Age | Commit message (Collapse) | Author | Files | Lines |
|
Anton Antonov (4):
Use libest "main" branch instead of "master".
Add meta-parsec layer into meta-security.
Define secure images with parsec-service and parsec-tool included and add the images into gitlab CI
Clearly define clang toolchain in Parsec recipes
Armin Kuster (16):
packagegroup-core-security: drop clamav-cvd
clamav: upgrade 104.0
python3-privacyidea: upgrade 3.5.1 -> 3.5.2
clamav: fix systemd service install
swtpm: now need python-cryptography, pull in layer
swtpm: file pip3 issue
swtpm: fix check for tscd deamon on host
python3-suricata-update: update to 1.2.1
suricata: update to 6.0.2
layer.conf: add dynamic-layer for rust pkg
README: cleanup
.gitlab-ci.yml: reorder to speed up builds
kas-security-base.yml: tweek build vars
gitlab-ci: fine tune order
clamav: remove rest of mirror.dat ref
lkrg-module: Add Linux Kernel Runtime Guard
Ming Liu (2):
meta: drop IMA_POLICY from policy recipes
initramfs-framework-ima: introduce IMA_FORCE
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ifac35a0d7b7e724f1e30dce5f6634d5d4fc9b5b9
|
|
Armin Kuster (19):
softhsm: drop pkg as meta-oe has it
apparmor: Inherit python3targetconfig
python3-suricata-update: Inherit python3targetconfig
openscap: Inherit python3targetconfig
scap-security-guide: Inherit python3targetconfig
nikito: Update common-licenses references to match new names
kas-security-base.yml: build setting updates
kas-security-base.yml: drop DL_DIR
arpwatch: upgrade 3.0 -> 3.1
checksec: upgrade 2.1.0 -> 2.4.0
ding-libs: upgrade 0.5.0 -> 0.6.1
fscryptctl: upgrade 0.1.0 -> 1.0.0
libseccomp: upgrade 2.5.0 -> 2.5.1
python3-privacyidea: upgrade 3.3 -> 3.5.1
python3-scapy: upgrade 2.4.3 -> 2.4.4
samhain: update to 4.4.3
opendnssec: update to 2.1.8
suricata: update to 4.10.0
python3-fail2ban: update to 0.11.2
Jate Sujjavanich (1):
scap-security-guide: Fix openembedded platform tests and build
Ming Liu (9):
ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
initramfs-framework-ima: fix a wrong path
ima-evm-keys: add recipe
initramfs-framework-ima: RDEPENDS on ima-evm-keys
meta: refactor IMA/EVM sign rootfs
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
initramfs-framework-ima: let ima_enabled return 0
ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
Yi Zhao (1):
ibmswtpm2: disable camellia algorithm
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
|
|
Armin Kuster (2):
samhain: update to 4.4.2
kas-security-base: Don't create local SSTATE mirror
Yi Zhao (3):
suricata: unify volatiles file name
clamav: unify volatiles file name
scap-security-guide: fix build with Python 3.9
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I60c6ba8c22593542165dbd1af0606e01f6473b33
|
|
Adrian (1):
gitignore added
Armin Kuster (31):
kas: build with ptest. remove apparmor
softHSM: add pkg
packagegroup-core-security: add softHSM
libest: add recipe
packagegroup-core-security: add libest package
opendnssec: add recipe
packagegroup-core-security: add opendnssec to pkg grp
gitlab-ci: allow test to fail
libseccomp: fix ptest failures.
packagegroup-core-security-ptest: remove keyutils-ptest
security-test-image: simplify
packagegroup-core-security-ptest: remove
apparmor: fix build issue with ptest enabled.
security-test-image: tweak to get more tests to runn
apparmor: update to 3.0
packagegroup-core-security: apparmor 3.0 ptest does not build
suricata: fix compiling on gcc10
qemux86-test: add apparmor back
apparmor: fix build for on musl
ecryptfs-utils: fix musl build
libest: fix musl build.
sssd: update to latest ltm 1.16.5
packagegroup-core-security: remove clamav from musl image
suricata: update to 4.1.9
kas: fixup alt configs
gitlab-ci: add qemux86 and qemuarm64 musl builds
tpm2-tss: update to 2.4.3
tpm2-totp: update to 0.2.1
tpm2-abrmd: update to 2.3.3
tpm2-tools: update to 4.3.0
tpm2-pkcs11: update to 1.4.0
Mingli Yu (1):
scap-security-guide: add expat-native to DEPENDS
Naveen Saini (3):
initramfs-framework/dmverity: add retry loop for slow boot devices
wic: add wks.in for intel dm-verity
linux-%/5.x: Add dm-verity fragment as needed
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: If3a721fdd99bb6e35c82cf4e7485f06cebaef905
|
|
Armin Kuster (3):
suricata: update to 4.1.8
packagegroup-core-security-ptest: update fail2ban ptest pkg name
isafw.bbclass: typo in layer name
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I1a4a51839d53d75ca7e45ea7b1fdb46a62fe33b9
|
|
Armin Kuster (6):
meta-security: add layer index callouts
meta-security-compliance/conf/layer.conf: fix typo
python3-suricata-update: update to 1.1.1
libhtp: bugfix only update 0.5.32
lib/oeqa/runtime: suricata add tests
suricata: update to 4.1.6
Philip Tricca (1):
tpm2-abrmd: Port command line options to new version.
Trevor Woerner (1):
tpm2-abrmd-init.sh: fix for /dev/tpmrmX
Yi Zhao (1):
libseccomp: upgrade 2.4.1 -> 2.4.2
Change-Id: Ic00ca8ac8ff5d3fbe0b79aa4a42243b197080f14
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Christophe PRIOUZEAU (1):
cryptsetup tpm incubator: fix installed vs shipped
Christopher Larson (3):
checksecurity: use more portable find args
clamav: add tmpfiles.d config
suricata: add tmpfiles.d config
Ming Liu (1):
meta: inherit features_check instead of distro_features_check
Norbert Kaminski (1):
meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES and append EXTRA_OECONF
Change-Id: I51369027c747f12d64adb8dbe0262dfb96937ad1
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Armin Kuster (2):
suricata: fix compile issue
checksec: add missing rdepends to readelf
Change-Id: Ib50c6bd74004c9cb0241bc70f8df5d90f45f5afe
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Armin Kuster (2):
suricata/libhtp: update to 4.1.5/0.5.31
suricata-update: add package to pull rules
Change-Id: I474794e67126b8f197432a06ce76a9fcde842608
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Armin Kuster (11):
python-scapy: drop py2 package
packagegroup-core-security-ptest: only included if ptest is enabled
packagegroup-core-security: update package name
busybox: fix sig changes when layer added
initramfs-framework-ima: correct IMA_POLICY name
apparmor: drop lsb RDEPENDS
openscap: Drop nostamp
scap-security-guide: add depends on openscap-native do_install
cryptsetup-tpm-incubator: fix QA error RDEPENDS
oe-scap: Fix QA RDEPENDS error
suricata: update to 4.1.4
Stefan Agner (1):
libseccomp: build static library always
Change-Id: Ia2f8aec978de4f3d20c13be3c12b70a7badc29d5
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|