diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2021-07-23 19:56:22 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2021-07-28 20:22:04 +0300 |
| commit | 59125e0dc92e9e1d6f103f91c865ad6f6c1f51f6 (patch) | |
| tree | 4910bed43893ebe31491cb8cea41fa82733ecddd /meta-security/recipes-security | |
| parent | ad7fa35594a3fae494741eb1eedb30b3cef38b1f (diff) | |
| download | openbmc-59125e0dc92e9e1d6f103f91c865ad6f6c1f51f6.tar.xz | |
meta-security: subtree update:46f7e7acbe..152cdb506b
Anton Antonov (1):
Do not use clang toolchain in Parsec recipes
Armin Kuster (9):
initramfs-framework: fix typo in conditional
ssshgaurd: add packaage
packagegroup-core-security: add sshguard
initramfs-framework: rename files dir
sssd: update to 2.5.1
suricata: update to 6.0.3
kas/kas-security-alt.yml: add meta-rust
.gitlab-ci.yml: fix qemux86 musl order
tpm-tools: fix build issue
Yi Zhao (2):
apparmor: upgrade 3.0 -> 3.0.1
apparmor: use its own initscript and service files
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Idf435d7f6b767d87ae2cc720b520e57c22645935
Diffstat (limited to 'meta-security/recipes-security')
| -rw-r--r-- | meta-security/recipes-security/sshguard/sshguard_2.4.2.bb | 11 | ||||
| -rw-r--r-- | meta-security/recipes-security/sssd/files/musl_fixup.patch | 53 | ||||
| -rw-r--r-- | meta-security/recipes-security/sssd/sssd_2.5.1.bb (renamed from meta-security/recipes-security/sssd/sssd_2.5.0.bb) | 6 |
3 files changed, 68 insertions, 2 deletions
diff --git a/meta-security/recipes-security/sshguard/sshguard_2.4.2.bb b/meta-security/recipes-security/sshguard/sshguard_2.4.2.bb new file mode 100644 index 000000000..bd7f97927 --- /dev/null +++ b/meta-security/recipes-security/sshguard/sshguard_2.4.2.bb @@ -0,0 +1,11 @@ +SUMARRY=" Intelligently block brute-force attacks by aggregating system logs " +HOMEPAGE = "https://www.sshguard.net/" +LIC_FILES_CHKSUM = "file://COPYING;md5=47a33fc98cd20713882c4d822a57bf4d" +LICENSE = "BSD-1-Clause" + + +SRC_URI="https://sourceforge.net/projects/sshguard/files/sshguard/${PV}/sshguard-${PV}.tar.gz" + +SRC_URI[sha256sum] = "2770b776e5ea70a9bedfec4fd84d57400afa927f0f7522870d2dcbbe1ace37e8" + +inherit autotools-brokensep diff --git a/meta-security/recipes-security/sssd/files/musl_fixup.patch b/meta-security/recipes-security/sssd/files/musl_fixup.patch new file mode 100644 index 000000000..68f267c7c --- /dev/null +++ b/meta-security/recipes-security/sssd/files/musl_fixup.patch @@ -0,0 +1,53 @@ +fix musl build failures + +Missing _PATH_HOSTS and some NETDB defines when musl is enabled. + +These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd): + +./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function) +| 1199 | _PATH_HOSTS); +| | ^~~~~~~~~~~ + +and + +i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function) +| 415 | *h_errnop = NETDB_INTERNAL; + + +Upstream-Status: Pending +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: sssd-2.5.1/src/providers/fail_over.c +=================================================================== +--- sssd-2.5.1.orig/src/providers/fail_over.c ++++ sssd-2.5.1/src/providers/fail_over.c +@@ -31,6 +31,10 @@ + #include <talloc.h> + #include <netdb.h> + ++#if !defined(_PATH_HOSTS) ++#define _PATH_HOSTS "/etc/hosts" ++#endif ++ + #include "util/dlinklist.h" + #include "util/refcount.h" + #include "util/util.h" +Index: sssd-2.5.1/src/sss_client/sss_cli.h +=================================================================== +--- sssd-2.5.1.orig/src/sss_client/sss_cli.h ++++ sssd-2.5.1/src/sss_client/sss_cli.h +@@ -44,6 +44,14 @@ typedef int errno_t; + #define EOK 0 + #endif + ++#ifndef NETDB_INTERNAL ++# define NETDB_INTERNAL (-1) ++#endif ++ ++#ifndef NETDB_SUCCESS ++# define NETDB_SUCCESS (0) ++#endif ++ + #define SSS_NSS_PROTOCOL_VERSION 1 + #define SSS_PAM_PROTOCOL_VERSION 3 + #define SSS_SUDO_PROTOCOL_VERSION 1 diff --git a/meta-security/recipes-security/sssd/sssd_2.5.0.bb b/meta-security/recipes-security/sssd/sssd_2.5.1.bb index 84b7b0e46..92058437d 100644 --- a/meta-security/recipes-security/sssd/sssd_2.5.0.bb +++ b/meta-security/recipes-security/sssd/sssd_2.5.1.bb @@ -15,15 +15,17 @@ DEPENDS_append_libc-musl = " musl-nscd" DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'nss', '', \ bb.utils.contains('PACKAGECONFIG', 'crypto', '', 'nss', d), d)}" -SRC_URI = "https://github.com/SSSD/sssd/releases/download/2.5.0/sssd-2.5.0.tar.gz \ +SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.gz \ file://sssd.conf \ file://volatiles.99_sssd \ file://no_gen.patch \ file://fix_gid.patch \ file://drop_ntpdate_chk.patch \ file://fix-ldblibdir.patch \ + file://musl_fixup.patch \ " -SRC_URI[sha256sum] = "afa62d7d8d23fca3aba093abe4ec0d14e7d9346c5b28ceb7c2c624bed98caa06" + +SRC_URI[sha256sum] = "ce2f5d84a3f1750093318afd27f4fd75b1e3e75f7d80fc42d21a40cc54b58ea4" inherit autotools pkgconfig gettext python3-dir features_check systemd |