From e3ef99a911ea52b05258678e41acdc925847990d Mon Sep 17 00:00:00 2001 From: Jate Sujjavanich Date: Sat, 27 Feb 2021 00:40:10 +0000 Subject: iputils: Fix cap_net_raw for installed binaries Add libcap-native to libcap PACKAGECONFIG making native setcap available during the build. This assures its availability during install and prevents meson from searching absolute paths and the resulting possible host contamination. Move -DNO_SETCAP_OR_SUID=true to the libcap PACKAGECONFIG negative case This will prevent possible non-determinism for the setuid case. (From OE-Core rev: 6b31f6b9a6a12a12d1d10b8634012e50ef778ec4) Signed-off-by: Jate Sujjavanich Signed-off-by: Richard Purdie --- meta/recipes-extended/iputils/iputils_s20200821.bb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb index 28dd194a12..e43abf2629 100644 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ b/meta/recipes-extended/iputils/iputils_s20200821.bb @@ -26,7 +26,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" PACKAGECONFIG ??= "libcap rarpd \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" +PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2" PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext" PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false," @@ -38,8 +38,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN inherit meson systemd update-alternatives -# Have to disable setcap/suid as its not deterministic -EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true" +EXTRA_OEMESON += "--prefix=${root_prefix}/" ALTERNATIVE_PRIORITY = "100" -- cgit v1.2.3-54-g00ecf