[PATCH] suricata: Update to 6.0.12

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] suricata: Update to 6.0.12
@ 2023-05-23 11:50 Matthias Fischer
  0 siblings, 0 replies; only message in thread
From: Matthias Fischer @ 2023-05-23 11:50 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 4385 bytes --]

"6.0.12 -- 2023-05-08

Bug #6040: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT) (6.0.x backport)
Bug #6039: TCP resets have incorrect len, nh in IPv6 (6.0.x backport)
Bug #6034: time: integer comparison with different signs (6.0.x backport)
Bug #6031: af-packet: reload not occurring until packets are seen (6.0.x backport)
Bug #6020: smtp: fuzz debug assertion trigger (6.0.x backport)
Bug #6018: scan-build warning for mime decoder (6.0.x backport)
Bug #6017: scan-build warnings for ac implementations (6.0.x backport)
Bug #6016: scan-build warnings in radix implementation (6.0.x backport)
Bug #6015: scan-build warning for detect sigordering (6.0.x backport)
Bug #6014: scan-build warnings for detect address handling (6.0.x backport)
Bug #6013: scan-build warning for detect port handling (6.0.x backport)
Bug #6007: Unexpected behavior of `endswith` in combination with negated content matches (6.0.x backport)
Bug #5999: exception/policy: make work with simulated flow memcap (6.0.x backport)
Bug #5997: perf shows excessive time in IPOnlyMatchPacket (6.0.x backport)
Bug #5980: rust: warning for future compile errors
Bug #5961: smb: wrong endian conversion when parse NTLM Negotiate Flags (6.0.x backport)
Bug #5958: bpf: postpone IPS check after IPS runmode is determined from the configuration file (6.0.x backport)
Bug #5934: app-layer-htp: Condition depending on enabled IPS mode never true (6.0.x backport)
Optimization #6033: detect using uninitialized engine mode (6.0.x backport)
Feature #5996: Add support for 'inner' PF_RING clustering modes (6.0.x backport)
Task #6052: github-ci: add windows + windivert build (6.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/suricata                                                  | 4 ++--
 .../suricata-5.0.8-fix-level1-cache-line-size-detection.patch | 2 +-
 src/patches/suricata/suricata-disable-sid-2210059.patch       | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/suricata b/lfs/suricata
index 75698b0b1..b28d5e3e7 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.0.11
+VER        = 6.0.12
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4
+$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
 
 install : $(TARGET)
 
diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
index 5aaabb167..f1529812d 100644
--- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
+++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
@@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac
 index d56d3a550..81abf8f00 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2390,7 +2390,7 @@ fi
+@@ -2424,7 +2424,7 @@ fi
      AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
      if test "$HAVE_GETCONF_CMD" != "no"; then
          CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
diff --git a/src/patches/suricata/suricata-disable-sid-2210059.patch b/src/patches/suricata/suricata-disable-sid-2210059.patch
index 54747dfd2..8955eec5e 100644
--- a/src/patches/suricata/suricata-disable-sid-2210059.patch
+++ b/src/patches/suricata/suricata-disable-sid-2210059.patch
@@ -1,7 +1,7 @@
 diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules
 --- a/rules/stream-events.rules	2021-11-17 16:55:12.000000000 +0100
 +++ b/rules/stream-events.rules	2021-12-08 18:12:39.850189502 +0100
-@@ -89,7 +89,7 @@
+@@ -97,7 +97,7 @@
  # rule to alert if a stream has excessive retransmissions
  alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;)
  # Packet on wrong thread. Fires at most once per flow.
-- 
2.34.1


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-05-23 11:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-23 11:50 [PATCH] suricata: Update to 6.0.12 Matthias Fischer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox