reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb b/meta-security/recipes-security/AppArmor/apparmor_2.12.bb
similarity index 95%
rename from meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb
rename to meta-security/recipes-security/AppArmor/apparmor_2.12.bb
index fc9b614..e3f8dc9 100644
--- a/meta-security/recipes-security/AppArmor/apparmor_2.11.0.bb
+++ b/meta-security/recipes-security/AppArmor/apparmor_2.12.bb
@@ -21,11 +21,11 @@
file://functions \
file://apparmor \
file://apparmor.service \
- file://run-ptest \
+ file://run-ptest \
"
-SRC_URI[md5sum] = "899fd834dc5c8ebf2d52b97e4a174af7"
-SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a"
+SRC_URI[md5sum] = "49054f58042f8e51ea92cc866575a833"
+SRC_URI[sha256sum] = "8a2b0cd083faa4d0640f579024be3a629faa7db3b99540798a1a050e2eaba056"
PARALLEL_MAKE = ""
@@ -46,7 +46,7 @@
python() {
if 'apache2' in d.getVar('PACKAGECONFIG').split() and \
- 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split():
+ 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split():
raise bb.parse.SkipRecipe('Requires meta-webserver to be present.')
}
diff --git a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb
similarity index 77%
rename from meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb
rename to meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb
index 4df072e..d739227 100644
--- a/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.2.bb
+++ b/meta-security/recipes-security/aircrack-ng/aircrack-ng_1.3.bb
@@ -6,17 +6,14 @@
LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=1fbd81241fe252ec0f5658a521ab7dd8"
DEPENDS = "libnl openssl sqlite3 libpcre libpcap"
-RC = "rc2"
-SRC_URI = "http://download.aircrack-ng.org/${BP}-${RC}.tar.gz \
- file://fixup_cflags.patch"
-SRC_URI[md5sum] = "ebe9d537f06f4d6956213af09c4476da"
-SRC_URI[sha256sum] = "ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9"
+SRC_URI = "http://download.aircrack-ng.org/${BP}.tar.gz"
+
+SRC_URI[md5sum] = "c7c5b076dee0c25ee580b0f56f455623"
+SRC_URI[sha256sum] = "8ae08a7c28741f6ace2769267112053366550e7f746477081188ad38410383ca"
inherit autotools-brokensep pkgconfig
-S = "${WORKDIR}/${BP}-rc2"
-
PACKAGECONFIG ?= ""
CFLAGS += " -I${S}/src/include"
diff --git a/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch b/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch
deleted file mode 100644
index e13dd24..0000000
--- a/meta-security/recipes-security/aircrack-ng/files/fixup_cflags.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Upstream Status: Iinappropriate
-
-Issues do to build env.
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: aircrack-ng-1.2-rc2/src/Makefile
-===================================================================
---- aircrack-ng-1.2-rc2.orig/src/Makefile
-+++ aircrack-ng-1.2-rc2/src/Makefile
-@@ -3,8 +3,6 @@ include $(AC_ROOT)/common.mak
-
- TEST_DIR = $(AC_ROOT)/test
-
--CFLAGS += -Iinclude
--
- iCC = $(shell find /opt/intel/cc/*/bin/icc)
- iCFLAGS = -w -mcpu=pentiumpro -march=pentiumpro $(COMMON_CFLAGS)
- iOPTFLAGS = -O3 -ip -ipo -D_FILE_OFFSET_BITS=64
-@@ -102,7 +100,7 @@ endif
-
-
- ifeq ($(subst TRUE,true,$(filter TRUE true,$(sqlite) $(SQLITE))),true)
-- LIBSQL = -L/usr/local/lib -lsqlite3
-+ LIBSQL = -lsqlite3
- else
- LIBSQL =
- endif
diff --git a/meta-security/recipes-security/bastille/bastille_3.2.1.bb b/meta-security/recipes-security/bastille/bastille_3.2.1.bb
index eee1a38..152c03a 100644
--- a/meta-security/recipes-security/bastille/bastille_3.2.1.bb
+++ b/meta-security/recipes-security/bastille/bastille_3.2.1.bb
@@ -9,7 +9,7 @@
RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils"
FILES_${PN} += "/run/lock/subsys/bastille"
-inherit allarch module-base
+inherit module-base
SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \
file://AccountPermission.pm \
diff --git a/meta-security/recipes-security/clamav/clamav_0.99.3.bb b/meta-security/recipes-security/clamav/clamav_0.99.4.bb
similarity index 98%
rename from meta-security/recipes-security/clamav/clamav_0.99.3.bb
rename to meta-security/recipes-security/clamav/clamav_0.99.4.bb
index 688250d..8c2c2fa 100644
--- a/meta-security/recipes-security/clamav/clamav_0.99.3.bb
+++ b/meta-security/recipes-security/clamav/clamav_0.99.4.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
-SRCREV = "224f73461a44e278e9fa50ba59f51ee5e64373e0"
+SRCREV = "b66e5e27b48c0a07494f9df9b809ed933cede047"
SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.99 \
file://clamd.conf \
diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index f55b0c3..1f780f9 100644
--- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -29,6 +29,7 @@
--libdir=${base_libdir} \
--disable-pywrap \
--disable-nls \
+ --with-pamdir=${base_libdir}/security \
"
PACKAGECONFIG ??= "nss \
@@ -43,12 +44,16 @@
export NSS_LIBS="-L${STAGING_BASELIBDIR} -lssl3 -lsmime3 -lnss3 -lsoftokn3 -lnssutil3"
export KEYUTILS_CFLAGS="-I${STAGING_INCDIR}"
export KEYUTILS_LIBS="-L${STAGING_LIBDIR} -lkeyutils"
+ sed -i -e "s;rootsbindir=\"/sbin\";rootsbindir=\"\${base_sbindir}\";g" ${S}/configure.ac
}
do_install_append() {
chmod 4755 ${D}${base_sbindir}/mount.ecryptfs_private
- mkdir -p ${D}/${libdir}
- mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir}
+ # ${base_libdir} is identical to ${libdir} when usrmerge enabled
+ if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then
+ mkdir -p ${D}/${libdir}
+ mv ${D}/${base_libdir}/pkgconfig ${D}/${libdir}
+ fi
sed -i -e 's:-I${STAGING_INCDIR}::' \
-e 's:-L${STAGING_LIBDIR}::' ${D}/${libdir}/pkgconfig/libecryptfs.pc
sed -i -e "s: ${base_sbindir}/cryptsetup: ${sbindir}/cryptsetup:" ${D}${bindir}/ecryptfs-setup-swap
diff --git a/meta-security/recipes-security/fail2ban/files/run-ptest b/meta-security/recipes-security/fail2ban/files/run-ptest
new file mode 100644
index 0000000..9f6aebe
--- /dev/null
+++ b/meta-security/recipes-security/fail2ban/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+##PYTHON## fail2ban-testcases
diff --git a/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb b/meta-security/recipes-security/fail2ban/python-fail2ban.inc
similarity index 68%
rename from meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb
rename to meta-security/recipes-security/fail2ban/python-fail2ban.inc
index 7e2deba..9245f17 100644
--- a/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb
+++ b/meta-security/recipes-security/fail2ban/python-fail2ban.inc
@@ -9,14 +9,15 @@
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
-SRCREV ="a45488465e0dd547eb8479c0fa9fd577c1837213"
+SRCREV ="ac0d441fd68852ffda7b15c71f16b7f4fde1a7ee"
SRC_URI = " \
- git://github.com/fail2ban/fail2ban.git;branch=0.10 \
+ git://github.com/fail2ban/fail2ban.git;branch=0.11 \
file://initd \
- file://fail2ban_setup.py \
+ file://fail2ban_setup.py \
+ file://run-ptest \
"
-inherit update-rc.d setuptools
+inherit update-rc.d ptest
S = "${WORKDIR}/git"
@@ -32,10 +33,17 @@
install -d ${D}/${sysconfdir}/fail2ban
install -d ${D}/${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+ chown -R root:root ${D}/${bindir}
+}
+
+do_install_ptest_append () {
+ install -d ${D}${PTEST_PATH}
+ sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
+ install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH}
}
FILES_${PN} += "/run"
INSANE_SKIP_${PN}_append = "already-stripped"
-RDEPENDS_${PN} = "sysklogd iptables sqlite3 python python-pyinotify"
+RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify"
diff --git a/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb
new file mode 100644
index 0000000..17a7dd8
--- /dev/null
+++ b/meta-security/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb
@@ -0,0 +1,4 @@
+inherit setuptools
+require python-fail2ban.inc
+
+RDEPENDS_${PN}-ptest = "python python-modules python-fail2ban"
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb
new file mode 100644
index 0000000..5c887e8
--- /dev/null
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb
@@ -0,0 +1,4 @@
+inherit setuptools3
+require python-fail2ban.inc
+
+RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
index 4f0b12c..8847a0f 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
@@ -9,7 +9,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRCREV = "e4c4d0984dee2531897e13c32a18d5e54a2a4aa6"
+SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5"
SRC_URI = "git://github.com/google/fscryptctl.git"
S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-security/images/security-build-image.bb b/meta-security/recipes-security/images/security-build-image.bb
index 1a7af86..a8757f9 100644
--- a/meta-security/recipes-security/images/security-build-image.bb
+++ b/meta-security/recipes-security/images/security-build-image.bb
@@ -6,9 +6,7 @@
packagegroup-base \
packagegroup-core-boot \
packagegroup-core-security \
- os-release \
- ${@bb.utils.contains("DISTRO_FEATURES", "x11", "packagegroup-xfce-base", "", d)} \
- ${CORE_IMAGE_EXTRA_INSTALL}"
+ os-release"
IMAGE_LINGUAS ?= " "
diff --git a/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch b/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch
deleted file mode 100644
index af3ef42..0000000
--- a/meta-security/recipes-security/keynote/keynote-2.3/configure-remove-hardcode-path.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Remove the hardcoded lib and include dirs
-
-Upstream-Status: Inappropriate [cross compile specific]
-
-written by: Amy Fong <amy.fong@windriver.com>
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
---- keynote-2.3/configure.in.orig 2010-05-24 04:44:16.000000000 -0700
-+++ keynote-2.3/configure.in 2010-05-24 04:44:55.000000000 -0700
-@@ -21,27 +21,16 @@
- AC_PATH_PROG(ECHO, echo, /bin/echo)
- AC_PATH_PROG(SED, sed, /usr/bin/sed)
-
--dnl Checks for libraries.
--LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
-- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
--
- AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm")
- AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref")
- AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto")
- AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
-
--dnl Checks for header files.
--CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
-- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
-- -I/usr/local/openssl/include -I/pkg/include"
--
- AC_HEADER_STDC
- AC_HEADER_TIME
- AC_CHECK_HEADERS(fcntl.h limits.h unistd.h regex.h sys/time.h io.h)
- AC_CHECK_HEADERS(ssl/crypto.h openssl/crypto.h crypto.h memory.h)
-
--dnl Checks for other files
--
- dnl Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
- AC_CHECK_TYPE(u_int, unsigned int)
diff --git a/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch b/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch
deleted file mode 100644
index 80d87cf..0000000
--- a/meta-security/recipes-security/keynote/keynote-2.3/makefile-add-ldflags.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Add LDFLAGS variable to Makefile so that extra linker flags can be sent via this variable.
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
-
-diff --git a/Makefile.in b/Makefile.in
-index b216648..42b4827 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -35,6 +35,7 @@ MKDIR = @MKDIR@
- SED = @SED@
- ECHO = @ECHO@
- TR = @TR@
-+LDFLAGS = @LDFLAGS@
-
- TARFLAGS = -cvzf ${DISTFILE}
- YACCFLAGS2 = -d -p kv -b z
-@@ -83,7 +84,7 @@ $(TARGET): $(OBJS)
- $(RANLIB) $(TARGET)
-
- $(TARGET2): $(TARGET) $(OBJS2)
-- $(CC) $(CFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS)
-+ $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET2) $(OBJS2) $(LIBS)
-
- k.tab.c: keynote.y header.h keynote.h assertion.h config.h
- $(YACC) $(YACCFLAGS) keynote.y
-@@ -131,7 +132,7 @@ $(SSLCERT) $(SSLKEY):
- -keyout $(SSLKEY)
-
- test-sample: all $(OBJS3)
-- $(CC) $(CFLAGS) -o $(TARGET3) $(OBJS3) $(LIBS)
-+ $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET3) $(OBJS3) $(LIBS)
-
- test-sig: all $(SSLCERT) $(SSLKEY)
- $(SED) -e 's/--.*//' < $(SSLCERT) > $(SSLCERT).1
diff --git a/meta-security/recipes-security/keynote/keynote-2.3/run-ptest b/meta-security/recipes-security/keynote/keynote-2.3/run-ptest
deleted file mode 100644
index 4dc35c9..0000000
--- a/meta-security/recipes-security/keynote/keynote-2.3/run-ptest
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-cd @PTEST_PATH@
-keynote verify -e testsuite/test-env \
- -r false,maybe,probably,true \
- -k testsuite/auth1 -k testsuite/auth2 \
- -k testsuite/auth3 -k testsuite/auth4 \
- -l testsuite/test-assertion1 \
- -l testsuite/test-assertion2 \
- -l testsuite/test-assertion3 \
- -l testsuite/test-assertion4 \
- -l testsuite/test-assertion5 \
- -l testsuite/test-assertion6 \
- -l testsuite/test-assertion7 \
- && echo "PASS: keynote-ptest" \
- || echo "FAIL: keynote-ptest"
diff --git a/meta-security/recipes-security/keynote/keynote_2.3.bb b/meta-security/recipes-security/keynote/keynote_2.3.bb
deleted file mode 100644
index e692485..0000000
--- a/meta-security/recipes-security/keynote/keynote_2.3.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-SUMMARY = "Keynote tool and library"
-DESCRIPTION = "KeyNote is a simple and flexible trust-management \
- system designed to work well for a variety of large- and small- \
- scale Internet-based applications. \
-"
-HOMEPAGE = "http://www.cs.columbia.edu/~angelos/keynote.html"
-SECTION = "security"
-
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3a265095c549c1808686a676f2699c98"
-
-MAIN_ID = "${@d.getVar('PV').split('.')[0]}"
-MINOR_ID = "${@d.getVar('PV').split('.')[1]}"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}-${MAIN_ID}-${MINOR_ID}/${BPN}_${PV}.tar.gz \
- file://configure-remove-hardcode-path.patch \
- file://makefile-add-ldflags.patch \
- file://run-ptest \
-"
-S = "${WORKDIR}/${BPN}-${PV}+dfsg.orig"
-
-inherit autotools-brokensep ptest
-
-SRC_URI[md5sum] = "a14553e6ad921b5c85026ce5bec3afe7"
-SRC_URI[sha256sum] = "38d2acfa1c3630a07adcb5c8fe92d2aef7f0e6d242b8998b2bbb1c6e4c408d46"
-
-DEPENDS = "flex openssl"
-
-EXTRA_OEMAKE += "test-sample -j1"
-
-do_install() {
- install -D -m 0755 ${S}/keynote ${D}${bindir}/keynote
- install -D -m 0644 ${S}/libkeynote.a ${D}${libdir}/libkeynote.a
- install -D -m 0644 ${S}/keynote.h ${D}${includedir}/keynote.h
-}
-
-do_install_ptest() {
- install -D -m 0755 ${S}/sample-app ${D}${PTEST_PATH}
- cp -r ${S}/testsuite ${D}${PTEST_PATH}
- sed -i 's|@PTEST_PATH@|${PTEST_PATH}|' ${D}${PTEST_PATH}/run-ptest
-}
diff --git a/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb b/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb
index 2ead8fa..a4222b9 100644
--- a/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb
+++ b/meta-security/recipes-security/keyutils/keyutils_1.5.10.bb
@@ -27,6 +27,8 @@
EXTRA_OEMAKE = "'CFLAGS=${CFLAGS} -Wall' \
NO_ARLIB=1 \
+ BINDIR=${base_bindir} \
+ SBINDIR=${base_sbindir} \
LIBDIR=${base_libdir} \
USRLIBDIR=${base_libdir} \
BUILDFOR=${SITEINFO_BITS}-bit \
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb
index 8d58163..9c66db6 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.3.3.bb
@@ -35,8 +35,7 @@
done
}
-FILES_${PN} = "${bindir} ${libdir}/${PN}.so*"
+FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
-RDEPENDS_${PN} = "bash"
RDEPENDS_${PN}-ptest = "bash"
diff --git a/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch b/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch
deleted file mode 100644
index 356b507..0000000
--- a/meta-security/recipes-security/nmap/files/nmap-redefine-the-python-library-dir.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-[PATCH] redefine the python library install dir
-
-Upstream-Status: Pending
-
-If install-lib is not defined, it is always /usr/lib/, but it
-maybe /usr/lib64 for multilib
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
----
- Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 1bb062c..cced2fb 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -311,7 +311,7 @@ build-zenmap: $(ZENMAPDIR)/setup.py $(ZENMAPDIR)/zenmapCore/Version.py
-
- install-zenmap: $(ZENMAPDIR)/setup.py
- $(INSTALL) -d $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
-- cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --force $(if $(DESTDIR),--root "$(DESTDIR)")
-+ cd $(ZENMAPDIR) && $(PYTHON) setup.py --quiet install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --force $(if $(DESTDIR),--root "$(DESTDIR)")
- $(INSTALL) -c -m 644 docs/zenmap.1 $(DESTDIR)$(mandir)/man1/
- # Create a symlink from nmapfe to zenmap if nmapfe doesn't exist or is
- # already a link.
-@@ -328,7 +328,7 @@ build-nping: $(NPINGDIR)/Makefile nbase_build nsock_build netutil_build $(NPINGD
- @cd $(NPINGDIR) && $(MAKE)
-
- install-ndiff:
-- cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" $(if $(DESTDIR),--root "$(DESTDIR)")
-+ cd $(NDIFFDIR) && $(PYTHON) setup.py install --prefix "$(prefix)" --install-lib="${PYTHON_SITEPACKAGES_DIR}" $(if $(DESTDIR),--root "$(DESTDIR)")
-
- NSE_FILES = scripts/script.db scripts/*.nse
- NSE_LIB_LUA_FILES = nselib/*.lua nselib/*.luadoc
---
-1.9.1
-
diff --git a/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch b/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch
deleted file mode 100644
index cfe043a..0000000
--- a/meta-security/recipes-security/nmap/files/nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-[PATCH] replace "./shtool mkdir" with coreutils mkdir command
-
-Upstream-Status: Pending
-
-"./shtool mkdir" is used when mkdir has not -p parameter, but mkdir in today
-most release has supportted the -p parameter, not need to use shtool, and it
-can not fix the race if two process are running mkdir to create same dir
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
----
- ncat/Makefile.in | 4 ++--
- nmap-update/Makefile.in | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ncat/Makefile.in b/ncat/Makefile.in
-index cfd306d..2166e08 100644
---- a/ncat/Makefile.in
-+++ b/ncat/Makefile.in
-@@ -163,11 +163,11 @@ $(NSOCKDIR)/libnsock.a: $(NSOCKDIR)/Makefile
-
- install: $(TARGET)
- @echo Installing Ncat;
-- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
-+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
- $(INSTALL) -c -m 755 ncat $(DESTDIR)$(bindir)/ncat
- $(STRIP) -x $(DESTDIR)$(bindir)/ncat
- if [ -n "$(DATAFILES)" ]; then \
-- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(pkgdatadir); \
-+ mkdir -p -m 755 $(DESTDIR)$(pkgdatadir); \
- $(INSTALL) -c -m 644 $(DATAFILES) $(DESTDIR)$(pkgdatadir)/; \
- fi
- $(INSTALL) -c -m 644 docs/$(TARGET).1 $(DESTDIR)$(mandir)/man1/$(TARGET).1
-diff --git a/nmap-update/Makefile.in b/nmap-update/Makefile.in
-index 89ff928..93f48d8 100644
---- a/nmap-update/Makefile.in
-+++ b/nmap-update/Makefile.in
-@@ -37,7 +37,7 @@ $(NBASELIB):
- cd $(NBASEDIR) && $(MAKE)
-
- install: nmap-update
-- $(SHTOOL) mkdir -f -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
-+ mkdir -p -m 755 $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
- $(INSTALL) -c -m 755 nmap-update $(DESTDIR)$(bindir)
- $(STRIP) -x $(DESTDIR)$(bindir)/nmap-update
- $(INSTALL) -c -m 644 ../docs/nmap-update.1 $(DESTDIR)$(mandir)/man1/
---
-1.9.1
-
diff --git a/meta-security/recipes-security/nmap/nmap_7.60.bb b/meta-security/recipes-security/nmap/nmap_7.60.bb
deleted file mode 100644
index a6616eb..0000000
--- a/meta-security/recipes-security/nmap/nmap_7.60.bb
+++ /dev/null
@@ -1,54 +0,0 @@
-SUMMARY = "network auditing tool"
-DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing.\nGui support via appending to IMAGE_FEATURES x11-base in local.conf"
-SECTION = "security"
-LICENSE = "GPL-2.0"
-
-LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=700c690f4ca6b1754f3f1db8645e42d9"
-
-SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
- file://nmap-redefine-the-python-library-dir.patch \
- file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \
-"
-
-SRC_URI[md5sum] = "4e454266559ddf2c4e2109866c62560c"
-SRC_URI[sha256sum] = "a8796ecc4fa6c38aad6139d9515dc8113023a82e9d787e5a5fb5fa1b05516f21"
-
-inherit autotools-brokensep pkgconfig pythonnative distro_features_check
-
-PACKAGECONFIG ?= "ncat nping ndiff pcap"
-PACKAGECONFIG += " ${@bb.utils.contains('IMAGE_FEATURES', 'x11-base', 'zenmap', '', d)}"
-
-PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap"
-PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpre"
-PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl"
-PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2"
-PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib"
-
-#disable/enable packages
-PACKAGECONFIG[nping] = ",--without-nping,"
-PACKAGECONFIG[ncat] = ",--without-ncat,"
-PACKAGECONFIG[ndiff] = ",--without-ndiff,python"
-PACKAGECONFIG[update] = ",--without-nmap-update,"
-
-#Add gui
-PACKAGECONFIG[zenmap] = "--with-zenmap, --without-zenmap, gtk+ python-core python-codecs python-io python-logging python-unittest python-xml python-netclient python-doctest python-subprocess python-pygtk, python-core python-codecs python-io python-logging python-netclient python-xml python-unittest python-doctest python-subprocess python-pygtk gtk+"
-
-EXTRA_OECONF = "--with-libdnet=included --with-liblinear=included --without-subversion --with-liblua=included"
-
-export PYTHON_SITEPACKAGES_DIR
-
-do_configure() {
- # strip hard coded python2#
- sed -i -e 's=python2\.*=python=g' ${S}/configure.ac
- sed -i -e 's=python2\.*=python=g' ${S}/configure
- autoconf
- oe_runconf
-}
-
-PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'zenmap', '${PN}-zenmap', '', d)}"
-
-FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
-FILES_${PN}-zenmap = "${@bb.utils.contains("PACKAGECONFIG", "zenmap", "${bindir}/*zenmap ${bindir}/xnmap ${datadir}/applications/* ${bindir}/nmapfe ${datadir}/zenmap/* ${PYTHON_SITEPACKAGES_DIR}/radialnet/* ${PYTHON_SITEPACKAGES_DIR}/zenmap*", "", d)}"
-
-RDEPENDS_${PN} = "python"
-RDEPENDS_${PN}-zenmap = "nmap"
diff --git a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb
index 6682d29..e847847 100644
--- a/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/meta-security/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -12,6 +12,7 @@
packagegroup-security-ids \
packagegroup-security-mac \
${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \
"
RDEPENDS_packagegroup-core-security = "\
@@ -20,6 +21,7 @@
packagegroup-security-ids \
packagegroup-security-mac \
${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "ptest", "packagegroup-security-ptest", "", d)} \
"
SUMMARY_packagegroup-security-utils = "Security utilities"
@@ -27,7 +29,11 @@
checksec \
nmap \
pinentry \
- scapy \
+ python-scapy \
+ ding-libs \
+ xmlsec1 \
+ keyutils \
+ libseccomp \
${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \
"
@@ -52,13 +58,28 @@
SUMMARY_packagegroup-security-ids = "Security Intrusion Detection systems"
RDEPENDS_packagegroup-security-ids = " \
tripwire \
- samhain-client \
+ samhain-standalone \
suricata \
"
SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems"
RDEPENDS_packagegroup-security-mac = " \
${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \
- ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "", "",d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor", "",d)} \
${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack", "",d)} \
"
+
+SUMMARY_packagegroup-security-ptest = "Security packages with ptests"
+RDEPENDS_packagegroup-security-ptest = " \
+ samhain-standalone-ptest \
+ xmlsec1-ptest \
+ keyutils-ptest \
+ libseccomp-ptest \
+ python-scapy-ptest \
+ suricata-ptest \
+ tripwire-ptest \
+ python3-fail2ban-ptest \
+ ${@bb.utils.contains("DISTRO_FEATURES", "apparmor", "apparmor-ptest", "",d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "smack", "smack-ptest", "",d)} \
+ ptest-runner \
+ "
diff --git a/meta-security/recipes-security/samhain/samhain-client_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-client_4.3.0.bb
similarity index 100%
rename from meta-security/recipes-security/samhain/samhain-client_4.2.2.bb
rename to meta-security/recipes-security/samhain/samhain-client_4.3.0.bb
diff --git a/meta-security/recipes-security/samhain/samhain-server_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-server_4.3.0.bb
similarity index 100%
rename from meta-security/recipes-security/samhain/samhain-server_4.2.2.bb
rename to meta-security/recipes-security/samhain/samhain-server_4.3.0.bb
diff --git a/meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb b/meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb
similarity index 100%
rename from meta-security/recipes-security/samhain/samhain-standalone_4.2.2.bb
rename to meta-security/recipes-security/samhain/samhain-standalone_4.3.0.bb
diff --git a/meta-security/recipes-security/samhain/samhain.inc b/meta-security/recipes-security/samhain/samhain.inc
index db96264..944bf0d 100644
--- a/meta-security/recipes-security/samhain/samhain.inc
+++ b/meta-security/recipes-security/samhain/samhain.inc
@@ -19,8 +19,11 @@
file://samhain.service \
"
-SRC_URI[md5sum] = "f499d5d06bfd1d787073a45bf28dd60f"
-SRC_URI[sha256sum] = "0f3e64afb3f00064c9b136d34a72d580cd41248c5941eba0452f364a109003c7"
+SRC_URI[md5sum] = "a00e99375675fc6e50cca3e208f5207e"
+SRC_URI[sha256sum] = "8551dc3b0851889a2b979097e9c02309b40d48b4659f02efe7fe525ce8361a0d"
+
+UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
+UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"
S = "${WORKDIR}/samhain-${PV}"
diff --git a/meta-security/recipes-security/scapy/scapy/run-ptest b/meta-security/recipes-security/scapy/files/run-ptest
similarity index 100%
rename from meta-security/recipes-security/scapy/scapy/run-ptest
rename to meta-security/recipes-security/scapy/files/run-ptest
diff --git a/meta-security/recipes-security/scapy/scapy_2.3.3.bb b/meta-security/recipes-security/scapy/python-scapy.inc
similarity index 66%
rename from meta-security/recipes-security/scapy/scapy_2.3.3.bb
rename to meta-security/recipes-security/scapy/python-scapy.inc
index 1c8685b..5abe7db 100644
--- a/meta-security/recipes-security/scapy/scapy_2.3.3.bb
+++ b/meta-security/recipes-security/scapy/python-scapy.inc
@@ -5,20 +5,16 @@
LIC_FILES_CHKSUM = "file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69"
-SRC_URI = "https://github.com/secdev/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \
- file://run-ptest \
-"
+SRC_URI[md5sum] = "d7d3c4294f5a718e234775d38dbeb7ec"
+SRC_URI[sha256sum] = "452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73"
-SRC_URI[md5sum] = "336d6832110efcf79ad30c9856ef5842"
-SRC_URI[sha256sum] = "67642cf7b806e02daeddd588577588caebddc3426db7904e7999a0b0334a63b5"
-
-inherit setuptools ptest
+inherit pypi ptest
do_install_ptest() {
install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH}
sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest
}
-RDEPENDS_${PN} = "tcpdump python-subprocess python-compression python-netclient \
- python-netserver python-pydoc python-pkgutil python-shell \
- python-threading python-numbers python-pycrypto"
+RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-netclient \
+ ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \
+ ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto"
diff --git a/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb b/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb
new file mode 100644
index 0000000..98db1fd
--- /dev/null
+++ b/meta-security/recipes-security/scapy/python-scapy_2.4.0.bb
@@ -0,0 +1,6 @@
+inherit setuptools
+require python-scapy.inc
+
+SRC_URI += "file://run-ptest"
+
+RDEPENDS_${PN} += "${PYTHON_PN}-subprocess"
diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb
new file mode 100644
index 0000000..93ca7be
--- /dev/null
+++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.0.bb
@@ -0,0 +1,4 @@
+inherit setuptools3
+require python-scapy.inc
+
+SRC_URI += "file://run-ptest"
diff --git a/meta-security/recipes-security/sssd/sssd_1.16.0.bb b/meta-security/recipes-security/sssd/sssd_1.16.3.bb
similarity index 93%
rename from meta-security/recipes-security/sssd/sssd_1.16.0.bb
rename to meta-security/recipes-security/sssd/sssd_1.16.3.bb
index ff5b618..8f7f805 100644
--- a/meta-security/recipes-security/sssd/sssd_1.16.0.bb
+++ b/meta-security/recipes-security/sssd/sssd_1.16.3.bb
@@ -1,6 +1,6 @@
SUMMARY = "system security services daemon"
DESCRIPTION = "SSSD is a system security services daemon"
-HOMEPAGE = "https://fedorahosted.org/sssd/"
+HOMEPAGE = "https://pagure.io/SSSD/sssd/"
SECTION = "base"
LICENSE = "GPLv3+"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
@@ -11,8 +11,8 @@
SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\
file://sssd.conf "
-SRC_URI[md5sum] = "f721ace2ebfa6744cfea55e3ecd2d82f"
-SRC_URI[sha256sum] = "c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f"
+SRC_URI[md5sum] = "af4288c9d1f9953e3b3b6e0b165a5ece"
+SRC_URI[sha256sum] = "ee5d17a0c663c09819cbab9364085b9e57faeca02406cc30efe14cc0cfc04ec4"
inherit autotools pkgconfig gettext update-rc.d python-dir distro_features_check
diff --git a/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz b/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz
new file mode 100644
index 0000000..aed3754
--- /dev/null
+++ b/meta-security/recipes-security/suricata/files/emerging.rules.tar.gz
Binary files differ
diff --git a/meta-security/recipes-security/suricata/files/run-ptest b/meta-security/recipes-security/suricata/files/run-ptest
new file mode 100644
index 0000000..666ba9c
--- /dev/null
+++ b/meta-security/recipes-security/suricata/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+suricata -u
diff --git a/meta-security/recipes-security/suricata/files/suricata.service b/meta-security/recipes-security/suricata/files/suricata.service
new file mode 100644
index 0000000..a99a76e
--- /dev/null
+++ b/meta-security/recipes-security/suricata/files/suricata.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Suricata IDS/IDP daemon
+After=network.target
+Requires=network.target
+Documentation=man:suricata(8) man:suricatasc(8)
+Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
+
+[Service]
+Type=simple
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+RestrictAddressFamilies=
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
+ExecReload=/bin/kill -HUP $MAINPID
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/meta-security/recipes-security/suricata/files/suricata.yaml b/meta-security/recipes-security/suricata/files/suricata.yaml
index 90417b0..8d06a27 100644
--- a/meta-security/recipes-security/suricata/files/suricata.yaml
+++ b/meta-security/recipes-security/suricata/files/suricata.yaml
@@ -787,7 +787,7 @@
enabled: no
filename: /var/log/suricata.log
- syslog:
- enabled: no
+ enabled: yes
facility: local5
format: "[%i] <%d> -- "
diff --git a/meta-security/recipes-security/suricata/libhtp_0.5.25.bb b/meta-security/recipes-security/suricata/libhtp_0.5.27.bb
similarity index 100%
rename from meta-security/recipes-security/suricata/libhtp_0.5.25.bb
rename to meta-security/recipes-security/suricata/libhtp_0.5.27.bb
diff --git a/meta-security/recipes-security/suricata/suricata.inc b/meta-security/recipes-security/suricata/suricata.inc
index a2d36eb..1f42121 100644
--- a/meta-security/recipes-security/suricata/suricata.inc
+++ b/meta-security/recipes-security/suricata/suricata.inc
@@ -2,8 +2,8 @@
SECTION = "security Monitor/Admin"
LICENSE = "GPLv2"
-VER = "4.0.0"
+VER = "4.0.5"
SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz"
-SRC_URI[md5sum] = "41fb91b4cbc6705b353e4bdd02c3df4b"
-SRC_URI[sha256sum] = "6b8b183a8409829ca92c71854cc1abed45f04ccfb7f14c08211f4edf571fa577"
+SRC_URI[md5sum] = "ea0cb823d6a86568152f75ade6de442f"
+SRC_URI[sha256sum] = "74dacb4359d57fbd3452e384eeeb1dd77b6ae00f02e9994ad5a7b461d5f4c6c2"
diff --git a/meta-security/recipes-security/suricata/suricata_4.0.0.bb b/meta-security/recipes-security/suricata/suricata_4.0.0.bb
deleted file mode 100644
index e163486..0000000
--- a/meta-security/recipes-security/suricata/suricata_4.0.0.bb
+++ /dev/null
@@ -1,60 +0,0 @@
-SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine"
-
-require suricata.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"
-
-SRC_URI += " \
- file://volatiles.03_suricata \
- file://suricata.yaml \
- "
-
-inherit autotools-brokensep pkgconfig python-dir
-
-CFLAGS += "-D_DEFAULT_SOURCE"
-
-CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes "
-
-EXTRA_OECONF += " --disable-debug \
- --enable-non-bundled-htp \
- --disable-gccmarch-native \
- "
-
-PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr"
-PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp,"
-PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ,"
-PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ,"
-PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap ,"
-PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , "
-PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet,"
-PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ,"
-
-PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson"
-PACKAGECONFIG[file] = ",,file, file"
-PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss,"
-PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr,"
-PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python"
-
-export logdir = "${localstatedir}/log"
-
-do_install_append () {
- install -d ${D}${sysconfdir}/suricata
- install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
- install -m 644 classification.config ${D}${sysconfdir}/suricata
- install -m 644 reference.config ${D}${sysconfdir}/suricata
- install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
- install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
-}
-
-pkg_postinst_ontarget_${PN} () {
-if [ -e /etc/init.d/populate-volatile.sh ] ; then
- ${sysconfdir}/init.d/populate-volatile.sh update
-fi
- ${bindir}/suricata -c ${sysconfdir}/suricata.yaml -i eth0
-}
-
-PACKAGES += "${PN}-python"
-FILES_${PN} = "${bindir}/suricata ${sysconfdir}/default ${sysconfdir}/suricata ${logdir}/suricata"
-FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
-
-RDEPENDS_${PN}-python = "python"
diff --git a/meta-security/recipes-security/suricata/suricata_4.0.5.bb b/meta-security/recipes-security/suricata/suricata_4.0.5.bb
new file mode 100644
index 0000000..6c0a109
--- /dev/null
+++ b/meta-security/recipes-security/suricata/suricata_4.0.5.bb
@@ -0,0 +1,96 @@
+SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine"
+
+require suricata.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"
+
+SRC_URI += "file://emerging.rules.tar.gz;name=rules"
+
+SRC_URI += " \
+ file://volatiles.03_suricata \
+ file://suricata.yaml \
+ file://suricata.service \
+ file://run-ptest \
+ "
+
+SRC_URI[rules.md5sum] = "205c5e5b54e489207ed892c03ad75b33"
+SRC_URI[rules.sha256sum] = "4aa81011b246875a57181c6a0569ca887845e366904bcaf0043220f33bd69798"
+
+inherit autotools-brokensep pkgconfig python-dir systemd ptest
+
+CFLAGS += "-D_DEFAULT_SOURCE"
+
+CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes \
+ ac_cv_path_HAVE_WGET=no ac_cv_path_HAVE_CURL=no "
+
+EXTRA_OECONF += " --disable-debug \
+ --enable-non-bundled-htp \
+ --disable-gccmarch-native \
+ "
+
+PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr"
+PACKAGECONFIG_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'unittests', '', d)}"
+
+PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp,"
+PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ,"
+PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ,"
+PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap ,"
+PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , "
+PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet,"
+PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ,"
+PACKAGECONFIG[nfq] = "--enable-nfqueue, --disable-nfqueue,libnetfilter-queue,"
+
+PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson"
+PACKAGECONFIG[file] = ",,file, file"
+PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss,"
+PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr,"
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python, python"
+PACKAGECONFIG[unittests] = "--enable-unittests, --disable-unittests,"
+
+export logdir = "${localstatedir}/log"
+
+do_install_append () {
+
+ install -d ${D}${sysconfdir}/suricata
+
+ oe_runmake install-conf DESTDIR=${D}
+
+ # mimic move of downloaded rules to e_sysconfrulesdir
+ cp -rf ${WORKDIR}/rules ${D}${sysconfdir}/suricata
+
+ oe_runmake install-rules DESTDIR=${D}
+
+ install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
+ install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
+
+ install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
+
+ install -d ${D}${systemd_unitdir}/system
+ sed -e s:/etc:${sysconfdir}:g \
+ -e s:/var/run:/run:g \
+ -e s:/var:${localstatedir}:g \
+ -e s:/usr/bin:${bindir}:g \
+ -e s:/bin/kill:${base_bindir}/kill:g \
+ -e s:/usr/lib:${libdir}:g \
+ ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
+
+ # Remove /var/run as it is created on startup
+ rm -rf ${D}${localstatedir}/run
+
+}
+
+pkg_postinst_ontarget_${PN} () {
+if [ -e /etc/init.d/populate-volatile.sh ] ; then
+ ${sysconfdir}/init.d/populate-volatile.sh update
+fi
+}
+
+SYSTEMD_PACKAGES = "${PN}"
+
+PACKAGES =+ "${PN}-socketcontrol"
+FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
+
+CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
+
+RDEPENDS_${PN}-python = "python"
diff --git a/meta-security/recipes-security/tripwire/files/run-ptest b/meta-security/recipes-security/tripwire/files/run-ptest
new file mode 100644
index 0000000..aedfddc
--- /dev/null
+++ b/meta-security/recipes-security/tripwire/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+./twtest.pl
diff --git a/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb b/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb
index 465960f..59d1f35 100644
--- a/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb
+++ b/meta-security/recipes-security/tripwire/tripwire_2.4.3.6.bb
@@ -16,11 +16,12 @@
file://twcfg.txt \
file://twinstall.sh \
file://twpol-yocto.txt \
+ file://run-ptest \
"
S = "${WORKDIR}/git"
-inherit autotools-brokensep update-rc.d
+inherit autotools-brokensep update-rc.d ptest
INITSCRIPT_NAME = "tripwire"
INITSCRIPT_PARAMS = "start 40 S ."
@@ -58,9 +59,15 @@
install -m 0644 ${WORKDIR}/tripwire.txt ${D}${docdir}/${BPN}
}
+do_install_ptest_append () {
+ install -d ${D}${PTEST_PATH}/tests
+ cp -a ${S}/src/test-harness/* ${D}${PTEST_PATH}
+}
FILES_${PN} += "${libdir} ${docdir}/${PN}/*"
FILES_${PN}-dbg += "${sysconfdir}/${PN}/.debug"
FILES_${PN}-staticdev += "${localstatedir}/lib/${PN}/lib*.a"
+FILES_${PN}-ptest += "${PTEST_PATH}/tests "
RDEPENDS_${PN} += " perl nano msmtp cronie"
+RDEPENDS_${PN}-ptest = " perl lib-perl"
diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch b/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch
index fcc63b3..1cec47f 100644
--- a/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch
+++ b/meta-security/recipes-security/xmlsec1/xmlsec1/change-finding-path-of-nss.patch
@@ -1,4 +1,4 @@
-From 47379747e34f952d31af028c672940ca7859ae3c Mon Sep 17 00:00:00 2001
+From c1c980a95d85bcaf8802524d6148783522b300d7 Mon Sep 17 00:00:00 2001
From: Yulong Pei <Yulong.pei@windriver.com>
Date: Wed, 21 Jul 2010 22:33:43 +0800
Subject: [PATCH] change finding path of nss and nspr
@@ -7,66 +7,61 @@
Signed-off-by: Yulong Pei <Yulong.pei@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
-
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- configure.ac | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
+ configure.ac | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 3278200..6edec7d 100644
+index 951b3eb..1fdeb0f 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -644,7 +644,7 @@ if test "z$NSS_FOUND" = "zno" ; then
+@@ -866,10 +866,10 @@ MOZILLA_MIN_VERSION="1.4"
+ NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
+ NSPR_PACKAGE=mozilla-nspr
+ NSS_PACKAGE=mozilla-nss
+-NSPR_INCLUDE_MARKER="nspr/nspr.h"
++NSPR_INCLUDE_MARKER="nspr.h"
+ NSPR_LIB_MARKER="libnspr4$shrext"
+ NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
+-NSS_INCLUDE_MARKER="nss/nss.h"
++NSS_INCLUDE_MARKER="nss3/nss.h"
+ NSS_LIB_MARKER="libnss3$shrext"
+ NSS_LIBS_LIST="-lnss3 -lsmime3"
- if test "z$with_nspr" != "z" ; then
- NSPR_PREFIX="$with_nspr"
-- NSPR_CFLAGS="-I$with_nspr/include -I$with_nspr/include/nspr"
-+ NSPR_CFLAGS="-I$with_nspr/usr/include -I$with_nspr/usr/include/nspr4"
- if test "z$with_gnu_ld" = "zyes" ; then
- NSPR_LIBS="-Wl,-rpath-link -Wl,$with_nspr/lib -L$with_nspr/lib $NSPR_LIBS_LIST"
- else
-@@ -652,7 +652,7 @@ if test "z$NSS_FOUND" = "zno" ; then
- fi
- NSPR_INCLUDES_FOUND="yes"
- NSPR_LIBS_FOUND="yes"
-- NSPR_PRINIT_H="$with_nspr/include/prinit.h"
-+ NSPR_PRINIT_H="$with_nspr/usr/include/nspr4/prinit.h"
+@@ -898,24 +898,24 @@ fi
+ dnl Priority 1: User specifies the path to installation
+ if test "z$NSPR_FOUND" = "zno" -a "z$with_nspr" != "z" -a "z$with_nspr" != "zyes" ; then
+ AC_MSG_CHECKING(for nspr library installation in "$with_nspr" folder)
+- if test -f "$with_nspr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/lib/$NSPR_LIB_MARKER" ; then
+- NSPR_INCLUDE_PATH="$with_nspr/include"
+- NSPR_LIB_PATH="$with_nspr/lib"
++ if test -f "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" -a -f "$with_nspr/${libdir}/$NSPR_LIB_MARKER" ; then
++ NSPR_INCLUDE_PATH="$with_nspr/usr/include"
++ NSPR_LIB_PATH="$with_nspr/${libdir}"
+ NSPR_FOUND="yes"
+ AC_MSG_RESULT([yes])
else
- for dir in $ac_nss_inc_dir ; do
- if test -f $dir/nspr/prinit.h ; then
-@@ -690,7 +690,7 @@ if test "z$NSS_FOUND" = "zno" ; then
- OLD_CPPFLAGS=$CPPFLAGS
- CPPFLAGS="$NSPR_CFLAGS"
- AC_EGREP_CPP(yes,[
-- #include <prinit.h>
-+ #include <nspr4/prinit.h>
- #if PR_VMAJOR >= 4
- yes
- #endif
-@@ -715,7 +715,7 @@ if test "z$NSS_FOUND" = "zno" ; then
- NSS_NSS_H=""
+- AC_MSG_ERROR([not found: "$with_nspr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/lib/$NSPR_LIB_MARKER" files don't exist), typo?])
++ AC_MSG_ERROR([not found: "$with_nspr/usr/include/$NSPR_INCLUDE_MARKER" and/or "$with_nspr/${libdir}/$NSPR_LIB_MARKER" files don't exist), typo?])
+ fi
+ fi
+ if test "z$NSS_FOUND" = "zno" -a "z$with_nss" != "z" -a "z$with_nss" != "zyes" ; then
+ AC_MSG_CHECKING(for nss library installation in "$with_nss" folder)
+- if test -f "$with_nss/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/lib/$NSS_LIB_MARKER" ; then
+- NSS_INCLUDE_PATH="$with_nss/include"
+- NSS_LIB_PATH="$with_nss/lib"
++ if test -f "$with_nss/usr/include/$NSS_INCLUDE_MARKER" -a -f "$with_nss/${libdir}/$NSS_LIB_MARKER" ; then
++ NSS_INCLUDE_PATH="$with_nss/usr/include/nss3"
++ NSS_LIB_PATH="$with_nss/${libdir}"
+ NSS_FOUND="yes"
+ AC_MSG_RESULT([yes])
+ else
+- AC_MSG_ERROR([not found: "$with_nss/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/lib/$NSS_LIB_MARKER" files don't exist), typo?])
++ AC_MSG_ERROR([not found: "$with_nss/usr/include/$NSS_INCLUDE_MARKER" and/or "$with_nss/${libdir}/$NSS_LIB_MARKER" files don't exist), typo?])
+ fi
+ fi
- if test "z$with_nss" != "z" ; then
-- NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/include -I$with_nss/include/nss"
-+ NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/usr/include -I$with_nss/usr/include/nss3 -I$with_nspr/usr/include/nspr4"
- if test "z$with_gnu_ld" = "zyes" ; then
- NSS_LIBS="$NSS_LIBS -Wl,-rpath-link -Wl,$with_nss/lib -L$with_nss/lib $NSS_LIBS_LIST"
- else
-@@ -723,7 +723,7 @@ if test "z$NSS_FOUND" = "zno" ; then
- fi
- NSS_INCLUDES_FOUND="yes"
- NSS_LIBS_FOUND="yes"
-- NSS_NSS_H="$with_nss/include/nss.h"
-+ NSS_NSS_H="$with_nss/usr/include/nss3/nss.h"
- else
- for dir in $ac_nss_inc_dir ; do
- if test -f $dir/nss/nss.h ; then
-@@ -761,7 +761,7 @@ if test "z$NSS_FOUND" = "zno" ; then
- OLD_CPPFLAGS=$CPPFLAGS
- CPPFLAGS="$NSPR_CFLAGS $NSS_CFLAGS"
- AC_EGREP_CPP(yes,[
-- #include <nss.h>
-+ #include <nss3/nss.h>
- #if NSS_VMAJOR >= 3 && NSS_VMINOR >= 2
- yes
- #endif
+--
+2.7.4
+
diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch b/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch
deleted file mode 100644
index 5f967bb..0000000
--- a/meta-security/recipes-security/xmlsec1/xmlsec1/xmlsec1-fix-a-typo-in-examples-verify3.c.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 1d8ae4b32bd76c19ec238f30eb9b1ee582cbe990 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Fri, 2 Mar 2018 01:10:58 -0800
-Subject: [PATCH] xmlsec1: fix a typo in examples/verify3.c
-
-Upstream-Status: Submitted [https://github.com/lsh123/xmlsec/pull/153]
-
-Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
-
----
- examples/verify3.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/examples/verify3.c b/examples/verify3.c
-index 2d26ae7..68f52ab 100644
---- a/examples/verify3.c
-+++ b/examples/verify3.c
-@@ -1,4 +1,4 @@
--4/**
-+/**
- * XML Security Library example: Verifying a file signed with X509 certificate
- *
- * Verifies a file signed with X509 certificate.
diff --git a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb
similarity index 89%
rename from meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb
rename to meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb
index 341ca08..2dbbf33 100644
--- a/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.25.bb
+++ b/meta-security/recipes-security/xmlsec1/xmlsec1_1.2.26.bb
@@ -17,12 +17,11 @@
file://change-finding-path-of-nss.patch \
file://makefile-ptest.patch \
file://xmlsec1-examples-allow-build-in-separate-dir.patch \
- file://xmlsec1-fix-a-typo-in-examples-verify3.c.patch \
file://run-ptest \
"
-SRC_URI[md5sum] = "dbbef1efc69e61bc4629650205a05b41"
-SRC_URI[sha256sum] = "967ca83edf25ccb5b48a3c4a09ad3405a63365576503bf34290a42de1b92fcd2"
+SRC_URI[md5sum] = "9c4aaf9ff615a73921b9e3bf4988d878"
+SRC_URI[sha256sum] = "8d8276c9c720ca42a3b0023df8b7ae41a2d6c5f9aa8d20ed1672d84cc8982d50"
inherit autotools-brokensep ptest pkgconfig