mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity
1,024 Commits 37 Branches 0 Tags
ab90741aa2de75bf8afc4ce99a4f8f412781024a
Commit Graph

1024 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daiane Angolini
ab90741aa2 meta-integrity: kernel-modsign: Change weak default value 
Assign a weak default value for MODSIGN_KEY_DIR so the other layers can
set a default value for them as well.

Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:43:35 -07:00
Marta Rybczynska
c71c237d51 README: fix mailing lists and a typo 
A number of typo fixes:
- tmp->tpm in the DISTRO_FEATURES
- update the mailing list address as it was out of date
- update the distro name in the subject

Signed-off-by: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:43:27 -07:00
Marta Rybczynska
8974d695ef README: fix mailing lists 
The address included in the meta-hardening documentation
does not work and was changed in other places in 2019.

Signed-off-by: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:43:19 -07:00
Armin Kuster
b6d5cac306 kas: fix DISTRO appends 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:37:34 -07:00
Armin Kuster
57470052b0 kas-security-bas: bump conf value 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:37:18 -07:00
Armin Kuster
8fe88fe8d5 cryfs: add new package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-26 21:36:55 -07:00
Armin Kuster
c885d399cd packagegroup-core-security.bb: only include suricat-ptest if rust is included 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Martin Jansa
68be8afc6b layer.conf: Update to honister 
This marks the layers as compatible with honister now they use the new override
syntax.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
b206ba59db kas: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
01399d19d0 dynamix-layers: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
d11b2079f3 meta-security-compliance: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
90fe17c347 meta-parsec: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
119cabaf29 meta-security-isafw: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
352e6498a4 meta-hardening: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
b8554aae23 meta-integrity: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
c7632b927c meta-tpm: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
11a67b861a meta-security: Convert to new override syntax 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-08-01 08:47:08 -07:00
Armin Kuster
d3a484abf8 clamav: fix branch name and update 
They dropped the dev branch for rel. Update to tip.
Refresh patches

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
8db7c65832 krill: Add new pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
32dacb1f8d gitlab-ci.yml: streamline builds matrix 
drop ppc32 builds
drop multi builds

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
f447658731 packagegroup-core-security.bb: fix suricat-ptest inclusion 
drop libseccomp ptest

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
c1714b299c crowdsec: add pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
9cceed4cdb add meta-rust 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
7a1691c037 suricata: Drop 4.1.x its EOL 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Armin Kuster
7dcf98aa9b suricata.inc: exclude ppc in rust version 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-28 18:21:25 -07:00
Anton Antonov
152cdb506b Do not use clang toolchain in Parsec recipes 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-17 05:47:44 -07:00
Armin Kuster
e161900985 tpm-tools: fix build issue 
This error occurs randomly.
/bin/bash: pod2man: command not found

[Yocto #14304]

minor space/tab cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cc: Ben <koncept1@gmail.com>
 2021-07-10 05:16:52 -07:00
Armin Kuster
2fbaa47803 .gitlab-ci.yml: fix qemux86 musl order 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-10 05:16:52 -07:00
Yi Zhao
cab0c7d343 apparmor: use its own initscript and service files 
Use initscript and service files provided by apparmor.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-07-10 05:16:52 -07:00
Yi Zhao
366bd7026f apparmor: upgrade 3.0 -> 3.0.1 
Drop backport patches:
  0001-apparmor-fix-manpage-order.patch
  0001-libapparmor-add-missing-include-for-socklen_t.patch
  0002-libapparmor-add-aa_features_new_from_file-to-public-.patch
  0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch
  0001-aa_status-Fix-build-issue-with-musl.patch
  0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-07-10 05:16:26 -07:00
Armin Kuster
5fbf2b8b7f kas/kas-security-alt.yml: add meta-rust 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-06 22:21:47 -07:00
Armin Kuster
e7a4fb09c4 suricata: update to 6.0.3 
add new crates
minor cleanup

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-06 22:10:19 -07:00
Armin Kuster
aa84cc36dc sssd: update to 2.5.1 
See full change log: https://sssd.io/release-notes/sssd-2.5.1.html

Including a musl build work around

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-07-04 10:59:17 -07:00
Armin Kuster
be53d1a467 initramfs-framework: rename files dir 
Fixes:
ERROR: initramfs-framework-1.0-r4 do_fetch: Fetcher failure for URL: 'file://dmverity'. Unable to fetch URL from any source.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster
8f313d951c packagegroup-core-security: add sshguard 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster
1ec2783d62 ssshgaurd: add packaage 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Armin Kuster
54186fc738 initramfs-framework: fix typo in conditional 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-29 09:31:13 -07:00
Sekine Shigeki
46f7e7acbe smack: add 3 cves to allowlist 
CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 are not for smack of smack-team(https://github.com/smack-team/smack) but other project.

Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00
Federico Pellegrin
fcd4a8bbf6 aircrack-ng: update to 1.6 
Signed-off-by: Federico Pellegrin <fede@evolware.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00
Kai Kang
94aa6efec6 sssd: add fix-ldblibdir.patch back 
The patch fix-ldblibdir.patch has been dropped when update sssd to
2.5.0. But it fails to start sssd without this patch. So add it back.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:26 -07:00
Kai Kang
0705f60b81 sssd: set pid path with /run 
/var/run is deprecated and set pid path with /run to store pid files for
the SSSD.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-20 15:49:16 -07:00
Armin Kuster
48c7b34ec3 meta-integrity/recipe-kernel: use sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
6e75e751ff meta-integrity: add sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
35e1b61750 meta-tpm/linux-yocto: use sanity support 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
2bfc09017d meta-tpm: add layer sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
b226ebdc4a linux-yocto-dev: drop bbappend 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
1955c143de meta-security/recipe-kernel: use sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
c1235f6aff meta-security: add sanity check 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-06 13:03:37 -07:00
Armin Kuster
34d6b479b8 meta-hardening/initscripts: missed overide. 
Helps pass YCL.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-06-05 19:25:24 +00:00
Yi Zhao
f9ac521497 libgssglue: update SRC_URI 
Update SRC_URI to use Debian mirror because the original site is
unaccessible.

Fixes do_fetch error:
ERROR: libgssglue-0.4-r0 do_fetch: Fetcher failure for URL:
'http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz'.
Unable to fetch URL from any source.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2021-06-05 19:25:24 +00:00