From patchwork Tue Apr 28 16:35:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3026 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 49BS2D5LS7z3xQy for ; Tue, 28 Apr 2020 16:36:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 49BS2C376czWr; Tue, 28 Apr 2020 16:36:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 49BS2C1PCYz2y3W; Tue, 28 Apr 2020 16:36:03 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49BS296XKyz2xmp for ; Tue, 28 Apr 2020 16:36:01 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 49BS286DmhzWr for ; Tue, 28 Apr 2020 16:36:00 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1588091761; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jgEhTazSxy2L8cKDjF49jFB1RUbrGnTGaGWqZXiB+ek=; b=17CntmdOxhjmvL5YrWhePmpO/gCCw0wJ1JWJagTvLOelo3Npf7x6cYg/6aLoy9oTGG7Ku/ tkE+vuLuIl6cbFCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1588091761; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jgEhTazSxy2L8cKDjF49jFB1RUbrGnTGaGWqZXiB+ek=; b=jndosmJAIiQg4jvz8mItPJ8oO3tHjoUSrdKyOaL0Cv24lHanKcrnKxRk31dK1X1kwCtE9D AFL/0ce8CdzZ5Kow2WqkfqqfhvzdvMR975eHc6g3Fk7RLntIFBcLuferznLGMRZdxHl6ks DzcHnSPJ8VbbOCoe3ZleEd8H5DdMbHfJoAzLC4vOBPW/CiWz8KhV8kbcZWWeNSOfaVAs9O ka/axtTgIrsFfgpy7KHBsmIZZqmD03PgfETmL6IB50yEZhTSDL//ul+o+rEHxMFc4jp1oq VB3lKX3kPkM+i2WgBnRtaW+3MLEdM3w2rSuX6NCtBm8/8qptVJZfDvihrmVoVw== To: "IPFire: Development-List" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/2] libhtp: update to 0.5.33 Message-ID: Date: Tue, 28 Apr 2020 18:35:56 +0200 MIME-Version: 1.0 Content-Language: en-US Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=peter.mueller@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" (Scanty) release notes: 0.5.33 (27 April 2020) ---------------------- - compression bomb protection - memory handling issue found by Oss-Fuzz - improve handling of anomalies in traffic Signed-off-by: Peter Müller Acked-by: Michael Tremer --- lfs/libhtp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/libhtp b/lfs/libhtp index 8a7ad6dfc..9cbc8480a 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2019 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.5.32 +VER = 0.5.33 THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = db2e049c8e3b5e4826e18b75a0dc0f62 +$(DL_FILE)_MD5 = d01e386d1d8f13774239e920fcf143da install : $(TARGET) From patchwork Tue Apr 28 16:36:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3027 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 49BS2t1Tlrz3yC1 for ; Tue, 28 Apr 2020 16:36:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 49BS2s5w0Xz2P5; Tue, 28 Apr 2020 16:36:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 49BS2s4y9bz2yHC; Tue, 28 Apr 2020 16:36:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49BS2r1ZwGz2xjw for ; Tue, 28 Apr 2020 16:36:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 49BS2p5qRkzWq for ; Tue, 28 Apr 2020 16:36:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1588091795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nTdeY+ZREo86vo07sd9FpOXnZ6gqqf1t/gZ5Eexoeig=; b=caKKnAhdF3UNuI8FpLuUxs6ZHMJzCDlnl7FqwMxgvW6Ak9d3d0si+Y8e5JWiEtpp92siZ6 802fZZ4wC+RlRwCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1588091795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nTdeY+ZREo86vo07sd9FpOXnZ6gqqf1t/gZ5Eexoeig=; b=DRdLG0SyXM+AnjgHlhBu3JcQZnnW/ZvCmjcbKKemC3sQhS39P4bjVOFJwwjEttLq/lihKc WPQCQoY9Ligkx422L1BXbGRCE95aZx5vsrmFhybTf8ezLGgWBqttyTbIwU3mxOCnqcrhgx garLHy01JcM1PjrrVFsEJFDvHbQMm+RuDckw/xe+rwXoPpq+lYORp8lNdjlNNJd/qp2Dhn vvHuQLRsXohb2dRJbsVMZ+OSzUdpx1dSx01QS5eF5PUmC3PaC+qsTCY6upk4dKIEFCJrKb EdeQVxcvPDL+u8DlVM6EzzlXS0Q4+VkCEIVVLy7xO7UM3ZdzUtRuonxS8lUh/g== Subject: [PATCH 2/2] Suricata: update to 5.0.3 To: "IPFire: Development-List" References: From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Tue, 28 Apr 2020 18:36:32 +0200 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=peter.mueller@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Release notes (https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/, truncated): This is the first release after Suricata joined the Oss-Fuzz program, leading to discovery of a number of (potential) security issues. We expect that in the coming months we’ll fix more such issues, as the fuzzers increase their coverage and we continue to improve the seed corpus. Feature #3481: GRE ERSPAN Type 1 Support Feature #3613: Teredo port configuration Feature #3673: datasets: add ‘dataset-remove’ unix command Bug #3240: Dataset hash-size or prealloc invalid value logging Bug #3241: Dataset reputation invalid value logging Bug #3342: Suricata 5.0 crashes while parsing SMB data Bug #3450: signature with sticky buffer with subsequent pcre check in a different buffer loads but will never match Bug #3491: Backport 5 BUG_ON(strcasecmp(str, “any”) in DetectAddressParseString Bug #3507: rule parsing: memory leaks Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion Bug #3534: Skip over ERF_TYPE_META records Bug #3552: file logging: complete files sometimes marked ‘TRUNCATED’ Bug #3571: rust: smb compile warnings Bug #3573: TCP Fast Open – Bypass of stateless alerts Bug #3574: Behavior for tcp fastopen Bug #3576: Segfault when facing malformed SNMP rules Bug #3577: SIP: Input not parsed when header values contain trailing spaces Bug #3580: Faulty signature with two threshold keywords does not generate an error and never match Bug #3582: random failures on sip and http-evader suricata-verify tests Bug #3585: htp: asan issue Bug #3592: Segfault on SMTP TLS Bug #3598: rules: memory leaks in pktvar keyword Bug #3600: rules: bad address block leads to stack exhaustion Bug #3602: rules: crash on ‘internal’-only keywords Bug #3604: rules: missing ‘consumption’ of transforms before pkt_data would lead to crash Bug #3606: rules: minor memory leak involving pcre_get_substring Bug #3609: ssl/tls: ASAN issue in SSLv3ParseHandshakeType Bug #3610: defrag: asan issue Bug #3612: rules/bsize: memory issue during parsing Bug #3614: build-info and configure wrongly display libnss status Bug #3644: Invalid memory read on malformed rule with Lua script Bug #3646: rules: memory leaks on failed rules Bug #3649: CIDR Parsing Issue Bug #3651: FTP response buffering against TCP stream Bug #3653: Recursion stack-overflow in parsing YAML configuration Bug #3660: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow Bug #3665: FTP: Incorrect ftp_memuse calculation. Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by signe IP address Bug #3669: Rules reload with Napatech can hang Suricata UNIX manager process Bug #3672: coverity: data directory handling issues Bug #3674: Protocol detection evasion by packet splitting Optimization #3406: filestore rules are loaded without warning when filestore is not enabled Task #3478: libhtp 0.5.33 Task #3514: SMTP should place restraints on variable length items (e.g., filenames) Documentation #3543: doc: add ipv4.hdr and ipv6.hdr Bundled libhtp 0.5.33 Bundled Suricata-Update 1.1.2 Signed-off-by: Peter Müller Acked-by: Michael Tremer --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index fdff36ca6..9369500ac 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 5.0.2 +VER = 5.0.3 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 28470c05f0f1d3eae2a0c7312c3eabc3 +$(DL_FILE)_MD5 = d302ae41735551e2e1198e965d452664 install : $(TARGET)