meta-security: subtree update:066a04425c..787ba6faea

Armin Kuster (10):
      lynis: update to 3.0.0
      security images: Move to recipe-core
      security packagegroups: move to recipes-core
      packagegroup-security-tpm: add more packages for building
      packagegroup-core-security: remove clamav for riscv*
      libsecomp: rv32/rv64 target builds are not supported yet
      packagegroup-core-security: remove libseccomp for riscv*
      libseccomp: update to 2.5.0
      packagegroup-core-security: restore riscv64 for libssecomp
      trousers: Several Security fixes

Charlie Davies (1):
      clamav: add INSTALL_CLAMAV_CVD flag to do_install

Kai Kang (1):
      libseccomp: fix cross compile error for mips

Yi Zhao (1):
      ibmswtpm2: upgrade 1563 -> 1628

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I0341c0d4cd61fb6ef7db6a29f9fc60de3caa822f
diff --git a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch b/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
new file mode 100644
index 0000000..7d17a03
--- /dev/null
+++ b/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
@@ -0,0 +1,49 @@
+Backport patch to fix cross compile error for mips:
+
+| syscalls.h:44:6: error: expected identifier or '(' before numeric constant
+|    44 |  int mips;
+|       |      ^~~~
+
+Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/279/commits/04c519e5]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 04c519e5b1de53592e98307813e5c6db7418f91b Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Sun, 2 Aug 2020 09:57:39 -0400
+Subject: [PATCH] build: undefine "mips" to prevent build problems for MIPS
+ targets
+
+It turns out that the MIPS GCC compiler defines a "mips" cpp macro
+which was resulting in build failures on MIPS so we need to
+undefine the "mips" macro during build.  As this should be safe
+to do in all architectures, just add it to the compiler flags by
+default.
+
+This was reported in the following GH issue:
+* https://github.com/seccomp/libseccomp/issues/274
+
+Reported-by: Rongwei Zhang <pudh4418@gmail.com>
+Suggested-by: Rongwei Zhang <pudh4418@gmail.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ configure.ac | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 40d9dcbb..3e877348 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -65,9 +65,11 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+ 
+ dnl ####
+ dnl build flags
++dnl NOTE: the '-Umips' is here because MIPS GCC compilers "helpfully" define it
++dnl       for us which wreaks havoc on the build
+ dnl ####
+ AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include"
+-AM_CFLAGS="-Wall"
++AM_CFLAGS="-Wall -Umips"
+ AM_LDFLAGS="-Wl,-z -Wl,relro"
+ AC_SUBST([AM_CPPFLAGS])
+ AC_SUBST([AM_CFLAGS])
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.4.3.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
similarity index 87%
rename from meta-security/recipes-security/libseccomp/libseccomp_2.4.3.bb
rename to meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
index 9ca41e6..35365d5 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.4.3.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
@@ -4,18 +4,23 @@
 LICENSE = "LGPL-2.1"
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
 
-SRCREV = "1dde9d94e0848e12da20602ca38032b91d521427"
+DEPENDS += "gperf-native"
 
-SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
+SRCREV = "f13f58efc690493fe7aa69f54cb52a118f3769c1"
+
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
            file://run-ptest \
+           file://fix-mips-build-failure.patch \
 "
 
+COMPATIBLE_HOST_riscv32 = "null"
+
 S = "${WORKDIR}/git"
 
 inherit autotools-brokensep pkgconfig ptest
 
 PACKAGECONFIG ??= ""
-PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
 
 DISABLE_STATIC = ""