commit: d4fb521d829cf0c52a01f9488054de6dde86c972 Author: Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com> AuthorDate: Mon Aug 4 08:12:25 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Aug 4 22:15:56 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4fb521d
dev-debug/sysdig: fix runtime failures with glibc-2.42 glibc-2.42 added __inet_ntop_chk fortification, which started to fail: *** buffer overflow detected ***: terminated Program received signal SIGABRT, Aborted. 0x00007ffff629b0dc in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 in raise () from /lib64/libc.so.6 #2 in abort () from /lib64/libc.so.6 #3 in __libc_message_impl.cold () from /lib64/libc.so.6 #4 in __fortify_fail () from /lib64/libc.so.6 #5 in __chk_fail () from /lib64/libc.so.6 #6 in __inet_ntop_chk () from /lib64/libc.so.6 #7 in inet_ntop (..) at /usr/include/bits/inet-fortified.h> #8 ipv6tuple_to_string[abi:cxx11](ipv6tuple*, bool) (..) Use INET6_ADDRSTRLEN as destination buffer size. Also add a minor build system fix and ebuild cleanups. Revbump directly to stable since this has always been an issue and should be fixed even with glibc <2.42. Closes: https://bugs.gentoo.org/961046 Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com> Part-of: https://github.com/gentoo/gentoo/pull/43311 Signed-off-by: Sam James <sam <AT> gentoo.org> ...s-0.20.0-fix-INET6_ADDRSTRLEN-buffer-size.patch | 54 ++++++++++++++++++++++ ...ffer-overrun-reading-sockets-from-procfs.patch} | 1 - ...x-driver-and-bpf-makefile-for-kernel-6.13.patch | 39 ++++++++++++++++ ...ysdig-0.40.1.ebuild => sysdig-0.40.1-r1.ebuild} | 14 ++++-- 4 files changed, 103 insertions(+), 5 deletions(-) diff --git a/dev-debug/sysdig/files/libs-0.20.0-fix-INET6_ADDRSTRLEN-buffer-size.patch b/dev-debug/sysdig/files/libs-0.20.0-fix-INET6_ADDRSTRLEN-buffer-size.patch new file mode 100644 index 000000000000..f2ea81289e0f --- /dev/null +++ b/dev-debug/sysdig/files/libs-0.20.0-fix-INET6_ADDRSTRLEN-buffer-size.patch @@ -0,0 +1,54 @@ +Backported patch from: https://github.com/falcosecurity/libs/pull/2574 + +glibc-2.42 added __inet_ntop_chk fortification, which started to fail: + +*** buffer overflow detected ***: terminated +Program received signal SIGABRT, Aborted. +0x00007ffff629b0dc in __pthread_kill_implementation () from /lib64/libc.so.6 +(gdb) bt +#0 0x00007ffff629b0dc in __pthread_kill_implementation () from /lib64/libc.so.6 +#1 0x00007ffff6242572 in raise () from /lib64/libc.so.6 +#2 0x00007ffff6229f3b in abort () from /lib64/libc.so.6 +#3 0x00007ffff622b148 in __libc_message_impl.cold () from /lib64/libc.so.6 +#4 0x00007ffff6327337 in __fortify_fail () from /lib64/libc.so.6 +#5 0x00007ffff6326c92 in __chk_fail () from /lib64/libc.so.6 +#6 0x00007ffff6327a62 in __inet_ntop_chk () from /lib64/libc.so.6 +#7 0x000055555569da3d in inet_ntop (__af=10, __src=0x555555ee0800, __dst=0x7fffffff4f90 "\260P\377\377\377\177", __dst_size=100) at /usr/include/bits/inet-fortified.h:36 +#8 ipv6tuple_to_string[abi:cxx11](ipv6tuple*, bool) (tuple=0x555555ee0800, resolve=false) at /tmp/portage/dev-debug/sysdig-0.40.1/work/libs-0.20.0/userspace/libsinsp/utils.cpp:1110 + +Pass a target buffer size appropriate for IPv addresses. + +--- libs-0.20.0/userspace/libsinsp/utils.cpp ++++ libs-0.20.0-new/userspace/libsinsp/utils.cpp +@@ -1089,13 +1089,13 @@ std::string ipv4tuple_to_string(ipv4tupl + } + + std::string ipv6serveraddr_to_string(ipv6serverinfo* addr, bool resolve) { +- char address[100]; +- char buf[200]; ++ char address[INET6_ADDRSTRLEN]; + +- if(NULL == inet_ntop(AF_INET6, addr->m_ip.m_b, address, 100)) { ++ if(NULL == inet_ntop(AF_INET6, addr->m_ip.m_b, address, INET6_ADDRSTRLEN)) { + return std::string(); + } + ++ char buf[200]; + snprintf(buf, + 200, + "%s:%s", +@@ -1107,12 +1107,12 @@ std::string ipv6serveraddr_to_string(ipv + + std::string ipv6tuple_to_string(ipv6tuple* tuple, bool resolve) { + char source_address[INET6_ADDRSTRLEN]; +- if(NULL == inet_ntop(AF_INET6, tuple->m_fields.m_sip.m_b, source_address, 100)) { ++ if(NULL == inet_ntop(AF_INET6, tuple->m_fields.m_sip.m_b, source_address, INET6_ADDRSTRLEN)) { + return std::string(); + } + + char destination_address[INET6_ADDRSTRLEN]; +- if(NULL == inet_ntop(AF_INET6, tuple->m_fields.m_dip.m_b, destination_address, 100)) { ++ if(NULL == inet_ntop(AF_INET6, tuple->m_fields.m_dip.m_b, destination_address, INET6_ADDRSTRLEN)) { + return std::string(); + } + diff --git a/dev-debug/sysdig/files/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch b/dev-debug/sysdig/files/libs-0.20.0-fix-buffer-overrun-reading-sockets-from-procfs.patch similarity index 99% rename from dev-debug/sysdig/files/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch rename to dev-debug/sysdig/files/libs-0.20.0-fix-buffer-overrun-reading-sockets-from-procfs.patch index 9741fad48e2a..238cd12ac540 100644 --- a/dev-debug/sysdig/files/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch +++ b/dev-debug/sysdig/files/libs-0.20.0-fix-buffer-overrun-reading-sockets-from-procfs.patch @@ -1,4 +1,3 @@ - Patch from: https://github.com/falcosecurity/libs/commit/de3f4cac9233682eae63c63377c82efb649679f5 diff --git a/dev-debug/sysdig/files/libs-0.20.0-fix-driver-and-bpf-makefile-for-kernel-6.13.patch b/dev-debug/sysdig/files/libs-0.20.0-fix-driver-and-bpf-makefile-for-kernel-6.13.patch new file mode 100644 index 000000000000..f0c16d176d12 --- /dev/null +++ b/dev-debug/sysdig/files/libs-0.20.0-fix-driver-and-bpf-makefile-for-kernel-6.13.patch @@ -0,0 +1,39 @@ +Patch from: +https://github.com/falcosecurity/libs/commit/7f01ec89c565fcb45ade833b1312ae69637bc4ec + +From: Federico Di Pierro <[email protected]> +Date: Fri, 28 Mar 2025 08:35:23 +0100 +Subject: [PATCH] fix(driver): fix driver and bpf makefile for linux 6.13. + +Signed-off-by: Federico Di Pierro <[email protected]> +--- + driver/Makefile.in | 2 +- + driver/bpf/Makefile | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/driver/Makefile.in b/driver/Makefile.in +index 7b1fdc2dba..ec60103d0d 100644 +--- a/driver/Makefile.in ++++ b/driver/Makefile.in +@@ -29,7 +29,7 @@ install: all + + else + +-KERNELDIR ?= $(CURDIR) ++KERNELDIR ?= $(realpath $(objtree)) + # + # Get the path of the module sources + # +diff --git a/driver/bpf/Makefile b/driver/bpf/Makefile +index 58d1b11165..c94647c608 100644 +--- a/driver/bpf/Makefile ++++ b/driver/bpf/Makefile +@@ -28,7 +28,7 @@ clean: + + else + +-KERNELDIR ?= $(CURDIR) ++KERNELDIR ?= $(realpath $(objtree)) + # + # Get the path of the module sources + # diff --git a/dev-debug/sysdig/sysdig-0.40.1.ebuild b/dev-debug/sysdig/sysdig-0.40.1-r1.ebuild similarity index 89% rename from dev-debug/sysdig/sysdig-0.40.1.ebuild rename to dev-debug/sysdig/sysdig-0.40.1-r1.ebuild index 3ff91c669f03..071b91c49543 100644 --- a/dev-debug/sysdig/sysdig-0.40.1.ebuild +++ b/dev-debug/sysdig/sysdig-0.40.1-r1.ebuild @@ -77,7 +77,9 @@ pkg_pretend() { src_prepare() { # manually apply patches to falcosecurity-libs pushd "${WORKDIR}/libs-${LIBS_VERSION}" - eapply "${FILESDIR}/libs-0.20-fix-buffer-overrun-reading-sockets-from-procfs.patch" || die + eapply "${FILESDIR}/libs-0.20.0-fix-buffer-overrun-reading-sockets-from-procfs.patch" || die + eapply "${FILESDIR}/libs-0.20.0-fix-driver-and-bpf-makefile-for-kernel-6.13.patch" || die + eapply "${FILESDIR}/libs-0.20.0-fix-INET6_ADDRSTRLEN-buffer-size.patch" || die popd # do not build with debugging info @@ -97,6 +99,10 @@ src_configure() { local mycmakeargs=( # do not build the kernel driver -DBUILD_DRIVER=OFF + -DENABLE_DKMS=OFF + + # disable all test targets + -DCREATE_TEST_TARGETS=OFF # libscap examples are not installed or really useful -DBUILD_LIBSCAP_EXAMPLES=OFF @@ -104,10 +110,10 @@ src_configure() { # do not build internal libs as shared -DBUILD_SHARED_LIBS=OFF - # build BPF probe depending on USE - -DBUILD_SYSDIG_MODERN_BPF:BOOL=$(usex bpf) + # build modern BPF probe depending on USE + -DBUILD_SYSDIG_MODERN_BPF=$(usex bpf) - # set driver version to prevent downloading (don't ask..) + # set driver location/version -DDRIVER_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}/driver -DDRIVER_VERSION=${DRIVER_VERSION}
