summaryrefslogtreecommitdiff
path: root/meta-security
diff options
context:
space:
mode:
authorAndrew Geissler <geissonator@yahoo.com>2021-03-31 21:36:22 +0300
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2021-04-06 16:22:18 +0300
commit9d3cc05f311fde3211b6bc0a9be221d6e889a70e (patch)
treecd4a28c9a69d3983c4ec1ab2dd7f025385b3cbb7 /meta-security
parentbd39bf61761e73b494e69f07ae975547e8ac771e (diff)
downloadopenbmc-9d3cc05f311fde3211b6bc0a9be221d6e889a70e.tar.xz
meta-security: subtree update:9504d02694..775870980b
Armin Kuster (13): libtpm: update to 0.8.2 ibmtpm2tss: update to 1.6.0 tpm2-abrmd: update to 2.4.0 tpm2-tools: update to 5.0 tpm2-tss: update to 3.0.3 tpm2-pkcs11: update to 1.5.0 tpm2-topt: update 0.3.0 trousers: update to 0.3.15 tpm-tools: update to 1.3.9.1 python3-fail2ban: fix building with ptest enabled layer.conf: Add hardknott to LAYERSERIES_COMPAT tpm2-tss-engine: update 1.1.0 swtpm: update to 0.5.2 Kai Kang (1): samhain: fix compile error on powerpc Ming Liu (1): ima-evm-keys: add file-checksums to IMA_EVM_X509 lukasz plachno (1): fscryptctl: Fix installation path Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97
Diffstat (limited to 'meta-security')
-rw-r--r--meta-security/conf/layer.conf2
-rw-r--r--meta-security/meta-hardening/conf/layer.conf2
-rw-r--r--meta-security/meta-integrity/conf/layer.conf2
-rw-r--r--meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb1
-rw-r--r--meta-security/meta-security-compliance/conf/layer.conf2
-rw-r--r--meta-security/meta-security-isafw/conf/layer.conf2
-rw-r--r--meta-security/meta-tpm/conf/layer.conf2
-rw-r--r--meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb)4
-rw-r--r--meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb)17
-rw-r--r--meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch110
-rw-r--r--meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb)3
-rw-r--r--meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb4
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch30
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb)4
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb)6
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch48
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb)6
-rw-r--r--meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch28
-rw-r--r--meta-security/recipes-ids/samhain/samhain.inc1
-rw-r--r--meta-security/recipes-security/fail2ban/files/run-ptest2
-rw-r--r--meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb3
-rw-r--r--meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb2
26 files changed, 128 insertions, 161 deletions
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 8c0254b82..fd21da1eb 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,6 +9,6 @@ BBFILE_COLLECTIONS += "security"
BBFILE_PATTERN_security = "^${LAYERDIR}/"
BBFILE_PRIORITY_security = "8"
-LAYERSERIES_COMPAT_security = "gatesgarth"
+LAYERSERIES_COMPAT_security = "hardknott"
LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python"
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index 22d88749d..085ea45c5 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer"
BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_harden-layer = "10"
-LAYERSERIES_COMPAT_harden-layer = "gatesgarth"
+LAYERSERIES_COMPAT_harden-layer = "hardknott"
LAYERDEPENDS_harden-layer = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 76374eb9b..ba028da7e 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}'
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "gatesgarth"
+LAYERSERIES_COMPAT_integrity = "hardknott"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index 62685bbb0..7708aef2c 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -14,3 +14,4 @@ do_install () {
lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
fi
}
+do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' % os.path.exists('${IMA_EVM_X509}')}"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index db243f710..2024d4a5f 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer"
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_scanners-layer = "10"
-LAYERSERIES_COMPAT_scanners-layer = "gatesgarth"
+LAYERSERIES_COMPAT_scanners-layer = "hardknott"
LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf
index b8ee1c013..1f1095f07 100644
--- a/meta-security/meta-security-isafw/conf/layer.conf
+++ b/meta-security/meta-security-isafw/conf/layer.conf
@@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1"
LAYERDEPENDS_security-isafw = "core"
-LAYERSERIES_COMPAT_security-isafw = "gatesgarth"
+LAYERSERIES_COMPAT_security-isafw = "hardknott"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index cd62fbac2..65788eb0e 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer"
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_tpm-layer = "10"
-LAYERSERIES_COMPAT_tpm-layer = "gatesgarth"
+LAYERSERIES_COMPAT_tpm-layer = "hardknott"
LAYERDEPENDS_tpm-layer = " \
core \
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
index 0ade01dd5..9784aa115 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
@@ -2,8 +2,8 @@ SUMMARY = "LIBPM - Software TPM Library"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0"
+SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
index 35c77c806..b7ff2ad59 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
@@ -3,22 +3,21 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
-DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
# configure checks for the tools already during compilation and
# then swtpm_setup needs them at runtime
DEPENDS += "tpm-tools-native expect-native socat-native"
-SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \
- file://fix_fcntl_h.patch \
+SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
file://ioctl_h.patch \
"
PE = "1"
S = "${WORKDIR}/git"
-inherit autotools pkgconfig
+inherit autotools pkgconfig python3-dir
PARALLEL_MAKE = ""
TSS_USER="tss"
@@ -35,18 +34,20 @@ PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
-export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
-
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
+
+PACKAGES =+ "${PN}-python"
+FILES_${PN}-python = "${nonarch_libdir}/${PYTHON_PN}/dist-packages/* "
+
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES_${PN}-cuse = "${bindir}/swtpm_cuse"
INSANE_SKIP_${PN} += "dev-so"
-RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
+RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
deleted file mode 100644
index c2a264b62..000000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Author: Philipp Kern <pkern@debian.org>
-Subject: Fix openssl1.1 support in data_mgmt
-Date: Tue, 31 Jan 2017 22:40:10 +0100
-
-Upstream-Status: Backport
-tpm-tools_1.3.9.1-0.1.debian.tar
-
-Signed-off-by: Armin kuster <akuster808@gmail.com>
-
----
- src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++----------------
- 1 file changed, 39 insertions(+), 21 deletions(-)
-
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
- goto out;
- }
-
-- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
- logError( TOKEN_RSA_KEY_ERROR );
-
- X509_free( pX509 );
-@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, NULL );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-
- CK_RV rv;
-
-@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-
- // Create the RSA public key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-- int dLen = BN_num_bytes( a_pRsa->d );
-- int pLen = BN_num_bytes( a_pRsa->p );
-- int qLen = BN_num_bytes( a_pRsa->q );
-- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
-- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
-- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+ const BIGNUM *bd;
-+ const BIGNUM *bp;
-+ const BIGNUM *bq;
-+ const BIGNUM *bdmp1;
-+ const BIGNUM *bdmq1;
-+ const BIGNUM *biqmp;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, &bd);
-+ RSA_get0_factors( a_pRsa, &bp, &bq);
-+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-+ int dLen = BN_num_bytes( bd );
-+ int pLen = BN_num_bytes( bp );
-+ int qLen = BN_num_bytes( bq );
-+ int dmp1Len = BN_num_bytes( bdmp1 );
-+ int dmq1Len = BN_num_bytes( bdmq1 );
-+ int iqmpLen = BN_num_bytes( biqmp );
-
- CK_RV rv;
-
-@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-- BN_bn2bin( a_pRsa->d, d );
-- BN_bn2bin( a_pRsa->p, p );
-- BN_bn2bin( a_pRsa->q, q );
-- BN_bn2bin( a_pRsa->dmp1, dmp1 );
-- BN_bn2bin( a_pRsa->dmq1, dmq1 );
-- BN_bn2bin( a_pRsa->iqmp, iqmp );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-+ BN_bn2bin( bd, d );
-+ BN_bn2bin( bp, p );
-+ BN_bn2bin( bq, q );
-+ BN_bn2bin( bdmp1, dmp1 );
-+ BN_bn2bin( bdmq1, dmq1 );
-+ BN_bn2bin( biqmp, iqmp );
-
- // Create the RSA private key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 88ef19f73..8aeb8ac4b 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -12,12 +12,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
+SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
git://git.code.sf.net/p/trousers/tpm-tools \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
- file://05-openssl1.1_fix_data_mgmt.patch \
file://openssl1.1_fix.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 27b4e2f51..32c9a4976 100644
--- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -6,8 +6,8 @@ SECTION = "security/tpm"
DEPENDS = "openssl"
-SRCREV = "e74dd1d96753b0538192143adf58d04fcd3b242b"
-PV = "0.3.14+git${SRCPV}"
+SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
+PV = "0.3.15+git${SRCPV}"
SRC_URI = " \
git://git.code.sf.net/p/trousers/trousers \
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
index 8b13fb66c..cfda80f41 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
@@ -15,17 +15,15 @@ Signed-off-by: Jens Rehsack <sno@netbsd.org>
utils12/Makefile.am | 8 ++++-
2 files changed, 79 insertions(+), 4 deletions(-)
-diff --git a/utils/Makefile.am b/utils/Makefile.am
-index 1e51fe3..170a26e 100644
---- a/utils/Makefile.am
-+++ b/utils/Makefile.am
-@@ -81,9 +81,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS)
+Index: git/utils/Makefile.am
+===================================================================
+--- git.orig/utils/Makefile.am
++++ git/utils/Makefile.am
+@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
- noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h
+ noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
# install every header in ibmtss
-nobase_include_HEADERS = ibmtss/*.h
--
--notrans_man_MANS = man/man1/*.1
+nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
+ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
+ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
@@ -65,7 +63,8 @@ index 1e51fe3..170a26e 100644
+ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
+ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
+ ibmtss/ZGen_2Phase_fp.h
-+
+
+-notrans_man_MANS = man/man1/*.1
+notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
+ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
+ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
@@ -101,11 +100,11 @@ index 1e51fe3..170a26e 100644
if CONFIG_TPM20
noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
-diff --git a/utils12/Makefile.am b/utils12/Makefile.am
-index a01f47c..e9fe61e 100644
---- a/utils12/Makefile.am
-+++ b/utils12/Makefile.am
-@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
+Index: git/utils12/Makefile.am
+===================================================================
+--- git.orig/utils12/Makefile.am
++++ git/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
# result: [current-age].age.revision
libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
@@ -120,6 +119,3 @@ index a01f47c..e9fe61e 100644
noinst_HEADERS = ekutils12.h
bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
---
-2.17.1
-
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
index 18ad7eb43..4d9b5540a 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
@@ -17,7 +17,7 @@ DEPENDS = "openssl ibmswtpm2"
inherit autotools pkgconfig
-SRCREV = "aa6c6ec83793ba21782033c03439977c26d3cc87"
+SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f"
SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index d2a1c47b5..edfcce9d1 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -18,7 +18,7 @@ SRC_URI = "\
file://tpm2-abrmd.default \
"
-SRCREV = "4cdda466010a3699ebe967d990ac715ae3de7d35"
+SRCREV = "4f332013a02c422e186c4aaf127ab6a40b996028"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
index 6beb67a18..d53d4fa86 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
@@ -10,7 +10,7 @@ SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch"
-SRCREV = "78bbf6a0237351830d0c3923b25ba0b57ae0b7e9"
+SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
index 5bd26ab98..dbd324aa2 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
@@ -8,6 +8,6 @@ DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc"
+SRC_URI[sha256sum] = "e1b907fe29877628052e08ad84eebc6c3f7646d29505ed4862e96162a8c91ba1"
inherit autotools pkgconfig bash-completion
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index 264484f7a..dfebc072d 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -9,8 +9,8 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"
-SRCREV = "bfd581986353edc1058604e77cac804bd8b0d30a"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x"
+SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
inherit autotools-brokensep pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index ebd6d539e..539569572 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -2,14 +2,14 @@ SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for Ope
DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
-SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x"
+SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
inherit autotools-brokensep pkgconfig systemd
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
new file mode 100644
index 000000000..cae2e76e1
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
@@ -0,0 +1,48 @@
+From 03cca78d24d716eec792f86f5b0bc69886fad981 Mon Sep 17 00:00:00 2001
+From: Patrick McCarty <patrick.mccarty@intel.com>
+Date: Fri, 18 Dec 2020 01:54:05 +0000
+Subject: [PATCH] configure.ac: fix compatibility with autoconf 2.70
+
+With autoconf 2.70, not quoting the second argument to one of the AS_IF
+macro expansions leads to generation of invalid shell code affecting the
+first nested ERROR_IF_NO_PROG expansion.
+
+The invalid shell code leads to an error resembling:
+
+ ./configure: line 18826: syntax error near unexpected token `newline'
+ ./configure: line 18826: ` '''
+
+Fix the issue by quoting the second argument to the affected AS_IF,
+similar to the quoting found elsewhere in configure.ac.
+
+Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: tpm2-tss-3.0.3/configure.ac
+===================================================================
+--- tpm2-tss-3.0.3.orig/configure.ac
++++ tpm2-tss-3.0.3/configure.ac
+@@ -279,7 +279,7 @@ AC_ARG_ENABLE([integration],
+ [build and execute integration tests])],,
+ [enable_integration=no])
+ AS_IF([test "x$enable_integration" = "xyes"],
+- AS_IF([test "$HOSTOS" = "Linux"],
++ [AS_IF([test "$HOSTOS" = "Linux"],
+ [ERROR_IF_NO_PROG([ss])],
+ [ERROR_IF_NO_PROG([sockstat])])
+ ERROR_IF_NO_PROG([echo])
+@@ -328,7 +328,7 @@ AS_IF([test "x$enable_integration" = "xy
+ [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
+ AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
+ AC_SUBST([INTEGRATION_ARGS], [$integration_args])
+- AC_SUBST([ENABLE_INTEGRATION], [$enable_integration]))
++ AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
+ AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
+ #
+ # sanitizer compiler flags
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
index 78be51359..b2486e5be 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
@@ -6,8 +6,10 @@ SECTION = "tpm"
DEPENDS = "autoconf-archive-native libgcrypt openssl"
-SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "e294677f8993234d0adfa191a5cbf9c5b83cc60c724c233e3d631c26712abea0"
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
+ file://0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch \
+ "
+SRC_URI[sha256sum] = "78392be7309baf47f51b122f566ac915fd4d1760ea78571cba2e1484f9b5be17"
inherit autotools pkgconfig systemd extrausers
diff --git a/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch b/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
new file mode 100644
index 000000000..72cb8806c
--- /dev/null
+++ b/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
@@ -0,0 +1,28 @@
+Fix error when compile for powerpc:
+
+| x_sh_dbIO.c: In function 'swap_short':
+| x_sh_dbIO.c:229:36: error: initializer element is not constant
+| 229 | static unsigned short ooop = *iptr;
+| | ^
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/sh_dbIO.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/sh_dbIO.c b/src/sh_dbIO.c
+index b547ac5..23a9621 100644
+--- a/src/sh_dbIO.c
++++ b/src/sh_dbIO.c
+@@ -226,7 +226,8 @@ static unsigned short * swap_short (unsigned short * iptr)
+ else
+ {
+ /* alignment problem */
+- static unsigned short ooop = *iptr;
++ static unsigned short ooop;
++ ooop = *iptr;
+ unsigned short hi = (ooop & 0xff00);
+ unsigned short lo = (ooop & 0xff);
+ ooop = (lo << 8) | (hi >> 8);
diff --git a/meta-security/recipes-ids/samhain/samhain.inc b/meta-security/recipes-ids/samhain/samhain.inc
index 6a2eb0855..0148e46cf 100644
--- a/meta-security/recipes-ids/samhain/samhain.inc
+++ b/meta-security/recipes-ids/samhain/samhain.inc
@@ -18,6 +18,7 @@ SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-avoid-searching-host-for-postgresql.patch \
file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://fix-build-with-new-version-attr.patch \
+ file://samhain-fix-initializer-element-is-not-constant.patch \
"
SRC_URI[sha256sum] = "3e57574036d5055e9557ec5095818b419ea6c4365370fc2ccce1e9f87f9fad08"
diff --git a/meta-security/recipes-security/fail2ban/files/run-ptest b/meta-security/recipes-security/fail2ban/files/run-ptest
index 9f6aebe82..64d07d587 100644
--- a/meta-security/recipes-security/fail2ban/files/run-ptest
+++ b/meta-security/recipes-security/fail2ban/files/run-ptest
@@ -1,3 +1,3 @@
#!/bin/sh
-##PYTHON## fail2ban-testcases
+##PYTHON## bin/fail2ban-testcases
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 6767d80cf..b480c76d5 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -35,8 +35,9 @@ do_install_append () {
do_install_ptest_append () {
install -d ${D}${PTEST_PATH}
+ install -d ${D}${PTEST_PATH}/bin
sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
- install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH}
+ install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
}
FILES_${PN} += "/run"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 440b4e34c..df76a3d9a 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -15,7 +15,7 @@ SRC_URI = "git://github.com/google/fscryptctl.git"
S = "${WORKDIR}/git"
do_install() {
- oe_runmake DESTDIR=${D}${bindir} install
+ oe_runmake DESTDIR=${D} PREFIX=/usr install
}
RRECOMMENDS_${PN} += "\
generated by cgit v1.2.3 (git 2.39.0) at 2024-05-21 02:05:26 +0300