From: Victor Julien <vjulien@oisf.net>
Date: Thu, 21 Apr 2022 08:52:23 +0000 (+0200)
Subject: release: 5.0.9; update changelog; require htp 0.5.40
X-Git-Tag: suricata-5.0.9^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6b53b79aca66435057e2e4c8f8eb4d4a41c683f;p=thirdparty%2Fsuricata.git

release: 5.0.9; update changelog; require htp 0.5.40
---

diff --git a/ChangeLog b/ChangeLog
index 0bc1c35769..9403a474a4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,54 @@
+5.0.9 -- 2022-04-21
+
+Security #4889: ftp: SEGV at flow cleanup due to protocol confusion
+Security #5025: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
+Security #5028: smtp: GetLine function buffers data indefinitely if 0x0a was not found in the frag'd input
+Security #5253: Infinite loop in JsonFTPLogger
+Feature #4644: pthreads: set minimum stack size
+Bug #4466: dataset file not written when run as user
+Bug #4678: Configuration test mode succeeds when reference.config file contains invalid content
+Bug #4745: Absent app-layer protocol is always enabled by default
+Bug #4819: tcp: insert_data_normal_fail can hit without triggering memcap
+Bug #4823: conf: quadratic complexity
+Bug #4825: pppoe decoder fails when protocol identity field is only 1 byte
+Bug #4827: packetpool: packets in pool may have capture method ReleasePacket callbacks set
+Bug #4838: af-packet: cluster_id is not used when trying to set fanout support
+Bug #4878: datasets: memory leak in 5.0.x
+Bug #4887: dnp3: buffer over read in logging base64 empty objects
+Bug #4891: protodetect: SMB vs TLS protocol detection in midstream
+Bug #4893: TFTP: memory leak due to missing detect state
+Bug #4895: Memory leak with signature using file_data and NFS
+Bug #4897: profiling: Invalid performance counter when using sampling
+Bug #4901: eve: memory leak related to dns
+Bug #4932: smtp: smtp transaction not logged if no email is present
+Bug #4955: stream: too aggressive pruning in lossy streams
+Bug #4957: SMTP assertion triggered
+Bug #4959: suricatasc loop if recv returns no data
+Bug #4961: dns: transaction not created when z-bit set
+Bug #4963: Run stream reassembly on both directions upon receiving a FIN packet
+Bug #5058: dns: probing/parser can return error when it should return incomplete
+Bug #5063: Not keyword matches in Kerberos requests
+Bug #5096: output: timestamp missing usecs on Arm 32bit + Musl
+Bug #5099: htp: server personality radix handling issue
+Bug #5101: defrag: policy config can setup radix incorrectly
+Bug #5103: Application log cannot to be re-opened when running as non-root user
+Bug #5105: iprep: cidr support can set up radix incorrectly
+Bug #5107: detect/iponly: rule parsing does not always apply netmask correctly
+Bug #5109: swf: coverity warning
+Bug #5115: detect/ip_proto: inconsistent behavior when specifying protocol by string
+Bug #5117: detect/iponly: mixing netblocks can lead to FN/FP
+Bug #5119: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice()
+Bug #5137: smb: excessive memory use during file transfer
+Bug #5150: nfs: Integer underflow in NFS
+Bug #5157: xbits: noalert is allowed in rule language with other commands
+Bug #5164: iprep: use_cnt can get desynchronized (SIGABRT)
+Bug #5171: detect/iponly: non-cidr netmask settings can lead incorrect radix tree
+Bug #5193: SSL : over allocation for certificates
+Bug #5213: content:"22 2 22"; is parsed without error
+Bug #5227: 5.0.x: SMB: Wrong buffer being checked for possible overflow.
+Bug #5251: smb: integer underflows and overflows
+Task #5006: libhtp 0.5.40
+
 5.0.8 -- 2021-11-16
 
 Security #4635: tcp: crafted injected packets cause desync after 3whs
diff --git a/configure.ac b/configure.ac
index 61c07fe9bf..bb3a97803b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-    AC_INIT([suricata],[5.0.9-dev])
+    AC_INIT([suricata],[5.0.9])
     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
     AC_CONFIG_HEADERS([config.h])
     AC_CONFIG_SRCDIR([src/suricata.c])
@@ -1601,12 +1601,12 @@
             echo
             exit 1
         fi
-        PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.39],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
+        PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.40],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
         if test "$libhtp_minver_found" = "no"; then
             PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
             if test "$libhtp_devver_found" = "no"; then
                 echo
-                echo "   ERROR! libhtp was found but it is neither >= 0.5.39, nor the dev 0.5.X"
+                echo "   ERROR! libhtp was found but it is neither >= 0.5.40, nor the dev 0.5.X"
                 echo
                 exit 1
             fi