From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4d2ZRV1CCKz30Ch for ; Thu, 06 Nov 2025 21:03:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4d2ZRQ5tCgz2xSM for ; Thu, 06 Nov 2025 21:03:30 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4d2ZRN1qGNz310; Thu, 06 Nov 2025 21:03:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1762463008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wvs3x/FrZB6RkImBgRYwJulv03VpPeNASGVTzGbKg3Y=; b=SdXtMUgS8wTBLnMCMGzIQjdffHPcyh2KzAqPLE9Yp6DIUgReCuLVvLx3avI+ABnevEuMa/ NA3SL26YNGzn3RBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1762463008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wvs3x/FrZB6RkImBgRYwJulv03VpPeNASGVTzGbKg3Y=; b=XXuYT93SinnATxaEFaBtc8/XeYjrWDQWT2FM78sanbGUhkP15UmVpl9TxJrsy/7uCBAFjM Wad2t9/oDWghhXsUOCK7f+ihldE+EFlW1Zp13qEVI9sTCoauP2D+yT+JxyzCm1KWKSZO/c DvZDX8O06efL4HYvXd7AAWRlCiqAtHO7bNzwOqBIKs8lvoYuKSA39cM0SA3rmt2vWe8X6t ARn/v2I245xDiDlzVrtCPruUXm5M5wlNgO50PC8yXT36C62k3aPMSDi0iLo1/ZR8a139wW j4BpFkNd9w4vi8LAdXP4qy37lTQD82L/zHzd542SPtGik1/17dKEy7iPTfAOZg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] suricata: Update to version 8.0.2 Date: Thu, 6 Nov 2025 22:03:23 +0100 Message-ID: <20251106210323.2918962-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update from version 8.0.1 to 8.0.2 - No change to rootfile - Changelog 8.0.2 CVE IDs Addressed: CVE-2025-64344: HIGH CVE-2025-64333: HIGH CVE-2025-64332: HIGH CVE-2025-64331: HIGH CVE-2025-64330: HIGH CVE-2025-64335: HIGH CVE-2025-64334: HIGH Bug #7910: lua/http: null dereference in accessor functions (8.0.x backport) Bug #7911: eve/alert: incorrect verdict with pass + alert rule (8.0.x backport) Bug #7923: output/json: invalid IKE logs (8.0.x backport) Bug #7940: decoder/vxlan: packet drops with non-zero reserved fields (8.0.x backport) Bug #7943: runmode/dpdk: dpdk_vars initialized to NULL for any livedev (8.0.x backport) Bug #7961: mime: incorrect decoding of quoted-printable text attachments (8.0.x backport) Bug #7974: detect/files: signatures using file keywords on udp only app protos fail (8.0.x backport) Bug #7976: dpdk: CPU exclude logic is broken (8.0.x backport) Bug #7990: dpdk: compile warning ‘rte_eth_bond_members_get’ is deprecated (8.0.x backport) Bug #7992: http2: wrong parsing of go away frames error code (8.0.x backport) Bug #7998: detect: replace keyword leaks memory (8.0.x backport) Bug #8005: pcap-log: bpf-filter not applied when using multi mode (8.0.x backport) Bug #8007: anomaly/ether_type: always logged as big endian (8.0.x backport) Bug #8016: detect/ip.src: does not load with lua transform (8.0.x backport) Bug #8020: tls: certificate SAN is freed in case of any error (8.0.x backport) Bug #8034: flow/timeouts: yaml configured values unused for bypassed (8.0.x backport) Bug #8053: python/Makefile: too open file permissions for defaults.py (8.0.x backport) Bug #8076: snmp: detection-only setting is broken (8.0.x backport) Feature #8072: flow: midstream exception policy "reject-both" support (8.0.x backport) Task #5472: tracking: upgrading from 7 to 8 Task #7936: security: review security levels definitions (8.0.x backport) Task #7978: github/actions: add DPDK 23.11 build (8.0.x backport) Task #7984: ci: Add multi-tenant test (backport to 8.0) Task #7985: ci: Add multi-tenant test (8.0.x backport) Documentation #7914: devguide: Add Eve Output Plugins (8.0.x backport) Documentation #7916: userguide: document tx scoped xbits (8.0.x backport) Documentation #7917: userguide: add section for rule hooks (8.0.x backport) Security #8066: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer (8.0.x backport) Signed-off-by: Adolf Belka --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index 95403be78..dab9436e2 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 8.0.1 +VER = 8.0.2 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 52b2fb30a4c56a5a0979ac2016b707e089cdc3ecdf85d834cf2a22e92465136fda11b6830a95831c0146f6f3db7b93892649ee15317a9db1825452266611722b +$(DL_FILE)_BLAKE2 = 708bc7f850a620cc69d41f78785d3cbd5116ea3baefeb3f068b6bd3e31a588511ecffab735ceb51d3392d5385d17dd3ee6498e0365ca38abf4ccf1b2cbc81f13 install : $(TARGET) -- 2.51.2