From 95dbbacea0332d5a8e5adebbed8de3a64d515118 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Mon, 2 Dec 2019 13:55:25 -0500 Subject: meta-security: subtree update:27ddb45554..fa800e5261 Christophe PRIOUZEAU (1): cryptsetup tpm incubator: fix installed vs shipped Christopher Larson (3): checksecurity: use more portable find args clamav: add tmpfiles.d config suricata: add tmpfiles.d config Ming Liu (1): meta: inherit features_check instead of distro_features_check Norbert Kaminski (1): meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES and append EXTRA_OECONF Change-Id: I51369027c747f12d64adb8dbe0262dfb96937ad1 Signed-off-by: Brad Bishop --- .../checksecurity/checksecurity_2.0.15.bb | 3 ++- .../check-setuid-use-more-portable-find-args.patch | 23 ++++++++++++++++++++++ .../recipes-security/clamav/clamav_0.99.4.bb | 8 +++++++- .../recipes-security/clamav/files/tmpfiles.clamav | 3 +++ .../google-authenticator-libpam_1.05.bb | 2 +- .../packagegroup-core-security-ptest.bb | 2 +- meta-security/recipes-security/sssd/sssd_1.16.4.bb | 2 +- 7 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch create mode 100644 meta-security/recipes-security/clamav/files/tmpfiles.clamav (limited to 'meta-security/recipes-security') diff --git a/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb b/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb index a9616911b..030bf2515 100644 --- a/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb +++ b/meta-security/recipes-security/checksecurity/checksecurity_2.0.15.bb @@ -5,7 +5,8 @@ LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ - file://setuid-log-folder.patch" + file://setuid-log-folder.patch \ + file://check-setuid-use-more-portable-find-args.patch" SRC_URI[md5sum] = "a30161c3e24d3be710b2fd13fcd1f32f" SRC_URI[sha256sum] = "67abe3d6391c96146e96f376d3fd6eb7a9418b0f7fe205b465219889791dba32" diff --git a/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch new file mode 100644 index 000000000..f1fe8edce --- /dev/null +++ b/meta-security/recipes-security/checksecurity/files/check-setuid-use-more-portable-find-args.patch @@ -0,0 +1,23 @@ +From f3073b8e06a607677d47ad9a19533b2e33408a4f Mon Sep 17 00:00:00 2001 +From: Christopher Larson +Date: Wed, 5 Sep 2018 23:21:43 +0500 +Subject: [PATCH] check-setuid: use more portable find args + +Signed-off-by: Christopher Larson +--- + plugins/check-setuid | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: checksecurity-2.0.15/plugins/check-setuid +=================================================================== +--- checksecurity-2.0.15.orig/plugins/check-setuid 2018-09-06 00:49:23.930934294 +0500 ++++ checksecurity-2.0.15/plugins/check-setuid 2018-09-06 00:49:49.694934757 +0500 +@@ -99,7 +99,7 @@ + ionice -t -c3 \ + find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ + -xdev $PATHCHK \ +- \( -type f -perm +06000 -o \( \( -type b -o -type c \) \ ++ \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \ + $DEVCHK \) \) \ + -ignore_readdir_race \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | diff --git a/meta-security/recipes-security/clamav/clamav_0.99.4.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb index 7f0433777..a340b4856 100644 --- a/meta-security/recipes-security/clamav/clamav_0.99.4.bb +++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \ file://clamd.conf \ file://freshclam.conf \ file://volatiles.03_clamav \ + file://tmpfiles.clamav \ file://${BPN}.service \ file://freshclam-native.conf \ " @@ -104,11 +105,15 @@ do_install_append_class-target () { install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/. if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf fi } pkg_postinst_ontarget_${PN} () { - if [ -e /etc/init.d/populate-volatile.sh ] ; then + if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf + elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then ${sysconfdir}/init.d/populate-volatile.sh update fi mkdir -p ${localstatedir}/lib/clamav @@ -140,6 +145,7 @@ FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \ FILES_${PN}-freshclam = "${bindir}/freshclam \ ${sysconfdir}/freshclam.conf* \ ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \ + ${sysconfdir}/tmpfiles.d/*.conf \ ${localstatedir}/lib/clamav \ ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \ ${mandir}/man5/freshclam.conf.* \ diff --git a/meta-security/recipes-security/clamav/files/tmpfiles.clamav b/meta-security/recipes-security/clamav/files/tmpfiles.clamav new file mode 100644 index 000000000..fd5adfeeb --- /dev/null +++ b/meta-security/recipes-security/clamav/files/tmpfiles.clamav @@ -0,0 +1,3 @@ +#Type Path Mode UID GID Age Argument +d /var/log/clamav 0755 clamav clamav - +f /var/log/clamav/freshclam.log 0644 clamav clamav - diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb index 73b802fb9..2181629bd 100644 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.05.bb @@ -10,7 +10,7 @@ DEPENDS = "libpam" S = "${WORKDIR}/git" -inherit autotools distro_features_check +inherit autotools features_check REQUIRED_DISTRO_FEATURES = "pam" diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb index 39873b850..83a9ed83e 100644 --- a/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb +++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security-ptest.bb @@ -3,7 +3,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" -inherit distro_features_check +inherit features_check REQUIRED_DISTRO_FEATURES = "ptest" diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.4.bb index 34bc8c804..089a99e0d 100644 --- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb +++ b/meta-security/recipes-security/sssd/sssd_1.16.4.bb @@ -14,7 +14,7 @@ SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\ SRC_URI[md5sum] = "757bbb6f15409d8d075f4f06cb678d50" SRC_URI[sha256sum] = "6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959" -inherit autotools pkgconfig gettext python-dir distro_features_check +inherit autotools pkgconfig gettext python-dir features_check REQUIRED_DISTRO_FEATURES = "pam" -- cgit v1.2.3