mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-04-20 11:29:37 +00:00
Code Issues Projects Releases Wiki Activity
518 Commits 38 Branches 0 Tags
f524ba9665416673372c491e1c2c924395ebce2e
Commit Graph

518 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Armin Kuster
f524ba9665 samhain: add more tests and fix ret checks 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:45:13 -07:00
Armin Kuster
8eee8727cb smack-test: add smack tests from meta-intel-iot-security 
ported over smack tests

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:45:13 -07:00
Armin Kuster
5d37937f2e smack: move patch to smack dir 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:44:59 -07:00
Armin Kuster
f67e1bc01d apparmor: add a few more runtime 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:44:59 -07:00
Armin Kuster
f506138eb5 apparmor: fix fragment for 5.0 kernel 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-09 17:44:59 -07:00
Yi Zhao
eaa616a2e2 meta-tpm/README: update 
Add more description

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-01 15:53:40 -07:00
Yi Zhao
e3f6970b09 meta-tpm/conf/layer.conf: update layer dependencies 
Add openembedded-layer to layer dependencies.

Fix the following build errors:

ERROR: Required build target 'tpm2-pkcs11' has no buildable providers.
Missing or unbuildable dependency chain was: ['tpm2-pkcs11', 'dstat']

ERROR: Required build target 'cryptsetup-tpm-incubator' has no buildable providers.
Missing or unbuildable dependency chain was: ['cryptsetup-tpm-incubator', 'libdevmapper']

ERROR: Required build target 'tpm2-totp' has no buildable providers.
Missing or unbuildable dependency chain was: ['tpm2-totp', 'qrencode']

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-05-01 15:53:32 -07:00
Armin Kuster
5959e4f4bf clamav-native: fix new build issue 
re-arch the reciped to build properly.

Fixed /var/lib/clamav dir issue

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-14 10:54:20 -07:00
Armin Kuster
ab3c84c4d3 clamav: add clamav-cvd package for cvd db 
Add native package to support creating a mirror
of the clamav cvd and supply it in a new package.

Provide a INSTALL_CLAMAV_CVD flag to bypass this creation

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-14 10:54:07 -07:00
Armin Kuster
3b88d3d9ca clamav: runtime fix local routing 
This addes the localhost to resolve.conf to fix:

ERROR: Can't get information about database.clamav.net: Temporary failure in name resolution
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-13 10:31:20 -07:00
Armin Kuster
361aa8c562 libldb: add waf-cross-answeres 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-13 10:31:20 -07:00
Armin Kuster
67369e1428 clamav: fix llvm reference version 
llvm8.0 does not exist. dropped the version part.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-13 10:31:20 -07:00
Armin Kuster
109b8260bf clamav runtime: add resolve.conf support 
and ping test too

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-13 10:31:11 -07:00
Armin Kuster
8a1f54a246 libmspack: update to 0.10.1 
For details see: https://github.com/kyz/libmspack/blob/master/libmspack/ChangeLog

change compression to match that now being used from source

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-07 05:13:33 +05:30
Armin Kuster
98750e8933 ccs-tools: move to reciped-mac 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-07 05:12:43 +05:30
Armin Kuster
63af29ba48 layer.conf: Add warrior to compatible release series 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-07 05:10:15 +05:30
Armin Kuster
cb6d1c85ee linux-yocto/5.0: add apparmor fragments 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-01 19:21:21 -07:00
Armin Kuster
cb412637a2 linux-yocto: make bbappend version neutral 
update apparmor configs

[v2]
Just update configs.

leave versions intact.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-04-01 19:21:06 -07:00
Armin Kuster
5b8e4cb21b apparmor: add basic runtime test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 11:57:11 -07:00
Armin Kuster
5dcf7ca44e apparmor: update to 2.13.2 
Drop patch included in update:
tool-paths.patch

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 11:57:02 -07:00
Armin Kuster
1460d9b86d reorg ids: move ids recipes to recipes-ids 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
75e609f7b1 reorg: move mac recipes to recipes-mac 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
00f00d2897 clamav: add basic runtime tests 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
6d3aa03272 clamav: drop llvm version setting 
There is only one llvm and its in core so
drop allowing it to be overwritten.
We can hardcode it now.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
f1f54b94ad samhain: add basic runtime test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
b551fdef0e samhain: fix runtime error 
fix:
samhain[1652]: FATAL: x_dnmalloc.c: 2790: hashval < AMOUNTHASH
Killed

disable dnmalloc

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
a0a4660375 suricata: add runtime testing 
Today there are no failures so set the trigger to zero.

[v2]
fix match string
and conditional

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
7d014432c7 tripwire: add runtime test 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
1fae87cd1c sssd: update to 1.16.4 
Add systemd pkgconf via DISTRO_FEATURE

Fix uid/gid of sssd.conf

[v2]
drop non update related changes

also, this includes CVE-2019-3811

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:37:09 -07:00
Armin Kuster
9553b9a8dd sssd: fix a few runtime issues 
include a few more RDEPEND packages. remove init script as there really
isn't one yet.

[v2]
Squish build tweeking done in pkg update into this changeset

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-31 10:36:37 -07:00
Armin Kuster
fe0e799624 sssd: Add basic runtime test 
This does some basic testing and checks.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-29 08:28:49 -07:00
Armin Kuster
f11dbe0d6d Revert "sssd: fix libcrypto version used" 
This reverts commit 2488c965d6b1b440734f43326fb33ac642ac7b82.

This corrects an incorrect fix as pointed out by Adrian Bunk.
 2019-03-29 08:28:49 -07:00
Armin Kuster
0a97ed301e sssd: fix libcrypto version used 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-25 22:33:22 -07:00
Armin Kuster
228e566a55 keyutils: fix pulling in glibc when musl enabled 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-25 22:33:22 -07:00
Armin Kuster
83c47bed13 tpm2.0 prefix: rename to tpm2 take2 
v1 was commited. This is the additional changes.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-25 22:33:22 -07:00
Armin Kuster
2b017427f9 packagegroup-security-tpm2: update to name change 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-23 09:50:16 -07:00
Armin Kuster
2e654a1013 meta-tpm: add maintainers file 
This simples checking package updates

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-23 09:50:08 -07:00
Armin Kuster
29e847feb3 tpm2.0 prefix: rename to tpm2 
this aligns with the rest of the tpm2 recipes

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-23 09:49:59 -07:00
Armin Kuster
eb9e2cde9c tpm2simulator: replaced by ibmswtpm2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-23 09:15:39 -07:00
Armin Kuster
3406611b12 meta-tpm: add runtime test for tpm2 
This runs a basic tpm test using the simulator

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-23 09:15:39 -07:00
Armin Kuster
30699d6bae ibmswtpm2: Add new recipe 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-23 09:15:39 -07:00
Armin Kuster
09366d63fe packagegroup-security-tpm2: add new packages 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-17 15:39:01 -07:00
Armin Kuster
73e5fb5f4c tpm2-pkcs11: add new package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-17 15:39:01 -07:00
Armin Kuster
dda3e09e5b tpm2-tcti-uefi: add new package 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-17 15:39:01 -07:00
Armin Kuster
5b7c372770 cryptsetup-tpm-incubator: add new package 
[v2]
add missing patch

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-17 15:38:53 -07:00
Armin Kuster
0590bd0520 maintainers: add inc file to work with current schema 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-16 04:17:29 -07:00
Armin Kuster
86d2c0c66a keyutils: fix QA WARNING 
WARNING: keyutils-1.6-r0 do_package: QA Issue: keyutils: Files/directories were installed but not shipped in any package:
  /lib/pkgconfig
  /lib/pkgconfig/libkeyutils.pc

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-16 04:17:29 -07:00
Armin Kuster
eae5224fa8 libseccomp: update to 2.4.0 
Update the syscall table for Linux v5.0-rc5.
also a security releated issue;
https://github.com/seccomp/libseccomp/issues/139

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-16 04:17:29 -07:00
Armin Kuster
c4f34bc88c tpm2.0-tools: fix protocol 
A commit amend misstep didn't capture the https to git change in
SRC_URI.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-16 04:17:29 -07:00
Armin Kuster
eb6fa0cf47 lynis: update to 2.7.2 
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2019-03-16 04:17:29 -07:00