summaryrefslogtreecommitdiff
path: root/meta-security
diff options
context:
space:
mode:
authorAndrew Geissler <geissonator@yahoo.com>2021-03-31 21:36:22 +0300
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2021-04-06 16:22:18 +0300
commit9d3cc05f311fde3211b6bc0a9be221d6e889a70e (patch)
treecd4a28c9a69d3983c4ec1ab2dd7f025385b3cbb7 /meta-security
parentbd39bf61761e73b494e69f07ae975547e8ac771e (diff)
downloadopenbmc-9d3cc05f311fde3211b6bc0a9be221d6e889a70e.tar.xz
meta-security: subtree update:9504d02694..775870980b
Armin Kuster (13): libtpm: update to 0.8.2 ibmtpm2tss: update to 1.6.0 tpm2-abrmd: update to 2.4.0 tpm2-tools: update to 5.0 tpm2-tss: update to 3.0.3 tpm2-pkcs11: update to 1.5.0 tpm2-topt: update 0.3.0 trousers: update to 0.3.15 tpm-tools: update to 1.3.9.1 python3-fail2ban: fix building with ptest enabled layer.conf: Add hardknott to LAYERSERIES_COMPAT tpm2-tss-engine: update 1.1.0 swtpm: update to 0.5.2 Kai Kang (1): samhain: fix compile error on powerpc Ming Liu (1): ima-evm-keys: add file-checksums to IMA_EVM_X509 lukasz plachno (1): fscryptctl: Fix installation path Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97
Diffstat (limited to 'meta-security')
-rw-r--r--meta-security/conf/layer.conf2
-rw-r--r--meta-security/meta-hardening/conf/layer.conf2
-rw-r--r--meta-security/meta-integrity/conf/layer.conf2
-rw-r--r--meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb1
-rw-r--r--meta-security/meta-security-compliance/conf/layer.conf2
-rw-r--r--meta-security/meta-security-isafw/conf/layer.conf2
-rw-r--r--meta-security/meta-tpm/conf/layer.conf2
-rw-r--r--meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb)4
-rw-r--r--meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb)17
-rw-r--r--meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch110
-rw-r--r--meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb (renamed from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb)3
-rw-r--r--meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb4
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch30
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb)2
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb)4
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb)6
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch48
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb (renamed from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb)6
-rw-r--r--meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch28
-rw-r--r--meta-security/recipes-ids/samhain/samhain.inc1
-rw-r--r--meta-security/recipes-security/fail2ban/files/run-ptest2
-rw-r--r--meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb3
-rw-r--r--meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb2
26 files changed, 128 insertions, 161 deletions
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 8c0254b827..fd21da1eba 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,6 +9,6 @@ BBFILE_COLLECTIONS += "security"
BBFILE_PATTERN_security = "^${LAYERDIR}/"
BBFILE_PRIORITY_security = "8"
-LAYERSERIES_COMPAT_security = "gatesgarth"
+LAYERSERIES_COMPAT_security = "hardknott"
LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python"
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index 22d88749db..085ea45c57 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,6 +8,6 @@ BBFILE_COLLECTIONS += "harden-layer"
BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_harden-layer = "10"
-LAYERSERIES_COMPAT_harden-layer = "gatesgarth"
+LAYERSERIES_COMPAT_harden-layer = "hardknott"
LAYERDEPENDS_harden-layer = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 76374eb9bf..ba028da7e3 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@ INTEGRITY_BASE := '${LAYERDIR}'
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "gatesgarth"
+LAYERSERIES_COMPAT_integrity = "hardknott"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index 62685bbb02..7708aef2ce 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -14,3 +14,4 @@ do_install () {
lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
fi
}
+do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' % os.path.exists('${IMA_EVM_X509}')}"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index db243f710d..2024d4a5fe 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "scanners-layer"
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_scanners-layer = "10"
-LAYERSERIES_COMPAT_scanners-layer = "gatesgarth"
+LAYERSERIES_COMPAT_scanners-layer = "hardknott"
LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf
index b8ee1c0137..1f1095f07c 100644
--- a/meta-security/meta-security-isafw/conf/layer.conf
+++ b/meta-security/meta-security-isafw/conf/layer.conf
@@ -14,4 +14,4 @@ LAYERVERSION_security-isafw = "1"
LAYERDEPENDS_security-isafw = "core"
-LAYERSERIES_COMPAT_security-isafw = "gatesgarth"
+LAYERSERIES_COMPAT_security-isafw = "hardknott"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index cd62fbac26..65788eb0ea 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer"
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_tpm-layer = "10"
-LAYERSERIES_COMPAT_tpm-layer = "gatesgarth"
+LAYERSERIES_COMPAT_tpm-layer = "hardknott"
LAYERDEPENDS_tpm-layer = " \
core \
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
index 0ade01dd50..9784aa115b 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
@@ -2,8 +2,8 @@ SUMMARY = "LIBPM - Software TPM Library"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0"
+SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
index 35c77c806c..b7ff2ad59f 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
@@ -3,22 +3,21 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
-DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
# configure checks for the tools already during compilation and
# then swtpm_setup needs them at runtime
DEPENDS += "tpm-tools-native expect-native socat-native"
-SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \
- file://fix_fcntl_h.patch \
+SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
file://ioctl_h.patch \
"
PE = "1"
S = "${WORKDIR}/git"
-inherit autotools pkgconfig
+inherit autotools pkgconfig python3-dir
PARALLEL_MAKE = ""
TSS_USER="tss"
@@ -35,18 +34,20 @@ PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp"
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
-export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
-
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
+
+PACKAGES =+ "${PN}-python"
+FILES_${PN}-python = "${nonarch_libdir}/${PYTHON_PN}/dist-packages/* "
+
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES_${PN}-cuse = "${bindir}/swtpm_cuse"
INSANE_SKIP_${PN} += "dev-so"
-RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
+RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
deleted file mode 100644
index c2a264b628..0000000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Author: Philipp Kern <pkern@debian.org>
-Subject: Fix openssl1.1 support in data_mgmt
-Date: Tue, 31 Jan 2017 22:40:10 +0100
-
-Upstream-Status: Backport
-tpm-tools_1.3.9.1-0.1.debian.tar
-
-Signed-off-by: Armin kuster <akuster808@gmail.com>
-
----
- src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++----------------
- 1 file changed, 39 insertions(+), 21 deletions(-)
-
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
- goto out;
- }
-
-- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
- logError( TOKEN_RSA_KEY_ERROR );
-
- X509_free( pX509 );
-@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, NULL );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-
- CK_RV rv;
-
-@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-
- // Create the RSA public key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-- int dLen = BN_num_bytes( a_pRsa->d );
-- int pLen = BN_num_bytes( a_pRsa->p );
-- int qLen = BN_num_bytes( a_pRsa->q );
-- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
-- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
-- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+ const BIGNUM *bd;
-+ const BIGNUM *bp;
-+ const BIGNUM *bq;
-+ const BIGNUM *bdmp1;
-+ const BIGNUM *bdmq1;
-+ const BIGNUM *biqmp;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, &bd);
-+ RSA_get0_factors( a_pRsa, &bp, &bq);
-+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-+ int dLen = BN_num_bytes( bd );
-+ int pLen = BN_num_bytes( bp );
-+ int qLen = BN_num_bytes( bq );
-+ int dmp1Len = BN_num_bytes( bdmp1 );
-+ int dmq1Len = BN_num_bytes( bdmq1 );
-+ int iqmpLen = BN_num_bytes( biqmp );
-
- CK_RV rv;
-
-@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-- BN_bn2bin( a_pRsa->d, d );
-- BN_bn2bin( a_pRsa->p, p );
-- BN_bn2bin( a_pRsa->q, q );
-- BN_bn2bin( a_pRsa->dmp1, dmp1 );
-- BN_bn2bin( a_pRsa->dmq1, dmq1 );
-- BN_bn2bin( a_pRsa->iqmp, iqmp );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-+ BN_bn2bin( bd, d );
-+ BN_bn2bin( bp, p );
-+ BN_bn2bin( bq, q );
-+ BN_bn2bin( bdmp1, dmp1 );
-+ BN_bn2bin( bdmq1, dmq1 );
-+ BN_bn2bin( biqmp, iqmp );
-
- // Create the RSA private key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 88ef19f732..8aeb8ac4b0 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -12,12 +12,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
+SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
git://git.code.sf.net/p/trousers/tpm-tools \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
- file://05-openssl1.1_fix_data_mgmt.patch \
file://openssl1.1_fix.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 27b4e2f517..32c9a49760 100644
--- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -6,8 +6,8 @@ SECTION = "security/tpm"
DEPENDS = "openssl"
-SRCREV = "e74dd1d96753b0538192143adf58d04fcd3b242b"
-PV = "0.3.14+git${SRCPV}"
+SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
+PV = "0.3.15+git${SRCPV}"
SRC_URI = " \
git://git.code.sf.net/p/trousers/trousers \
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
index 8b13fb66c6..cfda80f41f 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
@@ -15,17 +15,15 @@ Signed-off-by: Jens Rehsack <sno@netbsd.org>
utils12/Makefile.am | 8 ++++-
2 files changed, 79 insertions(+), 4 deletions(-)
-diff --git a/utils/Makefile.am b/utils/Makefile.am
-index 1e51fe3..170a26e 100644
---- a/utils/Makefile.am
-+++ b/utils/Makefile.am
-@@ -81,9 +81,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS)
+Index: git/utils/Makefile.am
+===================================================================
+--- git.orig/utils/Makefile.am
++++ git/utils/Makefile.am
+@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
- noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h
+ noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
# install every header in ibmtss
-nobase_include_HEADERS = ibmtss/*.h
--
--notrans_man_MANS = man/man1/*.1
+nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
+ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
+ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
@@ -65,7 +63,8 @@ index 1e51fe3..170a26e 100644
+ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
+ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
+ ibmtss/ZGen_2Phase_fp.h
-+
+
+-notrans_man_MANS = man/man1/*.1
+notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
+ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
+ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
@@ -101,11 +100,11 @@ index 1e51fe3..170a26e 100644
if CONFIG_TPM20
noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
-diff --git a/utils12/Makefile.am b/utils12/Makefile.am
-index a01f47c..e9fe61e 100644
---- a/utils12/Makefile.am
-+++ b/utils12/Makefile.am
-@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
+Index: git/utils12/Makefile.am
+===================================================================
+--- git.orig/utils12/Makefile.am
++++ git/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
# result: [current-age].age.revision
libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
@@ -120,6 +119,3 @@ index a01f47c..e9fe61e 100644
noinst_HEADERS = ekutils12.h
bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
---
-2.17.1
-
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
index 18ad7eb43b..4d9b5540ad 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
@@ -17,7 +17,7 @@ DEPENDS = "openssl ibmswtpm2"
inherit autotools pkgconfig
-SRCREV = "aa6c6ec83793ba21782033c03439977c26d3cc87"
+SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f"
SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index d2a1c47b57..edfcce9d1a 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -18,7 +18,7 @@ SRC_URI = "\
file://tpm2-abrmd.default \
"
-SRCREV = "4cdda466010a3699ebe967d990ac715ae3de7d35"
+SRCREV = "4f332013a02c422e186c4aaf127ab6a40b996028"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
index 6beb67a183..d53d4fa869 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
@@ -10,7 +10,7 @@ SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch"
-SRCREV = "78bbf6a0237351830d0c3923b25ba0b57ae0b7e9"
+SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
index 5bd26ab986..dbd324aa24 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
@@ -8,6 +8,6 @@ DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc"
+SRC_URI[sha256sum] = "e1b907fe29877628052e08ad84eebc6c3f7646d29505ed4862e96162a8c91ba1"
inherit autotools pkgconfig bash-completion
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index 264484f7a1..dfebc072d3 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -9,8 +9,8 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode"
PE = "1"
-SRCREV = "bfd581986353edc1058604e77cac804bd8b0d30a"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x"
+SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
inherit autotools-brokensep pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index ebd6d539ef..5395695728 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -2,14 +2,14 @@ SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for Ope
DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
-SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x"
+SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
inherit autotools-brokensep pkgconfig systemd
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
new file mode 100644
index 0000000000..cae2e76e17
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
@@ -0,0 +1,48 @@
+From 03cca78d24d716eec792f86f5b0bc69886fad981 Mon Sep 17 00:00:00 2001
+From: Patrick McCarty <patrick.mccarty@intel.com>
+Date: Fri, 18 Dec 2020 01:54:05 +0000
+Subject: [PATCH] configure.ac: fix compatibility with autoconf 2.70
+
+With autoconf 2.70, not quoting the second argument to one of the AS_IF
+macro expansions leads to generation of invalid shell code affecting the
+first nested ERROR_IF_NO_PROG expansion.
+
+The invalid shell code leads to an error resembling:
+
+ ./configure: line 18826: syntax error near unexpected token `newline'
+ ./configure: line 18826: ` '''
+
+Fix the issue by quoting the second argument to the affected AS_IF,
+similar to the quoting found elsewhere in configure.ac.
+
+Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: tpm2-tss-3.0.3/configure.ac
+===================================================================
+--- tpm2-tss-3.0.3.orig/configure.ac
++++ tpm2-tss-3.0.3/configure.ac
+@@ -279,7 +279,7 @@ AC_ARG_ENABLE([integration],
+ [build and execute integration tests])],,
+ [enable_integration=no])
+ AS_IF([test "x$enable_integration" = "xyes"],
+- AS_IF([test "$HOSTOS" = "Linux"],
++ [AS_IF([test "$HOSTOS" = "Linux"],
+ [ERROR_IF_NO_PROG([ss])],
+ [ERROR_IF_NO_PROG([sockstat])])
+ ERROR_IF_NO_PROG([echo])
+@@ -328,7 +328,7 @@ AS_IF([test "x$enable_integration" = "xy
+ [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
+ AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
+ AC_SUBST([INTEGRATION_ARGS], [$integration_args])
+- AC_SUBST([ENABLE_INTEGRATION], [$enable_integration]))
++ AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
+ AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
+ #
+ # sanitizer compiler flags
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
index 78be51359e..b2486e5be0 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
@@ -6,8 +6,10 @@ SECTION = "tpm"
DEPENDS = "autoconf-archive-native libgcrypt openssl"
-SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "e294677f8993234d0adfa191a5cbf9c5b83cc60c724c233e3d631c26712abea0"
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
+ file://0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch \
+ "
+SRC_URI[sha256sum] = "78392be7309baf47f51b122f566ac915fd4d1760ea78571cba2e1484f9b5be17"
inherit autotools pkgconfig systemd extrausers
diff --git a/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch b/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
new file mode 100644
index 0000000000..72cb8806cb
--- /dev/null
+++ b/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
@@ -0,0 +1,28 @@
+Fix error when compile for powerpc:
+
+| x_sh_dbIO.c: In function 'swap_short':
+| x_sh_dbIO.c:229:36: error: initializer element is not constant
+| 229 | static unsigned short ooop = *iptr;
+| | ^
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/sh_dbIO.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/sh_dbIO.c b/src/sh_dbIO.c
+index b547ac5..23a9621 100644
+--- a/src/sh_dbIO.c
++++ b/src/sh_dbIO.c
+@@ -226,7 +226,8 @@ static unsigned short * swap_short (unsigned short * iptr)
+ else
+ {
+ /* alignment problem */
+- static unsigned short ooop = *iptr;
++ static unsigned short ooop;
++ ooop = *iptr;
+ unsigned short hi = (ooop & 0xff00);
+ unsigned short lo = (ooop & 0xff);
+ ooop = (lo << 8) | (hi >> 8);
diff --git a/meta-security/recipes-ids/samhain/samhain.inc b/meta-security/recipes-ids/samhain/samhain.inc
index 6a2eb08556..0148e46cf0 100644
--- a/meta-security/recipes-ids/samhain/samhain.inc
+++ b/meta-security/recipes-ids/samhain/samhain.inc
@@ -18,6 +18,7 @@ SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-avoid-searching-host-for-postgresql.patch \
file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://fix-build-with-new-version-attr.patch \
+ file://samhain-fix-initializer-element-is-not-constant.patch \
"
SRC_URI[sha256sum] = "3e57574036d5055e9557ec5095818b419ea6c4365370fc2ccce1e9f87f9fad08"
diff --git a/meta-security/recipes-security/fail2ban/files/run-ptest b/meta-security/recipes-security/fail2ban/files/run-ptest
index 9f6aebe82c..64d07d587e 100644
--- a/meta-security/recipes-security/fail2ban/files/run-ptest
+++ b/meta-security/recipes-security/fail2ban/files/run-ptest
@@ -1,3 +1,3 @@
#!/bin/sh
-##PYTHON## fail2ban-testcases
+##PYTHON## bin/fail2ban-testcases
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 6767d80cfd..b480c76d51 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -35,8 +35,9 @@ do_install_append () {
do_install_ptest_append () {
install -d ${D}${PTEST_PATH}
+ install -d ${D}${PTEST_PATH}/bin
sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
- install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH}
+ install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
}
FILES_${PN} += "/run"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 440b4e34c9..df76a3d9a6 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -15,7 +15,7 @@ SRC_URI = "git://github.com/google/fscryptctl.git"
S = "${WORKDIR}/git"
do_install() {
- oe_runmake DESTDIR=${D}${bindir} install
+ oe_runmake DESTDIR=${D} PREFIX=/usr install
}
RRECOMMENDS_${PN} += "\
generated by cgit v1.2.3 (git 2.39.0) at 2024-05-19 05:26:59 +0300