summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-security/audit
Commit message (Collapse)AuthorAgeFilesLines
* meta-openembedded/all: adapt to UNPACKDIR changesAlexander Kanavin2025-06-251-1/+0
| | | | | | | | | | | | | Please see https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265 for what changes are needed, and sed commands that can be used to make them en masse. I've verified that bitbake -c patch world works with these, but did not run a world build; the majority of recipes shouldn't need further fixups, but if there are some that still fall out, they can be fixed in followups. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0.4 -> 4.0.5Wang Mingyu2025-06-092-9/+6
| | | | | | | | | | | | | | | | | | 0001-Fixed-swig-host-contamination-issue.patch refreshed for 4.0.5 Changelog: ============ - Rework audisp queue to be lockless - Fix missing delete command in auditctl - Allow plus addresses (rfc5233) to auditd email. - Reduce memory churn in auditd event dispatching - Add configurable recurring state report in auditd - Switch audisp-statsd to stop sending signals - Add glibc memory stats to audisp-statsd Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0.3 -> 4.0.4Yi Zhao2025-06-021-1/+1
| | | | | | | | | | | | | | | | | | ChangeLog: - auditctl: update io_uring operations table - update syscall table for 6.15 - auditd.cron.5: Describe time-based log rotation setup - auditd: Broadcast a warning on startup if a system halt is possible - Fix audisp-remote segfault on connection error - Improve locating last event if ausearch is using checkpointing - af_unix plugin: fix string mode support - Remove const from audit_rule_fieldpair_data & audit_rule_interfield_comp_data - Add various updates to the experimental ids plugin - Add glibc memory statistics to auditd state report Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: remove empty directoryYi Zhao2025-02-241-0/+3
| | | | | | | | | | | | Remove empty directory when enable multilib. Fixes: ERROR: audit-4.0.3-r0 do_package: QA Issue: audit: Files/directories were installed but not shipped in any package: /usr/lib Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0.2 -> 4.0.3Yi Zhao2025-01-262-12/+7
| | | | | | | | | | | | | | | | | | | | | | | ChangeLog: - Remove a RHEL4 flag table since it's been unsupported for a while - Change dependency from Requires to Wants for audit-rules.service - Disable ProtectKernelModules by default in auditd.service - Skip plugin configs that do not have .conf suffix - audisp-filter: iterate records correctly when forwarding - Update syscall table for missing syscalls - Modify ausearch checkpoint code to address 64 inode and device numbers - Fix potential segfault interpreting relative paths - Add audit_set_enabled & audit_is_enabled back to the libaudit python bindings - Log runlevel changes to console during boot - Add audit-tmpfiles.conf to ensure /var/log/audit exists - Propagate event format to the audisp-af_unix plugin - Add support for RISC-V - riscv32, riscv64 * Enable riscv support * Use its own volatile file for systemd. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: fix build when systemd is enabled.Armin Kuster2024-10-131-0/+6
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Fix CVE_PRODUCTShinji Matsunaga2024-09-241-0/+2
| | | | | | | | | | | | | | Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux". Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft", which are unrelated to the "audit" in this recipe. https://www.opencve.io/cve?vendor=visionsoft&product=audit In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux". Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit". Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0.1 -> 4.0.2Yi Zhao2024-08-142-52/+1
| | | | | | | | | | | | | | | | | | | | ChangeLog: - Fix musl C builds - Many code cleanups - Use atomic variables if available for signal related flags - Dont rotate audit logs when auditd is in debug mode - Fix a couple memory leaks on error paths - Correct output when displaying rules with exe/path/dir - Fix auparse lookup test to not use the system libaupaurse - Improve auparse metrics - Update auparse normalizer for recent syscalls - Make status report uniform Drop 0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Start WORKDIR -> UNPACKDIR transitionKhem Raj2024-05-231-2/+2
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Use PYTHON_SITEPACKAGES_DIR instead of hard-coded site-packages directory pathalperak2024-04-151-2/+2
| | | | | | | | | | | | The following paths have been replaced with PYTHON_SITEPACKAGES_DIR: - "${libdir}/${PYTHON_DIR}/site-packages" - "${libdir}/python${PYTHON_BASEVERSION}/site-packages" - "${libdir}/python*/site-packages" - "${libdir}/python3.*/site-packages" Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0 -> 4.0.1Yi Zhao2024-03-222-37/+2
| | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v4.0.1 Update TRUSTED_APP interpretation to look for known fields; In auditd plugins, allow variable amount of arguments; Fix augenrules to work correctly when kernel is in immutable mode; Add audisp-filter plugin; Improve sorting speed of aureport --summary reports; Auditd & audit-rules.service pick up paths automatically. * Drop backport patch. * Specify runstatedir. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.1.2 -> 4.0Yi Zhao2024-02-266-157/+165
| | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v4.0 Major changes: Separate loading rules and logging events into separate services, audit-rules.service and auditd.service. Drop support for python2 and SysVinit. The auvirt and autrace programs have been dropped. The syscall and interpretation tables have been updated for the 6.8 kernel. * Backport patch to fix build error with musl * Clean up configure options * Use its own systemd service files * Refresh patches * Fix indentation Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: reenable python bindings and bring in distutils via setuptools ↵Alexander Kanavin2024-01-011-2/+2
| | | | | | | (needed with python 3.12) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: disable python bindings as incompatible with python 3.12Alexander Kanavin2023-12-311-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.1.1 -> 3.1.2Yi Zhao2023-09-103-18/+24
| | | | | | | | | | Changelog: https://github.com/linux-audit/audit-userspace/releases/tag/v3.1.2 Refresh local patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 5 (26%) meta-xfce 6 (50%) meta-perl 15 (42%) meta-webserver 21 (36%) meta-gnome 25 (57%) meta-filesystems 26 (43%) meta-initramfs 45 (45%) meta-python 47 (55%) meta-multimedia 312 (63%) meta-networking 756 (61%) meta-oe Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.1 -> 3.1.1Wang Mingyu2023-05-081-1/+1
| | | | | | | | | | | | | Changelog: ========= - Add user friendly keywords for signals to auditctl - In ausearch, parse up URINGOP and DM_CTRL records - Harden auparse to better handle corrupt logs - Fix a CFLAGS propogation problem in the common directory - Move the audispd af_unix plugin to a standalone program Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: drop version 2.8.5Yi Zhao2023-03-055-405/+0
| | | | | | | | Removed version 2.8.5, as the 2.8 series is no longer maintained since 2020. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.9 -> 3.1Yi Zhao2023-03-051-4/+4
| | | | | | | | | | | | | | | | ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v3.1 Major features: Add new record types Add io_uring support Add support for new FANOTIFY record fields * Remove redundant python3native as it is already inherited by python3targetconfig * Fix indentation Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Inherit python3targetconfigKhem Raj2022-11-301-1/+1
| | | | | | | | | | | It uses python3-config during build to grok the python specific includedirs, therefore its important to ensure that target specific python3-config is used, otherwise currently it defaults to native python3-config which ends up adding native python3 include paths which might work out ok but is exposed when target is 32bit + lfs enabled, the headers don't match between native and target python Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.8 -> 3.0.9Wang Mingyu2022-11-281-1/+1
| | | | | | | | | | | | | | | Changelog: =========== In auditd, release the async flush lock on stop Don't allow auditd to log directly into /var/log when log_group is non-zero Cleanup krb5 memory leaks on error paths Update auditd.cron to use auditctl --signal In auparse, if too many fields, realloc array bigger (Paul Wolneykien) In auparse, special case kernel module name interpretation If overflow_action is ignore, don't treat as an error Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Fix compile error for audit_2.8.5Akash Hadke2022-10-213-2/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix below compile errors 1. Fix build with linux 5.17+ audit errors out due to swig munging it does with kernel headers | audit_wrap.c: In function '_wrap_audit_rule_data_buf_set': | audit_wrap.c:4701:17: error: cast specifies array type | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4701:15: error: invalid use of flexible array member | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4703:15: error: invalid use of flexible array member | 4703 | arg1->buf = 0; | | ^ These errors are due to VLAIS from kernel headers, so we copy linux/audit.h and make the needed change in local audit.h and make needed arrangements in build to use it when building audit package Take reference of upstream commit ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+ Update 0002-Fixed-swig-host-contamination-issue.patch 2. Fix ipx.h missing file bug for kernel 5.15 ipx.h header file is removed in kernel 5.15 Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/net?id=6c9b40844751ea30c72f7a2f92f4d704bc6b2927 which is causing below error for system with kernel equal and higher than 5.15 | ../../git/auparse/interpret.c:48:10: fatal error: linux/ipx.h: No such file or directory | 48 | #include <linux/ipx.h> | | ^~~~~~~~~~~~~ Add below patch to fix this issue. 0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch Link: https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c Signed-off-by: Akash Hadke <akash.hadke@kpit.com> Signed-off-by: Akash Hadke <hadkeakash4@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Revert the tweak done in configure step in do_installKhem Raj2022-08-171-0/+2
| | | | | | | | | This tweak is needed for building audit but not the interfaces it may expose via the headers, therefore undo the tweak before packaging things up Reported-By: Scott Murray <scott.murray@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Fix build with muslKhem Raj2022-08-102-0/+35
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Upgrade to 3.0.8 and fix build with linux 5.17+Khem Raj2022-08-082-11/+9
| | | | | | | | | | | | | | | | | | | | | | audit errors out due to swig munging it does with kernel headers | audit_wrap.c: In function '_wrap_audit_rule_data_buf_set': | audit_wrap.c:4701:17: error: cast specifies array type | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4701:15: error: invalid use of flexible array member | 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); | | ^ | audit_wrap.c:4703:15: error: invalid use of flexible array member | 4703 | arg1->buf = 0; | | ^ These errors are due to VLAIS from kernel headers, so we copy linux/audit.h and make the needed change in local audit.h and make needed arrangements in build to use it when building audit package Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
* audit: Upgrade 3.0.6 -> 3.0.7Alex Kiernan2022-04-181-2/+1
| | | | | | | | Dependency on bash has been removed upstream. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Alex Kiernan <alexk@zuma.ai> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-042-2/+2
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update SRC_URI branch and protocolsRichard Purdie2021-11-032-2/+2
| | | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.5 -> 3.0.6Yi Zhao2021-10-191-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.4 -> 3.0.5Yi Zhao2021-08-192-134/+1
| | | | | | | Drop backported patch. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.3 -> 3.0.4Yi Zhao2021-08-112-1/+134
| | | | | | | Backport a patch to fix the wrong account associations issue. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: fix compile error for 2.8.5Yi Zhao2021-08-064-19/+110
| | | | | | | | | | | | | | * Backport a patch to fix the compile error * Refresh the patches to fix the patch-fuzz warning. * Minor tweaks to the recipe with reference to the 3.0 bb file. Fixes: tmp/work/core2-64-poky-linux/audit/2.8.5-r0/recipe-sysroot-native/usr/bin/x86_64-poky-linux/../../libexec/x86_64-poky-linux/gcc/x86_64-poky-linux/11.1.1/ld: ausearch-checkpt.o:/usr/src/debug/audit/2.8.5-r0/build/src/../../git/src/ausearch-common.h:53: multiple definition of `event_node_list'; ausearch.o:/usr/src/debug/audit/2.8.5-r0/build/src/../../git/src/ausearch-common.h:53: first defined here Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-032-24/+24
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* audit: upgrade 3.0.2 -> 3.0.3Yi Zhao2021-08-031-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.1 -> 3.0.2Yi Zhao2021-07-081-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: migrate from meta-selinuxArmin Kuster2021-05-127-0/+586
Move audit to a more common layer to simplify integration. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-10 13:22:53 +0000