diff options
author | Scott Murray <scott.murray@konsulko.com> | 2019-02-08 10:53:08 -0500 |
---|---|---|
committer | Stephane Desneux <stephane.desneux@iot.bzh> | 2019-04-04 18:02:11 +0200 |
commit | 7faccb97d69c7581e338f88ce3a2153cdd69fd16 (patch) | |
tree | 57dd664e04593af6eed43cb6ecffab438d93d860 /meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch | |
parent | e978a20f40916eac57a5e1af8f65b6ed9f719e50 (diff) |
Upgrade to thud
Changes include:
- Add LAYERSERIES_COMPAT definitions to layer.conf files
- Remove now unnecessary SECURITY_*FLAGS over-rides from distro
configuration
- Set intel-corei7-64 preferred kernel version to 4.19 to match
latest linux-intel kernel available in meta-intel
- Update qemuarm preferred kernel version to 4.18 to match latest
linux-yocto
- Update firmware package and devicetree file names for raspberrypi3
- Remove linux-firmware bbappend specific to raspberrypi, it seems no
longer required and breaks the cross SDK build
- Update linux-intel bbappend to 4.19, remove now unnecessary patch
- Remove now unnecessary lttng-modules backport
- Update linux-raspberrypi bbappend to 4.14 kernel
- Added kernel configuration fragment for raspberrypi to disable
Kprobes. This is required until linux-raspberrypi is updated to
greater than 4.14.104 to avoid a build failure in lttng-modules
related to a check for known breakage in the kernel CONFIG_OPTPROBES
code.
- Replace obsolete base_conditional usage with oe.utils.conditional
- Add gstreamer1.0-plugins-bad bbappend for raspberrypi3 to disable
faad PACKAGECONFIG to avoid commercial license issues
- Remove unused and unbuildable Vayu gstreamer recipes
- Update linux-ti-staging bbappend for new BSP kernel
- Regen dcan2_pinmux_enable.patch for linux-ti-staging to remove fuzz
warning, and remove upstreamed fix_dcan_addresses.patch
- Remove ipumm-fw from meta-agl-bsp/meta-ti, as newer version is
available in the upstream BSP
- Update meta-agl-bsp/meta-ti weston patch to apply against 5.0.0
- Update meta-agl-bsp/meta-ti wayland-ivi-extension patch to apply
against 2.2.0
- Add ti-sgx-ddk-km patch to add AGL toolchain configuration file
- Remove now unnecessary fdtoverlay recipe
- Update core.cfg and ivishell.cfg in weston-ini-conf recipe to handle
move of ivi-controller.so configuration in Weston 5.0.0
- Update connman-ncurses patch to remove fuzz warning
- Add installation of systemd over-ride file for run-postinsts.service
in run-postinsts bbappend to workaround race condition between
ldconfig.service and the /sbin/ldconfig invocations in the
post-install scripts run by run-postinsts.service. The observed
failure was cynara's post-install script failing and its database
not being created.
- Remove now unnecessary valgrind backport
- Add patches to fix most driver compilation against newer kernels
- Update libmicrohttpd bbappend
- Remove libssp-dev from agl-image-graphical-qt5-crosssdk and
agl-demo-platform-html5-crosssdk, upstream have removed it from
non-mingw32 platform SDKs
- Update wayland-ivi-extension recipe to build 2.2.0, and update
local patches
- Update weston patches for 5.0.0. Patches:
0016-ivi-shell_add_screen_remove_layer_api.patch
0017-ivi-shell-register-ivi_layout_interface.patch
have been removed as they have been applied upstream and are no longer
necessary. Patches:
0018-compositor-add-output-type-to-weston_output.patch
0019-compositor-drm-introduce-drm_get_dmafd_from_view.patch
(both related to Waltham) have been disabled for now as they need
significant rework.
- Remove weston-conf RRECOMMENDS in weston bbappend to avoid conflict
with weston-ini-conf
- Add OECMAKE_GENERATOR = "Unix Makefiles" to aglwgt.bbclass to work
around CMake+ninja issue in cmake-apps-module
- Update dbus cynara patches for 1.12.10
- Add do_install_append in cynara recipe to remove /var/cynara from
cynara package so the directory creation and labelling in the
post-install scriptlet will function as intended
- Remove now unnecessary e2fsprogs backport
- Remove now unnecessary libcap-ng backport
- Update pulseaudio patches to remove fuzz warnings
- Update neardal patch to remove fuzz warning
- Update freetype patch to remove fuzz warning
- Rename opencv bbappend to 3.% to handle 3.x backports in upstream
- Updated qtwayland patch to remove fuzz warning
Changes from Stephane Desneux <stephane.desneux@iot.bzh>:
- Remove wayland-ivi-extension PREFERRED_VERSION
- Remove now unnecessary nativesdk-cmake patch
- Remove now unnecessary ptest-runner patches
- Remove now unnecessary harfbuzz patches
- Disable waltham-transmitter as it does not build against weston 5.0.0
- Update af-main, cynara, and security-manager to use pkg_postinst_ontarget
- Bump connman-ncurses revision to avoid deprecated ncurses functions
- Update libva package usage with new intel-vaapi-driver name
- Add patches to security-manager to fix compilation with gcc8
- Updated systemd bbappend
Changes from Jan-Simon Möller <jsmoeller@linuxfoundation.org>:
- Remove meta-agl-bsp/ROCKO.FIXMEs
- Remove linux-yocto_4.12.bbappend and now unnecessary associated
patch
- Remove now unneeded kern-tools-native patch
- Bump gstreamer PREFERRED_VERSIONs to 1.14.x
- Remove latencytop from packagegroup-agl-core-devel, it has been
dropped by upstream
- Remove now unnecessary rpm patches
- Update pulseaudio bbappend to 12.2
- Update opencv bbappend to 3.4
- Update freetype bbappend to 2.9.1
- Update dbus bbappend to 1.12.10
- Update weston bbappend to 5.0.0
- Update cynara patches to remove fuzz warnings
- Add patch to cynara to fix compilation with gcc8
- Add xmlsec1 bbappend to clear EXTRA_OECONF to fix compilation on
sumo or newer
Changes from Ronan Le Martet <ronan.lemartet@iot.bzh>:
- Update meta-rcar-gen3-adas layer gstreamer1.0-plugin-vspfilter
bbappend to version 1.0.1
Known issues (marked with FIXME):
- CMake+ninja issue in cmake-apps-module has been worked around with
OECMAKE_GENERATOR
- waltham-transmitter and the patches to weston related to it have been
disabled
- Currently unclear if patch to libcap-native is actually required or
not
Bug-AGL: SPEC-1837
Change-Id: I7b8b9ef667aec2d229952eace6663dfc761654d0
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Diffstat (limited to 'meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch')
-rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch | 117 |
1 files changed, 52 insertions, 65 deletions
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch index b797064ec..7f17bd00a 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0003-Handle-unavailability-of-policy-results-for-broadcas.patch @@ -23,26 +23,16 @@ Change-Id: Iecd5395f75a4c7811fa97247a37d8fc4d42e8814 Cherry picked from 1e231194610892dd4360224998d91336097b05a1 by Jose Bollo +Updated for dbus 1.12.10 by Scott Murray. + Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/activation.c | 4 +- - bus/bus.c | 50 +++++++-- - bus/bus.h | 19 ++++ - bus/check.c | 307 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - bus/check.h | 25 +++++ - bus/connection.c | 169 ++++++++++++++++++++++++++++-- - bus/connection.h | 19 +++- - bus/dispatch.c | 121 ++++++++++++++++++---- - bus/dispatch.h | 11 +- - bus/driver.c | 2 +- - bus/policy.c | 6 ++ - 11 files changed, 686 insertions(+), 47 deletions(-) +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/activation.c b/bus/activation.c -index 343d3f22..11bd8386 100644 +index 5f02153..f2981e1 100644 --- a/bus/activation.c +++ b/bus/activation.c -@@ -1198,7 +1198,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation +@@ -1259,7 +1259,7 @@ bus_activation_send_pending_auto_activation_messages (BusActivation *activation res = bus_dispatch_matches (transaction, entry->connection, addressed_recipient, @@ -51,20 +41,20 @@ index 343d3f22..11bd8386 100644 if (res == BUS_RESULT_FALSE) { /* If permission is denied, we just want to return the error -@@ -2085,7 +2085,7 @@ bus_activation_activate_service (BusActivation *activation, - entry->systemd_service); +@@ -2137,7 +2137,7 @@ bus_activation_activate_service (BusActivation *activation, + bus_connection_get_loginfo (connection)); /* Wonderful, systemd is connected, let's just send the msg */ - res = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), -- message, error); -+ message, NULL, error); + res = bus_dispatch_matches (activation_transaction, NULL, +- systemd, message, error); ++ systemd, message, NULL, error); if (res == BUS_RESULT_TRUE) retval = TRUE; diff --git a/bus/bus.c b/bus/bus.c -index c4008505..911e2340 100644 +index 237efe3..5bb5637 100644 --- a/bus/bus.c +++ b/bus/bus.c -@@ -1796,17 +1796,9 @@ bus_context_check_security_policy (BusContext *context, +@@ -1800,17 +1800,9 @@ bus_context_check_security_policy (BusContext *context, } /* See if limits on size have been exceeded */ @@ -84,7 +74,7 @@ index c4008505..911e2340 100644 /* Record that we will allow a reply here in the future (don't * bother if the recipient is the bus or this is an eavesdropping -@@ -1861,3 +1853,41 @@ bus_context_check_all_watches (BusContext *context) +@@ -1869,3 +1861,41 @@ bus_context_check_all_watches (BusContext *context) _dbus_server_toggle_all_watches (server, enabled); } } @@ -127,10 +117,10 @@ index c4008505..911e2340 100644 + return TRUE; +} diff --git a/bus/bus.h b/bus/bus.h -index dab7791f..445165c9 100644 +index 82c32c8..1b08f7c 100644 --- a/bus/bus.h +++ b/bus/bus.h -@@ -158,4 +158,23 @@ BusResult bus_context_check_security_policy (BusContext +@@ -164,4 +164,23 @@ BusResult bus_context_check_security_policy (BusContext BusDeferredMessage **deferred_message); void bus_context_check_all_watches (BusContext *context); @@ -155,7 +145,7 @@ index dab7791f..445165c9 100644 + #endif /* BUS_BUS_H */ diff --git a/bus/check.c b/bus/check.c -index 4b8a6994..b8833349 100644 +index 4b8a699..f3d283f 100644 --- a/bus/check.c +++ b/bus/check.c @@ -49,6 +49,9 @@ typedef struct BusDeferredMessage @@ -370,7 +360,7 @@ index 4b8a6994..b8833349 100644 + deferred_message->sender, + deferred_message->addressed_recipient, + deferred_message->proposed_recipient, -+ deferred_message->message, NULL, ++ deferred_message->message, NULL, NULL, + &deferred_message2); + + if (result == BUS_RESULT_LATER) @@ -511,7 +501,7 @@ index 4b8a6994..b8833349 100644 } + diff --git a/bus/check.h b/bus/check.h -index d1775497..9c13c184 100644 +index d177549..9c13c18 100644 --- a/bus/check.h +++ b/bus/check.h @@ -64,12 +64,37 @@ BusDeferredMessage *bus_deferred_message_new (DBusMessage *messag @@ -553,7 +543,7 @@ index d1775497..9c13c184 100644 extern BusResult (*bus_check_test_override) (DBusConnection *connection, const char *privilege); diff --git a/bus/connection.c b/bus/connection.c -index eea50ecd..1c0bdffb 100644 +index deebde3..f9e563b 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -31,11 +31,13 @@ @@ -587,7 +577,7 @@ index eea50ecd..1c0bdffb 100644 bus_dispatch_remove_connection (connection); /* no more watching */ -@@ -2264,7 +2269,7 @@ bus_transaction_capture (BusTransaction *transaction, +@@ -2307,7 +2312,7 @@ bus_transaction_capture (BusTransaction *transaction, { DBusConnection *recipient = link->data; @@ -596,7 +586,7 @@ index eea50ecd..1c0bdffb 100644 goto out; } -@@ -2317,6 +2322,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2361,6 +2366,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, { DBusError error = DBUS_ERROR_INIT; BusResult res; @@ -604,17 +594,17 @@ index eea50ecd..1c0bdffb 100644 /* We have to set the sender to the driver, and have * to check security policy since it was not done in -@@ -2357,7 +2363,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction, - res = bus_context_check_security_policy (bus_transaction_get_context (transaction), +@@ -2402,7 +2408,8 @@ bus_transaction_send_from_driver (BusTransaction *transaction, transaction, - NULL, connection, connection, message, &error, + NULL, connection, connection, + message, NULL, &error, - NULL); + &deferred_message); + if (res == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &error, message)) -@@ -2374,18 +2381,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, connection, +@@ -2420,18 +2427,20 @@ bus_transaction_send_from_driver (BusTransaction *transaction, } else if (res == BUS_RESULT_LATER) { @@ -639,7 +629,7 @@ index eea50ecd..1c0bdffb 100644 { MessageToSend *to_send; BusConnectionData *d; -@@ -2411,7 +2420,28 @@ bus_transaction_send (BusTransaction *transaction, +@@ -2457,7 +2466,28 @@ bus_transaction_send (BusTransaction *transaction, d = BUS_CONNECTION_DATA (connection); _dbus_assert (d != NULL); @@ -669,7 +659,7 @@ index eea50ecd..1c0bdffb 100644 to_send = dbus_new (MessageToSend, 1); if (to_send == NULL) { -@@ -2663,6 +2693,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, +@@ -2709,6 +2739,131 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, return TRUE; } @@ -802,10 +792,10 @@ index eea50ecd..1c0bdffb 100644 bus_connections_get_n_active (BusConnections *connections) { diff --git a/bus/connection.h b/bus/connection.h -index a6e5dfde..46e883e6 100644 +index 71078ea..97dae96 100644 --- a/bus/connection.h +++ b/bus/connection.h -@@ -83,6 +83,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); +@@ -85,6 +85,22 @@ dbus_bool_t bus_connection_preallocate_oom_error (DBusConnection *connection); void bus_connection_send_oom_error (DBusConnection *connection, DBusMessage *in_reply_to); @@ -828,7 +818,7 @@ index a6e5dfde..46e883e6 100644 /* called by signals.c */ dbus_bool_t bus_connection_add_match_rule (DBusConnection *connection, BusMatchRule *rule); -@@ -135,7 +151,8 @@ BusTransaction* bus_transaction_new (BusContext * +@@ -137,7 +153,8 @@ BusTransaction* bus_transaction_new (BusContext * BusContext* bus_transaction_get_context (BusTransaction *transaction); dbus_bool_t bus_transaction_send (BusTransaction *transaction, DBusConnection *connection, @@ -837,9 +827,9 @@ index a6e5dfde..46e883e6 100644 + dbus_bool_t deferred_dispatch); dbus_bool_t bus_transaction_capture (BusTransaction *transaction, DBusConnection *connection, - DBusMessage *message); + DBusConnection *addressed_recipient, diff --git a/bus/dispatch.c b/bus/dispatch.c -index 7353501b..e32c9263 100644 +index 0250b53..1bdcbf0 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -33,6 +33,7 @@ @@ -850,16 +840,16 @@ index 7353501b..e32c9263 100644 #include "test.h" #include <dbus/dbus-internals.h> #include <dbus/dbus-connection-internal.h> -@@ -76,7 +77,7 @@ send_one_message (DBusConnection *connection, - message, +@@ -77,7 +78,7 @@ send_one_message (DBusConnection *connection, + NULL, &stack_error, &deferred_message); - if (result != BUS_RESULT_TRUE) + if (result == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &stack_error, - message)) -@@ -111,9 +112,19 @@ send_one_message (DBusConnection *connection, + if (!bus_transaction_capture_error_reply (transaction, sender, + &stack_error, message)) +@@ -112,9 +113,19 @@ send_one_message (DBusConnection *connection, return TRUE; /* don't send it but don't return an error either */ } @@ -880,7 +870,7 @@ index 7353501b..e32c9263 100644 { BUS_SET_OOM (error); return FALSE; -@@ -123,11 +134,12 @@ send_one_message (DBusConnection *connection, +@@ -124,11 +135,12 @@ send_one_message (DBusConnection *connection, } BusResult @@ -898,7 +888,7 @@ index 7353501b..e32c9263 100644 { DBusError tmp_error; BusConnections *connections; -@@ -151,17 +163,78 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -152,17 +164,78 @@ bus_dispatch_matches (BusTransaction *transaction, /* First, send the message to the addressed_recipient, if there is one. */ if (addressed_recipient != NULL) { @@ -906,7 +896,7 @@ index 7353501b..e32c9263 100644 - res = bus_context_check_security_policy (context, transaction, - sender, addressed_recipient, - addressed_recipient, -- message, error, +- message, NULL, error, - &deferred_message); - if (res == BUS_RESULT_FALSE) + BusResult result; @@ -961,7 +951,7 @@ index 7353501b..e32c9263 100644 + + if (result == BUS_RESULT_LATER) + result = bus_context_check_security_policy(context, transaction, -+ sender, addressed_recipient, addressed_recipient, message, error, ++ sender, addressed_recipient, addressed_recipient, message, NULL, error, + &deferred_message); + + if (result == BUS_RESULT_FALSE) @@ -985,7 +975,7 @@ index 7353501b..e32c9263 100644 status = bus_deferred_message_get_status(deferred_message); if (status & BUS_DEFERRED_MESSAGE_CHECK_SEND) -@@ -172,13 +245,18 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -173,13 +246,18 @@ bus_dispatch_matches (BusTransaction *transaction, } else if (status & BUS_DEFERRED_MESSAGE_CHECK_RECEIVE) { @@ -1008,7 +998,7 @@ index 7353501b..e32c9263 100644 return BUS_RESULT_FALSE; } } -@@ -195,7 +273,8 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -196,7 +274,8 @@ bus_dispatch_matches (BusTransaction *transaction, } /* Dispatch the message */ @@ -1018,7 +1008,7 @@ index 7353501b..e32c9263 100644 { BUS_SET_OOM (error); return BUS_RESULT_FALSE; -@@ -495,7 +574,7 @@ bus_dispatch (DBusConnection *connection, +@@ -535,7 +614,7 @@ bus_dispatch (DBusConnection *connection, * match rules. */ if (BUS_RESULT_LATER == bus_dispatch_matches (transaction, connection, addressed_recipient, @@ -1028,7 +1018,7 @@ index 7353501b..e32c9263 100644 /* Roll back and dispatch the message once the policy result is available */ bus_transaction_cancel_and_free (transaction); diff --git a/bus/dispatch.h b/bus/dispatch.h -index afba6a24..f6102e80 100644 +index afba6a2..f6102e8 100644 --- a/bus/dispatch.h +++ b/bus/dispatch.h @@ -29,10 +29,11 @@ @@ -1049,11 +1039,11 @@ index afba6a24..f6102e80 100644 #endif /* BUS_DISPATCH_H */ diff --git a/bus/driver.c b/bus/driver.c -index a5823d4d..5acdd62a 100644 +index f414f64..d89a658 100644 --- a/bus/driver.c +++ b/bus/driver.c -@@ -261,7 +261,7 @@ bus_driver_send_service_owner_changed (const char *service_name, - if (!bus_transaction_capture (transaction, NULL, message)) +@@ -254,7 +254,7 @@ bus_driver_send_service_owner_changed (const char *service_name, + if (!bus_transaction_capture (transaction, NULL, NULL, message)) goto oom; - res = bus_dispatch_matches (transaction, NULL, NULL, message, error); @@ -1062,10 +1052,10 @@ index a5823d4d..5acdd62a 100644 retval = TRUE; else diff --git a/bus/policy.c b/bus/policy.c -index bcade176..47bd1a24 100644 +index 7ee1ce5..b1fab0d 100644 --- a/bus/policy.c +++ b/bus/policy.c -@@ -1071,6 +1071,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, +@@ -1121,6 +1121,9 @@ bus_client_policy_check_can_send (DBusConnection *sender, result = bus_check_privilege(check, message, sender, addressed_recipient, receiver, privilege, BUS_DEFERRED_MESSAGE_CHECK_SEND, deferred_message); @@ -1075,7 +1065,7 @@ index bcade176..47bd1a24 100644 } else privilege = NULL; -@@ -1305,6 +1308,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1370,6 +1373,9 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, result = bus_check_privilege(check, message, sender, addressed_recipient, proposed_recipient, privilege, BUS_DEFERRED_MESSAGE_CHECK_RECEIVE, deferred_message); @@ -1085,6 +1075,3 @@ index bcade176..47bd1a24 100644 } else privilege = NULL; --- -2.14.3 - |