summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* sssd: CVE-2022-4254 libsss_certmap fails to sanitise certificate data used ↵dunfellHitendra Prajapati2023-03-233-0/+1172
| | | | | | | | | in LDAP filters Upstream-Status: Backport from https://github.com/SSSD/sssd/commit/1c40208aa1e0f9a17cc4f336c99bcaa6977592d3 & https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: disable DB creation.Armin Kuster2022-03-271-2/+2
| | | | | | | The DB is no longer available, so disable it. remove from pkg group Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: re-package to fix QA issuesJeremy A. Puhlman2021-11-181-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It packages all file in ${libdir} to package sssd, including the .so symlink files. Then it causes QA issues: | ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps] | ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps] So re-package sssd then the .so symlink files and .pc files are packaged to sssd-dev which should be. File ${libdir}/libsss_sudo.so is not a symlink file but packaged to sssd-dev too. Then causes another QA issue: | ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue: -dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf] So create a new sub-package libsss-sudo to package file libsss_sudo.so and make sssd rdepends on it. JP: Update for version differences. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit e81c15f851ca5396c78c8737967ee38db0ebe0cd) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: remove clamav from musl imageArmin Kuster2020-10-161-0/+1
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 496a734c14fc72250979a4e7eb69c5d541ffd870)
* packagegroup-core-security: dont include suricata on riscv or ppcArmin Kuster2020-10-161-1/+1
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit caf76696e8669ee48339c13f01042da9e52515ae)
* sssd: Make manpages buildableJonatan Pålsson2020-10-162-1/+37
| | | | | | | | Some XML related fixes are needed to make the sssd manpages buildable Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 5efa53b2b2bab6f2d8589624c1700d1e66f29683)
* sssd: disable build secretsKai Kang2020-10-161-4/+3
| | | | | | | | | | | | | | | | | | | | It requires http_parser.h to build secrets: | configure: error: | You must have the header file http_parser.h installed to build sssd | with secrets responder. If you want to build sssd without secret responder | then specify --without-secrets when running configure. The header file is from package http-parser[1] rather than apache2. But there is no recipe http-parser in openembedded. So disable build secrets for sssd and remove related systemd service and socket files. Reference: 1. https://github.com/nodejs/http-parser Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 7831969f8caa399d88d49833800fafe7324b8a59)
* packagegroup-core-security: remove libseccomp for riscv*Armin Kuster2020-10-161-1/+1
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 29f47b44852122c5618e30037710dde009146eb5)
* libsecomp: rv32/rv64 target builds are not supported yetArmin Kuster2020-10-161-0/+3
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit b5a5cbe1f511468af0b0673f88c83c3dd1c77da3)
* packagegroup-core-security: remove clamav for riscv*Armin Kuster2020-10-161-3/+1
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 98ff502d4096331e2b8a8e4044860b23bf6f8ea5)
* packagegroup-core-security-ptest: update fail2ban ptest pkg nameArmin Kuster2020-10-161-1/+1
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit a2a102b2de68f31df5a3b46665c8afb2d28c0219)
* bastille: Deleted redundant inherit to fix error when enable multilib.Zheng Ruoqin2020-07-141-2/+0
| | | | | | | | There is no need to inherit module-base. Because this inherit will stop bastille to build to lib32-bastille. Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add infopipe PACKAGECONFIGJonatan Pålsson2020-03-271-2/+3
| | | | | | | | | | | infopipe was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-infopipe is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add missing DEPENDS on janssonJonatan Pålsson2020-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | When building with the curl PACKAGECONFIG, sssd will depend on the jansson library. Fixes the following error: | checking for JANSSON... no | checking jansson.h usability... no | checking jansson.h presence... no | checking for jansson.h... no | configure: error: | You must have the header file jansson.h installed to build sssd | with secrets and KCM responder. If you want to build sssd without these | responders then specify --without-secrets --without-kcm when running configure. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add missing files to SYSTEMD_SERVICEJonatan Pålsson2020-03-271-0/+2
| | | | | | | | | | | | | | | | These files are installed when the ssh or curl PACKAGECONFIGs are enabled. Fixes the following error: ERROR: sssd-1.16.4-r0 do_package: QA Issue: sssd: Files/directories were installed but not shipped in any package: /lib/systemd/system/sssd-kcm.socket /lib/systemd/system/sssd-kcm.service /lib/systemd/system/sssd-ssh.socket /lib/systemd/system/sssd-ssh.service Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add sudo PACKAGECONFIGJonatan Pålsson2020-03-271-3/+3
| | | | | | | | | | | sudo was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-sudo is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add autofs PACKAGECONFIGJonatan Pålsson2020-03-271-3/+3
| | | | | | | | | | | autofs was previously on by default, so add it to the default PACKAGECONFIG. The systemd files are only installed when --with-autofs is passed to configure, so conditionally add them to SYSTEMD_SERVICE. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Sort PACKAGECONFIG entriesJonatan Pålsson2020-03-271-9/+9
| | | | | Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* buck-security: move to recipes-scannersArmin Kuster2020-03-271-45/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksecurity: move to recipes-scannersArmin Kuster2020-03-273-96/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksec: move to recipe-scannersArmin Kuster2020-03-271-19/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: move to recipes-scannersArmin Kuster2020-03-279-1540/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fail2ban: change hardcoded sysklogd to VIRTUAL-RUNTIME_base-utils-syslogArmin Kuster2020-03-271-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: update to 2.4.3Armin Kuster2020-03-082-47/+1
| | | | | | dropped patch now included in update Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: python2 not supportedArmin Kuster2020-03-081-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: DEPEND on nss if nothing else is chosenJonatan Pålsson2020-03-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | sssd will attempt to build against nss if no crypto is selected. If a bbappend sets PACKAGECONFIG = <list without nss or crypto>, the appropriate DEPEND is not established. Fixes the following configure error: ... snip ... | checking for NSS... configure: error: Package requirements (nss) were not met: | | No package 'nss' found | | Consider adjusting the PKG_CONFIG_PATH environment variable if you | installed software in a non-standard prefix. | | Alternatively, you may set the environment variables NSS_CFLAGS | and NSS_LIBS to avoid the need to call pkg-config. | See the pkg-config man page for more details. | | WARNING: exit code 1 from a shell command. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Fix typo in PACKAGECONFIG. cyrpto -> cryptoJonatan Pålsson2020-03-081-1/+1
| | | | | Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Add PACKAGECONFIG for python2Jonatan Pålsson2020-03-081-0/+1
| | | | | | | | | | | | | | | | | Fixes the following build error: .. snip .. | checking for python2... no | checking for python3... (cached) python3.8 | configure: error: | The program python2 was not found in search path. | Please ensure that it is installed and its directory is included in the search | path. It is required for building python2 bindings. If you do not want to build | them please use argument --without-python2-bindings when running configure. | WARNING: exit code 1 from a shell command. Signed-off-by: Jonatan Pålsson <jonatan.p@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: fix for ldblibdir and systemd etcKai Kang2020-03-053-7/+62
| | | | | | | | | | | | | Fix sssd issue for ldblibdir, systemd, pam etc. * fix ldblibdir which is not calculated right for cross compile * create directory /var/log/sssd which is required by sssd daemon * disable building python2 binding * fix pam module path * update systemd configure options and service files Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* secuirty*-image: remove dead var and minor cleanupArmin Kuster2020-03-012-4/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav-native: missed bison fixArmin Kuster2020-03-011-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: add bison-native to dependArmin Kuster2020-03-011-1/+1
| | | | | | | fixes build issue: clamav/0.101.5-r0/git/config/ylwrap: line 176: yacc: command not found Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: install module in pam locationArmin Kuster2020-02-161-1/+4
| | | | | | | pam_google_authenticator.so was being installed where pam could not find it. Move it where the rest of the pam modules site. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: add 2-3 conversion changesArmin Kuster2020-02-163-2/+2530
| | | | | | | Had to use the fail2ban-2.3 program to create py3 code Add it as a patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bastille: convert to py3Armin Kuster2020-02-101-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ecryptfs-utils: search nspr header files in ${STAGING_INCDIR}/nspr directoryArmin Kuster2020-02-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* buck-security: fix rdebends and minor style cleanupArmin Kuster2020-01-281-34/+16
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksecurity: fix runtime issuesArmin Kuster2020-01-281-1/+1
| | | | | | add some missing perl modules Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: upgrade 1.07 -> 1.08Pierre-Jean Texier via Lists.Yoctoproject.Org2020-01-281-1/+1
| | | | | | | See changelog: https://github.com/google/google-authenticator-libpam/releases/tag/1.08 Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: update to latestArmin Kuster2020-01-211-12/+10
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: drop py2 supportArmin Kuster2020-01-211-4/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fail2ban: fix runtime errorArmin Kuster2020-01-051-4/+4
| | | | | | use success/failure calls in initd/function Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update to 0.101.5Armin Kuster2020-01-031-39/+24
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: update to 1.07Armin Kuster2019-12-251-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: include python-fail2ban.incArmin Kuster2019-12-251-4/+47
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python-fail2ban: Drop python2 packageArmin Kuster2019-12-252-53/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: upgrade 2.4.1 -> 2.4.2Yi Zhao2019-12-162-1/+47
| | | | | | | Backport a patch to fix ptest build failure on arm64. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta: inherit features_check instead of distro_features_checkMing Liu2019-11-273-3/+3
| | | | | | | distro_features_check has been deprecated in OE. Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: add tmpfiles.d configChristopher Larson2019-11-272-1/+10
| | | | | | | | This is needed to ensure freshclam's /var/log directory and file are created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* checksecurity: use more portable find argsChristopher Larson2019-11-272-1/+25
| | | | | Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 05:42:04 +0000