<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/recipes-security, branch scarthgap</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2025-11-24T17:04:14+00:00</updated>
<entry>
<title>libgssglue: switch to use git source</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2024-09-02T06:52:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e3b86a4be1317ed3f09493e01aeb5ce1e31e920c'/>
<id>urn:sha1:e3b86a4be1317ed3f09493e01aeb5ce1e31e920c</id>
<content type='text'>
The 0.8 orig.tar.gz is not in debian mirror any more. In fact, we
really should avoid using orig.tar.gz like this because distros
like debian will just delete those that they don't maintain any more.

Switch to use git source.

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit baaafdf08b7ffb8703618684d571c4766ea3e28e)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>Check for usrmerge before removing /usr/lib</title>
<updated>2024-03-27T16:36:58+00:00</updated>
<author>
<name>Jeremy A. Puhlman</name>
<email>jpuhlman@mvista.com</email>
</author>
<published>2024-03-07T07:04:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=f4ef325fc31e530f7aa73e0fd94f572a48747a68'/>
<id>urn:sha1:f4ef325fc31e530f7aa73e0fd94f572a48747a68</id>
<content type='text'>
Signed-off-by: Jeremy A. Puhlman &lt;jpuhlman@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>libgssglue: update to 0.8</title>
<updated>2023-12-29T14:09:30+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-12-13T23:47:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=6cf4d653dcbcd16094638c87a3e3e1c84cf2cbb9'/>
<id>urn:sha1:6cf4d653dcbcd16094638c87a3e3e1c84cf2cbb9</id>
<content type='text'>
LICENSE changed
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>paxctl: Fix do_package QA Issue.</title>
<updated>2023-09-08T16:06:31+00:00</updated>
<author>
<name>Lei Maohui</name>
<email>leimaohui@fujitsu.com</email>
</author>
<published>2023-09-01T01:20:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=830817cc145da0c73204f01bfea891c2271beada'/>
<id>urn:sha1:830817cc145da0c73204f01bfea891c2271beada</id>
<content type='text'>
After usrmerge had been enabled, paxctl has the fowllowing error:
ERROR: paxctl-0.9-r0 do_package: QA Issue: paxctl: Files/directories were installed but not shipped in any package:
  /sbin/paxctl

Signed-off-by: Lei Maohui &lt;leimaohui@fujitsu.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>sshguard: Update to 2.4.3</title>
<updated>2023-08-06T15:31:18+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-07-31T10:27:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=02f285b2769dfe77159e01a78c0d844afc9b7241'/>
<id>urn:sha1:02f285b2769dfe77159e01a78c0d844afc9b7241</id>
<content type='text'>
Changelog: https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>glome: update to tip</title>
<updated>2023-08-06T15:31:18+00:00</updated>
<author>
<name>Luke Granger-Brown</name>
<email>lukegb@google.com</email>
</author>
<published>2023-07-25T14:17:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=21bb5627e0949d7ea72ad7be7add21eafbb5319b'/>
<id>urn:sha1:21bb5627e0949d7ea72ad7be7add21eafbb5319b</id>
<content type='text'>
Markus Rudy (17):
      Use Github TeX Markdown instead of image includes.
      Merge pull request #134 from burgerdev/md-tex
      Merge pull request #135 from vvidic/cli-base64
      RFD 002: public key format at rest (#109)
      Merge pull request #137 from vvidic/hmac
      Merge pull request #138 from vvidic/hmac2
      Update list of supported Python versions
      Install golint instead of 'get'ting it.
      Merge pull request #139 from burgerdev/actions
      Clarify format of public key at rest
      Test all supported config file keys
      Merge pull request #144 from burgerdev/public-key-format
      Fix linter findings for #144
      Use 'release' buildtype for NixOS builds
      Merge pull request #149 from google/l9i/bye-java
      RFD 001: GLOME Login v2 (#102)
      login/v2 implementation for Go (#162)

Philipp Kern (21):
      Merge pull request #133 from google/l9i/pam-fix
      Merge pull request #132 from google/l9i/nix-shell
      Merge pull request #140 from vvidic/defaul-typo
      Merge pull request #142 from vvidic/soversion
      Merge pull request #146 from burgerdev/lint
      Merge pull request #148 from google/dependabot/go_modules/go/golang.org/x/crypto-0.1.0
      Merge pull request #152 from google/l9i/cpplint
      Merge pull request #154 from vvidic/docker-public-key
      Merge pull request #155 from vvidic/prompt-fix
      Insert a slash after url-prefix when writing it into prompt
      Merge pull request #156 from google/url-prefix-compat
      Merge pull request #157 from vvidic/config-order
      State that devices require randomness for the protocol to work
      Update docs/protocol.md
      Merge pull request #158 from google/pkern-patch-1
      Fix error to state "at most" instead of "at least"
      Merge pull request #153 from vvidic/min-tag-length
      Merge pull request #159 from vvidic/host-id-type
      README.md: Codeblock fixups
      Merge branch 'master' into l9i/README
      Merge pull request #141 from google/l9i/README

Piotr Lewandowski (12):
      Fix failing PAM test
      Treat warning as errors
      Define OPENSSL_API_COMPAT to require OpenSSL &gt;=1.1
      Use werror only for CI
      Add nix-shell config for setting up dev environment
      Add GitHub Action workflow for shell.nix
      Add intro and installation steps to README.md
      Address reviewer's comments
      Wrap lines
      Delete Java implementation
      Rename `url-prefix` to `prompt` (#131)
      Add `cpplint` linter

Valentin Vidic (10):
      Update CLI to use base64 instead of hex tags.
      Replace deprecated OpenSSL HMAC API with EVP.
      Replace OpenSSL EVP_DigestSign API with HMAC()
      Fix typo: defaul =&gt; default
      Use project version in library version
      Update Docker scripts for new public key format
      Fix setting of prompt parameter
      Parse command line again after reading the config
      Add config option for minimum authcode length #122
      Add config option for host-id type #122

dependabot[bot] (1):
      Bump golang.org/x/crypto in /go

Signed-off-by: Luke Granger-Brown &lt;lukegb@google.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>firejail: only allow x86-64 and arm64 to build</title>
<updated>2023-07-31T10:18:52+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-06-30T11:16:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=1dd076d3a76f19cb73f5d40e708a042c9a58319a'/>
<id>urn:sha1:1dd076d3a76f19cb73f5d40e708a042c9a58319a</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>*.patch: fix malformed Upstream-Status and SOB lines</title>
<updated>2023-06-25T19:05:28+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2023-06-22T14:35:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=df8a1eb479170277de354b73af31601eb6f583be'/>
<id>urn:sha1:df8a1eb479170277de354b73af31601eb6f583be</id>
<content type='text'>
* as reported by openembedded-core/scripts/contrib/patchreview.py -v .

Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch)
Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch)

Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch)

Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>isic: fine tune Upstream-Status</title>
<updated>2023-06-25T19:05:28+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2023-06-21T23:10:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=2eb05e11c0ca843bcb8e7ca3b17dff60ed2873ab'/>
<id>urn:sha1:2eb05e11c0ca843bcb8e7ca3b17dff60ed2873ab</id>
<content type='text'>
These are changes I did so apply the appropriate label.

Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>*.patch: add Upstream-Status to all patches</title>
<updated>2023-06-25T19:05:28+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>Martin.Jansa@gmail.com</email>
</author>
<published>2023-06-21T10:42:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=ea97a23986d26f9d2b96c157964fdfdf5079ec6c'/>
<id>urn:sha1:ea97a23986d26f9d2b96c157964fdfdf5079ec6c</id>
<content type='text'>
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a

This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).

This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.

This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:

0 (0%)  	meta-parsec
N/A (0%)        meta-hardening
1 (100%)        meta-integrity
15 (68%)        meta-tpm
27 (61%)        meta-security

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
