AgeCommit message (Collapse)AuthorFilesLines
2018-07-03CVE-2018-11652 nikto: arbitray OS command injection via http server field.mortyNagalakshmi Veeramallu2-1/+108
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-05-19tpm2.0-tss: Fix build issue with tpm2-abrmd recipeJagadeesh Krishnanjanappa2-1/+31
It solves tpm2-abrmd recipe build failure (as mentioned below) as none of the tpm2.0-tss header files define MAX_LOADED_OBJECTS1 macro. The macro name should be MAX_LOADED_OBJECTS. -- snip -- | from ../tpm2-abrmd/src/include/tabrmd.h:31, | from ../tpm2-abrmd/src/access-broker.c:31: | ../tpm2-abrmd/src/access-broker.c: In function 'access_broker_get_trans_object_count': | ../tpm2-abrmd/src/access-broker.c:549:34: error: 'MAX_LOADED_OBJECTS1' undeclared (first use in this function) -- snip -- Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-02suricata: update package to 3.1.3Armin Kuster3-3/+3
*Changes* Bug #1861: Suricata with multi tenancy does not start in 3.1/3.1.1 Bug #1889: Suricata doesn't error on missing semicolon Bug #1910: libhtp 0.5.23 (3.1.x) Bug #1912: http.memcap reached condition can lead to dead lock Bug #1913: af-packet fanout detection broken on Debian Jessie Bug #1933: unix-command socket created with last character missing (3.1.x) Bug #1934: make install-full does not install tls-events.rules (3.1.x) Bug #1941: Can't set fast_pattern on tls_sni content (3.1.x) Bug #1942: dns - back to back requests results in loss of response (3.1.x) Bug #1943: Check redis reply in non pipeline mode (3.1.x) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-02samhain: update to 4.2.0Armin Kuster3-2/+2
* Changes: - New option 'SetAuditdFlags = r|w|x|a' to (re-)define the flags supplied to auditd. - New option 'PortCheckDevice = device' for the port check module, to monitor a device regardless of the address assigned to it. - Fix for the case sensitivity of the arguments to the Severity/Class options. - Compiler warnings with gcc 6.2 and a few minor bugs have been fixed. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-02nmap: Upgrade package to 7.31Armin Kuster1-5/+5
LIC_FILES_CHKSUM change do to yr going from 2015 to 2016 in file. Added "no update" config option. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-02smack: Add new packageArmin Kuster3-0/+75
V2: Fix typo and add LDFLAG to makefile Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-02smack kernel: add smack kernel config fragmentsArmin Kuster3-0/+15
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01python-pycrypto: simplify to use pypi classArmin Kuster1-17/+5
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01suricata: update package to 3.1.2Armin Kuster2-3/+3
v2: rebased against master-next which has 3.1 Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01libnetaddr-ip-perl: remove package. not used by anyone in this layerArmin Kuster1-26/+0
latest version does not build either Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01samhain: recipe cleanupArmin Kuster3-37/+38
add a few distro feature checks. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01package-group: fix tpm package listArmin Kuster1-2/+5
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01images: add a client and server imageArmin Kuster2-0/+37
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01linux-yocto-4.8: add tpm fragmentsArmin Kuster3-0/+20
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01tpm-tools: Fix gcc6 compile issueArmin Kuster2-0/+25
.8/src/tpm_mgmt/tpm_present.c | ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c: In function 'main': | ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:358:5: error: this 'if' clause does not guard... [-Werror=misleading-indentation] | if (szTpmPasswd && !isWellKnown) | ^~ | ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:360:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if' | return iRc; | ^~~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01package-group: Add tpm packagesArmin Kuster1-0/+13
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01layer.conf: Add filesystem dependsArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01image: at image to help test buildsArmin Kuster1-0/+21
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01qemu: Add tpm flagArmin Kuster1-0/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01tpm2simulator: add packageArmin Kuster1-0/+24
V2: Change ${S} and add OECMAKE_SOURCEPATH use ${S} instead of ${WORKDIR} in sed cmd Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01swtpm: add new packageArmin Kuster2-0/+76
V2: remove CACHED_CONFIGUREVARS, not needed after all fix typo in selinux option Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01libtpm: add new packageArmin Kuster1-0/+15
V2: - use SRCPV Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01tpm-tools: add native supportArmin Kuster2-0/+26
V2: - drop 1.0 from PV Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01tpm2.0-tss: Add new packageArmin Kuster2-0/+398
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-19suricata: package update to 3.1.0Armin Kuster2-3/+3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11clamav: fixup improper quotingMark Asselstine1-1/+1
Commit 217e06badb146539122732ab0eb27fd17cce09e5 [clamav: fix gcc 6.x build failure.] fixed a typo in "PACKAGECONFIG" (was missing the 'G') but unfortunately the PACKAGECONFIG string was incorrectly formed due to mismatched quotes. This caused a parsing error: ERROR: Unable to parse .../meta-security/recipes-security/clamav/clamav_0.99.2.bb ... Removed the unneeded quotes to fix the parsing issue. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11scapy: upgrade to 2.3.2Jackie Huang2-4/+15
* update the SRC_URI since it's been moved from bitbucket to github. * add ptest support Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11paxctl: Fix QA warningArmin Kuster1-0/+3
WARNING: paxctl-0.9-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '...../build/tmp-glibc/work/core2-64-oe-linux/paxctl/0.9-r0/packages-split/paxctl/sbin/paxctl' [ldflags] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11paxctl: allow build of paxctl-nativeJoe Slater1-0/+15
paxctl-native is needed to build paxtest. Do not use the install target in Makefile for paxctl-native, it will fail with error: install: cannot change ownership of '.../sbin/paxctl': \ Operation not permitted Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11clamav: fix gcc 6.x build failure.Armin Kuster1-4/+18
./llvm/include/llvm/Support/AlignOf.h:57:24: error: expected unqualified-id before 'alignof' static inline unsigned alignof() { return AlignOf<T>::Alignment; } ^~~~~~~ configure --with-system-llvm --with-llvm-linking=dynamic. define use with meta-oe LLVM3.3 via config option Fix typo for systemd PACKAGECONFIG Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11samhain: 4.1.4 -> 4.1.5Wang Xin3-2/+4
1) Upgrade samhain from 4.1.4 to 4.1.5. 2) Add TARGET_CC_ARCH.Fix error. ERROR: samhain-server-4.1.5-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yule_setpwd' No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yulectl' [ldflags] Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-08-20python-pycrypto: fix build errorArmin Kuster1-1/+3
| DEBUG: Executing shell function do_compile | make: *** No targets specified and no makefile found. Stop. add null do_compile Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-08-20libseccomp: update to latestJonathan Liu17-3272/+3
Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-08-20Fix a trousers build on when not in use systemd: unparsed line: 'inherit'Thomas Perrot1-2/+1
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-06-26suricata: update to 3.0.2Armin Kuster3-3/+3
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26tripwire: update to Kuster3-90/+12
this also fixes clang and gcc 5.3 build issues remove merged patches Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26samhain: update to 4.1.4Armin Kuster3-2/+2
4.1.4: - Fix for issues with re-evaluation of paths with wildcard patterns: - no re-evaluation if no match at process startup - if same pattern used for a file=.. and dir=.. directive, only one (the first in config file) is re-evaluated - Fix for issues with new directories created when inotify is used: - recursion depth is not properly set for new directory - directory gets watched even if recursion depth should be below zero 4.1.3: - Fix for a regression in DNS resolving if samhain is compiled with '--enable-static' - On Cygwin/Windows, the default for the 'AvoidBlock' option is now 'off' because of problems reported for this platform. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26nmap: fix several new QA warnings.Armin Kuster1-14/+9
WARNING: nmap-7.12-r0 do_package: QA Issue: nmap: Files/directories were installed but not shipped in any package: /usr/lib /usr/bin/ndiff /usr/bin/nping /usr/bin/ncat /usr/lib/python2.7 /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages/ndiff.pyc /usr/lib/python2.7/site-packages/ndiff.py Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. nmap: 8 installed and not shipped files. [installed-vs-shipped] remove crazyness and let the system figure out packaging info remove ndiff.py* as the compiled version is installed in /usr/bin and remove the leftover python site-package cruft. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26samhain: Avoid empty source archiverLei Maohui1-10/+7
It is better to put necessary work into do_patch task than add a new task. Otherwise,you can not get correct source code in some functions(such as archiver.bbclass). Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-05-25Use bb.utils.contains instead of base_contains because it is deprecatedThomas Perrot1-4/+4
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-25clamav: update package to 0.99.2Armin Kuster10-79/+4
remove unused patches. remove merged patches move files to /file for easier maintenance Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-25clamav: Fix new QA warningArmin Kuster1-1/+1
NOTE:meta-security/recipes-security/clamav/clamav_0.99.1.bb: base_contains is deprecated, please use bb.utils.contains instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-25trousers: Fix new QA warningArmin Kuster1-2/+2
NOTE: meta-security/recipes-tpm/trousers/trousers_0.3.13.bb: base_contains is deprecated, please use bb.utils.contains instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-25sssd: Fix new QA warningArmin Kuster1-1/+1
NOTE:meta-security/recipes-security/sssd/sssd_1.13.3.bb: base_contains is deprecated, please use bb.utils.contains instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23tpm-tools: add packageArmin Kuster3-0/+296
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23trousers: add packageArmin Kuster5-0/+254
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23sssd: add new packageArmin Kuster2-0/+80
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23libdhash: add packageArmin Kuster1-0/+13
required by sssd Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23clamav: fix lib version mismatchArmin Kuster1-8/+12
drop lib version in package name drop insane and remove broken symlink Use LEAD_SONAME Don't hard code lib version in tasks Use native chrpath not the host provided version Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23clamav: update to 0.99.1Armin Kuster30-62116/+115
removed debian patches brut force remove rpaths Signed-off-by: Armin Kuster <akuster808@gmail.com>