diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-12-17 04:11:34 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-01-09 02:21:44 +0300 |
| commit | 1a4b7ee28bf7413af6513fb45ad0d0736048f866 (patch) | |
| tree | 79f6d8ea698cab8f2eaf4f54b793d2ca7a1451ce /meta-security/recipes-security | |
| parent | 5b9ede0403237c7dace972affa65cf64a1aadd0e (diff) | |
| download | openbmc-1a4b7ee28bf7413af6513fb45ad0d0736048f866.tar.xz | |
reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-security/recipes-security')
43 files changed, 230 insertions, 436 deletions
diff --git a/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb b/meta-security/recipes-security/AppArmor/apparmor_2.12.bb index fc9b614f1..e3f8dc99c 100644 --- a/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb +++ b/meta-security/recipes-security/AppArmor/apparmor_2.12.bb @@ -21,11 +21,11 @@ SRC_URI = " \ file://functions \ file://apparmor \ file://apparmor.service \ - file://run-ptest \ + file://run-ptest \ " -SRC_URI[md5sum] = "899fd834dc5c8ebf2d52b97e4a174af7" -SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a" +SRC_URI[md5sum] = "49054f58042f8e51ea92cc866575a833" +SRC_URI[sha256sum] = "8a2b0cd083faa4d0640f579024be3a629faa7db3b99540798a1a050e2eaba056" PARALLEL_MAKE = "" @@ -46,7 +46,7 @@ HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}" python() { if 'apache2' in d.getVar('PACKAGECONFIG').split() and \ - 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): + 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): raise bb.parse.SkipRecipe('Requires meta-webserver to be present.') } diff --git a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb index 4df072e0b..d73922778 100644 --- a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb +++ b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb @@ -6,16 +6,13 @@ LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=1fbd81241fe252ec0f5658a521ab7dd8" DEPENDS = "libnl openssl sqlite3 libpcre libpcap" -RC = "rc2" -SRC_URI = "http://download.aircrack-ng.org/${BP}-${RC}.tar.gz \ - file://fixup_cflags.patch" -SRC_URI[md5sum] = "ebe9d537f06f4d6956213af09c4476da" -SRC_URI[sha256sum] = "ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9" +SRC_URI = "http://download.aircrack-ng.org/${BP}.tar.gz" -inherit autotools-brokensep pkgconfig +SRC_URI[md5sum] = "c7c5b076dee0c25ee580b0f56f455623" +SRC_URI[sha256sum] = "8ae08a7c28741f6ace2769267112053366550e7f746477081188ad38410383ca" -S = "${WORKDIR}/${BP}-rc2" +inherit autotools-brokensep pkgconfig PACKAGECONFIG ?= "" CFLAGS += " -I${S}/src/include" diff --git a/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch b/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch deleted file mode 100644 index e13dd24ba..000000000 --- a/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch +++ /dev/null @@ -1,28 +0,0 @@ -Upstream Status: Iinappropriate - -Issues do to build env. - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: aircrack-ng-1.2-rc2/src/Makefile -=================================================================== ---- aircrack-ng-1.2-rc2.orig/src/Makefile -+++ aircrack-ng-1.2-rc2/src/Makefile -@@ -3,8 +3,6 @@ include $(AC_ROOT)/common.mak - - TEST_DIR = $(AC_ROOT)/test - --CFLAGS += -Iinclude -- - iCC = $(shell find /opt/intel/cc/*/bin/icc) - iCFLAGS = -w -mcpu=pentiumpro -march=pentiumpro $(COMMON_CFLAGS) - iOPTFLAGS = -O3 -ip -ipo -D_FILE_OFFSET_BITS=64 -@@ -102,7 +100,7 @@ endif - - - ifeq ($(subst TRUE,true,$(filter TRUE true,$(sqlite) $(SQLITE))),true) -- LIBSQL = -L/usr/local/lib -lsqlite3 -+ LIBSQL = -lsqlite3 - else - LIBSQL = - endif diff --git a/meta-security/recipes-security/bastille/bastille_3.2.1.bb b/meta-security/recipes-security/bastille/bastille_3.2.1.bb index eee1a38e1..152c03ae5 100644 --- a/meta-security/recipes-security/bastille/bastille_3.2.1.bb +++ b/meta-security/recipes-security/bastille/bastille_3.2.1.bb @@ -9,7 +9,7 @@ DEPENDS = "virtual/kernel" RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils" FILES_${PN} += "/run/lock/subsys/bastille" -inherit allarch module-base +inherit module-base SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \ file://AccountPermission.pm \ diff --git a/meta-security/recipes-security/clamav/clamav_0.99.3.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb index 688250da4..8c2c2fa2f 100644 --- a/meta-security/recipes-security/clamav/clamav_0.99.3.bb +++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb @@ -8,7 +8,7 @@ DEPENDS = "libtool db libmspack chrpath-replacement-native" LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" -SRCREV = "224f73461a44e278e9fa50ba59f51ee5e64373e0" +SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047" SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ file://clamd.conf \ diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb index f55b0c390..1f780f9e3 100644 --- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb +++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb @@ -29,6 +29,7 @@ EXTRA_OECONF = "\ --libdir=${base_libdir} \ --disable-pywrap \ --disable-nls \ + --with-pamdir=${base_libdir}/security \ " PACKAGECONFIG ??= "nss \ @@ -43,12 +44,16 @@ do_configure_prepend() { export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3" export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}" export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils" + sed -i -e "s;rootsbindir=\"/sbin\";rootsbindir=\"\${base_sbindir}\";g" ${S}/configure.ac } do_install_append() { chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private - mkdir -p ${D}/${libdir} - mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir} + # ${base_libdir} is identical to ${libdir} when usrmerge enabled + if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then + mkdir -p ${D}/${libdir} + mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir} + fi sed -i -e 's:-I${STAGING_INCDIR}::' \ -e 's:-L${STAGING_LIBDIR}::' ${D}/${libdir}/pkgconfig/libecryptfs.pc sed -i -e "s: ${base_sbindir}/cryptsetup: ${sbindir}/cryptsetup:" ${D}${bindir}/ecryptfs-setup-swap diff --git a/meta-security/recipes-security/fail2ban/files/run-ptest b/meta-security/recipes-security/fail2ban/files/run-ptest new file mode 100644 index 000000000..9f6aebe82 --- /dev/null +++ b/meta-security/recipes-security/fail2ban/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +##PYTHON## fail2ban-testcases diff --git a/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb b/meta-security/recipes-security/fail2ban/python-fail2ban.inc index 7e2deba2d..9245f17b1 100644 --- a/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb +++ b/meta-security/recipes-security/fail2ban/python-fail2ban.inc @@ -9,14 +9,15 @@ HOMEPAGE = "http://www.fail2ban.org" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" -SRCREV ="a45488465e0dd547eb8479c0fa9fd577c1837213" +SRCREV ="ac0d441fd68852ffda7b15c71f16b7f4fde1a7ee" SRC_URI = " \ - git://github.com/fail2ban/fail2ban.git;branch=0.10 \ + git://github.com/fail2ban/fail2ban.git;branch=0.11 \ file://initd \ - file://fail2ban_setup.py \ + file://fail2ban_setup.py \ + file://run-ptest \ " -inherit update-rc.d setuptools +inherit update-rc.d ptest S = "${WORKDIR}/git" @@ -32,10 +33,17 @@ do_install_append () { install -d ${D}/${sysconfdir}/fail2ban install -d ${D}/${sysconfdir}/init.d install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + chown -R root:root ${D}/${bindir} +} + +do_install_ptest_append () { + install -d ${D}${PTEST_PATH} + sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest + install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH} } FILES_${PN} += "/run" INSANE_SKIP_${PN}_append = "already-stripped" -RDEPENDS_${PN} = "sysklogd iptables sqlite3 python python-pyinotify" +RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify" diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb new file mode 100644 index 000000000..17a7dd8dd --- /dev/null +++ b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb @@ -0,0 +1,4 @@ +inherit setuptools +require python-fail2ban.inc + +RDEPENDS_${PN}-ptest = "python python-modules python-fail2ban" diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb new file mode 100644 index 000000000..5c887e857 --- /dev/null +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb @@ -0,0 +1,4 @@ +inherit setuptools3 +require python-fail2ban.inc + +RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb index 4f0b12c4a..8847a0fc4 100644 --- a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb +++ b/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb @@ -9,7 +9,7 @@ SECTION = "base" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRCREV = "e4c4d0984dee2531897e13c32a18d5e54a2a4aa6" +SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5" SRC_URI = "git://github.com/google/fscryptctl.git" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/images/security-build-image.bb b/meta-security/recipes-security/images/security-build-image.bb index 1a7af86be..a8757f980 100644 --- a/meta-security/recipes-security/images/security-build-image.bb +++ b/meta-security/recipes-security/images/security-build-image.bb @@ -6,9 +6,7 @@ IMAGE_INSTALL = "\ packagegroup-base \ packagegroup-core-boot \ packagegroup-core-security \ - os-release \ - ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", "", d)} \ - ${CORE_IMAGE_EXTRA_INSTALL}" + os-release" IMAGE_LINGUAS ?= " " diff --git a/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch b/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch deleted file mode 100644 index af3ef421d..000000000 --- a/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch +++ /dev/null @@ -1,37 +0,0 @@ -Remove the hardcoded lib and include dirs - -Upstream-Status: Inappropriate [cross compile specific] - -written by: Amy Fong <amy.fong@windriver.com> -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> - ---- keynote-2.3/configure.in.orig 2010-05-24 04:44:16.000000000 -0700 -+++ keynote-2.3/configure.in 2010-05-24 04:44:55.000000000 -0700 -@@ -21,27 +21,16 @@ - AC_PATH_PROG(ECHO, echo, /bin/echo) - AC_PATH_PROG(SED, sed, /usr/bin/sed) - --dnl Checks for libraries. --LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\ -- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib" -- - AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm") - AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref") - AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto") - AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue") - --dnl Checks for header files. --CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\ -- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\ -- -I/usr/local/openssl/include -I/pkg/include" -- - AC_HEADER_STDC - AC_HEADER_TIME - AC_CHECK_HEADERS(fcntl.h limits.h unistd.h regex.h sys/time.h io.h) - AC_CHECK_HEADERS(ssl/crypto.h openssl/crypto.h crypto.h memory.h) - --dnl Checks for other files -- - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST - AC_CHECK_TYPE(u_int, unsigned int) diff --git a/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch b/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch deleted file mode 100644 index 80d87cf28..000000000 --- a/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch +++ /dev/null @@ -1,36 +0,0 @@ -Add LDFLAGS variable to Makefile so that extra linker flags can be sent via this variable. - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> - -diff --git a/Makefile.in b/Makefile.in -index b216648..42b4827 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -35,6 +35,7 @@ MKDIR = @MKDIR@ - SED = @SED@ - ECHO = @ECHO@ - TR = @TR@ -+LDFLAGS = @LDFLAGS@ - - TARFLAGS = -cvzf ${DISTFILE} - YACCFLAGS2 = -d -p kv -b z -@@ -83,7 +84,7 @@ $(TARGET): $(OBJS) - $(RANLIB) $(TARGET) - - $(TARGET2): $(TARGET) $(OBJS2) -- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS) - - k.tab.c: keynote.y header.h keynote.h assertion.h config.h - $(YACC) $(YACCFLAGS) keynote.y -@@ -131,7 +132,7 @@ $(SSLCERT) $(SSLKEY): - -keyout $(SSLKEY) - - test-sample: all $(OBJS3) -- $(CC) $(CFLAGS) -o $(TARGET3) $(OBJS3) $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET3) $(OBJS3) $(LIBS) - - test-sig: all $(SSLCERT) $(SSLKEY) - $(SED) -e 's/--.*//' < $(SSLCERT) > $(SSLCERT).1 diff --git a/meta-security/recipes-security/keynote/keynote-2.3/run-ptest b/meta-security/recipes-security/keynote/keynote-2.3/run-ptest deleted file mode 100644 index 4dc35c9d1..000000000 --- a/meta-security/recipes-security/keynote/keynote-2.3/run-ptest +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -cd @PTEST_PATH@ -keynote verify -e testsuite/test-env \ - -r false,maybe,probably,true \ - -k testsuite/auth1 -k testsuite/auth2 \ - -k testsuite/auth3 -k testsuite/auth4 \ - -l testsuite/test-assertion1 \ - -l testsuite/test-assertion2 \ - -l testsuite/test-assertion3 \ - -l testsuite/test-assertion4 \ - -l testsuite/test-assertion5 \ - -l testsuite/test-assertion6 \ - -l testsuite/test-assertion7 \ - && echo "PASS: keynote-ptest" \ - || echo "FAIL: keynote-ptest" diff --git a/meta-security/recipes-security/keynote/keynote_2.3.bb b/meta-security/recipes-security/keynote/keynote_2.3.bb deleted file mode 100644 index e6924858d..000000000 --- a/meta-security/recipes-security/keynote/keynote_2.3.bb +++ /dev/null @@ -1,40 +0,0 @@ -SUMMARY = "Keynote tool and library" -DESCRIPTION = "KeyNote is a simple and flexible trust-management \ - system designed to work well for a variety of large- and small- \ - scale Internet-based applications. \ -" -HOMEPAGE = "http://www.cs.columbia.edu/~angelos/keynote.html" -SECTION = "security" - -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3a265095c549c1808686a676f2699c98" - -MAIN_ID = "${@d.getVar('PV').split('.')[0]}" -MINOR_ID = "${@d.getVar('PV').split('.')[1]}" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}-${MAIN_ID}-${MINOR_ID}/${BPN}_${PV}.tar.gz \ - file://configure-remove-hardcode-path.patch \ - file://makefile-add-ldflags.patch \ - file://run-ptest \ -" -S = "${WORKDIR}/${BPN}-${PV}+dfsg.orig" - -inherit autotools-brokensep ptest - -SRC_URI[md5sum] = "a14553e6ad921b5c85026ce5bec3afe7" -SRC_URI[sha256sum] = "38d2acfa1c3630a07adcb5c8fe92d2aef7f0e6d242b8998b2bbb1c6e4c408d46" - -DEPENDS = "flex openssl" - -EXTRA_OEMAKE += "test-sample -j1" - -do_install() { - install -D -m 0755 ${S}/keynote ${D}${bindir}/keynote - install -D -m 0644 ${S}/libkeynote.a ${D}${libdir}/libkeynote.a - install -D -m 0644 ${S}/keynote.h ${D}${includedir}/keynote.h -} - -do_install_ptest() { - install -D -m 0755 ${S}/sample-app ${D}${PTEST_PATH} - cp -r ${S}/testsuite ${D}${PTEST_PATH} - sed -i 's|@PTEST_PATH@|${PTEST_PATH}|' ${D}${PTEST_PATH}/run-ptest -} diff --git a/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb b/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb index 2ead8fa19..a4222b9e9 100644 --- a/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb +++ b/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb @@ -27,6 +27,8 @@ SRC_URI[sha256sum] = "115c3deae7f181778fd0e0ffaa2dad1bf1fe2f5677cf2e0e348cdb7a1c EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \ NO_ARLIB=1 \ + BINDIR=${base_bindir} \ + SBINDIR=${base_sbindir} \ LIBDIR=${base_libdir} \ USRLIBDIR=${base_libdir} \ BUILDFOR=${SITEINFO_BITS}-bit \ diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb index 8d58163c9..9c66db68c 100644 --- a/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb +++ b/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb @@ -35,8 +35,7 @@ do_install_ptest() { done } -FILES_${PN} = "${bindir} ${libdir}/${PN}.so*" +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*" FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug" -RDEPENDS_${PN} = "bash" RDEPENDS_${PN}-ptest = "bash" diff --git a/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch b/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch deleted file mode 100644 index 356b5071b..000000000 --- a/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch +++ /dev/null @@ -1,37 +0,0 @@ -[PATCH] redefine the python library install dir - -Upstream-Status: Pending - -If install-lib is not defined, it is always /usr/lib/, but it -maybe /usr/lib64 for multilib - -Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- - Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 1bb062c..cced2fb 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -311,7 +311,7 @@ build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py - - install-zenmap: $(ZENMAPDIR)/setup.py - $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 -- cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --force $(if $(DESTDIR),--root "$(DESTDIR)") -+ cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --force $(if $(DESTDIR),--root "$(DESTDIR)") - $(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/ - # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is - # already a link. -@@ -328,7 +328,7 @@ build-nping: $(NPINGDIR)/Makefile nbase_build nsock_build netutil_build $(NPINGD - @cd $(NPINGDIR) && $(MAKE) - - install-ndiff: -- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)") -+ cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)") - - NSE_FILES = scripts/script.db scripts/*.nse - NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc --- -1.9.1 - diff --git a/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch b/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch deleted file mode 100644 index cfe043af4..000000000 --- a/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch +++ /dev/null @@ -1,48 +0,0 @@ -[PATCH] replace "./shtool mkdir" with coreutils mkdir command - -Upstream-Status: Pending - -"./shtool mkdir" is used when mkdir has not -p parameter, but mkdir in today -most release has supportted the -p parameter, not need to use shtool, and it -can not fix the race if two process are running mkdir to create same dir - -Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- - ncat/Makefile.in | 4 ++-- - nmap-update/Makefile.in | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ncat/Makefile.in b/ncat/Makefile.in -index cfd306d..2166e08 100644 ---- a/ncat/Makefile.in -+++ b/ncat/Makefile.in -@@ -163,11 +163,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile - - install: $(TARGET) - @echo Installing Ncat; -- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 -+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 - $(INSTALL) -c -m 755 ncat $(DESTDIR)$(bindir)/ncat - $(STRIP) -x $(DESTDIR)$(bindir)/ncat - if [ -n "$(DATAFILES)" ]; then \ -- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(pkgdatadir); \ -+ mkdir -p -m 755 $(DESTDIR)$(pkgdatadir); \ - $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \ - fi - $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1 -diff --git a/nmap-update/Makefile.in b/nmap-update/Makefile.in -index 89ff928..93f48d8 100644 ---- a/nmap-update/Makefile.in -+++ b/nmap-update/Makefile.in -@@ -37,7 +37,7 @@ $(NBASELIB): - cd $(NBASEDIR) && $(MAKE) - - install: nmap-update -- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 -+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 - $(INSTALL) -c -m 755 nmap-update $(DESTDIR)$(bindir) - $(STRIP) -x $(DESTDIR)$(bindir)/nmap-update - $(INSTALL) -c -m 644 ../docs/nmap-update.1 $(DESTDIR)$(mandir)/man1/ --- -1.9.1 - diff --git a/meta-security/recipes-security/nmap/nmap_7.60.bb b/meta-security/recipes-security/nmap/nmap_7.60.bb deleted file mode 100644 index a6616eb13..000000000 --- a/meta-security/recipes-security/nmap/nmap_7.60.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "network auditing tool" -DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" -SECTION = "security" -LICENSE = "GPL-2.0" - -LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=700c690f4ca6b1754f3f1db8645e42d9" - -SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ - file://nmap-redefine-the-python-library-dir.patch \ - file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ -" - -SRC_URI[md5sum] = "4e454266559ddf2c4e2109866c62560c" -SRC_URI[sha256sum] = "a8796ecc4fa6c38aad6139d9515dc8113023a82e9d787e5a5fb5fa1b05516f21" - -inherit autotools-brokensep pkgconfig pythonnative distro_features_check - -PACKAGECONFIG ?= "ncat nping ndiff pcap" -PACKAGECONFIG += " ${@bb.utils.contains('IMAGE_FEATURES', 'x11-base', 'zenmap', '', d)}" - -PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" -PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpre" -PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" -PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" -PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" - -#disable/enable packages -PACKAGECONFIG[nping] = ",--without-nping," -PACKAGECONFIG[ncat] = ",--without-ncat," -PACKAGECONFIG[ndiff] = ",--without-ndiff,python" -PACKAGECONFIG[update] = ",--without-nmap-update," - -#Add gui -PACKAGECONFIG[zenmap] = "--with-zenmap, --without-zenmap, gtk+ python-core python-codecs python-io python-logging python-unittest python-xml python-netclient python-doctest python-subprocess python-pygtk, python-core python-codecs python-io python-logging python-netclient python-xml python-unittest python-doctest python-subprocess python-pygtk gtk+" - -EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" - -export PYTHON_SITEPACKAGES_DIR - -do_configure() { - # strip hard coded python2# - sed -i -e 's=python2\.*=python=g' ${S}/configure.ac - sed -i -e 's=python2\.*=python=g' ${S}/configure - autoconf - oe_runconf -} - -PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'zenmap', '${PN}-zenmap', '', d)}" - -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" -FILES_${PN}-zenmap = "${@bb.utils.contains("PACKAGECONFIG", "zenmap", "${bindir}/*zenmap ${bindir}/xnmap ${datadir}/applications/* ${bindir}/nmapfe ${datadir}/zenmap/* ${PYTHON_SITEPACKAGES_DIR}/radialnet/* ${PYTHON_SITEPACKAGES_DIR}/zenmap*", "", d)}" - -RDEPENDS_${PN} = "python" -RDEPENDS_${PN}-zenmap = "nmap" diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb index 6682d2905..e847847b8 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb @@ -12,6 +12,7 @@ PACKAGES = "\ packagegroup-security-ids \ packagegroup-security-mac \ ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \ " RDEPENDS_packagegroup-core-security = "\ @@ -20,6 +21,7 @@ RDEPENDS_packagegroup-core-security = "\ packagegroup-security-ids \ packagegroup-security-mac \ ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \ " SUMMARY_packagegroup-security-utils = "Security utilities" @@ -27,7 +29,11 @@ RDEPENDS_packagegroup-security-utils = "\ checksec \ nmap \ pinentry \ - scapy \ + python-scapy \ + ding-libs \ + xmlsec1 \ + keyutils \ + libseccomp \ ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \ " @@ -52,13 +58,28 @@ RDEPENDS_packagegroup-security-hardening = " \ SUMMARY_packagegroup-security-ids = "Security Intrusion Detection systems" RDEPENDS_packagegroup-security-ids = " \ tripwire \ - samhain-client \ + samhain-standalone \ suricata \ " SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems" RDEPENDS_packagegroup-security-mac = " \ ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \ " + +SUMMARY_packagegroup-security-ptest = "Security packages with ptests" +RDEPENDS_packagegroup-security-ptest = " \ + samhain-standalone-ptest \ + xmlsec1-ptest \ + keyutils-ptest \ + libseccomp-ptest \ + python-scapy-ptest \ + suricata-ptest \ + tripwire-ptest \ + python3-fail2ban-ptest \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ + ptest-runner \ + " diff --git a/meta-security/recipes-security/samhain/samhain-client_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-client_4.3.0.bb index 812408e5e..812408e5e 100644 --- a/meta-security/recipes-security/samhain/samhain-client_4.2.2.bb +++ b/meta-security/recipes-security/samhain/samhain-client_4.3.0.bb diff --git a/meta-security/recipes-security/samhain/samhain-server_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-server_4.3.0.bb index 9341d4440..9341d4440 100644 --- a/meta-security/recipes-security/samhain/samhain-server_4.2.2.bb +++ b/meta-security/recipes-security/samhain/samhain-server_4.3.0.bb diff --git a/meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb index 4fed9e9e9..4fed9e9e9 100644 --- a/meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb +++ b/meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb diff --git a/meta-security/recipes-security/samhain/samhain.inc b/meta-security/recipes-security/samhain/samhain.inc index db96264b3..944bf0d0b 100644 --- a/meta-security/recipes-security/samhain/samhain.inc +++ b/meta-security/recipes-security/samhain/samhain.inc @@ -19,8 +19,11 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://samhain.service \ " -SRC_URI[md5sum] = "f499d5d06bfd1d787073a45bf28dd60f" -SRC_URI[sha256sum] = "0f3e64afb3f00064c9b136d34a72d580cd41248c5941eba0452f364a109003c7" +SRC_URI[md5sum] = "a00e99375675fc6e50cca3e208f5207e" +SRC_URI[sha256sum] = "8551dc3b0851889a2b979097e9c02309b40d48b4659f02efe7fe525ce8361a0d" + +UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html" +UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar" S = "${WORKDIR}/samhain-${PV}" diff --git a/meta-security/recipes-security/scapy/scapy/run-ptest b/meta-security/recipes-security/scapy/files/run-ptest index 91b29f907..91b29f907 100755 --- a/meta-security/recipes-security/scapy/scapy/run-ptest +++ b/meta-security/recipes-security/scapy/files/run-ptest diff --git a/meta-security/recipes-security/scapy/scapy_2.3.3.bb b/meta-security/recipes-security/scapy/python-scapy.inc index 1c8685b1a..5abe7db76 100644 --- a/meta-security/recipes-security/scapy/scapy_2.3.3.bb +++ b/meta-security/recipes-security/scapy/python-scapy.inc @@ -5,20 +5,16 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69" -SRC_URI = "https://github.com/secdev/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \ - file://run-ptest \ -" +SRC_URI[md5sum] = "d7d3c4294f5a718e234775d38dbeb7ec" +SRC_URI[sha256sum] = "452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73" -SRC_URI[md5sum] = "336d6832110efcf79ad30c9856ef5842" -SRC_URI[sha256sum] = "67642cf7b806e02daeddd588577588caebddc3426db7904e7999a0b0334a63b5" - -inherit setuptools ptest +inherit pypi ptest do_install_ptest() { install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH} sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest } -RDEPENDS_${PN} = "tcpdump python-subprocess python-compression python-netclient \ - python-netserver python-pydoc python-pkgutil python-shell \ - python-threading python-numbers python-pycrypto" +RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \ + ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto" diff --git a/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb b/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb new file mode 100644 index 000000000..98db1fd6d --- /dev/null +++ b/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb @@ -0,0 +1,6 @@ +inherit setuptools +require python-scapy.inc + +SRC_URI += "file://run-ptest" + +RDEPENDS_${PN} += "${PYTHON_PN}-subprocess" diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb new file mode 100644 index 000000000..93ca7be8a --- /dev/null +++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb @@ -0,0 +1,4 @@ +inherit setuptools3 +require python-scapy.inc + +SRC_URI += "file://run-ptest" diff --git a/meta-security/recipes-security/sssd/sssd_1.16.0.bb b/meta-security/recipes-security/sssd/sssd_1.16.3.bb index ff5b618bc..8f7f805fd 100644 --- a/meta-security/recipes-security/sssd/sssd_1.16.0.bb +++ b/meta-security/recipes-security/sssd/sssd_1.16.3.bb @@ -1,6 +1,6 @@ SUMMARY = "system security services daemon" DESCRIPTION = "SSSD is a system security services daemon" -HOMEPAGE = "https://fedorahosted.org/sssd/" +HOMEPAGE = "https://pagure.io/SSSD/sssd/" SECTION = "base" LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" @@ -11,8 +11,8 @@ DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent" SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ file://sssd.conf " -SRC_URI[md5sum] = "f721ace2ebfa6744cfea55e3ecd2d82f" -SRC_URI[sha256sum] = "c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f" +SRC_URI[md5sum] = "af4288c9d1f9953e3b3b6e0b165a5ece" +SRC_URI[sha256sum] = "ee5d17a0c663c09819cbab9364085b9e57faeca02406cc30efe14cc0cfc04ec4" inherit autotools pkgconfig gettext update-rc.d python-dir distro_features_check diff --git a/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz b/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz Binary files differnew file mode 100644 index 000000000..aed375474 --- /dev/null +++ b/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz diff --git a/meta-security/recipes-security/suricata/files/run-ptest b/meta-security/recipes-security/suricata/files/run-ptest new file mode 100644 index 000000000..666ba9c95 --- /dev/null +++ b/meta-security/recipes-security/suricata/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +suricata -u diff --git a/meta-security/recipes-security/suricata/files/suricata.service b/meta-security/recipes-security/suricata/files/suricata.service new file mode 100644 index 000000000..a99a76ef8 --- /dev/null +++ b/meta-security/recipes-security/suricata/files/suricata.service @@ -0,0 +1,20 @@ +[Unit] +Description=Suricata IDS/IDP daemon +After=network.target +Requires=network.target +Documentation=man:suricata(8) man:suricatasc(8) +Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki + +[Service] +Type=simple +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW +RestrictAddressFamilies= +ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0 +ExecReload=/bin/kill -HUP $MAINPID +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=yes + +[Install] +WantedBy=multi-user.target + diff --git a/meta-security/recipes-security/suricata/files/suricata.yaml b/meta-security/recipes-security/suricata/files/suricata.yaml index 90417b03d..8d06a2744 100644 --- a/meta-security/recipes-security/suricata/files/suricata.yaml +++ b/meta-security/recipes-security/suricata/files/suricata.yaml @@ -787,7 +787,7 @@ logging: enabled: no filename: /var/log/suricata.log - syslog: - enabled: no + enabled: yes facility: local5 format: "[%i] <%d> -- " diff --git a/meta-security/recipes-security/suricata/libhtp_0.5.25.bb b/meta-security/recipes-security/suricata/libhtp_0.5.27.bb index 8305f7010..8305f7010 100644 --- a/meta-security/recipes-security/suricata/libhtp_0.5.25.bb +++ b/meta-security/recipes-security/suricata/libhtp_0.5.27.bb diff --git a/meta-security/recipes-security/suricata/suricata.inc b/meta-security/recipes-security/suricata/suricata.inc index a2d36eb61..1f421210d 100644 --- a/meta-security/recipes-security/suricata/suricata.inc +++ b/meta-security/recipes-security/suricata/suricata.inc @@ -2,8 +2,8 @@ HOMEPAGE = "http://suricata-ids.org/" SECTION = "security Monitor/Admin" LICENSE = "GPLv2" -VER = "4.0.0" +VER = "4.0.5" SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz" -SRC_URI[md5sum] = "41fb91b4cbc6705b353e4bdd02c3df4b" -SRC_URI[sha256sum] = "6b8b183a8409829ca92c71854cc1abed45f04ccfb7f14c08211f4edf571fa577" +SRC_URI[md5sum] = "ea0cb823d6a86568152f75ade6de442f" +SRC_URI[sha256sum] = "74dacb4359d57fbd3452e384eeeb1dd77b6ae00f02e9994ad5a7b461d5f4c6c2" diff --git a/meta-security/recipes-security/suricata/suricata_4.0.0.bb b/meta-security/recipes-security/suricata/suricata_4.0.5.bb index e16348670..6c0a109be 100644 --- a/meta-security/recipes-security/suricata/suricata_4.0.0.bb +++ b/meta-security/recipes-security/suricata/suricata_4.0.5.bb @@ -4,16 +4,24 @@ require suricata.inc LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" +SRC_URI += "file://emerging.rules.tar.gz;name=rules" + SRC_URI += " \ file://volatiles.03_suricata \ file://suricata.yaml \ + file://suricata.service \ + file://run-ptest \ " -inherit autotools-brokensep pkgconfig python-dir +SRC_URI[rules.md5sum] = "205c5e5b54e489207ed892c03ad75b33" +SRC_URI[rules.sha256sum] = "4aa81011b246875a57181c6a0569ca887845e366904bcaf0043220f33bd69798" + +inherit autotools-brokensep pkgconfig python-dir systemd ptest CFLAGS += "-D_DEFAULT_SOURCE" -CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes " +CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes \ + ac_cv_path_HAVE_WGET=no ac_cv_path_HAVE_CURL=no " EXTRA_OECONF += " --disable-debug \ --enable-non-bundled-htp \ @@ -21,6 +29,8 @@ EXTRA_OECONF += " --disable-debug \ " PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr" +PACKAGECONFIG_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}" + PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp," PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," @@ -28,33 +38,59 @@ PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap- PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," +PACKAGECONFIG[nfq] = "--enable-nfqueue, --disable-nfqueue,libnetfilter-queue," PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" PACKAGECONFIG[file] = ",,file, file" PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" +PACKAGECONFIG[unittests] = "--enable-unittests, --disable-unittests," export logdir = "${localstatedir}/log" do_install_append () { + install -d ${D}${sysconfdir}/suricata + + oe_runmake install-conf DESTDIR=${D} + + # mimic move of downloaded rules to e_sysconfrulesdir + cp -rf ${WORKDIR}/rules ${D}${sysconfdir}/suricata + + oe_runmake install-rules DESTDIR=${D} + install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles - install -m 644 classification.config ${D}${sysconfdir}/suricata - install -m 644 reference.config ${D}${sysconfdir}/suricata - install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata + + install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata + + install -d ${D}${systemd_unitdir}/system + sed -e s:/etc:${sysconfdir}:g \ + -e s:/var/run:/run:g \ + -e s:/var:${localstatedir}:g \ + -e s:/usr/bin:${bindir}:g \ + -e s:/bin/kill:${base_bindir}/kill:g \ + -e s:/usr/lib:${libdir}:g \ + ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + + # Remove /var/run as it is created on startup + rm -rf ${D}${localstatedir}/run + } pkg_postinst_ontarget_${PN} () { if [ -e /etc/init.d/populate-volatile.sh ] ; then ${sysconfdir}/init.d/populate-volatile.sh update fi - ${bindir}/suricata -c ${sysconfdir}/suricata.yaml -i eth0 } -PACKAGES += "${PN}-python" -FILES_${PN} = "${bindir}/suricata ${sysconfdir}/default ${sysconfdir}/suricata ${logdir}/suricata" -FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" +SYSTEMD_PACKAGES = "${PN}" + +PACKAGES =+ "${PN}-socketcontrol" +FILES_${PN} += "${systemd_unitdir}" +FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" + +CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml" RDEPENDS_${PN}-python = "python" diff --git a/meta-security/recipes-security/tripwire/files/run-ptest b/meta-security/recipes-security/tripwire/files/run-ptest new file mode 100644 index 000000000..aedfddc59 --- /dev/null +++ b/meta-security/recipes-security/tripwire/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +./twtest.pl diff --git a/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb b/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb index 465960f23..59d1f35c5 100644 --- a/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb +++ b/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb @@ -16,11 +16,12 @@ SRC_URI = "\ file://twcfg.txt \ file://twinstall.sh \ file://twpol-yocto.txt \ + file://run-ptest \ " S = "${WORKDIR}/git" -inherit autotools-brokensep update-rc.d +inherit autotools-brokensep update-rc.d ptest INITSCRIPT_NAME = "tripwire" INITSCRIPT_PARAMS = "start 40 S ." @@ -58,9 +59,15 @@ do_install () { install -m 0644 ${WORKDIR}/tripwire.txt ${D}${docdir}/${BPN} } +do_install_ptest_append () { + install -d ${D}${PTEST_PATH}/tests + cp -a ${S}/src/test-harness/* ${D}${PTEST_PATH} +} FILES_${PN} += "${libdir} ${docdir}/${PN}/*" FILES_${PN}-dbg += "${sysconfdir}/${PN}/.debug" FILES_${PN}-staticdev += "${localstatedir}/lib/${PN}/lib*.a" +FILES_${PN}-ptest += "${PTEST_PATH}/tests " RDEPENDS_${PN} += " perl nano msmtp cronie" +RDEPENDS_${PN}-ptest = " perl lib-perl" diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch b/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch index fcc63b34c..1cec47fca 100644 --- a/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch +++ b/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch @@ -1,4 +1,4 @@ -From 47379747e34f952d31af028c672940ca7859ae3c Mon Sep 17 00:00:00 2001 +From c1c980a95d85bcaf8802524d6148783522b300d7 Mon Sep 17 00:00:00 2001 From: Yulong Pei <Yulong.pei@windriver.com> Date: Wed, 21 Jul 2010 22:33:43 +0800 Subject: [PATCH] change finding path of nss and nspr @@ -7,66 +7,61 @@ Upstream-Status: Pending Signed-off-by: Yulong Pei <Yulong.pei@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> - +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> --- - configure.ac | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) + configure.ac | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac -index 3278200..6edec7d 100644 +index 951b3eb..1fdeb0f 100644 --- a/configure.ac +++ b/configure.ac -@@ -644,7 +644,7 @@ if test "z$NSS_FOUND" = "zno" ; then +@@ -866,10 +866,10 @@ MOZILLA_MIN_VERSION="1.4" + NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss" + NSPR_PACKAGE=mozilla-nspr + NSS_PACKAGE=mozilla-nss +-NSPR_INCLUDE_MARKER="nspr/nspr.h" ++NSPR_INCLUDE_MARKER="nspr.h" + NSPR_LIB_MARKER="libnspr4$shrext" + NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" +-NSS_INCLUDE_MARKER="nss/nss.h" ++NSS_INCLUDE_MARKER="nss3/nss.h" + NSS_LIB_MARKER="libnss3$shrext" + NSS_LIBS_LIST="-lnss3 -lsmime3" - if test "z$with_nspr" != "z" ; then - NSPR_PREFIX="$with_nspr" -- NSPR_CFLAGS="-I$with_nspr/include -I$with_nspr/include/nspr" -+ NSPR_CFLAGS="-I$with_nspr/usr/include -I$with_nspr/usr/include/nspr4" - if test "z$with_gnu_ld" = "zyes" ; then - NSPR_LIBS="-Wl,-rpath-link -Wl,$with_nspr/lib -L$with_nspr/lib $NSPR_LIBS_LIST" - else -@@ -652,7 +652,7 @@ if test "z$NSS_FOUND" = "zno" ; then - fi - NSPR_INCLUDES_FOUND="yes" - NSPR_LIBS_FOUND="yes" -- NSPR_PRINIT_H="$with_nspr/include/prinit.h" -+ NSPR_PRINIT_H="$with_nspr/usr/include/nspr4/prinit.h" +@@ -898,24 +898,24 @@ fi + dnl Priority 1: User specifies the path to installation + if test "z$NSPR_FOUND" = "zno" -a "z$with_nspr" != "z" -a "z$with_nspr" != "zyes" ; then + AC_MSG_CHECKING(for nspr library installation in "$with_nspr" folder) +- if test -f "$with_nspr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/lib/$NSPR_LIB_MARKER" ; then +- NSPR_INCLUDE_PATH="$with_nspr/include" +- NSPR_LIB_PATH="$with_nspr/lib" ++ if test -f "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/${libdir}/$NSPR_LIB_MARKER" ; then ++ NSPR_INCLUDE_PATH="$with_nspr/usr/include" ++ NSPR_LIB_PATH="$with_nspr/${libdir}" + NSPR_FOUND="yes" + AC_MSG_RESULT([yes]) else - for dir in $ac_nss_inc_dir ; do - if test -f $dir/nspr/prinit.h ; then -@@ -690,7 +690,7 @@ if test "z$NSS_FOUND" = "zno" ; then - OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$NSPR_CFLAGS" - AC_EGREP_CPP(yes,[ -- #include <prinit.h> -+ #include <nspr4/prinit.h> - #if PR_VMAJOR >= 4 - yes - #endif -@@ -715,7 +715,7 @@ if test "z$NSS_FOUND" = "zno" ; then - NSS_NSS_H="" - - if test "z$with_nss" != "z" ; then -- NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/include -I$with_nss/include/nss" -+ NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/usr/include -I$with_nss/usr/include/nss3 -I$with_nspr/usr/include/nspr4" - if test "z$with_gnu_ld" = "zyes" ; then - NSS_LIBS="$NSS_LIBS -Wl,-rpath-link -Wl,$with_nss/lib -L$with_nss/lib $NSS_LIBS_LIST" - else -@@ -723,7 +723,7 @@ if test "z$NSS_FOUND" = "zno" ; then - fi - NSS_INCLUDES_FOUND="yes" - NSS_LIBS_FOUND="yes" -- NSS_NSS_H="$with_nss/include/nss.h" -+ NSS_NSS_H="$with_nss/usr/include/nss3/nss.h" +- AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/lib/$NSPR_LIB_MARKER" files don't exist), typo?]) ++ AC_MSG_ERROR([not found: "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/${libdir}/$NSPR_LIB_MARKER" files don't exist), typo?]) + fi + fi + if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != "zyes" ; then + AC_MSG_CHECKING(for nss library installation in "$with_nss" folder) +- if test -f "$with_nss/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/lib/$NSS_LIB_MARKER" ; then +- NSS_INCLUDE_PATH="$with_nss/include" +- NSS_LIB_PATH="$with_nss/lib" ++ if test -f "$with_nss/usr/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/${libdir}/$NSS_LIB_MARKER" ; then ++ NSS_INCLUDE_PATH="$with_nss/usr/include/nss3" ++ NSS_LIB_PATH="$with_nss/${libdir}" + NSS_FOUND="yes" + AC_MSG_RESULT([yes]) else - for dir in $ac_nss_inc_dir ; do - if test -f $dir/nss/nss.h ; then -@@ -761,7 +761,7 @@ if test "z$NSS_FOUND" = "zno" ; then - OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$NSPR_CFLAGS $NSS_CFLAGS" - AC_EGREP_CPP(yes,[ -- #include <nss.h> -+ #include <nss3/nss.h> - #if NSS_VMAJOR >= 3 && NSS_VMINOR >= 2 - yes - #endif +- AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/lib/$NSS_LIB_MARKER" files don't exist), typo?]) ++ AC_MSG_ERROR([not found: "$with_nss/usr/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/${libdir}/$NSS_LIB_MARKER" files don't exist), typo?]) + fi + fi + +-- +2.7.4 + diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch b/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch deleted file mode 100644 index 5f967bbaa..000000000 --- a/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 1d8ae4b32bd76c19ec238f30eb9b1ee582cbe990 Mon Sep 17 00:00:00 2001 -From: Jackie Huang <jackie.huang@windriver.com> -Date: Fri, 2 Mar 2018 01:10:58 -0800 -Subject: [PATCH] xmlsec1: fix a typo in examples/verify3.c - -Upstream-Status: Submitted [https://github.com/lsh123/xmlsec/pull/153] - -Signed-off-by: Jackie Huang <jackie.huang@windriver.com> - ---- - examples/verify3.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/examples/verify3.c b/examples/verify3.c -index 2d26ae7..68f52ab 100644 ---- a/examples/verify3.c -+++ b/examples/verify3.c -@@ -1,4 +1,4 @@ --4/** -+/** - * XML Security Library example: Verifying a file signed with X509 certificate - * - * Verifies a file signed with X509 certificate. diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb index 341ca08fd..2dbbf331e 100644 --- a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb +++ b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb @@ -17,12 +17,11 @@ SRC_URI = "http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \ file://change-finding-path-of-nss.patch \ file://makefile-ptest.patch \ file://xmlsec1-examples-allow-build-in-separate-dir.patch \ - file://xmlsec1-fix-a-typo-in-examples-verify3.c.patch \ file://run-ptest \ " -SRC_URI[md5sum] = "dbbef1efc69e61bc4629650205a05b41" -SRC_URI[sha256sum] = "967ca83edf25ccb5b48a3c4a09ad3405a63365576503bf34290a42de1b92fcd2" +SRC_URI[md5sum] = "9c4aaf9ff615a73921b9e3bf4988d878" +SRC_URI[sha256sum] = "8d8276c9c720ca42a3b0023df8b7ae41a2d6c5f9aa8d20ed1672d84cc8982d50" inherit autotools-brokensep ptest pkgconfig |