public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* [PATCH] suricata: Update to version 8.0.0
@ 2025-07-22 16:55 Adolf Belka
  0 siblings, 0 replies; only message in thread
From: Adolf Belka @ 2025-07-22 16:55 UTC (permalink / raw)
  To: development; +Cc: Adolf Belka

- Update from version 7.0.11 to 8.0.0
- Update of rootfile
- patch file updated for disabling sid-2210059
- Changelog
    8.0.0
	Security #7658: http2: global tx (stream id 0) may open file and never close
	 it(HIGH - CVE 2025-53538)
	Bug #7798: dpdk: auto count of threads assigns more threads than affined
	Bug #7791: http: BUG_ON assertion reached in packet path
	Bug #7790: affinity: intermittent unittest failures
	Bug #7789: dpdk: compilation warning of a function without prototype
	Bug #7783: smtp: incorrect inspection window
	Bug #7752: decode: no parent packet flow for ip-in-ipv6
	Bug #7678: mpm/ac: error "Just ran out of space in the queue"
	Bug #7649: lib: suricata version in sys crate needs to be updated on build
	Bug #1484: src: BUG_ON(1) statements in the packet path
	Optimization #7643: excessive mtu messages at start up
	Optimization #7212: strtoul: replace with ByteExtractString variant
	Optimization #6264: mpm/ac-ks: reduce stack usage
	Optimization #4753: lua: fix inconsistency in the init "needs" key
	Documentation #7749: doc: update user manual seciton on RPMs
	Documentation #7723: doc/exceptions: review 'inspection' terminology
	Documentation #7648: rtd: set "latest" to last stable release starting with 8.0.0
	Documentation #7078: devguide: document current ffi naming style
	Documentation #6955: devguide: update coding-style docs
	Documentation #6566: userguide: add description for missing EVE krb fields
	Documentation #6288: eve/schema: generate tables of data for app-layer protocols
	Documentation #6252: userguide/install: move Ubuntu distros to their own page
	Documentation #6069: userguide/install: move RPM distros to their own page
	Documentation #6022: devguide: explain how the engine identifies applayer
	 protocols
	Documentation #5911: userguide: update & bring guide for installation on
	 Windows to RtD
	Task #7758: decode: add stats counters for ipv4/ipv6 over ipv4
	Task #7750: packaging: rpm for RHEL 10
	Task #7632: suricata-lua-sys: tag with a non-prerelease version
	Task #6941: lua: review and document lua rule return types
	Task #6814: libsuricata: opt-in signal handling
	Task #6359: detect/analyzer: add more details for the ICMP icode keyword
	Task #6262: tracking: reduce stack usage
    8.0.0-rc1
	Feature #7715: rules: add option to skip flow tracking for a packet
	Feature #7714: detect: add pre_flow rule hook
	Feature #7713: detect: add tcp.wscale keyword to match on TCP wscale option
	 values
	Feature #7712: detect: add pre_stream rule hook
	Feature #7702: commandline: add --list-app-layer-hooks option
	Feature #7645: pgsql: add CopyIn subprotocol/mode
	Feature #7635: eve: include transaction count
	Feature #7599: mime: add email.received keyword
	Feature #7597: mime: add email.url keyword
	Feature #7593: mime: add email.message_id keyword
	Feature #7507: rules: ftp.completion_code keyword
	Feature #7506: rules: ftp.reply_received keyword
	Feature #7505: rules: ftp.mode keyword
	Feature #7504: rules: ftp.dynamic_port keyword
	Feature #7372: Datajson: a dataset evolution
	Feature #7047: eve: add ip version field
	Feature #7036: DPDK NUMA setup: choose correct CPUs from worker-cpu-set
	Feature #6805: cpu-affinity: enhance CPU affinity logic with per-interface
	 NUMA preferences
	Feature #6695: tls: log extensions
	Feature #6259: pgsql: add `query` detection keyword
	Feature #5692: http: brotli content encoding for HTTP/1.1
	Feature #4099: app-layer: allow direct rule keyword registration
	Feature #3952: protocols: implement mDNS
	Feature #2290: lua: use script as transform
	Bug #7747: affinity: warnings in the granular thread affinity settings code
	Bug #7746: suricatasc does not handle reconnect
	Bug #7735: brotli: old crate version has integer underflow
	Bug #7732: http1: use cursor wrapper handling EOF for brotli
	Bug #7730: dcerpc: uint16 overflow (rust debug assertion)
	Bug #7725: decode/ipv4: missing ip-in-ip case handling
	Bug #7698: firewall: eve verdict field should state "accept" instead of alert
	Bug #7694: flow: elephant flow counts previous bytes revisiting an index
	Bug #7689: Dataset of type IP can't set IPv4
	Bug #7687: flow: non-TCP protocol timeout handling leads to missing flows
	Bug #7681: flow: race condition at shutdown leads to duplicate flows
	Bug #7671: lua: suricata-lua-sys needs to honor MSAN oss-fuzz flags
	Bug #7668: http: lack of setting updated_ts leads to firewall bypass
	Bug #7665: transaction rules: support filesize
	Bug #7653: ips: deconflict pass flow and drop packet rules
	Bug #7647: pgsql: empty request logged if password message disabled
	Bug #7634: hyperscan: coverity warnings
	Bug #7579: detect/files: local_file_id not incremented if inspection buffer is
	 NULL
	Bug #7568: pcap: continuous file reading fails on an empty directory
	Bug #7549: detect: using different sticky buffers for byte_extract and
	 byte_jump leads to undefined value before doing the jump
	Bug #7498: rust: cleanup of extern "C" functions and no_mangle
	Bug #7479: segfault using dummy config
	 output.eve-log.types.alert.payload-buffer-size = 0
	Bug #7420: detect-engine: warning fgets could get negative value
	Bug #7390: byte_extract: issue with saved 'name' in distance keyword
	Bug #7374: dpdk: iface-copy should not be mandatory
	Bug #7344: build: build can sometimes fail copying the lua headers into place
	Bug #7285: Websocket compression mishandling
	Bug #7236: plugins: custom transaction loggers cannot be registered by a plugin
	Bug #7019: snmp: probing parser returns ALPROTO_FAILED instead of
	 ALPROTO_UNKNOWN if slice.len() < 4
	Bug #7004: app-layer: wrong tx may be logged for stream rules
	Bug #6981: dpdk: compiler warnings about lossy integer precision
	Bug #6400: log of DNS answer is in wrong direction
	Bug #6186: Integer overflows 64 to 32 bytes
	Bug #5739: htp: handle alloc failure for user data
	Bug #5177: detect/analyzer: rule analyzer warns about http buffers usage
	Bug #4815: unix socket: ftp memcap missing from socket commands
	Bug #3436: suricatasc: crashing using command 'reopen-log-files'
	Optimization #7733: transforms: move base64 transform pure rust
	Optimization #7708: http1: add tx iterator
	Optimization #7529: detect/dns: move wrapper code from C to rust
	Optimization #7353: files: remove deprecated force-md5 config option
	Optimization #7292: CI: clang-format rechecks every main-7.0.x commit
	Optimization #7083: detect/dataset: skip adding localstatedir if fullpath is
	 provided
	Task #7727: lua: suricata.log library
	Task #7673: libsuricata: rate_filter callback
	Task #7656: fast.lua: update script to reflect library use
	Task #7609: lua: suricata.util lib
	Task #7608: lua: turn tls into lib
	Task #7607: lua: turn ssh into lib
	Task #7606: lua: turn smtp into lib
	Task #7605: lua: turn ja3 into lib
	Task #7603: lua: turn hassh into lib
	Task #7598: mime: add email.x_mailer
	Task #7591: mime: add email.date keyword
	Task #7491: lua: turn file into lua lib
	Task #7490: lua: turn rule into lua lib
	Task #7487: lua: turn flowints into lib
	Task #7486: lua: turn flowvars into lib
	Task #7461: suricata-verify: pass all tests
	Task #7079: rust: unify rust ffi style
	Task #7026: app-protos: trigger raw stream inspection
	Task #6573: rust: set new minimum Rust version for Suricata 8
	Task #3695: research: libhwloc for better autoconfiguration
	Documentation #7683: mime:  add email.attachment keyword
	Documentation #7329: doc: explain the priority ports setting
	Documentation #7143: doc: legacy keyword http_host used in examples
	Documentation #5485: userguide: explain that the http.header_names buffer is
	 normalized
    8.0.0-beta1
	Feature #7644: pgsql: add CopyOut subprotocol/mode
	Feature #7633: dpdk: refrain from creating TX queues on zero TX descriptors
	Feature #7620: smb: configurable logging
	Feature #7596: mime: add email.to keyword
	Feature #7595: mime: add email.subject keyword
	Feature #7592: mime: add email.from keyword
	Feature #7588: mime: add email.cc keyword
	Feature #7565: dcerpc: rpc interfaces info in request event
	Feature #7533: detect/ldap: add ldap.request.attribute_type and
	 ldap.request.attribute keywords, and same for responses
	Feature #7532: detect/ldap: add keywords for LDAPResult
	Feature #7517: detect: smtp.mail_from keyword
	Feature #7516: detect: smtp.rcpt_to keyword
	Feature #7515: detect: smtp.helo keyword
	Feature #7513: detect/integers: add support for negated strings when enum is used
	Feature #7508: rules: ftp.reply keyword
	Feature #7503: rules: ftp.command_data keyword
	Feature #7502: rules: ftp.command keyword
	Feature #7485: rules: allow specifying explicit hooks
	Feature #7482: eve/flow: log tcp session reuse as a timeout reason
	Feature #7481: rules/actions: explicit action scopes
	Feature #7477: ldap: add support for AbandonRequest
	Feature #7471: detect/ldap: add ldap.distinguished_name keywords for request
	 and response
	Feature #7453: detect/ldap: add ldap.request.operation and
	 ldap.response.operation keywords
	Feature #7433: eve/alert: enrich decoder event rules
	Feature #7403: requires: add ability to check for a rule keyword
	Feature #7382: dpdk: create separate packet mempools per queue
	Feature #7381: dpdk: when running with ice driver fully start only when link
	 state change event is caught
	Feature #7380: dpdk: provide "auto" option for RX/TX descriptors
	Feature #7373: dpdk: provide "auto" option to mempool-size property
	Feature #7337: dpdk: implement configuration of RSS using rte_flow rules for
	 major cards
	Feature #7330: dpdk: support HW VLAN stripping
	Feature #7320: flow: add user registerable flow update callbacks
	Feature #7319: flow: add user registerable flow initialization callback
	Feature #7311: http1: log invalid status as string
	Feature #7291: sdp: implements sticky buffer
	Feature #7243: lua: expose dataset functions
	Feature #7240: libsuricata: use provided threads and packets
	Feature #7204: sip: rustify sticky buffers
	Feature #7203: ldap: extend parser for udp
	Feature #7202: ldap: frame support
	Feature #7170: hyperscan: Cache Hyperscan databases to disk to speed up the
	 startup
	Feature #7120: threshold: add backoff type
	Feature #7108: tls: ALPN keyword
	Feature #7098: eve: add payload length field
	Feature #7074: lua: expose base64 functions
	Feature #7073: lua: expose hashing functions (md5/sha1/sha256)
	Feature #7055: tls: log ALPN
	Feature #7051: websocket: data frame
	Feature #7045: tls-store: add support client certs
	Feature #7017: dns: add OPT rdata struct and parsing
	Feature #7012: rules: add dns.response sticky buffer
	Feature #7011: dns: additional section parsing and logging
	Feature #6967: multi-tenancy: support thresholding per tenant
	Feature #6943: pcap: datalink type 229 not (yet) supported in module PcapFile
	Feature #6939: lua: incremement stat when a lua rule exhausts its instruction
	 count
	Feature #6857: iprep: support seeing if rule is part of a rep list
	Feature #6856: http: anomaly when request line is missing protocol
	Feature #6832: pcap/log: Support BPFs for filtering pcap output
	Feature #6827: arp: implement decoder and logger
	Feature #6822: threshold: support tracking by flow
	Feature #6788: bypass: decouple stream.bypass dependency from TLS encrypted
	    bypass
	Feature #6739: dpdk: warn the user if user-settings are adjusted to the device
	 capabilities
	Feature #6666: dns: add keyword for dns rrtype: dns.rrtype
	Feature #6648: detect: integer: support bitmasks
	Feature #6647: detect: integers: support for enumerations
	Feature #6646: detect: integer: support negated ranges
	Feature #6645: detect: integer parsed with hexadecimal notation
	Feature #6637: requires: add skipped rules to stats
	Feature #6627: sdp: add protocol parser and logger
	Feature #6621: dns: add keyword for dns rcode: dns.rcode
	Feature #6550: profiling/rules: allow enabling profiling for pcap file runs
	Feature #6546: detect/transform: strip_pseudo_headers
	Feature #6497: dns: new detection buffer: dns.query.name
	Feature #6496: dns: new detection buffer: dns.answer.name
	Feature #6487: detect/transform: from_base64
	Feature #6480: plugins: allow plugins to specify the version of suricata they
	 are for
	Feature #6455: txbits: support for new type of bits
	Feature #6439: rules: add to_lowercase transform
	Feature #6426: http2: app-layer-event and normalization when userinfo is in
	 the :authority pseudo header for the http.host header
	Feature #6396: rules: add protocol string support for mqtt
	Feature #6379: ja4: support for TLS and QUIC
	Feature #6374: sip: add sticky buffers for headers
	Feature #6366: pop3: protocol detection
	Feature #6290: http: support case insensitive testing of header name existence
	Feature #6260: flow: flow matching excluding packet recursion level
	Feature #6215: flow/output: log triggered exception policy
	Feature #6164: rules: allow matching on flow pkts and bytes
	Feature #6090: eve/alert: missing dcerpc metadata
	Feature #6079: eve/dcerpc: eve/smb: log dcerpc uuid with request/response txs
	Feature #5976: eve/stats: allow hiding counters whose value is 0
	Feature #5972: rules: "requires" keyword representing the minimum version of
	 suricata to support the rule
	Feature #5839: dpdk: power saving mode
	Feature #5816: stats: exception policy counters
	Feature #5773: doh: support DNS over HTTPS (DoH)
	Feature #5743: http2: add frame support
	Feature #5734: ssh: add frame support
	Feature #5665: rules: bidirectional transaction matching
	Feature #5647: rules: mark flow as elephant flow
	Feature #5646: rules: allow matching on flow pkts and bytes in either direction
	Feature #5489: research: multi version rules; or version dependent rules
	Feature #5466: detect: allow alert-then-pass logic
	Feature #5446: rules: allow ranges in dns.opcode value
	Feature #5234: tls: subjectAltName buffer
	Feature #5082: smb: keyword for matching the SMB files
	Feature #5075: smb: keyword for the SMB version
	Feature #4974: eve: log rule references
	Feature #4905: smtp: add stream app-layer frame support
	Feature #4904: dcerpc: frames support
	Feature #4853: eve: Add information about Suricata version
	Feature #4777: lua: implement sandboxing
	Feature #4776: lua: vendor latest lua stable
	Feature #4321: http2: Support link between packets in the same stream
	Feature #4102: plugins: support creating app-layer parser, logger and detect
	Feature #3958: enip: convert protocol parser to rust
	Feature #3487: mime: multi-part parser in Rust
	Feature #3351: sip: parse traffic over tcp
	Feature #2816: vlan: support more than 2 layers
	Feature #2696: http: implement parser in rust
	Feature #2695: websocket support
	Feature #2486: prefilter/fast_pattern logic for flowbits
	Feature #2377: deprecate: ssh.softwareversion and ssh.protoversion
	Feature #2280: http: rules that match both request and response
	Feature #1971: lua: make mandatory
	Feature #1520: multi-tenancy: verbose output clarity
	Feature #1199: protocol: LDAP support
	Feature #1125: smtp: improve protocol detection
	Feature #1065: rules: introduce vlan id keyword
	Feature #845: stats: track memory consumption
	Security #7615: datasets: signature keyword setting can cause high memory
	 usage(MODERATE - CVE 2025-29916)
	Security #7613: decode_base64: signature can do large
	 memory allocation(HIGH - CVE 2025-29917)
	Security #7526: detect: infinite loop in DetectEngineContentInspectionInternal
	 with negated pcre(HIGH - CVE 2025-29918)
	Security #7465: ldap: bound of number of transactions is not fully enforced
	Security #7464: doh2: buffer is not really limited to 65K as should be for DNS
	Security #7458: af-packet: defrag option can lead to truncated packets
	 (HIGH - CVE 2025-29915)
	Security #7450: tracking: signature can allocate arbitrary amount of memory
	Security #7411: tcp: generic detection bypass using TCP urgent support
	 (HIGH - CVE 2024-55629)
	Security #7393: tcp: segfault on StreamingBufferSlideToOffsetWithRegions
	 (CRITICAL - CVE 2024-55627)
	Security #7366: bpf: oversized bpf file can lead to buffer overflow
	 (MODERATE - CVE 2024-55626)
	Security #7280: dns: quadratic complexity in logging and invalid json as
	 output(HIGH - CVE 2024-55628)
	Security #7267: ja4: non alphanumeric characters in alpn lead to panic
	 (CRITICAL - CVE 2024-47522)
	Security #7229: detect: write to read-only memory in transforms
	 (CRITICAL - CVE 2024-55605)
	Security #7209: thash: random factor not used; possible abusive hash
	 collisions(CRITICAL - CVE 2024-47187)
	Security #7195: datasets: rule with unset makes suricata abort
	 (HIGH - CVE 2024-45795)
	Security #7191: http: quadratic complexity in headers processing/finding
	 (CRITICAL - CVE 2024-45797)
	Security #7183: smb: hashmap entries not removed for error responses
	Security #7104: http2: oom from duplicate headers(CRITICAL - CVE 2024-38535)
	Security #7085: eve: transactions can be logged an arbitrary number of times
	Security #7067: defrag: off by one leads to possible evasion
	 (HIGH - CVE 2024-45796)
	Security #7040: defrag: id reuse can lead to invalid reassembly
	 (CRITICAL - CVE 2024-37151)
	Security #7029: http/range: segv when http.memcap is reached
	 (HIGH - CVE 2024-38536)
	Security #6987: modbus: txs without responses are never freed
	 (MODERATE - CVE 2024-38534)
	Security #6902: base64: off-by-three overflow in DecodeBase64()
	 (HIGH - CVE 2024-32664)
	Security #6900: http2: timeout logging headers(HIGH - CVE 2024-32663)
	Security #6892: http2: oom on copying compressed headers
	 (CRITICAL - CVE 2024-32663)
	Security #6866: eve: excessive ssh long banner logging(HIGH - CVE 2024-28870)
	Security #6799: ssh: quadratic complexity in overlong banner
	 (CRITICAL - CVE 2024-28870)
	Security #6796: output/filestore: slowdown because of running OutputTxLog on
	 useless packets
	Security #6770: log: arbitrary-length value can be logged
	Security #6757: libhtp: quadratic complexity checking after request line
	 missing protocol(CRITICAL - CVE 2024-28871)
	Security #6680: smb: pcap with many open files takes too much time
	Security #6675: ip-defrag: packet can be considered complete even with holes
	 (MODERATE - CVE 2024-32867)
	Security #6669: ip defrag: re-assembly error in bsd policy
	 (MODERATE - CVE 2024-32867)
	Security #6668: ip defrag: final overlapping packet can lead to "hole" in
	 re-assembled data(MODERATE - CVE 2024-32867)
	Security #6493: ip defrag: several issues with overlap handling
	Security #6481: http2: quadratic complexity in find_or_create_tx not bounded
	 by max-tx(CRITICAL - CVE 2024-23836)
	Security #6477: smtp: quadratic complexity from unbounded number of
	 transaction per flow(CRITICAL - CVE 2024-23836)
	Security #6444: http1: quadratic complexity from infinite folded headers
	 (CRITICAL - CVE 2024-23837)
	Security #6441: detect: heap use after free with http.request_header keyword
	 (CRITICAL - CVE 2024-23839)
	Security #6411: pgsql: quadratic complexity leads to over consumption of memory
	 (HIGH - CVE 2024-23835)
	Security #6299: mqtt: pcap with anomalies takes too long to process because of
	 app-layer-event detection
	Security #5926: http2: evasion by splitting header fields over frames
	 (HIGH - CVE 2024-24568)
	Security #5921: http1: configurable limit for maximum number of live
	 transactions per flow(CRITICAL - CVE 2024-23836)
	Bug #7618: af-packet: setting bpf fails
	Bug #7577: detect/files: file.data does not use content passed when closing
	 the file internally
	Bug #7567: dcerpc: assertion triggered !((res.needed + res.consumed < input_len))
	Bug #7562: detect/flow: null deference in signature parsing
	Bug #7560: detect/krb5: undefined behavior with krb5.ticket_encryption when
	 passing -INT32_MAX
	Bug #7556: quic: valid traffic blocked in IPS mode
	Bug #7554: tls: parser error on unACK'd data in FIN shutdown
	Bug #7552: app-layer: misdetection if response is seen first without request
	Bug #7548: dcerpc: avoid integer underflow
	Bug #7523: rules/prefilter: prefilter keyword ignored when in content rule
	Bug #7521: detect/ip-only: false positive alerts on pseudo packets ending a
	 one direction flow
	Bug #7495: protocol detection: probing parsers do not finish as soon as possible
	Bug #7469: smtp: recognize when client initiated TLS
	Bug #7467: detect: checksum detection broken by stream.checksum-validation
	Bug #7466: lua: Flowvar memory leak
	Bug #7455: flow: flow timeout behavior non-deterministic
	Bug #7449: app-layer metadata does not get logged for stream rules and
	 unidirectional protocols
	Bug #7447: NULL dereference in ThreadLogFileHashFreeFunc in bug-5198 SV test
	Bug #7444: dpdk: RSS key length missmatch on ice (E810) card with DPDK version
	 22.11.6
	Bug #7440: eve/frame: incomplete frame logging
	Bug #7437: protocol detection : probing parsers are limited to 32 by use of
	 bitflag
	Bug #7436: sip: remove UPDATE pattern as already used by HTTP/1.1
	Bug #7435: fuzz: fix protocol detection target initialization sequence
	Bug #7422: tcp: GAP event set on unack'd data following a RST
	Bug #7418: requires: rules with unmet requirements are still loaded
	Bug #7417: rust: remove shared reference to static mutable
	Bug #7414: detect: decoder event rules fail to match on invalid packets
	Bug #7409: http: crash in strip_pseudo_headers transform
	Bug #7406: eve: Alerts with app_proto=tls no longer logs the tls app data
	Bug #7398: datasets: scan-build warning call to blocking fn inside critical
	 section
	Bug #7394: ldap: support starttls with tls upgrade
	Bug #7365: flow-manager: multi Flow Manager memory leak problem
	Bug #7361: rules: unknown internal events not being detected as errors
	Bug #7359: eve/syslog: crashes on use
	Bug #7338: rust: different int types turn garbage on FFI boundary
	Bug #7334: asan/profiling: global-buffer-overflow error
	Bug #7333: tls: impossible to log alpns with 'custom' logging
	Bug #7332: tls: fix duplicate EVE field issuerdn
	Bug #7326: http: FN with prefilter if the first of multi buffer did not match
	Bug #7325: sdp: one or more time descriptions
	Bug #7323: mqtt: wrong and missing direction for keywords
	Bug #7318: flow: flow timeout pseudo packet triggers unexpected alert
	Bug #7315: template: remove usage of template-rust
	Bug #7314: misc/warnings: compile warnings during build
	Bug #7309: http: incorrect file direction handling
	Bug #7305: sdp: media's encryption key not logged
	Bug #7303: detect: memleak in case of errors during initialization
	Bug #7302: conf: memleak if yaml parser is initialized before checking if file
	 exists
	Bug #7300: output: oversized records lead to invalid json
	Bug #7296: detect: transform base64 creates a 0-sized variable-length array
	Bug #7279: dns: protocol detection is not strict enough
	Bug #7270: conf: nullptr dereference if mem alloc fails for a node in yaml parser
	Bug #7264: detect/flow: ACK with data on 3whs fails to match 'flow:established'
	Bug #7256: ja3: Error: ja3: Buffer should not be NULL
	Bug #7253: fuzz: CIFuzz is not fuzzing PRs as it is supposed to
	Bug #7241: app-layer-protocol: negated matching false positive
	Bug #7238: app-layer: protocol flows are miscounted in case of error
	Bug #7235: tls: a rule stops working since 7.0.5
	Bug #7230: dcerpc: invalid dcerpc header is not rejected
	Bug #7228: dns: no data logged, and no events with udp corrupt additional record
	Bug #7226: lua: use crate from crates.io instead of github to fix offline builds
	Bug #7218: profiling: packet profiling to log file is only active with rule
	 profiling
	Bug #7213: frames: stream frame is not always the first one registered
	Bug #7210: docs: inconsistent spelling in documentation for RFB
	 `security_result` key
	Bug #7206: cbindgen: comptability with newer version 0.27
	Bug #7200: smtp: crash in ByteExtractString
	Bug #7199: detect: missing app-layer metadata in alerts
	Bug #7187: detect: dcerpc logging and matching issues
	Bug #7181: fuzz: File confyaml.c is missing
	Bug #7176: ldap: crash when encountering GAP
	Bug #7172: detect/integers: do not bother to free NULL pointer on setup/parse
	 failure
	Bug #7169: lua/output: vendored lua search for modules in /usr/local/ rather
	 than /usr/
	Bug #7158: tcp: 'broken ack' event set on flow timeout
	Bug #7135: util/thash: debug assertion for memuse
	Bug #7126: decode/base64: Error message on packet path.
	Bug #7121: smb/ntlmssp: nonsense smb.ntlmssp.version values
	Bug #7115: dpdk: timestamping packets through TSC does not yield the same time
	 as kernel time
	Bug #7113: pgsql: track 'progress' in tx per direction
	Bug #7111: protodetect: DNS flow direction is not correct sometimes
	Bug #7106: packet: app-layer-events incorrectly used on recycled packets
	Bug #7093: sip: wrong slice used for sip_take_line with tcp leads to quadratic
	 oom
	Bug #7059: smtp: split name logged as 2 names
	Bug #7053: bypass: cannot bypass udp flow from first packet in second direction
	Bug #7049: util/radix-tree: Possible dereference of nullptr in case of
	 unsuccess allocation of memory for node
	Bug #7048: af-packet: failure to start up on many threads plus high load
	Bug #7037: pcap/log: MacOS rotates file well before limit is reached
	Bug #7034: time: in offline mode, time can stay behind at pcap start
	Bug #7028: base64: heap buffer overflow in RFC 2045 and 4648 modes
	Bug #7025: websocket: wrong value for opcode ping/pong
	Bug #7022: unix-socket: iface-bypassed-stat crash
	Bug #7020: unix-socket: hostbit commands don't properly release host
	Bug #7013: rust: build with rust 1.78 with slice::from_raw_parts now requiring
	 the pointer to be non-null
	Bug #7000: pgsql: trigger raw stream reassembly
	Bug #6994: sip/sdp: logget closes unopened array for empty medias
	Bug #6989: tls.random buffers don't work as expected
	Bug #6985: base64: coverity dead code warning
	Bug #6984: mqtt: do not log non-string messages?
	Bug #6983: eve/alert/metadata: no pgsql object encapsulation
	Bug #6973: detect: log relevant frames app-layer metdata
	Bug #6969: dataset: lookup function is not working with ip type
	Bug #6964: base64: consumed bytes are incorrectly set for different modes
	Bug #6959: http: improve handling of content encoding: gzip but request_body
	 not actually compressed
	Bug #6957: Assert:  BUG_ON(id <= 0 || id > (int)thread_store.threads_size);
	Bug #6954: eve: packet field packet_info.linktype is non-portable
	Bug #6948: detect/http.response_body: false positive because not enforcing
	 direction to_client
	Bug #6942: decode/ppp: decoder.event.ppp.wrong_type on valid packet
	Bug #6940: lua: handle errors in lua rules
	Bug #6921: jsonbuilder:  serializes Rust f64 NaNs to an invalid literal
	Bug #6918: pcre2: compile warning
	Bug #6913: reimplement systemd sd_notify w/o linking to libsystemd
	Bug #6906: smtp/mime: data command rejected by pipelining server does not
	 reset data mode
	Bug #6904: mime: buffer overflow in GetFullValue() (util-decode-mime.c)
	Bug #6903: streaming buffer: heap overflows in
	 StreamingBufferAppend()/StreamingBufferAppendNoTrack()
	Bug #6896: detect/port: upper boundary ports are not correctly handled
	Bug #6891: sip: usage of Vec instead of Vecdeque leads to quadratic complexity
	 on cleanup
	Bug #6889: detect: slowdown in rule parsing
	Bug #6887: defrag: reassembled packet can have wrong datatype
	Bug #6883: rust: clippy 1.77 warning
	Bug #6881: detect/port: port grouping does not happen correctly if gap between
	 a single and range port
	Bug #6877: Suricata 8 general protection fault ip:698117 sp:7fd537b08090
	Bug #6875: output/alert: assertion failed p->flow != NULL
	Bug #6871: dpdk: fix compatibility issues for ice cards
	Bug #6864: detect: ipopts keyword false positive
	Bug #6861: profiling/rules: crash when profiling ends
	Bug #6846: eve/alerts: wrongly using tx id 0 when there is no tx
	Bug #6843: detect/port: port ranges are incorrect when a port is single as
	 well as a part of range
	Bug #6839: coverity: warning in port grouping code
	Bug #6838: eve/filetypes: move from plugin api to eve api
	Bug #6837: netmap: error message Netmap pipes (with lb)
	Bug #6835: BUG_ON triggered from TmThreadsInjectFlowById
	Bug #6834: iprep: rule with '=,0' can't match
	Bug #6811: capture plugins: capture plugins unusable due to initialization order
	Bug #6790: dpdk: evaluate the correct handling of DPDK ports on shutdown
	Bug #6787: decode/pppoe: Suspicious pointer scaling
	Bug #6782: streaming/buffer: crash in HTTP body handling
	Bug #6778: detect/tls.certs: direction flag checked against wrong field
	Bug #6766: multi-tenancy: dead lock during tenant loading
	Bug #6762: hugepages: error for FreeBSD when kernel NUMA build option is not
	 enabled
	Bug #6760: af-packet: hugepages Error for ARM64 and af-packet IPS mode
	Bug #6755: netmap: deadlock if netmap_open fails
	Bug #6753: detect/cip: missing return-value check for a 'scanf'-like function
	Bug #6745: util/mime: Memory leak at util-decode-mime.c:MimeDecInitParser
	Bug #6741: dpdk: automatic cache calculation is broken
	Bug #6737: dpdk: property configuration can lead to integer overflow
	Bug #6733: tcp: tcp flow flags changing incorrectly when ruleset contains
	 content matching
	Bug #6732: eve/stats: parent interface object in stats contains VLAN-ID as keys
	Bug #6726: stream: stream.drop-invalid drops valid traffic
	Bug #6715: dpdk: NUMA warning on non-NUMA system
	Bug #6710: rules: failed rules after a skipped rule are recorded as skipped,
	 not failed
	Bug #6678: datasets: discard datasets that hit the memcap while loading correctly
	Bug #6664: eve/smtp: attachment filenames not logged
	Bug #6661: detect/content-inspect: FN on negative distance
	Bug #6656: detect/requires: assertion failed !(ret == -4)
	Bug #6643: http: wrongly assuming http0.9 leads to missed headers
	Bug #6634: tls: Invalid ja3 due to double client hello
	Bug #6633: stats: flows with a detection-only alproto not accounted in this
	 protocol
	Bug #6619: profiling: runtime much longer to run than it used to
	Bug #6618: endace: timestamp fixes
	Bug #6617: detect/filestore: flow, to_server was broken by moving files into
	 transactions
	Bug #6615: detect/analyzer: misrepresenting negative distance value
	Bug #6592: mqtt: frames on TCP are not set properly when parsing multiple PDUs
	 in one go
	Bug #6585: src: SCTIME_FROM_TIMESPEC() creates incorrect timestamps
	Bug #6584: src: SCTIME_ADD_SECS() macro zeros out ts.usec part
	Bug #6578: ssh: no alert on packet with Message Code: New Keys (21)
	Bug #6574: detect/filestore: memory leak on rule parsing
	Bug #6553: eve/alert: payload/payload_printable misrepresent data in case of
	 overlaps
	Bug #6551: Invalid registration of prefiltering in stream size
	Bug #6547: http2: http.response_line has leading space
	Bug #6527: cppcheck 2.11 errors
	Bug #6501: eve/alert: missing TFTP metadata
	Bug #6500: eve/alert: missing FTP metadata
	Bug #6490: profiling: rule profiling doesn't support absolute paths
	Bug #6483: http.request_headers - odd behavior with multiple signtures
	Bug #6419: dpdk: Analyze hugepage allocation on startup more thoroughly
	Bug #6415: http: various header buffer not populated when malformed header
	 value exists
	Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensive
	Bug #6408: Output plugins receive identifier, but not thread identifier
	Bug #6405: eve: ethernet src_mac should match src_ip
	Bug #6398: eve/stats: threads object in stats contains memcap_pressure scalars
	Bug #6393: detect/filestore: be more explicit about the U16_MAX limit per
	 signature group head
	Bug #6390: detect/filestore: do not store if "both,flow" is triggered after
	 the file was set to "nostore"
	Bug #6389: pgsql: u16 overflow found by oss-fuzz w/ quadfuzz
	Bug #6376: detect: huge increase on start up time with a lot of ip-only rules
	 and bigger HOME_NET
	Bug #6347: log-pcap: crash with suricata.yaml setting max-file to 1
	Bug #6305: drop: assertion failed
	 !(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP)
	Bug #6304: schema.json : if protocol such as ENIP is detection only, we do not
	 have _tcp suffix in stats
	Bug #6281: dns: structure of query differs between "alert" and "dns" event types
	Bug #6280: base64: strict mode should only accept strings that can be reliably
	 converted back
	Bug #6254: bypass: thread "FB" failed to start in time: flags 0003
	Bug #6092: eve/alert: missing pgsql metadata
	Bug #6080: pgsql/probe: TCP on 5432 traffic incorrectly tagged as PGSQL
	Bug #5977: eve/alert: missing KRB5 metadata
	Bug #5539: landlock: coverity warnings
	Bug #5524: pgsql: parser should not error on parsing error, so as to keep on
	 parsing the next PDUs
	Bug #5491: smtp: response 530 appears to generate an invalid response alert
	Bug #5486: eve: ethernet metadata is missing for some protocols or parts of a
	 protocol
	Bug #5279: nom: use of count combinator can use too much memory
	Bug #5220: detect/base64_data: fast_pattern shouldn't be allowed
	Bug #5185: mime: URL extraction missing
	Bug #4921: detect/app-layer-protocol: unexpected results when one direction
	 state "failed"
	Bug #4858: fuzz: Timeout with pcre
	Bug #4734: pfring: memory leak
	Bug #3910: datasets: for type string the memcap isn't applied to the string data
	Bug #3682: detect/bsize: error for impossible matching conditions
	Bug #2886: imap: protocol detection is incomplete
	Bug #2881: http.protocol parsing inaccuracy : accept spaces in URI
	Bug #2224: rules: negated http_* match returns false if buffer not populated
	Bug #1457: conf: non-standard units used for file size indication
	Optimization #7617: af-packet: set defrag based on passive or inline mode
	Optimization #7558: detect: convert rule group dumping to JsonBuilder
	Optimization #7358: CI: only run CodeQL python if the PR contains changed
	 files that are python
	Optimization #7304: detect: improve support for multi-protocol keywords
	Optimization #7297: src: remove duplicate function declarations
	Optimization #7272: af-packet: improve startup time
	Optimization #7208: tcp/reassemble: GetBlock takes O(nlgn) in worst case
	Optimization #7185: stats: exceptions: use search-friendly log output
	Optimization #7178: rfb: rustify keywords and app-layer registration
	Optimization #7155: pcap: use larger read size buffer for a performance increase
	Optimization #7087: app-layer: track modified transactions
	Optimization #7065: base64: move the decoder to rust
	Optimization #7044: app-layer: clean up truncate callbacks and logic
	Optimization #7018: dns/tcp: allow triggering raw stream reassembly
	Optimization #7002: detect: move pseudo packet checks out of keyword Match funcs
	Optimization #6938: packet: optimize packet data storage
	Optimization #6937: compile: make code clean with -Wunused-macros
	Optimization #6878: conf: quadratic complexity in yaml loader
	Optimization #6873: byte_extract: convert keyword/option parsing to Rust
	Optimization #6855: src: var code cleanups
	Optimization #6852: mpm/ac: support endswith
	Optimization #6821: smtp: add 535 code
	Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of
	 processing time
	Optimization #6792: detect/port: port grouping is quite slow in worst cases
	Optimization #6786: util-rohash.c : make code cleaner to make CodeQL happier
	Optimization #6775: detect: do not run tx detection on tcp non established
	 packets
	Optimization #6773: app-layer/template: no limit on txs number
	Optimization #6728: detect: prefilter for events (decode, stream, app-layer,
	 etc...)
	Optimization #6718: detect/frames: avoid rescanning in IPS mode
	Optimization #6702: streaming-buffer: Explore Rank Balanced trees
	Optimization #6575: detect/multi-buffer: use single definition of struct
	 PrefilterMpmKrb5Name
	Optimization #6569: threading: fix condition signalling w/o taking lock first
	Optimization #6454: detect: force os to release memory on rule reload
	Optimization #6433: packetpool: improve return sync logic
	Optimization #6387: mqtt: move parser registration code to the rust side
	Optimization #6111: defrag: avoid passing null pointers to functions
	Optimization #5699: dcerpc: switch to incomplete api for tcp
	Optimization #5672: smb: avoid unbounded hash maps
	Optimization #5634: detect: unify ValidateCallback for MD5-like keywords
	Optimization #5566: pgsql: add events
	Optimization #5517: decode: big clean up (macros and functions)
	Optimization #5311: ftp: use unsigned integer for input_len
	Optimization #5047: sip: implement pattern based protocol detection
	Optimization #4798: af-packet: default to tpacket-v3 in IDS mode
	Optimization #3827: output: clean up logging initialization code
	Optimization #3449: eve: output calls fflush very often
	Optimization #3427: datasets: issue warning/info for data with type string
	 that are not base64
	Optimization #426: threshold: rule based thresholding data structure improvement
	Task #7604: lua: turn http into lib
	Task #7602: lua: turn dns into lib
	Task #7601: lua: turn dnp3 into lib
	Task #7492: lua: remove script_api_ver check from needs block
	Task #7489: lua: turn flow into lib
	Task #7488: lua: turn packet into lib
	Task #7456: engine/analysis: report rule state altered by flowbit rule
	Task #7426: flowint: add isnotset support
	Task #7350: firewall usecase: log app-layer metadata for for catch-all drop rules
	Task #7341: rust: use bindgen to generate Rust bindings to C functions
	Task #7287: schema: add missing tls fields certificate and chain
	Task #7246: libhtp 0.5.49
	Task #7227: logging: document and cleanup low level logging registration
	Task #7219: rust/crates: update base64
	Task #7167: dns: make the version field in a dns object required
	Task #7165: napatech: move into bundled plugin
	Task #7162: pfring: move into bundled plugin
	Task #7154: plugins: add template detection plugin
	Task #7152: plugins: add template logger plugin
	Task #7151: plugins: add template app-layer plugin
	Task #7130: rust: dependency "time" fails to build on Rust nightly
	Task #7058: fuzz/base64: check decoded strings for correctness in strict mode
	Task #6965: libhtp 0.5.48
	Task #6962: yaml: unify 0 stats counter config option terminology
	Task #6961: lua: use a rust crate to vendor lua
	Task #6935: unittests: convert tests to new FAIL/PASS API - src/app-layer-htp.c
	Task #6888: contrib: remove obsolete items from contrib
	Task #6818: rust: snmp-parser 0.10.0
	Task #6817: rust: kerberos-parser 0.8.0
	Task #6769: libhtp 0.5.47
	Task #6748: doc: mention X710 RX descriptor limitation
	Task #6712: dependencies: completely remove nss
	Task #6705: build-info: remove obsolete "rust support" line
	Task #6605: flash decompression: update/remove deprecation warnings
	Task #6603: pgsql: don't log password msg if password disabled
	Task #6586: mpm/ac-bs: remove implementation
	Task #6577: pgsql: add cancel request message
	Task #6544: logging: deprecate syslog
	Task #6543: logging: deprecate http-log
	Task #6542: logging: deprecate tls-log
	Task #6488: plugins: add example plugins to the suricata source tree
	Task #6432: tracking: autofp capture stalls due to packetpool depletion
	Task #6427: runmodes: remove reference to auto modes
	Task #6360: detect/analyzer: add more details for the icmp_id keyword
	Task #6355: detect/analyzer: add more details for the tcp.mss keyword
	Task #6354: detect/analyzer: add more details for the tcp ack keyword
	Task #6353: detect/analyzer: add more details for the tcp seq keyword
	Task #6352: detect/analyzer: add more details for the tcp window keyword
	Task #6318: unittests: convert tests to new
	 FAIL/PASS API - detect-engine-address-ipv4.c
	Task #6312: detect/analyzer: add more details for the flow.age keyword
	Task #6309: detect/analyzer: add more details for the flowbits keyword
	Task #6287: suricatasc: rewrite in rust
	Task #6209: libhtp 0.5.46
	Task #6107: unittests: convert tests to new FAIL/PASS API - util-memcmp.c
	Task #6050: base64: make a fuzz target
	Task #5626: doc: document file.data
	Task #5588: ips/tap: don't allow mixed tap and ips modes
	Task #5053: app-layer: dynamic alproto IDs
	Task #4742: build: make the auto-generated config.h not conflict with other
	 config.h
	Task #4698: lib: Example program to bootstrap Suricata (an alternate main()
	 for Suricata)
	Task #4683: detect: remove sigmatch_table in favor of a dynamic storage option
	Task #4105: plugins: Create template capture source plugin
	Task #4103: plugins: convert an app-layer to use the plugin API (snmp)
	Documentation #7540: doc/userguide: fix typo
	Documentation #7383: userguide: fix typo
	Documentation #7262: doc: remove mentions to suricata-6
	Documentation #7260: userguide/config: fix consistency of dashes instead of
	 underscores
	Documentation #7153: devguide: document adding a detection plugin
	Documentation #7150: devguide: document adding a logging plugin
	Documentation #7149: devguide: document adding a app-layer plugin
	Documentation #7031: userguide: document SignatureProperties sigtype
	Documentation #6911: manpages: use consistant date based on release and/or git
	 commits
	Documentation #6908: userguide: document how to verify tar.gz signature
	Documentation #6781: http: document duplicate headers concatenation handling
	Documentation #6725: document pcap file variables
	Documentation #6708: userguide/payload: fix explanation about bsize ranges
	Documentation #6686: docs: port userguide build instruction changes from
	 master-6.0.x
	Documentation #6685: userguide: explain noalert keyword
	Documentation #6629: docs: fix byte_test examples
	Documentation #6628: userguide: document generic aspects of integer keywords
	Documentation #6599: docs: update eBPF installation instructions
	Documentation #6589: docs: fix broken bulleted list style on rtd
	Documentation #6570: remove references in docs mentioning prehistoric Suricata
	    versions
	Documentation #6568: devguide: document backports policies and process
	Documentation #6552: doc: add tcp timeout fix to upgrade guide
	Documentation #6548: http2: http.stat_msg - note about HTTP/2 behavior
	Documentation #6445: userguide: explain what flow_id is
	Documentation #6076: eve/schema: document quic
	Documentation #5651: detect/bsize: format should specify operators
	Documentation #5494: userguide: update tls eve-log fields 'not_before' and
	 'not_after'
	Documentation #5393: devguide: move github workflow document from redmine into
	 devguide
	Documentation #5088: detect/file.name: keyword is not documented
	Documentation #4359: docs: elaborate documentation for rule profiling
	Documentation #3015: userguide: document "tag" keyword

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/suricata                      |  9 +++++++++
 lfs/suricata                                          |  6 +++---
 ...patch => suricata-8.0.0-disable-sid-2210059.patch} | 11 +++++------
 3 files changed, 17 insertions(+), 9 deletions(-)
 rename src/patches/suricata/{suricata-disable-sid-2210059.patch => suricata-8.0.0-disable-sid-2210059.patch} (51%)

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata
index 8fe53f7e6..bf49d1964 100644
--- a/config/rootfiles/common/suricata
+++ b/config/rootfiles/common/suricata
@@ -2,6 +2,8 @@ etc/suricata
 etc/suricata/suricata.yaml
 usr/bin/suricata
 usr/bin/suricata-watcher
+#usr/bin/suricatactl
+#usr/bin/suricatasc
 usr/sbin/convert-ids-backend-files
 #usr/share/doc/suricata
 #usr/share/doc/suricata/AUTHORS
@@ -26,16 +28,20 @@ usr/share/suricata
 #usr/share/suricata/rules/dhcp-events.rules
 #usr/share/suricata/rules/dnp3-events.rules
 #usr/share/suricata/rules/dns-events.rules
+#usr/share/suricata/rules/enip-events.rules
 #usr/share/suricata/rules/files.rules
 #usr/share/suricata/rules/ftp-events.rules
 #usr/share/suricata/rules/http-events.rules
 #usr/share/suricata/rules/http2-events.rules
 #usr/share/suricata/rules/ipsec-events.rules
 #usr/share/suricata/rules/kerberos-events.rules
+#usr/share/suricata/rules/mdns-events.rules
 #usr/share/suricata/rules/modbus-events.rules
 #usr/share/suricata/rules/mqtt-events.rules
 #usr/share/suricata/rules/nfs-events.rules
 #usr/share/suricata/rules/ntp-events.rules
+#usr/share/suricata/rules/pgsql-events.rules
+#usr/share/suricata/rules/pop3-events.rules
 #usr/share/suricata/rules/quic-events.rules
 #usr/share/suricata/rules/rfb-events.rules
 #usr/share/suricata/rules/smb-events.rules
@@ -43,9 +49,12 @@ usr/share/suricata
 #usr/share/suricata/rules/ssh-events.rules
 #usr/share/suricata/rules/stream-events.rules
 #usr/share/suricata/rules/tls-events.rules
+#usr/share/suricata/rules/websocket-events.rules
 #usr/share/suricata/threshold.config
 var/cache/suricata
 var/lib/suricata
+#var/lib/suricata/cache
+#var/lib/suricata/cache/sgh
 #var/lib/suricata/data
 var/log/suricata
 #var/log/suricata/certs
diff --git a/lfs/suricata b/lfs/suricata
index 7c02ec83a..84323ac09 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 7.0.11
+VER        = 8.0.0
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 5bdfc3715bed2faa49cc9096a30fb0f58c81c0ebe6cb82629d5ccddd75cf68af6b3a1e9ae2ed54cbbeea48d40c2e1c3348b52c19856ba9550b6c687653de8b47
+$(DL_FILE)_BLAKE2 = be76000891acfd6746c05023abb633aff86d90a9a18ecf49758bf05cdc52ed7184f2ac87056dc19489dff0dda81c1139a8a608f682389533ae07a8295fab20c3
 
 install : $(TARGET)
 
@@ -70,7 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-8.0.0-disable-sid-2210059.patch
 	cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc \
diff --git a/src/patches/suricata/suricata-disable-sid-2210059.patch b/src/patches/suricata/suricata-8.0.0-disable-sid-2210059.patch
similarity index 51%
rename from src/patches/suricata/suricata-disable-sid-2210059.patch
rename to src/patches/suricata/suricata-8.0.0-disable-sid-2210059.patch
index 8955eec5e..7968b9ade 100644
--- a/src/patches/suricata/suricata-disable-sid-2210059.patch
+++ b/src/patches/suricata/suricata-8.0.0-disable-sid-2210059.patch
@@ -1,12 +1,11 @@
-diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules
---- a/rules/stream-events.rules	2021-11-17 16:55:12.000000000 +0100
-+++ b/rules/stream-events.rules	2021-12-08 18:12:39.850189502 +0100
+--- suricata-8.0.0-beta1/rules/stream-events.rules.orig	2025-04-08 14:50:55.000000000 +0200
++++ suricata-8.0.0-beta1/rules/stream-events.rules	2025-06-03 16:16:56.517635788 +0200
 @@ -97,7 +97,7 @@
  # rule to alert if a stream has excessive retransmissions
  alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;)
  # Packet on wrong thread. Fires at most once per flow.
--alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
-+#alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; sid:2210059; rev:1;)
+-alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; threshold:type backoff, track by_flow, count 1, multiplier 10; sid:2210059; rev:2;)
++#alert tcp any any -> any any (msg:"SURICATA STREAM pkt seen on wrong thread"; stream-event:wrong_thread; threshold:type backoff, track by_flow, count 1, multiplier 10; sid:2210059; rev:2;)
  
  # Packet with FIN+SYN set
- alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:fin_syn; classtype:protocol-command-decode; sid:2210060; rev:1;)
+ alert tcp any any -> any any (msg:"SURICATA STREAM FIN SYN reuse"; stream-event:fin_syn; threshold:type backoff, track by_flow, count 1, multiplier 2; classtype:protocol-command-decode; sid:2210060; rev:2;)
-- 
2.50.1



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-07-22 16:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-22 16:55 [PATCH] suricata: Update to version 8.0.0 Adolf Belka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox