configure: error: installation or configuration problem: C compiler cannot create executables.
| NOTE: The following config.log files may provide further information.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
A race condition flaw was found in sssd where the GPO policy is
not consistently applied for authenticated users. This may lead
to improper authorization issues, granting or denying access to
resources inappropriately.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3758
Upstream-patch:
f4ebe1408e
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upstream-Status: Backport from [aab7f35c76, a753cdbe84, c82fa5ca0d, 2bd3bd0e31]
CVE's Fixed:
CVE-2024-37151 suricata: suricata: packet reassembly failure, which can lead to policy bypass
CVE-2024-38534 suricata: suricata: Crafted modbus traffic can lead to unlimited resource accumulation within a flow
CVE-2024-38535 suricata: Suricata: can run out of memory when parsing crafted HTTP/2 traffic
CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix typo: remdediate_service -> remediate_service
* No need to manually install oscap-remediate.service, as it is already
installed when ENABLE_OSCAP_REMEDIATE_SERVICE=ON is set.
* Add a patch to fix installation directory for systemd service file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Allow users to pass the private key password using
IMA_EVM_EVMCTL_KEY_PASSWORD.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Introduce IMA_EVM_PRIVKEY_KEY_OPT to pass additional options to evmctl
when signing files. An example is --keyid <id> that makes evmctl use
a specific key id when signing files.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tcp-smack-test:
tcp_server.c: In function 'main':
tcp_server.c:50:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
50 | port = atoi(argv[1]);
| ^~~~
tcp_server.c:62:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
62 | if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0)
| ^~~~~~~~~
udp-smack-test:
udp_client.c: In function 'main':
udp_client.c:52:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
52 | if(fsetxattr(sock, attr, label, strlen(label),0) < 0)
| ^~~~~~~~~
udp_client.c:67:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
67 | close(sock);
| ^~~~~
| pclose
udp_server.c: In function 'main':
udp_server.c:42:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
42 | port = atoi(argv[1]);
| ^~~~
udp_server.c:57:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
57 | if(fsetxattr(sock, attr, label, strlen(label), 0) < 0)
| ^~~~~~~~~
udp_server.c:84:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
84 | close(sock);
| ^~~~~
| pclose
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The option --without-python2-bindings was added twice, by the commit
4375507f39, and then after python2 was
deprecated with the commit 96737082ad.
This removes the latter.
Signed-off-by: Gaël PORTAY <gael.portay@rtone.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tcp-smack-test:
http://errors.yoctoproject.org/Errors/Details/766925/
tcp_client.c:55:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp-client-tests:
http://errors.yoctoproject.org/Errors/Details/766927/
udp_client.c:41:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp_client.c:51:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
udp_client.c:66:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bump tpm2-tss library version from 4.0.1 to 4.1.2.
This simply involves renaming the recipe and chaning the target SHA256
library file hash.
Also update the fixup_hosttools.patch to apply to the new version of the
library. It stays the same functionally, but some line numbers needed to
be updated to apply cleanly.
Signed-off-by: Valentin Kunin <kunin@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libseccomp requires DISTRO_FEATURE seccomp enabled. This one
is automatically removed for riscv, so we do not need to add
an additional condition.
This change is necessary for cve-check on world with meta-security
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
0001-osdetection-add-OpenEmbedded-and-Poky.patch
removed since it's included in 3.1.1.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Simple fix for Python 3.12 since it dropped asyncore. Catches the import
error instead of using a version check so that the user can install the
compatibility package for any uses that can't be upgraded to asyncio or
similar immediately.
Fixes:
# python3
Python 3.12.1 (main, Dec 7 2023, 20:45:44) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pyinotify
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.12/site-packages/pyinotify.py", line 71, in <module>
import asyncore
ModuleNotFoundError: No module named 'asyncore'
>>>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The install expects man8 directory to already exists. If not created
the man page gets installed as "man8", which causes conflicts with
other packages, that expect it to be a directory.
'arpsnmp' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/sbin/arpsnmp'
'./arpwatch.8' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
removed '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
'./arpsnmp.8' -> '/build/project/tmp/work/corei7-64-poky-linux/arpwatch/3.3/image/usr/share/man/man8'
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
According to the Yocto reference manual [1], the IMAGE_NAME_SUFFIX should
be set to empty for the initramfs image. Otherwise, we may incur a build
error like following due to the initrd check in live-vm-common.bbclass:
ERROR: core-image-minimal-1.0-r0 do_bootimg: build-test/tmp/deploy/images/genericx86-64/dm-verity-image-initramfs-genericx86-64.cpio.gz is invalid. initrd image creation failed.
ERROR: core-image-minimal-1.0-r0 do_bootimg: ExecutionError('build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/run.build_hddimg.1961965', 1, None, None)
ERROR: Logfile of failure stored in: build-test/tmp/work/genericx86_64-poky-linux/core-image-minimal/1.0/temp/log.do_bootimg.1961965
ERROR: Task (poky/meta/recipes-core/images/core-image-minimal.bb:do_bootimg) failed with exit code '1'
[1] https://docs.yoctoproject.org/ref-manual/variables.html#term-IMAGE_NAME_SUFFIX
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Arpwatch won't build on a system without a sendmail provider
installed with out this setting.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
After the using inherit_defer for the image classes in oe-core commit
451363438d38 ("classes/recipes: Switch to use inherit_defer"),
the using of anonymous python function in dm-verity-img.bbclass to
set the IMAGE_FSTYPES doesn't work anymore. The reason is that
image.bbclass also use anonymous python function to add the do_image_xxx
task for the corresponding filesystem type. The anonymous function in
dm-verity-img.bbclass is evaluated much later than the one in
image.bbclass. Then the task such as do_image_vhash will not be added
as we expect. So we choose to use "+=" to set the IMAGE_FSTYPES.
The populate_sdk_ext.bbclass may generate a dependency list like below:
core-image-minimal.do_sdk_depends -> lib32-core-image-minimal.do_image_vhash
So we also need to make sure the do_image_vhash task for the multilib
filesystem is added.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
After the oe-core commit 26d97acc7137 ("image-artifact-names: include
${IMAGE_NAME_SUFFIX} directly in both ${IMAGE_NAME} and
${IMAGE_LINK_NAME}"), the image names have changed from
core-image-minimal-qemux86-64-20230307181808.rootfs.ext4
core-image-minimal-qemux86-64.ext4
to
core-image-minimal-qemux86-64.rootfs-20230307181456.ext4
core-image-minimal-qemux86-64.rootfs.ext4
Adjust the images name used by dm-verity according to this change.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
