The configure script checks for tpm_nvdefine from tpm-tools and fails
when it is not present.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
For use with qemu-tpm as described in the swtpm main README, swtpm
must be compiled natively. nativesdk is added just in case that
someone wants to add this to an SDK.
The fix_lib_search_path.patch was recently removed during the version
update, but it is still needed when building natively. Here's a
version that applies cleanly again.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The upstream dist/Makefile.am ensures that /etc/tcsd.conf is owned by
tss:tss, and that must not be changed because otherwise tcsd refuses
to start.
In addition, tss group and user should be added as special system
group resp. user, because they are not normal users. This also avoids
the host-user-contaminated QA warning because the "tss" user will
typically not get assigned a UID from the same range as the host user
that is used for building.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Installing tpm-tools for tools like tpm_takeown pull in the libtspi
package, but the resulting system is not functional unless the tcsd
(from the main "trousers" package) also gets installed. A RRECOMMENDS
entry for that takes care of that automatically.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The soname of libtspi.so is "libtspi.so.1" and therefore apps
linked against that library depend on the libtspi.so.1 symlink
to find the library.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
*Changes*
Bug #1861: Suricata with multi tenancy does not start in 3.1/3.1.1
Bug #1889: Suricata doesn't error on missing semicolon
Bug #1910: libhtp 0.5.23 (3.1.x)
Bug #1912: http.memcap reached condition can lead to dead lock
Bug #1913: af-packet fanout detection broken on Debian Jessie
Bug #1933: unix-command socket created with last character missing (3.1.x)
Bug #1934: make install-full does not install tls-events.rules (3.1.x)
Bug #1941: Can't set fast_pattern on tls_sni content (3.1.x)
Bug #1942: dns - back to back requests results in loss of response (3.1.x)
Bug #1943: Check redis reply in non pipeline mode (3.1.x)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Changes:
- New option 'SetAuditdFlags = r|w|x|a' to (re-)define the flags supplied
to auditd.
- New option 'PortCheckDevice = device' for the port check module, to monitor
a device regardless of the address assigned to it.
- Fix for the case sensitivity of the arguments to the Severity/Class options.
- Compiler warnings with gcc 6.2 and a few minor bugs have been fixed.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
.8/src/tpm_mgmt/tpm_present.c
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c: In function 'main':
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:358:5: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
| if (szTpmPasswd && !isWellKnown)
| ^~
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:360:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
| return iRc;
| ^~~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Commit 217e06badb [clamav: fix gcc 6.x
build failure.] fixed a typo in "PACKAGECONFIG" (was missing the 'G')
but unfortunately the PACKAGECONFIG string was incorrectly formed due
to mismatched quotes. This caused a parsing error:
ERROR: Unable to parse .../meta-security/recipes-security/clamav/clamav_0.99.2.bb
...
Removed the unneeded quotes to fix the parsing issue.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* update the SRC_URI since it's been moved
from bitbucket to github.
* add ptest support
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
paxctl-native is needed to build paxtest.
Do not use the install target in Makefile for paxctl-native, it will
fail with error:
install: cannot change ownership of '.../sbin/paxctl': \
Operation not permitted
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
1) Upgrade samhain from 4.1.4 to 4.1.5.
2) Add TARGET_CC_ARCH.Fix error.
ERROR: samhain-server-4.1.5-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yule_setpwd'
No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yulectl' [ldflags]
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
4.1.4:
- Fix for issues with re-evaluation of paths with wildcard patterns:
- no re-evaluation if no match at process startup
- if same pattern used for a file=.. and dir=.. directive, only
one (the first in config file) is re-evaluated
- Fix for issues with new directories created when inotify is used:
- recursion depth is not properly set for new directory
- directory gets watched even if recursion depth should be below zero
4.1.3:
- Fix for a regression in DNS resolving if samhain is compiled
with '--enable-static'
- On Cygwin/Windows, the default for the 'AvoidBlock' option is now 'off'
because of problems reported for this platform.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
WARNING: nmap-7.12-r0 do_package: QA Issue: nmap: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/bin/ndiff
/usr/bin/nping
/usr/bin/ncat
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/ndiff.pyc
/usr/lib/python2.7/site-packages/ndiff.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
nmap: 8 installed and not shipped files. [installed-vs-shipped]
remove crazyness and let the system figure out packaging info
remove ndiff.py* as the compiled version is installed in /usr/bin
and remove the leftover python site-package cruft.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Patrick Ohly
Armin Kuster
André Draszik
Mark Asselstine
Jackie Huang
Joe Slater
Wang Xin
Jonathan Liu
Thomas Perrot