summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use git fetcher for lynis to fetch older versionssumoStefan Lendl2018-11-271-6/+3
| | | | | | Signed-off-by: Stefan Lendl <ste.lendl@gmail.com> [Minor tweek to add SRCREV] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* CVE-2018-11652 nikto: arbitray OS command injection via http server field.Nagalakshmi Veeramallu2018-07-032-1/+108
| | | | | | | | | | CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* samhain: correct service statusChangqing Li2018-07-031-1/+1
| | | | | | | | | | status get by "systemctl status samhain" is not correct. It is active(exited) now. but actually, there is a dameon running, it should be active(running). so change Type of servive. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix build issue for apparmor when systemd is usedJinliang Li2018-07-031-0/+5
| | | | | | | | When systemd is used as system init manager, there is a build issue complains "can't found apparmor.service". This patch fix it. Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix build issue for apparmor kernel configurationJinliang Li2018-07-031-1/+1
| | | | | | | | | Set the correct path of kernel configuration file in linux-yocto_4.%.bbappend to fix the build issue, which is "Fetcher failure for URL: 'file://apparmor.cfg'. Unable to fetch URL from any source." Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: remove host paths from target filesWenzong Fan2018-05-071-1/+4
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* qemu: remove bb as this option is in coreArmin Kuster2018-05-071-1/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: remove depened on other security layersArmin Kuster2018-04-131-3/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update LLVM version to match coreArmin Kuster2018-04-131-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: only include when pam in DISTRO_FEATURESArmin Kuster2018-04-131-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: refresh patches to fix QA warningYi Zhao2018-04-135-32/+40
| | | | | | | Refresh patches with devtool command. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-*: add LAYERSERIES_COMPAT to layer.conf filesArmin Kuster2018-04-133-0/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain-server: do not extend to nativeJackie Huang2018-03-311-1/+0
| | | | | | | | | No packages depend on samhain-server-native and it doesn't make sense to extend a server package to native, so remove the BBCLASSEXTEND. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: Add missing clamav.service file to SRC_URIJagadeesh Krishnanjanappa2018-03-311-2/+7
| | | | | | | | | | | | | | | | | | | This solves the below error when systemd is used as init manager, -- snip -- ERROR: clamav-0.99.2-r0 do_package: SYSTEMD_SERVICE_clamav value clamav.service does not exist ERROR: clamav-0.99.2-r0 do_package: Function failed: systemd_populate_packages -- snip -- Other issue: * Ship /lib/systemd/system/clamav-freshclam.service into ${PN}-freshclam package, to solve below warning: -- snip -- [10240] WARNING: QA Issue: clamav: Files/directories were installed but not shipped in any package: /lib/systemd/system/clamav-freshclam.service -- snip -- Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: fix a typo in examples/verify3.cJackie Huang2018-03-312-0/+26
| | | | | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: move to wildcard on bbappendArmin Kuster2018-02-184-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: drop dangling dirArmin Kuster2018-02-182-11/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-stable: drop old versions no longer in coreArmin Kuster2018-02-1810-82/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: add new packageArmin Kuster2018-02-181-0/+20
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* yocto-linux/4.9: fix typo in filepathArmin Kuster2018-02-181-1/+1
| | | | | | | | fix idea submitted but Derek Betker <derek.betker@ge.com> [Yocto 12134] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: fix to ship leftover files into packagesJagadeesh Krishnanjanappa2018-02-171-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | While building <mlib>-trousers recipe, the below files are not shipped but has been installed. The patch packages them accordingly. -- snip -- WARNING: lib32-trousers-0.3.14+gitAUTOINC+4b9a70d578-r0 do_package: QA Issue: lib32-trousers: Files/directories were installed but not shipped in any package: /usr/src /usr/src/debug /usr/src/debug/lib32-trousers /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0 /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tcs /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/trspi /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tcsd /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tspi /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/include /usr/src/debug/lib32-trousers/0.3.14+gitAUTOINC+4b9a70d578-r0/git/src/tddl -- snip -- Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2.0-tss: update to 1.3.0Armin Kuster2018-02-141-6/+9
| | | | | | change recipe to PV style Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: update to 1.2.0Armin Kuster2018-02-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2simulator: update to 138Armin Kuster2018-02-141-5/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update to 0.99.3Armin Kuster2018-02-141-5/+2
| | | | | | removed unused hash checksums Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freediameter: remove packageArmin Kuster2018-02-144-493/+0
| | | | | | resides in meta-networking now Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: Update to 1.2.25Armin Kuster2018-02-141-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fail2ban: update to 0.10.2Armin Kuster2018-02-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack: update to 1.3.1Armin Kuster2018-02-141-3/+3
| | | | | | | drop git hash from PV Use master branch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 1.16.0Armin Kuster2018-02-141-4/+5
| | | | | | update some PACKAGECONFIG changes Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scapy: update to 2.3.3Armin Kuster2018-02-142-114/+2
| | | | | | Drop patch included in update. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Update to 2.4.3.6Armin Kuster2018-02-141-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: update to 2.3.3Armin Kuster2018-02-141-3/+1
| | | | | | | | Drop git PV for bb reciped PV. supports 4.15 kernel Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: Allow native buildsJosé Bollo2018-02-061-1/+1
| | | | | | | | | | | When used in native builds, the variable STAGING_DIR_HOST expands to the empty string. This leads 'sed' to an error because the pattern is empty. Using STAGING_DIR instead of STAGING_DIR_HOST allows to use xmlsec1 in native builds with the correct behaviour. Change-Id: I55f40ac2413863c489d4219e0080f7e4e274a6db Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* conf/layer.conf: remove bbclass from BBFILESRobert Yang2018-02-062-2/+2
| | | | | | | Add bbclass to BBFILES doesn't make any sense. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm/libtpm: update to latest masterPatrick Ohly2017-12-105-75/+35
| | | | | | | | | This allows dropping some patches for issues that were addressed upstream. It also brings in support for connecting swtpm to qemu without relying on CUSE. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: remove the path for start-stop-daemonMingli Yu2017-12-103-17/+17
| | | | | | | | | | Remove the absolute path for start-stop-daemon to fix samhain start-up as start-stop-daemon sometimes located in /usr/sbin, not the expected /sbin. Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap: fix build issueArmin Kuster2017-12-101-0/+2
| | | | | | | | | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlopen' | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlsym' | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlerror' | core2-64-oe-linux/openscap/1.2.15-r0/git/src/.libs/libopenscap.so: error: undefined reference to 'dlclose' Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: allow overriding localstatedir mandir sysconfdirAndré Draszik2017-11-062-0/+69
| | | | | | | | | | | | It is currently impossible to override localstatedir, mandir and sysconfdir during ./configure, because they are being overriden unconditionally. With this patch it is now possible to set above locations as needed. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* trousers: make initscript more reliableAndré Draszik2017-11-061-2/+4
| | | | | | | | | | | | | | | | | | | The combination of using start-stop-daemon and pidof is not working reliably in all cases. Sometimes, the tcsd daemon isn't running yet at the time pidof is being invoked. This results in an empty /var/run/tcsd.pid, making it impossible to stop tcsd using the init script. To solve this, one could either add a delay before calling pidof, or alternatively use start-stop-daemon's built-in functionality to achieve the same. Let's do the latter. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscryptctl: add v0.1.0André Draszik2017-10-241-0/+27
| | | | | | | | | | | | | | | | fscryptctl is a low-level tool written in C that handles raw keys and manages policies for Linux filesystem encryption [1]. For a tool that presents a higher level interface and manages metadata, key generation, key wrapping, PAM integration, and passphrase hashing, see fscrypt [2]. [1] https://lwn.net/Articles/639427 [2] https://github.com/google/fscrypt Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscape: fix ptest compile errors and updateArmin Kuster2017-10-151-1/+3
| | | | | | | | | | | update to 1.2.15 plus ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/probes/process58/all.sh contained in package openscap-ptest requires /bin/bash, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps] ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/xmldiff.pl contained in package openscap-ptest requires /usr/bin/perl, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps] ERROR: openscap-1.2.14-r0 do_package_qa: QA Issue: /usr/lib/openscap/ptest/tests/nist/test_worker.py contained in package openscap-ptest requires /usr/bin/python2, but no providers found in RDEPENDS_openscap-ptest? [file-rdeps] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* keynote: update the SRC_URIDengke Du2017-10-101-3/+6
| | | | | | | | | | | | | | The old URL can't be available, give the new URL to keynote. The project already moved to: https://sourceforge.net/projects/keynote-2-3/ The different between old and new tarball was: the old tarball contains doc directory, source codes were same. Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openssl-tpm-engine: add packageArmin Kuster2017-10-106-0/+570
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: add packageArmin Kuster2017-10-103-0/+120
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-quote-tools: Add packageArmin Kuster2017-10-101-0/+23
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pcr-extend: add new packageArmin Kuster2017-10-101-0/+25
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: update with basic infoArmin Kuster2017-10-101-0/+4
| | | | | | needed to pass yocto-check-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: fix cuse dependsArmin Kuster2017-10-101-2/+8
| | | | | | | if cuse is enabled, depend on fuse which is in meta-filesystems throw error is layer is missing. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto/4.12: update path versionArmin Kuster2017-10-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-08 16:52:41 +0000