[meta-security][PATCH 01/25] sssd: update to 1.16.3

[meta-security][PATCH 01/25] sssd: update to 1.16.3

[Armin Kuster]

Includes:
CVE-2018-10852

see:
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-security/sssd/{sssd_1.16.0.bb => sssd_1.16.3.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename recipes-security/sssd/{sssd_1.16.0.bb => sssd_1.16.3.bb} (93%)

diff --git a/recipes-security/sssd/sssd_1.16.0.bb b/recipes-security/sssd/sssd_1.16.3.bb
similarity index 93%
rename from recipes-security/sssd/sssd_1.16.0.bb
rename to recipes-security/sssd/sssd_1.16.3.bb
index ff5b618..8f7f805 100644
--- a/recipes-security/sssd/sssd_1.16.0.bb
+++ b/recipes-security/sssd/sssd_1.16.3.bb
@@ -1,6 +1,6 @@
 SUMMARY = "system security services daemon"
 DESCRIPTION = "SSSD is a system security services daemon"
-HOMEPAGE = "https://fedorahosted.org/sssd/"
+HOMEPAGE = "https://pagure.io/SSSD/sssd/"
 SECTION = "base"
 LICENSE = "GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
@@ -11,8 +11,8 @@ DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent"
 SRC_URI = "https://releases.pagure.org/SSSD/${BPN}/${BP}.tar.gz\
             file://sssd.conf "
 
-SRC_URI[md5sum] = "f721ace2ebfa6744cfea55e3ecd2d82f"
-SRC_URI[sha256sum] = "c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f"
+SRC_URI[md5sum] = "af4288c9d1f9953e3b3b6e0b165a5ece"
+SRC_URI[sha256sum] = "ee5d17a0c663c09819cbab9364085b9e57faeca02406cc30efe14cc0cfc04ec4"
 
 inherit autotools pkgconfig gettext update-rc.d python-dir distro_features_check
 
-- 
2.17.1

[meta-security][PATCH 02/25] fail2ban: update to 10.3.1

[Armin Kuster]

covert to python package standard

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{fail2ban_0.10.2.bb => python-fail2ban.inc}       | 11 ++++++-----
 recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb |  2 ++
 .../fail2ban/python3-fail2ban_0.10.3.1.bb             |  2 ++
 3 files changed, 10 insertions(+), 5 deletions(-)
 rename recipes-security/fail2ban/{fail2ban_0.10.2.bb => python-fail2ban.inc} (80%)
 create mode 100644 recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb
 create mode 100644 recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb

diff --git a/recipes-security/fail2ban/fail2ban_0.10.2.bb b/recipes-security/fail2ban/python-fail2ban.inc
similarity index 80%
rename from recipes-security/fail2ban/fail2ban_0.10.2.bb
rename to recipes-security/fail2ban/python-fail2ban.inc
index 7e2deba..0b88f83 100644
--- a/recipes-security/fail2ban/fail2ban_0.10.2.bb
+++ b/recipes-security/fail2ban/python-fail2ban.inc
@@ -9,14 +9,14 @@ HOMEPAGE = "http://www.fail2ban.org"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
 
-SRCREV ="a45488465e0dd547eb8479c0fa9fd577c1837213"
+SRCREV ="ac0d441fd68852ffda7b15c71f16b7f4fde1a7ee"
 SRC_URI = " \
-	git://github.com/fail2ban/fail2ban.git;branch=0.10 \
+	git://github.com/fail2ban/fail2ban.git;branch=0.11 \
 	file://initd \
-	file://fail2ban_setup.py \
+        file://fail2ban_setup.py \
 "
 
-inherit update-rc.d setuptools
+inherit update-rc.d
 
 S = "${WORKDIR}/git"
 
@@ -32,10 +32,11 @@ do_install_append () {
 	install -d ${D}/${sysconfdir}/fail2ban
 	install -d ${D}/${sysconfdir}/init.d
     	install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+	chown -R root:root ${D}/${bindir}
 }
 
 FILES_${PN} += "/run"
 
 INSANE_SKIP_${PN}_append = "already-stripped"
 
-RDEPENDS_${PN} = "sysklogd iptables sqlite3 python python-pyinotify"
+RDEPENDS_${PN} = "sysklogd iptables sqlite3 ${PYTHON_PN} ${PYTHON_PN}-pyinotify"
diff --git a/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb b/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb
new file mode 100644
index 0000000..70c3bd9
--- /dev/null
+++ b/recipes-security/fail2ban/python-fail2ban_0.10.3.1.bb
@@ -0,0 +1,2 @@
+inherit setuptools
+require python-fail2ban.inc
diff --git a/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb b/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb
new file mode 100644
index 0000000..bdb4146
--- /dev/null
+++ b/recipes-security/fail2ban/python3-fail2ban_0.10.3.1.bb
@@ -0,0 +1,2 @@
+inherit setuptools3
+require python-fail2ban.inc
-- 
2.17.1

[meta-security][PATCH 03/25] scapy: update to 2.4.0 and covert

[Armin Kuster]

convert package to python standard

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../scapy/{scapy => files}/run-ptest             |  0
 .../scapy/{scapy_2.3.3.bb => python-scapy.inc}   | 16 ++++++----------
 recipes-security/scapy/python-scapy_2.4.0.bb     |  6 ++++++
 recipes-security/scapy/python3-scapy_2.4.0.bb    |  4 ++++
 4 files changed, 16 insertions(+), 10 deletions(-)
 rename recipes-security/scapy/{scapy => files}/run-ptest (100%)
 rename recipes-security/scapy/{scapy_2.3.3.bb => python-scapy.inc} (66%)
 create mode 100644 recipes-security/scapy/python-scapy_2.4.0.bb
 create mode 100644 recipes-security/scapy/python3-scapy_2.4.0.bb

diff --git a/recipes-security/scapy/scapy/run-ptest b/recipes-security/scapy/files/run-ptest
similarity index 100%
rename from recipes-security/scapy/scapy/run-ptest
rename to recipes-security/scapy/files/run-ptest
diff --git a/recipes-security/scapy/scapy_2.3.3.bb b/recipes-security/scapy/python-scapy.inc
similarity index 66%
rename from recipes-security/scapy/scapy_2.3.3.bb
rename to recipes-security/scapy/python-scapy.inc
index 1c8685b..5abe7db 100644
--- a/recipes-security/scapy/scapy_2.3.3.bb
+++ b/recipes-security/scapy/python-scapy.inc
@@ -5,20 +5,16 @@ LICENSE = "GPLv2"
 
 LIC_FILES_CHKSUM = "file://bin/scapy;beginline=9;endline=13;md5=1d5249872cc54cd4ca3d3879262d0c69"
 
-SRC_URI = "https://github.com/secdev/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \
-           file://run-ptest \
-"
+SRC_URI[md5sum] = "d7d3c4294f5a718e234775d38dbeb7ec"
+SRC_URI[sha256sum] = "452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73"
 
-SRC_URI[md5sum] = "336d6832110efcf79ad30c9856ef5842"
-SRC_URI[sha256sum] = "67642cf7b806e02daeddd588577588caebddc3426db7904e7999a0b0334a63b5"
-
-inherit setuptools ptest
+inherit pypi ptest
 
 do_install_ptest() {
     install -m 0644 ${S}/test/regression.uts ${D}${PTEST_PATH}
     sed -i 's,@PTEST_PATH@,${PTEST_PATH},' ${D}${PTEST_PATH}/run-ptest
 }
 
-RDEPENDS_${PN} = "tcpdump python-subprocess python-compression python-netclient  \
-                  python-netserver python-pydoc python-pkgutil python-shell \
-                  python-threading python-numbers python-pycrypto"
+RDEPENDS_${PN} = "tcpdump ${PYTHON_PN}-compression ${PYTHON_PN}-netclient  \
+                  ${PYTHON_PN}-netserver ${PYTHON_PN}-pydoc ${PYTHON_PN}-pkgutil ${PYTHON_PN}-shell \
+                  ${PYTHON_PN}-threading ${PYTHON_PN}-numbers ${PYTHON_PN}-pycrypto"
diff --git a/recipes-security/scapy/python-scapy_2.4.0.bb b/recipes-security/scapy/python-scapy_2.4.0.bb
new file mode 100644
index 0000000..98db1fd
--- /dev/null
+++ b/recipes-security/scapy/python-scapy_2.4.0.bb
@@ -0,0 +1,6 @@
+inherit setuptools
+require python-scapy.inc
+
+SRC_URI += "file://run-ptest"
+
+RDEPENDS_${PN} += "${PYTHON_PN}-subprocess"
diff --git a/recipes-security/scapy/python3-scapy_2.4.0.bb b/recipes-security/scapy/python3-scapy_2.4.0.bb
new file mode 100644
index 0000000..93ca7be
--- /dev/null
+++ b/recipes-security/scapy/python3-scapy_2.4.0.bb
@@ -0,0 +1,4 @@
+inherit setuptools3
+require python-scapy.inc
+
+SRC_URI += "file://run-ptest"
-- 
2.17.1

[meta-security][PATCH 04/25] fscryptctl: update to tip

[Armin Kuster]

fix mkfs.ext4 invocation

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-security/fscryptctl/fscryptctl_0.1.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
index 4f0b12c..8847a0f 100644
--- a/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
+++ b/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
@@ -9,7 +9,7 @@ SECTION = "base"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-SRCREV = "e4c4d0984dee2531897e13c32a18d5e54a2a4aa6"
+SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5"
 SRC_URI = "git://github.com/google/fscryptctl.git"
 
 S = "${WORKDIR}/git"
-- 
2.17.1

[meta-security][PATCH 05/25] apparmor: update to 2.12

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../AppArmor/{apparmor_2.11.0.bb => apparmor_2.12.bb}         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename recipes-security/AppArmor/{apparmor_2.11.0.bb => apparmor_2.12.bb} (97%)

diff --git a/recipes-security/AppArmor/apparmor_2.11.0.bb b/recipes-security/AppArmor/apparmor_2.12.bb
similarity index 97%
rename from recipes-security/AppArmor/apparmor_2.11.0.bb
rename to recipes-security/AppArmor/apparmor_2.12.bb
index fc9b614..de7f4ef 100644
--- a/recipes-security/AppArmor/apparmor_2.11.0.bb
+++ b/recipes-security/AppArmor/apparmor_2.12.bb
@@ -24,8 +24,8 @@ SRC_URI = " \
         file://run-ptest \
 	"
 
-SRC_URI[md5sum] = "899fd834dc5c8ebf2d52b97e4a174af7"
-SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a"
+SRC_URI[md5sum] = "49054f58042f8e51ea92cc866575a833"
+SRC_URI[sha256sum] = "8a2b0cd083faa4d0640f579024be3a629faa7db3b99540798a1a050e2eaba056"
 
 PARALLEL_MAKE = ""
 
-- 
2.17.1

[meta-security][PATCH 06/25] openscap: update 1.2.17

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../openscap/{openscap_1.2.15.bb => openscap_1.2.17.bb}        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename meta-security-compliance/recipes-openscap/openscap/{openscap_1.2.15.bb => openscap_1.2.17.bb} (96%)

diff --git a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb
similarity index 96%
rename from meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb
rename to meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb
index 7cbb1e2..e2a4fa2 100644
--- a/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.15.bb
+++ b/meta-security-compliance/recipes-openscap/openscap/openscap_1.2.17.bb
@@ -11,7 +11,7 @@ DEPENDS = "autoconf-archive pkgconfig gconf procps curl libxml2 rpm \
 
 DEPENDS_class-native = "autoconf-archive-native pkgconfig-native swig-native curl-native libxml2-native libxslt-native dpkg-native libgcrypt-native nss-native"
 
-SRCREV = "240930d42611983c65ecae16dbca3248ce130921"
+SRCREV = "59c234b3e9907480c89dfbd1b466a6bf72a2d2ed"
 SRC_URI = "git://github.com/akuster/openscap.git;branch=oe \
            file://crypto_pkgconfig.patch \
            file://run-ptest \
@@ -46,6 +46,7 @@ do_configure_prepend () {
 	sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/perl/Makefile.am
 	sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python3/Makefile.am
 	sed -i 's:-I/usr/include:-I${STAGING_INCDIR}:' ${S}/swig/python2/Makefile.am
+	sed -i 's:python2:python:' ${S}/utils/scap-as-rpm
 }
 
 
-- 
2.17.1

[meta-security][PATCH 07/25] openscap-daemon: update to 1.10

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{openscap-daemon_0.1.6.bb => openscap-daemon_0.1.10.bb}   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
 rename meta-security-compliance/recipes-openscap/openscap-daemon/{openscap-daemon_0.1.6.bb => openscap-daemon_0.1.10.bb} (86%)

diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
similarity index 86%
rename from meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb
rename to meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
index fb01a11..a6a9373 100644
--- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.6.bb
+++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb
@@ -8,11 +8,9 @@ LICENSE = "LGPL-2.1"
 
 DEPENDS = "python3-dbus"
 
-SRCREV = "3fd5c75a08223de35a865d026d2a6980ec9c1d74"
+SRCREV = "f25b16afb6ac761fea13132ff406fba4cdfd2b76"
 SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git"
 
-PV = "0.1.6+git${SRCPV}"
-
 inherit setuptools3
 
 S = "${WORKDIR}/git"
-- 
2.17.1

[meta-security][PATCH 08/25] tpm2.0: update to 2.0.1

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../tpm2.0-tss/tpm2.0-tss_1.3.0.bb            | 99 -------------------
 .../tpm2.0-tss/tpm2.0-tss_2.0.1.bb            | 93 +++++++++++++++++
 2 files changed, 93 insertions(+), 99 deletions(-)
 delete mode 100644 meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb
 create mode 100644 meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb

diff --git a/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb b/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb
deleted file mode 100644
index b673c2b..0000000
--- a/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb
+++ /dev/null
@@ -1,99 +0,0 @@
-SUMMARY = "Software stack for TPM2."
-DESCRIPTION = "tpm2.0-tss like woah."
-LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
-SECTION = "tpm"
-
-DEPENDS = "autoconf-archive pkgconfig"
-
-SRCREV = "b1d9ece8c6bea2e3043943b2edfaebcdca330c38"
-
-SRC_URI = " \
-    git://github.com/tpm2-software/tpm2-tss.git;branch=1.x \
-    file://ax_pthread.m4 \
-"
-
-inherit autotools pkgconfig systemd
-
-S = "${WORKDIR}/git"
-
-do_configure_prepend () {
-	mkdir -p ${S}/m4
-	cp ${WORKDIR}/ax_pthread.m4 ${S}/m4
-	# execute the bootstrap script
-	currentdir=$(pwd)
-	cd ${S}
-	ACLOCAL="aclocal --system-acdir=${STAGING_DATADIR}/aclocal" ./bootstrap
-	cd $currentdir
-}
-
-INHERIT += "extrausers"
-EXTRA_USERS_PARAMS = "\
-	useradd -p '' tss; \
-	groupadd tss; \
-	"
-
-SYSTEMD_PACKAGES = "resourcemgr"
-SYSTEMD_SERVICE_resourcemgr = "resourcemgr.service"
-SYSTEMD_AUTO_ENABLE_resourcemgr = "enable"
-
-do_patch[postfuncs] += "${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','fix_systemd_unit','', d)}"
-fix_systemd_unit () {
-    sed -i -e 's;^ExecStart=.*/resourcemgr;ExecStart=${sbindir}/resourcemgr;' ${S}/contrib/resourcemgr.service
-}
-
-do_install_append() {
-    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-        install -d ${D}${systemd_system_unitdir}
-        install -m0644 ${S}/contrib/resourcemgr.service ${D}${systemd_system_unitdir}/resourcemgr.service
-    fi
-}
-
-PROVIDES = "${PACKAGES}"
-PACKAGES = " \
-    ${PN}-dbg \
-    ${PN}-doc \
-    libtss2 \
-    libtss2-dev \
-    libtss2-staticdev \
-    libtctidevice \
-    libtctidevice-dev \
-    libtctidevice-staticdev \
-    libtctisocket \
-    libtctisocket-dev \
-    libtctisocket-staticdev \
-    resourcemgr \
-"
-
-FILES_libtss2 = " \
-	${libdir}/libsapi.so.0.0.0 \
-	${libdir}/libmarshal.so.0.0.0 \
-"
-FILES_libtss2-dev = " \
-    ${includedir}/sapi \
-    ${includedir}/tcti/common.h \
-    ${libdir}/libsapi.so* \
-    ${libdir}/libmarshal.so* \
-    ${libdir}/pkgconfig/sapi.pc \
-"
-FILES_libtss2-staticdev = " \
-    ${libdir}/libsapi.a \
-    ${libdir}/libsapi.la \
-    ${libdir}/libmarshal.a \
-    ${libdir}/libmarshal.la \
-"
-FILES_libtctidevice = "${libdir}/libtcti-device.so.0.0.0"
-FILES_libtctidevice-dev = " \
-    ${includedir}/tcti/tcti_device.h \
-    ${libdir}/libtcti-device.so* \
-    ${libdir}/pkgconfig/tcti-device.pc \
-"
-FILES_libtctidevice-staticdev = "${libdir}/libtcti-device.*a"
-FILES_libtctisocket = "${libdir}/libtcti-socket.so.0.0.0"
-FILES_libtctisocket-dev = " \
-    ${includedir}/tcti/tcti_socket.h \
-    ${libdir}/libtcti-socket.so* \
-    ${libdir}/pkgconfig/tcti-socket.pc \
-"
-FILES_libtctisocket-staticdev = "${libdir}/libtcti-socket.*a"
-FILES_resourcemgr = "${sbindir}/resourcemgr ${systemd_system_unitdir}/resourcemgr.service"
diff --git a/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb b/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb
new file mode 100644
index 0000000..3e7b81a
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb
@@ -0,0 +1,93 @@
+SUMMARY = "Software stack for TPM2."
+DESCRIPTION = "tpm2.0-tss like woah."
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0b1d631c4218b72f6b05cb58613606f4"
+SECTION = "tpm"
+
+DEPENDS = "autoconf-archive-native libgcrypt"
+
+SRCREV = "dc31e8dca9dbc77d16e419dc514ce8c526cd3351"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.0.x"
+
+inherit autotools-brokensep pkgconfig systemd
+
+S = "${WORKDIR}/git"
+
+do_configure_prepend () {
+       ./bootstrap
+}
+
+INHERIT += "extrausers"
+EXTRA_USERS_PARAMS = "\
+	useradd -p '' tss; \
+	groupadd tss; \
+	"
+
+SYSTEMD_PACKAGES = "resourcemgr"
+SYSTEMD_SERVICE_resourcemgr = "resourcemgr.service"
+SYSTEMD_AUTO_ENABLE_resourcemgr = "enable"
+
+do_patch[postfuncs] += "${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','fix_systemd_unit','', d)}"
+fix_systemd_unit () {
+    sed -i -e 's;^ExecStart=.*/resourcemgr;ExecStart=${sbindir}/resourcemgr;' ${S}/contrib/resourcemgr.service
+}
+
+do_install_append() {
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}${systemd_system_unitdir}
+        install -m0644 ${S}/contrib/resourcemgr.service ${D}${systemd_system_unitdir}/resourcemgr.service
+    fi
+}
+
+PROVIDES = "${PACKAGES}"
+PACKAGES = " \
+    ${PN} \
+    ${PN}-dbg \
+    ${PN}-doc \
+    libtss2-mu \
+    libtss2-mu-dev \
+    libtss2-mu-staticdev \
+    libtss2-tcti-device \
+    libtss2-tcti-device-dev \
+    libtss2-tcti-device-staticdev \
+    libtss2-tcti-mssim \
+    libtss2-tcti-mssim-dev \
+    libtss2-tcti-mssim-staticdev \
+    libtss2 \
+    libtss2-dev \
+    libtss2-staticdev \
+    resourcemgr \
+"
+
+FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
+FILES_libtss2-tcti-device-dev = " \
+    ${includedir}/tss2/tss2_tcti_device.h \
+    ${libdir}/pkgconfig/tss2-tcti-device.pc \
+    ${libdir}/libtss2-tcti-device.so"
+FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
+
+FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
+FILES_libtss2-tcti-mssim-dev = " \
+    ${includedir}/tss2/tss2_tcti_mssim.h \
+    ${libdir}/pkgconfig/tss2-tcti-mssim.pc \
+    ${libdir}/libtss2-tcti-mssim.so"
+FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
+
+FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*"
+FILES_libtss2-mu-dev = " \
+    ${includedir}/tss2/tss2_mu.h \
+    ${libdir}/pkgconfig/tss2-mu.pc \
+    ${libdir}/libtss2-mu.so"
+FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
+
+FILES_libtss2 = "${libdir}/libtss2*so.*"
+FILES_libtss2-dev = " \
+    ${includedir} \
+    ${libdir}/pkgconfig \
+    ${libdir}/libtss2*so"
+FILES_libtss2-staticdev = "${libdir}/libtss*a"
+
+FILES_${PN} = "${libdir}/udev"
+
+FILES_resourcemgr = "${sbindir}/resourcemgr ${systemd_system_unitdir}/resourcemgr.service"
-- 
2.17.1

[meta-security][PATCH 09/25] layer_conf: increase priority

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 conf/layer.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/layer.conf b/conf/layer.conf
index efc426e..f8bbe57 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -7,7 +7,7 @@ BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
 
 BBFILE_COLLECTIONS += "security"
 BBFILE_PATTERN_security = "^${LAYERDIR}/"
-BBFILE_PRIORITY_security = "6"
+BBFILE_PRIORITY_security = "8"
 
 LAYERSERIES_COMPAT_security = "sumo"
 
-- 
2.17.1

[meta-security][PATCH 10/25] tpm2.0-tools: update to 3.1.2

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{tpm2.0-tools_git.bb => tpm2.0-tools_3.1.2.bb}         | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)
 rename meta-tpm/recipes-tpm/tpm2.0-tools/{tpm2.0-tools_git.bb => tpm2.0-tools_3.1.2.bb} (73%)

diff --git a/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb b/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
similarity index 73%
rename from meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
rename to meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
index 7ec12fc..3f40eb7 100644
--- a/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
+++ b/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
@@ -6,13 +6,10 @@ SECTION = "tpm"
 
 DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive"
 
-# July 10, 2017
-SRCREV = "26c0557040c1cf8107fa3ebbcf2a5b07cc84b881"
+SRCREV = "5e2f1aafc58e60c5050f85147a14914561f28ad9"
 
-SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools"
+SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools;branch=3.X"
 
 S = "${WORKDIR}/tpm2.0-tools"
 
-PV = "2.0.0+git${SRCPV}"
-
 inherit autotools pkgconfig
-- 
2.17.1

[meta-security][PATCH 11/25] tpm2-abrmd: update to 2.0.1

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{tpm2-abrmd_1.2.0.bb => tpm2-abrmd_2.0.1.bb}          | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename meta-tpm/recipes-tpm/tpm2-abrmd/{tpm2-abrmd_1.2.0.bb => tpm2-abrmd_2.0.1.bb} (87%)

diff --git a/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb b/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.1.bb
similarity index 87%
rename from meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb
rename to meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.1.bb
index a5d6843..31e90f8 100644
--- a/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb
+++ b/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.1.bb
@@ -9,14 +9,15 @@ SECTION = "security/tpm"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
 
-DEPENDS += "autoconf-archive dbus glib-2.0 pkgconfig tpm2.0-tss glib-2.0-native"
+DEPENDS += "autoconf-archive dbus glib-2.0 pkgconfig tpm2.0-tss glib-2.0-native \
+            libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
 
 SRC_URI = "\
     git://github.com/01org/tpm2-abrmd.git \
     file://tpm2-abrmd-init.sh \
     file://tpm2-abrmd.default \
 "
-SRCREV = "59ce1008e5fa3bd5a143437b0f7390851fd25bd8"
+SRCREV = "80f8966b90d6394ad568e362d2936b333c2822bb"
 
 S = "${WORKDIR}/git"
 
@@ -37,7 +38,6 @@ PACKAGECONFIG ?="udev"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
 
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no"
-PACKAGECONFIG[udev] = "--with-udevrulesdir=${sysconfdir}/udev/rules.d, --without-udevrulesdir"
 
 do_install_append() {
     install -d "${D}${sysconfdir}/init.d"
@@ -49,6 +49,6 @@ do_install_append() {
 
 FILES_${PN} += "${libdir}/systemd/system-preset"
 
-RDEPENDS_${PN} += "libgcc dbus-glib libtss2 libtctidevice libtctisocket"
+RDEPENDS_${PN} += "tpm2.0-tss"
 
 BBCLASSEXTEND = "native"
-- 
2.17.1

[meta-security][PATCH 12/25] meta-tpm: bump layer priority

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/conf/layer.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf
index 6f57e2e..55bbe98 100644
--- a/meta-tpm/conf/layer.conf
+++ b/meta-tpm/conf/layer.conf
@@ -6,7 +6,7 @@ BBFILES += "${LAYERDIR}/recipes-*/*/*.bb ${LAYERDIR}/recipes-*/*/*.bbappend"
 
 BBFILE_COLLECTIONS += "tpm-layer"
 BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
-BBFILE_PRIORITY_tpm-layer = "6"
+BBFILE_PRIORITY_tpm-layer = "10"
 
 LAYERSERIES_COMPAT_tpm-layer = "sumo"
 
-- 
2.17.1

[meta-security][PATCH 13/25] meta-security-compliance: bump layer priority

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-security-compliance/conf/layer.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-security-compliance/conf/layer.conf b/meta-security-compliance/conf/layer.conf
index 6068990..c8d5357 100644
--- a/meta-security-compliance/conf/layer.conf
+++ b/meta-security-compliance/conf/layer.conf
@@ -6,7 +6,7 @@ BBFILES += "${LAYERDIR}/recipes-*/*/*.bb ${LAYERDIR}/recipes-*/*/*.bbappend"
 
 BBFILE_COLLECTIONS += "scanners-layer"
 BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
-BBFILE_PRIORITY_scanners-layer = "6"
+BBFILE_PRIORITY_scanners-layer = "10"
 
 LAYERSERIES_COMPAT_scanners-layer = "sumo"
 
-- 
2.17.1

[meta-security][PATCH 15/25] tpm-tools: update to latest 1.3.9.1

[Armin Kuster]

refresh patch
backport debian fixes
Fix additional openssl 1.1 issue

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../tpm-tools/files/04-fix-FTBFS-clang.patch  |  56 +++++++++
 .../files/05-openssl1.1_fix_data_mgmt.patch   | 110 ++++++++++++++++++
 .../tpm-tools/files/openssl1.1_fix.patch      |  18 +++
 .../tpm-tools/files/tpm-tools-extendpcr.patch |  32 ++---
 ...{tpm-tools_git.bb => tpm-tools_1.3.9.1.bb} |   7 +-
 5 files changed, 204 insertions(+), 19 deletions(-)
 create mode 100644 meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
 create mode 100644 meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
 create mode 100644 meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
 rename meta-tpm/recipes-tpm/tpm-tools/{tpm-tools_git.bb => tpm-tools_1.3.9.1.bb} (84%)

diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch b/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
new file mode 100644
index 0000000..5018d45
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
@@ -0,0 +1,56 @@
+Title: Fix FTBFS with clang due to uninitialized values
+Date: 2015-06-28
+Author: Alexander <sanek23994@gmail.com>
+Bug-Debian: http://bugs.debian.org/753063
+
+Upstream-Status: Backport
+tpm-tools_1.3.9.1-0.1.debian.tar
+
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c	2012-05-17 21:49:58.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_present.c	2014-06-29 01:01:11.502081468 +0400
+@@ -165,7 +165,7 @@
+ 
+ 	TSS_BOOL bCmd, bHwd;
+ 	BOOL bRc;
+-	TSS_HPOLICY hTpmPolicy;
++	TSS_HPOLICY hTpmPolicy = 0;
+ 	char *pwd = NULL;
+ 	int pswd_len;
+ 	char rsp[5];
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_takeownership.c	2010-09-30 21:28:09.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_takeownership.c	2014-06-29 01:01:51.069373655 +0400
+@@ -67,7 +67,7 @@
+ 	char *szSrkPasswd = NULL;
+ 	int tpm_len, srk_len;
+ 	TSS_HTPM hTpm;
+-	TSS_HKEY hSrk;
++	TSS_HKEY hSrk = 0;
+ 	TSS_FLAG fSrkAttrs;
+ 	TSS_HPOLICY hTpmPolicy, hSrkPolicy;
+ 	int iRc = -1;
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvwrite.c	2011-08-17 16:20:35.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_nvwrite.c	2014-06-29 01:02:45.836397172 +0400
+@@ -220,7 +220,7 @@
+ 		close(fd);
+ 		fd = -1;
+ 	} else if (fillvalue >= 0) {
+-		if (length < 0) {
++		if (length == 0) {
+ 			logError(_("Requiring size parameter.\n"));
+ 			return -1;
+ 		}
+--- tpm-tools-1.3.8/src/data_mgmt/data_protect.c	2012-05-17 21:49:58.000000000 +0400
++++ tpm-tools-1.3.8-my/src/data_mgmt/data_protect.c	2014-06-29 01:03:49.863254459 +0400
+@@ -432,8 +432,8 @@
+ 
+ 	char *pszPin = NULL;
+ 
+-	CK_RV              rv;
+-	CK_SESSION_HANDLE  hSession;
++	CK_RV              rv = 0;
++	CK_SESSION_HANDLE  hSession = 0;
+ 	CK_OBJECT_HANDLE   hObject;
+ 	CK_MECHANISM       tMechanism = { CKM_AES_ECB, NULL, 0 };
+ 
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
new file mode 100644
index 0000000..c2a264b
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
@@ -0,0 +1,110 @@
+Author: Philipp Kern <pkern@debian.org>
+Subject: Fix openssl1.1 support in data_mgmt
+Date: Tue, 31 Jan 2017 22:40:10 +0100
+
+Upstream-Status: Backport
+tpm-tools_1.3.9.1-0.1.debian.tar
+
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+---
+ src/data_mgmt/data_import.c |   60 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 39 insertions(+), 21 deletions(-)
+
+--- a/src/data_mgmt/data_import.c
++++ b/src/data_mgmt/data_import.c
+@@ -372,7 +372,7 @@ readX509Cert( const char  *a_pszFile,
+ 		goto out;
+ 	}
+ 
+-	if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
++	if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
+ 		logError( TOKEN_RSA_KEY_ERROR );
+ 
+ 		X509_free( pX509 );
+@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
+ 
+ 	int  rc = -1;
+ 
+-	int  nLen = BN_num_bytes( a_pRsa->n );
+-	int  eLen = BN_num_bytes( a_pRsa->e );
++	const BIGNUM *bn;
++	const BIGNUM *be;
++
++	RSA_get0_key( a_pRsa, &bn, &be, NULL );
++
++	int  nLen = BN_num_bytes( bn );
++	int  eLen = BN_num_bytes( be );
+ 
+ 	CK_RV  rv;
+ 
+@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
+ 	}
+ 
+ 	// Get binary representations of the RSA key information
+-	BN_bn2bin( a_pRsa->n, n );
+-	BN_bn2bin( a_pRsa->e, e );
++	BN_bn2bin( bn, n );
++	BN_bn2bin( be, e );
+ 
+ 	// Create the RSA public key object
+ 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
+@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
+ 
+ 	int  rc = -1;
+ 
+-	int  nLen = BN_num_bytes( a_pRsa->n );
+-	int  eLen = BN_num_bytes( a_pRsa->e );
+-	int  dLen = BN_num_bytes( a_pRsa->d );
+-	int  pLen = BN_num_bytes( a_pRsa->p );
+-	int  qLen = BN_num_bytes( a_pRsa->q );
+-	int  dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
+-	int  dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
+-	int  iqmpLen = BN_num_bytes( a_pRsa->iqmp );
++	const BIGNUM *bn;
++	const BIGNUM *be;
++	const BIGNUM *bd;
++	const BIGNUM *bp;
++	const BIGNUM *bq;
++	const BIGNUM *bdmp1;
++	const BIGNUM *bdmq1;
++	const BIGNUM *biqmp;
++
++	RSA_get0_key( a_pRsa, &bn, &be, &bd);
++	RSA_get0_factors( a_pRsa, &bp, &bq);
++	RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
++
++	int  nLen = BN_num_bytes( bn );
++	int  eLen = BN_num_bytes( be );
++	int  dLen = BN_num_bytes( bd );
++	int  pLen = BN_num_bytes( bp );
++	int  qLen = BN_num_bytes( bq );
++	int  dmp1Len = BN_num_bytes( bdmp1 );
++	int  dmq1Len = BN_num_bytes( bdmq1 );
++	int  iqmpLen = BN_num_bytes( biqmp );
+ 
+ 	CK_RV  rv;
+ 
+@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
+ 	}
+ 
+ 	// Get binary representations of the RSA key information
+-	BN_bn2bin( a_pRsa->n, n );
+-	BN_bn2bin( a_pRsa->e, e );
+-	BN_bn2bin( a_pRsa->d, d );
+-	BN_bn2bin( a_pRsa->p, p );
+-	BN_bn2bin( a_pRsa->q, q );
+-	BN_bn2bin( a_pRsa->dmp1, dmp1 );
+-	BN_bn2bin( a_pRsa->dmq1, dmq1 );
+-	BN_bn2bin( a_pRsa->iqmp, iqmp );
++	BN_bn2bin( bn, n );
++	BN_bn2bin( be, e );
++	BN_bn2bin( bd, d );
++	BN_bn2bin( bp, p );
++	BN_bn2bin( bq, q );
++	BN_bn2bin( bdmp1, dmp1 );
++	BN_bn2bin( bdmq1, dmq1 );
++	BN_bn2bin( biqmp, iqmp );
+ 
+ 	// Create the RSA private key object
+ 	rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch b/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
new file mode 100644
index 0000000..9ae3f72
--- /dev/null
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Pending
+Update to build with openssl 1.1.x
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/cmds/tpm_extendpcr.c
+===================================================================
+--- git.orig/src/cmds/tpm_extendpcr.c
++++ git/src/cmds/tpm_extendpcr.c
+@@ -136,7 +136,7 @@ int main(int argc, char **argv)
+ 
+ 		unsigned char msg[EVP_MAX_MD_SIZE];
+ 		unsigned int msglen;
+-		EVP_MD_CTX ctx;
++		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ 		EVP_DigestInit(&ctx, EVP_sha1());
+ 		while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0)
+ 			EVP_DigestUpdate(&ctx, line, lineLen);
diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
index ab5e683..40150af 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
+++ b/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
@@ -1,8 +1,8 @@
-Index: tpm-tools-1.3.8/include/tpm_tspi.h
+Index: git/include/tpm_tspi.h
 ===================================================================
---- tpm-tools-1.3.8.orig/include/tpm_tspi.h	2011-08-17 08:20:35.000000000 -0400
-+++ tpm-tools-1.3.8/include/tpm_tspi.h	2013-01-05 23:26:31.571598217 -0500
-@@ -117,6 +117,10 @@
+--- git.orig/include/tpm_tspi.h
++++ git/include/tpm_tspi.h
+@@ -117,6 +117,10 @@ TSS_RESULT tpmPcrRead(TSS_HTPM a_hTpm, U
  			UINT32 *a_PcrSize, BYTE **a_PcrValue);
  TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx,
  					UINT32 a_PcrSize, BYTE *a_PcrValue);
@@ -13,11 +13,11 @@ Index: tpm-tools-1.3.8/include/tpm_tspi.h
  #ifdef TSS_LIB_IS_12
  TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v);
  TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue);
-Index: tpm-tools-1.3.8/lib/tpm_tspi.c
+Index: git/lib/tpm_tspi.c
 ===================================================================
---- tpm-tools-1.3.8.orig/lib/tpm_tspi.c	2011-08-17 08:20:35.000000000 -0400
-+++ tpm-tools-1.3.8/lib/tpm_tspi.c	2013-01-05 23:27:37.731593490 -0500
-@@ -594,6 +594,20 @@
+--- git.orig/lib/tpm_tspi.c
++++ git/lib/tpm_tspi.c
+@@ -594,6 +594,20 @@ pcrcompositeSetPcrValue(TSS_HPCRS a_hPcr
  	return result;
  }
  
@@ -38,10 +38,10 @@ Index: tpm-tools-1.3.8/lib/tpm_tspi.c
  #ifdef TSS_LIB_IS_12
  /*
   * These getPasswd functions will wrap calls to the other functions and check to see if the TSS
-Index: tpm-tools-1.3.8/src/cmds/Makefile.am
+Index: git/src/cmds/Makefile.am
 ===================================================================
---- tpm-tools-1.3.8.orig/src/cmds/Makefile.am	2011-08-15 13:52:08.000000000 -0400
-+++ tpm-tools-1.3.8/src/cmds/Makefile.am	2013-01-05 23:30:46.223593698 -0500
+--- git.orig/src/cmds/Makefile.am
++++ git/src/cmds/Makefile.am
 @@ -22,6 +22,7 @@
  #
  
@@ -50,16 +50,16 @@ Index: tpm-tools-1.3.8/src/cmds/Makefile.am
  			tpm_unsealdata
  
  if TSS_LIB_IS_12
-@@ -33,4 +34,5 @@
- LDADD		=	$(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto
+@@ -33,4 +34,5 @@ endif
+ LDADD		=	$(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto @INTLLIBS@
  
  tpm_sealdata_SOURCES = tpm_sealdata.c
 +tpm_extendpcr_SOURCES = tpm_extendpcr.c
  tpm_unsealdata_SOURCES = tpm_unsealdata.c
-Index: tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c
+Index: git/src/cmds/tpm_extendpcr.c
 ===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c	2013-01-05 23:37:43.403585514 -0500
+--- /dev/null
++++ git/src/cmds/tpm_extendpcr.c
 @@ -0,0 +1,181 @@
 +/*
 + * The Initial Developer of the Original Code is International
diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
similarity index 84%
rename from meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
rename to meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
index f670bff..88ef19f 100644
--- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
+++ b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
@@ -12,14 +12,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9"
 DEPENDS = "libtspi openssl"
 DEPENDS_class-native = "trousers-native"
 
-SRCREV = "5c5126bedf2da97906358adcfb8c43c86e7dd0ee"
+SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
 SRC_URI = " \
 	git://git.code.sf.net/p/trousers/tpm-tools \
 	file://tpm-tools-extendpcr.patch \
+	file://04-fix-FTBFS-clang.patch \
+	file://05-openssl1.1_fix_data_mgmt.patch \
+        file://openssl1.1_fix.patch \
 	"
 
-PV = "1.3.9.1+git${SRCPV}"
-
 inherit autotools-brokensep gettext
 
 S = "${WORKDIR}/git"
-- 
2.17.1

[meta-security][PATCH 16/25] bastille: fix QA error

[Armin Kuster]

bastille_3.2.1.bb: cannot map 'allarch' to a linux kernel architecture

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-security/bastille/bastille_3.2.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb
index eee1a38..152c03a 100644
--- a/recipes-security/bastille/bastille_3.2.1.bb
+++ b/recipes-security/bastille/bastille_3.2.1.bb
@@ -9,7 +9,7 @@ DEPENDS = "virtual/kernel"
 RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd libcurses-perl coreutils"
 FILES_${PN} += "/run/lock/subsys/bastille"
 
-inherit allarch module-base
+inherit module-base
 
 SRC_URI = "http://sourceforge.net/projects/bastille-linux/files/bastille-linux/3.2.1/Bastille-3.2.1.tar.bz2 \
            file://AccountPermission.pm \
-- 
2.17.1

[meta-security][PATCH 17/25] packagegroup-core-security: change scapy to python name

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-security/packagegroup/packagegroup-core-security.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb
index 6682d29..5317aee 100644
--- a/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -27,7 +27,7 @@ RDEPENDS_packagegroup-security-utils = "\
     checksec \
     nmap \
     pinentry \
-    scapy \
+    python3-scapy \
     ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils", "",d)} \
     "
 
-- 
2.17.1

[meta-security][PATCH 18/25] tor: remove not used

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-browers/tor/tor_6.5.2.bb | 7 -------
 1 file changed, 7 deletions(-)
 delete mode 100644 recipes-browers/tor/tor_6.5.2.bb

diff --git a/recipes-browers/tor/tor_6.5.2.bb b/recipes-browers/tor/tor_6.5.2.bb
deleted file mode 100644
index 1e3a812..0000000
--- a/recipes-browers/tor/tor_6.5.2.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-SUMMARY = "Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security."
-
-HOMEPAGE = "https://www.torproject.org/"
-
-LICENSE = "GPV-v2"
-
-SRC_URI = "https://github.com/TheTorProject/gettorbrowser/archive/v6.5.2.tar.gz"
-- 
2.17.1

[meta-security][PATCH 19/25] pcr-extend: fix building with openssl 1.1

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../files/fix_openssl11_build.patch           | 45 +++++++++++++++++++
 .../recipes-tpm/pcr-extend/pcr-extend_git.bb  |  3 +-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch

diff --git a/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch b/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch
new file mode 100644
index 0000000..cf2d437
--- /dev/null
+++ b/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch
@@ -0,0 +1,45 @@
+Enable building with openssl 1.1
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/pcr-extend.c
+===================================================================
+--- git.orig/src/pcr-extend.c
++++ git/src/pcr-extend.c
+@@ -118,7 +118,7 @@ dump_buf (FILE *file, char *buf, size_t
+ static unsigned char*
+ sha1_file (FILE *file, unsigned int *hash_len)
+ {
+-    EVP_MD_CTX ctx = { 0 };
++    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+     unsigned char *buf = NULL, *hash = NULL;
+     size_t num_read = 0;
+ 
+@@ -127,7 +127,7 @@ sha1_file (FILE *file, unsigned int *has
+         perror ("malloc:\n");
+         goto sha1_fail;
+     }
+-    if (EVP_DigestInit (&ctx, EVP_sha1 ()) == 0) {
++    if (EVP_DigestInit (ctx, EVP_sha1 ()) == 0) {
+         ERR_print_errors_fp (stderr);
+         goto sha1_fail;
+     }
+@@ -135,7 +135,7 @@ sha1_file (FILE *file, unsigned int *has
+         num_read = fread (buf, 1, BUF_SIZE, file);
+         if (num_read <= 0)
+             break;
+-        if (EVP_DigestUpdate (&ctx, buf, num_read) == 0) {
++        if (EVP_DigestUpdate (ctx, buf, num_read) == 0) {
+             ERR_print_errors_fp (stderr);
+             goto sha1_fail;
+         }
+@@ -149,7 +149,7 @@ sha1_file (FILE *file, unsigned int *has
+         perror ("calloc of hash buffer:\n");
+         goto sha1_fail;
+     }
+-    if (EVP_DigestFinal (&ctx, hash, hash_len) == 0) {
++    if (EVP_DigestFinal (ctx, hash, hash_len) == 0) {
+         ERR_print_errors_fp (stderr);
+         goto sha1_fail;
+     }
diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index 0cc4f63..f8347b7 100644
--- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,8 @@ DEPENDS = "libtspi"
 PV = "0.1+git${SRCPV}"
 SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"
 
-SRC_URI = "git://github.com/flihp/pcr-extend.git "
+SRC_URI = "git://github.com/flihp/pcr-extend.git \
+           file://fix_openssl11_build.patch "
 
 inherit autotools
 
-- 
2.17.1

[meta-security][PATCH 20/25] openssl-tpm-engine: update SRC_URI and update to 0.5.0

[Armin Kuster]

change to a fork that is being maintained and that enabled openssl 1.1
Refresh patches
Drop one no longer needed

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...pm-key-support-well-known-key-option.patch | 24 +++++------
 .../0002-libtpm-support-env-TPM_SRK_PW.patch  | 14 +++----
 .../0003-Fix-not-building-libtpm.la.patch     | 25 -----------
 ...engine-parse-an-encrypted-tpm-SRK-pa.patch | 41 +++++++++----------
 ...engine-change-variable-c-type-from-c.patch | 13 +++---
 .../files/openssl11_build_fix.patch           | 34 +++++++++++++++
 ...e_0.4.2.bb => openssl-tpm-engine_0.5.0.bb} | 41 +++++++------------
 7 files changed, 91 insertions(+), 101 deletions(-)
 delete mode 100644 meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch
 create mode 100644 meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
 rename meta-tpm/recipes-tpm/openssl-tpm-engine/{openssl-tpm-engine_0.4.2.bb => openssl-tpm-engine_0.5.0.bb} (55%)

diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
index 67071b6..bed8b92 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
@@ -8,20 +8,20 @@ Add "-z" option to select well known password in create_tpm_key tool.
 
 Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
 
-diff --git a/create_tpm_key.c b/create_tpm_key.c
-index fee917f..7b94d62 100644
---- a/create_tpm_key.c
-+++ b/create_tpm_key.c
-@@ -46,6 +46,8 @@
- #include <trousers/tss.h>
- #include <trousers/trousers.h>
+Index: git/src/create_tpm_key.c
+===================================================================
+--- git.orig/src/create_tpm_key.c
++++ git/src/create_tpm_key.c
+@@ -48,6 +48,8 @@
+ 
+ #include "ssl_compat.h"
  
 +#define TPM_WELL_KNOWN_KEY_LEN 20   /*well know key length is 20 bytes zero*/
 +
  #define print_error(a,b) \
  	fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
  		a, b, Trspi_Error_String(b))
-@@ -70,6 +72,7 @@ usage(char *argv0)
+@@ -72,6 +74,7 @@ usage(char *argv0)
  		"\t\t-e|--enc-scheme  encryption scheme to use [PKCSV15] or OAEP\n"
  		"\t\t-q|--sig-scheme  signature scheme to use [DER] or SHA1\n"
  		"\t\t-s|--key-size    key size in bits [2048]\n"
@@ -29,7 +29,7 @@ index fee917f..7b94d62 100644
  		"\t\t-a|--auth        require a password for the key [NO]\n"
  		"\t\t-p|--popup       use TSS GUI popup dialogs to get the password "
  		"for the\n\t\t\t\t key [NO] (implies --auth)\n"
-@@ -147,6 +150,7 @@ int main(int argc, char **argv)
+@@ -154,6 +157,7 @@ int main(int argc, char **argv)
  	int		asn1_len;
  	char		*filename, c, *openssl_key = NULL;
  	int		option_index, auth = 0, popup = 0, wrap = 0;
@@ -37,7 +37,7 @@ index fee917f..7b94d62 100644
  	UINT32		enc_scheme = TSS_ES_RSAESPKCSV15;
  	UINT32		sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
  	UINT32		key_size = 2048;
-@@ -154,12 +158,15 @@ int main(int argc, char **argv)
+@@ -161,12 +165,15 @@ int main(int argc, char **argv)
  
  	while (1) {
  		option_index = 0;
@@ -54,7 +54,7 @@ index fee917f..7b94d62 100644
  			case 'a':
  				initFlags |= TSS_KEY_AUTHORIZATION;
  				auth = 1;
-@@ -293,6 +300,8 @@ int main(int argc, char **argv)
+@@ -300,6 +307,8 @@ int main(int argc, char **argv)
  
  	if (srk_authusage) {
  		char *authdata = calloc(1, 128);
@@ -63,7 +63,7 @@ index fee917f..7b94d62 100644
  
  		if (!authdata) {
  			fprintf(stderr, "malloc failed.\n");
-@@ -309,17 +318,26 @@ int main(int argc, char **argv)
+@@ -316,17 +325,26 @@ int main(int argc, char **argv)
  			exit(result);
  		}
  
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
index f718f2e..2caaaf0 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
@@ -9,20 +9,20 @@ use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password.
 
 Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
 
-diff --git a/e_tpm.c b/e_tpm.c
-index f3e8bcf..7dcb75a 100644
---- a/e_tpm.c
-+++ b/e_tpm.c
+Index: git/src/e_tpm.c
+===================================================================
+--- git.orig/src/e_tpm.c
++++ git/src/e_tpm.c
 @@ -38,6 +38,8 @@
- 
  #include "e_tpm.h"
+ #include "ssl_compat.h"
  
 +#define TPM_WELL_KNOWN_KEY_LEN 20   /*well know key length is 20 bytes zero*/
 +
  //#define DLOPEN_TSPI
  
  #ifndef OPENSSL_NO_HW
-@@ -248,6 +250,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  	TSS_RESULT result;
  	UINT32 authusage;
  	BYTE *auth;
@@ -33,7 +33,7 @@ index f3e8bcf..7dcb75a 100644
  
  	if (hSRK != NULL_HKEY) {
  		DBGFN("SRK is already loaded.");
-@@ -299,18 +305,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  		return 0;
  	}
  
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch
deleted file mode 100644
index d24a150..0000000
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 7848445a1f4c750ef73bf96f5e89d402f87a1756 Mon Sep 17 00:00:00 2001
-From: Lans Zhang <jia.zhang@windriver.com>
-Date: Mon, 19 Jun 2017 14:54:28 +0800
-Subject: [PATCH] Fix not building libtpm.la
-
-Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
----
- Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 6695656..634a7e6 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -10,4 +10,6 @@ libtpm_la_LIBADD=-lcrypto -lc -ltspi
- libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
- 
- create_tpm_key_SOURCES=create_tpm_key.c
--create_tpm_key_LDADD=-ltspi
-+create_tpm_key_LDFLAGS=-ltspi
-+
-+LDADD=libtpm.la
--- 
-2.7.5
-
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
index a88148f..cc8772d 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
@@ -22,11 +22,11 @@ Signed-off-by: Meng Li <Meng.Li@windriver.com>
  e_tpm_err.c |   4 ++
  3 files changed, 164 insertions(+), 1 deletion(-)
 
-diff --git a/e_tpm.c b/e_tpm.c
-index 7dcb75a..11bf74b 100644
---- a/e_tpm.c
-+++ b/e_tpm.c
-@@ -245,6 +245,118 @@ void ENGINE_load_tpm(void)
+Index: git/src/e_tpm.c
+===================================================================
+--- git.orig/src/e_tpm.c
++++ git/src/e_tpm.c
+@@ -259,6 +259,118 @@ void ENGINE_load_tpm(void)
  	ERR_clear_error();
  }
  
@@ -145,7 +145,7 @@ index 7dcb75a..11bf74b 100644
  int tpm_load_srk(UI_METHOD *ui, void *cb_data)
  {
  	TSS_RESULT result;
-@@ -305,8 +417,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -319,8 +431,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  		return 0;
  	}
  
@@ -197,7 +197,7 @@ index 7dcb75a..11bf74b 100644
  		if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
  			memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
  			secretMode = TSS_SECRET_MODE_SHA1;
-@@ -319,6 +473,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -333,6 +487,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
  			authlen = strlen(auth);
  		}
  	}
@@ -205,11 +205,11 @@ index 7dcb75a..11bf74b 100644
  	else {
  		if (!tpm_engine_get_auth(ui, (char *)auth, 128,
  				"SRK authorization: ", cb_data)) {
-diff --git a/e_tpm.h b/e_tpm.h
-index 6316e0b..56ff202 100644
---- a/e_tpm.h
-+++ b/e_tpm.h
-@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line);
+Index: git/src/e_tpm.h
+===================================================================
+--- git.orig/src/e_tpm.h
++++ git/src/e_tpm.h
+@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
  #define TPM_F_TPM_FILL_RSA_OBJECT		116
  #define TPM_F_TPM_ENGINE_GET_AUTH		117
  #define TPM_F_TPM_CREATE_SRK_POLICY		118
@@ -218,7 +218,7 @@ index 6316e0b..56ff202 100644
  
  /* Reason codes. */
  #define TPM_R_ALREADY_LOADED			100
-@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line);
+@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int rea
  #define TPM_R_ID_INVALID			125
  #define TPM_R_UI_METHOD_FAILED			126
  #define TPM_R_UNKNOWN_SECRET_MODE		127
@@ -227,11 +227,11 @@ index 6316e0b..56ff202 100644
  
  /* structure pointed to by the RSA object's app_data pointer */
  struct rsa_app_data
-diff --git a/e_tpm_err.c b/e_tpm_err.c
-index 25a5d0f..439e267 100644
---- a/e_tpm_err.c
-+++ b/e_tpm_err.c
-@@ -235,6 +235,8 @@ static ERR_STRING_DATA TPM_str_functs[] = {
+Index: git/src/e_tpm_err.c
+===================================================================
+--- git.orig/src/e_tpm_err.c
++++ git/src/e_tpm_err.c
+@@ -234,6 +234,8 @@ static ERR_STRING_DATA TPM_str_functs[]
  	{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
  	{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
  	{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
@@ -240,7 +240,7 @@ index 25a5d0f..439e267 100644
  	{0, NULL}
  };
  
-@@ -265,6 +267,8 @@ static ERR_STRING_DATA TPM_str_reasons[] = {
+@@ -264,6 +266,8 @@ static ERR_STRING_DATA TPM_str_reasons[]
  	{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
  	{TPM_R_ID_INVALID, "engine id doesn't match"},
  	{TPM_R_UI_METHOD_FAILED, "ui function failed"},
@@ -249,6 +249,3 @@ index 25a5d0f..439e267 100644
  	{0, NULL}
  };
  
--- 
-2.9.3
-
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
index 076704d..535472a 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
@@ -15,11 +15,11 @@ Signed-off-by: Meng Li <Meng.Li@windriver.com>
  create_tpm_key.c |    3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/create_tpm_key.c b/create_tpm_key.c
-index 7b94d62..f30af90 100644
---- a/create_tpm_key.c
-+++ b/create_tpm_key.c
-@@ -148,7 +148,8 @@ int main(int argc, char **argv)
+Index: git/src/create_tpm_key.c
+===================================================================
+--- git.orig/src/create_tpm_key.c
++++ git/src/create_tpm_key.c
+@@ -155,7 +155,8 @@ int main(int argc, char **argv)
  	ASN1_OCTET_STRING *blob_str;
  	unsigned char	*blob_asn1 = NULL;
  	int		asn1_len;
@@ -29,6 +29,3 @@ index 7b94d62..f30af90 100644
  	int		option_index, auth = 0, popup = 0, wrap = 0;
  	int		wellknownkey = 0;
  	UINT32		enc_scheme = TSS_ES_RSAESPKCSV15;
--- 
-1.7.9.5
-
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
new file mode 100644
index 0000000..2f8eb81
--- /dev/null
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
@@ -0,0 +1,34 @@
+Fix compiling for openssl 1.1
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/e_tpm.c
+===================================================================
+--- git.orig/src/e_tpm.c
++++ git/src/e_tpm.c
+@@ -265,19 +265,20 @@ static int tpm_decode_base64(unsigned ch
+ 				int *out_len)
+ {
+ 	int total_len, len, ret;
+-	EVP_ENCODE_CTX dctx;
++	EVP_ENCODE_CTX *dctx;
+ 
+-	EVP_DecodeInit(&dctx);
++	dctx = EVP_ENCODE_CTX_new();
++	EVP_DecodeInit(dctx);
+ 
+ 	total_len = 0;
+-	ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len);
++	ret = EVP_DecodeUpdate(dctx, outdata, &len, indata, in_len);
+ 	if (ret < 0) {
+ 		TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
+ 		return 1;
+ 	}
+ 
+ 	total_len += len;
+-	ret = EVP_DecodeFinal(&dctx, outdata, &len);
++	ret = EVP_DecodeFinal(dctx, outdata, &len);
+ 	if (ret < 0) {
+ 		TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
+ 		return 1;
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
similarity index 55%
rename from meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb
rename to meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index 4854f70..0f98b79 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -1,5 +1,5 @@
 DESCRIPTION = "OpenSSL secure engine based on TPM hardware"
-HOMEPAGE = "https://sourceforge.net/projects/trousers/"
+HOMEPAGE = "https://github.com/mgerstner/openssl_tpm_engine"
 SECTION = "security/tpm"
 
 LICENSE = "openssl"
@@ -8,18 +8,18 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
 DEPENDS += "openssl trousers"
 
 SRC_URI = "\
-    git://git.code.sf.net/p/trousers/openssl_tpm_engine \
+    git://github.com/mgerstner/openssl_tpm_engine.git \
     file://0001-create-tpm-key-support-well-known-key-option.patch \
     file://0002-libtpm-support-env-TPM_SRK_PW.patch \
-    file://0003-Fix-not-building-libtpm.la.patch \
     file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
     file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \
+    file://openssl11_build_fix.patch \
 "
-SRCREV = "bbc2b1af809f20686e0d3553a62f0175742c0d60"
+SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf"
 
 S = "${WORKDIR}/git"
 
-inherit autotools-brokensep
+inherit autotools-brokensep pkgconfig
 
 # The definitions below are used to decrypt the srk password.
 # It is allowed to define the values in 3 forms: string, hex number and
@@ -41,35 +41,22 @@ CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}"
 #CFLAGS_append += "-DTPM_SRK_PLAIN_PW"
 
 do_configure_prepend() {
-    cd "${S}"
+    cd ${B}
     cp LICENSE COPYING
-    touch NEWS AUTHORS ChangeLog
+    touch NEWS AUTHORS ChangeLog README
 }
 
-do_install_append() {
-    install -m 0755 -d "${D}${libdir}/engines"
-    install -m 0755 -d "${D}${prefix}/local/ssl/lib/engines"
-    install -m 0755 -d "${D}${libdir}/ssl/engines"
-
-    cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/libtpm.so.0"
-    cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/engines/libtpm.so"
-    cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${prefix}/local/ssl/lib/engines/libtpm.so"
-    mv -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/ssl/engines/libtpm.so"
-    mv -f "${D}${libdir}/openssl/engines/libtpm.la" "${D}${libdir}/ssl/engines/libtpm.la"
-    rm -rf "${D}${libdir}/openssl"
-}
-
-FILES_${PN}-staticdev += "${libdir}/ssl/engines/libtpm.la"
+FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la"
 FILES_${PN}-dbg += "\
-    ${libdir}/ssl/engines/.debug \
-    ${libdir}/engines/.debug \
-    ${prefix}/local/ssl/lib/engines/.debug \
+    ${libdir}/ssl/engines-1.1/.debug \
+    ${libdir}/engines-1.1/.debug \
+    ${prefix}/local/ssl/lib/engines-1.1/.debug \
 "
 FILES_${PN} += "\
-    ${libdir}/ssl/engines/libtpm.so* \
-    ${libdir}/engines/libtpm.so* \
+    ${libdir}/ssl/engines-1.1/tpm.so* \
+    ${libdir}/engines-1.1/tpm.so* \
     ${libdir}/libtpm.so* \
-    ${prefix}/local/ssl/lib/engines/libtpm.so* \
+    ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \
 "
 
 RDEPENDS_${PN} += "libcrypto libtspi"
-- 
2.17.1

[meta-security][PATCH 21/25] libtpm: update to tip

[Armin Kuster]

LIC_FILES_CHKSUM changed do to "Extend license texts with TPM 2 specifics"

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
index b29ec6b..a930d7b 100644
--- a/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
+++ b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -1,11 +1,9 @@
 SUMMARY = "LIBPM - Software TPM Library"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
 
-SRCREV = "3388d45082bdc588c6fc0672f44d6d7d0aaa86ff"
-SRC_URI = " \
-	git://github.com/stefanberger/libtpms.git \
-	"
+SRCREV = "4111bd1bcf721e6e7b5f11ed9c2b93083677aa25"
+SRC_URI = "git://github.com/stefanberger/libtpms.git"
 
 S = "${WORKDIR}/git"
 inherit autotools-brokensep pkgconfig
-- 
2.17.1

[meta-security][PATCH 22/25] swtpm: update to tip for openssl 1.1 support

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
index 7476020..e0c5ffe 100644
--- a/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -8,9 +8,8 @@ DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native"
 # configure checks for the tools already during compilation and
 # then swtpm_setup needs them at runtime
 DEPENDS += "tpm-tools-native expect-native socat-native"
-RDEPENDS_${PN} += "tpm-tools"
 
-SRCREV = "4f4f2f0a7e3195f6df8d235d58630a08e69403d8"
+SRCREV = "66b42f52ef363998cb57f039889d59381d20bdf1"
 SRC_URI = "git://github.com/stefanberger/swtpm.git \
            file://fix_lib_search_path.patch \
            file://fix_fcntl_h.patch \
@@ -59,3 +58,5 @@ python() {
         'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split():
         raise bb.parse.SkipRecipe('Cuse enabled which requires meta-filesystems to be present.')
 }
+
+RDEPENDS_${PN} += "tpm-tools"
-- 
2.17.1

[meta-security][PATCH 23/25] aircrack: update to 1.3

[Armin Kuster]

remove unneeded patch.
minor cleanups

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...{aircrack-ng_1.2.bb => aircrack-ng_1.3.bb} | 11 +++-----
 .../aircrack-ng/files/fixup_cflags.patch      | 28 -------------------
 2 files changed, 4 insertions(+), 35 deletions(-)
 rename recipes-security/aircrack-ng/{aircrack-ng_1.2.bb => aircrack-ng_1.3.bb} (78%)
 delete mode 100644 recipes-security/aircrack-ng/files/fixup_cflags.patch

diff --git a/recipes-security/aircrack-ng/aircrack-ng_1.2.bb b/recipes-security/aircrack-ng/aircrack-ng_1.3.bb
similarity index 78%
rename from recipes-security/aircrack-ng/aircrack-ng_1.2.bb
rename to recipes-security/aircrack-ng/aircrack-ng_1.3.bb
index 4df072e..d739227 100644
--- a/recipes-security/aircrack-ng/aircrack-ng_1.2.bb
+++ b/recipes-security/aircrack-ng/aircrack-ng_1.3.bb
@@ -6,16 +6,13 @@ LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=1fbd81241fe252ec0f5658a521ab7dd8"
 
 DEPENDS = "libnl openssl sqlite3 libpcre libpcap"
-RC = "rc2"
-SRC_URI = "http://download.aircrack-ng.org/${BP}-${RC}.tar.gz \
-            file://fixup_cflags.patch"
 
-SRC_URI[md5sum] = "ebe9d537f06f4d6956213af09c4476da"
-SRC_URI[sha256sum] = "ba5b3eda44254efc5b7c9f776eb756f7cc323ad5d0813c101e92edb483d157e9"
+SRC_URI = "http://download.aircrack-ng.org/${BP}.tar.gz"
 
-inherit autotools-brokensep pkgconfig
+SRC_URI[md5sum] = "c7c5b076dee0c25ee580b0f56f455623"
+SRC_URI[sha256sum] = "8ae08a7c28741f6ace2769267112053366550e7f746477081188ad38410383ca"
 
-S = "${WORKDIR}/${BP}-rc2"
+inherit autotools-brokensep pkgconfig
 
 PACKAGECONFIG ?= ""
 CFLAGS += " -I${S}/src/include"
diff --git a/recipes-security/aircrack-ng/files/fixup_cflags.patch b/recipes-security/aircrack-ng/files/fixup_cflags.patch
deleted file mode 100644
index e13dd24..0000000
--- a/recipes-security/aircrack-ng/files/fixup_cflags.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Upstream Status: Iinappropriate
-
-Issues do to build env.
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: aircrack-ng-1.2-rc2/src/Makefile
-===================================================================
---- aircrack-ng-1.2-rc2.orig/src/Makefile
-+++ aircrack-ng-1.2-rc2/src/Makefile
-@@ -3,8 +3,6 @@ include $(AC_ROOT)/common.mak
- 
- TEST_DIR	= $(AC_ROOT)/test
- 
--CFLAGS		+= -Iinclude
--
- iCC             = $(shell find /opt/intel/cc/*/bin/icc)
- iCFLAGS         = -w -mcpu=pentiumpro -march=pentiumpro $(COMMON_CFLAGS)
- iOPTFLAGS       = -O3 -ip -ipo -D_FILE_OFFSET_BITS=64
-@@ -102,7 +100,7 @@ endif
- 
- 
- ifeq ($(subst TRUE,true,$(filter TRUE true,$(sqlite) $(SQLITE))),true)
--	LIBSQL		= -L/usr/local/lib -lsqlite3
-+	LIBSQL		= -lsqlite3
- else
- 	LIBSQL		=
- endif
-- 
2.17.1

[meta-security][PATCH 24/25] lynis: update to 2.6.8

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-auditors/lynis/{lynis_2.5.1.bb => lynis_2.6.8.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-security-compliance/recipes-auditors/lynis/{lynis_2.5.1.bb => lynis_2.6.8.bb} (89%)

diff --git a/meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb b/meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb
similarity index 89%
rename from meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb
rename to meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb
index c25b804..28a4469 100644
--- a/meta-security-compliance/recipes-auditors/lynis/lynis_2.5.1.bb
+++ b/meta-security-compliance/recipes-auditors/lynis/lynis_2.6.8.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1"
 
 SRC_URI = "https://cisofy.com/files/${BPN}-${PV}.tar.gz"
 
-SRC_URI[md5sum] = "5b9da89c616344bbc73cbc5688a4a0bd"
-SRC_URI[sha256sum] = "7a09c6fc71c65d572ca702df7b4394d71f9037484062ef71b76f59a2c498b029"
+SRC_URI[md5sum] = "91a538055bfb682733ef8e4fe7eb0902"
+SRC_URI[sha256sum] = "2e4c5157a4f2d9bb37d3f0f1f5bea03f92233a2a7d4df6eddf231a784087dfac"
 
 S = "${WORKDIR}/${BPN}"
 
-- 
2.17.1

[meta-security][PATCH 25/25] forensics: drop all un supported pacakges

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-forensic/afflib/afflib_3.6.6.bb       | 30 ------------------
 .../afflib/files/configure_rm_ms_flags.patch  | 18 -----------
 recipes-forensic/libewf/files/gcc5_fix.patch  | 22 -------------
 recipes-forensic/libewf/libewf_20140608.bb    | 24 --------------
 .../sleuth/files/fix_host_poison.patch        | 23 --------------
 recipes-forensic/sleuth/sleuthkit_4.1.3.bb    | 31 -------------------
 6 files changed, 148 deletions(-)
 delete mode 100644 recipes-forensic/afflib/afflib_3.6.6.bb
 delete mode 100644 recipes-forensic/afflib/files/configure_rm_ms_flags.patch
 delete mode 100644 recipes-forensic/libewf/files/gcc5_fix.patch
 delete mode 100644 recipes-forensic/libewf/libewf_20140608.bb
 delete mode 100644 recipes-forensic/sleuth/files/fix_host_poison.patch
 delete mode 100644 recipes-forensic/sleuth/sleuthkit_4.1.3.bb

diff --git a/recipes-forensic/afflib/afflib_3.6.6.bb b/recipes-forensic/afflib/afflib_3.6.6.bb
deleted file mode 100644
index a826d1d..0000000
--- a/recipes-forensic/afflib/afflib_3.6.6.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "The Advanced Forensic Format (AFF) is on-disk format for storing computer forensic information."
-HOMEPAGE = "http://www.afflib.org/"
-LICENSE = " BSD-4-Clause  & CPL-1.0"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d1b2c6d0d6908f45d143ef6380727828"
-
-DEPENDS = " zlib ncurses readline openssl libgcrypt"
-
-SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/a/${BPN}/${BPN}_${PV}.orig.tar.gz;name=orig \
-        http://archive.ubuntu.com/ubuntu/pool/universe/a/${BPN}/${BPN}_${PV}-1.1.diff.gz;name=dpatch \
-        file://configure_rm_ms_flags.patch \
-        "
-
-SRC_URI[orig.md5sum] = "b7ff4d2945882018eb1536cad182ad01"
-SRC_URI[orig.sha256sum] = "19cacfd558dc00e11975e820e3c4383b52aabbd5ca081d27bb7994a035d2f4ad"
-SRC_URI[dpatch.md5sum] = "171e871024545b487589e6c85290576f"
-SRC_URI[dpatch.sha256sum] = "db632e254ee51a1e4328cd4449d414eff4795053d4e36bfa8e0020fcb4085cdd"
-
-inherit autotools-brokensep pkgconfig
-
-CPPFLAGS = "-I${STAGING_INCDIR}"
-LDFLAGS = "-L${STAGING_LIBDIR}"
-
-PACKAGECONFIG ??= ""
-PACKAGECONFIG[curl] = "--with-curl=${STAGING_LIBDIR}, --without-curl, curl"
-PACKAGECONFIG[expat] = "--with-expat=${STAGING_LIBDIR}, --without-expat, expat"
-PACKAGECONFIG[fuse] = "--enable-fuse=yes, --enable-fuse=no, fuse"
-PACKAGECONFIG[python] = "--enable-python=yes, --enable-python=no, python"
-
-EXTRA_OECONF += "--enable-s3=no CPPFLAGS=-I${STAGING_INCDIR} LDFLAGS=-L${STAGING_LIBDIR}"
-EXTRA_OEMAKE += "CPPFLAGS='${CPPFLAGS}' LDFLAGS='-L${STAGING_LIBDIR} -I${STAGING_INCDIR}'"
diff --git a/recipes-forensic/afflib/files/configure_rm_ms_flags.patch b/recipes-forensic/afflib/files/configure_rm_ms_flags.patch
deleted file mode 100644
index ac33500..0000000
--- a/recipes-forensic/afflib/files/configure_rm_ms_flags.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-remove ms lib options when cross compiling
-
-Signed-Off-By: Armin Kuster <akuster808@gmail.com>
-
-Index: configure.ac
-===================================================================
---- a.orig/configure.ac
-+++ a/configure.ac
-@@ -47,7 +47,6 @@ if test x"${cross_compiling}" = "xno" ;
-   AC_MSG_NOTICE([ LDFLAGS = ${LDFLAGS} ])
- else
-   AC_MSG_NOTICE([Cross Compiling --- will not update CPPFALGS or LDFLAGS with /usr/local, /opt/local or /sw])
--  LIBS="$LIBS -lws2_32 -lgdi32"
- fi
- 
- if test -r /bin/uname.exe ; then
diff --git a/recipes-forensic/libewf/files/gcc5_fix.patch b/recipes-forensic/libewf/files/gcc5_fix.patch
deleted file mode 100644
index 0881f25..0000000
--- a/recipes-forensic/libewf/files/gcc5_fix.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream Status: pending
-
-Don't use inline with gcc 5.0
-
-fixes:
-undefined reference to `libuna_unicode_character_size_to_utf8'
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: libuna/libuna_inline.h
-===================================================================
---- a/libuna/libuna_inline.h
-+++ b/libuna/libuna_inline.h
-@@ -27,7 +27,7 @@
- #if defined( _MSC_VER )
- #define LIBUNA_INLINE _inline
- 
--#elif defined( __BORLANDC__ ) || defined( __clang__ )
-+#elif defined( __BORLANDC__ ) || defined( __clang__ ) || ( __GNUC__ > 4 )
- #define LIBUNA_INLINE /* inline */
- 
- #else
diff --git a/recipes-forensic/libewf/libewf_20140608.bb b/recipes-forensic/libewf/libewf_20140608.bb
deleted file mode 100644
index f7dce12..0000000
--- a/recipes-forensic/libewf/libewf_20140608.bb
+++ /dev/null
@@ -1,24 +0,0 @@
-SUMMARY = "library with support for Expert Witness Compression Format"
-LICENSE = "LGPLv3+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=58c39b26c0549f8e1bb4122173f474cd"
-
-DEPENDS = "virtual/gettext libtool"
-
-SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/libe/${BPN}/${BPN}_${PV}.orig.tar.gz;name=orig \
-        file://gcc5_fix.patch \
-        "
-SRC_URI[orig.md5sum] = "fdf615f23937fad8e02b60b9e3e5fb35"
-SRC_URI[orig.sha256sum] = "d14030ce6122727935fbd676d0876808da1e112721f3cb108564a4d9bf73da71"
-
-inherit autotools-brokensep pkgconfig gettext
-
-PACKAGECONFIG ??= "zlib ssl bz2"
-PACKAGECONFIG[zlib] = "--with-zlib, --without-zlib, zlib, zlib"
-PACKAGECONFIG[bz2] = "--with-bzip2, --without-bzip2, bzip2, bzip2"
-PACKAGECONFIG[ssl] = "--with-openssl, --without-openssl, openssl, openssl"
-PACKAGECONFIG[fuse] = "--with-libfuse, --without-libfuse, fuse"
-PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
-
-EXTRA_OECONF += "--with-gnu-ld --disable-rpath"
-
-RDEPENDS_${PN} += " util-linux-libuuid"
diff --git a/recipes-forensic/sleuth/files/fix_host_poison.patch b/recipes-forensic/sleuth/files/fix_host_poison.patch
deleted file mode 100644
index 03b1fb9..0000000
--- a/recipes-forensic/sleuth/files/fix_host_poison.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Don't use host include or lib paths in *FLAGS
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: configure.ac
-===================================================================
---- a/configure.ac
-+++ b/configure.ac
-@@ -84,12 +84,6 @@ AX_PTHREAD([
-     LDFLAGS="$LDFLAGS $PTHREAD_CFLAGS"
-     CC="$PTHREAD_CC"],[])
- 
--dnl Not all compilers include /usr/local in the include and link path
--if test -d /usr/local/include; then
--    CPPFLAGS="$CPPFLAGS -I/usr/local/include"
--    LDFLAGS="$LDFLAGS -L/usr/local/lib"
--fi
--
- dnl Add enable/disable option
- AC_ARG_ENABLE([java],
-     [AS_HELP_STRING([--disable-java], [Do not build the java bindings or jar file])])
diff --git a/recipes-forensic/sleuth/sleuthkit_4.1.3.bb b/recipes-forensic/sleuth/sleuthkit_4.1.3.bb
deleted file mode 100644
index ba335f3..0000000
--- a/recipes-forensic/sleuth/sleuthkit_4.1.3.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-SUMMARY = "The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate disk images."
-HOMEPAGE = "http://www.sleuthkit.org/sleuthkit/"
-LICENSE = "IPL-1.0 & GPLv2 & CPL-1.0"
-LIC_FILES_CHKSUM = "file://licenses/GNU-COPYING;startline=4;endline=5;md5=475b4784903850b579dc6e6310bd5f08\
-    file://licenses/IBM-LICENSE;startline=1;endline=2;md5=1fc3300388b0d6e6216825dd89c2e3a2\
-    file://licenses/cpl1.0.txt;startline=1;endline=2;md5=9e58c878202c73a4e3ed4be72598fb92"
-
-DEPENDS = "libtool"
-
-SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/s/${BPN}/${BPN}_${PV}.orig.tar.gz;name=orig \
-            file://fix_host_poison.patch \
-        "
-SRC_URI[orig.md5sum] = "139a12f06952d8a40bbe07884994cf5d"
-SRC_URI[orig.sha256sum] = "67f9d2a31a8884d58698d6122fc1a1bfa9bf238582bde2b49228ec9b899f0327"
-
-inherit autotools-brokensep pkgconfig gettext
-
-PACKAGECONFIG ??= "aff zlib ewf"
-PACKAGECONFIG[aff] = "--with-afflib=${STAGING_DIR_HOST}/usr, --without-afflib, afflib"
-PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_DIR_HOST}/usr, --without-zlib, zlib"
-PACKAGECONFIG[ewf] = "--with-libewf=${STAGING_DIR_HOST}/usr, --without-libewf, libewf"
-
-#--with-gnu-ld
-EXTRA_OECONF += "--enable-static=no --disable-java LIBS='-L${STAGING_LIBDIR}' LDFLAGS='-L${STAGING_LIBDIR}' CPPFLAGS='-I${STAGING_INCDIR}'"
-
-# Avoid QA Issue: No GNU_HASH in the elf binary
-INSANE_SKIP_${PN} = "ldflags" 
-
-FILES_${PN} += " ${datadir}/tsk"
-
-RDEPENDS_${PN} += " perl"
-- 
2.17.1