| Message ID | 20250916214713.3410708-1-matthias.fischer@ipfire.org |
|---|---|
| State | New |
| Headers |
Return-Path: <development+bounces-1051-patchwork=ipfire.org@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cRFqf1Qfpz3wky for <patchwork@web04.haj.ipfire.org>; Tue, 16 Sep 2025 21:47:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cRFqd5lLjz3fx for <patchwork@ipfire.org>; Tue, 16 Sep 2025 21:47:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cRFqd4x48z32TH for <patchwork@ipfire.org>; Tue, 16 Sep 2025 21:47:25 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cRFqb0d1Kz2xGG for <development@lists.ipfire.org>; Tue, 16 Sep 2025 21:47:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cRFqY4tDRz1Hn; Tue, 16 Sep 2025 21:47:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1758059241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7Kk+zsyjrYM9PgTeqSMAOzJFtTCnel32wFtv0nDcCy0=; b=jOexNNzm5R+LUf5N5v3QbieVZT8EcHGc3STdzERh2TXZewB1Vtaa/8EezEhnUpFdxLyzrx IQjxksbeQXpdpIDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1758059241; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7Kk+zsyjrYM9PgTeqSMAOzJFtTCnel32wFtv0nDcCy0=; b=uw0Rs4VEU/haF1EmCf5WlXEGmPfC2Y1kgmEgDPmo7ohX+r7Ka3jRCuZkowF9pu2T8mf4yO HQIQkv1TlaJYy0WHQjE9P5G03QvruD8f50puc/R6d2PJVmZAm+V+2W+JcT+bQJ6mpLu+fS 3bHt0ns29PMHRCY/kEgIAihT7wswJaoE9cjry0xflVCpRJsZYYrl9ET+yHKwWAcFpqgMVh bl8OMcT6DA//wYG+V8cgEHDgk/xicv3HBxPO0Rmsth6gBGzVC9E+N4+Gq5BlTRbqTs5UTc sTMtCI2+VLARBcng/H/6/rHmtbQGi/y3TxNpp39DDGEKc66xBv3+qmMPRZwrrQ== From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Cc: Matthias Fischer <matthias.fischer@ipfire.org> Subject: [PATCH] suricata: Update to 8.0.1 Date: Tue, 16 Sep 2025 23:47:05 +0200 Message-ID: <20250916214713.3410708-1-matthias.fischer@ipfire.org> Precedence: list List-Id: <development.lists.ipfire.org> List-Subscribe: <https://lists.ipfire.org/>, <mailto:development+subscribe@lists.ipfire.org?subject=subscribe> List-Unsubscribe: <https://lists.ipfire.org/>, <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development+help@lists.ipfire.org?subject=help> Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit |
| Series |
suricata: Update to 8.0.1
|
|
Commit Message
Matthias Fischer
16 Sep 2025, 9:47 p.m. UTC
Excerpt from changelog:
"8.0.1 -- 2025-09-15
Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname
contains zero(HIGH - CVE 2025-59150)
Security #7861: detect: Dynamic-stack-buffer-overflow in ShortenString(HIGH - CVE 2025-59149)
Security #7838: detect/entropy: segfault when not anchored to a sticky buffer(HIGH - CVE 2025-59148)
Security #7657: tcp: syn resend with different seq leads to detection bypasss(HIGH - CVE 2025-59147)
Bug #7891: unix-socket: memory leak when client disconnects during rule reload
Bug #7877: rust: build with RUSTC and CARGO variables fails
Bug #7865: detect/integers: u8 prefilter does not support all modes
Bug #7859: doc/userguide: build failure with read the docs theme
Bug #7843: http: dissection anomaly on `Content-Encoding: identity`
Bug #7836: util-byte: bad usage of StringParse function return codes
Bug #7828: util/hash: unexpected remove behavior
Bug #7827: app-layer: ippair.memcap counter shows memuse
Bug #7824: hyperscan: caching results in segfault with link time optimization (-flto=auto, etc)
Bug #7822: engine-analysis: SEGV on rule failure without rules-fast-pattern enabled
Bug #7821: engine-analysis: no report for failed rules without fast pattern
Bug #7820: app-layer/snmp: internal error if app-layer is disabled
Bug #7815: unix-socket: segfault in "pcap-file-list" command
Bug #7813: cppcheck: warnings in counters.c
Bug #7804: util-lua-sandbox.c undeclared identifier error for Suricata 8.0.0
Bug #7803: http: use transactions right get function
Bug #7802: detect/dsize: uninitialized value from SigParseRequiredContentSize
Bug #7741: http2: events can contain an empty response object
Bug #7740: doh2: events are always dns even if there is no DNS info (pure HTTP2 settings)
Bug #7651: decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto
Bug #7636: tcp: assertion triggered in StreamTcpReassembleAppLayer
Bug #7611: eve: segv in stats.totals output
Bug #5689: eve: community id computed wrong for tcp and ipv4 when src_ip == dest_ip
Bug #4702: tcp: SYN/ACK dropped when client does not support timestamps
Bug #4178: alert-debug: DNS Query triggers alert but no output in alert-debug.log
Bug #3844: tcp: possible bypass with TCP ssn reuse
Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL check
Feature #7869: detect/integers: support units like kib
Task #7857: schema/arp: fix invalid pkt event output
Task #7834: detect: remove unused non-pf stats counters
Documentation #7890: detect: tls.cert_subject incorrectly claims to support multi-buffer
Documentation #7867: detect/multi-buffers: complete list in userguide page on multi-buffer-matching
Documentation #7854: doc/lualib: fix flow timestamps() return value order
Documentation #7795: eve/schema: document stats.detect counters
Documentation #7794: eve/schema: document stats.flow counters
Documentation #7728: lua: fix all Lua documentation examples for new library format
Documentation #7648: rtd: set "latest" to last stable release starting with 8.0.0
Documentation #7639: dpdk: update Connect-X4 recommended fallback tx-descriptor count
Documentation #7631: userguide: document lua lib suricata.dnp3
Documentation #7190: detect/integers: document usage of units
Documentation #7081: userguide: add unix socket option to retrieve flow info
Documentation #6840: devguide/app-layer: section with conceptualized steps for adding parser
Documentation #6284: userguide: document what's the impact of `stream.inline`
Documentation #6270: userguide: document usage of Suricata as a firewall
Documentation #5690: userguide: document the differences between IPS and IDS mode
Documentation #5513: userguide: add a chapter for IPS mode
Documentation #5139: userguide: add a section for netflow event type
Documentation #5078: doc/userguide: improve rule reload documentation
Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/suricata | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/suricata b/lfs/suricata index 05b708f1b..614097ef4 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 8.0.0 +VER = 8.0.1 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = be76000891acfd6746c05023abb633aff86d90a9a18ecf49758bf05cdc52ed7184f2ac87056dc19489dff0dda81c1139a8a608f682389533ae07a8295fab20c3 +$(DL_FILE)_BLAKE2 = 52b2fb30a4c56a5a0979ac2016b707e089cdc3ecdf85d834cf2a22e92465136fda11b6830a95831c0146f6f3db7b93892649ee15317a9db1825452266611722b install : $(TARGET)