mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-04-20 11:29:37 +00:00
Code Issues Projects Releases Wiki Activity
921 Commits 38 Branches 0 Tags
aebcf9a985d20dcaa1ce12c101cb115e93cf54a8
Commit Graph

921 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster
aebcf9a985 layer.conf: add dynamic-layer for rust pkg 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:06:46 -07:00
Armin Kuster
aa6d847de4 suricata: update to 6.0.2 
needs rust

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:06:29 -07:00
Anton Antonov
f93595863c Use libest "main" branch instead of "master". 
This patch fixes the issue:

WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream
ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source.

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:00:47 -07:00
Armin Kuster
a00b285f8c python3-suricata-update: update to 1.2.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:00:47 -07:00
Armin Kuster
0f79f5aa67 swtpm: fix check for tscd deamon on host 
Found a few  places that tscd check was trying to run the hosts.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-12 07:00:47 -07:00
Armin Kuster
e70a97b570 swtpm: file pip3 issue 
need native pip3, was using host's

Signed-off-by: Armin Kuster <akuster808@gmail.com>

--
V2]
add python3-cryptography-native to DEPENDS
forgot to add changes.
 2021-04-02 08:21:34 -07:00
Armin Kuster
6bcba5f95c swtpm: now need python-cryptography, pull in layer 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Armin Kuster
2223b8692e clamav: fix systemd service install 
ERROR: clamav-0.104.0-r0 do_package: QA Issue: clamav: Files/directories were installed but not shipped in any package:
  /lib/systemd/system/clamav-daemon.service
    /lib/systemd/system/clamav-clamonacc.service

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Armin Kuster
549436c511 python3-privacyidea: upgrade 3.5.1 -> 3.5.2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Ming Liu
995f25bcb9 meta: drop IMA_POLICY from policy recipes 
IMA_POLICY is being referred as policy recipe name in some places and it
is also being referred as policy file in other places, they are
conflicting with each other which make it impossible to set a IMA_POLICY
global variable in config file.

Fix it by dropping IMA_POLICY definitions from policy recipes

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Armin Kuster
90504a2580 clamav: upgrade 104.0 
convert to cmake and general cleanup

include on oe env patch and glibc 2.33 header fixup

if running w/in qemu, need to add qemuparams="-m 2048" to allow
freshclam not to oom

Signed-off-by: Armin Kuster <akuster808@gmail.com>

---
V2]
Bump PV to match what is being d/l
 2021-04-02 08:21:34 -07:00
Armin Kuster
44d51ebff5 packagegroup-core-security: drop clamav-cvd 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-04-02 08:21:34 -07:00
Armin Kuster
775870980b swtpm: update to 0.5.2 
Add python package

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-25 18:29:41 +00:00
Armin Kuster
5e1ae67684 tpm2-tss-engine: update 1.1.0 
LIC_FILES_CHKSUM hash changed between branches.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-25 18:29:41 +00:00
Armin Kuster
f9fdf97730 layer.conf: Add hardknott to LAYERSERIES_COMPAT 
Thats codename for 3.3

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-18 08:01:19 -07:00
Ming Liu
6ada80aa3e ima-evm-keys: add file-checksums to IMA_EVM_X509 
This ensures when a end user change the IMA_EVM_X509 key file,
ima-evm-keys recipe will be rebuilt.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-18 08:01:19 -07:00
Kai Kang
db86cfad19 samhain: fix compile error on powerpc 
It fails to comile samhain for powerpc(qemuppc):

| x_sh_dbIO.c: In function 'swap_short':
| x_sh_dbIO.c:229:36: error: initializer element is not constant
|   229 |       static unsigned short ooop = *iptr;
|       |                                    ^

Assign after initialization of the static variable to avoid the failure.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-18 08:01:19 -07:00
lukasz plachno
d4e7769be2 fscryptctl: Fix installation path 
- Without the patch fscryptctl is installed in
   /usr/bin/usr/local/bin instead of /usr/bin.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-18 08:01:19 -07:00
Armin Kuster
fffd85ac87 python3-fail2ban: fix building with ptest enabled 
Use new structure for testing.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
77b17e6865 tpm-tools: update to 1.3.9.1 
drop patch included in update

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
31aa858948 trousers: update to 0.3.15 
includes: CVE-2020-24332, CVE-2020-24330, CVE-2020-24331

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
b6e41623f6 tpm2-topt: update 0.3.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
c8c31f0c1e tpm2-pkcs11: update to 1.5.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
b246b2d696 tpm2-tss: update to 3.0.3 
include automate 2.70 fix

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
ef93f8c906 tpm2-tools: update to 5.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
caa7a1b527 tpm2-abrmd: update to 2.4.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
dff404dc36 ibmtpm2tss: update to 1.6.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-09 08:52:21 -08:00
Armin Kuster
7e4ceed4f5 libtpm: update to 0.8.2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>

--
V2]
let include the updated changes
 2021-03-09 08:51:51 -08:00
Ming Liu
9504d02694 ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic 
This fixes following systemd boot issues:
[    7.455580] systemd[1]: Failed to create /init.scope control group: Permission denied
[    7.457677] systemd[1]: Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
[    7.459270] systemd[1]: Freezing execution.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Armin Kuster
6d81042860 python3-fail2ban: update to 0.11.2 
drop hard python3 patch and create it dufing compile.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Armin Kuster
0085b2cda9 suricata: update to 4.10.0 
This is the last 4.x. Will need rust support to move to 6.x

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Armin Kuster
7d3704b22c opendnssec: update to 2.1.8 
refresh libdns_conf_fix.patch
Drop fix_fprint.patch includd in update

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Armin Kuster
dc28e175e3 samhain: update to 4.4.3 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Armin Kuster
53b59e1551 python3-scapy: upgrade 2.4.3 -> 2.4.4 2021-03-02 11:56:27 -08:00
Armin Kuster
5c9ea6bd3b python3-privacyidea: upgrade 3.3 -> 3.5.1 2021-03-02 11:56:27 -08:00
Armin Kuster
9bb7fa51a5 libseccomp: upgrade 2.5.0 -> 2.5.1 
drop patch merged  in update
 2021-03-02 11:56:27 -08:00
Armin Kuster
d7391ab934 fscryptctl: upgrade 0.1.0 -> 1.0.0 2021-03-02 11:56:27 -08:00
Armin Kuster
0b9dba242f ding-libs: upgrade 0.5.0 -> 0.6.1 2021-03-02 11:56:27 -08:00
Armin Kuster
d172529675 checksec: upgrade 2.1.0 -> 2.4.0 
LIC_FILES_CHKSUM update do to yr change
 2021-03-02 11:56:27 -08:00
Armin Kuster
b1d0346eb8 arpwatch: upgrade 3.0 -> 3.1 
LIC_FILES_CHKSUM update do to yr change
 2021-03-02 11:56:27 -08:00
Armin Kuster
f97a8bef14 kas-security-base.yml: drop DL_DIR 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-03-02 11:56:27 -08:00
Armin Kuster
a107721960 kas-security-base.yml: build setting updates 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
b6d0148899 nikito: Update common-licenses references to match new names 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
adcd7c4371 scap-security-guide: Inherit python3targetconfig 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
be7f9bda1d openscap: Inherit python3targetconfig 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
8f51c5b9a2 python3-suricata-update: Inherit python3targetconfig 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Armin Kuster
725526e0ea apparmor: Inherit python3targetconfig 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu
6612bf719f ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic 
Or else wic will fail without "--no-fstab-update" option.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu
ffab25f929 initramfs-framework-ima: let ima_enabled return 0 
Otherwise, ima script would not run as intended.

Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00
Ming Liu
4dc646c8ce README.md: update according to the refactoring in ima-evm-rootfs.bbclass 
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2021-02-23 20:34:51 -08:00