Hello, Update for Suricata to 7.0.1:
https://github.com/OISF/suricata/releases/tag/suricata-7.0.1 OK? Comments? Cheers.- Index: Makefile =================================================================== RCS file: /cvs/ports/security/suricata/Makefile,v retrieving revision 1.60 diff -u -p -r1.60 Makefile --- Makefile 27 Sep 2023 16:34:37 -0000 1.60 +++ Makefile 18 Oct 2023 14:14:00 -0000 @@ -3,7 +3,7 @@ NOT_FOR_ARCHS = powerpc64 riscv64 COMMENT = high performance network IDS, IPS and security monitoring -SURICATA_V = 6.0.12 +SURICATA_V = 7.0.1 SUPDATE_V = 1.2.7 DISTNAME = suricata-${SURICATA_V} @@ -20,9 +20,8 @@ PERMIT_PACKAGE= Yes SITES = https://www.openinfosecfoundation.org/download/ # uses pledge() -WANTLIB += ${COMPILER_LIBCXX} c iconv jansson lz4 lzma m magic -WANTLIB += maxminddb net nspr4 nss3 nssutil3 pcap pcre plc4 plds4 -WANTLIB += smime3 ssl3 yaml-0 z +WANTLIB += ${COMPILER_LIBCXX} c elf iconv m pcap yaml-0 z +WANTLIB += jansson lz4 magic maxminddb net pcre2-8 MODULES = lang/python @@ -40,7 +39,7 @@ LIB_DEPENDS = archivers/lz4 \ devel/nspr \ devel/libyaml \ devel/libmagic \ - devel/pcre \ + devel/pcre2 \ net/libnet/1.1 \ net/libmaxminddb \ security/nss @@ -49,7 +48,7 @@ COMPILER = base-clang ports-gcc DEBUG_PACKAGES = ${BUILD_PACKAGES} CONFIGURE_STYLE = autoconf -AUTOCONF_VERSION = 2.69 +AUTOCONF_VERSION = 2.71 AUTOMAKE_VERSION = 1.15 CONFIGURE_ENV = ac_cv_path_HAVE_PDFLATEX= \ Index: distinfo =================================================================== RCS file: /cvs/ports/security/suricata/distinfo,v retrieving revision 1.20 diff -u -p -r1.20 distinfo --- distinfo 3 Jul 2023 08:22:31 -0000 1.20 +++ distinfo 18 Oct 2023 14:14:00 -0000 @@ -1,2 +1,2 @@ -SHA256 (suricata-6.0.12.tar.gz) = BLIxYJNbAxl7CFwszJ2Ah1oz8RVYMFTRRgqw+2bYNLM= -SIZE (suricata-6.0.12.tar.gz) = 27388535 +SHA256 (suricata-7.0.1.tar.gz) = YEfHX555qbDMbWx2MgJKQSaBK8IS9SrPXTyBPMfJ+ws= +SIZE (suricata-7.0.1.tar.gz) = 23439262 Index: patches/patch-configure_ac =================================================================== RCS file: /cvs/ports/security/suricata/patches/patch-configure_ac,v retrieving revision 1.11 diff -u -p -r1.11 patch-configure_ac --- patches/patch-configure_ac 3 Jul 2023 08:22:31 -0000 1.11 +++ patches/patch-configure_ac 18 Oct 2023 14:14:00 -0000 @@ -3,7 +3,7 @@ To remove the pid file, its directory mu Index: configure.ac --- configure.ac.orig +++ configure.ac -@@ -2764,7 +2764,7 @@ if test "$WINDOWS_PATH" = "yes"; then +@@ -2559,7 +2559,7 @@ if test "$WINDOWS_PATH" = "yes"; then fi else EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/") Index: patches/patch-doc_userguide_Makefile_in =================================================================== RCS file: /cvs/ports/security/suricata/patches/patch-doc_userguide_Makefile_in,v retrieving revision 1.6 diff -u -p -r1.6 patch-doc_userguide_Makefile_in --- patches/patch-doc_userguide_Makefile_in 3 Jul 2023 08:22:31 -0000 1.6 +++ patches/patch-doc_userguide_Makefile_in 18 Oct 2023 14:14:00 -0000 @@ -3,32 +3,6 @@ Index: doc/userguide/Makefile.in +++ doc/userguide/Makefile.in @@ -1,3 +1,4 @@ + - # Makefile.in generated by automake 1.16.1 from Makefile.am. + # Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ - -@@ -623,14 +624,14 @@ uninstall-man: uninstall-man1 - @HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \ - @HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \ - @HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \ --@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -W -b html -d _build/doctrees \ -+@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -b html -d _build/doctrees \ - @HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/html - - @HAVE_SPHINXBUILD_TRUE@_build/latex/Suricata.pdf: - @HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \ - @HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \ - @HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \ --@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -W -b latex -d _build/doctrees \ -+@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -b latex -d _build/doctrees \ - @HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/latex - # The Sphinx generated Makefile is GNU Make specific, so just do what - # it does here - yes, multiple passes of pdflatex is required. -@@ -650,7 +651,7 @@ uninstall-man: uninstall-man1 - @HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \ - @HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \ - @HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \ --@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -W -b man -d _build/doctrees \ -+@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -b man -d _build/doctrees \ - @HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/man - @HAVE_SPHINXBUILD_TRUE@ touch _build/man Index: patches/patch-suricata-update_suricata_update_parsers_py =================================================================== RCS file: /cvs/ports/security/suricata/patches/patch-suricata-update_suricata_update_parsers_py,v retrieving revision 1.2 diff -u -p -r1.2 patch-suricata-update_suricata_update_parsers_py --- patches/patch-suricata-update_suricata_update_parsers_py 11 Mar 2022 19:54:07 -0000 1.2 +++ patches/patch-suricata-update_suricata_update_parsers_py 18 Oct 2023 14:14:00 -0000 @@ -1,7 +1,7 @@ Index: suricata-update/suricata/update/parsers.py --- suricata-update/suricata/update/parsers.py.orig +++ suricata-update/suricata/update/parsers.py -@@ -41,7 +41,7 @@ global_arg = [ +@@ -46,7 +46,7 @@ global_arg = [ 'help': "Be quiet, warning and error messages only"}), (("-D", "--data-dir"), {'metavar': '<directory>', 'dest': 'data_dir', Index: patches/patch-suricata_yaml_in =================================================================== RCS file: /cvs/ports/security/suricata/patches/patch-suricata_yaml_in,v retrieving revision 1.17 diff -u -p -r1.17 patch-suricata_yaml_in --- patches/patch-suricata_yaml_in 3 Jul 2023 08:22:31 -0000 1.17 +++ patches/patch-suricata_yaml_in 18 Oct 2023 14:14:00 -0000 @@ -9,7 +9,7 @@ about downloading rules. Index: suricata.yaml.in --- suricata.yaml.in.orig +++ suricata.yaml.in -@@ -80,6 +80,7 @@ outputs: +@@ -84,6 +84,7 @@ outputs: - fast: enabled: yes filename: fast.log @@ -17,15 +17,15 @@ Index: suricata.yaml.in append: yes #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' -@@ -88,6 +89,7 @@ outputs: +@@ -92,6 +93,7 @@ outputs: enabled: @e_enable_evelog@ filetype: regular #regular|syslog|unix_dgram|unix_stream|redis filename: eve.json + filemode: 664 # Enable for multi-threaded eve.json output; output files are amended with - # with an identifier, e.g., eve.9.json + # an identifier, e.g., eve.9.json #threaded: false -@@ -307,6 +309,7 @@ outputs: +@@ -334,6 +336,7 @@ outputs: - http-log: enabled: no filename: http.log @@ -33,7 +33,7 @@ Index: suricata.yaml.in append: yes #extended: yes # enable this for extended logging information #custom: yes # enable the custom logging format (defined by customformat) -@@ -317,6 +320,7 @@ outputs: +@@ -344,6 +347,7 @@ outputs: - tls-log: enabled: no # Log TLS connections. filename: tls.log # File to store TLS logs. @@ -41,7 +41,7 @@ Index: suricata.yaml.in append: yes #extended: yes # Log extended information like fingerprint #custom: yes # enabled the custom logging format (defined by customformat) -@@ -364,6 +368,7 @@ outputs: +@@ -391,6 +395,7 @@ outputs: - pcap-log: enabled: no filename: log.pcap @@ -49,7 +49,7 @@ Index: suricata.yaml.in # File size limit. Can be specified in kb, mb, gb. Just a number # is parsed as bytes. -@@ -399,6 +404,7 @@ outputs: +@@ -429,6 +434,7 @@ outputs: - alert-debug: enabled: no filename: alert-debug.log @@ -57,7 +57,7 @@ Index: suricata.yaml.in append: yes #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram' -@@ -414,6 +420,7 @@ outputs: +@@ -436,6 +442,7 @@ outputs: - stats: enabled: yes filename: stats.log @@ -65,7 +65,7 @@ Index: suricata.yaml.in append: yes # append to file (yes) or overwrite it (no) totals: yes # stats for all threads merged together threads: no # per thread stats -@@ -507,6 +514,7 @@ outputs: +@@ -529,6 +536,7 @@ outputs: enabled: no type: file filename: tcp-data.log @@ -73,7 +73,7 @@ Index: suricata.yaml.in # Log HTTP body data after normalization, de-chunking and unzipping. # Two types: file or dir. -@@ -520,6 +528,7 @@ outputs: +@@ -542,6 +550,7 @@ outputs: enabled: no type: file filename: http-data.log @@ -81,22 +81,7 @@ Index: suricata.yaml.in # Lua Output Support - execute lua script to generate alert and event # output. -@@ -566,12 +575,12 @@ logging: - enabled: yes - # type: json - - file: -- enabled: yes -+ enabled: no - level: info - filename: suricata.log - # type: json - - syslog: -- enabled: no -+ enabled: yes - facility: local5 - format: "[%i] <%d> -- " - # type: json -@@ -1010,9 +1019,9 @@ asn1-max-frames: 256 +@@ -1189,9 +1198,9 @@ datasets: ## # Run Suricata with a specific user-id and group-id: @@ -107,9 +92,9 @@ Index: suricata.yaml.in + user: _suricata + group: _suricata - # Some logging modules will use that name in event as identifier. The default - # value is the hostname -@@ -1021,7 +1030,7 @@ asn1-max-frames: 256 + security: + # if true, prevents process creation from Suricata by calling +@@ -1221,7 +1230,7 @@ security: # Default location of the pid file. The pid file is only used in # daemon mode (start Suricata with -D). If not running in daemon mode # the --pidfile command line option must be used to create a pid file. @@ -118,7 +103,7 @@ Index: suricata.yaml.in # Daemon working directory # Suricata will change directory to this one if provided -@@ -1920,14 +1929,38 @@ napatech: +@@ -2137,14 +2146,38 @@ napatech: # hashmode: hash5tuplesorted Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/suricata/pkg/PLIST,v retrieving revision 1.24 diff -u -p -r1.24 PLIST --- pkg/PLIST 14 Feb 2023 21:14:14 -0000 1.24 +++ pkg/PLIST 18 Oct 2023 14:14:01 -0000 @@ -27,7 +27,6 @@ include/htp/htp_version.h include/htp/lzma/ include/htp/lzma/7zTypes.h include/htp/lzma/LzmaDec.h -include/suricata-plugin.h @static-lib lib/libhtp.a lib/libhtp.la @lib lib/libhtp.so.${LIBhtp_VERSION} @@ -119,6 +118,12 @@ lib/suricata/python/suricata/update/conf lib/suricata/python/suricata/update/configs/__init__.py ${MODPY_COMMENT}lib/suricata/python/suricata/update/configs/${MODPY_PYCACHE}/ lib/suricata/python/suricata/update/configs/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc +lib/suricata/python/suricata/update/configs/disable.conf +lib/suricata/python/suricata/update/configs/drop.conf +lib/suricata/python/suricata/update/configs/enable.conf +lib/suricata/python/suricata/update/configs/modify.conf +lib/suricata/python/suricata/update/configs/threshold.in +lib/suricata/python/suricata/update/configs/update.yaml lib/suricata/python/suricata/update/data/ lib/suricata/python/suricata/update/data/__init__.py ${MODPY_COMMENT}lib/suricata/python/suricata/update/data/${MODPY_PYCACHE}/ @@ -176,6 +181,7 @@ share/suricata/rules/dns-events.rules @sample ${SYSCONFDIR}/suricata/rules/dns-events.rules share/suricata/rules/files.rules @sample ${SYSCONFDIR}/suricata/rules/files.rules +share/suricata/rules/ftp-events.rules share/suricata/rules/http-events.rules @sample ${SYSCONFDIR}/suricata/rules/http-events.rules share/suricata/rules/http2-events.rules @@ -190,6 +196,8 @@ share/suricata/rules/nfs-events.rules @sample ${SYSCONFDIR}/suricata/rules/nfs-events.rules share/suricata/rules/ntp-events.rules @sample ${SYSCONFDIR}/suricata/rules/ntp-events.rules +share/suricata/rules/quic-events.rules +share/suricata/rules/rfb-events.rules share/suricata/rules/smb-events.rules @sample ${SYSCONFDIR}/suricata/rules/smb-events.rules share/suricata/rules/smtp-events.rules -- %gonzalo
