diff options
-rw-r--r-- | meta/recipes-extended/sudo/files/libtool.patch | 125 | ||||
-rw-r--r-- | meta/recipes-extended/sudo/sudo_1.9.7.bb | 1 |
2 files changed, 126 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/files/libtool.patch b/meta/recipes-extended/sudo/files/libtool.patch new file mode 100644 index 00000000000..fd91d7bcd8e --- /dev/null +++ b/meta/recipes-extended/sudo/files/libtool.patch @@ -0,0 +1,125 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 2e492267e7bd8acb54db685c0467c09881c95d63 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Thu, 13 May 2021 12:45:56 -0600 +Subject: [PATCH] Build sudo_noexec.so as a module on systems other then + Darwin. On Darwin, shared modules and shared libraries are not interchangable + and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it must be a + library, not a module. We must relax the requirement that libraries begin + with a "lib" prefix to work around this difference. This does mean you must + use sudo's libtool on Darwin (macOS) but that is already a requirement on + other systems (notably HP-UX and SCO) due to a number of libtool patches we + require that haven't be accepted upstream. This is a different fix for PR + #102. + +--- + configure | 7 +++++++ + configure.ac | 6 ++++++ + scripts/ltmain.sh | 3 --- + src/Makefile.in | 14 +++++--------- + 4 files changed, 18 insertions(+), 12 deletions(-) + +diff --git a/configure b/configure +index ddf0b128c..48a322ac9 100755 +--- a/configure ++++ b/configure +@@ -808,6 +808,7 @@ LDAP + SELINUX_USAGE + BSDAUTH_USAGE + DONT_LEAK_PATH_INFO ++NOEXEC_MODULE + CHECK_NOEXEC + INSTALL_NOEXEC + INSTALL_BACKUP +@@ -3536,6 +3537,7 @@ ac_config_headers="$ac_config_headers config.h pathnames.h" + + + ++ + + + # +@@ -3593,6 +3595,7 @@ devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev" + INSTALL_BACKUP= + INSTALL_NOEXEC= + CHECK_NOEXEC= ++NOEXEC_MODULE=-module + exampledir='$(docdir)/examples' + devdir='$(srcdir)' + PROGS="sudo" +@@ -16604,6 +16607,10 @@ done + fi + RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + ++ # Build sudo_noexec.so as a shared library, not a module. ++ # On Darwin, modules and shared libraries are incompatible. ++ NOEXEC_MODULE= ++ + # Mach monotonic timer that runs while sleeping + ac_fn_c_check_func "$LINENO" "mach_continuous_time" "ac_cv_func_mach_continuous_time" + if test "x$ac_cv_func_mach_continuous_time" = xyes +diff --git a/configure.ac b/configure.ac +index 1b2087a1a..bb3569104 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -76,6 +76,7 @@ AC_SUBST([sesh_file]) + AC_SUBST([INSTALL_BACKUP]) + AC_SUBST([INSTALL_NOEXEC]) + AC_SUBST([CHECK_NOEXEC]) ++AC_SUBST([NOEXEC_MODULE]) + AC_SUBST([DONT_LEAK_PATH_INFO]) + AC_SUBST([BSDAUTH_USAGE]) + AC_SUBST([SELINUX_USAGE]) +@@ -227,6 +228,7 @@ dnl + INSTALL_BACKUP= + INSTALL_NOEXEC= + CHECK_NOEXEC= ++NOEXEC_MODULE=-module + exampledir='$(docdir)/examples' + devdir='$(srcdir)' + PROGS="sudo" +@@ -2170,6 +2172,10 @@ case "$host" in + fi + RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + ++ # Build sudo_noexec.so as a shared library, not a module. ++ # On Darwin, modules and shared libraries are incompatible. ++ NOEXEC_MODULE= ++ + # Mach monotonic timer that runs while sleeping + AC_CHECK_FUNCS([mach_continuous_time]) + +diff --git a/src/Makefile.in b/src/Makefile.in +index ec2c2970a..108fa9c8f 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -64,6 +64,9 @@ LT_LDFLAGS = @LT_LDFLAGS@ + # Flags to pass to libtool + LTFLAGS = --tag=disable-static + ++# Build sudo_noexec as a module instead of a shared lib (except on macOS) ++NOEXEC_MODULE = @NOEXEC_MODULE@ ++ + # Address sanitizer flags + ASAN_CFLAGS = @ASAN_CFLAGS@ + ASAN_LDFLAGS = @ASAN_LDFLAGS@ +@@ -175,15 +178,8 @@ Makefile: $(srcdir)/Makefile.in + sudo: $(OBJS) $(LT_LIBS) @STATIC_SUDOERS@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(OBJS) $(SUDO_LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @STATIC_SUDOERS@ + +-# We can't use -module here since you cannot preload a module on Darwin +-libsudo_noexec.la: sudo_noexec.lo +- $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir) -shrext .so +- +-# Some hackery is required to install this as sudo_noexec, not libsudo_noexec +-sudo_noexec.la: libsudo_noexec.la +- sed 's/libsudo_noexec/sudo_noexec/g' libsudo_noexec.la > sudo_noexec.la +- if test -f .libs/libsudo_noexec.lai; then sed 's/libsudo_noexec/sudo_noexec/g' .libs/libsudo_noexec.lai > .libs/sudo_noexec.lai; fi +- cp -p .libs/libsudo_noexec.so .libs/sudo_noexec.so ++sudo_noexec.la: sudo_noexec.lo ++ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) $(SSP_LDFLAGS) @LIBDL@ -o $@ sudo_noexec.lo $(NOEXEC_MODULE) -avoid-version -rpath $(noexecdir) -shrext .so + + sesh: $(SESH_OBJS) $(LT_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) diff --git a/meta/recipes-extended/sudo/sudo_1.9.7.bb b/meta/recipes-extended/sudo/sudo_1.9.7.bb index 4685ca10b51..0e692e614f0 100644 --- a/meta/recipes-extended/sudo/sudo_1.9.7.bb +++ b/meta/recipes-extended/sudo/sudo_1.9.7.bb @@ -3,6 +3,7 @@ require sudo.inc SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://0001-sudo.conf.in-fix-conflict-with-multilib.patch \ + file://libtool.patch \ " PAM_SRC_URI = "file://sudo.pam" |