pseudo: Backport two upstream fixes

Backport fixes from pseudo master for an acl issue and more importantly, a segfault
issue with bash which can be triggered by the recent useradd changes.

(From OE-Core rev: 949214761998a93fc6b8b009f1cdad0db3bfa5db)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

3 files changed, 149 insertions, 0 deletions

diff --git a/meta/recipes-devtools/pseudo/files/b6b68db896f9963558334aff7fca61adde4ec10f.patch b/meta/recipes-devtools/pseudo/files/b6b68db896f9963558334aff7fca61adde4ec10f.patch
new file mode 100644
index 0000000000..3045a3b736
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/b6b68db896f9963558334aff7fca61adde4ec10f.patch
@@ -0,0 +1,48 @@
+From b6b68db896f9963558334aff7fca61adde4ec10f Mon Sep 17 00:00:00 2001
+From: Seebs <seebs@seebs.net>
+Date: Thu, 13 Apr 2017 18:12:01 -0500
+Subject: Prevent bash from segfaulting when unloading pseudo
+
+bash's extremely fancy internal awareness of how the environment looks
+means that, if you directly call the underlying libc "unsetenv" on
+a variable, bash can end up trying to access a null pointer. Fixing
+this generically is actually rather hard; you can't really avoid
+writing to environ on fork() or popen(), even if you change all
+execv*() functions to use the execv*e() variants. So for now, instead
+of unsetting the variable, set it to an empty string.
+
+Thanks to Saur in IRC for spotting this and helping debug it.
+
+Signed-off-by: Seebs <seebs@seebs.net>
+
+Upstream-Status: Backport
+
+diff --git a/ChangeLog.txt b/ChangeLog.txt
+index a2d30e9..8ba1ffa 100644
+--- a/ChangeLog.txt
++++ b/ChangeLog.txt
+@@ -1,3 +1,8 @@
++2017-04-13:
++       * (seebs) don't unset LD_PRELOAD or the like, because if you
++         do that, bash can segfault because it "knows" how many
++         fields are in environ.
++
+ 2017-02-24:
+        * (seebs) import posix_acl_default fix from Anton Gerasimov
+          <anton@advancedtelematic.com>
+diff --git a/pseudo_util.c b/pseudo_util.c
+index 172990b..6a1fac2 100644
+--- a/pseudo_util.c
++++ b/pseudo_util.c
+@@ -844,7 +844,7 @@ void pseudo_dropenv() {
+                if (ld_preload && strlen(ld_preload)) {
+                        SETENV(PRELINK_LIBRARIES, ld_preload, 1);
+                } else {
+-                       UNSETENV(PRELINK_LIBRARIES);
++                       SETENV(PRELINK_LIBRARIES, "", 1);
+                }
+        }
+ }
+-- 
+cgit v0.10.2
+
diff --git a/meta/recipes-devtools/pseudo/files/efe0be279901006f939cd357ccee47b651c786da.patch b/meta/recipes-devtools/pseudo/files/efe0be279901006f939cd357ccee47b651c786da.patch
new file mode 100644
index 0000000000..64fc58c4fe
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/efe0be279901006f939cd357ccee47b651c786da.patch
@@ -0,0 +1,99 @@
+From efe0be279901006f939cd357ccee47b651c786da Mon Sep 17 00:00:00 2001
+From: Seebs <seebs@seebs.net>
+Date: Fri, 24 Feb 2017 12:47:38 -0600
+Subject: Don't try to record 0-length posix_acl_default xattrs
+
+Based on a submission from Anton Gerasimov <anton@advancedtelematic.com>
+
+On some systems, with some kernel configs, "cp -a" apparently tries to
+set an empty ACL list, with a valid header but no contents, which causes
+strange and mysterious behavior later if we actually create such an entry.
+So filter that out, also sanity-check a couple of other things.
+
+Signed-off-by: Seebs <seebs@seebs.net>
+
+Upstream-Status: Backport
+
+diff --git a/ChangeLog.txt b/ChangeLog.txt
+index ae2a6e9..a2d30e9 100644
+--- a/ChangeLog.txt
++++ b/ChangeLog.txt
+@@ -1,3 +1,6 @@
++2017-02-24:
++       * (seebs) import posix_acl_default fix from Anton Gerasimov
++         <anton@advancedtelematic.com>
+ 2017-02-01:
+    * (seebs) handle xattr deletion slightly more carefully.
+    * (seebs) tag this as 1.8.2
+diff --git a/ports/linux/xattr/pseudo_wrappers.c b/ports/linux/xattr/pseudo_wrappers.c
+index 46bc053..d69d53e 100644
+--- a/ports/linux/xattr/pseudo_wrappers.c
++++ b/ports/linux/xattr/pseudo_wrappers.c
+@@ -62,9 +62,9 @@ static int
+ posix_permissions(const acl_header *header, int entries, int *extra, int *mode) {
+        int acl_seen = 0;
+        if (le32(header->version) != 2) {
+-               pseudo_diag("Fatal: ACL support no available for header version %d.\n",
++               pseudo_diag("Fatal: ACL support not available for header version %d.\n",
+                        le32(header->version));
+-               return 1;
++               return -1;
+        }
+        *mode = 0;
+        *extra = 0;
+@@ -140,12 +140,38 @@ static int shared_setxattr(const char *path, int fd, const char *name, const voi
+        pseudo_debug(PDBGF_XATTR, "setxattr(%s [fd %d], %s => '%.*s')\n",
+                path ? path : "<no path>", fd, name, (int) size, (char *) value);
+ 
++       /* Filter out erroneous sizes for POSIX ACL
++        *  see posix_acl_xattr_count in include/linux/posix_acl_xattr.h of Linux source code */
++       /* I don't think there's any posix_acl_* values that aren't in this format */
++       if (!strncmp(name, "system.posix_acl_", 17)) {
++               // ACL is corrupt, issue an error
++               if(size < sizeof(acl_header) || (size - sizeof(acl_header)) % sizeof(acl_entry) != 0) {
++                       pseudo_debug(PDBGF_XATTR, "invalid data size for %s: %d\n",
++                               name, (int) size);
++                       errno = EINVAL;
++                       return -1;
++               }
++
++               // ACL is empty, do nothing
++               if((size - sizeof(acl_header)) / sizeof(acl_entry) == 0) {
++                       /* on some systems, "cp -a" will attempt to clone the
++                        * posix_acl_default entry for a directory (which would specify
++                        * default ACLs for new files in that directory), but if the
++                        * original was empty, we get a header but no entries. With
++                        * real xattr, that ends up being silently discarded, apparently,
++                        * so we discard it too.
++                        */
++                       pseudo_debug(PDBGF_XATTR, "0-length ACL entry %s.\n", name);
++                       return 0;
++               }
++       }
+        /* this may be a plain chmod */
+        if (!strcmp(name, "system.posix_acl_access")) {
+                int extra;
+                int mode;
+                int entries = (size - sizeof(acl_header)) / sizeof(acl_entry);
+-               if (!posix_permissions(value, entries, &extra, &mode)) {
++               int res = posix_permissions(value, entries, &extra, &mode);
++               if (res == 0) {
+                        pseudo_debug(PDBGF_XATTR, "posix_acl_access translated to mode %04o. Remaining attribute(s): %d.\n",
+                                mode, extra);
+                        buf.st_mode = mode;
+@@ -164,8 +190,12 @@ static int shared_setxattr(const char *path, int fd, const char *name, const voi
+                        if (!extra) {
+                                return 0;
+                        }
++               } else if (res == -1) {
++                       errno = EOPNOTSUPP;
++                       return -1;
+                }
+        }
++
+        if (!strcmp(name, "user.pseudo_data")) {
+                pseudo_debug(PDBGF_XATTR | PDBGF_XATTRDB, "user.pseudo_data xattribute does not get to go in database.\n");
+                return -1;
+-- 
+cgit v0.10.2
+
diff --git a/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb b/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb
index 9e0213a9e0..b427b9ac3c 100644
--- a/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_1.8.2.bb
@@ -5,6 +5,8 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/pseudo/${BPN}-${PV}.tar.bz
            file://fallback-passwd \
            file://fallback-group \
            file://moreretries.patch \
+           file://efe0be279901006f939cd357ccee47b651c786da.patch \
+           file://b6b68db896f9963558334aff7fca61adde4ec10f.patch \
            "
 
 SRC_URI[md5sum] = "7d41e72188fbea1f696c399c1a435675"