From patchwork Fri Apr 14 08:20:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 6787 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PyTsj1DSNz3x6v for ; Fri, 14 Apr 2023 08:20:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PyTsg252mzvy; Fri, 14 Apr 2023 08:20:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PyTsg0QXLz2yjv; Fri, 14 Apr 2023 08:20:39 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PyTsf4p7Pz2xk4 for ; Fri, 14 Apr 2023 08:20:38 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PyTsd753tzNF for ; Fri, 14 Apr 2023 08:20:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1681460438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Ff+qVY3wpbWhDH05I3IiFpaM+FnruZf6LTak+Q700Rw=; b=FFob/K9JU1G9xu81nQ1XJ6GAVwQIKX0gtN136gy+aFwweCe+hm5K4yTUX3s+EF+SaJSCeS oQIyLclk4tF7REDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1681460438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=Ff+qVY3wpbWhDH05I3IiFpaM+FnruZf6LTak+Q700Rw=; b=HVzASepXqLlJerZVYAuAKvA35xPk+RY1yZ39jRFh0hVaQLFBu8hneX5wFRBgn1c1iV86kV NHJ/8aHt281pMOwZQrKw9PWQIieB8RBE6jAFtMousHlfL41KBxIdd4gQq3qBfpXNEb7Bvy WqFviZn5zOxKmbrJguNplart/zMVAlyDEGlxA/Hs5xS4El4ZrqNyPk1BfZpTykTMeFQsaQ 48SF65cNi3jHvvDj1ey0ejFIkyJcxVLCt8IwIDGWo0CDH1mRAXmQaedobhWr2Upf9WvFhB bx5NxiIAlIcF+6WE3qYTqySIRP0tIEAWXLNGjaFHz1Jc4NQ+mpUjPz6bOEWQUA== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 1/2] suricata: Update to 6.0.11 Date: Fri, 14 Apr 2023 10:20:27 +0200 Message-Id: <20230414082028.3415782-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Excerpt from changelog: "6.0.11 -- 2023-04-13 Security #5947: byte_math: Division by zero possible. (6.0.x backport) Bug #5970: detect: reload can stall if flow housekeeping takes too long (6.0.x backport) Bug #5967: flowworker: Assertion in CheckWorkQueue (6.0.x backport) Bug #5953: http: multipart data is not filled up to request.body-limit (6.0.x backport) Bug #5951: detect: multi-tenancy crash (6.0.x backport) Bug #5950: http2: quadratic complexity when reducing dynamic headers table size (6.0.x backport) Bug #5949: smtp: quadratic complexity for tx iterator with linked list (6.0.x backport) Bug #5948: fast_pattern assignment of specific content in combination with urilen results in FN (6.0.x backport) Bug #5946: flow/manager: fix unhandled division by 0 (prealloc: 0) (6.0.x backport) Bug #5942: exception/policy: flow action doesn't fall back to packet action when there's no flow (6.0.x backports) Bug #5933: smb: tx logs sometimes have duplicate `tree_id` output (6.0.x backport) Bug #5932: rfb/eve: depth in pixel format logged twice (6.0.x backport) Bug #5906: dns: unused events field can overflow as an integer Bug #5903: UBSAN: undefined shift in DetectByteMathDoMatch (6.0.x backport) Bug #5899: smb: no consistency check between NBSS length and length field for some SMB operations (6.0.x backport) Bug #5898: smb: possible evasion with trailing nbss data (6.0.x backport) Bug #5896: base64_decode not populating up to an invalid character (6.0.x backport) Bug #5895: stream: connections time out too early (6.0.x backport) Bug #5889: stream: SYN/ACK timestamp checking blocks valid traffic (6.0.x backport) Bug #5888: false-positive drop event_types possible on passed packets (6.0.x backport) Bug #5887: stream: overlap with different data false positive (6.0.x backport) Bug #5886: mime: debug assertion on fuzz input (6.0.x backport) Bug #5879: netmap: Module registration displays whether info about new API usage Bug #5863: netmap: packet stalls (6.0.x backport) Bug #5854: SMTP does not handle LF post line limit properly (6.0.x backport) Bug #5852: tcp/stream: session reuse on tcp flows w/o sessions (6.0.x backport) Feature #5853: yaml: set suricata version in generated config (6.0.x backport) Task #5985: libhtp 0.5.43 (6.0.x backport)" Signed-off-by: Matthias Fischer --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index 98710d9e2..75698b0b1 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 6.0.10 +VER = 6.0.11 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 +$(DL_FILE)_BLAKE2 = 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4 install : $(TARGET) From patchwork Fri Apr 14 08:20:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 6788 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4PyTsk6Y7pz3x6v for ; Fri, 14 Apr 2023 08:20:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4PyTsg5JxZz317; Fri, 14 Apr 2023 08:20:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4PyTsg1DWBz30JY; Fri, 14 Apr 2023 08:20:39 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4PyTsf5CpHz2xtr for ; Fri, 14 Apr 2023 08:20:38 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4PyTsf2yvWzvy for ; Fri, 14 Apr 2023 08:20:38 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1681460438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OvUr9a5BxEYfOX2vuDf9k9BZZTfM2DPEaF2G2T8zzDU=; b=i3BZdrAHQJyfE1KFbrQeo10eDe93kkM2iP2/wqz9wOCfoS12GoeQPJXSjnW0tX85uw/h/s rmBCt76eQoj/+rBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1681460438; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OvUr9a5BxEYfOX2vuDf9k9BZZTfM2DPEaF2G2T8zzDU=; b=nXOk4ecUF6ktsxfwi106h2fy4K8jfDQSvvp5bTL3N/LyDZdMxmDd2y4HPoMF8+o+FPc3GA KBd+c7CbZTpnhO8/WNv9QmTQBJPVW5jhcifEWSnBy5zrqM//9wimcLnJzxsyLl9Ac5l4iz KaC0iRVT/BHl25sWPRW+UFlDxu5+4N6BBPufxkFe+X04eeGuzlZHzoZW0qQez8CEw/Ytqm fD1YdR2hKcuWKiiAwES522mfzhLQBI6JYqG+dMtpSvl6L3Yioe4ppzbIKWWh24giYOw9de vxqOsr1lPMh2iV//9OGWFXVGTNQongf1Qlx8wDpH78Vvqa7y04d06HkORATHwQ== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 2/2] libhtp: Update to 0.5.43 Date: Fri, 14 Apr 2023 10:20:28 +0200 Message-Id: <20230414082028.3415782-2-matthias.fischer@ipfire.org> In-Reply-To: <20230414082028.3415782-1-matthias.fischer@ipfire.org> References: <20230414082028.3415782-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" For details see: https://github.com/OISF/libhtp/releases/tag/0.5.43 "htp: do not log content-encoding: none htp: do not error on multiple 100 Continue readme: remove note on libhtp not being stable uri: fix compile warning strict-prototypes bstr: fix compile warning strict-prototypes fuzz_diff: Free the rust test object. github: add CIFuzz workflow" Signed-off-by: Matthias Fischer --- lfs/libhtp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/libhtp b/lfs/libhtp index 80963c013..0b6015cde 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.5.42 +VER = 0.5.43 THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8e1446992c40c2c2e9e7dd096803752245eebf3b5e48e0215430dbfe225ae029b2e01fadca61bdd994b534a0ed140b0a0149aa9a0dde64409ebf0afdd2bf6fd7 +$(DL_FILE)_BLAKE2 = 071cadc254b7af55bf410db5689429ca7588005b2f74fbd8468f2d6eeaf00c55ae99e8dd78552a5bf11ace5c8047b28a844db343937827a428b6d8b8d9036d29 install : $(TARGET)