summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* kernel-hardening-checker: Set recipe as machine specificChris Paterson2025-06-201-0/+2
| | | | | | | | | | | | | | | | | | This fixes an issue where running the test_machine_signatures yocto-layer-check tst case fails when using a BSP layer that depends on meta-oe. e.g. bitbake-diffsigs -t kernel-hardening-checker do_create_package_spdx -s 6397093de4edf0eb568d56526704b178944f788bf0d0bdc8f6ce1b181ee00baa 8adadf9e2c0461de5c377b9a0590f6c05b03ff8c1b8eb89fff94e5c3235a0c9a Hash for task dependency linux-cip:do_create_spdx changed from 4db4e1b424d7969ba80c8e03450ec70e88bab266b1e43054381ab1c572cf580a to bfebcc3195aa0106630e2d3cf7fc8335df8768ad059143d54f715b399eea8b69 Hash for task dependency linux-cip:do_collect_spdx_deps changed from ae22171bab2f456b4743fb0ca05de91a16b65fe6bbddd4cb97d2ed04e5d4f651 to e43ed3f2cee8198d91535ce38057d996cdb8e72c10d7509c2542e6676782ebdc Hash for task dependency linux-cip:do_unpack changed from 6cf2e7fd1e1d67578f6bed761378953f91a8a58df0107698cc259c1989674da1 to 5d98fa31606f06f0e4416f9df82f97fdc6f63799b65486912dc4a3fc7f871f3c basehash changed from 556fad4e4426a9390de6ccdcc631aeb35d391ccc9676f6a4810237e2f501cf85 to 72beced62420cc92f276f8a31cd4de3d6f9e3877b14fff9d82ff7d863855b7da Variable MACHINE value changed from 'hihope-rzg2h' to 'hihope-rzg2m' Link: https://lists.openembedded.org/g/openembedded-devel/topic/issue_meta_oe_walnascar/113168928 Signed-off-by: Chris Paterson <chris.paterson2@renesas.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* spectre-meltdown-checker: Set recipe as machine specificChris Paterson2025-06-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This fixes an issue where running the test_machine_signatures yocto-layer-check tst case fails when using a BSP layer that depends on meta-oe. e.g. bitbake-diffsigs -t spectre-meltdown-checker do_package_write_rpm -s 3efb5226ab4e83ef90cf33f0a474314d345c675707b3476dde1d3c42f79cc3d0 e268e68c02265542bf80fd51f8c4f26f63b668746639826fbdb870d91e2ba2fd Hash for task dependency linux-cip:do_packagedata changed from 7feeecd5cbda152da452be41a8b0babe91e48f3097c4e5bb33f6dc426dd203e3 to f466574a3f8a32b23393fe4154b4fb6d172bb75d82ea5424405386d00c30b57d Hash for task dependency linux-cip:do_package changed from 2281027d1d4da253d371c2c0aebb829aa262b9b2a563247a3bd95621621abdb6 to a8d245eb965ab2f20b4a9d620e5c3af1e4437a5e08665b05f5c52706454642eb Hash for task dependency linux-cip:do_install changed from 75e91702bbcdd891ada3b08d884f6842fa94c01dcb52917dc0d0e85239799569 to 2cb117e47f68e5e1ba21b19934e1be2a14501d9ec72e0565f409dbbdd024ff24 Hash for task dependency linux-cip:do_compile changed from 015e60756358bf4b46b1c2570d70c334285b38c54d8c515c1fd301044a73e123 to ce97c36a37c0438254ad429e9c53a7520abade5e513180bc52850b683de4df5c Hash for task dependency linux-cip:do_configure changed from 188050940f59e4ec4a20bea82f6a9b8261126e716fec07bacbeadbb9f5989882 to 111fa8c18085e992ce52a0bb1ee53276e36720092288dead4f70cf3a64f8fb05 Hash for task dependency linux-cip:do_deploy_source_date_epoch changed from 5e39db86fcde43fb0d0afd08e2d22c4c2e6b2fbf1e2e9017f1cc6f541c6798b0 to f621317487884d32348672899270c7841f7d4739140e35eb09d2378fccd90213 Hash for task dependency linux-cip:do_patch changed from a8da5639ab6a39a57122a59758aad964d199a10ce0ae5a3e36f17e6830ee3f97 to 77fbb8bbb5e3c0141b731b3afc001370f28ba796f09b6361de04c93ec2f165b9 Hash for task dependency linux-cip:do_kernel_metadata changed from 0099cc1d4d35547ff1e4b1d448934304c1708ecfc42abaf38de23abdaf986310 to 08b1d5c2fe80e6a074b8ac8a27370caf0f8713eae85ca0d861140d28e443c59c Hash for task dependency linux-cip:do_kernel_checkout changed from aa1bb0aeef7b4aa5ec2d01d3a99d7addd3a262b496962c9bfea9345bbccfac1e to ffb0021b913cdad6ab0bdd7e7a51c49c4afbc24087d4b410aa097faa73bf2e8b Hash for task dependency linux-cip:do_symlink_kernsrc changed from 14695f6b8d892af536305c58a130d67fdca751a0dabeba2edf708787d067c8ba to 9d9d7511d5feed853c5e450dd93994e0f0b263c9e6d5d389e8c85471696e5df2 Hash for task dependency linux-cip:do_unpack changed from 6cf2e7fd1e1d67578f6bed761378953f91a8a58df0107698cc259c1989674da1 to 5d98fa31606f06f0e4416f9df82f97fdc6f63799b65486912dc4a3fc7f871f3c basehash changed from 556fad4e4426a9390de6ccdcc631aeb35d391ccc9676f6a4810237e2f501cf85 to 72beced62420cc92f276f8a31cd4de3d6f9e3877b14fff9d82ff7d863855b7da Variable MACHINE value changed from 'hihope-rzg2h' to 'hihope-rzg2m' Link: https://lists.openembedded.org/g/openembedded-devel/topic/issue_meta_oe_walnascar/113168928 Signed-off-by: Chris Paterson <chris.paterson2@renesas.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bubblewrap: fix error with gcc-15mark.yang2025-04-082-1/+637
| | | | | | | | | | | | | | | | | | * backport fix from: https://github.com/containers/bubblewrap/pull/660 But patch rework for this version. In gcc 15, bool became a reserved keyword in C23, causing conflicts with our custom bool definition. See also, https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=55e3bd376b2214e200fa76d12b67ff259b06c212 * to fix: http://errors.yoctoproject.org/Errors/Details/851183/ ../bubblewrap-0.10.0/utils.h:46:13: error: 'bool' cannot be defined via 'typedef' 46 | typedef int bool; | ^~~~ Signed-off-by: mark.yang <mark.yang@lge.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: Patch for protobuf 30.0 API changesKhem Raj2025-03-132-1/+92
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: remove empty directoryYi Zhao2025-02-241-0/+3
| | | | | | | | | | | | Remove empty directory when enable multilib. Fixes: ERROR: audit-4.0.3-r0 do_package: QA Issue: audit: Files/directories were installed but not shipped in any package: /usr/lib Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nmap: add missing dependencyGyorgy Sarvari2025-02-151-1/+1
| | | | | | | | | | | | | Building with ndiff PACKAGECONFIG failed with the following error: | File "/yocto/sandbox/build/tmp/work/cortexa53-poky-linux/nmap/7.95/nmap-7.95/ndiff/setup.py", line 11, in <module> | import setuptools.command.install | ModuleNotFoundError: No module named 'setuptools' Fix it by adding the missing dependency. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nmap: fix racing issue at do_compileHongxu Jia2025-02-122-0/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are two build-lua rules, one in Makefile.in, another in ncat/Makefile.in which is required by build-ncat Build them may cause potential racing $ bitbake lib32-nmap $ grep -e "Compiling liblua" -e 'nmap-7.95/liblua' -e ": error" -n patch-to/temp/log.do_compile Compiling liblua make[1]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' Compiling liblua make[2]: Entering directory 'path-to/build/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/recipe-sysroot-native/usr/bin/i686-wrsmllib32-linux/../../libexec/i686-wrsmllib32-linux/gcc/i686-wrsmllib32-linux/14.2.0/ld: ./../liblua/liblua.a: error adding symbols: no more archived files collect2: error: ld returned 1 exit status make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' Explicitly make build-ncat depends on build-lua to avoid racing, after applying the patch ... Compiling liblua make[1]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' make[1]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' Compiling liblua make[2]: Entering directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' make[2]: Leaving directory 'path-to/tmp/work/corei7-32-wrsmllib32-linux/lib32-nmap/7.95/nmap-7.95/liblua' ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spectre-meltdown-checker: fix script nameMartin Jansa2025-02-061-1/+1
| | | | | | | | multilib builds fail with: install: cannot stat 'lib32-spectre-meltdown-checker/0.46/sources-unpack/git/lib32-spectre-meltdown-checker.sh': No such file or directory Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0.2 -> 4.0.3Yi Zhao2025-01-262-12/+7
| | | | | | | | | | | | | | | | | | | | | | | ChangeLog: - Remove a RHEL4 flag table since it's been unsupported for a while - Change dependency from Requires to Wants for audit-rules.service - Disable ProtectKernelModules by default in auditd.service - Skip plugin configs that do not have .conf suffix - audisp-filter: iterate records correctly when forwarding - Update syscall table for missing syscalls - Modify ausearch checkpoint code to address 64 inode and device numbers - Fix potential segfault interpreting relative paths - Add audit_set_enabled & audit_is_enabled back to the libaudit python bindings - Log runlevel changes to console during boot - Add audit-tmpfiles.conf to ensure /var/log/audit exists - Propagate event format to the audisp-af_unix plugin - Add support for RISC-V - riscv32, riscv64 * Enable riscv support * Use its own volatile file for systemd. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* spectre-meltdown-checker: New recipe to check hardware vulnerabilityJörg Sommer2025-01-131-0/+35
| | | | | Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* kernel-hardening-checker: New recipe to check security optionsJörg Sommer2025-01-061-0/+33
| | | | | Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nmap: Fix off-by-one overflow in the IP protocol table.Wang Mingyu2024-10-142-0/+166
| | | | | | | Add patch to fix core dumped error when using "nmap -sO" Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: fix build when systemd is enabled.Armin Kuster2024-10-131-0/+6
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm: add destroyed global access prevention patchRouven Czerwinski2024-09-272-0/+673
| | | | | | | | | | | | | | Currently softhsm will try to access deleted obejcts due to the order of atexit handler implementations. Add a patch which adds a global variable to track whether objects are deleted and prevents access if this is the case. This fixes a failure with the signing.bbclass where when signing multiple fitimage configurations the second signing operation will lead to a segfault. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: Fix CVE_PRODUCTShinji Matsunaga2024-09-241-0/+2
| | | | | | | | | | | | | | Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux". Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft", which are unrelated to the "audit" in this recipe. https://www.opencve.io/cve?vendor=visionsoft&product=audit In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux". Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit". Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: Link with libatomic on rv32Khem Raj2024-09-171-0/+2
| | | | | | Provides needed atomic intrinsics that compiler needs. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nmap: depend on libpcre2 not libpcreMartin Jansa2024-09-101-1/+1
| | | | | | | | | | | * switched to libpcre2 in: https://github.com/nmap/nmap/commit/828ab48764b82d0226e860c73c5dac5b11f77385 * in builds hwere libpcre2 isn't pulled by some other dependency it was failing with: | service_scan.h:74:10: fatal error: pcre2.h: No such file or directory | 74 | #include <pcre2.h> | | ^~~~~~~~~| Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nmap: Upgrade to 7.95Khem Raj2024-09-045-1811/+6
| | | | | | | | | License-Update: Use full file for checksum ( COPYING -> LICENSE ) Use system libpcre Drop py3 support patches, its default now Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bubblewrap: update 0.9.0 -> 0.10.0Markus Volk2024-08-211-1/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0.1 -> 4.0.2Yi Zhao2024-08-142-52/+1
| | | | | | | | | | | | | | | | | | | | ChangeLog: - Fix musl C builds - Many code cleanups - Use atomic variables if available for signal related flags - Dont rotate audit logs when auditd is in debug mode - Fix a couple memory leaks on error paths - Correct output when displaying rules with exe/path/dir - Fix auparse lookup test to not use the system libaupaurse - Improve auparse metrics - Update auparse normalizer for recent syscalls - Make status report uniform Drop 0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch as the issue has been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: upgrade 1.1.2 -> 1.1.3Christophe Vu-Brugier2024-06-112-47/+1
| | | | | | | | | | Drop patch 0001-include-missing-cstdint.patch because it was merged upstream. See this commit in usbguard: * 22b1e08 Fix build for GCC 13 + make GitHub Actions cover build with GCC 13 (#586) Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bubblewrap: upgrade 0.8.0 -> 0.9.0Wang Mingyu2024-06-071-1/+1
| | | | | | | | | | | | | | | | Changelog: =========== - Fix a double-close on error reading from --args, --seccomp or --add-seccomp-fd argument - Improve memory allocation behaviour - Silence various compiler warnings - Silence an Automake warning - Fix a test failure when running as uid 0 in a container - Fix a test failure when /mnt is a symlink - Fix a test failure on NixOS - Add --argv0 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Start WORKDIR -> UNPACKDIR transitionKhem Raj2024-05-231-2/+2
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Use PYTHON_SITEPACKAGES_DIR instead of hard-coded site-packages directory pathalperak2024-04-151-2/+2
| | | | | | | | | | | | The following paths have been replaced with PYTHON_SITEPACKAGES_DIR: - "${libdir}/${PYTHON_DIR}/site-packages" - "${libdir}/python${PYTHON_BASEVERSION}/site-packages" - "${libdir}/python*/site-packages" - "${libdir}/python3.*/site-packages" Signed-off-by: alperak <alperyasinak1@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 4.0 -> 4.0.1Yi Zhao2024-03-222-37/+2
| | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v4.0.1 Update TRUSTED_APP interpretation to look for known fields; In auditd plugins, allow variable amount of arguments; Fix augenrules to work correctly when kernel is in immutable mode; Add audisp-filter plugin; Improve sorting speed of aureport --summary reports; Auditd & audit-rules.service pick up paths automatically. * Drop backport patch. * Specify runstatedir. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keyutils: Add missing rdep for ptestsKhem Raj2024-03-011-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.1.2 -> 4.0Yi Zhao2024-02-266-157/+165
| | | | | | | | | | | | | | | | | | | | | ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v4.0 Major changes: Separate loading rules and logging events into separate services, audit-rules.service and auditd.service. Drop support for python2 and SysVinit. The auvirt and autrace programs have been dropped. The syscall and interpretation tables have been updated for the 6.8 kernel. * Backport patch to fix build error with musl * Clean up configure options * Use its own systemd service files * Refresh patches * Fix indentation Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILESGassner, Tobias.ext2024-01-201-1/+3
| | | | | | | | | | | | | | | | | | | | [Edited Message Follows] [Reason: include softhsm2.module only in FILES if pk11 is set in PACKAGECONFIG] From 216dba6552f2b3a65c3fc9b586736d93132a0166 Mon Sep 17 00:00:00 2001 From: "Gassner, Tobias.ext" <tobias.gassner.ext@karlstorz.com> Date: Thu, 18 Jan 2024 12:50:22 +0100 Subject: [PATCH] softhsm_2.6.1.bb fixing p11-kit module path, adding softhsm2.module to FILES In order for the softhsm module to be discoverable by p11-kit proxy the softhsm2.module file must be deployed to ${datadir}/p11-kit/modules. This was previously not the case. Also the p11-kit module path (--with-p11-kit) seemed to point to the wrong directory and had a syntax error (two == instead one =). Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: reenable python bindings and bring in distutils via setuptools ↵Alexander Kanavin2024-01-011-2/+2
| | | | | | | (needed with python 3.12) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* nmap: disable ndiffAlexander Kanavin2023-12-311-1/+1
| | | | | | | | | In 7.80 this requires distutils (no longer provided in python 3.12). This may be resolved in newer nmap versions, so if you care about it please provide a version update: https://nmap.org/dist/ Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: disable python bindings as incompatible with python 3.12Alexander Kanavin2023-12-311-1/+1
| | | | | Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tomoyo-tools: upgrade 2.5.0 -> 2.6.1Wang Mingyu2023-11-281-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: Enable seccomp if distro features have itKhem Raj2023-09-101-0/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.1.1 -> 3.1.2Yi Zhao2023-09-103-18/+24
| | | | | | | | | | Changelog: https://github.com/linux-audit/audit-userspace/releases/tag/v3.1.2 Refresh local patches. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* passwdqc: upgrade 2.0.2 -> 2.0.3Wang Mingyu2023-07-072-2/+13
| | | | | | | | | | | | | | makefile-add-ldflags.patch refreshed for 2.0.3 Changelog: =========== -Added pkg-config file. -Changed enforce=users to support "chpasswd" PAM service in addition to traditionally supported "passwd". Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-213-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 5 (26%) meta-xfce 6 (50%) meta-perl 15 (42%) meta-webserver 21 (36%) meta-gnome 25 (57%) meta-filesystems 26 (43%) meta-initramfs 45 (45%) meta-python 47 (55%) meta-multimedia 312 (63%) meta-networking 756 (61%) meta-oe Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-nmap: add missing run-time dependenciesBartosz Golaszewski2023-06-061-1/+5
| | | | | | | Add missing RDEPENDS for this package. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.1 -> 3.1.1Wang Mingyu2023-05-081-1/+1
| | | | | | | | | | | | | Changelog: ========= - Add user friendly keywords for signals to auditctl - In ausearch, parse up URINGOP and DM_CTRL records - Harden auparse to better handle corrupt logs - Fix a CFLAGS propogation problem in the common directory - Move the audispd af_unix plugin to a standalone program Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: drop version 2.8.5Yi Zhao2023-03-055-405/+0
| | | | | | | | Removed version 2.8.5, as the 2.8 series is no longer maintained since 2020. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* audit: upgrade 3.0.9 -> 3.1Yi Zhao2023-03-051-4/+4
| | | | | | | | | | | | | | | | ChangeLog: https://github.com/linux-audit/audit-userspace/releases/tag/v3.1 Major features: Add new record types Add io_uring support Add support for new FANOTIFY record fields * Remove redundant python3native as it is already inherited by python3targetconfig * Fix indentation Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bubblewrap: upgrade 0.7.0 -> 0.8.0Wang Mingyu2023-03-041-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm: enable objectstore backendJan Luebbe2023-02-011-0/+1
| | | | | | | | | | | We already depend on sqlite, but the objectstore backend using it is not enabled by default. Add the necessary configure option. The db backend is more robust when accessing the objectstore from many parallel processes (such as during kernel module signing). Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* softhsm: avoid unnecessary check for native sqlite binaryJan Luebbe2023-02-012-1/+43
| | | | | | | | | SoftHSMv2 actually only uses the sqlite library. With the check for the sqlite3 binary, building with the DB backend would mean depending on sqlite-native. Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keyutils: fix Upstream-Status formattingMartin Jansa2023-01-271-1/+1
| | | | | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: Fix build with gcc13Khem Raj2023-01-272-0/+46
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keyutils: Upgrade 1.6.1 -> 1.6.3Alex Kiernan2023-01-265-13/+139
| | | | | | | | | | | Move SRC_URI to git as there's no tarball for 1.6.3. Fix failing tests when busybox is providing `head`. Pull in reproducibility fix from Arch Linux. Remove autoconf inherit as this is a simple Makefile package. Add manpages support via inherit so man-db is updated. Add missing ptest dependencies. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: Upgrade 1.1.1 -> 1.1.2Alex Kiernan2023-01-061-1/+1
| | | | | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* usbguard: Remove pegtl from DEPENDSAlex Kiernan2023-01-061-3/+3
| | | | | | | | | | | | Using `DEPENDS = "pegtl"` with `--with-bundled-pegtl` doesn't make sense, so drop the DEPENDS. Also add github-releases checking for newer versions. Drop redundant setting of `S` to the default. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* bubblewrap: import recipe from meta-securityMarkus Volk2022-12-231-0/+24
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* keyutils: fix ptest failed since "+++ Can't Determine Endianness"Changqing Li2022-12-052-0/+36
| | | | | | | | All the ptest cases are failed since error "+++ Can't Determine Endianness", update the regex for matching the endianness to fix this issue. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 17:58:33 +0000