From ece2ba69eeead4743e9b41b5011f8aa8a8658e90 Mon Sep 17 00:00:00 2001 From: Matthias Fischer Date: Tue, 16 Sep 2025 23:47:05 +0200 Subject: [PATCH] suricata: Update to 8.0.1 Excerpt from changelog: "8.0.1 -- 2025-09-15 Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname contains zero(HIGH - CVE 2025-59150) Security #7861: detect: Dynamic-stack-buffer-overflow in ShortenString(HIGH - CVE 2025-59149) Security #7838: detect/entropy: segfault when not anchored to a sticky buffer(HIGH - CVE 2025-59148) Security #7657: tcp: syn resend with different seq leads to detection bypasss(HIGH - CVE 2025-59147) Bug #7891: unix-socket: memory leak when client disconnects during rule reload Bug #7877: rust: build with RUSTC and CARGO variables fails Bug #7865: detect/integers: u8 prefilter does not support all modes Bug #7859: doc/userguide: build failure with read the docs theme Bug #7843: http: dissection anomaly on `Content-Encoding: identity` Bug #7836: util-byte: bad usage of StringParse function return codes Bug #7828: util/hash: unexpected remove behavior Bug #7827: app-layer: ippair.memcap counter shows memuse Bug #7824: hyperscan: caching results in segfault with link time optimization (-flto=auto, etc) Bug #7822: engine-analysis: SEGV on rule failure without rules-fast-pattern enabled Bug #7821: engine-analysis: no report for failed rules without fast pattern Bug #7820: app-layer/snmp: internal error if app-layer is disabled Bug #7815: unix-socket: segfault in "pcap-file-list" command Bug #7813: cppcheck: warnings in counters.c Bug #7804: util-lua-sandbox.c undeclared identifier error for Suricata 8.0.0 Bug #7803: http: use transactions right get function Bug #7802: detect/dsize: uninitialized value from SigParseRequiredContentSize Bug #7741: http2: events can contain an empty response object Bug #7740: doh2: events are always dns even if there is no DNS info (pure HTTP2 settings) Bug #7651: decoder/pppoe: valid packets are getting dropped as decoder.ppp.unsup_proto Bug #7636: tcp: assertion triggered in StreamTcpReassembleAppLayer Bug #7611: eve: segv in stats.totals output Bug #5689: eve: community id computed wrong for tcp and ipv4 when src_ip == dest_ip Bug #4702: tcp: SYN/ACK dropped when client does not support timestamps Bug #4178: alert-debug: DNS Query triggers alert but no output in alert-debug.log Bug #3844: tcp: possible bypass with TCP ssn reuse Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL check Feature #7869: detect/integers: support units like kib Task #7857: schema/arp: fix invalid pkt event output Task #7834: detect: remove unused non-pf stats counters Documentation #7890: detect: tls.cert_subject incorrectly claims to support multi-buffer Documentation #7867: detect/multi-buffers: complete list in userguide page on multi-buffer-matching Documentation #7854: doc/lualib: fix flow timestamps() return value order Documentation #7795: eve/schema: document stats.detect counters Documentation #7794: eve/schema: document stats.flow counters Documentation #7728: lua: fix all Lua documentation examples for new library format Documentation #7648: rtd: set "latest" to last stable release starting with 8.0.0 Documentation #7639: dpdk: update Connect-X4 recommended fallback tx-descriptor count Documentation #7631: userguide: document lua lib suricata.dnp3 Documentation #7190: detect/integers: document usage of units Documentation #7081: userguide: add unix socket option to retrieve flow info Documentation #6840: devguide/app-layer: section with conceptualized steps for adding parser Documentation #6284: userguide: document what's the impact of `stream.inline` Documentation #6270: userguide: document usage of Suricata as a firewall Documentation #5690: userguide: document the differences between IPS and IDS mode Documentation #5513: userguide: add a chapter for IPS mode Documentation #5139: userguide: add a section for netflow event type Documentation #5078: doc/userguide: improve rule reload documentation Documentation #4351: doc: explain the engine logic to trigger inspection of TCP data" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer --- lfs/suricata | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/suricata b/lfs/suricata index f30c8aa06..e84c604c6 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@ include Config -VER = 8.0.0 +VER = 8.0.1 THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = be76000891acfd6746c05023abb633aff86d90a9a18ecf49758bf05cdc52ed7184f2ac87056dc19489dff0dda81c1139a8a608f682389533ae07a8295fab20c3 +$(DL_FILE)_BLAKE2 = 52b2fb30a4c56a5a0979ac2016b707e089cdc3ecdf85d834cf2a22e92465136fda11b6830a95831c0146f6f3db7b93892649ee15317a9db1825452266611722b install : $(TARGET) -- 2.47.3