meta-security: subtree update:95fe86eb98..7831969f8c
Alexander Kanavin (1):
apparmor: pull in coreutils/findutils only when not using systemd as init manager
Armin Kuster (7):
tpm2-tools: update to 4.1.3
tpm2-tss: update to 2.4.1
tpm2-tss-engine: add branch to SRC_URI & update to tip
tpm2-pkcs11: update 1.2.0
libtpm: update to 0.7.2
openscap: update to 1.3.3
tpm2-tcti-uefi: drop patch no longer needed
Jeremy Puhlman (2):
clamav: resolve multilib issues
tripwire: Remove makefiles from the man directories.
Kai Kang (1):
sssd: disable build secrets
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I1e19d2563541504bcf89f1f70c680bd7e7e62d6c
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
similarity index 75%
rename from meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
rename to meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
index ad29efd..51fa9ee 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.1.bb
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_1.3.3.bb
@@ -2,7 +2,7 @@
require openscap.inc
-SRCREV = "3a4c635691380fa990a226acc8558db35d7ebabc"
+SRCREV = "0cb55c55af6be9934d6fd0caf4563b206f289732"
SRC_URI = "git://github.com/OpenSCAP/openscap.git;branch=maint-1.3 \
"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
index 963d3de..73a4729 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap_git.bb
@@ -5,8 +5,8 @@
include openscap.inc
-SRCREV = "4bbdb46ff651f809d5b38ca08d769790c4bfff90"
+SRCREV = "a85943eee400fdbe59234d1c4a02d8cf710c4625"
SRC_URI = "git://github.com/akuster/openscap.git;branch=oe-1.3 \
"
-PV = "1.3.1+git${SRCPV}"
+PV = "1.3.3+git${SRCPV}"
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
similarity index 86%
rename from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb
rename to meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
index 4588c8d..0ade01d 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
@@ -2,8 +2,8 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "c26e8f7b08b19a69cea9e8f1f1e6639c7951fb01"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-${PV}"
+SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb
similarity index 67%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb
index 351e03e..ce2dac0 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.2.0.bb
@@ -2,15 +2,14 @@
DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token."
SECTION = "security/tpm"
LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=93645981214b60a02688745c14f93c95"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"
-DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools"
+DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml"
-SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \
- file://bootstrap_fixup.patch \
- "
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \
+ file://bootstrap_fixup.patch "
-SRCREV = "6de3f6f9c6e0a4983f3fb90e35feb34906f8aea7"
+SRCREV = "8d8f137f65f1d61d66cc191947b59c378f23e97d"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch
deleted file mode 100644
index bc70913..0000000
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Fix defined to match tpm2-tools 4.1.1
-
-Upstream-Status: Submitted https://github.com/tpm2-software/tpm2-tcti-uefi/pull/81
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: git/example/tpm2-get-caps-fixed.c
-===================================================================
---- git.orig/example/tpm2-get-caps-fixed.c
-+++ git/example/tpm2-get-caps-fixed.c
-@@ -140,11 +140,11 @@ dump_tpm_properties_fixed (TPMS_TAGGED_P
- Print (L"TPM2_PT_INPUT_BUFFER:\n"
- " value: 0x%X\n", value);
- break;
-- case TPM2_PT_HR_TRANSIENT_MIN:
-+ case TPM2_PT_TPM2_HR_TRANSIENT_MIN:
- Print (L"TPM2_PT_TPM2_HR_TRANSIENT_MIN:\n"
- " value: 0x%X\n", value);
- break;
-- case TPM2_PT_HR_PERSISTENT_MIN:
-+ case TPM2_PT_TPM2_HR_PERSISTENT_MIN:
- Print (L"TPM2_PT_TPM2_HR_PERSISTENT_MIN:\n"
- " value: 0x%X\n", value);
- break;
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 67b36b7..a67e3c3 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -7,9 +7,9 @@
SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
file://configure_oe_fixup.patch \
file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
- file://tpm2-get-caps-fixed.patch \
file://fix_header_file.patch \
- "
+"
+
SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
deleted file mode 100644
index e90dcfe..0000000
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ /dev/null
@@ -1,17 +0,0 @@
-SUMMARY = "Tools for TPM2."
-DESCRIPTION = "tpm2-tools"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc"
-SECTION = "tpm"
-
-DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
-
-SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
-SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
-SRC_URI[sha1sum] = "d097d321237983435f05c974533ad90e6f20acef"
-SRC_URI[sha384sum] = "396547f400e4f5626d7741d77ec543f312d94e6697899f4c36260d15fab3f4f971ad2c0487e6eaa2d60256f3cf68f85f"
-SRC_URI[sha512sum] = "25952cf947f0acd16b1a8dbd3ac8573bce85ff970a7e24c290c4f9cd29418e77a3e48ac82c932fbd250887a9303ab301ff92db594c2fffaba47b873382444d26"
-
-inherit autotools pkgconfig bash-completion
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb
new file mode 100644
index 0000000..ae01d5e
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.3.bb
@@ -0,0 +1,13 @@
+SUMMARY = "Tools for TPM2."
+DESCRIPTION = "tpm2-tools"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc"
+SECTION = "tpm"
+
+DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "bb5d3310620e75468fe33dbd530bd73dd648c70ec707b4579c74d9f63fc82704"
+
+inherit autotools pkgconfig bash-completion
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
index 3641b1b..ebd6d53 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
@@ -1,15 +1,15 @@
SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL."
DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
-LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
-SRCREV = "fdc8f65dfc8bad8b5a3aed181fae338267308f70"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git"
+SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x"
inherit autotools-brokensep pkgconfig systemd
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb
similarity index 82%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb
index 135efed..22b961d 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.1.bb
@@ -9,16 +9,13 @@
SRCREV = "a99e733ba66c359502689a9c42fd5e02ed1dd7d6"
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[md5sum] = "fb7e6d371959a65dc6d129af81739742"
-SRC_URI[sha256sum] = "82929a0611f39246e09202702a61b54c980ab694626c1f5823520ddf75024fa6"
-SRC_URI[sha1sum] = "c24ce8b20a8686ada775239389292f6d78020668"
-SRC_URI[sha384sum] = "a0c023c024efb6c9906df1e143d692f44433de332b616dc0584c9b4cd4fb0ad544308f291892e91c5a52ef1a4b2abf7f"
-SRC_URI[sha512sum] = "7b679b54f3478c3adee5b6c3135cbe491ffd9f4712991f465edbd6c7d2831e5f1537038ec36f288e9545c719d5d167b61116c924cf5d816220615d0b58a1d436"
+SRC_URI[sha256sum] = "58d7afcab9ff3daaafb5316e57d2c211118334b470d5a5bc6ceace6f89a1e60d"
inherit autotools pkgconfig systemd extrausers
PACKAGECONFIG ??= ""
PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
+PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c "
EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/"
EXTRA_OECONF_remove = " --disable-static"
diff --git a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb
index c26392a..4f50bff 100644
--- a/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb
+++ b/meta-security/recipes-ids/tripwire/tripwire_2.4.3.7.bb
@@ -52,6 +52,7 @@
install -m 0644 ${S}/man/man4/* ${D}${mandir}/man4
install -m 0644 ${S}/man/man5/* ${D}${mandir}/man5
install -m 0644 ${S}/man/man8/* ${D}${mandir}/man8
+ rm ${D}${mandir}/man*/Makefile*
install -m 0644 ${S}/policy/templates/* ${D}${docdir}/${BPN}/templates
install -m 0644 ${S}/policy/*txt ${D}${docdir}/${BPN}
install -m 0644 ${S}/COPYING ${D}${docdir}/${BPN}
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb b/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb
index d6f61b3..552cac7 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_2.13.4.bb
@@ -191,7 +191,8 @@
FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}"
FILES_mod-${PN} = "${libdir}/apache2/modules/*"
-RDEPENDS_${PN} += "coreutils findutils ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}"
+# Add coreutils and findutils only if sysvinit scripts are in use
+RDEPENDS_${PN} += "${@["coreutils findutils", ""][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd')]} ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}"
RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}"
RDEPENDS_${PN}-ptest += "perl coreutils dbus-lib bash"
diff --git a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
index f4625b1..2ea2c9b 100644
--- a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
+++ b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
@@ -25,7 +25,7 @@
LEAD_SONAME = "libclamav.so"
SO_VER = "9.0.2"
-inherit autotools pkgconfig useradd systemd
+inherit autotools pkgconfig useradd systemd multilib_header multilib_script
CLAMAV_UID ?= "clamav"
CLAMAV_GID ?= "clamav"
@@ -45,6 +45,8 @@
PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/clamav-config ${PN}-cvd:${localstatedir}/lib/clamav/mirrors.dat"
+
EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
--disable-mempool \
--program-prefix="" \
@@ -93,6 +95,7 @@
install -d ${D}${sysconfdir}/tmpfiles.d
install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf
fi
+ oe_multilib_header clamav-types.h
}
pkg_postinst_ontarget_${PN} () {
diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.4.bb
index 7ea1586..2c3c803 100644
--- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb
+++ b/meta-security/recipes-security/sssd/sssd_1.16.4.bb
@@ -39,8 +39,7 @@
PACKAGECONFIG[autofs] = "--with-autofs, --with-autofs=no"
PACKAGECONFIG[crypto] = "--with-crypto=libcrypto, , libcrypto"
-PACKAGECONFIG[curl] = "--with-secrets --with-kcm, --without-secrets --without-kcm, curl jansson"
-PACKAGECONFIG[http] = "--with-secrets, --without-secrets, apache2"
+PACKAGECONFIG[curl] = "--with-kcm, --without-kcm, curl jansson"
PACKAGECONFIG[infopipe] = "--with-infopipe, --with-infopipe=no, "
PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no"
PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl"
@@ -60,6 +59,7 @@
--without-python2-bindings \
--enable-pammoddir=${base_libdir}/security \
--without-python2-bindings \
+ --without-secrets \
"
do_configure_prepend() {
@@ -85,6 +85,7 @@
# Remove /var/run as it is created on startup
rm -rf ${D}${localstatedir}/run
+ rm -f ${D}${systemd_system_unitdir}/sssd-secrets.*
}
pkg_postinst_ontarget_${PN} () {
@@ -109,8 +110,6 @@
sssd-pam-priv.socket \
sssd-pam.service \
sssd-pam.socket \
- sssd-secrets.service \
- sssd-secrets.socket \
sssd.service \
"
SYSTEMD_AUTO_ENABLE = "disable"