[1/2] suricata: Update to 6.0.13
Commit Message
Excerpt from changelog:
"6.0.13 -- 2023-06-15
Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
Task #5984: libhtp 0.5.44 (6.0.x backport)
Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
config/rootfiles/common/suricata | 3 +--
lfs/suricata | 4 ++--
2 files changed, 3 insertions(+), 4 deletions(-)
Comments
Thank you.
I merged this straight away.
> On 16 Jun 2023, at 16:52, Matthias Fischer <matthias.fischer@ipfire.org> wrote:
>
> Excerpt from changelog:
>
> "6.0.13 -- 2023-06-15
>
> Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
> Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
> Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
> Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
> Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
> Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
> Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport)
> Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
> Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
> Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
> Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
> Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
> Task #5984: libhtp 0.5.44 (6.0.x backport)
> Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
> Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
>
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> config/rootfiles/common/suricata | 3 +--
> lfs/suricata | 4 ++--
> 2 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
> index df297ebd6..89fd6d865 100644
> --- a/config/rootfiles/common/suricata
> +++ b/config/rootfiles/common/suricata
> @@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files
> #usr/share/doc/suricata/Basic_Setup.txt
> #usr/share/doc/suricata/GITGUIDE
> #usr/share/doc/suricata/INSTALL
> -#usr/share/doc/suricata/INSTALL.PF_RING
> -#usr/share/doc/suricata/INSTALL.WINDOWS
> #usr/share/doc/suricata/NEWS
> #usr/share/doc/suricata/README
> #usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
> @@ -45,6 +43,7 @@ usr/share/suricata
> #usr/share/suricata/threshold.config
> var/cache/suricata
> var/lib/suricata
> +#var/lib/suricata/data
> var/log/suricata
> #var/log/suricata/certs
> #var/log/suricata/files
> diff --git a/lfs/suricata b/lfs/suricata
> index b28d5e3e7..c48c1c430 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 6.0.12
> +VER = 6.0.13
>
> THISAPP = suricata-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
> +$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
>
> install : $(TARGET)
>
> --
> 2.34.1
>
@@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files
#usr/share/doc/suricata/Basic_Setup.txt
#usr/share/doc/suricata/GITGUIDE
#usr/share/doc/suricata/INSTALL
-#usr/share/doc/suricata/INSTALL.PF_RING
-#usr/share/doc/suricata/INSTALL.WINDOWS
#usr/share/doc/suricata/NEWS
#usr/share/doc/suricata/README
#usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
@@ -45,6 +43,7 @@ usr/share/suricata
#usr/share/suricata/threshold.config
var/cache/suricata
var/lib/suricata
+#var/lib/suricata/data
var/log/suricata
#var/log/suricata/certs
#var/log/suricata/files
@@ -24,7 +24,7 @@
include Config
-VER = 6.0.12
+VER = 6.0.13
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
+$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
install : $(TARGET)