checksecurity: update to 2.0.16

Drop setuid-log-folder.patch, using sed instead. Refresh patch check-setuid-use-more-portable-find-args.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2023-04-02 15:56:47 -0400
committer: Armin Kuster <akuster808@gmail.com> 2023-04-08 10:49:38 -0400
commit: ab80ee71de8401fe974ddaa48370254ad5373475 (patch)
tree: 07760e7b8eb60eeb92e7b75c40bf7f05ed237a1d
parent: a397a38ed9e54378e66ce750a005bda14991b719 (diff)
download: meta-security-ab80ee71de8401fe974ddaa48370254ad5373475.tar.gz
3 files changed, 21 insertions, 65 deletions
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb
index e053a15..8006c9f 100644
--- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
+++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb
@@ -4,14 +4,22 @@ SECTION = "security"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
-SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \
+SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu1.tar.gz \
-           file://setuid-log-folder.patch \
+           file://check-setuid-use-more-portable-find-args.patch \
-           file://check-setuid-use-more-portable-find-args.patch"
+          "
-SRC_URI[md5sum] = "a30161c3e24d3be710b2fd13fcd1f32f"
+SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0"
-SRC_URI[sha256sum] = "67abe3d6391c96146e96f376d3fd6eb7a9418b0f7fe205b465219889791dba32"
+S = "${WORKDIR}/checksecurity-${PV}+nmu1"
+# allow for anylocal, no need to patch
+LOGDIR="/etc/checksecurity"
 do_compile() {
+    sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/etc/check-setuid.conf
+    sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/plugins/check-setuid
+    sed -i -e "s;LOGDIR:=/var/log/setuid;LOGDIR:=${LOGDIR};g" ${B}/plugins/check-setuid
 }
 do_install() {
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch
index f1fe8ed..1a2f364 100644
--- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch
+++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch
@@ -8,16 +8,16 @@ Signed-off-by: Christopher Larson <chris_larson@mentor.com>
 plugins/check-setuid | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
-Index: checksecurity-2.0.15/plugins/check-setuid
+Index: checksecurity-2.0.16+nmu1/plugins/check-setuid
 ===================================================================
--- checksecurity-2.0.15.orig/plugins/check-setuid      2018-09-06 00:49:23.930934294 +0500
+--- checksecurity-2.0.16+nmu1.orig/plugins/check-setuid
-+++ checksecurity-2.0.15/plugins/check-setuid   2018-09-06 00:49:49.694934757 +0500
+++ checksecurity-2.0.16+nmu1/plugins/check-setuid
-@@ -99,7 +99,7 @@
+@@ -100,7 +100,7 @@ ionice -t -c3 \
- ionice -t -c3 \
 find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \
+         -ignore_readdir_race  \
        -xdev $PATHCHK \
-       \( -type f -perm +06000 -o \( \( -type b -o -type c \) \
+-       \( -type f -perm /06000 -o \( \( -type b -o -type c \) \
-+       \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \
+    \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \       
        $DEVCHK \) \) \
-         -ignore_readdir_race  \
        -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" |
+        sort -k 12 >$TMPSETUID
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch
deleted file mode 100644
index 540ea9c..0000000
--- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001
-From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
-Date: Thu, 20 Jun 2013 15:14:55 +0300
-Subject: [PATCH] changed log folder for check-setuid
-check-setuid was creating logs in /var/log directory,
-which cannot be created persistently. To avoid errors
-the log folder was changed to /etc/checksecurity/.
-Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
---
- etc/check-setuid.conf |    2 +-
- plugins/check-setuid  |    6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf
-index 621336f..e1532c0 100644
--- a/etc/check-setuid.conf
-+++ b/etc/check-setuid.conf
-@@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false"
- #
- # Location of setuid file databases. 
- #
-LOGDIR=/var/log/setuid
-+LOGDIR=/etc/checksecurity/
-diff --git a/plugins/check-setuid b/plugins/check-setuid
-index 8d6f90b..bdb21c1 100755
--- a/plugins/check-setuid
-+++ b/plugins/check-setuid
-@@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then
-    exit 1
- fi
- 
-TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp
-TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp
-+TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp
-+TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp
- 
- #
- # Check for NFS/AFS mounts that are not nosuid/nodev
-@@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then
- fi
- 
- # Guard against undefined vars
-[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid
-+[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/
- if [ ! -e "$LOGDIR" ] ; then
-     echo "ERROR: Log directory $LOGDIR does not exist"
-     exit 1
-- 
-1.7.9.5
author	Armin Kuster <akuster808@gmail.com>	2023-04-02 15:56:47 -0400
committer	Armin Kuster <akuster808@gmail.com>	2023-04-08 10:49:38 -0400
commit	ab80ee71de8401fe974ddaa48370254ad5373475 (patch)
tree	07760e7b8eb60eeb92e7b75c40bf7f05ed237a1d
parent	a397a38ed9e54378e66ce750a005bda14991b719 (diff)
download	meta-security-ab80ee71de8401fe974ddaa48370254ad5373475.tar.gz

diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb index e053a15..8006c9f 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb
@@ -4,14 +4,22 @@ SECTION = "security"
4	LICENSE = "GPL-2.0-only"	4	LICENSE = "GPL-2.0-only"
5	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"	5	LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
6		6
7	SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \	7	SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu1.tar.gz \
8	file://setuid-log-folder.patch \	8	file://check-setuid-use-more-portable-find-args.patch \
9	file://check-setuid-use-more-portable-find-args.patch"	9	"
10		10
11	SRC_URI[md5sum] = "a30161c3e24d3be710b2fd13fcd1f32f"	11	SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0"
12	SRC_URI[sha256sum] = "67abe3d6391c96146e96f376d3fd6eb7a9418b0f7fe205b465219889791dba32"	12
		13	S = "${WORKDIR}/checksecurity-${PV}+nmu1"
		14
		15
		16	# allow for anylocal, no need to patch
		17	LOGDIR="/etc/checksecurity"
13		18
14	do_compile() {	19	do_compile() {
		20	sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/etc/check-setuid.conf
		21	sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/plugins/check-setuid
		22	sed -i -e "s;LOGDIR:=/var/log/setuid;LOGDIR:=${LOGDIR};g" ${B}/plugins/check-setuid
15	}	23	}
16		24
17	do_install() {	25	do_install() {


diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch index f1fe8ed..1a2f364 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch
@@ -8,16 +8,16 @@ Signed-off-by: Christopher Larson <chris_larson@mentor.com>
8	plugins/check-setuid \| 6 +++---	8	plugins/check-setuid \| 6 +++---
9	1 file changed, 3 insertions(+), 3 deletions(-)	9	1 file changed, 3 insertions(+), 3 deletions(-)
10		10
11	Index: checksecurity-2.0.15/plugins/check-setuid	11	Index: checksecurity-2.0.16+nmu1/plugins/check-setuid
12	===================================================================	12	===================================================================
13	--- checksecurity-2.0.15.orig/plugins/check-setuid 2018-09-06 00:49:23.930934294 +0500	13	--- checksecurity-2.0.16+nmu1.orig/plugins/check-setuid
14	+++ checksecurity-2.0.15/plugins/check-setuid 2018-09-06 00:49:49.694934757 +0500	14	+++ checksecurity-2.0.16+nmu1/plugins/check-setuid
15	@@ -99,7 +99,7 @@	15	@@ -100,7 +100,7 @@ ionice -t -c3 \
16	ionice -t -c3 \
17	find `mount \| grep -vE "$CHECKSECURITY_FILTER" \| cut -d ' ' -f 3` \	16	find `mount \| grep -vE "$CHECKSECURITY_FILTER" \| cut -d ' ' -f 3` \
		17	-ignore_readdir_race \
18	-xdev $PATHCHK \	18	-xdev $PATHCHK \
19	- \( -type f -perm +06000 -o \( \( -type b -o -type c \) \	19	- \( -type f -perm /06000 -o \( \( -type b -o -type c \) \
20	+ \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \	20	+ \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \
21	$DEVCHK \) \) \	21	$DEVCHK \) \) \
22	-ignore_readdir_race \
23	-printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" \|	22	-printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" \|
		23	sort -k 12 >$TMPSETUID


diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch deleted file mode 100644 index 540ea9c..0000000 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch +++ /dev/null
@@ -1,52 +0,0 @@
1	From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001
2	From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
3	Date: Thu, 20 Jun 2013 15:14:55 +0300
4	Subject: [PATCH] changed log folder for check-setuid
5
6	check-setuid was creating logs in /var/log directory,
7	which cannot be created persistently. To avoid errors
8	the log folder was changed to /etc/checksecurity/.
9
10	Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
11	---
12	etc/check-setuid.conf \| 2 +-
13	plugins/check-setuid \| 6 +++---
14	2 files changed, 4 insertions(+), 4 deletions(-)
15
16	diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf
17	index 621336f..e1532c0 100644
18	--- a/etc/check-setuid.conf
19	+++ b/etc/check-setuid.conf
20	@@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false"
21	#
22	# Location of setuid file databases.
23	#
24	-LOGDIR=/var/log/setuid
25	+LOGDIR=/etc/checksecurity/
26	diff --git a/plugins/check-setuid b/plugins/check-setuid
27	index 8d6f90b..bdb21c1 100755
28	--- a/plugins/check-setuid
29	+++ b/plugins/check-setuid
30	@@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then
31	exit 1
32	fi
33
34	-TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp
35	-TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp
36	+TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp
37	+TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp
38
39	#
40	# Check for NFS/AFS mounts that are not nosuid/nodev
41	@@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then
42	fi
43
44	# Guard against undefined vars
45	-[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid
46	+[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/
47	if [ ! -e "$LOGDIR" ] ; then
48	echo "ERROR: Log directory $LOGDIR does not exist"
49	exit 1
50	--
51	1.7.9.5
52