Age | Commit message (Collapse) | Author |
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers
to inject arbitrary OS commands via the Server field in an HTTP response header,
which is directly injected into a CSV report.
Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com>
Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
status get by "systemctl status samhain" is not correct.
It is active(exited) now. but actually, there is a dameon
running, it should be active(running). so change Type of
servive.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When systemd is used as system init manager, there is a build issue complains
"can't found apparmor.service". This patch fix it.
Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Refresh patches with devtool command.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
No packages depend on samhain-server-native and it doesn't
make sense to extend a server package to native, so remove
the BBCLASSEXTEND.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This solves the below error when systemd is used as init manager,
-- snip --
ERROR: clamav-0.99.2-r0 do_package: SYSTEMD_SERVICE_clamav value clamav.service does not exist
ERROR: clamav-0.99.2-r0 do_package: Function failed: systemd_populate_packages
-- snip --
Other issue:
* Ship /lib/systemd/system/clamav-freshclam.service into ${PN}-freshclam
package, to solve below warning:
-- snip --
[10240] WARNING: QA Issue: clamav: Files/directories were installed but not shipped in any package:
/lib/systemd/system/clamav-freshclam.service
-- snip --
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
removed unused hash checksums
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
resides in meta-networking now
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
drop git hash from PV
Use master branch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
update some PACKAGECONFIG changes
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop patch included in update.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop git PV for bb reciped PV.
supports 4.15 kernel
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When used in native builds, the variable STAGING_DIR_HOST expands
to the empty string. This leads 'sed' to an error because the pattern
is empty. Using STAGING_DIR instead of STAGING_DIR_HOST allows
to use xmlsec1 in native builds with the correct behaviour.
Change-Id: I55f40ac2413863c489d4219e0080f7e4e274a6db
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Remove the absolute path for start-stop-daemon
to fix samhain start-up as start-stop-daemon
sometimes located in /usr/sbin, not the expected
/sbin.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
fscryptctl is a low-level tool written in C that handles
raw keys and manages policies for Linux filesystem
encryption [1].
For a tool that presents a higher level interface and
manages metadata, key generation, key wrapping, PAM
integration, and passphrase hashing, see fscrypt [2].
[1] https://lwn.net/Articles/639427
[2] https://github.com/google/fscrypt
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The old URL can't be available, give the new URL to keynote.
The project already moved to:
https://sourceforge.net/projects/keynote-2-3/
The different between old and new tarball was:
the old tarball contains doc directory, source codes were same.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Symlink /usr/sbin/UndoBastille in bastille points to TMPDIR [symlink-to-sysroot]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
libhtp updated in // as suricata contains the sources
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Use '${COMMON_LICENSE_DIR}/MIT' for MIT License to fix the warning:
| WARNING: packagegroup-core-security do_populate_lic:
${COREBASE}/LICENSE is not a valid license file, please use
'${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM.
This will become an error in the future
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add LDFLAGS variable to fix QA issue for GNU_HASH:
| ERROR: samhain-client-4.2.2-r0 do_package_qa: QA Issue:
No GNU_HASH in the elf binary: '/builddir/usr/sbin/samhain_setpwd' [ldflags]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add a patch to avoid searching host dir for postgresql,
and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* The "??=" assignment for PACKAGECONFIG is overridden by
the following "+=" assignments, which is not expected,
so combine them into one assignment with multiple lines.
* Fix a typo for postgresql.
* Remove unneeded quotation marks.
* run aotoconf to regenerate the configure, or the patch
for ps option doesn't work:
| configure: error: unrecognized option: --with-ps-path=/bin/ps
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The extended attribute is required by selinux feature,
so add the dependency when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
| configure.ac:8: error: version mismatch. This is Automake 1.15.1,
| configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE
add aclocal
and
make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils'
| error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions:
remove --disable-static
and
ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps]
add perl to ptest RDEPENDS
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Don't want to add layer depends for one package unless needed.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
LIC_CHKSUM_FILES changed do to yr update.
add a few more PACKCONFIG
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose.
Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* update to version 4.2.2
* Add new recipe for standalone mode
* Add systemd support
* Add patches to fix several issues
* samhain-standalone: add ptest support
* samhain-server: no need to depend on samhain-server-native
* Move common things from the bb to the inc file
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- We need various python3 modules and we can only really solve this
problem by including all python3-modules.
- aa-easyprof needs to have its shebang corrected, do so.
- The apparmor initscript depends on functions that LSB does not require
so we must provide them. In some cases it's using non-standard
function, so we just use more appropriate names.
- The apparmor sysvinit-style initscript assumes that
systemd-detect-virt will exist on the filesystem. Change this to
check that it does before trying to execute it.
[for aa-easyprof:]
Reported-by: Anders Montonen <Anders.Montonen@iki.fi>
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Mhash is a free (under GNU Lesser GPL) library which provides
a uniform interface to a large number of hash algorithms.
These algorithms can be used to compute checksums, message
digests, and other signatures.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
libgssglue exports a gssapi interface which calls
other gssapi libraries.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
- Add a patch to fix python library install dir for multilib.
- Add a patch to fix race condition with mkdir command.
- Inherit pythonnative instead of python-dir and install
python modules for ndiff to fix the following errors:
"""
root@qemux86-64:~# ndiff --help
-sh: /usr/bin/ndiff: /path_to_build/tmp/hosttools/python: bad interpreter: No such file or directory
root@qemux86-64:~# python /usr/bin/ndiff
Could not import the ndiff module: 'No module named ndiff'.
"""
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
KeyNote is a simple and flexible trust-management system
designed to work well for a variety of large- and small-
scale Internet-based applications
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
XML Security Library is a C library based on LibXML2 and OpenSSL.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This introduces a number of changes:
- Fix the python PACKAGECONFIG knob
- The included python support is python3-based, so use those classes.
- When set, make sure to RDEPEND on the python modules the tools use.
- Fix the perl PACKAGECONFIG knob
- Add two patches so that configure will find perl and then compile
will cross-compile the library correctly.
- So that we place perl modules in the correct location we need cpan
to be inherited.
- When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in
via inherit.
- Default to enabling the python and perl PACKAGECONFIG knobs as the
majority of the userspace tools are python3 based, and the few that
aren't that nor C based are perl based.
- Because of the above we must drop the -python package because it's
required for the utilities in the main package.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
WARNING: apparmor-2.11.0-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package:
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/apparmor-2.11.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/apparmor
/usr/lib/python2.7/site-packages/apparmor/regex.py
use python2 instead of python3
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
eCryptfs is a stacked cryptographic filesystem that ships
in Linux kernel versions 2.6.19 and above. This package
provides the mount helper and supporting libraries to
perform key management and mount functions.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
keyutils is utilities to control the kernel key
management facility and to provide a mechanism by
which the kernel call back to userspace to get a
key instantiated.
It's required by ecryptfs-utils.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|