[1/2] suricata: Update to 6.0.8
Commit Message
Changelog:
"6.0.8 -- 2022-09-27
Task #5552: libhtp 0.5.41
6.0.7 -- 2022-09-27
Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)
Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport)
Bug #5549: Failed assert DeStateSearchState (6.0.x)
Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x)
Bug #5547: rules: less strict parsing of unexpected flowbit options
Bug #5546: rules: don't error on bad hex in content
Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6
Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6]
Bug #5471: Reject action is no longer working (6.0.x backport)
Bug #5467: rules: more graceful handling of anomalies for stable versions
Bug #5459: Counters are not initialized in all places. (6.0.x backport)
Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport)
Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)
Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport)
Bug #4421: flow manager: using too much CPU during idle (6.0.x backport)
Feature #5535: ips: add "reject" action to exception policies (6.0.x backport)
Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport)
Task #5551: doc: add exception policy documentation (6.0.x)
Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport)
Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport)
Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport)
Task #5328: python: distutils deprecation warning (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
config/rootfiles/common/suricata | 4 ++++
lfs/suricata | 4 ++--
.../suricata-5.0.8-fix-level1-cache-line-size-detection.patch | 2 +-
3 files changed, 7 insertions(+), 3 deletions(-)
Comments
Thank you very much for taking care of this!
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
> Changelog:
>
> "6.0.8 -- 2022-09-27
>
> Task #5552: libhtp 0.5.41
>
> 6.0.7 -- 2022-09-27
>
> Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)
> Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport)
> Bug #5549: Failed assert DeStateSearchState (6.0.x)
> Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x)
> Bug #5547: rules: less strict parsing of unexpected flowbit options
> Bug #5546: rules: don't error on bad hex in content
> Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6
> Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6]
> Bug #5471: Reject action is no longer working (6.0.x backport)
> Bug #5467: rules: more graceful handling of anomalies for stable versions
> Bug #5459: Counters are not initialized in all places. (6.0.x backport)
> Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport)
> Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)
> Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport)
> Bug #4421: flow manager: using too much CPU during idle (6.0.x backport)
> Feature #5535: ips: add "reject" action to exception policies (6.0.x backport)
> Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport)
> Task #5551: doc: add exception policy documentation (6.0.x)
> Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport)
> Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport)
> Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport)
> Task #5328: python: distutils deprecation warning (6.0.x backport)"
>
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> config/rootfiles/common/suricata | 4 ++++
> lfs/suricata | 4 ++--
> .../suricata-5.0.8-fix-level1-cache-line-size-detection.patch | 2 +-
> 3 files changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
> index 043aba072..df297ebd6 100644
> --- a/config/rootfiles/common/suricata
> +++ b/config/rootfiles/common/suricata
> @@ -1,6 +1,7 @@
> etc/suricata
> etc/suricata/suricata.yaml
> usr/bin/suricata
> +#usr/include/suricata-plugin.h
> usr/sbin/convert-ids-backend-files
> #usr/share/doc/suricata
> #usr/share/doc/suricata/AUTHORS
> @@ -29,13 +30,16 @@ usr/share/suricata
> #usr/share/suricata/rules/dns-events.rules
> #usr/share/suricata/rules/files.rules
> #usr/share/suricata/rules/http-events.rules
> +#usr/share/suricata/rules/http2-events.rules
> #usr/share/suricata/rules/ipsec-events.rules
> #usr/share/suricata/rules/kerberos-events.rules
> #usr/share/suricata/rules/modbus-events.rules
> +#usr/share/suricata/rules/mqtt-events.rules
> #usr/share/suricata/rules/nfs-events.rules
> #usr/share/suricata/rules/ntp-events.rules
> #usr/share/suricata/rules/smb-events.rules
> #usr/share/suricata/rules/smtp-events.rules
> +#usr/share/suricata/rules/ssh-events.rules
> #usr/share/suricata/rules/stream-events.rules
> #usr/share/suricata/rules/tls-events.rules
> #usr/share/suricata/threshold.config
> diff --git a/lfs/suricata b/lfs/suricata
> index 1fbc2c185..857fb4e7b 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 5.0.10
> +VER = 6.0.8
>
> THISAPP = suricata-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
> +$(DL_FILE)_BLAKE2 = 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba
>
> install : $(TARGET)
>
> diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> index 68a21f1e9..5aaabb167 100644
> --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> +++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
> @@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac
> index d56d3a550..81abf8f00 100644
> --- a/configure.ac
> +++ b/configure.ac
> -@@ -2318,7 +2318,7 @@ fi
> +@@ -2390,7 +2390,7 @@ fi
> AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
> if test "$HAVE_GETCONF_CMD" != "no"; then
> CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
@@ -1,6 +1,7 @@
etc/suricata
etc/suricata/suricata.yaml
usr/bin/suricata
+#usr/include/suricata-plugin.h
usr/sbin/convert-ids-backend-files
#usr/share/doc/suricata
#usr/share/doc/suricata/AUTHORS
@@ -29,13 +30,16 @@ usr/share/suricata
#usr/share/suricata/rules/dns-events.rules
#usr/share/suricata/rules/files.rules
#usr/share/suricata/rules/http-events.rules
+#usr/share/suricata/rules/http2-events.rules
#usr/share/suricata/rules/ipsec-events.rules
#usr/share/suricata/rules/kerberos-events.rules
#usr/share/suricata/rules/modbus-events.rules
+#usr/share/suricata/rules/mqtt-events.rules
#usr/share/suricata/rules/nfs-events.rules
#usr/share/suricata/rules/ntp-events.rules
#usr/share/suricata/rules/smb-events.rules
#usr/share/suricata/rules/smtp-events.rules
+#usr/share/suricata/rules/ssh-events.rules
#usr/share/suricata/rules/stream-events.rules
#usr/share/suricata/rules/tls-events.rules
#usr/share/suricata/threshold.config
@@ -24,7 +24,7 @@
include Config
-VER = 5.0.10
+VER = 6.0.8
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
+$(DL_FILE)_BLAKE2 = 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba
install : $(TARGET)
@@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac
index d56d3a550..81abf8f00 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -2318,7 +2318,7 @@ fi
+@@ -2390,7 +2390,7 @@ fi
AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
if test "$HAVE_GETCONF_CMD" != "no"; then
CLS=$(getconf LEVEL1_DCACHE_LINESIZE)