diff mbox series

[1/2] suricata: Update to 6.0.8

Message ID 20220929202157.3683814-1-matthias.fischer@ipfire.org
State Accepted
Commit b655b21a45b550714e8bb75efeae5bdd36791956
Headers
Series [1/2] suricata: Update to 6.0.8 |

Commit Message

Matthias Fischer Sept. 29, 2022, 8:21 p.m. UTC 
  Changelog:

"6.0.8 -- 2022-09-27

Task #5552: libhtp 0.5.41

6.0.7 -- 2022-09-27

Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)
Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport)
Bug #5549: Failed assert DeStateSearchState (6.0.x)
Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x)
Bug #5547: rules: less strict parsing of unexpected flowbit options
Bug #5546: rules: don't error on bad hex in content
Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6
Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6]
Bug #5471: Reject action is no longer working (6.0.x backport)
Bug #5467: rules: more graceful handling of anomalies for stable versions
Bug #5459: Counters are not initialized in all places. (6.0.x backport)
Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport)
Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)
Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport)
Bug #4421: flow manager: using too much CPU during idle (6.0.x backport)
Feature #5535: ips: add "reject" action to exception policies (6.0.x backport)
Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport)
Task #5551: doc: add exception policy documentation (6.0.x)
Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport)
Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport)
Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport)
Task #5328: python: distutils deprecation warning (6.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 config/rootfiles/common/suricata                              | 4 ++++
 lfs/suricata                                                  | 4 ++--
 .../suricata-5.0.8-fix-level1-cache-line-size-detection.patch | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

Comments

Peter Müller Sept. 30, 2022, 3:44 p.m. UTC | #1 
Thank you very much for taking care of this!

Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

> Changelog:
> 
> "6.0.8 -- 2022-09-27
> 
> Task #5552: libhtp 0.5.41
> 
> 6.0.7 -- 2022-09-27
> 
> Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)
> Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport)
> Bug #5549: Failed assert DeStateSearchState (6.0.x)
> Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x)
> Bug #5547: rules: less strict parsing of unexpected flowbit options
> Bug #5546: rules: don't error on bad hex in content
> Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6
> Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6]
> Bug #5471: Reject action is no longer working (6.0.x backport)
> Bug #5467: rules: more graceful handling of anomalies for stable versions
> Bug #5459: Counters are not initialized in all places. (6.0.x backport)
> Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport)
> Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)
> Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport)
> Bug #4421: flow manager: using too much CPU during idle (6.0.x backport)
> Feature #5535: ips: add "reject" action to exception policies (6.0.x backport)
> Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport)
> Task #5551: doc: add exception policy documentation (6.0.x)
> Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport)
> Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport)
> Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport)
> Task #5328: python: distutils deprecation warning (6.0.x backport)"
> 
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
>  config/rootfiles/common/suricata                              | 4 ++++
>  lfs/suricata                                                  | 4 ++--
>  .../suricata-5.0.8-fix-level1-cache-line-size-detection.patch | 2 +-
>  3 files changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
> index 043aba072..df297ebd6 100644
> --- a/config/rootfiles/common/suricata
> +++ b/config/rootfiles/common/suricata
> @@ -1,6 +1,7 @@
>  etc/suricata
>  etc/suricata/suricata.yaml
>  usr/bin/suricata
> +#usr/include/suricata-plugin.h
>  usr/sbin/convert-ids-backend-files
>  #usr/share/doc/suricata
>  #usr/share/doc/suricata/AUTHORS
> @@ -29,13 +30,16 @@ usr/share/suricata
>  #usr/share/suricata/rules/dns-events.rules
>  #usr/share/suricata/rules/files.rules
>  #usr/share/suricata/rules/http-events.rules
> +#usr/share/suricata/rules/http2-events.rules
>  #usr/share/suricata/rules/ipsec-events.rules
>  #usr/share/suricata/rules/kerberos-events.rules
>  #usr/share/suricata/rules/modbus-events.rules
> +#usr/share/suricata/rules/mqtt-events.rules
>  #usr/share/suricata/rules/nfs-events.rules
>  #usr/share/suricata/rules/ntp-events.rules
>  #usr/share/suricata/rules/smb-events.rules
>  #usr/share/suricata/rules/smtp-events.rules
> +#usr/share/suricata/rules/ssh-events.rules
>  #usr/share/suricata/rules/stream-events.rules
>  #usr/share/suricata/rules/tls-events.rules
>  #usr/share/suricata/threshold.config
> diff --git a/lfs/suricata b/lfs/suricata
> index 1fbc2c185..857fb4e7b 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
>  
>  include Config
>  
> -VER        = 5.0.10
> +VER        = 6.0.8
>  
>  THISAPP    = suricata-$(VER)
>  DL_FILE    = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>  
>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>  
> -$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
> +$(DL_FILE)_BLAKE2 = 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba
>  
>  install : $(TARGET)
>  
> diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> index 68a21f1e9..5aaabb167 100644
> --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> +++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> @@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac
>  index d56d3a550..81abf8f00 100644
>  --- a/configure.ac
>  +++ b/configure.ac
> -@@ -2318,7 +2318,7 @@ fi
> +@@ -2390,7 +2390,7 @@ fi
>       AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
>       if test "$HAVE_GETCONF_CMD" != "no"; then
>           CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
diff mbox series

Patch

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 043aba072..df297ebd6 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -1,6 +1,7 @@ 
 etc/suricata
 etc/suricata/suricata.yaml
 usr/bin/suricata
+#usr/include/suricata-plugin.h
 usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
@@ -29,13 +30,16 @@  usr/share/suricata
 #usr/share/suricata/rules/dns-events.rules
 #usr/share/suricata/rules/files.rules
 #usr/share/suricata/rules/http-events.rules
+#usr/share/suricata/rules/http2-events.rules
 #usr/share/suricata/rules/ipsec-events.rules
 #usr/share/suricata/rules/kerberos-events.rules
 #usr/share/suricata/rules/modbus-events.rules
+#usr/share/suricata/rules/mqtt-events.rules
 #usr/share/suricata/rules/nfs-events.rules
 #usr/share/suricata/rules/ntp-events.rules
 #usr/share/suricata/rules/smb-events.rules
 #usr/share/suricata/rules/smtp-events.rules
+#usr/share/suricata/rules/ssh-events.rules
 #usr/share/suricata/rules/stream-events.rules
 #usr/share/suricata/rules/tls-events.rules
 #usr/share/suricata/threshold.config
diff --git a/lfs/suricata b/lfs/suricata
index 1fbc2c185..857fb4e7b 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 5.0.10
+VER        = 6.0.8
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
+$(DL_FILE)_BLAKE2 = 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba
 
 install : $(TARGET)
 
diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
index 68a21f1e9..5aaabb167 100644
--- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
+++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
@@ -2,7 +2,7 @@  diff --git a/configure.ac b/configure.ac
 index d56d3a550..81abf8f00 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2318,7 +2318,7 @@ fi
+@@ -2390,7 +2390,7 @@ fi
      AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
      if test "$HAVE_GETCONF_CMD" != "no"; then
          CLS=$(getconf LEVEL1_DCACHE_LINESIZE)