subtree updates
meta-openembedded: f3cdc9d7ee..0474e0b870:
Alexander Amelkin (1):
ipmitool: Update links
Bhargav Das (1):
python3-libevdev: Add recipe for python libevdev module.
Changqing Li (1):
redis: upgrade 6.2.11 -> 6.2.12
Chen Qi (1):
frr: add CVE_PRODUCT
Diego Dassie (2):
paho-mqtt-c: Disable building tests
paho-mqtt-c: Improve performance
Fabio Estevam (1):
lvgl: lvgl-demo-fb: Inherit features_check
Johannes Kauffmann (2):
open62541: allow overriding encryption providers
open62541: disable warnings as errors
Jun Nie (3):
libcbor: Add initial support
python3-pefile: Add initial support
python3-uswid: Add initial support
Khem Raj (27):
gitpkgv: Fix python deprecation warning
python3-pyzstd: Disable LTO on clang+arm
libftdi: Remove sysroot paths from .cmake files
libencode-perl: Remove buildpaths from generated .exh files
libcdio: Drop need for LIBCDIO_SOURCE_PATH
enca: Remove buildpaths from target scripts
libirecovery: Add missing build dependency on readline
usbmuxd: Remove recipe for 1.1.1
usbmuxd: Updgrade to latest on master branch
packagegroup-meta-oe: Add kpatch for glibc + x86_64 only
packagegroup-meta-oe: Remove minicoredumper-ptest for musl
libimobiledevice: Delete recipe for 1.3.0
libimobiledevice: Update to latest tip
libimobiledevice: Fix build with clang
idevicerestore: Update to latest on master branch
libpaper: Add recipe
psutils: Add recipe
nodejs: Upgrade to 18.16.0
python3-pylint: Fix missing deps for ptests
etcd: Inherit missing features_check
fftw: Remove hardcoded sysroot into binaries
lmdb: Pass CFLAGS to Makefile
squid: Remove buildpaths from generated binaries
libiio: Do not generate lineinfo in lex/yacc generated files
php: Remove buildpaths from scripts and generated headers
uw-imap: Pass CFLAGS from environment
libmad: Add a patch to pass cflags to build
Marcel Ziswiler (1):
libusbgx: fix device hot-plug use case
Marek Vasut (7):
lvgl: Upgrade lvgl to 8.3.7 and lv-driver to 8.3.0
lvgl: Activate custom tick implementation
lvgl: Add configurable color depth, default to 32bpp
lvgl: Support both fbdev and wayland backends
lvgl: Update lvgl-demo-fb to 8.3.0
lvgl: Upgrade dialog-lvgl to next/main version
lvgl: Add dependency on fbdev into lvgl-demo-fb DISTRO_FEATURES
Markus Volk (12):
xdg-desktop-portal-wlr: update 0.6.0 -> 0.7.0
python3-pillow: add libxcb to RDEPENDS for x11
adw-gtk3: update 4.5 -> 4.6
paprefs: add recipe
imaagemagick: update 7.1.1-5 -> 7.1.1-8
fuse3: update 3.12.0 -> 3.14.1
gnome-software: update 44.0 -> 44.1
gjs: update 1.75.1 -> 1.76.0
evince: update 44.0 -> 44.1
gdm: update 44.0 -> 44.1
xdg-desktop-portal-gnome: update 44.0 -> 44.1
libcamera: update 0.0.4 -> 0.0.5
Martin Jansa (18):
glfw: respect DISTRO_FEATURES when enabling x11 in default PACKAGECONFIG and return it to REQUIRED_DISTRO_FEATURES
libreport: add dependency on libarchive
libxmlb: add missing dependency on glib-2.0 and xz
geoclue: fix build without gobject-introspection-data
appstream: fix build without gobject-introspection-data
ostree: fix build without gobject-introspection-data
rdfind: fix build with -Werror=return-type
spice-gtk: respect gobject-introspection-data
cpulimit: fix do_install with multilib
libnfs: fix installed-vs-shipped issues with multilib
btrfsmaintenance: install to ${datadir}/${BPN}
libtomcrypt: pass LIBPATH to fix installed-vs-shipped with multilib
nanopb: fix installed-vs-shipped with multilib
nv-codec-headers: fix installed-vs-shipped with multilib
zfs: fix installation paths for multilib
poppler: add dependency on glib-2.0-native
paprefs: add x11 to REQUIRED_DISTRO_FEATURES
etcd: don't hardcode /usr/lib in do_install
Matija Tudan (1):
serial: add recipe for version 1.2.1
Ming Liu (4):
libusbgx: uprev to the latest commit
libusbgx: fix some systemd service conditions
libusbgx: drop hard-coded /usr/bin,/etc
libusbgx: check scripts in /etc/usbgx.d
Mingli Yu (1):
minicoredumper: correct the sysvinit service file attribute
Petr Gotthard (4):
strongswan: add PACKAGECONFIG for the NetworkManager module
openfortivpn: add new recipe
networkmanager-fortisslvpn: add new recipe
networkmanager-openconnect: add new recipe
Ross Burton (6):
v4l-utils: do out-of-tree builds
python3-ninja: simplify recipe
libisofs: add new recipe
libburn: move to meta-filesystems
libisoburn: add new recipe
xorriso: remove obsolete recipe
Trevor Gamblin (9):
python3-pytest-mock: Add recipe
python3-tomlkit: Add recipe
ptest-packagelists-meta-python: Add new tests
python3-platformdirs: Add recipe
python3-pylint: upgrade 2.14.5 -> 2.17.3
python3-pylint: add ptest
ptest-packagelists-meta-python: Add new tests
python3-pylint: upgrade 2.17.3 -> 2.17.4
python3-pylint: omit failing pickle test
Vasileios Anagnostopoulos (1):
asio: update to 1.28.0
Wang Mingyu (74):
abseil-cpp: upgrade 20230125.2 -> 20230125.3
appstream: upgrade 0.16.1 -> 0.16.2
babl: upgrade 0.1.104 -> 0.1.106
audit: upgrade 3.1 -> 3.1.1
boost-sml: upgrade 1.1.6 -> 1.1.8
ctags: upgrade 6.0.20230416.0 -> 6.0.20230430.0
eog: upgrade 44.0 -> 44.1
gspell: upgrade 1.12.0 -> 1.12.1
etcd-cpp-apiv3: upgrade 0.14.2 -> 0.14.3
googlebenchmark: upgrade 1.7.1 -> 1.8.0
hwdata: upgrade 0.369 -> 0.370
libbpf: upgrade 1.1.0 -> 1.2.0
iozone3: upgrade 492 -> 506
libadwaita: upgrade 1.3.1 -> 1.3.2
libcgi-perl: upgrade 4.56 -> 4.57
libjs-jquery-cookie: upgrade 3.0.1 -> 3.0.5
libmodule-build-tiny-perl: upgrade 0.043 -> 0.045
log4cpp: upgrade 1.1.3 -> 1.1.4
nautilus: upgrade 44.0 -> 44.1
makedumpfile: upgrade 1.7.2 -> 1.7.3
mg: upgrade 20230406 -> 20230501
python3-yarl: upgrade 1.8.2 -> 1.9.2
python3-alembic: upgrade 1.10.3 -> 1.10.4
python3-cassandra-driver: upgrade 3.26.0 -> 3.27.0
python3-can: upgrade 4.1.0 -> 4.2.0
python3-astroid: upgrade 2.15.3 -> 2.15.4
python3-argcomplete: upgrade 3.0.5 -> 3.0.8
python3-coverage: upgrade 7.2.3 -> 7.2.5
python3-imageio: upgrade 2.27.0 -> 2.28.1
python3-gast: upgrade 0.5.3 -> 0.5.4
python3-langtable: upgrade 0.0.61 -> 0.0.62
python3-flask-socketio: upgrade 5.3.3 -> 5.3.4
python3-elementpath: upgrade 4.1.1 -> 4.1.2
python3-nocasedict: upgrade 2.0.0 -> 2.0.1
python3-protobuf: upgrade 4.22.3 -> 4.22.4
python3-pint: upgrade 0.20.1 -> 0.21
python3-pulsectl: upgrade 22.3.2 -> 23.5.0
python3-pika: upgrade 1.3.1 -> 1.3.2
python3-pymisp: upgrade 2.4.170.1 -> 2.4.170.2
python3-pyudev: upgrade 0.24.0 -> 0.24.1
python3-regex: upgrade 2023.3.23 -> 2023.5.5
python3-rich: upgrade 13.3.4 -> 13.3.5
python3-smpplib: upgrade 2.2.2 -> 2.2.3
python3-sentry-sdk: upgrade 1.20.0 -> 1.22.1
python3-sqlalchemy: upgrade 2.0.9 -> 2.0.12
python3-termcolor: upgrade 2.2.0 -> 2.3.0
python3-twitter: upgrade 4.13.0 -> 4.14.0
python3-web3: upgrade 6.2.0 -> 6.3.0
tracker: upgrade 3.5.0 -> 3.5.1
python3-zeroconf: upgrade 0.56.0 -> 0.62.0
python3-xstatic: upgrade 1.0.2 -> 1.0.3
python3-requests-toolbelt: upgrade 0.10.1 -> 1.0.0
libimobiledevice-glue: SRCREV bump d2ff796..114098d
libplist: upgrade 2.2.0 -> 2.3.0
ctags: upgrade 6.0.20230430.0 -> 6.0.20230507.0
libnet-dns-perl: upgrade 1.37 -> 1.38
libdivecomputer: upgrade 0.7.0 -> 0.8.0
python3-platformdirs: upgrade 3.5.0 -> 3.5.1
python3-sympy: upgrade 1.11.1 -> 1.12
python3-google-auth: upgrade 2.17.3 -> 2.18.0
php: upgrade 8.2.5 -> 8.2.6
postgresql: upgrade 15.2 -> 15.3
python3-protobuf: upgrade 4.22.4 -> 4.23.0
python3-pulsectl: upgrade 23.5.0 -> 23.5.1
python3-pymisp: upgrade 2.4.170.2 -> 2.4.171
python3-pyjwt: upgrade 2.6.0 -> 2.7.0
python3-redis: upgrade 4.5.4 -> 4.5.5
python3-pytest-xdist: upgrade 3.2.1 -> 3.3.0
python3-sentry-sdk: upgrade 1.22.1 -> 1.22.2
python3-typeguard: upgrade 3.0.2 -> 4.0.0
python3-sqlalchemy: upgrade 2.0.12 -> 2.0.13
python3-websockets: upgrade 11.0.2 -> 11.0.3
xterm: upgrade 379 -> 380
wavpack: upgrade 4.60.1 -> 5.1.0
Xiangyu Chen (1):
pahole: fix native package build error
ojayanth (2):
etcd: systemd unit support to start existing etcd node
etcd: add systemd unit support for clustering
poky: 76cec94fad..35e5d29a7d:
Alexander Kanavin (1):
gcr: consider all versions, not only x.even.y
Andrew Jeffery (1):
Revert "ipk: Decode byte data to string in manifest handling"
Anuj Mittal (2):
gstreamer1.0: upgrade 1.22.0 -> 1.22.2
vte: upgrade 0.72.0 -> 0.72.1
Chen Qi (1):
sqlite3: update CVE_PRODUCT
Frederic Martinsons (1):
ptest-cargo.bbclass: add the possibility to define test arguments
Khem Raj (3):
musl: Update to 1.2.4 release
cpio: Run ptests under ptest user
python3-requests: Upgrade to 2.30.0
Luca Ceresoli (2):
ref-manual: classes: kernel: remove incorrect sentence opening
ref-manual: classes: kernel: document automatic defconfig usage
Martin Jansa (1):
populate_sdk_base.bbclass: respect MLPREFIX for ptest-pkgs's ptest-runner
Michael Opdenacker (2):
migration-guides: start of 4.3 migration and release notes
ref-manual: document FIT_ADDRESS_CELLS
Paul Gortmaker (1):
yocto-bsp: drop MIPS Edgerouter support
Qiu Tingting (1):
e2fsprogs: fix ptest bug for second running
Richard Purdie (5):
migration/release-notes-4.3: Add extra notes
qemu: Update ppc instruction fix to match revised upstream version
glib-networking: Add test retry to avoid failures
glib-networking: Correct glib error handling in test patch
qemu: Further updates to the ppc patch after upstream discussion
Ross Burton (6):
gdb: fix crashes when debugging threads with Arm Pointer Authentication enabled
Revert "ffmpeg: move ffmpeg config into packageconfig"
ffmpeg: add v4l2 PACKAGECONFIG
python3: use libedit instead of readline
python3: clean up PACKAGECONFIG
python3: use system expat
Tim Orling (2):
python3-urllib3: upgrade 1.26.15 -> 2.0.2
python3-attrs: upgrade 22.2.0 -> 23.1.0
Trevor Gamblin (3):
python3-trove-classifiers: Add recipe
python3-hatchling: upgrade 1.13.0 -> 1.14.1
python3-calver: Add recipe
Zang Ruochen (1):
elfutils: upgrade 0.188 -> 0.189
nikhil (1):
tiff: Remove unused patch from tiff
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I5304cb7a7ca3c09a110f52fa5b2844f5f00f4851
diff --git a/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.1.bb b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.1.bb
new file mode 100644
index 0000000..7ed2fd2
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-security/audit/audit_3.1.1.bb
@@ -0,0 +1,116 @@
+SUMMARY = "User space tools for kernel auditing"
+DESCRIPTION = "The audit package contains the user space utilities for \
+storing and searching the audit records generated by the audit subsystem \
+in the Linux kernel."
+HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
+SECTION = "base"
+LICENSE = "GPL-2.0-or-later & LGPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=master;protocol=https \
+ file://Fixed-swig-host-contamination-issue.patch \
+ file://0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch \
+ file://auditd \
+ file://auditd.service \
+ file://audit-volatile.conf \
+"
+
+S = "${WORKDIR}/git"
+SRCREV = "6e367585a899231da05797c6126f8bb01febb2f5"
+
+inherit autotools python3targetconfig update-rc.d systemd
+
+UPDATERCPN = "auditd"
+INITSCRIPT_NAME = "auditd"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_PACKAGES = "auditd"
+SYSTEMD_SERVICE:auditd = "auditd.service"
+
+DEPENDS = "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
+
+EXTRA_OECONF = " --with-libwrap \
+ --enable-gssapi-krb5=no \
+ --with-libcap-ng=yes \
+ --with-python3=yes \
+ --libdir=${base_libdir} \
+ --sbindir=${base_sbindir} \
+ --without-python \
+ --without-golang \
+ --disable-zos-remote \
+ --with-arm=yes \
+ --with-aarch64=yes \
+ "
+
+EXTRA_OEMAKE = "PYLIBVER='python${PYTHON_BASEVERSION}' \
+ PYINC='${STAGING_INCDIR}/$(PYLIBVER)' \
+ pyexecdir=${libdir}/python${PYTHON_BASEVERSION}/site-packages \
+ STDINC='${STAGING_INCDIR}' \
+ pkgconfigdir=${libdir}/pkgconfig \
+ "
+
+SUMMARY:audispd-plugins = "Plugins for the audit event dispatcher"
+DESCRIPTION:audispd-plugins = "The audispd-plugins package provides plugins for the real-time \
+interface to the audit system, audispd. These plugins can do things \
+like relay events to remote machines or analyze events for suspicious \
+behavior."
+
+PACKAGES =+ "audispd-plugins"
+PACKAGES += "auditd ${PN}-python"
+
+FILES:${PN} = "${sysconfdir}/libaudit.conf ${base_libdir}/libaudit.so.1* ${base_libdir}/libauparse.so.*"
+FILES:auditd = "${bindir}/* ${base_sbindir}/* ${sysconfdir}/* ${datadir}/audit/*"
+FILES:audispd-plugins = "${sysconfdir}/audit/audisp-remote.conf \
+ ${sysconfdir}/audit/plugins.d/au-remote.conf \
+ ${sysconfdir}/audit/plugins.d/syslog.conf \
+ ${base_sbindir}/audisp-remote \
+ ${base_sbindir}/audisp-syslog \
+ ${localstatedir}/spool/audit \
+ "
+FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/*/.debug"
+FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}"
+
+CONFFILES:auditd = "${sysconfdir}/audit/audit.rules"
+
+do_configure:prepend() {
+ sed -e 's|buf\[];|buf[0];|g' ${STAGING_INCDIR}/linux/audit.h > ${S}/lib/audit.h
+ sed -i -e 's|#include <linux/audit.h>|#include "audit.h"|g' ${S}/lib/libaudit.h
+}
+
+do_install:append() {
+ sed -i -e 's|#include "audit.h"|#include <linux/audit.h>|g' ${D}${includedir}/libaudit.h
+
+ rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.a
+ rm -f ${D}/${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.la
+
+ # reuse auditd config
+ [ ! -e ${D}/etc/default ] && mkdir ${D}/etc/default
+ mv ${D}/etc/sysconfig/auditd ${D}/etc/default
+ rmdir ${D}/etc/sysconfig/
+
+ # replace init.d
+ install -D -m 0755 ${WORKDIR}/auditd ${D}/etc/init.d/auditd
+ rm -rf ${D}/etc/rc.d
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ # install systemd unit files
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/auditd.service ${D}${systemd_unitdir}/system
+
+ install -d ${D}${sysconfdir}/tmpfiles.d/
+ install -m 0644 ${WORKDIR}/audit-volatile.conf ${D}${sysconfdir}/tmpfiles.d/
+ fi
+
+ # audit-2.5 doesn't install any rules by default, so we do that here
+ mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d
+ cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules
+
+ chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d
+ chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules
+
+ # Based on the audit.spec "Copy default rules into place on new installation"
+ cp ${D}/etc/audit/rules.d/audit.rules ${D}/etc/audit/audit.rules
+
+ # Create /var/spool/audit directory for audisp-remote
+ install -m 0700 -d ${D}${localstatedir}/spool/audit
+}