main/libcap-ng: fix starting gnome-keyring

https://github.com/stevegrubb/libcap-ng/issues/21

3 files changed, 156 insertions, 3 deletions

diff --git a/main/libcap-ng/APKBUILD b/main/libcap-ng/APKBUILD
index 2bca9fcca17..9394be22ee2 100644
--- a/main/libcap-ng/APKBUILD
+++ b/main/libcap-ng/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libcap-ng
 pkgver=0.8.1
-pkgrel=0
+pkgrel=1
 pkgdesc="POSIX capabilities library"
 url="http://people.redhat.com/sgrubb/libcap-ng/index.html"
 arch="all"
@@ -9,7 +9,10 @@ license="GPL-2.0-or-later LGPL-2.1-or-later"
 depends_dev="linux-headers"
 makedepends_host="$depends_dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
-source="https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-$pkgver.tar.gz"
+source="https://people.redhat.com/sgrubb/libcap-ng/libcap-ng-$pkgver.tar.gz
+	apply.patch
+	apply-disable.patch
+	"
 
 build() {
 	ac_cv_prog_swig_found=no \
@@ -41,4 +44,6 @@ utils() {
 	mv "$pkgdir"/usr/bin/* "$subpkgdir"/usr/bin/
 }
 
-sha512sums="cd28ceb43e2cf5d3a0140fddbd2ea13dfda8eeea8a6de1817f3cc3b38df874ab8653917dbd405ad7aaaa71bcb9ec246d995079aa3cb0af1cffbdb37dfdd99232  libcap-ng-0.8.1.tar.gz"
+sha512sums="cd28ceb43e2cf5d3a0140fddbd2ea13dfda8eeea8a6de1817f3cc3b38df874ab8653917dbd405ad7aaaa71bcb9ec246d995079aa3cb0af1cffbdb37dfdd99232  libcap-ng-0.8.1.tar.gz
+47b6d7a61de15a9fc9c80ff8cd471723c74a010574ef3446c8895fb6e80b980672f16025ee94955a77f6088fcccf84b52e760a400c5239b637364caad391c0f7  apply.patch
+5f362d5d3f791d1bddc5d9ef3b31e5089c54f852904e12bc3b58dcd22fa87086766cfc095ae8b485bee1b3c4fd854575b89821052b77967a6fdca4ff7e0a0397  apply-disable.patch"
diff --git a/main/libcap-ng/apply-disable.patch b/main/libcap-ng/apply-disable.patch
new file mode 100644
index 00000000000..a476c1ae5b1
--- /dev/null
+++ b/main/libcap-ng/apply-disable.patch
@@ -0,0 +1,29 @@
+Upstream: Fedora patch
+Reason: Remove error codes that nobody handles and crashes everything
+
+diff -urp libcap-ng-0.8.2.orig/src/cap-ng.c libcap-ng-0.8.2/src/cap-ng.c
+--- libcap-ng-0.8.2.orig/src/cap-ng.c	2020-11-20 15:04:09.000000000 -0500
++++ libcap-ng-0.8.2/src/cap-ng.c	2020-11-20 16:04:55.425496426 -0500
+@@ -698,19 +698,19 @@ int capng_apply(capng_select_t set)
+ 				if (capng_have_capability(CAPNG_BOUNDING_SET,
+ 								 i) == 0) {
+ 				    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
+-					rc = -2;
++//					rc = -2;
+ 					goto try_caps;
+ 				    }
+ 				}
+ 			}
+ 			m.state = CAPNG_APPLIED;
+ 			if (get_bounding_set() < 0) {
+-				rc = -3;
++//				rc = -3;
+ 				goto try_caps;
+ 			}
+ 		} else {
+ 			memcpy(&m, &state, sizeof(m)); /* restore state */
+-			rc = -4;
++//			rc = -4;
+ 			goto try_caps;
+ 		}
+ #endif
diff --git a/main/libcap-ng/apply.patch b/main/libcap-ng/apply.patch
new file mode 100644
index 00000000000..5fb9f189c09
--- /dev/null
+++ b/main/libcap-ng/apply.patch
@@ -0,0 +1,119 @@
+From fda0224fea4f01b77bd07ac195b3baaaf1a28fca Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Fri, 20 Nov 2020 14:01:33 -0500
+Subject: [PATCH] In capng_apply, allow continuing in spite of errors
+
+In capng_apply, if we blow up trying to adjust the bounding set without
+proper permissions, continue into the capabilities in case they called
+with SELECT_BOTH and they don't bother checking the return code. This
+will at least leave the application in a potentially safer state.
+---
+ src/cap-ng.c | 56 +++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 42 insertions(+), 14 deletions(-)
+
+diff --git a/src/cap-ng.c b/src/cap-ng.c
+index a9de370..1474326 100644
+--- a/src/cap-ng.c
++++ b/src/cap-ng.c
+@@ -680,6 +680,8 @@ int capng_updatev(capng_act_t action, capng_type_t type,
+ 
+ int capng_apply(capng_select_t set)
+ {
++	int rc = 0;
++
+ 	// Before updating, we expect that the data is initialized to something
+ 	if (m.state < CAPNG_INIT)
+ 		return -1;
+@@ -695,52 +697,78 @@ int capng_apply(capng_select_t set)
+ 			for (i=0; i <= last_cap; i++) {
+ 				if (capng_have_capability(CAPNG_BOUNDING_SET,
+ 								 i) == 0) {
+-				    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0)
+-					return -2;
++				    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) <0) {
++					rc = -2;
++					goto try_caps;
++				    }
+ 				}
+ 			}
+ 			m.state = CAPNG_APPLIED;
+-			if (get_bounding_set() < 0)
+-				return -3;
++			if (get_bounding_set() < 0) {
++				rc = -3;
++				goto try_caps;
++			}
+ 		} else {
+ 			memcpy(&m, &state, sizeof(m)); /* restore state */
+-			return -4;
++			rc = -4;
++			goto try_caps;
+ 		}
+ #endif
+ 	}
++
++	// Try caps is here so that if someone had SELECT_BOTH and we blew up
++	// doing the bounding set, we at least try to set any capabilities
++	// before returning in case the caller also doesn't bother checking
++	// the return code.
++try_caps:
+ 	if (set & CAPNG_SELECT_CAPS) {
+ 		if (capset((cap_user_header_t)&m.hdr,
+ 				(cap_user_data_t)&m.data) == 0)
+ 			m.state = CAPNG_APPLIED;
+ 		else
+-			return -5;
++			rc = -5;
+ 	}
+-	// Put ambient last so that inheritable and permitted are set
++
++	// Most programs do not and should not mess with ambient capabilities.
++	// Instead of returning here if rc is set, we'll let it try to
++	// do something with ambient capabilities in hopes that it's lowering
++	// capabilities. Again, this is for people that don't check their
++	// return codes.
++	//
++	// Do ambient last so that inheritable and permitted are set by the
++	// time we get here.
+ 	if (set & CAPNG_SELECT_AMBIENT) {
+ #ifdef PR_CAP_AMBIENT
+ 		if (capng_have_capabilities(CAPNG_SELECT_AMBIENT) ==
+ 								CAPNG_NONE) {
+ 			if (prctl(PR_CAP_AMBIENT,
+-				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0)
+-				return -6;
++				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
++				rc = -6;
++				goto out;
++			}
+ 		} else {
+ 			unsigned int i;
+ 
+ 			// Clear them all
+ 			if (prctl(PR_CAP_AMBIENT,
+-				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0)
+-				return -7;
++				   PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0) < 0) {
++				rc = -7;
++				goto out;
++			}
+ 			for (i=0; i <= last_cap; i++) {
+ 				if (capng_have_capability(CAPNG_AMBIENT, i))
+ 					if (prctl(PR_CAP_AMBIENT,
+-					    PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0)
+-						return -8;
++					    PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0){
++						rc = -8;
++						goto out;
++					}
+ 			}
+ 		}
+ 		m.state = CAPNG_APPLIED;
+ #endif
+ 	}
+-	return 0;
++out:
++	return rc;
+ }
+ 
+ #ifdef VFS_CAP_U32