| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Add patch to fix core dumped error when using "nmap -sO"
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6a5b26d467c692c3537aaebf9bd088736dc93dc4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e68145b00260fc380242cd67579068427e501c10)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently softhsm will try to access deleted obejcts due to the order of
atexit handler implementations. Add a patch which adds a global variable
to track whether objects are deleted and prevents access if this is the
case.
This fixes a failure with the signing.bbclass where when signing
multiple fitimage configurations the second signing operation will lead
to a segfault.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Provides needed atomic intrinsics that compiler needs.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* switched to libpcre2 in:
https://github.com/nmap/nmap/commit/828ab48764b82d0226e860c73c5dac5b11f77385
* in builds hwere libpcre2 isn't pulled by some other dependency it was failing with:
| service_scan.h:74:10: fatal error: pcre2.h: No such file or directory | 74 | #include <pcre2.h> | | ^~~~~~~~~|
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
License-Update: Use full file for checksum ( COPYING -> LICENSE )
Use system libpcre
Drop py3 support patches, its default now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
- Fix musl C builds
- Many code cleanups
- Use atomic variables if available for signal related flags
- Dont rotate audit logs when auditd is in debug mode
- Fix a couple memory leaks on error paths
- Correct output when displaying rules with exe/path/dir
- Fix auparse lookup test to not use the system libaupaurse
- Improve auparse metrics
- Update auparse normalizer for recent syscalls
- Make status report uniform
Drop 0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch as
the issue has been fixed upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Drop patch 0001-include-missing-cstdint.patch because it was merged
upstream. See this commit in usbguard:
* 22b1e08 Fix build for GCC 13 + make GitHub Actions cover build with GCC 13 (#586)
Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Fix a double-close on error reading from --args, --seccomp or --add-seccomp-fd argument
- Improve memory allocation behaviour
- Silence various compiler warnings
- Silence an Automake warning
- Fix a test failure when running as uid 0 in a container
- Fix a test failure when /mnt is a symlink
- Fix a test failure on NixOS
- Add --argv0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The following paths have been replaced with PYTHON_SITEPACKAGES_DIR:
- "${libdir}/${PYTHON_DIR}/site-packages"
- "${libdir}/python${PYTHON_BASEVERSION}/site-packages"
- "${libdir}/python*/site-packages"
- "${libdir}/python3.*/site-packages"
Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/linux-audit/audit-userspace/releases/tag/v4.0.1
Update TRUSTED_APP interpretation to look for known fields;
In auditd plugins, allow variable amount of arguments;
Fix augenrules to work correctly when kernel is in immutable mode;
Add audisp-filter plugin;
Improve sorting speed of aureport --summary reports;
Auditd & audit-rules.service pick up paths automatically.
* Drop backport patch.
* Specify runstatedir.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/linux-audit/audit-userspace/releases/tag/v4.0
Major changes:
Separate loading rules and logging events into separate services,
audit-rules.service and auditd.service.
Drop support for python2 and SysVinit.
The auvirt and autrace programs have been dropped.
The syscall and interpretation tables have been updated for the 6.8
kernel.
* Backport patch to fix build error with musl
* Clean up configure options
* Use its own systemd service files
* Refresh patches
* Fix indentation
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Edited Message Follows]
[Reason: include softhsm2.module only in FILES if pk11 is set in PACKAGECONFIG]
From 216dba6552f2b3a65c3fc9b586736d93132a0166 Mon Sep 17 00:00:00 2001
From: "Gassner, Tobias.ext" <tobias.gassner.ext@karlstorz.com>
Date: Thu, 18 Jan 2024 12:50:22 +0100
Subject: [PATCH] softhsm_2.6.1.bb fixing p11-kit module path, adding
softhsm2.module to FILES
In order for the softhsm module to be discoverable by p11-kit proxy the
softhsm2.module file must be deployed to ${datadir}/p11-kit/modules.
This was previously not the case. Also the p11-kit module path
(--with-p11-kit) seemed to point to the wrong directory and had a syntax
error (two == instead one =).
Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
(needed with python 3.12)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
In 7.80 this requires distutils (no longer provided in python 3.12).
This may be resolved in newer nmap versions, so if you care about it
please provide a version update: https://nmap.org/dist/
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
https://github.com/linux-audit/audit-userspace/releases/tag/v3.1.2
Refresh local patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
makefile-add-ldflags.patch
refreshed for 2.0.3
Changelog:
===========
-Added pkg-config file.
-Changed enforce=users to support "chpasswd" PAM service in addition to
traditionally supported "passwd".
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Add missing RDEPENDS for this package.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
- Add user friendly keywords for signals to auditctl
- In ausearch, parse up URINGOP and DM_CTRL records
- Harden auparse to better handle corrupt logs
- Fix a CFLAGS propogation problem in the common directory
- Move the audispd af_unix plugin to a standalone program
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Removed version 2.8.5, as the 2.8 series is no longer maintained since
2020.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/linux-audit/audit-userspace/releases/tag/v3.1
Major features:
Add new record types
Add io_uring support
Add support for new FANOTIFY record fields
* Remove redundant python3native as it is already inherited by
python3targetconfig
* Fix indentation
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We already depend on sqlite, but the objectstore backend using it is not
enabled by default. Add the necessary configure option.
The db backend is more robust when accessing the objectstore from many
parallel processes (such as during kernel module signing).
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
SoftHSMv2 actually only uses the sqlite library. With the check for the
sqlite3 binary, building with the DB backend would mean depending on
sqlite-native.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move SRC_URI to git as there's no tarball for 1.6.3. Fix failing tests
when busybox is providing `head`. Pull in reproducibility fix from Arch
Linux. Remove autoconf inherit as this is a simple Makefile package. Add
manpages support via inherit so man-db is updated. Add missing ptest
dependencies.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Using `DEPENDS = "pegtl"` with `--with-bundled-pegtl` doesn't make
sense, so drop the DEPENDS.
Also add github-releases checking for newer versions.
Drop redundant setting of `S` to the default.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
All the ptest cases are failed since error "+++ Can't Determine Endianness",
update the regex for matching the endianness to fix this issue.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It uses python3-config during build to grok the python specific
includedirs, therefore its important to ensure that target specific
python3-config is used, otherwise currently it defaults to native
python3-config which ends up adding native python3 include paths
which might work out ok but is exposed when target is 32bit + lfs
enabled, the headers don't match between native and target python
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
In auditd, release the async flush lock on stop
Don't allow auditd to log directly into /var/log when log_group is non-zero
Cleanup krb5 memory leaks on error paths
Update auditd.cron to use auditctl --signal
In auparse, if too many fields, realloc array bigger (Paul Wolneykien)
In auparse, special case kernel module name interpretation
If overflow_action is ignore, don't treat as an error
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix below compile errors
1. Fix build with linux 5.17+
audit errors out due to swig munging it does with kernel headers
| audit_wrap.c: In function '_wrap_audit_rule_data_buf_set':
| audit_wrap.c:4701:17: error: cast specifies array type
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4701:15: error: invalid use of flexible array member
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4703:15: error: invalid use of flexible array member
| 4703 | arg1->buf = 0;
| | ^
These errors are due to VLAIS from kernel headers, so we copy
linux/audit.h and make the needed change in local audit.h and make
needed arrangements in build to use it when building audit package
Take reference of upstream commit
ee3c680c3 audit: Upgrade to 3.0.8 and fix build with linux 5.17+
Update 0002-Fixed-swig-host-contamination-issue.patch
2. Fix ipx.h missing file bug for kernel 5.15
ipx.h header file is removed in kernel 5.15
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/net?id=6c9b40844751ea30c72f7a2f92f4d704bc6b2927
which is causing below error for system with kernel equal and
higher than 5.15
| ../../git/auparse/interpret.c:48:10: fatal error: linux/ipx.h: No such file or directory
| 48 | #include <linux/ipx.h>
| | ^~~~~~~~~~~~~
Add below patch to fix this issue.
0001-Make-IPX-packet-interpretation-dependent-on-the-ipx-header.patch
Link: https://github.com/linux-audit/audit-userspace/commit/6b09724c69d91668418ddb3af00da6db6755208c
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Akash Hadke <hadkeakash4@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The actual file name is now libpasswdqc.so.1 instead of libpasswdqc.so.0.
This fixes the following error when installing passwdqc:
nothing provides libpasswdqc needed by passwdqc-2.0.2-r0
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: install-dependencies.sh and run-build-and-tests.sh are
mentioned under GPL-2.0 but they are not included in release tarball
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This tweak is needed for building audit but not the interfaces it may
expose via the headers, therefore undo the tweak before packaging things
up
Reported-By: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
audit errors out due to swig munging it does with kernel headers
| audit_wrap.c: In function '_wrap_audit_rule_data_buf_set':
| audit_wrap.c:4701:17: error: cast specifies array type
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4701:15: error: invalid use of flexible array member
| 4701 | arg1->buf = (char [])(char *)memcpy(malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
| | ^
| audit_wrap.c:4703:15: error: invalid use of flexible array member
| 4703 | arg1->buf = 0;
| | ^
These errors are due to VLAIS from kernel headers, so we copy
linux/audit.h and make the needed change in local audit.h and make
needed arrangements in build to use it when building audit package
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
default SBINDIR is hardcoded to /sbin which does not work when using
usrmerge
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Dependency on bash has been removed upstream.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
