diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-08 03:21:33 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-11 23:39:32 +0300 |
commit | 213cb2696d00a85cd48d356cb5131824a302d828 (patch) | |
tree | bfdf8fcdfef3a88e392ca3acfca6dec4dc836c9f /meta-security/recipes-security | |
parent | 40d8f44b51f83548f7ca8df062dd7435b784c0a8 (diff) | |
download | openbmc-213cb2696d00a85cd48d356cb5131824a302d828.tar.xz |
subtree updates
meta-raspberrypi: 8dc3a31088..c7f4c739a3:
Khem Raj (5):
linux-raspberrypi: Upgrade to 5.10.52
userland: Update to latest master branch
raspberrypi-firmware: Update to latest
raspberrypi-tools: Update to latest
sdcard_image-rpi.bbclass: Fix IMAGE_TYPEDEP override to use new syntax
Martin Jansa (4):
Convert to new override syntax
Manually fix conversion
layer.conf: Update to honister
userland: package man pages in PN-doc
Pierre-Jean Texier (2):
kas: local.conf: bump CONF_VERSION variable
kas: local.conf: disable prelink
poky: 17aabc0127..492205ea83:
Alexander Kanavin (17):
llvm: update 12.0.0 -> 12.0.1
systemd: update 248.3 -> 249.1
python3-testools: update 2.4.0 -> 2.5.0
libuv: update 1.41.0 -> 1.42.0
gnu-config: update to latest revision
vulkan-samples: update to latest revision
cmake: update 3.20.5 -> 3.21.0
cmake: update 3.21.0 -> 3.21.1
mtools: update 4.0.32 -> 4.0.34
util-linux: update 2.37 -> 2.37.1
iputils: update 20210202 -> 20210722
freetype: update 2.10.4 -> 2.11.0
devtool: print a warning on upgrades if PREFERRED_VERSION is set
rpm: do not RRECOMMEND rpm-build
selftest: add core-image-weston to no-gpl3-no-meta-gpl2 image test
shadow: update 4.8.1 -> 4.9
local.conf.sample: disable prelink
Bernhard Rosenkränzer (1):
gcc: update 11.1 -> 11.2
Bruce Ashfield (6):
linux-yocto/5.10: update to v5.10.53
linux-yocto/5.13: update to v5.13.5
linux-yocto/5.4: update to v5.4.135
linux-yocto-rt/5.10: update to -rt47
linux-yocto/5.13: enable TYPEC_TCPCI in usbc fragment
linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment
Changqing Li (1):
archiver.bbclass: fix do_ar_configured failure for kernel
Chen Qi (3):
zstd: fix CVE_PRODUCT
insane.bbclass: fix the file-rdeps QA message for the new override syntax
iputils: fix do_configure failure of missing ip command
Damian Wrobel (1):
rootfs: remove ldconfig auxiliary cache where appropriate
Denys Dmytriyenko (4):
meta: convert nested overrides leftovers to new syntax
convert-overrides.py: handle few more cases of overrides
libwpe: remove rpi-specific custom code
poky-tiny: drop uclibc override
Jon Mason (1):
parselogs.py: qemuarm should be qemuarmv5
Joshua Watt (4):
mesa: Fix v3d & vc4 dmabuf import
bitbake: bitbake: asyncrpc: Catch early SIGTERM
libxft: Fix bad PKG value
bitbake: contrib: vim: Update for new override syntax
Kai Kang (2):
u-boot_2021.07: set UBOOT_MACHINE for qemumips and qemumips64
python3-pytest: display correct version info
Kevin Hao (2):
meta-yocto-bsp: Introduce the v5.13 bbappend
meta-yocto-bsp: Bump to the v5.10.55
Khem Raj (10):
binutils: Upgrade to 2.37 branch
texinfo: Update gnulib to fix build with glibc 2.34
systemd: Fix build on musl
stress-ng: Drop defining daddr_t
stress-ng: Detemine minimal stack size via sysconf
mesa: Define a fallback for DRIDRIVERS
libssh2: Fix syntax for using ptest override
toaster-managed-mode.json: Correctly specify term with new override syntax
distrooverrides.bbclass: Correct override syntax
devtool.py: Correct override syntax
Lee Chee Yang (1):
aspell: fix CVE-2019-25051
Marek Vasut (2):
image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior
kernel-uboot: Handle gzip and lzo compression options
Martin Jansa (6):
convert-overrides.py: show processed file and version of this script
convert-overrides.py: remove base_dep_prepend and autotools_dep_prepend exception
convert-overrides.py: 0.9.1 include '(' as delimiter for shortvars
convert-overrides.py: allow specifying multiple target dirs
convert-overrides.py: allow dots before override in vars_re and shortvars_re
systemd-boot: use ld.bfd as efi-ld even when gold or lld is used in ${LD}
Matthias Klein (2):
runqemu: Fix typo in error message
runqemu: decouple bios and kernel options
Matthias Schiffer (3):
initscripts: populate-volatile.sh: do not log to tty0
initscripts: populate-volatile.sh: run create_file synchronously
initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true
Michael Halstead (1):
releases: update to include 3.3.1
Michael Opdenacker (18):
oe-setup-builddir: update YP docs and OE URLs
conf-notes.txt: now suggesting to run 'runqemu qemux86-64'
test-manual: document LTO related reproducibility bug
quick start manual: update "source oe-init-build-env" output
dev-manual: fix wrong reference to class
documentation/README: improve BitBake manual referencing guidelines
manuals: simplify references to BitBake manual
manuals: remove explicit BitBake variable references
meta-skeleton: add recipe examples from documentation sources
bitbake: doc: bitbake-user-manual: fix syntax in example and improve description
bitbake: doc: bitbake-user-manual: update bitbake option help
bitbake: doc: bitbake-user-manual: grammar fix for the number of "metadata"
manuals: initial documentation for CVE management
ref-manual: remove example recipe source files
profile-manual: document how to build perf manpages on target
cve-check: fix comments
cve-check: update link to NVD website for CVE details
cve-check: improve comment about CVE patch file names
Mingli Yu (2):
perlcross: not break build if already patched
curl: Upgrade to 7.78.0
Nicolas Dechesne (4):
yocto-check-layer: improve missed dependencies
checklayer: new function get_layer_dependencies()
checklayer: rename _find_layer_depends
yocto-check-layer: ensure that all layer dependencies are tested too
Oleksandr Kravchuk (1):
bitbake.conf: change GNOME_MIRROR to new one
Patrick Williams (1):
pixman: re-disable iwmmxt
Paul Barker (4):
bitbake: asyncrpc: Fix bad message error in client
bitbake: asyncrpc: Set timeout when waiting for reply from server
bitbake: parse/ast: Substitute '~' when naming anonymous functions
kernel-yocto: Simplify no git repo case in do_kernel_checkout
Quentin Schulz (4):
bitbake: doc: Makefile: turn warnings into errors by default
bitbake: doc: bitbake-user-manual: ref-variables: order alphabetically the glossary sources
bitbake: doc: bitbake-user-manual: ref-variables: force glossary output to be alphabetically sorted
bitbake: doc: bitbake-user-manual: replace ``FOO`` by :term:`FOO` where possible
Richard Purdie (49):
Add MAINTAINERS.md file
yocto-check-layer: Remove duplicated code
libubootenv: Drop default-env RRECOMMENDS
bitbake: data_smart: Allow colon in variable expansion regex
meta-poky/meta-yocto-bsp: Convert to new override syntax
layer.conf: Update to honister
autotools/base/icecc: Remove prepend from function names
scripts/contrib: Add override conversion script
systemtap: Fix headers issue with x86 and 5.13 headers
migration-guides: Add start of 3.4 guide with override migration notes
common-tasks: Fix conversion error in npm example
bitbake: bitbake: Switch to using new override syntax
bitbake: doc/lib: Update to use new override syntax containing colons
bitbake: doc/lib: Add fixes for issues missed by the automated conversion
bitbake: bitbake: Update to version 1.51.1
layer.conf: Override changes mean we're only compatible with honister
Convert to new override syntax
meta: Manual override fixes
local.conf.sample: Bump version so users update their config
sanity.conf: Require bitbake 1.51.1
dropbear: Fix incorrect package override for postrm
convert-overrides: Allow script to handle patch/diffs
sdk: Decouple default install path from built in path
sstate: Fix rebuilds when changing layer config
populate_sdk_ext: Fix handling of TOOLCHAIN_HOST_TASK in the eSDK case
local.conf.sample: Bump version so users update their config
poky: Use SDKPATHINSTALL instead of SDKPATH
vim: Clarify where RDEPENDS/RRECOMMENDS apply
bitbake: data_smart: Fix inactive overide accidental variable value corruption
local.conf.sample: Fix missed override conversion
license: Exclude COPYING.MIT from pseudo
meta: Convert IMAGE_TYPEDEP to use override syntax
uboot-extlinux-config: Fix missing override conversion
image/image_types: Convert CONVERSION_CMD/COMPRESS_CMD to new override syntax
image: Drop COMPRESS_CMD
devupstream: Allow support of native class extensions
diffoscope: Upgrade 178 -> 179
strace: Upgrade 5.12 -> 5.13
valgrind: Add patches for glibc 2.34 support
bitbake: runqueue: Improve multiconfig deferred task issues
elfutils: Add patch from upstream for glibc 2.34 ptest fixes
bitbake: doc: Fix append/prepend/remove references
bitbake: fetch/tests/toaster: Override conversion fixups
bitbake: process: Improve traceback error reporting from main loop
bitbake: command: Ensure we catch/handle exceptions
bitbake: ui/taskexp: Improve startup exception handling
bitbake: ui/taskexp: Fix to work with empty build directories
oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s
packagedata: Fix after override syntax change
Ross Burton (2):
glew: fix Makefile race
libx11: fix xkb compilation with _EVDEVK symbols
Saul Wold (1):
MAINTAINERS: Saul will cover devtool and eSDK
Stefan Wiehler (1):
dev-manual: fix source release example script
Stefano Babic (1):
mtd-utils: upgrade 2.1.2 -> 2.1.3
Tim Orling (2):
python3-hypothesis: upgrade 6.14.3 -> 6.14.5
python3-importlib-metadata: upgrade 4.6.1 -> 4.6.3
Tony Battersby (2):
lto.inc: disable LTO for grub
gcc: Backport patch to make LTO builds more reproducible
Tony Tascioglu (6):
ffmpeg: fix-CVE-2020-20446
ffmpeg: fix CVE-2020-20453
ffmpeg: fix CVE-2020-22015
ffmpeg: fix CVE-2020-22021
ffmpeg: fix CVE-2020-22033 and CVE-2020-22019
ffmpeg: fix CVE-2021-33815
Trevor Woerner (1):
ffmpeg: add libatomic for armv5
Ulrich Ölmann (2):
initramfs-framework: fix whitespace issue
initramfs-framework/setup-live: fix shebang
Vinay Kumar (1):
glibc: Fix CVE-2021-33574
Vivien Didelot (1):
init-manager-systemd: define weak dev manager
Zqiang (1):
python3: use monotonic clock for condvar if possible
hongxu (1):
createrepo-c: fix createrepo-c failed in nativesdk
leimaohui (1):
archiver.bbclass: Fix patch error for recipes that inherit dos2unix.
wangmy (3):
bind: upgrade 9.16.18 -> 9.16.19
i2c-tools: upgrade 4.2 -> 4.3
diffoscope: upgrade 177 -> 178
zangrc (2):
python3-dbus: upgrade 1.2.16 -> 1.2.18
python3-pip: upgrade 21.1.3 -> 21.2.1
meta-openembedded: 8fbcfb9f02..3cf2475ea0:
Anastasios Kavoukis (1):
pm-qa: fix paths for shell scripts
Andreas Müller (3):
mozjs/0001-Port-build-to-python3.patch: Fix typos in description
jack: upgrade 1.19.18 -> 1.19.19
fluidsynth: upgrade 2.2.1 -> 2.2.2
Andrej Valek (1):
thrift: upgrade to 0.14.2
Andrew Jeffery (2):
python3-gmpy: Add native support
python3-ecdsa: Add native support
Armin Kuster (2):
hiawatha: fix url.
wireshark: update to 3.4.7
Ben Brown (1):
android-tools: fix install of adb client when TOOLS is overridden
Changqing Li (1):
apache2: upgrade 2.4.46 -> 2.4.48
Devendra Tewari (1):
Suppress eol in functionfs setup scripts (#147)
Gianfranco (1):
vboxguestdrivers: upgrade 6.1.22 -> 6.1.24
Joe Slater (2):
php: move to version 7.4.21
gtksourceview4: work around dependency deficiency
Johannes Obermüller (1):
evtest: fix timestamps in output
Kai Kang (2):
python3-blivet: 3.1.4 -> 3.4.0
python3-blivetgui: 2.1.10 -> 2.2.1
Khem Raj (23):
netperf: Update to latest
netperf: Add systemd unit file
packagegroup-meta-oe: Add lmdb
packagegroup-meta-oe: Add mbw
addcli: check for ns_get16 and ns_get32
fuse: Define closefrom if not available
autofs: Fix build with glibc 2.34+
ntp: Do not use PTHREAD_STACK_MIN on glibc
ntp: Fix make check
mongodb: Upgrade to 4.4.7
vboxguestdrivers: Remove __divmoddi4 patch
packagegroup-meta-oe: Add jemalloc
apitrace: Exclude from builds with glibc 2.34+
libhugetlbfs: Disable build with glibc 2.34+
fvwm: Package extra files and man pages
luajit: Fix override syntax
lua: Drop uclibc patch
packagegroup-meta-oe: Correct override name and fix syntax
recipes: Fix override syntax
emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN}
fvwm: Fix build time paths in target perl/python scripts
nis: Drop uclibc check in anon python function
jemalloc: Fix build on musl
Leon Anavi (3):
python3-networkx: Upgrade 2.6.1 -> 2.6.2
python3-pysonos: Upgrade 0.0.53 -> 0.0.54
python3-zeroconf: Upgrade 0.33.1 -> 0.33.2
Li Wang (1):
openlldp: fix segfault
Maksym Sloyko (1):
libusbgx: Configure the Devices Used
Martin Jansa (5):
Convert to new override syntax
layer.conf: Update to honister
mariadb: manually fix the conversion
packagegroup-meta-oe: manually finish override syntax conversion
klibc.bbclass, image_types_sparse.bbclass, packagegroup-meta-oe.bb: update the overrides syntax conversion
Mingli Yu (4):
mariadb: redefine log-error item
jemalloc: add new recipe
hdf5: improve reproducibility
mariadb: Update SRC_URI
Nicolas Dechesne (1):
mbw: add new recipe
Paulo Neves (1):
htop: Add ncurses-terminfo-base to RDEPENDS
Sakib Sajal (1):
lmdb: add recipe
Salman Ahmed (2):
nginx: upgrade 1.18.0 -> 1.20.1
nginx: upgrade 1.19.6 -> 1.21.1
Tony Battersby (1):
net-snmp: fix QA Issue after LDFLAGS change
Yi Zhao (3):
postfix: upgrade 3.6.1 -> 3.6.2
audit: upgrade 3.0.2 -> 3.0.3
audit: fix compile error for 2.8.5
Zang Ruochen (1):
python3-robotframework: upgrade 4.0.3 -> 4.1
wangmy (17):
evince: upgrade 40.2 -> 40.4
gnome-backgrounds: upgrade 3.36.0 -> 3.38.0
gnome-desktop3: upgrade 3.36.6 -> 3.38.8
cmark: upgrade 0.30.0 -> 0.30.1
ctags: upgrade 5.9.20210711.0 -> 5.9.20210718.0
libnet-dns-perl: upgrade 1.31 -> 1.32
libtalloc: upgrade 2.3.2 -> 2.3.3
nghttp2: upgrade 1.43.0 -> 1.44.0
bats: upgrade 1.3.0 -> 1.4.1
networkmanager: upgrade 1.32.2 -> 1.32.4
gensio: upgrade 2.2.7 -> 2.2.8
libmbim: upgrade 1.24.8 -> 1.26.0
fetchmail: upgrade 6.4.19 -> 6.4.20
ctags: upgrade 5.9.20210718.0 -> 5.9.20210801.0
libblockdev: upgrade 2.25 -> 2.26
libqmi: upgrade 1.28.6 -> 1.28.8
monit: upgrade 5.28.0 -> 5.28.1
zangrc (15):
python3-qrcode: upgrade 7.1 -> 7.2
python3-rdflib: upgrade 5.0.0 -> 6.0.0
python3-simplejson: upgrade 3.17.2 -> 3.17.3
python3-bitstring: upgrade 3.1.7 -> 3.1.9
python3-iso8601: upgrade 0.1.14 -> 0.1.16
python3-gmqtt: upgrade 0.6.9 -> 0.6.10
python3-graphviz: upgrade 0.16 -> 0.17
python3-smbus: upgrade 4.2 -> 4.3
python3-pandas: upgrade 1.3.0 -> 1.3.1
python3-progress: upgrade 1.5 -> 1.6
python3-sentry-sdk: upgrade 1.3.0 -> 1.3.1
python3-socketio: upgrade 5.3.0 -> 5.4.0
python3-tqdm: upgrade 4.61.2 -> 4.62.0
python3-twisted: upgrade 21.2.0 -> 21.7.0
python3-xlsxwriter: upgrade 1.4.4 -> 1.4.5
zhengruoqin (15):
live555: upgrade 20210710 -> 20210720
libtest-warnings-perl: upgrade 0.030 -> 0.031
python3-pybind11: upgrade 2.6.2 -> 2.7.0
python3-pymongo: upgrade 3.11.4 -> 3.12.0
python3-sqlalchemy: upgrade 1.4.20 -> 1.4.22
python3-sentry-sdk: upgrade 1.2.0 -> 1.3.0
libcurses-perl: upgrade 1.37 -> 1.38
libdbd-sqlite-perl: upgrade 1.66 -> 1.68
libencode-perl: upgrade 3.10 -> 3.11
python3-bitarray: upgrade 2.2.2 -> 2.2.3
python3-cbor2: upgrade 5.4.0 -> 5.4.1
python3-gast: upgrade 0.5.0 -> 0.5.1
poppler: upgrade 21.07.0 -> 21.08.0
valijson: upgrade 0.4 -> 0.5
xwd: upgrade 1.0.7 -> 1.0.8
meta-security: 152cdb506b..c885d399cd:
Armin Kuster (18):
suricata.inc: exclude ppc in rust version
suricata: Drop 4.1.x its EOL
add meta-rust
crowdsec: add pkg
packagegroup-core-security.bb: fix suricat-ptest inclusion
gitlab-ci.yml: streamline builds matrix
krill: Add new pkg
clamav: fix branch name and update
meta-security: Convert to new override syntax
meta-tpm: Convert to new override syntax
meta-integrity: Convert to new override syntax
meta-hardening: Convert to new override syntax
meta-security-isafw: Convert to new override syntax
meta-parsec: Convert to new override syntax
meta-security-compliance: Convert to new override syntax
dynamix-layers: Convert to new override syntax
kas: Convert to new override syntax
packagegroup-core-security.bb: only include suricat-ptest if rust is included
Martin Jansa (1):
layer.conf: Update to honister
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iec7301cf1c43b7cec462dcf88292a8b1b12a5045
Diffstat (limited to 'meta-security/recipes-security')
17 files changed, 81 insertions, 81 deletions
diff --git a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.6.bb b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.6.bb index 8d3b5311f..f76f1df29 100644 --- a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.6.bb +++ b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.6.bb @@ -29,8 +29,8 @@ do_install () { make DESTDIR=${D} ${OEMAKE_EXTRA} ext_scripts=true install } -FILES_${PN} += "${libdir}/*.so" +FILES:${PN} += "${libdir}/*.so" FILES_SOLIBSDEV = "" -INSANE_SKIP_${PN} += "dev-so" +INSANE_SKIP:${PN} += "dev-so" -RDEPENDS_${PN} = "libpcap" +RDEPENDS:${PN} = "libpcap" diff --git a/meta-security/recipes-security/bastille/bastille_3.2.1.bb b/meta-security/recipes-security/bastille/bastille_3.2.1.bb index 0290cae2e..72281c537 100644 --- a/meta-security/recipes-security/bastille/bastille_3.2.1.bb +++ b/meta-security/recipes-security/bastille/bastille_3.2.1.bb @@ -6,8 +6,8 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" # Bash is needed for set +o privileged (check busybox), might also need ncurses DEPENDS = "virtual/kernel" -RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils" -FILES_${PN} += "/run/lock/subsys/bastille" +RDEPENDS:${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils" +FILES:${PN} += "/run/lock/subsys/bastille" SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \ file://AccountPermission.pm \ @@ -150,4 +150,4 @@ do_install () { ln -s RevertBastille ${D}${sbindir}/UndoBastille } -FILES_${PN} += "${datadir}/Bastille ${libdir}/Bastille ${libdir}/perl* ${sysconfdir}/*" +FILES:${PN} += "${datadir}/Bastille ${libdir}/Bastille ${libdir}/perl* ${sysconfdir}/*" diff --git a/meta-security/recipes-security/bastille/files/AccountPermission.pm b/meta-security/recipes-security/bastille/files/AccountPermission.pm index cfbaab1d9..132b30ccb 100644 --- a/meta-security/recipes-security/bastille/files/AccountPermission.pm +++ b/meta-security/recipes-security/bastille/files/AccountPermission.pm @@ -16,7 +16,7 @@ B_chgrp B_chgrp_link B_userdel B_groupdel -B_remove_user_from_group +B:remove_user_from_group B_check_owner_group B_is_unowned_file B_is_ungrouped_file @@ -28,7 +28,7 @@ B_is_suid B_is_sgid B_get_user_list B_get_group_list -B_remove_suid +B:remove_suid ); our @EXPORT = @EXPORT_OK; @@ -74,7 +74,7 @@ sub B_chmod($$) { if ($new_perm =~ /([ugo]+)([+-]{1})([rwxst]+)/) { $symbolic = 1; $chmod_noun = $1; - $add_remove = $2; + $add:remove = $2; $capability = $3; } @@ -466,7 +466,7 @@ sub B_chgrp_link($$) { # # In the future, we may also choose to make a B_lock_account routine. # -# This routine depends on B_remove_user_from_group. +# This routine depends on B:remove_user_from_group. ########################################################################### sub B_userdel($) { @@ -506,7 +506,7 @@ sub B_userdel($) { # # Next find out what groups the user is in, so we can call - # B_remove_user_from_group($user,$group) + # B:remove_user_from_group($user,$group) # # TODO: add this to the helper functions for the test suite. # @@ -586,7 +586,7 @@ sub B_groupdel($) { ########################################################################### -# B_remove_user_from_group($user,$group) removes $user from $group, +# B:remove_user_from_group($user,$group) removes $user from $group, # by modifying $group's /etc/group line, pulling the user out. This # uses B_chunk_replace thrice to replace these patterns: # @@ -595,7 +595,7 @@ sub B_groupdel($) { # ########################################################################### -sub B_remove_user_from_group($$) { +sub B:remove_user_from_group($$) { my ($user_to_remove,$group) = @_; @@ -1022,7 +1022,7 @@ sub B_get_group_list() # ########################################################################### -sub B_remove_suid($) { +sub B:remove_suid($) { my $file_expr = $_[0]; &B_log("ACTION","Removing SUID bit from \"$file_expr\"."); diff --git a/meta-security/recipes-security/bastille/files/FileContent.pm b/meta-security/recipes-security/bastille/files/FileContent.pm index 0a5d6096c..1ef89dd76 100644 --- a/meta-security/recipes-security/bastille/files/FileContent.pm +++ b/meta-security/recipes-security/bastille/files/FileContent.pm @@ -10,8 +10,8 @@ B_blank_file B_insert_line_after B_insert_line_before B_insert_line -B_append_line -B_prepend_line +B:append_line +B:prepend_line B_replace_line B_replace_lines B_replace_pattern @@ -262,7 +262,7 @@ sub B_insert_line($$$$) { # # Additionally, if $pattern is set equal to "", the line is always appended. # -# B_append_line uses B_open_plus and B_close_plus, so that the file +# B:append_line uses B_open_plus and B_close_plus, so that the file # modified is backed up... # # Here's examples of where you might use this: @@ -273,7 +273,7 @@ sub B_insert_line($$$$) { # ########################################################################### -sub B_append_line($$$) { +sub B:append_line($$$) { my ($filename,$pattern,$line_to_append) = @_; @@ -308,11 +308,11 @@ sub B_append_line($$$) { ########################################################################### # &B_prepend_line ($filename,$pattern,$line_to_prepend) modifies $filename, -# pre-pending $line_to_prepend unless one or more lines in the file matches +# pre-pending $line_to:prepend unless one or more lines in the file matches # $pattern. This is an enhancement to the prepend_line_if_no_such_line_exists # idea. # -# B_prepend_line uses B_open_plus and B_close_plus, so that the file +# B:prepend_line uses B_open_plus and B_close_plus, so that the file # modified is backed up... # # Here's examples of where you might use this: @@ -322,7 +322,7 @@ sub B_append_line($$$) { # ########################################################################### -sub B_prepend_line($$$) { +sub B:prepend_line($$$) { my ($filename,$pattern,$line_to_prepend) = @_; @@ -348,7 +348,7 @@ sub B_prepend_line($$$) { # Log the action &B_log("ACTION","Pre-pended the following line to $filename:\n"); - &B_log("ACTION","$line_to_prepend"); + &B_log("ACTION","$line_to:prepend"); } else { $retval=0; diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb index 4a99b5af4..9aefc32cf 100644 --- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb +++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb @@ -25,7 +25,7 @@ SRC_URI[sha256sum] = "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f11875 inherit autotools pkgconfig systemd SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "ecryptfs.service" +SYSTEMD_SERVICE:${PN} = "ecryptfs.service" EXTRA_OECONF = "\ --libdir=${base_libdir} \ @@ -41,7 +41,7 @@ PACKAGECONFIG ??= "nss \ PACKAGECONFIG[nss] = "--enable-nss,--disable-nss,nss," PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam," -do_configure_prepend() { +do_configure:prepend() { export NSS_CFLAGS="-I${STAGING_INCDIR}/nspr -I${STAGING_INCDIR}/nss3" export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3" export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}" @@ -49,7 +49,7 @@ do_configure_prepend() { sed -i -e "s;rootsbindir=\"/sbin\";rootsbindir=\"\${base_sbindir}\";g" ${S}/configure.ac } -do_install_append() { +do_install:append() { chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private # ${base_libdir} is identical to ${libdir} when usrmerge enabled if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then @@ -64,7 +64,7 @@ do_install_append() { fi } -FILES_${PN} += "${base_libdir}/security/* ${base_libdir}/ecryptfs/*" +FILES:${PN} += "${base_libdir}/security/* ${base_libdir}/ecryptfs/*" -RDEPENDS_${PN} += "cryptsetup" -RRECOMMENDS_${PN} = "gettext-runtime" +RDEPENDS:${PN} += "cryptsetup" +RRECOMMENDS:${PN} = "gettext-runtime" diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index b480c76d5..ed75a0e7d 100644 --- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -20,34 +20,34 @@ inherit update-rc.d ptest setuptools3 S = "${WORKDIR}/git" -do_compile_prepend () { +do_compile:prepend () { cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py cd ${S} ./fail2ban-2to3 } -do_install_append () { +do_install:append () { install -d ${D}/${sysconfdir}/fail2ban install -d ${D}/${sysconfdir}/init.d install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server chown -R root:root ${D}/${bindir} } -do_install_ptest_append () { +do_install_ptest:append () { install -d ${D}${PTEST_PATH} install -d ${D}${PTEST_PATH}/bin sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest install -D ${S}/bin/* ${D}${PTEST_PATH}/bin } -FILES_${PN} += "/run" +FILES:${PN} += "/run" INITSCRIPT_PACKAGES = "${PN}" INITSCRIPT_NAME = "fail2ban-server" INITSCRIPT_PARAMS = "defaults 25" -INSANE_SKIP_${PN}_append = "already-stripped" +INSANE_SKIP:${PN}:append = "already-stripped" -RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify" -RDEPENDS_${PN} += " python3-logging python3-fcntl python3-json" -RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify" +RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" +RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb index df76a3d9a..26f549b6c 100644 --- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb +++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb @@ -18,7 +18,7 @@ do_install() { oe_runmake DESTDIR=${D} PREFIX=/usr install } -RRECOMMENDS_${PN} += "\ +RRECOMMENDS:${PN} += "\ keyutils \ kernel-module-cbc \ kernel-module-cts \ diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb index f9ca09268..4ab837485 100644 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb @@ -18,6 +18,6 @@ REQUIRED_DISTRO_FEATURES = "pam" EXTRA_OECONF = "--libdir=${base_libdir}" PACKAGES += "pam-google-authenticator" -FILES_pam-google-authenticator = "${base_libdir}/security/pam_google_authenticator.so" +FILES:pam-google-authenticator = "${base_libdir}/security/pam_google_authenticator.so" RDEPNEDS_pam-google-authenticator = "libpam" diff --git a/meta-security/recipes-security/libest/libest_3.2.0.bb b/meta-security/recipes-security/libest/libest_3.2.0.bb index 5b6dc995c..fda2df4c9 100644 --- a/meta-security/recipes-security/libest/libest_3.2.0.bb +++ b/meta-security/recipes-security/libest/libest_3.2.0.bb @@ -11,17 +11,17 @@ SRC_URI = "git://github.com/cisco/libest;branch=main" DEPENDS = "openssl" #fatal error: execinfo.h: No such file or directory -DEPENDS_append_libc-musl = " libexecinfo" +DEPENDS:append:libc-musl = " libexecinfo" inherit autotools-brokensep EXTRA_OECONF = "--disable-pthreads --with-ssl-dir=${STAGING_LIBDIR}" CFLAGS += "-fcommon" -LDFLAGS_append_libc-musl = " -lexecinfo" +LDFLAGS:append:libc-musl = " -lexecinfo" S = "${WORKDIR}/git" PACKAGES = "${PN} ${PN}-dbg ${PN}-dev" -FILES_${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so" +FILES:${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so" diff --git a/meta-security/recipes-security/libgssglue/libgssglue_0.4.bb b/meta-security/recipes-security/libgssglue/libgssglue_0.4.bb index 88c58ed26..3085ee628 100644 --- a/meta-security/recipes-security/libgssglue/libgssglue_0.4.bb +++ b/meta-security/recipes-security/libgssglue/libgssglue_0.4.bb @@ -33,11 +33,11 @@ SRC_URI[md5sum] = "5ce81940965fa68c7635c42dcafcddfe" SRC_URI[sha256sum] = "bb47b2de78409f461811d0db8595c66e6631a9879c3621a35e4434b104ee52f5" # gssglue can use krb5, spkm3... as gssapi library, configurable -RRECOMMENDS_${PN} += "krb5" +RRECOMMENDS:${PN} += "krb5" inherit autotools -do_install_append() { +do_install:append() { # install some docs install -d -m 0755 ${D}${docdir}/${BPN} install -m 0644 ${S}/AUTHORS ${S}/ChangeLog ${S}/NEWS ${S}/README ${D}${docdir}/${BPN} diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb index cd0acf869..a4ab59d5d 100644 --- a/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb +++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.2.bb @@ -10,31 +10,31 @@ SRC_URI[sha256sum] = "26aeb0d353af1f212c4df476202516953c20f7f31566cfe0b67cbb553d inherit pypi setuptools3 -do_install_append () { +do_install:append () { #install ${D}/var/log/privacyidea rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests } USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system privacyidea" -USERADD_PARAM_${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \ +GROUPADD_PARAM:${PN} = "--system privacyidea" +USERADD_PARAM:${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \ --shell /bin/false privacyidea" -FILES_${PN} += " ${datadir}/etc/privacyidea/* ${datadir}/lib/privacyidea/*" - -RDEPENDS_${PN} += " bash perl freeradius-mysql freeradius-utils" - -RDEPENDS_${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt" -RDEPENDS_${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet" -RDEPENDS_${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml" -RDEPENDS_${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate" -RDEPENDS_${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned" -RDEPENDS_${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress" -RDEPENDS_${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako" -RDEPENDS_${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow" -RDEPENDS_${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql" -RDEPENDS_${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg" -RDEPENDS_${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa" -RDEPENDS_${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve " -RDEPENDS_${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug" +FILES:${PN} += " ${datadir}/etc/privacyidea/* ${datadir}/lib/privacyidea/*" + +RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils" + +RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt" +RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet" +RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml" +RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate" +RDEPENDS:${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned" +RDEPENDS:${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress" +RDEPENDS:${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako" +RDEPENDS:${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow" +RDEPENDS:${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql" +RDEPENDS:${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg" +RDEPENDS:${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa" +RDEPENDS:${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve " +RDEPENDS:${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug" diff --git a/meta-security/recipes-security/ncrack/ncrack_0.7.bb b/meta-security/recipes-security/ncrack/ncrack_0.7.bb index ba269657f..8b221e53c 100644 --- a/meta-security/recipes-security/ncrack/ncrack_0.7.bb +++ b/meta-security/recipes-security/ncrack/ncrack_0.7.bb @@ -15,4 +15,4 @@ inherit autotools-brokensep S = "${WORKDIR}/git" -INSANE_SKIP_${PN} = "already-stripped" +INSANE_SKIP:${PN} = "already-stripped" diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb index 615cc30b9..242f3acc5 100644 --- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb +++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb @@ -111,7 +111,7 @@ do_install() { install -m 0644 docs/nikto_manual.html ${D}${datadir}/doc/nikto } -RDEPENDS_${PN} = "perl libnet-ssleay-perl libwhisker2-perl \ +RDEPENDS:${PN} = "perl libnet-ssleay-perl libwhisker2-perl \ perl-module-getopt-long perl-module-time-local \ perl-module-io-socket perl-module-overloading \ perl-module-base perl-module-b perl-module-bytes" diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb index 2b79609fa..8e368121a 100644 --- a/meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb +++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.9.bb @@ -27,8 +27,8 @@ PACKAGECONFIG[mysql] = "--with-mysql=yes, , mariadb, mariadb" PACKAGECONFIG[readline] = "--with-readline, --without-readline, readline" PACKAGECONFIG[unwind] = "--with-libunwind, --without-libunwind" -do_install_append () { +do_install:append () { rm -rf ${D}${localstatedir}/run } -RDEPENDS_${PN} = "softhsm" +RDEPENDS:${PN} = "softhsm" diff --git a/meta-security/recipes-security/paxctl/paxctl_0.9.bb b/meta-security/recipes-security/paxctl/paxctl_0.9.bb index 3c04141ee..55a0dcac9 100644 --- a/meta-security/recipes-security/paxctl/paxctl_0.9.bb +++ b/meta-security/recipes-security/paxctl/paxctl_0.9.bb @@ -24,7 +24,7 @@ do_install() { # install: cannot change ownership of '.../sbin/paxctl': \ # Operation not permitted # Drop '--owner 0 --group 0' to fix the issue. -do_install_class-native() { +do_install:class-native() { local PROG=paxctl install -d ${D}${base_sbindir} install -d ${D}${mandir}/man1 @@ -33,6 +33,6 @@ do_install_class-native() { } # Avoid QA Issue: No GNU_HASH in the elf binary -INSANE_SKIP_${PN} = "ldflags" +INSANE_SKIP:${PN} = "ldflags" BBCLASSEXTEND = "native" diff --git a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb index 0d70dc6ee..d6d4cea18 100644 --- a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb +++ b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb @@ -37,4 +37,4 @@ do_install() { install -m 0755 ${WORKDIR}/selinux-ls-unconfined.sh ${D}${bindir} } -RDEPENDS_${PN} = "file libcap-ng procps findutils" +RDEPENDS:${PN} = "file libcap-ng procps findutils" diff --git a/meta-security/recipes-security/sssd/sssd_2.5.1.bb b/meta-security/recipes-security/sssd/sssd_2.5.1.bb index 92058437d..1c77480eb 100644 --- a/meta-security/recipes-security/sssd/sssd_2.5.1.bb +++ b/meta-security/recipes-security/sssd/sssd_2.5.1.bb @@ -6,9 +6,9 @@ LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" DEPENDS = "acl attr openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive" -DEPENDS_append = " libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent bind p11-kit" +DEPENDS:append = " libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent bind p11-kit" -DEPENDS_append_libc-musl = " musl-nscd" +DEPENDS:append:libc-musl = " musl-nscd" # If no crypto has been selected, default to DEPEND on nss, since that's what # sssd will pick if no active choice is made during configure @@ -69,7 +69,7 @@ EXTRA_OECONF += " \ --with-pid-path=/run \ " -do_configure_prepend() { +do_configure:prepend() { mkdir -p ${AUTOTOOLS_AUXDIR}/build cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${AUTOTOOLS_AUXDIR}/build/ @@ -77,7 +77,7 @@ do_configure_prepend() { sed -i -e "s#\$sss_extra_libdir##" ${S}/src/external/libresolv.m4 } -do_compile_prepend () { +do_compile:prepend () { echo '#define NSUPDATE_PATH "${bindir}"' >> ${B}/config.h } do_install () { @@ -98,18 +98,18 @@ do_install () { rm -f ${D}${systemd_system_unitdir}/sssd-secrets.* } -pkg_postinst_ontarget_${PN} () { +pkg_postinst_ontarget:${PN} () { if [ -e /etc/init.d/populate-volatile.sh ] ; then ${sysconfdir}/init.d/populate-volatile.sh update fi chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf } -CONFFILES_${PN} = "${sysconfdir}/${BPN}/${BPN}.conf" +CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf" INITSCRIPT_NAME = "sssd" INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." -SYSTEMD_SERVICE_${PN} = " \ +SYSTEMD_SERVICE:${PN} = " \ ${@bb.utils.contains('PACKAGECONFIG', 'autofs', 'sssd-autofs.service sssd-autofs.socket', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'curl', 'sssd-kcm.service sssd-kcm.socket', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'infopipe', 'sssd-ifp.service ', '', d)} \ @@ -124,10 +124,10 @@ SYSTEMD_SERVICE_${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" -FILES_${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss*.so" -FILES_${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" +FILES:${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss*.so" +FILES:${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" # The package contains symlinks that trip up insane -INSANE_SKIP_${PN} = "dev-so" +INSANE_SKIP:${PN} = "dev-so" -RDEPENDS_${PN} = "bind bind-utils dbus libldb libpam" +RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam" |