diff options
| author | Akash Hadke <hadkeakash4@gmail.com> | 2022-10-21 15:12:11 +0200 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2022-10-21 09:57:59 -0700 |
| commit | 51a12d6e8e5c492a058aca82507438ef3402d36d (patch) | |
| tree | 2b3c685ca6071c8060bf0903b2f36ad74c2fd166 /meta-oe/recipes-security | |
| parent | cfac82c560e514333ebb1de772778554d1aca49c (diff) | |
| download | meta-openembedded-51a12d6e8e5c492a058aca82507438ef3402d36d.tar.gz | |
audit: Fix compile error for audit_2.8.5
Fix below compile errors
1. Fix build with linux 5.17+
audit errors out due to swig munging it does with kernel headers
| audit_wrap.c: In function '_wrap_audit_rule_data_buf_set':
| audit_wrap.c:4701:17: error: cast specifies array type
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4701:15: error: invalid use of flexible array member
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4703:15: error: invalid use of flexible array member
| 4703 | arg1->buf = 0;
| | ^
These errors are due to VLAIS from kernel headers, so we copy
linux/audit.h and make the needed change in local audit.h and make
needed arrangements in build to use it when building audit package
Take reference of upstream commit
ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+
Update 0002-Fixed-swig-host-contamination-issue.patch
2. Fix ipx.h missing file bug for kernel 5.15
ipx.h header file is removed in kernel 5.15
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/net?id=6c9b40844751ea30c72f7a2f92f4d704bc6b2927
which is causing below error for system with kernel equal and
higher than 5.15
| ../../git/auparse/interpret.c:48:10: fatal error: linux/ipx.h: No such file or directory
| 48 | #include <linux/ipx.h>
| | ^~~~~~~~~~~~~
Add below patch to fix this issue.
0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
Link: https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-security')
3 files changed, 78 insertions, 2 deletions
diff --git a/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch new file mode 100644 index 0000000000..054f50ab23 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch | |||
| @@ -0,0 +1,65 @@ | |||
| 1 | From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Steve Grubb <sgrubb@redhat.com> | ||
| 3 | Date: Thu, 2 Sep 2021 15:01:12 -0400 | ||
| 4 | Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header | ||
| 5 | file existing | ||
| 6 | |||
| 7 | Upstream-Status: Backport [https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch] | ||
| 8 | Comment: Remove one hunk from changelog file and refresh rest hunks as per codebase of audit_2.8.5 | ||
| 9 | Signed-off-by: Akash Hadke <akash.hadke@kpit.com> | ||
| 10 | --- | ||
| 11 | auparse/interpret.c | 8 ++++++-- | ||
| 12 | configure.ac | 6 ++++++ | ||
| 13 | 2 files changed, 12 insertions(+), 2 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/auparse/interpret.c b/auparse/interpret.c | ||
| 16 | index 63829aa0e..6c316456d 100644 | ||
| 17 | --- a/auparse/interpret.c 2022-10-14 11:22:20.833880000 +0200 | ||
| 18 | +++ b/auparse/interpret.c 2022-10-14 11:35:13.196455950 +0200 | ||
| 19 | @@ -44,8 +44,10 @@ | ||
| 20 | #include <linux/ax25.h> | ||
| 21 | #include <linux/atm.h> | ||
| 22 | #include <linux/x25.h> | ||
| 23 | -#include <linux/if.h> // FIXME: remove when ipx.h is fixed | ||
| 24 | -#include <linux/ipx.h> | ||
| 25 | +#ifdef HAVE_IPX_HEADERS | ||
| 26 | + #include <linux/if.h> // FIXME: remove when ipx.h is fixed | ||
| 27 | + #include <linux/ipx.h> | ||
| 28 | +#endif | ||
| 29 | #include <linux/capability.h> | ||
| 30 | #include <sys/personality.h> | ||
| 31 | #include <sys/prctl.h> | ||
| 32 | @@ -1158,6 +1160,7 @@ | ||
| 33 | x->sax25_call.ax25_call[6]); | ||
| 34 | } | ||
| 35 | break; | ||
| 36 | +#ifdef HAVE_IPX_HEADERS | ||
| 37 | case AF_IPX: | ||
| 38 | { | ||
| 39 | const struct sockaddr_ipx *ip = | ||
| 40 | @@ -1167,6 +1170,7 @@ | ||
| 41 | str, ip->sipx_port, ip->sipx_network); | ||
| 42 | } | ||
| 43 | break; | ||
| 44 | +#endif | ||
| 45 | case AF_ATMPVC: | ||
| 46 | { | ||
| 47 | const struct sockaddr_atmpvc* at = | ||
| 48 | diff --git a/configure.ac b/configure.ac | ||
| 49 | index 8f541e4c0..005eb0b5b 100644 | ||
| 50 | --- a/configure.ac 2022-10-14 11:22:20.833880000 +0200 | ||
| 51 | +++ b/configure.ac 2022-10-14 11:36:32.391044084 +0200 | ||
| 52 | @@ -414,6 +414,12 @@ | ||
| 53 | AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled ) | ||
| 54 | fi | ||
| 55 | |||
| 56 | +# linux/ipx.h - deprecated in 2018 | ||
| 57 | +AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no) | ||
| 58 | +if test $ipx_headers = yes ; then | ||
| 59 | + AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation]) | ||
| 60 | +fi | ||
| 61 | + | ||
| 62 | # See if we want to support lower capabilities for plugins | ||
| 63 | LIBCAP_NG_PATH | ||
| 64 | |||
| 65 | |||
diff --git a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch index 4a1b979975..39a090c83b 100644 --- a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch +++ b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch | |||
| @@ -13,6 +13,11 @@ Upstream-Status: Inappropriate [embedded specific] | |||
| 13 | Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> | 13 | Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> |
| 14 | Signed-off-by: Joe Slater <jslater@windriver.com> | 14 | Signed-off-by: Joe Slater <jslater@windriver.com> |
| 15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | 15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
| 16 | |||
| 17 | Comment: Refresh hunk from auditswig.i to fix build with linux 5.17+ | ||
| 18 | Reference-Commit: ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ | ||
| 19 | Signed-off-by: Akash Hadke <akash.hadke@kpit.com> | ||
| 20 | Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> | ||
| 16 | --- | 21 | --- |
| 17 | bindings/swig/python3/Makefile.am | 3 ++- | 22 | bindings/swig/python3/Makefile.am | 3 ++- |
| 18 | bindings/swig/src/auditswig.i | 2 +- | 23 | bindings/swig/src/auditswig.i | 2 +- |
| @@ -43,12 +48,12 @@ diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i | |||
| 43 | index 7ebb373..424fb68 100644 | 48 | index 7ebb373..424fb68 100644 |
| 44 | --- a/bindings/swig/src/auditswig.i | 49 | --- a/bindings/swig/src/auditswig.i |
| 45 | +++ b/bindings/swig/src/auditswig.i | 50 | +++ b/bindings/swig/src/auditswig.i |
| 46 | @@ -39,7 +39,7 @@ signed | 51 | @@ -39,7 +39,7 @@ |
| 47 | #define __attribute(X) /*nothing*/ | 52 | #define __attribute(X) /*nothing*/ |
| 48 | typedef unsigned __u32; | 53 | typedef unsigned __u32; |
| 49 | typedef unsigned uid_t; | 54 | typedef unsigned uid_t; |
| 50 | -%include "/usr/include/linux/audit.h" | 55 | -%include "/usr/include/linux/audit.h" |
| 51 | +%include "linux/audit.h" | 56 | +%include "../lib/audit.h" |
| 52 | #define __extension__ /*nothing*/ | 57 | #define __extension__ /*nothing*/ |
| 53 | #include <stdint.h> | 58 | #include <stdint.h> |
| 54 | %include "../lib/libaudit.h" | 59 | %include "../lib/libaudit.h" |
diff --git a/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-oe/recipes-security/audit/audit_2.8.5.bb index 347c855063..f846b27f90 100644 --- a/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ b/meta-oe/recipes-security/audit/audit_2.8.5.bb | |||
| @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintena | |||
| 14 | file://auditd \ | 14 | file://auditd \ |
| 15 | file://auditd.service \ | 15 | file://auditd.service \ |
| 16 | file://audit-volatile.conf \ | 16 | file://audit-volatile.conf \ |
| 17 | file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \ | ||
| 17 | " | 18 | " |
| 18 | 19 | ||
| 19 | S = "${WORKDIR}/git" | 20 | S = "${WORKDIR}/git" |
| @@ -72,6 +73,11 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" | |||
| 72 | CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" | 73 | CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" |
| 73 | RDEPENDS:auditd = "bash" | 74 | RDEPENDS:auditd = "bash" |
| 74 | 75 | ||
| 76 | do_configure:prepend() { | ||
| 77 | sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h | ||
| 78 | sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h | ||
| 79 | } | ||
| 80 | |||
| 75 | do_install:append() { | 81 | do_install:append() { |
| 76 | rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a | 82 | rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a |
| 77 | rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la | 83 | rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la |