suricata: Update to 5.0.10

Changelog:

"5.0.10 -- 2022-07-12

Bug #5429: TCP flow that retransmits the SYN with a newer TSval not properly tracked (5.0.x backport)
[Note: Therefore 'suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch' could be removed]

Bug #5424: inspection of smb traffic without smb/dcerpc doesn't work correct.  (5.0.x backport)
Bug #5423: DCERPC protocol detection when nested in SMB (5.0.x backport)
Bug #5404: detect: will still inspect packets of a "dropped" flow for non-TCP (5.0.x backport)
Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)
Bug #5358: test failure on Ubuntu 22.04 with GCC 12 (5.0.x backport)
Bug #5354: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails (5.0.x backport)
Bug #5345: CIDR prefix calculation fails on big endian archs (5.0.x backport)
Bug #5343: ftp: quadratic complexity for tx iterator with linked list (5.0.x backport)
Bug #5341: decode/mime: base64 decoding for data with spaces is broken (5.0.x backport)
Bug #5339: PreProcessCommands does not handle all the edge cases (5.0.x backport)
Bug #5325: FTP: expectation created in wrong direction (5.0.x backport)
Bug #5305: cppcheck: various static analyzer "warning"s
Bug #5302: Failed assert DeStateSearchState
Bug #5301: eve: payload field randomly missing even if the packet field is present
Bug #5289: Remove unneeded stack-on-signal initialization.
Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum length
Bug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit (5.0.x backport)
Bug #5113: Off-by-one in flow-manager flow_hash row allocation
Bug #5055: Documentation copyright years are invalid
Bug #5021: dataset: error with space in rule language
Bug #4926: Rule error in SMB dce_iface and dce_opnum keywords (5.0.x backport)
Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport)
Optimization #5121: Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
Task #5322: stats/alert: log out to stats alerts that have been discarded from packet queue (5.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/suricata b/lfs/suricata
index 1ebcb4ba4c3b5add83e696f269c6753ee98fe2bd..1fbc2c1855a7526bf139a49e5fb7832fcb272c7a 100644 (file)
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.0.9
+VER        = 5.0.10
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6
+$(DL_FILE)_BLAKE2 = b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467
 
 install : $(TARGET)
 
@@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
        cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \

diff --git a/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch b/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
deleted file mode 100644 (file)
index 6bc745a..0000000
--- a/src/patches/suricata/suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 511648b3d7a4b5a5b4d55b92dffd63fcb23903a0 Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Fri, 19 Nov 2021 17:17:47 +0000
-Subject: [PATCH] stream: tcp: Handle retransmitted SYN with TSval
-
-For connections that use TCP timestamps for which the first SYN packet
-does not reach the server, any replies to retransmitted SYNs will be
-tropped.
-
-This is happening in StateSynSentValidateTimestamp, where the timestamp
-value in a SYN-ACK packet must match the one from the SYN packet.
-However, since the server never received the first SYN packet, it will
-respond with an updated timestamp from any of the following SYN packets.
-
-The timestamp value inside suricata is not being updated at any time
-which should happen. This patch fixes that problem.
-
-This problem was introduced in 9f0294fadca3dcc18c919424242a41e01f3e8318.
-
-Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
----
- src/stream-tcp.c | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/src/stream-tcp.c b/src/stream-tcp.c
-index 1cff19fa5..af681760b 100644
---- a/src/stream-tcp.c
-+++ b/src/stream-tcp.c
-@@ -1641,6 +1641,23 @@ static int StreamTcpPacketStateSynSent(ThreadVars *tv, Packet *p,
-                     "ssn->client.last_ack %"PRIu32"", ssn,
-                     ssn->client.isn, ssn->client.next_seq,
-                     ssn->client.last_ack);
-+        } else if (PKT_IS_TOSERVER(p)) {
-+            /*
-+           * On retransmitted SYN packets, the timestamp value must be updated,
-+           * to avoid dropping any SYN+ACK packets that respond to a retransmitted SYN
-+           * with an updated timestamp in StateSynSentValidateTimestamp.
-+           */
-+            if ((ssn->client.flags & STREAMTCP_STREAM_FLAG_TIMESTAMP) && TCP_HAS_TS(p)) {
-+                uint32_t ts_val = TCP_GET_TSVAL(p);
-+
-+                // Check whether packets have been received in the correct order (only ever update)
-+                if (ssn->client.last_ts < ts_val) {
-+                    ssn->client.last_ts = ts_val;
-+                    ssn->client.last_pkt_ts = p->ts.tv_sec;
-+                }
-+
-+                SCLogDebug("ssn %p: Retransmitted SYN. Updated timestamp from packet %"PRIu64, ssn, p->pcap_cnt);
-+            }
-         }
- 
-         /** \todo check if it's correct or set event */
--- 
-2.30.2
-