mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 16:59:28 +00:00
Code Issues Projects Releases Wiki Activity
940 Commits 39 Branches 0 Tags
59fe015145ab7439efcdbeb2dc8d0627670d498b
Commit Graph

940 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster f2e9e8f96f tpm2-tools: update to 4.1.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-02-10 19:13:52 -08:00
Armin Kuster 2df5bbcf17 bastille: convert to py3 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-02-10 19:13:52 -08:00
Yi Zhao ace43479e7 scap-security-guide: fix xml parsing error when build remediation files 
Backport 2 patches to fix the build error:

Processing fix.text for: java_jre_configure_crypto_policy rule
Unable to extract part of the fix.text after inclusion of remediation functions. Aborting..
jre/CMakeFiles/generate-internal-jre-bash-fixes.xml.dir/build.make:60:
recipe for target 'jre/bash-fixes.xml' failed
make[2]: *** [jre/bash-fixes.xml] Error 1
make[2]: *** Deleting file 'jre/bash-fixes.xml'

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-02-09 09:33:22 -08:00
Armin Kuster 2732ab1467 ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directory 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-02-02 08:38:43 -08:00
Armin Kuster 84fb57b53f swtpm: fix configure error 
checking for whether to build with seccomp profile... configure: error: "Is libseccomp-devel installed? -- could not get cflags for libseccomp"

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-02-01 09:52:51 -08:00
Armin Kuster 037adba72e buck-security: fix rdebends and minor style cleanup 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-28 10:02:36 -08:00
Armin Kuster 3e9b32c714 checksecurity: fix runtime issues 
add some missing perl modules

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-28 10:02:36 -08:00
Armin Kuster dc0403042b linux-yocto-dev: remove "+" 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-28 10:02:36 -08:00
Pierre-Jean Texier via Lists.Yoctoproject.Org 4c98f16973 google-authenticator-libpam: upgrade 1.07 -> 1.08 
See changelog: https://github.com/google/google-authenticator-libpam/releases/tag/1.08

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-28 10:02:36 -08:00
Yi Zhao 4f65c58251 samhain: fix build with new version attr 
The attr/xattr.h has been removed from attr 2.4.48 with commit:
http://git.savannah.nongnu.org/cgit/attr.git/commit/include?id=7921157890d07858d092f4003ca4c6bae9fd2c38
The xattr syscalls are provided by sys/xattr.h from glibc now.
Remove the checking code to adapt it otherwise it would fail to build
with selinux support.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-28 10:02:21 -08:00
Armin Kuster 197d3588b6 Apparmor: fix some runtime depends 
missing xargs and comm

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-23 19:53:31 -08:00
Armin Kuster b02f3fae9d python3-fail2ban: update to latest 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-21 21:41:57 -08:00
Armin Kuster fa8d29bffc sssd: drop py2 support 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-21 21:41:20 -08:00
Armin Kuster 4295cfa89e README: add pull request option 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-19 22:51:11 -08:00
Armin Kuster b72cc7f87c fail2ban: fix runtime error 
use success/failure calls in initd/function

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-05 16:09:44 -08:00
Armin Kuster 5d629ccb54 meta-integrity: fix issues with yocto-check-layer 
[v2]
re-did solutions

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-04 10:55:26 -08:00
Armin Kuster 912ead8099 clamav: update to 0.101.5 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-03 11:54:58 -08:00
Armin Kuster 6400eba66a lib/oeqa/runtime: fix clamav test order 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2020-01-03 11:54:14 -08:00
Armin Kuster 41506052f6 smack-test: add feature check for smack 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster 6b42f1c033 google-authenticator-libpam: update to 1.07 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster 4786213cab python3-fail2ban: include python-fail2ban.inc 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster 36ebd09b06 python-fail2ban: Drop python2 package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster 980bdff22e smack: add distro check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster 2e5662214d apparmor: add distro check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-25 16:04:27 +00:00
Armin Kuster 3001c3ebfc suricata: update to 4.1.6 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-16 20:51:47 -08:00
Armin Kuster 0ca8cad641 lib/oeqa/runtime: suricata add tests 
drop the unit test as it should be run via ptest
add more tests for python3-suricata-update

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-16 20:51:35 -08:00
Armin Kuster 79983488a7 libhtp: bugfix only update 0.5.32 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-16 20:51:13 -08:00
Armin Kuster 195157e5a0 python3-suricata-update: update to 1.1.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-16 20:51:08 -08:00
Yi Zhao 2c2161fbc2 libseccomp: upgrade 2.4.1 -> 2.4.2 
Backport a patch to fix ptest build failure on arm64.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-16 20:51:00 -08:00
Armin Kuster 1bad7ebf9c meta-security-compliance/conf/layer.conf: fix typo 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-15 08:45:49 -08:00
Philip Tricca 4029f92ac8 tpm2-abrmd: Port command line options to new version. 
These have changed upstream.

Signed-off-by: Philip Tricca <flihp@twobit.org>
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-07 15:31:42 -08:00
Trevor Woerner 6d059a9d34 tpm2-abrmd-init.sh: fix for /dev/tpmrmX 
Newer kernels, in addition to the traditional /dev/tpmX device nodes, are now
also creating /dev/tpmrmX device nodes. This causes this script to get
confused and abort, meaning tpm2-abrmd does not get started during boot.

Fix for https://github.com/flihp/meta-measured/issues/56

Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-07 15:31:42 -08:00
Armin Kuster 72b05edff5 meta-security: add layer index callouts 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-07 15:31:34 -08:00
Armin Kuster 2df7dd9fba README: update mailing list to new groups.io 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-05 18:00:46 -08:00
Armin Kuster 5b1d0ff414 tpm2-totp: update to 0.2.0 
LIC_FILES_CHKSUM update to be true BSD-3-clause text
Drop patch included

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-05 18:00:46 -08:00
Armin Kuster 42df7b4eb0 tpm2-tss-engine: update to tip to us tss-tools 4.0.x 
LIC_FILES_CHKSUM update to be true BSD-3-clause text

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-05 18:00:46 -08:00
Armin Kuster d49f702580 tpm2-tools: update to 4.0.1 
LIC_FILES_CHKSUM added new copyrights

Migrate to https d/l from git clone

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-05 18:00:46 -08:00
Armin Kuster 405ad633aa tpm2-abrmd": update to 2.3.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-05 18:00:46 -08:00
Armin Kuster 02bd1dc6c7 tpm2-pkcs11: update to tip 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-12-05 18:00:37 -08:00
Ming Liu fa800e5261 meta: inherit features_check instead of distro_features_check 
distro_features_check has been deprecated in OE.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:58 -08:00
Christopher Larson 36d656fe72 suricata: add tmpfiles.d config 
This is needed to ensure our /var/log directory is created when using
systemd.

Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:58 -08:00
Christopher Larson 484d13bc59 clamav: add tmpfiles.d config 
This is needed to ensure freshclam's /var/log directory and file are
created when using systemd.

Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:58 -08:00
Christopher Larson b111206c4c checksecurity: use more portable find args 
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:58 -08:00
Norbert Kaminski 3743c5daae meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES and append EXTRA_OECONF 
The tpm2 tool freezes in a XEN distro. It stores the udev rules in
/lib/udev directory,
thus these changes append the FILES and EXTRA_OECONF to make tpm2 work
properly.

Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:58 -08:00
Christophe PRIOUZEAU 4dd3835150 cryptsetup tpm incubator: fix installed vs shipped 
Fix [installed-vs-shipped] by adding /usr/lib/tmpfiles.d
on FILES.

Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-11-27 13:38:50 -08:00
Armin Kuster 27ddb45554 apparmor: ptest fail to build on arm 
exclude arm and aarch64 ptest tasks

[v2&3]

Sent before committing.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-17 13:29:07 -07:00
Armin Kuster 5d049e7ef8 apparmor: fix systemd support so it works 
[Yocto # 13568]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-16 10:29:21 -07:00
Armin Kuster c55721b15e checksec: add missing rdepends to readelf 
update test to check for depends

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-14 22:45:18 -07:00
Armin Kuster 0e612d4c4d suricata: fix compile issue 
cp: cannot stat '/...../tmp-glibc/work/core2-32-oe-linux/suricata/4.1.5-r0/rules': No such file or directory
| WARNING: exit code 1 from a shell command.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-14 22:45:09 -07:00
Alexander Kanavin 400eade386 apparmor: make bash dependency optional 
Bash is only needed by one not particularly important script,
so not requiring bash is a useful option for builds that
cannot have gpl3 components.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-10-13 13:22:08 -07:00