3 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
index 1d03de09c8..5cf77fa0f6 100644
--- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -14,6 +14,8 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/"
 SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
           file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
           file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
+           file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \
+           file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \
           file://dhcpcd.service \
           file://dhcpcd@.service \
           "
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
new file mode 100644
index 0000000000..68ab93416a
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
@@ -0,0 +1,30 @@
+From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Fri, 26 Aug 2022 09:08:36 +0100
+Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc
+Fixes #120
+Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index b238644b..479a1d82 100644
+--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
+@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_getpid
+        SECCOMP_ALLOW(__NR_getpid),
+ #endif
+#ifdef __NR_getrandom
+       SECCOMP_ALLOW(__NR_getrandom),
+#endif
+ #ifdef __NR_getsockopt
+        /* For route socket overflow */
+        SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET),
+-- 
+2.17.1
diff --git a/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
new file mode 100644
index 0000000000..c5d2cba305
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
@@ -0,0 +1,31 @@
+From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001
+From: Roy Marples <roy@marples.name>
+Date: Fri, 26 Aug 2022 09:24:50 +0100
+Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well
+Allows newer glibc variants to work apparently.
+As reported in #84 and #89.
+Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/privsep-linux.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/src/privsep-linux.c b/src/privsep-linux.c
+index 479a1d82..6327b1bc 100644
+--- a/src/privsep-linux.c
+++ b/src/privsep-linux.c
+@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = {
+ #ifdef __NR_nanosleep
+        SECCOMP_ALLOW(__NR_nanosleep),  /* XXX should use ppoll instead */
+ #endif
+#ifdef __NR_newfstatat
+       SECCOMP_ALLOW(__NR_newfstatat),
+#endif
+ #ifdef __NR_ppoll
+        SECCOMP_ALLOW(__NR_ppoll),
+ #endif
+-- 
+2.17.1

diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb index 1d03de09c8..5cf77fa0f6 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -14,6 +14,8 @@ UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/"
14	SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \	14	SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
15	file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \	15	file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
16	file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \	16	file://0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch \
		17	file://0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch \
		18	file://0002-privsep-Allow-newfstatat-syscall-as-well.patch \
17	file://dhcpcd.service \	19	file://dhcpcd.service \
18	file://dhcpcd@.service \	20	file://dhcpcd@.service \
19	"	21	"


diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch new file mode 100644 index 0000000000..68ab93416a --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0001-privsep-Allow-getrandom-sysctl-for-newer-glibc.patch
@@ -0,0 +1,30 @@
		1	From c6cdf0aee71ab4126d36b045f02428ee3c6ec50b Mon Sep 17 00:00:00 2001
		2	From: Roy Marples <roy@marples.name>
		3	Date: Fri, 26 Aug 2022 09:08:36 +0100
		4	Subject: [PATCH 1/2] privsep: Allow getrandom sysctl for newer glibc
		5
		6	Fixes #120
		7
		8	Upstream-Status: Backport [c6cdf0aee71ab4126d36b045f02428ee3c6ec50b]
		9	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		10	---
		11	src/privsep-linux.c \| 3 +++
		12	1 file changed, 3 insertions(+)
		13
		14	diff --git a/src/privsep-linux.c b/src/privsep-linux.c
		15	index b238644b..479a1d82 100644
		16	--- a/src/privsep-linux.c
		17	+++ b/src/privsep-linux.c
		18	@@ -300,6 +300,9 @@ static struct sock_filter ps_seccomp_filter[] = {
		19	#ifdef __NR_getpid
		20	SECCOMP_ALLOW(__NR_getpid),
		21	#endif
		22	+#ifdef __NR_getrandom
		23	+ SECCOMP_ALLOW(__NR_getrandom),
		24	+#endif
		25	#ifdef __NR_getsockopt
		26	/* For route socket overflow */
		27	SECCOMP_ALLOW_ARG(__NR_getsockopt, 1, SOL_SOCKET),
		28	--
		29	2.17.1
		30


diff --git a/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch new file mode 100644 index 0000000000..c5d2cba305 --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/0002-privsep-Allow-newfstatat-syscall-as-well.patch
@@ -0,0 +1,31 @@
		1	From 7625a555797f587a89dc2447fd9d621024d5165c Mon Sep 17 00:00:00 2001
		2	From: Roy Marples <roy@marples.name>
		3	Date: Fri, 26 Aug 2022 09:24:50 +0100
		4	Subject: [PATCH 2/2] privsep: Allow newfstatat syscall as well
		5
		6	Allows newer glibc variants to work apparently.
		7	As reported in #84 and #89.
		8
		9	Upstream-Status: Backport [7625a555797f587a89dc2447fd9d621024d5165c]
		10	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		11	---
		12	src/privsep-linux.c \| 3 +++
		13	1 file changed, 3 insertions(+)
		14
		15	diff --git a/src/privsep-linux.c b/src/privsep-linux.c
		16	index 479a1d82..6327b1bc 100644
		17	--- a/src/privsep-linux.c
		18	+++ b/src/privsep-linux.c
		19	@@ -328,6 +328,9 @@ static struct sock_filter ps_seccomp_filter[] = {
		20	#ifdef __NR_nanosleep
		21	SECCOMP_ALLOW(__NR_nanosleep), /* XXX should use ppoll instead */
		22	#endif
		23	+#ifdef __NR_newfstatat
		24	+ SECCOMP_ALLOW(__NR_newfstatat),
		25	+#endif
		26	#ifdef __NR_ppoll
		27	SECCOMP_ALLOW(__NR_ppoll),
		28	#endif
		29	--
		30	2.17.1
		31