From: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Wed, 14 Jan 2026 10:30:10 +0000 (+0100)
Subject: suricata: Update to 8.0.3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fd193a12a874fb97423a0a3c06f9155c3235e2a;p=ipfire-2.x.git

suricata: Update to 8.0.3

Excerpt from changelog:

"8.0.3 -- 2026-01-09

Security #8202: http: quadratic complexity in headers parsing over multiple
packets (8.0.x backport)(HIGH - CVE 2026-22263)
Security #8199: dnp3: unbounded transaction growth (8.0.x backport)(HIGH - CVE 2026-22259)
Security #8197: dcerpc: unbounded fragment buffering leads to memory
exhaustion (8.0.x backport)(CRITICAL - CVE 2026-22258)
Security #8191: detect/alert: heap-use-after-free on alert queue expansion
(8.0.x backport)(HIGH - CVE 2026-22264)
Security #8186: http: infinite recursion in decompression (8.0.x backport)(HIGH - CVE 2026-22260)
Security #8157: eve/alert: http xff handling can lead to denial of service
(8.0.x backport)(MODERATE - CVE 2026-22261)
Security #8111: datasets: stack overflow (8.0.x backport)(HIGH - CVE 2026-22262)
Bug #8211: rust: update lru crate to address RUSTSEC-2026-0002 (8.0.x backport)
Bug #8188: tcp: fast open packet not fully handled (8.0.x backport)
Bug #8180: eve/tls: version not logged for client hello only session (8.0.x backport)
Bug #8178: flow: mac addresses are not swapped (8.0.x backport)
Bug #8177: xbits: no error on invalid 'expire' values (8.0.x backport)
Bug #8176: lua: crash with luaxform and arguments (8.0.x backport)
Bug #8155: tls: ssl_version keyword negation (!) not working (8.0.x backport)
Bug #8152: stream/reassembly: BUG_ON triggered from AdjustToAcked in debug mode (8.0.x backport)
Bug #8151: nfs: NFS3/NFS2 procedure conflict (8.0.x backport)
Bug #8134: configure: hint for installing bindgen is outdated (8.0.x backport)
Bug #8120: file: wrong hash on small multipart files (8.0.x backport)
Bug #8103: unix-socket: hostbit commands ipv6 parsing issues (8.0.x backport)
Bug #8074: util/time: wrong parameter used in function (8.0.x backport)
Bug #7709: pop3: parse error blocks sessions
Optimization #8107: conf: timeout on too many scalar events (8.0.x backport)
Feature #8175: frames: add --list-frames option (8.0.x backport)
Feature #8144: af-packet: runtime option/flag to disable hardware timestamp support (8.0.x backport)
Feature #8100: nfs: NFSv4 should support 4.1's new enums (8.0.x backport)
Task #8148: psl: crate should be updated on every release (8.0.x backport)
Task #8091: schema: allow stream events for stats (8.0.x backport)
Documentation #8136: luaxform: options incorrectly described (8.0.x backport)
Documentation #8079: transform/luaxform: documentation states it supports init function (8.0.x backport)
Documentation #7938: docs: update backports policy for suri 7 (8.0.x backport)
Documentation #7931: userguide: update & improve exception policy section (8.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/lfs/suricata b/lfs/suricata
index dab9436e2..c483aef0a 100644
--- a/lfs/suricata
+++ b/lfs/suricata
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 8.0.2
+VER        = 8.0.3
 
 THISAPP    = suricata-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 708bc7f850a620cc69d41f78785d3cbd5116ea3baefeb3f068b6bd3e31a588511ecffab735ceb51d3392d5385d17dd3ee6498e0365ca38abf4ccf1b2cbc81f13
+$(DL_FILE)_BLAKE2 = ab87fde815338a7520badd2f4d8c8bfaccc778ecffbb13028fe9d561b1bf0e4ef2a43296b88fffb306df9e28fcd5997fa22c72ac887c40efbea799e0110fcb56
 
 install : $(TARGET)