From patchwork Thu Oct 16 21:21:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Murray X-Patchwork-Id: 1927 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00CD9CCD183 for ; Thu, 16 Oct 2025 21:22:35 +0000 (UTC) Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) by mx.groups.io with SMTP id smtpd.web10.1658.1760649753425697291 for ; Thu, 16 Oct 2025 14:22:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@konsulko.com header.s=google header.b=K2fzNBqY; spf=pass (domain: konsulko.com, ip: 209.85.222.179, mailfrom: scott.murray@konsulko.com) Received: by mail-qk1-f179.google.com with SMTP id af79cd13be357-88e51cf965dso248130985a.2 for ; Thu, 16 Oct 2025 14:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; t=1760649752; x=1761254552; darn=lists.yoctoproject.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Z8dwE+FeRSNv/hnPaZZz61DHocoI4Jaosqdzou4Hr8U=; b=K2fzNBqY4hKMLPoQvnuqTrGnFu4qPnbxABWcMgjyUqAzTunK6FTjvvaHeo/RXBLQwN fTJ2vVMiHQO26tLaf+9ko5My9gzQRNBb/4CEnzgn144H00tHz15T1j0AdfsJ4ZW/r2Hz kCnqcIKsKCLq/uS6VdbEfOT+J5v/PPkezefKg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760649752; x=1761254552; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Z8dwE+FeRSNv/hnPaZZz61DHocoI4Jaosqdzou4Hr8U=; b=XzHX88V7X5qi9SF+V4d4KcTYbbgO/Pj3wyeJjf5CWCzlR4thj4eZA/lnWl1BZATPiG u/CFY0ng6KYRnx3pqipeaECvUfzANVy9r/VUDac11kMN7vInhCM6bZ1r79J832U3jBWY p+Db7tyhmihc/MteWKuB5ElbO+qmVoBdA9SBfh0lFdQyTCF+70Qzr3oH2NCk8GmneZ5S ZkR5eh5igwCbaGNjpvGLpd+IN6uf8LjM/bVcGzwBndHtCZ4fATkNNUgy1R4EOs2q5pf9 qmHkUCfnITwHrI7xhl6OsZNtWl2jP/i+qokrUtdrR73/7Li93DJk7bxqAYRL76D4EtDx TawA== X-Gm-Message-State: AOJu0YwKBCuedeTVcK144tL2hG7COFEy9KbL26lZ6ikoURTz+UP3t5sr XMVlwbPbYPUOreRM/ez7WmoUJuXz1esPGKqfdzrdpOB5uGSKQaiwliVPwu4vuE5egyOgNnJw1Ce NfwYQ X-Gm-Gg: ASbGnctPdcy3BTSD/Bmc/SJNFKuUFgipSdJWxcVpAos8cuANg4uEAh+xHRbSPsXDJDR 6xPXOEF1VcOqNUXD6IPVvhLxcwUBpr6vRT0sWKtI3E/FwvQvzmgo6e+QakBRCfLeHokHVrQjavM YNslgLBrdpmsG8TOWAouUag01CC9L/hjJKUccDh8JMJehsrv7tpV1VBDIo2wIDcR9EGHMUEbC5z 3BvQ3GCx3MVqkhDxpYkfyqTcBAuZI+5448UyKzvIBIWE5RT1fq8tIuNS5yLRC/o75ykpPjC+Zvp hFE+1bTGcBRBhyhZtP3cP7zWQvaVJofCJuaK5SGqJcFBlQN8OIydpMLaWvmrESTw9xGMKLeDjeX BtP7RHO2OhyCmU5qCLSXSezTWit8MbnjkHaGiajH45PpTK6QnfSS92kHI4uJ4hC4PzuCSHaNzgd wsT+IijBXyF4L3N60bH3sVYGOPSrEkv4nkAeey41qmW4Pxg1MFG1OL X-Google-Smtp-Source: AGHT+IHBkzhNQZwVPCRcs4sBVI/F1uNkF1zn8ip3eefPoPFD+zve5cICxhxuIEE5jrWV0yQcc32C1A== X-Received: by 2002:a05:622a:352:b0:4b7:a680:42fc with SMTP id d75a77b69052e-4e89d3708bfmr19722631cf.45.1760649751860; Thu, 16 Oct 2025 14:22:31 -0700 (PDT) Received: from ghidorah.spiteful.org (107-179-213-3.cpe.teksavvy.com. [107.179.213.3]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-87c1c2fd4f4sm14647466d6.7.2025.10.16.14.22.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Oct 2025 14:22:31 -0700 (PDT) From: Scott Murray To: yocto-patches@lists.yoctoproject.org Cc: Marta Rybczynska Subject: [meta-security][PATCH 00/15] Assorted fixes Date: Thu, 16 Oct 2025 17:21:59 -0400 Message-ID: X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 16 Oct 2025 21:22:34 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/2325 This patch series rolls up contributed patches from the past few weeks, as well as some other fixes and cleanup. I intend to merge these to master branch at end of day Monday unless there are objections. On top of the contributed patches, there are some build fixes from Marta that have gotten us to a working state with CI, and some hopefully non-controversial recipe removals from myself. The recipes in question have been disabled for at least two years, and there has been no obvious interest in them in that period. I have worked up a list of a few more recipes that were not getting tested in the CI testing that are broken atm, some of those may be next in line for removal if there's not a path to a simple fix via an upgrade. On another note, now that CI automation is working well, my thinking is that going forward I may usually just post a list of commits queued on master-next rather than these full patch series, as it's not clear the duplication of contributed patches provides much value. If you have a strong desire to still see these explicit patch series instead, please reply to indicate that. Scott Changes: Clayton Casciato (2): suricata: populate SYSTEMD_SERVICE for service autostart suricata-update: add package to pull files Marta Rybczynska (5): kas: use repo name lynis: move to GitHub fetching chipsec: update to 1.13.16 chipsec: disable until 6.16 support is fixed test: allow root login for test images Scott Murray (5): tripwire: Remove recipe libest: Remove recipe paxctl: Remove recipe packagegroup-core-security: update for recent changes meta-tpm: Small maintainers fix Yi Zhao (3): python3-fail2ban: fix ptest failures python3-fail2ban: update to latest git rev libmhash: fix build with gcc 15 .../include/maintainers-meta-security.inc | 2 - docs/overview.txt | 27 - .../fail2ban/python3-fail2ban_git.bb | 12 +- kas/kas-security-base.yml | 2 +- kas/qemux86-test.yml | 1 + lib/oeqa/runtime/cases/tripwire.py | 47 - .../distro/include/maintainers-meta-tpm.inc | 1 - recipes-compliance/lynis/lynis_3.1.5.bb | 6 +- .../packagegroup-core-security.bb | 20 +- .../suricata/python3-suricata-update_1.3.6.bb | 15 + recipes-ids/suricata/suricata_7.0.0.bb | 1 + recipes-ids/tripwire/files/run-ptest | 3 - recipes-ids/tripwire/files/tripwire.cron | 8 - recipes-ids/tripwire/files/tripwire.sh | 9 - recipes-ids/tripwire/files/tripwire.txt | 69 - recipes-ids/tripwire/files/twcfg.txt | 15 - recipes-ids/tripwire/files/twinstall.sh | 320 ----- recipes-ids/tripwire/files/twpol-yocto.txt | 1107 ----------------- recipes-ids/tripwire/tripwire_2.4.3.7.bb | 75 -- .../{chipsec_1.9.1.bb => chipsec_1.13.16.bb} | 4 +- recipes-security/libest/libest_3.2.0.bb | 28 - recipes-security/libmhash/libmhash_0.9.9.9.bb | 2 + ...ckage-error-if-DESTDIR-is-set-to-usr.patch | 26 - recipes-security/paxctl/paxctl_0.9.bb | 40 - 24 files changed, 47 insertions(+), 1793 deletions(-) delete mode 100644 lib/oeqa/runtime/cases/tripwire.py create mode 100644 recipes-ids/suricata/python3-suricata-update_1.3.6.bb delete mode 100644 recipes-ids/tripwire/files/run-ptest delete mode 100644 recipes-ids/tripwire/files/tripwire.cron delete mode 100644 recipes-ids/tripwire/files/tripwire.sh delete mode 100644 recipes-ids/tripwire/files/tripwire.txt delete mode 100644 recipes-ids/tripwire/files/twcfg.txt delete mode 100644 recipes-ids/tripwire/files/twinstall.sh delete mode 100644 recipes-ids/tripwire/files/twpol-yocto.txt delete mode 100644 recipes-ids/tripwire/tripwire_2.4.3.7.bb rename recipes-security/chipsec/{chipsec_1.9.1.bb => chipsec_1.13.16.bb} (90%) delete mode 100644 recipes-security/libest/libest_3.2.0.bb delete mode 100644 recipes-security/paxctl/paxctl/0001-To-fix-package-error-if-DESTDIR-is-set-to-usr.patch delete mode 100644 recipes-security/paxctl/paxctl_0.9.bb