meta-security: subtree update:b72cc7f87c..95fe86eb98
André Draszik (1):
linux-yocto: update the bbappend to 5.x
Armin Kuster (36):
README: add pull request option
sssd: drop py2 support
python3-fail2ban: update to latest
Apparmor: fix some runtime depends
linux-yocto-dev: remove "+"
checksecurity: fix runtime issues
buck-security: fix rdebends and minor style cleanup
swtpm: fix configure error
ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory
bastille: convert to py3
tpm2-tools: update to 4.1.1
tpm2-tcti-uefi: fix build issue for i386 machine
tpm2-tss: update to 2.3.2
ibmswtpm2: update to 1563
python3-fail2ban: add 2-3 conversion changes
google-authenticator-libpam: install module in pam location
apparmor: update to tip
clamav: add bison-native to depend
meta-security-isafw: import layer from Intel
isafw: fix to work against master
layer.conf: add zeus
README.md: update to new maintainer
clamav-native: missed bison fix
secuirty*-image: remove dead var and minor cleanup
libtpm: fix build issue over pod2man
sssd: python2 not supported
libseccomp: update to 2.4.3
lynis: add missing rdepends
fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslog
chkrootkit: add rootkit recipe
clamav: move to recipes-scanners
checksec: move to recipe-scanners
checksecurity: move to recipes-scanners
buck-security: move to recipes-scanners
arpwatch: add new recipe
buck-security: fix runtime issue with missing per module
Bartosz Golaszewski (3):
linux: drop the bbappend for linux v4.x series
classes: provide a class for generating dm-verity meta-data images
dm-verity: add a working example for BeagleBone Black
Haseeb Ashraf (1):
samhain: dnmalloc hash fix for aarch64 and mips64
Jan Luebbe (2):
apparmor: fix wrong executable permission on service file
apparmor: update to 2.13.4
Jonatan Pålsson (10):
README: Add meta-python to list of layer deps
sssd: Add PACKAGECONFIG for python2
sssd: Fix typo in PACKAGECONFIG. cyrpto -> crypto
sssd: DEPEND on nss if nothing else is chosen
sssd: Sort PACKAGECONFIG entries
sssd: Add autofs PACKAGECONFIG
sssd: Add sudo PACKAGECONFIG
sssd: Add missing files to SYSTEMD_SERVICE
sssd: Add missing DEPENDS on jansson
sssd: Add infopipe PACKAGECONFIG
Kai Kang (1):
sssd: fix for ldblibdir and systemd etc
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for dunfell
Mingli Yu (1):
linux-yocto: update the bbappend to 5.x
Pierre-Jean Texier via Lists.Yoctoproject.Org (1):
google-authenticator-libpam: upgrade 1.07 -> 1.08
Yi Zhao (5):
samhain: fix build with new version attr
scap-security-guide: fix xml parsing error when build remediation files
scap-security-guide: pass the correct schema file path to openscap-native
openscap-daemon: add missing runtime dependencies
samhain-server: add volatile file for systemd
Change-Id: I3d4a4055cb9420e97d3eacf8436d9b048d34733f
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch b/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch
deleted file mode 100644
index a53433f..0000000
--- a/meta-security/recipes-security/libseccomp/files/0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 1ecdddb2a5b61cf527d1f238f88a9d129239f87a Mon Sep 17 00:00:00 2001
-From: Paul Moore <paul@paul-moore.com>
-Date: Tue, 5 Nov 2019 15:11:11 -0500
-Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls
-
-We recently changed how libseccomp handles syscall numbers that are
-not defined natively, but we missed test #15.
-
-Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
-
-Upstream-Status: Backport
-[https://github.com/seccomp/libseccomp/commit/1ecdddb2a5b61cf527d1f238f88a9d129239f87a]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- tests/15-basic-resolver.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c
-index 6badef1..0c1eefe 100644
---- a/tests/15-basic-resolver.c
-+++ b/tests/15-basic-resolver.c
-@@ -55,15 +55,15 @@ int main(int argc, char *argv[])
- unsigned int arch;
- char *name = NULL;
-
-- if (seccomp_syscall_resolve_name("open") != __NR_open)
-+ if (seccomp_syscall_resolve_name("open") != __SNR_open)
- goto fail;
-- if (seccomp_syscall_resolve_name("read") != __NR_read)
-+ if (seccomp_syscall_resolve_name("read") != __SNR_read)
- goto fail;
- if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR)
- goto fail;
-
- rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat");
-- if (rc != __NR_openat)
-+ if (rc != __SNR_openat)
- goto fail;
-
- while ((arch = arch_list[iter++]) != -1) {
---
-2.17.1
-
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.4.3.bb
similarity index 90%
rename from meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb
rename to meta-security/recipes-security/libseccomp/libseccomp_2.4.3.bb
index 07db82a..9ca41e6 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.4.2.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.4.3.bb
@@ -4,10 +4,9 @@
LICENSE = "LGPL-2.1"
LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
-SRCREV = "1b6cfd1fc0b7499a28c24299a93a80bd18619563"
+SRCREV = "1dde9d94e0848e12da20602ca38032b91d521427"
SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
- file://0001-tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch \
file://run-ptest \
"