--- /dev/null
--- /dev/null
++suricata (1:8.0.1-1) unstable; urgency=medium
++
++ Support for sysv init files and configuration via /etc/default/suricata
++ has been removed. The systemd-based setup requires a different
++ customization approach (e.g. to enable nfqueue mode or configure
++ inspection interfaces). Please see the README.Debian file to learn
++ about configuration as intended now.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 21 Aug 2025 19:30:00 +0200
--- /dev/null
--- /dev/null
++#!/bin/bash
++
++# this script prints 'true' if any ancestor process name is any of $REGEXPS
++
++REGEXPS="debci autopkgtest adt"
++
++set -e
++
++walk()
++{
++ pid=$1
++
++ [ ! -r /proc/$pid/cmdline ] && exit 1
++
++ name=$(ps -p $pid -o cmd | tail -1)
++ for exp in $REGEXPS
++ do
++ if grep -e $exp <<< $name >/dev/null ; then
++ echo true
++ exit
++ fi
++ done
++
++ ppid=$(ps -o ppid= $pid | tr -d ' ')
++ walk $ppid
++}
++
++walk $$
--- /dev/null
--- /dev/null
++suricata (1:8.0.3-1) unstable; urgency=medium
++
++ * New upstream version 8.0.3
++ * Add hwloc for NUMA-aware autopinning on supported archs
++ * d/control: Bump standards version from 4.7.2 to 4.7.3:
++ Removed 'Priority: optional' since now obsolete.
++ * d/control: Remove redundant 'Rules-Requires-Root: no' because it
++ defaults to 'no'
++ * d/watch: Change URL to upstream server instead of CDN to bypass delaying
++ new versions due to CDN cache delays.
++
++ -- Andreas Dolp <dev@andreas-dolp.de> Tue, 13 Jan 2026 19:51:26 +0100
++
++suricata (1:8.0.2-1) unstable; urgency=medium
++
++ [ Andreas Dolp ]
++ * Use /usr/bin/kill instead of /bin/kill.
++ * d/control: Bump standards version from 4.6.2 to 4.7.2 without any special
++ * rename d/NEWS.Debian to d/NEWS to fix lintian warning
++ 'incorrect-packaging-filename'
++ * d/copyright: Remove superfluous file patterns for some deleted files
++ * lintian: Remove lintian override 'executable-in-usr-lib'
++ * blhc: Set ignore pattern for rust to avoid false-positives
++ * Fix non-existent '.ft C' in manpages to avoid lintian warnings
++ * New upstream version 8.0.2
++
++ [ Sascha Steinbiss ]
++ * Add Andreas Dolp to Uploaders.
++
++ -- Andreas Dolp <dev@andreas-dolp.de> Thu, 06 Nov 2025 17:36:49 +0100
++
++suricata (1:8.0.1-3) unstable; urgency=medium
++
++ * Add patch to decouple unit tests from CPU count.
++ * Update upstream signing public key from OISF after expiration.
++
++ -- Sascha Steinbiss <satta@debian.org> Fri, 26 Sep 2025 10:48:03 +0200
++
++suricata (1:8.0.1-2) unstable; urgency=medium
++
++ * Add correct version of Landlock patch.
++
++ -- Sascha Steinbiss <satta@debian.org> Mon, 22 Sep 2025 21:06:01 +0200
++
++suricata (1:8.0.1-1) unstable; urgency=medium
++
++ [ Andreas Dolp ]
++ * New upstream release.
++ * Remove libhtp dependency as this is now built in Suricata.
++ * Remove LUA as this is now built in Suricata.
++ * Bump versioned Rust dependency to 1.75.0 or later.
++ * Remove recommended package snort-rules-default.
++ * Add libunwind-dev build dependency.
++ * Refresh Debian patches.
++ * Use systemd service Type=notify for systemd status notification.
++ * Remove libnss compile option and dependency.
++ * Remove libnspr compile option and dependency.
++ * Remove enable-libhs compile option.
++ * Add d/suricata.conffiles to remove sysv init conffiles.
++ * Align rundir and unix command socket to upstream /var/run/suricata/.
++ * Add configuration for landlock LSM security sandbox, but disabled by
++ default.
++
++ [ Sascha Steinbiss ]
++ * Remove sysv init support.
++ * Adjust README.Debian to mention systemd drop-in approach to
++ customize ExecStart parameters without having to clone the
++ packaged unit file.
++ * Remove unneeded ISC license text from d/copyright.
++ * Add NEWS.Debian file documenting the change.
++
++ -- Sascha Steinbiss <satta@debian.org> Sun, 21 Sep 2025 12:27:09 +0200
++
++suricata (1:7.0.11-1) unstable; urgency=medium
++
++ * New Suricata 7 upstream release.
++ * Bump copyright date for debian/ directory.
++
++ -- Sascha Steinbiss <satta@debian.org> Mon, 18 Aug 2025 00:11:44 +0200
++
++suricata (1:7.0.10-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 26 Mar 2025 09:28:20 +0100
++
++suricata (1:7.0.9-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Bump versioned libhtp dependency to 0.5.50 or later.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 18 Mar 2025 18:15:01 +0100
++
++suricata (1:7.0.8-2) unstable; urgency=medium
++
++ * Drop dpkg depencency from Pre-Depends.
++ Thanks to Guillem Jover for noticing this.
++ Closes: #1100109
++ * Use dpkg-query instead of apt-cache in debian/rules.
++ Thanks to Jochen Sprickerhof for pointing this out.
++ Closes: #1100051
++
++ -- Sascha Steinbiss <satta@debian.org> Sat, 15 Mar 2025 14:37:24 +0100
++
++suricata (1:7.0.8-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Fri, 13 Dec 2024 09:29:46 +0100
++
++suricata (1:7.0.7-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Bump versioned libhtp dependency to 0.5.49 or later.
++
++ -- Sascha Steinbiss <satta@debian.org> Mon, 14 Oct 2024 10:48:09 +0200
++
++suricata (1:7.0.6-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Re-enable tests.
++ * Bump copyright date for debian/ directory.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 27 Jun 2024 14:29:40 +0200
++
++suricata (1:7.0.5-2) unstable; urgency=medium
++
++ * Disable tests that need builds for now.
++ Meant to remove one of the roadblocks towards testing migration.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 24 Apr 2024 23:01:32 +0200
++
++suricata (1:7.0.5-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Bump versioned libhtp dependency to 0.5.48 or later.
++ * Remove (probably buggy) Rust constraint from d/rules.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 23 Apr 2024 15:12:33 +0200
++
++suricata (1:7.0.4-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Bump versioned libhtp dependency to 0.5.47 or later.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 20 Mar 2024 13:41:22 +0100
++
++suricata (1:7.0.3-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 08 Feb 2024 23:22:40 +0100
++
++suricata (1:7.0.2-2) unstable; urgency=medium
++
++ * Enable DPDK feature and add dependencies on archs that support it.
++ Closes: #1061762
++
++ -- Sascha Steinbiss <satta@debian.org> Fri, 02 Feb 2024 20:35:20 +0100
++
++suricata (1:7.0.2-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 19 Oct 2023 19:30:48 +0200
++
++suricata (1:7.0.1-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Fri, 15 Sep 2023 21:18:47 +0200
++
++suricata (1:7.0.0-2) unstable; urgency=medium
++
++ * Fix FTBFS on armel and mipsel by fixing -latomic addition in LDFLAGS.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 20 Jul 2023 11:03:07 +0200
++
++suricata (1:7.0.0-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Drop Arturo Borrero Gonzalez from Uploaders at his request.
++ * Use new project website at suricata.io.
++ * Remove patches applied upstream.
++ * Change PCRE lib dependency to libpcre2.
++ * Bump versioned libhtp dependency to 0.5.45 or later.
++ * Bump versioned Rust dependency to 1.61 or later.
++ * Bump watchfile to version 4.
++ * Remove obsolete dependency on lsb-base.
++ * Remove obsolete entries in d/copyright.
++ * Remove versions in Conflicts/Replaces.
++ * Remove obsolete dh_strip override.
++ * Bump d/copyright dates.
++ * Update/fix Lintian overrides regarding eBPF file distribution.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 19 Jul 2023 10:14:37 +0200
++
++suricata (1:6.0.13-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Raise libhtp minimum dependency version to 0.5.44.
++ * Bump Standards-Version.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 15 Jun 2023 23:45:03 +0200
++
++suricata (1:6.0.12-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 09 May 2023 15:58:02 +0200
++
++suricata (1:6.0.11-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Raise libhtp minimum dependency version to 0.5.43.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 13 Apr 2023 23:53:02 +0200
++
++suricata (1:6.0.10-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Drop patch applied upstream.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 31 Jan 2023 14:34:17 +0100
++
++suricata (1:6.0.9-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Use manpages built from source instead of outdated bundled ones.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 29 Nov 2022 11:19:06 +0100
++
++suricata (1:6.0.8-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Raise libhtp minimum dependency version to 0.5.41.
++ * Remove obsolete patch since Python scripts are installed differently
++ via upstream now.
++ * Add upstream metadata.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 27 Sep 2022 23:24:59 +0200
++
++suricata (1:6.0.6-2) unstable; urgency=medium
++
++ * Add patch to not use deprecated libbpf API. This prepares Suricata to be
++ ready for libbpf 1.0 when it hits unstable.
++ Closes: #1018914
++ * Raise libbpf dependency version requirement to 0.7.
++ * Refresh other patches.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 21 Sep 2022 18:39:53 +0200
++
++suricata (1:6.0.6-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Drop patch applied upstream: bigendian-cidr.patch
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 12 Jul 2022 16:57:16 +0200
++
++suricata (1:6.0.5-3) unstable; urgency=medium
++
++ * Add patch to handle undefined LEVEL1_DCACHE_LINESIZE.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 01 Jun 2022 11:33:06 +0200
++
++suricata (1:6.0.5-2) unstable; urgency=medium
++
++ * Introduce patch to fix segfaulting autopkgtests on s390x.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 28 Apr 2022 08:51:06 +0200
++
++suricata (1:6.0.5-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Raise libhtp minimum dependency version to 0.5.40.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 21 Apr 2022 19:53:32 +0200
++
++suricata (1:6.0.4-3) unstable; urgency=medium
++
++ * Remove suricata-oinkmaster binary package.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 14 Dec 2021 15:24:47 +0100
++
++suricata (1:6.0.4-2) unstable; urgency=medium
++
++ * Raise libhtp minimum dependency version to 0.5.39.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 18 Nov 2021 22:57:47 +0100
++
++suricata (1:6.0.4-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 18 Nov 2021 22:00:08 +0100
++
++suricata (1:6.0.3-2) unstable; urgency=medium
++
++ * Use 'command -v' instead of 'which' in suricata-oinkmaster cron file.
++ This avoids a runtime deprecation warning on recent versions, and fixes
++ piuparts cron job tests.
++
++ -- Sascha Steinbiss <satta@debian.org> Mon, 30 Aug 2021 20:56:18 +0200
++
++suricata (1:6.0.3-1) unstable; urgency=medium
++
++ * Upload to unstable post-release.
++ * Remove patch applied upstream.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 18 Aug 2021 16:33:31 +0200
++
++suricata (1:6.0.3-1~exp2) experimental; urgency=medium
++
++ * Also use libatomic workaround on powerpc.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 01 Jul 2021 19:44:53 +0200
++
++suricata (1:6.0.3-1~exp1) experimental; urgency=medium
++
++ * New upstream release.
++ * Bump Standards-Version.
++ * Add Rules-Requires-Root: no.
++ * Raise libhtp minimum version B-D to 0.5.38.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 30 Jun 2021 23:51:24 +0200
++
++suricata (1:6.0.2-1~exp1) experimental; urgency=medium
++
++ * Fix conditional variable use in d/rules.
++ * New upstream release.
++ * Use libhtp 0.5.37.
++
++ -- Sascha Steinbiss <satta@debian.org> Fri, 11 Dec 2020 09:45:02 +0100
++
++suricata (1:6.0.1-3) unstable; urgency=medium
++
++ * Address CVE-2021-35063 by backporting upstream fix.
++ Closes: #990835
++
++ -- Sascha Steinbiss <satta@debian.org> Mon, 19 Jul 2021 13:26:22 +0200
++
++suricata (1:6.0.1-2) unstable; urgency=medium
++
++ * Also specify explicit separate '-latomic' reference on mipsel.
++ This addresses a remaining FTBFS there.
++
++ -- Sascha Steinbiss <satta@debian.org> Fri, 11 Dec 2020 09:35:57 +0100
++
++suricata (1:6.0.1-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Disable Prelude support.
++ This is broken upstream, see https://redmine.openinfosecfoundation.org/issues/4065
++ * Bump libhtp dependency to 0.5.36.
++ * Disable suricata-update, as it is a separate package in Debian.
++ * Add patches to fix builds with new Autoconf scripts.
++ * Use debhelper 13.
++ * Include upstream's man pages.
++ * Add workaround for missing '-latomic' symbols on armel.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 08 Oct 2020 22:23:17 +0200
++
++suricata (1:5.0.3-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Use /run instead of /var/run for pidfiles. Thanks to Michael Berg for the
++ patch.
++ Closes: #954435
++ * Bump libhtp dependency to 0.5.33.
++ * Remove nonexistent Files entries in d/copyright.
++ * Use correct DEB_LDFLAGS_MAINT_APPEND in d/rules..
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 29 Apr 2020 09:34:49 +0200
++
++suricata (1:5.0.2-3) unstable; urgency=medium
++
++ * Source upload to enable testing migration.
++ * Bump Standards-Version.
++
++ -- Sascha Steinbiss <satta@debian.org> Sat, 22 Feb 2020 12:47:50 +0100
++
++suricata (1:5.0.2-2) unstable; urgency=medium
++
++ * Add --allow-multiple-definition linker flag to work around FTBFS on armel.
++ Closes: #951765
++
++ -- Sascha Steinbiss <satta@debian.org> Sat, 22 Feb 2020 12:23:52 +0100
++
++suricata (1:5.0.2-1) unstable; urgency=medium
++
++ * New upstream release.
++ Closes: #951654
++ * Add patch from upstream to build without needing if_tunnel.h.
++ This avoids a potentially foreign arch build-dep for eBPF builds.
++ Thanks to Eric Leblond.
++ * Drop patches applied upstream.
++ * Use debhelper-compat.
++ * Mark autopkgtests requiring a control socket as potentially flaky.
++ We cannot always predict the timing on all archs and do not want to
++ use them for CI gating.
++ Closes: #951721
++ * Bring d/copyright up to date with current code base.
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 20 Feb 2020 14:55:23 +0100
++
++suricata (1:4.1.5-2) unstable; urgency=medium
++
++ * Add versioned Depends on at least libhtp version used for building.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 09 Oct 2019 13:13:40 +0200
++
++suricata (1:4.1.5-1) unstable; urgency=medium
++
++ * New upstream release.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 25 Sep 2019 10:24:50 +0200
++
++suricata (1:4.1.4-7) unstable; urgency=medium
++
++ * Prevent file clash with other packages writing into the Python3
++ module root directory (suricata/__init__.py).
++ * Add patch to make suricatactl Python3-compatible.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 18 Sep 2019 20:55:51 +0200
++
++suricata (1:4.1.4-6) unstable; urgency=medium
++
++ * Make Python components use Python3.
++ Closes: #938603
++
++ -- Sascha Steinbiss <satta@debian.org> Sat, 07 Sep 2019 17:47:44 +0200
++
++suricata (1:4.1.4-5) unstable; urgency=medium
++
++ * Add patch to fix FTBFS on recent kernels. Thanks to Aurelien Jarno for
++ pointing this out.
++ Closes: #934316
++
++ -- Sascha Steinbiss <satta@debian.org> Mon, 12 Aug 2019 12:48:29 +0200
++
++suricata (1:4.1.4-4) unstable; urgency=medium
++
++ [ Hilko Bengen ]
++ * Patch: add --with-ebpf-includes, point to proper include directory for
++ kernel headers, fixing FTBFS on i386
++
++ [ Sascha Steinbiss ]
++ * Only build eBPF programs on archs with available dependencies.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 24 Jul 2019 10:34:25 +0200
++
++suricata (1:4.1.4-3) unstable; urgency=medium
++
++ * Fix cross building by including patch that addresses abuse of
++ AC_CHECK_FILE. Thanks to Helmut Grohne for the patch.
++ Closes: #923174
++ * Enable building with eBPF support.
++ Thanks to Hilko Bengen for the patch.
++ Closes: #917816
++ * Create temporary CARGO_HOME to allow building with new cargo
++ versions when $HOME is nonexistent.
++ * Make autopkgtest more robust when external resources are unavailable.
++ Closes: #932463
++ * Bump debhelper and compat to 12.
++ * Add Pre-Depends by Lintian's suggestion.
++
++ -- Sascha Steinbiss <satta@debian.org> Tue, 09 Jul 2019 16:47:49 +0200
++
++suricata (1:4.1.4-2) unstable; urgency=medium
++
++ * Do not install suricata-update, recommend external pkg instead.
++ Closes: #924096
++
++ -- Sascha Steinbiss <satta@debian.org> Thu, 02 May 2019 17:15:48 +0200
++
++suricata (1:4.1.4-1) unstable; urgency=medium
++
++ * New upstream version 4.1.4
++ - Bugs and security fixes
++ * Refreshed quilt patches
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 01 May 2019 11:44:13 +0200
++
++suricata (1:4.1.3-1) unstable; urgency=medium
++
++ * New upstream version 4.1.3
++ * Refreshed quilt patches
++
++ -- Pierre Chifflier <pollux@debian.org> Fri, 08 Mar 2019 10:24:43 +0100
++
++suricata (1:4.1.2-2) unstable; urgency=medium
++
++ * Upload to unstable.
++
++ -- Sascha Steinbiss <satta@debian.org> Wed, 09 Jan 2019 12:53:47 +0100
++
++suricata (1:4.1.2-1) experimental; urgency=medium
++
++ * New upstream release.
++ * Add myself to uploaders.
++ * Do not remove Rust vendor directory on distclean (Closes: #915154)
++
++ -- Sascha Steinbiss <satta@debian.org> Sun, 23 Dec 2018 10:48:27 +0000
++
++suricata (1:4.1.0-2) experimental; urgency=medium
++
++ * Disable Rust on armel for now (FTBFS)
++ * Add liblz4-dev to build-deps to enable pcap compression
++ * Update build-dependency on python:any to fix FTCBFS (Closes: #909606)
++
++ -- Pierre Chifflier <pollux@debian.org> Mon, 26 Nov 2018 11:07:08 +0100
++
++suricata (1:4.1.0-1) experimental; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * libhtp: bump soname to libhtp-0.5.24-1
++
++ [ Pierre Chifflier ]
++ * New upstream version 1:4.1.0
++ * Refreshed quilt patches
++ * Update python code directory
++ * Enable rust support (i386 and amd64 only for now)
++ * Also enable Rust on ARM architectures
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 15 Nov 2018 13:29:23 -0800
++
++suricata (1:4.0.6-1) unstable; urgency=medium
++
++ * New upstream version 1:4.0.6
++
++ -- Pierre Chifflier <pollux@debian.org> Mon, 12 Nov 2018 09:19:39 +0100
++
++suricata (1:4.0.5-1) unstable; urgency=medium
++
++ [ Sascha Steinbiss ]
++ * Add patches to help with cross-compiling. Thanks to Helmut Grohne
++ for the patch.
++ Closes: #895996
++ * Add patches to fix building on ia64.
++ Thanks to Jason Duerstock and Adrian Bunk for the patches.
++ Closes: #890432
++ * Fix spelling in debian/patches/reproducible.patch.
++ * Remove obsolete X-Python-Version hint.
++ * Use updated watchfile source URL with https support.
++ * Remove obsolete --parallel dh parameter.
++ * Use canonical Salsa Vcs-Git URL.
++
++ [ Pierre Chifflier ]
++ * New upstream version 1:4.0.5
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 18 Jul 2018 17:14:02 +0200
++
++suricata (1:4.0.4-1) unstable; urgency=medium
++
++ * [3f18cd8] d/control: refresh git URLs
++ * [17da106] New upstream version 4.0.4 (Closes: #889842) fixes CVE-2018-6794
++ * [00fcf17] d/compat: bump debhelper compat level to 11
++ * [45dc0db] d/control: bump std-version to 4.1.3
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 14 Feb 2018 11:33:33 +0100
++
++suricata (1:4.0.3-1) unstable; urgency=medium
++
++ [ Sascha Steinbiss ]
++ * [aece4d6] New upstream version 4.0.3
++ * [c23b64f] refresh patches
++
++ [ Arturo Borrero Gonzalez ]
++ * [7f077ca] d/control: bump std-version to 4.1.2
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 13 Dec 2017 11:42:18 +0100
++
++suricata (1:4.0.1-2) unstable; urgency=medium
++
++ * [d9998f8] suricata-oinkmaster.conf: update ETOPEN ruleset for suricata 4.0.0
++ (Closes: #882442)
++ * [0beae03] suricata-oinkmaster-updater.8: fix typos
++ * [6e7ae75] d/: get rid of dh --with autotools-dev
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 23 Nov 2017 13:41:09 +0100
++
++suricata (1:4.0.1-1) unstable; urgency=medium
++
++ * [72d28e5] d/control: upgrade std-version to 4.1.0
++ * [ea1e317] d/control: upgrade std-version to 4.1.1
++ * [14fea39] d/: switch to debhelper compat 10
++ * [a4715b8] New upstream version 4.0.1
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Sat, 21 Oct 2017 12:09:27 +0200
++
++suricata (1:4.0.0-5) unstable; urgency=medium
++
++ * [392c5b2] d/t/control: allow-stderr for the internal unittest test
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 20 Sep 2017 20:27:12 +0200
++
++suricata (1:4.0.0-4) unstable; urgency=medium
++
++ * [93ee9030] d/control: enable libluajit-5.1-dev build-dep on mipsel
++ (Closes: #873832)
++ * [9527fe94] d/t/control: run suricata -u from the source tree
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Fri, 08 Sep 2017 06:06:47 +0200
++
++suricata (1:4.0.0-3) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * [aa53ce82] suricata-oinkmaster-updater.8: fix typo
++ * [2d171d5a] suricata-oinkmaster-updater.8: clarify paragraph
++ * [90c76777] d/rules: disable dh_auto_test
++ * [5b311761] suricata: switch to use dbgsym package
++ * [9b12c48d] d/control: bump std-versions to 4.0.1
++
++ [ Sascha Steinbiss ]
++ * [c353985a] enable libevent support (Closes: #872908)
++ * [49ff3181] enable luajit on mipsel (Closes: #858545)
++
++ [ Arturo Borrero Gonzalez ]
++ * [50ab7eae] suricata.service: update online docs link
++ * [5098fd7b] d/control: add dh-python to build-deps
++ * [f070d160] d/watch: implement signature verification
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 29 Aug 2017 23:22:48 +0200
++
++suricata (1:4.0.0-2) unstable; urgency=medium
++
++ * [449b4202] d/t/control: running suricata unittest requires
++ geoip-database installed
++ * [0bd02487] d/building-in-ci.sh: be more robust
++ * [edd49e4a] d/watch: more robust approach for upstream tarball generation
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 15 Aug 2017 13:45:45 +0200
++
++suricata (1:4.0.0-1) unstable; urgency=medium
++
++ * [636f10f] d/rules: actually use dh-systemd (Closes: #861732)
++ * [c728ed0] d/rules: cleanup comments
++ * [f0d9adb] suricata: switch to src:libhtp instead of the bundled one
++ * [fa5f8be] New upstream version 4.0.0-rc1
++ * [fac7566] suricata: remove Build-Conflict with libhtp-dev
++ * [1bce782] suricata: explicit build-dep on new src:libhtp
++ * [f3aec1c] d/suricata.preinst: use strict mode (Closes: #866280)
++ * [c831659] suricata: support for internal unittest in autopktest
++ * [557ded7] New upstream version 4.0.0
++ * [5d41b6c] d/t/control: the internal suricata unittest is a command test
++ * [7f4feaa] d/changelog: add missing entry for 4.0.0-beta1-1~exp1
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Fri, 28 Jul 2017 05:29:48 +0200
++
++suricata (4.0.0-beta1-1~exp1) unstable; urgency=medium
++
++ * [c21347df] New upstream version 4.0.0-beta1
++ * [5661b3cc] libhtp: bump soname to libhtp-0.5.24-1
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Fri, 09 Jun 2017 20:52:10 +0200
++
++suricata (3.2.1-1) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * Rebuild for unstable from 3.2.1-1~exp2 (experimental).
++
++ [ Sascha Steinbiss ]
++ * [d0c3629] detect valid interface in autopkgtest
++ * [2d3ae00] fix typo in service file
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 16 Mar 2017 09:04:03 +0100
++
++suricata (3.2.1-1~exp2) experimental; urgency=medium
++
++ [ Sascha Steinbiss ]
++ * [ced48e4] suricata: migrate from old split binary scheme (Closes: #855573)
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Mon, 20 Feb 2017 13:29:37 +0100
++
++suricata (3.2.1-1~exp1) experimental; urgency=medium
++
++ * [67004c8] New upstream version 3.2.1
++ * [05b1756] d/control: bump dependency on libhyperscan
++ * [4483d1c] suricata: drop suricata-hyperscan binary package (Closes: #851647)
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 15 Feb 2017 20:54:17 +0100
++
++suricata (3.2-2) unstable; urgency=medium
++
++ * Rebuild for unstable.
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 10 Jan 2017 09:27:59 +0100
++
++suricata (3.2-2~exp1) experimental; urgency=medium
++
++ [ Sascha Steinbiss ]
++ * [8c7704d] suricata: add hyperscan support (Closes: #846143)
++
++ [ Arturo Borrero Gonzalez ]
++ * [209d2cf] suricata: add remaining hyperscan support
++
++ [ Sascha Steinbiss ]
++ * [ec9b28a] set +x bit on d/suricata-hyperscan.install
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 22 Dec 2016 09:01:29 +0100
++
++suricata (3.2-1) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * [04f5cc3] d/control: update suricata homepage to suricata-ids.org
++ (Closes: #844603)
++
++ [ Sascha Steinbiss ]
++ * [b1cd09c] d/t/control: add some time to settle in autopkgtest
++
++ [ Arturo Borrero Gonzalez ]
++ * [dde83f1] New upstream version 3.2
++ * [c55dda2] d/patches/debian-default-cfg.patch: refresh patch
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 01 Dec 2016 16:22:50 +0100
++
++suricata (3.1.3-3) unstable; urgency=medium
++
++ * [e7a248d] d/tests/control: allow-stderr in the suricata-oinkmaster-updater
++ command
++ * [2caf89b] d/control: make libhtp packages Multi-Arch: same
++ * [825cef4] d/libhtp-0.5.23-1.lintian-overrides: generalize override
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Thu, 10 Nov 2016 09:42:29 +0100
++
++suricata (3.1.3-2) unstable; urgency=medium
++
++ * [5c395f9] d/tests/control: rearange suricatasc command tests
++ * [789723b] d/tests/control: fix typo in test command 'suricatas'
++ * [353e030] d/changelog: clean word with typo from the changelog
++ * [b4cf113] d/: add libhtp-0.5.23-1.lintian-overrides
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Wed, 09 Nov 2016 13:44:17 +0100
++
++suricata (3.1.3-1) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * [165d14e] suricata-oinkmaster: move the update script to /usr/sbin
++ (Closes: #838129)
++ * [2e21734] d/tests/control: add a basic test for suricata-oinkmaster-updater
++ * [be640f3] suricata: split libhtp to separate binary packages
++ * [c41567a] suricata-oinkmaster: add manpage for suricata-oinkmaster-updater
++ * [b5b6483] d/copyright: refresh file
++ * [2be2225] d/control: add references to IPS and firewall
++ * [bd6a9ed] d/: add symbols file for libhtp
++ * [f61be7d] suricata-oinkmaster-updater.8: fix typo
++ * [ead4a84] d/: update email address to 'arturo@debian.org'
++ * [36d9b9d] d/: refresh date of manpages
++
++ [ Sascha Steinbiss ]
++ * [da1c3c6] d/suricata.logrotate: use 'copytruncate' instead of 'create'
++
++ [ Arturo Borrero Gonzalez ]
++ * [cd9d5d4] New upstream version 3.1.3
++ * [f32a582] libhtp: symbols: refresh file
++ * [1e3edb0] libhtp: bump soname
++ * [d46497e] d/control: suricata depends on lsb-base
++ * [08a6195] d/copyright: refresh copyright owner for some libhtp files
++
++ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 08 Nov 2016 08:51:58 +0100
++
++suricata (3.1.2-2) unstable; urgency=medium
++
++ * [482c6f6] d/tests/control: allow-stderr for systemd-service-test.sh
++ * [a4eff10] d/tests/control: add tests for suricatasc
++ * [892096c] d/suricata.8: fix typo 'inet' vs 'init'
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Thu, 08 Sep 2016 12:46:44 +0200
++
++suricata (3.1.2-1) unstable; urgency=medium
++
++ * [4e0605d] Revert "suricata: drop support for sysvinit"
++ * [f5abe38] d/patches: add reproducible.patch.
++ Thanks to Christoph Berg <myon@debian.org> for the pointers.
++ * [6569809] New upstream version 3.1.2
++ * [5fea3a6] d/suricata.service: include Restart=on-failure
++ * [d1a973d] d/suricata.service: add ProtectSystem=full and ProtectHome=true
++ * [8e1cddd] d/tests/systemd-service-test.sh: don't test the reload operation by now
++ * [87c00b1] d/suricata.maintscript: factorize renaming of old config file
++ (Closes: #835643)
++ * [55c7a32] d/oinkmaster/suricata-oinkmaster-updater: drop warnings
++ * [7651669] d/oinkmaster/suricata-oinkmaster-updater: cleanup file
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Wed, 07 Sep 2016 13:25:13 +0200
++
++suricata (3.1.1-4) unstable; urgency=medium
++
++ * [c9b6efd] d/tests/: add new systemd-service-test.sh test
++ * [848a40f] d/README.Debian: this is not a beta release
++ * [0afb007] d/README.Debian: update file with systemd information
++ * [234ec55] d/suricata.8: update manpage
++ * [ebd6a8a] suricata: drop support for sysvinit
++ * [d8fae07] d/suricata.service: get rid of environment variables
++ * [5fe5359] d/suricata.service: use suricatasc for stop and reload
++ * [2ffd606] d/tests/systemd-service-test.sh: add tests for daemon reload
++ * [5196c36] d/suricata.service: require network-online.target (Closes:
++ #835168)
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Thu, 25 Aug 2016 14:14:20 +0200
++
++suricata (3.1.1-3) unstable; urgency=medium
++
++ * [22d26a5] suricata-oinkmaster-updater: prevent bogus if evaluation
++ * [4805c7a] suricata-oinkmaster-updater: dont exit with error if missing
++ requirements (Closes: #834029)
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 16 Aug 2016 13:53:12 +0200
++
++suricata (3.1.1-2) unstable; urgency=medium
++
++ * [833f1c5] d/: add new binary package suricata-oinkmaster
++ * [6155001] d/suricata.service: remove duplicated -D switch in
++ ExecStart=
++ * [6ebbd82] d/patches: add debian-default-cfg.patch [enable unix socket
++ by default]
++ * [2286eb4] d/suricatasc.1: update manpage
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Thu, 28 Jul 2016 13:21:30 +0200
++
++suricata (3.1.1-1) unstable; urgency=medium
++
++ * [cafb099] d/suricata: rename suricata main conffile to
++ /etc/suricata/suricata.yaml
++ * [445c957] suricata: add systemd service file
++ * [94b93bf] Imported Upstream version 3.1.1
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 25 Jul 2016 11:12:03 +0200
++
++suricata (3.1-1) unstable; urgency=medium
++
++ * [d2cce67] d/control: add Vcs-Browser and Vcs-Git information
++ * [8bb2030] Imported Upstream version 3.1
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Tue, 21 Jun 2016 11:00:55 +0200
++
++suricata (3.0.1-2) unstable; urgency=medium
++
++ * [178f3cf] suricata: add libgeoip support
++ * [c8a0a0a] d/control: bump std-version to 3.9.8
++ * [523203d] d/control: wrap-and-sort
++ * [e5abae9] suricata: add hiredis support
++ * [9ec82b8] d/control: get rid of XS-Testsuite directive
++
++ -- Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Mon, 23 May 2016 11:39:40 +0200
++
++suricata (3.0.1-1) unstable; urgency=medium
++
++ * Imported Upstream version 3.0.1
++ * Bump Standards Version to 3.9.7
++
++ -- Pierre Chifflier <pollux@debian.org> Fri, 08 Apr 2016 10:58:35 +0200
++
++suricata (3.0-1) unstable; urgency=medium
++
++ * Imported Upstream version 3.0
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 28 Jan 2016 06:02:41 +0100
++
++suricata (2.0.11-1) unstable; urgency=medium
++
++ * Imported Upstream version 2.0.11
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 07 Jan 2016 10:17:16 +0100
++
++suricata (2.0.10-2) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * d/copyright: update file to follow Debian Policy 3.9.6.1
++ * d/control: bump standards to 3.9.6
++ * suricata: add nflog support (Closes: #775074)
++ * d/: wrap-and-sort
++ * d/control: architecture is linux-any
++ * d/rules: don't include upstream install documentation
++ * d/tests: add first basic test
++ * d/control: add missing Testsuite declaration
++ * suritaca: add package suricata-dbg (Closes: #753438)
++ * suricata sysvinit: fix libtcmalloc-minimal integration (Closes: #725249)
++ * d/suricata.init: cleanup file
++ * suricatasc: add manpage
++
++ [ Pierre Chifflier ]
++ * Merge unstable-next branch
++ * Fix dependencies and priority for -dbg package
++ * Install manpage for suricatasc
++
++ -- Pierre Chifflier <pollux@debian.org> Tue, 05 Jan 2016 21:02:40 +0100
++
++suricata (2.0.10-1) unstable; urgency=medium
++
++ * Imported Upstream version 2.0.10
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 26 Nov 2015 10:35:53 +0100
++
++suricata (2.0.9-1) unstable; urgency=medium
++
++ * Imported Upstream version 2.0.9
++ * Update watch file
++
++ -- Pierre Chifflier <pollux@debian.org> Fri, 25 Sep 2015 19:19:53 +0200
++
++suricata (2.0.8-1) unstable; urgency=high
++
++ [ Arturo Borrero Gonzalez ]
++ * d/suricata.logrotate: add logrotate configuration (Closes: #767249)
++ * d/patches: patch suricatasc to prevent depends on python-symplejson
++ (Closes: #759475)
++ * Revert "d/patches: patch suricatasc to prevent depends on python-symplejson"
++
++ [ Pierre Chifflier ]
++ * Imported Upstream version 2.0.8
++ * Bump Standards Version to 3.9.6
++ Fixes CVE-2015-0971 (Integer overflow in the DER parser)
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 07 May 2015 11:03:19 +0200
++
++suricata (2.0.7-2) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * d/suricata.init: fix proc nfqueue file checking (Closes: #725301)
++
++ [ Pierre Chifflier ]
++ * Check for both proc entries for nfqueue (backwards compatibility) and
++ issue warning only
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 15 Mar 2015 11:17:27 +0100
++
++suricata (2.0.7-1) unstable; urgency=medium
++
++ [ Pierre Chifflier ]
++ * Imported Upstream version 2.0.7
++ * Fix problems with upstream version import
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 12 Mar 2015 07:06:49 +0100
++
++suricata (2.0.6-3) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * suricata: don't deploy .so links
++
++ [ Pierre Chifflier ]
++ * Add missing installation files (Closes: #778724)
++ * Fix .so symlinks removal
++ * Update default-rules-path
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 19 Feb 2015 11:55:05 +0100
++
++suricata (2.0.6-2) unstable; urgency=medium
++
++ [ Arturo Borrero Gonzalez ]
++ * d/patches: drop 10-fix-missing-script-autoreconf.patch (Closes: #778670)
++ * d/rules: prevent not .so libhtp files from entering binary suricata package
++
++ [ Pierre Chifflier ]
++ * Add conflicts/replaces fields for transition from libhtp (Closes: #778668)
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 18 Feb 2015 11:19:31 +0100
++
++suricata (2.0.6-1) unstable; urgency=medium
++
++ [ Pierre Chifflier ]
++ * Imported Upstream version 2.0.6
++ * Add Arturo to uploaders
++
++ [ Arturo Borrero Gonzalez ]
++ * suricata: use embedded copy of libhtp (Closes: #772551)
++
++ -- Pierre Chifflier <pollux@debian.org> Tue, 17 Feb 2015 11:31:22 +0100
++
++suricata (2.0.4-1) unstable; urgency=high
++
++ * Imported Upstream version 2.0.4
++ * Security: fix out-of-bounds access in SSH parser (Closes: #762828)
++ * Urgency high, CVE-2014-6603
++ Stable and Oldstable versions are not affected.
++
++ -- Pierre Chifflier <pollux@debian.org> Fri, 10 Oct 2014 13:19:59 +0200
++
++suricata (2.0.3-1) unstable; urgency=medium
++
++ * Imported Upstream version 2.0.3
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 20 Aug 2014 15:06:21 +0200
++
++suricata (2.0.2-1) unstable; urgency=medium
++
++ * Imported Upstream version 2.0.2
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 29 Jun 2014 18:27:56 +0200
++
++suricata (2.0-1) unstable; urgency=medium
++
++ * Imported Upstream version 2.0
++ * Update build, require a recent libhtp, and disable coccinelle tests.
++ * Upload to unstable
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 02 Apr 2014 20:23:10 +0200
++
++suricata (1.4.7-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4.7
++ * Bump Standards Version to 3.9.5
++ * Run autoreconf during build to fix some errors caused by different
++ autotools versions
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 29 Dec 2013 11:29:57 +0100
++
++suricata (1.4.6-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4.6
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 06 Oct 2013 18:52:34 +0200
++
++suricata (1.4.5-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4.5
++ * Prepare transition for suricata 2.0 by conflicting with libhtp >= 0.5
++
++ -- Pierre Chifflier <pollux@debian.org> Tue, 20 Aug 2013 16:44:45 +0200
++
++suricata (1.4.3-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4.3
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 04 Jul 2013 11:50:13 +0200
++
++suricata (1.4.2-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4.2
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 29 May 2013 16:24:52 +0200
++
++suricata (1.4.1-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4.1
++ * Install python control script (add dependency on python, and use
++ dh_python2 for build)
++ * Bump Standards Version to 3.9.4
++ * Fix removal of pid file in init script (Closes: #700547)
++ Thanks to Игорь Козинов <madvampik@gmail.com>.
++ * Add support for af-packet mode in init script (Closes: #697928).
++ Thanks to Jamie Strandboge <jamie@ubuntu.com>.
++
++ -- Pierre Chifflier <pollux@debian.org> Tue, 21 May 2013 12:42:45 +0200
++
++suricata (1.4-3) unstable; urgency=low
++
++ * Add configure flag for luajit only on supported architectures
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 22 Dec 2012 16:38:41 +0100
++
++suricata (1.4-2) unstable; urgency=low
++
++ * Fix error in init script, stop trying to manage suricata pid file
++ * Use arch-specific build dependencies for libluajit-5.1-dev, it is not
++ available on all architectures
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 22 Dec 2012 15:39:57 +0100
++
++suricata (1.4-1) unstable; urgency=low
++
++ * Imported Upstream version 1.4
++ * Enable Jansson and LuaJIT support, and add libjansson-dev libluajit-5.1-dev
++ to build-deps
++ * Add python to recommends, for the suricatasc script
++ * Create /var/run/suricata directory when starting daemon
++
++ -- Pierre Chifflier <pollux@debian.org> Fri, 14 Dec 2012 00:02:51 +0100
++
++suricata (1.3.5-1) unstable; urgency=low
++
++ * Imported Upstream version 1.3.5
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 06 Dec 2012 21:13:56 +0100
++
++suricata (1.3.4-1) unstable; urgency=low
++
++ * Imported Upstream version 1.3.4
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 17 Nov 2012 09:56:08 +0100
++
++suricata (1.3.3-1) unstable; urgency=low
++
++ * Imported Upstream version 1.3.3
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 03 Nov 2012 09:38:36 +0100
++
++suricata (1.3.2-1) unstable; urgency=low
++
++ * Imported Upstream version 1.3.2
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 13 Oct 2012 12:18:33 +0200
++
++suricata (1.3-1) unstable; urgency=low
++
++ * Imported Upstream version 1.3
++ * Add build-dependency on libnss3-dev and libnspr4-dev
++ * Bump Standards Version to 3.9.3
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 22 Jul 2012 22:27:36 +0200
++
++suricata (1.2.1-2) unstable; urgency=low
++
++ * Use override targets in rules files (Closes: #666330)
++ * Add support for parallel build in debian/rules
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 12 Apr 2012 01:56:48 +0200
++
++suricata (1.2.1-1) unstable; urgency=low
++
++ * Imported Upstream version 1.2.1
++ * Add libmagic-dev to build-deps
++ * Convert to DH version 9
++ - Switch from hardening-wrapper to dpkg-buildflags
++
++ -- Pierre Chifflier <pollux@debian.org> Mon, 23 Jan 2012 21:47:26 +0100
++
++suricata (1.1.1-2) unstable; urgency=low
++
++ * Add *.config files to default installation
++ * Trigger rebuild with libhtp versioned symbols
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 05 Jan 2012 08:20:24 +0100
++
++suricata (1.1.1-1) unstable; urgency=low
++
++ * Imported Upstream version 1.1.1
++ * Add configure option --enable-af-packet
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 07 Dec 2011 21:52:53 +0100
++
++suricata (1.1-1) unstable; urgency=low
++
++ * Imported Upstream version 1.1
++ * Add instructions on getting new rules using oinkmaster
++ * Add Recommends on oinkmaster
++ * Move snort-rules-default to Recommends
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 17 Nov 2011 23:20:51 +0100
++
++suricata (1.0.5-1) unstable; urgency=low
++
++ * Imported Upstream version 1.0.5
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 27 Jul 2011 08:20:25 +0200
++
++suricata (1.0.4-1) unstable; urgency=low
++
++ * Imported Upstream version 1.0.4
++ * Bump Standards Version to 3.9.2
++ * Enable hardening-wrapper
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 25 Jun 2011 13:45:44 +0200
++
++suricata (1.0.3-1) unstable; urgency=low
++
++ * Imported Upstream version 1.0.3
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 13 Apr 2011 16:59:32 +0200
++
++suricata (1.0.2-2) unstable; urgency=low
++
++ * Add init script (thanks to Edward Fjellskål)
++ * Switch to dpkg-source 3.0 (quilt) format
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 19 Dec 2010 18:35:50 +0100
++
++suricata (1.0.2-1) unstable; urgency=low
++
++ * New Upstream version 1.0.2 (Closes: #598389)
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 29 Sep 2010 10:02:52 +0200
++
++suricata (1.0.1-1) unstable; urgency=low
++
++ * Imported Upstream version 1.0.1 (Closes: #591559)
++ * Bump Standards version to 3.9.1
++ * Create /var/log/suricata (Closes: #590861)
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 11 Aug 2010 14:45:14 +0200
++
++suricata (1.0.0-1) unstable; urgency=low
++
++ * Imported Upstream version 1.0.0
++ * Remove arch=native flag from build (Closes: #587714)
++ * Bump Standards version to 3.9.0
++
++ -- Pierre Chifflier <pollux@debian.org> Thu, 01 Jul 2010 21:28:41 +0200
++
++suricata (0.9.2-1) unstable; urgency=low
++
++ * Imported Upstream version 0.9.2
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 19 Jun 2010 17:39:14 +0200
++
++suricata (0.9.1-1) unstable; urgency=low
++
++ * Imported Upstream version 0.9.1
++ * Update watch file
++
++ -- Pierre Chifflier <pollux@debian.org> Wed, 26 May 2010 23:09:07 +0200
++
++suricata (0.9.0-1) unstable; urgency=low
++
++ * Imported Upstream version 0.9.0
++ * Add libcap-ng-dev to build-deps
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 09 May 2010 10:43:44 +0200
++
++suricata (0.8.2-1) unstable; urgency=low
++
++ * Imported Upstream version 0.8.2
++ * Force selection of external libhtp during build
++ * Enable Prelude support
++ * Update watch file
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 02 May 2010 10:50:05 +0200
++
++suricata (0.8.0-2) unstable; urgency=low
++
++ * Update debian/copyright to include all files
++
++ -- Pierre Chifflier <pollux@debian.org> Sun, 21 Feb 2010 21:45:33 +0100
++
++suricata (0.8.0-1) unstable; urgency=low
++
++ * Initial release (Closes: #563422)
++
++ -- Pierre Chifflier <pollux@debian.org> Sat, 30 Jan 2010 18:25:05 +0100
--- /dev/null
--- /dev/null
++Source: suricata
++Section: net
++Maintainer: Pierre Chifflier <pollux@debian.org>
++Uploaders: Sascha Steinbiss <satta@debian.org>, Andreas Dolp <dev@andreas-dolp.de>
++Build-Depends: debhelper-compat (= 13),
++ dh-python,
++ libbpf-dev (>= 1:0.7.0) [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32],
++ clang [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32],
++ llvm [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32],
++ libcap-ng-dev,
++ libelf-dev [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32],
++ libevent-dev,
++ libgeoip-dev,
++ libhiredis-dev,
++ libjansson-dev,
++ libhyperscan-dev (>= 4.4.0) [i386 amd64 x32],
++ rustc (>= 1.75.0),
++ cargo (>= 0.29.0),
++ liblz4-dev,
++ libmagic-dev,
++ libmaxminddb-dev,
++ libnet1-dev | libnet-dev,
++ libnetfilter-log-dev,
++ libnetfilter-queue-dev,
++ libpcap-dev,
++ libpcre2-dev,
++ libyaml-dev,
++ python3:any,
++ zlib1g-dev | libz-dev,
++ procps,
++ dpdk-dev [amd64 arm64 riscv64 ppc64el],
++ libnuma-dev [amd64 arm64 riscv64 ppc64el],
++ libunwind-dev,
++ libhwloc-dev [amd64 arm64 armhf i386 ppc64el riscv64 s390x]
++Standards-Version: 4.7.3
++Homepage: https://suricata.io
++Vcs-Browser: https://salsa.debian.org/pkg-suricata-team/pkg-suricata
++Vcs-Git: https://salsa.debian.org/pkg-suricata-team/pkg-suricata.git
++
++Package: suricata
++Architecture: linux-any
++Pre-Depends: ${misc:Pre-Depends}
++Depends: ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}
++Conflicts: suricata-hyperscan
++Replaces: suricata-hyperscan
++Recommends: python3, suricata-update
++Suggests: libtcmalloc-minimal4
++Description: Next Generation Intrusion Detection and Prevention Tool
++ Suricata is a network Intrusion Detection System (IDS). It is based on
++ rules (and is fully compatible with snort rules) to detect a variety of
++ attacks / probes by searching packet content.
++ .
++ It can also be used as Intrusion Prevention System (IPS), and as higher layer
++ firewall.
++ .
++ This new Engine supports Multi-Threading, Automatic Protocol Detection
++ (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression, Fast
++ IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU
++ cards.
++ .
++ This version has inline (NFQUEUE) support enabled.
--- /dev/null
--- /dev/null
++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
++Upstream-Name: suricata
++Source: https://suricata.io/download/
++
++Files: *
++Copyright: 2007-2020 Open Information Security Foundation
++License: GPL-2
++
++Files: aclocal.m4
++Copyright: 1996-2017 Free Software Foundation, Inc.
++ 2004 Scott James Remnant <scott@netsplit.com>
++ 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
++License: GPL-2+
++
++Files: compile
++ config.sub
++ configure
++Copyright: 1992-2018 Free Software Foundation, Inc.
++License: GPL-2
++
++Files: config.guess
++Copyright: 1992-2018 Free Software Foundation, Inc.
++License: GPL-3
++
++Files: debian/*
++Copyright: 2010 Pierre Chifflier <pollux@debian.org>
++ 2019-2025 Sascha Steinbiss <satta@debian.org>
++License: GPL-2
++
++Files: doc/Makefile.in
++ doc/userguide/Makefile.in
++Copyright: 1989, 1991-2015, Free Software Foundation, Inc.
++License: GPL-2
++
++Files: install-sh
++Copyright: 1994, X Consortium
++License: Expat
++
++Files: ebpf/Makefile.in
++ etc/Makefile.in
++ python/Makefile.in
++ qa/Makefile.in
++ qa/coccinelle/Makefile.in
++ rules/Makefile.in
++ rust/Makefile.in
++ src/Makefile.in
++Copyright: 1994-2023 Free Software Foundation, Inc.
++License: GPL-2
++
++Files: ebpf/include/linux/bpf.h
++Copyright: 2011-2014 PLUMgrid
++License: GPL-2
++
++Files: qa/coccinelle/sz3.cocci
++Copyright: 2012 LIP6/INRIA
++License: GPL-2
++
++Files: qa/wirefuzz.pl
++Copyright: 2010-2015 Open Information Security Foundation
++License: GPL-2
++
++Files: rust/vendor/autocfg*/*
++Copyright: 2018 Josh Stone <cuviper@gmail.com>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/base64/*
++Copyright: 2015 Alice Maz
++License: MIT or Apache-2.0
++
++Files: rust/vendor/bitflags/*
++Copyright: 2014 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/build_const/*
++Copyright: 2017 Garrett Berg, vitiral@gmail.com
++License: MIT
++
++Files: rust/vendor/byteorder/*
++Copyright: 2015 Andrew Gallant
++License: MIT or Unlicense
++
++Files: rust/vendor/crc/*
++Copyright: 2017 crc-rs Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/der-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/enum_primitive/*
++Copyright: 2015 Anders Kaseorg <andersk@mit.edu>
++License: MIT
++
++Files: rust/vendor/ipsec-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/kerberos-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/libc/*
++Copyright: 2014 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/memchr/*
++Copyright: 2015 Andrew Gallant <jamslam@gmail.com>
++License: Unlicense or MIT
++
++Files: rust/vendor/nom/*
++Copyright: 2014-2018 Geoffroy Couprie <contact@geoffroycouprie.com>
++License: MIT
++
++Files: rust/vendor/ntp-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/num*/*
++Copyright: 2014 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/phf*/*
++Copyright: 2014-2016 Steven Fackler <sfackler@gmail.com>
++License: MIT
++
++Files: rust/vendor/proc-macro2/*
++Copyright: 2014 Alex Crichton <alex@alexcrichton.com>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/quote/*
++Copyright: 2016 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/rand*/*
++Copyright: 2018 The Rand Project Developers
++ 2014 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/rusticata-macros/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/siphasher/*
++Copyright: 2012-2016 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/snmp-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/syn/*
++Copyright: David Tolnay <dtolnay@gmail.com>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/time/*
++Copyright: 2014 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/tls-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/unicode-xid/*
++Copyright: 2015 The Rust Project Developers
++License: MIT or Apache-2.0
++
++Files: rust/vendor/version_check/*
++Copyright: 2017-2018 Sergio Benitez <sb@sergio.bz>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/widestring/*
++Copyright: 2016 Kathryn Long <squeeself@gmail.com>
++License: MIT or Apache-2.0
++
++Files: rust/vendor/x509-parser/*
++Copyright: 2017 Pierre Chifflier <chifflier@wzdftpd.net>
++License: MIT or Apache-2.0
++
++Files: src/Makefile.am
++ src/util-hash-lookup3.c
++ src/util-hash-lookup3.h
++Copyright: 2008 Victor Julien <victor@inliniac.net>
++License: GPL-2
++
++Files: src/detect-modbus.c
++ src/detect-modbus.h
++ src/detect-tls.c
++ src/detect-tls.h
++Copyright: 2011-2015, ANSSI
++License: BSD-3-clause
++
++Files: src/queue.h
++ src/win32-syslog.h
++Copyright: 1982, 1986, 1988, 1991, 1993, The Regents of the University of California.
++License: BSD-3-clause
++
++Files: src/util-fix_checksum.c
++ src/util-fix_checksum.h
++Copyright: 2002-2008, Henning Brauer
++ 2001, Daniel Hartmeier
++License: BSD-2-clause
++Comment:
++ In addition to the BSD license, the authors state the following:
++ Effort sponsored in part by the Defense Advanced Research Projects
++ Agency (DARPA) and Air Force Research Laboratory, Air Force
++ Materiel Command, USAF, under agreement number F30602-01-2-0537
++
++Files: src/util-strlcatu.c
++ src/util-strlcpyu.c
++Copyright: 1998, Todd C. Miller <Todd.Miller@courtesan.com>
++License: BSD-3-clause
++
++Files: src/tree.h
++Copyright: 2002 Niels Provos <provos@citi.umich.edu>
++License: BSD-2-clause
++
++Files: suricata-update/*
++Copyright: 2017-2019 Open Information Security Foundation
++ 2013-2017 Jason Ish
++License: GPL-2
++
++Files: suricata-update/suricata/update/compat/ordereddict.py
++Copyright: 2009 Raymond Hettinger
++License: MIT
++
++License: BSD-3-clause
++ The BSD License
++ .
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions are
++ met:
++ .
++ * Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++ .
++ * Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++ .
++ * Neither the name of foo nor the names of its
++ contributors may be used to endorse or promote products derived from
++ this software without specific prior written permission.
++ .
++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
++ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
++ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
++ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
++ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
++ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
++ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++
++License: Expat
++ The MIT License
++ .
++ Permission is hereby granted, free of charge, to any person
++ obtaining a copy of this software and associated
++ documentation files (the "Software"), to deal in the Software
++ without restriction, including without limitation the rights to
++ use, copy, modify, merge, publish, distribute, sublicense,
++ and/or sell copies of the Software, and to permit persons to
++ whom the Software is furnished to do so, subject to the
++ following conditions:
++ .
++ The above copyright notice and this permission notice shall
++ be included in all copies or substantial portions of the
++ Software.
++ .
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT
++ WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
++ INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ MERCHANTABILITY, FITNESS FOR A PARTICULAR
++ PURPOSE AND NONINFRINGEMENT. IN NO EVENT
++ SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
++ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
++ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++ CONNECTION WITH THE SOFTWARE OR THE USE OR
++ OTHER DEALINGS IN THE SOFTWARE.
++
++License: GPL-2
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU Library General Public License as published by
++ the Free Software Foundation.
++ .
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU Library General Public License for more details.
++ .
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>
++ .
++ On Debian systems, the complete text of the GNU General
++ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
++
++License: GPL-2+
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 2 dated June, 1991, or (at
++ your option) any later version.
++ .
++ On Debian systems, the complete text of version 2 of the GNU General
++ Public License can be found in '/usr/share/common-licenses/GPL-2'.
++
++License: GPL-3
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation; version 3 dated June, 2007.
++ .
++ On Debian systems, the complete text of version 3 of the GNU General
++ Public License can be found in '/usr/share/common-licenses/GPL-3'.
++
++License: Apache-2.0
++ Debian systems provide the Apache 2.0 license in
++ /usr/share/common-licenses/Apache-2.0
++
++License: MIT
++ Permission is hereby granted, free of charge, to any person obtaining a copy
++ of this software and associated documentation files (the "Software"), to deal
++ in the Software without restriction, including without limitation the rights
++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++ copies of the Software, and to permit persons to whom the Software is
++ furnished to do so, subject to the following conditions:
++ .
++ The above copyright notice and this permission notice shall be included in all
++ copies or substantial portions of the Software.
++ .
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++ SOFTWARE.
++
++License: Unlicense
++ This is free and unencumbered software released into the public domain.
++ .
++ Anyone is free to copy, modify, publish, use, compile, sell, or
++ distribute this software, either in source code form or as a compiled
++ binary, for any purpose, commercial or non-commercial, and by any
++ means.
++ .
++ In jurisdictions that recognize copyright laws, the author or authors
++ of this software dedicate any and all copyright interest in the
++ software to the public domain. We make this dedication for the benefit
++ of the public at large and to the detriment of our heirs and
++ successors. We intend this dedication to be an overt act of
++ relinquishment in perpetuity of all present and future rights to this
++ software under copyright law.
++ .
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
++ IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
++ OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
++ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
++ OTHER DEALINGS IN THE SOFTWARE.
++
++License: BSD-2-clause
++ Redistribution and use in source and binary forms, with or without
++ modification, are permitted provided that the following conditions are
++ met:
++ .
++ 1. Redistributions of source code must retain the above copyright
++ notice, this list of conditions and the following disclaimer.
++ 2. Redistributions in binary form must reproduce the above copyright
++ notice, this list of conditions and the following disclaimer in the
++ documentation and/or other materials provided with the distribution.
++ .
++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
++ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
++ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- /dev/null
--- /dev/null
++debian/NEWS
++
--- /dev/null
--- /dev/null
++From 6f7636cfc6dffb387afe21f4f3bff119f8d8e033 Mon Sep 17 00:00:00 2001
++From: Eric Leblond <eric@regit.org>
++Date: Thu, 31 Oct 2019 13:29:56 +0100
++Subject: [PATCH] ebpf: avoid to include if_tunnel.h
++
++This is causing a dependency issue as file from another architecture
++have to be installed.
++---
++ ebpf/xdp_lb.c | 7 ++++++-
++ 1 file changed, 6 insertions(+), 1 deletion(-)
++
++--- a/ebpf/xdp_lb.c
+++++ b/ebpf/xdp_lb.c
++@@ -26,7 +26,6 @@
++ /* Workaround to avoid the need of 32bit headers */
++ #define _LINUX_IF_H
++ #define IFNAMSIZ 16
++-#include <linux/if_tunnel.h>
++ #include <linux/ip.h>
++ #include <linux/ipv6.h>
++ #include <linux/tcp.h>
++@@ -36,6 +35,12 @@
++
++ #include "hash_func01.h"
++
+++#define GRE_CSUM __cpu_to_be16(0x8000)
+++#define GRE_ROUTING __cpu_to_be16(0x4000)
+++#define GRE_KEY __cpu_to_be16(0x2000)
+++#define GRE_SEQ __cpu_to_be16(0x1000)
+++#define GRE_VERSION __cpu_to_be16(0x0007)
+++
++ #define LINUX_VERSION_CODE 263682
++
++ /* Hashing initval */
--- /dev/null
--- /dev/null
++From: Hilko Bengen <bengen@debian.org>
++Date: Tue, 22 Jan 2019 18:10:47 +0100
++Subject: configure: Introduce CLANG variable
++
++---
++ configure.ac | 9 +++++++++
++ 1 file changed, 9 insertions(+)
++
++--- a/configure.ac
+++++ b/configure.ac
++@@ -38,6 +38,15 @@
++
++ AC_SUBST([CLANG])
++
+++ AC_ARG_WITH([clang],
+++ [CLANG compiler],
+++ [CLANG="$withval"],
+++ [AS_IF([test "$compiler" = clang],
+++ [CLANG="$CC"],
+++ [AC_PATH_PROG([CLANG],[clang])])])
+++
+++ AC_SUBST([CLANG])
+++
++ case "$compiler" in
++ clang)
++ CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument"
--- /dev/null
--- /dev/null
++Description: Configure landlock LSM security sandbox, but disabled by default
++Author: Andreas Dolp <dev@andreas-dolp.de>
++Forwarded: not-needed
++Last-Update: 2025-09-21
++--- a/suricata.yaml.in
+++++ b/suricata.yaml.in
++@@ -1312,8 +1312,8 @@
++ landlock:
++ enabled: no
++ directories:
++- #write:
++- # - @e_rundir@
+++ write:
+++ - @e_libdir@
++ # /usr and /etc folders are added to read list to allow
++ # file magic to be used.
++ read:
++--- a/configure.ac
+++++ b/configure.ac
++@@ -2518,6 +2518,7 @@
++ EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules")
++ EXPAND_VARIABLE(localstatedir, e_sghcachedir, "/lib/suricata/cache/sgh")
++ EXPAND_VARIABLE(localstatedir, e_datadir, "/lib/suricata/data")
+++ EXPAND_VARIABLE(localstatedir, e_libdir, "/lib/suricata")
++ EXPAND_VARIABLE(localstatedir, e_defaultruledir, "/lib/suricata/rules")
++
++ e_abs_srcdir=$(cd $srcdir && pwd)
++@@ -2534,6 +2535,7 @@
++ AC_DEFINE_UNQUOTED([SGH_CACHE_DIR],["$e_sghcachedir"],[Directory path for signature group head cache])
++ AC_SUBST(e_datadir)
++ AC_DEFINE_UNQUOTED([DATA_DIR],["$e_datadir"],[Our DATA_DIR])
+++AC_SUBST(e_libdir)
++ AC_SUBST(e_magic_file)
++ AC_SUBST(e_magic_file_comment)
++ AC_SUBST(e_enable_evelog)
--- /dev/null
--- /dev/null
++--- a/configure.ac
+++++ b/configure.ac
++@@ -79,8 +79,8 @@
++ AC_PATH_PROG(HAVE_CYGPATH, cygpath, "no")
++ AM_CONDITIONAL([HAVE_CYGPATH], [test "x$HAVE_CYGPATH" != "xno"])
++
++- AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no")
++- if test "$HAVE_PKG_CONFIG" = "no"; then
+++ PKG_PROG_PKG_CONFIG
+++ if test "x$PKG_CONFIG" = "x"; then
++ echo
++ echo " ERROR! pkg-config not found, go get it "
++ echo " http://pkg-config.freedesktop.org/wiki/ "
--- /dev/null
--- /dev/null
++Description: disable tests that can fail depending on CPU number
++ Some tests expect a minimum number of CPUs in the system and will
++ always fail when there are less. We disable these for now; upstream is
++ aware and will address this later.
++Author: Sascha Steinbiss <satta@debian.org>
++Bug: https://redmine.openinfosecfoundation.org/issues/7831
++Last-Update: 2025-09-26
++--- a/src/util-affinity.c
+++++ b/src/util-affinity.c
++@@ -1994,16 +1994,16 @@
++ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__)
++ UtRegisterTest("ThreadingAffinityTest01", ThreadingAffinityTest01);
++ UtRegisterTest("ThreadingAffinityTest02", ThreadingAffinityTest02);
++- UtRegisterTest("ThreadingAffinityTest03", ThreadingAffinityTest03);
+++ /* UtRegisterTest("ThreadingAffinityTest03", ThreadingAffinityTest03); */
++ UtRegisterTest("ThreadingAffinityTest04", ThreadingAffinityTest04);
++ UtRegisterTest("ThreadingAffinityTest05", ThreadingAffinityTest05);
++- UtRegisterTest("ThreadingAffinityTest06", ThreadingAffinityTest06);
+++ /* UtRegisterTest("ThreadingAffinityTest06", ThreadingAffinityTest06); */
++ UtRegisterTest("ThreadingAffinityTest07", ThreadingAffinityTest07);
++ UtRegisterTest("ThreadingAffinityTest08", ThreadingAffinityTest08);
++ UtRegisterTest("ThreadingAffinityTest09", ThreadingAffinityTest09);
++ UtRegisterTest("ThreadingAffinityTest10", ThreadingAffinityTest10);
++- UtRegisterTest("ThreadingAffinityTest11", ThreadingAffinityTest11);
++- UtRegisterTest("ThreadingAffinityTest12", ThreadingAffinityTest12);
+++ /* UtRegisterTest("ThreadingAffinityTest11", ThreadingAffinityTest11);
+++ UtRegisterTest("ThreadingAffinityTest12", ThreadingAffinityTest12); */
++ UtRegisterTest("ThreadingAffinityTest13", ThreadingAffinityTest13);
++ UtRegisterTest("ThreadingAffinityTest14", ThreadingAffinityTest14);
++ UtRegisterTest("ThreadingAffinityTest15", ThreadingAffinityTest15);
--- /dev/null
--- /dev/null
++Description: Enable and configure Suricata unix command socket
++From: Arturo Borrero Gonzalez <arturo@debian.org>
++Author: Andreas Dolp <dev@andreas-dolp.de>
++Forwarded: not-needed
++Last-Update: 2025-08-22
++--- a/suricata.yaml.in
+++++ b/suricata.yaml.in
++@@ -1396,8 +1396,8 @@
++ # activated in live capture mode. You can use the filename variable to set
++ # the file name of the socket.
++ unix-command:
++- enabled: auto
++- #filename: custom.socket
+++ enabled: yes
+++ filename: @e_localstatedir@/suricata-command.socket
++
++ # Magic file. The extension .mgc is added to the value here.
++ #magic-file: /usr/share/file/magic
--- /dev/null
--- /dev/null
++Description: do not clean vendor directory on distclean
++ dh_auto_clean calls make distclean, which in the case of Suricata also
++ removes the vendor directory. This breaks repeated builds.
++Author: Sascha Steinbiss <satta@debian.org>
++Last-Update: 2025-07-11
++--- a/rust/Makefile.am
+++++ b/rust/Makefile.am
++@@ -103,7 +103,7 @@
++ rm -rf target gen
++
++ distclean-local:
++- rm -rf vendor dist
+++ rm -rf dist
++
++ check-bindgen-bindings:
++ if HAVE_BINDGEN
--- /dev/null
--- /dev/null
++From: Eric Leblond <eric@regit.org>
++Date: Wed, 17 Jul 2019 12:35:12 +0200
++Subject: [PATCH] af-packet: fix build on recent Linux kernels
++--- a/src/source-af-packet.c
+++++ b/src/source-af-packet.c
++@@ -71,6 +71,10 @@
++ #include <linux/sockios.h>
++ #endif
++
+++#if HAVE_LINUX_SOCKIOS_H
+++#include <linux/sockios.h>
+++#endif
+++
++ #ifdef HAVE_PACKET_EBPF
++ #define PCAP_DONT_INCLUDE_PCAP_BPF_H 1
++ #include <bpf/libbpf.h>
--- /dev/null
--- /dev/null
++--- a/configure.ac
+++++ b/configure.ac
++@@ -496,11 +496,12 @@
++ [
++ AS_IF([test "$CLANG" != no],
++ [
++- llc_candidates=$($CLANG --version | sed -e 's/.*clang version/clang version/' | \
++- awk '/^clang version/ {
++- split($3, v, ".");
++- printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]])
++- }')
+++ #llc_candidates=$($CLANG --version | sed -e 's/.*clang version/clang version/' | \
+++ # awk '/^clang version/ {
+++ # split($3, v, ".");
+++ # printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]])
+++ # }')
+++ llc_candidates=llc
++ AC_CHECK_PROGS([LLC], [$llc_candidates], "no")
++ if test "$LLC" = "no"; then
++ AC_MSG_ERROR([unable to find any of $llc_candidates needed to build ebpf files])
--- /dev/null
--- /dev/null
++Description: Don't use __USE_GNU
++ __USE_GNU is a glibc-internal symbol.
++ AC_USE_SYSTEM_EXTENSIONS is the proper autoconf
++ way to enable extensions.
++Author: Adrian Bunk <bunk@debian.org>
++
++--- a/configure.ac
+++++ b/configure.ac
++@@ -6,6 +6,7 @@
++ AM_INIT_AUTOMAKE([tar-ustar subdir-objects])
++
++ AC_LANG([C])
+++ AC_USE_SYSTEM_EXTENSIONS
++ LT_INIT
++ PKG_PROG_PKG_CONFIG
++
++--- a/src/suricata-common.h
+++++ b/src/suricata-common.h
++@@ -35,12 +35,6 @@
++ #define DBG_PERF
++ #endif
++
++-#ifndef _GNU_SOURCE
++-#define _GNU_SOURCE
++-#endif
++-
++-#define __USE_GNU
++-
++ #if defined(__clang_analyzer__)
++ /* clang analyzer acts as DEBUG_VALIDATION in some places, so
++ * force this so #ifdef DEBUG_VALIDATION code gets included */
--- /dev/null
--- /dev/null
++From: Arturo Borrero Gonzalez <arturo@debian.org>
++Subject: Patch to make the suricata build reproducible
++ This patch makes some changes to the suricata build to make it reproducible
++ .
++ Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds
++ the build path.
++Forwarded: not-needed
++Last-Update: 2025-07-11
++
++--- a/configure.ac
+++++ b/configure.ac
++@@ -2643,7 +2643,8 @@
++ echo
++ echo "$SURICATA_BUILD_CONF"
++ echo "printf(" >src/build-info.h
++-echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' >>src/build-info.h
+++echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' \
+++ | sed 's/-fdebug-prefix-map=.*=. //' >>src/build-info.h
++ echo ");" >>src/build-info.h
++
++ echo "
--- /dev/null
--- /dev/null
++reproducible.patch
++enable-unix-command-socket.patch
++configure-landlock.patch
++cross.patch
++no-use-gnu.patch
++fix-repeated-builds.patch
++configure-clang-variable.patch
++with-ebpf-includes.patch
++import-sockio-h.patch
++avoid-to-include-if_tunnel-h.patch
++llc.patch
++disable-cpu-dependent-tests.patch
--- /dev/null
--- /dev/null
++From: Hilko Bengen <bengen@debian.org>
++Date: Tue, 23 Jul 2019 14:43:21 +0200
++Subject: Add --with-ebpf-includes parameter
++
++---
++ configure.ac | 4 ++++
++ ebpf/Makefile.am | 3 +--
++ 2 files changed, 5 insertions(+), 2 deletions(-)
++
++--- a/configure.ac
+++++ b/configure.ac
++@@ -508,7 +508,11 @@
++ AC_SUBST(LLC)
++ ],
++ [AC_MSG_ERROR([clang needed to build ebpf files])])
++- AC_MSG_CHECKING([libbpf has bpf/bpf_helpers.h])
+++ AC_ARG_WITH(ebpf_includes,
+++ [ --with-ebpf-includes=DIR include directory for building eBPF programs],
+++ [AC_SUBST([ebpf_includes],["$withval"])],
+++ [AC_SUBST([ebpf_includes],["/usr/include/${build_alias}"])])
+++ AC_MSG_CHECKING([libbpf has bpf/bpf_helpers.h])
++ AC_COMPILE_IFELSE(
++ [AC_LANG_PROGRAM(
++ [
++--- a/ebpf/Makefile.am
+++++ b/ebpf/Makefile.am
++@@ -4,7 +4,7 @@
++ if BUILD_EBPF
++
++ # Maintaining a local copy of UAPI linux/bpf.h
++-BPF_CFLAGS = -Iinclude
+++BPF_CFLAGS = -Iinclude -I$(ebpf_includes)
++
++ BPF_TARGETS = lb.bpf
++ BPF_TARGETS += filter.bpf
++@@ -19,7 +19,6 @@
++ $(BPF_TARGETS): %.bpf: %.c
++ # From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm)
++ ${CLANG} -Wall $(BPF_CFLAGS) -O2 -g \
++- -I/usr/include/$(build_cpu)-$(build_os)/ \
++ -D__KERNEL__ -D__ASM_SYSREG_H \
++ -target bpf -S -emit-llvm $< -o ${@:.bpf=.ll}
++ # From LLVM-IR to BPF-bytecode in ELF-obj file
--- /dev/null
--- /dev/null
++#!/usr/bin/make -f
++
++# verbose mode
++export DH_VERBOSE=1
++
++SURICATA_DESTDIR = $(CURDIR)/debian/tmp
++export DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow
++export CARGO_HOME = $(CURDIR)/debian/cargohome
++
++include /usr/share/dpkg/architecture.mk
++
++# workaround for linking issue on some archs
++export DEB_LDFLAGS_MAINT_APPEND = -Wl,--allow-multiple-definition
++EXTRA_ATOMIC_ARCHS = armel mipsel powerpc
++ifneq (,$(findstring $(DEB_HOST_ARCH),$(EXTRA_ATOMIC_ARCHS)))
++ DEB_LDFLAGS_MAINT_APPEND += -Wl,--no-as-needed -Wl,-latomic -Wl,--as-needed
++ export DEB_LDFLAGS_MAINT_APPEND
++endif
++
++EBPF_ARCHS = amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32
++DPDK_ARCHS = amd64x arm64x riscv64x ppc64elx
++HWLOC_ARCHS = amd64x arm64x armhfx i386x ppc64elx riscv64x s390xx
++
++ifneq (,$(findstring $(DEB_HOST_ARCH)x,$(DPDK_ARCHS)))
++ ENABLE_DPDK="--enable-dpdk"
++endif
++
++ifneq (,$(findstring $(DEB_HOST_ARCH)x,$(HWLOC_ARCHS)))
++ ENABLE_HWLOC="--enable-hwloc"
++endif
++
++CI ?= $(shell $(CURDIR)/debian/building-in-ci.sh)
++ifeq ($(CI),true)
++ ENABLE_UNITTESTS="--enable-unittests"
++endif
++
++ifneq (,$(findstring $(DEB_HOST_ARCH),$(EBPF_ARCHS)))
++ ENABLE_EBPF=--enable-ebpf --enable-ebpf-build \
++ --with-ebpf-includes=/usr/include/$(DEB_HOST_MULTIARCH)
++endif
++
++CONFIGURE_ARGS = --enable-af-packet --enable-nfqueue --enable-nflog \
++ --enable-gccprotect --disable-gccmarch-native \
++ --with-libevent-includes=/usr/include --with-libevent-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \
++ --with-libhs-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \
++ --disable-coccinelle \
++ --enable-geoip --enable-hiredis \
++ --disable-suricata-update \
++ $(ENABLE_UNITTESTS) \
++ $(ENABLE_EBPF) \
++ $(ENABLE_DPDK) \
++ $(ENABLE_HWLOC)
++
++override_dh_auto_configure:
++ dh_auto_configure -- $(CONFIGURE_ARGS)
++
++override_dh_auto_build:
++ uname -a
++ mkdir -p $(CARGO_HOME)
++ @echo "blhc: ignore-line-regexp: .*Compiling.*"
++ dh_auto_build
++
++override_dh_auto_clean:
++ rm -rf $(CARGO_HOME)
++ rm -f debian/suricata.substvars
++
++override_dh_auto_install:
++ dh_auto_install --destdir=$(SURICATA_DESTDIR)
++ rm -rf $(SURICATA_DESTDIR)/usr/lib/python*;\
++ (cd python && make prefix=$(SURICATA_DESTDIR)/usr)
++ # clean upstream install documentation
++ rm -rf $(SURICATA_DESTDIR)/usr/share/doc/suricata/*
++ $(foreach file, $(wildcard ebpf/*bpf), \
++ install -D -t $(SURICATA_DESTDIR)/usr/lib/suricata/ebpf $(file) ;\
++ )
++
++override_dh_installman:
++ dh_installman
++ find debian/ -name "*.1" -exec sed -i '/^\.TH/a .if n .ftr C R' {} +
++
++override_dh_auto_test:
++ # do nothing
++
++override_dh_missing:
++ dh_missing --list-missing
++
++override_dh_gencontrol:
++ dh_gencontrol
++
++%:
++ dh $@ --with python3
--- /dev/null
--- /dev/null
++---
++# https://wiki.debian.org/SalsaCI
++include:
++ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
++...
--- /dev/null
--- /dev/null
++3.0 (quilt)
--- /dev/null
--- /dev/null
++Suricata for Debian
++-------------------
++
++The engine is an Open Source Next Generation Intrusion Detection and
++Prevention Tool, not intended to just replace or emulate the existing tools in
++the industry, but to bring new ideas and technologies to the field.
++
++To run the engine with default configuration on interface eth0 (in live mode),
++run the following command (as root):
++
++ suricata -c /etc/suricata/suricata.yaml -i eth0
++
++To run in live NFQUEUE mode, use (as root):
++
++ suricata -c /etc/suricata/suricata.yaml -q $QUEUE_ID
++
++You can also run suricata on a PCAP file:
++
++ suricata -c /etc/suricata/suricata.yaml -r file.pcap
++
++
++Landlock LSM security sandbox
++-----------------------------
++
++Suricata supports landlock LSM security sandboxing to further improve security.
++Suricata can advise the Linux kernel to restrict access of its own processes to
++only the folders used by Suricata, so that in case of a possible security flaw
++the impact can be limited.
++
++Landlock requires Linux kernels >= 5.13 and needs to be activated in the
++kernel, which should be default since Debian Bookworm. This can be tested:
++
++ dmesg | grep landlock || journalctl -kb -g landlock
++
++The suricata.yaml of this package comes with preconfigured settings, but
++landlock disabled by default, because kernel support can't be guaranteed in
++container deployments. If supported, simply activate it by this setting in
++suricata.yaml:
++
++ 'landlock.enabled: yes'
++
++Please note that some Suricata default directories like 'default-rule-path',
++'default-log-dir' and the state-dir '@e_localstatedir@' does not need to be
++named explicitly in the directories section, since they are added
++automatically by Suricata itself.
++
++See the upstream documentation for further details:
++https://docs.suricata.io/en/latest/configuration/landlock.html#using-landlock-lsm
++
++
++Daemon system integration
++-------------------------
++
++The suricata daemon comes preconfigured to run as a system daemon with systemd,
++in af-packet mode and using /etc/suricata/suricata.yaml as configuration.
++Please ensure you configure the correct interface in the af-packet section of
++/etc/suricata/suricata.yaml.
++
++You can start/stop the daemon with:
++
++ sudo systemctl start suricata.service
++
++and
++
++ sudo systemctl stop suricata.service
++
++You can copy /lib/systemd/system/suricata.service to
++/etc/systemd/system/suricata.service and adapt the configuration to your needs.
++
++Alternatively, you can override the command line (ExecStart) in the packaged
++systemd unit file using systemd’s drop-in feature [1].
++For example, to start the service in nfqueue mode with queue, create a file
++/etc/systemd/system/suricata.service.d/override.conf with the following content:
++
++ [Service]
++ ExecStart=
++ ExecStart=/usr/bin/suricata -D -q 0 -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid
++
++This overrides the default af-packet start by first clearing the previous
++ExecStart directive and then sets a new one, which you can now tailor as you
++wish. Then run
++
++ sudo systemctl daemon-reload
++
++and then
++
++ sudo systemctl restart suricata.service
++
++[1] https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#id-1.14.3
++
++
++Updating Rules
++--------------
++
++You should edit /etc/suricata/suricata.yaml and adjust it to fit your needs.
++The recommended way to update rules is via suricata-update (also packaged in
++Debian).
++Please consult its documentation for more details:
++https://suricata-update.readthedocs.io
--- /dev/null
--- /dev/null
++remove-on-upgrade /etc/init.d/suricata
++remove-on-upgrade /etc/default/suricata
--- /dev/null
--- /dev/null
++etc/suricata
++var/log/suricata
--- /dev/null
--- /dev/null
++etc/classification.config /etc/suricata
++etc/reference.config /etc/suricata
++rules/*.rules /etc/suricata/rules
++suricata.yaml /etc/suricata
++threshold.config /etc/suricata
++usr/bin
++usr/lib
--- /dev/null
--- /dev/null
++# these are eBPF files
++suricata: binary-from-other-architecture [usr/lib/suricata/ebpf/*.bpf]
++suricata: unstripped-binary-or-object [usr/lib/suricata/ebpf/*.bpf]
--- /dev/null
--- /dev/null
++/var/log/suricata/*.log
++/var/log/suricata/*.json
++{
++ rotate 14
++ missingok
++ compress
++ copytruncate
++ sharedscripts
++ postrotate
++ /usr/bin/kill -HUP $(cat /var/run/suricata/suricata.pid)
++ endscript
++}
--- /dev/null
--- /dev/null
++doc/userguide/*.1
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++RUNDIR=/var/run/suricata
++
++if [ "$1" = configure ]; then
++ if [ ! -d "$RUNDIR" ]; then
++ mkdir $RUNDIR
++ fi
++fi
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -e
++
++# we do not need alternatives anymore
++if update-alternatives --quiet --query suricata 2> /dev/null; then
++ echo "Removing legacy alternatives for Hyperscan/non-Hyperscan versions"
++ update-alternatives --remove-all suricata
++fi
++
++# Do some cleanup when upgrading to 8.x from lower major version to ensure
++# a smooth upgrade:
++# * Remove suricata.pid and suricata-command.socket at the old location
++if dpkg --compare-versions "$2" lt "1:8" >/dev/null; then
++ for i in /run/suricata.pid /var/run/suricata-command.socket; do
++ if [ -e "$i" ]; then
++ rm $i
++ fi
++ done
++fi
++
++#DEBHELPER#
++
++exit 0
--- /dev/null
--- /dev/null
++[Unit]
++Description=Suricata IDS/IDP daemon
++After=network.target network-online.target
++Requires=network-online.target
++Documentation=man:suricata(8) man:suricatasc(8)
++Documentation=https://suricata.io/documentation/
++
++[Service]
++Type=notify
++#Environment=LD_PRELOAD=/usr/lib/libtcmalloc_minimal.so.4
++PIDFile=/var/run/suricata/suricata.pid
++ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata/suricata.pid
++ExecReload=/usr/bin/suricatasc -c reload-rules ; /usr/bin/kill -HUP $MAINPID
++ExecStop=/usr/bin/suricatasc -c shutdown
++Restart=on-failure
++ProtectSystem=full
++ProtectHome=true
++
++[Install]
++WantedBy=multi-user.target
--- /dev/null
--- /dev/null
++d /run/suricata 0755 root root
--- /dev/null
--- /dev/null
++Test-Command: suricata --build-info
++Depends: @
++
++Test-Command: suricatasc -c "version"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: suricatasc -c "command-list"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: suricatasc -c "capture-mode"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: sleep 10 && suricatasc -c "dump-counters"
++Depends: @
++Restrictions: needs-root, isolation-container
++
++Test-Command: suricatasc -c "uptime"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: suricatasc -c "reload-rules"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: suricatasc -c "iface-list"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: suricatasc -c "shutdown"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Test-Command: sleep 10 && suricatasc -c "running-mode"
++Depends: @
++Restrictions: needs-root, isolation-container, flaky
++
++Tests: systemd-service-test.sh
++Depends: @, systemd, procps
++Restrictions: needs-root, isolation-container, allow-stderr
++
++Test-Command: src/suricata -u
++Depends: @, @builddeps@, procps, geoip-database
++Restrictions: needs-root, isolation-container, build-needed, allow-stderr
--- /dev/null
--- /dev/null
++#!/bin/sh
++
++set -ex
++
++SERVICE="suricata.service"
++ETC_SERVICE_FILE="/etc/systemd/system/${SERVICE}"
++LIB_SERVICE_FILE="/lib/systemd/system/${SERVICE}"
++CONFIG_FILE="/etc/suricata/suricata.yaml"
++IFACE=$(ip route show | awk '/default/ {print $5}')
++
++if [ ! -r "$LIB_SERVICE_FILE" ] ; then
++ : ERROR unable to read $LIB_SERVICE_FILE
++ exit 1
++fi
++if [ ! -w "$CONFIG_FILE" ] ; then
++ : ERROR unable to write to $CONFIG_FILE
++ exit 1
++fi
++
++systemctl_action()
++{
++ if ! systemctl $1 $SERVICE ; then
++ journalctl -u $SERVICE
++ return 1
++ fi
++ return 0
++}
++
++echo "
++%YAML 1.1
++---
++default-rule-path: /etc/suricata/rules
++rule-files:
++ - tor.rules
++ - http-events.rules
++ - smtp-events.rules
++ - dns-events.rules
++ - tls-events.rules
++classification-file: /etc/suricata/classification.config
++reference-config-file: /etc/suricata/reference.config
++default-log-dir: /var/log/suricata/
++af-packet:
++ - interface: $IFACE
++ cluster-id: 99
++ cluster-type: cluster_flow
++ defrag: yes
++ - interface: default
++ tpacket-v3: yes
++ block-size: 131072
++app-layer:
++ protocols:
++ ssh:
++ enabled: yes
++host-mode: auto
++unix-command:
++ enabled: yes
++ filename: /var/run/suricata-command.socket
++detect:
++ profile: medium
++ custom-values:
++ toclient-groups: 3
++ toserver-groups: 25
++ sgh-mpm-context: auto
++ inspection-recursion-limit: 3000
++ grouping:
++ profiling:
++ grouping:
++ dump-to-disk: false
++ include-rules: false
++ include-mpm-stats: false
++mpm-algo: auto
++spm-algo: auto
++" > $CONFIG_FILE
++
++#
++# before start, package installation may start the daemon
++#
++if systemctl -q is-active $SERVICE ; then
++ : WARNING initial service running, stopping now
++ if ! systemctl_action stop ; then
++ : ERROR cant stop initial service
++ exit 1
++ fi
++fi
++
++#
++# First run of the daemon and basic checks
++#
++if ! systemctl_action start ; then
++ : ERROR cant start the service
++ exit 1
++fi
++sleep 10 # wait for service startup
++systemctl status $SERVICE
++
++#
++# Restart the daemon
++#
++if ! systemctl_action restart ; then
++ : ERROR unable to restart the service
++ exit 1
++fi
++
++sleep 10 # wait for serive startup
++if ! systemctl -q is-active $SERVICE ; then
++ journalctl -u $SERVICE
++ : ERROR service not active after restart
++ exit 1
++fi
++
++#
++# Reload the daemon
++#
++
++: WARNING: Not testing daemon reload: it timeouts in ci.debian.net
++
++#if ! systemctl_action reload ; then
++# : ERROR unable to reload the service
++# exit 1
++#fi
++
++#sleep 10 # wait for service reload
++#if ! systemctl -q is-active $SERVICE ; then
++# journalctl -u $SERVICE
++# : ERROR service not active after reload
++# exit 1
++#fi
++
++: INFO all tests OK
++exit 0
--- /dev/null
--- /dev/null
++Bug-Database: https://redmine.openinfosecfoundation.org/
++Bug-Submit: https://redmine.openinfosecfoundation.org/projects/suricata/issues/new
++Repository: https://github.com/OISF/suricata.git
++Repository-Browse: https://github.com/OISF/suricata
--- /dev/null
--- /dev/null
++-----BEGIN PGP PUBLIC KEY BLOCK-----
++
++mQINBF8tFVkBEADEEXYv9T6kntaOafPMsBXJPFflcpM4VdXCnEmkY2zcQzfZ+fUB
++kyc6Lh1W07EPd4zGri4Hu9V8nfH5z+23oMmvVrUgbwU62u7ioUhMEpEtLbaLCWL9
++6HSlA4XWwjJhALXKFNMWtWT5BiHHty4jXvLl/KlbYtNrV+BuWDZsSiCRto134His
++Uozb82Yp76qhxdFXdUkXa7PYXJ40EYg9du4Z2l8qP3VWjDHDDrXtoChIgnTmkXkF
++0AdNx9jd9OSugQbJMqi7IV2wvA4xErKMujL+7ytxdMsV0WS39dPOn1mPclYLlnq6
++XDaXcVcHpXOQfC0qniKAHA9ngdKPPG5aJ7DqnZx+G4HBOAf0qnqCT2HBzvJovDuF
++7LdITO+nUiuThlh26oIoRqOfFgIAKDO+F/fRFIJYFt7q5OEwiL9HmlR7UrjLyHb8
++TqWhxocZHvP0ex6qTFMlUOZFaLVD/OC0lMFZDtHNfWIyWLmRIP4CGYia7RDyEEvn
++rHqK7NCF93K5UNUuBZmWNZ5r7/wKccLSYz7wAgkeWaKBAX7bQLspTZUYOOd8Kf5+
++uYlkLd1ju1wHqR7MrVb8/l6Q7cEIpLj+1ou6HeEsKyH1oZ8BQVzkVWIHmz7gaumV
++RKiycSnGqi8UnlFRUbZTW5ChLb7BL+ncBI3MuvrXvB6Ps7RlDPBD4D5AJQARAQAB
++tFBPcGVuIEluZm9ybWF0aW9uIFNlY3VyaXR5IEZvdW5kYXRpb24gKE9JU0YpIDxy
++ZWxlYXNlc0BvcGVuaW5mb3NlY2ZvdW5kYXRpb24ub3JnPokCVAQTAQoAPgIbAwUL
++CQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLNv2vJgfhDo/6ieXiupyYzN8ek6BQJo
++xDMhBQkS/R9IAAoJECupyYzN8ek6tagQALuY0LFbGgEqMV9wt2IQ/+Z6zOSNj2xG
++2Ei/YEoG7Vo8Vk+tVc9WPPhUy3nfHi6B2ictVHdNRgq43RrrfHvWhWQ2n7UEJiF2
++FC7jZBTicTKKI0YuLVqWtdcytiaQkE4R6eSi8+ZRNJ3ejdFqBHdIkQUEFyfujt/F
++UwqwpjWNGXcdzz/MzuAC6CorUrzcCqEWrqIG9/RzDMJsvFmBpxsQ1OXVb4N/BK5T
++54dYZWpiGgZ3ZvURHHvCNXhuUBPm9OXnpskI4q4Ne+ShcJ/1r7VAaaApv3/m3eVp
++Lvg0pAW88QAj5s125bZC2DFUli8hYK7v50lnV4Gsv8nCZ8xlG3/MlV6aORtgmsTf
++9sJ4ru071t9/1Tr9zgDbJomf351PIO/FYNlPfjHIgFggY8d8Lk16wSdLWWusm60R
++b4BaYyiJ6ZdDDM1VZqeQqL0l3femc51Tan63ekuDyza6vMl5rOgOWAiFjaUG4CfO
++kJSorH/XpLtA8wFTYOipmQvXlOUIq6xI5cPRuW2vAtUcUtvkdnyoAGzBtu12qDYH
++sN/hE9I+rkf5HRyCuLbGbTQ3Fp2QwXbdky7jJOSchaK8RwR3oiLAz9Baf5CyrFSo
++csdcHQ1l1zw2tL76PxpKRzlVbRV3pcuLfZzI+Kk+oIWJU9XDkMppy7ciTF1FhB6E
++Js4b1Vo0n7UNuQINBF8tFVkBEADCAk7fTNtLlFDOAmXNxW+5ILRBehswEaZvAN5J
++rhc9bz4dMSWQajprEAl8HFRctEUkYHyi7cwcUPrelhwjnxOH3LuVeLLtm9i3wTCX
++NUvHeOWr4DBLYnwiYZ6t7U+Isd/IQRTo9l1vBEwdMOAs7FfqSmoGvJspd42dOi4r
++ph6JNss4FE5GTrb4oTx0ZrAIh7mT17e16TZywrZWKFZnl+G/YqmSolGtOrkhzm18
++l3mTa/v4hq4u+ZS8Qd9ng62sl8Ls5Krx3JCBdxn849WRJ6myS7R+hvQeLR9YH/YL
++ioUVzxHXmF2xlENYsbEsVAEsHUb2G5Ot+uQcUpC2u9uzw05L+zhCbd4ffW5eTsGv
++d51LvBMV1b0VUjWEmTgzqFNI5ElBnpjZ3W2eiAAWrLnGACO5Lxzf5VeWYaTDJo8O
++GBYSoHovjYrFI8ZQq7J1skM/YBXROTb4zSc8rL1w81VFLvFu6lOzIA15s5iLRko7
++LSKKom04Q8BNZ1nUydlxvo/5fu4VGYtWMliWUOIePIMT1EgBqYDfQyZ/h4gSMc7j
++jgb2JDfq/7WueoVTy8CNuOzewRYQOU/5P34o341Q0WO2tFNrohUqG9oDHf3Fj8eg
++VwWuRv+eDUmgbpisqVoj2hH1PM45Hcp62RHJasMWUmPIlCNKfvd8+fj3+zjaAN8r
++4Fv0YwARAQABiQI8BBgBCgAmAhsMFiEEs2/a8mB+EOj/qJ5eK6nJjM3x6ToFAmjE
++M/QFCRL9IBsACgkQK6nJjM3x6TqxrA/+Kcn/wLxiKTH01+vwNfCOB8VIbGJnpiBr
++OIo/JjwkMlQXNs5PFppT7yuce9hG9JcWQF2Fm2E1BSmoc+XVxgvefpO/ZRX1TBaO
++cvrXSkqxhsexG2T1o/cSGQTAqZICsjiBGgNJtMEPPVVTsTDnbGtoAowicCDSryCx
++8QNevCScNmpWkEqb3/qf18kEYNeSN+qfttc4TCSsE4VfHbaUXJoIcn9yMQljAUbK
++v+52CkFgSbnRGlQdQOBhWPYXUcRY5Bld8sqIdDofqje7oppPe3gJNq9vpkAj6LeY
++JSzpZzATRd+r0gYm0NfAPZ9y4JKUQhXOMKKzyYRaIu2NZTeRiz4YZpQljskO/4LU
++25NJ7tk8tErkyftuK3k0FIO+LMqE4EU6oXgTg3pkJN2FITrmsXvJxHOQe5Y8EWR7
++mX9/o2KfxFGUug/vLV3n4YfYh5rTa7Q8kGmlPKqikyr367P9MUPN3NZV7CHz1FwR
++IFyqiqiROLroEh2vRjspOOrzwhB1NZiPLFEUjFAtFDlSmfz3q6r8JQg4FanyTwVw
++BPNm7arTE8fNd3umEqWrpDDWsjLcpUqGPdV2Ga3yjxIxIqEHlZx9A07BoJgEZqjE
++PdPm3cusm2siM7g/bwRnCO8uAtXdi1csV8Mk5aaEBBUBjf3EXXFReNNFsJXp2bzP
++eRwNYzBKibo=
++=uviD
++-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
--- /dev/null
++# watch control file for uscan
++# run the "uscan" command to check for upstream updates and more.
++# See uscan(1) for format
++
++version=4
++opts=pgpsigurlmangle=s/$/.sig/ https://download.openinfosecfoundation.org/download/ suricata-([\d\.]*)\.tar\.gz
projects / suricata.git / commitdiff