From patchwork Thu Dec 12 19:59:56 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 8321
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Y8Nc74dHHz3wxp
	for <patchwork@web04.haj.ipfire.org>; Thu, 12 Dec 2024 20:00:07 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Y8Nc40Pfyz1Zb;
	Thu, 12 Dec 2024 20:00:04 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Y8Nc364WGz33BL;
	Thu, 12 Dec 2024 20:00:03 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Y8Nc20n2Jz2xKl
	for <development@lists.ipfire.org>; Thu, 12 Dec 2024 20:00:02 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4Y8Nc11Z5szQ0;
	Thu, 12 Dec 2024 20:00:01 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1734033601;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=L2Nrjkb4eI1HN3Egswl45haB1/ZBPqC+38gZrFP06T0=;
	b=rAWUITZkIZn/KzjYXgFV9jaw4fLiwLU2eleC6oL2WVUBQsYpwfY5oY3bCf8hmKdYJa0EII
	7svhUuC+TNVSyhCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1734033601;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=L2Nrjkb4eI1HN3Egswl45haB1/ZBPqC+38gZrFP06T0=;
	b=jExxW/PXS6HGRM7OWRsAPwhyS+ULa/rElETPKI8XoOTmfZ2c3dDmHfz5yHcxDfMcZhgZVf
	lud+FrhktDin96jbiOA8TKC2AzUJSuB1oTES95kEjMKaIiQfxtNm/PrjIJW0v3Q1XVw8f4
	/EZOoUgQZ16l3Wcz/51hJuTww9XjeykTMjgyV3yEQTvqh6Fhwd56utZuUtbXV5z+5+Njec
	q4Kyzt0CMq5tyTBbKqd1scZp5U1GjkS2XmyjAO/u7LFZjmdxDWccSVSwdf9PC2xO5bajTl
	YSRMMfchD4X9ZZiNhNK32ztet+b7Uf5FX635Dm71kwthr7Jz6GUB7W6264W7tQ==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Update to version 7.0.8
Date: Thu, 12 Dec 2024 20:59:56 +0100
Message-ID: <20241212195957.3413927-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: QZMPYERPGM3AQ6G6MLDD7AIQUG4BJKPW
X-Message-ID-Hash: QZMPYERPGM3AQ6G6MLDD7AIQUG4BJKPW
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/QZMPYERPGM3AQ6G6MLDD7AIQUG4BJKPW/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Update from version 7.0.7 to 7.0.8
- Update of rootfile not required
- Changelog
    7.0.8
	Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x
	 backport)(HIGH - CVE 2024-55629)
	Security #7405: dns: quadratic complexity in logging and invalid json as output
	 (7.0.x backport)(HIGH - CVE 2024-55628)
	Security #7404: tcp: segfault on StreamingBufferSlideToOffsetWithRegions (7.0.x
	 backport)(CRITICAL - CVE 2024-55627)
	Security #7367: bpf: oversized bpf file can lead to buffer overflow (7.0.x
	 backport)(LOW - CVE 2024-55626)
	Security #7306: detect: write to read-only memory in transforms (7.0.x backport)
	 (CRITICAL - CVE 2024-55605)
	Bug #7445: dpdk: RSS key length missmatch on ice (E810) card with DPDK version
	 22.11.6  (7.0.x backport)
	Bug #7434: requires: rules with unmet requirements are still loaded (7.0.x
	 backport)
	Bug #7432: detect: decoder event rules fail to match on invalid packets (7.0.x
	 backport)
	Bug #7407: detect: missing app-layer metadata in alerts (7.0.x backport)
	Bug #7368: flow: flow timeout pseudo packet triggers unexpected alert (7.0.x
	 backport)
	Bug #7362: rules: unknown internal events not being detected as errors (7.0.x
	 backport)
	Bug #7339: rust: different int types turn garbage on FFI boundary (7.0.x backport)
	Bug #7335: asan/profiling: global-buffer-overflow error (7.0.x backport)
	Bug #7327: http: FN with prefilter if the first of multi buffer did not match
	 (7.0.x backport)
	Bug #7324: mqtt: wrong and missing direction for keywords (7.0.x backport)
	Bug #7310: http: incorrect file direction handling (7.0.x backport)
	Bug #7308: conf: memleak if yaml parser is initialized before checking if file
	 exists (7.0.x backport)
	Bug #7307: detect: memleak in case of errors during initialization (7.0.x
	 backport)
	Bug #7301: output: oversized records lead to invalid json (7.0.x backport)
	Bug #7295: detect: sip.stat_code keyword uses wrong buffer name
	Bug #7294: conf: nullptr dereference if mem alloc fails for a node in yaml
	 parser (7.0.x backport)
	Optimization #7316: template: remove usage of template-rust (7.0.x backport)
	Optimization #7275: tcp/reassemble: GetBlock takes O(nlgn) in worst case (7.0.x
	 backport)
	Feature #7439: eve/alert: enrich decoder event rules (7.0.x backport)
	Task #7427:  flowint: add isnotset support (7.0.x backport)
	Task #7288: schema: add missing tls fields certificate and chain (7.0.x backport)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/suricata | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index b563ff9da..2b05c3c54 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.0.7
+VER        = 7.0.8
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = dc39279b99880762bee2b1788fea9046dc63c01560332ffc167844673314165456dcbff3b0d05d32c931741b397fd68e9e294d2ee6c526a3d286445c2a83b789
+$(DL_FILE)_BLAKE2 = 8571a6368b90e18046cdcf71f53e1b59e895ea8fe2d8f996ef614a890b520671f5dcac10014555880e408060913df1dab4c473bf083e7c0451c6a4b93bedd047
 
 install : $(TARGET)