From 1c71b4c2e9f9d396cb67aecf581b3d518be0ac9c Mon Sep 17 00:00:00 2001 From: pacien Date: Wed, 9 Sep 2020 18:56:25 +0200 Subject: tinc: fix FORTIFY error when initialising a new tinc configuration This fixes the "FORTIFY: umask: called with invalid mask -601" error when attempting to create a new tinc configuration on builds having the FORTIFY option enabled (by default in NDK >=r21). Upstream patch: https://github.com/gsliepen/tinc/pull/251 GitHub: closes #99 --- app/CMakeLists.txt | 2 ++ ...ncctl-restrict-umask-argument-for-FORTIFY.patch | 31 ++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch (limited to 'app') diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt index 6511df1..1962fbf 100644 --- a/app/CMakeLists.txt +++ b/app/CMakeLists.txt @@ -56,6 +56,8 @@ ExternalProject_Add(tinc DEPENDS lzo libressl URL https://github.com/gsliepen/tinc/archive/f5223937e62e1cc5e9b3d322490dd3af8d666750.tar.gz URL_HASH SHA256=3fe923e8fbb1e0192986039e91d6945ffbbe326ee8c2c0a13bacf80e87dad4a9 + # TODO: remove patch once merged in upstream (https://github.com/gsliepen/tinc/pull/251) + PATCH_COMMAND patch -p1 < ${PROJECT_SOURCE_DIR}/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch CONFIGURE_COMMAND autoreconf -fsi && /configure ${xCONFIG} --with-openssl=${CMAKE_CURRENT_BINARY_DIR}/usr/local diff --git a/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch new file mode 100644 index 0000000..85ab949 --- /dev/null +++ b/app/src/main/c/0001-tincctl-restrict-umask-argument-for-FORTIFY.patch @@ -0,0 +1,31 @@ +From b6498e6402d9681743b697c1c9f0760448b3be54 Mon Sep 17 00:00:00 2001 +From: pacien +Date: Wed, 9 Sep 2020 01:24:28 +0200 +Subject: [PATCH] tincctl: restrict umask argument for FORTIFY + +`umask(mode)` calls that do not verify `(mode & 0777) == mode` are +rejected when the libc FORTIFY checks are enabled [1]. + +The unrestricted `~perms` was indeed making this assertion fail. + +[1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404 +--- + src/tincctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tincctl.c b/src/tincctl.c +index 08f30189..11c1a96c 100644 +--- a/src/tincctl.c ++++ b/src/tincctl.c +@@ -237,7 +237,7 @@ static bool parse_options(int argc, char **argv) { + FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { + mode_t mask = umask(0); + perms &= ~mask; +- umask(~perms); ++ umask(~perms & 0777); + FILE *f = fopen(filename, mode); + + if(!f) { +-- +2.25.4 + -- cgit v1.2.3