Thank you. Merged!
> On 16 Sep 2025, at 22:47, Matthias Fischer <[email protected]>
> wrote:
>
> Excerpt from changelog:
>
> "8.0.1 -- 2025-09-15
>
> Security #7881: detect/tls: keyword tls.subjectaltname leads to NULL Deref if
> tls.subjectaltname
> contains zero(HIGH - CVE 2025-59150)
> Security #7861: detect: Dynamic-stack-buffer-overflow in ShortenString(HIGH -
> CVE 2025-59149)
> Security #7838: detect/entropy: segfault when not anchored to a sticky
> buffer(HIGH - CVE 2025-59148)
> Security #7657: tcp: syn resend with different seq leads to detection
> bypasss(HIGH - CVE 2025-59147)
> Bug #7891: unix-socket: memory leak when client disconnects during rule reload
> Bug #7877: rust: build with RUSTC and CARGO variables fails
> Bug #7865: detect/integers: u8 prefilter does not support all modes
> Bug #7859: doc/userguide: build failure with read the docs theme
> Bug #7843: http: dissection anomaly on `Content-Encoding: identity`
> Bug #7836: util-byte: bad usage of StringParse function return codes
> Bug #7828: util/hash: unexpected remove behavior
> Bug #7827: app-layer: ippair.memcap counter shows memuse
> Bug #7824: hyperscan: caching results in segfault with link time optimization
> (-flto=auto, etc)
> Bug #7822: engine-analysis: SEGV on rule failure without rules-fast-pattern
> enabled
> Bug #7821: engine-analysis: no report for failed rules without fast pattern
> Bug #7820: app-layer/snmp: internal error if app-layer is disabled
> Bug #7815: unix-socket: segfault in "pcap-file-list" command
> Bug #7813: cppcheck: warnings in counters.c
> Bug #7804: util-lua-sandbox.c undeclared identifier error for Suricata 8.0.0
> Bug #7803: http: use transactions right get function
> Bug #7802: detect/dsize: uninitialized value from SigParseRequiredContentSize
> Bug #7741: http2: events can contain an empty response object
> Bug #7740: doh2: events are always dns even if there is no DNS info (pure
> HTTP2 settings)
> Bug #7651: decoder/pppoe: valid packets are getting dropped as
> decoder.ppp.unsup_proto
> Bug #7636: tcp: assertion triggered in StreamTcpReassembleAppLayer
> Bug #7611: eve: segv in stats.totals output
> Bug #5689: eve: community id computed wrong for tcp and ipv4 when src_ip ==
> dest_ip
> Bug #4702: tcp: SYN/ACK dropped when client does not support timestamps
> Bug #4178: alert-debug: DNS Query triggers alert but no output in
> alert-debug.log
> Bug #3844: tcp: possible bypass with TCP ssn reuse
> Optimization #7769: detect/file: remove redundant de_ctx->rule_file != NULL
> check
> Feature #7869: detect/integers: support units like kib
> Task #7857: schema/arp: fix invalid pkt event output
> Task #7834: detect: remove unused non-pf stats counters
> Documentation #7890: detect: tls.cert_subject incorrectly claims to support
> multi-buffer
> Documentation #7867: detect/multi-buffers: complete list in userguide page on
> multi-buffer-matching
> Documentation #7854: doc/lualib: fix flow timestamps() return value order
> Documentation #7795: eve/schema: document stats.detect counters
> Documentation #7794: eve/schema: document stats.flow counters
> Documentation #7728: lua: fix all Lua documentation examples for new library
> format
> Documentation #7648: rtd: set "latest" to last stable release starting with
> 8.0.0
> Documentation #7639: dpdk: update Connect-X4 recommended fallback
> tx-descriptor count
> Documentation #7631: userguide: document lua lib suricata.dnp3
> Documentation #7190: detect/integers: document usage of units
> Documentation #7081: userguide: add unix socket option to retrieve flow info
> Documentation #6840: devguide/app-layer: section with conceptualized steps
> for adding parser
> Documentation #6284: userguide: document what's the impact of `stream.inline`
> Documentation #6270: userguide: document usage of Suricata as a firewall
> Documentation #5690: userguide: document the differences between IPS and IDS
> mode
> Documentation #5513: userguide: add a chapter for IPS mode
> Documentation #5139: userguide: add a section for netflow event type
> Documentation #5078: doc/userguide: improve rule reload documentation
> Documentation #4351: doc: explain the engine logic to trigger inspection of
> TCP data"
>
> Signed-off-by: Matthias Fischer <[email protected]>
> ---
> lfs/suricata | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lfs/suricata b/lfs/suricata
> index 05b708f1b..614097ef4 100644
> --- a/lfs/suricata
> +++ b/lfs/suricata
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 8.0.0
> +VER = 8.0.1
>
> THISAPP = suricata-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 =
> be76000891acfd6746c05023abb633aff86d90a9a18ecf49758bf05cdc52ed7184f2ac87056dc19489dff0dda81c1139a8a608f682389533ae07a8295fab20c3
> +$(DL_FILE)_BLAKE2 =
> 52b2fb30a4c56a5a0979ac2016b707e089cdc3ecdf85d834cf2a22e92465136fda11b6830a95831c0146f6f3db7b93892649ee15317a9db1825452266611722b
>
> install : $(TARGET)
>
> --
> 2.43.0
>
>
