[PATCH 1/2] suricata: Update to 6.0.13

[PATCH 1/2] suricata: Update to 6.0.13

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 3030 bytes --]

Excerpt from changelog:

"6.0.13 -- 2023-06-15

Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #6055: ftp:  long line discard logic should be separate for server and client (6.0.x backport)
Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
Task #5984: libhtp 0.5.44 (6.0.x backport)
Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 config/rootfiles/common/suricata | 3 +--
 lfs/suricata                     | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index df297ebd6..89fd6d865 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata/Basic_Setup.txt
 #usr/share/doc/suricata/GITGUIDE
 #usr/share/doc/suricata/INSTALL
-#usr/share/doc/suricata/INSTALL.PF_RING
-#usr/share/doc/suricata/INSTALL.WINDOWS
 #usr/share/doc/suricata/NEWS
 #usr/share/doc/suricata/README
 #usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
@@ -45,6 +43,7 @@ usr/share/suricata
 #usr/share/suricata/threshold.config
 var/cache/suricata
 var/lib/suricata
+#var/lib/suricata/data
 var/log/suricata
 #var/log/suricata/certs
 #var/log/suricata/files
diff --git a/lfs/suricata b/lfs/suricata
index b28d5e3e7..c48c1c430 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.0.12
+VER        = 6.0.13
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
+$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
 
 install : $(TARGET)
 
-- 
2.34.1

[PATCH 2/2] libhtp: Update to 0.5.44

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 1100 bytes --]

For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.44

"0.5.44 (13 June 2023)
---------------------

- response: only trim spaces at headers names end
- response: skips lines before response line
- headers: log a warning for chunks extension"

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/libhtp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/libhtp b/lfs/libhtp
index 0b6015cde..987c159e5 100644
--- a/lfs/libhtp
+++ b/lfs/libhtp
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 0.5.43
+VER        = 0.5.44
 
 THISAPP    = libhtp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 071cadc254b7af55bf410db5689429ca7588005b2f74fbd8468f2d6eeaf00c55ae99e8dd78552a5bf11ace5c8047b28a844db343937827a428b6d8b8d9036d29
+$(DL_FILE)_BLAKE2 = 6b4c8d617e6a649997e9375677baed99315be83e598317ce4951883482e6099cb5fd28e27ae25ab68ecc765931b0955289d144a710ce2e1b11edf92848b1b613
 
 install : $(TARGET)
 
-- 
2.34.1

Re: [PATCH 1/2] suricata: Update to 6.0.13

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3284 bytes --]

Thank you.

I merged this straight away.

> On 16 Jun 2023, at 16:52, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> Excerpt from changelog:
> 
> "6.0.13 -- 2023-06-15
> 
> Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
> Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
> Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
> Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
> Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
> Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
> Bug #6055: ftp:  long line discard logic should be separate for server and client (6.0.x backport)
> Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
> Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
> Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
> Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
> Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
> Task #5984: libhtp 0.5.44 (6.0.x backport)
> Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
> Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> config/rootfiles/common/suricata | 3 +--
> lfs/suricata                     | 4 ++--
> 2 files changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
> index df297ebd6..89fd6d865 100644
> --- a/config/rootfiles/common/suricata
> +++ b/config/rootfiles/common/suricata
> @@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files
> #usr/share/doc/suricata/Basic_Setup.txt
> #usr/share/doc/suricata/GITGUIDE
> #usr/share/doc/suricata/INSTALL
> -#usr/share/doc/suricata/INSTALL.PF_RING
> -#usr/share/doc/suricata/INSTALL.WINDOWS
> #usr/share/doc/suricata/NEWS
> #usr/share/doc/suricata/README
> #usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt
> @@ -45,6 +43,7 @@ usr/share/suricata
> #usr/share/suricata/threshold.config
> var/cache/suricata
> var/lib/suricata
> +#var/lib/suricata/data
> var/log/suricata
> #var/log/suricata/certs
> #var/log/suricata/files
> diff --git a/lfs/suricata b/lfs/suricata
> index b28d5e3e7..c48c1c430 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 6.0.12
> +VER        = 6.0.13
> 
> THISAPP    = suricata-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
> +$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
> 
> install : $(TARGET)
> 
> -- 
> 2.34.1
>