[meta-security][PATCH v2 0/1] suricata: update 7.0.13 -> 8.0.4

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>
To: Scott Murray <scott.murray@konsulko.com>,
	rybczynska@gmail.com, yocto-patches@lists.yoctoproject.org
Cc: Yash.Shinde@windriver.com
Subject: [meta-security][PATCH v2 0/1] suricata: update 7.0.13 -> 8.0.4
Date: Wed, 22 Apr 2026 21:40:44 -0600	[thread overview]
Message-ID: <4e044d75-6915-4b1b-a4f7-c66d3262c874@gmail.com> (raw)

v1: https://lists.yoctoproject.org/g/yocto-patches/topic/meta_security_patch_0_1/118427566

core-image-selinux against 6.0 M3 + OE-C head for:
https://lists.openembedded.org/g/openembedded-core/message/235507

Build Configuration:
BB_VERSION           = "2.16.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "universal"
TARGET_SYS           = "aarch64-poky-linux"
MACHINE              = "qemuarm64"
SDKMACHINE           = "x86_64"
DISTRO               = "poky"
DISTRO_VERSION       = "5.3.99+snapshot-9a83f0878b6bacbc7b322cfec076b4e79ad7b8fb"
TUNE_FEATURES        = "aarch64 crc cortexa57"
meta                 = "master:9a83f0878b6bacbc7b322cfec076b4e79ad7b8fb"
meta-yocto-bsp       
meta-poky            = "master:49cbb01d52521bfe557395c9ebfae6b1c162581e"
meta-cc              = "master:73bfa59fcdc619194cb01226a22167e12dd55b6e"
meta-selinux         = "master:f7306d7af4425553684a860df6f6d0ee66efba31"
meta-security        = "master:bd6927e1dfc19b2b9619da85e03fb06b6fb6dc03"
meta-python          
meta-oe              = "master:d793c367e067c49956d38caf6eb84cb112c9c9b7"

Post-build QEMU configuration:
build/tmp/deploy/images/qemuarm64$ sed -i 's/qb_mem = -m 256/qb_mem = -m 2048/' *.qemuboot.conf

Previous results (7.0.12):
https://lists.yoctoproject.org/g/yocto-patches/topic/116119035

Tooling note:
update_crates behaves much better.
I only had to add SRC_URI checksums (prompted).

Target testing:
```
root@qemuarm64:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-04-22 22:48:43 UTC; 23s ago
 Invocation: 94ff4988fa924eaab4b5b6f0be2e1783
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 463 (Suricata-Main)
      Tasks: 10 (limit: 2406)
     Memory: 74.1M (peak: 74.5M)
        CPU: 1.671s
     CGroup: /system.slice/suricata.service
             `-463 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Apr 22 22:48:43 qemuarm64 systemd[1]: Started Suricata IDS/IDP daemon.
Apr 22 22:48:43 qemuarm64 suricata[463]: i: suricata: This is Suricata version 8.0.4 RELEASE running in SYSTEM mode
Apr 22 22:48:44 qemuarm64 suricata[463]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Apr 22 22:48:44 qemuarm64 suricata[463]: W: detect: 1 rule files specified, but no rules were loaded!
Apr 22 22:48:44 qemuarm64 suricata[463]: i: threads: Threads created -> W: 4 FM: 1 FR: 1   Engine started.

root@qemuarm64:~# suricata-update
22/4/2026 -- 22:49:30 - <Info> -- Using data-directory /var/lib/suricata.
22/4/2026 -- 22:49:30 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
22/4/2026 -- 22:49:30 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
22/4/2026 -- 22:49:30 - <Info> -- Found Suricata version 8.0.4 at /bin/suricata.
22/4/2026 -- 22:49:30 - <Info> -- Loading /etc/suricata/suricata.yaml
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol pgsql
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol modbus
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol dnp3
22/4/2026 -- 22:49:30 - <Info> -- Disabling rules for protocol enip
22/4/2026 -- 22:49:30 - <Info> -- No sources configured, will use Emerging Threats Open
22/4/2026 -- 22:49:30 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-8.0.4/emerging.rules.tar.gz.
 100% - 5439551/5439551
22/4/2026 -- 22:49:31 - <Info> -- Done.
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
22/4/2026 -- 22:49:31 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
22/4/2026 -- 22:49:33 - <Info> -- Ignoring file e8e18dbaadbcd7eebb54ecdb5c78f603/rules/emerging-deleted.rules
22/4/2026 -- 22:49:56 - <Info> -- Loaded 65682 rules.
22/4/2026 -- 22:49:59 - <Info> -- Disabled 15 rules.
22/4/2026 -- 22:49:59 - <Info> -- Enabled 0 rules.
22/4/2026 -- 22:49:59 - <Info> -- Modified 0 rules.
22/4/2026 -- 22:49:59 - <Info> -- Dropped 0 rules.
22/4/2026 -- 22:50:01 - <Info> -- Enabled 136 rules for flowbit dependencies.
22/4/2026 -- 22:50:01 - <Info> -- Creating directory /var/lib/suricata/rules.
22/4/2026 -- 22:50:01 - <Info> -- Backing up current rules.
22/4/2026 -- 22:50:01 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 65682; enabled: 49815; added: 65682; removed 0; modified: 0
22/4/2026 -- 22:50:02 - <Info> -- Writing /var/lib/suricata/rules/classification.config
22/4/2026 -- 22:50:03 - <Info> -- Testing with suricata -T.
22/4/2026 -- 22:50:44 - <Info> -- Done.

root@qemuarm64:~# systemctl restart suricata

root@qemuarm64:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-04-22 22:51:35 UTC; 1min 8s ago
 Invocation: 6a8f6ccd61fc4872be2a3d4b61e403f5
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 600 (Suricata-Main)
      Tasks: 10 (limit: 2406)
     Memory: 1.1G (peak: 1.2G)
        CPU: 40.058s
     CGroup: /system.slice/suricata.service
             `-600 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Apr 22 22:51:35 qemuarm64 systemd[1]: Started Suricata IDS/IDP daemon.
Apr 22 22:51:35 qemuarm64 suricata[600]: i: suricata: This is Suricata version 8.0.4 RELEASE running in SYSTEM mode
Apr 22 22:52:14 qemuarm64 suricata[600]: i: threads: Threads created -> W: 4 FM: 1 FR: 1   Engine started.

root@qemuarm64:~# wget -O /tmp/arst http://testmynids.org/uid/index.html
Connecting to testmynids.org (18.238.176.2:80)
saving to '/tmp/arst'
[...]
'/tmp/arst' saved

root@qemuarm64:~# tail /var/log/suricata/fast.log
04/22/2026-22:53:09.465216  [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 18.238.176.2:80 -> 10.0.2.15:43914

root@qemuarm64:~# suricatactl -h
Usage: suricatactl [OPTIONS] <COMMAND>

Commands:
  filestore  Filestore management commands
  help       Print this message or the help of the given subcommand(s)

Options:
  -v, --verbose...
  -q, --quiet       Quiet mode, only warnings and errors will be logged
  -h, --help        Print help

root@qemuarm64:~# suricatasc -h
Usage: suricatasc [OPTIONS] [SOCKET]

Arguments:
  [SOCKET]  Optional path to Suricata unix socket

Options:
  -v, --verbose            Enable verbose output
  -c, --command <COMMAND>  Execute command and return JSON
  -h, --help               Print help

root@qemuarm64:~# journalctl -u suricata -p notice
-- No entries --
```

Clayton Casciato (1):
  suricata: update 7.0.13 -> 8.0.4
 ...kefile-from-using-its-own-rust-steps.patch |   36 +-
 recipes-ids/suricata/libhtp_0.5.52.bb         |   23 -
 recipes-ids/suricata/suricata-crates.inc      | 3282 +++++++++++++----
 .../{suricata_7.0.13.bb => suricata_8.0.4.bb} |   30 +-
 4 files changed, 2680 insertions(+), 691 deletions(-)

                 reply	other threads:[~2026-04-23  3:41 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4e044d75-6915-4b1b-a4f7-c66d3262c874@gmail.com \
    --to=majortomtosourcecontrol@gmail.com \
    --cc=Yash.Shinde@windriver.com \
    --cc=rybczynska@gmail.com \
    --cc=scott.murray@konsulko.com \
    --cc=yocto-patches@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.