Age | Commit message (Collapse) | Author |
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers
to inject arbitrary OS commands via the Server field in an HTTP response header,
which is directly injected into a CSV report.
Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com>
Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
configure.ac:8: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation
| configure.ac:8: error: version mismatch. This is Automake 1.15.1,
| configure.ac:8: but the definition used by this AM_INIT_AUTOMAKE
add aclocal
and
make: Entering directory '/home/akuster/oss/clean/poky/build/tmp/work/mips64-poky-linux/apparmor/2.11.0-r0/apparmor-2.11.0/binutils'
| error: ../libraries/libapparmor//src/.libs/libapparmor.a is missing. Pick one of these possible solutions:
remove --disable-static
and
ERROR: apparmor-2.11.0-r0 do_package_qa: QA Issue: /usr/lib/apparmor/ptest/testsuite/parser/tst/gen-dbus.pl contained in package apparmor-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_apparmor-ptest? [file-rdeps]
add perl to ptest RDEPENDS
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Don't want to add layer depends for one package unless needed.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This introduces a number of changes:
- Fix the python PACKAGECONFIG knob
- The included python support is python3-based, so use those classes.
- When set, make sure to RDEPEND on the python modules the tools use.
- Fix the perl PACKAGECONFIG knob
- Add two patches so that configure will find perl and then compile
will cross-compile the library correctly.
- So that we place perl modules in the correct location we need cpan
to be inherited.
- When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in
via inherit.
- Default to enabling the python and perl PACKAGECONFIG knobs as the
majority of the userspace tools are python3 based, and the few that
aren't that nor C based are perl based.
- Because of the above we must drop the -python package because it's
required for the utilities in the main package.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
WARNING: apparmor-2.11.0-r0 do_package: QA Issue: apparmor: Files/directories were installed but not shipped in any package:
/usr/lib/python2.7
/usr/lib/python2.7/site-packages
/usr/lib/python2.7/site-packages/apparmor-2.11.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/apparmor
/usr/lib/python2.7/site-packages/apparmor/regex.py
use python2 instead of python3
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stability issues then!
bypass check as our zlib is 1.2.11
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
build fixes too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
add modules and i2c support
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
this should help mitgate the need to pull in too many layers
if swtpm in not wanted
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
netstat from net-tools-native is needed for swtpm_setup.sh, which uses
it to check whether the swtpm daemon has started. The scripts hangs in
a loop during startup when netstat is missing.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Native recipes must be called <foo>-native. This is more than just a
recommendation, there's actual code which checks for the suffix.
Not following that rule broke swtpm-wrappers when using the "usrmerge"
DISTRO_FEATURE, because the code in native.bbclass which cleans up
DISTRO_FEATURES for native recipes was skipped and thus swtpm-wrappers
ended up using different paths than the other native recipes.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
remove merged patch now in tip
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
remove patch integrated into update
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Pull in changes to support passing client control sockets(--ctrl
type=unixio,clientfd=<fd>), that allows to fork swtpm and communicate using
socketpair.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
update to 2.11
Add basic ptest support
v2: remove none existent file
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
[v2]:
include new hash
LICENSE file changes do to removal of TCG
minor changes do to configure and makefile updates
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
minor changes to reflect configure/makefile updates
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
[v2]: Correct musl malloc fix.
remove HAVE_MALLOC_H define; this enables using the included defined mallinfo.
[V1]: Fix c99
x_dnmalloc.c:563:26: error: return type is an incomplete type
| #define public_mALLINFo mallinfo
| ^
| x_dnmalloc.c:1689:17: note: in expansion of macro 'public_mALLINFo'
| struct mallinfo public_mALLINFo() {
and
_dnmalloc.c:5527:17: error: unknown type name 'u_int'
| u_int rnd[(128 - 2*sizeof(struct timeval)) / sizeof(u_int)];
| ^~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Install systemd resource.mgr service and it needed user/group.
version 2:
- do not hardcode sbin directory in a patch but use ${sbindir} instead
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Soon it might be possible to let qemu start swtpm directly, without
requiring root privileges as for swtpm_cuse. For that to work
we also need to wrap the swtpm binary. Just in case we now also
do it for everything.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
when acl is enabled this error occurrs.
configure: error: in `/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/x86_64-linux/samhain-server-native/4.2.0-r0/samhain-4.2.0':
| configure: error: --enable-posix-acl was given, but test for acl support failed
add missing depends.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
use POSIX getpwent instead of getpwent_r
This was causing the libtspi to have the getpwent_r with when loaded via tpm-tools, it would fail.
[ Yocto #11095]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
add two fixes for musl build issues.
also update to latest tip
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The configure script checks for expect and socat and
fails when it is not present.
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
cleaned up ptyhon package creation.
dropped patch no longer needed
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
backport two upstream patches and remove local verison
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch to fix the pickling issue when save_session:
PicklingError: Can't pickle <type 'function'>: attribute lookup __builtin__.function failed
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
adds support for 4.9 and 4.10-rc1 kernels
adds support for python 3.x
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Brings in instructions for setting the log level. Setting the log level
with --log file=...,level=1 is necessary at the moment before anything
gets written to the log. Even errors are suppressed by default.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Native tools exist in recipe specific sysroots and are normally
not meant to be called from outside a build. But that's what we
need to do when using swtpm-native together with qemu, so these
wrappers make that possible by setting up the necessary environment
and hiding the internal paths.
Invoking swtpm_setup.sh gets some special support: swtpm_setup.sh runs
two daemons, tcsd and swtpm, of which tcsd insists on running as root
or tss. In practice, running as the normal user is perfectly
fine. Instead of patching the upstream source code, the approach take
here is to run under pseudo.
Usage examples:
$ bitbake swtpm-wrappers
$ mkdir -p my-machine/myvtpm0
$ tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0
Starting vTPM manufacturing as root:root @ Mon 16 Jan 2017 04:09:21 PM CET
TPM is listening on TCP port 55675.
-rw------- 1 root root 65 Jan 16 16:09 /tmp/tmp.2yJBKTTwRk
Ending vTPM manufacturing @ Mon 16 Jan 2017 04:09:21 PM CET
The resulting "my-machine/myvtpm0" can then be used with swtpm (this
time, it really has to be running as root because it uses CUSE to
create /dev/vtpm0, and an absolute path is needed for the tpm state
dir) and qemu-tpm (patches not currently in OE-core, have to be
applied manually):
$ sudo tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_cuse_oe.sh -n vtpm0 --tpmstate dir=`pwd`/my-machine/myvtpm0
$ sudo chmod a+rw /dev/vtpm0
$ runqemu ... 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0'
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The CUSE support in swtpm does not depend on selinux. It is needed
for simulating a virtual TPM, one of the use cases for swtpm-native, so
enable it by default.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|