<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/dynamic-layers, branch styhead</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=styhead</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=styhead'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2024-08-10T16:42:05+00:00</updated>
<entry>
<title>switch to PEP-517 build backend</title>
<updated>2024-08-10T16:42:05+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-08-10T16:42:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=783c08cb223ff9706d4307933fd86ca2765522d6'/>
<id>urn:sha1:783c08cb223ff9706d4307933fd86ca2765522d6</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>python3-privacyidea: switch to PEP-517 build backend</title>
<updated>2024-08-10T16:25:35+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-08-10T16:25:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=97789e4fad70f8073d8a5602180f8db40baf516d'/>
<id>urn:sha1:97789e4fad70f8073d8a5602180f8db40baf516d</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>fail2ban: update to 1.1.0+</title>
<updated>2024-08-01T01:10:05+00:00</updated>
<author>
<name>Rasmus Villemoes</name>
<email>rasmus.villemoes@prevas.dk</email>
</author>
<published>2024-07-08T13:11:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a2ec4fc27530c3401d4c2ebeb9395e9830c1655c'/>
<id>urn:sha1:a2ec4fc27530c3401d4c2ebeb9395e9830c1655c</id>
<content type='text'>
Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.

fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.

So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.

Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables-&gt;nftables.

Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.

Signed-off-by: Rasmus Villemoes &lt;rasmus.villemoes@prevas.dk&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>bastille: UNPACKDIR fixes</title>
<updated>2024-07-30T00:07:01+00:00</updated>
<author>
<name>Mikko Rapeli</name>
<email>mikko.rapeli@linaro.org</email>
</author>
<published>2024-07-25T09:01:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=f261a2b95a05a5d63a78626a081d635cb44006be'/>
<id>urn:sha1:f261a2b95a05a5d63a78626a081d635cb44006be</id>
<content type='text'>
New poky version uses UNPACKDIR instead of WORKDIR

Signed-off-by: Mikko Rapeli &lt;mikko.rapeli@linaro.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>python3-fail2ban: convert WORKDIR-&gt;UNPACKDIR</title>
<updated>2024-07-30T00:07:01+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-07-28T21:02:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=fce3cf312d3344777986147e624a9f40bdaabb0d'/>
<id>urn:sha1:fce3cf312d3344777986147e624a9f40bdaabb0d</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: Fix CVE-2023-3758</title>
<updated>2024-07-30T00:07:01+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2024-06-28T05:43:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ecdd682b928e648735dc73ab57b3bd8ed419649e'/>
<id>urn:sha1:ecdd682b928e648735dc73ab57b3bd8ed419649e</id>
<content type='text'>
A race condition flaw was found in sssd where the GPO policy is
not consistently applied for authenticated users. This may lead
to improper authorization issues, granting or denying access to
resources inappropriately.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-3758

Upstream-patch:
https://github.com/SSSD/sssd/commit/f4ebe1408e0bc67abfbfb5f0ca2ea13803b36726

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>recipes: WORKDIR -&gt; UNPACKDIR transition</title>
<updated>2024-06-17T12:25:25+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2024-05-28T05:44:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ceb47a8a39c4cec612db63fab573124960f52a8d'/>
<id>urn:sha1:ceb47a8a39c4cec612db63fab573124960f52a8d</id>
<content type='text'>
* WORKDIR -&gt; UNPACKDIR transition
* Switch away from S = WORKDIR

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sssd: remove duplicate option --without-python2-bindings</title>
<updated>2024-06-17T12:25:25+00:00</updated>
<author>
<name>Gael PORTAY</name>
<email>gael.portay@rtone.fr</email>
</author>
<published>2024-05-27T19:05:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0883649439762fd1817263c39e6881d81fc92917'/>
<id>urn:sha1:0883649439762fd1817263c39e6881d81fc92917</id>
<content type='text'>
The option --without-python2-bindings was added twice, by the commit
4375507f39ed4bc62e1304838870be65f3a81460, and then after python2 was
deprecated with the commit 96737082ad20eabcbbaa82b0cacee0d05d50eaab.

This removes the latter.

Signed-off-by: Gaël PORTAY &lt;gael.portay@rtone.fr&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>python3-pyinotify: Make asyncore support optional for Python 3</title>
<updated>2024-03-27T16:36:58+00:00</updated>
<author>
<name>Mingli Yu</name>
<email>mingli.yu@windriver.com</email>
</author>
<published>2024-03-18T06:40:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=283a773f24cedacb45def943a455bc3607f8a7a1'/>
<id>urn:sha1:283a773f24cedacb45def943a455bc3607f8a7a1</id>
<content type='text'>
Simple fix for Python 3.12 since it dropped asyncore. Catches the import
error instead of using a version check so that the user can install the
compatibility package for any uses that can't be upgraded to asyncio or
similar immediately.

Fixes:
 # python3
 Python 3.12.1 (main, Dec 7 2023, 20:45:44) [GCC 13.2.0] on linux
 Type "help", "copyright", "credits" or "license" for more information.
 &gt;&gt;&gt; import pyinotify
 Traceback (most recent call last):
 File "&lt;stdin&gt;", line 1, in &lt;module&gt;
 File "/usr/lib64/python3.12/site-packages/pyinotify.py", line 71, in &lt;module&gt;
 import asyncore
 ModuleNotFoundError: No module named 'asyncore'
 &gt;&gt;&gt;

Signed-off-by: Mingli Yu &lt;mingli.yu@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>meta-security: Drop ${PYTHON_PN}</title>
<updated>2024-03-27T16:36:58+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2024-02-20T16:44:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=4eab875b339a128049061fa34b60f0f2167bd0ca'/>
<id>urn:sha1:4eab875b339a128049061fa34b60f0f2167bd0ca</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;

---
V2] Fix typo in python3-pyinotify changes
</content>
</entry>
</feed>
