aboutsummaryrefslogtreecommitdiffstats
path: root/main/fprobe-ulog
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2014-07-30 09:59:37 +0300
committerTimo Teräs <timo.teras@iki.fi>2014-07-30 14:08:44 +0300
commita367d15bffbabf1c4036ca2cf68bb3961786daad (patch)
tree1dd808087c8fbdcc9fae89ca23d457b550f3b90a /main/fprobe-ulog
parentfbe109d9baf2c6b1152c055a575651a4ef80a8c7 (diff)
downloadaports-a367d15bffbabf1c4036ca2cf68bb3961786daad.tar.bz2
aports-a367d15bffbabf1c4036ca2cf68bb3961786daad.tar.xz
main/fprobe-ulog: fix setre[ug]id usage
Diffstat (limited to 'main/fprobe-ulog')
-rw-r--r--main/fprobe-ulog/APKBUILD16
-rw-r--r--main/fprobe-ulog/fix-setuser.patch65
2 files changed, 79 insertions, 2 deletions
diff --git a/main/fprobe-ulog/APKBUILD b/main/fprobe-ulog/APKBUILD
index 6dddc8d39c..09f981dbb5 100644
--- a/main/fprobe-ulog/APKBUILD
+++ b/main/fprobe-ulog/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=fprobe-ulog
pkgver=1.1
-pkgrel=2
+pkgrel=3
pkgdesc="netfilter-based tool that collect network traffic"
url="http://fprobe.sourceforge.net/"
arch="all"
@@ -14,6 +14,7 @@ source="http://downloads.sourceforge.net/project/fprobe/$pkgname/$pkgver/$pkgnam
fprobe-ulog.confd
fprobe-ulog.initd
fprobe-1.1-pidfile-sanity.patch
+ fix-setuser.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -53,4 +54,15 @@ package() {
md5sums="cdb2e4edc47e8a3d5479eeabfb979ebc fprobe-ulog-1.1.tar.bz2
8aabfe548f2fb197a10c8ccfaa4d0a23 fprobe-ulog.confd
df64f84f28af0976bff35a8fda8d663a fprobe-ulog.initd
-f1316ad835c1a2b6565b4dc448b022df fprobe-1.1-pidfile-sanity.patch"
+f1316ad835c1a2b6565b4dc448b022df fprobe-1.1-pidfile-sanity.patch
+86bedb26dd76e7326578caae875c22a4 fix-setuser.patch"
+sha256sums="53b9ccbca4469dfb0e9da91f9f0789dbf732f2adac9de18842e3c210b445f2ad fprobe-ulog-1.1.tar.bz2
+7101091e238f5b0719a66f525f5bdc000ad593f492dd51896e2bd077fcada8f4 fprobe-ulog.confd
+5408a87e4d736918afb754bbfada578e504b5583203c3e7f7760f6fe1bdb6c75 fprobe-ulog.initd
+660531f8ba574f80835bb26390e47c2541a3c75985656d46a334c38bfaa4e362 fprobe-1.1-pidfile-sanity.patch
+4ea5dd2513049aecf018aac1bd1f67f5ad4bf6359724c17235eeeddb00889095 fix-setuser.patch"
+sha512sums="144c420709e19d6d9212d5d849c9d68526aeabbb2a17c6d7c84f4ebc5760473b9adef2c1fb99ae4d70a15daa48a9e05e340a4928203f8bb88aeadf8317410fe1 fprobe-ulog-1.1.tar.bz2
+388522863b5c77a334ee11bd771717d829448c85755b58088e22558b99a98514ac95ec3122cf3cb1ce7376f40ac0bae6bf1488dbd4ef60170c3ff83824988195 fprobe-ulog.confd
+557fc66e7aeaea92800d7457c8f637dd78ccd99765e0f37bf49bf91eccb744c2b68f2aace79babe823af5daee86afc7b4e3c846969cc444325b3703d3ffbccd5 fprobe-ulog.initd
+e8d5103d2c12fffb913b327badf07e6ac3a0ad8b6e39e942c50dc7e472391b345006b7ee7b7d12a4613c351db2b4e88a6fbd17cfa0907c7c9010faeced3ff557 fprobe-1.1-pidfile-sanity.patch
+aef41de2cdacc9ad9f9f9f7f591b0d55f4b7face233a1c5ab1c63704b9b390e3daf50da1a6da65e8508303abb81f388968cc3b0132e9f02ee658127a542aa077 fix-setuser.patch"
diff --git a/main/fprobe-ulog/fix-setuser.patch b/main/fprobe-ulog/fix-setuser.patch
new file mode 100644
index 0000000000..675fa986ab
--- /dev/null
+++ b/main/fprobe-ulog/fix-setuser.patch
@@ -0,0 +1,65 @@
+From: Timo Teräs <timo.teras@iki.fi>
+
+Fix setre[gu]id handling for musl. The libc calls work per POSIX definition
+and change the process values (including all threads). Remove the per-thread
+hacks. This fixes a race condition that created thread calls first setreuid()
+causing the setgroups() call in the main thread to fail with -EPERM.
+
+diff -ru fprobe-ulog-1.1.orig/src/fprobe-ulog.c fprobe-ulog-1.1/src/fprobe-ulog.c
+--- fprobe-ulog-1.1.orig/src/fprobe-ulog.c 2014-07-30 13:09:34.000000000 -0300
++++ fprobe-ulog-1.1/src/fprobe-ulog.c 2014-07-30 13:46:25.952717084 -0300
+@@ -619,18 +619,6 @@
+ return p;
+ }
+
+-void setuser() {
+- /*
+- Workaround for clone()-based threads
+- Try to change EUID independently of main thread
+- */
+- if (pw) {
+- setgroups(0, NULL);
+- setregid(pw->pw_gid, pw->pw_gid);
+- setreuid(pw->pw_uid, pw->pw_uid);
+- }
+-}
+-
+ void *emit_thread()
+ {
+ struct Flow *flow;
+@@ -642,8 +630,6 @@
+ p = (void *) &emit_packet + netflow->HeaderSize;
+ timeout.tv_nsec = 0;
+
+- setuser();
+-
+ for (;;) {
+ pthread_mutex_lock(&emit_mutex);
+ while (!flows_emit) {
+@@ -730,8 +716,6 @@
+ char logbuf[256];
+ #endif
+
+- setuser();
+-
+ timeout.tv_nsec = 0;
+ pthread_mutex_lock(&unpending_mutex);
+
+@@ -777,8 +761,6 @@
+ struct Time now;
+ struct timespec timeout;
+
+- setuser();
+-
+ timeout.tv_nsec = 0;
+ pthread_mutex_lock(&scan_mutex);
+
+@@ -872,8 +854,6 @@
+ char logbuf[256];
+ #endif
+
+- setuser();
+-
+ while (!killed) {
+ len = ipulog_read(ulog_handle, cap_buf, CAPTURE_SIZE, 1);
+ if (len <= 0) {