From: Scott Murray <scott.murray@konsulko.com>
To: yocto-patches@lists.yoctoproject.org
Cc: Marta Rybczynska <marta.rybczynska@ygreky.com>
Subject: [meta-security][PATCH 00/15] Assorted fixes
Date: Thu, 16 Oct 2025 17:21:59 -0400 [thread overview]
Message-ID: <cover.1760648348.git.scott.murray@konsulko.com> (raw)
This patch series rolls up contributed patches from the past few weeks,
as well as some other fixes and cleanup. I intend to merge these to
master branch at end of day Monday unless there are objections.
On top of the contributed patches, there are some build fixes from Marta
that have gotten us to a working state with CI, and some hopefully
non-controversial recipe removals from myself. The recipes in question
have been disabled for at least two years, and there has been no obvious
interest in them in that period. I have worked up a list of a few more
recipes that were not getting tested in the CI testing that are broken
atm, some of those may be next in line for removal if there's not a path
to a simple fix via an upgrade.
On another note, now that CI automation is working well, my thinking is
that going forward I may usually just post a list of commits queued on
master-next rather than these full patch series, as it's not clear the
duplication of contributed patches provides much value. If you have a
strong desire to still see these explicit patch series instead, please
reply to indicate that.
Scott
Changes:
Clayton Casciato (2):
suricata: populate SYSTEMD_SERVICE for service autostart
suricata-update: add package to pull files
Marta Rybczynska (5):
kas: use repo name
lynis: move to GitHub fetching
chipsec: update to 1.13.16
chipsec: disable until 6.16 support is fixed
test: allow root login for test images
Scott Murray (5):
tripwire: Remove recipe
libest: Remove recipe
paxctl: Remove recipe
packagegroup-core-security: update for recent changes
meta-tpm: Small maintainers fix
Yi Zhao (3):
python3-fail2ban: fix ptest failures
python3-fail2ban: update to latest git rev
libmhash: fix build with gcc 15
.../include/maintainers-meta-security.inc | 2 -
docs/overview.txt | 27 -
.../fail2ban/python3-fail2ban_git.bb | 12 +-
kas/kas-security-base.yml | 2 +-
kas/qemux86-test.yml | 1 +
lib/oeqa/runtime/cases/tripwire.py | 47 -
.../distro/include/maintainers-meta-tpm.inc | 1 -
recipes-compliance/lynis/lynis_3.1.5.bb | 6 +-
.../packagegroup-core-security.bb | 20 +-
.../suricata/python3-suricata-update_1.3.6.bb | 15 +
recipes-ids/suricata/suricata_7.0.0.bb | 1 +
recipes-ids/tripwire/files/run-ptest | 3 -
recipes-ids/tripwire/files/tripwire.cron | 8 -
recipes-ids/tripwire/files/tripwire.sh | 9 -
recipes-ids/tripwire/files/tripwire.txt | 69 -
recipes-ids/tripwire/files/twcfg.txt | 15 -
recipes-ids/tripwire/files/twinstall.sh | 320 -----
recipes-ids/tripwire/files/twpol-yocto.txt | 1107 -----------------
recipes-ids/tripwire/tripwire_2.4.3.7.bb | 75 --
.../{chipsec_1.9.1.bb => chipsec_1.13.16.bb} | 4 +-
recipes-security/libest/libest_3.2.0.bb | 28 -
recipes-security/libmhash/libmhash_0.9.9.9.bb | 2 +
...ckage-error-if-DESTDIR-is-set-to-usr.patch | 26 -
recipes-security/paxctl/paxctl_0.9.bb | 40 -
24 files changed, 47 insertions(+), 1793 deletions(-)
delete mode 100644 lib/oeqa/runtime/cases/tripwire.py
create mode 100644 recipes-ids/suricata/python3-suricata-update_1.3.6.bb
delete mode 100644 recipes-ids/tripwire/files/run-ptest
delete mode 100644 recipes-ids/tripwire/files/tripwire.cron
delete mode 100644 recipes-ids/tripwire/files/tripwire.sh
delete mode 100644 recipes-ids/tripwire/files/tripwire.txt
delete mode 100644 recipes-ids/tripwire/files/twcfg.txt
delete mode 100644 recipes-ids/tripwire/files/twinstall.sh
delete mode 100644 recipes-ids/tripwire/files/twpol-yocto.txt
delete mode 100644 recipes-ids/tripwire/tripwire_2.4.3.7.bb
rename recipes-security/chipsec/{chipsec_1.9.1.bb => chipsec_1.13.16.bb} (90%)
delete mode 100644 recipes-security/libest/libest_3.2.0.bb
delete mode 100644 recipes-security/paxctl/paxctl/0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch
delete mode 100644 recipes-security/paxctl/paxctl_0.9.bb
--
2.51.0
next reply other threads:[~2025-10-16 21:22 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-16 21:21 Scott Murray [this message]
2025-10-16 21:22 ` [meta-security][PATCH 01/15] kas: use repo name Scott Murray
2025-10-17 4:14 ` [yocto-patches] " Marta Rybczynska
[not found] ` <e1d64ff2-80b7-4a99-8329-0d227199032f@ygreky.com>
2025-10-17 14:29 ` Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 02/15] lynis: move to GitHub fetching Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 03/15] chipsec: update to 1.13.16 Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 04/15] chipsec: disable until 6.16 support is fixed Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 05/15] test: allow root login for test images Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 06/15] python3-fail2ban: fix ptest failures Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 07/15] python3-fail2ban: update to latest git rev Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 08/15] suricata: populate SYSTEMD_SERVICE for service autostart Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 09/15] suricata-update: add package to pull files Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 10/15] libmhash: fix build with gcc 15 Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 11/15] tripwire: Remove recipe Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 12/15] libest: " Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 13/15] paxctl: " Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 14/15] packagegroup-core-security: update for recent changes Scott Murray
2025-10-16 21:22 ` [meta-security][PATCH 15/15] meta-tpm: Small maintainers fix Scott Murray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1760648348.git.scott.murray@konsulko.com \
--to=scott.murray@konsulko.com \
--cc=marta.rybczynska@ygreky.com \
--cc=yocto-patches@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.