From patchwork Fri Jun 28 08:32:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 7900 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4W9TG50Yd2z3wxT for ; Fri, 28 Jun 2024 08:32:45 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4W9TG25B63z5W9; Fri, 28 Jun 2024 08:32:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4W9TG241xTz33Kr; Fri, 28 Jun 2024 08:32:42 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4W9TG00hsJz33Kr for ; Fri, 28 Jun 2024 08:32:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4W9TFy6RBmz5W9 for ; Fri, 28 Jun 2024 08:32:38 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1719563558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=y4PNtiDgA2YSP1HqXpZnkR/mY0ZpxQW7ZhCDx+XzZLE=; b=vzyJhwQTbWb9nXAFCTARl4Zln6vcKZiuzmutjb2c6TN14tgdt1yG4M52iMmwi1i/W94m70 MHs/hg6Os/WoYWBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1719563558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=y4PNtiDgA2YSP1HqXpZnkR/mY0ZpxQW7ZhCDx+XzZLE=; b=YeonD5xVEYtraU/QbpmQNrOlQRKXprhBNAz45Znx032aOGcTQl9uAhXTFfEmujW/H120pJ HIC0FiPJ74/myrH0EAqvhFfbPTpEdQr2wwyII4ONN+BfZZD2Vqc3oLd5Vvt9ZW3TTagmBg td6gSnyT90cY8lAHt+IREGei5HpeqyxOxGi1eq6gFRwvZXzPwJIvIZUs5tQGoSy40ndIax s17gb1OKgzvvb4J8lgxac3U6n81Lf4kMsVxQ2rk8I6bcJ15vcVnBHHk6Olk4TaI/8Sx/YO URO84ZLhPSCMALoHO21thu48/mY90itvBIoHst3cDnd7HujwVs9JdPsDDHHMHw== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] suricata: Update to 7.0.6 Date: Fri, 28 Jun 2024 10:32:33 +0200 Message-Id: <20240628083233.3426566-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: ETCCGXUKI7RE4APQXEJ6QTB6PCIFCUKT X-Message-ID-Hash: ETCCGXUKI7RE4APQXEJ6QTB6PCIFCUKT X-MailFrom: matthias.fischer@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Excerpt from changelog: "7.0.6 -- 2024-06-26 Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CVE 2024-37151) Security #7105: http2: oom from duplicate headers (7.0.x backport) Security #7033: http/range: segv when http.memcap is reached (7.0.x backport) Security #6988: modbus: txs without responses are never freed (7.0.x backport) Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport) Bug #7064: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node (7.0.x backport) Bug #7063: smtp/mime: data command rejected by pipelining server does not reset data mode (7.0.x backport) Bug #7060: smtp: split name logged as 2 names (7.0.x backport) Bug #7050: af-packet: failure to start up on many threads plus high load (7.0.x backport) Bug #7043: Crasher in HTTP chunked / StreamingBuffer (7.0.x backport) Bug #7038: pcap/log: MacOS rotates file well before limit is reached (7.0.x backport) Bug #7035: time: in offline mode, time can stay behind at pcap start (7.0.x backport) Bug #7023: unix-socket: iface-bypassed-stat crash (7.0.x backport) Bug #7021: unix-socket: hostbit commands don't properly release host (7.0.x backport) Bug #7015: rust: build with rust 1.78 with slice::from_raw_parts now requiring the pointer to be non-null (7.0.x backport) Bug #6990: tls.random buffers don't work as expected (7.0.x backport) Bug #6986: iprep: rule with '=,0' can't match (7.0.x backport) Bug #6975: detect: log relevant frames app-layer metdata (7.0.x backport) Bug #6950: decode/ppp: decoder.event.ppp.wrong_type on valid packet (7.0.x backport) Bug #6897: detect/port: upper boundary ports are not correctly handled (7.0.x backport) Bug #6895: detect/port: port grouping does not happen correctly if gap between a single and range port (7.0.x backport) Bug #6862: Lightweight rules profiling: crash when profiling ends (7.0.x backport) Bug #6848: alerts: wrongly using tx id 0 when there is no tx (7.0.x backport) Bug #6845: coverity: warning in port grouping code (7.0.x backport) Bug #6844: detect/port: port ranges are incorrect when a port is single as well as a part of range (7.0.x backport) Bug #6690: Ethernet src should match src ip (7.0.x backport) Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport) Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport) Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport) Feature #7010: JA4 support for TLS and QUIC (7.0.x backport) Feature #6557: Capability to have rules profiling on pcap run (7.0.x backport) Documentation #6910: userguide: document how to verify tar.gz signature (7.0.x backport) Documentation #6687: docs: port userguide build instruction changes from master-6.0.x (7.0.x backport) Documentation #6601: docs: update eBPF installation instructions (7.0.x backport)" Signed-off-by: Matthias Fischer Reviewed-by: Michael Tremer --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index a987fc520..88f3c4575 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 7.0.5 +VER = 7.0.6 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 9a44e4561edcc8909853b88779aa520a79b684ca9114479a95b2b34f8e34b6a0f5887d4b332dddb9da225335d7642089345e7f245a1ebce68f42f38126eb4b58 +$(DL_FILE)_BLAKE2 = e031eda35913f0db553ae68e6fc4173db2f0a87b2f2c60141edf09abba3eef44cdba6cca1db039c8814525ff803dd60ea13cbba7b66e57fed3ae5297f90c7b18 install : $(TARGET)