This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via bf0aa7f25b3748190565e784c55c2867ee70da37 (commit) from 76d514cf5bc5df3cda8655d2aa83dbe2cc8f8c2f (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bf0aa7f25b3748190565e784c55c2867ee70da37 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue May 23 13:50:07 2023 +0200
suricata: Update to 6.0.12
"6.0.12 -- 2023-05-08
Bug #6040: tcp: failed assertion ASSERT: !(ssn->state != TCP_SYN_SENT) (6.0.x backport) Bug #6039: TCP resets have incorrect len, nh in IPv6 (6.0.x backport) Bug #6034: time: integer comparison with different signs (6.0.x backport) Bug #6031: af-packet: reload not occurring until packets are seen (6.0.x backport) Bug #6020: smtp: fuzz debug assertion trigger (6.0.x backport) Bug #6018: scan-build warning for mime decoder (6.0.x backport) Bug #6017: scan-build warnings for ac implementations (6.0.x backport) Bug #6016: scan-build warnings in radix implementation (6.0.x backport) Bug #6015: scan-build warning for detect sigordering (6.0.x backport) Bug #6014: scan-build warnings for detect address handling (6.0.x backport) Bug #6013: scan-build warning for detect port handling (6.0.x backport) Bug #6007: Unexpected behavior of `endswith` in combination with negated content matches (6.0.x backport) Bug #5999: exception/policy: make work with simulated flow memcap (6.0.x backport) Bug #5997: perf shows excessive time in IPOnlyMatchPacket (6.0.x backport) Bug #5980: rust: warning for future compile errors Bug #5961: smb: wrong endian conversion when parse NTLM Negotiate Flags (6.0.x backport) Bug #5958: bpf: postpone IPS check after IPS runmode is determined from the configuration file (6.0.x backport) Bug #5934: app-layer-htp: Condition depending on enabled IPS mode never true (6.0.x backport) Optimization #6033: detect using uninitialized engine mode (6.0.x backport) Feature #5996: Add support for 'inner' PF_RING clustering modes (6.0.x backport) Task #6052: github-ci: add windows + windivert build (6.0.x backport)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: lfs/suricata | 4 ++-- .../suricata-5.0.8-fix-level1-cache-line-size-detection.patch | 2 +- src/patches/suricata/suricata-disable-sid-2210059.patch | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-)
Difference in files: diff --git a/lfs/suricata b/lfs/suricata index 75698b0b1..b28d5e3e7 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 6.0.11 +VER = 6.0.12
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4 +$(DL_FILE)_BLAKE2 = 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6
install : $(TARGET)
diff --git a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch index 5aaabb167..f1529812d 100644 --- a/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch +++ b/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch @@ -2,7 +2,7 @@ diff --git a/configure.ac b/configure.ac index d56d3a550..81abf8f00 100644 --- a/configure.ac +++ b/configure.ac -@@ -2390,7 +2390,7 @@ fi +@@ -2424,7 +2424,7 @@ fi AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") if test "$HAVE_GETCONF_CMD" != "no"; then CLS=$(getconf LEVEL1_DCACHE_LINESIZE) diff --git a/src/patches/suricata/suricata-disable-sid-2210059.patch b/src/patches/suricata/suricata-disable-sid-2210059.patch index 54747dfd2..8955eec5e 100644 --- a/src/patches/suricata/suricata-disable-sid-2210059.patch +++ b/src/patches/suricata/suricata-disable-sid-2210059.patch @@ -1,7 +1,7 @@ diff -Nur a/rules/stream-events.rules b/rules/stream-events.rules --- a/rules/stream-events.rules 2021-11-17 16:55:12.000000000 +0100 +++ b/rules/stream-events.rules 2021-12-08 18:12:39.850189502 +0100 -@@ -89,7 +89,7 @@ +@@ -97,7 +97,7 @@ # rule to alert if a stream has excessive retransmissions alert tcp any any -> any any (msg:"SURICATA STREAM excessive retransmissions"; flowbits:isnotset,tcp.retransmission.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retransmission.alerted; classtype:protocol-command-decode; sid:2210054; rev:1;) # Packet on wrong thread. Fires at most once per flow.
hooks/post-receive -- IPFire 2.x development tree