diff options
Diffstat (limited to 'meta-openembedded/meta-oe')
18 files changed, 331 insertions, 47 deletions
diff --git a/meta-openembedded/meta-oe/classes/image_types_sparse.bbclass b/meta-openembedded/meta-oe/classes/image_types_sparse.bbclass index af3879372..65d980fd9 100644 --- a/meta-openembedded/meta-oe/classes/image_types_sparse.bbclass +++ b/meta-openembedded/meta-oe/classes/image_types_sparse.bbclass @@ -1,16 +1,16 @@ inherit image_types CONVERSIONTYPES += "sparse" -CONVERSION_CMD:sparse() { - in="${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" - out="${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sparse" - case "${type}" in - ext*) - ext2simg "$in" "$out" - ;; - *) - img2simg "$in" "$out" - ;; - esac -} +CONVERSION_CMD:sparse = " \ + case "${type}" in \ + ext*) \ + ext2simg "${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" \ + "${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sparse" \ + ;; \ + *) \ + img2simg "${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}" \ + "${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.${type}.sparse" \ + ;; \ + esac \ +" CONVERSION_DEPENDS_sparse = "android-tools-native" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/iwd/iwd_1.15.bb b/meta-openembedded/meta-oe/recipes-connectivity/iwd/iwd_1.16.bb index bb7538739..6bace616a 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/iwd/iwd_1.15.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/iwd/iwd_1.16.bb @@ -8,7 +8,7 @@ DEPENDS = "ell" SRC_URI = "https://www.kernel.org/pub/linux/network/wireless/${BP}.tar.xz \ file://0001-build-Use-abs_top_srcdir-instead-of-abs_srcdir-for-e.patch \ " -SRC_URI[sha256sum] = "a7ab8e80592da5cb1a8b651b6d41e87e4507a3f07e04246e05bca89c547af659" +SRC_URI[sha256sum] = "af548398aea2089a3a5103e5586561f24791090a17d4b2e50785e2faab5ed03a" inherit autotools manpages pkgconfig python3native systemd diff --git a/meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb b/meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb index cffeeb6a0..a87de4583 100644 --- a/meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb +++ b/meta-openembedded/meta-oe/recipes-core/meta/distro-feed-configs.bb @@ -28,6 +28,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" # confs = [ ( "${sysconfdir}/opkg/%s-feed.conf" % feed ) for feed in archs ] # return " ".join( confs ) # -#CONFFILES_${PN} += '${@distro_feed_configs(d)}' +#CONFFILES:${PN} += '${@distro_feed_configs(d)}' CONFFILES:${PN} += '${@ " ".join( [ ( "${sysconfdir}/opkg/%s-feed.conf" % feed ) for feed in "all ${PACKAGE_EXTRA_ARCHS} ${MACHINE_ARCH}".split() ] ) }' diff --git a/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb b/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb index 47ee3099a..d46447d33 100644 --- a/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb +++ b/meta-openembedded/meta-oe/recipes-core/packagegroups/packagegroup-meta-oe.bb @@ -525,6 +525,7 @@ RDEPENDS:packagegroup-meta-oe-graphics ="\ ttf-gentium \ ttf-hunky-sans \ ttf-hunky-serif \ + ttf-ipa \ ttf-lohit \ ttf-inconsolata \ ttf-liberation-sans-narrow \ @@ -668,7 +669,6 @@ RDEPENDS:packagegroup-meta-oe-multimedia ="\ live555-examples \ live555-mediaserver \ libmikmod \ - opus-tools \ libmodplug \ sound-theme-freedesktop \ yavta \ diff --git a/meta-openembedded/meta-oe/recipes-devtools/geany/geany-plugins_1.37.bb b/meta-openembedded/meta-oe/recipes-devtools/geany/geany-plugins_1.37.bb index 10e51fa81..9a7053792 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/geany/geany-plugins_1.37.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/geany/geany-plugins_1.37.bb @@ -66,7 +66,7 @@ FILES:${PN}-commander = "${libdir}/geany/commander.so" EXTRA_OECONF += "--disable-debugger" #PLUGINS += "${PN}-debugger" #LIC_FILES_CHKSUM += "file://debugger/COPYING;md5=4325afd396febcb659c36b49533135d4" -#FILES_${PN}-debugger = "${libdir}/geany/debugger.so ${datadir}/${PN}/debugger" +#FILES:${PN}-debugger = "${libdir}/geany/debugger.so ${datadir}/${PN}/debugger" PLUGINS += "${PN}-defineformat" LIC_FILES_CHKSUM += "file://defineformat/COPYING;md5=751419260aa954499f7abaabaa882bbe" @@ -76,8 +76,8 @@ FILES:${PN}-defineformat = "${libdir}/geany/defineformat.so" EXTRA_OECONF += "--disable-devhelp" #PLUGINS += "${PN}-devhelp" #LIC_FILES_CHKSUM += "file://devhelp/COPYING;md5=d32239bcb673463ab874e80d47fae504" -#LICENSE_${PN}-devhelp = "GPLv3" -#FILES_${PN}-devhelp = "${libdir}/geany/devhelp.so" +#LICENSE:${PN}-devhelp = "GPLv3" +#FILES:${PN}-devhelp = "${libdir}/geany/devhelp.so" PLUGINS += "${PN}-geanyctags" LIC_FILES_CHKSUM += "file://geanyctags/COPYING;md5=c107cf754550e65755c42985a5d4e9c9" @@ -100,7 +100,7 @@ FILES:${PN}-geanyinsertnum = "${libdir}/geany/geanyinsertnum.so" EXTRA_OECONF += "--disable-geanylua" #PLUGINS += "${PN}-geanylua" #LIC_FILES_CHKSUM += "file://geanylua/COPYING;md5=4325afd396febcb659c36b49533135d4" -#FILES_${PN}-geanylua = "${libdir}/geany/geanylua.so ${libdir}/${PN}/geanylua/*.so" +#FILES:${PN}-geanylua = "${libdir}/geany/geanylua.so ${libdir}/${PN}/geanylua/*.so" PLUGINS += "${PN}-geanymacro" LIC_FILES_CHKSUM += "file://geanymacro/COPYING;md5=c107cf754550e65755c42985a5d4e9c9" @@ -125,7 +125,7 @@ FILES:${PN}-geanyprj = "${libdir}/geany/geanyprj.so" #PLUGINS += "${PN}-geanypy" #LIC_FILES_CHKSUM += "file://geanypy/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -#FILES_${PN}-geanypy = "${libdir}/geany/geanypy.so" +#FILES:${PN}-geanypy = "${libdir}/geany/geanypy.so" PLUGINS += "${PN}-geanyvc" LIC_FILES_CHKSUM += "file://geanyvc/COPYING;md5=c107cf754550e65755c42985a5d4e9c9" @@ -160,13 +160,13 @@ FILES:${PN}-lipsum = "${libdir}/geany/lipsum.so" EXTRA_OECONF += "--disable-peg-markdown" #PLUGINS += "${PN}-markdown" #LIC_FILES_CHKSUM += "file://markdown/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -#FILES_${PN}-markdown = "${libdir}/geany/markdown.so" +#FILES:${PN}-markdown = "${libdir}/geany/markdown.so" # | checking whether the GTK version in use is compatible with plugin multiterm... no EXTRA_OECONF += "--disable-multiterm" #PLUGINS += "${PN}-multiterm" #LIC_FILES_CHKSUM += "file://multiterm/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -#FILES_${PN}-multiterm = "${libdir}/geany/multiterm.so" +#FILES:${PN}-multiterm = "${libdir}/geany/multiterm.so" PLUGINS += "${PN}-overview" LIC_FILES_CHKSUM += "file://overview/overview/overviewplugin.c;beginline=4;endline=20;md5=1aa33522916cdeb46cccac0c629da0d0" @@ -226,8 +226,8 @@ FILES:${PN}-vimode = "${libdir}/geany/vimode.so" EXTRA_OECONF += " --disable-webhelper" #PLUGINS += "${PN}-webhelper" #LIC_FILES_CHKSUM += "file://webhelper/COPYING;md5=d32239bcb673463ab874e80d47fae504" -#LICENSE_${PN}-webhelper = "GPLv3" -#FILES_${PN}-webhelper = "${libdir}/geany/webhelper.so" +#LICENSE:${PN}-webhelper = "GPLv3" +#FILES:${PN}-webhelper = "${libdir}/geany/webhelper.so" PLUGINS += "${PN}-workbench" LIC_FILES_CHKSUM += "file://workbench/COPYING;md5=c107cf754550e65755c42985a5d4e9c9" diff --git a/meta-openembedded/meta-oe/recipes-devtools/jemalloc/files/0001-Makefile.in-make-sure-doc-generated-before-install.patch b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/files/0001-Makefile.in-make-sure-doc-generated-before-install.patch new file mode 100644 index 000000000..0a1fe6d76 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/files/0001-Makefile.in-make-sure-doc-generated-before-install.patch @@ -0,0 +1,42 @@ +From 1efb45330f5dbe475a092cda6982e6d7e135485a Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Tue, 10 Aug 2021 13:02:18 +0000 +Subject: [PATCH] Makefile.in: make sure doc generated before install + +There is a race between the doc generation and the doc installation, +so make the install depend on the build for doc to fix the error occurs +sometimes as below: + | TOPDIR/tmp-glibc/hosttools/install: cannot stat 'doc/jemalloc.3': No such file or directory + | make: *** [Makefile:513: install_doc_man] Error 1 + +Upstream-Status: Submitted [https://github.com/jemalloc/jemalloc/pull/2108] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + Makefile.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 7128b007..ab94f0c8 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -501,14 +501,14 @@ install_lib: install_lib_static + endif + install_lib: install_lib_pc + +-install_doc_html: ++install_doc_html: build_doc_html + $(INSTALL) -d $(DATADIR)/doc/jemalloc$(install_suffix) + @for d in $(DOCS_HTML); do \ + echo "$(INSTALL) -m 644 $$d $(DATADIR)/doc/jemalloc$(install_suffix)"; \ + $(INSTALL) -m 644 $$d $(DATADIR)/doc/jemalloc$(install_suffix); \ + done + +-install_doc_man: ++install_doc_man: build_doc_man + $(INSTALL) -d $(MANDIR)/man3 + @for d in $(DOCS_MAN3); do \ + echo "$(INSTALL) -m 644 $$d $(MANDIR)/man3"; \ +-- +2.29.2 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/jemalloc/files/run-ptest b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/files/run-ptest new file mode 100644 index 000000000..b351f947e --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/files/run-ptest @@ -0,0 +1,21 @@ +#!/bin/sh + +saved_dir=$PWD +for dir in tests/* ; do + cd $dir + for atest in * ; do + if [ \( -x $atest \) -a \( -f $atest \) ] ; then + rm -rf tests.log + ./$atest > tests.log 2>&1 + sed -e '/: pass/ s/^/PASS: /g' \ + -e '/: skip/ s/^/SKIP: /g' \ + -e '/: fail/ s/^/FAIL: /g' \ + -e 's/: pass//g' \ + -e 's/: skip//g' \ + -e 's/: fail//g' \ + -e '/^--- pass:/d' tests.log + fi + done + cd $saved_dir +done + diff --git a/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.2.1.bb b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.2.1.bb index 39637663f..b5d53bb11 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.2.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/jemalloc/jemalloc_5.2.1.bb @@ -13,14 +13,31 @@ SECTION = "libs" LIC_FILES_CHKSUM = "file://README;md5=6900e4a158982e4c4715bf16aa54fa10" -SRC_URI = "git://github.com/jemalloc/jemalloc.git" +SRC_URI = "git://github.com/jemalloc/jemalloc.git \ + file://0001-Makefile.in-make-sure-doc-generated-before-install.patch \ + file://run-ptest \ +" SRCREV = "ea6b3e973b477b8061e0076bb257dbd7f3faa756" S = "${WORKDIR}/git" -inherit autotools +inherit autotools ptest EXTRA_AUTORECONF += "--exclude=autoheader" EXTRA_OECONF:append:libc-musl = " --with-jemalloc-prefix=je_" + +do_compile_ptest() { + oe_runmake tests +} + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + subdirs="test/unit test/integration test/stress " + for tooltest in ${subdirs} + do + cp -r ${B}/${tooltest} ${D}${PTEST_PATH}/tests + done + find ${D}${PTEST_PATH}/tests \( -name "*.d" -o -name "*.o" \) -exec rm -f {} \; +} diff --git a/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb b/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb index 2a52dd688..2ce669154 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/ldns/ldns_1.7.1.bb @@ -16,3 +16,10 @@ PACKAGECONFIG[drill] = "--with-drill,--without-drill" EXTRA_OECONF = "--with-ssl=${STAGING_EXECPREFIXDIR} \ libtool=${TARGET_PREFIX}libtool" + +do_install:append() { + sed -e 's@[^ ]*-ffile-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \ + -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \ + -i ${D}${libdir}/pkgconfig/*.pc +} diff --git a/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch b/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch new file mode 100644 index 000000000..b41bbe0a5 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl/CVE-2014-10402.patch @@ -0,0 +1,56 @@ +Backport patch to fix CVE-2014-10402. + +CVE: CVE-2014-10402 +Upstream-Status: Backport [https://github.com/rehsack/dbi/commit/19d0fb1] + +Ref: +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972180#12 + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + + +From 19d0fb169eed475e1c053e99036b8668625cfa94 Mon Sep 17 00:00:00 2001 +From: Jens Rehsack <sno@netbsd.org> +Date: Tue, 6 Oct 2020 10:22:17 +0200 +Subject: [PATCH] lib/DBD/File.pm: fix CVE-2014-10401 + +Dig into the root cause of RT#99508 - which resulted in CVE-2014-10401 - and +figure out that DBI->parse_dsn is the wrong helper to parse our attributes in +DSN, since in DBD::dr::connect only the "dbname" remains from DSN which causes +parse_dsn to bailout. + +Parsing on our own similar to parse_dsn shows the way out. + +Signed-off-by: Jens Rehsack <sno@netbsd.org> +--- + lib/DBD/File.pm | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/DBD/File.pm b/lib/DBD/File.pm +index fb14e9a..f55076f 100644 +--- a/lib/DBD/File.pm ++++ b/lib/DBD/File.pm +@@ -109,7 +109,11 @@ sub connect + # We do not (yet) care about conflicting attributes here + # my $dbh = DBI->connect ("dbi:CSV:f_dir=test", undef, undef, { f_dir => "text" }); + # will test here that both test and text should exist +- if (my $attr_hash = (DBI->parse_dsn ($dbname))[3]) { ++ # ++ # Parsing on our own similar to parse_dsn to find attributes in 'dbname' parameter. ++ if ($dbname) { ++ my @attrs = split /;/ => $dbname; ++ my $attr_hash = { map { split /\s*=>?\s*|\s*,\s*/, $_} @attrs }; + if (defined $attr_hash->{f_dir} && ! -d $attr_hash->{f_dir}) { + my $msg = "No such directory '$attr_hash->{f_dir}"; + $drh->set_err (2, $msg); +@@ -120,7 +124,6 @@ sub connect + if ($attr and defined $attr->{f_dir} && ! -d $attr->{f_dir}) { + my $msg = "No such directory '$attr->{f_dir}"; + $drh->set_err (2, $msg); +- $attr->{RaiseError} and croak $msg; + return; + } + +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb b/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb index 311cf2730..b21418298 100644 --- a/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb +++ b/meta-openembedded/meta-oe/recipes-devtools/perl/libdbi-perl_1.643.bb @@ -9,7 +9,9 @@ SECTION = "libs" LICENSE = "Artistic-1.0 | GPL-1.0+" LIC_FILES_CHKSUM = "file://LICENSE;md5=10982c7148e0a012c0fd80534522f5c5" -SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz" +SRC_URI = "http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-${PV}.tar.gz \ + file://CVE-2014-10402.patch \ + " SRC_URI[md5sum] = "352f80b1e23769c116082a90905d7398" SRC_URI[sha256sum] = "8a2b993db560a2c373c174ee976a51027dd780ec766ae17620c20393d2e836fa" diff --git a/meta-openembedded/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb b/meta-openembedded/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb index f1e994863..70e1a47f0 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/dnfdragora/dnfdragora_git.bb @@ -17,7 +17,7 @@ S = "${WORKDIR}/git" inherit cmake gettext pkgconfig python3-dir python3native distutils3-base mime-xdg DEPENDS += "dnf python3 " -#DEPENDS_class-nativesdk += "nativesdk-python3" +#DEPENDS:class-nativesdk += "nativesdk-python3" RDEPENDS:${PN}:class-target = " python3-core libyui libyui-ncurses " diff --git a/meta-openembedded/meta-oe/recipes-graphics/ttf-fonts/ttf-ipa_003.03.01.bb b/meta-openembedded/meta-oe/recipes-graphics/ttf-fonts/ttf-ipa_003.03.01.bb new file mode 100644 index 000000000..89c48d5fe --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/ttf-fonts/ttf-ipa_003.03.01.bb @@ -0,0 +1,21 @@ +require ttf.inc + +SUMMARY = "Ipa fonts - TTF Version" +HOMEPAGE = "https://moji.or.jp/ipafont" +LICENSE = "IPA" +LICENSE_URL = "https://moji.or.jp/ipafont/license/" +LIC_FILES_CHKSUM = "file://IPA_Font_License_Agreement_v1.0.txt;md5=6cd3351ba979cf9db1fad644e8221276 \ +" +SRC_URI = "https://moji.or.jp/wp-content/ipafont/IPAfont/IPAfont00303.zip " + +SRC_URI[sha256sum] = "f755ed79a4b8e715bed2f05a189172138aedf93db0f465b4e20c344a02766fe5" + +S = "${WORKDIR}/IPAfont00303" + +PACKAGES = "ttf-ipag ttf-ipagp ttf-ipam ttf-ipamp" +FONT_PACKAGES = "ttf-ipag ttf-ipagp ttf-ipam ttf-ipamp" + +FILES:ttf-ipag = "${datadir}/fonts/truetype/ipag.ttf" +FILES:ttf-ipagp = "${datadir}/fonts/truetype/ipagp.ttf" +FILES:ttf-ipam = "${datadir}/fonts/truetype/ipam.ttf" +FILES:ttf-ipamp = "${datadir}/fonts/truetype/ipamp.ttf" diff --git a/meta-openembedded/meta-oe/recipes-multimedia/opus-tools/opus-tools_0.1.8.bb b/meta-openembedded/meta-oe/recipes-multimedia/opus-tools/opus-tools_0.1.8.bb deleted file mode 100644 index a84f2bf07..000000000 --- a/meta-openembedded/meta-oe/recipes-multimedia/opus-tools/opus-tools_0.1.8.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "Opus Audio Tools" -HOMEPAGE = "http://www.opus-codec.org/" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=843a066da9f1facfcc6ea6f616ffecb1" - -SRC_URI = "http://downloads.xiph.org/releases/opus/opus-tools-${PV}.tar.gz" -SRC_URI[md5sum] = "b424790eda9357a4df394e2d7ca19eac" -SRC_URI[sha256sum] = "e4e188579ea1c4e4d5066460d4a7214a7eafe3539e9a4466fdc98af41ba4a2f6" - -S = "${WORKDIR}/opus-tools-${PV}" - -DEPENDS = "libopus flac" - -inherit autotools pkgconfig diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch new file mode 100644 index 000000000..e55093d1a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch @@ -0,0 +1,132 @@ +From 759318f11352d01b45bbab62c7bf0a53fb781083 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Tue, 10 Aug 2021 11:27:16 -0400 +Subject: [PATCH] flush uid/gid caches when user/group added/deleted/modified + +It was reported in issue #209 that in the enriched format that auditd +is creating the wrong account associations. This is due to caching +previous lookups. The fix is to monitor for account lifecycle changes +and flush the LRUs if any are seen. + +Upstream-Status: Backport +[https://github.com/linux-audit/audit-userspace/commit/8662f61108f8b9365f96ef49ca8ca331a7880f24] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + auparse/auparse-idata.h | 3 ++- + auparse/interpret.c | 12 ++++++++++++ + src/auditd-event.c | 27 +++++++++++++++++++++++++-- + 3 files changed, 39 insertions(+), 3 deletions(-) + +diff --git a/auparse/auparse-idata.h b/auparse/auparse-idata.h +index 660901a..eaca86a 100644 +--- a/auparse/auparse-idata.h ++++ b/auparse/auparse-idata.h +@@ -1,6 +1,6 @@ + /* + * idata.h - Header file for ausearch-lookup.c +-* Copyright (c) 2013,2016-17 Red Hat Inc., Durham, North Carolina. ++* Copyright (c) 2013,2016-17,2021 Red Hat Inc. + * All Rights Reserved. + * + * This library is free software; you can redistribute it and/or +@@ -45,6 +45,7 @@ char *auparse_do_interpretation(int type, const idata *id, + void _auparse_load_interpretations(const char *buf); + void _auparse_free_interpretations(void); + const char *_auparse_lookup_interpretation(const char *name); ++void _auparse_flush_caches(void); + + #endif + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index 046867b..eef377a 100644 +--- a/auparse/interpret.c ++++ b/auparse/interpret.c +@@ -653,6 +653,18 @@ void aulookup_destroy_gid_list(void) + gid_cache_created = 0; + } + ++void _auparse_flush_caches(void) ++{ ++ if (uid_cache_created) { ++ destroy_lru(uid_cache); ++ uid_cache_created = 0; ++ } ++ if (gid_cache_created) { ++ destroy_lru(gid_cache); ++ gid_cache_created = 0; ++ } ++} ++ + static const char *print_uid(const char *val, unsigned int base) + { + int uid; +diff --git a/src/auditd-event.c b/src/auditd-event.c +index cb29fee..3655726 100644 +--- a/src/auditd-event.c ++++ b/src/auditd-event.c +@@ -42,6 +42,7 @@ + #include "libaudit.h" + #include "private.h" + #include "auparse.h" ++#include "auparse-idata.h" + + /* This is defined in auditd.c */ + extern volatile int stop; +@@ -56,7 +57,7 @@ static void do_space_left_action(int admin); + static void do_disk_full_action(void); + static void do_disk_error_action(const char *func, int err); + static void fix_disk_permissions(void); +-static void check_excess_logs(void); ++static void check_excess_logs(void); + static void rotate_logs_now(void); + static void rotate_logs(unsigned int num_logs, unsigned int keep_logs); + static void shift_logs(void); +@@ -394,7 +395,7 @@ static const char *format_enrich(const struct audit_reply *rep) + snprintf(format_buf, MAX_AUDIT_MESSAGE_LENGTH, + "type=DAEMON_ERR op=format-enriched msg=NULL res=failed"); + } else { +- int rc; ++ int rc, rtype; + size_t mlen, len; + char *message; + // Do raw format to get event started +@@ -427,6 +428,17 @@ static const char *format_enrich(const struct audit_reply *rep) + + // Loop over all fields while possible to add field + rc = auparse_first_record(au); ++ rtype = auparse_get_type(au); ++ switch (rtype) ++ { // Flush before adding to pickup new associations ++ case AUDIT_ADD_USER: ++ case AUDIT_ADD_GROUP: ++ _auparse_flush_caches(); ++ break; ++ default: ++ break; ++ } ++ + while (rc > 0 && len > MIN_SPACE_LEFT) { + // See what kind of field we have + size_t vlen; +@@ -454,6 +466,17 @@ static const char *format_enrich(const struct audit_reply *rep) + rc = auparse_next_field(au); + } + ++ switch(rtype) ++ { // Flush after modification to remove stale entries ++ case AUDIT_USER_MGMT: ++ case AUDIT_DEL_USER: ++ case AUDIT_DEL_GROUP: ++ case AUDIT_GRP_MGMT: ++ _auparse_flush_caches(); ++ break; ++ default: ++ break; ++ } + free(message); + } + return format_buf; +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb index c30b97162..db550492e 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.4.bb @@ -9,13 +9,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \ file://Fixed-swig-host-contamination-issue.patch \ + file://0001-flush-uid-gid-caches-when-user-group-added-deleted-m.patch \ file://auditd \ file://auditd.service \ file://audit-volatile.conf \ " S = "${WORKDIR}/git" -SRCREV = "17c100abcfef4cbd94a0a5be9b830c8386c3add6" +SRCREV = "86a975cd96c3838e56be9d27262f8a36bb822634" inherit autotools python3native update-rc.d systemd diff --git a/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.22.04.bb b/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.22.04.bb index ac6c6db81..c4da5cd83 100644 --- a/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.22.04.bb +++ b/meta-openembedded/meta-oe/recipes-shells/tcsh/tcsh_6.22.04.bb @@ -20,7 +20,7 @@ EXTRA_OEMAKE += "CC_FOR_GETHOST='${BUILD_CC}'" inherit autotools do_compile:prepend() { - oe_runmake CC_FOR_GETHOST='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' gethost + oe_runmake CC_FOR_GETHOST='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' LDFLAGS='${BUILD_LDFLAGS}' gethost } do_install:append () { diff --git a/meta-openembedded/meta-oe/recipes-support/augeas/augeas.inc b/meta-openembedded/meta-oe/recipes-support/augeas/augeas.inc index 077a2db5e..d83ba493e 100644 --- a/meta-openembedded/meta-oe/recipes-support/augeas/augeas.inc +++ b/meta-openembedded/meta-oe/recipes-support/augeas/augeas.inc @@ -27,7 +27,7 @@ do_install:append() { rm -fr ${D}${datadir}/vim } -PACKAGECONFIG ??= "" -PACKAGECONFIG[libselinux] = "--with-selinux,--without-selinux,libselinux" +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" +PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" EXTRA_AUTORECONF += "-I ${S}/gnulib/m4" |