mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-06-02 01:20:29 +00:00
Code Issues Projects Releases Wiki Activity
1,734 Commits 40 Branches 0 Tags
18c343e92eb815c9ce0d7401c9d48c70baef7aaa
Commit Graph

1734 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kai Kang e88df73267 sssd: 2.5.1 -> 2.5.2 
SSSD 2.5.2 Highlights
* General information
  - originalADgidNumber attribute in the SSSD cache is now indexed

* New features
  - Debug messages in data provider include a unique request ID that can
    be used to track the request from its start to its end (requires
    libtevent >= 0.11.0)

* Important fixes
  - Update large files in the files provider in batches to avoid timeouts

* Configuration changes
  - Add new config option fallback_to_nss

Full release notes:
* https://sssd.io/release-notes/sssd-2.5.2.html

And backport patch to fix CVE-2021-3621.

CVE: CVE-2021-3621

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-09-10 07:23:00 -07:00
Christer Fletcher e0fca90835 dm-verity-img.bbclass: Expose --data-block-size for configuration 
Add DM_VERITY_IMAGE_DATA_BLOCK_SIZE to be able to set the
--data-block-size used in veritysetup. Tuning this value effects the
performance and size of the resulting image.

Signed-off-by: Christer Fletcher <christer.fletcher@inter.ikea.com>
Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-09-06 15:53:00 -07:00
George Liu 1f18c623e9 meta: Fix typos 
Fix the variable spelling errors
s/SKIP_META_SECUIRTY_SANITY_CHECK/SKIP_META_SECURITY_SANITY_CHECK

Signed-off-by: George Liu <liuxiwei@inspur.com>
Acked-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-29 08:59:29 -07:00
Armin Kuster 2c7b75c95e kas: remove rust layers 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-27 07:27:49 -07:00
Armin Kuster 867524aa50 harden-image-minimal: fix useradd inherit 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:46:00 -07:00
Armin Kuster 5b49cc551d layer.conf: drop meta-rust 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:45:14 -07:00
Armin Kuster d526f80234 layer.conf: drop dynamic-layer 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:45:14 -07:00
Armin Kuster 818a8646a6 suricata: rust is in core 
drop dynamic-layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:45:14 -07:00
Armin Kuster 06bc20c07a krill: Rust is in core now 
drop dynamic-layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:45:14 -07:00
Armin Kuster a23ceefd6f dm-verity-img.bbclass: more overided fixups 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:45:04 -07:00
Daiane Angolini ab90741aa2 meta-integrity: kernel-modsign: Change weak default value 
Assign a weak default value for MODSIGN_KEY_DIR so the other layers can
set a default value for them as well.

Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:43:35 -07:00
Marta Rybczynska c71c237d51 README: fix mailing lists and a typo 
A number of typo fixes:
- tmp->tpm in the DISTRO_FEATURES
- update the mailing list address as it was out of date
- update the distro name in the subject

Signed-off-by: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:43:27 -07:00
Marta Rybczynska 8974d695ef README: fix mailing lists 
The address included in the meta-hardening documentation
does not work and was changed in other places in 2019.

Signed-off-by: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:43:19 -07:00
Armin Kuster b6d5cac306 kas: fix DISTRO appends 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:37:34 -07:00
Armin Kuster 57470052b0 kas-security-bas: bump conf value 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:37:18 -07:00
Armin Kuster 8fe88fe8d5 cryfs: add new package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:36:55 -07:00
Armin Kuster c885d399cd packagegroup-core-security.bb: only include suricat-ptest if rust is included 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Martin Jansa 68be8afc6b layer.conf: Update to honister 
This marks the layers as compatible with honister now they use the new override
syntax.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster b206ba59db kas: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster 01399d19d0 dynamix-layers: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster d11b2079f3 meta-security-compliance: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster 90fe17c347 meta-parsec: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster 119cabaf29 meta-security-isafw: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster 352e6498a4 meta-hardening: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster b8554aae23 meta-integrity: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster c7632b927c meta-tpm: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster 11a67b861a meta-security: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster d3a484abf8 clamav: fix branch name and update 
They dropped the dev branch for rel. Update to tip.
Refresh patches

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster 8db7c65832 krill: Add new pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster 32dacb1f8d gitlab-ci.yml: streamline builds matrix 
drop ppc32 builds
drop multi builds

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster f447658731 packagegroup-core-security.bb: fix suricat-ptest inclusion 
drop libseccomp ptest

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster c1714b299c crowdsec: add pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster 9cceed4cdb add meta-rust 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster 7a1691c037 suricata: Drop 4.1.x its EOL 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster 7dcf98aa9b suricata.inc: exclude ppc in rust version 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Anton Antonov 152cdb506b Do not use clang toolchain in Parsec recipes 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-17 05:47:44 -07:00
Armin Kuster e161900985 tpm-tools: fix build issue 
This error occurs randomly.
/bin/bash: pod2man: command not found

[Yocto #14304]

minor space/tab cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cc: Ben <koncept1@gmail.com>
 2021-07-10 05:16:52 -07:00
Armin Kuster 2fbaa47803 .gitlab-ci.yml: fix qemux86 musl order 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-10 05:16:52 -07:00
Yi Zhao cab0c7d343 apparmor: use its own initscript and service files 
Use initscript and service files provided by apparmor.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-07-10 05:16:52 -07:00
Yi Zhao 366bd7026f apparmor: upgrade 3.0 -> 3.0.1 
Drop backport patches:
  0001-apparmor-fix-manpage-order.patch
  0001-libapparmor-add-missing-include-for-socklen_t.patch
  0002-libapparmor-add-aa_features_new_from_file-to-public-.patch
  0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch
  0001-aa_status-Fix-build-issue-with-musl.patch
  0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-07-10 05:16:26 -07:00
Armin Kuster 5fbf2b8b7f kas/kas-security-alt.yml: add meta-rust 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-06 22:21:47 -07:00
Armin Kuster e7a4fb09c4 suricata: update to 6.0.3 
add new crates
minor cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-06 22:10:19 -07:00
Armin Kuster aa84cc36dc sssd: update to 2.5.1 
See full change log: https://sssd.io/release-notes/sssd-2.5.1.html

Including a musl build work around

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-04 10:59:17 -07:00
Armin Kuster be53d1a467 initramfs-framework: rename files dir 
Fixes:
ERROR: initramfs-framework-1.0-r4 do_fetch: Fetcher failure for URL: 'file://dmverity'. Unable to fetch URL from any source.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster 8f313d951c packagegroup-core-security: add sshguard 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster 1ec2783d62 ssshgaurd: add packaage 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster 54186fc738 initramfs-framework: fix typo in conditional 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Sekine Shigeki 46f7e7acbe smack: add 3 cves to allowlist 
CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 are not for smack of smack-team(https://github.com/smack-team/smack) but other project.

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00
Federico Pellegrin fcd4a8bbf6 aircrack-ng: update to 1.6 
Signed-off-by: Federico Pellegrin <fede@evolware.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00
Kai Kang 94aa6efec6 sssd: add fix-ldblibdir.patch back 
The patch fix-ldblibdir.patch has been dropped when update sssd to
2.5.0. But it fails to start sssd without this patch. So add it back.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00