if you are using linux-yocto for kernel then it is surely supported ,
so as long as it is added to kernel recipe it should work ok.

On Tue, Mar 15, 2022 at 3:58 AM Monsees, Steven C (US) via
lists.yoctoproject.org
<steven.monsees=baesystems.com@...> wrote:

On 3/14/22 12:44, Ralph Siemsen wrote:

tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3 ?
There appear to be only two small fixes
https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
We still need this backport regardless.

I would take an update to 4.1.3.

2) hardknott and honister are on 5.0
According to CVE configuration data, this version is not affected.
But looking at the branch history suggests otherwise.
The patch applies cleanly on top of 5.0.
Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
no action needed for this one.

Thanks for the analysis, much appreciated.

...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
.../tpm2-tools/tpm2-tools_4.1.1.bb | 3 ++
2 files changed, 46 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@...>

+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>

Missing the Standard OE patch format. The patch itself needs this additional meta data.
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines

Needs these too:

Upstream-Status:
CVE:

-armin

+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+ TPM2B_DATA enc_sensitive_key = {
+ .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+ };
+- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++ if(enc_sensitive_key.size < 16) {
++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++ return tool_rc_general_error;
++ }
++
++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++ if (ossl_rc != 1) {
++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++ return tool_rc_general_error;
++ }
+
+ /*
+ * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"
DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"

Otherwise recipies that need sed like strace fail with
"requires /bin/sed, but no providers found in RDEPENDS"
when building.
---
recipes-extended/sed/sed_4.1.2.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-extended/sed/sed_4.1.2.bb b/recipes-extended/sed/sed_4.1.2.bb
index dc061ca..cd7993c 100644
--- a/recipes-extended/sed/sed_4.1.2.bb
+++ b/recipes-extended/sed/sed_4.1.2.bb
@@ -35,3 +35,5 @@ ALTERNATIVE:${PN} = "sed"
ALTERNATIVE_LINK_NAME[sed] = "${base_bindir}/sed"
ALTERNATIVE_PRIORITY = "100"

+RPROVIDES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '/bin/sed', '', d)}"
+
--
2.32.0 (Apple Git-132)

When you say:

" you might have to look into this kernel recipe and ensure that it has enabled merging configs feature from kernel"

Are you talking about inheriting from "kernel-yocto" in order to work with configuration fragments ?

Thanks,
Steve

Hi Mingrui, Richard,


On Sat, 11 Sep 2021 11:42:44 +0800
"Mingrui Ren" <jiladahe1997@...> wrote:

On 06/09/2021 17:41, Richard Purdie wrote:
[...]

Why is this a problem? You need to state what the problem is

[...]
I think it's a good a feature if we could add custom variables into
fetcher. For example,
we could fetch private code by adding username or password, or we could
adding custom
proxy tools.

I have found myself using a sed one-liner to alter that variable list
in the fetcher code in order to pass through to git the
GIT_CONFIG_GLOBAL environment variable, the goal being to do git URL
rewrites via the git configuration (to pass HTTP credentials, or to use
a local repo because I didn't want to bother keeping obscure VPNs
online); it was the shortest way I could think of to achieve this.
Alternatively I could have used a PATH modification with a host tool
wrapper.
Ideally I would prefer adding a KEY += value line to a site.conf.


Best regards,

--
Jérôme

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.15.rc1. We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion this Friday, March 18.

Thanks,
Jay

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and
is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...

On Mon, Mar 14, 2022 at 12:57 PM Monsees, Steven C (US) via
lists.yoctoproject.org
<steven.monsees=baesystems.com@...> wrote:

Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”



Which basically contains:



EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg



I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”



It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

these are some config files for doing what ? from what it looks like,
this inc file is adding a kernel config fragment
if so then it should be appended too kernel recipe so if
aiox-swdebugfs.bb is kernel recipe then you are doing it
right, but then you might have to look into this kernel recipe and
ensure that it has enabled merging configs feature
from kernel. Otherwise these cfgs wont be processed.

I have the exact same implementation working under my intel platform.



Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?



Thanks,

Steve

tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3 ?
There appear to be only two small fixes
https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
We still need this backport regardless.

2) hardknott and honister are on 5.0
According to CVE configuration data, this version is not affected.
But looking at the branch history suggests otherwise.
The patch applies cleanly on top of 5.0.
Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
no action needed for this one.

...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
.../tpm2-tools/tpm2-tools_4.1.1.bb | 3 ++
2 files changed, 46 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+ TPM2B_DATA enc_sensitive_key = {
+ .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+ };
+- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++ if(enc_sensitive_key.size < 16) {
++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++ return tool_rc_general_error;
++ }
++
++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++ if (ossl_rc != 1) {
++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++ return tool_rc_general_error;
++ }
+
+ /*
+ * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"

DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"

+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"

SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
--
2.25.1

From: Andrei Gherzan <andrei.gherzan@...>

All the LAYERSERIES_COMPAT versions provide this recipe in oe-core.
Also, west seems to only depend on 0,26 which is provided even in
dunfell.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
.../python/python3-pyelftools_0.27.bb | 14 --------------
1 file changed, 14 deletions(-)
delete mode 100644 meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb

diff --git a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
deleted file mode 100644
index 1405fc5..0000000
--- a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-FileCopyrightText: Huawei Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-SUMMARY = "Python pyelftools"
-HOMEPAGE = "https://pypi.org/project/pyelftools"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc"
-
-inherit pypi setuptools3
-
-PYPI_PACKAGE = "pyelftools"
-SRC_URI[md5sum] = "061d67c669a9b1f8d07f28c47fb6a65f"
-SRC_URI[sha256sum] = "cde854e662774c5457d688ca41615f6594187ba7067af101232df889a6b7a66b"
-BBCLASSEXTEND = "native nativesdk"
--
2.25.1

On 3/9/22 23:58, Ashish Sharma wrote:

raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.")
pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename.
Removed build tracker: '/tmp/pip-req-tracker-qnepnk46'

ERROR: Failed to pip install wheel. Check the logs.

Thanks. I took this over the two odd ones I had in master-next.

merged.

-armin

Signed-off-by: Ashish Sharma <asharma@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index f6394cc..29a4ad2 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -15,7 +15,7 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://run-ptest \
"
-inherit update-rc.d ptest setuptools3
+inherit update-rc.d ptest setuptools3_legacy
S = "${WORKDIR}/git"

On 3/8/22 11:15, Gary Huband wrote:

The problems is that the configure.ac file is hard coded for lua5.1.  See

https://forum.suricata.io/t/lua-5-4-3-and-suricata-undefined-reference-error/1906/5

I created a patch to change configure.ac to use lua5.3 (I'm using Zeus).

Did you save that patch in the suricata/files dir and then append SRC_URI with "file://{patch name}" ?

But when I "bitbake suricata" I'm getting the same error because it's not updating the configure file.  Do I also have to fix the configure file or is there some way I can force a autoreconf?

When I try building this on master, I have to use luajit as it provides shared libraries and lua does not. The symbol 'rs_dns_lua_get_rrname' and others are not found. i don't see them in the latest lua nor luajit repos so I don't know why they are being referenced.

The version I am building is 6.0.4 which uses Rust so I don't know what would take to fix zeus.

- armin

Thanks

Gary
------------------------------------------------------------------------
*From:* Khem Raj <raj.khem@...>
*Sent:* Saturday, March 5, 2022 2:55 AM
*To:* Gary Huband <Gary@...>
*Cc:* akuster808 <akuster808@...>; yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On Fri, Mar 4, 2022 at 6:23 PM Gary Huband via lists.yoctoproject.org <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0> <gary=missionsecure.com@...> wrote:

The Suricata install site also says to install

liblua5.1-dev

Does this mean that Suricata needs lua 5.1 (which is very old)??
For Zeus the lua recipe is 5.3.5.

Do I need to create a recipe for lua 5.1?


seems so, lua5.1 is not ABI compatible with newer Lua, so if an app needs this version then
you will have to add it, perhaps see if you can just use internal version or something like that


Gary
------------------------------------------------------------------------
*From:* akuster808 <akuster808@...>
*Sent:* Friday, March 4, 2022 7:52 PM
*To:* Gary Huband <Gary@...>;
yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On 3/4/22 15:02, Gary Huband via lists.yoctoproject.org
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0>
wrote:
>
> Adding DEPENDS += "lua"  fixed that error. I'm assuming that allows
> the configure to find lua.
>
> Now I'm getting a compile error
>

I added this to the recipe and it appears the liblua it  is
looking for
does not exist.

PACKAGECONFIG[lua] = "--enable-lua
--with-liblua-includes=${STAGING_INCDIR}
--with-liblua-libraries==${STAGING_LIBDIR}, --disable-lua,lua, lua"

Error:

checking for luaL_openlibs in -llua5.1... no
|
|    ERROR!  liblua library not found, go get it
|    from
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&;data=04%7C01%7Cgary%40missionsecure.com%7C7f9815dcc0c142b6d92d08d9fe4262cb%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820383359878260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=FdB7jyQwXX%2BVjjhLSDhKNSt41GUOgdg%2FG3ajSKIElo0%3D&amp;reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IIiVAzlCWInZxopdvMsLgkyuDmB5YSRF%2Fa%2FCsQAl7r0%3D&reserved=0>
or your distribution:
|
|    Ubuntu: apt-get install liblua5.1-dev


It may be  the lua recipe.  I only see the static lib 'liblua.a'

-armin

> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetTxid':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:80:

> undefined reference to `rs_dns_lua_get_tx_id'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAnswerTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:125:

> undefined reference to `rs_dns_lua_get_answer_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAuthorityTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:133:

> undefined reference to `rs_dns_lua_get_authority_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetQueryTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:117:

> undefined reference to `rs_dns_lua_get_query_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetDnsRrname':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:69:

> undefined reference to `rs_dns_lua_get_rrname'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetRcode':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:92:

> undefined reference to `rs_dns_lua_get_rcode'
> | collect2: error: ld returned 1 exit status
> | Makefile:2118: recipe for target 'suricata' failed
> | make[2]: *** [suricata] Error 1
>
>
>
>


*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmission-secure-inc-&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OG%2F50BtrZR9AjIfTtJTuropOzChcINERZyhRWyWyLGA%3D&reserved=0>  |
Blog
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2Fblog%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dblog-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pv1FQe%2F9E0oVWISZeGtO3DCs9jWOOyXFsH1kDtruQh4%3D&reserved=0>  |
Website
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2F%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dweb-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9wovY4656fj9McZWqGJH3ZOerurcU2Mvsgdsfd%2FNU7M%3D&reserved=0>


: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and
proprietary and intended solely for the use of the individual or
entity to whom they are addressed. Any dissemination, distribution
or copying of this communication is strictly prohibited without
our prior permission. If you received this in error, please
contact the sender and delete the material from any computer.




*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn <https://www.linkedin.com/company/mission-secure-inc->  | Blog <https://www.missionsecure.com/blog?utm_source=email-signature&utm_medium=email&utm_campaign=blog-email-sig>  | Website <https://www.missionsecure.com/?utm_source=email-signature&utm_medium=email&utm_campaign=web-email-sig>

: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and proprietary and intended solely for the use of the individual or entity to whom they are addressed. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If you received this in error, please contact the sender and delete the material from any computer.