* [meta-security][PATCH 2/5] packagegroup-core-security: drop arpwatch for riscv from pkg grp
2022-06-04 19:02 [meta-security][PATCH 1/5] arpwatch: riscv not supported Armin Kuster
@ 2022-06-04 19:02 ` Armin Kuster
2022-06-04 19:02 ` [meta-security][PATCH 3/5] chkrootkit: Fix missing includes for musl Armin Kuster
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Armin Kuster @ 2022-06-04 19:02 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index b20ef31..40ff06b 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -42,7 +42,7 @@ RDEPENDS:packagegroup-security-utils = "\
SUMMARY:packagegroup-security-scanners = "Security scanners"
RDEPENDS:packagegroup-security-scanners = "\
- arpwatch \
+ ${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " arpwatch",d)} \
chkrootkit \
isic \
${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-daemon clamav-freshclam",d)} \
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [meta-security][PATCH 3/5] chkrootkit: Fix missing includes for musl
2022-06-04 19:02 [meta-security][PATCH 1/5] arpwatch: riscv not supported Armin Kuster
2022-06-04 19:02 ` [meta-security][PATCH 2/5] packagegroup-core-security: drop arpwatch for riscv from pkg grp Armin Kuster
@ 2022-06-04 19:02 ` Armin Kuster
2022-06-04 19:02 ` [meta-security][PATCH 4/5] arpwatch: update to 3.3 Armin Kuster
2022-06-04 19:02 ` [meta-security][PATCH 5/5] packagegroup-core-security: don't include aprwatch for musl Armin Kuster
3 siblings, 0 replies; 6+ messages in thread
From: Armin Kuster @ 2022-06-04 19:02 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-scanners/rootkits/chkrootkit_0.55.bb | 3 +-
.../rootkits/files/musl_fix.patch | 58 +++++++++++++++++++
2 files changed, 60 insertions(+), 1 deletion(-)
create mode 100644 recipes-scanners/rootkits/files/musl_fix.patch
diff --git a/recipes-scanners/rootkits/chkrootkit_0.55.bb b/recipes-scanners/rootkits/chkrootkit_0.55.bb
index 4293aec..fe0e989 100644
--- a/recipes-scanners/rootkits/chkrootkit_0.55.bb
+++ b/recipes-scanners/rootkits/chkrootkit_0.55.bb
@@ -5,7 +5,8 @@ SECTION = "security"
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=fdbe53788f7081c63387d8087273f5ff"
-SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/c/${BPN}/${BPN}_${PV}.orig.tar.gz"
+SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
+ file://musl_fix.patch"
SRC_URI[sha256sum] = "a81c0286ec449313f953701202a00e81b204fc2cf43e278585a11c12a5e0258b"
inherit autotools-brokensep
diff --git a/recipes-scanners/rootkits/files/musl_fix.patch b/recipes-scanners/rootkits/files/musl_fix.patch
new file mode 100644
index 0000000..a33523b
--- /dev/null
+++ b/recipes-scanners/rootkits/files/musl_fix.patch
@@ -0,0 +1,58 @@
+chkrootkit: Fix missing includes for musl
+
+
+Upstream-Status: Backport
+https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07737b95af2452c0055e1ed0660590c1487befdb
+https://bugs.gentoo.org/715552
+
+Signed-off-by: Armin Kuster <akuster808@gamil.com>
+
+Index: chkrootkit-0.55/chkdirs.c
+===================================================================
+--- chkrootkit-0.55.orig/chkdirs.c
++++ chkrootkit-0.55/chkdirs.c
+@@ -33,7 +33,7 @@
+ #elif defined(__APPLE__) && defined(__MACH__)
+ #include <sys/syslimits.h>
+ #endif
+-
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/types.h>
+Index: chkrootkit-0.55/chklastlog.c
+===================================================================
+--- chkrootkit-0.55.orig/chklastlog.c
++++ chkrootkit-0.55/chklastlog.c
+@@ -41,6 +41,7 @@ int main () { return 0; }
+ #include <stdlib.h>
+ #endif
+ #include <sys/stat.h>
++#include <fcntl.h>
+ #include <unistd.h>
+ #include <string.h>
+ #include <signal.h>
+Index: chkrootkit-0.55/chkproc.c
+===================================================================
+--- chkrootkit-0.55.orig/chkproc.c
++++ chkrootkit-0.55/chkproc.c
+@@ -65,6 +65,7 @@ int main (){ return 0; }
+ #include <string.h>
+ #include <errno.h>
+ #include <sys/types.h>
++#include <fcntl.h>
+ #include <dirent.h>
+ #include <ctype.h>
+ #include <stdlib.h>
+Index: chkrootkit-0.55/chkwtmp.c
+===================================================================
+--- chkrootkit-0.55.orig/chkwtmp.c
++++ chkrootkit-0.55/chkwtmp.c
+@@ -25,6 +25,7 @@ int main () { return 0; }
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <fcntl.h>
+ #include <string.h>
+ #include <utmp.h>
+ #include <time.h>
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [meta-security][PATCH 4/5] arpwatch: update to 3.3
2022-06-04 19:02 [meta-security][PATCH 1/5] arpwatch: riscv not supported Armin Kuster
2022-06-04 19:02 ` [meta-security][PATCH 2/5] packagegroup-core-security: drop arpwatch for riscv from pkg grp Armin Kuster
2022-06-04 19:02 ` [meta-security][PATCH 3/5] chkrootkit: Fix missing includes for musl Armin Kuster
@ 2022-06-04 19:02 ` Armin Kuster
2022-06-04 21:26 ` [yocto] " Zach Welch
2022-06-04 19:02 ` [meta-security][PATCH 5/5] packagegroup-core-security: don't include aprwatch for musl Armin Kuster
3 siblings, 1 reply; 6+ messages in thread
From: Armin Kuster @ 2022-06-04 19:02 UTC (permalink / raw)
To: yocto
not compatible with musl
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../arpwatch/{arpwatch_3.1.bb => arpwatch_3.3.bb} | 9 +++++----
recipes-scanners/arpwatch/files/host_contam_fix.patch | 8 ++++----
2 files changed, 9 insertions(+), 8 deletions(-)
rename recipes-scanners/arpwatch/{arpwatch_3.1.bb => arpwatch_3.3.bb} (90%)
diff --git a/recipes-scanners/arpwatch/arpwatch_3.1.bb b/recipes-scanners/arpwatch/arpwatch_3.3.bb
similarity index 90%
rename from recipes-scanners/arpwatch/arpwatch_3.1.bb
rename to recipes-scanners/arpwatch/arpwatch_3.3.bb
index 3d8c5ae..8efb339 100644
--- a/recipes-scanners/arpwatch/arpwatch_3.1.bb
+++ b/recipes-scanners/arpwatch/arpwatch_3.3.bb
@@ -1,7 +1,7 @@
SUMARRY = "The ethernet monitor program; for keeping track of ethernet/ip address pairings"
LICENSE = "BSD-4-Clause"
HOME_PAGE = "http://ee.lbl.gov/"
-LIC_FILES_CHKSUM = "file://configure;md5=74ca964ed34fda7b46c6fe3e50bded9d"
+LIC_FILES_CHKSUM = "file://configure;md5=0f6cca2f69f384a14e2f5803210ca92e"
DEPENDS += "libpcap"
@@ -9,10 +9,10 @@ SRC_URI = "https://ee.lbl.gov/downloads/arpwatch/${BP}.tar.gz \
file://arpwatch.conf \
file://arpwatch.default \
file://arpwatch_init \
- file://postfix_workaround.patch \
- file://host_contam_fix.patch "
+ file://host_contam_fix.patch \
+ "
-SRC_URI[sha256sum] = "ee1d15d9a07952c0c017908b9dbfd5ac988fed0058c3cc4fa6c13e0be36f3a9f"
+SRC_URI[sha256sum] = "d47fa8b291fc37a25a2d0f3e1b64f451dc0be82d714a10ffa6ef8b0b9e33e166"
inherit autotools-brokensep update-rc.d useradd
@@ -82,5 +82,6 @@ FILES:${PN} = "${bindir} ${sbindir} ${prefix}/etc/rc.d \
COMPATIBLE_HOST:riscv32 = "null"
COMPATIBLE_HOST:riscv64 = "null"
+OMPATIBLE_HOST:libc-musl = "null"
RDEPENDS:${PN} = "libpcap"
diff --git a/recipes-scanners/arpwatch/files/host_contam_fix.patch b/recipes-scanners/arpwatch/files/host_contam_fix.patch
index 7d7ffac..2e27aa4 100644
--- a/recipes-scanners/arpwatch/files/host_contam_fix.patch
+++ b/recipes-scanners/arpwatch/files/host_contam_fix.patch
@@ -4,11 +4,11 @@ Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-Index: arpwatch-3.0/configure
+Index: arpwatch-3.3/configure
===================================================================
---- arpwatch-3.0.orig/configure
-+++ arpwatch-3.0/configure
-@@ -4349,8 +4349,8 @@ fi
+--- arpwatch-3.3.orig/configure
++++ arpwatch-3.3/configure
+@@ -4353,8 +4353,8 @@ fi
CC=cc
export CC
fi
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* [meta-security][PATCH 5/5] packagegroup-core-security: don't include aprwatch for musl
2022-06-04 19:02 [meta-security][PATCH 1/5] arpwatch: riscv not supported Armin Kuster
` (2 preceding siblings ...)
2022-06-04 19:02 ` [meta-security][PATCH 4/5] arpwatch: update to 3.3 Armin Kuster
@ 2022-06-04 19:02 ` Armin Kuster
3 siblings, 0 replies; 6+ messages in thread
From: Armin Kuster @ 2022-06-04 19:02 UTC (permalink / raw)
To: yocto
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
recipes-core/packagegroup/packagegroup-core-security.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index 40ff06b..f381d91 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -48,6 +48,7 @@ RDEPENDS:packagegroup-security-scanners = "\
${@bb.utils.contains_any("TUNE_FEATURES", "riscv32 riscv64", "", " clamav clamav-daemon clamav-freshclam",d)} \
"
RDEPENDS:packagegroup-security-scanners:remove:libc-musl = "clamav clamav-daemon clamav-freshclam"
+RDEPENDS:packagegroup-security-scanners:remove:libc-musl = "arpwatch"
SUMMARY:packagegroup-security-audit = "Security Audit tools "
RDEPENDS:packagegroup-security-audit = " \
--
2.25.1
^ permalink raw reply related [flat|nested] 6+ messages in thread