7 files changed, 210 insertions, 36 deletions
diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/files/fix_library_install_path.patch b/meta-openembedded/meta-oe/recipes-security/keyutils/files/fix_library_install_path.patch
new file mode 100644
index 000000000..938fe2eb5
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/keyutils/files/fix_library_install_path.patch
@@ -0,0 +1,28 @@
+From b0355cc205543ffd33752874295139d57c4fbc3e Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Tue, 26 Sep 2017 07:59:51 +0000
+Subject: [PATCH] Subject: [PATCH] keyutils: use relative path for link
+
+The absolute path of the symlink will be invalid
+when populated in sysroot, so use relative path instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+{rebased for 1.6]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: keyutils-1.6/Makefile
+===================================================================
+--- keyutils-1.6.orig/Makefile
++++ keyutils-1.6/Makefile
+@@ -184,7 +184,7 @@ ifeq ($(NO_SOLIB),0)
+ 	$(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
+ 	$(LNS) $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
+ 	mkdir -p $(DESTDIR)$(USRLIBDIR)
+-	$(LNS) $(LIBDIR)/$(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
++	$(LNS) $(SONAME) $(DESTDIR)$(USRLIBDIR)/$(DEVELLIB)
+ 	sed \
+ 	-e 's,@VERSION\@,$(VERSION),g' \
+ 	-e 's,@prefix\@,$(PREFIX),g' \
diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch b/meta-openembedded/meta-oe/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
new file mode 100644
index 000000000..acd91c01c
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/keyutils/files/keyutils-fix-error-report-by-adding-default-message.patch
@@ -0,0 +1,42 @@
+fix keyutils test error report
+
+Upstream-Status: Pending
+
+"Permission denied" may be the reason of EKEYEXPIRED and EKEYREVOKED.
+"Required key not available" may be the reason of EKEYREVOKED.
+EXPIRED and REVOKED are 2 status of kernel security keys features.
+But the userspace keyutils lib will output the error message, which may
+have several reasons.
+
+Signed-off-by: Han Chao <chan@windriver.com>
+
+diff --git a/tests/toolbox.inc.sh b/tests/toolbox.inc.sh
+index bbca00a..739e9d0 100644
+--- a/tests/toolbox.inc.sh
++++ b/tests/toolbox.inc.sh
+@@ -227,11 +227,12 @@ function expect_error ()
+ 	    ;;
+ 	EKEYEXPIRED)
+ 	    my_err="Key has expired"
+-	    alt_err="Unknown error 127"
++	    alt_err="Permission denied"
+ 	    ;;
+ 	EKEYREVOKED)
+ 	    my_err="Key has been revoked"
+-	    alt_err="Unknown error 128"
++	    alt_err="Permission denied"
++	    alt2_err="Required key not available"
+ 	    ;;
+ 	EKEYREJECTED)
+ 	    my_err="Key has been rejected"
+@@ -249,6 +250,9 @@ function expect_error ()
+     elif [ "x$alt_err" != "x" ] && expr "$my_errmsg" : ".*: $alt_err" >&/dev/null
+     then
+ 	:
++    elif [ "x$alt2_err" != "x" ] && expr "$my_errmsg" : ".*: $alt2_err" >&/dev/null
++    then
++	:
+     elif [ "x$old_err" != "x" ] && expr "$my_errmsg" : ".*: $old_err" >&/dev/null
+     then
+ 	:
+
diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch b/meta-openembedded/meta-oe/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
new file mode 100644
index 000000000..a4ffd50ce
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/keyutils/files/keyutils-test-fix-output-format.patch
@@ -0,0 +1,41 @@
+From 49b6321368e4bd3cd233d045cd09004ddd7968b2 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Mon, 15 May 2017 14:52:00 +0800
+Subject: [PATCH] keyutils: fix output format
+
+keyutils ptest output format is incorrect, according to yocto
+Development Manual
+(http://www.yoctoproject.org/docs/latest/dev-manual/dev-manual.html#testing-packages-with-ptest)
+5.10.6. Testing Packages With ptestThe test generates output in the format used by Automake:
+<result>: <testname>
+where the result can be PASS, FAIL, or SKIP, and the testname can be any
+identifying string.
+So we should change the test result format to match yocto ptest rules.
+
+Upstream-Status: Inappropriate [OE ptest specific]
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ tests/runtest.sh | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/tests/runtest.sh b/tests/runtest.sh
+index b6eaa7c..84263fb 100644
+--- a/tests/runtest.sh
++++ b/tests/runtest.sh
+@@ -21,6 +21,11 @@ for i in ${TESTS}; do
+     echo "### RUNNING TEST $i"
+     if [[ $AUTOMATED != 0 ]] ; then
+         bash ./runtest.sh
++        if [ $? != 0 ]; then
++            echo "FAIL: $i"
++        else
++            echo "PASS: $i"
++        fi
+     else
+         bash ./runtest.sh || exit 1
+     fi
+-- 
+2.11.0
+
diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/files/run-ptest b/meta-openembedded/meta-oe/recipes-security/keyutils/files/run-ptest
new file mode 100755
index 000000000..305707f65
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/keyutils/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+export AUTOMATED=1
+make -C tests run
diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.bb b/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.bb
new file mode 100644
index 000000000..572143a5a
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.bb
@@ -0,0 +1,65 @@
+SUMMARY = "Linux Key Management Utilities"
+DESCRIPTION = "\
+    Utilities to control the kernel key management facility and to provide \
+    a mechanism by which the kernel call back to userspace to get a key \
+    instantiated. \
+    "
+HOMEPAGE = "http://people.redhat.com/dhowells/keyutils"
+SECTION = "base"
+
+LICENSE = "LGPLv2.1+ & GPLv2.0+"
+
+LIC_FILES_CHKSUM = "file://LICENCE.GPL;md5=5f6e72824f5da505c1f4a7197f004b45 \
+                    file://LICENCE.LGPL;md5=7d1cacaa3ea752b72ea5e525df54a21f"
+
+inherit siteinfo autotools-brokensep ptest
+
+SRC_URI = "http://people.redhat.com/dhowells/keyutils/${BP}.tar.bz2 \
+           file://keyutils-test-fix-output-format.patch \
+           file://keyutils-fix-error-report-by-adding-default-message.patch \
+           file://run-ptest \
+           file://fix_library_install_path.patch \
+           "
+
+SRC_URI[md5sum] = "191987b0ab46bb5b50efd70a6e6ce808"
+SRC_URI[sha256sum] = "d3aef20cec0005c0fa6b4be40079885567473185b1a57b629b030e67942c7115"
+
+EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \
+    NO_ARLIB=1 \
+    BINDIR=${base_bindir} \
+    SBINDIR=${base_sbindir} \
+    LIBDIR=${libdir} \
+    USRLIBDIR=${libdir} \
+    INCLUDEDIR=${includedir} \
+    BUILDFOR=${SITEINFO_BITS}-bit \
+    NO_GLIBC_KEYERR=1 \
+    "
+
+do_install () {
+    install -d ${D}/${libdir}/pkgconfig
+    oe_runmake DESTDIR=${D} install
+}
+
+do_install_append_class-nativesdk() {
+    install -d ${D}${datadir}
+    src_dir="${D}${target_datadir}"
+    mv $src_dir/* ${D}${datadir}
+    par_dir=`dirname $src_dir`
+    rmdir $src_dir $par_dir
+
+    install -d ${D}${sysconfdir}
+    mv ${D}/etc/* ${D}${sysconfdir}/
+    rmdir ${D}/etc
+}
+
+do_install_ptest () {
+    cp -r ${S}/tests ${D}${PTEST_PATH}/
+    sed -i -e 's/OSDIST=Unknown/OSDIST=${DISTRO}/' ${D}${PTEST_PATH}/tests/prepare.inc.sh
+}
+
+
+RDEPENDS_${PN}-ptest += "lsb-release"
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils"
+RDEPENDS_${PN}-ptest_append_libc-musl = " musl-utils"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch b/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-Include-time.h-header-to-pass-clang-compilation.patch
index 561c8c82c..f93af2d79 100644
--- a/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-include-time.h-for-time-structure-definition.patch
+++ b/meta-openembedded/meta-oe/recipes-security/nmap/files/0001-Include-time.h-header-to-pass-clang-compilation.patch
@@ -1,35 +1,39 @@
-From c774f2b129fd5acd5647d92c57a2079ae638a62b Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 20 Jan 2019 23:07:39 -0800
-Subject: [PATCH] include time.h for time structure definition
+From a068952a20880fc864e8cb8b49f8a6b143a5ac30 Mon Sep 17 00:00:00 2001
+From: Peiran Hong <peiran.hong@windriver.com>
+Date: Fri, 20 Sep 2019 15:02:45 -0400
+Subject: [PATCH] Include time.h header to pass clang compilation
 
-Exposed by musl/clang
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
 ---
- nmap_error.cc       | 1 +
- nping/EchoServer.cc | 1 +
- osscan.cc           | 1 +
- osscan2.cc          | 1 +
- service_scan.cc     | 1 +
- 5 files changed, 5 insertions(+)
+ nmap_error.cc       | 11 +----------
+ nping/EchoServer.cc |  1 +
+ osscan2.cc          |  1 +
+ service_scan.cc     |  1 +
+ 4 files changed, 4 insertions(+), 10 deletions(-)
 
 diff --git a/nmap_error.cc b/nmap_error.cc
-index 19beafb..ea14e08 100644
+index 588b13c33..254107ff5 100644
 --- a/nmap_error.cc
 +++ b/nmap_error.cc
-@@ -135,6 +135,7 @@
+@@ -135,16 +135,7 @@
  #include "xml.h"
  
  #include <errno.h>
+-#if TIME_WITH_SYS_TIME
+-# include <sys/time.h>
+-# include <time.h>
+-#else
+-# if HAVE_SYS_TIME_H
+-#  include <sys/time.h>
+-# else
+-#  include <time.h>
+-# endif
+-#endif
 +#include <time.h>
  
  extern NmapOps o;
  
 diff --git a/nping/EchoServer.cc b/nping/EchoServer.cc
-index 70f39b0..40cd4d6 100644
+index ccdcf9c2d..c403aeda5 100644
 --- a/nping/EchoServer.cc
 +++ b/nping/EchoServer.cc
 @@ -137,6 +137,7 @@
@@ -40,20 +44,8 @@ index 70f39b0..40cd4d6 100644
  
  extern NpingOps o;
  extern EchoServer es;
-diff --git a/osscan.cc b/osscan.cc
-index f851f60..6ae0c83 100644
---- a/osscan.cc
-+++ b/osscan.cc
-@@ -149,6 +149,7 @@
- #  include <time.h>
- # endif
- #endif
-+#include <time.h>
- 
- #include <algorithm>
- #include <list>
 diff --git a/osscan2.cc b/osscan2.cc
-index e341947..887fbd2 100644
+index aa31feb12..89673e108 100644
 --- a/osscan2.cc
 +++ b/osscan2.cc
 @@ -147,6 +147,7 @@
@@ -65,7 +57,7 @@ index e341947..887fbd2 100644
  extern NmapOps o;
  #ifdef WIN32
 diff --git a/service_scan.cc b/service_scan.cc
-index 9780ae3..e07b940 100644
+index 57a92ed28..ef277bb1f 100644
 --- a/service_scan.cc
 +++ b/service_scan.cc
 @@ -145,6 +145,7 @@
@@ -76,3 +68,6 @@ index 9780ae3..e07b940 100644
  
  #if HAVE_OPENSSL
  /* OpenSSL 1.0.0 needs _WINSOCKAPI_ to be defined, otherwise it loads
+-- 
+2.21.0
+
diff --git a/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.70.bb b/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb
index b1b150a7d..f24194da7 100644
--- a/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.70.bb
+++ b/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb
@@ -3,17 +3,17 @@ DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utili
 SECTION = "security"
 LICENSE = "GPL-2.0"
 
-LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=1489288f46af415fadc4e8b6345ab9f4"
+LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2"
 
 SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
            file://nmap-redefine-the-python-library-dir.patch \
            file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \
-           file://0001-include-time.h-for-time-structure-definition.patch \
+           file://0001-Include-time.h-header-to-pass-clang-compilation.patch \
            file://0002-Fix-building-with-libc.patch \
            "
 
-SRC_URI[md5sum] = "84eb6fbe788e0d4918c2b1e39421bf79"
-SRC_URI[sha256sum] = "847b068955f792f4cc247593aca6dc3dc4aae12976169873247488de147a6e18"
+SRC_URI[md5sum] = "d37b75b06d1d40f27b76d60db420a1f5"
+SRC_URI[sha256sum] = "fcfa5a0e42099e12e4bf7a68ebe6fde05553383a682e816a7ec9256ab4773faa"
 
 inherit autotools-brokensep pkgconfig pythonnative