diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2021-03-06 00:22:30 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-03-15 14:02:06 +0300 |
commit | 8b1392834def7d17263b45bd1aab35759235fb3e (patch) | |
tree | 8c15f7cbef2b020a8f41839f56be0c02f57ac39c /meta-security/recipes-security/opendnssec | |
parent | 3e34fba3f6b8389074f64203299fa60ec0fc18e1 (diff) | |
download | openbmc-8b1392834def7d17263b45bd1aab35759235fb3e.tar.xz |
meta-security: subtree update:6053e8b8e2..9504d02694
Armin Kuster (19):
softhsm: drop pkg as meta-oe has it
apparmor: Inherit python3targetconfig
python3-suricata-update: Inherit python3targetconfig
openscap: Inherit python3targetconfig
scap-security-guide: Inherit python3targetconfig
nikito: Update common-licenses references to match new names
kas-security-base.yml: build setting updates
kas-security-base.yml: drop DL_DIR
arpwatch: upgrade 3.0 -> 3.1
checksec: upgrade 2.1.0 -> 2.4.0
ding-libs: upgrade 0.5.0 -> 0.6.1
fscryptctl: upgrade 0.1.0 -> 1.0.0
libseccomp: upgrade 2.5.0 -> 2.5.1
python3-privacyidea: upgrade 3.3 -> 3.5.1
python3-scapy: upgrade 2.4.3 -> 2.4.4
samhain: update to 4.4.3
opendnssec: update to 2.1.8
suricata: update to 4.10.0
python3-fail2ban: update to 0.11.2
Jate Sujjavanich (1):
scap-security-guide: Fix openembedded platform tests and build
Ming Liu (9):
ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
initramfs-framework-ima: fix a wrong path
ima-evm-keys: add recipe
initramfs-framework-ima: RDEPENDS on ima-evm-keys
meta: refactor IMA/EVM sign rootfs
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
initramfs-framework-ima: let ima_enabled return 0
ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
Yi Zhao (1):
ibmswtpm2: disable camellia algorithm
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
Diffstat (limited to 'meta-security/recipes-security/opendnssec')
-rw-r--r-- | meta-security/recipes-security/opendnssec/files/fix_fprint.patch | 25 | ||||
-rw-r--r-- | meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch | 45 | ||||
-rw-r--r-- | meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb (renamed from meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb) | 7 |
3 files changed, 24 insertions, 53 deletions
diff --git a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch b/meta-security/recipes-security/opendnssec/files/fix_fprint.patch deleted file mode 100644 index da0bcfe74..000000000 --- a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch +++ /dev/null @@ -1,25 +0,0 @@ -format not a string literal and no format arguments - -missing module_str in call - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security] -| 192 | ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds); -| | ^~~~~~~~~~~~~~~~~~~~~~~~ - - -Index: git/enforcer/src/keystate/keystate_ds.c -=================================================================== ---- git.orig/enforcer/src/keystate/keystate_ds.c -+++ git/enforcer/src/keystate/keystate_ds.c -@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw - status = 0; - } - else { -- ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds); -+ ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds); - status = 7; - } - } diff --git a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch index 126e197f3..31d7252dc 100644 --- a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch +++ b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch @@ -4,14 +4,29 @@ Upstream-Status: OE specific Signed-off-by: Armin Kuster <akuster808@gmail.com> -Index: opendnssec-2.1.6/m4/acx_ldns.m4 +Index: opendnssec-2.1.8/configure.ac =================================================================== ---- opendnssec-2.1.6.orig/m4/acx_ldns.m4 -+++ opendnssec-2.1.6/m4/acx_ldns.m4 -@@ -1,128 +1,65 @@ +--- opendnssec-2.1.8.orig/configure.ac ++++ opendnssec-2.1.8/configure.ac +@@ -133,9 +133,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_ + + # common dependencies + ACX_LIBXML2 +-ACX_LDNS(1,6,17) +-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html]) +-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html]) ++ACX_LDNS(1.6.17) + ACX_PKCS11_MODULES + ACX_RT + ACX_LIBC +Index: opendnssec-2.1.8/m4/acx_ldns.m4 +=================================================================== +--- opendnssec-2.1.8.orig/m4/acx_ldns.m4 ++++ opendnssec-2.1.8/m4/acx_ldns.m4 +@@ -1,128 +1,63 @@ -AC_DEFUN([ACX_LDNS],[ - AC_ARG_WITH(ldns, -- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], +- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], - [ - LDNS_PATH="$withval" - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin) @@ -70,8 +85,7 @@ Index: opendnssec-2.1.6/m4/acx_ldns.m4 - AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)]) - ],[]) - AC_LANG_POP([C]) -+#serial 11 - +- - CPPFLAGS=$tmp_CPPFLAGS - - AC_SUBST(LDNS_INCLUDES) @@ -81,7 +95,7 @@ Index: opendnssec-2.1.6/m4/acx_ldns.m4 - -AC_DEFUN([ACX_LDNS_NOT],[ - AC_ARG_WITH(ldns, -- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], +- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], - [ - LDNS_PATH="$withval" - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin) @@ -200,18 +214,3 @@ Index: opendnssec-2.1.6/m4/acx_ldns.m4 + AC_SUBST([LDNS_LIBS]) + AC_SUBST([LDNS_LDFLAGS]) ]) -Index: opendnssec-2.1.6/configure.ac -=================================================================== ---- opendnssec-2.1.6.orig/configure.ac -+++ opendnssec-2.1.6/configure.ac -@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_ - - # common dependencies - ACX_LIBXML2 --ACX_LDNS(1,6,17) --ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html]) --ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html]) -+ACX_LDNS(1.6.17) - ACX_PKCS11_MODULES - ACX_RT - ACX_LIBC diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb index 5e42ca8f7..cf6bdbdab 100644 --- a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb +++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb @@ -5,18 +5,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937" DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml " -SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \ +SRC_URI = "https://dist.opendnssec.org/source/opendnssec-${PV}.tar.gz \ file://libxml2_conf.patch \ file://libdns_conf_fix.patch \ - file://fix_fprint.patch \ " -SRCREV = "5876bccb38428790e2e9afc806ca68b029879874" +SRC_URI[sha256sum] = "900a213103ff19a405e446327fbfcea9ec13e405283d87b6ffc24a10d9a268f5" inherit autotools pkgconfig perlnative -S = "${WORKDIR}/git" - EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \ --with-ssl=${STAGING_DIR_HOST}/usr " |