| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Remove or update S definitions as required to work with oe-core
S/UNPACKDIR changes.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
Fix "CVE_CHECK_IGNORE is deprecated in favor of CVE_STATUS"
https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-CVE_STATUS
Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
| |
v2 : also fix some typos while we are here.
v3 : add fixes for isic and checksecurity
Signed-off-by: Jason Schonberg <schonm@gmail.com>
[removed already applied change]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes python 3.13 support though needed one more patch
which is also submitted upstream. oeqa runtime test
passes on qemuarm and qemuarm64. Did not fix ptest compilation.
Changes:
https://apparmor.net/news/release-4.0.2/
https://gitlab.com/apparmor/apparmor/-/releases/v4.0.3
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
RROR: apparmor-3.1.3-r0 do_package_qa: QA Issue: File /usr/src/debug/apparmor/3.1.3/libraries/libapparmor/swig/perl/libapparmor_wrap.c in package apparmor-src contains reference to TMPDIR [buildpaths]
ERROR: apparmor-3.1.3-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/LibAppArmor/.debug/_LibAppArmor.cpython-312-aarch64-linux-gnu.so in package apparmor-dbg contains reference to TMPDIR [buildpaths]
ERROR: apparmor-3.1.3-r0 do_package_qa: QA Issue: File /usr/lib/perl5/vendor_perl/5.38.2/aarch64-linux/auto/LibAppArmor/.packlist in package apparmor contains reference to TMPDIR [buildpaths]
ERROR: apparmor-3.1.3-r0 do_package_qa: Fatal QA errors were found, failing task.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fatal with gcc-14
tcp-smack-test:
tcp_server.c: In function 'main':
tcp_server.c:50:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
50 | port = atoi(argv[1]);
| ^~~~
tcp_server.c:62:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
62 | if(fsetxattr(sock, attr_in, label_in, strlen(label_in),0) < 0)
| ^~~~~~~~~
udp-smack-test:
udp_client.c: In function 'main':
udp_client.c:52:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
52 | if(fsetxattr(sock, attr, label, strlen(label),0) < 0)
| ^~~~~~~~~
udp_client.c:67:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
67 | close(sock);
| ^~~~~
| pclose
udp_server.c: In function 'main':
udp_server.c:42:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
42 | port = atoi(argv[1]);
| ^~~~
udp_server.c:57:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
57 | if(fsetxattr(sock, attr, label, strlen(label), 0) < 0)
| ^~~~~~~~~
udp_server.c:84:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
84 | close(sock);
| ^~~~~
| pclose
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
${WORKDIR}
* fixes:
Parsing recipes...
ERROR: meta-security/recipes-mac/smack/mmap-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/tcp-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/udp-smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: meta-security/recipes-mac/smack/smack-test_1.0.bb: Using S = ${WORKDIR} is no longer supported
ERROR: Parsing halted due to errors, see error messages above
* see:
https://lists.openembedded.org/g/openembedded-architecture/message/2007
* it's fatal error since:
https://git.openembedded.org/openembedded-core/commit/?h=master&id=32cba1cc916ad530c5e6630a927e74ca6f06289b
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tcp-smack-test:
http://errors.yoctoproject.org/Errors/Details/766925/
tcp_client.c:55:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp-client-tests:
http://errors.yoctoproject.org/Errors/Details/766927/
udp_client.c:41:16: error: implicit declaration of function 'atoi' [-Wimplicit-function-declaration]
udp_client.c:51:12: error: implicit declaration of function 'fsetxattr' [-Wimplicit-function-declaration]
udp_client.c:66:9: error: implicit declaration of function 'close'; did you mean 'pclose'? [-Wimplicit-function-declaration]
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
After usrmerge had been enabled, paxctl has the fowllowing error:
ERROR: ccs-tools-1.8.9-r0 do_package: QA Issue: ccs-tools: Files/directories were installed but not shipped in any package:
/sbin/ccs-init
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There could be some false possitives (the script is far from perfect), so please
test it on your QA, I've only double checked with "git grep" (the script looks
only in parent directory).
@ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh .
./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe
./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe
./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe
./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe
./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe
@ ~/layers/meta-security $ git grep add_armeb_arch.patch
@ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch
@ ~/layers/meta-security $ git grep fix2_libcurl_check.patch
@ ~/layers/meta-security $ git grep postfix_workaround.patch
@ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_signed_issue.patch
@ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_lib_search_path.patch
@ ~/layers/meta-security $ git grep fix_fcntl_h.patch
@ ~/layers/meta-security $ git grep disable_perl_h_check.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* as reported by openembedded-core/scripts/contrib/patchreview.py -v .
Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch)
Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch)
Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch)
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
drop debian patch as the file was dropped upstream.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Fix typo in HOMEPAGE
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Use convert-spdx-licenses.py to update LICENSE in recipes.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
drop to patches no longer needed
use setuptools
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix warning for apparmor:
| WARNING: /path/to/meta-security/recipes-mac/AppArmor/apparmor_3.0.1.bb:
| RDEPENDS:${PN}:remove += is not a recommended operator combination,
| please replace it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Use initscript and service files provided by apparmor.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Drop backport patches:
0001-apparmor-fix-manpage-order.patch
0001-libapparmor-add-missing-include-for-socklen_t.patch
0002-libapparmor-add-aa_features_new_from_file-to-public-.patch
0003-libapparmor-add-_aa_asprintf-to-private-symbols.patch
0001-aa_status-Fix-build-issue-with-musl.patch
0001-parser-Makefile-dont-force-host-cpp-to-detect-reallo.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
| |
|
|
|
|
|
| |
CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 are not for smack of smack-team(https://github.com/smack-team/smack) but other project.
Signed-off-by: Sekine Shigeki <sekine.shigeki@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
skip ptest for now, on todo list for fix.
Runtime test pass
remove patch now included in update: 0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
minor spacing cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ERROR: lib32-ccs-tools-1.8.4-r0 do_install: oe_runmake failed
ERROR: lib32-ccs-tools-1.8.4-r0 do_install: Execution of
'/build-armv8/tmp/work/armv7ahf-neon-mllib32-linux-gnueabi/lib32-ccs-tools/1.8.4-r0/temp/run.do_install.22368'
failed with exit code 1:
make: *** No rule to make target 'install'. Stop.
WARNING: exit code 1 from a shell command.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
manager
The utilities from those packages (xargs, comm) are only used in sysvinit
scripts, and so there is no need to pull them in when systemd is in use.
Both are gpl3 licensed, so this is beneficial for builds where gpl3 is not
allowed.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This avoids "systemd[1]: Configuration file
/lib/systemd/system/apparmor.service is marked executable. Please remove
executable permission bits. Proceeding anyway." on boot.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
fixes Python3.8 configure issues
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
missing xargs and comm
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
distro_features_check has been deprecated in OE.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
exclude arm and aarch64 ptest tasks
[v2&3]
Sent before committing.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
[Yocto # 13568]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Bash is only needed by one not particularly important script,
so not requiring bash is a useful option for builds that
cannot have gpl3 components.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Otherwise, the following occurs:
ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/perl5/vendor_perl/5.30.0/i686-linux/auto/LibAppArmor/LibAppArmor.so)
ERROR: apparmor-2.13.3-r0 do_package: apparmor: Multiple shlib providers for libapparmor.so.1: apparmor, apparmor-ptest (used by files: /home/alexander/development/poky/build-metaoe/tmp/work/core2-32-poky-linux/apparmor/2.13.3-r0/packages-split/apparmor/usr/lib/python3.7/site-packages/LibAppArmor/_LibAppArmor.cpython-37m-i686-linux-gnu.so)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
