diff options
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-security')
10 files changed, 145 insertions, 54 deletions
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch index bb6c61e80..ed1c0e2b5 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit/Add-substitue-functions-for-strndupa-rawmemchr.patch +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Add-substitue-functions-for-strndupa-rawmemchr.patch @@ -1,4 +1,4 @@ -From bdcdc3dff4469aac88e718bd15958d5ed4b9392a Mon Sep 17 00:00:00 2001 +From d5a4b800a696b8b8d2c0f0bad098b1a8ff94333f Mon Sep 17 00:00:00 2001 From: Steve Grubb <sgrubb@redhat.com> Date: Tue, 26 Feb 2019 18:33:33 -0500 Subject: [PATCH] Add substitue functions for strndupa & rawmemchr @@ -68,7 +68,7 @@ index 51c4a5e..67b7b77 100644 break; *ptr = ' '; diff --git a/configure.ac b/configure.ac -index 54bdbf1..aef07fb 100644 +index 6e345f1..6f3007e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ @@ -129,5 +129,5 @@ index 5d17a72..758c33e 100644 * This function will look at the line and pick out pieces of it. */ -- -2.7.4 +2.17.1 diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch new file mode 100644 index 000000000..4a1b97997 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Fixed-swig-host-contamination-issue.patch @@ -0,0 +1,57 @@ +From 3467abce1f3cfc96f9bdace7c09d95218cbcaeb1 Mon Sep 17 00:00:00 2001 +From: Li xin <lixin.fnst@cn.fujitsu.com> +Date: Sun, 19 Jul 2015 02:42:58 +0900 +Subject: [PATCH] audit: Fixed swig host contamination issue + +The audit build uses swig to generate a python wrapper. +Unfortunately, the swig info file references host include +directories. Some of these were previously noticed and +eliminated, but the one fixed here was not. + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com> +Signed-off-by: Joe Slater <jslater@windriver.com> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bindings/swig/python3/Makefile.am | 3 ++- + bindings/swig/src/auditswig.i | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am +index 9938418..fa46aac 100644 +--- a/bindings/swig/python3/Makefile.am ++++ b/bindings/swig/python3/Makefile.am +@@ -22,6 +22,7 @@ + CONFIG_CLEAN_FILES = *.loT *.rej *.orig + AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) + AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) ++STDINC ?= /usr/include + LIBS = $(top_builddir)/lib/libaudit.la + SWIG_FLAGS = -python -py3 -modern + SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi + _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la + nodist__audit_la_SOURCES = audit_wrap.c + audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i +- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i ++ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i + + CLEANFILES = audit.py* audit_wrap.c *~ + +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i +index 7ebb373..424fb68 100644 +--- a/bindings/swig/src/auditswig.i ++++ b/bindings/swig/src/auditswig.i +@@ -39,7 +39,7 @@ signed + #define __attribute(X) /*nothing*/ + typedef unsigned __u32; + typedef unsigned uid_t; +-%include "/usr/include/linux/audit.h" ++%include "linux/audit.h" + #define __extension__ /*nothing*/ + #include <stdint.h> + %include "../lib/libaudit.h" +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch new file mode 100644 index 000000000..f209e560b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0003-Header-definitions-need-to-be-external-when-building.patch @@ -0,0 +1,30 @@ +From 2938f46d318df4a09565db837b60bafd0300f858 Mon Sep 17 00:00:00 2001 +From: Steve Grubb <sgrubb@redhat.com> +Date: Fri, 10 Jan 2020 21:13:50 -0500 +Subject: [PATCH] Header definitions need to be external when building with + -fno-common (which is default in GCC 10) - Tony Jones + +Upstream-Status: Backport +[https://github.com/linux-audit/audit-userspace/commit/017e6c6ab95df55f34e339d2139def83e5dada1f] + +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + src/ausearch-common.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ausearch-common.h b/src/ausearch-common.h +index 6669203..3040547 100644 +--- a/src/ausearch-common.h ++++ b/src/ausearch-common.h +@@ -50,7 +50,7 @@ extern pid_t event_pid; + extern int event_exact_match; + extern uid_t event_uid, event_euid, event_loginuid; + extern const char *event_tuid, *event_teuid, *event_tauid; +-slist *event_node_list; ++extern slist *event_node_list; + extern const char *event_comm; + extern const char *event_filename; + extern const char *event_hostname; +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb index ee3b3b5e0..10c1afbb8 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_2.8.5.bb @@ -8,8 +8,9 @@ LICENSE = "GPLv2+ & LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \ - file://Add-substitue-functions-for-strndupa-rawmemchr.patch \ - file://Fixed-swig-host-contamination-issue.patch \ + file://0001-Add-substitue-functions-for-strndupa-rawmemchr.patch \ + file://0002-Fixed-swig-host-contamination-issue.patch \ + file://0003-Header-definitions-need-to-be-external-when-building.patch \ file://auditd \ file://auditd.service \ file://audit-volatile.conf \ @@ -25,11 +26,11 @@ INITSCRIPT_NAME = "auditd" INITSCRIPT_PARAMS = "defaults" SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE_auditd = "auditd.service" +SYSTEMD_SERVICE:auditd = "auditd.service" -DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" +DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" -EXTRA_OECONF += "--without-prelude \ +EXTRA_OECONF = "--without-prelude \ --with-libwrap \ --enable-gssapi-krb5=no \ --with-libcap-ng=yes \ @@ -39,19 +40,19 @@ EXTRA_OECONF += "--without-prelude \ --without-python \ --without-golang \ --disable-zos-remote \ + --with-arm=yes \ + --with-aarch64=yes \ " -EXTRA_OECONF_append_arm = " --with-arm=yes" -EXTRA_OECONF_append_aarch64 = " --with-aarch64=yes" -EXTRA_OEMAKE += "PYLIBVER='python${PYTHON_BASEVERSION}' \ +EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \ pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \ STDINC='${STAGING_INCDIR}' \ pkgconfigdir=${libdir}/pkgconfig \ " -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ interface to the audit system, audispd. These plugins can do things \ like relay events to remote machines or analyze events for suspicious \ behavior." @@ -59,19 +60,19 @@ behavior." PACKAGES =+ "audispd-plugins" PACKAGES += "auditd ${PN}-python" -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd += "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" -FILES_audispd-plugins += "${sysconfdir}/audisp/audisp-remote.conf \ +FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/*" +FILES:audispd-plugins = "${sysconfdir}/audisp/audisp-remote.conf \ ${sysconfdir}/audisp/plugins.d/au-remote.conf \ - ${sbindir}/audisp-remote ${localstatedir}/spool/audit \ + ${base_sbindir}/audisp-remote ${localstatedir}/spool/audit \ " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" +FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" -CONFFILES_auditd += "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd += "bash" +CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" +RDEPENDS:auditd = "bash" -do_install_append() { +do_install:append() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la @@ -85,14 +86,14 @@ do_install_append() { rm -rf ${D}/etc/rc.d if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + # install systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system + install -d ${D}${sysconfdir}/tmpfiles.d/ install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/ fi - # install systemd unit files - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system - # audit-2.5 doesn't install any rules by default, so we do that here mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules @@ -102,4 +103,7 @@ do_install_append() { # Based on the audit.spec "Copy default rules into place on new installation" cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules + + # Create /var/spool/audit directory for audisp-remote + install -m 0700 -d ${D}${localstatedir}/spool/audit } diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.2.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb index 7d2cec18b..c30b97162 100644 --- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.2.bb +++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.0.3.bb @@ -15,7 +15,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master \ " S = "${WORKDIR}/git" -SRCREV = "40312ddee3035d13e287355544cd7bd7e49b5499" +SRCREV = "17c100abcfef4cbd94a0a5be9b830c8386c3add6" inherit autotools python3native update-rc.d systemd @@ -24,7 +24,7 @@ INITSCRIPT_NAME = "auditd" INITSCRIPT_PARAMS = "defaults" SYSTEMD_PACKAGES = "auditd" -SYSTEMD_SERVICE_auditd = "auditd.service" +SYSTEMD_SERVICE:auditd = "auditd.service" DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native" @@ -48,8 +48,8 @@ EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \ pkgconfigdir=${libdir}/pkgconfig \ " -SUMMARY_audispd-plugins = "Plugins for the audit event dispatcher" -DESCRIPTION_audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ +SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher" +DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \ interface to the audit system, audispd. These plugins can do things \ like relay events to remote machines or analyze events for suspicious \ behavior." @@ -57,22 +57,22 @@ behavior." PACKAGES =+ "audispd-plugins" PACKAGES += "auditd ${PN}-python" -FILES_${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" -FILES_auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*" -FILES_audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ +FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*" +FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*" +FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \ ${sysconfdir}/audit/plugins.d/au-remote.conf \ ${sysconfdir}/audit/plugins.d/syslog.conf \ ${base_sbindir}/audisp-remote \ ${base_sbindir}/audisp-syslog \ ${localstatedir}/spool/audit \ " -FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" -FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" +FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug" +FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}" -CONFFILES_auditd = "${sysconfdir}/audit/audit.rules" -RDEPENDS_auditd = "bash" +CONFFILES:auditd = "${sysconfdir}/audit/audit.rules" +RDEPENDS:auditd = "bash" -do_install_append() { +do_install:append() { rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la diff --git a/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb b/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb index 0a8c2e483..00cca53b5 100644 --- a/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/keyutils/keyutils_1.6.1.bb @@ -40,7 +40,7 @@ do_install () { oe_runmake DESTDIR=${D} install } -do_install_append_class-nativesdk() { +do_install:append:class-nativesdk() { install -d ${D}${datadir} src_dir="${D}${target_datadir}" mv $src_dir/* ${D}${datadir} @@ -58,8 +58,8 @@ do_install_ptest () { } -RDEPENDS_${PN}-ptest += "lsb-release" -RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-utils" -RDEPENDS_${PN}-ptest_append_libc-musl = " musl-utils" +RDEPENDS:${PN}-ptest += "lsb-release" +RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-utils" +RDEPENDS:${PN}-ptest:append:libc-musl = " musl-utils" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb b/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb index 17bc40911..c2e3585f9 100644 --- a/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb +++ b/meta-openembedded/meta-oe/recipes-security/nmap/nmap_7.80.bb @@ -49,7 +49,7 @@ do_configure() { oe_runconf } -do_install_append() { +do_install:append() { for f in ndiff uninstall_ndiff; do if [ -f ${D}${bindir}/$f ]; then sed -i 's@^#!.*$@#!/usr/bin/env python3@g' ${D}${bindir}/$f @@ -57,6 +57,6 @@ do_install_append() { done } -FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" +FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}/ncat" -RDEPENDS_${PN} += "python3-core" +RDEPENDS:${PN} += "python3-core" diff --git a/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb b/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb index dd302506d..b148fdcb5 100644 --- a/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/passwdqc/passwdqc_1.3.1.bb @@ -35,7 +35,7 @@ SRC_URI[sha256sum] = "d1fedeaf759e8a0f32d28b5811ef11b5a5365154849190f4b7fab670a7 # explicitly define LINUX_PAM in case DISTRO_FEATURES no pam # this package's pam_passwdqc.so needs pam -CFLAGS_append = " -Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM" +CFLAGS:append = " -Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM" # -e is no longer default setting in bitbake.conf EXTRA_OEMAKE = "-e" @@ -58,9 +58,9 @@ do_install() { PROVIDES += "pam-${BPN}" PACKAGES =+ "lib${BPN} pam-${BPN}" -FILES_lib${BPN} = "${base_libdir}/libpasswdqc.so.0" -FILES_pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so" -FILES_${PN}-dbg += "${base_libdir}/security/.debug" +FILES:lib${BPN} = "${base_libdir}/libpasswdqc.so.0" +FILES:pam-${BPN} = "${base_libdir}/security/pam_passwdqc.so" +FILES:${PN}-dbg += "${base_libdir}/security/.debug" -RDEPENDS_${PN} = "lib${BPN} pam-${BPN}" -RDEPENDS_pam-${BPN} = "lib${BPN}" +RDEPENDS:${PN} = "lib${BPN} pam-${BPN}" +RDEPENDS:pam-${BPN} = "lib${BPN}" diff --git a/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb b/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb index aa91ab37f..d7bcd4f03 100644 --- a/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb +++ b/meta-openembedded/meta-oe/recipes-security/softhsm/softhsm_2.6.1.bb @@ -26,5 +26,5 @@ PACKAGECONFIG[botan] = "--with-botan=${STAGING_DIR_HOST}/usr --with-crypto-backe PACKAGECONFIG[migrate] = "--with-migrate" PACKAGECONFIG[pk11] = "--enable-p11-kit --with-p11-kit==${STAGING_DIR_HOST}/usr, --without-p11-kit, p11-kit, p11-kit" -RDEPENDS_${PN} = "sqlite3" +RDEPENDS:${PN} = "sqlite3" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb b/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb index f36277599..4b36dd63e 100644 --- a/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb +++ b/meta-openembedded/meta-oe/recipes-security/tomoyo-tools/tomoyo-tools_2.5.0.bb @@ -14,8 +14,8 @@ S = "${WORKDIR}/${BPN}" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING.tomoyo;md5=751419260aa954499f7abaabaa882bbe" -FILES_${PN} += "${libdir}/tomoyo" -FILES_${PN}-dbg += "${libdir}/tomoyo/.debug" +FILES:${PN} += "${libdir}/tomoyo" +FILES:${PN}-dbg += "${libdir}/tomoyo/.debug" DEPENDS = "linux-libc-headers ncurses" |