<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git, branch scarthgap-next</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2026-03-06T12:56:22+00:00</updated>
<entry>
<title>nikto: fix branch</title>
<updated>2026-03-06T12:56:22+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2026-03-06T12:56:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b13f1705d723650de61277670c8a76aadea4cfdd'/>
<id>urn:sha1:b13f1705d723650de61277670c8a76aadea4cfdd</id>
<content type='text'>
Upstream has renamed their master branch to main, adjust SRC_URI to
match.

Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: update to 7.0.13</title>
<updated>2026-03-04T10:24:59+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2026-02-16T11:28:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=815f781a2f7d85efc56299e424bf93f7059df8f1'/>
<id>urn:sha1:815f781a2f7d85efc56299e424bf93f7059df8f1</id>
<content type='text'>
Release notes:
https://suricata.io/2025/11/06/suricata-8-0-2-and-7-0-13-released/

See suricata release notes for more details about changes and CVEs
fixed.

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>lynis: upgrade to 3.1.6</title>
<updated>2026-01-19T18:00:21+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2026-01-16T20:03:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=97e482b71688b62ac1109d16e89368122f039cbf'/>
<id>urn:sha1:97e482b71688b62ac1109d16e89368122f039cbf</id>
<content type='text'>
Release notes:
https://github.com/CISOfy/lynis/releases/tag/3.1.6

Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>lynis: move to GitHub fetching</title>
<updated>2026-01-19T18:00:21+00:00</updated>
<author>
<name>Marta Rybczynska</name>
<email>marta.rybczynska@ygreky.com</email>
</author>
<published>2025-09-22T11:21:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=6113f0e2f8521427374c8c47bf7ed883962651bd'/>
<id>urn:sha1:6113f0e2f8521427374c8c47bf7ed883962651bd</id>
<content type='text'>
Move to fetching from GitHub hashes to avoid issues at releases,
when the last-recent release changes place.

Signed-off-by: Marta Rybczynska &lt;marta.rybczynska@ygreky.com&gt;
(adapted for scarthgap)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>lynis: update to 3.1.5</title>
<updated>2026-01-19T18:00:21+00:00</updated>
<author>
<name>Michael Opdenacker</name>
<email>michael.opdenacker@rootcommit.com</email>
</author>
<published>2025-09-01T07:42:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=4fa748a3e886549fa99ca86ec2c4c843c8a953a3'/>
<id>urn:sha1:4fa748a3e886549fa99ca86ec2c4c843c8a953a3</id>
<content type='text'>
Tested on master (whinlatter) with beaglebone-yocto

New in version 3.1.5 (2025-07-29):
https://cisofy.com/changelog/lynis/#315

Added:
- Support for OpenWrt
- Bitdefender detection on Linux
- Detection of openSUSE Tumbleweed-Slowroll

Changed:
- Corrected detection of service manager SMF
- Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt
- Check modules also under /usr/lib/modules.d

Signed-off-by: Michael Opdenacker &lt;michael.opdenacker@rootcommit.com&gt;
(backported to scarthgap)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>sssd: Upgrade to 2.9.7</title>
<updated>2026-01-19T18:00:21+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2026-01-16T21:29:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=62059c7e36c4a91c0f9579f986c24140a1260ed1'/>
<id>urn:sha1:62059c7e36c4a91c0f9579f986c24140a1260ed1</id>
<content type='text'>
Release notes:
https://sssd.io/release-notes/sssd-2.9.6.html
https://sssd.io/release-notes/sssd-2.9.7.html

Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>sssd: Fix for CVE-2025-11561</title>
<updated>2026-01-19T18:00:13+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-12-05T11:33:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cbe6438806d061bd92a6473d3715b35a739a295d'/>
<id>urn:sha1:cbe6438806d061bd92a6473d3715b35a739a295d</id>
<content type='text'>
Upstream-Status: Backport [https://github.com/SSSD/sssd/commit/e5224f0cb684e61203d2cd8045266f7248696204]

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>sssd: Upgrade 2.9.2 -&gt; 2.9.5</title>
<updated>2026-01-19T17:59:53+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-12-05T11:33:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e954c09eaa38f5a36b24f8a7be7e4a5b51e8fa4b'/>
<id>urn:sha1:e954c09eaa38f5a36b24f8a7be7e4a5b51e8fa4b</id>
<content type='text'>
Includes security fix CVE-2023-3758

ChangeLog:
https://github.com/SSSD/sssd/releases/tag/2.9.5

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: update to 7.0.12</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-11-04T15:57:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=afbbe28cee4af2c6760aaead43a4a3ef29969809'/>
<id>urn:sha1:afbbe28cee4af2c6760aaead43a4a3ef29969809</id>
<content type='text'>
Also update libhtp to required version 0.5.52.

See suricata release notes for more details about changes and
CVEs fixed:

https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/
https://suricata.io/2024/03/19/suricata-7-0-4-and-6-0-17-released/
https://suricata.io/2024/04/23/suricata-7-0-5-and-6-0-19-released/
https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/
https://suricata.io/2024/10/01/suricata-7-0-7-released/
https://suricata.io/2024/12/12/suricata-7-0-8-released/
https://suricata.io/2025/03/18/suricata-7-0-9-released/
https://suricata.io/2025/07/08/suricata-7-0-11-released/
https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/

Obsolete CVE patches removed.

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
(cherry picked from commit fbb8343cf81b0cfe1dc396b0cd2417a8315de9ad)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: populate SYSTEMD_SERVICE for service autostart</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-09-22T14:45:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=029cf84f6b8c271ffed7b6aae8000d9a3e947d61'/>
<id>urn:sha1:029cf84f6b8c271ffed7b6aae8000d9a3e947d61</id>
<content type='text'>
https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SYSTEMD_SERVICE

Before:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki

After:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-09-22 04:05:08 UTC; 20s ago
 Invocation: 8cfeb29631f443f0830bffeb00975931
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 268 (Suricata-Main)
      Tasks: 7 (limit: 4915)
     Memory: 36.8M (peak: 37M)
        CPU: 2.222s
     CGroup: /system.slice/suricata.service
             `-268 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Sep 22 04:05:08 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
Sep 22 04:05:09 beaglebone-yocto suricata[268]: i: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: 1 rule files specified, but no rules were loaded!
Sep 22 04:05:10 beaglebone-yocto suricata[268]: i: threads: Threads created -&gt; W: 1 FM: 1 FR: 1   Engine started.

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
(cherry picked from commit 0b7b0629bebe98237ce3060ebe132db05cdcc3b7)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
</feed>
