diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2020-08-12 14:47:47 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2020-08-28 17:19:43 +0200 |
| commit | 0d38182d489a6f1dbc91d202680063e7fc32d11d (patch) | |
| tree | 36d75b14bb7edcf7b6d9033b4205398b5346bcc3 | |
| parent | 8d91876805031982643ede3bc6aff38b89d7d6e1 (diff) | |
main/libcap-ng: fix deadlock with capng_apply
libvirt will call capng_apply after fork which may result in deadlock if
malloc is called. Fix capng_apply to avoid malloc/free.
ref #11602
Upstream PR: https://github.com/stevegrubb/libcap-ng/pull/16
(cherry picked from commit 5dc3f84b9885c06cd0b5029d4cba00c1d231a64a)
| -rw-r--r-- | main/libcap-ng/APKBUILD | 4 | ||||
| -rw-r--r-- | main/libcap-ng/async-safe-apply.patch | 29 |
2 files changed, 32 insertions, 1 deletions
diff --git a/main/libcap-ng/APKBUILD b/main/libcap-ng/APKBUILD index 5834f6262ee..07654b528e6 100644 --- a/main/libcap-ng/APKBUILD +++ b/main/libcap-ng/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libcap-ng pkgver=0.7.10 -pkgrel=0 +pkgrel=1 pkgdesc="POSIX capabilities library" url="http://people.redhat.com/sgrubb/libcap-ng/index.html" arch="all" @@ -11,6 +11,7 @@ makedepends_build="" makedepends_host="$depends_dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" source="https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-$pkgver.tar.gz + async-safe-apply.patch fix-includes.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -48,4 +49,5 @@ utils() { } sha512sums="1b93c7f5c20ae5cc705fe5244af3e299454e988388cda95f006e248d97c0713e77da2a81c67ecf15755f3958df373fc6d1ca14197d6357ab1f2d8c3a0fd12def libcap-ng-0.7.10.tar.gz +cfd97dab1bb1c93434cc6439f78d3967905002efd91946486978dec9b84df60945a2e5f25c8af79b94c5e3a36c783e9afbaec71b9d322ebed0b0b401a6ff34e6 async-safe-apply.patch 8de98ce0fae63812cf7fd17e788343798b0cab63ba029f046ac9b89b2305da17432bafdd3dfa36046fc2cc0a453e0c889f6744c632f4617e0e5fc08e2823e324 fix-includes.patch" diff --git a/main/libcap-ng/async-safe-apply.patch b/main/libcap-ng/async-safe-apply.patch new file mode 100644 index 00000000000..1542863e74c --- /dev/null +++ b/main/libcap-ng/async-safe-apply.patch @@ -0,0 +1,29 @@ +Upstream: https://github.com/stevegrubb/libcap-ng/pull/16 +diff --git a/src/cap-ng.c b/src/cap-ng.c +index 7aa1029..f0ad7e7 100644 +--- a/src/cap-ng.c ++++ b/src/cap-ng.c +@@ -525,11 +525,12 @@ int capng_apply(capng_select_t set) + + if (set & CAPNG_SELECT_BOUNDS) { + #ifdef PR_CAPBSET_DROP +- void *s = capng_save_state(); ++ struct cap_ng state; ++ memcpy(&state, &m, sizeof(state)); /* save state */ + capng_get_caps_process(); + if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) { + int i; +- capng_restore_state(&s); ++ memcpy(&m, &state, sizeof(m)); /* restore state */ + rc = 0; + for (i=0; i <= last_cap && rc == 0; i++) + if (capng_have_capability(CAPNG_BOUNDING_SET, +@@ -538,7 +539,7 @@ int capng_apply(capng_select_t set) + if (rc == 0) + m.state = CAPNG_APPLIED; + } else +- capng_restore_state(&s); ++ memcpy(&m, &state, sizeof(m)); /* restore state */ + #else + rc = 0; + #endif |