From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cRXsh6FHgz32S7 for ; Wed, 17 Sep 2025 09:05:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cRXsd3DKWz2xHd for ; Wed, 17 Sep 2025 09:05:09 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cRXsW2Vnqz5n; Wed, 17 Sep 2025 09:05:03 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1758099903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+JbF0hGDiXiEZOhyPsFv/cd3JV/pxo7+++DDbrl6Z6w=; b=l/mFqyJsKMdeN7rrBiskl0sb+o2cBnTpy7ekHtrT2IX/ggJcAzFzFk9oIQ+6iVizJ94lh1 UxD3e1d1V+tpR0AQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1758099903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+JbF0hGDiXiEZOhyPsFv/cd3JV/pxo7+++DDbrl6Z6w=; b=qbX02ZY7Z/sMsqTQoPHUuZZAGvxu4iJeLqXSF89beLU7vyDSux6WtTXsTSpB5yzx045gc3 GZQ7udmNOhSqWNZpTnEUmYd1pJybwb229oPwBmOyLIOZuandx7RiA69XcXcNnIBa0Bg1Pu PPzTAyMWcef31e4p9GlhsI5c4B4Tr0wwN0+FHNYThMKTZy9eoTZ/3Zo12uUUDzslDUvQAG lAoS44oPxGur0se3sJh2N0jb1eYFtz0N9emeecm3Qrl1EO6euN0yss5sHq+xmvJC7R380k Z4v/uq2PNuyc7pURmbr4xaiRSDI19CA4zgi63ErZ2vm8SUsJRd0ezPa4eGCgTQ== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: [PATCH] suricata: Update to 8.0.1 From: Michael Tremer In-Reply-To: <20250916214713.3410708-1-matthias.fischer@ipfire.org> Date: Wed, 17 Sep 2025 10:05:02 +0100 Cc: development@lists.ipfire.org Content-Transfer-Encoding: quoted-printable Message-Id: <652C5008-E650-4E61-9113-48D8685829A9@ipfire.org> References: <20250916214713.3410708-1-matthias.fischer@ipfire.org> To: Matthias Fischer Thank you. Merged! > On 16 Sep 2025, at 22:47, Matthias Fischer = wrote: >=20 > Excerpt from changelog: >=20 > "8.0.1 -- 2025-09-15 >=20 > Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL = Deref if tls.subjectaltname > contains zero(HIGH - CVE 2025-59150) > Security #7861: detect: Dynamic-stack-buffer-overflow in = ShortenString(HIGH - CVE 2025-59149) > Security #7838: detect/entropy: segfault when not anchored to a sticky = buffer(HIGH - CVE 2025-59148) > Security #7657: tcp: syn resend with different seq leads to detection = bypasss(HIGH - CVE 2025-59147) > Bug #7891: unix-socket: memory leak when client disconnects during = rule reload > Bug #7877: rust: build with RUSTC and CARGO variables fails > Bug #7865: detect/integers: u8 prefilter does not support all modes > Bug #7859: doc/userguide: build failure with read the docs theme > Bug #7843: http: dissection anomaly on `Content-Encoding: identity` > Bug #7836: util-byte: bad usage of StringParse function return codes > Bug #7828: util/hash: unexpected remove behavior > Bug #7827: app-layer: ippair.memcap counter shows memuse > Bug #7824: hyperscan: caching results in segfault with link time = optimization (-flto=3Dauto, etc) > Bug #7822: engine-analysis: SEGV on rule failure without = rules-fast-pattern enabled > Bug #7821: engine-analysis: no report for failed rules without fast = pattern > Bug #7820: app-layer/snmp: internal error if app-layer is disabled > Bug #7815: unix-socket: segfault in "pcap-file-list" command > Bug #7813: cppcheck: warnings in counters.c > Bug #7804: util-lua-sandbox.c undeclared identifier error for Suricata = 8.0.0 > Bug #7803: http: use transactions right get function > Bug #7802: detect/dsize: uninitialized value from = SigParseRequiredContentSize > Bug #7741: http2: events can contain an empty response object > Bug #7740: doh2: events are always dns even if there is no DNS info = (pure HTTP2 settings) > Bug #7651: decoder/pppoe: valid packets are getting dropped as = decoder.ppp.unsup_proto > Bug #7636: tcp: assertion triggered in StreamTcpReassembleAppLayer > Bug #7611: eve: segv in stats.totals output > Bug #5689: eve: community id computed wrong for tcp and ipv4 when = src_ip =3D=3D dest_ip > Bug #4702: tcp: SYN/ACK dropped when client does not support = timestamps > Bug #4178: alert-debug: DNS Query triggers alert but no output in = alert-debug.log > Bug #3844: tcp: possible bypass with TCP ssn reuse > Optimization #7769: detect/file: remove redundant de_ctx->rule_file !=3D= NULL check > Feature #7869: detect/integers: support units like kib > Task #7857: schema/arp: fix invalid pkt event output > Task #7834: detect: remove unused non-pf stats counters > Documentation #7890: detect: tls.cert_subject incorrectly claims to = support multi-buffer > Documentation #7867: detect/multi-buffers: complete list in userguide = page on multi-buffer-matching > Documentation #7854: doc/lualib: fix flow timestamps() return value = order > Documentation #7795: eve/schema: document stats.detect counters > Documentation #7794: eve/schema: document stats.flow counters > Documentation #7728: lua: fix all Lua documentation examples for new = library format > Documentation #7648: rtd: set "latest" to last stable release starting = with 8.0.0 > Documentation #7639: dpdk: update Connect-X4 recommended fallback = tx-descriptor count > Documentation #7631: userguide: document lua lib suricata.dnp3 > Documentation #7190: detect/integers: document usage of units > Documentation #7081: userguide: add unix socket option to retrieve = flow info > Documentation #6840: devguide/app-layer: section with conceptualized = steps for adding parser > Documentation #6284: userguide: document what's the impact of = `stream.inline` > Documentation #6270: userguide: document usage of Suricata as a = firewall > Documentation #5690: userguide: document the differences between IPS = and IDS mode > Documentation #5513: userguide: add a chapter for IPS mode > Documentation #5139: userguide: add a section for netflow event type > Documentation #5078: doc/userguide: improve rule reload documentation > Documentation #4351: doc: explain the engine logic to trigger = inspection of TCP data" >=20 > Signed-off-by: Matthias Fischer > --- > lfs/suricata | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lfs/suricata b/lfs/suricata > index 05b708f1b..614097ef4 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -24,7 +24,7 @@ >=20 > include Config >=20 > -VER =3D 8.0.0 > +VER =3D 8.0.1 >=20 > THISAPP =3D suricata-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_BLAKE2 =3D = be76000891acfd6746c05023abb633aff86d90a9a18ecf49758bf05cdc52ed7184f2ac8705= 6dc19489dff0dda81c1139a8a608f682389533ae07a8295fab20c3 > +$(DL_FILE)_BLAKE2 =3D = 52b2fb30a4c56a5a0979ac2016b707e089cdc3ecdf85d834cf2a22e92465136fda11b6830a= 95831c0146f6f3db7b93892649ee15317a9db1825452266611722b >=20 > install : $(TARGET) >=20 > --=20 > 2.43.0 >=20 >=20