<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git, branch wrynose</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=wrynose</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=wrynose'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2026-05-25T14:14:15+00:00</updated>
<entry>
<title>tpm2-pkcs11: upgrade 1.9.1 -&gt; 1.9.2</title>
<updated>2026-05-25T14:14:15+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-05-05T14:13:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c0d1d6200e7a84c39fb940cb1f22aad4b0b3d808'/>
<id>urn:sha1:c0d1d6200e7a84c39fb940cb1f22aad4b0b3d808</id>
<content type='text'>
This contains fix for building native recipe with security flags
enabled:
* https://github.com/tpm2-software/tpm2-pkcs11/commit/be97b21ae641303ce83a8fbb54002701c1aede31

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>samhain: upgrade 4.5.2 -&gt; 4.5.3</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Bin Cao</name>
<email>bin.cao.cn@windriver.com</email>
</author>
<published>2026-05-13T08:57:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=f7d6b118f6e2a1bccc6b863584ca25ba74021c46'/>
<id>urn:sha1:f7d6b118f6e2a1bccc6b863584ca25ba74021c46</id>
<content type='text'>
Update samhain-client, samhain-server, and samhain-standalone to 4.5.3.

Release notes: https://www.la-samhna.de/samhain/archive.html

Signed-off-by: Bin Cao &lt;bin.cao.cn@windriver.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>aide: fix pkg_postinst_ontarget shell script</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>jason.lau</name>
<email>Haitao.Liu@windriver.com</email>
</author>
<published>2026-04-28T09:19:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=18c343e92eb815c9ce0d7401c9d48c70baef7aaa'/>
<id>urn:sha1:18c343e92eb815c9ce0d7401c9d48c70baef7aaa</id>
<content type='text'>
- Fix conditional checks for AIDE_SCAN_POSTINIT and AIDE_RESCAN_POSTINIT:
  '[ 0 ]' always evaluates to true since it's a non-empty string.
  Use string comparison '= "1"' instead.
- Fix invalid use of '&amp;&amp;' inside '[ ]' test brackets. Use separate
  test expressions joined by shell '&amp;&amp;'.

Signed-off-by: Haitao Liu &lt;haitao.liu@windriver.com&gt;
(reworked for 0.19.3, fixed indentation)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>aide-base.bbclass: correct STAGING_AIDE_DIR</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Li Zhou</name>
<email>li.zhou@windriver.com</email>
</author>
<published>2026-04-27T02:48:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e9fb34c51e28de2c11b3aa4dc4fb6425840ed0df'/>
<id>urn:sha1:e9fb34c51e28de2c11b3aa4dc4fb6425840ed0df</id>
<content type='text'>
Fix the typo "aida" to "aide" in STAGING_AIDE_DIR.

Signed-off-by: Li Zhou &lt;li.zhou@windriver.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>arpwatch: fix typos</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@eng.windriver.com</email>
</author>
<published>2026-05-07T15:21:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=05f3f6eb2a4605f27cdea135bb14f27564071852'/>
<id>urn:sha1:05f3f6eb2a4605f27cdea135bb14f27564071852</id>
<content type='text'>
APRWATCH_FROM -&gt; ARPWATCH_FROM
ARPWATH_REPLY -&gt; ARPWATCH_REPLY
CONFFILE_FILES -&gt; CONFFILES:${PN}

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>tpm2-tools: make efivar optional</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-05-07T08:39:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=68d3c150e9834f35d03581695c1afe9fa7f4ecd1'/>
<id>urn:sha1:68d3c150e9834f35d03581695c1afe9fa7f4ecd1</id>
<content type='text'>
Previous commit made this a hard dependency because it's autodetected.
Instead of that, make it configurable so it can be disabled (roughtly
equivalent to behavior before that commit).

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>parsec-service: update TS group name</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2026-05-05T15:44:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=8d6cbaceb3fd51b5f9ea74a1ba7f541ad6e8a5d6'/>
<id>urn:sha1:8d6cbaceb3fd51b5f9ea74a1ba7f541ad6e8a5d6</id>
<content type='text'>
meta-arm recently changed the group name that is used by TS[1], so update
the group name to match.

[1] meta-arm 595cb0f1a0 ("arm/trusted-services: fix udev management in libts")

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>parsec-service: do group membership modifications in useradd</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2026-05-05T15:44:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=57f8a1e92367004bffd7aaac234c1c5db0476dbf'/>
<id>urn:sha1:57f8a1e92367004bffd7aaac234c1c5db0476dbf</id>
<content type='text'>
Instead of calling groupmems after creating the user, we can tell useradd
to do the group membership when creating the user.  There are several
reasons for this:

1) Consolidation of the calls into a single call means creation is atomic,
   it either worked or it did not.
2) The existing logic doesn't work if both TPM and TS were enabled.
3) GROUPMEMS_PARAM is broken in oe-core master[1] and this will not be
   fixed as groupmems has been removed from shadow[2].

Instead, construct a list of groups that parsec needs to be a member of,
and pass them to useradd.

[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=16277
[2] shadow 388ce70 "*/: groupmems(8): Remove program"

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>parsec-service: assign PACKAGECONFIG in one line</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2026-05-05T15:44:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=66c38186baa4275acc3bc28cf0bda467b609acd4'/>
<id>urn:sha1:66c38186baa4275acc3bc28cf0bda467b609acd4</id>
<content type='text'>
By :appending the TPM option we make it impossible for distros to simply
assign to PACKAGECONFIG.

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>meta-parsec: Do not run Parsec CI jobs on 32bit platforms.</title>
<updated>2026-05-18T16:21:05+00:00</updated>
<author>
<name>Anton Antonov</name>
<email>anton.antonov@arm.com</email>
</author>
<published>2026-05-01T16:18:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=7cafc3fe7329d31015848ff70045490780c21ebc'/>
<id>urn:sha1:7cafc3fe7329d31015848ff70045490780c21ebc</id>
<content type='text'>
Signed-off-by: Anton Antonov &lt;Anton.Antonov@arm.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
</feed>
