From patchwork Thu Mar 27 13:23:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yi Zhao <yi.zhao@windriver.com>
X-Patchwork-Id: 60074
Return-Path: <yi.zhao@eng.windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A95F3C36012
	for <webhook@archiver.kernel.org>; Thu, 27 Mar 2025 13:23:49 +0000 (UTC)
Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com
 [205.220.166.238])
 by mx.groups.io with SMTP id smtpd.web10.49878.1743081827220691312
 for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:47 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.166.238,
 mailfrom: prvs=5181a5ef2b=yi.zhao@windriver.com)
Received: from pps.filterd (m0250809.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 52R8knIs025090
	for <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 06:23:46 -0700
Received: from nam10-dm6-obe.outbound.protection.outlook.com
 (mail-dm6nam10lp2043.outbound.protection.outlook.com [104.47.58.43])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 45hvqkdn2w-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=aq3vokI6dk7R03C5gNJ0CTLn0xWyC7yNFrKdNcgInbKKQHtdD87NsXS+kO7jSV3aWHaAlWmvi0ozKoLeO9rO2uqxTC1/HHW4iTrPNorTdYKOPwUKPvZ9tkYTSCAyWGOKlAfr0ffXWsWLV/vnSbgR/4G2XU6e9u9zhtVH8s3hYzAa/RcDjlIrsqbkME17RbPIWqrp36CPVtsv18/oOlp7exgPFcbkZ0wRui+JAZ7o+r9MyqJxa9Go0qRtG0p41kPHLVxwCvYDG2ymINHU6WAToyNUeqDszhKn4oaGSQ3w7CSBDfejA3J4NxFoGTpuWR61PDl8anpr+tgbPjEufdnuIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=r69gaPNA2xdnZX2cmI+QC9o9shOQpBeWzBXgCugZuAw=;
 b=Qn3yC2QnaTt33tQ9yeHhcpEfwhiIb0X0yvZFpNfRrBjOsk55bw0EOxopSxquXcNmup80CEaPOz1jG4RuUfBBRyQUQLyx2+CCk6byRC463BF/ESwIoYmU6qFIPrNKua3rYPHUKlG0Xg4zQNlqAUVbgwYH8O8rcyIizDN6eP5AxzEQZ94bL9fvvkbNVoVJWSSGssm7dKj90/BG73bCgqYW72ZgAHdJvx//uuh16kQKzymAK6v9chZEKBIFYwgtF+G5ifVzYD4/qFfsez25kA5XzEfw1xnbiHuGADxn9sNr2TyzSpcqc31/Y/4V86ZL4d2qYeQwI+Z6kqgi/NtRCSnD1Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by
 MW4PR11MB5773.namprd11.prod.outlook.com (2603:10b6:303:180::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 27 Mar
 2025 13:23:43 +0000
Received: from DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8534.043; Thu, 27 Mar 2025
 13:23:43 +0000
From: Yi Zhao <yi.zhao@windriver.com>
To: yocto-patches@lists.yoctoproject.org
Subject: [meta-security][PATCH 1/5] samhain: upgrade 4.4.10 -> 4.5.2
Date: Thu, 27 Mar 2025 21:23:23 +0800
Message-Id: <20250327132327.3477926-1-yi.zhao@windriver.com>
X-Mailer: git-send-email 2.34.1
X-ClientProxiedBy: SI1PR02CA0038.apcprd02.prod.outlook.com
 (2603:1096:4:1f6::15) To DS0PR11MB6399.namprd11.prod.outlook.com
 (2603:10b6:8:c8::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|MW4PR11MB5773:EE_
X-MS-Office365-Filtering-Correlation-Id: b4aa21d2-f810-4ca1-fc77-08dd6d329871
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014|13003099007;
X-Microsoft-Antispam-Message-Info: 
 IRR+SdzJr2zkS8gCLR43EDUYavyK+q+Y8JOLTzNVihw1RV6+Twt5wufz48jWu0vLDNag/8z/8xVtLThD6uf14eydr66owRjCNt78yDzbpA3mCkTGl1ohkS3DPgqhMwWLduaQ8six4s36cDh3oB4FE4Ig4HMYO+JuA57jrhHNKZmHuQv1rKjNswPirzKAchZwliwzLNgrd/FUmq87JL0kocFpyOjKdP48G/7XBPxdEo0JV7EK3VX7SqCCecsINGaFSyDPvP2J2mUO1bnptzwTKQ2IiKq4VyD7SM4gTzC8KT+nxfLn5yKrePDBOdA4kQT9dtlL+KGRvV1wnBs8Bqx7T8qMMg34L/GAoze8t2Hh8RQmJkQHaOd3Uk9+NSe0jLTSlN5s6gJwqDMaS78hmvx6CH8VtvvhltxruFRPzhYJzQ3JHUyPrDNMKlXPZWBYXu04Ucb9JGUsGoHgfKCKf/pSHVurKVj7nKbI0e0R6Qf2AUjQgelISzm298Uf8U5RyaWHLzb9RkKucJBRF3vTdWv8fmvoeI7v6vRLHz7tGqBkuuDKCIXi1iI+dbC8wEOult5uou52rrk4vh/B/HsO9wAmDJB6J/xMKrRTD9dQp0z2PcHPrXax9cDBl1nJzqKF2hvCCCJJynxeMzTSUq205t4vX4ggK7wEGKTDnRV4NRQyxcEPeJellUhbfv3hFwTPAMLkZSTxSugJe7a/XDb/SFzcOrIrzr4rzR282qhuEnE00r1DWQXIBAHzkKPBumUTT6WXeZdK1EgKWHAcNtRKgAZRvjqrYZfmjzB6niaJwMBU/6Vm722vshOb8/6gPd3sI2FqgaPZ7gS7Ese7cP0xwAU+ivMRXHy77JWGNN06b2RKZbVkOAy156x517GZjU5F51Lv0xYagekxKjUiXpPHtsydriMRFArF77iqHAOsL04OIJnpEHfNulZ0Lm8dpm3JzzaGtRGcTn2N63b7PTYNIkp8TIlKsFkQZx5EAa8TL2IeUnqC+6dpSmwb6GNoqEDvYt7JI+MpW7T77roh6ntcOEyOu5tASFpff4Enw3e03pzfUeGKIKlQMRn3goTKSH5GJvhSkSYletFtmA0HR+xGU5Qfiw1pdEAWK2KqwD3gt9hn80t5f+bpPN7NgoSReLSctwe8Zd5MvXxGpETopWxtzuSaRCQpcI5UxiGqcTHnZSKVkAGDEvKHUyv6RYI2fi1L97KfGb6lokgACiEz0usaSS0dIiDpX6lCU9vox72ZJlLRAtkGMSGtOSWaHY973Kl73TtNub0CnoMLVwRaAbpL0gC+46ztjSRPrF0i4HUSBYOXNSCSjI4wlmFzBefPGZLl2IUgTC2o5dZNXlvW++vodFd8BVvUDOWnP8M9fpn9NcCL8mEZ9dnMWoktDOQn/CXmGf69
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014)(13003099007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 pa6N2lIqS9aGD2yNgso2Dx85QLMyzdP26v0nScj+z8KJVlTkYNi6VN6AXQOrzCwbYRm4wK2pfcWeutl2tT5Hihr/IQmMlutI6HTinX4V+qOTKIbwqh2xjVnINWCszpIwAyhE2pcQ4JBXDKuEHONdbYxceYNoHa0llSVcfVaD8lker4aKuQcjCiO6x/gHqohCqqtLBm+smJlkb9L808nQK2cOMDyJWCeJP8S8rwmZFmCT9AKCmdPI955fVdNG8lPXXOxoIiRU/gjugWHGXXTjUbg5kfrqOpDyyzZeo6xNhqT+0+uI7mmWBW1udji6StB//vy30XTrJarhOszBZ8Vfi9a7Hgg0+Jz1GC2Lq1hzdn/TVipXjKlNkVixbjfYUCuHlSkNvEteXgR6dl1ThSBAD/wsS0g8P3ZmMHTDXNN2ZtCPGojEaSA5bK+s5imJ4xvt77voIpfxs2GJASc9cBtjzPCB4MqrKzE595buzlJfjVemE5Yf8Et3qFjvieikgFCI4x/cvGncB8bHThWW9IyvNkkJA8v9X+t3qlJb9HNWxhU8LhZYzixFZK+aE6vOSq6BbWc6uizeQR1JogUZtOjpZ6MB2Ub1Pmz6/spX0G8lHwu2yPYBhaddLJqFTMpH1GS4ciaXqxdoeq0oRBLZlOwwCbtNy73EjA5XU/s9CQMXCvgXikbf5RWlTTpXmoGEQ+b38nJbiE6wazsF0CtNR9fsQM/4mpp4znc3rTMGb4oc8NTnVfYNdM9ukyo8BLAzY9jHxPIUfKvVQS1XqE/UFM6O5YMJGoXo8z7X6Y/OkOH/34zJxWmO9VY6VUBGIypMi9Syd8Wg08CTtNZY8apQM8TkB42vqYS4aw3XroTnfCf4zX0lmScL6cVfsvhwFC3GXytIB978h4v08nyJfvWYV+qWMGnbiIqGHB9lQQR2zGCHjX83OiMMf1h/YIBr7lulQoS0YoQ7EL8AxzypaMF66aXyM0iGrGXQ+/ifVHRY37/wSDPkOQVMXBpZC8Ul0EkQsRsWkXTLUTHcvcJT/DzzK2q1L2/Q0O4T0AxzwcpJfLRa3fWqoyPDHJ4jxRfCv1trEFYZRTGsPsFsWMf4EvF/WmMMziLXBWmsuMXpJiHKnAEAhW3otfgVfGL+M7Jc3l0yBF+miGpZgkDEDEnzn6pbCDs07Z2oeYWwE7GTImBCQlrJy1gG4boXT2BWVOLh9IfLMrQ6l3AvH2xNhCfy5w4wdAxw9hCcz1Id8+FoMbiw9mNwK1OZ3AKYJ0BG5bvsaWznimy/31if7XCup7bCWd6mjjX6R7V93ubi5MdSf5rRjA2pJPW3eqFqY8LReO3xuuYar75b596hi09IVjXjkavENuAEGPUh1joQDip8ng2NrpuKGTwMlWhSdASswpCC6PjY0vYK2pr5jEnjMRGjvOepVnjxAusrCmRq+A2FamOPr1Frwlhg3WfD5gNFRT8MdF44HkVAICLpKjpuWbd1+uRJ2oL/GKnRruzhseZWIRuD1p1WAh66v7FMC3s33eXSFT+q0VVG09PyPbWEBlqhaWjhgoR65DOJs0V612QmjEj+Yrj5CPfJlYUayVp7Cyl6RlzU9cQi
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b4aa21d2-f810-4ca1-fc77-08dd6d329871
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2025 13:23:43.3975
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 WWurs0IEm/J+7lkF1/iSTzLElw+WB6ZO5JKW92z9NNzBKUM9MCOB/0Z9TQH18kIII8AKzDoXbhUkJW/9J0Dr0A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5773
X-Authority-Analysis: v=2.4 cv=XNkwSRhE c=1 sm=1 tr=0 ts=67e55162 cx=c_pps
 a=S2IcI55zTQM2EKrhu3zyRw==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=Vs1iUdzkB0EA:10
 a=H5OGdu5hBBwA:10 a=sC37DgyHAAAA:8 a=nDJU2pNIAAAA:8 a=t7CeM3EgAAAA:8
 a=pGLkceISAAAA:8 a=HyIw0vYKUYd5bgbg7FsA:9 a=ujUI9hRtdMIA:10 a=X2ge_OzoSdoA:10
 a=NJKfJZhtuoG9hi9TxVfU:22 a=cvUpGn6QkLxiVzwzn9tb:22 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: 4lf-AnmtspFPOCZ4RXx53go-R0ifmZc0
X-Proofpoint-ORIG-GUID: 4lf-AnmtspFPOCZ4RXx53go-R0ifmZc0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-03-27_01,2025-03-26_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 clxscore=1015 bulkscore=0
 mlxscore=0 impostorscore=0 adultscore=0 spamscore=0 phishscore=0
 mlxlogscore=999 malwarescore=0 lowpriorityscore=0 suspectscore=0
 priorityscore=1501 classifier=spam authscore=0 authtc=n/a authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000
 definitions=main-2503270093
List-Id: <yocto-patches.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:49 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1266

ChangeLog:
https://fossies.org/linux/samhain/docs/Changelog

* Refresh patches

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...001-Hash-fix-for-MIPS64-and-AARCH64.patch} | 27 ++++---
 ... => 0002-Make-samhainrc-OE-friendly.patch} | 25 ++++---
 ...3-fix-real-path-for-some-files-dirs.patch} | 10 +--
 ...t-the-PID-Lock-path-for-samhain.pid.patch} | 21 +++---
 ...-Fix-sha256-for-big-endian-machines.patch} | 16 ++++-
 ...=> 0006-configure-add-option-for-ps.patch} | 72 +++++++++++--------
 ...avoid-searching-host-for-postgresql.patch} | 27 +++----
 ...riable-for-compiling-samhain_setpwd.patch} |  8 +--
 ...009-fix-build-with-new-version-attr.patch} | 22 +++---
 ...initializer-element-is-not-constant.patch} | 10 ++-
 ...ost-since-we-are-doing-cross-compil.patch} | 13 ++--
 ...=> 0012-Don-t-expose-configure-args.patch} |  4 +-
 recipes-ids/samhain/files/run-ptest           |  0
 recipes-ids/samhain/samhain-standalone.bb     |  7 +-
 recipes-ids/samhain/samhain.inc               | 24 +++----
 15 files changed, 168 insertions(+), 118 deletions(-)
 rename recipes-ids/samhain/files/{samhain-mips64-aarch64-dnmalloc-hash-fix.patch => 0001-Hash-fix-for-MIPS64-and-AARCH64.patch} (70%)
 rename recipes-ids/samhain/files/{samhain-samhainrc.patch => 0002-Make-samhainrc-OE-friendly.patch} (87%)
 rename recipes-ids/samhain/files/{samhain-samhainrc-fix-files-dirs-path.patch => 0003-fix-real-path-for-some-files-dirs.patch} (85%)
 rename recipes-ids/samhain/files/{samhain-pid-path.patch => 0004-Set-the-PID-Lock-path-for-samhain.pid.patch} (54%)
 rename recipes-ids/samhain/files/{samhain-sha256-big-endian.patch => 0005-Fix-sha256-for-big-endian-machines.patch} (50%)
 rename recipes-ids/samhain/files/{samhain-configure-add-option-for-ps.patch => 0006-configure-add-option-for-ps.patch} (67%)
 rename recipes-ids/samhain/files/{samhain-avoid-searching-host-for-postgresql.patch => 0007-configure.ac-avoid-searching-host-for-postgresql.patch} (87%)
 rename recipes-ids/samhain/files/{samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch => 0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch} (83%)
 rename recipes-ids/samhain/files/{fix-build-with-new-version-attr.patch => 0009-fix-build-with-new-version-attr.patch} (78%)
 rename recipes-ids/samhain/files/{samhain-fix-initializer-element-is-not-constant.patch => 0010-Fix-initializer-element-is-not-constant.patch} (76%)
 rename recipes-ids/samhain/files/{samhain-not-run-ptest-on-host.patch => 0011-not-run-test-on-host-since-we-are-doing-cross-compil.patch} (57%)
 rename recipes-ids/samhain/files/{0001-Don-t-expose-configure-args.patch => 0012-Don-t-expose-configure-args.patch} (94%)
 mode change 100755 => 100644 recipes-ids/samhain/files/run-ptest

diff --git a/recipes-ids/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch b/recipes-ids/samhain/files/0001-Hash-fix-for-MIPS64-and-AARCH64.patch
similarity index 70%
rename from recipes-ids/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch
rename to recipes-ids/samhain/files/0001-Hash-fix-for-MIPS64-and-AARCH64.patch
index 0608660..a34c553 100644
--- a/recipes-ids/samhain/files/samhain-mips64-aarch64-dnmalloc-hash-fix.patch
+++ b/recipes-ids/samhain/files/0001-Hash-fix-for-MIPS64-and-AARCH64.patch
@@ -1,28 +1,30 @@
-commit 0f6bdc219e598de08a3f37887efa5dfa50e2b996
-Author: Aws Ismail <aws.ismail@windriver.com>
-Date:   Fri Jun 22 15:47:08 2012 -0400
+From 3f6884e711cdbd66ceca8ed13158b11ca2d6ddc1 Mon Sep 17 00:00:00 2001
+From: Aws Ismail <aws.ismail@windriver.com>
+Date: Fri, 22 Jun 2012 15:47:08 -0400
+Subject: [PATCH] Hash fix for MIPS64 and AARCH64
 
-Hash fix for MIPS64 and AARCH64
-    
 Samhain uses the addresses of local variables in generating hash
 values.  The hashing function is designed only for 32-bit values.
 For MIPS64 when a 64-bit address is passed in the resulting hash
 exceeds the limits of the underlying mechanism and samhain
-ultimately fails.  The solution is to simply take the lower 
+ultimately fails.  The solution is to simply take the lower
 32-bits of the address and use that in generating hash values.
-    
+
 Signed-off-by: Greg Moffatt <greg.moffatt@windriver.com>
 
 Upstream-Status: Pending
-    
+
 Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
 Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ src/dnmalloc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
 
 diff --git a/src/dnmalloc.c b/src/dnmalloc.c
-index da9a5c5..fc91400 100644
+index 9f7bacc..d6e9ec5 100644
 --- a/src/dnmalloc.c
 +++ b/src/dnmalloc.c
-@@ -2703,11 +2703,19 @@ static void freecilst_add(chunkinfoptr p) {
+@@ -2710,11 +2710,19 @@ static void freecilst_add(chunkinfoptr p) {
  }
  
  /* Calculate the hash table entry for a chunk */
@@ -38,7 +40,10 @@ index da9a5c5..fc91400 100644
  #else
  #define hash(p)  (((unsigned long) p - (unsigned long) startheap) >> 7)
  #endif
-+#endif /* CONFIG_ARCH_MIPS64 */ 
++#endif /* CONFIG_ARCH_MIPS64 */
  
  static void
  hashtable_add (chunkinfoptr ci)
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-samhainrc.patch b/recipes-ids/samhain/files/0002-Make-samhainrc-OE-friendly.patch
similarity index 87%
rename from recipes-ids/samhain/files/samhain-samhainrc.patch
rename to recipes-ids/samhain/files/0002-Make-samhainrc-OE-friendly.patch
index 145700a..5e0cf59 100644
--- a/recipes-ids/samhain/files/samhain-samhainrc.patch
+++ b/recipes-ids/samhain/files/0002-Make-samhainrc-OE-friendly.patch
@@ -1,20 +1,22 @@
-commit 4c6658441eb3ffc4e51ed70f78cbdab046957580
-Author: Aws Ismail <aws.ismail@windriver.com>
-Date:   Fri Jun 22 16:38:20 2012 -0400
+From 5797a57fd839d4b42c38fec49a6f937ca2e359af Mon Sep 17 00:00:00 2001
+From: Aws Ismail <aws.ismail@windriver.com>
+Date: Fri, 22 Jun 2012 16:38:20 -0400
+Subject: [PATCH] Make samhainrc OE-friendly.
 
-Make samhainrc OE-friendly.
-
-Patch the samhainrc that will be installed 
+Patch the samhainrc that will be installed
 as part of the 'make install' step to more
 accurately reflect what will be found, and
 what will be of concern, on a OE install.
-    
+
 Upstream-Status: Inappropriate [configuration]
 
 Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
+---
+ samhainrc.linux | 63 +++++++++----------------------------------------
+ 1 file changed, 11 insertions(+), 52 deletions(-)
 
 diff --git a/samhainrc.linux b/samhainrc.linux
-index 9bc5ca4..10a8176 100644
+index 02906bb..5b6ec6a 100644
 --- a/samhainrc.linux
 +++ b/samhainrc.linux
 @@ -74,7 +74,6 @@ dir = 0/
@@ -128,7 +130,7 @@ index 9bc5ca4..10a8176 100644
  
  ## Remote server (yule)
  ##
-@@ -556,7 +513,8 @@ ChecksumTest=check
+@@ -539,7 +496,8 @@ ChecksumTest=check
  ## and I/O limit (kilobytes per second; 0 == off)
  ## to reduce load on host.
  #
@@ -138,7 +140,7 @@ index 9bc5ca4..10a8176 100644
  # SetIOLimit = 0
  
  ## The version string to embed in file signature databases
-@@ -565,13 +523,14 @@ ChecksumTest=check
+@@ -548,13 +506,14 @@ ChecksumTest=check
  
  ## Interval between time stamp messages
  #
@@ -156,3 +158,6 @@ index 9bc5ca4..10a8176 100644
  
  ## Alternative: crontab-like schedule
  #
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch b/recipes-ids/samhain/files/0003-fix-real-path-for-some-files-dirs.patch
similarity index 85%
rename from recipes-ids/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch
rename to recipes-ids/samhain/files/0003-fix-real-path-for-some-files-dirs.patch
index dad6b15..222e1cf 100644
--- a/recipes-ids/samhain/files/samhain-samhainrc-fix-files-dirs-path.patch
+++ b/recipes-ids/samhain/files/0003-fix-real-path-for-some-files-dirs.patch
@@ -1,4 +1,4 @@
-From 00fb527e45da42550156197647e01de9a6b1ad52 Mon Sep 17 00:00:00 2001
+From 041af4897336b0873cbac8d15b434638bf3aaf7e Mon Sep 17 00:00:00 2001
 From: Wenzong Fan <wenzong.fan@windriver.com>
 Date: Mon, 3 Mar 2014 01:50:01 -0500
 Subject: [PATCH] fix real path for some files/dirs
@@ -7,11 +7,11 @@ Upstream-Status: Inappropriate [configuration]
 
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
- samhainrc.linux |   15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
+ samhainrc.linux | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
 
 diff --git a/samhainrc.linux b/samhainrc.linux
-index e9727b4..7775d83 100644
+index 5b6ec6a..ff6ddf1 100644
 --- a/samhainrc.linux
 +++ b/samhainrc.linux
 @@ -93,7 +93,6 @@ dir = 99/etc
@@ -57,5 +57,5 @@ index e9727b4..7775d83 100644
  [Attributes]
  #
 -- 
-1.7.9.5
+2.34.1
 
diff --git a/recipes-ids/samhain/files/samhain-pid-path.patch b/recipes-ids/samhain/files/0004-Set-the-PID-Lock-path-for-samhain.pid.patch
similarity index 54%
rename from recipes-ids/samhain/files/samhain-pid-path.patch
rename to recipes-ids/samhain/files/0004-Set-the-PID-Lock-path-for-samhain.pid.patch
index 8fdadd1..0ae4b62 100644
--- a/recipes-ids/samhain/files/samhain-pid-path.patch
+++ b/recipes-ids/samhain/files/0004-Set-the-PID-Lock-path-for-samhain.pid.patch
@@ -1,22 +1,24 @@
-commit a932b03b65edeb02ccad2fce06bfa68a8f2fbb04
-Author: Aws Ismail <aws.ismail@windriver.com>
-Date:   Thu Jan 10 16:29:05 2013 -0500
+From 942843096e86669492700f49abc2c6489ea9994e Mon Sep 17 00:00:00 2001
+From: Aws Ismail <aws.ismail@windriver.com>
+Date: Thu, 10 Jan 2013 16:29:05 -0500
+Subject: [PATCH] Set the PID Lock path for samhain.pid
 
-Set the PID Lock path for samhain.pid
-    
 The explicit path for samhain.pid inorder
 for samhain to work properly after it initial
 database build.
-    
+
 Upstream-Status: Inappropriate [configuration]
 
 Signed-off-by: Aws Ismail <aws.ismail@windriver.com>
+---
+ samhainrc.linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/samhainrc.linux b/samhainrc.linux
-index 10a8176..a7b06e6 100644
+index ff6ddf1..d4b71e9 100644
 --- a/samhainrc.linux
 +++ b/samhainrc.linux
-@@ -639,7 +639,7 @@ SetFileCheckTime = 86400
+@@ -621,7 +621,7 @@ SetFileCheckTime = 86400
  
  ## Path to the PID file
  #
@@ -25,3 +27,6 @@ index 10a8176..a7b06e6 100644
  
  
  ## The digest/checksum/hash algorithm
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-sha256-big-endian.patch b/recipes-ids/samhain/files/0005-Fix-sha256-for-big-endian-machines.patch
similarity index 50%
rename from recipes-ids/samhain/files/samhain-sha256-big-endian.patch
rename to recipes-ids/samhain/files/0005-Fix-sha256-for-big-endian-machines.patch
index 3065c73..9467a60 100644
--- a/recipes-ids/samhain/files/samhain-sha256-big-endian.patch
+++ b/recipes-ids/samhain/files/0005-Fix-sha256-for-big-endian-machines.patch
@@ -1,4 +1,7 @@
-samhain: fix sha256 for big-endian machines
+From 54242aa53da0d69c04b76c22120956ac6079ef6f Mon Sep 17 00:00:00 2001
+From: Joe Slater <jslater@windriver.com>
+Date: Thu, 27 Mar 2025 11:12:33 +0800
+Subject: [PATCH] Fix sha256 for big-endian machines
 
 After computing the digest, big-endian machines would
 memset() the digest to the first byte of state instead
@@ -7,11 +10,15 @@ of using memcpy() to transfer it.
 Upstream-Status: Pending
 
 Signed-off-by: Joe Slater <jslater@windriver.com>
+---
+ src/sh_checksum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
-
+diff --git a/src/sh_checksum.c b/src/sh_checksum.c
+index e434d5c..dc23738 100644
 --- a/src/sh_checksum.c
 +++ b/src/sh_checksum.c
-@@ -468,7 +468,7 @@ void SHA256_Final(sha2_byte digest[], SH
+@@ -468,7 +468,7 @@ void SHA256_Final(sha2_byte digest[SHA256_DIGEST_LENGTH], SHA256_CTX* context)
        }
      }
  #else
@@ -20,3 +27,6 @@ Signed-off-by: Joe Slater <jslater@windriver.com>
      /* bcopy(context->state, d, SHA256_DIGEST_LENGTH); */
  #endif
    }
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch b/recipes-ids/samhain/files/0006-configure-add-option-for-ps.patch
similarity index 67%
rename from recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch
rename to recipes-ids/samhain/files/0006-configure-add-option-for-ps.patch
index 7e7f86e..e6a011b 100644
--- a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch
+++ b/recipes-ids/samhain/files/0006-configure-add-option-for-ps.patch
@@ -1,4 +1,4 @@
-From 02a143f0068cbc6cea71359169210fbb3606d4bb Mon Sep 17 00:00:00 2001
+From 2a33032ee97be5015101d94b333244e6fc53840c Mon Sep 17 00:00:00 2001
 From: Jackie Huang <jackie.huang@windriver.com>
 Date: Mon, 18 Jan 2016 00:24:57 -0500
 Subject: [PATCH] configure: add option for ps
@@ -16,12 +16,31 @@ Upstream-Status: Inappropriate [cross compile specific]
 Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
 [AK: refactored for 4.4.3]
 Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Refresh to 4.5.2
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ acinclude.m4 |  2 +-
+ configure.ac | 60 +++++++++-------------------------------------------
+ 2 files changed, 11 insertions(+), 51 deletions(-)
 
-Index: samhain-4.4.2/configure.ac
-===================================================================
---- samhain-4.4.2.orig/configure.ac
-+++ samhain-4.4.2/configure.ac
-@@ -743,56 +743,16 @@ then
+diff --git a/acinclude.m4 b/acinclude.m4
+index def24be..e2a57e2 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -359,7 +359,7 @@ x_includes=NONE
+ x_libraries=NONE
+ DESTDIR=
+ SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid"
+-SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
++SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path"
+ 
+ # Installation directory options.
+ # These are left unexpanded so users can "make install exec_prefix=/foo"
+diff --git a/configure.ac b/configure.ac
+index f59754c..d0e3657 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -799,56 +799,16 @@ then
  fi
  AC_CHECK_HEADERS(gmp.h)
  
@@ -39,17 +58,8 @@ Index: samhain-4.4.2/configure.ac
 -	AC_MSG_RESULT([no])
 -	AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin])
 -fi
--AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps])
-+AC_ARG_WITH(ps-path,
-+   [  --with-ps-path=PATH         set path to ps command ],
-+   [
-+   if test "x${withval}" != xno; then
-+       pspath="${withval}"
-+       AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps])
-+       AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps])
-+   fi
-+   ])
- 
+-AC_DEFINE_UNQUOTED([PSPATH], [_("$PS")], [Path to ps executable])
+-
 -AC_MSG_CHECKING([how to use ps])
 -$PS ax >/dev/null 2>&1
 -if test $? -eq 0; then
@@ -83,20 +93,20 @@ Index: samhain-4.4.2/configure.ac
 -else
 -	PSARG="-e"
 -fi
--AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps])
+-AC_DEFINE_UNQUOTED([PSARG], [_("$PSARG")], [Argument for ps])
++AC_ARG_WITH(ps-path,
++	[  --with-ps-path=PATH         set path to ps command ],
++	[
++	if test "x${withval}" != xno; then
++		pspath="${withval}"
++		AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps])
++		AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps])
++	fi
++	])
++
  AC_MSG_RESULT([$PS $PSARG])
  
  dnl *****************************************
-Index: samhain-4.4.2/aclocal.m4
-===================================================================
---- samhain-4.4.2.orig/aclocal.m4
-+++ samhain-4.4.2/aclocal.m4
-@@ -409,7 +409,7 @@ x_includes=NONE
- x_libraries=NONE
- DESTDIR=
- SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid"
--SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file"
-+SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path"
- 
- # Installation directory options.
- # These are left unexpanded so users can "make install exec_prefix=/foo"
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/recipes-ids/samhain/files/0007-configure.ac-avoid-searching-host-for-postgresql.patch
similarity index 87%
rename from recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
rename to recipes-ids/samhain/files/0007-configure.ac-avoid-searching-host-for-postgresql.patch
index a84229e..9652c53 100644
--- a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
+++ b/recipes-ids/samhain/files/0007-configure.ac-avoid-searching-host-for-postgresql.patch
@@ -1,4 +1,4 @@
-From 3e2ca7e06b16ceff6d12beb5113312f6525df595 Mon Sep 17 00:00:00 2001
+From 117078cd32ee2c76bbe7d65325fbc0b451c73ace Mon Sep 17 00:00:00 2001
 From: Jackie Huang <jackie.huang@windriver.com>
 Date: Thu, 14 Sep 2017 11:02:12 +0800
 Subject: [PATCH] configure.ac: avoid searching host for postgresql
@@ -7,16 +7,16 @@ Upstream-Status: Inappropriate [cross compile specific]
 
 Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
 ---
- configure.ac | 101 +++--------------------------------------------------------
+ configure.ac | 101 +++------------------------------------------------
  1 file changed, 5 insertions(+), 96 deletions(-)
 
-Index: samhain-4.4.2/configure.ac
-===================================================================
---- samhain-4.4.2.orig/configure.ac
-+++ samhain-4.4.2/configure.ac
-@@ -1290,90 +1290,11 @@ AC_ARG_WITH(database,
-           AC_DEFINE(WITH_POSTGRES)
-           AC_DEFINE(WITH_DATABASE)
+diff --git a/configure.ac b/configure.ac
+index d0e3657..5b8d167 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1351,90 +1351,11 @@ AC_ARG_WITH(database,
+           AC_DEFINE([WITH_POSTGRES], [1], [Use postgres as database])
+           AC_DEFINE([WITH_DATABASE], [1], [Use a database])
  	  #
 -	  PGCONF="no"
 -	  MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin"
@@ -103,14 +103,14 @@ Index: samhain-4.4.2/configure.ac
 -            AC_MSG_RESULT(yes)
 -
 +	  if test -z "${PGSQL_LIB_DIR}" ; then
-+            FAIL_MESSAGE("PGSQL_LIB_DIR is not set!")
++	    FAIL_MESSAGE("PGSQL_LIB_DIR is not set!")
 +	  elif test -z "${PGSQL_INC_DIR}" ; then
-+            FAIL_MESSAGE("PGSQL_INC_DIR is not set!")
++	    FAIL_MESSAGE("PGSQL_INC_DIR is not set!")
 +	  else
  	    LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm"
  	    if test x"$enable_static" = xyes; then
  	      LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm"
-@@ -1382,18 +1303,6 @@ AC_ARG_WITH(database,
+@@ -1443,18 +1364,6 @@ AC_ARG_WITH(database,
  	    fi
  	    # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}"
  	    CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}"
@@ -129,3 +129,6 @@ Index: samhain-4.4.2/configure.ac
  	  fi
  	elif test "x${withval}" = "xodbc"; then
  	  AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME)
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch b/recipes-ids/samhain/files/0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch
similarity index 83%
rename from recipes-ids/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
rename to recipes-ids/samhain/files/0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch
index 088a938..f2691e7 100644
--- a/recipes-ids/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
+++ b/recipes-ids/samhain/files/0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch
@@ -1,4 +1,4 @@
-From ae79606a6745dbbd429d1d4671dfe3045d735057 Mon Sep 17 00:00:00 2001
+From 7fc1f0a8d4c6a109f7e86853a9136a008c68808a Mon Sep 17 00:00:00 2001
 From: Jackie Huang <jackie.huang@windriver.com>
 Date: Thu, 14 Sep 2017 13:26:55 +0800
 Subject: [PATCH] Add LDFLAGS variable for compiling samhain_setpwd
@@ -11,10 +11,10 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index 01de987..49356cf 100644
+index ade0638..1806159 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -1128,7 +1128,7 @@ sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h
+@@ -1159,7 +1159,7 @@ sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h
  samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c
  	@echo '$(COMPILE)  -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \
  	./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \
@@ -24,5 +24,5 @@ index 01de987..49356cf 100644
  
  samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c
 -- 
-2.11.0
+2.34.1
 
diff --git a/recipes-ids/samhain/files/fix-build-with-new-version-attr.patch b/recipes-ids/samhain/files/0009-fix-build-with-new-version-attr.patch
similarity index 78%
rename from recipes-ids/samhain/files/fix-build-with-new-version-attr.patch
rename to recipes-ids/samhain/files/0009-fix-build-with-new-version-attr.patch
index eaf30db..b58eda9 100644
--- a/recipes-ids/samhain/files/fix-build-with-new-version-attr.patch
+++ b/recipes-ids/samhain/files/0009-fix-build-with-new-version-attr.patch
@@ -1,4 +1,4 @@
-From e67acafa62f71f0015ed548918b98ed0b1ded128 Mon Sep 17 00:00:00 2001
+From 9d693fbeb0a14bfe858aed2b46cb9e74a90d00b9 Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Sun, 19 Jan 2020 15:53:48 +0800
 Subject: [PATCH] fix build with new version attr
@@ -12,15 +12,15 @@ Upstream-Status: Pending
 
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
- aclocal.m4    | 26 +++++++++++---------------
+ acinclude.m4  | 26 +++++++++++---------------
  src/sh_unix.c |  2 +-
  2 files changed, 12 insertions(+), 16 deletions(-)
 
-diff --git a/aclocal.m4 b/aclocal.m4
-index ee5b204..38cef8e 100644
---- a/aclocal.m4
-+++ b/aclocal.m4
-@@ -1453,23 +1453,19 @@ AC_DEFUN([sh_CHECK_POSIX_ACL],
+diff --git a/acinclude.m4 b/acinclude.m4
+index e2a57e2..bfdd2f6 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -1392,23 +1392,19 @@ AC_DEFUN([sh_CHECK_POSIX_ACL],
  
  AC_DEFUN([sh_CHECK_XATTR],
  [
@@ -53,13 +53,13 @@ index ee5b204..38cef8e 100644
 +  LIBS="$OLDLIBS"
 +
    if test x"$sh_fattr" = xyes; then
- 	  AC_DEFINE(USE_XATTR, 1, [Define if you want extended attributes support.])
+ 	  AC_DEFINE([USE_XATTR], [1], [Define if you want extended attributes support.])
  	  LIBS="$LIBS $LIBATTR"
 diff --git a/src/sh_unix.c b/src/sh_unix.c
-index 3ede57f..ef236e9 100644
+index b1c0b75..2469068 100644
 --- a/src/sh_unix.c
 +++ b/src/sh_unix.c
-@@ -3681,7 +3681,7 @@ static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf)
+@@ -3682,7 +3682,7 @@ static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf)
  
  #ifdef USE_XATTR
  
@@ -69,5 +69,5 @@ index 3ede57f..ef236e9 100644
  {
    char *  out   = NULL;
 -- 
-2.7.4
+2.34.1
 
diff --git a/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch b/recipes-ids/samhain/files/0010-Fix-initializer-element-is-not-constant.patch
similarity index 76%
rename from recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
rename to recipes-ids/samhain/files/0010-Fix-initializer-element-is-not-constant.patch
index 72cb880..8479165 100644
--- a/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch
+++ b/recipes-ids/samhain/files/0010-Fix-initializer-element-is-not-constant.patch
@@ -1,3 +1,8 @@
+From 77d55c4707395b76e32e07bf0f679b5b6999d568 Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Thu, 27 Mar 2025 11:43:40 +0800
+Subject: [PATCH] Fix initializer element is not constant
+
 Fix error when compile for powerpc:
 
 | x_sh_dbIO.c: In function 'swap_short':
@@ -13,7 +18,7 @@ Signed-off-by: Kai Kang <kai.kang@windriver.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/src/sh_dbIO.c b/src/sh_dbIO.c
-index b547ac5..23a9621 100644
+index 1f9b152..503456d 100644
 --- a/src/sh_dbIO.c
 +++ b/src/sh_dbIO.c
 @@ -226,7 +226,8 @@ static unsigned short *  swap_short (unsigned short * iptr)
@@ -26,3 +31,6 @@ index b547ac5..23a9621 100644
        unsigned short hi   = (ooop & 0xff00);
        unsigned short lo   = (ooop & 0xff);
        ooop = (lo << 8) | (hi >> 8);
+-- 
+2.34.1
+
diff --git a/recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch b/recipes-ids/samhain/files/0011-not-run-test-on-host-since-we-are-doing-cross-compil.patch
similarity index 57%
rename from recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch
rename to recipes-ids/samhain/files/0011-not-run-test-on-host-since-we-are-doing-cross-compil.patch
index e00fc2a..dc9f42e 100644
--- a/recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch
+++ b/recipes-ids/samhain/files/0011-not-run-test-on-host-since-we-are-doing-cross-compil.patch
@@ -1,17 +1,20 @@
-not run test on host, since we are doing cross-compile
+From 506833786a4ae5b888f12c59b82f7d842cda778c Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Thu, 27 Mar 2025 11:46:20 +0800
+Subject: [PATCH] not run test on host, since we are doing cross-compile
 
 Upstream-Status: Inappropriate [cross compile specific]
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 ---
- Makefile.in |    1 -
+ Makefile.in | 1 -
  1 file changed, 1 deletion(-)
 
 diff --git a/Makefile.in b/Makefile.in
-index e1b32a8..74bfdc9 100644
+index 1806159..eccb4f6 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -1234,7 +1234,6 @@ intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/CuTest
+@@ -1219,7 +1219,6 @@ intcutest: internal.h $(OBJECTS) $(CUTEST_OBJECTS) sh_tiger_i.o $(srcsrc)/CuTest
  	rm x_samhain.c; \
  	$(LINK) sh_tiger_i.o $(CUTEST_OBJECTS) CuTestMain.o CuTest.o $(OBJECTS) $(LIBS_TRY); \
  	test -f ./intcutest && mv ./intcutest ./cutest; \
@@ -20,5 +23,5 @@ index e1b32a8..74bfdc9 100644
  runcutest:
  	gdb ./cutest
 -- 
-1.7.10.4
+2.34.1
 
diff --git a/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch b/recipes-ids/samhain/files/0012-Don-t-expose-configure-args.patch
similarity index 94%
rename from recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch
rename to recipes-ids/samhain/files/0012-Don-t-expose-configure-args.patch
index fedbe5b..f881b5d 100644
--- a/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch
+++ b/recipes-ids/samhain/files/0012-Don-t-expose-configure-args.patch
@@ -1,4 +1,4 @@
-From 111b1e8f35e989513d8961a45a806767109f6e1e Mon Sep 17 00:00:00 2001
+From 4625ce72e462950cfbbd37ad2a19be625fd081b0 Mon Sep 17 00:00:00 2001
 From: Mingli Yu <mingli.yu@windriver.com>
 Date: Thu, 11 Aug 2022 17:15:30 +0800
 Subject: [PATCH] Don't expose configure args
@@ -40,5 +40,5 @@ index 635a746..b9a42e7 100644
  
  	echo '#!/bin/sh' > ./sstrip
 -- 
-2.25.1
+2.34.1
 
diff --git a/recipes-ids/samhain/files/run-ptest b/recipes-ids/samhain/files/run-ptest
old mode 100755
new mode 100644
diff --git a/recipes-ids/samhain/samhain-standalone.bb b/recipes-ids/samhain/samhain-standalone.bb
index ae9ed2b..87df017 100644
--- a/recipes-ids/samhain/samhain-standalone.bb
+++ b/recipes-ids/samhain/samhain-standalone.bb
@@ -1,7 +1,7 @@
 require samhain.inc
 
-SRC_URI += "file://samhain-not-run-ptest-on-host.patch \
-            file://0001-Don-t-expose-configure-args.patch \
+SRC_URI += "file://0011-not-run-test-on-host-since-we-are-doing-cross-compil.patch \
+            file://0012-Don-t-expose-configure-args.patch \
             file://run-ptest \
 "
 
@@ -28,7 +28,8 @@ do_install:append() {
 
 do_install_ptest() {
 	mkdir -p ${D}${PTEST_PATH}
-	install ${S}/cutest ${D}${PTEST_PATH}
+	install -m 755 ${S}/cutest ${D}${PTEST_PATH}
+	install -m 644 ${S}/COPYING ${D}${PTEST_PATH}
 }
 
 RPROVIDES:${PN} += "samhain"
diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc
index 65e6734..6b8d30e 100644
--- a/recipes-ids/samhain/samhain.inc
+++ b/recipes-ids/samhain/samhain.inc
@@ -3,25 +3,25 @@ HOMEPAGE    = "http://www.la-samhna.de/samhain/"
 LICENSE     = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
 
-PV = "4.4.10"
+PV = "4.5.2"
 
 SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
            file://${INITSCRIPT_NAME}.init \
            file://${INITSCRIPT_NAME}.default \
            file://samhain.service \
-           file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \
-           file://samhain-samhainrc.patch \
-           file://samhain-samhainrc-fix-files-dirs-path.patch \
-           file://samhain-pid-path.patch \
-           file://samhain-sha256-big-endian.patch \
-           file://samhain-configure-add-option-for-ps.patch \
-           file://samhain-avoid-searching-host-for-postgresql.patch \
-           file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
-           file://fix-build-with-new-version-attr.patch \
-           file://samhain-fix-initializer-element-is-not-constant.patch \
+           file://0001-Hash-fix-for-MIPS64-and-AARCH64.patch \
+           file://0002-Make-samhainrc-OE-friendly.patch \
+           file://0003-fix-real-path-for-some-files-dirs.patch \
+           file://0004-Set-the-PID-Lock-path-for-samhain.pid.patch \
+           file://0005-Fix-sha256-for-big-endian-machines.patch \
+           file://0006-configure-add-option-for-ps.patch \
+           file://0007-configure.ac-avoid-searching-host-for-postgresql.patch \
+           file://0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch \
+           file://0009-fix-build-with-new-version-attr.patch \
+           file://0010-Fix-initializer-element-is-not-constant.patch \
            "
 
-SRC_URI[sha256sum] = "ae6ee8eff3cb111b7fc14a57bcc258443dd0bcf1bfacfdf229935ed053c1ce3d"
+SRC_URI[sha256sum] = "0b5d3534fd60ecf45dfd79bd415e81f7a56eba7f1755771735e204f334033578"
 
 UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
 UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"

From patchwork Thu Mar 27 13:23:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yi Zhao <yi.zhao@windriver.com>
X-Patchwork-Id: 60073
Return-Path: <yi.zhao@eng.windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A8342C36010
	for <webhook@archiver.kernel.org>; Thu, 27 Mar 2025 13:23:49 +0000 (UTC)
Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com
 [205.220.166.238])
 by mx.groups.io with SMTP id smtpd.web10.49879.1743081827456507602
 for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:47 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.166.238,
 mailfrom: prvs=5181a5ef2b=yi.zhao@windriver.com)
Received: from pps.filterd (m0250809.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 52R8knIt025090
	for <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 06:23:47 -0700
Received: from nam10-dm6-obe.outbound.protection.outlook.com
 (mail-dm6nam10lp2043.outbound.protection.outlook.com [104.47.58.43])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 45hvqkdn2w-2
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=J8Rnzjn7WsMF5a500UV8c9lLN96O0G6iSuc35U+CdCEynjUg/rVhWHLTT6haEdNu0JJM/sIK9oq4ZJBsq5oTwYRwLjkvNBr5aYDa24For8oSyqMMZlnnbjsJqKvT/KIabA9n9FroY8arxyeDmjWMXhQ+wkVmZKYNSEy+rr4P5DrmCNLD4CXDql1WdsKfbeHQWqgpdxrNytjHI9IurxAQjbVLiQTFkKjMl1tNPtUPMjkXA+stAqhwR2FHg2lNOWTK5r/rVfp/RsCyuE9fDbzCFndA5KlAE/hAcKpRLJSXf6j9aRoo1DLoXTufsmDuvCeuv5ysbVCSS3TeD16164V5oQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=vzuwar3azcAOvBs5roXscKfQ8jtwIzY9/HgwYSEHHvk=;
 b=nnegTHIYsHeiTwQULqDXcBTwgAWr8pvpzOpwYADqUHoQIWb6gefReWAEJ3+RG421ltoWpNWFpeXtaAbi/DchsqVj2rE96BGAXgDoND9uRx8u6GdeH7ogqw6A+NdTUmjFQUoCqzfqh6+iYXR04I6ozRCeuIV5sST7tZpXdNGMLKfUQP/WAh/tKkgZDnR07swI8p0UIFoN9jWtRYIVmTDJSmpVQQ0UQodKlSJJWabYutA1J1ibwf/v4M0WEeGcAHkU7tjUV+0tQcgHzsMeJ6s+eB3peRe4kWon3zI0N2tVHmEItyS+/6uM+uIUSQF9b2vc4TF0m6pMqgukvoep6wTAUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by
 MW4PR11MB5773.namprd11.prod.outlook.com (2603:10b6:303:180::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 27 Mar
 2025 13:23:44 +0000
Received: from DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8534.043; Thu, 27 Mar 2025
 13:23:44 +0000
From: Yi Zhao <yi.zhao@windriver.com>
To: yocto-patches@lists.yoctoproject.org
Subject: [meta-security][PATCH 2/5] libgssglue: upgrade 0.8 -> 0.9
Date: Thu, 27 Mar 2025 21:23:24 +0800
Message-Id: <20250327132327.3477926-2-yi.zhao@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250327132327.3477926-1-yi.zhao@windriver.com>
References: <20250327132327.3477926-1-yi.zhao@windriver.com>
X-ClientProxiedBy: SI1PR02CA0038.apcprd02.prod.outlook.com
 (2603:1096:4:1f6::15) To DS0PR11MB6399.namprd11.prod.outlook.com
 (2603:10b6:8:c8::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|MW4PR11MB5773:EE_
X-MS-Office365-Filtering-Correlation-Id: b6158995-cc5c-41ad-d260-08dd6d329960
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014;
X-Microsoft-Antispam-Message-Info: 
 iNLXVKuIqENjt7GWoeHxCsJGu6v1KhBXtD24HSCuiqMMdFIlYaH7T+Lg8+DI/9J5Ccv1OR5DM6tiLh/3NpJyX8s5GzMYeuk7Gq9D91qFYzt/I8EMxezPKF6Nkd8wLhVZjSYvMvpam+UzC7VW9lksL7B9AK3Vxj0RZsxGjWcPn61ojhFwbYHcQuuvjgKOQBnCn2b4TXF8ssSPIYKi9EK9TnlXIPIDa0CQ0Xd8PrLMR9tQvINHQ8l98R09FmhD00+caDnUXCWXfH65MSN6dI3Jd5E74sdBcnmKztLu45uHlFswO4yulKk2HaM9RZ7ox/tv0H2YmTDx+twU8+8OuL6cY8WUjDEbuzz7vTWgqjwHtxDElm+Gk6uOmoX3zx4OZooRBTR1jnBhjC7BSoZ+pvjMBL4NGX/GcSTe5v5op8AlSZYR9cz5pKifj0dCU/UJpaDRUF8ziHhv+yN6ofxvyorXB3tUH48WeVPSy1POYmtRr+EziaSMqjWoA23PPpJpR60VQXNQOrj/S5IQG6XXqHGyvnUsVxWN/vXw4ygmaeiSjQ67zYQmZ25kEOuvhDWBMcyPgO41k4TxH/gqjdxjOtdv2sQibUOfpTAypJh63/Jvky2LGZTq55/YiXP/HJA6iZS90kQwcldbpk9Xl1PGSQmZS9VEbBBs2x/WG4YWEU+h3JefMjs12KFKhZQSg8b7i5vICml8MtxjULQ1hNPtGR/tsMSSARFGyGIrEgPNfFt74RADNWOks8tvFobhbGpCKG+jNzHQLBKs6Mt15GxJxa0qG6eF0rX5aUVlTOdbMPhygQ78/PhZ6LhckxVMfAkfiI0kcZS3lpToT65WBdg5PRXtD2vLs/WiByW3D3TgHyet4aRdg+hWTdiDeP/fLFG66IDSqKr9fsylan9anWZdfvU+9CE36ov2nSbyJltco3Lfxel92yekvRxF4fte4p1+zfiTwJGXqZa7i4Mc2EUi/GrUsu8ye3UH9lERFVBrhs9Y39tjAaejR9VkQGQDun9LiOL0F84CFmBaFPB2zQ+KJaVLt818msyhxZKQFH+hlNyXgVxUt0KiphIms+az2Th7UAJNCR+jfHF1MvmQRVwTY8gaFYBOIIlz8D2G8m8G78fRiT6OFb0CSg7k3jY4qZecOSYsHExElBRSMsnCxIti8/YpdVn/pD2nMOyRMFzU/oq2e4JvPQE0ayuLUVwd7WYlvACo/huyB1ILtEVGnloKpugDIKW/QeCb0Gm3tv7zGe9qvDSWT1T9CP2oX/ySVvGS8HPQMYzanoRv9MdNYLK9XICo3V2VFDvxk6vW/gfQQdI2d9BVS3onmpQn1jwGbK8d4WHulZP6HzOuKlJ2X5O4wDsoy+v9bQhyt5m42d2VGJOIIb/8/tAOj7KC6RsnfFKUfAdFoTtwPYTaKutQW8z+SdiWlOIk4XRbK+k4xLRrxoQUKj3lqK4p+MCdR6eQ5804KcP2
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 wCdm3xbNi59nuyrDPMLVoWvy9nBIPXoKwmI8XSNL/wfdU7G2ey7dvkTZHGt8GwWLjotkpuSEWAmmSxHI4G40pNir4jg+ahRHU7IaD+K4TgsT0W8rQXj1Bb+7dZovaF5rW/Y5iP+JQjDzkWgueeI9AV26FQfX3utik7AdrmAgko8FLS5R5dfeAPD2wNiEHjiCcJV0/0riRotDwS1Qr6AjoATld2ygagF0H9+KA3bbK1YCF2+wgE6AlDkBXvlfd2qah0mLB46oB7ww5x922YE0oJTE4WN2a3JBu2EjJVUT3AI4HZNFf1cFOfuAGQFRDjtKT+l2D7yvDEDOjqK9wXt2/hJ5L5fncGcv51b55IxTD9cFxu4RtBY/nDGyUOiDCHhAl+WmMlM4VArAfX3ZEWlsNfwK2uetWrJnCI3KRg+wVRBEVsEjddivD+Q3p0by4ZoNeZthc7If5x6c9WjEhejK81PkYgT3akFWoLQ5aVi+MIcxmnShnrUreN75ipalIQFcdqZdBEPA8ah5vEiq+U5EQJqWFjB2nUZi6G/AZhtqXv8mR+BVWblQODzcHV5qgty9QJ54JGovTH95WqnhSX6R2Bz1wwbMnVJKcSME1QQfbLqg3HV6zQixLndkjT5ZtEac9Utph3HrvNuhKizAU9xW+zb93ixbF+r9iMvIu2rMxi/ztmTcv3qyJirX+tZ7gjE4MCuu7WHRD4SjyjYQD0nmpNgvtwvVIGDS1ZektAL3jfO/zXfgP8Fb52ZMt/Z7Tc4IpniWmNVa6UW3dbG86M81a9NutvmL8ECp+UNehbjAFc0AnFKggk/+JSdCYWohgcR4op5I7aYRLyq83pL2ubm/PlKhIZQLQSSaGMJe+IyMVL5aFnSlA60hWR46XKKRKrgLS6C05OKieZKuBkKV77qRkA6QLNXSJxbpR3w4A5qUiPQ050T5wKZjrprXuu/QUxaPBxVuguoIJ5tj4ZZN/pDEmfpGDujFKnTD+ji4ux73VKypJZra9fGdGwDSkU7mgoX4vsrziCpGi/7qstACojdF1A43V5QTBca+N9ZpFi5veB0qtHO+8e7z56Q/oSvrS9cBrm/At25usPFdiCXc3YziSNkBy1rOgNsUHbisIezsNZvKGD1uke4+/BA/uy7WUXEhqYcN5dcrP48u7r/J3VZSswTwfVD4HNtBzJTZiALX3waDLGomjWD8B2vPBg2nEz49/5sDOkWcGODvLzSvS4ZKqXsfGJm8pnnPaDQLb/Yl3oOFECjuU3s3vqlG0zssBVid2Hc+3BLXzFCLSZWNizaf/CPqQMk0hLmPfnJcu8gtYnYk6YC8p3tQS+Owa/rJpePDPt0TMFAd5iJyqVza0Nmj18vqy3eva4r34vCOF/1yaP5/1M6O3FCA1oynDixHiI8jNv7XtAQZ7HtLUf8mZssrlovq1JOTxkRAJaEa6qjTZKBoCpYbDOR/XL/l1pyDVs6cyUgrZ6xTwWRRgXTAHNXEu2lhy7Bao4WnMjiJztGCdmikJJQrlgJNdqbP+ILIhQmYjt+zyej5Faip1d9WwXr63QkKMkCPjpbc9J2y3bF9TmIbIwRfWammHTYDvoNRmpC5
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b6158995-cc5c-41ad-d260-08dd6d329960
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2025 13:23:44.7303
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 jPH2qLL9Jvx8FXoDRrJ6n2ZVR/ObWPCiDw5DToNNbYlMNMnyfhJPu6g70TSkmy+zUPF1XndQuo+jomm3b/C9Ng==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5773
X-Authority-Analysis: v=2.4 cv=XNkwSRhE c=1 sm=1 tr=0 ts=67e55163 cx=c_pps
 a=S2IcI55zTQM2EKrhu3zyRw==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=Vs1iUdzkB0EA:10
 a=H5OGdu5hBBwA:10 a=t7CeM3EgAAAA:8 a=p0WdMEafAAAA:8 a=D_8YXLKRlD7LT-XsMP4A:9
 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: P4Ab87RvECRrJGJCG9iuEu5RO1Skc4Ng
X-Proofpoint-ORIG-GUID: P4Ab87RvECRrJGJCG9iuEu5RO1Skc4Ng
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-03-27_01,2025-03-26_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 clxscore=1015 bulkscore=0
 mlxscore=0 impostorscore=0 adultscore=0 spamscore=0 phishscore=0
 mlxlogscore=758 malwarescore=0 lowpriorityscore=0 suspectscore=0
 priorityscore=1501 classifier=spam authscore=0 authtc=n/a authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000
 definitions=main-2503270093
List-Id: <yocto-patches.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:49 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1267

* Drop useless patch libgssglue-canon-name.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../files/libgssglue-canon-name.patch         | 60 -------------------
 .../{libgssglue_0.8.bb => libgssglue_0.9.bb}  |  6 +-
 2 files changed, 2 insertions(+), 64 deletions(-)
 delete mode 100644 recipes-security/libgssglue/files/libgssglue-canon-name.patch
 rename recipes-security/libgssglue/{libgssglue_0.8.bb => libgssglue_0.9.bb} (94%)

diff --git a/recipes-security/libgssglue/files/libgssglue-canon-name.patch b/recipes-security/libgssglue/files/libgssglue-canon-name.patch
deleted file mode 100644
index cb7c47b..0000000
--- a/recipes-security/libgssglue/files/libgssglue-canon-name.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-fix the bug:
-g_canon_name.c:125:5: warning: passing argument 2 of '__gss_copy_namebuf' from incompatible pointer type [enabled by default]
-
-the 2nd argument of __gss_copy_namebuf should be address of *gss_buffer_t, \
-but a *gss_buffer_t is assigned.
-
-what __gss_copy_namebuf does is to alloc memory for a gss_buffer_desc and \
-copy from src and return its address.
-
-if following code failed, gss_release_name will free \
-union_canon_name->external_name.value if it is not NULL.
-
-OM_uint32 __gss_copy_namebuf(src, dest)
-    gss_buffer_t   src;
-    gss_buffer_t   *dest;
-
-typedef struct gss_union_name_t {
-	gss_mechanism		gss_mech;
-	gss_OID			name_type;
-	gss_buffer_desc		external_name;
-	/*
-	 * These last two fields are only filled in for mechanism
-	 * names.
-	 */
-	gss_OID			mech_type;
-	gss_name_t		mech_name;
-} gss_union_name_desc, *gss_union_name_t;
-
-typedef struct gss_buffer_desc_struct {
-      size_t length;
-      void FAR *value;
-} gss_buffer_desc, FAR *gss_buffer_t;
-
-Upstream-Status: Pending
-Signed-off-by: Yao Zhao <yao.zhao@windriver.com>
-
---- a/src/g_canon_name.c
-+++ b/src/g_canon_name.c
-@@ -121,11 +121,17 @@ gss_canonicalize_name (OM_uint32 *minor_
- 
-     union_canon_name->mech_name = mech_name;
- 
--    status = __gss_copy_namebuf(&union_input_name->external_name,
--				&union_canon_name->external_name);
--    if (status != GSS_S_COMPLETE)
--	goto failure;
-+    union_canon_name->external_name.value = (void*) malloc(
-+                      union_input_name->external_name.length + 1);
-+    if (!union_canon_name->external_name.value)
-+        goto failure;
- 
-+    memcpy(union_canon_name->external_name.value, 
-+           union_input_name->external_name.value, 
-+           union_input_name->external_name.length);
-+    union_canon_name->external_name.length = 
-+                      union_input_name->external_name.length; 
-+   
-     if (union_input_name->name_type != GSS_C_NO_OID) {
- 	status = generic_gss_copy_oid(minor_status,
- 				      union_input_name->name_type,
diff --git a/recipes-security/libgssglue/libgssglue_0.8.bb b/recipes-security/libgssglue/libgssglue_0.9.bb
similarity index 94%
rename from recipes-security/libgssglue/libgssglue_0.8.bb
rename to recipes-security/libgssglue/libgssglue_0.9.bb
index e534615..7e24450 100644
--- a/recipes-security/libgssglue/libgssglue_0.8.bb
+++ b/recipes-security/libgssglue/libgssglue_0.9.bb
@@ -21,10 +21,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
                     file://src/oid_ops.c;beginline=378;endline=398;md5=72457a5cdc0354cb5c25c8b150326364\
 "
 
-SRC_URI = "git://gitlab.com/gsasl/libgssglue.git;protocol=https;branch=master \
-           file://libgssglue-canon-name.patch  \
-"
-SRCREV = "c8b4b2936b854a7d4f7ef12e30d6f519b30dec87"
+SRC_URI = "git://gitlab.com/gsasl/libgssglue.git;protocol=https;branch=master"
+SRCREV = "ada76bdaec665f70505f0b3aefe871b873e7c4b6"
 
 S = "${WORKDIR}/git"
 

From patchwork Thu Mar 27 13:23:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yi Zhao <yi.zhao@windriver.com>
X-Patchwork-Id: 60072
Return-Path: <yi.zhao@eng.windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A7210C3600B
	for <webhook@archiver.kernel.org>; Thu, 27 Mar 2025 13:23:49 +0000 (UTC)
Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com
 [205.220.166.238])
 by mx.groups.io with SMTP id smtpd.web11.49721.1743081828074291197
 for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:48 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.166.238,
 mailfrom: prvs=5181a5ef2b=yi.zhao@windriver.com)
Received: from pps.filterd (m0250809.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 52R8knIu025090
	for <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 06:23:47 -0700
Received: from nam10-dm6-obe.outbound.protection.outlook.com
 (mail-dm6nam10lp2043.outbound.protection.outlook.com [104.47.58.43])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 45hvqkdn2w-3
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=hGRbvUusPpiz6kmKQnlnMW3axwuHIA8WnFpIve27/OtH+cG9KitUgpzTz3nYo6X+nNPyUivcQz/h5lnkM3rtbf8vAtRSDcM2ceCtRbr11ve6InnO+JmLMt1Kp1yTYqMixuj5Zojw92Hq7y6YrFpEpbjZ6nU0vw2lS9E11bA4UuSy8I26Qyx7cBdVdxvitN7LZSKLSPlahhasrJ6kgDr4G37WOtnuFpRp12yCecHnmTBC07tgbQbXb8XMxulF1EZvx/JeJeYQJqr5z4ZoQruTz7OkUQ9B/G5ty3dziV/D/46SvNjaEl5dnTJ+sBtGTZoVVHLc4dfdcQk7ljQcHGjSgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=7w3/TzkvaV2pd/wnbLjyOrerxXEf01I8JlEW7xpmSsY=;
 b=sCSb/dNZTsO6tHlReY2aOXuYM9RGx2kJKURUlC7KP0W242lbwVu1RAx/ytbarOX7bSNrKv9FMXmi16Qg4qVD8xgQ8sheUWktmjEExZG7iVsLrk6iLGEsXuEdsGOV7kgS97GZF68H+tDjYp9BetrmdG0Hy5nfHlwmjkCS86FW40P5R//2LIjNHGBtrZ2WxOZEvxtHDi/ugHfwlpjkF6wnGjvMGIjz/PDp4P9XN1JFAuXNkmh5flOhkGa7RgeqZLDMv4HYdeWBF1BCqD9siDt9LEUuZocKjlck/KbrqfGYCFxQTWuvsCi7QHK2XuLzGs2FR2iHwvyCa4FzUF8brluPnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by
 MW4PR11MB5773.namprd11.prod.outlook.com (2603:10b6:303:180::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 27 Mar
 2025 13:23:46 +0000
Received: from DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8534.043; Thu, 27 Mar 2025
 13:23:46 +0000
From: Yi Zhao <yi.zhao@windriver.com>
To: yocto-patches@lists.yoctoproject.org
Subject: [meta-security][PATCH 3/5] libgssglue: add ptest
Date: Thu, 27 Mar 2025 21:23:25 +0800
Message-Id: <20250327132327.3477926-3-yi.zhao@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250327132327.3477926-1-yi.zhao@windriver.com>
References: <20250327132327.3477926-1-yi.zhao@windriver.com>
X-ClientProxiedBy: SI1PR02CA0038.apcprd02.prod.outlook.com
 (2603:1096:4:1f6::15) To DS0PR11MB6399.namprd11.prod.outlook.com
 (2603:10b6:8:c8::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|MW4PR11MB5773:EE_
X-MS-Office365-Filtering-Correlation-Id: 22704364-7fb6-4300-2704-08dd6d329a2a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014;
X-Microsoft-Antispam-Message-Info: 
 oDPLsW/SZ2AECND28397A0Lc8CL645lOx9kexhKxBEJkn3huM6TkRUkikxzRGgDy6DMcwdOJKO5renGdGrfNlp3EJpxi3A0iEJweIbqqBZRdjOVlYZ/4ft1AwYCs9W7JmW/LnkdzMt32dAoPF6DANAu4mhlndIZoSCiddTeugpc/aPZtJamcbNR/1TkM9XqGNN2+QRxlL++GnHDuzITAVrkdB/tUY3XCDXSr8XUmsI4e9gIzno75z7r+9i7Fxsjoroko+8cDdXZn5YoZgKW5FPjy42az6OnZcQu2tKfCIujNNLgA0/e+GI+Lon3YWXPW0qVHovtHMjIQS5U2c4983+1wIIwJ+NlD6aQhq/ZI4J6zFMBXCuWowboJjt8c9Ujdle1oo4+0shGb9dgA45BUpjgJyyUdhSFJcXYN8dpdXFAUf8e1kOmfTGa0oLH+s/a8s9k6HWZfc1PeFBDvXHGwW0F6RvV9UQU8OPCXOblcAxeT6nJiyxon3iCCmDZIbwWC5cR6htrREfyTeGiBC49hFOudhLxcVuDzE7xLZvzRQqeyREvuk5Pd3tZ3wUCwchO1jNm8fYA6aeOgj2p+ingN/MW0qJuzo6FA+SpsMc+Liq+FUoittZ6Sr5R8dNWAli1ZdNL6zBzG1WpezLJO4r0RQLMieN5HuBw7o+mWSXqwraYs2Yw6oqfvpJ5gydmxr0URx/jhC6hub8D6p4d5OQYxJD4jINgT/D2p7ilsRNY9RFppjMKogwIuaskjhxCP/tkgE6A7WnjPbHBO5QLvYs8y05lMO2mzinsCxttmkAkXfMkEQs5TN8Y+Jg0IycdA1zhpayPTqwR488FmFE1kwo51IY8ZM3YcFUksdFgZgmhDUQfoTgDO5Xyll6/p6B3emHEyJOwM0wOZxC8I0y0dx2iwqRGcGC4HpBUsOniOX7ULBNXDdMcYLuaybjUL/YKK0LV5GtlxnDKshXWof4QC2czD7IaQ4J7mm+mT4cK9GLToDMF+IKXvedST3L2Z2d6JT5r3rZfXbewqO7/CtS5zC6i4RpnfuIZpdJ5honIJYqOru7tC/wUE6QHLyigi94+UPX6zwLz+re+Gq1SkRexT4y2lWbT1n+UPiUko2xdgexlvbJ8Tmsl6XAhA4TJph6Fz2LB/8TaL1po6Vp0CgpZLc+Hx5KKUIR9Qlz4GgKZWBJuEvmhFZ9zgkSCSwjpTz5Xw3TrWbG3FRlxc+gyu6a6zKdabQSR4V+Ffe0bnR8xolg6mb4iTQD5muVnjLD3LnK0/BKb9jg7V1ng56RJM++Kjf0drtiMkmkbcsQujFdSLAn0f5r7mW4iF52XfpZe1C226e9E8duN+gbMri25eNAg9Mb76Q7y0p1hHE+PwnUZ/PclJtfgPPr3fXBBTPw4WCtFnwbgwQoVOykXjg7x0N53vD2Mk5jNrzJ749t2QYwnQkWm++Qj0PwTrKSAaexJva1OCA52U
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 32HtcNl6GCwrR3FbugY//B63xnnCiMqFCYiM5UP7JxR1zqKsQzvZAGb0oO8vvJFgWnYpxglARfySHXAGlwqRQO3HDSGewrE1EOLPp36zwGa9pY7zR1Ba5R+QAvdQAQKJ9WxE7kABZuZ4gtjBV5EBThuZEoxue+qtghVl99l8skei0woefEGFJiswBY35F67XY7sSJd96CzgrrFZWEL10A1r8zvUxEkWrWF6GYd4VIkWoFow0PmX7eUUIsWI0rfpG4J0m34tHcuL3B5eCsQZ0WOBtfhc4qwc8A54RgbvTovZCuTJQtrCnKqqq4TkE5CcBe3QjxukdX6vlEVIgJS992fl8jDRWjAoebobtq839kF/nDVGJ5hBVy1rCu7ydUBWI5ZJ/QTQEZChiM1FTv9fNXXrbYD8flyOnP5FgicCNuWOBlNOImYJG5XVuPWjuFuCmMlPe26a4HjqHZvpabASY70OVocFNqx0HXT7iNAyB5PqydKJsW/o5S9B5EMz4+3CdUOqdXxBE7Kxu2zcOsoXXyGvAxS0sjTdSV9vcSiI3gBzebFJgfwWf2b+n1y+p6Yam1BG4EHVgulMKYiiPJniA47ZFsQ8XnQ2cJDiyRMwcwuRGTKrk741zUUq/Bjk7+bGKrC/wdhezqm7zMIEg9z9n4HZPiN6FuAFiz5N5EUpJzIRQssFuh9zGOZ2g4hGeGzmMRfUypWYXz27on4aJDLBl/GYXjkGb3dS6KtSFRwKDSNqpMjXFZtlIm9DntnQlZqGxeHyA1ceHdoMwAuRVuOAO83KlNC6ytScpPN39K0Vj+XwpB7kFg3jErg8bCKmrdTX05IvabREJ7XrnbACoPSdhKWiOpgcGAiUKs8mWBRO4p5YteW8hNdurHpJIzjPw7FOUGj3eOTYunqCG1WDctTLPuhH0UphHfnW1ZGT7lW9mZz4eTw/hUPG+Hv1XKYscMteTtL5VpwtWnCWlsG2YiWHJJDLueDnT8TvxvfbqCXtdtL/P4jYC1D5S0Z3lTdWK7BTTcwS82KBKnr1MW6at2u2aGTeGSZOYrcVVlpZgijo/xWxqSXvqAaiUZv32mwwPB0lOUjmOgMGjrSpK/w6F5LMSZ8gM1jjCQOIq1dGK1bsv4V1snzNaplX7yeb8BIzi+jOIyt7Wnj7+jtdjB/yOUYjSq7uGP9aJDd1/Dgjhc6mvJLT1EK0qcgmpRWunnXTOfG892PvdX2dNTsQA+1c3/lzrNbCIMp9QYgjDk+2LlrXWuC0xG7yxHKCxRpEtAAuRl+RfO2uit1X6XgnPGeNISy909ORxuCW/pPtND46bELhdfhGSuhLL9kuzFkIWQtLB/nv3dkwR7VUBKlKRc9NOJTdEYFSqYcDkRrwXogXhPIAtjaCSXmZDOgV8jAzOokpErzTXDGtDx6CH1STm3mjcgFdbVTXly45d8QkJ4xtVwUVzdaX5tfICZbEaPZbLxZXBVI/h1tYI2XQLzr7LlXfOkqz6MjlckrCdkvjsGV+yhiq0NAPIyKUgICBWqECGU8Y0hvrWumRAH43mcMlP3wyRS60nWBYMpw/sqg1Ye9UM9h19ypzop+ZkyyquPhpx9Ux7wfgC
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 22704364-7fb6-4300-2704-08dd6d329a2a
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2025 13:23:46.0677
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 XEvMR2HU4LGyrX4j8i/axU4IcP61KdVS1sV0YJjOCuToebqVdsPIY4Q8YULTxqvM1h2Qto6dQwoE7JaEYS8uOw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5773
X-Authority-Analysis: v=2.4 cv=XNkwSRhE c=1 sm=1 tr=0 ts=67e55163 cx=c_pps
 a=S2IcI55zTQM2EKrhu3zyRw==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=Vs1iUdzkB0EA:10
 a=H5OGdu5hBBwA:10 a=QIhr-27iAAAA:8 a=t7CeM3EgAAAA:8 a=p0WdMEafAAAA:8
 a=87fI6rSnTKLdA_fLSToA:9 a=cgaYBWEFosGJW4rWv5Lf:22 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: mMSIrJTIvi4r5SBlnJi14NWNjBsHTuUw
X-Proofpoint-ORIG-GUID: mMSIrJTIvi4r5SBlnJi14NWNjBsHTuUw
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-03-27_01,2025-03-26_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 clxscore=1015 bulkscore=0
 mlxscore=0 impostorscore=0 adultscore=0 spamscore=0 phishscore=0
 mlxlogscore=884 malwarescore=0 lowpriorityscore=0 suspectscore=0
 priorityscore=1501 classifier=spam authscore=0 authtc=n/a authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000
 definitions=main-2503270093
List-Id: <yocto-patches.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:49 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1268

Ptest result:
ptest-runner libgssglue
START: ptest-runner
2025-03-27T13:15
BEGIN: /usr/lib64/libgssglue/ptest
PASS: gss_create_empty_oid_set
PASS: gss_test_oid_set_member
PASS: gss_test_oid_set_member n==0
PASS: gss_add_oid_set_member() OK
PASS: gss_test_oid_set_member() OK
    OID present in set with the OID added to it => 1
PASS: gss_test_oid_set_member() OK
PASS: gss_test_oid_set_member() OK
    Another OID present in set without the OID => 0
PASS: gss_test_oid_set_member() OK
PASS: gss_add_oid_set_member() OK
PASS: gss_test_oid_set_member() OK
    Another OID present in set with it added => 1
PASS: gss_test_oid_set_member() OK
PASS: gss_test_oid_set_member() OK
    First OID present in set => 1
PASS: gss_test_oid_set_member() OK
PASS: gss_release_oid_set() OK
PASS: gss_indicate_mechs() OK
PASS: gss_release_oid_set() OK
PASS: gss_import_name() OK
PASS: gss_display_name() OK
    display_name() => 27: imap@server.example.org@FOO
PASS: gss_release_buffer() OK
PASS: gss_release_name() OK
Basic self tests done with 0 errors
DURATION: 0
END: /usr/lib64/libgssglue/ptest
2025-03-27T13:15
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 recipes-security/libgssglue/files/run-ptest   |  4 ++++
 recipes-security/libgssglue/libgssglue_0.9.bb | 15 +++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 recipes-security/libgssglue/files/run-ptest

diff --git a/recipes-security/libgssglue/files/run-ptest b/recipes-security/libgssglue/files/run-ptest
new file mode 100644
index 0000000..04d492c
--- /dev/null
+++ b/recipes-security/libgssglue/files/run-ptest
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+current_dir=$(dirname $(readlink -f $0))
+$current_dir/generic
diff --git a/recipes-security/libgssglue/libgssglue_0.9.bb b/recipes-security/libgssglue/libgssglue_0.9.bb
index 7e24450..73e6dec 100644
--- a/recipes-security/libgssglue/libgssglue_0.9.bb
+++ b/recipes-security/libgssglue/libgssglue_0.9.bb
@@ -21,12 +21,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
                     file://src/oid_ops.c;beginline=378;endline=398;md5=72457a5cdc0354cb5c25c8b150326364\
 "
 
-SRC_URI = "git://gitlab.com/gsasl/libgssglue.git;protocol=https;branch=master"
+SRC_URI = "git://gitlab.com/gsasl/libgssglue.git;protocol=https;branch=master \
+           file://run-ptest \
+          "
 SRCREV = "ada76bdaec665f70505f0b3aefe871b873e7c4b6"
 
 S = "${WORKDIR}/git"
 
-inherit autotools-brokensep
+inherit autotools-brokensep ptest
 
 do_configure:prepend() {
     cd ${S}
@@ -46,5 +48,14 @@ do_install:append() {
     sed -i -e "s:/usr/lib/libgssapi_krb5.so:libgssapi_krb5.so.2:" ${D}${sysconfdir}/gssapi_mech.conf
 }
 
+do_compile_ptest() {
+    echo 'buildtest-TESTS: $(check_PROGRAMS)' >> ${S}/tests/Makefile
+    oe_runmake -C ${S}/tests buildtest-TESTS
+}
+
+do_install_ptest() {
+    install -m 755 ${S}/tests/generic ${D}/${PTEST_PATH}
+}
+
 # gssglue can use krb5, spkm3... as gssapi library, configurable
 RRECOMMENDS:${PN} += "krb5"

From patchwork Thu Mar 27 13:23:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Yi Zhao <yi.zhao@windriver.com>
X-Patchwork-Id: 60076
Return-Path: <yi.zhao@eng.windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 965F4C3600B
	for <webhook@archiver.kernel.org>; Thu, 27 Mar 2025 13:23:59 +0000 (UTC)
Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com
 [205.220.178.238])
 by mx.groups.io with SMTP id smtpd.web11.49723.1743081831167739925
 for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:51 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.178.238,
 mailfrom: prvs=5181a5ef2b=yi.zhao@windriver.com)
Received: from pps.filterd (m0250812.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 52RBcHI4031145
	for <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:50 GMT
Received: from nam10-bn7-obe.outbound.protection.outlook.com
 (mail-bn7nam10lp2046.outbound.protection.outlook.com [104.47.70.46])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 45hm68nxb2-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 13:23:49 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=rDxsccehrlif58O8KYFqGairJfe4ujFSYNxfwi5Tde53rW8sR3OR71lYKM7XH5m3+V8HnJMfQL3NiVJ2hgTAZ91RyQjQSOt+dkO0GUoU9ujBapH2ow3tcSXcdh4MWQma0BU+WB4hirXf2roXJF3C+d88sBo8mKtrMPofsOQ7nemwb2br8oOpEO4NiDoVFStRCi/08p8RI7aWIhqa9pTHn3HiIvIF9zGBw4P/gX4bHjOtXq1BnyOjSHdFKW4iwF8TAsldJdICY5v0pdfoLHmCp1TgI3YG4BhxnLZ/fGsSCEOQXeIwc++5ohXvMC73BSsG5u8T4ZlaD341x0quajGeMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=AoY7kR/tfqKTu5w09+n1yQRMWHc0odIUByJ5XaVHJ8E=;
 b=jY0Q9q2MDYC5MSZpeGX8HjGYsKZHWz93zoDs+JsXKxuiSaZ9kBImz8a6xEjuMURB4kdbKj7anp4qVt2mobawSsMp0mTKdHoKCrgmOV/5Q6t3uFg/pGcQPOXIFsostd5rs3punHXxQ9OQaWK3QLp4aIvfVjBwp++7vleu1OpLSiJBbU+CxQTWixv5mVwZhcRdh/RqTRKSkPwB8sHeO5oKL4Dfq4IhfZxUBlIFcNmLJQ44acpOXYL/9fqqScZaD5cNndUG6DZTvSJCj8SQUZOjTs/V6wiElYikV592Cjsj+hgBwh0vKWokcN/JgfXYa3D7CmSsHVg8CZsfdW8EBPW65w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by
 MW4PR11MB5773.namprd11.prod.outlook.com (2603:10b6:303:180::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 27 Mar
 2025 13:23:47 +0000
Received: from DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8534.043; Thu, 27 Mar 2025
 13:23:47 +0000
From: Yi Zhao <yi.zhao@windriver.com>
To: yocto-patches@lists.yoctoproject.org
Subject: [meta-security][PATCH 4/5] sssd: upgrade 2.9.2 -> 2.10.2
Date: Thu, 27 Mar 2025 21:23:26 +0800
Message-Id: <20250327132327.3477926-4-yi.zhao@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250327132327.3477926-1-yi.zhao@windriver.com>
References: <20250327132327.3477926-1-yi.zhao@windriver.com>
X-ClientProxiedBy: SI1PR02CA0038.apcprd02.prod.outlook.com
 (2603:1096:4:1f6::15) To DS0PR11MB6399.namprd11.prod.outlook.com
 (2603:10b6:8:c8::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|MW4PR11MB5773:EE_
X-MS-Office365-Filtering-Correlation-Id: 81c21a20-8b1a-45cc-7756-08dd6d329af9
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?MDmsULso+3Uz0s/G1PwOchukQ7rMdQn?=
	=?utf-8?q?MEy05YtHankPrXbJtIaC7MWGH6K1RmQHjm0pcthbzi1xIaUOaKm6k4th4e5Llvmhx?=
	=?utf-8?q?apDMv13ENtNsp1L5F57b9st6l8BiV4qBT+5c23mjb9zPFbiDMZQeWpvvQR+6yVkUn?=
	=?utf-8?q?l/IFNsQt1fXtrzdijN1EKsiGN/Q2nUmpRNdDsuSe8yCn0W05c7UWXyFdt8S7z0fIr?=
	=?utf-8?q?ADWD9kB2EuJcZqeDzSpmnevM5cNljc0+tqT7E9c2c6p3TFv9Zp1tMoP/m+vRxZUu9?=
	=?utf-8?q?bgxQL95jZpn2IGC8GAow2+CRp+lUZf0YiTSq5RHHmuePUnuqcXKsvy/bH4dx6lohj?=
	=?utf-8?q?7jZ6t50LrAXr/Gh0gcvPu1BigrfB/R95nRio6n6So8JdVjFDK6sDK8GlTp19IiwJX?=
	=?utf-8?q?fiL6KjEUzIaAlfYypbnz5oxwGl3uP2ipDmKyvkj6TVQ12e6merJa/uWvrIQpwMdl+?=
	=?utf-8?q?zzygKa4OjRkVJi/Uc14HzqOQVLhmGeTfrTiZI4ujG+ybAkVIQ6UBuYJKqq8wRSSwr?=
	=?utf-8?q?SMGzgHQDeRe8lmrS9teFFPgPFy8lkPa4Tcvt2qiFFT7fyyKgfuGSEd6rx6amCDh4N?=
	=?utf-8?q?QlrZwprQYPq3g00XM72wzkJbd4CkgM+/3N7ZZzSS/xWi8u404B3DyQGc6tc9MSH8W?=
	=?utf-8?q?tuULRJi/BGgf00ri9RvX7Y2JjwCQ/0X2Z7kLU65gfNQGoO9u4GeanBbI18rCtgrmK?=
	=?utf-8?q?b98c/5g7oqTg9clKWv+Q3OyFVO3OZ1VFcAuIIWOjpx52qlkMjpt+5jyIWd87TbOIe?=
	=?utf-8?q?gO0SjCcJZuFfCfOWUxXgiTMzmNZr9F4Vp0qt8+eMGM+tWSz0kS+0uMe0k96sB4YPv?=
	=?utf-8?q?kGWvFtaHbIGv6smlCq9Zus+x2YLiNwfyy7Lc1o2C9brF1Wgr8fO8XKARTlrPw9rIj?=
	=?utf-8?q?LaKJ4JvSs7JxV3FMkPPXkfXlWHIK1ltGZrhcuL1FL9+hGtXhgqcFH2TbFf2phnNCB?=
	=?utf-8?q?cn350nDu8nXAK4A+thblJdVK2/tulJZsOrVuxRubqZk310QUo1AP2Ax5zPgJiz2wd?=
	=?utf-8?q?cTSIML0JbuaeFst3CF16yZNVC5VznbbPMQxCbg4qcMK53bHf/i8nlqoigc40NrMqG?=
	=?utf-8?q?pVBuYnuBZTZNdjY/efcAZtC4sKa1S0/CLM3l9wIUxj4RkvdiByfuSb61kx1QjinDV?=
	=?utf-8?q?tAgBc9dzxBBzMi5xMXyEpqCPDnC6SVxPhCXLx2cJHOo7sFYrnSaNTUXdOrsxWYYGe?=
	=?utf-8?q?GoBy02BcTO7k4quFCPXbHHk5LyWKghx4S6THsAmAlUNjkmLyHOjFcrtVrBBPLjJPw?=
	=?utf-8?q?KmOAsXt4muyq8QeR4/1AU9wNeBDZnIJkMrsBTePHEBiCgGq0W6b8iFetKtuL5JAbc?=
	=?utf-8?q?gcmkbr8B4m2N3pWmoiojVekkd+XqpA3+PQ=3D=3D?=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?8L1+8/zioZ0aKNX3lr6NC8xR3jtU?=
	=?utf-8?q?FVxownoChj6ZgHX2Hbgqe2IRhVjFHgBzi1KyWtuKPbbEhGD+Cwq478Mbapy9d/1t2?=
	=?utf-8?q?nI2jyNE7uBX0YNFijvbdI03NCr9UbAbeCEvh4gkhlXi4c3ro4t8MwvsHbMlTE7JOs?=
	=?utf-8?q?0Dp0yTKRZdaYz+RNfQkKmQ5ojHEWch0/ykEMJGVQZjHHr/aPgu9DUvTbNAFsi/v0k?=
	=?utf-8?q?wLqMhU/MhWE2SG6MRQwGoqOyiXQVI6eATepk5syfk0rMAT/JWrugaYiDkfD3HFiU6?=
	=?utf-8?q?Jz+q4vvUY005dcHLZY5vwjd3vyetkxw5b441V+kEG5jcS247zjaubGuDPH4dxs1xA?=
	=?utf-8?q?wQcMcnp/sbpsl84SVdoxdjmVBVSZdLl3Av9kLgCj6QLEpgAMf8aWMJNg6dnTb4yRq?=
	=?utf-8?q?Lr1DP5NToGmx+/kd0dTntmjO0oAZ9XZ2XWMxcvLQPQUJzBHVrtLz0XGVjbwl0HA+r?=
	=?utf-8?q?SKvO5Oyz3m7eUHtXVD2UxAnRjEb3iK1CnpIqmkX3FzojDJhQdPp4JLLt3oe71s91o?=
	=?utf-8?q?f3b817mDrbGkiMuUBllnInf0r5mpLJRTAe3DVKj70En4bl8JkjmSoTTez2AcqdjFt?=
	=?utf-8?q?YoBY5V3y+d4l/WKDr1OU37N64jCfp4S5h2Z4iA/160A/sZ+xk9S/+SqKYGna+uxY4?=
	=?utf-8?q?f8+67FkpBVOpRarZNidvrEOdIIwVuDsVn7NCAAgvmdNojXqcI2IuFp0z99+o5t0hM?=
	=?utf-8?q?W5miNgi2Nb5NJuFCrFbNCd+GtHZsbShaYwxAPcq40RDlTRRtWFtzqVO2Tob8w62NS?=
	=?utf-8?q?drX1VcAtQPpnUKVf8CDWSD/gYqbqM2Q2mlkEfFq3XbLTstNqMS2gPZ0uYaI1XGpE3?=
	=?utf-8?q?2HynnwNwl486En+I3yFJDrjNUedDUolyNAp6qBHhePhcJWES0cSrKSkoUh/Z9BwAv?=
	=?utf-8?q?2umieW0wAzscxCxUmE5c9MmZcRS4dNlwAVcVPc4s5s5bWTnVMuMeGwhUSYUCs7uQa?=
	=?utf-8?q?B3HFZethdqp9+zEjT7trAjQvMHV4WK66KCbWMsOFva6tRE4/0DPAoOBeWPGBpT4x5?=
	=?utf-8?q?zB0fTSEvGIBeUrkayoAmDAqEpjebiCDMYXrhGk5/RzIGPrWKO8SgNlukVqUA1Tbzg?=
	=?utf-8?q?xRwSaDWK13D4sNpFULLoGHg3jGAIs4me7yrV6KOCO5nU5mChvWeUej1udULuMJhrs?=
	=?utf-8?q?Kcgttu/+gKn1so2f6nm+6Tz0y9EPQbx2XxNOmP4o63u+blON/w5Tpn3YQZS3Njpve?=
	=?utf-8?q?LE7kndAyITXtHcaypHMZJZkxc0BP84c7uE0aTSHG+eRbRh94h13UXHJ+5p2H4H8Q7?=
	=?utf-8?q?lzsO5WfZGvvIGUe0/J8RZoCpCZ3kMTXQJzIfnn6AjcD+Yn3ZqltkIdhahgPPuLKF7?=
	=?utf-8?q?6Isj4qZqaMnXoaCl5zQ4yKW0qKr0pLHQKTpsP625w0GTeDcirvQIPXwQORIv5iAd8?=
	=?utf-8?q?6GXcBYzCiibMnHlFHz6ff1/wId9nNkqvTsaqucCkT2WXKw/vJdwdeBU56T5dQ/Iwo?=
	=?utf-8?q?FNWXnNHr9AXwiWqyT3rhrizeDUwYUVB/0TJNLQZ+X8Wk56YZ8nOny3fXBNQPBnPWL?=
	=?utf-8?q?+bkvsR3/KhYl?=
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 81c21a20-8b1a-45cc-7756-08dd6d329af9
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2025 13:23:47.5851
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 qOg3j339lbaNbb4JAa5ZfodAUhgjwjCjXlj87FIDahw/sFHQbfmNIQysMzFY5qn+0/sjF3bchPmQeC2VYWl+wg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5773
X-Proofpoint-ORIG-GUID: KHbl4Hau4Qd6Kmt1ZIAruw3wIZO_8hF0
X-Authority-Analysis: v=2.4 cv=etjfzppX c=1 sm=1 tr=0 ts=67e55166 cx=c_pps
 a=IwUfk5KXFkOzJxXNjnChew==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10
 a=Vs1iUdzkB0EA:10 a=H5OGdu5hBBwA:10 a=NEAV23lmAAAA:8 a=ArOQHuw0AAAA:8
 a=t7CeM3EgAAAA:8 a=20KFwNOVAAAA:8 a=2V6DY6BgAAAA:8 a=fk1lIlRQAAAA:8
 a=Uvb3nusRVCz4S-CZC-IA:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10
 a=DB1PmDU-bksA:10 a=sD7ozVhDsUP0bFIHhcxq:22
 a=FdTzh2GWekK77mhwV6Dw:22 a=ldqKKs2zR4t-S6fqr-1n:22 a=U75ogvRika4pmaD_UPO0:22
X-Proofpoint-GUID: KHbl4Hau4Qd6Kmt1ZIAruw3wIZO_8hF0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-03-27_01,2025-03-26_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 bulkscore=0 phishscore=0
 malwarescore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 suspectscore=0
 impostorscore=0 mlxlogscore=999 priorityscore=1501 spamscore=0
 clxscore=1015 classifier=spam authscore=0 authtc=n/a authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000
 definitions=main-2503270093
X-MIME-Autoconverted: from 8bit to quoted-printable by
 mx0a-0064b401.pphosted.com id 52RBcHI4031145
List-Id: <yocto-patches.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:59 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1269

ChangeLog:
https://github.com/SSSD/sssd/releases/tag/2.10.2

* Drop backport patches.
* Update sssd.conf and volatile files.
* Drop PACKAGECONFIG[infopipe] as it has been removed upstream.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../0001-sssctl-add-error-analyzer.patch      | 318 ------------------
 .../sssd/files/CVE-2023-3758.patch            | 219 ------------
 .../recipes-security/sssd/files/sssd.conf     |   3 +-
 .../sssd/files/volatiles.99_sssd              |   1 -
 .../sssd/{sssd_2.9.2.bb => sssd_2.10.2.bb}    |  36 +-
 5 files changed, 18 insertions(+), 559 deletions(-)
 delete mode 100644 dynamic-layers/networking-layer/recipes-security/sssd/files/0001-sssctl-add-error-analyzer.patch
 delete mode 100644 dynamic-layers/networking-layer/recipes-security/sssd/files/CVE-2023-3758.patch
 delete mode 100644 dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd
 rename dynamic-layers/networking-layer/recipes-security/sssd/{sssd_2.9.2.bb => sssd_2.10.2.bb} (84%)

diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/files/0001-sssctl-add-error-analyzer.patch b/dynamic-layers/networking-layer/recipes-security/sssd/files/0001-sssctl-add-error-analyzer.patch
deleted file mode 100644
index 6880405..0000000
--- a/dynamic-layers/networking-layer/recipes-security/sssd/files/0001-sssctl-add-error-analyzer.patch
+++ /dev/null
@@ -1,318 +0,0 @@
-Backport patch to fix interpreter of sss_analyze.
-
-Upstream-Status: Backport [https://github.com/SSSD/sssd/commit/ed3726c]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From ed3726c37fe07aab788404bfa2f9003db15f4210 Mon Sep 17 00:00:00 2001
-From: roy214 <abroy@redhat.com>
-Date: Tue, 25 Apr 2023 20:01:24 +0530
-Subject: [PATCH] sssctl: add error analyzer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Also removing unused variable and import.
-
-Reviewed-by: Justin Stephenson <jstephen@redhat.com>
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/tools/analyzer/Makefile.am        |  2 +
- src/tools/analyzer/modules/error.py   | 61 +++++++++++++++++++++++++++
- src/tools/analyzer/modules/request.py | 54 +++++-------------------
- src/tools/analyzer/sss_analyze        |  2 +-
- src/tools/analyzer/sss_analyze.py     |  3 ++
- src/tools/analyzer/util.py            | 44 +++++++++++++++++++
- 6 files changed, 121 insertions(+), 45 deletions(-)
- create mode 100644 src/tools/analyzer/modules/error.py
- create mode 100644 src/tools/analyzer/util.py
-
-diff --git a/src/tools/analyzer/Makefile.am b/src/tools/analyzer/Makefile.am
-index b40043d043..7692af8528 100644
---- a/src/tools/analyzer/Makefile.am
-+++ b/src/tools/analyzer/Makefile.am
-@@ -13,10 +13,12 @@ dist_pkgpython_DATA = \
-     source_reader.py \
-     parser.py \
-     sss_analyze.py \
-+    util.py \
-     $(NULL)
- 
- modulesdir = $(pkgpythondir)/modules
- dist_modules_DATA = \
-     modules/__init__.py \
-     modules/request.py \
-+    modules/error.py \
-     $(NULL)
-diff --git a/src/tools/analyzer/modules/error.py b/src/tools/analyzer/modules/error.py
-new file mode 100644
-index 0000000000..71173670c5
---- /dev/null
-+++ b/src/tools/analyzer/modules/error.py
-@@ -0,0 +1,61 @@
-+from sssd import util
-+from sssd.parser import SubparsersAction
-+from sssd import sss_analyze
-+
-+class ErrorAnalyzer:
-+    """
-+    An error analyzer module, list if there is any error reported by sssd_be
-+    """
-+    module_parser = None
-+    print_opts = []
-+
-+    def print_module_help(self, args):
-+        """
-+        Print the module parser help output
-+
-+        Args:
-+            args (Namespace): argparse parsed arguments
-+        """
-+        self.module_parser.print_help()
-+
-+    def setup_args(self, parser_grp, cli):
-+        """
-+        Setup module parser, subcommands, and options
-+
-+        Args:
-+            parser_grp (argparse.Action): Parser group to nest
-+               module and subcommands under
-+        """
-+        desc = "Analyze error check module"
-+        self.module_parser = parser_grp.add_parser('error',
-+                                                   description=desc,
-+                                                   help='Error checker')
-+
-+        subparser = self.module_parser.add_subparsers(title=None,
-+                                                      dest='subparser',
-+                                                      action=SubparsersAction,
-+                                                      metavar='COMMANDS')
-+
-+        subcmd_grp = subparser.add_parser_group('Operation Modes')
-+        cli.add_subcommand(subcmd_grp, 'list', 'Print error messages found in backend',
-+                           self.print_error, self.print_opts)
-+
-+        self.module_parser.set_defaults(func=self.print_module_help)
-+
-+        return self.module_parser
-+
-+    def print_error(self, args):
-+        err = 0
-+        utl = util.Utils()
-+        source = utl.load(args)
-+        component = source.Component.BE
-+        source.set_component(component, False)
-+        patterns = ['sdap_async_sys_connect request failed', 'terminated by own WATCHDOG',
-+            'ldap_sasl_interactive_bind_s failed', 'Communication with KDC timed out', 'SSSD is offline', 'Backend is offline',
-+            'tsig verify failure', 'ldap_install_tls failed', 's2n exop request failed']
-+        for line in utl.matched_line(source, patterns):
-+            err +=1
-+            print(line)
-+        if err > 0:
-+            print("For possible solutions please refer to https://sssd.io/troubleshooting/errors.html")
-+        return
-diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
-index d661dddb84..e4d5f060c7 100644
---- a/src/tools/analyzer/modules/request.py
-+++ b/src/tools/analyzer/modules/request.py
-@@ -1,6 +1,6 @@
- import re
- import logging
--
-+from sssd import util
- from sssd.parser import SubparsersAction
- from sssd.parser import Option
- 
-@@ -38,7 +38,6 @@ def print_module_help(self, args):
-     def setup_args(self, parser_grp, cli):
-         """
-         Setup module parser, subcommands, and options
--
-         Args:
-             parser_grp (argparse.Action): Parser group to nest
-                module and subcommands under
-@@ -63,42 +62,6 @@ def setup_args(self, parser_grp, cli):
- 
-         return self.module_parser
- 
--    def load(self, args):
--        """
--        Load the appropriate source reader.
--
--        Args:
--            args (Namespace): argparse parsed arguments
--
--        Returns:
--            Instantiated source object
--        """
--        if args.source == "journald":
--            from sssd.source_journald import Journald
--            source = Journald()
--        else:
--            from sssd.source_files import Files
--            source = Files(args.logdir)
--        return source
--
--    def matched_line(self, source, patterns):
--        """
--        Yield lines which match any number of patterns (OR) in
--        provided patterns list.
--
--        Args:
--            source (Reader): source Reader object
--        Yields:
--            lines matching the provided pattern(s)
--        """
--        for line in source:
--            for pattern in patterns:
--                re_obj = re.compile(pattern)
--                if re_obj.search(line):
--                    if line.startswith('   *  '):
--                        continue
--                    yield line
--
-     def get_linked_ids(self, source, pattern, regex):
-         """
-         Retrieve list of associated REQ_TRACE ids. Filter
-@@ -114,8 +77,9 @@ def get_linked_ids(self, source, pattern, regex):
-         Returns:
-             List of linked ids discovered
-         """
-+        utl = util.Utils()
-         linked_ids = []
--        for match in self.matched_line(source, pattern):
-+        for match in utl.matched_line(source, pattern):
-             id_re = re.compile(regex)
-             match = id_re.search(match)
-             if match:
-@@ -250,7 +214,8 @@ def list_requests(self, args):
-         Args:
-             args (Namespace):  populated argparse namespace
-         """
--        source = self.load(args)
-+        utl = util.Utils()
-+        source = utl.load(args)
-         component = source.Component.NSS
-         resp = "nss"
-         # Log messages matching the following regex patterns contain
-@@ -266,7 +231,7 @@ def list_requests(self, args):
-         if args.verbose:
-             self.print_formatted_verbose(source)
-         else:
--            for line in self.matched_line(source, patterns):
-+            for line in utl.matched_line(source, patterns):
-                 if type(source).__name__ == 'Journald':
-                     print(line)
-                 else:
-@@ -279,7 +244,8 @@ def track_request(self, args):
-         Args:
-             args (Namespace):  populated argparse namespace
-         """
--        source = self.load(args)
-+        utl = util.Utils()
-+        source = utl.load(args)
-         cid = args.cid
-         resp_results = False
-         be_results = False
-@@ -294,7 +260,7 @@ def track_request(self, args):
-         logger.info(f"******** Checking {resp} responder for Client ID"
-                     f" {cid} *******")
-         source.set_component(component, args.child)
--        for match in self.matched_line(source, pattern):
-+        for match in utl.matched_line(source, pattern):
-             resp_results = self.consume_line(match, source, args.merge)
- 
-         logger.info(f"********* Checking Backend for Client ID {cid} ********")
-@@ -307,7 +273,7 @@ def track_request(self, args):
-         pattern.clear()
-         [pattern.append(f'\\{id}') for id in be_ids]
- 
--        for match in self.matched_line(source, pattern):
-+        for match in utl.matched_line(source, pattern):
-             be_results = self.consume_line(match, source, args.merge)
- 
-         if args.merge:
-diff --git a/src/tools/analyzer/sss_analyze b/src/tools/analyzer/sss_analyze
-index 3f1beaf38b..6d4b5b30c6 100755
---- a/src/tools/analyzer/sss_analyze
-+++ b/src/tools/analyzer/sss_analyze
-@@ -1,4 +1,4 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python3
- 
- from sssd import sss_analyze
- 
-diff --git a/src/tools/analyzer/sss_analyze.py b/src/tools/analyzer/sss_analyze.py
-index 18b998f380..dafc84fc03 100644
---- a/src/tools/analyzer/sss_analyze.py
-+++ b/src/tools/analyzer/sss_analyze.py
-@@ -1,6 +1,7 @@
- import argparse
- 
- from sssd.modules import request
-+from sssd.modules import error
- from sssd.parser import SubparsersAction
- 
- 
-@@ -55,9 +56,11 @@ def load_modules(self, parser, parser_grp):
-         """
-         # Currently only the 'request' module exists
-         req = request.RequestAnalyzer()
-+        err = error.ErrorAnalyzer()
-         cli = Analyzer()
- 
-         req.setup_args(parser_grp, cli)
-+        err.setup_args(parser_grp, cli)
- 
-     def setup_args(self):
-         """
-diff --git a/src/tools/analyzer/util.py b/src/tools/analyzer/util.py
-new file mode 100644
-index 0000000000..2a8d153a71
---- /dev/null
-+++ b/src/tools/analyzer/util.py
-@@ -0,0 +1,44 @@
-+import re
-+import logging
-+
-+from sssd.source_files import Files
-+from sssd.source_journald import Journald
-+
-+logger = logging.getLogger()
-+
-+
-+class Utils:
-+
-+    def load(self, args):
-+        """
-+        Load the appropriate source reader.
-+
-+        Args:
-+            args (Namespace): argparse parsed arguments
-+
-+        Returns:
-+            Instantiated source object
-+        """
-+        if args.source == "journald":
-+            source = Journald()
-+        else:
-+            source = Files(args.logdir)
-+        return source
-+
-+    def matched_line(self, source, patterns):
-+        """
-+        Yield lines which match any number of patterns (OR) in
-+        provided patterns list.
-+
-+        Args:
-+            source (Reader): source Reader object
-+        Yields:
-+            lines matching the provided pattern(s)
-+        """
-+        for line in source:
-+            for pattern in patterns:
-+                re_obj = re.compile(pattern)
-+                if re_obj.search(line):
-+                    if line.startswith('   *  '):
-+                        continue
-+                    yield line
diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/files/CVE-2023-3758.patch b/dynamic-layers/networking-layer/recipes-security/sssd/files/CVE-2023-3758.patch
deleted file mode 100644
index 1e9fca5..0000000
--- a/dynamic-layers/networking-layer/recipes-security/sssd/files/CVE-2023-3758.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-From f4ebe1408e0bc67abfbfb5f0ca2ea13803b36726 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 8 Nov 2023 14:50:24 +0100
-Subject: [PATCH] ad-gpo: use hash to store intermediate results
-
-Currently after the evaluation of a single GPO file the intermediate
-results are stored in the cache and this cache entry is updated until
-all applicable GPO files are evaluated. Finally the data in the cache is
-used to make the decision of access is granted or rejected.
-
-If there are two or more access-control request running in parallel one
-request might overwrite the cache object with intermediate data while
-another request reads the cached data for the access decision and as a
-result will do this decision based on intermediate data.
-
-To avoid this the intermediate results are not stored in the cache
-anymore but in hash tables which are specific to the request. Only the
-final result is written to the cache to have it available for offline
-authentication.
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
-(cherry picked from commit d7db7971682da2dbf7642ac94940d6b0577ec35a)
-
-Upstream-Status: Backport [https://github.com/SSSD/sssd/commit/f4ebe1408e0bc67abfbfb5f0ca2ea13803b36726]
-CVE: CVE-2023-3758
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
-
----
- src/providers/ad/ad_gpo.c | 116 +++++++++++++++++++++++++++++++++-----
- 1 file changed, 102 insertions(+), 14 deletions(-)
-
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index 44e9cbb..cec0cb4 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -1317,6 +1317,33 @@ ad_gpo_extract_policy_setting(TALLOC_CTX *mem_ctx,
-     return ret;
- }
-
-+static errno_t
-+add_result_to_hash(hash_table_t *hash, const char *key, char *value)
-+{
-+    int hret;
-+    hash_key_t k;
-+    hash_value_t v;
-+
-+    if (hash == NULL || key == NULL || value == NULL) {
-+        return EINVAL;
-+    }
-+
-+    k.type = HASH_KEY_CONST_STRING;
-+    k.c_str = key;
-+
-+    v.type = HASH_VALUE_PTR;
-+    v.ptr = value;
-+
-+    hret = hash_enter(hash, &k, &v);
-+    if (hret != HASH_SUCCESS) {
-+        DEBUG(SSSDBG_OP_FAILURE, "Failed to add [%s][%s] to hash: [%s].\n",
-+                                 key, value, hash_error_string(hret));
-+        return EIO;
-+    }
-+
-+    return EOK;
-+}
-+
- /*
-  * This function parses the cse-specific (GP_EXT_GUID_SECURITY) filename,
-  * and stores the allow_key and deny_key of all of the gpo_map_types present
-@@ -1324,6 +1351,7 @@ ad_gpo_extract_policy_setting(TALLOC_CTX *mem_ctx,
-  */
- static errno_t
- ad_gpo_store_policy_settings(struct sss_domain_info *domain,
-+                             hash_table_t *allow_maps, hash_table_t *deny_maps,
-                              const char *filename)
- {
-     struct ini_cfgfile *file_ctx = NULL;
-@@ -1457,14 +1485,14 @@ ad_gpo_store_policy_settings(struct sss_domain_info *domain,
-                 goto done;
-             } else if (ret != ENOENT) {
-                 const char *value = allow_value ? allow_value : empty_val;
--                ret = sysdb_gpo_store_gpo_result_setting(domain,
--                                                         allow_key,
--                                                         value);
-+                ret = add_result_to_hash(allow_maps, allow_key,
-+                                         talloc_strdup(allow_maps, value));
-                 if (ret != EOK) {
--                    DEBUG(SSSDBG_CRIT_FAILURE,
--                          "sysdb_gpo_store_gpo_result_setting failed for key:"
--                          "'%s' value:'%s' [%d][%s]\n", allow_key, allow_value,
--                          ret, sss_strerror(ret));
-+                    DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add key: [%s] "
-+                                               "value: [%s] to allow maps "
-+                                               "[%d][%s].\n",
-+                                               allow_key, value, ret,
-+                                               sss_strerror(ret));
-                     goto done;
-                 }
-             }
-@@ -1484,14 +1512,14 @@ ad_gpo_store_policy_settings(struct sss_domain_info *domain,
-                 goto done;
-             } else if (ret != ENOENT) {
-                 const char *value = deny_value ? deny_value : empty_val;
--                ret = sysdb_gpo_store_gpo_result_setting(domain,
--                                                         deny_key,
--                                                         value);
-+                ret = add_result_to_hash(deny_maps, deny_key,
-+                                         talloc_strdup(deny_maps, value));
-                 if (ret != EOK) {
--                    DEBUG(SSSDBG_CRIT_FAILURE,
--                          "sysdb_gpo_store_gpo_result_setting failed for key:"
--                          "'%s' value:'%s' [%d][%s]\n", deny_key, deny_value,
--                          ret, sss_strerror(ret));
-+                    DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add key: [%s] "
-+                                               "value: [%s] to deny maps "
-+                                               "[%d][%s].\n",
-+                                               deny_key, value, ret,
-+                                               sss_strerror(ret));
-                     goto done;
-                 }
-             }
-@@ -1784,6 +1812,8 @@ struct ad_gpo_access_state {
-     int num_cse_filtered_gpos;
-     int cse_gpo_index;
-     const char *ad_domain;
-+    hash_table_t *allow_maps;
-+    hash_table_t *deny_maps;
- };
-
- static void ad_gpo_connect_done(struct tevent_req *subreq);
-@@ -1906,6 +1936,19 @@ ad_gpo_access_send(TALLOC_CTX *mem_ctx,
-         goto immediately;
-     }
-
-+    ret = sss_hash_create(state, 0, &state->allow_maps);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_FATAL_FAILURE, "Could not create allow maps "
-+              "hash table [%d]: %s\n", ret, sss_strerror(ret));
-+        goto immediately;
-+    }
-+
-+    ret = sss_hash_create(state, 0, &state->deny_maps);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_FATAL_FAILURE, "Could not create deny maps "
-+              "hash table [%d]: %s\n", ret, sss_strerror(ret));
-+        goto immediately;
-+    }
-
-     subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
-     if (subreq == NULL) {
-@@ -2725,6 +2768,43 @@ ad_gpo_cse_step(struct tevent_req *req)
-     return EAGAIN;
- }
-
-+static errno_t
-+store_hash_maps_in_cache(struct sss_domain_info *domain,
-+                         hash_table_t *allow_maps, hash_table_t *deny_maps)
-+{
-+    int ret;
-+    struct hash_iter_context_t *iter;
-+    hash_entry_t *entry;
-+    size_t c;
-+    hash_table_t *hash_list[] = { allow_maps, deny_maps, NULL};
-+
-+
-+    for (c = 0; hash_list[c] != NULL; c++) {
-+        iter = new_hash_iter_context(hash_list[c]);
-+        if (iter == NULL) {
-+            DEBUG(SSSDBG_OP_FAILURE, "Failed to create hash iterator.\n");
-+            return EINVAL;
-+        }
-+
-+        while ((entry = iter->next(iter)) != NULL) {
-+            ret = sysdb_gpo_store_gpo_result_setting(domain,
-+                                                     entry->key.c_str,
-+                                                     entry->value.ptr);
-+            if (ret != EOK) {
-+                free(iter);
-+                DEBUG(SSSDBG_OP_FAILURE,
-+                      "sysdb_gpo_store_gpo_result_setting failed for key:"
-+                      "[%s] value:[%s] [%d][%s]\n", entry->key.c_str,
-+                      (char *) entry->value.ptr, ret, sss_strerror(ret));
-+                return ret;
-+            }
-+        }
-+        talloc_free(iter);
-+    }
-+
-+    return EOK;
-+}
-+
- /*
-  * This cse-specific function (GP_EXT_GUID_SECURITY) increments the
-  * cse_gpo_index until the policy settings for all applicable GPOs have been
-@@ -2766,6 +2846,7 @@ ad_gpo_cse_done(struct tevent_req *subreq)
-      * (as part of the GPO Result object in the sysdb cache).
-      */
-     ret = ad_gpo_store_policy_settings(state->host_domain,
-+                                       state->allow_maps, state->deny_maps,
-                                        cse_filtered_gpo->policy_filename);
-     if (ret != EOK && ret != ENOENT) {
-         DEBUG(SSSDBG_OP_FAILURE,
-@@ -2779,6 +2860,13 @@ ad_gpo_cse_done(struct tevent_req *subreq)
-
-     if (ret == EOK) {
-         /* ret is EOK only after all GPO policy files have been downloaded */
-+        ret = store_hash_maps_in_cache(state->host_domain,
-+                                       state->allow_maps, state->deny_maps);
-+        if (ret != EOK) {
-+            DEBUG(SSSDBG_OP_FAILURE, "Failed to store evaluated GPO maps "
-+                                     "[%d][%s].\n", ret, sss_strerror(ret));
-+            goto done;
-+        }
-         ret = ad_gpo_perform_hbac_processing(state,
-                                              state->gpo_mode,
-                                              state->gpo_map_type,
---
-2.25.1
diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf b/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf
index 1e8b537..2c9c6fc 100644
--- a/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf
+++ b/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf
@@ -7,7 +7,8 @@ domains = shadowutils
 [pam]
 
 [domain/shadowutils]
-id_provider = files
+id_provider = proxy
+proxy_lib_name = files
 
 auth_provider = proxy
 proxy_pam_target = sssd-shadowutils
diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd b/dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd
deleted file mode 100644
index 2a82413..0000000
--- a/dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd
+++ /dev/null
@@ -1 +0,0 @@
-d root root 0750 /var/log/sssd none
diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb
similarity index 84%
rename from dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb
rename to dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb
index f35d0c8..0ed62b8 100644
--- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.9.2.bb
+++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb
@@ -18,16 +18,13 @@ DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'nss', '', \
 
 SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/${BP}.tar.gz \
            file://sssd.conf \
-           file://volatiles.99_sssd \
            file://no_gen.patch \
            file://fix_gid.patch \
            file://drop_ntpdate_chk.patch \
            file://fix-ldblibdir.patch \
            file://musl_fixup.patch \
-           file://0001-sssctl-add-error-analyzer.patch \
-           file://CVE-2023-3758.patch \
            "
-SRC_URI[sha256sum] = "827bc65d64132410e6dd3df003f04829d60387ec30e72b2d4e22d93bb6f762ba"
+SRC_URI[sha256sum] = "e8aa5e6b48ae465bea7064048715ce7e9c53b50ec6a9c69304f59e0d35be40ff"
 
 UPSTREAM_CHECK_URI = "https://github.com/SSSD/${BPN}/releases"
 
@@ -42,24 +39,23 @@ CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \
     ac_cv_prog_HAVE_PYTHON3=yes \
     "
 
-PACKAGECONFIG ?= "nss autofs sudo infopipe"
+PACKAGECONFIG ?= "nss autofs sudo"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
 PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
 
 PACKAGECONFIG[autofs] = "--with-autofs, --with-autofs=no"
 PACKAGECONFIG[crypto] = ", , libcrypto"
 PACKAGECONFIG[curl] = "--with-kcm, --without-kcm, curl jansson"
-PACKAGECONFIG[infopipe] = "--with-infopipe, --with-infopipe=no, "
 PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no, libxslt-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native"
 PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl"
 PACKAGECONFIG[nss] = ", ,nss,"
 PACKAGECONFIG[oidc_child] = "--with-oidc-child, --without-oidc-child"
 PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings python3dir=${PYTHON_SITEPACKAGES_DIR}, python3-setuptools-native"
 PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba"
-PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux"
+PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no, libselinux"
 PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, "
 PACKAGECONFIG[sudo] = "--with-sudo, --with-sudo=no, "
-PACKAGECONFIG[systemd] = "--with-initscript=systemd,--with-initscript=sysv,,python3-systemd"
+PACKAGECONFIG[systemd] = "--with-initscript=systemd --with-systemdunitdir=${systemd_system_unitdir} --with-systemdconfdir=${sysconfdir}/systemd/system, --with-initscript=sysv,,python3-systemd"
 
 EXTRA_OECONF += " \
     --disable-cifs-idmap-plugin \
@@ -68,11 +64,11 @@ EXTRA_OECONF += " \
     --without-python2-bindings \
     --enable-pammoddir=${base_libdir}/security \
     --with-xml-catalog-path=${STAGING_ETCDIR_NATIVE}/xml/catalog \
-    --with-pid-path=/run \
+    --with-pid-path=/run/sssd \
     --with-os=fedora \
 "
 
-do_configure:prepend() {
+do_configure:prepend () {
     mkdir -p ${AUTOTOOLS_AUXDIR}/build
     cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${AUTOTOOLS_AUXDIR}/build/
 
@@ -84,6 +80,7 @@ do_compile:prepend () {
      sed -i -e "s/__useconds_t/useconds_t/g" ${S}/src/tools/tools_mc_util.c
      echo '#define NSUPDATE_PATH "${bindir}"' >> ${B}/config.h
 }
+
 do_install () {
     oe_runmake install  DESTDIR="${D}"
     rmdir --ignore-fail-on-non-empty "${D}/${bindir}"
@@ -99,12 +96,14 @@ do_install () {
 
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
         install -d ${D}${sysconfdir}/tmpfiles.d
-        echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf
+        echo "d /var/log/sssd 0750 ${SSSD_UID} ${SSSD_GID} - -" > ${D}${sysconfdir}/tmpfiles.d/sssd.conf
+        echo "d /run/sssd 0750 ${SSSD_UID} ${SSSD_GID} - -" >> ${D}${sysconfdir}/tmpfiles.d/sssd.conf
     fi
 
     if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
         install -d ${D}${sysconfdir}/default/volatiles
-        echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
+        echo "d ${SSSD_UID}:${SSSD_GID} 0750 ${localstatedir}/log/sssd none" > ${D}${sysconfdir}/default/volatiles/99_sssd
+        echo "d ${SSSD_UID}:${SSSD_GID} 0750 ${localstatedir}/run/sssd none" >> ${D}${sysconfdir}/default/volatiles/99_sssd
     fi
 
     if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then
@@ -112,15 +111,13 @@ do_install () {
     fi
 
     # Remove /run as it is created on startup
-    rm -rf ${D}/run
-
-    rm -f ${D}${systemd_system_unitdir}/sssd-secrets.*
+    rm -rf ${D}/run ${D}/var/run
 }
 
 pkg_postinst_ontarget:${PN} () {
-if [ -e /etc/init.d/populate-volatile.sh ] ; then
-    ${sysconfdir}/init.d/populate-volatile.sh update
-fi
+    if [ -e /etc/init.d/populate-volatile.sh ] ; then
+        ${sysconfdir}/init.d/populate-volatile.sh update
+    fi
     chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
 }
 
@@ -131,12 +128,11 @@ INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
 SYSTEMD_SERVICE:${PN} = " \
     ${@bb.utils.contains('PACKAGECONFIG', 'autofs', 'sssd-autofs.service sssd-autofs.socket', '', d)} \
     ${@bb.utils.contains('PACKAGECONFIG', 'curl', 'sssd-kcm.service sssd-kcm.socket', '', d)} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'infopipe', 'sssd-ifp.service ', '', d)} \
     ${@bb.utils.contains('PACKAGECONFIG', 'ssh', 'sssd-ssh.service sssd-ssh.socket', '', d)} \
     ${@bb.utils.contains('PACKAGECONFIG', 'sudo', 'sssd-sudo.service sssd-sudo.socket', '', d)} \
+    sssd-ifp.service \
     sssd-nss.service \
     sssd-nss.socket \
-    sssd-pam-priv.socket \
     sssd-pam.service \
     sssd-pam.socket \
     sssd.service \

From patchwork Thu Mar 27 13:23:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yi Zhao <yi.zhao@windriver.com>
X-Patchwork-Id: 60075
Return-Path: <yi.zhao@eng.windriver.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 879C3C36010
	for <webhook@archiver.kernel.org>; Thu, 27 Mar 2025 13:23:59 +0000 (UTC)
Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com
 [205.220.178.238])
 by mx.groups.io with SMTP id smtpd.web11.49724.1743081831548500915
 for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 06:23:51 -0700
Authentication-Results: mx.groups.io;
 dkim=none (message not signed);
 spf=permerror,
 err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}:
 invalid domain name (domain: windriver.com, ip: 205.220.178.238,
 mailfrom: prvs=5181a5ef2b=yi.zhao@windriver.com)
Received: from pps.filterd (m0250812.ppops.net [127.0.0.1])
	by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 52RBcHI5031145
	for <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:50 GMT
Received: from nam10-bn7-obe.outbound.protection.outlook.com
 (mail-bn7nam10lp2046.outbound.protection.outlook.com [104.47.70.46])
	by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 45hm68nxb2-2
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <yocto-patches@lists.yoctoproject.org>;
 Thu, 27 Mar 2025 13:23:50 +0000 (GMT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=UDsT5B/Htx4YD2ha6AkQcOJyV8vnzNOos1Z6cJUgycVzopr7KuOwYHEKSzR1mBetZjW+kwSDU+JB6xr8X4HhhjE4oDf/XNd44a8m4dXD54MeMP42owhlkQEzet5qsjJuT5wXhyDjIIW0t07faPNg5Vvdll1tWmWUi641rJ72DPMlYi/fQogLmhsRdMdLyXKQ7Mc6d56pUf7sfZ6g9B9WmesXrnk5qGhBDJxfPryvLOw7VJuy6M82cSFXfiWyyNwz2XhY3MFlk575Yx3fZ7uQANdDiPoPkohRGkNOlZc6rV9YL1NEWMReQKibB8hTxN/2lnlpEzVdqpBwLsICDq+mcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=UZ4sFJsC0lqqfH4btLZ5O1AuRQb+cHct5JVeXp/EaFg=;
 b=PfBAW3u8J+q7ujw8c7jXYKIrDy7xl5XLLRSFAjViwKy2Hzs5HsB8eSSquRwUKUPGDMjIlCfIn//xGaBE/eBkFfFdFj85WZ6YzpRoNYxjpzE5jyVhatKXRP3NrfMGbXo7yW1Zp84T/3Hw6nt05lwbivRsz0eEnPpwfJUMBh5vfq0mkxX0lQRrW3rDkl0KLAcXFCBtLjCoCWlP+fLSuNr/M8YpkgTGEGdfnZ6k5grCDxutdjWXqz45+OmfL8lwjkMP6cCavFoCyJV9jhHZIQcVQTly+MisVu31miR0ZYvX6IdhAyL3lD8PkXOt9MleXJoCBypT9PhOQV48uK3VKmkmbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by
 MW4PR11MB5773.namprd11.prod.outlook.com (2603:10b6:303:180::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Thu, 27 Mar
 2025 13:23:49 +0000
Received: from DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com
 ([fe80::2b44:787c:e7ee:bfad%5]) with mapi id 15.20.8534.043; Thu, 27 Mar 2025
 13:23:48 +0000
From: Yi Zhao <yi.zhao@windriver.com>
To: yocto-patches@lists.yoctoproject.org
Subject: [meta-security][PATCH 5/5] sssd: enable unprivileged service user
 feature
Date: Thu, 27 Mar 2025 21:23:27 +0800
Message-Id: <20250327132327.3477926-5-yi.zhao@windriver.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250327132327.3477926-1-yi.zhao@windriver.com>
References: <20250327132327.3477926-1-yi.zhao@windriver.com>
X-ClientProxiedBy: SI1PR02CA0038.apcprd02.prod.outlook.com
 (2603:1096:4:1f6::15) To DS0PR11MB6399.namprd11.prod.outlook.com
 (2603:10b6:8:c8::5)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|MW4PR11MB5773:EE_
X-MS-Office365-Filtering-Correlation-Id: f6287994-bb50-4ebc-e09a-08dd6d329bdc
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014;
X-Microsoft-Antispam-Message-Info: 
 4Scqgr3v4AHDJFFQuQwGxoj//1U46vCPJLGufGjT24f6p/PNeCoE/DqjP59AC/psC2bG62oYD2hKNihd0/XHFNnVsSPgGwfrqETe5VywJhSwSygoAmfTchCYSNfvzgdqLJBXEOLuN5hWw5cDy8huEQFfAKHVFwapzL2RMXAA/dG4Zo4VYSB2wIC+ukBtaN3Frk1Av4nEBwYBm4S12iC1201NroVfHjYP81f9dJmN1OMDU3m8t2IAhbZBeo/wXhkYQ4aXfJZviGU2/SD2LOVX9MzhDBVRYqTfWj+TWNm/UDqMv4b0gIOKdBMhBvvH24jiyPtoSXXeufpxCT5fuCpJgYVtdhukh0qvriVdTAQymIMqVd97YF1suFZ8gN5ab8yF55vg1AECOPtkeEqj18UXTHW7ztLK9CuOdgnjdVv9m4AXmKDxaUqKAcLCXmvTG0GZHN7MlFKFH+vT7EECo73/3vnc9SorGbtwySOdp8Q44qn0Aai6YMpfTlk47xGe6gT0HG63/fx7E1xdGQEgEADu2S3l28CzoOQhcfbCXTy6TI5nioH3KtNPSbahj2MJrX+pdJiMpwhzaXRsm2D4Lyb24jayy1hK87xkWsxnDCtc2lvjPCEnnx2HabIMnoKerkNugtI8JvK7AzgSNYLbx0VCmOBmpBpGnxq7MhdKw9ErOWLeNpWoKrfKtWxYpMtMVK4qhDWlWCtLwH2AMFZKsC+wLiGHRijX9JdERlnTOjJApOsCe77qy0fcS+9POxMKzK+G2PJhKHMc1S/TumB4XbUd/JwS352g+GlWxSirb6klStJ47zM5NgqHPOiuQDe7r6OEs5YGv7jK/zvzloS6L+fsM5jgviPRIInJ9kATQeWX5/AVp4ZjTBaE0k7TQmUHSz50bOrukMlfA6kxHEPyeU9HyVUxIOhwhfiMZ11/EfldtSb5v1dleCXTExgJ4fzGJpwFn1cVowTct/+KL6RVw5XvSd6t3OQSA3W4mi0nnWI87FbRZ1gUimR4cRDUSNpJd48t1Ef6SBs/rRVqvkYAwvhf8+IzVRVgURLRWgPy9Rrt2EoJKmVwMR8x8mK8hHgIC/gH0c9KrJ8nUgqawjVsb1IwbaieqrKKnE+9WLoXQSsc8bt3B0uSb+vYfaywDXrijuTEg3/k6pVBfZc6Whz39aAQXOdskhi1eFG1s8xKaEmU+AteBLOTi7YEn7lqYoEueisSDlKm5u7+FUw7crTBspLpurYVsawuPO82tZQ4c+rjKmzrklFB7Kzb4+OsTuYchKQ0irKKXSISy1khPkttQimgRT8Sa7J7HgwdEDSIFvyli2MPYrfUt3xyOxwUjA4yPA/+ktXwiHuVkNz6d8OFmTGrsMF1aVZMqOT7R3BeE5FENKDAY8SAFQ9lDitpR8vTqQoCjskaKNRfkNvPXZ+qpNx9ycNgGFfoel26CJ0cmxrn/8LxPlbsKii7Bj9g29ei7GQa
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 f0YeO5mm/Wllv8aT3FqrAauvNywo3xcV1u1C3ZUG3X137g7/w+G3QyrtEYfh3z8X9TYrpHzRRw4fs+Gfx0unU3wUE06ongx+qJDkCQM7RGGXFM0ApMRfZxzAgQmTD8pSC3/3XJqPAoRJqq/lkcnRMGRJGb6d3z19vXn6Lbf5KmUHO6vlDh2x5jJi/rscmORMNeypdiYWMgeUSktGqy2hWS7E1u7t8zNbxgA7ITK9zO6WQj/PFN5Sd1qJdKRXRUuECtSLdVz4E6jjTflmlXb1iLcJA36BEiQYiHCmC7BePvPijI9fgAzpCF5d525d+ham8vqURxKwG62rYF8ZxntZw88nsRWrAEfcoc6Knie7nBpRqYMS5tD8HsuvzVvqNo5Zp2wn10mEYgdYPMj2MZ7BzzPr/6jKrgHZTHRp0d5F2aBTVzpFNSUPrOe1fYE3VkDkaFSV4Vy6og7KhrdXhieNdxkOfgRkemeaEe2VDzFB8zBmVLK9xMZyVrE/8bDzO6j/uD0em3MJv6gr9ZsCyvR9S9Y8hDlHOiwCPByEzro7l5nStqC/tWmROS/+zU8nYI8RCSHcbZczoJKQX+Jp25CHZNDkQEwahXFvEOtD+2UKyNaMOtK11InksnYzZrDZNAFqarf3pOzMLYjWBHqsHmisApvExw30anN1xDBFyXCo/0GnegoNjUDcK/sZ53x+gMIdTbzSP4YFNrBa7QyiNP0wWntSWp9I5i9t4i5JsgYJ1pZqwS83gLeCm/gMUPs1eSrhIfcMV+1t3aZKJNYnKnH4eul7Brk+F/1Tfap8c0lkE+LWS0zEvVDuubxuHrHLWnYEbz0fK1UmEGY/Y9pKMW8MFjovDi8DPE8NdnU3NTssoxQ8yhVo3veN9+9yu0F67Fs15RcPczZk6nHqf5XXLGtVCQCjY3hmzlfylL1TN8la+w1bIed4MFGa3MZ1qVatzvmn/IFAI90jtpeCoq1UAwhL8Lukhp3lFLuUaLvGP50zoNVoeGp4Bpo6HxxAxfkwwPgUi0EXwGnGUXP7VjcWfm++k4RrWquEk5TcxUOIKRfBzqP/lMX/5fUfynA0WxkxGfLdllfegWG2bxycKN0VdxZrMJwNGsJ+cOnBGJrDojuA4j7DH9c6ByPc+/NdAXKnI7u0shj+HXBcG+AsNG0WF7U+jf8lMro9Mjt9AxdFAGslXz7uxzPq5NWOqpkloGhAfgbUCKoQlclR8inPOdM3mccu6p99eOiogSTTm7rNS3F7DwVJMTBVANN0pGAekNTBjktSX+/T5tqcdaqAW+5cz6n4AsqEaWpytdxQK8QfW2e0bgji+9njPHAyfwxMDPCZr6hP1G7UcQEBVvteeAxlgoet0IlcsyMdGH65rutaR5lxq0LJQiLjYBlJElCW0nK+/5FUdbVQPDNtkdAYH49uYvVdVDFkunwGpr65J2q1GWNc9FN5816CRuimoBumD6u1m1G6mibawxfd/Kz4JfmJ3+luBbnf3qY54XDxPj9bwGjR1cykCV5h/nQicrMXT747aJtx6JGhfdqX31zYJTzHgpL6Xp/jfSkEJKb8hhyX58034h0cOalPB0rprhTR0Sswe26z
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f6287994-bb50-4ebc-e09a-08dd6d329bdc
X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2025 13:23:48.9065
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 6Bs9OJLSJQizdtF8kzZFXAMr4i0vX6aDRJV//9FH9+aYJbRQAU6bdSFM+yn52Fz9vFWo5wBQ+8dku7s/Q+F7DA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR11MB5773
X-Proofpoint-ORIG-GUID: nma4fSNxOM7nV58uhmuKz9909Il5MoQE
X-Authority-Analysis: v=2.4 cv=etjfzppX c=1 sm=1 tr=0 ts=67e55166 cx=c_pps
 a=IwUfk5KXFkOzJxXNjnChew==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19
 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19
 a=xqWC_Br6kY4A:10 a=Vs1iUdzkB0EA:10
 a=H5OGdu5hBBwA:10 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=YqaM2oRP_DgEIVZAgjEA:9
 a=FdTzh2GWekK77mhwV6Dw:22
X-Proofpoint-GUID: nma4fSNxOM7nV58uhmuKz9909Il5MoQE
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2025-03-27_01,2025-03-26_02,2024-11-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 bulkscore=0 phishscore=0
 malwarescore=0 lowpriorityscore=0 mlxscore=0 adultscore=0 suspectscore=0
 impostorscore=0 mlxlogscore=999 priorityscore=1501 spamscore=0
 clxscore=1015 classifier=spam authscore=0 authtc=n/a authcc=
 route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000
 definitions=main-2503270093
List-Id: <yocto-patches.lists.yoctoproject.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <yocto-patches@lists.yoctoproject.org>; Thu, 27 Mar 2025 13:23:59 -0000
X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/1270

The unprivileged service user feature has been improved in 2.10 to allow
running the sssd service as an unprivileged user [1]. So enable this
feature, and then we can run the service as the unprivileged user sssd.

[1] https://github.com/SSSD/sssd/releases/tag/2.10.0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../recipes-security/sssd/sssd_2.10.2.bb           | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb
index 0ed62b8..b02710e 100644
--- a/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb
+++ b/dynamic-layers/networking-layer/recipes-security/sssd/sssd_2.10.2.bb
@@ -28,12 +28,16 @@ SRC_URI[sha256sum] = "e8aa5e6b48ae465bea7064048715ce7e9c53b50ec6a9c69304f59e0d35
 
 UPSTREAM_CHECK_URI = "https://github.com/SSSD/${BPN}/releases"
 
-inherit autotools pkgconfig gettext python3native features_check systemd
+inherit autotools pkgconfig gettext python3native features_check systemd useradd
 
 REQUIRED_DISTRO_FEATURES = "pam"
 
-SSSD_UID ?= "root"
-SSSD_GID ?= "root"
+SSSD_UID ?= "sssd"
+SSSD_GID ?= "sssd"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system sssd"
+USERADD_PARAM:${PN} = "--system --home /run/sssd --no-create-home -g sssd --shell /sbin/nologin sssd"
 
 CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \
     ac_cv_prog_HAVE_PYTHON3=yes \
@@ -66,6 +70,7 @@ EXTRA_OECONF += " \
     --with-xml-catalog-path=${STAGING_ETCDIR_NATIVE}/xml/catalog \
     --with-pid-path=/run/sssd \
     --with-os=fedora \
+    --with-sssd-user=sssd \
 "
 
 do_configure:prepend () {
@@ -87,6 +92,7 @@ do_install () {
 
     install -d ${D}/${sysconfdir}/${BPN}
     install -m 600 ${UNPACKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN}
+    chown -R root:${SSSD_GID} ${D}/${sysconfdir}/${BPN}
 
     # /var/log/sssd needs to be created in runtime. Use rmdir to catch if
     # upstream stops creating /var/log/sssd, or adds something else in
@@ -118,7 +124,6 @@ pkg_postinst_ontarget:${PN} () {
     if [ -e /etc/init.d/populate-volatile.sh ] ; then
         ${sysconfdir}/init.d/populate-volatile.sh update
     fi
-    chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
 }
 
 CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf"
@@ -146,6 +151,7 @@ FILES:${PN} += "${base_libdir}/security/pam_sss*.so  \
                 ${nonarch_libdir}/tmpfiles.d \
                 ${datadir}/dbus-1/system.d/*.conf \
                 ${datadir}/dbus-1/system-services/*.service \
+                ${datadir}/polkit-1/* \
                 ${libdir}/krb5/* \
                 ${libdir}/ldb/* \
                 ${PYTHON_SITEPACKAGES_DIR}/sssd \