3 files changed, 78 insertions, 2 deletions
diff --git a/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
new file mode 100644
index 0000000000..054f50ab23
--- /dev/null
+++ b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
@@ -0,0 +1,65 @@
+From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Thu, 2 Sep 2021 15:01:12 -0400
+Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header
+ file existing
+Upstream-Status: Backport [https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch]
+Comment: Remove one hunk from changelog file and refresh rest hunks as per codebase of audit_2.8.5
+Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
+---
+ auparse/interpret.c | 8 ++++++--
+ configure.ac        | 6 ++++++
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+diff --git a/auparse/interpret.c b/auparse/interpret.c
+index 63829aa0e..6c316456d 100644
+--- a/auparse/interpret.c       2022-10-14 11:22:20.833880000 +0200
+++ b/auparse/interpret.c       2022-10-14 11:35:13.196455950 +0200
+@@ -44,8 +44,10 @@
+ #include <linux/ax25.h>
+ #include <linux/atm.h>
+ #include <linux/x25.h>
+-#include <linux/if.h>   // FIXME: remove when ipx.h is fixed
+-#include <linux/ipx.h>
+#ifdef HAVE_IPX_HEADERS
+  #include <linux/if.h>   // FIXME: remove when ipx.h is fixed
+  #include <linux/ipx.h>
+#endif
+ #include <linux/capability.h>
+ #include <sys/personality.h>
+ #include <sys/prctl.h>
+@@ -1158,6 +1160,7 @@
+                                              x->sax25_call.ax25_call[6]);
+                         }
+                         break;
+#ifdef HAVE_IPX_HEADERS
+                 case AF_IPX:
+                         {
+                                 const struct sockaddr_ipx *ip =
+@@ -1167,6 +1170,7 @@
+                                        str, ip->sipx_port, ip->sipx_network);
+                         }
+                         break;
+#endif
+                 case AF_ATMPVC:
+                         {
+                                 const struct sockaddr_atmpvc* at =
+diff --git a/configure.ac b/configure.ac
+index 8f541e4c0..005eb0b5b 100644
+--- a/configure.ac      2022-10-14 11:22:20.833880000 +0200
+++ b/configure.ac      2022-10-14 11:36:32.391044084 +0200
+@@ -414,6 +414,12 @@
+        AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled )
+ fi
+ 
+# linux/ipx.h - deprecated in 2018
+AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no)
+if test $ipx_headers = yes ; then
+       AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation])
+fi
+
+ # See if we want to support lower capabilities for plugins
+ LIBCAP_NG_PATH
+ 
diff --git a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch
index 4a1b979975..39a090c83b 100644
--- a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch
+++ b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch
@@ -13,6 +13,11 @@ Upstream-Status: Inappropriate [embedded specific]
 Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>
 Signed-off-by: Joe Slater <jslater@windriver.com>
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+Comment: Refresh hunk from auditswig.i to fix build with linux 5.17+
+Reference-Commit: ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+
+Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
+Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
 ---
 bindings/swig/python3/Makefile.am | 3 ++-
 bindings/swig/src/auditswig.i     | 2 +-
@@ -43,12 +48,12 @@ diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
 index 7ebb373..424fb68 100644
 --- a/bindings/swig/src/auditswig.i
 +++ b/bindings/swig/src/auditswig.i
-@@ -39,7 +39,7 @@ signed
+@@ -39,7 +39,7 @@
 #define __attribute(X) /*nothing*/
 typedef unsigned __u32;
 typedef unsigned uid_t;
 -%include "/usr/include/linux/audit.h"
-+%include "linux/audit.h"
+%include "../lib/audit.h"
 #define __extension__ /*nothing*/
 #include <stdint.h>
 %include "../lib/libaudit.h"
diff --git a/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-oe/recipes-security/audit/audit_2.8.5.bb
index 347c855063..f846b27f90 100644
--- a/meta-oe/recipes-security/audit/audit_2.8.5.bb
+++ b/meta-oe/recipes-security/audit/audit_2.8.5.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintena
           file://auditd \
           file://auditd.service \
           file://audit-volatile.conf \
+           file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \
 "
 S = "${WORKDIR}/git"
@@ -72,6 +73,11 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
 CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
 RDEPENDS:auditd = "bash"
+do_configure:prepend() {
+        sed -e 's|buf\[];|buf[0];|g'  ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
+        sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h
+}
 do_install:append() {
        rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
        rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la

diff --git a/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch new file mode 100644 index 0000000000..054f50ab23 --- /dev/null +++ b/meta-oe/recipes-security/audit/audit/0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
@@ -0,0 +1,65 @@
		1	From 6b09724c69d91668418ddb3af00da6db6755208c Mon Sep 17 00:00:00 2001
		2	From: Steve Grubb <sgrubb@redhat.com>
		3	Date: Thu, 2 Sep 2021 15:01:12 -0400
		4	Subject: [PATCH] Make IPX packet interpretation dependent on the ipx header
		5	file existing
		6
		7	Upstream-Status: Backport [https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c.patch]
		8	Comment: Remove one hunk from changelog file and refresh rest hunks as per codebase of audit_2.8.5
		9	Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
		10	---
		11	auparse/interpret.c \| 8 ++++++--
		12	configure.ac \| 6 ++++++
		13	2 files changed, 12 insertions(+), 2 deletions(-)
		14
		15	diff --git a/auparse/interpret.c b/auparse/interpret.c
		16	index 63829aa0e..6c316456d 100644
		17	--- a/auparse/interpret.c 2022-10-14 11:22:20.833880000 +0200
		18	+++ b/auparse/interpret.c 2022-10-14 11:35:13.196455950 +0200
		19	@@ -44,8 +44,10 @@
		20	#include <linux/ax25.h>
		21	#include <linux/atm.h>
		22	#include <linux/x25.h>
		23	-#include <linux/if.h> // FIXME: remove when ipx.h is fixed
		24	-#include <linux/ipx.h>
		25	+#ifdef HAVE_IPX_HEADERS
		26	+ #include <linux/if.h> // FIXME: remove when ipx.h is fixed
		27	+ #include <linux/ipx.h>
		28	+#endif
		29	#include <linux/capability.h>
		30	#include <sys/personality.h>
		31	#include <sys/prctl.h>
		32	@@ -1158,6 +1160,7 @@
		33	x->sax25_call.ax25_call[6]);
		34	}
		35	break;
		36	+#ifdef HAVE_IPX_HEADERS
		37	case AF_IPX:
		38	{
		39	const struct sockaddr_ipx *ip =
		40	@@ -1167,6 +1170,7 @@
		41	str, ip->sipx_port, ip->sipx_network);
		42	}
		43	break;
		44	+#endif
		45	case AF_ATMPVC:
		46	{
		47	const struct sockaddr_atmpvc* at =
		48	diff --git a/configure.ac b/configure.ac
		49	index 8f541e4c0..005eb0b5b 100644
		50	--- a/configure.ac 2022-10-14 11:22:20.833880000 +0200
		51	+++ b/configure.ac 2022-10-14 11:36:32.391044084 +0200
		52	@@ -414,6 +414,12 @@
		53	AC_DEFINE_UNQUOTED(HAVE_LIBWRAP, [], Define if tcp_wrappers support is enabled )
		54	fi
		55
		56	+# linux/ipx.h - deprecated in 2018
		57	+AC_CHECK_HEADER(linux/ipx.h, ipx_headers=yes, ipx_headers=no)
		58	+if test $ipx_headers = yes ; then
		59	+ AC_DEFINE(HAVE_IPX_HEADERS,1,[IPX packet interpretation])
		60	+fi
		61	+
		62	# See if we want to support lower capabilities for plugins
		63	LIBCAP_NG_PATH
		64
		65


diff --git a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch index 4a1b979975..39a090c83b 100644 --- a/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch +++ b/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch
@@ -13,6 +13,11 @@ Upstream-Status: Inappropriate [embedded specific]
13	Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>	13	Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>
14	Signed-off-by: Joe Slater <jslater@windriver.com>	14	Signed-off-by: Joe Slater <jslater@windriver.com>
15	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>	15	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		16
		17	Comment: Refresh hunk from auditswig.i to fix build with linux 5.17+
		18	Reference-Commit: ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+
		19	Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
		20	Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
16	---	21	---
17	bindings/swig/python3/Makefile.am \| 3 ++-	22	bindings/swig/python3/Makefile.am \| 3 ++-
18	bindings/swig/src/auditswig.i \| 2 +-	23	bindings/swig/src/auditswig.i \| 2 +-
@@ -43,12 +48,12 @@ diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
43	index 7ebb373..424fb68 100644	48	index 7ebb373..424fb68 100644
44	--- a/bindings/swig/src/auditswig.i	49	--- a/bindings/swig/src/auditswig.i
45	+++ b/bindings/swig/src/auditswig.i	50	+++ b/bindings/swig/src/auditswig.i
46	@@ -39,7 +39,7 @@ signed	51	@@ -39,7 +39,7 @@
47	#define __attribute(X) /nothing/	52	#define __attribute(X) /nothing/
48	typedef unsigned __u32;	53	typedef unsigned __u32;
49	typedef unsigned uid_t;	54	typedef unsigned uid_t;
50	-%include "/usr/include/linux/audit.h"	55	-%include "/usr/include/linux/audit.h"
51	+%include "linux/audit.h"	56	+%include "../lib/audit.h"
52	#define __extension__ /nothing/	57	#define __extension__ /nothing/
53	#include <stdint.h>	58	#include <stdint.h>
54	%include "../lib/libaudit.h"	59	%include "../lib/libaudit.h"


diff --git a/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-oe/recipes-security/audit/audit_2.8.5.bb index 347c855063..f846b27f90 100644 --- a/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ b/meta-oe/recipes-security/audit/audit_2.8.5.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintena
14	file://auditd \	14	file://auditd \
15	file://auditd.service \	15	file://auditd.service \
16	file://audit-volatile.conf \	16	file://audit-volatile.conf \
		17	file://0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch \
17	"	18	"
18		19
19	S = "${WORKDIR}/git"	20	S = "${WORKDIR}/git"
@@ -72,6 +73,11 @@ FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
72	CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"	73	CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
73	RDEPENDS:auditd = "bash"	74	RDEPENDS:auditd = "bash"
74		75
		76	do_configure:prepend() {
		77	sed -e 's\|buf\[];\|buf[0];\|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
		78	sed -i -e 's\|#include <linux/audit.h>\|#include "audit.h"\|g' ${S}/lib/libaudit.h
		79	}
		80
75	do_install:append() {	81	do_install:append() {
76	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a	82	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
77	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la	83	rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la