Hello,
Upgrade for Suricata to 7.0.0:
https://github.com/OISF/suricata/releases/tag/suricata-7.0.0
Test are welcome.
OK? Comments?
Cheers.-
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/suricata/Makefile,v
retrieving revision 1.59
diff -u -p -r1.59 Makefile
--- Makefile 3 Jul 2023 08:22:31 -0000 1.59
+++ Makefile 4 Sep 2023 12:48:54 -0000
@@ -3,7 +3,7 @@ NOT_FOR_ARCHS = powerpc64 riscv64
COMMENT = high performance network IDS, IPS and security monitoring
-SURICATA_V = 6.0.12
+SURICATA_V = 7.0.0
SUPDATE_V = 1.2.7
DISTNAME = suricata-${SURICATA_V}
@@ -49,7 +49,7 @@ COMPILER = base-clang ports-gcc
DEBUG_PACKAGES = ${BUILD_PACKAGES}
CONFIGURE_STYLE = autoconf
-AUTOCONF_VERSION = 2.69
+AUTOCONF_VERSION = 2.71
AUTOMAKE_VERSION = 1.15
CONFIGURE_ENV = ac_cv_path_HAVE_PDFLATEX= \
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/suricata/distinfo,v
retrieving revision 1.20
diff -u -p -r1.20 distinfo
--- distinfo 3 Jul 2023 08:22:31 -0000 1.20
+++ distinfo 4 Sep 2023 12:48:54 -0000
@@ -1,2 +1,2 @@
-SHA256 (suricata-6.0.12.tar.gz) = BLIxYJNbAxl7CFwszJ2Ah1oz8RVYMFTRRgqw+2bYNLM=
-SIZE (suricata-6.0.12.tar.gz) = 27388535
+SHA256 (suricata-7.0.0.tar.gz) = e80TExGDZkUUZdw/g4Wj9qrdCE/+RN0lfdqBBYY7t2k=
+SIZE (suricata-7.0.0.tar.gz) = 23426302
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/security/suricata/patches/patch-configure_ac,v
retrieving revision 1.11
diff -u -p -r1.11 patch-configure_ac
--- patches/patch-configure_ac 3 Jul 2023 08:22:31 -0000 1.11
+++ patches/patch-configure_ac 4 Sep 2023 12:48:54 -0000
@@ -3,7 +3,7 @@ To remove the pid file, its directory mu
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
-@@ -2764,7 +2764,7 @@ if test "$WINDOWS_PATH" = "yes"; then
+@@ -2543,7 +2543,7 @@ if test "$WINDOWS_PATH" = "yes"; then
fi
else
EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/")
Index: patches/patch-doc_userguide_Makefile_in
===================================================================
RCS file: /cvs/ports/security/suricata/patches/patch-doc_userguide_Makefile_in,v
retrieving revision 1.6
diff -u -p -r1.6 patch-doc_userguide_Makefile_in
--- patches/patch-doc_userguide_Makefile_in 3 Jul 2023 08:22:31 -0000
1.6
+++ patches/patch-doc_userguide_Makefile_in 4 Sep 2023 12:48:54 -0000
@@ -3,10 +3,10 @@ Index: doc/userguide/Makefile.in
+++ doc/userguide/Makefile.in
@@ -1,3 +1,4 @@
+
- # Makefile.in generated by automake 1.16.1 from Makefile.am.
+ # Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-@@ -623,14 +624,14 @@ uninstall-man: uninstall-man1
+@@ -616,14 +617,14 @@ uninstall-man: uninstall-man1
@HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \
@HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \
@HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \
@@ -23,7 +23,7 @@ Index: doc/userguide/Makefile.in
@HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/latex
# The Sphinx generated Makefile is GNU Make specific, so just do what
# it does here - yes, multiple passes of pdflatex is required.
-@@ -650,7 +651,7 @@ uninstall-man: uninstall-man1
+@@ -643,7 +644,7 @@ uninstall-man: uninstall-man1
@HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \
@HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \
@HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \
Index: patches/patch-src_suricata_c
===================================================================
RCS file: patches/patch-src_suricata_c
diff -N patches/patch-src_suricata_c
--- patches/patch-src_suricata_c 14 Feb 2023 21:14:14 -0000 1.12
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-Use setresuid/gid() directly to change user and group. Otherwise
-Suricata uses libcap-ng on Linux and runs as root elsewhere.
-
-Index: src/suricata.c
---- src/suricata.c.orig
-+++ src/suricata.c
-@@ -2929,6 +2929,7 @@ int SuricataMain(int argc, char **argv)
-
- PostRunStartedDetectSetup(&suricata);
-
-+ SCSetUserID(suricata.userid, suricata.groupid);
- SCPledge();
- SuricataMainLoop(&suricata);
-
Index: patches/patch-src_util-privs_c
===================================================================
RCS file: patches/patch-src_util-privs_c
diff -N patches/patch-src_util-privs_c
--- patches/patch-src_util-privs_c 11 Mar 2022 19:54:07 -0000 1.5
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,34 +0,0 @@
-Use setresuid/gid() directly to change user and group. Otherwise
-Suricata uses libcap-ng on Linux and runs as root elsewhere.
-
-Index: src/util-privs.c
---- src/util-privs.c.orig
-+++ src/util-privs.c
-@@ -237,6 +237,27 @@ int SCGetGroupID(const char *group_name, uint32_t *gid
- return 0;
- }
-
-+int SCSetUserID(const uint32_t uid, const uint32_t gid)
-+{
-+ int ret = setresgid(gid, gid, gid);
-+
-+ if (ret != 0) {
-+ SCLogError(SC_ERR_GID_FAILED, "unable to set the group ID,"
-+ " check permissions!! gid=%u ret=%i errno=%i", gid, ret,
errno);
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ ret = setresuid(uid, uid, uid);
-+
-+ if (ret != 0) {
-+ SCLogError(SC_ERR_UID_FAILED, "unable to set the user ID,"
-+ " check permissions!! uid=%u ret=%i errno=%i", uid, ret,
errno);
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ return 0;
-+}
-+
- #ifdef __OpenBSD__
- int SCPledge(void)
- {
Index: patches/patch-src_util-privs_h
===================================================================
RCS file: patches/patch-src_util-privs_h
diff -N patches/patch-src_util-privs_h
--- patches/patch-src_util-privs_h 11 Mar 2022 19:54:07 -0000 1.5
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
-Use setresuid/gid() directly to change user and group. Otherwise
-Suricata uses libcap-ng on Linux and runs as root elsewhere.
-
-Index: src/util-privs.h
---- src/util-privs.h.orig
-+++ src/util-privs.h
-@@ -93,6 +93,7 @@ void SCDropMainThreadCaps(uint32_t , uint32_t );
-
- int SCGetUserID(const char *, const char *, uint32_t *, uint32_t *);
- int SCGetGroupID(const char *, uint32_t *);
-+int SCSetUserID(const uint32_t uid, const uint32_t gid);
-
- #ifdef __OpenBSD__
- int SCPledge(void);
Index: patches/patch-suricata-update_suricata_update_parsers_py
===================================================================
RCS file:
/cvs/ports/security/suricata/patches/patch-suricata-update_suricata_update_parsers_py,v
retrieving revision 1.2
diff -u -p -r1.2 patch-suricata-update_suricata_update_parsers_py
--- patches/patch-suricata-update_suricata_update_parsers_py 11 Mar 2022
19:54:07 -0000 1.2
+++ patches/patch-suricata-update_suricata_update_parsers_py 4 Sep 2023
12:48:54 -0000
@@ -1,7 +1,7 @@
Index: suricata-update/suricata/update/parsers.py
--- suricata-update/suricata/update/parsers.py.orig
+++ suricata-update/suricata/update/parsers.py
-@@ -41,7 +41,7 @@ global_arg = [
+@@ -46,7 +46,7 @@ global_arg = [
'help': "Be quiet, warning and error messages only"}),
(("-D", "--data-dir"),
{'metavar': '<directory>', 'dest': 'data_dir',
Index: patches/patch-suricata_yaml_in
===================================================================
RCS file: /cvs/ports/security/suricata/patches/patch-suricata_yaml_in,v
retrieving revision 1.17
diff -u -p -r1.17 patch-suricata_yaml_in
--- patches/patch-suricata_yaml_in 3 Jul 2023 08:22:31 -0000 1.17
+++ patches/patch-suricata_yaml_in 4 Sep 2023 12:48:54 -0000
@@ -9,7 +9,7 @@ about downloading rules.
Index: suricata.yaml.in
--- suricata.yaml.in.orig
+++ suricata.yaml.in
-@@ -80,6 +80,7 @@ outputs:
+@@ -84,6 +84,7 @@ outputs:
- fast:
enabled: yes
filename: fast.log
@@ -17,15 +17,15 @@ Index: suricata.yaml.in
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
-@@ -88,6 +89,7 @@ outputs:
+@@ -92,6 +93,7 @@ outputs:
enabled: @e_enable_evelog@
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json
+ filemode: 664
# Enable for multi-threaded eve.json output; output files are amended
with
- # with an identifier, e.g., eve.9.json
+ # an identifier, e.g., eve.9.json
#threaded: false
-@@ -307,6 +309,7 @@ outputs:
+@@ -334,6 +336,7 @@ outputs:
- http-log:
enabled: no
filename: http.log
@@ -33,7 +33,7 @@ Index: suricata.yaml.in
append: yes
#extended: yes # enable this for extended logging information
#custom: yes # enable the custom logging format (defined by
customformat)
-@@ -317,6 +320,7 @@ outputs:
+@@ -344,6 +347,7 @@ outputs:
- tls-log:
enabled: no # Log TLS connections.
filename: tls.log # File to store TLS logs.
@@ -41,7 +41,7 @@ Index: suricata.yaml.in
append: yes
#extended: yes # Log extended information like fingerprint
#custom: yes # enabled the custom logging format (defined by
customformat)
-@@ -364,6 +368,7 @@ outputs:
+@@ -391,6 +395,7 @@ outputs:
- pcap-log:
enabled: no
filename: log.pcap
@@ -49,7 +49,7 @@ Index: suricata.yaml.in
# File size limit. Can be specified in kb, mb, gb. Just a number
# is parsed as bytes.
-@@ -399,6 +404,7 @@ outputs:
+@@ -429,6 +434,7 @@ outputs:
- alert-debug:
enabled: no
filename: alert-debug.log
@@ -57,7 +57,7 @@ Index: suricata.yaml.in
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
-@@ -414,6 +420,7 @@ outputs:
+@@ -436,6 +442,7 @@ outputs:
- stats:
enabled: yes
filename: stats.log
@@ -65,7 +65,7 @@ Index: suricata.yaml.in
append: yes # append to file (yes) or overwrite it (no)
totals: yes # stats for all threads merged together
threads: no # per thread stats
-@@ -507,6 +514,7 @@ outputs:
+@@ -529,6 +536,7 @@ outputs:
enabled: no
type: file
filename: tcp-data.log
@@ -73,7 +73,7 @@ Index: suricata.yaml.in
# Log HTTP body data after normalization, de-chunking and unzipping.
# Two types: file or dir.
-@@ -520,6 +528,7 @@ outputs:
+@@ -542,6 +550,7 @@ outputs:
enabled: no
type: file
filename: http-data.log
@@ -81,22 +81,7 @@ Index: suricata.yaml.in
# Lua Output Support - execute lua script to generate alert and event
# output.
-@@ -566,12 +575,12 @@ logging:
- enabled: yes
- # type: json
- - file:
-- enabled: yes
-+ enabled: no
- level: info
- filename: suricata.log
- # type: json
- - syslog:
-- enabled: no
-+ enabled: yes
- facility: local5
- format: "[%i] <%d> -- "
- # type: json
-@@ -1010,9 +1019,9 @@ asn1-max-frames: 256
+@@ -1189,9 +1198,9 @@ datasets:
##
# Run Suricata with a specific user-id and group-id:
@@ -107,9 +92,9 @@ Index: suricata.yaml.in
+ user: _suricata
+ group: _suricata
- # Some logging modules will use that name in event as identifier. The default
- # value is the hostname
-@@ -1021,7 +1030,7 @@ asn1-max-frames: 256
+ security:
+ # if true, prevents process creation from Suricata by calling
+@@ -1221,7 +1230,7 @@ security:
# Default location of the pid file. The pid file is only used in
# daemon mode (start Suricata with -D). If not running in daemon mode
# the --pidfile command line option must be used to create a pid file.
@@ -118,7 +103,7 @@ Index: suricata.yaml.in
# Daemon working directory
# Suricata will change directory to this one if provided
-@@ -1920,14 +1929,38 @@ napatech:
+@@ -2137,14 +2146,38 @@ napatech:
#
hashmode: hash5tuplesorted
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/suricata/pkg/PLIST,v
retrieving revision 1.24
diff -u -p -r1.24 PLIST
--- pkg/PLIST 14 Feb 2023 21:14:14 -0000 1.24
+++ pkg/PLIST 4 Sep 2023 12:48:54 -0000
@@ -27,7 +27,6 @@ include/htp/htp_version.h
include/htp/lzma/
include/htp/lzma/7zTypes.h
include/htp/lzma/LzmaDec.h
-include/suricata-plugin.h
@static-lib lib/libhtp.a
lib/libhtp.la
@lib lib/libhtp.so.${LIBhtp_VERSION}
@@ -119,6 +118,12 @@ lib/suricata/python/suricata/update/conf
lib/suricata/python/suricata/update/configs/__init__.py
${MODPY_COMMENT}lib/suricata/python/suricata/update/configs/${MODPY_PYCACHE}/
lib/suricata/python/suricata/update/configs/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc
+lib/suricata/python/suricata/update/configs/disable.conf
+lib/suricata/python/suricata/update/configs/drop.conf
+lib/suricata/python/suricata/update/configs/enable.conf
+lib/suricata/python/suricata/update/configs/modify.conf
+lib/suricata/python/suricata/update/configs/threshold.in
+lib/suricata/python/suricata/update/configs/update.yaml
lib/suricata/python/suricata/update/data/
lib/suricata/python/suricata/update/data/__init__.py
${MODPY_COMMENT}lib/suricata/python/suricata/update/data/${MODPY_PYCACHE}/
@@ -176,9 +181,12 @@ share/suricata/rules/dns-events.rules
@sample ${SYSCONFDIR}/suricata/rules/dns-events.rules
share/suricata/rules/files.rules
@sample ${SYSCONFDIR}/suricata/rules/files.rules
+share/suricata/rules/ftp-events.rules
+@sample ${SYSCONFDIR}/suricata/rules/ftp-events.rules
share/suricata/rules/http-events.rules
@sample ${SYSCONFDIR}/suricata/rules/http-events.rules
share/suricata/rules/http2-events.rules
+@sample ${SYSCONFDIR}/suricata/rules/http2-events.rules
share/suricata/rules/ipsec-events.rules
@sample ${SYSCONFDIR}/suricata/rules/ipsec-events.rules
share/suricata/rules/kerberos-events.rules
@@ -186,10 +194,15 @@ share/suricata/rules/kerberos-events.rul
share/suricata/rules/modbus-events.rules
@sample ${SYSCONFDIR}/suricata/rules/modbus-events.rules
share/suricata/rules/mqtt-events.rules
+@sample ${SYSCONFDIR}/suricata/rules/mqtt-events.rules
share/suricata/rules/nfs-events.rules
@sample ${SYSCONFDIR}/suricata/rules/nfs-events.rules
share/suricata/rules/ntp-events.rules
@sample ${SYSCONFDIR}/suricata/rules/ntp-events.rules
+share/suricata/rules/quic-events.rules
+@sample ${SYSCONFDIR}/suricata/rules/quic-events.rules
+share/suricata/rules/rfb-events.rules
+@sample ${SYSCONFDIR}/suricata/rules/rfb-events.rules
share/suricata/rules/smb-events.rules
@sample ${SYSCONFDIR}/suricata/rules/smb-events.rules
share/suricata/rules/smtp-events.rules
