diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2019-12-27 10:43:27 +0800 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2019-12-30 23:10:43 -0500 |
commit | 6e18bc43d259c3322d76ef995655dc539a5eb5c2 (patch) | |
tree | 1dc0ade39ece896dae989c63f868c3588cb26746 | |
parent | 8ce3dccfda031a0a62d4e77da821436d23b09273 (diff) | |
download | meta-selinux-6e18bc43d259c3322d76ef995655dc539a5eb5c2.tar.gz |
audit: fix host contamination for swig
The audit build uses swig to generate a python wrapper. But there is a
hardcoded include directory in auditswig.i, which causes header files on
the host to be used when building. This will cause build error on some
old systems. e.g. on CentOS7 with buildtools:
audit_wrap.c: In function '_wrap_audit_rule_flags_set':
audit_wrap.c:5018:19: error: dereferencing pointer to incomplete type 'struct audit_rule'
5018 if (arg1) (arg1)->flags = arg2;
^~
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-rw-r--r-- | recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch | 57 | ||||
-rw-r--r-- | recipes-security/audit/audit_2.8.5.bb | 1 |
2 files changed, 58 insertions, 0 deletions
diff --git a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch new file mode 100644 index 0000000..7c26995 --- /dev/null +++ b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001 | ||
2 | From: Li xin <lixin.fnst@cn.fujitsu.com> | ||
3 | Date: Sun, 19 Jul 2015 02:42:58 +0900 | ||
4 | Subject: [PATCH] audit: Fixed swig host contamination issue | ||
5 | |||
6 | The audit build uses swig to generate a python wrapper. | ||
7 | Unfortunately, the swig info file references host include | ||
8 | directories. Some of these were previously noticed and | ||
9 | eliminated, but the one fixed here was not. | ||
10 | |||
11 | Upstream-Status: Inappropriate [embedded specific] | ||
12 | |||
13 | Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> | ||
14 | Signed-off-by: Joe Slater <jslater@windriver.com> | ||
15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
16 | --- | ||
17 | bindings/swig/python3/Makefile.am | 3 ++- | ||
18 | bindings/swig/src/auditswig.i | 2 +- | ||
19 | 2 files changed, 3 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am | ||
22 | index 9938418..fa46aac 100644 | ||
23 | --- a/bindings/swig/python3/Makefile.am | ||
24 | +++ b/bindings/swig/python3/Makefile.am | ||
25 | @@ -22,6 +22,7 @@ | ||
26 | CONFIG_CLEAN_FILES = *.loT *.rej *.orig | ||
27 | AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) | ||
28 | AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) | ||
29 | +STDINC ?= /usr/include | ||
30 | LIBS = $(top_builddir)/lib/libaudit.la | ||
31 | SWIG_FLAGS = -python -py3 -modern | ||
32 | SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) | ||
33 | @@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi | ||
34 | _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la | ||
35 | nodist__audit_la_SOURCES = audit_wrap.c | ||
36 | audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i | ||
37 | - swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i | ||
38 | + swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i | ||
39 | |||
40 | CLEANFILES = audit.py* audit_wrap.c *~ | ||
41 | |||
42 | diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i | ||
43 | index 7ebb373..424fb68 100644 | ||
44 | --- a/bindings/swig/src/auditswig.i | ||
45 | +++ b/bindings/swig/src/auditswig.i | ||
46 | @@ -39,7 +39,7 @@ signed | ||
47 | #define __attribute(X) /*nothing*/ | ||
48 | typedef unsigned __u32; | ||
49 | typedef unsigned uid_t; | ||
50 | -%include "/usr/include/linux/audit.h" | ||
51 | +%include "linux/audit.h" | ||
52 | #define __extension__ /*nothing*/ | ||
53 | #include <stdint.h> | ||
54 | %include "../lib/libaudit.h" | ||
55 | -- | ||
56 | 2.7.4 | ||
57 | |||
diff --git a/recipes-security/audit/audit_2.8.5.bb b/recipes-security/audit/audit_2.8.5.bb index 1e76d5f..ee3b3b5 100644 --- a/recipes-security/audit/audit_2.8.5.bb +++ b/recipes-security/audit/audit_2.8.5.bb | |||
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" | |||
9 | 9 | ||
10 | SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \ | 10 | SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \ |
11 | file://Add-substitue-functions-for-strndupa-rawmemchr.patch \ | 11 | file://Add-substitue-functions-for-strndupa-rawmemchr.patch \ |
12 | file://Fixed-swig-host-contamination-issue.patch \ | ||
12 | file://auditd \ | 13 | file://auditd \ |
13 | file://auditd.service \ | 14 | file://auditd.service \ |
14 | file://audit-volatile.conf \ | 15 | file://audit-volatile.conf \ |