mbox series

[meta-security,00/12] Initial fixes for master branch

Message ID cover.1751647559.git.scott.murray@konsulko.com
Headers show
Series Initial fixes for master branch | expand

Message

Scott Murray July 4, 2025, 5:11 p.m. UTC 
Thank you for your patience, this patch series is a start on getting
master branch maintenance back in order, and allowing Marta and myself
to try getting through some resource estimating for the new CI setup.
The focus has been on patches that allow getting through clean builds
of the majority of the build tests in the CI pipeline, which I have done
manually for qemux86-64.  We will shake out any other issues as the CI
setup is tested (or reported via the list).

Note that I did pick a few patches from the backlog on the mailing list,
but generally not things that were not build warning or failure fixes.
I did the S/UNPACKDIR changes myself, as I had started on them before
any of patches were posted to the list.  Additionally, there are 3
fixes for gcc 15 issues (the libhoth patches will be sent upstream
in the next day or two).

I would ask that you give us a few days before sending (or resending)
patches with any expectation of immediate turnaround.  There is still
quite a bit of work to recreate a working CI setup, as well as ensuring
walnascar and scarthgap branches are in a testable state.  This series
has been pushed to master-next, and while I'm aware of the US long
weekend holiday, the goal is to merge these changes to master by Monday
afternoon at the latest, as I have some conference travel next week, and
we do need to unblock folks testing against master branch.

Scott


Changes:

Anton Antonov (1):
  parsec-service: update PACKAGECONFIG options as lists of cargo build
    features

Clayton Casciato (1):
  smack: Use new CVE_STATUS variable

J. S. (1):
  Fix warning : lack of whitespace around assignment

Marta Rybczynska (4):
  scap-security-guide: fix fetch
  chkrootkit: use Debian mirror
  CI: update build for new CI
  .gitlab-ci.yml: add logging of jobs to files

Scott Murray (5):
  layer.conf: Update to whinlatter (5.3) release
  Adapt to S/UNPACKDIR changes
  sshguard: Update to 2.5.1
  libhoth: update to latest
  chkrootkit: fix building with gcc 15

 .gitlab-ci.yml                                |  45 +++---
 conf/layer.conf                               |   2 +-
 .../checksecurity/checksecurity_2.0.16.bb     |   5 +-
 .../bastille/bastille_3.2.1.bb                |   2 +-
 .../recipes-security/nikto/nikto_2.1.6.bb     |   2 +-
 .../python/python3-json2html_1.3.0.bb         |   2 +-
 .../python/python3-xmldiff_2.7.0.bb           |   2 +-
 .../fail2ban/python3-fail2ban_git.bb          |   2 -
 meta-hardening/conf/layer.conf                |   2 +-
 meta-integrity/conf/layer.conf                |   2 +-
 meta-parsec/README.md                         |   4 +-
 meta-parsec/conf/layer.conf                   |   2 +-
 .../parsec-service/parsec-service_1.4.1.bb    |  15 +-
 meta-tpm/conf/layer.conf                      |   2 +-
 meta-tpm/recipes-tpm/libtpm/libtpms_0.10.0.bb |   1 -
 meta-tpm/recipes-tpm/swtpm/swtpm_0.10.0.bb    |   2 -
 .../0001-Fix-building-with-gcc-15.patch       | 151 ++++++++++++++++++
 ...02-Fix-building-without-dbus-backend.patch |  36 +++++
 meta-tpm/recipes-tpm1/hoth/libhoth_git.bb     |  13 +-
 .../openssl-tpm-engine_0.5.0.bb               |   2 -
 .../recipes-tpm1/pcr-extend/pcr-extend_git.bb |   2 -
 .../tpm-quote-tools/tpm-quote-tools_1.0.4.bb  |   1 -
 .../tpm-tools/tpm-tools_1.3.9.2.bb            |   2 -
 .../recipes-tpm1/trousers/trousers_git.bb     |   2 -
 .../ibmswtpm2/ibmswtpm2_183-2024-03-27.bb     |   2 +-
 .../ibmtpm2tss/ibmtpm2tss_2.2.0.bb            |   2 -
 .../tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb    |   2 -
 .../recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb |   2 -
 recipes-compliance/openscap/openscap_1.4.1.bb |   2 -
 .../scap-security-guide_0.1.76.bb             |   9 +-
 recipes-ids/aide/aide_0.18.8.bb               |   2 +-
 recipes-ids/crowdsec/crowdsec_1.1.1.bb        |   2 -
 recipes-ids/ossec/ossec-hids_3.7.0.bb         |   5 +-
 recipes-ids/suricata/libhtp_0.5.50.bb         |   4 -
 recipes-ids/tripwire/tripwire_2.4.3.7.bb      |   4 +-
 recipes-kernel/lkrg/lkrg-module_0.9.7.bb      |   4 +-
 recipes-mac/AppArmor/apparmor_4.0.3.bb        |   1 -
 recipes-mac/ccs-tools/ccs-tools_1.8.9.bb      |   4 +-
 recipes-mac/smack/mmap-smack-test_1.0.bb      |   3 +-
 recipes-mac/smack/smack-test_1.0.bb           |   3 +-
 recipes-mac/smack/smack_1.3.1.bb              |  10 +-
 recipes-mac/smack/tcp-smack-test_1.0.bb       |   3 +-
 recipes-mac/smack/udp-smack-test_1.0.bb       |   3 +-
 recipes-perl/perl/libwhisker2-perl_2.5.bb     |   2 +-
 recipes-scanners/checksec/checksec_2.6.0.bb   |   4 +-
 recipes-scanners/clamav/clamav_0.104.4.bb     |   1 -
 recipes-scanners/rootkits/chkrootkit_0.58b.bb |   7 +-
 .../files/0001-Fix-building-with-gcc-15.patch |  39 +++++
 recipes-security/Firejail/firejail_0.9.72.bb  |   2 -
 recipes-security/chipsec/chipsec_1.9.1.bb     |   2 -
 .../cryptmount/cryptmount_6.2.0.bb            |   2 +-
 recipes-security/fscrypt/fscrypt_1.1.0.bb     |   2 -
 .../fscryptctl/fscryptctl_1.1.0.bb            |   2 -
 recipes-security/glome/glome_git.bb           |   1 -
 .../google-authenticator-libpam_1.09.bb       |   2 -
 recipes-security/isic/isic_0.07.bb            |   2 +-
 recipes-security/krill/krill_0.12.3.bb        |   1 -
 recipes-security/libest/libest_3.2.0.bb       |   2 -
 recipes-security/libgssglue/libgssglue_0.9.bb |   2 -
 recipes-security/libmspack/libmspack_1.11.bb  |   2 +-
 recipes-security/ncrack/ncrack_0.7.bb         |   2 -
 .../redhat-security/redhat-security_1.0.bb    |   3 +-
 recipes-security/sshguard/sshguard_2.4.3.bb   |  11 --
 recipes-security/sshguard/sshguard_2.5.1.bb   |  11 ++
 64 files changed, 319 insertions(+), 151 deletions(-)
 create mode 100644 meta-tpm/recipes-tpm1/hoth/libhoth/0001-Fix-building-with-gcc-15.patch
 create mode 100644 meta-tpm/recipes-tpm1/hoth/libhoth/0002-Fix-building-without-dbus-backend.patch
 create mode 100644 recipes-scanners/rootkits/files/0001-Fix-building-with-gcc-15.patch
 delete mode 100644 recipes-security/sshguard/sshguard_2.4.3.bb
 create mode 100644 recipes-security/sshguard/sshguard_2.5.1.bb

Comments

Gyorgy Sarvari Nov. 7, 2025, 4:35 p.m. UTC | #1 
On 7/4/25 19:11, Scott Murray via lists.yoctoproject.org wrote:
> There is still
> quite a bit of work to recreate a working CI setup, as well as ensuring
> walnascar and scarthgap branches are in a testable state.  

Is the Scarthgap branch still planned to be resurrected?
Marta Rybczynska Nov. 8, 2025, 7:17 a.m. UTC | #2 
Hello Gyorgy,
Positively yes, it is on my list just after the poky split. On the news
side, we have the CI working now.

Kind regards,
Marta

On Fri, Nov 7, 2025 at 5:35 PM Gyorgy Sarvari via lists.yoctoproject.org
<skandigraun=gmail.com@lists.yoctoproject.org> wrote:

> On 7/4/25 19:11, Scott Murray via lists.yoctoproject.org wrote:
> > There is still
> > quite a bit of work to recreate a working CI setup, as well as ensuring
> > walnascar and scarthgap branches are in a testable state.
>
> Is the Scarthgap branch still planned to be resurrected?
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#2430):
> https://lists.yoctoproject.org/g/yocto-patches/message/2430
> Mute This Topic: https://lists.yoctoproject.org/mt/113986841/5827677
> Group Owner: yocto-patches+owner@lists.yoctoproject.org
> Unsubscribe:
> https://lists.yoctoproject.org/g/yocto-patches/leave/13234581/5827677/971106717/xyzzy
> [rybczynska@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
>