Excerpt from changelog:
"6.0.13 -- 2023-06-15
Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport) Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport) Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport) Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport) Bug #6113: ips: txs still logged for dropped flow (6.0.x backport) Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport) Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport) Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport) Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport) Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport) Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport) Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport) Task #5984: libhtp 0.5.44 (6.0.x backport) Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport) Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/suricata | 3 +-- lfs/suricata | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index df297ebd6..89fd6d865 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files #usr/share/doc/suricata/Basic_Setup.txt #usr/share/doc/suricata/GITGUIDE #usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS #usr/share/doc/suricata/NEWS #usr/share/doc/suricata/README #usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt @@ -45,6 +43,7 @@ usr/share/suricata #usr/share/suricata/threshold.config var/cache/suricata var/lib/suricata +#var/lib/suricata/data var/log/suricata #var/log/suricata/certs #var/log/suricata/files diff --git a/lfs/suricata b/lfs/suricata index b28d5e3e7..c48c1c430 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.12 +VER = 6.0.13
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6 +$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
install : $(TARGET)
For details see: https://github.com/OISF/libhtp/releases/tag/0.5.44
"0.5.44 (13 June 2023) ---------------------
- response: only trim spaces at headers names end - response: skips lines before response line - headers: log a warning for chunks extension"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/libhtp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/libhtp b/lfs/libhtp index 0b6015cde..987c159e5 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -24,7 +24,7 @@
include Config
-VER = 0.5.43 +VER = 0.5.44
THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 071cadc254b7af55bf410db5689429ca7588005b2f74fbd8468f2d6eeaf00c55ae99e8dd78552a5bf11ace5c8047b28a844db343937827a428b6d8b8d9036d29 +$(DL_FILE)_BLAKE2 = 6b4c8d617e6a649997e9375677baed99315be83e598317ce4951883482e6099cb5fd28e27ae25ab68ecc765931b0955289d144a710ce2e1b11edf92848b1b613
install : $(TARGET)
Thank you.
I merged this straight away.
On 16 Jun 2023, at 16:52, Matthias Fischer matthias.fischer@ipfire.org wrote:
Excerpt from changelog:
"6.0.13 -- 2023-06-15
Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport) Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport) Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport) Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport) Bug #6113: ips: txs still logged for dropped flow (6.0.x backport) Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport) Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport) Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport) Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport) Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport) Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport) Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport) Task #5984: libhtp 0.5.44 (6.0.x backport) Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport) Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
config/rootfiles/common/suricata | 3 +-- lfs/suricata | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index df297ebd6..89fd6d865 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -8,8 +8,6 @@ usr/sbin/convert-ids-backend-files #usr/share/doc/suricata/Basic_Setup.txt #usr/share/doc/suricata/GITGUIDE #usr/share/doc/suricata/INSTALL -#usr/share/doc/suricata/INSTALL.PF_RING -#usr/share/doc/suricata/INSTALL.WINDOWS #usr/share/doc/suricata/NEWS #usr/share/doc/suricata/README #usr/share/doc/suricata/Setting_up_IPSinline_for_Linux.txt @@ -45,6 +43,7 @@ usr/share/suricata #usr/share/suricata/threshold.config var/cache/suricata var/lib/suricata +#var/lib/suricata/data var/log/suricata #var/log/suricata/certs #var/log/suricata/files diff --git a/lfs/suricata b/lfs/suricata index b28d5e3e7..c48c1c430 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.12 +VER = 6.0.13
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6 +$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01
install : $(TARGET)
-- 2.34.1