From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
 78e0fef411974834040b6f668560b0ddd4aee63f
Date: Tue, 29 Nov 2022 13:41:25 +0000
Message-ID: <4NM3QZ19JNz2xdp@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3253301635091651105=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============3253301635091651105==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  78e0fef411974834040b6f668560b0ddd4aee63f (commit)
       via  2b990133770045bb8ef3a081ad27b8a0813ac24e (commit)
       via  959fe5103b4c72725476657d9e5f42f3abc2f534 (commit)
      from  73955514ac319aa4758cdfc56467f2ba47b66935 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 78e0fef411974834040b6f668560b0ddd4aee63f
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date:   Tue Nov 29 14:41:00 2022 +0100

    Core Update 172: Ship and restart Suricata
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

commit 2b990133770045bb8ef3a081ad27b8a0813ac24e
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date:   Tue Nov 29 14:38:49 2022 +0100

    libhtp: Update to 0.5.42
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

commit 959fe5103b4c72725476657d9e5f42f3abc2f534
Author: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
Date:   Tue Nov 29 14:32:57 2022 +0100

    suricata: Update to 6.0.9
   =20
    Full changelog:
   =20
    Security #5710: smb: crash inside of streaming buffer Grow() (6.0.x backp=
ort)
    Security #5694: smtp/base64: crash / memory corruption (6.0.x backport)
    Security #5688: decoder/tunnel: tunnel depth not limited properly (6.0.x =
backport)
    Security #5600: ips: encapsulated packet logged as dropped, but not actua=
lly dropped (6.0.x backport)
    Bug #5715: smb: file not tracked on smb2 async (6.0.x backport)
    Bug #5714: SMB2 async responses are not matched with its request (6.0.x b=
ackport)
    Bug #5709: HTTP/2 decompression bug (6.0.x backport)
    Bug #5696: Integer overflow at dcerpc.rs:846 (6.0.x backport)
    Bug #5695: readthedocs: not showing pdf download option for recent versio=
ns (6.0.x backport)
    Bug #5683: FlowSwapFileFlags function is incorrect (6.0.x backport)
    Bug #5635: track by_rule|by_both incorrectly rejected for global threshol=
ds (6.0.x backport)
    Bug #5633: Pass rules on 6.0.8 are generating alert events when passing t=
unneled traffic
    Bug #5608: base64: skip over all invalid characters for RFC 2045 mode (6.=
0.x backport)
    Bug #5607: base64_decode does not populate base64_data buffer once hittin=
g non-base64 chars (6.0.x backport)
    Bug #5602: dcerpc: rust integer underflow (6.0.x backport)
    Bug #5599: eve: mac address logging for packet records reverses direction=
 (6.0.x backport)
    Bug #5598: detect/tag: timeout handling issues on windows (6.0.x backport)
    Bug #5594: ips/tap: in layer 2 ips/tap setups, warn that mixed usage of i=
ps and tap will be removed in 8.0 (6.0.x backport)
    Bug #4883: Netmap configuration -- need a configuration option for non-st=
andard library locations (6.0.x backport)
    Feature #5478: Support for RFC2231 (6.0.x backport)
    Task #5698: libhtp 0.5.42
    Task #5570: transversal: update references to suricata webpage version 2 =
(backport 6.0.x)
    Task #4852: netmap: new API version (14) supports multi-ring software mod=
e (6.0.x backport)
   =20
    Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/{oldcore/131 =3D> core/172}/filelists/libhtp   | 0
 config/rootfiles/{oldcore/131 =3D> core/172}/filelists/suricata | 0
 config/rootfiles/core/172/update.sh                           | 4 ++++
 lfs/libhtp                                                    | 4 ++--
 lfs/suricata                                                  | 4 ++--
 5 files changed, 8 insertions(+), 4 deletions(-)
 copy config/rootfiles/{oldcore/131 =3D> core/172}/filelists/libhtp (100%)
 copy config/rootfiles/{oldcore/131 =3D> core/172}/filelists/suricata (100%)

Difference in files:
diff --git a/config/rootfiles/core/172/filelists/libhtp b/config/rootfiles/co=
re/172/filelists/libhtp
new file mode 120000
index 000000000..676e2c5e8
--- /dev/null
+++ b/config/rootfiles/core/172/filelists/libhtp
@@ -0,0 +1 @@
+../../../common/libhtp
\ No newline at end of file
diff --git a/config/rootfiles/core/172/filelists/suricata b/config/rootfiles/=
core/172/filelists/suricata
new file mode 120000
index 000000000..f671f6993
--- /dev/null
+++ b/config/rootfiles/core/172/filelists/suricata
@@ -0,0 +1 @@
+../../../common/suricata
\ No newline at end of file
diff --git a/config/rootfiles/core/172/update.sh b/config/rootfiles/core/172/=
update.sh
index e73156560..ecf439a92 100644
--- a/config/rootfiles/core/172/update.sh
+++ b/config/rootfiles/core/172/update.sh
@@ -37,6 +37,7 @@ done
 /usr/local/bin/openvpnctrl -kn2n
 /etc/rc.d/init.d/sshd stop
 /etc/rc.d/init.d/unbound stop
+/etc/rc.d/init.d/suricata stop
=20
 KVER=3D"xxxKVERxxx"
=20
@@ -166,6 +167,9 @@ if [ -f "/var/ipfire/ovpn/n2nconf/*/*.conf" ]; then
 fi
=20
 # Start services
+if grep -q "ENABLE_IDS=3Don" /var/ipfire/suricata/settings; then
+	/etc/rc.d/init.d/suricata start
+fi
 /etc/init.d/unbound start
 if grep -q "ENABLE_SSH=3Don" /var/ipfire/remote/settings; then
 	/etc/init.d/sshd start
diff --git a/lfs/libhtp b/lfs/libhtp
index e3be4a73a..80963c013 100644
--- a/lfs/libhtp
+++ b/lfs/libhtp
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 0.5.41
+VER        =3D 0.5.42
=20
 THISAPP    =3D libhtp-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D e6e790f76b8d08b89ffc483a218dd1b3a6f910ff1fe8e44d48bfaa=
e2189d9df567c0199e9f20fde05dc4059f75a1e3c34f4f76f2c8818dc7ca4111538095e16d
+$(DL_FILE)_BLAKE2 =3D 8e1446992c40c2c2e9e7dd096803752245eebf3b5e48e0215430db=
fe225ae029b2e01fadca61bdd994b534a0ed140b0a0149aa9a0dde64409ebf0afdd2bf6fd7
=20
 install : $(TARGET)
=20
diff --git a/lfs/suricata b/lfs/suricata
index 857fb4e7b..4f1887ee8 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 6.0.8
+VER        =3D 6.0.9
=20
 THISAPP    =3D suricata-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_BLAKE2 =3D 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c=
0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba
+$(DL_FILE)_BLAKE2 =3D 966657eeff216894f6357989f0317b7c5eed82602ca2381269446c=
be4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551
=20
 install : $(TARGET)
=20


hooks/post-receive
--
IPFire 2.x development tree

--===============3253301635091651105==--