Acked-by: Michael Tremer > On 28 Apr 2020, at 17:36, Peter Müller wrote: > > Release notes (https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/, truncated): > > This is the first release after Suricata joined the Oss-Fuzz program, leading to > discovery of a number of (potential) security issues. We expect that in the coming > months we’ll fix more such issues, as the fuzzers increase their coverage and we > continue to improve the seed corpus. > > Feature #3481: GRE ERSPAN Type 1 Support > Feature #3613: Teredo port configuration > Feature #3673: datasets: add ‘dataset-remove’ unix command > Bug #3240: Dataset hash-size or prealloc invalid value logging > Bug #3241: Dataset reputation invalid value logging > Bug #3342: Suricata 5.0 crashes while parsing SMB data > Bug #3450: signature with sticky buffer with subsequent pcre check in a different buffer loads but will never match > Bug #3491: Backport 5 BUG_ON(strcasecmp(str, “any”) in DetectAddressParseString > Bug #3507: rule parsing: memory leaks > Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion > Bug #3534: Skip over ERF_TYPE_META records > Bug #3552: file logging: complete files sometimes marked ‘TRUNCATED’ > Bug #3571: rust: smb compile warnings > Bug #3573: TCP Fast Open – Bypass of stateless alerts > Bug #3574: Behavior for tcp fastopen > Bug #3576: Segfault when facing malformed SNMP rules > Bug #3577: SIP: Input not parsed when header values contain trailing spaces > Bug #3580: Faulty signature with two threshold keywords does not generate an error and never match > Bug #3582: random failures on sip and http-evader suricata-verify tests > Bug #3585: htp: asan issue > Bug #3592: Segfault on SMTP TLS > Bug #3598: rules: memory leaks in pktvar keyword > Bug #3600: rules: bad address block leads to stack exhaustion > Bug #3602: rules: crash on ‘internal’-only keywords > Bug #3604: rules: missing ‘consumption’ of transforms before pkt_data would lead to crash > Bug #3606: rules: minor memory leak involving pcre_get_substring > Bug #3609: ssl/tls: ASAN issue in SSLv3ParseHandshakeType > Bug #3610: defrag: asan issue > Bug #3612: rules/bsize: memory issue during parsing > Bug #3614: build-info and configure wrongly display libnss status > Bug #3644: Invalid memory read on malformed rule with Lua script > Bug #3646: rules: memory leaks on failed rules > Bug #3649: CIDR Parsing Issue > Bug #3651: FTP response buffering against TCP stream > Bug #3653: Recursion stack-overflow in parsing YAML configuration > Bug #3660: Multiple DetectEngineReload and bad insertion into linked list lead to buffer overflow > Bug #3665: FTP: Incorrect ftp_memuse calculation. > Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by signe IP address > Bug #3669: Rules reload with Napatech can hang Suricata UNIX manager process > Bug #3672: coverity: data directory handling issues > Bug #3674: Protocol detection evasion by packet splitting > Optimization #3406: filestore rules are loaded without warning when filestore is not enabled > Task #3478: libhtp 0.5.33 > Task #3514: SMTP should place restraints on variable length items (e.g., filenames) > Documentation #3543: doc: add ipv4.hdr and ipv6.hdr > Bundled libhtp 0.5.33 > Bundled Suricata-Update 1.1.2 > > Signed-off-by: Peter Müller > --- > lfs/suricata | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lfs/suricata b/lfs/suricata > index fdff36ca6..9369500ac 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -24,7 +24,7 @@ > > include Config > > -VER = 5.0.2 > +VER = 5.0.3 > > THISAPP = suricata-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = 28470c05f0f1d3eae2a0c7312c3eabc3 > +$(DL_FILE)_MD5 = d302ae41735551e2e1198e965d452664 > > install : $(TARGET) > > -- > 2.16.4