aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security
AgeCommit message (Collapse)Author
2016-11-02smack: Add new packageArmin Kuster
V2: Fix typo and add LDFLAG to makefile Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01suricata: update package to 3.1.2Armin Kuster
v2: rebased against master-next which has 3.1 Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01samhain: recipe cleanupArmin Kuster
add a few distro feature checks. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01package-group: fix tpm package listArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01images: add a client and server imageArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01package-group: Add tpm packagesArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-01image: at image to help test buildsArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-19suricata: package update to 3.1.0Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11clamav: fixup improper quotingMark Asselstine
Commit 217e06badb146539122732ab0eb27fd17cce09e5 [clamav: fix gcc 6.x build failure.] fixed a typo in "PACKAGECONFIG" (was missing the 'G') but unfortunately the PACKAGECONFIG string was incorrectly formed due to mismatched quotes. This caused a parsing error: ERROR: Unable to parse .../meta-security/recipes-security/clamav/clamav_0.99.2.bb ... Removed the unneeded quotes to fix the parsing issue. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11scapy: upgrade to 2.3.2Jackie Huang
* update the SRC_URI since it's been moved from bitbucket to github. * add ptest support Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11paxctl: Fix QA warningArmin Kuster
WARNING: paxctl-0.9-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '...../build/tmp-glibc/work/core2-64-oe-linux/paxctl/0.9-r0/packages-split/paxctl/sbin/paxctl' [ldflags] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11paxctl: allow build of paxctl-nativeJoe Slater
paxctl-native is needed to build paxtest. Do not use the install target in Makefile for paxctl-native, it will fail with error: install: cannot change ownership of '.../sbin/paxctl': \ Operation not permitted Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11clamav: fix gcc 6.x build failure.Armin Kuster
./llvm/include/llvm/Support/AlignOf.h:57:24: error: expected unqualified-id before 'alignof' static inline unsigned alignof() { return AlignOf<T>::Alignment; } ^~~~~~~ configure --with-system-llvm --with-llvm-linking=dynamic. define use with meta-oe LLVM3.3 via config option Fix typo for systemd PACKAGECONFIG Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-10-11samhain: 4.1.4 -> 4.1.5Wang Xin
1) Upgrade samhain from 4.1.4 to 4.1.5. 2) Add TARGET_CC_ARCH.Fix error. ERROR: samhain-server-4.1.5-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yule_setpwd' No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yulectl' [ldflags] Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-08-20libseccomp: update to latestJonathan Liu
Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-06-26suricata: update to 3.0.2Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26tripwire: update to 2.4.3.1Armin Kuster
this also fixes clang and gcc 5.3 build issues remove merged patches Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26samhain: update to 4.1.4Armin Kuster
4.1.4: - Fix for issues with re-evaluation of paths with wildcard patterns: - no re-evaluation if no match at process startup - if same pattern used for a file=.. and dir=.. directive, only one (the first in config file) is re-evaluated - Fix for issues with new directories created when inotify is used: - recursion depth is not properly set for new directory - directory gets watched even if recursion depth should be below zero 4.1.3: - Fix for a regression in DNS resolving if samhain is compiled with '--enable-static' - On Cygwin/Windows, the default for the 'AvoidBlock' option is now 'off' because of problems reported for this platform. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26nmap: fix several new QA warnings.Armin Kuster
WARNING: nmap-7.12-r0 do_package: QA Issue: nmap: Files/directories were installed but not shipped in any package: /usr/lib /usr/bin/ndiff /usr/bin/nping /usr/bin/ncat /usr/lib/python2.7 /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages/ndiff.pyc /usr/lib/python2.7/site-packages/ndiff.py Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. nmap: 8 installed and not shipped files. [installed-vs-shipped] remove crazyness and let the system figure out packaging info remove ndiff.py* as the compiled version is installed in /usr/bin and remove the leftover python site-package cruft. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-06-26samhain: Avoid empty source archiverLei Maohui
It is better to put necessary work into do_patch task than add a new task. Otherwise,you can not get correct source code in some functions(such as archiver.bbclass). Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-05-25clamav: update package to 0.99.2Armin Kuster
remove unused patches. remove merged patches move files to /file for easier maintenance Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-25clamav: Fix new QA warningArmin Kuster
NOTE:meta-security/recipes-security/clamav/clamav_0.99.1.bb: base_contains is deprecated, please use bb.utils.contains instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-25sssd: Fix new QA warningArmin Kuster
NOTE:meta-security/recipes-security/sssd/sssd_1.13.3.bb: base_contains is deprecated, please use bb.utils.contains instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23sssd: add new packageArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23libdhash: add packageArmin Kuster
required by sssd Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23clamav: fix lib version mismatchArmin Kuster
drop lib version in package name drop insane and remove broken symlink Use LEAD_SONAME Don't hard code lib version in tasks Use native chrpath not the host provided version Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23clamav: update to 0.99.1Armin Kuster
removed debian patches brut force remove rpaths Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23suricata: update package to 3.0.1Armin Kuster
- fixes for multiple stability issues - many memory leak fixes - Hyperscan MPM support (experimental) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-23nmap: update to 7.12Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-11paxctl: fix compile issue.Armin Kuster
use CC from build not host via EXTRA_OEMAKE thanks khem this fixes the below error. WARNING: paxctl-0.9-r0 do_package_qa: QA Issue: /sbin/paxctl contained in package paxctl requires libc.so.6(GLIBC_2.3.4)(64bit), but no providers found in RDEPENDS_paxctl? [file-rdeps] minor recipe cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-04-11nmap: update to 7.11Armin Kuster
https://nmap.org/changelog.html Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-03-14samhain-client: Erorr FixLi Xin
The Error is as following: # /usr/sbin/samhain -t init -p info ...... Segmentation fault # echo $? 139 Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-03-14tripwire: Fix build issue for armebArmin Kuster
add config parama for armeb Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-03-14suricata: update to 3.0Armin Kuster
removed patch no longer needded. LIC_FILES_CHKSUM changed do to copyright date updates. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-03-14nmap: update to version 7.0.1Armin Kuster
fixed WARNING: QA Issue: /usr/bin/ndiff_nmap contained in package nmap requires /usr/bin/python2.7, but no providers found in its RDEPENDS [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-17suricata: package update to 2.0.11Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-17samhain-client: update to 4.1.2Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-17Samhain: package update to 4.1.2Armin Kuster
4.1.1 Changes: - Fix for broken libwrap support. - Fix for broken baseline update (-t update) on FreeBSD and maybe other non GNU/Linux systems. - Fix for ungraceful handling of rotated logiles if logfile content is always zero or constant. - Fix for timezone offset calculation on month rollover for timezones west of GMT. 4.1.2 Changes: - Fix for broken rpm / rpm-light makefile targets. - Fix for the failure to detect open UDP ports sometimes. - Fix for reporting file changes with the wrong policy if both inotify is used and the file change occurs during a configuration reload. - New configure options --enable-posix-acl and --enable-selinux to turn the soft failure (no support for checking compiled in) into a hard failure if required headers/libraries are missing for this feature. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-17nmap: package update to 7.0Armin Kuster
removed integrated patch Changed LIC_FILES_CHKSUM from generic OE to a file within the package sources. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-30suricata: update to version 2.0.9Armin Kuster
Changes Bug #1558: stream: retransmission not detected (2.0.x) Bug #1550: Segmentation Fault at detect-engine-content-inspection.c:438 Bug #1564: defrag: evasion issue Bug #1431: stream: last_ack update issue leading to stream gaps (2.0.x) Bug #1483: 2.0.x backport: Leading whitespace in flowbits variable names Bug #1490: http_host payload validation erroring on uppercase PCRE metacharacters Bug #1501: 2.0.x backport: Add HUP coverage to output json-log Bug #1510: 2.0.x: address var parsing issue Bug #1513: stream_size <= and >= modifiers function as < and > (equality is not functional) (2.0.x) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-30libhtp: update to version 0.5.18Armin Kuster
Changes This is a minor bug-fix release: - Fixed [#120] Trigger request line parsing on incomplete request [Victor Julien] - Fixed [#119] Fix uninitialized htp_tx_t::is_last value in in htp_tx_res_process_body_data_ex() [Fedor Sakharov] - Fixed [#118] Coverity-identified missing break in switch [Sam Baskinger] - Fixed [#117] Coverity-identified issue of not checking malloc() return value [Sam Baskinger] - Fixed [#116] Fix coverity-identified leaked file descriptors in unit test [Sam Baskinger] - Fixed [#113] fix pkgconfig include dir [Eric Leblond] - Fixed [#111] Connect plain http [Victor Julien] - Fixed [#105] Do not invoke callbacks in htp_req_run_hook_body_data() when there is no tx running. [Sam Baskinger] - Fixed [#104] Modifiying HTTP methods to be rfc3253 compliant [Andreas Moe] - Fixed [#103] Fixes [Victor Julien] - Fixed [#101] Make including the autoconf config header safer [Brian Rectanus] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-30ccs-tools: update to 1.8.4Armin Kuster
change LIC_CHKSUM to COPYING.css where the license statement resides. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-30Fix an error when samhain -t checkLi Xin
Fixes an error when "samhain -t check" is executed. The error is like this: 'ERROR: msg=<Record with bad version number in file signature database>, subroutine=<sh_dbIO_getdataent>, path=<(null)>' Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-30samhain: update to 4.1.0Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-08clamav: Update source mirrorIoan-Adrian Ratiu
The source archive was deleted from the debian mirror; get it from launchpad for now Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-08nmap: fix build issue.Armin Kuster
ncat/ncat_lua.c:174: undefined reference to `lua_remove' ncat/ncat_lua.c:167: undefined reference to `lua_insert' use internal lua support Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-08libseccomp: update to latestArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-08paxctl: add new recipeJagadeesh Krishnanjanappa
paxctl is a tool that allows PaX flags to be modified on a per-binary basis. PaX is part of common security-enhancing kernel patches and secure distributions, such as GrSecurity or Adamantix and Hardened Gen- too, respectively. Your system needs to be running a properly patched and configured kernel for this program to have any effect. Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-10-08samhain-client: update to 4.0.0Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-08-31tripwire: Fix path to nano in default twcfg.txtHaris Okanovic
Nano is installed under /usr/bin/, not /bin/. Installed Tripwire on a Fido image and successfully ran `tripwire --update` to invoke text editor. Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>