subtree updates
meta-arm: 025f76a14f..aba9250494:
Anusmita Dutta Mazumder (2):
arm-bsp/linux-yocto: Remove EOL Linux yocto kernel 6.1
arm-bsp/n1sdp: update to linux yocto kernel 6.6
Bence Balogh (1):
arm-bsp/trusted-firmware-m: disable libmetal doc generation
Drew Reed (5):
meta-arm: Support firmware building under a multiconfig
bsp,ci: Build Corstone-1000 firmware under multiconfig
bsp: Restore the ability to build firmware only
ci: Add back testing of firmware only builds
ci: Ensure tests are in the Corstone-1000 flash image
meta-raspberrypi: dbf1113a82..95a9103f91:
Khem Raj (1):
python3-sense-hat: Drop PYTHON_PN
Martin Jansa (2):
sdcard_image-rpi.bbclass: include ${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and ${IMAGE_LINK_NAME}
sdimage-raspberrypi.wks: increase /boot partition minimal size from 20 to 100
meta-openembedded: 528f273006..9f0e513211:
Andreas Mützel (1):
python3-pynacl: allow -native build
Chen Qi (1):
unixodbc: fix odbc.pc file generation
Daniel Ammann (1):
sdmon: add new package
Derek Straka (9):
python3-trustme: add runtime dependency for tests and re-add to ptest
python3-gunicorn: re-enable working ptests for the package
python-inotify: re-enable working ptests for the package
python3-license-expression: re-enable passing ptests for the package
python3-jdcal: re-add functional ptests
python3-msgpack: re-add functional ptests
python3-parse: re-add functional ptests
python3-typeguard: update ptest dependencies and re-enable functional tests
python3-service-identity: add missing ptest dependencies and re-enable functional tests
Jan Vermaete (1):
netdata: version bump 1.43.2 -> 1.44.3
Joerg Hofrichter (1):
python3-gevent: adding missing dependency to python3-zopeevent
Khawaja Shaheryar (2):
libdaq: add recipe
snort: add snort3 initial recipe
Khem Raj (25):
python3-pocketsphinx: Upgrade to 5.0.3
snort: Do not use llvm libunwind
snort3: Fix contains reference to TMPDIR [buildpaths] warnings
libcamera: Replace VLAs with alloca
dav1d: Inherit missing pkgconfig
webkitgtk3: Fix build on 32bit x86
ptest-packagelists-meta-oe: Remove oprofile for rv32/rv64
python3-jsmin: Fix ptests to run with python 3.12+
python3-ordered-set: Use automake formatter for ptest output
fuse3: Add missing runtime deps for ptests
python3-looseversion: Add recipe
sshfs-fuse: Fix ptest builds with python 3.12
meta-filesystems: Add meta-filesystems-image-ptest
meta-multimedia-image-ptest: Add images to enable BBCLASSEXTEND parallel execution
meta-networking-image-ptest: Add images to enable BBCLASSEXTEND parallel execution
python3-scapy: Add missing rdeps for ptests
ptest-packagelists-meta-oe.inc: Remove oprofile from PTESTS_PROBLEMS_META_OE
ptest-packagelists-meta-networking: firewalld hangs therefore disabled
ptest-packagelists-meta-perl.inc: Move couple of test to PTESTS_FAST_META_PERL
openhpi: Fix ptest run time failures
squid: Add missing bash dependency for ptest package
meta-networking: Express dependency on meta-python
ostree: Remove strace from ptest rdeps
python3-pydantic-core,python3-pydantic: Update to 2.16.3 and 2.6.3 respectively
python3-pydantic-core: Fix build for arches without 64bit atomics
Lei Maohui (1):
Fix install error when enable multilib.
Markus Volk (7):
iwd: update 2.13 -> 2.14
libgedit-gtksourceview: update 299.0.5 -> 299.1.0
gedit: update 46.1 -> 46.2
mutter: update 45.3 -> 45.4
gnome-shell: update 45.3 -> 45.4
gnome-control-center: update 45.2 -> 45.3
dav1d: update 1.3.0 -> 1.4.0
Martin Jansa (5):
python3-httpx: respect libdir in packaging
snort3: drop SRCPV from PV
snort3: fix snort.pc
gattlib: use python3native and depend on python3-packaging-native
networkmanager-fortisslvpn: use python3native and depend on python3-packaging-native
Mingli Yu (1):
mariadb: Upgrade to 10.11.7
Niko Mauno (2):
python3-pybind11: Migrate to python_setuptools_build_meta
python3-pybind11: Restore strip prevention patch
Oleh Matiusha (1):
yasm: improve reproducibility
Peter Marko (1):
dnsmasq: Upgrade 2.89 -> 2.90
Romain Naour (1):
wavemon: add recipe for version 0.9.5
Sascha Hauer (1):
signing.bbclass: fix wrong function name
Tim Orling (16):
python_mesonpy.bbclass: move to oe-core
python3-meson-python: move to oe-core
python3-pyproject-metadata: move to oe-core
meta-python: drop ${PYTHON_PN}
meta-oe: drop ${PYTHON_PN}
meta-filesystems: drop ${PYTHON_PN}
meta-networking: drop ${PYTHON_PN}
meta-gnome: drop ${PYTHON_PN}
python3-pytest-lazy-fixtures: add 1.0.5
python3-prettytable: upgrade 3.9.0 => 3.10.0; fix ptests
python3-pytest-lazy-fixture: drop recipe
meta-oe-image-ptest: add PTESTS_PROBLEMS_META_OE
meta-perl-image-ptest: add PTESTS_PROBLEMS_META_PERL
meta-python-image-ptest: add PTESTS_PROBLEMS_META_PYTHON
libencode-perl: drop recipe
libencode-locale-perl: drop recipe
Wang Mingyu (49):
babl: upgrade 0.1.106 -> 0.1.108
btop: upgrade 1.3.0 -> 1.3.2
gegl: upgrade 0.4.46 -> 0.4.48
gjs: upgrade 1.78.3 -> 1.78.4
gnome-bluetooth: upgrade 42.7 -> 42.8
gnome-keyring: upgrade 42.1 -> 46.1
isomd5sum: upgrade 1.2.3 -> 1.2.4
libei: upgrade 1.2.0 -> 1.2.1
libmanette: upgrade 0.2.6 -> 0.2.7
libmime-types-perl: upgrade 2.24 -> 2.26
logwatch: upgrade 7.9 -> 7.10
mpich: upgrade 4.1.2 -> 4.2.0
ostree: upgrade 2024.1 -> 2024.3
python3-aiohue: upgrade 4.7.0 -> 4.7.1
python3-awesomeversion: upgrade 23.11.0 -> 24.2.0
python3-bidict: upgrade 0.22.1 -> 0.23.0
python3-cantools: upgrade 39.4.3 -> 39.4.4
python3-cmake: upgrade 3.28.1 -> 3.28.3
python3-django: upgrade 5.0.1 -> 5.0.2
python3-dnspython: upgrade 2.5.0 -> 2.6.0
python3-elementpath: upgrade 4.2.0 -> 4.3.0
python3-engineio: upgrade 4.8.2 -> 4.9.0
python3-gevent: upgrade 23.9.1 -> 24.2.1
unbound: upgrade 1.19.0 -> 1.19.1
wireshark: upgrade 4.2.2 -> 4.2.3
protobuf: upgrade 4.25.2 -> 4.25.3
webkitgtk3: upgrade 2.42.4 -> 2.42.5
python3-tqdm: upgrade 4.66.1 -> 4.66.2
python3-google-api-python-client: upgrade 2.116.0 -> 2.118.0
python3-httpcore: upgrade 1.0.2 -> 1.0.3
python3-jsbeautifier: upgrade 1.14.11 -> 1.15.1
python3-langtable: upgrade 0.0.64 -> 0.0.65
python3-polyline: upgrade 2.0.1 -> 2.0.2
python3-protobuf: upgrade 4.25.2 -> 4.25.3
python3-pymisp: upgrade 2.4.184 -> 2.4.185
python3-pymodbus: upgrade 3.6.3 -> 3.6.4
python3-pytest-asyncio: upgrade 0.23.4 -> 0.23.5
python3-tox: upgrade 4.12.1 -> 4.13.0
python3-twine: upgrade 4.0.2 -> 5.0.0
python3-watchdog: upgrade 3.0.0 -> 4.0.0
python3-zopeinterface: upgrade 6.1 -> 6.2
remmina: upgrade 1.4.33 -> 1.4.34
sip: upgrade 6.8.2 -> 6.8.3
python3-google-auth: upgrade 2.27.0 -> 2.28.0
python3-gspread: upgrade 6.0.1 -> 6.0.2
python3-socketio: upgrade 5.11.0 -> 5.11.1
python3-sentry-sdk: upgrade 1.40.0 -> 1.40.4
python3-pydantic-core: upgrade 2.14.6 -> 2.16.1
python3-pydantic: upgrade 2.5.3 -> 2.6.0
William Lyu (1):
e2tools: Add ptest
Yi Zhao (1):
audit: upgrade 3.1.2 -> 4.0
Yoann Congal (2):
influxdb: Fix /etc files owner
influxdb: Add missing group to static id
chenheyun (1):
dropwatch: Use header files from sysroot instead of build host
poky: fc8e5d7c13..25d60ac6f6:
Adrian Freihofer (5):
devtool: ide-sdk python 3.12 escaping
sdk-manual: extensible.rst: cover devtool ide-sdk
devtool: ide-sdk launch.json per recipe only
devtool: ide-sdk prefer sources from workspace
oe-selftest devtool: ide-sdk tests
Alexander Kanavin (1):
dbus: disable assertions and enable only modular tests
Alexis Lothoré (7):
testimage: log exception when failing to retrieve artifacts
lib/oeqa: share get_json_result_dir helper
testimage: create a list of failed test post actions
oeqa/utils/postactions: isolate directory creation in dedicated action
oeqa/utils/postactions: add target disk usage stat as post action
oeqa/utils/postactions: testimage: add host disk usage stat as post action
oeqa/lib/utils/postactions: fix host disk usage stats retrieval
Bruce Ashfield (8):
linux-yocto/6.6: update to v6.6.17
linux-yocto/6.6: update CVE exclusions
linux-yocto/6.6: enable squashfs for selftests
linux-yocto/6.6: config: x86 tidy & consolidation
kern-tools: depend on git-replacement-native
linux-yocto/6.6: genericarm64 configuration/definition
linux-yocto/6.6: update to v6.6.18
linux-yocto/6.6: update CVE exclusions
Christoph Vogtländer (1):
overlayfs: add missing vardeps
Claus Stovgaard (1):
wpa-supplicant: Fix CVE-2023-52160
Eilís 'pidge' Ní Fhlannagáin (2):
creategroup*: Remove coreutils-native as a DEPENDS
selftest-users: Convoluted selftest for USERADD_DEPENDS
Emil Kronborg (1):
bluez5: remove configuration files from install task
Enguerrand de Ribaucourt (4):
devtool: ide: define compilerPath for meson projects
Revert "meson: use absolute cross-compiler paths"
bitbake: bitbake: progressbar: accept value over initial maxval
devtool: ide-sdk source mapping for vscode
Enrico Jörns (1):
wic: 'empty' plugin: fix typo in comment
Joe Slater (1):
qemuboot: predictable network interface names
Jonathan GUILLOT (2):
lib/oe/package: fix LOCALE_PATHS scan to create locale packages
glibc-locale: add an explicit dedicated package for locale.alias file
Jose Quaresma (1):
go: update 1.20.13 -> 1.20.14
Joshua Watt (1):
bitbake: asyncrpc: Add support for server headers
Khem Raj (6):
ncurses: Always pass -D_GNU_SOURCE
linux-yocto: Remove unused patch
ref-manual: variables: remove PYTHON_PN
python3-bcrypt: Fix build break on arches without 64 bit atomics
python3-maturin: Recognise riscv32 architecture
llvm: Update to 18.1.0 RC4
Lee Chee Yang (1):
migration-guide: add release notes for 4.3.3
Lei Maohui (1):
rpm: Fix the following error when run nativesdk-rpm in nativesdk environment.
Martin Jansa (1):
glib-2.0: backport a switch from distutils to packaging in codegen
Michael Halstead (1):
yocto-uninative: Update to 4.4 for glibc 2.39
Michael Opdenacker (5):
ref-manual: system-requirements: update packages to build docs
ref-manual: release-process: grammar fix
manuals: suppress excess use of "following" word
dev-manual: packages: clarify shared PR service constraint
dev-manual: packages: need enough free space
Munehisa Kamata (1):
kernel.bbclass: Set pkg-config variables for building modules
Nick Owens (1):
python3: dont disable readline module for editline
Philip Lorenz (1):
bitbake: fetch2: Ensure that git LFS objects are available
Piotr Łobacz (1):
useradd.bbclass: Fix order of postinst-useradd-*
Richard Purdie (6):
numactl: Upgrade 2.0.17 -> 2.0.18
lttng-ust: Upgrade 2.13.6 -> 2.13.7
oeqa/selftest/rust: Simplify the rust testsuite output gathering/processing
recipetool: Fix errors with meta-poky bbappend
bitbake: runqueue: Add support for BB_LOADFACTOR_MAX
mirrors: Switch llvm to use shallow cloning
Ross Burton (4):
base-files: add usage warning to motd
libexif: remove unused version_underscore
gstreamer1.0: skip a test that is known to be flaky
linux-firmware: split out more firmware pieces
Simone Weiß (6):
patchtest: provide further guidance for failed testcases
patchtest: Skip test for CVE_CHECK_IGNORE for older branches
meta: Remove some not needed CVE_STATUS
meta: Update CVE_STATUS for incorrect cpes
cve-check: Log if CVE_STATUS set but not reported for component
dev-manual: Rephrase spdx creation
Soumya Sambu (1):
bind: Upgrade 9.18.21 -> 9.18.24
Tim Orling (3):
bitbake: layerindexlib: fix missing layer branch backtrace
python3-cryptography{-vectors}: upgrade to 42.0.5
python3-attrs: disable Hypothesis deadline
Tobias Hagelborn (1):
bitbake: hashserv: Re-enable connection pooling with psycopg 3 driver
Trevor Gamblin (1):
python3-git: upgrade 3.1.41 -> 3.1.42
Trevor Woerner (1):
wic: allow imager-specific filename extensions
Ulrich Ölmann (1):
bitbake: taskexp_ncurses: fix execution example in introductory comment
Wang Mingyu (44):
bash-completion: upgrade 2.11 -> 2.12.0
ccache: upgrade 4.9 -> 4.9.1
createrepo-c: upgrade 1.0.3 -> 1.0.4
ed: upgrade 1.20 -> 1.20.1
efivar: upgrade 38 -> 39
gcr: upgrade 4.1.0 -> 4.2.0
git: upgrade 2.43.0 -> 2.44.0
libffi: upgrade 3.4.5 -> 3.4.6
libgpg-error: upgrade 1.47 -> 1.48
libhandy: upgrade 1.8.2 -> 1.8.3
libksba: upgrade 1.6.5 -> 1.6.6
libmicrohttpd: upgrade 0.9.77 -> 1.0.1
libpng: upgrade 1.6.41 -> 1.6.42
libsecret: upgrade 0.21.2 -> 0.21.4
libunistring: upgrade 1.1 -> 1.2
liburi-perl: upgrade 5.25 -> 5.27
libxext: upgrade 1.3.5 -> 1.3.6
libxkbfile: upgrade 1.1.2 -> 1.1.3
libxvmc: upgrade 1.0.13 -> 1.0.14
lighttpd: upgrade 1.4.73 -> 1.4.74
makedepend: upgrade 1.0.8 -> 1.0.9
mpg123: upgrade 1.32.4 -> 1.32.5
ofono: upgrade 2.3 -> 2.4
pango: upgrade 1.51.0 -> 1.52.0
pciutils: upgrade 3.10.0 -> 3.11.1
pkgconf: upgrade 2.1.0 -> 2.1.1
python3-beartype: upgrade 0.17.0 -> 0.17.2
python3-certifi: upgrade 2023.11.17 -> 2024.2.2
python3-dbusmock: upgrade 0.30.2 -> 0.31.1
python3-hypothesis: upgrade 6.97.3 -> 6.98.12
python3-pip: upgrade 23.3.2 -> 24.0
python3-pycairo: upgrade 1.25.1 -> 1.26.0
python3-pytest: upgrade 8.0.0 -> 8.0.2
python3-pytz: upgrade 2023.4 -> 2024.1
python3-setuptools-rust: upgrade 1.8.1 -> 1.9.0
python3-trove-classifiers: upgrade 2024.1.8 -> 2024.2.23
python3-typing-extensions: upgrade 4.9.0 -> 4.10.0
python3: upgrade 3.12.1 -> 3.12.2
python3-urllib3: upgrade 2.1.0 -> 2.2.1
python3-yamllint: upgrade 1.33.0 -> 1.35.1
swig: upgrade 4.2.0 -> 4.2.1
xkbcomp: upgrade 1.4.6 -> 1.4.7
xkeyboard-config: upgrade 2.40 -> 2.41
xprop: upgrade 1.2.6 -> 1.2.7
Xiangyu Chen (2):
systemd-systemctl: fix dead loop when multi services enable each other
libc-locale: fix ASCII compatible warning cause build failure.
Xiaotian Wu (2):
loongarch64: change -march to loongarch64
openssl: Match target name for loongarch64
Yash Shinde (3):
rust: Upgrade 1.74.1 -> 1.75.0
rust: Revert PGO to it's default
rust: reproducibility issue fix with v1.75
Yoann Congal (1):
waf: Improve version parsing to avoid failing on warnings
Change-Id: I6dfb848feb4ec8f5aae56a9ccbff475f4eb1edc6
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
index 5f2ecc1..f2755d5 100644
--- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Fixed-swig-host-contamination-issue.patch
@@ -1,4 +1,4 @@
-From 9a32d42dfc6713fd0085dd4563a934afc30ec097 Mon Sep 17 00:00:00 2001
+From 5cdc667aeb7a014cdc1f8c7df8f8080408773dbe Mon Sep 17 00:00:00 2001
From: Li xin <lixin.fnst@cn.fujitsu.com>
Date: Sun, 19 Jul 2015 02:42:58 +0900
Subject: [PATCH] Fixed swig host contamination issue
@@ -19,7 +19,7 @@
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/bindings/swig/python3/Makefile.am b/bindings/swig/python3/Makefile.am
-index 6131e80d..2fb7207b 100644
+index c2c6def4..bcc2836c 100644
--- a/bindings/swig/python3/Makefile.am
+++ b/bindings/swig/python3/Makefile.am
@@ -23,6 +23,7 @@
@@ -28,9 +28,9 @@
AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
+STDINC ?= /usr/include
LIBS = $(top_builddir)/lib/libaudit.la
- SWIG_FLAGS = -python -py3 -modern
+ SWIG_FLAGS = -python
SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
-@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
+@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/audit_logging.h ${top_builddir}/lib/li
_audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
nodist__audit_la_SOURCES = audit_wrap.c
audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
@@ -40,18 +40,18 @@
CLEANFILES = audit.py* audit_wrap.c *~
diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 9a2c5661..6cbb7295 100644
+index 6b267844..5a4e442f 100644
--- a/bindings/swig/src/auditswig.i
+++ b/bindings/swig/src/auditswig.i
-@@ -43,7 +43,7 @@ typedef unsigned uid_t;
- * generating setters against them: https://github.com/swig/swig/issues/1699
+@@ -50,7 +50,7 @@ typedef unsigned uid_t;
*/
%ignore audit_rule_data::buf;
+
-%include "/usr/include/linux/audit.h"
+%include "../lib/audit.h"
#define __extension__ /*nothing*/
%include <stdint.i>
- %include "../lib/libaudit.h"
+ %include "../lib/audit-records.h"
--
2.25.1
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
new file mode 100644
index 0000000..b1f324f
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
@@ -0,0 +1,49 @@
+From 88c9b2c5cebebf13f90890baebbadc60d9fe8d16 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 9 Aug 2022 23:57:03 -0700
+Subject: [PATCH] Replace __attribute_malloc__ with __attribute__((__malloc__))
+
+__attribute_malloc__ is not available on musl
+
+Fixes
+| ../../git/auparse/auparse.h:54:2: error: expected function body after function declarator
+| __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
+| ^
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ audisp/plugins/remote/queue.h | 2 +-
+ auparse/auparse.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/audisp/plugins/remote/queue.h b/audisp/plugins/remote/queue.h
+index 36b70d04..031507dc 100644
+--- a/audisp/plugins/remote/queue.h
++++ b/audisp/plugins/remote/queue.h
+@@ -53,7 +53,7 @@ void q_close(struct queue *q);
+ * On error, return NULL and set errno. */
+ struct queue *q_open(int q_flags, const char *path, size_t num_entries,
+ size_t entry_size)
+- __attribute_malloc__ __attr_dealloc (q_close, 1) __wur;
++ __attribute__((__malloc__)) __attr_dealloc (q_close, 1) __wur;
+
+ /* Add DATA to tail of Q. Return 0 on success, -1 on error and set errno. */
+ int q_append(struct queue *q, const char *data);
+diff --git a/auparse/auparse.h b/auparse/auparse.h
+index c27f1ff9..87c52965 100644
+--- a/auparse/auparse.h
++++ b/auparse/auparse.h
+@@ -55,7 +55,7 @@ typedef void (*auparse_callback_ptr)(auparse_state_t *au,
+ void auparse_destroy(auparse_state_t *au);
+ void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what);
+ auparse_state_t *auparse_init(ausource_t source, const void *b)
+- __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
++ __attribute__((__malloc__)) __attr_dealloc (auparse_destroy, 1);
+ int auparse_new_buffer(auparse_state_t *au, const char *data, size_t data_len)
+ __attr_access ((__read_only__, 2, 3));
+ int auparse_feed(auparse_state_t *au, const char *data, size_t data_len)
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch
new file mode 100644
index 0000000..3491425
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Add-attribute-declarations.patch
@@ -0,0 +1,35 @@
+From 64cb48e1e5137b8a389c7528e611617a98389bc7 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <ausearch.1@gmail.com>
+Date: Thu, 25 Jan 2024 15:14:51 -0500
+Subject: [PATCH] Add attribute declarations
+
+Upstream-Status: Backport
+[https://github.com/linux-audit/audit-userspace/commit/64cb48e1e5137b8a389c7528e611617a98389bc7]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ audisp/plugins/remote/queue.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/audisp/plugins/remote/queue.h b/audisp/plugins/remote/queue.h
+index 36b70d04..2c70e839 100644
+--- a/audisp/plugins/remote/queue.h
++++ b/audisp/plugins/remote/queue.h
+@@ -1,5 +1,5 @@
+ /* queue.h -- a queue abstraction
+- * Copyright 2009, 2011 Red Hat Inc., Durham, North Carolina.
++ * Copyright 2009, 2011 Red Hat Inc.
+ * All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+@@ -25,6 +25,7 @@
+ #define QUEUE_HEADER
+
+ #include <sys/types.h>
++#include "common.h" // attribute decls
+
+ struct queue;
+
+--
+2.25.1
+
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch b/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
deleted file mode 100644
index 7f0af74..0000000
--- a/meta-openembedded/meta-oe/recipes-security/audit/audit/0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 679cb57fa93984fed345dd3890cdbcbaa24e8518 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 9 Aug 2022 23:57:03 -0700
-Subject: [PATCH] Replace __attribute_malloc__ with __attribute__((__malloc__))
-
-__attribute_malloc__ is not available on musl
-
-Fixes
-| ../../git/auparse/auparse.h:54:2: error: expected function body after function declarator
-| __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
-| ^
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- auparse/auparse.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/auparse/auparse.h b/auparse/auparse.h
-index 5cb7402e..39156eff 100644
---- a/auparse/auparse.h
-+++ b/auparse/auparse.h
-@@ -54,7 +54,7 @@ typedef void (*auparse_callback_ptr)(auparse_state_t *au,
- void auparse_destroy(auparse_state_t *au);
- void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what);
- auparse_state_t *auparse_init(ausource_t source, const void *b)
-- __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
-+ __attribute__((__malloc__)) __attr_dealloc (auparse_destroy, 1);
- int auparse_new_buffer(auparse_state_t *au, const char *data, size_t data_len)
- __attr_access ((__read_only__, 2, 3));
- int auparse_feed(auparse_state_t *au, const char *data, size_t data_len)
---
-2.25.1
-
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit/auditd.service b/meta-openembedded/meta-oe/recipes-security/audit/audit/auditd.service
deleted file mode 100644
index 06c63f0..0000000
--- a/meta-openembedded/meta-oe/recipes-security/audit/audit/auditd.service
+++ /dev/null
@@ -1,28 +0,0 @@
-[Unit]
-Description=Security Auditing Service
-DefaultDependencies=no
-After=local-fs.target systemd-tmpfiles-setup.service
-Before=sysinit.target shutdown.target
-Conflicts=shutdown.target
-ConditionKernelCommandLine=!audit=0
-
-[Service]
-Type=forking
-PIDFile=/run/auditd.pid
-ExecStart=/sbin/auditd
-## To use augenrules, uncomment the next line and comment/delete the auditctl line.
-## NOTE: augenrules expect any rules to be added to /etc/audit/rules.d/
-#ExecStartPost=-/sbin/augenrules --load
-ExecStartPost=-/sbin/auditctl -R /etc/audit/audit.rules
-# By default we don't clear the rules on exit.
-# To enable this, uncomment the next line.
-#ExecStopPost=/sbin/auditctl -R /etc/audit/audit-stop.rules
-
-### Security Settings ###
-MemoryDenyWriteExecute=true
-LockPersonality=true
-ProtectControlGroups=true
-ProtectKernelModules=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.2.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.2.bb
deleted file mode 100644
index 7136ed6..0000000
--- a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.2.bb
+++ /dev/null
@@ -1,116 +0,0 @@
-SUMMARY = "User space tools for kernel auditing"
-DESCRIPTION = "The audit package contains the user space utilities for \
-storing and searching the audit records generated by the audit subsystem \
-in the Linux kernel."
-HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
-SECTION = "base"
-LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \
- file://0001-Fixed-swig-host-contamination-issue.patch \
- file://0002-Replace-__attribute_malloc__-with-__attribute__-__ma.patch \
- file://auditd \
- file://auditd.service \
- file://audit-volatile.conf \
-"
-
-S = "${WORKDIR}/git"
-SRCREV = "572eb7d4fe926e7c1c52166d08e78af54877cbc5"
-
-inherit autotools python3targetconfig update-rc.d systemd
-
-UPDATERCPN = "auditd"
-INITSCRIPT_NAME = "auditd"
-INITSCRIPT_PARAMS = "defaults"
-
-SYSTEMD_PACKAGES = "auditd"
-SYSTEMD_SERVICE:auditd = "auditd.service"
-
-DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native python3-setuptools-native"
-
-EXTRA_OECONF = " --with-libwrap \
- --enable-gssapi-krb5=no \
- --with-libcap-ng=yes \
- --with-python3=yes \
- --libdir=${base_libdir} \
- --sbindir=${base_sbindir} \
- --without-python \
- --without-golang \
- --disable-zos-remote \
- --with-arm=yes \
- --with-aarch64=yes \
- "
-
-EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \
- PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
- pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
- STDINC='${STAGING_INCDIR}' \
- pkgconfigdir=${libdir}/pkgconfig \
- "
-
-SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher"
-DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
-interface to the audit system, audispd. These plugins can do things \
-like relay events to remote machines or analyze events for suspicious \
-behavior."
-
-PACKAGES =+ "audispd-plugins"
-PACKAGES += "auditd ${PN}-python"
-
-FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
-FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*"
-FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
- ${sysconfdir}/audit/plugins.d/au-remote.conf \
- ${sysconfdir}/audit/plugins.d/syslog.conf \
- ${base_sbindir}/audisp-remote \
- ${base_sbindir}/audisp-syslog \
- ${localstatedir}/spool/audit \
- "
-FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
-FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
-
-CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
-
-do_configure:prepend() {
- sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
- sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h
-}
-
-do_install:append() {
- sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h
-
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
- rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
-
- # reuse auditd config
- [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
- mv ${D}/etc/sysconfig/auditd ${D}/etc/default
- rmdir ${D}/etc/sysconfig/
-
- # replace init.d
- install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
- rm -rf ${D}/etc/rc.d
-
- if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- # install systemd unit files
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
-
- install -d ${D}${sysconfdir}/tmpfiles.d/
- install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
- fi
-
- # audit-2.5 doesn't install any rules by default, so we do that here
- mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
- cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
-
- chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
- chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
-
- # Based on the audit.spec "Copy default rules into place on new installation"
- cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
-
- # Create /var/spool/audit directory for audisp-remote
- install -m 0700 -d ${D}${localstatedir}/spool/audit
-}
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.bb
new file mode 100644
index 0000000..c8ab0d8
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_4.0.bb
@@ -0,0 +1,103 @@
+SUMMARY = "User space tools for kernel auditing"
+DESCRIPTION = "The audit package contains the user space utilities for \
+storing and searching the audit records generated by the audit subsystem \
+in the Linux kernel."
+HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
+SECTION = "base"
+LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \
+ file://0001-Fixed-swig-host-contamination-issue.patch \
+ file://0002-Add-attribute-declarations.patch \
+ file://auditd \
+ file://audit-volatile.conf \
+ "
+
+SRC_URI:append:libc-musl = " file://0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch"
+
+S = "${WORKDIR}/git"
+SRCREV = "ae7d2830391c1115cebff6340ef3130b1b03ce45"
+
+inherit autotools python3targetconfig update-rc.d systemd
+
+UPDATERCPN = "auditd"
+INITSCRIPT_NAME = "auditd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_PACKAGES = "auditd"
+SYSTEMD_SERVICE:auditd = "auditd.service audit-rules.service"
+
+DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native python3-setuptools-native coreutils-native"
+
+EXTRA_OECONF = " \
+ --with-libwrap \
+ --with-libcap-ng \
+ --with-python3 \
+ --with-arm \
+ --with-aarch64 \
+ --without-golang \
+ --disable-gssapi-krb5 \
+ --disable-zos-remote \
+ --sbindir=${base_sbindir} \
+ "
+
+EXTRA_OEMAKE = " \
+ PYTHON=python3 \
+ pythondir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+ pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+ STDINC='${STAGING_INCDIR}' \
+ "
+
+SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher"
+DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
+interface to the audit system, audispd. These plugins can do things \
+like relay events to remote machines or analyze events for suspicious \
+behavior."
+
+PACKAGES =+ "audispd-plugins"
+PACKAGES += "auditd ${PN}-python"
+
+FILES:${PN} = "${sysconfdir}/libaudit.conf ${libdir}/libau*.so.*"
+FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit-rules/* ${libexecdir}/*"
+FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
+ ${sysconfdir}/audit/plugins.d/au-remote.conf \
+ ${sysconfdir}/audit/plugins.d/syslog.conf \
+ ${base_sbindir}/audisp-remote \
+ ${base_sbindir}/audisp-syslog \
+ ${localstatedir}/spool/audit \
+ "
+FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
+FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+
+CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
+
+do_configure:prepend() {
+ sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
+ sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h
+}
+
+do_install:append() {
+ sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h
+
+ # Install default rules
+ install -d -m 750 ${D}/etc/audit
+ install -d -m 750 ${D}/etc/audit/rules.d
+
+ install -m 0640 ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
+
+ # Based on the audit.spec "Copy default rules into place on new installation"
+ install -m 0640 ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -D -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/audit.conf
+ fi
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+ install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
+ rm -rf ${D}${libdir}/systemd
+ fi
+
+ # Create /var/spool/audit directory for audisp-remote
+ install -d -m 0700 ${D}${localstatedir}/spool/audit
+}