release: 8.0.2; update changelog

diff --git a/ChangeLog b/ChangeLog
index 8936246191421b2a9c4c0c1a3a55a0b355acf9a6..ef78771fb4ddb9be105079d163fc7c1f5071670e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,39 @@
+8.0.2 -- 2025-11-05
+
+Security #8066: lua: stack overflow from unbounded stack allocation in LuaPushStringBuffer (8.0.x backport)(HIGH - CVE 2025-64344)
+Security #8059: eve/http: stack overflow on large file transfers (8.0.x backport)(MODERATE - CVE 2025-64331)
+Security #8058: util/swf: stack overflow on larger compressed data  (8.0.x backport)(LOW - CVE 2025-64332)
+Security #8057: eve/http: stack overflow from big content type (8.0.x backport)(HIGH - CVE 2025-64333)
+Security #8022: eve/alert: heap buffer overflow on verdict (8.0.x backport)(MODERATE - CVE 2025-64330)
+Security #7981: http: unbounded memory growth for decompression (8.0.x backport)(CRITICAL - CVE 2025-64334)
+Security #7960: detect/entropy: null deref when used with base64_data (8.0.x backport)(HIGH - CVE 2025-64335)
+Security #8064: unix-socket: use after free if client command is too long (8.0.x backport)
+Bug #8076: snmp: detection-only setting is broken (8.0.x backport)
+Bug #8053: python/Makefile: too open file permissions for defaults.py (8.0.x backport)
+Bug #8034: flow/timeouts: yaml configured values unused for bypassed (8.0.x backport)
+Bug #8020: tls: certificate SAN is freed in case of any error (8.0.x backport)
+Bug #8016: detect/ip.src: does not load with lua transform (8.0.x backport)
+Bug #8007: anomaly/ether_type: always logged as big endian (8.0.x backport)
+Bug #8005:  pcap-log: bpf-filter not applied when using multi mode (8.0.x backport)
+Bug #7998: detect: replace keyword leaks memory (8.0.x backport)
+Bug #7992: http2: wrong parsing of go away frames error code (8.0.x backport)
+Bug #7990: dpdk: compile warning ‘rte_eth_bond_members_get’ is deprecated (8.0.x backport)
+Bug #7976: dpdk: CPU exclude logic is broken (8.0.x backport)
+Bug #7974: detect/files: signatures using file keywords on udp only app protos fail (8.0.x backport)
+Bug #7961: mime: incorrect decoding of quoted-printable text attachments (8.0.x backport)
+Bug #7943: runmode/dpdk: dpdk_vars initialized to NULL for any livedev (8.0.x backport)
+Bug #7940: decoder/vxlan: packet drops with non-zero reserved fields (8.0.x backport)
+Bug #7923: output/json: invalid IKE logs (8.0.x backport)
+Bug #7911: eve/alert: incorrect verdict with pass + alert rule (8.0.x backport)
+Bug #7910: lua/http: null dereference in accessor functions (8.0.x backport)
+Feature #8072: flow: midstream exception policy "reject-both" support (8.0.x backport)
+Task #7985: ci: Add multi-tenant test (8.0.x backport)
+Task #7978: github/actions: add DPDK 23.11 build (8.0.x backport)
+Task #5472: tracking: upgrading from 7 to 8
+Documentation #7917: userguide: add section for rule hooks (8.0.x backport)
+Documentation #7916: userguide: document tx scoped xbits (8.0.x backport)
+Documentation #7914: devguide: Add Eve Output Plugins (8.0.x backport)
+
 8.0.1 -- 2025-09-15
 
 Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if tls.subjectaltname contains zero(HIGH - CVE 2025-59150)

diff --git a/configure.ac b/configure.ac
index d903cf055d7b94873ae1a9696fafe59158598b7d..bae263eb9487a9373c31049304fb7c4aa8f45c13 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-    AC_INIT([suricata],[8.0.2-dev])
+    AC_INIT([suricata],[8.0.2])
     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
     AC_CONFIG_HEADERS([src/autoconf.h])
     AC_CONFIG_SRCDIR([src/suricata.c])

diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in
index 9178ffd56865ecf9c639b8ccace01396c22c122f..7e8e78a6e1d1e2ede789cd43f41f8590a1939a2d 100644 (file)
--- a/rust/Cargo.lock.in
+++ b/rust/Cargo.lock.in
@@ -1500,7 +1500,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
 
 [[package]]
 name = "suricata"
-version = "8.0.2-dev"
+version = "8.0.2"
 dependencies = [
  "aes",
  "aes-gcm",
@@ -1552,7 +1552,7 @@ dependencies = [
 
 [[package]]
 name = "suricata-derive"
-version = "8.0.2-dev"
+version = "8.0.2"
 dependencies = [
  "proc-macro-crate",
  "proc-macro2",
@@ -1562,7 +1562,7 @@ dependencies = [
 
 [[package]]
 name = "suricata-htp"
-version = "8.0.2-dev"
+version = "8.0.2"
 dependencies = [
  "base64",
  "brotli",
@@ -1588,11 +1588,11 @@ dependencies = [
 
 [[package]]
 name = "suricata-sys"
-version = "8.0.2-dev"
+version = "8.0.2"
 
 [[package]]
 name = "suricatactl"
-version = "8.0.2-dev"
+version = "8.0.2"
 dependencies = [
  "clap",
  "once_cell",
@@ -1603,7 +1603,7 @@ dependencies = [
 
 [[package]]
 name = "suricatasc"
-version = "8.0.2-dev"
+version = "8.0.2"
 dependencies = [
  "clap",
  "home",

diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs
index 5c809709db84beeb24114fba8cd42c910658c09e..c33c1512f8be881a922d7eac28ba2d1b87d583c3 100644 (file)
--- a/rust/sys/src/sys.rs
+++ b/rust/sys/src/sys.rs
@@ -1,6 +1,6 @@
 // This file is automatically generated. Do not edit.
 
-pub const SC_PACKAGE_VERSION: &[u8; 10] = b"8.0.2-dev\0";
+pub const SC_PACKAGE_VERSION: &[u8; 6] = b"8.0.2\0";
 pub type __intmax_t = ::std::os::raw::c_long;
 pub type intmax_t = __intmax_t;
 #[repr(u32)]