diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2021-12-14 02:05:19 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2021-12-14 02:54:57 +0300 |
commit | 89e2f5ce97de5668f541afea23027dc76b3157ac (patch) | |
tree | 69f87e2f5e4d4daad86748d968032e0a4618806d /meta-security | |
parent | 5422fe603bd670fc3a94c03f9f119d5aaeca13c3 (diff) | |
download | openbmc-89e2f5ce97de5668f541afea23027dc76b3157ac.tar.xz |
subtree updates
meta-raspberrypi: 9eb4879cf4..1584bddcf3:
Alexandru Costache (3):
conf/machine: Add Pi Zero 2 Wifi 64bit yocto machine
linux-firmware-rpidistro: Package bcm43436 and bcm43436s firmware
linux-raspberrypi: Bump to 5.10.78
Andrei Gherzan (11):
raspberrypi-firmware: Bump to 20211007
linux-raspberrypi: Bump 5.10 to 5.10.76
linux-raspberrypi: Drop 5.4
README.md: Fix docs and minor tweaks
docs: Bump copyright year
README.md: Fix sponsor table
README.md: Fix sponsor table take two
docs: Fix RtD build
docs: Add module dependency/requirement for RtD
docs: Advertise raspberrypi0-2w-64 supported machine
Update references to Yocto mailing list
Khem Raj (1):
linux-firmware-rpidistro: Use bullseye branch
Marcel Hamer (1):
recipes: Update SRC_URI protocols for github
Zygmunt Krynicki (1):
rpi-config: warn on config.txt lines exceeding 80 bytes
poky: 80f2b56ad8..f286eefb27:
Ahmed Hossam (1):
go.bbclass: Allow adding parameters to go ldflags
Alejandro Hernandez Samaniego (1):
baremetal-image: Fix do_image dependencies
Alexander Kanavin (11):
lttng-tools: replace ad hoc ptest fixup with upstream fixes
ca-certificates: update 20210119 -> 20211016
ovmf: update 202105 -> 202108
linux-firmware: upgrade 20210818 -> 20210919
wireless-regdb: upgrade 2021.07.14 -> 2021.08.28
waffle: convert to git, website is down
stress-ng: convert to git, website is down
tzdata: upgrade 2021a -> 2021d
tzdata: update 2021d -> 2021e
linux-firmware: upgrade 20210919 -> 20211027
libpcre/libpcre2: correct SRC_URI
Alexandre Belloni (1):
oeqa/selftest/sstatetests: fix typo ware -> were
Andrei Gherzan (1):
qemu: Define libnfs PACKAGECONFIG
Andrej Valek (1):
busybox: 1.34.0 -> 1.34.1
Andres Beltran (3):
buildhistory: Fix package output files for SDKs
create-spdx: Set the Organization field via a variable
create-spdx: Fix key errors in do_create_runtime_spdx
Anuj Mittal (2):
glibc-version.inc: remove branch= from GLIBC_GIT_URI
poky.conf: bump version for 3.4.1 honister release
Bruce Ashfield (23):
linux-yocto/5.14: scripts/gcc-plugins: consistently use HOSTCC
linux-yocto/5.14: update to v5.14.8
linux-yocto/5.14: bsp/qemuarm*-gfx: use virtio graphics
linux-yocto/5.10: update to v5.10.69
linux-yocto/5.10: update to v5.10.70
linux-yocto/5.14: update to v5.14.9
kernel-yocto: don't apply config metadata patches twice
linux-yocto/5.14: revert: scripts/gcc-plugins: consistently use HOSTCC
linux-yocto/5.10: update to v5.10.73
linux-yocto/5.14: update to v5.14.12
linux-yocto/5.14: update to v5.14.13
linux-yocto/5.10: update to v5.10.74
linux-yocto/5.14: common-pc: enable CONFIG_ATA_PIIX as built-in
linux-yocto/5.14: update to v5.14.14
linux-yocto/5.10: update to v5.10.75
linux-yocto/5.14: update to v5.14.15
linux-yocto/5.10: update to v5.10.76
linux-yocto-rt/5.10: update to -rt54
strace: fix build against 5.15 kernel/kernel-headers
linux-yocto/5.14: update to v5.14.16
linux-yocto/5.10: update to v5.10.77
linux-yocto/5.14: update to v5.14.17
linux-yocto/5.10: update to v5.10.78
Changqing Li (1):
lttng-ust: fix do_compile failure for arm32 with DEBUG_BUILD enabled
Chen Qi (4):
bitbake: tests/fetch.py: fix premirror test cases
bitbake: tests/fetch.py: add test case to ensure downloadfilename is used for premirror
bitbake: fetch2: fix downloadfilename issue with premirror
avahi: update CVE id fixed by local-ping.patch
Claus Stovgaard (1):
cups: Fix missing installation of cups sysv init scripts
Daiane Angolini (2):
machine/qemuarm*: Fix UBOOT_MACHINE value
ref-manual: Update how to set a useradd password
Fred Liu (1):
glibc: Drop libcidn package
Hsia-Jun(Randy) Li (1):
meson: install native file in sdk
Jon Mason (9):
oeqa/manual: Fix no longer valid URLs
bitbake: bitbake:toaster:test: Update SSTATE URL
yocto-bsp/poky: replace http with https for URLs
bitbake: bitbake: replace http with https for URLs
documentation: update sources mirror URL
documentation: replace http with https for URLs
documentation: use YOCTO_DL_URL
dev-manual: remove errant /
scripts/lib/wic/help.py: Update Fedora Kickstart URLs
Jose Quaresma (16):
gstreamer1.0-plugins-base: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-good: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-bad: 1.18.4 -> 1.18.5
gstreamer1.0-plugins-ugly: 1.18.4 -> 1.18.5
gstreamer1.0-rtsp-server: 1.18.4 -> 1.18.5
gstreamer1.0-libav: 1.18.4 -> 1.18.5
gstreamer1.0-vaapi: 1.18.4 -> 1.18.5
gstreamer1.0-omx: 1.18.4 -> 1.18.5
gstreamer1.0-python: 1.18.4 -> 1.18.5
gst-devtools: 1.18.4 -> 1.18.5
gst-examples: 1.18.4 -> 1.18.5
gstreamer1.0: 1.18.4 -> 1.18.5
patch.bbclass: when the patch fails show more info on the fatal error
sstate: fix touching files inside pseudo
bitbake: cooker: check if upstream hash equivalence server is available
sstate: another fix for touching files inside pseudo
Joshua Watt (4):
bitbake: async: Close sync client event loop
bitbake: hashserv: Add tests for diverging reports
bitbake: hashserv: Fix diverging report race condition
classes/populate_sdk_base: Add setscene tasks
Kai Kang (3):
squashfs-tools: fix CVE-2021-41072
squashfs-tools: follow-up fix for CVE-2021-41072
convert-srcuri.py: use regex to check space in SRC_URI
Khem Raj (2):
mesa: Enable svga for x86 only
kernel-devsrc: Add vdso.lds and other build files for riscv64 as well
Kiran Surendran (1):
ffmpeg: fix CVE-2021-38114
Konrad Weihmann (1):
libical: fix append in DEPENDS
Manuel Leonhardt (2):
sstate: Account for reserved characters when shortening sstate filenames
dpkg: Install dkpg-perl scripts to versioned perl directory
Michael Opdenacker (21):
manuals: font fixes
ref-manual: document DEBUG_PREFIX_MAP
manuals: replace "apt-get" by "apt"
Makefile: allow epub and latexpdf outputs to use diagrams from SVG sources
conf.py: use PNG first in EPUB output
overview-manual: SVG diagram for the git workflow
docs: add "make all" to build old types of docs (html, epub, pdf) at once
manuals: introduce 'yocto_sstate' extlink
overview-manual: simplify expression
dev-manual: correct NO_GENERIC_LICENSE section title
dev-manual: warn about license compliance issues when static libraries are used
ref-manual: document BUILD_REPRODUCIBLE_BINARIES
ref-manual: document "reproducible_build" class and SOURCE_DATE_EPOCH
test-manual: how to enable reproducible builds
ref-manual: document TOOLCHAIN_HOST_TASK_ESDK
releases.rst: fix release number for 3.3.3
docs: poky.yaml: updates for 3.4
ref-manual: update system requirements
manuals: releases.rst: move gatesgarth to outdated releases section
updates for release 3.3.4
documentation: conf.py: fix version of bitbake objects.inv
Oleksandr Kravchuk (1):
python3: update to 3.9.7
Pablo Saavedra Rodi?o (1):
mesa: upgrade 21.2.1 -> 21.2.4
Paul Eggleton (7):
migration-3.4: tweak overrides change section
ref-manual: remove meta class
poky.yaml: add lz4 and zstd to essential host packages
migration-3.4: add additional migration info
migration: tweak introduction section
poky.yaml: fix lz4 package name for older Ubuntu versions
migration-3.4: add some extra packaging notes
Peter Kjellerstedt (5):
meson.bblcass: Remove empty egg-info directories before running meson
qemu.inc: Remove empty egg-info directories before running meson
libx11: Update LICENSE to better reflect reality
libx11-compose-data: Update LICENSE to better reflect reality
insane.bbclass: Add a check for directories that are expected to be empty
Quentin Schulz (1):
conf: update for release 3.4
Ralph Siemsen (1):
tar: filter CVEs using vendor name
Randy Li (1):
meson: move lang args to the right section
Richard Purdie (54):
sstatesig: Only apply group/other permissions to pseudo files
rpm: Deterministically set vendor macro entry
abi_version/sstate: Bump to fix rpm corruption issues
multilib: Avoid sysroot race issues when multilib enabled
bitbake: knotty/uihelper: Show setscene task progress in summary output
bitbake: bitbake-worker: Handle pseudo shutdown in Ctrl+C case
poky.conf: Update tested distros list with recent changes
bitbake: hashserv: Improve behaviour for better determinism/sstate reuse
poky.conf: Bump version for 3.4 honister release
build-appliance-image: Update to honister head revision
bitbake: bitbake: Bump to version 1.52.0
build-appliance-image: Update to honister head revision
bitbake: test/fetch: Update urls to match upstream branch name changes
bitbake: fetch2/perforce: Fix typo
bitbake: tests/runqueue: Ensure hashserv exits before deleting files
bitbake: bitbake-worker: Add debug when unpickle fails
libxml2: Use python3targetconfig to fix reproducibility issue
libnewt: Use python3targetconfig to fix reproducibility issue
linux-yocto-dev: Ensure DEPENDS matches recent 5.14 kernel changes
oeqa: Update cleanup code to wait for hashserv exit
bootchart2: Don't compile python modules
bitbake: fetch/git: Handle github dropping git:// support
bitbake: parse/ast: Show errors for append/prepend/remove operators combined with +=/.=
bitbake: Revert "parse/ast: Show errors for append/prepend/remove operators combined with +=/.="
staging: Fix autoconf-native rebuild failure
bitbake: fetch/wget: Add timeout for checkstatus calls (30s)
bitbake: tests/fetch: Update github urls
bitbake: fetch: Handle mirror user/password replacements correctly
bitbake: tests/fetch: Update pcre.org address after github changes
bitbake: runqueue: Fix runall option task deletion ordering issue
bitbake: runqueue: Fix runall option handling
opkg: Fix poor operator combination choice
linunistring: Add missing gperf-native dependency
pseudo: Add fcntl64 wrapper
meta: Add explict branch to git SRC_URIs
meta/scripts: Manual git url branch additions
scripts/convert-srcuri: Update SRC_URI conversion script to handle github url changes
recipes: Update github.com urls to use https
go-helloworld/glide: Fix urls
bitbake.conf: Fix corruption of GNOME mirror url
bitbake: cooker: Handle parse threads disappearing to avoid hangs
bitbake: cooker: Remove debug code, oops :(
bitbake: cooker: Handle parsing results queue race
bitbake: cooker: Fix task-depends.dot for multiconfig targets
mirrors: Add uninative mirror on kernel.org
scripts/oe-package-browser: Fix after overrides change
scripts/oe-package-browser: Handle no packages being built
wpa-supplicant: Match package override to PACKAGES for pkg_postinst
uninative: Add version to uninative tarball name
mirrors: Add kernel.org sources mirror for downloads.yoctoproject.org
bitbake: utils: Handle lockfile filenames that are too long for filesystems
bitbake: fetch2: Fix url remap issue and add testcase
glibc: Backport fix for CVE-2021-43396
build-appliance-image: Update to honister head revision
Robert Yang (1):
bitbake: data_smart.py: Skip old override syntax checking for anonymous functions
Ross Burton (11):
bitbake: tests/utils: mark a regex as a raw string
bitbake: tests/fetch: prefix the FetcherTest temporary directory
bitbake: fetch2: clarify the command-no-found error message
bitbake: fetch2/gitsm: remove the 'nugget' SRCREV caching
linux-yocto: add libmpc-native to DEPENDS
curl: fix CVE-2021-22945 through -22947
testimage: fix unclosed testdata file
strace: show test suite log on failure
meson: set objcopy in the cross and native toolchain files
vim: fix CVE-2021-3796, CVE-2021-3872, and CVE-2021-3875
vim: add patch number to CVE-2021-3778 patch
Sakib Sajal (1):
go: upgrade 1.16.7 -> 1.16.8
Saul Wold (5):
spdx.py: Add annotation to relationship
create-spdx: add create_annotation function
create-spdx: cross recipes are native also
create_spdx: ensure is_work_shared() is unique
create-spdx: Protect against None from LICENSE_PATH
Stefan Herbrechtsmeier (3):
bitbake: fetch2: npm: Support npm archives with missing search directory mode
bitbake: fetch2: npm: Create config npmrc in environment instantiation
bitbake: fetch2: npmsw: Add support for local tarball and link sources
Teoh Jay Shen (1):
oeqa/runtime/parselogs: modified drm error in common errors list
Tim Orling (2):
ptest-runner: install -collect-system-data script
python3-setuptools: _distutils/sysconfig fix
Tom Hochstein (3):
wayland: Fix wayland-tools packaging
nativesdk-packagegroup-sdk-host.bb: Update host tools for wayland
bitbake.conf: Use wayland distro feature for native builds
Yureka (1):
systemd: add missing include for musl
meta-openembedded: 23dc4f060f..f632403d18:
Alexander Thoma (1):
keyutils: fix install path
Armin Kuster (4):
README: updated Maintainers list for Honister
Apache: Several CVE fixes
recipes: Update SRC_URI branch and protocols
recipes: remove tabs and spaces in SRC_URI
Ivan Maidanski (1):
bdwgc: upgrade 8.0.4 -> 8.0.6
Jeremy Puhlman (1):
ifenslave: switch from master to main
Khem Raj (5):
gattlib: Upgrade to latest
packagegroup-meta-oe: Add lv-drivers and lvgl
python3-behave: Switch to using github src_uri
mtr: Explicitly use branch= in SRC_URI
python3-kivy: Use branch parameter in SRC_URI
LiweiSong (1):
Revert "chipsec: platform security assessment framework"
Martin Jansa (2):
pahole: use MACHINE_ARCH
sdbus-c++: don't fetch googletest during do_configure
Matthias Schiffer (1):
byacc: switch to official HTTPS mirror
Nandor Han (1):
libiio: depend on avahi only when network backed is used
Peter Bergin (3):
pipewire: remove manpages class
pipewire: also handle pipewire-media-session in systemd class
pipewire: rework PACKAGECONFIG for systemd service files
Philippe Coval (2):
lvgl: Add recipe for Lightweight Graphics Library
lv-drivers: Add recipe for lvgl lib
Richard Purdie (1):
gattlib: Place pkgconfig file in correct package
Roland Hieber (1):
rapidjson: override hard-coded lib install dir
Trevor Gamblin (1):
python3-posix-ipc: Add recipe for version 1.0.5
Vyacheslav Yurkov (2):
grpc: fix cross-compilation of grpc applications
grpc: fix cross-compilation of grpc applications
Yi Zhao (3):
samba: upgrade 4.14.7 -> 4.14.8
strongswan: upgrade 5.9.3 -> 5.9.4
libssh: use https instead of git in SRC_URI
wangmy (3):
openvpn: upgrade 2.5.3 -> 2.5.4
redis: upgrade 6.2.5 -> 6.2.6
span-lite: upgrade 0.10.1 -> 0.10.3
zangrc (6):
python3-ipython: upgrade 7.27.0 -> 7.28.0
python3-jdatetime: upgrade 3.6.2 -> 3.6.4
python3-openpyxl: upgrade 3.0.8 -> 3.0.9
python3-transitions: upgrade 0.8.9 -> 0.8.10
networkmanager-openvpn: upgrade 1.8.14 -> 1.8.16
ser2net: upgrade 4.3.3 -> 4.3.4
meta-security: a85fbe980e..fb77606aef:
Armin Kuster (3):
python3-fail2ban: fix build failure and cleanup
recipes: Update SRC_URI branch and protocols
kas/kas-security-base.yml: update to honister
Kai Kang (1):
sssd: re-package to fix QA issues
Kristian Klausen (1):
swtpm: update to 0.6.1
Liwei Song (1):
recipes-security/chipsec: platform security assessment framework
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I1a7b65bb81dfafe55aac661a8d7006acafba8e98
Diffstat (limited to 'meta-security')
37 files changed, 95 insertions, 237 deletions
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml index 3bf46dbf01..30448ad9f4 100644 --- a/meta-security/kas/kas-security-base.yml +++ b/meta-security/kas/kas-security-base.yml @@ -14,7 +14,7 @@ repos: poky: url: https://git.yoctoproject.org/git/poky - refspec: master + refspec: honister layers: meta: meta-poky: @@ -22,7 +22,7 @@ repos: meta-openembedded: url: http://git.openembedded.org/meta-openembedded - refspec: master + refspec: honister layers: meta-oe: meta-perl: diff --git a/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb b/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb index 0fef23397a..7e9f214126 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/oe-scap/oe-scap_1.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://README.md;md5=46dec9f167b6e05986cb4023df6d92f4" LICENSE = "MIT" SRCREV = "7147871d7f37d408c0dd7720ef0fd3ec1b54ad98" -SRC_URI = "git://github.com/akuster/oe-scap.git" +SRC_URI = "git://github.com/akuster/oe-scap.git;branch=master;protocol=https" SRC_URI += " \ file://run_cve.sh \ file://run_test.sh \ diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb index f109566212..549a8889a1 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb @@ -9,7 +9,7 @@ LICENSE = "LGPL-2.1" DEPENDS = "python3-dbus" SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76" -SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git \ +SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol=https \ file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ " diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb index 51fa9ee2ac..192b00860f 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb @@ -3,7 +3,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit" require openscap.inc SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732" -SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \ +SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3;protocol=https \ " DEFAULT_PREFERENCE = "-1" diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb index 73a4729bfe..a18cbd1f6e 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb @@ -6,7 +6,7 @@ SUMARRY = "NIST Certified SCAP 1.2 toolkit with OE changes" include openscap.inc SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625" -SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \ +SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3;protocol=https \ " PV = "1.3.3+git${SRCPV}" diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb index d80ecd7edb..ecf136d1ba 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_0.1.44.bb @@ -1,7 +1,7 @@ SUMARRY = "SCAP content for various platforms, upstream version" SRCREV = "8cb2d0f351faff5440742258782281164953b0a6" -SRC_URI = "git://github.com/ComplianceAsCode/content.git" +SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=master;protocol=https" DEFAULT_PREFERENCE = "-1" diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb index 0617c56e72..ddde5ccee3 100644 --- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb +++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb @@ -1,7 +1,7 @@ SUMARRY = "SCAP content for various platforms, OE changes" SRCREV = "5fdfdcb2e95afbd86ace555beca5d20cbf1043ed" -SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44; \ +SRC_URI = "git://github.com/akuster/scap-security-guide.git;branch=oe-0.1.44;;protocol=https \ file://0001-Fix-XML-parsing-of-the-remediation-functions-file.patch \ file://0002-Fixed-the-broken-fix-when-greedy-regex-ate-the-whole.patch \ file://0001-fix-deprecated-instance-of-element.getchildren.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb index 95ba5c59cd..8fe62cf25d 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.7.bb @@ -3,7 +3,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" SRCREV = "f6dd8f55eab4910131ec6a6a570dcd7951bd10e4" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8;protocol=https" PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 9ad8967f58..687ddac559 100644 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52" DEPENDS += "openssl trousers" SRC_URI = "\ - git://github.com/mgerstner/openssl_tpm_engine.git \ + git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \ file://0001-create-tpm-key-support-well-known-key-option.patch \ file://0002-libtpm-support-env-TPM_SRK_PW.patch \ file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb index f8347b7f15..77f65aefd6 100644 --- a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb @@ -9,7 +9,7 @@ DEPENDS = "libtspi" PV = "0.1+git${SRCPV}" SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316" -SRC_URI = "git://github.com/flihp/pcr-extend.git \ +SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \ file://fix_openssl11_build.patch " inherit autotools diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb index 644f3ac136..bb93374fa2 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb @@ -1,6 +1,6 @@ SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" LICENSE = "MIT" -DEPENDS = "swtpm-native tpm-tools-native net-tools-native" +DEPENDS = "swtpm-native" inherit native @@ -14,23 +14,19 @@ do_create_wrapper () { for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do exe=`basename $i` case $exe in - swtpm_setup.sh) + swtpm_setup) cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF #! /bin/sh # -# Wrapper around swtpm_setup.sh which adds parameters required to +# Wrapper around swtpm_setup which adds parameters required to # run the setup as non-root directly from the native sysroot. PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" export PATH -# tcsd only allows to be run as root or tss. Pretend to be root... -exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" +exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" EOF ;; - swtpm_setup) - true - ;; *) cat >${WORKDIR}/${exe}_oe.sh <<EOF #! /bin/sh diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb index 912e939a16..63734b9b36 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.6.1.bb @@ -3,14 +3,11 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" SECTION = "apps" -DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native" +# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests +DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" -# configure checks for the tools already during compilation and -# then swtpm_setup needs them at runtime -DEPENDS:append = " tpm-tools-native expect-native socat-native python3-pip-native python3-cryptography-native" - -SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \ +SRCREV = "98187d24fe14851653a7c46eb16e9c5f0b9beaa1" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.6;protocol=https \ file://ioctl_h.patch \ file://oe_configure.patch \ " @@ -19,7 +16,7 @@ PE = "1" S = "${WORKDIR}/git" PARALLEL_MAKE = "" -inherit autotools pkgconfig python3native +inherit autotools pkgconfig perlnative TSS_USER="tss" TSS_GROUP="tss" @@ -28,7 +25,10 @@ PACKAGECONFIG ?= "openssl" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" +# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is +# used by swtpm-create-tpmca (the last two is provided by gnutls) +# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls, gnutls, expect bash tpm2-pkcs11-tools" PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" @@ -41,14 +41,11 @@ USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir \ --no-create-home --shell /bin/false ${BPN}" -PACKAGES =+ "${PN}-python" -FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR}" - PACKAGE_BEFORE_PN = "${PN}-cuse" FILES:${PN}-cuse = "${bindir}/swtpm_cuse" INSANE_SKIP:${PN} += "dev-so" -RDEPENDS:${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted" +RDEPENDS:${PN} = "libtpm" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb index 53cf8ff116..4672bba518 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb +++ b/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb @@ -15,7 +15,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f" DEPENDS = "libtspi tpm-tools" -SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools" +SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master" SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295" S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb index dbe1647d25..3b3da4fa03 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb @@ -14,7 +14,7 @@ DEPENDS:class-native = "trousers-native" SRCREV = "bf43837575c5f7d31865562dce7778eae970052e" SRC_URI = " \ - git://git.code.sf.net/p/trousers/tpm-tools \ + git://git.code.sf.net/p/trousers/tpm-tools;branch=master \ file://tpm-tools-extendpcr.patch \ file://04-fix-FTBFS-clang.patch \ file://openssl1.1_fix.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb index 5e03b710e9..192c66c9f4 100644 --- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb @@ -10,7 +10,7 @@ SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9" PV = "0.3.15+git${SRCPV}" SRC_URI = " \ - git://git.code.sf.net/p/trousers/trousers \ + git://git.code.sf.net/p/trousers/trousers;branch=master \ file://trousers.init.sh \ file://trousers-udev.rules \ file://tcsd.service \ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb index b80ef79732..18181712cd 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb @@ -13,7 +13,7 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" SRC_URI = "\ - git://github.com/tpm2-software/tpm2-abrmd.git \ + git://github.com/tpm2-software/tpm2-abrmd.git;branch=master;protocol=https \ file://tpm2-abrmd-init.sh \ file://tpm2-abrmd.default \ " diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb index fdeda269e1..ef0c642f9d 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.6.0.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native" -SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master \ +SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=master;protocol=https \ file://bootstrap_fixup.patch \ file://0001-remove-local-binary-checkes.patch \ file://677.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 47113d25aa..2bf1eed0c9 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -4,7 +4,7 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native" -SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \ +SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \ file://configure_oe_fixup.patch \ file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \ file://fix_header_file.patch \ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb index dfebc072d3..d324e33805 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb @@ -10,7 +10,7 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode" PE = "1" SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b" -SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git" +SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https" inherit autotools-brokensep pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb index 3069b1f19a..4d1f425d8e 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb @@ -9,7 +9,7 @@ SECTION = "security/tpm" DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4" -SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x" +SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x;protocol=https" inherit autotools-brokensep pkgconfig systemd diff --git a/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb b/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb index 887c75df87..81f2b8fe84 100644 --- a/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb +++ b/meta-security/recipes-ids/crowdsec/crowdsec_1.1.1.bb @@ -3,7 +3,7 @@ SUMMARY = "CrowdSec is a free, modern & collaborative behavior detection engine, LICENSE = "MIT" LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=105e75b680b2ab82fa5718661b41f3bf" -SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master" +SRC_URI = "git://github.com/crowdsecurity/crowdsec.git;branch=master;protocol=https" SRCREV = "73e0bbaf93070f4a640eb5a22212b5dcf26699de" DEPENDS = "jq-native" diff --git a/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb b/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb index 309ca52340..853facf38e 100644 --- a/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb +++ b/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9" DEPENDS = "openssl libpcre2 zlib libevent" -SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \ +SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \ file://0001-Makefile-drop-running-scrips-install.patch \ file://0002-Makefile-don-t-set-uid-gid.patch \ " diff --git a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb index 3a9bc1de27..93cb4431b2 100644 --- a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb +++ b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1c069be8dbbe48e89b580ab4ed86c127" SRCREV = "6e64a9e5b70a909ec439bc5a099e3fcf38c614b0" SRC_URI = "\ - git://github.com/Tripwire/tripwire-open-source.git \ + git://github.com/Tripwire/tripwire-open-source.git;branch=master;protocol=https \ file://tripwire.cron \ file://tripwire.sh \ file://tripwire.txt \ diff --git a/meta-security/recipes-mac/smack/smack_1.3.1.bb b/meta-security/recipes-mac/smack/smack_1.3.1.bb index 6c2f041084..79a8f5a0cd 100644 --- a/meta-security/recipes-mac/smack/smack_1.3.1.bb +++ b/meta-security/recipes-mac/smack/smack_1.3.1.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" SRCREV = "4a102c7584b39ce693995ffb65e0918a9df98dd8" SRC_URI = " \ - git://github.com/smack-team/smack.git \ + git://github.com/smack-team/smack.git;branch=master;protocol=https \ file://smack_generator_make_fixup.patch \ file://run-ptest" diff --git a/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb index 12c9bce307..9a6e44a27c 100644 --- a/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb +++ b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb @@ -7,7 +7,7 @@ HOMEPAGE="https://github.com/slimm609/checksec.sh" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8" SRCREV = "c3754e45e04f9104db93b2048afd094427102d48" -SRC_URI = "git://github.com/slimm609/checksec.sh" +SRC_URI = "git://github.com/slimm609/checksec.sh;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb index 25123dce03..e59f5fff9b 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb @@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b2 # July 27th SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356" -SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104 \ +SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \ file://clamd.conf \ file://freshclam.conf \ file://volatiles.03_clamav \ diff --git a/meta-security/recipes-security/chipsec/chipsec_git.bb b/meta-security/recipes-security/chipsec/chipsec_git.bb new file mode 100644 index 0000000000..e265a082ed --- /dev/null +++ b/meta-security/recipes-security/chipsec/chipsec_git.bb @@ -0,0 +1,35 @@ +SUMMARY = "CHIPSEC: Platform Security Assessment Framework" + +DESCRIPTION = "CHIPSEC is a framework for analyzing the security \ + of PC platforms including hardware, system firmware \ + (BIOS/UEFI), and platform components." + +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d" + +SRC_URI = "git://github.com/chipsec/chipsec.git;branch=master;protocol=https \ + " + +SRCREV = "b2a61684826dc8b9f622a844a40efea579cd7e7d" + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" + +S = "${WORKDIR}/git" +EXTRA_OEMAKE = "CC='${CC}' LDFLAGS='${LDFLAGS}' CFLAGS='${CFLAGS}'" + +DEPENDS = "virtual/kernel nasm-native python3-setuptools-native" +RDEPENDS:${PN} += "python3 python3-modules" + +inherit module distutils3 + +do_compile:append() { + cd ${S}/drivers/linux + oe_runmake KSRC=${STAGING_KERNEL_BUILDDIR} +} + +do_install:append() { + install -m 0644 ${S}/drivers/linux/chipsec.ko ${D}${PYTHON_SITEPACKAGES_DIR}/chipsec/helper/linux +} + +FILES:${PN} += "${exec_prefix} \ +" diff --git a/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py b/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py deleted file mode 100755 index e23194986f..0000000000 --- a/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py +++ /dev/null @@ -1,174 +0,0 @@ -# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- -# vi: set ft=python sts=4 ts=4 sw=4 noet : - -# This file is part of Fail2Ban. -# -# Fail2Ban is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Fail2Ban is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Fail2Ban; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko" -__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors" -__license__ = "GPL" - -import platform - -try: - import setuptools - from setuptools import setup - from setuptools.command.install import install - from setuptools.command.install_scripts import install_scripts -except ImportError: - setuptools = None - from distutils.core import setup - -# all versions -from distutils.command.build_py import build_py -from distutils.command.build_scripts import build_scripts -if setuptools is None: - from distutils.command.install import install - from distutils.command.install_scripts import install_scripts -try: - # python 3.x - from distutils.command.build_py import build_py_2to3 - from distutils.command.build_scripts import build_scripts_2to3 - _2to3 = True -except ImportError: - # python 2.x - _2to3 = False - -import os -from os.path import isfile, join, isdir, realpath -import sys -import warnings -from glob import glob - -from fail2ban.setup import updatePyExec - -if setuptools and "test" in sys.argv: - import logging - logSys = logging.getLogger("fail2ban") - hdlr = logging.StreamHandler(sys.stdout) - fmt = logging.Formatter("%(asctime)-15s %(message)s") - hdlr.setFormatter(fmt) - logSys.addHandler(hdlr) - if set(["-q", "--quiet"]) & set(sys.argv): - logSys.setLevel(logging.CRITICAL) - warnings.simplefilter("ignore") - sys.warnoptions.append("ignore") - elif set(["-v", "--verbose"]) & set(sys.argv): - logSys.setLevel(logging.DEBUG) - else: - logSys.setLevel(logging.INFO) -elif "test" in sys.argv: - print("python distribute required to execute fail2ban tests") - print("") - -longdesc = ''' -Fail2Ban scans log files like /var/log/pwdfail or -/var/log/apache/error_log and bans IP that makes -too many password failures. It updates firewall rules -to reject the IP address or executes user defined -commands.''' - -if setuptools: - setup_extra = { - 'test_suite': "fail2ban.tests.utils.gatherTests", - 'use_2to3': True, - } -else: - setup_extra = {} - -data_files_extra = [] - -# Installing documentation files only under Linux or other GNU/ systems -# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding -# installation there (see e.g. #1233) -platform_system = platform.system().lower() -doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt'] -if platform_system in ('solaris', 'sunos'): - doc_files.append('README.Solaris') -if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'): - data_files_extra.append( - ('/usr/share/doc/fail2ban', doc_files) - ) - -# Get version number, avoiding importing fail2ban. -# This is due to tests not functioning for python3 as 2to3 takes place later -exec(open(join("fail2ban", "version.py")).read()) - -setup( - name = "fail2ban", - version = version, - description = "Ban IPs that make too many password failures", - long_description = longdesc, - author = "Cyril Jaquier & Fail2Ban Contributors", - author_email = "cyril.jaquier@fail2ban.org", - url = "http://www.fail2ban.org", - license = "GPL", - platforms = "Posix", - cmdclass = { - 'build_py': build_py, 'build_scripts': build_scripts, - }, - scripts = [ - 'bin/fail2ban-client', - 'bin/fail2ban-server', - 'bin/fail2ban-regex', - 'bin/fail2ban-testcases', - # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper - ], - packages = [ - 'fail2ban', - 'fail2ban.client', - 'fail2ban.server', - 'fail2ban.tests', - 'fail2ban.tests.action_d', - ], - package_data = { - 'fail2ban.tests': - [ join(w[0], f).replace("fail2ban/tests/", "", 1) - for w in os.walk('fail2ban/tests/files') - for f in w[2]] + - [ join(w[0], f).replace("fail2ban/tests/", "", 1) - for w in os.walk('fail2ban/tests/config') - for f in w[2]] + - [ join(w[0], f).replace("fail2ban/tests/", "", 1) - for w in os.walk('fail2ban/tests/action_d') - for f in w[2]] - }, - data_files = [ - ('/etc/fail2ban', - glob("config/*.conf") - ), - ('/etc/fail2ban/filter.d', - glob("config/filter.d/*.conf") - ), - ('/etc/fail2ban/filter.d/ignorecommands', - [p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)] - ), - ('/etc/fail2ban/action.d', - glob("config/action.d/*.conf") + - glob("config/action.d/*.py") - ), - ('/etc/fail2ban/fail2ban.d', - '' - ), - ('/etc/fail2ban/jail.d', - '' - ), - ('/var/lib/fail2ban', - '' - ), - ] + data_files_extra, - **setup_extra -) diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index ed75a0e7dd..fcf044a562 100644 --- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -9,10 +9,9 @@ HOMEPAGE = "http://www.fail2ban.org" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" -SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46" -SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \ +SRCREV ="d6b884f3b72b8a42b21da863836569ef6836c2ea" +SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \ file://initd \ - file://fail2ban_setup.py \ file://run-ptest \ " @@ -20,13 +19,13 @@ inherit update-rc.d ptest setuptools3 S = "${WORKDIR}/git" -do_compile:prepend () { - cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py +do_compile () { cd ${S} ./fail2ban-2to3 } do_install:append () { + rm -f ${D}/${bindir}/fail2ban-python install -d ${D}/${sysconfdir}/fail2ban install -d ${D}/${sysconfdir}/init.d install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server @@ -38,6 +37,7 @@ do_install_ptest:append () { install -d ${D}${PTEST_PATH}/bin sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest install -D ${S}/bin/* ${D}${PTEST_PATH}/bin + rm -f ${D}${PTEST_PATH}/bin/fail2ban-python } FILES:${PN} += "/run" diff --git a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb b/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb index a70d310a5b..66bf429a46 100644 --- a/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb +++ b/meta-security/recipes-security/fscrypt/fscrypt_1.0.0.bb @@ -14,7 +14,7 @@ BBCLASSEXTEND = "native nativesdk" DEPENDS += "go-dep-native libpam" SRCREV = "92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4" -SRC_URI = "git://github.com/google/fscrypt.git" +SRC_URI = "git://github.com/google/fscrypt.git;branch=master;protocol=https" GO_IMPORT = "import" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb index 26f549b6c0..d319e48dbe 100644 --- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb +++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb @@ -10,7 +10,7 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" SRCREV = "56b898c896240328adef7407090215abbe9ee03d" -SRC_URI = "git://github.com/google/fscryptctl.git" +SRC_URI = "git://github.com/google/fscryptctl.git;branch=master;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb index 4ab8374854..e8ddf291e6 100644 --- a/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb +++ b/meta-security/recipes-security/google-authenticator-libpam/google-authenticator-libpam_1.08.bb @@ -3,7 +3,7 @@ HOME_PAGE = "https://github.com/google/google-authenticator-libpam" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" LICENSE = "Apache-2.0" -SRC_URI = "git://github.com/google/google-authenticator-libpam.git" +SRC_URI = "git://github.com/google/google-authenticator-libpam.git;branch=master;protocol=https" SRCREV = "2c7415d950fb0b4a7f779f045910666447b100ef" DEPENDS = "libpam" diff --git a/meta-security/recipes-security/libest/libest_3.2.0.bb b/meta-security/recipes-security/libest/libest_3.2.0.bb index fda2df4c99..31fbe3c158 100644 --- a/meta-security/recipes-security/libest/libest_3.2.0.bb +++ b/meta-security/recipes-security/libest/libest_3.2.0.bb @@ -6,7 +6,7 @@ LICENSE = "OpenSSL" LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885" SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b" -SRC_URI = "git://github.com/cisco/libest;branch=main" +SRC_URI = "git://github.com/cisco/libest;branch=main;protocol=https" DEPENDS = "openssl" diff --git a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb index 8c288beebc..65db10f976 100644 --- a/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb +++ b/meta-security/recipes-security/libmspack/libmspack_1.9.1.bb @@ -7,7 +7,7 @@ DEPENDS = "" LIC_FILES_CHKSUM = "file://COPYING.LIB;beginline=1;endline=2;md5=5b1fd1f66ef926b3c8a5bb00a72a28dd" SRCREV = "63d3faf90423a4a6c174539a7d32111a840adadc" -SRC_URI = "git://github.com/kyz/libmspack.git" +SRC_URI = "git://github.com/kyz/libmspack.git;branch=master;protocol=https" inherit autotools diff --git a/meta-security/recipes-security/ncrack/ncrack_0.7.bb b/meta-security/recipes-security/ncrack/ncrack_0.7.bb index 8b221e53c1..f151e4e139 100644 --- a/meta-security/recipes-security/ncrack/ncrack_0.7.bb +++ b/meta-security/recipes-security/ncrack/ncrack_0.7.bb @@ -7,7 +7,7 @@ LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=66938a7e5b4c118eda78271de14874c2" SRCREV = "dc570e7e3cec1fb176c0168eaedc723084bd0426" -SRC_URI = "git://github.com/nmap/ncrack.git" +SRC_URI = "git://github.com/nmap/ncrack.git;branch=master;protocol=https" DEPENDS = "openssl zlib" diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb index 242f3acc57..8542d69216 100644 --- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb +++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb @@ -7,7 +7,7 @@ LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79" -SRC_URI = "git://github.com/sullo/nikto.git \ +SRC_URI = "git://github.com/sullo/nikto.git;branch=master;protocol=https \ file://location.patch" S = "${WORKDIR}/git/program" diff --git a/meta-security/recipes-security/sssd/sssd_2.5.2.bb b/meta-security/recipes-security/sssd/sssd_2.5.2.bb index 76d6e03e9b..ed8af5ea3b 100644 --- a/meta-security/recipes-security/sssd/sssd_2.5.2.bb +++ b/meta-security/recipes-security/sssd/sssd_2.5.2.bb @@ -125,10 +125,14 @@ SYSTEMD_SERVICE:${PN} = " \ " SYSTEMD_AUTO_ENABLE = "disable" -FILES:${PN} += "${libdir} ${datadir} ${base_libdir}/security/pam_sss*.so" -FILES:${PN}-dev = " ${includedir}/* ${libdir}/*la ${libdir}/*/*la" +PACKAGES =+ "libsss-sudo" +ALLOW_EMPTY:libsss-sudo = "1" -# The package contains symlinks that trip up insane -INSANE_SKIP:${PN} = "dev-so" +FILES:${PN} += "${base_libdir}/security/pam_sss*.so \ + ${datadir}/dbus-1/system-services/*.service \ + ${libdir}/krb5/* \ + ${libdir}/ldb/* \ + " +FILES:libsss-sudo = "${libdir}/libsss_sudo.so" -RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam" +RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo" |