diff mbox series

[meta-security,v2] suricata: fix SEGV on startup (TMPDIR QA)

Message ID bbb71841-c224-4a65-8547-28e530ddf098@gmail.com
State New
Headers show
Series [meta-security,v2] suricata: fix SEGV on startup (TMPDIR QA) | expand

Commit Message

Clayton Casciato May 20, 2025, 6:52 p.m. UTC 
ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File /usr/bin/suricata
in package suricata contains reference to TMPDIR [buildpaths]

ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File
/usr/src/debug/suricata/7.0.0/src/build-info.h in package suricata-src
contains reference to TMPDIR [buildpaths]

The current resolution causes a SEGV:
root@beaglebone-yocto:~# journalctl -u suricata
May 20 18:30:51 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP
daemon.
May 20 18:30:51 beaglebone-yocto systemd[1]: suricata.service: Main
process exited, code=dumped, status=11/SEGV
May 20 18:30:51 beaglebone-yocto systemd[1]: suricata.service: Failed
with result 'core-dump'.

Address references when src/build-info.h is being written

This is similar to Debian's approach:
https://sources.debian.org/patches/suricata/1:7.0.10-1~bpo12%2B1/reproducible.patch/

Restore the "already-stripped" check and CFLAGS info

Original resolution in commit c0e3fecc3bea ("suricata: fix QA warnings")

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
---
Sponsor: 21SoftWare LLC

v1: https://lists.yoctoproject.org/g/yocto-patches/topic/meta_security_patch/113203284
v2: update descriptions to indicate functional issue

 recipes-ids/suricata/suricata_7.0.0.bb | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)
diff mbox series

Patch

diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 910e21e..dc55fdf 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -68,6 +68,8 @@  do_configure:prepend () {
     # use host for RUST_SURICATA_LIB_XC_DIR
     sed -i -e 's,\${host_alias},${RUST_HOST_SYS},' ${S}/configure.ac
     sed -i -e 's,libsuricata_rust.a,libsuricata.a,' ${S}/configure.ac
+    # Address build configuration written to src/build-info.h
+    sed -i -e 's,\(| sed -e '\''s/^/"/'\''\)\( |\),\1 -e '\''s#${WORKDIR}#\\.#g'\''\2,' ${S}/configure.ac
     autotools_do_configure
 }
 
@@ -126,10 +128,6 @@  do_install () {
     sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${bindir}/suricatasc
     sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${bindir}/suricatactl
     sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${libdir}/suricata/python/suricata/sc/suricatasc.py
-    # The build process dumps config logs into the binary, remove them.
-    sed -i -e 's#${RECIPE_SYSROOT}##g' ${D}${bindir}/suricata
-    sed -i -e 's#${RECIPE_SYSROOT_NATIVE}##g' ${D}${bindir}/suricata
-    sed -i -e 's#CFLAGS.*##g' ${D}${bindir}/suricata
 }
 
 pkg_postinst_ontarget:${PN} () {
@@ -147,4 +145,3 @@  FILES:${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
 FILES:${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 
 CONFFILES:${PN} = "${sysconfdir}/suricata/suricata.yaml"
-INSANE_SKIP:${PN} = "already-stripped"