<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/dynamic-layers, branch scarthgap-next</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2026-03-06T12:56:22+00:00</updated>
<entry>
<title>nikto: fix branch</title>
<updated>2026-03-06T12:56:22+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2026-03-06T12:56:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=b13f1705d723650de61277670c8a76aadea4cfdd'/>
<id>urn:sha1:b13f1705d723650de61277670c8a76aadea4cfdd</id>
<content type='text'>
Upstream has renamed their master branch to main, adjust SRC_URI to
match.

Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>sssd: Upgrade to 2.9.7</title>
<updated>2026-01-19T18:00:21+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2026-01-16T21:29:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=62059c7e36c4a91c0f9579f986c24140a1260ed1'/>
<id>urn:sha1:62059c7e36c4a91c0f9579f986c24140a1260ed1</id>
<content type='text'>
Release notes:
https://sssd.io/release-notes/sssd-2.9.6.html
https://sssd.io/release-notes/sssd-2.9.7.html

Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>sssd: Fix for CVE-2025-11561</title>
<updated>2026-01-19T18:00:13+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-12-05T11:33:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cbe6438806d061bd92a6473d3715b35a739a295d'/>
<id>urn:sha1:cbe6438806d061bd92a6473d3715b35a739a295d</id>
<content type='text'>
Upstream-Status: Backport [https://github.com/SSSD/sssd/commit/e5224f0cb684e61203d2cd8045266f7248696204]

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>sssd: Upgrade 2.9.2 -&gt; 2.9.5</title>
<updated>2026-01-19T17:59:53+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-12-05T11:33:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e954c09eaa38f5a36b24f8a7be7e4a5b51e8fa4b'/>
<id>urn:sha1:e954c09eaa38f5a36b24f8a7be7e4a5b51e8fa4b</id>
<content type='text'>
Includes security fix CVE-2023-3758

ChangeLog:
https://github.com/SSSD/sssd/releases/tag/2.9.5

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>fail2ban: replace fail2ban-python shebang with python3</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Haixiao Yan</name>
<email>haixiao.yan.cn@windriver.com</email>
</author>
<published>2025-10-24T11:09:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=64dda85d72b9069bbaac619437a10359ffea7afb'/>
<id>urn:sha1:64dda85d72b9069bbaac619437a10359ffea7afb</id>
<content type='text'>
In Yocto, there is only one Python interpreter (python3), and the
auto-generated "fail2ban-python" symlink is not used. To ensure
all installed scripts can run correctly, replace the shebang line
from "#!/usr/bin/env fail2ban-python" to "#!/usr/bin/env python3"
during installation.

Signed-off-by: Haixiao Yan &lt;haixiao.yan.cn@windriver.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>fail2ban: Adapt test output to Automake format for ptest compatibility</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Haixiao Yan</name>
<email>haixiao.yan.cn@windriver.com</email>
</author>
<published>2025-09-22T08:35:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=c4f4a11e93607958dfe5608b5d2b62d422257b04'/>
<id>urn:sha1:c4f4a11e93607958dfe5608b5d2b62d422257b04</id>
<content type='text'>
Convert fail2ban-testcases output to follow Automake-compatible format
(PASS:/FAIL:) so that ptest-runner can correctly parse and
report test results.

root@intel-x86-64:~# ptest-runner python3-fail2ban -t 300
START: ptest-runner
2025-09-22T07:57
BEGIN: /usr/lib64/python3-fail2ban/ptest
Fail2ban 1.1.1.dev1 test suite. Python 3.12.11 (main, Jun  3 2025, 15:41:47) [GCC 13.4.0]. Please wait...
I: Skipping smtp tests: No module named 'smtpd'
I: Skipping SSL smtp tests: No module named 'aiosmtpd'
PASS: fail2ban.tests.servertestcase.Transmitter.testAction
PASS: fail2ban.tests.servertestcase.Transmitter.testAddJail
PASS: fail2ban.tests.servertestcase.Transmitter.testDatabase
PASS: fail2ban.tests.servertestcase.Transmitter.testDatePattern
PASS: fail2ban.tests.servertestcase.Transmitter.testGetNOK
PASS: fail2ban.tests.servertestcase.Transmitter.testJailAttemptIP
PASS: fail2ban.tests.servertestcase.Transmitter.testJailBanIP
...
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testBanTimeIncr
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testFlushLogs
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogLevel
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTarget
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTargetSYSLOG
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocket
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocketNOK

============================================================================
Testsuite summary
DURATION: 48
END: /usr/lib64/python3-fail2ban/ptest
2025-09-22T07:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Haixiao Yan &lt;haixiao.yan.cn@windriver.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>python3-fail2ban: fix ptest failures</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@windriver.com</email>
</author>
<published>2025-09-12T01:58:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a15eaa9df447ba9d0aebc1501057de25f1473776'/>
<id>urn:sha1:a15eaa9df447ba9d0aebc1501057de25f1473776</id>
<content type='text'>
Fix ptest failures by backporting patch and updating test case config
files.

Before the patch:
  $ ptest-runner python3-fail2ban
  START: ptest-runner
  2025-09-11T15:42
  BEGIN: /usr/lib64/python3-fail2ban/ptest
  &lt;snip&gt;
  Ran 524 tests in 23.023s

  FAILED (failures=5, errors=7, skipped=3)
  DURATION: 24
  END: /usr/lib64/python3-fail2ban/ptest
  2025-09-11T15:42
  STOP: ptest-runner
  TOTAL: 1 FAIL: 1

After the patch:
  $ ptest-runner python3-fail2ban
  START: ptest-runner
  2025-09-11T15:59
  BEGIN: /usr/lib64/python3-fail2ban/ptest
  &lt;snip&gt;
  Ran 524 tests in 25.982s

  OK (skipped=3)
  DURATION: 27
  END: /usr/lib64/python3-fail2ban/ptest
  2025-09-11T15:59
  STOP: ptest-runner
  TOTAL: 1 FAIL: 0

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>fail2ban: update to 1.1.0+</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Rasmus Villemoes</name>
<email>rasmus.villemoes@prevas.dk</email>
</author>
<published>2025-09-09T06:58:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cbbfb854a479a46904447b716a1c29183cbfa3b0'/>
<id>urn:sha1:cbbfb854a479a46904447b716a1c29183cbfa3b0</id>
<content type='text'>
Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.

fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.

So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.

Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables-&gt;nftables.

Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.

Signed-off-by: Rasmus Villemoes &lt;rasmus.villemoes@prevas.dk&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
(update PV)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>bastille: prevent host uids on files</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Marta Rybczynska</name>
<email>marta.rybczynska@ygreky.com</email>
</author>
<published>2025-07-09T08:14:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a2d79f44e9fcc17eeb682e8f30ec1a3eb25d43d5'/>
<id>urn:sha1:a2d79f44e9fcc17eeb682e8f30ec1a3eb25d43d5</id>
<content type='text'>
We get an intermittent QA error about file permissions, happening roughly
on 1 build of 10.

The change adds chown to prevent host ids on files related to the
set_required_questions.py script, to avoid long debugging for now.

Signed-off-by: Marta Rybczynska &lt;marta.rybczynska@ygreky.com&gt;
(cherry picked from commit 7bdd0a8b48442e3a93b98647801c2ff5dee7267b)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>checksecurity: update the debian package</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Marta Rybczynska</name>
<email>marta.rybczynska@ygreky.com</email>
</author>
<published>2025-07-19T14:53:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=55757d4379aae40f6045091b848edc95d887f6b8'/>
<id>urn:sha1:55757d4379aae40f6045091b848edc95d887f6b8</id>
<content type='text'>
The previously used package (nmu1) is not longer available, use the latest current
one (nmu3). The changelog between the two:

checksecurity (2.0.16+nmu3) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix "missing required debian/rules targets build-arch and/or build-
    indep": Add targets to debian/rules.
    (Closes: #999082)
  * Fix "Removal of obsolete debhelper compat 5 and 6 in bookworm":
    Bump to 7 in debian/{compat,control}.
    (Closes: #965448)
  * Fix some grave packaging errors:
    - move debhelper from Build-Depends-Indep to Build-Depends
    - remove temporary files debian/postrm.debhelper and debian/substvars from
      source package

 -- gregor herrmann &lt;gregoa@debian.org&gt;  Sun, 26 Dec 2021 01:56:10 +0100

checksecurity (2.0.16+nmu2) unstable; urgency=medium

  * Non maintainer upload by the Reproducible Builds team.
  * No source change upload to rebuild on buildd with .buildinfo files.

 -- Holger Levsen &lt;holger@debian.org&gt;  Fri, 01 Jan 2021 19:17:53 +0100

Signed-off-by: Marta Rybczynska &lt;marta.rybczynska@ygreky.com&gt;
(adapted from 828a78314f51b919baf638d64e8e12c0c0a408ad)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
</feed>
