mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-06 16:48:42 +00:00
Code Issues Projects Releases Wiki Activity
410 Commits 39 Branches 0 Tags
af173c0440613f15db584270b83b9a41592f79cd
Commit Graph

410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster
af173c0440 packagegroup-core-security: add tripwire ptest 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
dd5b5c2753 tripwire: add ptest 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
e8f5ec707f security-build-image: remove X11 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
ab7b4aefa2 packagegroup-core-security: add suricata-ptest 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
94c7e71682 suricata: add ptest 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
4e3e7da657 packagegroup-core-security: add few more ptest packages 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
57cac8ede6 swtpm: switch to stable branch and clean up recipe 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
b15dbacb32 packagegroup-security-tpm2: add and remove packages 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
4bf54d58ad tpm2-abrmd: update to 2.0.2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
e920ff6e40 os-release: remove OS_RELEASE_FEILD extending 
depends on the OS_RELEASRE_FEILD os-release changes in core
otherwise yocto-check-layer will fail

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
f3bd6ceb6b layer.con: add TESTSUITE define 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
d51793e69c packagegroup-core-security: add ptest capable packages 
and favor python-scapy

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
b58f4ca4fb packagegroups: add more packages 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
b898dc231a suricata: fix QA error 
ollected errors:
 * check_data_file_clashes: Package suricata wants to install file .../1.0-r0/rootfs/var/run
	But that file is already provided by package  * base-files

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Armin Kuster
6149fb61b0 tpm2 packagegroup: fix filenames 
tpm2.0-tss package names changed, update accordingly

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-10-31 09:02:21 -07:00
Changqing Li
729fca6d2c bseccomp: fix do package qa warning 
Fix below warning:

lib32-libseccomp-2.3.3-r0 do_package: QA Issue: lib32-libseccomp:
Files/directories were installed but not shipped in any package:

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-29 10:43:01 -07:00
Yi Zhao
29b5ec44c7 keynote: remove recipe 
The keynote is unmaintained for a long time. It had been removed from
main distributions (Fedora, Suse and Debian).
See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594867

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-29 10:43:01 -07:00
Armin Kuster
04ef9df593 meta-security: add THUD 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-29 10:42:53 -07:00
Armin Kuster
4bbc0d9d94 samhain: update to 4.3.0 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-23 15:34:10 -07:00
Armin Kuster
64153a0f51 forensics: drop all un supported pacakges 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
76ae9a21f7 lynis: update to 2.6.8 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
e535ac49fd aircrack: update to 1.3 
remove unneeded patch.
minor cleanups

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
d255fa5bfb swtpm: update to tip for openssl 1.1 support 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
6faa2504ef libtpm: update to tip 
LIC_FILES_CHKSUM changed do to "Extend license texts with TPM 2 specifics"

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
3bae06e29b openssl-tpm-engine: update SRC_URI and update to 0.5.0 
change to a fork that is being maintained and that enabled openssl 1.1
Refresh patches
Drop one no longer needed

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
49a7a7a8e1 pcr-extend: fix building with openssl 1.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
2e784636c9 tor: remove not used 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
5a9f865792 packagegroup-core-security: change scapy to python name 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
62e7b5798d bastille: fix QA error 
bastille_3.2.1.bb: cannot map 'allarch' to a linux kernel architecture

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
db794a634f tpm-tools: update to latest 1.3.9.1 
refresh patch
backport debian fixes
Fix additional openssl 1.1 issue

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
93c5ab6687 suricata: include a emerging rules snapshot 
it appears to be changing w/o version control so
keep a snapshot when reciped was updated.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
17f0700b9f meta-security-compliance: bump layer priority 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
229b7a45cc meta-tpm: bump layer priority 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
a877bb374b tpm2-abrmd: update to 2.0.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
692a2c2009 tpm2.0-tools: update to 3.1.2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
8f9dc0378f layer_conf: increase priority 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
26786fab30 tpm2.0: update to 2.0.1 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
7aa34f55a6 openscap-daemon: update to 1.10 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
58ab731ab6 openscap: update 1.2.17 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
c9a21aae52 apparmor: update to 2.12 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
9ef4c66498 fscryptctl: update to tip 
fix mkfs.ext4 invocation

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
561d0806a9 scapy: update to 2.4.0 and covert 
convert package to python standard

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
32def3971b fail2ban: update to 10.3.1 
covert to python package standard

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Armin Kuster
d743e44710 sssd: update to 1.16.3 
Includes:
CVE-2018-10852

see:
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Alex Kiernan
31de145fe1 keyutils: Fix build with usrmerge 
Update BINDIR and SBINDIR so keyutils builds with usrmerge

ERROR: keyutils-1.5.10-r0 do_package: QA Issue: keyutils: Files/directories were installed but not shipped in any package:
  /sbin/key.dns_resolver
  /sbin/request-key
  /bin/keyctl
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
keyutils: 3 installed and not shipped files. [installed-vs-shipped]

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Yi Zhao
6e8d6f96d2 keynote: depend on openssl10 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-17 21:08:19 -07:00
Yi Zhao
9449ba75ea xmlsec1: upgrade 1.2.25 -> 1.2.26 
Drop patch xmlsec1-fix-a-typo-in-examples-verify3.c.patch since the
issue had been fixed upstream.

Rebase patch change-finding-path-of-nss.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-01 10:34:02 -07:00
Yi Zhao
108cb736d9 samhain: upgrade 4.2.2 -> 4.2.4 
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-01 10:34:02 -07:00
Mingli Yu
492b8b8f4a ecryptfs-utils: fix usrmerge install path 
Update rootsbindir from /sbin to ${base_sbindir}
to fix below do_install error when usrmerge
enabled in DISTRO_FEATURES
| chmod: cannot access '/poky-build/tmp-glibc/work/core2-64-wrs-linux/ecryptfs-utils/111-r0/image/usr/sbin/mount.ecryptfs_private': No such file or directory

And pass "--with-pamdir=${base_libdir}/security"
to configure script to fix below warning when
usrmerge enabled in DISTRO_FEATURES
| WARNING: ecryptfs-utils-111-r0 do_package: QA Issue: ecryptfs-utils: Files/directories were installed but not shipped in any package:
  /lib64/security/pam_ecryptfs.so

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-01 10:34:02 -07:00
Joe Slater
46d81c4737 keynote: add dependency on bison-native 
bison/yacc is no longer automatically supplied.

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2018-09-01 10:34:02 -07:00