aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2018-07-03CVE-2018-11652 nikto: arbitray OS command injection via http server field.pyroNagalakshmi Veeramallu
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-06apparmor: fix a few build issuesArmin Kuster
configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation | configure.ac:8: error: version mismatch. This is Automake 1.15.1, | configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE add aclocal and make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils' | error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions: remove --disable-static and ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps] add perl to ptest RDEPENDS Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-11-06Apparmor: add apache2 to PACKAGECONF and check for webserver layerArmin Kuster
Don't want to add layer depends for one package unless needed. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-11-06apparmor: Rework such that the utilities are functional by defaultTom Rini
This introduces a number of changes: - Fix the python PACKAGECONFIG knob - The included python support is python3-based, so use those classes. - When set, make sure to RDEPEND on the python modules the tools use. - Fix the perl PACKAGECONFIG knob - Add two patches so that configure will find perl and then compile will cross-compile the library correctly. - So that we place perl modules in the correct location we need cpan to be inherited. - When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in via inherit. - Default to enabling the python and perl PACKAGECONFIG knobs as the majority of the userspace tools are python3 based, and the few that aren't that nor C based are perl based. - Because of the above we must drop the -python package because it's required for the utilities in the main package. Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-11-06apparmor: fix python packaging issueArmin Kuster
WARNING: apparmor-2.11.0-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package: /usr/lib/python2.7 /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages/apparmor-2.11.0-py2.7.egg-info /usr/lib/python2.7/site-packages/apparmor /usr/lib/python2.7/site-packages/apparmor/regex.py use python2 instead of python3 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14layer-conf: Use *_FEATURES in LAYERDEPENDSArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14security-core package group: add few more appsArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14clamav: fix new build errorArmin Kuster
configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stability issues then! bypass check as our zlib is 1.2.11 Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14sssd: update SRC_URI as git.fedorahosted.org shut downArmin Kuster
build fixes too Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14tpm2: package groups fixesArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14linux-stable: fix module selectionsArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14tpm-image: used for testing for now.Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14kernel tpm reworkArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14tpm-i2c: some systems us i2c TPMArmin Kuster
add modules and i2c support Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14tpm packagegroups: split into logical unitsArmin Kuster
this should help mitgate the need to pull in too many layers if swtpm in not wanted Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14packagegroup: remove tpm componentsArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14meta-tpm: add base package group as was in meta-securityArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14change tpm from distro to machine featureArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-14tpm: move to a sub layerArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-07swtpm-wrappers-native.bb: need netstatPatrick Ohly
netstat from net-tools-native is needed for swtpm_setup.sh, which uses it to check whether the swtpm daemon has started. The scripts hangs in a loop during startup when netstat is missing. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-05-07freediameter: Add recipeArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-25swtpm-wrappers: fix naming convention violationPatrick Ohly
Native recipes must be called <foo>-native. This is more than just a recommendation, there's actual code which checks for the suffix. Not following that rule broke swtpm-wrappers when using the "usrmerge" DISTRO_FEATURE, because the code in native.bbclass which cleans up DISTRO_FEATURES for native recipes was skipped and thus swtpm-wrappers ended up using different paths than the other native recipes. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-25tpm2.0-tss: update to tip.Armin Kuster
remove merged patch now in tip Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-25samhain: update to 4.2.1Armin Kuster
remove patch integrated into update Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-13swtpm: update to latest tipAmarnath Valluri
Pull in changes to support passing client control sockets(--ctrl type=unixio,clientfd=<fd>), that allows to fork swtpm and communicate using socketpair. Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06apparmor: update to 2.11.0 plus ptestArmin Kuster
update to 2.11 Add basic ptest support v2: remove none existent file Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06linux-yocto: add 4.10 kernel supportArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06libseccomp: update to 2.3.2Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06tpm2.0-tss: fix musl build issueArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06kernel: mv 4.8 kernel to 4.9Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06tpm2.0-tss: update to latestArmin Kuster
[v2]: include new hash LICENSE file changes do to removal of TCG minor changes do to configure and makefile updates Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-04-06tpm2.0-tools: update to latestArmin Kuster
minor changes to reflect configure/makefile updates Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27samhain: fix build issues when using muslArmin Kuster
[v2]: Correct musl malloc fix. remove HAVE_MALLOC_H define; this enables using the included defined mallinfo. [V1]: Fix c99 x_dnmalloc.c:563:26: error: return type is an incomplete type | #define public_mALLINFo mallinfo | ^ | x_dnmalloc.c:1689:17: note: in expansion of macro 'public_mALLINFo' | struct mallinfo public_mALLINFo() { and _dnmalloc.c:5527:17: error: unknown type name 'u_int' | u_int rnd[(128 - 2*sizeof(struct timeval)) / sizeof(u_int)]; | ^~~~~ Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27tpm2.0-tss: install resourcemgr serviceBenjamin Gaignard
Install systemd resource.mgr service and it needed user/group. version 2: - do not hardcode sbin directory in a patch but use ${sbindir} instead Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-03-27swtpm-wrappers: wrap more commandsPatrick Ohly
Soon it might be possible to let qemu start swtpm directly, without requiring root privileges as for swtpm_cuse. For that to work we also need to wrap the swtpm binary. Just in case we now also do it for everything. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-03-27build-image: remove ROOTFS_PKGMANAGE_BOOTSTRAPArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27samhain-server: fix config error with aclArmin Kuster
when acl is enabled this error occurrs. configure: error: in `/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/samhain-server-native/4.2.0-r0/samhain-4.2.0': | configure: error: --enable-posix-acl was given, but test for acl support failed add missing depends. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27trousers: Fix musl compile errorArmin Kuster
use POSIX getpwent instead of getpwent_r This was causing the libtspi to have the getpwent_r with when loaded via tpm-tools, it would fail. [ Yocto #11095] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27swtpm: fix musl build issuesArmin Kuster
add two fixes for musl build issues. also update to latest tip Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27tpm-tools: updatet 1.3.9.1Armin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27swtpm: depends on expect-native and socat-nativeBenjamin Gaignard
The configure script checks for expect and socat and fails when it is not present. Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-27suricata: update to 3.2.1Armin Kuster
cleaned up ptyhon package creation. dropped patch no longer needed Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-03-02libseccomp: convert test package to ptestWenzong Fan
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18libtpm: Fix arm build issuesArmin Kuster
backport two upstream patches and remove local verison Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18scapy: fix the pickling issueJackie Huang
Backport a patch to fix the pickling issue when save_session: PicklingError: Can't pickle <type 'function'>: attribute lookup __builtin__.function failed Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18python-pycrypto: remove app as its now in meta-oeArmin Kuster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18libseccomp: update to tipArmin Kuster
adds support for 4.9 and 4.10-rc1 kernels adds support for python 3.x Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18swtpm: update to latest tipPatrick Ohly
Brings in instructions for setting the log level. Setting the log level with --log file=...,level=1 is necessary at the moment before anything gets written to the log. Even errors are suppressed by default. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18swtpm-wrappers: simplify using swtpm-nativePatrick Ohly
Native tools exist in recipe specific sysroots and are normally not meant to be called from outside a build. But that's what we need to do when using swtpm-native together with qemu, so these wrappers make that possible by setting up the necessary environment and hiding the internal paths. Invoking swtpm_setup.sh gets some special support: swtpm_setup.sh runs two daemons, tcsd and swtpm, of which tcsd insists on running as root or tss. In practice, running as the normal user is perfectly fine. Instead of patching the upstream source code, the approach take here is to run under pseudo. Usage examples: $ bitbake swtpm-wrappers $ mkdir -p my-machine/myvtpm0 $ tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 Starting vTPM manufacturing as root:root @ Mon 16 Jan 2017 04:09:21 PM CET TPM is listening on TCP port 55675. -rw------- 1 root root 65 Jan 16 16:09 /tmp/tmp.2yJBKTTwRk Ending vTPM manufacturing @ Mon 16 Jan 2017 04:09:21 PM CET The resulting "my-machine/myvtpm0" can then be used with swtpm (this time, it really has to be running as root because it uses CUSE to create /dev/vtpm0, and an absolute path is needed for the tpm state dir) and qemu-tpm (patches not currently in OE-core, have to be applied manually): $ sudo tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_cuse_oe.sh -n vtpm0 --tpmstate dir=`pwd`/my-machine/myvtpm0 $ sudo chmod a+rw /dev/vtpm0 $ runqemu ... 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0' Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-02-18swtpm: cuse packageconfigPatrick Ohly
The CUSE support in swtpm does not depend on selinux. It is needed for simulating a virtual TPM, one of the use cases for swtpm-native, so enable it by default. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>