public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed
From: "Böszörményi Zoltán" <zboszor@gmail.com>
To: Paul Barker <paul@pbarker.dev>, Martin Jansa <martin.jansa@gmail.com>
Cc: Hemanth.KumarMD@windriver.com,
	openembedded-core@lists.openembedded.org,
	Sundeep.Kokkonda@windriver.com, Randy.MacLeod@windriver.com
Subject: Re: [OE-core] [PATCH v2 3/7] pseudo: fix for build with glibc-2.43
Date: Thu, 16 Apr 2026 08:26:55 +0200	[thread overview]
Message-ID: <02810844-ac6d-4f23-98bc-b8f4f3955c47@gmail.com> (raw)
In-Reply-To: <1b979680925d535d3cd344a8b736b8f862d52498.camel@pbarker.dev>

2026. 04. 08. 11:44 keltezéssel, Paul Barker írta:
> On Tue, 2026-04-07 at 17:38 +0200, Zoltan Boszormenyi via
> lists.openembedded.org wrote:
>> 2026. 04. 07. 17:21 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta:
>>> The issue turns out to be with GNU tar, specifically this build:
>>> https://koji.fedoraproject.org/koji/buildinfo?buildID=2924033
>>>
>>> Manually downgrading to the previous build fixed the packaging problem:
>>> https://koji.fedoraproject.org/koji/buildinfo?buildID=2917292
>>>
>>> I reported it here:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=2455965
>> According to the changelog of the current GNU tar 1.35-8.fc44 build,
>> it contains backports from what will be the official 1.36 version.
>> With that release, whenever it will be out, other distros would fail, too.
>>
>> Note this from the Fedora package changelog:
>>
>> - Backport upstream changes to jailify extraction directory
>>     Includes related gnulib changes to add openat2
>>     Fixes CVE-2025-45582 (fedora#2380007)
>>
>> which seems to be this commit:
>> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=75b03fdff48916bd0654677ed21379bdb0db016d
>>
>> commit 75b03fdff48916bd0654677ed21379bdb0db016d
>> Author: Paul Eggert <eggert@cs.ucla.edu>
>> Date:   Thu Nov 13 13:44:10 2025 -0800
>>
>>       Use openat2 to jailify the extraction directory
>>
>>       This addresses CVE-2025-45582.
>>       * gnulib.modules: Add openat2.
>>       * src/misc.c (open_subdir): New static function.
>>       (fdbase_opendir): Use it.
>>       * src/tar.c (open_searchdir_how): New var, replacing and
>>       augmenting open_searchdir_flags.  All uses changed.
>>       * tests/extrac31.at: New file.
>>       * tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.
>>
>> I guess it will really need fixes in pseudo to overcome this.
> Hi Zoltan,
>
> The issue is that our intercept function for openat2 is a stub [1], it
> returns -ENOSYS. This works on other distros as the gnulib
> implementation of openat2 in userspace can be used as a fallback. If tar
> in F44 doesn't have any fallback for when openat2 isn't implemented that
> that won't work.
>
> So it looks like we will need to complete openat2 handling in pseudo. We
> have an issue for that in bugzilla [2], I'll update it.
>
> [1]: https://git.yoctoproject.org/pseudo/tree/ports/linux/openat2/guts/openat2.c
> [2]: https://bugzilla.yoctoproject.org/show_bug.cgi?id=16126

Thank you.



  reply	other threads:[~2026-04-16  6:27 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-08 15:07 [PATCH v2 1/7] glibc: Upgrade to 2.43 release Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 2/7] gettext: Upgrade 0.26 -> 1.0 Hemanth.KumarMD
2026-03-09  6:56   ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 14:50     ` Randy MacLeod
2026-03-08 15:07 ` [PATCH v2 3/7] pseudo: fix for build with glibc-2.43 Hemanth.KumarMD
2026-03-08 16:37   ` [OE-core] " Martin Jansa
2026-04-07  8:54     ` Böszörményi Zoltán
     [not found]     ` <18A40738790ACBCC.657799@lists.openembedded.org>
2026-04-07 11:39       ` Böszörményi Zoltán
2026-04-07 14:08         ` Martin Jansa
2026-04-07 15:21           ` Böszörményi Zoltán
     [not found]           ` <18A41C5827F22307.777565@lists.openembedded.org>
2026-04-07 15:38             ` Böszörményi Zoltán
2026-04-08  9:44               ` Paul Barker
2026-04-16  6:26                 ` Böszörményi Zoltán [this message]
2026-04-15 13:16               ` Richard Purdie
2026-04-16  7:27                 ` Böszörményi Zoltán
2026-04-16 15:44                   ` Richard Purdie
2026-03-08 15:07 ` [PATCH v2 4/7] gcc-runtime: avoid discarded-qualifiers build failure with glibc 2.43 Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 5/7] libxcrypt: " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 6/7] barebox-tools: fix " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 7/7] ltp: workaround openat2 " Hemanth.KumarMD
2026-03-08 16:58   ` [OE-core] " Mathieu Dubois-Briand
2026-03-09  7:13 ` [OE-core] [PATCH v2 1/7] glibc: Upgrade to 2.43 release Mathieu Dubois-Briand
2026-03-09 13:26   ` Sundeep KOKKONDA
2026-03-09 13:54     ` Richard Purdie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=02810844-ac6d-4f23-98bc-b8f4f3955c47@gmail.com \
    --to=zboszor@gmail.com \
    --cc=Hemanth.KumarMD@windriver.com \
    --cc=Randy.MacLeod@windriver.com \
    --cc=Sundeep.Kokkonda@windriver.com \
    --cc=martin.jansa@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=paul@pbarker.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox