From patchwork Sat Sep 16 16:24:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 7186 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RnxGc476Kz3wlj for ; Sat, 16 Sep 2023 16:24:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RnxGZ3mhXzvy; Sat, 16 Sep 2023 16:24:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RnxGZ2s2hz2yDy; Sat, 16 Sep 2023 16:24:38 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RnxGX5GL3z2xJm for ; Sat, 16 Sep 2023 16:24:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4RnxGW5bpkzJ9 for ; Sat, 16 Sep 2023 16:24:35 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1694881475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=HNGKeCwv+kxIdal7v3EXL5gO2VLgOPeKdXQooevBzzo=; b=6LMjcyjktkfsJh7JnQbINp4kIj0DOOIyrYAvW/PYtVnnN5NG3OvAKHU+YL+4GvnZZOxwYM lbWyrImzQYns2aCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1694881475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=HNGKeCwv+kxIdal7v3EXL5gO2VLgOPeKdXQooevBzzo=; b=kAIb+eMmMI/nV/Gf71qH1fVxLdVUnABxA3vSqIrJp5LBRMBGGnBfeZpXO5ba9TnJsggxwo fuJtpNowzPmeZ+eZct5hTvW1LJl0FrhaXz6sSM7CJl5hKLpdyKF4zowWAOEDreF3oLKMcU Pf+2kcQZM1bNpqDyWyP0RNBuCeLqS+CqGHcVSOl0PKvwQD+jvznb+yvjh5O9P15vcHstz3 h5PzMISq8Ey0I6S6R79XsAuGYZmraTvA+jr70E716+g1x/8cl8Va+bOu4lH6IK4TiQpY82 aksMfsOFxtLrZS0xqtUHR2pxpn7DokSo/8LmnOlM9o4nvW8aHhcl/gnup82Ldg== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] suricata: Update to 6.0.14 Date: Sat, 16 Sep 2023 18:24:29 +0200 Message-Id: <20230916162429.3464919-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Excerpt from changelog: "6.0.14 -- 2023-09-13 Security #6289: Crash in SMTP parser during parsing of email (6.0.x backport) Security #6196: process exit in hyperscan error handling (6.0.x backport) Security #6156: dcerpc: max-tx config parameter, also for UDP (6.0.x backport) Bug #6285: community-id: Fix IPv6 address sorting not respecting byte order (6.0.x backport) Bug #6248: Multi-tenancy: crash under test mode when tenant signature load fails (6.0.x backport) Bug #6245: tcp: RST with data used in reassembly (6.0.x backport) Bug #6236: if protocol dcerpc first packet type is Alter_context, it will not parse dcerpc (6.0.x backport) Bug #6228: ips/af-packet: crash when copy-iface is the same as the interface (6.0.x backport) Bug #6227: windows: lua script path truncated (6.0.x backport) Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport) Bug #6224: base64: complete support for RFC2045 (6.0.x backport) Bug #6220: Backport tenant_id conversion to uint32_t Bug #6213: file.magic: rule reload can lead to crashes (6.0.x backport) Bug #6193: smtp: Attachment not being md5 matched (6.0.x backport) Bug #6192: smtp: use every byte to compute email.body_md5 (6.0.x backport) Bug #6182: log-pcap: fix segfault on lz4 compressed pcaps (6.0.x backport) Bug #6181: eve/alert: deprecated fields can have unexpected side affects (6.0.x backport) Bug #6174: FTP bounce detection doesn't work for big-endian platforms (6.0.x backport) Bug #6166: http2: fileinfo events log http2 object instead of http object as alerts and http2 do (6.0.x backport) Bug #6139: smb: wrong offset when parse SMB_COM_WRITE_ANDX record (6.0.x backport) Bug #6082: pcap: device reopen broken (6.0.x backport) Bug #6068: pcap: memory leaks (6.0.x backport) Bug #6045: detect: multi-tenancy leaks memory if more than 1 tenant registered (6.0.x backport) Bug #6035: stream.midstream: if enabled breaks exception policy (6.0.x backport) Bug #5915: rfb: parser returns error on unimplemented record types (6.0.x backport) Bug #5794: eve: if alert and drop rules match for a packet, "alert.action" is ambigious (6.0.x backport) Bug #5439: Invalid certificate when Issuer is not present. Optimization #6229: Performance impact of Cisco Fabricpath (6.0.x backport) Optimization #6203: detect: modernize filename fileext filemagic (6.0.x backport) Optimization #6153: suricatasc: Gracefully handle unsupported commands (6.0.x backport) Feature #6282: dns/eve: add 'HTTPS' type logging (6.0.x backport) Feature #5935: ips: add 'master switch' to enable dropping on traffic (handling) exceptions (6.0.x backport) Documentation #6234: userguide: add installation from Ubuntu PPA section (6.0.x backport)" Signed-off-by: Matthias Fischer --- config/rootfiles/common/suricata | 1 + lfs/suricata | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 89fd6d865..c414cf61b 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -35,6 +35,7 @@ usr/share/suricata #usr/share/suricata/rules/mqtt-events.rules #usr/share/suricata/rules/nfs-events.rules #usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/rfb-events.rules #usr/share/suricata/rules/smb-events.rules #usr/share/suricata/rules/smtp-events.rules #usr/share/suricata/rules/ssh-events.rules diff --git a/lfs/suricata b/lfs/suricata index c48c1c430..5e16d1ac0 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 6.0.13 +VER = 6.0.14 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 +$(DL_FILE)_BLAKE2 = 7e14f16f04bdd632d26f4249c328ea918cc4edf96cc07be6a92722d4457353a36662e0041fd2b9669a104deaa010a093cb8195eb2604ed8145ab38f93a8b7124 install : $(TARGET)