summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* trousers: set precise BSD licenseArmin Kuster2021-09-151-1/+1
| | | | | | "BSD" is ambiguous, use the precise licenses BSD-3-Clause Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryfs: drop recipeArmin Kuster2021-09-151-10/+0
| | | | | | it was accidently pushed and is incmomplete Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: 2.5.1 -> 2.5.2Kai Kang2021-09-102-1/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | SSSD 2.5.2 Highlights * General information - originalADgidNumber attribute in the SSSD cache is now indexed * New features - Debug messages in data provider include a unique request ID that can be used to track the request from its start to its end (requires libtevent >= 0.11.0) * Important fixes - Update large files in the files provider in batches to avoid timeouts * Configuration changes - Add new config option fallback_to_nss Full release notes: * https://sssd.io/release-notes/sssd-2.5.2.html And backport patch to fix CVE-2021-3621. CVE: CVE-2021-3621 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-img.bbclass: Expose --data-block-size for configurationChrister Fletcher2021-09-061-1/+4
| | | | | | | | | | Add DM_VERITY_IMAGE_DATA_BLOCK_SIZE to be able to set the --data-block-size used in veritysetup. Tuning this value effects the performance and size of the resulting image. Signed-off-by: Christer Fletcher <christer.fletcher@inter.ikea.com> Signed-off-by: Paulo Neves <paulo.neves1@inter.ikea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta: Fix typosGeorge Liu2021-08-291-1/+1
| | | | | | | | | Fix the variable spelling errors s/SKIP_META_SECUIRTY_SANITY_CHECK/SKIP_META_SECURITY_SANITY_CHECK Signed-off-by: George Liu <liuxiwei@inspur.com> Acked-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: remove rust layersArmin Kuster2021-08-272-10/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* harden-image-minimal: fix useradd inheritArmin Kuster2021-08-261-5/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: drop meta-rustArmin Kuster2021-08-261-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: drop dynamic-layerArmin Kuster2021-08-261-4/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: rust is in coreArmin Kuster2021-08-269-0/+0
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: Rust is in core nowArmin Kuster2021-08-263-0/+0
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dm-verity-img.bbclass: more overided fixupsArmin Kuster2021-08-261-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: kernel-modsign: Change weak default valueDaiane Angolini2021-08-261-1/+1
| | | | | | | | Assign a weak default value for MODSIGN_KEY_DIR so the other layers can set a default value for them as well. Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: fix mailing lists and a typoMarta Rybczynska2021-08-261-4/+4
| | | | | | | | | | A number of typo fixes: - tmp->tpm in the DISTRO_FEATURES - update the mailing list address as it was out of date - update the distro name in the subject Signed-off-by: Marta Rybczynska <rybczynska@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* README: fix mailing listsMarta Rybczynska2021-08-261-3/+3
| | | | | | | | The address included in the meta-hardening documentation does not work and was changed in other places in 2019. Signed-off-by: Marta Rybczynska <rybczynska@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas: fix DISTRO appendsArmin Kuster2021-08-262-3/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* kas-security-bas: bump conf valueArmin Kuster2021-08-261-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryfs: add new packageArmin Kuster2021-08-261-0/+10
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: only include suricat-ptest if rust is includedArmin Kuster2021-08-011-2/+13
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Update to honisterMartin Jansa2021-08-017-7/+7
| | | | | | | This marks the layers as compatible with honister now they use the new override syntax. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* kas: Convert to new override syntaxArmin Kuster2021-08-015-8/+8
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* dynamix-layers: Convert to new override syntaxArmin Kuster2021-08-014-12/+12
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-compliance: Convert to new override syntaxArmin Kuster2021-08-015-15/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-parsec: Convert to new override syntaxArmin Kuster2021-08-012-9/+9
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security-isafw: Convert to new override syntaxArmin Kuster2021-08-012-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-hardening: Convert to new override syntaxArmin Kuster2021-08-018-11/+11
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-integrity: Convert to new override syntaxArmin Kuster2021-08-0115-28/+28
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm: Convert to new override syntaxArmin Kuster2021-08-0117-106/+106
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Convert to new override syntaxArmin Kuster2021-08-0149-641/+787
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: fix branch name and updateArmin Kuster2021-07-284-10/+10
| | | | | | | They dropped the dev branch for rel. Update to tip. Refresh patches Signed-off-by: Armin Kuster <akuster808@gmail.com>
* krill: Add new pkgArmin Kuster2021-07-283-0/+380
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gitlab-ci.yml: streamline builds matrixArmin Kuster2021-07-285-74/+0
| | | | | | | drop ppc32 builds drop multi builds Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security.bb: fix suricat-ptest inclusionArmin Kuster2021-07-281-2/+1
| | | | | | drop libseccomp ptest Signed-off-by: Armin Kuster <akuster808@gmail.com>
* crowdsec: add pkgArmin Kuster2021-07-281-0/+42
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* add meta-rustArmin Kuster2021-07-281-0/+6
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Drop 4.1.x its EOLArmin Kuster2021-07-2811-1556/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata.inc: exclude ppc in rust versionArmin Kuster2021-07-281-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Do not use clang toolchain in Parsec recipesAnton Antonov2021-07-172-4/+1
| | | | | Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm-tools: fix build issueArmin Kuster2021-07-101-6/+6
| | | | | | | | | | | | This error occurs randomly. /bin/bash: pod2man: command not found [Yocto #14304] minor space/tab cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com> Cc: Ben <koncept1@gmail.com>
* .gitlab-ci.yml: fix qemux86 musl orderArmin Kuster2021-07-101-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* apparmor: use its own initscript and service filesYi Zhao2021-07-107-640/+118
| | | | | | Use initscript and service files provided by apparmor. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* apparmor: upgrade 3.0 -> 3.0.1Yi Zhao2021-07-109-259/+2
| | | | | | | | | | | | Drop backport patches: 0001-apparmor-fix-manpage-order.patch 0001-libapparmor-add-missing-include-for-socklen_t.patch 0002-libapparmor-add-aa_features_new_from_file-to-public-.patch 0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch 0001-aa_status-Fix-build-issue-with-musl.patch 0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
* kas/kas-security-alt.yml: add meta-rustArmin Kuster2021-07-061-0/+5
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.3Armin Kuster2021-07-063-8/+16
| | | | | | | add new crates minor cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 2.5.1Armin Kuster2021-07-042-2/+57
| | | | | | | | See full change log: https://sssd.io/release-notes/sssd-2.5.1.html Including a musl build work around Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework: rename files dirArmin Kuster2021-06-292-1/+1
| | | | | | | Fixes: ERROR: initramfs-framework-1.0-r4 do_fetch: Fetcher failure for URL: 'file://dmverity'. Unable to fetch URL from any source. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-core-security: add sshguardArmin Kuster2021-06-291-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ssshgaurd: add packaageArmin Kuster2021-06-291-0/+11
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* initramfs-framework: fix typo in conditionalArmin Kuster2021-06-291-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack: add 3 cves to allowlistSekine Shigeki2021-06-201-0/+5
| | | | | | | CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 are not for smack of smack-team(https://github.com/smack-team/smack) but other project. Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-07 20:58:39 +0000