Otherwise Makefile isn't regenerated and do_compile fails with:
suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found
after automake upgrade from 1.16.5 to 1.17 from:
https://git.openembedded.org/openembedded-core/commit/?id=b98328a6ff07119e7ba4f1072090d789e69edef8
Fixes:
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/bash 'TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing' aclocal-1.16 -I m4
TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found
WARNING: 'aclocal-1.16' is missing on your system.
You should only need it if you modified 'acinclude.m4' or
'configure.ac' or m4 files included by 'configure.ac'.
The 'aclocal' program is part of the GNU Automake package:
<https://www.gnu.org/software/automake>
It also requires GNU Autoconf, GNU m4 and Perl in order to run:
<https://www.gnu.org/software/autoconf>
<https://www.gnu.org/software/m4/>
<https://www.perl.org/>
make: *** [Makefile:465: aclocal.m4] Error 127
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The 0.8 orig.tar.gz is not in debian mirror any more. In fact, we
really should avoid using orig.tar.gz like this because distros
like debian will just delete those that they don't maintain any more.
Switch to use git source.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
address new configure error.
Enable pthread always
mhash is being dropped in the next release so switch to gcrypt for now.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.
fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.
So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.
Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables->nftables.
Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| ./dns.c:118:24: error: implicit declaration of function '_getshort'; did you mean '__putshort'? [-Wimplicit-function-declaration]
upon others
Signed-off-by: Armin Kuster <akuster808@gmail.com>
configure: error: installation or configuration problem: C compiler cannot create executables.
| NOTE: The following config.log files may provide further information.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A race condition flaw was found in sssd where the GPO policy is
not consistently applied for authenticated users. This may lead
to improper authorization issues, granting or denying access to
resources inappropriately.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3758
Upstream-patch:
f4ebe1408e
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upstream-Status: Backport from [aab7f35c76, a753cdbe84, c82fa5ca0d, 2bd3bd0e31]
CVE's Fixed:
CVE-2024-37151 suricata: suricata: packet reassembly failure, which can lead to policy bypass
CVE-2024-38534 suricata: suricata: Crafted modbus traffic can lead to unlimited resource accumulation within a flow
CVE-2024-38535 suricata: Suricata: can run out of memory when parsing crafted HTTP/2 traffic
CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix typo: remdediate_service -> remediate_service
* No need to manually install oscap-remediate.service, as it is already
installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set.
* Add a patch to fix installation directory for systemd service file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Allow users to pass the private key password using
IMA_EVM_EVMCTL_KEY_PASSWORD.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Introduce IMA_EVM_PRIVKEY_KEY_OPT to pass additional options to evmctl
when signing files. An example is --keyid <id> that makes evmctl use
a specific key id when signing files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tcp-smack-test:
tcp_server.c: In function 'main':
tcp_server.c:50:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
50 | port = atoi(argv[1]);
| ^~~~
tcp_server.c:62:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
62 | if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0)
| ^~~~~~~~~
udp-smack-test:
udp_client.c: In function 'main':
udp_client.c:52:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
52 | if(fsetxattr(sock, attr, label, strlen(label),0) < 0)
| ^~~~~~~~~
udp_client.c:67:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
67 | close(sock);
| ^~~~~
| pclose
udp_server.c: In function 'main':
udp_server.c:42:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
42 | port = atoi(argv[1]);
| ^~~~
udp_server.c:57:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
57 | if(fsetxattr(sock, attr, label, strlen(label), 0) < 0)
| ^~~~~~~~~
udp_server.c:84:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
84 | close(sock);
| ^~~~~
| pclose
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
