subtree updates
meta-openembedded: 64974b8779..c95842cdca:
Adrian Bunk (46):
modemmanager: Remove the obsolete dependency on dbus-glib
gpsd: Remove the obsolete dependency on dbus-glib
eggdbus: Remove this obsolete package
sanity-meta-gnome: Remove obsolete class
gssdp: Merge inc
vlc: notify switched to GTK+3 some time ago
tremor: Upgrade 20150107 -> 20180319
vlc: Remove the obsolete dependency on dbus-glib
blueman: Enable thunar support by default but don't rdepend on it
gnome-bluetooth: Drop bluez4 support
networkmanager: Drop bluez4 support
packagegroup-meta-networking-connectivity: Correct a DISTRO_FEATURES check
packagegroup-tools-bluetooth: Remove bluez4 support
cpprest: Fix build failure with gcc 8
packagegroup-basic: Remove bluez4 support
packagegroup-meta-oe: Remove bogus bluez4 DISTRO_FEATURES checks
esound: Remove this obsolete package
gpsd: Remove obsolete musl patch
gpsd: Don't build without optimization
zeromq: Upgrade 4.3.1 -> 4.3.2
obex-data-server: Drop bluez4 support
openobex: Drop bluez4 support
gpsd: Drop bluez4 support
libao: Remove the non-default esound PACKAGECONFIG
gpsd: Disable manpage building by config option instead of patching
gpsd: Upgrade 3.18.1 -> 3.19
gnome-desktop3: Fix REQUIRED_DISTRO_FEATURES
meta-gnome: Remove GNOME_COMPRESS_TYPE = "xz" in recipes
jasper: Use the new upstream GitHub location instead of the defunct tarball URL
fluidsynth: Add PACKAGECONFIG for readline
meta-multimedia: Remove GNOME_COMPRESS_TYPE = "xz" in recipes
udisks: Remove this obsolete version
gpsd: Switch from python-scons-native to python3-scons-native
meta-gnome: Inherit gnomebase instead of gnome
meta-oe: Inherit gnomebase instead of gnome
libgsf: Drop the obsolete inherit gconf
gnome-system-monitor: Add DEPENDS on polkit
meta-oe: Change some ftp:// URIs to http(s)://
meta-oe: Use GNU_MIRROR in more recipes
wireshark: Use an upstream URL that stays valid longer
modemmanager: Use a simpler workaround for the clang build
network-manager-applet: Remove obsolete do_configure_append
network-manager-applet: Remove the obsolete DEPENDS on gconf
wv: Remove, abiword was the only user
gtkmathview: Remove, abiword was the last user
t1lib: Remove, gtkmathview was the last user
Alex Kiernan (6):
keyutils: Fix build with usrmerge
iwd: update to 0.18
libzip: Upgrade 1.5.1 -> 1.5.2
zstd: New recipe
zstd: Update 1.4.0 -> 1.4.2
iwd: Upgrade 0.18 -> 0.19
Alexander Kanavin (3):
python-matplotlib: remove the python 2.x version of the recipe
python-oauthlib: remove the 2.x version of the recipe
python-pandas: remove the python 2.x version of the recipe
Alistair Francis (3):
gpsd: Upgrade from 3.17 to 3.18.1
gpsd: Fix the systemd service run paths
python: pypi: Add python3-term
Anatol Belski (1):
gperftools: separate off libtcmalloc-minimal
Andreas Müller (2):
meta-xfce: Make Kai Kang layer maintainer
abiword: remove
Andrej Valek (2):
nodejs: 10.15.3 -> 10.16.0
nodejs: 10.16.0 -> 10.16.2
André Draszik (1):
layer.conf: ignore wireless-regdb->crda dep for siggen purposes
Ankit Navik (1):
safec: Remove aarch64 from COMPATIBLE_HOST
Anuj Mittal (2):
xterm: upgrade 330 -> 347
libsdl: import from OE-Core
Armin Kuster (5):
keyutils: update to 1.6
keyutils: improve ptests
keyutils: fix QA WARNING
keyutils: fix pulling in glibc when musl enabled
keyutils: fix library install path
Arturo Buzarra (1):
lvm2: Fix RDEPEND on lvm2 to lvm2-udevrules
Ayoub Zaki (1):
pegtl: Initial recipe
Bartosz Golaszewski (2):
bats: new package
libgpiod: bump version to v1.4.1
Beniamin Sandu (1):
unbound: create recipe for version 1.9.2
Callaghan, Dan (1):
unixodbc: mysql5 is not required but readline is
Changqing Li (15):
python-pygobject: fix install dir for python2
dlm: upgrade 4.0.7 -> 4.0.9
uthash: remove uthash-ptest dependencies
waf-samba: switch to python3
libtevent: upgrade 0.9.37 -> 0.10.0
libtdb: upgrade 1.3.17 -> 1.4.0
libtalloc: upgrade 2.1.14 -> 2.2.0
samba: upgrade 4.8.12 -> 4.10.5
libldb: upgrade 1.4.1 -> 1.5.4
volume-key: fix "Nothing RPROVIDES" when multilib enabled
isomd5sum: fix "Nothing RPROVIDES" when multilib enabled
satyr: fix "Nothing RPROVIDES" when multilib enabled
libtevent: fix do_package_qa issue
libtdb: fix do_package_qa issue
fio: Delete redundant tag
Chin Huat Ang (1):
opencv: 3.4.5 -> 4.1.0
Denys Dmytriyenko (1):
ufs-tool: add tool to access UFS (Universal Flash Storage) devices
Douglas Royds (2):
grpc: DEPENDS on googletest
packagegroup-meta-oe: RDEPENDS on googletest
Drew Moseley (1):
networkmanager: Use ALTERNATIVES for resolv-conf handling.
Erik Botö (1):
paho-mqtt-c: enable SSL
Fabian Klemp (1):
openvpn: respect pid file in init.d service start
Gianfranco Costamagna (3):
iniparser: add initial recipe
cpprest: update to 2.10.14
cpprest: Do not export Werror from build system instead of adding -Wno-error to the same build command
He Zhe (1):
drbd-utils: Fix netlink failure with nested attributes for kernel v5.2
Hongxu Jia (24):
packagegroup-xfce-extended: conditional runtime recommends on xfce-polkit
xfce-polkit: add required distro feature check to polkit
xfce4-session: optional support polkit
upower: remove polkit dependency
gvfs: add meson option admin and udisks2 to PACKAGECONFIG
mongodb: add to PNBLACKLIST
itstool: use libxml2 to instead of python3-lxml
meta-multimedia: add layer depends on meta-python
itstool: use libxml2 to instead of python3-lxml
python-six: remove duplicated recipe
libauthen-radius-perl: ptest requires meta-networking to be present
xfce4-panel: use lxdm to replace dm-tool
drop lxdm_%.bbappend
python3-pykickstart: 3.18 -> 3.20
python3-blivet: 3.1.2 -> 3.1.4
python-pyparted/python3-pyparted: 3.11.1 -> 3.11.2
libbytesize: 1.4 -> 2.0
libblockdev: 2.20 -> 2.22
network-manager-applet: 1.8.20 -> 1.8.22
thin-provisioning-tools: 0.7.6 -> 0.8.5
libreport: 2.9.7 -> 2.10.0
python3-blivetgui: fix blivet-gui broken
php: remove 5.6.40
lmsensors: support package lmsensors
Jackie Huang (1):
keyutils: add new recipe
Jason Wessel (1):
libbytesize: Add depends for gettext-native
Joshua Lock (3):
python-cffi: add missing RDEPENDS on pycparser
python-attrs: add native BBCLASSEXTEND
python-dateutil: add native BBCLASSEXTEND
Kai Kang (39):
mozjs: fix configure failure on CentOS 7.6
libvncserver: update to latest commit 1354f7f
libxfce4util: 4.13.3 -> 4.13.4
libxfce4ui: 4.13.5 -> 4.13.6
exo: 0.12.5 -> 0.12.6
xfconf: 4.13.7 -> 4.13.8
thunar: 1.8.6 -> 1.8.7
xfce4-session: 4.13.2 -> 4.13.3
xfwm4: 4.13.2 -> 4.13.3
xfdesktop: 4.13.4 -> 4.13.5
xfce4-power-manager: 1.6.2 -> 1.6.3
xfce4-panel: 4.13.5 -> 4.13.6
xfce4-dev-tools: 4.12.0 -> 4.13.0
thunar-volman: 0.9.2 -> 0.9.3
garcon: 0.6.2 -> 0.6.3
xfce4-settings: 4.12.4 -> 4.13.7
xfce4-pulseaudio-plugin: add dependency dbus-glib
xfce4-verve-plugin: 1.1.0 -> 2.0.0
net-snmp: update SRC_URI
xfwm4: fix assertion error
poppler: toggle gobject-introspection support
xfce4-settings: rrecommends xfce4-datetime-setter
xfce4-datetime-setter: add recipe
libxfce4util: 4.13.4 -> 4.14.0
xfconf: 4.13.8 -> 4.14.1
libxfce4ui: 4.13.6 -> 4.14.1
exo: 0.12.6 -> 0.12.8
garcon: 0.6.3 -> 0.6.4
thunar: 1.8.7 -> 1.8.9
thunar-volman: 0.9.3 -> 0.9.5
tumbler: 0.2.0 -> 0.2.7
xfce4-appfinder: 4.13.3 -> 4.14.0
xfce4-dev-tools: 4.13.0 -> 4.14.0
xfce4-panel: 4.13.6 -> 4.14.0
xfce4-power-manager: 1.6.3 -> 1.6.5
xfce4-session: 4.13.3 -> 4.14.0
xfce4-settings: 4.13.7 -> 4.14.0
xfdesktop: 4.13.5 -> 4.14.1
xfwm4: 4.13.3 -> 4.14.0
Khem Raj (44):
wvdial: Fix build with musl
librelp: Pass Wno-error to compiler
recipes: Use BPN instead of PN in SRC_URIs
cli11: Refresh patch to fix fuzz
sthttpd: Use git SRC_URI instead of github archive
arno-iptables-firewall: Switch to git fetcher
firewalld: Update to 0.6.3->0.6.4
python-matplotlib: Use git src_uri
mpv: Switch to using git fetcher
x11vnc: Switch to git fetcher
dumb-init: Switch to git fetcher
pam-plugin-ldapdb: Use git fetcher
libuv: Switch to using git fetcher
usbctl: Switch to git fetcher
pmdk: Fix libdir which is multi-lib aware
kexec-tools-klibc: Refresh patch with no code change
log4cplus: Fix build with gold linker
orage: Fix build with libical3
pegtl: Fix build with clang/libc++
postfix: Fix build failures with glibc 2.30
snort: Fix build with glibc 2.30
opensaf: Add configure time check to detect gettid API in libc
ypbind-mt: Fix build with glibc 2.30
openocd: Fix build with glibc 2.30
netkit-rusers: Add dep on rpcsvc-proto for rpc headers
collectd: Fix build with glibc 2.30
alsa-oss: Drop now not needed patch
klcc-cross: Recognise --unwindlib clang option
libsub-exporter-progressive-perl: Remove unneeded DEPENDS_PN
libedit: Delete
sjf2410-linux-native: Do not include sys/io.h
gradm: Upgrade to 3.1-201903191516 release
pmdk: Fix packaging errors when building on non-x86 host
klibc: Pass -fno-builtin-bcmp with musl/clang combo
graphviz: Fix build error that surfaced with latest pango
graphviz: Do not build tcl support for target
python-grpcio: Use gettid API from glibc 2.30+
grpc: Update to 1.22.0
android-tools: Fix build with glibc 2.30
iperf2: Upgrade to 2.0.13
netkit-rusers: Depend on rpcsvc-proto-native for rpcgen tool
kpatch: Pass ARCH from environment
python3-pillow: Provide python3-imaging
netkit-rusers: Fix cross-build after glibc dropped rpc
Laszlo Toth (1):
networkmanager: fix typo in nonarch_base_libdir
Liwei Song (2):
pm-graph: fix time format parse error
fio: fix first direct IO errored when ioengine is splice
Luca Boccassi (2):
python-pygobject: move python-setuptools from RDEPENDS to DEPENDS
python-pygobject: remove build-dependency on setuptools and add dependency on pkgutil
Luca Ceresoli (4):
fuse-exfat: moved to github
exfat-utils: moved to github
fuse-exfat: update 1.2.3 -> 1.3.0
exfat-utils: update 1.2.3 -> 1.3.0
Luca Palano (1):
Netdata upgrade: 1.8.0 -> 1.16.0
Maciej Pijanowski (8):
python3-websockets: upgrade to 8.0.2
python3-multidict: upgrade to 4.5.2
python-engineio: upgrade to 3.9.3
python-socketio: upgrade to 4.3.1
python-aiohttp.inc: add missing RDEPENDS
python-async-timeout: add asyncio to RDEPENDS
python-socketio.inc: add missing RDEPENDS
python3-aiofiles: add recipe
Mariano Lopez (1):
nftables: 0.9.0 > 0.9.1
Martin Jansa (8):
protobuf: fix build with gold
SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS add lsb and util-linux for phoronix-test-suite
oprofile: drop kernel-vmlinux from RRECOMMENDS
libdbi-perl: prevent native libdbi-perl depending on target perl
redis: backport a fix for stack trace generation on aarch64
ntop: fix missing return from non-void function
python3-twofish: Fix missing return statements in module stubs
kernel-selftest: skip -Werror=format-security and fortify
Max Krummenacher (1):
joe: update to 4.6
Mikko Rapeli (2):
protobuf: fix ptest compilation with hardening flags
stress-ng: delete recipe
Mingli Yu (7):
fio: Upgrade to 3.15
crash: Upgrade to 7.2.6
makedumpfile: Upgrade to 1.6.6
hwloc: Upgrade to 1.11.13
iperf3: Upgrade to 3.7
log4cplus: Upgrade to 2.0.4
log4cplus: remove gold linker setting
Oleksandr Kravchuk (22):
nghttp2: update to 1.39.1
drbd-utils: update to 9.10.0
drbd: update to 9.0.18-1
keepalived: update to 2.0.16
nano: update to 4.3
nuttcp: add systemd unit file
mbedtls: update to 2.16.2
dhcpcd: update to 7.2.2
freediameter: update to 1.2.1
sethdlc: set PV in filename
miniupnpd: update to 2.1.20190210
ipvsadm: update to 1.30
uftp: update to 4.9.11
libnftnl: update to 1.1.3
dhcpcd: update to 7.2.3
blueman: update to 2.1.1
uftp: update to 4.10
htpdate: update to 1.2.1
dhcpcd: update to 8.0.1
chrony: update to 3.5
wolfssl: update to 4.1.0
dhcpcd: update to 8.0.2
Ovidiu Panait (2):
python3-pillow: 5.4.1 -> 6.1
python3-pillow: Add python3-misc/logging/numbers to RDEPENDS
Paolo Valente (1):
s-suite: push SRCREV to version 3.5
Parthiban Nallathambi (1):
python3-matplotlib: add version 3.1.1
Pascal Bach (1):
protobuf: 1.3.1 -> 1.3.2
Paul Eggleton (3):
mraa: update to 2.0.0
upm: update to 2.0.0
picocom: update to 3.1
Pierre-Jean Texier (2):
stunnel: bump to version 5.55
cppzmq: bump to version 4.4.1
Piotr Tworek (1):
itstool: Don't use hardcoded, absolute path to python3 binary.
Qi.Chen@windriver.com (3):
turbostat: set PACKAGE_ARCH as MACHINE_ARCH
esmtp: use alternatives to manage /usr/lib/sendmail
postfix: use alternatives to manage /usr/lib/sendmail
Radovan Scasny (2):
dhcpcd: enable udev by default
dhcpcd: fix building with pkgconfig
Randy MacLeod (2):
poppler: update from 0.75.0 to 0.79.0
rsyslog: update from 8.1903.0 to 8.1907.0
Ricardo Ribalda Delgado (1):
fwts: Update to 19.06.00
Robert Joslyn (1):
cryptsetup: Don't enable udev for native build
Roman Stratiienko (1):
glmark2: Upgrade SRCREV to latest
Ross Burton (2):
gtk+: add (from oe-core)
gnome-themes-standard: add recipe for GTK+ 2 Adwaita
Ruslan Bilovol (2):
libnss-nisplus: Add recipe
kpatch: fix QA build errors for nativesdk
Saravanan Sekar (1):
liblightmodbus: Add version 2.0.2
Scott Ellis (1):
wireguard: Upgrade 20190406 to 20190702
Slater, Joseph (3):
drbd-utils: enable reproducible_build awareness
php: remove host specific info from header file
mozjs: do not expose intl api for mips64
Tim Orling (9):
libencode-perl: upgrade 2.94 -> 3.01; enable ptest
libdbi-perl: fix dependencies
libtest-nowarnings-perl: add recipe for 1.04
libdbd-sqlite-perl: upgrade 1.54 -> 1.62; enable ptest
libsub-uplevel-perl: add recipe for 0.36
libtest-warn-perl: add recipe for 0.36
libcgi-perl: upgrade 4.43 -> 4.44
libnet-ldap-perl: upgrade 0.65 -> 0.66; enable ptest
libunicode-linebreak-perl: upgrade 2017.004 -> 2019.001; enable ptest
Trevor Gamblin (2):
metacity; upgrade from 3.30.1 to 3.32.0
gvfs: upgrade from 1.40.0 to 1.40.2
Vincent Prince (1):
mongodb: add mongo shell as a PACKAGECONF option
William A. Kennington III via Openembedded-devel (5):
gtest: Googletest project is back under github.com/google/googletest
googletest: The gtest and gmock projects were combined under googletest in 2015
libtar: Enable libtar-native build
fmt: Init at 5.3.0
cli11: 1.7.1 -> 1.8.0
Windel Bouwman (3):
python-humanfriendly: Add recipe for the humanfriendly package.
Fix python-humanfriendly recipe for python2.
Add recipe for the coloredlogs python package.
Yi Zhao (7):
strongswan: upgrade 5.7.1 -> 5.8.0
snort: fix compile-host-path QA issue
cryptsetup: set the default luks format to LUKS1
libldb: upgrade 1.5.4 -> 1.5.5
samba: upgrade 4.10.5 -> 4.10.6
snort: upgrade 2.9.13 -> 2.9.14
snort: upgrade 2.9.14 -> 2.9.14.1
Yong, Jonathan (1):
icewm: add recipe
Yongxin Liu (3):
keyutils: move recipe and patches from meta-security to meta-oe
ndctl: v63 -> v65
pmdk: update from 1.4.2 to 1.6
Yuan Chao (9):
python-pycodestyle: upgrade 2.4.0 -> 2.5.0
python-lxml: upgrade 4.3.4 -> 4.4.0
python-configparser: upgrade 3.5.0 -> 3.7.4
protobuf: upgrade 3.9.0 -> 3.9.1
python-markupsafe: upgrade 1.0 -> 1.1.1
hostapd: upgrade 2.8 -> 2.9
python-configparser: upgrade 3.7.4 -> 3.8.1
python-lxml: upgrade 4.4.0 -> 4.4.1
python-pip: upgrade 19.2.1 -> 19.2.2
Zang Ruochen (47):
postgresql: upgrade 11.3 -> 11.4
wireshark: upgrade 3.0.1 -> 3.0.2
python-pygobject: upgrade 3.32.1 -> 3.32.2
python-alembic: upgrade 1.0.10 -> 1.0.11
logwatch: upgrade 7.4.3 -> 7.5.1
tcsh: upgrade 6.20.00 -> 6.21.00
python-cython: upgrade 0.29.10 -> 0.29.11
dialog: upgrade 1.3-20180621 -> 1.3-20190211
php: upgrade 7.3.6 -> 7.3.7
sessreg: upgrade 1.1.1 -> 1.1.2
python-typing: upgrade 3.6.6 -> 3.7.4
python-mako: upgrade 1.0.12 -> 1.0.13
python-pbr: upgrade 5.2.1 -> 5.4.0
python-cython: upgrade 0.29.11 -> 0.29.12
adcli: added new recipe.
python-pyflakes: upgrade 1.6.0 -> 2.1.1
python-protobuf: upgrade 3.8.0 -> 3.9.0
protobuf: upgrade 3.8.0 -> 3.9.0
setxkbmap: upgrade 1.3.1 -> 1.3.2
uftrace: upgrade 0.9.2 -> 0.9.3
wireshark: upgrade 3.0.2 -> 3.0.3
python-pbr: upgrade 5.4.0 -> 5.4.1
dstat: upgrade 0.7.3 -> 0.7.4
python-mako: upgrade 1.0.13 -> 1.0.14
xfsprogs: upgrade 5.0.0 -> 5.1.0
python-beautifulsoup4: upgrade 4.7.1 -> 4.8.0
xterm: upgrade 347 -> 348
python-pip: upgrade 19.1.1 -> 19.2.1
python-paste: upgrade 3.0.8 -> 3.1.0
syslog-ng: append syslog-ng.service
dialog: upgrade 1.3-20190211 -> 1.3-20190728
openldap: upgrade 2.4.47 -> 2.4.48
python-cython: upgrade 0.29.12 -> 0.29.13
libsodium: upgrade 1.0.17 -> 1.0.18
hwdata: upgrade 0.322 -> 0.326
python-jsonpatch: upgrade 1.23 -> 1.24
python-pyasn1: upgrade 0.4.5 -> 0.4.6
python-pyasn1-modules: upgrade 0.2.2 -> 0.2.6
python-pyparsing: upgrade 2.4.0 -> 2.4.2
python-pytest-runner: upgrade 4.2 -> 5.1
python-pytz: upgrade 2019.1 -> 2019.2
itstool: upgrade 2.0.5 -> 2.0.6
opensaf: upgrade 5.19.03 -> 5.19.07
libkcapi: upgrade 1.1.4 -> 1.1.5
mcelog: upgrade 162 -> 164
php: upgrade 7.3.7 -> 7.3.8
kpatch: upgrade 0.61 -> 0.71
Zheng Ruoqin (3):
python-mako: upgrade 1.0.14 -> 1.1.0
python-pbr: upgrade 5.4.1 -> 5.4.2
dnf-plugin-tui: new recipe
wouterlucas (1):
python-jsonref: add recipe
meta-phosphor: fbd01b6e08..fe8cee7488:
Brad Bishop (1):
meta-phosphor: sdk: react to upstream gtest rename
meta-xilinx: 64aa3d35ae..f3c8b1c9a8:
Alejandro Enedino Hernandez Samaniego (7):
opencl-clhpp: Allow empty packages to be built
opencl-headers: Allow empty packages to be built
gcc-8: rebase microblaze patches for gcc 8.2.0
gcc8: update microblaze patches
gcc: update microblaze patches
update gcc-8 patches
gcc: Remove xilinx.ld requirement
Jaewon Lee (6):
zc1254-zynqmp.conf: Add support for zc1254 evaluation board
zc1275-zynqmp.conf: Add support for zc1275 evaluation board
zcu102-zynqmp.conf: Changing qemu boot mode
Adding FPGA_MNGR_RECONFIG_ENABLE to control enabling fpga manager
gcc: Removing already upstreamed patch
Rebasing binutils patches from 2.31 to 2.32
Madhurkiran Harikrishnan (2):
kernel-module-mali: Fix errors associated with kernel upgrade to 4.19
xf86-video-armsoc: Remove the recipe for xf86-video-armsoc
Manjukumar Matha (10):
libmali-xlnx_git.bb: Fix the package arch for libmali
zcu111-zynqmp.conf: Add support for ZCU111 evaluation board
qemu-system-aarch64-multiarch: Enable plm argument in runqemu
arm-trusted-firmware.inc: Add support to build ATF for versal devices
linux-xlnx.inc: Add support to build kernel for versal devices
linux-xlnx.inc: Use KBUILD_DEFCONFIG in externalsrc mode if defined
kernel-simpleimage.bbclass: Use dts for simpleImage generation for Microblaze
kernel-simpleimage.bbclass: Deploy simpleImage unstrip file
kernel-simpleimage.bbclass: Deploy simpleImage strip
binutils%.bbappend: Update Microblaze binutils patches to v2.31
Min Ma (4):
ocl-icd_git.bb: Add recipe for OpenCL ICD loaders
opencl-clhpp_git.bb: Recipe for OpenCL Host API C++ bindings
zocl: Recipe for Xilinx runtime driver module
xrt: Xilinx Runtime User Space Libraries and headers
Sai Hari Chandana Kalluri (1):
xilinx-testimage.bbclass: Include IMAGE_AUTOLOGIN and IMAGE_FSTYPES values for runqemu
Sreeja Vadakattu (1):
machine-xilinx-default.inc: Make u-boot.elf as UBOOT_ELF for zynq
Vineeth Chowdary Karumanchi (1):
tune-zynq.inc: Build zImage in addition to uImage
meta-security: c28b72e91d..ecb526ffab:
Armin Kuster (34):
linux-bbappends: simplify
layers: set warrior only
security-test-image: add a testing image
runtime: clamav test cleanup
packagegroup-core-security: cleanup and remove ptest
test-image: add packagegroup-core-security-ptest
test-image: add a few more packages to image
ima-evm-utils: update to tip
runtime: tpm2 fix names in packagecheck
tpm2 images: create tpm2 image and fix packagegroup
tpm image: split out tpm2
tpm2-pkcs11/tpm2-pkcs11: update to tip
tpm2-tcti-uefi: update to tip
tpm2-tools: update to 3.2.0
tpm2-tss: update to 2.2.3
tpm2-totp: update to offical release v0.1.1
tpm2-tss-engine: update to 1.0.0
libmspack: update SRC_URI and package
clamav: minor recipe cleanup
lynis: update to 2.7.5
meta-security-compliance: update README
openscap_git: update to 1.3.0
openscap: add 1.3.1 recipes for upstream source
scap-security-guide: update to 0.1.44
meta-security-compliance: add meta-python
libldb: remove recipe
waf-cross-answers: remove files
samhain: update to 4.3.3
keyutils: remove from meta-security
linux-%: remove kernel fragments now in cache
meta-integrity: remove kernel fragments now in cache
linux-stable/5.2: add stable bbappend
linux-yocto: use 4.19 kernel cache now
linux-yocto-dev: update to use kernel cache
Dmitry Eremin-Solenikov (11):
packagegroup-security-tpm2: stop including tpm2-tcti-uefi
tpm2-tss: fix compilation when using updated AX_CODE_COVERAGE macro
tpm2-tcti-uefi: add autoconf-archive-native dependency
tpm2-tcti-uefi: fix configure arguments
tpm2-tcti-uefi: stop inserting host directories into build path
tpm2-tcti-uefi: build and install examples
meta-integrity: rename IMA_EVM_BASE to INTEGRITY_BASE
ima-evm-utils: bump to release 1.2.1
kernel-modsign.bbclass: add support for kernel modules signing
linux: add support for kernel modules signing
layer.conf: switch to keyutils from meta-oe
He Zhe (1):
kernel: Add conditional inclusion of fragments for linux-yocto-dev
Mark Asselstine (1):
openscap/scap-security-guide: use _git instead of versioned filenames
Yi Zhao (5):
openscap: update recipe
scap-security-guide: update recipe
openscap: cleanup DEPENDS
scap-security-guide: fix typo
xmlsec1: upgrade 1.2.27 -> 1.2.28
lumag (3):
layer.conf: add dependency on meta-security
ima-evm-utils: bump version
ima-evm-utils: refresh xattr patch
meta-raspberrypi: 8636b63752..b112816e95:
Andrei Gherzan (46):
rpi-base.inc: Include rpi4 dtb
raspberrypi3.conf: Clarify machine mode
linux-raspberrypi: Include configuration for RaspberryPi3 defconfig
linux-raspberrypi: Update 4.19 kernel to 4.19.56
rpi-base: Rename the rpi0w dtb
firmware: Update to 20190620
raspberrypi4.conf: Add initial machine 32 bit configuration
linux-firmware-rpidistro: Fix WiFi on RaspberryPi 4
rpi-base.inc: Include the "fake" KMS dtbo
raspberrypi4: Use vc4-fkms-v3d
linux-raspberrypi: Bump 4.19 revision to fix RPi 4 arm64 builds
raspberrypi4-64.conf: Introduce RPi arm64 machine
firmware: Rename firmware inc file to raspberrypi-firmware.inc
armstubs: Add support for compiling ARM stubs
rpi-config: Handle ARMSTUB
sdcard_image-rpi.bbclass: Include in the SD card image the armstub file
raspberrypi4-64.conf: Initial machine configuration
raspberrypi-tools: Update to remove Makefile patch
linux-raspberrypi: Fix defconfig for RPi4-64
linux-raspberrypi.inc: Explicitly set defconfig for raspberrypi4-64
sdcard_image-rpi.bbclass: Fix typo
linux-raspberrypi: Bump 4.19 revision to have proper coherent_pool set
raspberrypi4-64.conf: Define a machine feature for armstubs
sdcard_image-rpi.bbclass: Use armstub machine feature
linux-raspberrypi: Bump 4.19.57 revision
raspberrypi4.conf: Define uboot defconfig
raspberrypi4-64.conf: Uboot configuration and drop armstub
u-boot: Use a temporary fork for RPi4 support
raspberrypi-firmware: Update to 20190709
raspberrypi4.conf: The firmware uses kernel7l.img when LPAE is supported
linux-raspberrypi: Bump 4.19 to 4.19.58
linux-raspberrypi: Build dtbs with dtbs make target for all 64bit targets
linux-raspberrypi: Bump 4.19 revision
raspberrypi4-64.conf: Remove memory limitation
u-boot: Replace custom fork by patches
u-boot: Update patches for RPi4
rpi-config: Check for armstub based on machine feature
sdcard_image-rpi: Check for armstub based on machine feature
armstubs: Error out when ARMSTUBS is not defined
raspberrypi*: Define ARMSTUB for all machines
raspberrypi4-64.conf: Limit RAM to 3G
README.md: Use matrix chat room
raspberrypi-firmware.inc: Update to 20190718
linux-raspberrypi: Update 4.19 recipe to 4.19.66
mesa: Add v3d and kmsro driver as well
raspberrypi4-64: Remove the 3G RAM limitation
Carton (2):
bluez5: Fixed typo (RC_URI -> SRC_URI)
rpi-config: Check some config values against "1"
Francesco Giancane (1):
linux-raspberrypi: update to 4.14.114
Khem Raj (8):
linux-raspberrypi: Upgrade to 4.19.57
userland: Upgrade to latest
webkitgtk: Remove -DUSE_GSTREAMER_GL=OFF for vc4graphics
layer.conf: Add meta-networking to dynamic layers
drbd: Disable for rpi machines
packagegroup-rpi-test: Depend on wireless-regdb instead of crda
xorg-xserver: Adapt bbappend to latest OE-core
python-rtimu,python-sense-hat: Convert to py3 modules
Kirill Goncharov (1):
omxplayer: Bump revision
Martin Jansa (1):
sdcard_image-rpi.bbclass: use -v for all mcopy calls and add bbfatal in case mcopy fails
Riyaz (1):
rpi-base.inc: Enabling open-source vc4graphics driver for all RPI platforms
Change-Id: I9e37b5952a2e2e30745275fc89e4dd7c47b851e2
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md
index 5bef76e..4607948 100644
--- a/meta-security/meta-integrity/README.md
+++ b/meta-security/meta-integrity/README.md
@@ -74,7 +74,7 @@
the image, enable image signing in the local.conf like this:
INHERIT += "ima-evm-rootfs"
- IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+ IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
This uses the default keys provided in the "data" directory of the layer.
Because everyone has access to these private keys, such an image
@@ -96,7 +96,7 @@
# In that shell, create the keys. Several options exist:
# 1. Self-signed keys.
- $IMA_EVM_BASE/scripts/ima-gen-self-signed.sh
+ $INTEGRITY_BASE/scripts/ima-gen-self-signed.sh
# 2. Keys signed by a new CA.
# When asked for a PEM passphrase, that will be for the root CA.
@@ -104,11 +104,11 @@
# only creating new certificates does. Most likely the default
# attributes for these certificates need to be adapted; modify
# the scripts as needed.
- # $IMA_EVM_BASE/scripts/ima-gen-local-ca.sh
- # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh
+ # $INTEGRITY_BASE/scripts/ima-gen-local-ca.sh
+ # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh
# 3. Keys signed by an existing CA.
- # $IMA_EVM_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
+ # $INTEGRITY_BASE/scripts/ima-gen-CA-signed.sh <CA.pem> <CA.priv>
exit
When using ``ima-self-signed.sh`` as described above, self-signed keys
@@ -169,7 +169,7 @@
changes. To activate policy loading via systemd, place a policy file
in `/etc/ima/ima-policy`, for example with:
- IMA_EVM_POLICY_SYSTEMD = "${IMA_EVM_BASE}/data/ima_policy_simple"
+ IMA_EVM_POLICY_SYSTEMD = "${INTEGRITY_BASE}/data/ima_policy_simple"
To check that measuring works, look at `/sys/kernel/security/ima/ascii_runtime_measurements`
diff --git a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
index 8aec388..d6ade3b 100644
--- a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -1,7 +1,7 @@
# No default! Either this or IMA_EVM_PRIVKEY/IMA_EVM_X509 have to be
# set explicitly in a local.conf before activating ima-evm-rootfs.
# To use the insecure (because public) example keys, use
-# IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+# IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
IMA_EVM_KEY_DIR ?= "IMA_EVM_KEY_DIR_NOT_SET"
# Private key for IMA signing. The default is okay when
diff --git a/meta-security/meta-integrity/classes/kernel-modsign.bbclass b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
new file mode 100644
index 0000000..09025ba
--- /dev/null
+++ b/meta-security/meta-integrity/classes/kernel-modsign.bbclass
@@ -0,0 +1,29 @@
+# No default! Either this or MODSIGN_PRIVKEY/MODSIGN_X509 have to be
+# set explicitly in a local.conf before activating kernel-modsign.
+# To use the insecure (because public) example keys, use
+# MODSIGN_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+MODSIGN_KEY_DIR ?= "MODSIGN_KEY_DIR_NOT_SET"
+
+# Private key for modules signing. The default is okay when
+# using the example key directory.
+MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
+
+# Public part of certificates used for modules signing.
+# The default is okay when using the example key directory.
+MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
+
+# If this class is enabled, disable stripping signatures from modules
+INHIBIT_PACKAGE_STRIP = "1"
+
+kernel_do_configure_prepend() {
+ if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
+ cat "${MODSIGN_PRIVKEY}" "${MODSIGN_X509}" \
+ > "${B}/modsign_key.pem"
+ else
+ bberror "Either modsign key or certificate are invalid"
+ fi
+}
+
+do_shared_workdir_append() {
+ cp modsign_key.pem $kerneldir/
+}
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 2f696cf..41989da 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -13,12 +13,14 @@
# Set a variable to get to the top of the metadata location. Needed
# for finding scripts (when following the README.md instructions) and
# default debug keys (in ima-evm-rootfs.bbclass).
-IMA_EVM_BASE := '${LAYERDIR}'
+INTEGRITY_BASE := '${LAYERDIR}'
# We must not export this path to all shell scripts (as in "export
-# IMA_EVM_BASE"), because that causes problems with sstate (becames
+# INTEGRITY_BASE"), because that causes problems with sstate (becames
# dependent on location of the layer). Exporting it to just the
# interactive shell is enough.
-OE_TERMINAL_EXPORTS += "IMA_EVM_BASE"
+OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
LAYERSERIES_COMPAT_integrity = "warrior"
+# ima-evm-utils depends on keyutils from meta-oe
+LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/data/debug-keys/privkey_modsign.pem b/meta-security/meta-integrity/data/debug-keys/privkey_modsign.pem
new file mode 100644
index 0000000..4cac00a
--- /dev/null
+++ b/meta-security/meta-integrity/data/debug-keys/privkey_modsign.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEWsJjB2pA5Ih6
+EelXvVjwWY1ix1azMciNRNPPQN1AMXF0K/VUkfOYbaPajg1cQYEf9gk3q7OZ5Axk
+UY/e5piZORaPcsmj0lV0L+NSlRYydR5M/QxtEz26585FgqRGdAe6umStPmVKdqa2
+d68O4PgQgJJtVuz6ndm+0uNEUDCVLwhkGQSwNB3qBbZAUX9escZ/a8eUiBfMYKaO
+k8JRyM+2br9dgpTFg4UfBYexgNSQo8g5TIBGc8KgQiKCuFj1fQEhV5z4RusHthjc
+NYXa3RHmdclxyrGeYr5ZRc47HqE1gd5NDR0WeHn4C4YKcfK1rZZz/2+6hfsIRfGx
+6cQKk23hAgMBAAECggEAJ0ULiWirPG04SkmYxF5vEiqm1zGMymvTc0VnoxSS60q4
+KQa9mvtRn5OV6JjuXRwQqga30zV4xvdP7yRMxMSTkllThL7tSuE/C+yj5xlABjlc
+JQOa35mwh9fibg5xslF0Vkj+55MKCPlv4CBRl4Uwt4QvRMTUwk6dhMeCgmATR1J1
+2/7AipjtfFYreDx7sLbRVvSzUhmZS0iCbNOhtTWPLNW+9YKHTOffKa04HzNtnAXq
+OjJ0IRZD/C6LfkBUsnHg2eEiA97QXh/Srsl9nc8DaUK1IXRywEdmYIoNMWMav2Hm
+RO8kkU30BqKW+/EO2ZbH2GmkxvwWd0ocBnLC3FRWEQKBgQDu4T8CB3YsOcVjqem4
+iBlaSht/b46YQc7A1SOqZCimehmmXNSxQOkapIG3wlIr5edtXQA+xv09+WrproUB
+SjAnqaH6pYeCvbNlY5k344gtYs+Kco2rq5GYa+LumAeX2Sam8F7u4LxvEogCecX7
+e4rnG3lt3AVuuRE7zpCQtaWcJQKBgQDSbUvea9pcYli9pssTl+ijQKkgG9DdaYbA
+I5w5bY1TPYZ/Ocysljefv/ssaHFh4DPxE1MQ5JHwZgZRo1EICxxYzGsLjyR/fmjz
+1c/NJlTtalCNtLvWaf7b02ag/abnP8neiSpLL5xqHvGo5ikWwgYQD+9HVKGvL3S1
+kI7x/ziADQKBgQCqFbkuMa/jh3LTJp0iZc1fa1qu3vhx0pFq3Zeab9w9xLxUps5O
+MwCGltFBzNuDJBwm00wkZrzTjq6gGkHbjD5DT1XkyE13OqjsLQFgOOKyJiPN2Qik
+TfHJzC91YMwvQ09xF78QaPXiRBiRYrEkAXACY56PKVS45I6vvcFTN/Ll/QKBgA9m
+KDMyuVwhZlUaq6nXaBLqXHYZEwPhARd2g6xANCNvUTRmSnAm3hM2vW7WhdWfzq1J
+uL53u6ZYEQZQaVGpXn2xF/RUmVsrKQsPDpH4yCZHrXVxUH20bA4yPkRxy5EIvgEn
+EI1IAq5RbWXq0f70W/U49U3HB74GPwg6d/uFreDRAoGAN+v9gMQA6A1vM7LvbYR8
+5CwwyqS/CfI9zKPLn53QstguXC/ObafIYQzVRqGb9lCQgtlmmKw4jMY0B/lDzpcH
+zS8rqoyvDj/m7i17NYkqXErJKLRQ0ptXKdLXHlG0u185e7Y5p4O3Z5dk8bACkpHi
+hp764y+BtU4qIcVaPsPK4uU=
+-----END PRIVATE KEY-----
diff --git a/meta-security/meta-integrity/data/debug-keys/x509_modsign.crt b/meta-security/meta-integrity/data/debug-keys/x509_modsign.crt
new file mode 100644
index 0000000..5fa2a90
--- /dev/null
+++ b/meta-security/meta-integrity/data/debug-keys/x509_modsign.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgIUUqmBj5Q8edHMMTXsoGVGEEKdwV4wDQYJKoZIhvcNAQEL
+BQAwZzEqMCgGA1UEAxMhbWV0YS1zZWN1cml0eSBtb2R1bGVzIHNpZ25pbmcga2V5
+MRQwEgYDVQQKEwtleGFtcGxlLmNvbTEjMCEGCSqGSIb3DQEJARYUam9obi5kb2VA
+ZXhhbXBsZS5jb20wIBcNMTkwNzI3MjIzOTA3WhgPMjExOTA3MjcyMjM5MTVaMGcx
+KjAoBgNVBAMTIW1ldGEtc2VjdXJpdHkgbW9kdWxlcyBzaWduaW5nIGtleTEUMBIG
+A1UEChMLZXhhbXBsZS5jb20xIzAhBgkqhkiG9w0BCQEWFGpvaG4uZG9lQGV4YW1w
+bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxFrCYwdqQOSI
+ehHpV71Y8FmNYsdWszHIjUTTz0DdQDFxdCv1VJHzmG2j2o4NXEGBH/YJN6uzmeQM
+ZFGP3uaYmTkWj3LJo9JVdC/jUpUWMnUeTP0MbRM9uufORYKkRnQHurpkrT5lSnam
+tnevDuD4EICSbVbs+p3ZvtLjRFAwlS8IZBkEsDQd6gW2QFF/XrHGf2vHlIgXzGCm
+jpPCUcjPtm6/XYKUxYOFHwWHsYDUkKPIOUyARnPCoEIigrhY9X0BIVec+EbrB7YY
+3DWF2t0R5nXJccqxnmK+WUXOOx6hNYHeTQ0dFnh5+AuGCnHyta2Wc/9vuoX7CEXx
+senECpNt4QIDAQABo0AwPjAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHgAAw
+HQYDVR0OBBYEFDa35X9LnPlrd76inh/cYgeXh6X4MA0GCSqGSIb3DQEBCwUAA4IB
+AQBTPTh7zY9BrfZW9Izk9JSZYNigwUDwjrhNBSLr5NKi2A/LmZ0jjdCDkwaCn5io
+xrAq5oxPCAkwlzKwY2ootcL3+En4Pq2e5U+n9kRrpDpKKiR5/0S0d9vpgg4eZR0R
+kxqE9APCQ5SFU3PgnJ5H5y2SPXzle3bgUsWxNGD81zXFn5clJj4XHvJDWTQ/jG7C
+FTQ1o1HXtzda4EmKIzrSU/ayVbpPg5fPEBJjk/hHPT45kfzVZBuxwBLXVbe/YyWi
+NTFWCbJwjZwVRKrsQ3HFpYMWvugtcsSHo7vGi06FvUHcS2sUZH5sFn7hulcIGICt
+EztTO8Q+yhZujZbmEyJmxqZv
+-----END CERTIFICATE-----
diff --git a/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb b/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
index 6ed724d..e1bc6ff 100644
--- a/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
+++ b/meta-security/meta-integrity/recipes-core/images/integrity-image-minimal.bb
@@ -17,6 +17,6 @@
export IMAGE_BASENAME = "integrity-image-minimal"
INHERIT += "ima-evm-rootfs"
-IMA_EVM_KEY_DIR = "${IMA_EVM_BASE}/data/debug-keys"
+IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
QB_KERNEL_CMDLINE_APPEND_append = " ima_appraise=fix ima_policy=tcb ima_policy=appraise_tcb"
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend b/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend
index 931854e..f9a48cd 100644
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend
+++ b/meta-security/meta-integrity/recipes-kernel/linux/linux-%.bbappend
@@ -1,3 +1,5 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/linux:"
+KERNEL_FEATURES_append = " ${@bb.utils.contains("DISTRO_FEATURES", "ima", " features/ima/ima.scc", "" ,d)}"
-SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' file://ima.cfg', '', d)}"
+KERNEL_FEATURES_append = " ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', ' features/ima/modsign.scc', '', d)}"
+
+inherit ${@bb.utils.contains('DISTRO_FEATURES', 'modsign', 'kernel-modsign', '', d)}
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg
deleted file mode 100644
index b3e47ba..0000000
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima.cfg
+++ /dev/null
@@ -1,18 +0,0 @@
-CONFIG_IMA=y
-CONFIG_IMA_MEASURE_PCR_IDX=10
-CONFIG_IMA_NG_TEMPLATE=y
-CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
-CONFIG_IMA_DEFAULT_HASH_SHA1=y
-CONFIG_IMA_DEFAULT_HASH="sha1"
-CONFIG_IMA_APPRAISE=y
-CONFIG_IMA_APPRAISE_BOOTPARAM=y
-CONFIG_IMA_TRUSTED_KEYRING=y
-CONFIG_SIGNATURE=y
-CONFIG_IMA_WRITE_POLICY=y
-CONFIG_IMA_READ_POLICY=y
-CONFIG_IMA_LOAD_X509=y
-CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
-
-#CONFIG_INTEGRITY_SIGNATURE=y
-#CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
-#CONFIG_INTEGRITY_TRUSTED_KEYRING=y
diff --git a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg b/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg
deleted file mode 100644
index 9a45425..0000000
--- a/meta-security/meta-integrity/recipes-kernel/linux/linux/ima_evm_root_ca.cfg
+++ /dev/null
@@ -1,3 +0,0 @@
-# CONFIG_IMA_APPRAISE_SIGNED_INIT is not set
-CONFIG_EVM_LOAD_X509=y
-CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch
deleted file mode 100644
index 5ccb73d..0000000
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 4feaf9b61f93e4043eca26b4ec9f9f68d0cf5e68 Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Wed, 6 Mar 2019 01:08:43 +0300
-Subject: [PATCH 1/4] ima-evm-utils: link to libcrypto instead of OpenSSL
-
-There is no need to link to full libssl. evmctl uses functions from
-libcrypto, so let's link only against that library.
-
-Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
----
- configure.ac | 4 +---
- src/Makefile.am | 9 ++++-----
- 2 files changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 60f3684..32e8d85 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -24,9 +24,7 @@ LT_INIT
- # Checks for header files.
- AC_HEADER_STDC
-
--PKG_CHECK_MODULES(OPENSSL, [ openssl >= 0.9.8 ])
--AC_SUBST(OPENSSL_CFLAGS)
--AC_SUBST(OPENSSL_LIBS)
-+PKG_CHECK_MODULES(LIBCRYPTO, [libcrypto >= 0.9.8 ])
- AC_SUBST(KERNEL_HEADERS)
- AC_CHECK_HEADER(unistd.h)
- AC_CHECK_HEADERS(openssl/conf.h)
-diff --git a/src/Makefile.am b/src/Makefile.am
-index d74fc6f..b81281a 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -1,11 +1,11 @@
- lib_LTLIBRARIES = libimaevm.la
-
- libimaevm_la_SOURCES = libimaevm.c
--libimaevm_la_CPPFLAGS = $(OPENSSL_CFLAGS)
-+libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
- # current[:revision[:age]]
- # result: [current-age].age.revision
- libimaevm_la_LDFLAGS = -version-info 0:0:0
--libimaevm_la_LIBADD = $(OPENSSL_LIBS)
-+libimaevm_la_LIBADD = $(LIBCRYPTO_LIBS)
-
- include_HEADERS = imaevm.h
-
-@@ -17,12 +17,11 @@ hash_info.h: Makefile
- bin_PROGRAMS = evmctl
-
- evmctl_SOURCES = evmctl.c
--evmctl_CPPFLAGS = $(OPENSSL_CFLAGS)
-+evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
- evmctl_LDFLAGS = $(LDFLAGS_READLINE)
--evmctl_LDADD = $(OPENSSL_LIBS) -lkeyutils libimaevm.la
-+evmctl_LDADD = $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
-
- INCLUDES = -I$(top_srcdir) -include config.h
-
- CLEANFILES = hash_info.h
- DISTCLEANFILES = @DISTCLEANFILES@
--
---
-2.17.1
-
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch
deleted file mode 100644
index 8237274..0000000
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 5bb10f3da420f4c46e44423276a9da0d4bc1b691 Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Wed, 6 Mar 2019 01:17:12 +0300
-Subject: [PATCH 2/4] ima-evm-utils: replace INCLUDES with AM_CPPFLAGS
-
-Replace INCLUDES variable with AM_CPPFLAGS to stop Automake from warning
-about deprecated variable usage.
-
-Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
----
- src/Makefile.am | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index b81281a..164e7e4 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -1,7 +1,7 @@
- lib_LTLIBRARIES = libimaevm.la
-
- libimaevm_la_SOURCES = libimaevm.c
--libimaevm_la_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
-+libimaevm_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
- # current[:revision[:age]]
- # result: [current-age].age.revision
- libimaevm_la_LDFLAGS = -version-info 0:0:0
-@@ -17,11 +17,11 @@ hash_info.h: Makefile
- bin_PROGRAMS = evmctl
-
- evmctl_SOURCES = evmctl.c
--evmctl_CPPFLAGS = $(LIBCRYPTO_CFLAGS)
-+evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
- evmctl_LDFLAGS = $(LDFLAGS_READLINE)
- evmctl_LDADD = $(LIBCRYPTO_LIBS) -lkeyutils libimaevm.la
-
--INCLUDES = -I$(top_srcdir) -include config.h
-+AM_CPPFLAGS = -I$(top_srcdir) -include config.h
-
- CLEANFILES = hash_info.h
- DISTCLEANFILES = @DISTCLEANFILES@
---
-2.17.1
-
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch
deleted file mode 100644
index 3d250d2..0000000
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From c587ec307a6259a990bfab727cea7db28dba4c23 Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Wed, 6 Mar 2019 01:22:30 +0300
-Subject: [PATCH 3/4] ima-evm-utils: include hash-info.gen into distribution
-
-Include hash-info.gen into tarball and call it from the sourcedir to fix
-out-of-tree build (and thus 'make distcheck').
-
-Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
----
- src/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/Makefile.am b/src/Makefile.am
-index 164e7e4..9c037e2 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -11,8 +11,9 @@ include_HEADERS = imaevm.h
-
- nodist_libimaevm_la_SOURCES = hash_info.h
- BUILT_SOURCES = hash_info.h
-+EXTRA_DIST = hash_info.gen
- hash_info.h: Makefile
-- ./hash_info.gen $(KERNEL_HEADERS) >$@
-+ $(srcdir)/hash_info.gen $(KERNEL_HEADERS) >$@
-
- bin_PROGRAMS = evmctl
-
---
-2.17.1
-
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch
deleted file mode 100644
index 4ada1a2..0000000
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/0004-ima-evm-utils-update-.gitignore-files.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From b9f327c5c513ccea9cb56d4bbd50c1f66d629099 Mon Sep 17 00:00:00 2001
-From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-Date: Wed, 6 Mar 2019 01:24:04 +0300
-Subject: [PATCH 4/4] ima-evm-utils: update .gitignore files
-
-Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
----
- .gitignore | 1 +
- src/.gitignore | 1 +
- 2 files changed, 2 insertions(+)
- create mode 100644 src/.gitignore
-
-diff --git a/.gitignore b/.gitignore
-index ca7a06e..cb82166 100644
---- a/.gitignore
-+++ b/.gitignore
-@@ -45,6 +45,7 @@ cscope.*
- ncscope.*
-
- # Generated documentation
-+*.1
- *.8
- *.5
- manpage.links
-diff --git a/src/.gitignore b/src/.gitignore
-new file mode 100644
-index 0000000..38e8e3c
---- /dev/null
-+++ b/src/.gitignore
-@@ -0,0 +1 @@
-+hash_info.h
---
-2.17.1
-
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch
index c0bdd9b..ffa65df 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils/evmctl.c-do-not-depend-on-xattr.h-with-IMA-defines.patch
@@ -23,9 +23,9 @@
index c54efbb..23cf54c 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
-@@ -56,6 +56,18 @@
- #include <ctype.h>
+@@ -57,6 +57,18 @@
#include <termios.h>
+ #include <assert.h>
+/*
+ * linux/xattr.h might be old to have this. Allow compilation on older
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index 929d853..92c24c9 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -6,9 +6,9 @@
DEPENDS_class-native += "openssl-native keyutils-native"
-PV = "1.0+git${SRCPV}"
-SRCREV = "0267fa16990fd0ddcc89984a8e55b27d43e80167"
-SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils"
+PV = "1.2.1+git${SRCPV}"
+SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
+SRC_URI = "git://git.code.sf.net/p/linux-ima/ima-evm-utils;branch=ima-evm-utils-1.2.y"
# Documentation depends on asciidoc, which we do not have, so
# do not build documentation.
@@ -21,12 +21,6 @@
# Required for xargs with more than one path as argument (better for performance).
SRC_URI += "file://command-line-apply-operation-to-all-paths.patch"
-SRC_URI += "\
- file://0001-ima-evm-utils-link-to-libcrypto-instead-of-OpenSSL.patch \
- file://0002-ima-evm-utils-replace-INCLUDES-with-AM_CPPFLAGS.patch \
- file://0003-ima-evm-utils-include-hash-info.gen-into-distributio.patch \
- file://0004-ima-evm-utils-update-.gitignore-files.patch \
-"
S = "${WORKDIR}/git"
inherit pkgconfig autotools