- Update from version 6.0.15 to 7.0.2 - Update of rootfile - suricata 7.0.2 requires libhtp >= 0.5.45 it also requires libelf.so.1 for execution. Previous suricata versions only required libelf for building. libelf or elfutils are not mentioned anywhere in the changelog - Without elfutils available during starting then suricata fails to start due to libelf.so.1 not being available. - Tested out suricata7 with elfutils on my vm testbed and it successfully started. - The suricata-5.0.8 patch has been removed as it got applied to configure.ac but this is not available in suricata-7.0.2. It looks like that patch was never actually used in suricata as all the builds I checked used the configure file from the source tarball and the configure was never created by running autoconf on the configure.ac - Changelog is too large to include here. Details can be found in the ChangeLog file in the source tarball
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/suricata | 3 ++- lfs/suricata | 7 +++---- ...5.0.8-fix-level1-cache-line-size-detection.patch | 13 ------------- 3 files changed, 5 insertions(+), 18 deletions(-) delete mode 100644 src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index c414cf61b..53224d006 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -1,7 +1,6 @@ etc/suricata etc/suricata/suricata.yaml usr/bin/suricata -#usr/include/suricata-plugin.h usr/sbin/convert-ids-backend-files #usr/share/doc/suricata #usr/share/doc/suricata/AUTHORS @@ -27,6 +26,7 @@ usr/share/suricata #usr/share/suricata/rules/dnp3-events.rules #usr/share/suricata/rules/dns-events.rules #usr/share/suricata/rules/files.rules +#usr/share/suricata/rules/ftp-events.rules #usr/share/suricata/rules/http-events.rules #usr/share/suricata/rules/http2-events.rules #usr/share/suricata/rules/ipsec-events.rules @@ -35,6 +35,7 @@ usr/share/suricata #usr/share/suricata/rules/mqtt-events.rules #usr/share/suricata/rules/nfs-events.rules #usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/quic-events.rules #usr/share/suricata/rules/rfb-events.rules #usr/share/suricata/rules/smb-events.rules #usr/share/suricata/rules/smtp-events.rules diff --git a/lfs/suricata b/lfs/suricata index 2e71ba49d..baead19e7 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 6.0.15 +VER = 7.0.2
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 +$(DL_FILE)_BLAKE2 = 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725
install : $(TARGET)
@@ -71,7 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch deleted file mode 100644 index f1529812d..000000000 --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index d56d3a550..81abf8f00 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2424,7 +2424,7 @@ fi - AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") - if test "$HAVE_GETCONF_CMD" != "no"; then - CLS=$(getconf LEVEL1_DCACHE_LINESIZE) -- if [test "$CLS" != "" && test "$CLS" != "0"]; then -+ if [test "$CLS" != "" && test "$CLS" != "0" && test "$CLS" != "undefined"]; then - AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size]) - else - AC_DEFINE([CLS],[64],[L1 cache line size])
- Update from version 0.5.44 to 0.5.45 - Update of rootfile not required - suricata-7.0.2 requires libhtp >= 0.5.45 - Changelog 0.5.45 - log: resist allocation failure - support HTTP Bearer authentication
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/libhtp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/libhtp b/lfs/libhtp index 987c159e5..f9fce0b0c 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.5.44 +VER = 0.5.45
THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 6b4c8d617e6a649997e9375677baed99315be83e598317ce4951883482e6099cb5fd28e27ae25ab68ecc765931b0955289d144a710ce2e1b11edf92848b1b613 +$(DL_FILE)_BLAKE2 = faa5a05844a959b00b1f53c26d8c9167d91998c2b4d71b9ce85f1822f431d40d46513a596d804dee3290bdfad5a27d93755bb6e39fb5c36fc90472637cc3caad
install : $(TARGET)
- Updated lfs file to core program type - Moved rootfile from packages to common - Older suricata versions required elfutils only for building but suricata-7.0.2 fails to start if elfutils is not present due to libelf.so.1 being missing. - The requirement for elfutils is not mentioned at all in the changelog.
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/{packages => common}/elfutils | 0 lfs/elfutils | 11 +---------- 2 files changed, 1 insertion(+), 10 deletions(-) rename config/rootfiles/{packages => common}/elfutils (100%)
diff --git a/config/rootfiles/packages/elfutils b/config/rootfiles/common/elfutils similarity index 100% rename from config/rootfiles/packages/elfutils rename to config/rootfiles/common/elfutils diff --git a/lfs/elfutils b/lfs/elfutils index 9fb69af62..7dd95caa2 100644 --- a/lfs/elfutils +++ b/lfs/elfutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -33,12 +33,6 @@ DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) -PROG = elfutils -PAK_VER = 10 - -DEPS = - -SERVICES =
############################################################################### # Top-level Rules @@ -58,9 +52,6 @@ download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
-dist: - @$(PAK) - ############################################################################### # Downloading, checking, b2sum ###############################################################################
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/frr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/frr b/lfs/frr index a1555af64..f0954aae5 100644 --- a/lfs/frr +++ b/lfs/frr @@ -34,9 +34,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = frr -PAK_VER = 7 +PAK_VER = 8
-DEPS = elfutils +DEPS =
SERVICES = frr
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/ltrace | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/ltrace b/lfs/ltrace index 3d1fdee3f..f3f07c0b1 100644 --- a/lfs/ltrace +++ b/lfs/ltrace @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,9 +35,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ltrace -PAK_VER = 2 +PAK_VER = 3
-DEPS = elfutils +DEPS =
SERVICES =
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/qemu | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/qemu b/lfs/qemu index 2c45d7156..d65282743 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,9 +35,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = qemu -PAK_VER = 41 +PAK_VER = 42
-DEPS = alsa elfutils libusbredir spice libseccomp libslirp +DEPS = alsa libusbredir spice libseccomp libslirp
SERVICES =
Fixes: Bug#13516 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/strace | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/strace b/lfs/strace index 2ce9b26d8..97253340a 100644 --- a/lfs/strace +++ b/lfs/strace @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -35,9 +35,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = strace -PAK_VER = 10 +PAK_VER = 11
-DEPS = elfutils +DEPS =
SERVICES =
-
Adolf Belka