RELEASE NOTES FOR 2.66
Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo Andrade.)
Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
Slightly more robust Makefiles to address an error with make -j48 test observed by Tomasz Kłoczko.
Include a simple Go program, captrace, to trace kernel capability validation checks
This program can be used to figure out what capabilities a program needs to operate.
captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for capability checks and whether or not they succeed for the system, a specific PID or a program's direct execution.
Trim down the default file capabilities for contrib/sucap/su to those actually needed and set USER and HOME environment variables so bash doesn't complain about a sourcing error.
(From OE-Core rev: 003a81171366956c899305ca9adc352d3c99c964)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9040e612084a561b1766bb86c9c002b811eea4c9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CHanges from 2.64:
- Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported by yixiangzhike.)
- Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. (Bug: 215926)
- Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports from nomonemo and Tinkerer One.)
- Improve documentation and help for the captree program.
- Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
- Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is preferred, but the older one is also used for continuity reasons. This set of signatures should also be available from the various key servers out there.
(From OE-Core rev: 70cd3c073512084fccb85b311911794ea895d3f2)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c3b16a6d0d0d4246b44dec3b1818f435d32d04e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes from 2.63:
- Fix memory leak in libpsx at program exit. (Bug: 215551 reported by Kalen Hall)
- Be more resilient to CGo configuration with Go compiler when building tests. (Bug: 215603)
- Fix cap_*prctl() return code/errno handling. (Bug: 215772 reported by Anderson Toshiyuki Sasaki)
- Minor clarification to cap_get_pid() man page concerning pid value within namespaces. (Bug: 215812)
(From OE-Core rev: b23e43ea7c677b5450969d3586d1f68cc278fc73)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bfbf8f05d1789b8a8a6826b83a21fd09b8e903ad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If libcap is compiled with pam in PACKAGECONFIG
one additional license text becomes effective,
add that as a conditional
(From OE-Core rev: 1ea595d5fe24f4ba5e648b5591d5e2a442f57ca4)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace BUILD_GPERF with USE_GPERF since it is now reserved.
(From OE-Core rev: e7a297548ae0af8aa6b7070d66908c3260f95597)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
better number parsing in capsh and setcap;
fixed segfaulting in .so executables;
added example of capable shared library object.
(From OE-Core rev: b14f4f2195538e11a216a008f51e08ce1867c8b5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
./lat-sdk-poky-intel-x86-64-1.0.sh -y -d sdk-3
...
Setting it up...ERROR: could not relocate
/buildarea/raid5/hjia/community/lat_github_090816/build-3/tmp/deploy/sdk/sdk-3/sysroots/x86_64-pokysdk-linux/usr/lib/libpsx.so.2.54, interp size = 93 and 134 is needed.
...
Since upstream libcap applied commit [ee3b25c Support simply executing
the built shared libraries.][1], it manually append interp section to shared
libraries.
Refer the implement of Yocto glibc[2], allocated a 4096 byte .interp section
for nativesdk
[1] https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/commit/?id=ee3b25c0a877fa74d1aec88f325ac45b09963c82
[2] meta/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch
(From OE-Core rev: 99c62d5d134bf69021a348d40b6aa21f4fc5f8a8)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase patches.
Delete 0001-tests-do-not-statically-link-a-test.patch as centos
builds are now using their own buildtools.
(From OE-Core rev: ecadaa08956f53dfedee908a0344f512673b770b)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 9e8b2bc55792932e23d3b053b393b7ff88bffd6b)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Occasionally, the build would fail with:
make[2]: execvp: mkdir: Argument list too long
This turned out to be due to a hacky solution used in the recipe to
modify the Makefile, which resulted in one more $(BUILD_CFLAGS) being
added to the immediately expanded BUILD_CFLAGS Make variable each time
do_configure was executed. After a couple of times, this lead to an
environment with a 140 kB BUILD_CFLAGS when mkdir should execute, which
resulted in the E2BIG.
(From OE-Core rev: 116e6b61c585c6f0f7ae6f010bd490bb39914348)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase 0001-tests-do-not-statically-link-a-test.patch
(From OE-Core rev: 86d657364bb2ed859ed7151d56cca431104d8279)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The default URI returns a gzip-compressed index page
which browsers can auto-detect, but we can't.
(From OE-Core rev: 73eb644db1121ccbc205b8fe3e60fa918fa5bbed)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-Fix-build-with-gperf-3.1.patch as it had been fixed upstream.
(From OE-Core rev: 0baf6799ae40461fbf3f18e098a3db448fec037b)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When attempting to build a -native package which DEPENDS on
libcap-native the libcap libraries are not found and the build will
fail (for example attempting to build qemu-native with
'PACKAGECONFIG_append = " virtfs"').
It turns out commit 2c9c4a406a [libcap: fix (base_)libdir usage]
breaks builds of libcap(-native) when $root_prefix is not "". This is
because the variables which define $root_prefix are also part of
$prefix so you end up with part of the path being used twice, first as
part of 'lib=' in do_compile, and secondly as part of 'prefix=' in
do_install. When $root_prefix is "" this isn't noticed.
By using $baselib we should not re-break the issue which commit
2c9c4a406a was fixing but we should avoid doubling down on the
paths thus fixing the -native and usrmerge builds.
(From OE-Core rev: b46c55c3b9db5d8f2080ae2611294a5b24efe4a4)
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recipe wants to install libs into base_libdir, but uses "basename $libdir" to derive that. That breaks in a multiarch setup. Use the proper variable and remove the inline python usage.
(From OE-Core rev: 6427bcae42fb9ec05ccfd5b63db6bc3ee2afcd4f)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no need to sed the Makefile (especially the wrong Makefile) when there's
a variable we can pass.
(From OE-Core rev: 43f7652baa0f1973477731ce05786eda2cc81c09)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When building libcap and DISTRO_FEATURES does not contain pam,
the build will fail on missing pam headers. This is because the
bits from EXTRA_OECONF moved to PACKAGECONFIG_CONFARGS and thus
the necessary options are not propagated to oe_runmake anymore.
Replace EXTRA_OECONF with PACKAGECONFIG_CONFARGS to fix this.
| arm-poky-linux-gnueabi-gcc -march=armv7-a -mfpu=vfp -mfloat-abi=softfp --sysroot=/b/tmp/sysroots/board -O2 -pipe -g -feliminate-unused-debug-types -fdebug-prefix-map=/b/tmp/work/armv7a-vfp-poky-linux-gnueabi/libcap/2.25-r0=/usr/src/debug/libcap/2.25-r0 -fdebug-prefix-map=/b/tmp/sysroots/x86_64-linux= -fdebug-prefix-map=/b/tmp/sysroots/board= -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Dlinux -Wall -Wwrite-strings -Wpointer-arith -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wshadow -g -Dlinux -Wall -Wwrite-strings -Wpointer-arith -Wcast-qual -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wshadow -g -fPIC -I/b/tmp/work/armv7a-vfp-poky-linux-gnueabi/libcap/2.25-r0/libcap-2.25/pam_cap/../libcap/include/uapi -I/b/tmp/work/armv7a-vfp-poky-linux-gnueabi/libcap/2.25-r0/libcap-2.25/pam_cap/../libcap/include -c pam_cap.c -o pam_cap.o
| pam_cap.c:19:34: fatal error: security/pam_modules.h: No such file or directory
| #include <security/pam_modules.h>
| ^
| compilation terminated.
(From OE-Core rev: f3a50f89a217014c0926498e99e62c617a8a4cae)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enforce the correct tag names across all of oe-core for consistency.
(From OE-Core rev: 606a43dc38a00cc243f933722db657aea4129f8e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
And fixed do_install:
SBINDIR="${D}${sbindir}" -> SBINDIR="${sbindir}"
(From OE-Core rev: 0ffcb59b700981a00c0e93e33cae5f720dc9a82b)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code in native.bbclass adds -native suffix to the package
names that don't have it. perl-native-runtime becomes
perl-native-runtime-native because of this.
Renamed perl-native-runtime -> hostperl-runtime-native to avoid
mangling it and to conform with the naming convetion for native
packages.
(From OE-Core rev: f4dade8e765a8c7bfd131728b9e0a34631e24950)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
