summaryrefslogtreecommitdiff
path: root/meta-security
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security')
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb (renamed from meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_164-2020-192.1.bb)6
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch32
-rw-r--r--meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb (renamed from meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb)8
-rw-r--r--meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch51
-rw-r--r--meta-security/recipes-compliance/lynis/lynis_3.1.1.bb (renamed from meta-security/recipes-compliance/lynis/lynis_3.0.9.bb)6
5 files changed, 26 insertions, 77 deletions
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_164-2020-192.1.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb
index 7060a643b8..7ed9569df2 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_164-2020-192.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb
@@ -19,13 +19,13 @@ DEPENDS = "openssl"
SRC_URI = "git://git.code.sf.net/p/ibmswtpm2/tpm2;protocol=https;branch=master \
file://tune-makefile.patch \
"
-SRCREV = "5452af422edeff70fcae8ea99dd28a0922051d7b"
+SRCREV = "c37c74438429e1d5fe465232e7bf894b239a2cd4"
-UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
+UPSTREAM_CHECK_GITTAGREGEX = "rev(?P<pver>\d+(\-\d+)+)"
S = "${WORKDIR}/git/src"
-CFLAGS += "-Wno-error=maybe-uninitialized -DALG_CAMELLIA=ALG_NO"
+CFLAGS += "-Wno-error=maybe-uninitialized"
do_compile () {
make CC='${CC}'
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
index cfda80f41f..46af137f45 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
@@ -1,4 +1,4 @@
-From 26091b7830d84a12308442b238652ee9475d407b Mon Sep 17 00:00:00 2001
+From 68fafb3516b6004d27f882273f934bda3f4714b4 Mon Sep 17 00:00:00 2001
From: Jens Rehsack <sno@netbsd.org>
Date: Fri, 11 Sep 2020 07:46:41 +0200
Subject: [PATCH] utils{,12}/Makefile.am: expand wildcards in prereqs
@@ -15,15 +15,17 @@ Signed-off-by: Jens Rehsack <sno@netbsd.org>
utils12/Makefile.am | 8 ++++-
2 files changed, 79 insertions(+), 4 deletions(-)
-Index: git/utils/Makefile.am
-===================================================================
---- git.orig/utils/Makefile.am
-+++ git/utils/Makefile.am
-@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
+diff --git a/utils/Makefile.am b/utils/Makefile.am
+index 7457269..14689c0 100755
+--- a/utils/Makefile.am
++++ b/utils/Makefile.am
+@@ -93,9 +93,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS) $(EFIBOOT_LIBS)
noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
# install every header in ibmtss
-nobase_include_HEADERS = ibmtss/*.h
+-
+-notrans_man_MANS = man/man1/*.1
+nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
+ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
+ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
@@ -63,8 +65,7 @@ Index: git/utils/Makefile.am
+ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
+ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
+ ibmtss/ZGen_2Phase_fp.h
-
--notrans_man_MANS = man/man1/*.1
++
+notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
+ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
+ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
@@ -100,11 +101,11 @@ Index: git/utils/Makefile.am
if CONFIG_TPM20
noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
-Index: git/utils12/Makefile.am
-===================================================================
---- git.orig/utils12/Makefile.am
-+++ git/utils12/Makefile.am
-@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
+diff --git a/utils12/Makefile.am b/utils12/Makefile.am
+index 031d0de..02f4e21 100644
+--- a/utils12/Makefile.am
++++ b/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
# result: [current-age].age.revision
libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
@@ -118,4 +119,7 @@ Index: git/utils12/Makefile.am
+ man/man1/tss1sign.1 man/man1/tss1startup.1 man/man1/tss1takeownership.1 man/man1/tss1tpminit.1
noinst_HEADERS = ekutils12.h
- bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
+ if !CONFIG_TSS_NOPRINT
+--
+2.25.1
+
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb
index 2daca5a280..8e941d118e 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb
@@ -17,14 +17,12 @@ DEPENDS = "openssl ibmswtpm2"
inherit autotools pkgconfig
-SRCREV = "c4e131e34ec0ed09411aa3bc76f76129ef881573"
SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
- "
+ "
+SRCREV = "0b9d77e304f68228b13b20ff0d72b0c16ffd2651"
-UPSTREAM_CHECK_COMMITS = "1"
-UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
-UPSTREAM_CHECK_GITTAGREGEX = "rev.*)"
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
EXTRA_OECONF = "--disable-tpm-1.2"
diff --git a/meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch b/meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch
deleted file mode 100644
index d365ec11b8..0000000000
--- a/meta-security/recipes-compliance/lynis/files/0001-osdetection-add-OpenEmbedded-and-Poky.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 4b1de197ee0dd259cc05d5faf7fd38b580d841d2 Mon Sep 17 00:00:00 2001
-From: Armin Kuster <akuster808@gmail.com>
-Date: Tue, 2 May 2023 16:22:13 -0400
-Subject: [PATCH] osdetection: add OpenEmbedded and Poky
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Upstream-Status: Pending
-https://github.com/CISOfy/lynis/pull/1390
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
----
- include/osdetection | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/include/osdetection b/include/osdetection
-index 989b1b3..e5974e5 100644
---- a/include/osdetection
-+++ b/include/osdetection
-@@ -308,6 +308,12 @@
- OS_REDHAT_OR_CLONE=1
- OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
- ;;
-+ "nodistro")
-+ LINUX_VERSION="openembedded"
-+ OS_NAME="OpenEmbedded"
-+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
-+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
-+ ;;
- "opensuse-tumbleweed")
- LINUX_VERSION="openSUSE Tumbleweed"
- # It's rolling release but has a snapshot version (the date of the snapshot)
-@@ -330,6 +336,14 @@
- OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
- OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
- ;;
-+ "poky")
-+ LINUX_VERSION="Poky"
-+ OS_NAME="openembedded"
-+ LINUX_VERSION_LIKE="openembedded"
-+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
-+ OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
-+
-+ ;;
- "pop")
- LINUX_VERSION="Pop!_OS"
- LINUX_VERSION_LIKE="Ubuntu"
---
-2.25.1
-
diff --git a/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb b/meta-security/recipes-compliance/lynis/lynis_3.1.1.bb
index b8b97a53a1..b69f4dfd6d 100644
--- a/meta-security/recipes-compliance/lynis/lynis_3.0.9.bb
+++ b/meta-security/recipes-compliance/lynis/lynis_3.1.1.bb
@@ -6,11 +6,9 @@ HOMEDIR = "https://cisofy.com/"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1"
-SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz \
- file://0001-osdetection-add-OpenEmbedded-and-Poky.patch \
- "
+SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "f394df7d20391fb76e975ae88f3eba1da05ac9c4945e2c7f709326e185e17025"
+SRC_URI[sha256sum] = "d72f4ee7325816bb8dbfcf31eb104207b9fe58a2493c2a875373746a71284cc3"
#UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis"
generated by cgit v1.2.3 (git 2.39.0) at 2025-09-15 18:40:48 +0300