summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* sshguard: Update to 2.5.1Scott Murray2025-07-041-1/+1
| | | | | | | | This picks up required gcc 15 fixes. Changelog: https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* Adapt to S/UNPACKDIR changesScott Murray2025-07-0412-21/+2
| | | | | | | Remove or update S definitions as required to work with oe-core S/UNPACKDIR changes. Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* Fix warning : lack of whitespace around assignmentJ. S.2025-07-043-4/+4
| | | | | | | | | v2 : also fix some typos while we are here. v3 : add fixes for isic and checksecurity Signed-off-by: Jason Schonberg <schonm@gmail.com> [removed already applied change] Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* libgssglue: add ptestYi Zhao2025-04-132-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ptest result: ptest-runner libgssglue START: ptest-runner 2025-03-27T13:15 BEGIN: /usr/lib64/libgssglue/ptest PASS: gss_create_empty_oid_set PASS: gss_test_oid_set_member PASS: gss_test_oid_set_member n==0 PASS: gss_add_oid_set_member() OK PASS: gss_test_oid_set_member() OK OID present in set with the OID added to it => 1 PASS: gss_test_oid_set_member() OK PASS: gss_test_oid_set_member() OK Another OID present in set without the OID => 0 PASS: gss_test_oid_set_member() OK PASS: gss_add_oid_set_member() OK PASS: gss_test_oid_set_member() OK Another OID present in set with it added => 1 PASS: gss_test_oid_set_member() OK PASS: gss_test_oid_set_member() OK First OID present in set => 1 PASS: gss_test_oid_set_member() OK PASS: gss_release_oid_set() OK PASS: gss_indicate_mechs() OK PASS: gss_release_oid_set() OK PASS: gss_import_name() OK PASS: gss_display_name() OK display_name() => 27: imap@server.example.org@FOO PASS: gss_release_buffer() OK PASS: gss_release_name() OK Basic self tests done with 0 errors DURATION: 0 END: /usr/lib64/libgssglue/ptest 2025-03-27T13:15 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgssglue: upgrade 0.8 -> 0.9Yi Zhao2025-04-132-64/+2
| | | | | | | * Drop useless patch libgssglue-canon-name.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ecryptfs-utils: depend on ecryptfs kernel moduleMikko Rapeli2024-12-271-1/+4
| | | | | | | | ecryptfs-utils userspace daemon fails to start if kernel module is not available on target. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgssglue: switch to use git sourceChen Qi2024-09-091-2/+3
| | | | | | | | | | | The 0.8 orig.tar.gz is not in debian mirror any more. In fact, we really should avoid using orig.tar.gz like this because distros like debian will just delete those that they don't maintain any more. Switch to use git source. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chipsec: Fix QA WarningsArmin Kuster2024-07-291-0/+4
| | | | | | | ERROR: chipsec-1.9.1-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/chipsec/helper/linux/chipsec.ko in package chipsec contains reference to TMPDIR [buildpaths] ERROR: chipsec-1.9.1-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/chipsec/helper/linux/.debug/chipsec.ko in package chipsec-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* isic: Fix config errorArmin Kuster2024-07-291-0/+4
| | | | | | | configure: error: installation or configuration problem: C compiler cannot create executables. | NOTE: The following config.log files may provide further information. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: Fix QA warningsArmin Kuster2024-07-291-0/+2
| | | | | | | | ERROR: krill-0.12.3-r0 do_package_qa: QA Issue: File /usr/bin/.debug/krill in package krill-dbg contains reference to TMPDIR File /usr/bin/.debug/krillc in package krill-dbg contains reference to TMPDIR File /usr/bin/.debug/krillup in package krill-dbg contains reference to TMPDIR [buildpaths] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-*: convert WORKDIR->UNPACKDIRArmin Kuster2024-07-2912-13/+13
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: WORKDIR -> UNPACKDIR transitionChangqing Li2024-06-173-17/+18
| | | | | | | | | * WORKDIR -> UNPACKDIR transition * Switch away from S = WORKDIR Signed-off-by: Changqing Li <changqing.li@windriver.com> [Fixed up the smack changes due to prior patch] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Check for usrmerge before removing /usr/libJeremy A. Puhlman2024-03-271-1/+3
| | | | | Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgssglue: update to 0.8Armin Kuster2023-12-291-2/+2
| | | | | LICENSE changed Signed-off-by: Armin Kuster <akuster808@gmail.com>
* paxctl: Fix do_package QA Issue.Lei Maohui2023-09-082-1/+29
| | | | | | | | | After usrmerge had been enabled, paxctl has the fowllowing error: ERROR: paxctl-0.9-r0 do_package: QA Issue: paxctl: Files/directories were installed but not shipped in any package: /sbin/paxctl Signed-off-by: Lei Maohui <leimaohui@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sshguard: Update to 2.4.3Armin Kuster2023-08-061-1/+1
| | | | | | Changelog: https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst Signed-off-by: Armin Kuster <akuster808@gmail.com>
* glome: update to tipLuke Granger-Brown2023-08-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Markus Rudy (17): Use Github TeX Markdown instead of image includes. Merge pull request #134 from burgerdev/md-tex Merge pull request #135 from vvidic/cli-base64 RFD 002: public key format at rest (#109) Merge pull request #137 from vvidic/hmac Merge pull request #138 from vvidic/hmac2 Update list of supported Python versions Install golint instead of 'get'ting it. Merge pull request #139 from burgerdev/actions Clarify format of public key at rest Test all supported config file keys Merge pull request #144 from burgerdev/public-key-format Fix linter findings for #144 Use 'release' buildtype for NixOS builds Merge pull request #149 from google/l9i/bye-java RFD 001: GLOME Login v2 (#102) login/v2 implementation for Go (#162) Philipp Kern (21): Merge pull request #133 from google/l9i/pam-fix Merge pull request #132 from google/l9i/nix-shell Merge pull request #140 from vvidic/defaul-typo Merge pull request #142 from vvidic/soversion Merge pull request #146 from burgerdev/lint Merge pull request #148 from google/dependabot/go_modules/go/golang.org/x/crypto-0.1.0 Merge pull request #152 from google/l9i/cpplint Merge pull request #154 from vvidic/docker-public-key Merge pull request #155 from vvidic/prompt-fix Insert a slash after url-prefix when writing it into prompt Merge pull request #156 from google/url-prefix-compat Merge pull request #157 from vvidic/config-order State that devices require randomness for the protocol to work Update docs/protocol.md Merge pull request #158 from google/pkern-patch-1 Fix error to state "at most" instead of "at least" Merge pull request #153 from vvidic/min-tag-length Merge pull request #159 from vvidic/host-id-type README.md: Codeblock fixups Merge branch 'master' into l9i/README Merge pull request #141 from google/l9i/README Piotr Lewandowski (12): Fix failing PAM test Treat warning as errors Define OPENSSL_API_COMPAT to require OpenSSL >=1.1 Use werror only for CI Add nix-shell config for setting up dev environment Add GitHub Action workflow for shell.nix Add intro and installation steps to README.md Address reviewer's comments Wrap lines Delete Java implementation Rename `url-prefix` to `prompt` (#131) Add `cpplint` linter Valentin Vidic (10): Update CLI to use base64 instead of hex tags. Replace deprecated OpenSSL HMAC API with EVP. Replace OpenSSL EVP_DigestSign API with HMAC() Fix typo: defaul => default Use project version in library version Update Docker scripts for new public key format Fix setting of prompt parameter Parse command line again after reading the config Add config option for minimum authcode length #122 Add config option for host-id type #122 dependabot[bot] (1): Bump golang.org/x/crypto in /go Signed-off-by: Luke Granger-Brown <lukegb@google.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* firejail: only allow x86-64 and arm64 to buildArmin Kuster2023-07-311-1/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: fix malformed Upstream-Status and SOB linesMartin Jansa2023-06-255-5/+5
| | | | | | | | | | | | | | | | | | | | | | * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch) Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch) Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* isic: fine tune Upstream-StatusArmin Kuster2023-06-253-9/+4
| | | | | | These are changes I did so apply the appropriate label. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-254-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 0 (0%) meta-parsec N/A (0%) meta-hardening 1 (100%) meta-integrity 15 (68%) meta-tpm 27 (61%) meta-security Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmhash: fix multilib header conflict - mutils/mhash_config.hAdrian Zaharia2023-05-061-1/+5
| | | | | | | Header file conflict between 32-bit and 64-bit versions Signed-off-by: Adrian Zaharia <Adrian.Zaharia@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscryptctl: update to 1.0.1Armin Kuster2023-05-061-1/+6
| | | | | | Don't build man as it needs pandoc Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: forced to inclued fetch hashes.Armin Kuster2023-04-083-281/+552
| | | | | | | | | | Now manditory via Poky commit: https://git.yoctoproject.org/poky/commit/bitbake/lib/bb/fetch2?id=4d9886e1435dba3785973cc920865f8ab67e644d used cargo-update-recipe-crates to fixup Drop krill.inc in favor of new crate file name Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptmout: update to 6.2.0Armin Kuster2023-03-201-5/+3
| | | | | | Change LIC_FILES_CHKSUM to use COPYING Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: update 0.12.3Armin Kuster2023-03-203-107/+146
| | | | | | refresh patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* firejail: update 0.9.72Armin Kuster2023-03-202-11/+12
| | | | | | refresh patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmspack: update to 1.11Armin Kuster2023-03-201-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscrypt: update to 1.1.0Armin Kuster2023-03-201-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bubblewrap: remove recipeMarkus Volk2023-01-041-22/+0
| | | | | | | It was moved to meta-oe. Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bubblewrap: Update 0.6.2 -> 0.7.0Alex Kiernan2022-11-191-4/+3
| | | | | | | | Inherit github-releases so that `devtool upgrade` can identify new versions correctly. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chipsec: update to 1.9.1Armin Kuster2022-11-191-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptmount: update to 6.0Armin Kuster2022-09-252-23/+3
| | | | | | | LIC_FILES_CHKSUM changed do to yr change Drop patch remove_linux_fs.patch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libgssglue: update to 0.7Armin Kuster2022-09-255-125/+13
| | | | | | | | | | | | LIC_FILE_CHKSUM changes to to indentations changes. use bootstrap to setup config properly. Drop libgssglue-fix-CVE-2011-2709.patch, libgssglue-g-initialize.patch now included in update. and ibgssglue-mglueP.patch now included in update. Drop libgssglue-gss-inq-cred.patch still pending after 5 yrs. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* update chipsec to 1.8.8Armin Kuster2022-09-121-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptmount: fix systemd service installArmin Kuster2022-09-121-0/+10
| | | | | | | | | | Default is to install the service in /usr/lib Signed-off-by: Armin Kuster <akuster808@gmail.com> -- [V2] Fix typo in subject
* cyptmount: Fix mount.h conflicts seen with glibc 2.36+Armin Kuster2022-08-252-1/+22
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Add recipe for GlomeJohn Edward Broadbent2022-08-121-0/+24
| | | | | | | | Generic Low Overhead Message Exchange (GLOME) is a protocol providing secure authentication and authorization for low dependency environments. Signed-off-by: John Edward Broadbent <jebr@google.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptmount: Add new pkgArmin Kuster2022-08-121-0/+25
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: only builds on x86/x86-64 and arm64Armin Kuster2022-08-021-1/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: update to 0.9.6Armin Kuster2022-08-022-246/+163
| | | | | | add UPGRADE_CHECK vars Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ecryptfs-utils: add UPSTREAM_CHECK_URIArmin Kuster2022-08-021-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chipsec: update to 1.8.7Armin Kuster2022-07-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bubblewrap: Add recipeAlex Kiernan2022-07-301-0/+23
| | | | Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
* chipsec: update to 1.8.5Armin Kuster2022-06-231-11/+10
| | | | | | minor recipe cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: skip mips firejailArmin Kuster2022-06-231-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* firejail: Add new packageArmin Kuster2022-06-232-0/+106
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libmhash: add native pkg supportArmin Kuster2022-06-231-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd:move to dynamic networking-layerArmin Kuster2022-06-189-599/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: move perl and python recipes to dynamic layers structureArmin Kuster2022-05-1430-9443/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-19 08:57:31 +0000