[PATCH 1/7] suricata: Update to version 7.0.2

- Update from version 6.0.15 to 7.0.2 - Update of rootfile - suricata 7.0.2 requires libhtp >= 0.5.45 it also requires libelf.so.1 for execution. Previous suricata versions only required libelf for building. libelf or elfutils are not mentioned anywhere in the changelog - Without elfutils available during starting then suricata fails to start due to libelf.so.1 not being available. - Tested out suricata7 with elfutils on my vm testbed and it successfully started. - The suricata-5.0.8 patch has been removed as it got applied to configure.ac but this is not available in suricata-7.0.2. It looks like that patch was never actually used in suricata as all the builds I checked used the configure file from the source tarball and the configure was never created by running autoconf on the configure.ac - Changelog is too large to include here. Details can be found in the ChangeLog file in the source tarball

Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/suricata | 3 ++- lfs/suricata | 7 +++---- ...5.0.8-fix-level1-cache-line-size-detection.patch | 13 ------------- 3 files changed, 5 insertions(+), 18 deletions(-) delete mode 100644 src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch

diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index c414cf61b..53224d006 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -1,7 +1,6 @@ etc/suricata etc/suricata/suricata.yaml usr/bin/suricata -#usr/include/suricata-plugin.h usr/sbin/convert-ids-backend-files #usr/share/doc/suricata #usr/share/doc/suricata/AUTHORS @@ -27,6 +26,7 @@ usr/share/suricata #usr/share/suricata/rules/dnp3-events.rules #usr/share/suricata/rules/dns-events.rules #usr/share/suricata/rules/files.rules +#usr/share/suricata/rules/ftp-events.rules #usr/share/suricata/rules/http-events.rules #usr/share/suricata/rules/http2-events.rules #usr/share/suricata/rules/ipsec-events.rules @@ -35,6 +35,7 @@ usr/share/suricata #usr/share/suricata/rules/mqtt-events.rules #usr/share/suricata/rules/nfs-events.rules #usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/quic-events.rules #usr/share/suricata/rules/rfb-events.rules #usr/share/suricata/rules/smb-events.rules #usr/share/suricata/rules/smtp-events.rules diff --git a/lfs/suricata b/lfs/suricata index 2e71ba49d..baead19e7 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 6.0.15 +VER = 7.0.2

THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 +$(DL_FILE)_BLAKE2 = 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725

install : $(TARGET)

@@ -71,7 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch deleted file mode 100644 index f1529812d..000000000 --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index d56d3a550..81abf8f00 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2424,7 +2424,7 @@ fi - AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") - if test "$HAVE_GETCONF_CMD" != "no"; then - CLS=$(getconf LEVEL1_DCACHE_LINESIZE) -- if [test "$CLS" != "" && test "$CLS" != "0"]; then -+ if [test "$CLS" != "" && test "$CLS" != "0" && test "$CLS" != "undefined"]; then - AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size]) - else - AC_DEFINE([CLS],[64],[L1 cache line size])