From patchwork Wed Jul 9 08:11:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8914 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bcW0g5fbvz3wnT for ; Wed, 9 Jul 2025 08:12:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bcW0Z5WYJz6vf for ; Wed, 9 Jul 2025 08:11:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bcW0Z2jgVz34P6 for ; Wed, 9 Jul 2025 08:11:58 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bcW0W39kLz2yVK for ; Wed, 9 Jul 2025 08:11:55 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bcW0V4xF0zK2; Wed, 9 Jul 2025 08:11:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1752048714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=H7wtuP/TdnYZoAkmCy9pBPAP+0cl8/S/BdGU/1MQPVA=; b=KKlOSQkhnJO3wAAbawtOL8NDc49LY4WeACc6HqMmR+KSh/0nqKU4wxH1EoGPlHRgAHFMGv 5ggU0LV2/406w1xrD8fjyQUSryrAGaiIvpAExjulmy6fm9EIWYfvQxN9vbaQayd1rBqJYM ZgdJQ+b/zkX+hGxSJ6ZOVdYNKZizqSxTbW3hwNnyD1KbkvlUagFbpHZ2A1VzrNFNwphXhi 6ewPlO57s2+fT/m+xtxfg5vDcOZ7yhHsap1WktImUaiMUnCTqE/4ksPBcrwtAAkDcle6C+ Eq+q36GxIWe5UyKnSaqyiAxefYMilXPIS1bNn8xO8F8h6b0i+WhiBgGZIEiURQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1752048714; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=H7wtuP/TdnYZoAkmCy9pBPAP+0cl8/S/BdGU/1MQPVA=; b=b9f0xP3XfXD+3CSL605Wbu3cq+GwlBt4e/FCJaoB0QOEYXpHHxTxUm/I3OCEc1JfgOX0K7 8JE0ra1hoOUuJlDg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 1/4] suricata: Update to version 7.0.11 Date: Wed, 9 Jul 2025 10:11:45 +0200 Message-ID: <20250709081148.925606-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 7.0.10 to 7.0.11 - Update of rootfile not required - Changelog 7.0.11 Security #7766: libhtp-c: memory leak with lzma(HIGH - CVE 2025-53537) Security #7659: http2: global tx (stream id 0) may open file and never close it (7.0.x backport)(HIGH - CVE 2025-53538) Bug #7779: mpm/ac: error "Just ran out of space in the queue" (7.0.x backport) Bug #7748: byte_extract: issue with saved 'name' in distance keyword (7.0.x backport) Bug #7736: brotli: old crate version has integer underflow (7.0.x backport) Bug #7731: dcerpc: uint16 overflow (rust debug assertion) (7.0.x backport) Bug #7716: snmp: probing parser returns ALPROTO_FAILED instead of ALPROTO_UNKNOWN if slice.len() < 4 (7.0.x backport) Bug #7690: datasets: set type IP can't set IPv4 (7.0.x backport) Bug #7688: flow: non-TCP protocol timeout handling leads to missing flows (7.0.x backport) Bug #7682: flow: race condition at shutdown leads to duplicate flows (7.0.x backport) Bug #7670: http: lack of setting updated_ts leads to detection delay (7.0.x backport) Bug #7663: ips: deconflict pass flow and drop packet rules (7.0.x backport) Bug #7661: pcap: continuous file reading fails on an empty directory (7.0.x backport) Bug #7652: rust: warnings with rustc 1.86 Bug #7610: http: reachable assertion when memcap reached during rule reload Bug #7375: dpdk: iface-copy should not be mandatory (7.0.x backport) Bug #7293: CI: clang-format does not work for main-7.0.x branch (7.0.x backport) Optimization #7781: mpm/ac-ks: reduce stack usage (7.0.x backport) Signed-off-by: Adolf Belka --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index 0b0de5654..7c02ec83a 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 7.0.10 +VER = 7.0.11 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = c33e3ccf0e5298f3548747a3d9bc52662cf97caa775a4f7e3689fe4bc95d2ad9269d344c67654ad6e03fe463054052bb5d5e720bc67040cb179b041cdb0423d2 +$(DL_FILE)_BLAKE2 = 5bdfc3715bed2faa49cc9096a30fb0f58c81c0ebe6cb82629d5ccddd75cf68af6b3a1e9ae2ed54cbbeea48d40c2e1c3348b52c19856ba9550b6c687653de8b47 install : $(TARGET)