VaiTon/suricata
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clone from server:monitoring OBS project

Browse Source
This commit is contained in:
Eyad Issa
2025-03-08 23:41:56 +01:00
commit e896a37268
11 changed files with 939 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.osc

3
_service Normal file
View File

@@ -0,0 +1,3 @@
<services>
<service name="download_files" mode="manual" />
</services>

BIN
suricata-7.0.8.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
suricata-7.0.8.tar.gz.sig Normal file
View File

Binary file not shown.

538
suricata.changes Normal file
View File

@@ -0,0 +1,538 @@
-------------------------------------------------------------------
Wed Jan 15 16:47:35 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Added suricata-devel package
- Added libsuricata package
* Enable shared library build
- Use pkgconfig to find build dependencies
- Remove coccinelle build dependency
- Only build with XDP/eBPF support when available
- Only build with libmagic/libnet support when available
- Update to version 7.0.8:
* Various security, performance, accuracy, and stability issues
have been fixed.
* This release addresses CVE IDs:
~ CVE-2024-55627: CRITICAL
~ CVE-2024-55605: CRITICAL
~ CVE-2024-55629: HIGH
~ CVE-2024-55628: HIGH
~ CVE-2024-55626: LOW
- Update to version 7.0.7:
* LibHTP has been updated to version 0.5.49
* Various security, performance, accuracy, and stability issues
have been fixed.
* This release addresses CVE IDs:
~ CVE-2024-45797: CRITICAL
~ CVE-2024-47187: CRITICAL
~ CVE-2024-47188: CRITICAL
~ CVE-2024-47522: HIGH
~ CVE-2024-45795: HIGH
~ CVE-2024-45796: HIGH
- Update to version 7.0.6
* Various security, performance, accuracy, and stability issues
have been fixed.
* JA4 for TLS and QUIC has been backported to Suricata 7.0.6.
* These releases address CVE IDs:
~ CVE-2024-37151: CRITICAL
~ CVE-2024-38536: HIGH
~ CVE-2024-38534: HIGH
~ CVE-2024-38535: CRITICAL
-------------------------------------------------------------------
Mon Jul 15 17:54:13 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Depend on vectorscan, as hyperscan has gone closed source
-------------------------------------------------------------------
Sat Jun 22 18:38:38 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 7.0.5
* LibHTP has been updated to version 0.5.48. This version is
bundled with these new Suricata releases.
* Suricata-Update has been updated to 1.3.3 in Suricata 7.0.5.
* Various security, performance, accuracy, and stability issues
have been fixed.
https://redmine.openinfosecfoundation.org/versions/206
* These releases address CVE IDs:
~ CVE-2024-32663 - Critical severity
~ CVE-2024-32664 - High severity
~ CVE-2024-32867 - Moderate severity
- Update to version 7.0.4
* Various security, performance, accuracy, and stability issues
have been fixed.
https://redmine.openinfosecfoundation.org/versions/202
-------------------------------------------------------------------
Mon Feb 19 07:26:30 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 7.0.3
* LibHTP required version is 0.5.46. This is the version that is bundled
with the releases.
* Various security, performance, accuracy, and stability issues have been fixed.
https://redmine.openinfosecfoundation.org/versions/200
* These releases address CVE IDs:
- CVE-2024-23839 - Critical severity
- CVE-2024-23836 - Critical severity
- CVE-2024-23835 - High severity
- CVE-2024-24568 - Moderate severity
-------------------------------------------------------------------
Thu Oct 19 17:24:49 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 7.0.2
* Various security, performance, accuracy, and stability issues have been fixed.
https://redmine.openinfosecfoundation.org/versions/198
-------------------------------------------------------------------
Mon Sep 25 07:04:49 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 7.0.1
* LibHTP required version is 0.5.45. This is the version that is bundled
with the release.
* Various security, performance, accuracy, and stability issues have been
fixed.
-------------------------------------------------------------------
Thu Jul 27 08:44:46 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 7.0.0
* Main features:
- DPDK IDS/IPS 35 support for primary mode was added
- AF_XDP IDS 17support by Richard McConnell at Rapid7
- HTTP/HTTP2 new keywords for header inspection
- TLS: client certificate logging and detection
- Bittorrent parser by Aaron Bungay
- IPS: new default DROP behavior for exception policies 7
- EVE documented and validated with a json schema
- HTTP/2 support is no longer considered experimental
- NETMAP API 14
- Conditional PCAP 43 by Eric Leblond and Scott Jordan
- Initial libsuricata support
- VLAN support extended from 2 to 3 layers
* Performance improvements:
- file.data MPM split per app protocol
- New lighter rule profiling mode by Eric Leblond
- SMB: many fixes and optimizations
- Hash calculation using Rust crypto instead of NSS
- Flow manager tuning
- Many more performance-related counters
- Stream buffer, which is used by stream engine, file tracking, and more, is more memory efficient
* Secure Deployment / Security
- Linux Landlock support added by Eric Leblond
- Use of setrlimit to prevent Suricata from creating another process
- Lock cargo crates
- Default to secure settings for Datasets and Lua
- Maximum number of transactions for several protocols
- New Security Policies: https://github.com/OISF/suricata/blob/master/SECURITY.md 15
* Protocols
- QUICv1, GQUIC support added. GQUIC contributed by Emmanuel Thompson
- PostgreSQL support added
- HTTP/2 deflate decompression, byte-ranges support
- VN-Tag support
- Modbus rewritten to Rust with Eve logging added by Simon Dugas
- IKEv1 support added by Sascha Steinbiss and Frank Honza
- ESP flow tracking and logging
- Minimal telnet parser
- Active flow and TCP counters
- Network service header
- Remove dependency on systems /etc/protocols
* Rules
- Added new rule keywords for DHCP, Kerberos, SNMP, TLS, QUIC
- JA3(s) support for QUIC
- New (experimental) class of keywords through “frames API”: NFS, SMB, DNS, telnet, SSL/TLS
- HTTP request files and NFS now support file.data
- “XOR” transform was added
- Lua: access to more rule info
- The byte_test, byte_math, and byte_jump keywords allow a variable name for the byte count value.
- flow.age keyword was added
* IPS
- Exception Policies added to better control packet handling in such conditions as memory caps being hit
- DPDK support
* Socket Control
- Get flow stats over Unix socket
- Datasets management commands were added
* Output
- Conditional packet capture allows packets to be written to disk only after an alert has been triggered
- New “stream” eve output type for debugging the stream engine
- Log engine verdict on rejected/dropped/passed packets
* Dev corner
- Total: 1375 files changed, 130027 insertions(+), 127626 deletions(-)
- Rust: 173 files changed, 39279 insertions(+), 13830 deletions(-)
- C: 978 files changed, 73882 insertions(+), 109446 deletions(-)
- Docs: 142 files changed, 6636 insertions(+), 1890 deletions(-)
- Much stricter C compiler flags.
- Clangs scan-build clean, which is enforced in CI.
- CI was expanded.
- Rust parsers upgraded to using Nom 7
* Upgrade notes:
- Suricata 7.0 now uses pcre2 instead of pcre1.
- The MSRV (minimum supported Rust version) has been updated to 1.63.0 from 1.41.1 minimum in Suricata 6.0.
- Support for Prelude (libprelude) has been removed
- Suricata 7.0 requires and bundles libhtp 0.5.45
-------------------------------------------------------------------
Tue Jun 20 07:16:17 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 6.0.13
* LibHTP has been updated to 0.5.44. This is a required version that is
bundled with the release.
* Security #6119: datasets: absolute path in rules can overwrite arbitrary
files (6.0.x backport)
* Bug #6138: Decode-events of IPv6 packets are not triggered
(6.0.x backport)
* Bug #6136: suricata-update: dump-sample-configs: configuration files not
found (6.0.x backport)
* Bug #6125: http2: cpu overconsumption in rust moving/memcpy in
http2_parse_headers_blocks (6.0.x backport)
* Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
* Bug #6056: smtp: long line discard logic should be separate for server and
client (6.0.x backport)
* Bug #6055: ftp: long line discard logic should be separate for server and
client (6.0.x backport)
* Bug #5990: smtp: any command post a long command gets skipped
(6.0.x backport)
* Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes
(6.0.x backport)
* Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
* Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow
(6.0.x backport)
* Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
* Task #5984: libhtp 0.5.44 (6.0.x backport)
* Documentation #6134: userguide: add instructions/explanation for
(not) running suricata with root (6.0.x backport)
* Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain
attacks
-------------------------------------------------------------------
Wed May 10 07:15:41 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 6.0.12
* Various performance, accuracy, and stability issues have been fixed.
* Remove legacy pfring install guide
-------------------------------------------------------------------
Fri Apr 21 12:28:37 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 6.0.11
* LibHTP has been updated to 0.5.43. This is a required version that is
bundled with the release.
* Various security, performance, accuracy, and stability issues have been
fixed.
-------------------------------------------------------------------
Thu Feb 9 21:50:04 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 6.0.10
Various security, performance, accuracy, and stability issues have been fixed
https://forum.suricata.io/t/suricata-6-0-10-released/3175/2
* Security #5804: Suricata crashes while processing FTP (6.0.x backport)
* Bug #5815: detect: config keyword prevents tx cleanup (6.0.x backport)
* Bug #5812: nfs: debug validation triggered on nfs2 read
* Bug #5810: smb/ntlmssp: parser incorrectly assumes fixed field order
(6.0.x backport)
* Bug #5806: exceptions: midstream flows are dropped if
midstream=true && stream.midstream-policy=drop-flow (6.0.x backport)
* Bug #5796: TLS Handshake Fragments not Reassembled (6.0.x backport)
* Bug #5795: detect/udp: different detection from rules when UDP/TCP header is
broken (6.0.x backport)
* Bug #5793: decode: Padded packet to minimal Ethernet length marked with
invalid length event (6.0.x backport)
* Bug #5791: smb: unbounded file chunk queuing after gap (6.0.x backport)
* Bug #5763: libbpf: Use of legacy code in eBPF/XDP programs (6.0.x backport)
* Bug #5762: detect/pcre: JIT not disabled when OS doesn't allow RWX pages
* Bug #5760: nfs: ASSERT: attempt to subtract with overflow (compound)
(6.0.x backport)
* Bug #5749: iprep/ipv6: warning issued on valid reputation input
(6.0.x backport)
* Bug #5744: netmap: 6.0.9 v14 backport causes known packet stalls from v14
implementation in "legacy" mode too
* Bug #5738: smb: failed assertion
(!((f->alproto == ALPROTO_SMB && txd->files_logged != 0))),
function CloseFile, file output-file.c (6.0.x backport)
* Bug #5735: smtp: quoted-printable encoding skips empty lines in files
(6.0.x backport)
* Bug #5723: eve: missing common fields like community id for some event types
like RFB
* Bug #5601: detect: invalid hex character in content leads to bad debug
message (6.0.x backport)
* Bug #5565: Excessive qsort/msort time when large number of rules using
tls.fingerprint (6.0.x backport)
* Bug #5299: YAML warning from default config on 6.0.5
* Optimization #5797: tls: support incomplete API to replace internal buffering
* Optimization #5790: smb: set defaults for file chunk limits (6.0.x backport)
- add dependency libhtp >= 0.5.42
-------------------------------------------------------------------
Tue Nov 29 18:46:25 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to version 6.0.9
Various security, performance, accuracy and stability issues have been fixed
https://forum.suricata.io/t/suricata-6-0-9-released/3012
- build now requires libhtp >= 0.5.42
-------------------------------------------------------------------
Mon Oct 3 11:41:34 UTC 2022 - Martin Hauke <mardnh@gmx.de>
- Use hyperscan-devel instead of 'pkgconfig(libhs)' to prevent:
"unresolvable: have choice for pkgconfig(libhs): hyperscan-devel
vectorscan-devel"
-------------------------------------------------------------------
Wed Sep 28 08:06:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
- Update to version 6.0.8
https://forum.suricata.io/t/suricata-6-0-8-released/2808
https://forum.suricata.io/t/suricata-6-0-7-released/2807
https://forum.suricata.io/t/suricata-6-0-6-and-5-0-10-released/2637
- build now requires libhtp >= 0.5.41
-------------------------------------------------------------------
Tue Jun 28 12:13:10 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
- Copy config files and update rules
- Add python3-PyYAML as dependency for suricata-update
-------------------------------------------------------------------
Tue Jun 28 11:58:29 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
- Update to version 6.0.5
https://forum.suricata.io/t/suricata-6-0-5-and-5-0-9-released/2415
- LibHTP has been updated to 0.5.40. This is a required version that
is bundled with both releases.
- Suricata-Update, as bundled with 6.0.5, was updated to 1.2.4.
- Various security, performance, accuracy and stability issues have
been fixed.
-------------------------------------------------------------------
Tue Jan 25 15:09:22 UTC 2022 - Hans-Peter Jansen <hpj@urpla.net>
- Update to version 6.0.4:
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
- Add luajit build conditional
- More man pages
-------------------------------------------------------------------
Mon Nov 9 11:56:06 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
- Update to version 6.0.0:
https://suricata-ids.org/2020/10/08/suricata-6-0-0-released/
Upgrade notes:
https://suricata.readthedocs.io/en/latest/upgrade.html
- Add new dependencies, most notably: rust, cargo
- Change geoip to maxminddb:
https://build.opensuse.org/package/view_file/openSUSE:Leap:15.2/GeoIP/README.SUSE
- Disable prelude support: currently broken
https://redmine.openinfosecfoundation.org/issues/4065
-------------------------------------------------------------------
Tue Apr 28 17:51:33 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Switch to python3
- Update to version 4.1.8
* Bug #3492: Backport 4 BUG_ON(strcasecmp(str, “any”) in
DetectAddressParseString
* Bug #3508: rule parsing: memory leaks
* Bug #3527: 4.1.x Kerberos vulnerable to TCP splitting evasion
* Bug #3533: Skip over ERF_TYPE_META records
* Bug #3551: file logging: complete files sometimes marked
TRUNCATED
* Bug #3572: rust: smb compile warnings
* Bug #3579: Faulty signature with two threshold keywords does
not generate an error and never match
* Bug #3581: random failures on sip and http-evader
suricata-verify tests
* Bug #3596: ftp: asan detects leaks of expectations
* Bug #3599: rules: memory leaks in pktvar keyword
* Bug #3601: rules: bad address block leads to stack exhaustion
* Bug #3603: rules: crash on internal-only keywords
* Bug #3605: rules: missing consumption of transforms
before pkt_data would lead to crash
* Bug #3607: rules: minor memory leak involving
pcre_get_substring
* Bug #3608: ssl/tls: ASAN issue in SSLv3ParseHandshakeType
* Bug #3611: defrag: asan issue
* Bug #3633: file-store.stream-depth not working as expected
when configured to a specfic value (4.1.x)
* Bug #3645: Invalid memory read on malformed rule with Lua
script
* Bug #3647: rules: memory leaks on failed rules
* Bug #3648: CIDR Parsing Issue
* Bug #3650: FTP response buffering against TCP stream
* Bug #3652: Recursion stack-overflow in parsing YAML
configuration
* Bug #3659: Multiple DetectEngineReload and bad insertion
into linked list lead to buffer overflow
* Bug #3666: FTP: Incorrect ftp_memuse calculation.
* Bug #3668: Signature with an IP range creates one
IPOnlyCIDRItem by signe IP address
* Bug #3671: Protocol detection evasion by packet splitting
* Bug #3676: Segfault on SMTP TLS
* Feature #3482: GRE ERSPAN Type 1 Support
* Task #3479: libhtp 0.5.33 (4.1.x)
* Task #3513: SMTP should place restraints on variable length
items (e.g., filenames)
-------------------------------------------------------------------
Wed Feb 19 20:27:13 UTC 2020 - Martin Hauke <mardnh@gmx.de>
- Update to 4.1.7
* Bug #3417: disable-geoip does not work
* Bug #3448: Suricata 4.1 Seg Fault: Socket Control pcap-file
and corrupt pcap
* Bug #3452: smb: post-GAP file tx handling
* Bug #3453: coverity: CID 1456680: Incorrect expression
(IDENTICAL_BRANCHES)
* Bug #3470: gcc10: compilation failure unless -fcommon is
supplied
* Bug #3471: nfs: post-GAP some transactions never close
* Bug #3472: nfs: post-GAP file tx handling
* Bug #3474: Dropping privileges does not work with NFLOG
- Update to 4.1.6
* Bug #3276: address parsing: memory leak in error path
* Bug #3278: segfault when test a nfs pcap file
* Bug #3279: ikev2 enabled in config even if Rust is disabled
* Bug #3325: lua issues on arm (fedora:29)
* Bug #3326: Static build with pcap fails
* Bug #3327: tcp: empty SACK option leads to decoder event
* Bug #3347: BPF filter on command line not honored for pcap
file
* Bug #3355: DNS: DNS over TCP transactions logged with wrong
direction.
* Bug #3356: DHCP: Slow down over time due to lack of detect
flags
* Bug #3369: byte_extract does not work in some situations
* Bug #3385: fast-log: icmp type prints wrong value
* Bug #3387: suricata is logging tls log repeatedly if custom
mode is enabled
* Bug #3388: TLS Lua output does not work without TLS log
* Bug #3391: Suricata is unable to get MTU from NIC after
* Bug #3393: http: pipelining tx id handling broken
* Bug #3394: TCP evasion technique by overlapping a TCP segment
with a fake packet
* Bug #3395: TCP evasion technique by faking a closed TCP sessionl
* Bug #3402: smb: post-GAP some transactions never close
* Bug #3403: smb1: event only transactions for bad requests
never close
* Bug #3404: smtp: file tracking issues when more than one
attachment in a tx
* Bug #3405: Filehash rule does not fire without filestore
keyword
* Bug #3410: intermittent abort()s at shutdown and in unix-socket
* Bug #3412: detect/asn1: crashes on packets smaller than offset
setting
* Task #3367: configure: Rust 1.37+ has cargo-vendor support
bundled into cargo
* Bundle Suricata-Update 1.0.6
* Bundle Libhtp 0.5.32
-------------------------------------------------------------------
Tue Oct 22 09:24:31 UTC 2019 - Lars Vogdt <lars@linux-schulserver.de>
- Update to 4.1.5
* Feature #3068: protocol parser: vxlan (4.1.x)
* Bug #2841: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0 (4.1.x)
* Bug #2966: filestore (v1 and v2): dropping of “unwanted” files (4.1.x)
* Bug #3008: rust: updated libc crate causes depration warnings (4.1.x)
* Bug #3044: tftp: missing logs because of broken tx handling (4.1.x)
* Bug #3067: GeoIP keyword depends on now discontinued legacy GeoIP database (4.1.x)
* Bug #3094: Fedora rawhide af-packet compilation err (4.1.x)
* Bug #3123: bypass keyword: Suricata 4.1.x Segmentation Faults (4.1.x)
* Bug #3129: Fixes warning about size of integers in string formats (4.1.x)
* Bug #3159: SC_ERR_PCAP_DISPATCH with message “error code -2” upon rule reload completion (4.1.x)
* Bug #3164: Suricata 4.1.4: NSS Shutdown triggers crashes in test mode
* Bug #3168: tls: out of bounds read
* Bug #3170: defrag: out of bounds read
* Bug #3173: ipv4: ts field decoding oob read
* Bug #3175: File_data inspection depth while inspecting base64 decoded data (4.1.x)
* Bug #3184: decode/der: crafted input can lead to resource starvation
* Bug #3186: Multiple Content-Length headers causes HTP_STREAM_ERROR (4.1.x)
* Bug #3187: GET/POST HTTP-request with no Content-Length, http_client_body miss (4.1.x)
- build with lz4 and lzma support, especially to enable compression
- require python-yaml during build, which results in suricate-update
get's build and installed. This allows to update local
Suricata rules
- package /var/log/suricata directory instead of creating it during
post-installation of the package
-------------------------------------------------------------------
Tue May 14 09:35:39 UTC 2019 - Robert Frohl <rfrohl@suse.com>
- Update to version 4.1.4
* CVE-2019-10053: ssh: heap buffer overflow (boo#1134993)
* CVE-2019-10050: mpls: heapbuffer overflow in file decode-mpls.c (boo#1134991)
* decode-ethernet: heapbuffer overflow in file decode-ethernet.c
* smb 1 create andx request does not parse the filename correctly
* rust/dhcp: panic in dhcp parser
* mpls: cast of misaligned data leads to undefined behavior
* rust/ftp: panic in ftp parser
* rust/nfs: integer underflow
* This release includes Suricata-Update 1.0.5
-------------------------------------------------------------------
Thu Mar 7 21:31:14 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 4.0.7
* Failed Assertion, Suricata Abort - util-mpm-hs.c line 163
* unix runmode deadlock when using too many threads
* rule reload with workers mode and NFQUEUE not working stable
* TCP FIN/ACK, RST/ACK in HTTP - detection bypass
* afpacket doesn't wait for all capture threads to start
* DNS Golden Transaction ID - detection bypass
* Invalid detect-engine config could lead to segfault
* suricata.c ConfigGetCaptureValue - PCAP/AFP fallthrough to
strip_trailing_plus
* Stats interval are 1 second too early each tick
* rust/dns/lua - The Lua calls for DNS values when using Rust
don't behave the same as the C implementation.
* out of bounds read in detection
* smtp: improve pipelining support
-------------------------------------------------------------------
Sun Dec 16 19:44:13 UTC 2018 - mardnh@gmx.de
- Use pkg-config style build dependencies
- Build with support for Hyperscan
- Add systemd service file
- Add logrotate configuration file
- Update to version 4.0.6
* smtp segmentation fault (4.0.x)
* negated fileext and filename do not work as expected (4.0.x)
* filemd5 is not fired in some cases when there are invalid packets
* File descriptor leak in af-packet mode (4.0.x)
* Improve errors handling in AF_PACKET (4.0.x)
* Support http events - Weird unicode characters and truncation in
some of http_method/http_user_agent fields.
-------------------------------------------------------------------
Tue Jul 24 11:52:06 UTC 2018 - kbabioch@suse.com
- Applied spec-cleaner
- Removed gpg-offline, since we have GPG source validation by default now
- Update to 4.0.5
- Bug fixes
- Private Suricata stops inspecting TCP stream if a TCP RST was met (4.0.x)
(CVE-2018-14568 bsc#1102334)
-------------------------------------------------------------------
Tue Oct 4 23:06:57 UTC 2016 - Greg.Freemyer@gmail.com
- update to v3.1.2
- Fixed an issue with the handling of ICMPv4 error packets (CVE-2016-10728 bsc#1102402)
- build with libprelude suppport
- use libnetfilter_queue, libnfnetlink from the Factory repo instead of 5 year old versions
- use libhtp from server:monitoring
- run through spec-cleaner
- Still don't have man pages or user manual in the RPM
- http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_User_Guide
- change license to GPL-2.0
-------------------------------------------------------------------
Fri Feb 12 08:28:27 UTC 2016 - christoph@stop.pe
- Initial release

66
suricata.keyring Normal file
View File

@@ -0,0 +1,66 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBEuZEHsBCADO5F3HXKc0hEj71eH6yQZcRLawgQRKVfcEt3o7/tQG6aQBb2uH
7Eb8IhepHVYTVpd0OCMP1VsAsVk+9BEd4d8Jkxhw7I+MycOoUnwLV1QSlfrDcG88
K+1reGWYHuF+vPyAnnu49sBuSiUI/XWl2CsL/grFhpZ3IJ59PxIuua2j5r+FavZJ
A2E3+Grig5oJ3NZL1UZBweWsXD3H/lg+/Uistdw21Vfr+qt0pUxTqtCuGEF2/xqO
lRqYYlXyUr+cGkMwXJNMFeqNM19dtTKXaN0lhCUYkp2QfOLuCTS1prQvtZwoonkt
VoYC6rtY78/bwBjmPo3UYQ2T/NQMWvvmQ9zfABEBAAG0KU9JU0YgPHJlbGVhc2Vz
QG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc+iQE8BBMBAgAmBQJLmRB7AhsDBQkJ
Zq1FBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQowxDHQUcwmHyswf+MrpAbbkl
i5A1tZMKl+OPsnlDIDjr7dcfJgnjLvlfpzLX0z6wgDQxzGrx/71ERhrYoGYQpdot
wLOWnqI5alkMrRx7M/13mUVrNtq6RRFvJw//57PGD8KwT8dmHcp2hXg9THidJN8k
bLTHx9uKAnIrvEi5CH7twMkrZrDl2QLqOS0091SwPFNvxd67Y4yDI0LFWdE1WYfi
ufY5iOn+r9cDWqV4Djq4yc9q0TIgI28axuZG/RrzUnHuYTIk6xGxlvoX7uY6rUxK
bz3gE5zhxfOKc7r4vRFG+rSwl7oETzVSJuriCGocQvmf53SS/J7VKt36awr0yTWc
FbKVXpVMI/n6qZkCDQRVShboARAArmKAMDQG6ow9TH+cn9PACQ28IX4LB+rDLM9Z
57iZ+qumU+pNaKNyqFCp7BMbzYgPHc42CpCm4nuezf/N597OX9d2qyUBZ7XjZHjW
Fy9Qto/IKxk630mjYSOtkJRpMi4+rGgtEfLdkoOIppMDbqYiVLdoxvBE7o1txs4d
WkdvNex2Yn6enmCe2O384EtpwTgGraNNd275tEdRxO+V+bfuLLXzAfDgwDCOr2WL
gwqobm+6hirXSSd4KX+Oec1oW/w+/D20eSRxDmWcxfRqRD9Ymi6UkvHk2joV+91D
iEgPcw2gURBqgPOajK+ePmXorPmks0ONZ8F45zObmX1Vd+Brhir30zLk9iVF8aCo
Emi71GIf038pUi0C9mSPfq6oC9g9uXaNkYxKISOThEhJL/EY7lOVjruj5aLxCIfW
fBkHDnFfHCEym3XnWhHD2ODjee/dB95JwRbycK3ot8ayOKG7h7ha8XLONNnQIOhL
sme7jFWx9BV6+SbeuOsorYB14QNlb3Huce0BxFCtBSvEcgDC4S370jEjNdZwFTBK
g0sYpgMUnry1xZWu/jpyRQUmBHHPmmKFk1rNPP3iWmQVyWPguIFIq878bDnp6oVB
CciISzhVjh46W73U/EsKW6EFUslntePcLpOhZXQnkFRbbZFHBbH8w5+vZo6u94v3
Ok+W740AEQEAAbRQT3BlbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBGb3VuZGF0aW9u
IChPSVNGKSA8cmVsZWFzZXNAb3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZz6JAj4E
EwECACgFAlVKFugCGwMFCQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ
EPf5sKMAwbcNm1gP/Ag+/fN2g+A8aNGNa4BzV++VkK4J+xfFGZU5r1b8HA7nqqFW
AKbzsneq8WN6CpnKOe6ViACs887yyy1blM/EJSqAIOiCk0j62fmI438n2CpzqvoA
0KCcqW4Z+Pk2a+TqDKkzeIrNueAif1ulVm2IYj5nP663iFNSgmm0G39Cwf6UkIlj
FkSBAZ1/ZQU5hKKzXueZ1C+KotSsUBuQi4Kqm6lOoATeRmogLOyj2b5SwHQ7UlP7
xtCJ74ZmmElwDeEEUMypTPZWWJGdg4hfcSZIzu6guSchz2KtDsUwHSOLF2Tqk6sa
ATTb+CI9DUvIRvZSr1mBUK/5tqLXUsev2kJRFuHq5podUccV2fBQfumOlrW1aDtW
7gV1njoBq2eUFXy2P2CmX23IZIBKL3vhPqtCk+cjt0tIPmf04TyCpKnCJXcl0eQv
AsjgII8o5xsQuIEXSz4h0cJEcG6/bOfel2YOFPyaxo6epTIMROgMgxNLaHovOJ67
w2DEpHLdjKTkfcs/luMG0HLzsXkZkOLfjsMcNQd7YDQrFWgXO8sdsTgfapQN53mX
oHvpv9oh1qz++UHY40sri2/qAdYkEkFIqiLkCyIxvAzfbV2c0ATD/iZn8CWvaGQ3
tRsu4CqKe1RGjyBxCL9/6F8NtJMP17onuZaonegcLyZOXNWQ1xuqPrjdIao2uQIN
BFVKFugBEADUWxulJqxv24DG6MyfwgIuNkBWAm57qzeihmnk6ciVaVqejfCs3tOK
Tw+NT7gQUGwxmQL5A12MVbkxF34NE+i+wY835mBE2bkJWh1vKhQ2/XcoHG59ypvq
hHUi5Ay+yhe0xbflWNqWJ0dXAFywKqikqklKBQKPG6eSP6EH0GUBGKZoDSQ0hvJa
FiOooExrd4XUClDG4pKQiF/qTK4x76a2LEXAehDUTvBYkDTvXm7Dsve+jr+gf9qq
4fx00vtdER2Sat9elTQA22Vp8aniK7ZGuP1spFQ7UFRLlr/jEemUxYB+heQx70EE
C9Ci8PNTT1Cl+6tvCY8JzHFMw0465VJERpDeWtJxzDkMGcmWAUe0DGgwtF22BKaa
zuPamHEOOz5Rfi9eWGFresf53+mbOW57kYRE5u81cU1/9g/9fr/xAMNoofJYv3xa
NOXEbM5KOwqHkCSVAKJnYXgb1jcI9k7U+xeYYFHbZvC9cQi0Ueb6Po4lZZWplYr/
u9Ud1igs8vNDeEczv6pgKNk2OA5pluBlSJpC7gDl1sKrOeiUqO0jGtq3KdtgYL3e
A/Dq3kRrweFaFyDn3itJkkQ9yD4u6vHtxg86NSv0ehdrmzuQuOZXduD+IkhBYytB
idmXje1v1DHyQdXujDnBbyV5wpYApPqSFClkL+HtcY0vuXkLPvVauQARAQABiQIl
BBgBAgAPBQJVShboAhsMBQkJZgGAAAoJEPf5sKMAwbcNluoQAKczHnLkyxxbg22D
Ig/Y4pTBmGGpsMbpzxdZVMHoUBpitg0Kr9yBSwv8gp0QnjGCMboe4gBwl6U3TQVr
enMqtugI2FlN1qlvFCRCn8B17O1PnVI6nAQpnmDARxXNqOSXQFVKSd+xa+HMepWU
k/gS7Vc1P72735ZL3CoUPowPV6zFA30ge4gjZ7YEZdRuUQGYpakYP+CS0/5X6H9d
chM4K1vSsI41/65rSAwGRipyNxHvKjgOY3z6ToZdJ9TarhNSo2frrRoDcxcKec0n
hdNg6bfSR4i3vdLkjZOpyA6VUshb+pGeeEHcK9W3MS545T/upUv5+CbewkKdeZ/R
8ZhHpwT3nXWr/u4e/+K2oSPZSqxh2U1T1Ev//PGUlYzFMDLz7f9dGN6zoxkMyjk9
uSpUPKizgktypbhJN7fcxn9I642KaEU11WlK3KhPScSERNGeyXwEcomHwHeTdVUJ
BReuQumgcsIteZi+ZZn5HucdrMjeHR6oK6ZPitfDxKhw0uOncLWhQlPzYiN0qTGU
P+lf2M2TvEABMCDCusKXTbTmNqzPwnCTpu/EDtR2wCLhscVZEcMmKTV5NztKOwng
AotAq1bna49yQ6AwjeCcXwLOC4gAWdAK/NSgJTeHlTBijWZExGEQ7xM3veauWBu+
AKIh+yqMDlNK+8k1+LmLy2hdF4Tx
=2RRz
-----END PGP PUBLIC KEY BLOCK-----

13
suricata.logrotate Normal file
View File

@@ -0,0 +1,13 @@
/var/log/suricata/*.log /var/log/suricata/*.json
{
nocompress
maxage 30
rotate 99
dateext
missingok
create
sharedscripts
postrotate
systemctl reload suricata.service
endscript
}

20
suricata.service Normal file
View File

@@ -0,0 +1,20 @@
[Unit]
Description=Suricata Intrusion Detection and Prevention Tool
Documentation=man:suricata(1)
After=network.target
[Service]
EnvironmentFile=-/etc/sysconfig/suricata
ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml $SURICATA_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=yes
ProtectSystem=full
ProtectKernelTunables=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
[Install]
WantedBy=multi-user.target

263
suricata.spec Normal file
View File

@@ -0,0 +1,263 @@
#
# spec file for package suricata
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define soname 7_0_8
# Handling libxdp support
%if (0%{?suse_version} <= 1500) && (0%{?sle_version} <= 150500) && (0%{?is_opensuse})
%bcond_with xdp_bpf
%else
%bcond_without xdp_bpf
%endif
# Handling libmagic and libnet support
%if (0%{?suse_version} <= 1500) && (0%{?sle_version} <= 150600) && (0%{?is_opensuse})
%ifarch aarch64
%bcond_with libmagic
%bcond_with libnet
%else
%bcond_without libmagic
%bcond_without libnet
%endif
%else
%bcond_without libmagic
%bcond_without libnet
%endif
# vectorscan (libhs) doesn't support 32-bit ARM or x86
%ifnarch %{ix86} %{arm}
%bcond_without libhs
%else
%bcond_with libhs
%endif
# Disable luajit by default
%bcond_without luajit
Name: suricata
Version: 7.0.8
Release: 0
Summary: Open Source Next Generation Intrusion Detection and Prevention Engine
License: GPL-2.0-only
URL: https://www.openinfosecfoundation.org/
Source0: https://www.openinfosecfoundation.org/download/suricata-%{version}.tar.gz
Source1: https://www.openinfosecfoundation.org/download/suricata-%{version}.tar.gz.sig
Source2: suricata.service
Source3: suricata.sysconfig
Source4: suricata.logrotate
BuildRequires: cargo
BuildRequires: chrpath
BuildRequires: pkgconfig
BuildRequires: python3
BuildRequires: python3-PyYAML
BuildRequires: python3-setuptools
BuildRequires: rust >= 1.63.0
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(hiredis)
BuildRequires: pkgconfig(htp) >= 0.5.46
BuildRequires: pkgconfig(jansson)
BuildRequires: pkgconfig(libcap-ng)
BuildRequires: pkgconfig(libevent)
BuildRequires: pkgconfig(liblz4)
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(libmaxminddb)
BuildRequires: pkgconfig(libnetfilter_log)
BuildRequires: pkgconfig(libnetfilter_queue)
BuildRequires: pkgconfig(libnfnetlink)
BuildRequires: pkgconfig(libpcap)
BuildRequires: pkgconfig(libpcre2-8)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(nss)
BuildRequires: pkgconfig(yaml-0.1)
BuildRequires: pkgconfig(zlib)
Requires: python3-PyYAML
Requires: pkgconfig(htp) >= 0.5.46
Requires(pre): %fillup_prereq
Recommends: jq
Recommends: logrotate
%{?systemd_requires}
%if %{with libmagic}
%if 0%{?suse_version} >= 1600
BuildRequires: pkgconfig(libmagic)
%else
BuildRequires: file-devel
%endif
%endif
%if 0%{with libnet}
%if 0%{?suse_version} >= 1600
BuildRequires: pkgconfig(libnet)
%else
BuildRequires: libnet-devel
%endif
%endif
%if 0%{with xdp_bpf}
BuildRequires: pkgconfig(libbpf)
BuildRequires: pkgconfig(libxdp)
%endif
%if 0%{with luajit}
BuildRequires: pkgconfig(luajit)
%else
BuildRequires: pkgconfig(lua)
%endif
%if 0%{with libhs}
BuildRequires: pkgconfig(libhs)
%endif
%description
The Suricata Engine is an Open Source Next Generation Intrusion Detection and
Prevention Engine. This engine is not intended to just replace or emulate the
existing tools in the industry, but will bring new ideas and technologies to
the field.
OISF is part of and funded by the Department of Homeland Security's Directorate
for Science and Technology HOST program (Homeland Open Security Technology), by
the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
through the very generous support of the members of the OISF Consortium. More
information about the Consortium is available, as well as a list of our current
Consortium Members.
%package -n libsuricata%{soname}
Summary: Open Source Next Generation Intrusion Detection and Prevention Engine Library
Group: Development/Libraries/C and C++
%description -n libsuricata%{soname}
The Suricata Engine is an Open Source Next Generation Intrusion Detection and
Prevention Engine.
This package contains the shared library.
%package devel
Summary: Development files for the Suricata engine library
Requires: libsuricata%{soname} = %{version}
Requires: pkgconfig(jansson)
Requires: pkgconfig(libmagic)
%description devel
The Suricata Engine is an Open Source Next Generation Intrusion Detection and
Prevention Engine.
This package contains the development files for the Suricata engine library.
%prep
%setup -q
# Fix path in manpage
sed -i 's|%{_prefix}/local||g' doc/userguide/suricata.1
sed -i '/^#!\//, 1d' python/suricata/sc/suricatasc.py
%build
export HAVE_PYTHON=%{_bindir}/python3
%configure \
--enable-gccmarch-native=no \
--enable-shared \
--enable-nflog \
--with-libnetfilter_log-includes=`pkg-config libnetfilter_log --variable=includedir` \
--enable-nfqueue \
--enable-gccprotect \
--enable-old-barnyard2 \
--enable-non-bundled-htp \
--enable-geoip \
%if 0%{with luajit}
--enable-luajit \
%else
--enable-lua \
%endif
%if 0%{with libhs}
--enable-hyperscan \
%endif
--enable-hiredis
%make_build
%make_build -C src libsuricata.so
%install
%make_install install-library install-headers
mkdir -p %{buildroot}%{_localstatedir}/log/suricata
mkdir -p %{buildroot}%{_localstatedir}/lib/suricata
mkdir -p %{buildroot}%{_sysconfdir}/suricata
cp *.config %{buildroot}%{_sysconfdir}/suricata/
cp etc/*.config %{buildroot}%{_sysconfdir}/suricata/
cp suricata.yaml %{buildroot}%{_sysconfdir}/suricata/
cp -R rules %{buildroot}%{_sysconfdir}/suricata/
rm -rf %{buildroot}/%{_datadir}/doc/suricata
rm -rf %{buildroot}%{python3_sitelib}/suricata/__pycache__
rm -rf %{buildroot}%{_libdir}/libsuricata*.a
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
install -Dpm 0644 %{SOURCE3} %{buildroot}%{_fillupdir}/sysconfig.%{name}
install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcsuricata
mkdir -p %{buildroot}%{_localstatedir}/log/suricata
chrpath --delete %{buildroot}%{_bindir}/suricata
%pre
%service_add_pre %{name}.service
%post
%service_add_post %{name}.service
%fillup_only
suricata-update
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%ldconfig_scriptlets -n libsuricata%{soname}
%files
%license COPYING
%doc doc/AUTHORS doc/Basic_Setup.txt doc/GITGUIDE doc/Setting_up_IPSinline_for_Linux.txt doc/Third_Party_Installation_Guides.txt doc/TODO
%config(noreplace)%{_sysconfdir}/suricata
%{_bindir}/suricata
%{_bindir}/suricatasc
%{_bindir}/suricatactl
%{_bindir}/suricata-update
%{_sbindir}/rcsuricata
%dir %{_prefix}/lib/suricata
%dir %{_prefix}/lib/suricata/python
%{_prefix}/lib/suricata/python/suricata/
%{_prefix}/lib/suricata/python/suricatasc/
%{_datadir}/suricata*
%dir %{_localstatedir}/log/suricata
%{_mandir}/man1/suricata.1%{?ext_man}
%{_mandir}/man1/suricatasc.1%{?ext_man}
%{_mandir}/man1/suricatactl.1%{?ext_man}
%{_mandir}/man1/suricatactl-filestore.1%{?ext_man}
%dir %{_localstatedir}/lib/suricata
%{_unitdir}/%{name}.service
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_fillupdir}/sysconfig.%{name}
%files -n libsuricata%{soname}
%{_libdir}/libsuricata.so.*
%files devel
%{_bindir}/libsuricata-config
%{_includedir}/suricata
%{_libdir}/libsuricata.so
%changelog

9
suricata.sysconfig Normal file
View File

@@ -0,0 +1,9 @@
## Path: Network/Security
## Description: suricata configuration
## Type: string(-i,-q,-l)
## Default: ""
## ServiceRestart: suricata
# Parameters for suricata. See the manual page for the
# accepted parameters.
SURICATA_OPTIONS=""