From 7f53998bd3726c808abf8b0c4950e25db29d9ea2 Mon Sep 17 00:00:00 2001 From: P Dheeraj Srujan Kumar Date: Sat, 8 Jul 2023 03:35:27 +0530 Subject: Update to internal 1-1.11-1 Signed-off-by: P Dheeraj Srujan Kumar --- ...XATTR_NAME_CAPS-is-defined-when-it-is-use.patch | 32 +++++++++ ...ibcap-Raise-the-size-of-arrays-containing.patch | 34 ++++++++++ .../0002-tests-do-not-run-target-executables.patch | 30 ++++++++ .../recipes-support/libcap/libcap_2.69.bb | 79 ++++++++++++++++++++++ 4 files changed, 175 insertions(+) create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-support/libcap/libcap_2.69.bb (limited to 'meta-openbmc-mods/meta-common/recipes-support/libcap') diff --git a/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch b/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch new file mode 100644 index 000000000..05c771ac1 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch @@ -0,0 +1,32 @@ +Ensure the XATTR_NAME_CAPS is defined when it is used + +Upstream-Status: Pending + +VFS_CAP_U32 can not ensure that XATTR_NAME_CAPS is defined, and failed to build +libcap-native in old release, like CentOS release 6.7 (Final), with the blow +error: + cap_file.c: In function ‘cap_get_fd’: + cap_file.c:199: error: ‘XATTR_NAME_CAPS’ undeclared (first use in this function) + cap_file.c:199: error: (Each undeclared identifier is reported only once + +Signed-off-by: Roy Li +--- + libcap/cap_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcap/cap_file.c b/libcap/cap_file.c +index 40756ea..e27ca80 100644 +--- a/libcap/cap_file.c ++++ b/libcap/cap_file.c +@@ -25,7 +25,7 @@ extern int fremovexattr(int, const char *); + + #include "libcap.h" + +-#ifdef VFS_CAP_U32 ++#if defined (VFS_CAP_U32) && defined (XATTR_NAME_CAPS) + + #if VFS_CAP_U32 != __CAP_BLKS + # error VFS representation of capabilities is not the same size as kernel +-- +2.8.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch new file mode 100644 index 000000000..2ac1e6e56 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -0,0 +1,34 @@ +From 709aa8e156415215b0bb034d05b2aa2f44be044e Mon Sep 17 00:00:00 2001 +From: Hongxu Jia +Date: Thu, 14 Oct 2021 15:57:36 +0800 +Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl + paths + +This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings +and lengths as well as ld.so.cache path in the dynamic loader to specific +sections in memory. The sections that contain paths have been allocated a 4096 +byte section, which is the maximum path length in linux. This will allow the +relocating script to parse the ELF binary, detect the section and easily replace +the strings in a certain path. + +Upstream-Status: Inappropriate [SDK specific] + +Signed-off-by: Hongxu Jia + +--- + libcap/execable.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcap/execable.h b/libcap/execable.h +index fee17b4..5bb0c55 100644 +--- a/libcap/execable.h ++++ b/libcap/execable.h +@@ -23,7 +23,7 @@ + #endif + #define __EXECABLE_H + +-const char __execable_dl_loader[] __attribute((section(".interp"))) = ++const char __execable_dl_loader[4096] __attribute((section(".interp"))) = + SHARED_LOADER ; + + static void __execable_parse_args(int *argc_p, char ***argv_p) diff --git a/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch new file mode 100644 index 000000000..20346cf2f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch @@ -0,0 +1,30 @@ +From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Fri, 20 Dec 2019 16:54:05 +0100 +Subject: [PATCH] tests: do not run target executables + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin + +--- + tests/Makefile | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tests/Makefile b/tests/Makefile +index ecb7d1b..8950c73 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -61,13 +61,11 @@ endif + + # unprivileged + run_psx_test: psx_test +- ./psx_test + + psx_test: psx_test.c $(DEPS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) + + run_libcap_psx_test: libcap_psx_test +- ./libcap_psx_test + + libcap_psx_test: libcap_psx_test.c $(DEPS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) diff --git a/meta-openbmc-mods/meta-common/recipes-support/libcap/libcap_2.69.bb b/meta-openbmc-mods/meta-common/recipes-support/libcap/libcap_2.69.bb new file mode 100644 index 000000000..92fa766d3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-support/libcap/libcap_2.69.bb @@ -0,0 +1,79 @@ +SUMMARY = "Library for getting/setting POSIX.1e capabilities" +DESCRIPTION = "A library providing the API to access POSIX capabilities. \ +These allow giving various kinds of specific privileges to individual \ +users, without giving them full root permissions." +HOMEPAGE = "http://sites.google.com/site/fullycapable/" +# no specific GPL version required +LICENSE = "BSD-3-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=905326f41d3d1f8df21943f9a4ed6b50" +LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \ + " + +DEPENDS = "hostperl-runtime-native gperf-native" + +SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ + file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ + file://0002-tests-do-not-run-target-executables.patch \ + " +SRC_URI:append:class-nativesdk = " \ + file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ + " +SRC_URI[sha256sum] = "f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb" + +UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" + +inherit lib_package + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG:class-native ??= "" + +PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" + +EXTRA_OEMAKE = " \ + INDENT= \ + lib='${baselib}' \ + RAISE_SETFCAP=no \ + DYNAMIC=yes \ + USE_GPERF=yes \ +" + +EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" + +do_compile() { + unset CFLAGS BUILD_CFLAGS + oe_runmake \ + ${PACKAGECONFIG_CONFARGS} \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ + COPTS="${CFLAGS}" \ + BUILD_COPTS="${BUILD_CFLAGS}" +} + +do_install() { + oe_runmake install \ + ${PACKAGECONFIG_CONFARGS} \ + DESTDIR="${D}" \ + prefix="${prefix}" \ + SBINDIR="${sbindir}" +} + +do_install:append() { + # Move the library to base_libdir + install -d ${D}${base_libdir} + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mv ${D}${libdir}/libcap* ${D}${base_libdir} + if [ -d ${D}${libdir}/security ]; then + mv ${D}${libdir}/security ${D}${base_libdir} + fi + fi +} + +FILES:${PN}-dev += "${base_libdir}/*.so" + +# pam files +FILES:${PN} += "${base_libdir}/security/*.so" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3