[meta-oe][master][kirkstone][PATCH] audit: Fix compile error for audit_2.8.5
|
akash hadke
Fix below compile errors
1. Fix build with linux 5.17+ audit errors out due to swig munging it does with kernel headers | audit_wrap.c: In function '_wrap_audit_rule_data_buf_set': | audit_wrap.c:4701:17: error: cast specifies array type | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4701:15: error: invalid use of flexible array member | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4703:15: error: invalid use of flexible array member | 4703 | arg1->buf = 0; | | ^ These errors are due to VLAIS from kernel headers, so we copy linux/audit.h and make the needed change in local audit.h and make needed arrangements in build to use it when building audit package Take reference of upstream commit ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ Update 0002-Fixed-swig-host-contamination-issue.patch 2. Fix ipx.h missing file bug for kernel 5.15 ipx.h header file is removed in kernel 5.15 Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/net?id=6c9b40844751ea30c72f7a2f92f4d704bc6b2927 which is causing below error for system with kernel equal and higher than 5.15 | ../../git/auparse/interpret.c:48:10: fatal error: linux/ipx.h: No such file or directory | 48 | #include <linux/ipx.h> | | ^~~~~~~~~~~~~ Add below patch to fix this issue. 0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch Link: https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c Signed-off-by: Akash Hadke <akash.hadke@...> Signed-off-by: Akash Hadke <hadkeakash4@...> --- ...retation-dependent-on-the-ipx-header.patch | 65 +++++++++++++++++++ ...-Fixed-swig-host-contamination-issue.patch | 9 ++- meta-oe/recipes-security/audit/audit_2.8.5.bb | 6 ++ 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch diff --git a/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch new file mode 100644 index 000000000..054f50ab2 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch @@ -0,0 +1,65 @@ +From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@...> +Date: Thu, 2 Sep 2021 15:01:12 -0400 +Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header + file existing + +Upstream-Status: Backport [https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch] +Comment: Remove one hunk from changelog file and refresh rest hunks as per codebase of audit_2.8.5 +Signed-off-by: Akash Hadke <akash.hadke@...> +--- + auparse/interpret.c | 8 ++++++-- + configure.ac | 6 ++++++ + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/auparse/interpret.c b/auparse/interpret.c +index 63829aa0e..6c316456d 100644 +--- a/auparse/interpret.c 2022-10-14 11:22:20.833880000 +0200 ++++ b/auparse/interpret.c 2022-10-14 11:35:13.196455950 +0200 +@@ -44,8 +44,10 @@ + #include <linux/ax25.h> + #include <linux/atm.h> + #include <linux/x25.h> +-#include <linux/if.h> // FIXME: remove when ipx.h is fixed +-#include <linux/ipx.h> ++#ifdef HAVE_IPX_HEADERS ++ #include <linux/if.h> // FIXME: remove when ipx.h is fixed ++ #include <linux/ipx.h> ++#endif + #include <linux/capability.h> + #include <sys/personality.h> + #include <sys/prctl.h> +@@ -1158,6 +1160,7 @@ + x->sax25_call.ax25_call[6]); + } + break; ++#ifdef HAVE_IPX_HEADERS + case AF_IPX: + { + const struct sockaddr_ipx *ip = +@@ -1167,6 +1170,7 @@ + str, ip->sipx_port, ip->sipx_network); + } + break; ++#endif + case AF_ATMPVC: + { + const struct sockaddr_atmpvc* at = +diff --git a/configure.ac b/configure.ac +index 8f541e4c0..005eb0b5b 100644 +--- a/configure.ac 2022-10-14 11:22:20.833880000 +0200 ++++ b/configure.ac 2022-10-14 11:36:32.391044084 +0200 +@@ -414,6 +414,12 @@ + AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled ) + fi + ++# linux/ipx.h - deprecated in 2018 ++AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no) ++if test $ipx_headers = yes ; then ++ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation]) ++fi ++ + # See if we want to support lower capabilities for plugins + LIBCAP_NG_PATH + + diff --git a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch index 4a1b97997..39a090c83 100644 --- a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch +++ b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch @@ -13,6 +13,11 @@ Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Anders Hedlund <anders.hedlund@...> Signed-off-by: Joe Slater <jslater@...> Signed-off-by: Yi Zhao <yi.zhao@...> + +Comment: Refresh hunk from auditswig.i to fix build with linux 5.17+ +Reference-Commit: ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ +Signed-off-by: Akash Hadke <akash.hadke@...> +Signed-off-by: Akash Hadke <hadkeakash4@...> --- bindings/swig/python3/Makefile.am | 3 ++- bindings/swig/src/auditswig.i | 2 +- @@ -43,12 +48,12 @@ diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i index 7ebb373..424fb68 100644 --- a/bindings/swig/src/auditswig.i +++ b/bindings/swig/src/auditswig.i -@@ -39,7 +39,7 @@ signed +@@ -39,7 +39,7 @@ #define __attribute(X) /*nothing*/ typedef unsigned __u32; typedef unsigned uid_t; -%include "/usr/include/linux/audit.h" -+%include "linux/audit.h" ++%include "../lib/audit.h" #define __extension__ /*nothing*/ #include <stdint.h> %include "../lib/libaudit.h" diff --git a/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-oe/recipes-security/audit/audit_2.8.5.bb index 347c85506..f846b27f9 100644 --- a/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ b/meta-oe/recipes-security/audit/audit_2.8.5.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintena file://auditd \ file://auditd.service \ file://audit-volatile.conf \ + file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \ " S = "${WORKDIR}/git" @@ -72,6 +73,11 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" RDEPENDS:auditd = "bash" +do_configure:prepend() { + sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h + sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h +} + do_install:append() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la -- 2.17.1 |
|
|