| Message ID | 20230203161321.3487937-1-matthias.fischer@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 3178fa3b3281c27111aa900844504e6ef6d1551f |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4P7ggZ6D9Bz3wkQ for <patchwork@web04.haj.ipfire.org>; Fri, 3 Feb 2023 16:13:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4P7ggY0Bsczc7; Fri, 3 Feb 2023 16:13:29 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4P7ggX6Gs9z2yd3; Fri, 3 Feb 2023 16:13:28 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4P7ggW3mGGz2ySC for <development@lists.ipfire.org>; Fri, 3 Feb 2023 16:13:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4P7ggV71mFz6v for <development@lists.ipfire.org>; Fri, 3 Feb 2023 16:13:26 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1675440807; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=FZBj7qFKhfMv2noxx3v3X3DJjBCYnQ4TN/DaxM+DNBM=; b=jCxSDqRBWoiCG856aRSJir40y2RqdYBEBLX3mFOn+gPfF5Jw+j59vEhwdqwpD+7uWo3KAM 00dQ1pX8VobGT6Bw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1675440807; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=FZBj7qFKhfMv2noxx3v3X3DJjBCYnQ4TN/DaxM+DNBM=; b=ZCi7TAGNJl8LkSMcfvIwtl0a12dH1umf3SwvgtM9lf2usWv587+si8aZHAGCwE+ObqzG9V TRK9GwvkKxRBS1bIn8PaqmUKQONRIdyXwwWPfl6qcwQkllFU07WxcFGln7V3iRrafx79RK RmZVv+OY7LYy5G4Dv/uv1qcO4v3TCL2umwq4A5ADWpnCy+HWUZl2dKZma2WZQ7cpHbdctc KUn/jQji+T7Tw4ljEh33RYmcPGc4h/HovpDWqPjWfSLv6NJ3FBNC5Ap49f2S+7ZyqeKab4 yoLwwffhwYRehpp/Y+pje/+/lcIdLr/yLa7SqlZPTwxXeqcsLcFpkL2A1o7ZDA== From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] suricata: Update to 6.0.10 Date: Fri, 3 Feb 2023 17:13:21 +0100 Message-Id: <20230203161321.3487937-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
suricata: Update to 6.0.10
|
|
Commit Message
Matthias Fischer
Feb. 3, 2023, 4:13 p.m. UTC
""6.0.10 -- 2023-01-31
Security #5804: Suricata crashes while processing FTP (6.0.x backport)
Bug #5815: detect: config keyword prevents tx cleanup (6.0.x backport)
Bug #5812: nfs: debug validation triggered on nfs2 read
Bug #5810: smb/ntlmssp: parser incorrectly assumes fixed field order (6.0.x backport)
Bug #5806: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow (6.0.x backport)
Bug #5796: TLS Handshake Fragments not Reassembled (6.0.x backport)
Bug #5795: detect/udp: different detection from rules when UDP/TCP header is broken (6.0.x backport)
Bug #5793: decode: Padded packet to minimal Ethernet length marked with invalid length event (6.0.x backport)
Bug #5791: smb: unbounded file chunk queuing after gap (6.0.x backport)
Bug #5763: libbpf: Use of legacy code in eBPF/XDP programs (6.0.x backport)
Bug #5762: detect/pcre: JIT not disabled when OS doesn't allow RWX pages
Bug #5760: nfs: ASSERT: attempt to subtract with overflow (compound) (6.0.x backport)
Bug #5749: iprep/ipv6: warning issued on valid reputation input (6.0.x backport)
Bug #5744: netmap: 6.0.9 v14 backport causes known packet stalls from v14 implementation in "legacy" mode too
Bug #5738: smb: failed assertion (!((f->alproto == ALPROTO_SMB && txd->files_logged != 0))), function CloseFile, file output-file.c (6.0.x backport)
Bug #5735: smtp: quoted-printable encoding skips empty lines in files (6.0.x backport)
Bug #5723: eve: missing common fields like community id for some event types like RFB
Bug #5601: detect: invalid hex character in content leads to bad debug message (6.0.x backport)
Bug #5565: Excessive qsort/msort time when large number of rules using tls.fingerprint (6.0.x backport)
Bug #5299: YAML warning from default config on 6.0.5
Optimization #5797: tls: support incomplete API to replace internal buffering
Optimization #5790: smb: set defaults for file chunk limits (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/suricata | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> On 03/02/2023 17:13, Matthias Fischer wrote: > ""6.0.10 -- 2023-01-31 > > Security #5804: Suricata crashes while processing FTP (6.0.x backport) > Bug #5815: detect: config keyword prevents tx cleanup (6.0.x backport) > Bug #5812: nfs: debug validation triggered on nfs2 read > Bug #5810: smb/ntlmssp: parser incorrectly assumes fixed field order (6.0.x backport) > Bug #5806: exceptions: midstream flows are dropped if midstream=true && stream.midstream-policy=drop-flow (6.0.x backport) > Bug #5796: TLS Handshake Fragments not Reassembled (6.0.x backport) > Bug #5795: detect/udp: different detection from rules when UDP/TCP header is broken (6.0.x backport) > Bug #5793: decode: Padded packet to minimal Ethernet length marked with invalid length event (6.0.x backport) > Bug #5791: smb: unbounded file chunk queuing after gap (6.0.x backport) > Bug #5763: libbpf: Use of legacy code in eBPF/XDP programs (6.0.x backport) > Bug #5762: detect/pcre: JIT not disabled when OS doesn't allow RWX pages > Bug #5760: nfs: ASSERT: attempt to subtract with overflow (compound) (6.0.x backport) > Bug #5749: iprep/ipv6: warning issued on valid reputation input (6.0.x backport) > Bug #5744: netmap: 6.0.9 v14 backport causes known packet stalls from v14 implementation in "legacy" mode too > Bug #5738: smb: failed assertion (!((f->alproto == ALPROTO_SMB && txd->files_logged != 0))), function CloseFile, file output-file.c (6.0.x backport) > Bug #5735: smtp: quoted-printable encoding skips empty lines in files (6.0.x backport) > Bug #5723: eve: missing common fields like community id for some event types like RFB > Bug #5601: detect: invalid hex character in content leads to bad debug message (6.0.x backport) > Bug #5565: Excessive qsort/msort time when large number of rules using tls.fingerprint (6.0.x backport) > Bug #5299: YAML warning from default config on 6.0.5 > Optimization #5797: tls: support incomplete API to replace internal buffering > Optimization #5790: smb: set defaults for file chunk limits (6.0.x backport)" > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > lfs/suricata | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/suricata b/lfs/suricata > index 4f1887ee8..98710d9e2 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -1,7 +1,7 @@ > ############################################################################### > # # > # IPFire.org - A linux based firewall # > -# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # > +# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # > # # > # This program is free software: you can redistribute it and/or modify # > # it under the terms of the GNU General Public License as published by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 6.0.9 > +VER = 6.0.10 > > THISAPP = suricata-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 > +$(DL_FILE)_BLAKE2 = a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 > > install : $(TARGET) >
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> > ""6.0.10 -- 2023-01-31 > > Security #5804: Suricata crashes while processing FTP (6.0.x > backport) > Bug #5815: detect: config keyword prevents tx cleanup (6.0.x > backport) > Bug #5812: nfs: debug validation triggered on nfs2 read > Bug #5810: smb/ntlmssp: parser incorrectly assumes fixed field order > (6.0.x backport) > Bug #5806: exceptions: midstream flows are dropped if midstream=true > && stream.midstream-policy=drop-flow (6.0.x backport) > Bug #5796: TLS Handshake Fragments not Reassembled (6.0.x backport) > Bug #5795: detect/udp: different detection from rules when UDP/TCP > header is broken (6.0.x backport) > Bug #5793: decode: Padded packet to minimal Ethernet length marked > with invalid length event (6.0.x backport) > Bug #5791: smb: unbounded file chunk queuing after gap (6.0.x > backport) > Bug #5763: libbpf: Use of legacy code in eBPF/XDP programs (6.0.x > backport) > Bug #5762: detect/pcre: JIT not disabled when OS doesn't allow RWX > pages > Bug #5760: nfs: ASSERT: attempt to subtract with overflow (compound) > (6.0.x backport) > Bug #5749: iprep/ipv6: warning issued on valid reputation input > (6.0.x backport) > Bug #5744: netmap: 6.0.9 v14 backport causes known packet stalls from > v14 implementation in "legacy" mode too > Bug #5738: smb: failed assertion (!((f->alproto == ALPROTO_SMB && > txd->files_logged != 0))), function CloseFile, file output-file.c > (6.0.x backport) > Bug #5735: smtp: quoted-printable encoding skips empty lines in files > (6.0.x backport) > Bug #5723: eve: missing common fields like community id for some > event types like RFB > Bug #5601: detect: invalid hex character in content leads to bad > debug message (6.0.x backport) > Bug #5565: Excessive qsort/msort time when large number of rules > using tls.fingerprint (6.0.x backport) > Bug #5299: YAML warning from default config on 6.0.5 > Optimization #5797: tls: support incomplete API to replace internal > buffering > Optimization #5790: smb: set defaults for file chunk limits (6.0.x > backport)" > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > lfs/suricata | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/suricata b/lfs/suricata > index 4f1887ee8..98710d9e2 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -1,7 +1,7 @@ > #################################################################### > ########### > # > # > # IPFire.org - A linux based > firewall # > -# Copyright (C) 2007-2022 IPFire Team > <info@ipfire.org> # > +# Copyright (C) 2007-2023 IPFire Team > <info@ipfire.org> # > # > # > # This program is free software: you can redistribute it and/or > modify # > # it under the terms of the GNU General Public License as published > by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 6.0.9 > +VER = 6.0.10 > > THISAPP = suricata-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = > 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f55 > 98726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 > +$(DL_FILE)_BLAKE2 = > a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b962 > 24ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 > > install : $(TARGET) >
diff --git a/lfs/suricata b/lfs/suricata index 4f1887ee8..98710d9e2 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.0.9 +VER = 6.0.10 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 +$(DL_FILE)_BLAKE2 = a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 install : $(TARGET)