Date   

[meta-selinux][PATCH 07/17] libsemanage: upgrade to 3.1 (20200710)

Yi Zhao
 

* Drop obsolete patch:
libsemanage-drop-Wno-unused-but-set-variable.patch

* Refresh patch:
libsemanage-allow-to-disable-audit-support.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...anage-allow-to-disable-audit-support.patch | 12 ++++----
...age-drop-Wno-unused-but-set-variable.patch | 28 -------------------
...{libsemanage_3.0.bb => libsemanage_3.1.bb} | 7 ++---
3 files changed, 9 insertions(+), 38 deletions(-)
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
rename recipes-security/selinux/{libsemanage_3.0.bb => libsemanage_3.1.bb} (60%)

diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index c588b61..ff5cb00 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,4 +1,4 @@
-From 1633f72579e3b79d055759256b71e4169627889b Mon Sep 17 00:00:00 2001
+From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Mon, 20 Jan 2014 03:53:48 -0500
Subject: [PATCH] libsemanage: allow to disable audit support
@@ -13,11 +13,11 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/Makefile b/src/Makefile
-index 3bd1e20..483e818 100644
+index a0eb374..afc4437 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
- export LDFLAGS = -g
+ export LDFLAGS ?= -g
endif

+DISABLE_AUDIT ?= n
@@ -31,7 +31,7 @@ index 3bd1e20..483e818 100644
LEX = flex
LFLAGS = -s
YACC = bison
-@@ -88,7 +96,7 @@ $(LIBA): $(OBJS)
+@@ -89,7 +97,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@

$(LIBSO): $(LOBJS)
@@ -41,7 +41,7 @@ index 3bd1e20..483e818 100644

$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/src/seusers_local.c b/src/seusers_local.c
-index 3e2761c..8bc6b83 100644
+index 6508ec0..1b26956 100644
--- a/src/seusers_local.c
+++ b/src/seusers_local.c
@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
@@ -122,5 +122,5 @@ index 69f49a3..f914492 100644
OBJECTS = $(SOURCES:.c=.o)
POLICIES = $(CILS:.cil=.policy)
--
-2.7.4
+2.17.1

diff --git a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch b/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
deleted file mode 100644
index c9b052c..0000000
--- a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 90a2459d1683e53f4a896b977e6b396db562c903 Mon Sep 17 00:00:00 2001
-From: Randy MacLeod <Randy.MacLeod@windriver.com>
-Date: Tue, 30 Apr 2013 23:15:57 -0400
-Subject: [PATCH] libselinux: drop flag: -Wno-unused-but-set-variable
-
-Upstream-Status: Inappropriate [older compilers only]
-
-Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
----
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index e029f09..8240c3a 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
- LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
- CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
-
--SWIG_CFLAGS += -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow \
-+SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-shadow \
- -Wno-unused-parameter
-
- override CFLAGS += -I../include -D_GNU_SOURCE
---
-2.7.4
-
diff --git a/recipes-security/selinux/libsemanage_3.0.bb b/recipes-security/selinux/libsemanage_3.1.bb
similarity index 60%
rename from recipes-security/selinux/libsemanage_3.0.bb
rename to recipes-security/selinux/libsemanage_3.1.bb
index 450675b..8e6781f 100644
--- a/recipes-security/selinux/libsemanage_3.0.bb
+++ b/recipes-security/selinux/libsemanage_3.1.bb
@@ -1,14 +1,13 @@
-require selinux_20191204.inc
+require selinux_20200710.inc
require ${BPN}.inc

LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"

-SRC_URI[md5sum] = "17a2fc780af0a36f2cf27ab7c4e85946"
-SRC_URI[sha256sum] = "a497b0720d54eac427f1f3f618eed417e50ed8f4e47ed0f7a1d391bd416e84cf"
+SRC_URI[md5sum] = "d16eee8c1dc8cf43f59957d575d6bd29"
+SRC_URI[sha256sum] = "22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8"

SRC_URI += "\
file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
- file://libsemanage-drop-Wno-unused-but-set-variable.patch \
file://libsemanage-define-FD_CLOEXEC-as-necessary.patch \
file://libsemanage-allow-to-disable-audit-support.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
--
2.25.1


[meta-selinux][PATCH 06/17] libselinux-python: upgrade to 3.1 (20200710)

Yi Zhao
 

Refresh patches:
0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
0001-Makefile-fix-python-modules-install-path-for-multili.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...linux-python_3.0.bb => libselinux-python_3.1.bb} | 13 ++++++++-----
...-PYCEXT-and-rely-on-the-installed-file-nam.patch | 12 ++++++------
...ix-python-modules-install-path-for-multili.patch | 12 ++++++------
3 files changed, 20 insertions(+), 17 deletions(-)
rename recipes-security/selinux/{libselinux-python_3.0.bb => libselinux-python_3.1.bb} (66%)

diff --git a/recipes-security/selinux/libselinux-python_3.0.bb b/recipes-security/selinux/libselinux-python_3.1.bb
similarity index 66%
rename from recipes-security/selinux/libselinux-python_3.0.bb
rename to recipes-security/selinux/libselinux-python_3.1.bb
index 2b5438d..9493083 100644
--- a/recipes-security/selinux/libselinux-python_3.0.bb
+++ b/recipes-security/selinux/libselinux-python_3.1.bb
@@ -1,4 +1,4 @@
-SELINUX_RELEASE = "20191204"
+SELINUX_RELEASE = "20200710"

SRC_URI = "https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/libselinux-${PV}.tar.gz"

@@ -6,16 +6,19 @@ require ${BPN}.inc

LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"

-SRC_URI[md5sum] = "b387a66f087b6d97713570e85ec89d89"
-SRC_URI[sha256sum] = "2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433"
+SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
+SRC_URI[sha256sum] = "ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"

SRC_URI += "\
- file://libselinux-drop-Wno-unused-but-set-variable.patch \
file://libselinux-make-O_CLOEXEC-optional.patch \
file://libselinux-make-SOCK_CLOEXEC-optional.patch \
file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
- file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
"
+
+SRC_URI_append_libc-musl = " \
+ file://0001-libselinux-do-not-define-gettid-for-musl.patch \
+ "
+
S = "${WORKDIR}/libselinux-${PV}"
diff --git a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index b7cd59d..0fafcef 100644
--- a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -1,4 +1,4 @@
-From 0d4da8093bc2ef92b7c6f7fd1f4804f6ebc6cb56 Mon Sep 17 00:00:00 2001
+From 1542c79660484a2f2e24ee0593586dba35c3ad13 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Fri, 25 Oct 2019 13:37:14 +0200
Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,20 +27,20 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Makefile b/src/Makefile
-index a384a10..82adf82 100644
+index dcdeb10..da6f719 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
--PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
+-PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -175,7 +174,7 @@ install: all
+@@ -176,7 +175,7 @@ install: all
install-pywrap: pywrap
- $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR)
+ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
- ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
@@ -48,5 +48,5 @@ index a384a10..82adf82 100644
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
--
-2.24.1
+2.17.1

diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
index f0fee23..9dfd8d4 100644
--- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
+++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
@@ -1,4 +1,4 @@
-From 930514c1b93335ccf6d70adf46ca7e3f8183603d Mon Sep 17 00:00:00 2001
+From 41540f5c4e3552a2806097613f016d1a2fd4754a Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Mon, 13 Apr 2020 12:44:23 +0800
Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,18 +11,18 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Makefile b/src/Makefile
-index b0ce2c8..a384a10 100644
+index 190016e..dcdeb10 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -173,7 +173,7 @@ install: all
+@@ -174,7 +174,7 @@ install: all
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)

install-pywrap: pywrap
-- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR)
+- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS)
++ $(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)

--
-2.7.4
+2.17.1

--
2.25.1


[meta-selinux][PATCH 05/17] libselinux: upgrade to 3.1 (20200710)

Yi Zhao
 

Drop backported and obsolete patches:
0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
libselinux-drop-Wno-unused-but-set-variable.patch

Add patch to fix build on musl:
0001-libselinux-do-not-define-gettid-for-musl.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...ainst-musl-and-uClibc-libc-libraries.patch | 38 ---------------
...elinux-do-not-define-gettid-for-musl.patch | 47 +++++++++++++++++++
...nux-drop-Wno-unused-but-set-variable.patch | 26 ----------
recipes-security/selinux/libselinux_3.0.bb | 15 ------
recipes-security/selinux/libselinux_3.1.bb | 17 +++++++
5 files changed, 64 insertions(+), 79 deletions(-)
delete mode 100644 recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
create mode 100644 recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644 recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
delete mode 100644 recipes-security/selinux/libselinux_3.0.bb
create mode 100644 recipes-security/selinux/libselinux_3.1.bb

diff --git a/recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch b/recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
deleted file mode 100644
index 8308553..0000000
--- a/recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 61bfcbffce32be51d712040c3f84293b78428184 Mon Sep 17 00:00:00 2001
-From: Adam Duskett <Aduskett@gmail.com>
-Date: Tue, 7 Apr 2020 13:53:05 -0700
-Subject: [PATCH] Fix building against musl and uClibc libc libraries.
-
-Currently, the src/Makefile provides the FTS_LDLIBS when building against musl
-or uClibc. However, this is missing from utils/Makefile, which causes linking
-to fail.
-
-Add the FTS_LDLIBS variable to the LDLIBS variable in utils/Makefile to fix
-compiling against uClibc and musl.
-
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/aa40067b7b86d5e4c951fccae1aa98baff148613]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- utils/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utils/Makefile b/utils/Makefile
-index 3615063..a5632b7 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -45,7 +45,7 @@ endif
-
- override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
- override LDFLAGS += -L../src
--override LDLIBS += -lselinux
-+override LDLIBS += -lselinux $(FTS_LDLIBS)
- PCRE_LDLIBS ?= -lpcre
-
- ifeq ($(ANDROID_HOST),y)
---
-2.7.4
-
diff --git a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
new file mode 100644
index 0000000..5d6e409
--- /dev/null
+++ b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
@@ -0,0 +1,47 @@
+From 5f6f4a095bc82b29c3871d4d8a15d9c16cef39ef Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Wed, 6 Jan 2021 10:42:11 +0800
+Subject: [PATCH] libselinux: do not define gettid() for musl
+
+The musl has implemented gettid() function:
+http://git.musl-libc.org/cgit/musl/commit/?id=d49cf07541bb54a5ac7aec1feec8514db33db8ea
+
+Fixes:
+procattr.c:38:14: error: static declaration of 'gettid' follows non-static declaration
+ 38 | static pid_t gettid(void)
+ | ^~~~~~
+In file included from procattr.c:2:
+/build/tmp/work/core2-32-poky-linux-musl/libselinux/3.1-r0/recipe-sysroot/usr/include/unistd.h:194:7:
+note: previous declaration of 'gettid' was here
+ 194 | pid_t gettid(void);
+ | ^~~~~~
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/procattr.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/src/procattr.c b/src/procattr.c
+index 926ee54..519e515 100644
+--- a/src/procattr.c
++++ b/src/procattr.c
+@@ -24,13 +24,7 @@ static __thread char destructor_initialized;
+
+ /* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
+ * has a definition for it */
+-#ifdef __BIONIC__
+- #define OVERRIDE_GETTID 0
+-#elif !defined(__GLIBC_PREREQ)
+- #define OVERRIDE_GETTID 1
+-#elif !__GLIBC_PREREQ(2,30)
+- #define OVERRIDE_GETTID 1
+-#else
++#if !defined(__GLIBC_)
+ #define OVERRIDE_GETTID 0
+ #endif
+
+--
+2.17.1
+
diff --git a/recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch b/recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
deleted file mode 100644
index 688b4e3..0000000
--- a/recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 865b8c40b331235ce2c9df1fcbbb3876c9b79338 Mon Sep 17 00:00:00 2001
-From: Randy MacLeod <Randy.MacLeod@windriver.com>
-Date: Tue, 30 Apr 2013 17:28:34 -0400
-Subject: [PATCH] libselinux: drop flag: -Wno-unused-but-set-variable
-
-Upstream status: Inappropriate [older compilers only]
-
-Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
-
----
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index 2408fae..a89c0f7 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -96,7 +96,7 @@ PCRE_LDLIBS ?= -lpcre
-
- override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
-
--SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-but-set-variable -Wno-unused-parameter \
-+SWIG_CFLAGS += -Wno-error -Wno-unused-variable -Wno-unused-parameter \
- -Wno-shadow -Wno-uninitialized -Wno-missing-prototypes -Wno-missing-declarations
-
- RANLIB ?= ranlib
diff --git a/recipes-security/selinux/libselinux_3.0.bb b/recipes-security/selinux/libselinux_3.0.bb
deleted file mode 100644
index 05d2346..0000000
--- a/recipes-security/selinux/libselinux_3.0.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-
-SRC_URI[md5sum] = "b387a66f087b6d97713570e85ec89d89"
-SRC_URI[sha256sum] = "2ea2b30f671dae9d6b1391cbe8fb2ce5d36a3ee4fb1cd3c32f0d933c31b82433"
-
-SRC_URI += "\
- file://libselinux-drop-Wno-unused-but-set-variable.patch \
- file://libselinux-make-O_CLOEXEC-optional.patch \
- file://libselinux-make-SOCK_CLOEXEC-optional.patch \
- file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
- file://0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch \
- "
diff --git a/recipes-security/selinux/libselinux_3.1.bb b/recipes-security/selinux/libselinux_3.1.bb
new file mode 100644
index 0000000..9d1cda5
--- /dev/null
+++ b/recipes-security/selinux/libselinux_3.1.bb
@@ -0,0 +1,17 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
+
+SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
+SRC_URI[sha256sum] = "ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
+
+SRC_URI += "\
+ file://libselinux-make-O_CLOEXEC-optional.patch \
+ file://libselinux-make-SOCK_CLOEXEC-optional.patch \
+ file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
+ "
+
+SRC_URI_append_libc-musl = " \
+ file://0001-libselinux-do-not-define-gettid-for-musl.patch \
+ "
--
2.25.1


[meta-selinux][PATCH 04/17] libsepol: upgrade to 3.1 (20200710)

Yi Zhao
 

Drop backported patches:
0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...IL_KEY_-build-errors-with-fno-common.patch | 530 ------------------
...e-leftovers-of-cil_mem_error_handler.patch | 65 ---
recipes-security/selinux/libsepol_3.0.bb | 12 -
recipes-security/selinux/libsepol_3.1.bb | 8 +
4 files changed, 8 insertions(+), 607 deletions(-)
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
delete mode 100644 recipes-security/selinux/libsepol_3.0.bb
create mode 100644 recipes-security/selinux/libsepol_3.1.bb

diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
deleted file mode 100644
index 46c56a4..0000000
--- a/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
+++ /dev/null
@@ -1,530 +0,0 @@
-From a96e8c59ecac84096d870b42701a504791a8cc8c Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Thu, 23 Jan 2020 13:57:13 +0100
-Subject: [PATCH] libsepol: fix CIL_KEY_* build errors with -fno-common
-
-GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
-global variables to be defined only once in cil.c and declared in the
-header file correctly with the 'extern' keyword, so that other units
-including the file don't generate duplicate definitions.
-
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/a96e8c59ecac84096d870b42701a504791a8cc8c]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- cil/src/cil.c | 162 ++++++++++++++++
- cil/src/cil_internal.h | 322 ++++++++++++++++----------------
- 2 files changed, 323 insertions(+), 161 deletions(-)
-
-diff --git a/cil/src/cil.c b/cil/src/cil.c
-index de729cf8..d222ad3a 100644
---- a/cil/src/cil.c
-+++ b/cil/src/cil.c
-@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
- {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
- };
-
-+char *CIL_KEY_CONS_T1;
-+char *CIL_KEY_CONS_T2;
-+char *CIL_KEY_CONS_T3;
-+char *CIL_KEY_CONS_R1;
-+char *CIL_KEY_CONS_R2;
-+char *CIL_KEY_CONS_R3;
-+char *CIL_KEY_CONS_U1;
-+char *CIL_KEY_CONS_U2;
-+char *CIL_KEY_CONS_U3;
-+char *CIL_KEY_CONS_L1;
-+char *CIL_KEY_CONS_L2;
-+char *CIL_KEY_CONS_H1;
-+char *CIL_KEY_CONS_H2;
-+char *CIL_KEY_AND;
-+char *CIL_KEY_OR;
-+char *CIL_KEY_NOT;
-+char *CIL_KEY_EQ;
-+char *CIL_KEY_NEQ;
-+char *CIL_KEY_CONS_DOM;
-+char *CIL_KEY_CONS_DOMBY;
-+char *CIL_KEY_CONS_INCOMP;
-+char *CIL_KEY_CONDTRUE;
-+char *CIL_KEY_CONDFALSE;
-+char *CIL_KEY_SELF;
-+char *CIL_KEY_OBJECT_R;
-+char *CIL_KEY_STAR;
-+char *CIL_KEY_TCP;
-+char *CIL_KEY_UDP;
-+char *CIL_KEY_DCCP;
-+char *CIL_KEY_SCTP;
-+char *CIL_KEY_AUDITALLOW;
-+char *CIL_KEY_TUNABLEIF;
-+char *CIL_KEY_ALLOW;
-+char *CIL_KEY_DONTAUDIT;
-+char *CIL_KEY_TYPETRANSITION;
-+char *CIL_KEY_TYPECHANGE;
-+char *CIL_KEY_CALL;
-+char *CIL_KEY_TUNABLE;
-+char *CIL_KEY_XOR;
-+char *CIL_KEY_ALL;
-+char *CIL_KEY_RANGE;
-+char *CIL_KEY_GLOB;
-+char *CIL_KEY_FILE;
-+char *CIL_KEY_DIR;
-+char *CIL_KEY_CHAR;
-+char *CIL_KEY_BLOCK;
-+char *CIL_KEY_SOCKET;
-+char *CIL_KEY_PIPE;
-+char *CIL_KEY_SYMLINK;
-+char *CIL_KEY_ANY;
-+char *CIL_KEY_XATTR;
-+char *CIL_KEY_TASK;
-+char *CIL_KEY_TRANS;
-+char *CIL_KEY_TYPE;
-+char *CIL_KEY_ROLE;
-+char *CIL_KEY_USER;
-+char *CIL_KEY_USERATTRIBUTE;
-+char *CIL_KEY_USERATTRIBUTESET;
-+char *CIL_KEY_SENSITIVITY;
-+char *CIL_KEY_CATEGORY;
-+char *CIL_KEY_CATSET;
-+char *CIL_KEY_LEVEL;
-+char *CIL_KEY_LEVELRANGE;
-+char *CIL_KEY_CLASS;
-+char *CIL_KEY_IPADDR;
-+char *CIL_KEY_MAP_CLASS;
-+char *CIL_KEY_CLASSPERMISSION;
-+char *CIL_KEY_BOOL;
-+char *CIL_KEY_STRING;
-+char *CIL_KEY_NAME;
-+char *CIL_KEY_SOURCE;
-+char *CIL_KEY_TARGET;
-+char *CIL_KEY_LOW;
-+char *CIL_KEY_HIGH;
-+char *CIL_KEY_LOW_HIGH;
-+char *CIL_KEY_GLBLUB;
-+char *CIL_KEY_HANDLEUNKNOWN;
-+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
-+char *CIL_KEY_HANDLEUNKNOWN_DENY;
-+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
-+char *CIL_KEY_MACRO;
-+char *CIL_KEY_IN;
-+char *CIL_KEY_MLS;
-+char *CIL_KEY_DEFAULTRANGE;
-+char *CIL_KEY_BLOCKINHERIT;
-+char *CIL_KEY_BLOCKABSTRACT;
-+char *CIL_KEY_CLASSORDER;
-+char *CIL_KEY_CLASSMAPPING;
-+char *CIL_KEY_CLASSPERMISSIONSET;
-+char *CIL_KEY_COMMON;
-+char *CIL_KEY_CLASSCOMMON;
-+char *CIL_KEY_SID;
-+char *CIL_KEY_SIDCONTEXT;
-+char *CIL_KEY_SIDORDER;
-+char *CIL_KEY_USERLEVEL;
-+char *CIL_KEY_USERRANGE;
-+char *CIL_KEY_USERBOUNDS;
-+char *CIL_KEY_USERPREFIX;
-+char *CIL_KEY_SELINUXUSER;
-+char *CIL_KEY_SELINUXUSERDEFAULT;
-+char *CIL_KEY_TYPEATTRIBUTE;
-+char *CIL_KEY_TYPEATTRIBUTESET;
-+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
-+char *CIL_KEY_TYPEALIAS;
-+char *CIL_KEY_TYPEALIASACTUAL;
-+char *CIL_KEY_TYPEBOUNDS;
-+char *CIL_KEY_TYPEPERMISSIVE;
-+char *CIL_KEY_RANGETRANSITION;
-+char *CIL_KEY_USERROLE;
-+char *CIL_KEY_ROLETYPE;
-+char *CIL_KEY_ROLETRANSITION;
-+char *CIL_KEY_ROLEALLOW;
-+char *CIL_KEY_ROLEATTRIBUTE;
-+char *CIL_KEY_ROLEATTRIBUTESET;
-+char *CIL_KEY_ROLEBOUNDS;
-+char *CIL_KEY_BOOLEANIF;
-+char *CIL_KEY_NEVERALLOW;
-+char *CIL_KEY_TYPEMEMBER;
-+char *CIL_KEY_SENSALIAS;
-+char *CIL_KEY_SENSALIASACTUAL;
-+char *CIL_KEY_CATALIAS;
-+char *CIL_KEY_CATALIASACTUAL;
-+char *CIL_KEY_CATORDER;
-+char *CIL_KEY_SENSITIVITYORDER;
-+char *CIL_KEY_SENSCAT;
-+char *CIL_KEY_CONSTRAIN;
-+char *CIL_KEY_MLSCONSTRAIN;
-+char *CIL_KEY_VALIDATETRANS;
-+char *CIL_KEY_MLSVALIDATETRANS;
-+char *CIL_KEY_CONTEXT;
-+char *CIL_KEY_FILECON;
-+char *CIL_KEY_IBPKEYCON;
-+char *CIL_KEY_IBENDPORTCON;
-+char *CIL_KEY_PORTCON;
-+char *CIL_KEY_NODECON;
-+char *CIL_KEY_GENFSCON;
-+char *CIL_KEY_NETIFCON;
-+char *CIL_KEY_PIRQCON;
-+char *CIL_KEY_IOMEMCON;
-+char *CIL_KEY_IOPORTCON;
-+char *CIL_KEY_PCIDEVICECON;
-+char *CIL_KEY_DEVICETREECON;
-+char *CIL_KEY_FSUSE;
-+char *CIL_KEY_POLICYCAP;
-+char *CIL_KEY_OPTIONAL;
-+char *CIL_KEY_DEFAULTUSER;
-+char *CIL_KEY_DEFAULTROLE;
-+char *CIL_KEY_DEFAULTTYPE;
-+char *CIL_KEY_ROOT;
-+char *CIL_KEY_NODE;
-+char *CIL_KEY_PERM;
-+char *CIL_KEY_ALLOWX;
-+char *CIL_KEY_AUDITALLOWX;
-+char *CIL_KEY_DONTAUDITX;
-+char *CIL_KEY_NEVERALLOWX;
-+char *CIL_KEY_PERMISSIONX;
-+char *CIL_KEY_IOCTL;
-+char *CIL_KEY_UNORDERED;
-+char *CIL_KEY_SRC_INFO;
-+char *CIL_KEY_SRC_CIL;
-+char *CIL_KEY_SRC_HLL;
-+
- static void cil_init_keys(void)
- {
- /* Initialize CIL Keys into strpool */
-diff --git a/cil/src/cil_internal.h b/cil/src/cil_internal.h
-index 30fab649..9bdcbdd0 100644
---- a/cil/src/cil_internal.h
-+++ b/cil/src/cil_internal.h
-@@ -74,167 +74,167 @@ enum cil_pass {
- /*
- Keywords
- */
--char *CIL_KEY_CONS_T1;
--char *CIL_KEY_CONS_T2;
--char *CIL_KEY_CONS_T3;
--char *CIL_KEY_CONS_R1;
--char *CIL_KEY_CONS_R2;
--char *CIL_KEY_CONS_R3;
--char *CIL_KEY_CONS_U1;
--char *CIL_KEY_CONS_U2;
--char *CIL_KEY_CONS_U3;
--char *CIL_KEY_CONS_L1;
--char *CIL_KEY_CONS_L2;
--char *CIL_KEY_CONS_H1;
--char *CIL_KEY_CONS_H2;
--char *CIL_KEY_AND;
--char *CIL_KEY_OR;
--char *CIL_KEY_NOT;
--char *CIL_KEY_EQ;
--char *CIL_KEY_NEQ;
--char *CIL_KEY_CONS_DOM;
--char *CIL_KEY_CONS_DOMBY;
--char *CIL_KEY_CONS_INCOMP;
--char *CIL_KEY_CONDTRUE;
--char *CIL_KEY_CONDFALSE;
--char *CIL_KEY_SELF;
--char *CIL_KEY_OBJECT_R;
--char *CIL_KEY_STAR;
--char *CIL_KEY_TCP;
--char *CIL_KEY_UDP;
--char *CIL_KEY_DCCP;
--char *CIL_KEY_SCTP;
--char *CIL_KEY_AUDITALLOW;
--char *CIL_KEY_TUNABLEIF;
--char *CIL_KEY_ALLOW;
--char *CIL_KEY_DONTAUDIT;
--char *CIL_KEY_TYPETRANSITION;
--char *CIL_KEY_TYPECHANGE;
--char *CIL_KEY_CALL;
--char *CIL_KEY_TUNABLE;
--char *CIL_KEY_XOR;
--char *CIL_KEY_ALL;
--char *CIL_KEY_RANGE;
--char *CIL_KEY_GLOB;
--char *CIL_KEY_FILE;
--char *CIL_KEY_DIR;
--char *CIL_KEY_CHAR;
--char *CIL_KEY_BLOCK;
--char *CIL_KEY_SOCKET;
--char *CIL_KEY_PIPE;
--char *CIL_KEY_SYMLINK;
--char *CIL_KEY_ANY;
--char *CIL_KEY_XATTR;
--char *CIL_KEY_TASK;
--char *CIL_KEY_TRANS;
--char *CIL_KEY_TYPE;
--char *CIL_KEY_ROLE;
--char *CIL_KEY_USER;
--char *CIL_KEY_USERATTRIBUTE;
--char *CIL_KEY_USERATTRIBUTESET;
--char *CIL_KEY_SENSITIVITY;
--char *CIL_KEY_CATEGORY;
--char *CIL_KEY_CATSET;
--char *CIL_KEY_LEVEL;
--char *CIL_KEY_LEVELRANGE;
--char *CIL_KEY_CLASS;
--char *CIL_KEY_IPADDR;
--char *CIL_KEY_MAP_CLASS;
--char *CIL_KEY_CLASSPERMISSION;
--char *CIL_KEY_BOOL;
--char *CIL_KEY_STRING;
--char *CIL_KEY_NAME;
--char *CIL_KEY_SOURCE;
--char *CIL_KEY_TARGET;
--char *CIL_KEY_LOW;
--char *CIL_KEY_HIGH;
--char *CIL_KEY_LOW_HIGH;
--char *CIL_KEY_GLBLUB;
--char *CIL_KEY_HANDLEUNKNOWN;
--char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
--char *CIL_KEY_HANDLEUNKNOWN_DENY;
--char *CIL_KEY_HANDLEUNKNOWN_REJECT;
--char *CIL_KEY_MACRO;
--char *CIL_KEY_IN;
--char *CIL_KEY_MLS;
--char *CIL_KEY_DEFAULTRANGE;
--char *CIL_KEY_BLOCKINHERIT;
--char *CIL_KEY_BLOCKABSTRACT;
--char *CIL_KEY_CLASSORDER;
--char *CIL_KEY_CLASSMAPPING;
--char *CIL_KEY_CLASSPERMISSIONSET;
--char *CIL_KEY_COMMON;
--char *CIL_KEY_CLASSCOMMON;
--char *CIL_KEY_SID;
--char *CIL_KEY_SIDCONTEXT;
--char *CIL_KEY_SIDORDER;
--char *CIL_KEY_USERLEVEL;
--char *CIL_KEY_USERRANGE;
--char *CIL_KEY_USERBOUNDS;
--char *CIL_KEY_USERPREFIX;
--char *CIL_KEY_SELINUXUSER;
--char *CIL_KEY_SELINUXUSERDEFAULT;
--char *CIL_KEY_TYPEATTRIBUTE;
--char *CIL_KEY_TYPEATTRIBUTESET;
--char *CIL_KEY_EXPANDTYPEATTRIBUTE;
--char *CIL_KEY_TYPEALIAS;
--char *CIL_KEY_TYPEALIASACTUAL;
--char *CIL_KEY_TYPEBOUNDS;
--char *CIL_KEY_TYPEPERMISSIVE;
--char *CIL_KEY_RANGETRANSITION;
--char *CIL_KEY_USERROLE;
--char *CIL_KEY_ROLETYPE;
--char *CIL_KEY_ROLETRANSITION;
--char *CIL_KEY_ROLEALLOW;
--char *CIL_KEY_ROLEATTRIBUTE;
--char *CIL_KEY_ROLEATTRIBUTESET;
--char *CIL_KEY_ROLEBOUNDS;
--char *CIL_KEY_BOOLEANIF;
--char *CIL_KEY_NEVERALLOW;
--char *CIL_KEY_TYPEMEMBER;
--char *CIL_KEY_SENSALIAS;
--char *CIL_KEY_SENSALIASACTUAL;
--char *CIL_KEY_CATALIAS;
--char *CIL_KEY_CATALIASACTUAL;
--char *CIL_KEY_CATORDER;
--char *CIL_KEY_SENSITIVITYORDER;
--char *CIL_KEY_SENSCAT;
--char *CIL_KEY_CONSTRAIN;
--char *CIL_KEY_MLSCONSTRAIN;
--char *CIL_KEY_VALIDATETRANS;
--char *CIL_KEY_MLSVALIDATETRANS;
--char *CIL_KEY_CONTEXT;
--char *CIL_KEY_FILECON;
--char *CIL_KEY_IBPKEYCON;
--char *CIL_KEY_IBENDPORTCON;
--char *CIL_KEY_PORTCON;
--char *CIL_KEY_NODECON;
--char *CIL_KEY_GENFSCON;
--char *CIL_KEY_NETIFCON;
--char *CIL_KEY_PIRQCON;
--char *CIL_KEY_IOMEMCON;
--char *CIL_KEY_IOPORTCON;
--char *CIL_KEY_PCIDEVICECON;
--char *CIL_KEY_DEVICETREECON;
--char *CIL_KEY_FSUSE;
--char *CIL_KEY_POLICYCAP;
--char *CIL_KEY_OPTIONAL;
--char *CIL_KEY_DEFAULTUSER;
--char *CIL_KEY_DEFAULTROLE;
--char *CIL_KEY_DEFAULTTYPE;
--char *CIL_KEY_ROOT;
--char *CIL_KEY_NODE;
--char *CIL_KEY_PERM;
--char *CIL_KEY_ALLOWX;
--char *CIL_KEY_AUDITALLOWX;
--char *CIL_KEY_DONTAUDITX;
--char *CIL_KEY_NEVERALLOWX;
--char *CIL_KEY_PERMISSIONX;
--char *CIL_KEY_IOCTL;
--char *CIL_KEY_UNORDERED;
--char *CIL_KEY_SRC_INFO;
--char *CIL_KEY_SRC_CIL;
--char *CIL_KEY_SRC_HLL;
-+extern char *CIL_KEY_CONS_T1;
-+extern char *CIL_KEY_CONS_T2;
-+extern char *CIL_KEY_CONS_T3;
-+extern char *CIL_KEY_CONS_R1;
-+extern char *CIL_KEY_CONS_R2;
-+extern char *CIL_KEY_CONS_R3;
-+extern char *CIL_KEY_CONS_U1;
-+extern char *CIL_KEY_CONS_U2;
-+extern char *CIL_KEY_CONS_U3;
-+extern char *CIL_KEY_CONS_L1;
-+extern char *CIL_KEY_CONS_L2;
-+extern char *CIL_KEY_CONS_H1;
-+extern char *CIL_KEY_CONS_H2;
-+extern char *CIL_KEY_AND;
-+extern char *CIL_KEY_OR;
-+extern char *CIL_KEY_NOT;
-+extern char *CIL_KEY_EQ;
-+extern char *CIL_KEY_NEQ;
-+extern char *CIL_KEY_CONS_DOM;
-+extern char *CIL_KEY_CONS_DOMBY;
-+extern char *CIL_KEY_CONS_INCOMP;
-+extern char *CIL_KEY_CONDTRUE;
-+extern char *CIL_KEY_CONDFALSE;
-+extern char *CIL_KEY_SELF;
-+extern char *CIL_KEY_OBJECT_R;
-+extern char *CIL_KEY_STAR;
-+extern char *CIL_KEY_TCP;
-+extern char *CIL_KEY_UDP;
-+extern char *CIL_KEY_DCCP;
-+extern char *CIL_KEY_SCTP;
-+extern char *CIL_KEY_AUDITALLOW;
-+extern char *CIL_KEY_TUNABLEIF;
-+extern char *CIL_KEY_ALLOW;
-+extern char *CIL_KEY_DONTAUDIT;
-+extern char *CIL_KEY_TYPETRANSITION;
-+extern char *CIL_KEY_TYPECHANGE;
-+extern char *CIL_KEY_CALL;
-+extern char *CIL_KEY_TUNABLE;
-+extern char *CIL_KEY_XOR;
-+extern char *CIL_KEY_ALL;
-+extern char *CIL_KEY_RANGE;
-+extern char *CIL_KEY_GLOB;
-+extern char *CIL_KEY_FILE;
-+extern char *CIL_KEY_DIR;
-+extern char *CIL_KEY_CHAR;
-+extern char *CIL_KEY_BLOCK;
-+extern char *CIL_KEY_SOCKET;
-+extern char *CIL_KEY_PIPE;
-+extern char *CIL_KEY_SYMLINK;
-+extern char *CIL_KEY_ANY;
-+extern char *CIL_KEY_XATTR;
-+extern char *CIL_KEY_TASK;
-+extern char *CIL_KEY_TRANS;
-+extern char *CIL_KEY_TYPE;
-+extern char *CIL_KEY_ROLE;
-+extern char *CIL_KEY_USER;
-+extern char *CIL_KEY_USERATTRIBUTE;
-+extern char *CIL_KEY_USERATTRIBUTESET;
-+extern char *CIL_KEY_SENSITIVITY;
-+extern char *CIL_KEY_CATEGORY;
-+extern char *CIL_KEY_CATSET;
-+extern char *CIL_KEY_LEVEL;
-+extern char *CIL_KEY_LEVELRANGE;
-+extern char *CIL_KEY_CLASS;
-+extern char *CIL_KEY_IPADDR;
-+extern char *CIL_KEY_MAP_CLASS;
-+extern char *CIL_KEY_CLASSPERMISSION;
-+extern char *CIL_KEY_BOOL;
-+extern char *CIL_KEY_STRING;
-+extern char *CIL_KEY_NAME;
-+extern char *CIL_KEY_SOURCE;
-+extern char *CIL_KEY_TARGET;
-+extern char *CIL_KEY_LOW;
-+extern char *CIL_KEY_HIGH;
-+extern char *CIL_KEY_LOW_HIGH;
-+extern char *CIL_KEY_GLBLUB;
-+extern char *CIL_KEY_HANDLEUNKNOWN;
-+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
-+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
-+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
-+extern char *CIL_KEY_MACRO;
-+extern char *CIL_KEY_IN;
-+extern char *CIL_KEY_MLS;
-+extern char *CIL_KEY_DEFAULTRANGE;
-+extern char *CIL_KEY_BLOCKINHERIT;
-+extern char *CIL_KEY_BLOCKABSTRACT;
-+extern char *CIL_KEY_CLASSORDER;
-+extern char *CIL_KEY_CLASSMAPPING;
-+extern char *CIL_KEY_CLASSPERMISSIONSET;
-+extern char *CIL_KEY_COMMON;
-+extern char *CIL_KEY_CLASSCOMMON;
-+extern char *CIL_KEY_SID;
-+extern char *CIL_KEY_SIDCONTEXT;
-+extern char *CIL_KEY_SIDORDER;
-+extern char *CIL_KEY_USERLEVEL;
-+extern char *CIL_KEY_USERRANGE;
-+extern char *CIL_KEY_USERBOUNDS;
-+extern char *CIL_KEY_USERPREFIX;
-+extern char *CIL_KEY_SELINUXUSER;
-+extern char *CIL_KEY_SELINUXUSERDEFAULT;
-+extern char *CIL_KEY_TYPEATTRIBUTE;
-+extern char *CIL_KEY_TYPEATTRIBUTESET;
-+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
-+extern char *CIL_KEY_TYPEALIAS;
-+extern char *CIL_KEY_TYPEALIASACTUAL;
-+extern char *CIL_KEY_TYPEBOUNDS;
-+extern char *CIL_KEY_TYPEPERMISSIVE;
-+extern char *CIL_KEY_RANGETRANSITION;
-+extern char *CIL_KEY_USERROLE;
-+extern char *CIL_KEY_ROLETYPE;
-+extern char *CIL_KEY_ROLETRANSITION;
-+extern char *CIL_KEY_ROLEALLOW;
-+extern char *CIL_KEY_ROLEATTRIBUTE;
-+extern char *CIL_KEY_ROLEATTRIBUTESET;
-+extern char *CIL_KEY_ROLEBOUNDS;
-+extern char *CIL_KEY_BOOLEANIF;
-+extern char *CIL_KEY_NEVERALLOW;
-+extern char *CIL_KEY_TYPEMEMBER;
-+extern char *CIL_KEY_SENSALIAS;
-+extern char *CIL_KEY_SENSALIASACTUAL;
-+extern char *CIL_KEY_CATALIAS;
-+extern char *CIL_KEY_CATALIASACTUAL;
-+extern char *CIL_KEY_CATORDER;
-+extern char *CIL_KEY_SENSITIVITYORDER;
-+extern char *CIL_KEY_SENSCAT;
-+extern char *CIL_KEY_CONSTRAIN;
-+extern char *CIL_KEY_MLSCONSTRAIN;
-+extern char *CIL_KEY_VALIDATETRANS;
-+extern char *CIL_KEY_MLSVALIDATETRANS;
-+extern char *CIL_KEY_CONTEXT;
-+extern char *CIL_KEY_FILECON;
-+extern char *CIL_KEY_IBPKEYCON;
-+extern char *CIL_KEY_IBENDPORTCON;
-+extern char *CIL_KEY_PORTCON;
-+extern char *CIL_KEY_NODECON;
-+extern char *CIL_KEY_GENFSCON;
-+extern char *CIL_KEY_NETIFCON;
-+extern char *CIL_KEY_PIRQCON;
-+extern char *CIL_KEY_IOMEMCON;
-+extern char *CIL_KEY_IOPORTCON;
-+extern char *CIL_KEY_PCIDEVICECON;
-+extern char *CIL_KEY_DEVICETREECON;
-+extern char *CIL_KEY_FSUSE;
-+extern char *CIL_KEY_POLICYCAP;
-+extern char *CIL_KEY_OPTIONAL;
-+extern char *CIL_KEY_DEFAULTUSER;
-+extern char *CIL_KEY_DEFAULTROLE;
-+extern char *CIL_KEY_DEFAULTTYPE;
-+extern char *CIL_KEY_ROOT;
-+extern char *CIL_KEY_NODE;
-+extern char *CIL_KEY_PERM;
-+extern char *CIL_KEY_ALLOWX;
-+extern char *CIL_KEY_AUDITALLOWX;
-+extern char *CIL_KEY_DONTAUDITX;
-+extern char *CIL_KEY_NEVERALLOWX;
-+extern char *CIL_KEY_PERMISSIONX;
-+extern char *CIL_KEY_IOCTL;
-+extern char *CIL_KEY_UNORDERED;
-+extern char *CIL_KEY_SRC_INFO;
-+extern char *CIL_KEY_SRC_CIL;
-+extern char *CIL_KEY_SRC_HLL;
-
- /*
- Symbol Table Array Indices
---
-2.17.1
-
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch b/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
deleted file mode 100644
index 674fddd..0000000
--- a/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 3d32fc24d6aff360a538c63dad08ca5c957551b0 Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Thu, 23 Jan 2020 13:57:14 +0100
-Subject: [PATCH] libsepol: remove leftovers of cil_mem_error_handler
-
-Commit 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function
-pointer") replaced cil_mem_error_handler usage with inline contents of
-the default handler. However, it left over the header declaration and
-two callers. Convert these as well and remove the header declaration.
-
-This also fixes a build failure with -fno-common.
-
-Fixes: 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function pointer")
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/3d32fc24d6aff360a538c63dad08ca5c957551b0]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- cil/src/cil_mem.h | 1 -
- cil/src/cil_strpool.c | 8 ++++----
- 2 files changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/cil/src/cil_mem.h b/cil/src/cil_mem.h
-index 902ce131..794f02a3 100644
---- a/cil/src/cil_mem.h
-+++ b/cil/src/cil_mem.h
-@@ -36,7 +36,6 @@ void *cil_calloc(size_t num_elements, size_t element_size);
- void *cil_realloc(void *ptr, size_t size);
- char *cil_strdup(const char *str);
- int cil_asprintf(char **strp, const char *fmt, ...);
--void (*cil_mem_error_handler)(void);
-
- #endif /* CIL_MEM_H_ */
-
-diff --git a/cil/src/cil_strpool.c b/cil/src/cil_strpool.c
-index 97d4c4b9..2598bbf3 100644
---- a/cil/src/cil_strpool.c
-+++ b/cil/src/cil_strpool.c
-@@ -80,8 +80,8 @@ char *cil_strpool_add(const char *str)
- int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
- if (rc != SEPOL_OK) {
- pthread_mutex_unlock(&cil_strpool_mutex);
-- (*cil_mem_error_handler)();
-- pthread_mutex_lock(&cil_strpool_mutex);
-+ cil_log(CIL_ERR, "Failed to allocate memory\n");
-+ exit(1);
- }
- }
-
-@@ -104,8 +104,8 @@ void cil_strpool_init(void)
- cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
- if (cil_strpool_tab == NULL) {
- pthread_mutex_unlock(&cil_strpool_mutex);
-- (*cil_mem_error_handler)();
-- return;
-+ cil_log(CIL_ERR, "Failed to allocate memory\n");
-+ exit(1);
- }
- }
- cil_strpool_readers++;
---
-2.17.1
-
diff --git a/recipes-security/selinux/libsepol_3.0.bb b/recipes-security/selinux/libsepol_3.0.bb
deleted file mode 100644
index 58559d7..0000000
--- a/recipes-security/selinux/libsepol_3.0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require selinux_20191204.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "22ddb9994910cb9cfff5cb9663cb7ae7"
-SRC_URI[sha256sum] = "5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79"
-
-SRC_URI += "\
- file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \
- file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \
- "
diff --git a/recipes-security/selinux/libsepol_3.1.bb b/recipes-security/selinux/libsepol_3.1.bb
new file mode 100644
index 0000000..1568025
--- /dev/null
+++ b/recipes-security/selinux/libsepol_3.1.bb
@@ -0,0 +1,8 @@
+require selinux_20200710.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+SRC_URI[md5sum] = "b56dc01b76b97dcb730ab4e2fd1c9dea"
+SRC_URI[sha256sum] = "ae6778d01443fdd38cd30eeee846494e19f4d407b09872580372f4aa4bf8a3cc"
+
--
2.25.1


[meta-selinux][PATCH 03/17] selinux: upgrade inc files to 3.1 (20200710)

Yi Zhao
 

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{selinux_20191204.inc => selinux_20200710.inc} | 2 +-
recipes-security/selinux/selinux_common.inc | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{selinux_20191204.inc => selinux_20200710.inc} (90%)

diff --git a/recipes-security/selinux/selinux_20191204.inc b/recipes-security/selinux/selinux_20200710.inc
similarity index 90%
rename from recipes-security/selinux/selinux_20191204.inc
rename to recipes-security/selinux/selinux_20200710.inc
index 113fc30..a8a76e9 100644
--- a/recipes-security/selinux/selinux_20191204.inc
+++ b/recipes-security/selinux/selinux_20200710.inc
@@ -1,4 +1,4 @@
-SELINUX_RELEASE = "20191204"
+SELINUX_RELEASE = "20200710"

SRC_URI = "https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"

diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index f6c4a6b..09c0acc 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -10,6 +10,5 @@ do_install() {
PREFIX="${prefix}" \
INCLUDEDIR="${includedir}" \
LIBDIR="${libdir}" \
- SHLIBDIR="${base_libdir}" \
- SYSTEMDDIR="${systemd_unitdir}"
+ SHLIBDIR="${base_libdir}"
}
--
2.25.1


[meta-selinux][PATCH 02/17] audit: upgrade 2.8.5 -> 3.0

Yi Zhao
 

* Drop backported patches:
0001-Header-definitions-need-to-be-external-when-building.patch
0001-lib-i386_table.h-add-new-syscall.patch
Add-substitue-functions-for-strndupa-rawmemchr.patch

* Refresh patch:
Fixed-swig-host-contamination-issue.patch

* Update auditd.service.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...ns-need-to-be-external-when-building.patch | 28 ----
...001-lib-i386_table.h-add-new-syscall.patch | 42 ------
...tue-functions-for-strndupa-rawmemchr.patch | 133 ------------------
.../Fixed-swig-host-contamination-issue.patch | 12 +-
recipes-security/audit/audit/auditd.service | 26 ++--
.../audit/{audit_2.8.5.bb => audit_3.0.bb} | 28 ++--
6 files changed, 35 insertions(+), 234 deletions(-)
delete mode 100644 recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
delete mode 100644 recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
delete mode 100644 recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
rename recipes-security/audit/{audit_2.8.5.bb => audit_3.0.bb} (80%)

diff --git a/recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch b/recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
deleted file mode 100644
index 65ea478..0000000
--- a/recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 017e6c6ab95df55f34e339d2139def83e5dada1f Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Fri, 10 Jan 2020 21:13:50 -0500
-Subject: [PATCH] Header definitions need to be external when building with
- -fno-common (which is default in GCC 10) - Tony Jones
-
-Upstream-Status: Backport
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
----
- src/ausearch-common.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/ausearch-common.h b/src/ausearch-common.h
-index 6669203664ec..3040547afe95 100644
---- a/src/ausearch-common.h
-+++ b/src/ausearch-common.h
-@@ -50,7 +50,7 @@ extern pid_t event_pid;
- extern int event_exact_match;
- extern uid_t event_uid, event_euid, event_loginuid;
- extern const char *event_tuid, *event_teuid, *event_tauid;
--slist *event_node_list;
-+extern slist *event_node_list;
- extern const char *event_comm;
- extern const char *event_filename;
- extern const char *event_hostname;
---
-2.17.1
-
diff --git a/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch b/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
deleted file mode 100644
index 6e1827c..0000000
--- a/recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From df878b92e01f4d1c3de7f7d8229cea6a431509eb Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Wed, 19 Feb 2020 15:23:40 +0800
-Subject: [PATCH] lib/i386_table.h: add new syscall
-
-On 32bit system,
-After upgrade glibc to 2.31
- # strace -o /tmp/test.log date -s 09:16:45
- # tail -f /tmp/test.log
- close(3) = 0
- stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=114, ...}) = 0
- clock_settime64(CLOCK_REALTIME, {tv_sec=1582103805, tv_nsec=0}) = 0
- fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x4, 0x40), ...}) = 0
- ioctl(1, TCGETS, {B115200 opost isig icanon echo ...}) = 0
- write(1, "Wed Feb 19 09:16:45 UTC 2020\n", 29) = 29
- close(1) = 0
- close(2) = 0
- exit_group(0) = ?
- +++ exited with 0 +++
-
-It means the clock_settime64 syscall is used, so
-add the syscall.
-
-Upstream-Status: Submitted [https://github.com/linux-audit/audit-userspace/pull/116]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- lib/i386_table.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/i386_table.h b/lib/i386_table.h
-index 1a64c88..65fd4d9 100644
---- a/lib/i386_table.h
-+++ b/lib/i386_table.h
-@@ -405,3 +405,4 @@ _S(383, "statx")
- _S(384, "arch_prctl")
- _S(385, "io_pgetevents")
- _S(386, "rseq")
-+_S(404, "clock_settime64")
---
-2.7.4
-
diff --git a/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch b/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
deleted file mode 100644
index bb6c61e..0000000
--- a/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From bdcdc3dff4469aac88e718bd15958d5ed4b9392a Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Tue, 26 Feb 2019 18:33:33 -0500
-Subject: [PATCH] Add substitue functions for strndupa & rawmemchr
-
-Upstream-Status: Backport
-[https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e]
----
- auparse/auparse.c | 12 +++++++++++-
- auparse/interpret.c | 9 ++++++++-
- configure.ac | 14 +++++++++++++-
- src/ausearch-lol.c | 12 +++++++++++-
- 4 files changed, 43 insertions(+), 4 deletions(-)
-
-diff --git a/auparse/auparse.c b/auparse/auparse.c
-index 650db02..2e1c737 100644
---- a/auparse/auparse.c
-+++ b/auparse/auparse.c
-@@ -1,5 +1,5 @@
- /* auparse.c --
-- * Copyright 2006-08,2012-17 Red Hat Inc., Durham, North Carolina.
-+ * Copyright 2006-08,2012-19 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This library is free software; you can redistribute it and/or
-@@ -1118,6 +1118,16 @@ static int str2event(char *s, au_event_t *e)
- return 0;
- }
-
-+#ifndef HAVE_STRNDUPA
-+static inline char *strndupa(const char *old, size_t n)
-+{
-+ size_t len = strnlen(old, n);
-+ char *tmp = alloca(len + 1);
-+ tmp[len] = 0;
-+ return memcpy(tmp, old, len);
-+}
-+#endif
-+
- /* Returns 0 on success and 1 on error */
- static int extract_timestamp(const char *b, au_event_t *e)
- {
-diff --git a/auparse/interpret.c b/auparse/interpret.c
-index 51c4a5e..67b7b77 100644
---- a/auparse/interpret.c
-+++ b/auparse/interpret.c
-@@ -853,6 +853,13 @@ err_out:
- return print_escaped(id->val);
- }
-
-+// rawmemchr is faster. Let's use it if we have it.
-+#ifdef HAVE_RAWMEMCHR
-+#define STRCHR rawmemchr
-+#else
-+#define STRCHR strchr
-+#endif
-+
- static const char *print_proctitle(const char *val)
- {
- char *out = (char *)print_escaped(val);
-@@ -863,7 +870,7 @@ static const char *print_proctitle(const char *val)
- // Proctitle has arguments separated by NUL bytes
- // We need to write over the NUL bytes with a space
- // so that we can see the arguments
-- while ((ptr = rawmemchr(ptr, '\0'))) {
-+ while ((ptr = STRCHR(ptr, '\0'))) {
- if (ptr >= end)
- break;
- *ptr = ' ';
-diff --git a/configure.ac b/configure.ac
-index 54bdbf1..aef07fb 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1,7 +1,7 @@
- dnl
- define([AC_INIT_NOTICE],
- [### Generated automatically using autoconf version] AC_ACVERSION [
--### Copyright 2005-18 Steve Grubb <sgrubb@redhat.com>
-+### Copyright 2005-19 Steve Grubb <sgrubb@redhat.com>
- ###
- ### Permission is hereby granted, free of charge, to any person obtaining a
- ### copy of this software and associated documentation files (the "Software"),
-@@ -72,6 +72,18 @@ dnl; posix_fallocate is used in audisp-remote
- AC_CHECK_FUNCS([posix_fallocate])
- dnl; signalfd is needed for libev
- AC_CHECK_FUNC([signalfd], [], [ AC_MSG_ERROR([The signalfd system call is necessary for auditd]) ])
-+dnl; check if rawmemchr is available
-+AC_CHECK_FUNCS([rawmemchr])
-+dnl; check if strndupa is available
-+AC_LINK_IFELSE(
-+ [AC_LANG_SOURCE(
-+ [[
-+ #define _GNU_SOURCE
-+ #include <string.h>
-+ int main() { (void) strndupa("test", 10); return 0; }]])],
-+ [AC_DEFINE(HAVE_STRNDUPA, 1, [Let us know if we have it or not])],
-+ []
-+)
-
- ALLWARNS=""
- ALLDEBUG="-g"
-diff --git a/src/ausearch-lol.c b/src/ausearch-lol.c
-index 5d17a72..758c33e 100644
---- a/src/ausearch-lol.c
-+++ b/src/ausearch-lol.c
-@@ -1,6 +1,6 @@
- /*
- * ausearch-lol.c - linked list of linked lists library
--* Copyright (c) 2008,2010,2014,2016 Red Hat Inc., Durham, North Carolina.
-+* Copyright (c) 2008,2010,2014,2016,2019 Red Hat Inc., Durham, North Carolina.
- * All Rights Reserved.
- *
- * This software may be freely redistributed and/or modified under the
-@@ -152,6 +152,16 @@ static int compare_event_time(event *e1, event *e2)
- return 0;
- }
-
-+#ifndef HAVE_STRNDUPA
-+static inline char *strndupa(const char *old, size_t n)
-+{
-+ size_t len = strnlen(old, n);
-+ char *tmp = alloca(len + 1);
-+ tmp[len] = 0;
-+ return memcpy(tmp, old, len);
-+}
-+#endif
-+
- /*
- * This function will look at the line and pick out pieces of it.
- */
---
-2.7.4
-
diff --git a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
index 7c26995..740bcb5 100644
--- a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
+++ b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
@@ -1,4 +1,4 @@
-From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001
+From 3d13f92c1bb293523670ba01aea7e655b00a6709 Mon Sep 17 00:00:00 2001
From: Li xin <lixin.fnst@cn.fujitsu.com>
Date: Sun, 19 Jul 2015 02:42:58 +0900
Subject: [PATCH] audit: Fixed swig host contamination issue
@@ -19,7 +19,7 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
-index 9938418..fa46aac 100644
+index dd9d934..61b486d 100644
--- a/bindings/swig/python3/Makefile.am
+++ b/bindings/swig/python3/Makefile.am
@@ -22,6 +22,7 @@
@@ -30,7 +30,7 @@ index 9938418..fa46aac 100644
LIBS = $(top_builddir)/lib/libaudit.la
SWIG_FLAGS = -python -py3 -modern
SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
+@@ -36,7 +37,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
nodist__audit_la_SOURCES = audit_wrap.c
audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
@@ -40,7 +40,7 @@ index 9938418..fa46aac 100644
CLEANFILES = audit.py* audit_wrap.c *~

diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 7ebb373..424fb68 100644
+index 21aafca..dd0f62c 100644
--- a/bindings/swig/src/auditswig.i
+++ b/bindings/swig/src/auditswig.i
@@ -39,7 +39,7 @@ signed
@@ -50,8 +50,8 @@ index 7ebb373..424fb68 100644
-%include "/usr/include/linux/audit.h"
+%include "linux/audit.h"
#define __extension__ /*nothing*/
- #include <stdint.h>
+ %include <stdint.i>
%include "../lib/libaudit.h"
--
-2.7.4
+2.17.1

diff --git a/recipes-security/audit/audit/auditd.service b/recipes-security/audit/audit/auditd.service
index ebc0798..06c63f0 100644
--- a/recipes-security/audit/audit/auditd.service
+++ b/recipes-security/audit/audit/auditd.service
@@ -1,20 +1,28 @@
[Unit]
Description=Security Auditing Service
DefaultDependencies=no
-After=local-fs.target
-Conflicts=shutdown.target
+After=local-fs.target systemd-tmpfiles-setup.service
Before=sysinit.target shutdown.target
-After=systemd-tmpfiles-setup.service
+Conflicts=shutdown.target
+ConditionKernelCommandLine=!audit=0

[Service]
-ExecStart=/sbin/auditd -n
-## To use augenrules, copy this file to /etc/systemd/system/auditd.service
-## and uncomment the next line and delete/comment out the auditctl line.
-## Then copy existing rules to /etc/audit/rules.d/
-## Not doing this last step can cause loss of existing rules
+Type=forking
+PIDFile=/run/auditd.pid
+ExecStart=/sbin/auditd
+## To use augenrules, uncomment the next line and comment/delete the auditctl line.
+## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
#ExecStartPost=-/sbin/augenrules --load
ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-ExecReload=/bin/kill -HUP $MAINPID
+# By default we don't clear the rules on exit.
+# To enable this, uncomment the next line.
+#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
+
+### Security Settings ###
+MemoryDenyWriteExecute=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelModules=true

[Install]
WantedBy=multi-user.target
diff --git a/recipes-security/audit/audit_2.8.5.bb b/recipes-security/audit/audit_3.0.bb
similarity index 80%
rename from recipes-security/audit/audit_2.8.5.bb
rename to recipes-security/audit/audit_3.0.bb
index e2e0352..b7170c7 100644
--- a/recipes-security/audit/audit_2.8.5.bb
+++ b/recipes-security/audit/audit_3.0.bb
@@ -7,18 +7,15 @@ SECTION = "base"
LICENSE = "GPLv2+ & LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

-SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \
- file://Add-substitue-functions-for-strndupa-rawmemchr.patch \
+SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \
file://Fixed-swig-host-contamination-issue.patch \
- file://0001-lib-i386_table.h-add-new-syscall.patch \
- file://0001-Header-definitions-need-to-be-external-when-building.patch \
file://auditd \
file://auditd.service \
file://audit-volatile.conf \
"

S = "${WORKDIR}/git"
-SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
+SRCREV = "ea8dbab9e0fb3fb2507ac5b8dc792ef32a97c87e"

inherit autotools python3native update-rc.d systemd

@@ -29,10 +26,9 @@ INITSCRIPT_PARAMS = "defaults"
SYSTEMD_PACKAGES = "auditd"
SYSTEMD_SERVICE_auditd = "auditd.service"

-DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
+DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"

-EXTRA_OECONF += "--without-prelude \
- --with-libwrap \
+EXTRA_OECONF = " --with-libwrap \
--enable-gssapi-krb5=no \
--with-libcap-ng=yes \
--with-python3=yes \
@@ -45,7 +41,7 @@ EXTRA_OECONF += "--without-prelude \
--with-aarch64=yes \
"

-EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
+EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \
PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
STDINC='${STAGING_INCDIR}' \
@@ -62,7 +58,7 @@ PACKAGES =+ "audispd-plugins"
PACKAGES += "auditd ${PN}-python"

FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
-FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*"
+FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*"
FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
${sysconfdir}/audisp/plugins.d/au-remote.conf \
${sbindir}/audisp-remote ${localstatedir}/spool/audit \
@@ -70,8 +66,8 @@ FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \
FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"

-CONFFILES_auditd += "${sysconfdir}/audit/audit.rules"
-RDEPENDS_auditd += "bash"
+CONFFILES_auditd = "${sysconfdir}/audit/audit.rules"
+RDEPENDS_auditd = "bash"

do_install_append() {
rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
@@ -87,14 +83,14 @@ do_install_append() {
rm -rf ${D}/etc/rc.d

if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ # install systemd unit files
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
+
install -d ${D}${sysconfdir}/tmpfiles.d/
install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
fi

- # install systemd unit files
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
-
# audit-2.5 doesn't install any rules by default, so we do that here
mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
--
2.25.1


[meta-selinux][PATCH 01/17] audit: enable arm/aarch64 processor support by default

Yi Zhao
 

We encountered a runtime error for auditctl on lib32 image for aarch64:

root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change
arch elf mapping not found

The root cause is the aarch64 processor support is not enabled for arm
build. Refer to Debian[1] and Fedora[2], actually we can enable
arm/aarch64 processor support unconditionally.

[1] https://salsa.debian.org/debian/audit/-/commit/8c6b2049bafb52712ca981e73d5b79d5bd97e08e
[2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/audit/audit_2.8.5.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-security/audit/audit_2.8.5.bb b/recipes-security/audit/audit_2.8.5.bb
index e3e5ddd..e2e0352 100644
--- a/recipes-security/audit/audit_2.8.5.bb
+++ b/recipes-security/audit/audit_2.8.5.bb
@@ -41,9 +41,9 @@ EXTRA_OECONF += "--without-prelude \
--without-python \
--without-golang \
--disable-zos-remote \
+ --with-arm=yes \
+ --with-aarch64=yes \
"
-EXTRA_OECONF_append_arm = " --with-arm=yes"
-EXTRA_OECONF_append_aarch64 = " --with-aarch64=yes"

EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \
PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
--
2.25.1


[meta-selinux][PATCH 00/17] selinux: upgrade 3.0 -> 3.1

Yi Zhao
 

auditd: upgrade 2.8.5 -> 3.0
selinux: upgrade 3.0 -> 3.1


Yi Zhao (17):
audit: enable arm/aarch64 processor support by default
audit: upgrade 2.8.5 -> 3.0
selinux: upgrade inc files to 3.1 (20200710)
libsepol: upgrade to 3.1 (20200710)
libselinux: upgrade to 3.1 (20200710)
libselinux-python: upgrade to 3.1 (20200710)
libsemanage: upgrade to 3.1 (20200710)
checkpolicy: upgrade to 3.0 (20191204)
secilc: upgrade to 3.1 (20200710)
policycoreutils: upgrade to 3.1 (20200710)
mcstrans: upgrade to 3.1 (20200710)
restorecond: upgrade to 3.1 (20200710)
selinux-python: upgrade to 3.1 (20200710)
selinux-dbus: upgrade to 3.1 (20200710)
selinux-sandbox: upgrade to 3.1 (20200710)
selinux-gui: upgrade to 3.1 (20200710)
semodule-utils: upgrade to 3.1 (20200710)

...ns-need-to-be-external-when-building.patch | 28 -
...001-lib-i386_table.h-add-new-syscall.patch | 42 --
...tue-functions-for-strndupa-rawmemchr.patch | 133 -----
.../Fixed-swig-host-contamination-issue.patch | 12 +-
recipes-security/audit/audit/auditd.service | 26 +-
.../audit/{audit_2.8.5.bb => audit_3.0.bb} | 32 +-
...ckpolicy-remove-unused-te_assertions.patch | 45 --
recipes-security/selinux/checkpolicy_3.0.bb | 11 -
recipes-security/selinux/checkpolicy_3.1.bb | 7 +
...python_3.0.bb => libselinux-python_3.1.bb} | 13 +-
...T-and-rely-on-the-installed-file-nam.patch | 12 +-
...ainst-musl-and-uClibc-libc-libraries.patch | 38 --
...hon-modules-install-path-for-multili.patch | 12 +-
...elinux-do-not-define-gettid-for-musl.patch | 47 ++
...nux-drop-Wno-unused-but-set-variable.patch | 26 -
recipes-security/selinux/libselinux_3.0.bb | 15 -
recipes-security/selinux/libselinux_3.1.bb | 17 +
...anage-allow-to-disable-audit-support.patch | 12 +-
...age-drop-Wno-unused-but-set-variable.patch | 28 -
...{libsemanage_3.0.bb => libsemanage_3.1.bb} | 7 +-
...IL_KEY_-build-errors-with-fno-common.patch | 530 ------------------
...e-leftovers-of-cil_mem_error_handler.patch | 65 ---
recipes-security/selinux/libsepol_3.0.bb | 12 -
recipes-security/selinux/libsepol_3.1.bb | 8 +
recipes-security/selinux/mcstrans.inc | 6 +-
recipes-security/selinux/mcstrans_3.0.bb | 7 -
recipes-security/selinux/mcstrans_3.1.bb | 7 +
.../selinux/policycoreutils_3.0.bb | 7 -
.../selinux/policycoreutils_3.1.bb | 7 +
recipes-security/selinux/restorecond.inc | 14 +-
recipes-security/selinux/restorecond_3.0.bb | 7 -
recipes-security/selinux/restorecond_3.1.bb | 7 +
recipes-security/selinux/secilc_3.0.bb | 7 -
recipes-security/selinux/secilc_3.1.bb | 7 +
recipes-security/selinux/selinux-dbus_3.0.bb | 7 -
recipes-security/selinux/selinux-dbus_3.1.bb | 7 +
recipes-security/selinux/selinux-gui_3.0.bb | 7 -
recipes-security/selinux/selinux-gui_3.1.bb | 7 +
.../fix-sepolicy-install-path.patch | 12 +-
.../selinux/selinux-python_3.0.bb | 7 -
.../selinux/selinux-python_3.1.bb | 7 +
.../selinux/selinux-sandbox_3.0.bb | 7 -
.../selinux/selinux-sandbox_3.1.bb | 7 +
...inux_20191204.inc => selinux_20200710.inc} | 2 +-
recipes-security/selinux/selinux_common.inc | 3 +-
.../selinux/semodule-utils_3.0.bb | 7 -
.../selinux/semodule-utils_3.1.bb | 7 +
47 files changed, 233 insertions(+), 1108 deletions(-)
delete mode 100644 recipes-security/audit/audit/0001-Header-definitions-need-to-be-external-when-building.patch
delete mode 100644 recipes-security/audit/audit/0001-lib-i386_table.h-add-new-syscall.patch
delete mode 100644 recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch
rename recipes-security/audit/{audit_2.8.5.bb => audit_3.0.bb} (78%)
delete mode 100644 recipes-security/selinux/checkpolicy/0001-checkpolicy-remove-unused-te_assertions.patch
delete mode 100644 recipes-security/selinux/checkpolicy_3.0.bb
create mode 100644 recipes-security/selinux/checkpolicy_3.1.bb
rename recipes-security/selinux/{libselinux-python_3.0.bb => libselinux-python_3.1.bb} (66%)
delete mode 100644 recipes-security/selinux/libselinux/0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch
create mode 100644 recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644 recipes-security/selinux/libselinux/libselinux-drop-Wno-unused-but-set-variable.patch
delete mode 100644 recipes-security/selinux/libselinux_3.0.bb
create mode 100644 recipes-security/selinux/libselinux_3.1.bb
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
rename recipes-security/selinux/{libsemanage_3.0.bb => libsemanage_3.1.bb} (60%)
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
delete mode 100644 recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
delete mode 100644 recipes-security/selinux/libsepol_3.0.bb
create mode 100644 recipes-security/selinux/libsepol_3.1.bb
delete mode 100644 recipes-security/selinux/mcstrans_3.0.bb
create mode 100644 recipes-security/selinux/mcstrans_3.1.bb
delete mode 100644 recipes-security/selinux/policycoreutils_3.0.bb
create mode 100644 recipes-security/selinux/policycoreutils_3.1.bb
delete mode 100644 recipes-security/selinux/restorecond_3.0.bb
create mode 100644 recipes-security/selinux/restorecond_3.1.bb
delete mode 100644 recipes-security/selinux/secilc_3.0.bb
create mode 100644 recipes-security/selinux/secilc_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-dbus_3.0.bb
create mode 100644 recipes-security/selinux/selinux-dbus_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-gui_3.0.bb
create mode 100644 recipes-security/selinux/selinux-gui_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-python_3.0.bb
create mode 100644 recipes-security/selinux/selinux-python_3.1.bb
delete mode 100644 recipes-security/selinux/selinux-sandbox_3.0.bb
create mode 100644 recipes-security/selinux/selinux-sandbox_3.1.bb
rename recipes-security/selinux/{selinux_20191204.inc => selinux_20200710.inc} (90%)
delete mode 100644 recipes-security/selinux/semodule-utils_3.0.bb
create mode 100644 recipes-security/selinux/semodule-utils_3.1.bb

--
2.25.1


[error-report-web][PATCH] report-error.bbclass: Add layer and bitbake version info to error report

Milan Shah
 

Instead of just providing local.conf info, add layer names and their
revisions with bitbake version information into error report
makes it easier to understand and reproduce failed build.

[YOCTO #9700]

Signed-off-by: Milan Shah <mshah@mvista.com>
---
meta/classes/report-error.bbclass | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/meta/classes/report-error.bbclass b/meta/classes/report-error.bbclass
index 1a12db1..9cb6b0b 100644
--- a/meta/classes/report-error.bbclass
+++ b/meta/classes/report-error.bbclass
@@ -6,6 +6,8 @@
#
# Licensed under the MIT license, see COPYING.MIT for details

+inherit base
+
ERR_REPORT_DIR ?= "${LOG_DIR}/error-report"

def errorreport_getdata(e):
@@ -64,6 +66,8 @@ python errorreport_handler () {
data['failures'] = []
data['component'] = " ".join(e.getPkgs())
data['branch_commit'] = str(base_detect_branch(e.data)) + ": " + str(base_detect_revision(e.data))
+ data['bitbake_version'] = e.data.getVar("BB_VERSION")
+ data['layer_version'] = get_layers_branch_rev(e.data)
data['local_conf'] = get_conf_data(e, 'local.conf')
data['auto_conf'] = get_conf_data(e, 'auto.conf')
lock = bb.utils.lockfile(datafile + '.lock')
--
2.7.4


Re: How to select Linux kernel version?

kapllaj.elvis@...
 

It also may be overridden by some conf file. For example, if you are using a i.MX cpus, you may have some conf file on meta-freescale that override this variable with something like: PREFERRED_PROVIDER_virtual/kernel_imx = "some kernel"

I had a situation like this on a imx6 xpu, and had to specify the "_imx" override in order to make it work.

"bitbake - e virtual/kernel | grep PREFERRED_PROVIDER_virtual/kernel" is your friend. 
It will show you the current variable selected, and also the different overrides available.


Re: How to select Linux kernel version?

JH
 

Thanks for the response.

Is the PREFERRED_PROVIDER_virtual/kernel set to linux-yocto? You need
to set the PREFERRED_VERSION for kernel that you are using ...
Yes, I tried to set both in local.conif or distro, none of works.

bitbake -e virtual/kernel output should help see how it's being set and
where.
There was no PREFERRED_PROVIDER_virtual/kernel, nor
PREFERRED_VERSION_linux-yocto setup.

Thank you.

Kind regards,

- j


Re: How to select Linux kernel version?

Anuj Mittal
 

On Wed, 2021-01-06 at 17:02 +1100, JH wrote:
Hi,

I replaced Linux kernel version from 4.19 by 5.10 bb file, but it
still built 4.19 zImage, I add PREFERRED_VERSION_linux-yocto =
"5.10%"
in local.conf, it still built 4.19 zImage. Where the linux kernel
version is defined in configure files?
Is the PREFERRED_PROVIDER_virtual/kernel set to linux-yocto? You need
to set the PREFERRED_VERSION for kernel that you are using ...

bitbake -e virtual/kernel output should help see how it's being set and
where.

Thanks,

Anuj


How to select Linux kernel version?

JH
 

Hi,

I replaced Linux kernel version from 4.19 by 5.10 bb file, but it
still built 4.19 zImage, I add PREFERRED_VERSION_linux-yocto = "5.10%"
in local.conf, it still built 4.19 zImage. Where the linux kernel
version is defined in configure files?

Thank you.

Kind regards,

- j


Re: oeqa: testcase caching

Richard Purdie
 

On Mon, 2021-01-04 at 11:44 +0100, Konrad Weihmann wrote:
I have a bunch of custom testcases (oeqa/runtime/cases) which are
interacting with "d" from the build host - basically fetching some
info
while executing the test, e.g.

foo = self.tc.td['MY_CUSTOM_VAR']

What I've seen is that these files create python __pycache__ files
during parsing of the testimage run.

On the initial run everything is working like expected, but if I now
change the variable "MY_CUSTOM_VAR", without modifying the
target-filesystem the value inside the test case doesn't get updated.

Did anyone else encountered this?

To me it seems like the value of the var does make it into the
pycache
files, ignoring the updated value on a second run.

On that note: wouldn't it make sense to disable the cache creation
for
oeqa test cases? just to mitigate chances of such scenarios?

Or maybe I'm doing something wrong here, so any pointers are highly
appreciated.
FWIW this doesn't sound right to me. pyc files (in __pycache__) would
cache the code, not data so I don't see how these values would be
preserved there. I don't doubt you're seeing some kind of issue but I
suspect its more likely bitbake's cache or something...

Cheers,

Richard


Re: How do I build an x32 Intel system?

Richard Purdie
 

On Sun, 2021-01-03 at 10:44 -0800, Paul D. DeRocco wrote:
I've been resurrecting an old Pyro project under Gatesgarth. It's an
Intel
32-bit system that needs maximum speed, so I decided to try to build
the
system and application as 64-bit, for more registers. It pretty much
worked
on the first try, and is about 8% faster. Now I'm trying to do it as
x32, to
see if that speeds it up even more.

Unable to find any specific instructions, I set the DEFAULTTUNE to
"core2-64-x32" in my BSP conf file. Also, in the old project I had
tinkered
around with this a bit, and had found some kernel config settings
somewhere,
so I tried using them again:

CONFIG_X86_X32=y
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
CONFIG_KEYS_COMPAT=y
CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
CONFIG_BLOCK_COMPAT=y

Other than the first one, I don't know whether these are correct, or
where I
originally got them, or if there's a stock .cfg file that does all
this.

The system built fine, the SDK built fine, and my application built
fine,
but when I boot, I get a kernel panic, preceded by some message about
"kmod
busy with 50 threads for more than 5 seconds now".

Is there some instruction on how to do a proper x32 build? I couldn't
find
one Googling. Barring that, do any of those kernel configs look bogus?

You can see the autobuilder x32 test configuration here:

https://autobuilder.yoctoproject.org/typhoon/#/builders/57/builds/2866/steps/10/logs/stdio

the key parts of which are probably:

MACHINE = "qemux86-64"
DEFAULTTUNE = 'x86-64-x32'
baselib = "${@d.getVar('BASE_LIB_tune-' + (d.getVar('DEFAULTTUNE', True) or 'INVALID'), True) or 'lib'}"

Cheers,

Richard


Yocto Project Status WW01`21

Stephen Jolley
 

Current Dev Position: YP 3.3 M2 development

Next Deadline: 18th January 2021 YP 3.3 M2 build 

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.2.1 and YP 3.3 M1 were released
  • Patches for 3.3 M2 development are being tested and merged. We have two weeks before M2 is due to be built.
  • Many version upgrades have been merged and the project has worked closely with the upcoming autoconf and ppp releases to reduce our patch deficit and ensure we’re ready for them.
  • We have seen a number of reproducibility failures from the increased test coverage on the autobuilder, several of the issues have had fixes.
  • We are now tracking intermittent ptest failures and a number of bugs have been opened for these, we don’t as yet have people able to work on them though.
  • CVE metrics have trended slowly downwards, thanks to everyone sending patches and quietly improving things either through patches or better CVE definitions upstream.
  • Intermittent autobuilder issues continue to occur. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT
  • The LTS release has changed documentation format from docbook over to sphinx to match master as it should be more maintainable and consistent with the project over the planned life of the LTS.
  • For the LTS, there is also discussion on whether the wider reproducibility testing should be enabled as recently done in master due to the number of potential issues which may need to be fixed (master isn’t 100% working yet) as well as whether the pseudo path filtering should be backported. Please do give input to discussions on these topics on the mailing lists.

 

Ways to contribute:

 

YP 3.3 Milestone Dates:

  • YP 3.3 M1 is released
  • YP 3.3 M2 build date 2021/01/18
  • YP 3.3 M2 Release date 2021/01/29
  • YP 3.3 M3 build date 2021/03/01
  • YP 3.3 M3 Release date 2021/03/12
  • YP 3.3 M4 build date 2021/04/05
  • YP 3.3 M4 Release date 2021/04/30

 

Planned upcoming dot releases:

  • YP 3.2.1 is released
  • YP 3.1.5 build date 2021/01/11
  • YP 3.1.5 release date 2021/01/22
  • YP 3.2.2 build date 2021/02/08
  • YP 3.2.2 release date 2021/02/19
  • YP 3.1.6 build date 2021/02/22
  • YP 3.1.6 release date 2021/03/05
  • YP 3.1.7 build date 2021/03/22
  • YP 3.1.7 release date 2021/04/02

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC


The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Update version

JH
 

Hi,

Where to download Yocto receipt for kernel version 5.10? To update a
stable version, should I update Yocto version to 3.3 or 3.1?

Thank you.

Kind regards,

- j


[meta-mingw][PATCH] openssl: support for building nativesdk of mingw

Changqing Li
 

* add support for mingw32
* Engines are installed in a slightly different path, which is
urgly, patch it to make the path shorter
* remove runtime dependency from perl for mingw nativesdk

since commit 70da1f956bfbb627691c47eba7451182aca758e3 of oe-core
'openssl: Add c_rehash to misc package and add perl runtime dependency'

package openssl-misc have runtime dependency on perl, and perl then
have depenency on another 3 recipes, db/gdbm/libxcrypt. according to
http://arsv.github.io/perl-cross/usage.html, perl don't support
cross-compile build for mingw32 and another 3 recipes also don't
support mingw well. so remove the dependency of perl, don't support
c_rehash for mingw.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
...ile.tmpl-don-t-add-prefix-for-libdir.patch | 32 +++++++++++++++++++
.../openssl/openssl_%.bbappend | 31 ++++++++++++++++++
2 files changed, 63 insertions(+)
create mode 100644 recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch
create mode 100644 recipes-connectivity/openssl/openssl_%.bbappend

diff --git a/recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch b/recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch
new file mode 100644
index 0000000..028431b
--- /dev/null
+++ b/recipes-connectivity/openssl/files/0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch
@@ -0,0 +1,32 @@
+From 8fe5c9421acfaff35b637e7ad55d1df598bb7081 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Tue, 22 Dec 2020 09:22:10 +0800
+Subject: [PATCH] unix-Makefile.tmpl: don't add prefix for libdir
+
+we had pass libdir to Configure, don't use prefix again to
+avoid engineer dir set to:
+/opt/poky/3.2+snapshot/sysroots/x86_64-w64-mingw32/usr/opt/poky/3.2+snapshot/sysroots/x86_64-w64-mingw32/usr/lib/engines-1_1
+
+Upstream-Status: Inappropriate[oe-specific]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index bbafb98..eecb63e 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -244,7 +244,7 @@ LIBDIR={- our $libdir = $config{libdir} || "lib";
+ File::Spec::Win32->file_name_is_absolute($libdir) ? "" : $libdir -}
+ ENGINESDIR_dev={- use File::Spec::Win32;
+ our $enginesdir =
+- File::Spec::Win32->catdir($prefix,$libdir,
++ File::Spec::Win32->catdir($libdir,
+ "engines-$sover_dirname");
+ our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) =
+ File::Spec::Win32->splitpath($enginesdir, 1);
+--
+2.17.1
+
diff --git a/recipes-connectivity/openssl/openssl_%.bbappend b/recipes-connectivity/openssl/openssl_%.bbappend
new file mode 100644
index 0000000..7fd82f1
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_%.bbappend
@@ -0,0 +1,31 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI_append_mingw32_class-nativesdk = " \
+ file://0001-unix-Makefile.tmpl-don-t-add-prefix-for-libdir.patch \
+"
+
+do_configure_mingw32 () {
+ os=${HOST_OS}
+ target="$os-${HOST_ARCH}"
+ case $target in
+ mingw32-x86_64)
+ target=mingw64
+ ;;
+ mingw32-i686)
+ target=mingw
+ ;;
+ esac
+
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ # WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+ # environment variables set by bitbake. Adjust the environment variables instead.
+ HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+ perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+ perl ${B}/configdata.pm --dump
+}
+
+FILES_${PN}-engines_mingw32_class-nativesdk = "${libdir}/engines-1_1"
+RDEPENDS_${PN}-misc_remove_mingw32_class-nativesdk = "perl"
--
2.17.1


M+ & H bugs with Milestone Movements WW01

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW01 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

11449

Allow overriding classes to override overridden classes

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

11746

oe-selftest: capture self.logger messages in XML output

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

12090

bitbake resident server reconnect needed ?

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

12368

persistent bitbake server does not re-parse if previous build was ctrl+C'd

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

12970

uninative file should be versionned

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

12986

Failed to expand SRCPV on updateding SRC_URI using pn overrides and BBCLASSEXTEND

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13183

bitbake-layers crashes with incorrect layer configuration data is given (expected proper error printing and exit with error)

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13278

If git protocol doesn't work, you get a tar.gz clone from PREMIRROR which has git protocol origin

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13355

RDEPENDS does not work properly for native builds (only supports recipe names, not package names)

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13374

Determine 32bit guest support on arm64

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13424

devupstream doesn't work with mutilib

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13448

bitbake master appears to expand variables it should not need to

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13599

Enhancement: Detect variables that shouldn't be defined in image scope, but in global (distro) scope

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13699

Prolonged recipe parsing times after removing tmp when the resident bitbake server is used

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13711

Parsing fails on externalsrc recipe containing both git and file in SRC_URI

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13729

Changing siteinfo files doesn't change task checksum

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13823

fetch2: PREMIRROR and SRC_URI with users on both url yields invalid username

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13886

bitbake resident server does not honour --runonly or --runall options

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

13973

rm_work sigdata written with same hash and empty diffsigs, though different contents

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

14054

bitbake-layers allows adding invalid layer configuration

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

14088

Attempting to override RDEPENDS_${PN} from global config doesn't work

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

 

14112

nspr-native with OE/Yocto build tools doesn't build [Ubuntu 16.04.6]: undefined reference  to `__clock_getres@GLIBC_PRIVATE'

richard.purdie@...

richard.purdie@...

3.3 M1

3.3 M2

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 3.3

Stephen Jolley
 

All,

Below is the list as of top 48 bug owners as of the end of WW01 of who have open medium or higher bugs and enhancements against YP 3.3.   There are 81 possible work days left until the final release candidates for YP 3.3 needs to be released.

Who

Count

richard.purdie@...

36

ross@...

27

david.reyna@...

21

bluelightning@...

19

bruce.ashfield@...

14

timothy.t.orling@...

12

JPEWhacker@...

11

mark.morton@...

11

sakib.sajal@...

10

kai.kang@...

10

trevor.gamblin@...

9

akuster808@...

9

Qi.Chen@...

6

hongxu.jia@...

4

stacygaikovaia@...

4

randy.macleod@...

4

raj.khem@...

4

yi.zhao@...

4

idadelm@...

4

mingli.yu@...

4

mostthingsweb@...

3

chee.yang.lee@...

3

alejandro@...

3

jeanmarie.lemetayer@...

2

saul.wold@...

2

matthewzmd@...

2

pokylinux@...

2

jaewon@...

2

ydirson@...

2

anuj.mittal@...

2

jon.mason@...

2

shachar@...

1

kergoth@...

1

aehs29@...

1

akuster@...

1

mark.hatle@...

1

pbarker@...

1

kamensky@...

1

dl9pf@...

1

joe.slater@...

1

twoerner@...

1

apoorvsangal@...

1

liezhi.yang@...

1

mhalstead@...

1

maxime.roussinbelanger@...

1

kexin.hao@...

1

Martin.Jansa@...

1

matt.ranostay@...

1

Grand Total

265

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 

1941 - 1960 of 53814