From patchwork Tue Feb  6 21:27:33 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 7535
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4TTxDS5j7zz3wvs
	for <patchwork@web04.haj.ipfire.org>; Tue,  6 Feb 2024 21:27:52 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4TTxDP1MFBznB;
	Tue,  6 Feb 2024 21:27:49 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4TTxDN5MMsz32mj;
	Tue,  6 Feb 2024 21:27:48 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4TTxDK51B1z2xg5
	for <development@lists.ipfire.org>; Tue,  6 Feb 2024 21:27:45 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4TTxDJ3v0mzLW;
	Tue,  6 Feb 2024 21:27:44 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1707254864;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=eWoCwUY5+9rrzuId/s6PeUZzxcDsM4y0i4bVfeS7f6A=;
	b=41w6wGRc0WS3AUXRFmqZs5j7715p8LzsWlkdMpJVAfQoEQyDH/PUohu6RLj8HA2Ua0Qjsb
	mjS/Z+ZBkSVSnVBw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1707254864;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=eWoCwUY5+9rrzuId/s6PeUZzxcDsM4y0i4bVfeS7f6A=;
	b=lpzUtZpVTv3+HkvpeX0NWiReeJCip9d3Qya+bUEz3gL03CvrNn7YeeziLnR/z1hm1w+f14
	nTDwHS6ZmPfTpqLMg2HFOtY7iKyigbBtwfz3iUcLayzj9sUqHTTM56gb4aBCSe3tO/sWoF
	uXQRmhHnzTkzdPrKbKkX4XodXYEcykFFqNPcA7G/qKc5sTfv7IufzuwYCzwKRdzDRX6r9R
	KAwbGR3rcoXeLIM5BJT0fwm1Vq4i/RK+FVv+pDk3LvnPRrmEq6HYS+Yt2YHNsWiFfrVF5m
	XyPxNhvbkp46uVPGIW7B1rJYBZEH83G6CIUGHeOpgV7GfvYfNH4oZEOgj6zNzw==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/7] suricata: Update to version 7.0.2
Date: Tue,  6 Feb 2024 22:27:33 +0100
Message-ID: <20240206212739.3270712-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: JOSPDTXSJF4WU4NMSDX2QQJK3234YYGX
X-Message-ID-Hash: JOSPDTXSJF4WU4NMSDX2QQJK3234YYGX
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/JOSPDTXSJF4WU4NMSDX2QQJK3234YYGX/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Update from version 6.0.15 to 7.0.2
- Update of rootfile
- suricata 7.0.2 requires libhtp >= 0.5.45
   it also requires libelf.so.1 for execution. Previous suricata versions only required
   libelf for building. libelf or elfutils are not mentioned anywhere in the changelog
- Without elfutils available during starting then suricata fails to start due to
   libelf.so.1 not being available.
- Tested out suricata7 with elfutils on my vm testbed and it successfully started.
- The suricata-5.0.8 patch has been removed as it got applied to configure.ac but this
   is not available in suricata-7.0.2. It looks like that patch was never actually used in
   suricata as all the builds I checked used the configure file from the source tarball
   and the configure was never created by running autoconf on the configure.ac
- Changelog is too large to include here. Details can be found in the ChangeLog file in
   the source tarball

Fixes: Bug#13516
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/suricata                    |  3 ++-
 lfs/suricata                                        |  7 +++----
 ...5.0.8-fix-level1-cache-line-size-detection.patch | 13 -------------
 3 files changed, 5 insertions(+), 18 deletions(-)
 delete mode 100644 src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index c414cf61b..53224d006 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -1,7 +1,6 @@
 etc/suricata
 etc/suricata/suricata.yaml
 usr/bin/suricata
-#usr/include/suricata-plugin.h
 usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
@@ -27,6 +26,7 @@ usr/share/suricata
 #usr/share/suricata/rules/dnp3-events.rules
 #usr/share/suricata/rules/dns-events.rules
 #usr/share/suricata/rules/files.rules
+#usr/share/suricata/rules/ftp-events.rules
 #usr/share/suricata/rules/http-events.rules
 #usr/share/suricata/rules/http2-events.rules
 #usr/share/suricata/rules/ipsec-events.rules
@@ -35,6 +35,7 @@ usr/share/suricata
 #usr/share/suricata/rules/mqtt-events.rules
 #usr/share/suricata/rules/nfs-events.rules
 #usr/share/suricata/rules/ntp-events.rules
+#usr/share/suricata/rules/quic-events.rules
 #usr/share/suricata/rules/rfb-events.rules
 #usr/share/suricata/rules/smb-events.rules
 #usr/share/suricata/rules/smtp-events.rules
diff --git a/lfs/suricata b/lfs/suricata
index 2e71ba49d..baead19e7 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.0.15
+VER        = 7.0.2
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6
+$(DL_FILE)_BLAKE2 = 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725
 
 install : $(TARGET)
 
@@ -71,7 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
 	cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc \
diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
deleted file mode 100644
index f1529812d..000000000
--- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index d56d3a550..81abf8f00 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2424,7 +2424,7 @@ fi
-     AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
-     if test "$HAVE_GETCONF_CMD" != "no"; then
-         CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
--        if [test "$CLS" != "" && test "$CLS" != "0"]; then
-+        if [test "$CLS" != "" && test "$CLS" != "0" && test "$CLS" != "undefined"]; then
-             AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size])
-         else
-             AC_DEFINE([CLS],[64],[L1 cache line size])