diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2021-08-08 03:21:33 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2021-08-11 23:39:32 +0300 |
| commit | 213cb2696d00a85cd48d356cb5131824a302d828 (patch) | |
| tree | bfdf8fcdfef3a88e392ca3acfca6dec4dc836c9f /meta-openembedded/meta-oe/recipes-security | |
| parent | 40d8f44b51f83548f7ca8df062dd7435b784c0a8 (diff) | |
| download | openbmc-213cb2696d00a85cd48d356cb5131824a302d828.tar.xz | |
subtree updates
meta-raspberrypi: 8dc3a31088..c7f4c739a3:
Khem Raj (5):
linux-raspberrypi: Upgrade to 5.10.52
userland: Update to latest master branch
raspberrypi-firmware: Update to latest
raspberrypi-tools: Update to latest
sdcard_image-rpi.bbclass: Fix IMAGE_TYPEDEP override to use new syntax
Martin Jansa (4):
Convert to new override syntax
Manually fix conversion
layer.conf: Update to honister
userland: package man pages in PN-doc
Pierre-Jean Texier (2):
kas: local.conf: bump CONF_VERSION variable
kas: local.conf: disable prelink
poky: 17aabc0127..492205ea83:
Alexander Kanavin (17):
llvm: update 12.0.0 -> 12.0.1
systemd: update 248.3 -> 249.1
python3-testools: update 2.4.0 -> 2.5.0
libuv: update 1.41.0 -> 1.42.0
gnu-config: update to latest revision
vulkan-samples: update to latest revision
cmake: update 3.20.5 -> 3.21.0
cmake: update 3.21.0 -> 3.21.1
mtools: update 4.0.32 -> 4.0.34
util-linux: update 2.37 -> 2.37.1
iputils: update 20210202 -> 20210722
freetype: update 2.10.4 -> 2.11.0
devtool: print a warning on upgrades if PREFERRED_VERSION is set
rpm: do not RRECOMMEND rpm-build
selftest: add core-image-weston to no-gpl3-no-meta-gpl2 image test
shadow: update 4.8.1 -> 4.9
local.conf.sample: disable prelink
Bernhard Rosenkränzer (1):
gcc: update 11.1 -> 11.2
Bruce Ashfield (6):
linux-yocto/5.10: update to v5.10.53
linux-yocto/5.13: update to v5.13.5
linux-yocto/5.4: update to v5.4.135
linux-yocto-rt/5.10: update to -rt47
linux-yocto/5.13: enable TYPEC_TCPCI in usbc fragment
linux-yocto/5.10: enable TYPEC_TCPCI in usbc fragment
Changqing Li (1):
archiver.bbclass: fix do_ar_configured failure for kernel
Chen Qi (3):
zstd: fix CVE_PRODUCT
insane.bbclass: fix the file-rdeps QA message for the new override syntax
iputils: fix do_configure failure of missing ip command
Damian Wrobel (1):
rootfs: remove ldconfig auxiliary cache where appropriate
Denys Dmytriyenko (4):
meta: convert nested overrides leftovers to new syntax
convert-overrides.py: handle few more cases of overrides
libwpe: remove rpi-specific custom code
poky-tiny: drop uclibc override
Jon Mason (1):
parselogs.py: qemuarm should be qemuarmv5
Joshua Watt (4):
mesa: Fix v3d & vc4 dmabuf import
bitbake: bitbake: asyncrpc: Catch early SIGTERM
libxft: Fix bad PKG value
bitbake: contrib: vim: Update for new override syntax
Kai Kang (2):
u-boot_2021.07: set UBOOT_MACHINE for qemumips and qemumips64
python3-pytest: display correct version info
Kevin Hao (2):
meta-yocto-bsp: Introduce the v5.13 bbappend
meta-yocto-bsp: Bump to the v5.10.55
Khem Raj (10):
binutils: Upgrade to 2.37 branch
texinfo: Update gnulib to fix build with glibc 2.34
systemd: Fix build on musl
stress-ng: Drop defining daddr_t
stress-ng: Detemine minimal stack size via sysconf
mesa: Define a fallback for DRIDRIVERS
libssh2: Fix syntax for using ptest override
toaster-managed-mode.json: Correctly specify term with new override syntax
distrooverrides.bbclass: Correct override syntax
devtool.py: Correct override syntax
Lee Chee Yang (1):
aspell: fix CVE-2019-25051
Marek Vasut (2):
image_types: Restore pre-btrfs-tools 4.14.1 mkfs.btrfs shrink behavior
kernel-uboot: Handle gzip and lzo compression options
Martin Jansa (6):
convert-overrides.py: show processed file and version of this script
convert-overrides.py: remove base_dep_prepend and autotools_dep_prepend exception
convert-overrides.py: 0.9.1 include '(' as delimiter for shortvars
convert-overrides.py: allow specifying multiple target dirs
convert-overrides.py: allow dots before override in vars_re and shortvars_re
systemd-boot: use ld.bfd as efi-ld even when gold or lld is used in ${LD}
Matthias Klein (2):
runqemu: Fix typo in error message
runqemu: decouple bios and kernel options
Matthias Schiffer (3):
initscripts: populate-volatile.sh: do not log to tty0
initscripts: populate-volatile.sh: run create_file synchronously
initscripts: fix creation order for /var/log with VOLATILE_LOG_DIR=true
Michael Halstead (1):
releases: update to include 3.3.1
Michael Opdenacker (18):
oe-setup-builddir: update YP docs and OE URLs
conf-notes.txt: now suggesting to run 'runqemu qemux86-64'
test-manual: document LTO related reproducibility bug
quick start manual: update "source oe-init-build-env" output
dev-manual: fix wrong reference to class
documentation/README: improve BitBake manual referencing guidelines
manuals: simplify references to BitBake manual
manuals: remove explicit BitBake variable references
meta-skeleton: add recipe examples from documentation sources
bitbake: doc: bitbake-user-manual: fix syntax in example and improve description
bitbake: doc: bitbake-user-manual: update bitbake option help
bitbake: doc: bitbake-user-manual: grammar fix for the number of "metadata"
manuals: initial documentation for CVE management
ref-manual: remove example recipe source files
profile-manual: document how to build perf manpages on target
cve-check: fix comments
cve-check: update link to NVD website for CVE details
cve-check: improve comment about CVE patch file names
Mingli Yu (2):
perlcross: not break build if already patched
curl: Upgrade to 7.78.0
Nicolas Dechesne (4):
yocto-check-layer: improve missed dependencies
checklayer: new function get_layer_dependencies()
checklayer: rename _find_layer_depends
yocto-check-layer: ensure that all layer dependencies are tested too
Oleksandr Kravchuk (1):
bitbake.conf: change GNOME_MIRROR to new one
Patrick Williams (1):
pixman: re-disable iwmmxt
Paul Barker (4):
bitbake: asyncrpc: Fix bad message error in client
bitbake: asyncrpc: Set timeout when waiting for reply from server
bitbake: parse/ast: Substitute '~' when naming anonymous functions
kernel-yocto: Simplify no git repo case in do_kernel_checkout
Quentin Schulz (4):
bitbake: doc: Makefile: turn warnings into errors by default
bitbake: doc: bitbake-user-manual: ref-variables: order alphabetically the glossary sources
bitbake: doc: bitbake-user-manual: ref-variables: force glossary output to be alphabetically sorted
bitbake: doc: bitbake-user-manual: replace ``FOO`` by :term:`FOO` where possible
Richard Purdie (49):
Add MAINTAINERS.md file
yocto-check-layer: Remove duplicated code
libubootenv: Drop default-env RRECOMMENDS
bitbake: data_smart: Allow colon in variable expansion regex
meta-poky/meta-yocto-bsp: Convert to new override syntax
layer.conf: Update to honister
autotools/base/icecc: Remove prepend from function names
scripts/contrib: Add override conversion script
systemtap: Fix headers issue with x86 and 5.13 headers
migration-guides: Add start of 3.4 guide with override migration notes
common-tasks: Fix conversion error in npm example
bitbake: bitbake: Switch to using new override syntax
bitbake: doc/lib: Update to use new override syntax containing colons
bitbake: doc/lib: Add fixes for issues missed by the automated conversion
bitbake: bitbake: Update to version 1.51.1
layer.conf: Override changes mean we're only compatible with honister
Convert to new override syntax
meta: Manual override fixes
local.conf.sample: Bump version so users update their config
sanity.conf: Require bitbake 1.51.1
dropbear: Fix incorrect package override for postrm
convert-overrides: Allow script to handle patch/diffs
sdk: Decouple default install path from built in path
sstate: Fix rebuilds when changing layer config
populate_sdk_ext: Fix handling of TOOLCHAIN_HOST_TASK in the eSDK case
local.conf.sample: Bump version so users update their config
poky: Use SDKPATHINSTALL instead of SDKPATH
vim: Clarify where RDEPENDS/RRECOMMENDS apply
bitbake: data_smart: Fix inactive overide accidental variable value corruption
local.conf.sample: Fix missed override conversion
license: Exclude COPYING.MIT from pseudo
meta: Convert IMAGE_TYPEDEP to use override syntax
uboot-extlinux-config: Fix missing override conversion
image/image_types: Convert CONVERSION_CMD/COMPRESS_CMD to new override syntax
image: Drop COMPRESS_CMD
devupstream: Allow support of native class extensions
diffoscope: Upgrade 178 -> 179
strace: Upgrade 5.12 -> 5.13
valgrind: Add patches for glibc 2.34 support
bitbake: runqueue: Improve multiconfig deferred task issues
elfutils: Add patch from upstream for glibc 2.34 ptest fixes
bitbake: doc: Fix append/prepend/remove references
bitbake: fetch/tests/toaster: Override conversion fixups
bitbake: process: Improve traceback error reporting from main loop
bitbake: command: Ensure we catch/handle exceptions
bitbake: ui/taskexp: Improve startup exception handling
bitbake: ui/taskexp: Fix to work with empty build directories
oeqa/runtime/cases/ptest: Increase test timeout from 300s to 450s
packagedata: Fix after override syntax change
Ross Burton (2):
glew: fix Makefile race
libx11: fix xkb compilation with _EVDEVK symbols
Saul Wold (1):
MAINTAINERS: Saul will cover devtool and eSDK
Stefan Wiehler (1):
dev-manual: fix source release example script
Stefano Babic (1):
mtd-utils: upgrade 2.1.2 -> 2.1.3
Tim Orling (2):
python3-hypothesis: upgrade 6.14.3 -> 6.14.5
python3-importlib-metadata: upgrade 4.6.1 -> 4.6.3
Tony Battersby (2):
lto.inc: disable LTO for grub
gcc: Backport patch to make LTO builds more reproducible
Tony Tascioglu (6):
ffmpeg: fix-CVE-2020-20446
ffmpeg: fix CVE-2020-20453
ffmpeg: fix CVE-2020-22015
ffmpeg: fix CVE-2020-22021
ffmpeg: fix CVE-2020-22033 and CVE-2020-22019
ffmpeg: fix CVE-2021-33815
Trevor Woerner (1):
ffmpeg: add libatomic for armv5
Ulrich Ölmann (2):
initramfs-framework: fix whitespace issue
initramfs-framework/setup-live: fix shebang
Vinay Kumar (1):
glibc: Fix CVE-2021-33574
Vivien Didelot (1):
init-manager-systemd: define weak dev manager
Zqiang (1):
python3: use monotonic clock for condvar if possible
hongxu (1):
createrepo-c: fix createrepo-c failed in nativesdk
leimaohui (1):
archiver.bbclass: Fix patch error for recipes that inherit dos2unix.
wangmy (3):
bind: upgrade 9.16.18 -> 9.16.19
i2c-tools: upgrade 4.2 -> 4.3
diffoscope: upgrade 177 -> 178
zangrc (2):
python3-dbus: upgrade 1.2.16 -> 1.2.18
python3-pip: upgrade 21.1.3 -> 21.2.1
meta-openembedded: 8fbcfb9f02..3cf2475ea0:
Anastasios Kavoukis (1):
pm-qa: fix paths for shell scripts
Andreas Müller (3):
mozjs/0001-Port-build-to-python3.patch: Fix typos in description
jack: upgrade 1.19.18 -> 1.19.19
fluidsynth: upgrade 2.2.1 -> 2.2.2
Andrej Valek (1):
thrift: upgrade to 0.14.2
Andrew Jeffery (2):
python3-gmpy: Add native support
python3-ecdsa: Add native support
Armin Kuster (2):
hiawatha: fix url.
wireshark: update to 3.4.7
Ben Brown (1):
android-tools: fix install of adb client when TOOLS is overridden
Changqing Li (1):
apache2: upgrade 2.4.46 -> 2.4.48
Devendra Tewari (1):
Suppress eol in functionfs setup scripts (#147)
Gianfranco (1):
vboxguestdrivers: upgrade 6.1.22 -> 6.1.24
Joe Slater (2):
php: move to version 7.4.21
gtksourceview4: work around dependency deficiency
Johannes Obermüller (1):
evtest: fix timestamps in output
Kai Kang (2):
python3-blivet: 3.1.4 -> 3.4.0
python3-blivetgui: 2.1.10 -> 2.2.1
Khem Raj (23):
netperf: Update to latest
netperf: Add systemd unit file
packagegroup-meta-oe: Add lmdb
packagegroup-meta-oe: Add mbw
addcli: check for ns_get16 and ns_get32
fuse: Define closefrom if not available
autofs: Fix build with glibc 2.34+
ntp: Do not use PTHREAD_STACK_MIN on glibc
ntp: Fix make check
mongodb: Upgrade to 4.4.7
vboxguestdrivers: Remove __divmoddi4 patch
packagegroup-meta-oe: Add jemalloc
apitrace: Exclude from builds with glibc 2.34+
libhugetlbfs: Disable build with glibc 2.34+
fvwm: Package extra files and man pages
luajit: Fix override syntax
lua: Drop uclibc patch
packagegroup-meta-oe: Correct override name and fix syntax
recipes: Fix override syntax
emacs,libgpiod,cockpit: Fix override syntax in using FILES_${PN}
fvwm: Fix build time paths in target perl/python scripts
nis: Drop uclibc check in anon python function
jemalloc: Fix build on musl
Leon Anavi (3):
python3-networkx: Upgrade 2.6.1 -> 2.6.2
python3-pysonos: Upgrade 0.0.53 -> 0.0.54
python3-zeroconf: Upgrade 0.33.1 -> 0.33.2
Li Wang (1):
openlldp: fix segfault
Maksym Sloyko (1):
libusbgx: Configure the Devices Used
Martin Jansa (5):
Convert to new override syntax
layer.conf: Update to honister
mariadb: manually fix the conversion
packagegroup-meta-oe: manually finish override syntax conversion
klibc.bbclass, image_types_sparse.bbclass, packagegroup-meta-oe.bb: update the overrides syntax conversion
Mingli Yu (4):
mariadb: redefine log-error item
jemalloc: add new recipe
hdf5: improve reproducibility
mariadb: Update SRC_URI
Nicolas Dechesne (1):
mbw: add new recipe
Paulo Neves (1):
htop: Add ncurses-terminfo-base to RDEPENDS
Sakib Sajal (1):
lmdb: add recipe
Salman Ahmed (2):
nginx: upgrade 1.18.0 -> 1.20.1
nginx: upgrade 1.19.6 -> 1.21.1
Tony Battersby (1):
net-snmp: fix QA Issue after LDFLAGS change
Yi Zhao (3):
postfix: upgrade 3.6.1 -> 3.6.2
audit: upgrade 3.0.2 -> 3.0.3
audit: fix compile error for 2.8.5
Zang Ruochen (1):
python3-robotframework: upgrade 4.0.3 -> 4.1
wangmy (17):
evince: upgrade 40.2 -> 40.4
gnome-backgrounds: upgrade 3.36.0 -> 3.38.0
gnome-desktop3: upgrade 3.36.6 -> 3.38.8
cmark: upgrade 0.30.0 -> 0.30.1
ctags: upgrade 5.9.20210711.0 -> 5.9.20210718.0
libnet-dns-perl: upgrade 1.31 -> 1.32
libtalloc: upgrade 2.3.2 -> 2.3.3
nghttp2: upgrade 1.43.0 -> 1.44.0
bats: upgrade 1.3.0 -> 1.4.1
networkmanager: upgrade 1.32.2 -> 1.32.4
gensio: upgrade 2.2.7 -> 2.2.8
libmbim: upgrade 1.24.8 -> 1.26.0
fetchmail: upgrade 6.4.19 -> 6.4.20
ctags: upgrade 5.9.20210718.0 -> 5.9.20210801.0
libblockdev: upgrade 2.25 -> 2.26
libqmi: upgrade 1.28.6 -> 1.28.8
monit: upgrade 5.28.0 -> 5.28.1
zangrc (15):
python3-qrcode: upgrade 7.1 -> 7.2
python3-rdflib: upgrade 5.0.0 -> 6.0.0
python3-simplejson: upgrade 3.17.2 -> 3.17.3
python3-bitstring: upgrade 3.1.7 -> 3.1.9
python3-iso8601: upgrade 0.1.14 -> 0.1.16
python3-gmqtt: upgrade 0.6.9 -> 0.6.10
python3-graphviz: upgrade 0.16 -> 0.17
python3-smbus: upgrade 4.2 -> 4.3
python3-pandas: upgrade 1.3.0 -> 1.3.1
python3-progress: upgrade 1.5 -> 1.6
python3-sentry-sdk: upgrade 1.3.0 -> 1.3.1
python3-socketio: upgrade 5.3.0 -> 5.4.0
python3-tqdm: upgrade 4.61.2 -> 4.62.0
python3-twisted: upgrade 21.2.0 -> 21.7.0
python3-xlsxwriter: upgrade 1.4.4 -> 1.4.5
zhengruoqin (15):
live555: upgrade 20210710 -> 20210720
libtest-warnings-perl: upgrade 0.030 -> 0.031
python3-pybind11: upgrade 2.6.2 -> 2.7.0
python3-pymongo: upgrade 3.11.4 -> 3.12.0
python3-sqlalchemy: upgrade 1.4.20 -> 1.4.22
python3-sentry-sdk: upgrade 1.2.0 -> 1.3.0
libcurses-perl: upgrade 1.37 -> 1.38
libdbd-sqlite-perl: upgrade 1.66 -> 1.68
libencode-perl: upgrade 3.10 -> 3.11
python3-bitarray: upgrade 2.2.2 -> 2.2.3
python3-cbor2: upgrade 5.4.0 -> 5.4.1
python3-gast: upgrade 0.5.0 -> 0.5.1
poppler: upgrade 21.07.0 -> 21.08.0
valijson: upgrade 0.4 -> 0.5
xwd: upgrade 1.0.7 -> 1.0.8
meta-security: 152cdb506b..c885d399cd:
Armin Kuster (18):
suricata.inc: exclude ppc in rust version
suricata: Drop 4.1.x its EOL
add meta-rust
crowdsec: add pkg
packagegroup-core-security.bb: fix suricat-ptest inclusion
gitlab-ci.yml: streamline builds matrix
krill: Add new pkg
clamav: fix branch name and update
meta-security: Convert to new override syntax
meta-tpm: Convert to new override syntax
meta-integrity: Convert to new override syntax
meta-hardening: Convert to new override syntax
meta-security-isafw: Convert to new override syntax
meta-parsec: Convert to new override syntax
meta-security-compliance: Convert to new override syntax
dynamix-layers: Convert to new override syntax
kas: Convert to new override syntax
packagegroup-core-security.bb: only include suricat-ptest if rust is included
Martin Jansa (1):
layer.conf: Update to honister
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iec7301cf1c43b7cec462dcf88292a8b1b12a5045
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-security')
10 files changed, 145 insertions, 54 deletions
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch index bb6c61e805..ed1c0e2b57 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch @@ -1,4 +1,4 @@ -From bdcdc3dff4469aac88e718bd15958d5ed4b9392a Mon Sep 17 00:00:00 2001 +From d5a4b800a696b8b8d2c0f0bad098b1a8ff94333f Mon Sep 17 00:00:00 2001 From: Steve Grubb <sgrubb@redhat.com> Date: Tue, 26 Feb 2019 18:33:33 -0500 Subject: [PATCH] Add substitue functions for strndupa & rawmemchr @@ -68,7 +68,7 @@ index 51c4a5e..67b7b77 100644 break; *ptr = ' '; diff --git a/configure.ac b/configure.ac -index 54bdbf1..aef07fb 100644 +index 6e345f1..6f3007e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ @@ -129,5 +129,5 @@ index 5d17a72..758c33e 100644 * This function will look at the line and pick out pieces of it. */ -- -2.7.4 +2.17.1 diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch new file mode 100644 index 0000000000..4a1b979975 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch @@ -0,0 +1,57 @@ +From 3467abce1f3cfc96f9bdace7c09d95218cbcaeb1 Mon Sep 17 00:00:00 2001 +From: Li xin <lixin.fnst@cn.fujitsu.com> +Date: Sun, 19 Jul 2015 02:42:58 +0900 +Subject: [PATCH] audit: Fixed swig host contamination issue + +The audit build uses swig to generate a python wrapper. +Unfortunately, the swig info file references host include +directories. Some of these were previously noticed and +eliminated, but the one fixed here was not. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> +Signed-off-by: Joe Slater <jslater@windriver.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bindings/swig/python3/Makefile.am | 3 ++- + bindings/swig/src/auditswig.i | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am +index 9938418..fa46aac 100644 +--- a/bindings/swig/python3/Makefile.am ++++ b/bindings/swig/python3/Makefile.am +@@ -22,6 +22,7 @@ + CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) + AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) ++STDINC ?= /usr/include + LIBS = $(top_builddir)/lib/libaudit.la + SWIG_FLAGS = -python -py3 -modern + SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi + _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la + nodist__audit_la_SOURCES = audit_wrap.c + audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i +- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i ++ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i + + CLEANFILES = audit.py* audit_wrap.c *~ + +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 7ebb373..424fb68 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -39,7 +39,7 @@ signed + #define __attribute(X) /*nothing*/ + typedef unsigned __u32; + typedef unsigned uid_t; +-%include "/usr/include/linux/audit.h" ++%include "linux/audit.h" + #define __extension__ /*nothing*/ + #include <stdint.h> + %include "../lib/libaudit.h" +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch new file mode 100644 index 0000000000..f209e560bd --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch @@ -0,0 +1,30 @@ +From 2938f46d318df4a09565db837b60bafd0300f858 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Fri, 10 Jan 2020 21:13:50 -0500 +Subject: [PATCH] Header definitions need to be external when building with + -fno-common (which is default in GCC 10) - Tony Jones + +Upstream-Status: Backport +[https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f] + +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + src/ausearch-common.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ausearch-common.h b/src/ausearch-common.h +index 6669203..3040547 100644 +--- a/src/ausearch-common.h ++++ b/src/ausearch-common.h +@@ -50,7 +50,7 @@ extern pid_t event_pid; + extern int event_exact_match; + extern uid_t event_uid, event_euid, event_loginuid; + extern const char *event_tuid, *event_teuid, *event_tauid; +-slist *event_node_list; ++extern slist *event_node_list; + extern const char *event_comm; + extern const char *event_filename; + extern const char *event_hostname; +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb index ee3b3b5e08..10c1afbb8b 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb @@ -8,8 +8,9 @@ LICENSE = "GPLv2+ & LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \ - file://Add-substitue-functions-for-strndupa-rawmemchr.patch \ - file://Fixed-swig-host-contamination-issue.patch \ + file://0001-Add-substitue-functions-for-strndupa-rawmemchr.patch \ + file://0002-Fixed-swig-host-contamination-issue.patch \ + file://0003-Header-definitions-need-to-be-external-when-building.patch \ file://auditd \ file://auditd.service \ file://audit-volatile.conf \ @@ -25,11 +26,11 @@ INITSCRIPT_NAME = "auditd" INITSCRIPT_PARAMS = "defaults" SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE_auditd = "auditd.service" +SYSTEMD_SERVICE:auditd = "auditd.service" -DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" +DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" -EXTRA_OECONF += "--without-prelude \ +EXTRA_OECONF = "--without-prelude \ --with-libwrap \ --enable-gssapi-krb5=no \ --with-libcap-ng=yes \ @@ -39,19 +40,19 @@ EXTRA_OECONF += "--without-prelude \ --without-python \ --without-golang \ --disable-zos-remote \ + --with-arm=yes \ + --with-aarch64=yes \ " -EXTRA_OECONF_append_arm = " --with-arm=yes" -EXTRA_OECONF_append_aarch64 = " --with-aarch64=yes" -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ +EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ STDINC='${STAGING_INCDIR}' \ pkgconfigdir=${libdir}/pkgconfig \ " -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ interface to the audit system, audispd. These plugins can do things \ like relay events to remote machines or analyze events for suspicious \ behavior." @@ -59,19 +60,19 @@ behavior." PACKAGES =+ "audispd-plugins" PACKAGES += "auditd ${PN}-python" -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ +FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" +FILES:audispd-plugins = "${sysconfdir}/audisp/audisp-remote.conf \ ${sysconfdir}/audisp/plugins.d/au-remote.conf \ - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ + ${base_sbindir}/audisp-remote ${localstatedir}/spool/audit \ " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" +FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd += "bash" +CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" +RDEPENDS:auditd = "bash" -do_install_append() { +do_install:append() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la @@ -85,14 +86,14 @@ do_install_append() { rm -rf ${D}/etc/rc.d if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + # install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system + install -d ${D}${sysconfdir}/tmpfiles.d/ install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ fi - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - # audit-2.5 doesn't install any rules by default, so we do that here mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules @@ -102,4 +103,7 @@ do_install_append() { # Based on the audit.spec "Copy default rules into place on new installation" cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules + + # Create /var/spool/audit directory for audisp-remote + install -m 0700 -d ${D}${localstatedir}/spool/audit } diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.2.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb index 7d2cec18ba..c30b971625 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb @@ -15,7 +15,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \ " S = "${WORKDIR}/git" -SRCREV = "40312ddee3035d13e287355544cd7bd7e49b5499" +SRCREV = "17c100abcfef4cbd94a0a5be9b830c8386c3add6" inherit autotools python3native update-rc.d systemd @@ -24,7 +24,7 @@ INITSCRIPT_NAME = "auditd" INITSCRIPT_PARAMS = "defaults" SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE_auditd = "auditd.service" +SYSTEMD_SERVICE:auditd = "auditd.service" DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" @@ -48,8 +48,8 @@ EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ pkgconfigdir=${libdir}/pkgconfig \ " -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ interface to the audit system, audispd. These plugins can do things \ like relay events to remote machines or analyze events for suspicious \ behavior." @@ -57,22 +57,22 @@ behavior." PACKAGES =+ "audispd-plugins" PACKAGES += "auditd ${PN}-python" -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*" -FILES_audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ +FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*" +FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ ${sysconfdir}/audit/plugins.d/au-remote.conf \ ${sysconfdir}/audit/plugins.d/syslog.conf \ ${base_sbindir}/audisp-remote \ ${base_sbindir}/audisp-syslog \ ${localstatedir}/spool/audit \ " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" +FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" -CONFFILES_auditd = "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd = "bash" +CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" +RDEPENDS:auditd = "bash" -do_install_append() { +do_install:append() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb b/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb index 0a8c2e4834..00cca53b5a 100644 --- a/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb @@ -40,7 +40,7 @@ do_install () { oe_runmake DESTDIR=${D} install } -do_install_append_class-nativesdk() { +do_install:append:class-nativesdk() { install -d ${D}${datadir} src_dir="${D}${target_datadir}" mv $src_dir/* ${D}${datadir} @@ -58,8 +58,8 @@ do_install_ptest () { } -RDEPENDS_${PN}-ptest += "lsb-release" -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils" -RDEPENDS_${PN}-ptest_append_libc-musl = " musl-utils" +RDEPENDS:${PN}-ptest += "lsb-release" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils" +RDEPENDS:${PN}-ptest:append:libc-musl = " musl-utils" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb b/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb index 17bc40911d..c2e3585f9d 100644 --- a/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb +++ b/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb @@ -49,7 +49,7 @@ do_configure() { oe_runconf } -do_install_append() { +do_install:append() { for f in ndiff uninstall_ndiff; do if [ -f ${D}${bindir}/$f ]; then sed -i 's@^#!.*$@#!/usr/bin/env python3@g' ${D}${bindir}/$f @@ -57,6 +57,6 @@ do_install_append() { done } -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" -RDEPENDS_${PN} += "python3-core" +RDEPENDS:${PN} += "python3-core" diff --git a/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb b/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb index dd302506d7..b148fdcb59 100644 --- a/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb @@ -35,7 +35,7 @@ SRC_URI[sha256sum] = "d1fedeaf759e8a0f32d28b5811ef11b5a5365154849190f4b7fab670a7 # explicitly define LINUX_PAM in case DISTRO_FEATURES no pam # this package's pam_passwdqc.so needs pam -CFLAGS_append = " -Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM" +CFLAGS:append = " -Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM" # -e is no longer default setting in bitbake.conf EXTRA_OEMAKE = "-e" @@ -58,9 +58,9 @@ do_install() { PROVIDES += "pam-${BPN}" PACKAGES =+ "lib${BPN} pam-${BPN}" -FILES_lib${BPN} = "${base_libdir}/libpasswdqc.so.0" -FILES_pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so" -FILES_${PN}-dbg += "${base_libdir}/security/.debug" +FILES:lib${BPN} = "${base_libdir}/libpasswdqc.so.0" +FILES:pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so" +FILES:${PN}-dbg += "${base_libdir}/security/.debug" -RDEPENDS_${PN} = "lib${BPN} pam-${BPN}" -RDEPENDS_pam-${BPN} = "lib${BPN}" +RDEPENDS:${PN} = "lib${BPN} pam-${BPN}" +RDEPENDS:pam-${BPN} = "lib${BPN}" diff --git a/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb b/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb index aa91ab37f2..d7bcd4f03b 100644 --- a/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb @@ -26,5 +26,5 @@ PACKAGECONFIG[botan] = "--with-botan=${STAGING_DIR_HOST}/usr --with-crypto-backe PACKAGECONFIG[migrate] = "--with-migrate" PACKAGECONFIG[pk11] = "--enable-p11-kit --with-p11-kit==${STAGING_DIR_HOST}/usr, --without-p11-kit, p11-kit, p11-kit" -RDEPENDS_${PN} = "sqlite3" +RDEPENDS:${PN} = "sqlite3" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb b/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb index f362775999..4b36dd63ea 100644 --- a/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb +++ b/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb @@ -14,8 +14,8 @@ S = "${WORKDIR}/${BPN}" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING.tomoyo;md5=751419260aa954499f7abaabaa882bbe" -FILES_${PN} += "${libdir}/tomoyo" -FILES_${PN}-dbg += "${libdir}/tomoyo/.debug" +FILES:${PN} += "${libdir}/tomoyo" +FILES:${PN}-dbg += "${libdir}/tomoyo/.debug" DEPENDS = "linux-libc-headers ncurses" |