linux/meta-security.git/dynamic-layers, branch master-next

packagegroup-core-security: remove python3-privacyidea

2026-04-27T18:47:27+00:00

To work around an install conflict between python3-cryptography and python3-pyrad and unblock CI runs, remove python3-privacyidea from the packagegroup dynamic bbappend temporarily. Signed-off-by: Scott Murray

nikto: fix branch

2026-03-07T10:01:43+00:00

Upstream has renamed their master branch to main, adjust SRC_URI to match. Signed-off-by: Scott Murray

sssd: inherit github-releases class

2025-12-22T04:35:47+00:00

Inherit github-releases class to check the correct latest stable verison. Before the patch: $ devtool latest-version sssd INFO: Current version: 2.10.2 INFO: Latest version: After the patch: $ devtool latest-version sssd INFO: Current version: 2.10.2 INFO: Latest version: 2.11.1 Signed-off-by: Yi Zhao

fail2ban: replace fail2ban-python shebang with python3

2025-11-12T19:17:55+00:00

In Yocto, there is only one Python interpreter (python3), and the auto-generated "fail2ban-python" symlink is not used. To ensure all installed scripts can run correctly, replace the shebang line from "#!/usr/bin/env fail2ban-python" to "#!/usr/bin/env python3" during installation. Signed-off-by: Haixiao Yan

fail2ban: Adapt test output to Automake format for ptest compatibility

2025-11-12T19:17:55+00:00

Convert fail2ban-testcases output to follow Automake-compatible format (PASS:/FAIL:) so that ptest-runner can correctly parse and report test results. root@intel-x86-64:~# ptest-runner python3-fail2ban -t 300 START: ptest-runner 2025-09-22T07:57 BEGIN: /usr/lib64/python3-fail2ban/ptest Fail2ban 1.1.1.dev1 test suite. Python 3.12.11 (main, Jun 3 2025, 15:41:47) [GCC 13.4.0]. Please wait... I: Skipping smtp tests: No module named 'smtpd' I: Skipping SSL smtp tests: No module named 'aiosmtpd' PASS: fail2ban.tests.servertestcase.Transmitter.testAction PASS: fail2ban.tests.servertestcase.Transmitter.testAddJail PASS: fail2ban.tests.servertestcase.Transmitter.testDatabase PASS: fail2ban.tests.servertestcase.Transmitter.testDatePattern PASS: fail2ban.tests.servertestcase.Transmitter.testGetNOK PASS: fail2ban.tests.servertestcase.Transmitter.testJailAttemptIP PASS: fail2ban.tests.servertestcase.Transmitter.testJailBanIP ... PASS: fail2ban.tests.servertestcase.TransmitterLogging.testBanTimeIncr PASS: fail2ban.tests.servertestcase.TransmitterLogging.testFlushLogs PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogLevel PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTarget PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTargetSYSLOG PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocket PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocketNOK ============================================================================ Testsuite summary DURATION: 48 END: /usr/lib64/python3-fail2ban/ptest 2025-09-22T07:58 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Haixiao Yan

python3-fail2ban: update to latest git rev

2025-10-08T15:34:14+00:00

Update to latest git rev as the current version doesn't work with OpenSSH 9.8+[1]. Ptest result: $ ptest-runner python3-fail2ban START: ptest-runner 2025-09-21T12:45 BEGIN: /usr/lib64/python3-fail2ban/ptest Ran 538 tests in 13.045s OK (skipped=3) DURATION: 14 END: /usr/lib64/python3-fail2ban/ptest 2025-09-21T12:46 STOP: ptest-runner TOTAL: 1 FAIL: 0 [1] https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d Signed-off-by: Yi Zhao

python3-fail2ban: fix ptest failures

2025-10-08T15:34:14+00:00

Fix ptest failures by backporting patches and updating test case config files. Before the patch: $ ptest-runner python3-fail2ban START: ptest-runner 2025-09-11T15:42 BEGIN: /usr/lib64/python3-fail2ban/ptest Ran 524 tests in 23.023s FAILED (failures=5, errors=7, skipped=3) DURATION: 24 END: /usr/lib64/python3-fail2ban/ptest 2025-09-11T15:42 STOP: ptest-runner TOTAL: 1 FAIL: 1 After the patch: $ ptest-runner python3-fail2ban START: ptest-runner 2025-09-11T15:59 BEGIN: /usr/lib64/python3-fail2ban/ptest Ran 524 tests in 25.982s OK (skipped=3) DURATION: 27 END: /usr/lib64/python3-fail2ban/ptest 2025-09-11T15:59 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Yi Zhao

bastille: prevent host uids on files

2025-07-23T16:45:56+00:00

We get an intermittent QA error about file permissions, happening roughly on 1 build of 10. The change adds chown to prevent host ids on files related to the set_required_questions.py script, to avoid long debugging for now. Signed-off-by: Marta Rybczynska

checksecurity: update the debian package

2025-07-23T16:45:56+00:00

The previously used package (nmu1) is not longer available, use the latest current one (nmu3). The changelog between the two: checksecurity (2.0.16+nmu3) unstable; urgency=medium * Non-maintainer upload. * Fix "missing required debian/rules targets build-arch and/or build- indep": Add targets to debian/rules. (Closes: #999082) * Fix "Removal of obsolete debhelper compat 5 and 6 in bookworm": Bump to 7 in debian/{compat,control}. (Closes: #965448) * Fix some grave packaging errors: - move debhelper from Build-Depends-Indep to Build-Depends - remove temporary files debian/postrm.debhelper and debian/substvars from source package -- gregor herrmann Sun, 26 Dec 2021 01:56:10 +0100 checksecurity (2.0.16+nmu2) unstable; urgency=medium * Non maintainer upload by the Reproducible Builds team. * No source change upload to rebuild on buildd with .buildinfo files. -- Holger Levsen Fri, 01 Jan 2021 19:17:53 +0100 Signed-off-by: Marta Rybczynska

Adapt to S/UNPACKDIR changes

2025-07-04T16:41:20+00:00

Remove or update S definitions as required to work with oe-core S/UNPACKDIR changes. Signed-off-by: Scott Murray