mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-11 15:00:34 +00:00
apparmor: upgrade 3.0 -> 3.0.1
Drop backport patches: 0001-apparmor-fix-manpage-order.patch 0001-libapparmor-add-missing-include-for-socklen_t.patch 0002-libapparmor-add-aa_features_new_from_file-to-public-.patch 0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch 0001-aa_status-Fix-build-issue-with-musl.patch 0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao
Armin Kuster
@@ -23,16 +23,10 @@ SRC_URI = " \
|
||||
file://apparmor.service \
|
||||
file://0001-Makefile.am-suppress-perllocal.pod.patch \
|
||||
file://run-ptest \
|
||||
file://0001-apparmor-fix-manpage-order.patch \
|
||||
file://0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch \
|
||||
file://0001-libapparmor-add-missing-include-for-socklen_t.patch \
|
||||
file://0002-libapparmor-add-aa_features_new_from_file-to-public-.patch \
|
||||
file://0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch \
|
||||
file://0001-aa_status-Fix-build-issue-with-musl.patch \
|
||||
file://0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch \
|
||||
"
|
||||
|
||||
SRCREV = "5d51483bfecf556183558644dc8958135397a7e2"
|
||||
SRCREV = "b0f08aa9d678197b8e3477c2fbff790f50a1de5e"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
PARALLEL_MAKE = ""
|
||||
@@ -6,7 +6,7 @@ Subject: [PATCH] Revert "profiles: Update 'make check' to select tools based
|
||||
|
||||
This reverts commit 6016f931ebf7b61e1358f19453ef262d9d184a4e.
|
||||
|
||||
Upstream-Statue: OE specific
|
||||
Upstream-Status: Inappropriate [OE specific]
|
||||
These changes cause during packaging with perms changing.
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
From 2bf15cc68f31c9f41962bb60a669ab2b453a039b Mon Sep 17 00:00:00 2001
|
||||
From: Armin Kuster <akuster808@gmail.com>
|
||||
Date: Wed, 7 Oct 2020 08:27:11 -0700
|
||||
Subject: [PATCH] aa_status: Fix build issue with musl
|
||||
|
||||
add limits.h
|
||||
|
||||
aa_status.c:269:22: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'AF_MAX'?
|
||||
| 269 | real_exe = calloc(PATH_MAX + 1, sizeof(char));
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
---
|
||||
binutils/aa_status.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/binutils/aa_status.c b/binutils/aa_status.c
|
||||
index 78b03409..41f1954e 100644
|
||||
--- a/binutils/aa_status.c
|
||||
+++ b/binutils/aa_status.c
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
+#include <limits.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
From c9baef0c70122e1be33b627874772e6e9a5d7744 Mon Sep 17 00:00:00 2001
|
||||
From: Armin Kuster <akuster808@gmail.com>
|
||||
Date: Fri, 2 Oct 2020 19:43:44 -0700
|
||||
Subject: [PATCH] apparmor: fix manpage order
|
||||
|
||||
It trys to create a symlink before the man pages are installed.
|
||||
|
||||
ln -sf aa-status.8 /(path}/apparmor/3.0-r0/image/usr/share/man/man8/apparmor_status.8
|
||||
| ln: failed to create symbolic link '{path}/apparmor/3.0-r0/image/usr/share/man/man8/apparmor_status.8': No such file or directory
|
||||
|
||||
Upstream-Status: Pending
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
...
|
||||
|
||||
install -d /{path}/apparmor/3.0-r0/image/usr/share/man/man8 ; install -m 644 aa-status.8 /{path}/apparmor/3.0-r0/image/usr/share/man/man8;
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||
---
|
||||
binutils/Makefile | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/binutils/Makefile b/binutils/Makefile
|
||||
index 99e54875..3f1d0011 100644
|
||||
--- a/binutils/Makefile
|
||||
+++ b/binutils/Makefile
|
||||
@@ -156,12 +156,12 @@ install-arch: arch
|
||||
install -m 755 -d ${SBINDIR}
|
||||
ln -sf aa-status ${SBINDIR}/apparmor_status
|
||||
install -m 755 ${SBINTOOLS} ${SBINDIR}
|
||||
- ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
|
||||
|
||||
.PHONY: install-indep
|
||||
install-indep: indep
|
||||
$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
|
||||
$(MAKE) install_manpages DESTDIR=${DESTDIR}
|
||||
+ ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
|
||||
|
||||
ifndef VERBOSE
|
||||
.SILENT: clean
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -1,36 +0,0 @@
|
||||
From 47263a3a74d7973e7a54b17db6aa903701468ffd Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steinhardt <ps@pks.im>
|
||||
Date: Sat, 3 Oct 2020 20:37:55 +0200
|
||||
Subject: [PATCH] libapparmor: add missing include for `socklen_t`
|
||||
|
||||
While `include/sys/apparmor.h` makes use of `socklen_t`, it doesn't
|
||||
include the `<sys/socket.h>` header to make its declaration available.
|
||||
While this works on systems using glibc via transitive includes, it
|
||||
breaks compilation on musl libc.
|
||||
|
||||
Fix the issue by including the header.
|
||||
|
||||
Signed-off-by: Patrick Steinhardt <ps@pks.im>
|
||||
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
---
|
||||
libraries/libapparmor/include/sys/apparmor.h | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
|
||||
index 32892d06..d70eff94 100644
|
||||
--- a/libraries/libapparmor/include/sys/apparmor.h
|
||||
+++ b/libraries/libapparmor/include/sys/apparmor.h
|
||||
@@ -21,6 +21,7 @@
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
+#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
From 965bb9c3e464f756b258a7c259a92bce3cde74e7 Mon Sep 17 00:00:00 2001
|
||||
From: Armin Kuster <akuster@mvista.com>
|
||||
Date: Wed, 7 Oct 2020 20:50:38 -0700
|
||||
Subject: [PATCH] parser/Makefile: dont force host cpp to detect reallocarray
|
||||
|
||||
In cross build environments, using the hosts cpp gives incorrect
|
||||
detection of reallocarray. Change cpp to a variable.
|
||||
|
||||
fixes:
|
||||
parser_misc.c: In function 'int capable_add_cap(const char*, int, unsigned int, capability_flags)':
|
||||
| parser_misc.c:297:37: error: 'reallocarray' was not declared in this scope
|
||||
| 297 | tmp = (struct capability_table *) reallocarray(cap_table, sizeof(struct capability_table), cap_table_size+1);
|
||||
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
---
|
||||
parser/Makefile | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/parser/Makefile b/parser/Makefile
|
||||
index acef3d77..8250ac45 100644
|
||||
--- a/parser/Makefile
|
||||
+++ b/parser/Makefile
|
||||
@@ -54,7 +54,7 @@ endif
|
||||
CPPFLAGS += -D_GNU_SOURCE
|
||||
|
||||
STDLIB_INCLUDE:="\#include <stdlib.h>"
|
||||
-HAVE_REALLOCARRAY:=$(shell echo $(STDLIB_INCLUDE) | cpp ${CPPFLAGS} | grep -q reallocarray && echo true)
|
||||
+HAVE_REALLOCARRAY:=$(shell echo $(STDLIB_INCLUDE) | ${CPP} ${CPPFLAGS} | grep -q reallocarray && echo true)
|
||||
|
||||
WARNINGS = -Wall
|
||||
CXX_WARNINGS = ${WARNINGS} ${EXTRA_WARNINGS}
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
From c9255a03436e6a91bd4e410601da8d43a341ffc2 Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steinhardt <ps@pks.im>
|
||||
Date: Sat, 3 Oct 2020 20:58:45 +0200
|
||||
Subject: [PATCH] libapparmor: add `aa_features_new_from_file` to public
|
||||
symbols
|
||||
|
||||
With AppArmor release 3.0, a new function `aa_features_new_from_file`
|
||||
was added, but not added to the list of public symbols. As a result,
|
||||
it's not possible to make use of this function when linking against
|
||||
libapparmor.so.
|
||||
|
||||
Fix the issue by adding it to the symbol map.
|
||||
|
||||
Signed-off-by: Patrick Steinhardt <ps@pks.im>
|
||||
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
---
|
||||
libraries/libapparmor/src/libapparmor.map | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
|
||||
index bbff51f5..1579509a 100644
|
||||
--- a/libraries/libapparmor/src/libapparmor.map
|
||||
+++ b/libraries/libapparmor/src/libapparmor.map
|
||||
@@ -117,6 +117,7 @@ APPARMOR_2.13.1 {
|
||||
|
||||
APPARMOR_3.0 {
|
||||
global:
|
||||
+ aa_features_new_from_file;
|
||||
aa_features_write_to_fd;
|
||||
aa_features_value;
|
||||
local:
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
From 9a8fee6bf1c79c261374d928b838b5eb9244ee9b Mon Sep 17 00:00:00 2001
|
||||
From: Patrick Steinhardt <ps@pks.im>
|
||||
Date: Sat, 3 Oct 2020 21:04:57 +0200
|
||||
Subject: [PATCH] libapparmor: add _aa_asprintf to private symbols
|
||||
|
||||
While `_aa_asprintf` is supposed to be of private visibility, it's used
|
||||
by apparmor_parser and thus required to be visible when linking. This
|
||||
commit thus adds it to the list of private symbols to make it available
|
||||
for linking in apparmor_parser.
|
||||
|
||||
Signed-off-by: Patrick Steinhardt <ps@pks.im>
|
||||
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
||||
|
||||
---
|
||||
libraries/libapparmor/src/libapparmor.map | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
|
||||
index 1579509a..41e541ac 100644
|
||||
--- a/libraries/libapparmor/src/libapparmor.map
|
||||
+++ b/libraries/libapparmor/src/libapparmor.map
|
||||
@@ -127,6 +127,7 @@ APPARMOR_3.0 {
|
||||
PRIVATE {
|
||||
global:
|
||||
_aa_is_blacklisted;
|
||||
+ _aa_asprintf;
|
||||
_aa_autofree;
|
||||
_aa_autoclose;
|
||||
_aa_autofclose;
|
||||
--
|
||||
2.17.1
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
Index: apparmor-2.10.95/parser/Makefile
|
||||
===================================================================
|
||||
--- apparmor-2.10.95.orig/parser/Makefile
|
||||
+++ apparmor-2.10.95/parser/Makefile
|
||||
@@ -139,17 +139,6 @@ export Q VERBOSE BUILD_OUTPUT
|
||||
po/${NAME}.pot: ${SRCS} ${HDRS}
|
||||
$(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}"
|
||||
|
||||
-techdoc.pdf: techdoc.tex
|
||||
- timestamp=$(shell date --utc "+%Y%m%d%H%M%S%z" -r $< );\
|
||||
- while pdflatex "\def\fixedpdfdate{$$timestamp}\input $<" ${BUILD_OUTPUT} || exit 1 ; \
|
||||
- grep -q "Label(s) may have changed" techdoc.log; \
|
||||
- do :; done
|
||||
-
|
||||
-techdoc/index.html: techdoc.pdf
|
||||
- latex2html -show_section_numbers -split 0 -noinfo -nonavigation -noaddress techdoc.tex ${BUILD_OUTPUT}
|
||||
-
|
||||
-techdoc.txt: techdoc/index.html
|
||||
- w3m -dump $< > $@
|
||||
|
||||
# targets arranged this way so that people who don't want full docs can
|
||||
# pick specific targets they want.
|
||||
@@ -159,9 +148,7 @@ manpages: $(MANPAGES)
|
||||
|
||||
htmlmanpages: $(HTMLMANPAGES)
|
||||
|
||||
-pdf: techdoc.pdf
|
||||
-
|
||||
-docs: manpages htmlmanpages pdf
|
||||
+docs: manpages htmlmanpages
|
||||
|
||||
indep: docs
|
||||
$(Q)$(MAKE) -C po all
|
||||
Reference in New Issue
Block a user