From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: zboszor@gmail.com, Martin Jansa <martin.jansa@gmail.com>
Cc: Hemanth.KumarMD@windriver.com,
openembedded-core@lists.openembedded.org,
Sundeep.Kokkonda@windriver.com, Randy.MacLeod@windriver.com
Subject: Re: [OE-core] [PATCH v2 3/7] pseudo: fix for build with glibc-2.43
Date: Wed, 15 Apr 2026 14:16:24 +0100 [thread overview]
Message-ID: <a534592e54506e5576444250023b0bed775a298d.camel@linuxfoundation.org> (raw)
In-Reply-To: <ed118dea-62cd-4d29-9ee1-336367a2aae5@gmail.com>
On Tue, 2026-04-07 at 17:38 +0200, Zoltan Boszormenyi via lists.openembedded.org wrote:
> 2026. 04. 07. 17:21 keltezéssel, Zoltan Boszormenyi via lists.openembedded.org írta:
> > The issue turns out to be with GNU tar, specifically this build:
> > https://koji.fedoraproject.org/koji/buildinfo?buildID=2924033
> >
> > Manually downgrading to the previous build fixed the packaging problem:
> > https://koji.fedoraproject.org/koji/buildinfo?buildID=2917292
> >
> > I reported it here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=2455965
>
> According to the changelog of the current GNU tar 1.35-8.fc44 build,
> it contains backports from what will be the official 1.36 version.
> With that release, whenever it will be out, other distros would fail, too.
>
> Note this from the Fedora package changelog:
>
> - Backport upstream changes to jailify extraction directory
> Includes related gnulib changes to add openat2
> Fixes CVE-2025-45582 (fedora#2380007)
>
> which seems to be this commit:
> https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=75b03fdff48916bd0654677ed21379bdb0db016d
>
> commit 75b03fdff48916bd0654677ed21379bdb0db016d
> Author: Paul Eggert <eggert@cs.ucla.edu>
> Date: Thu Nov 13 13:44:10 2025 -0800
>
> Use openat2 to jailify the extraction directory
>
> This addresses CVE-2025-45582.
> * gnulib.modules: Add openat2.
> * src/misc.c (open_subdir): New static function.
> (fdbase_opendir): Use it.
> * src/tar.c (open_searchdir_how): New var, replacing and
> augmenting open_searchdir_flags. All uses changed.
> * tests/extrac31.at: New file.
> * tests/Makefile (TESTSUITE_AT), tests/testuite.at: Add it.
>
> I guess it will really need fixes in pseudo to overcome this.
I have put some patches onto this branch of pseudo:
https://git.yoctoproject.org/pseudo/log/?h=rpurdie/openat2
In my local testing, that did work but I don't have a Fedora 44 system
to test on right now. There are some potential issues with chroot
handling in there but I would be curious how this works on Fedora 44 if
you were able to test...
Cheers,
Richard
next prev parent reply other threads:[~2026-04-15 13:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-08 15:07 [PATCH v2 1/7] glibc: Upgrade to 2.43 release Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 2/7] gettext: Upgrade 0.26 -> 1.0 Hemanth.KumarMD
2026-03-09 6:56 ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 14:50 ` Randy MacLeod
2026-03-08 15:07 ` [PATCH v2 3/7] pseudo: fix for build with glibc-2.43 Hemanth.KumarMD
2026-03-08 16:37 ` [OE-core] " Martin Jansa
2026-04-07 8:54 ` Böszörményi Zoltán
[not found] ` <18A40738790ACBCC.657799@lists.openembedded.org>
2026-04-07 11:39 ` Böszörményi Zoltán
2026-04-07 14:08 ` Martin Jansa
2026-04-07 15:21 ` Böszörményi Zoltán
[not found] ` <18A41C5827F22307.777565@lists.openembedded.org>
2026-04-07 15:38 ` Böszörményi Zoltán
2026-04-08 9:44 ` Paul Barker
2026-04-16 6:26 ` Böszörményi Zoltán
2026-04-15 13:16 ` Richard Purdie [this message]
2026-04-16 7:27 ` Böszörményi Zoltán
2026-04-16 15:44 ` Richard Purdie
2026-03-08 15:07 ` [PATCH v2 4/7] gcc-runtime: avoid discarded-qualifiers build failure with glibc 2.43 Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 5/7] libxcrypt: " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 6/7] barebox-tools: fix " Hemanth.KumarMD
2026-03-08 15:07 ` [PATCH v2 7/7] ltp: workaround openat2 " Hemanth.KumarMD
2026-03-08 16:58 ` [OE-core] " Mathieu Dubois-Briand
2026-03-09 7:13 ` [OE-core] [PATCH v2 1/7] glibc: Upgrade to 2.43 release Mathieu Dubois-Briand
2026-03-09 13:26 ` Sundeep KOKKONDA
2026-03-09 13:54 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a534592e54506e5576444250023b0bed775a298d.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=Hemanth.KumarMD@windriver.com \
--cc=Randy.MacLeod@windriver.com \
--cc=Sundeep.Kokkonda@windriver.com \
--cc=martin.jansa@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=zboszor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox