<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-security, branch styhead</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2024-11-19T21:13:29+00:00</updated>
<entry>
<title>nmap: Fix off-by-one overflow in the IP protocol table.</title>
<updated>2024-11-19T21:13:29+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2024-10-15T06:19:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=beb0a998f32f16d4a42fb30dff37cdcbcdf7198d'/>
<id>urn:sha1:beb0a998f32f16d4a42fb30dff37cdcbcdf7198d</id>
<content type='text'>
Add patch to fix core dumped error when using "nmap -sO"

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 6a5b26d467c692c3537aaebf9bd088736dc93dc4)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>audit: fix build when systemd is enabled.</title>
<updated>2024-11-19T21:13:24+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-10-13T12:57:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=aa5179a5ddb9f92cd5983244cb0258b5149342af'/>
<id>urn:sha1:aa5179a5ddb9f92cd5983244cb0258b5149342af</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit e68145b00260fc380242cd67579068427e501c10)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>softhsm: add destroyed global access prevention patch</title>
<updated>2024-11-19T21:13:24+00:00</updated>
<author>
<name>Rouven Czerwinski</name>
<email>r.czerwinski@pengutronix.de</email>
</author>
<published>2024-09-27T15:30:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5f76bd19b04336ccad034279ca2e17bb2b7208e3'/>
<id>urn:sha1:5f76bd19b04336ccad034279ca2e17bb2b7208e3</id>
<content type='text'>
Currently softhsm will try to access deleted obejcts due to the order of
atexit handler implementations. Add a patch which adds a global variable
to track whether objects are deleted and prevents access if this is the
case.

This fixes a failure with the signing.bbclass where when signing
multiple fitimage configurations the second signing operation will lead
to a segfault.

Signed-off-by: Rouven Czerwinski &lt;r.czerwinski@pengutronix.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>audit: Fix CVE_PRODUCT</title>
<updated>2024-11-19T21:13:21+00:00</updated>
<author>
<name>Shinji Matsunaga</name>
<email>shin.matsunaga@fujitsu.com</email>
</author>
<published>2024-09-24T06:38:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=489c4380b36442d714d61a99b4d1159aded81118'/>
<id>urn:sha1:489c4380b36442d714d61a99b4d1159aded81118</id>
<content type='text'>
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".

Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&amp;product=audit

In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".

Signed-off-by: Shinji Matsunaga &lt;shin.matsunaga@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>usbguard: Link with libatomic on rv32</title>
<updated>2024-09-17T14:50:22+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-09-17T00:21:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8bbdd8fe2df899c8f49ead491ac2fd36f2ed9ddf'/>
<id>urn:sha1:8bbdd8fe2df899c8f49ead491ac2fd36f2ed9ddf</id>
<content type='text'>
Provides needed atomic intrinsics that compiler needs.

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>nmap: depend on libpcre2 not libpcre</title>
<updated>2024-09-10T16:34:15+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2024-09-10T14:52:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=0249db4dbbcfbd8383288e1bc2979d766d25e87e'/>
<id>urn:sha1:0249db4dbbcfbd8383288e1bc2979d766d25e87e</id>
<content type='text'>
* switched to libpcre2 in:
  https://github.com/nmap/nmap/commit/828ab48764b82d0226e860c73c5dac5b11f77385

* in builds hwere libpcre2 isn't pulled by some other dependency it was failing with:
| service_scan.h:74:10: fatal error: pcre2.h: No such file or directory                                                                                                                                                                       |    74 | #include &lt;pcre2.h&gt;                                                                                                                                                                                                                  |       |          ^~~~~~~~~|

Signed-off-by: Martin Jansa &lt;martin.jansa@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>nmap: Upgrade to 7.95</title>
<updated>2024-09-04T22:35:46+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-09-04T07:12:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=68f542b606d7f4755e050e33d3cd28ac549b399b'/>
<id>urn:sha1:68f542b606d7f4755e050e33d3cd28ac549b399b</id>
<content type='text'>
License-Update: Use full file for checksum ( COPYING -&gt; LICENSE )

Use system libpcre
Drop py3 support patches, its default now

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>bubblewrap: update 0.9.0 -&gt; 0.10.0</title>
<updated>2024-08-21T15:45:47+00:00</updated>
<author>
<name>Markus Volk</name>
<email>f_l_k@t-online.de</email>
</author>
<published>2024-08-21T08:35:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8d0b921fb6ec8e46bd1fc5c5f1f3fcb63a313915'/>
<id>urn:sha1:8d0b921fb6ec8e46bd1fc5c5f1f3fcb63a313915</id>
<content type='text'>
Signed-off-by: Markus Volk &lt;f_l_k@t-online.de&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>audit: upgrade 4.0.1 -&gt; 4.0.2</title>
<updated>2024-08-14T15:15:18+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@windriver.com</email>
</author>
<published>2024-08-14T14:18:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f7e691ff430f05ee958f6d50b5a23e0f74b8588b'/>
<id>urn:sha1:f7e691ff430f05ee958f6d50b5a23e0f74b8588b</id>
<content type='text'>
ChangeLog:
 - Fix musl C builds
 - Many code cleanups
 - Use atomic variables if available for signal related flags
 - Dont rotate audit logs when auditd is in debug mode
 - Fix a couple memory leaks on error paths
 - Correct output when displaying rules with exe/path/dir
 - Fix auparse lookup test to not use the system libaupaurse
 - Improve auparse metrics
 - Update auparse normalizer for recent syscalls
 - Make status report uniform

Drop 0001-Replace-__attribute_malloc__-with-__attribute__-__ma.patch as
the issue has been fixed upstream.

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>usbguard: upgrade 1.1.2 -&gt; 1.1.3</title>
<updated>2024-06-11T22:40:17+00:00</updated>
<author>
<name>Christophe Vu-Brugier</name>
<email>christophe.vu-brugier@seagate.com</email>
</author>
<published>2024-06-11T18:17:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=91274486931089418e59b5f0dcb28f6c472ac881'/>
<id>urn:sha1:91274486931089418e59b5f0dcb28f6c472ac881</id>
<content type='text'>
Drop patch 0001-include-missing-cstdint.patch because it was merged
upstream. See this commit in usbguard:

 * 22b1e08 Fix build for GCC 13 + make GitHub Actions cover build with GCC 13 (#586)

Signed-off-by: Christophe Vu-Brugier &lt;christophe.vu-brugier@seagate.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
