diff options
Diffstat (limited to 'meta/recipes-support/libcap')
| -rw-r--r-- | meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch | 34 | ||||
| -rw-r--r-- | meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch | 52 | ||||
| -rw-r--r-- | meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch | 10 | ||||
| -rw-r--r-- | meta/recipes-support/libcap/libcap_2.69.bb (renamed from meta/recipes-support/libcap/libcap_2.49.bb) | 47 |
4 files changed, 63 insertions, 80 deletions
diff --git a/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch new file mode 100644 index 0000000000..2ac1e6e560 --- /dev/null +++ b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -0,0 +1,34 @@ +From 709aa8e156415215b0bb034d05b2aa2f44be044e Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Thu, 14 Oct 2021 15:57:36 +0800 +Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl + paths + +This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings +and lengths as well as ld.so.cache path in the dynamic loader to specific +sections in memory. The sections that contain paths have been allocated a 4096 +byte section, which is the maximum path length in linux. This will allow the +relocating script to parse the ELF binary, detect the section and easily replace +the strings in a certain path. + +Upstream-Status: Inappropriate [SDK specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +--- + libcap/execable.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcap/execable.h b/libcap/execable.h +index fee17b4..5bb0c55 100644 +--- a/libcap/execable.h ++++ b/libcap/execable.h +@@ -23,7 +23,7 @@ + #endif + #define __EXECABLE_H + +-const char __execable_dl_loader[] __attribute((section(".interp"))) = ++const char __execable_dl_loader[4096] __attribute((section(".interp"))) = + SHARED_LOADER ; + + static void __execable_parse_args(int *argc_p, char ***argv_p) diff --git a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch deleted file mode 100644 index d2653afb75..0000000000 --- a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 15 Jan 2020 17:16:28 +0100 -Subject: [PATCH] tests: do not statically link a test - -This fails on e.g. centos 7 - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - progs/Makefile | 2 +- - tests/Makefile | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/progs/Makefile b/progs/Makefile -index 1d7fc7a..37db8f7 100644 ---- a/progs/Makefile -+++ b/progs/Makefile -@@ -42,7 +42,7 @@ endif - test: $(PROGS) - - tcapsh-static: capsh.c $(DEPS) -- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static -+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) - - sudotest: test tcapsh-static - sudo $(LDPATH) ./quicktest.sh -diff --git a/tests/Makefile b/tests/Makefile -index 01f7589..094ec57 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes) - DEPS += ../libcap/libpsx.so - endif - else --LDFLAGS += --static -+LDFLAGS += - DEPS=../libcap/libcap.a - ifeq ($(PTHREADS),yes) - DEPS += ../libcap/libpsx.a -@@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS) - - # This one runs in a chroot with no shared library files. - noop: noop.c -- $(CC) $(CFLAGS) $< -o $@ --static -+ $(CC) $(CFLAGS) $< -o $@ - - clean: - rm -f psx_test libcap_psx_test libcap_launch_test *~ --- -2.17.1 - diff --git a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch index 69287152eb..20346cf2fb 100644 --- a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch +++ b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch @@ -1,4 +1,4 @@ -From 652071e430d5eea758965176b7648e79ad404daa Mon Sep 17 00:00:00 2001 +From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 20 Dec 2019 16:54:05 +0100 Subject: [PATCH] tests: do not run target executables @@ -11,20 +11,20 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile -index fc39fee..3431df9 100644 +index ecb7d1b..8950c73 100644 --- a/tests/Makefile +++ b/tests/Makefile -@@ -59,13 +59,11 @@ endif +@@ -61,13 +61,11 @@ endif # unprivileged run_psx_test: psx_test - ./psx_test psx_test: psx_test.c $(DEPS) - $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) run_libcap_psx_test: libcap_psx_test - ./libcap_psx_test libcap_psx_test: libcap_psx_test.c $(DEPS) - $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) diff --git a/meta/recipes-support/libcap/libcap_2.49.bb b/meta/recipes-support/libcap/libcap_2.69.bb index 3f4a9256cf..92fa766d37 100644 --- a/meta/recipes-support/libcap/libcap_2.49.bb +++ b/meta/recipes-support/libcap/libcap_2.69.bb @@ -4,33 +4,29 @@ These allow giving various kinds of specific privileges to individual \ users, without giving them full root permissions." HOMEPAGE = "http://sites.google.com/site/fullycapable/" # no specific GPL version required -LICENSE = "BSD | GPLv2" -LIC_FILES_CHKSUM = "file://License;md5=e2370ba375efe9e1a095c26d37e483b8" +LICENSE = "BSD-3-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=905326f41d3d1f8df21943f9a4ed6b50" +LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \ + " DEPENDS = "hostperl-runtime-native gperf-native" SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ file://0002-tests-do-not-run-target-executables.patch \ - file://0001-tests-do-not-statically-link-a-test.patch \ " -SRC_URI[sha256sum] = "e98bc4d93645082ec787730b0fd1a712b38882465c505777de17c338831ee181" +SRC_URI:append:class-nativesdk = " \ + file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ + " +SRC_URI[sha256sum] = "f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" inherit lib_package -# do NOT pass target cflags to host compilations -# -do_configure() { - # libcap uses := for compilers, fortunately, it gives us a hint - # on what should be replaced with ?= - sed -e 's,:=,?=,g' -i Make.Rules - sed -e 's,^BUILD_CFLAGS ?= ,BUILD_CFLAGS := $(BUILD_CFLAGS) ,' -i Make.Rules -} - PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG_class-native ??= "" +PACKAGECONFIG:class-native ??= "" PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" @@ -39,16 +35,21 @@ EXTRA_OEMAKE = " \ lib='${baselib}' \ RAISE_SETFCAP=no \ DYNAMIC=yes \ - BUILD_GPERF=yes \ + USE_GPERF=yes \ " -EXTRA_OEMAKE_append_class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" - -# these are present in the libcap defaults, so include in our CFLAGS too -CFLAGS += "-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" do_compile() { - oe_runmake ${PACKAGECONFIG_CONFARGS} + unset CFLAGS BUILD_CFLAGS + oe_runmake \ + ${PACKAGECONFIG_CONFARGS} \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ + COPTS="${CFLAGS}" \ + BUILD_COPTS="${BUILD_CFLAGS}" } do_install() { @@ -59,7 +60,7 @@ do_install() { SBINDIR="${sbindir}" } -do_install_append() { +do_install:append() { # Move the library to base_libdir install -d ${D}${base_libdir} if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then @@ -70,9 +71,9 @@ do_install_append() { fi } -FILES_${PN}-dev += "${base_libdir}/*.so" +FILES:${PN}-dev += "${base_libdir}/*.so" # pam files -FILES_${PN} += "${base_libdir}/security/*.so" +FILES:${PN} += "${base_libdir}/security/*.so" BBCLASSEXTEND = "native nativesdk" |