Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / 8b1392834def7d17263b45bd1aab35759235fb3e^! / . / meta-security / recipes-security / libseccomp
commit8b1392834def7d17263b45bd1aab35759235fb3e[log] [tgz]
authorAndrew Geissler <geissonator@yahoo.com>Fri Mar 05 15:22:30 2021 -0600
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Mon Mar 15 11:02:06 2021 +0000
tree8c15f7cbef2b020a8f41839f56be0c02f57ac39c
parent3e34fba3f6b8389074f64203299fa60ec0fc18e1 [diff]
meta-security: subtree update:6053e8b8e2..9504d02694

Armin Kuster (19):
      softhsm: drop pkg as meta-oe has it
      apparmor: Inherit python3targetconfig
      python3-suricata-update: Inherit python3targetconfig
      openscap: Inherit python3targetconfig
      scap-security-guide: Inherit python3targetconfig
      nikito: Update common-licenses references to match new names
      kas-security-base.yml: build setting updates
      kas-security-base.yml: drop DL_DIR
      arpwatch: upgrade 3.0 -> 3.1
      checksec: upgrade 2.1.0 -> 2.4.0
      ding-libs: upgrade 0.5.0 -> 0.6.1
      fscryptctl: upgrade 0.1.0 -> 1.0.0
      libseccomp: upgrade 2.5.0 -> 2.5.1
      python3-privacyidea: upgrade 3.3 -> 3.5.1
      python3-scapy: upgrade 2.4.3 -> 2.4.4
      samhain: update to 4.4.3
      opendnssec: update to 2.1.8
      suricata: update to 4.10.0
      python3-fail2ban: update to 0.11.2

Jate Sujjavanich (1):
      scap-security-guide: Fix openembedded platform tests and build

Ming Liu (9):
      ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
      initramfs-framework-ima: fix a wrong path
      ima-evm-keys: add recipe
      initramfs-framework-ima: RDEPENDS on ima-evm-keys
      meta: refactor IMA/EVM sign rootfs
      README.md: update according to the refactoring in ima-evm-rootfs.bbclass
      initramfs-framework-ima: let ima_enabled return 0
      ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
      ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic

Yi Zhao (1):
      ibmswtpm2: disable camellia algorithm

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c

diff --git a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch b/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
deleted file mode 100644
index 7d17a03..0000000
--- a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
+++ /dev/null

@@ -1,49 +0,0 @@
-Backport patch to fix cross compile error for mips:
-
-| syscalls.h:44:6: error: expected identifier or '(' before numeric constant
-|    44 |  int mips;
-|       |      ^~~~
-
-Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/279/commits/04c519e5]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 04c519e5b1de53592e98307813e5c6db7418f91b Mon Sep 17 00:00:00 2001
-From: Paul Moore <paul@paul-moore.com>
-Date: Sun, 2 Aug 2020 09:57:39 -0400
-Subject: [PATCH] build: undefine "mips" to prevent build problems for MIPS
- targets
-
-It turns out that the MIPS GCC compiler defines a "mips" cpp macro
-which was resulting in build failures on MIPS so we need to
-undefine the "mips" macro during build.  As this should be safe
-to do in all architectures, just add it to the compiler flags by
-default.
-
-This was reported in the following GH issue:
-* https://github.com/seccomp/libseccomp/issues/274
-
-Reported-by: Rongwei Zhang <pudh4418@gmail.com>
-Suggested-by: Rongwei Zhang <pudh4418@gmail.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
----
- configure.ac | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 40d9dcbb..3e877348 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -65,9 +65,11 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
- 
- dnl ####
- dnl build flags
-+dnl NOTE: the '-Umips' is here because MIPS GCC compilers "helpfully" define it
-+dnl       for us which wreaks havoc on the build
- dnl ####
- AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include"
--AM_CFLAGS="-Wall"
-+AM_CFLAGS="-Wall -Umips"
- AM_LDFLAGS="-Wl,-z -Wl,relro"
- AC_SUBST([AM_CPPFLAGS])
- AC_SUBST([AM_CFLAGS])

diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
similarity index 92%
rename from meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
rename to meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
index 0cf2d70..40ac1a8 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb

@@ -6,12 +6,11 @@
 
 DEPENDS += "gperf-native"
 
-SRCREV = "f13f58efc690493fe7aa69f54cb52a118f3769c1"
+SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
 
 SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
            file://run-ptest \
-           file://fix-mips-build-failure.patch \
-"
+           "
 
 COMPATIBLE_HOST_riscv32 = "null"