aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-01-25buck-security: fix rdebends and minor style cleanupzeusArmin Kuster1-34/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-25checksecurity: fix runtime issuesArmin Kuster1-1/+1
add some missing perl modules Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-23Apparmor: fix some runtime dependsArmin Kuster1-1/+1
missing xargs and comm Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-22fail2ban: fix runtime errorArmin Kuster1-4/+4
use success/failure calls in initd/function Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04suricata: update to 4.1.6Armin Kuster2-4/+3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04libhtp: bugfix only update 0.5.32Armin Kuster1-0/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04libseccomp: upgrade 2.4.1 -> 2.4.2Yi Zhao2-1/+47
Backport a patch to fix ptest build failure on arm64. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04README: update mailing list to new groups.ioArmin Kuster1-4/+4
Also add Zeus keyword Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04suricata: add tmpfiles.d configChristopher Larson2-10/+20
This is needed to ensure our /var/log directory is created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04clamav: add tmpfiles.d configChristopher Larson2-1/+10
This is needed to ensure freshclam's /var/log directory and file are created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04checksecurity: use more portable find argsChristopher Larson2-1/+25
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES ↵Norbert Kaminski1-1/+3
and append EXTRA_OECONF The tpm2 tool freezes in a XEN distro. It stores the udev rules in /lib/udev directory, thus these changes append the FILES and EXTRA_OECONF to make tpm2 work properly. Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-04cryptsetup tpm incubator: fix installed vs shippedChristophe PRIOUZEAU1-0/+1
Fix [installed-vs-shipped] by adding /usr/lib/tmpfiles.d on FILES. Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-17apparmor: ptest fail to build on armArmin Kuster1-0/+18
exclude arm and aarch64 ptest tasks [v2&3] Sent before committing. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-16apparmor: fix systemd support so it worksArmin Kuster1-5/+11
[Yocto # 13568] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-14checksec: add missing rdepends to readelfArmin Kuster2-1/+2
update test to check for depends Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-14suricata: fix compile issueArmin Kuster1-3/+0
cp: cannot stat '/...../tmp-glibc/work/core2-32-oe-linux/suricata/4.1.5-r0/rules': No such file or directory | WARNING: exit code 1 from a shell command. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-13apparmor: make bash dependency optionalAlexander Kanavin1-2/+6
Bash is only needed by one not particularly important script, so not requiring bash is a useful option for builds that cannot have gpl3 components. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-13apparmor: add PRIVATE_LIBS for ptest packageAlexander Kanavin1-0/+2
Otherwise, the following occurs: ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/perl5/vendor_perl/5.30.0/i686-linux/auto/LibAppArmor/LibAppArmor.so) ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/python3.7/site-packages/LibAppArmor/_LibAppArmor.cpython-37m-i686-linux-gnu.so) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-11layer.conf: Update for zeus seriesArmin Kuster4-4/+4
Signed-off-by: Armin Kuster <akuster808@gmail.com> Acked-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-08suricata-update: add package to pull rulesArmin Kuster1-0/+15
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-10-08suricata/libhtp: update to 4.1.5/0.5.31Armin Kuster5-13/+8
same sources refresh patch drop rules tar ball Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-29apparmor: suppress appending of installation to perllocal.podNaveen Saini2-0/+29
perl modules when gets installed can produce a perllocal.pod file for documenting a list of locally installed perl modules. This can conflict if multiple packages generate the file. Hits the conflict with apparmor & rrdtool packages. Error: Transaction check error: file /usr/lib/perl5/5.30.0/x86_64-linux/perllocal.pod conflicts between attempted installs of rrdtool-1.7.2-r0.corei7_64 and apparmor-2.13.3-r0.corei7_64 perllocal.pod files are for documentation purpose, so disabling does not harm. Generating perllocal.pod for perl module is disabled by passing NO_PERLLOCAL=1 with ExtUtils::MakeMaker utility. https://perldoc.perl.org/5.30.0/ExtUtils/MakeMaker.html#Using-Attributes-and-Parameters [YOCTO #13491] Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-29ncrack: update to tipScott Ellis1-2/+2
LIC_FILES_CHKSUM changed do to the date bumped to 2018 to 2019. The license is the same as nmap and the nmap recipe in meta-openembedded has that beginline/endline grab stuff. Went for consistency as ncrack is an nmap project. Signed-off-by: Scott Ellis <scott@jumpnowtek.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-pkcs11: update to tipArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-tcti-uefi: update to tipArmin Kuster1-2/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-totp: update to 0.1.2Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-tss-engine: update to 1.0.1Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-tss: update to 2.3.0Armin Kuster2-87/+2
drop patch already in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12tpm2-abrmd: update to 2.2.0Armin Kuster1-2/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12swtpm: update to 0.2.0Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-12libtpm: update to 0.7.0Armin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07suricata: update to 4.1.4Armin Kuster4-8/+35
Backport patch to fix build against newer kernels. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07oe-scap: Fix QA RDEPENDS errorArmin Kuster1-1/+1
ERROR: oe-scap-1.0-r0 do_package_qa: QA Issue: /usr/share/oe-scap/run_tests.sh contained in package oe-scap requires /bin/bash, but no providers found in RDEPENDS_oe-scap? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07cryptsetup-tpm-incubator: fix QA error RDEPENDSArmin Kuster1-1/+1
ERROR: cryptsetup-tpm-incubator-0.9.9-r0 do_package_qa: QA Issue: /usr/lib/libcryptsetup.so.12.3.0 contained in package cryptsetup-tpm-incubator requires libdevmapper.so.1.02(DM_1_02_97)(64bit), but no providers found in RDEPENDS_cryptsetup-tpm-incubator? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07scap-security-guide: add depends on openscap-native do_installArmin Kuster1-3/+4
This ensures openscap-native does install the needed patches security guilde needs to build Minor recipe cleanup too Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07openscap: Drop nostampArmin Kuster1-3/+2
add cleandir depends to do_install task This nostamp is causing issues with the yocto-check-layer when checking hash changes. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07apparmor: drop lsb RDEPENDSArmin Kuster2-2/+1
remove lsb functions from init script Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07initramfs-framework-ima: correct IMA_POLICY nameArmin Kuster1-1/+1
it had ima_policy_hashed and did not match the recipe ima-policy-hashed found by yocto-check-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07busybox: fix sig changes when layer addedArmin Kuster2-3/+4
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07packagegroup-core-security: update package nameArmin Kuster1-3/+1
Also remove tpm packagegroup reference Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-07packagegroup-core-security-ptest: only included if ptest is enabledArmin Kuster1-1/+5
update python package names Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-01libseccomp: build static library alwaysStefan Agner1-0/+2
Always build static library. This is required e.g. for runc from meta-virtualization in its default configuration. Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-09-01python-scapy: drop py2 packageArmin Kuster4-37/+25
fixup run-ptest Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-08-29checksec: upgrade 1.11.1 -> 2.1.0Yuan Chao1-1/+1
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-08-29python-scapy: upgrade 2.4.2 -> 2.4.3Yuan Chao3-2/+2
License file changed from bin/scapy to LICENSE Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-08-28libenv-perl: Remove, moved to meta-perlAdrian Bunk2-22/+0
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-08-28xmlsec1: Remove, moved to meta-oeAdrian Bunk9-315/+0
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-08-28ecryptfs-utils: fix race condition in do_installQi.Chen@windriver.com2-0/+33
The rootsbindir is a self-defined directory. The install-rootsbinPROGRAMS is actually treated as part of install-data instead of install-exec. Do making install-exec-am depend on it actually results in the following Makefile contents. install-data-am: install-rootsbinPROGRAMS install-exec-am: install-binPROGRAMS install-binSCRIPTS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-exec-hook: install-rootsbinPROGRAMS And this results in race condition as two install commands of the same file running at the same time. Error message is like below. TOPDIR/tmp-glibc/hosttools/install: cannot create regular file 'TOPDIR/tmp-glibc/work/aarch64-wrs-linux/ecryptfs-utils/111-r0/image/sbin/mount.ecryptfs': File exists Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-08-28ecryptfs-utils: remove openssl PACKAGECONFIGQi.Chen@windriver.com1-1/+1
ecryptfs-utils does not build with openssl1.1. Previously this openssl PACKAGECONFIG is disabled by default, so we are not getting build failures by default. But if we enable it, we get do_compile failure. This package is from ubuntu source, and the one ubuntu ships does not depend on openssl. The development of this package has stopped for about 3 years. I don't see it will fix the build offically. So remove this PACKAGECONFIG and use '--disable-openssl' directly. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>