summaryrefslogtreecommitdiffstats
path: root/recipes-ids/suricata
Commit message (Collapse)AuthorAgeFilesLines
* Adapt to S/UNPACKDIR changesScott Murray2025-07-041-4/+0
| | | | | | | Remove or update S definitions as required to work with oe-core S/UNPACKDIR changes. Signed-off-by: Scott Murray <scott.murray@konsulko.com>
* suricata: drop pkg_postinst_ontarget systemd initClayton Casciato2025-06-231-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /var/log/suricata initialization is handled by systemd-tmpfiles-setup.service, which occurs before services like suricata Work towards resolving: ERROR: [...] do_rootfs: The following packages could not be configured offline and rootfs is read-only: ['100-suricata'] Added in commit 36d656fe7244 ("suricata: add tmpfiles.d config") systemd testing: root@beaglebone-yocto:~# ls -d /var/log/suricata /var/log/suricata root@beaglebone-yocto:~# systemctl enable suricata Created symlink '/etc/systemd/system/multi-user.target.wants/suricata.service' -> '/usr/lib/systemd/system/suricata.service'. root@beaglebone-yocto:~# rmdir /var/log/suricata root@beaglebone-yocto:~# reboot now root@beaglebone-yocto:~# ls -d /var/log/suricata /var/log/suricata root@beaglebone-yocto:~# journalctl -o short-iso-precise -u systemd-tmpfiles-setup -u suricata 2025-05-20T00:45:46.450027+00:00 beaglebone-yocto systemd[1]: Starting Create System Files and Directories... [...] 2025-05-20T00:45:47.041049+00:00 beaglebone-yocto systemd[1]: Finished Create System Files and Directories. 2025-05-20T00:45:47.542976+00:00 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon. [...] Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: resolve TMPDIR QA issues in do_configureClayton Casciato2025-06-231-5/+2
| | | | | | | | | | | | | | | | | | | | | ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File /usr/bin/suricata in package suricata contains reference to TMPDIR [buildpaths] ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File /usr/src/debug/suricata/7.0.0/src/build-info.h in package suricata-src contains reference to TMPDIR [buildpaths] Address references when src/build-info.h is being written This is similar to Debian's approach: https://sources.debian.org/patches/suricata/1:7.0.10-1~bpo12%2B1/reproducible.patch/ Restore the "already-stripped" check and CFLAGS info Original resolution in commit c0e3fecc3bea ("suricata: fix QA warnings") Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix build error introduced by upstream commitArmin Kuster2025-04-131-0/+12
| | | | | | | | | | 7a2b9acef2 cargo: pass PACKAGECONFIG_CONFARGS to cargo build error: unexpected argument '--with-libcap_ng-includes' found | | Usage: cargo build --verbose... --target [<TRIPLE>] --release --manifest-path <PATH> --offline Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.50Armin Kuster2025-04-132-152/+2
| | | | | | drop CVE-2024-45797.patch now included Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: fix CVE-2024-45797Hitendra Prajapati2024-11-242-1/+151
| | | | | | | Upstream-Status: Backport from https://github.com/OISF/libhtp/commit/0d550de551b91d5e57ba23e2b1e2c6430fad6818 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: run whole autotools_do_configure not just oe_runconfMartin Jansa2024-09-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Otherwise Makefile isn't regenerated and do_compile fails with: suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found after automake upgrade from 1.16.5 to 1.17 from: https://git.openembedded.org/openembedded-core/commit/?id=b98328a6ff07119e7ba4f1072090d789e69edef8 Fixes: CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/bash 'TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing' aclocal-1.16 -I m4 TOPDIR/BUILD/work/mach-distro-linux/suricata/7.0.0/suricata-7.0.0/missing: line 81: aclocal-1.16: command not found WARNING: 'aclocal-1.16' is missing on your system. You should only need it if you modified 'acinclude.m4' or 'configure.ac' or m4 files included by 'configure.ac'. The 'aclocal' program is part of the GNU Automake package: <https://www.gnu.org/software/automake> It also requires GNU Autoconf, GNU m4 and Perl in order to run: <https://www.gnu.org/software/autoconf> <https://www.gnu.org/software/m4/> <https://www.perl.org/> make: *** [Makefile:465: aclocal.m4] Error 127 Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix QA warningsArmin Kuster2024-07-291-0/+5
| | | | | | ERROR: suricata-7.0.0-r0 do_package: QA Issue: File '/usr/bin/suricata' from suricata was already stripped, this will prevent future debugging! [already-stripped] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-*: convert WORKDIR->UNPACKDIRArmin Kuster2024-07-292-4/+4
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Suricata: Security Fix for CVE-2024-37151, CVE-2024-38534, CVE-2024-38535, ↵Siddharth Doshi2024-07-296-0/+491
| | | | | | | | | | | | | | | CVE-2024-38536 Upstream-Status: Backport from [https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b, https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae, https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2, https://github.com/OISF/suricata/commit/2bd3bd0e318f19008e9fe068ab17277c530ffb92] CVE's Fixed: CVE-2024-37151 suricata: suricata: packet reassembly failure, which can lead to policy bypass CVE-2024-38534 suricata: suricata: Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535 suricata: Suricata: can run out of memory when parsing crafted HTTP/2 traffic CVE-2024-38536 suricata: NULL pointer dereference when http.memcap is reached Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Start WORKDIR -> UNPACKDIR transitionWang Mingyu2024-06-171-1/+3
| | | | | | | Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Drop ${PYTHON_PN}Armin Kuster2024-03-271-3/+3
| | | | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> --- V2] Fix typo in python3-pyinotify changes
* libhtp: update to 0.5.45Armin Kuster2023-09-251-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Update to 7.0.0Armin Kuster2023-09-254-673/+1101
| | | | | | | refersh patches update libhtp Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix build issue.Armin Kuster2023-09-121-1/+2
| | | | | | If you want to try to generate the lock file without accessing the network, remove the --frozen flag and use --offline instead. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: fix malformed Upstream-Status and SOB linesMartin Jansa2023-06-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/crosscompile_perl_bindings.patch) Malformed Signed-off-by 'Signed-Off-By:' (./recipes-mac/AppArmor/files/disable_perl_h_check.patch) Missing Upstream-Status tag (./recipes-compliance/scap-security-guide/files/0001-standard.profile-expand-checks.patch) Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/samhain/files/samhain-pid-path.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-ids/suricata/files/fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-scanners/clamav/files/fix2_libcurl_check.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/ecryptfs-utils/files/ecryptfs-utils-CVE-2016-6224.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/isic/files/configure_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/krill/files/panic_workaround.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libdns_conf_fix.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch ./recipes-security/opendnssec/files/libxml2_conf.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.11Armin Kuster2023-05-061-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.43Armin Kuster2023-05-061-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Missed on crate dependsArmin Kuster2023-04-081-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Fixup to work within the recent crate changes.Armin Kuster2023-04-082-90/+725
| | | | | | | | Had to delete some wonky Cargo.toml files to get update_crates to work. Manually updated one crate to a newer version included by update_crates as it would not compile. Manually applied several crates missed by update_crates. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.10Armin Kuster2023-03-201-1/+2
| | | | | | fixup another python file to use py3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: update to 0.5.42Armin Kuster2023-03-201-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix compile issueArmin Kuster2022-09-121-0/+2
| | | | | | make[2]: *** No rule to make target '../rust/target/arm-poky-linux-gnueabi/release/libsuricata.a', needed by 'suricata' Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.5Armin Kuster2022-07-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 5.0.5Armin Kuster2022-05-232-2/+2
| | | | libhtp rolls with it
* suricata: drop nfnetlink from pkg configArmin Kuster2022-05-141-1/+2
| | | | | | nfnetlink has a layer dependancy to meta-networking. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security : Use SPDX style licensing formatAshish Sharma2022-04-021-1/+1
| | | | | | | | | | | | | | WARNING: selinux-sandbox-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-gui-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: semodule-utils-3.3-r0.1 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: selinux-dbus-3.3-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2+ [obsolete-license] \ WARNING: libwhisker2-perl-2.5-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: lib-perl-0.63-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPL-1.0+ [obsolete-license] \ WARNING: libhtp-0.5.39-r0 do_package_qa: QA Issue: Recipe LICENSE includes obsolete licenses GPLv2 [obsolete-license] \ ... Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 6.0.4Armin Kuster2022-02-042-3/+3
| | | | | | bump lexical-core to 0.6.8 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: rust is in coreArmin Kuster2021-08-269-0/+1623
| | | | | | drop dynamic-layer Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: Drop 4.1.x its EOLArmin Kuster2021-07-2811-1556/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: 4.1.x add UPSTREAM_CHECK_URIArmin Kuster2021-05-161-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-suricata-update: update to 1.2.1Armin Kuster2021-04-121-3/+5
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.10.0Armin Kuster2021-03-023-2/+2
| | | | | | This is the last 4.x. Will need rust support to move to 6.x Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-suricata-update: Inherit python3targetconfigArmin Kuster2021-02-231-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: unify volatiles file nameYi Zhao2020-11-031-1/+1
| | | | | | | Make the volatiles file name starts with digital. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.1.9Armin Kuster2020-10-103-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix compiling on gcc10Armin Kuster2020-10-091-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.1.8Armin Kuster2020-07-063-3/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.1.6Armin Kuster2019-12-162-4/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhtp: bugfix only update 0.5.32Armin Kuster2019-12-161-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-suricata-update: update to 1.1.1Armin Kuster2019-12-161-2/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: add tmpfiles.d configChristopher Larson2019-11-272-10/+20
| | | | | | | | This is needed to ensure our /var/log directory is created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: fix compile issueArmin Kuster2019-10-141-3/+0
| | | | | | | cp: cannot stat '/...../tmp-glibc/work/core2-32-oe-linux/suricata/4.1.5-r0/rules': No such file or directory | WARNING: exit code 1 from a shell command. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata-update: add package to pull rulesArmin Kuster2019-10-081-0/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata/libhtp: update to 4.1.5/0.5.31Armin Kuster2019-10-085-13/+8
| | | | | | | | | same sources refresh patch drop rules tar ball Signed-off-by: Armin Kuster <akuster808@gmail.com>
* suricata: update to 4.1.4Armin Kuster2019-09-074-8/+35
| | | | | | Backport patch to fix build against newer kernels. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* reorg ids: move ids recipes to recipes-idsArmin Kuster2019-03-319-0/+1510
Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-19 21:16:58 +0000