summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/recipes-extended/sudo/files/libtool.patch125
-rw-r--r--meta/recipes-extended/sudo/sudo_1.9.7.bb1
2 files changed, 126 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/files/libtool.patch b/meta/recipes-extended/sudo/files/libtool.patch
new file mode 100644
index 00000000000..fd91d7bcd8e
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/libtool.patch
@@ -0,0 +1,125 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 2e492267e7bd8acb54db685c0467c09881c95d63 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 13 May 2021 12:45:56 -0600
+Subject: [PATCH] Build sudo_noexec.so as a module on systems other then
+ Darwin. On Darwin, shared modules and shared libraries are not interchangable
+ and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it must be a
+ library, not a module. We must relax the requirement that libraries begin
+ with a "lib" prefix to work around this difference. This does mean you must
+ use sudo's libtool on Darwin (macOS) but that is already a requirement on
+ other systems (notably HP-UX and SCO) due to a number of libtool patches we
+ require that haven't be accepted upstream. This is a different fix for PR
+ #102.
+
+---
+ configure | 7 +++++++
+ configure.ac | 6 ++++++
+ scripts/ltmain.sh | 3 ---
+ src/Makefile.in | 14 +++++---------
+ 4 files changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/configure b/configure
+index ddf0b128c..48a322ac9 100755
+--- a/configure
++++ b/configure
+@@ -808,6 +808,7 @@ LDAP
+ SELINUX_USAGE
+ BSDAUTH_USAGE
+ DONT_LEAK_PATH_INFO
++NOEXEC_MODULE
+ CHECK_NOEXEC
+ INSTALL_NOEXEC
+ INSTALL_BACKUP
+@@ -3536,6 +3537,7 @@ ac_config_headers="$ac_config_headers config.h pathnames.h"
+
+
+
++
+
+
+ #
+@@ -3593,6 +3595,7 @@ devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev"
+ INSTALL_BACKUP=
+ INSTALL_NOEXEC=
+ CHECK_NOEXEC=
++NOEXEC_MODULE=-module
+ exampledir='$(docdir)/examples'
+ devdir='$(srcdir)'
+ PROGS="sudo"
+@@ -16604,6 +16607,10 @@ done
+ fi
+ RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+
++ # Build sudo_noexec.so as a shared library, not a module.
++ # On Darwin, modules and shared libraries are incompatible.
++ NOEXEC_MODULE=
++
+ # Mach monotonic timer that runs while sleeping
+ ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time"
+ if test "x$ac_cv_func_mach_continuous_time" = xyes
+diff --git a/configure.ac b/configure.ac
+index 1b2087a1a..bb3569104 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -76,6 +76,7 @@ AC_SUBST([sesh_file])
+ AC_SUBST([INSTALL_BACKUP])
+ AC_SUBST([INSTALL_NOEXEC])
+ AC_SUBST([CHECK_NOEXEC])
++AC_SUBST([NOEXEC_MODULE])
+ AC_SUBST([DONT_LEAK_PATH_INFO])
+ AC_SUBST([BSDAUTH_USAGE])
+ AC_SUBST([SELINUX_USAGE])
+@@ -227,6 +228,7 @@ dnl
+ INSTALL_BACKUP=
+ INSTALL_NOEXEC=
+ CHECK_NOEXEC=
++NOEXEC_MODULE=-module
+ exampledir='$(docdir)/examples'
+ devdir='$(srcdir)'
+ PROGS="sudo"
+@@ -2170,6 +2172,10 @@ case "$host" in
+ fi
+ RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+
++ # Build sudo_noexec.so as a shared library, not a module.
++ # On Darwin, modules and shared libraries are incompatible.
++ NOEXEC_MODULE=
++
+ # Mach monotonic timer that runs while sleeping
+ AC_CHECK_FUNCS([mach_continuous_time])
+
+diff --git a/src/Makefile.in b/src/Makefile.in
+index ec2c2970a..108fa9c8f 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -64,6 +64,9 @@ LT_LDFLAGS = @LT_LDFLAGS@
+ # Flags to pass to libtool
+ LTFLAGS = --tag=disable-static
+
++# Build sudo_noexec as a module instead of a shared lib (except on macOS)
++NOEXEC_MODULE = @NOEXEC_MODULE@
++
+ # Address sanitizer flags
+ ASAN_CFLAGS = @ASAN_CFLAGS@
+ ASAN_LDFLAGS = @ASAN_LDFLAGS@
+@@ -175,15 +178,8 @@ Makefile: $(srcdir)/Makefile.in
+ sudo: $(OBJS) $(LT_LIBS) @STATIC_SUDOERS@
+ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OBJS) $(SUDO_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @STATIC_SUDOERS@
+
+-# We can't use -module here since you cannot preload a module on Darwin
+-libsudo_noexec.la: sudo_noexec.lo
+- $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) -shrext .so
+-
+-# Some hackery is required to install this as sudo_noexec, not libsudo_noexec
+-sudo_noexec.la: libsudo_noexec.la
+- sed 's/libsudo_noexec/sudo_noexec/g' libsudo_noexec.la > sudo_noexec.la
+- if test -f .libs/libsudo_noexec.lai; then sed 's/libsudo_noexec/sudo_noexec/g' .libs/libsudo_noexec.lai > .libs/sudo_noexec.lai; fi
+- cp -p .libs/libsudo_noexec.so .libs/sudo_noexec.so
++sudo_noexec.la: sudo_noexec.lo
++ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo $(NOEXEC_MODULE) -avoid-version -rpath $(noexecdir) -shrext .so
+
+ sesh: $(SESH_OBJS) $(LT_LIBS)
+ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.7.bb b/meta/recipes-extended/sudo/sudo_1.9.7.bb
index 4685ca10b51..0e692e614f0 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.7.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.7.bb
@@ -3,6 +3,7 @@ require sudo.inc
SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \
+ file://libtool.patch \
"
PAM_SRC_URI = "file://sudo.pam"
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-20 08:50:06 +0000