diff options
author | Armin Kuster <akuster808@gmail.com> | 2023-04-02 15:56:47 -0400 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-04-08 10:49:38 -0400 |
commit | ab80ee71de8401fe974ddaa48370254ad5373475 (patch) | |
tree | 07760e7b8eb60eeb92e7b75c40bf7f05ed237a1d | |
parent | a397a38ed9e54378e66ce750a005bda14991b719 (diff) | |
download | meta-security-ab80ee71de8401fe974ddaa48370254ad5373475.tar.gz |
checksecurity: update to 2.0.16
Drop setuid-log-folder.patch, using sed instead.
Refresh patch check-setuid-use-more-portable-find-args.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb (renamed from dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb) | 18 | ||||
-rw-r--r-- | dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch | 16 | ||||
-rw-r--r-- | dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch | 52 |
3 files changed, 21 insertions, 65 deletions
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb index e053a15..8006c9f 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.15.bb +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb | |||
@@ -4,14 +4,22 @@ SECTION = "security" | |||
4 | LICENSE = "GPL-2.0-only" | 4 | LICENSE = "GPL-2.0-only" |
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" | 5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" |
6 | 6 | ||
7 | SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ | 7 | SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu1.tar.gz \ |
8 | file://setuid-log-folder.patch \ | 8 | file://check-setuid-use-more-portable-find-args.patch \ |
9 | file://check-setuid-use-more-portable-find-args.patch" | 9 | " |
10 | 10 | ||
11 | SRC_URI[md5sum] = "a30161c3e24d3be710b2fd13fcd1f32f" | 11 | SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0" |
12 | SRC_URI[sha256sum] = "67abe3d6391c96146e96f376d3fd6eb7a9418b0f7fe205b465219889791dba32" | 12 | |
13 | S = "${WORKDIR}/checksecurity-${PV}+nmu1" | ||
14 | |||
15 | |||
16 | # allow for anylocal, no need to patch | ||
17 | LOGDIR="/etc/checksecurity" | ||
13 | 18 | ||
14 | do_compile() { | 19 | do_compile() { |
20 | sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/etc/check-setuid.conf | ||
21 | sed -i -e "s;LOGDIR=/var/log/setuid;LOGDIR=${LOGDIR};g" ${B}/plugins/check-setuid | ||
22 | sed -i -e "s;LOGDIR:=/var/log/setuid;LOGDIR:=${LOGDIR};g" ${B}/plugins/check-setuid | ||
15 | } | 23 | } |
16 | 24 | ||
17 | do_install() { | 25 | do_install() { |
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch index f1fe8ed..1a2f364 100644 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch +++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/check-setuid-use-more-portable-find-args.patch | |||
@@ -8,16 +8,16 @@ Signed-off-by: Christopher Larson <chris_larson@mentor.com> | |||
8 | plugins/check-setuid | 6 +++--- | 8 | plugins/check-setuid | 6 +++--- |
9 | 1 file changed, 3 insertions(+), 3 deletions(-) | 9 | 1 file changed, 3 insertions(+), 3 deletions(-) |
10 | 10 | ||
11 | Index: checksecurity-2.0.15/plugins/check-setuid | 11 | Index: checksecurity-2.0.16+nmu1/plugins/check-setuid |
12 | =================================================================== | 12 | =================================================================== |
13 | --- checksecurity-2.0.15.orig/plugins/check-setuid 2018-09-06 00:49:23.930934294 +0500 | 13 | --- checksecurity-2.0.16+nmu1.orig/plugins/check-setuid |
14 | +++ checksecurity-2.0.15/plugins/check-setuid 2018-09-06 00:49:49.694934757 +0500 | 14 | +++ checksecurity-2.0.16+nmu1/plugins/check-setuid |
15 | @@ -99,7 +99,7 @@ | 15 | @@ -100,7 +100,7 @@ ionice -t -c3 \ |
16 | ionice -t -c3 \ | ||
17 | find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ | 16 | find `mount | grep -vE "$CHECKSECURITY_FILTER" | cut -d ' ' -f 3` \ |
17 | -ignore_readdir_race \ | ||
18 | -xdev $PATHCHK \ | 18 | -xdev $PATHCHK \ |
19 | - \( -type f -perm +06000 -o \( \( -type b -o -type c \) \ | 19 | - \( -type f -perm /06000 -o \( \( -type b -o -type c \) \ |
20 | + \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \ | 20 | + \( -type f \( -perm -4000 -o -perm -2000 \) -o \( \( -type b -o -type c \) \ |
21 | $DEVCHK \) \) \ | 21 | $DEVCHK \) \) \ |
22 | -ignore_readdir_race \ | ||
23 | -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | | 22 | -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | |
23 | sort -k 12 >$TMPSETUID | ||
diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch deleted file mode 100644 index 540ea9c..0000000 --- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/files/setuid-log-folder.patch +++ /dev/null | |||
@@ -1,52 +0,0 @@ | |||
1 | From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
3 | Date: Thu, 20 Jun 2013 15:14:55 +0300 | ||
4 | Subject: [PATCH] changed log folder for check-setuid | ||
5 | |||
6 | check-setuid was creating logs in /var/log directory, | ||
7 | which cannot be created persistently. To avoid errors | ||
8 | the log folder was changed to /etc/checksecurity/. | ||
9 | |||
10 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
11 | --- | ||
12 | etc/check-setuid.conf | 2 +- | ||
13 | plugins/check-setuid | 6 +++--- | ||
14 | 2 files changed, 4 insertions(+), 4 deletions(-) | ||
15 | |||
16 | diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf | ||
17 | index 621336f..e1532c0 100644 | ||
18 | --- a/etc/check-setuid.conf | ||
19 | +++ b/etc/check-setuid.conf | ||
20 | @@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false" | ||
21 | # | ||
22 | # Location of setuid file databases. | ||
23 | # | ||
24 | -LOGDIR=/var/log/setuid | ||
25 | +LOGDIR=/etc/checksecurity/ | ||
26 | diff --git a/plugins/check-setuid b/plugins/check-setuid | ||
27 | index 8d6f90b..bdb21c1 100755 | ||
28 | --- a/plugins/check-setuid | ||
29 | +++ b/plugins/check-setuid | ||
30 | @@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then | ||
31 | exit 1 | ||
32 | fi | ||
33 | |||
34 | -TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp | ||
35 | -TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp | ||
36 | +TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp | ||
37 | +TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp | ||
38 | |||
39 | # | ||
40 | # Check for NFS/AFS mounts that are not nosuid/nodev | ||
41 | @@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then | ||
42 | fi | ||
43 | |||
44 | # Guard against undefined vars | ||
45 | -[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid | ||
46 | +[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/ | ||
47 | if [ ! -e "$LOGDIR" ] ; then | ||
48 | echo "ERROR: Log directory $LOGDIR does not exist" | ||
49 | exit 1 | ||
50 | -- | ||
51 | 1.7.9.5 | ||
52 | |||