Date   

[meta-security][PATCH] lkrg: update to 0.9.4

Armin Kuster
 

drop Makefile fixup patch. Use sed instead

Signed-off-by: Armin Kuster <akuster808@...>
---
.../lkrg/files/makefile_cleanup.patch | 53 -------------------
...g-module_0.9.3.bb => lkrg-module_0.9.4.bb} | 16 +++---
2 files changed, 10 insertions(+), 59 deletions(-)
delete mode 100644 recipes-kernel/lkrg/files/makefile_cleanup.patch
rename recipes-kernel/lkrg/{lkrg-module_0.9.3.bb => lkrg-module_0.9.4.bb} (70%)

diff --git a/recipes-kernel/lkrg/files/makefile_cleanup.patch b/recipes-kernel/lkrg/files/makefile_cleanup.patch
deleted file mode 100644
index f29afbe..0000000
--- a/recipes-kernel/lkrg/files/makefile_cleanup.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Armin Kuster <akuster808@...>
-
-
-Index: git/Makefile
-===================================================================
---- git.orig/Makefile
-+++ git/Makefile
-@@ -7,15 +7,8 @@
-
- P_OUTPUT = output
- P_PWD ?= $(shell pwd)
--P_KVER ?= $(shell uname -r)
- P_BOOTUP_SCRIPT ?= scripts/bootup/lkrg-bootup.sh
- TARGET := p_lkrg
--ifneq ($(KERNELRELEASE),)
-- KERNEL := /lib/modules/$(KERNELRELEASE)/build
--else
-- ## KERNELRELEASE not set.
-- KERNEL := /lib/modules/$(P_KVER)/build
--endif
-
- #
- # Use DEBUG=on for debug build.
-@@ -94,14 +87,13 @@ $(TARGET)-objs += src/modules/ksyms/p_re
- src/p_lkrg_main.o
-
-
--all:
--# $(MAKE) -C $(KERNEL) M=$(P_PWD) modules CONFIG_DEBUG_SECTION_MISMATCH=y
-- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules
-+modules:
-+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules
- mkdir -p $(P_OUTPUT)
- cp $(P_PWD)/$(TARGET).ko $(P_OUTPUT)
-
--install:
-- $(MAKE) -C $(KERNEL) M=$(P_PWD) modules_install
-+moduled_install:
-+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) modules_install
- depmod -a
- $(P_PWD)/$(P_BOOTUP_SCRIPT) install
-
-@@ -109,7 +101,7 @@ uninstall:
- $(P_PWD)/$(P_BOOTUP_SCRIPT) uninstall
-
- clean:
-- $(MAKE) -C $(KERNEL) M=$(P_PWD) clean
-+ $(MAKE) -C $(KERNEL_SRC) M=$(P_PWD) clean
- $(RM) Module.markers modules.order
- $(RM) $(P_PWD)/src/modules/kmod/client/kmod/Module.markers
- $(RM) $(P_PWD)/src/modules/kmod/client/kmod/modules.order
diff --git a/recipes-kernel/lkrg/lkrg-module_0.9.3.bb b/recipes-kernel/lkrg/lkrg-module_0.9.4.bb
similarity index 70%
rename from recipes-kernel/lkrg/lkrg-module_0.9.3.bb
rename to recipes-kernel/lkrg/lkrg-module_0.9.4.bb
index 2553974..fa46cb6 100644
--- a/recipes-kernel/lkrg/lkrg-module_0.9.3.bb
+++ b/recipes-kernel/lkrg/lkrg-module_0.9.4.bb
@@ -5,15 +5,13 @@ SECTION = "security"
HOMEPAGE = "https://www.openwall.com/lkrg/"
LICENSE = "GPL-2.0-only"

-LIC_FILES_CHKSUM = "file://LICENSE;md5=5105ead24b08a32954f34cbaa7112432"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3f3e5dd56319d33a1944d635c1c86c6f"

DEPENDS = "virtual/kernel elfutils"

-SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main \
- file://makefile_cleanup.patch \
-"
+SRC_URI = "git://github.com/lkrg-org/lkrg.git;protocol=https;branch=main"

-SRCREV = "c578e9f786299b67ffd62057b4534b0bf4fb7ece"
+SRCREV = "c58cb52145b8e8ccc6bd19079f5c835933281cdc"

S = "${WORKDIR}/git"

@@ -21,7 +19,13 @@ inherit module kernel-module-split

MAKE_TARGETS = "modules"

-MODULE_NAME = "p_lkrg"
+MODULE_NAME = "lkrg"
+
+do_configure:append () {
+ sed -i -e 's/^all/modules/' ${S}/Makefile
+ sed -i -e 's/^install/modules_install/' ${S}/Makefile
+ sed -i -e 's/KERNEL/KERNEL_SRC/g' ${S}/Makefile
+}

module_do_install() {
install -d ${D}${nonarch_base_libdir}/modules/${KERNEL_VERSION}/kernel/${MODULE_NAME}
--
2.25.1


comparison between two build of different times #sdk #toolchain #ubuntu #yocto #linux

Nikita Gupta
 

Hello Everyone,
I have generated two build with different platform for same target  (core-image-minimal) and for same yocto release "dunfell" . One image I have generated with the help of yocto project and one is from "KAS" by making YML File .Now I am not getting any suitable way of differentiation between these two binary files for following reason .
1. Are those build same or not .
2. There version are same or not .
4. Those Hash keys same or not .
3. What things could be different ? 
I am trying to find out the way so i could do comparison between those binary files .
Your replies would be appreciated . Thanks in advance 

 


[meta-security][PATCH 4/4] swtpm: update to 0.7.3

Armin Kuster
 

drop musl patch.Fix another way

Signed-off-by: Armin Kuster <akuster808@...>
---
.../recipes-tpm/swtpm/files/ioctl_h.patch | 22 -------------------
.../swtpm/{swtpm_0.7.1.bb => swtpm_0.7.3.bb} | 3 +--
2 files changed, 1 insertion(+), 24 deletions(-)
delete mode 100644 meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch
rename meta-tpm/recipes-tpm/swtpm/{swtpm_0.7.1.bb => swtpm_0.7.3.bb} (95%)

diff --git a/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch
deleted file mode 100644
index d736bc6..0000000
--- a/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-tpm_ioctl: fix musl for missing ioctl
-
-tpm_ioctl.c: In function 'ioctl_to_cmd':
-tpm_ioctl.c:86:26: error: '_IOC_NRSHIFT' undeclared (first use in this function)
- return ((ioctlnum >> _IOC_NRSHIFT) & _IOC_NRMASK) + 1;
-
-
-Upstream-status:
-Signed-off-by: Armin Kuster <akuster@...>
-
-Index: git/src/swtpm_ioctl/tpm_ioctl.c
-===================================================================
---- git.orig/src/swtpm_ioctl/tpm_ioctl.c
-+++ git/src/swtpm_ioctl/tpm_ioctl.c
-@@ -58,6 +58,7 @@
- #include <fcntl.h>
- #include <unistd.h>
- #include <sys/ioctl.h>
-+#include <asm/ioctl.h>
- #include <getopt.h>
- #include <sys/un.h>
- #include <sys/types.h>
diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
similarity index 95%
rename from meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
index 03899d8..55d83f9 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.1.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.7.3.bb
@@ -6,9 +6,8 @@ SECTION = "apps"
# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests
DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib"

-SRCREV = "92a7035f45d9b08aa7c6b8bd6fa4c6916ef07a9e"
+SRCREV = "f2268eebb0d1adf89bad83fa4cf91e37b4e3fa53"
SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.7-next;protocol=https \
- file://ioctl_h.patch \
"
PE = "1"

--
2.25.1


[meta-security][PATCH 3/4] ibmswtpm2: update to 1682

Armin Kuster
 

fixes openssl 3.0 support

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch | 5 +++--
.../ibmswtpm2/{ibmswtpm2_1661.bb => ibmswtpm2_1682.bb} | 3 +--
2 files changed, 4 insertions(+), 4 deletions(-)
rename meta-tpm/recipes-tpm2/ibmswtpm2/{ibmswtpm2_1661.bb => ibmswtpm2_1682.bb} (93%)

diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
index eebddb9..962bfc1 100644
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
@@ -20,7 +20,7 @@ Index: src/makefile
===================================================================
--- src.orig/makefile
+++ src/makefile
-@@ -38,12 +38,10 @@
+@@ -38,13 +38,11 @@
#################################################################################


@@ -29,12 +29,13 @@ Index: src/makefile
CCFLAGS = -Wall \
-Wmissing-declarations -Wmissing-prototypes -Wnested-externs \
-Werror -Wsign-compare \
+ -Wno-deprecated-declarations \
- -c -ggdb -O0 \
+ -c -ggdb -O \
-DTPM_POSIX \
-D_POSIX_ \
-DTPM_NUVOTON
-@@ -79,11 +77,11 @@
+@@ -80,11 +78,11 @@ TcpServerPosix.o : $(HEADERS)
.PRECIOUS: %.o

tpm_server: $(OBJFILES)
diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb
similarity index 93%
rename from meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
rename to meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb
index c2cdf6a..85fc7e0 100644
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1682.bb
@@ -18,8 +18,7 @@ DEPENDS = "openssl"
SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \
file://tune-makefile.patch \
"
-
-SRC_URI[sha256sum] = "55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147"
+SRC_URI[sha256sum] = "3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f"

UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/ibmswtpm2/files/"

--
2.25.1


[meta-security][PATCH 2/4] ibmswtpm2: fix UPSTREAM_CHECK

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
index 09b652d..c2cdf6a 100644
--- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
+++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1661.bb
@@ -21,7 +21,7 @@ SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \

SRC_URI[sha256sum] = "55145928ad2b24f34be6a0eacf9fb492e10e0ea919b8428c721fa970e85d6147"

-UPSTREAM_CHECK_REGEX = "libtpm(?P<pver>).tar.gz"
+UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/ibmswtpm2/files/"

S = "${WORKDIR}/src"

--
2.25.1


[meta-security][PATCH 1/4] ibmtpm2tss: update version format

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
.../ibmtpm2tss/{ibmtpm2tss_1.6.0.bb => ibmtpm2tss_1661.bb} | 2 ++
1 file changed, 2 insertions(+)
rename meta-tpm/recipes-tpm2/ibmtpm2tss/{ibmtpm2tss_1.6.0.bb => ibmtpm2tss_1661.bb} (91%)

diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
similarity index 91%
rename from meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
rename to meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
index e8a3710..2daca5a 100644
--- a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb
+++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1661.bb
@@ -23,6 +23,8 @@ SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master
"

UPSTREAM_CHECK_COMMITS = "1"
+UPSTREAM_CHECK_URI = "https://git.code.sf.net/p/ibmswtpm2/tpm2"
+UPSTREAM_CHECK_GITTAGREGEX = "rev.*)"

EXTRA_OECONF = "--disable-tpm-1.2"

--
2.25.1


[meta-security][PATCH 2/2] clamav: update to 0.104.4

Armin Kuster
 

drop accepted patch fix_systemd_socket.patch

allow clamav-libclamav to have a symlink

Signed-off-by: Armin Kuster <akuster808@...>
---
.../{clamav_0.104.0.bb => clamav_0.104.4.bb} | 11 ++++----
.../clamav/files/fix_systemd_socket.patch | 25 -------------------
2 files changed, 6 insertions(+), 30 deletions(-)
rename recipes-scanners/clamav/{clamav_0.104.0.bb => clamav_0.104.4.bb} (96%)
delete mode 100644 recipes-scanners/clamav/files/fix_systemd_socket.patch

diff --git a/recipes-scanners/clamav/clamav_0.104.0.bb b/recipes-scanners/clamav/clamav_0.104.4.bb
similarity index 96%
rename from recipes-scanners/clamav/clamav_0.104.0.bb
rename to recipes-scanners/clamav/clamav_0.104.4.bb
index 18e8329..68a7d1f 100644
--- a/recipes-scanners/clamav/clamav_0.104.0.bb
+++ b/recipes-scanners/clamav/clamav_0.104.4.bb
@@ -10,8 +10,8 @@ COMPATIBLE_HOST:libc-musl:class-target = "null"

LIC_FILES_CHKSUM = "file://COPYING.txt;beginline=2;endline=3;md5=f7029fbbc5898b273d5902896f7bbe17"

-# July 27th
-SRCREV = "c389dfa4c3af92b006ada4f7595bbc3e6df3f356"
+# July 30th, 2022
+SRCREV = "563ba93052f3b7b46fb8725a65ee6299a9c332cf"

SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=https \
file://clamd.conf \
@@ -20,7 +20,6 @@ SRC_URI = "git://github.com/vrtadmin/clamav-devel;branch=rel/0.104;protocol=http
file://tmpfiles.clamav \
file://headers_fixup.patch \
file://oe_cmake_fixup.patch \
- file://fix_systemd_socket.patch \
"
S = "${WORKDIR}/git"

@@ -69,7 +68,6 @@ do_install:append () {
fi

rm ${D}/${libdir}/libfreshclam.so
- rm ${D}/${libdir}/libmspack.so

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)};then
install -d ${D}${sysconfdir}/tmpfiles.d
@@ -125,7 +123,8 @@ FILES:${PN}-freshclam = "${bindir}/freshclam \
FILES:${PN}-dev = " ${bindir}/clamav-config ${libdir}/*.la \
${libdir}/pkgconfig/*.pc \
${mandir}/man1/clamav-config.* \
- ${includedir}/*.h ${docdir}/libclamav* "
+ ${includedir}/*.h ${docdir}/libclamav* \
+ ${libdir}/libmspack.so"

FILES:${PN}-staticdev = "${libdir}/*.a"

@@ -150,6 +149,8 @@ SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-freshclam"
SYSTEMD_SERVICE:${PN}-daemon = "clamav-daemon.service"
SYSTEMD_SERVICE:${PN}-freshclam = "clamav-freshclam.service"

+INSANE_SKIP:${PN}-libclamav += "dev-so"
+
RDEPENDS:${PN} = "openssl ncurses-libncurses libxml2 libbz2 ncurses-libtinfo curl libpcre2 clamav-libclamav"
RRECOMMENDS:${PN} = "clamav-freshclam"
RDEPENDS:${PN}-freshclam = "clamav"
diff --git a/recipes-scanners/clamav/files/fix_systemd_socket.patch b/recipes-scanners/clamav/files/fix_systemd_socket.patch
deleted file mode 100644
index 3347770..0000000
--- a/recipes-scanners/clamav/files/fix_systemd_socket.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-clamd not installing clamav-daemon.socket
-
-Fixes:
-__main__.SystemdUnitNotFoundError: (PosixPath('../security-build-image/1.0-r0/rootfs'), 'clamav-daemon.socket')
-%post(clamav-daemon-0.104.0-r0.core2_64): waitpid(3587571) rc 3587571 status 100
-warning: %post(clamav-daemon-0.104.0-r0.core2_64) scriptlet failed, exit status 1
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@...>
-
-Index: git/clamd/CMakeLists.txt
-===================================================================
---- git.orig/clamd/CMakeLists.txt
-+++ git/clamd/CMakeLists.txt
-@@ -60,4 +60,10 @@ if(SYSTEMD_FOUND)
- install(
- FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket
- DESTINATION ${SYSTEMD_UNIT_DIR})
-+ configure_file(
-+ ${CMAKE_CURRENT_SOURCE_DIR}/clamav-daemon.socket.in
-+ ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket @ONLY)
-+ install(
-+ FILES ${CMAKE_CURRENT_BINARY_DIR}/clamav-daemon.socket
-+ DESTINATION ${SYSTEMD_UNIT_DIR})
- endif()
--
2.25.1


[meta-security][PATCH 1/2] apparmor: update to 3.0.5

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-mac/AppArmor/{apparmor_3.0.4.bb => apparmor_3.0.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-mac/AppArmor/{apparmor_3.0.4.bb => apparmor_3.0.5.bb} (99%)

diff --git a/recipes-mac/AppArmor/apparmor_3.0.4.bb b/recipes-mac/AppArmor/apparmor_3.0.5.bb
similarity index 99%
rename from recipes-mac/AppArmor/apparmor_3.0.4.bb
rename to recipes-mac/AppArmor/apparmor_3.0.5.bb
index 896abfe..45f19d1 100644
--- a/recipes-mac/AppArmor/apparmor_3.0.4.bb
+++ b/recipes-mac/AppArmor/apparmor_3.0.5.bb
@@ -22,7 +22,7 @@ SRC_URI = " \
file://0001-rc.apparmor.debian-add-missing-functions.patch \
"

-SRCREV = "9799fbde997820bb12a49e292356f7a6ce12e972"
+SRCREV = "822db765c6fa7f9de7233c4011254a82d4dafe76"
S = "${WORKDIR}/git"

PARALLEL_MAKE = ""
--
2.25.1


Re: [meta-security][PATCH V3] meta-security: Add recipe for libhoth

Armin Kuster
 

merged.

On 7/22/22 09:35, John Broadbent via lists.yoctoproject.org wrote:
From: John Edward Broadbent <jebr@...>

Libhoth is usb protocol implementation which is required for hoth class
devices

Signed-off-by: John Edward Broadbent <jebr@...>
---
meta-tpm/recipes-tpm/hoth/libhoth_git.bb | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 meta-tpm/recipes-tpm/hoth/libhoth_git.bb

diff --git a/meta-tpm/recipes-tpm/hoth/libhoth_git.bb b/meta-tpm/recipes-tpm/hoth/libhoth_git.bb
new file mode 100644
index 0000000..a3ebce7
--- /dev/null
+++ b/meta-tpm/recipes-tpm/hoth/libhoth_git.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Google Hoth USB library"
+DESCRIPTION = "Libraries and example programs for interacting with a \
+ hoth-class root of trust."
+HOMEPAGE = "https://github.com/google/libhoth"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main"
+SRCREV = "1622e8a040d21dd564fdc1cb4df5eda01688c197"
+
+DEPENDS += "libusb1"
+
+S = "${WORKDIR}/git"
+
+inherit pkgconfig meson
+


Re: [meta-security][PATCH] bubblewrap: Add recipe

Armin Kuster
 

merged.

On 7/13/22 23:41, Alex Kiernan wrote:
Signed-off-by: Alex Kiernan <alex.kiernan@...>
---
.../bubblewrap/bubblewrap_0.6.2.bb | 23 +++++++++++++++++++
1 file changed, 23 insertions(+)
create mode 100644 recipes-security/bubblewrap/bubblewrap_0.6.2.bb

diff --git a/recipes-security/bubblewrap/bubblewrap_0.6.2.bb b/recipes-security/bubblewrap/bubblewrap_0.6.2.bb
new file mode 100644
index 000000000000..921defda9e9d
--- /dev/null
+++ b/recipes-security/bubblewrap/bubblewrap_0.6.2.bb
@@ -0,0 +1,23 @@
+DESCRIPTION = "Unprivileged sandboxing tool"
+HOMEPAGE = "https://github.com/containers/bubblewrap"
+LICENSE = "LGPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
+
+DEPENDS = "libcap"
+
+SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz"
+SRC_URI[sha256sum] = "8a0ec802d1b3e956c5bb0a40a81c9ce0b055a31bf30a8efa547433603b8af20b"
+
+UPSTREAM_CHECK_URI = "https://github.com/containers/bubblewrap/releases"
+UPSTREAM_CHECK_REGEX = "bubblewrap-(?P<pver>\d+(\.\d+)+)\.tar"
+
+inherit autotools bash-completion manpages pkgconfig
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
+PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native docbook-xsl-stylesheets-native xmlto-native"
+PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
+PACKAGECONFIG[setuid] = "--with-priv-mode=setuid,--with-priv-mode=none"
+
+PACKAGES += "${PN}-zsh-completion"
+
+FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"


[meta-security][PATCH] packagegroup-core-security: add chipsec pkg to grp

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index a960631..821ebf6 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -42,6 +42,8 @@ RDEPENDS:packagegroup-security-utils = "\
${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \
"

+RDEPENDS:packagegroup-security-utils:append:x86 = "chipsec"
+RDEPENDS:packagegroup-security-utils:append:x86-64 = "chipsec"
RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail"

SUMMARY:packagegroup-security-scanners = "Security scanners"
--
2.25.1


[meta-security][PATCH 4/4] packagegroup-core-security: add krill to pkg grps

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index 1c1cb8b..a960631 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -38,7 +38,7 @@ RDEPENDS:packagegroup-security-utils = "\
sshguard \
firejail \
${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \
- ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam", "",d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "pam", "google-authenticator-libpam krill", "",d)} \
${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \
"

--
2.25.1


[meta-security][PATCH 3/4] krill: update to 0.9.6

Armin Kuster
 

add UPGRADE_CHECK vars

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/krill/krill.inc | 397 +++++++-----------
.../krill/{krill_0.9.1.bb => krill_0.9.6.bb} | 12 +-
2 files changed, 163 insertions(+), 246 deletions(-)
rename recipes-security/krill/{krill_0.9.1.bb => krill_0.9.6.bb} (79%)

diff --git a/recipes-security/krill/krill.inc b/recipes-security/krill/krill.inc
index f86468b..bb40f57 100644
--- a/recipes-security/krill/krill.inc
+++ b/recipes-security/krill/krill.inc
@@ -1,325 +1,240 @@
# please note if you have entries that do not begin with crate://
# you must change them to how that package can be fetched
SRC_URI += " \
- crate://crates.io/addr2line/0.14.1 \
+ crate://crates.io/addr2line/0.17.0 \
crate://crates.io/adler/1.0.2 \
crate://crates.io/adler32/1.2.0 \
- crate://crates.io/aho-corasick/0.7.15 \
- crate://crates.io/ansi_term/0.11.0 \
+ crate://crates.io/aho-corasick/0.7.18 \
crate://crates.io/ansi_term/0.12.1 \
- crate://crates.io/arrayref/0.3.6 \
- crate://crates.io/arrayvec/0.5.2 \
- crate://crates.io/ascii-canvas/2.0.0 \
+ crate://crates.io/ascii-canvas/3.0.0 \
crate://crates.io/ascii/1.0.0 \
crate://crates.io/atty/0.2.14 \
- crate://crates.io/autocfg/0.1.7 \
- crate://crates.io/autocfg/1.0.1 \
- crate://crates.io/backtrace/0.3.56 \
- crate://crates.io/base64/0.10.1 \
- crate://crates.io/base64/0.12.3 \
+ crate://crates.io/autocfg/1.1.0 \
+ crate://crates.io/backtrace/0.3.64 \
crate://crates.io/base64/0.13.0 \
crate://crates.io/basic-cookies/0.1.4 \
- crate://crates.io/bcder/0.5.1 \
+ crate://crates.io/bcder/0.6.1 \
crate://crates.io/bit-set/0.5.2 \
crate://crates.io/bit-vec/0.6.3 \
- crate://crates.io/bitflags/1.2.1 \
- crate://crates.io/blake2b_simd/0.5.11 \
+ crate://crates.io/bitflags/1.3.2 \
crate://crates.io/block-buffer/0.9.0 \
- crate://crates.io/bumpalo/3.6.1 \
- crate://crates.io/byteorder/1.4.3 \
- crate://crates.io/bytes/0.4.12 \
- crate://crates.io/bytes/0.5.6 \
- crate://crates.io/bytes/1.0.1 \
- crate://crates.io/cc/1.0.67 \
- crate://crates.io/cfg-if/0.1.10 \
+ crate://crates.io/bumpalo/3.9.1 \
+ crate://crates.io/bytes/1.1.0 \
+ crate://crates.io/cc/1.0.73 \
crate://crates.io/cfg-if/1.0.0 \
crate://crates.io/chrono/0.4.19 \
crate://crates.io/chunked_transfer/1.4.0 \
crate://crates.io/cipher/0.2.5 \
- crate://crates.io/clap/2.33.3 \
- crate://crates.io/clokwerk/0.3.4 \
- crate://crates.io/cloudabi/0.0.3 \
- crate://crates.io/constant_time_eq/0.1.5 \
- crate://crates.io/cookie/0.12.0 \
- crate://crates.io/cookie_store/0.7.0 \
- crate://crates.io/core-foundation-sys/0.8.2 \
- crate://crates.io/core-foundation/0.9.1 \
- crate://crates.io/cpuid-bool/0.1.2 \
- crate://crates.io/crc32fast/1.2.1 \
- crate://crates.io/crossbeam-deque/0.7.3 \
- crate://crates.io/crossbeam-epoch/0.8.2 \
- crate://crates.io/crossbeam-queue/0.2.3 \
- crate://crates.io/crossbeam-utils/0.7.2 \
- crate://crates.io/crossbeam-utils/0.8.3 \
+ crate://crates.io/clap/2.34.0 \
+ crate://crates.io/core-foundation-sys/0.8.3 \
+ crate://crates.io/core-foundation/0.9.3 \
+ crate://crates.io/cpufeatures/0.2.1 \
+ crate://crates.io/crc32fast/1.3.2 \
crate://crates.io/crunchy/0.2.2 \
- crate://crates.io/crypto-mac/0.10.0 \
- crate://crates.io/ctrlc/3.1.9 \
+ crate://crates.io/crypto-mac/0.10.1 \
+ crate://crates.io/ctrlc/3.2.1 \
crate://crates.io/deunicode/0.4.3 \
crate://crates.io/diff/0.1.12 \
crate://crates.io/digest/0.9.0 \
- crate://crates.io/dirs/1.0.5 \
- crate://crates.io/dtoa/0.4.8 \
+ crate://crates.io/dirs-next/2.0.0 \
+ crate://crates.io/dirs-sys-next/0.1.2 \
crate://crates.io/either/1.6.1 \
crate://crates.io/ena/0.14.0 \
- crate://crates.io/encoding_rs/0.8.28 \
+ crate://crates.io/encoding_rs/0.8.30 \
crate://crates.io/error-chain/0.11.0 \
- crate://crates.io/failure/0.1.8 \
- crate://crates.io/failure_derive/0.1.8 \
+ crate://crates.io/fastrand/1.7.0 \
crate://crates.io/fern/0.5.9 \
crate://crates.io/fixedbitset/0.2.0 \
- crate://crates.io/flate2/1.0.20 \
crate://crates.io/fnv/1.0.7 \
crate://crates.io/foreign-types-shared/0.1.1 \
crate://crates.io/foreign-types/0.3.2 \
crate://crates.io/form_urlencoded/1.0.1 \
- crate://crates.io/fuchsia-cprng/0.1.1 \
- crate://crates.io/fuchsia-zircon-sys/0.3.3 \
- crate://crates.io/fuchsia-zircon/0.3.3 \
- crate://crates.io/futures-channel/0.3.14 \
- crate://crates.io/futures-core/0.3.14 \
- crate://crates.io/futures-cpupool/0.1.8 \
- crate://crates.io/futures-executor/0.3.14 \
- crate://crates.io/futures-io/0.3.14 \
- crate://crates.io/futures-macro/0.3.14 \
- crate://crates.io/futures-sink/0.3.14 \
- crate://crates.io/futures-task/0.3.14 \
- crate://crates.io/futures-util/0.3.14 \
- crate://crates.io/futures/0.1.31 \
- crate://crates.io/futures/0.3.14 \
- crate://crates.io/generic-array/0.14.4 \
- crate://crates.io/getrandom/0.1.16 \
- crate://crates.io/getrandom/0.2.2 \
- crate://crates.io/gimli/0.23.0 \
- crate://crates.io/h2/0.1.26 \
- crate://crates.io/h2/0.2.7 \
- crate://crates.io/hashbrown/0.9.1 \
- crate://crates.io/hermit-abi/0.1.18 \
+ crate://crates.io/fslock/0.2.1 \
+ crate://crates.io/futures-channel/0.3.21 \
+ crate://crates.io/futures-core/0.3.21 \
+ crate://crates.io/futures-executor/0.3.21 \
+ crate://crates.io/futures-io/0.3.21 \
+ crate://crates.io/futures-macro/0.3.21 \
+ crate://crates.io/futures-sink/0.3.21 \
+ crate://crates.io/futures-task/0.3.21 \
+ crate://crates.io/futures-util/0.3.21 \
+ crate://crates.io/futures/0.3.21 \
+ crate://crates.io/generic-array/0.14.5 \
+ crate://crates.io/getrandom/0.2.4 \
+ crate://crates.io/gimli/0.26.1 \
+ crate://crates.io/h2/0.3.11 \
+ crate://crates.io/hashbrown/0.11.2 \
+ crate://crates.io/hermit-abi/0.1.19 \
crate://crates.io/hex/0.4.3 \
crate://crates.io/hmac/0.10.1 \
- crate://crates.io/http-body/0.1.0 \
- crate://crates.io/http-body/0.3.1 \
- crate://crates.io/http/0.1.21 \
- crate://crates.io/http/0.2.4 \
- crate://crates.io/httparse/1.3.6 \
- crate://crates.io/httpdate/0.3.2 \
- crate://crates.io/hyper-tls/0.3.2 \
- crate://crates.io/hyper-tls/0.4.3 \
- crate://crates.io/hyper/0.12.36 \
- crate://crates.io/hyper/0.13.10 \
- crate://crates.io/idna/0.1.5 \
- crate://crates.io/idna/0.2.2 \
- crate://crates.io/impl-trait-for-tuples/0.2.1 \
- crate://crates.io/indexmap/1.6.2 \
- crate://crates.io/intervaltree/0.2.6 \
- crate://crates.io/iovec/0.1.4 \
- crate://crates.io/ipnet/2.3.0 \
- crate://crates.io/itertools/0.10.0 \
+ crate://crates.io/http-body/0.4.4 \
+ crate://crates.io/http/0.2.6 \
+ crate://crates.io/httparse/1.6.0 \
+ crate://crates.io/httpdate/1.0.2 \
+ crate://crates.io/hyper-tls/0.5.0 \
+ crate://crates.io/hyper/0.14.17 \
+ crate://crates.io/idna/0.2.3 \
+ crate://crates.io/impl-trait-for-tuples/0.2.2 \
+ crate://crates.io/indexmap/1.8.0 \
+ crate://crates.io/instant/0.1.12 \
+ crate://crates.io/intervaltree/0.2.7 \
+ crate://crates.io/ipnet/2.3.1 \
+ crate://crates.io/itertools/0.10.3 \
crate://crates.io/itertools/0.9.0 \
- crate://crates.io/itoa/0.4.7 \
+ crate://crates.io/itoa/1.0.1 \
crate://crates.io/jmespatch/0.3.0 \
- crate://crates.io/js-sys/0.3.50 \
- crate://crates.io/kernel32-sys/0.2.2 \
- crate://crates.io/lalrpop-util/0.19.5 \
- crate://crates.io/lalrpop/0.19.5 \
+ crate://crates.io/js-sys/0.3.56 \
+ crate://crates.io/lalrpop-util/0.19.7 \
+ crate://crates.io/lalrpop/0.19.7 \
crate://crates.io/lazy_static/1.4.0 \
- crate://crates.io/libc/0.2.93 \
- crate://crates.io/libflate/1.0.4 \
- crate://crates.io/libflate_lz77/1.0.0 \
- crate://crates.io/lock_api/0.3.4 \
+ crate://crates.io/libc/0.2.119 \
+ crate://crates.io/libflate/1.1.2 \
+ crate://crates.io/libflate_lz77/1.1.0 \
+ crate://crates.io/lock_api/0.4.6 \
crate://crates.io/log/0.4.14 \
crate://crates.io/maplit/1.0.2 \
crate://crates.io/matchers/0.0.1 \
- crate://crates.io/matches/0.1.8 \
- crate://crates.io/maybe-uninit/2.0.0 \
- crate://crates.io/memchr/2.3.4 \
- crate://crates.io/memoffset/0.5.6 \
+ crate://crates.io/matches/0.1.9 \
+ crate://crates.io/memchr/2.4.1 \
+ crate://crates.io/memoffset/0.6.5 \
crate://crates.io/mime/0.3.16 \
- crate://crates.io/mime_guess/2.0.3 \
crate://crates.io/miniz_oxide/0.4.4 \
- crate://crates.io/mio/0.6.23 \
- crate://crates.io/miow/0.2.2 \
- crate://crates.io/native-tls/0.2.7 \
- crate://crates.io/net2/0.2.37 \
+ crate://crates.io/mio/0.8.0 \
+ crate://crates.io/miow/0.3.7 \
+ crate://crates.io/native-tls/0.2.8 \
crate://crates.io/new_debug_unreachable/1.0.4 \
- crate://crates.io/nix/0.20.0 \
+ crate://crates.io/nix/0.23.1 \
+ crate://crates.io/ntapi/0.3.7 \
+ crate://crates.io/num-bigint/0.4.3 \
crate://crates.io/num-integer/0.1.44 \
crate://crates.io/num-traits/0.2.14 \
- crate://crates.io/num_cpus/1.13.0 \
- crate://crates.io/oauth2/4.0.0 \
- crate://crates.io/object/0.23.0 \
- crate://crates.io/once_cell/1.7.2 \
+ crate://crates.io/num_cpus/1.13.1 \
+ crate://crates.io/oauth2/4.1.0 \
+ crate://crates.io/object/0.27.1 \
+ crate://crates.io/once_cell/1.9.0 \
crate://crates.io/opaque-debug/0.3.0 \
- crate://crates.io/openidconnect/2.0.0 \
- crate://crates.io/openssl-probe/0.1.2 \
- crate://crates.io/openssl-src/111.15.0+1.1.1k \
- crate://crates.io/openssl-sys/0.9.61 \
- crate://crates.io/openssl/0.10.33 \
+ crate://crates.io/openidconnect/2.2.0 \
+ crate://crates.io/openssl-probe/0.1.5 \
+ crate://crates.io/openssl-src/111.17.0+1.1.1m \
+ crate://crates.io/openssl-sys/0.9.72 \
+ crate://crates.io/openssl/0.10.38 \
crate://crates.io/ordered-float/1.1.1 \
- crate://crates.io/oso/0.12.0 \
- crate://crates.io/parking_lot/0.9.0 \
- crate://crates.io/parking_lot_core/0.6.2 \
+ crate://crates.io/oso/0.12.4 \
+ crate://crates.io/parking_lot/0.11.2 \
+ crate://crates.io/parking_lot_core/0.8.5 \
crate://crates.io/pbkdf2/0.7.5 \
- crate://crates.io/percent-encoding/1.0.1 \
crate://crates.io/percent-encoding/2.1.0 \
crate://crates.io/petgraph/0.5.1 \
- crate://crates.io/phf_shared/0.8.0 \
- crate://crates.io/pico-args/0.4.0 \
- crate://crates.io/pin-project-internal/1.0.6 \
- crate://crates.io/pin-project-lite/0.1.12 \
- crate://crates.io/pin-project-lite/0.2.6 \
- crate://crates.io/pin-project/1.0.6 \
+ crate://crates.io/phf_shared/0.10.0 \
+ crate://crates.io/pico-args/0.4.2 \
+ crate://crates.io/pin-project-lite/0.2.8 \
crate://crates.io/pin-utils/0.1.0 \
- crate://crates.io/pkg-config/0.3.19 \
- crate://crates.io/polar-core/0.12.0 \
- crate://crates.io/ppv-lite86/0.2.10 \
+ crate://crates.io/pkg-config/0.3.24 \
+ crate://crates.io/polar-core/0.12.4 \
+ crate://crates.io/ppv-lite86/0.2.16 \
crate://crates.io/precomputed-hash/0.1.1 \
- crate://crates.io/proc-macro-hack/0.5.19 \
- crate://crates.io/proc-macro-nested/0.1.7 \
- crate://crates.io/proc-macro2/1.0.26 \
- crate://crates.io/publicsuffix/1.5.6 \
- crate://crates.io/quick-xml/0.19.0 \
- crate://crates.io/quote/1.0.9 \
- crate://crates.io/rand/0.6.5 \
- crate://crates.io/rand/0.7.3 \
- crate://crates.io/rand/0.8.3 \
- crate://crates.io/rand_chacha/0.1.1 \
- crate://crates.io/rand_chacha/0.2.2 \
- crate://crates.io/rand_chacha/0.3.0 \
- crate://crates.io/rand_core/0.3.1 \
- crate://crates.io/rand_core/0.4.2 \
- crate://crates.io/rand_core/0.5.1 \
- crate://crates.io/rand_core/0.6.2 \
- crate://crates.io/rand_hc/0.1.0 \
- crate://crates.io/rand_hc/0.2.0 \
- crate://crates.io/rand_hc/0.3.0 \
- crate://crates.io/rand_isaac/0.1.1 \
- crate://crates.io/rand_jitter/0.1.4 \
- crate://crates.io/rand_os/0.1.3 \
- crate://crates.io/rand_pcg/0.1.2 \
- crate://crates.io/rand_xorshift/0.1.1 \
- crate://crates.io/rdrand/0.4.0 \
- crate://crates.io/redox_syscall/0.1.57 \
- crate://crates.io/redox_syscall/0.2.5 \
- crate://crates.io/redox_users/0.3.5 \
- crate://crates.io/regex-automata/0.1.9 \
- crate://crates.io/regex-syntax/0.6.23 \
- crate://crates.io/regex/1.4.5 \
+ crate://crates.io/priority-queue/1.2.1 \
+ crate://crates.io/proc-macro2/1.0.36 \
+ crate://crates.io/quick-xml/0.22.0 \
+ crate://crates.io/quote/1.0.15 \
+ crate://crates.io/rand/0.8.5 \
+ crate://crates.io/rand_chacha/0.3.1 \
+ crate://crates.io/rand_core/0.6.3 \
+ crate://crates.io/redox_syscall/0.2.10 \
+ crate://crates.io/redox_users/0.4.0 \
+ crate://crates.io/regex-automata/0.1.10 \
+ crate://crates.io/regex-syntax/0.6.25 \
+ crate://crates.io/regex/1.5.5 \
crate://crates.io/remove_dir_all/0.5.3 \
- crate://crates.io/reqwest/0.10.10 \
- crate://crates.io/reqwest/0.9.24 \
+ crate://crates.io/reqwest/0.11.9 \
crate://crates.io/ring/0.16.20 \
- crate://crates.io/rle-decode-fast/1.0.1 \
+ crate://crates.io/rle-decode-fast/1.0.3 \
crate://crates.io/rpassword/5.0.1 \
- crate://crates.io/rpki/0.10.1 \
- crate://crates.io/rust-argon2/0.8.3 \
- crate://crates.io/rustc-demangle/0.1.18 \
+ crate://crates.io/rpki/0.13.2 \
+ crate://crates.io/rustc-demangle/0.1.21 \
crate://crates.io/rustc_version/0.2.3 \
- crate://crates.io/rustls/0.18.1 \
- crate://crates.io/ryu/1.0.5 \
+ crate://crates.io/rustls/0.19.1 \
+ crate://crates.io/rustversion/1.0.6 \
+ crate://crates.io/ryu/1.0.9 \
crate://crates.io/salsa20/0.7.2 \
crate://crates.io/schannel/0.1.19 \
crate://crates.io/scopeguard/1.1.0 \
crate://crates.io/scrypt/0.6.5 \
crate://crates.io/sct/0.6.1 \
- crate://crates.io/security-framework-sys/2.2.0 \
- crate://crates.io/security-framework/2.2.0 \
+ crate://crates.io/security-framework-sys/2.6.1 \
+ crate://crates.io/security-framework/2.6.1 \
crate://crates.io/semver-parser/0.7.0 \
crate://crates.io/semver/0.9.0 \
crate://crates.io/serde-value/0.6.0 \
- crate://crates.io/serde/1.0.125 \
- crate://crates.io/serde_derive/1.0.125 \
- crate://crates.io/serde_json/1.0.64 \
- crate://crates.io/serde_path_to_error/0.1.4 \
- crate://crates.io/serde_urlencoded/0.5.5 \
- crate://crates.io/serde_urlencoded/0.7.0 \
- crate://crates.io/sha2/0.9.3 \
- crate://crates.io/sharded-slab/0.1.1 \
- crate://crates.io/siphasher/0.3.5 \
- crate://crates.io/slab/0.4.2 \
+ crate://crates.io/serde/1.0.136 \
+ crate://crates.io/serde_derive/1.0.136 \
+ crate://crates.io/serde_json/1.0.79 \
+ crate://crates.io/serde_path_to_error/0.1.7 \
+ crate://crates.io/serde_urlencoded/0.7.1 \
+ crate://crates.io/sha2/0.9.9 \
+ crate://crates.io/sharded-slab/0.1.4 \
+ crate://crates.io/siphasher/0.3.9 \
+ crate://crates.io/slab/0.4.5 \
crate://crates.io/slug/0.1.4 \
- crate://crates.io/smallvec/0.6.14 \
- crate://crates.io/smallvec/1.6.1 \
- crate://crates.io/socket2/0.3.19 \
+ crate://crates.io/smallvec/1.8.0 \
+ crate://crates.io/socket2/0.4.4 \
crate://crates.io/spin/0.5.2 \
- crate://crates.io/string/0.2.1 \
- crate://crates.io/string_cache/0.8.1 \
+ crate://crates.io/string_cache/0.8.3 \
crate://crates.io/strsim/0.8.0 \
- crate://crates.io/subtle/2.4.0 \
- crate://crates.io/syn/1.0.69 \
- crate://crates.io/synstructure/0.12.4 \
+ crate://crates.io/subtle/2.4.1 \
+ crate://crates.io/syn/1.0.86 \
crate://crates.io/syslog/4.0.1 \
- crate://crates.io/tempfile/3.2.0 \
- crate://crates.io/term/0.5.2 \
+ crate://crates.io/tempfile/3.3.0 \
+ crate://crates.io/term/0.7.0 \
crate://crates.io/textwrap/0.11.0 \
- crate://crates.io/thiserror-impl/1.0.24 \
- crate://crates.io/thiserror/1.0.24 \
- crate://crates.io/thread_local/1.1.3 \
- crate://crates.io/time/0.1.44 \
+ crate://crates.io/thiserror-impl/1.0.30 \
+ crate://crates.io/thiserror/1.0.30 \
+ crate://crates.io/thread_local/1.1.4 \
+ crate://crates.io/time/0.1.43 \
crate://crates.io/tiny-keccak/2.0.2 \
- crate://crates.io/tiny_http/0.8.0 \
- crate://crates.io/tinyvec/1.2.0 \
+ crate://crates.io/tiny_http/0.8.2 \
+ crate://crates.io/tinyvec/1.5.1 \
crate://crates.io/tinyvec_macros/0.1.0 \
- crate://crates.io/tokio-buf/0.1.1 \
- crate://crates.io/tokio-current-thread/0.1.7 \
- crate://crates.io/tokio-executor/0.1.10 \
- crate://crates.io/tokio-io/0.1.13 \
- crate://crates.io/tokio-macros/0.2.6 \
- crate://crates.io/tokio-reactor/0.1.12 \
- crate://crates.io/tokio-rustls/0.14.1 \
- crate://crates.io/tokio-sync/0.1.8 \
- crate://crates.io/tokio-tcp/0.1.4 \
- crate://crates.io/tokio-threadpool/0.1.18 \
- crate://crates.io/tokio-timer/0.2.13 \
- crate://crates.io/tokio-tls/0.3.1 \
- crate://crates.io/tokio-util/0.3.1 \
- crate://crates.io/tokio/0.1.22 \
- crate://crates.io/tokio/0.2.25 \
+ crate://crates.io/tokio-macros/1.7.0 \
+ crate://crates.io/tokio-native-tls/0.3.0 \
+ crate://crates.io/tokio-rustls/0.22.0 \
+ crate://crates.io/tokio-util/0.6.9 \
+ crate://crates.io/tokio/1.17.0 \
crate://crates.io/toml/0.5.8 \
crate://crates.io/tower-service/0.3.1 \
- crate://crates.io/tracing-attributes/0.1.15 \
- crate://crates.io/tracing-core/0.1.17 \
- crate://crates.io/tracing-futures/0.2.5 \
+ crate://crates.io/tracing-attributes/0.1.19 \
+ crate://crates.io/tracing-core/0.1.22 \
crate://crates.io/tracing-log/0.1.2 \
- crate://crates.io/tracing-serde/0.1.2 \
- crate://crates.io/tracing-subscriber/0.2.17 \
- crate://crates.io/tracing/0.1.25 \
+ crate://crates.io/tracing-serde/0.1.3 \
+ crate://crates.io/tracing-subscriber/0.2.25 \
+ crate://crates.io/tracing/0.1.31 \
crate://crates.io/try-lock/0.2.3 \
- crate://crates.io/try_from/0.3.2 \
- crate://crates.io/typenum/1.13.0 \
- crate://crates.io/unicase/2.6.0 \
- crate://crates.io/unicode-bidi/0.3.5 \
- crate://crates.io/unicode-normalization/0.1.17 \
- crate://crates.io/unicode-width/0.1.8 \
- crate://crates.io/unicode-xid/0.2.1 \
+ crate://crates.io/typenum/1.15.0 \
+ crate://crates.io/unicode-bidi/0.3.7 \
+ crate://crates.io/unicode-normalization/0.1.19 \
+ crate://crates.io/unicode-width/0.1.9 \
+ crate://crates.io/unicode-xid/0.2.2 \
crate://crates.io/untrusted/0.7.1 \
- crate://crates.io/unwrap/1.2.1 \
- crate://crates.io/url/1.7.2 \
- crate://crates.io/url/2.2.1 \
+ crate://crates.io/url/2.2.2 \
crate://crates.io/urlparse/0.7.3 \
- crate://crates.io/uuid/0.7.4 \
crate://crates.io/uuid/0.8.2 \
- crate://crates.io/vcpkg/0.2.11 \
+ crate://crates.io/valuable/0.1.0 \
+ crate://crates.io/vcpkg/0.2.15 \
crate://crates.io/vec_map/0.8.2 \
- crate://crates.io/version_check/0.9.3 \
- crate://crates.io/want/0.2.0 \
+ crate://crates.io/version_check/0.9.4 \
crate://crates.io/want/0.3.0 \
- crate://crates.io/wasi/0.10.0+wasi-snapshot-preview1 \
- crate://crates.io/wasi/0.9.0+wasi-snapshot-preview1 \
- crate://crates.io/wasm-bindgen-backend/0.2.73 \
- crate://crates.io/wasm-bindgen-futures/0.4.23 \
- crate://crates.io/wasm-bindgen-macro-support/0.2.73 \
- crate://crates.io/wasm-bindgen-macro/0.2.73 \
- crate://crates.io/wasm-bindgen-shared/0.2.73 \
- crate://crates.io/wasm-bindgen/0.2.73 \
- crate://crates.io/web-sys/0.3.50 \
+ crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+ crate://crates.io/wasm-bindgen-backend/0.2.79 \
+ crate://crates.io/wasm-bindgen-futures/0.4.29 \
+ crate://crates.io/wasm-bindgen-macro-support/0.2.79 \
+ crate://crates.io/wasm-bindgen-macro/0.2.79 \
+ crate://crates.io/wasm-bindgen-shared/0.2.79 \
+ crate://crates.io/wasm-bindgen/0.2.79 \
+ crate://crates.io/web-sys/0.3.56 \
crate://crates.io/webpki/0.21.4 \
- crate://crates.io/winapi-build/0.1.1 \
crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
- crate://crates.io/winapi/0.2.8 \
crate://crates.io/winapi/0.3.9 \
- crate://crates.io/winreg/0.6.2 \
crate://crates.io/winreg/0.7.0 \
- crate://crates.io/ws2_32-sys/0.2.1 \
- crate://crates.io/xml-rs/0.8.3 \
+ crate://crates.io/xml-rs/0.8.4 \
"
diff --git a/recipes-security/krill/krill_0.9.1.bb b/recipes-security/krill/krill_0.9.6.bb
similarity index 79%
rename from recipes-security/krill/krill_0.9.1.bb
rename to recipes-security/krill/krill_0.9.6.bb
index 4dc61cf..c8b5b0c 100644
--- a/recipes-security/krill/krill_0.9.1.bb
+++ b/recipes-security/krill/krill_0.9.6.bb
@@ -5,14 +5,16 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9741c346eef56131163e13b9db1241b3"

DEPENDS = "openssl"

-include krill.inc
-
# SRC_URI += "crate://crates.io/krill/0.9.1"
-SRC_URI += "git://github.com/NLnetLabs/krill.git;protocol=https;nobranch=1;branch=main"
-SRCREV = "d6c03b6f0199b1d10d252750a19a92b84576eb30"
-
+SRC_URI = "git://github.com/NLnetLabs/krill.git;protocol=https;branch=main"
+SRCREV = "95e6681d5b4024cac7a1892d47fb76abc68f34fb"
SRC_URI += "file://panic_workaround.patch"

+include krill.inc
+
+UPSTREAM_CHECK_URI = "https://github.com/NLnetLabs/${BPN}/releases"
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
+
S = "${WORKDIR}/git"
CARGO_SRC_DIR = ""

--
2.25.1


[meta-security][PATCH 2/4] ecryptfs-utils: add UPSTREAM_CHECK_URI

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index 5f8cf3c..00e8997 100644
--- a/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -22,6 +22,8 @@ SRC_URI = "\
SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd"
SRC_URI[sha256sum] = "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f"

+UPSTREAM_CHECK_URI = "https://launchpad.net/ecryptfs/+download"
+
inherit autotools pkgconfig systemd

SYSTEMD_PACKAGES = "${PN}"
--
2.25.1


[meta-security][PATCH 1/4] aide: add UPSTREAM_CHECK_URI

Armin Kuster
 

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-ids/aide/aide_0.17.4.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-ids/aide/aide_0.17.4.bb b/recipes-ids/aide/aide_0.17.4.bb
index 7ce0729..52ddc43 100644
--- a/recipes-ids/aide/aide_0.17.4.bb
+++ b/recipes-ids/aide/aide_0.17.4.bb
@@ -10,6 +10,8 @@ SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.ta

SRC_URI[sha256sum] = "c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846"

+UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases"
+
inherit autotools pkgconfig aide-base

PACKAGECONFIG ??=" mhash zlib e2fsattrs posix capabilities curl \
--
2.25.1


Re: [Need help] How to add one package to build directory of another package

Khem Raj
 

On Sat, Jul 30, 2022 at 6:20 AM Kuzemko Aleksandr
<kuzemkoyocto@...> wrote:

I have fixed one problem ("No package 'dotconf' found" error) by coping .pc file
https://github.com/Kuzma30/meta-myconf/commit/6b01df5f7adaa3fec1fd1a34d74d9be5d4b9cdbf
I wonder why do you have do_stage task, it should not be defined in
recipes anymore as the bbclasses should be left to handle staging
sysroot creating most of times.

But now I has problem with main package (speech-dispatcher)
Log here
https://github.com/Kuzma30/meta-myconf/commit/7c5e3a070f526dafe01b43aa5ba95573dd55d07d
Your package contains unversioned libraries, so either change them to
use versioning scheme, see
https://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html

If you really need to keep using unversioned libraries then you have
to tell the packaging system to do the right thing

add something like this in recipe

FILES_SOLIBSDEV = ""
INSANE_SKIP:${PN} += "dev-so"


ERROR: speech-dispatcher-git-r0 do_package_qa: QA Issue: -dev package speech-dispatcher-dev contains non-symlink .so '/usr/lib/libvoxin.so'



Re: [Need help] How to add one package to build directory of another package

Kuzemko Aleksandr
 

I have fixed one problem ("No package 'dotconf' found" error) by coping .pc file
https://github.com/Kuzma30/meta-myconf/commit/6b01df5f7adaa3fec1fd1a34d74d9be5d4b9cdbf

But now I has problem with main package (speech-dispatcher)
Log here
https://github.com/Kuzma30/meta-myconf/commit/7c5e3a070f526dafe01b43aa5ba95573dd55d07d

ERROR: speech-dispatcher-git-r0 do_package_qa: QA Issue: -dev package speech-dispatcher-dev contains non-symlink .so '/usr/lib/libvoxin.so'


Re: Re : rdepends upon non-existent task do_package_write_deb

Khem Raj
 

On Fri, Jul 29, 2022 at 2:36 AM <poornesh.g@...> wrote:

Greetings !
I am trying to add go.opentelemetry.io-proto-otlp-native package in yocto (krikstone) .

When I give : bitbake go.opentelemetry.io-proto-otlp-native , it is successfully compiling . But when I trying to add in local.conf as IMAGE_INSTALL:append += "go.opentelemetry.io-proto-otlp-native" , it is giving the below error .
you don't add native packages to image, native packages are for
supporting cross builds of target packages to avoid build host
specific issues etc. If you want opentelemetry in your image you want
to do something like

MAGE_INSTALL:append = " go.opentelemetry.io-proto-otlp"


-------------------------------------------------

ERROR: Task do_populate_sdk in /home/user/yocto/imx_krikstone/sources/poky/meta/recipes-core/images/core-image-minimal.bb rdepends upon non-existent task do_package_write_deb in /home/user/yocto/imx_krikstone/sources/meta-sca/recipes-go/go.opentelemetry.io-proto-otlp-native_0.12.0.bb
ERROR: Command execution failed: 1

-------------------------------------------------

Requesting you to help me out to solve this issue .

Thanks in advance .




Re: [Need help] How to add one package to build directory of another package

Kuzemko Aleksandr
 

I have already this string

 https://github.com/Kuzma30/meta-myconf/blob/400deddb4a6eab2e2c5054c482d18623b4c9a498/recipes-multimedia/speech-dispatcher/speech-dispatcher_git.bb#L9

 I will try migrate it to 3.4 release and report here.

 

От: Quentin Schulz
Отправлено: 29 июля 2022 г. в 11:31
Кому: Kuzemko Aleksandr; yocto@...
Тема: Re: [yocto] [Need help] How to add one package to build directory of another package

 

>

> Question

>

> How to add libdotconf to the speech-dispatcher build environment?

>

 

DEPENDS += "libdotconf"

 

in speech-dispatcher recipe. This adds a dependency on libdotconf target

recipe so that it makes it to the sysroot of the speech-dispatcher

recipe at build time.

 

I had a quick glance at your layer and it seems you're targeting

kirkstone release but you're still using the old override syntax. Please

read

https://docs.yoctoproject.org/migration-guides/migration-3.4.html#override-syntax-changes

(and the migration guides of all releases between the one supported by

the original recipe you got speech dispatcher from so that all required

changes are made).

 

E.g. it's not FILES_${PN} anymore but FILES:${PN}.

 

Cheers,

Quentin

 

>

>

>

>

>

 


Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.1.18.rc1)

Teoh, Jay Shen
 

Hi Everyone,

QA for yocto-3.1.18.rc1 is completed. This is the full report for this release:
https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults

======= Summary ========
No high milestone defects.

No new issue found.

Thanks,
Jay

-----Original Message-----
From: qa-build-notification@... <qa-build-
notification@...> On Behalf Of Pokybuild User
Sent: Tuesday, 26 July, 2022 5:47 AM
To: yocto@...
Cc: qa-build-notification@...
Subject: [qa-build-notification] QA notification for completed autobuilder
build (yocto-3.1.18.rc1)


A build flagged for QA (yocto-3.1.18.rc1) was completed on the autobuilder
and is available at:


https://autobuilder.yocto.io/pub/releases/yocto-3.1.18.rc1


Build hash information:

bitbake: 7fc4cffebf5dcc1d050416c0b7f7d58c765c1d69
meta-agl: 6c9fa75459cf86576c47411fc239e0d7896d483c
meta-arm: 5c09684863be8e803e3e987a5ce4940721c3f39a
meta-aws: dd742bafa5eff33ac930e97dde851f41cbde85e8
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 1c1a8f769ef93d96ae488f40abbcd11946403169
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 52cee67833d1975a5bd52e4556c4cd312425a017
meta-virtualization: a63a54df3170fed387f810f23cdc2f483ad587df
oecore: 3f40d5f095ceb099b604750db96058df00fcd49e
poky: d695bd0d3dc66f2111a25c6922f617be2d991071



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...






1381 - 1400 of 59039