From patchwork Fri Jun 16 15:52:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 6937
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QjNvk6NXmz3wjk
	for <patchwork@web04.haj.ipfire.org>; Fri, 16 Jun 2023 15:52:18 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4QjNvj2GyCz1TK;
	Fri, 16 Jun 2023 15:52:17 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QjNvh74B9z2yXc;
	Fri, 16 Jun 2023 15:52:16 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QjNvg6MNLz2xSK
 for <development@lists.ipfire.org>; Fri, 16 Jun 2023 15:52:15 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4QjNvd5hCWzlZ
 for <development@lists.ipfire.org>; Fri, 16 Jun 2023 15:52:13 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1686930733;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=DKAQUhHwRjJK3rDrxwREGMNC1CU8lLU/pfV3ySMGsUY=;
 b=uHi9tpIVWpHf1rPOvol+PFL6AhOvcG73FuHc4T0pVlPW2zpaaZbmNrL0PEgGE0DGzoJ1Kk
 BmX9XsTsfo3T92+qaVry7eBNxur+XhnK0ZmIisHmZGGvGj0NJ5WJFSQd0XD3sfxeoUGuo9
 +tO2Ix2O98EcttVujAd8plU4ZsBkBhvxTytE078MXImlEZljldmNY9chxeVH3zD4qIZtez
 Pzeu+9rre8TnpxvXwcrPhSeNdS/39stkGcJn4QZ6nVBzfvdHWlfcxEJ1/Tm8qe2h9CHD+V
 S5o4rhQrjWrQENz1g/OXvStmlbEp+cjCuP/gqMjCPFBJfB8eAeo+05kbte7GzQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1686930733;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=DKAQUhHwRjJK3rDrxwREGMNC1CU8lLU/pfV3ySMGsUY=;
 b=juY1PoI1TVQkbV8LLXAUWkjq+Eqreq9waoUxypngetXW2x4bmgppEnsgswgxFI8MaHBEki
 kBc9BXipXIGxvhCw==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/2] suricata: Update to 6.0.13
Date: Fri, 16 Jun 2023 17:52:08 +0200
Message-Id: <20230616155209.1818-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Excerpt from changelog:

"6.0.13 -- 2023-06-15

Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #6055: ftp:  long line discard logic should be separate for server and client (6.0.x backport)
Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
Task #5984: libhtp 0.5.44 (6.0.x backport)
Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 config/rootfiles/common/suricata | 3 +--
 lfs/suricata                     | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index df297ebd6..89fd6d865 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata/Basic_Setup.txt
 #usr/share/doc/suricata/GITGUIDE
 #usr/share/doc/suricata/INSTALL
-#usr/share/doc/suricata/INSTALL.PF_RING
-#usr/share/doc/suricata/INSTALL.WINDOWS
 #usr/share/doc/suricata/NEWS
 #usr/share/doc/suricata/README
 #usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
@@ -45,6 +43,7 @@ usr/share/suricata
 #usr/share/suricata/threshold.config
 var/cache/suricata
 var/lib/suricata
+#var/lib/suricata/data
 var/log/suricata
 #var/log/suricata/certs
 #var/log/suricata/files
diff --git a/lfs/suricata b/lfs/suricata
index b28d5e3e7..c48c1c430 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.0.12
+VER        = 6.0.13
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
+$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
 
 install : $(TARGET)