From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH 2/2] suricata: Update to 7.0.7 Date: Wed, 02 Oct 2024 15:41:33 +0200 Message-ID: <20241002134150.3420653-2-matthias.fischer@ipfire.org> In-Reply-To: <20241002134150.3420653-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2091159499686639515==" List-Id: --===============2091159499686639515== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Exerpt from changelog: "7.0.7 -- 2024-10-01 Security #7289: http: missing hashtable random seed leads to potential DoS(CR= ITICAL - CVE 2024-47188) Security #7268: ja4: non alphanumeric characters in alpn lead to panic (7.0.x= backport)(HIGH - CVE 2024-47522) Security #7258: thash: random factor not used; possible abusive hash collisio= ns (7.0.x backport)(CRITICAL - CVE 2024-47187) Security #7215: defrag: off by one leads to possible evasion (7.0.x backport)= (HIGH - CVE 2024-45796) Security #7196: datasets: rule with unset makes suricata abort (7.0.x backpor= t)(HIGH - CVE 2024-45795) Security #7192: http: quadratic complexity in headers processing/finding (7.0= .x backport)(CRITICAL - CVE 2024-45797) Bug #7290: tls: a rule stops working since 7.0.5 (7.0.x backport) Bug #7286: eve/tls: enabling JA4 breaks custom field selection Bug #7276: ja3: Error: ja3: Buffer should not be NULL (7.0.x backport) Bug #7271: pgsql: track 'progress' in tx per direction (7.0.x backport) Bug #7265: detect/flow: ACK with data on 3whs fails to match 'flow:establishe= d' (7.0.x backport) Bug #7257: fuzz: CIFuzz is not fuzzing PRs as it is supposed to (7.0.x backpo= rt) Bug #7242: app-layer-protocol: negated matching false positive (7.0.x backpor= t) Bug #7239: tls: Invalid ja3 due to double client hello (7.0.x backport) Bug #7225: dataset: lookup function is not working with ip type (7.0.x backpo= rt) Bug #7214: frames: stream frame is not always the first one registered (7.0.x= backport) Bug #7207: cbindgen: comptability with newer version 0.27 (7.0.x backport) Bug #7198: log/rfb: inconsistent key value security_result or security-result Bug #7194: output: jb context not closed on error in EvePacket Bug #7188: detect: dcerpc logging and matching issues (7.0.x backport) Bug #7182: fuzz: File confyaml.c is missing (7.0.x backport) Bug #7173: detect/integers: do not bother to free NULL pointer on setup/parse= failure (7.0.x backport) Bug #7166: profiling: rule profiling doesn't support absolute paths (7.0.x ba= ckport) Bug #7159: tcp: 'broken ack' event set on flow timeout (7.0.x backport) Bug #7136: util/thash: debug assertion for memuse (7.0.x backport) Bug #7122: smb/ntlmssp: nonsense smb.ntlmssp.version values (7.0.x backport) Bug #7116: dpdk: timestamping packets through TSC does not yield the same tim= e as kernel time (7.0.x backport) Bug #7066: alert/metadata: no pgsql object encapsulation (7.0.x backport) Bug #7054: bypass: cannot bypass udp flow from first packet (7.0.x backport) Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport) Bug #6608: file: do not store if filestore:both,flow is triggered after the f= ile was set to nostore (7.0.x backport) Bug #6555: eve/alert: payload/payload_printable misrepresent data in case of = overlaps (7.0.x backport) Bug #6541: landlock: coverity warnings (7.0.x backport) Optimization #7134: detect/snmp.version: do not free NULL pointer Optimization #7075: dns/tcp: allow triggering raw stream reassembly (7.0.x ba= ckport) Feature #7102: iprep: support seeing if rule is part of a rep list (7.0.x bac= kport) Feature #6674: detect: allow alert-then-pass logic (7.0.x backport) Task #7249: libhtp 0.5.49 (7.0.x backport) Task #7168: dns: make the version field in a dns object required (7.0.x backp= ort) Documentation #6641: doc: add tcp timeout fix to upgrade guide (7.0.x backpor= t)" Signed-off-by: Matthias Fischer --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index dcee61ea1..b563ff9da 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 7.0.6 +VER =3D 7.0.7 =20 THISAPP =3D suricata-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D e031eda35913f0db553ae68e6fc4173db2f0a87b2f2c60141edf09= abba3eef44cdba6cca1db039c8814525ff803dd60ea13cbba7b66e57fed3ae5297f90c7b18 +$(DL_FILE)_BLAKE2 =3D dc39279b99880762bee2b1788fea9046dc63c01560332ffc167844= 673314165456dcbff3b0d05d32c931741b397fd68e9e294d2ee6c526a3d286445c2a83b789 =20 install : $(TARGET) =20 --=20 2.43.0 --===============2091159499686639515==--