meta-security: subtree update:2df7dd9fba..3001c3ebfc

Armin Kuster (6):
      meta-security: add layer index callouts
      meta-security-compliance/conf/layer.conf: fix typo
      python3-suricata-update: update to 1.1.1
      libhtp: bugfix only update 0.5.32
      lib/oeqa/runtime: suricata add tests
      suricata: update to 4.1.6

Philip Tricca (1):
      tpm2-abrmd: Port command line options to new version.

Trevor Woerner (1):
      tpm2-abrmd-init.sh: fix for /dev/tpmrmX

Yi Zhao (1):
      libseccomp: upgrade 2.4.1 -> 2.4.2

Change-Id: Ic00ca8ac8ff5d3fbe0b79aa4a42243b197080f14
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

2 files changed, 47 insertions, 1 deletions

diff --git a/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch b/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch
new file mode 100644
index 000000000..a53433fe5
--- /dev/null
+++ b/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch
@@ -0,0 +1,45 @@
+From 1ecdddb2a5b61cf527d1f238f88a9d129239f87a Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Tue, 5 Nov 2019 15:11:11 -0500
+Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls
+
+We recently changed how libseccomp handles syscall numbers that are
+not defined natively, but we missed test #15.
+
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+
+Upstream-Status: Backport
+[https://github.com/seccomp/libseccomp/commit/1ecdddb2a5b61cf527d1f238f88a9d129239f87a]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ tests/15-basic-resolver.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
+index 6badef1..0c1eefe 100644
+--- a/tests/15-basic-resolver.c
++++ b/tests/15-basic-resolver.c
+@@ -55,15 +55,15 @@ int main(int argc, char *argv[])
+ 	unsigned int arch;
+ 	char *name = NULL;
+ 
+-	if (seccomp_syscall_resolve_name("open") != __NR_open)
++	if (seccomp_syscall_resolve_name("open") != __SNR_open)
+ 		goto fail;
+-	if (seccomp_syscall_resolve_name("read") != __NR_read)
++	if (seccomp_syscall_resolve_name("read") != __SNR_read)
+ 		goto fail;
+ 	if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR)
+ 		goto fail;
+ 
+ 	rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat");
+-	if (rc != __NR_openat)
++	if (rc != __SNR_openat)
+ 		goto fail;
+ 
+ 	while ((arch = arch_list[iter++]) != -1) {
+-- 
+2.17.1
+
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb
index 37a79829f..07db82a60 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb
@@ -4,9 +4,10 @@ SECTION = "security"
 LICENSE = "LGPL-2.1"
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
 
-SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
+SRCREV = "1b6cfd1fc0b7499a28c24299a93a80bd18619563"
 
 SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
+           file://0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch \
            file://run-ptest \
 "