From 520786cc6f5e5078825972134b1ec6fd81a6022a Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Sun, 25 Jun 2023 16:20:36 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-arm: 3fcafa3a94..d6fac49541: Abdellatif El Khlifi (1): arm-bsp/u-boot: corstone1000: upgrade NVMXIP support Denys Dmytriyenko (1): optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y Emekcan Aras (8): arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure arm-bsp/u-boot: corstone1000: Enable EFI set/get time services arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test arm-bsp/trusted-services: corstone1000: Fix Capsule Update arm-bsp/trusted-firmware-a: corstone1000: Fix Trusted-Firmware-A version for corstone1000 Jon Mason (3): trusted-firmware-a: update to the latest TF-A LTS arm-bsp/tc1: update to use the latest tf-a arm/scp-firmware: update to v2.12.0 Khem Raj (2): gn: update to latest gn: Fix build with gcc13 Ross Burton (8): arm/trusted-firmware-m: remove -fcanon-prefix-map from DEBUG_PREFIX_MAP arm-bsp/external-system: remove -fcanon-prefix-map from DEBUG_PREFIX_MAP arm-toolchain/external-arm: remove -fcanon-prefix-map from DEBUG_PREFIX_MAP arm/scp-firmware: use concerete toolchain arm-toolchain/gcc-arm-12.2: remove arm/gn: fix build with GCC <13 CI: always put the build logs in an artifact CI: print the name of the documentation when building Sumit Garg (1): external-arm-toolchain: Enforce absolute path check meta-openembedded: def4759e95..2638d458a5: Adrian Zaharia (2): meta-python: Add stopit python3-stopit: add missing run-time dependencies Alex Kiernan (1): ostree: Upgrade 2023.3 -> 2023.4 Bartosz Golaszewski (55): python3-pywbemtools: remove build-time dependencies python3-pywbem: drop unneeded class from RDEPENDS python3-pywbem: don't use PYTHON_PN python3-pywbem: order RDEPENDS alphabetically python3-pywbem: add missing run-time dependencies python3-padatious: add missing run-time dependencies python3-pako: add missing run-time dependencies python3-paramiko: stop using PYTHON_PN python3-paramiko: add missing run-time dependencies python3-path: fix coding style python3-path: add missing run-time dependencies python3-ecdsa: don't install tests python3-et-xmlfile: fix coding style python3-et-xmlfile: add missing run-time dependencies python3-flask-user: fix coding style python3-flask-user: add missing run-time dependencies python3-isort: fix coding style python3-isort: add missing run-time dependencies python3-isodate: stop using PYTHON_PN python3-isodate: add missing run-time dependencies python-idna-ssl: add missing run-time dependencies python3-hpack: add missing run-time dependencies python3-h11: add missing run-time dependencies python3-gsocketpool: drop unneeded DEPENDS python3-gsocketpool: stop using PYTHON_PN python3-gsocketpool: add missing run-time dependencies python3-flask-mail: stop using PYTHON_PN python3-flask-mail: add missing run-time dependencies python3-flask-sijax: stop using PYTHON_PN python3-flask-sijax: add missing run-time dependencies python3-flask-script: remove recipe python3-aioserial: fix coding style python3-aioserial: add missing run-time dependencies python3-aspectlib: add missing run-time dependencies python3-asyncio-throttle: add missing run-time dependencies python3-attrdict3: add missing run-time dependencies python3-betamax: add missing run-time dependencies python3-binwalk: add missing run-time dependencies python3-can: fix coding style python3-can: add missing run-time dependencies python3-click-spinner: add missing run-time dependencies python3-colorlog: add missing run-time dependencies python3-colorzero: add missing run-time dependencies python3-configobj: fix coding style python3-configobj: add missing run-time dependencies python3-configshell-fb: add missing run-time dependencies python3-coverage: fix coding style and RDEPENDS python3-custom-inherit: add missing run-time dependencies python3-dateparser: fix coding style python3-dateparser: add missing run-time dependencies python3-tzlocal: fix coding style python3-tzlocal: add missing run-time dependencies python3-dbus-next: add missing run-time dependencies python3-defusedxml: add missing run-time dependencies python3-setuptools-scm-git-archive: add missing run-time dependencies Beniamin Sandu (5): lmsensors: do not pull in unneeded perl modules for run-time dependencies mdns: remove unneeded headers mbedtls: add support for v3.x rasdaemon: upgrade to 0.8.0 unbound: add option to build with libevent Chen Qi (1): redis: use the files path correctly Denys Dmytriyenko (1): grpc: point to the native protobuf compiler binary Enguerrand de Ribaucourt (4): cukinia: remove trailing whitespaces cukinia: upgrade 0.6.1 -> 0.6.2 cukinia: inherit allarch cukinia: add libgpiod-tools to RRECOMMENDS Etienne Cordonnier (1): uutils-coreutils: upgrade 0.0.18 -> 0.0.19 Joe Slater (2): libgpiod: modify test 'gpioset: toggle (continuous)' python3-sqlparse: fix CVE-2023-30608 Johannes Kauffmann (3): open62541: add multithreading PACKAGECONFIG option open62541: allow disabling subscriptions ntpd: switch service type from forking to simple Khem Raj (16): ply: Demand BFD linker explicitly crucible: Upgrade to 2023.04.12 release schroedinger: Fix building tests fwts: Fix build issues found with lld linker xfce4-sensors-plugin: Use bfd linker instead of lld ostree: Fix build errors found with lld linker spice-gtk: Fix build with lld linker sblim-sfcb: Fix build with lld linker libtracefs: Fix build with clang+musl gosu: Upgrade to 1.16 release layers: Move READMEs to markdown format xdg-desktop-portal-wlr: Fix build with older mesa geary: Fix build with vala >= 0.56.8 libforms: Replace hardcoded dep on mesa with virtual/libgl syzkaller: Upgrade to latest tip of trunk ristretto: Upgrade to 0.13.1 release Markus Volk (1): gnome-software: upgrade 44.1 -> 44.2 Martin Jansa (5): asio: fix malformed Upstream-Status libgpiod: fix malformed Upstream-Status postfix: fix malformed Upstream-Status *.patch: add Upstream-Status to all patches postfix: remove 2nd Upstream-Status Michael Heimpold (1): php: drop explicite ARM_INSTRUCTION_SET Patrick Williams (1): libplist_2.3.0: compile fix for version Peter Kjellerstedt (1): glog: Correct the packaging of /usr/share/glog/cmake/FindUnwind.cmake Peter Marko (1): python3-stopit: fix override syntax Randolph Sapp (1): opengl-es-cts: 3.2.8.0 -> 3.2.9.3 Remi Peuvergne (2): zeromq: consider license exception over LGPL-3.0 zeromq: consider license exception over LGPL-3.0 Sandeep Gundlupet Raju (1): opencv: Revert fix runtime dependencies Soumya (1): opencv: Fix for CVE-2023-2617 Wang Mingyu (57): ctags: upgrade 6.0.20230604.0 -> 6.0.20230611.0 gjs: upgrade 1.76.0 -> 1.76.1 ipcalc: upgrade 1.0.2 -> 1.0.3 libadwaita: upgrade 1.3.2 -> 1.3.3 libjcat: upgrade 0.1.13 -> 0.1.14 libqb: upgrade 2.0.6 -> 2.0.7 mbpoll: upgrade 1.5.0 -> 1.5.2 mpich: upgrade 4.1.1 -> 4.1.2 nautilus: upgrade 44.2 -> 44.2.1 ntp: upgrade 4.2.8p16 -> 4.2.8p17 python3-eth-account: upgrade 0.8.0 -> 0.9.0 python3-eth-hash: upgrade 0.5.1 -> 0.5.2 python3-eth-typing: upgrade 3.3.0 -> 3.4.0 python3-eth-utils: upgrade 2.1.0 -> 2.1.1 python3-platformdirs: upgrade 3.5.1 -> 3.5.3 pcsc-lite: upgrade 1.9.9 -> 2.0.0 php: upgrade 8.2.6 -> 8.2.7 python3-argcomplete: upgrade 3.0.8 -> 3.1.0 python3-autobahn: upgrade 23.1.2 -> 23.6.1 python3-cassandra-driver: upgrade 3.27.0 -> 3.28.0 python3-cmake: upgrade 3.26.3 -> 3.26.4 python3-django: upgrade 4.2.1 -> 4.2.2 python3-hexbytes: upgrade 0.3.0 -> 0.3.1 python3-imageio: upgrade 2.30.0 -> 2.31.0 python3-pykickstart: upgrade 3.47 -> 3.48 python3-pymisp: upgrade 2.4.171 -> 2.4.172 python3-pymodbus: upgrade 3.3.0 -> 3.3.1 python3-sentry-sdk: upgrade 1.25.0 -> 1.25.1 python3-websocket-client: upgrade 1.5.2 -> 1.5.3 python3-zeroconf: upgrade 0.63.0 -> 0.64.1 remmina: upgrade 1.4.30 -> 1.4.31 tio: upgrade 2.5 -> 2.6 libtracefs: upgrade 1.6.4 -> 1.7.0 adw-gtk3: upgrade 4.7 -> 4.8 evince: upgrade 44.1 -> 44.2 gensio: upgrade 2.6.5 -> 2.6.6 redis-plus-plus: upgrade 1.3.8 -> 1.3.9 python3-click-repl: upgrade 0.2.0 -> 0.3.0 python3-platformdirs: upgrade 3.5.3 -> 3.6.0 python3-pytest-mock: upgrade 3.10.0 -> 3.11.1 python3-croniter: upgrade 1.3.15 -> 1.4.1 python3-elementpath: upgrade 4.1.2 -> 4.1.3 python3-google-api-core: upgrade 2.11.0 -> 2.11.1 python3-google-api-python-client: upgrade 2.88.0 -> 2.89.0 python3-googleapis-common-protos: upgrade 1.59.0 -> 1.59.1 python3-google-auth: upgrade 2.19.1 -> 2.20.0 python3-imageio: upgrade 2.31.0 -> 2.31.1 python3-protobuf: upgrade 4.23.2 -> 4.23.3 python3-pyproj: upgrade 3.5.0 -> 3.6.0 python3-rich: upgrade 13.4.1 -> 13.4.2 python3-robotframework: upgrade 6.0.2 -> 6.1 python3-ujson: upgrade 5.7.0 -> 5.8.0 python3-xmlschema: upgrade 2.3.0 -> 2.3.1 python3-xmodem: upgrade 0.4.6 -> 0.4.7 python3-zeroconf: upgrade 0.64.1 -> 0.68.0 strongswan: upgrade 5.9.10 -> 5.9.11 rdfind: upgrade 1.5.0 -> 1.6.0 Xiangyu Chen (1): meta-oe: add pahole to NON_MULTILIB_RECIPES Zoltán Böszörményi (3): mpich: Upgrade to 4.1.1 python3-meson-python: New recipe python_mesonpy: New class poky: 00f3d58064..13b646c0e1: Adrian Freihofer (9): runqemu-ifup: remove uid parameter runqemu-ifup: configurable tap names runqemu-ifup: fix tap index runqemu-ifup: remove only our taps runqemu-gen-tapdevs: remove staging dir parameter runqemu-gen-tapdevs: remove uid parameter runqemu-gen-tapdevs: configurable tap names runqemu-gen-tapdevs: remove only our taps runqemu: configurable tap names Alberto Planas (2): bitbake.conf: add unzstd in HOSTTOOLS rpm2cpio.sh: update to the last 4.x version Alejandro Hernandez Samaniego (2): baremetal-helloworld: Update SRCREV to fix entry addresses for ARM architectures runqemu: Stop passing bindir to the runqemu-ifup call Alex Kiernan (1): eudev: Upgrade 3.2.11 -> 3.2.12 Alexander Kanavin (60): scripts/runqemu: split lock dir creation into a reusable function scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes apmd: remove recipe and apm MACHINE_FEATURE qemu: a pending patch was submitted and accepted upstream maintainers.inc: unassign Adrian Bunk from wireless-regdb maintainers.inc: unassign Alistair Francis from opensbi maintainers.inc: unassign Chase Qi from libc-test maintainers.inc: unassign Oleksandr Kravchuk from python3 and all other items maintainers.inc: unassign Ricardo Neri from ovmf grub: submit determinism.patch upstream apr: upgrade 1.7.3 -> 1.7.4 at-spi2-core: upgrade 2.48.0 -> 2.48.3 btrfs-tools: upgrade 6.3 -> 6.3.1 attr: package /etc/xattr.conf with the library that consumes it glib-2.0: backport a patch to address ptest fails caused by coreutils 9.2+ diffoscope: upgrade 236 -> 242 dnf: upgrade 4.14.0 -> 4.16.1 ethtool: upgrade 6.2 -> 6.3 gawk: upgrade 5.2.1 -> 5.2.2 strace: upgrade 6.2 -> 6.3 coreutils: upgrade 9.1 -> 9.3 gnupg: upgrade 2.4.0 -> 2.4.2 gobject-introspection: upgrade 1.74.0 -> 1.76.1 kmscube: upgrade to latest revision libmodulemd: upgrade 2.14.0 -> 2.15.0 libuv: license file was split in two in the 1.45.0 version update libx11: upgrade 1.8.4 -> 1.8.5 libxslt: upgrade 1.1.37 -> 1.1.38 linux-firmware: upgrade 20230404 -> 20230515 ltp: upgrade 20230127 -> 20230516 mesa: upgrade 23.0.3 -> 23.1.1 meson: upgrade 1.1.0 -> 1.1.1 mmc-utils: upgrade to latest revision nettle: upgrade 3.8.1 -> 3.9 nghttp2: upgrade 1.52.0 -> 1.53.0 parted: upgrade 3.5 -> 3.6 puzzles: upgrade to latest revision python3: upgrade 3.11.2 -> 3.11.3 python3-certifi: upgrade 2022.12.7 -> 2023.5.7 python3-docutils: upgrade 0.19 -> 0.20.1 python3-flit-core: upgrade 3.8.0 -> 3.9.0 python3-importlib-metadata: upgrade 6.2.0 -> 6.6.0 python3-pyasn1: upgrade 0.4.8 -> 0.5.0 python3-pyopenssl: upgrade 23.1.1 -> 23.2.0 python3-sphinx: remove BSD-3-Clause from LICENSE serf: upgrade 1.3.9 -> 1.3.10 shaderc: upgrade 2023.2 -> 2023.4 squashfs-tools: upgrade 4.5.1 -> 4.6.1 vala: upgrade 0.56.6 -> 0.56.8 vulkan: upgrade 1.3.243.0 -> 1.3.250.0 wget: upgrade 1.21.3 -> 1.21.4 wireless-regdb: upgrade 2023.02.13 -> 2023.05.03 xf86-input-libinput: upgrade 1.2.1 -> 1.3.0 xf86-input-mouse: upgrade 1.9.4 -> 1.9.5 zstd: upgrade 1.5.4 -> 1.5.5 gdb: upgrade 13.1 -> 13.2 libxcrypt: upgrade 4.4.33 -> 4.4.34 zstd: fix a reproducibility issue in 1.5.5 sysfsutils: fetch a supported fork from github sysfsutils: update 2.1.0 -> 2.1.1 Alexandre Belloni (1): base-passwd: fix patchreview warning Alexis Lothoré (3): oeqa/core/runner: add helper to know about expected failures oeqa/target/ssh: update options for SCP testimage: implement test artifacts retriever for failing tests Anuj Mittal (1): glib-2.0: upgrade 2.76.2 -> 2.76.3 BELOUARGA Mohamed (1): meta: lib: oe: npm_registry: Add more safe caracters Bruce Ashfield (4): linux-yocto/6.1: update to v6.1.33 linux-yocto/6.1: fix intermittent x86 boot hangs linux-yocto/6.1: update to v6.1.34 linux-yocto/6.1: update to v6.1.35 Charlie Wu (1): devtool: Fix the wrong variable in srcuri_entry Chen Qi (7): sdk.py: error out when moving file fails sdk.py: fix moving dnf contents rpm: write macros under libdir zip: fix configure check by using _Static_assert zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS unzip: fix configure check for cross compilation unzip: remove hardcoded LARGE_FILE_SUPPORT Denys Dmytriyenko (1): binutils: move packaging of gprofng static lib into common .inc Ed Beroset (1): Add clarification for SRCREV Fabien Mahot (2): useradd-example: package typo correction oeqa/selftest/bbtests: add non-existent prefile/postfile tests Hannu Lounento (1): profile-manual: fix blktrace remote usage instructions Ian Ray (1): systemd-systemctl: support instance expansion in WantedBy Jermain Horsman (1): logrotate: Do not create logrotate.status file Jose Quaresma (1): selftest/reproducible: Allow chose the package manager Jörg Sommer (2): runqemu-gen-tapdevs: Refactoring runqemu-ifupdown/get-tapdevs: Add support for ip tuntap Khem Raj (12): llvm: Upgrade to 16.0.5 glibc: Pass linker choice via compiler flags libgcc: Always use BFD linker efivar: Upgrade to tip of trunk babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature parted: Add missing libuuid to linker cmdline for libparted-fs-resize.so kernel: Add kernel specific STRIP variable libxml2: Do not use lld linker when building with tests on rv64 llvm: Bump to 16.0.6 go-helloworld: Upgrade to tip of trunk rpcsvc-proto: Upgrade to 1.4.4 python3-bcrypt: Use BFD linker when building tests Louis Rannou (3): rootfs-postcommands: change sysusers.d command systemd: replace the sysusers.d basic configuration base-passwd: add the wheel group Luca Ceresoli (1): ref-manual: classes: devicetree: fix sentence saying the same thing twice Markus Volk (2): gtk4: upgrade 4.10.3 -> 4.10.4 gstreamer1.0-plugins-bad: use oneVPL instead of intel-mediasdk for msdk Martin Jansa (1): libstd-rs, rust: use bfd linker instead of gold Michael Opdenacker (5): psplash: replace Yocto .h by .png splashscreen migration-guides: release-notes-4.3: update documentation notes bitbake: bitbake-user-manual: explicit variables taking a colon separated list bitbake: bitbake-user-manual: revert change about PREFERRED_PROVIDERS ref-manual: variables.rst: explicit variables accepting colon separated lists Mikko Rapeli (4): useradd-staticids.bbclass: improve error message selftest reproducible.py: support different build targets variables.rst: document OEQA_REPRODUCIBLE_TEST_TARGET and OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS reproducible-builds.rst: document OEQA_REPRODUCIBLE_TEST_TARGET and OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS Ming Liu (2): weston-init: introduce xwayland PACKAGECONFIG meta: introduce KCONFIG_CONFIG_ENABLE_MENUCONFIG Mingli Yu (2): qemu: Split the qemu package u-boot-tools: Use PATH_MAX for path length Petr Gotthard (1): lighttpd: upgrade 1.4.69 -> 1.4.71 Quentin Schulz (5): bitbake: docs: bitbake-user-manual: bitbake-user-manual-hello: add links and highlights for variables docs: bsp-guide: bsp: fix typo docs: ref-manual: terms: fix typos in SPDX term docs: fix unnecessary double white space docs: ref-manual: terms: fix incorrect note directive Randolph Sapp (6): weston-init: make sure the render group exists weston-init: add weston user to the render group weston-init: add the weston user to the wayland group weston-init: fix the mixed indentation weston-init: guard against systemd configs weston-init: add profile to point users to global socket Remi Peuvergne (1): common-licenses: Add LGPL-3.0-with-zeromq-exception Richard Purdie (18): runqemu/qemu-helper: Drop tunctl runqemu-if*: Rename confusing variable name oeqa/selftest/oescripts: Fix qemu-helper selftest oeqa/logparser: Fix ptest No-section exception strace: Disable failing test strace: Merge two similar patches testimage: Only note missing target directories, don't warn ptest-runner: Pull in sync fix to improve log warnings scripts/runqemu-ifup: Fix extra parameter issue scripts/runqemu-ifup: Fix 10 or more tap devices bitbake: runqueue: Fix handling of virtual files in layername calculation ptest-runner: Ensure data writes don't race bitbake.conf: Add layer- override support insane: Improve patch-status layer filtering genericx86: Drop gma500-gfx-check bitbake: doc: Document FILE_LAYERNAME migration-guides: add notes on FILE_LAYERNAME migration-guides: add notes on systemd/usrmerge changes Ross Burton (15): nettle: rewrite ptest integration nettle: inherit lib_package cve-extra-exclusions: add more ignores for 2023 kernel CVEs cve-extra-exclusions: remove 2019 blanket ignores poky-altconfig: enable usrmerge DISTRO_FEATURE gi-docgen: correct comment gobject-introspection: remove obsolete DEPENDS coreutils: fix build when the host has fr_FR. cve-extra-exclusions: call out an Ubuntu-specific issue explicitly cve-extra-exclusions: CVE-2023-3141 was backported in Linux 6.1.30 erofs-utils: backport fixes for CVE-2023-33551 and CVE-2023-33552 ghostscript: mostly rewrite recipe python3-dbusmock: only recommend python3-pygobject sysfsutils: don't install to base_libdir base: improve LICENSE_FLAGS_DETAILS output Sakib Sajal (1): go: Upgrade 1.20.4 -> 1.20.5 Soumya (1): perl: fix CVE-2023-31484 Stefano Babic (2): libubootenv: upgrade 0.3.3 -> 0.3.4 mtd-utils: export headers and libraries for MTD and UBI Sudip Mukherjee (2): dpkg: upgrade to v1.21.22 cmake: upgrade to v3.26.4 Tan Wen Yan (1): linux-yocto/6.1: update genericx86* machines to v6.1.30 Tom Hochstein (1): weston: Cleanup and fix x11 and xwayland dependencies Trevor Gamblin (2): runqemu-gen-tapdevs: fix missing variable quote glib-networking: use correct error code in ptest Vincent Davis Jr (4): spirv-tools: fix INTERFACE_LINK_LIBRARIES cmake prop vulkan-validation-layers: add new recipe v1.3.243.0 spirv-tools: Use baselib instead of base_libdir vulkan-validation-layers: cleanup recipe Xiangyu Chen (1): dbus: upgrade 1.14.6 -> 1.14.8 nikhil (1): libwebp: Fix CVE-2023-1999 schitrod=cisco.com@lists.openembedded.org (1): cups: Fix CVE-2023-32324 meta-security: 180dac9aec..405cca4028: Ahmed Abdelfattah (1): swtpm: fix parser error when using USERADDEXTENSION="useradd-staticids" Armin Kuster (25): scap-security-guide: update to 0.1.67 scap-security-guide: update to tip scap-security-guide_git: drop oe version openscap-daemon: This is now obsolete oe-scap: Not maintained nor upstreamed openscap: Fix native build missing depends openscap: Drop OE specific recipe lynis: move to main meta-security layer openscap: move to main meta-security layer meta-security-compliance: remove layer openscap: add support for OpenEmbedded nodistro and Poky scap-security-guide: add OE support packagegroup-core-security: add compliance pkg group kas: ci changes do to meta-security-compliance being removed meta-security-isafw: drop layer isafw project archived openscap: Update to tip to get OE/Poky support scap-security-guide: bump the number of test that pass clamav: drop unused patch isic: fine tune Upstream-Status scap-security-guide: Add Poky arpwatch: Fix typo in COMPATIBLE_HOST:libc-musl = "null" scap-security-guide: add Upstream-Status scap-security-guide: Does not build for musl openscap: update to 1.3.8 packagegroup-core-security: add os-release Chen Qi (1): complicance/isafw: remove oeqa addpylib Kevin Hao (1): dmverity: Suppress the realpath errors Martin Jansa (5): *.patch: add Upstream-Status to all patches meta-tpm: *.patch: fix malformed Upstream-Status lines dynamic-layers: *.patch: fix malformed and missing Upstream-Status lines *.patch: fix malformed Upstream-Status and SOB lines .patch: remove probably unused patches Paul Gortmaker (7): dm-verity: add descriptive strings for "wic list images" dm-verity: restructure the veritysetup arg parsing dm-verity: save veritysetup args beside runtime environment dm-verity: add support for hash storage on separate partition dm-verity: add wks.in fragment with dynamic build hash data dm-verity: hook separate hash into initramfs framework dm-verity: add sample systemd separate hash example and doc Samantha Jalabert (1): buck-security: fix missing dependencies to perl modules meta-raspberrypi: 8e07f0d328..dff85b9a9f: Khem Raj (1): linux-raspberrypi-6.1: Update to 6.1.34 release Martin Jansa (1): *.patch: add Upstream-Status to all patches Signed-off-by: Patrick Williams Change-Id: If34dfa008a81d778c7bc02627388238f5125d85c --- .../lib/isafw/isaplugins/ISA_fsa_plugin.py | 185 --------------------- 1 file changed, 185 deletions(-) delete mode 100644 meta-security/meta-security-isafw/lib/isafw/isaplugins/ISA_fsa_plugin.py (limited to 'meta-security/meta-security-isafw/lib/isafw/isaplugins/ISA_fsa_plugin.py') diff --git a/meta-security/meta-security-isafw/lib/isafw/isaplugins/ISA_fsa_plugin.py b/meta-security/meta-security-isafw/lib/isafw/isaplugins/ISA_fsa_plugin.py deleted file mode 100644 index 090975665f..0000000000 --- a/meta-security/meta-security-isafw/lib/isafw/isaplugins/ISA_fsa_plugin.py +++ /dev/null @@ -1,185 +0,0 @@ -# -# ISA_fsa_plugin.py - Filesystem analyser plugin, part of ISA FW -# -# Copyright (c) 2015 - 2016, Intel Corporation -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of Intel Corporation nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -import os -from stat import * -try: - from lxml import etree -except ImportError: - try: - import xml.etree.cElementTree as etree - except ImportError: - import xml.etree.ElementTree as etree - - -FSAnalyzer = None - - -class ISA_FSChecker(): - initialized = False - - def __init__(self, ISA_config): - self.logfile = ISA_config.logdir + "/isafw_fsalog" - self.full_report_name = ISA_config.reportdir + "/fsa_full_report_" + \ - ISA_config.machine + "_" + ISA_config.timestamp - self.problems_report_name = ISA_config.reportdir + \ - "/fsa_problems_report_" + ISA_config.machine + "_" + ISA_config.timestamp - self.full_reports = ISA_config.full_reports - self.initialized = True - self.setuid_files = [] - self.setgid_files = [] - self.ww_files = [] - self.no_sticky_bit_ww_dirs = [] - with open(self.logfile, 'w') as flog: - flog.write("\nPlugin ISA_FSChecker initialized!\n") - - def process_filesystem(self, ISA_filesystem): - if (self.initialized): - if (ISA_filesystem.img_name and ISA_filesystem.path_to_fs): - with open(self.logfile, 'a') as flog: - flog.write("Analyzing filesystem at: " + ISA_filesystem.path_to_fs + - " for the image: " + ISA_filesystem.img_name + "\n") - self.files = self.find_fsobjects(ISA_filesystem.path_to_fs) - with open(self.logfile, 'a') as flog: - flog.write("\nFilelist is: " + str(self.files)) - if self.full_reports: - with open(self.full_report_name + "_" + ISA_filesystem.img_name, 'w') as ffull_report: - ffull_report.write( - "Report for image: " + ISA_filesystem.img_name + '\n') - ffull_report.write( - "With rootfs location at " + ISA_filesystem.path_to_fs + "\n\n") - for f in self.files: - st = os.lstat(f) - i = f.replace(ISA_filesystem.path_to_fs, "") - if self.full_reports: - with open(self.full_report_name + "_" + ISA_filesystem.img_name, 'a') as ffull_report: - ffull_report.write("File: " + i + ' mode: ' + str(oct(st.st_mode)) + - " uid: " + str(st.st_uid) + " gid: " + str(st.st_gid) + '\n') - if ((st.st_mode & S_ISUID) == S_ISUID): - self.setuid_files.append(i) - if ((st.st_mode & S_ISGID) == S_ISGID): - self.setgid_files.append(i) - if ((st.st_mode & S_IWOTH) == S_IWOTH): - if (((st.st_mode & S_IFDIR) == S_IFDIR) and ((st.st_mode & S_ISVTX) != S_ISVTX)): - self.no_sticky_bit_ww_dirs.append(i) - if (((st.st_mode & S_IFREG) == S_IFREG) and ((st.st_mode & S_IFLNK) != S_IFLNK)): - self.ww_files.append(i) - self.write_problems_report(ISA_filesystem) - self.write_problems_report_xml(ISA_filesystem) - else: - with open(self.logfile, 'a') as flog: - flog.write( - "Mandatory arguments such as image name and path to the filesystem are not provided!\n") - flog.write("Not performing the call.\n") - else: - with open(self.logfile, 'a') as flog: - flog.write( - "Plugin hasn't initialized! Not performing the call.\n") - - def write_problems_report(self, ISA_filesystem): - with open(self.problems_report_name + "_" + ISA_filesystem.img_name, 'w') as fproblems_report: - fproblems_report.write( - "Report for image: " + ISA_filesystem.img_name + '\n') - fproblems_report.write( - "With rootfs location at " + ISA_filesystem.path_to_fs + "\n\n") - fproblems_report.write("Files with SETUID bit set:\n") - for item in self.setuid_files: - fproblems_report.write(item + '\n') - fproblems_report.write("\n\nFiles with SETGID bit set:\n") - for item in self.setgid_files: - fproblems_report.write(item + '\n') - fproblems_report.write("\n\nWorld-writable files:\n") - for item in self.ww_files: - fproblems_report.write(item + '\n') - fproblems_report.write( - "\n\nWorld-writable dirs with no sticky bit:\n") - for item in self.no_sticky_bit_ww_dirs: - fproblems_report.write(item + '\n') - - def write_problems_report_xml(self, ISA_filesystem): - num_tests = len(self.setuid_files) + len(self.setgid_files) + \ - len(self.ww_files) + len(self.no_sticky_bit_ww_dirs) - root = etree.Element( - 'testsuite', name='FSA_Plugin', tests=str(num_tests)) - if self.setuid_files: - for item in self.setuid_files: - tcase1 = etree.SubElement( - root, 'testcase', classname='Files_with_SETUID_bit_set', name=item) - etree.SubElement( - tcase1, 'failure', message=item, type='violation') - if self.setgid_files: - for item in self.setgid_files: - tcase2 = etree.SubElement( - root, 'testacase', classname='Files_with_SETGID_bit_set', name=item) - etree.SubElement( - tcase2, 'failure', message=item, type='violation') - if self.ww_files: - for item in self.ww_files: - tcase3 = etree.SubElement( - root, 'testase', classname='World-writable_files', name=item) - etree.SubElement( - tcase3, 'failure', message=item, type='violation') - if self.no_sticky_bit_ww_dirs: - for item in self.no_sticky_bit_ww_dirs: - tcase4 = etree.SubElement( - root, 'testcase', classname='World-writable_dirs_with_no_sticky_bit', name=item) - etree.SubElement( - tcase4, 'failure', message=item, type='violation') - tree = etree.ElementTree(root) - output = self.problems_report_name + "_" + ISA_filesystem.img_name + '.xml' - try: - tree.write(output, encoding='UTF-8', - pretty_print=True, xml_declaration=True) - except TypeError: - tree.write(output, encoding='UTF-8', xml_declaration=True) - - def find_fsobjects(self, init_path): - list_of_files = [] - for (dirpath, dirnames, filenames) in os.walk(init_path): - if (dirpath != init_path): - list_of_files.append(str(dirpath)[:]) - for f in filenames: - list_of_files.append(str(dirpath + "/" + f)[:]) - return list_of_files - -# ======== supported callbacks from ISA ============= # - - -def init(ISA_config): - global FSAnalyzer - FSAnalyzer = ISA_FSChecker(ISA_config) - - -def getPluginName(): - return "ISA_FSChecker" - - -def process_filesystem(ISA_filesystem): - global FSAnalyzer - return FSAnalyzer.process_filesystem(ISA_filesystem) - -# ==================================================== # -- cgit v1.2.3