From 1a4b7ee28bf7413af6513fb45ad0d0736048f866 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Sun, 16 Dec 2018 17:11:34 -0800 Subject: reset upstream subtrees to yocto 2.6 Reset the following subtrees on thud HEAD: poky: 87e3a9739d meta-openembedded: 6094ae18c8 meta-security: 31dc4e7532 meta-raspberrypi: a48743dc36 meta-xilinx: c42016e2e6 Also re-apply backports that didn't make it into thud: poky: 17726d0 systemd-systemctl-native: handle Install wildcards meta-openembedded: 4321a5d libtinyxml2: update to 7.0.1 042f0a3 libcereal: Add native and nativesdk classes e23284f libcereal: Allow empty package 030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG 179a1b9 gtest: update to 1.8.1 Squashed OpenBMC subtree compatibility updates: meta-aspeed: Brad Bishop (1): aspeed: add yocto 2.6 compatibility meta-ibm: Brad Bishop (1): ibm: prepare for yocto 2.6 meta-ingrasys: Brad Bishop (1): ingrasys: set layer compatibility to yocto 2.6 meta-openpower: Brad Bishop (1): openpower: set layer compatibility to yocto 2.6 meta-phosphor: Brad Bishop (3): phosphor: set layer compatibility to thud phosphor: libgpg-error: drop patches phosphor: react to fitimage artifact rename Ed Tanous (4): Dropbear: upgrade options for latest upgrade yocto2.6: update openssl options busybox: remove upstream watchdog patch systemd: Rebase CONFIG_CGROUP_BPF patch Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7 Signed-off-by: Brad Bishop --- .../recipes-security/AppArmor/apparmor_2.11.0.bb | 159 --------------------- .../recipes-security/AppArmor/apparmor_2.12.bb | 159 +++++++++++++++++++++ .../aircrack-ng/aircrack-ng_1.2.bb | 37 ----- .../aircrack-ng/aircrack-ng_1.3.bb | 34 +++++ .../aircrack-ng/files/fixup_cflags.patch | 28 ---- .../recipes-security/bastille/bastille_3.2.1.bb | 2 +- .../recipes-security/clamav/clamav_0.99.3.bb | 158 -------------------- .../recipes-security/clamav/clamav_0.99.4.bb | 158 ++++++++++++++++++++ .../ecryptfs-utils/ecryptfs-utils_111.bb | 9 +- .../recipes-security/fail2ban/fail2ban_0.10.2.bb | 41 ------ .../recipes-security/fail2ban/files/run-ptest | 3 + .../recipes-security/fail2ban/python-fail2ban.inc | 49 +++++++ .../fail2ban/python-fail2ban_0.10.3.1.bb | 4 + .../fail2ban/python3-fail2ban_0.10.3.1.bb | 4 + .../fscryptctl/fscryptctl_0.1.0.bb | 2 +- .../images/security-build-image.bb | 4 +- .../configure-remove-hardcode-path.patch | 37 ----- .../keynote/keynote-2.3/makefile-add-ldflags.patch | 36 ----- .../recipes-security/keynote/keynote-2.3/run-ptest | 16 --- .../recipes-security/keynote/keynote_2.3.bb | 40 ------ .../recipes-security/keyutils/keyutils_1.5.10.bb | 2 + .../libseccomp/libseccomp_2.3.3.bb | 3 +- .../nmap-redefine-the-python-library-dir.patch | 37 ----- ...shtool-mkdir-with-coreutils-mkdir-command.patch | 48 ------- meta-security/recipes-security/nmap/nmap_7.60.bb | 54 ------- .../packagegroup/packagegroup-core-security.bb | 27 +++- .../samhain/samhain-client_4.2.2.bb | 11 -- .../samhain/samhain-client_4.3.0.bb | 11 ++ .../samhain/samhain-server_4.2.2.bb | 20 --- .../samhain/samhain-server_4.3.0.bb | 20 +++ .../samhain/samhain-standalone_4.2.2.bb | 31 ---- .../samhain/samhain-standalone_4.3.0.bb | 31 ++++ meta-security/recipes-security/samhain/samhain.inc | 7 +- .../recipes-security/scapy/files/run-ptest | 4 + .../recipes-security/scapy/python-scapy.inc | 20 +++ .../recipes-security/scapy/python-scapy_2.4.0.bb | 6 + .../recipes-security/scapy/python3-scapy_2.4.0.bb | 4 + .../recipes-security/scapy/scapy/run-ptest | 4 - .../recipes-security/scapy/scapy_2.3.3.bb | 24 ---- meta-security/recipes-security/sssd/sssd_1.16.0.bb | 73 ---------- meta-security/recipes-security/sssd/sssd_1.16.3.bb | 73 ++++++++++ .../suricata/files/emerging.rules.tar.gz | Bin 0 -> 2252393 bytes .../recipes-security/suricata/files/run-ptest | 3 + .../suricata/files/suricata.service | 20 +++ .../recipes-security/suricata/files/suricata.yaml | 2 +- .../recipes-security/suricata/libhtp_0.5.25.bb | 15 -- .../recipes-security/suricata/libhtp_0.5.27.bb | 15 ++ .../recipes-security/suricata/suricata.inc | 6 +- .../recipes-security/suricata/suricata_4.0.0.bb | 60 -------- .../recipes-security/suricata/suricata_4.0.5.bb | 96 +++++++++++++ .../recipes-security/tripwire/files/run-ptest | 3 + .../recipes-security/tripwire/tripwire_2.4.3.6.bb | 9 +- .../xmlsec1/change-finding-path-of-nss.patch | 107 +++++++------- .../xmlsec1-fix-a-typo-in-examples-verify3.c.patch | 23 --- .../recipes-security/xmlsec1/xmlsec1_1.2.25.bb | 57 -------- .../recipes-security/xmlsec1/xmlsec1_1.2.26.bb | 56 ++++++++ 56 files changed, 878 insertions(+), 1084 deletions(-) delete mode 100644 meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb create mode 100644 meta-security/recipes-security/AppArmor/apparmor_2.12.bb delete mode 100644 meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb create mode 100644 meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb delete mode 100644 meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch delete mode 100644 meta-security/recipes-security/clamav/clamav_0.99.3.bb create mode 100644 meta-security/recipes-security/clamav/clamav_0.99.4.bb delete mode 100644 meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb create mode 100644 meta-security/recipes-security/fail2ban/files/run-ptest create mode 100644 meta-security/recipes-security/fail2ban/python-fail2ban.inc create mode 100644 meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb create mode 100644 meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb delete mode 100644 meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch delete mode 100644 meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch delete mode 100644 meta-security/recipes-security/keynote/keynote-2.3/run-ptest delete mode 100644 meta-security/recipes-security/keynote/keynote_2.3.bb delete mode 100644 meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch delete mode 100644 meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch delete mode 100644 meta-security/recipes-security/nmap/nmap_7.60.bb delete mode 100644 meta-security/recipes-security/samhain/samhain-client_4.2.2.bb create mode 100644 meta-security/recipes-security/samhain/samhain-client_4.3.0.bb delete mode 100644 meta-security/recipes-security/samhain/samhain-server_4.2.2.bb create mode 100644 meta-security/recipes-security/samhain/samhain-server_4.3.0.bb delete mode 100644 meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb create mode 100644 meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb create mode 100755 meta-security/recipes-security/scapy/files/run-ptest create mode 100644 meta-security/recipes-security/scapy/python-scapy.inc create mode 100644 meta-security/recipes-security/scapy/python-scapy_2.4.0.bb create mode 100644 meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb delete mode 100755 meta-security/recipes-security/scapy/scapy/run-ptest delete mode 100644 meta-security/recipes-security/scapy/scapy_2.3.3.bb delete mode 100644 meta-security/recipes-security/sssd/sssd_1.16.0.bb create mode 100644 meta-security/recipes-security/sssd/sssd_1.16.3.bb create mode 100644 meta-security/recipes-security/suricata/files/emerging.rules.tar.gz create mode 100644 meta-security/recipes-security/suricata/files/run-ptest create mode 100644 meta-security/recipes-security/suricata/files/suricata.service delete mode 100644 meta-security/recipes-security/suricata/libhtp_0.5.25.bb create mode 100644 meta-security/recipes-security/suricata/libhtp_0.5.27.bb delete mode 100644 meta-security/recipes-security/suricata/suricata_4.0.0.bb create mode 100644 meta-security/recipes-security/suricata/suricata_4.0.5.bb create mode 100644 meta-security/recipes-security/tripwire/files/run-ptest delete mode 100644 meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch delete mode 100644 meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb create mode 100644 meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb (limited to 'meta-security/recipes-security') diff --git a/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb b/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb deleted file mode 100644 index fc9b614f1..000000000 --- a/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb +++ /dev/null @@ -1,159 +0,0 @@ -SUMMARY = "AppArmor another MAC control system" -DESCRIPTION = "user-space parser utility for AppArmor \ - This provides the system initialization scripts needed to use the \ - AppArmor Mandatory Access Control system, including the AppArmor Parser \ - which is required to convert AppArmor text profiles into machine-readable \ - policies that are loaded into the kernel for use with the AppArmor Linux \ - Security Module." -HOMEAPAGE = "http://apparmor.net/" -SECTION = "admin" - -LICENSE = "GPLv2 & GPLv2+ & BSD-3-Clause & LGPLv2.1+" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0" - -DEPENDS = "bison-native apr gettext-native coreutils-native" - -SRC_URI = " \ - http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ - file://disable_perl_h_check.patch \ - file://crosscompile_perl_bindings.patch \ - file://apparmor.rc \ - file://functions \ - file://apparmor \ - file://apparmor.service \ - file://run-ptest \ - " - -SRC_URI[md5sum] = "899fd834dc5c8ebf2d52b97e4a174af7" -SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a" - -PARALLEL_MAKE = "" - -inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan -inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} - -S = "${WORKDIR}/apparmor-${PV}" - -PACKAGECONFIG ?="man python perl" -PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" -PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native" -PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native" -PACKAGECONFIG[apache2] = ",,apache2," - -PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" -HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}" - - -python() { - if 'apache2' in d.getVar('PACKAGECONFIG').split() and \ - 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): - raise bb.parse.SkipRecipe('Requires meta-webserver to be present.') -} - -CONFIGUREOPTS_remove = "--disable-static" -EXTRA_OECONF_append = " --enable-static" - -do_configure() { - cd ${S}/libraries/libapparmor - aclocal - autoconf --force - libtoolize --automake -c --force - automake -ac - ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} - sed -i -e 's#^YACC.*#YACC := bison#' ${S}/parser/Makefile - sed -i -e 's#^LEX.*#LEX := flex#' ${S}/parser/Makefile -} - -do_compile () { - oe_runmake -C ${B}/libraries/libapparmor - oe_runmake -C ${B}/binutils - oe_runmake -C ${B}/utils - oe_runmake -C ${B}/parser - oe_runmake -C ${B}/profiles - - if test -z "${HTTPD}" ; then - oe_runmake -C ${B}/changehat/mod_apparmor - fi - - if test -z "${PAMLIB}" ; then - oe_runmake -C ${B}/changehat/pam_apparmor - fi -} - -do_install () { - install -d ${D}/${INIT_D_DIR} - install -d ${D}/lib/apparmor - - oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install - oe_runmake -C ${B}/binutils DESTDIR="${D}" install - oe_runmake -C ${B}/utils DESTDIR="${D}" install - oe_runmake -C ${B}/parser DESTDIR="${D}" install - oe_runmake -C ${B}/profiles DESTDIR="${D}" install - - if test -z "${HTTPD}" ; then - oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install - fi - - if test -z "${PAMLIB}" ; then - oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install - fi - - # aa-easyprof is installed by python-tools-setup.py, fix it up - sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof - chmod 0755 ${D}${bindir}/aa-easyprof - - install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor - install ${WORKDIR}/functions ${D}/lib/apparmor - if [ "${VIRTUAL-RUNTIME_init_manager}" = "systemd" ]; then - install -d ${D}${systemd_system_unitdir} - install ${WORKDIR}/apparmor.service \ - ${D}${systemd_system_unitdir} - fi -} - -do_compile_ptest () { - oe_runmake -C ${B}/tests/regression/apparmor - oe_runmake -C ${B}/parser/tst - oe_runmake -C ${B}/libraries/libapparmor -} - -do_install_ptest () { - t=${D}/${PTEST_PATH}/testsuite - install -d ${t} - install -d ${t}/tests/regression/apparmor - cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression - - install -d ${t}/parser/tst - cp -rf ${B}/parser/tst ${t}/parser - cp ${B}/parser/apparmor_parser ${t}/parser - cp ${B}/parser/frob_slack_rc ${t}/parser - - install -d ${t}/libraries/libapparmor - cp -rf ${B}/libraries/libapparmor ${t}/libraries - - install -d ${t}/common - cp -rf ${B}/common ${t} - - install -d ${t}/binutils - cp -rf ${B}/binutils ${t} -} - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "apparmor" -INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ." - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "apparmor.service" -SYSTEMD_AUTO_ENABLE = "disable" - -PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'mod-${PN}', '', d)}" - -FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" -FILES_mod-${PN} = "${libdir}/apache2/modules/*" - -ALLOW_EMPTY_${PN} = "1" - -RDEPENDS_${PN} += "bash lsb" -RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3 python3-modules','', d)}" -RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" -RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib" diff --git a/meta-security/recipes-security/AppArmor/apparmor_2.12.bb b/meta-security/recipes-security/AppArmor/apparmor_2.12.bb new file mode 100644 index 000000000..e3f8dc99c --- /dev/null +++ b/meta-security/recipes-security/AppArmor/apparmor_2.12.bb @@ -0,0 +1,159 @@ +SUMMARY = "AppArmor another MAC control system" +DESCRIPTION = "user-space parser utility for AppArmor \ + This provides the system initialization scripts needed to use the \ + AppArmor Mandatory Access Control system, including the AppArmor Parser \ + which is required to convert AppArmor text profiles into machine-readable \ + policies that are loaded into the kernel for use with the AppArmor Linux \ + Security Module." +HOMEAPAGE = "http://apparmor.net/" +SECTION = "admin" + +LICENSE = "GPLv2 & GPLv2+ & BSD-3-Clause & LGPLv2.1+" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0" + +DEPENDS = "bison-native apr gettext-native coreutils-native" + +SRC_URI = " \ + http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ + file://disable_perl_h_check.patch \ + file://crosscompile_perl_bindings.patch \ + file://apparmor.rc \ + file://functions \ + file://apparmor \ + file://apparmor.service \ + file://run-ptest \ + " + +SRC_URI[md5sum] = "49054f58042f8e51ea92cc866575a833" +SRC_URI[sha256sum] = "8a2b0cd083faa4d0640f579024be3a629faa7db3b99540798a1a050e2eaba056" + +PARALLEL_MAKE = "" + +inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan +inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} + +S = "${WORKDIR}/apparmor-${PV}" + +PACKAGECONFIG ?="man python perl" +PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" +PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native" +PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native" +PACKAGECONFIG[apache2] = ",,apache2," + +PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" +HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}" + + +python() { + if 'apache2' in d.getVar('PACKAGECONFIG').split() and \ + 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): + raise bb.parse.SkipRecipe('Requires meta-webserver to be present.') +} + +CONFIGUREOPTS_remove = "--disable-static" +EXTRA_OECONF_append = " --enable-static" + +do_configure() { + cd ${S}/libraries/libapparmor + aclocal + autoconf --force + libtoolize --automake -c --force + automake -ac + ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} + sed -i -e 's#^YACC.*#YACC := bison#' ${S}/parser/Makefile + sed -i -e 's#^LEX.*#LEX := flex#' ${S}/parser/Makefile +} + +do_compile () { + oe_runmake -C ${B}/libraries/libapparmor + oe_runmake -C ${B}/binutils + oe_runmake -C ${B}/utils + oe_runmake -C ${B}/parser + oe_runmake -C ${B}/profiles + + if test -z "${HTTPD}" ; then + oe_runmake -C ${B}/changehat/mod_apparmor + fi + + if test -z "${PAMLIB}" ; then + oe_runmake -C ${B}/changehat/pam_apparmor + fi +} + +do_install () { + install -d ${D}/${INIT_D_DIR} + install -d ${D}/lib/apparmor + + oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install + oe_runmake -C ${B}/binutils DESTDIR="${D}" install + oe_runmake -C ${B}/utils DESTDIR="${D}" install + oe_runmake -C ${B}/parser DESTDIR="${D}" install + oe_runmake -C ${B}/profiles DESTDIR="${D}" install + + if test -z "${HTTPD}" ; then + oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install + fi + + if test -z "${PAMLIB}" ; then + oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install + fi + + # aa-easyprof is installed by python-tools-setup.py, fix it up + sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof + chmod 0755 ${D}${bindir}/aa-easyprof + + install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor + install ${WORKDIR}/functions ${D}/lib/apparmor + if [ "${VIRTUAL-RUNTIME_init_manager}" = "systemd" ]; then + install -d ${D}${systemd_system_unitdir} + install ${WORKDIR}/apparmor.service \ + ${D}${systemd_system_unitdir} + fi +} + +do_compile_ptest () { + oe_runmake -C ${B}/tests/regression/apparmor + oe_runmake -C ${B}/parser/tst + oe_runmake -C ${B}/libraries/libapparmor +} + +do_install_ptest () { + t=${D}/${PTEST_PATH}/testsuite + install -d ${t} + install -d ${t}/tests/regression/apparmor + cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression + + install -d ${t}/parser/tst + cp -rf ${B}/parser/tst ${t}/parser + cp ${B}/parser/apparmor_parser ${t}/parser + cp ${B}/parser/frob_slack_rc ${t}/parser + + install -d ${t}/libraries/libapparmor + cp -rf ${B}/libraries/libapparmor ${t}/libraries + + install -d ${t}/common + cp -rf ${B}/common ${t} + + install -d ${t}/binutils + cp -rf ${B}/binutils ${t} +} + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "apparmor" +INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ." + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "apparmor.service" +SYSTEMD_AUTO_ENABLE = "disable" + +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'mod-${PN}', '', d)}" + +FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" +FILES_mod-${PN} = "${libdir}/apache2/modules/*" + +ALLOW_EMPTY_${PN} = "1" + +RDEPENDS_${PN} += "bash lsb" +RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3 python3-modules','', d)}" +RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" +RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib" diff --git a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb deleted file mode 100644 index 4df072e0b..000000000 --- a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb +++ /dev/null @@ -1,37 +0,0 @@ -SUMMARY = "Aircrack-ng is a set of tools for auditing wireless networks" -DESCRIPTION = "Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools." -SECTION = "security" -LICENSE = "GPL-2.0" - -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=1fbd81241fe252ec0f5658a521ab7dd8" - -DEPENDS = "libnl openssl sqlite3 libpcre libpcap" -RC = "rc2" -SRC_URI = "http://download.aircrack-ng.org/${BP}-${RC}.tar.gz \ - file://fixup_cflags.patch" - -SRC_URI[md5sum] = "ebe9d537f06f4d6956213af09c4476da" -SRC_URI[sha256sum] = "ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9" - -inherit autotools-brokensep pkgconfig - -S = "${WORKDIR}/${BP}-rc2" - -PACKAGECONFIG ?= "" -CFLAGS += " -I${S}/src/include" - -OEMAKE_EXTRA = "sqlite=true experimental=true pcre=true \ - prefix=${prefix} \ - " - -do_compile () { - make ${OEMAKE_EXTRA} TOOL_PREFIX=${TARGET_SYS}- -} - -do_install () { - make DESTDIR=${D} ${OEMAKE_EXTRA} ext_scripts=true install -} - -FILES_${PN} += "/usr/local/" - -RDEPENDS_${PN} = "libpcap" diff --git a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb new file mode 100644 index 000000000..d73922778 --- /dev/null +++ b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb @@ -0,0 +1,34 @@ +SUMMARY = "Aircrack-ng is a set of tools for auditing wireless networks" +DESCRIPTION = "Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools." +SECTION = "security" +LICENSE = "GPL-2.0" + +LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=1fbd81241fe252ec0f5658a521ab7dd8" + +DEPENDS = "libnl openssl sqlite3 libpcre libpcap" + +SRC_URI = "http://download.aircrack-ng.org/${BP}.tar.gz" + +SRC_URI[md5sum] = "c7c5b076dee0c25ee580b0f56f455623" +SRC_URI[sha256sum] = "8ae08a7c28741f6ace2769267112053366550e7f746477081188ad38410383ca" + +inherit autotools-brokensep pkgconfig + +PACKAGECONFIG ?= "" +CFLAGS += " -I${S}/src/include" + +OEMAKE_EXTRA = "sqlite=true experimental=true pcre=true \ + prefix=${prefix} \ + " + +do_compile () { + make ${OEMAKE_EXTRA} TOOL_PREFIX=${TARGET_SYS}- +} + +do_install () { + make DESTDIR=${D} ${OEMAKE_EXTRA} ext_scripts=true install +} + +FILES_${PN} += "/usr/local/" + +RDEPENDS_${PN} = "libpcap" diff --git a/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch b/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch deleted file mode 100644 index e13dd24ba..000000000 --- a/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch +++ /dev/null @@ -1,28 +0,0 @@ -Upstream Status: Iinappropriate - -Issues do to build env. - -Signed-off-by: Armin Kuster - -Index: aircrack-ng-1.2-rc2/src/Makefile -=================================================================== ---- aircrack-ng-1.2-rc2.orig/src/Makefile -+++ aircrack-ng-1.2-rc2/src/Makefile -@@ -3,8 +3,6 @@ include $(AC_ROOT)/common.mak - - TEST_DIR = $(AC_ROOT)/test - --CFLAGS += -Iinclude -- - iCC = $(shell find /opt/intel/cc/*/bin/icc) - iCFLAGS = -w -mcpu=pentiumpro -march=pentiumpro $(COMMON_CFLAGS) - iOPTFLAGS = -O3 -ip -ipo -D_FILE_OFFSET_BITS=64 -@@ -102,7 +100,7 @@ endif - - - ifeq ($(subst TRUE,true,$(filter TRUE true,$(sqlite) $(SQLITE))),true) -- LIBSQL = -L/usr/local/lib -lsqlite3 -+ LIBSQL = -lsqlite3 - else - LIBSQL = - endif diff --git a/meta-security/recipes-security/bastille/bastille_3.2.1.bb b/meta-security/recipes-security/bastille/bastille_3.2.1.bb index eee1a38e1..152c03ae5 100644 --- a/meta-security/recipes-security/bastille/bastille_3.2.1.bb +++ b/meta-security/recipes-security/bastille/bastille_3.2.1.bb @@ -9,7 +9,7 @@ DEPENDS = "virtual/kernel" RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils" FILES_${PN} += "/run/lock/subsys/bastille" -inherit allarch module-base +inherit module-base SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \ file://AccountPermission.pm \ diff --git a/meta-security/recipes-security/clamav/clamav_0.99.3.bb b/meta-security/recipes-security/clamav/clamav_0.99.3.bb deleted file mode 100644 index 688250da4..000000000 --- a/meta-security/recipes-security/clamav/clamav_0.99.3.bb +++ /dev/null @@ -1,158 +0,0 @@ -SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface" -DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats." -HOMEPAGE = "http://www.clamav.net/index.html" -SECTION = "security" -LICENSE = "LGPL-2.1" - -DEPENDS = "libtool db libmspack chrpath-replacement-native" - -LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" - -SRCREV = "224f73461a44e278e9fa50ba59f51ee5e64373e0" - -SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ - file://clamd.conf \ - file://freshclam.conf \ - file://volatiles.03_clamav \ - file://${BPN}.service \ - " - -S = "${WORKDIR}/git" - -LEAD_SONAME = "libclamav.so" -SO_VER = "7.1.1" - -EXTRANATIVEPATH += "chrpath-native" - -inherit autotools-brokensep pkgconfig useradd systemd - -UID = "clamav" -GID = "clamav" - -# Clamav has a built llvm version 2 but does not build with gcc 6.x, -# disable the internal one. This is a known issue -# If you want LLVM support, use meta-oe llvm3.3 to build for GCC 6.X, -# as defined below - -CLAMAV_LLVM ?= "oellvm" -CLAMAV_LLVM_RELEASE ?= "6.0" - -PACKAGECONFIG ?= "ncurses openssl bz2 zlib ${CLAMAV_LLVM}" -PACKAGECONFIG += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" - -PACKAGECONFIG[oellvm] = "--with-system-llvm --with-llvm-linking=dynamic --disable-llvm, ,llvm${CLAMAV_LLVM_RELEASE}" - -PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre" -PACKAGECONFIG[xml] = "--with-xml=${STAGING_LIBDIR}/.., --with-xml=no, libxml2," -PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json," -PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR}, --without-libcurl, curl," -PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" -PACKAGECONFIG[openssl] = "--with-openssl=${STAGING_DIR_HOST}/usr, --without-openssl, openssl, openssl" -PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_DIR_HOST}/usr --disable-zlib-vcheck , --without-zlib, zlib, " -PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${STAGING_LIBDIR}/.., --without-libbz2-prefix, " -PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${STAGING_LIBDIR}/.., --without-libncurses-prefix, ncurses, " -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " - -EXTRA_OECONF += " --with-user=${UID} --with-group=${GID} \ - --without-libcheck-prefix --disable-unrar \ - --disable-mempool \ - --program-prefix="" \ - --disable-yara \ - --disable-rpath \ - " - -do_configure () { - cd ${S} - ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} -} - -do_compile_append() { - # brute force removing RPATH - chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER} - chrpath -d ${B}/sigtool/.libs/sigtool - chrpath -d ${B}/clambc/.libs/clambc - chrpath -d ${B}/clamscan/.libs/clamscan - chrpath -d ${B}/clamconf/.libs/clamconf - chrpath -d ${B}/clamd/.libs/clamd - chrpath -d ${B}/freshclam/.libs/freshclam -} - -do_install_append() { - install -d ${D}/${sysconfdir} - install -d ${D}/${localstatedir}/lib/clamav - install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles - - install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir} - install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir} - install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav - sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc - rm ${D}/${libdir}/libclamav.so - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then - install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service - fi -} - -pkg_postinst_ontarget_${PN} () { - if [ -e /etc/init.d/populate-volatile.sh ] ; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi - chown ${UID}:${GID} ${localstatedir}/lib/clamav -} - - -PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \ - ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" - -FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ - ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \ - ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \ - ${docdir}/clamav/* " - -FILES_${PN}-clamdscan = " ${bindir}/clamdscan \ - ${docdir}/clamdscan/* \ - ${mandir}/man1/clamdscan* \ - " - -FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ - ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \ - ${mandir}/man5/clamd* ${mandir}/man8/clamd* \ - ${sysconfdir}/clamd.conf* \ - ${systemd_unitdir}/system/clamav-daemon/* \ - ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \ - ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon " - -FILES_${PN}-freshclam = "${bindir}/freshclam \ - ${sysconfdir}/freshclam.conf* \ - ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ - ${localstatedir}/lib/clamav \ - ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ - ${mandir}/man5/freshclam.conf.* \ - ${systemd_unitdir}/system/clamav-freshclam.service" - -FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ - ${libdir}/pkgconfig/*.pc \ - ${mandir}/man1/clamav-config.* \ - ${includedir}/*.h ${docdir}/libclamav* " - -FILES_${PN}-staticdev = "${libdir}/*.a" - -FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libmspack.so*\ - ${docdir}/libclamav/* " - -FILES_${PN}-doc = "${mandir}/man/* \ - ${datadir}/man/* \ - ${docdir}/* " - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system ${UID}" -USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \ - ${localstatedir}/spool/${BPN} \ - --no-create-home --shell /bin/false ${BPN}" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" -SYSTEMD_SERVICE_${PN} = "${BPN}.service" - -RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav" diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb new file mode 100644 index 000000000..8c2c2fa2f --- /dev/null +++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb @@ -0,0 +1,158 @@ +SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface" +DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats." +HOMEPAGE = "http://www.clamav.net/index.html" +SECTION = "security" +LICENSE = "LGPL-2.1" + +DEPENDS = "libtool db libmspack chrpath-replacement-native" + +LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092" + +SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047" + +SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ + file://clamd.conf \ + file://freshclam.conf \ + file://volatiles.03_clamav \ + file://${BPN}.service \ + " + +S = "${WORKDIR}/git" + +LEAD_SONAME = "libclamav.so" +SO_VER = "7.1.1" + +EXTRANATIVEPATH += "chrpath-native" + +inherit autotools-brokensep pkgconfig useradd systemd + +UID = "clamav" +GID = "clamav" + +# Clamav has a built llvm version 2 but does not build with gcc 6.x, +# disable the internal one. This is a known issue +# If you want LLVM support, use meta-oe llvm3.3 to build for GCC 6.X, +# as defined below + +CLAMAV_LLVM ?= "oellvm" +CLAMAV_LLVM_RELEASE ?= "6.0" + +PACKAGECONFIG ?= "ncurses openssl bz2 zlib ${CLAMAV_LLVM}" +PACKAGECONFIG += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + +PACKAGECONFIG[oellvm] = "--with-system-llvm --with-llvm-linking=dynamic --disable-llvm, ,llvm${CLAMAV_LLVM_RELEASE}" + +PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre" +PACKAGECONFIG[xml] = "--with-xml=${STAGING_LIBDIR}/.., --with-xml=no, libxml2," +PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json," +PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR}, --without-libcurl, curl," +PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6" +PACKAGECONFIG[openssl] = "--with-openssl=${STAGING_DIR_HOST}/usr, --without-openssl, openssl, openssl" +PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_DIR_HOST}/usr --disable-zlib-vcheck , --without-zlib, zlib, " +PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${STAGING_LIBDIR}/.., --without-libbz2-prefix, " +PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${STAGING_LIBDIR}/.., --without-libncurses-prefix, ncurses, " +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, " + +EXTRA_OECONF += " --with-user=${UID} --with-group=${GID} \ + --without-libcheck-prefix --disable-unrar \ + --disable-mempool \ + --program-prefix="" \ + --disable-yara \ + --disable-rpath \ + " + +do_configure () { + cd ${S} + ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} +} + +do_compile_append() { + # brute force removing RPATH + chrpath -d ${B}/libclamav/.libs/libclamav.so.${SO_VER} + chrpath -d ${B}/sigtool/.libs/sigtool + chrpath -d ${B}/clambc/.libs/clambc + chrpath -d ${B}/clamscan/.libs/clamscan + chrpath -d ${B}/clamconf/.libs/clamconf + chrpath -d ${B}/clamd/.libs/clamd + chrpath -d ${B}/freshclam/.libs/freshclam +} + +do_install_append() { + install -d ${D}/${sysconfdir} + install -d ${D}/${localstatedir}/lib/clamav + install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles + + install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir} + install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir} + install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav + sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc + rm ${D}/${libdir}/libclamav.so + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then + install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service + fi +} + +pkg_postinst_ontarget_${PN} () { + if [ -e /etc/init.d/populate-volatile.sh ] ; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi + chown ${UID}:${GID} ${localstatedir}/lib/clamav +} + + +PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc \ + ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev" + +FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \ + ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \ + ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \ + ${docdir}/clamav/* " + +FILES_${PN}-clamdscan = " ${bindir}/clamdscan \ + ${docdir}/clamdscan/* \ + ${mandir}/man1/clamdscan* \ + " + +FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ + ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \ + ${mandir}/man5/clamd* ${mandir}/man8/clamd* \ + ${sysconfdir}/clamd.conf* \ + ${systemd_unitdir}/system/clamav-daemon/* \ + ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \ + ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon " + +FILES_${PN}-freshclam = "${bindir}/freshclam \ + ${sysconfdir}/freshclam.conf* \ + ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ + ${localstatedir}/lib/clamav \ + ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ + ${mandir}/man5/freshclam.conf.* \ + ${systemd_unitdir}/system/clamav-freshclam.service" + +FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ + ${libdir}/pkgconfig/*.pc \ + ${mandir}/man1/clamav-config.* \ + ${includedir}/*.h ${docdir}/libclamav* " + +FILES_${PN}-staticdev = "${libdir}/*.a" + +FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libmspack.so*\ + ${docdir}/libclamav/* " + +FILES_${PN}-doc = "${mandir}/man/* \ + ${datadir}/man/* \ + ${docdir}/* " + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system ${UID}" +USERADD_PARAM_${PN} = "--system -g ${GID} --home-dir \ + ${localstatedir}/spool/${BPN} \ + --no-create-home --shell /bin/false ${BPN}" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" +SYSTEMD_SERVICE_${PN} = "${BPN}.service" + +RDEPENDS_${PN} += "openssl ncurses-libncurses libbz2 ncurses-libtinfo clamav-freshclam clamav-libclamav" diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb index f55b0c390..1f780f9e3 100644 --- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb +++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb @@ -29,6 +29,7 @@ EXTRA_OECONF = "\ --libdir=${base_libdir} \ --disable-pywrap \ --disable-nls \ + --with-pamdir=${base_libdir}/security \ " PACKAGECONFIG ??= "nss \ @@ -43,12 +44,16 @@ do_configure_prepend() { export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3" export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}" export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils" + sed -i -e "s;rootsbindir=\"/sbin\";rootsbindir=\"\${base_sbindir}\";g" ${S}/configure.ac } do_install_append() { chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private - mkdir -p ${D}/${libdir} - mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir} + # ${base_libdir} is identical to ${libdir} when usrmerge enabled + if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then + mkdir -p ${D}/${libdir} + mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir} + fi sed -i -e 's:-I${STAGING_INCDIR}::' \ -e 's:-L${STAGING_LIBDIR}::' ${D}/${libdir}/pkgconfig/libecryptfs.pc sed -i -e "s: ${base_sbindir}/cryptsetup: ${sbindir}/cryptsetup:" ${D}${bindir}/ecryptfs-setup-swap diff --git a/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb b/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb deleted file mode 100644 index 7e2deba2d..000000000 --- a/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb +++ /dev/null @@ -1,41 +0,0 @@ -SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." -DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ -many failed login attempts. It does this by updating system firewall rules to reject new \ -connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ -out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ -and is easy to configure to read any log file you choose, for any error you choose." -HOMEPAGE = "http://www.fail2ban.org" - -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" - -SRCREV ="a45488465e0dd547eb8479c0fa9fd577c1837213" -SRC_URI = " \ - git://github.com/fail2ban/fail2ban.git;branch=0.10 \ - file://initd \ - file://fail2ban_setup.py \ -" - -inherit update-rc.d setuptools - -S = "${WORKDIR}/git" - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "fail2ban-server" -INITSCRIPT_PARAMS = "defaults 25" - -do_compile_prepend () { - cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py -} - -do_install_append () { - install -d ${D}/${sysconfdir}/fail2ban - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server -} - -FILES_${PN} += "/run" - -INSANE_SKIP_${PN}_append = "already-stripped" - -RDEPENDS_${PN} = "sysklogd iptables sqlite3 python python-pyinotify" diff --git a/meta-security/recipes-security/fail2ban/files/run-ptest b/meta-security/recipes-security/fail2ban/files/run-ptest new file mode 100644 index 000000000..9f6aebe82 --- /dev/null +++ b/meta-security/recipes-security/fail2ban/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +##PYTHON## fail2ban-testcases diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban.inc b/meta-security/recipes-security/fail2ban/python-fail2ban.inc new file mode 100644 index 000000000..9245f17b1 --- /dev/null +++ b/meta-security/recipes-security/fail2ban/python-fail2ban.inc @@ -0,0 +1,49 @@ +SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." +DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ +many failed login attempts. It does this by updating system firewall rules to reject new \ +connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ +out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ +and is easy to configure to read any log file you choose, for any error you choose." +HOMEPAGE = "http://www.fail2ban.org" + +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" + +SRCREV ="ac0d441fd68852ffda7b15c71f16b7f4fde1a7ee" +SRC_URI = " \ + git://github.com/fail2ban/fail2ban.git;branch=0.11 \ + file://initd \ + file://fail2ban_setup.py \ + file://run-ptest \ +" + +inherit update-rc.d ptest + +S = "${WORKDIR}/git" + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "fail2ban-server" +INITSCRIPT_PARAMS = "defaults 25" + +do_compile_prepend () { + cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py +} + +do_install_append () { + install -d ${D}/${sysconfdir}/fail2ban + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + chown -R root:root ${D}/${bindir} +} + +do_install_ptest_append () { + install -d ${D}${PTEST_PATH} + sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest + install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH} +} + +FILES_${PN} += "/run" + +INSANE_SKIP_${PN}_append = "already-stripped" + +RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify" diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb new file mode 100644 index 000000000..17a7dd8dd --- /dev/null +++ b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb @@ -0,0 +1,4 @@ +inherit setuptools +require python-fail2ban.inc + +RDEPENDS_${PN}-ptest = "python python-modules python-fail2ban" diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb new file mode 100644 index 000000000..5c887e857 --- /dev/null +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb @@ -0,0 +1,4 @@ +inherit setuptools3 +require python-fail2ban.inc + +RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb index 4f0b12c4a..8847a0fc4 100644 --- a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb +++ b/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb @@ -9,7 +9,7 @@ SECTION = "base" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRCREV = "e4c4d0984dee2531897e13c32a18d5e54a2a4aa6" +SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5" SRC_URI = "git://github.com/google/fscryptctl.git" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/images/security-build-image.bb b/meta-security/recipes-security/images/security-build-image.bb index 1a7af86be..a8757f980 100644 --- a/meta-security/recipes-security/images/security-build-image.bb +++ b/meta-security/recipes-security/images/security-build-image.bb @@ -6,9 +6,7 @@ IMAGE_INSTALL = "\ packagegroup-base \ packagegroup-core-boot \ packagegroup-core-security \ - os-release \ - ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", "", d)} \ - ${CORE_IMAGE_EXTRA_INSTALL}" + os-release" IMAGE_LINGUAS ?= " " diff --git a/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch b/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch deleted file mode 100644 index af3ef421d..000000000 --- a/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch +++ /dev/null @@ -1,37 +0,0 @@ -Remove the hardcoded lib and include dirs - -Upstream-Status: Inappropriate [cross compile specific] - -written by: Amy Fong -Signed-off-by: Jackie Huang - ---- keynote-2.3/configure.in.orig 2010-05-24 04:44:16.000000000 -0700 -+++ keynote-2.3/configure.in 2010-05-24 04:44:55.000000000 -0700 -@@ -21,27 +21,16 @@ - AC_PATH_PROG(ECHO, echo, /bin/echo) - AC_PATH_PROG(SED, sed, /usr/bin/sed) - --dnl Checks for libraries. --LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\ -- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib" -- - AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm") - AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref") - AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto") - AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue") - --dnl Checks for header files. --CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\ -- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\ -- -I/usr/local/openssl/include -I/pkg/include" -- - AC_HEADER_STDC - AC_HEADER_TIME - AC_CHECK_HEADERS(fcntl.h limits.h unistd.h regex.h sys/time.h io.h) - AC_CHECK_HEADERS(ssl/crypto.h openssl/crypto.h crypto.h memory.h) - --dnl Checks for other files -- - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST - AC_CHECK_TYPE(u_int, unsigned int) diff --git a/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch b/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch deleted file mode 100644 index 80d87cf28..000000000 --- a/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch +++ /dev/null @@ -1,36 +0,0 @@ -Add LDFLAGS variable to Makefile so that extra linker flags can be sent via this variable. - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao - -diff --git a/Makefile.in b/Makefile.in -index b216648..42b4827 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -35,6 +35,7 @@ MKDIR = @MKDIR@ - SED = @SED@ - ECHO = @ECHO@ - TR = @TR@ -+LDFLAGS = @LDFLAGS@ - - TARFLAGS = -cvzf ${DISTFILE} - YACCFLAGS2 = -d -p kv -b z -@@ -83,7 +84,7 @@ $(TARGET): $(OBJS) - $(RANLIB) $(TARGET) - - $(TARGET2): $(TARGET) $(OBJS2) -- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS) - - k.tab.c: keynote.y header.h keynote.h assertion.h config.h - $(YACC) $(YACCFLAGS) keynote.y -@@ -131,7 +132,7 @@ $(SSLCERT) $(SSLKEY): - -keyout $(SSLKEY) - - test-sample: all $(OBJS3) -- $(CC) $(CFLAGS) -o $(TARGET3) $(OBJS3) $(LIBS) -+ $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET3) $(OBJS3) $(LIBS) - - test-sig: all $(SSLCERT) $(SSLKEY) - $(SED) -e 's/--.*//' < $(SSLCERT) > $(SSLCERT).1 diff --git a/meta-security/recipes-security/keynote/keynote-2.3/run-ptest b/meta-security/recipes-security/keynote/keynote-2.3/run-ptest deleted file mode 100644 index 4dc35c9d1..000000000 --- a/meta-security/recipes-security/keynote/keynote-2.3/run-ptest +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -cd @PTEST_PATH@ -keynote verify -e testsuite/test-env \ - -r false,maybe,probably,true \ - -k testsuite/auth1 -k testsuite/auth2 \ - -k testsuite/auth3 -k testsuite/auth4 \ - -l testsuite/test-assertion1 \ - -l testsuite/test-assertion2 \ - -l testsuite/test-assertion3 \ - -l testsuite/test-assertion4 \ - -l testsuite/test-assertion5 \ - -l testsuite/test-assertion6 \ - -l testsuite/test-assertion7 \ - && echo "PASS: keynote-ptest" \ - || echo "FAIL: keynote-ptest" diff --git a/meta-security/recipes-security/keynote/keynote_2.3.bb b/meta-security/recipes-security/keynote/keynote_2.3.bb deleted file mode 100644 index e6924858d..000000000 --- a/meta-security/recipes-security/keynote/keynote_2.3.bb +++ /dev/null @@ -1,40 +0,0 @@ -SUMMARY = "Keynote tool and library" -DESCRIPTION = "KeyNote is a simple and flexible trust-management \ - system designed to work well for a variety of large- and small- \ - scale Internet-based applications. \ -" -HOMEPAGE = "http://www.cs.columbia.edu/~angelos/keynote.html" -SECTION = "security" - -LICENSE = "ISC" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3a265095c549c1808686a676f2699c98" - -MAIN_ID = "${@d.getVar('PV').split('.')[0]}" -MINOR_ID = "${@d.getVar('PV').split('.')[1]}" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}-${MAIN_ID}-${MINOR_ID}/${BPN}_${PV}.tar.gz \ - file://configure-remove-hardcode-path.patch \ - file://makefile-add-ldflags.patch \ - file://run-ptest \ -" -S = "${WORKDIR}/${BPN}-${PV}+dfsg.orig" - -inherit autotools-brokensep ptest - -SRC_URI[md5sum] = "a14553e6ad921b5c85026ce5bec3afe7" -SRC_URI[sha256sum] = "38d2acfa1c3630a07adcb5c8fe92d2aef7f0e6d242b8998b2bbb1c6e4c408d46" - -DEPENDS = "flex openssl" - -EXTRA_OEMAKE += "test-sample -j1" - -do_install() { - install -D -m 0755 ${S}/keynote ${D}${bindir}/keynote - install -D -m 0644 ${S}/libkeynote.a ${D}${libdir}/libkeynote.a - install -D -m 0644 ${S}/keynote.h ${D}${includedir}/keynote.h -} - -do_install_ptest() { - install -D -m 0755 ${S}/sample-app ${D}${PTEST_PATH} - cp -r ${S}/testsuite ${D}${PTEST_PATH} - sed -i 's|@PTEST_PATH@|${PTEST_PATH}|' ${D}${PTEST_PATH}/run-ptest -} diff --git a/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb b/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb index 2ead8fa19..a4222b9e9 100644 --- a/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb +++ b/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb @@ -27,6 +27,8 @@ SRC_URI[sha256sum] = "115c3deae7f181778fd0e0ffaa2dad1bf1fe2f5677cf2e0e348cdb7a1c EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \ NO_ARLIB=1 \ + BINDIR=${base_bindir} \ + SBINDIR=${base_sbindir} \ LIBDIR=${base_libdir} \ USRLIBDIR=${base_libdir} \ BUILDFOR=${SITEINFO_BITS}-bit \ diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb index 8d58163c9..9c66db68c 100644 --- a/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb +++ b/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb @@ -35,8 +35,7 @@ do_install_ptest() { done } -FILES_${PN} = "${bindir} ${libdir}/${PN}.so*" +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*" FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug" -RDEPENDS_${PN} = "bash" RDEPENDS_${PN}-ptest = "bash" diff --git a/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch b/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch deleted file mode 100644 index 356b5071b..000000000 --- a/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch +++ /dev/null @@ -1,37 +0,0 @@ -[PATCH] redefine the python library install dir - -Upstream-Status: Pending - -If install-lib is not defined, it is always /usr/lib/, but it -maybe /usr/lib64 for multilib - -Signed-off-by: Roy Li ---- - Makefile.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.in b/Makefile.in -index 1bb062c..cced2fb 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -311,7 +311,7 @@ build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py - - install-zenmap: $(ZENMAPDIR)/setup.py - $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 -- cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --force $(if $(DESTDIR),--root "$(DESTDIR)") -+ cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --force $(if $(DESTDIR),--root "$(DESTDIR)") - $(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/ - # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is - # already a link. -@@ -328,7 +328,7 @@ build-nping: $(NPINGDIR)/Makefile nbase_build nsock_build netutil_build $(NPINGD - @cd $(NPINGDIR) && $(MAKE) - - install-ndiff: -- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)") -+ cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)") - - NSE_FILES = scripts/script.db scripts/*.nse - NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc --- -1.9.1 - diff --git a/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch b/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch deleted file mode 100644 index cfe043af4..000000000 --- a/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch +++ /dev/null @@ -1,48 +0,0 @@ -[PATCH] replace "./shtool mkdir" with coreutils mkdir command - -Upstream-Status: Pending - -"./shtool mkdir" is used when mkdir has not -p parameter, but mkdir in today -most release has supportted the -p parameter, not need to use shtool, and it -can not fix the race if two process are running mkdir to create same dir - -Signed-off-by: Roy Li ---- - ncat/Makefile.in | 4 ++-- - nmap-update/Makefile.in | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ncat/Makefile.in b/ncat/Makefile.in -index cfd306d..2166e08 100644 ---- a/ncat/Makefile.in -+++ b/ncat/Makefile.in -@@ -163,11 +163,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile - - install: $(TARGET) - @echo Installing Ncat; -- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 -+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 - $(INSTALL) -c -m 755 ncat $(DESTDIR)$(bindir)/ncat - $(STRIP) -x $(DESTDIR)$(bindir)/ncat - if [ -n "$(DATAFILES)" ]; then \ -- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(pkgdatadir); \ -+ mkdir -p -m 755 $(DESTDIR)$(pkgdatadir); \ - $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \ - fi - $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1 -diff --git a/nmap-update/Makefile.in b/nmap-update/Makefile.in -index 89ff928..93f48d8 100644 ---- a/nmap-update/Makefile.in -+++ b/nmap-update/Makefile.in -@@ -37,7 +37,7 @@ $(NBASELIB): - cd $(NBASEDIR) && $(MAKE) - - install: nmap-update -- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 -+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 - $(INSTALL) -c -m 755 nmap-update $(DESTDIR)$(bindir) - $(STRIP) -x $(DESTDIR)$(bindir)/nmap-update - $(INSTALL) -c -m 644 ../docs/nmap-update.1 $(DESTDIR)$(mandir)/man1/ --- -1.9.1 - diff --git a/meta-security/recipes-security/nmap/nmap_7.60.bb b/meta-security/recipes-security/nmap/nmap_7.60.bb deleted file mode 100644 index a6616eb13..000000000 --- a/meta-security/recipes-security/nmap/nmap_7.60.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "network auditing tool" -DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf" -SECTION = "security" -LICENSE = "GPL-2.0" - -LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=700c690f4ca6b1754f3f1db8645e42d9" - -SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ - file://nmap-redefine-the-python-library-dir.patch \ - file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ -" - -SRC_URI[md5sum] = "4e454266559ddf2c4e2109866c62560c" -SRC_URI[sha256sum] = "a8796ecc4fa6c38aad6139d9515dc8113023a82e9d787e5a5fb5fa1b05516f21" - -inherit autotools-brokensep pkgconfig pythonnative distro_features_check - -PACKAGECONFIG ?= "ncat nping ndiff pcap" -PACKAGECONFIG += " ${@bb.utils.contains('IMAGE_FEATURES', 'x11-base', 'zenmap', '', d)}" - -PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" -PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpre" -PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" -PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" -PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" - -#disable/enable packages -PACKAGECONFIG[nping] = ",--without-nping," -PACKAGECONFIG[ncat] = ",--without-ncat," -PACKAGECONFIG[ndiff] = ",--without-ndiff,python" -PACKAGECONFIG[update] = ",--without-nmap-update," - -#Add gui -PACKAGECONFIG[zenmap] = "--with-zenmap, --without-zenmap, gtk+ python-core python-codecs python-io python-logging python-unittest python-xml python-netclient python-doctest python-subprocess python-pygtk, python-core python-codecs python-io python-logging python-netclient python-xml python-unittest python-doctest python-subprocess python-pygtk gtk+" - -EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included" - -export PYTHON_SITEPACKAGES_DIR - -do_configure() { - # strip hard coded python2# - sed -i -e 's=python2\.*=python=g' ${S}/configure.ac - sed -i -e 's=python2\.*=python=g' ${S}/configure - autoconf - oe_runconf -} - -PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'zenmap', '${PN}-zenmap', '', d)}" - -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}" -FILES_${PN}-zenmap = "${@bb.utils.contains("PACKAGECONFIG", "zenmap", "${bindir}/*zenmap ${bindir}/xnmap ${datadir}/applications/* ${bindir}/nmapfe ${datadir}/zenmap/* ${PYTHON_SITEPACKAGES_DIR}/radialnet/* ${PYTHON_SITEPACKAGES_DIR}/zenmap*", "", d)}" - -RDEPENDS_${PN} = "python" -RDEPENDS_${PN}-zenmap = "nmap" diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb index 6682d2905..e847847b8 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb @@ -12,6 +12,7 @@ PACKAGES = "\ packagegroup-security-ids \ packagegroup-security-mac \ ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \ " RDEPENDS_packagegroup-core-security = "\ @@ -20,6 +21,7 @@ RDEPENDS_packagegroup-core-security = "\ packagegroup-security-ids \ packagegroup-security-mac \ ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \ " SUMMARY_packagegroup-security-utils = "Security utilities" @@ -27,7 +29,11 @@ RDEPENDS_packagegroup-security-utils = "\ checksec \ nmap \ pinentry \ - scapy \ + python-scapy \ + ding-libs \ + xmlsec1 \ + keyutils \ + libseccomp \ ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \ " @@ -52,13 +58,28 @@ RDEPENDS_packagegroup-security-hardening = " \ SUMMARY_packagegroup-security-ids = "Security Intrusion Detection systems" RDEPENDS_packagegroup-security-ids = " \ tripwire \ - samhain-client \ + samhain-standalone \ suricata \ " SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems" RDEPENDS_packagegroup-security-mac = " \ ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \ " + +SUMMARY_packagegroup-security-ptest = "Security packages with ptests" +RDEPENDS_packagegroup-security-ptest = " \ + samhain-standalone-ptest \ + xmlsec1-ptest \ + keyutils-ptest \ + libseccomp-ptest \ + python-scapy-ptest \ + suricata-ptest \ + tripwire-ptest \ + python3-fail2ban-ptest \ + ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \ + ptest-runner \ + " diff --git a/meta-security/recipes-security/samhain/samhain-client_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-client_4.2.2.bb deleted file mode 100644 index 812408e5e..000000000 --- a/meta-security/recipes-security/samhain/samhain-client_4.2.2.bb +++ /dev/null @@ -1,11 +0,0 @@ -INITSCRIPT_PARAMS = "defaults 15 85" - -require samhain.inc - -# Let the default Logserver be 127.0.0.1 -EXTRA_OECONF += " \ - --with-logserver=${SAMHAIN_SERVER} \ - --with-port=${SAMHAIN_PORT} \ - " - -RDEPENDS_${PN} = "acl zlib attr bash" diff --git a/meta-security/recipes-security/samhain/samhain-client_4.3.0.bb b/meta-security/recipes-security/samhain/samhain-client_4.3.0.bb new file mode 100644 index 000000000..812408e5e --- /dev/null +++ b/meta-security/recipes-security/samhain/samhain-client_4.3.0.bb @@ -0,0 +1,11 @@ +INITSCRIPT_PARAMS = "defaults 15 85" + +require samhain.inc + +# Let the default Logserver be 127.0.0.1 +EXTRA_OECONF += " \ + --with-logserver=${SAMHAIN_SERVER} \ + --with-port=${SAMHAIN_PORT} \ + " + +RDEPENDS_${PN} = "acl zlib attr bash" diff --git a/meta-security/recipes-security/samhain/samhain-server_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-server_4.2.2.bb deleted file mode 100644 index 9341d4440..000000000 --- a/meta-security/recipes-security/samhain/samhain-server_4.2.2.bb +++ /dev/null @@ -1,20 +0,0 @@ -INITSCRIPT_PARAMS = "defaults 14 86" - -require samhain.inc - -DEPENDS = "gmp" - -SRC_URI += "file://samhain-server-volatiles" - -TARGET_CC_ARCH += "${LDFLAGS}" - -do_install_append() { - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/samhain-server-volatiles \ - ${D}${sysconfdir}/default/volatiles/samhain-server - - install -m 700 samhain-install.sh init/samhain.startLinux \ - init/samhain.startLSB ${D}/var/lib/samhain -} - -RDEPENDS_${PN} += "gmp bash perl" diff --git a/meta-security/recipes-security/samhain/samhain-server_4.3.0.bb b/meta-security/recipes-security/samhain/samhain-server_4.3.0.bb new file mode 100644 index 000000000..9341d4440 --- /dev/null +++ b/meta-security/recipes-security/samhain/samhain-server_4.3.0.bb @@ -0,0 +1,20 @@ +INITSCRIPT_PARAMS = "defaults 14 86" + +require samhain.inc + +DEPENDS = "gmp" + +SRC_URI += "file://samhain-server-volatiles" + +TARGET_CC_ARCH += "${LDFLAGS}" + +do_install_append() { + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/samhain-server-volatiles \ + ${D}${sysconfdir}/default/volatiles/samhain-server + + install -m 700 samhain-install.sh init/samhain.startLinux \ + init/samhain.startLSB ${D}/var/lib/samhain +} + +RDEPENDS_${PN} += "gmp bash perl" diff --git a/meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb deleted file mode 100644 index 4fed9e9e9..000000000 --- a/meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb +++ /dev/null @@ -1,31 +0,0 @@ -require samhain.inc - -SRC_URI += "file://samhain-not-run-ptest-on-host.patch \ - file://run-ptest \ -" - -PROVIDES += "samhain" - -SYSTEMD_SERVICE_${PN} = "samhain.service" - -inherit ptest - -do_compile() { - if [ "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'yes', 'no', d)}" = "yes" ]; then - oe_runmake cutest - rm -f ${S}*.o config_xor.h internal.h - fi - oe_runmake "$@" -} - -do_install_append() { - ln -sf ${INITSCRIPT_NAME} ${D}${sysconfdir}/init.d/samhain -} - -do_install_ptest() { - mkdir -p ${D}${PTEST_PATH} - install ${S}/cutest ${D}${PTEST_PATH} -} - -RPROVIDES_${PN} += "samhain" -RCONFLICTS_${PN} = "samhain-client samhain-server" diff --git a/meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb b/meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb new file mode 100644 index 000000000..4fed9e9e9 --- /dev/null +++ b/meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb @@ -0,0 +1,31 @@ +require samhain.inc + +SRC_URI += "file://samhain-not-run-ptest-on-host.patch \ + file://run-ptest \ +" + +PROVIDES += "samhain" + +SYSTEMD_SERVICE_${PN} = "samhain.service" + +inherit ptest + +do_compile() { + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'yes', 'no', d)}" = "yes" ]; then + oe_runmake cutest + rm -f ${S}*.o config_xor.h internal.h + fi + oe_runmake "$@" +} + +do_install_append() { + ln -sf ${INITSCRIPT_NAME} ${D}${sysconfdir}/init.d/samhain +} + +do_install_ptest() { + mkdir -p ${D}${PTEST_PATH} + install ${S}/cutest ${D}${PTEST_PATH} +} + +RPROVIDES_${PN} += "samhain" +RCONFLICTS_${PN} = "samhain-client samhain-server" diff --git a/meta-security/recipes-security/samhain/samhain.inc b/meta-security/recipes-security/samhain/samhain.inc index db96264b3..944bf0d0b 100644 --- a/meta-security/recipes-security/samhain/samhain.inc +++ b/meta-security/recipes-security/samhain/samhain.inc @@ -19,8 +19,11 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://samhain.service \ " -SRC_URI[md5sum] = "f499d5d06bfd1d787073a45bf28dd60f" -SRC_URI[sha256sum] = "0f3e64afb3f00064c9b136d34a72d580cd41248c5941eba0452f364a109003c7" +SRC_URI[md5sum] = "a00e99375675fc6e50cca3e208f5207e" +SRC_URI[sha256sum] = "8551dc3b0851889a2b979097e9c02309b40d48b4659f02efe7fe525ce8361a0d" + +UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html" +UPSTREAM_CHECK_REGEX = "samhain_signed-(?P(\d+(\.\d+)+))\.tar" S = "${WORKDIR}/samhain-${PV}" diff --git a/meta-security/recipes-security/scapy/files/run-ptest b/meta-security/recipes-security/scapy/files/run-ptest new file mode 100755 index 000000000..91b29f907 --- /dev/null +++ b/meta-security/recipes-security/scapy/files/run-ptest @@ -0,0 +1,4 @@ +#!/bin/sh +UTscapy -t regression.uts -f text -l -C \ + -o @PTEST_PATH@/scapy_ptest_$(date +%Y%m%d-%H%M%S).log \ + 2>&1 | sed -e 's/^passed None/PASS:/' -e 's/^failed None/FAIL:/' diff --git a/meta-security/recipes-security/scapy/python-scapy.inc b/meta-security/recipes-security/scapy/python-scapy.inc new file mode 100644 index 000000000..5abe7db76 --- /dev/null +++ b/meta-security/recipes-security/scapy/python-scapy.inc @@ -0,0 +1,20 @@ +SUMMARY = "Network scanning and manipulation tool" +DESCRIPTION = "Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc." +SECTION = "security" +LICENSE = "GPLv2" + +LIC_FILES_CHKSUM = "file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69" + +SRC_URI[md5sum] = "d7d3c4294f5a718e234775d38dbeb7ec" +SRC_URI[sha256sum] = "452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73" + +inherit pypi ptest + +do_install_ptest() { + install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH} + sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest +} + +RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-netclient \ + ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \ + ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto" diff --git a/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb b/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb new file mode 100644 index 000000000..98db1fd6d --- /dev/null +++ b/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb @@ -0,0 +1,6 @@ +inherit setuptools +require python-scapy.inc + +SRC_URI += "file://run-ptest" + +RDEPENDS_${PN} += "${PYTHON_PN}-subprocess" diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb new file mode 100644 index 000000000..93ca7be8a --- /dev/null +++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb @@ -0,0 +1,4 @@ +inherit setuptools3 +require python-scapy.inc + +SRC_URI += "file://run-ptest" diff --git a/meta-security/recipes-security/scapy/scapy/run-ptest b/meta-security/recipes-security/scapy/scapy/run-ptest deleted file mode 100755 index 91b29f907..000000000 --- a/meta-security/recipes-security/scapy/scapy/run-ptest +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -UTscapy -t regression.uts -f text -l -C \ - -o @PTEST_PATH@/scapy_ptest_$(date +%Y%m%d-%H%M%S).log \ - 2>&1 | sed -e 's/^passed None/PASS:/' -e 's/^failed None/FAIL:/' diff --git a/meta-security/recipes-security/scapy/scapy_2.3.3.bb b/meta-security/recipes-security/scapy/scapy_2.3.3.bb deleted file mode 100644 index 1c8685b1a..000000000 --- a/meta-security/recipes-security/scapy/scapy_2.3.3.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "Network scanning and manipulation tool" -DESCRIPTION = "Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc." -SECTION = "security" -LICENSE = "GPLv2" - -LIC_FILES_CHKSUM = "file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69" - -SRC_URI = "https://github.com/secdev/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \ - file://run-ptest \ -" - -SRC_URI[md5sum] = "336d6832110efcf79ad30c9856ef5842" -SRC_URI[sha256sum] = "67642cf7b806e02daeddd588577588caebddc3426db7904e7999a0b0334a63b5" - -inherit setuptools ptest - -do_install_ptest() { - install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH} - sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest -} - -RDEPENDS_${PN} = "tcpdump python-subprocess python-compression python-netclient \ - python-netserver python-pydoc python-pkgutil python-shell \ - python-threading python-numbers python-pycrypto" diff --git a/meta-security/recipes-security/sssd/sssd_1.16.0.bb b/meta-security/recipes-security/sssd/sssd_1.16.0.bb deleted file mode 100644 index ff5b618bc..000000000 --- a/meta-security/recipes-security/sssd/sssd_1.16.0.bb +++ /dev/null @@ -1,73 +0,0 @@ -SUMMARY = "system security services daemon" -DESCRIPTION = "SSSD is a system security services daemon" -HOMEPAGE = "https://fedorahosted.org/sssd/" -SECTION = "base" -LICENSE = "GPLv3+" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -DEPENDS = "openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive" -DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent" - -SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ - file://sssd.conf " - -SRC_URI[md5sum] = "f721ace2ebfa6744cfea55e3ecd2d82f" -SRC_URI[sha256sum] = "c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f" - -inherit autotools pkgconfig gettext update-rc.d python-dir distro_features_check - -REQUIRED_DISTRO_FEATURES = "pam" - -CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \ - ac_cv_path_NSUPDATE=${bindir} \ - ac_cv_path_PYTHON2=${PYTHON_DIR} ac_cv_prog_HAVE_PYTHON3=${PYTHON_DIR} \ - " - -PACKAGECONFIG ?="nss nscd" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" - -PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, " -PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba" -PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux" -PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no" -PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings" -PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings" -PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss," -PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto" -PACKAGECONFIG[nscd] = "--with-nscd=${sbindir}, --with-nscd=no " -PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" -PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/, --with-systemdunitdir=" -PACKAGECONFIG[http] = "--with-secrets, --without-secrets, apache2" -PACKAGECONFIG[curl] = "--with-secrets --with-kcm, --without-secrets --without-kcm, curl" - -EXTRA_OECONF += "--disable-cifs-idmap-plugin --without-nfsv4-idmapd-plugin --without-ipa-getkeytab" - -do_configure_prepend() { - mkdir -p ${AUTOTOOLS_AUXDIR}/build - cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${AUTOTOOLS_AUXDIR}/build/ - - # libresove has host path, remove it - sed -i -e "s#\$sss_extra_libdir##" ${S}/src/external/libresolv.m4 -} - -do_install () { - oe_runmake install DESTDIR="${D}" - rmdir --ignore-fail-on-non-empty "${D}/${bindir}" - install -d ${D}/${sysconfdir}/${BPN} - install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN} -} - -CONFFILES_${PN} = "${sysconfdir}/${BPN}/${BPN}.conf" - -INITSCRIPT_NAME = "sssd" -INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." -SYSTEMD_SERVICE_${PN} = "${BPN}.service" -SYSTEMD_AUTO_ENABLE = "disable" - -FILES_${PN} += "${libdir} ${datadir} /run ${libdir}/*.so* " -FILES_${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" - -# The package contains symlinks that trip up insane -INSANE_SKIP_${PN} = "dev-so" - -RDEPENDS_${PN} += "bind dbus" diff --git a/meta-security/recipes-security/sssd/sssd_1.16.3.bb b/meta-security/recipes-security/sssd/sssd_1.16.3.bb new file mode 100644 index 000000000..8f7f805fd --- /dev/null +++ b/meta-security/recipes-security/sssd/sssd_1.16.3.bb @@ -0,0 +1,73 @@ +SUMMARY = "system security services daemon" +DESCRIPTION = "SSSD is a system security services daemon" +HOMEPAGE = "https://pagure.io/SSSD/sssd/" +SECTION = "base" +LICENSE = "GPLv3+" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +DEPENDS = "openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive" +DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent" + +SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ + file://sssd.conf " + +SRC_URI[md5sum] = "af4288c9d1f9953e3b3b6e0b165a5ece" +SRC_URI[sha256sum] = "ee5d17a0c663c09819cbab9364085b9e57faeca02406cc30efe14cc0cfc04ec4" + +inherit autotools pkgconfig gettext update-rc.d python-dir distro_features_check + +REQUIRED_DISTRO_FEATURES = "pam" + +CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \ + ac_cv_path_NSUPDATE=${bindir} \ + ac_cv_path_PYTHON2=${PYTHON_DIR} ac_cv_prog_HAVE_PYTHON3=${PYTHON_DIR} \ + " + +PACKAGECONFIG ?="nss nscd" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" + +PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, " +PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba" +PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux" +PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no" +PACKAGECONFIG[python2] = "--with-python2-bindings, --without-python2-bindings" +PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings" +PACKAGECONFIG[nss] = "--with-crypto=nss, ,nss," +PACKAGECONFIG[cyrpto] = "--with-crypto=libcrypto, , libcrypto" +PACKAGECONFIG[nscd] = "--with-nscd=${sbindir}, --with-nscd=no " +PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl" +PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/, --with-systemdunitdir=" +PACKAGECONFIG[http] = "--with-secrets, --without-secrets, apache2" +PACKAGECONFIG[curl] = "--with-secrets --with-kcm, --without-secrets --without-kcm, curl" + +EXTRA_OECONF += "--disable-cifs-idmap-plugin --without-nfsv4-idmapd-plugin --without-ipa-getkeytab" + +do_configure_prepend() { + mkdir -p ${AUTOTOOLS_AUXDIR}/build + cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${AUTOTOOLS_AUXDIR}/build/ + + # libresove has host path, remove it + sed -i -e "s#\$sss_extra_libdir##" ${S}/src/external/libresolv.m4 +} + +do_install () { + oe_runmake install DESTDIR="${D}" + rmdir --ignore-fail-on-non-empty "${D}/${bindir}" + install -d ${D}/${sysconfdir}/${BPN} + install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN} +} + +CONFFILES_${PN} = "${sysconfdir}/${BPN}/${BPN}.conf" + +INITSCRIPT_NAME = "sssd" +INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ." +SYSTEMD_SERVICE_${PN} = "${BPN}.service" +SYSTEMD_AUTO_ENABLE = "disable" + +FILES_${PN} += "${libdir} ${datadir} /run ${libdir}/*.so* " +FILES_${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" + +# The package contains symlinks that trip up insane +INSANE_SKIP_${PN} = "dev-so" + +RDEPENDS_${PN} += "bind dbus" diff --git a/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz b/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz new file mode 100644 index 000000000..aed375474 Binary files /dev/null and b/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz differ diff --git a/meta-security/recipes-security/suricata/files/run-ptest b/meta-security/recipes-security/suricata/files/run-ptest new file mode 100644 index 000000000..666ba9c95 --- /dev/null +++ b/meta-security/recipes-security/suricata/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +suricata -u diff --git a/meta-security/recipes-security/suricata/files/suricata.service b/meta-security/recipes-security/suricata/files/suricata.service new file mode 100644 index 000000000..a99a76ef8 --- /dev/null +++ b/meta-security/recipes-security/suricata/files/suricata.service @@ -0,0 +1,20 @@ +[Unit] +Description=Suricata IDS/IDP daemon +After=network.target +Requires=network.target +Documentation=man:suricata(8) man:suricatasc(8) +Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki + +[Service] +Type=simple +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW +RestrictAddressFamilies= +ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0 +ExecReload=/bin/kill -HUP $MAINPID +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=yes + +[Install] +WantedBy=multi-user.target + diff --git a/meta-security/recipes-security/suricata/files/suricata.yaml b/meta-security/recipes-security/suricata/files/suricata.yaml index 90417b03d..8d06a2744 100644 --- a/meta-security/recipes-security/suricata/files/suricata.yaml +++ b/meta-security/recipes-security/suricata/files/suricata.yaml @@ -787,7 +787,7 @@ logging: enabled: no filename: /var/log/suricata.log - syslog: - enabled: no + enabled: yes facility: local5 format: "[%i] <%d> -- " diff --git a/meta-security/recipes-security/suricata/libhtp_0.5.25.bb b/meta-security/recipes-security/suricata/libhtp_0.5.25.bb deleted file mode 100644 index 8305f7010..000000000 --- a/meta-security/recipes-security/suricata/libhtp_0.5.25.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces." - -require suricata.inc - -LIC_FILES_CHKSUM = "file://../LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" - -DEPENDS = "zlib" - -inherit autotools pkgconfig - -CFLAGS += "-D_DEFAULT_SOURCE" - -S = "${WORKDIR}/suricata-${VER}/${BPN}" - -RDEPENDS_${PN} += "zlib" diff --git a/meta-security/recipes-security/suricata/libhtp_0.5.27.bb b/meta-security/recipes-security/suricata/libhtp_0.5.27.bb new file mode 100644 index 000000000..8305f7010 --- /dev/null +++ b/meta-security/recipes-security/suricata/libhtp_0.5.27.bb @@ -0,0 +1,15 @@ +SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces." + +require suricata.inc + +LIC_FILES_CHKSUM = "file://../LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" + +DEPENDS = "zlib" + +inherit autotools pkgconfig + +CFLAGS += "-D_DEFAULT_SOURCE" + +S = "${WORKDIR}/suricata-${VER}/${BPN}" + +RDEPENDS_${PN} += "zlib" diff --git a/meta-security/recipes-security/suricata/suricata.inc b/meta-security/recipes-security/suricata/suricata.inc index a2d36eb61..1f421210d 100644 --- a/meta-security/recipes-security/suricata/suricata.inc +++ b/meta-security/recipes-security/suricata/suricata.inc @@ -2,8 +2,8 @@ HOMEPAGE = "http://suricata-ids.org/" SECTION = "security Monitor/Admin" LICENSE = "GPLv2" -VER = "4.0.0" +VER = "4.0.5" SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz" -SRC_URI[md5sum] = "41fb91b4cbc6705b353e4bdd02c3df4b" -SRC_URI[sha256sum] = "6b8b183a8409829ca92c71854cc1abed45f04ccfb7f14c08211f4edf571fa577" +SRC_URI[md5sum] = "ea0cb823d6a86568152f75ade6de442f" +SRC_URI[sha256sum] = "74dacb4359d57fbd3452e384eeeb1dd77b6ae00f02e9994ad5a7b461d5f4c6c2" diff --git a/meta-security/recipes-security/suricata/suricata_4.0.0.bb b/meta-security/recipes-security/suricata/suricata_4.0.0.bb deleted file mode 100644 index e16348670..000000000 --- a/meta-security/recipes-security/suricata/suricata_4.0.0.bb +++ /dev/null @@ -1,60 +0,0 @@ -SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine" - -require suricata.inc - -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" - -SRC_URI += " \ - file://volatiles.03_suricata \ - file://suricata.yaml \ - " - -inherit autotools-brokensep pkgconfig python-dir - -CFLAGS += "-D_DEFAULT_SOURCE" - -CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes " - -EXTRA_OECONF += " --disable-debug \ - --enable-non-bundled-htp \ - --disable-gccmarch-native \ - " - -PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr" -PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp," -PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," -PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," -PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap ," -PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " -PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," -PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," - -PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" -PACKAGECONFIG[file] = ",,file, file" -PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," -PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," -PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" - -export logdir = "${localstatedir}/log" - -do_install_append () { - install -d ${D}${sysconfdir}/suricata - install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles - install -m 644 classification.config ${D}${sysconfdir}/suricata - install -m 644 reference.config ${D}${sysconfdir}/suricata - install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata - install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata -} - -pkg_postinst_ontarget_${PN} () { -if [ -e /etc/init.d/populate-volatile.sh ] ; then - ${sysconfdir}/init.d/populate-volatile.sh update -fi - ${bindir}/suricata -c ${sysconfdir}/suricata.yaml -i eth0 -} - -PACKAGES += "${PN}-python" -FILES_${PN} = "${bindir}/suricata ${sysconfdir}/default ${sysconfdir}/suricata ${logdir}/suricata" -FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" - -RDEPENDS_${PN}-python = "python" diff --git a/meta-security/recipes-security/suricata/suricata_4.0.5.bb b/meta-security/recipes-security/suricata/suricata_4.0.5.bb new file mode 100644 index 000000000..6c0a109be --- /dev/null +++ b/meta-security/recipes-security/suricata/suricata_4.0.5.bb @@ -0,0 +1,96 @@ +SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine" + +require suricata.inc + +LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" + +SRC_URI += "file://emerging.rules.tar.gz;name=rules" + +SRC_URI += " \ + file://volatiles.03_suricata \ + file://suricata.yaml \ + file://suricata.service \ + file://run-ptest \ + " + +SRC_URI[rules.md5sum] = "205c5e5b54e489207ed892c03ad75b33" +SRC_URI[rules.sha256sum] = "4aa81011b246875a57181c6a0569ca887845e366904bcaf0043220f33bd69798" + +inherit autotools-brokensep pkgconfig python-dir systemd ptest + +CFLAGS += "-D_DEFAULT_SOURCE" + +CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes \ + ac_cv_path_HAVE_WGET=no ac_cv_path_HAVE_CURL=no " + +EXTRA_OECONF += " --disable-debug \ + --enable-non-bundled-htp \ + --disable-gccmarch-native \ + " + +PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr" +PACKAGECONFIG_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}" + +PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp," +PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," +PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," +PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap ," +PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " +PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," +PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," +PACKAGECONFIG[nfq] = "--enable-nfqueue, --disable-nfqueue,libnetfilter-queue," + +PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" +PACKAGECONFIG[file] = ",,file, file" +PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," +PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," +PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python" +PACKAGECONFIG[unittests] = "--enable-unittests, --disable-unittests," + +export logdir = "${localstatedir}/log" + +do_install_append () { + + install -d ${D}${sysconfdir}/suricata + + oe_runmake install-conf DESTDIR=${D} + + # mimic move of downloaded rules to e_sysconfrulesdir + cp -rf ${WORKDIR}/rules ${D}${sysconfdir}/suricata + + oe_runmake install-rules DESTDIR=${D} + + install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata + + install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata + + install -d ${D}${systemd_unitdir}/system + sed -e s:/etc:${sysconfdir}:g \ + -e s:/var/run:/run:g \ + -e s:/var:${localstatedir}:g \ + -e s:/usr/bin:${bindir}:g \ + -e s:/bin/kill:${base_bindir}/kill:g \ + -e s:/usr/lib:${libdir}:g \ + ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + + # Remove /var/run as it is created on startup + rm -rf ${D}${localstatedir}/run + +} + +pkg_postinst_ontarget_${PN} () { +if [ -e /etc/init.d/populate-volatile.sh ] ; then + ${sysconfdir}/init.d/populate-volatile.sh update +fi +} + +SYSTEMD_PACKAGES = "${PN}" + +PACKAGES =+ "${PN}-socketcontrol" +FILES_${PN} += "${systemd_unitdir}" +FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" + +CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml" + +RDEPENDS_${PN}-python = "python" diff --git a/meta-security/recipes-security/tripwire/files/run-ptest b/meta-security/recipes-security/tripwire/files/run-ptest new file mode 100644 index 000000000..aedfddc59 --- /dev/null +++ b/meta-security/recipes-security/tripwire/files/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +./twtest.pl diff --git a/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb b/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb index 465960f23..59d1f35c5 100644 --- a/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb +++ b/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb @@ -16,11 +16,12 @@ SRC_URI = "\ file://twcfg.txt \ file://twinstall.sh \ file://twpol-yocto.txt \ + file://run-ptest \ " S = "${WORKDIR}/git" -inherit autotools-brokensep update-rc.d +inherit autotools-brokensep update-rc.d ptest INITSCRIPT_NAME = "tripwire" INITSCRIPT_PARAMS = "start 40 S ." @@ -58,9 +59,15 @@ do_install () { install -m 0644 ${WORKDIR}/tripwire.txt ${D}${docdir}/${BPN} } +do_install_ptest_append () { + install -d ${D}${PTEST_PATH}/tests + cp -a ${S}/src/test-harness/* ${D}${PTEST_PATH} +} FILES_${PN} += "${libdir} ${docdir}/${PN}/*" FILES_${PN}-dbg += "${sysconfdir}/${PN}/.debug" FILES_${PN}-staticdev += "${localstatedir}/lib/${PN}/lib*.a" +FILES_${PN}-ptest += "${PTEST_PATH}/tests " RDEPENDS_${PN} += " perl nano msmtp cronie" +RDEPENDS_${PN}-ptest = " perl lib-perl" diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch b/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch index fcc63b34c..1cec47fca 100644 --- a/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch +++ b/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch @@ -1,4 +1,4 @@ -From 47379747e34f952d31af028c672940ca7859ae3c Mon Sep 17 00:00:00 2001 +From c1c980a95d85bcaf8802524d6148783522b300d7 Mon Sep 17 00:00:00 2001 From: Yulong Pei Date: Wed, 21 Jul 2010 22:33:43 +0800 Subject: [PATCH] change finding path of nss and nspr @@ -7,66 +7,61 @@ Upstream-Status: Pending Signed-off-by: Yulong Pei Signed-off-by: Mingli Yu - +Signed-off-by: Yi Zhao --- - configure.ac | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) + configure.ac | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/configure.ac b/configure.ac -index 3278200..6edec7d 100644 +index 951b3eb..1fdeb0f 100644 --- a/configure.ac +++ b/configure.ac -@@ -644,7 +644,7 @@ if test "z$NSS_FOUND" = "zno" ; then +@@ -866,10 +866,10 @@ MOZILLA_MIN_VERSION="1.4" + NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss" + NSPR_PACKAGE=mozilla-nspr + NSS_PACKAGE=mozilla-nss +-NSPR_INCLUDE_MARKER="nspr/nspr.h" ++NSPR_INCLUDE_MARKER="nspr.h" + NSPR_LIB_MARKER="libnspr4$shrext" + NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4" +-NSS_INCLUDE_MARKER="nss/nss.h" ++NSS_INCLUDE_MARKER="nss3/nss.h" + NSS_LIB_MARKER="libnss3$shrext" + NSS_LIBS_LIST="-lnss3 -lsmime3" - if test "z$with_nspr" != "z" ; then - NSPR_PREFIX="$with_nspr" -- NSPR_CFLAGS="-I$with_nspr/include -I$with_nspr/include/nspr" -+ NSPR_CFLAGS="-I$with_nspr/usr/include -I$with_nspr/usr/include/nspr4" - if test "z$with_gnu_ld" = "zyes" ; then - NSPR_LIBS="-Wl,-rpath-link -Wl,$with_nspr/lib -L$with_nspr/lib $NSPR_LIBS_LIST" - else -@@ -652,7 +652,7 @@ if test "z$NSS_FOUND" = "zno" ; then - fi - NSPR_INCLUDES_FOUND="yes" - NSPR_LIBS_FOUND="yes" -- NSPR_PRINIT_H="$with_nspr/include/prinit.h" -+ NSPR_PRINIT_H="$with_nspr/usr/include/nspr4/prinit.h" +@@ -898,24 +898,24 @@ fi + dnl Priority 1: User specifies the path to installation + if test "z$NSPR_FOUND" = "zno" -a "z$with_nspr" != "z" -a "z$with_nspr" != "zyes" ; then + AC_MSG_CHECKING(for nspr library installation in "$with_nspr" folder) +- if test -f "$with_nspr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/lib/$NSPR_LIB_MARKER" ; then +- NSPR_INCLUDE_PATH="$with_nspr/include" +- NSPR_LIB_PATH="$with_nspr/lib" ++ if test -f "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/${libdir}/$NSPR_LIB_MARKER" ; then ++ NSPR_INCLUDE_PATH="$with_nspr/usr/include" ++ NSPR_LIB_PATH="$with_nspr/${libdir}" + NSPR_FOUND="yes" + AC_MSG_RESULT([yes]) else - for dir in $ac_nss_inc_dir ; do - if test -f $dir/nspr/prinit.h ; then -@@ -690,7 +690,7 @@ if test "z$NSS_FOUND" = "zno" ; then - OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$NSPR_CFLAGS" - AC_EGREP_CPP(yes,[ -- #include -+ #include - #if PR_VMAJOR >= 4 - yes - #endif -@@ -715,7 +715,7 @@ if test "z$NSS_FOUND" = "zno" ; then - NSS_NSS_H="" - - if test "z$with_nss" != "z" ; then -- NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/include -I$with_nss/include/nss" -+ NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/usr/include -I$with_nss/usr/include/nss3 -I$with_nspr/usr/include/nspr4" - if test "z$with_gnu_ld" = "zyes" ; then - NSS_LIBS="$NSS_LIBS -Wl,-rpath-link -Wl,$with_nss/lib -L$with_nss/lib $NSS_LIBS_LIST" - else -@@ -723,7 +723,7 @@ if test "z$NSS_FOUND" = "zno" ; then - fi - NSS_INCLUDES_FOUND="yes" - NSS_LIBS_FOUND="yes" -- NSS_NSS_H="$with_nss/include/nss.h" -+ NSS_NSS_H="$with_nss/usr/include/nss3/nss.h" +- AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/lib/$NSPR_LIB_MARKER" files don't exist), typo?]) ++ AC_MSG_ERROR([not found: "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/${libdir}/$NSPR_LIB_MARKER" files don't exist), typo?]) + fi + fi + if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != "zyes" ; then + AC_MSG_CHECKING(for nss library installation in "$with_nss" folder) +- if test -f "$with_nss/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/lib/$NSS_LIB_MARKER" ; then +- NSS_INCLUDE_PATH="$with_nss/include" +- NSS_LIB_PATH="$with_nss/lib" ++ if test -f "$with_nss/usr/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/${libdir}/$NSS_LIB_MARKER" ; then ++ NSS_INCLUDE_PATH="$with_nss/usr/include/nss3" ++ NSS_LIB_PATH="$with_nss/${libdir}" + NSS_FOUND="yes" + AC_MSG_RESULT([yes]) else - for dir in $ac_nss_inc_dir ; do - if test -f $dir/nss/nss.h ; then -@@ -761,7 +761,7 @@ if test "z$NSS_FOUND" = "zno" ; then - OLD_CPPFLAGS=$CPPFLAGS - CPPFLAGS="$NSPR_CFLAGS $NSS_CFLAGS" - AC_EGREP_CPP(yes,[ -- #include -+ #include - #if NSS_VMAJOR >= 3 && NSS_VMINOR >= 2 - yes - #endif +- AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/lib/$NSS_LIB_MARKER" files don't exist), typo?]) ++ AC_MSG_ERROR([not found: "$with_nss/usr/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/${libdir}/$NSS_LIB_MARKER" files don't exist), typo?]) + fi + fi + +-- +2.7.4 + diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch b/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch deleted file mode 100644 index 5f967bbaa..000000000 --- a/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 1d8ae4b32bd76c19ec238f30eb9b1ee582cbe990 Mon Sep 17 00:00:00 2001 -From: Jackie Huang -Date: Fri, 2 Mar 2018 01:10:58 -0800 -Subject: [PATCH] xmlsec1: fix a typo in examples/verify3.c - -Upstream-Status: Submitted [https://github.com/lsh123/xmlsec/pull/153] - -Signed-off-by: Jackie Huang - ---- - examples/verify3.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/examples/verify3.c b/examples/verify3.c -index 2d26ae7..68f52ab 100644 ---- a/examples/verify3.c -+++ b/examples/verify3.c -@@ -1,4 +1,4 @@ --4/** -+/** - * XML Security Library example: Verifying a file signed with X509 certificate - * - * Verifies a file signed with X509 certificate. diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb deleted file mode 100644 index 341ca08fd..000000000 --- a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb +++ /dev/null @@ -1,57 +0,0 @@ -SUMMARY = "XML Security Library is a C library based on LibXML2" -DESCRIPTION = "\ - XML Security Library is a C library based on \ - LibXML2 and OpenSSL. The library was created with a goal to support major \ - XML security standards "XML Digital Signature" and "XML Encryption". \ - " -HOMEPAGE = "http://www.aleksey.com/xmlsec/" -DEPENDS = "libtool libxml2 libxslt openssl zlib libgcrypt gnutls nss nspr libgpg-error" - -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://COPYING;md5=352791d62092ea8104f085042de7f4d0" - -SECTION = "libs" - -SRC_URI = "http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \ - file://fix-ltmain.sh.patch \ - file://change-finding-path-of-nss.patch \ - file://makefile-ptest.patch \ - file://xmlsec1-examples-allow-build-in-separate-dir.patch \ - file://xmlsec1-fix-a-typo-in-examples-verify3.c.patch \ - file://run-ptest \ - " - -SRC_URI[md5sum] = "dbbef1efc69e61bc4629650205a05b41" -SRC_URI[sha256sum] = "967ca83edf25ccb5b48a3c4a09ad3405a63365576503bf34290a42de1b92fcd2" - -inherit autotools-brokensep ptest pkgconfig - -CFLAGS += "-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3" -CPPFLAGS += "-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3" - -EXTRA_OECONF = "\ - --with-nss=${STAGING_LIBDIR}/../.. --with-nspr=${STAGING_LIBDIR}/../.. \ - " - -FILES_${PN}-dev += "${libdir}/xmlsec1Conf.sh" -FILES_${PN}-dbg += "${PTEST_PATH}/.debug/*" - -RDEPENDS_${PN}-ptest += "${PN}-dev" -INSANE_SKIP_${PN}-ptest += "dev-deps" - -PTEST_EXTRA_ARGS = "top_srcdir=${S} top_builddir=${B}" - -do_compile_ptest () { - oe_runmake -C ${S}/examples ${PTEST_EXTRA_ARGS} all -} - -do_install_append() { - for i in ${bindir}/xmlsec1-config ${libdir}/xmlsec1Conf.sh \ - ${libdir}/pkgconfig/xmlsec1-openssl.pc; do - sed -i -e "s@${RECIPE_SYSROOT}@@g" ${D}$i - done -} - -do_install_ptest () { - oe_runmake -C ${S}/examples DESTDIR=${D}${PTEST_PATH} ${PTEST_EXTRA_ARGS} install-ptest -} diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb new file mode 100644 index 000000000..2dbbf331e --- /dev/null +++ b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb @@ -0,0 +1,56 @@ +SUMMARY = "XML Security Library is a C library based on LibXML2" +DESCRIPTION = "\ + XML Security Library is a C library based on \ + LibXML2 and OpenSSL. The library was created with a goal to support major \ + XML security standards "XML Digital Signature" and "XML Encryption". \ + " +HOMEPAGE = "http://www.aleksey.com/xmlsec/" +DEPENDS = "libtool libxml2 libxslt openssl zlib libgcrypt gnutls nss nspr libgpg-error" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://COPYING;md5=352791d62092ea8104f085042de7f4d0" + +SECTION = "libs" + +SRC_URI = "http://www.aleksey.com/xmlsec/download/${BP}.tar.gz \ + file://fix-ltmain.sh.patch \ + file://change-finding-path-of-nss.patch \ + file://makefile-ptest.patch \ + file://xmlsec1-examples-allow-build-in-separate-dir.patch \ + file://run-ptest \ + " + +SRC_URI[md5sum] = "9c4aaf9ff615a73921b9e3bf4988d878" +SRC_URI[sha256sum] = "8d8276c9c720ca42a3b0023df8b7ae41a2d6c5f9aa8d20ed1672d84cc8982d50" + +inherit autotools-brokensep ptest pkgconfig + +CFLAGS += "-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3" +CPPFLAGS += "-I${STAGING_INCDIR}/nspr4 -I${STAGING_INCDIR}/nss3" + +EXTRA_OECONF = "\ + --with-nss=${STAGING_LIBDIR}/../.. --with-nspr=${STAGING_LIBDIR}/../.. \ + " + +FILES_${PN}-dev += "${libdir}/xmlsec1Conf.sh" +FILES_${PN}-dbg += "${PTEST_PATH}/.debug/*" + +RDEPENDS_${PN}-ptest += "${PN}-dev" +INSANE_SKIP_${PN}-ptest += "dev-deps" + +PTEST_EXTRA_ARGS = "top_srcdir=${S} top_builddir=${B}" + +do_compile_ptest () { + oe_runmake -C ${S}/examples ${PTEST_EXTRA_ARGS} all +} + +do_install_append() { + for i in ${bindir}/xmlsec1-config ${libdir}/xmlsec1Conf.sh \ + ${libdir}/pkgconfig/xmlsec1-openssl.pc; do + sed -i -e "s@${RECIPE_SYSROOT}@@g" ${D}$i + done +} + +do_install_ptest () { + oe_runmake -C ${S}/examples DESTDIR=${D}${PTEST_PATH} ${PTEST_EXTRA_ARGS} install-ptest +} -- cgit v1.2.3