summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* sssd: Fix CVE-2023-3758Soumya Sambu2024-05-052-0/+222
| | | | | | | | | | | | | A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. References: https://nvd.nist.gov/vuln/detail/CVE-2023-3758 Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: add correct path to lib/privacyideaJeremy A. Puhlman2022-07-211-1/+1
| | | | | | | | | | | | Nothing in getting installed in ${datadir}/lib, it is all going to ${prefix}/lib. setuptools pulls in ${libdir}/* so for the base lib case of ${prefix}/lib the build works. If libdir is something else lib64 for example, its still ending up in ${prefix}/lib and it fails to build. Set value to correct path as it is being installed. Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
* libmhash: add multilib headerJeremy A. Puhlman2022-07-211-1/+5
| | | | Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
* sssd: ignore CVE-2018-16838Davide Gardenal2022-07-211-0/+4
| | | | | | | | CVE-2018-16838 is patched in our version of sssd but it doesn't have a vulnerable version range in the NVD database, that's why it needs to be ignored. Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
* fscrypt: add distro_check on pamArmin Kuster2022-05-231-5/+7
| | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 20c13f6335165d693f7f3270c829b3069dbbad66) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: update to SPDX standard namesJoe Slater2022-04-136-6/+6
| | | | | | | Use convert-spdx-licenses.py to update LICENSE in recipes. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscrypt: update dependecy from go-dep-native to go-nativeDavide Gardenal2022-04-071-1/+1
| | | | | Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix compile issue on some hostsArmin Kuster2022-04-021-0/+7
| | | | | | | | | | Use python3-native to use 2to3 Fix build issue on some hosts with this error: (result, consumed) = self._buffer_decode(data, self.errors, final) | UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd8 in position 152: invalid continuation byte Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: adopt SPDX standard namesRobert Yang2022-04-022-2/+2
| | | | | | | Modify LICENSE for ding-libs and libmhash. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security : Use SPDX style licensing formatAshish Sharma2022-04-024-4/+4
| | | | | | | | | | | | | | WARNING: selinux-sandbox-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-gui-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: semodule-utils-3.3-r0.1 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-dbus-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: libwhisker2-perl-2.5-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: lib-perl-0.63-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: libhtp-0.5.39-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: drop old package ref.Armin Kuster2022-03-131-1/+1
| | | | | | | | | meta-python dropped package via commit: 620689d4efba28bc8dd60e2d82908bfb3531fbd0 python3-backports-functional-lru-cache: remove, not needed for Python 3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3Ashish Sharma2022-03-111-1/+1
| | | | | | | | | | | raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.") pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename. Removed build tracker: '/tmp/pip-req-tracker-qnepnk46' ERROR: Failed to pip install wheel. Check the logs. Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix SPDX license.Armin Kuster2022-03-111-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: update to 3.6.2Armin Kuster2022-03-111-2/+2
| | | | | | Fix license. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: fix QA ERRORArmin Kuster2022-03-111-3/+1
| | | | | | | | | | ERROR: python3-privacyidea-3.5.2-r0 do_package: QA Issue: python3-privacyidea: Files/directories were installed but not shipped in any package: /usr/etc /usr/etc/privacyidea /usr/etc/privacyidea/dictionary /usr/etc/privacyidea/privacyideaapp.wsgi Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chipsec: fix WARNINGArmin Kuster2022-02-221-1/+1
| | | | | | distutils3.bbclass is deprecated, please use setuptools3.bbclass instead Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Use renamed SKIP_RECIPE varFlagArmin Kuster2022-02-222-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: update to 1.09Armin Kuster2022-01-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: update to tipArmin Kuster2021-12-251-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libest: does not build with openssl 3.xArmin Kuster2021-12-251-0/+3
| | | | | | blacklist for now. Remove from pkg grp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: remove /runArmin Kuster2021-11-071-1/+1
| | | | | | | | Fixes: ERROR: python3-fail2ban-0.11.2-r0 do_package_qa: QA Issue: python3-fail2ban installs files in /run, but it is expected to be empty [empty-dirs] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bastille: Create /var/log/Bastille in runtimeArmin Kuster2021-11-071-2/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: Create /var/log/sssd in runtimeArmin Kuster2021-11-071-1/+13
| | | | | | | | | | /var/log is normally a link to /var/volatile/log and /var/volatile is a tmpfs mount. So anything created in /var/log will not be available when the tmpfs is mounted. [Thanks to Peter Kjellerstedt for example] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update SRC_URI branch and protocolsArmin Kuster2021-11-049-9/+9
| | | | | | | | This patch updates SRC_URIs using git to include branch=master if no branch is set and also to use protocol=https for github urls as generated by the conversion script in OE-Core. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: blacklist do to ldns being blacklistedArmin Kuster2021-10-241-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: re-package to fix QA issuesKai Kang2021-10-181-5/+9
| | | | | | | | | | | | | | | | | | | | | | | It packages all file in ${libdir} to package sssd, including the .so symlink files. Then it causes QA issues: | ERROR: QA Issue: sssd rdepends on dbus-dev [dev-deps] | ERROR: QA Issue: sssd rdepends on ding-libs-dev [dev-deps] So re-package sssd then the .so symlink files and .pc files are packaged to sssd-dev which should be. File ${libdir}/libsss_sudo.so is not a symlink file but packaged to sssd-dev too. Then causes another QA issue: | ERROR: sssd-2.5.2-r0 do_package_qa: QA Issue: -dev package sssd-dev contains non-symlink .so '/usr/lib/libsss_sudo.so' [dev-elf] So create a new sub-package libsss-sudo to package file libsss_sudo.so and make sssd rdepends on it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix build failure and cleanupArmin Kuster2021-10-182-178/+4
| | | | | | | | | | | | | Fixes: error in fail2ban setup command: use_2to3 is invalid. ERROR: 'python3 setup.py build ' execution failed. drop custom fail2ban_setup.py remove pyhton-fail2ban as its a symlink to python3 Update to tip for 11.2 branch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-security/chipsec: platform security assessment frameworkLiwei Song2021-10-181-0/+35
| | | | | | | | Add chipsec, tools to dump and analyzing hardware, system firmware components, like PCH register, ioport or iomem configuration space. Signed-off-by: Liwei Song <liwei.song@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-security/fscrypt: Add fscrypt .bb fileBhupesh Sharma2021-09-281-0/+49
| | | | | | | | | | | | fscrypt is a high-level tool for the management of Linux filesystem encryption. fscrypt manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories. Add recipe for the same in 'recipes-security'. Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* isic: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-2-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryfs: drop recipeArmin Kuster2021-09-151-10/+0
| | | | | | it was accidently pushed and is incmomplete Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: 2.5.1 -> 2.5.2Kai Kang2021-09-102-1/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | SSSD 2.5.2 Highlights * General information - originalADgidNumber attribute in the SSSD cache is now indexed * New features - Debug messages in data provider include a unique request ID that can be used to track the request from its start to its end (requires libtevent >= 0.11.0) * Important fixes - Update large files in the files provider in batches to avoid timeouts * Configuration changes - Add new config option fallback_to_nss Full release notes: * https://sssd.io/release-notes/sssd-2.5.2.html And backport patch to fix CVE-2021-3621. CVE: CVE-2021-3621 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: Rust is in core nowArmin Kuster2021-08-263-0/+380
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryfs: add new packageArmin Kuster2021-08-261-0/+10
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Convert to new override syntaxArmin Kuster2021-08-0117-81/+81
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 2.5.1Armin Kuster2021-07-042-2/+57
| | | | | | | | See full change log: https://sssd.io/release-notes/sssd-2.5.1.html Including a musl build work around Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ssshgaurd: add packaageArmin Kuster2021-06-291-0/+11
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* aircrack-ng: update to 1.6Federico Pellegrin2021-06-201-3/+5
| | | | | Signed-off-by: Federico Pellegrin <fede@evolware.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: add fix-ldblibdir.patch backKai Kang2021-06-202-0/+26
| | | | | | | | The patch fix-ldblibdir.patch has been dropped when update sssd to 2.5.0. But it fails to start sssd without this patch. So add it back. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: set pid path with /runKai Kang2021-06-201-2/+3
| | | | | | | | /var/run is deprecated and set pid path with /run to store pid files for the SSSD. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgssglue: update SRC_URIYi Zhao2021-06-051-3/+3
| | | | | | | | | | | | Update SRC_URI to use Debian mirror because the original site is unaccessible. Fixes do_fetch error: ERROR: libgssglue-0.4-r0 do_fetch: Fetcher failure for URL: 'http://www.citi.umich.edu/projects/nfsv4/linux/libgssglue/libgssglue-0.4.tar.gz'. Unable to fetch URL from any source. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* python3-scapy: drop , now in meta-pythonArmin Kuster2021-06-052-34/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 2.5.0Armin Kuster2021-06-058-183/+89
| | | | | | | | | | | | Add new depends Drop obsolete patches Signed-off-by: Armin Kuster <akuster808@gmail.com> ---- v2] Fix issue with nsupdate check don't use host bind
* python3-scapy: update to 2.4.5Armin Kuster2021-06-051-3/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* opendnssec: upgrade 2.1.8 -> 2.1.9Upgrade Helper2021-06-051-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-scapy: add UPSTREAM_CHECK_COMMITSArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: drop recipe. In core nowArmin Kuster2021-04-262-51/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Use libest "main" branch instead of "master".Anton Antonov2021-04-121-1/+1
| | | | | | | | | | | This patch fixes the issue: WARNING: libest-3.2.0-r0 do_fetch: Failed to fetch URL git://github.com/cisco/libest, attempting MIRRORS if available ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure: Unable to find revision 4ca02c6d7540f2b1bcea278a4fbe373daac7103b in branch master even from upstream ERROR: libest-3.2.0-r0 do_fetch: Fetcher failure for URL: 'git://github.com/cisco/libest'. Unable to fetch URL from any source. Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: upgrade 3.5.1 -> 3.5.2Armin Kuster2021-04-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-04 00:53:41 +0000