From: "Böszörményi Zoltán" <zboszor@gmail.com>
To: Paul Barker <paul@pbarker.dev>, Martin Jansa <martin.jansa@gmail.com>
Cc: Hemanth.KumarMD@windriver.com,
openembedded-core@lists.openembedded.org,
Sundeep.Kokkonda@windriver.com, Randy.MacLeod@windriver.com
Subject: Re: [OE-core] [PATCH v2 3/7] pseudo: fix for build with glibc-2.43
Date: Thu, 16 Apr 2026 08:26:55 +0200 [thread overview]
Message-ID: <02810844-ac6d-4f23-98bc-b8f4f3955c47@gmail.com> (raw)
In-Reply-To: <1b979680925d535d3cd344a8b736b8f862d52498.camel@pbarker.dev>
2026. 04. 08. 11:44 keltezéssel, Paul Barker írta:
> On Tue, 2026-04-07 at 17:38 +0200, Zoltan Boszormenyi via
> lists.openembedded.org wrote:
>> 2026. 04. 07. 17:21 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta:
>>> The issue turns out to be with GNU tar, specifically this build:
>>> https://koji.fedoraproject.org/koji/buildinfo?buildID=2924033
>>>
>>> Manually downgrading to the previous build fixed the packaging problem:
>>> https://koji.fedoraproject.org/koji/buildinfo?buildID=2917292
>>>
>>> I reported it here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=2455965
>> According to the changelog of the current GNU tar 1.35-8.fc44 build,
>> it contains backports from what will be the official 1.36 version.
>> With that release, whenever it will be out, other distros would fail, too.
>>
>> Note this from the Fedora package changelog:
>>
>> - Backport upstream changes to jailify extraction directory
>> Includes related gnulib changes to add openat2
>> Fixes CVE-2025-45582 (fedora#2380007)
>>
>> which seems to be this commit:
>> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=75b03fdff48916bd0654677ed21379bdb0db016d
>>
>> commit 75b03fdff48916bd0654677ed21379bdb0db016d
>> Author: Paul Eggert <eggert@cs.ucla.edu>
>> Date: Thu Nov 13 13:44:10 2025 -0800
>>
>> Use openat2 to jailify the extraction directory
>>
>> This addresses CVE-2025-45582.
>> * gnulib.modules: Add openat2.
>> * src/misc.c (open_subdir): New static function.
>> (fdbase_opendir): Use it.
>> * src/tar.c (open_searchdir_how): New var, replacing and
>> augmenting open_searchdir_flags. All uses changed.
>> * tests/extrac31.at: New file.
>> * tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.
>>
>> I guess it will really need fixes in pseudo to overcome this.
> Hi Zoltan,
>
> The issue is that our intercept function for openat2 is a stub [1], it
> returns -ENOSYS. This works on other distros as the gnulib
> implementation of openat2 in userspace can be used as a fallback. If tar
> in F44 doesn't have any fallback for when openat2 isn't implemented that
> that won't work.
>
> So it looks like we will need to complete openat2 handling in pseudo. We
> have an issue for that in bugzilla [2], I'll update it.
>
> [1]: https://git.yoctoproject.org/pseudo/tree/ports/linux/openat2/guts/openat2.c
> [2]: https://bugzilla.yoctoproject.org/show_bug.cgi?id=16126
Thank you.
next prev parent reply other threads:[~2026-04-16 6:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-08 15:07 [PATCH v2 1/7] glibc: Upgrade to 2.43 release Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 2/7] gettext: Upgrade 0.26 -> 1.0 Hemanth.KumarMD
2026-03-09 6:56 ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 14:50 ` Randy MacLeod
2026-03-08 15:07 ` [PATCH v2 3/7] pseudo: fix for build with glibc-2.43 Hemanth.KumarMD
2026-03-08 16:37 ` [OE-core] " Martin Jansa
2026-04-07 8:54 ` Böszörményi Zoltán
[not found] ` <18A40738790ACBCC.657799@lists.openembedded.org>
2026-04-07 11:39 ` Böszörményi Zoltán
2026-04-07 14:08 ` Martin Jansa
2026-04-07 15:21 ` Böszörményi Zoltán
[not found] ` <18A41C5827F22307.777565@lists.openembedded.org>
2026-04-07 15:38 ` Böszörményi Zoltán
2026-04-08 9:44 ` Paul Barker
2026-04-16 6:26 ` Böszörményi Zoltán [this message]
2026-04-15 13:16 ` Richard Purdie
2026-04-16 7:27 ` Böszörményi Zoltán
2026-04-16 15:44 ` Richard Purdie
2026-03-08 15:07 ` [PATCH v2 4/7] gcc-runtime: avoid discarded-qualifiers build failure with glibc 2.43 Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 5/7] libxcrypt: " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 6/7] barebox-tools: fix " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 7/7] ltp: workaround openat2 " Hemanth.KumarMD
2026-03-08 16:58 ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 7:13 ` [OE-core] [PATCH v2 1/7] glibc: Upgrade to 2.43 release Mathieu Dubois-Briand
2026-03-09 13:26 ` Sundeep KOKKONDA
2026-03-09 13:54 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02810844-ac6d-4f23-98bc-b8f4f3955c47@gmail.com \
--to=zboszor@gmail.com \
--cc=Hemanth.KumarMD@windriver.com \
--cc=Randy.MacLeod@windriver.com \
--cc=Sundeep.Kokkonda@windriver.com \
--cc=martin.jansa@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul@pbarker.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox