aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2021-09-16secilc: Security fix for CVE-2021-36087hardknottArmin Kuster
Source: https://github.com/SELinuxProject/selinux MR: 111869 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac ChangeID: b282a68f76e509f548fe6ce46349af56d09481c6 Description: Affects: secilc <= 3.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-09-16libsepol: Security fix CVE-2021-36085Armin Kuster
Source: https://github.com/SELinuxProject/selinux/ MR: 111857 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4 Description: Affects: libsepol <= 3.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-09-16libsepol: Security fix CVE-2021-36084Armin Kuster
Source: https://github.com/SELinuxProject/selinux MR: 111851 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 ChangeID: 7fae27568e26ccbb18be3d2a1ce7332d42706f18 Description: Affects: libsepol < 3.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-04-25layer.conf: update layercompat for hardknott and create branchJoe MacDonald
Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-27conf/layer.conf: Add hardknott supportAnibal Limon
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17setools: upgrade 4.3.0 -> 4.4.0Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17semodule-utils: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17selinux-sandbox: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17selinux-gui: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17selinux-dbus: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17selinux-python: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17restorecond: update to 3.2Yi Zhao
* Merge inc file into bb file. * Drop obsolete patches: policycoreutils-make-O_CLOEXEC-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17mcstrans: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17policycoreutils: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17secilc: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17checkpolicy: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17libsemanage: update to 3.2Yi Zhao
* Merge inc file into bb file. * Drop obsolete patches: libsemanage-define-FD_CLOEXEC-as-necessary.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17libselinux-python: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17libselinux: update to 3.2Yi Zhao
* Merge inc file into bb file. * Drop obsolete patches: 0001-libselinux-do-not-define-gettid-for-musl.patch libselinux-define-FD_CLOEXEC-as-necessary.patch libselinux-make-O_CLOEXEC-optional.patch libselinux-make-SOCK_CLOEXEC-optional.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17libsepol: update to 3.2Yi Zhao
Merge inc file into bb file. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-17selinux: update inc file to 3.2Yi Zhao
* Drop selinux_DATE.inc since upstream now uses X.Y version instead of date for release tag[1]. Move its content to selinux_common.inc. * Switch to git repo in SRC_URI, then all selinux recipes can use unified source. [1] https://github.com/SELinuxProject/selinux/commit/f63ac245f7addf832e8cde3cc4f26607b738994d Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-09libselinux-python: Fix build error due to missing target configAnatol Belski
This fixes the error below: gcc: error: unrecognized command line option ‘-fmacro-prefix-map=/path/to/build/libselinux-python/3.0-r0=/usr/src/debug/libselinux-python/3.0-r0’ Without inheriting the config, supposedly a wrong compiler is used. Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03refpolicy: upgrade 20200229+git -> 20210203+gitYi Zhao
* Update to latest git rev. * Drop obsolete and unused patches. * Rebase patches. * Add patches to make systemd --user work. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03initscripts: restore security contexts after running populate-volatile.shYi Zhao
Some directories are created by populate-volatile.sh. We need to restore their security contexts. Before the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:root_t /tmp system_u:object_r:var_t /var/lock system_u:object_r:var_t /var/run system_u:object_r:var_t /var/tmp After the patch: $ ls -dZ /tmp /var/tmp /var/lock /var/run system_u:object_r:tmp_t /tmp system_u:object_r:var_lock_t /var/lock system_u:object_r:var_run_t /var/run system_u:object_r:tmp_t /var/tmp Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03packagegroup-core-selinux: add auditdYi Zhao
Install auditd which will help the users debug and eliminate the audit logs on screen. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03audit: upgrade 3.0 -> 3.0.1Yi Zhao
Drop backported patch: 0001-lib-arm_table.h-update-arm-syscall-table.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03audit: move audisp-* to audispd-plugins packageYi Zhao
The audisp-* files should be in audispd-plugins package rather than auditd package. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03parted: remove bbappendYi Zhao
Remove bbappend since parted 3.4 has removed the enable_selinux configure option[1]. Fixes: QA Issue: parted: configure was passed unrecognised options: --enable-selinux [unknown-configure-option] [1] https://git.savannah.gnu.org/cgit/parted.git/commit/?id=059200d50beb259c54469ae65f2d034af48ff849 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03selinux-python: depend on libselinuxYi Zhao
Fix build error when selinux feature is not enabled: sepolgen-ifgen-attr-helper.c:29:10: fatal error: selinux/selinux.h: No such file or directory 29 | #include <selinux/selinux.h> | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-03-03policycoreutils: Improve reproducibilityOleksiy Obitotskyy
LOCALEDIR should be set to target path, e.g. /usr/share/locale not host absolute path. This prevent to build reproducible package. LOCALEDIR constructed from: $(DESTDIR)$(PREFIX)/share/locale Change PREFIX from ${D} to ${prefix}. DESTDIR is not set during compilation and is set to proper value during install. Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-02-18e2fsprogs: remove bbappendYi Zhao
Remove bbappend since the misc_create_inode.c-label_rootfs.patch has been merged upstream[1]. [1] https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=7616fd6a599e44c5700c2c3a2e08979c6c5c747e Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-20audit:: update arm syscall tableYi Zhao
Refer to Glibc 2.32, add *_time64 syscalls. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14semodule-utils: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14selinux-gui: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14selinux-sandbox: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14selinux-dbus: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14selinux-python: upgrade to 3.1 (20200710)Yi Zhao
Refresh patch: fix-sepolicy-install-path.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14restorecond: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14mcstrans: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14policycoreutils: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14secilc: upgrade to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14checkpolicy: upgrade to 3.0 (20191204)Yi Zhao
Drop backported patch: 0001-checkpolicy-remove-unused-te_assertions.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14libsemanage: upgrade to 3.1 (20200710)Yi Zhao
* Drop obsolete patch: libsemanage-drop-Wno-unused-but-set-variable.patch * Refresh patch: libsemanage-allow-to-disable-audit-support.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14libselinux-python: upgrade to 3.1 (20200710)Yi Zhao
Refresh patches: 0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch 0001-Makefile-fix-python-modules-install-path-for-multili.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14libselinux: upgrade to 3.1 (20200710)Yi Zhao
Drop backported and obsolete patches: 0001-Fix-building-against-musl-and-uClibc-libc-libraries.patch libselinux-drop-Wno-unused-but-set-variable.patch Add patch to fix build on musl: 0001-libselinux-do-not-define-gettid-for-musl.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14libsepol: upgrade to 3.1 (20200710)Yi Zhao
Drop backported patches: 0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch 0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14selinux: upgrade inc files to 3.1 (20200710)Yi Zhao
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14audit: upgrade 2.8.5 -> 3.0Yi Zhao
* Drop backported patches: 0001-Header-definitions-need-to-be-external-when-building.patch 0001-lib-i386_table.h-add-new-syscall.patch Add-substitue-functions-for-strndupa-rawmemchr.patch * Refresh patch: Fixed-swig-host-contamination-issue.patch * Update auditd.service. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2021-01-14audit: enable arm/aarch64 processor support by defaultYi Zhao
We encountered a runtime error for auditctl on lib32 image for aarch64: root@xilinx-zynqmp:~# auditctl -a always,exit -F arch=b32 -S adjtimex -k TEST-time-change arch elf mapping not found The root cause is the aarch64 processor support is not enabled for arm build. Refer to Debian[1] and Fedora[2], actually we can enable arm/aarch64 processor support unconditionally. [1] https://salsa.debian.org/debian/audit/-/commit/8c6b2049bafb52712ca981e73d5b79d5bd97e08e [2] https://src.fedoraproject.org/rpms/audit/blob/master/f/audit.spec Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
2020-12-15libselinux-python: inherit python3targetconfigYi Zhao
The python3 target configuration has been split into own class in oe-core commit 5a118d4e7985fa88f04c3611f8db813f0dafce75. Inherit it to fix the build error. Fixes: selinuxswig_python_wrap.o: file not recognized: File format not recognized collect2: error: ld returned 1 exit status Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-07 10:20:03 +0000