From d583833a9a54248703bfc1ec48e2c98515f06899 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 27 May 2022 11:33:10 -0500 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-security: 93f2146211..7628a3e90b: Anton Antonov (3): Parsec-service: Update installation procedure Parsec-service: Fix arm32 build meta-parsec: Update Parsec runtime tests Armin Kuster (20): fscrypt: add distro_check on pam meta-security: move perl and python recipes to dynamic layers structure packagegroup-core-security: remove pkgs packagegroup-core-security: add perl pkgs grps packagegroup-core-security: add dynamic python pkgs arpwatch: add postfix to pkg config suricata: drop nfnetlink from pkg config packagegroup-core-security.bb: fix suricata inclusion layer.conf: fix up layer dependancies. ima-evm-utils: Update to 1.4 aide: Update 01.17.4 ossec-hids: update to 3.7.0 suricata: update to 5.0.5 samhain: update to 4.4.9 tpm2-pkcs11: tpm2-pkcs11 module missing tpm2-tools: Add missing rdepends oeqa/cases/tpm2: fix and enhance test suite meta-parsec: Add pkg grps meta-parsec: add build image. oeqa: add parsec runtime tests Jeremy A. Puhlman (2): aide: Add depend on audit when audit is enabled. lib-perl: prefix man pages to avoid conflicting with base perl Josh Harley (1): Add EROFS support to dm-verity-img class Lei Maohui (1): layer.conf: Added BBFILES_DYNAMIC for dynamic-layers. meta-openembedded: 77c2fda04e..a9e6d16e66: Alejandro Enedino Hernandez Samaniego (1): cryptsetup: Add luks2 configure options defaults Alex Kiernan (2): ulogd2: Add recipe libcoap: Add recipe Armin Kuster (13): meta-python-image: Fix build depends crda: move to a dynamic-layer for python cyrus-sasl: move from meta-networking to meta-oe netplan: move from meta-networking to meta-oe nvmetcli: move recipe to meta-oe packagegroup-meta-oe: update pkg group python3-ldap: move to meta-python packagegroup-meta-python.bb: update pkg group firewalld: move to dynamic meta-python layer packagegroup-meta-networking: update pkg group meta-networking: drop meta-python layer depends meta-gnome: fix layer depends. layer.conf: Post release codename changes Bartosz Golaszewski (19): python3-pyfanotify: new package python3-toolz: new package python3-cytoolz: new package python3-decouple: new package python3-eth-hash: new package python3-eth-typing: new package python3-eth-utils: new package python3-eth-keys: new package python3-eth-keyfile: new package python3-hexbytes: new package python3-rlp: new package python3-eth-rlp: new package python3-parsimonious: new package python3-eth-abi: new package python3-eth-account: new package python3-lru-dict: new package python3-web3: new package python3-inotify: new package speedtest-cli: drop the recipe Changqing Li (1): zabbix: upgrade 5.2.6 -> 6.0.4 Chase Qi (1): kernel-selftest: install kselftest runner Claudius Heine (1): btrfsmaintenance: add recipe for btrfsmaintenance scripts Denys Dmytriyenko (2): devmem2: reinstate previous patches, removed by mistake devmem2: add support for different page sizes Diego Sueiro (1): bats: upgrade 1.6.0 -> 1.6.1 Gianfranco (3): sdbus-c++-libsystemd: Bump SRCREV to last commit of 250-stable branch sdbus-c++: Bump version from 1.00 to 1.1.0 libmtp: Add doxygen-native dependency in case documentation build is enabled in PACKAGECONFIG. This fixes a FTBFS due to missing dependency. Gianfranco Costamagna (1): vboxguestdrivers: upgrade 6.1.32 -> 6.1.34 Jiaqing Zhao (2): openldap: Remove libgcrypt dependency openldap: Upgrade 2.5.9 -> 2.5.12 Joerg Vehlow (1): jq: Fix typo OE_EXTRACONF -> EXTRA_OECONF Julien STEPHAN (1): libcamera: fix packaging Kai Kang (3): conntrack-tools: fix postinst script wxwidgets: enable to use private fonts python3-wxgtk4: backport patch to fix svg issue Khem Raj (12): ufw: Fix packaging errors found with ppc64 libcereal: Enable for glibc/ppc mimic: Use special rateconv.c license makedumpfile: Use right TARGET for ppc32 evince: Add dbus to depnedencies on non-x11 builds evolution-data-server: Do not pass --library-path to gir compiler python3-wxgtk4: Needs x11 for sip module zfs: Fix build on musl systems zfs: Disable on riscv32 zfs: Disable on mips zfs: Make systemd and sysvinit into packageconfigs sdbus-c++: Link with libatomic on mips/ppc32 Markus Volk (1): minidlna: fix obsolete license warning Martin Jansa (1): ostree: prevent ostree-native depending on target virtual/kernel to provide kernel-module-overlay Michael Opdenacker (1): devmem2: update SRC_URI according to redirect Mingli Yu (1): s-nail: Set VAL_MTA Nicolas Dechesne (1): imlib2: update SRC_URI Peter Kjellerstedt (1): libwebsockets: Avoid absolute paths in *.cmake files in the sysroot Portia (1): cpulimit: introduce support for this package Randy MacLeod (1): intel-speed-select: Add libnl dependency and extend CFLAGS Richard Neill (1): bats: Add patch to fix false-negatives caused by teardown code Ross Burton (1): Revert "python3-cbor2: upgrade 5.4.2 -> 5.4.3" Samuli Piippo (1): python3-qface: upgrade 2.0.7 -> 2.0.8 Teresa Remmet (1): meta-networking: Add meta-python to BBFILES_DYNAMIC Vyacheslav Yurkov (1): polkit: add udisks2 rule Windel Bouwman (1): Add zfs recipe Xu Huan (17): python3-astroid: upgrade 2.11.2 -> 2.11.3 python3-bitstruct: upgrade 8.14.0 -> 8.14.1 python3-cachecontrol: upgrade 0.12.10 -> 0.12.11 python3-engineio: upgrade 4.3.1 -> 4.3.2 python3-flask-socketio: upgrade 5.1.1 -> 5.1.2 python3-google-api-python-client: upgrade 2.43.0 -> 2.45.0 python3-graphviz: upgrade 0.19.2 -> 0.20 python3-cbor2: upgrade 5.4.2 -> 5.4.3 python3-click: upgrade 8.1.2 -> 8.1.3 python3-flask-login: upgrade 0.6.0 -> 0.6.1 python3-flask: upgrade 2.1.1 -> 2.1.2 python3-google-api-core: upgrade 2.7.1 -> 2.7.3 python3-google-auth: upgrade 2.6.3 -> 2.6.6 python3-mypy: upgrade 0.942 -> 0.950 python3-pyalsaaudio: upgrade 0.9.0 -> 0.9.2 python3-grpcio-tools: upgrade 1.45.0 -> 1.46.0 python3-pychromecast: upgrade 11.0.0 -> 12.1.1 Yi Zhao (1): networkmanager: fix parallel build failure wangmy (41): python3-sentry-sdk: upgrade 1.5.8 -> 1.5.10 python3-socketio: upgrade 5.5.2 -> 5.6.0 python3-textparser: upgrade 0.23.0 -> 0.24.0 python3-twisted: upgrade 22.2.0 -> 22.4.0 python3-websockets: upgrade 10.2 -> 10.3 fuse3: upgrade 3.10.5 -> 3.11.0 zenity: upgrade 3.42.0 -> 3.42.1 babeld: upgrade 1.11 -> 1.12 cifs-utils: upgrade 6.14 -> 6.15 nbdkit: upgrade 1.31.1 -> 1.31.2 stunnel: upgrade 5.63 -> 5.64 tgt: upgrade 1.0.79 -> 1.0.82 wolfssl: upgrade 5.2.0 -> 5.3.0 ctags: upgrade 5.9.20220417.0 -> 5.9.20220501.0 freerdp: upgrade 2.6.1 -> 2.7.0 fwupd-efi: upgrade 1.2 -> 1.3 htop: upgrade 3.1.2 -> 3.2.0 hwdata: upgrade 0.358 -> 0.359 icewm: upgrade 2.9.6 -> 2.9.7 iwd: upgrade 1.26 -> 1.27 jemalloc: upgrade 5.2.1 -> 5.3.0 libmbim: upgrade 1.26.2 -> 1.26.4 libyang: upgrade 2.0.164 -> 2.0.194 nano: upgrade 6.2 -> 6.3 phoronix-test-suite: upgrade 10.8.2 -> 10.8.3 php: upgrade 8.1.4 -> 8.1.5 pkcs11-helper: upgrade 1.28.0 -> 1.29.0 poppler: upgrade 22.04.0 -> 22.05.0 toybox: upgrade 0.8.6 -> 0.8.7 unixodbc: upgrade 2.3.9 -> 2.3.11 xmlsec1: upgrade 1.2.33 -> 1.2.34 gtk4: upgrade 4.6.3 -> 4.6.4 nbdkit: upgrade 1.31.2 -> 1.31.5 ctags: upgrade 5.9.20220501.0 -> 5.9.20220508.0 openjpeg: upgrade 2.4.0 -> 2.5.0 php: upgrade 8.1.5 -> 8.1.6 postgresql: upgrade 14.2 -> 14.3 phpmyadmin: upgrade 5.1.3 -> 5.2.0 python3-aiohue: upgrade 3.0.11 -> 4.4.1 python3-awesomeversion : add recipe python3-traitlets: upgrade 5.1.1 -> 5.2.0 zhengrq.fnst (12): glibmm-2.68: upgrade 2.70.0 -> 2.72.1 gnome-text-editor: upgrade 42.0 -> 42.1 apitrace: upgrade 10.0 -> 11.0 libconfig-general-perl: upgrade 2.63 -> 2.65 gpsd: upgrade 3.23.1 -> 3.24 mbw: upgrade 1.4 -> 1.5 gtk4: upgrade 4.6.2 -> 4.6.3 python3-antlr4-runtime: upgrade 4.9.2 -> 4.10 python3-booleanpy: upgrade 3.8 -> 4.0 python3-pika: upgrade 1.2.0 -> 1.2.1 python3-autobahn: upgrade 22.3.2 -> 22.4.2 python3-bitarray: upgrade 2.4.1 -> 2.5.0 zhengruoqin (7): python3-imageio: upgrade 2.17.0 -> 2.18.0 python3-langtable: upgrade 0.0.57 -> 0.0.58 python3-paramiko: upgrade 2.10.3 -> 2.10.4 python3-protobuf: upgrade 3.20.0 -> 3.20.1 python3-pylint: upgrade 2.13.5 -> 2.13.7 python3-pymongo: upgrade 4.1.0 -> 4.1.1 python3-regex: upgrade 2022.3.15 -> 2022.4.24 poky: 9e55696042..13d70e57f8: Alex Kiernan (7): eudev: Upgrade 3.2.10 -> 3.2.11 eudev: Add PACKAGECONFIG for manpages & selinux pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE openssh: Add openssh-sftp-server to openssh RDEPENDS eudev: Convert dependencies to PACKAGECONFIG eudev: Cleanup redundant configuration eudev: Use PACKAGE_BEFORE_PN/${PN}, clean up spaces Alexander Kanavin (106): systemd: upgrade 250.4 -> 250.5 python3-cryptography: upgrade 36.0.2 -> 37.0.1 util-linux: upgrade 2.37.4 -> 2.38 vulkan: upgrade 1.3.204.1 -> 1.3.211.0 libnl: upgrade 3.5.0 -> 3.6.0 libsdl2: upgrade 2.0.20 -> 2.0.22 mesa: upgrade 22.0.0 -> 22.0.2 python3-babel: upgrade 2.9.1 -> 2.10.1 python3-mako: upgrade 1.1.6 -> 1.2.0 python3-pygments: upgrade 2.11.2 -> 2.12.0 at-spi2-core: upgrade 2.44.0 -> 2.44.1 bind: upgrade 9.18.1 -> 9.18.2 cronie: upgrade 1.6.0 -> 1.6.1 diffoscope: upgrade 208 -> 211 dnf: upgrade 4.11.1 -> 4.12.0 ell: upgrade 0.49 -> 0.50 epiphany: upgrade 42.0 -> 42.2 ffmpeg: upgrade 5.0 -> 5.0.1 fribidi: upgrade 1.0.11 -> 1.0.12 harfbuzz: upgrade 4.2.0 -> 4.2.1 libinput: upgrade 1.19.3 -> 1.19.4 libmnl: upgrade 1.0.4 -> 1.0.5 libnotify: upgrade 0.7.9 -> 0.7.11 libpipeline: upgrade 1.5.5 -> 1.5.6 libseccomp: upgrade 2.5.3 -> 2.5.4 libx11: upgrade 1.7.5 -> 1.8 lttng-tools: upgrade 2.13.4 -> 2.13.7 mmc-utils: upgrade to latest revision neard: upgrade 0.16 -> 0.18 pango: upgrade 1.50.6 -> 1.50.7 parted: upgrade 3.4 -> 3.5 piglit: upgrade to latest revision python3-cryptography-vectors: upgrade 36.0.2 -> 37.0.1 python3-dtschema: upgrade 2022.1 -> 2022.4 python3-hypothesis: upgrade 6.44.0 -> 6.46.0 python3-jinja2: upgrade 3.1.1 -> 3.1.2 python3-pygobject: upgrade 3.42.0 -> 3.42.1 python3-pytest: upgrade 7.1.1 -> 7.1.2 repo: upgrade 2.23 -> 2.24.1 sqlite3: upgrade 3.38.2 -> 3.38.3 vala: upgrade 0.56.0 -> 0.56.1 vte: upgrade 0.66.2 -> 0.68.0 webkitgtk: upgrade 2.36.0 -> 2.36.1 xorgproto: upgrade 2021.5 -> 2022.1 xwayland: upgrade 22.1.0 -> 22.1.1 sysvinit: update 3.02 -> 3.04 pciutils: update 3.7.0 -> 3.8.0 elfutils: update 0.186 -> 0.187 git: update 2.35.3 -> 2.36.0 libdnf: update 0.66.0 -> 0.67.0 llvm: update 14.0.1 -> 14.0.3 rsync: update 3.2.3 -> 3.2.4 lsof: update 4.94.0 -> 4.95.0 libhandy: update 1.5.0 -> 1.6.2 librsvg: update 2.54.0 -> 2.54.1 xauth: update 1.1.1 -> 1.1.2 gnupg: update 2.3.4 -> 2.3.6 qemu: update 6.2.0 -> 7.0.0 stress-ng: disable apparmor from the correct spot coreutils: update 9.0 -> 9.1 python3-setuptools: upgrade 59.5.0 -> 62.3.1 go: upgrade 1.18.1 -> 1.18.2 iptables: upgrade 1.8.7 -> 1.8.8 gnu-config: update to latest version u-boot: upgrade 2022.01 -> 2022.04 python3-pip: update 22.0.4 -> 22.1 libxcb: update 1.14 -> 1.15 xcb-proto: upgrade 1.14.1 -> 1.15 systemtap: update 4.6 -> 4.7 vulkan-samples: update to latest revision curl: upgrade 7.83.0 -> 7.83.1 diffoscope: upgrade 211 -> 212 git: upgrade 2.36.0 -> 2.36.1 gnutls: upgrade 3.7.4 -> 3.7.5 gst-devtools: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-libav: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-omx: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-bad: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-base: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-good: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-plugins-ugly: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-python: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-rtsp-server: upgrade 1.20.1 -> 1.20.2 gstreamer1.0: upgrade 1.20.1 -> 1.20.2 gstreamer1.0-vaapi: upgrade 1.20.1 -> 1.20.2 libcgroup: upgrade 2.0.1 -> 2.0.2 libnotify: upgrade 0.7.11 -> 0.7.12 librsvg: upgrade 2.54.1 -> 2.54.3 mesa: upgrade 22.0.2 -> 22.0.3 mobile-broadband-provider-info: upgrade 20220315 -> 20220511 piglit: upgrade to latest revision psmisc: upgrade 23.4 -> 23.5 python3-bcrypt: upgrade 3.2.0 -> 3.2.2 python3-cryptography: upgrade 37.0.1 -> 37.0.2 python3-cryptography-vectors: upgrade 37.0.1 -> 37.0.2 python3-hypothesis: upgrade 6.46.0 -> 6.46.4 python3-jsonschema: upgrade 4.4.0 -> 4.5.1 python3-markdown: upgrade 3.3.6 -> 3.3.7 python3-more-itertools: upgrade 8.12.0 -> 8.13.0 python3-pbr: upgrade 5.8.1 -> 5.9.0 python3-pyparsing: upgrade 3.0.8 -> 3.0.9 repo: upgrade 2.24.1 -> 2.25 sqlite3: upgrade 3.38.3 -> 3.38.5 stress-ng: upgrade 0.14.00 -> 0.14.01 python3-setuptools-rust: update 1.1.2 -> 1.3.0 python3: use built-in distutils for ptest, rather than setuptools' 'fork' Andrej Valek (1): kernel: add missing path to search for debug files Arkadiusz Drabczyk (1): overview-manual: fix a forgotten link Aryaman Gupta (1): e2fsprogs: update upstream status Bruce Ashfield (23): linux-yocto/5.15: arm: poky-tiny cleanup and fixes linux-yocto/5.10: update to v5.10.110 linux-yocto/5.10: base: enable kernel crypto userspace API linux-yocto/5.15: update to v5.15.33 linux-yocto/5.15: base: enable kernel crypto userspace API linux-yocto/5.15: kasan: fix BUG: sleeping function called from invalid context linux-yocto/5.15: fix ppc boot linux-yocto/5.15: netfilter: conntrack: avoid useless indirection during conntrack destruction linux-yocto/5.10: update to v5.10.112 linux-yocto/5.15: update to v5.15.35 linux-yocto/5.15: Fix CVE-2022-28796 linux-yocto: enable powerpc debug fragment linux-yocto/5.15: fix -standard kernel build issue linux-yocto/5.15: update to v5.15.36 linux-yocto/5.15: fix qemuarm graphical boot strace: fix ptest failure in landlock yocto-bsps: update to v5.15.36 yocto-bsps: update to v5.10.113 linux-yocto/5.15: update to v5.15.37 linux-yocto/5.10: update to v5.10.113 linux-yocto/5.15: update to v5.15.38 linux-yocto/5.10: update to v5.10.114 lttng-modules: fix build against 5.18-rc7+ Changqing Li (1): eudev: create static-nodes in init script Chanho Park (2): externalsrc.bbclass: support crate fetcher on externalsrc cargo_common.bbclass: enable bitbake vendoring for externalsrc Claudius Heine (3): classes: rootfs-postcommands: add skip option to overlayfs_qa_check overlayfs: add docs about skipping QA check & service dependencies wic: added fspassno parameter to partition Davide Gardenal (4): cve-check: add JSON format to summary output cve-check: fix symlinks where link and output path are equal rootfs-postcommands: fix symlinks where link and output path are equal openssl: minor security upgrade 3.0.2 -> 3.0.3 Dmitry Baryshkov (3): linux-firmware: upgrade 20220411 -> 20220509 linux-firmware: package new Qualcomm firmware image.bbclass: allow overriding dependency on virtual/kernel:do_deploy Felix Moessbauer (1): wic/plugins/rootfs: Fix permissions when splitting rootfs folders across partitions Gunjan Gupta (2): bitbake: fetch2/osc: Small fixes for osc fetcher bitbake: fetch2/osc: Add support to query latest revision Jacob Kroon (1): Revert "image.bbclass: allow overriding dependency on virtual/kernel:do_deploy" Jiaqing Zhao (5): libxml2: Upgrade 2.9.13 -> 2.9.14 systemd: Drop 0001-test-parse-argument-Include-signal.h.patch systemd: Remove __compare_fn_t type in musl-specific patch systemd: Drop 0002-don-t-use-glibc-specific-qsort_r.patch systemd: Correct path returned in sd_path_lookup() Jon Mason (1): qemuarmv5: use arm-versatile-926ejs KMACHINE Kai Kang (1): wpa-supplicant: update config for gnutls Khem Raj (15): qemu: Add packageconfig for libbpf support linux-yocto: Enable powerpc-debug fragment for ppc64 LE musl: Upgrade to tip of trunk systemd: Fix build regression with latest update gcc: upgrade 11.3 -> 12.1 libstd-rs: Forward port rust libc patches gdb: Upgrade to 12.1 bash: build with bash_cv_getcwd_malloc=yes on musl too ovmf: Fix native build with gcc-12 elfutils: Disable stringop-overflow warning for build host musl-locales: Switch SRC_URI to new location systemd: Drop redundant musl patches systemd: Document future actions needed for set of musl patches systemd: Drop 0016-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch systemd: Update patch status Konrad Weihmann (1): linux-firmware: replace mkdir by install Kory Maincent (1): images_types: isolate the write of UBI configuration Leon Anavi (1): image_types/runqemu-addptable2image: Fix a minor typo Markus Volk (2): mesa.inc: package 00-radv-defaults.conf libsdl2: add PACKAGECONFIG for libusb1 and remove obsolete options Marta Rybczynska (3): cve-update-db-native: update the CVE database once a day only cve-update-db-native: let the user to drive the update interval cve-check: Fix report generation Martin Jansa (1): bitbake: osc: fix DeprecationWarning Michael Halstead (5): releases: update to include 3.1.16 scripts/autobuilder-worker-prereq-tests: update to use yocto 4.0 scripts/autobuilder-worker-prereq-tests: add additional limit testing releases: update to include 3.4.4 releases: include 4.0.1 Michael Opdenacker (12): MAINTAINERS.md: no more need for a prelink-cross maintainer dev-manual: further gdb usage simplifications doc/Makefile: fix epub and latexpdf targets manuals: fix name capitalization issues doc: standards for project and file names manuals: improve the width of diagrams manuals: improve documentation for TEMPLATECONF overview-manual: remove confusing and unnecessary paragraph about site.conf manuals: add quoting to references to bitbake.conf manuals: add missing space in appends manuals: add documentation for WKS_FILES migration guides: release notes for 3.4.3 and 3.4.4 Mingli Yu (1): python3-cryptography: remove --benchmark-disable option Peter Kjellerstedt (4): base-passwd: Regenerate the patches base-passwd: Update to 3.5.52 base-passwd: Update the status for two patches librsvg: Drop the dependency on libcroco Quentin Schulz (2): docs: set_versions.py: remove hardknott from active releases list docs: set_versions.py: show release name in switchers.js Raphael Teller (1): kernel.bbclass: Do not overwrite recipe's custom postinst Richard Purdie (25): bitbake: cookerdata: Change emphasis in error message to be clearer to users cairo: Add missing GPLv3 license checksum entry libgcrypt: Drop GPLv3 license after upstream changes base: Avoid circular references to our own scripts scripts: Make git intercept global scripts/git: Ensure we don't have circular references abi_version/sstate: Bump hashequiv and sstate versions due to git changes vim: Upgrade 8.2.4681 -> 8.2.4912 package: Ensure we track whether PRSERV was active or not libgcrypt: Fix reproducibility issues in ptest liberror-perl: Update sstate/equiv versions to clean cache freetype: Upgrade 2.12.0 -> 2.12.1 bitbake: fetch/git : Use cat as pager pciutils: Add make-native dependency sanity: Don't warn about make 4.2.1 for mint bitbake: build: Add clean_stamp API function to allow removal of task stamps staging: Fix rare sysroot corruption issue selftest/imagefeatures/overlayfs: Always append to DISTRO_FEATURES udev-extraconf/initrdscripts/parted: Rename mount.blacklist -> mount.ignorelist layer.conf: Don't use indirect help2man-native dependencies rust-common: Fix sstate signatures between arm hf and non-hf rust-common: Drop LLVM_TARGET and simplify rust-common: Fix native signature dependency issues scripts/patchreview: Add commit to stored json data scripts/patchreview: Make json output human parsable Robert Joslyn (1): powerpc: Remove invalid GLIBC_EXTRA_OECONF Roland Hieber (1): bitbake: cache: correctly handle file names containing colons Ross Burton (4): oeqa/selftest: add test for git working correctly inside pseudo Revert "bitbake.conf: mark all directories as safe for git to read" kernel-yocto.bbclass: say what SRC_URI entry is being dropped oeqa/selftest/cve_check: add tests for recipe and image reports Rouven Czerwinski (1): kbd: fix pam DISTRO_FEATURES check Samuli Piippo (1): binutils: Bump to latest 2.38 release branch Schmidt, Adriaan (1): bitbake: bitbake-diffsigs: break on first dependent task difference Simone Weiss (1): libgcrypt: Add ptest Steve Sakoman (2): virgl: skip headless test on alma 8.6 python3: fix reproducibility issue with python3-core Sundeep KOKKONDA (3): dev-manual: improvements for gdbserver configuration rust-common: Ensure sstate signatures have correct dependencues for do_rust_gen_targets rust-common: Fix for target definitions returning 'NoneType' for arm Thomas Epperson (1): dev-manual: fix documentation for bmaptool usage Thomas Perrot (1): man-pages: add an alternative link name for crypt_r.3 Tomasz Dziendzielski (1): bitbake: data: Do not depend on vardepvalueexclude flag Trevor Woerner (1): DISTRO_FEATURES: remove uclibc remnants Zoltán Böszörményi (2): npm.bbclass: Fix file permissions before opening it for writing npm.bbclass: Don't create /usr/lib/node symlink leimaohui (1): cve-check.bbclass: Added do_populate_sdk[recrdeptask]. wangmy (1): librepo: upgrade 1.14.2 -> 1.14.3 meta-raspberrypi: c97a9e34ab..62a84833d9: Andrei Gherzan (1): Revert "kmod: Enable xz compression" Khem Raj (3): rpi-config: Add option to enable One-wire interface linux-firmware-rpidistro: Create brcmfmac43455-sdio.raspberrypi,4-model-b.bin symlink linux-raspberrypi: Upgrade to 5.15.38 Signed-off-by: Andrew Geissler Change-Id: If15534d7da5bfa78ef2224bb09ff1a8eb96a0e10 --- meta-security/recipes-ids/aide/aide_0.17.3.bb | 41 ---- meta-security/recipes-ids/aide/aide_0.17.4.bb | 41 ++++ .../recipes-ids/ossec/ossec-hids_3.6.0.bb | 165 ---------------- .../recipes-ids/ossec/ossec-hids_3.7.0.bb | 165 ++++++++++++++++ meta-security/recipes-ids/samhain/samhain.inc | 4 +- .../recipes-ids/suricata/libhtp_0.5.39.bb | 27 --- .../recipes-ids/suricata/libhtp_0.5.40.bb | 27 +++ .../recipes-ids/suricata/suricata_6.0.4.bb | 206 -------------------- .../recipes-ids/suricata/suricata_6.0.5.bb | 207 +++++++++++++++++++++ 9 files changed, 442 insertions(+), 441 deletions(-) delete mode 100644 meta-security/recipes-ids/aide/aide_0.17.3.bb create mode 100644 meta-security/recipes-ids/aide/aide_0.17.4.bb delete mode 100644 meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb create mode 100644 meta-security/recipes-ids/ossec/ossec-hids_3.7.0.bb delete mode 100644 meta-security/recipes-ids/suricata/libhtp_0.5.39.bb create mode 100644 meta-security/recipes-ids/suricata/libhtp_0.5.40.bb delete mode 100644 meta-security/recipes-ids/suricata/suricata_6.0.4.bb create mode 100644 meta-security/recipes-ids/suricata/suricata_6.0.5.bb (limited to 'meta-security/recipes-ids') diff --git a/meta-security/recipes-ids/aide/aide_0.17.3.bb b/meta-security/recipes-ids/aide/aide_0.17.3.bb deleted file mode 100644 index b1fb58db3e..0000000000 --- a/meta-security/recipes-ids/aide/aide_0.17.3.bb +++ /dev/null @@ -1,41 +0,0 @@ -SUMMARY = "Advanced Intrusion Detection Environment" -HOMEPAGE = "https://aide.github.io" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -LICENSE = "GPL-2.0-only" - -DEPENDS = "bison-native libpcre" - -SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.tar.gz \ - file://aide.conf" - -SRC_URI[sha256sum] = "a2eb1883cafaad056fbe43ee1e8ae09fd36caa30a0bc8edfea5d47bd67c464f8" - -inherit autotools pkgconfig - -PACKAGECONFIG ??=" mhash zlib e2fsattrs \ - ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'xattr', '', d)} \ - " -PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux, libselinux" -PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib, zlib " -PACKAGECONFIG[xattr] = "--with-xattr, --without-xattr, attr, attr" -PACKAGECONFIG[curl] = "--with-curl, --without-curl, curl, libcurl" -PACKAGECONFIG[audit] = "--with-audit, --without-audit," -PACKAGECONFIG[gcrypt] = "--with-gcrypt, --without-gcrypt, libgcrypt, libgcrypt" -PACKAGECONFIG[mhash] = "--with-mhash, --without-mhash, libmhash, libmhash" -PACKAGECONFIG[e2fsattrs] = "--with-e2fsattrs, --without-e2fsattrs, e2fsprogs, e2fsprogs" - -do_install:append () { - install -d ${D}${libdir}/${PN}/logs - install -d ${D}${sysconfdir} - install ${WORKDIR}/aide.conf ${D}${sysconfdir}/ -} - -CONF_FILE = "${sysconfdir}/aide.conf" - -FILES:${PN} += "${libdir}/${PN} ${sysconfdir}/aide.conf" - -pkg_postinst_ontarget:${PN} () { - /usr/bin/aide -i -} -RDPENDS_${PN} = "bison, libpcre" diff --git a/meta-security/recipes-ids/aide/aide_0.17.4.bb b/meta-security/recipes-ids/aide/aide_0.17.4.bb new file mode 100644 index 0000000000..6bc2bfef84 --- /dev/null +++ b/meta-security/recipes-ids/aide/aide_0.17.4.bb @@ -0,0 +1,41 @@ +SUMMARY = "Advanced Intrusion Detection Environment" +HOMEPAGE = "https://aide.github.io" +LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" +LICENSE = "GPL-2.0-only" + +DEPENDS = "bison-native libpcre" + +SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.tar.gz \ + file://aide.conf" + +SRC_URI[sha256sum] = "c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846" + +inherit autotools pkgconfig + +PACKAGECONFIG ??=" mhash zlib e2fsattrs \ + ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'xattr', '', d)} \ + " +PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux, libselinux" +PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib, zlib " +PACKAGECONFIG[xattr] = "--with-xattr, --without-xattr, attr, attr" +PACKAGECONFIG[curl] = "--with-curl, --without-curl, curl, libcurl" +PACKAGECONFIG[audit] = "--with-audit, --without-audit,audit" +PACKAGECONFIG[gcrypt] = "--with-gcrypt, --without-gcrypt, libgcrypt, libgcrypt" +PACKAGECONFIG[mhash] = "--with-mhash, --without-mhash, libmhash, libmhash" +PACKAGECONFIG[e2fsattrs] = "--with-e2fsattrs, --without-e2fsattrs, e2fsprogs, e2fsprogs" + +do_install:append () { + install -d ${D}${libdir}/${PN}/logs + install -d ${D}${sysconfdir} + install ${WORKDIR}/aide.conf ${D}${sysconfdir}/ +} + +CONF_FILE = "${sysconfdir}/aide.conf" + +FILES:${PN} += "${libdir}/${PN} ${sysconfdir}/aide.conf" + +pkg_postinst_ontarget:${PN} () { + /usr/bin/aide -i +} +RDPENDS_${PN} = "bison, libpcre" diff --git a/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb b/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb deleted file mode 100644 index b0759b10ef..0000000000 --- a/meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb +++ /dev/null @@ -1,165 +0,0 @@ -SUMMARY = "A full platform to monitor and control your systems" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9" - - -DEPENDS = "openssl libpcre2 zlib libevent" -SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \ - file://0001-Makefile-drop-running-scrips-install.patch \ - file://0002-Makefile-don-t-set-uid-gid.patch \ - " - -SRCREV = "1303c78e2c67d7acee0508cb00c3bc63baaa27c2" - -UPSTREAM_CHECK_COMMITS = "1" - -inherit autotools-brokensep useradd - -S = "${WORKDIR}/git" - -OSSEC_UID ?= "ossec" -OSSEC_RUID ?= "ossecr" -OSSEC_GID ?= "ossec" -OSSEC_EMAIL ?= "ossecm" - -do_configure[noexec] = "1" - -do_compile() { - cd ${S}/src - make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build -} - -do_install(){ - install -d ${D}${sysconfdir} - install -d ${D}/var/ossec/${sysconfdir} - - cd ${S}/src - make TARGET=local PREFIX=${D}/var/ossec install - - echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf - echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf - echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf - echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf - chmod 600 ${D}/${sysconfdir}/ossec-init.conf - install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf -} - -pkg_postinst_ontarget:${PN} () { - DIR="/var/ossec" - - usermod -g ossec -G ossec -a root - - # Default for all directories - chmod -R 550 ${DIR} - chown -R root:${OSSEC_GID} ${DIR} - - # To the ossec queue (default for agentd to read) - chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec - chmod -R 770 ${DIR}/queue/ossec - - # For the logging user - chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs - chmod -R 750 ${DIR}/logs - chmod -R 775 ${DIR}/queue/rids - touch ${DIR}/logs/ossec.log - chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log - chmod 664 ${DIR}/logs/ossec.log - - chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff - chmod -R 750 ${DIR}/queue/diff - chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true - - # For the etc dir - chmod 550 ${DIR}/etc - chown -R root:${OSSEC_GID} ${DIR}/etc - if [ -f /etc/localtime ]; then - cp -pL /etc/localtime ${DIR}/etc/; - chmod 555 ${DIR}/etc/localtime - chown root:${OSSEC_GID} ${DIR}/etc/localtime - fi - - if [ -f /etc/TIMEZONE ]; then - cp -p /etc/TIMEZONE ${DIR}/etc/; - chmod 555 ${DIR}/etc/TIMEZONE - fi - - # More files - chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf - chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true - chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true - chown root:${OSSEC_GID} ${DIR}/agentless/* - chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh - chown root:${OSSEC_GID} ${DIR}/etc/shared/* - - chmod 550 ${DIR}/etc - chmod 440 ${DIR}/etc/internal_options.conf - chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true - chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true - chmod 550 ${DIR}/agentless/* - chmod 700 ${DIR}/.ssh - chmod 770 ${DIR}/etc/shared - chmod 660 ${DIR}/etc/shared/* - - # For the /var/run - chmod 770 ${DIR}/var/run - chown root:${OSSEC_GID} ${DIR}/var/run - - # For util.sh - chown root:${OSSEC_GID} ${DIR}/bin/util.sh - chmod +x ${DIR}/bin/util.sh - - # For binaries and active response - chmod 755 ${DIR}/active-response/bin/* - chown root:${OSSEC_GID} ${DIR}/active-response/bin/* - chown root:${OSSEC_GID} ${DIR}/bin/* - chmod 550 ${DIR}/bin/* - - # For ossec.conf - chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf - chmod 660 ${DIR}/etc/ossec.conf - - # Debconf - . /usr/share/debconf/confmodule - db_input high ossec-hids-agent/server-ip || true - db_go - - db_get ossec-hids-agent/server-ip - SERVER_IP=$RET - - sed -i "s/[^<]\+<\/server-ip>/${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf - db_stop - - # ossec-init.conf - if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then - if [ -e /etc/ossec-init.conf ]; then - rm -f /etc/ossec-init.conf - fi - ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf - fi - - # init.d/ossec file - if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then - if [ -e /etc/init.d/ossec ]; then - rm -f /etc/init.d/ossec - fi - ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec - fi - - # Service - if [ -x /etc/init.d/ossec ]; then - update-rc.d -f ossec defaults - fi - - # Delete tmp directory - if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then - rm -r ${OSSEC_HIDS_TMP_DIR} - fi -} - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec" -GROUPADD_PARAM:${PN} = "--system ossec" - -RDEPENDS:${PN} = "openssl bash" - -COMPATIBLE_HOST:libc-musl = "null" diff --git a/meta-security/recipes-ids/ossec/ossec-hids_3.7.0.bb b/meta-security/recipes-ids/ossec/ossec-hids_3.7.0.bb new file mode 100644 index 0000000000..c211f03212 --- /dev/null +++ b/meta-security/recipes-ids/ossec/ossec-hids_3.7.0.bb @@ -0,0 +1,165 @@ +SUMMARY = "A full platform to monitor and control your systems" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9" + + +DEPENDS = "openssl libpcre2 zlib libevent" +SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \ + file://0001-Makefile-drop-running-scrips-install.patch \ + file://0002-Makefile-don-t-set-uid-gid.patch \ + " + +SRCREV = "1ecffb1b884607cb12e619f9ab3c04f530801083" + +UPSTREAM_CHECK_COMMITS = "1" + +inherit autotools-brokensep useradd + +S = "${WORKDIR}/git" + +OSSEC_UID ?= "ossec" +OSSEC_RUID ?= "ossecr" +OSSEC_GID ?= "ossec" +OSSEC_EMAIL ?= "ossecm" + +do_configure[noexec] = "1" + +do_compile() { + cd ${S}/src + make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build +} + +do_install(){ + install -d ${D}${sysconfdir} + install -d ${D}/var/ossec/${sysconfdir} + + cd ${S}/src + make TARGET=local PREFIX=${D}/var/ossec install + + echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf + echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf + echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf + echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf + chmod 600 ${D}/${sysconfdir}/ossec-init.conf + install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf +} + +pkg_postinst_ontarget:${PN} () { + DIR="/var/ossec" + + usermod -g ossec -G ossec -a root + + # Default for all directories + chmod -R 550 ${DIR} + chown -R root:${OSSEC_GID} ${DIR} + + # To the ossec queue (default for agentd to read) + chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec + chmod -R 770 ${DIR}/queue/ossec + + # For the logging user + chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs + chmod -R 750 ${DIR}/logs + chmod -R 775 ${DIR}/queue/rids + touch ${DIR}/logs/ossec.log + chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log + chmod 664 ${DIR}/logs/ossec.log + + chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff + chmod -R 750 ${DIR}/queue/diff + chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true + + # For the etc dir + chmod 550 ${DIR}/etc + chown -R root:${OSSEC_GID} ${DIR}/etc + if [ -f /etc/localtime ]; then + cp -pL /etc/localtime ${DIR}/etc/; + chmod 555 ${DIR}/etc/localtime + chown root:${OSSEC_GID} ${DIR}/etc/localtime + fi + + if [ -f /etc/TIMEZONE ]; then + cp -p /etc/TIMEZONE ${DIR}/etc/; + chmod 555 ${DIR}/etc/TIMEZONE + fi + + # More files + chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf + chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true + chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true + chown root:${OSSEC_GID} ${DIR}/agentless/* + chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh + chown root:${OSSEC_GID} ${DIR}/etc/shared/* + + chmod 550 ${DIR}/etc + chmod 440 ${DIR}/etc/internal_options.conf + chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true + chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true + chmod 550 ${DIR}/agentless/* + chmod 700 ${DIR}/.ssh + chmod 770 ${DIR}/etc/shared + chmod 660 ${DIR}/etc/shared/* + + # For the /var/run + chmod 770 ${DIR}/var/run + chown root:${OSSEC_GID} ${DIR}/var/run + + # For util.sh + chown root:${OSSEC_GID} ${DIR}/bin/util.sh + chmod +x ${DIR}/bin/util.sh + + # For binaries and active response + chmod 755 ${DIR}/active-response/bin/* + chown root:${OSSEC_GID} ${DIR}/active-response/bin/* + chown root:${OSSEC_GID} ${DIR}/bin/* + chmod 550 ${DIR}/bin/* + + # For ossec.conf + chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf + chmod 660 ${DIR}/etc/ossec.conf + + # Debconf + . /usr/share/debconf/confmodule + db_input high ossec-hids-agent/server-ip || true + db_go + + db_get ossec-hids-agent/server-ip + SERVER_IP=$RET + + sed -i "s/[^<]\+<\/server-ip>/${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf + db_stop + + # ossec-init.conf + if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then + if [ -e /etc/ossec-init.conf ]; then + rm -f /etc/ossec-init.conf + fi + ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf + fi + + # init.d/ossec file + if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then + if [ -e /etc/init.d/ossec ]; then + rm -f /etc/init.d/ossec + fi + ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec + fi + + # Service + if [ -x /etc/init.d/ossec ]; then + update-rc.d -f ossec defaults + fi + + # Delete tmp directory + if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then + rm -r ${OSSEC_HIDS_TMP_DIR} + fi +} + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec" +GROUPADD_PARAM:${PN} = "--system ossec" + +RDEPENDS:${PN} = "openssl bash" + +COMPATIBLE_HOST:libc-musl = "null" diff --git a/meta-security/recipes-ids/samhain/samhain.inc b/meta-security/recipes-ids/samhain/samhain.inc index df9e215b8c..eb8592d34b 100644 --- a/meta-security/recipes-ids/samhain/samhain.inc +++ b/meta-security/recipes-ids/samhain/samhain.inc @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.la-samhna.de/samhain/" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b" -PV = "4.4.7" +PV = "4.4.9" SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://${INITSCRIPT_NAME}.init \ @@ -21,7 +21,7 @@ SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://samhain-fix-initializer-element-is-not-constant.patch \ " -SRC_URI[sha256sum] = "0aa978accb635000c2d9170f307bff8a95836f8ec01615a53dbd9c2af9564d44" +SRC_URI[sha256sum] = "dd85bf2f90db3ce616a09608e650f3707a4d69aa1e1fe718f8b359ce0aafc198" UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html" UPSTREAM_CHECK_REGEX = "samhain_signed-(?P(\d+(\.\d+)+))\.tar" diff --git a/meta-security/recipes-ids/suricata/libhtp_0.5.39.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.39.bb deleted file mode 100644 index 80c9014153..0000000000 --- a/meta-security/recipes-ids/suricata/libhtp_0.5.39.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces." - -require suricata.inc - -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843" - -SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x" -SRCREV = "6b70803c45894da7a591b2305498335e6df4f9a3" - -DEPENDS = "zlib" - -inherit autotools-brokensep pkgconfig - -CFLAGS += "-D_DEFAULT_SOURCE" - -#S = "${WORKDIR}/suricata-${VER}/${BPN}" - -S = "${WORKDIR}/git" - -do_configure () { - cd ${S} - ./autogen.sh - oe_runconf -} - -RDEPENDS:${PN} += "zlib" - diff --git a/meta-security/recipes-ids/suricata/libhtp_0.5.40.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.40.bb new file mode 100644 index 0000000000..08e285e3ef --- /dev/null +++ b/meta-security/recipes-ids/suricata/libhtp_0.5.40.bb @@ -0,0 +1,27 @@ +SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces." + +require suricata.inc + +LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843" + +SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x" +SRCREV = "1733478f7fd09e936fea2e024f1d228d40741df2" + +DEPENDS = "zlib" + +inherit autotools-brokensep pkgconfig + +CFLAGS += "-D_DEFAULT_SOURCE" + +#S = "${WORKDIR}/suricata-${VER}/${BPN}" + +S = "${WORKDIR}/git" + +do_configure () { + cd ${S} + ./autogen.sh + oe_runconf +} + +RDEPENDS:${PN} += "zlib" + diff --git a/meta-security/recipes-ids/suricata/suricata_6.0.4.bb b/meta-security/recipes-ids/suricata/suricata_6.0.4.bb deleted file mode 100644 index 31244f3f93..0000000000 --- a/meta-security/recipes-ids/suricata/suricata_6.0.4.bb +++ /dev/null @@ -1,206 +0,0 @@ -SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine" - -require suricata.inc - -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" - -SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz" -SRC_URI[sha256sum] = "a8f197e33d1678689ebbf7bc1abe84934c465d22c504c47c2c7e9b74aa042d0d" - -DEPENDS = "lz4 libhtp" - -SRC_URI += " \ - file://volatiles.03_suricata \ - file://tmpfiles.suricata \ - file://suricata.yaml \ - file://suricata.service \ - file://run-ptest \ - file://fixup.patch \ - " - -SRC_URI += " \ - crate://crates.io/autocfg/1.0.1 \ - crate://crates.io/semver-parser/0.7.0 \ - crate://crates.io/arrayvec/0.4.12 \ - crate://crates.io/ryu/1.0.5 \ - crate://crates.io/libc/0.2.86 \ - crate://crates.io/bitflags/1.2.1 \ - crate://crates.io/version_check/0.9.2 \ - crate://crates.io/memchr/2.3.4 \ - crate://crates.io/nodrop/0.1.14 \ - crate://crates.io/cfg-if/0.1.9 \ - crate://crates.io/static_assertions/0.3.4 \ - crate://crates.io/getrandom/0.1.16 \ - crate://crates.io/cfg-if/1.0.0 \ - crate://crates.io/siphasher/0.3.3 \ - crate://crates.io/ppv-lite86/0.2.10 \ - crate://crates.io/proc-macro-hack/0.5.19 \ - crate://crates.io/proc-macro2/0.4.30 \ - crate://crates.io/unicode-xid/0.1.0 \ - crate://crates.io/syn/0.15.44 \ - crate://crates.io/build_const/0.2.1 \ - crate://crates.io/num-derive/0.2.5 \ - crate://crates.io/base64/0.11.0 \ - crate://crates.io/widestring/0.4.3 \ - crate://crates.io/md5/0.7.0 \ - crate://crates.io/uuid/0.8.2 \ - crate://crates.io/byteorder/1.4.2 \ - crate://crates.io/semver/0.9.0 \ - crate://crates.io/nom/5.1.1 \ - crate://crates.io/num-traits/0.2.14 \ - crate://crates.io/num-integer/0.1.44 \ - crate://crates.io/num-bigint/0.2.6 \ - crate://crates.io/num-bigint/0.3.1 \ - crate://crates.io/num-rational/0.2.4 \ - crate://crates.io/num-complex/0.2.4 \ - crate://crates.io/num-iter/0.1.42 \ - crate://crates.io/phf_shared/0.8.0 \ - crate://crates.io/crc/1.8.1 \ - crate://crates.io/rustc_version/0.2.3 \ - crate://crates.io/phf/0.8.0 \ - crate://crates.io/lexical-core/0.6.8 \ - crate://crates.io/time/0.1.44 \ - crate://crates.io/quote/0.6.13 \ - crate://crates.io/rand_core/0.5.1 \ - crate://crates.io/rand_chacha/0.2.2 \ - crate://crates.io/rand_pcg/0.2.1 \ - crate://crates.io/num-traits/0.1.43 \ - crate://crates.io/rand/0.7.3 \ - crate://crates.io/enum_primitive/0.1.1 \ - crate://crates.io/phf_generator/0.8.0 \ - crate://crates.io/phf_codegen/0.8.0 \ - crate://crates.io/tls-parser/0.9.4 \ - crate://crates.io/num/0.2.1 \ - crate://crates.io/rusticata-macros/2.1.0 \ - crate://crates.io/ntp-parser/0.4.0 \ - crate://crates.io/der-oid-macro/0.2.0 \ - crate://crates.io/der-parser/3.0.4 \ - crate://crates.io/ipsec-parser/0.5.0 \ - crate://crates.io/x509-parser/0.6.5 \ - crate://crates.io/der-parser/4.1.0 \ - crate://crates.io/snmp-parser/0.6.0 \ - crate://crates.io/kerberos-parser/0.5.0 \ - crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ - crate://crates.io/winapi/0.3.9 \ - crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ - crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ - crate://crates.io/log/0.4.0 \ - crate://crates.io/rand_hc/0.2.0 \ - crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \ - crate://crates.io/sawp/0.5.0 \ - crate://crates.io/sawp-modbus/0.5.0 \ - crate://crates.io/brotli/3.3.0 \ - crate://crates.io/flate2/1.0.20 \ - crate://crates.io/alloc-no-stdlib/2.0.1 \ - crate://crates.io/alloc-stdlib/0.2.1 \ - crate://crates.io/brotli-decompressor/2.3.1 \ - crate://crates.io/crc32fast/1.2.1 \ - crate://crates.io/miniz_oxide/0.4.4 \ - crate://crates.io/adler/1.0.2 \ - " - -# test case support -SRC_URI += " \ - crate://crates.io/test-case/1.0.1 \ - crate://crates.io/proc-macro2/1.0.1 \ - crate://crates.io/quote/1.0.1 \ - crate://crates.io/syn/1.0.1 \ - crate://crates.io/unicode-xid/0.2.0 \ - " - -inherit autotools pkgconfig python3native systemd ptest cargo - -EXTRA_OECONF += " --disable-debug \ - --disable-gccmarch-native \ - --enable-non-bundled-htp \ - --disable-suricata-update \ - --with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR} \ - " - -CARGO_SRC_DIR = "rust" - -B = "${S}" - -PACKAGECONFIG ??= "jansson file pcre yaml python pcap cap-ng net nfnetlink nss nspr " -PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}" - -PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," -PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," -PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap" -PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " -PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," -PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," -PACKAGECONFIG[nfq] = "--enable-nfqueue, --disable-nfqueue,libnetfilter-queue," - -PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" -PACKAGECONFIG[file] = ",,file, file" -PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," -PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," -PACKAGECONFIG[python] = "--enable-python, --disable-python, python3, python3-core" -PACKAGECONFIG[unittests] = "--enable-unittests, --disable-unittests," - -export logdir = "${localstatedir}/log" - -CACHED_CONFIGUREVARS = "ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes" - -do_configure:prepend () { - oe_runconf -} - -do_compile () { - # we do this to bypass the make provided by this pkg - # patches Makefile to skip the subdir - cargo_do_compile - - # Finish building - cd ${S} - make -} - -do_install () { - install -d ${D}${sysconfdir}/suricata - - oe_runmake install DESTDIR=${D} - - install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/03_suricata - - install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata - install -m 0644 ${S}/suricata.yaml ${D}${sysconfdir}/suricata - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf - - install -d ${D}${systemd_unitdir}/system - sed -e s:/etc:${sysconfdir}:g \ - -e s:/var/run:/run:g \ - -e s:/var:${localstatedir}:g \ - -e s:/usr/bin:${bindir}:g \ - -e s:/bin/kill:${base_bindir}/kill:g \ - -e s:/usr/lib:${libdir}:g \ - ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service - fi - - # Remove /var/run as it is created on startup - rm -rf ${D}${localstatedir}/run - - sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatasc - sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatactl -} - -pkg_postinst_ontarget:${PN} () { -if command -v systemd-tmpfiles >/dev/null; then - systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf -elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then - ${sysconfdir}/init.d/populate-volatile.sh update -fi -} - -SYSTEMD_PACKAGES = "${PN}" - -PACKAGES =+ "${PN}-python" -FILES:${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d" -FILES:${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" - -CONFFILES:${PN} = "${sysconfdir}/suricata/suricata.yaml" diff --git a/meta-security/recipes-ids/suricata/suricata_6.0.5.bb b/meta-security/recipes-ids/suricata/suricata_6.0.5.bb new file mode 100644 index 0000000000..913e64e0bb --- /dev/null +++ b/meta-security/recipes-ids/suricata/suricata_6.0.5.bb @@ -0,0 +1,207 @@ +SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine" + +require suricata.inc + +LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" + +SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz" +SRC_URI[sha256sum] = "0d4197047c84ba070dfc6b1d9f9ee92f52a71403bfac0e29b2554bb21fe00754" + +DEPENDS = "lz4 libhtp" + +SRC_URI += " \ + file://volatiles.03_suricata \ + file://tmpfiles.suricata \ + file://suricata.yaml \ + file://suricata.service \ + file://run-ptest \ + file://fixup.patch \ + " + +SRC_URI += " \ + crate://crates.io/autocfg/1.0.1 \ + crate://crates.io/semver-parser/0.7.0 \ + crate://crates.io/arrayvec/0.4.12 \ + crate://crates.io/ryu/1.0.5 \ + crate://crates.io/libc/0.2.86 \ + crate://crates.io/bitflags/1.2.1 \ + crate://crates.io/version_check/0.9.2 \ + crate://crates.io/memchr/2.3.4 \ + crate://crates.io/nodrop/0.1.14 \ + crate://crates.io/cfg-if/0.1.9 \ + crate://crates.io/static_assertions/0.3.4 \ + crate://crates.io/getrandom/0.1.16 \ + crate://crates.io/cfg-if/1.0.0 \ + crate://crates.io/siphasher/0.3.3 \ + crate://crates.io/ppv-lite86/0.2.10 \ + crate://crates.io/proc-macro-hack/0.5.19 \ + crate://crates.io/proc-macro2/0.4.30 \ + crate://crates.io/unicode-xid/0.1.0 \ + crate://crates.io/syn/0.15.44 \ + crate://crates.io/build_const/0.2.1 \ + crate://crates.io/num-derive/0.2.5 \ + crate://crates.io/base64/0.11.0 \ + crate://crates.io/widestring/0.4.3 \ + crate://crates.io/md5/0.7.0 \ + crate://crates.io/uuid/0.8.2 \ + crate://crates.io/byteorder/1.4.2 \ + crate://crates.io/semver/0.9.0 \ + crate://crates.io/nom/5.1.1 \ + crate://crates.io/num-traits/0.2.14 \ + crate://crates.io/num-integer/0.1.44 \ + crate://crates.io/num-bigint/0.2.6 \ + crate://crates.io/num-bigint/0.3.1 \ + crate://crates.io/num-rational/0.2.4 \ + crate://crates.io/num-complex/0.2.4 \ + crate://crates.io/num-iter/0.1.42 \ + crate://crates.io/phf_shared/0.8.0 \ + crate://crates.io/crc/1.8.1 \ + crate://crates.io/rustc_version/0.2.3 \ + crate://crates.io/phf/0.8.0 \ + crate://crates.io/lexical-core/0.6.8 \ + crate://crates.io/time/0.1.44 \ + crate://crates.io/quote/0.6.13 \ + crate://crates.io/rand_core/0.5.1 \ + crate://crates.io/rand_chacha/0.2.2 \ + crate://crates.io/rand_pcg/0.2.1 \ + crate://crates.io/num-traits/0.1.43 \ + crate://crates.io/rand/0.7.3 \ + crate://crates.io/enum_primitive/0.1.1 \ + crate://crates.io/phf_generator/0.8.0 \ + crate://crates.io/phf_codegen/0.8.0 \ + crate://crates.io/tls-parser/0.9.4 \ + crate://crates.io/num/0.2.1 \ + crate://crates.io/rusticata-macros/2.1.0 \ + crate://crates.io/ntp-parser/0.4.0 \ + crate://crates.io/der-oid-macro/0.2.0 \ + crate://crates.io/der-parser/3.0.4 \ + crate://crates.io/ipsec-parser/0.5.0 \ + crate://crates.io/x509-parser/0.6.5 \ + crate://crates.io/der-parser/4.1.0 \ + crate://crates.io/snmp-parser/0.6.0 \ + crate://crates.io/kerberos-parser/0.5.0 \ + crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \ + crate://crates.io/winapi/0.3.9 \ + crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \ + crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \ + crate://crates.io/log/0.4.0 \ + crate://crates.io/rand_hc/0.2.0 \ + crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \ + crate://crates.io/sawp/0.5.0 \ + crate://crates.io/sawp-modbus/0.5.0 \ + crate://crates.io/brotli/3.3.0 \ + crate://crates.io/flate2/1.0.20 \ + crate://crates.io/alloc-no-stdlib/2.0.1 \ + crate://crates.io/alloc-stdlib/0.2.1 \ + crate://crates.io/brotli-decompressor/2.3.1 \ + crate://crates.io/crc32fast/1.2.1 \ + crate://crates.io/miniz_oxide/0.4.4 \ + crate://crates.io/adler/1.0.2 \ + " + +# test case support +SRC_URI += " \ + crate://crates.io/test-case/1.0.1 \ + crate://crates.io/proc-macro2/1.0.1 \ + crate://crates.io/quote/1.0.1 \ + crate://crates.io/syn/1.0.1 \ + crate://crates.io/unicode-xid/0.2.0 \ + " + +inherit autotools pkgconfig python3native systemd ptest cargo + +EXTRA_OECONF += " --disable-debug \ + --disable-gccmarch-native \ + --enable-non-bundled-htp \ + --disable-suricata-update \ + --with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR} \ + " + +CARGO_SRC_DIR = "rust" + +B = "${S}" + +# nfnetlink has a dependancy to meta-networking +PACKAGECONFIG ??= "jansson file pcre yaml python pcap cap-ng net nss nspr " +PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}" + +PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," +PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," +PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap" +PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " +PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," +PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," +PACKAGECONFIG[nfq] = "--enable-nfqueue, --disable-nfqueue,libnetfilter-queue," + +PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" +PACKAGECONFIG[file] = ",,file, file" +PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," +PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3, python3-core" +PACKAGECONFIG[unittests] = "--enable-unittests, --disable-unittests," + +export logdir = "${localstatedir}/log" + +CACHED_CONFIGUREVARS = "ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes" + +do_configure:prepend () { + oe_runconf +} + +do_compile () { + # we do this to bypass the make provided by this pkg + # patches Makefile to skip the subdir + cargo_do_compile + + # Finish building + cd ${S} + make +} + +do_install () { + install -d ${D}${sysconfdir}/suricata + + oe_runmake install DESTDIR=${D} + + install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/03_suricata + + install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata + install -m 0644 ${S}/suricata.yaml ${D}${sysconfdir}/suricata + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf + + install -d ${D}${systemd_unitdir}/system + sed -e s:/etc:${sysconfdir}:g \ + -e s:/var/run:/run:g \ + -e s:/var:${localstatedir}:g \ + -e s:/usr/bin:${bindir}:g \ + -e s:/bin/kill:${base_bindir}/kill:g \ + -e s:/usr/lib:${libdir}:g \ + ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service + fi + + # Remove /var/run as it is created on startup + rm -rf ${D}${localstatedir}/run + + sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatasc + sed -i -e "s:#!.*$:#!${USRBINPATH}/env ${PYTHON_PN}:g" ${D}${bindir}/suricatactl +} + +pkg_postinst_ontarget:${PN} () { +if command -v systemd-tmpfiles >/dev/null; then + systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf +elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update +fi +} + +SYSTEMD_PACKAGES = "${PN}" + +PACKAGES =+ "${PN}-python" +FILES:${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d" +FILES:${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" + +CONFFILES:${PN} = "${sysconfdir}/suricata/suricata.yaml" -- cgit v1.2.3