This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 78e0fef411974834040b6f668560b0ddd4aee63f (commit) via 2b990133770045bb8ef3a081ad27b8a0813ac24e (commit) via 959fe5103b4c72725476657d9e5f42f3abc2f534 (commit) from 73955514ac319aa4758cdfc56467f2ba47b66935 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 78e0fef411974834040b6f668560b0ddd4aee63f Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 14:41:00 2022 +0100
Core Update 172: Ship and restart Suricata
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2b990133770045bb8ef3a081ad27b8a0813ac24e Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 14:38:49 2022 +0100
libhtp: Update to 0.5.42
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 959fe5103b4c72725476657d9e5f42f3abc2f534 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 14:32:57 2022 +0100
suricata: Update to 6.0.9
Full changelog:
Security #5710: smb: crash inside of streaming buffer Grow() (6.0.x backport) Security #5694: smtp/base64: crash / memory corruption (6.0.x backport) Security #5688: decoder/tunnel: tunnel depth not limited properly (6.0.x backport) Security #5600: ips: encapsulated packet logged as dropped, but not actually dropped (6.0.x backport) Bug #5715: smb: file not tracked on smb2 async (6.0.x backport) Bug #5714: SMB2 async responses are not matched with its request (6.0.x backport) Bug #5709: HTTP/2 decompression bug (6.0.x backport) Bug #5696: Integer overflow at dcerpc.rs:846 (6.0.x backport) Bug #5695: readthedocs: not showing pdf download option for recent versions (6.0.x backport) Bug #5683: FlowSwapFileFlags function is incorrect (6.0.x backport) Bug #5635: track by_rule|by_both incorrectly rejected for global thresholds (6.0.x backport) Bug #5633: Pass rules on 6.0.8 are generating alert events when passing tunneled traffic Bug #5608: base64: skip over all invalid characters for RFC 2045 mode (6.0.x backport) Bug #5607: base64_decode does not populate base64_data buffer once hitting non-base64 chars (6.0.x backport) Bug #5602: dcerpc: rust integer underflow (6.0.x backport) Bug #5599: eve: mac address logging for packet records reverses direction (6.0.x backport) Bug #5598: detect/tag: timeout handling issues on windows (6.0.x backport) Bug #5594: ips/tap: in layer 2 ips/tap setups, warn that mixed usage of ips and tap will be removed in 8.0 (6.0.x backport) Bug #4883: Netmap configuration -- need a configuration option for non-standard library locations (6.0.x backport) Feature #5478: Support for RFC2231 (6.0.x backport) Task #5698: libhtp 0.5.42 Task #5570: transversal: update references to suricata webpage version 2 (backport 6.0.x) Task #4852: netmap: new API version (14) supports multi-ring software mode (6.0.x backport)
Signed-off-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/{oldcore/131 => core/172}/filelists/libhtp | 0 config/rootfiles/{oldcore/131 => core/172}/filelists/suricata | 0 config/rootfiles/core/172/update.sh | 4 ++++ lfs/libhtp | 4 ++-- lfs/suricata | 4 ++-- 5 files changed, 8 insertions(+), 4 deletions(-) copy config/rootfiles/{oldcore/131 => core/172}/filelists/libhtp (100%) copy config/rootfiles/{oldcore/131 => core/172}/filelists/suricata (100%)
Difference in files: diff --git a/config/rootfiles/core/172/filelists/libhtp b/config/rootfiles/core/172/filelists/libhtp new file mode 120000 index 000000000..676e2c5e8 --- /dev/null +++ b/config/rootfiles/core/172/filelists/libhtp @@ -0,0 +1 @@ +../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/suricata b/config/rootfiles/core/172/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/172/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/172/update.sh b/config/rootfiles/core/172/update.sh index e73156560..ecf439a92 100644 --- a/config/rootfiles/core/172/update.sh +++ b/config/rootfiles/core/172/update.sh @@ -37,6 +37,7 @@ done /usr/local/bin/openvpnctrl -kn2n /etc/rc.d/init.d/sshd stop /etc/rc.d/init.d/unbound stop +/etc/rc.d/init.d/suricata stop
KVER="xxxKVERxxx"
@@ -166,6 +167,9 @@ if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then fi
# Start services +if grep -q "ENABLE_IDS=on" /var/ipfire/suricata/settings; then + /etc/rc.d/init.d/suricata start +fi /etc/init.d/unbound start if grep -q "ENABLE_SSH=on" /var/ipfire/remote/settings; then /etc/init.d/sshd start diff --git a/lfs/libhtp b/lfs/libhtp index e3be4a73a..80963c013 100644 --- a/lfs/libhtp +++ b/lfs/libhtp @@ -24,7 +24,7 @@
include Config
-VER = 0.5.41 +VER = 0.5.42
THISAPP = libhtp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e6e790f76b8d08b89ffc483a218dd1b3a6f910ff1fe8e44d48bfaae2189d9df567c0199e9f20fde05dc4059f75a1e3c34f4f76f2c8818dc7ca4111538095e16d +$(DL_FILE)_BLAKE2 = 8e1446992c40c2c2e9e7dd096803752245eebf3b5e48e0215430dbfe225ae029b2e01fadca61bdd994b534a0ed140b0a0149aa9a0dde64409ebf0afdd2bf6fd7
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata index 857fb4e7b..4f1887ee8 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.8 +VER = 6.0.9
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba +$(DL_FILE)_BLAKE2 = 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree