<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/recipes-ids, branch scarthgap-next</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=scarthgap-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2026-03-04T10:24:59+00:00</updated>
<entry>
<title>suricata: update to 7.0.13</title>
<updated>2026-03-04T10:24:59+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2026-02-16T11:28:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=815f781a2f7d85efc56299e424bf93f7059df8f1'/>
<id>urn:sha1:815f781a2f7d85efc56299e424bf93f7059df8f1</id>
<content type='text'>
Release notes:
https://suricata.io/2025/11/06/suricata-8-0-2-and-7-0-13-released/

See suricata release notes for more details about changes and CVEs
fixed.

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: update to 7.0.12</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-11-04T15:57:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=afbbe28cee4af2c6760aaead43a4a3ef29969809'/>
<id>urn:sha1:afbbe28cee4af2c6760aaead43a4a3ef29969809</id>
<content type='text'>
Also update libhtp to required version 0.5.52.

See suricata release notes for more details about changes and
CVEs fixed:

https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/
https://suricata.io/2024/03/19/suricata-7-0-4-and-6-0-17-released/
https://suricata.io/2024/04/23/suricata-7-0-5-and-6-0-19-released/
https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/
https://suricata.io/2024/10/01/suricata-7-0-7-released/
https://suricata.io/2024/12/12/suricata-7-0-8-released/
https://suricata.io/2025/03/18/suricata-7-0-9-released/
https://suricata.io/2025/07/08/suricata-7-0-11-released/
https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/

Obsolete CVE patches removed.

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
(cherry picked from commit fbb8343cf81b0cfe1dc396b0cd2417a8315de9ad)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: populate SYSTEMD_SERVICE for service autostart</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-09-22T14:45:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=029cf84f6b8c271ffed7b6aae8000d9a3e947d61'/>
<id>urn:sha1:029cf84f6b8c271ffed7b6aae8000d9a3e947d61</id>
<content type='text'>
https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SYSTEMD_SERVICE

Before:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki

After:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-09-22 04:05:08 UTC; 20s ago
 Invocation: 8cfeb29631f443f0830bffeb00975931
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 268 (Suricata-Main)
      Tasks: 7 (limit: 4915)
     Memory: 36.8M (peak: 37M)
        CPU: 2.222s
     CGroup: /system.slice/suricata.service
             `-268 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Sep 22 04:05:08 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
Sep 22 04:05:09 beaglebone-yocto suricata[268]: i: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: 1 rule files specified, but no rules were loaded!
Sep 22 04:05:10 beaglebone-yocto suricata[268]: i: threads: Threads created -&gt; W: 1 FM: 1 FR: 1   Engine started.

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
(cherry picked from commit 0b7b0629bebe98237ce3060ebe132db05cdcc3b7)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: install classification, reference configs</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-07-21T17:08:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=992f4d462097645bc69bffc9690502d54e273360'/>
<id>urn:sha1:992f4d462097645bc69bffc9690502d54e273360</id>
<content type='text'>
suricata.yaml references these configs

Resolve:
&lt;Warning&gt; -- could not open: "/etc/suricata/classification.config": No
such file or directory

&lt;Error&gt; -- please check the "classification-file" option in your
suricata.yaml file

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
(cherry picked from commit 9a49fcbd05e46cafb0a2300a035a9528242bd4b2)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: fix "interface" arg in systemd service</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-07-07T19:12:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=1f4b24598fe8df3651273641aeb82d5b88e4392b'/>
<id>urn:sha1:1f4b24598fe8df3651273641aeb82d5b88e4392b</id>
<content type='text'>
Fix service startup

https://docs.suricata.io/en/suricata-7.0.0/command-line-options.html#cmdoption-i

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
(cherry picked from commit ca34a66f82caa95b6469f2dee5be6c26bbe2cecc)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: drop pkg_postinst_ontarget systemd init</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-05-20T01:21:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5a7e896374898d8b28c7990e3ada2d405d64fd66'/>
<id>urn:sha1:5a7e896374898d8b28c7990e3ada2d405d64fd66</id>
<content type='text'>
/var/log/suricata initialization is handled by
systemd-tmpfiles-setup.service, which occurs before services like
suricata

Work towards resolving:
ERROR: [...] do_rootfs: The following packages could not be configured
offline and rootfs is read-only: ['100-suricata']

Added in commit 36d656fe7244 ("suricata: add tmpfiles.d config")

systemd testing:

root@beaglebone-yocto:~# ls -d /var/log/suricata
/var/log/suricata

root@beaglebone-yocto:~# systemctl enable suricata
Created symlink '/etc/systemd/system/multi-user.target.wants/suricata.service' -&gt; '/usr/lib/systemd/system/suricata.service'.

root@beaglebone-yocto:~# rmdir /var/log/suricata

root@beaglebone-yocto:~# reboot now

root@beaglebone-yocto:~# ls -d /var/log/suricata
/var/log/suricata

root@beaglebone-yocto:~# journalctl -o short-iso-precise -u systemd-tmpfiles-setup -u suricata
2025-05-20T00:45:46.450027+00:00 beaglebone-yocto systemd[1]: Starting Create System Files and Directories...
[...]
2025-05-20T00:45:47.041049+00:00 beaglebone-yocto systemd[1]: Finished Create System Files and Directories.
2025-05-20T00:45:47.542976+00:00 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
[...]

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 9109f7258dc60c88985869ceff5ca3523cd01400)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: resolve TMPDIR QA issues in do_configure</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-05-20T00:06:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=a6fe33f7d92d5319b7f003239ce96feaa7a83e00'/>
<id>urn:sha1:a6fe33f7d92d5319b7f003239ce96feaa7a83e00</id>
<content type='text'>
ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File /usr/bin/suricata
in package suricata contains reference to TMPDIR [buildpaths]

ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File
/usr/src/debug/suricata/7.0.0/src/build-info.h in package suricata-src
contains reference to TMPDIR [buildpaths]

Address references when src/build-info.h is being written

This is similar to Debian's approach:
https://sources.debian.org/patches/suricata/1:7.0.10-1~bpo12%2B1/reproducible.patch/

Restore the "already-stripped" check and CFLAGS info

Original resolution in commit c0e3fecc3bea ("suricata: fix QA warnings")

Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
(cherry picked from commit 277bf8f9160540d582fec58f0f2139b4e4aebef0)
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: fix CVE-2024-55627 &amp;&amp; CVE-2024-55628</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2025-09-10T06:23:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=66b4e027194da4a13e01e30c14081f01fb47e2ab'/>
<id>urn:sha1:66b4e027194da4a13e01e30c14081f01fb47e2ab</id>
<content type='text'>
Backport fixes for:

* CVE-2024-55627 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd &amp;&amp; https://github.com/OISF/suricata/commit/949bfeca0e5f92212dc3d79f4a87c7c482d376aa &amp;&amp; https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e
* CVE-2024-55628 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/58c41a7fa99f62d9a8688e970ab1a9b09c79723a &amp;&amp; https://github.com/OISF/suricata/commit/284ad462fcb2e47f1518a1abc19e27ca84c6972e &amp;&amp; https://github.com/OISF/suricata/commit/5edb84fe234f47a0fedfbf9b10b49699152fe8cb &amp;&amp; https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>suricata: Fix multiple CVEs</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2025-09-09T07:24:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=79a9354c92b19480166266504e6cef0f8f8262d4'/>
<id>urn:sha1:79a9354c92b19480166266504e6cef0f8f8262d4</id>
<content type='text'>
Backport fixes for:

* CVE-2024-32663 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 &amp;&amp; https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
* CVE-2024-32664 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
* CVE-2024-32867 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 &amp;&amp; https://github.com/OISF/suricata/commit/7137d5e7ab5500f1b7f3391f8ab55a59f1e4cbd7 &amp;&amp; https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 &amp;&amp; https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>libhtp: fix CVE-2025-53537</title>
<updated>2025-11-24T17:04:14+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2025-09-02T05:58:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d630e987e887d33e9b201d43b6dfa2206ae81e90'/>
<id>urn:sha1:d630e987e887d33e9b201d43b6dfa2206ae81e90</id>
<content type='text'>
Upstream-Status: Backport from
https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c &amp;&amp; https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
</feed>
