This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 7f782be5e35a91d4a5d7e936799b561531f6ebfb (commit) via c7e583d0f2b8c79889b8fd8e052b35304a4ee021 (commit) from f3d26496ac972cac1f62f7f6229a1c2bf597bff9 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7f782be5e35a91d4a5d7e936799b561531f6ebfb Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Sep 19 11:08:28 2023 +0000
core180: Ship suricata
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c7e583d0f2b8c79889b8fd8e052b35304a4ee021 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Sep 16 18:24:29 2023 +0200
suricata: Update to 6.0.14
Excerpt from changelog:
"6.0.14 -- 2023-09-13
Security #6289: Crash in SMTP parser during parsing of email (6.0.x backport) Security #6196: process exit in hyperscan error handling (6.0.x backport) Security #6156: dcerpc: max-tx config parameter, also for UDP (6.0.x backport) Bug #6285: community-id: Fix IPv6 address sorting not respecting byte order (6.0.x backport) Bug #6248: Multi-tenancy: crash under test mode when tenant signature load fails (6.0.x backport) Bug #6245: tcp: RST with data used in reassembly (6.0.x backport) Bug #6236: if protocol dcerpc first packet type is Alter_context, it will not parse dcerpc (6.0.x backport) Bug #6228: ips/af-packet: crash when copy-iface is the same as the interface (6.0.x backport) Bug #6227: windows: lua script path truncated (6.0.x backport) Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport) Bug #6224: base64: complete support for RFC2045 (6.0.x backport) Bug #6220: Backport tenant_id conversion to uint32_t Bug #6213: file.magic: rule reload can lead to crashes (6.0.x backport) Bug #6193: smtp: Attachment not being md5 matched (6.0.x backport) Bug #6192: smtp: use every byte to compute email.body_md5 (6.0.x backport) Bug #6182: log-pcap: fix segfault on lz4 compressed pcaps (6.0.x backport) Bug #6181: eve/alert: deprecated fields can have unexpected side affects (6.0.x backport) Bug #6174: FTP bounce detection doesn't work for big-endian platforms (6.0.x backport) Bug #6166: http2: fileinfo events log http2 object instead of http object as alerts and http2 do (6.0.x backport) Bug #6139: smb: wrong offset when parse SMB_COM_WRITE_ANDX record (6.0.x backport) Bug #6082: pcap: device reopen broken (6.0.x backport) Bug #6068: pcap: memory leaks (6.0.x backport) Bug #6045: detect: multi-tenancy leaks memory if more than 1 tenant registered (6.0.x backport) Bug #6035: stream.midstream: if enabled breaks exception policy (6.0.x backport) Bug #5915: rfb: parser returns error on unimplemented record types (6.0.x backport) Bug #5794: eve: if alert and drop rules match for a packet, "alert.action" is ambigious (6.0.x backport) Bug #5439: Invalid certificate when Issuer is not present. Optimization #6229: Performance impact of Cisco Fabricpath (6.0.x backport) Optimization #6203: detect: modernize filename fileext filemagic (6.0.x backport) Optimization #6153: suricatasc: Gracefully handle unsupported commands (6.0.x backport) Feature #6282: dns/eve: add 'HTTPS' type logging (6.0.x backport) Feature #5935: ips: add 'master switch' to enable dropping on traffic (handling) exceptions (6.0.x backport) Documentation #6234: userguide: add installation from Ubuntu PPA section (6.0.x backport)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/suricata | 1 + config/rootfiles/{oldcore/131 => core/180}/filelists/suricata | 0 config/rootfiles/core/180/update.sh | 1 + lfs/suricata | 4 ++-- 4 files changed, 4 insertions(+), 2 deletions(-) copy config/rootfiles/{oldcore/131 => core/180}/filelists/suricata (100%)
Difference in files: diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 89fd6d865..c414cf61b 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -35,6 +35,7 @@ usr/share/suricata #usr/share/suricata/rules/mqtt-events.rules #usr/share/suricata/rules/nfs-events.rules #usr/share/suricata/rules/ntp-events.rules +#usr/share/suricata/rules/rfb-events.rules #usr/share/suricata/rules/smb-events.rules #usr/share/suricata/rules/smtp-events.rules #usr/share/suricata/rules/ssh-events.rules diff --git a/config/rootfiles/core/180/filelists/suricata b/config/rootfiles/core/180/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/180/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/180/update.sh b/config/rootfiles/core/180/update.sh index c0bf18bd8..b538832bf 100644 --- a/config/rootfiles/core/180/update.sh +++ b/config/rootfiles/core/180/update.sh @@ -63,6 +63,7 @@ if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid restart fi /etc/rc.d/init.d/udev restart +/etc/rc.d/init.d/suricata restart
# This update needs a reboot... #touch /var/run/need_reboot diff --git a/lfs/suricata b/lfs/suricata index c48c1c430..5e16d1ac0 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.13 +VER = 6.0.14
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 +$(DL_FILE)_BLAKE2 = 7e14f16f04bdd632d26f4249c328ea918cc4edf96cc07be6a92722d4457353a36662e0041fd2b9669a104deaa010a093cb8195eb2604ed8145ab38f93a8b7124
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree