aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security
AgeCommit message (Collapse)AuthorFilesLines
2020-10-10sssd: update to latest ltm 1.16.5Armin Kuster2-3/+37
fix musl support Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10libest: fix musl build.Armin Kuster1-0/+4
fixes est.c:38:10: fatal error: execinfo.h: No such file or directory | 38 | #include <execinfo.h> | | ^~~~~~~~~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-10ecryptfs-utils: fix musl buildArmin Kuster2-0/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-10-01libseccomp: fix ptest failures.Armin Kuster1-1/+1
Fixes: BusyBox v1.32.0 () multi-call binary. Usage: dd [if=FILE] [of=FILE] [bs=N] [count=N] [skip=N] Don't use Busybox dd, not compatable. Use coreutils Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29opendnssec: add recipeArmin Kuster4-0/+391
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29libest: add recipeArmin Kuster1-0/+23
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-29softHSM: add pkgArmin Kuster1-0/+30
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-12nss: update patch to fix do_patch errorQi.Chen@windriver.com1-77/+78
Currently sssd's do_patch task fails. Update the patch to fix this problem. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-09-05sssd: Avoid nss function conflicts with glibc nss.hArmin Kuster2-0/+78
glibc 2.32 will define these varibles [1] which results in conflicts with these static function names, backport a fix from upstream [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-08-29sssd: Make manpages buildableJonatan Pålsson2-1/+37
Some XML related fixes are needed to make the sssd manpages buildable Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-08-04libseccomp: fix cross compile error for mipsKai Kang2-0/+50
Backport patch to fix cross compile error for mips: | syscalls.h:44:6: error: expected identifier or '(' before numeric constant | 44 | int mips; | | ^~~~ Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-27libseccomp: update to 2.5.0Armin Kuster1-4/+5
Notable changes: Add support for the 64-bit RISC-V architecture Update the syscall tables to Linux v5.8.0-rc5 Python bindings and build now default to Python 3.x for more info see: https://github.com/seccomp/libseccomp/blob/master/CHANGELOG Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-27libsecomp: rv32/rv64 target builds are not supported yetArmin Kuster1-0/+3
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-25security packagegroups: move to recipes-coreArmin Kuster2-96/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-25security images: Move to recipe-coreArmin Kuster4-87/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-18python3-privacyidea: adding initial support for mfaArmin Kuster1-0/+40
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-14bastille: Deleted redundant inherit to fix error when enable multilib.Zheng Ruoqin1-2/+0
There is no need to inherit module-base. Because this inherit will stop bastille to build to lib32-bastille. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-07-06packagegroup-core-security-ptest: update fail2ban ptest pkg nameArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-06-23sssd: disable build secretsKai Kang1-4/+3
It requires http_parser.h to build secrets: | configure: error: | You must have the header file http_parser.h installed to build sssd | with secrets responder. If you want to build sssd without secret responder | then specify --without-secrets when running configure. The header file is from package http-parser[1] rather than apache2. But there is no recipe http-parser in openembedded. So disable build secrets for sssd and remove related systemd service and socket files. Reference: 1. https://github.com/nodejs/http-parser Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27sssd: Add infopipe PACKAGECONFIGJonatan Pålsson1-2/+3
infopipe was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-infopipe is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27sssd: Add missing DEPENDS on janssonJonatan Pålsson1-1/+1
When building with the curl PACKAGECONFIG, sssd will depend on the jansson library. Fixes the following error: | checking for JANSSON... no | checking jansson.h usability... no | checking jansson.h presence... no | checking for jansson.h... no | configure: error: | You must have the header file jansson.h installed to build sssd | with secrets and KCM responder. If you want to build sssd without these | responders then specify --without-secrets --without-kcm when running configure. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27sssd: Add missing files to SYSTEMD_SERVICEJonatan Pålsson1-0/+2
These files are installed when the ssh or curl PACKAGECONFIGs are enabled. Fixes the following error: ERROR: sssd-1.16.4-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package: /lib/systemd/system/sssd-kcm.socket /lib/systemd/system/sssd-kcm.service /lib/systemd/system/sssd-ssh.socket /lib/systemd/system/sssd-ssh.service Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27sssd: Add sudo PACKAGECONFIGJonatan Pålsson1-3/+3
sudo was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-sudo is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27sssd: Add autofs PACKAGECONFIGJonatan Pålsson1-3/+3
autofs was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-autofs is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27sssd: Sort PACKAGECONFIG entriesJonatan Pålsson1-9/+9
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27buck-security: move to recipes-scannersArmin Kuster1-45/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27checksecurity: move to recipes-scannersArmin Kuster3-96/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27checksec: move to recipe-scannersArmin Kuster1-19/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27clamav: move to recipes-scannersArmin Kuster9-1540/+0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-27fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslogArmin Kuster1-2/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-08libseccomp: update to 2.4.3Armin Kuster2-47/+1
dropped patch now included in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-08sssd: python2 not supportedArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-08sssd: DEPEND on nss if nothing else is chosenJonatan Pålsson1-0/+5
sssd will attempt to build against nss if no crypto is selected. If a bbappend sets PACKAGECONFIG = <list without nss or crypto>, the appropriate DEPEND is not established. Fixes the following configure error: ... snip ... | checking for NSS... configure: error: Package requirements (nss) were not met: | | No package 'nss' found | | Consider adjusting the PKG_CONFIG_PATH environment variable if you | installed software in a non-standard prefix. | | Alternatively, you may set the environment variables NSS_CFLAGS | and NSS_LIBS to avoid the need to call pkg-config. | See the pkg-config man page for more details. | | WARNING: exit code 1 from a shell command. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-08sssd: Fix typo in PACKAGECONFIG. cyrpto -> cryptoJonatan Pålsson1-1/+1
Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-08sssd: Add PACKAGECONFIG for python2Jonatan Pålsson1-0/+1
Fixes the following build error: .. snip .. | checking for python2... no | checking for python3... (cached) python3.8 | configure: error: | The program python2 was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. It is required for building python2 bindings. If you do not want to build | them please use argument --without-python2-bindings when running configure. | WARNING: exit code 1 from a shell command. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-05sssd: fix for ldblibdir and systemd etcKai Kang3-7/+62
Fix sssd issue for ldblibdir, systemd, pam etc. * fix ldblibdir which is not calculated right for cross compile * create directory /var/log/sssd which is required by sssd daemon * disable building python2 binding * fix pam module path * update systemd configure options and service files Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-01secuirty*-image: remove dead var and minor cleanupArmin Kuster2-4/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-01clamav-native: missed bison fixArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-03-01clamav: add bison-native to dependArmin Kuster1-1/+1
fixes build issue: clamav/0.101.5-r0/git/config/ylwrap: line 176: yacc: command not found Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-02-16google-authenticator-libpam: install module in pam locationArmin Kuster1-1/+4
pam_google_authenticator.so was being installed where pam could not find it. Move it where the rest of the pam modules site. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-02-16python3-fail2ban: add 2-3 conversion changesArmin Kuster3-2/+2530
Had to use the fail2ban-2.3 program to create py3 code Add it as a patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-02-10bastille: convert to py3Armin Kuster1-2/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-02-02ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directoryArmin Kuster1-1/+1
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-28buck-security: fix rdebends and minor style cleanupArmin Kuster1-34/+16
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-28checksecurity: fix runtime issuesArmin Kuster1-1/+1
add some missing perl modules Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-28google-authenticator-libpam: upgrade 1.07 -> 1.08Pierre-Jean Texier via Lists.Yoctoproject.Org1-1/+1
See changelog: https://github.com/google/google-authenticator-libpam/releases/tag/1.08 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-21python3-fail2ban: update to latestArmin Kuster1-12/+10
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-21sssd: drop py2 supportArmin Kuster1-4/+2
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-05fail2ban: fix runtime errorArmin Kuster1-4/+4
use success/failure calls in initd/function Signed-off-by: Armin Kuster <akuster808@gmail.com>
2020-01-03clamav: update to 0.101.5Armin Kuster1-39/+24
Signed-off-by: Armin Kuster <akuster808@gmail.com>