diff options
Diffstat (limited to 'meta-security')
31 files changed, 267 insertions, 374 deletions
diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index 96e17b77f5..1f55267f59 100644 --- a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -17,6 +17,8 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \ file://run-ptest \ " +UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" + inherit update-rc.d ptest setuptools3_legacy S = "${WORKDIR}/git" diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb index 8b6af5e945..c1e3108375 100644 --- a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.6.2.bb +++ b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb @@ -6,7 +6,7 @@ LICENSE = "AGPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55" PYPI_PACKAGE = "privacyIDEA" -SRC_URI[sha256sum] = "4441282d086331dac0aee336286de8262d9ac8eb11e14b7f9aa69f865caebe17" +SRC_URI[sha256sum] = "17cbfdf0212eec94ffb10b3046093cf25af71b41413b6361668685333c5a35a7" inherit pypi setuptools3 diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.1.bb b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.3.bb index 71f14a016e..95065b38f7 100644 --- a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.1.bb +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.7.3.bb @@ -26,7 +26,9 @@ SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.g file://musl_fixup.patch \ " -SRC_URI[sha256sum] = "8eebd541a640aec95ed4b2da89713f0cbe8e4edf96895fbb972c0b9d570635c3" +SRC_URI[sha256sum] = "ab3c3fe2a69cc7b2557715a11000aaf358c0afd65f2828ca47a2d3b2651d871b" + +UPSTREAM_CHECK_URI = "https://github.com/SSSD/${BPN}/releases" inherit autotools pkgconfig gettext python3-dir features_check systemd diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb index 7ba5004dc9..a1d4d44998 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb @@ -14,6 +14,7 @@ RDEPENDS:packagegroup-security-tpm = " \ pcr-extend \ tpm-quote-tools \ swtpm \ + libhoth \ openssl-tpm-engine \ ${X86_TPM_MODULES} \ " diff --git a/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb b/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb new file mode 100644 index 0000000000..a3ebce7e8c --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/hoth/libhoth_git.bb @@ -0,0 +1,17 @@ +SUMMARY = "Google Hoth USB library" +DESCRIPTION = "Libraries and example programs for interacting with a \ + hoth-class root of trust." +HOMEPAGE = "https://github.com/google/libhoth" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main" +SRCREV = "1622e8a040d21dd564fdc1cb4df5eda01688c197" + +DEPENDS += "libusb1" + +S = "${WORKDIR}/git" + +inherit pkgconfig meson + diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb index c03c44c05d..cf800649a1 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.3.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.5.bb @@ -2,7 +2,7 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "3f8fbc831b7bc3a6cc8422c432f577596b4cf3df" +SRCREV = "df1c3e98d697f3c1f09262d2ba161a7db784d6cc" SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https" PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch b/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch deleted file mode 100644 index d736bc66f5..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch +++ /dev/null @@ -1,22 +0,0 @@ -tpm_ioctl: fix musl for missing ioctl - -tpm_ioctl.c: In function 'ioctl_to_cmd': -tpm_ioctl.c:86:26: error: '_IOC_NRSHIFT' undeclared (first use in this function) - return ((ioctlnum >> _IOC_NRSHIFT) & _IOC_NRMASK) + 1; - - -Upstream-status: -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: git/src/swtpm_ioctl/tpm_ioctl.c -=================================================================== ---- git.orig/src/swtpm_ioctl/tpm_ioctl.c -+++ git/src/swtpm_ioctl/tpm_ioctl.c -@@ -58,6 +58,7 @@ - #include <fcntl.h> - #include <unistd.h> - #include <sys/ioctl.h> -+#include <asm/ioctl.h> - #include <getopt.h> - #include <sys/un.h> - #include <sys/types.h> diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb index 03899d8032..55d83f9597 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb @@ -6,9 +6,8 @@ SECTION = "apps" # expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" -SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e" +SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53" SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \ - file://ioctl_h.patch \ " PE = "1" diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch index eebddb9e78..962bfc1eff 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch +++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch @@ -20,7 +20,7 @@ Index: src/makefile =================================================================== --- src.orig/makefile +++ src/makefile -@@ -38,12 +38,10 @@ +@@ -38,13 +38,11 @@ ################################################################################# @@ -29,12 +29,13 @@ Index: src/makefile CCFLAGS = -Wall \ -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ -Werror -Wsign-compare \ + -Wno-deprecated-declarations \ - -c -ggdb -O0 \ + -c -ggdb -O \ -DTPM_POSIX \ -D_POSIX_ \ -DTPM_NUVOTON -@@ -79,11 +77,11 @@ +@@ -80,11 +78,11 @@ TcpServerPosix.o : $(HEADERS) .PRECIOUS: %.o tpm_server: $(OBJFILES) diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb index 09b652debb..85fc7e0b3f 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb +++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb @@ -18,10 +18,9 @@ DEPENDS = "openssl" SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \ file://tune-makefile.patch \ " +SRC_URI[sha256sum] = "3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f" -SRC_URI[sha256sum] = "55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147" - -UPSTREAM_CHECK_REGEX = "libtpm(?P<pver>).tar.gz" +UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/ibmswtpm2/files/" S = "${WORKDIR}/src" diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb index df66779639..2daca5a280 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb @@ -18,11 +18,13 @@ DEPENDS = "openssl ibmswtpm2" inherit autotools pkgconfig SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573" -SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \ +SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \ file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \ " UPSTREAM_CHECK_COMMITS = "1" +UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2" +UPSTREAM_CHECK_GITTAGREGEX = "rev.*)" EXTRA_OECONF = "--disable-tpm-1.2" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb index daafae33cb..75e958841d 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb @@ -20,6 +20,8 @@ SRC_URI = "\ SRC_URI[sha256sum] = "a7844a257eaf5176f612fe9620018edc0880cca7036465ad2593f83ae0ad6673" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig systemd update-rc.d useradd SYSTEMD_PACKAGES += "${PN}" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb index 55061c9103..263ca2c36a 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb @@ -8,6 +8,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "eedcc0b72ad6d232e6f9f55a780290c4d33a4d06efca9314f8a36d7384eb1dfc" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig do_configure:prepend() { diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb index dd0a0b57b5..38847a804c 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb @@ -10,6 +10,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "79f28899047defd6b4b72b7268dd56abf27774954022315f818c239af33e05bd" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools-brokensep pkgconfig python3native EXTRA_OECONF += "--disable-ptool-checks" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 2bf1eed0c9..9c60e2b9d5 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -12,6 +12,8 @@ SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;proto SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + S = "${WORKDIR}/git" inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb index c20af7ef0a..b82fb650d0 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb @@ -10,6 +10,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig bash-completion do_configure:prepend() { diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb index efe62a8209..89162ee416 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb @@ -12,6 +12,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/v${PV}/${BP SRC_URI[sha256sum] = "ea2941695ac221d23a7f3e1321140e75b1495ae6ade876f2f4c2ed807c65e2a5" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools-brokensep pkgconfig systemd # It uses the API deprecated since the OpenSSL 3.0 diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb index 8440bb9e9f..1556273171 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb @@ -12,6 +12,8 @@ SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + inherit autotools pkgconfig systemd useradd PACKAGECONFIG ??= "" diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb index 05951da8f1..a12a4c2d3d 100644 --- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb +++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb @@ -26,6 +26,7 @@ RDEPENDS:packagegroup-core-security = "\ SUMMARY:packagegroup-security-utils = "Security utilities" RDEPENDS:packagegroup-security-utils = "\ + bubblewrap \ checksec \ ding-libs \ ecryptfs-utils \ @@ -37,11 +38,16 @@ RDEPENDS:packagegroup-security-utils = "\ sshguard \ firejail \ ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \ - ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam", "",d)} \ + ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam krill", "",d)} \ ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \ " -RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail" +RDEPENDS:packagegroup-security-utils:append:x86 = "chipsec" +RDEPENDS:packagegroup-security-utils:append:x86-64 = "chipsec" +RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail krill" +RDEPENDS:packagegroup-security-utils:remove:libc-musl = "krill" +RDEPENDS:packagegroup-security-utils:remove:riscv64 = "krill" +RDEPENDS:packagegroup-security-utils:remove:armv7ve = " krill" SUMMARY:packagegroup-security-scanners = "Security scanners" RDEPENDS:packagegroup-security-scanners = "\ diff --git a/meta-security/recipes-ids/aide/aide_0.17.4.bb b/meta-security/recipes-ids/aide/aide_0.17.4.bb index 7ce07296b0..52ddc43ff8 100644 --- a/meta-security/recipes-ids/aide/aide_0.17.4.bb +++ b/meta-security/recipes-ids/aide/aide_0.17.4.bb @@ -10,6 +10,8 @@ SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.ta SRC_URI[sha256sum] = "c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846" +UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" + inherit autotools pkgconfig aide-base PACKAGECONFIG ??=" mhash zlib e2fsattrs posix capabilities curl \ diff --git a/meta-security/recipes-ids/suricata/suricata_6.0.5.bb b/meta-security/recipes-ids/suricata/suricata_6.0.6.bb index 913e64e0bb..35054efb59 100644 --- a/meta-security/recipes-ids/suricata/suricata_6.0.5.bb +++ b/meta-security/recipes-ids/suricata/suricata_6.0.6.bb @@ -5,7 +5,7 @@ require suricata.inc LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz" -SRC_URI[sha256sum] = "0d4197047c84ba070dfc6b1d9f9ee92f52a71403bfac0e29b2554bb21fe00754" +SRC_URI[sha256sum] = "00173634fa76aee636e38a90b1c02616c903e42173107d47b4114960b5fbe839" DEPENDS = "lz4 libhtp" diff --git a/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch b/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch deleted file mode 100644 index f29afbe1b5..0000000000 --- a/meta-security/recipes-kernel/lkrg/files/makefile_cleanup.patch +++ /dev/null @@ -1,53 +0,0 @@ -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - - -Index: git/Makefile -=================================================================== ---- git.orig/Makefile -+++ git/Makefile -@@ -7,15 +7,8 @@ - - P_OUTPUT = output - P_PWD ?= $(shell pwd) --P_KVER ?= $(shell uname -r) - P_BOOTUP_SCRIPT ?= scripts/bootup/lkrg-bootup.sh - TARGET := p_lkrg --ifneq ($(KERNELRELEASE),) -- KERNEL := /lib/modules/$(KERNELRELEASE)/build --else -- ## KERNELRELEASE not set. -- KERNEL := /lib/modules/$(P_KVER)/build --endif - - # - # Use DEBUG=on for debug build. -@@ -94,14 +87,13 @@ $(TARGET)-objs += src/modules/ksyms/p_re - src/p_lkrg_main.o - - --all: --# $(MAKE) -C $(KERNEL) M=$(P_PWD) modules CONFIG_DEBUG_SECTION_MISMATCH=y -- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules -+modules: -+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules - mkdir -p $(P_OUTPUT) - cp $(P_PWD)/$(TARGET).ko $(P_OUTPUT) - --install: -- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules_install -+moduled_install: -+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules_install - depmod -a - $(P_PWD)/$(P_BOOTUP_SCRIPT) install - -@@ -109,7 +101,7 @@ uninstall: - $(P_PWD)/$(P_BOOTUP_SCRIPT) uninstall - - clean: -- $(MAKE) -C $(KERNEL) M=$(P_PWD) clean -+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) clean - $(RM) Module.markers modules.order - $(RM) $(P_PWD)/src/modules/kmod/client/kmod/Module.markers - $(RM) $(P_PWD)/src/modules/kmod/client/kmod/modules.order diff --git a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.3.bb b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb index 2553974673..fa46cb6b5a 100644 --- a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.3.bb +++ b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb @@ -5,15 +5,13 @@ SECTION = "security" HOMEPAGE = "https://www.openwall.com/lkrg/" LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5105ead24b08a32954f34cbaa7112432" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3f3e5dd56319d33a1944d635c1c86c6f" DEPENDS = "virtual/kernel elfutils" -SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main \ - file://makefile_cleanup.patch \ -" +SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main" -SRCREV = "c578e9f786299b67ffd62057b4534b0bf4fb7ece" +SRCREV = "c58cb52145b8e8ccc6bd19079f5c835933281cdc" S = "${WORKDIR}/git" @@ -21,7 +19,13 @@ inherit module kernel-module-split MAKE_TARGETS = "modules" -MODULE_NAME = "p_lkrg" +MODULE_NAME = "lkrg" + +do_configure:append () { + sed -i -e 's/^all/modules/' ${S}/Makefile + sed -i -e 's/^install/modules_install/' ${S}/Makefile + sed -i -e 's/KERNEL/KERNEL_SRC/g' ${S}/Makefile +} module_do_install() { install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME} diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb index 896abfe178..45f19d177c 100644 --- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.4.bb +++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb @@ -22,7 +22,7 @@ SRC_URI = " \ file://0001-rc.apparmor.debian-add-missing-functions.patch \ " -SRCREV = "9799fbde997820bb12a49e292356f7a6ce12e972" +SRCREV = "822db765c6fa7f9de7233c4011254a82d4dafe76" S = "${WORKDIR}/git" PARALLEL_MAKE = "" diff --git a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb b/meta-security/recipes-scanners/clamav/clamav_0.104.4.bb index 18e8329c08..68a7d1ff2f 100644 --- a/meta-security/recipes-scanners/clamav/clamav_0.104.0.bb +++ b/meta-security/recipes-scanners/clamav/clamav_0.104.4.bb @@ -10,8 +10,8 @@ COMPATIBLE_HOST:libc-musl:class-target = "null" LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17" -# July 27th -SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356" +# July 30th, 2022 +SRCREV = "563ba93052f3b7b46fb8725a65ee6299a9c332cf" SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \ file://clamd.conf \ @@ -20,7 +20,6 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=http file://tmpfiles.clamav \ file://headers_fixup.patch \ file://oe_cmake_fixup.patch \ - file://fix_systemd_socket.patch \ " S = "${WORKDIR}/git" @@ -69,7 +68,6 @@ do_install:append () { fi rm ${D}/${libdir}/libfreshclam.so - rm ${D}/${libdir}/libmspack.so if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then install -d ${D}${sysconfdir}/tmpfiles.d @@ -125,7 +123,8 @@ FILES:${PN}-freshclam = "${bindir}/freshclam \ FILES:${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \ ${libdir}/pkgconfig/*.pc \ ${mandir}/man1/clamav-config.* \ - ${includedir}/*.h ${docdir}/libclamav* " + ${includedir}/*.h ${docdir}/libclamav* \ + ${libdir}/libmspack.so" FILES:${PN}-staticdev = "${libdir}/*.a" @@ -150,6 +149,8 @@ SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-freshclam" SYSTEMD_SERVICE:${PN}-daemon = "clamav-daemon.service" SYSTEMD_SERVICE:${PN}-freshclam = "clamav-freshclam.service" +INSANE_SKIP:${PN}-libclamav += "dev-so" + RDEPENDS:${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-libclamav" RRECOMMENDS:${PN} = "clamav-freshclam" RDEPENDS:${PN}-freshclam = "clamav" diff --git a/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch b/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch deleted file mode 100644 index 334777028c..0000000000 --- a/meta-security/recipes-scanners/clamav/files/fix_systemd_socket.patch +++ /dev/null @@ -1,25 +0,0 @@ -clamd not installing clamav-daemon.socket - -Fixes: -__main__.SystemdUnitNotFoundError: (PosixPath('../security-build-image/1.0-r0/rootfs'), 'clamav-daemon.socket') -%post(clamav-daemon-0.104.0-r0.core2_64): waitpid(3587571) rc 3587571 status 100 -warning: %post(clamav-daemon-0.104.0-r0.core2_64) scriptlet failed, exit status 1 - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/clamd/CMakeLists.txt -=================================================================== ---- git.orig/clamd/CMakeLists.txt -+++ git/clamd/CMakeLists.txt -@@ -60,4 +60,10 @@ if(SYSTEMD_FOUND) - install( - FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket - DESTINATION ${SYSTEMD_UNIT_DIR}) -+ configure_file( -+ ${CMAKE_CURRENT_SOURCE_DIR}/clamav-daemon.socket.in -+ ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket @ONLY) -+ install( -+ FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket -+ DESTINATION ${SYSTEMD_UNIT_DIR}) - endif() diff --git a/meta-security/recipes-security/bubblewrap/bubblewrap_0.6.2.bb b/meta-security/recipes-security/bubblewrap/bubblewrap_0.6.2.bb new file mode 100644 index 0000000000..921defda9e --- /dev/null +++ b/meta-security/recipes-security/bubblewrap/bubblewrap_0.6.2.bb @@ -0,0 +1,23 @@ +DESCRIPTION = "Unprivileged sandboxing tool" +HOMEPAGE = "https://github.com/containers/bubblewrap" +LICENSE = "LGPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" + +DEPENDS = "libcap" + +SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz" +SRC_URI[sha256sum] = "8a0ec802d1b3e956c5bb0a40a81c9ce0b055a31bf30a8efa547433603b8af20b" + +UPSTREAM_CHECK_URI = "https://github.com/containers/bubblewrap/releases" +UPSTREAM_CHECK_REGEX = "bubblewrap-(?P<pver>\d+(\.\d+)+)\.tar" + +inherit autotools bash-completion manpages pkgconfig + +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" +PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native docbook-xsl-stylesheets-native xmlto-native" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux" +PACKAGECONFIG[setuid] = "--with-priv-mode=setuid,--with-priv-mode=none" + +PACKAGES += "${PN}-zsh-completion" + +FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions" diff --git a/meta-security/recipes-security/chipsec/chipsec_1.8.5.bb b/meta-security/recipes-security/chipsec/chipsec_1.8.7.bb index 48dfe45a0c..60272bef78 100644 --- a/meta-security/recipes-security/chipsec/chipsec_1.8.5.bb +++ b/meta-security/recipes-security/chipsec/chipsec_1.8.7.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=bc2d1f9b427be5fb63f6af9da56f7c5d" DEPENDS = "virtual/kernel nasm-native" SRC_URI = "git://github.com/chipsec/chipsec.git;branch=main;protocol=https" -SRCREV = "07a532aac9f6c3d94b8895cf89336b6a2e60c0d9" +SRCREV = "7b9cc5cd449f2e1e4b5dad46c0eb14348e54e3f0" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb index 5f8cf3c2e5..00e8997ce6 100644 --- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb +++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb @@ -22,6 +22,8 @@ SRC_URI = "\ SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd" SRC_URI[sha256sum] = "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f" +UPSTREAM_CHECK_URI = "https://launchpad.net/ecryptfs/+download" + inherit autotools pkgconfig systemd SYSTEMD_PACKAGES = "${PN}" diff --git a/meta-security/recipes-security/krill/krill.inc b/meta-security/recipes-security/krill/krill.inc index f86468b966..bb40f57d2d 100644 --- a/meta-security/recipes-security/krill/krill.inc +++ b/meta-security/recipes-security/krill/krill.inc @@ -1,325 +1,240 @@ # please note if you have entries that do not begin with crate:// # you must change them to how that package can be fetched SRC_URI += " \ - crate://crates.io/addr2line/0.14.1 \ + crate://crates.io/addr2line/0.17.0 \ crate://crates.io/adler/1.0.2 \ crate://crates.io/adler32/1.2.0 \ - crate://crates.io/aho-corasick/0.7.15 \ - crate://crates.io/ansi_term/0.11.0 \ + crate://crates.io/aho-corasick/0.7.18 \ crate://crates.io/ansi_term/0.12.1 \ - crate://crates.io/arrayref/0.3.6 \ - crate://crates.io/arrayvec/0.5.2 \ - crate://crates.io/ascii-canvas/2.0.0 \ + crate://crates.io/ascii-canvas/3.0.0 \ crate://crates.io/ascii/1.0.0 \ crate://crates.io/atty/0.2.14 \ - crate://crates.io/autocfg/0.1.7 \ - crate://crates.io/autocfg/1.0.1 \ - crate://crates.io/backtrace/0.3.56 \ - crate://crates.io/base64/0.10.1 \ - crate://crates.io/base64/0.12.3 \ + crate://crates.io/autocfg/1.1.0 \ + crate://crates.io/backtrace/0.3.64 \ crate://crates.io/base64/0.13.0 \ crate://crates.io/basic-cookies/0.1.4 \ - crate://crates.io/bcder/0.5.1 \ + crate://crates.io/bcder/0.6.1 \ crate://crates.io/bit-set/0.5.2 \ crate://crates.io/bit-vec/0.6.3 \ - crate://crates.io/bitflags/1.2.1 \ - crate://crates.io/blake2b_simd/0.5.11 \ + crate://crates.io/bitflags/1.3.2 \ crate://crates.io/block-buffer/0.9.0 \ - crate://crates.io/bumpalo/3.6.1 \ - crate://crates.io/byteorder/1.4.3 \ - crate://crates.io/bytes/0.4.12 \ - crate://crates.io/bytes/0.5.6 \ - crate://crates.io/bytes/1.0.1 \ - crate://crates.io/cc/1.0.67 \ - crate://crates.io/cfg-if/0.1.10 \ + crate://crates.io/bumpalo/3.9.1 \ + crate://crates.io/bytes/1.1.0 \ + crate://crates.io/cc/1.0.73 \ crate://crates.io/cfg-if/1.0.0 \ crate://crates.io/chrono/0.4.19 \ crate://crates.io/chunked_transfer/1.4.0 \ crate://crates.io/cipher/0.2.5 \ - crate://crates.io/clap/2.33.3 \ - crate://crates.io/clokwerk/0.3.4 \ - crate://crates.io/cloudabi/0.0.3 \ - crate://crates.io/constant_time_eq/0.1.5 \ - crate://crates.io/cookie/0.12.0 \ - crate://crates.io/cookie_store/0.7.0 \ - crate://crates.io/core-foundation-sys/0.8.2 \ - crate://crates.io/core-foundation/0.9.1 \ - crate://crates.io/cpuid-bool/0.1.2 \ - crate://crates.io/crc32fast/1.2.1 \ - crate://crates.io/crossbeam-deque/0.7.3 \ - crate://crates.io/crossbeam-epoch/0.8.2 \ - crate://crates.io/crossbeam-queue/0.2.3 \ - crate://crates.io/crossbeam-utils/0.7.2 \ - crate://crates.io/crossbeam-utils/0.8.3 \ + crate://crates.io/clap/2.34.0 \ + crate://crates.io/core-foundation-sys/0.8.3 \ + crate://crates.io/core-foundation/0.9.3 \ + crate://crates.io/cpufeatures/0.2.1 \ + crate://crates.io/crc32fast/1.3.2 \ crate://crates.io/crunchy/0.2.2 \ - crate://crates.io/crypto-mac/0.10.0 \ - crate://crates.io/ctrlc/3.1.9 \ + crate://crates.io/crypto-mac/0.10.1 \ + crate://crates.io/ctrlc/3.2.1 \ crate://crates.io/deunicode/0.4.3 \ crate://crates.io/diff/0.1.12 \ crate://crates.io/digest/0.9.0 \ - crate://crates.io/dirs/1.0.5 \ - crate://crates.io/dtoa/0.4.8 \ + crate://crates.io/dirs-next/2.0.0 \ + crate://crates.io/dirs-sys-next/0.1.2 \ crate://crates.io/either/1.6.1 \ crate://crates.io/ena/0.14.0 \ - crate://crates.io/encoding_rs/0.8.28 \ + crate://crates.io/encoding_rs/0.8.30 \ crate://crates.io/error-chain/0.11.0 \ - crate://crates.io/failure/0.1.8 \ - crate://crates.io/failure_derive/0.1.8 \ + crate://crates.io/fastrand/1.7.0 \ crate://crates.io/fern/0.5.9 \ crate://crates.io/fixedbitset/0.2.0 \ - crate://crates.io/flate2/1.0.20 \ crate://crates.io/fnv/1.0.7 \ crate://crates.io/foreign-types-shared/0.1.1 \ crate://crates.io/foreign-types/0.3.2 \ crate://crates.io/form_urlencoded/1.0.1 \ - crate://crates.io/fuchsia-cprng/0.1.1 \ - crate://crates.io/fuchsia-zircon-sys/0.3.3 \ - crate://crates.io/fuchsia-zircon/0.3.3 \ - crate://crates.io/futures-channel/0.3.14 \ - crate://crates.io/futures-core/0.3.14 \ - crate://crates.io/futures-cpupool/0.1.8 \ - crate://crates.io/futures-executor/0.3.14 \ - crate://crates.io/futures-io/0.3.14 \ - crate://crates.io/futures-macro/0.3.14 \ - crate://crates.io/futures-sink/0.3.14 \ - crate://crates.io/futures-task/0.3.14 \ - crate://crates.io/futures-util/0.3.14 \ - crate://crates.io/futures/0.1.31 \ - crate://crates.io/futures/0.3.14 \ - crate://crates.io/generic-array/0.14.4 \ - crate://crates.io/getrandom/0.1.16 \ - crate://crates.io/getrandom/0.2.2 \ - crate://crates.io/gimli/0.23.0 \ - crate://crates.io/h2/0.1.26 \ - crate://crates.io/h2/0.2.7 \ - crate://crates.io/hashbrown/0.9.1 \ - crate://crates.io/hermit-abi/0.1.18 \ + crate://crates.io/fslock/0.2.1 \ + crate://crates.io/futures-channel/0.3.21 \ + crate://crates.io/futures-core/0.3.21 \ + crate://crates.io/futures-executor/0.3.21 \ + crate://crates.io/futures-io/0.3.21 \ + crate://crates.io/futures-macro/0.3.21 \ + crate://crates.io/futures-sink/0.3.21 \ + crate://crates.io/futures-task/0.3.21 \ + crate://crates.io/futures-util/0.3.21 \ + crate://crates.io/futures/0.3.21 \ + crate://crates.io/generic-array/0.14.5 \ + crate://crates.io/getrandom/0.2.4 \ + crate://crates.io/gimli/0.26.1 \ + crate://crates.io/h2/0.3.11 \ + crate://crates.io/hashbrown/0.11.2 \ + crate://crates.io/hermit-abi/0.1.19 \ crate://crates.io/hex/0.4.3 \ crate://crates.io/hmac/0.10.1 \ - crate://crates.io/http-body/0.1.0 \ - crate://crates.io/http-body/0.3.1 \ - crate://crates.io/http/0.1.21 \ - crate://crates.io/http/0.2.4 \ - crate://crates.io/httparse/1.3.6 \ - crate://crates.io/httpdate/0.3.2 \ - crate://crates.io/hyper-tls/0.3.2 \ - crate://crates.io/hyper-tls/0.4.3 \ - crate://crates.io/hyper/0.12.36 \ - crate://crates.io/hyper/0.13.10 \ - crate://crates.io/idna/0.1.5 \ - crate://crates.io/idna/0.2.2 \ - crate://crates.io/impl-trait-for-tuples/0.2.1 \ - crate://crates.io/indexmap/1.6.2 \ - crate://crates.io/intervaltree/0.2.6 \ - crate://crates.io/iovec/0.1.4 \ - crate://crates.io/ipnet/2.3.0 \ - crate://crates.io/itertools/0.10.0 \ + crate://crates.io/http-body/0.4.4 \ + crate://crates.io/http/0.2.6 \ + crate://crates.io/httparse/1.6.0 \ + crate://crates.io/httpdate/1.0.2 \ + crate://crates.io/hyper-tls/0.5.0 \ + crate://crates.io/hyper/0.14.17 \ + crate://crates.io/idna/0.2.3 \ + crate://crates.io/impl-trait-for-tuples/0.2.2 \ + crate://crates.io/indexmap/1.8.0 \ + crate://crates.io/instant/0.1.12 \ + crate://crates.io/intervaltree/0.2.7 \ + crate://crates.io/ipnet/2.3.1 \ + crate://crates.io/itertools/0.10.3 \ crate://crates.io/itertools/0.9.0 \ - crate://crates.io/itoa/0.4.7 \ + crate://crates.io/itoa/1.0.1 \ crate://crates.io/jmespatch/0.3.0 \ - crate://crates.io/js-sys/0.3.50 \ - crate://crates.io/kernel32-sys/0.2.2 \ - crate://crates.io/lalrpop-util/0.19.5 \ - crate://crates.io/lalrpop/0.19.5 \ + crate://crates.io/js-sys/0.3.56 \ + crate://crates.io/lalrpop-util/0.19.7 \ + crate://crates.io/lalrpop/0.19.7 \ crate://crates.io/lazy_static/1.4.0 \ - crate://crates.io/libc/0.2.93 \ - crate://crates.io/libflate/1.0.4 \ - crate://crates.io/libflate_lz77/1.0.0 \ - crate://crates.io/lock_api/0.3.4 \ + crate://crates.io/libc/0.2.119 \ + crate://crates.io/libflate/1.1.2 \ + crate://crates.io/libflate_lz77/1.1.0 \ + crate://crates.io/lock_api/0.4.6 \ crate://crates.io/log/0.4.14 \ crate://crates.io/maplit/1.0.2 \ crate://crates.io/matchers/0.0.1 \ - crate://crates.io/matches/0.1.8 \ - crate://crates.io/maybe-uninit/2.0.0 \ - crate://crates.io/memchr/2.3.4 \ - crate://crates.io/memoffset/0.5.6 \ + crate://crates.io/matches/0.1.9 \ + crate://crates.io/memchr/2.4.1 \ + crate://crates.io/memoffset/0.6.5 \ crate://crates.io/mime/0.3.16 \ - crate://crates.io/mime_guess/2.0.3 \ crate://crates.io/miniz_oxide/0.4.4 \ - crate://crates.io/mio/0.6.23 \ - crate://crates.io/miow/0.2.2 \ - crate://crates.io/native-tls/0.2.7 \ - crate://crates.io/net2/0.2.37 \ + crate://crates.io/mio/0.8.0 \ + crate://crates.io/miow/0.3.7 \ + crate://crates.io/native-tls/0.2.8 \ crate://crates.io/new_debug_unreachable/1.0.4 \ - crate://crates.io/nix/0.20.0 \ + crate://crates.io/nix/0.23.1 \ + crate://crates.io/ntapi/0.3.7 \ + crate://crates.io/num-bigint/0.4.3 \ crate://crates.io/num-integer/0.1.44 \ crate://crates.io/num-traits/0.2.14 \ - crate://crates.io/num_cpus/1.13.0 \ - crate://crates.io/oauth2/4.0.0 \ - crate://crates.io/object/0.23.0 \ - crate://crates.io/once_cell/1.7.2 \ + crate://crates.io/num_cpus/1.13.1 \ + crate://crates.io/oauth2/4.1.0 \ + crate://crates.io/object/0.27.1 \ + crate://crates.io/once_cell/1.9.0 \ crate://crates.io/opaque-debug/0.3.0 \ - crate://crates.io/openidconnect/2.0.0 \ - crate://crates.io/openssl-probe/0.1.2 \ - crate://crates.io/openssl-src/111.15.0+1.1.1k \ - crate://crates.io/openssl-sys/0.9.61 \ - crate://crates.io/openssl/0.10.33 \ + crate://crates.io/openidconnect/2.2.0 \ + crate://crates.io/openssl-probe/0.1.5 \ + crate://crates.io/openssl-src/111.17.0+1.1.1m \ + crate://crates.io/openssl-sys/0.9.72 \ + crate://crates.io/openssl/0.10.38 \ crate://crates.io/ordered-float/1.1.1 \ - crate://crates.io/oso/0.12.0 \ - crate://crates.io/parking_lot/0.9.0 \ - crate://crates.io/parking_lot_core/0.6.2 \ + crate://crates.io/oso/0.12.4 \ + crate://crates.io/parking_lot/0.11.2 \ + crate://crates.io/parking_lot_core/0.8.5 \ crate://crates.io/pbkdf2/0.7.5 \ - crate://crates.io/percent-encoding/1.0.1 \ crate://crates.io/percent-encoding/2.1.0 \ crate://crates.io/petgraph/0.5.1 \ - crate://crates.io/phf_shared/0.8.0 \ - crate://crates.io/pico-args/0.4.0 \ - crate://crates.io/pin-project-internal/1.0.6 \ - crate://crates.io/pin-project-lite/0.1.12 \ - crate://crates.io/pin-project-lite/0.2.6 \ - crate://crates.io/pin-project/1.0.6 \ + crate://crates.io/phf_shared/0.10.0 \ + crate://crates.io/pico-args/0.4.2 \ + crate://crates.io/pin-project-lite/0.2.8 \ crate://crates.io/pin-utils/0.1.0 \ - crate://crates.io/pkg-config/0.3.19 \ - crate://crates.io/polar-core/0.12.0 \ - crate://crates.io/ppv-lite86/0.2.10 \ + crate://crates.io/pkg-config/0.3.24 \ + crate://crates.io/polar-core/0.12.4 \ + crate://crates.io/ppv-lite86/0.2.16 \ crate://crates.io/precomputed-hash/0.1.1 \ - crate://crates.io/proc-macro-hack/0.5.19 \ - crate://crates.io/proc-macro-nested/0.1.7 \ - crate://crates.io/proc-macro2/1.0.26 \ - crate://crates.io/publicsuffix/1.5.6 \ - crate://crates.io/quick-xml/0.19.0 \ - crate://crates.io/quote/1.0.9 \ - crate://crates.io/rand/0.6.5 \ - crate://crates.io/rand/0.7.3 \ - crate://crates.io/rand/0.8.3 \ - crate://crates.io/rand_chacha/0.1.1 \ - crate://crates.io/rand_chacha/0.2.2 \ - crate://crates.io/rand_chacha/0.3.0 \ - crate://crates.io/rand_core/0.3.1 \ - crate://crates.io/rand_core/0.4.2 \ - crate://crates.io/rand_core/0.5.1 \ - crate://crates.io/rand_core/0.6.2 \ - crate://crates.io/rand_hc/0.1.0 \ - crate://crates.io/rand_hc/0.2.0 \ - crate://crates.io/rand_hc/0.3.0 \ - crate://crates.io/rand_isaac/0.1.1 \ - crate://crates.io/rand_jitter/0.1.4 \ - crate://crates.io/rand_os/0.1.3 \ - crate://crates.io/rand_pcg/0.1.2 \ - crate://crates.io/rand_xorshift/0.1.1 \ - crate://crates.io/rdrand/0.4.0 \ - crate://crates.io/redox_syscall/0.1.57 \ - crate://crates.io/redox_syscall/0.2.5 \ - crate://crates.io/redox_users/0.3.5 \ - crate://crates.io/regex-automata/0.1.9 \ - crate://crates.io/regex-syntax/0.6.23 \ - crate://crates.io/regex/1.4.5 \ + crate://crates.io/priority-queue/1.2.1 \ + crate://crates.io/proc-macro2/1.0.36 \ + crate://crates.io/quick-xml/0.22.0 \ + crate://crates.io/quote/1.0.15 \ + crate://crates.io/rand/0.8.5 \ + crate://crates.io/rand_chacha/0.3.1 \ + crate://crates.io/rand_core/0.6.3 \ + crate://crates.io/redox_syscall/0.2.10 \ + crate://crates.io/redox_users/0.4.0 \ + crate://crates.io/regex-automata/0.1.10 \ + crate://crates.io/regex-syntax/0.6.25 \ + crate://crates.io/regex/1.5.5 \ crate://crates.io/remove_dir_all/0.5.3 \ - crate://crates.io/reqwest/0.10.10 \ - crate://crates.io/reqwest/0.9.24 \ + crate://crates.io/reqwest/0.11.9 \ crate://crates.io/ring/0.16.20 \ - crate://crates.io/rle-decode-fast/1.0.1 \ + crate://crates.io/rle-decode-fast/1.0.3 \ crate://crates.io/rpassword/5.0.1 \ - crate://crates.io/rpki/0.10.1 \ - crate://crates.io/rust-argon2/0.8.3 \ - crate://crates.io/rustc-demangle/0.1.18 \ + crate://crates.io/rpki/0.13.2 \ + crate://crates.io/rustc-demangle/0.1.21 \ crate://crates.io/rustc_version/0.2.3 \ - crate://crates.io/rustls/0.18.1 \ - crate://crates.io/ryu/1.0.5 \ + crate://crates.io/rustls/0.19.1 \ + crate://crates.io/rustversion/1.0.6 \ + crate://crates.io/ryu/1.0.9 \ crate://crates.io/salsa20/0.7.2 \ crate://crates.io/schannel/0.1.19 \ crate://crates.io/scopeguard/1.1.0 \ crate://crates.io/scrypt/0.6.5 \ crate://crates.io/sct/0.6.1 \ - crate://crates.io/security-framework-sys/2.2.0 \ - crate://crates.io/security-framework/2.2.0 \ + crate://crates.io/security-framework-sys/2.6.1 \ + crate://crates.io/security-framework/2.6.1 \ crate://crates.io/semver-parser/0.7.0 \ crate://crates.io/semver/0.9.0 \ crate://crates.io/serde-value/0.6.0 \ - crate://crates.io/serde/1.0.125 \ - crate://crates.io/serde_derive/1.0.125 \ - crate://crates.io/serde_json/1.0.64 \ - crate://crates.io/serde_path_to_error/0.1.4 \ - crate://crates.io/serde_urlencoded/0.5.5 \ - crate://crates.io/serde_urlencoded/0.7.0 \ - crate://crates.io/sha2/0.9.3 \ - crate://crates.io/sharded-slab/0.1.1 \ - crate://crates.io/siphasher/0.3.5 \ - crate://crates.io/slab/0.4.2 \ + crate://crates.io/serde/1.0.136 \ + crate://crates.io/serde_derive/1.0.136 \ + crate://crates.io/serde_json/1.0.79 \ + crate://crates.io/serde_path_to_error/0.1.7 \ + crate://crates.io/serde_urlencoded/0.7.1 \ + crate://crates.io/sha2/0.9.9 \ + crate://crates.io/sharded-slab/0.1.4 \ + crate://crates.io/siphasher/0.3.9 \ + crate://crates.io/slab/0.4.5 \ crate://crates.io/slug/0.1.4 \ - crate://crates.io/smallvec/0.6.14 \ - crate://crates.io/smallvec/1.6.1 \ - crate://crates.io/socket2/0.3.19 \ + crate://crates.io/smallvec/1.8.0 \ + crate://crates.io/socket2/0.4.4 \ crate://crates.io/spin/0.5.2 \ - crate://crates.io/string/0.2.1 \ - crate://crates.io/string_cache/0.8.1 \ + crate://crates.io/string_cache/0.8.3 \ crate://crates.io/strsim/0.8.0 \ - crate://crates.io/subtle/2.4.0 \ - crate://crates.io/syn/1.0.69 \ - crate://crates.io/synstructure/0.12.4 \ + crate://crates.io/subtle/2.4.1 \ + crate://crates.io/syn/1.0.86 \ crate://crates.io/syslog/4.0.1 \ - crate://crates.io/tempfile/3.2.0 \ - crate://crates.io/term/0.5.2 \ + crate://crates.io/tempfile/3.3.0 \ + crate://crates.io/term/0.7.0 \ crate://crates.io/textwrap/0.11.0 \ - crate://crates.io/thiserror-impl/1.0.24 \ - crate://crates.io/thiserror/1.0.24 \ - crate://crates.io/thread_local/1.1.3 \ - crate://crates.io/time/0.1.44 \ + crate://crates.io/thiserror-impl/1.0.30 \ + crate://crates.io/thiserror/1.0.30 \ + crate://crates.io/thread_local/1.1.4 \ + crate://crates.io/time/0.1.43 \ crate://crates.io/tiny-keccak/2.0.2 \ - crate://crates.io/tiny_http/0.8.0 \ - crate://crates.io/tinyvec/1.2.0 \ + crate://crates.io/tiny_http/0.8.2 \ + crate://crates.io/tinyvec/1.5.1 \ crate://crates.io/tinyvec_macros/0.1.0 \ - crate://crates.io/tokio-buf/0.1.1 \ - crate://crates.io/tokio-current-thread/0.1.7 \ - crate://crates.io/tokio-executor/0.1.10 \ - crate://crates.io/tokio-io/0.1.13 \ - crate://crates.io/tokio-macros/0.2.6 \ - crate://crates.io/tokio-reactor/0.1.12 \ - crate://crates.io/tokio-rustls/0.14.1 \ - crate://crates.io/tokio-sync/0.1.8 \ - crate://crates.io/tokio-tcp/0.1.4 \ - crate://crates.io/tokio-threadpool/0.1.18 \ - crate://crates.io/tokio-timer/0.2.13 \ - crate://crates.io/tokio-tls/0.3.1 \ - crate://crates.io/tokio-util/0.3.1 \ - crate://crates.io/tokio/0.1.22 \ - crate://crates.io/tokio/0.2.25 \ + crate://crates.io/tokio-macros/1.7.0 \ + crate://crates.io/tokio-native-tls/0.3.0 \ + crate://crates.io/tokio-rustls/0.22.0 \ + crate://crates.io/tokio-util/0.6.9 \ + crate://crates.io/tokio/1.17.0 \ crate://crates.io/toml/0.5.8 \ crate://crates.io/tower-service/0.3.1 \ - crate://crates.io/tracing-attributes/0.1.15 \ - crate://crates.io/tracing-core/0.1.17 \ - crate://crates.io/tracing-futures/0.2.5 \ + crate://crates.io/tracing-attributes/0.1.19 \ + crate://crates.io/tracing-core/0.1.22 \ crate://crates.io/tracing-log/0.1.2 \ - crate://crates.io/tracing-serde/0.1.2 \ - crate://crates.io/tracing-subscriber/0.2.17 \ - crate://crates.io/tracing/0.1.25 \ + crate://crates.io/tracing-serde/0.1.3 \ + crate://crates.io/tracing-subscriber/0.2.25 \ + crate://crates.io/tracing/0.1.31 \ crate://crates.io/try-lock/0.2.3 \ - crate://crates.io/try_from/0.3.2 \ - crate://crates.io/typenum/1.13.0 \ - crate://crates.io/unicase/2.6.0 \ - crate://crates.io/unicode-bidi/0.3.5 \ - crate://crates.io/unicode-normalization/0.1.17 \ - crate://crates.io/unicode-width/0.1.8 \ - crate://crates.io/unicode-xid/0.2.1 \ + crate://crates.io/typenum/1.15.0 \ + crate://crates.io/unicode-bidi/0.3.7 \ + crate://crates.io/unicode-normalization/0.1.19 \ + crate://crates.io/unicode-width/0.1.9 \ + crate://crates.io/unicode-xid/0.2.2 \ crate://crates.io/untrusted/0.7.1 \ - crate://crates.io/unwrap/1.2.1 \ - crate://crates.io/url/1.7.2 \ - crate://crates.io/url/2.2.1 \ + crate://crates.io/url/2.2.2 \ crate://crates.io/urlparse/0.7.3 \ - crate://crates.io/uuid/0.7.4 \ crate://crates.io/uuid/0.8.2 \ - crate://crates.io/vcpkg/0.2.11 \ + crate://crates.io/valuable/0.1.0 \ + crate://crates.io/vcpkg/0.2.15 \ crate://crates.io/vec_map/0.8.2 \ - crate://crates.io/version_check/0.9.3 \ - crate://crates.io/want/0.2.0 \ + crate://crates.io/version_check/0.9.4 \ crate://crates.io/want/0.3.0 \ - crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ - crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \ - crate://crates.io/wasm-bindgen-backend/0.2.73 \ - crate://crates.io/wasm-bindgen-futures/0.4.23 \ - crate://crates.io/wasm-bindgen-macro-support/0.2.73 \ - crate://crates.io/wasm-bindgen-macro/0.2.73 \ - crate://crates.io/wasm-bindgen-shared/0.2.73 \ - crate://crates.io/wasm-bindgen/0.2.73 \ - crate://crates.io/web-sys/0.3.50 \ + crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \ + crate://crates.io/wasm-bindgen-backend/0.2.79 \ + crate://crates.io/wasm-bindgen-futures/0.4.29 \ + crate://crates.io/wasm-bindgen-macro-support/0.2.79 \ + crate://crates.io/wasm-bindgen-macro/0.2.79 \ + crate://crates.io/wasm-bindgen-shared/0.2.79 \ + crate://crates.io/wasm-bindgen/0.2.79 \ + crate://crates.io/web-sys/0.3.56 \ crate://crates.io/webpki/0.21.4 \ - crate://crates.io/winapi-build/0.1.1 \ crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi/0.2.8 \ crate://crates.io/winapi/0.3.9 \ - crate://crates.io/winreg/0.6.2 \ crate://crates.io/winreg/0.7.0 \ - crate://crates.io/ws2_32-sys/0.2.1 \ - crate://crates.io/xml-rs/0.8.3 \ + crate://crates.io/xml-rs/0.8.4 \ " diff --git a/meta-security/recipes-security/krill/krill_0.9.1.bb b/meta-security/recipes-security/krill/krill_0.9.6.bb index 4dc61cfb37..fd86c4bbb4 100644 --- a/meta-security/recipes-security/krill/krill_0.9.1.bb +++ b/meta-security/recipes-security/krill/krill_0.9.6.bb @@ -5,20 +5,21 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9741c346eef56131163e13b9db1241b3" DEPENDS = "openssl" -include krill.inc - # SRC_URI += "crate://crates.io/krill/0.9.1" -SRC_URI += "git://github.com/NLnetLabs/krill.git;protocol=https;nobranch=1;branch=main" -SRCREV = "d6c03b6f0199b1d10d252750a19a92b84576eb30" - +SRC_URI = "git://github.com/NLnetLabs/krill.git;protocol=https;branch=main" +SRCREV = "95e6681d5b4024cac7a1892d47fb76abc68f34fb" SRC_URI += "file://panic_workaround.patch" +include krill.inc + +UPSTREAM_CHECK_URI = "https://github.com/NLnetLabs/${BPN}/releases" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + S = "${WORKDIR}/git" CARGO_SRC_DIR = "" inherit pkgconfig useradd systemd cargo - do_install:append () { install -d ${D}${sysconfdir} install -d ${D}${datadir}/krill @@ -37,3 +38,5 @@ USERADD_PARAM:${PN} = "--system -g ${KRILL_GID} --home-dir \ --shell /sbin/nologin ${BPN}" FILES:${PN} += "{sysconfdir}/defaults ${datadir}" + +COMPATIBLE_HOST = "(i.86|x86_64|aarch64).*-linux" |