diff options
| author | Patrick Williams <patrick@stwcx.xyz> | 2022-08-05 16:10:29 +0300 |
|---|---|---|
| committer | Patrick Williams <patrick@stwcx.xyz> | 2022-08-22 13:31:27 +0300 |
| commit | db4c27ee07165dd36a758f4ab5236918f133e65b (patch) | |
| tree | 7de447487906845675b53a4eb1fc2e4c08093edc /meta-security | |
| parent | dbdec8bbc3f5962afbaa70abdf0011e415000508 (diff) | |
| download | openbmc-db4c27ee07165dd36a758f4ab5236918f133e65b.tar.xz | |
subtree updates
meta-raspberrypi: 62a84833d9..b6a1645a97:
Andrei Gherzan (22):
ci: Migrate worflow to using latest git-mirror-me-action revision
ci: Run the cancel workflow on generic workers and update action
ci: Run the compliance workflow on generic workers
ci: Run the mirror workflow on generic workers
ci: Don't run yocto builds on PRs that don't affect them
raspberrypi-tools.inc: Bump to latest revision
rpi-gpio: Bump to 0.7.1
python3-adafruit-platformdetect: Bump to 3.27.0
python3-adafruit-circuitpython-register: Bump to 1.9.10
userland: Bump revision to the current HEAD
bluez-firmware-rpidistro: Backport patch to fix CYW43455 and various CVEs
linux-raspberrypi: Update 5.15 recipe to 5.15.56
linux-raspberrypi: Update 5.10 recipe to latest revision
linux-firmware-rpidistro: Update to 1:20210315-3+rpt7 release
omxplayer: Bump to latest revision
linux-firmware-rpidistro: Revamp, cleanup and restructure recipe
linux-firmware-rpidistro: Guard the recipe under a license flag
ci: Set LICENSE_FLAGS_ACCEPTED in builder docker container
README.md: Mention Yocto Compatible Layer
README.md: Refactor top table
Add initial version of CODE_OF_CONDUCT.md
Use a png with transparency for balena logo
Vincent Davis Jr (1):
docs: remove backticks
poky: 4161dbbbd6..fc59c28724:
Aatir Manzur (1):
ref-manual: Sphinx note directive for DISTRO_FEATURES definition
Alejandro Hernandez Samaniego (1):
package.bbclass: Fix kernel source handling when not using externalsrc
Alex Kiernan (1):
bind: Remove legacy python3 PACKAGECONFIG code
Alexander Kanavin (61):
conf/local.conf.sample: mention site.conf.sample as well
sato-icon-theme: check for new commits rather than tags
gcr: exclude x.9y versions from upstream version check
efibootmgr: update 17 -> 18
systemd-boot: update 251.2 -> 251.3
libva: upgrade 2.14.0 -> 2.15.0
libva-utils: update 2.14.0 -> 2.15.0
xev: update 1.2.4 -> 1.2.5
xmodmap: update 1.0.10 -> 1.0.11
xf86-input-synaptics: update 1.9.1 -> 1.9.2
xf86-video-cirrus: update 1.5.3 -> 1.6.0
encodings: update 1.0.5 -> 1.0.6
font-util: update 1.3.2 -> 1.3.3
linux-firmware: update 20220610 -> 20220708
rt-tests: update 2.3 -> 2.4
libgit2: update 1.4.3 -> 1.5.0
u-boot: update 2022.04 -> 2022.07
go: update 1.18.3 -> 1.18.4
llvm: update 14.0.4 -> 14.0.6
vulkan-samples: update to latest revision
xserver-xorg: update 21.1.3 -> 21.1.4
alsa-lib: upgrade 1.2.7.1 -> 1.2.7.2
alsa-ucm-conf: upgrade 1.2.7.1 -> 1.2.7.2
diffoscope: upgrade 217 -> 218
git: upgrade 2.37.0 -> 2.37.1
hdparm: upgrade 9.63 -> 9.64
libdrm: upgrade 2.4.111 -> 2.4.112
libhandy: upgrade 1.6.2 -> 1.6.3
libidn2: upgrade 2.3.2 -> 2.3.3
libnl: upgrade 3.6.0 -> 3.7.0
libnotify: upgrade 0.7.12 -> 0.8.0
libuv: upgrade 1.44.1 -> 1.44.2
log4cplus: upgrade 2.0.7 -> 2.0.8
meson: upgrade 0.62.2 -> 0.63.0
mmc-utils: upgrade to latest revision
mpg123: upgrade 1.30.0 -> 1.30.1
pango: upgrade 1.50.7 -> 1.50.8
piglit: upgrade to latest revision
python3-dtschema: upgrade 2022.5 -> 2022.7
python3-hypothesis: upgrade 6.48.2 -> 6.50.1
python3-setuptools-rust: upgrade 1.3.0 -> 1.4.1
python3-setuptools-scm: upgrade 7.0.3 -> 7.0.5
python3-setuptools: upgrade 62.6.0 -> 63.2.0
python3-zipp: upgrade 3.8.0 -> 3.8.1
sqlite3: upgrade 3.39.0 -> 3.39.1
vala: upgrade 0.56.1 -> 0.56.2
wayland-protocols: upgrade 1.25 -> 1.26
webkitgtk: upgrade 2.36.3 -> 2.36.4
xwayland: upgrade 22.1.2 -> 22.1.3
epiphany: upgrade 42.2 -> 42.3
xf86-input-keyboard: remove the recipe
toolchain-scripts.bbclass: adjust toolchain_create_tree_env_script to better replicate (e)SDK
meta-ide-support: adjust to provide (e)SDK experience directly in a yocto build
oeqa/sdk: add a test class for running SDK tests directly in a Yocto build
oeqa/sdk: allow epoxy/galculator tests to run in esdk and direct yocto builds
meson: provide relocation script and native/cross wrappers also for meson-native
selftest/meta_ide: add a test for running SDK tests directly in a yocto build
scripts/oe-setup-builddir: make it known where configurations come from
devtool/upgrade: correctly clean up when recipe filename isn't yet known
devtool/upgrade: catch bb.fetch2.decodeurl errors
poky-floating-revisions.inc: remove xf86-input-keyboard entry
Aníbal Limón (1):
rng-tools: Change systemd service name to work with sysvinit
Armin Kuster (1):
poky.conf: remove EOL and Centos7 hosts
Aryaman Gupta (1):
bitbake: runqueue: add cpu/io pressure regulation
Changhyeok Bae (1):
repo: upgrade 2.27 -> 2.28
Chen Qi (2):
glibc: make glibc-dev depend on kernel headers
image_types_wic.bbclass: fix cross binutils dependency
Daniel Gomez (1):
dropbear: Add configuration file to CONFFILES
Dmitry Baryshkov (1):
linux-firwmare: restore WHENCE_CHKSUM variable
He Zhe (1):
lttng-modules: Fix build failure for kernel v5.15.58
Hitendra Prajapati (1):
qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash
Jan Kiszka (2):
wic/bootimg-efi: Factor out some common bits
wic/bootimg-efi: Add support for loading devicetree files
Jan Vermaete (1):
python3-jsonschema: 4.7.1 -> 4.7.2 + fixed the rdepends
Jose Quaresma (5):
bitbake: bitbake: bitbake-user-manual: hashserv can be accessed on a dedicated domain
archiver.bbclass: remove unsed do_deploy_archives[dirs]
bitbake: bb/utils: remove: check the path again the expand python glob
bitbake: bb/utils: movefile: use the logger for printing
create-spdx: ignore packing control files from ipk and deb
Joshua Watt (3):
sstatesig: Include all dependencies in SPDX task signatures
bitbake: asyncrpc: Add TCP Keep Alives
classes/sanity: Add comment about github & gitlab archives
Kai Kang (1):
mesa: fix compile error when debug build enabled
Khem Raj (11):
lua: Backport fix for CVE-2022-33099
gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
gcc-runtime: Use --with-target-subdir for baremetal targets
systemd: Drop backported patch applied in 251.3
gcc-runtime: Use static dummy libstdc++
libgcc: Fix standalone target builds with usrmerge distro feature
systemd: Fix conflict between glibc mount.h and kernel mount.h
libarchive: Avoid mount.h conflict between kernel and glibc
btrfs-tools: Use linux/mount.h instead of sys/mount.h
gcc-sanitizers: Fix mount.h glibc 2.36 conflict
hdparm: Fix build with glibc 2.36
LUIS ENRIQUEZ (1):
kernel-fitimage.bbclass: add padding algorithm property in config nodes
Lee Chee Yang (1):
migration guides: release notes for 4.0.2
Mark Hatle (4):
runqemu: Add missing space on default display option
default-distrovars: seccomp doesn't support microblaze
openssl: Move microblaze to linux-latomic config
elfutils: Microblaze does not support symvers
Martin Beeger (1):
cmake: remove CMAKE_ASM_FLAGS variable in toolchain file
Martin Jansa (6):
python3-setuptools: move patch from 'files' to 'python3-setuptools'
kernel.bbclass: pass LD also in savedefconfig
ltp: fix build with ld-is-gold in DISTRO_FEATURES
pybootchartgui: render memory pressure as well
pybootchartgui: fix 2 SyntaxWarnings
pybootchartgui: write the max values in the graph legend
Michael Opdenacker (2):
docs: BB_HASHSERVE_UPSTREAM: update to new host
bitbake: bitbake-user-manual: npm fetcher: improve description of SRC_URI format
Mihai Lindner (2):
wic/plugins/rootfs: Fix NameError for 'orig_path'
create-spdx: Fix supplier field
Ming Liu (2):
rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
udev-extraconf:mount.sh: fix a umount issue
Mingli Yu (1):
strace: set COMPATIBLE_HOST for riscv32
Otavio Salvador (2):
cargo-cross-canadian: Use SDK's flags during target linking
oeqa/sdk: Add basic rust cargo test
Petr Vorel (1):
ltp: Add post release runtime fixes
Quentin Schulz (2):
docs: ref-manual: variables: remove sphinx directive from literal block
docs: auto-generate releases.rst
Randy MacLeod (1):
vim: update from 9.0.0063 to 9.0.0115
Richard Purdie (16):
curl: Fix determinism issues in ptest package
build-appliance-image: Update to master head revision
base/reproducible: Change Source Date Epoch generation methods
vim: Upgrade 9.0.0021 -> 9.0.0063
rust-common: Set llvm-target correctly for cross SDK targets
rust-cross-canadian: Fix ordering of target json config generation
rust-cross/rust-common: Merge arm target handling code to fix cross-canadian
rust-cross: Simplfy the rust_gen_target calls
rust-common/rust-cross: Clean up target json generation code
rust-target-config: Create new class to contain target json config generation
rust-target-config: Allow the targets generated to be configurable
native: Clear TUNE_FEATURES/ABIEXTENSION
populate_sdk: Add SDK toolchain language selection support
populate_sdk_base: Fix mingw override name
poky: Enable debug-kernel for SPDX license manifests
oeqa/sdk/rust: Fix file deletion for multilib SDKs
Roland Hieber (1):
devtool: error out when workspace is using old override syntax
Ross Burton (13):
pulseaudio: add m4-native to DEPENDS
python3-picobuild: upgrade to 0.2
oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled
perf: fix reproduciblity in older releases of Linux
zstd: do verbose builds
zlib: remove historical movement of libz.so to /lib
oeqa/selftest: rename git.py to intercept.py
oeqa/gotoolchain: put writable files in the Go module cache
oeqa/gotoolchain: set CGO_ENABLED=1
qemu: add io_uring PACKAGECONFIG
wic: add target tools to PATH when executing native commands
wic/bootimg-efi: use cross objcopy when building unified kernel image
wic: depend on cross-binutils
Shruthi Ravichandran (2):
initscripts: run umountnfs as a KILL script
package_manager/ipk: do not pipe stderr to stdout
Tom Hochstein (2):
gobject-introspection-data: Disable cache for g-ir-scanner
uboot-config.bbclass: Raise error for bad key
gr embeter (1):
efivar: fix import functionality
leimaohui (1):
systemd: Added base_bindir into pkg_postinst:udev-hwdb.
wangmy (10):
python3-docutils: upgrade 0.18.1 -> 0.19
python3-attrs: upgrade 21.4.0 -> 22.1.0
python3-cython: upgrade 0.29.30 -> 0.29.32
python3-dbusmock: upgrade 0.28.1 -> 0.28.4
python3-hatchling: upgrade 1.5.0 -> 1.6.0
python3-jsonschema: upgrade 4.7.2 -> 4.9.0
python3-scons: upgrade 4.3.0 -> 4.4.0
python3-setuptools: upgrade 63.2.0 -> 63.3.0
python3-pygobject: upgrade 3.42.1 -> 3.42.2
python3-pip: upgrade 22.1.2 -> 22.2.1
meta-security: 7ad5f6a9da..2a2d650ee0:
Alex Kiernan (1):
bubblewrap: Add recipe
Armin Kuster (28):
packagegroup-core-security.bb: add bubblewrap to pkg grp
packagegroup-security-tpm: add libhoth to pkg grp
python3-privacyidea: update to 3.7.2
suricata: update to 6.0.5
chipsec: update to 1.8.7
fail2ban: add UPSTREAM_CHECK vars
ibmtpm2tss: fix SRC_URI
tpm2-tss-engine: add UPSTREAM_CHECK_URI
tpm2-tss: add UPSTREAM_CHECK_URI
tpm2-tools: Add UPSTREAM_CHECK_URI
tpm2-openssl: Add UPSTREAM_CHECK_URI
tpm2-pkcs11: Add UPSTREAM_CHECK_URI
tpm2-abrmd: add UPSTREAM_CHECK_URI
tpm2-tcti-uefi: Add UPSTREAM_CHECK_URI
aide: add UPSTREAM_CHECK_URI
ecryptfs-utils: add UPSTREAM_CHECK_URI
krill: update to 0.9.6
packagegroup-core-security: add krill to pkg grps
packagegroup-core-security: add chipsec pkg to grp
apparmor: update to 3.0.5
clamav: update to 0.104.4
ibmtpm2tss: update version format
ibmswtpm2: fix UPSTREAM_CHECK
ibmswtpm2: update to 1682
swtpm: update to 0.7.3
lkrg: update to 0.9.4
krill: only builds on x86/x86-64 and arm64
packagegroup-core-security: remove krill for some archs
Armpit's Upgrade Helper (1):
libtpm: upgrade 0.9.3 -> 0.9.5
John Edward Broadbent (1):
meta-security: Add recipe for libhoth
Upgrade Helper (1):
sssd: upgrade 2.7.1 -> 2.7.3
meta-arm: 80d60e7b1c..20a629180c:
Peter Hoyes (1):
runfvp: Stop the FVP when telnet shuts down cleanly
meta-openembedded: 31c10bd3e6..2eb39477a7:
Alexander Thoma (1):
Fix tigervnc crash due to missing xkbcomp rdepends
Armin Kuster (1):
bigbuckbunny-1080p: update SRC_URI
Aryaman Gupta (1):
rsyslog: update 8.2202->8.2206
Chen Qi (1):
catfish: fix buildpaths issue
Davide Gardenal (7):
freeradius: ignore patched CVEs
openflow: ignore unrelated CVEs
libplist: ignore patched CVEs
meta-oe: ignore patched CVEs
mongodb: ignore unrelated CVEs
php: ignore patched CVEs
postgresql: ignore unrelated CVE
Gianfranco (1):
vboxguestdrivers: fix build failure on 32 bit architectures
Gianfranco Costamagna (1):
vboxguestdrivers: upgrade 6.1.34 -> 6.1.36
Jan Vermaete (8):
python3-pyzmq: version bump 22.3.0 -> 23.2.0
python3-aspectlib: updated the summary and added a description.
python3-jsonrpcclient: Added the jsonrpcclient Python package
python3-oslash: added the oslash Python package
python3-jsonrpcserver: added the python3-oslash rdepends
python-ptyprocess: fixed test_pass_fds
python3-pyzmq: added ptest
python3-pyzmq: fixed oelint-adv warnings
Johannes Schneider (1):
python3-pystemd: Upgrade 0.8.0 -> 0.10.0
Khem Raj (11):
poco: Link with libatomic on riscv32
python3-antlr4-runtime: Inherit setuptools3 instead of python_setuptools_build_meta
catfish: Inherit setuptools3 instead of python_setuptools_build_meta
python3-pycups: Inherit setuptools3 instead of python_setuptools_build_meta
python3-qface: Inherit setuptools3 instead of python_setuptools_build_meta
xscreensaver: Upgrade to 6.04
poco: Link with libatomic on mips
Revert "catfish: Inherit setuptools3 instead of python_setuptools_build_meta"
Revert "python3-pycups: Inherit setuptools3 instead of python_setuptools_build_meta"
Revert "python3-antlr4-runtime: Inherit setuptools3 instead of python_setuptools_build_meta"
libmtp: Upgrade to 1.1.20
Martin Großhauser (1):
Add runtime dependencies for python3-supervisor
Mingli Yu (1):
s-nail: fix buildpaths issue
Radovan Scasny (1):
libwebsockets: update to version 4.3.2
Ross Burton (9):
python3-cbor2: add missing build dependency
python3-simpleeval: remove 'build' build dependency
python3-pyrad: fix build system specification
python3-pytest-html: fix DEPENDS, don't depend on pip
python3-ansi2html: fix DEPENDS
python3-pytest-helpers-namespace: add missing build dependencies
python3-pyzmq: add missing build dependency
python3-path: add missing build dependencies
python3-pytest-forked: loosen dependency checking
Sergey Kizunov (2):
Add python3-pycares 4.2.1
Add python3-aiodns 3.0.0
Trevor Gamblin (1):
README: Remove maintainer info for tvgamblin
Wang Mingyu (10):
php: upgrade 8.1.7 -> 8.1.8
ndisc6: upgrade 1.0.5 -> 1.0.6
python3-elementpath: upgrade 2.5.3 -> 3.0.1
python3-pymongo: upgrade 4.1.1 -> 4.2.0
python3-pyscaffold: upgrade 4.2.3 -> 4.3
python3-regex: upgrade 2022.7.9 -> 2022.7.24
python3-rsa: upgrade 4.8 -> 4.9
python3-sh: upgrade 1.14.2 -> 1.14.3
python3-werkzeug: upgrade 2.1.2 -> 2.2.0
python3-xmlschema: upgrade 1.11.3 -> 2.0.1
Xu Huan (14):
python3-eth-hash: upgrade 0.3.3 -> 0.4.0
python3-socketio: upgrade 5.6.0 -> 5.7.0
python3-ujson: upgrade 5.3.0 -> 5.4.0
python3-web3: upgrade 5.29.2 -> 5.30.0
python3-fastjsonschema: upgrade 2.15.3 -> 2.16.1
python3-flask: upgrade 2.1.2 -> 2.1.3
python3-googleapis-common-protos: upgrade 1.56.3 -> 1.56.4
python3-iso3166: upgrade 2.0.2 -> 2.1.1
python3-kiwisolver: upgrade 1.4.3 -> 1.4.4
python3-portalocker: upgrade 2.4.0 -> 2.5.1
python3-imageio: upgrade 2.19.3 -> 2.19.5
python3-lz4: upgrade 4.0.1 -> 4.0.2
python3-mypy: upgrade 0.961 -> 0.971
python3-protobuf: upgrade 4.21.2 -> 4.21.3
kazuki0824 (1):
ttf-fonts: fix URIs, upgrade 1.004 -> 2.004
wangmy (30):
gegl: upgrade 0.4.36 -> 0.4.38
libadwaita: upgrade 1.1.2 -> 1.1.3
libgsf: upgrade 1.14.49 -> 1.14.50
nbdkit: upgrade 1.31.10 -> 1.31.12
irssi: upgrade 1.4.1 -> 1.4.2
libp11: upgrade 0.4.11 -> 0.4.12
modemmanager: upgrade 1.18.8 -> 1.18.10
pegtl: upgrade 3.2.6 -> 3.2.7
PATCH] logcheck: upgrade 1.3.23 -> 1.3.24
python3-lru-dict: upgrade 1.1.7 -> 1.1.8
python3-pyfanotify: upgrade 0.1.3 -> 0.2.0
python3-pylint: upgrade 2.14.4 -> 2.14.5
python3-pytest-metadata: upgrade 2.0.1 -> 2.0.2
python3-regex: upgrade 2022.6.2 -> 2022.7.9
python3-socketio: upgrade 5.7.0 -> 5.7.1
python3-stevedore: upgrade 3.5.0 -> 4.0.0
tracker: upgrade 3.3.1 -> 3.3.2
zenity: upgrade 3.42.1 -> 3.43.0
nbdkit: upgrade 1.31.12 -> 1.31.14
stunnel: upgrade 5.64 -> 5.65
unbound: upgrade 1.16.0 -> 1.16.1
wolfssl: upgrade 5.3.0 -> 5.4.0
atkmm-2.36: upgrade 2.36.1 -> 2.36.2
nanopb: upgrade 0.4.5 -> 0.4.6.4
redis-plus-plus: upgrade 1.3.3 -> 1.3.5
redis: upgrade 7.0.2 -> 7.0.4
ser2net: upgrade 4.3.6 -> 4.3.7
unattended-upgrades: upgrade 2.6 -> 2.9.1
valijson: upgrade 0.6 -> 0.7
googlebenchmark: upgrade 1.6.1 -> 1.7.0
zhengruoqin (17):
python3-redis: upgrade 4.3.3 -> 4.3.4
python3-ldap: upgrade 3.4.0 -> 3.4.2
python3-pillow: upgrade 9.1.1 -> 9.2.0
python3-pylint: upgrade 2.14.3 -> 2.14.4
python3-alembic: upgrade 1.8.0 -> 1.8.1
python3-astroid: upgrade 2.11.6 -> 2.12.2
python3-attr: upgrade 0.3.1 -> 0.3.2
python3-blinker: upgrade 1.4 -> 1.5
python3-cmd2: upgrade 2.4.1 -> 2.4.2
python3-ecdsa: upgrade 0.17.0 -> 0.18.0
python3-evdev: upgrade 1.5.0 -> 1.6.0
python3-absl: upgrade 1.1.0 -> 1.2.0
python3-bitarray: upgrade 2.5.1 -> 2.6.0
python3-eth-hash: upgrade 0.4.0 -> 0.5.0
python3-google-api-python-client: upgrade 2.51.0 -> 2.54.0
python3-google-auth: upgrade 2.9.0 -> 2.9.1
python3-graphviz: upgrade 0.20 -> 0.20.1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I50c531a69ce8abb23e33c380f9228015f2764682
Diffstat (limited to 'meta-security')
31 files changed, 267 insertions, 374 deletions
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index 96e17b77f5..1f55267f59 100644 --- a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -17,6 +17,8 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \ file://run-ptest \ " +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" + inherit update-rc.d ptest setuptools3_legacy S = "${WORKDIR}/git" diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb index 8b6af5e945..c1e3108375 100644 --- a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb +++ b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb @@ -6,7 +6,7 @@ LICENSE = "AGPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55" PYPI_PACKAGE = "privacyIDEA" -SRC_URI[sha256sum] = "4441282d086331dac0aee336286de8262d9ac8eb11e14b7f9aa69f865caebe17" +SRC_URI[sha256sum] = "17cbfdf0212eec94ffb10b3046093cf25af71b41413b6361668685333c5a35a7" inherit pypi setuptools3 diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.1.bb b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.3.bb index 71f14a016e..95065b38f7 100644 --- a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.1.bb +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.3.bb @@ -26,7 +26,9 @@ SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.g file://musl_fixup.patch \ " -SRC_URI[sha256sum] = "8eebd541a640aec95ed4b2da89713f0cbe8e4edf96895fbb972c0b9d570635c3" +SRC_URI[sha256sum] = "ab3c3fe2a69cc7b2557715a11000aaf358c0afd65f2828ca47a2d3b2651d871b" + +UPSTREAM_CHECK_URI = "https://github.com/SSSD/${BPN}/releases" inherit autotools pkgconfig gettext python3-dir features_check systemd diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb index 7ba5004dc9..a1d4d44998 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb @@ -14,6 +14,7 @@ RDEPENDS:packagegroup-security-tpm = " \ pcr-extend \ tpm-quote-tools \ swtpm \ + libhoth \ openssl-tpm-engine \ ${X86_TPM_MODULES} \ " diff --git a/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb b/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb new file mode 100644 index 0000000000..a3ebce7e8c --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb @@ -0,0 +1,17 @@ +SUMMARY = "Google Hoth USB library" +DESCRIPTION = "Libraries and example programs for interacting with a \ + hoth-class root of trust." +HOMEPAGE = "https://github.com/google/libhoth" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main" +SRCREV = "1622e8a040d21dd564fdc1cb4df5eda01688c197" + +DEPENDS += "libusb1" + +S = "${WORKDIR}/git" + +inherit pkgconfig meson + diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb index c03c44c05d..cf800649a1 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb @@ -2,7 +2,7 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "3f8fbc831b7bc3a6cc8422c432f577596b4cf3df" +SRCREV = "df1c3e98d697f3c1f09262d2ba161a7db784d6cc" SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https" PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch b/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch deleted file mode 100644 index d736bc66f5..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch +++ /dev/null @@ -1,22 +0,0 @@ -tpm_ioctl: fix musl for missing ioctl - -tpm_ioctl.c: In function 'ioctl_to_cmd': -tpm_ioctl.c:86:26: error: '_IOC_NRSHIFT' undeclared (first use in this function) - return ((ioctlnum >> _IOC_NRSHIFT) & _IOC_NRMASK) + 1; - - -Upstream-status: -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: git/src/swtpm_ioctl/tpm_ioctl.c -=================================================================== ---- git.orig/src/swtpm_ioctl/tpm_ioctl.c -+++ git/src/swtpm_ioctl/tpm_ioctl.c -@@ -58,6 +58,7 @@ - #include <fcntl.h> - #include <unistd.h> - #include <sys/ioctl.h> -+#include <asm/ioctl.h> - #include <getopt.h> - #include <sys/un.h> - #include <sys/types.h> diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb index 03899d8032..55d83f9597 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb @@ -6,9 +6,8 @@ SECTION = "apps" # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" -SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e" +SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53" SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \ - file://ioctl_h.patch \ " PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch index eebddb9e78..962bfc1eff 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch +++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch @@ -20,7 +20,7 @@ Index: src/makefile =================================================================== --- src.orig/makefile +++ src/makefile -@@ -38,12 +38,10 @@ +@@ -38,13 +38,11 @@ ################################################################################# @@ -29,12 +29,13 @@ Index: src/makefile CCFLAGS = -Wall \ -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ -Werror -Wsign-compare \ + -Wno-deprecated-declarations \ - -c -ggdb -O0 \ + -c -ggdb -O \ -DTPM_POSIX \ -D_POSIX_ \ -DTPM_NUVOTON -@@ -79,11 +77,11 @@ +@@ -80,11 +78,11 @@ TcpServerPosix.o : $(HEADERS) .PRECIOUS: %.o tpm_server: $(OBJFILES) diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb index 09b652debb..85fc7e0b3f 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb +++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb @@ -18,10 +18,9 @@ DEPENDS = "openssl" SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \ file://tune-makefile.patch \ " +SRC_URI[sha256sum] = "3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f" -SRC_URI[sha256sum] = "55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147" - -UPSTREAM_CHECK_REGEX = "libtpm(?P<pver>).tar.gz" +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/ibmswtpm2/files/" S = "${WORKDIR}/src" diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb index df66779639..2daca5a280 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb @@ -18,11 +18,13 @@ DEPENDS = "openssl ibmswtpm2" inherit autotools pkgconfig SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573" -SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \ +SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \ file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \ " UPSTREAM_CHECK_COMMITS = "1" +UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2" +UPSTREAM_CHECK_GITTAGREGEX = "rev.*)" EXTRA_OECONF = "--disable-tpm-1.2" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb index daafae33cb..75e958841d 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb @@ -20,6 +20,8 @@ SRC_URI = "\ SRC_URI[sha256sum] = "a7844a257eaf5176f612fe9620018edc0880cca7036465ad2593f83ae0ad6673" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig systemd update-rc.d useradd SYSTEMD_PACKAGES += "${PN}" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb index 55061c9103..263ca2c36a 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb @@ -8,6 +8,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "eedcc0b72ad6d232e6f9f55a780290c4d33a4d06efca9314f8a36d7384eb1dfc" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig do_configure:prepend() { diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb index dd0a0b57b5..38847a804c 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb @@ -10,6 +10,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "79f28899047defd6b4b72b7268dd56abf27774954022315f818c239af33e05bd" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools-brokensep pkgconfig python3native EXTRA_OECONF += "--disable-ptool-checks" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 2bf1eed0c9..9c60e2b9d5 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -12,6 +12,8 @@ SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;proto SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + S = "${WORKDIR}/git" inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb index c20af7ef0a..b82fb650d0 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb @@ -10,6 +10,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig bash-completion do_configure:prepend() { diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb index efe62a8209..89162ee416 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb @@ -12,6 +12,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/v${PV}/${BP SRC_URI[sha256sum] = "ea2941695ac221d23a7f3e1321140e75b1495ae6ade876f2f4c2ed807c65e2a5" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools-brokensep pkgconfig systemd # It uses the API deprecated since the OpenSSL 3.0 diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb index 8440bb9e9f..1556273171 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb @@ -12,6 +12,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig systemd useradd PACKAGECONFIG ??= "" diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb index 05951da8f1..a12a4c2d3d 100644 --- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb @@ -26,6 +26,7 @@ RDEPENDS:packagegroup-core-security = "\ SUMMARY:packagegroup-security-utils = "Security utilities" RDEPENDS:packagegroup-security-utils = "\ + bubblewrap \ checksec \ ding-libs \ ecryptfs-utils \ @@ -37,11 +38,16 @@ RDEPENDS:packagegroup-security-utils = "\ sshguard \ firejail \ ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam krill", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \ " -RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail" +RDEPENDS:packagegroup-security-utils:append:x86 = "chipsec" +RDEPENDS:packagegroup-security-utils:append:x86-64 = "chipsec" +RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail krill" +RDEPENDS:packagegroup-security-utils:remove:libc-musl = "krill" +RDEPENDS:packagegroup-security-utils:remove:riscv64 = "krill" +RDEPENDS:packagegroup-security-utils:remove:armv7ve = " krill" SUMMARY:packagegroup-security-scanners = "Security scanners" RDEPENDS:packagegroup-security-scanners = "\ diff --git a/meta-security/recipes-ids/aide/aide_0.17.4.bb b/meta-security/recipes-ids/aide/aide_0.17.4.bb index 7ce07296b0..52ddc43ff8 100644 --- a/meta-security/recipes-ids/aide/aide_0.17.4.bb +++ b/meta-security/recipes-ids/aide/aide_0.17.4.bb @@ -10,6 +10,8 @@ SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.ta SRC_URI[sha256sum] = "c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846" +UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" + inherit autotools pkgconfig aide-base PACKAGECONFIG ??=" mhash zlib e2fsattrs posix capabilities curl \ diff --git a/meta-security/recipes-ids/suricata/suricata_6.0.5.bb b/meta-security/recipes-ids/suricata/suricata_6.0.6.bb index 913e64e0bb..35054efb59 100644 --- a/meta-security/recipes-ids/suricata/suricata_6.0.5.bb +++ b/meta-security/recipes-ids/suricata/suricata_6.0.6.bb @@ -5,7 +5,7 @@ require suricata.inc LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz" -SRC_URI[sha256sum] = "0d4197047c84ba070dfc6b1d9f9ee92f52a71403bfac0e29b2554bb21fe00754" +SRC_URI[sha256sum] = "00173634fa76aee636e38a90b1c02616c903e42173107d47b4114960b5fbe839" DEPENDS = "lz4 libhtp" diff --git a/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch b/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch deleted file mode 100644 index f29afbe1b5..0000000000 --- a/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch +++ /dev/null @@ -1,53 +0,0 @@ -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - - -Index: git/Makefile -=================================================================== ---- git.orig/Makefile -+++ git/Makefile -@@ -7,15 +7,8 @@ - - P_OUTPUT = output - P_PWD ?= $(shell pwd) --P_KVER ?= $(shell uname -r) - P_BOOTUP_SCRIPT ?= scripts/bootup/lkrg-bootup.sh - TARGET := p_lkrg --ifneq ($(KERNELRELEASE),) -- KERNEL := /lib/modules/$(KERNELRELEASE)/build --else -- ## KERNELRELEASE not set. -- KERNEL := /lib/modules/$(P_KVER)/build --endif - - # - # Use DEBUG=on for debug build. -@@ -94,14 +87,13 @@ $(TARGET)-objs += src/modules/ksyms/p_re - src/p_lkrg_main.o - - --all: --# $(MAKE) -C $(KERNEL) M=$(P_PWD) modules CONFIG_DEBUG_SECTION_MISMATCH=y -- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules -+modules: -+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules - mkdir -p $(P_OUTPUT) - cp $(P_PWD)/$(TARGET).ko $(P_OUTPUT) - --install: -- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules_install -+moduled_install: -+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules_install - depmod -a - $(P_PWD)/$(P_BOOTUP_SCRIPT) install - -@@ -109,7 +101,7 @@ uninstall: - $(P_PWD)/$(P_BOOTUP_SCRIPT) uninstall - - clean: -- $(MAKE) -C $(KERNEL) M=$(P_PWD) clean -+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) clean - $(RM) Module.markers modules.order - $(RM) $(P_PWD)/src/modules/kmod/client/kmod/Module.markers - $(RM) $(P_PWD)/src/modules/kmod/client/kmod/modules.order diff --git a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.3.bb b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb index 2553974673..fa46cb6b5a 100644 --- a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.3.bb +++ b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb @@ -5,15 +5,13 @@ SECTION = "security" HOMEPAGE = "https://www.openwall.com/lkrg/" LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5105ead24b08a32954f34cbaa7112432" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3f3e5dd56319d33a1944d635c1c86c6f" DEPENDS = "virtual/kernel elfutils" -SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main \ - file://makefile_cleanup.patch \ -" +SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main" -SRCREV = "c578e9f786299b67ffd62057b4534b0bf4fb7ece" +SRCREV = "c58cb52145b8e8ccc6bd19079f5c835933281cdc" S = "${WORKDIR}/git" @@ -21,7 +19,13 @@ inherit module kernel-module-split MAKE_TARGETS = "modules" -MODULE_NAME = "p_lkrg" +MODULE_NAME = "lkrg" + +do_configure:append () { + sed -i -e 's/^all/modules/' ${S}/Makefile + sed -i -e 's/^install/modules_install/' ${S}/Makefile + sed -i -e 's/KERNEL/KERNEL_SRC/g' ${S}/Makefile +} module_do_install() { install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME} diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb index 896abfe178..45f19d177c 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://0001-rc.apparmor.debian-add-missing-functions.patch \ " -SRCREV = "9799fbde997820bb12a49e292356f7a6ce12e972" +SRCREV = "822db765c6fa7f9de7233c4011254a82d4dafe76" S = "${WORKDIR}/git" PARALLEL_MAKE = "" diff --git a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb b/meta-security/recipes-scanners/clamav/clamav_0.104.4.bb index 18e8329c08..68a7d1ff2f 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.104.4.bb @@ -10,8 +10,8 @@ COMPATIBLE_HOST:libc-musl:class-target = "null" LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17" -# July 27th -SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356" +# July 30th, 2022 +SRCREV = "563ba93052f3b7b46fb8725a65ee6299a9c332cf" SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \ file://clamd.conf \ @@ -20,7 +20,6 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=http file://tmpfiles.clamav \ file://headers_fixup.patch \ file://oe_cmake_fixup.patch \ - file://fix_systemd_socket.patch \ " S = "${WORKDIR}/git" @@ -69,7 +68,6 @@ do_install:append () { fi rm ${D}/${libdir}/libfreshclam.so - rm ${D}/${libdir}/libmspack.so if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -d ${D}${sysconfdir}/tmpfiles.d @@ -125,7 +123,8 @@ FILES:${PN}-freshclam = "${bindir}/freshclam \ FILES:${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ ${libdir}/pkgconfig/*.pc \ ${mandir}/man1/clamav-config.* \ - ${includedir}/*.h ${docdir}/libclamav* " + ${includedir}/*.h ${docdir}/libclamav* \ + ${libdir}/libmspack.so" FILES:${PN}-staticdev = "${libdir}/*.a" @@ -150,6 +149,8 @@ SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-freshclam" SYSTEMD_SERVICE:${PN}-daemon = "clamav-daemon.service" SYSTEMD_SERVICE:${PN}-freshclam = "clamav-freshclam.service" +INSANE_SKIP:${PN}-libclamav += "dev-so" + RDEPENDS:${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-libclamav" RRECOMMENDS:${PN} = "clamav-freshclam" RDEPENDS:${PN}-freshclam = "clamav" diff --git a/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch b/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch deleted file mode 100644 index 334777028c..0000000000 --- a/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch +++ /dev/null @@ -1,25 +0,0 @@ -clamd not installing clamav-daemon.socket - -Fixes: -__main__.SystemdUnitNotFoundError: (PosixPath('../security-build-image/1.0-r0/rootfs'), 'clamav-daemon.socket') -%post(clamav-daemon-0.104.0-r0.core2_64): waitpid(3587571) rc 3587571 status 100 -warning: %post(clamav-daemon-0.104.0-r0.core2_64) scriptlet failed, exit status 1 - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/clamd/CMakeLists.txt -=================================================================== ---- git.orig/clamd/CMakeLists.txt -+++ git/clamd/CMakeLists.txt -@@ -60,4 +60,10 @@ if(SYSTEMD_FOUND) - install( - FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket - DESTINATION ${SYSTEMD_UNIT_DIR}) -+ configure_file( -+ ${CMAKE_CURRENT_SOURCE_DIR}/clamav-daemon.socket.in -+ ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket @ONLY) -+ install( -+ FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket -+ DESTINATION ${SYSTEMD_UNIT_DIR}) - endif() diff --git a/meta-security/recipes-security/bubblewrap/bubblewrap_0.6.2.bb b/meta-security/recipes-security/bubblewrap/bubblewrap_0.6.2.bb new file mode 100644 index 0000000000..921defda9e --- /dev/null +++ b/meta-security/recipes-security/bubblewrap/bubblewrap_0.6.2.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "Unprivileged sandboxing tool" +HOMEPAGE = "https://github.com/containers/bubblewrap" +LICENSE = "LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" + +DEPENDS = "libcap" + +SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz" +SRC_URI[sha256sum] = "8a0ec802d1b3e956c5bb0a40a81c9ce0b055a31bf30a8efa547433603b8af20b" + +UPSTREAM_CHECK_URI = "https://github.com/containers/bubblewrap/releases" +UPSTREAM_CHECK_REGEX = "bubblewrap-(?P<pver>\d+(\.\d+)+)\.tar" + +inherit autotools bash-completion manpages pkgconfig + +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" +PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native docbook-xsl-stylesheets-native xmlto-native" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" +PACKAGECONFIG[setuid] = "--with-priv-mode=setuid,--with-priv-mode=none" + +PACKAGES += "${PN}-zsh-completion" + +FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" diff --git a/meta-security/recipes-security/chipsec/chipsec_1.8.5.bb b/meta-security/recipes-security/chipsec/chipsec_1.8.7.bb index 48dfe45a0c..60272bef78 100644 --- a/meta-security/recipes-security/chipsec/chipsec_1.8.5.bb +++ b/meta-security/recipes-security/chipsec/chipsec_1.8.7.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d" DEPENDS = "virtual/kernel nasm-native" SRC_URI = "git://github.com/chipsec/chipsec.git;branch=main;protocol=https" -SRCREV = "07a532aac9f6c3d94b8895cf89336b6a2e60c0d9" +SRCREV = "7b9cc5cd449f2e1e4b5dad46c0eb14348e54e3f0" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb index 5f8cf3c2e5..00e8997ce6 100644 --- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb +++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb @@ -22,6 +22,8 @@ SRC_URI = "\ SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd" SRC_URI[sha256sum] = "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f" +UPSTREAM_CHECK_URI = "https://launchpad.net/ecryptfs/+download" + inherit autotools pkgconfig systemd SYSTEMD_PACKAGES = "${PN}" diff --git a/meta-security/recipes-security/krill/krill.inc b/meta-security/recipes-security/krill/krill.inc index f86468b966..bb40f57d2d 100644 --- a/meta-security/recipes-security/krill/krill.inc +++ b/meta-security/recipes-security/krill/krill.inc @@ -1,325 +1,240 @@ # please note if you have entries that do not begin with crate:// # you must change them to how that package can be fetched SRC_URI += " \ - crate://crates.io/addr2line/0.14.1 \ + crate://crates.io/addr2line/0.17.0 \ crate://crates.io/adler/1.0.2 \ crate://crates.io/adler32/1.2.0 \ - crate://crates.io/aho-corasick/0.7.15 \ - crate://crates.io/ansi_term/0.11.0 \ + crate://crates.io/aho-corasick/0.7.18 \ crate://crates.io/ansi_term/0.12.1 \ - crate://crates.io/arrayref/0.3.6 \ - crate://crates.io/arrayvec/0.5.2 \ - crate://crates.io/ascii-canvas/2.0.0 \ + crate://crates.io/ascii-canvas/3.0.0 \ crate://crates.io/ascii/1.0.0 \ crate://crates.io/atty/0.2.14 \ - crate://crates.io/autocfg/0.1.7 \ - crate://crates.io/autocfg/1.0.1 \ - crate://crates.io/backtrace/0.3.56 \ - crate://crates.io/base64/0.10.1 \ - crate://crates.io/base64/0.12.3 \ + crate://crates.io/autocfg/1.1.0 \ + crate://crates.io/backtrace/0.3.64 \ crate://crates.io/base64/0.13.0 \ crate://crates.io/basic-cookies/0.1.4 \ - crate://crates.io/bcder/0.5.1 \ + crate://crates.io/bcder/0.6.1 \ crate://crates.io/bit-set/0.5.2 \ crate://crates.io/bit-vec/0.6.3 \ - crate://crates.io/bitflags/1.2.1 \ - crate://crates.io/blake2b_simd/0.5.11 \ + crate://crates.io/bitflags/1.3.2 \ crate://crates.io/block-buffer/0.9.0 \ - crate://crates.io/bumpalo/3.6.1 \ - crate://crates.io/byteorder/1.4.3 \ - crate://crates.io/bytes/0.4.12 \ - crate://crates.io/bytes/0.5.6 \ - crate://crates.io/bytes/1.0.1 \ - crate://crates.io/cc/1.0.67 \ - crate://crates.io/cfg-if/0.1.10 \ + crate://crates.io/bumpalo/3.9.1 \ + crate://crates.io/bytes/1.1.0 \ + crate://crates.io/cc/1.0.73 \ crate://crates.io/cfg-if/1.0.0 \ crate://crates.io/chrono/0.4.19 \ crate://crates.io/chunked_transfer/1.4.0 \ crate://crates.io/cipher/0.2.5 \ - crate://crates.io/clap/2.33.3 \ - crate://crates.io/clokwerk/0.3.4 \ - crate://crates.io/cloudabi/0.0.3 \ - crate://crates.io/constant_time_eq/0.1.5 \ - crate://crates.io/cookie/0.12.0 \ - crate://crates.io/cookie_store/0.7.0 \ - crate://crates.io/core-foundation-sys/0.8.2 \ - crate://crates.io/core-foundation/0.9.1 \ - crate://crates.io/cpuid-bool/0.1.2 \ - crate://crates.io/crc32fast/1.2.1 \ - crate://crates.io/crossbeam-deque/0.7.3 \ - crate://crates.io/crossbeam-epoch/0.8.2 \ - crate://crates.io/crossbeam-queue/0.2.3 \ - crate://crates.io/crossbeam-utils/0.7.2 \ - crate://crates.io/crossbeam-utils/0.8.3 \ + crate://crates.io/clap/2.34.0 \ + crate://crates.io/core-foundation-sys/0.8.3 \ + crate://crates.io/core-foundation/0.9.3 \ + crate://crates.io/cpufeatures/0.2.1 \ + crate://crates.io/crc32fast/1.3.2 \ crate://crates.io/crunchy/0.2.2 \ - crate://crates.io/crypto-mac/0.10.0 \ - crate://crates.io/ctrlc/3.1.9 \ + crate://crates.io/crypto-mac/0.10.1 \ + crate://crates.io/ctrlc/3.2.1 \ crate://crates.io/deunicode/0.4.3 \ crate://crates.io/diff/0.1.12 \ crate://crates.io/digest/0.9.0 \ - crate://crates.io/dirs/1.0.5 \ - crate://crates.io/dtoa/0.4.8 \ + crate://crates.io/dirs-next/2.0.0 \ + crate://crates.io/dirs-sys-next/0.1.2 \ crate://crates.io/either/1.6.1 \ crate://crates.io/ena/0.14.0 \ - crate://crates.io/encoding_rs/0.8.28 \ + crate://crates.io/encoding_rs/0.8.30 \ crate://crates.io/error-chain/0.11.0 \ - crate://crates.io/failure/0.1.8 \ - crate://crates.io/failure_derive/0.1.8 \ + crate://crates.io/fastrand/1.7.0 \ crate://crates.io/fern/0.5.9 \ crate://crates.io/fixedbitset/0.2.0 \ - crate://crates.io/flate2/1.0.20 \ crate://crates.io/fnv/1.0.7 \ crate://crates.io/foreign-types-shared/0.1.1 \ crate://crates.io/foreign-types/0.3.2 \ crate://crates.io/form_urlencoded/1.0.1 \ - crate://crates.io/fuchsia-cprng/0.1.1 \ - crate://crates.io/fuchsia-zircon-sys/0.3.3 \ - crate://crates.io/fuchsia-zircon/0.3.3 \ - crate://crates.io/futures-channel/0.3.14 \ - crate://crates.io/futures-core/0.3.14 \ - crate://crates.io/futures-cpupool/0.1.8 \ - crate://crates.io/futures-executor/0.3.14 \ - crate://crates.io/futures-io/0.3.14 \ - crate://crates.io/futures-macro/0.3.14 \ - crate://crates.io/futures-sink/0.3.14 \ - crate://crates.io/futures-task/0.3.14 \ - crate://crates.io/futures-util/0.3.14 \ - crate://crates.io/futures/0.1.31 \ - crate://crates.io/futures/0.3.14 \ - crate://crates.io/generic-array/0.14.4 \ - crate://crates.io/getrandom/0.1.16 \ - crate://crates.io/getrandom/0.2.2 \ - crate://crates.io/gimli/0.23.0 \ - crate://crates.io/h2/0.1.26 \ - crate://crates.io/h2/0.2.7 \ - crate://crates.io/hashbrown/0.9.1 \ - crate://crates.io/hermit-abi/0.1.18 \ + crate://crates.io/fslock/0.2.1 \ + crate://crates.io/futures-channel/0.3.21 \ + crate://crates.io/futures-core/0.3.21 \ + crate://crates.io/futures-executor/0.3.21 \ + crate://crates.io/futures-io/0.3.21 \ + crate://crates.io/futures-macro/0.3.21 \ + crate://crates.io/futures-sink/0.3.21 \ + crate://crates.io/futures-task/0.3.21 \ + crate://crates.io/futures-util/0.3.21 \ + crate://crates.io/futures/0.3.21 \ + crate://crates.io/generic-array/0.14.5 \ + crate://crates.io/getrandom/0.2.4 \ + crate://crates.io/gimli/0.26.1 \ + crate://crates.io/h2/0.3.11 \ + crate://crates.io/hashbrown/0.11.2 \ + crate://crates.io/hermit-abi/0.1.19 \ crate://crates.io/hex/0.4.3 \ crate://crates.io/hmac/0.10.1 \ - crate://crates.io/http-body/0.1.0 \ - crate://crates.io/http-body/0.3.1 \ - crate://crates.io/http/0.1.21 \ - crate://crates.io/http/0.2.4 \ - crate://crates.io/httparse/1.3.6 \ - crate://crates.io/httpdate/0.3.2 \ - crate://crates.io/hyper-tls/0.3.2 \ - crate://crates.io/hyper-tls/0.4.3 \ - crate://crates.io/hyper/0.12.36 \ - crate://crates.io/hyper/0.13.10 \ - crate://crates.io/idna/0.1.5 \ - crate://crates.io/idna/0.2.2 \ - crate://crates.io/impl-trait-for-tuples/0.2.1 \ - crate://crates.io/indexmap/1.6.2 \ - crate://crates.io/intervaltree/0.2.6 \ - crate://crates.io/iovec/0.1.4 \ - crate://crates.io/ipnet/2.3.0 \ - crate://crates.io/itertools/0.10.0 \ + crate://crates.io/http-body/0.4.4 \ + crate://crates.io/http/0.2.6 \ + crate://crates.io/httparse/1.6.0 \ + crate://crates.io/httpdate/1.0.2 \ + crate://crates.io/hyper-tls/0.5.0 \ + crate://crates.io/hyper/0.14.17 \ + crate://crates.io/idna/0.2.3 \ + crate://crates.io/impl-trait-for-tuples/0.2.2 \ + crate://crates.io/indexmap/1.8.0 \ + crate://crates.io/instant/0.1.12 \ + crate://crates.io/intervaltree/0.2.7 \ + crate://crates.io/ipnet/2.3.1 \ + crate://crates.io/itertools/0.10.3 \ crate://crates.io/itertools/0.9.0 \ - crate://crates.io/itoa/0.4.7 \ + crate://crates.io/itoa/1.0.1 \ crate://crates.io/jmespatch/0.3.0 \ - crate://crates.io/js-sys/0.3.50 \ - crate://crates.io/kernel32-sys/0.2.2 \ - crate://crates.io/lalrpop-util/0.19.5 \ - crate://crates.io/lalrpop/0.19.5 \ + crate://crates.io/js-sys/0.3.56 \ + crate://crates.io/lalrpop-util/0.19.7 \ + crate://crates.io/lalrpop/0.19.7 \ crate://crates.io/lazy_static/1.4.0 \ - crate://crates.io/libc/0.2.93 \ - crate://crates.io/libflate/1.0.4 \ - crate://crates.io/libflate_lz77/1.0.0 \ - crate://crates.io/lock_api/0.3.4 \ + crate://crates.io/libc/0.2.119 \ + crate://crates.io/libflate/1.1.2 \ + crate://crates.io/libflate_lz77/1.1.0 \ + crate://crates.io/lock_api/0.4.6 \ crate://crates.io/log/0.4.14 \ crate://crates.io/maplit/1.0.2 \ crate://crates.io/matchers/0.0.1 \ - crate://crates.io/matches/0.1.8 \ - crate://crates.io/maybe-uninit/2.0.0 \ - crate://crates.io/memchr/2.3.4 \ - crate://crates.io/memoffset/0.5.6 \ + crate://crates.io/matches/0.1.9 \ + crate://crates.io/memchr/2.4.1 \ + crate://crates.io/memoffset/0.6.5 \ crate://crates.io/mime/0.3.16 \ - crate://crates.io/mime_guess/2.0.3 \ crate://crates.io/miniz_oxide/0.4.4 \ - crate://crates.io/mio/0.6.23 \ - crate://crates.io/miow/0.2.2 \ - crate://crates.io/native-tls/0.2.7 \ - crate://crates.io/net2/0.2.37 \ + crate://crates.io/mio/0.8.0 \ + crate://crates.io/miow/0.3.7 \ + crate://crates.io/native-tls/0.2.8 \ crate://crates.io/new_debug_unreachable/1.0.4 \ - crate://crates.io/nix/0.20.0 \ + crate://crates.io/nix/0.23.1 \ + crate://crates.io/ntapi/0.3.7 \ + crate://crates.io/num-bigint/0.4.3 \ crate://crates.io/num-integer/0.1.44 \ crate://crates.io/num-traits/0.2.14 \ - crate://crates.io/num_cpus/1.13.0 \ - crate://crates.io/oauth2/4.0.0 \ - crate://crates.io/object/0.23.0 \ - crate://crates.io/once_cell/1.7.2 \ + crate://crates.io/num_cpus/1.13.1 \ + crate://crates.io/oauth2/4.1.0 \ + crate://crates.io/object/0.27.1 \ + crate://crates.io/once_cell/1.9.0 \ crate://crates.io/opaque-debug/0.3.0 \ - crate://crates.io/openidconnect/2.0.0 \ - crate://crates.io/openssl-probe/0.1.2 \ - crate://crates.io/openssl-src/111.15.0+1.1.1k \ - crate://crates.io/openssl-sys/0.9.61 \ - crate://crates.io/openssl/0.10.33 \ + crate://crates.io/openidconnect/2.2.0 \ + crate://crates.io/openssl-probe/0.1.5 \ + crate://crates.io/openssl-src/111.17.0+1.1.1m \ + crate://crates.io/openssl-sys/0.9.72 \ + crate://crates.io/openssl/0.10.38 \ crate://crates.io/ordered-float/1.1.1 \ - crate://crates.io/oso/0.12.0 \ - crate://crates.io/parking_lot/0.9.0 \ - crate://crates.io/parking_lot_core/0.6.2 \ + crate://crates.io/oso/0.12.4 \ + crate://crates.io/parking_lot/0.11.2 \ + crate://crates.io/parking_lot_core/0.8.5 \ crate://crates.io/pbkdf2/0.7.5 \ - crate://crates.io/percent-encoding/1.0.1 \ crate://crates.io/percent-encoding/2.1.0 \ crate://crates.io/petgraph/0.5.1 \ - crate://crates.io/phf_shared/0.8.0 \ - crate://crates.io/pico-args/0.4.0 \ - crate://crates.io/pin-project-internal/1.0.6 \ - crate://crates.io/pin-project-lite/0.1.12 \ - crate://crates.io/pin-project-lite/0.2.6 \ - crate://crates.io/pin-project/1.0.6 \ + crate://crates.io/phf_shared/0.10.0 \ + crate://crates.io/pico-args/0.4.2 \ + crate://crates.io/pin-project-lite/0.2.8 \ crate://crates.io/pin-utils/0.1.0 \ - crate://crates.io/pkg-config/0.3.19 \ - crate://crates.io/polar-core/0.12.0 \ - crate://crates.io/ppv-lite86/0.2.10 \ + crate://crates.io/pkg-config/0.3.24 \ + crate://crates.io/polar-core/0.12.4 \ + crate://crates.io/ppv-lite86/0.2.16 \ crate://crates.io/precomputed-hash/0.1.1 \ - crate://crates.io/proc-macro-hack/0.5.19 \ - crate://crates.io/proc-macro-nested/0.1.7 \ - crate://crates.io/proc-macro2/1.0.26 \ - crate://crates.io/publicsuffix/1.5.6 \ - crate://crates.io/quick-xml/0.19.0 \ - crate://crates.io/quote/1.0.9 \ - crate://crates.io/rand/0.6.5 \ - crate://crates.io/rand/0.7.3 \ - crate://crates.io/rand/0.8.3 \ - crate://crates.io/rand_chacha/0.1.1 \ - crate://crates.io/rand_chacha/0.2.2 \ - crate://crates.io/rand_chacha/0.3.0 \ - crate://crates.io/rand_core/0.3.1 \ - crate://crates.io/rand_core/0.4.2 \ - crate://crates.io/rand_core/0.5.1 \ - crate://crates.io/rand_core/0.6.2 \ - crate://crates.io/rand_hc/0.1.0 \ - crate://crates.io/rand_hc/0.2.0 \ - crate://crates.io/rand_hc/0.3.0 \ - crate://crates.io/rand_isaac/0.1.1 \ - crate://crates.io/rand_jitter/0.1.4 \ - crate://crates.io/rand_os/0.1.3 \ - crate://crates.io/rand_pcg/0.1.2 \ - crate://crates.io/rand_xorshift/0.1.1 \ - crate://crates.io/rdrand/0.4.0 \ - crate://crates.io/redox_syscall/0.1.57 \ - crate://crates.io/redox_syscall/0.2.5 \ - crate://crates.io/redox_users/0.3.5 \ - crate://crates.io/regex-automata/0.1.9 \ - crate://crates.io/regex-syntax/0.6.23 \ - crate://crates.io/regex/1.4.5 \ + crate://crates.io/priority-queue/1.2.1 \ + crate://crates.io/proc-macro2/1.0.36 \ + crate://crates.io/quick-xml/0.22.0 \ + crate://crates.io/quote/1.0.15 \ + crate://crates.io/rand/0.8.5 \ + crate://crates.io/rand_chacha/0.3.1 \ + crate://crates.io/rand_core/0.6.3 \ + crate://crates.io/redox_syscall/0.2.10 \ + crate://crates.io/redox_users/0.4.0 \ + crate://crates.io/regex-automata/0.1.10 \ + crate://crates.io/regex-syntax/0.6.25 \ + crate://crates.io/regex/1.5.5 \ crate://crates.io/remove_dir_all/0.5.3 \ - crate://crates.io/reqwest/0.10.10 \ - crate://crates.io/reqwest/0.9.24 \ + crate://crates.io/reqwest/0.11.9 \ crate://crates.io/ring/0.16.20 \ - crate://crates.io/rle-decode-fast/1.0.1 \ + crate://crates.io/rle-decode-fast/1.0.3 \ crate://crates.io/rpassword/5.0.1 \ - crate://crates.io/rpki/0.10.1 \ - crate://crates.io/rust-argon2/0.8.3 \ - crate://crates.io/rustc-demangle/0.1.18 \ + crate://crates.io/rpki/0.13.2 \ + crate://crates.io/rustc-demangle/0.1.21 \ crate://crates.io/rustc_version/0.2.3 \ - crate://crates.io/rustls/0.18.1 \ - crate://crates.io/ryu/1.0.5 \ + crate://crates.io/rustls/0.19.1 \ + crate://crates.io/rustversion/1.0.6 \ + crate://crates.io/ryu/1.0.9 \ crate://crates.io/salsa20/0.7.2 \ crate://crates.io/schannel/0.1.19 \ crate://crates.io/scopeguard/1.1.0 \ crate://crates.io/scrypt/0.6.5 \ crate://crates.io/sct/0.6.1 \ - crate://crates.io/security-framework-sys/2.2.0 \ - crate://crates.io/security-framework/2.2.0 \ + crate://crates.io/security-framework-sys/2.6.1 \ + crate://crates.io/security-framework/2.6.1 \ crate://crates.io/semver-parser/0.7.0 \ crate://crates.io/semver/0.9.0 \ crate://crates.io/serde-value/0.6.0 \ - crate://crates.io/serde/1.0.125 \ - crate://crates.io/serde_derive/1.0.125 \ - crate://crates.io/serde_json/1.0.64 \ - crate://crates.io/serde_path_to_error/0.1.4 \ - crate://crates.io/serde_urlencoded/0.5.5 \ - crate://crates.io/serde_urlencoded/0.7.0 \ - crate://crates.io/sha2/0.9.3 \ - crate://crates.io/sharded-slab/0.1.1 \ - crate://crates.io/siphasher/0.3.5 \ - crate://crates.io/slab/0.4.2 \ + crate://crates.io/serde/1.0.136 \ + crate://crates.io/serde_derive/1.0.136 \ + crate://crates.io/serde_json/1.0.79 \ + crate://crates.io/serde_path_to_error/0.1.7 \ + crate://crates.io/serde_urlencoded/0.7.1 \ + crate://crates.io/sha2/0.9.9 \ + crate://crates.io/sharded-slab/0.1.4 \ + crate://crates.io/siphasher/0.3.9 \ + crate://crates.io/slab/0.4.5 \ crate://crates.io/slug/0.1.4 \ - crate://crates.io/smallvec/0.6.14 \ - crate://crates.io/smallvec/1.6.1 \ - crate://crates.io/socket2/0.3.19 \ + crate://crates.io/smallvec/1.8.0 \ + crate://crates.io/socket2/0.4.4 \ crate://crates.io/spin/0.5.2 \ - crate://crates.io/string/0.2.1 \ - crate://crates.io/string_cache/0.8.1 \ + crate://crates.io/string_cache/0.8.3 \ crate://crates.io/strsim/0.8.0 \ - crate://crates.io/subtle/2.4.0 \ - crate://crates.io/syn/1.0.69 \ - crate://crates.io/synstructure/0.12.4 \ + crate://crates.io/subtle/2.4.1 \ + crate://crates.io/syn/1.0.86 \ crate://crates.io/syslog/4.0.1 \ - crate://crates.io/tempfile/3.2.0 \ - crate://crates.io/term/0.5.2 \ + crate://crates.io/tempfile/3.3.0 \ + crate://crates.io/term/0.7.0 \ crate://crates.io/textwrap/0.11.0 \ - crate://crates.io/thiserror-impl/1.0.24 \ - crate://crates.io/thiserror/1.0.24 \ - crate://crates.io/thread_local/1.1.3 \ - crate://crates.io/time/0.1.44 \ + crate://crates.io/thiserror-impl/1.0.30 \ + crate://crates.io/thiserror/1.0.30 \ + crate://crates.io/thread_local/1.1.4 \ + crate://crates.io/time/0.1.43 \ crate://crates.io/tiny-keccak/2.0.2 \ - crate://crates.io/tiny_http/0.8.0 \ - crate://crates.io/tinyvec/1.2.0 \ + crate://crates.io/tiny_http/0.8.2 \ + crate://crates.io/tinyvec/1.5.1 \ crate://crates.io/tinyvec_macros/0.1.0 \ - crate://crates.io/tokio-buf/0.1.1 \ - crate://crates.io/tokio-current-thread/0.1.7 \ - crate://crates.io/tokio-executor/0.1.10 \ - crate://crates.io/tokio-io/0.1.13 \ - crate://crates.io/tokio-macros/0.2.6 \ - crate://crates.io/tokio-reactor/0.1.12 \ - crate://crates.io/tokio-rustls/0.14.1 \ - crate://crates.io/tokio-sync/0.1.8 \ - crate://crates.io/tokio-tcp/0.1.4 \ - crate://crates.io/tokio-threadpool/0.1.18 \ - crate://crates.io/tokio-timer/0.2.13 \ - crate://crates.io/tokio-tls/0.3.1 \ - crate://crates.io/tokio-util/0.3.1 \ - crate://crates.io/tokio/0.1.22 \ - crate://crates.io/tokio/0.2.25 \ + crate://crates.io/tokio-macros/1.7.0 \ + crate://crates.io/tokio-native-tls/0.3.0 \ + crate://crates.io/tokio-rustls/0.22.0 \ + crate://crates.io/tokio-util/0.6.9 \ + crate://crates.io/tokio/1.17.0 \ crate://crates.io/toml/0.5.8 \ crate://crates.io/tower-service/0.3.1 \ - crate://crates.io/tracing-attributes/0.1.15 \ - crate://crates.io/tracing-core/0.1.17 \ - crate://crates.io/tracing-futures/0.2.5 \ + crate://crates.io/tracing-attributes/0.1.19 \ + crate://crates.io/tracing-core/0.1.22 \ crate://crates.io/tracing-log/0.1.2 \ - crate://crates.io/tracing-serde/0.1.2 \ - crate://crates.io/tracing-subscriber/0.2.17 \ - crate://crates.io/tracing/0.1.25 \ + crate://crates.io/tracing-serde/0.1.3 \ + crate://crates.io/tracing-subscriber/0.2.25 \ + crate://crates.io/tracing/0.1.31 \ crate://crates.io/try-lock/0.2.3 \ - crate://crates.io/try_from/0.3.2 \ - crate://crates.io/typenum/1.13.0 \ - crate://crates.io/unicase/2.6.0 \ - crate://crates.io/unicode-bidi/0.3.5 \ - crate://crates.io/unicode-normalization/0.1.17 \ - crate://crates.io/unicode-width/0.1.8 \ - crate://crates.io/unicode-xid/0.2.1 \ + crate://crates.io/typenum/1.15.0 \ + crate://crates.io/unicode-bidi/0.3.7 \ + crate://crates.io/unicode-normalization/0.1.19 \ + crate://crates.io/unicode-width/0.1.9 \ + crate://crates.io/unicode-xid/0.2.2 \ crate://crates.io/untrusted/0.7.1 \ - crate://crates.io/unwrap/1.2.1 \ - crate://crates.io/url/1.7.2 \ - crate://crates.io/url/2.2.1 \ + crate://crates.io/url/2.2.2 \ crate://crates.io/urlparse/0.7.3 \ - crate://crates.io/uuid/0.7.4 \ crate://crates.io/uuid/0.8.2 \ - crate://crates.io/vcpkg/0.2.11 \ + crate://crates.io/valuable/0.1.0 \ + crate://crates.io/vcpkg/0.2.15 \ crate://crates.io/vec_map/0.8.2 \ - crate://crates.io/version_check/0.9.3 \ - crate://crates.io/want/0.2.0 \ + crate://crates.io/version_check/0.9.4 \ crate://crates.io/want/0.3.0 \ - crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ - crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \ - crate://crates.io/wasm-bindgen-backend/0.2.73 \ - crate://crates.io/wasm-bindgen-futures/0.4.23 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.73 \ - crate://crates.io/wasm-bindgen-macro/0.2.73 \ - crate://crates.io/wasm-bindgen-shared/0.2.73 \ - crate://crates.io/wasm-bindgen/0.2.73 \ - crate://crates.io/web-sys/0.3.50 \ + crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \ + crate://crates.io/wasm-bindgen-backend/0.2.79 \ + crate://crates.io/wasm-bindgen-futures/0.4.29 \ + crate://crates.io/wasm-bindgen-macro-support/0.2.79 \ + crate://crates.io/wasm-bindgen-macro/0.2.79 \ + crate://crates.io/wasm-bindgen-shared/0.2.79 \ + crate://crates.io/wasm-bindgen/0.2.79 \ + crate://crates.io/web-sys/0.3.56 \ crate://crates.io/webpki/0.21.4 \ - crate://crates.io/winapi-build/0.1.1 \ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi/0.2.8 \ crate://crates.io/winapi/0.3.9 \ - crate://crates.io/winreg/0.6.2 \ crate://crates.io/winreg/0.7.0 \ - crate://crates.io/ws2_32-sys/0.2.1 \ - crate://crates.io/xml-rs/0.8.3 \ + crate://crates.io/xml-rs/0.8.4 \ " diff --git a/meta-security/recipes-security/krill/krill_0.9.1.bb b/meta-security/recipes-security/krill/krill_0.9.6.bb index 4dc61cfb37..fd86c4bbb4 100644 --- a/meta-security/recipes-security/krill/krill_0.9.1.bb +++ b/meta-security/recipes-security/krill/krill_0.9.6.bb @@ -5,20 +5,21 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9741c346eef56131163e13b9db1241b3" DEPENDS = "openssl" -include krill.inc - # SRC_URI += "crate://crates.io/krill/0.9.1" -SRC_URI += "git://github.com/NLnetLabs/krill.git;protocol=https;nobranch=1;branch=main" -SRCREV = "d6c03b6f0199b1d10d252750a19a92b84576eb30" - +SRC_URI = "git://github.com/NLnetLabs/krill.git;protocol=https;branch=main" +SRCREV = "95e6681d5b4024cac7a1892d47fb76abc68f34fb" SRC_URI += "file://panic_workaround.patch" +include krill.inc + +UPSTREAM_CHECK_URI = "https://github.com/NLnetLabs/${BPN}/releases" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + S = "${WORKDIR}/git" CARGO_SRC_DIR = "" inherit pkgconfig useradd systemd cargo - do_install:append () { install -d ${D}${sysconfdir} install -d ${D}${datadir}/krill @@ -37,3 +38,5 @@ USERADD_PARAM:${PN} = "--system -g ${KRILL_GID} --home-dir \ --shell /sbin/nologin ${BPN}" FILES:${PN} += "{sysconfdir}/defaults ${datadir}" + +COMPATIBLE_HOST = "(i.86|x86_64|aarch64).*-linux" |