From: Sascha Steinbiss Date: Tue, 29 Nov 2022 10:19:06 +0000 (+0000) Subject: suricata (1:6.0.9-1) unstable; urgency=medium X-Git-Tag: archive/raspbian/1%6.0.9-1+rpi1^2~13 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9a6a8b46d0dae1437e2798f32db91eb78be2ae28;p=suricata.git suricata (1:6.0.9-1) unstable; urgency=medium * New upstream release. * Use manpages built from source instead of outdated bundled ones. [dgit import unpatched suricata 1:6.0.9-1] --- 9a6a8b46d0dae1437e2798f32db91eb78be2ae28 diff --cc debian/building-in-ci.sh index 00000000,00000000..ccf552d0 new file mode 100755 --- /dev/null +++ b/debian/building-in-ci.sh @@@ -1,0 -1,0 +1,28 @@@ ++#!/bin/bash ++ ++# this script prints 'true' if any ancestor process name is any of $REGEXPS ++ ++REGEXPS="debci autopkgtest adt" ++ ++set -e ++ ++walk() ++{ ++ pid=$1 ++ ++ [ ! -r /proc/$pid/cmdline ] && exit 1 ++ ++ name=$(ps -p $pid -o cmd | tail -1) ++ for exp in $REGEXPS ++ do ++ if grep -e $exp <<< $name >/dev/null ; then ++ echo true ++ exit ++ fi ++ done ++ ++ ppid=$(ps -o ppid= $pid | tr -d ' ') ++ walk $ppid ++} ++ ++walk $$ diff --cc debian/changelog index 00000000,00000000..e90a5700 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,1003 @@@ ++suricata (1:6.0.9-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Use manpages built from source instead of outdated bundled ones. ++ ++ -- Sascha Steinbiss Tue, 29 Nov 2022 11:19:06 +0100 ++ ++suricata (1:6.0.8-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Raise libhtp minimum dependency version to 0.5.41. ++ * Remove obsolete patch since Python scripts are installed differently ++ via upstream now. ++ * Add upstream metadata. ++ ++ -- Sascha Steinbiss Tue, 27 Sep 2022 23:24:59 +0200 ++ ++suricata (1:6.0.6-2) unstable; urgency=medium ++ ++ * Add patch to not use deprecated libbpf API. This prepares Suricata to be ++ ready for libbpf 1.0 when it hits unstable. ++ Closes: #1018914 ++ * Raise libbpf dependency version requirement to 0.7. ++ * Refresh other patches. ++ ++ -- Sascha Steinbiss Wed, 21 Sep 2022 18:39:53 +0200 ++ ++suricata (1:6.0.6-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Drop patch applied upstream: bigendian-cidr.patch ++ ++ -- Sascha Steinbiss Tue, 12 Jul 2022 16:57:16 +0200 ++ ++suricata (1:6.0.5-3) unstable; urgency=medium ++ ++ * Add patch to handle undefined LEVEL1_DCACHE_LINESIZE. ++ ++ -- Sascha Steinbiss Wed, 01 Jun 2022 11:33:06 +0200 ++ ++suricata (1:6.0.5-2) unstable; urgency=medium ++ ++ * Introduce patch to fix segfaulting autopkgtests on s390x. ++ ++ -- Sascha Steinbiss Thu, 28 Apr 2022 08:51:06 +0200 ++ ++suricata (1:6.0.5-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Raise libhtp minimum dependency version to 0.5.40. ++ ++ -- Sascha Steinbiss Thu, 21 Apr 2022 19:53:32 +0200 ++ ++suricata (1:6.0.4-3) unstable; urgency=medium ++ ++ * Remove suricata-oinkmaster binary package. ++ ++ -- Sascha Steinbiss Tue, 14 Dec 2021 15:24:47 +0100 ++ ++suricata (1:6.0.4-2) unstable; urgency=medium ++ ++ * Raise libhtp minimum dependency version to 0.5.39. ++ ++ -- Sascha Steinbiss Thu, 18 Nov 2021 22:57:47 +0100 ++ ++suricata (1:6.0.4-1) unstable; urgency=medium ++ ++ * New upstream release. ++ ++ -- Sascha Steinbiss Thu, 18 Nov 2021 22:00:08 +0100 ++ ++suricata (1:6.0.3-2) unstable; urgency=medium ++ ++ * Use 'command -v' instead of 'which' in suricata-oinkmaster cron file. ++ This avoids a runtime deprecation warning on recent versions, and fixes ++ piuparts cron job tests. ++ ++ -- Sascha Steinbiss Mon, 30 Aug 2021 20:56:18 +0200 ++ ++suricata (1:6.0.3-1) unstable; urgency=medium ++ ++ * Upload to unstable post-release. ++ * Remove patch applied upstream. ++ ++ -- Sascha Steinbiss Wed, 18 Aug 2021 16:33:31 +0200 ++ ++suricata (1:6.0.3-1~exp2) experimental; urgency=medium ++ ++ * Also use libatomic workaround on powerpc. ++ ++ -- Sascha Steinbiss Thu, 01 Jul 2021 19:44:53 +0200 ++ ++suricata (1:6.0.3-1~exp1) experimental; urgency=medium ++ ++ * New upstream release. ++ * Bump Standards-Version. ++ * Add Rules-Requires-Root: no. ++ * Raise libhtp minimum version B-D to 0.5.38. ++ ++ -- Sascha Steinbiss Wed, 30 Jun 2021 23:51:24 +0200 ++ ++suricata (1:6.0.2-1~exp1) experimental; urgency=medium ++ ++ * Fix conditional variable use in d/rules. ++ * New upstream release. ++ * Use libhtp 0.5.37. ++ ++ -- Sascha Steinbiss Fri, 11 Dec 2020 09:45:02 +0100 ++ ++suricata (1:6.0.1-3) unstable; urgency=medium ++ ++ * Address CVE-2021-35063 by backporting upstream fix. ++ Closes: #990835 ++ ++ -- Sascha Steinbiss Mon, 19 Jul 2021 13:26:22 +0200 ++ ++suricata (1:6.0.1-2) unstable; urgency=medium ++ ++ * Also specify explicit separate '-latomic' reference on mipsel. ++ This addresses a remaining FTBFS there. ++ ++ -- Sascha Steinbiss Fri, 11 Dec 2020 09:35:57 +0100 ++ ++suricata (1:6.0.1-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Disable Prelude support. ++ This is broken upstream, see https://redmine.openinfosecfoundation.org/issues/4065 ++ * Bump libhtp dependency to 0.5.36. ++ * Disable suricata-update, as it is a separate package in Debian. ++ * Add patches to fix builds with new Autoconf scripts. ++ * Use debhelper 13. ++ * Include upstream's man pages. ++ * Add workaround for missing '-latomic' symbols on armel. ++ ++ -- Sascha Steinbiss Thu, 08 Oct 2020 22:23:17 +0200 ++ ++suricata (1:5.0.3-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Use /run instead of /var/run for pidfiles. Thanks to Michael Berg for the ++ patch. ++ Closes: #954435 ++ * Bump libhtp dependency to 0.5.33. ++ * Remove nonexistent Files entries in d/copyright. ++ * Use correct DEB_LDFLAGS_MAINT_APPEND in d/rules.. ++ ++ -- Sascha Steinbiss Wed, 29 Apr 2020 09:34:49 +0200 ++ ++suricata (1:5.0.2-3) unstable; urgency=medium ++ ++ * Source upload to enable testing migration. ++ * Bump Standards-Version. ++ ++ -- Sascha Steinbiss Sat, 22 Feb 2020 12:47:50 +0100 ++ ++suricata (1:5.0.2-2) unstable; urgency=medium ++ ++ * Add --allow-multiple-definition linker flag to work around FTBFS on armel. ++ Closes: #951765 ++ ++ -- Sascha Steinbiss Sat, 22 Feb 2020 12:23:52 +0100 ++ ++suricata (1:5.0.2-1) unstable; urgency=medium ++ ++ * New upstream release. ++ Closes: #951654 ++ * Add patch from upstream to build without needing if_tunnel.h. ++ This avoids a potentially foreign arch build-dep for eBPF builds. ++ Thanks to Eric Leblond. ++ * Drop patches applied upstream. ++ * Use debhelper-compat. ++ * Mark autopkgtests requiring a control socket as potentially flaky. ++ We cannot always predict the timing on all archs and do not want to ++ use them for CI gating. ++ Closes: #951721 ++ * Bring d/copyright up to date with current code base. ++ ++ -- Sascha Steinbiss Thu, 20 Feb 2020 14:55:23 +0100 ++ ++suricata (1:4.1.5-2) unstable; urgency=medium ++ ++ * Add versioned Depends on at least libhtp version used for building. ++ ++ -- Sascha Steinbiss Wed, 09 Oct 2019 13:13:40 +0200 ++ ++suricata (1:4.1.5-1) unstable; urgency=medium ++ ++ * New upstream release. ++ ++ -- Sascha Steinbiss Wed, 25 Sep 2019 10:24:50 +0200 ++ ++suricata (1:4.1.4-7) unstable; urgency=medium ++ ++ * Prevent file clash with other packages writing into the Python3 ++ module root directory (suricata/__init__.py). ++ * Add patch to make suricatactl Python3-compatible. ++ ++ -- Sascha Steinbiss Wed, 18 Sep 2019 20:55:51 +0200 ++ ++suricata (1:4.1.4-6) unstable; urgency=medium ++ ++ * Make Python components use Python3. ++ Closes: #938603 ++ ++ -- Sascha Steinbiss Sat, 07 Sep 2019 17:47:44 +0200 ++ ++suricata (1:4.1.4-5) unstable; urgency=medium ++ ++ * Add patch to fix FTBFS on recent kernels. Thanks to Aurelien Jarno for ++ pointing this out. ++ Closes: #934316 ++ ++ -- Sascha Steinbiss Mon, 12 Aug 2019 12:48:29 +0200 ++ ++suricata (1:4.1.4-4) unstable; urgency=medium ++ ++ [ Hilko Bengen ] ++ * Patch: add --with-ebpf-includes, point to proper include directory for ++ kernel headers, fixing FTBFS on i386 ++ ++ [ Sascha Steinbiss ] ++ * Only build eBPF programs on archs with available dependencies. ++ ++ -- Sascha Steinbiss Wed, 24 Jul 2019 10:34:25 +0200 ++ ++suricata (1:4.1.4-3) unstable; urgency=medium ++ ++ * Fix cross building by including patch that addresses abuse of ++ AC_CHECK_FILE. Thanks to Helmut Grohne for the patch. ++ Closes: #923174 ++ * Enable building with eBPF support. ++ Thanks to Hilko Bengen for the patch. ++ Closes: #917816 ++ * Create temporary CARGO_HOME to allow building with new cargo ++ versions when $HOME is nonexistent. ++ * Make autopkgtest more robust when external resources are unavailable. ++ Closes: #932463 ++ * Bump debhelper and compat to 12. ++ * Add Pre-Depends by Lintian's suggestion. ++ ++ -- Sascha Steinbiss Tue, 09 Jul 2019 16:47:49 +0200 ++ ++suricata (1:4.1.4-2) unstable; urgency=medium ++ ++ * Do not install suricata-update, recommend external pkg instead. ++ Closes: #924096 ++ ++ -- Sascha Steinbiss Thu, 02 May 2019 17:15:48 +0200 ++ ++suricata (1:4.1.4-1) unstable; urgency=medium ++ ++ * New upstream version 4.1.4 ++ - Bugs and security fixes ++ * Refreshed quilt patches ++ ++ -- Pierre Chifflier Wed, 01 May 2019 11:44:13 +0200 ++ ++suricata (1:4.1.3-1) unstable; urgency=medium ++ ++ * New upstream version 4.1.3 ++ * Refreshed quilt patches ++ ++ -- Pierre Chifflier Fri, 08 Mar 2019 10:24:43 +0100 ++ ++suricata (1:4.1.2-2) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Sascha Steinbiss Wed, 09 Jan 2019 12:53:47 +0100 ++ ++suricata (1:4.1.2-1) experimental; urgency=medium ++ ++ * New upstream release. ++ * Add myself to uploaders. ++ * Do not remove Rust vendor directory on distclean (Closes: #915154) ++ ++ -- Sascha Steinbiss Sun, 23 Dec 2018 10:48:27 +0000 ++ ++suricata (1:4.1.0-2) experimental; urgency=medium ++ ++ * Disable Rust on armel for now (FTBFS) ++ * Add liblz4-dev to build-deps to enable pcap compression ++ * Update build-dependency on python:any to fix FTCBFS (Closes: #909606) ++ ++ -- Pierre Chifflier Mon, 26 Nov 2018 11:07:08 +0100 ++ ++suricata (1:4.1.0-1) experimental; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * libhtp: bump soname to libhtp-0.5.24-1 ++ ++ [ Pierre Chifflier ] ++ * New upstream version 1:4.1.0 ++ * Refreshed quilt patches ++ * Update python code directory ++ * Enable rust support (i386 and amd64 only for now) ++ * Also enable Rust on ARM architectures ++ ++ -- Pierre Chifflier Thu, 15 Nov 2018 13:29:23 -0800 ++ ++suricata (1:4.0.6-1) unstable; urgency=medium ++ ++ * New upstream version 1:4.0.6 ++ ++ -- Pierre Chifflier Mon, 12 Nov 2018 09:19:39 +0100 ++ ++suricata (1:4.0.5-1) unstable; urgency=medium ++ ++ [ Sascha Steinbiss ] ++ * Add patches to help with cross-compiling. Thanks to Helmut Grohne ++ for the patch. ++ Closes: #895996 ++ * Add patches to fix building on ia64. ++ Thanks to Jason Duerstock and Adrian Bunk for the patches. ++ Closes: #890432 ++ * Fix spelling in debian/patches/reproducible.patch. ++ * Remove obsolete X-Python-Version hint. ++ * Use updated watchfile source URL with https support. ++ * Remove obsolete --parallel dh parameter. ++ * Use canonical Salsa Vcs-Git URL. ++ ++ [ Pierre Chifflier ] ++ * New upstream version 1:4.0.5 ++ ++ -- Pierre Chifflier Wed, 18 Jul 2018 17:14:02 +0200 ++ ++suricata (1:4.0.4-1) unstable; urgency=medium ++ ++ * [3f18cd8] d/control: refresh git URLs ++ * [17da106] New upstream version 4.0.4 (Closes: #889842) fixes CVE-2018-6794 ++ * [00fcf17] d/compat: bump debhelper compat level to 11 ++ * [45dc0db] d/control: bump std-version to 4.1.3 ++ ++ -- Arturo Borrero Gonzalez Wed, 14 Feb 2018 11:33:33 +0100 ++ ++suricata (1:4.0.3-1) unstable; urgency=medium ++ ++ [ Sascha Steinbiss ] ++ * [aece4d6] New upstream version 4.0.3 ++ * [c23b64f] refresh patches ++ ++ [ Arturo Borrero Gonzalez ] ++ * [7f077ca] d/control: bump std-version to 4.1.2 ++ ++ -- Arturo Borrero Gonzalez Wed, 13 Dec 2017 11:42:18 +0100 ++ ++suricata (1:4.0.1-2) unstable; urgency=medium ++ ++ * [d9998f8] suricata-oinkmaster.conf: update ETOPEN ruleset for suricata 4.0.0 ++ (Closes: #882442) ++ * [0beae03] suricata-oinkmaster-updater.8: fix typos ++ * [6e7ae75] d/: get rid of dh --with autotools-dev ++ ++ -- Arturo Borrero Gonzalez Thu, 23 Nov 2017 13:41:09 +0100 ++ ++suricata (1:4.0.1-1) unstable; urgency=medium ++ ++ * [72d28e5] d/control: upgrade std-version to 4.1.0 ++ * [ea1e317] d/control: upgrade std-version to 4.1.1 ++ * [14fea39] d/: switch to debhelper compat 10 ++ * [a4715b8] New upstream version 4.0.1 ++ ++ -- Arturo Borrero Gonzalez Sat, 21 Oct 2017 12:09:27 +0200 ++ ++suricata (1:4.0.0-5) unstable; urgency=medium ++ ++ * [392c5b2] d/t/control: allow-stderr for the internal unittest test ++ ++ -- Arturo Borrero Gonzalez Wed, 20 Sep 2017 20:27:12 +0200 ++ ++suricata (1:4.0.0-4) unstable; urgency=medium ++ ++ * [93ee9030] d/control: enable libluajit-5.1-dev build-dep on mipsel ++ (Closes: #873832) ++ * [9527fe94] d/t/control: run suricata -u from the source tree ++ ++ -- Arturo Borrero Gonzalez Fri, 08 Sep 2017 06:06:47 +0200 ++ ++suricata (1:4.0.0-3) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * [aa53ce82] suricata-oinkmaster-updater.8: fix typo ++ * [2d171d5a] suricata-oinkmaster-updater.8: clarify paragraph ++ * [90c76777] d/rules: disable dh_auto_test ++ * [5b311761] suricata: switch to use dbgsym package ++ * [9b12c48d] d/control: bump std-versions to 4.0.1 ++ ++ [ Sascha Steinbiss ] ++ * [c353985a] enable libevent support (Closes: #872908) ++ * [49ff3181] enable luajit on mipsel (Closes: #858545) ++ ++ [ Arturo Borrero Gonzalez ] ++ * [50ab7eae] suricata.service: update online docs link ++ * [5098fd7b] d/control: add dh-python to build-deps ++ * [f070d160] d/watch: implement signature verification ++ ++ -- Arturo Borrero Gonzalez Tue, 29 Aug 2017 23:22:48 +0200 ++ ++suricata (1:4.0.0-2) unstable; urgency=medium ++ ++ * [449b4202] d/t/control: running suricata unittest requires ++ geoip-database installed ++ * [0bd02487] d/building-in-ci.sh: be more robust ++ * [edd49e4a] d/watch: more robust approach for upstream tarball generation ++ ++ -- Arturo Borrero Gonzalez Tue, 15 Aug 2017 13:45:45 +0200 ++ ++suricata (1:4.0.0-1) unstable; urgency=medium ++ ++ * [636f10f] d/rules: actually use dh-systemd (Closes: #861732) ++ * [c728ed0] d/rules: cleanup comments ++ * [f0d9adb] suricata: switch to src:libhtp instead of the bundled one ++ * [fa5f8be] New upstream version 4.0.0-rc1 ++ * [fac7566] suricata: remove Build-Conflict with libhtp-dev ++ * [1bce782] suricata: explicit build-dep on new src:libhtp ++ * [f3aec1c] d/suricata.preinst: use strict mode (Closes: #866280) ++ * [c831659] suricata: support for internal unittest in autopktest ++ * [557ded7] New upstream version 4.0.0 ++ * [5d41b6c] d/t/control: the internal suricata unittest is a command test ++ * [7f4feaa] d/changelog: add missing entry for 4.0.0-beta1-1~exp1 ++ ++ -- Arturo Borrero Gonzalez Fri, 28 Jul 2017 05:29:48 +0200 ++ ++suricata (4.0.0-beta1-1~exp1) unstable; urgency=medium ++ ++ * [c21347df] New upstream version 4.0.0-beta1 ++ * [5661b3cc] libhtp: bump soname to libhtp-0.5.24-1 ++ ++ -- Arturo Borrero Gonzalez Fri, 09 Jun 2017 20:52:10 +0200 ++ ++suricata (3.2.1-1) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * Rebuild for unstable from 3.2.1-1~exp2 (experimental). ++ ++ [ Sascha Steinbiss ] ++ * [d0c3629] detect valid interface in autopkgtest ++ * [2d3ae00] fix typo in service file ++ ++ -- Arturo Borrero Gonzalez Thu, 16 Mar 2017 09:04:03 +0100 ++ ++suricata (3.2.1-1~exp2) experimental; urgency=medium ++ ++ [ Sascha Steinbiss ] ++ * [ced48e4] suricata: migrate from old split binary scheme (Closes: #855573) ++ ++ -- Arturo Borrero Gonzalez Mon, 20 Feb 2017 13:29:37 +0100 ++ ++suricata (3.2.1-1~exp1) experimental; urgency=medium ++ ++ * [67004c8] New upstream version 3.2.1 ++ * [05b1756] d/control: bump dependency on libhyperscan ++ * [4483d1c] suricata: drop suricata-hyperscan binary package (Closes: #851647) ++ ++ -- Arturo Borrero Gonzalez Wed, 15 Feb 2017 20:54:17 +0100 ++ ++suricata (3.2-2) unstable; urgency=medium ++ ++ * Rebuild for unstable. ++ ++ -- Arturo Borrero Gonzalez Tue, 10 Jan 2017 09:27:59 +0100 ++ ++suricata (3.2-2~exp1) experimental; urgency=medium ++ ++ [ Sascha Steinbiss ] ++ * [8c7704d] suricata: add hyperscan support (Closes: #846143) ++ ++ [ Arturo Borrero Gonzalez ] ++ * [209d2cf] suricata: add remaining hyperscan support ++ ++ [ Sascha Steinbiss ] ++ * [ec9b28a] set +x bit on d/suricata-hyperscan.install ++ ++ -- Arturo Borrero Gonzalez Thu, 22 Dec 2016 09:01:29 +0100 ++ ++suricata (3.2-1) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * [04f5cc3] d/control: update suricata homepage to suricata-ids.org ++ (Closes: #844603) ++ ++ [ Sascha Steinbiss ] ++ * [b1cd09c] d/t/control: add some time to settle in autopkgtest ++ ++ [ Arturo Borrero Gonzalez ] ++ * [dde83f1] New upstream version 3.2 ++ * [c55dda2] d/patches/debian-default-cfg.patch: refresh patch ++ ++ -- Arturo Borrero Gonzalez Thu, 01 Dec 2016 16:22:50 +0100 ++ ++suricata (3.1.3-3) unstable; urgency=medium ++ ++ * [e7a248d] d/tests/control: allow-stderr in the suricata-oinkmaster-updater ++ command ++ * [2caf89b] d/control: make libhtp packages Multi-Arch: same ++ * [825cef4] d/libhtp-0.5.23-1.lintian-overrides: generalize override ++ ++ -- Arturo Borrero Gonzalez Thu, 10 Nov 2016 09:42:29 +0100 ++ ++suricata (3.1.3-2) unstable; urgency=medium ++ ++ * [5c395f9] d/tests/control: rearange suricatasc command tests ++ * [789723b] d/tests/control: fix typo in test command 'suricatas' ++ * [353e030] d/changelog: clean word with typo from the changelog ++ * [b4cf113] d/: add libhtp-0.5.23-1.lintian-overrides ++ ++ -- Arturo Borrero Gonzalez Wed, 09 Nov 2016 13:44:17 +0100 ++ ++suricata (3.1.3-1) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * [165d14e] suricata-oinkmaster: move the update script to /usr/sbin ++ (Closes: #838129) ++ * [2e21734] d/tests/control: add a basic test for suricata-oinkmaster-updater ++ * [be640f3] suricata: split libhtp to separate binary packages ++ * [c41567a] suricata-oinkmaster: add manpage for suricata-oinkmaster-updater ++ * [b5b6483] d/copyright: refresh file ++ * [2be2225] d/control: add references to IPS and firewall ++ * [bd6a9ed] d/: add symbols file for libhtp ++ * [f61be7d] suricata-oinkmaster-updater.8: fix typo ++ * [ead4a84] d/: update email address to 'arturo@debian.org' ++ * [36d9b9d] d/: refresh date of manpages ++ ++ [ Sascha Steinbiss ] ++ * [da1c3c6] d/suricata.logrotate: use 'copytruncate' instead of 'create' ++ ++ [ Arturo Borrero Gonzalez ] ++ * [cd9d5d4] New upstream version 3.1.3 ++ * [f32a582] libhtp: symbols: refresh file ++ * [1e3edb0] libhtp: bump soname ++ * [d46497e] d/control: suricata depends on lsb-base ++ * [08a6195] d/copyright: refresh copyright owner for some libhtp files ++ ++ -- Arturo Borrero Gonzalez Tue, 08 Nov 2016 08:51:58 +0100 ++ ++suricata (3.1.2-2) unstable; urgency=medium ++ ++ * [482c6f6] d/tests/control: allow-stderr for systemd-service-test.sh ++ * [a4eff10] d/tests/control: add tests for suricatasc ++ * [892096c] d/suricata.8: fix typo 'inet' vs 'init' ++ ++ -- Arturo Borrero Gonzalez Thu, 08 Sep 2016 12:46:44 +0200 ++ ++suricata (3.1.2-1) unstable; urgency=medium ++ ++ * [4e0605d] Revert "suricata: drop support for sysvinit" ++ * [f5abe38] d/patches: add reproducible.patch. ++ Thanks to Christoph Berg for the pointers. ++ * [6569809] New upstream version 3.1.2 ++ * [5fea3a6] d/suricata.service: include Restart=on-failure ++ * [d1a973d] d/suricata.service: add ProtectSystem=full and ProtectHome=true ++ * [8e1cddd] d/tests/systemd-service-test.sh: don't test the reload operation by now ++ * [87c00b1] d/suricata.maintscript: factorize renaming of old config file ++ (Closes: #835643) ++ * [55c7a32] d/oinkmaster/suricata-oinkmaster-updater: drop warnings ++ * [7651669] d/oinkmaster/suricata-oinkmaster-updater: cleanup file ++ ++ -- Arturo Borrero Gonzalez Wed, 07 Sep 2016 13:25:13 +0200 ++ ++suricata (3.1.1-4) unstable; urgency=medium ++ ++ * [c9b6efd] d/tests/: add new systemd-service-test.sh test ++ * [848a40f] d/README.Debian: this is not a beta release ++ * [0afb007] d/README.Debian: update file with systemd information ++ * [234ec55] d/suricata.8: update manpage ++ * [ebd6a8a] suricata: drop support for sysvinit ++ * [d8fae07] d/suricata.service: get rid of environment variables ++ * [5fe5359] d/suricata.service: use suricatasc for stop and reload ++ * [2ffd606] d/tests/systemd-service-test.sh: add tests for daemon reload ++ * [5196c36] d/suricata.service: require network-online.target (Closes: ++ #835168) ++ ++ -- Arturo Borrero Gonzalez Thu, 25 Aug 2016 14:14:20 +0200 ++ ++suricata (3.1.1-3) unstable; urgency=medium ++ ++ * [22d26a5] suricata-oinkmaster-updater: prevent bogus if evaluation ++ * [4805c7a] suricata-oinkmaster-updater: dont exit with error if missing ++ requirements (Closes: #834029) ++ ++ -- Arturo Borrero Gonzalez Tue, 16 Aug 2016 13:53:12 +0200 ++ ++suricata (3.1.1-2) unstable; urgency=medium ++ ++ * [833f1c5] d/: add new binary package suricata-oinkmaster ++ * [6155001] d/suricata.service: remove duplicated -D switch in ++ ExecStart= ++ * [6ebbd82] d/patches: add debian-default-cfg.patch [enable unix socket ++ by default] ++ * [2286eb4] d/suricatasc.1: update manpage ++ ++ -- Arturo Borrero Gonzalez Thu, 28 Jul 2016 13:21:30 +0200 ++ ++suricata (3.1.1-1) unstable; urgency=medium ++ ++ * [cafb099] d/suricata: rename suricata main conffile to ++ /etc/suricata/suricata.yaml ++ * [445c957] suricata: add systemd service file ++ * [94b93bf] Imported Upstream version 3.1.1 ++ ++ -- Arturo Borrero Gonzalez Mon, 25 Jul 2016 11:12:03 +0200 ++ ++suricata (3.1-1) unstable; urgency=medium ++ ++ * [d2cce67] d/control: add Vcs-Browser and Vcs-Git information ++ * [8bb2030] Imported Upstream version 3.1 ++ ++ -- Arturo Borrero Gonzalez Tue, 21 Jun 2016 11:00:55 +0200 ++ ++suricata (3.0.1-2) unstable; urgency=medium ++ ++ * [178f3cf] suricata: add libgeoip support ++ * [c8a0a0a] d/control: bump std-version to 3.9.8 ++ * [523203d] d/control: wrap-and-sort ++ * [e5abae9] suricata: add hiredis support ++ * [9ec82b8] d/control: get rid of XS-Testsuite directive ++ ++ -- Arturo Borrero Gonzalez Mon, 23 May 2016 11:39:40 +0200 ++ ++suricata (3.0.1-1) unstable; urgency=medium ++ ++ * Imported Upstream version 3.0.1 ++ * Bump Standards Version to 3.9.7 ++ ++ -- Pierre Chifflier Fri, 08 Apr 2016 10:58:35 +0200 ++ ++suricata (3.0-1) unstable; urgency=medium ++ ++ * Imported Upstream version 3.0 ++ ++ -- Pierre Chifflier Thu, 28 Jan 2016 06:02:41 +0100 ++ ++suricata (2.0.11-1) unstable; urgency=medium ++ ++ * Imported Upstream version 2.0.11 ++ ++ -- Pierre Chifflier Thu, 07 Jan 2016 10:17:16 +0100 ++ ++suricata (2.0.10-2) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * d/copyright: update file to follow Debian Policy 3.9.6.1 ++ * d/control: bump standards to 3.9.6 ++ * suricata: add nflog support (Closes: #775074) ++ * d/: wrap-and-sort ++ * d/control: architecture is linux-any ++ * d/rules: don't include upstream install documentation ++ * d/tests: add first basic test ++ * d/control: add missing Testsuite declaration ++ * suritaca: add package suricata-dbg (Closes: #753438) ++ * suricata sysvinit: fix libtcmalloc-minimal integration (Closes: #725249) ++ * d/suricata.init: cleanup file ++ * suricatasc: add manpage ++ ++ [ Pierre Chifflier ] ++ * Merge unstable-next branch ++ * Fix dependencies and priority for -dbg package ++ * Install manpage for suricatasc ++ ++ -- Pierre Chifflier Tue, 05 Jan 2016 21:02:40 +0100 ++ ++suricata (2.0.10-1) unstable; urgency=medium ++ ++ * Imported Upstream version 2.0.10 ++ ++ -- Pierre Chifflier Thu, 26 Nov 2015 10:35:53 +0100 ++ ++suricata (2.0.9-1) unstable; urgency=medium ++ ++ * Imported Upstream version 2.0.9 ++ * Update watch file ++ ++ -- Pierre Chifflier Fri, 25 Sep 2015 19:19:53 +0200 ++ ++suricata (2.0.8-1) unstable; urgency=high ++ ++ [ Arturo Borrero Gonzalez ] ++ * d/suricata.logrotate: add logrotate configuration (Closes: #767249) ++ * d/patches: patch suricatasc to prevent depends on python-symplejson ++ (Closes: #759475) ++ * Revert "d/patches: patch suricatasc to prevent depends on python-symplejson" ++ ++ [ Pierre Chifflier ] ++ * Imported Upstream version 2.0.8 ++ * Bump Standards Version to 3.9.6 ++ Fixes CVE-2015-0971 (Integer overflow in the DER parser) ++ ++ -- Pierre Chifflier Thu, 07 May 2015 11:03:19 +0200 ++ ++suricata (2.0.7-2) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * d/suricata.init: fix proc nfqueue file checking (Closes: #725301) ++ ++ [ Pierre Chifflier ] ++ * Check for both proc entries for nfqueue (backwards compatibility) and ++ issue warning only ++ ++ -- Pierre Chifflier Sun, 15 Mar 2015 11:17:27 +0100 ++ ++suricata (2.0.7-1) unstable; urgency=medium ++ ++ [ Pierre Chifflier ] ++ * Imported Upstream version 2.0.7 ++ * Fix problems with upstream version import ++ ++ -- Pierre Chifflier Thu, 12 Mar 2015 07:06:49 +0100 ++ ++suricata (2.0.6-3) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * suricata: don't deploy .so links ++ ++ [ Pierre Chifflier ] ++ * Add missing installation files (Closes: #778724) ++ * Fix .so symlinks removal ++ * Update default-rules-path ++ ++ -- Pierre Chifflier Thu, 19 Feb 2015 11:55:05 +0100 ++ ++suricata (2.0.6-2) unstable; urgency=medium ++ ++ [ Arturo Borrero Gonzalez ] ++ * d/patches: drop 10-fix-missing-script-autoreconf.patch (Closes: #778670) ++ * d/rules: prevent not .so libhtp files from entering binary suricata package ++ ++ [ Pierre Chifflier ] ++ * Add conflicts/replaces fields for transition from libhtp (Closes: #778668) ++ ++ -- Pierre Chifflier Wed, 18 Feb 2015 11:19:31 +0100 ++ ++suricata (2.0.6-1) unstable; urgency=medium ++ ++ [ Pierre Chifflier ] ++ * Imported Upstream version 2.0.6 ++ * Add Arturo to uploaders ++ ++ [ Arturo Borrero Gonzalez ] ++ * suricata: use embedded copy of libhtp (Closes: #772551) ++ ++ -- Pierre Chifflier Tue, 17 Feb 2015 11:31:22 +0100 ++ ++suricata (2.0.4-1) unstable; urgency=high ++ ++ * Imported Upstream version 2.0.4 ++ * Security: fix out-of-bounds access in SSH parser (Closes: #762828) ++ * Urgency high, CVE-2014-6603 ++ Stable and Oldstable versions are not affected. ++ ++ -- Pierre Chifflier Fri, 10 Oct 2014 13:19:59 +0200 ++ ++suricata (2.0.3-1) unstable; urgency=medium ++ ++ * Imported Upstream version 2.0.3 ++ ++ -- Pierre Chifflier Wed, 20 Aug 2014 15:06:21 +0200 ++ ++suricata (2.0.2-1) unstable; urgency=medium ++ ++ * Imported Upstream version 2.0.2 ++ ++ -- Pierre Chifflier Sun, 29 Jun 2014 18:27:56 +0200 ++ ++suricata (2.0-1) unstable; urgency=medium ++ ++ * Imported Upstream version 2.0 ++ * Update build, require a recent libhtp, and disable coccinelle tests. ++ * Upload to unstable ++ ++ -- Pierre Chifflier Wed, 02 Apr 2014 20:23:10 +0200 ++ ++suricata (1.4.7-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4.7 ++ * Bump Standards Version to 3.9.5 ++ * Run autoreconf during build to fix some errors caused by different ++ autotools versions ++ ++ -- Pierre Chifflier Sun, 29 Dec 2013 11:29:57 +0100 ++ ++suricata (1.4.6-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4.6 ++ ++ -- Pierre Chifflier Sun, 06 Oct 2013 18:52:34 +0200 ++ ++suricata (1.4.5-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4.5 ++ * Prepare transition for suricata 2.0 by conflicting with libhtp >= 0.5 ++ ++ -- Pierre Chifflier Tue, 20 Aug 2013 16:44:45 +0200 ++ ++suricata (1.4.3-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4.3 ++ ++ -- Pierre Chifflier Thu, 04 Jul 2013 11:50:13 +0200 ++ ++suricata (1.4.2-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4.2 ++ ++ -- Pierre Chifflier Wed, 29 May 2013 16:24:52 +0200 ++ ++suricata (1.4.1-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4.1 ++ * Install python control script (add dependency on python, and use ++ dh_python2 for build) ++ * Bump Standards Version to 3.9.4 ++ * Fix removal of pid file in init script (Closes: #700547) ++ Thanks to Игорь Козинов . ++ * Add support for af-packet mode in init script (Closes: #697928). ++ Thanks to Jamie Strandboge . ++ ++ -- Pierre Chifflier Tue, 21 May 2013 12:42:45 +0200 ++ ++suricata (1.4-3) unstable; urgency=low ++ ++ * Add configure flag for luajit only on supported architectures ++ ++ -- Pierre Chifflier Sat, 22 Dec 2012 16:38:41 +0100 ++ ++suricata (1.4-2) unstable; urgency=low ++ ++ * Fix error in init script, stop trying to manage suricata pid file ++ * Use arch-specific build dependencies for libluajit-5.1-dev, it is not ++ available on all architectures ++ ++ -- Pierre Chifflier Sat, 22 Dec 2012 15:39:57 +0100 ++ ++suricata (1.4-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.4 ++ * Enable Jansson and LuaJIT support, and add libjansson-dev libluajit-5.1-dev ++ to build-deps ++ * Add python to recommends, for the suricatasc script ++ * Create /var/run/suricata directory when starting daemon ++ ++ -- Pierre Chifflier Fri, 14 Dec 2012 00:02:51 +0100 ++ ++suricata (1.3.5-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.3.5 ++ ++ -- Pierre Chifflier Thu, 06 Dec 2012 21:13:56 +0100 ++ ++suricata (1.3.4-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.3.4 ++ ++ -- Pierre Chifflier Sat, 17 Nov 2012 09:56:08 +0100 ++ ++suricata (1.3.3-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.3.3 ++ ++ -- Pierre Chifflier Sat, 03 Nov 2012 09:38:36 +0100 ++ ++suricata (1.3.2-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.3.2 ++ ++ -- Pierre Chifflier Sat, 13 Oct 2012 12:18:33 +0200 ++ ++suricata (1.3-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.3 ++ * Add build-dependency on libnss3-dev and libnspr4-dev ++ * Bump Standards Version to 3.9.3 ++ ++ -- Pierre Chifflier Sun, 22 Jul 2012 22:27:36 +0200 ++ ++suricata (1.2.1-2) unstable; urgency=low ++ ++ * Use override targets in rules files (Closes: #666330) ++ * Add support for parallel build in debian/rules ++ ++ -- Pierre Chifflier Thu, 12 Apr 2012 01:56:48 +0200 ++ ++suricata (1.2.1-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.2.1 ++ * Add libmagic-dev to build-deps ++ * Convert to DH version 9 ++ - Switch from hardening-wrapper to dpkg-buildflags ++ ++ -- Pierre Chifflier Mon, 23 Jan 2012 21:47:26 +0100 ++ ++suricata (1.1.1-2) unstable; urgency=low ++ ++ * Add *.config files to default installation ++ * Trigger rebuild with libhtp versioned symbols ++ ++ -- Pierre Chifflier Thu, 05 Jan 2012 08:20:24 +0100 ++ ++suricata (1.1.1-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.1.1 ++ * Add configure option --enable-af-packet ++ ++ -- Pierre Chifflier Wed, 07 Dec 2011 21:52:53 +0100 ++ ++suricata (1.1-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.1 ++ * Add instructions on getting new rules using oinkmaster ++ * Add Recommends on oinkmaster ++ * Move snort-rules-default to Recommends ++ ++ -- Pierre Chifflier Thu, 17 Nov 2011 23:20:51 +0100 ++ ++suricata (1.0.5-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.0.5 ++ ++ -- Pierre Chifflier Wed, 27 Jul 2011 08:20:25 +0200 ++ ++suricata (1.0.4-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.0.4 ++ * Bump Standards Version to 3.9.2 ++ * Enable hardening-wrapper ++ ++ -- Pierre Chifflier Sat, 25 Jun 2011 13:45:44 +0200 ++ ++suricata (1.0.3-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.0.3 ++ ++ -- Pierre Chifflier Wed, 13 Apr 2011 16:59:32 +0200 ++ ++suricata (1.0.2-2) unstable; urgency=low ++ ++ * Add init script (thanks to Edward Fjellskål) ++ * Switch to dpkg-source 3.0 (quilt) format ++ ++ -- Pierre Chifflier Sun, 19 Dec 2010 18:35:50 +0100 ++ ++suricata (1.0.2-1) unstable; urgency=low ++ ++ * New Upstream version 1.0.2 (Closes: #598389) ++ ++ -- Pierre Chifflier Wed, 29 Sep 2010 10:02:52 +0200 ++ ++suricata (1.0.1-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.0.1 (Closes: #591559) ++ * Bump Standards version to 3.9.1 ++ * Create /var/log/suricata (Closes: #590861) ++ ++ -- Pierre Chifflier Wed, 11 Aug 2010 14:45:14 +0200 ++ ++suricata (1.0.0-1) unstable; urgency=low ++ ++ * Imported Upstream version 1.0.0 ++ * Remove arch=native flag from build (Closes: #587714) ++ * Bump Standards version to 3.9.0 ++ ++ -- Pierre Chifflier Thu, 01 Jul 2010 21:28:41 +0200 ++ ++suricata (0.9.2-1) unstable; urgency=low ++ ++ * Imported Upstream version 0.9.2 ++ ++ -- Pierre Chifflier Sat, 19 Jun 2010 17:39:14 +0200 ++ ++suricata (0.9.1-1) unstable; urgency=low ++ ++ * Imported Upstream version 0.9.1 ++ * Update watch file ++ ++ -- Pierre Chifflier Wed, 26 May 2010 23:09:07 +0200 ++ ++suricata (0.9.0-1) unstable; urgency=low ++ ++ * Imported Upstream version 0.9.0 ++ * Add libcap-ng-dev to build-deps ++ ++ -- Pierre Chifflier Sun, 09 May 2010 10:43:44 +0200 ++ ++suricata (0.8.2-1) unstable; urgency=low ++ ++ * Imported Upstream version 0.8.2 ++ * Force selection of external libhtp during build ++ * Enable Prelude support ++ * Update watch file ++ ++ -- Pierre Chifflier Sun, 02 May 2010 10:50:05 +0200 ++ ++suricata (0.8.0-2) unstable; urgency=low ++ ++ * Update debian/copyright to include all files ++ ++ -- Pierre Chifflier Sun, 21 Feb 2010 21:45:33 +0100 ++ ++suricata (0.8.0-1) unstable; urgency=low ++ ++ * Initial release (Closes: #563422) ++ ++ -- Pierre Chifflier Sat, 30 Jan 2010 18:25:05 +0100 diff --cc debian/control index 00000000,00000000..497ff962 new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,64 @@@ ++Source: suricata ++Section: net ++Priority: optional ++Maintainer: Pierre Chifflier ++Uploaders: Arturo Borrero Gonzalez , ++ Sascha Steinbiss ++Build-Depends: debhelper-compat (= 13), ++ dh-python, ++ libbpf-dev (>= 1:0.7.0) [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32], ++ clang [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32], ++ llvm [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32], ++ libcap-ng-dev, ++ libelf-dev [amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32], ++ libevent-dev, ++ libgeoip-dev, ++ libhiredis-dev, ++ libjansson-dev, ++ libluajit-5.1-dev [i386 amd64 powerpc mips mipsel armel armhf], ++ libhyperscan-dev (>= 4.4.0) [i386 amd64 x32], ++ rustc (>= 1.28.0), ++ cargo (>= 0.29.0), ++ liblz4-dev, ++ libmagic-dev, ++ libmaxminddb-dev, ++ libnet1-dev | libnet-dev, ++ libnetfilter-log-dev, ++ libnetfilter-queue-dev, ++ libnspr4-dev, ++ libnss3-dev, ++ libpcap-dev, ++ libpcre3-dev, ++ libyaml-dev, ++ python3:any, ++ zlib1g-dev | libz-dev, ++ libhtp-dev (>= 1:0.5.41), ++ procps ++Standards-Version: 4.5.1 ++Rules-Requires-Root: no ++Homepage: https://www.suricata-ids.org/ ++Vcs-Browser: https://salsa.debian.org/pkg-suricata-team/pkg-suricata ++Vcs-Git: https://salsa.debian.org/pkg-suricata-team/pkg-suricata.git ++ ++Package: suricata ++Architecture: linux-any ++Pre-Depends: dpkg (>= 1.15.7.2), ${misc:Pre-Depends} ++Depends: ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends}, libhtp2 (>= ${libhtp:Version}~), lsb-base (>= 3.0-6) ++Conflicts: libhtp1 (<< 0.5.16), suricata-hyperscan (<< 3.2) ++Replaces: libhtp1 (<< 0.5.16), suricata-hyperscan (<< 3.2) ++Recommends: python3, snort-rules-default, suricata-update ++Suggests: libtcmalloc-minimal4 ++Description: Next Generation Intrusion Detection and Prevention Tool ++ Suricata is a network Intrusion Detection System (IDS). It is based on ++ rules (and is fully compatible with snort rules) to detect a variety of ++ attacks / probes by searching packet content. ++ . ++ It can also be used as Intrusion Prevention System (IPS), and as higher layer ++ firewall. ++ . ++ This new Engine supports Multi-Threading, Automatic Protocol Detection ++ (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression, Fast ++ IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU ++ cards. ++ . ++ This version has inline (NFQUEUE) support enabled. diff --cc debian/copyright index 00000000,00000000..1f21f25b new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,484 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: suricata ++Source: https://suricata-ids.org/download/ ++Files-Excluded: libhtp ++ ++Files: * ++Copyright: 2007-2020 Open Information Security Foundation ++License: GPL-2 ++ ++Files: aclocal.m4 ++Copyright: 1996-2017 Free Software Foundation, Inc. ++ 2004 Scott James Remnant ++ 2012-2015 Dan Nicholson ++License: GPL-2+ ++ ++Files: compile ++ config.sub ++ configure ++Copyright: 1992-2018 Free Software Foundation, Inc. ++License: GPL-2 ++ ++Files: config.guess ++Copyright: 1992-2018 Free Software Foundation, Inc. ++License: GPL-3 ++ ++Files: contrib/Makefile.am ++Copyright: 2007-2020 Open Information Security Foundation ++License: GPL-2 ++ ++Files: contrib/file_processor/* ++Copyright: 2007-2020 Open Information Security Foundation ++License: GPL-2 ++ ++Files: contrib/file_processor/Action/Makefile.in ++Copyright: 1989, 1991-2015, Free Software Foundation, Inc. ++License: GPL-2 ++ ++Files: contrib/file_processor/Makefile.in ++Copyright: 1989, 1991-2015, Free Software Foundation, Inc. ++License: GPL-2 ++ ++Files: contrib/file_processor/Processor/Makefile.in ++Copyright: 1989, 1991-2015, Free Software Foundation, Inc. ++License: GPL-2 ++ ++Files: contrib/file_processor/file_processor.pl ++Copyright: 2012, Martin Holste ++License: GPL-2 ++ ++Files: contrib/suri-graphite ++Copyright: 2013, 2015, Eric Leblond ++License: GPL-2 ++ ++Files: debian/* ++Copyright: 2010 Pierre Chifflier ++ 2019-2020 Sascha Steinbiss ++License: GPL-2 ++ ++Files: debian/oinkmaster/* ++Copyright: 2016 Arturo Borrero Gonzalez ++License: GPL-2 ++ ++Files: doc/Makefile.in ++ doc/userguide/Makefile.in ++Copyright: 1989, 1991-2015, Free Software Foundation, Inc. ++License: GPL-2 ++ ++Files: install-sh ++Copyright: 1994, X Consortium ++License: Expat ++ ++Files: ebpf/Makefile.in ++ etc/Makefile.in ++ python/Makefile.in ++ qa/Makefile.in ++ qa/coccinelle/Makefile.in ++ rules/Makefile.in ++ rust/Makefile.in ++ src/Makefile.in ++ suricata-update/Makefile* ++Copyright: 1994-2017 Free Software Foundation, Inc. ++License: GPL-2 ++ ++Files: ebpf/include/linux/bpf.h ++Copyright: 2011-2014 PLUMgrid ++License: GPL-2 ++ ++Files: python/suricata/ctl/loghandler.py ++Copyright: 2017 Open Information Security Foundation ++ 2016 Jason Ish ++License: GPL-2 ++ ++Files: qa/coccinelle/sz3.cocci ++Copyright: 2012 LIP6/INRIA ++License: GPL-2 ++ ++Files: qa/wirefuzz.pl ++Copyright: 2010-2015 Open Information Security Foundation ++License: GPL-2 ++ ++Files: rust/gen/* ++Copyright: 2017 Open Information Security Foundation ++License: GPL-2 ++ ++Files: rust/vendor/autocfg*/* ++Copyright: 2018 Josh Stone ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/base64/* ++Copyright: 2015 Alice Maz ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/bitflags/* ++Copyright: 2014 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/build_const/* ++Copyright: 2017 Garrett Berg, vitiral@gmail.com ++License: MIT ++ ++Files: rust/vendor/byteorder/* ++Copyright: 2015 Andrew Gallant ++License: MIT or Unlicense ++ ++Files: rust/vendor/cloudabi/* ++Copyright: 2016-2018 Nuxi (https://nuxi.nl/) and contributors ++License: BSD-2-clause ++ ++Files: rust/vendor/cookie-factory/* ++Copyright: 2017 Geoffroy Couprie ++License: MIT ++ ++Files: rust/vendor/crc/* ++Copyright: 2017 crc-rs Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/der-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/enum_primitive/* ++Copyright: 2015 Anders Kaseorg ++License: MIT ++ ++Files: rust/vendor/fuchsia-cprng/* ++Copyright: 2019 The Fuchsia Authors ++License: BSD-3-clause ++ ++Files: rust/vendor/ipsec-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/kerberos-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/libc/* ++Copyright: 2014 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/memchr/* ++Copyright: 2015 Andrew Gallant ++License: Unlicense or MIT ++ ++Files: rust/vendor/nom/* ++Copyright: 2014-2018 Geoffroy Couprie ++License: MIT ++ ++Files: rust/vendor/ntp-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/num*/* ++Copyright: 2014 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/phf*/* ++Copyright: 2014-2016 Steven Fackler ++License: MIT ++ ++Files: rust/vendor/proc-macro2/* ++Copyright: 2014 Alex Crichton ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/quote/* ++Copyright: 2016 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/rand*/* ++Copyright: 2018 The Rand Project Developers ++ 2014 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/rand_pcg/* ++Copyright: 2014-2017 Melissa O'Neill and PCG Project contributors ++ 2018 Developers of the Rand project ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/rdrand/* ++Copyright: 2014 Simonas Kazlauskas ++License: ISC ++ ++Files: rust/vendor/rusticata-macros/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/siphasher/* ++Copyright: 2012-2016 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/snmp-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/syn/* ++Copyright: David Tolnay ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/time/* ++Copyright: 2014 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/tls-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/unicode-xid/* ++Copyright: 2015 The Rust Project Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/version_check/* ++Copyright: 2017-2018 Sergio Benitez ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/widestring/* ++Copyright: 2016 Kathryn Long ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/winapi*/* ++Copyright: 2015-2018 The winapi-rs Developers ++License: MIT or Apache-2.0 ++ ++Files: rust/vendor/x509-parser/* ++Copyright: 2017 Pierre Chifflier ++License: MIT or Apache-2.0 ++ ++Files: src/Makefile.am ++ src/util-hash-lookup3.c ++ src/util-hash-lookup3.h ++Copyright: 2008 Victor Julien ++License: GPL-2 ++ ++Files: src/app-layer-htp-libhtp.c ++ src/app-layer-htp-libhtp.h ++Copyright: 2010-2013, Qualys, Inc. ++ 2009, 2010, Open Information Security Foundation ++License: BSD-3-clause ++ ++Files: src/app-layer-modbus.c ++ src/app-layer-modbus.h ++ src/detect-engine-modbus.c ++ src/detect-engine-modbus.h ++ src/detect-modbus.c ++ src/detect-modbus.h ++ src/detect-tls.c ++ src/detect-tls.h ++ src/util-decode-der-get.c ++ src/util-decode-der-get.h ++ src/util-decode-der.c ++ src/util-decode-der.h ++Copyright: 2011-2015, ANSSI ++License: BSD-3-clause ++ ++Files: src/queue.h ++ src/win32-syslog.h ++Copyright: 1982, 1986, 1988, 1991, 1993, The Regents of the University of California. ++License: BSD-3-clause ++ ++Files: src/util-decode-mime.c ++ src/util-decode-mime.h ++Copyright: 2012, BAE Systems ++License: GPL-2 ++ ++Files: src/util-fix_checksum.c ++ src/util-fix_checksum.h ++Copyright: 2002-2008, Henning Brauer ++ 2001, Daniel Hartmeier ++License: BSD-2-clause ++Comment: ++ In addition to the BSD license, the authors state the following: ++ Effort sponsored in part by the Defense Advanced Research Projects ++ Agency (DARPA) and Air Force Research Laboratory, Air Force ++ Materiel Command, USAF, under agreement number F30602-01-2-0537 ++ ++Files: src/util-strlcatu.c ++ src/util-strlcpyu.c ++Copyright: 1998, Todd C. Miller ++License: BSD-3-clause ++ ++Files: src/tree.h ++Copyright: 2002 Niels Provos ++License: BSD-2-clause ++ ++Files: suricata-update/* ++Copyright: 2017-2019 Open Information Security Foundation ++ 2013-2017 Jason Ish ++License: GPL-2 ++ ++Files: suricata-update/suricata/update/compat/ordereddict.py ++Copyright: 2009 Raymond Hettinger ++License: MIT ++ ++License: BSD-3-clause ++ The BSD License ++ . ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions are ++ met: ++ . ++ * Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ . ++ * Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ . ++ * Neither the name of foo nor the names of its ++ contributors may be used to endorse or promote products derived from ++ this software without specific prior written permission. ++ . ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS ++ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ++ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR ++ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF ++ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING ++ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS ++ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++License: Expat ++ The MIT License ++ . ++ Permission is hereby granted, free of charge, to any person ++ obtaining a copy of this software and associated ++ documentation files (the "Software"), to deal in the Software ++ without restriction, including without limitation the rights to ++ use, copy, modify, merge, publish, distribute, sublicense, ++ and/or sell copies of the Software, and to permit persons to ++ whom the Software is furnished to do so, subject to the ++ following conditions: ++ . ++ The above copyright notice and this permission notice shall ++ be included in all copies or substantial portions of the ++ Software. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT ++ WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, ++ INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR ++ PURPOSE AND NONINFRINGEMENT. IN NO EVENT ++ SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, ++ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN ++ CONNECTION WITH THE SOFTWARE OR THE USE OR ++ OTHER DEALINGS IN THE SOFTWARE. ++ ++License: GPL-2 ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU Library General Public License as published by ++ the Free Software Foundation. ++ . ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU Library General Public License for more details. ++ . ++ You should have received a copy of the GNU General Public License ++ along with this program. If not, see ++ . ++ On Debian systems, the complete text of the GNU General ++ Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". ++ ++License: GPL-2+ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; version 2 dated June, 1991, or (at ++ your option) any later version. ++ . ++ On Debian systems, the complete text of version 2 of the GNU General ++ Public License can be found in '/usr/share/common-licenses/GPL-2'. ++ ++License: GPL-3 ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; version 3 dated June, 2007. ++ . ++ On Debian systems, the complete text of version 3 of the GNU General ++ Public License can be found in '/usr/share/common-licenses/GPL-3'. ++ ++License: Apache-2.0 ++ Debian systems provide the Apache 2.0 license in ++ /usr/share/common-licenses/Apache-2.0 ++ ++License: MIT ++ Permission is hereby granted, free of charge, to any person obtaining a copy ++ of this software and associated documentation files (the "Software"), to deal ++ in the Software without restriction, including without limitation the rights ++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ copies of the Software, and to permit persons to whom the Software is ++ furnished to do so, subject to the following conditions: ++ . ++ The above copyright notice and this permission notice shall be included in all ++ copies or substantial portions of the Software. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++ ++License: Unlicense ++ This is free and unencumbered software released into the public domain. ++ . ++ Anyone is free to copy, modify, publish, use, compile, sell, or ++ distribute this software, either in source code form or as a compiled ++ binary, for any purpose, commercial or non-commercial, and by any ++ means. ++ . ++ In jurisdictions that recognize copyright laws, the author or authors ++ of this software dedicate any and all copyright interest in the ++ software to the public domain. We make this dedication for the benefit ++ of the public at large and to the detriment of our heirs and ++ successors. We intend this dedication to be an overt act of ++ relinquishment in perpetuity of all present and future rights to this ++ software under copyright law. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. ++ IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR ++ OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ++ ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR ++ OTHER DEALINGS IN THE SOFTWARE. ++ ++License: BSD-2-clause ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions are ++ met: ++ . ++ 1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ . ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS ++ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ++ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++License: ISC ++ Permission to use, copy, modify, and/or distribute this software for any purpose with or without ++ fee is hereby granted, provided that the above copyright notice and this permission notice appear ++ in all copies. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS ++ SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE ++ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, ++ NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF ++ THIS SOFTWARE. diff --cc debian/libhtp-0.5.24-1.install index 00000000,00000000..3ddde584 new file mode 100644 --- /dev/null +++ b/debian/libhtp-0.5.24-1.install @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/*/lib*.so.* diff --cc debian/libhtp-0.5.24-1.lintian-overrides index 00000000,00000000..a5b3b880 new file mode 100644 --- /dev/null +++ b/debian/libhtp-0.5.24-1.lintian-overrides @@@ -1,0 -1,0 +1,2 @@@ ++# false positive, the link is there. Somehow lintian is confused ++libhtp-0.5.24-1: dev-pkg-without-shlib-symlink diff --cc debian/libhtp-0.5.24-1.symbols index 00000000,00000000..d724f5fd new file mode 100644 --- /dev/null +++ b/debian/libhtp-0.5.24-1.symbols @@@ -1,0 -1,0 +1,347 @@@ ++libhtp-0.5.24.so.1 libhtp-0.5.24-1 #MINVER# ++ bstr_add@Base 3.1.3 ++ bstr_add_c@Base 3.1.3 ++ bstr_add_c_noex@Base 3.1.3 ++ bstr_add_mem@Base 3.1.3 ++ bstr_add_mem_noex@Base 3.1.3 ++ bstr_add_noex@Base 3.1.3 ++ bstr_adjust_len@Base 3.1.3 ++ bstr_adjust_realptr@Base 3.1.3 ++ bstr_adjust_size@Base 3.1.3 ++ bstr_alloc@Base 3.1.3 ++ bstr_begins_with@Base 3.1.3 ++ bstr_begins_with_c@Base 3.1.3 ++ bstr_begins_with_c_nocase@Base 3.1.3 ++ bstr_begins_with_mem@Base 3.1.3 ++ bstr_begins_with_mem_nocase@Base 3.1.3 ++ bstr_begins_with_nocase@Base 3.1.3 ++ bstr_builder_append_c@Base 3.1.3 ++ bstr_builder_append_mem@Base 3.1.3 ++ bstr_builder_appendn@Base 3.1.3 ++ bstr_builder_clear@Base 3.1.3 ++ bstr_builder_create@Base 3.1.3 ++ bstr_builder_destroy@Base 3.1.3 ++ bstr_builder_size@Base 3.1.3 ++ bstr_builder_to_str@Base 3.1.3 ++ bstr_char_at@Base 3.1.3 ++ bstr_char_at_end@Base 3.1.3 ++ bstr_chop@Base 3.1.3 ++ bstr_chr@Base 3.1.3 ++ bstr_cmp@Base 3.1.3 ++ bstr_cmp_c@Base 3.1.3 ++ bstr_cmp_c_nocase@Base 3.1.3 ++ bstr_cmp_mem@Base 3.1.3 ++ bstr_cmp_mem_nocase@Base 3.1.3 ++ bstr_cmp_nocase@Base 3.1.3 ++ bstr_dup@Base 3.1.3 ++ bstr_dup_c@Base 3.1.3 ++ bstr_dup_ex@Base 3.1.3 ++ bstr_dup_lower@Base 3.1.3 ++ bstr_dup_mem@Base 3.1.3 ++ bstr_expand@Base 3.1.3 ++ bstr_free@Base 3.1.3 ++ bstr_index_of@Base 3.1.3 ++ bstr_index_of_c@Base 3.1.3 ++ bstr_index_of_c_nocase@Base 3.1.3 ++ bstr_index_of_mem@Base 3.1.3 ++ bstr_index_of_mem_nocase@Base 3.1.3 ++ bstr_index_of_nocase@Base 3.1.3 ++ bstr_rchr@Base 3.1.3 ++ bstr_to_lowercase@Base 3.1.3 ++ bstr_util_cmp_mem@Base 3.1.3 ++ bstr_util_cmp_mem_nocase@Base 3.1.3 ++ bstr_util_mem_index_of_c@Base 3.1.3 ++ bstr_util_mem_index_of_c_nocase@Base 3.1.3 ++ bstr_util_mem_index_of_mem@Base 3.1.3 ++ bstr_util_mem_index_of_mem_nocase@Base 3.1.3 ++ bstr_util_mem_to_pint@Base 3.1.3 ++ bstr_util_mem_trim@Base 3.1.3 ++ bstr_util_memdup_to_c@Base 3.1.3 ++ bstr_util_strdup_to_c@Base 3.1.3 ++ bstr_wrap_c@Base 3.1.3 ++ bstr_wrap_mem@Base 3.1.3 ++ fprint_bstr@Base 3.1.3 ++ fprint_raw_data@Base 3.1.3 ++ fprint_raw_data_ex@Base 3.1.3 ++ htp_base64_decode@Base 3.1.3 ++ htp_base64_decode_bstr@Base 3.1.3 ++ htp_base64_decode_mem@Base 3.1.3 ++ htp_base64_decode_single@Base 3.1.3 ++ htp_base64_decoder_init@Base 3.1.3 ++ htp_ch_multipart_callback_request_body_data@Base 3.1.3 ++ htp_ch_multipart_callback_request_headers@Base 3.1.3 ++ htp_ch_urlencoded_callback_request_body_data@Base 3.1.3 ++ htp_ch_urlencoded_callback_request_headers@Base 3.1.3 ++ htp_ch_urlencoded_callback_request_line@Base 3.1.3 ++ htp_chomp@Base 3.1.3 ++ htp_config_copy@Base 3.1.3 ++ htp_config_create@Base 3.1.3 ++ htp_config_destroy@Base 3.1.3 ++ htp_config_get_user_data@Base 3.1.3 ++ htp_config_register_log@Base 3.1.3 ++ htp_config_register_multipart_parser@Base 3.1.3 ++ htp_config_register_request_body_data@Base 3.1.3 ++ htp_config_register_request_complete@Base 3.1.3 ++ htp_config_register_request_file_data@Base 3.1.3 ++ htp_config_register_request_header_data@Base 3.1.3 ++ htp_config_register_request_headers@Base 3.1.3 ++ htp_config_register_request_line@Base 3.1.3 ++ htp_config_register_request_start@Base 3.1.3 ++ htp_config_register_request_trailer@Base 3.1.3 ++ htp_config_register_request_trailer_data@Base 3.1.3 ++ htp_config_register_request_uri_normalize@Base 3.1.3 ++ htp_config_register_response_body_data@Base 3.1.3 ++ htp_config_register_response_complete@Base 3.1.3 ++ htp_config_register_response_header_data@Base 3.1.3 ++ htp_config_register_response_headers@Base 3.1.3 ++ htp_config_register_response_line@Base 3.1.3 ++ htp_config_register_response_start@Base 3.1.3 ++ htp_config_register_response_trailer@Base 3.1.3 ++ htp_config_register_response_trailer_data@Base 3.1.3 ++ htp_config_register_transaction_complete@Base 3.1.3 ++ htp_config_register_urlencoded_parser@Base 3.1.3 ++ htp_config_set_backslash_convert_slashes@Base 3.1.3 ++ htp_config_set_bestfit_map@Base 3.1.3 ++ htp_config_set_bestfit_replacement_byte@Base 3.1.3 ++ htp_config_set_control_chars_unwanted@Base 3.1.3 ++ htp_config_set_convert_lowercase@Base 3.1.3 ++ htp_config_set_extract_request_files@Base 3.1.3 ++ htp_config_set_field_limits@Base 3.1.3 ++ htp_config_set_log_level@Base 3.1.3 ++ htp_config_set_nul_encoded_terminates@Base 3.1.3 ++ htp_config_set_nul_encoded_unwanted@Base 3.1.3 ++ htp_config_set_nul_raw_terminates@Base 3.1.3 ++ htp_config_set_nul_raw_unwanted@Base 3.1.3 ++ htp_config_set_parse_request_auth@Base 3.1.3 ++ htp_config_set_parse_request_cookies@Base 3.1.3 ++ htp_config_set_path_separators_compress@Base 3.1.3 ++ htp_config_set_path_separators_decode@Base 3.1.3 ++ htp_config_set_path_separators_encoded_unwanted@Base 3.1.3 ++ htp_config_set_plusspace_decode@Base 3.1.3 ++ htp_config_set_requestline_leading_whitespace_unwanted@Base 3.1.3 ++ htp_config_set_response_decompression@Base 3.1.3 ++ htp_config_set_response_decompression_layer_limit@Base 3.1.3 ++ htp_config_set_server_personality@Base 3.1.3 ++ htp_config_set_tmpdir@Base 3.1.3 ++ htp_config_set_tx_auto_destroy@Base 3.1.3 ++ htp_config_set_u_encoding_decode@Base 3.1.3 ++ htp_config_set_u_encoding_unwanted@Base 3.1.3 ++ htp_config_set_url_encoding_invalid_handling@Base 3.1.3 ++ htp_config_set_url_encoding_invalid_unwanted@Base 3.1.3 ++ htp_config_set_user_data@Base 3.1.3 ++ htp_config_set_utf8_convert_bestfit@Base 3.1.3 ++ htp_config_set_utf8_invalid_unwanted@Base 3.1.3 ++ htp_conn_close@Base 3.1.3 ++ htp_conn_create@Base 3.1.3 ++ htp_conn_destroy@Base 3.1.3 ++ htp_conn_open@Base 3.1.3 ++ htp_conn_remove_tx@Base 3.1.3 ++ htp_conn_track_inbound_data@Base 3.1.3 ++ htp_conn_track_outbound_data@Base 3.1.3 ++ htp_connp_REQ_BODY_CHUNKED_DATA@Base 3.1.3 ++ htp_connp_REQ_BODY_CHUNKED_DATA_END@Base 3.1.3 ++ htp_connp_REQ_BODY_CHUNKED_LENGTH@Base 3.1.3 ++ htp_connp_REQ_BODY_DETERMINE@Base 3.1.3 ++ htp_connp_REQ_BODY_IDENTITY@Base 3.1.3 ++ htp_connp_REQ_CONNECT_CHECK@Base 3.1.3 ++ htp_connp_REQ_CONNECT_PROBE_DATA@Base 3.1.3 ++ htp_connp_REQ_CONNECT_WAIT_RESPONSE@Base 3.1.3 ++ htp_connp_REQ_FINALIZE@Base 3.1.3 ++ htp_connp_REQ_HEADERS@Base 3.1.3 ++ htp_connp_REQ_IDLE@Base 3.1.3 ++ htp_connp_REQ_IGNORE_DATA_AFTER_HTTP_0_9@Base 3.1.3 ++ htp_connp_REQ_LINE@Base 3.1.3 ++ htp_connp_REQ_LINE_complete@Base 3.1.3 ++ htp_connp_REQ_PROTOCOL@Base 3.1.3 ++ htp_connp_RES_BODY_CHUNKED_DATA@Base 3.1.3 ++ htp_connp_RES_BODY_CHUNKED_DATA_END@Base 3.1.3 ++ htp_connp_RES_BODY_CHUNKED_LENGTH@Base 3.1.3 ++ htp_connp_RES_BODY_DETERMINE@Base 3.1.3 ++ htp_connp_RES_BODY_IDENTITY_CL_KNOWN@Base 3.1.3 ++ htp_connp_RES_BODY_IDENTITY_STREAM_CLOSE@Base 3.1.3 ++ htp_connp_RES_FINALIZE@Base 3.1.3 ++ htp_connp_RES_HEADERS@Base 3.1.3 ++ htp_connp_RES_IDLE@Base 3.1.3 ++ htp_connp_RES_LINE@Base 3.1.3 ++ htp_connp_clear_error@Base 3.1.3 ++ htp_connp_close@Base 3.1.3 ++ htp_connp_create@Base 3.1.3 ++ htp_connp_destroy@Base 3.1.3 ++ htp_connp_destroy_all@Base 3.1.3 ++ htp_connp_destroy_decompressors@Base 3.1.3 ++ htp_connp_get_connection@Base 3.1.3 ++ htp_connp_get_in_tx@Base 3.1.3 ++ htp_connp_get_last_error@Base 3.1.3 ++ htp_connp_get_out_tx@Base 3.1.3 ++ htp_connp_get_user_data@Base 3.1.3 ++ htp_connp_in_reset@Base 3.1.3 ++ htp_connp_in_state_as_string@Base 3.1.3 ++ htp_connp_is_line_folded@Base 3.1.3 ++ htp_connp_is_line_ignorable@Base 3.1.3 ++ htp_connp_is_line_terminator@Base 3.1.3 ++ htp_connp_open@Base 3.1.3 ++ htp_connp_out_state_as_string@Base 3.1.3 ++ htp_connp_req_data@Base 3.1.3 ++ htp_connp_req_data_consumed@Base 3.1.3 ++ htp_connp_req_receiver_finalize_clear@Base 3.1.3 ++ htp_connp_res_data@Base 3.1.3 ++ htp_connp_res_data_consumed@Base 3.1.3 ++ htp_connp_res_receiver_finalize_clear@Base 3.1.3 ++ htp_connp_set_user_data@Base 3.1.3 ++ htp_connp_tx_create@Base 3.1.3 ++ htp_connp_tx_remove@Base 3.1.3 ++ htp_convert_method_to_number@Base 3.1.3 ++ htp_decode_path_inplace@Base 3.1.3 ++ htp_extract_quoted_string_as_bstr@Base 3.1.3 ++ htp_get_version@Base 3.1.3 ++ htp_gzip_decompressor_create@Base 3.1.3 ++ htp_hook_copy@Base 3.1.3 ++ htp_hook_create@Base 3.1.3 ++ htp_hook_destroy@Base 3.1.3 ++ htp_hook_register@Base 3.1.3 ++ htp_hook_run_all@Base 3.1.3 ++ htp_hook_run_one@Base 3.1.3 ++ htp_is_folding_char@Base 3.1.3 ++ htp_is_line_empty@Base 3.1.3 ++ htp_is_line_whitespace@Base 3.1.3 ++ htp_is_lws@Base 3.1.3 ++ htp_is_separator@Base 3.1.3 ++ htp_is_space@Base 3.1.3 ++ htp_is_text@Base 3.1.3 ++ htp_is_token@Base 3.1.3 ++ htp_list_array_clear@Base 3.1.3 ++ htp_list_array_create@Base 3.1.3 ++ htp_list_array_destroy@Base 3.1.3 ++ htp_list_array_get@Base 3.1.3 ++ htp_list_array_pop@Base 3.1.3 ++ htp_list_array_push@Base 3.1.3 ++ htp_list_array_replace@Base 3.1.3 ++ htp_list_array_shift@Base 3.1.3 ++ htp_list_array_size@Base 3.1.3 ++ htp_log@Base 3.1.3 ++ htp_mpart_part_create@Base 3.1.3 ++ htp_mpart_part_destroy@Base 3.1.3 ++ htp_mpart_part_finalize_data@Base 3.1.3 ++ htp_mpart_part_handle_data@Base 3.1.3 ++ htp_mpart_part_parse_c_d@Base 3.1.3 ++ htp_mpart_part_process_headers@Base 3.1.3 ++ htp_mpartp_create@Base 3.1.3 ++ htp_mpartp_destroy@Base 3.1.3 ++ htp_mpartp_finalize@Base 3.1.3 ++ htp_mpartp_find_boundary@Base 3.1.3 ++ htp_mpartp_get_multipart@Base 3.1.3 ++ htp_mpartp_parse@Base 3.1.3 ++ htp_mpartp_parse_header@Base 3.1.3 ++ htp_mpartp_run_request_file_data_hook@Base 3.1.3 ++ htp_normalize_hostname_inplace@Base 3.1.3 ++ htp_normalize_parsed_uri@Base 3.1.3 ++ htp_normalize_uri_path_inplace@Base 3.1.3 ++ htp_parse_authorization@Base 3.1.3 ++ htp_parse_authorization_basic@Base 3.1.3 ++ htp_parse_authorization_digest@Base 3.1.3 ++ htp_parse_chunked_length@Base 3.1.3 ++ htp_parse_content_length@Base 3.1.3 ++ htp_parse_cookies_v0@Base 3.1.3 ++ htp_parse_ct_header@Base 3.1.3 ++ htp_parse_header_hostport@Base 3.1.3 ++ htp_parse_hostport@Base 3.1.3 ++ htp_parse_positive_integer_whitespace@Base 3.1.3 ++ htp_parse_protocol@Base 3.1.3 ++ htp_parse_request_header_generic@Base 3.1.3 ++ htp_parse_request_line_apache_2_2@Base 3.1.3 ++ htp_parse_request_line_generic@Base 3.1.3 ++ htp_parse_request_line_generic_ex@Base 3.1.3 ++ htp_parse_response_header_generic@Base 3.1.3 ++ htp_parse_response_line_generic@Base 3.1.3 ++ htp_parse_single_cookie_v0@Base 3.1.3 ++ htp_parse_status@Base 3.1.3 ++ htp_parse_uri@Base 3.1.3 ++ htp_parse_uri_hostport@Base 3.1.3 ++ htp_php_parameter_processor@Base 3.1.3 ++ htp_process_request_header_apache_2_2@Base 3.1.3 ++ htp_process_request_header_generic@Base 3.1.3 ++ htp_process_response_header_generic@Base 3.1.3 ++ htp_req_run_hook_body_data@Base 3.1.3 ++ htp_res_run_hook_body_data@Base 3.1.3 ++ htp_table_add@Base 3.1.3 ++ htp_table_addk@Base 3.1.3 ++ htp_table_addn@Base 3.1.3 ++ htp_table_clear@Base 3.1.3 ++ htp_table_clear_ex@Base 3.1.3 ++ htp_table_create@Base 3.1.3 ++ htp_table_destroy@Base 3.1.3 ++ htp_table_destroy_ex@Base 3.1.3 ++ htp_table_get@Base 3.1.3 ++ htp_table_get_c@Base 3.1.3 ++ htp_table_get_index@Base 3.1.3 ++ htp_table_get_mem@Base 3.1.3 ++ htp_table_size@Base 3.1.3 ++ htp_transcode_bstr@Base 3.1.3 ++ htp_transcode_params@Base 3.1.3 ++ htp_treat_response_line_as_body@Base 3.1.3 ++ htp_tx_create@Base 3.1.3 ++ htp_tx_destroy@Base 3.1.3 ++ htp_tx_destroy_incomplete@Base 3.1.3 ++ htp_tx_finalize@Base 3.1.3 ++ htp_tx_get_is_config_shared@Base 3.1.3 ++ htp_tx_get_user_data@Base 3.1.3 ++ htp_tx_is_complete@Base 3.1.3 ++ htp_tx_register_request_body_data@Base 3.1.3 ++ htp_tx_register_response_body_data@Base 3.1.3 ++ htp_tx_req_add_param@Base 3.1.3 ++ htp_tx_req_get_param@Base 3.1.3 ++ htp_tx_req_get_param_ex@Base 3.1.3 ++ htp_tx_req_has_body@Base 3.1.3 ++ htp_tx_req_process_body_data@Base 3.1.3 ++ htp_tx_req_process_body_data_ex@Base 3.1.3 ++ htp_tx_req_set_header@Base 3.1.3 ++ htp_tx_req_set_headers_clear@Base 3.1.3 ++ htp_tx_req_set_line@Base 3.1.3 ++ htp_tx_req_set_method@Base 3.1.3 ++ htp_tx_req_set_method_number@Base 3.1.3 ++ htp_tx_req_set_parsed_uri@Base 3.1.3 ++ htp_tx_req_set_protocol@Base 3.1.3 ++ htp_tx_req_set_protocol_0_9@Base 3.1.3 ++ htp_tx_req_set_protocol_number@Base 3.1.3 ++ htp_tx_req_set_uri@Base 3.1.3 ++ htp_tx_request_progress_as_string@Base 3.1.3 ++ htp_tx_res_process_body_data@Base 3.1.3 ++ htp_tx_res_process_body_data_ex@Base 3.1.3 ++ htp_tx_res_set_header@Base 3.1.3 ++ htp_tx_res_set_headers_clear@Base 3.1.3 ++ htp_tx_res_set_protocol_number@Base 3.1.3 ++ htp_tx_res_set_status_code@Base 3.1.3 ++ htp_tx_res_set_status_line@Base 3.1.3 ++ htp_tx_res_set_status_message@Base 3.1.3 ++ htp_tx_response_progress_as_string@Base 3.1.3 ++ htp_tx_set_config@Base 3.1.3 ++ htp_tx_set_user_data@Base 3.1.3 ++ htp_tx_state_request_complete@Base 3.1.3 ++ htp_tx_state_request_complete_partial@Base 3.1.3 ++ htp_tx_state_request_headers@Base 3.1.3 ++ htp_tx_state_request_line@Base 3.1.3 ++ htp_tx_state_request_start@Base 3.1.3 ++ htp_tx_state_response_complete@Base 3.1.3 ++ htp_tx_state_response_complete_ex@Base 3.1.3 ++ htp_tx_state_response_headers@Base 3.1.3 ++ htp_tx_state_response_line@Base 3.1.3 ++ htp_tx_state_response_start@Base 3.1.3 ++ htp_tx_urldecode_params_inplace@Base 3.1.3 ++ htp_tx_urldecode_uri_inplace@Base 3.1.3 ++ htp_unparse_uri_noencode@Base 3.1.3 ++ htp_uri_alloc@Base 3.1.3 ++ htp_uri_free@Base 3.1.3 ++ htp_urldecode_inplace@Base 3.1.3 ++ htp_urldecode_inplace_ex@Base 3.1.3 ++ htp_urlenp_create@Base 3.1.3 ++ htp_urlenp_destroy@Base 3.1.3 ++ htp_urlenp_finalize@Base 3.1.3 ++ htp_urlenp_parse_complete@Base 3.1.3 ++ htp_urlenp_parse_partial@Base 3.1.3 ++ htp_utf8_decode@Base 3.1.3 ++ htp_utf8_decode_allow_overlong@Base 3.1.3 ++ htp_utf8_decode_path_inplace@Base 3.1.3 ++ htp_utf8_validate_path@Base 3.1.3 ++ htp_validate_hostname@Base 3.1.3 ++ strlcat@Base 3.1.3 ++ strlcpy@Base 3.1.3 diff --cc debian/patches/LEVEL1_DCACHE_LINESIZE.patch index 00000000,00000000..f26706c3 new file mode 100644 --- /dev/null +++ b/debian/patches/LEVEL1_DCACHE_LINESIZE.patch @@@ -1,0 -1,0 +1,18 @@@ ++Description: handle undefined LEVEL1_DCACHE_LINESIZE ++ On some platforms (riscv64, s390x) this value is undefined as returned from getconf. ++ We also need to handle this to avoid using the string undefined blindly in further ++ #defines, which would otherwise cause compile errors. ++Author: Sascha Steinbiss ++Applied-Upstream: https://github.com/OISF/suricata/pull/7350 ++Last-Update: 2022-06-01 ++--- a/configure.ac +++++ b/configure.ac ++@@ -2436,7 +2436,7 @@ ++ AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") ++ if test "$HAVE_GETCONF_CMD" != "no"; then ++ CLS=$(getconf LEVEL1_DCACHE_LINESIZE) ++- if [test "$CLS" != "" && test "$CLS" != "0"]; then +++ if [test "$CLS" != "undefined" && "$CLS" != "" && test "$CLS" != "0"]; then ++ AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size]) ++ else ++ AC_DEFINE([CLS],[64],[L1 cache line size]) diff --cc debian/patches/avoid-to-include-if_tunnel-h.patch index 00000000,00000000..1a40ec72 new file mode 100644 --- /dev/null +++ b/debian/patches/avoid-to-include-if_tunnel-h.patch @@@ -1,0 -1,0 +1,34 @@@ ++From 6f7636cfc6dffb387afe21f4f3bff119f8d8e033 Mon Sep 17 00:00:00 2001 ++From: Eric Leblond ++Date: Thu, 31 Oct 2019 13:29:56 +0100 ++Subject: [PATCH] ebpf: avoid to include if_tunnel.h ++ ++This is causing a dependency issue as file from another architecture ++have to be installed. ++--- ++ ebpf/xdp_lb.c | 7 ++++++- ++ 1 file changed, 6 insertions(+), 1 deletion(-) ++ ++--- a/ebpf/xdp_lb.c +++++ b/ebpf/xdp_lb.c ++@@ -26,7 +26,6 @@ ++ /* Workaround to avoid the need of 32bit headers */ ++ #define _LINUX_IF_H ++ #define IFNAMSIZ 16 ++-#include ++ #include ++ #include ++ #include ++@@ -35,6 +34,12 @@ ++ ++ #include "hash_func01.h" ++ +++#define GRE_CSUM __cpu_to_be16(0x8000) +++#define GRE_ROUTING __cpu_to_be16(0x4000) +++#define GRE_KEY __cpu_to_be16(0x2000) +++#define GRE_SEQ __cpu_to_be16(0x1000) +++#define GRE_VERSION __cpu_to_be16(0x0007) +++ ++ #define LINUX_VERSION_CODE 263682 ++ ++ /* Hashing initval */ diff --cc debian/patches/configure-clang-variable.patch index 00000000,00000000..6aae947a new file mode 100644 --- /dev/null +++ b/debian/patches/configure-clang-variable.patch @@@ -1,0 -1,0 +1,26 @@@ ++From: Hilko Bengen ++Date: Tue, 22 Jan 2019 18:10:47 +0100 ++Subject: configure: Introduce CLANG variable ++ ++--- ++ configure.ac | 9 +++++++++ ++ 1 file changed, 9 insertions(+) ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -38,6 +38,15 @@ ++ ++ AC_SUBST([CLANG]) ++ +++ AC_ARG_WITH([clang], +++ [CLANG compiler], +++ [CLANG="$withval"], +++ [AS_IF([test "$compiler" = clang], +++ [CLANG="$CC"], +++ [AC_PATH_PROG([CLANG],[clang])])]) +++ +++ AC_SUBST([CLANG]) +++ ++ case "$compiler" in ++ clang) ++ CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument" diff --cc debian/patches/cross.patch index 00000000,00000000..ddc724d9 new file mode 100644 --- /dev/null +++ b/debian/patches/cross.patch @@@ -1,0 -1,0 +1,13 @@@ ++--- a/configure.ac +++++ b/configure.ac ++@@ -77,8 +77,8 @@ ++ AC_PATH_PROG(HAVE_CYGPATH, cygpath, "no") ++ AM_CONDITIONAL([HAVE_CYGPATH], [test "x$HAVE_CYGPATH" != "xno"]) ++ ++- AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no") ++- if test "$HAVE_PKG_CONFIG" = "no"; then +++ PKG_PROG_PKG_CONFIG +++ if test "x$PKG_CONFIG" = "x"; then ++ echo ++ echo " ERROR! pkg-config not found, go get it " ++ echo " http://pkg-config.freedesktop.org/wiki/ " diff --cc debian/patches/debian-default-cfg.patch index 00000000,00000000..5f21dd4c new file mode 100644 --- /dev/null +++ b/debian/patches/debian-default-cfg.patch @@@ -1,0 -1,0 +1,43 @@@ ++From: Arturo Borrero Gonzalez ++Subject: Debian default configuration ++ This patch sets Debian defaults for suricata configuration. ++ . ++ Currently, it sets a proper path for suricata unix socket. ++Forwarded: not-needed ++Last-Update: 2016-12-01 ++ ++--- a/suricata.yaml.in +++++ b/suricata.yaml.in ++@@ -1083,8 +1083,8 @@ ++ # activated in live capture mode. You can use the filename variable to set ++ # the file name of the socket. ++ unix-command: ++- enabled: auto ++- #filename: custom.socket +++ enabled: yes +++ filename: @e_localstatedir@suricata-command.socket ++ ++ # Magic file. The extension .mgc is added to the value here. ++ #magic-file: /usr/share/file/magic ++--- a/src/unix-manager.c +++++ b/src/unix-manager.c ++@@ -53,7 +53,7 @@ ++ # endif ++ #endif ++ ++-#define SOCKET_PATH LOCAL_STATE_DIR "/run/suricata/" +++#define SOCKET_PATH LOCAL_STATE_DIR "/" ++ #define SOCKET_FILENAME "suricata-command.socket" ++ #define SOCKET_TARGET SOCKET_PATH SOCKET_FILENAME ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -2762,7 +2762,7 @@ ++ EXPAND_VARIABLE(localstatedir, e_logfilesdir, "/log/suricata/files") ++ EXPAND_VARIABLE(localstatedir, e_logcertsdir, "/log/suricata/certs") ++ EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/suricata/") ++- EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/suricata") +++ EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/") ++ EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules") ++ EXPAND_VARIABLE(localstatedir, e_datadir, "/lib/suricata/data") ++ EXPAND_VARIABLE(ruledirprefix, e_defaultruledir, "/suricata/rules") diff --cc debian/patches/fix-repeated-builds.patch index 00000000,00000000..b2374dde new file mode 100644 --- /dev/null +++ b/debian/patches/fix-repeated-builds.patch @@@ -1,0 -1,0 +1,16 @@@ ++Description: do not clean vendor directory on distclean ++ dh_auto_clean calls make distclean, which in the case of Suricata also ++ removes the vendor directory. This breaks repeated builds. ++Author: Sascha Steinbiss ++Last-Update: 2018-12-26 ++--- a/rust/Makefile.am +++++ b/rust/Makefile.am ++@@ -65,7 +65,7 @@ ++ rm -f Cargo.lock ++ ++ maintainerclean-local: ++- rm -rf vendor gen +++ rm -rf gen ++ ++ check: ++ CARGO_HOME="$(CARGO_HOME)" @rustup_home@ \ diff --cc debian/patches/import-sockio-h.patch index 00000000,00000000..67bfe95b new file mode 100644 --- /dev/null +++ b/debian/patches/import-sockio-h.patch @@@ -1,0 -1,0 +1,16 @@@ ++From: Eric Leblond ++Date: Wed, 17 Jul 2019 12:35:12 +0200 ++Subject: [PATCH] af-packet: fix build on recent Linux kernels ++--- a/src/source-af-packet.c +++++ b/src/source-af-packet.c ++@@ -68,6 +68,10 @@ ++ #include ++ #endif ++ +++#if HAVE_LINUX_SOCKIOS_H +++#include +++#endif +++ ++ #ifdef HAVE_PACKET_EBPF ++ #include "util-ebpf.h" ++ #include diff --cc debian/patches/libbpf-1.0.patch index 00000000,00000000..c9fa8113 new file mode 100644 --- /dev/null +++ b/debian/patches/libbpf-1.0.patch @@@ -1,0 -1,0 +1,71 @@@ ++From c472ec9a134eb253a29229cadf099c74c962c2af Mon Sep 17 00:00:00 2001 ++From: Sascha Steinbiss ++Date: Thu, 15 Sep 2022 13:57:13 +0000 ++Subject: [PATCH] ebpf: update deprecated API calls ++ ++This fixes build errors when libbpf 1.0 is used. It removes previously ++deprecated API functions that were still in use in Suricata's eBPF ++code. ++--- ++ configure.ac | 11 +++++++++-- ++ src/util-ebpf.c | 15 +++++++++++++++ ++ 2 files changed, 24 insertions(+), 2 deletions(-) ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -1835,11 +1835,18 @@ ++ AC_DEFINE([HAVE_PACKET_EBPF],[1],[Recent ebpf fanout support is available]), ++ [], ++ [[#include ]]) ++- AC_CHECK_LIB(bpf, bpf_set_link_xdp_fd,have_xdp="yes") +++ # Check for XDP specific function. +++ AC_CHECK_LIB(bpf,bpf_xdp_attach,have_xdp="yes") ++ if test "$have_xdp" = "yes"; then ++ AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available]) +++ else +++ # Check for legacy XDP function. +++ AC_CHECK_LIB(bpf,bpf_set_link_xdp_fd,have_xdp="yes") +++ if test "$have_xdp" = "yes"; then +++ AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available]) +++ fi ++ fi ++- AC_CHECK_FUNCS(bpf_program__section_name) +++ AC_CHECK_FUNCS([bpf_program__section_name bpf_xdp_attach bpf_program__set_type]) ++ fi; ++ ++ # Check for DAG support. ++--- a/src/util-ebpf.c +++++ b/src/util-ebpf.c ++@@ -372,9 +372,19 @@ ++ #endif ++ if (!strcmp(title, section)) { ++ if (config->flags & EBPF_SOCKET_FILTER) { +++#ifdef HAVE_BPF_PROGRAM__SET_TYPE +++ bpf_program__set_type(bpfprog, BPF_PROG_TYPE_SOCKET_FILTER); +++#else +++ /* Fall back to legacy API */ ++ bpf_program__set_socket_filter(bpfprog); +++#endif ++ } else { +++#ifdef HAVE_BPF_PROGRAM__SET_TYPE +++ bpf_program__set_type(bpfprog, BPF_PROG_TYPE_XDP); +++#else +++ /* Fall back to legacy API */ ++ bpf_program__set_xdp(bpfprog); +++#endif ++ } ++ found = true; ++ break; ++@@ -488,7 +498,12 @@ ++ "Unknown interface '%s'", iface); ++ return -1; ++ } +++#ifdef HAVE_BPF_XDP_ATTACH +++ int err = bpf_xdp_attach(ifindex, fd, flags, NULL); +++#else +++ /* Fall back to legacy API */ ++ int err = bpf_set_link_xdp_fd(ifindex, fd, flags); +++#endif ++ if (err != 0) { ++ char buf[129]; ++ libbpf_strerror(err, buf, sizeof(buf)); diff --cc debian/patches/llc.patch index 00000000,00000000..4dbe2e5a new file mode 100644 --- /dev/null +++ b/debian/patches/llc.patch @@@ -1,0 -1,0 +1,20 @@@ ++--- a/configure.ac +++++ b/configure.ac ++@@ -461,11 +461,12 @@ ++ [ ++ AS_IF([test "$CLANG" != no], ++ [ ++- llc_candidates=$($CLANG --version | \ ++- awk '/^clang version/ { ++- split($3, v, "."); ++- printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]]) ++- }') +++ #llc_candidates=$($CLANG --version | \ +++ # awk '/^clang version/ { +++ # split($3, v, "."); +++ # printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]]) +++ # }') +++ llc_candidates=llc ++ AC_CHECK_PROGS([LLC], [$llc_candidates], "no") ++ if test "$LLC" = "no"; then ++ AC_MSG_ERROR([unable to find any of $llc_candidates needed to build ebpf files]) diff --cc debian/patches/no-use-gnu.patch index 00000000,00000000..20fb069b new file mode 100644 --- /dev/null +++ b/debian/patches/no-use-gnu.patch @@@ -1,0 -1,0 +1,28 @@@ ++Description: Don't use __USE_GNU ++ __USE_GNU is a glibc-internal symbol. ++ AC_USE_SYSTEM_EXTENSIONS is the proper autoconf ++ way to enable extensions. ++Author: Adrian Bunk ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -6,6 +6,7 @@ ++ AM_INIT_AUTOMAKE([tar-ustar subdir-objects]) ++ ++ AC_LANG([C]) +++ AC_USE_SYSTEM_EXTENSIONS ++ LT_INIT ++ PKG_PROG_PKG_CONFIG ++ ++--- a/src/suricata-common.h +++++ b/src/suricata-common.h ++@@ -33,9 +33,6 @@ ++ #define TRUE 1 ++ #define FALSE 0 ++ ++-#define _GNU_SOURCE ++-#define __USE_GNU ++- ++ #if HAVE_CONFIG_H ++ #include ++ #endif diff --cc debian/patches/reproducible.patch index 00000000,00000000..fa9765ba new file mode 100644 --- /dev/null +++ b/debian/patches/reproducible.patch @@@ -1,0 -1,0 +1,21 @@@ ++From: Arturo Borrero Gonzalez ++Subject: Patch to make the suricata build reproducible ++ This patch makes some changes to the suricata build to make it reproducible ++ . ++ Currently, it only filters out the -fdebug-prefix-map CFLAG which embeds ++ the build path. ++Forwarded: not-needed ++Last-Update: 2016-09-05 ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -2887,7 +2887,8 @@ ++ echo ++ echo "$SURICATA_BUILD_CONF" ++ echo "printf(" >src/build-info.h ++-echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' >>src/build-info.h +++echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' \ +++ | sed 's/-fdebug-prefix-map=.*=. //' >>src/build-info.h ++ echo ");" >>src/build-info.h ++ ++ echo " diff --cc debian/patches/series index 00000000,00000000..c34bc0c0 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,12 @@@ ++reproducible.patch ++debian-default-cfg.patch ++cross.patch ++no-use-gnu.patch ++fix-repeated-builds.patch ++configure-clang-variable.patch ++with-ebpf-includes.patch ++import-sockio-h.patch ++avoid-to-include-if_tunnel-h.patch ++llc.patch ++LEVEL1_DCACHE_LINESIZE.patch ++libbpf-1.0.patch diff --cc debian/patches/with-ebpf-includes.patch index 00000000,00000000..3943e9ef new file mode 100644 --- /dev/null +++ b/debian/patches/with-ebpf-includes.patch @@@ -1,0 -1,0 +1,41 @@@ ++From: Hilko Bengen ++Date: Tue, 23 Jul 2019 14:43:21 +0200 ++Subject: Add --with-ebpf-includes parameter ++ ++--- ++ configure.ac | 4 ++++ ++ ebpf/Makefile.am | 3 +-- ++ 2 files changed, 5 insertions(+), 2 deletions(-) ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -473,6 +473,10 @@ ++ AC_SUBST(LLC) ++ ], ++ [AC_MSG_ERROR([clang needed to build ebpf files])]) +++ AC_ARG_WITH(ebpf_includes, +++ [ --with-ebpf-includes=DIR include directory for building eBPF programs], +++ [AC_SUBST([ebpf_includes],["$withval"])], +++ [AC_SUBST([ebpf_includes],["/usr/include/${build_alias}"])]) ++ ]) ++ ++ # enable debug output ++--- a/ebpf/Makefile.am +++++ b/ebpf/Makefile.am ++@@ -4,7 +4,7 @@ ++ if BUILD_EBPF ++ ++ # Maintaining a local copy of UAPI linux/bpf.h ++-BPF_CFLAGS = -Iinclude +++BPF_CFLAGS = -Iinclude -I$(ebpf_includes) ++ ++ BPF_TARGETS = lb.bpf ++ BPF_TARGETS += filter.bpf ++@@ -19,7 +19,6 @@ ++ $(BPF_TARGETS): %.bpf: %.c ++ # From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm) ++ ${CLANG} -Wall $(BPF_CFLAGS) -O2 \ ++- -I/usr/include/$(build_cpu)-$(build_os)/ \ ++ -D__KERNEL__ -D__ASM_SYSREG_H \ ++ -target bpf -S -emit-llvm $< -o ${@:.bpf=.ll} ++ # From LLVM-IR to BPF-bytecode in ELF-obj file diff --cc debian/rules index 00000000,00000000..414f87d1 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,99 @@@ ++#!/usr/bin/make -f ++ ++# verbose mode ++export DH_VERBOSE=1 ++ ++SURICATA_DESTDIR = $(CURDIR)/debian/tmp ++export DEB_BUILD_MAINT_OPTIONS = hardening=+pie,+bindnow ++export CARGO_HOME = $(CURDIR)/debian/cargohome ++ ++include /usr/share/dpkg/architecture.mk ++ ++# workaround for linking issue on some archs ++export DEB_LDFLAGS_MAINT_APPEND = -Wl,--allow-multiple-definition ++EXTRA_ATOMIC_ARCHS = armel mipsel powerpc ++ifneq (,$(findstring $(DEB_HOST_ARCH),$(EXTRA_ATOMIC_ARCHS))) ++ DEB_LDFLAGS_MAINT_APPEND += -latomic ++ export DEB_LDFLAGS_MAINT_APPEND ++endif ++ ++LUAJIT_ARCHS = i386 amd64 powerpc mips mipsel armel armhf ++HYPERSCAN_ARCHS = i386 amd64 hurd-i386 kfreebsd-amd64 x32 ++RUST_ARCHS = i386 amd64 ++EBPF_ARCHS = amd64 arm64 armel armhf i386 ppc64el s390x ppc64 sparc64 x32 ++ ++LIBHTP_PKG_VERSION=$(shell apt-cache policy libhtp2 | grep Installed | cut -f2- -d: | cut -c2-) ++ ++ifneq (,$(findstring $(DEB_HOST_ARCH),$(LUAJIT_ARCHS))) ++ ENABLE_LUAJIT="--enable-luajit" ++endif ++ ++ifneq (,$(findstring $(DEB_HOST_ARCH),$(HYPERSCAN_ARCHS))) ++ ENABLE_HYPERSCAN="--enable-libhs" ++endif ++ ++ifneq (,$(findstring $(DEB_HOST_ARCH),$(RUST_ARCHS))) ++ ENABLE_HYPERSCAN="--enable-rust" ++endif ++ ++CI ?= $(shell $(CURDIR)/debian/building-in-ci.sh) ++ifeq ($(CI),true) ++ ENABLE_UNITTESTS="--enable-unittests" ++endif ++ ++ifneq (,$(findstring $(DEB_HOST_ARCH),$(EBPF_ARCHS))) ++ ENABLE_EBPF=--enable-ebpf --enable-ebpf-build \ ++ --with-ebpf-includes=/usr/include/$(DEB_HOST_MULTIARCH) ++endif ++ ++CONFIGURE_ARGS = --enable-af-packet --enable-nfqueue --enable-nflog \ ++ --enable-gccprotect --disable-gccmarch-native \ ++ --with-libnss-includes=/usr/include/nss --with-libnss-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \ ++ --with-libnspr-includes=/usr/include/nspr --with-libnspr-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \ ++ --with-libevent-includes=/usr/include --with-libevent-libraries=/usr/lib/$(DEB_HOST_MULTIARCH) \ ++ --disable-coccinelle \ ++ --enable-geoip --enable-hiredis \ ++ --enable-non-bundled-htp \ ++ --disable-suricata-update \ ++ $(ENABLE_LUAJIT) \ ++ $(ENABLE_HYPERSCAN) \ ++ $(ENABLE_UNITTESTS) \ ++ $(ENABLE_EBPF) ++ ++override_dh_auto_configure: ++ dh_auto_configure -- $(CONFIGURE_ARGS) ++ ++override_dh_auto_build: ++ uname -a ++ mkdir -p $(CARGO_HOME) ++ dh_auto_build ++ ++override_dh_auto_clean: ++ rm -rf $(CARGO_HOME) ++ rm -f debian/suricata.substvars ++ ++override_dh_auto_install: ++ dh_auto_install --destdir=$(SURICATA_DESTDIR) ++ rm -rf $(SURICATA_DESTDIR)/usr/lib/python*;\ ++ (cd python && make prefix=$(SURICATA_DESTDIR)/usr) ++ # clean upstream install documentation ++ rm -rf $(SURICATA_DESTDIR)/usr/share/doc/suricata/* ++ $(foreach file, $(wildcard ebpf/*bpf), \ ++ install -D -t $(SURICATA_DESTDIR)/usr/lib/suricata/ebpf $(file) ;\ ++ ) ++ ++override_dh_strip: ++ dh_strip --dbgsym-migration='suricata-dbg (<< 1:4.0.0-2~)' ++ ++override_dh_auto_test: ++ # do nothing ++ ++override_dh_missing: ++ dh_missing --list-missing ++ ++override_dh_gencontrol: ++ echo "libhtp:Version=$(LIBHTP_PKG_VERSION)" >> debian/suricata.substvars ++ dh_gencontrol ++ ++%: ++ dh $@ --with python3 diff --cc debian/source/format index 00000000,00000000..163aaf8d new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/suricata.README.Debian index 00000000,00000000..a1e554a0 new file mode 100644 --- /dev/null +++ b/debian/suricata.README.Debian @@@ -1,0 -1,0 +1,44 @@@ ++Suricata for Debian ++------------------- ++ ++The engine is an Open Source Next Generation Intrusion Detection and ++Prevention Tool, not intended to just replace or emulate the existing tools in ++the industry, but to bring new ideas and technologies to the field. ++ ++To run the engine with default configuration on interface eth0 (in live mode), ++run the following command (as root): ++ suricata -c /etc/suricata/suricata.yaml -i eth0 ++ ++To run in live NFQUEUE mode, use (as root): ++ suricata -c /etc/suricata/suricata.yaml -q $QUEUE_ID ++ ++You can also run suricata on a PCAP file: ++ suricata -c /etc/suricata/suricata.yaml -r file.pcap ++ ++ ++Daemon system integration ++------------------------- ++ ++The suricata daemon comes preconfigured to run as a system daemon with systemd. ++ ++You can start/stop the daemon with: ++ % sudo systemctl start suricata.service ++ % sudo systemctl stop suricata.service ++ ++You should copy /lib/systemd/system/suricata.service to ++/etc/systemd/system/suricata.service and adapt the configuration to your needs. ++ ++The sysvinit script and related files (/etc/init.d/suricata and ++/etc/default/suricata) will be eventually discarted at some point in the ++future. The /etc/default/suricata file is ignored by the default ++suricata.service file. ++ ++By now, there is no integration between suricata and libsystemd (so, options ++like the watchdog are not supported). ++ ++ ++Updating Rules ++-------------- ++ ++You should edit /etc/suricata/suricata.yaml and adjust it to fit your needs. ++The recommended way to update rules is via suricata-update (also packaged in Debian). diff --cc debian/suricata.default index 00000000,00000000..330dc591 new file mode 100644 --- /dev/null +++ b/debian/suricata.default @@@ -1,0 -1,0 +1,26 @@@ ++# Default config for Suricata ++ ++# set to yes to start the server in the init.d script ++RUN=no ++ ++# Configuration file to load ++SURCONF=/etc/suricata/suricata.yaml ++ ++# Listen mode: pcap, nfqueue or af-packet ++# depending on this value, only one of the two following options ++# will be used (af-packet uses neither). ++# Please note that IPS mode is only available when using nfqueue ++LISTENMODE=nfqueue ++ ++# Interface to listen on (for pcap mode) ++IFACE=eth0 ++ ++# Queue number to listen on (for nfqueue mode) ++NFQUEUE=0 ++ ++# Load Google TCMALLOC if libtcmalloc-minimal4 is installed ++# This _might_ give you very very small performance gain.... ++TCMALLOC="YES" ++ ++# Pid file ++PIDFILE=/var/run/suricata.pid diff --cc debian/suricata.dirs index 00000000,00000000..1d78110d new file mode 100644 --- /dev/null +++ b/debian/suricata.dirs @@@ -1,0 -1,0 +1,2 @@@ ++etc/suricata ++var/log/suricata diff --cc debian/suricata.init index 00000000,00000000..951e42af new file mode 100644 --- /dev/null +++ b/debian/suricata.init @@@ -1,0 -1,0 +1,167 @@@ ++#!/bin/sh -e ++# ++### BEGIN INIT INFO ++# Provides: suricata ++# Required-Start: $time $network $local_fs $remote_fs ++# Required-Stop: $remote_fs ++# Default-Start: 2 3 4 5 ++# Default-Stop: 0 1 6 ++# Short-Description: Next Generation IDS/IPS ++# Description: Intrusion detection system that will ++# capture traffic from the network cards and will ++# match against a set of known attacks. ++### END INIT INFO ++ ++# Source function library. ++. /lib/lsb/init-functions ++ ++if test -f /etc/default/suricata; then ++ . /etc/default/suricata ++else ++ echo "/etc/default/suricata is missing... bailing out!" >&2 ++ exit 1 ++fi ++ ++# We'll add up all the options above and use them ++NAME=suricata ++DAEMON=/usr/bin/$NAME ++ ++# Use this if you want the user to explicitly set 'RUN' in ++# /etc/default/ ++if [ "x$RUN" != "xyes" ] ; then ++ log_failure_msg "$NAME disabled, please adjust the configuration to your needs " ++ log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it." ++ exit 0 ++fi ++ ++check_root() { ++ if [ "$(id -u)" != "0" ]; then ++ log_failure_msg "You must be root to start, stop or restart $NAME." ++ exit 4 ++ fi ++} ++ ++check_nfqueue() { ++ if [ ! \( -e /proc/net/netfilter/nfnetlink_queue -o -e /proc/net/netfilter/nf_queue \) ]; then ++ log_warning_msg "NFQUEUE support not found !" ++ log_warning_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel" ++ fi ++} ++ ++check_run_dir() { ++ if [ ! -d /var/run/suricata ]; then ++ mkdir /var/run/suricata ++ chmod 0755 /var/run/suricata ++ fi ++} ++ ++load_libtcmalloc_minimal() { ++ lib="/usr/lib/libtcmalloc_minimal.so.4" ++ ++ if [ -f "$lib" ] && [ "x$TCMALLOC" = "xYES" ]; then ++ export LD_PRELOAD="$lib" ++ fi ++} ++ ++check_root ++ ++case "$LISTENMODE" in ++nfqueue) ++ IDMODE="IPS (nfqueue)" ++ LISTEN_OPTIONS=" -q $NFQUEUE" ++ check_nfqueue ++ ;; ++pcap) ++ IDMODE="IDS (pcap)" ++ LISTEN_OPTIONS=" -i $IFACE" ++ ;; ++af-packet) ++ IDMODE="IDS (af-packet)" ++ LISTEN_OPTIONS=" --af-packet" ++ ;; ++*) ++ echo "Unsupported listen mode $LISTENMODE, aborting" ++ exit 1 ++ ;; ++esac ++ ++SURICATA_OPTIONS=" -c $SURCONF --pidfile $PIDFILE $LISTEN_OPTIONS -D" ++ ++# See how we were called. ++case "$1" in ++start) ++ if [ -f $PIDFILE ]; then ++ PID1=$(cat $PIDFILE) ++ if kill -0 "$PID1" 2>/dev/null; then ++ echo "$NAME is already running with PID $PID1" ++ exit 0 ++ fi ++ fi ++ check_run_dir ++ echo -n "Starting suricata in $IDMODE mode..." ++ load_libtcmalloc_minimal ++ $DAEMON $SURICATA_OPTIONS > /var/log/suricata/suricata-start.log 2>&1 & ++ echo " done." ++ ;; ++stop) ++ echo -n "Stopping suricata: " ++ if [ -f $PIDFILE ]; then ++ PID2=$(cat $PIDFILE) ++ else ++ echo " No PID file found; not running?" ++ exit 0; ++ fi ++ start-stop-daemon --oknodo --stop --quiet --pidfile=$PIDFILE --exec $DAEMON ++ if [ -n "$PID2" ]; then ++ kill "$PID2" ++ ret=$? ++ sleep 2 ++ if kill -0 "$PID2" 2>/dev/null; then ++ ret=$? ++ echo -n "Waiting . " ++ cnt=0 ++ while kill -0 "$PID2" 2>/dev/null; do ++ ret=$? ++ cnt=$(expr "$cnt" + 1) ++ if [ "$cnt" -gt 10 ]; then ++ kill -9 "$PID2" ++ break ++ fi ++ sleep 2 ++ echo -n ". " ++ done ++ fi ++ fi ++ if [ -e $PIDFILE ]; then ++ rm $PIDFILE > /dev/null 2>&1 ++ fi ++ echo " done." ++ ;; ++status) ++ # Check if running... ++ if [ -s $PIDFILE ]; then ++ PID3=$(cat $PIDFILE) ++ if kill -0 "$PID3" 2>/dev/null; then ++ echo "$NAME is running with PID $PID3" ++ exit 0 ++ else ++ echo "PID file $PIDFILE exists, but process not running!" ++ fi ++ else ++ echo "$NAME not running!" ++ fi ++ ;; ++restart) ++ $0 stop ++ $0 start ++ ;; ++force-reload) ++ $0 stop ++ $0 start ++ ;; ++*) ++ echo "Usage: $0 {start|stop|restart|status}" ++ exit 1 ++esac ++ ++exit 0 diff --cc debian/suricata.install index 00000000,00000000..3568c2ce new file mode 100644 --- /dev/null +++ b/debian/suricata.install @@@ -1,0 -1,0 +1,7 @@@ ++etc/classification.config /etc/suricata ++etc/reference.config /etc/suricata ++rules/*.rules /etc/suricata/rules ++suricata.yaml /etc/suricata ++threshold.config /etc/suricata ++usr/bin ++usr/lib diff --cc debian/suricata.lintian-overrides index 00000000,00000000..adcdcb59 new file mode 100644 --- /dev/null +++ b/debian/suricata.lintian-overrides @@@ -1,0 -1,0 +1,3 @@@ ++# these are eBPF files ++suricata: binary-from-other-architecture usr/lib/suricata/ebpf/* ++suricata: unstripped-binary-or-object usr/lib/suricata/ebpf/* diff --cc debian/suricata.logrotate index 00000000,00000000..e318d1c6 new file mode 100644 --- /dev/null +++ b/debian/suricata.logrotate @@@ -1,0 -1,0 +1,12 @@@ ++/var/log/suricata/*.log ++/var/log/suricata/*.json ++{ ++ rotate 14 ++ missingok ++ compress ++ copytruncate ++ sharedscripts ++ postrotate ++ /bin/kill -HUP $(cat /var/run/suricata.pid) ++ endscript ++} diff --cc debian/suricata.maintscript index 00000000,00000000..a700bfc1 new file mode 100644 --- /dev/null +++ b/debian/suricata.maintscript @@@ -1,0 -1,0 +1,2 @@@ ++# Rename file ++mv_conffile /etc/suricata/suricata-debian.yaml /etc/suricata/suricata.yaml 3.1-1 suricata diff --cc debian/suricata.manpages index 00000000,00000000..f32b4f6e new file mode 100644 --- /dev/null +++ b/debian/suricata.manpages @@@ -1,0 -1,0 +1,1 @@@ ++doc/userguide/*.1 diff --cc debian/suricata.preinst index 00000000,00000000..50f71178 new file mode 100644 --- /dev/null +++ b/debian/suricata.preinst @@@ -1,0 -1,0 +1,13 @@@ ++#!/bin/sh ++ ++set -e ++ ++# we do not need alternatives anymore ++if update-alternatives --quiet --query suricata 2> /dev/null; then ++ echo "Removing legacy alternatives for Hyperscan/non-Hyperscan versions" ++ update-alternatives --remove-all suricata ++fi ++ ++#DEBHELPER# ++ ++exit 0 diff --cc debian/suricata.service index 00000000,00000000..ca2fda88 new file mode 100644 --- /dev/null +++ b/debian/suricata.service @@@ -1,0 -1,0 +1,20 @@@ ++[Unit] ++Description=Suricata IDS/IDP daemon ++After=network.target network-online.target ++Requires=network-online.target ++Documentation=man:suricata(8) man:suricatasc(8) ++Documentation=https://suricata-ids.org/docs/ ++ ++[Service] ++Type=forking ++#Environment=LD_PRELOAD=/usr/lib/libtcmalloc_minimal.so.4 ++PIDFile=/run/suricata.pid ++ExecStart=/usr/bin/suricata -D --af-packet -c /etc/suricata/suricata.yaml --pidfile /run/suricata.pid ++ExecReload=/usr/bin/suricatasc -c reload-rules ; /bin/kill -HUP $MAINPID ++ExecStop=/usr/bin/suricatasc -c shutdown ++Restart=on-failure ++ProtectSystem=full ++ProtectHome=true ++ ++[Install] ++WantedBy=multi-user.target diff --cc debian/tests/control index 00000000,00000000..1dca1c2f new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,46 @@@ ++Test-Command: suricata --build-info ++Depends: @ ++ ++Test-Command: suricatasc -c "version" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: suricatasc -c "command-list" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: suricatasc -c "capture-mode" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: sleep 10 && suricatasc -c "dump-counters" ++Depends: @ ++Restrictions: needs-root, isolation-container ++ ++Test-Command: suricatasc -c "uptime" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: suricatasc -c "reload-rules" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: suricatasc -c "iface-list" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: suricatasc -c "shutdown" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Test-Command: sleep 10 && suricatasc -c "running-mode" ++Depends: @ ++Restrictions: needs-root, isolation-container, flaky ++ ++Tests: systemd-service-test.sh ++Depends: @, systemd, procps ++Restrictions: needs-root, isolation-container, allow-stderr ++ ++Test-Command: src/suricata -u ++Depends: @, @builddeps@, procps, geoip-database ++Restrictions: needs-root, isolation-container, build-needed, allow-stderr diff --cc debian/tests/systemd-service-test.sh index 00000000,00000000..089a8b2e new file mode 100644 --- /dev/null +++ b/debian/tests/systemd-service-test.sh @@@ -1,0 -1,0 +1,130 @@@ ++#!/bin/sh ++ ++set -ex ++ ++SERVICE="suricata.service" ++ETC_SERVICE_FILE="/etc/systemd/system/${SERVICE}" ++LIB_SERVICE_FILE="/lib/systemd/system/${SERVICE}" ++CONFIG_FILE="/etc/suricata/suricata.yaml" ++IFACE=$(ip route show | awk '/default/ {print $5}') ++ ++if [ ! -r "$LIB_SERVICE_FILE" ] ; then ++ : ERROR unable to read $LIB_SERVICE_FILE ++ exit 1 ++fi ++if [ ! -w "$CONFIG_FILE" ] ; then ++ : ERROR unable to write to $CONFIG_FILE ++ exit 1 ++fi ++ ++systemctl_action() ++{ ++ if ! systemctl $1 $SERVICE ; then ++ journalctl -u $SERVICE ++ return 1 ++ fi ++ return 0 ++} ++ ++echo " ++%YAML 1.1 ++--- ++default-rule-path: /etc/suricata/rules ++rule-files: ++ - tor.rules ++ - http-events.rules ++ - smtp-events.rules ++ - dns-events.rules ++ - tls-events.rules ++classification-file: /etc/suricata/classification.config ++reference-config-file: /etc/suricata/reference.config ++default-log-dir: /var/log/suricata/ ++af-packet: ++ - interface: $IFACE ++ cluster-id: 99 ++ cluster-type: cluster_flow ++ defrag: yes ++ - interface: default ++ tpacket-v3: yes ++ block-size: 131072 ++app-layer: ++ protocols: ++ ssh: ++ enabled: yes ++host-mode: auto ++unix-command: ++ enabled: yes ++ filename: /var/run/suricata-command.socket ++detect: ++ profile: medium ++ custom-values: ++ toclient-groups: 3 ++ toserver-groups: 25 ++ sgh-mpm-context: auto ++ inspection-recursion-limit: 3000 ++ grouping: ++ profiling: ++ grouping: ++ dump-to-disk: false ++ include-rules: false ++ include-mpm-stats: false ++mpm-algo: auto ++spm-algo: auto ++" > $CONFIG_FILE ++ ++# ++# before start, package installation may start the daemon ++# ++if systemctl -q is-active $SERVICE ; then ++ : WARNING initial service running, stopping now ++ if ! systemctl_action stop ; then ++ : ERROR cant stop initial service ++ exit 1 ++ fi ++fi ++ ++# ++# First run of the daemon and basic checks ++# ++if ! systemctl_action start ; then ++ : ERROR cant start the service ++ exit 1 ++fi ++sleep 10 # wait for service startup ++systemctl status $SERVICE ++ ++# ++# Restart the daemon ++# ++if ! systemctl_action restart ; then ++ : ERROR unable to restart the service ++ exit 1 ++fi ++ ++sleep 10 # wait for serive startup ++if ! systemctl -q is-active $SERVICE ; then ++ journalctl -u $SERVICE ++ : ERROR service not active after restart ++ exit 1 ++fi ++ ++# ++# Reload the daemon ++# ++ ++: WARNING: Not testing daemon reload: it timeouts in ci.debian.net ++ ++#if ! systemctl_action reload ; then ++# : ERROR unable to reload the service ++# exit 1 ++#fi ++ ++#sleep 10 # wait for service reload ++#if ! systemctl -q is-active $SERVICE ; then ++# journalctl -u $SERVICE ++# : ERROR service not active after reload ++# exit 1 ++#fi ++ ++: INFO all tests OK ++exit 0 diff --cc debian/upstream/metadata index 00000000,00000000..dc3eb20a new file mode 100644 --- /dev/null +++ b/debian/upstream/metadata @@@ -1,0 -1,0 +1,4 @@@ ++Bug-Database: https://redmine.openinfosecfoundation.org/ ++Bug-Submit: https://redmine.openinfosecfoundation.org/projects/suricata/issues/new ++Repository: https://github.com/OISF/suricata.git ++Repository-Browse: https://github.com/OISF/suricata diff --cc debian/upstream/signing-key.asc index 00000000,00000000..0ca2ef6d new file mode 100644 --- /dev/null +++ b/debian/upstream/signing-key.asc @@@ -1,0 -1,0 +1,53 @@@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++ ++mQINBF8tFVkBEADEEXYv9T6kntaOafPMsBXJPFflcpM4VdXCnEmkY2zcQzfZ+fUB ++kyc6Lh1W07EPd4zGri4Hu9V8nfH5z+23oMmvVrUgbwU62u7ioUhMEpEtLbaLCWL9 ++6HSlA4XWwjJhALXKFNMWtWT5BiHHty4jXvLl/KlbYtNrV+BuWDZsSiCRto134His ++Uozb82Yp76qhxdFXdUkXa7PYXJ40EYg9du4Z2l8qP3VWjDHDDrXtoChIgnTmkXkF ++0AdNx9jd9OSugQbJMqi7IV2wvA4xErKMujL+7ytxdMsV0WS39dPOn1mPclYLlnq6 ++XDaXcVcHpXOQfC0qniKAHA9ngdKPPG5aJ7DqnZx+G4HBOAf0qnqCT2HBzvJovDuF ++7LdITO+nUiuThlh26oIoRqOfFgIAKDO+F/fRFIJYFt7q5OEwiL9HmlR7UrjLyHb8 ++TqWhxocZHvP0ex6qTFMlUOZFaLVD/OC0lMFZDtHNfWIyWLmRIP4CGYia7RDyEEvn ++rHqK7NCF93K5UNUuBZmWNZ5r7/wKccLSYz7wAgkeWaKBAX7bQLspTZUYOOd8Kf5+ ++uYlkLd1ju1wHqR7MrVb8/l6Q7cEIpLj+1ou6HeEsKyH1oZ8BQVzkVWIHmz7gaumV ++RKiycSnGqi8UnlFRUbZTW5ChLb7BL+ncBI3MuvrXvB6Ps7RlDPBD4D5AJQARAQAB ++tFBPcGVuIEluZm9ybWF0aW9uIFNlY3VyaXR5IEZvdW5kYXRpb24gKE9JU0YpIDxy ++ZWxlYXNlc0BvcGVuaW5mb3NlY2ZvdW5kYXRpb24ub3JnPokCVAQTAQoAPhYhBLNv ++2vJgfhDo/6ieXiupyYzN8ek6BQJfLRVZAhsDBQkJZgGABQsJCAcCBhUKCQgLAgQW ++AgMBAh4BAheAAAoJECupyYzN8ek6BAMP/jbjbJgNNYHQpueS6q7Jx1pNsDJ0Iqlr ++2AIfrvMAkvNCQALWMoKsSPYbx+lLhTMKP48wwUTu4PcagaZ74W41kFAHN6ituIeY ++QJ7nyNaccu4KRMLvWsL/LVimGIfQZDWgGvJd/ggAXZcCeSiWblCqs7isGpGwGktv ++O6M824BZo2tmqBOtcL/nn3xD5v3dOM2uUr4N7qEmVQgJpYY/d5GNy2576jLT1EQ7 ++Nq8VW0b76yZ7SQqX/mRA3KGJRi3/qnXsuxDdQd8hzxr4+QnH1cFjYtwsJlzzf2gm ++87ZbcuNf/BccH0Nt/hRkm7wIfJgXADKdCUAb60F6Ov95+aZ4hpK/Q6jJcCF9WSEZ ++UjklpYzWhSoC5AvqKcLOOnfLGfdF+gKwCD+hLvBwtkDZyYnLSkaKQ3eWbesoZnl0 ++uDZAgy+4UCsh4c6DmtF2YeByybmd+cOfxZqRNIGUzC5u5ROsulB4gNjCtaTrY2ug ++r0br16ypXHA8M3PB+EAF08pg1PNETecdQ+uWZmYn2vAAi0lh1YREuIaFK+P5RziU ++m1uwfmsTEy7xnrHfWTZyiWdDCsjhppRiUNCqXh76ChDh2cNbiiGK7EgNLeUEyplx ++s60hfa4Ht0tmo3S3R2JRs4Usn0fKigR1Vv589qjDI1DNbFC/01/IFXrKjERzdm20 ++ruUEU7TOqiUwuQINBF8tFVkBEADCAk7fTNtLlFDOAmXNxW+5ILRBehswEaZvAN5J ++rhc9bz4dMSWQajprEAl8HFRctEUkYHyi7cwcUPrelhwjnxOH3LuVeLLtm9i3wTCX ++NUvHeOWr4DBLYnwiYZ6t7U+Isd/IQRTo9l1vBEwdMOAs7FfqSmoGvJspd42dOi4r ++ph6JNss4FE5GTrb4oTx0ZrAIh7mT17e16TZywrZWKFZnl+G/YqmSolGtOrkhzm18 ++l3mTa/v4hq4u+ZS8Qd9ng62sl8Ls5Krx3JCBdxn849WRJ6myS7R+hvQeLR9YH/YL ++ioUVzxHXmF2xlENYsbEsVAEsHUb2G5Ot+uQcUpC2u9uzw05L+zhCbd4ffW5eTsGv ++d51LvBMV1b0VUjWEmTgzqFNI5ElBnpjZ3W2eiAAWrLnGACO5Lxzf5VeWYaTDJo8O ++GBYSoHovjYrFI8ZQq7J1skM/YBXROTb4zSc8rL1w81VFLvFu6lOzIA15s5iLRko7 ++LSKKom04Q8BNZ1nUydlxvo/5fu4VGYtWMliWUOIePIMT1EgBqYDfQyZ/h4gSMc7j ++jgb2JDfq/7WueoVTy8CNuOzewRYQOU/5P34o341Q0WO2tFNrohUqG9oDHf3Fj8eg ++VwWuRv+eDUmgbpisqVoj2hH1PM45Hcp62RHJasMWUmPIlCNKfvd8+fj3+zjaAN8r ++4Fv0YwARAQABiQI8BBgBCgAmFiEEs2/a8mB+EOj/qJ5eK6nJjM3x6ToFAl8tFVkC ++GwwFCQlmAYAACgkQK6nJjM3x6TpE0Q/7B31BrekzAIqV4gu6wE6xXe4GwzHYsQjW ++MJ0zQFXy3xPeRwVuFhfEOfX23HIpzvlM5h8OJCyifYu8vpbjqJ0/bEoUIERjQ0qe ++24H8tETRWsF5xRn8FwItdU+8dBsdH77JopAf3qmKPi6PZoobb0mf6mvqK/ootiIg ++8ATzbaIizw5oa4XZsjOwTh9vP7/VUAD7I8i2sxjw4BzLI9Ee4Mx+3ei95TQEXdRl ++jLEIH+2DLkKZTY1czfMuWAJsWpE+xewVBgm6zB0eS51HPZAhSaMmJefJeybnG4Er ++MFdWPPMXzNbr056TQzL1WIdHvB3SLSnA+MSHI8tp3LpHIqHibL1HQpUwDZo1G7jK ++hXcfEMAjwVJInNPOKJo93+mgTOqt0HZvnrGtFpUGBWivGLXguDW/m++Cv7hY3M7g ++I48G8dSmATEfyC0zaMACD2xmfjg86gkWsgio1Hpym/4oVDBVdT7CEXuN53QsQH5Y ++4XlEJh2l/fDMBAqtPmOkH6Zl3v6PLnzrkDbVEl1Nid/Oak6h6RSbAaI+uSACPTMq ++bHEYDF5K/2N6gu6/6aS6JzgCqr7G63Jghh1NtoKzmDfMl2nVL2virZDREUP7tBGa ++HegFin/SNaQ/vyu4kp/Y0Q6/BnN8Pa/1ngrkxwu/fAm4wq0DNArbf15fjCC0AgYZ ++z9qESk6L8Cs= ++=Rr5U ++-----END PGP PUBLIC KEY BLOCK----- diff --cc debian/watch index 00000000,00000000..63b16c9f new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,8 @@@ ++# watch control file for uscan ++# run the "uscan" command to check for upstream updates and more. ++# See uscan(1) for format ++ ++# Compulsory line, this is a version 3 file ++version=3 ++ ++opts=pgpsigurlmangle=s/$/.sig/ https://openinfosecfoundation.org/download/ suricata-([\d\.]*)\.tar\.gz