* [meta-security][PATCH 1/4] opendnssec: blacklist do to ldns being blacklisted
@ 2021-10-26 14:24 Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 2/4] apparmor: Add a python 3.10 compatability patch Armin Kuster
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Armin Kuster @ 2021-10-26 14:24 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 1 -
.../opendnssec/{opendnssec_2.1.9.bb => opendnssec_2.1.10.bb} | 4 +++-
2 files changed, 3 insertions(+), 2 deletions(-)
rename recipes-security/opendnssec/{opendnssec_2.1.9.bb => opendnssec_2.1.10.bb} (88%)
diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index 6375e24..e9dad5b 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -39,7 +39,6 @@ RDEPENDS:packagegroup-security-utils = "\
python3-fail2ban \
softhsm \
libest \
- opendnssec \
sshguard \
${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 ", "", " libseccomp",d)} \
${@bb.utils.contains("DISTRO_FEATURES", "pam", "sssd google-authenticator-libpam", "",d)} \
diff --git a/recipes-security/opendnssec/opendnssec_2.1.9.bb b/recipes-security/opendnssec/opendnssec_2.1.10.bb
similarity index 88%
rename from recipes-security/opendnssec/opendnssec_2.1.9.bb
rename to recipes-security/opendnssec/opendnssec_2.1.10.bb
index 6c1bd46..6b53711 100644
--- a/recipes-security/opendnssec/opendnssec_2.1.9.bb
+++ b/recipes-security/opendnssec/opendnssec_2.1.10.bb
@@ -10,7 +10,7 @@ SRC_URI = "https://dist.opendnssec.org/source/opendnssec-${PV}.tar.gz \
file://libdns_conf_fix.patch \
"
-SRC_URI[sha256sum] = "6d1d466c8d7f507f3e665f4bfe4d16a68d6bff9d7c2ab65f852e2b2a821c28b5"
+SRC_URI[sha256sum] = "c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756"
inherit autotools pkgconfig perlnative
@@ -32,3 +32,5 @@ do_install:append () {
}
RDEPENDS:${PN} = "softhsm"
+
+PNBLACKLIST[opendnssec] ?= "Needs porting to openssl 3.x"
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-security][PATCH 2/4] apparmor: Add a python 3.10 compatability patch
2021-10-26 14:24 [meta-security][PATCH 1/4] opendnssec: blacklist do to ldns being blacklisted Armin Kuster
@ 2021-10-26 14:24 ` Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 3/4] tpm2-tools: update to 5.2 Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 4/4] openssl-tpm-engine: fix build issue with openssl 3 Armin Kuster
2 siblings, 0 replies; 4+ messages in thread
From: Armin Kuster @ 2021-10-26 14:24 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-mac/AppArmor/apparmor_3.0.1.bb | 4 +--
recipes-mac/AppArmor/files/py3_10_fixup.patch | 35 +++++++++++++++++++
2 files changed, 37 insertions(+), 2 deletions(-)
create mode 100644 recipes-mac/AppArmor/files/py3_10_fixup.patch
diff --git a/recipes-mac/AppArmor/apparmor_3.0.1.bb b/recipes-mac/AppArmor/apparmor_3.0.1.bb
index dca53a3..389e72a 100644
--- a/recipes-mac/AppArmor/apparmor_3.0.1.bb
+++ b/recipes-mac/AppArmor/apparmor_3.0.1.bb
@@ -16,15 +16,15 @@ DEPENDS = "bison-native apr gettext-native coreutils-native swig-native"
SRC_URI = " \
git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.0 \
file://run-ptest \
- file://disable_perl_h_check.patch \
file://crosscompile_perl_bindings.patch \
file://0001-Makefile.am-suppress-perllocal.pod.patch \
file://0001-Revert-profiles-Update-make-check-to-select-tools-ba.patch \
file://0001-Makefile-fix-hardcoded-installation-directories.patch \
file://0001-rc.apparmor.debian-add-missing-functions.patch \
+ file://py3_10_fixup.patch \
"
-SRCREV = "b0f08aa9d678197b8e3477c2fbff790f50a1de5e"
+SRCREV = "b23de501807b8b5793e9654da8688b5fd3281154"
S = "${WORKDIR}/git"
PARALLEL_MAKE = ""
diff --git a/recipes-mac/AppArmor/files/py3_10_fixup.patch b/recipes-mac/AppArmor/files/py3_10_fixup.patch
new file mode 100644
index 0000000..05f8460
--- /dev/null
+++ b/recipes-mac/AppArmor/files/py3_10_fixup.patch
@@ -0,0 +1,35 @@
+m4/ax_python_devel.m4: do not check for distutils
+
+With py 3.10 this prints a deprecation warning which is
+taken as an error. Upstream should rework the code to not
+use distuils.
+
+Upstream-Status: Inappropriate [needs a proper fix upstream]
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/libraries/libapparmor/m4/ac_python_devel.m4
+===================================================================
+--- git.orig/libraries/libapparmor/m4/ac_python_devel.m4
++++ git/libraries/libapparmor/m4/ac_python_devel.m4
+@@ -66,21 +66,6 @@ variable to configure. See ``configure -
+ fi
+
+ #
+- # Check if you have distutils, else fail
+- #
+- AC_MSG_CHECKING([for the distutils Python package])
+- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
+- if test -z "$ac_distutils_result"; then
+- AC_MSG_RESULT([yes])
+- else
+- AC_MSG_RESULT([no])
+- AC_MSG_ERROR([cannot import Python module "distutils".
+-Please check your Python installation. The error was:
+-$ac_distutils_result])
+- PYTHON_VERSION=""
+- fi
+-
+- #
+ # Check for Python include path
+ #
+ AC_MSG_CHECKING([for Python include path])
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-security][PATCH 3/4] tpm2-tools: update to 5.2
2021-10-26 14:24 [meta-security][PATCH 1/4] opendnssec: blacklist do to ldns being blacklisted Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 2/4] apparmor: Add a python 3.10 compatability patch Armin Kuster
@ 2021-10-26 14:24 ` Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 4/4] openssl-tpm-engine: fix build issue with openssl 3 Armin Kuster
2 siblings, 0 replies; 4+ messages in thread
From: Armin Kuster @ 2021-10-26 14:24 UTC (permalink / raw)
To: yocto
openssl 3.0 support
see https://github.com/tpm2-software/tpm2-tools/releases/tag/5.2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../tpm2-tools/{tpm2-tools_5.0.bb => tpm2-tools_5.2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-tpm/recipes-tpm2/tpm2-tools/{tpm2-tools_5.0.bb => tpm2-tools_5.2.bb} (81%)
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb
similarity index 81%
rename from meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
rename to meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb
index dbd324a..6e95a0e 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb
@@ -8,6 +8,6 @@ DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
-SRC_URI[sha256sum] = "e1b907fe29877628052e08ad84eebc6c3f7646d29505ed4862e96162a8c91ba1"
+SRC_URI[sha256sum] = "c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630"
inherit autotools pkgconfig bash-completion
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-security][PATCH 4/4] openssl-tpm-engine: fix build issue with openssl 3
2021-10-26 14:24 [meta-security][PATCH 1/4] opendnssec: blacklist do to ldns being blacklisted Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 2/4] apparmor: Add a python 3.10 compatability patch Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 3/4] tpm2-tools: update to 5.2 Armin Kuster
@ 2021-10-26 14:24 ` Armin Kuster
2 siblings, 0 replies; 4+ messages in thread
From: Armin Kuster @ 2021-10-26 14:24 UTC (permalink / raw)
To: yocto
ERROR: openssl-tpm-engine-0.5.0-r0 do_package: QA Issue: openssl-tpm-engine: Files/directories were installed but not shipped in any package:
/usr/lib/engines-3/tpm.so
fix engine locations
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
index 9ad8967..dab1589 100644
--- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
+++ b/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -46,17 +46,17 @@ do_configure:prepend() {
touch NEWS AUTHORS ChangeLog README
}
-FILES:${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la"
+FILES:${PN}-staticdev += "${libdir}/ssl/engines-3/tpm.la"
FILES:${PN}-dbg += "\
- ${libdir}/ssl/engines-1.1/.debug \
- ${libdir}/engines-1.1/.debug \
- ${prefix}/local/ssl/lib/engines-1.1/.debug \
+ ${libdir}/ssl/engines-3/.debug \
+ ${libdir}/engines-3/.debug \
+ ${prefix}/local/ssl/lib/engines-3/.debug \
"
FILES:${PN} += "\
- ${libdir}/ssl/engines-1.1/tpm.so* \
- ${libdir}/engines-1.1/tpm.so* \
+ ${libdir}/ssl/engines-3/tpm.so* \
+ ${libdir}/engines-3/tpm.so* \
${libdir}/libtpm.so* \
- ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \
+ ${prefix}/local/ssl/lib/engines-3/tpm.so* \
"
RDEPENDS:${PN} += "libcrypto libtspi"
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-10-26 14:24 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-26 14:24 [meta-security][PATCH 1/4] opendnssec: blacklist do to ldns being blacklisted Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 2/4] apparmor: Add a python 3.10 compatability patch Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 3/4] tpm2-tools: update to 5.2 Armin Kuster
2021-10-26 14:24 ` [meta-security][PATCH 4/4] openssl-tpm-engine: fix build issue with openssl 3 Armin Kuster
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).