* Rebase patches Signed-off-by: Yi Zhao <yi.z...@windriver.com> --- ...icycoreutils-make-O_CLOEXEC-optional.patch | 29 +++++++++++-------- recipes-security/selinux/restorecond_2.8.bb | 7 ----- recipes-security/selinux/restorecond_2.9.bb | 7 +++++ 3 files changed, 24 insertions(+), 19 deletions(-) delete mode 100644 recipes-security/selinux/restorecond_2.8.bb create mode 100644 recipes-security/selinux/restorecond_2.9.bb
diff --git a/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch index ab1a10a..2928aff 100644 --- a/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch +++ b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch @@ -1,29 +1,34 @@ +From 4adc1c02e4da42f64249c05534875e732f043693 Mon Sep 17 00:00:00 2001 +From: Joe MacDonald <joe_macdon...@mentor.com> +Date: Wed, 6 Nov 2019 23:17:50 +0800 Subject: [PATCH] policycoreutils: make O_CLOEXEC optional -Various commits in the selinux tree in the current release added O_CLOEXEC -to open() calls in an attempt to address file descriptor leaks as -described: +Various commits in the selinux tree in the current release added +O_CLOEXEC to open() calls in an attempt to address file descriptor leaks +as described: - http://danwalsh.livejournal.com/53603.html + http://danwalsh.livejournal.com/53603.html However O_CLOEXEC isn't available on all platforms, so make it a -compile-time option and generate a warning when it is not available. The -actual impact of leaking these file descriptors is minimal, though it does -produce curious AVC Denied messages. +compile-time option and generate a warning when it is not available. +The actual impact of leaking these file descriptors is minimal, though +it does produce curious AVC Denied messages. -Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008] +Uptream-Status: Inappropriate +[O_CLOEXEC has been in Linux since 2007 and POSIX since 2008] Signed-off-by: Joe MacDonald <joe.macdon...@windriver.com> Signed-off-by: Wenzong Fan <wenzong....@windriver.com> +Signed-off-by: Yi Zhao <yi.z...@windriver.com> --- - user.c | 8 +++++++- + user.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/user.c b/user.c -index 2c28676..6235772 100644 +index 714aae7..bbf018e 100644 --- a/user.c +++ b/user.c -@@ -202,7 +202,13 @@ static int local_server() { +@@ -202,7 +202,13 @@ static int local_server(void) { perror("asprintf"); return -1; } @@ -39,5 +44,5 @@ index 2c28676..6235772 100644 g_warning ("Lock file: %s", ptr); -- -1.7.9.5 +2.7.4 diff --git a/recipes-security/selinux/restorecond_2.8.bb b/recipes-security/selinux/restorecond_2.8.bb deleted file mode 100644 index 4a83a23..0000000 --- a/recipes-security/selinux/restorecond_2.8.bb +++ /dev/null @@ -1,7 +0,0 @@ -include selinux_20180524.inc -include ${BPN}.inc - -LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" - -SRC_URI[md5sum] = "cfe4e4d6184623fdcb9bc2681e693abb" -SRC_URI[sha256sum] = "323cab1128e5308cd85fea0e5c98e3c8973e1ada0b659f2fce76187e192271bf" diff --git a/recipes-security/selinux/restorecond_2.9.bb b/recipes-security/selinux/restorecond_2.9.bb new file mode 100644 index 0000000..2ccac18 --- /dev/null +++ b/recipes-security/selinux/restorecond_2.9.bb @@ -0,0 +1,7 @@ +require selinux_20190315.inc +require ${BPN}.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" + +SRC_URI[md5sum] = "1a24cb2a23d8bd01d3f8d9bb2031981f" +SRC_URI[sha256sum] = "cbf9820583e641ee0462fa7bc89e6024676af281e025703e17b2d019b1a25a4f" -- 2.17.1 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto