From: Scott Murray <scott.murray@konsulko.com>
To: yocto-patches@lists.yoctoproject.org
Cc: Scott Murray <scott.murray@konsulko.com>
Subject: [meta-security][PATCH 00/12] Initial fixes for master branch
Date: Fri, 4 Jul 2025 13:11:04 -0400 [thread overview]
Message-ID: <cover.1751647559.git.scott.murray@konsulko.com> (raw)
Thank you for your patience, this patch series is a start on getting
master branch maintenance back in order, and allowing Marta and myself
to try getting through some resource estimating for the new CI setup.
The focus has been on patches that allow getting through clean builds
of the majority of the build tests in the CI pipeline, which I have done
manually for qemux86-64. We will shake out any other issues as the CI
setup is tested (or reported via the list).
Note that I did pick a few patches from the backlog on the mailing list,
but generally not things that were not build warning or failure fixes.
I did the S/UNPACKDIR changes myself, as I had started on them before
any of patches were posted to the list. Additionally, there are 3
fixes for gcc 15 issues (the libhoth patches will be sent upstream
in the next day or two).
I would ask that you give us a few days before sending (or resending)
patches with any expectation of immediate turnaround. There is still
quite a bit of work to recreate a working CI setup, as well as ensuring
walnascar and scarthgap branches are in a testable state. This series
has been pushed to master-next, and while I'm aware of the US long
weekend holiday, the goal is to merge these changes to master by Monday
afternoon at the latest, as I have some conference travel next week, and
we do need to unblock folks testing against master branch.
Scott
Changes:
Anton Antonov (1):
parsec-service: update PACKAGECONFIG options as lists of cargo build
features
Clayton Casciato (1):
smack: Use new CVE_STATUS variable
J. S. (1):
Fix warning : lack of whitespace around assignment
Marta Rybczynska (4):
scap-security-guide: fix fetch
chkrootkit: use Debian mirror
CI: update build for new CI
.gitlab-ci.yml: add logging of jobs to files
Scott Murray (5):
layer.conf: Update to whinlatter (5.3) release
Adapt to S/UNPACKDIR changes
sshguard: Update to 2.5.1
libhoth: update to latest
chkrootkit: fix building with gcc 15
.gitlab-ci.yml | 45 +++---
conf/layer.conf | 2 +-
.../checksecurity/checksecurity_2.0.16.bb | 5 +-
.../bastille/bastille_3.2.1.bb | 2 +-
.../recipes-security/nikto/nikto_2.1.6.bb | 2 +-
.../python/python3-json2html_1.3.0.bb | 2 +-
.../python/python3-xmldiff_2.7.0.bb | 2 +-
.../fail2ban/python3-fail2ban_git.bb | 2 -
meta-hardening/conf/layer.conf | 2 +-
meta-integrity/conf/layer.conf | 2 +-
meta-parsec/README.md | 4 +-
meta-parsec/conf/layer.conf | 2 +-
.../parsec-service/parsec-service_1.4.1.bb | 15 +-
meta-tpm/conf/layer.conf | 2 +-
meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb | 1 -
meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb | 2 -
.../0001-Fix-building-with-gcc-15.patch | 151 ++++++++++++++++++
...02-Fix-building-without-dbus-backend.patch | 36 +++++
meta-tpm/recipes-tpm1/hoth/libhoth_git.bb | 13 +-
.../openssl-tpm-engine_0.5.0.bb | 2 -
.../recipes-tpm1/pcr-extend/pcr-extend_git.bb | 2 -
.../tpm-quote-tools/tpm-quote-tools_1.0.4.bb | 1 -
.../tpm-tools/tpm-tools_1.3.9.2.bb | 2 -
.../recipes-tpm1/trousers/trousers_git.bb | 2 -
.../ibmswtpm2/ibmswtpm2_183-2024-03-27.bb | 2 +-
.../ibmtpm2tss/ibmtpm2tss_2.2.0.bb | 2 -
.../tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 -
.../recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 2 -
recipes-compliance/openscap/openscap_1.4.1.bb | 2 -
.../scap-security-guide_0.1.76.bb | 9 +-
recipes-ids/aide/aide_0.18.8.bb | 2 +-
recipes-ids/crowdsec/crowdsec_1.1.1.bb | 2 -
recipes-ids/ossec/ossec-hids_3.7.0.bb | 5 +-
recipes-ids/suricata/libhtp_0.5.50.bb | 4 -
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 4 +-
recipes-kernel/lkrg/lkrg-module_0.9.7.bb | 4 +-
recipes-mac/AppArmor/apparmor_4.0.3.bb | 1 -
recipes-mac/ccs-tools/ccs-tools_1.8.9.bb | 4 +-
recipes-mac/smack/mmap-smack-test_1.0.bb | 3 +-
recipes-mac/smack/smack-test_1.0.bb | 3 +-
recipes-mac/smack/smack_1.3.1.bb | 10 +-
recipes-mac/smack/tcp-smack-test_1.0.bb | 3 +-
recipes-mac/smack/udp-smack-test_1.0.bb | 3 +-
recipes-perl/perl/libwhisker2-perl_2.5.bb | 2 +-
recipes-scanners/checksec/checksec_2.6.0.bb | 4 +-
recipes-scanners/clamav/clamav_0.104.4.bb | 1 -
recipes-scanners/rootkits/chkrootkit_0.58b.bb | 7 +-
.../files/0001-Fix-building-with-gcc-15.patch | 39 +++++
recipes-security/Firejail/firejail_0.9.72.bb | 2 -
recipes-security/chipsec/chipsec_1.9.1.bb | 2 -
.../cryptmount/cryptmount_6.2.0.bb | 2 +-
recipes-security/fscrypt/fscrypt_1.1.0.bb | 2 -
.../fscryptctl/fscryptctl_1.1.0.bb | 2 -
recipes-security/glome/glome_git.bb | 1 -
.../google-authenticator-libpam_1.09.bb | 2 -
recipes-security/isic/isic_0.07.bb | 2 +-
recipes-security/krill/krill_0.12.3.bb | 1 -
recipes-security/libest/libest_3.2.0.bb | 2 -
recipes-security/libgssglue/libgssglue_0.9.bb | 2 -
recipes-security/libmspack/libmspack_1.11.bb | 2 +-
recipes-security/ncrack/ncrack_0.7.bb | 2 -
.../redhat-security/redhat-security_1.0.bb | 3 +-
recipes-security/sshguard/sshguard_2.4.3.bb | 11 --
recipes-security/sshguard/sshguard_2.5.1.bb | 11 ++
64 files changed, 319 insertions(+), 151 deletions(-)
create mode 100644 meta-tpm/recipes-tpm1/hoth/libhoth/0001-Fix-building-with-gcc-15.patch
create mode 100644 meta-tpm/recipes-tpm1/hoth/libhoth/0002-Fix-building-without-dbus-backend.patch
create mode 100644 recipes-scanners/rootkits/files/0001-Fix-building-with-gcc-15.patch
delete mode 100644 recipes-security/sshguard/sshguard_2.4.3.bb
create mode 100644 recipes-security/sshguard/sshguard_2.5.1.bb
--
2.50.0
next reply other threads:[~2025-07-04 17:11 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-04 17:11 Scott Murray [this message]
2025-07-04 17:11 ` [meta-security][PATCH 01/12] Fix warning : lack of whitespace around assignment Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 02/12] smack: Use new CVE_STATUS variable Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 03/12] layer.conf: Update to whinlatter (5.3) release Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 04/12] Adapt to S/UNPACKDIR changes Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 05/12] parsec-service: update PACKAGECONFIG options as lists of cargo build features Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 06/12] scap-security-guide: fix fetch Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 07/12] sshguard: Update to 2.5.1 Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 08/12] libhoth: update to latest Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 09/12] chkrootkit: use Debian mirror Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 10/12] chkrootkit: fix building with gcc 15 Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 11/12] CI: update build for new CI Scott Murray
2025-07-04 17:11 ` [meta-security][PATCH 12/12] .gitlab-ci.yml: add logging of jobs to files Scott Murray
2025-11-07 16:35 ` [yocto-patches] [meta-security][PATCH 00/12] Initial fixes for master branch Gyorgy Sarvari
2025-11-08 7:17 ` Marta Rybczynska
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1751647559.git.scott.murray@konsulko.com \
--to=scott.murray@konsulko.com \
--cc=yocto-patches@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.