meta-security: subtree update:9504d02694..775870980b
Armin Kuster (13):
libtpm: update to 0.8.2
ibmtpm2tss: update to 1.6.0
tpm2-abrmd: update to 2.4.0
tpm2-tools: update to 5.0
tpm2-tss: update to 3.0.3
tpm2-pkcs11: update to 1.5.0
tpm2-topt: update 0.3.0
trousers: update to 0.3.15
tpm-tools: update to 1.3.9.1
python3-fail2ban: fix building with ptest enabled
layer.conf: Add hardknott to LAYERSERIES_COMPAT
tpm2-tss-engine: update 1.1.0
swtpm: update to 0.5.2
Kai Kang (1):
samhain: fix compile error on powerpc
Ming Liu (1):
ima-evm-keys: add file-checksums to IMA_EVM_X509
lukasz plachno (1):
fscryptctl: Fix installation path
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 8c0254b..fd21da1 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,6 +9,6 @@
BBFILE_PATTERN_security = "^${LAYERDIR}/"
BBFILE_PRIORITY_security = "8"
-LAYERSERIES_COMPAT_security = "gatesgarth"
+LAYERSERIES_COMPAT_security = "hardknott"
LAYERDEPENDS_security = "core openembedded-layer perl-layer networking-layer meta-python"
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index 22d8874..085ea45 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,6 +8,6 @@
BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_harden-layer = "10"
-LAYERSERIES_COMPAT_harden-layer = "gatesgarth"
+LAYERSERIES_COMPAT_harden-layer = "hardknott"
LAYERDEPENDS_harden-layer = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 76374eb..ba028da 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "gatesgarth"
+LAYERSERIES_COMPAT_integrity = "hardknott"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index 62685bb..7708aef 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -14,3 +14,4 @@
lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
fi
}
+do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' % os.path.exists('${IMA_EVM_X509}')}"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index db243f7..2024d4a 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_scanners-layer = "10"
-LAYERSERIES_COMPAT_scanners-layer = "gatesgarth"
+LAYERSERIES_COMPAT_scanners-layer = "hardknott"
LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf
index b8ee1c0..1f1095f 100644
--- a/meta-security/meta-security-isafw/conf/layer.conf
+++ b/meta-security/meta-security-isafw/conf/layer.conf
@@ -14,4 +14,4 @@
LAYERDEPENDS_security-isafw = "core"
-LAYERSERIES_COMPAT_security-isafw = "gatesgarth"
+LAYERSERIES_COMPAT_security-isafw = "hardknott"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index cd62fba..65788eb 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_tpm-layer = "10"
-LAYERSERIES_COMPAT_tpm-layer = "gatesgarth"
+LAYERSERIES_COMPAT_tpm-layer = "hardknott"
LAYERDEPENDS_tpm-layer = " \
core \
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
similarity index 86%
rename from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
rename to meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
index 0ade01d..9784aa1 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb
@@ -2,8 +2,8 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73"
-SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0"
+SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8"
PE = "1"
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
similarity index 78%
rename from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
rename to meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
index 35c77c8..b7ff2ad 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb
@@ -3,22 +3,21 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
-DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native"
+DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native"
# configure checks for the tools already during compilation and
# then swtpm_setup needs them at runtime
DEPENDS += "tpm-tools-native expect-native socat-native"
-SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \
- file://fix_fcntl_h.patch \
+SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \
file://ioctl_h.patch \
"
PE = "1"
S = "${WORKDIR}/git"
-inherit autotools pkgconfig
+inherit autotools pkgconfig python3-dir
PARALLEL_MAKE = ""
TSS_USER="tss"
@@ -35,18 +34,20 @@
EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}"
-export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
-
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
+
+PACKAGES =+ "${PN}-python"
+FILES_${PN}-python = "${nonarch_libdir}/${PYTHON_PN}/dist-packages/* "
+
PACKAGE_BEFORE_PN = "${PN}-cuse"
FILES_${PN}-cuse = "${bindir}/swtpm_cuse"
INSANE_SKIP_${PN} += "dev-so"
-RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
+RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
deleted file mode 100644
index c2a264b..0000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Author: Philipp Kern <pkern@debian.org>
-Subject: Fix openssl1.1 support in data_mgmt
-Date: Tue, 31 Jan 2017 22:40:10 +0100
-
-Upstream-Status: Backport
-tpm-tools_1.3.9.1-0.1.debian.tar
-
-Signed-off-by: Armin kuster <akuster808@gmail.com>
-
----
- src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++----------------
- 1 file changed, 39 insertions(+), 21 deletions(-)
-
---- a/src/data_mgmt/data_import.c
-+++ b/src/data_mgmt/data_import.c
-@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
- goto out;
- }
-
-- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
-+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
- logError( TOKEN_RSA_KEY_ERROR );
-
- X509_free( pX509 );
-@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, NULL );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-
- CK_RV rv;
-
-@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-
- // Create the RSA public key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
-@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
-
- int rc = -1;
-
-- int nLen = BN_num_bytes( a_pRsa->n );
-- int eLen = BN_num_bytes( a_pRsa->e );
-- int dLen = BN_num_bytes( a_pRsa->d );
-- int pLen = BN_num_bytes( a_pRsa->p );
-- int qLen = BN_num_bytes( a_pRsa->q );
-- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
-- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
-- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
-+ const BIGNUM *bn;
-+ const BIGNUM *be;
-+ const BIGNUM *bd;
-+ const BIGNUM *bp;
-+ const BIGNUM *bq;
-+ const BIGNUM *bdmp1;
-+ const BIGNUM *bdmq1;
-+ const BIGNUM *biqmp;
-+
-+ RSA_get0_key( a_pRsa, &bn, &be, &bd);
-+ RSA_get0_factors( a_pRsa, &bp, &bq);
-+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
-+
-+ int nLen = BN_num_bytes( bn );
-+ int eLen = BN_num_bytes( be );
-+ int dLen = BN_num_bytes( bd );
-+ int pLen = BN_num_bytes( bp );
-+ int qLen = BN_num_bytes( bq );
-+ int dmp1Len = BN_num_bytes( bdmp1 );
-+ int dmq1Len = BN_num_bytes( bdmq1 );
-+ int iqmpLen = BN_num_bytes( biqmp );
-
- CK_RV rv;
-
-@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
- }
-
- // Get binary representations of the RSA key information
-- BN_bn2bin( a_pRsa->n, n );
-- BN_bn2bin( a_pRsa->e, e );
-- BN_bn2bin( a_pRsa->d, d );
-- BN_bn2bin( a_pRsa->p, p );
-- BN_bn2bin( a_pRsa->q, q );
-- BN_bn2bin( a_pRsa->dmp1, dmp1 );
-- BN_bn2bin( a_pRsa->dmq1, dmq1 );
-- BN_bn2bin( a_pRsa->iqmp, iqmp );
-+ BN_bn2bin( bn, n );
-+ BN_bn2bin( be, e );
-+ BN_bn2bin( bd, d );
-+ BN_bn2bin( bp, p );
-+ BN_bn2bin( bq, q );
-+ BN_bn2bin( bdmp1, dmp1 );
-+ BN_bn2bin( bdmq1, dmq1 );
-+ BN_bn2bin( biqmp, iqmp );
-
- // Create the RSA private key object
- rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
similarity index 91%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
rename to meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
index 88ef19f..8aeb8ac 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb
@@ -12,12 +12,11 @@
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
+SRCREV = "bf43837575c5f7d31865562dce7778eae970052e"
SRC_URI = " \
git://git.code.sf.net/p/trousers/tpm-tools \
file://tpm-tools-extendpcr.patch \
file://04-fix-FTBFS-clang.patch \
- file://05-openssl1.1_fix_data_mgmt.patch \
file://openssl1.1_fix.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
index 27b4e2f..32c9a49 100644
--- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb
@@ -6,8 +6,8 @@
DEPENDS = "openssl"
-SRCREV = "e74dd1d96753b0538192143adf58d04fcd3b242b"
-PV = "0.3.14+git${SRCPV}"
+SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9"
+PV = "0.3.15+git${SRCPV}"
SRC_URI = " \
git://git.code.sf.net/p/trousers/trousers \
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
index 8b13fb6..cfda80f 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch
@@ -15,17 +15,15 @@
utils12/Makefile.am | 8 ++++-
2 files changed, 79 insertions(+), 4 deletions(-)
-diff --git a/utils/Makefile.am b/utils/Makefile.am
-index 1e51fe3..170a26e 100644
---- a/utils/Makefile.am
-+++ b/utils/Makefile.am
-@@ -81,9 +81,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS)
+Index: git/utils/Makefile.am
+===================================================================
+--- git.orig/utils/Makefile.am
++++ git/utils/Makefile.am
+@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la
- noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h
+ noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h
# install every header in ibmtss
-nobase_include_HEADERS = ibmtss/*.h
--
--notrans_man_MANS = man/man1/*.1
+nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \
+ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \
+ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \
@@ -65,7 +63,8 @@
+ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \
+ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \
+ ibmtss/ZGen_2Phase_fp.h
-+
+
+-notrans_man_MANS = man/man1/*.1
+notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \
+ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \
+ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \
@@ -101,11 +100,11 @@
if CONFIG_TPM20
noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h
-diff --git a/utils12/Makefile.am b/utils12/Makefile.am
-index a01f47c..e9fe61e 100644
---- a/utils12/Makefile.am
-+++ b/utils12/Makefile.am
-@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils
+Index: git/utils12/Makefile.am
+===================================================================
+--- git.orig/utils12/Makefile.am
++++ git/utils12/Makefile.am
+@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src
# result: [current-age].age.revision
libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la
@@ -120,6 +119,3 @@
noinst_HEADERS = ekutils12.h
bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend
---
-2.17.1
-
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
similarity index 94%
rename from meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
index 18ad7eb..4d9b554 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
@@ -17,7 +17,7 @@
inherit autotools pkgconfig
-SRCREV = "aa6c6ec83793ba21782033c03439977c26d3cc87"
+SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f"
SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \
file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \
"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
similarity index 96%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
index d2a1c47..edfcce9 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb
@@ -18,7 +18,7 @@
file://tpm2-abrmd.default \
"
-SRCREV = "4cdda466010a3699ebe967d990ac715ae3de7d35"
+SRCREV = "4f332013a02c422e186c4aaf127ab6a40b996028"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
similarity index 96%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
index 6beb67a..d53d4fa 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb
@@ -10,7 +10,7 @@
file://bootstrap_fixup.patch \
file://0001-remove-local-binary-checkes.patch"
-SRCREV = "78bbf6a0237351830d0c3923b25ba0b57ae0b7e9"
+SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
similarity index 80%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
index 5bd26ab..dbd324a 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
@@ -8,6 +8,6 @@
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc"
+SRC_URI[sha256sum] = "e1b907fe29877628052e08ad84eebc6c3f7646d29505ed4862e96162a8c91ba1"
inherit autotools pkgconfig bash-completion
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
similarity index 73%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
index 264484f..dfebc07 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb
@@ -9,8 +9,8 @@
PE = "1"
-SRCREV = "bfd581986353edc1058604e77cac804bd8b0d30a"
-SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x"
+SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git"
inherit autotools-brokensep pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
similarity index 88%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
index ebd6d53..5395695 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb
@@ -2,14 +2,14 @@
DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4"
SECTION = "security/tpm"
DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
-SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x"
+SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x"
inherit autotools-brokensep pkgconfig systemd
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
new file mode 100644
index 0000000..cae2e76
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch
@@ -0,0 +1,48 @@
+From 03cca78d24d716eec792f86f5b0bc69886fad981 Mon Sep 17 00:00:00 2001
+From: Patrick McCarty <patrick.mccarty@intel.com>
+Date: Fri, 18 Dec 2020 01:54:05 +0000
+Subject: [PATCH] configure.ac: fix compatibility with autoconf 2.70
+
+With autoconf 2.70, not quoting the second argument to one of the AS_IF
+macro expansions leads to generation of invalid shell code affecting the
+first nested ERROR_IF_NO_PROG expansion.
+
+The invalid shell code leads to an error resembling:
+
+ ./configure: line 18826: syntax error near unexpected token `newline'
+ ./configure: line 18826: ` '''
+
+Fix the issue by quoting the second argument to the affected AS_IF,
+similar to the quoting found elsewhere in configure.ac.
+
+Signed-off-by: Patrick McCarty <patrick.mccarty@intel.com>
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: tpm2-tss-3.0.3/configure.ac
+===================================================================
+--- tpm2-tss-3.0.3.orig/configure.ac
++++ tpm2-tss-3.0.3/configure.ac
+@@ -279,7 +279,7 @@ AC_ARG_ENABLE([integration],
+ [build and execute integration tests])],,
+ [enable_integration=no])
+ AS_IF([test "x$enable_integration" = "xyes"],
+- AS_IF([test "$HOSTOS" = "Linux"],
++ [AS_IF([test "$HOSTOS" = "Linux"],
+ [ERROR_IF_NO_PROG([ss])],
+ [ERROR_IF_NO_PROG([sockstat])])
+ ERROR_IF_NO_PROG([echo])
+@@ -328,7 +328,7 @@ AS_IF([test "x$enable_integration" = "xy
+ [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
+ AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
+ AC_SUBST([INTEGRATION_ARGS], [$integration_args])
+- AC_SUBST([ENABLE_INTEGRATION], [$enable_integration]))
++ AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
+ AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
+ #
+ # sanitizer compiler flags
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
similarity index 90%
rename from meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
index 78be513..b2486e5 100644
--- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb
@@ -6,8 +6,10 @@
DEPENDS = "autoconf-archive-native libgcrypt openssl"
-SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "e294677f8993234d0adfa191a5cbf9c5b83cc60c724c233e3d631c26712abea0"
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
+ file://0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch \
+ "
+SRC_URI[sha256sum] = "78392be7309baf47f51b122f566ac915fd4d1760ea78571cba2e1484f9b5be17"
inherit autotools pkgconfig systemd extrausers
diff --git a/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch b/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
new file mode 100644
index 0000000..72cb880
--- /dev/null
+++ b/meta-security/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
@@ -0,0 +1,28 @@
+Fix error when compile for powerpc:
+
+| x_sh_dbIO.c: In function 'swap_short':
+| x_sh_dbIO.c:229:36: error: initializer element is not constant
+| 229 | static unsigned short ooop = *iptr;
+| | ^
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/sh_dbIO.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/sh_dbIO.c b/src/sh_dbIO.c
+index b547ac5..23a9621 100644
+--- a/src/sh_dbIO.c
++++ b/src/sh_dbIO.c
+@@ -226,7 +226,8 @@ static unsigned short * swap_short (unsigned short * iptr)
+ else
+ {
+ /* alignment problem */
+- static unsigned short ooop = *iptr;
++ static unsigned short ooop;
++ ooop = *iptr;
+ unsigned short hi = (ooop & 0xff00);
+ unsigned short lo = (ooop & 0xff);
+ ooop = (lo << 8) | (hi >> 8);
diff --git a/meta-security/recipes-ids/samhain/samhain.inc b/meta-security/recipes-ids/samhain/samhain.inc
index 6a2eb085..0148e46 100644
--- a/meta-security/recipes-ids/samhain/samhain.inc
+++ b/meta-security/recipes-ids/samhain/samhain.inc
@@ -18,6 +18,7 @@
file://samhain-avoid-searching-host-for-postgresql.patch \
file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://fix-build-with-new-version-attr.patch \
+ file://samhain-fix-initializer-element-is-not-constant.patch \
"
SRC_URI[sha256sum] = "3e57574036d5055e9557ec5095818b419ea6c4365370fc2ccce1e9f87f9fad08"
diff --git a/meta-security/recipes-security/fail2ban/files/run-ptest b/meta-security/recipes-security/fail2ban/files/run-ptest
index 9f6aebe..64d07d5 100644
--- a/meta-security/recipes-security/fail2ban/files/run-ptest
+++ b/meta-security/recipes-security/fail2ban/files/run-ptest
@@ -1,3 +1,3 @@
#!/bin/sh
-##PYTHON## fail2ban-testcases
+##PYTHON## bin/fail2ban-testcases
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 6767d80..b480c76 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -35,8 +35,9 @@
do_install_ptest_append () {
install -d ${D}${PTEST_PATH}
+ install -d ${D}${PTEST_PATH}/bin
sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
- install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH}
+ install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
}
FILES_${PN} += "/run"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 440b4e3..df76a3d 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -15,7 +15,7 @@
S = "${WORKDIR}/git"
do_install() {
- oe_runmake DESTDIR=${D}${bindir} install
+ oe_runmake DESTDIR=${D} PREFIX=/usr install
}
RRECOMMENDS_${PN} += "\