From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 2/2] Suricata: update to 5.0.3 Date: Wed, 29 Apr 2020 11:31:15 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5584053297019619804==" List-Id: --===============5584053297019619804== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Acked-by: Michael Tremer > On 28 Apr 2020, at 17:36, Peter M=C3=BCller wr= ote: >=20 > Release notes (https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/= , truncated): >=20 > This is the first release after Suricata joined the Oss-Fuzz program, le= ading to > discovery of a number of (potential) security issues. We expect that in = the coming > months we=E2=80=99ll fix more such issues, as the fuzzers increase their= coverage and we > continue to improve the seed corpus. >=20 > Feature #3481: GRE ERSPAN Type 1 Support > Feature #3613: Teredo port configuration > Feature #3673: datasets: add =E2=80=98dataset-remove=E2=80=99 unix comma= nd > Bug #3240: Dataset hash-size or prealloc invalid value logging > Bug #3241: Dataset reputation invalid value logging > Bug #3342: Suricata 5.0 crashes while parsing SMB data > Bug #3450: signature with sticky buffer with subsequent pcre check in a = different buffer loads but will never match > Bug #3491: Backport 5 BUG_ON(strcasecmp(str, =E2=80=9Cany=E2=80=9D) in D= etectAddressParseString > Bug #3507: rule parsing: memory leaks > Bug #3526: 5.0.x Kerberos vulnerable to TCP splitting evasion > Bug #3534: Skip over ERF_TYPE_META records > Bug #3552: file logging: complete files sometimes marked =E2=80=98TRUNCA= TED=E2=80=99 > Bug #3571: rust: smb compile warnings > Bug #3573: TCP Fast Open =E2=80=93 Bypass of stateless alerts > Bug #3574: Behavior for tcp fastopen > Bug #3576: Segfault when facing malformed SNMP rules > Bug #3577: SIP: Input not parsed when header values contain trailing spa= ces > Bug #3580: Faulty signature with two threshold keywords does not generat= e an error and never match > Bug #3582: random failures on sip and http-evader suricata-verify tests > Bug #3585: htp: asan issue > Bug #3592: Segfault on SMTP TLS > Bug #3598: rules: memory leaks in pktvar keyword > Bug #3600: rules: bad address block leads to stack exhaustion > Bug #3602: rules: crash on =E2=80=98internal=E2=80=99-only keywords > Bug #3604: rules: missing =E2=80=98consumption=E2=80=99 of transforms be= fore pkt_data would lead to crash > Bug #3606: rules: minor memory leak involving pcre_get_substring > Bug #3609: ssl/tls: ASAN issue in SSLv3ParseHandshakeType > Bug #3610: defrag: asan issue > Bug #3612: rules/bsize: memory issue during parsing > Bug #3614: build-info and configure wrongly display libnss status > Bug #3644: Invalid memory read on malformed rule with Lua script > Bug #3646: rules: memory leaks on failed rules > Bug #3649: CIDR Parsing Issue > Bug #3651: FTP response buffering against TCP stream > Bug #3653: Recursion stack-overflow in parsing YAML configuration > Bug #3660: Multiple DetectEngineReload and bad insertion into linked lis= t lead to buffer overflow > Bug #3665: FTP: Incorrect ftp_memuse calculation. > Bug #3667: Signature with an IP range creates one IPOnlyCIDRItem by sign= e IP address > Bug #3669: Rules reload with Napatech can hang Suricata UNIX manager pro= cess > Bug #3672: coverity: data directory handling issues > Bug #3674: Protocol detection evasion by packet splitting > Optimization #3406: filestore rules are loaded without warning when file= store is not enabled > Task #3478: libhtp 0.5.33 > Task #3514: SMTP should place restraints on variable length items (e.g.,= filenames) > Documentation #3543: doc: add ipv4.hdr and ipv6.hdr > Bundled libhtp 0.5.33 > Bundled Suricata-Update 1.1.2 >=20 > Signed-off-by: Peter M=C3=BCller > --- > lfs/suricata | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lfs/suricata b/lfs/suricata > index fdff36ca6..9369500ac 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -24,7 +24,7 @@ >=20 > include Config >=20 > -VER =3D 5.0.2 > +VER =3D 5.0.3 >=20 > THISAPP =3D suricata-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_MD5 =3D 28470c05f0f1d3eae2a0c7312c3eabc3 > +$(DL_FILE)_MD5 =3D d302ae41735551e2e1198e965d452664 >=20 > install : $(TARGET) >=20 > --=20 > 2.16.4 --===============5584053297019619804==--