diff options
19 files changed, 374 insertions, 78 deletions
@@ -1,47 +1,22 @@ | |||
1 | This README file contains information on the contents of the | 1 | Meta-security |
2 | security layer. | 2 | ============= |
3 | |||
4 | Please see the corresponding sections below for details. | ||
5 | 3 | ||
4 | This layer provides security tools, hardening tools for Linux kernels | ||
5 | and libraries for implementing security mechanisms. | ||
6 | 6 | ||
7 | Dependencies | 7 | Dependencies |
8 | ============ | 8 | ============ |
9 | 9 | ||
10 | This layer depends on: | 10 | This layer depends on: |
11 | 11 | ||
12 | URI: git://git.openembedded.org/bitbake | 12 | URI: git://git.yoctoproject.org/poky |
13 | branch: master | ||
14 | |||
15 | URI: git://git.openembedded.org/openembedded-core | ||
16 | layers: meta | ||
17 | branch: master | ||
18 | |||
19 | URI: git://git.yoctoproject.org/xxxx | ||
20 | layers: xxxx | ||
21 | branch: master | 13 | branch: master |
14 | revision: HEAD | ||
15 | prio: default | ||
22 | 16 | ||
23 | 17 | Adding the security layer to your build | |
24 | Patches | ||
25 | ======= | ||
26 | |||
27 | Please submit any patches against the security layer to the | ||
28 | xxxx mailing list (xxxx@zzzz.org) and cc: the maintainer: | ||
29 | |||
30 | Maintainer: XXX YYYYYY <xxx.yyyyyy@zzzzz.com> | ||
31 | |||
32 | |||
33 | Table of Contents | ||
34 | ================= | ||
35 | |||
36 | I. Adding the security layer to your build | ||
37 | II. Misc | ||
38 | |||
39 | |||
40 | I. Adding the security layer to your build | ||
41 | ================================================= | 18 | ================================================= |
42 | 19 | ||
43 | --- replace with specific instructions for the security layer --- | ||
44 | |||
45 | In order to use this layer, you need to make the build system aware of | 20 | In order to use this layer, you need to make the build system aware of |
46 | it. | 21 | it. |
47 | 22 | ||
@@ -52,13 +27,11 @@ other layers needed. e.g.: | |||
52 | 27 | ||
53 | BBLAYERS ?= " \ | 28 | BBLAYERS ?= " \ |
54 | /path/to/yocto/meta \ | 29 | /path/to/yocto/meta \ |
55 | /path/to/yocto/meta-yocto \ | 30 | /path/to/poky/meta-security \ |
56 | /path/to/yocto/meta-yocto-bsp \ | ||
57 | /path/to/yocto/meta-security \ | ||
58 | " | ||
59 | |||
60 | 31 | ||
61 | II. Misc | 32 | License |
62 | ======== | 33 | ------- |
63 | 34 | ||
64 | --- replace with specific information about the security layer --- | 35 | All metadata is MIT licensed unless otherwise stated. Source code included |
36 | in tree for individual recipes is under the LICENSE stated in each recipe | ||
37 | (.bb file) unless otherwise stated. | ||
diff --git a/recipes-example/example/example-0.1/example.patch b/recipes-example/example/example-0.1/example.patch deleted file mode 100644 index 2000a34..0000000 --- a/recipes-example/example/example-0.1/example.patch +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | # | ||
2 | # This is a non-functional placeholder file, here for example purposes | ||
3 | # only. | ||
4 | # | ||
5 | # If you had a patch for your recipe, you'd put it in this directory | ||
6 | # and reference it from your recipe's SRC_URI: | ||
7 | # | ||
8 | # SRC_URI += "file://example.patch" | ||
9 | # | ||
10 | # Note that you could also rename the directory containing this patch | ||
11 | # to remove the version number or simply rename it 'files'. Doing so | ||
12 | # allows you to use the same directory for multiple recipes. | ||
diff --git a/recipes-example/example/example-0.1/helloworld.c b/recipes-example/example/example-0.1/helloworld.c deleted file mode 100644 index 71f2e46..0000000 --- a/recipes-example/example/example-0.1/helloworld.c +++ /dev/null | |||
@@ -1,8 +0,0 @@ | |||
1 | #include <stdio.h> | ||
2 | |||
3 | int main(int argc, char **argv) | ||
4 | { | ||
5 | printf("Hello World!\n"); | ||
6 | |||
7 | return 0; | ||
8 | } | ||
diff --git a/recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb b/recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb new file mode 100644 index 0000000..af5907f --- /dev/null +++ b/recipes-security/Mail-SpamAssasin/Mail-SpamAssassin_3.3.2.bb | |||
@@ -0,0 +1,19 @@ | |||
1 | SUMMARY = "e-mail filter" | ||
2 | DESCRIPTION = "SpamAssassin is a mail filter which attempts to identify spam using a variety of mechanisms including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases." | ||
3 | SECTION = "security" | ||
4 | LICENSE = "GPL-2.0" | ||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" | ||
6 | DEPENDS = "perl" | ||
7 | |||
8 | SRC_URI = "http://apache.mirrors.hoobly.com/spamassassin/source/${PN}-${PV}.tar.gz" | ||
9 | |||
10 | SRC_URI[md5sum] = "d1d62cc5c6eac57e88c4006d9633b81e" | ||
11 | SRC_URI[sha256sum] = "5323038939a0ef9fc97d5264defce3ae1d95e98b3a94c4c3b583341c927f32df" | ||
12 | |||
13 | EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}" | ||
14 | inherit cpan | ||
15 | |||
16 | do_compile(){ | ||
17 | export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')" | ||
18 | cpan_do_compile | ||
19 | } | ||
diff --git a/recipes-security/bastille/bastille_3.2.1.bb b/recipes-security/bastille/bastille_3.2.1.bb index 9aa0fb1..ef754c2 100644 --- a/recipes-security/bastille/bastille_3.2.1.bb +++ b/recipes-security/bastille/bastille_3.2.1.bb | |||
@@ -1,9 +1,9 @@ | |||
1 | SUMMARY = "Linux hardening tool" | ||
1 | DESCRIPTION = "Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling." | 2 | DESCRIPTION = "Bastille Linux is a Hardening and Reporting/Auditing Program which enhances the security of a Linux box, by configuring daemons, system settings and firewalling." |
2 | LICENSE = "GPLv2" | 3 | LICENSE = "GPLv2" |
3 | LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" | 4 | LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b" |
4 | # Bash is needed for set +o privileged (check busybox), might also need ncurses | 5 | # Bash is needed for set +o privileged (check busybox), might also need ncurses |
5 | RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd curses-perl coreutils" | 6 | RDEPENDS_${PN} = "perl bash tcl perl-module-getopt-long perl-module-text-wrap lib-perl perl-module-file-path perl-module-mime-base64 perl-module-file-find perl-module-errno perl-module-file-glob perl-module-tie-hash-namedcapture perl-module-file-copy perl-module-english perl-module-exporter perl-module-cwd curses-perl coreutils" |
6 | PR = "r0" | ||
7 | 7 | ||
8 | inherit allarch | 8 | inherit allarch |
9 | 9 | ||
diff --git a/recipes-security/buck-security/buck-security_0.6.bb b/recipes-security/buck-security/buck-security_0.6.bb new file mode 100644 index 0000000..23bf1b1 --- /dev/null +++ b/recipes-security/buck-security/buck-security_0.6.bb | |||
@@ -0,0 +1,29 @@ | |||
1 | SUMMARY = "Linux security scanner" | ||
2 | DESCRIPTION = "Buck-Security is a security scanner for Debian and Ubuntu Linux. It runs a couple of important checks and helps you to harden your Linux \ | ||
3 | system. This enables you to quickly overview the security status of your Linux system." | ||
4 | SECTION = "security" | ||
5 | LICENSE = "GPL-2.0" | ||
6 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | ||
7 | RDEPENDS_${PN} = "perl perl-module-term-ansicolor perl-module-posix perl-module-getopt-long perl-module-time-localtime perl-module-data-dumper perl-module-lib" | ||
8 | |||
9 | SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_0.6/${PN}_${PV}.tar.gz" | ||
10 | |||
11 | SRC_URI[md5sum] = "edbd40742853fc91ffeae5b2d9ea7bab" | ||
12 | SRC_URI[sha256sum] = "5d5dcc58b09c3a4bd87f60f86bb62cd2b0bfd7106a474951f8f520af0042a5b7" | ||
13 | |||
14 | S = "${WORKDIR}/${PN}_${PV}" | ||
15 | |||
16 | do_configure() { | ||
17 | : | ||
18 | } | ||
19 | |||
20 | do_compile() { | ||
21 | : | ||
22 | } | ||
23 | |||
24 | do_install() { | ||
25 | install -d ${D}${exec_prefix}/local/${PN} | ||
26 | cp -r ${S}/* ${D}${exec_prefix}/local/${PN} | ||
27 | } | ||
28 | |||
29 | FILES_${PN} = "${exec_prefix}/*" | ||
diff --git a/recipes-security/checksecurity/checksecurity_2.0.14.bb b/recipes-security/checksecurity/checksecurity_2.0.14.bb index 951a3e6..72d6c64 100644 --- a/recipes-security/checksecurity/checksecurity_2.0.14.bb +++ b/recipes-security/checksecurity/checksecurity_2.0.14.bb | |||
@@ -1,9 +1,12 @@ | |||
1 | DESCRIPTION = "basic system security checks" | 1 | SUMMARY = "basic system security checks" |
2 | DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes." | ||
2 | SECTION = "security" | 3 | SECTION = "security" |
3 | LICENSE = "GPL-2.0" | 4 | LICENSE = "GPL-2.0" |
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | 5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" |
6 | RDEPENDS_${PN} = "perl env-perl perl-module-tie-array perl-module-getopt-long perl-module-file-glob util-linux findutils" | ||
5 | 7 | ||
6 | SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz" | 8 | SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \ |
9 | file://setuid-log-folder.patch" | ||
7 | 10 | ||
8 | SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17" | 11 | SRC_URI[md5sum] = "ad6cfe0cd66ebdd16dd5d4ee5fa8fa17" |
9 | SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2" | 12 | SRC_URI[sha256sum] = "a2bc2355358d6daf3cb72485d564e82cb541e8516f23b50522c816853ecd13c2" |
diff --git a/recipes-security/checksecurity/files/setuid-log-folder.patch b/recipes-security/checksecurity/files/setuid-log-folder.patch new file mode 100644 index 0000000..540ea9c --- /dev/null +++ b/recipes-security/checksecurity/files/setuid-log-folder.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From 24dbeec135ff83f2fd35ef12fe9842f02d6fd337 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
3 | Date: Thu, 20 Jun 2013 15:14:55 +0300 | ||
4 | Subject: [PATCH] changed log folder for check-setuid | ||
5 | |||
6 | check-setuid was creating logs in /var/log directory, | ||
7 | which cannot be created persistently. To avoid errors | ||
8 | the log folder was changed to /etc/checksecurity/. | ||
9 | |||
10 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
11 | --- | ||
12 | etc/check-setuid.conf | 2 +- | ||
13 | plugins/check-setuid | 6 +++--- | ||
14 | 2 files changed, 4 insertions(+), 4 deletions(-) | ||
15 | |||
16 | diff --git a/etc/check-setuid.conf b/etc/check-setuid.conf | ||
17 | index 621336f..e1532c0 100644 | ||
18 | --- a/etc/check-setuid.conf | ||
19 | +++ b/etc/check-setuid.conf | ||
20 | @@ -116,4 +116,4 @@ CHECKSECURITY_PATHFILTER="-false" | ||
21 | # | ||
22 | # Location of setuid file databases. | ||
23 | # | ||
24 | -LOGDIR=/var/log/setuid | ||
25 | +LOGDIR=/etc/checksecurity/ | ||
26 | diff --git a/plugins/check-setuid b/plugins/check-setuid | ||
27 | index 8d6f90b..bdb21c1 100755 | ||
28 | --- a/plugins/check-setuid | ||
29 | +++ b/plugins/check-setuid | ||
30 | @@ -44,8 +44,8 @@ if [ `/usr/bin/id -u` != 0 ] ; then | ||
31 | exit 1 | ||
32 | fi | ||
33 | |||
34 | -TMPSETUID=${LOGDIR:=/var/log/setuid}/setuid.new.tmp | ||
35 | -TMPDIFF=${LOGDIR:=/var/log/setuid}/setuid.diff.tmp | ||
36 | +TMPSETUID=${LOGDIR:=/etc/checksecurity/}/setuid.new.tmp | ||
37 | +TMPDIFF=${LOGDIR:=/etc/checksecurity/}/setuid.diff.tmp | ||
38 | |||
39 | # | ||
40 | # Check for NFS/AFS mounts that are not nosuid/nodev | ||
41 | @@ -75,7 +75,7 @@ if [ "$CHECKSECURITY_NOFINDERRORS" = "TRUE" ] ; then | ||
42 | fi | ||
43 | |||
44 | # Guard against undefined vars | ||
45 | -[ -z "$LOGDIR" ] && LOGDIR=/var/log/setuid | ||
46 | +[ -z "$LOGDIR" ] && LOGDIR=/etc/checksecurity/ | ||
47 | if [ ! -e "$LOGDIR" ] ; then | ||
48 | echo "ERROR: Log directory $LOGDIR does not exist" | ||
49 | exit 1 | ||
50 | -- | ||
51 | 1.7.9.5 | ||
52 | |||
diff --git a/recipes-security/libseccomp/files/compiler.patch b/recipes-security/libseccomp/files/compiler.patch new file mode 100644 index 0000000..c7f2fbb --- /dev/null +++ b/recipes-security/libseccomp/files/compiler.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From fb3e84f6212333949ee3e410bb468bb06c289a1e Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
3 | Date: Fri, 28 Jun 2013 15:55:13 +0300 | ||
4 | Subject: [PATCH] libseccomp always used host compiler | ||
5 | |||
6 | passing $CC at do_install() doesn't seem to have | ||
7 | effect on the compiler used by libseccomp. Modified | ||
8 | the compiler manually. | ||
9 | |||
10 | Upstream Status: Inapropriate | ||
11 | |||
12 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
13 | --- | ||
14 | macros.mk | 2 +- | ||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/macros.mk b/macros.mk | ||
18 | index 9c62fa7..e219be6 100644 | ||
19 | --- a/macros.mk | ||
20 | +++ b/macros.mk | ||
21 | @@ -66,7 +66,7 @@ AWK ?= awk | ||
22 | PYTHON ?= /usr/bin/env python | ||
23 | |||
24 | # we require gcc specific functionality | ||
25 | -GCC ?= gcc | ||
26 | +GCC ?= $(CC) | ||
27 | |||
28 | INSTALL ?= install | ||
29 | |||
30 | -- | ||
31 | 1.7.9.5 | ||
32 | |||
diff --git a/recipes-security/libseccomp/libseccomp_2.1.0.bb b/recipes-security/libseccomp/libseccomp_2.1.0.bb new file mode 100644 index 0000000..f909c62 --- /dev/null +++ b/recipes-security/libseccomp/libseccomp_2.1.0.bb | |||
@@ -0,0 +1,19 @@ | |||
1 | SUMMARY = "interface to seccomp filtering mechanism" | ||
2 | DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp." | ||
3 | SECTION = "security" | ||
4 | LICENSE = "GPL-2.0" | ||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | ||
6 | |||
7 | SRC_URI = "http://sourceforge.net/projects/libseccomp/files/${PN}-${PV}.tar.gz \ | ||
8 | file://compiler.patch" | ||
9 | |||
10 | SRC_URI[md5sum] = "3961103c1234c13a810f6a12e60c797f" | ||
11 | SRC_URI[sha256sum] = "b0d6e4f0984e6632a04f0cf33c6babdb011674ba15ff208e196f037e0e09905e" | ||
12 | |||
13 | do_configure() { | ||
14 | ${S}/configure --prefix=${prefix} --libdir=${libdir} | ||
15 | } | ||
16 | |||
17 | do_install() { | ||
18 | oe_runmake DESTDIR=${D} install | ||
19 | } | ||
diff --git a/recipes-security/nmap/files/lua.patch b/recipes-security/nmap/files/lua.patch new file mode 100644 index 0000000..7cb86ab --- /dev/null +++ b/recipes-security/nmap/files/lua.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | Added missing definitions which caused failuire at do_configure | ||
2 | with --without-liblua option. | ||
3 | |||
4 | Upstream Status : pending | ||
5 | |||
6 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
7 | --- a/output.h | ||
8 | +++ b/output.h | ||
9 | @@ -226,6 +226,10 @@ | ||
10 | void printscriptresults(ScriptResults *scriptResults, stype scantype); | ||
11 | |||
12 | void printhostscriptresults(Target *currenths); | ||
13 | + | ||
14 | +/*This is a helper function to determine the ordering of the script results | ||
15 | + based on their id */ | ||
16 | +bool comparescriptids(ScriptResult first, ScriptResult second); | ||
17 | #endif | ||
18 | |||
19 | /* Print a table with traceroute hops. */ | ||
20 | @@ -253,8 +257,4 @@ | ||
21 | were found. */ | ||
22 | void printdatafilepaths(); | ||
23 | |||
24 | -/*This is a helper function to determine the ordering of the script results | ||
25 | - based on their id */ | ||
26 | -bool comparescriptids(ScriptResult first, ScriptResult second); | ||
27 | - | ||
28 | #endif /* OUTPUT_H */ | ||
29 | --- a/output.cc | ||
30 | +++ b/output.cc | ||
31 | @@ -2613,6 +2613,7 @@ | ||
32 | } | ||
33 | } | ||
34 | |||
35 | +#ifndef NOLUA | ||
36 | /*This is a helper function to determine the ordering of the script results | ||
37 | based on their id */ | ||
38 | bool comparescriptids(ScriptResult first, ScriptResult second){ | ||
39 | @@ -2625,5 +2626,6 @@ | ||
40 | else | ||
41 | return false; | ||
42 | } | ||
43 | +#endif | ||
44 | |||
45 | |||
46 | --- a/portlist.cc | ||
47 | +++ b/portlist.cc | ||
48 | @@ -144,6 +144,7 @@ | ||
49 | } | ||
50 | } | ||
51 | |||
52 | +#ifndef NOLUA | ||
53 | void Port::freeScriptResults(void) | ||
54 | { | ||
55 | while (!scriptResults.empty()) { | ||
56 | @@ -151,6 +152,7 @@ | ||
57 | scriptResults.pop_front(); | ||
58 | } | ||
59 | } | ||
60 | +#endif | ||
61 | |||
62 | /* Fills in namebuf (as long as there is space in buflen) with the | ||
63 | Name nmap normal output will use to describe the port. This takes | ||
64 | --- a/Target.cc | ||
65 | +++ b/Target.cc | ||
66 | @@ -162,10 +162,12 @@ | ||
67 | |||
68 | Target::~Target() { | ||
69 | FreeInternal(); | ||
70 | +#ifndef NOLUA | ||
71 | while (!scriptResults.empty()) { | ||
72 | scriptResults.front().clear(); | ||
73 | scriptResults.pop_front(); | ||
74 | } | ||
75 | +#endif | ||
76 | } | ||
77 | |||
78 | void Target::FreeInternal() { | ||
79 | |||
diff --git a/recipes-security/nmap/nmap_6.25.bb b/recipes-security/nmap/nmap_6.25.bb new file mode 100644 index 0000000..ff0caa7 --- /dev/null +++ b/recipes-security/nmap/nmap_6.25.bb | |||
@@ -0,0 +1,21 @@ | |||
1 | SUMMARY = "network auditing tool" | ||
2 | DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing." | ||
3 | SECTION = "security" | ||
4 | LICENSE = "GPL-2.0" | ||
5 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | ||
6 | |||
7 | SRC_URI = "http://nmap.org/dist/${PN}-${PV}.tar.bz2 \ | ||
8 | file://lua.patch" | ||
9 | |||
10 | SRC_URI[md5sum] = "fcc80f94ff3adcb11eedf91092ea6f5e" | ||
11 | SRC_URI[sha256sum] = "3349cc6d36b86b95ca2b8075d16615a3a598cef494920d6652f9a8bf9f7660b5" | ||
12 | |||
13 | inherit autotools | ||
14 | |||
15 | EXTRA_OECONF = "--without-liblua --without-zenmap" | ||
16 | |||
17 | do_configure() { | ||
18 | autoconf | ||
19 | oe_runconf | ||
20 | } | ||
21 | |||
diff --git a/recipes-security/openvas-cli/openvas-cli_1.2.0.bb b/recipes-security/openvas-cli/openvas-cli_1.2.0.bb new file mode 100644 index 0000000..d755578 --- /dev/null +++ b/recipes-security/openvas-cli/openvas-cli_1.2.0.bb | |||
@@ -0,0 +1,13 @@ | |||
1 | DESCRIPTION = "The module OpenVAS-CLI collects command line tools to handle with the OpenVAS services via the respective protocols." | ||
2 | SECTION = "security" | ||
3 | LICENSE = "GPL-2.0" | ||
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | ||
5 | |||
6 | DEPENDS = "gnutls openvas-libraries glib-2.0" | ||
7 | |||
8 | SRC_URI = "http://wald.intevation.org/frs/download.php/1323/${PN}-${PV}.tar.gz" | ||
9 | |||
10 | SRC_URI[md5sum] = "e712eb71f3a13cc1b70b50f696465f8e" | ||
11 | SRC_URI[sha256sum] = "d195ca01a44940d1e6fd2ad54ee4fc9b57a3d103235f0a1f05a8b35d97db6be8" | ||
12 | |||
13 | inherit cmake pkgconfig | ||
diff --git a/recipes-security/openvas-libraries/files/g_type_init.patch b/recipes-security/openvas-libraries/files/g_type_init.patch new file mode 100644 index 0000000..db55057 --- /dev/null +++ b/recipes-security/openvas-libraries/files/g_type_init.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From f498503889b8178f165afa66dc33aa8ad8901371 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
3 | Date: Fri, 28 Jun 2013 09:38:08 +0300 | ||
4 | Subject: [PATCH] removed the g_type_init() | ||
5 | |||
6 | The function is depricated in glib >= 2.35.0 and is | ||
7 | automatically called. | ||
8 | |||
9 | Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> | ||
10 | --- | ||
11 | base/openvas_file.c | 2 -- | ||
12 | 1 file changed, 2 deletions(-) | ||
13 | |||
14 | diff --git a/base/openvas_file.c b/base/openvas_file.c | ||
15 | index 8597198..d110c7f 100644 | ||
16 | --- a/base/openvas_file.c | ||
17 | +++ b/base/openvas_file.c | ||
18 | @@ -164,7 +164,6 @@ openvas_file_copy (const gchar *source_file, const gchar *dest_file) | ||
19 | GFile *sfile, *dfile; | ||
20 | GError *error; | ||
21 | |||
22 | - g_type_init (); | ||
23 | sfile = g_file_new_for_path (source_file); | ||
24 | dfile = g_file_new_for_path (dest_file); | ||
25 | error = NULL; | ||
26 | @@ -200,7 +199,6 @@ openvas_file_move (const gchar *source_file, const gchar *dest_file) | ||
27 | GFile *sfile, *dfile; | ||
28 | GError *error; | ||
29 | |||
30 | - g_type_init (); | ||
31 | sfile = g_file_new_for_path (source_file); | ||
32 | dfile = g_file_new_for_path (dest_file); | ||
33 | error = NULL; | ||
34 | -- | ||
35 | 1.7.9.5 | ||
36 | |||
diff --git a/recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb b/recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb new file mode 100644 index 0000000..caf96f1 --- /dev/null +++ b/recipes-security/openvas-libraries/openvas-libraries_6.0.0.bb | |||
@@ -0,0 +1,14 @@ | |||
1 | DESCRIPTION = "This is the libraries module for the Open Vulnerability Assessment System (OpenVAS)." | ||
2 | SECTION = "security" | ||
3 | LICENSE = "GPL-2.0" | ||
4 | LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" | ||
5 | |||
6 | DEPENDS = "bison flex gpgme glib-2.0" | ||
7 | |||
8 | SRC_URI = "http://wald.intevation.org/frs/download.php/1303/${PN}-${PV}.tar.gz \ | ||
9 | file://g_type_init.patch" | ||
10 | |||
11 | SRC_URI[md5sum] = "0e8b73ee4ad5b36984b5d7be5d6bdfc0" | ||
12 | SRC_URI[sha256sum] = "50d23afd46f7b49c4cb82a6500b0fe1fb53378af5efce95fd275ea33c879e1dd" | ||
13 | |||
14 | inherit cmake pkgconfig | ||
diff --git a/recipes-security/curses-perl/curses-perl_1.28.bb b/recipes-security/perl/curses-perl_1.28.bb index 5984ca7..5984ca7 100644 --- a/recipes-security/curses-perl/curses-perl_1.28.bb +++ b/recipes-security/perl/curses-perl_1.28.bb | |||
diff --git a/recipes-security/perl/env-perl_1.04.bb b/recipes-security/perl/env-perl_1.04.bb new file mode 100644 index 0000000..4aeba4f --- /dev/null +++ b/recipes-security/perl/env-perl_1.04.bb | |||
@@ -0,0 +1,25 @@ | |||
1 | DESCRIPTION = "This package contains the Env.pm \ | ||
2 | perl module that imports environment variables as scalars or arrays" | ||
3 | |||
4 | SECTION = "libs" | ||
5 | LICENSE = "Artistic-1.0 | GPL-1.0+" | ||
6 | |||
7 | LIC_FILES_CHKSUM = "file://LICENSE;md5=76c1cbf18db56b3340d91cb947943bd3" | ||
8 | |||
9 | SRC_URI[md5sum] = "fdba5c0690e66972c96fee112cf5f25c" | ||
10 | SRC_URI[sha256sum] = "d94a3d412df246afdc31a2199cbd8ae915167a3f4684f7b7014ce1200251ebb0" | ||
11 | |||
12 | DEPENDS += "perl" | ||
13 | |||
14 | SRC_URI = "http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/Env-${PV}.tar.gz" | ||
15 | |||
16 | S = "${WORKDIR}/Env-${PV}" | ||
17 | |||
18 | EXTRA_CPANFLAGS = "EXPATLIBPATH=${STAGING_LIBDIR} EXPATINCPATH=${STAGING_INCDIR}" | ||
19 | |||
20 | inherit cpan | ||
21 | |||
22 | do_compile() { | ||
23 | export LIBC="$(find ${STAGING_DIR_TARGET}/${base_libdir}/ -name 'libc-*.so')" | ||
24 | cpan_do_compile | ||
25 | } | ||
diff --git a/recipes-security/lib-perl/lib-perl_0.63.bb b/recipes-security/perl/lib-perl_0.63.bb index 606ecfb..606ecfb 100644 --- a/recipes-security/lib-perl/lib-perl_0.63.bb +++ b/recipes-security/perl/lib-perl_0.63.bb | |||
diff --git a/recipes-security/redhat-security/redhat-security_1.0.bb b/recipes-security/redhat-security/redhat-security_1.0.bb index edab390..442688b 100644 --- a/recipes-security/redhat-security/redhat-security_1.0.bb +++ b/recipes-security/redhat-security/redhat-security_1.0.bb | |||
@@ -1,3 +1,4 @@ | |||
1 | SUMMARY = "redhat security tools" | ||
1 | DESCRIPTION = "Tools used by redhat linux distribution for security checks" | 2 | DESCRIPTION = "Tools used by redhat linux distribution for security checks" |
2 | SECTION = "security" | 3 | SECTION = "security" |
3 | LICENSE = "GPLv2" | 4 | LICENSE = "GPLv2" |
@@ -21,18 +22,18 @@ SRC_URI = "file://find-chroot-py.sh \ | |||
21 | S = "${WORKDIR}" | 22 | S = "${WORKDIR}" |
22 | 23 | ||
23 | do_install() { | 24 | do_install() { |
24 | install -d ${D}${bindir} | 25 | install -d ${D}${bindir} |
25 | install -m 0755 ${WORKDIR}/find-chroot-py.sh ${D}${bindir} | 26 | install -m 0755 ${WORKDIR}/find-chroot-py.sh ${D}${bindir} |
26 | install -m 0755 ${WORKDIR}/find-chroot.sh ${D}${bindir} | 27 | install -m 0755 ${WORKDIR}/find-chroot.sh ${D}${bindir} |
27 | install -m 0755 ${WORKDIR}/find-elf4tmp.sh ${D}${bindir} | 28 | install -m 0755 ${WORKDIR}/find-elf4tmp.sh ${D}${bindir} |
28 | install -m 0755 ${WORKDIR}/find-execstack.sh ${D}${bindir} | 29 | install -m 0755 ${WORKDIR}/find-execstack.sh ${D}${bindir} |
29 | install -m 0755 ${WORKDIR}/find-hidden-exec.sh ${D}${bindir} | 30 | install -m 0755 ${WORKDIR}/find-hidden-exec.sh ${D}${bindir} |
30 | install -m 0755 ${WORKDIR}/find-nodrop-groups.sh ${D}${bindir} | 31 | install -m 0755 ${WORKDIR}/find-nodrop-groups.sh ${D}${bindir} |
31 | install -m 0755 ${WORKDIR}/find-sh4errors.sh ${D}${bindir} | 32 | install -m 0755 ${WORKDIR}/find-sh4errors.sh ${D}${bindir} |
32 | install -m 0755 ${WORKDIR}/find-sh4tmp.sh ${D}${bindir} | 33 | install -m 0755 ${WORKDIR}/find-sh4tmp.sh ${D}${bindir} |
33 | install -m 0755 ${WORKDIR}/lib-bin-check.sh ${D}${bindir} | 34 | install -m 0755 ${WORKDIR}/lib-bin-check.sh ${D}${bindir} |
34 | install -m 0755 ${WORKDIR}/rpm-chksec.sh ${D}${bindir} | 35 | install -m 0755 ${WORKDIR}/rpm-chksec.sh ${D}${bindir} |
35 | install -m 0755 ${WORKDIR}/rpm-drop-groups.sh ${D}${bindir} | 36 | install -m 0755 ${WORKDIR}/rpm-drop-groups.sh ${D}${bindir} |
36 | install -m 0755 ${WORKDIR}/selinux-check-devices.sh ${D}${bindir} | 37 | install -m 0755 ${WORKDIR}/selinux-check-devices.sh ${D}${bindir} |
37 | install -m 0755 ${WORKDIR}/selinux-ls-unconfined.sh ${D}${bindir} | 38 | install -m 0755 ${WORKDIR}/selinux-ls-unconfined.sh ${D}${bindir} |
38 | } | 39 | } |