Raspbian automatic forward porter [Mon, 12 Jan 2026 00:17:52 +0000 (00:17 +0000)]
Merge version 1:7.0.10-1+rpi1 and 1:7.0.10-1+deb13u2 to produce 1:7.0.10-1+rpi1+deb13u2
Andreas Dolp [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
Merge suricata (1:7.0.10-1+deb13u2) import into refs/heads/workingbranch
Juliana Fajardini [Sat, 1 Nov 2025 04:38:12 +0000 (21:38 -0700)]
[PATCH] output/alert: fix alert index access for verdict
The engine uses p.alerts.cnt as an index to access the packet alert that
has the `pass` action for the verdict.
For IDS/IPS mode, a `pass` will always be the last signature in the
alert queue. However, that position could be either `p.alerts.cnt` or
`p.alerts.cnt-1`, depending on whether the `pass` rule has the `alert`
keyword or not.
This patch fix corner-case scenarios of:
- accessing an index out of boundaries
- off-by-one access
Without changing how the engine increments the alerts.cnt, as this is
used in many places, and would be a more invasive change.
It checks the two different scenarios, plus the case when there is only
a single match as a silent `pass` rule.
Bug #8021
Bug #7630
Origin: upstream, https://github.com/OISF/suricata/commit/
5d6c24cc2ce6a390c0956b7ecb2c5efc47e72abc.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8021
Subject: Upstream fix for CVE-2025-64330
Gbp-Pq: Name CVE-2025-64330.patch
Philippe Antoine [Thu, 30 Oct 2025 10:18:15 +0000 (11:18 +0100)]
[PATCH] output/jsonbuilder: helper function SCJbSetPrintAsciiString
To replace C PrintStringsToBuffer and avoid a stack alloc
+ copy
Ticket: 8004
(cherry picked from commit
7447651fa0956ff4ce55283a51b4a9494ec8cc6a)
Origin: upstream, https://github.com/OISF/suricata/commit/
5abf9b81e78476f49ab074f3a74b5840747cd069.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8004
Subject: Upstream fix for CVE-2025-64331
Gbp-Pq: Name CVE-2025-64331.patch
Philippe Antoine [Thu, 30 Oct 2025 10:27:22 +0000 (11:27 +0100)]
[PATCH] util/swf: move allocation from stack to heap
As it can overflow the stack
Ticket: 8055
(cherry picked from commit
a84addb771846f6d4d55ec535a4591f58369e49c)
Origin: upstream, https://github.com/OISF/suricata/commit/
f67d72702a2601d0a86ac1450686e70d7176f629.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8055
Subject: Upstream fix for CVE-2025-64332
Gbp-Pq: Name CVE-2025-64332.patch
Philippe Antoine [Thu, 30 Oct 2025 10:43:27 +0000 (11:43 +0100)]
[PATCH] output/http: log content-type like other headers
Ticket: 8056
Avoid stack allocation.
Do not handle null and ; especially
(cherry picked from commit
b8411fcc8dfc16910c3080d4d8c03a9a64c3a1f7)
Origin: upstream, https://github.com/OISF/suricata/commit/
4b1d284bb57219b6677a8bda5cdc14a24a6aa22d.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8056
Subject: Upstream fix for CVE-2025-64333
Gbp-Pq: Name CVE-2025-64333.patch
Victor Julien [Fri, 31 Oct 2025 08:38:55 +0000 (09:38 +0100)]
[PATCH] lua: remove luajit pushlstring workaround
81ee6f5aadeb ("lua: push correct length back through ScFlowvarGet, work around valgrind warning")
added a workaround for valgrind warnings in pushing a string buffer
into the lua state. This is no longer needed as tested with both
address sanitizer and valgrind.
(cherry picked from commit
52fd61dffdfa50c9a2d4ec24865a54da0b8f0a2a)
Origin: upstream, https://github.com/OISF/suricata/commit/
a7ff4c9ba53009680c7cd128b16c28d0aeda9886.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8065
Subject: Upstream fix for CVE-2025-64344
Gbp-Pq: Name CVE-2025-64344.patch
Victor Julien [Wed, 20 Aug 2025 10:43:27 +0000 (12:43 +0200)]
CVE-2025-59147
From
e91b03c90385db15e21cf1a0e85b921bf92b039e Mon Sep 17 00:00:00 2001
# Subject: [PATCH] stream: improve SYN and SYN/ACK retransmission handling
# Subject: [PATCH] stream: improve SYN and SYN/ACK retransmission handling
Take SEQ and ACK into account for more scenarios.
SYN on SYN_SENT
In this case the SYN packets with different SEQ and other properties are
queued up. Each packet updates the ssn to reflect the last packet to
come in. The old ssn data is added to a TcpStateQueue entry in
TcpSession::queue. If the max queue length is exceeded, the oldest entry
is evicted. The queue is actually a single linked list, where the list
head reflects the oldest entry.
SYN/ACK on SYN_SENT
In this case the first check is if the SYN/ACK matches the session. If
it doesn't, the queue is checked to see if there SYN's stored. If one is
found that matches, it is used and the session is updated to reflect
that.
SYN/ACK on SYN_RECV
SYN/ACK resent on the SYN_RECV state. In this case the ssn is updated
from the current packet. The old settings are stored in a TcpStateQueue
entry in the TcpSession::queue.
ACK on SYN_RECV
Checks any stored SYN/ACKs before checking the session. If a queued
SYN/ACK was sound, the session is updated to match it.
Ticket: #3844.
Ticket: #7657.
(cherry picked from commit
be6315dba0d9101b11d16e9dacfe2822b3792f1b)
Patch adjusted for Debian to fit for Suricata 7.0.10.
Origin: upstream, https://github.com/OISF/suricata/commit/
e91b03c90385db15e21cf1a0e85b921bf92b039e.patch
Bug: https://redmine.openinfosecfoundation.org/issues/7852
Subject: Upstream fix for CVE-2025-59147
Gbp-Pq: Name CVE-2025-59147.patch
Philippe Antoine [Tue, 15 Apr 2025 10:34:37 +0000 (12:34 +0200)]
CVE-2025-53538
From
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56 Mon Sep 17 00:00:00 2001
# Subject: [PATCH] http2: forbid data on stream 0
# Subject: [PATCH] http2: forbid data on stream 0
Ticket: 7658
Suricata will not handle well if we open a file for this tx,
do not close it, but set the transaction state to completed.
RFC 9113 section 6.1 states:
If a DATA frame is received whose Stream Identifier field is 0x00,
the recipient MUST respond with a connection error (Section 5.4.1)
of type PROTOCOL_ERROR.
(cherry picked from commit
1d6d331752e933c46aca0ae7a9679b27462246e3)
Origin: upstream, https://github.com/OISF/suricata/commit/
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56.patch
Bug: https://redmine.openinfosecfoundation.org/issues/7659
Bug-Debian: https://bugs.debian.org/
1109806
Subject: Upstream fix for CVE-2025-53538
Gbp-Pq: Name CVE-2025-53538.patch
Pierre Chifflier [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
Hilko Bengen [Tue, 23 Jul 2019 12:43:21 +0000 (14:43 +0200)]
Add --with-ebpf-includes parameter
Gbp-Pq: Name with-ebpf-includes.patch
Hilko Bengen [Tue, 22 Jan 2019 17:10:47 +0000 (18:10 +0100)]
configure: Introduce CLANG variable
Gbp-Pq: Name configure-clang-variable.patch
Sascha Steinbiss [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
do not clean vendor directory on distclean
Last-Update: 2018-12-26
dh_auto_clean calls make distclean, which in the case of Suricata also
removes the vendor directory. This breaks repeated builds.
Gbp-Pq: Name fix-repeated-builds.patch
Adrian Bunk [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
Don't use __USE_GNU
__USE_GNU is a glibc-internal symbol.
AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
way to enable extensions.
Gbp-Pq: Name no-use-gnu.patch
Pierre Chifflier [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
cross
Gbp-Pq: Name cross.patch
Arturo Borrero Gonzalez [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
Debian default configuration This patch sets Debian defaults for suricata configuration. . Currently, it sets a proper path for suricata unix socket.
Forwarded: not-needed
Last-Update: 2016-12-01
Gbp-Pq: Name debian-default-cfg.patch
Arturo Borrero Gonzalez [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
Patch to make the suricata build reproducible This patch makes some changes to the suricata build to make it reproducible . Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds the build path.
Forwarded: not-needed
Last-Update: 2016-09-05
Gbp-Pq: Name reproducible.patch
Andreas Dolp [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
suricata (1:7.0.10-1+deb13u2) trixie; urgency=medium
* Fix CVE-2025-64344 in 7.0.10.
Cherry-Picked from upstream
a7ff4c9ba53009680c7cd128b16c28d0aeda9886.
* Fix CVE-2025-64333 in 7.0.10.
Cherry-Picked from upstream
4b1d284bb57219b6677a8bda5cdc14a24a6aa22d.
* Fix CVE-2025-64332 in 7.0.10.
Cherry-Picked from upstream
f67d72702a2601d0a86ac1450686e70d7176f629.
* Fix CVE-2025-64331 in 7.0.10.
Cherry-Picked from upstream
5abf9b81e78476f49ab074f3a74b5840747cd069.
Added missing function declaration and refreshed patch by quilt.
* Fix CVE-2025-64330 in 7.0.10.
Cherry-Picked from upstream
5d6c24cc2ce6a390c0956b7ecb2c5efc47e72abc.
[dgit import unpatched suricata 1:7.0.10-1+deb13u2]
Andreas Dolp [Wed, 10 Dec 2025 19:12:20 +0000 (20:12 +0100)]
Import suricata_7.0.10-1+deb13u2.debian.tar.xz
[dgit import tarball suricata 1:7.0.10-1+deb13u2 suricata_7.0.10-1+deb13u2.debian.tar.xz]
Andreas Dolp [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
Merge suricata (1:7.0.10-1+deb13u1) import into refs/heads/workingbranch
Victor Julien [Wed, 20 Aug 2025 10:43:27 +0000 (12:43 +0200)]
CVE-2025-59147
From
e91b03c90385db15e21cf1a0e85b921bf92b039e Mon Sep 17 00:00:00 2001
# Subject: [PATCH] stream: improve SYN and SYN/ACK retransmission handling
# Subject: [PATCH] stream: improve SYN and SYN/ACK retransmission handling
Take SEQ and ACK into account for more scenarios.
SYN on SYN_SENT
In this case the SYN packets with different SEQ and other properties are
queued up. Each packet updates the ssn to reflect the last packet to
come in. The old ssn data is added to a TcpStateQueue entry in
TcpSession::queue. If the max queue length is exceeded, the oldest entry
is evicted. The queue is actually a single linked list, where the list
head reflects the oldest entry.
SYN/ACK on SYN_SENT
In this case the first check is if the SYN/ACK matches the session. If
it doesn't, the queue is checked to see if there SYN's stored. If one is
found that matches, it is used and the session is updated to reflect
that.
SYN/ACK on SYN_RECV
SYN/ACK resent on the SYN_RECV state. In this case the ssn is updated
from the current packet. The old settings are stored in a TcpStateQueue
entry in the TcpSession::queue.
ACK on SYN_RECV
Checks any stored SYN/ACKs before checking the session. If a queued
SYN/ACK was sound, the session is updated to match it.
Ticket: #3844.
Ticket: #7657.
(cherry picked from commit
be6315dba0d9101b11d16e9dacfe2822b3792f1b)
Patch adjusted for Debian to fit for Suricata 7.0.10.
Origin: upstream, https://github.com/OISF/suricata/commit/
e91b03c90385db15e21cf1a0e85b921bf92b039e.patch
Bug: https://redmine.openinfosecfoundation.org/issues/7852
Subject: Upstream fix for CVE-2025-59147
Gbp-Pq: Name CVE-2025-59147.patch
Philippe Antoine [Tue, 15 Apr 2025 10:34:37 +0000 (12:34 +0200)]
CVE-2025-53538
From
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56 Mon Sep 17 00:00:00 2001
# Subject: [PATCH] http2: forbid data on stream 0
# Subject: [PATCH] http2: forbid data on stream 0
Ticket: 7658
Suricata will not handle well if we open a file for this tx,
do not close it, but set the transaction state to completed.
RFC 9113 section 6.1 states:
If a DATA frame is received whose Stream Identifier field is 0x00,
the recipient MUST respond with a connection error (Section 5.4.1)
of type PROTOCOL_ERROR.
(cherry picked from commit
1d6d331752e933c46aca0ae7a9679b27462246e3)
Origin: upstream, https://github.com/OISF/suricata/commit/
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56.patch
Bug: https://redmine.openinfosecfoundation.org/issues/7659
Bug-Debian: https://bugs.debian.org/
1109806
Subject: Upstream fix for CVE-2025-53538
Gbp-Pq: Name CVE-2025-53538.patch
Pierre Chifflier [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
Hilko Bengen [Tue, 23 Jul 2019 12:43:21 +0000 (14:43 +0200)]
Add --with-ebpf-includes parameter
Gbp-Pq: Name with-ebpf-includes.patch
Hilko Bengen [Tue, 22 Jan 2019 17:10:47 +0000 (18:10 +0100)]
configure: Introduce CLANG variable
Gbp-Pq: Name configure-clang-variable.patch
Sascha Steinbiss [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
do not clean vendor directory on distclean
Last-Update: 2018-12-26
dh_auto_clean calls make distclean, which in the case of Suricata also
removes the vendor directory. This breaks repeated builds.
Gbp-Pq: Name fix-repeated-builds.patch
Adrian Bunk [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
Don't use __USE_GNU
__USE_GNU is a glibc-internal symbol.
AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
way to enable extensions.
Gbp-Pq: Name no-use-gnu.patch
Pierre Chifflier [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
cross
Gbp-Pq: Name cross.patch
Arturo Borrero Gonzalez [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
Debian default configuration This patch sets Debian defaults for suricata configuration. . Currently, it sets a proper path for suricata unix socket.
Forwarded: not-needed
Last-Update: 2016-12-01
Gbp-Pq: Name debian-default-cfg.patch
Arturo Borrero Gonzalez [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
Patch to make the suricata build reproducible This patch makes some changes to the suricata build to make it reproducible . Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds the build path.
Forwarded: not-needed
Last-Update: 2016-09-05
Gbp-Pq: Name reproducible.patch
Andreas Dolp [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
suricata (1:7.0.10-1+deb13u1) trixie; urgency=medium
* Fix CVE-2025-53538 in 7.0.10.
Cherry-Picked from upstream
97eee2cadacf3423a1ebcdd1943a7a7917f5cc56.
Closes: #1109806
Reference: #
1116945
* Fix CVE-2025-59147 in 7.0.10.
Cherry-Picked from upstream
e91b03c90385db15e21cf1a0e85b921bf92b039e
and slightly modified to fit for Suricata 7.0.10.
Reference: #
1119940
[dgit import unpatched suricata 1:7.0.10-1+deb13u1]
Andreas Dolp [Sat, 27 Sep 2025 19:43:45 +0000 (21:43 +0200)]
Import suricata_7.0.10-1+deb13u1.debian.tar.xz
[dgit import tarball suricata 1:7.0.10-1+deb13u1 suricata_7.0.10-1+deb13u1.debian.tar.xz]
Raspbian automatic forward porter [Wed, 2 Apr 2025 22:36:50 +0000 (23:36 +0100)]
Merge version 1:7.0.9-1+rpi1 and 1:7.0.10-1 to produce 1:7.0.10-1+rpi1
Raspbian automatic forward porter [Fri, 28 Mar 2025 14:28:46 +0000 (14:28 +0000)]
Merge version 1:7.0.8-2+rpi1 and 1:7.0.9-1 to produce 1:7.0.9-1+rpi1
Sascha Steinbiss [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
Import suricata_7.0.10.orig.tar.xz
[dgit import orig suricata_7.0.10.orig.tar.xz]
Sascha Steinbiss [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
Merge suricata (1:7.0.10-1) import into refs/heads/workingbranch
Pierre Chifflier [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
Hilko Bengen [Tue, 23 Jul 2019 12:43:21 +0000 (14:43 +0200)]
Add --with-ebpf-includes parameter
Gbp-Pq: Name with-ebpf-includes.patch
Hilko Bengen [Tue, 22 Jan 2019 17:10:47 +0000 (18:10 +0100)]
configure: Introduce CLANG variable
Gbp-Pq: Name configure-clang-variable.patch
Sascha Steinbiss [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
do not clean vendor directory on distclean
Last-Update: 2018-12-26
dh_auto_clean calls make distclean, which in the case of Suricata also
removes the vendor directory. This breaks repeated builds.
Gbp-Pq: Name fix-repeated-builds.patch
Adrian Bunk [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
Don't use __USE_GNU
__USE_GNU is a glibc-internal symbol.
AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
way to enable extensions.
Gbp-Pq: Name no-use-gnu.patch
Pierre Chifflier [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
cross
Gbp-Pq: Name cross.patch
Arturo Borrero Gonzalez [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
Debian default configuration This patch sets Debian defaults for suricata configuration. . Currently, it sets a proper path for suricata unix socket.
Forwarded: not-needed
Last-Update: 2016-12-01
Gbp-Pq: Name debian-default-cfg.patch
Arturo Borrero Gonzalez [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
Patch to make the suricata build reproducible This patch makes some changes to the suricata build to make it reproducible . Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds the build path.
Forwarded: not-needed
Last-Update: 2016-09-05
Gbp-Pq: Name reproducible.patch
Sascha Steinbiss [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
suricata (1:7.0.10-1) unstable; urgency=medium
* New upstream release.
[dgit import unpatched suricata 1:7.0.10-1]
Sascha Steinbiss [Wed, 26 Mar 2025 08:28:20 +0000 (09:28 +0100)]
Import suricata_7.0.10-1.debian.tar.xz
[dgit import tarball suricata 1:7.0.10-1 suricata_7.0.10-1.debian.tar.xz]
Raspbian automatic forward porter [Sat, 22 Mar 2025 02:33:18 +0000 (02:33 +0000)]
Merge version 1:7.0.8-1+rpi1 and 1:7.0.8-2 to produce 1:7.0.8-2+rpi1
Sascha Steinbiss [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
Merge suricata (1:7.0.9-1) import into refs/heads/workingbranch
Pierre Chifflier [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
Hilko Bengen [Tue, 23 Jul 2019 12:43:21 +0000 (14:43 +0200)]
Add --with-ebpf-includes parameter
Gbp-Pq: Name with-ebpf-includes.patch
Hilko Bengen [Tue, 22 Jan 2019 17:10:47 +0000 (18:10 +0100)]
configure: Introduce CLANG variable
Gbp-Pq: Name configure-clang-variable.patch
Sascha Steinbiss [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
do not clean vendor directory on distclean
Last-Update: 2018-12-26
dh_auto_clean calls make distclean, which in the case of Suricata also
removes the vendor directory. This breaks repeated builds.
Gbp-Pq: Name fix-repeated-builds.patch
Adrian Bunk [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
Don't use __USE_GNU
__USE_GNU is a glibc-internal symbol.
AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
way to enable extensions.
Gbp-Pq: Name no-use-gnu.patch
Pierre Chifflier [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
cross
Gbp-Pq: Name cross.patch
Arturo Borrero Gonzalez [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
Debian default configuration This patch sets Debian defaults for suricata configuration. . Currently, it sets a proper path for suricata unix socket.
Forwarded: not-needed
Last-Update: 2016-12-01
Gbp-Pq: Name debian-default-cfg.patch
Arturo Borrero Gonzalez [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
Patch to make the suricata build reproducible This patch makes some changes to the suricata build to make it reproducible . Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds the build path.
Forwarded: not-needed
Last-Update: 2016-09-05
Gbp-Pq: Name reproducible.patch
Sascha Steinbiss [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
suricata (1:7.0.9-1) unstable; urgency=medium
* New upstream release.
* Bump versioned libhtp dependency to 0.5.50 or later.
[dgit import unpatched suricata 1:7.0.9-1]
Sascha Steinbiss [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
Import suricata_7.0.9.orig.tar.xz
[dgit import orig suricata_7.0.9.orig.tar.xz]
Sascha Steinbiss [Tue, 18 Mar 2025 17:15:01 +0000 (18:15 +0100)]
Import suricata_7.0.9-1.debian.tar.xz
[dgit import tarball suricata 1:7.0.9-1 suricata_7.0.9-1.debian.tar.xz]
Sascha Steinbiss [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
Merge suricata (1:7.0.8-2) import into refs/heads/workingbranch
Pierre Chifflier [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
Hilko Bengen [Tue, 23 Jul 2019 12:43:21 +0000 (14:43 +0200)]
Add --with-ebpf-includes parameter
Gbp-Pq: Name with-ebpf-includes.patch
Hilko Bengen [Tue, 22 Jan 2019 17:10:47 +0000 (18:10 +0100)]
configure: Introduce CLANG variable
Gbp-Pq: Name configure-clang-variable.patch
Sascha Steinbiss [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
do not clean vendor directory on distclean
Last-Update: 2018-12-26
dh_auto_clean calls make distclean, which in the case of Suricata also
removes the vendor directory. This breaks repeated builds.
Gbp-Pq: Name fix-repeated-builds.patch
Adrian Bunk [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
Don't use __USE_GNU
__USE_GNU is a glibc-internal symbol.
AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
way to enable extensions.
Gbp-Pq: Name no-use-gnu.patch
Pierre Chifflier [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
cross
Gbp-Pq: Name cross.patch
Arturo Borrero Gonzalez [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
Debian default configuration This patch sets Debian defaults for suricata configuration. . Currently, it sets a proper path for suricata unix socket.
Forwarded: not-needed
Last-Update: 2016-12-01
Gbp-Pq: Name debian-default-cfg.patch
Arturo Borrero Gonzalez [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
Patch to make the suricata build reproducible This patch makes some changes to the suricata build to make it reproducible . Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds the build path.
Forwarded: not-needed
Last-Update: 2016-09-05
Gbp-Pq: Name reproducible.patch
Sascha Steinbiss [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
suricata (1:7.0.8-2) unstable; urgency=medium
* Drop dpkg depencency from Pre-Depends.
Thanks to Guillem Jover for noticing this.
Closes: #1100109
* Use dpkg-query instead of apt-cache in debian/rules.
Thanks to Jochen Sprickerhof for pointing this out.
Closes: #1100051
[dgit import unpatched suricata 1:7.0.8-2]
Sascha Steinbiss [Sat, 15 Mar 2025 13:37:24 +0000 (14:37 +0100)]
Import suricata_7.0.8-2.debian.tar.xz
[dgit import tarball suricata 1:7.0.8-2 suricata_7.0.8-2.debian.tar.xz]
Raspbian automatic forward porter [Sun, 15 Dec 2024 22:36:03 +0000 (22:36 +0000)]
Merge version 1:7.0.7-1+rpi1 and 1:7.0.8-1 to produce 1:7.0.8-1+rpi1
Sascha Steinbiss [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
Merge suricata (1:7.0.8-1) import into refs/heads/workingbranch
Sascha Steinbiss [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
Import suricata_7.0.8.orig.tar.xz
[dgit import orig suricata_7.0.8.orig.tar.xz]
Pierre Chifflier [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
Hilko Bengen [Tue, 23 Jul 2019 12:43:21 +0000 (14:43 +0200)]
Add --with-ebpf-includes parameter
Gbp-Pq: Name with-ebpf-includes.patch
Hilko Bengen [Tue, 22 Jan 2019 17:10:47 +0000 (18:10 +0100)]
configure: Introduce CLANG variable
Gbp-Pq: Name configure-clang-variable.patch
Sascha Steinbiss [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
do not clean vendor directory on distclean
Last-Update: 2018-12-26
dh_auto_clean calls make distclean, which in the case of Suricata also
removes the vendor directory. This breaks repeated builds.
Gbp-Pq: Name fix-repeated-builds.patch
Adrian Bunk [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
Don't use __USE_GNU
__USE_GNU is a glibc-internal symbol.
AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
way to enable extensions.
Gbp-Pq: Name no-use-gnu.patch
Pierre Chifflier [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
cross
Gbp-Pq: Name cross.patch
Arturo Borrero Gonzalez [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
Debian default configuration This patch sets Debian defaults for suricata configuration. . Currently, it sets a proper path for suricata unix socket.
Forwarded: not-needed
Last-Update: 2016-12-01
Gbp-Pq: Name debian-default-cfg.patch
Arturo Borrero Gonzalez [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
Patch to make the suricata build reproducible This patch makes some changes to the suricata build to make it reproducible . Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds the build path.
Forwarded: not-needed
Last-Update: 2016-09-05
Gbp-Pq: Name reproducible.patch
Sascha Steinbiss [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
suricata (1:7.0.8-1) unstable; urgency=medium
* New upstream release.
[dgit import unpatched suricata 1:7.0.8-1]
Sascha Steinbiss [Fri, 13 Dec 2024 08:29:46 +0000 (09:29 +0100)]
Import suricata_7.0.8-1.debian.tar.xz
[dgit import tarball suricata 1:7.0.8-1 suricata_7.0.8-1.debian.tar.xz]
Raspbian automatic forward porter [Fri, 18 Oct 2024 21:01:23 +0000 (22:01 +0100)]
Merge version 1:7.0.3-1+rpi1 and 1:7.0.7-1 to produce 1:7.0.7-1+rpi1
Sascha Steinbiss [Mon, 14 Oct 2024 08:48:09 +0000 (10:48 +0200)]
Merge suricata (1:7.0.7-1) import into refs/heads/workingbranch
Pierre Chifflier [Mon, 14 Oct 2024 08:48:09 +0000 (10:48 +0200)]
llc
Gbp-Pq: Name llc.patch
Eric Leblond [Thu, 31 Oct 2019 12:29:56 +0000 (13:29 +0100)]
[PATCH] ebpf: avoid to include if_tunnel.h
This is causing a dependency issue as file from another architecture
have to be installed.
Gbp-Pq: Name avoid-to-include-if_tunnel-h.patch
Eric Leblond [Wed, 17 Jul 2019 10:35:12 +0000 (12:35 +0200)]
[PATCH] af-packet: fix build on recent Linux kernels
Gbp-Pq: Name import-sockio-h.patch
projects / suricata.git / log