From 2daf84b2d486da0b21344da999553c8fa1228195 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 31 Mar 2023 09:57:23 -0500 Subject: subtree updates: raspberrypi security arm meta-arm: eb9c47a4e1..9b6c8c95e4: Abdellatif El Khlifi (1): CI: append classes to INHERIT in the common fvp.yml Adam Johnston (1): arm-bsp/linux-yocto: Update N1SDP PCI quirk patch Jon Mason (10): CI: add yml files for defaults CI: add support for dev kernel, rt kernel, and poky-tiny arm-bsp/fvp-base: update to u-boot 2023.01 arm-bsp/fvp-base-arm32: remove support ci: add external-toolchain to qemuarm-secureboot arm-bsp/optee: remove unused recipes arm/optee: optee-os include cleanup arm/optee-os: update to 3.20.0 arm/edk2: update version and relocate edk2-basetools to be with edk2 arm-bsp/fvp-base: Add edk2 build testing Ross Burton (7): arm-bsp/linux-arm64-ack: update Upstream-Status tags CI: add CI_CLEAN_REPOS variable to allow cleaning the repo reference cache arm/scp-firmware: fix up whitespace arm/scp-firmware: enable verbose builds arm/scp-firmware: remove textrel from INSANE_SKIP arm/scp-firmware: improve debug packaging CI: mask poky's llvm if we're using clang Rui Miguel Silva (1): arm-bsp/optee: bump corstone1000 to v3.20 Satish Kumar (1): arm-bsp/corstone1000: new gpt based disk layout and fwu metadata Xueliang Zhong (1): arm-bsp/n1sdp: update to linux yocto kernel 6.1 meta-security: c06b9a18a6..a397a38ed9: Armin Kuster (16): openscap: update to 1.3.6 openscap: update to 1.3.7 openscap git: add DEFAULT_PREFERENCE python3-fail2ban: update to 1.0.2 python3-privacyidea: update to 3.8.1 libhtp: update to 0.5.42 lkrg-modules: update to 0.9.6 chkrootkit: update to 0.57 fscrypt: update to 1.1.0 libmspack: update to 1.11 firejail: update 0.9.72 suricata: update to 6.0.10 apparmor: update to 3.1.3 krill: update 0.12.3 cryptmout: update to 6.2.0 packagegroup-core-security: refactor the inclusion of krill Eero Aaltonen (1): dm-verity-img.bbclass: fix syntax warning Jose Quaresma (3): meta-hardening/layer: lower the priority from 10 to 6 meta-security-compliance/layer: lower the priority from 10 to 6 meta-tpm/layer: lower the priority from 10 to 6 Kevin Hao (1): dm-verity-img.bbclass: Fix the hash offset alignment issue Mikko Rapeli (1): ima-evm-utils: disable documentation from build Paul Gortmaker (3): dm-verity: update beaglebone wic to match meta-yocto dm-verity: add basic non-arch/non-BSP yocto specific settings dm-verity: document board specifics for Beaglebone Black Peter Marko (1): tpm2-tss: correct CVE product meta-raspberrypi: e15b876155..3afdbbf782: Carlos Alberto Lopez Perez (1): mesa-demos: enable build with userland graphics drivers. Khem Raj (6): linux-raspberrypi: Add recipes for 6.1 kernel psplash: Make psplash wait for the framebuffer to be ready rpi-default-versions: Use 6.1 kernel as default gstreamer1.0-plugins-bad: Drop gpl packageconfig rpidistro-ffmpeg: Pin to use gcc always rpidistro-vlc: Fix build with clang16 Signed-off-by: Andrew Geissler Change-Id: Ie6e60085306d31972098b87738eb550e5140b92a --- .../fail2ban/python3-fail2ban_0.11.2.bb | 62 ---------------------- .../fail2ban/python3-fail2ban_1.0.2.bb | 62 ++++++++++++++++++++++ .../mfa/python3-privacyidea_3.7.4.bb | 38 ------------- .../mfa/python3-privacyidea_3.8.1.bb | 38 +++++++++++++ 4 files changed, 100 insertions(+), 100 deletions(-) delete mode 100644 meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb create mode 100644 meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb delete mode 100644 meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb create mode 100644 meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb (limited to 'meta-security/dynamic-layers') diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb deleted file mode 100644 index 1f55267f59..0000000000 --- a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb +++ /dev/null @@ -1,62 +0,0 @@ -SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." -DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ -many failed login attempts. It does this by updating system firewall rules to reject new \ -connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ -out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ -and is easy to configure to read any log file you choose, for any error you choose." -HOMEPAGE = "http://www.fail2ban.org" - -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" - -DEPENDS = "python3-native" - -SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64" -SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \ - file://initd \ - file://run-ptest \ -" - -UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" - -inherit update-rc.d ptest setuptools3_legacy - -S = "${WORKDIR}/git" - -do_compile () { - cd ${S} - - #remove symlink to python3 - # otherwise 2to3 is run against it - rm -f bin/fail2ban-python - - ./fail2ban-2to3 -} - -do_install:append () { - rm -f ${D}/${bindir}/fail2ban-python - install -d ${D}/${sysconfdir}/fail2ban - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server - chown -R root:root ${D}/${bindir} - rm -rf ${D}/run -} - -do_install_ptest:append () { - install -d ${D}${PTEST_PATH} - install -d ${D}${PTEST_PATH}/bin - sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest - install -D ${S}/bin/* ${D}${PTEST_PATH}/bin - rm -f ${D}${PTEST_PATH}/bin/fail2ban-python -} - - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "fail2ban-server" -INITSCRIPT_PARAMS = "defaults 25" - -INSANE_SKIP:${PN}:append = "already-stripped" - -RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify" -RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" -RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb new file mode 100644 index 0000000000..9379494903 --- /dev/null +++ b/meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb @@ -0,0 +1,62 @@ +SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." +DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ +many failed login attempts. It does this by updating system firewall rules to reject new \ +connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ +out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ +and is easy to configure to read any log file you choose, for any error you choose." +HOMEPAGE = "http://www.fail2ban.org" + +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" + +DEPENDS = "python3-native" + +SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120" +SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ + file://initd \ + file://run-ptest \ + " + +UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" + +inherit update-rc.d ptest setuptools3_legacy + +S = "${WORKDIR}/git" + +do_compile () { + cd ${S} + + #remove symlink to python3 + # otherwise 2to3 is run against it + rm -f bin/fail2ban-python + + ./fail2ban-2to3 +} + +do_install:append () { + rm -f ${D}/${bindir}/fail2ban-python + install -d ${D}/${sysconfdir}/fail2ban + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + chown -R root:root ${D}/${bindir} + rm -rf ${D}/run +} + +do_install_ptest:append () { + install -d ${D}${PTEST_PATH} + install -d ${D}${PTEST_PATH}/bin + sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest + install -D ${S}/bin/* ${D}${PTEST_PATH}/bin + rm -f ${D}${PTEST_PATH}/bin/fail2ban-python +} + + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "fail2ban-server" +INITSCRIPT_PARAMS = "defaults 25" + +INSANE_SKIP:${PN}:append = "already-stripped" + +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify" +RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" +RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb deleted file mode 100644 index b6a0e06314..0000000000 --- a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.4.bb +++ /dev/null @@ -1,38 +0,0 @@ -SUMMARY = "identity, multifactor authentication (OTP), authorization, audit" -DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications." - -HOMEPAGE = "http://www.privacyidea.org/" -LICENSE = "AGPL-3.0-only" -LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55" - -PYPI_PACKAGE = "privacyIDEA" -SRC_URI[sha256sum] = "187b6aa61f8b27e1972512123c8295ea6d2501b3d90d975d4603e753f146b50c" - -inherit pypi setuptools3 - -do_install:append () { - rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests -} - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "--system privacyidea" -USERADD_PARAM:${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \ - --shell /bin/false privacyidea" - -FILES:${PN} += " ${prefix}/etc/privacyidea/* ${prefix}/lib/privacyidea/*" - -RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils" - -RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt" -RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet" -RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml" -RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate" -RDEPENDS:${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned" -RDEPENDS:${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress" -RDEPENDS:${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako" -RDEPENDS:${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow" -RDEPENDS:${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql" -RDEPENDS:${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg" -RDEPENDS:${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa" -RDEPENDS:${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve " -RDEPENDS:${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug" diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb new file mode 100644 index 0000000000..8bb88f1d1c --- /dev/null +++ b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.8.1.bb @@ -0,0 +1,38 @@ +SUMMARY = "identity, multifactor authentication (OTP), authorization, audit" +DESCRIPTION = "privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications." + +HOMEPAGE = "http://www.privacyidea.org/" +LICENSE = "AGPL-3.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55" + +PYPI_PACKAGE = "privacyIDEA" +SRC_URI[sha256sum] = "e0dae763575c6300ccaebe6dcc8d3f119cb3e25c11302b1e78a96a12e8ab2b38" + +inherit pypi setuptools3 + +do_install:append () { + rm -fr ${D}${libdir}/${PYTHON_DIR}/site-packages/tests +} + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system privacyidea" +USERADD_PARAM:${PN} = "--system -g privacyidea -o -r -d /opt/${BPN} \ + --shell /bin/false privacyidea" + +FILES:${PN} += " ${prefix}/etc/privacyidea/* ${prefix}/lib/privacyidea/*" + +RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils" + +RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt" +RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet" +RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml" +RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate" +RDEPENDS:${PN} += "python3-flask-script python3-flask-sqlalchemy python3-flask-versioned" +RDEPENDS:${PN} += "python3-future python3-httplib2 python3-huey python3-idna python3-ipaddress" +RDEPENDS:${PN} += "python3-itsdangerous python3-jinja2 python3-ldap python3-lxml python3-mako" +RDEPENDS:${PN} += "python3-markupsafe python3-netaddr python3-oauth2client python3-passlib python3-pillow" +RDEPENDS:${PN} += "python3-pyasn1 python3-pyasn1-modules python3-pycparser python3-pyjwt python3-pymysql" +RDEPENDS:${PN} += "python3-pyopenssl python3-pyrad python3-dateutil python3-editor python3-gnupg" +RDEPENDS:${PN} += "python3-pytz python3-pyyaml python3-qrcode python3-redis python3-requests python3-rsa" +RDEPENDS:${PN} += "python3-six python3-smpplib python3-soupsieve python3-soupsieve " +RDEPENDS:${PN} += "python3-sqlalchemy python3-sqlsoup python3-urllib3 python3-werkzeug" -- cgit v1.2.3