| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVE product name for selinux-* package is (usually) the selinux
(and not our recipe name), so use selinux as the default.
See also:
http://lists.openembedded.org/pipermail/openembedded-core/2017-July/139897.html
"Results from cve-check are not very good at the moment.
One of the reasons for this is that component names used in CVE
database differ from yocto recipe names. This series fixes several
of those name mapping problems by setting the CVE_PRODUCT correctly
in the recipes. To check this mapping with after a build, I'm exporting
LICENSE and CVE_PRODUCT variables to buildhistory for recipes and
packages."
Value added is based on:
https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3Akernel%3Aselinux
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
* Refresh patch.
* Drop backport patch.
* Add dependency python3-setuptools-scm-native to fix build error.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Add dependency python3-setuptools-scm-native to fix build error.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
License-Update: Rename COPYING to LICENSE. No content changes.
* Drop backport patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.5
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to fix build failure for refpolicy-mls:
| Creating mls xserver.pp policy package
| libsepol.validate_user_datum: Invalid user datum
| libsepol.validate_datum_array_entries: Invalid datum array entries
| libsepol.validate_policydb: Invalid policydb
| /buildarea/build/tmp/work/qemux86_64-poky-linux/refpolicy-mls/2.20220520+gitAUTOINC+f311d401cd-r0/recipe-sysroot-native/usr/bin/semodule_package:
Error while reading policy module from tmp/xserver.mod
| make: *** [Rules.modular:98: xserver.pp] Error 1
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
Recipe have implicit dependency on nativesdk-python,
so recipe-sysroot-root populated with python headers.
But during build code look for headers into recipe-sysroot.
Add python dependency explicitly.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Backport a patch to fix chcat runtime error.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Use precise license BSD-2-Clause instead of license BSD.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
* Use libpcre2 instead of libpcre.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Use libpcre2 instead of libpcre.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add RDEPENDS on python3-multiprocessing for selinux-python-sepolicy to
fix runtime error:
$ sepolicy
Traceback (most recent call last):
File "/usr/bin/sepolicy", line 28, in <module>
from multiprocessing import Pool
ModuleNotFoundError: No module named 'multiprocessing'
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Use convert-spdx-licenses.py to update LICENSE names in recipes.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WARNING: checkpolicy-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: setools-4.4.0-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 LGPLv2.1 [obsolete-license] \
WARNING: policycoreutils-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: refpolicy-standard-2.20210908+gitAUTOINC+23a8d103f3-r0.2 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: selinux-python-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \
WARNING: ecryptfs-utils-111-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-2.0 [obsolete-license] \
WARNING: nikto-2.1.6-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: bastille-3.2.1-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: suricata-6.0.4-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
WARNING: samhain-server-4.4.6-r0.7 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \
...
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Drop backport CVE patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
| |
There are too many recipes in recipes-security/selinux. Keep the selinux
userspace recipes and move selinux scripts to selinux-scripts directory
to make the directory hierarchy clearer.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add RDEPENDS on audit-python for selinux-python-semanage.
Fixes:
$ semanage fcontext -a -t user_home_t "/web(/.*)?"
Traceback (most recent call last):
File "/usr/sbin/semanage", line 975, in <module>
do_parser()
File "/usr/sbin/semanage", line 947, in do_parser
args.func(args)
File "/usr/sbin/semanage", line 329, in handleFcontext
OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser)
File "/usr/lib/python3.9/site-packages/seobject.py", line 2485, in add
self.__add(target, type, ftype, serange, seuser)
File "/usr/lib/python3.9/site-packages/seobject.py", line 2481, in __add
self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s"
% (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype],)
NameError: name 'audit' is not defined
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
| |
Ensure the correct build options are passed during builds.
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
| |
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2021-36086:
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission
(called from cil_reset_classperms_set and cil_reset_classperms_list).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-36086
Patch from:
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://github.com/SELinuxProject/selinux
MR: 111869
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac
ChangeID: b282a68f76e509f548fe6ce46349af56d09481c6
Description:
Affects: secilc <= 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://github.com/SELinuxProject/selinux/
MR: 111857
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4
Description:
Affects: libsepol <= 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://github.com/SELinuxProject/selinux
MR: 111851
Type: Security Fix
Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
ChangeID: 7fae27568e26ccbb18be3d2a1ce7332d42706f18
Description:
Affects: libsepol < 3.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
| |
This is the result of automated script conversion:
poky/scripts/contrib/convert-overrides.py meta-selinux
Converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
| |
Merge inc file into bb file.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|