4 files changed, 66 insertions, 81 deletions
diff --git a/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
new file mode 100644
index 0000000000..2ac1e6e560
--- /dev/null
+++ b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch
@@ -0,0 +1,34 @@
+From 709aa8e156415215b0bb034d05b2aa2f44be044e Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Thu, 14 Oct 2021 15:57:36 +0800
+Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl
+ paths
+This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings
+and lengths as well as ld.so.cache path in the dynamic loader to specific
+sections in memory. The sections that contain paths have been allocated a 4096
+byte section, which is the maximum path length in linux. This will allow the
+relocating script to parse the ELF binary, detect the section and easily replace
+the strings in a certain path.
+Upstream-Status: Inappropriate [SDK specific]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ libcap/execable.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libcap/execable.h b/libcap/execable.h
+index fee17b4..5bb0c55 100644
+--- a/libcap/execable.h
+++ b/libcap/execable.h
+@@ -23,7 +23,7 @@
+ #endif
+ #define __EXECABLE_H
+ 
+-const char __execable_dl_loader[] __attribute((section(".interp"))) =
+const char __execable_dl_loader[4096] __attribute((section(".interp"))) =
+     SHARED_LOADER ;
+ 
+ static void __execable_parse_args(int *argc_p, char ***argv_p)
diff --git a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
deleted file mode 100644
index d2653afb75..0000000000
--- a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Wed, 15 Jan 2020 17:16:28 +0100
-Subject: [PATCH] tests: do not statically link a test
-This fails on e.g. centos 7
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
- progs/Makefile | 2 +-
- tests/Makefile | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/progs/Makefile b/progs/Makefile
-index 1d7fc7a..37db8f7 100644
--- a/progs/Makefile
-+++ b/progs/Makefile
-@@ -42,7 +42,7 @@ endif
- test: $(PROGS)
- 
- tcapsh-static: capsh.c $(DEPS)
-       $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static
-+       $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
- 
- sudotest: test tcapsh-static
-        sudo $(LDPATH) ./quicktest.sh
-diff --git a/tests/Makefile b/tests/Makefile
-index 01f7589..094ec57 100644
--- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes)
- DEPS += ../libcap/libpsx.so
- endif
- else
-LDFLAGS += --static
-+LDFLAGS +=
- DEPS=../libcap/libcap.a
- ifeq ($(PTHREADS),yes)
- DEPS +=  ../libcap/libpsx.a
-@@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS)
- 
- # This one runs in a chroot with no shared library files.
- noop: noop.c
-       $(CC) $(CFLAGS) $< -o $@ --static
-+       $(CC) $(CFLAGS) $< -o $@
- 
- clean:
-        rm -f psx_test libcap_psx_test libcap_launch_test *~
-- 
-2.17.1
diff --git a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
index 69287152eb..20346cf2fb 100644
--- a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
+++ b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch
@@ -1,4 +1,4 @@
-From 652071e430d5eea758965176b7648e79ad404daa Mon Sep 17 00:00:00 2001
+From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Fri, 20 Dec 2019 16:54:05 +0100
 Subject: [PATCH] tests: do not run target executables
@@ -11,20 +11,20 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 1 file changed, 2 deletions(-)
 diff --git a/tests/Makefile b/tests/Makefile
-index fc39fee..3431df9 100644
+index ecb7d1b..8950c73 100644
 --- a/tests/Makefile
 +++ b/tests/Makefile
-@@ -59,13 +59,11 @@ endif
+@@ -61,13 +61,11 @@ endif
 
 # unprivileged
 run_psx_test: psx_test
 -       ./psx_test
 
 psx_test: psx_test.c $(DEPS)
-        $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS)
+        $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB)
 
 run_libcap_psx_test: libcap_psx_test
 -       ./libcap_psx_test
 
 libcap_psx_test: libcap_psx_test.c $(DEPS)
-        $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+        $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB)
diff --git a/meta/recipes-support/libcap/libcap_2.48.bb b/meta/recipes-support/libcap/libcap_2.69.bb
index d8bbebdde1..92fa766d37 100644
--- a/meta/recipes-support/libcap/libcap_2.48.bb
+++ b/meta/recipes-support/libcap/libcap_2.69.bb
@@ -1,34 +1,32 @@
 SUMMARY = "Library for getting/setting POSIX.1e capabilities"
+DESCRIPTION = "A library providing the API to access POSIX capabilities. \
+These allow giving various kinds of specific privileges to individual \
+users, without giving them full root permissions."
 HOMEPAGE = "http://sites.google.com/site/fullycapable/"
 # no specific GPL version required
-LICENSE = "BSD | GPLv2"
+LICENSE = "BSD-3-Clause | GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://License;md5=3f84fd6f29d453a56514cb7e4ead25f1"
+LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=905326f41d3d1f8df21943f9a4ed6b50"
+LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \
+                    ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \
+                    "
 DEPENDS = "hostperl-runtime-native gperf-native"
 SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \
           file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \
           file://0002-tests-do-not-run-target-executables.patch \
-           file://0001-tests-do-not-statically-link-a-test.patch \
           "
-SRC_URI[sha256sum] = "4de9590ee09a87c282d558737ffb5b6175ccbfd26d580add10df44d0f047f6c2"
+SRC_URI:append:class-nativesdk = " \
+           file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \
+           "
+SRC_URI[sha256sum] = "f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb"
 UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/"
 inherit lib_package
-# do NOT pass target cflags to host compilations
-#
-do_configure() {
-        # libcap uses := for compilers, fortunately, it gives us a hint
-        # on what should be replaced with ?=
-        sed -e 's,:=,?=,g' -i Make.Rules
-        sed -e 's,^BUILD_CFLAGS ?= ,BUILD_CFLAGS := $(BUILD_CFLAGS) ,' -i Make.Rules
-}
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
-PACKAGECONFIG_class-native ??= ""
+PACKAGECONFIG:class-native ??= ""
 PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam"
@@ -37,16 +35,21 @@ EXTRA_OEMAKE = " \
  lib='${baselib}' \
  RAISE_SETFCAP=no \
  DYNAMIC=yes \
-  BUILD_GPERF=yes \
+  USE_GPERF=yes \
 "
-EXTRA_OEMAKE_append_class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}"
+EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}"
-# these are present in the libcap defaults, so include in our CFLAGS too
-CFLAGS += "-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
 do_compile() {
-        oe_runmake ${PACKAGECONFIG_CONFARGS}
+        unset CFLAGS BUILD_CFLAGS
+        oe_runmake \
+                ${PACKAGECONFIG_CONFARGS} \
+                AR="${AR}" \
+                CC="${CC}" \
+                RANLIB="${RANLIB}" \
+                OBJCOPY="${OBJCOPY}" \
+                COPTS="${CFLAGS}" \
+                BUILD_COPTS="${BUILD_CFLAGS}"
 }
 do_install() {
@@ -57,7 +60,7 @@ do_install() {
                SBINDIR="${sbindir}"
 }
-do_install_append() {
+do_install:append() {
        # Move the library to base_libdir
        install -d ${D}${base_libdir}
        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
@@ -68,9 +71,9 @@ do_install_append() {
        fi
 }
-FILES_${PN}-dev += "${base_libdir}/*.so"
+FILES:${PN}-dev += "${base_libdir}/*.so"
 # pam files
-FILES_${PN} += "${base_libdir}/security/*.so"
+FILES:${PN} += "${base_libdir}/security/*.so"
 BBCLASSEXTEND = "native nativesdk"