summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tpm2-tss: update to 3.2.0Petr Gotthard2022-04-134-377/+22
| | | | | | | | | This deletes the patches that were unused for a long time, updates the tpm2-tss package and introduces a fix to the version number problem that got introduced with the 3.2.0 version. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-openssl: update to 1.1.0Petr Gotthard2022-04-132-11/+19
| | | | | | | | | | | | | Also, the recipe is fixed to correctly package the openssl provider. This new tpm2-openssl: - Fixed segmentation fault when a signature algorithm is beging initialized without a private key. - Fixed RSA/EC key equality checks. Works with OpenSSL 3.0.1. - Added support for the `TPM2OPENSSL_PARENT_AUTH` environment variable. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: fix missing version numberPetr Gotthard2022-04-131-0/+5
| | | | | | | | Calling autoreconf outside git repo causes the version number to be null. This patch makes the version number fixed. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Upgrade parsec-service to 1.0.0 and parsec-tool to 0.5.2Anton Antonov2022-04-137-344/+351
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscrypt: update dependecy from go-dep-native to go-nativeDavide Gardenal2022-04-071-1/+1
| | | | | Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: add COMPATIBLE_HOST to fix build errorDavide Gardenal2022-04-071-0/+2
| | | | | | | | Add COMPATIBLE_HOST to match what is found in glibc to avoid build error when using musl Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: update to 4.4.7Armin Kuster2022-04-071-2/+2
| | | | | | This fixes musl builds too. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto_security.inc: add lkrg kfragsArmin Kuster2022-04-073-0/+12
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lkrg-module: covert to git fetcherArmin Kuster2022-04-072-8/+8
| | | | | | | | This allows to track tip easier. refresh patch Fix LICENSE to match SPDX format Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix compile issue on some hostsArmin Kuster2022-04-021-0/+7
| | | | | | | | | | Use python3-native to use 2to3 Fix build issue on some hosts with this error: (result, consumed) = self._buffer_decode(data, self.errors, final) | UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd8 in position 152: invalid continuation byte Signed-off-by: Armin Kuster <akuster808@gmail.com>
* LICENSE: adopt SPDX standard namesRobert Yang2022-04-022-2/+2
| | | | | | | Modify LICENSE for ding-libs and libmhash. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security : Use SPDX style licensing formatAshish Sharma2022-04-028-8/+8
| | | | | | | | | | | | | | WARNING: selinux-sandbox-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-gui-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: semodule-utils-3.3-r0.1 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-dbus-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: libwhisker2-perl-2.5-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: lib-perl-0.63-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: libhtp-0.5.39-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: use renamaed python_setuptools_build_metaArmin Kuster2022-04-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-alt: drop rust layerArmin Kuster2022-03-131-5/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: drop old package ref.Armin Kuster2022-03-131-1/+1
| | | | | | | | | meta-python dropped package via commit: 620689d4efba28bc8dd60e2d82908bfb3531fbd0 python3-backports-functional-lru-cache: remove, not needed for Python 3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3Ashish Sharma2022-03-111-1/+1
| | | | | | | | | | | raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.") pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename. Removed build tracker: '/tmp/pip-req-tracker-qnepnk46' ERROR: Failed to pip install wheel. Check the logs. Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-fail2ban: fix SPDX license.Armin Kuster2022-03-111-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: fix user permsArmin Kuster2022-03-111-5/+4
| | | | | | [Yocto #14724] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-tools: Fix pod2man raceArmin Kuster2022-03-111-1/+1
| | | | | | On some systems, pod2man is not available so add native depends. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ima-evm-keys: don't use lnrArmin Kuster2022-03-111-1/+1
| | | | | | | | | | | | lnr is a script in oe-core that creates relative symlinks, with the same behaviour as `ln --relative --symlink`. It was added back in 2014[1] as not all of the supported host distributions at the time shipped coreutils 8.16, the first release with --relative. However the oldest coreutils release in the supported distributions is now 8.22 in CentOS 7, so lnr can be deprecated and users switched to ln. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: update to 0.9.2Armin Kuster2022-03-111-2/+2
| | | | | | includes: CVE-2021-3623 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: update to 0.7.1Armin Kuster2022-03-112-68/+2
| | | | | | | fixes: CVE-2022-23645. Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs Signed-off-by: Armin Kuster <akuster808@gmail.com>
* openscap-daemon: fix wheels and License issues.Armin Kuster2022-03-111-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: update to 3.6.2Armin Kuster2022-03-111-2/+2
| | | | | | Fix license. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-privacyidea: fix QA ERRORArmin Kuster2022-03-111-3/+1
| | | | | | | | | | ERROR: python3-privacyidea-3.5.2-r0 do_package: QA Issue: python3-privacyidea: Files/directories were installed but not shipped in any package: /usr/etc /usr/etc/privacyidea /usr/etc/privacyidea/dictionary /usr/etc/privacyidea/privacyideaapp.wsgi Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-isafw: Fixes to work with oe-core masterAkshay Bhat2022-03-111-2/+1
| | | | | | | | | | Update isafw bbclass to build with oe-core master - prelink support was dropped in oe-core as part of 23c0be78106f - do_populate_cve_db was renamed to do_fetch in oe-core as part of f5f97d33a1703d Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* parsec-service: Only enable TPM is layer and DISTRO_FEATURE is defined.Armin Kuster2022-03-111-1/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: enable apparmor for qemu machineArmin Kuster2022-03-111-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: update to 3.0.4Armin Kuster2022-03-113-130/+2
| | | | | | | drop to patches no longer needed use setuptools Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm: Fix QA ErrorArmin Kuster2022-03-111-1/+0
| | | | | | | | ERROR: packagegroup-security-tpm-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtpm-dbg to libtpms-dbg) ERROR: packagegroup-security-tpm-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtpm to libtpms0) ERROR: packagegroup-security-tpm-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtpm-dev to libtpms-dev) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README.md: fix typoArmin Kuster2022-03-111-1/+1
| | | | | | Fix typo in parsec-tools to parsec-tool Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Upgrade parsec-tool to 0.5.1Anton Antonov2022-02-253-94/+74
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack: Use new CVE_CHECK_IGNORE variableArmin Kuster2022-02-221-3/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* chipsec: fix WARNINGArmin Kuster2022-02-221-1/+1
| | | | | | distutils3.bbclass is deprecated, please use setuptools3.bbclass instead Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Use renamed SKIP_RECIPE varFlagArmin Kuster2022-02-223-3/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Update to use kirkstoneArmin Kuster2022-02-207-7/+7
| | | | | | | Update the layers to use the kirkstone namespace. No compatibility is made for honister due to the variable renaming. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: fix RDEPENDS variablePatrick Williams2022-02-201-1/+1
| | | | | | | | The RDEPENDS variable was misspelled and as a result was never fixed up with the `_${PN}` to `:${PN}` transition. Fix both aspects. Signed-off-by: Patrick Williams <patrick@stwcx.xyz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scap-security-guide: Fix openembedded platform testsAkshay Bhat2022-02-202-0/+31
| | | | | | | | | Update the installed_OS_is_openembedded check to drop the quotes in the VERSION_ID string to match f451c68667cca of openembedded-core. Without this fix, all tests are reported as "notapplicable". Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-hardening: Fix override syntaxAkshay Bhat2022-02-205-8/+8
| | | | | | | | | | Commit 352e6498a missed updating the override syntax for the "harden" distro override. Fixes: 352e6498a ("meta-hardening: Convert to new override syntax") Signed-off-by: Akshay Bhat <akshay.bhat@timesys.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* parsec-service: fix compile issue.Armin Kuster2022-02-201-1/+1
| | | | | | | | | thread 'main' panicked at 'Failed to find tss2-sys library.: Command { command: "\"pkg-config\" \"--libs\" \"--cflags\" \"tss2-sys\" \"tss2-sys >= 2.3.3\"", cause: Os { code: 2, kind: NotFound, message: "No such file or directory" } }', /home/akuster/oss/clean/poky/build/tmp-glibc/work/cortexa57-oe-linux/parsec-service/0.8.1-r0/cargo_home/bitbake/tss-esapi-sys-0.2.0/build.rs:62:10 add inherit pkgconfig Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: update to 3.1.0Armin Kuster2022-02-203-52/+38
| | | | | | Drop 001-configure.ac-fix-compatibility-with-autoconf-2.70.patch which is included in update. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.4Armin Kuster2022-02-042-3/+3
| | | | | | bump lexical-core to 0.6.8 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* lkrg-module: update to 0.9.2Armin Kuster2022-02-042-6/+6
| | | | | | | | | | | see https://github.com/lkrg-org/lkrg Support new stable and mainline kernels 5.14 to at least 5.16-rc* Support new longterm kernels 5.4.118+, 4.19.191+, 4.14.233+ update SRC_URI as location changed. refresh patch. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11_1.7.0: Drop dstat from DPENDSArmin Kuster2022-01-301-1/+1
| | | | | | dstat was removed from meta-oe. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm2.bb: remove dynamic pkgsArmin Kuster2022-01-301-3/+0
| | | | | | | fixes: packagegroup-security-tpm2-1.0-r0 do_package_write_rpm: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libtss2-tcti-device to libtss2-tcti-device0) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: upgrade 4.4.3 -> 4.4.6Yi Zhao2022-01-301-2/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: update to 1.09Armin Kuster2022-01-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm: drop strongswan bbappendsArmin Kuster2021-12-273-51/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: drop strongswan bbappendsArmin Kuster2021-12-272-62/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm2: drop ibmswtpm2Armin Kuster2021-12-271-1/+0
| | | | | | ibmswtpm2 has not been ported to openssl 3 Signed-off-by: Armin Kuster <akuster808@gmail.com>