meta-security: subtree update:b72cc7f87c..95fe86eb98
André Draszik (1):
linux-yocto: update the bbappend to 5.x
Armin Kuster (36):
README: add pull request option
sssd: drop py2 support
python3-fail2ban: update to latest
Apparmor: fix some runtime depends
linux-yocto-dev: remove "+"
checksecurity: fix runtime issues
buck-security: fix rdebends and minor style cleanup
swtpm: fix configure error
ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory
bastille: convert to py3
tpm2-tools: update to 4.1.1
tpm2-tcti-uefi: fix build issue for i386 machine
tpm2-tss: update to 2.3.2
ibmswtpm2: update to 1563
python3-fail2ban: add 2-3 conversion changes
google-authenticator-libpam: install module in pam location
apparmor: update to tip
clamav: add bison-native to depend
meta-security-isafw: import layer from Intel
isafw: fix to work against master
layer.conf: add zeus
README.md: update to new maintainer
clamav-native: missed bison fix
secuirty*-image: remove dead var and minor cleanup
libtpm: fix build issue over pod2man
sssd: python2 not supported
libseccomp: update to 2.4.3
lynis: add missing rdepends
fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog
chkrootkit: add rootkit recipe
clamav: move to recipes-scanners
checksec: move to recipe-scanners
checksecurity: move to recipes-scanners
buck-security: move to recipes-scanners
arpwatch: add new recipe
buck-security: fix runtime issue with missing per module
Bartosz Golaszewski (3):
linux: drop the bbappend for linux v4.x series
classes: provide a class for generating dm-verity meta-data images
dm-verity: add a working example for BeagleBone Black
Haseeb Ashraf (1):
samhain: dnmalloc hash fix for aarch64 and mips64
Jan Luebbe (2):
apparmor: fix wrong executable permission on service file
apparmor: update to 2.13.4
Jonatan Pålsson (10):
README: Add meta-python to list of layer deps
sssd: Add PACKAGECONFIG for python2
sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto
sssd: DEPEND on nss if nothing else is chosen
sssd: Sort PACKAGECONFIG entries
sssd: Add autofs PACKAGECONFIG
sssd: Add sudo PACKAGECONFIG
sssd: Add missing files to SYSTEMD_SERVICE
sssd: Add missing DEPENDS on jansson
sssd: Add infopipe PACKAGECONFIG
Kai Kang (1):
sssd: fix for ldblibdir and systemd etc
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for dunfell
Mingli Yu (1):
linux-yocto: update the bbappend to 5.x
Pierre-Jean Texier via Lists.Yoctoproject.Org (1):
google-authenticator-libpam: upgrade 1.07 -> 1.08
Yi Zhao (5):
samhain: fix build with new version attr
scap-security-guide: fix xml parsing error when build remediation files
scap-security-guide: pass the correct schema file path to openscap-native
openscap-daemon: add missing runtime dependencies
samhain-server: add volatile file for systemd
Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
new file mode 100644
index 0000000..f4625b1
--- /dev/null
+++ b/meta-security/recipes-scanners/clamav/clamav_0.101.5.bb
@@ -0,0 +1,169 @@
+SUMMARY = "ClamAV anti-virus utility for Unix - command-line interface"
+DESCRIPTION = "ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats."
+HOMEPAGE = "http://www.clamav.net/index.html"
+SECTION = "security"
+LICENSE = "LGPL-2.1"
+
+DEPENDS = "libtool db libxml2 openssl zlib curl llvm clamav-native libmspack bison-native"
+DEPENDS_class-native = "db-native openssl-native zlib-native llvm-native curl-native bison-native"
+
+LIC_FILES_CHKSUM = "file://COPYING.LGPL;beginline=2;endline=3;md5=4b89c05acc71195e9a06edfa2fa7d092"
+
+SRCREV = "482fcd413b07e9fd3ef9850e6d01a45f4e187108"
+
+SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.101 \
+ file://clamd.conf \
+ file://freshclam.conf \
+ file://volatiles.03_clamav \
+ file://tmpfiles.clamav \
+ file://${BPN}.service \
+ file://freshclam-native.conf \
+ "
+
+S = "${WORKDIR}/git"
+
+LEAD_SONAME = "libclamav.so"
+SO_VER = "9.0.2"
+
+inherit autotools pkgconfig useradd systemd
+
+CLAMAV_UID ?= "clamav"
+CLAMAV_GID ?= "clamav"
+INSTALL_CLAMAV_CVD ?= "1"
+
+CLAMAV_USR_DIR = "${STAGING_DIR_NATIVE}/usr"
+CLAMAV_USR_DIR_class-target = "${STAGING_DIR_HOST}/usr"
+
+PACKAGECONFIG_class-target ?= "ncurses bz2"
+PACKAGECONFIG_class-target += " ${@bb.utils.contains("DISTRO_FEATURES", "ipv6", "ipv6", "", d)}"
+PACKAGECONFIG_class-target += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
+
+PACKAGECONFIG[pcre] = "--with-pcre=${STAGING_LIBDIR}, --without-pcre, libpcre"
+PACKAGECONFIG[json] = "--with-libjson=${STAGING_LIBDIR}, --without-libjson, json-c,"
+PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6"
+PACKAGECONFIG[bz2] = "--with-libbz2-prefix=${CLAMAV_USR_DIR}, --disable-bzip2, bzip2"
+PACKAGECONFIG[ncurses] = "--with-libncurses-prefix=${CLAMAV_USR_DIR}, --without-libncurses-prefix, ncurses, "
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/, --without-systemdsystemunitdir, "
+
+EXTRA_OECONF_CLAMAV = "--without-libcheck-prefix --disable-unrar \
+ --disable-mempool \
+ --program-prefix="" \
+ --disable-zlib-vcheck \
+ --with-xml=${CLAMAV_USR_DIR} \
+ --with-zlib=${CLAMAV_USR_DIR} \
+ --with-openssl=${CLAMAV_USR_DIR} \
+ --with-libcurl=${CLAMAV_USR_DIR} \
+ --with-system-libmspack=${CLAMAV_USR_DIR} \
+ --with-iconv=no \
+ --enable-check=no \
+ "
+
+EXTRA_OECONF_class-native += "${EXTRA_OECONF_CLAMAV}"
+EXTRA_OECONF_class-target += "--with-user=${CLAMAV_UID} --with-group=${CLAMAV_GID} ${EXTRA_OECONF_CLAMAV}"
+
+do_configure () {
+ ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+}
+
+do_configure_class-native () {
+ ${S}/configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+}
+
+do_compile_append_class-target() {
+ if [ "${INSTALL_CLAMAV_CVD}" = "1" ]; then
+ bbnote "CLAMAV creating cvd"
+ install -d ${S}/clamav_db
+ ${STAGING_BINDIR_NATIVE}/freshclam --datadir=${S}/clamav_db --config=${WORKDIR}/freshclam-native.conf
+ fi
+}
+
+do_install_append_class-target () {
+ install -d ${D}/${sysconfdir}
+ install -d ${D}/${localstatedir}/lib/clamav
+ install -d ${D}${sysconfdir}/clamav ${D}${sysconfdir}/default/volatiles
+
+ install -m 644 ${WORKDIR}/clamd.conf ${D}/${sysconfdir}
+ install -m 644 ${WORKDIR}/freshclam.conf ${D}/${sysconfdir}
+ install -m 0644 ${WORKDIR}/volatiles.03_clamav ${D}${sysconfdir}/default/volatiles/volatiles.03_clamav
+ sed -i -e 's#${STAGING_DIR_HOST}##g' ${D}${libdir}/pkgconfig/libclamav.pc
+ rm ${D}/${libdir}/libclamav.so
+ install -m 666 ${S}/clamav_db/* ${D}/${localstatedir}/lib/clamav/.
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
+ install -D -m 0644 ${WORKDIR}/clamav.service ${D}${systemd_unitdir}/system/clamav.service
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ install -m 0644 ${WORKDIR}/tmpfiles.clamav ${D}${sysconfdir}/tmpfiles.d/clamav.conf
+ fi
+}
+
+pkg_postinst_ontarget_${PN} () {
+ if command -v systemd-tmpfiles >/dev/null; then
+ systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/clamav.conf
+ elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+ ${sysconfdir}/init.d/populate-volatile.sh update
+ fi
+ mkdir -p ${localstatedir}/lib/clamav
+ chown -R ${CLAMAV_UID}:${CLAMAV_GID} ${localstatedir}/lib/clamav
+}
+
+
+PACKAGES = "${PN} ${PN}-dev ${PN}-dbg ${PN}-daemon ${PN}-doc ${PN}-cvd \
+ ${PN}-clamdscan ${PN}-freshclam ${PN}-libclamav ${PN}-staticdev"
+
+FILES_${PN} = "${bindir}/clambc ${bindir}/clamscan ${bindir}/clamsubmit \
+ ${bindir}/*sigtool ${mandir}/man1/clambc* ${mandir}/man1/clamscan* \
+ ${mandir}/man1/sigtool* ${mandir}/man1/clambsubmit* \
+ ${docdir}/clamav/* "
+
+FILES_${PN}-clamdscan = " ${bindir}/clamdscan \
+ ${docdir}/clamdscan/* \
+ ${mandir}/man1/clamdscan* \
+ "
+
+FILES_${PN}-daemon = "${bindir}/clamconf ${bindir}/clamdtop ${sbindir}/clamd \
+ ${mandir}/man1/clamconf* ${mandir}/man1/clamdtop* \
+ ${mandir}/man5/clamd* ${mandir}/man8/clamd* \
+ ${sysconfdir}/clamd.conf* \
+ ${systemd_unitdir}/system/clamav-daemon/* \
+ ${docdir}/clamav-daemon/* ${sysconfdir}/clamav-daemon \
+ ${sysconfdir}/logcheck/ignore.d.server/clamav-daemon "
+
+FILES_${PN}-freshclam = "${bindir}/freshclam \
+ ${sysconfdir}/freshclam.conf* \
+ ${sysconfdir}/clamav ${sysconfdir}/default/volatiles \
+ ${sysconfdir}/tmpfiles.d/*.conf \
+ ${localstatedir}/lib/clamav \
+ ${docdir}/${PN}-freshclam ${mandir}/man1/freshclam.* \
+ ${mandir}/man5/freshclam.conf.* \
+ ${systemd_unitdir}/system/clamav-freshclam.service"
+
+FILES_${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \
+ ${libdir}/pkgconfig/*.pc \
+ ${mandir}/man1/clamav-config.* \
+ ${includedir}/*.h ${docdir}/libclamav* "
+
+FILES_${PN}-staticdev = "${libdir}/*.a"
+
+FILES_${PN}-libclamav = "${libdir}/libclamav.so* ${libdir}/libclammspack.so*\
+ ${docdir}/libclamav/* "
+
+FILES_${PN}-doc = "${mandir}/man/* \
+ ${datadir}/man/* \
+ ${docdir}/* "
+
+FILES_${PN}-cvd = "${localstatedir}/lib/clamav/*.cvd ${localstatedir}/lib/clamav/*.dat"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system ${CLAMAV_UID}"
+USERADD_PARAM_${PN} = "--system -g ${CLAMAV_GID} --home-dir \
+ ${localstatedir}/spool/${BPN} \
+ --no-create-home --shell /bin/false ${BPN}"
+
+RPROVIDES_${PN} += "${PN}-systemd"
+RREPLACES_${PN} += "${PN}-systemd"
+RCONFLICTS_${PN} += "${PN}-systemd"
+SYSTEMD_SERVICE_${PN} = "${BPN}.service"
+
+RDEPENDS_${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-freshclam clamav-libclamav"
+RDEPENDS_${PN}_class-native = ""
+
+BBCLASSEXTEND = "native"