From patchwork Wed Jan 14 10:30:10 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 9397
Return-Path: <development+bounces-1511-patchwork=ipfire.org@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4drj7B0cWKz3wbF
	for <patchwork@web04.haj.ipfire.org>; Wed, 14 Jan 2026 10:30:30 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org
 [IPv6:2001:678:b28::201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519)
	(Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4drj795rYYz4QB
	for <patchwork@ipfire.org>; Wed, 14 Jan 2026 10:30:29 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [IPv6:::1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4drj7955nFz30Lc
	for <patchwork@ipfire.org>; Wed, 14 Jan 2026 10:30:29 +0000 (UTC)
X-Original-To: development@lists.ipfire.org
Received: from mail01.ipfire.org (mail01.haj.ipfire.org
 [IPv6:2001:678:b28::25])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature ECDSA (secp384r1 raw public key)
 server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4drj770Zlbz2xM3
	for <development@lists.ipfire.org>; Wed, 14 Jan 2026 10:30:27 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4drj761TdnzB6;
	Wed, 14 Jan 2026 10:30:26 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1768386626;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uQGNNFLeTwHEeMtrbndeFB6J3yiKX4aQ1iDIQbe1XKY=;
	b=oUP1w1TkhZ1v3GPLMU1t0QdE6PMkd/U07+QNCiCmArxla7FLLiKl5+zVUmzn1kEqS3m/3B
	K+ySkw7KRllDtJBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1768386626;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uQGNNFLeTwHEeMtrbndeFB6J3yiKX4aQ1iDIQbe1XKY=;
	b=hp0lXukxpyY0y5u+ssVm6LhufjnZCZ2nd/SW9mCSylS1U2oDoyzwsI4w/N1igCGG52zHYY
	E7pXrWQFOyXrWTUJpC52kMuyppGIVL60kXHKWfq1PI3g4Z9l/O9gpcmQCcGV1dJnq8AixO
	PzNOiH84Y7ON18+tAh0Ok7hpBFFGTL9jdbo2sEjHYkHoVaRdYSaQ3UHPpeAItpd2PyqdbR
	xe8p9BGtrPACXXjL4/BS66pXTedatjR5H1jL2NYuSVJLgaVZegfW7Nzp2Oppyy+5vhaIqW
	JgdtOtr7vpGuG5Vpv9D7XNJosZFLK/nYhk/Y57kDF80cS7yf+cH6K4PkeJ83Mg==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Cc: Matthias Fischer <matthias.fischer@ipfire.org>
Subject: [PATCH] suricata: Update to 8.0.3
Date: Wed, 14 Jan 2026 11:30:10 +0100
Message-ID: <20260114103018.3478910-1-matthias.fischer@ipfire.org>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0

Excerpt from changelog:

"8.0.3 -- 2026-01-09

Security #8202: http: quadratic complexity in headers parsing over multiple
packets (8.0.x backport)(HIGH - CVE 2026-22263)
Security #8199: dnp3: unbounded transaction growth (8.0.x backport)(HIGH - CVE 2026-22259)
Security #8197: dcerpc: unbounded fragment buffering leads to memory
exhaustion (8.0.x backport)(CRITICAL - CVE 2026-22258)
Security #8191: detect/alert: heap-use-after-free on alert queue expansion
(8.0.x backport)(HIGH - CVE 2026-22264)
Security #8186: http: infinite recursion in decompression (8.0.x backport)(HIGH - CVE 2026-22260)
Security #8157: eve/alert: http xff handling can lead to denial of service
(8.0.x backport)(MODERATE - CVE 2026-22261)
Security #8111: datasets: stack overflow (8.0.x backport)(HIGH - CVE 2026-22262)
Bug #8211: rust: update lru crate to address RUSTSEC-2026-0002 (8.0.x backport)
Bug #8188: tcp: fast open packet not fully handled (8.0.x backport)
Bug #8180: eve/tls: version not logged for client hello only session (8.0.x backport)
Bug #8178: flow: mac addresses are not swapped (8.0.x backport)
Bug #8177: xbits: no error on invalid 'expire' values (8.0.x backport)
Bug #8176: lua: crash with luaxform and arguments (8.0.x backport)
Bug #8155: tls: ssl_version keyword negation (!) not working (8.0.x backport)
Bug #8152: stream/reassembly: BUG_ON triggered from AdjustToAcked in debug mode (8.0.x backport)
Bug #8151: nfs: NFS3/NFS2 procedure conflict (8.0.x backport)
Bug #8134: configure: hint for installing bindgen is outdated (8.0.x backport)
Bug #8120: file: wrong hash on small multipart files (8.0.x backport)
Bug #8103: unix-socket: hostbit commands ipv6 parsing issues (8.0.x backport)
Bug #8074: util/time: wrong parameter used in function (8.0.x backport)
Bug #7709: pop3: parse error blocks sessions
Optimization #8107: conf: timeout on too many scalar events (8.0.x backport)
Feature #8175: frames: add --list-frames option (8.0.x backport)
Feature #8144: af-packet: runtime option/flag to disable hardware timestamp support (8.0.x backport)
Feature #8100: nfs: NFSv4 should support 4.1's new enums (8.0.x backport)
Task #8148: psl: crate should be updated on every release (8.0.x backport)
Task #8091: schema: allow stream events for stats (8.0.x backport)
Documentation #8136: luaxform: options incorrectly described (8.0.x backport)
Documentation #8079: transform/luaxform: documentation states it supports init function (8.0.x backport)
Documentation #7938: docs: update backports policy for suri 7 (8.0.x backport)
Documentation #7931: userguide: update & improve exception policy section (8.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/suricata | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index dab9436e2..c483aef0a 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.0.2
+VER        = 8.0.3
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 708bc7f850a620cc69d41f78785d3cbd5116ea3baefeb3f068b6bd3e31a588511ecffab735ceb51d3392d5385d17dd3ee6498e0365ca38abf4ccf1b2cbc81f13
+$(DL_FILE)_BLAKE2 = ab87fde815338a7520badd2f4d8c8bfaccc778ecffbb13028fe9d561b1bf0e4ef2a43296b88fffb306df9e28fcd5997fa22c72ac887c40efbea799e0110fcb56
 
 install : $(TARGET)