summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* apparmor: update to 2.12Armin Kuster2018-09-171-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscryptctl: update to tipArmin Kuster2018-09-171-1/+1
| | | | | | fix mkfs.ext4 invocation Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scapy: update to 2.4.0 and covertArmin Kuster2018-09-174-10/+16
| | | | | | convert package to python standard Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fail2ban: update to 10.3.1Armin Kuster2018-09-173-5/+10
| | | | | | covert to python package standard Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 1.16.3Armin Kuster2018-09-171-3/+3
| | | | | | | | | | Includes: CVE-2018-10852 see: https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_3.html Signed-off-by: Armin Kuster <akuster808@gmail.com>
* keyutils: Fix build with usrmergeAlex Kiernan2018-09-171-0/+2
| | | | | | | | | | | | | | Update BINDIR and SBINDIR so keyutils builds with usrmerge ERROR: keyutils-1.5.10-r0 do_package: QA Issue: keyutils: Files/directories were installed but not shipped in any package: /sbin/key.dns_resolver /sbin/request-key /bin/keyctl Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. keyutils: 3 installed and not shipped files. [installed-vs-shipped] Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* keynote: depend on openssl10Yi Zhao2018-09-171-1/+1
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: upgrade 1.2.25 -> 1.2.26Yi Zhao2018-09-013-82/+53
| | | | | | | | | | Drop patch xmlsec1-fix-a-typo-in-examples-verify3.c.patch since the issue had been fixed upstream. Rebase patch change-finding-path-of-nss.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: upgrade 4.2.2 -> 4.2.4Yi Zhao2018-09-014-2/+5
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ecryptfs-utils: fix usrmerge install pathMingli Yu2018-09-011-2/+7
| | | | | | | | | | | | | | | | Update rootsbindir from /sbin to ${base_sbindir} to fix below do_install error when usrmerge enabled in DISTRO_FEATURES | chmod: cannot access '/poky-build/tmp-glibc/work/core2-64-wrs-linux/ecryptfs-utils/111-r0/image/usr/sbin/mount.ecryptfs_private': No such file or directory And pass "--with-pamdir=${base_libdir}/security" to configure script to fix below warning when usrmerge enabled in DISTRO_FEATURES | WARNING: ecryptfs-utils-111-r0 do_package: QA Issue: ecryptfs-utils: Files/directories were installed but not shipped in any package: /lib64/security/pam_ecryptfs.so Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* keynote: add dependency on bison-nativeJoe Slater2018-09-011-1/+1
| | | | | | | bison/yacc is no longer automatically supplied. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: Drop RDEPENDS on bashAlex Kiernan2018-09-011-1/+0
| | | | | | | | Commit ada3eee ("libseccomp: fix rdepends") added RDEPENDS on bash, but this is no longer needed, so drop it. Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update 4.0.5Armin Kuster2018-09-011-9/+15
| | | | | | | | | Fix rules make. Don't allow the makefile to download the rules. Use fetcher add install configs and remove manual intall of those files Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.27Armin Kuster2018-09-012-3/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: rename ${PN}-python to ${PN}-socketcontrolKoen Kooi2018-08-041-2/+2
| | | | | | | This describes the content a lot better. RDEPENDS are still missing, so it's still as non-working as before :/ Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: install and package threshold.configKoen Kooi2018-08-041-0/+2
| | | | | | | | | This fixes the following warning during startup: suricata[24522]: 31/7/2018 -- 13:47:15 - <Warning> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/etc/suricata//threshold.config": No such file or directory Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: install and package rulesKoen Kooi2018-08-041-0/+3
| | | | | | | | | This fixes the following warning during startup: suricata[22707]: 31/7/2018 -- 13:34:40 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 47 rule files specified, but no rule was loaded at all! Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: enable syslog outputKoen Kooi2018-08-041-1/+1
| | | | | | | | | This fixes the following error preventing startup in daemon mode: suricata[20485]: 31/7/2018 -- 13:19:48 - <Error> - [ERRCODE: SC_ERR_MISSING_CONFIG_PARAM(118)] - NO logging compatible with daemon mode selected, suricata won't be able to log. Please update 'logging.outputs' Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricate: create and package logdirKoen Kooi2018-08-041-0/+2
| | | | | | | | | This fixes the following error preventing startup: suricata[18771]: 31/7/2018 -- 13:08:21 - <Error> - [ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" supplied by /etc/suricata/suricata.yaml (default-log-dir) doesn't exist. Shut> Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: add systemd unitKoen Kooi2018-08-042-2/+35
| | | | | | | Based on the debian systemd unit. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: add 'nfq' PACKAGECONFIGKoen Kooi2018-08-041-0/+1
| | | | | | | | For inline IPS nfqueue is nice to have, so add a PACKAGECONFIG entry for it. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: mark config file as CONFFILEKoen Kooi2018-08-041-0/+2
| | | | | | | This preserves user edits during package upgrades. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix packagingKoen Kooi2018-08-041-2/+2
| | | | | | | Move ${PN}-python in front so ${PN} can use default packaging rules. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: don't start service in postinstKoen Kooi2018-08-041-1/+0
| | | | | | | Apart from hardcoding the wrong networking device it won't survive device restart Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* nmap: remove recipe as it is in meta-oe nowArmin Kuster2018-08-043-139/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update postinitArmin Kuster2018-07-071-2/+2
| | | | | | log_check] WARNING: Intentionally failing postinstall scriptlets of ['suricata', 'clamav'] to defer them to first boot is deprecated. Please place them into pkg_postinst_ontarget_${PN} () Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update postinitArmin Kuster2018-07-071-2/+2
| | | | | | [log_check] WARNING: Intentionally failing postinstall scriptlets of ['suricata', 'clamav'] to defer them to first boot is deprecated. Please place them into pkg_postinst_ontarget_${PN} () Signed-off-by: Armin Kuster <akuster808@gmail.com>
* CVE-2018-11652 nikto: arbitray OS command injection via http server field.Nagalakshmi Veeramallu2018-07-032-1/+108
| | | | | | | | | | CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> Reviewed-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* samhain: correct service statusChangqing Li2018-07-031-1/+1
| | | | | | | | | | status get by "systemctl status samhain" is not correct. It is active(exited) now. but actually, there is a dameon running, it should be active(running). so change Type of servive. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Fix build issue for apparmor when systemd is usedJinliang Li2018-06-111-0/+5
| | | | | | | | When systemd is used as system init manager, there is a build issue complains "can't found apparmor.service". This patch fix it. Signed-off-by: Jinliang Li <jinliang.li@linux.alibaba.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: remove host paths from target filesWenzong Fan2018-05-071-1/+4
| | | | | Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update LLVM version to match coreArmin Kuster2018-04-131-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: only include when pam in DISTRO_FEATURESArmin Kuster2018-04-131-1/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: refresh patches to fix QA warningYi Zhao2018-04-135-32/+40
| | | | | | | Refresh patches with devtool command. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain-server: do not extend to nativeJackie Huang2018-03-311-1/+0
| | | | | | | | | No packages depend on samhain-server-native and it doesn't make sense to extend a server package to native, so remove the BBCLASSEXTEND. Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: Add missing clamav.service file to SRC_URIJagadeesh Krishnanjanappa2018-03-311-2/+7
| | | | | | | | | | | | | | | | | | | This solves the below error when systemd is used as init manager, -- snip -- ERROR: clamav-0.99.2-r0 do_package: SYSTEMD_SERVICE_clamav value clamav.service does not exist ERROR: clamav-0.99.2-r0 do_package: Function failed: systemd_populate_packages -- snip -- Other issue: * Ship /lib/systemd/system/clamav-freshclam.service into ${PN}-freshclam package, to solve below warning: -- snip -- [10240] WARNING: QA Issue: clamav: Files/directories were installed but not shipped in any package: /lib/systemd/system/clamav-freshclam.service -- snip -- Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: fix a typo in examples/verify3.cJackie Huang2018-03-312-0/+26
| | | | | Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* google-authenticator-libpam: add new packageArmin Kuster2018-02-181-0/+20
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* clamav: update to 0.99.3Armin Kuster2018-02-141-5/+2
| | | | | | removed unused hash checksums Signed-off-by: Armin Kuster <akuster808@gmail.com>
* freediameter: remove packageArmin Kuster2018-02-144-493/+0
| | | | | | resides in meta-networking now Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: Update to 1.2.25Armin Kuster2018-02-141-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fail2ban: update to 0.10.2Armin Kuster2018-02-141-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* smack: update to 1.3.1Armin Kuster2018-02-141-3/+3
| | | | | | | drop git hash from PV Use master branch Signed-off-by: Armin Kuster <akuster808@gmail.com>
* sssd: update to 1.16.0Armin Kuster2018-02-141-4/+5
| | | | | | update some PACKAGECONFIG changes Signed-off-by: Armin Kuster <akuster808@gmail.com>
* scapy: update to 2.3.3Armin Kuster2018-02-142-114/+2
| | | | | | Drop patch included in update. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tripwire: Update to 2.4.3.6Armin Kuster2018-02-141-2/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libseccomp: update to 2.3.3Armin Kuster2018-02-141-3/+1
| | | | | | | | Drop git PV for bb reciped PV. supports 4.15 kernel Signed-off-by: Armin Kuster <akuster808@gmail.com>
* xmlsec1: Allow native buildsJosé Bollo2018-02-061-1/+1
| | | | | | | | | | | When used in native builds, the variable STAGING_DIR_HOST expands to the empty string. This leads 'sed' to an error because the pattern is empty. Using STAGING_DIR instead of STAGING_DIR_HOST allows to use xmlsec1 in native builds with the correct behaviour. Change-Id: I55f40ac2413863c489d4219e0080f7e4e274a6db Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* samhain: remove the path for start-stop-daemonMingli Yu2017-12-103-17/+17
| | | | | | | | | | Remove the absolute path for start-stop-daemon to fix samhain start-up as start-stop-daemon sometimes located in /usr/sbin, not the expected /sbin. Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* fscryptctl: add v0.1.0André Draszik2017-10-241-0/+27
| | | | | | | | | | | | | | | | fscryptctl is a low-level tool written in C that handles raw keys and manages policies for Linux filesystem encryption [1]. For a tool that presents a higher level interface and manages metadata, key generation, key wrapping, PAM integration, and passphrase hashing, see fscrypt [2]. [1] https://lwn.net/Articles/639427 [2] https://github.com/google/fscrypt Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-28 17:44:16 +0000