch1: libcgroup-0.37-chmod.patch Patch2: libcgroup-0.40.rc1-coverity.patch Patch3: libcgroup-0.40.rc1-fread.patch Patch4: libcgroup-0.40.rc1-templates-fix.patch -Patch5: libcgroup-0.41-lex.patch -Patch6: libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch -Patch7: libcgroup-0.41-api.c-preserve-dirty-flag.patch -Patch8: libcgroup-0.41-change-cgroup-of-threads.patch -Patch9: libcgroup-0.41-fix-infinite-loop.patch -Patch10: libcgroup-0.41-prevent-buffer-overflow.patch -Patch11: libcgroup-0.41-tasks-file-warning.patch -Patch12: libcgroup-0.41-fix-log-level.patch -Patch13: libcgroup-0.41-size-of-controller-values.patch -Patch14: libcgroup-0.41-CVE-2018-14348.patch -Patch9000: bugfix-change-parser-match-order-fix-cgconfig-error.patch +BuildRequires: autoconf, automake, libtool BuildRequires: gcc,gcc-c++,byacc BuildRequires: systemd-units,pam-devel,flex,coreutils @@ -60,19 +50,9 @@ It provides helpful information for libcgroup-pam,libcgroup-devel,libcgroup-tool %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p2 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch9000 -p1 %build +autoreconf -vif %configure --enable-pam-module-dir=%{_libdir}/security --enable-opaque-hierarchy="name=systemd" --disable-daemon make %{?_smp_mflags} @@ -87,9 +67,11 @@ install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT%{_sysconfdir}/c # Only one pam_cgroup.so is needed mv -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*.*.* $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so -rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.* -rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.la -rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.{,l}a $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.* + +rm -f $RPM_BUILD_ROOT%{_libdir}/*.{,l}a + +rm -f $RPM_BUILD_ROOT%{_libdir}/libcgroupfortesting.* rm -f $RPM_BUILD_ROOT%{_mandir}/man5/cgred.conf.5* rm -f $RPM_BUILD_ROOT%{_mandir}/man5/cgrules.conf.5* @@ -152,6 +134,12 @@ getent group cgred >/dev/null || groupadd -r cgred %attr(0644, root, root) %{_mandir}/man8/* %changelog +* Wed Nov 4 2020 leizhongkai - 0.42.2-1 +- Type: upgrade +- Id:NA +- SUG:NA +- DESC:new upstream release 0.42.2 + * Tue Jan 7 2020 openEuler Buildteam - 0.41-23 - Type:enhancement - Id:NA diff --git a/libcgroup.yaml b/libcgroup.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fcb8a3092e8c63aa7aca4f36c7476a9cb0b0a789 --- /dev/null +++ b/libcgroup.yaml @@ -0,0 +1,4 @@ +version_control: github +src_repo: libcgroup/libcgroup +tag_prefix: +seperator: "."