From: Paul Barker <paul@pbarker.dev>
To: zboszor@gmail.com, Martin Jansa <martin.jansa@gmail.com>
Cc: Hemanth.KumarMD@windriver.com,
openembedded-core@lists.openembedded.org,
Sundeep.Kokkonda@windriver.com, Randy.MacLeod@windriver.com
Subject: Re: [OE-core] [PATCH v2 3/7] pseudo: fix for build with glibc-2.43
Date: Wed, 08 Apr 2026 10:44:13 +0100 [thread overview]
Message-ID: <1b979680925d535d3cd344a8b736b8f862d52498.camel@pbarker.dev> (raw)
In-Reply-To: <ed118dea-62cd-4d29-9ee1-336367a2aae5@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2459 bytes --]
On Tue, 2026-04-07 at 17:38 +0200, Zoltan Boszormenyi via
lists.openembedded.org wrote:
> 2026. 04. 07. 17:21 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta:
> > The issue turns out to be with GNU tar, specifically this build:
> > https://koji.fedoraproject.org/koji/buildinfo?buildID=2924033
> >
> > Manually downgrading to the previous build fixed the packaging problem:
> > https://koji.fedoraproject.org/koji/buildinfo?buildID=2917292
> >
> > I reported it here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=2455965
>
> According to the changelog of the current GNU tar 1.35-8.fc44 build,
> it contains backports from what will be the official 1.36 version.
> With that release, whenever it will be out, other distros would fail, too.
>
> Note this from the Fedora package changelog:
>
> - Backport upstream changes to jailify extraction directory
> Includes related gnulib changes to add openat2
> Fixes CVE-2025-45582 (fedora#2380007)
>
> which seems to be this commit:
> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=75b03fdff48916bd0654677ed21379bdb0db016d
>
> commit 75b03fdff48916bd0654677ed21379bdb0db016d
> Author: Paul Eggert <eggert@cs.ucla.edu>
> Date: Thu Nov 13 13:44:10 2025 -0800
>
> Use openat2 to jailify the extraction directory
>
> This addresses CVE-2025-45582.
> * gnulib.modules: Add openat2.
> * src/misc.c (open_subdir): New static function.
> (fdbase_opendir): Use it.
> * src/tar.c (open_searchdir_how): New var, replacing and
> augmenting open_searchdir_flags. All uses changed.
> * tests/extrac31.at: New file.
> * tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.
>
> I guess it will really need fixes in pseudo to overcome this.
Hi Zoltan,
The issue is that our intercept function for openat2 is a stub [1], it
returns -ENOSYS. This works on other distros as the gnulib
implementation of openat2 in userspace can be used as a fallback. If tar
in F44 doesn't have any fallback for when openat2 isn't implemented that
that won't work.
So it looks like we will need to complete openat2 handling in pseudo. We
have an issue for that in bugzilla [2], I'll update it.
[1]: https://git.yoctoproject.org/pseudo/tree/ports/linux/openat2/guts/openat2.c
[2]: https://bugzilla.yoctoproject.org/show_bug.cgi?id=16126
Thanks,
--
Paul Barker
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
next prev parent reply other threads:[~2026-04-08 9:44 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-08 15:07 [PATCH v2 1/7] glibc: Upgrade to 2.43 release Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 2/7] gettext: Upgrade 0.26 -> 1.0 Hemanth.KumarMD
2026-03-09 6:56 ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 14:50 ` Randy MacLeod
2026-03-08 15:07 ` [PATCH v2 3/7] pseudo: fix for build with glibc-2.43 Hemanth.KumarMD
2026-03-08 16:37 ` [OE-core] " Martin Jansa
2026-04-07 8:54 ` Böszörményi Zoltán
[not found] ` <18A40738790ACBCC.657799@lists.openembedded.org>
2026-04-07 11:39 ` Böszörményi Zoltán
2026-04-07 14:08 ` Martin Jansa
2026-04-07 15:21 ` Böszörményi Zoltán
[not found] ` <18A41C5827F22307.777565@lists.openembedded.org>
2026-04-07 15:38 ` Böszörményi Zoltán
2026-04-08 9:44 ` Paul Barker [this message]
2026-03-08 15:07 ` [PATCH v2 4/7] gcc-runtime: avoid discarded-qualifiers build failure with glibc 2.43 Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 5/7] libxcrypt: " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 6/7] barebox-tools: fix " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 7/7] ltp: workaround openat2 " Hemanth.KumarMD
2026-03-08 16:58 ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 7:13 ` [OE-core] [PATCH v2 1/7] glibc: Upgrade to 2.43 release Mathieu Dubois-Briand
2026-03-09 13:26 ` Sundeep KOKKONDA
2026-03-09 13:54 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b979680925d535d3cd344a8b736b8f862d52498.camel@pbarker.dev \
--to=paul@pbarker.dev \
--cc=Hemanth.KumarMD@windriver.com \
--cc=Randy.MacLeod@windriver.com \
--cc=Sundeep.Kokkonda@windriver.com \
--cc=martin.jansa@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=zboszor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox