| Age | Commit message (Collapse) | Author |
|---|
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers
to inject arbitrary OS commands via the Server field in an HTTP response header,
which is directly injected into a CSV report.
Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com>
Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
*Changes*
Bug #1861: Suricata with multi tenancy does not start in 3.1/3.1.1
Bug #1889: Suricata doesn't error on missing semicolon
Bug #1910: libhtp 0.5.23 (3.1.x)
Bug #1912: http.memcap reached condition can lead to dead lock
Bug #1913: af-packet fanout detection broken on Debian Jessie
Bug #1933: unix-command socket created with last character missing (3.1.x)
Bug #1934: make install-full does not install tls-events.rules (3.1.x)
Bug #1941: Can't set fast_pattern on tls_sni content (3.1.x)
Bug #1942: dns - back to back requests results in loss of response (3.1.x)
Bug #1943: Check redis reply in non pipeline mode (3.1.x)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Changes:
- New option 'SetAuditdFlags = r|w|x|a' to (re-)define the flags supplied
to auditd.
- New option 'PortCheckDevice = device' for the port check module, to monitor
a device regardless of the address assigned to it.
- Fix for the case sensitivity of the arguments to the Severity/Class options.
- Compiler warnings with gcc 6.2 and a few minor bugs have been fixed.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LIC_FILES_CHKSUM change do to yr going from 2015 to 2016 in file.
Added "no update" config option.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
V2:
Fix typo and add LDFLAG to makefile
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
v2:
rebased against master-next which has 3.1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
add a few distro feature checks.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Commit 217e06badb146539122732ab0eb27fd17cce09e5 [clamav: fix gcc 6.x
build failure.] fixed a typo in "PACKAGECONFIG" (was missing the 'G')
but unfortunately the PACKAGECONFIG string was incorrectly formed due
to mismatched quotes. This caused a parsing error:
ERROR: Unable to parse .../meta-security/recipes-security/clamav/clamav_0.99.2.bb
...
Removed the unneeded quotes to fix the parsing issue.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* update the SRC_URI since it's been moved
from bitbucket to github.
* add ptest support
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
WARNING: paxctl-0.9-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '...../build/tmp-glibc/work/core2-64-oe-linux/paxctl/0.9-r0/packages-split/paxctl/sbin/paxctl' [ldflags]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
paxctl-native is needed to build paxtest.
Do not use the install target in Makefile for paxctl-native, it will
fail with error:
install: cannot change ownership of '.../sbin/paxctl': \
Operation not permitted
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
./llvm/include/llvm/Support/AlignOf.h:57:24: error: expected unqualified-id before 'alignof'
static inline unsigned alignof() { return AlignOf<T>::Alignment; }
^~~~~~~
configure --with-system-llvm --with-llvm-linking=dynamic.
define use with meta-oe LLVM3.3 via config option
Fix typo for systemd PACKAGECONFIG
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
1) Upgrade samhain from 4.1.4 to 4.1.5.
2) Add TARGET_CC_ARCH.Fix error.
ERROR: samhain-server-4.1.5-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yule_setpwd'
No GNU_HASH in the elf binary: '/yocto/work001/fnst/wangx/poky/build/tmp/work/i586-poky-linux/samhain-server/4.1.5-r0/packages-split/samhain-server/usr/sbin/yulectl' [ldflags]
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
this also fixes clang and gcc 5.3 build issues
remove merged patches
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
4.1.4:
- Fix for issues with re-evaluation of paths with wildcard patterns:
- no re-evaluation if no match at process startup
- if same pattern used for a file=.. and dir=.. directive, only
one (the first in config file) is re-evaluated
- Fix for issues with new directories created when inotify is used:
- recursion depth is not properly set for new directory
- directory gets watched even if recursion depth should be below zero
4.1.3:
- Fix for a regression in DNS resolving if samhain is compiled
with '--enable-static'
- On Cygwin/Windows, the default for the 'AvoidBlock' option is now 'off'
because of problems reported for this platform.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
WARNING: nmap-7.12-r0 do_package: QA Issue: nmap: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/bin/ndiff
/usr/bin/nping
/usr/bin/ncat
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/ndiff.pyc
/usr/lib/python2.7/site-packages/ndiff.py
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
nmap: 8 installed and not shipped files. [installed-vs-shipped]
remove crazyness and let the system figure out packaging info
remove ndiff.py* as the compiled version is installed in /usr/bin
and remove the leftover python site-package cruft.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
It is better to put necessary work into do_patch task than add a new task.
Otherwise,you can not get correct source code in some functions(such as archiver.bbclass).
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
remove unused patches.
remove merged patches
move files to /file for easier maintenance
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
NOTE:meta-security/recipes-security/clamav/clamav_0.99.1.bb: base_contains is deprecated, please use bb.utils.contains instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
NOTE:meta-security/recipes-security/sssd/sssd_1.13.3.bb: base_contains is deprecated, please use bb.utils.contains instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
required by sssd
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
drop lib version in package name
drop insane and remove broken symlink
Use LEAD_SONAME
Don't hard code lib version in tasks
Use native chrpath not the host provided version
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
removed debian patches
brut force remove rpaths
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- fixes for multiple stability issues
- many memory leak fixes
- Hyperscan MPM support (experimental)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
use CC from build not host via EXTRA_OEMAKE
thanks khem
this fixes the below error.
WARNING: paxctl-0.9-r0 do_package_qa: QA Issue: /sbin/paxctl contained in package paxctl requires libc.so.6(GLIBC_2.3.4)(64bit), but no providers found in RDEPENDS_paxctl? [file-rdeps]
minor recipe cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
https://nmap.org/changelog.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The Error is as following:
# /usr/sbin/samhain -t init -p info
......
Segmentation fault
# echo $?
139
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
add config parama for armeb
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
removed patch no longer needded.
LIC_FILES_CHKSUM changed do to copyright date updates.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
fixed WARNING: QA Issue: /usr/bin/ndiff_nmap contained in package nmap requires /usr/bin/python2.7, but no providers found in its RDEPENDS [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
4.1.1 Changes:
- Fix for broken libwrap support.
- Fix for broken baseline update (-t update) on FreeBSD and maybe other non GNU/Linux systems.
- Fix for ungraceful handling of rotated logiles if logfile content is always zero or constant.
- Fix for timezone offset calculation on month rollover for timezones west of GMT.
4.1.2 Changes:
- Fix for broken rpm / rpm-light makefile targets.
- Fix for the failure to detect open UDP ports sometimes.
- Fix for reporting file changes with the wrong policy if both inotify is
used and the file change occurs during a configuration reload.
- New configure options --enable-posix-acl and --enable-selinux to turn the
soft failure (no support for checking compiled in) into a hard failure
if required headers/libraries are missing for this feature.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
removed integrated patch
Changed LIC_FILES_CHKSUM from generic OE to a file within the package
sources.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes
Bug #1558: stream: retransmission not detected (2.0.x)
Bug #1550: Segmentation Fault at detect-engine-content-inspection.c:438
Bug #1564: defrag: evasion issue
Bug #1431: stream: last_ack update issue leading to stream gaps (2.0.x)
Bug #1483: 2.0.x backport: Leading whitespace in flowbits variable names
Bug #1490: http_host payload validation erroring on uppercase PCRE
metacharacters
Bug #1501: 2.0.x backport: Add HUP coverage to output json-log
Bug #1510: 2.0.x: address var parsing issue
Bug #1513: stream_size <= and >= modifiers function as < and > (equality
is not functional) (2.0.x)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes
This is a minor bug-fix release:
- Fixed [#120] Trigger request line parsing on
incomplete request [Victor Julien]
- Fixed [#119] Fix uninitialized htp_tx_t::is_last value
in in htp_tx_res_process_body_data_ex() [Fedor Sakharov]
- Fixed [#118] Coverity-identified missing break in switch [Sam Baskinger]
- Fixed [#117] Coverity-identified issue of not checking
malloc() return value [Sam Baskinger]
- Fixed [#116] Fix coverity-identified leaked file descriptors
in unit test [Sam Baskinger]
- Fixed [#113] fix pkgconfig include dir [Eric Leblond]
- Fixed [#111] Connect plain http [Victor Julien]
- Fixed [#105] Do not invoke callbacks in htp_req_run_hook_body_data()
when there is no tx running. [Sam Baskinger]
- Fixed [#104] Modifiying HTTP methods to be rfc3253 compliant [Andreas Moe]
- Fixed [#103] Fixes [Victor Julien]
- Fixed [#101] Make including the autoconf config header safer [Brian Rectanus]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
change LIC_CHKSUM to COPYING.css where the license statement resides.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes an error when "samhain -t check" is executed.
The error is like this:
'ERROR: msg=<Record with bad version number in file signature database>,
subroutine=<sh_dbIO_getdataent>, path=<(null)>'
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The source archive was deleted from the debian mirror; get it from
launchpad for now
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ncat/ncat_lua.c:174: undefined reference to `lua_remove'
ncat/ncat_lua.c:167: undefined reference to `lua_insert'
use internal lua support
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Nagalakshmi Veeramallu
Armin Kuster
Mark Asselstine
Jackie Huang
Joe Slater
Wang Xin
Jonathan Liu
Lei Maohui
Li Xin
Ioan-Adrian Ratiu