From 3ccc5104bc451580e86aa527cd96afba07f98bbc Mon Sep 17 00:00:00 2001 From: Julio Galvan Date: Tue, 16 Jul 2019 16:48:32 -0700 Subject: [PATCH 1/6] New package: libco-19.1 --- common/shlibs | 1 + srcpkgs/libco-devel | 1 + srcpkgs/libco/template | 26 ++++++++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 120000 srcpkgs/libco-devel create mode 100644 srcpkgs/libco/template diff --git a/common/shlibs b/common/shlibs index b5b6086d24f..59d4335202e 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3509,3 +3509,4 @@ libdrumstick-alsa.so.1 drumstick-1.1.2_1 libdrumstick-rt.so.1 drumstick-1.1.2_1 libnozzle.so.1 libnozzle1-1.11_2 libmygpo-qt5.so.1 libmygpo-qt-1.1.0_1 +libco.so.0 libco-19.1_1 diff --git a/srcpkgs/libco-devel b/srcpkgs/libco-devel new file mode 120000 index 00000000000..9cbee396adf --- /dev/null +++ b/srcpkgs/libco-devel @@ -0,0 +1 @@ +libco \ No newline at end of file diff --git a/srcpkgs/libco/template b/srcpkgs/libco/template new file mode 100644 index 00000000000..f9bce800b8a --- /dev/null +++ b/srcpkgs/libco/template @@ -0,0 +1,26 @@ +# Template file for 'libco' +pkgname=libco +version=19.1 +revision=1 +build_style=gnu-makefile +short_desc="Cooperative multithreading library written in C89" +maintainer="Julio Galvan " +license="ISC" +homepage="https://github.com/freeekanayaka/libco" +distfiles="https://github.com/freeekanayaka/libco/archive/v${version}.tar.gz" +checksum=0cbb3a6ba23c5985683ba0be213bb33bd617490aeb54a4d4421967a4fe9e2b95 + +post_install() { + vlicense LICENSE +} + +libco-devel_package() { + depends="libco>=${version}_${revision}" + short_desc+=" - development files" + pkg_install() { + vmove usr/include + vmove usr/lib/pkgconfig + vmove "usr/lib/*.a" + vmove "usr/lib/*.so" + } +} From 8eec135bf941ae30ad72d70f5e5ce68ef73ef827 Mon Sep 17 00:00:00 2001 From: Julio Galvan Date: Tue, 16 Jul 2019 16:59:54 -0700 Subject: [PATCH 2/6] New package: raft-0.9.5 --- common/shlibs | 1 + srcpkgs/raft-devel | 1 + srcpkgs/raft/template | 29 +++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 120000 srcpkgs/raft-devel create mode 100644 srcpkgs/raft/template diff --git a/common/shlibs b/common/shlibs index 59d4335202e..3cc2d231cd1 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3510,3 +3510,4 @@ libdrumstick-rt.so.1 drumstick-1.1.2_1 libnozzle.so.1 libnozzle1-1.11_2 libmygpo-qt5.so.1 libmygpo-qt-1.1.0_1 libco.so.0 libco-19.1_1 +libraft.so.0 raft-0.9.5_1 diff --git a/srcpkgs/raft-devel b/srcpkgs/raft-devel new file mode 120000 index 00000000000..d96c908578a --- /dev/null +++ b/srcpkgs/raft-devel @@ -0,0 +1 @@ +raft \ No newline at end of file diff --git a/srcpkgs/raft/template b/srcpkgs/raft/template new file mode 100644 index 00000000000..201fad9888c --- /dev/null +++ b/srcpkgs/raft/template @@ -0,0 +1,29 @@ +# Template file for 'raft' +pkgname=raft +version=0.9.5 +revision=1 +build_style=gnu-configure +configure_args="--enable-example=no" +hostmakedepends="pkg-config autoconf automake libtool" +makedepends="libuv-devel" +short_desc="C implementation of the Raft consensus protocol" +maintainer="Julio Galvan " +license="Apache-2.0" +homepage="https://github.com/CanonicalLtd/raft" +distfiles="https://github.com/CanonicalLtd/raft/archive/v${version}.tar.gz" +checksum=1f8e2530462546b39e5915c49b66ece41770fc40e7b1e537cf7a7fadabb5a87d + +pre_configure() { + autoreconf -i +} + +raft-devel_package() { + depends="${makedepends} raft>=${version}_${revision}" + short_desc+=" - development files" + pkg_install() { + vmove usr/include + vmove usr/lib/pkgconfig + vmove "usr/lib/*.a" + vmove "usr/lib/*.so" + } +} From 16f2f248d8593ce794f8b7908c6f7d1652e794de Mon Sep 17 00:00:00 2001 From: Julio Galvan Date: Sat, 7 Sep 2019 10:00:52 -0700 Subject: [PATCH 3/6] sqlite-replication: update to 3.29.0 --- srcpkgs/sqlite-replication/template | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/srcpkgs/sqlite-replication/template b/srcpkgs/sqlite-replication/template index b5b1063d8ca..818999f159d 100644 --- a/srcpkgs/sqlite-replication/template +++ b/srcpkgs/sqlite-replication/template @@ -1,10 +1,10 @@ # Template file for 'sqlite-replication' pkgname=sqlite-replication -version=3.28.0 +version=3.29.0 revision=1 wrksrc="sqlite-version-${version}-replication3" build_style=gnu-configure -configure_args="--enable-wal-replication --enable-threadsafe --enable-dynamic-extensions --enable-fts5" +configure_args="--enable-replication --enable-threadsafe --enable-dynamic-extensions --enable-fts5" hostmakedepends="tcl" makedepends="libedit-devel" short_desc="Replication Enabled SQL Database Engine in a C Library" @@ -12,7 +12,7 @@ maintainer="Cameron Nemo " license="Public Domain" homepage="https://github.com/CanonicalLtd/sqlite" distfiles="${homepage}/archive/version-${version}+replication3.tar.gz" -checksum=3e52fb92ef8f66ba640145941f05aabbffb4f422a0b9a42a97b6806e2c3c6812 +checksum=516ae04b7bef44b6de71fed99f41f1f11afc781495145c7bccf3c1e1073c37be replaces="sqlite>=3.8.11.1_3" provides="sqlite-${version}_${revision}" shlib_provides="libsqlite3.so" @@ -26,9 +26,6 @@ CFLAGS+=" -DHAVE_FDATASYNC" disable_parallel_build=yes pre_configure() { - printf -- "D 2019-03-09T15:45:46\n" > manifest - printf -- "8250984a368079bb1838d48d99f8c1a6282e00bc" > manifest.uuid - sed -i -e 's/ -ltinfo//g' configure } From e868ef5e38659ab544bffe74125a3afac6b6dfb6 Mon Sep 17 00:00:00 2001 From: Julio Galvan Date: Tue, 16 Jul 2019 15:39:24 -0700 Subject: [PATCH 4/6] dqlite: update to 1.0.0 --- srcpkgs/dqlite/patches/pthread_musl.patch | 22 ++++++++++++++++++++++ srcpkgs/dqlite/template | 8 ++++---- 2 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 srcpkgs/dqlite/patches/pthread_musl.patch diff --git a/srcpkgs/dqlite/patches/pthread_musl.patch b/srcpkgs/dqlite/patches/pthread_musl.patch new file mode 100644 index 00000000000..f1d165cdd31 --- /dev/null +++ b/srcpkgs/dqlite/patches/pthread_musl.patch @@ -0,0 +1,22 @@ +From 06eea47224a6015a48f592951298b1d80489452d Mon Sep 17 00:00:00 2001 +From: Cameron Nemo +Date: Thu, 12 Sep 2019 23:05:51 -0700 +Subject: [PATCH] fix(vfs): include pthread.h for musl compat + +Signed-off-by: Cameron Nemo +--- + src/vfs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/vfs.c b/src/vfs.c +index 31e138c..5d2a7c4 100644 +--- src/vfs.c ++++ src/vfs.c +@@ -1,6 +1,7 @@ + #include + #include + #include ++#include + + #include + diff --git a/srcpkgs/dqlite/template b/srcpkgs/dqlite/template index b11c2e93bd9..0f50d7b5779 100644 --- a/srcpkgs/dqlite/template +++ b/srcpkgs/dqlite/template @@ -1,24 +1,24 @@ # Template file for 'dqlite' pkgname=dqlite -version=0.2.6 +version=1.0.0 revision=1 build_style=gnu-configure hostmakedepends="pkg-config autoconf automake libtool" -makedepends="libuv-devel sqlite-replication-devel" +makedepends="sqlite-replication-devel raft-devel libco-devel" depends="sqlite-replication" short_desc="Distributed SQLite database using the Raft algorithm" maintainer="Cameron Nemo " license="Apache-2.0" homepage="https://github.com/CanonicalLtd/dqlite" distfiles="${homepage}/archive/v${version}.tar.gz" -checksum=47d31550d970a12d25101c331896cfb855128c110d912f5da3371062d9ece52b +checksum=f68a04f41829e453831b6ce71840370b16e793c735a0ded291cba95b24f7f254 pre_configure() { autoreconf -i } dqlite-devel_package() { - depends="sqlite-replication-devel dqlite>=${version}_${revision}" + depends="${makedepends} dqlite>=${version}_${revision}" short_desc+=" - development files" pkg_install() { vmove usr/include From 07679d212ce1891446fadcc5cbc4118d01efd18b Mon Sep 17 00:00:00 2001 From: Julio Galvan Date: Sat, 7 Sep 2019 12:00:17 -0700 Subject: [PATCH 5/6] lxc: update to 3.2.1 --- srcpkgs/lxc/patches/CVE-2019-5736.patch | 399 ------------------------ srcpkgs/lxc/patches/musl-compat.patch | 10 - srcpkgs/lxc/patches/rexecute.patch | 148 --------- srcpkgs/lxc/template | 4 +- 4 files changed, 2 insertions(+), 559 deletions(-) delete mode 100644 srcpkgs/lxc/patches/CVE-2019-5736.patch delete mode 100644 srcpkgs/lxc/patches/musl-compat.patch delete mode 100644 srcpkgs/lxc/patches/rexecute.patch diff --git a/srcpkgs/lxc/patches/CVE-2019-5736.patch b/srcpkgs/lxc/patches/CVE-2019-5736.patch deleted file mode 100644 index cb105e29124..00000000000 --- a/srcpkgs/lxc/patches/CVE-2019-5736.patch +++ /dev/null @@ -1,399 +0,0 @@ -From 6400238d08cdf1ca20d49bafb85f4e224348bf9d Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Sat, 26 Jan 2019 01:19:29 +0100 -Subject: [PATCH] CVE-2019-5736 (runC): rexec callers as memfd -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Adam Iwaniuk and Borys Popławski discovered that an attacker can compromise the -runC host binary from inside a privileged runC container. As a result, this -could be exploited to gain root access on the host. runC is used as the default -runtime for containers with Docker, containerd, Podman, and CRI-O. - -The attack can be made when attaching to a running container or when starting a -container running a specially crafted image. For example, when runC attaches -to a container the attacker can trick it into executing itself. This could be -done by replacing the target binary inside the container with a custom binary -pointing back at the runC binary itself. As an example, if the target binary -was /bin/bash, this could be replaced with an executable script specifying the -interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created -by the kernel for every process which points to the binary that was executed -for that process). As such when /bin/bash is executed inside the container, -instead the target of /proc/self/exe will be executed - which will point to the -runc binary on the host. The attacker can then proceed to write to the target -of /proc/self/exe to try and overwrite the runC binary on the host. However in -general, this will not succeed as the kernel will not permit it to be -overwritten whilst runC is executing. To overcome this, the attacker can -instead open a file descriptor to /proc/self/exe using the O_PATH flag and then -proceed to reopen the binary as O_WRONLY through /proc/self/fd/ and try to -write to it in a busy loop from a separate process. Ultimately it will succeed -when the runC binary exits. After this the runC binary is compromised and can -be used to attack other containers or the host itself. - -This attack is only possible with privileged containers since it requires root -privilege on the host to overwrite the runC binary. Unprivileged containers -with a non-identity ID mapping do not have the permission to write to the host -binary and therefore are unaffected by this attack. - -LXC is also impacted in a similar manner by this vulnerability, however as the -LXC project considers privileged containers to be unsafe no CVE has been -assigned for this issue for LXC. Quoting from the -https://linuxcontainers.org/lxc/security/ project's Security information page: - -"As privileged containers are considered unsafe, we typically will not consider -new container escape exploits to be security issues worthy of a CVE and quick -fix. We will however try to mitigate those issues so that accidental damage to -the host is prevented." - -To prevent this attack, LXC has been patched to create a temporary copy of the -calling binary itself when it starts or attaches to containers. To do this LXC -creates an anonymous, in-memory file using the memfd_create() system call and -copies itself into the temporary in-memory file, which is then sealed to -prevent further modifications. LXC then executes this sealed, in-memory file -instead of the original on-disk binary. Any compromising write operations from -a privileged container to the host LXC binary will then write to the temporary -in-memory binary and not to the host binary on-disk, preserving the integrity -of the host LXC binary. Also as the temporary, in-memory LXC binary is sealed, -writes to this will also fail. - -Note: memfd_create() was added to the Linux kernel in the 3.17 release. - -Signed-off-by: Christian Brauner -Co-Developed-by: Alesa Sarai -Acked-by: Serge Hallyn -Signed-off-by: Christian Brauner ---- - configure.ac | 12 +++ - src/lxc/Makefile.am | 4 + - src/lxc/file_utils.c | 41 ++++++++- - src/lxc/file_utils.h | 1 + - src/lxc/rexec.c | 181 +++++++++++++++++++++++++++++++++++++ - src/lxc/syscall_wrappers.h | 14 +++ - 6 files changed, 252 insertions(+), 1 deletion(-) - create mode 100644 src/lxc/rexec.c - -diff --git a/configure.ac b/configure.ac -index 8313b18d1..d43dabc0d 100644 ---- configure.ac -+++ configure.ac -@@ -746,6 +746,17 @@ AM_COND_IF([ENABLE_DLOG], - ]) - ]) - -+AC_ARG_ENABLE([memfd-rexec], -+ [AC_HELP_STRING([--enable-memfd-rexec], [enforce liblxc as a memfd to protect against certain symlink attacks [default=yes]])], -+ [], [enable_memfd_rexec=yes]) -+AM_CONDITIONAL([ENFORCE_MEMFD_REXEC], [test "x$enable_memfd_rexec" = "xyes"]) -+if test "x$enable_memfd_rexec" = "xyes"; then -+ AC_DEFINE([ENFORCE_MEMFD_REXEC], 1, [Rexec liblxc as memfd]) -+ AC_MSG_RESULT([yes]) -+else -+ AC_MSG_RESULT([no]) -+fi -+ - # Files requiring some variable expansion - AC_CONFIG_FILES([ - Makefile -@@ -974,6 +985,7 @@ Security features: - - Linux capabilities: $enable_capabilities - - seccomp: $enable_seccomp - - SELinux: $enable_selinux -+ - memfd rexec: $enable_memfd_rexec - - PAM: - - PAM module: $enable_pam -diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am -index 6ba9ecad2..dc8aa3d77 100644 ---- src/lxc/Makefile.am -+++ src/lxc/Makefile.am -@@ -177,6 +177,10 @@ if !HAVE_STRLCAT - liblxc_la_SOURCES += ../include/strlcat.c ../include/strlcat.h - endif - -+if ENFORCE_MEMFD_REXEC -+liblxc_la_SOURCES += rexec.c -+endif -+ - AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ - -DLXCPATH=\"$(LXCPATH)\" \ - -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ -diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c -index f89aa638d..930fd738a 100644 ---- src/lxc/file_utils.c -+++ src/lxc/file_utils.c -@@ -31,7 +31,7 @@ - #include "config.h" - #include "file_utils.h" - #include "macro.h" --#include "string.h" -+#include "string_utils.h" - - int lxc_write_to_file(const char *filename, const void *buf, size_t count, - bool add_newline, mode_t mode) -@@ -327,3 +327,42 @@ ssize_t lxc_sendfile_nointr(int out_fd, int in_fd, off_t *offset, size_t count) - - return ret; - } -+ -+char *file_to_buf(char *path, size_t *length) -+{ -+ int fd; -+ char buf[PATH_MAX]; -+ char *copy = NULL; -+ -+ if (!length) -+ return NULL; -+ -+ fd = open(path, O_RDONLY | O_CLOEXEC); -+ if (fd < 0) -+ return NULL; -+ -+ *length = 0; -+ for (;;) { -+ int n; -+ char *old = copy; -+ -+ n = lxc_read_nointr(fd, buf, sizeof(buf)); -+ if (n < 0) -+ goto on_error; -+ if (!n) -+ break; -+ -+ copy = must_realloc(old, (*length + n) * sizeof(*old)); -+ memcpy(copy + *length, buf, n); -+ *length += n; -+ } -+ -+ close(fd); -+ return copy; -+ -+on_error: -+ close(fd); -+ free(copy); -+ -+ return NULL; -+} -diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h -index 6361557a0..518a61af3 100644 ---- src/lxc/file_utils.h -+++ src/lxc/file_utils.h -@@ -55,5 +55,6 @@ extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); - extern FILE *fopen_cloexec(const char *path, const char *mode); - extern ssize_t lxc_sendfile_nointr(int out_fd, int in_fd, off_t *offset, - size_t count); -+extern char *file_to_buf(char *path, size_t *length); - - #endif /* __LXC_FILE_UTILS_H */ -diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c -new file mode 100644 -index 000000000..396bd617f ---- /dev/null -+++ src/lxc/rexec.c -@@ -0,0 +1,181 @@ -+/* liblxcapi -+ * -+ * Copyright © 2019 Christian Brauner . -+ * Copyright © 2019 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License version 2, as -+ * published by the Free Software Foundation. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License along -+ * with this program; if not, write to the Free Software Foundation, Inc., -+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+ */ -+ -+#ifndef _GNU_SOURCE -+#define _GNU_SOURCE 1 -+#endif -+#include -+#include -+#include -+#include -+ -+#include "config.h" -+#include "file_utils.h" -+#include "raw_syscalls.h" -+#include "string_utils.h" -+#include "syscall_wrappers.h" -+ -+#define LXC_MEMFD_REXEC_SEALS \ -+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) -+ -+static int push_vargs(char *data, int data_length, char ***output) -+{ -+ int num = 0; -+ char *cur = data; -+ -+ if (!data || *output) -+ return -1; -+ -+ *output = must_realloc(NULL, sizeof(**output)); -+ -+ while (cur < data + data_length) { -+ num++; -+ *output = must_realloc(*output, (num + 1) * sizeof(**output)); -+ -+ (*output)[num - 1] = cur; -+ cur += strlen(cur) + 1; -+ } -+ (*output)[num] = NULL; -+ return num; -+} -+ -+static int parse_exec_params(char ***argv, char ***envp) -+{ -+ int ret; -+ char *cmdline = NULL, *env = NULL; -+ size_t cmdline_size, env_size; -+ -+ cmdline = file_to_buf("/proc/self/cmdline", &cmdline_size); -+ if (!cmdline) -+ goto on_error; -+ -+ env = file_to_buf("/proc/self/environ", &env_size); -+ if (!env) -+ goto on_error; -+ -+ ret = push_vargs(cmdline, cmdline_size, argv); -+ if (ret <= 0) -+ goto on_error; -+ -+ ret = push_vargs(env, env_size, envp); -+ if (ret <= 0) -+ goto on_error; -+ -+ return 0; -+ -+on_error: -+ free(env); -+ free(cmdline); -+ -+ return -1; -+} -+ -+static int is_memfd(void) -+{ -+ int fd, saved_errno, seals; -+ -+ fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); -+ if (fd < 0) -+ return -ENOTRECOVERABLE; -+ -+ seals = fcntl(fd, F_GET_SEALS); -+ saved_errno = errno; -+ close(fd); -+ errno = saved_errno; -+ if (seals < 0) -+ return -EINVAL; -+ -+ return seals == LXC_MEMFD_REXEC_SEALS; -+} -+ -+static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name) -+{ -+ int saved_errno; -+ ssize_t bytes_sent; -+ int fd = -1, memfd = -1; -+ -+ memfd = memfd_create(memfd_name, MFD_ALLOW_SEALING | MFD_CLOEXEC); -+ if (memfd < 0) -+ return; -+ -+ fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); -+ if (fd < 0) -+ goto on_error; -+ -+ /* sendfile() handles up to 2GB. */ -+ bytes_sent = lxc_sendfile_nointr(memfd, fd, NULL, LXC_SENDFILE_MAX); -+ saved_errno = errno; -+ close(fd); -+ errno = saved_errno; -+ if (bytes_sent < 0) -+ goto on_error; -+ -+ if (fcntl(memfd, F_ADD_SEALS, LXC_MEMFD_REXEC_SEALS)) -+ goto on_error; -+ -+ fexecve(memfd, argv, envp); -+ -+on_error: -+ saved_errno = errno; -+ close(memfd); -+ errno = saved_errno; -+} -+ -+static int lxc_rexec(const char *memfd_name) -+{ -+ int ret; -+ char **argv = NULL, **envp = NULL; -+ -+ ret = is_memfd(); -+ if (ret < 0 && ret == -ENOTRECOVERABLE) { -+ fprintf(stderr, -+ "%s - Failed to determine whether this is a memfd\n", -+ strerror(errno)); -+ return -1; -+ } else if (ret > 0) { -+ return 0; -+ } -+ -+ ret = parse_exec_params(&argv, &envp); -+ if (ret < 0) { -+ fprintf(stderr, -+ "%s - Failed to parse command line parameters\n", -+ strerror(errno)); -+ return -1; -+ } -+ -+ lxc_rexec_as_memfd(argv, envp, memfd_name); -+ fprintf(stderr, "%s - Failed to rexec as memfd\n", strerror(errno)); -+ return -1; -+} -+ -+/** -+ * This function will copy any binary that calls liblxc into a memory file and -+ * will use the memfd to rexecute the binary. This is done to prevent attacks -+ * through the /proc/self/exe symlink to corrupt the host binary when host and -+ * container are in the same user namespace or have set up an identity id -+ * mapping: CVE-2019-5736. -+ */ -+__attribute__((constructor)) static void liblxc_rexec(void) -+{ -+ if (lxc_rexec("liblxc")) { -+ fprintf(stderr, "Failed to re-execute liblxc via memory file descriptor\n"); -+ _exit(EXIT_FAILURE); -+ } -+} -diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h -index 42d94db28..dca4d1571 100644 ---- src/lxc/syscall_wrappers.h -+++ src/lxc/syscall_wrappers.h -@@ -58,6 +58,20 @@ static inline long __keyctl(int cmd, unsigned long arg2, unsigned long arg3, - #define keyctl __keyctl - #endif - -+#ifndef F_LINUX_SPECIFIC_BASE -+#define F_LINUX_SPECIFIC_BASE 1024 -+#endif -+#ifndef F_ADD_SEALS -+#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) -+#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) -+#endif -+#ifndef F_SEAL_SEAL -+#define F_SEAL_SEAL 0x0001 -+#define F_SEAL_SHRINK 0x0002 -+#define F_SEAL_GROW 0x0004 -+#define F_SEAL_WRITE 0x0008 -+#endif -+ - #ifndef HAVE_MEMFD_CREATE - static inline int memfd_create(const char *name, unsigned int flags) { - #ifndef __NR_memfd_create diff --git a/srcpkgs/lxc/patches/musl-compat.patch b/srcpkgs/lxc/patches/musl-compat.patch deleted file mode 100644 index c4c9629b8f7..00000000000 --- a/srcpkgs/lxc/patches/musl-compat.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- src/lxc/compiler.h 2018-11-23 01:08:27.000000000 +0200 -+++ src/lxc/compiler.h 2018-11-26 21:24:49.629537630 +0200 -@@ -23,7 +23,6 @@ - #ifndef _GNU_SOURCE - #define _GNU_SOURCE 1 - #endif --#include - - #include "config.h" - diff --git a/srcpkgs/lxc/patches/rexecute.patch b/srcpkgs/lxc/patches/rexecute.patch deleted file mode 100644 index 8bc43ccf6dc..00000000000 --- a/srcpkgs/lxc/patches/rexecute.patch +++ /dev/null @@ -1,148 +0,0 @@ -From d3a9befc86113228f77c89030336faa84a5557c0 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 12 Feb 2019 17:31:14 +0100 -Subject: [PATCH] rexec: make rexecution opt-in for library callers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We cannot rexecute the liblxc shared library unconditionally as this would -break most of our downstreams. Here are some scenarios: -- anyone performing a dlopen() on the shared library (e.g. users of the LXC - Python bindings) -- LXD as it needs to know the absolute path to its own executable based on - /proc/self/exe etc. - -This commit makes the rexecution of liblxc conditional on whether the -LXC_MEMFD_REXEC environment variable is set or not. If it is then liblxc is -unconditionally rexecuted. - -The only relevant attack vector exists for lxc-attach which we simply reexecute -unconditionally. - -Reported-by: Stéphane Graber -Signed-off-by: Christian Brauner ---- - src/lxc/Makefile.am | 4 +++- - src/lxc/rexec.c | 4 ++-- - src/lxc/rexec.h | 26 ++++++++++++++++++++++++++ - src/lxc/tools/lxc_attach.c | 18 ++++++++++++++++++ - 4 files changed, 49 insertions(+), 3 deletions(-) - create mode 100644 src/lxc/rexec.h - -diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am -index e1499a7eb..ef19df9e0 100644 ---- src/lxc/Makefile.am -+++ src/lxc/Makefile.am -@@ -25,6 +25,7 @@ noinst_HEADERS = api_extensions.h \ - monitor.h \ - namespace.h \ - raw_syscalls.h \ -+ rexec.h \ - start.h \ - state.h \ - storage/btrfs.h \ -@@ -180,7 +181,7 @@ liblxc_la_SOURCES += ../include/strlcat.c ../include/strlcat.h - endif - - if ENFORCE_MEMFD_REXEC --liblxc_la_SOURCES += rexec.c -+liblxc_la_SOURCES += rexec.c rexec.h - endif - - AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ -@@ -307,6 +308,7 @@ LDADD = liblxc.la \ - - if ENABLE_TOOLS - lxc_attach_SOURCES = tools/lxc_attach.c \ -+ rexec.c rexec.h \ - tools/arguments.c tools/arguments.h - lxc_autostart_SOURCES = tools/lxc_autostart.c \ - tools/arguments.c tools/arguments.h -diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c -index 3ce499b1e..024728d85 100644 ---- src/lxc/rexec.c -+++ src/lxc/rexec.c -@@ -142,7 +142,7 @@ static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name) - errno = saved_errno; - } - --static int lxc_rexec(const char *memfd_name) -+int lxc_rexec(const char *memfd_name) - { - int ret; - char **argv = NULL, **envp = NULL; -@@ -179,7 +179,7 @@ static int lxc_rexec(const char *memfd_name) - */ - __attribute__((constructor)) static void liblxc_rexec(void) - { -- if (lxc_rexec("liblxc")) { -+ if (getenv("LXC_MEMFD_REXEC") && lxc_rexec("liblxc")) { - fprintf(stderr, "Failed to re-execute liblxc via memory file descriptor\n"); - _exit(EXIT_FAILURE); - } -diff --git a/src/lxc/rexec.h b/src/lxc/rexec.h -new file mode 100644 -index 000000000..088ded932 ---- /dev/null -+++ src/lxc/rexec.h -@@ -0,0 +1,26 @@ -+/* liblxcapi -+ * -+ * Copyright © 2019 Christian Brauner . -+ * Copyright © 2019 Canonical Ltd. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#ifndef __LXC_REXEC_H -+#define __LXC_REXEC_H -+ -+extern int lxc_rexec(const char *memfd_name); -+ -+#endif /* __LXC_REXEC_H */ -diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c -index 3de0d7747..d10b6ecc2 100644 ---- src/lxc/tools/lxc_attach.c -+++ src/lxc/tools/lxc_attach.c -@@ -44,10 +44,28 @@ - #include "config.h" - #include "confile.h" - #include "log.h" -+#include "rexec.h" - #include "utils.h" - - lxc_log_define(lxc_attach, lxc); - -+/** -+ * This function will copy any binary that calls liblxc into a memory file and -+ * will use the memfd to rexecute the binary. This is done to prevent attacks -+ * through the /proc/self/exe symlink to corrupt the host binary when host and -+ * container are in the same user namespace or have set up an identity id -+ * mapping: CVE-2019-5736. -+ */ -+#ifdef ENFORCE_MEMFD_REXEC -+__attribute__((constructor)) static void lxc_attach_rexec(void) -+{ -+ if (!getenv("LXC_MEMFD_REXEC") && lxc_rexec("lxc-attach")) { -+ fprintf(stderr, "Failed to re-execute lxc-attach via memory file descriptor\n"); -+ _exit(EXIT_FAILURE); -+ } -+} -+#endif -+ - static int my_parser(struct lxc_arguments *args, int c, char *arg); - static int add_to_simple_array(char ***array, ssize_t *capacity, char *value); - static bool stdfd_is_pty(void); diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template index 639cd6322f5..5c06f4939fd 100644 --- a/srcpkgs/lxc/template +++ b/srcpkgs/lxc/template @@ -2,7 +2,7 @@ _desc="Linux Containers" pkgname=lxc -version=3.1.0 +version=3.2.1 revision=1 build_style=gnu-configure configure_args="--enable-doc --enable-seccomp @@ -16,7 +16,7 @@ maintainer="Orphaned " homepage="https://linuxcontainers.org" license="LGPL-2.1-or-later" distfiles="https://linuxcontainers.org/downloads/lxc-${version}.tar.gz" -checksum=4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5 +checksum=5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 conf_files="/etc/lxc/default.conf" make_dirs=" From fa866b5766488ca5ffb20dfc039ef823bfa43020 Mon Sep 17 00:00:00 2001 From: Julio Galvan Date: Sat, 3 Aug 2019 16:32:56 -0700 Subject: [PATCH 6/6] lxd: update to 3.17 --- srcpkgs/lxd/patches/seccomp.patch | 41 ------------------------------- srcpkgs/lxd/template | 20 +++------------ 2 files changed, 4 insertions(+), 57 deletions(-) delete mode 100644 srcpkgs/lxd/patches/seccomp.patch diff --git a/srcpkgs/lxd/patches/seccomp.patch b/srcpkgs/lxd/patches/seccomp.patch deleted file mode 100644 index e7b52a31931..00000000000 --- a/srcpkgs/lxd/patches/seccomp.patch +++ /dev/null @@ -1,41 +0,0 @@ -lxc/lxd@a181ed4 [PATCH] seccomp: define __NR_mknod if missing -lxc/lxd@c655ed5 [PATCH] seccomp: rework missing syscall number definitions ---- - lxd/seccomp.go | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/lxd/seccomp.go b/lxd/seccomp.go -index 0afad7cacc..32397b9729 100644 ---- lxd/seccomp.go -+++ lxd/seccomp.go -@@ -109,6 +109,14 @@ - return -EPERM; - } - -+#ifndef __NR_mknodat -+ #error missing kernel headers -+#else -+ #ifdef __NR_mknod -+ #define LXD_MUST_CHECK_MKNOD -+ #endif -+#endif -+ - static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_proxy_msg *msg, - char *buf, size_t size, - mode_t *mode, dev_t *dev, -@@ -124,6 +132,7 @@ static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_p - resp->val = 0; - - switch (req->data.nr) { -+#ifdef LXD_MUST_CHECK_MKNOD - case __NR_mknod: - resp->error = device_allowed(req->data.args[2], req->data.args[1]); - if (resp->error) { -@@ -143,6 +149,7 @@ static int seccomp_notify_mknod_set_response(int fd_mem, struct seccomp_notify_p - *pid = req->pid; - - break; -+#endif - case __NR_mknodat: - if (req->data.args[0] != AT_FDCWD) { - errno = EINVAL; diff --git a/srcpkgs/lxd/template b/srcpkgs/lxd/template index 2a9cf44d88d..279fc1d80ef 100644 --- a/srcpkgs/lxd/template +++ b/srcpkgs/lxd/template @@ -1,35 +1,23 @@ # Template file for 'lxd' pkgname=lxd -version=3.14 +version=3.17 revision=1 build_style=go go_import_path=github.com/lxc/lxd go_build_tags=libsqlite3 go_package="${go_import_path}/lxd ${go_import_path}/lxc ${go_import_path}/lxd-p2c ${go_import_path}/fuidshift" -hostmakedepends="pkg-config" -makedepends="lxc-devel acl-devel dqlite-devel" +hostmakedepends="pkg-config git" +makedepends="lxc-devel acl-devel dqlite-devel libuv-devel raft-devel" depends="lxc acl acl-progs rsync squashfs-tools xz dnsmasq iptables" short_desc="Next generation system container manager" maintainer="Cameron Nemo " license="Apache-2.0" homepage="https://linuxcontainers.org/lxd" distfiles="https://linuxcontainers.org/downloads/lxd/lxd-${version}.tar.gz" -checksum=409e4758cbeb43b098d0265c4ce05aeeac5ae73f8914ceb1006e6a6d89fe1fe5 +checksum=9484acb489b91f58ae8fe4518e5a09bdf2460808817efd32765ad9241ef729ef system_groups="lxd" -do_configure() { - # the LXD tarball packages up the required dependencies - ln -s "$wrksrc/dist" "$GOPATH" -} - -do_build() { - # don't go-get the dependencies, just install with what's there - cd "$GOSRCPATH" - go_package=${go_package:-$go_import_path} - go install -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package} -} - post_install() { vinstall scripts/bash/lxd-client 644 /usr/share/bash-completion/completions lxd vlicense COPYING LICENSE