diff options
35 files changed, 146 insertions, 49 deletions
diff --git a/meta-aspeed/conf/machine/include/aspeed.inc b/meta-aspeed/conf/machine/include/aspeed.inc index 05e465849..a2316cf6a 100644 --- a/meta-aspeed/conf/machine/include/aspeed.inc +++ b/meta-aspeed/conf/machine/include/aspeed.inc @@ -20,7 +20,7 @@ MACHINEOVERRIDES =. "aspeed:" SERIAL_CONSOLES ?= "115200;ttyS4" DEFAULTTUNE_aspeed-g5 ?= "arm1176jzs" -DEFAULTTUNE_aspeed-g6 ?= "armv7a-vfpv4d16" +DEFAULTTUNE_aspeed-g6 ?= "armv7ahf-vfpv4d16" UBOOT_ENTRYPOINT_aspeed-g4 ?= "0x40001000" UBOOT_ENTRYPOINT_aspeed-g5 ?= "0x80001000" diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig index d0abbf1fa..939a60e91 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g4/defconfig @@ -141,6 +141,7 @@ CONFIG_I2C_MUX_PCA9541=y CONFIG_I2C_MUX_PCA954x=y CONFIG_I2C_ASPEED=y CONFIG_I2C_FSI=y +CONFIG_SPI=y CONFIG_GPIOLIB=y CONFIG_GPIO_SYSFS=y CONFIG_GPIO_ASPEED=y diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig index 209ed49f7..d189de899 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g5/defconfig @@ -3,6 +3,8 @@ CONFIG_KERNEL_XZ=y CONFIG_SYSVIPC=y CONFIG_NO_HZ_IDLE=y CONFIG_HIGH_RES_TIMERS=y +CONFIG_PSI=y +CONFIG_PSI_DEFAULT_DISABLED=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=16 @@ -138,10 +140,12 @@ CONFIG_ASPEED_BT_IPMI_BMC=y CONFIG_HW_RANDOM_TIMERIOMEM=y # CONFIG_I2C_COMPAT is not set CONFIG_I2C_CHARDEV=y +CONFIG_I2C_MUX=y CONFIG_I2C_MUX_PCA9541=y CONFIG_I2C_MUX_PCA954x=y CONFIG_I2C_ASPEED=y CONFIG_I2C_FSI=y +CONFIG_SPI=y CONFIG_GPIOLIB=y CONFIG_GPIO_SYSFS=y CONFIG_GPIO_ASPEED=y diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig index 43a77c1d2..bf6e9527c 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed/aspeed-g6/defconfig @@ -152,6 +152,7 @@ CONFIG_ASPEED_BT_IPMI_BMC=y CONFIG_HW_RANDOM_TIMERIOMEM=y # CONFIG_I2C_COMPAT is not set CONFIG_I2C_CHARDEV=y +CONFIG_I2C_MUX=y CONFIG_I2C_MUX_PCA9541=y CONFIG_I2C_MUX_PCA954x=y CONFIG_I2C_ASPEED=y diff --git a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb index 0cf379853..7057ccd81 100644 --- a/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb +++ b/meta-aspeed/recipes-kernel/linux/linux-aspeed_git.bb @@ -1,6 +1,6 @@ -KBRANCH ?= "dev-5.3" -LINUX_VERSION ?= "5.3.15" +KBRANCH ?= "dev-5.4" +LINUX_VERSION ?= "5.4.4" -SRCREV="fdc60468f3e452364d432f1a7c3f83d58bba1b84" +SRCREV="91b5e9f45c23ff55d8b547ddf1661337a70e2b22" require linux-aspeed.inc diff --git a/meta-ibm/meta-witherspoon/recipes-phosphor/skeleton/obmc-libobmc-intf/rainier/gpio_defs.json b/meta-ibm/meta-witherspoon/recipes-phosphor/skeleton/obmc-libobmc-intf/rainier/gpio_defs.json index 828c35b29..296039502 100644 --- a/meta-ibm/meta-witherspoon/recipes-phosphor/skeleton/obmc-libobmc-intf/rainier/gpio_defs.json +++ b/meta-ibm/meta-witherspoon/recipes-phosphor/skeleton/obmc-libobmc-intf/rainier/gpio_defs.json @@ -6,9 +6,6 @@ "power_up_outs": [ {"name": "SOFTWARE_PGOOD", "polarity": true}, {"name": "BMC_POWER_UP", "polarity": true} - ], - "reset_outs": [ - {"name": "BMC_DCM_ALL_RESET_N", "polarity": false} ] } }, @@ -28,11 +25,6 @@ "name": "SYS_PWROK_BUFF", "pin": "R2", "direction": "in" - }, - { - "name": "BMC_DCM_ALL_RESET_N", - "pin": "Q0", - "direction": "out" } ] } diff --git a/meta-inspur/meta-fp5280g2/recipes-phosphor/power/phosphor-power_%.bbappend b/meta-inspur/meta-fp5280g2/recipes-phosphor/power/phosphor-power_%.bbappend index ad1232a24..02f0d2bcd 100644 --- a/meta-inspur/meta-fp5280g2/recipes-phosphor/power/phosphor-power_%.bbappend +++ b/meta-inspur/meta-fp5280g2/recipes-phosphor/power/phosphor-power_%.bbappend @@ -1,5 +1,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +inherit obmc-phosphor-systemd + SRC_URI += "file://psu.json" PSU_MONITOR_ENV_FMT = "obmc/power-supply-monitor/power-supply-monitor-{0}.conf" diff --git a/meta-intel/meta-common/recipes-intel/ipmi/intel-ipmi-oem_git.bb b/meta-intel/meta-common/recipes-intel/ipmi/intel-ipmi-oem_git.bb index ae4c31e99..e4007da82 100755 --- a/meta-intel/meta-common/recipes-intel/ipmi/intel-ipmi-oem_git.bb +++ b/meta-intel/meta-common/recipes-intel/ipmi/intel-ipmi-oem_git.bb @@ -5,7 +5,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=a6a4edad4aed50f39a66d098d74b265b" SRC_URI = "git://github.com/openbmc/intel-ipmi-oem" -SRCREV = "09a8314bb754dccd4af2ef8d2d9e6e43f6da74ec" +SRCREV = "ce4e73fd31d46fc101d0994ea5e6f85e3a03e2d4" S = "${WORKDIR}/git" PV = "0.1+git${SRCPV}" diff --git a/meta-nuvoton/recipes-bsp/u-boot/u-boot-common-nuvoton.inc b/meta-nuvoton/recipes-bsp/u-boot/u-boot-common-nuvoton.inc index e049d9bd1..7ab0dedbd 100644 --- a/meta-nuvoton/recipes-bsp/u-boot/u-boot-common-nuvoton.inc +++ b/meta-nuvoton/recipes-bsp/u-boot/u-boot-common-nuvoton.inc @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://Licenses/README;md5=30503fd321432fc713238f582193b78e" UBRANCH = "npcm7xx-v2019.01" SRC_URI = "git://github.com/Nuvoton-Israel/u-boot.git;branch=${UBRANCH}" -SRCREV = "053010cb581266c6be675b9ae4ca7bf0583e8538" +SRCREV = "adb4ac1af3f952ee6248e839af0c8600a0642d4b" S = "${WORKDIR}/git" diff --git a/meta-openpower/recipes-phosphor/host/op-proc-control_git.bb b/meta-openpower/recipes-phosphor/host/op-proc-control_git.bb index a72adb66e..2ff565db7 100644 --- a/meta-openpower/recipes-phosphor/host/op-proc-control_git.bb +++ b/meta-openpower/recipes-phosphor/host/op-proc-control_git.bb @@ -11,7 +11,7 @@ inherit autotools obmc-phosphor-utils pkgconfig pythonnative inherit systemd SRC_URI += "git://github.com/openbmc/openpower-proc-control" -SRCREV = "22a057ed88f0f68aca521cf8e239413113b31932" +SRCREV = "b181d3bb878f986598751ddb1875577b7ba65a39" DEPENDS += " \ autoconf-archive-native \ diff --git a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb index b2a908244..a152aab9a 100644 --- a/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb +++ b/meta-phosphor/recipes-phosphor/certificate/phosphor-certificate-manager_git.bb @@ -9,7 +9,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" SRC_URI = "git://github.com/openbmc/phosphor-certificate-manager" -SRCREV = "667286e4f7dc31a9ab786307092919901adccbb5" +SRCREV = "fe590c4e28e28f611162f5766681d6396d6fd59b" inherit autotools \ pkgconfig \ diff --git a/meta-phosphor/recipes-phosphor/configuration/entity-manager_git.bb b/meta-phosphor/recipes-phosphor/configuration/entity-manager_git.bb index 8d0c36fa7..8dc263ae1 100644 --- a/meta-phosphor/recipes-phosphor/configuration/entity-manager_git.bb +++ b/meta-phosphor/recipes-phosphor/configuration/entity-manager_git.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Entity Manager provides d-bus configuration data \ and configures system sensors" SRC_URI = "git://github.com/openbmc/entity-manager.git" -SRCREV = "7d807754cc9153b04b599804464edd9654d7a81e" +SRCREV = "0c3980a748f145672e800c718318f761da3c56a5" PV = "0.1+git${SRCPV}" LICENSE = "Apache-2.0" diff --git a/meta-phosphor/recipes-phosphor/host/phosphor-host-postd_git.bb b/meta-phosphor/recipes-phosphor/host/phosphor-host-postd_git.bb index e1114e8aa..3b088b93c 100644 --- a/meta-phosphor/recipes-phosphor/host/phosphor-host-postd_git.bb +++ b/meta-phosphor/recipes-phosphor/host/phosphor-host-postd_git.bb @@ -17,7 +17,7 @@ DEPENDS += "systemd" S = "${WORKDIR}/git" SRC_URI = "git://github.com/openbmc/phosphor-host-postd" -SRCREV = "49a18b220229304b690097041d8028895bd4215a" +SRCREV = "6dac4c5e5529eac30c6c2d35db9023c9914cc798" SNOOP_DEVICE ?= "aspeed-lpc-snoop0" POST_CODE_BYTES ?= "1" diff --git a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb index 720b068c1..24a6bb3cf 100644 --- a/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb +++ b/meta-phosphor/recipes-phosphor/interfaces/bmcweb_git.bb @@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=a6a4edad4aed50f39a66d098d74b265b" SRC_URI = "git://github.com/openbmc/bmcweb.git" PV = "1.0+git${SRCPV}" -SRCREV = "7166bf0fd7453f2b5d6bfb3afbdad5eb00f74990" +SRCREV = "9c6b0159a6d9f71d0bbc1301d1f605add3f91da3" S = "${WORKDIR}/git" diff --git a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-flash_git.bb b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-flash_git.bb index 3c11d85e6..534e4ec7e 100644 --- a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-flash_git.bb +++ b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-flash_git.bb @@ -35,6 +35,7 @@ PACKAGECONFIG[host-bios] = "--enable-host-bios, --disable-host-bios" PACKAGECONFIG[aspeed-p2a] = "--enable-aspeed-p2a, --disable-aspeed-p2a" PACKAGECONFIG[aspeed-lpc] = "--enable-aspeed-lpc, --disable-aspeed-lpc" PACKAGECONFIG[nuvoton-lpc] = "--enable-nuvoton-lpc, --disable-nuvoton-lpc" +PACKAGECONFIG[net-bridge] = "--enable-net-bridge, --disable-net-bridge" EXTRA_OECONF = "--disable-tests --disable-build-host-tool" diff --git a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host.inc b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host.inc index f9cd1b775..8a15732e8 100644 --- a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host.inc +++ b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-host.inc @@ -2,4 +2,4 @@ HOMEPAGE = "http://github.com/openbmc/phosphor-host-ipmid" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=fa818a259cbed7ce8bc2a22d35a464fc" SRC_URI += "git://github.com/openbmc/phosphor-host-ipmid" -SRCREV = "225dec858e52f0e8319acfe72d7b3630adcc7a0d" +SRCREV = "4a15685ee852d0b0ee0981d3d1a2a9dd55130835" diff --git a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-net_git.bb b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-net_git.bb index 3f9313ab6..ab93f7a42 100644 --- a/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-net_git.bb +++ b/meta-phosphor/recipes-phosphor/ipmi/phosphor-ipmi-net_git.bb @@ -16,7 +16,7 @@ DEPENDS += "systemd" DEPENDS += "phosphor-ipmi-host" SRC_URI += "git://github.com/openbmc/phosphor-net-ipmid" -SRCREV = "b0a81f665fb76dab9ef2af174ac64de99211f2f8" +SRCREV = "46bec0f60a201a644c1f3af4cec2f31da58a0595" S = "${WORKDIR}/git" diff --git a/meta-phosphor/recipes-phosphor/logging/phosphor-logging_git.bb b/meta-phosphor/recipes-phosphor/logging/phosphor-logging_git.bb index f2c1f6288..4483a6474 100644 --- a/meta-phosphor/recipes-phosphor/logging/phosphor-logging_git.bb +++ b/meta-phosphor/recipes-phosphor/logging/phosphor-logging_git.bb @@ -54,7 +54,7 @@ FILES_phosphor-rsyslog-config += " \ " SRC_URI += "git://github.com/openbmc/phosphor-logging" -SRCREV = "57686b65b58e247858df228de8889ae30104ecdf" +SRCREV = "b3f5186e89a1ff8887e41863da39d30d373e3c08" S = "${WORKDIR}/git" diff --git a/meta-phosphor/recipes-phosphor/pldm/pldm.inc b/meta-phosphor/recipes-phosphor/pldm/pldm.inc index 951bc298d..5cf57211c 100644 --- a/meta-phosphor/recipes-phosphor/pldm/pldm.inc +++ b/meta-phosphor/recipes-phosphor/pldm/pldm.inc @@ -2,4 +2,4 @@ HOMEPAGE = "https://github.com/openbmc/pldm" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" SRC_URI = "git://github.com/openbmc/pldm" -SRCREV = "9a26f89f45c3753c9059505506da9f02460122ab" +SRCREV = "f4e0a49596ceb48cc7ce8f7c3e10d398bdf941eb" diff --git a/meta-phosphor/recipes-phosphor/sensors/dbus-sensors_git.bb b/meta-phosphor/recipes-phosphor/sensors/dbus-sensors_git.bb index 8c884ab85..637327ab3 100644 --- a/meta-phosphor/recipes-phosphor/sensors/dbus-sensors_git.bb +++ b/meta-phosphor/recipes-phosphor/sensors/dbus-sensors_git.bb @@ -2,7 +2,7 @@ SUMMARY = "dbus-sensors" DESCRIPTION = "Dbus Sensor Services Configured from D-Bus" SRC_URI = "git://github.com/openbmc/dbus-sensors.git" -SRCREV = "73c363ff2d131b59149baaa0bc9bff41a3cfb125" +SRCREV = "9f9b38d89a751e70cdf61bfb3f78c05800201f95" PV = "0.1+git${SRCPV}" @@ -24,8 +24,4 @@ inherit cmake systemd S = "${WORKDIR}/git/" -# linux-libc-headers guides this way to include custom uapi headers -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" -do_configure[depends] += "virtual/kernel:do_shared_workdir" EXTRA_OECMAKE = "-DYOCTO=1" diff --git a/meta-phosphor/recipes-phosphor/sensors/phosphor-hwmon/start_hwmon.sh b/meta-phosphor/recipes-phosphor/sensors/phosphor-hwmon/start_hwmon.sh index 2f35865b3..2e346d0fb 100755 --- a/meta-phosphor/recipes-phosphor/sensors/phosphor-hwmon/start_hwmon.sh +++ b/meta-phosphor/recipes-phosphor/sensors/phosphor-hwmon/start_hwmon.sh @@ -17,7 +17,8 @@ then fi fi +# Needed to re-do escaping used to avoid bitbake separator conflicts path="${path//:/--}" -path="${path//-/\\x2d}" - -systemctl --no-block $action 'xyz.openbmc_project.Hwmon@'$path'.service' +# Needed to escape prior to being used as a unit argument +path="$(systemd-escape "$path")" +systemctl --no-block "$action" "xyz.openbmc_project.Hwmon@$path.service" diff --git a/meta-phosphor/recipes-phosphor/webui/phosphor-webui_git.bb b/meta-phosphor/recipes-phosphor/webui/phosphor-webui_git.bb index 950ae6e9e..dd37689fb 100644 --- a/meta-phosphor/recipes-phosphor/webui/phosphor-webui_git.bb +++ b/meta-phosphor/recipes-phosphor/webui/phosphor-webui_git.bb @@ -6,7 +6,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" SRC_URI = "git://github.com/openbmc/phosphor-webui.git" -SRCREV = "86f4056a2dfee6fced5b5b03de04a7ef9c33d74f" +SRCREV = "dda0b83ebe65f7dc90275a649245e85ba3e8b315" S = "${WORKDIR}/git" DEPENDS_prepend = "nodejs-native " diff --git a/meta-security/lib/oeqa/runtime/cases/suricata.py b/meta-security/lib/oeqa/runtime/cases/suricata.py index 17fc8c508..7f052ecd7 100644 --- a/meta-security/lib/oeqa/runtime/cases/suricata.py +++ b/meta-security/lib/oeqa/runtime/cases/suricata.py @@ -1,6 +1,7 @@ # Copyright (C) 2019 Armin Kuster <akuster808@gmail.com> # import re +from tempfile import mkstemp from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends @@ -9,6 +10,22 @@ from oeqa.runtime.decorator.package import OEHasPackage class SuricataTest(OERuntimeTestCase): + @classmethod + def setUpClass(cls): + cls.tmp_fd, cls.tmp_path = mkstemp() + with os.fdopen(cls.tmp_fd, 'w') as f: + # use google public dns + f.write("nameserver 8.8.8.8") + f.write(os.linesep) + f.write("nameserver 8.8.4.4") + f.write(os.linesep) + f.write("nameserver 127.0.0.1") + f.write(os.linesep) + + @classmethod + def tearDownClass(cls): + os.remove(cls.tmp_path) + @OEHasPackage(['suricata']) @OETestDepends(['ssh.SSHTest.test_ssh']) def test_suricata_help(self): @@ -18,10 +35,42 @@ class SuricataTest(OERuntimeTestCase): self.assertEqual(status, 1, msg = msg) @OETestDepends(['suricata.SuricataTest.test_suricata_help']) - def test_suricata_unittest(self): - status, output = self.target.run('suricata -u') - match = re.search('FAILED: 0 ', output) - if not match: - msg = ('suricata unittest had an unexpected failure. ' - 'Status and output:%s and %s' % (status, output)) - self.assertEqual(status, 0, msg = msg) + def test_ping_openinfosecfoundation_org(self): + dst = '/etc/resolv.conf' + self.tc.target.run('rm -f %s' % dst) + (status, output) = self.tc.target.copyTo(self.tmp_path, dst) + msg = 'File could not be copied. Output: %s' % output + self.assertEqual(status, 0, msg=msg) + + status, output = self.target.run('ping -c 1 openinfosecfoundation.org') + msg = ('ping openinfosecfoundation.org failed: output is:\n%s' % output) + self.assertEqual(status, 0, msg = msg) + + @OEHasPackage(['python3-suricata-update']) + @OETestDepends(['suricata.SuricataTest.test_ping_openinfosecfoundation_org']) + def test_suricata_update(self): + status, output = self.tc.target.run('suricata-update') + msg = ('suricata-update had an unexpected failure. ' + 'Status and output:%s and %s' % (status, output)) + self.assertEqual(status, 0, msg = msg) + + @OETestDepends(['suricata.SuricataTest.test_suricata_update']) + def test_suricata_update_sources_list(self): + status, output = self.tc.target.run('suricata-update list-sources') + msg = ('suricata-update list-sources had an unexpected failure. ' + 'Status and output:%s and %s' % (status, output)) + self.assertEqual(status, 0, msg = msg) + + @OETestDepends(['suricata.SuricataTest.test_suricata_update_sources_list']) + def test_suricata_update_sources(self): + status, output = self.tc.target.run('suricata-update update-sources') + msg = ('suricata-update update-sources had an unexpected failure. ' + 'Status and output:%s and %s' % (status, output)) + self.assertEqual(status, 0, msg = msg) + + @OETestDepends(['suricata.SuricataTest.test_suricata_update_sources']) + def test_suricata_update_enable_source(self): + status, output = self.tc.target.run('suricata-update enable-source oisf/trafficid') + msg = ('suricata-update enable-source oisf/trafficid had an unexpected failure. ' + 'Status and output:%s and %s' % (status, output)) + self.assertEqual(status, 0, msg = msg) diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf index 962424ccb..bfc9c6ff1 100644 --- a/meta-security/meta-integrity/conf/layer.conf +++ b/meta-security/meta-integrity/conf/layer.conf @@ -24,3 +24,5 @@ OE_TERMINAL_EXPORTS += "INTEGRITY_BASE" LAYERSERIES_COMPAT_integrity = "zeus" # ima-evm-utils depends on keyutils from meta-oe LAYERDEPENDS_integrity = "core openembedded-layer" + +BBLAYERS_LAYERINDEX_NAME_integrity = "meta-integrity" diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf index 0e93bd0e8..8572a1fce 100644 --- a/meta-security/meta-security-compliance/conf/layer.conf +++ b/meta-security/meta-security-compliance/conf/layer.conf @@ -11,3 +11,5 @@ BBFILE_PRIORITY_scanners-layer = "10" LAYERSERIES_COMPAT_scanners-layer = "zeus" LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python" + +BBLAYERS_LAYERINDEX_NAME_scanners-layer = "meta-security-compliance" diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index 3af2d9517..175eba84e 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -14,3 +14,4 @@ LAYERDEPENDS_tpm-layer = " \ core \ openembedded-layer \ " +BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh index c8dfb7de3..9bb7da972 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh @@ -27,7 +27,7 @@ case "${1}" in start) echo -n "Starting $DESC: " - if [ ! -e /dev/tpm* ] + if [ ! -e /dev/tpm? ] then echo "device driver not loaded, skipping." exit 0 diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default index 987978a66..b4b3c2072 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default @@ -1 +1 @@ -DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transient-objects=20 --fail-on-loaded-trans" +DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transients=20 --flush-all" diff --git a/meta-security/recipes-ids/suricata/libhtp_0.5.31.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.32.bb index 8305f7010..8305f7010 100644 --- a/meta-security/recipes-ids/suricata/libhtp_0.5.31.bb +++ b/meta-security/recipes-ids/suricata/libhtp_0.5.32.bb diff --git a/meta-security/recipes-ids/suricata/python3-suricata-update_1.0.5.bb b/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb index 63f75e096..0070b5bcf 100644 --- a/meta-security/recipes-ids/suricata/python3-suricata-update_1.0.5.bb +++ b/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb @@ -5,8 +5,8 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" -SRCREV = "dcd0f630e13463750efb1593ad3ccae1ae6c27d4" -SRC_URI = "git://github.com/OISF/suricata-update;branch='master-1.0.x'" +SRCREV = "9630630ffc493ca26299d174ee2066aa1405b2d4" +SRC_URI = "git://github.com/OISF/suricata-update;branch='master-1.1.x'" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-ids/suricata/suricata.inc b/meta-security/recipes-ids/suricata/suricata.inc index 1f4baffcc..3adbcf6d4 100644 --- a/meta-security/recipes-ids/suricata/suricata.inc +++ b/meta-security/recipes-ids/suricata/suricata.inc @@ -2,8 +2,8 @@ HOMEPAGE = "http://suricata-ids.org/" SECTION = "security Monitor/Admin" LICENSE = "GPLv2" -VER = "4.1.5" +VER = "4.1.6" SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz" -SRC_URI[md5sum] = "0dfd68f6f4314c5c2eed7128112eff3b" -SRC_URI[sha256sum] = "cee5f6535cd7fe63fddceab62eb3bc66a63fc464466c88ec7a41b7a1331ac74b" +SRC_URI[md5sum] = "da5de1e8053f05cbd295793210117d34" +SRC_URI[sha256sum] = "8441ac89016106459ade2112fcde58b3f789e4beb2fd8bfa081ffb75eec75fe0" diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb b/meta-security/recipes-ids/suricata/suricata_4.1.6.bb index b2700d63f..9b7122b9e 100644 --- a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb +++ b/meta-security/recipes-ids/suricata/suricata_4.1.6.bb @@ -10,7 +10,6 @@ SRC_URI += " \ file://suricata.yaml \ file://suricata.service \ file://run-ptest \ - file://0001-af-packet-fix-build-on-recent-Linux-kernels.patch \ " inherit autotools-brokensep pkgconfig python3-dir systemd ptest diff --git a/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch b/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch new file mode 100644 index 000000000..a53433fe5 --- /dev/null +++ b/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch @@ -0,0 +1,45 @@ +From 1ecdddb2a5b61cf527d1f238f88a9d129239f87a Mon Sep 17 00:00:00 2001 +From: Paul Moore <paul@paul-moore.com> +Date: Tue, 5 Nov 2019 15:11:11 -0500 +Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls + +We recently changed how libseccomp handles syscall numbers that are +not defined natively, but we missed test #15. + +Acked-by: Tom Hromatka <tom.hromatka@oracle.com> +Signed-off-by: Paul Moore <paul@paul-moore.com> + +Upstream-Status: Backport +[https://github.com/seccomp/libseccomp/commit/1ecdddb2a5b61cf527d1f238f88a9d129239f87a] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + tests/15-basic-resolver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c +index 6badef1..0c1eefe 100644 +--- a/tests/15-basic-resolver.c ++++ b/tests/15-basic-resolver.c +@@ -55,15 +55,15 @@ int main(int argc, char *argv[]) + unsigned int arch; + char *name = NULL; + +- if (seccomp_syscall_resolve_name("open") != __NR_open) ++ if (seccomp_syscall_resolve_name("open") != __SNR_open) + goto fail; +- if (seccomp_syscall_resolve_name("read") != __NR_read) ++ if (seccomp_syscall_resolve_name("read") != __SNR_read) + goto fail; + if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) + goto fail; + + rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); +- if (rc != __NR_openat) ++ if (rc != __SNR_openat) + goto fail; + + while ((arch = arch_list[iter++]) != -1) { +-- +2.17.1 + diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb index 37a79829f..07db82a60 100644 --- a/meta-security/recipes-security/libseccomp/libseccomp_2.4.1.bb +++ b/meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb @@ -4,9 +4,10 @@ SECTION = "security" LICENSE = "LGPL-2.1" LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f" -SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3" +SRCREV = "1b6cfd1fc0b7499a28c24299a93a80bd18619563" SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \ + file://0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch \ file://run-ptest \ " diff --git a/meta-yadro/meta-nicole/recipes-phosphor/logging/openpower-esel-parser_git.bb b/meta-yadro/meta-nicole/recipes-phosphor/logging/openpower-esel-parser_git.bb index ff6091845..fe9b8fee9 100644 --- a/meta-yadro/meta-nicole/recipes-phosphor/logging/openpower-esel-parser_git.bb +++ b/meta-yadro/meta-nicole/recipes-phosphor/logging/openpower-esel-parser_git.bb @@ -20,4 +20,4 @@ DEPENDS += "autoconf-archive-native \ # Source code repository S = "${WORKDIR}/git" SRC_URI = "gitsm://github.com/YADRO-KNS/openpower-esel-parser" -SRCREV = "1ed2c38095591c68348983637e4dcb50f4cfff63" +SRCREV = "c35879fa605f3aa8098fff2c0a395815d8cbfe51" |