[meta-security][scarthgap][PATCH 00/32] Roll up outstanding fixes

[meta-security][scarthgap][PATCH 00/32] Roll up outstanding fixes

[Scott Murray]

This patch series attempts to get scarthgap branch back into a
usable state.  These changes are on the scarthgap-next branch of
meta-security, and my plan is to merge them to scarthgap branch at
the end of day Tuesday (EST).

It includes:
- All the outstanding patches to the mailing list that I could find,
  barring one duplicate python3-fail2ban update that did not apply
  and had a newer alternative available.
- Changes to get the gitlab CI test pipelines to the same state as
  master (i.e. build tests all passing).
- Selected backports of other changes from master that seemed
  appropriate.

Things to note:
- I chose to keep all the suricata and libhtp CVE fixes history even
  though I've backported 7.0.12 and 0.5.52 updates on top, since I
  figure this approach makes it easier to check if a patch submission
  was missed.  Plus, I'm lazy, and didn't feel like squashing all that
  away after I was done testing.
- Going forward, I would prefer suricata and libhtp upgrades over
  accruing a large set of CVE patches until that stops being feasible
  for the 7.0.x and 0.5.x versions, respectively.  Those should go
  through master branch first until it has switched to newer major
  versions (which will be soon for suricata).
- I believe all the backported suricata systemd support changes are
  effectively fixes, please let me know if I'm missing something and
  they will break your usecase.
- The packagegroup-core-security change of PACKAGE_ARCH to MACHINE_ARCH
  is potentially a breaking change if you're using on target package
  updates (e.g. with dnf or apt), and for some reason using that
  packagegroup.  My guess is that no one uses that packagegroup since
  it's effectively special purpose for the build test image, but please
  let me know if this will break something for you.
- There are still some other outstanding CVEs for firejail and clamav.
  firejail is potentially upgradeable, but clamav is problematic since
  I believe 0.104.x was already unsupported when scarthgap shipped.
  If you care about clamav support for scarthgap, plus provide some
  input on if an upgrade to one of the LTS branches (1.0 or 1.4) is
  something you would like to see / would be able to help test.

Thanks,

Scott


Changes:

Aidan Stewart (1):
  smack: Switch to CVE_STATUS

Armin Kuster (1):
  harden-image-minimal: Fix usermod

Chen Qi (1):
  libgssglue: switch to use git source

Clayton Casciato (6):
  suricata: resolve TMPDIR QA issues in do_configure
  suricata: drop pkg_postinst_ontarget systemd init
  suricata: fix "interface" arg in systemd service
  suricata: install classification, reference configs
  suricata: populate SYSTEMD_SERVICE for service autostart
  suricata: update to 7.0.12

Haixiao Yan (2):
  fail2ban: Adapt test output to Automake format for ptest compatibility
  fail2ban: replace fail2ban-python shebang with python3

Hitendra Prajapati (7):
  suricata: fix CVE-2024-45795 & CVE-2024-45796
  suricata: Fix CVE-2024-55605
  clamav: fix CVE-2025-20260
  suricata: fix multiple CVEs
  libhtp: fix CVE-2025-53537
  suricata: Fix multiple CVEs
  suricata: fix CVE-2024-55627 && CVE-2024-55628

Marta Rybczynska (7):
  CI: update build for new CI
  kas: update configuration
  scap-security-guide: fix fetch
  lynis: update 3.1.1 -> 3.1.4
  chkrootkit: use debian mirror
  checksecurity: update the debian package
  bastille: prevent host uids on files

Rasmus Villemoes (1):
  fail2ban: update to 1.1.0+

Scott Murray (4):
  Update maintainers
  packagegroup-core-security: add missing packages
  meta-tpm: Small maintainers fix
  ima-evm-utils: remove unnecessary FILESEXTRAPATHS tweak

Yi Zhao (1):
  python3-fail2ban: fix ptest failures

akash hadke (1):
  meta-security: Remove True option to getVar calls

 .gitlab-ci.yml                                |   47 +-
 README.md                                     |    4 +-
 .../include/maintainers-meta-security.inc     |   72 +-
 .../checksecurity/checksecurity_2.0.16.bb     |    7 +-
 .../bastille/bastille_3.2.1.bb                |    2 +
 ...ges-the-IPs-again.-additionally-it-g.patch |  210 +++
 ...ao.unittest.TestRunner-for-ptest-out.patch |   43 +
 ...case.py-set-correct-config-dir-for-t.patch |   34 +
 ...l2ban_1.0.2.bb => python3-fail2ban_git.bb} |   40 +-
 kas/kas-security-alt.yml                      |    2 +-
 kas/kas-security-base.yml                     |   13 +-
 kas/kas-security-parsec.yml                   |    2 +-
 kas/qemuarm64-musl.yml                        |    1 +
 kas/qemux86-musl.yml                          |    1 +
 kas/qemux86-test.yml                          |    5 +
 meta-hardening/README.md                      |    4 +-
 .../images/harden-image-minimal.bb            |    4 +-
 meta-integrity/README.md                      |    4 +-
 meta-integrity/classes/ima-evm-rootfs.bbclass |    2 +-
 .../ima-evm-utils/ima-evm-utils_1.5.bb        |    2 -
 meta-parsec/README.md                         |    1 -
 .../parsec-service/parsec-service_1.3.0.bb    |    4 +-
 meta-tpm/README.md                            |    4 +-
 .../distro/include/maintainers-meta-tpm.inc   |   32 +-
 .../lynis/{lynis_3.1.1.bb => lynis_3.1.4.bb}  |    2 +-
 .../scap-security-guide_0.1.71.bb             |    2 +-
 .../packagegroup-core-security.bb             |    4 +
 ...kefile-from-using-its-own-rust-steps.patch |   40 +
 .../suricata/files/CVE-2024-45797.patch       |  148 --
 recipes-ids/suricata/files/fixup.patch        |   32 -
 recipes-ids/suricata/files/suricata.service   |    2 +-
 .../{libhtp_0.5.45.bb => libhtp_0.5.52.bb}    |    6 +-
 recipes-ids/suricata/suricata-crates.inc      | 1509 ++++++++---------
 .../{suricata_7.0.0.bb => suricata_7.0.12.bb} |   27 +-
 recipes-mac/smack/smack_1.3.1.bb              |    7 +-
 recipes-scanners/clamav/clamav_0.104.4.bb     |    1 +
 .../clamav/files/CVE-2025-20260.patch         |  366 ++++
 recipes-scanners/rootkits/chkrootkit_0.57.bb  |    2 +-
 recipes-security/libgssglue/libgssglue_0.8.bb |    5 +-
 39 files changed, 1612 insertions(+), 1081 deletions(-)
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-fail2ban-use-putao.unittest.TestRunner-for-ptest-out.patch
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch
 rename dynamic-layers/meta-python/recipes-security/fail2ban/{python3-fail2ban_1.0.2.bb => python3-fail2ban_git.bb} (63%)
 rename recipes-compliance/lynis/{lynis_3.1.1.bb => lynis_3.1.4.bb} (93%)
 create mode 100644 recipes-ids/suricata/files/0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-45797.patch
 delete mode 100644 recipes-ids/suricata/files/fixup.patch
 rename recipes-ids/suricata/{libhtp_0.5.45.bb => libhtp_0.5.52.bb} (82%)
 rename recipes-ids/suricata/{suricata_7.0.0.bb => suricata_7.0.12.bb} (82%)
 create mode 100644 recipes-scanners/clamav/files/CVE-2025-20260.patch

-- 
2.47.3

[meta-security][scarthgap][PATCH 01/32] Update maintainers

[Scott Murray]

Add Marta and myself as maintainers for meta-security and the other
embedded layers that Armin had been maintaining.  To avoid Armin
getting bugged about individual recipes, set the RECIPE_MAINTAINER
variables to myself.

(backport from master)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 README.md                                     |  4 +-
 .../include/maintainers-meta-security.inc     | 72 +++++++++----------
 meta-hardening/README.md                      |  4 +-
 meta-integrity/README.md                      |  4 +-
 meta-parsec/README.md                         |  1 -
 meta-tpm/README.md                            |  4 +-
 .../distro/include/maintainers-meta-tpm.inc   | 33 +++++----
 7 files changed, 64 insertions(+), 58 deletions(-)

diff --git a/README.md b/README.md
index 3e092a9..c657d15 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,9 @@ Now you can just do 'git send-email origin/master' to send all local patches.
 
 For pull requests, please use create-pull-request and send-pull-request. 
 
-Maintainers:    Armin Kuster <akuster808@gmail.com>
+Maintainers:
+Scott Murray <scott.murray@konsulko.com>
+Marta Rybczynska <rybczynska@gmail.com>
 
 
 License
diff --git a/conf/distro/include/maintainers-meta-security.inc b/conf/distro/include/maintainers-meta-security.inc
index f623d70..c052695 100644
--- a/conf/distro/include/maintainers-meta-security.inc
+++ b/conf/distro/include/maintainers-meta-security.inc
@@ -19,39 +19,39 @@
 #	RECIPE_MAINTAINER:pn-<recipe name> = "Full Name <address@domain>"
 #
 # Please keep this list in alphabetical order.
-RECIPE_MAINTAINER:pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-apparmor = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-bastille = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-buck-security = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-ccs-tools = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-checksec = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-checksecurity = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-clamav = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-ding-libs = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-ecryptfs-utils = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-fscryptctl = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-google-authenticator-libpam = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-hash-perl = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-isic = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-keyutils = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libaes-siv = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libgssglue = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libhtp = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libmhash = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libmspack = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-lib-perl = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libseccomp = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libwhisker2-perl = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-ncrack = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-nikto = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-paxctl = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-python3-fail2ban = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-python3-scapy = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-python-fail2ban = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-python-scapy = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-redhat-security = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-samhain = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-smack = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-sssd = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-suricata = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tripwire = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER:pn-aircrack-ng = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-apparmor = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-bastille = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-buck-security = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-ccs-tools = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-checksec = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-checksecurity = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-clamav = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-ding-libs = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-ecryptfs-utils = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-fscryptctl = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-google-authenticator-libpam = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-hash-perl = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-isic = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-keyutils = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libaes-siv = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libgssglue = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libhtp = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libmhash = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libmspack = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-lib-perl = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libseccomp = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libwhisker2-perl = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-ncrack = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-nikto = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-paxctl = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-fail2ban = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-python3-scapy = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-python-fail2ban = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-python-scapy = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-redhat-security = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-samhain = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-smack = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-sssd = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-suricata = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tripwire = "Scott Murray <scott.murray@konsulko.com>"
diff --git a/meta-hardening/README.md b/meta-hardening/README.md
index cc39ca4..36f269a 100644
--- a/meta-hardening/README.md
+++ b/meta-hardening/README.md
@@ -76,7 +76,9 @@ $ git config format.subjectPrefix meta-hardening][PATCH
 
 Now you can just do 'git send-email origin/master' to send all local patches.
 
-Maintainers:  Armin Kuster <akuster808@gmail.com>
+Maintainers:
+Scott Murray <scott.murray@konsulko.com>
+Marta Rybczynska <rybczynska@gmail.com>
 
 License
 =======
diff --git a/meta-integrity/README.md b/meta-integrity/README.md
index c333a9f..191b8e4 100644
--- a/meta-integrity/README.md
+++ b/meta-integrity/README.md
@@ -45,7 +45,9 @@ yocto-patches@yoctoproject.org mailing list. When submitting patches that way,
 make sure to copy the maintainer and add a "[meta-integrity]"
 prefix to the subject of the mails.
 
-Maintainer: Armin Kuster <akuster808@gmail.com>
+Maintainers:
+Scott Murray <scott.murray@konsulko.com>
+Marta Rybczynska <rybczynska@gmail.com>
 
 
 Table of Contents
diff --git a/meta-parsec/README.md b/meta-parsec/README.md
index 785c932..9dea718 100644
--- a/meta-parsec/README.md
+++ b/meta-parsec/README.md
@@ -257,7 +257,6 @@ $ git config format.subjectPrefix meta-parsec][PATCH
 Now you can just do 'git send-email origin/master' to send all local patches.
 
 Maintainers:    Anton Antonov <Anton.Antonov@arm.com>
-                Armin Kuster <akuster808@gmail.com>
 
 
 License
diff --git a/meta-tpm/README.md b/meta-tpm/README.md
index 983c753..523b284 100644
--- a/meta-tpm/README.md
+++ b/meta-tpm/README.md
@@ -69,7 +69,9 @@ $ git config format.subjectPrefix meta-security][PATCH
 
 Now you can just do 'git send-email origin/master' to send all local patches.
 
-Maintainers:    Armin Kuster <akuster808@gmail.com>
+Maintainers:    
+Scott Murray <scott.murray@konsulko.com>
+Marta Rybczynska <rybczynska@gmail.com>
 
 
 License
diff --git a/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc b/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
index e7b216d..829f198 100644
--- a/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
+++ b/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
@@ -19,20 +19,19 @@
 #	RECIPE_MAINTAINER:pn-<recipe name> = "Full Name <address@domain>"
 #
 # Please keep this list in alphabetical order.
-RECIPE_MAINTAINER:pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-pcr-extend = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm-quote-tools = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-libtpm = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-trousers = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-swtpm = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-openssl-tpm-engine = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm-tools = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-abrmd = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-totp = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-tcti-uefi = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-tss-engine = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-pkcs11 = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-tss = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-tpm2-tools = "Armin Kuster <akuster808@gmail.com>"
-RECIPE_MAINTAINER:pn-ibmswtpm2 = "Armin Kuster <akuster808@gmail.com>"
-
+RECIPE_MAINTAINER:pn-aircrack-ng = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-pcr-extend = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm-quote-tools = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-libtpms = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-trousers = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-swtpm = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-openssl-tpm-engine = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm-tools = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-abrmd = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-totp = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-tcti-uefi = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-tss-engine = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-pkcs11 = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-tss = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-tpm2-tools = "Scott Murray <scott.murray@konsulko.com>"
+RECIPE_MAINTAINER:pn-ibmswtpm2 = "Scott Murray <scott.murray@konsulko.com>"
-- 
2.47.3

[meta-security][scarthgap][PATCH 02/32] CI: update build for new CI

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

Update for Ubuntu 24.04 runners:
- use venv for installing kas
- add missing directories
- assume that python3 and pip are installed.

Other changes:
- add logging of jobs to files
- build parsec images where appropriate

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
(squashed and updated with missing master version changes)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .gitlab-ci.yml | 47 +++++++++++++++++++++++++++--------------------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e82a87..5e15221 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,10 +1,13 @@
 .before-my-script: &before-my-script
     - echo "$ERR_REPORT_USERNAME" > ~/.oe-send-error
     - echo "$ERR_REPORT_EMAIL" >> ~/.oe-send-error
+    - echo "$CI_PROJECT_DIR" >> ~/.ci_project_dir
     - export PATH=~/.local/bin:$PATH
-    - wget https://bootstrap.pypa.io/get-pip.py
-    - python3 get-pip.py
+    - python3 -m venv ~/kas_env/
+    - source ~/kas_env/bin/activate
     - python3 -m pip install kas
+    - mkdir -p $CI_PROJECT_DIR/build/tmp/log/error-report/
+    - mkdir -p $CI_PROJECT_DIR/log/
 
 .after-my-script: &after-my-script
     - cd $CI_PROJECT_DIR/poky
@@ -26,6 +29,10 @@ stages:
   stage: base 
   after_script:
     - *after-my-script
+  artifacts:
+    paths:
+      - $CI_PROJECT_DIR/log/*
+    when: always
 
 .parsec:
   before_script:
@@ -51,77 +58,77 @@ stages:
 qemux86:
   extends: .base
   script:
-  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image integrity-image-minimal"
-  - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml
+  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_security_image.txt
+  - kas build --target harden-image-minimal kas/$CI_JOB_NAME-harden.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_harden_image.txt
 
 qemux86-musl:
   extends: .musl
   needs: ['qemux86']
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_musl_security_image.txt
 
 qemux86-parsec:
   extends: .parsec
   needs: ['qemux86']
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_parsec_security_image.txt
 
 qemux86-test:
   extends: .test
   needs: ['qemux86']
   allow_failure: true
   script:
-  - kas build --target security-test-image kas/$CI_JOB_NAME.yml
-  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-test-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_test_security_image.txt
+  - kas build -c testimage --target security-test-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_testimage_security_image.txt
 
 qemux86-64:
   extends: .base
   script:
-  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm-image security-tpm2-image integrity-image-minimal"
-  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml
-  - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml
+  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k core-image-minimal security-build-image security-tpm-image security-tpm2-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_security_image.txt
+  - kas build --target dm-verity-image-initramfs kas/$CI_JOB_NAME-dm-verify.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_dm_verify.txt
+  - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_security_build_image.txt
 
 qemux86-64-parsec:
   extends: .parsec
   needs: ['qemux86-64']
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemux86_64_parsec_security_image.txt
 
 qemuarm:
   extends: .base
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm_security_image.txt
 
 qemuarm-parsec:
   extends: .parsec
   needs: ['qemuarm']
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm_parsec_security_image.txt
 
 qemuarm64:
   extends: .base
   script:
-  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal"
-  - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml
+  - kas shell kas/$CI_JOB_NAME.yml  -c "bitbake -k security-build-image security-tpm2-image integrity-image-minimal" 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_parsec_security_image.txt
+  - kas build --target security-build-image kas/$CI_JOB_NAME-alt.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_build_security_image.txt
 
 qemuarm64-musl:
   extends: .musl
   needs: ['qemuarm64']
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_musl_security_image.txt
 
 qemuarm64-parsec:
   extends: .parsec
   needs: ['qemuarm64']
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-parsec-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuarm64_parsec_security_image.txt
 
 qemumips64:
   extends: .base
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemumips64_security_image.txt
 
 qemuriscv64:
   extends: .base
   script:
-  - kas build --target security-build-image kas/$CI_JOB_NAME.yml
+  - kas build --target security-build-image kas/$CI_JOB_NAME.yml 2>&1 | tee $CI_PROJECT_DIR/log/qemuriscv64_security_image.txt
-- 
2.47.3

[meta-security][scarthgap][PATCH 03/32] kas: update configuration

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

Changes:
- switch to scarthgap
- add required usrmerge feature to kas-security-alt configuration
- add whitespaces around assignement
- add common dldir/sstate
- don't build apparmor in musl configus
- only enable ptest for the test image

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
(squashed and recent master changes backported)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 kas/kas-security-alt.yml    |  2 +-
 kas/kas-security-base.yml   | 13 +++++++++----
 kas/kas-security-parsec.yml |  2 +-
 kas/qemuarm64-musl.yml      |  1 +
 kas/qemux86-musl.yml        |  1 +
 kas/qemux86-test.yml        |  5 +++++
 6 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/kas/kas-security-alt.yml b/kas/kas-security-alt.yml
index 3ee9808..8f754ac 100644
--- a/kas/kas-security-alt.yml
+++ b/kas/kas-security-alt.yml
@@ -5,4 +5,4 @@ header:
 
 local_conf_header:
   alt: |
-      DISTRO_FEATURES:append = " systemd"
+      INIT_MANAGER = "systemd"
diff --git a/kas/kas-security-base.yml b/kas/kas-security-base.yml
index fa7915c..ff66889 100644
--- a/kas/kas-security-base.yml
+++ b/kas/kas-security-base.yml
@@ -13,7 +13,7 @@ repos:
 
   poky:
     url: https://git.yoctoproject.org/git/poky
-    refspec: master
+    refspec: scarthgap
     layers:
       meta:
       meta-poky:
@@ -21,7 +21,7 @@ repos:
 
   meta-openembedded:
     url: http://git.openembedded.org/meta-openembedded
-    refspec: master
+    refspec: scarthgap
     layers:
       meta-oe:
       meta-perl:
@@ -36,8 +36,8 @@ local_conf_header:
     INHERIT += "buildstats buildstats-summary buildhistory"
     INHERIT += "report-error"
     IMAGE_CLASSES += "testimage"
-    BB_NUMBER_THREADS="24"
-    BB_NUMBER_PARSE_THREADS="12"
+    BB_NUMBER_THREADS = "24"
+    BB_NUMBER_PARSE_THREADS = "12"
     BB_TASK_NICE_LEVEL = '5'
     BB_TASK_NICE_LEVEL_task-testimage = '0'
     BB_TASK_IONICE_LEVEL = '2.7'
@@ -47,6 +47,7 @@ local_conf_header:
     PACKAGE_CLASSES = "package_ipk"
 
     DISTRO_FEATURES:append = " security pam apparmor smack ima tpm tpm2"
+    DISTRO_FEATURES:remove = "ptest"
     MACHINE_FEATURES:append = " tpm tpm2"
 
   diskmon: |
@@ -60,6 +61,10 @@ local_conf_header:
     HALT,${SSTATE_DIR},100M,1K \
     HALT,/tmp,10M,1K"
 
+  dlsstate: |
+    DL_DIR = "/home/gitlab-runner/build/downloads"
+    SSTATE_DIR = "/home/gitlab-runner/build/sstate-cache"
+
 bblayers_conf_header:
   base: |
     BBPATH = "${TOPDIR}"
diff --git a/kas/kas-security-parsec.yml b/kas/kas-security-parsec.yml
index 9a009be..cfaa660 100644
--- a/kas/kas-security-parsec.yml
+++ b/kas/kas-security-parsec.yml
@@ -10,7 +10,7 @@ repos:
 
   meta-clang:
     url: https://github.com/kraj/meta-clang.git
-    refspec: master
+    refspec: scarthgap
 
 local_conf_header:
   meta-parsec: |
diff --git a/kas/qemuarm64-musl.yml b/kas/qemuarm64-musl.yml
index b353eb4..f01f759 100644
--- a/kas/qemuarm64-musl.yml
+++ b/kas/qemuarm64-musl.yml
@@ -6,5 +6,6 @@ header:
 local_conf_header:
     musl: |
         TCLIBC = "musl"
+        DISTRO_FEATURES:remove = "apparmor"
 
 machine: qemuarm64
diff --git a/kas/qemux86-musl.yml b/kas/qemux86-musl.yml
index 61d9572..aa6572c 100644
--- a/kas/qemux86-musl.yml
+++ b/kas/qemux86-musl.yml
@@ -6,5 +6,6 @@ header:
 local_conf_header:
     musl: |
         TCLIBC = "musl"
+        DISTRO_FEATURES:remove = "apparmor"
 
 machine: qemux86
diff --git a/kas/qemux86-test.yml b/kas/qemux86-test.yml
index 83a5353..c4609f9 100644
--- a/kas/qemux86-test.yml
+++ b/kas/qemux86-test.yml
@@ -3,4 +3,9 @@ header:
   includes:
     - kas-security-base.yml
 
+local_conf_header:
+  ptest: |
+      DISTRO_FEATURES:append = " ptest"
+      EXTRA_IMAGE_FEATURES:append = " allow-empty-password allow-root-login empty-root-password"
+
 machine: qemux86
-- 
2.47.3

[meta-security][scarthgap][PATCH 04/32] scap-security-guide: fix fetch

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

The project does not keep releases in branches, instead they tag them. The stable branch
does not contain releases, so we use the revision only.

See upstream issue [1] for details.

[1] https://github.com/ComplianceAsCode/content/issues/13543

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
---
 .../scap-security-guide/scap-security-guide_0.1.71.bb           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
index 5e45332..e277ccf 100644
--- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
+++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820"
 LICENSE = "BSD-3-Clause"
 
 SRCREV = "459f0abf2ac08d36e5fc4a2619bc75cff7000da9"
-SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \
+SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \
            file://run_eval.sh \
            file://run-ptest \
            "
-- 
2.47.3

[meta-security][scarthgap][PATCH 05/32] lynis: update 3.1.1 -> 3.1.4

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

Changelog at [1].

[1] https://cisofy.com/changelog/lynis/#314

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
---
 recipes-compliance/lynis/{lynis_3.1.1.bb => lynis_3.1.4.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename recipes-compliance/lynis/{lynis_3.1.1.bb => lynis_3.1.4.bb} (93%)

diff --git a/recipes-compliance/lynis/lynis_3.1.1.bb b/recipes-compliance/lynis/lynis_3.1.4.bb
similarity index 93%
rename from recipes-compliance/lynis/lynis_3.1.1.bb
rename to recipes-compliance/lynis/lynis_3.1.4.bb
index b69f4df..9cce848 100644
--- a/recipes-compliance/lynis/lynis_3.1.1.bb
+++ b/recipes-compliance/lynis/lynis_3.1.4.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3edd6782854304fd11da4975ab9799c1"
 
 SRC_URI = "https://downloads.cisofy.com/lynis/${BPN}-${PV}.tar.gz"
 
-SRC_URI[sha256sum] = "d72f4ee7325816bb8dbfcf31eb104207b9fe58a2493c2a875373746a71284cc3"
+SRC_URI[sha256sum] = "c4dbcddd429624d5b2319cd3b19728e18a7885b70b8eb0a9fdd3ca5f0ae28eb6"
 
 #UPSTREAM_CHECK = "https://downloads.cisofy.com/lynis"
 
-- 
2.47.3

[meta-security][scarthgap][PATCH 06/32] chkrootkit: use debian mirror

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

Use the debian mirror as the ubuntu one is failing frequently.

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
---
 recipes-scanners/rootkits/chkrootkit_0.57.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-scanners/rootkits/chkrootkit_0.57.bb b/recipes-scanners/rootkits/chkrootkit_0.57.bb
index d35f5f6..c3d2f9b 100644
--- a/recipes-scanners/rootkits/chkrootkit_0.57.bb
+++ b/recipes-scanners/rootkits/chkrootkit_0.57.bb
@@ -5,7 +5,7 @@ SECTION = "security"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=fdbe53788f7081c63387d8087273f5ff"
 
-SRC_URI = "http://archive.ubuntu.com/ubuntu/pool/universe/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
+SRC_URI = "http://deb.debian.org/debian/pool/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://musl_fix.patch"
 SRC_URI[sha256sum] = "06d1faee151aa3e3c0f91ac807ca92e60b75ed1c18268ccef2c45117156d253c"
 
-- 
2.47.3

[meta-security][scarthgap][PATCH 07/32] checksecurity: update the debian package

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

The previously used package (nmu1) is not longer available, use the latest current
one (nmu3). The changelog between the two:

checksecurity (2.0.16+nmu3) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix "missing required debian/rules targets build-arch and/or build-
    indep": Add targets to debian/rules.
    (Closes: #999082)
  * Fix "Removal of obsolete debhelper compat 5 and 6 in bookworm":
    Bump to 7 in debian/{compat,control}.
    (Closes: #965448)
  * Fix some grave packaging errors:
    - move debhelper from Build-Depends-Indep to Build-Depends
    - remove temporary files debian/postrm.debhelper and debian/substvars from
      source package

 -- gregor herrmann <gregoa@debian.org>  Sun, 26 Dec 2021 01:56:10 +0100

checksecurity (2.0.16+nmu2) unstable; urgency=medium

  * Non maintainer upload by the Reproducible Builds team.
  * No source change upload to rebuild on buildd with .buildinfo files.

 -- Holger Levsen <holger@debian.org>  Fri, 01 Jan 2021 19:17:53 +0100

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
(adapted from 828a78314f51b919baf638d64e8e12c0c0a408ad)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../recipes-scanners/checksecurity/checksecurity_2.0.16.bb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb
index 8006c9f..6a223f8 100644
--- a/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb
+++ b/dynamic-layers/meta-perl/recipes-scanners/checksecurity/checksecurity_2.0.16.bb
@@ -4,14 +4,13 @@ SECTION = "security"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
-SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu1.tar.gz \
+SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}+nmu3.tar.gz \
            file://check-setuid-use-more-portable-find-args.patch \
           "
 
-SRC_URI[sha256sum] = "9803b3760e9ec48e06ebaf48cec081db48c6fe72254a476224e4c5c55ed97fb0"
-
-S = "${WORKDIR}/checksecurity-${PV}+nmu1"
+SRC_URI[sha256sum] = "12b043dc7b38512cdf0735c7c147a4f9e60d83a397b5b8ec130c65ceddbe1a0c"
 
+S = "${WORKDIR}/checksecurity-${PV}+nmu3"
 
 # allow for anylocal, no need to patch
 LOGDIR="/etc/checksecurity"
-- 
2.47.3

[meta-security][scarthgap][PATCH 08/32] bastille: prevent host uids on files

[Scott Murray]

From: Marta Rybczynska <marta.rybczynska@ygreky.com>

We get an intermittent QA error about file permissions, happening roughly
on 1 build of 10.

The change adds chown to prevent host ids on files related to the
set_required_questions.py script, to avoid long debugging for now.

Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
(cherry picked from commit 7bdd0a8b48442e3a93b98647801c2ff5dee7267b)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../meta-perl/recipes-security/bastille/bastille_3.2.1.bb       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb b/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb
index f2ef335..afd7bfc 100644
--- a/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb
+++ b/dynamic-layers/meta-perl/recipes-security/bastille/bastille_3.2.1.bb
@@ -146,6 +146,8 @@ do_install () {
 
 	${THISDIR}/files/set_required_questions.py ${D}${sysconfdir}/Bastille/config ${D}${datadir}/Bastille/Questions
 
+	chown root:root -R ${D}/${datadir}/Bastille
+
 	ln -s RevertBastille ${D}${sbindir}/UndoBastille
 
     # Create /var/log/Bastille in runtime.
-- 
2.47.3

[meta-security][scarthgap][PATCH 09/32] libgssglue: switch to use git source

[Scott Murray]

From: Chen Qi <Qi.Chen@windriver.com>

The 0.8 orig.tar.gz is not in debian mirror any more. In fact, we
really should avoid using orig.tar.gz like this because distros
like debian will just delete those that they don't maintain any more.

Switch to use git source.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit baaafdf08b7ffb8703618684d571c4766ea3e28e)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-security/libgssglue/libgssglue_0.8.bb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/recipes-security/libgssglue/libgssglue_0.8.bb b/recipes-security/libgssglue/libgssglue_0.8.bb
index 9d01964..e534615 100644
--- a/recipes-security/libgssglue/libgssglue_0.8.bb
+++ b/recipes-security/libgssglue/libgssglue_0.8.bb
@@ -21,11 +21,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=56871e72a5c475289c0d5e4ba3f2ee3a \
                     file://src/oid_ops.c;beginline=378;endline=398;md5=72457a5cdc0354cb5c25c8b150326364\
 "
 
-SRC_URI = "${DEBIAN_MIRROR}/main/libg/${BPN}/${BPN}_${PV}.orig.tar.gz \
+SRC_URI = "git://gitlab.com/gsasl/libgssglue.git;protocol=https;branch=master \
            file://libgssglue-canon-name.patch  \
 "
+SRCREV = "c8b4b2936b854a7d4f7ef12e30d6f519b30dec87"
 
-SRC_URI[sha256sum] = "a2bb183e946f6e30562a2a856950a2916c9b6d42c34d67a8400e4efc28917746"
+S = "${WORKDIR}/git"
 
 inherit autotools-brokensep
 
-- 
2.47.3

[meta-security][scarthgap][PATCH 10/32] packagegroup-core-security: add missing packages

[Scott Murray]

Changes:
- Add libmhash and libgssglue so they will get tested by CI.
- Switch to MACHINE_ARCH to facilitate the above, but it makes sense
  anyway due to all the machine overrides used in the packagegroup
  definition.  Since this packagegroup is to facilitate testing and
  unlikely to be used by downstreams, it is believed this will have
  minimal impact.

(adapted from 26e745243d6d28768ed4a237d9a48f68210c70a6)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-core/packagegroup/packagegroup-core-security.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/recipes-core/packagegroup/packagegroup-core-security.bb b/recipes-core/packagegroup/packagegroup-core-security.bb
index 3ef77e5..10063c3 100644
--- a/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -3,6 +3,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
                     file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
 inherit packagegroup
 
 PACKAGES = "\
@@ -36,6 +38,8 @@ RDEPENDS:packagegroup-security-utils = "\
     fscryptctl \
     glome \
     keyutils \
+    libgssglue \
+    libmhash \
     nmap \
     pinentry \
     softhsm \
-- 
2.47.3

[meta-security][scarthgap][PATCH 11/32] meta-tpm: Small maintainers fix

[Scott Murray]

To avoid confusion, remove stray aircrack-ng entry as it is actually
in the main layer and not meta-tpm.

(cherry picked from commit 9f1d763bb17bf105cc313a95eb3b07496b34bacc)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 meta-tpm/conf/distro/include/maintainers-meta-tpm.inc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc b/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
index 829f198..0925eef 100644
--- a/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
+++ b/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc
@@ -19,7 +19,6 @@
 #	RECIPE_MAINTAINER:pn-<recipe name> = "Full Name <address@domain>"
 #
 # Please keep this list in alphabetical order.
-RECIPE_MAINTAINER:pn-aircrack-ng = "Scott Murray <scott.murray@konsulko.com>"
 RECIPE_MAINTAINER:pn-pcr-extend = "Scott Murray <scott.murray@konsulko.com>"
 RECIPE_MAINTAINER:pn-tpm-quote-tools = "Scott Murray <scott.murray@konsulko.com>"
 RECIPE_MAINTAINER:pn-libtpms = "Scott Murray <scott.murray@konsulko.com>"
-- 
2.47.3

[meta-security][scarthgap][PATCH 12/32] ima-evm-utils: remove unnecessary FILESEXTRAPATHS tweak

[Scott Murray]

It was pointed out that the recipe was wrongly doing
FILESEXTRAPATHS:append, but on inspection the recipe does
not need it at all, so just remove.

Reported-by: Robert P. J. Day <rpjday@crashcourse.ca>
(cherry picked from commit 5770a76fc0d78a645ab254979986f572fd18b3ec)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb         | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
index 8ac080c..ac0a383 100644
--- a/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
+++ b/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_1.5.bb
@@ -6,8 +6,6 @@ DEPENDS += "openssl attr keyutils"
 
 DEPENDS:class-native += "openssl-native keyutils-native"
 
-FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
-
 SRC_URI = " \
     https://github.com/mimizohar/ima-evm-utils/releases/download/v${PV}/${BP}.tar.gz \
     file://0001-Do-not-get-generation-using-ioctl-when-evm_portable-.patch \
-- 
2.47.3

[meta-security][scarthgap][PATCH 13/32] harden-image-minimal: Fix usermod

[Scott Murray]

From: Armin Kuster <akuster808@gmail.com>

Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit c08a91e5e607806460854936ef622f6f78bb0f03)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 meta-hardening/recipes-core/images/harden-image-minimal.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-hardening/recipes-core/images/harden-image-minimal.bb b/meta-hardening/recipes-core/images/harden-image-minimal.bb
index 38771cd..4366961 100644
--- a/meta-hardening/recipes-core/images/harden-image-minimal.bb
+++ b/meta-hardening/recipes-core/images/harden-image-minimal.bb
@@ -18,9 +18,9 @@ DEFAULT_ADMIN_ACCOUNT ?= "myadmin"
 DEFAULT_ADMIN_GROUP ?= "wheel"
 DEFAULT_ADMIN_ACCOUNT_PASSWORD ?= "1SimplePw!"
 
-EXTRA_USERS_PARAMS = "${@bb.utils.contains('DISABLE_ROOT', 'True', "usermod -L root;", "usermod -P '${ROOT_DEFAULT_PASSWORD}' root;", d)}"
+EXTRA_USERS_PARAMS = "${@bb.utils.contains('DISABLE_ROOT', 'True', "usermod -L root;", "usermod -p '${ROOT_DEFAULT_PASSWORD}' root;", d)}"
 
 EXTRA_USERS_PARAMS:append = " useradd  ${DEFAULT_ADMIN_ACCOUNT};" 
 EXTRA_USERS_PARAMS:append = " groupadd  ${DEFAULT_ADMIN_GROUP};" 
-EXTRA_USERS_PARAMS:append = " usermod -P '${DEFAULT_ADMIN_ACCOUNT_PASSWORD}' ${DEFAULT_ADMIN_ACCOUNT};" 
+EXTRA_USERS_PARAMS:append = " usermod -p '${DEFAULT_ADMIN_ACCOUNT_PASSWORD}' ${DEFAULT_ADMIN_ACCOUNT};" 
 EXTRA_USERS_PARAMS:append = " usermod -aG ${DEFAULT_ADMIN_GROUP}  ${DEFAULT_ADMIN_ACCOUNT};" 
-- 
2.47.3

[meta-security][scarthgap][PATCH 14/32] suricata: fix CVE-2024-45795 & CVE-2024-45796

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

* CVE-2024-45795 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/72456d359bf3064306b62024c809bb30b162f18c && https://github.com/OISF/suricata/commit/96d5c81aed01f2bc0cd3e2e60057d0deb38caa99
* CVE-2024-45796 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/9203656496c4081260817cce018a0d8fd57869b5

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../suricata/files/CVE-2024-45795.patch       | 123 ++++++++++++++++++
 .../suricata/files/CVE-2024-45796.patch       |  33 +++++
 recipes-ids/suricata/suricata_7.0.0.bb        |   2 +
 3 files changed, 158 insertions(+)
 create mode 100644 recipes-ids/suricata/files/CVE-2024-45795.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-45796.patch

diff --git a/recipes-ids/suricata/files/CVE-2024-45795.patch b/recipes-ids/suricata/files/CVE-2024-45795.patch
new file mode 100644
index 0000000..10363c5
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-45795.patch
@@ -0,0 +1,123 @@
+From 72456d359bf3064306b62024c809bb30b162f18c Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Mon, 12 Aug 2024 09:54:43 +0200
+Subject: [PATCH] detect/datasets: implement unset command
+
+Ticket: 7195
+
+Otherwise, Suricata aborted on such a rule
+
+(cherry picked from commit e47598110a557bb9f87ea498d85ba91a45bb0cb6)
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/72456d359bf3064306b62024c809bb30b162f18c && https://github.com/OISF/suricata/commit/96d5c81aed01f2bc0cd3e2e60057d0deb38caa99]
+CVE: CVE-2024-45795
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ doc/userguide/rules/datasets.rst |  2 +-
+ src/datasets.c                   | 20 ++++++++++++++++++++
+ src/datasets.h                   |  1 +
+ src/detect-dataset.c             | 11 +++++++++++
+ src/detect-dataset.h             |  5 -----
+ 5 files changed, 33 insertions(+), 6 deletions(-)
+
+diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst
+index 647b12e..dd9ecd2 100644
+--- a/doc/userguide/rules/datasets.rst
++++ b/doc/userguide/rules/datasets.rst
+@@ -78,7 +78,7 @@ Syntax::
+ 
+     dataset:<cmd>,<name>,<options>;
+ 
+-    dataset:<set|isset|isnotset>,<name> \
++    dataset:<set|unset|isset|isnotset>,<name> \
+         [, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
+ 
+ type <type>
+diff --git a/src/datasets.c b/src/datasets.c
+index d89ed8d..32bcf6e 100644
+--- a/src/datasets.c
++++ b/src/datasets.c
+@@ -1741,3 +1741,23 @@ int DatasetRemoveSerialized(Dataset *set, const char *string)
+     return DatasetOpSerialized(set, string, DatasetRemoveString, DatasetRemoveMd5,
+             DatasetRemoveSha256, DatasetRemoveIPv4, DatasetRemoveIPv6);
+ }
++
++int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
++{
++    if (set == NULL)
++        return -1;
++
++    switch (set->type) {
++        case DATASET_TYPE_STRING:
++            return DatasetRemoveString(set, data, data_len);
++        case DATASET_TYPE_MD5:
++            return DatasetRemoveMd5(set, data, data_len);
++        case DATASET_TYPE_SHA256:
++            return DatasetRemoveSha256(set, data, data_len);
++        case DATASET_TYPE_IPV4:
++            return DatasetRemoveIPv4(set, data, data_len);
++        case DATASET_TYPE_IPV6:
++            return DatasetRemoveIPv6(set, data, data_len);
++    }
++    return -1;
++}
+diff --git a/src/datasets.h b/src/datasets.h
+index af4fc17..0f28a9f 100644
+--- a/src/datasets.h
++++ b/src/datasets.h
+@@ -56,6 +56,7 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type);
+ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
+         uint64_t memcap, uint32_t hashsize);
+ int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
++int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
+ int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
+ DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
+         const DataRepType *rep);
+diff --git a/src/detect-dataset.c b/src/detect-dataset.c
+index 3d29646..aad5cf0 100644
+--- a/src/detect-dataset.c
++++ b/src/detect-dataset.c
+@@ -41,6 +41,11 @@
+ #include "util-path.h"
+ #include "util-conf.h"
+ 
++#define DETECT_DATASET_CMD_SET      0
++#define DETECT_DATASET_CMD_UNSET    1
++#define DETECT_DATASET_CMD_ISNOTSET 2
++#define DETECT_DATASET_CMD_ISSET    3
++
+ int DetectDatasetMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *,
+         const Signature *, const SigMatchCtx *);
+ static int DetectDatasetSetup (DetectEngineCtx *, Signature *, const char *);
+@@ -91,6 +96,12 @@ int DetectDatasetBufferMatch(DetectEngineThreadCtx *det_ctx,
+                 return 1;
+             break;
+         }
++        case DETECT_DATASET_CMD_UNSET: {
++            int r = DatasetRemove(sd->set, data, data_len);
++            if (r == 1)
++                return 1;
++            break;
++        }
+         default:
+             abort();
+     }
+diff --git a/src/detect-dataset.h b/src/detect-dataset.h
+index ca83267..d243552 100644
+--- a/src/detect-dataset.h
++++ b/src/detect-dataset.h
+@@ -26,11 +26,6 @@
+ 
+ #include "datasets.h"
+ 
+-#define DETECT_DATASET_CMD_SET      0
+-#define DETECT_DATASET_CMD_UNSET    1
+-#define DETECT_DATASET_CMD_ISNOTSET 2
+-#define DETECT_DATASET_CMD_ISSET    3
+-
+ typedef struct DetectDatasetData_ {
+     Dataset *set;
+     uint8_t cmd;
+-- 
+2.25.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-45796.patch b/recipes-ids/suricata/files/CVE-2024-45796.patch
new file mode 100644
index 0000000..ae00a5f
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-45796.patch
@@ -0,0 +1,33 @@
+From 9203656496c4081260817cce018a0d8fd57869b5 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Mon, 15 Jul 2024 09:52:00 +0200
+Subject: [PATCH] defrag: fix off by one
+
+Ticket: 7067
+
+This off by one could lead to an empty fragment being inserted
+in the rb tree, which led to integer underflow.
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/9203656496c4081260817cce018a0d8fd57869b5]
+CVE: CVE-2024-45796
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/defrag.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/defrag.c b/src/defrag.c
+index 71cf420..38704c9 100644
+--- a/src/defrag.c
++++ b/src/defrag.c
+@@ -808,7 +808,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
+         }
+     }
+ 
+-    if (ltrim > data_len) {
++    if (ltrim >= data_len) {
+         /* Full packet has been trimmed due to the overlap policy. Overlap
+          * already set. */
+         goto done;
+-- 
+2.25.1
+
diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index a01b3d9..e5d6ed1 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -16,6 +16,8 @@ SRC_URI += " \
     file://suricata.service \
     file://run-ptest \
     file://fixup.patch \
+    file://CVE-2024-45795.patch \
+    file://CVE-2024-45796.patch \
     "
 
 inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
-- 
2.47.3

[meta-security][scarthgap][PATCH 15/32] meta-security: Remove True option to getVar calls

[Scott Murray]

From: akash hadke <akash.hadke27@gmail.com>

getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.

Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 meta-integrity/classes/ima-evm-rootfs.bbclass                 | 2 +-
 .../recipes-parsec/parsec-service/parsec-service_1.3.0.bb     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-integrity/classes/ima-evm-rootfs.bbclass
index 7b73373..8b2e767 100644
--- a/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -59,7 +59,7 @@ ima_evm_sign_rootfs () {
     #
     # Deduplicates iversion in case that this gets called more than once.
     if [ -f etc/fstab ]; then
-       perl -pi -e 's;(\S+)(\s+)(${@"|".join((d.getVar("IMA_EVM_ROOTFS_IVERSION", True) or "no-such-mount-point").split())})(\s+)(\S+)(\s+)(\S+);\1\2\3\4\5\6\7,iversion;; s/(,iversion)+/,iversion/;' etc/fstab
+       perl -pi -e 's;(\S+)(\s+)(${@"|".join((d.getVar("IMA_EVM_ROOTFS_IVERSION") or "no-such-mount-point").split())})(\s+)(\S+)(\s+)(\S+);\1\2\3\4\5\6\7,iversion;; s/(,iversion)+/,iversion/;' etc/fstab
     fi
 
     # Detect 32bit target to pass --m32 to evmctl by looking at libc
diff --git a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.3.0.bb b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.3.0.bb
index 477988e..6887b9f 100644
--- a/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.3.0.bb
+++ b/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.3.0.bb
@@ -27,11 +27,11 @@ PACKAGECONFIG[MBED-CRYPTO] = "mbed-crypto-provider,"
 PACKAGECONFIG[CRYPTOAUTHLIB] = "cryptoauthlib-provider,"
 PACKAGECONFIG[TS] = "trusted-service-provider,,libts,libts"
 
-PARSEC_FEATURES = "${@d.getVar('PACKAGECONFIG_CONFARGS',True).strip().replace(' ', ',')}"
+PARSEC_FEATURES = "${@d.getVar('PACKAGECONFIG_CONFARGS').strip().replace(' ', ',')}"
 CARGO_BUILD_FLAGS += " --features ${PARSEC_FEATURES}"
 
 export BINDGEN_EXTRA_CLANG_ARGS
-target = "${@d.getVar('TARGET_SYS',True).replace('-', ' ')}"
+target = "${@d.getVar('TARGET_SYS').replace('-', ' ')}"
 BINDGEN_EXTRA_CLANG_ARGS = "${@bb.utils.contains('target', 'arm', \
                               '--sysroot=${WORKDIR}/recipe-sysroot -I${WORKDIR}/recipe-sysroot/usr/include -mfloat-abi=hard', \
                               '--sysroot=${WORKDIR}/recipe-sysroot -I${WORKDIR}/recipe-sysroot/usr/include', \
-- 
2.47.3

[meta-security][scarthgap][PATCH 16/32] suricata: Fix CVE-2024-55605

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76 && https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../suricata/files/CVE-2024-55605.patch       | 205 ++++++++++++++++++
 recipes-ids/suricata/suricata_7.0.0.bb        |   1 +
 2 files changed, 206 insertions(+)
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55605.patch

diff --git a/recipes-ids/suricata/files/CVE-2024-55605.patch b/recipes-ids/suricata/files/CVE-2024-55605.patch
new file mode 100644
index 0000000..c8bfead
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55605.patch
@@ -0,0 +1,205 @@
+From f80ebd5a30b02db5915f749f0c067c7adefbbe76 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 7 Nov 2024 17:49:45 +0100
+Subject: [PATCH] detect/transforms: write directly in inspect buffer
+
+instead of writing to a temporary buffer and then copying,
+to save the cost of copying.
+
+Ticket: 7229
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76 && https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba]
+CVE: CVE-2024-55605
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/detect-engine.c                        | 23 ++++++++++++++++++++--
+ src/detect-engine.h                        |  3 ++-
+ src/detect-transform-compress-whitespace.c |  8 ++++++--
+ src/detect-transform-dotprefix.c           | 10 +++++++---
+ src/detect-transform-strip-whitespace.c    |  8 ++++++--
+ src/detect-transform-urldecode.c           |  8 ++++++--
+ src/detect-transform-xor.c                 |  7 +++++--
+ 7 files changed, 53 insertions(+), 14 deletions(-)
+
+diff --git a/src/detect-engine.c b/src/detect-engine.c
+index 141b48a..cdb24d8 100644
+--- a/src/detect-engine.c
++++ b/src/detect-engine.c
+@@ -1647,11 +1647,13 @@ void InspectionBufferFree(InspectionBuffer *buffer)
+ /**
+  * \brief make sure that the buffer has at least 'min_size' bytes
+  * Expand the buffer if necessary
++ *
++ * \retval pointer to inner buffer to use, or NULL if realloc failed
+  */
+-void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
++uint8_t *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
+ {
+     if (likely(buffer->size >= min_size))
+-        return;
++        return buffer->buf;
+ 
+     uint32_t new_size = (buffer->size == 0) ? 4096 : buffer->size;
+     while (new_size < min_size) {
+@@ -1662,7 +1664,24 @@ void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
+     if (ptr != NULL) {
+         buffer->buf = ptr;
+         buffer->size = new_size;
++    } else {
++        return NULL;
+     }
++    return buffer->buf;
++}
++
++/**
++ * \brief set inspect length of inspect buffer
++ * The inspect buffer may have been overallocated (by strip_whitespace for example)
++ * so, this sets the final length
++ */
++void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len)
++{
++    DEBUG_VALIDATE_BUG_ON(buffer->buf == NULL);
++    DEBUG_VALIDATE_BUG_ON(buf_len > buffer->size);
++    buffer->inspect = buffer->buf;
++    buffer->inspect_len = buf_len;
++    buffer->initialized = true;
+ }
+ 
+ void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len)
+diff --git a/src/detect-engine.h b/src/detect-engine.h
+index 7617e66..04713a7 100644
+--- a/src/detect-engine.h
++++ b/src/detect-engine.h
+@@ -31,7 +31,8 @@ void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size);
+ void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
+         InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len);
+ void InspectionBufferFree(InspectionBuffer *buffer);
+-void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
++uint8_t *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
++void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len);
+ void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
+ void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
+         const DetectEngineTransforms *transforms);
+diff --git a/src/detect-transform-compress-whitespace.c b/src/detect-transform-compress-whitespace.c
+index 5cbf0fd..cc78c7e 100644
+--- a/src/detect-transform-compress-whitespace.c
++++ b/src/detect-transform-compress-whitespace.c
+@@ -111,7 +111,11 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
+         return;
+     }
+ 
+-    uint8_t output[input_len]; // we can only shrink
++    // we can only shrink
++    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
++    if (output == NULL) {
++        return;
++    }
+     uint8_t *oi = output, *os = output;
+ 
+     //PrintRawDataFp(stdout, input, input_len);
+@@ -132,7 +136,7 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
+     uint32_t output_size = oi - os;
+     //PrintRawDataFp(stdout, output, output_size);
+ 
+-    InspectionBufferCopy(buffer, os, output_size);
++    InspectionBufferTruncate(buffer, output_size);
+ }
+ 
+ #ifdef UNITTESTS
+diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c
+index 52a2633..d58e1d4 100644
+--- a/src/detect-transform-dotprefix.c
++++ b/src/detect-transform-dotprefix.c
+@@ -110,11 +110,15 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
+     const size_t input_len = buffer->inspect_len;
+ 
+     if (input_len) {
+-        uint8_t output[input_len + 1]; // For the leading '.'
++        // For the leading '.'
++        uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len + 1);
++        if (output == NULL) {
++            return;
++        }
+ 
++        memmove(&output[1], buffer->inspect, input_len);
+         output[0] = '.';
+-        memcpy(&output[1], buffer->inspect, input_len);
+-        InspectionBufferCopy(buffer, output, input_len + 1);
++        InspectionBufferTruncate(buffer, input_len + 1);
+     }
+ }
+ 
+diff --git a/src/detect-transform-strip-whitespace.c b/src/detect-transform-strip-whitespace.c
+index 32fb96f..6040592 100644
+--- a/src/detect-transform-strip-whitespace.c
++++ b/src/detect-transform-strip-whitespace.c
+@@ -106,7 +106,11 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
+     if (input_len == 0) {
+         return;
+     }
+-    uint8_t output[input_len]; // we can only shrink
++    // we can only shrink
++    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
++    if (output == NULL) {
++        return;
++    }
+     uint8_t *oi = output, *os = output;
+ 
+     //PrintRawDataFp(stdout, input, input_len);
+@@ -119,7 +123,7 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
+     uint32_t output_size = oi - os;
+     //PrintRawDataFp(stdout, output, output_size);
+ 
+-    InspectionBufferCopy(buffer, os, output_size);
++    InspectionBufferTruncate(buffer, output_size);
+ }
+ 
+ #ifdef UNITTESTS
+diff --git a/src/detect-transform-urldecode.c b/src/detect-transform-urldecode.c
+index 13ef033..a4e9655 100644
+--- a/src/detect-transform-urldecode.c
++++ b/src/detect-transform-urldecode.c
+@@ -125,12 +125,16 @@ static void TransformUrlDecode(InspectionBuffer *buffer, void *options)
+     if (input_len == 0) {
+         return;
+     }
+-    uint8_t output[input_len]; // we can only shrink
++    // we can only shrink
++    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
++    if (output == NULL) {
++        return;
++    }
+ 
+     changed = BufferUrlDecode(input, input_len, output, &output_size);
+ 
+     if (changed) {
+-        InspectionBufferCopy(buffer, output, output_size);
++        InspectionBufferTruncate(buffer, output_size);
+     }
+ }
+ 
+diff --git a/src/detect-transform-xor.c b/src/detect-transform-xor.c
+index e42700f..18f96df 100644
+--- a/src/detect-transform-xor.c
++++ b/src/detect-transform-xor.c
+@@ -133,12 +133,15 @@ static void DetectTransformXor(InspectionBuffer *buffer, void *options)
+     if (input_len == 0) {
+         return;
+     }
+-    uint8_t output[input_len];
++    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
++    if (output == NULL) {
++        return;
++    }
+ 
+     for (uint32_t i = 0; i < input_len; i++) {
+         output[i] = input[i] ^ pxd->key[i % pxd->length];
+     }
+-    InspectionBufferCopy(buffer, output, input_len);
++    InspectionBufferTruncate(buffer, input_len);
+ }
+ 
+ #ifdef UNITTESTS
+-- 
+2.25.1
+
diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index e5d6ed1..1cb02f4 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -18,6 +18,7 @@ SRC_URI += " \
     file://fixup.patch \
     file://CVE-2024-45795.patch \
     file://CVE-2024-45796.patch \
+    file://CVE-2024-55605.patch \
     "
 
 inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
-- 
2.47.3

[meta-security][scarthgap][PATCH 17/32] clamav: fix CVE-2025-20260

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport https://github.com/Cisco-Talos/clamav/commit/7fe290b573db66ffcf590902977b2b6043b30834

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-scanners/clamav/clamav_0.104.4.bb     |   1 +
 .../clamav/files/CVE-2025-20260.patch         | 366 ++++++++++++++++++
 2 files changed, 367 insertions(+)
 create mode 100644 recipes-scanners/clamav/files/CVE-2025-20260.patch

diff --git a/recipes-scanners/clamav/clamav_0.104.4.bb b/recipes-scanners/clamav/clamav_0.104.4.bb
index d7beade..0bd776c 100644
--- a/recipes-scanners/clamav/clamav_0.104.4.bb
+++ b/recipes-scanners/clamav/clamav_0.104.4.bb
@@ -22,6 +22,7 @@ SRC_URI = "git://github.com/Cisco-Talos/clamav;branch=rel/0.104;protocol=https \
     file://oe_cmake_fixup.patch \
     file://CVE-2024-20505.patch \
     file://CVE-2024-20506.patch \
+    file://CVE-2025-20260.patch \
 "
 S = "${WORKDIR}/git"
 
diff --git a/recipes-scanners/clamav/files/CVE-2025-20260.patch b/recipes-scanners/clamav/files/CVE-2025-20260.patch
new file mode 100644
index 0000000..6177d4b
--- /dev/null
+++ b/recipes-scanners/clamav/files/CVE-2025-20260.patch
@@ -0,0 +1,366 @@
+From 7fe290b573db66ffcf590902977b2b6043b30834 Mon Sep 17 00:00:00 2001
+From: John Humlick <15677335+jhumlick@users.noreply.github.com>
+Date: Mon, 21 Apr 2025 16:18:07 -0700
+Subject: [PATCH] Fix integer overflow in PDF parser
+
+The ascii85decode function calculates the amount of memory to reserve as
+a function of (4 * bytes) + 1. Since the result is stored in a uint32_t,
+we need to make sure that this calculation will not overflow. If we
+detect that an overflow would occur, return CL_EFORMAT and do not
+proceed.
+
+Also check additional potential overflow conditions.
+Other areas were identified that could potentially overflow.
+This commit adds additional checks to prevent said overflows.
+
+Thank you Greg Walkup at Sandia National Labs for reporting this issue.
+
+CLAM-2752
+CLAM-2757
+CLAM-2759
+
+Upstream-Status: Backport [https://github.com/Cisco-Talos/clamav/commit/7fe290b573db66ffcf590902977b2b6043b30834]
+CVE: CVE-2025-20260
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ libclamav/pdf.c       | 42 +++++++++++------------
+ libclamav/pdf.h       | 16 ++++-----
+ libclamav/pdfdecode.c | 80 +++++++++++++++++++++++++++++++------------
+ 3 files changed, 87 insertions(+), 51 deletions(-)
+
+diff --git a/libclamav/pdf.c b/libclamav/pdf.c
+index 40eea19eb..a305b1701 100644
+--- a/libclamav/pdf.c
++++ b/libclamav/pdf.c
+@@ -441,7 +441,7 @@ int pdf_findobj_in_objstm(struct pdf_struct *pdf, struct objstm_struct *objstm,
+ 
+         if (CL_SUCCESS != cli_strntol_wrap(index, bytes_remaining, 0, 10, &temp_long)) {
+             /* Failed to find obj offset for next obj */
+-            cli_dbgmsg("pdf_findobj_in_objstm: Failed to find next obj offset for obj in object stream though there should be {%u} more.\n", objstm->n - objstm->nobjs_found);
++            cli_dbgmsg("pdf_findobj_in_objstm: Failed to find next obj offset for obj in object stream though there should be {%zu} more.\n", objstm->n - objstm->nobjs_found);
+             status = CL_EPARSE;
+             goto done;
+         } else if (temp_long < 0) {
+@@ -1551,18 +1551,18 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t
+                 }
+             }
+ 
+-            cli_dbgmsg("pdf_extract_obj: calculated length %lld\n", (long long)length);
++            cli_dbgmsg("pdf_extract_obj: calculated length %zu\n", length);
+         } else {
+             if (obj->stream_size > (size_t)length + 2) {
+                 cli_dbgmsg("cli_pdf: calculated length %zu < %zu\n",
+-                           (size_t)length, obj->stream_size);
++                           length, obj->stream_size);
+                 length = obj->stream_size;
+             }
+         }
+ 
+-        if ((0 != orig_length) && (obj->stream_size > (size_t)orig_length + 20)) {
+-            cli_dbgmsg("pdf_extract_obj: orig length: %lld, length: %lld, size: %zu\n",
+-                       (long long)orig_length, (long long)length, obj->stream_size);
++        if ((0 != orig_length) && (obj->stream_size > orig_length + 20)) {
++            cli_dbgmsg("pdf_extract_obj: orig length: %zu, length: %zu, size: %zu\n",
++                       orig_length, length, obj->stream_size);
+             pdfobj_flag(pdf, obj, BAD_STREAMLEN);
+         }
+ 
+@@ -1613,18 +1613,18 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t
+          */
+         dict_len = obj->stream - start;
+         if (NULL != (pstr = pdf_getdict(start, &dict_len, "/Type/ObjStm"))) {
+-            int32_t objstm_first  = -1;
+-            int32_t objstm_length = -1;
+-            int32_t objstm_n      = -1;
++            int objstm_first  = -1;
++            int objstm_length = -1;
++            int objstm_n      = -1;
+ 
+             cli_dbgmsg("pdf_extract_obj: Found /Type/ObjStm\n");
+ 
+             dict_len = obj->stream - start;
+-            if ((-1 == (objstm_first = pdf_readint(start, dict_len, "/First")))) {
++            if (-1 == (objstm_first = pdf_readint(start, dict_len, "/First"))) {
+                 cli_warnmsg("pdf_extract_obj: Failed to find offset of first object in object stream\n");
+-            } else if ((-1 == (objstm_length = pdf_readint(start, dict_len, "/Length")))) {
++            } else if (-1 == (objstm_length = pdf_readint(start, dict_len, "/Length"))) {
+                 cli_warnmsg("pdf_extract_obj: Failed to find length of object stream\n");
+-            } else if ((-1 == (objstm_n = pdf_readint(start, dict_len, "/N")))) {
++            } else if (-1 == (objstm_n = pdf_readint(start, dict_len, "/N"))) {
+                 cli_warnmsg("pdf_extract_obj: Failed to find num objects in object stream\n");
+             } else {
+                 /* Add objstm to pdf struct, so it can be freed eventually */
+@@ -1646,19 +1646,19 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t
+ 
+                 memset(objstm, 0, sizeof(*objstm));
+ 
+-                objstm->first        = (uint32_t)objstm_first;
+-                objstm->current      = (uint32_t)objstm_first;
++                objstm->first        = (size_t)objstm_first;
++                objstm->current      = (size_t)objstm_first;
+                 objstm->current_pair = 0;
+-                objstm->length       = (uint32_t)objstm_length;
+-                objstm->n            = (uint32_t)objstm_n;
++                objstm->length       = (size_t)objstm_length;
++                objstm->n            = (size_t)objstm_n;
+ 
+-                cli_dbgmsg("pdf_extract_obj: ObjStm first obj at offset %d\n", objstm->first);
+-                cli_dbgmsg("pdf_extract_obj: ObjStm length is %d bytes\n", objstm->length);
+-                cli_dbgmsg("pdf_extract_obj: ObjStm should contain %d objects\n", objstm->n);
++                cli_dbgmsg("pdf_extract_obj: ObjStm first obj at offset %zu\n", objstm->first);
++                cli_dbgmsg("pdf_extract_obj: ObjStm length is %zu bytes\n", objstm->length);
++                cli_dbgmsg("pdf_extract_obj: ObjStm should contain %zu objects\n", objstm->n);
+             }
+         }
+ 
+-        sum = pdf_decodestream(pdf, obj, dparams, obj->stream, (uint32_t)length, xref, fout, &rc, objstm);
++        sum = pdf_decodestream(pdf, obj, dparams, obj->stream, length, xref, fout, &rc, objstm);
+         if ((CL_SUCCESS != rc) && (CL_VIRUS != rc)) {
+             cli_dbgmsg("Error decoding stream! Error code: %d\n", rc);
+ 
+@@ -3341,7 +3341,7 @@ cl_error_t pdf_find_and_parse_objs_in_objstm(struct pdf_struct *pdf, struct objs
+         retval = pdf_findobj_in_objstm(pdf, objstm, &obj);
+         if (retval != CL_SUCCESS) {
+             if (retval != CL_BREAK) {
+-                cli_dbgmsg("pdf_find_and_parse_objs_in_objstm: Fewer objects in stream than expected: %u found, %u expected.\n",
++                cli_dbgmsg("pdf_find_and_parse_objs_in_objstm: Fewer objects in stream than expected: %zu found, %zu expected.\n",
+                            objstm->nobjs_found, objstm->n);
+                 badobjects++;
+                 pdf->stats.ninvalidobjs++;
+diff --git a/libclamav/pdf.h b/libclamav/pdf.h
+index 3a03f19f1..b5b69cec7 100644
+--- a/libclamav/pdf.h
++++ b/libclamav/pdf.h
+@@ -25,14 +25,14 @@
+ #define PDF_FILTERLIST_MAX 64
+ 
+ struct objstm_struct {
+-    uint32_t first;        // offset of first obj
+-    uint32_t current;      // offset of current obj
+-    uint32_t current_pair; // offset of current pair describing id, location of object
+-    uint32_t length;       // total length of all objects (starting at first)
+-    uint32_t n;            // number of objects that should be found in the object stream
+-    uint32_t nobjs_found;  // number of objects actually found in the object stream
+-    char *streambuf;       // address of stream buffer, beginning with first obj pair
+-    size_t streambuf_len;  // length of stream buffer, includes pairs followed by actual objects
++    size_t first;         // offset of first obj
++    size_t current;       // offset of current obj
++    size_t current_pair;  // offset of current pair describing id, location of object
++    size_t length;        // total length of all objects (starting at first)
++    size_t n;             // number of objects that should be found in the object stream
++    size_t nobjs_found;   // number of objects actually found in the object stream
++    char *streambuf;      // address of stream buffer, beginning with first obj pair
++    size_t streambuf_len; // length of stream buffer, includes pairs followed by actual objects
+ };
+ 
+ struct pdf_obj {
+diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
+index 473cfcd43..92ba52d50 100644
+--- a/libclamav/pdfdecode.c
++++ b/libclamav/pdfdecode.c
+@@ -73,7 +73,7 @@
+ struct pdf_token {
+     uint32_t flags;   /* tracking flags */
+     uint32_t success; /* successfully decoded filters */
+-    uint32_t length;  /* length of current content; TODO: transition to size_t */
++    size_t length;    /* length of current content; TODO: transition to size_t */
+     uint8_t *content; /* content stream */
+ };
+ 
+@@ -461,10 +461,16 @@ static cl_error_t filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *o
+     uint32_t declen = 0;
+ 
+     const uint8_t *ptr = (uint8_t *)token->content;
+-    uint32_t remaining = token->length;
++    size_t remaining   = token->length;
+     int quintet = 0, rc = CL_SUCCESS;
+     uint64_t sum = 0;
+ 
++    /* Check for overflow */
++    if (remaining > (SIZE_MAX / 4)) {
++        cli_dbgmsg("cli_pdf: ascii85decode: overflow detected\n");
++        return CL_EFORMAT;
++    }
++
+     /* 5:4 decoding ratio, with 1:4 expansion sequences => (4*length)+1 */
+     if (!(dptr = decoded = (uint8_t *)cli_malloc((4 * remaining) + 1))) {
+         cli_errmsg("cli_pdf: cannot allocate memory for decoded output\n");
+@@ -851,8 +857,8 @@ static cl_error_t filter_asciihexdecode(struct pdf_struct *pdf, struct pdf_obj *
+     uint8_t *decoded;
+ 
+     const uint8_t *content = (uint8_t *)token->content;
+-    uint32_t length        = token->length;
+-    uint32_t i, j;
++    size_t length          = token->length;
++    size_t i, j;
+     cl_error_t rc = CL_SUCCESS;
+ 
+     if (!(decoded = (uint8_t *)cli_calloc(length / 2 + 1, sizeof(uint8_t)))) {
+@@ -882,8 +888,8 @@ static cl_error_t filter_asciihexdecode(struct pdf_struct *pdf, struct pdf_obj *
+     if (rc == CL_SUCCESS) {
+         free(token->content);
+ 
+-        cli_dbgmsg("cli_pdf: deflated %lu bytes from %lu total bytes\n",
+-                   (unsigned long)j, (unsigned long)(token->length));
++        cli_dbgmsg("cli_pdf: deflated %zu bytes from %zu total bytes\n",
++                   j, token->length);
+ 
+         token->content = decoded;
+         token->length  = j;
+@@ -891,8 +897,8 @@ static cl_error_t filter_asciihexdecode(struct pdf_struct *pdf, struct pdf_obj *
+         if (!(obj->flags & ((1 << OBJ_IMAGE) | (1 << OBJ_TRUNCATED))))
+             pdfobj_flag(pdf, obj, BAD_ASCIIDECODE);
+ 
+-        cli_dbgmsg("cli_pdf: error occurred parsing byte %lu of %lu\n",
+-                   (unsigned long)i, (unsigned long)(token->length));
++        cli_dbgmsg("cli_pdf: error occurred parsing byte %zu of %zu\n",
++                   i, token->length);
+         free(decoded);
+     }
+     return rc;
+@@ -933,27 +939,29 @@ static cl_error_t filter_decrypt(struct pdf_struct *pdf, struct pdf_obj *obj, st
+         return CL_EPARSE; /* TODO: what should this value be? CL_SUCCESS would mirror previous behavior */
+     }
+ 
+-    cli_dbgmsg("cli_pdf: decrypted %zu bytes from %u total bytes\n",
++    cli_dbgmsg("cli_pdf: decrypted %zu bytes from %zu total bytes\n",
+                length, token->length);
+ 
+     free(token->content);
+     token->content = (uint8_t *)decrypted;
+-    token->length  = (uint32_t)length; /* this may truncate unfortunately, TODO: use 64-bit values internally? */
++    token->length  = length;
+     return CL_SUCCESS;
+ }
+ 
+ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj, struct pdf_dict *params, struct pdf_token *token)
+ {
+     uint8_t *decoded, *temp;
+-    uint32_t declen = 0, capacity = 0;
++    size_t declen = 0, capacity = 0;
+ 
+     uint8_t *content = (uint8_t *)token->content;
+     uint32_t length  = token->length;
+     lzw_stream stream;
+     int echg = 1, lzwstat, rc = CL_SUCCESS;
+ 
+-    if (pdf->ctx && !(pdf->ctx->dconf->other & OTHER_CONF_LZW))
+-        return CL_BREAK;
++    if (pdf->ctx && !(pdf->ctx->dconf->other & OTHER_CONF_LZW)) {
++        rc = CL_BREAK;
++        goto done;
++    }
+ 
+     if (params) {
+         struct pdf_dict_node *node = params->nodes;
+@@ -984,15 +992,18 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+          * Sample 0015315109, it has \r followed by zlib header.
+          * Flag pdf as suspicious, and attempt to extract by skipping the \r.
+          */
+-        if (!length)
+-            return CL_SUCCESS;
++        if (!length) {
++            rc = CL_SUCCESS;
++            goto done;
++        }
+     }
+ 
+     capacity = INFLATE_CHUNK_SIZE;
+ 
+     if (!(decoded = (uint8_t *)cli_malloc(capacity))) {
+         cli_errmsg("cli_pdf: cannot allocate memory for decoded output\n");
+-        return CL_EMEM;
++        rc = CL_EMEM;
++        goto done;
+     }
+ 
+     memset(&stream, 0, sizeof(stream));
+@@ -1007,7 +1018,8 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+     if (lzwstat != Z_OK) {
+         cli_warnmsg("cli_pdf: lzwInit failed\n");
+         free(decoded);
+-        return CL_EMEM;
++        rc = CL_EMEM;
++        goto done;
+     }
+ 
+     /* initial inflate */
+@@ -1022,16 +1034,23 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+             length -= q - content;
+             content = q;
+ 
+-            stream.next_in   = (Bytef *)content;
+-            stream.avail_in  = length;
+-            stream.next_out  = (Bytef *)decoded;
++            stream.next_in  = (Bytef *)content;
++            stream.avail_in = length;
++            stream.next_out = (Bytef *)decoded;
++            /* Make sure we don't overflow during type conversion */
++            if (capacity > UINT_MAX) {
++                cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++                rc = CL_EFORMAT;
++                goto done;
++            }
+             stream.avail_out = capacity;
+ 
+             lzwstat = lzwInit(&stream);
+             if (lzwstat != Z_OK) {
+                 cli_warnmsg("cli_pdf: lzwInit failed\n");
+                 free(decoded);
+-                return CL_EMEM;
++                rc = CL_EMEM;
++                goto done;
+             }
+ 
+             pdfobj_flag(pdf, obj, BAD_FLATESTART);
+@@ -1044,7 +1063,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+         /* extend output capacity if needed,*/
+         if (stream.avail_out == 0) {
+             if ((rc = cli_checklimits("pdf", pdf->ctx, capacity + INFLATE_CHUNK_SIZE, 0, 0)) != CL_SUCCESS) {
+-                cli_dbgmsg("cli_pdf: required buffer size to inflate compressed filter exceeds maximum: %u\n", capacity + INFLATE_CHUNK_SIZE);
++                cli_dbgmsg("cli_pdf: required buffer size to inflate compressed filter exceeds maximum: %zu\n", capacity + INFLATE_CHUNK_SIZE);
+                 break;
+             }
+ 
+@@ -1056,7 +1075,17 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+             decoded          = temp;
+             stream.next_out  = decoded + capacity;
+             stream.avail_out = INFLATE_CHUNK_SIZE;
++            if (declen > (SIZE_MAX - INFLATE_CHUNK_SIZE)) {
++                cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++                rc = CL_EFORMAT;
++                goto done;
++            }
+             declen += INFLATE_CHUNK_SIZE;
++            if (capacity > (SIZE_MAX - INFLATE_CHUNK_SIZE)) {
++                cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++                rc = CL_EFORMAT;
++                goto done;
++            }
+             capacity += INFLATE_CHUNK_SIZE;
+         }
+ 
+@@ -1064,6 +1093,12 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+         lzwstat = lzwInflate(&stream);
+     }
+ 
++    if (declen > (UINT32_MAX - (INFLATE_CHUNK_SIZE - stream.avail_out))) {
++        cli_dbgmsg("cli_pdf: lzwdecode: overflow detected\n");
++        rc = CL_EFORMAT;
++        goto done;
++    }
++
+     /* add stream end fragment to decoded length */
+     declen += (INFLATE_CHUNK_SIZE - stream.avail_out);
+ 
+@@ -1104,6 +1139,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+ 
+     (void)lzwInflateEnd(&stream);
+ 
++done:
+     if (rc == CL_SUCCESS) {
+         if (declen == 0) {
+             cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+-- 
+2.49.0
+
-- 
2.47.3

[meta-security][scarthgap][PATCH 18/32] suricata: fix multiple CVEs

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

Backport fixes for:

* CVE-2025-29916 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/2f432c99a9734ea3a75c9218f35060e11a7a39ad && https://github.com/OISF/suricata/commit/e28c8c655a324a18932655a2c2b8f0d5aa1c55d7 && https://github.com/OISF/suricata/commit/d86c5f9f0c75736d4fce93e27c0773fcb27e1047
* CVE-2025-29917 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/bab716776ba3561cfbfd1a57fc18ff1f6859f019
* CVE-2025-29918 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../suricata/files/CVE-2025-29916-01.patch    | 124 +++++++++++
 .../suricata/files/CVE-2025-29916-02.patch    | 197 ++++++++++++++++++
 .../suricata/files/CVE-2025-29916-03.patch    |  55 +++++
 .../suricata/files/CVE-2025-29917.patch       | 115 ++++++++++
 .../suricata/files/CVE-2025-29918.patch       |  49 +++++
 recipes-ids/suricata/suricata_7.0.0.bb        |   5 +
 6 files changed, 545 insertions(+)
 create mode 100644 recipes-ids/suricata/files/CVE-2025-29916-01.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2025-29916-02.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2025-29916-03.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2025-29917.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2025-29918.patch

diff --git a/recipes-ids/suricata/files/CVE-2025-29916-01.patch b/recipes-ids/suricata/files/CVE-2025-29916-01.patch
new file mode 100644
index 0000000..ae020e2
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-29916-01.patch
@@ -0,0 +1,124 @@
+From 2f432c99a9734ea3a75c9218f35060e11a7a39ad Mon Sep 17 00:00:00 2001
+From: Victor Julien <vjulien@oisf.net>
+Date: Tue, 18 Mar 2025 10:55:39 +0100
+Subject: [PATCH] datasets: improve default hashsize handling
+
+Make hashsize default local to dataset code, instead of relying on the
+thash code.
+
+Use the same default value as before.
+
+(cherry picked from commit d32a39ca4b53d7f659f4f0a2a5c162ef97dc4797)
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/2f432c99a9734ea3a75c9218f35060e11a7a39ad]
+CVE: CVE-2025-29916
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/datasets.c | 37 +++++++++++++++++++++++--------------
+ 1 file changed, 23 insertions(+), 14 deletions(-)
+
+diff --git a/src/datasets.c b/src/datasets.c
+index 32bcf6e..89e7899 100644
+--- a/src/datasets.c
++++ b/src/datasets.c
+@@ -677,6 +677,11 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
+         }
+     }
+ 
++    GetDefaultMemcap(&default_memcap, &default_hashsize);
++    if (hashsize == 0) {
++        hashsize = default_hashsize;
++    }
++
+     set = DatasetAlloc(name);
+     if (set == NULL) {
+         goto out_err;
+@@ -696,12 +701,11 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
+     char cnf_name[128];
+     snprintf(cnf_name, sizeof(cnf_name), "datasets.%s.hash", name);
+ 
+-    GetDefaultMemcap(&default_memcap, &default_hashsize);
+     switch (type) {
+         case DATASET_TYPE_MD5:
+             set->hash = THashInit(cnf_name, sizeof(Md5Type), Md5StrSet, Md5StrFree, Md5StrHash,
+                     Md5StrCompare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
+-                    hashsize > 0 ? hashsize : default_hashsize);
++                    hashsize);
+             if (set->hash == NULL)
+                 goto out_err;
+             if (DatasetLoadMd5(set) < 0)
+@@ -710,7 +714,7 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
+         case DATASET_TYPE_STRING:
+             set->hash = THashInit(cnf_name, sizeof(StringType), StringSet, StringFree, StringHash,
+                     StringCompare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
+-                    hashsize > 0 ? hashsize : default_hashsize);
++                    hashsize);
+             if (set->hash == NULL)
+                 goto out_err;
+             if (DatasetLoadString(set) < 0)
+@@ -719,26 +723,25 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
+         case DATASET_TYPE_SHA256:
+             set->hash = THashInit(cnf_name, sizeof(Sha256Type), Sha256StrSet, Sha256StrFree,
+                     Sha256StrHash, Sha256StrCompare, load != NULL ? 1 : 0,
+-                    memcap > 0 ? memcap : default_memcap,
+-                    hashsize > 0 ? hashsize : default_hashsize);
++                    memcap > 0 ? memcap : default_memcap, hashsize);
+             if (set->hash == NULL)
+                 goto out_err;
+             if (DatasetLoadSha256(set) < 0)
+                 goto out_err;
+             break;
+         case DATASET_TYPE_IPV4:
+-            set->hash = THashInit(cnf_name, sizeof(IPv4Type), IPv4Set, IPv4Free, IPv4Hash,
+-                    IPv4Compare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
+-                    hashsize > 0 ? hashsize : default_hashsize);
++            set->hash =
++                    THashInit(cnf_name, sizeof(IPv4Type), IPv4Set, IPv4Free, IPv4Hash, IPv4Compare,
++                            load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap, hashsize);
+             if (set->hash == NULL)
+                 goto out_err;
+             if (DatasetLoadIPv4(set) < 0)
+                 goto out_err;
+             break;
+         case DATASET_TYPE_IPV6:
+-            set->hash = THashInit(cnf_name, sizeof(IPv6Type), IPv6Set, IPv6Free, IPv6Hash,
+-                    IPv6Compare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
+-                    hashsize > 0 ? hashsize : default_hashsize);
++            set->hash =
++                    THashInit(cnf_name, sizeof(IPv6Type), IPv6Set, IPv6Free, IPv6Hash, IPv6Compare,
++                            load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap, hashsize);
+             if (set->hash == NULL)
+                 goto out_err;
+             if (DatasetLoadIPv6(set) < 0)
+@@ -825,6 +828,10 @@ void DatasetPostReloadCleanup(void)
+     SCMutexUnlock(&sets_lock);
+ }
+ 
++/* Value reflects THASH_DEFAULT_HASHSIZE which is what the default was earlier,
++ * despite 2048 commented out in the default yaml. */
++#define DATASETS_HASHSIZE_DEFAULT 4096
++
+ static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
+ {
+     const char *str = NULL;
+@@ -836,12 +843,14 @@ static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
+             *memcap = 0;
+         }
+     }
++
++    *hashsize = (uint32_t)DATASETS_HASHSIZE_DEFAULT;
+     if (ConfGet("datasets.defaults.hashsize", &str) == 1) {
+         if (ParseSizeStringU32(str, hashsize) < 0) {
++            *hashsize = (uint32_t)DATASETS_HASHSIZE_DEFAULT;
+             SCLogWarning("hashsize value cannot be deduced: %s,"
+-                         " resetting to default",
+-                    str);
+-            *hashsize = 0;
++                         " resetting to default: %u",
++                    str, *hashsize);
+         }
+     }
+ }
+-- 
+2.49.0
+
diff --git a/recipes-ids/suricata/files/CVE-2025-29916-02.patch b/recipes-ids/suricata/files/CVE-2025-29916-02.patch
new file mode 100644
index 0000000..fbaaabc
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-29916-02.patch
@@ -0,0 +1,197 @@
+From e28c8c655a324a18932655a2c2b8f0d5aa1c55d7 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Tue, 18 Mar 2025 10:55:39 +0100
+Subject: [PATCH] detect: add configurable limits for datasets
+
+Ticket: 7615
+
+Avoids signatures setting extreme hash sizes, which would lead to very
+high memory use.
+
+Default to allowing:
+- 65536 per dataset
+- 16777216 total
+
+To override these built-in defaults:
+
+```yaml
+datasets:
+  # Limits for per rule dataset instances to avoid rules using too many
+  # resources.
+  limits:
+    # Max value for per dataset `hashsize` setting
+    #single-hashsize: 65536
+    # Max combined hashsize values for all datasets.
+    #total-hashsizes: 16777216
+```
+
+(cherry picked from commit a7713db709b8a0be5fc5e5809ab58e9b14a16e85)
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/e28c8c655a324a18932655a2c2b8f0d5aa1c55d7]
+CVE: CVE-2025-29916
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/datasets.c   | 65 ++++++++++++++++++++++++++++++++++++++++++++++++
+ src/util-thash.c |  5 ----
+ suricata.yaml.in |  8 ++++++
+ 3 files changed, 73 insertions(+), 5 deletions(-)
+
+diff --git a/src/datasets.c b/src/datasets.c
+index 89e7899..0729894 100644
+--- a/src/datasets.c
++++ b/src/datasets.c
+@@ -39,11 +39,16 @@
+ #include "util-misc.h"
+ #include "util-path.h"
+ #include "util-debug.h"
++#include "util-validate.h"
+ 
+ SCMutex sets_lock = SCMUTEX_INITIALIZER;
+ static Dataset *sets = NULL;
+ static uint32_t set_ids = 0;
+ 
++uint32_t dataset_max_one_hashsize = 65536;
++uint32_t dataset_max_total_hashsize = 16777216;
++uint32_t dataset_used_hashsize = 0;
++
+ static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
+         DataRepType *rep);
+ 
+@@ -629,6 +634,34 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type)
+     return set;
+ }
+ 
++static bool DatasetCheckHashsize(const char *name, uint32_t hash_size)
++{
++    if (dataset_max_one_hashsize > 0 && hash_size > dataset_max_one_hashsize) {
++        SCLogError("hashsize %u in dataset '%s' exceeds configured 'single-hashsize' limit (%u)",
++                hash_size, name, dataset_max_one_hashsize);
++        return false;
++    }
++    // we cannot underflow as we know from conf loading that
++    // dataset_max_total_hashsize >= dataset_max_one_hashsize if dataset_max_total_hashsize > 0
++    if (dataset_max_total_hashsize > 0 &&
++            dataset_max_total_hashsize - hash_size < dataset_used_hashsize) {
++        SCLogError("hashsize %u in dataset '%s' exceeds configured 'total-hashsizes' limit (%u, in "
++                   "use %u)",
++                hash_size, name, dataset_max_total_hashsize, dataset_used_hashsize);
++        return false;
++    }
++
++    return true;
++}
++
++static void DatasetUpdateHashsize(const char *name, uint32_t hash_size)
++{
++    if (dataset_max_total_hashsize > 0) {
++        dataset_used_hashsize += hash_size;
++        SCLogDebug("set %s adding with hash_size %u", name, hash_size);
++    }
++}
++
+ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
+         uint64_t memcap, uint32_t hashsize)
+ {
+@@ -682,6 +715,10 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
+         hashsize = default_hashsize;
+     }
+ 
++    if (!DatasetCheckHashsize(name, hashsize)) {
++        goto out_err;
++    }
++
+     set = DatasetAlloc(name);
+     if (set == NULL) {
+         goto out_err;
+@@ -755,6 +792,10 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
+     set->next = sets;
+     sets = set;
+ 
++    /* hash size accounting */
++    DEBUG_VALIDATE_BUG_ON(set->hash->config.hash_size != hashsize);
++    DatasetUpdateHashsize(set->name, set->hash->config.hash_size);
++
+     SCMutexUnlock(&sets_lock);
+     return set;
+ out_err:
+@@ -796,6 +837,9 @@ void DatasetReload(void)
+             continue;
+         }
+         set->hidden = true;
++        if (dataset_max_total_hashsize > 0) {
++            dataset_used_hashsize -= set->hash->config.hash_size;
++        }
+         SCLogDebug("Set %s at %p hidden successfully", set->name, set);
+         set = set->next;
+     }
+@@ -863,6 +907,27 @@ int DatasetsInit(void)
+     uint32_t default_hashsize = 0;
+     GetDefaultMemcap(&default_memcap, &default_hashsize);
+     if (datasets != NULL) {
++        const char *str = NULL;
++        if (ConfGet("datasets.limits.total-hashsizes", &str) == 1) {
++            if (ParseSizeStringU32(str, &dataset_max_total_hashsize) < 0) {
++                FatalError("failed to parse datasets.limits.total-hashsizes value: %s", str);
++            }
++        }
++        if (ConfGet("datasets.limits.single-hashsize", &str) == 1) {
++            if (ParseSizeStringU32(str, &dataset_max_one_hashsize) < 0) {
++                FatalError("failed to parse datasets.limits.single-hashsize value: %s", str);
++            }
++        }
++        if (dataset_max_total_hashsize > 0 &&
++                dataset_max_total_hashsize < dataset_max_one_hashsize) {
++            FatalError("total-hashsizes (%u) cannot be smaller than single-hashsize (%u)",
++                    dataset_max_total_hashsize, dataset_max_one_hashsize);
++        }
++        if (dataset_max_total_hashsize > 0 && dataset_max_one_hashsize == 0) {
++            // the total limit also applies for single limit
++            dataset_max_one_hashsize = dataset_max_total_hashsize;
++        }
++
+         int list_pos = 0;
+         ConfNode *iter = NULL;
+         TAILQ_FOREACH(iter, &datasets->head, next) {
+diff --git a/src/util-thash.c b/src/util-thash.c
+index 6443990..3fba3ef 100644
+--- a/src/util-thash.c
++++ b/src/util-thash.c
+@@ -310,16 +310,11 @@ THashTableContext *THashInit(const char *cnf_prefix, size_t data_size,
+     ctx->config.hash_size = hashsize > 0 ? hashsize : THASH_DEFAULT_HASHSIZE;
+     /* Reset memcap in case of loading from file to the highest possible value
+      unless defined by the rule keyword */
+-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+-    // limit memcap size to default when fuzzing
+-    ctx->config.memcap = THASH_DEFAULT_MEMCAP;
+-#else
+     if (memcap > 0) {
+         ctx->config.memcap = memcap;
+     } else {
+         ctx->config.memcap = reset_memcap ? UINT64_MAX : THASH_DEFAULT_MEMCAP;
+     }
+-#endif
+     ctx->config.prealloc = THASH_DEFAULT_PREALLOC;
+ 
+     SC_ATOMIC_INIT(ctx->counter);
+diff --git a/suricata.yaml.in b/suricata.yaml.in
+index 6303991..b218515 100644
+--- a/suricata.yaml.in
++++ b/suricata.yaml.in
+@@ -1167,6 +1167,14 @@ datasets:
+     #memcap: 100mb
+     #hashsize: 2048
+ 
++  # Limits for per rule dataset instances to avoid rules using too many
++  # resources.
++  limits:
++    # Max value for per dataset `hashsize` setting
++    #single-hashsize: 65536
++    # Max combined hashsize values for all datasets.
++    #total-hashsizes: 16777216
++
+   rules:
+     # Set to true to allow absolute filenames and filenames that use
+     # ".." components to reference parent directories in rules that specify
+-- 
+2.49.0
+
diff --git a/recipes-ids/suricata/files/CVE-2025-29916-03.patch b/recipes-ids/suricata/files/CVE-2025-29916-03.patch
new file mode 100644
index 0000000..73e66a2
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-29916-03.patch
@@ -0,0 +1,55 @@
+From d86c5f9f0c75736d4fce93e27c0773fcb27e1047 Mon Sep 17 00:00:00 2001
+From: Victor Julien <vjulien@oisf.net>
+Date: Mon, 17 Mar 2025 21:19:13 +0100
+Subject: [PATCH] datasets: set higher hashsize limits
+
+To avoid possible upgrade issues, allow higher defaults than in the
+master branch. Add some upgrade guidance and a note that defaults will
+probably be further reduced.
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/d86c5f9f0c75736d4fce93e27c0773fcb27e1047]
+CVE: CVE-2025-29916
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/datasets.c   | 5 +++--
+ suricata.yaml.in | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/datasets.c b/src/datasets.c
+index 0729894..f99f63c 100644
+--- a/src/datasets.c
++++ b/src/datasets.c
+@@ -45,8 +45,9 @@ SCMutex sets_lock = SCMUTEX_INITIALIZER;
+ static Dataset *sets = NULL;
+ static uint32_t set_ids = 0;
+ 
+-uint32_t dataset_max_one_hashsize = 65536;
+-uint32_t dataset_max_total_hashsize = 16777216;
++/* 4x what we set in master to allow a smoother upgrade path */
++uint32_t dataset_max_one_hashsize = 262144;
++uint32_t dataset_max_total_hashsize = 67108864;
+ uint32_t dataset_used_hashsize = 0;
+ 
+ static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
+diff --git a/suricata.yaml.in b/suricata.yaml.in
+index b218515..59db9ef 100644
+--- a/suricata.yaml.in
++++ b/suricata.yaml.in
+@@ -1169,11 +1169,12 @@ datasets:
+ 
+   # Limits for per rule dataset instances to avoid rules using too many
+   # resources.
++  # Note: in Suricata 8 the built-in default will be set to lower values.
+   limits:
+     # Max value for per dataset `hashsize` setting
+-    #single-hashsize: 65536
++    #single-hashsize: 262144
+     # Max combined hashsize values for all datasets.
+-    #total-hashsizes: 16777216
++    #total-hashsizes: 67108864
+ 
+   rules:
+     # Set to true to allow absolute filenames and filenames that use
+-- 
+2.49.0
+
diff --git a/recipes-ids/suricata/files/CVE-2025-29917.patch b/recipes-ids/suricata/files/CVE-2025-29917.patch
new file mode 100644
index 0000000..8b30dbf
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-29917.patch
@@ -0,0 +1,115 @@
+From bab716776ba3561cfbfd1a57fc18ff1f6859f019 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Tue, 17 Dec 2024 15:06:25 +0100
+Subject: [PATCH] detect: limit base64_decode `bytes` to 64KiB
+
+Ticket: 7613
+
+Avoids potential large per-thread memory allocation. A buffer with the
+size of the largest decode_base64 buffer size setting would be allocated
+per thread. As this was a u32, it could mean a per-thread 4GiB memory
+allocation.
+
+64KiB was already the built-in default for cases where bytes size wasn't
+specified.
+
+(cherry picked from commit 32d0bd2bbb4d486623dec85a94952fde2515f2f0)
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/bab716776ba3561cfbfd1a57fc18ff1f6859f019]
+CVE: CVE-2025-29917
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ doc/userguide/rules/base64-keywords.rst |  1 +
+ src/detect-base64-decode.c              | 15 ++++++---------
+ src/detect.h                            |  2 +-
+ 3 files changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/doc/userguide/rules/base64-keywords.rst b/doc/userguide/rules/base64-keywords.rst
+index 7daf0c2..cf4e679 100644
+--- a/doc/userguide/rules/base64-keywords.rst
++++ b/doc/userguide/rules/base64-keywords.rst
+@@ -15,6 +15,7 @@ Syntax::
+     base64_decode:bytes <value>, offset <value>, relative;
+ 
+ The ``bytes`` option specifies how many bytes Suricata should decode and make available for base64_data.
++This number is limited to 64KiB.
+ The decoding will stop at the end of the buffer.
+ 
+ The ``offset`` option specifies how many bytes Suricata should skip before decoding.
+diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c
+index 25fdf10..5ae38c5 100644
+--- a/src/detect-base64-decode.c
++++ b/src/detect-base64-decode.c
+@@ -28,7 +28,7 @@
+ #define BASE64_DECODE_MAX 65535
+ 
+ typedef struct DetectBase64Decode_ {
+-    uint32_t bytes;
++    uint16_t bytes;
+     uint32_t offset;
+     uint8_t relative;
+ } DetectBase64Decode;
+@@ -111,8 +111,8 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s
+     return det_ctx->base64_decoded_len > 0;
+ }
+ 
+-static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
+-    uint32_t *offset, uint8_t *relative)
++static int DetectBase64DecodeParse(
++        const char *str, uint16_t *bytes, uint32_t *offset, uint8_t *relative)
+ {
+     const char *bytes_str = NULL;
+     const char *offset_str = NULL;
+@@ -132,7 +132,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
+ 
+     if (pcre_rc >= 3) {
+         if (pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) {
+-            if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) {
++            if (StringParseUint16(bytes, 10, 0, bytes_str) <= 0) {
+                 SCLogError("Bad value for bytes: \"%s\"", bytes_str);
+                 goto error;
+             }
+@@ -186,7 +186,7 @@ error:
+ static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s,
+     const char *str)
+ {
+-    uint32_t bytes = 0;
++    uint16_t bytes = 0;
+     uint32_t offset = 0;
+     uint8_t relative = 0;
+     DetectBase64Decode *data = NULL;
+@@ -238,9 +238,6 @@ static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s,
+         data->bytes = BASE64_DECODE_MAX;
+     }
+     if (data->bytes > de_ctx->base64_decode_max_len) {
+-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+-        data->bytes = BASE64_DECODE_MAX;
+-#endif
+         de_ctx->base64_decode_max_len = data->bytes;
+     }
+ 
+@@ -272,7 +269,7 @@ static int g_http_header_buffer_id = 0;
+ static int DetectBase64TestDecodeParse(void)
+ {
+     int retval = 0;
+-    uint32_t bytes = 0;
++    uint16_t bytes = 0;
+     uint32_t offset = 0;
+     uint8_t relative = 0;
+ 
+diff --git a/src/detect.h b/src/detect.h
+index 2760dda..fd938a1 100644
+--- a/src/detect.h
++++ b/src/detect.h
+@@ -910,7 +910,7 @@ typedef struct DetectEngineCtx_ {
+     struct SigGroupHead_ *decoder_event_sgh;
+ 
+     /* Maximum size of the buffer for decoded base64 data. */
+-    uint32_t base64_decode_max_len;
++    uint16_t base64_decode_max_len;
+ 
+     /** Store rule file and line so that parsers can use them in errors. */
+     int rule_line;
+-- 
+2.49.0
+
diff --git a/recipes-ids/suricata/files/CVE-2025-29918.patch b/recipes-ids/suricata/files/CVE-2025-29918.patch
new file mode 100644
index 0000000..da9d680
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-29918.patch
@@ -0,0 +1,49 @@
+From f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Tue, 28 Jan 2025 15:02:45 +0100
+Subject: [PATCH] detect/pcre: avoid infinite loop after negated pcre
+
+Ticket: 7526
+
+The usage of negated pcre, followed by other relative payload
+content keywords could lead to an infinite loop.
+
+This is because regular (not negated) pcre can test multiple
+occurences, but negated pcre should be tried only once.
+
+(cherry picked from commit b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b)
+
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6]
+CVE: CVE-2025-29918
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/detect-engine-content-inspection.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
+index 77ebb3f..2a789c9 100644
+--- a/src/detect-engine-content-inspection.c
++++ b/src/detect-engine-content-inspection.c
+@@ -450,7 +450,6 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
+             if (r == 0) {
+                 goto no_match;
+             }
+-
+             if (!(pe->flags & DETECT_PCRE_RELATIVE_NEXT)) {
+                 SCLogDebug("no relative match coming up, so this is a match");
+                 goto match;
+@@ -473,6 +472,11 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
+             if (det_ctx->discontinue_matching)
+                 goto no_match;
+ 
++            if (prev_offset == 0) {
++                // This happens for negated PCRE
++                // We do not search for another occurrence of this pcre
++                SCReturnInt(0);
++            }
+             det_ctx->buffer_offset = prev_buffer_offset;
+             det_ctx->pcre_match_start_offset = prev_offset;
+         } while (1);
+-- 
+2.49.0
+
diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 1cb02f4..9618c45 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -19,6 +19,11 @@ SRC_URI += " \
     file://CVE-2024-45795.patch \
     file://CVE-2024-45796.patch \
     file://CVE-2024-55605.patch \
+    file://CVE-2025-29916-01.patch \
+    file://CVE-2025-29916-02.patch \
+    file://CVE-2025-29916-03.patch \
+    file://CVE-2025-29917.patch \
+    file://CVE-2025-29918.patch \
     "
 
 inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
-- 
2.47.3

[meta-security][scarthgap][PATCH 19/32] smack: Switch to CVE_STATUS

[Scott Murray]

From: Aidan Stewart <astewart@tektelic.com>

CVE_CHECK_IGNORE has been deprecated starting with the Nanbield
release.

Signed-off-by: Aidan Stewart <astewart@tektelic.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-mac/smack/smack_1.3.1.bb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/recipes-mac/smack/smack_1.3.1.bb b/recipes-mac/smack/smack_1.3.1.bb
index 6c52392..04e7a6e 100644
--- a/recipes-mac/smack/smack_1.3.1.bb
+++ b/recipes-mac/smack/smack_1.3.1.bb
@@ -13,10 +13,9 @@ SRC_URI = " \
 
 PV = "1.3.1"
 
-# CVE-2014-0363, CVE-2014-0364, CVE-2016-10027 is valnerble for other product.
-CVE_CHECK_IGNORE += "CVE-2014-0363"
-CVE_CHECK_IGNORE += "CVE-2014-0364"
-CVE_CHECK_IGNORE += "CVE-2016-10027"
+CVE_STATUS[CVE-2014-0363] = "cpe-incorrect: Affects Ignite Realtime Smack XMPP API"
+CVE_STATUS[CVE-2014-0364] = "cpe-incorrect: Affects Ignite Realtime Smack XMPP API"
+CVE_STATUS[CVE-2016-10027] = "cpe-incorrect: Affects Ignite Realtime Smack XMPP API"
 
 inherit autotools update-rc.d pkgconfig ptest
 inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
-- 
2.47.3

[meta-security][scarthgap][PATCH 20/32] libhtp: fix CVE-2025-53537

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from
https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c && https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../suricata/files/CVE-2025-53537-001.patch   | 79 +++++++++++++++++++
 .../suricata/files/CVE-2025-53537-002.patch   | 31 ++++++++
 recipes-ids/suricata/libhtp_0.5.45.bb         |  2 +
 3 files changed, 112 insertions(+)
 create mode 100644 recipes-ids/suricata/files/CVE-2025-53537-001.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2025-53537-002.patch

diff --git a/recipes-ids/suricata/files/CVE-2025-53537-001.patch b/recipes-ids/suricata/files/CVE-2025-53537-001.patch
new file mode 100644
index 0000000..e16a59a
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-53537-001.patch
@@ -0,0 +1,79 @@
+From 226580d502ae98c148aaecc4846f78694b5e253c Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <contact@catenacyber.fr>
+Date: Tue, 11 Mar 2025 16:45:35 +0100
+Subject: [PATCH] decompressors: do not take data after end
+
+
+CVE: CVE-2025-53537
+Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ htp/htp_core.h          |  5 ++++-
+ htp/htp_decompressors.c | 21 ++++++++++++---------
+ 2 files changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/htp/htp_core.h b/htp/htp_core.h
+index 7c23212..fb142c9 100644
+--- a/htp/htp_core.h
++++ b/htp/htp_core.h
+@@ -161,7 +161,10 @@ enum htp_content_encoding_t {
+     HTP_COMPRESSION_DEFLATE = 3,
+ 
+     /** LZMA compression. */
+-    HTP_COMPRESSION_LZMA = 4
++    HTP_COMPRESSION_LZMA = 4,
++
++    /** No more data. */
++    HTP_COMPRESSION_OVER = 5
+ };
+ 
+ /**
+diff --git a/htp/htp_decompressors.c b/htp/htp_decompressors.c
+index 19950df..0d94c30 100644
+--- a/htp/htp_decompressors.c
++++ b/htp/htp_decompressors.c
+@@ -203,6 +203,8 @@ htp_status_t htp_gzip_decompressor_decompress(htp_decompressor_t *drec1, htp_tx_
+         }
+ 
+         return HTP_OK;
++    } else if (drec->zlib_initialized == HTP_COMPRESSION_OVER) {
++        return HTP_ERROR;
+     }
+ 
+     if (d->data == NULL) {
+@@ -316,15 +318,9 @@ restart:
+             // no initialization means previous error on stream
+             return HTP_ERROR;
+         }
+-        if (GZIP_BUF_SIZE > drec->stream.avail_out) {
+-            if (rc == Z_DATA_ERROR) {
+-                // There is data even if there is an error
+-                // So use this data and log a warning
+-                htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
+-                rc = Z_STREAM_END;
+-            }
+-        }
+-        if (rc == Z_STREAM_END) {
++
++	int error_after_data = (rc == Z_DATA_ERROR && drec->restart == 0 && GZIP_BUF_SIZE > drec->stream.avail_out);
++        if (rc == Z_STREAM_END || error_after_data) {
+             // How many bytes do we have?
+             size_t len = GZIP_BUF_SIZE - drec->stream.avail_out;
+ 
+@@ -351,6 +347,13 @@ restart:
+             drec->stream.next_out = drec->buffer;
+             // TODO Handle trailer.
+ 
++            if (error_after_data) {
++                // There is data even if there is an error
++                // So use this data and log a warning
++                htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
++                drec->zlib_initialized = HTP_COMPRESSION_OVER;
++                return HTP_ERROR;
++            }
+             return HTP_OK;
+         }
+         else if (rc != Z_OK) {
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2025-53537-002.patch b/recipes-ids/suricata/files/CVE-2025-53537-002.patch
new file mode 100644
index 0000000..ff4f1a0
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2025-53537-002.patch
@@ -0,0 +1,31 @@
+From 9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <contact@catenacyber.fr>
+Date: Tue, 17 Jun 2025 10:12:47 +0200
+Subject: [PATCH] decompressors: fix leak in lzma error case
+
+Ticket: 7766
+
+CVE: CVE-2025-53537
+Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ htp/htp_decompressors.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/htp/htp_decompressors.c b/htp/htp_decompressors.c
+index 0d94c30..ce6cfe1 100644
+--- a/htp/htp_decompressors.c
++++ b/htp/htp_decompressors.c
+@@ -351,6 +351,9 @@ restart:
+                 // There is data even if there is an error
+                 // So use this data and log a warning
+                 htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
++                if (drec->zlib_initialized == HTP_COMPRESSION_LZMA) {
++                    LzmaDec_Free(&drec->state, &lzma_Alloc);
++                }
+                 drec->zlib_initialized = HTP_COMPRESSION_OVER;
+                 return HTP_ERROR;
+             }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/libhtp_0.5.45.bb b/recipes-ids/suricata/libhtp_0.5.45.bb
index 604a0ca..b87db35 100644
--- a/recipes-ids/suricata/libhtp_0.5.45.bb
+++ b/recipes-ids/suricata/libhtp_0.5.45.bb
@@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e
 
 SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x \
            file://CVE-2024-45797.patch \
+           file://CVE-2025-53537-001.patch \
+           file://CVE-2025-53537-002.patch \
           "
 SRCREV = "8bdfe7b9d04e5e948c8fbaa7472e14d884cc00af"
 
-- 
2.47.3

[meta-security][scarthgap][PATCH 21/32] fail2ban: update to 1.1.0+

[Scott Murray]

From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>

Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.

fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.

So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.

Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables->nftables.

Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
(update PV)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 ...fail2ban_1.0.2.bb => python3-fail2ban_git.bb} | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)
 rename dynamic-layers/meta-python/recipes-security/fail2ban/{python3-fail2ban_1.0.2.bb => python3-fail2ban_git.bb} (89%)

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
similarity index 89%
rename from dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
rename to dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
index bf5f87d..444574a 100644
--- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
@@ -11,12 +11,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
 
 DEPENDS = "python3-native"
 
-SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120"
+SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"
 SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
            file://initd \
            file://run-ptest \
            "
 
+PV = "1.1.0+git${SRCPV}"
+
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
 
 inherit update-rc.d ptest setuptools3_legacy
@@ -26,16 +28,6 @@ SYSTEMD_SERVICE:${PN} = "fail2ban.service"
 
 S = "${WORKDIR}/git"
 
-do_compile () {
-    cd ${S}
-
-    #remove symlink to python3
-    # otherwise 2to3 is run against it
-    rm -f bin/fail2ban-python
-
-    ./fail2ban-2to3
-}
-
 do_install:append () {
     rm  -f ${D}/${bindir}/fail2ban-python
     install -d ${D}/${sysconfdir}/fail2ban
@@ -66,7 +58,7 @@ INITSCRIPT_PARAMS = "defaults 25"
 
 INSANE_SKIP:${PN}:append = "already-stripped"
 
-RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables python3-core python3-pyinotify"
+RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables python3-core python3-pyinotify"
 RDEPENDS:${PN} += "python3-sqlite3"
 RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
 RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
-- 
2.47.3

[meta-security][scarthgap][PATCH 22/32] suricata: Fix multiple CVEs

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

Backport fixes for:

* CVE-2024-32663 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5 && https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd
* CVE-2024-32664 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4
* CVE-2024-32867 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 && https://github.com/OISF/suricata/commit/7137d5e7ab5500f1b7f3391f8ab55a59f1e4cbd7 && https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9 && https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../suricata/files/CVE-2024-32663-001.patch   | 294 +++++++++
 .../suricata/files/CVE-2024-32663-002.patch   |  70 +++
 .../suricata/files/CVE-2024-32664.patch       |  53 ++
 .../suricata/files/CVE-2024-32867-001.patch   | 235 +++++++
 .../suricata/files/CVE-2024-32867-002.patch   | 591 ++++++++++++++++++
 .../suricata/files/CVE-2024-32867-003.patch   | 472 ++++++++++++++
 .../suricata/files/CVE-2024-32867-004.patch   | 169 +++++
 recipes-ids/suricata/suricata_7.0.0.bb        |   7 +
 8 files changed, 1891 insertions(+)
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32663-001.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32663-002.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32664.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32867-001.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32867-002.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32867-003.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-32867-004.patch

diff --git a/recipes-ids/suricata/files/CVE-2024-32663-001.patch b/recipes-ids/suricata/files/CVE-2024-32663-001.patch
new file mode 100644
index 0000000..f07904a
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32663-001.patch
@@ -0,0 +1,294 @@
+From e68ec4b227d19498f364a41eb25d3182f0383ca5 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Wed, 27 Mar 2024 14:33:54 +0100
+Subject: [PATCH] http2: use a reference counter for headers
+
+Ticket: 6892
+
+As HTTP hpack header compression allows one single byte to
+express a previously seen arbitrary-size header block (name+value)
+we should avoid to copy the vectors data, but just point
+to the same data, while reamining memory safe, even in the case
+of later headers eviction from the dybnamic table.
+
+Rust std solution is Rc, and the use of clone, so long as the
+data is accessed by only one thread.
+
+(cherry picked from commit 390f09692eb99809c679d3f350c7cc185d163e1a)
+
+CVE: CVE-2024-32663
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ rust/src/http2/detect.rs | 19 +++++++------
+ rust/src/http2/http2.rs  |  2 +-
+ rust/src/http2/parser.rs | 61 +++++++++++++++++++++-------------------
+ 3 files changed, 43 insertions(+), 39 deletions(-)
+
+diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs
+index 99261ad..904b9ad 100644
+--- a/rust/src/http2/detect.rs
++++ b/rust/src/http2/detect.rs
+@@ -23,6 +23,7 @@ use crate::core::Direction;
+ use crate::detect::uint::{detect_match_uint, DetectUintData};
+ use std::ffi::CStr;
+ use std::str::FromStr;
++use std::rc::Rc;
+ 
+ fn http2_tx_has_frametype(
+     tx: &mut HTTP2Transaction, direction: Direction, value: u8,
+@@ -404,7 +405,7 @@ fn http2_frames_get_header_firstvalue<'a>(
+     for frame in frames {
+         if let Some(blocks) = http2_header_blocks(frame) {
+             for block in blocks.iter() {
+-                if block.name == name.as_bytes() {
++                if block.name.as_ref() == name.as_bytes() {
+                     return Ok(&block.value);
+                 }
+             }
+@@ -428,7 +429,7 @@ pub fn http2_frames_get_header_value_vec(
+     for frame in frames {
+         if let Some(blocks) = http2_header_blocks(frame) {
+             for block in blocks.iter() {
+-                if block.name == name.as_bytes() {
++                if block.name.as_ref() == name.as_bytes() {
+                     if found == 0 {
+                         vec.extend_from_slice(&block.value);
+                         found = 1;
+@@ -465,7 +466,7 @@ fn http2_frames_get_header_value<'a>(
+     for frame in frames {
+         if let Some(blocks) = http2_header_blocks(frame) {
+             for block in blocks.iter() {
+-                if block.name == name.as_bytes() {
++                if block.name.as_ref() == name.as_bytes() {
+                     if found == 0 {
+                         single = Ok(&block.value);
+                         found = 1;
+@@ -905,8 +906,8 @@ fn http2_tx_set_header(state: &mut HTTP2State, name: &[u8], input: &[u8]) {
+     };
+     let mut blocks = Vec::new();
+     let b = parser::HTTP2FrameHeaderBlock {
+-        name: name.to_vec(),
+-        value: input.to_vec(),
++        name: Rc::new(name.to_vec()),
++        value: Rc::new(input.to_vec()),
+         error: parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
+         sizeupdate: 0,
+     };
+@@ -1061,15 +1062,15 @@ mod tests {
+         };
+         let mut blocks = Vec::new();
+         let b = parser::HTTP2FrameHeaderBlock {
+-            name: "Host".as_bytes().to_vec(),
+-            value: "abc.com".as_bytes().to_vec(),
++            name: "Host".as_bytes().to_vec().into(),
++            value: "abc.com".as_bytes().to_vec().into(),
+             error: parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
+             sizeupdate: 0,
+         };
+         blocks.push(b);
+         let b2 = parser::HTTP2FrameHeaderBlock {
+-            name: "Host".as_bytes().to_vec(),
+-            value: "efg.net".as_bytes().to_vec(),
++            name: "Host".as_bytes().to_vec().into(),
++            value: "efg.net".as_bytes().to_vec().into(),
+             error: parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
+             sizeupdate: 0,
+         };
+diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs
+index 326030f..d14ca06 100644
+--- a/rust/src/http2/http2.rs
++++ b/rust/src/http2/http2.rs
+@@ -204,7 +204,7 @@ impl HTTP2Transaction {
+ 
+     fn handle_headers(&mut self, blocks: &[parser::HTTP2FrameHeaderBlock], dir: Direction) {
+         for block in blocks {
+-            if block.name == b"content-encoding" {
++            if block.name.as_ref() == b"content-encoding" {
+                 self.decoder.http2_encoding_fromvec(&block.value, dir);
+             }
+         }
+diff --git a/rust/src/http2/parser.rs b/rust/src/http2/parser.rs
+index adabeb2..1a46437 100644
+--- a/rust/src/http2/parser.rs
++++ b/rust/src/http2/parser.rs
+@@ -30,6 +30,7 @@ use nom7::sequence::tuple;
+ use nom7::{Err, IResult};
+ use std::fmt;
+ use std::str::FromStr;
++use std::rc::Rc;
+ 
+ #[repr(u8)]
+ #[derive(Clone, Copy, PartialEq, Eq, FromPrimitive, Debug)]
+@@ -295,8 +296,8 @@ fn http2_frame_header_static(n: u64, dyn_headers: &HTTP2DynTable) -> Option<HTTP
+     };
+     if !name.is_empty() {
+         return Some(HTTP2FrameHeaderBlock {
+-            name: name.as_bytes().to_vec(),
+-            value: value.as_bytes().to_vec(),
++            name: Rc::new(name.as_bytes().to_vec()),
++            value: Rc::new(value.as_bytes().to_vec()),
+             error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
+             sizeupdate: 0,
+         });
+@@ -304,23 +305,23 @@ fn http2_frame_header_static(n: u64, dyn_headers: &HTTP2DynTable) -> Option<HTTP
+         //use dynamic table
+         if n == 0 {
+             return Some(HTTP2FrameHeaderBlock {
+-                name: Vec::new(),
+-                value: Vec::new(),
++                name: Rc::new(Vec::new()),
++                value: Rc::new(Vec::new()),
+                 error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIndex0,
+                 sizeupdate: 0,
+             });
+         } else if dyn_headers.table.len() + HTTP2_STATIC_HEADERS_NUMBER < n as usize {
+             return Some(HTTP2FrameHeaderBlock {
+-                name: Vec::new(),
+-                value: Vec::new(),
++                name: Rc::new(Vec::new()),
++                value: Rc::new(Vec::new()),
+                 error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeNotIndexed,
+                 sizeupdate: 0,
+             });
+         } else {
+             let indyn = dyn_headers.table.len() - (n as usize - HTTP2_STATIC_HEADERS_NUMBER);
+             let headcopy = HTTP2FrameHeaderBlock {
+-                name: dyn_headers.table[indyn].name.to_vec(),
+-                value: dyn_headers.table[indyn].value.to_vec(),
++                name: dyn_headers.table[indyn].name.clone(),
++                value: dyn_headers.table[indyn].value.clone(),
+                 error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
+                 sizeupdate: 0,
+             };
+@@ -348,8 +349,10 @@ impl fmt::Display for HTTP2HeaderDecodeStatus {
+ 
+ #[derive(Clone, Debug)]
+ pub struct HTTP2FrameHeaderBlock {
+-    pub name: Vec<u8>,
+-    pub value: Vec<u8>,
++    // Use Rc reference counted so that indexed headers do not get copied.
++    // Otherwise, this leads to quadratic complexity in memory occupation.
++    pub name: Rc<Vec<u8>>,
++    pub value: Rc<Vec<u8>>,
+     pub error: HTTP2HeaderDecodeStatus,
+     pub sizeupdate: u64,
+ }
+@@ -391,7 +394,7 @@ fn http2_parse_headers_block_literal_common<'a>(
+ ) -> IResult<&'a [u8], HTTP2FrameHeaderBlock> {
+     let (i3, name, error) = if index == 0 {
+         match http2_parse_headers_block_string(input) {
+-            Ok((r, n)) => Ok((r, n, HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess)),
++            Ok((r, n)) => Ok((r, Rc::new(n), HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess)),
+             Err(e) => Err(e),
+         }
+     } else {
+@@ -403,7 +406,7 @@ fn http2_parse_headers_block_literal_common<'a>(
+             )),
+             None => Ok((
+                 input,
+-                Vec::new(),
++                Rc::new(Vec::new()),
+                 HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeNotIndexed,
+             )),
+         }
+@@ -413,7 +416,7 @@ fn http2_parse_headers_block_literal_common<'a>(
+         i4,
+         HTTP2FrameHeaderBlock {
+             name,
+-            value,
++            value: Rc::new(value),
+             error,
+             sizeupdate: 0,
+         },
+@@ -435,8 +438,8 @@ fn http2_parse_headers_block_literal_incindex<'a>(
+     match r {
+         Ok((r, head)) => {
+             let headcopy = HTTP2FrameHeaderBlock {
+-                name: head.name.to_vec(),
+-                value: head.value.to_vec(),
++                name: head.name.clone(),
++                value: head.value.clone(),
+                 error: head.error,
+                 sizeupdate: 0,
+             };
+@@ -556,8 +559,8 @@ fn http2_parse_headers_block_dynamic_size<'a>(
+     return Ok((
+         i3,
+         HTTP2FrameHeaderBlock {
+-            name: Vec::new(),
+-            value: Vec::new(),
++            name: Rc::new(Vec::new()),
++            value: Rc::new(Vec::new()),
+             error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSizeUpdate,
+             sizeupdate: maxsize2,
+         },
+@@ -614,8 +617,8 @@ fn http2_parse_headers_blocks<'a>(
+                 // if we error from http2_parse_var_uint, we keep the first parsed headers
+                 if err.code == ErrorKind::LengthValue {
+                     blocks.push(HTTP2FrameHeaderBlock {
+-                        name: Vec::new(),
+-                        value: Vec::new(),
++                        name: Rc::new(Vec::new()),
++                        value: Rc::new(Vec::new()),
+                         error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIntegerOverflow,
+                         sizeupdate: 0,
+                     });
+@@ -765,8 +768,8 @@ mod tests {
+         match r0 {
+             Ok((remainder, hd)) => {
+                 // Check the first message.
+-                assert_eq!(hd.name, ":method".as_bytes().to_vec());
+-                assert_eq!(hd.value, "GET".as_bytes().to_vec());
++                assert_eq!(hd.name, ":method".as_bytes().to_vec().into());
++                assert_eq!(hd.value, "GET".as_bytes().to_vec().into());
+                 // And we should have no bytes left.
+                 assert_eq!(remainder.len(), 0);
+             }
+@@ -782,8 +785,8 @@ mod tests {
+         match r1 {
+             Ok((remainder, hd)) => {
+                 // Check the first message.
+-                assert_eq!(hd.name, "accept".as_bytes().to_vec());
+-                assert_eq!(hd.value, "*/*".as_bytes().to_vec());
++                assert_eq!(hd.name, "accept".as_bytes().to_vec().into());
++                assert_eq!(hd.value, "*/*".as_bytes().to_vec().into());
+                 // And we should have no bytes left.
+                 assert_eq!(remainder.len(), 0);
+                 assert_eq!(dynh.table.len(), 1);
+@@ -802,8 +805,8 @@ mod tests {
+         match result {
+             Ok((remainder, hd)) => {
+                 // Check the first message.
+-                assert_eq!(hd.name, ":authority".as_bytes().to_vec());
+-                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec());
++                assert_eq!(hd.name, ":authority".as_bytes().to_vec().into());
++                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec().into());
+                 // And we should have no bytes left.
+                 assert_eq!(remainder.len(), 0);
+                 assert_eq!(dynh.table.len(), 2);
+@@ -820,8 +823,8 @@ mod tests {
+         match r3 {
+             Ok((remainder, hd)) => {
+                 // same as before
+-                assert_eq!(hd.name, ":authority".as_bytes().to_vec());
+-                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec());
++                assert_eq!(hd.name, ":authority".as_bytes().to_vec().into());
++                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec().into());
+                 // And we should have no bytes left.
+                 assert_eq!(remainder.len(), 0);
+                 assert_eq!(dynh.table.len(), 2);
+@@ -856,8 +859,8 @@ mod tests {
+         match r2 {
+             Ok((remainder, hd)) => {
+                 // Check the first message.
+-                assert_eq!(hd.name, ":path".as_bytes().to_vec());
+-                assert_eq!(hd.value, "/doc/manual/html/index.html".as_bytes().to_vec());
++                assert_eq!(hd.name, ":path".as_bytes().to_vec().into());
++                assert_eq!(hd.value, "/doc/manual/html/index.html".as_bytes().to_vec().into());
+                 // And we should have no bytes left.
+                 assert_eq!(remainder.len(), 0);
+                 assert_eq!(dynh.table.len(), 2);
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-32663-002.patch b/recipes-ids/suricata/files/CVE-2024-32663-002.patch
new file mode 100644
index 0000000..a57f58f
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32663-002.patch
@@ -0,0 +1,70 @@
+From c0af92295e833d1db29b184d63cd3b829451d7fd Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 28 Mar 2024 11:15:51 +0100
+Subject: [PATCH] http2: do not log duplicate headers
+
+Ticket: 6900
+
+And thus avoid DOS by logging a request using a compressed
+header block repeated many times and having a long value...
+
+(cherry picked from commit 03442c9071b8d863d26b609d54c6eacf4de9e340)
+
+CVE: CVE-2024-32663
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ rust/src/http2/logger.rs | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/rust/src/http2/logger.rs b/rust/src/http2/logger.rs
+index d25f852..a117a54 100644
+--- a/rust/src/http2/logger.rs
++++ b/rust/src/http2/logger.rs
+@@ -19,7 +19,8 @@ use super::http2::{HTTP2Frame, HTTP2FrameTypeData, HTTP2Transaction};
+ use super::parser;
+ use crate::jsonbuilder::{JsonBuilder, JsonError};
+ use std;
+-use std::collections::HashMap;
++use std::collections::{HashMap, HashSet};
++use std::rc::Rc;
+ 
+ #[derive(Hash, PartialEq, Eq, Debug)]
+ enum HeaderName {
+@@ -35,10 +36,20 @@ fn log_http2_headers<'a>(
+     blocks: &'a [parser::HTTP2FrameHeaderBlock], js: &mut JsonBuilder,
+     common: &mut HashMap<HeaderName, &'a Vec<u8>>,
+ ) -> Result<(), JsonError> {
++    let mut logged_headers = HashSet::new();
+     for block in blocks {
+-        js.start_object()?;
++        // delay js.start_object() because we skip suplicate headers
+         match block.error {
+             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess => {
++                if Rc::strong_count(&block.name) > 2 {
++                    // more than one reference in headers table + current headers
++                    let ptr = Rc::as_ptr(&block.name) as usize;
++                    if !logged_headers.insert(ptr) {
++                        // only log once
++                        continue;
++                    }
++                }
++                js.start_object()?;
+                 js.set_string_from_bytes("name", &block.name)?;
+                 js.set_string_from_bytes("value", &block.value)?;
+                 if let Ok(name) = std::str::from_utf8(&block.name) {
+@@ -66,9 +77,11 @@ fn log_http2_headers<'a>(
+                 }
+             }
+             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSizeUpdate => {
++                js.start_object()?;
+                 js.set_uint("table_size_update", block.sizeupdate)?;
+             }
+             _ => {
++                js.start_object()?;
+                 js.set_string("error", &block.error.to_string())?;
+             }
+         }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-32664.patch b/recipes-ids/suricata/files/CVE-2024-32664.patch
new file mode 100644
index 0000000..ee55b25
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32664.patch
@@ -0,0 +1,53 @@
+From d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 28 Mar 2024 14:00:02 +0100
+Subject: [PATCH] util/base64: fix buffer overflow
+
+Ticket: 6902
+
+In case the caller of DecodeBase64 does not supply a big enough
+output buffer.
+
+(cherry picked from commit fd47e67dc65f9111895c88fb406c938b1f857325)
+
+CVE: CVE-2024-32664
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/util-base64.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/util-base64.c b/src/util-base64.c
+index 4a4a5d1..d973f0e 100644
+--- a/src/util-base64.c
++++ b/src/util-base64.c
+@@ -156,6 +156,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
+                 ecode = BASE64_ECODE_BUF;
+                 break;
+             }
++            if (dest_size - *decoded_bytes < ASCII_BLOCK)
++                return BASE64_ECODE_BUF;
+ 
+             /* Decode base-64 block into ascii block and move pointer */
+             DecodeBase64Block(dptr, b64);
+@@ -183,7 +185,7 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
+         /* if the destination size is not at least 3 Bytes long, it'll give a dynamic
+          * buffer overflow while decoding, so, return and let the caller take care of the
+          * remaining bytes to be decoded which should always be < 4 at this stage */
+-        if (dest_size - *decoded_bytes < 3)
++        if (dest_size - *decoded_bytes < ASCII_BLOCK)
+             return BASE64_ECODE_BUF;
+         *decoded_bytes += numDecoded_blk;
+         DecodeBase64Block(dptr, b64);
+@@ -193,6 +195,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
+     /* Finish remaining b64 bytes by padding */
+     if (valid && bbidx > 0 && (mode != BASE64_MODE_RFC2045)) {
+         /* Decode remaining */
++        if (dest_size - *decoded_bytes < ASCII_BLOCK)
++            return BASE64_ECODE_BUF;
+         *decoded_bytes += ASCII_BLOCK - (B64_BLOCK - bbidx);
+         DecodeBase64Block(dptr, b64);
+     }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-001.patch b/recipes-ids/suricata/files/CVE-2024-32867-001.patch
new file mode 100644
index 0000000..68bd6ea
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32867-001.patch
@@ -0,0 +1,235 @@
+From 2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Tue, 28 Nov 2023 12:35:26 -0600
+Subject: [PATCH] defrag: check next fragment for overlap before stopping
+ re-assembly
+
+Instead of breaking the loop when the current fragment does not have
+any more fragments, set a flag and continue to the next fragment as
+the next fragment may have data that occurs before this fragment, but
+overlaps it.
+
+Then break if the next fragment does not overlap the previous.
+
+Bug: #6668
+(cherry picked from commit d0fd0782505d837e691ceef1b801776f0db82726)
+
+CVE: CVE-2024-32867
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/defrag.c | 145 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 139 insertions(+), 6 deletions(-)
+
+diff --git a/src/defrag.c b/src/defrag.c
+index 38704c9..e154899 100644
+--- a/src/defrag.c
++++ b/src/defrag.c
+@@ -295,10 +295,20 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
+     uint16_t hlen = 0;
+     int ip_hdr_offset = 0;
+ 
++    /* Assume more frags. */
++    uint16_t prev_offset = 0;
++    bool more_frags = 1;
++
+     RB_FOREACH(frag, IP_FRAGMENTS, &tracker->fragment_tree) {
+         SCLogDebug("frag %p, data_len %u, offset %u, pcap_cnt %"PRIu64,
+                 frag, frag->data_len, frag->offset, frag->pcap_cnt);
+ 
++        /* Previous fragment has no more fragments, and this packet
++         * doesn't overlap. We're done. */
++        if (!more_frags && frag->offset > prev_offset) {
++            break;
++        }
++
+         if (frag->skip)
+             continue;
+         if (frag->ltrim >= frag->data_len)
+@@ -339,9 +349,16 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
+                 fragmentable_len = frag->offset + frag->data_len;
+         }
+ 
+-        if (!frag->more_frags) {
+-            break;
+-        }
++        /* Even if this fragment is flagged as having no more
++         * fragments, still continue. The next fragment may have the
++         * same offset with data that is preferred.
++         *
++         * For example, DefragBsdFragmentAfterNoMfIpv{4,6}Test
++         *
++         * This is due to not all fragments being completely trimmed,
++         * but relying on the copy ordering. */
++        more_frags = frag->more_frags;
++        prev_offset = frag->offset;
+     }
+ 
+     SCLogDebug("ip_hdr_offset %u, hlen %" PRIu16 ", fragmentable_len %" PRIu16, ip_hdr_offset, hlen,
+@@ -436,7 +453,15 @@ Defrag6Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
+     uint16_t fragmentable_len = 0;
+     int ip_hdr_offset = 0;
+     uint8_t next_hdr = 0;
++
++    /* Assume more frags. */
++    uint16_t prev_offset = 0;
++    bool more_frags = 1;
++
+     RB_FOREACH(frag, IP_FRAGMENTS, &tracker->fragment_tree) {
++        if (!more_frags && frag->offset > prev_offset) {
++            break;
++        }
+         if (frag->skip)
+             continue;
+         if (frag->data_len - frag->ltrim <= 0)
+@@ -481,9 +506,16 @@ Defrag6Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
+                 fragmentable_len = frag->offset + frag->data_len;
+         }
+ 
+-        if (!frag->more_frags) {
+-            break;
+-        }
++        /* Even if this fragment is flagged as having no more
++         * fragments, still continue. The next fragment may have the
++         * same offset with data that is preferred.
++         *
++         * For example, DefragBsdFragmentAfterNoMfIpv{4,6}Test
++         *
++         * This is due to not all fragments being completely trimmed,
++         * but relying on the copy ordering. */
++        more_frags = frag->more_frags;
++        prev_offset = frag->offset;
+     }
+ 
+     rp->ip6h = (IPV6Hdr *)(GET_PKT_DATA(rp) + ip_hdr_offset);
+@@ -2374,6 +2406,10 @@ static int DefragMfIpv4Test(void)
+      * fragments should be in the re-assembled packet. */
+     FAIL_IF(IPV4_GET_IPLEN(p) != 36);
+ 
++    /* Verify the payload of the IPv4 packet. */
++    uint8_t expected_payload[] = "AAAAAAAABBBBBBBB";
++    FAIL_IF(memcmp(GET_PKT_DATA(p) + sizeof(IPV4Hdr), expected_payload, sizeof(expected_payload)));
++
+     SCFree(p1);
+     SCFree(p2);
+     SCFree(p3);
+@@ -2417,6 +2453,10 @@ static int DefragMfIpv6Test(void)
+      * of 2 fragments, so 16. */
+     FAIL_IF(IPV6_GET_PLEN(p) != 16);
+ 
++    /* Verify the payload of the IPv4 packet. */
++    uint8_t expected_payload[] = "AAAAAAAABBBBBBBB";
++    FAIL_IF(memcmp(GET_PKT_DATA(p) + sizeof(IPV6Hdr), expected_payload, sizeof(expected_payload)));
++
+     SCFree(p1);
+     SCFree(p2);
+     SCFree(p3);
+@@ -2510,6 +2550,96 @@ static int DefragTestJeremyLinux(void)
+     PASS;
+ }
+ 
++static int DefragBsdFragmentAfterNoMfIpv4Test(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[4];
++
++    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 24 >> 3, 0, 'A', 16);
++    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 8 >> 3, 1, 'B', 16);
++    packets[2] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 16 >> 3, 1, 'C', 16);
++    packets[3] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 0, 1, 'D', 8);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[2]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[3]);
++    FAIL_IF_NULL(r);
++
++    // clang-format off
++    uint8_t expected[] = {
++	'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D',
++	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
++	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
++	'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C',
++	'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A',
++    };
++    // clang-format on
++
++    if (memcmp(expected, GET_PKT_DATA(r) + 20, sizeof(expected)) != 0) {
++        printf("Expected:\n");
++        PrintRawDataFp(stdout, expected, sizeof(expected));
++        printf("Got:\n");
++        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 20, GET_PKT_LEN(r) - 20);
++        FAIL;
++    }
++
++    DefragDestroy();
++    PASS;
++}
++
++static int DefragBsdFragmentAfterNoMfIpv6Test(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[4];
++
++    packets[0] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 24 >> 3, 0, 'A', 16);
++    packets[1] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 8 >> 3, 1, 'B', 16);
++    packets[2] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 16 >> 3, 1, 'C', 16);
++    packets[3] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 0, 1, 'D', 8);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[2]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[3]);
++    FAIL_IF_NULL(r);
++
++    // clang-format off
++    uint8_t expected[] = {
++	'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D',
++	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
++	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
++	'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C',
++	'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A',
++    };
++    // clang-format on
++
++    if (memcmp(expected, GET_PKT_DATA(r) + 40, sizeof(expected)) != 0) {
++        printf("Expected:\n");
++        PrintRawDataFp(stdout, expected, sizeof(expected));
++        printf("Got:\n");
++        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 40, GET_PKT_LEN(r) - 40);
++        FAIL;
++    }
++
++    DefragDestroy();
++    PASS;
++}
++
+ #endif /* UNITTESTS */
+ 
+ void DefragRegisterTests(void)
+@@ -2555,5 +2685,8 @@ void DefragRegisterTests(void)
+     UtRegisterTest("DefragTestBadProto", DefragTestBadProto);
+ 
+     UtRegisterTest("DefragTestJeremyLinux", DefragTestJeremyLinux);
++
++    UtRegisterTest("DefragBsdFragmentAfterNoMfIpv4Test", DefragBsdFragmentAfterNoMfIpv4Test);
++    UtRegisterTest("DefragBsdFragmentAfterNoMfIpv6Test", DefragBsdFragmentAfterNoMfIpv6Test);
+ #endif /* UNITTESTS */
+ }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-002.patch b/recipes-ids/suricata/files/CVE-2024-32867-002.patch
new file mode 100644
index 0000000..cfddce2
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32867-002.patch
@@ -0,0 +1,591 @@
+From 7137d5e7ab5500f1b7f3391f8ab55a59f1e4cbd7 Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Mon, 27 Nov 2023 16:27:27 -0600
+Subject: [PATCH] defrag: consistent unit test naming
+
+Use a more consistent naming scheme between ipv4 and ipv6.
+
+(cherry picked from commit 2f00b5870abc6053fca8271a0a827babc03d56f0)
+
+CVE: CVE-2024-32867
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/7137d5e7ab5500f1b7f3391f8ab55a59f1e4cbd7]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/defrag.c | 217 ++++++++++++++++++++++++---------------------------
+ 1 file changed, 102 insertions(+), 115 deletions(-)
+
+diff --git a/src/defrag.c b/src/defrag.c
+index e154899..99fbab3 100644
+--- a/src/defrag.c
++++ b/src/defrag.c
+@@ -1125,8 +1125,8 @@ void DefragDestroy(void)
+  * Allocate a test packet.  Nothing to fancy, just a simple IP packet
+  * with some payload of no particular protocol.
+  */
+-static Packet *BuildTestPacket(uint8_t proto, uint16_t id, uint16_t off, int mf,
+-        const char content, int content_len)
++static Packet *BuildIpv4TestPacket(
++        uint8_t proto, uint16_t id, uint16_t off, int mf, const char content, int content_len)
+ {
+     Packet *p = NULL;
+     int hlen = 20;
+@@ -1199,8 +1199,8 @@ error:
+     return NULL;
+ }
+ 
+-static Packet *IPV6BuildTestPacket(uint8_t proto, uint32_t id, uint16_t off,
+-        int mf, const char content, int content_len)
++static Packet *BuildIpv6TestPacket(
++        uint8_t proto, uint32_t id, uint16_t off, int mf, const char content, int content_len)
+ {
+     Packet *p = NULL;
+     uint8_t *pcontent;
+@@ -1283,11 +1283,11 @@ static int DefragInOrderSimpleTest(void)
+ 
+     DefragInit();
+ 
+-    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
++    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = BuildTestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
++    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
+     FAIL_IF_NULL(p2);
+-    p3 = BuildTestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
++    p3 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
+     FAIL_IF_NULL(p3);
+ 
+     FAIL_IF(Defrag(NULL, NULL, p1) != NULL);
+@@ -1335,11 +1335,11 @@ static int DefragReverseSimpleTest(void)
+ 
+     DefragInit();
+ 
+-    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
++    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = BuildTestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
++    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
+     FAIL_IF_NULL(p2);
+-    p3 = BuildTestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
++    p3 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
+     FAIL_IF_NULL(p3);
+ 
+     FAIL_IF(Defrag(NULL, NULL, p3) != NULL);
+@@ -1379,7 +1379,7 @@ static int DefragReverseSimpleTest(void)
+  * Test the simplest possible re-assembly scenario.  All packet in
+  * order and no overlaps.
+  */
+-static int IPV6DefragInOrderSimpleTest(void)
++static int DefragInOrderSimpleIpv6Test(void)
+ {
+     Packet *p1 = NULL, *p2 = NULL, *p3 = NULL;
+     Packet *reassembled = NULL;
+@@ -1388,11 +1388,11 @@ static int IPV6DefragInOrderSimpleTest(void)
+ 
+     DefragInit();
+ 
+-    p1 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
++    p1 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
++    p2 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
+     FAIL_IF_NULL(p2);
+-    p3 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
++    p3 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
+     FAIL_IF_NULL(p3);
+ 
+     FAIL_IF(Defrag(NULL, NULL, p1) != NULL);
+@@ -1426,7 +1426,7 @@ static int IPV6DefragInOrderSimpleTest(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragReverseSimpleTest(void)
++static int DefragReverseSimpleIpv6Test(void)
+ {
+     DefragContext *dc = NULL;
+     Packet *p1 = NULL, *p2 = NULL, *p3 = NULL;
+@@ -1439,11 +1439,11 @@ static int IPV6DefragReverseSimpleTest(void)
+     dc = DefragContextNew();
+     FAIL_IF_NULL(dc);
+ 
+-    p1 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
++    p1 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
++    p2 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
+     FAIL_IF_NULL(p2);
+-    p3 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
++    p3 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
+     FAIL_IF_NULL(p3);
+ 
+     FAIL_IF(Defrag(NULL, NULL, p3) != NULL);
+@@ -1496,59 +1496,59 @@ static int DefragDoSturgesNovakTest(int policy, u_char *expected,
+      */
+ 
+     /* A*24 at 0. */
+-    packets[0] = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
++    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
+ 
+     /* B*15 at 32. */
+-    packets[1] = BuildTestPacket(IPPROTO_ICMP, id, 32 >> 3, 1, 'B', 16);
++    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 32 >> 3, 1, 'B', 16);
+ 
+     /* C*24 at 48. */
+-    packets[2] = BuildTestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'C', 24);
++    packets[2] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'C', 24);
+ 
+     /* D*8 at 80. */
+-    packets[3] = BuildTestPacket(IPPROTO_ICMP, id, 80 >> 3, 1, 'D', 8);
++    packets[3] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 80 >> 3, 1, 'D', 8);
+ 
+     /* E*16 at 104. */
+-    packets[4] = BuildTestPacket(IPPROTO_ICMP, id, 104 >> 3, 1, 'E', 16);
++    packets[4] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 104 >> 3, 1, 'E', 16);
+ 
+     /* F*24 at 120. */
+-    packets[5] = BuildTestPacket(IPPROTO_ICMP, id, 120 >> 3, 1, 'F', 24);
++    packets[5] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 120 >> 3, 1, 'F', 24);
+ 
+     /* G*16 at 144. */
+-    packets[6] = BuildTestPacket(IPPROTO_ICMP, id, 144 >> 3, 1, 'G', 16);
++    packets[6] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 144 >> 3, 1, 'G', 16);
+ 
+     /* H*16 at 160. */
+-    packets[7] = BuildTestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'H', 16);
++    packets[7] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'H', 16);
+ 
+     /* I*8 at 176. */
+-    packets[8] = BuildTestPacket(IPPROTO_ICMP, id, 176 >> 3, 1, 'I', 8);
++    packets[8] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 176 >> 3, 1, 'I', 8);
+ 
+     /*
+      * Overlapping subsequent fragments.
+      */
+ 
+     /* J*32 at 8. */
+-    packets[9] = BuildTestPacket(IPPROTO_ICMP, id, 8 >> 3, 1, 'J', 32);
++    packets[9] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 8 >> 3, 1, 'J', 32);
+ 
+     /* K*24 at 48. */
+-    packets[10] = BuildTestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'K', 24);
++    packets[10] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'K', 24);
+ 
+     /* L*24 at 72. */
+-    packets[11] = BuildTestPacket(IPPROTO_ICMP, id, 72 >> 3, 1, 'L', 24);
++    packets[11] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 72 >> 3, 1, 'L', 24);
+ 
+     /* M*24 at 96. */
+-    packets[12] = BuildTestPacket(IPPROTO_ICMP, id, 96 >> 3, 1, 'M', 24);
++    packets[12] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 96 >> 3, 1, 'M', 24);
+ 
+     /* N*8 at 128. */
+-    packets[13] = BuildTestPacket(IPPROTO_ICMP, id, 128 >> 3, 1, 'N', 8);
++    packets[13] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 128 >> 3, 1, 'N', 8);
+ 
+     /* O*8 at 152. */
+-    packets[14] = BuildTestPacket(IPPROTO_ICMP, id, 152 >> 3, 1, 'O', 8);
++    packets[14] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 152 >> 3, 1, 'O', 8);
+ 
+     /* P*8 at 160. */
+-    packets[15] = BuildTestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'P', 8);
++    packets[15] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'P', 8);
+ 
+     /* Q*16 at 176. */
+-    packets[16] = BuildTestPacket(IPPROTO_ICMP, id, 176 >> 3, 0, 'Q', 16);
++    packets[16] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 176 >> 3, 0, 'Q', 16);
+ 
+     default_policy = policy;
+ 
+@@ -1588,8 +1588,7 @@ static int DefragDoSturgesNovakTest(int policy, u_char *expected,
+     PASS;
+ }
+ 
+-static int IPV6DefragDoSturgesNovakTest(int policy, u_char *expected,
+-        size_t expected_len)
++static int DefragDoSturgesNovakIpv6Test(int policy, u_char *expected, size_t expected_len)
+ {
+     int i;
+ 
+@@ -1608,59 +1607,59 @@ static int IPV6DefragDoSturgesNovakTest(int policy, u_char *expected,
+      */
+ 
+     /* A*24 at 0. */
+-    packets[0] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 24);
++    packets[0] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 24);
+ 
+     /* B*15 at 32. */
+-    packets[1] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 32 >> 3, 1, 'B', 16);
++    packets[1] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 32 >> 3, 1, 'B', 16);
+ 
+     /* C*24 at 48. */
+-    packets[2] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'C', 24);
++    packets[2] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'C', 24);
+ 
+     /* D*8 at 80. */
+-    packets[3] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 80 >> 3, 1, 'D', 8);
++    packets[3] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 80 >> 3, 1, 'D', 8);
+ 
+     /* E*16 at 104. */
+-    packets[4] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 104 >> 3, 1, 'E', 16);
++    packets[4] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 104 >> 3, 1, 'E', 16);
+ 
+     /* F*24 at 120. */
+-    packets[5] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 120 >> 3, 1, 'F', 24);
++    packets[5] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 120 >> 3, 1, 'F', 24);
+ 
+     /* G*16 at 144. */
+-    packets[6] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 144 >> 3, 1, 'G', 16);
++    packets[6] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 144 >> 3, 1, 'G', 16);
+ 
+     /* H*16 at 160. */
+-    packets[7] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'H', 16);
++    packets[7] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'H', 16);
+ 
+     /* I*8 at 176. */
+-    packets[8] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 1, 'I', 8);
++    packets[8] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 1, 'I', 8);
+ 
+     /*
+      * Overlapping subsequent fragments.
+      */
+ 
+     /* J*32 at 8. */
+-    packets[9] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 8 >> 3, 1, 'J', 32);
++    packets[9] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 8 >> 3, 1, 'J', 32);
+ 
+     /* K*24 at 48. */
+-    packets[10] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'K', 24);
++    packets[10] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'K', 24);
+ 
+     /* L*24 at 72. */
+-    packets[11] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 72 >> 3, 1, 'L', 24);
++    packets[11] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 72 >> 3, 1, 'L', 24);
+ 
+     /* M*24 at 96. */
+-    packets[12] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 96 >> 3, 1, 'M', 24);
++    packets[12] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 96 >> 3, 1, 'M', 24);
+ 
+     /* N*8 at 128. */
+-    packets[13] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 128 >> 3, 1, 'N', 8);
++    packets[13] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 128 >> 3, 1, 'N', 8);
+ 
+     /* O*8 at 152. */
+-    packets[14] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 152 >> 3, 1, 'O', 8);
++    packets[14] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 152 >> 3, 1, 'O', 8);
+ 
+     /* P*8 at 160. */
+-    packets[15] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'P', 8);
++    packets[15] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'P', 8);
+ 
+     /* Q*16 at 176. */
+-    packets[16] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 0, 'Q', 16);
++    packets[16] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 0, 'Q', 16);
+ 
+     default_policy = policy;
+ 
+@@ -1735,7 +1734,7 @@ DefragSturgesNovakBsdTest(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragSturgesNovakBsdTest(void)
++static int DefragSturgesNovakBsdIpv6Test(void)
+ {
+     /* Expected data. */
+     u_char expected[] = {
+@@ -1765,8 +1764,7 @@ static int IPV6DefragSturgesNovakBsdTest(void)
+         "QQQQQQQQ"
+     };
+ 
+-    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_BSD, expected,
+-                    sizeof(expected)));
++    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_BSD, expected, sizeof(expected)));
+     PASS;
+ }
+ 
+@@ -1805,7 +1803,7 @@ static int DefragSturgesNovakLinuxIpv4Test(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragSturgesNovakLinuxTest(void)
++static int DefragSturgesNovakLinuxIpv6Test(void)
+ {
+     /* Expected data. */
+     u_char expected[] = {
+@@ -1835,8 +1833,7 @@ static int IPV6DefragSturgesNovakLinuxTest(void)
+         "QQQQQQQQ"
+     };
+ 
+-    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_LINUX, expected,
+-            sizeof(expected)));
++    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_LINUX, expected, sizeof(expected)));
+     PASS;
+ }
+ 
+@@ -1875,7 +1872,7 @@ static int DefragSturgesNovakWindowsIpv4Test(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragSturgesNovakWindowsTest(void)
++static int DefragSturgesNovakWindowsIpv6Test(void)
+ {
+     /* Expected data. */
+     u_char expected[] = {
+@@ -1905,8 +1902,7 @@ static int IPV6DefragSturgesNovakWindowsTest(void)
+         "QQQQQQQQ"
+     };
+ 
+-    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_WINDOWS, expected,
+-                    sizeof(expected)));
++    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_WINDOWS, expected, sizeof(expected)));
+     PASS;
+ }
+ 
+@@ -1945,7 +1941,7 @@ static int DefragSturgesNovakSolarisTest(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragSturgesNovakSolarisTest(void)
++static int DefragSturgesNovakSolarisIpv6Test(void)
+ {
+     /* Expected data. */
+     u_char expected[] = {
+@@ -1975,8 +1971,7 @@ static int IPV6DefragSturgesNovakSolarisTest(void)
+         "QQQQQQQQ"
+     };
+ 
+-    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_SOLARIS, expected,
+-                    sizeof(expected)));
++    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_SOLARIS, expected, sizeof(expected)));
+     PASS;
+ }
+ 
+@@ -2015,7 +2010,7 @@ static int DefragSturgesNovakFirstTest(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragSturgesNovakFirstTest(void)
++static int DefragSturgesNovakFirstIpv6Test(void)
+ {
+     /* Expected data. */
+     u_char expected[] = {
+@@ -2045,8 +2040,7 @@ static int IPV6DefragSturgesNovakFirstTest(void)
+         "QQQQQQQQ"
+     };
+ 
+-    return IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_FIRST, expected,
+-        sizeof(expected));
++    return DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_FIRST, expected, sizeof(expected));
+ }
+ 
+ static int
+@@ -2085,7 +2079,7 @@ DefragSturgesNovakLastTest(void)
+     PASS;
+ }
+ 
+-static int IPV6DefragSturgesNovakLastTest(void)
++static int DefragSturgesNovakLastIpv6Test(void)
+ {
+     /* Expected data. */
+     u_char expected[] = {
+@@ -2115,8 +2109,7 @@ static int IPV6DefragSturgesNovakLastTest(void)
+         "QQQQQQQQ"
+     };
+ 
+-    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_LAST, expected,
+-                    sizeof(expected)));
++    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_LAST, expected, sizeof(expected)));
+     PASS;
+ }
+ 
+@@ -2131,7 +2124,7 @@ static int DefragTimeoutTest(void)
+ 
+     /* Load in 16 packets. */
+     for (i = 0; i < 16; i++) {
+-        Packet *p = BuildTestPacket(IPPROTO_ICMP,i, 0, 1, 'A' + i, 16);
++        Packet *p = BuildIpv4TestPacket(IPPROTO_ICMP, i, 0, 1, 'A' + i, 16);
+         FAIL_IF_NULL(p);
+ 
+         Packet *tp = Defrag(NULL, NULL, p);
+@@ -2141,7 +2134,7 @@ static int DefragTimeoutTest(void)
+ 
+     /* Build a new packet but push the timestamp out by our timeout.
+      * This should force our previous fragments to be timed out. */
+-    Packet *p = BuildTestPacket(IPPROTO_ICMP, 99, 0, 1, 'A' + i, 16);
++    Packet *p = BuildIpv4TestPacket(IPPROTO_ICMP, 99, 0, 1, 'A' + i, 16);
+     FAIL_IF_NULL(p);
+ 
+     p->ts = SCTIME_ADD_SECS(p->ts, defrag_context->timeout + 1);
+@@ -2166,7 +2159,7 @@ static int DefragTimeoutTest(void)
+  * fail.  The fix was simple, but this unit test is just to make sure
+  * its not introduced.
+  */
+-static int DefragIPv4NoDataTest(void)
++static int DefragNoDataIpv4Test(void)
+ {
+     DefragContext *dc = NULL;
+     Packet *p = NULL;
+@@ -2178,7 +2171,7 @@ static int DefragIPv4NoDataTest(void)
+     FAIL_IF_NULL(dc);
+ 
+     /* This packet has an offset > 0, more frags set to 0 and no data. */
+-    p = BuildTestPacket(IPPROTO_ICMP, id, 1, 0, 'A', 0);
++    p = BuildIpv4TestPacket(IPPROTO_ICMP, id, 1, 0, 'A', 0);
+     FAIL_IF_NULL(p);
+ 
+     /* We do not expect a packet returned. */
+@@ -2195,7 +2188,7 @@ static int DefragIPv4NoDataTest(void)
+     PASS;
+ }
+ 
+-static int DefragIPv4TooLargeTest(void)
++static int DefragTooLargeIpv4Test(void)
+ {
+     DefragContext *dc = NULL;
+     Packet *p = NULL;
+@@ -2207,7 +2200,7 @@ static int DefragIPv4TooLargeTest(void)
+ 
+     /* Create a fragment that would extend past the max allowable size
+      * for an IPv4 packet. */
+-    p = BuildTestPacket(IPPROTO_ICMP, 1, 8183, 0, 'A', 71);
++    p = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 8183, 0, 'A', 71);
+     FAIL_IF_NULL(p);
+ 
+     /* We do not expect a packet returned. */
+@@ -2238,9 +2231,9 @@ static int DefragVlanTest(void)
+ 
+     DefragInit();
+ 
+-    p1 = BuildTestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
++    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = BuildTestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
++    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
+     FAIL_IF_NULL(p2);
+ 
+     /* With no VLAN IDs set, packets should re-assemble. */
+@@ -2270,9 +2263,9 @@ static int DefragVlanQinQTest(void)
+ 
+     DefragInit();
+ 
+-    p1 = BuildTestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
++    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = BuildTestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
++    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
+     FAIL_IF_NULL(p2);
+ 
+     /* With no VLAN IDs set, packets should re-assemble. */
+@@ -2304,9 +2297,9 @@ static int DefragVlanQinQinQTest(void)
+ 
+     DefragInit();
+ 
+-    Packet *p1 = BuildTestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
++    Packet *p1 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    Packet *p2 = BuildTestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
++    Packet *p2 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
+     FAIL_IF_NULL(p2);
+ 
+     /* With no VLAN IDs set, packets should re-assemble. */
+@@ -2340,7 +2333,7 @@ static int DefragTrackerReuseTest(void)
+ 
+     /* Build a packet, its not a fragment but shouldn't matter for
+      * this test. */
+-    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 0, 'A', 8);
++    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 0, 'A', 8);
+     FAIL_IF_NULL(p1);
+ 
+     /* Get a tracker. It shouldn't look like its already in use. */
+@@ -2387,9 +2380,9 @@ static int DefragMfIpv4Test(void)
+ 
+     DefragInit();
+ 
+-    Packet *p1 = BuildTestPacket(IPPROTO_ICMP, ip_id, 2, 1, 'C', 8);
+-    Packet *p2 = BuildTestPacket(IPPROTO_ICMP, ip_id, 0, 1, 'A', 8);
+-    Packet *p3 = BuildTestPacket(IPPROTO_ICMP, ip_id, 1, 0, 'B', 8);
++    Packet *p1 = BuildIpv4TestPacket(IPPROTO_ICMP, ip_id, 2, 1, 'C', 8);
++    Packet *p2 = BuildIpv4TestPacket(IPPROTO_ICMP, ip_id, 0, 1, 'A', 8);
++    Packet *p3 = BuildIpv4TestPacket(IPPROTO_ICMP, ip_id, 1, 0, 'B', 8);
+     FAIL_IF(p1 == NULL || p2 == NULL || p3 == NULL);
+ 
+     p = Defrag(NULL, NULL, p1);
+@@ -2434,9 +2427,9 @@ static int DefragMfIpv6Test(void)
+ 
+     DefragInit();
+ 
+-    Packet *p1 = IPV6BuildTestPacket(IPPROTO_ICMPV6, ip_id, 2, 1, 'C', 8);
+-    Packet *p2 = IPV6BuildTestPacket(IPPROTO_ICMPV6, ip_id, 0, 1, 'A', 8);
+-    Packet *p3 = IPV6BuildTestPacket(IPPROTO_ICMPV6, ip_id, 1, 0, 'B', 8);
++    Packet *p1 = BuildIpv6TestPacket(IPPROTO_ICMPV6, ip_id, 2, 1, 'C', 8);
++    Packet *p2 = BuildIpv6TestPacket(IPPROTO_ICMPV6, ip_id, 0, 1, 'A', 8);
++    Packet *p3 = BuildIpv6TestPacket(IPPROTO_ICMPV6, ip_id, 1, 0, 'B', 8);
+     FAIL_IF(p1 == NULL || p2 == NULL || p3 == NULL);
+ 
+     p = Defrag(NULL, NULL, p1);
+@@ -2476,11 +2469,11 @@ static int DefragTestBadProto(void)
+ 
+     DefragInit();
+ 
+-    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
++    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
+     FAIL_IF_NULL(p1);
+-    p2 = BuildTestPacket(IPPROTO_UDP, id, 1, 1, 'B', 8);
++    p2 = BuildIpv4TestPacket(IPPROTO_UDP, id, 1, 1, 'B', 8);
+     FAIL_IF_NULL(p2);
+-    p3 = BuildTestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
++    p3 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
+     FAIL_IF_NULL(p3);
+ 
+     FAIL_IF_NOT_NULL(Defrag(NULL, NULL, p1));
+@@ -2522,10 +2515,10 @@ static int DefragTestJeremyLinux(void)
+     Packet *packets[4];
+     int i = 0;
+ 
+-    packets[0] = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
+-    packets[1] = BuildTestPacket(IPPROTO_ICMP, id, 40 >> 3, 1, 'B', 48);
+-    packets[2] = BuildTestPacket(IPPROTO_ICMP, id, 24 >> 3, 1, 'C', 48);
+-    packets[3] = BuildTestPacket(IPPROTO_ICMP, id, 88 >> 3, 0, 'D', 14);
++    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
++    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 40 >> 3, 1, 'B', 48);
++    packets[2] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 24 >> 3, 1, 'C', 48);
++    packets[3] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 88 >> 3, 0, 'D', 14);
+ 
+     Packet *r = Defrag(NULL, NULL, packets[0]);
+     FAIL_IF_NOT_NULL(r);
+@@ -2657,23 +2650,17 @@ void DefragRegisterTests(void)
+     UtRegisterTest("DefragSturgesNovakFirstTest", DefragSturgesNovakFirstTest);
+     UtRegisterTest("DefragSturgesNovakLastTest", DefragSturgesNovakLastTest);
+ 
+-    UtRegisterTest("DefragIPv4NoDataTest", DefragIPv4NoDataTest);
+-    UtRegisterTest("DefragIPv4TooLargeTest", DefragIPv4TooLargeTest);
+-
+-    UtRegisterTest("IPV6DefragInOrderSimpleTest", IPV6DefragInOrderSimpleTest);
+-    UtRegisterTest("IPV6DefragReverseSimpleTest", IPV6DefragReverseSimpleTest);
+-    UtRegisterTest("IPV6DefragSturgesNovakBsdTest",
+-                   IPV6DefragSturgesNovakBsdTest);
+-    UtRegisterTest("IPV6DefragSturgesNovakLinuxTest",
+-                   IPV6DefragSturgesNovakLinuxTest);
+-    UtRegisterTest("IPV6DefragSturgesNovakWindowsTest",
+-                   IPV6DefragSturgesNovakWindowsTest);
+-    UtRegisterTest("IPV6DefragSturgesNovakSolarisTest",
+-                   IPV6DefragSturgesNovakSolarisTest);
+-    UtRegisterTest("IPV6DefragSturgesNovakFirstTest",
+-                   IPV6DefragSturgesNovakFirstTest);
+-    UtRegisterTest("IPV6DefragSturgesNovakLastTest",
+-                   IPV6DefragSturgesNovakLastTest);
++    UtRegisterTest("DefragNoDataIpv4Test", DefragNoDataIpv4Test);
++    UtRegisterTest("DefragTooLargeIpv4Test", DefragTooLargeIpv4Test);
++
++    UtRegisterTest("DefragInOrderSimpleIpv6Test", DefragInOrderSimpleIpv6Test);
++    UtRegisterTest("DefragReverseSimpleIpv6Test", DefragReverseSimpleIpv6Test);
++    UtRegisterTest("DefragSturgesNovakBsdIpv6Test", DefragSturgesNovakBsdIpv6Test);
++    UtRegisterTest("DefragSturgesNovakLinuxIpv6Test", DefragSturgesNovakLinuxIpv6Test);
++    UtRegisterTest("DefragSturgesNovakWindowsIpv6Test", DefragSturgesNovakWindowsIpv6Test);
++    UtRegisterTest("DefragSturgesNovakSolarisIpv6Test", DefragSturgesNovakSolarisIpv6Test);
++    UtRegisterTest("DefragSturgesNovakFirstIpv6Test", DefragSturgesNovakFirstIpv6Test);
++    UtRegisterTest("DefragSturgesNovakLastIpv6Test", DefragSturgesNovakLastIpv6Test);
+ 
+     UtRegisterTest("DefragVlanTest", DefragVlanTest);
+     UtRegisterTest("DefragVlanQinQTest", DefragVlanQinQTest);
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-003.patch b/recipes-ids/suricata/files/CVE-2024-32867-003.patch
new file mode 100644
index 0000000..15ee1f4
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32867-003.patch
@@ -0,0 +1,472 @@
+From 1e110d0a71db46571040b937e17a4bc9f91d6de9 Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Thu, 7 Dec 2023 16:44:56 -0600
+Subject: [PATCH] defrag: fix subsequent overlap of start of original (bsd)
+
+Fix the BSD policy case where a subsequent fragment starts before an
+original fragment and overlaps the beginning of the original
+fragment. In this case the overlapping data from the new fragment is
+preferred.
+
+Suricata was preferring the data from the original fragment, but it
+should only do that when the original fragment has an offset <= to the
+new fragment.
+
+- Adds test for this case
+
+Bug: #6669
+(cherry picked from commit f1709ea551124e1a64fdc509993ad022ab27aa77)
+
+CVE: CVE-2024-32867
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/defrag.c | 387 ++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 380 insertions(+), 7 deletions(-)
+
+diff --git a/src/defrag.c b/src/defrag.c
+index 99fbab3..28d085d 100644
+--- a/src/defrag.c
++++ b/src/defrag.c
+@@ -692,16 +692,45 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
+             switch (tracker->policy) {
+             case DEFRAG_POLICY_BSD:
+                 if (frag_offset < prev->offset + prev->data_len) {
+-                    if (frag_offset >= prev->offset) {
+-                        ltrim = prev->offset + prev->data_len - frag_offset;
++                    if (prev->offset <= frag_offset) {
++                        /* We prefer the data from the previous
++                         * fragment, so trim off the data in the new
++                         * fragment that exists in the previous
++                         * fragment. */
++                        uint16_t prev_end = prev->offset + prev->data_len;
++                        if (prev_end > frag_end) {
++                            /* Just skip. */
++                            /* TODO: Set overlap flag. */
++                            goto done;
++                        }
++                        ltrim = prev_end - frag_offset;
++
++                        if ((next != NULL) && (frag_end > next->offset)) {
++                            next->ltrim = frag_end - next->offset;
++                        }
++
++                        goto insert;
+                     }
++
++                    /* If the end of this fragment overlaps the start
++                     * of the previous fragment, then trim up the
++                     * start of previous fragment so this fragment is
++                     * used.
++                     *
++                     * See:
++                     * DefragBsdSubsequentOverlapsStartOfOriginal.
++                     */
++                    if (frag_offset <= prev->offset && frag_end > prev->offset + prev->ltrim) {
++                        uint16_t prev_ltrim = frag_end - prev->offset;
++                        if (prev_ltrim > prev->ltrim) {
++                            prev->ltrim = prev_ltrim;
++                        }
++                    }
++
+                     if ((next != NULL) && (frag_end > next->offset)) {
+                         next->ltrim = frag_end - next->offset;
+                     }
+-                    if ((frag_offset < prev->offset) &&
+-                        (frag_end >= prev->offset + prev->data_len)) {
+-                        prev->skip = 1;
+-                    }
++
+                     goto insert;
+                 }
+                 break;
+@@ -1199,6 +1228,77 @@ error:
+     return NULL;
+ }
+ 
++/**
++ * Allocate a test packet, much like BuildIpv4TestPacket, but with
++ * the full content provided by the caller.
++ */
++static Packet *BuildIpv4TestPacketWithContent(
++        uint8_t proto, uint16_t id, uint16_t off, int mf, const uint8_t *content, int content_len)
++{
++    Packet *p = NULL;
++    int hlen = 20;
++    int ttl = 64;
++    IPV4Hdr ip4h;
++
++    p = SCCalloc(1, sizeof(*p) + default_packet_size);
++    if (unlikely(p == NULL))
++        return NULL;
++
++    PacketInit(p);
++
++    struct timeval tval;
++    gettimeofday(&tval, NULL);
++    p->ts = SCTIME_FROM_TIMEVAL(&tval);
++    ip4h.ip_verhl = 4 << 4;
++    ip4h.ip_verhl |= hlen >> 2;
++    ip4h.ip_len = htons(hlen + content_len);
++    ip4h.ip_id = htons(id);
++    if (mf)
++        ip4h.ip_off = htons(IP_MF | off);
++    else
++        ip4h.ip_off = htons(off);
++    ip4h.ip_ttl = ttl;
++    ip4h.ip_proto = proto;
++
++    ip4h.s_ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
++    ip4h.s_ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
++
++    /* copy content_len crap, we need full length */
++    PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h));
++    p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
++    SET_IPV4_SRC_ADDR(p, &p->src);
++    SET_IPV4_DST_ADDR(p, &p->dst);
++
++    PacketCopyDataOffset(p, hlen, content, content_len);
++    SET_PKT_LEN(p, hlen + content_len);
++
++    p->ip4h->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0);
++
++    /* Self test. */
++    if (IPV4_GET_VER(p) != 4)
++        goto error;
++    if (IPV4_GET_HLEN(p) != hlen)
++        goto error;
++    if (IPV4_GET_IPLEN(p) != hlen + content_len)
++        goto error;
++    if (IPV4_GET_IPID(p) != id)
++        goto error;
++    if (IPV4_GET_IPOFFSET(p) != off)
++        goto error;
++    if (IPV4_GET_MF(p) != mf)
++        goto error;
++    if (IPV4_GET_IPTTL(p) != ttl)
++        goto error;
++    if (IPV4_GET_IPPROTO(p) != proto)
++        goto error;
++
++    return p;
++error:
++    if (p != NULL)
++        SCFree(p);
++    return NULL;
++}
++
+ static Packet *BuildIpv6TestPacket(
+         uint8_t proto, uint32_t id, uint16_t off, int mf, const char content, int content_len)
+ {
+@@ -1270,6 +1370,71 @@ error:
+     return NULL;
+ }
+ 
++static Packet *BuildIpv6TestPacketWithContent(
++        uint8_t proto, uint32_t id, uint16_t off, int mf, const uint8_t *content, int content_len)
++{
++    Packet *p = NULL;
++    IPV6Hdr ip6h;
++
++    p = SCCalloc(1, sizeof(*p) + default_packet_size);
++    if (unlikely(p == NULL))
++        return NULL;
++
++    PacketInit(p);
++
++    struct timeval tval;
++    gettimeofday(&tval, NULL);
++    p->ts = SCTIME_FROM_TIMEVAL(&tval);
++
++    ip6h.s_ip6_nxt = 44;
++    ip6h.s_ip6_hlim = 2;
++
++    /* Source and dest address - very bogus addresses. */
++    ip6h.s_ip6_src[0] = 0x01010101;
++    ip6h.s_ip6_src[1] = 0x01010101;
++    ip6h.s_ip6_src[2] = 0x01010101;
++    ip6h.s_ip6_src[3] = 0x01010101;
++    ip6h.s_ip6_dst[0] = 0x02020202;
++    ip6h.s_ip6_dst[1] = 0x02020202;
++    ip6h.s_ip6_dst[2] = 0x02020202;
++    ip6h.s_ip6_dst[3] = 0x02020202;
++
++    /* copy content_len crap, we need full length */
++    PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr));
++
++    p->ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
++    IPV6_SET_RAW_VER(p->ip6h, 6);
++    /* Fragmentation header. */
++    IPV6FragHdr *fh = (IPV6FragHdr *)(GET_PKT_DATA(p) + sizeof(IPV6Hdr));
++    fh->ip6fh_nxt = proto;
++    fh->ip6fh_ident = htonl(id);
++    fh->ip6fh_offlg = htons((off << 3) | mf);
++
++    DecodeIPV6FragHeader(p, (uint8_t *)fh, 8, 8 + content_len, 0);
++
++    PacketCopyDataOffset(p, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr), content, content_len);
++    SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);
++
++    p->ip6h->s_ip6_plen = htons(sizeof(IPV6FragHdr) + content_len);
++
++    SET_IPV6_SRC_ADDR(p, &p->src);
++    SET_IPV6_DST_ADDR(p, &p->dst);
++
++    /* Self test. */
++    if (IPV6_GET_VER(p) != 6)
++        goto error;
++    if (IPV6_GET_NH(p) != 44)
++        goto error;
++    if (IPV6_GET_PLEN(p) != sizeof(IPV6FragHdr) + content_len)
++        goto error;
++
++    return p;
++error:
++    if (p != NULL)
++        SCFree(p);
++    return NULL;
++}
++
+ /**
+  * Test the simplest possible re-assembly scenario.  All packet in
+  * order and no overlaps.
+@@ -1575,7 +1740,13 @@ static int DefragDoSturgesNovakTest(int policy, u_char *expected,
+     FAIL_IF(IPV4_GET_HLEN(reassembled) != 20);
+     FAIL_IF(IPV4_GET_IPLEN(reassembled) != 20 + 192);
+ 
+-    FAIL_IF(memcmp(GET_PKT_DATA(reassembled) + 20, expected, expected_len) != 0);
++    if (memcmp(expected, GET_PKT_DATA(reassembled) + 20, expected_len) != 0) {
++        printf("Expected:\n");
++        PrintRawDataFp(stdout, expected, expected_len);
++        printf("Got:\n");
++        PrintRawDataFp(stdout, GET_PKT_DATA(reassembled) + 20, GET_PKT_LEN(reassembled) - 20);
++        FAIL;
++    }
+     SCFree(reassembled);
+ 
+     /* Make sure all frags were returned back to the pool. */
+@@ -2543,6 +2714,16 @@ static int DefragTestJeremyLinux(void)
+     PASS;
+ }
+ 
++/**
++ * | 0        | 8        | 16       | 24       | 32       |
++ * |----------|----------|----------|----------|----------|
++ * |                                  AAAAAAAA | AAAAAAAA |
++ * |          | BBBBBBBB | BBBBBBBB |          |          |
++ * |          |          | CCCCCCCC | CCCCCCCC |          |
++ * | DDDDDDDD |          |          |          |          |
++ *
++ * | DDDDDDDD | BBBBBBBB | BBBBBBBB | CCCCCCCC | AAAAAAAA |
++ */
+ static int DefragBsdFragmentAfterNoMfIpv4Test(void)
+ {
+     DefragInit();
+@@ -2633,6 +2814,192 @@ static int DefragBsdFragmentAfterNoMfIpv6Test(void)
+     PASS;
+ }
+ 
++static int DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[4];
++
++    /* Packet 1: off=16, mf=1 */
++    packets[0] = BuildIpv4TestPacketWithContent(
++            IPPROTO_ICMP, 6, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
++
++    /* Packet 2: off=8, mf=1 */
++    packets[1] = BuildIpv4TestPacketWithContent(
++            IPPROTO_ICMP, 6, 8 >> 3, 1, (uint8_t *)"AACCBBDDAACCDDBB", 16);
++
++    /* Packet 3: off=0, mf=1: IP and ICMP header. */
++    packets[2] = BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 6, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
++
++    /* Packet 4: off=8, mf=1 */
++    packets[3] =
++            BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 6, 32 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[2]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[3]);
++    FAIL_IF_NULL(r);
++
++    // clang-format off
++    const uint8_t expected[] = {
++	// AACCBBDD
++	// AACCDDBB
++	// AABBDDCC
++	// DDCCBBAA
++	'A', 'A', 'C', 'C', 'B', 'B', 'D', 'D',
++	'A', 'A', 'C', 'C', 'D', 'D', 'B', 'B',
++	'A', 'A', 'B', 'B', 'D', 'D', 'C', 'C',
++	'D', 'D', 'C', 'C', 'B', 'B', 'A', 'A',
++    };
++    // clang-format on
++
++    FAIL_IF(memcmp(expected, GET_PKT_DATA(r) + 20 + 8, sizeof(expected)) != 0);
++
++    DefragDestroy();
++    PASS;
++}
++
++static int DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[4];
++
++    /* Packet 1: off=16, mf=1 */
++    packets[0] = BuildIpv6TestPacketWithContent(
++            IPPROTO_ICMP, 6, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
++
++    /* Packet 2: off=8, mf=1 */
++    packets[1] = BuildIpv6TestPacketWithContent(
++            IPPROTO_ICMP, 6, 8 >> 3, 1, (uint8_t *)"AACCBBDDAACCDDBB", 16);
++
++    /* Packet 3: off=0, mf=1: IP and ICMP header. */
++    packets[2] = BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 6, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
++
++    /* Packet 4: off=8, mf=1 */
++    packets[3] =
++            BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 6, 32 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[2]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[3]);
++    FAIL_IF_NULL(r);
++
++    // clang-format off
++    const uint8_t expected[] = {
++	// AACCBBDD
++	// AACCDDBB
++	// AABBDDCC
++	// DDCCBBAA
++	'A', 'A', 'C', 'C', 'B', 'B', 'D', 'D',
++	'A', 'A', 'C', 'C', 'D', 'D', 'B', 'B',
++	'A', 'A', 'B', 'B', 'D', 'D', 'C', 'C',
++	'D', 'D', 'C', 'C', 'B', 'B', 'A', 'A',
++    };
++    // clang-format on
++
++    FAIL_IF(memcmp(expected, GET_PKT_DATA(r) + 40 + 8, sizeof(expected)) != 0);
++
++    DefragDestroy();
++    PASS;
++}
++
++/**
++ * #### Input
++ *
++ * | 96 (0)   | 104 (8)  | 112 (16) | 120 (24) |
++ * |----------|----------|----------|----------|
++ * |          | EEEEEEEE | EEEEEEEE | EEEEEEEE |
++ * | MMMMMMMM | MMMMMMMM | MMMMMMMM |          |
++ *
++ * #### Expected Output
++ *
++ * | MMMMMMMM | MMMMMMMM | MMMMMMMM | EEEEEEEE |
++ */
++static int DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[2];
++
++    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 8 >> 3, 0, 'E', 24);
++    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'M', 24);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NULL(r);
++
++    // clang-format off
++    const uint8_t expected[] = {
++	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
++	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
++	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
++	'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E',
++    };
++    // clang-format on
++
++    if (memcmp(expected, GET_PKT_DATA(r) + 20, sizeof(expected)) != 0) {
++        printf("Expected:\n");
++        PrintRawDataFp(stdout, expected, sizeof(expected));
++        printf("Got:\n");
++        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 20, GET_PKT_LEN(r) - 20);
++        FAIL;
++    }
++
++    PASS;
++}
++
++static int DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[2];
++
++    packets[0] = BuildIpv6TestPacket(IPPROTO_ICMP, 1, 8 >> 3, 0, 'E', 24);
++    packets[1] = BuildIpv6TestPacket(IPPROTO_ICMP, 1, 0, 1, 'M', 24);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NULL(r);
++
++    // clang-format off
++    const uint8_t expected[] = {
++	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
++	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
++	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
++	'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E',
++    };
++    // clang-format on
++
++    if (memcmp(expected, GET_PKT_DATA(r) + 40, sizeof(expected)) != 0) {
++        printf("Expected:\n");
++        PrintRawDataFp(stdout, expected, sizeof(expected));
++        printf("Got:\n");
++        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 40, GET_PKT_LEN(r) - 40);
++        FAIL;
++    }
++
++    PASS;
++}
++
+ #endif /* UNITTESTS */
+ 
+ void DefragRegisterTests(void)
+@@ -2675,5 +3042,11 @@ void DefragRegisterTests(void)
+ 
+     UtRegisterTest("DefragBsdFragmentAfterNoMfIpv4Test", DefragBsdFragmentAfterNoMfIpv4Test);
+     UtRegisterTest("DefragBsdFragmentAfterNoMfIpv6Test", DefragBsdFragmentAfterNoMfIpv6Test);
++    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test",
++            DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test);
++    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test",
++            DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test);
++    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2);
++    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2);
+ #endif /* UNITTESTS */
+ }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-004.patch b/recipes-ids/suricata/files/CVE-2024-32867-004.patch
new file mode 100644
index 0000000..7edb3b3
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-32867-004.patch
@@ -0,0 +1,169 @@
+From e6267758ed5da27f804f0c1c07f9423bdf4d72b8 Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Fri, 12 Jan 2024 11:09:59 -0600
+Subject: [PATCH] defrag: fix check for complete packet
+
+The list of fragments may still contain overlaps, so adding up the
+fragment lengths is flawed. Instead track the largest size of
+contiguous data that can be re-assembled.
+
+Bug: #6675
+(cherry picked from commit d226d0a3fce8837936e1bdfaee496c80d417e0a5)
+
+CVE: CVE-2024-32867
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/defrag.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 114 insertions(+), 2 deletions(-)
+
+diff --git a/src/defrag.c b/src/defrag.c
+index 28d085d..fc46411 100644
+--- a/src/defrag.c
++++ b/src/defrag.c
+@@ -276,7 +276,8 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
+             goto done;
+         }
+         else {
+-            len += frag->data_len;
++            /* Update the packet length to the largest known data offset. */
++            len = MAX(len, frag->offset + frag->data_len);
+         }
+     }
+ 
+@@ -434,7 +435,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
+                 goto done;
+             }
+             else {
+-                len += frag->data_len;
++                len = MAX(len, frag->offset + frag->data_len);
+             }
+         }
+     }
+@@ -3000,6 +3001,115 @@ static int DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test(void)
+     PASS;
+ }
+ 
++/**
++ * Reassembly should fail.
++ *
++ * |0       |8       |16      |24      |32      |40      |48      |
++ * |========|========|========|========|========|========|========|
++ * |        |        |AABBCCDD|AABBDDCC|        |        |        |
++ * |        |        |        |        |        |AACCBBDD|        |
++ * |        |AACCDDBB|AADDBBCC|        |        |        |        |
++ * |ZZZZZZZZ|        |        |        |        |        |        |
++ * |        |        |        |        |        |        |DDCCBBAA|
++ */
++static int DefragBsdMissingFragmentIpv4Test(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[5];
++
++    packets[0] = BuildIpv4TestPacketWithContent(
++            IPPROTO_ICMP, 189, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
++
++    packets[1] =
++            BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 189, 40 >> 3, 1, (uint8_t *)"AACCBBDD", 8);
++
++    packets[2] = BuildIpv4TestPacketWithContent(
++            IPPROTO_ICMP, 189, 8 >> 3, 1, (uint8_t *)"AACCDDBBAADDBBCC", 16);
++
++    /* ICMP header. */
++    packets[3] = BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 189, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
++
++    packets[4] =
++            BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 189, 48 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[2]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[3]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[4]);
++    FAIL_IF_NOT_NULL(r);
++
++#if 0
++    PrintRawDataFp(stdout, GET_PKT_DATA(r) + 20, GET_PKT_LEN(r) - 20);
++#endif
++
++    for (int i = 0; i < 5; i++) {
++        SCFree(packets[i]);
++    }
++
++    DefragDestroy();
++
++    PASS;
++}
++
++static int DefragBsdMissingFragmentIpv6Test(void)
++{
++    DefragInit();
++    default_policy = DEFRAG_POLICY_BSD;
++    Packet *packets[5];
++
++    packets[0] = BuildIpv6TestPacketWithContent(
++            IPPROTO_ICMP, 189, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
++
++    packets[1] =
++            BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 189, 40 >> 3, 1, (uint8_t *)"AACCBBDD", 8);
++
++    packets[2] = BuildIpv6TestPacketWithContent(
++            IPPROTO_ICMP, 189, 8 >> 3, 1, (uint8_t *)"AACCDDBBAADDBBCC", 16);
++
++    /* ICMP header. */
++    packets[3] = BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 189, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
++
++    packets[4] =
++            BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 189, 48 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
++
++    Packet *r = Defrag(NULL, NULL, packets[0]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[1]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[2]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[3]);
++    FAIL_IF_NOT_NULL(r);
++
++    r = Defrag(NULL, NULL, packets[4]);
++    FAIL_IF_NOT_NULL(r);
++
++#if 0
++    PrintRawDataFp(stdout, GET_PKT_DATA(r) + 40, GET_PKT_LEN(r) - 40);
++#endif
++
++    for (int i = 0; i < 5; i++) {
++        SCFree(packets[i]);
++    }
++
++    DefragDestroy();
++
++    PASS;
++}
++
+ #endif /* UNITTESTS */
+ 
+ void DefragRegisterTests(void)
+@@ -3048,5 +3158,7 @@ void DefragRegisterTests(void)
+             DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test);
+     UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2);
+     UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2);
++    UtRegisterTest("DefragBsdMissingFragmentIpv4Test", DefragBsdMissingFragmentIpv4Test);
++    UtRegisterTest("DefragBsdMissingFragmentIpv6Test", DefragBsdMissingFragmentIpv6Test);
+ #endif /* UNITTESTS */
+ }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 9618c45..4a1857e 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -24,6 +24,13 @@ SRC_URI += " \
     file://CVE-2025-29916-03.patch \
     file://CVE-2025-29917.patch \
     file://CVE-2025-29918.patch \
+    file://CVE-2024-32663-001.patch \
+    file://CVE-2024-32663-002.patch \
+    file://CVE-2024-32664.patch \
+    file://CVE-2024-32867-001.patch \
+    file://CVE-2024-32867-002.patch \
+    file://CVE-2024-32867-003.patch \
+    file://CVE-2024-32867-004.patch \
     "
 
 inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
-- 
2.47.3

[meta-security][scarthgap][PATCH 23/32] suricata: fix CVE-2024-55627 && CVE-2024-55628

[Scott Murray]

From: Hitendra Prajapati <hprajapati@mvista.com>

Backport fixes for:

* CVE-2024-55627 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd && https://github.com/OISF/suricata/commit/949bfeca0e5f92212dc3d79f4a87c7c482d376aa && https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e
* CVE-2024-55628 - Upstream-Status: Backport from https://github.com/OISF/suricata/commit/58c41a7fa99f62d9a8688e970ab1a9b09c79723a && https://github.com/OISF/suricata/commit/284ad462fcb2e47f1518a1abc19e27ca84c6972e && https://github.com/OISF/suricata/commit/5edb84fe234f47a0fedfbf9b10b49699152fe8cb && https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../suricata/files/CVE-2024-55627-001.patch   |   59 +
 .../suricata/files/CVE-2024-55627-002.patch   |   44 +
 .../suricata/files/CVE-2024-55627-003.patch   |   41 +
 .../suricata/files/CVE-2024-55628-001.patch   |  738 +++
 .../suricata/files/CVE-2024-55628-002.patch   | 4877 +++++++++++++++++
 .../suricata/files/CVE-2024-55628-003.patch   |  114 +
 .../suricata/files/CVE-2024-55628-004.patch   |  510 ++
 recipes-ids/suricata/suricata_7.0.0.bb        |    7 +
 8 files changed, 6390 insertions(+)
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55627-001.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55627-002.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55627-003.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55628-001.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55628-002.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55628-003.patch
 create mode 100644 recipes-ids/suricata/files/CVE-2024-55628-004.patch

diff --git a/recipes-ids/suricata/files/CVE-2024-55627-001.patch b/recipes-ids/suricata/files/CVE-2024-55627-001.patch
new file mode 100644
index 0000000..50b4f06
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55627-001.patch
@@ -0,0 +1,59 @@
+From 0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 21 Nov 2024 14:55:32 +0100
+Subject: [PATCH] util/streaming-buffer: fix regions intersection
+
+This was not a problem for current callers in Suricata,
+as RegionsIntersect is only called through StreamingBufferInsertAt
+which is only used by TCP...
+
+And TCP uses default region gap = 256kb, and only calls
+StreamingBufferInsertAt with a u16, so TCP never inserts a new
+data that will strictly contain an existing region augmented
+with region gap, which was the only case where RegionsIntersect
+returned the wrong result, which could later lead to a
+buffer overflow.
+
+Ticket: 7393
+(cherry picked from commit 282509f70c4ce805098e59535af445362e3e9ebd)
+
+CVE: CVE-2024-55627
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/util-streaming-buffer.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
+index 7608b50..d1d20e8 100644
+--- a/src/util-streaming-buffer.c
++++ b/src/util-streaming-buffer.c
+@@ -133,17 +133,14 @@ static inline bool RegionsIntersect(const StreamingBuffer *sb, const StreamingBu
+     SCLogDebug("r %p: %" PRIu64 "/%" PRIu64 " - adjusted %" PRIu64 "/%" PRIu64, r, r->stream_offset,
+             r->stream_offset + r->buf_size, reg_o, reg_re);
+     /* check if data range intersects with region range */
+-    if (offset >= reg_o && offset <= reg_re) {
+-        SCLogDebug("r %p is in-scope", r);
+-        return true;
+-    }
+-    if (re >= reg_o && re <= reg_re) {
+-        SCLogDebug("r %p is in-scope: %" PRIu64 " >= %" PRIu64 " && %" PRIu64 " <= %" PRIu64, r, re,
+-                reg_o, re, reg_re);
+-        return true;
+-    }
+-    SCLogDebug("r %p is out of scope: %" PRIu64 "/%" PRIu64, r, offset, re);
+-    return false;
++    /* [offset:re] and [reg_o:reg_re] do not intersect if and only if
++     * re < reg_o or if reg_re < offset (one segment is strictly before the other)
++     * trusting that offset<=re and reg_o<=reg_re
++     */
++    if (re < reg_o || reg_re < offset) {
++        return false;
++    }
++    return true;
+ }
+ 
+ /** \internal
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-55627-002.patch b/recipes-ids/suricata/files/CVE-2024-55627-002.patch
new file mode 100644
index 0000000..8e2ca6b
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55627-002.patch
@@ -0,0 +1,44 @@
+From 949bfeca0e5f92212dc3d79f4a87c7c482d376aa Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 21 Nov 2024 15:17:21 +0100
+Subject: [PATCH] util/streaming-buffer: check need to grow region
+
+Ticket: 7393
+
+As it was possible before earlier patches to get here
+with mem_size lesser than start->buf_size,
+which caused then an unsigned underflow and a buffer overflow.
+
+(cherry picked from commit 8900041405dbb5f9584edae994af2100733fb4be)
+
+CVE: CVE-2024-55627
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/949bfeca0e5f92212dc3d79f4a87c7c482d376aa]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/util-streaming-buffer.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
+index d1d20e8..2625e49 100644
+--- a/src/util-streaming-buffer.c
++++ b/src/util-streaming-buffer.c
+@@ -931,9 +931,13 @@ static inline void StreamingBufferSlideToOffsetWithRegions(
+                     goto done;
+                 } else {
+                     /* using "main", expand to include "next" */
+-                    if (GrowRegionToSize(sb, cfg, start, mem_size) != 0) {
+-                        new_mem_size = new_data_size;
+-                        goto just_main;
++                    if (mem_size > start->buf_size) {
++                        // Check that start->buf_size is actually not big enough
++                        // As mem_size computation and earlier checks do not make it clear.
++                        if (GrowRegionToSize(sb, cfg, start, mem_size) != 0) {
++                            new_mem_size = new_data_size;
++                            goto just_main;
++                        }
+                     }
+                     SCLogDebug("start->buf now size %u", mem_size);
+ 
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-55627-003.patch b/recipes-ids/suricata/files/CVE-2024-55627-003.patch
new file mode 100644
index 0000000..63d5016
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55627-003.patch
@@ -0,0 +1,41 @@
+From 7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <pantoine@oisf.net>
+Date: Thu, 21 Nov 2024 15:20:44 +0100
+Subject: [PATCH] util/streaming-buffer: add extra safety check
+
+Ticket: 7393
+
+Check if GrowRegionToSize is called with an argument
+trying to shrink the region size, and if so do nothing,
+ie do not try to shrink, and just return ok.
+
+This way, we avoid a buffer overflow from memeset using an
+unsigned having underflowed.
+
+(cherry picked from commit 9a53ec43b13f0039a083950511a18bf6f408e432)
+
+CVE: CVE-2024-55627
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/util-streaming-buffer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
+index 2625e49..077f8af 100644
+--- a/src/util-streaming-buffer.c
++++ b/src/util-streaming-buffer.c
+@@ -715,6 +715,10 @@ static inline int WARN_UNUSED GrowRegionToSize(StreamingBuffer *sb,
+     /* try to grow in multiples of cfg->buf_size */
+     const uint32_t grow = ToNextMultipleOf(size, cfg->buf_size);
+     SCLogDebug("grow %u", grow);
++    if (grow <= region->buf_size) {
++        // do not try to shrink, and do not memset with diff having unsigned underflow
++        return SC_OK;
++    }
+ 
+     void *ptr = REALLOC(cfg, region->buf, region->buf_size, grow);
+     if (ptr == NULL) {
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-001.patch b/recipes-ids/suricata/files/CVE-2024-55628-001.patch
new file mode 100644
index 0000000..6371729
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55628-001.patch
@@ -0,0 +1,738 @@
+From 58c41a7fa99f62d9a8688e970ab1a9b09c79723a Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Thu, 31 Oct 2024 15:40:40 -0600
+Subject: [PATCH] dns: truncate names larger than 1025 characters
+
+Once a name has gone over 1025 chars it will be truncated to 1025
+chars and no more labels will be added to it, however the name will
+continue to be parsed up to the label limit in attempt to find the end
+so parsing can continue.
+
+This introduces a new struct, DNSName which contains the name and any
+flags which indicate any name parsing errors which should not error
+out parsing the complete message, for example, infinite recursion
+after some labels are parsed can continue, or truncation of name where
+compression was used so we know the start of the next data to be
+parsed.
+
+This limits the logged DNS messages from being over our maximum size
+of 10Mb in the case of really long names.
+
+Ticket: #7280
+
+CVE: CVE-2024-55628
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/58c41a7fa99f62d9a8688e970ab1a9b09c79723a]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ rust/src/dns/dns.rs    |  41 +++++---
+ rust/src/dns/log.rs    |  41 ++++----
+ rust/src/dns/lua.rs    |  36 ++++---
+ rust/src/dns/parser.rs | 231 ++++++++++++++++++++++++++++++++++++-----
+ 4 files changed, 277 insertions(+), 72 deletions(-)
+
+diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
+index 382c76a..680bf7e 100644
+--- a/rust/src/dns/dns.rs
++++ b/rust/src/dns/dns.rs
+@@ -144,7 +144,7 @@ pub struct DNSHeader {
+ 
+ #[derive(Debug)]
+ pub struct DNSQueryEntry {
+-    pub name: Vec<u8>,
++    pub name: DNSName,
+     pub rrtype: u16,
+     pub rrclass: u16,
+ }
+@@ -152,9 +152,9 @@ pub struct DNSQueryEntry {
+ #[derive(Debug, PartialEq, Eq)]
+ pub struct DNSRDataSOA {
+     /// Primary name server for this zone
+-    pub mname: Vec<u8>,
++    pub mname: DNSName,
+     /// Authority's mailbox
+-    pub rname: Vec<u8>,
++    pub rname: DNSName,
+     /// Serial version number
+     pub serial: u32,
+     /// Refresh interval (seconds)
+@@ -186,7 +186,22 @@ pub struct DNSRDataSRV {
+     /// Port
+     pub port: u16,
+     /// Target
+-    pub target: Vec<u8>,
++    pub target: DNSName,
++}
++
++bitflags! {
++    #[derive(Default)]
++    pub struct DNSNameFlags: u8 {
++        const INFINITE_LOOP = 0b0000_0001;
++        const TRUNCATED     = 0b0000_0010;
++        const LABEL_LIMIT   = 0b0000_0100;
++    }
++}
++
++#[derive(Debug, Clone, PartialEq, Eq)]
++pub struct DNSName {
++    pub value: Vec<u8>,
++    pub flags: DNSNameFlags,
+ }
+ 
+ /// Represents RData of various formats
+@@ -196,10 +211,10 @@ pub enum DNSRData {
+     A(Vec<u8>),
+     AAAA(Vec<u8>),
+     // RData is a domain name
+-    CNAME(Vec<u8>),
+-    PTR(Vec<u8>),
+-    MX(Vec<u8>),
+-    NS(Vec<u8>),
++    CNAME(DNSName),
++    PTR(DNSName),
++    MX(DNSName),
++    NS(DNSName),
+     // RData is text
+     TXT(Vec<u8>),
+     NULL(Vec<u8>),
+@@ -213,7 +228,7 @@ pub enum DNSRData {
+ 
+ #[derive(Debug, PartialEq, Eq)]
+ pub struct DNSAnswerEntry {
+-    pub name: Vec<u8>,
++    pub name: DNSName,
+     pub rrtype: u16,
+     pub rrclass: u16,
+     pub ttl: u32,
+@@ -871,9 +886,9 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name(
+     if let Some(request) = &tx.request {
+         if (i as usize) < request.queries.len() {
+             let query = &request.queries[i as usize];
+-            if !query.name.is_empty() {
+-                *len = query.name.len() as u32;
+-                *buf = query.name.as_ptr();
++            if !query.name.value.is_empty() {
++                *len = query.name.value.len() as u32;
++                *buf = query.name.value.as_ptr();
+                 return 1;
+             }
+         }
+@@ -904,7 +919,7 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_rrtype(
+     if let Some(request) = &tx.request {
+         if (i as usize) < request.queries.len() {
+             let query = &request.queries[i as usize];
+-            if !query.name.is_empty() {
++            if !query.name.value.is_empty() {
+                 *rrtype = query.rrtype;
+                 return 1;
+             }
+diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
+index 5212b1a..6bf9589 100644
+--- a/rust/src/dns/log.rs
++++ b/rust/src/dns/log.rs
+@@ -398,8 +398,8 @@ pub fn dns_print_addr(addr: &Vec<u8>) -> std::string::String {
+ fn dns_log_soa(soa: &DNSRDataSOA) -> Result<JsonBuilder, JsonError> {
+     let mut js = JsonBuilder::try_new_object()?;
+ 
+-    js.set_string_from_bytes("mname", &soa.mname)?;
+-    js.set_string_from_bytes("rname", &soa.rname)?;
++    js.set_string_from_bytes("mname", &soa.mname.value)?;
++    js.set_string_from_bytes("rname", &soa.rname.value)?;
+     js.set_uint("serial", soa.serial as u64)?;
+     js.set_uint("refresh", soa.refresh as u64)?;
+     js.set_uint("retry", soa.retry as u64)?;
+@@ -434,7 +434,7 @@ fn dns_log_srv(srv: &DNSRDataSRV) -> Result<JsonBuilder, JsonError> {
+     js.set_uint("priority", srv.priority as u64)?;
+     js.set_uint("weight", srv.weight as u64)?;
+     js.set_uint("port", srv.port as u64)?;
+-    js.set_string_from_bytes("name", &srv.target)?;
++    js.set_string_from_bytes("name", &srv.target.value)?;
+ 
+     js.close()?;
+     return Ok(js);
+@@ -443,7 +443,7 @@ fn dns_log_srv(srv: &DNSRDataSRV) -> Result<JsonBuilder, JsonError> {
+ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, JsonError> {
+     let mut jsa = JsonBuilder::try_new_object()?;
+ 
+-    jsa.set_string_from_bytes("rrname", &answer.name)?;
++    jsa.set_string_from_bytes("rrname", &answer.name.value)?;
+     jsa.set_string("rrtype", &dns_rrtype_string(answer.rrtype))?;
+     jsa.set_uint("ttl", answer.ttl as u64)?;
+ 
+@@ -451,12 +451,10 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, Js
+         DNSRData::A(addr) | DNSRData::AAAA(addr) => {
+             jsa.set_string("rdata", &dns_print_addr(addr))?;
+         }
+-        DNSRData::CNAME(bytes)
+-        | DNSRData::MX(bytes)
+-        | DNSRData::NS(bytes)
+-        | DNSRData::TXT(bytes)
+-        | DNSRData::NULL(bytes)
+-        | DNSRData::PTR(bytes) => {
++        DNSRData::CNAME(name) | DNSRData::MX(name) | DNSRData::NS(name) | DNSRData::PTR(name) => {
++            jsa.set_string_from_bytes("rdata", &name.value)?;
++        }
++        DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => {
+             jsa.set_string_from_bytes("rdata", bytes)?;
+         }
+         DNSRData::SOA(soa) => {
+@@ -507,7 +505,7 @@ fn dns_log_json_answer(
+     js.set_uint("opcode", opcode as u64)?;
+ 
+     if let Some(query) = response.queries.first() {
+-        js.set_string_from_bytes("rrname", &query.name)?;
++        js.set_string_from_bytes("rrname", &query.name.value)?;
+         js.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
+     }
+     js.set_string("rcode", &dns_rcode_string(header.flags))?;
+@@ -530,12 +528,19 @@ fn dns_log_json_answer(
+                             a.append_string(&dns_print_addr(addr))?;
+                         }
+                     }
+-                    DNSRData::CNAME(bytes)
+-                    | DNSRData::MX(bytes)
+-                    | DNSRData::NS(bytes)
+-                    | DNSRData::TXT(bytes)
+-                    | DNSRData::NULL(bytes)
+-                    | DNSRData::PTR(bytes) => {
++                    DNSRData::CNAME(name)
++                    | DNSRData::MX(name)
++                    | DNSRData::NS(name)
++                    | DNSRData::PTR(name) => {
++                        if !answer_types.contains_key(&type_string) {
++                            answer_types
++                                .insert(type_string.to_string(), JsonBuilder::try_new_array()?);
++                        }
++                        if let Some(a) = answer_types.get_mut(&type_string) {
++                            a.append_string_from_bytes(&name.value)?;
++                        }
++                    }
++                    DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => {
+                         if !answer_types.contains_key(&type_string) {
+                             answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?);
+                         }
+@@ -614,7 +619,7 @@ fn dns_log_query(
+             if dns_log_rrtype_enabled(query.rrtype, flags) {
+                 jb.set_string("type", "query")?;
+                 jb.set_uint("id", request.header.tx_id as u64)?;
+-                jb.set_string_from_bytes("rrname", &query.name)?;
++                jb.set_string_from_bytes("rrname", &query.name.value)?;
+                 jb.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
+                 jb.set_uint("tx_id", tx.id - 1)?;
+                 if request.header.flags & 0x0040 != 0 {
+diff --git a/rust/src/dns/lua.rs b/rust/src/dns/lua.rs
+index b9935f8..f7b0c15 100644
+--- a/rust/src/dns/lua.rs
++++ b/rust/src/dns/lua.rs
+@@ -34,12 +34,12 @@ pub extern "C" fn rs_dns_lua_get_rrname(clua: &mut CLuaState, tx: &mut DNSTransa
+ 
+     if let Some(request) = &tx.request {
+         if let Some(query) = request.queries.first() {
+-            lua.pushstring(&String::from_utf8_lossy(&query.name));
++            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
+             return 1;
+         }
+     } else if let Some(response) = &tx.response {
+         if let Some(query) = response.queries.first() {
+-            lua.pushstring(&String::from_utf8_lossy(&query.name));
++            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
+             return 1;
+         }
+     }
+@@ -86,7 +86,7 @@ pub extern "C" fn rs_dns_lua_get_query_table(
+             lua.settable(-3);
+ 
+             lua.pushstring("rrname");
+-            lua.pushstring(&String::from_utf8_lossy(&query.name));
++            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
+             lua.settable(-3);
+ 
+             lua.settable(-3);
+@@ -103,7 +103,7 @@ pub extern "C" fn rs_dns_lua_get_query_table(
+             lua.settable(-3);
+ 
+             lua.pushstring("rrname");
+-            lua.pushstring(&String::from_utf8_lossy(&query.name));
++            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
+             lua.settable(-3);
+ 
+             lua.settable(-3);
+@@ -142,11 +142,11 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
+             lua.settable(-3);
+ 
+             lua.pushstring("rrname");
+-            lua.pushstring(&String::from_utf8_lossy(&answer.name));
++            lua.pushstring(&String::from_utf8_lossy(&answer.name.value));
+             lua.settable(-3);
+ 
+             // All rdata types are pushed to "addr" for backwards compatibility
+-            match answer.data {
++            match &answer.data {
+                 DNSRData::A(ref bytes) | DNSRData::AAAA(ref bytes) => {
+                     if !bytes.is_empty() {
+                         lua.pushstring("addr");
+@@ -154,12 +154,18 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
+                         lua.settable(-3);
+                     }
+                 }
+-                DNSRData::CNAME(ref bytes)
+-                | DNSRData::MX(ref bytes)
+-                | DNSRData::NS(ref bytes)
+-                | DNSRData::TXT(ref bytes)
++                DNSRData::CNAME(name)
++                | DNSRData::MX(name)
++                | DNSRData::NS(name)
++                | DNSRData::PTR(name) => {
++                    if !name.value.is_empty() {
++                        lua.pushstring("addr");
++                        lua.pushstring(&String::from_utf8_lossy(&name.value));
++                        lua.settable(-3);
++                    }
++                }
++                DNSRData::TXT(ref bytes)
+                 | DNSRData::NULL(ref bytes)
+-                | DNSRData::PTR(ref bytes)
+                 | DNSRData::Unknown(ref bytes) => {
+                     if !bytes.is_empty() {
+                         lua.pushstring("addr");
+@@ -168,9 +174,9 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
+                     }
+                 }
+                 DNSRData::SOA(ref soa) => {
+-                    if !soa.mname.is_empty() {
++                    if !soa.mname.value.is_empty() {
+                         lua.pushstring("addr");
+-                        lua.pushstring(&String::from_utf8_lossy(&soa.mname));
++                        lua.pushstring(&String::from_utf8_lossy(&soa.mname.value));
+                         lua.settable(-3);
+                     }
+                 }
+@@ -181,7 +187,7 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
+                 }
+                 DNSRData::SRV(ref srv) => {
+                     lua.pushstring("addr");
+-                    lua.pushstring(&String::from_utf8_lossy(&srv.target));
++                    lua.pushstring(&String::from_utf8_lossy(&srv.target.value));
+                     lua.settable(-3);
+                 }
+             }
+@@ -221,7 +227,7 @@ pub extern "C" fn rs_dns_lua_get_authority_table(
+             lua.settable(-3);
+ 
+             lua.pushstring("rrname");
+-            lua.pushstring(&String::from_utf8_lossy(&answer.name));
++            lua.pushstring(&String::from_utf8_lossy(&answer.name.value));
+             lua.settable(-3);
+ 
+             lua.settable(-3);
+diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs
+index a1d97a5..12929bc 100644
+--- a/rust/src/dns/parser.rs
++++ b/rust/src/dns/parser.rs
+@@ -45,16 +45,48 @@ pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> {
+     ))
+ }
+ 
++// Set a maximum assembled hostname length of 1025, this value was
++// chosen as its what DNSMasq uses, a popular DNS server, even if most
++// tooling limits names to 256 chars without special options.
++static MAX_NAME_LEN: usize = 1025;
++
+ /// Parse a DNS name.
+ ///
++/// Names are parsed with the following restrictions:
++///
++/// - Only 255 segments will be processed, if more the parser may
++///   error out. This is also our safeguard against an infinite loop. If
++///   a pointer had been followed a truncated name will be
++///   returned. However if pointer has been processed we error out as we
++///   don't know where the next data point starts without more
++///   iterations.
++///
++/// - The maximum name parsed in representation format is MAX_NAME_LEN
++///   characters. Once larger, the truncated name will be returned with
++///   a flag specifying the name was truncated. Note that parsing
++///   continues if no pointer has been used as we still need to find the
++///   start of the next protocol unit.
++///
++/// As some error in parsing the name are recoverable, a DNSName
++/// object is returned with flags signifying a recoverable
++/// error. These errors include:
++///
++/// - infinite loop: as we know the end of the name in the input
++///   stream, we can return what we've parsed with the remain data.
++///
++/// - maximum number of segments/labels parsed
++///
++/// - truncation of name when too long
++///
+ /// Parameters:
+ ///   start: the start of the name
+ ///   message: the complete message that start is a part of with the DNS header
+-pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], Vec<u8>> {
++pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], DNSName> {
+     let mut pos = start;
+     let mut pivot = start;
+     let mut name: Vec<u8> = Vec::with_capacity(32);
+     let mut count = 0;
++    let mut flags = DNSNameFlags::default();
+ 
+     loop {
+         if pos.is_empty() {
+@@ -68,10 +100,12 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
+             break;
+         } else if len & 0b1100_0000 == 0 {
+             let (rem, label) = length_data(be_u8)(pos)?;
+-            if !name.is_empty() {
+-                name.push(b'.');
++            if !flags.contains(DNSNameFlags::TRUNCATED) {
++                if !name.is_empty() {
++                    name.push(b'.');
++                }
++                name.extend(label);
+             }
+-            name.extend(label);
+             pos = rem;
+         } else if len & 0b1100_0000 == 0b1100_0000 {
+             let (rem, leader) = be_u16(pos)?;
+@@ -79,6 +113,21 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
+             if offset > message.len() {
+                 return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit)));
+             }
++
++            if &message[offset..] == pos {
++                // Self reference, immedate infinite loop.
++                flags.insert(DNSNameFlags::INFINITE_LOOP);
++
++                // If we have followed a pointer, we can just break as
++                // we've already found the end of the input. But if we
++                // have not followed a pointer yet return a parse
++                // error.
++                if pivot != start {
++                    break;
++                }
++                return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit)));
++            }
++
+             pos = &message[offset..];
+             if pivot == start {
+                 pivot = rem;
+@@ -89,19 +138,43 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
+ 
+         // Return error if we've looped a certain number of times.
+         count += 1;
++
+         if count > 255 {
++            flags.insert(DNSNameFlags::LABEL_LIMIT);
++
++            // Our segment limit has been reached, if we have hit a
++            // pointer we can just return the truncated name. If we
++            // have not hit a pointer, we need to bail with an error.
++            if pivot != start {
++                flags.insert(DNSNameFlags::TRUNCATED);
++                break;
++            }
+             return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit)));
+         }
++
++        if name.len() > MAX_NAME_LEN {
++            name.truncate(MAX_NAME_LEN);
++            flags.insert(DNSNameFlags::TRUNCATED);
++
++            // If we have pivoted due to a pointer we know where the
++            // end of the data is, so we can break early. Otherwise
++            // we'll keep parsing in hopes to find the end of the name
++            // so parsing can continue.
++            if pivot != start {
++                break;
++            }
++        }
+     }
+ 
+     // If we followed a pointer we return the position after the first
+     // pointer followed. Is there a better way to see if these slices
+     // diverged from each other?  A straight up comparison would
+     // actually check the contents.
+-    if pivot.len() != start.len() {
+-        return Ok((pivot, name));
++    if pivot != start {
++        Ok((pivot, DNSName { value: name, flags }))
++    } else {
++        Ok((pos, DNSName { value: name, flags }))
+     }
+-    return Ok((pos, name));
+ }
+ 
+ /// Parse answer entries.
+@@ -121,7 +194,7 @@ fn dns_parse_answer<'a>(
+     let mut input = slice;
+ 
+     struct Answer<'a> {
+-        name: Vec<u8>,
++        name: DNSName,
+         rrtype: u16,
+         rrclass: u16,
+         ttl: u32,
+@@ -375,7 +448,7 @@ mod tests {
+         ];
+         let expected_remainder: &[u8] = &[0x00, 0x01, 0x00];
+         let (remainder, name) = dns_parse_name(buf, buf).unwrap();
+-        assert_eq!("client-cf.dropbox.com".as_bytes(), &name[..]);
++        assert_eq!("client-cf.dropbox.com".as_bytes(), &name.value[..]);
+         assert_eq!(remainder, expected_remainder);
+     }
+ 
+@@ -411,7 +484,13 @@ mod tests {
+         let res1 = dns_parse_name(start1, message);
+         assert_eq!(
+             res1,
+-            Ok((&start1[22..], "www.suricata-ids.org".as_bytes().to_vec()))
++            Ok((
++                &start1[22..],
++                DNSName {
++                    value: "www.suricata-ids.org".as_bytes().to_vec(),
++                    flags: DNSNameFlags::default(),
++                }
++            ))
+         );
+ 
+         // The second name starts at offset 80, but is just a pointer
+@@ -420,7 +499,13 @@ mod tests {
+         let res2 = dns_parse_name(start2, message);
+         assert_eq!(
+             res2,
+-            Ok((&start2[2..], "www.suricata-ids.org".as_bytes().to_vec()))
++            Ok((
++                &start2[2..],
++                DNSName {
++                    value: "www.suricata-ids.org".as_bytes().to_vec(),
++                    flags: DNSNameFlags::default()
++                }
++            ))
+         );
+ 
+         // The third name starts at offset 94, but is a pointer to a
+@@ -429,7 +514,13 @@ mod tests {
+         let res3 = dns_parse_name(start3, message);
+         assert_eq!(
+             res3,
+-            Ok((&start3[2..], "suricata-ids.org".as_bytes().to_vec()))
++            Ok((
++                &start3[2..],
++                DNSName {
++                    value: "suricata-ids.org".as_bytes().to_vec(),
++                    flags: DNSNameFlags::default()
++                }
++            ))
+         );
+ 
+         // The fourth name starts at offset 110, but is a pointer to a
+@@ -438,7 +529,13 @@ mod tests {
+         let res4 = dns_parse_name(start4, message);
+         assert_eq!(
+             res4,
+-            Ok((&start4[2..], "suricata-ids.org".as_bytes().to_vec()))
++            Ok((
++                &start4[2..],
++                DNSName {
++                    value: "suricata-ids.org".as_bytes().to_vec(),
++                    flags: DNSNameFlags::default()
++                }
++            ))
+         );
+     }
+ 
+@@ -473,7 +570,13 @@ mod tests {
+         let res = dns_parse_name(start, message);
+         assert_eq!(
+             res,
+-            Ok((&start[2..], "block.g1.dropbox.com".as_bytes().to_vec()))
++            Ok((
++                &start[2..],
++                DNSName {
++                    value: "block.g1.dropbox.com".as_bytes().to_vec(),
++                    flags: DNSNameFlags::default()
++                }
++            ))
+         );
+     }
+ 
+@@ -512,7 +615,7 @@ mod tests {
+                 assert_eq!(request.queries.len(), 1);
+ 
+                 let query = &request.queries[0];
+-                assert_eq!(query.name, "www.suricata-ids.org".as_bytes().to_vec());
++                assert_eq!(query.name.value, "www.suricata-ids.org".as_bytes().to_vec());
+                 assert_eq!(query.rrtype, 1);
+                 assert_eq!(query.rrclass, 1);
+             }
+@@ -569,20 +672,26 @@ mod tests {
+                 assert_eq!(response.answers.len(), 3);
+ 
+                 let answer1 = &response.answers[0];
+-                assert_eq!(answer1.name, "www.suricata-ids.org".as_bytes().to_vec());
++                assert_eq!(answer1.name.value, "www.suricata-ids.org".as_bytes().to_vec());
+                 assert_eq!(answer1.rrtype, 5);
+                 assert_eq!(answer1.rrclass, 1);
+                 assert_eq!(answer1.ttl, 3544);
+                 assert_eq!(
+                     answer1.data,
+-                    DNSRData::CNAME("suricata-ids.org".as_bytes().to_vec())
++                    DNSRData::CNAME(DNSName {
++                        value: "suricata-ids.org".as_bytes().to_vec(),
++                        flags: Default::default(),
++                    })
+                 );
+ 
+                 let answer2 = &response.answers[1];
+                 assert_eq!(
+                     answer2,
+                     &DNSAnswerEntry {
+-                        name: "suricata-ids.org".as_bytes().to_vec(),
++                        name: DNSName {
++                            value: "suricata-ids.org".as_bytes().to_vec(),
++                            flags: Default::default(),
++                        },
+                         rrtype: 1,
+                         rrclass: 1,
+                         ttl: 244,
+@@ -594,7 +703,10 @@ mod tests {
+                 assert_eq!(
+                     answer3,
+                     &DNSAnswerEntry {
+-                        name: "suricata-ids.org".as_bytes().to_vec(),
++                        name: DNSName {
++                            value: "suricata-ids.org".as_bytes().to_vec(),
++                            flags: Default::default(),
++                        },
+                         rrtype: 1,
+                         rrclass: 1,
+                         ttl: 244,
+@@ -653,15 +765,21 @@ mod tests {
+                 assert_eq!(response.authorities.len(), 1);
+ 
+                 let authority = &response.authorities[0];
+-                assert_eq!(authority.name, "oisf.net".as_bytes().to_vec());
++                assert_eq!(authority.name.value, "oisf.net".as_bytes().to_vec());
+                 assert_eq!(authority.rrtype, 6);
+                 assert_eq!(authority.rrclass, 1);
+                 assert_eq!(authority.ttl, 899);
+                 assert_eq!(
+                     authority.data,
+                     DNSRData::SOA(DNSRDataSOA {
+-                        mname: "ns-110.awsdns-13.com".as_bytes().to_vec(),
+-                        rname: "awsdns-hostmaster.amazon.com".as_bytes().to_vec(),
++                        mname: DNSName {
++                            value: "ns-110.awsdns-13.com".as_bytes().to_vec(),
++                            flags: DNSNameFlags::default()
++                        },
++                        rname: DNSName {
++                            value: "awsdns-hostmaster.amazon.com".as_bytes().to_vec(),
++                            flags: DNSNameFlags::default()
++                        },
+                         serial: 1,
+                         refresh: 7200,
+                         retry: 900,
+@@ -712,14 +830,14 @@ mod tests {
+ 
+                 assert_eq!(response.queries.len(), 1);
+                 let query = &response.queries[0];
+-                assert_eq!(query.name, "vaaaakardli.pirate.sea".as_bytes().to_vec());
++                assert_eq!(query.name.value, "vaaaakardli.pirate.sea".as_bytes().to_vec());
+                 assert_eq!(query.rrtype, DNS_RECORD_TYPE_NULL);
+                 assert_eq!(query.rrclass, 1);
+ 
+                 assert_eq!(response.answers.len(), 1);
+ 
+                 let answer = &response.answers[0];
+-                assert_eq!(answer.name, "vaaaakardli.pirate.sea".as_bytes().to_vec());
++                assert_eq!(answer.name.value, "vaaaakardli.pirate.sea".as_bytes().to_vec());
+                 assert_eq!(answer.rrtype, DNS_RECORD_TYPE_NULL);
+                 assert_eq!(answer.rrclass, 1);
+                 assert_eq!(answer.ttl, 0);
+@@ -819,7 +937,7 @@ mod tests {
+                         assert_eq!(srv.weight, 1);
+                         assert_eq!(srv.port, 5060);
+                         assert_eq!(
+-                            srv.target,
++                            srv.target.value,
+                             "sip-anycast-2.voice.google.com".as_bytes().to_vec()
+                         );
+                     }
+@@ -834,7 +952,7 @@ mod tests {
+                         assert_eq!(srv.weight, 1);
+                         assert_eq!(srv.port, 5060);
+                         assert_eq!(
+-                            srv.target,
++                            srv.target.value,
+                             "sip-anycast-1.voice.google.com".as_bytes().to_vec()
+                         );
+                     }
+@@ -848,4 +966,65 @@ mod tests {
+             }
+         }
+     }
++
++    #[test]
++    fn test_dns_parse_name_truncated() {
++        // Generate a non-compressed hostname over our maximum of 1024.
++        let mut buf: Vec<u8> = vec![];
++        for _ in 0..17 {
++            buf.push(0b0011_1111);
++            for _ in 0..63 {
++                buf.push(b'a');
++            }
++        }
++
++        let (rem, name) = dns_parse_name(&buf, &buf).unwrap();
++        assert_eq!(name.value.len(), MAX_NAME_LEN);
++        assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
++        assert!(rem.is_empty());
++    }
++
++    #[test]
++    fn test_dns_parse_name_truncated_max_segments_no_pointer() {
++        let mut buf: Vec<u8> = vec![];
++        for _ in 0..256 {
++            buf.push(0b0000_0001);
++            buf.push(b'a');
++        }
++
++        // This should fail as we've hit the segment limit without a
++        // pointer, we'd need to keep parsing more segments to figure
++        // out where the next data point lies.
++        assert!(dns_parse_name(&buf, &buf).is_err());
++    }
++
++    #[test]
++    fn test_dns_parse_name_truncated_max_segments_with_pointer() {
++        let mut buf: Vec<u8> = vec![];
++
++        // "a" at the beginning of the buffer.
++        buf.push(0b0000_0001);
++        buf.push(b'a');
++
++        // Followed by a pointer back to the beginning.
++        buf.push(0b1100_0000);
++        buf.push(0b0000_0000);
++
++        // The start of the name, which is pointer to the beginning of
++        // the buffer.
++        buf.push(0b1100_0000);
++        buf.push(0b000_0000);
++
++        let (_rem, name) = dns_parse_name(&buf[4..], &buf).unwrap();
++        assert_eq!(name.value.len(), 255);
++        assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
++    }
++
++    #[test]
++    fn test_dns_parse_name_self_reference() {
++        let mut buf = vec![];
++        buf.push(0b1100_0000);
++        buf.push(0b0000_0000);
++        assert!(dns_parse_name(&buf, &buf).is_err());
++    }
+ }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-002.patch b/recipes-ids/suricata/files/CVE-2024-55628-002.patch
new file mode 100644
index 0000000..7bade5d
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55628-002.patch
@@ -0,0 +1,4877 @@
+From 284ad462fcb2e47f1518a1abc19e27ca84c6972e Mon Sep 17 00:00:00 2001
+From: Philippe Antoine <contact@catenacyber.fr>
+Date: Thu, 12 May 2022 20:31:25 +0200
+Subject: [PATCH] output: adds schema.json
+
+Ticket: #1369
+
+CVE: CVE-2024-55628
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/284ad462fcb2e47f1518a1abc19e27ca84c6972e]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ etc/schema.json | 4853 +++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 4853 insertions(+)
+ create mode 100644 etc/schema.json
+
+diff --git a/etc/schema.json b/etc/schema.json
+new file mode 100644
+index 0000000..99f419f
+--- /dev/null
++++ b/etc/schema.json
+@@ -0,0 +1,4853 @@
++{
++    "type": "object",
++    "properties": {
++        "app_proto": {
++            "type": "string",
++            "optional": true
++        },
++        "app_proto_expected": {
++            "type": "string"
++        },
++        "app_proto_orig": {
++            "type": "string"
++        },
++        "app_proto_tc": {
++            "type": "string"
++        },
++        "app_proto_ts": {
++            "type": "string"
++        },
++        "community_id": {
++            "type": "string"
++        },
++        "dest_ip": {
++            "type": "string",
++            "optional": true
++        },
++        "dest_port": {
++            "type": "integer",
++            "optional": true
++        },
++        "event_type": {
++            "type": "string",
++            "optional": false
++        },
++        "flow_id": {
++            "type": "integer",
++            "optional": true
++        },
++        "icmp_code": {
++            "type": "integer"
++        },
++        "icmp_type": {
++            "type": "integer"
++        },
++        "log_level": {
++            "type": "string"
++        },
++        "packet": {
++            "type": "string"
++        },
++        "parent_id": {
++            "type": "integer"
++        },
++        "payload": {
++            "type": "string"
++        },
++        "payload_printable": {
++            "type": "string"
++        },
++        "pcap_cnt": {
++            "type": "integer",
++            "optional": true
++        },
++        "pkt_src": {
++            "type": "string"
++        },
++        "proto": {
++            "type": "string",
++            "optional": true
++        },
++        "response_icmp_code": {
++            "type": "integer"
++        },
++        "response_icmp_type": {
++            "type": "integer"
++        },
++        "spi": {
++            "type": "integer"
++        },
++        "src_ip": {
++            "type": "string",
++            "optional": true
++        },
++        "src_port": {
++            "type": "integer",
++            "optional": true
++        },
++        "stream": {
++            "type": "integer"
++        },
++        "timestamp": {
++            "type": "string",
++            "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[+\\-]\\d+$",
++            "optional": false
++        },
++        "tx_id": {
++            "type": "integer",
++            "optional": true
++        },
++        "files": {
++            "type": "array",
++            "items": {
++                "type": "object",
++                "optional": true,
++                "properties": {
++                    "end": {
++                        "type": "integer"
++                    },
++                    "filename": {
++                        "type": "string"
++                    },
++                    "gaps": {
++                        "type": "boolean"
++                    },
++                    "md5": {
++                        "type": "string"
++                    },
++                    "sha1": {
++                        "type": "string"
++                    },
++                    "sha256": {
++                        "type": "string"
++                    },
++                    "size": {
++                        "type": "integer"
++                    },
++                    "start": {
++                        "type": "integer"
++                    },
++                    "state": {
++                        "type": "string"
++                    },
++                    "stored": {
++                        "type": "boolean"
++                    },
++                    "tx_id": {
++                        "type": "integer"
++                    },
++                    "sid": {
++                        "type": "array",
++                        "items": {
++                            "type": "integer"
++                        }
++                    }
++                },
++                "additionalProperties": false
++            }
++        },
++        "vlan": {
++            "type": "array",
++            "items": {
++                "type": "number"
++            }
++        },
++        "alert": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "action": {
++                    "type": "string"
++                },
++                "category": {
++                    "type": "string"
++                },
++                "gid": {
++                    "type": "integer"
++                },
++                "rev": {
++                    "type": "integer"
++                },
++                "rule": {
++                    "type": "string"
++                },
++                "severity": {
++                    "type": "integer"
++                },
++                "signature": {
++                    "type": "string"
++                },
++                "signature_id": {
++                    "type": "integer"
++                },
++                "xff": {
++                    "type": "string"
++                },
++                "metadata": {
++                    "type": "object",
++                    "properties": {
++                        "affected_product": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "attack_target": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "created_at": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "deployment": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "signature_severity": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "tag": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "updated_at": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "source": {
++                    "type": "object",
++                    "properties": {
++                        "ip": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "target": {
++                    "type": "object",
++                    "properties": {
++                        "ip": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "anomaly": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "app_proto": {
++                    "type": "string"
++                },
++                "event": {
++                    "type": "string"
++                },
++                "layer": {
++                    "type": "string"
++                },
++                "type": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "dcerpc": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "activityuuid": {
++                    "type": "string"
++                },
++                "call_id": {
++                    "type": "integer"
++                },
++                "request": {
++                    "type": "string"
++                },
++                "response": {
++                    "type": "string"
++                },
++                "rpc_version": {
++                    "type": "string"
++                },
++                "seqnum": {
++                    "type": "integer"
++                },
++                "interfaces": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "ack_result": {
++                                "type": "integer"
++                            },
++                            "uuid": {
++                                "type": "string"
++                            },
++                            "version": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "req": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "frag_cnt": {
++                            "type": "integer"
++                        },
++                        "opnum": {
++                            "type": "integer"
++                        },
++                        "stub_data_size": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "res": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "frag_cnt": {
++                            "type": "integer"
++                        },
++                        "stub_data_size": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "dhcp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "assigned_ip": {
++                    "type": "string"
++                },
++                "client_id": {
++                    "type": "string"
++                },
++                "client_ip": {
++                    "type": "string"
++                },
++                "client_mac": {
++                    "type": "string"
++                },
++                "dhcp_type": {
++                    "type": "string"
++                },
++                "hostname": {
++                    "type": "string"
++                },
++                "id": {
++                    "type": "integer"
++                },
++                "lease_time": {
++                    "type": "integer"
++                },
++                "next_server_ip": {
++                    "type": "string"
++                },
++                "rebinding_time": {
++                    "type": "integer"
++                },
++                "relay_ip": {
++                    "type": "string"
++                },
++                "renewal_time": {
++                    "type": "integer"
++                },
++                "subnet_mask": {
++                    "type": "string"
++                },
++                "type": {
++                    "type": "string"
++                },
++                "dns_servers": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "params": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "routers": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "dnp3": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "dst": {
++                    "type": "integer"
++                },
++                "src": {
++                    "type": "integer"
++                },
++                "type": {
++                    "type": "string"
++                },
++                "application": {
++                    "type": "object",
++                    "properties": {
++                        "complete": {
++                            "type": "boolean"
++                        },
++                        "function_code": {
++                            "type": "integer"
++                        },
++                        "objects": {
++                            "type": "array",
++                            "items": {
++                                "type": "object",
++                                "properties": {
++                                    "count": {
++                                        "type": "integer"
++                                    },
++                                    "group": {
++                                        "type": "integer"
++                                    },
++                                    "prefix_code": {
++                                        "type": "integer"
++                                    },
++                                    "qualifier": {
++                                        "type": "integer"
++                                    },
++                                    "range_code": {
++                                        "type": "integer"
++                                    },
++                                    "start": {
++                                        "type": "integer"
++                                    },
++                                    "stop": {
++                                        "type": "integer"
++                                    },
++                                    "variation": {
++                                        "type": "integer"
++                                    },
++                                    "points": {
++                                        "type": "array",
++                                        "items": {
++                                            "type": "object",
++                                            "additionalProperties": true
++                                        }
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        },
++                        "control": {
++                            "type": "object",
++                            "properties": {
++                                "con": {
++                                    "type": "boolean"
++                                },
++                                "fin": {
++                                    "type": "boolean"
++                                },
++                                "fir": {
++                                    "type": "boolean"
++                                },
++                                "sequence": {
++                                    "type": "integer"
++                                },
++                                "uns": {
++                                    "type": "boolean"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "control": {
++                    "type": "object",
++                    "properties": {
++                        "dir": {
++                            "type": "boolean"
++                        },
++                        "fcb": {
++                            "type": "boolean"
++                        },
++                        "fcv": {
++                            "type": "boolean"
++                        },
++                        "function_code": {
++                            "type": "integer"
++                        },
++                        "pri": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "iin": {
++                    "type": "object",
++                    "properties": {
++                        "indicators": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "request": {
++                    "type": "object",
++                    "properties": {
++                        "dst": {
++                            "type": "integer"
++                        },
++                        "src": {
++                            "type": "integer"
++                        },
++                        "type": {
++                            "type": "string"
++                        },
++                        "application": {
++                            "type": "object",
++                            "properties": {
++                                "complete": {
++                                    "type": "boolean"
++                                },
++                                "function_code": {
++                                    "type": "integer"
++                                },
++                                "objects": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "object",
++                                        "properties": {
++                                            "count": {
++                                                "type": "integer"
++                                            },
++                                            "group": {
++                                                "type": "integer"
++                                            },
++                                            "prefix_code": {
++                                                "type": "integer"
++                                            },
++                                            "qualifier": {
++                                                "type": "integer"
++                                            },
++                                            "range_code": {
++                                                "type": "integer"
++                                            },
++                                            "start": {
++                                                "type": "integer"
++                                            },
++                                            "stop": {
++                                                "type": "integer"
++                                            },
++                                            "variation": {
++                                                "type": "integer"
++                                            },
++                                            "points": {
++                                                "type": "array",
++                                                "items": {
++                                                    "type": "object",
++                                                    "additionalProperties": true
++                                                }
++                                            }
++                                        },
++                                        "additionalProperties": false
++                                    }
++                                },
++                                "control": {
++                                    "type": "object",
++                                    "properties": {
++                                        "con": {
++                                            "type": "boolean"
++                                        },
++                                        "fin": {
++                                            "type": "boolean"
++                                        },
++                                        "fir": {
++                                            "type": "boolean"
++                                        },
++                                        "sequence": {
++                                            "type": "integer"
++                                        },
++                                        "uns": {
++                                            "type": "boolean"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "control": {
++                            "type": "object",
++                            "properties": {
++                                "dir": {
++                                    "type": "boolean"
++                                },
++                                "fcb": {
++                                    "type": "boolean"
++                                },
++                                "fcv": {
++                                    "type": "boolean"
++                                },
++                                "function_code": {
++                                    "type": "integer"
++                                },
++                                "pri": {
++                                    "type": "boolean"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "response": {
++                    "type": "object",
++                    "properties": {
++                        "dst": {
++                            "type": "integer"
++                        },
++                        "src": {
++                            "type": "integer"
++                        },
++                        "type": {
++                            "type": "string"
++                        },
++                        "application": {
++                            "type": "object",
++                            "properties": {
++                                "complete": {
++                                    "type": "boolean"
++                                },
++                                "function_code": {
++                                    "type": "integer"
++                                },
++                                "objects": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "object",
++                                        "properties": {
++                                            "count": {
++                                                "type": "integer"
++                                            },
++                                            "group": {
++                                                "type": "integer"
++                                            },
++                                            "prefix_code": {
++                                                "type": "integer"
++                                            },
++                                            "qualifier": {
++                                                "type": "integer"
++                                            },
++                                            "range_code": {
++                                                "type": "integer"
++                                            },
++                                            "start": {
++                                                "type": "integer"
++                                            },
++                                            "stop": {
++                                                "type": "integer"
++                                            },
++                                            "variation": {
++                                                "type": "integer"
++                                            },
++                                            "points": {
++                                                "type": "array",
++                                                "items": {
++                                                    "type": "object",
++                                                    "additionalProperties": true
++                                                }
++                                            }
++                                        },
++                                        "additionalProperties": false
++                                    }
++                                },
++                                "control": {
++                                    "type": "object",
++                                    "properties": {
++                                        "con": {
++                                            "type": "boolean"
++                                        },
++                                        "fin": {
++                                            "type": "boolean"
++                                        },
++                                        "fir": {
++                                            "type": "boolean"
++                                        },
++                                        "sequence": {
++                                            "type": "integer"
++                                        },
++                                        "uns": {
++                                            "type": "boolean"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "control": {
++                            "type": "object",
++                            "properties": {
++                                "dir": {
++                                    "type": "boolean"
++                                },
++                                "fcb": {
++                                    "type": "boolean"
++                                },
++                                "fcv": {
++                                    "type": "boolean"
++                                },
++                                "function_code": {
++                                    "type": "integer"
++                                },
++                                "pri": {
++                                    "type": "boolean"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "iin": {
++                            "type": "object",
++                            "properties": {
++                                "indicators": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "string"
++                                    }
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "dns": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "aa": {
++                    "type": "boolean"
++                },
++                "flags": {
++                    "type": "string"
++                },
++                "id": {
++                    "type": "integer"
++                },
++                "qr": {
++                    "type": "boolean"
++                },
++                "ra": {
++                    "type": "boolean"
++                },
++                "rcode": {
++                    "type": "string"
++                },
++                "rd": {
++                    "type": "boolean"
++                },
++                "rrname": {
++                    "type": "string"
++                },
++                "rrtype": {
++                    "type": "string"
++                },
++                "tx_id": {
++                    "type": "integer"
++                },
++                "type": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "integer"
++                },
++                "answers": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "optional": true,
++                        "properties": {
++                            "rdata": {
++                                "type": "string"
++                            },
++                            "rrname": {
++                                "type": "string"
++                            },
++                            "rrtype": {
++                                "type": "string"
++                            },
++                            "ttl": {
++                                "type": "integer"
++                            },
++                            "srv": {
++                                "type": "object",
++                                "optional": true,
++                                "properties": {
++                                    "name": {
++                                        "type": "string"
++                                    },
++                                    "port": {
++                                        "type": "integer"
++                                    },
++                                    "priority": {
++                                        "type": "integer"
++                                    },
++                                    "weight": {
++                                        "type": "integer"
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "authorities": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "optional": true,
++                        "properties": {
++                            "rdata": {
++                                "type": "string"
++                            },
++                            "rrname": {
++                                "type": "string"
++                            },
++                            "rrtype": {
++                                "type": "string"
++                            },
++                            "ttl": {
++                                "type": "integer"
++                            },
++                            "soa": {
++                                "type": "object",
++                                "optional": true,
++                                "properties": {
++                                    "expire": {
++                                        "type": "integer"
++                                    },
++                                    "minimum": {
++                                        "type": "integer"
++                                    },
++                                    "mname": {
++                                        "type": "string"
++                                    },
++                                    "refresh": {
++                                        "type": "integer"
++                                    },
++                                    "retry": {
++                                        "type": "integer"
++                                    },
++                                    "rname": {
++                                        "type": "string"
++                                    },
++                                    "serial": {
++                                        "type": "integer"
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "query": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "optional": true,
++                        "properties": {
++                            "id": {
++                                "type": "integer"
++                            },
++                            "rrname": {
++                                "type": "string"
++                            },
++                            "rrtype": {
++                                "type": "string"
++                            },
++                            "tx_id": {
++                                "type": "integer"
++                            },
++                            "type": {
++                                "type": "string"
++                            },
++                            "z": {
++                                "type": "boolean"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "answer": {
++                    "type": "object",
++                    "properties": {
++                        "flags": {
++                            "type": "string"
++                        },
++                        "id": {
++                            "type": "integer"
++                        },
++                        "qr": {
++                            "type": "boolean"
++                        },
++                        "ra": {
++                            "type": "boolean"
++                        },
++                        "rcode": {
++                            "type": "string"
++                        },
++                        "rd": {
++                            "type": "boolean"
++                        },
++                        "rrname": {
++                            "type": "string"
++                        },
++                        "rrtype": {
++                            "type": "string"
++                        },
++                        "type": {
++                            "type": "string"
++                        },
++                        "version": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "grouped": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "A": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "AAAA": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "CNAME": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "MX": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "NULL": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "PTR": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "SRV": {
++                            "type": "array",
++                            "items": {
++                                "type": "object",
++                                "optional": true,
++                                "properties": {
++                                    "name": {
++                                        "type": "string"
++                                    },
++                                    "port": {
++                                        "type": "integer"
++                                    },
++                                    "priority": {
++                                        "type": "integer"
++                                    },
++                                    "weight": {
++                                        "type": "integer"
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        },
++                        "TXT": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "z": {
++                    "type": "boolean"
++                }
++            },
++            "additionalProperties": false
++        },
++        "drop": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "ack": {
++                    "type": "boolean"
++                },
++                "fin": {
++                    "type": "boolean"
++                },
++                "icmp_id": {
++                    "type": "integer"
++                },
++                "icmp_seq": {
++                    "type": "integer"
++                },
++                "ipid": {
++                    "type": "integer"
++                },
++                "len": {
++                    "type": "integer"
++                },
++                "psh": {
++                    "type": "boolean"
++                },
++                "rst": {
++                    "type": "boolean"
++                },
++                "syn": {
++                    "type": "boolean"
++                },
++                "tcpack": {
++                    "type": "integer"
++                },
++                "tcpres": {
++                    "type": "integer"
++                },
++                "tcpseq": {
++                    "type": "integer"
++                },
++                "tcpurgp": {
++                    "type": "integer"
++                },
++                "tcpwin": {
++                    "type": "integer"
++                },
++                "tos": {
++                    "type": "integer"
++                },
++                "ttl": {
++                    "type": "integer"
++                },
++                "urg": {
++                    "type": "boolean"
++                }
++            },
++            "additionalProperties": false
++        },
++        "email": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "body_md5": {
++                    "type": "string"
++                },
++                "from": {
++                    "type": "string"
++                },
++                "status": {
++                    "type": "string"
++                },
++                "subject": {
++                    "type": "string"
++                },
++                "subject_md5": {
++                    "type": "string"
++                },
++                "url": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "attachment": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "to": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "engine": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "error": {
++                    "type": "string"
++                },
++                "error_code": {
++                    "type": "integer"
++                },
++                "message": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "ether": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "dest_mac": {
++                    "type": "string"
++                },
++                "src_mac": {
++                    "type": "string"
++                },
++                "dest_macs": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "src_macs": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "fileinfo": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "end": {
++                    "type": "integer"
++                },
++                "file_id": {
++                    "type": "integer"
++                },
++                "filename": {
++                    "type": "string"
++                },
++                "gaps": {
++                    "type": "boolean"
++                },
++                "magic": {
++                    "type": "string"
++                },
++                "md5": {
++                    "type": "string"
++                },
++                "sha1": {
++                    "type": "string"
++                },
++                "sha256": {
++                    "type": "string"
++                },
++                "size": {
++                    "type": "integer"
++                },
++                "start": {
++                    "type": "integer"
++                },
++                "state": {
++                    "type": "string"
++                },
++                "stored": {
++                    "type": "boolean"
++                },
++                "tx_id": {
++                    "type": "integer"
++                },
++                "sid": {
++                    "type": "array",
++                    "items": {
++                        "type": "integer"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "flow": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "action": {
++                    "type": "string"
++                },
++                "age": {
++                    "type": "integer"
++                },
++                "alerted": {
++                    "type": "boolean"
++                },
++                "bypass": {
++                    "type": "string"
++                },
++                "bypassed": {
++                    "type": "object",
++                    "optional": false,
++                    "properties": {
++                        "pkts_toserver": {
++                            "type": "integer"
++                        },
++                        "pkts_toclient": {
++                            "type": "integer"
++                        },
++                        "bytes_toserver": {
++                            "type": "integer"
++                        },
++                        "bytes_toclient": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperites": false
++                },
++                "bytes_toclient": {
++                    "type": "integer"
++                },
++                "bytes_toserver": {
++                    "type": "integer"
++                },
++                "end": {
++                    "type": "string"
++                },
++                "pkts_toclient": {
++                    "type": "integer"
++                },
++                "pkts_toserver": {
++                    "type": "integer"
++                },
++                "reason": {
++                    "type": "string"
++                },
++                "start": {
++                    "type": "string"
++                },
++                "state": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "frame": {
++            "type": "object",
++            "properties": {
++                "type": {
++                    "type": "string"
++                },
++                "id": {
++                    "type": "integer"
++                },
++                "direction": {
++                    "type": "string"
++                },
++                "stream_offset": {
++                    "type": "integer"
++                },
++                "length": {
++                    "type": "integer"
++                },
++                "complete": {
++                    "type": "boolean"
++                },
++                "payload": {
++                    "type": "string"
++                },
++                "payload_printable": {
++                    "type": "string"
++                },
++                "tx_id": {
++                    "type": "integer"
++                }
++            },
++            "additionalProperties": false
++        },
++        "ftp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "command": {
++                    "type": "string"
++                },
++                "command_data": {
++                    "type": "string"
++                },
++                "command_truncated": {
++                    "type": "boolean"
++                },
++                "dynamic_port": {
++                    "type": "integer"
++                },
++                "mode": {
++                    "type": "string"
++                },
++                "reply_received": {
++                    "type": "string"
++                },
++                "reply_truncated": {
++                    "type": "boolean"
++                },
++                "completion_code": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "reply": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "ftp_data": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "command": {
++                    "type": "string"
++                },
++                "filename": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "http": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "hostname": {
++                    "type": "string"
++                },
++                "http_content_type": {
++                    "type": "string"
++                },
++                "http_method": {
++                    "type": "string"
++                },
++                "http_port": {
++                    "type": "integer"
++                },
++                "http_refer": {
++                    "type": "string"
++                },
++                "http_user_agent": {
++                    "type": "string"
++                },
++                "length": {
++                    "type": "integer"
++                },
++                "protocol": {
++                    "type": "string"
++                },
++                "redirect": {
++                    "type": "string"
++                },
++                "status": {
++                    "type": "integer"
++                },
++                "url": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "string"
++                },
++                "xff": {
++                    "type": "string"
++                },
++                "request_headers": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "name": {
++                                "type": "string"
++                            },
++                            "table_size_update": {
++                                "type": "integer"
++                            },
++                            "value": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "response_headers": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "name": {
++                                "type": "string"
++                            },
++                            "table_size_update": {
++                                "type": "integer"
++                            },
++                            "value": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "content_range": {
++                    "type": "object",
++                    "properties": {
++                        "end": {
++                            "type": "integer"
++                        },
++                        "raw": {
++                            "type": "string"
++                        },
++                        "size": {
++                            "type": "integer"
++                        },
++                        "start": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "http2": {
++                    "type": "object",
++                    "properties": {
++                        "stream_id": {
++                            "type": "integer"
++                        },
++                        "request": {
++                            "type": "object",
++                            "properties": {
++                                "error_code": {
++                                    "type": "string"
++                                },
++                                "priority": {
++                                    "type": "integer"
++                                },
++                                "settings": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "object",
++                                        "properties": {
++                                            "settings_id": {
++                                                "type": "string"
++                                            },
++                                            "settings_value": {
++                                                "type": "integer"
++                                            }
++                                        },
++                                        "additionalProperties": false
++                                    }
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "response": {
++                            "type": "object",
++                            "properties": {
++                                "error_code": {
++                                    "type": "string"
++                                },
++                                "settings": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "object",
++                                        "properties": {
++                                            "settings_id": {
++                                                "type": "string"
++                                            },
++                                            "settings_value": {
++                                                "type": "integer"
++                                            }
++                                        },
++                                        "additionalProperties": false
++                                    }
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "http2": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "http_method": {
++                    "type": "string"
++                },
++                "http_user_agent": {
++                    "type": "string"
++                },
++                "length": {
++                    "type": "integer"
++                },
++                "status": {
++                    "type": "integer"
++                },
++                "url": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "string"
++                },
++                "request_headers": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "name": {
++                                "type": "string"
++                            },
++                            "table_size_update": {
++                                "type": "integer"
++                            },
++                            "value": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "response_headers": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "name": {
++                                "type": "string"
++                            },
++                            "table_size_update": {
++                                "type": "integer"
++                            },
++                            "value": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "http2": {
++                    "type": "object",
++                    "properties": {
++                        "stream_id": {
++                            "type": "integer"
++                        },
++                        "request": {
++                            "type": "object",
++                            "properties": {
++                                "priority": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "response": {
++                            "type": "object",
++                            "properties": {
++                                "error_code": {
++                                    "type": "string"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "ike": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "alg_auth": {
++                    "type": "string"
++                },
++                "alg_auth_raw": {
++                    "type": "integer"
++                },
++                "alg_dh": {
++                    "type": "string"
++                },
++                "alg_dh_raw": {
++                    "type": "integer"
++                },
++                "alg_enc": {
++                    "type": "string"
++                },
++                "alg_enc_raw": {
++                    "type": "integer"
++                },
++                "alg_hash": {
++                    "type": "string"
++                },
++                "alg_hash_raw": {
++                    "type": "integer"
++                },
++                "exchange_type": {
++                    "type": "integer"
++                },
++                "exchange_type_verbose": {
++                    "type": "string"
++                },
++                "init_spi": {
++                    "type": "string"
++                },
++                "message_id": {
++                    "type": "integer"
++                },
++                "resp_spi": {
++                    "type": "string"
++                },
++                "role": {
++                    "type": "string"
++                },
++                "sa_key_length": {
++                    "type": "string"
++                },
++                "sa_key_length_raw": {
++                    "type": "integer"
++                },
++                "sa_life_duration": {
++                    "type": "string"
++                },
++                "sa_life_duration_raw": {
++                    "type": "integer"
++                },
++                "sa_life_type": {
++                    "type": "string"
++                },
++                "sa_life_type_raw": {
++                    "type": "integer"
++                },
++                "version_major": {
++                    "type": "integer"
++                },
++                "version_minor": {
++                    "type": "integer"
++                },
++                "payload": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "ikev1": {
++                    "type": "object",
++                    "properties": {
++                        "doi": {
++                            "type": "integer"
++                        },
++                        "encrypted_payloads": {
++                            "type": "boolean"
++                        },
++                        "vendor_ids": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        },
++                        "client": {
++                            "type": "object",
++                            "properties": {
++                                "key_exchange_payload": {
++                                    "type": "string"
++                                },
++                                "key_exchange_payload_length": {
++                                    "type": "integer"
++                                },
++                                "nonce_payload": {
++                                    "type": "string"
++                                },
++                                "nonce_payload_length": {
++                                    "type": "integer"
++                                },
++                                "proposals": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "object",
++                                        "properties": {
++                                            "alg_auth": {
++                                                "type": "string"
++                                            },
++                                            "alg_auth_raw": {
++                                                "type": "integer"
++                                            },
++                                            "alg_dh": {
++                                                "type": "string"
++                                            },
++                                            "alg_dh_raw": {
++                                                "type": "integer"
++                                            },
++                                            "alg_enc": {
++                                                "type": "string"
++                                            },
++                                            "alg_enc_raw": {
++                                                "type": "integer"
++                                            },
++                                            "alg_hash": {
++                                                "type": "string"
++                                            },
++                                            "alg_hash_raw": {
++                                                "type": "integer"
++                                            },
++                                            "sa_key_length": {
++                                                "type": "string"
++                                            },
++                                            "sa_key_length_raw": {
++                                                "type": "integer"
++                                            },
++                                            "sa_life_duration": {
++                                                "type": "string"
++                                            },
++                                            "sa_life_duration_raw": {
++                                                "type": "integer"
++                                            },
++                                            "sa_life_type": {
++                                                "type": "string"
++                                            },
++                                            "sa_life_type_raw": {
++                                                "type": "integer"
++                                            }
++                                        },
++                                        "additionalProperties": false
++                                    }
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "server": {
++                            "type": "object",
++                            "properties": {
++                                "key_exchange_payload": {
++                                    "type": "string"
++                                },
++                                "key_exchange_payload_length": {
++                                    "type": "integer"
++                                },
++                                "nonce_payload": {
++                                    "type": "string"
++                                },
++                                "nonce_payload_length": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "ikev2": {
++                    "type": "object",
++                    "properties": {
++                        "errors": {
++                            "type": "integer"
++                        },
++                        "notify": {
++                            "type": "array"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "krb5": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "cname": {
++                    "type": "string"
++                },
++                "encryption": {
++                    "type": "string"
++                },
++                "error_code": {
++                    "type": "string"
++                },
++                "failed_request": {
++                    "type": "string"
++                },
++                "msg_type": {
++                    "type": "string"
++                },
++                "realm": {
++                    "type": "string"
++                },
++                "sname": {
++                    "type": "string"
++                },
++                "weak_encryption": {
++                    "type": "boolean"
++                }
++            },
++            "additionalProperties": false
++        },
++        "metadata": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "flowbits": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "flowvars": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "gid": {
++                                "type": "string"
++                            },
++                            "key": {
++                                "type": "string"
++                            },
++                            "value": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": true
++                    }
++                },
++                "pktvars": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "uid": {
++                                "type": "string"
++                            },
++                            "username": {
++                                "type": "string"
++                            }
++                        },
++                        "additionalProperties": false
++                    }
++                },
++                "flowints": {
++                    "type": "object",
++                    "additionalProperties": true
++                }
++            },
++            "additionalProperties": false
++        },
++        "modbus": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "id": {
++                    "type": "integer"
++                },
++                "request": {
++                    "type": "object",
++                    "properties": {
++                        "access_type": {
++                            "type": "string"
++                        },
++                        "category": {
++                            "type": "string"
++                        },
++                        "data": {
++                            "type": "string"
++                        },
++                        "error_flags": {
++                            "type": "string"
++                        },
++                        "function_code": {
++                            "type": "string"
++                        },
++                        "function_raw": {
++                            "type": "integer"
++                        },
++                        "protocol_id": {
++                            "type": "integer"
++                        },
++                        "transaction_id": {
++                            "type": "integer"
++                        },
++                        "unit_id": {
++                            "type": "integer"
++                        },
++                        "diagnostic": {
++                            "type": "object",
++                            "properties": {
++                                "code": {
++                                    "type": "string"
++                                },
++                                "data": {
++                                    "type": "string"
++                                },
++                                "raw": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "mei": {
++                            "type": "object",
++                            "properties": {
++                                "code": {
++                                    "type": "string"
++                                },
++                                "data": {
++                                    "type": "string"
++                                },
++                                "raw": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "read": {
++                            "type": "object",
++                            "properties": {
++                                "address": {
++                                    "type": "integer"
++                                },
++                                "quantity": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "write": {
++                            "type": "object",
++                            "properties": {
++                                "address": {
++                                    "type": "integer"
++                                },
++                                "data": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "response": {
++                    "type": "object",
++                    "properties": {
++                        "access_type": {
++                            "type": "string"
++                        },
++                        "category": {
++                            "type": "string"
++                        },
++                        "data": {
++                            "type": "string"
++                        },
++                        "error_flags": {
++                            "type": "string"
++                        },
++                        "function_code": {
++                            "type": "string"
++                        },
++                        "function_raw": {
++                            "type": "integer"
++                        },
++                        "protocol_id": {
++                            "type": "integer"
++                        },
++                        "transaction_id": {
++                            "type": "integer"
++                        },
++                        "unit_id": {
++                            "type": "integer"
++                        },
++                        "diagnostic": {
++                            "type": "object",
++                            "properties": {
++                                "code": {
++                                    "type": "string"
++                                },
++                                "data": {
++                                    "type": "string"
++                                },
++                                "raw": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "exception": {
++                            "type": "object",
++                            "properties": {
++                                "code": {
++                                    "type": "string"
++                                },
++                                "raw": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "read": {
++                            "type": "object",
++                            "properties": {
++                                "data": {
++                                    "type": "string"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "write": {
++                            "type": "object",
++                            "properties": {
++                                "address": {
++                                    "type": "integer"
++                                },
++                                "data": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "mqtt": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "connack": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "return_code": {
++                            "type": "integer"
++                        },
++                        "session_present": {
++                            "type": "boolean"
++                        },
++                        "properties": {
++                            "type": "object",
++                            "additionalProperties": true
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "connect": {
++                    "type": "object",
++                    "properties": {
++                        "client_id": {
++                            "type": "string"
++                        },
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "password": {
++                            "type": "string"
++                        },
++                        "protocol_string": {
++                            "type": "string"
++                        },
++                        "protocol_version": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "username": {
++                            "type": "string"
++                        },
++                        "flags": {
++                            "type": "object",
++                            "properties": {
++                                "clean_session": {
++                                    "type": "boolean"
++                                },
++                                "password": {
++                                    "type": "boolean"
++                                },
++                                "username": {
++                                    "type": "boolean"
++                                },
++                                "will": {
++                                    "type": "boolean"
++                                },
++                                "will_retain": {
++                                    "type": "boolean"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "properties": {
++                            "type": "object",
++                            "additionalProperties": true
++                        },
++                        "will": {
++                            "type": "object",
++                            "properties": {
++                                "message": {
++                                    "type": "string"
++                                },
++                                "topic": {
++                                    "type": "string"
++                                },
++                                "properties": {
++                                    "type": "object",
++                                    "additionalProperties": true
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "disconnect": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "reason_code": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "properties": {
++                            "type": "object",
++                            "additionalProperties": true
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "pingreq": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "pingresp": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "puback": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "reason_code": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "pubcomp": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "reason_code": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "publish": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message": {
++                            "type": "string"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "skipped_length": {
++                            "type": "integer"
++                        },
++                        "topic": {
++                            "type": "string"
++                        },
++                        "truncated": {
++                            "type": "boolean"
++                        },
++                        "properties": {
++                            "type": "object",
++                            "additionalProperties": true
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "pubrec": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "reason_code": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "pubrel": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "reason_code": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "suback": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "qos_granted": {
++                            "type": "array",
++                            "items": {
++                                "type": "integer"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "subscribe": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "topics": {
++                            "type": "array",
++                            "items": {
++                                "type": "object",
++                                "properties": {
++                                    "qos": {
++                                        "type": "integer"
++                                    },
++                                    "topic": {
++                                        "type": "string"
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "unsuback": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "reason_codes": {
++                            "type": "array",
++                            "items": {
++                                "type": "integer"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "unsubscribe": {
++                    "type": "object",
++                    "properties": {
++                        "dup": {
++                            "type": "boolean"
++                        },
++                        "message_id": {
++                            "type": "integer"
++                        },
++                        "qos": {
++                            "type": "integer"
++                        },
++                        "retain": {
++                            "type": "boolean"
++                        },
++                        "topics": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "netflow": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "age": {
++                    "type": "integer"
++                },
++                "bytes": {
++                    "type": "integer"
++                },
++                "end": {
++                    "type": "string"
++                },
++                "max_ttl": {
++                    "type": "integer"
++                },
++                "min_ttl": {
++                    "type": "integer"
++                },
++                "pkts": {
++                    "type": "integer"
++                },
++                "start": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "nfs": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "file_tx": {
++                    "type": "boolean"
++                },
++                "filename": {
++                    "type": "string"
++                },
++                "hhash": {
++                    "type": "string"
++                },
++                "id": {
++                    "type": "integer"
++                },
++                "procedure": {
++                    "type": "string"
++                },
++                "status": {
++                    "type": "string"
++                },
++                "type": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "integer"
++                },
++                "read": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "chunks": {
++                            "type": "integer"
++                        },
++                        "first": {
++                            "type": "boolean"
++                        },
++                        "last": {
++                            "type": "boolean"
++                        },
++                        "last_xid": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "rename": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "from": {
++                            "type": "string"
++                        },
++                        "to": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "write": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "chunks": {
++                            "type": "integer"
++                        },
++                        "first": {
++                            "type": "boolean"
++                        },
++                        "last": {
++                            "type": "boolean"
++                        },
++                        "last_xid": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "packet_info": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "linktype": {
++                    "type": "integer"
++                }
++            },
++            "additionalProperties": false
++        },
++        "pgsql": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "request": {
++                    "type": "object",
++                    "properties": {
++                        "message": {
++                            "type": "string"
++                        },
++                        "password": {
++                            "type": "string"
++                        },
++                        "password_message": {
++                            "type": "string"
++                        },
++                        "protocol_version": {
++                            "type": "string"
++                        },
++                        "sasl_authentication_mechanism": {
++                            "type": "string"
++                        },
++                        "sasl_param": {
++                            "type": "string"
++                        },
++                        "sasl_response": {
++                            "type": "string"
++                        },
++                        "simple_query": {
++                            "type": "string"
++                        },
++                        "startup_parameters": {
++                            "type": "object",
++                            "properties": {
++                                "database": {
++                                    "type": "string"
++                                },
++                                "optional_parameters": {
++                                    "type": "array",
++                                    "items": {
++                                        "type": "object",
++                                        "properties": {
++                                            "application_name": {
++                                                "type": "string"
++                                            },
++                                            "client_encoding": {
++                                                "type": "string"
++                                            },
++                                            "replication": {
++                                                "type": "string"
++                                            }
++                                        },
++                                        "additionalProperties": false
++                                    }
++                                },
++                                "user": {
++                                    "type": "string"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "response": {
++                    "type": "object",
++                    "properties": {
++                        "authentication_md5_password": {
++                            "type": "string"
++                        },
++                        "authentication_sasl_final": {
++                            "type": "string"
++                        },
++                        "code": {
++                            "type": "string"
++                        },
++                        "command_completed": {
++                            "type": "string"
++                        },
++                        "data_rows": {
++                            "type": "integer"
++                        },
++                        "data_size": {
++                            "type": "integer"
++                        },
++                        "field_count": {
++                            "type": "integer"
++                        },
++                        "file": {
++                            "type": "string"
++                        },
++                        "line": {
++                            "type": "string"
++                        },
++                        "message": {
++                            "type": "string"
++                        },
++                        "parameter_status": {
++                            "type": "array",
++                            "items": {
++                                "type": "object",
++                                "properties": {
++                                    "application_name": {
++                                        "type": "string"
++                                    },
++                                    "client_encoding": {
++                                        "type": "string"
++                                    },
++                                    "date_style": {
++                                        "type": "string"
++                                    },
++                                    "integer_datetimes": {
++                                        "type": "string"
++                                    },
++                                    "interval_style": {
++                                        "type": "string"
++                                    },
++                                    "is_superuser": {
++                                        "type": "string"
++                                    },
++                                    "server_encoding": {
++                                        "type": "string"
++                                    },
++                                    "server_version": {
++                                        "type": "string"
++                                    },
++                                    "session_authorization": {
++                                        "type": "string"
++                                    },
++                                    "standard_conforming_strings": {
++                                        "type": "string"
++                                    },
++                                    "time_zone": {
++                                        "type": "string"
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        },
++                        "process_id": {
++                            "type": "integer"
++                        },
++                        "routine": {
++                            "type": "string"
++                        },
++                        "secret_key": {
++                            "type": "integer"
++                        },
++                        "severity_localizable": {
++                            "type": "string"
++                        },
++                        "severity_non_localizable": {
++                            "type": "string"
++                        },
++                        "ssl_accepted": {
++                            "type": "boolean"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "tx_id": {
++                    "type": "integer"
++                }
++            },
++            "additionalProperties": false
++        },
++        "quic": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "cyu": {
++                    "type": "array",
++                    "items": {
++                        "type": "object",
++                        "properties": {
++                            "hash": {
++                                "type": "string"
++                            },
++                            "string": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "sni": {
++                    "type": "string"
++                },
++                "ua": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "rdp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "cookie": {
++                    "type": "string"
++                },
++                "event_type": {
++                    "type": "string"
++                },
++                "tx_id": {
++                    "type": "integer"
++                },
++                "channels": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "client": {
++                    "type": "object",
++                    "properties": {
++                        "build": {
++                            "type": "string"
++                        },
++                        "client_name": {
++                            "type": "string"
++                        },
++                        "color_depth": {
++                            "type": "integer"
++                        },
++                        "desktop_height": {
++                            "type": "integer"
++                        },
++                        "desktop_width": {
++                            "type": "integer"
++                        },
++                        "function_keys": {
++                            "type": "integer"
++                        },
++                        "id": {
++                            "type": "string"
++                        },
++                        "keyboard_layout": {
++                            "type": "string"
++                        },
++                        "keyboard_type": {
++                            "type": "string"
++                        },
++                        "product_id": {
++                            "type": "integer"
++                        },
++                        "version": {
++                            "type": "string"
++                        },
++                        "capabilities": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "rfb": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "screen_shared": {
++                    "type": "boolean"
++                },
++                "authentication": {
++                    "type": "object",
++                    "properties": {
++                        "security_result": {
++                            "type": "string"
++                        },
++                        "security_type": {
++                            "type": "integer"
++                        },
++                        "vnc": {
++                            "type": "object",
++                            "properties": {
++                                "challenge": {
++                                    "type": "string"
++                                },
++                                "response": {
++                                    "type": "string"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "client_protocol_version": {
++                    "type": "object",
++                    "properties": {
++                        "major": {
++                            "type": "string"
++                        },
++                        "minor": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "framebuffer": {
++                    "type": "object",
++                    "properties": {
++                        "height": {
++                            "type": "integer"
++                        },
++                        "name": {
++                            "type": "string"
++                        },
++                        "width": {
++                            "type": "integer"
++                        },
++                        "pixel_format": {
++                            "type": "object",
++                            "properties": {
++                                "big_endian": {
++                                    "type": "boolean"
++                                },
++                                "bits_per_pixel": {
++                                    "type": "integer"
++                                },
++                                "blue_max": {
++                                    "type": "integer"
++                                },
++                                "blue_shift": {
++                                    "type": "integer"
++                                },
++                                "depth": {
++                                    "type": "integer"
++                                },
++                                "green_max": {
++                                    "type": "integer"
++                                },
++                                "green_shift": {
++                                    "type": "integer"
++                                },
++                                "red_max": {
++                                    "type": "integer"
++                                },
++                                "red_shift": {
++                                    "type": "integer"
++                                },
++                                "true_color": {
++                                    "type": "boolean"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "server_protocol_version": {
++                    "type": "object",
++                    "properties": {
++                        "major": {
++                            "type": "string"
++                        },
++                        "minor": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "rpc": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "auth_type": {
++                    "type": "string"
++                },
++                "status": {
++                    "type": "string"
++                },
++                "xid": {
++                    "type": "integer"
++                },
++                "creds": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "gid": {
++                            "type": "integer"
++                        },
++                        "machine_name": {
++                            "type": "string"
++                        },
++                        "uid": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "sip": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "code": {
++                    "type": "string"
++                },
++                "method": {
++                    "type": "string"
++                },
++                "reason": {
++                    "type": "string"
++                },
++                "request_line": {
++                    "type": "string"
++                },
++                "response_line": {
++                    "type": "string"
++                },
++                "uri": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "smb": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "access": {
++                    "type": "string"
++                },
++                "accessed": {
++                    "type": "integer"
++                },
++                "changed": {
++                    "type": "integer"
++                },
++                "client_guid": {
++                    "type": "string"
++                },
++                "command": {
++                    "type": "string"
++                },
++                "created": {
++                    "type": "integer"
++                },
++                "dialect": {
++                    "type": "string"
++                },
++                "directory": {
++                    "type": "string"
++                },
++                "disposition": {
++                    "type": "string"
++                },
++                "filename": {
++                    "type": "string"
++                },
++                "fuid": {
++                    "type": "string"
++                },
++                "function": {
++                    "type": "string"
++                },
++                "id": {
++                    "type": "integer"
++                },
++                "max_read_size": {
++                    "type": "integer"
++                },
++                "max_write_size": {
++                    "type": "integer"
++                },
++                "modified": {
++                    "type": "integer"
++                },
++                "named_pipe": {
++                    "type": "string"
++                },
++                "request_done": {
++                    "type": "boolean"
++                },
++                "response_done": {
++                    "type": "boolean"
++                },
++                "server_guid": {
++                    "type": "string"
++                },
++                "session_id": {
++                    "type": "integer"
++                },
++                "share": {
++                    "type": "string"
++                },
++                "share_type": {
++                    "type": "string"
++                },
++                "size": {
++                    "type": "integer"
++                },
++                "status": {
++                    "type": "string"
++                },
++                "status_code": {
++                    "type": "string"
++                },
++                "tree_id": {
++                    "type": "integer"
++                },
++                "client_dialects": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "dcerpc": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "call_id": {
++                            "type": "integer"
++                        },
++                        "opnum": {
++                            "type": "integer"
++                        },
++                        "request": {
++                            "type": "string"
++                        },
++                        "response": {
++                            "type": "string"
++                        },
++                        "interfaces": {
++                            "type": "array",
++                            "items": {
++                                "type": "object",
++                                "optional": true,
++                                "properties": {
++                                    "ack_reason": {
++                                        "type": "integer"
++                                    },
++                                    "ack_result": {
++                                        "type": "integer"
++                                    },
++                                    "uuid": {
++                                        "type": "string"
++                                    },
++                                    "version": {
++                                        "type": "string"
++                                    }
++                                },
++                                "additionalProperties": false
++                            }
++                        },
++                        "req": {
++                            "type": "object",
++                            "optional": true,
++                            "properties": {
++                                "frag_cnt": {
++                                    "type": "integer"
++                                },
++                                "stub_data_size": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "res": {
++                            "type": "object",
++                            "optional": true,
++                            "properties": {
++                                "frag_cnt": {
++                                    "type": "integer"
++                                },
++                                "stub_data_size": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "kerberos": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "realm": {
++                            "type": "string"
++                        },
++                        "snames": {
++                            "type": "array",
++                            "items": {
++                                "type": "string"
++                            }
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "ntlmssp": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "domain": {
++                            "type": "string"
++                        },
++                        "host": {
++                            "type": "string"
++                        },
++                        "user": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "request": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "native_lm": {
++                            "type": "string"
++                        },
++                        "native_os": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "response": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "native_lm": {
++                            "type": "string"
++                        },
++                        "native_os": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "service": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "request": {
++                            "type": "string"
++                        },
++                        "response": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "smtp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "helo": {
++                    "type": "string"
++                },
++                "mail_from": {
++                    "type": "string"
++                },
++                "rcpt_to": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "snmp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "community": {
++                    "type": "string"
++                },
++                "pdu_type": {
++                    "type": "string"
++                },
++                "usm": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "integer"
++                },
++                "vars": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "ssh": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "client": {
++                    "type": "object",
++                    "properties": {
++                        "proto_version": {
++                            "type": "string"
++                        },
++                        "software_version": {
++                            "type": "string"
++                        },
++                        "hassh": {
++                            "type": "object",
++                            "properties": {
++                                "hash": {
++                                    "type": "string"
++                                },
++                                "string": {
++                                    "type": "string"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "server": {
++                    "type": "object",
++                    "properties": {
++                        "proto_version": {
++                            "type": "string"
++                        },
++                        "software_version": {
++                            "type": "string"
++                        },
++                        "hassh": {
++                            "type": "object",
++                            "properties": {
++                                "hash": {
++                                    "type": "string"
++                                },
++                                "string": {
++                                    "type": "string"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "stats": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "uptime": {
++                    "type": "integer"
++                },
++                "app_layer": {
++                    "type": "object",
++                    "properties": {
++                        "expectations": {
++                            "type": "integer"
++                        },
++                        "error": {
++                            "type": "object",
++                            "properties": {
++                                "dcerpc_tcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "dcerpc_udp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "dhcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "dnp3": { "$ref": "#/$defs/stats_applayer_error" },
++                                "dns_tcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "dns_udp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "enip_tcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "enip_udp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "failed_tcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "ftp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "ftp-data": { "$ref": "#/$defs/stats_applayer_error" },
++                                "http": { "$ref": "#/$defs/stats_applayer_error" },
++                                "http2": { "$ref": "#/$defs/stats_applayer_error" },
++                                "ike": { "$ref": "#/$defs/stats_applayer_error" },
++                                "imap": { "$ref": "#/$defs/stats_applayer_error" },
++                                "krb5_tcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "krb5_udp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "mqtt": { "$ref": "#/$defs/stats_applayer_error" },
++                                "nfs_tcp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "nfs_udp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "ntp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "pgsql": { "$ref": "#/$defs/stats_applayer_error" },
++                                "quic": { "$ref": "#/$defs/stats_applayer_error" },
++                                "rdp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "rfb": { "$ref": "#/$defs/stats_applayer_error" },
++                                "sip": { "$ref": "#/$defs/stats_applayer_error" },
++                                "smb": { "$ref": "#/$defs/stats_applayer_error" },
++                                "smtp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "snmp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "ssh": { "$ref": "#/$defs/stats_applayer_error" },
++                                "telnet": { "$ref": "#/$defs/stats_applayer_error" },
++                                "tftp": { "$ref": "#/$defs/stats_applayer_error" },
++                                "tls": { "$ref": "#/$defs/stats_applayer_error" }
++                            },
++                            "additionalProperties": false
++                        },
++                        "flow": {
++                            "type": "object",
++                            "properties": {
++                                "dcerpc_tcp": {
++                                    "type": "integer"
++                                },
++                                "dcerpc_udp": {
++                                    "type": "integer"
++                                },
++                                "dhcp": {
++                                    "type": "integer"
++                                },
++                                "dnp3": {
++                                    "type": "integer"
++                                },
++                                "dns_tcp": {
++                                    "type": "integer"
++                                },
++                                "dns_udp": {
++                                    "type": "integer"
++                                },
++                                "enip_tcp": {
++                                    "type": "integer"
++                                },
++                                "enip_udp": {
++                                    "type": "integer"
++                                },
++                                "failed_tcp": {
++                                    "type": "integer"
++                                },
++                                "failed_udp": {
++                                    "type": "integer"
++                                },
++                                "ftp": {
++                                    "type": "integer"
++                                },
++                                "ftp-data": {
++                                    "type": "integer"
++                                },
++                                "http": {
++                                    "type": "integer"
++                                },
++                                "http2": {
++                                    "type": "integer"
++                                },
++                                "ike": {
++                                    "type": "integer"
++                                },
++                                "ikev2": {
++                                    "type": "integer"
++                                },
++                                "imap": {
++                                    "type": "integer"
++                                },
++                                "krb5_tcp": {
++                                    "type": "integer"
++                                },
++                                "krb5_udp": {
++                                    "type": "integer"
++                                },
++                                "modbus": {
++                                    "type": "integer"
++                                },
++                                "mqtt": {
++                                    "type": "integer"
++                                },
++                                "nfs_tcp": {
++                                    "type": "integer"
++                                },
++                                "nfs_udp": {
++                                    "type": "integer"
++                                },
++                                "ntp": {
++                                    "type": "integer"
++                                },
++                                "pgsql": {
++                                    "type": "integer"
++                                },
++                                "quic": {
++                                    "type": "integer"
++                                },
++                                "rdp": {
++                                    "type": "integer"
++                                },
++                                "rfb": {
++                                    "type": "integer"
++                                },
++                                "sip": {
++                                    "type": "integer"
++                                },
++                                "smb": {
++                                    "type": "integer"
++                                },
++                                "smtp": {
++                                    "type": "integer"
++                                },
++                                "snmp": {
++                                    "type": "integer"
++                                },
++                                "ssh": {
++                                    "type": "integer"
++                                },
++                                "telnet": {
++                                    "type": "integer"
++                                },
++                                "tftp": {
++                                    "type": "integer"
++                                },
++                                "tls": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "tx": {
++                            "type": "object",
++                            "properties": {
++                                "dcerpc_tcp": {
++                                    "type": "integer"
++                                },
++                                "dcerpc_udp": {
++                                    "type": "integer"
++                                },
++                                "dhcp": {
++                                    "type": "integer"
++                                },
++                                "dnp3": {
++                                    "type": "integer"
++                                },
++                                "dns_tcp": {
++                                    "type": "integer"
++                                },
++                                "dns_udp": {
++                                    "type": "integer"
++                                },
++                                "enip_tcp": {
++                                    "type": "integer"
++                                },
++                                "enip_udp": {
++                                    "type": "integer"
++                                },
++                                "ftp": {
++                                    "type": "integer"
++                                },
++                                "ftp-data": {
++                                    "type": "integer"
++                                },
++                                "http": {
++                                    "type": "integer"
++                                },
++                                "http2": {
++                                    "type": "integer"
++                                },
++                                "ike": {
++                                    "type": "integer"
++                                },
++                                "ikev2": {
++                                    "type": "integer"
++                                },
++                                "imap": {
++                                    "type": "integer"
++                                },
++                                "krb5_tcp": {
++                                    "type": "integer"
++                                },
++                                "krb5_udp": {
++                                    "type": "integer"
++                                },
++                                "modbus": {
++                                    "type": "integer"
++                                },
++                                "mqtt": {
++                                    "type": "integer"
++                                },
++                                "nfs_tcp": {
++                                    "type": "integer"
++                                },
++                                "nfs_udp": {
++                                    "type": "integer"
++                                },
++                                "ntp": {
++                                    "type": "integer"
++                                },
++                                "pgsql": {
++                                    "type": "integer"
++                                },
++                                "quic": {
++                                    "type": "integer"
++                                },
++                                "rdp": {
++                                    "type": "integer"
++                                },
++                                "rfb": {
++                                    "type": "integer"
++                                },
++                                "sip": {
++                                    "type": "integer"
++                                },
++                                "smb": {
++                                    "type": "integer"
++                                },
++                                "smtp": {
++                                    "type": "integer"
++                                },
++                                "snmp": {
++                                    "type": "integer"
++                                },
++                                "ssh": {
++                                    "type": "integer"
++                                },
++                                "telnet": {
++                                    "type": "integer"
++                                },
++                                "tftp": {
++                                    "type": "integer"
++                                },
++                                "tls": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "decoder": {
++                    "type": "object",
++                    "properties": {
++                        "avg_pkt_size": {
++                            "type": "integer"
++                        },
++                        "bytes": {
++                            "type": "integer"
++                        },
++                        "chdlc": {
++                            "type": "integer"
++                        },
++                        "erspan": {
++                            "type": "integer"
++                        },
++                        "esp": {
++                            "type": "integer"
++                        },
++                        "ethernet": {
++                            "type": "integer"
++                        },
++                        "geneve": {
++                            "type": "integer"
++                        },
++                        "gre": {
++                            "type": "integer"
++                        },
++                        "icmpv4": {
++                            "type": "integer"
++                        },
++                        "icmpv6": {
++                            "type": "integer"
++                        },
++                        "ieee8021ah": {
++                            "type": "integer"
++                        },
++                        "invalid": {
++                            "type": "integer"
++                        },
++                        "ipv4": {
++                            "type": "integer"
++                        },
++                        "ipv4_in_ipv6": {
++                            "type": "integer"
++                        },
++                        "ipv6": {
++                            "type": "integer"
++                        },
++                        "ipv6_in_ipv6": {
++                            "type": "integer"
++                        },
++                        "max_mac_addrs_dst": {
++                            "type": "integer"
++                        },
++                        "max_mac_addrs_src": {
++                            "type": "integer"
++                        },
++                        "max_pkt_size": {
++                            "type": "integer"
++                        },
++                        "mpls": {
++                            "type": "integer"
++                        },
++                        "nsh": {
++                            "type": "integer"
++                        },
++                        "null": {
++                            "type": "integer"
++                        },
++                        "pkts": {
++                            "type": "integer"
++                        },
++                        "ppp": {
++                            "type": "integer"
++                        },
++                        "pppoe": {
++                            "type": "integer"
++                        },
++                        "raw": {
++                            "type": "integer"
++                        },
++                        "sctp": {
++                            "type": "integer"
++                        },
++                        "sll": {
++                            "type": "integer"
++                        },
++                        "tcp": {
++                            "type": "integer"
++                        },
++                        "teredo": {
++                            "type": "integer"
++                        },
++                        "too_many_layers": {
++                            "type": "integer"
++                        },
++                        "udp": {
++                            "type": "integer"
++                        },
++                        "vlan": {
++                            "type": "integer"
++                        },
++                        "vlan_qinq": {
++                            "type": "integer"
++                        },
++                        "vntag": {
++                            "type": "integer"
++                        },
++                        "vxlan": {
++                            "type": "integer"
++                        },
++                        "event": {
++                            "type": "object",
++                            "properties": {
++                                "chdlc": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "dce": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "erspan": {
++                                    "type": "object",
++                                    "properties": {
++                                        "header_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "too_many_vlan_layers": {
++                                            "type": "integer"
++                                        },
++                                        "unsupported_version": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "esp": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ethernet": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "geneve": {
++                                    "type": "object",
++                                    "properties": {
++                                        "unknown_payload_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "gre": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "version0_flags": {
++                                            "type": "integer"
++                                        },
++                                        "version0_hdr_too_big": {
++                                            "type": "integer"
++                                        },
++                                        "version0_malformed_sre_hdr": {
++                                            "type": "integer"
++                                        },
++                                        "version0_recur": {
++                                            "type": "integer"
++                                        },
++                                        "version1_chksum": {
++                                            "type": "integer"
++                                        },
++                                        "version1_flags": {
++                                            "type": "integer"
++                                        },
++                                        "version1_hdr_too_big": {
++                                            "type": "integer"
++                                        },
++                                        "version1_malformed_sre_hdr": {
++                                            "type": "integer"
++                                        },
++                                        "version1_no_key": {
++                                            "type": "integer"
++                                        },
++                                        "version1_recur": {
++                                            "type": "integer"
++                                        },
++                                        "version1_route": {
++                                            "type": "integer"
++                                        },
++                                        "version1_ssr": {
++                                            "type": "integer"
++                                        },
++                                        "version1_wrong_protocol": {
++                                            "type": "integer"
++                                        },
++                                        "wrong_version": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "icmpv4": {
++                                    "type": "object",
++                                    "properties": {
++                                        "ipv4_trunc_pkt": {
++                                            "type": "integer"
++                                        },
++                                        "ipv4_unknown_ver": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_code": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "icmpv6": {
++                                    "type": "object",
++                                    "properties": {
++                                        "experimentation_type": {
++                                            "type": "integer"
++                                        },
++                                        "ipv6_trunc_pkt": {
++                                            "type": "integer"
++                                        },
++                                        "ipv6_unknown_version": {
++                                            "type": "integer"
++                                        },
++                                        "mld_message_with_invalid_hl": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "unassigned_type": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_code": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ieee8021ah": {
++                                    "type": "object",
++                                    "properties": {
++                                        "header_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ipraw": {
++                                    "type": "object",
++                                    "properties": {
++                                        "invalid_ip_version": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ipv4": {
++                                    "type": "object",
++                                    "properties": {
++                                        "frag_ignored": {
++                                            "type": "integer"
++                                        },
++                                        "frag_overlap": {
++                                            "type": "integer"
++                                        },
++                                        "frag_pkt_too_large": {
++                                            "type": "integer"
++                                        },
++                                        "hlen_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "icmpv6": {
++                                            "type": "integer"
++                                        },
++                                        "iplen_smaller_than_hlen": {
++                                            "type": "integer"
++                                        },
++                                        "opt_duplicate": {
++                                            "type": "integer"
++                                        },
++                                        "opt_eol_required": {
++                                            "type": "integer"
++                                        },
++                                        "opt_invalid": {
++                                            "type": "integer"
++                                        },
++                                        "opt_invalid_len": {
++                                            "type": "integer"
++                                        },
++                                        "opt_malformed": {
++                                            "type": "integer"
++                                        },
++                                        "opt_pad_required": {
++                                            "type": "integer"
++                                        },
++                                        "opt_unknown": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "trunc_pkt": {
++                                            "type": "integer"
++                                        },
++                                        "wrong_ip_version": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ipv6": {
++                                    "type": "object",
++                                    "properties": {
++                                        "data_after_none_header": {
++                                            "type": "integer"
++                                        },
++                                        "dstopts_only_padding": {
++                                            "type": "integer"
++                                        },
++                                        "dstopts_unknown_opt": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_ah_res_not_null": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_dupl_ah": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_dupl_dh": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_dupl_eh": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_dupl_fh": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_dupl_hh": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_dupl_rh": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_invalid_optlen": {
++                                            "type": "integer"
++                                        },
++                                        "exthdr_useless_fh": {
++                                            "type": "integer"
++                                        },
++                                        "fh_non_zero_reserved_field": {
++                                            "type": "integer"
++                                        },
++                                        "frag_ignored": {
++                                            "type": "integer"
++                                        },
++                                        "frag_invalid_length": {
++                                            "type": "integer"
++                                        },
++                                        "frag_overlap": {
++                                            "type": "integer"
++                                        },
++                                        "frag_pkt_too_large": {
++                                            "type": "integer"
++                                        },
++                                        "hopopts_only_padding": {
++                                            "type": "integer"
++                                        },
++                                        "hopopts_unknown_opt": {
++                                            "type": "integer"
++                                        },
++                                        "icmpv4": {
++                                            "type": "integer"
++                                        },
++                                        "ipv4_in_ipv6_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "ipv4_in_ipv6_wrong_version": {
++                                            "type": "integer"
++                                        },
++                                        "ipv6_in_ipv6_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "ipv6_in_ipv6_wrong_version": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "rh_type_0": {
++                                            "type": "integer"
++                                        },
++                                        "trunc_exthdr": {
++                                            "type": "integer"
++                                        },
++                                        "trunc_pkt": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_next_header": {
++                                            "type": "integer"
++                                        },
++                                        "wrong_ip_version": {
++                                            "type": "integer"
++                                        },
++                                        "zero_len_padn": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ltnull": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "unsupported_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "mpls": {
++                                    "type": "object",
++                                    "properties": {
++                                        "bad_label_implicit_null": {
++                                            "type": "integer"
++                                        },
++                                        "bad_label_reserved": {
++                                            "type": "integer"
++                                        },
++                                        "bad_label_router_alert": {
++                                            "type": "integer"
++                                        },
++                                        "header_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_payload_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "nsh": {
++                                    "type": "object",
++                                    "properties": {
++                                        "bad_header_length": {
++                                            "type": "integer"
++                                        },
++                                        "header_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "reserved_type": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_payload": {
++                                            "type": "integer"
++                                        },
++                                        "unsupported_type": {
++                                            "type": "integer"
++                                        },
++                                        "unsupported_version": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "ppp": {
++                                    "type": "object",
++                                    "properties": {
++                                        "ip4_pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "ip6_pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "unsup_proto": {
++                                            "type": "integer"
++                                        },
++                                        "vju_pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "wrong_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "pppoe": {
++                                    "type": "object",
++                                    "properties": {
++                                        "malformed_tags": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "wrong_code": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "sctp": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "sll": {
++                                    "type": "object",
++                                    "properties": {
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "tcp": {
++                                    "type": "object",
++                                    "properties": {
++                                        "hlen_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "invalid_optlen": {
++                                            "type": "integer"
++                                        },
++                                        "opt_duplicate": {
++                                            "type": "integer"
++                                        },
++                                        "opt_invalid_len": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "udp": {
++                                    "type": "object",
++                                    "properties": {
++                                        "hlen_invalid": {
++                                            "type": "integer"
++                                        },
++                                        "hlen_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "pkt_too_small": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "vlan": {
++                                    "type": "object",
++                                    "properties": {
++                                        "header_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "too_many_layers": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "vntag": {
++                                    "type": "object",
++                                    "properties": {
++                                        "header_too_small": {
++                                            "type": "integer"
++                                        },
++                                        "unknown_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                },
++                                "vxlan": {
++                                    "type": "object",
++                                    "properties": {
++                                        "unknown_payload_type": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "defrag": {
++                    "type": "object",
++                    "properties": {
++                        "max_frag_hits": {
++                            "type": "integer"
++                        },
++                        "ipv4": {
++                            "type": "object",
++                            "properties": {
++                                "fragments": {
++                                    "type": "integer"
++                                },
++                                "reassembled": {
++                                    "type": "integer"
++                                },
++                                "timeouts": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "ipv6": {
++                            "type": "object",
++                            "properties": {
++                                "fragments": {
++                                    "type": "integer"
++                                },
++                                "reassembled": {
++                                    "type": "integer"
++                                },
++                                "timeouts": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "detect": {
++                    "type": "object",
++                    "properties": {
++                        "alert": {
++                            "type": "integer"
++                        },
++                        "alert_queue_overflow": {
++                            "type": "integer"
++                        },
++                        "alerts_suppressed": {
++                            "type": "integer"
++                        },
++                        "engines": {
++                            "type": "array",
++                            "items": [
++                                {
++                                    "type": "object",
++                                    "properties": {
++                                        "id": {
++                                            "type": "integer"
++                                        },
++                                        "last_reload": {
++                                            "type": "string"
++                                        },
++                                        "rules_loaded": {
++                                            "type": "integer"
++                                        },
++                                        "rules_failed": {
++                                            "type": "integer"
++                                        }
++                                    },
++                                    "additionalProperties": false
++                                }
++                            ]
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "file_store": {
++                    "type": "object",
++                    "properties": {
++                        "fs_errors": {
++                            "type": "integer"
++                        },
++                        "open_files": {
++                            "type": "integer"
++                        },
++                        "open_files_max_hit": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "flow": {
++                    "type": "object",
++                    "properties": {
++                        "emerg_mode_entered": {
++                            "type": "integer"
++                        },
++                        "emerg_mode_over": {
++                            "type": "integer"
++                        },
++                        "get_used": {
++                            "type": "integer"
++                        },
++                        "get_used_eval": {
++                            "type": "integer"
++                        },
++                        "get_used_eval_busy": {
++                            "type": "integer"
++                        },
++                        "get_used_eval_reject": {
++                            "type": "integer"
++                        },
++                        "get_used_failed": {
++                            "type": "integer"
++                        },
++                        "icmpv4": {
++                            "type": "integer"
++                        },
++                        "icmpv6": {
++                            "type": "integer"
++                        },
++                        "memcap": {
++                            "type": "integer"
++                        },
++                        "memuse": {
++                            "type": "integer"
++                        },
++                        "spare": {
++                            "type": "integer"
++                        },
++                        "tcp": {
++                            "type": "integer"
++                        },
++                        "tcp_reuse": {
++                            "type": "integer"
++                        },
++                        "udp": {
++                            "type": "integer"
++                        },
++                        "mgr": {
++                            "type": "object",
++                            "properties": {
++                                "bypassed_pruned": {
++                                    "type": "integer"
++                                },
++                                "closed_pruned": {
++                                    "type": "integer"
++                                },
++                                "est_pruned": {
++                                    "type": "integer"
++                                },
++                                "flows_checked": {
++                                    "type": "integer"
++                                },
++                                "flows_evicted": {
++                                    "type": "integer"
++                                },
++                                "flows_evicted_needs_work": {
++                                    "type": "integer"
++                                },
++                                "flows_notimeout": {
++                                    "type": "integer"
++                                },
++                                "flows_timeout": {
++                                    "type": "integer"
++                                },
++                                "flows_timeout_inuse": {
++                                    "type": "integer"
++                                },
++                                "full_hash_pass": {
++                                    "type": "integer"
++                                },
++                                "new_pruned": {
++                                    "type": "integer"
++                                },
++                                "rows_maxlen": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        },
++                        "wrk": {
++                            "type": "object",
++                            "properties": {
++                                "flows_evicted": {
++                                    "type": "integer"
++                                },
++                                "flows_evicted_needs_work": {
++                                    "type": "integer"
++                                },
++                                "flows_evicted_pkt_inject": {
++                                    "type": "integer"
++                                },
++                                "flows_injected": {
++                                    "type": "integer"
++                                },
++                                "spare_sync": {
++                                    "type": "integer"
++                                },
++                                "spare_sync_avg": {
++                                    "type": "integer"
++                                },
++                                "spare_sync_empty": {
++                                    "type": "integer"
++                                },
++                                "spare_sync_incomplete": {
++                                    "type": "integer"
++                                }
++                            },
++                            "additionalProperties": false
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "flow_bypassed": {
++                    "type": "object",
++                    "properties": {
++                        "bytes": {
++                            "type": "integer"
++                        },
++                        "closed": {
++                            "type": "integer"
++                        },
++                        "local_bytes": {
++                            "type": "integer"
++                        },
++                        "local_capture_bytes": {
++                            "type": "integer"
++                        },
++                        "local_capture_pkts": {
++                            "type": "integer"
++                        },
++                        "local_pkts": {
++                            "type": "integer"
++                        },
++                        "pkts": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "flow_mgr": {
++                    "type": "object",
++                    "properties": {
++                        "bypassed_pruned": {
++                            "type": "integer"
++                        },
++                        "closed_pruned": {
++                            "type": "integer"
++                        },
++                        "est_pruned": {
++                            "type": "integer"
++                        },
++                        "flows_checked": {
++                            "type": "integer"
++                        },
++                        "flows_notimeout": {
++                            "type": "integer"
++                        },
++                        "flows_removed": {
++                            "type": "integer"
++                        },
++                        "flows_timeout": {
++                            "type": "integer"
++                        },
++                        "flows_timeout_inuse": {
++                            "type": "integer"
++                        },
++                        "new_pruned": {
++                            "type": "integer"
++                        },
++                        "rows_busy": {
++                            "type": "integer"
++                        },
++                        "rows_checked": {
++                            "type": "integer"
++                        },
++                        "rows_empty": {
++                            "type": "integer"
++                        },
++                        "rows_maxlen": {
++                            "type": "integer"
++                        },
++                        "rows_skipped": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "ftp": {
++                    "type": "object",
++                    "properties": {
++                        "memcap": {
++                            "type": "integer"
++                        },
++                        "memuse": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "http": {
++                    "type": "object",
++                    "properties": {
++                        "memcap": {
++                            "type": "integer"
++                        },
++                        "memuse": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "tcp": {
++                    "type": "object",
++                    "properties": {
++                        "insert_data_normal_fail": {
++                            "type": "integer"
++                        },
++                        "insert_data_overlap_fail": {
++                            "type": "integer"
++                        },
++                        "insert_list_fail": {
++                            "type": "integer"
++                        },
++                        "invalid_checksum": {
++                            "type": "integer"
++                        },
++                        "memuse": {
++                            "type": "integer"
++                        },
++                        "midstream_pickups": {
++                            "type": "integer"
++                        },
++                        "no_flow": {
++                            "type": "integer"
++                        },
++                        "overlap": {
++                            "type": "integer"
++                        },
++                        "overlap_diff_data": {
++                            "type": "integer"
++                        },
++                        "pkt_on_wrong_thread": {
++                            "type": "integer"
++                        },
++                        "pseudo": {
++                            "type": "integer"
++                        },
++                        "pseudo_failed": {
++                            "type": "integer"
++                        },
++                        "reassembly_gap": {
++                            "type": "integer"
++                        },
++                        "reassembly_memuse": {
++                            "type": "integer"
++                        },
++                        "rst": {
++                            "type": "integer"
++                        },
++                        "segment_memcap_drop": {
++                            "type": "integer"
++                        },
++                        "sessions": {
++                            "type": "integer"
++                        },
++                        "ssn_memcap_drop": {
++                            "type": "integer"
++                        },
++                        "stream_depth_reached": {
++                            "type": "integer"
++                        },
++                        "syn": {
++                            "type": "integer"
++                        },
++                        "synack": {
++                            "type": "integer"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "tcp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "ack": {
++                    "type": "boolean"
++                },
++                "cwr": {
++                    "type": "boolean"
++                },
++                "ecn": {
++                    "type": "boolean"
++                },
++                "fin": {
++                    "type": "boolean"
++                },
++                "psh": {
++                    "type": "boolean"
++                },
++                "rst": {
++                    "type": "boolean"
++                },
++                "state": {
++                    "type": "string"
++                },
++                "syn": {
++                    "type": "boolean"
++                },
++                "tcp_flags": {
++                    "type": "string"
++                },
++                "tcp_flags_tc": {
++                    "type": "string"
++                },
++                "tcp_flags_ts": {
++                    "type": "string"
++                },
++                "urg": {
++                    "type": "boolean"
++                }
++            },
++            "additionalProperties": false
++        },
++        "template": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "request": {
++                    "type": "string"
++                },
++                "response": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "tftp": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "file": {
++                    "type": "string"
++                },
++                "mode": {
++                    "type": "string"
++                },
++                "packet": {
++                    "type": "string"
++                }
++            },
++            "additionalProperties": false
++        },
++        "tls": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "fingerprint": {
++                    "type": "string"
++                },
++                "from_proto": {
++                    "type": "string"
++                },
++                "issuerdn": {
++                    "type": "string"
++                },
++                "notafter": {
++                    "type": "string"
++                },
++                "notbefore": {
++                    "type": "string"
++                },
++                "serial": {
++                    "type": "string"
++                },
++                "session_resumed": {
++                    "type": "boolean"
++                },
++                "sni": {
++                    "type": "string"
++                },
++                "subject": {
++                    "type": "string"
++                },
++                "version": {
++                    "type": "string"
++                },
++                "ja3": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "hash": {
++                            "type": "string"
++                        },
++                        "string": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                },
++                "ja3s": {
++                    "type": "object",
++                    "optional": true,
++                    "properties": {
++                        "hash": {
++                            "type": "string"
++                        },
++                        "string": {
++                            "type": "string"
++                        }
++                    },
++                    "additionalProperties": false
++                }
++            },
++            "additionalProperties": false
++        },
++        "traffic": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "id": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                },
++                "label": {
++                    "type": "array",
++                    "items": {
++                        "type": "string"
++                    }
++                }
++            },
++            "additionalProperties": false
++        },
++        "tunnel": {
++            "type": "object",
++            "optional": true,
++            "properties": {
++                "depth": {
++                    "type": "integer"
++                },
++                "dest_ip": {
++                    "type": "string"
++                },
++                "dest_port": {
++                    "type": "integer"
++                },
++                "pcap_cnt": {
++                    "type": "integer"
++                },
++                "pkt_src": {
++                    "type": "string"
++                },
++                "proto": {
++                    "type": "string"
++                },
++                "src_ip": {
++                    "type": "string"
++                },
++                "src_port": {
++                    "type": "integer"
++                }
++            },
++            "additionalProperties": false
++        }
++    },
++    "additionalProperties": false,
++    "$defs": {
++        "stats_applayer_error": {
++            "type": "object",
++            "properties": {
++                "gap": {
++                    "type": "integer"
++                },
++                "alloc": {
++                    "type": "integer"
++                },
++                "parser": {
++                    "type": "integer"
++                },
++                "internal": {
++                    "type": "integer"
++                }
++            },
++            "additionalProperties": false
++        }
++    }
++}
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-003.patch b/recipes-ids/suricata/files/CVE-2024-55628-003.patch
new file mode 100644
index 0000000..c498a6b
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55628-003.patch
@@ -0,0 +1,114 @@
+From 5edb84fe234f47a0fedfbf9b10b49699152fe8cb Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Thu, 31 Oct 2024 15:46:35 -0600
+Subject: [PATCH] eve/dns: add truncation flags for fields that are truncated
+
+If rrname, rdata or mname are truncated, set a flag field like
+'rrname_truncated: true' to indicate that the name is truncated.
+
+Ticket: #7280
+
+(cherry picked from commit 37f4c52b22fcdde4adf9b479cb5700f89d00768d)
+
+CVE: CVE-2024-55628
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/5edb84fe234f47a0fedfbf9b10b49699152fe8cb]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ etc/schema.json     |  7 +++++++
+ rust/src/dns/log.rs | 19 +++++++++++++++++++
+ 2 files changed, 26 insertions(+)
+
+diff --git a/etc/schema.json b/etc/schema.json
+index 99f419f..422d77c 100644
+--- a/etc/schema.json
++++ b/etc/schema.json
+@@ -790,6 +790,9 @@
+                 "rrname": {
+                     "type": "string"
+                 },
++		"rrname_truncated": {
++		    "type": "boolean"
++		},
+                 "rrtype": {
+                     "type": "string"
+                 },
+@@ -2365,6 +2368,10 @@
+                             "type": "array",
+                             "items": {
+                                 "type": "integer"
++                            },
++                            "rrname_truncated": {
++                                "description": "Set to true if the rrname was too long and truncated by Suricata",
++                                "type": "boolean"
+                             }
+                         }
+                     },
+diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
+index 6bf9589..d0e468d 100644
+--- a/rust/src/dns/log.rs
++++ b/rust/src/dns/log.rs
+@@ -399,7 +399,13 @@ fn dns_log_soa(soa: &DNSRDataSOA) -> Result<JsonBuilder, JsonError> {
+     let mut js = JsonBuilder::try_new_object()?;
+ 
+     js.set_string_from_bytes("mname", &soa.mname.value)?;
++    if soa.mname.flags.contains(DNSNameFlags::TRUNCATED) {
++        js.set_bool("mname_truncated", true)?;
++    }
+     js.set_string_from_bytes("rname", &soa.rname.value)?;
++    if soa.rname.flags.contains(DNSNameFlags::TRUNCATED) {
++        js.set_bool("rname_truncated", true)?;
++    }
+     js.set_uint("serial", soa.serial as u64)?;
+     js.set_uint("refresh", soa.refresh as u64)?;
+     js.set_uint("retry", soa.retry as u64)?;
+@@ -444,6 +450,9 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, Js
+     let mut jsa = JsonBuilder::try_new_object()?;
+ 
+     jsa.set_string_from_bytes("rrname", &answer.name.value)?;
++    if answer.name.flags.contains(DNSNameFlags::TRUNCATED) {
++        jsa.set_bool("rrname_truncated", true)?;
++    }
+     jsa.set_string("rrtype", &dns_rrtype_string(answer.rrtype))?;
+     jsa.set_uint("ttl", answer.ttl as u64)?;
+ 
+@@ -453,6 +462,9 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, Js
+         }
+         DNSRData::CNAME(name) | DNSRData::MX(name) | DNSRData::NS(name) | DNSRData::PTR(name) => {
+             jsa.set_string_from_bytes("rdata", &name.value)?;
++            if name.flags.contains(DNSNameFlags::TRUNCATED) {
++                jsa.set_bool("rdata_truncated", true)?;
++            }
+         }
+         DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => {
+             jsa.set_string_from_bytes("rdata", bytes)?;
+@@ -506,6 +518,9 @@ fn dns_log_json_answer(
+ 
+     if let Some(query) = response.queries.first() {
+         js.set_string_from_bytes("rrname", &query.name.value)?;
++        if query.name.flags.contains(DNSNameFlags::TRUNCATED) {
++            js.set_bool("rrname_truncated", true)?;
++        }
+         js.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
+     }
+     js.set_string("rcode", &dns_rcode_string(header.flags))?;
+@@ -532,6 +547,7 @@ fn dns_log_json_answer(
+                     | DNSRData::MX(name)
+                     | DNSRData::NS(name)
+                     | DNSRData::PTR(name) => {
++                        // Flags like truncated not logged here as it would break the schema.
+                         if !answer_types.contains_key(&type_string) {
+                             answer_types
+                                 .insert(type_string.to_string(), JsonBuilder::try_new_array()?);
+@@ -620,6 +636,9 @@ fn dns_log_query(
+                 jb.set_string("type", "query")?;
+                 jb.set_uint("id", request.header.tx_id as u64)?;
+                 jb.set_string_from_bytes("rrname", &query.name.value)?;
++                if query.name.flags.contains(DNSNameFlags::TRUNCATED) {
++                    jb.set_bool("rrname_truncated", true)?;
++                }
+                 jb.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
+                 jb.set_uint("tx_id", tx.id - 1)?;
+                 if request.header.flags & 0x0040 != 0 {
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-004.patch b/recipes-ids/suricata/files/CVE-2024-55628-004.patch
new file mode 100644
index 0000000..5a2bcf6
--- /dev/null
+++ b/recipes-ids/suricata/files/CVE-2024-55628-004.patch
@@ -0,0 +1,510 @@
+From 71212b78bd1b7b841c9d9a907d0b3eea71a54060 Mon Sep 17 00:00:00 2001
+From: Jason Ish <jason.ish@oisf.net>
+Date: Fri, 1 Nov 2024 11:39:23 -0600
+Subject: [PATCH] dns: provide events for recoverable parse errors
+
+Add events for the following resource name parsing issues:
+
+- name truncated as its too long
+- maximum number of labels reached
+- infinite loop
+
+Currently these events are only registered when encountered, but
+recoverable. That is where we are able to return some of the name,
+usually in a truncated state.
+
+As name parsing has many code paths, we pass in a pointer to a flag
+field that can be updated by the name parser, this is done in
+addition to the flags being set on a specific name as when logging we
+want to designate which fields are truncated, etc. But for alerts, we
+just care that something happened during the parse. It also reduces
+errors as it won't be forgotten to check for the flags and set the
+event if some new parser is written that also parses names.
+
+Ticket: #7280
+
+(cherry picked from commit 19cf0f81335d9f787d587450f7105ad95a648951)
+
+CVE: CVE-2024-55628
+Upstream-Status: Backport [https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ rules/dns-events.rules |   9 +++
+ rust/src/dns/dns.rs    |  36 ++++++++++-
+ rust/src/dns/parser.rs | 136 +++++++++++++++++++++++++----------------
+ 3 files changed, 124 insertions(+), 57 deletions(-)
+
+diff --git a/rules/dns-events.rules b/rules/dns-events.rules
+index d4c02b5..cc43629 100644
+--- a/rules/dns-events.rules
++++ b/rules/dns-events.rules
+@@ -8,3 +8,12 @@ alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client;
+ # Z flag (reserved) not 0
+ alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; classtype:protocol-command-decode; sid:2240006; rev:2;)
+ alert dns any any -> any any (msg:"SURICATA DNS Invalid opcode"; app-layer-event:dns.invalid_opcode; classtype:protocol-command-decode; sid:2240007; rev:1;)
++
++# A resource name was too long (over 1025 chars)
++alert dns any any -> any any (msg:"SURICATA DNS Name too long"; app-layer-event:dns.name_too_long; classtype:protocol-command-decode; sid:224008; rev:1;)
++
++# An infinite loop was found while decoding a DNS resource name.
++alert dns any any -> any any (msg:"SURICATA DNS Infinite loop"; app-layer-event:dns.infinite_loop; classtype:protocol-command-decode; sid:224009; rev:1;)
++
++# Suricata's maximum number of DNS name labels was reached while parsing a resource name.
++alert dns any any -> any any (msg:"SURICATA DNS Too many labels"; app-layer-event:dns.too_many_labels; classtype:protocol-command-decode; sid:224010; rev:1;)
+diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
+index 680bf7e..34406dc 100644
+--- a/rust/src/dns/dns.rs
++++ b/rust/src/dns/dns.rs
+@@ -129,6 +129,12 @@ pub enum DNSEvent {
+     NotResponse,
+     ZFlagSet,
+     InvalidOpcode,
++    /// A DNS resource name was exessively long and was truncated.
++    NameTooLong,
++    /// An infinite loop was found while parsing a name.
++    InfiniteLoop,
++    /// Too many labels were found.
++    TooManyLabels,
+ }
+ 
+ #[derive(Debug, PartialEq, Eq)]
+@@ -418,7 +424,7 @@ impl DNSState {
+         };
+ 
+         match parser::dns_parse_request_body(body, input, header) {
+-            Ok((_, request)) => {
++            Ok((_, (request, parse_flags))) => {
+                 if request.header.flags & 0x8000 != 0 {
+                     SCLogDebug!("DNS message is not a request");
+                     self.set_event(DNSEvent::NotRequest);
+@@ -441,6 +447,18 @@ impl DNSState {
+                     self.set_event(DNSEvent::InvalidOpcode);
+                 }
+ 
++                if parse_flags.contains(DNSNameFlags::TRUNCATED) {
++                    self.set_event(DNSEvent::NameTooLong);
++                }
++                
++                if parse_flags.contains(DNSNameFlags::INFINITE_LOOP) {
++                    self.set_event(DNSEvent::InfiniteLoop);
++                }
++                
++                if parse_flags.contains(DNSNameFlags::LABEL_LIMIT) {
++                    self.set_event(DNSEvent::TooManyLabels);
++                }
++
+                 return true;
+             }
+             Err(Err::Incomplete(_)) => {
+@@ -490,7 +508,7 @@ impl DNSState {
+         };
+ 
+         match parser::dns_parse_response_body(body, input, header) {
+-            Ok((_, response)) => {
++            Ok((_, (response, parse_flags))) => {
+                 SCLogDebug!("Response header flags: {}", response.header.flags);
+ 
+                 if response.header.flags & 0x8000 == 0 {
+@@ -519,6 +537,18 @@ impl DNSState {
+                     self.set_event(DNSEvent::InvalidOpcode);
+                 }
+ 
++                if parse_flags.contains(DNSNameFlags::TRUNCATED) {
++                    self.set_event(DNSEvent::NameTooLong);
++                }
++                
++                if parse_flags.contains(DNSNameFlags::INFINITE_LOOP) {
++                    self.set_event(DNSEvent::InfiniteLoop);
++                }
++                
++                if parse_flags.contains(DNSNameFlags::LABEL_LIMIT) {
++                    self.set_event(DNSEvent::TooManyLabels);
++                }
++
+                 return true;
+             }
+             Err(Err::Incomplete(_)) => {
+@@ -718,7 +748,7 @@ fn probe(input: &[u8], dlen: usize) -> (bool, bool, bool) {
+     }
+ 
+     match parser::dns_parse_request(input) {
+-        Ok((_, request)) => {
++        Ok((_, (request, _))) => {
+             return probe_header_validity(&request.header, dlen);
+         }
+         Err(Err::Incomplete(_)) => match parser::dns_parse_header(input) {
+diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs
+index 12929bc..c98ba05 100644
+--- a/rust/src/dns/parser.rs
++++ b/rust/src/dns/parser.rs
+@@ -81,7 +81,7 @@ static MAX_NAME_LEN: usize = 1025;
+ /// Parameters:
+ ///   start: the start of the name
+ ///   message: the complete message that start is a part of with the DNS header
+-pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], DNSName> {
++pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8], parse_flags: &mut DNSNameFlags) -> IResult<&'b [u8], DNSName> {
+     let mut pos = start;
+     let mut pivot = start;
+     let mut name: Vec<u8> = Vec::with_capacity(32);
+@@ -166,6 +166,8 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
+         }
+     }
+ 
++    parse_flags.insert(flags);
++
+     // If we followed a pointer we return the position after the first
+     // pointer followed. Is there a better way to see if these slices
+     // diverged from each other?  A straight up comparison would
+@@ -188,7 +190,7 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
+ /// multi-string TXT entry as a single quote string, similar to the
+ /// output of dig. Something to consider for a future version.
+ fn dns_parse_answer<'a>(
+-    slice: &'a [u8], message: &'a [u8], count: usize,
++    slice: &'a [u8], message: &'a [u8], count: usize, flags: &mut DNSNameFlags,
+ ) -> IResult<&'a [u8], Vec<DNSAnswerEntry>> {
+     let mut answers = Vec::new();
+     let mut input = slice;
+@@ -201,8 +203,10 @@ fn dns_parse_answer<'a>(
+         data: &'a [u8],
+     }
+ 
+-    fn subparser<'a>(i: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], Answer<'a>> {
+-        let (i, name) = dns_parse_name(i, message)?;
++    fn subparser<'a>(
++        i: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++    ) -> IResult<&'a [u8], Answer<'a>> {
++        let (i, name) = dns_parse_name(i, message, flags)?;
+         let (i, rrtype) = be_u16(i)?;
+         let (i, rrclass) = be_u16(i)?;
+         let (i, ttl) = be_u32(i)?;
+@@ -218,7 +222,7 @@ fn dns_parse_answer<'a>(
+     }
+ 
+     for _ in 0..count {
+-        match subparser(input, message) {
++        match subparser(input, message, flags) {
+             Ok((rem, val)) => {
+                 let n = match val.rrtype {
+                     DNS_RECORD_TYPE_TXT => {
+@@ -236,7 +240,7 @@ fn dns_parse_answer<'a>(
+                     }
+                 };
+                 let result: IResult<&'a [u8], Vec<DNSRData>> =
+-                    many_m_n(1, n, complete(|b| dns_parse_rdata(b, message, val.rrtype)))(val.data);
++                    many_m_n(1, n, complete(|b| dns_parse_rdata(b, message, val.rrtype, flags)))(val.data);
+                 match result {
+                     Ok((_, rdatas)) => {
+                         for rdata in rdatas {
+@@ -266,18 +270,19 @@ fn dns_parse_answer<'a>(
+ 
+ pub fn dns_parse_response_body<'a>(
+     i: &'a [u8], message: &'a [u8], header: DNSHeader,
+-) -> IResult<&'a [u8], DNSResponse> {
+-    let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?;
+-    let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize)?;
+-    let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize)?;
++) -> IResult<&'a [u8], (DNSResponse, DNSNameFlags)> {
++    let mut flags = DNSNameFlags::default();
++    let (i, queries) = count(|b| dns_parse_query(b, message, &mut flags), header.questions as usize)(i)?;
++    let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize, &mut flags)?;
++    let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize, &mut flags)?;
+     Ok((
+         i,
+-        DNSResponse {
++        (DNSResponse {
+             header,
+             queries,
+             answers,
+             authorities,
+-        },
++        }, flags),
+     ))
+ }
+ 
+@@ -286,9 +291,9 @@ pub fn dns_parse_response_body<'a>(
+ /// Arguments are suitable for using with call!:
+ ///
+ ///    call!(complete_dns_message_buffer)
+-pub fn dns_parse_query<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSQueryEntry> {
++pub fn dns_parse_query<'a>(input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags) -> IResult<&'a [u8], DNSQueryEntry> {
+     let i = input;
+-    let (i, name) = dns_parse_name(i, message)?;
++    let (i, name) = dns_parse_name(i, message, flags)?;
+     let (i, rrtype) = be_u16(i)?;
+     let (i, rrclass) = be_u16(i)?;
+     Ok((
+@@ -309,22 +314,30 @@ fn dns_parse_rdata_aaaa(input: &[u8]) -> IResult<&[u8], DNSRData> {
+     rest(input).map(|(input, data)| (input, DNSRData::AAAA(data.to_vec())))
+ }
+ 
+-fn dns_parse_rdata_cname<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
+-    dns_parse_name(input, message).map(|(input, name)| (input, DNSRData::CNAME(name)))
++fn dns_parse_rdata_cname<'a>(
++    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++) -> IResult<&'a [u8], DNSRData> {
++    dns_parse_name(input, message, flags).map(|(input, name)| (input, DNSRData::CNAME(name)))
+ }
+ 
+-fn dns_parse_rdata_ns<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
+-    dns_parse_name(input, message).map(|(input, name)| (input, DNSRData::NS(name)))
++fn dns_parse_rdata_ns<'a>(
++    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++) -> IResult<&'a [u8], DNSRData> {
++    dns_parse_name(input, message, flags).map(|(input, name)| (input, DNSRData::NS(name)))
+ }
+ 
+-fn dns_parse_rdata_ptr<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
+-    dns_parse_name(input, message).map(|(input, name)| (input, DNSRData::PTR(name)))
++fn dns_parse_rdata_ptr<'a>(
++    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++) -> IResult<&'a [u8], DNSRData> {
++    dns_parse_name(input, message, flags).map(|(input, name)| (input, DNSRData::PTR(name)))
+ }
+ 
+-fn dns_parse_rdata_soa<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
++fn dns_parse_rdata_soa<'a>(
++    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++) -> IResult<&'a [u8], DNSRData> {
+     let i = input;
+-    let (i, mname) = dns_parse_name(i, message)?;
+-    let (i, rname) = dns_parse_name(i, message)?;
++    let (i, mname) = dns_parse_name(i, message, flags)?;
++    let (i, rname) = dns_parse_name(i, message, flags)?;
+     let (i, serial) = be_u32(i)?;
+     let (i, refresh) = be_u32(i)?;
+     let (i, retry) = be_u32(i)?;
+@@ -344,20 +357,24 @@ fn dns_parse_rdata_soa<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u
+     ))
+ }
+ 
+-fn dns_parse_rdata_mx<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
++fn dns_parse_rdata_mx<'a>(
++    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++) -> IResult<&'a [u8], DNSRData> {
+     // For MX we skip over the preference field before
+     // parsing out the name.
+     let (i, _) = be_u16(input)?;
+-    let (i, name) = dns_parse_name(i, message)?;
++    let (i, name) = dns_parse_name(i, message, flags)?;
+     Ok((i, DNSRData::MX(name)))
+ }
+ 
+-fn dns_parse_rdata_srv<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
++fn dns_parse_rdata_srv<'a>(
++    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
++) -> IResult<&'a [u8], DNSRData> {
+     let i = input;
+     let (i, priority) = be_u16(i)?;
+     let (i, weight) = be_u16(i)?;
+     let (i, port) = be_u16(i)?;
+-    let (i, target) = dns_parse_name(i, message)?;
++    let (i, target) = dns_parse_name(i, message, flags)?;
+     Ok((
+         i,
+         DNSRData::SRV(DNSRDataSRV {
+@@ -398,26 +415,26 @@ fn dns_parse_rdata_unknown(input: &[u8]) -> IResult<&[u8], DNSRData> {
+ }
+ 
+ pub fn dns_parse_rdata<'a>(
+-    input: &'a [u8], message: &'a [u8], rrtype: u16,
++    input: &'a [u8], message: &'a [u8], rrtype: u16, flags: &mut DNSNameFlags
+ ) -> IResult<&'a [u8], DNSRData> {
+     match rrtype {
+         DNS_RECORD_TYPE_A => dns_parse_rdata_a(input),
+         DNS_RECORD_TYPE_AAAA => dns_parse_rdata_aaaa(input),
+-        DNS_RECORD_TYPE_CNAME => dns_parse_rdata_cname(input, message),
+-        DNS_RECORD_TYPE_PTR => dns_parse_rdata_ptr(input, message),
+-        DNS_RECORD_TYPE_SOA => dns_parse_rdata_soa(input, message),
+-        DNS_RECORD_TYPE_MX => dns_parse_rdata_mx(input, message),
+-        DNS_RECORD_TYPE_NS => dns_parse_rdata_ns(input, message),
++        DNS_RECORD_TYPE_CNAME => dns_parse_rdata_cname(input, message, flags),
++        DNS_RECORD_TYPE_PTR => dns_parse_rdata_ptr(input, message, flags),
++        DNS_RECORD_TYPE_SOA => dns_parse_rdata_soa(input, message, flags),
++        DNS_RECORD_TYPE_MX => dns_parse_rdata_mx(input, message, flags),
++        DNS_RECORD_TYPE_NS => dns_parse_rdata_ns(input, message, flags),
+         DNS_RECORD_TYPE_TXT => dns_parse_rdata_txt(input),
+         DNS_RECORD_TYPE_NULL => dns_parse_rdata_null(input),
+         DNS_RECORD_TYPE_SSHFP => dns_parse_rdata_sshfp(input),
+-        DNS_RECORD_TYPE_SRV => dns_parse_rdata_srv(input, message),
++        DNS_RECORD_TYPE_SRV => dns_parse_rdata_srv(input, message, flags),
+         _ => dns_parse_rdata_unknown(input),
+     }
+ }
+ 
+ /// Parse a DNS request.
+-pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], DNSRequest> {
++pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], (DNSRequest, DNSNameFlags)> {
+     let i = input;
+     let (i, header) = dns_parse_header(i)?;
+     dns_parse_request_body(i, input, header)
+@@ -425,10 +442,11 @@ pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], DNSRequest> {
+ 
+ pub fn dns_parse_request_body<'a>(
+     input: &'a [u8], message: &'a [u8], header: DNSHeader,
+-) -> IResult<&'a [u8], DNSRequest> {
++) -> IResult<&'a [u8], (DNSRequest, DNSNameFlags)> {
++    let mut flags = DNSNameFlags::default();
+     let i = input;
+-    let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?;
+-    Ok((i, DNSRequest { header, queries }))
++    let (i, queries) = count(|b| dns_parse_query(b, message, &mut flags), header.questions as usize)(i)?;
++    Ok((i, (DNSRequest { header, queries }, flags)))
+ }
+ 
+ #[cfg(test)]
+@@ -447,7 +465,8 @@ mod tests {
+             0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, /* .com.... */
+         ];
+         let expected_remainder: &[u8] = &[0x00, 0x01, 0x00];
+-        let (remainder, name) = dns_parse_name(buf, buf).unwrap();
++        let mut flags = DNSNameFlags::default();
++        let (remainder, name) = dns_parse_name(buf, buf, &mut flags).unwrap();
+         assert_eq!("client-cf.dropbox.com".as_bytes(), &name.value[..]);
+         assert_eq!(remainder, expected_remainder);
+     }
+@@ -481,7 +500,8 @@ mod tests {
+ 
+         // The name at offset 54 is the complete name.
+         let start1 = &buf[54..];
+-        let res1 = dns_parse_name(start1, message);
++        let mut flags = DNSNameFlags::default();
++        let res1 = dns_parse_name(start1, message, &mut flags);
+         assert_eq!(
+             res1,
+             Ok((
+@@ -496,7 +516,8 @@ mod tests {
+         // The second name starts at offset 80, but is just a pointer
+         // to the first.
+         let start2 = &buf[80..];
+-        let res2 = dns_parse_name(start2, message);
++        let mut flags = DNSNameFlags::default();
++        let res2 = dns_parse_name(start2, message, &mut flags);
+         assert_eq!(
+             res2,
+             Ok((
+@@ -511,7 +532,8 @@ mod tests {
+         // The third name starts at offset 94, but is a pointer to a
+         // portion of the first.
+         let start3 = &buf[94..];
+-        let res3 = dns_parse_name(start3, message);
++        let mut flags = DNSNameFlags::default();
++        let res3 = dns_parse_name(start3, message, &mut flags);
+         assert_eq!(
+             res3,
+             Ok((
+@@ -526,7 +548,8 @@ mod tests {
+         // The fourth name starts at offset 110, but is a pointer to a
+         // portion of the first.
+         let start4 = &buf[110..];
+-        let res4 = dns_parse_name(start4, message);
++        let mut flags = DNSNameFlags::default();
++        let res4 = dns_parse_name(start4, message, &mut flags);
+         assert_eq!(
+             res4,
+             Ok((
+@@ -567,7 +590,8 @@ mod tests {
+         // packet).
+         let start: &[u8] = &buf[100..];
+ 
+-        let res = dns_parse_name(start, message);
++        let mut flags = DNSNameFlags::default();
++        let res = dns_parse_name(start, message, &mut flags);
+         assert_eq!(
+             res,
+             Ok((
+@@ -595,7 +619,7 @@ mod tests {
+ 
+         let res = dns_parse_request(pkt);
+         match res {
+-            Ok((rem, request)) => {
++            Ok((rem, (request, _flags))) => {
+                 // For now we have some remainder data as there is an
+                 // additional record type we don't parse yet.
+                 assert!(!rem.is_empty());
+@@ -626,7 +650,7 @@ mod tests {
+     }
+ 
+     /// Parse a DNS response.
+-    fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSResponse> {
++    fn dns_parse_response(message: &[u8]) -> IResult<&[u8], (DNSResponse, DNSNameFlags)> {
+         let i = message;
+         let (i, header) = dns_parse_header(i)?;
+         dns_parse_response_body(i, message, header)
+@@ -653,7 +677,7 @@ mod tests {
+ 
+         let res = dns_parse_response(pkt);
+         match res {
+-            Ok((rem, response)) => {
++            Ok((rem, (response, _flags))) => {
+                 // The response should be full parsed.
+                 assert_eq!(rem.len(), 0);
+ 
+@@ -745,7 +769,7 @@ mod tests {
+ 
+         let res = dns_parse_response(pkt);
+         match res {
+-            Ok((rem, response)) => {
++            Ok((rem, (response, _flags))) => {
+                 // For now we have some remainder data as there is an
+                 // additional record type we don't parse yet.
+                 assert!(!rem.is_empty());
+@@ -812,7 +836,7 @@ mod tests {
+ 
+         let res = dns_parse_response(pkt);
+         match res {
+-            Ok((rem, response)) => {
++            Ok((rem, (response, _flags))) => {
+                 // The response should be fully parsed.
+                 assert_eq!(rem.len(), 0);
+ 
+@@ -924,7 +948,7 @@ mod tests {
+ 
+         let res = dns_parse_response(pkt);
+         match res {
+-            Ok((rem, response)) => {
++            Ok((rem, (response, _flags))) => {
+                 // The data should be fully parsed.
+                 assert_eq!(rem.len(), 0);
+ 
+@@ -978,7 +1002,8 @@ mod tests {
+             }
+         }
+ 
+-        let (rem, name) = dns_parse_name(&buf, &buf).unwrap();
++        let mut flags = DNSNameFlags::default();
++        let (rem, name) = dns_parse_name(&buf, &buf, &mut flags).unwrap();
+         assert_eq!(name.value.len(), MAX_NAME_LEN);
+         assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
+         assert!(rem.is_empty());
+@@ -995,7 +1020,8 @@ mod tests {
+         // This should fail as we've hit the segment limit without a
+         // pointer, we'd need to keep parsing more segments to figure
+         // out where the next data point lies.
+-        assert!(dns_parse_name(&buf, &buf).is_err());
++        let mut flags = DNSNameFlags::default();
++        assert!(dns_parse_name(&buf, &buf, &mut flags).is_err());
+     }
+ 
+     #[test]
+@@ -1015,7 +1041,8 @@ mod tests {
+         buf.push(0b1100_0000);
+         buf.push(0b000_0000);
+ 
+-        let (_rem, name) = dns_parse_name(&buf[4..], &buf).unwrap();
++        let mut flags = DNSNameFlags::default();
++        let (_rem, name) = dns_parse_name(&buf[4..], &buf, &mut flags).unwrap();
+         assert_eq!(name.value.len(), 255);
+         assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
+     }
+@@ -1025,6 +1052,7 @@ mod tests {
+         let mut buf = vec![];
+         buf.push(0b1100_0000);
+         buf.push(0b0000_0000);
+-        assert!(dns_parse_name(&buf, &buf).is_err());
++        let mut flags = DNSNameFlags::default();
++        assert!(dns_parse_name(&buf, &buf, &mut flags).is_err());
+     }
+ }
+-- 
+2.50.1
+
diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 4a1857e..58ed688 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -31,6 +31,13 @@ SRC_URI += " \
     file://CVE-2024-32867-002.patch \
     file://CVE-2024-32867-003.patch \
     file://CVE-2024-32867-004.patch \
+    file://CVE-2024-55627-001.patch \
+    file://CVE-2024-55627-002.patch \
+    file://CVE-2024-55627-003.patch \
+    file://CVE-2024-55628-001.patch \
+    file://CVE-2024-55628-002.patch \
+    file://CVE-2024-55628-003.patch \
+    file://CVE-2024-55628-004.patch \
     "
 
 inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
-- 
2.47.3

[meta-security][scarthgap][PATCH 24/32] python3-fail2ban: fix ptest failures

[Scott Murray]

From: Yi Zhao <yi.zhao@windriver.com>

Fix ptest failures by backporting patch and updating test case config
files.

Before the patch:
  $ ptest-runner python3-fail2ban
  START: ptest-runner
  2025-09-11T15:42
  BEGIN: /usr/lib64/python3-fail2ban/ptest
  <snip>
  Ran 524 tests in 23.023s

  FAILED (failures=5, errors=7, skipped=3)
  DURATION: 24
  END: /usr/lib64/python3-fail2ban/ptest
  2025-09-11T15:42
  STOP: ptest-runner
  TOTAL: 1 FAIL: 1

After the patch:
  $ ptest-runner python3-fail2ban
  START: ptest-runner
  2025-09-11T15:59
  BEGIN: /usr/lib64/python3-fail2ban/ptest
  <snip>
  Ran 524 tests in 25.982s

  OK (skipped=3)
  DURATION: 27
  END: /usr/lib64/python3-fail2ban/ptest
  2025-09-11T15:59
  STOP: ptest-runner
  TOTAL: 1 FAIL: 0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 ...ges-the-IPs-again.-additionally-it-g.patch | 210 ++++++++++++++++++
 ...case.py-set-correct-config-dir-for-t.patch |  34 +++
 .../fail2ban/python3-fail2ban_git.bb          |  12 +-
 3 files changed, 255 insertions(+), 1 deletion(-)
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
new file mode 100644
index 0000000..73014ab
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
@@ -0,0 +1,210 @@
+From 5b6c13f0aae79a23d94570bacd1b5796e57f088d Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Thu, 30 Jan 2025 01:05:30 +0100
+Subject: [PATCH] example.com changes the IPs, again... additionally it got
+ more IPs, which look unstable now (depends on resolver), so replaced with
+ fail2ban.org, that seems to resolve to single IPv4 and IPv6 (can be adjusted
+ later for something more persistent)
+
+
+Upstream-Status: Backport
+[https://github.com/fail2ban/fail2ban/commit/5b6c13f0aae79a23d94570bacd1b5796e57f088d]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ .../tests/files/logs/apache-fakegooglebot     |  6 +-
+ fail2ban/tests/files/testcase-usedns.log      |  4 +-
+ fail2ban/tests/filtertestcase.py              | 58 +++++++++----------
+ fail2ban/tests/utils.py                       |  4 +-
+ 4 files changed, 36 insertions(+), 36 deletions(-)
+
+diff --git a/fail2ban/tests/files/logs/apache-fakegooglebot b/fail2ban/tests/files/logs/apache-fakegooglebot
+index b77a1a6b..024842fd 100644
+--- a/fail2ban/tests/files/logs/apache-fakegooglebot
++++ b/fail2ban/tests/files/logs/apache-fakegooglebot
+@@ -1,5 +1,5 @@
+ # Apache 2.2
+ # failJSON: { "time": "2015-01-31T14:29:44", "match": true, "host": "66.249.66.1" }
+-66.249.66.1 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
+-# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "93.184.215.14" }
+-93.184.215.14 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
++66.249.66.1 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
++# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "51.159.55.100" }
++51.159.55.100 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
+diff --git a/fail2ban/tests/files/testcase-usedns.log b/fail2ban/tests/files/testcase-usedns.log
+index eea6eb44..3e7b36bb 100644
+--- a/fail2ban/tests/files/testcase-usedns.log
++++ b/fail2ban/tests/files/testcase-usedns.log
+@@ -1,2 +1,2 @@
+-Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2
+-Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2
++Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2
++Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2
+diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
+index 20945b78..26961a1b 100644
+--- a/fail2ban/tests/filtertestcase.py
++++ b/fail2ban/tests/filtertestcase.py
+@@ -587,14 +587,14 @@ class IgnoreIP(LogCaptureTestCase):
+ 				self.assertNotLogged("returned successfully")
+ 
+ 	def testIgnoreCauseOK(self):
+-		ip = "93.184.215.14"
++		ip = "51.159.55.100"
+ 		for ignore_source in ["dns", "ip", "command"]:
+ 			self.filter.logIgnoreIp(ip, True, ignore_source=ignore_source)
+ 			self.assertLogged("[%s] Ignore %s by %s" % (self.jail.name, ip, ignore_source))
+ 
+ 	def testIgnoreCauseNOK(self):
+-		self.filter.logIgnoreIp("example.com", False, ignore_source="NOT_LOGGED")
+-		self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "example.com", "NOT_LOGGED"))
++		self.filter.logIgnoreIp("fail2ban.org", False, ignore_source="NOT_LOGGED")
++		self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "fail2ban.org", "NOT_LOGGED"))
+ 
+ 
+ class IgnoreIPDNS(LogCaptureTestCase):
+@@ -607,7 +607,7 @@ class IgnoreIPDNS(LogCaptureTestCase):
+ 		self.filter = FileFilter(self.jail)
+ 
+ 	def testIgnoreIPDNS(self):
+-		for dns in ("www.epfl.ch", "example.com"):
++		for dns in ("www.epfl.ch", "fail2ban.org"):
+ 			self.filter.addIgnoreIP(dns)
+ 			ips = DNSUtils.dnsToIp(dns)
+ 			self.assertTrue(len(ips) > 0)
+@@ -1892,22 +1892,22 @@ class GetFailures(LogCaptureTestCase):
+ 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+ 		# We should still catch failures with usedns = no ;-)
+ 		output_yes = (
+-			('93.184.215.14', 1, 1124013299.0,
+-			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
++			('51.159.55.100', 1, 1124013299.0,
++			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
+ 			),
+-			('93.184.215.14', 1, 1124013539.0,
+-			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
++			('51.159.55.100', 1, 1124013539.0,
++			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
+ 			),
+-			('2606:2800:21f:cb07:6820:80da:af6b:8b2c', 1, 1124013299.0,
+-			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
++			('2001:bc8:1200:6:208:a2ff:fe0c:61f8', 1, 1124013299.0,
++			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
+ 			),
+ 		)
+ 		if not unittest.F2B.no_network and not DNSUtils.IPv6IsAllowed():
+ 			output_yes = output_yes[0:2]
+ 
+ 		output_no = (
+-			('93.184.215.14', 1, 1124013539.0,
+-			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
++			('51.159.55.100', 1, 1124013539.0,
++			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
+ 			)
+ 		)
+ 
+@@ -2098,10 +2098,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 		super(DNSUtilsNetworkTests, self).setUp()
+ 		#unittest.F2B.SkipIfNoNetwork()
+ 
+-	## example.com IPs considering IPv6 support (without network it is simulated via cache in utils).
++	## fail2ban.org IPs considering IPv6 support (without network it is simulated via cache in utils).
+ 	EXAMPLE_ADDRS = (
+-		['93.184.215.14', '2606:2800:21f:cb07:6820:80da:af6b:8b2c'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
+-		['93.184.215.14']
++		['51.159.55.100', '2001:bc8:1200:6:208:a2ff:fe0c:61f8'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
++		['51.159.55.100']
+ 	)
+ 
+ 	def test_IPAddr(self):
+@@ -2163,13 +2163,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 		self.assertTrue(r < ip6)
+ 
+ 	def testUseDns(self):
+-		res = DNSUtils.textToIp('www.example.com', 'no')
++		res = DNSUtils.textToIp('www.fail2ban.org', 'no')
+ 		self.assertSortedEqual(res, [])
+ 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+-		res = DNSUtils.textToIp('www.example.com', 'warn')
++		res = DNSUtils.textToIp('www.fail2ban.org', 'warn')
+ 		# sort ipaddr, IPv4 is always smaller as IPv6
+ 		self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
+-		res = DNSUtils.textToIp('www.example.com', 'yes')
++		res = DNSUtils.textToIp('www.fail2ban.org', 'yes')
+ 		# sort ipaddr, IPv4 is always smaller as IPv6
+ 		self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
+ 
+@@ -2177,13 +2177,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+ 		# Test hostnames
+ 		hostnames = [
+-			'www.example.com',
++			'www.fail2ban.org',
+ 			'doh1.2.3.4.buga.xxxxx.yyy.invalid',
+ 			'1.2.3.4.buga.xxxxx.yyy.invalid',
+ 			]
+ 		for s in hostnames:
+ 			res = DNSUtils.textToIp(s, 'yes')
+-			if s == 'www.example.com':
++			if s == 'www.fail2ban.org':
+ 				# sort ipaddr, IPv4 is always smaller as IPv6
+ 				self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
+ 			else:
+@@ -2234,8 +2234,8 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 
+ 		self.assertEqual(IPAddr('192.0.2.0').getPTR(), '0.2.0.192.in-addr.arpa.')
+ 		self.assertEqual(IPAddr('192.0.2.1').getPTR(), '1.2.0.192.in-addr.arpa.')
+-		self.assertEqual(IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c').getPTR(), 
+-			'c.2.b.8.b.6.f.a.a.d.0.8.0.2.8.6.7.0.b.c.f.1.2.0.0.0.8.2.6.0.6.2.ip6.arpa.')
++		self.assertEqual(IPAddr('2001:db8::1').getPTR(), 
++			'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.')
+ 
+ 	def testIPAddr_Equal6(self):
+ 		self.assertEqual(
+@@ -2365,10 +2365,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 
+ 	def testIPAddr_CompareDNS(self):
+ 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+-		ips = IPAddr('example.com')
+-		self.assertTrue(IPAddr("93.184.215.14").isInNet(ips))
+-		self.assertEqual(IPAddr("2606:2800:21f:cb07:6820:80da:af6b:8b2c").isInNet(ips),
+-		                        "2606:2800:21f:cb07:6820:80da:af6b:8b2c" in self.EXAMPLE_ADDRS)
++		ips = IPAddr('fail2ban.org')
++		self.assertTrue(IPAddr("51.159.55.100").isInNet(ips))
++		self.assertEqual(IPAddr("2001:bc8:1200:6:208:a2ff:fe0c:61f8").isInNet(ips),
++		                        "2001:bc8:1200:6:208:a2ff:fe0c:61f8" in self.EXAMPLE_ADDRS)
+ 
+ 	def testIPAddr_wrongDNS_IP(self):
+ 		unittest.F2B.SkipIfNoNetwork()
+@@ -2376,11 +2376,11 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 		DNSUtils.ipToName('*')
+ 
+ 	def testIPAddr_Cached(self):
+-		ips = [DNSUtils.dnsToIp('example.com'), DNSUtils.dnsToIp('example.com')]
++		ips = [DNSUtils.dnsToIp('fail2ban.org'), DNSUtils.dnsToIp('fail2ban.org')]
+ 		for ip1, ip2 in zip(ips, ips):
+ 			self.assertEqual(id(ip1), id(ip2))
+-		ip1 = IPAddr('93.184.215.14'); ip2 = IPAddr('93.184.215.14'); self.assertEqual(id(ip1), id(ip2))
+-		ip1 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); ip2 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); self.assertEqual(id(ip1), id(ip2))
++		ip1 = IPAddr('51.159.55.100'); ip2 = IPAddr('51.159.55.100'); self.assertEqual(id(ip1), id(ip2))
++		ip1 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); ip2 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); self.assertEqual(id(ip1), id(ip2))
+ 
+ 	def test_NetworkInterfacesAddrs(self):
+ 		for withMask in (False, True):
+diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
+index f71ba60a..e6ef54f3 100644
+--- a/fail2ban/tests/utils.py
++++ b/fail2ban/tests/utils.py
+@@ -326,8 +326,8 @@ def initTests(opts):
+ 			('failed.dns.ch', set()),
+ 			('doh1.2.3.4.buga.xxxxx.yyy.invalid', set()),
+ 			('1.2.3.4.buga.xxxxx.yyy.invalid', set()),
+-			('example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
+-			('www.example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
++			('fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
++			('www.fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
+ 		):
+ 			c.set(*i)
+ 		# if fast - precache all host names as localhost addresses (speed-up getSelfIPs/ignoreself):
+-- 
+2.34.1
+
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch
new file mode 100644
index 0000000..ab957da
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch
@@ -0,0 +1,34 @@
+From 9137d3f47a9e0c0e1aad11a71bb8ac8d0ba21b4e Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 11 Sep 2025 22:36:07 +0800
+Subject: [PATCH] clientreadertestcase.py: set correct config dir for
+ testReadStockJailFilterComplete
+
+In test case testReadStockJailFilterComplete, set configuration
+directory to CONFIG_DIR (/etc/fail2ban/filter.d on the target) instead
+of the hardcoded "config" directory. Otherwise, the config files will
+not be found during runtime testing.
+
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ fail2ban/tests/clientreadertestcase.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
+index 0388fd3d..670e5b76 100644
+--- a/fail2ban/tests/clientreadertestcase.py
++++ b/fail2ban/tests/clientreadertestcase.py
+@@ -861,7 +861,7 @@ class JailsReaderTest(LogCaptureTestCase):
+ 		self.assertTrue(jails.getOptions())       # reads fine
+ 		# grab all filter names
+ 		filters = set(os.path.splitext(os.path.split(a)[1])[0]
+-			for a in glob.glob(os.path.join('config', 'filter.d', '*.conf'))
++			for a in glob.glob(os.path.join(CONFIG_DIR, 'filter.d', '*.conf'))
+ 				if not (a.endswith('common.conf') or a.endswith('-aggressive.conf')))
+ 		# get filters of all jails (filter names without options inside filter[...])
+ 		filters_jail = set(
+-- 
+2.34.1
+
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
index 444574a..eb20a88 100644
--- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
@@ -13,6 +13,8 @@ DEPENDS = "python3-native"
 
 SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"
 SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
+           file://0001-example.com-changes-the-IPs-again.-additionally-it-g.patch \
+           file://0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch \
            file://initd \
            file://run-ptest \
            "
@@ -49,8 +51,16 @@ do_install_ptest:append () {
     sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest
     install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
     rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
-}
 
+    for i in checklogtype.conf zzz-generic-example.conf zzz-sshd-obsolete-multiline.conf; do
+        sed -i -e 's|^before =.*|before = ${sysconfdir}/fail2ban/filter.d/common.conf|g' \
+            ${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/filter.d/${i}
+    done
+
+    install -m 0644 ${S}/README.md ${D}${PTEST_PATH}
+    sed -i -e 's|^logpath = README.md|logpath = ${PTEST_PATH}/README.md|g' \
+            ${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/jail.conf
+}
 
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME = "fail2ban-server"
-- 
2.47.3

[meta-security][scarthgap][PATCH 25/32] fail2ban: Adapt test output to Automake format for ptest compatibility

[Scott Murray]

From: Haixiao Yan <haixiao.yan.cn@windriver.com>

Convert fail2ban-testcases output to follow Automake-compatible format
(PASS:/FAIL:) so that ptest-runner can correctly parse and
report test results.

root@intel-x86-64:~# ptest-runner python3-fail2ban -t 300
START: ptest-runner
2025-09-22T07:57
BEGIN: /usr/lib64/python3-fail2ban/ptest
Fail2ban 1.1.1.dev1 test suite. Python 3.12.11 (main, Jun  3 2025, 15:41:47) [GCC 13.4.0]. Please wait...
I: Skipping smtp tests: No module named 'smtpd'
I: Skipping SSL smtp tests: No module named 'aiosmtpd'
PASS: fail2ban.tests.servertestcase.Transmitter.testAction
PASS: fail2ban.tests.servertestcase.Transmitter.testAddJail
PASS: fail2ban.tests.servertestcase.Transmitter.testDatabase
PASS: fail2ban.tests.servertestcase.Transmitter.testDatePattern
PASS: fail2ban.tests.servertestcase.Transmitter.testGetNOK
PASS: fail2ban.tests.servertestcase.Transmitter.testJailAttemptIP
PASS: fail2ban.tests.servertestcase.Transmitter.testJailBanIP
...
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testBanTimeIncr
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testFlushLogs
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogLevel
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTarget
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testLogTargetSYSLOG
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocket
PASS: fail2ban.tests.servertestcase.TransmitterLogging.testSyslogSocketNOK

============================================================================
Testsuite summary
DURATION: 48
END: /usr/lib64/python3-fail2ban/ptest
2025-09-22T07:58
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 ...ao.unittest.TestRunner-for-ptest-out.patch | 43 +++++++++++++++++++
 .../fail2ban/python3-fail2ban_git.bb          |  9 +++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-fail2ban-use-putao.unittest.TestRunner-for-ptest-out.patch

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-fail2ban-use-putao.unittest.TestRunner-for-ptest-out.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-fail2ban-use-putao.unittest.TestRunner-for-ptest-out.patch
new file mode 100644
index 0000000..c6729cc
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-fail2ban-use-putao.unittest.TestRunner-for-ptest-out.patch
@@ -0,0 +1,43 @@
+From 7b42974b5bf20d9db8e788e9d6817004556d660d Mon Sep 17 00:00:00 2001
+From: Haixiao Yan <haixiao.yan.cn@windriver.com>
+Date: Fri, 19 Sep 2025 15:03:56 +0800
+Subject: [PATCH] fail2ban: use putao.unittest.TestRunner for ptest output
+
+Switch the test runner from unittest's default TextTestRunner to
+putao.unittest.TestRunner (provided by unittest-automake-output) so
+that results are reported in Automake-compatible PASS/FAIL format.
+This enables ptest-runner to correctly parse and summarize individual
+test results.
+
+Upstream-Status: Pending
+
+Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
+---
+ bin/fail2ban-testcases | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bin/fail2ban-testcases b/bin/fail2ban-testcases
+index 48aae4b5ffdc..20db4a01a3d6 100755
+--- a/bin/fail2ban-testcases
++++ b/bin/fail2ban-testcases
+@@ -28,7 +28,7 @@ import logging
+ import os
+ import sys
+ import time
+-import unittest
++import putao.unittest
+ 
+ # Check if local fail2ban module exists, and use if it exists by
+ # modifying the path. This is done so that tests can be used in dev
+@@ -63,7 +63,7 @@ tests = gatherTests(regexps, opts)
+ #
+ # Run the tests
+ #
+-testRunner = unittest.TextTestRunner(verbosity=verbosity)
++testRunner = putao.unittest.TestRunner() 
+ 
+ tests_results = testRunner.run(tests)
+ 
+-- 
+2.34.1
+
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
index eb20a88..72a932b 100644
--- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
@@ -15,6 +15,7 @@ SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"
 SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
            file://0001-example.com-changes-the-IPs-again.-additionally-it-g.patch \
            file://0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch \
+           file://0001-fail2ban-use-putao.unittest.TestRunner-for-ptest-out.patch \
            file://initd \
            file://run-ptest \
            "
@@ -71,6 +72,12 @@ INSANE_SKIP:${PN}:append = "already-stripped"
 RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables python3-core python3-pyinotify"
 RDEPENDS:${PN} += "python3-sqlite3"
 RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
-RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
+RDEPENDS:${PN}-ptest = " \
+    python3-core \
+    python3-io \
+    python3-modules \
+    python3-fail2ban \
+    python3-unittest-automake-output \
+    "
 
 RRECOMMENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'python3-systemd', '', d)}"
-- 
2.47.3

[meta-security][scarthgap][PATCH 26/32] fail2ban: replace fail2ban-python shebang with python3

[Scott Murray]

From: Haixiao Yan <haixiao.yan.cn@windriver.com>

In Yocto, there is only one Python interpreter (python3), and the
auto-generated "fail2ban-python" symlink is not used. To ensure
all installed scripts can run correctly, replace the shebang line
from "#!/usr/bin/env fail2ban-python" to "#!/usr/bin/env python3"
during installation.

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 .../recipes-security/fail2ban/python3-fail2ban_git.bb          | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
index 72a932b..e95048f 100644
--- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
@@ -44,6 +44,7 @@ do_install:append () {
 
     chown -R root:root ${D}/${bindir}
     rm -rf ${D}/run
+    find ${D}${sysconfdir} -type f -exec sed -i '1s/env fail2ban-python/env python3/' {} +
 }
 
 do_install_ptest:append () {
@@ -61,6 +62,8 @@ do_install_ptest:append () {
     install -m 0644 ${S}/README.md ${D}${PTEST_PATH}
     sed -i -e 's|^logpath = README.md|logpath = ${PTEST_PATH}/README.md|g' \
             ${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/jail.conf
+    find ${D}${PYTHON_SITEPACKAGES_DIR} -type f -exec sed -i \
+            '1s/env fail2ban-python/env python3/' {} +
 }
 
 INITSCRIPT_PACKAGES = "${PN}"
-- 
2.47.3

[meta-security][scarthgap][PATCH 27/32] suricata: resolve TMPDIR QA issues in do_configure

[Scott Murray]

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>

ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File /usr/bin/suricata
in package suricata contains reference to TMPDIR [buildpaths]

ERROR: suricata-7.0.0-r0 do_package_qa: QA Issue: File
/usr/src/debug/suricata/7.0.0/src/build-info.h in package suricata-src
contains reference to TMPDIR [buildpaths]

Address references when src/build-info.h is being written

This is similar to Debian's approach:
https://sources.debian.org/patches/suricata/1:7.0.10-1~bpo12%2B1/reproducible.patch/

Restore the "already-stripped" check and CFLAGS info

Original resolution in commit c0e3fecc3bea ("suricata: fix QA warnings")

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 277bf8f9160540d582fec58f0f2139b4e4aebef0)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-ids/suricata/suricata_7.0.0.bb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 58ed688..e2e94e2 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -85,9 +85,25 @@ do_configure:prepend () {
     # use host for RUST_SURICATA_LIB_XC_DIR
     sed -i -e 's,\${host_alias},${RUST_HOST_SYS},' ${S}/configure.ac
     sed -i -e 's,libsuricata_rust.a,libsuricata.a,' ${S}/configure.ac
+    # Address build configuration written to src/build-info.h
+    sed -i -e 's,\(| sed -e '\''s/^/"/'\''\)\( |\),\1 -e '\''s#${WORKDIR}#\\.#g'\''\2,' ${S}/configure.ac
     oe_runconf
 }
 
+CFLAGS += "-Wno-error=incompatible-pointer-types"
+
+# Commit 7a2b9acef2 cargo: pass PACKAGECONFIG_CONFARGS to cargo build
+# breaks building this recipe. Providing a copy of the original function
+# Armin 2025/04/01
+#
+oe_cargo_build () {
+    export RUSTFLAGS="${RUSTFLAGS}"
+    bbnote "Using rust targets from ${RUST_TARGET_PATH}"
+    bbnote "cargo = $(which ${CARGO})"
+    bbnote "${CARGO} build ${CARGO_BUILD_FLAGS}$@"
+    "${CARGO}" build ${CARGO_BUILD_FLAGS}"$@"
+}
+
 do_compile () {
     # we do this to bypass the make provided by this pkg 
     # patches Makefile to skip the subdir
-- 
2.47.3

[meta-security][scarthgap][PATCH 28/32] suricata: drop pkg_postinst_ontarget systemd init

[Scott Murray]

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>

/var/log/suricata initialization is handled by
systemd-tmpfiles-setup.service, which occurs before services like
suricata

Work towards resolving:
ERROR: [...] do_rootfs: The following packages could not be configured
offline and rootfs is read-only: ['100-suricata']

Added in commit 36d656fe7244 ("suricata: add tmpfiles.d config")

systemd testing:

root@beaglebone-yocto:~# ls -d /var/log/suricata
/var/log/suricata

root@beaglebone-yocto:~# systemctl enable suricata
Created symlink '/etc/systemd/system/multi-user.target.wants/suricata.service' -> '/usr/lib/systemd/system/suricata.service'.

root@beaglebone-yocto:~# rmdir /var/log/suricata

root@beaglebone-yocto:~# reboot now

root@beaglebone-yocto:~# ls -d /var/log/suricata
/var/log/suricata

root@beaglebone-yocto:~# journalctl -o short-iso-precise -u systemd-tmpfiles-setup -u suricata
2025-05-20T00:45:46.450027+00:00 beaglebone-yocto systemd[1]: Starting Create System Files and Directories...
[...]
2025-05-20T00:45:47.041049+00:00 beaglebone-yocto systemd[1]: Finished Create System Files and Directories.
2025-05-20T00:45:47.542976+00:00 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
[...]

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 9109f7258dc60c88985869ceff5ca3523cd01400)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-ids/suricata/suricata_7.0.0.bb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index e2e94e2..7a6b930 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -148,9 +148,7 @@ do_install () {
 }
 
 pkg_postinst_ontarget:${PN} () {
-if command -v systemd-tmpfiles >/dev/null; then
-    systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf
-elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+if [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
     ${sysconfdir}/init.d/populate-volatile.sh update
 fi
 }
-- 
2.47.3

[meta-security][scarthgap][PATCH 29/32] suricata: fix "interface" arg in systemd service

[Scott Murray]

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>

Fix service startup

https://docs.suricata.io/en/suricata-7.0.0/command-line-options.html#cmdoption-i

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
(cherry picked from commit ca34a66f82caa95b6469f2dee5be6c26bbe2cecc)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-ids/suricata/files/suricata.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-ids/suricata/files/suricata.service b/recipes-ids/suricata/files/suricata.service
index a99a76e..bd7010d 100644
--- a/recipes-ids/suricata/files/suricata.service
+++ b/recipes-ids/suricata/files/suricata.service
@@ -9,7 +9,7 @@ Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
 Type=simple
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 RestrictAddressFamilies=
-ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
 ExecReload=/bin/kill -HUP $MAINPID
 PrivateTmp=yes
 ProtectHome=yes
-- 
2.47.3

[meta-security][scarthgap][PATCH 30/32] suricata: install classification, reference configs

[Scott Murray]

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>

suricata.yaml references these configs

Resolve:
<Warning> -- could not open: "/etc/suricata/classification.config": No
such file or directory

<Error> -- please check the "classification-file" option in your
suricata.yaml file

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
(cherry picked from commit 9a49fcbd05e46cafb0a2300a035a9528242bd4b2)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-ids/suricata/suricata_7.0.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 7a6b930..021575f 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -122,6 +122,8 @@ do_install () {
     install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
     install -m 0644 ${WORKDIR}/volatiles.03_suricata  ${D}${sysconfdir}/default/volatiles/03_suricata
 
+    install -m 0644 ${S}/etc/classification.config ${D}${sysconfdir}/suricata
+    install -m 0644 ${S}/etc/reference.config ${D}${sysconfdir}/suricata
     install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
     install -m 0644 ${S}/suricata.yaml ${D}${sysconfdir}/suricata
 
-- 
2.47.3

[meta-security][scarthgap][PATCH 31/32] suricata: populate SYSTEMD_SERVICE for service autostart

[Scott Murray]

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>

https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SYSTEMD_SERVICE

Before:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki

After:
root@beaglebone-yocto:~# systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
     Loaded: loaded (/usr/lib/systemd/system/suricata.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-09-22 04:05:08 UTC; 20s ago
 Invocation: 8cfeb29631f443f0830bffeb00975931
       Docs: man:suricata(8)
             man:suricatasc(8)
             https://redmine.openinfosecfoundation.org/projects/suricata/wiki
   Main PID: 268 (Suricata-Main)
      Tasks: 7 (limit: 4915)
     Memory: 36.8M (peak: 37M)
        CPU: 2.222s
     CGroup: /system.slice/suricata.service
             `-268 /usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0

Sep 22 04:05:08 beaglebone-yocto systemd[1]: Started Suricata IDS/IDP daemon.
Sep 22 04:05:09 beaglebone-yocto suricata[268]: i: suricata: This is Suricata version 7.0.0 RELEASE running in SYSTEM mode
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: No rule files match the pattern /var/lib/suricata/rules/suricata.rules
Sep 22 04:05:10 beaglebone-yocto suricata[268]: W: detect: 1 rule files specified, but no rules were loaded!
Sep 22 04:05:10 beaglebone-yocto suricata[268]: i: threads: Threads created -> W: 1 FM: 1 FR: 1   Engine started.

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
(cherry picked from commit 0b7b0629bebe98237ce3060ebe132db05cdcc3b7)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 recipes-ids/suricata/suricata_7.0.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.0.bb
index 021575f..62baa35 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.0.bb
@@ -156,6 +156,7 @@ fi
 }
 
 SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = "${BPN}.service"
 
 PACKAGES =+ "${PN}-python"
 FILES:${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
-- 
2.47.3

[meta-security][scarthgap][PATCH 32/32] suricata: update to 7.0.12

[Scott Murray]

From: Clayton Casciato <majortomtosourcecontrol@gmail.com>

Also update libhtp to required version 0.5.52.

See suricata release notes for more details about changes and
CVEs fixed:

https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/
https://suricata.io/2024/03/19/suricata-7-0-4-and-6-0-17-released/
https://suricata.io/2024/04/23/suricata-7-0-5-and-6-0-19-released/
https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/
https://suricata.io/2024/10/01/suricata-7-0-7-released/
https://suricata.io/2024/12/12/suricata-7-0-8-released/
https://suricata.io/2025/03/18/suricata-7-0-9-released/
https://suricata.io/2025/07/08/suricata-7-0-11-released/
https://suricata.io/2025/09/16/suricata-8-0-1-and-7-0-12-released/

Obsolete CVE patches removed.

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
(cherry picked from commit fbb8343cf81b0cfe1dc396b0cd2417a8315de9ad)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 ...kefile-from-using-its-own-rust-steps.patch |   40 +
 .../suricata/files/CVE-2024-32663-001.patch   |  294 -
 .../suricata/files/CVE-2024-32663-002.patch   |   70 -
 .../suricata/files/CVE-2024-32664.patch       |   53 -
 .../suricata/files/CVE-2024-32867-001.patch   |  235 -
 .../suricata/files/CVE-2024-32867-002.patch   |  591 --
 .../suricata/files/CVE-2024-32867-003.patch   |  472 --
 .../suricata/files/CVE-2024-32867-004.patch   |  169 -
 .../suricata/files/CVE-2024-45795.patch       |  123 -
 .../suricata/files/CVE-2024-45796.patch       |   33 -
 .../suricata/files/CVE-2024-45797.patch       |  148 -
 .../suricata/files/CVE-2024-55605.patch       |  205 -
 .../suricata/files/CVE-2024-55627-001.patch   |   59 -
 .../suricata/files/CVE-2024-55627-002.patch   |   44 -
 .../suricata/files/CVE-2024-55627-003.patch   |   41 -
 .../suricata/files/CVE-2024-55628-001.patch   |  738 ---
 .../suricata/files/CVE-2024-55628-002.patch   | 4877 -----------------
 .../suricata/files/CVE-2024-55628-003.patch   |  114 -
 .../suricata/files/CVE-2024-55628-004.patch   |  510 --
 .../suricata/files/CVE-2025-29916-01.patch    |  124 -
 .../suricata/files/CVE-2025-29916-02.patch    |  197 -
 .../suricata/files/CVE-2025-29916-03.patch    |   55 -
 .../suricata/files/CVE-2025-29917.patch       |  115 -
 .../suricata/files/CVE-2025-29918.patch       |   49 -
 .../suricata/files/CVE-2025-53537-001.patch   |   79 -
 .../suricata/files/CVE-2025-53537-002.patch   |   31 -
 recipes-ids/suricata/files/fixup.patch        |   32 -
 .../{libhtp_0.5.45.bb => libhtp_0.5.52.bb}    |    8 +-
 recipes-ids/suricata/suricata-crates.inc      | 1509 +++--
 .../{suricata_7.0.0.bb => suricata_7.0.12.bb} |   26 +-
 30 files changed, 780 insertions(+), 10261 deletions(-)
 create mode 100644 recipes-ids/suricata/files/0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32663-001.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32663-002.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32664.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32867-001.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32867-002.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32867-003.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-32867-004.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-45795.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-45796.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-45797.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55605.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55627-001.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55627-002.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55627-003.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55628-001.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55628-002.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55628-003.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2024-55628-004.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-29916-01.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-29916-02.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-29916-03.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-29917.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-29918.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-53537-001.patch
 delete mode 100644 recipes-ids/suricata/files/CVE-2025-53537-002.patch
 delete mode 100644 recipes-ids/suricata/files/fixup.patch
 rename recipes-ids/suricata/{libhtp_0.5.45.bb => libhtp_0.5.52.bb} (72%)
 rename recipes-ids/suricata/{suricata_7.0.0.bb => suricata_7.0.12.bb} (86%)

diff --git a/recipes-ids/suricata/files/0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch b/recipes-ids/suricata/files/0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch
new file mode 100644
index 0000000..12cb096
--- /dev/null
+++ b/recipes-ids/suricata/files/0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch
@@ -0,0 +1,40 @@
+From a59708a9300df8116867ac77f7829f7fd647325e Mon Sep 17 00:00:00 2001
+From: Clayton Casciato <ccasciato@21sw.us>
+Date: Mon, 3 Nov 2025 10:30:26 -0700
+Subject: [PATCH] Skip pkg Makefile from using its own rust steps
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
+---
+ Makefile.am | 2 +-
+ Makefile.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index d0d3d09..a572912 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,7 +10,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
+ 	     scripts/generate-images.sh \
+ 	     scripts/docs-almalinux9-minimal-build.sh \
+ 	     scripts/docs-ubuntu-debian-minimal-build.sh
+-SUBDIRS = $(HTP_DIR) rust src qa rules doc contrib etc python ebpf \
++SUBDIRS = $(HTP_DIR) src qa rules doc contrib etc python ebpf \
+           $(SURICATA_UPDATE_DIR)
+ 
+ CLEANFILES = stamp-h[0-9]*
+diff --git a/Makefile.in b/Makefile.in
+index 7a89353..3864613 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -428,7 +428,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
+ 	     scripts/docs-almalinux9-minimal-build.sh \
+ 	     scripts/docs-ubuntu-debian-minimal-build.sh
+ 
+-SUBDIRS = $(HTP_DIR) rust src qa rules doc contrib etc python ebpf \
++SUBDIRS = $(HTP_DIR) src qa rules doc contrib etc python ebpf \
+           $(SURICATA_UPDATE_DIR)
+ 
+ CLEANFILES = stamp-h[0-9]*
diff --git a/recipes-ids/suricata/files/CVE-2024-32663-001.patch b/recipes-ids/suricata/files/CVE-2024-32663-001.patch
deleted file mode 100644
index f07904a..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32663-001.patch
+++ /dev/null
@@ -1,294 +0,0 @@
-From e68ec4b227d19498f364a41eb25d3182f0383ca5 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Wed, 27 Mar 2024 14:33:54 +0100
-Subject: [PATCH] http2: use a reference counter for headers
-
-Ticket: 6892
-
-As HTTP hpack header compression allows one single byte to
-express a previously seen arbitrary-size header block (name+value)
-we should avoid to copy the vectors data, but just point
-to the same data, while reamining memory safe, even in the case
-of later headers eviction from the dybnamic table.
-
-Rust std solution is Rc, and the use of clone, so long as the
-data is accessed by only one thread.
-
-(cherry picked from commit 390f09692eb99809c679d3f350c7cc185d163e1a)
-
-CVE: CVE-2024-32663
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/e68ec4b227d19498f364a41eb25d3182f0383ca5]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- rust/src/http2/detect.rs | 19 +++++++------
- rust/src/http2/http2.rs  |  2 +-
- rust/src/http2/parser.rs | 61 +++++++++++++++++++++-------------------
- 3 files changed, 43 insertions(+), 39 deletions(-)
-
-diff --git a/rust/src/http2/detect.rs b/rust/src/http2/detect.rs
-index 99261ad..904b9ad 100644
---- a/rust/src/http2/detect.rs
-+++ b/rust/src/http2/detect.rs
-@@ -23,6 +23,7 @@ use crate::core::Direction;
- use crate::detect::uint::{detect_match_uint, DetectUintData};
- use std::ffi::CStr;
- use std::str::FromStr;
-+use std::rc::Rc;
- 
- fn http2_tx_has_frametype(
-     tx: &mut HTTP2Transaction, direction: Direction, value: u8,
-@@ -404,7 +405,7 @@ fn http2_frames_get_header_firstvalue<'a>(
-     for frame in frames {
-         if let Some(blocks) = http2_header_blocks(frame) {
-             for block in blocks.iter() {
--                if block.name == name.as_bytes() {
-+                if block.name.as_ref() == name.as_bytes() {
-                     return Ok(&block.value);
-                 }
-             }
-@@ -428,7 +429,7 @@ pub fn http2_frames_get_header_value_vec(
-     for frame in frames {
-         if let Some(blocks) = http2_header_blocks(frame) {
-             for block in blocks.iter() {
--                if block.name == name.as_bytes() {
-+                if block.name.as_ref() == name.as_bytes() {
-                     if found == 0 {
-                         vec.extend_from_slice(&block.value);
-                         found = 1;
-@@ -465,7 +466,7 @@ fn http2_frames_get_header_value<'a>(
-     for frame in frames {
-         if let Some(blocks) = http2_header_blocks(frame) {
-             for block in blocks.iter() {
--                if block.name == name.as_bytes() {
-+                if block.name.as_ref() == name.as_bytes() {
-                     if found == 0 {
-                         single = Ok(&block.value);
-                         found = 1;
-@@ -905,8 +906,8 @@ fn http2_tx_set_header(state: &mut HTTP2State, name: &[u8], input: &[u8]) {
-     };
-     let mut blocks = Vec::new();
-     let b = parser::HTTP2FrameHeaderBlock {
--        name: name.to_vec(),
--        value: input.to_vec(),
-+        name: Rc::new(name.to_vec()),
-+        value: Rc::new(input.to_vec()),
-         error: parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
-         sizeupdate: 0,
-     };
-@@ -1061,15 +1062,15 @@ mod tests {
-         };
-         let mut blocks = Vec::new();
-         let b = parser::HTTP2FrameHeaderBlock {
--            name: "Host".as_bytes().to_vec(),
--            value: "abc.com".as_bytes().to_vec(),
-+            name: "Host".as_bytes().to_vec().into(),
-+            value: "abc.com".as_bytes().to_vec().into(),
-             error: parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
-             sizeupdate: 0,
-         };
-         blocks.push(b);
-         let b2 = parser::HTTP2FrameHeaderBlock {
--            name: "Host".as_bytes().to_vec(),
--            value: "efg.net".as_bytes().to_vec(),
-+            name: "Host".as_bytes().to_vec().into(),
-+            value: "efg.net".as_bytes().to_vec().into(),
-             error: parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
-             sizeupdate: 0,
-         };
-diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs
-index 326030f..d14ca06 100644
---- a/rust/src/http2/http2.rs
-+++ b/rust/src/http2/http2.rs
-@@ -204,7 +204,7 @@ impl HTTP2Transaction {
- 
-     fn handle_headers(&mut self, blocks: &[parser::HTTP2FrameHeaderBlock], dir: Direction) {
-         for block in blocks {
--            if block.name == b"content-encoding" {
-+            if block.name.as_ref() == b"content-encoding" {
-                 self.decoder.http2_encoding_fromvec(&block.value, dir);
-             }
-         }
-diff --git a/rust/src/http2/parser.rs b/rust/src/http2/parser.rs
-index adabeb2..1a46437 100644
---- a/rust/src/http2/parser.rs
-+++ b/rust/src/http2/parser.rs
-@@ -30,6 +30,7 @@ use nom7::sequence::tuple;
- use nom7::{Err, IResult};
- use std::fmt;
- use std::str::FromStr;
-+use std::rc::Rc;
- 
- #[repr(u8)]
- #[derive(Clone, Copy, PartialEq, Eq, FromPrimitive, Debug)]
-@@ -295,8 +296,8 @@ fn http2_frame_header_static(n: u64, dyn_headers: &HTTP2DynTable) -> Option<HTTP
-     };
-     if !name.is_empty() {
-         return Some(HTTP2FrameHeaderBlock {
--            name: name.as_bytes().to_vec(),
--            value: value.as_bytes().to_vec(),
-+            name: Rc::new(name.as_bytes().to_vec()),
-+            value: Rc::new(value.as_bytes().to_vec()),
-             error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
-             sizeupdate: 0,
-         });
-@@ -304,23 +305,23 @@ fn http2_frame_header_static(n: u64, dyn_headers: &HTTP2DynTable) -> Option<HTTP
-         //use dynamic table
-         if n == 0 {
-             return Some(HTTP2FrameHeaderBlock {
--                name: Vec::new(),
--                value: Vec::new(),
-+                name: Rc::new(Vec::new()),
-+                value: Rc::new(Vec::new()),
-                 error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIndex0,
-                 sizeupdate: 0,
-             });
-         } else if dyn_headers.table.len() + HTTP2_STATIC_HEADERS_NUMBER < n as usize {
-             return Some(HTTP2FrameHeaderBlock {
--                name: Vec::new(),
--                value: Vec::new(),
-+                name: Rc::new(Vec::new()),
-+                value: Rc::new(Vec::new()),
-                 error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeNotIndexed,
-                 sizeupdate: 0,
-             });
-         } else {
-             let indyn = dyn_headers.table.len() - (n as usize - HTTP2_STATIC_HEADERS_NUMBER);
-             let headcopy = HTTP2FrameHeaderBlock {
--                name: dyn_headers.table[indyn].name.to_vec(),
--                value: dyn_headers.table[indyn].value.to_vec(),
-+                name: dyn_headers.table[indyn].name.clone(),
-+                value: dyn_headers.table[indyn].value.clone(),
-                 error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess,
-                 sizeupdate: 0,
-             };
-@@ -348,8 +349,10 @@ impl fmt::Display for HTTP2HeaderDecodeStatus {
- 
- #[derive(Clone, Debug)]
- pub struct HTTP2FrameHeaderBlock {
--    pub name: Vec<u8>,
--    pub value: Vec<u8>,
-+    // Use Rc reference counted so that indexed headers do not get copied.
-+    // Otherwise, this leads to quadratic complexity in memory occupation.
-+    pub name: Rc<Vec<u8>>,
-+    pub value: Rc<Vec<u8>>,
-     pub error: HTTP2HeaderDecodeStatus,
-     pub sizeupdate: u64,
- }
-@@ -391,7 +394,7 @@ fn http2_parse_headers_block_literal_common<'a>(
- ) -> IResult<&'a [u8], HTTP2FrameHeaderBlock> {
-     let (i3, name, error) = if index == 0 {
-         match http2_parse_headers_block_string(input) {
--            Ok((r, n)) => Ok((r, n, HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess)),
-+            Ok((r, n)) => Ok((r, Rc::new(n), HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess)),
-             Err(e) => Err(e),
-         }
-     } else {
-@@ -403,7 +406,7 @@ fn http2_parse_headers_block_literal_common<'a>(
-             )),
-             None => Ok((
-                 input,
--                Vec::new(),
-+                Rc::new(Vec::new()),
-                 HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeNotIndexed,
-             )),
-         }
-@@ -413,7 +416,7 @@ fn http2_parse_headers_block_literal_common<'a>(
-         i4,
-         HTTP2FrameHeaderBlock {
-             name,
--            value,
-+            value: Rc::new(value),
-             error,
-             sizeupdate: 0,
-         },
-@@ -435,8 +438,8 @@ fn http2_parse_headers_block_literal_incindex<'a>(
-     match r {
-         Ok((r, head)) => {
-             let headcopy = HTTP2FrameHeaderBlock {
--                name: head.name.to_vec(),
--                value: head.value.to_vec(),
-+                name: head.name.clone(),
-+                value: head.value.clone(),
-                 error: head.error,
-                 sizeupdate: 0,
-             };
-@@ -556,8 +559,8 @@ fn http2_parse_headers_block_dynamic_size<'a>(
-     return Ok((
-         i3,
-         HTTP2FrameHeaderBlock {
--            name: Vec::new(),
--            value: Vec::new(),
-+            name: Rc::new(Vec::new()),
-+            value: Rc::new(Vec::new()),
-             error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSizeUpdate,
-             sizeupdate: maxsize2,
-         },
-@@ -614,8 +617,8 @@ fn http2_parse_headers_blocks<'a>(
-                 // if we error from http2_parse_var_uint, we keep the first parsed headers
-                 if err.code == ErrorKind::LengthValue {
-                     blocks.push(HTTP2FrameHeaderBlock {
--                        name: Vec::new(),
--                        value: Vec::new(),
-+                        name: Rc::new(Vec::new()),
-+                        value: Rc::new(Vec::new()),
-                         error: HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIntegerOverflow,
-                         sizeupdate: 0,
-                     });
-@@ -765,8 +768,8 @@ mod tests {
-         match r0 {
-             Ok((remainder, hd)) => {
-                 // Check the first message.
--                assert_eq!(hd.name, ":method".as_bytes().to_vec());
--                assert_eq!(hd.value, "GET".as_bytes().to_vec());
-+                assert_eq!(hd.name, ":method".as_bytes().to_vec().into());
-+                assert_eq!(hd.value, "GET".as_bytes().to_vec().into());
-                 // And we should have no bytes left.
-                 assert_eq!(remainder.len(), 0);
-             }
-@@ -782,8 +785,8 @@ mod tests {
-         match r1 {
-             Ok((remainder, hd)) => {
-                 // Check the first message.
--                assert_eq!(hd.name, "accept".as_bytes().to_vec());
--                assert_eq!(hd.value, "*/*".as_bytes().to_vec());
-+                assert_eq!(hd.name, "accept".as_bytes().to_vec().into());
-+                assert_eq!(hd.value, "*/*".as_bytes().to_vec().into());
-                 // And we should have no bytes left.
-                 assert_eq!(remainder.len(), 0);
-                 assert_eq!(dynh.table.len(), 1);
-@@ -802,8 +805,8 @@ mod tests {
-         match result {
-             Ok((remainder, hd)) => {
-                 // Check the first message.
--                assert_eq!(hd.name, ":authority".as_bytes().to_vec());
--                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec());
-+                assert_eq!(hd.name, ":authority".as_bytes().to_vec().into());
-+                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec().into());
-                 // And we should have no bytes left.
-                 assert_eq!(remainder.len(), 0);
-                 assert_eq!(dynh.table.len(), 2);
-@@ -820,8 +823,8 @@ mod tests {
-         match r3 {
-             Ok((remainder, hd)) => {
-                 // same as before
--                assert_eq!(hd.name, ":authority".as_bytes().to_vec());
--                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec());
-+                assert_eq!(hd.name, ":authority".as_bytes().to_vec().into());
-+                assert_eq!(hd.value, "localhost:3000".as_bytes().to_vec().into());
-                 // And we should have no bytes left.
-                 assert_eq!(remainder.len(), 0);
-                 assert_eq!(dynh.table.len(), 2);
-@@ -856,8 +859,8 @@ mod tests {
-         match r2 {
-             Ok((remainder, hd)) => {
-                 // Check the first message.
--                assert_eq!(hd.name, ":path".as_bytes().to_vec());
--                assert_eq!(hd.value, "/doc/manual/html/index.html".as_bytes().to_vec());
-+                assert_eq!(hd.name, ":path".as_bytes().to_vec().into());
-+                assert_eq!(hd.value, "/doc/manual/html/index.html".as_bytes().to_vec().into());
-                 // And we should have no bytes left.
-                 assert_eq!(remainder.len(), 0);
-                 assert_eq!(dynh.table.len(), 2);
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-32663-002.patch b/recipes-ids/suricata/files/CVE-2024-32663-002.patch
deleted file mode 100644
index a57f58f..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32663-002.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From c0af92295e833d1db29b184d63cd3b829451d7fd Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Thu, 28 Mar 2024 11:15:51 +0100
-Subject: [PATCH] http2: do not log duplicate headers
-
-Ticket: 6900
-
-And thus avoid DOS by logging a request using a compressed
-header block repeated many times and having a long value...
-
-(cherry picked from commit 03442c9071b8d863d26b609d54c6eacf4de9e340)
-
-CVE: CVE-2024-32663
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/c0af92295e833d1db29b184d63cd3b829451d7fd]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- rust/src/http2/logger.rs | 17 +++++++++++++++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/rust/src/http2/logger.rs b/rust/src/http2/logger.rs
-index d25f852..a117a54 100644
---- a/rust/src/http2/logger.rs
-+++ b/rust/src/http2/logger.rs
-@@ -19,7 +19,8 @@ use super::http2::{HTTP2Frame, HTTP2FrameTypeData, HTTP2Transaction};
- use super::parser;
- use crate::jsonbuilder::{JsonBuilder, JsonError};
- use std;
--use std::collections::HashMap;
-+use std::collections::{HashMap, HashSet};
-+use std::rc::Rc;
- 
- #[derive(Hash, PartialEq, Eq, Debug)]
- enum HeaderName {
-@@ -35,10 +36,20 @@ fn log_http2_headers<'a>(
-     blocks: &'a [parser::HTTP2FrameHeaderBlock], js: &mut JsonBuilder,
-     common: &mut HashMap<HeaderName, &'a Vec<u8>>,
- ) -> Result<(), JsonError> {
-+    let mut logged_headers = HashSet::new();
-     for block in blocks {
--        js.start_object()?;
-+        // delay js.start_object() because we skip suplicate headers
-         match block.error {
-             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSuccess => {
-+                if Rc::strong_count(&block.name) > 2 {
-+                    // more than one reference in headers table + current headers
-+                    let ptr = Rc::as_ptr(&block.name) as usize;
-+                    if !logged_headers.insert(ptr) {
-+                        // only log once
-+                        continue;
-+                    }
-+                }
-+                js.start_object()?;
-                 js.set_string_from_bytes("name", &block.name)?;
-                 js.set_string_from_bytes("value", &block.value)?;
-                 if let Ok(name) = std::str::from_utf8(&block.name) {
-@@ -66,9 +77,11 @@ fn log_http2_headers<'a>(
-                 }
-             }
-             parser::HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeSizeUpdate => {
-+                js.start_object()?;
-                 js.set_uint("table_size_update", block.sizeupdate)?;
-             }
-             _ => {
-+                js.start_object()?;
-                 js.set_string("error", &block.error.to_string())?;
-             }
-         }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-32664.patch b/recipes-ids/suricata/files/CVE-2024-32664.patch
deleted file mode 100644
index ee55b25..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32664.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From d5ffecf11ad2c6fe89265e518f5d7443caf26ba4 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Thu, 28 Mar 2024 14:00:02 +0100
-Subject: [PATCH] util/base64: fix buffer overflow
-
-Ticket: 6902
-
-In case the caller of DecodeBase64 does not supply a big enough
-output buffer.
-
-(cherry picked from commit fd47e67dc65f9111895c88fb406c938b1f857325)
-
-CVE: CVE-2024-32664
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/d5ffecf11ad2c6fe89265e518f5d7443caf26ba4]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/util-base64.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/util-base64.c b/src/util-base64.c
-index 4a4a5d1..d973f0e 100644
---- a/src/util-base64.c
-+++ b/src/util-base64.c
-@@ -156,6 +156,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
-                 ecode = BASE64_ECODE_BUF;
-                 break;
-             }
-+            if (dest_size - *decoded_bytes < ASCII_BLOCK)
-+                return BASE64_ECODE_BUF;
- 
-             /* Decode base-64 block into ascii block and move pointer */
-             DecodeBase64Block(dptr, b64);
-@@ -183,7 +185,7 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
-         /* if the destination size is not at least 3 Bytes long, it'll give a dynamic
-          * buffer overflow while decoding, so, return and let the caller take care of the
-          * remaining bytes to be decoded which should always be < 4 at this stage */
--        if (dest_size - *decoded_bytes < 3)
-+        if (dest_size - *decoded_bytes < ASCII_BLOCK)
-             return BASE64_ECODE_BUF;
-         *decoded_bytes += numDecoded_blk;
-         DecodeBase64Block(dptr, b64);
-@@ -193,6 +195,8 @@ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src,
-     /* Finish remaining b64 bytes by padding */
-     if (valid && bbidx > 0 && (mode != BASE64_MODE_RFC2045)) {
-         /* Decode remaining */
-+        if (dest_size - *decoded_bytes < ASCII_BLOCK)
-+            return BASE64_ECODE_BUF;
-         *decoded_bytes += ASCII_BLOCK - (B64_BLOCK - bbidx);
-         DecodeBase64Block(dptr, b64);
-     }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-001.patch b/recipes-ids/suricata/files/CVE-2024-32867-001.patch
deleted file mode 100644
index 68bd6ea..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32867-001.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-From 2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Tue, 28 Nov 2023 12:35:26 -0600
-Subject: [PATCH] defrag: check next fragment for overlap before stopping
- re-assembly
-
-Instead of breaking the loop when the current fragment does not have
-any more fragments, set a flag and continue to the next fragment as
-the next fragment may have data that occurs before this fragment, but
-overlaps it.
-
-Then break if the next fragment does not overlap the previous.
-
-Bug: #6668
-(cherry picked from commit d0fd0782505d837e691ceef1b801776f0db82726)
-
-CVE: CVE-2024-32867
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/defrag.c | 145 ++++++++++++++++++++++++++++++++++++++++++++++++---
- 1 file changed, 139 insertions(+), 6 deletions(-)
-
-diff --git a/src/defrag.c b/src/defrag.c
-index 38704c9..e154899 100644
---- a/src/defrag.c
-+++ b/src/defrag.c
-@@ -295,10 +295,20 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
-     uint16_t hlen = 0;
-     int ip_hdr_offset = 0;
- 
-+    /* Assume more frags. */
-+    uint16_t prev_offset = 0;
-+    bool more_frags = 1;
-+
-     RB_FOREACH(frag, IP_FRAGMENTS, &tracker->fragment_tree) {
-         SCLogDebug("frag %p, data_len %u, offset %u, pcap_cnt %"PRIu64,
-                 frag, frag->data_len, frag->offset, frag->pcap_cnt);
- 
-+        /* Previous fragment has no more fragments, and this packet
-+         * doesn't overlap. We're done. */
-+        if (!more_frags && frag->offset > prev_offset) {
-+            break;
-+        }
-+
-         if (frag->skip)
-             continue;
-         if (frag->ltrim >= frag->data_len)
-@@ -339,9 +349,16 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
-                 fragmentable_len = frag->offset + frag->data_len;
-         }
- 
--        if (!frag->more_frags) {
--            break;
--        }
-+        /* Even if this fragment is flagged as having no more
-+         * fragments, still continue. The next fragment may have the
-+         * same offset with data that is preferred.
-+         *
-+         * For example, DefragBsdFragmentAfterNoMfIpv{4,6}Test
-+         *
-+         * This is due to not all fragments being completely trimmed,
-+         * but relying on the copy ordering. */
-+        more_frags = frag->more_frags;
-+        prev_offset = frag->offset;
-     }
- 
-     SCLogDebug("ip_hdr_offset %u, hlen %" PRIu16 ", fragmentable_len %" PRIu16, ip_hdr_offset, hlen,
-@@ -436,7 +453,15 @@ Defrag6Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
-     uint16_t fragmentable_len = 0;
-     int ip_hdr_offset = 0;
-     uint8_t next_hdr = 0;
-+
-+    /* Assume more frags. */
-+    uint16_t prev_offset = 0;
-+    bool more_frags = 1;
-+
-     RB_FOREACH(frag, IP_FRAGMENTS, &tracker->fragment_tree) {
-+        if (!more_frags && frag->offset > prev_offset) {
-+            break;
-+        }
-         if (frag->skip)
-             continue;
-         if (frag->data_len - frag->ltrim <= 0)
-@@ -481,9 +506,16 @@ Defrag6Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
-                 fragmentable_len = frag->offset + frag->data_len;
-         }
- 
--        if (!frag->more_frags) {
--            break;
--        }
-+        /* Even if this fragment is flagged as having no more
-+         * fragments, still continue. The next fragment may have the
-+         * same offset with data that is preferred.
-+         *
-+         * For example, DefragBsdFragmentAfterNoMfIpv{4,6}Test
-+         *
-+         * This is due to not all fragments being completely trimmed,
-+         * but relying on the copy ordering. */
-+        more_frags = frag->more_frags;
-+        prev_offset = frag->offset;
-     }
- 
-     rp->ip6h = (IPV6Hdr *)(GET_PKT_DATA(rp) + ip_hdr_offset);
-@@ -2374,6 +2406,10 @@ static int DefragMfIpv4Test(void)
-      * fragments should be in the re-assembled packet. */
-     FAIL_IF(IPV4_GET_IPLEN(p) != 36);
- 
-+    /* Verify the payload of the IPv4 packet. */
-+    uint8_t expected_payload[] = "AAAAAAAABBBBBBBB";
-+    FAIL_IF(memcmp(GET_PKT_DATA(p) + sizeof(IPV4Hdr), expected_payload, sizeof(expected_payload)));
-+
-     SCFree(p1);
-     SCFree(p2);
-     SCFree(p3);
-@@ -2417,6 +2453,10 @@ static int DefragMfIpv6Test(void)
-      * of 2 fragments, so 16. */
-     FAIL_IF(IPV6_GET_PLEN(p) != 16);
- 
-+    /* Verify the payload of the IPv4 packet. */
-+    uint8_t expected_payload[] = "AAAAAAAABBBBBBBB";
-+    FAIL_IF(memcmp(GET_PKT_DATA(p) + sizeof(IPV6Hdr), expected_payload, sizeof(expected_payload)));
-+
-     SCFree(p1);
-     SCFree(p2);
-     SCFree(p3);
-@@ -2510,6 +2550,96 @@ static int DefragTestJeremyLinux(void)
-     PASS;
- }
- 
-+static int DefragBsdFragmentAfterNoMfIpv4Test(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[4];
-+
-+    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 24 >> 3, 0, 'A', 16);
-+    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 8 >> 3, 1, 'B', 16);
-+    packets[2] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 16 >> 3, 1, 'C', 16);
-+    packets[3] = BuildIpv4TestPacket(IPPROTO_ICMP, 0x96, 0, 1, 'D', 8);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[2]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[3]);
-+    FAIL_IF_NULL(r);
-+
-+    // clang-format off
-+    uint8_t expected[] = {
-+	'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D',
-+	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
-+	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
-+	'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C',
-+	'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A',
-+    };
-+    // clang-format on
-+
-+    if (memcmp(expected, GET_PKT_DATA(r) + 20, sizeof(expected)) != 0) {
-+        printf("Expected:\n");
-+        PrintRawDataFp(stdout, expected, sizeof(expected));
-+        printf("Got:\n");
-+        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 20, GET_PKT_LEN(r) - 20);
-+        FAIL;
-+    }
-+
-+    DefragDestroy();
-+    PASS;
-+}
-+
-+static int DefragBsdFragmentAfterNoMfIpv6Test(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[4];
-+
-+    packets[0] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 24 >> 3, 0, 'A', 16);
-+    packets[1] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 8 >> 3, 1, 'B', 16);
-+    packets[2] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 16 >> 3, 1, 'C', 16);
-+    packets[3] = BuildIpv6TestPacket(IPPROTO_ICMP, 0x96, 0, 1, 'D', 8);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[2]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[3]);
-+    FAIL_IF_NULL(r);
-+
-+    // clang-format off
-+    uint8_t expected[] = {
-+	'D', 'D', 'D', 'D', 'D', 'D', 'D', 'D',
-+	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
-+	'B', 'B', 'B', 'B', 'B', 'B', 'B', 'B',
-+	'C', 'C', 'C', 'C', 'C', 'C', 'C', 'C',
-+	'A', 'A', 'A', 'A', 'A', 'A', 'A', 'A',
-+    };
-+    // clang-format on
-+
-+    if (memcmp(expected, GET_PKT_DATA(r) + 40, sizeof(expected)) != 0) {
-+        printf("Expected:\n");
-+        PrintRawDataFp(stdout, expected, sizeof(expected));
-+        printf("Got:\n");
-+        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 40, GET_PKT_LEN(r) - 40);
-+        FAIL;
-+    }
-+
-+    DefragDestroy();
-+    PASS;
-+}
-+
- #endif /* UNITTESTS */
- 
- void DefragRegisterTests(void)
-@@ -2555,5 +2685,8 @@ void DefragRegisterTests(void)
-     UtRegisterTest("DefragTestBadProto", DefragTestBadProto);
- 
-     UtRegisterTest("DefragTestJeremyLinux", DefragTestJeremyLinux);
-+
-+    UtRegisterTest("DefragBsdFragmentAfterNoMfIpv4Test", DefragBsdFragmentAfterNoMfIpv4Test);
-+    UtRegisterTest("DefragBsdFragmentAfterNoMfIpv6Test", DefragBsdFragmentAfterNoMfIpv6Test);
- #endif /* UNITTESTS */
- }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-002.patch b/recipes-ids/suricata/files/CVE-2024-32867-002.patch
deleted file mode 100644
index cfddce2..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32867-002.patch
+++ /dev/null
@@ -1,591 +0,0 @@
-From 7137d5e7ab5500f1b7f3391f8ab55a59f1e4cbd7 Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Mon, 27 Nov 2023 16:27:27 -0600
-Subject: [PATCH] defrag: consistent unit test naming
-
-Use a more consistent naming scheme between ipv4 and ipv6.
-
-(cherry picked from commit 2f00b5870abc6053fca8271a0a827babc03d56f0)
-
-CVE: CVE-2024-32867
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/7137d5e7ab5500f1b7f3391f8ab55a59f1e4cbd7]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/defrag.c | 217 ++++++++++++++++++++++++---------------------------
- 1 file changed, 102 insertions(+), 115 deletions(-)
-
-diff --git a/src/defrag.c b/src/defrag.c
-index e154899..99fbab3 100644
---- a/src/defrag.c
-+++ b/src/defrag.c
-@@ -1125,8 +1125,8 @@ void DefragDestroy(void)
-  * Allocate a test packet.  Nothing to fancy, just a simple IP packet
-  * with some payload of no particular protocol.
-  */
--static Packet *BuildTestPacket(uint8_t proto, uint16_t id, uint16_t off, int mf,
--        const char content, int content_len)
-+static Packet *BuildIpv4TestPacket(
-+        uint8_t proto, uint16_t id, uint16_t off, int mf, const char content, int content_len)
- {
-     Packet *p = NULL;
-     int hlen = 20;
-@@ -1199,8 +1199,8 @@ error:
-     return NULL;
- }
- 
--static Packet *IPV6BuildTestPacket(uint8_t proto, uint32_t id, uint16_t off,
--        int mf, const char content, int content_len)
-+static Packet *BuildIpv6TestPacket(
-+        uint8_t proto, uint32_t id, uint16_t off, int mf, const char content, int content_len)
- {
-     Packet *p = NULL;
-     uint8_t *pcontent;
-@@ -1283,11 +1283,11 @@ static int DefragInOrderSimpleTest(void)
- 
-     DefragInit();
- 
--    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
-+    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = BuildTestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
-+    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
-     FAIL_IF_NULL(p2);
--    p3 = BuildTestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
-+    p3 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
-     FAIL_IF_NULL(p3);
- 
-     FAIL_IF(Defrag(NULL, NULL, p1) != NULL);
-@@ -1335,11 +1335,11 @@ static int DefragReverseSimpleTest(void)
- 
-     DefragInit();
- 
--    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
-+    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = BuildTestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
-+    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 1, 1, 'B', 8);
-     FAIL_IF_NULL(p2);
--    p3 = BuildTestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
-+    p3 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
-     FAIL_IF_NULL(p3);
- 
-     FAIL_IF(Defrag(NULL, NULL, p3) != NULL);
-@@ -1379,7 +1379,7 @@ static int DefragReverseSimpleTest(void)
-  * Test the simplest possible re-assembly scenario.  All packet in
-  * order and no overlaps.
-  */
--static int IPV6DefragInOrderSimpleTest(void)
-+static int DefragInOrderSimpleIpv6Test(void)
- {
-     Packet *p1 = NULL, *p2 = NULL, *p3 = NULL;
-     Packet *reassembled = NULL;
-@@ -1388,11 +1388,11 @@ static int IPV6DefragInOrderSimpleTest(void)
- 
-     DefragInit();
- 
--    p1 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
-+    p1 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
-+    p2 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
-     FAIL_IF_NULL(p2);
--    p3 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
-+    p3 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
-     FAIL_IF_NULL(p3);
- 
-     FAIL_IF(Defrag(NULL, NULL, p1) != NULL);
-@@ -1426,7 +1426,7 @@ static int IPV6DefragInOrderSimpleTest(void)
-     PASS;
- }
- 
--static int IPV6DefragReverseSimpleTest(void)
-+static int DefragReverseSimpleIpv6Test(void)
- {
-     DefragContext *dc = NULL;
-     Packet *p1 = NULL, *p2 = NULL, *p3 = NULL;
-@@ -1439,11 +1439,11 @@ static int IPV6DefragReverseSimpleTest(void)
-     dc = DefragContextNew();
-     FAIL_IF_NULL(dc);
- 
--    p1 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
-+    p1 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
-+    p2 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 1, 1, 'B', 8);
-     FAIL_IF_NULL(p2);
--    p3 = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
-+    p3 = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 2, 0, 'C', 3);
-     FAIL_IF_NULL(p3);
- 
-     FAIL_IF(Defrag(NULL, NULL, p3) != NULL);
-@@ -1496,59 +1496,59 @@ static int DefragDoSturgesNovakTest(int policy, u_char *expected,
-      */
- 
-     /* A*24 at 0. */
--    packets[0] = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
-+    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
- 
-     /* B*15 at 32. */
--    packets[1] = BuildTestPacket(IPPROTO_ICMP, id, 32 >> 3, 1, 'B', 16);
-+    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 32 >> 3, 1, 'B', 16);
- 
-     /* C*24 at 48. */
--    packets[2] = BuildTestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'C', 24);
-+    packets[2] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'C', 24);
- 
-     /* D*8 at 80. */
--    packets[3] = BuildTestPacket(IPPROTO_ICMP, id, 80 >> 3, 1, 'D', 8);
-+    packets[3] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 80 >> 3, 1, 'D', 8);
- 
-     /* E*16 at 104. */
--    packets[4] = BuildTestPacket(IPPROTO_ICMP, id, 104 >> 3, 1, 'E', 16);
-+    packets[4] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 104 >> 3, 1, 'E', 16);
- 
-     /* F*24 at 120. */
--    packets[5] = BuildTestPacket(IPPROTO_ICMP, id, 120 >> 3, 1, 'F', 24);
-+    packets[5] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 120 >> 3, 1, 'F', 24);
- 
-     /* G*16 at 144. */
--    packets[6] = BuildTestPacket(IPPROTO_ICMP, id, 144 >> 3, 1, 'G', 16);
-+    packets[6] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 144 >> 3, 1, 'G', 16);
- 
-     /* H*16 at 160. */
--    packets[7] = BuildTestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'H', 16);
-+    packets[7] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'H', 16);
- 
-     /* I*8 at 176. */
--    packets[8] = BuildTestPacket(IPPROTO_ICMP, id, 176 >> 3, 1, 'I', 8);
-+    packets[8] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 176 >> 3, 1, 'I', 8);
- 
-     /*
-      * Overlapping subsequent fragments.
-      */
- 
-     /* J*32 at 8. */
--    packets[9] = BuildTestPacket(IPPROTO_ICMP, id, 8 >> 3, 1, 'J', 32);
-+    packets[9] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 8 >> 3, 1, 'J', 32);
- 
-     /* K*24 at 48. */
--    packets[10] = BuildTestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'K', 24);
-+    packets[10] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 48 >> 3, 1, 'K', 24);
- 
-     /* L*24 at 72. */
--    packets[11] = BuildTestPacket(IPPROTO_ICMP, id, 72 >> 3, 1, 'L', 24);
-+    packets[11] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 72 >> 3, 1, 'L', 24);
- 
-     /* M*24 at 96. */
--    packets[12] = BuildTestPacket(IPPROTO_ICMP, id, 96 >> 3, 1, 'M', 24);
-+    packets[12] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 96 >> 3, 1, 'M', 24);
- 
-     /* N*8 at 128. */
--    packets[13] = BuildTestPacket(IPPROTO_ICMP, id, 128 >> 3, 1, 'N', 8);
-+    packets[13] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 128 >> 3, 1, 'N', 8);
- 
-     /* O*8 at 152. */
--    packets[14] = BuildTestPacket(IPPROTO_ICMP, id, 152 >> 3, 1, 'O', 8);
-+    packets[14] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 152 >> 3, 1, 'O', 8);
- 
-     /* P*8 at 160. */
--    packets[15] = BuildTestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'P', 8);
-+    packets[15] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 160 >> 3, 1, 'P', 8);
- 
-     /* Q*16 at 176. */
--    packets[16] = BuildTestPacket(IPPROTO_ICMP, id, 176 >> 3, 0, 'Q', 16);
-+    packets[16] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 176 >> 3, 0, 'Q', 16);
- 
-     default_policy = policy;
- 
-@@ -1588,8 +1588,7 @@ static int DefragDoSturgesNovakTest(int policy, u_char *expected,
-     PASS;
- }
- 
--static int IPV6DefragDoSturgesNovakTest(int policy, u_char *expected,
--        size_t expected_len)
-+static int DefragDoSturgesNovakIpv6Test(int policy, u_char *expected, size_t expected_len)
- {
-     int i;
- 
-@@ -1608,59 +1607,59 @@ static int IPV6DefragDoSturgesNovakTest(int policy, u_char *expected,
-      */
- 
-     /* A*24 at 0. */
--    packets[0] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 24);
-+    packets[0] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 0, 1, 'A', 24);
- 
-     /* B*15 at 32. */
--    packets[1] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 32 >> 3, 1, 'B', 16);
-+    packets[1] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 32 >> 3, 1, 'B', 16);
- 
-     /* C*24 at 48. */
--    packets[2] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'C', 24);
-+    packets[2] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'C', 24);
- 
-     /* D*8 at 80. */
--    packets[3] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 80 >> 3, 1, 'D', 8);
-+    packets[3] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 80 >> 3, 1, 'D', 8);
- 
-     /* E*16 at 104. */
--    packets[4] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 104 >> 3, 1, 'E', 16);
-+    packets[4] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 104 >> 3, 1, 'E', 16);
- 
-     /* F*24 at 120. */
--    packets[5] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 120 >> 3, 1, 'F', 24);
-+    packets[5] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 120 >> 3, 1, 'F', 24);
- 
-     /* G*16 at 144. */
--    packets[6] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 144 >> 3, 1, 'G', 16);
-+    packets[6] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 144 >> 3, 1, 'G', 16);
- 
-     /* H*16 at 160. */
--    packets[7] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'H', 16);
-+    packets[7] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'H', 16);
- 
-     /* I*8 at 176. */
--    packets[8] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 1, 'I', 8);
-+    packets[8] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 1, 'I', 8);
- 
-     /*
-      * Overlapping subsequent fragments.
-      */
- 
-     /* J*32 at 8. */
--    packets[9] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 8 >> 3, 1, 'J', 32);
-+    packets[9] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 8 >> 3, 1, 'J', 32);
- 
-     /* K*24 at 48. */
--    packets[10] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'K', 24);
-+    packets[10] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 48 >> 3, 1, 'K', 24);
- 
-     /* L*24 at 72. */
--    packets[11] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 72 >> 3, 1, 'L', 24);
-+    packets[11] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 72 >> 3, 1, 'L', 24);
- 
-     /* M*24 at 96. */
--    packets[12] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 96 >> 3, 1, 'M', 24);
-+    packets[12] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 96 >> 3, 1, 'M', 24);
- 
-     /* N*8 at 128. */
--    packets[13] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 128 >> 3, 1, 'N', 8);
-+    packets[13] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 128 >> 3, 1, 'N', 8);
- 
-     /* O*8 at 152. */
--    packets[14] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 152 >> 3, 1, 'O', 8);
-+    packets[14] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 152 >> 3, 1, 'O', 8);
- 
-     /* P*8 at 160. */
--    packets[15] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'P', 8);
-+    packets[15] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 160 >> 3, 1, 'P', 8);
- 
-     /* Q*16 at 176. */
--    packets[16] = IPV6BuildTestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 0, 'Q', 16);
-+    packets[16] = BuildIpv6TestPacket(IPPROTO_ICMPV6, id, 176 >> 3, 0, 'Q', 16);
- 
-     default_policy = policy;
- 
-@@ -1735,7 +1734,7 @@ DefragSturgesNovakBsdTest(void)
-     PASS;
- }
- 
--static int IPV6DefragSturgesNovakBsdTest(void)
-+static int DefragSturgesNovakBsdIpv6Test(void)
- {
-     /* Expected data. */
-     u_char expected[] = {
-@@ -1765,8 +1764,7 @@ static int IPV6DefragSturgesNovakBsdTest(void)
-         "QQQQQQQQ"
-     };
- 
--    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_BSD, expected,
--                    sizeof(expected)));
-+    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_BSD, expected, sizeof(expected)));
-     PASS;
- }
- 
-@@ -1805,7 +1803,7 @@ static int DefragSturgesNovakLinuxIpv4Test(void)
-     PASS;
- }
- 
--static int IPV6DefragSturgesNovakLinuxTest(void)
-+static int DefragSturgesNovakLinuxIpv6Test(void)
- {
-     /* Expected data. */
-     u_char expected[] = {
-@@ -1835,8 +1833,7 @@ static int IPV6DefragSturgesNovakLinuxTest(void)
-         "QQQQQQQQ"
-     };
- 
--    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_LINUX, expected,
--            sizeof(expected)));
-+    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_LINUX, expected, sizeof(expected)));
-     PASS;
- }
- 
-@@ -1875,7 +1872,7 @@ static int DefragSturgesNovakWindowsIpv4Test(void)
-     PASS;
- }
- 
--static int IPV6DefragSturgesNovakWindowsTest(void)
-+static int DefragSturgesNovakWindowsIpv6Test(void)
- {
-     /* Expected data. */
-     u_char expected[] = {
-@@ -1905,8 +1902,7 @@ static int IPV6DefragSturgesNovakWindowsTest(void)
-         "QQQQQQQQ"
-     };
- 
--    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_WINDOWS, expected,
--                    sizeof(expected)));
-+    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_WINDOWS, expected, sizeof(expected)));
-     PASS;
- }
- 
-@@ -1945,7 +1941,7 @@ static int DefragSturgesNovakSolarisTest(void)
-     PASS;
- }
- 
--static int IPV6DefragSturgesNovakSolarisTest(void)
-+static int DefragSturgesNovakSolarisIpv6Test(void)
- {
-     /* Expected data. */
-     u_char expected[] = {
-@@ -1975,8 +1971,7 @@ static int IPV6DefragSturgesNovakSolarisTest(void)
-         "QQQQQQQQ"
-     };
- 
--    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_SOLARIS, expected,
--                    sizeof(expected)));
-+    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_SOLARIS, expected, sizeof(expected)));
-     PASS;
- }
- 
-@@ -2015,7 +2010,7 @@ static int DefragSturgesNovakFirstTest(void)
-     PASS;
- }
- 
--static int IPV6DefragSturgesNovakFirstTest(void)
-+static int DefragSturgesNovakFirstIpv6Test(void)
- {
-     /* Expected data. */
-     u_char expected[] = {
-@@ -2045,8 +2040,7 @@ static int IPV6DefragSturgesNovakFirstTest(void)
-         "QQQQQQQQ"
-     };
- 
--    return IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_FIRST, expected,
--        sizeof(expected));
-+    return DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_FIRST, expected, sizeof(expected));
- }
- 
- static int
-@@ -2085,7 +2079,7 @@ DefragSturgesNovakLastTest(void)
-     PASS;
- }
- 
--static int IPV6DefragSturgesNovakLastTest(void)
-+static int DefragSturgesNovakLastIpv6Test(void)
- {
-     /* Expected data. */
-     u_char expected[] = {
-@@ -2115,8 +2109,7 @@ static int IPV6DefragSturgesNovakLastTest(void)
-         "QQQQQQQQ"
-     };
- 
--    FAIL_IF_NOT(IPV6DefragDoSturgesNovakTest(DEFRAG_POLICY_LAST, expected,
--                    sizeof(expected)));
-+    FAIL_IF_NOT(DefragDoSturgesNovakIpv6Test(DEFRAG_POLICY_LAST, expected, sizeof(expected)));
-     PASS;
- }
- 
-@@ -2131,7 +2124,7 @@ static int DefragTimeoutTest(void)
- 
-     /* Load in 16 packets. */
-     for (i = 0; i < 16; i++) {
--        Packet *p = BuildTestPacket(IPPROTO_ICMP,i, 0, 1, 'A' + i, 16);
-+        Packet *p = BuildIpv4TestPacket(IPPROTO_ICMP, i, 0, 1, 'A' + i, 16);
-         FAIL_IF_NULL(p);
- 
-         Packet *tp = Defrag(NULL, NULL, p);
-@@ -2141,7 +2134,7 @@ static int DefragTimeoutTest(void)
- 
-     /* Build a new packet but push the timestamp out by our timeout.
-      * This should force our previous fragments to be timed out. */
--    Packet *p = BuildTestPacket(IPPROTO_ICMP, 99, 0, 1, 'A' + i, 16);
-+    Packet *p = BuildIpv4TestPacket(IPPROTO_ICMP, 99, 0, 1, 'A' + i, 16);
-     FAIL_IF_NULL(p);
- 
-     p->ts = SCTIME_ADD_SECS(p->ts, defrag_context->timeout + 1);
-@@ -2166,7 +2159,7 @@ static int DefragTimeoutTest(void)
-  * fail.  The fix was simple, but this unit test is just to make sure
-  * its not introduced.
-  */
--static int DefragIPv4NoDataTest(void)
-+static int DefragNoDataIpv4Test(void)
- {
-     DefragContext *dc = NULL;
-     Packet *p = NULL;
-@@ -2178,7 +2171,7 @@ static int DefragIPv4NoDataTest(void)
-     FAIL_IF_NULL(dc);
- 
-     /* This packet has an offset > 0, more frags set to 0 and no data. */
--    p = BuildTestPacket(IPPROTO_ICMP, id, 1, 0, 'A', 0);
-+    p = BuildIpv4TestPacket(IPPROTO_ICMP, id, 1, 0, 'A', 0);
-     FAIL_IF_NULL(p);
- 
-     /* We do not expect a packet returned. */
-@@ -2195,7 +2188,7 @@ static int DefragIPv4NoDataTest(void)
-     PASS;
- }
- 
--static int DefragIPv4TooLargeTest(void)
-+static int DefragTooLargeIpv4Test(void)
- {
-     DefragContext *dc = NULL;
-     Packet *p = NULL;
-@@ -2207,7 +2200,7 @@ static int DefragIPv4TooLargeTest(void)
- 
-     /* Create a fragment that would extend past the max allowable size
-      * for an IPv4 packet. */
--    p = BuildTestPacket(IPPROTO_ICMP, 1, 8183, 0, 'A', 71);
-+    p = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 8183, 0, 'A', 71);
-     FAIL_IF_NULL(p);
- 
-     /* We do not expect a packet returned. */
-@@ -2238,9 +2231,9 @@ static int DefragVlanTest(void)
- 
-     DefragInit();
- 
--    p1 = BuildTestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
-+    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = BuildTestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
-+    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
-     FAIL_IF_NULL(p2);
- 
-     /* With no VLAN IDs set, packets should re-assemble. */
-@@ -2270,9 +2263,9 @@ static int DefragVlanQinQTest(void)
- 
-     DefragInit();
- 
--    p1 = BuildTestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
-+    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = BuildTestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
-+    p2 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
-     FAIL_IF_NULL(p2);
- 
-     /* With no VLAN IDs set, packets should re-assemble. */
-@@ -2304,9 +2297,9 @@ static int DefragVlanQinQinQTest(void)
- 
-     DefragInit();
- 
--    Packet *p1 = BuildTestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
-+    Packet *p1 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    Packet *p2 = BuildTestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
-+    Packet *p2 = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 1, 0, 'B', 8);
-     FAIL_IF_NULL(p2);
- 
-     /* With no VLAN IDs set, packets should re-assemble. */
-@@ -2340,7 +2333,7 @@ static int DefragTrackerReuseTest(void)
- 
-     /* Build a packet, its not a fragment but shouldn't matter for
-      * this test. */
--    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 0, 'A', 8);
-+    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 0, 'A', 8);
-     FAIL_IF_NULL(p1);
- 
-     /* Get a tracker. It shouldn't look like its already in use. */
-@@ -2387,9 +2380,9 @@ static int DefragMfIpv4Test(void)
- 
-     DefragInit();
- 
--    Packet *p1 = BuildTestPacket(IPPROTO_ICMP, ip_id, 2, 1, 'C', 8);
--    Packet *p2 = BuildTestPacket(IPPROTO_ICMP, ip_id, 0, 1, 'A', 8);
--    Packet *p3 = BuildTestPacket(IPPROTO_ICMP, ip_id, 1, 0, 'B', 8);
-+    Packet *p1 = BuildIpv4TestPacket(IPPROTO_ICMP, ip_id, 2, 1, 'C', 8);
-+    Packet *p2 = BuildIpv4TestPacket(IPPROTO_ICMP, ip_id, 0, 1, 'A', 8);
-+    Packet *p3 = BuildIpv4TestPacket(IPPROTO_ICMP, ip_id, 1, 0, 'B', 8);
-     FAIL_IF(p1 == NULL || p2 == NULL || p3 == NULL);
- 
-     p = Defrag(NULL, NULL, p1);
-@@ -2434,9 +2427,9 @@ static int DefragMfIpv6Test(void)
- 
-     DefragInit();
- 
--    Packet *p1 = IPV6BuildTestPacket(IPPROTO_ICMPV6, ip_id, 2, 1, 'C', 8);
--    Packet *p2 = IPV6BuildTestPacket(IPPROTO_ICMPV6, ip_id, 0, 1, 'A', 8);
--    Packet *p3 = IPV6BuildTestPacket(IPPROTO_ICMPV6, ip_id, 1, 0, 'B', 8);
-+    Packet *p1 = BuildIpv6TestPacket(IPPROTO_ICMPV6, ip_id, 2, 1, 'C', 8);
-+    Packet *p2 = BuildIpv6TestPacket(IPPROTO_ICMPV6, ip_id, 0, 1, 'A', 8);
-+    Packet *p3 = BuildIpv6TestPacket(IPPROTO_ICMPV6, ip_id, 1, 0, 'B', 8);
-     FAIL_IF(p1 == NULL || p2 == NULL || p3 == NULL);
- 
-     p = Defrag(NULL, NULL, p1);
-@@ -2476,11 +2469,11 @@ static int DefragTestBadProto(void)
- 
-     DefragInit();
- 
--    p1 = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
-+    p1 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 8);
-     FAIL_IF_NULL(p1);
--    p2 = BuildTestPacket(IPPROTO_UDP, id, 1, 1, 'B', 8);
-+    p2 = BuildIpv4TestPacket(IPPROTO_UDP, id, 1, 1, 'B', 8);
-     FAIL_IF_NULL(p2);
--    p3 = BuildTestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
-+    p3 = BuildIpv4TestPacket(IPPROTO_ICMP, id, 2, 0, 'C', 3);
-     FAIL_IF_NULL(p3);
- 
-     FAIL_IF_NOT_NULL(Defrag(NULL, NULL, p1));
-@@ -2522,10 +2515,10 @@ static int DefragTestJeremyLinux(void)
-     Packet *packets[4];
-     int i = 0;
- 
--    packets[0] = BuildTestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
--    packets[1] = BuildTestPacket(IPPROTO_ICMP, id, 40 >> 3, 1, 'B', 48);
--    packets[2] = BuildTestPacket(IPPROTO_ICMP, id, 24 >> 3, 1, 'C', 48);
--    packets[3] = BuildTestPacket(IPPROTO_ICMP, id, 88 >> 3, 0, 'D', 14);
-+    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 0, 1, 'A', 24);
-+    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 40 >> 3, 1, 'B', 48);
-+    packets[2] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 24 >> 3, 1, 'C', 48);
-+    packets[3] = BuildIpv4TestPacket(IPPROTO_ICMP, id, 88 >> 3, 0, 'D', 14);
- 
-     Packet *r = Defrag(NULL, NULL, packets[0]);
-     FAIL_IF_NOT_NULL(r);
-@@ -2657,23 +2650,17 @@ void DefragRegisterTests(void)
-     UtRegisterTest("DefragSturgesNovakFirstTest", DefragSturgesNovakFirstTest);
-     UtRegisterTest("DefragSturgesNovakLastTest", DefragSturgesNovakLastTest);
- 
--    UtRegisterTest("DefragIPv4NoDataTest", DefragIPv4NoDataTest);
--    UtRegisterTest("DefragIPv4TooLargeTest", DefragIPv4TooLargeTest);
--
--    UtRegisterTest("IPV6DefragInOrderSimpleTest", IPV6DefragInOrderSimpleTest);
--    UtRegisterTest("IPV6DefragReverseSimpleTest", IPV6DefragReverseSimpleTest);
--    UtRegisterTest("IPV6DefragSturgesNovakBsdTest",
--                   IPV6DefragSturgesNovakBsdTest);
--    UtRegisterTest("IPV6DefragSturgesNovakLinuxTest",
--                   IPV6DefragSturgesNovakLinuxTest);
--    UtRegisterTest("IPV6DefragSturgesNovakWindowsTest",
--                   IPV6DefragSturgesNovakWindowsTest);
--    UtRegisterTest("IPV6DefragSturgesNovakSolarisTest",
--                   IPV6DefragSturgesNovakSolarisTest);
--    UtRegisterTest("IPV6DefragSturgesNovakFirstTest",
--                   IPV6DefragSturgesNovakFirstTest);
--    UtRegisterTest("IPV6DefragSturgesNovakLastTest",
--                   IPV6DefragSturgesNovakLastTest);
-+    UtRegisterTest("DefragNoDataIpv4Test", DefragNoDataIpv4Test);
-+    UtRegisterTest("DefragTooLargeIpv4Test", DefragTooLargeIpv4Test);
-+
-+    UtRegisterTest("DefragInOrderSimpleIpv6Test", DefragInOrderSimpleIpv6Test);
-+    UtRegisterTest("DefragReverseSimpleIpv6Test", DefragReverseSimpleIpv6Test);
-+    UtRegisterTest("DefragSturgesNovakBsdIpv6Test", DefragSturgesNovakBsdIpv6Test);
-+    UtRegisterTest("DefragSturgesNovakLinuxIpv6Test", DefragSturgesNovakLinuxIpv6Test);
-+    UtRegisterTest("DefragSturgesNovakWindowsIpv6Test", DefragSturgesNovakWindowsIpv6Test);
-+    UtRegisterTest("DefragSturgesNovakSolarisIpv6Test", DefragSturgesNovakSolarisIpv6Test);
-+    UtRegisterTest("DefragSturgesNovakFirstIpv6Test", DefragSturgesNovakFirstIpv6Test);
-+    UtRegisterTest("DefragSturgesNovakLastIpv6Test", DefragSturgesNovakLastIpv6Test);
- 
-     UtRegisterTest("DefragVlanTest", DefragVlanTest);
-     UtRegisterTest("DefragVlanQinQTest", DefragVlanQinQTest);
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-003.patch b/recipes-ids/suricata/files/CVE-2024-32867-003.patch
deleted file mode 100644
index 15ee1f4..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32867-003.patch
+++ /dev/null
@@ -1,472 +0,0 @@
-From 1e110d0a71db46571040b937e17a4bc9f91d6de9 Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Thu, 7 Dec 2023 16:44:56 -0600
-Subject: [PATCH] defrag: fix subsequent overlap of start of original (bsd)
-
-Fix the BSD policy case where a subsequent fragment starts before an
-original fragment and overlaps the beginning of the original
-fragment. In this case the overlapping data from the new fragment is
-preferred.
-
-Suricata was preferring the data from the original fragment, but it
-should only do that when the original fragment has an offset <= to the
-new fragment.
-
-- Adds test for this case
-
-Bug: #6669
-(cherry picked from commit f1709ea551124e1a64fdc509993ad022ab27aa77)
-
-CVE: CVE-2024-32867
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/1e110d0a71db46571040b937e17a4bc9f91d6de9]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/defrag.c | 387 ++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 380 insertions(+), 7 deletions(-)
-
-diff --git a/src/defrag.c b/src/defrag.c
-index 99fbab3..28d085d 100644
---- a/src/defrag.c
-+++ b/src/defrag.c
-@@ -692,16 +692,45 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
-             switch (tracker->policy) {
-             case DEFRAG_POLICY_BSD:
-                 if (frag_offset < prev->offset + prev->data_len) {
--                    if (frag_offset >= prev->offset) {
--                        ltrim = prev->offset + prev->data_len - frag_offset;
-+                    if (prev->offset <= frag_offset) {
-+                        /* We prefer the data from the previous
-+                         * fragment, so trim off the data in the new
-+                         * fragment that exists in the previous
-+                         * fragment. */
-+                        uint16_t prev_end = prev->offset + prev->data_len;
-+                        if (prev_end > frag_end) {
-+                            /* Just skip. */
-+                            /* TODO: Set overlap flag. */
-+                            goto done;
-+                        }
-+                        ltrim = prev_end - frag_offset;
-+
-+                        if ((next != NULL) && (frag_end > next->offset)) {
-+                            next->ltrim = frag_end - next->offset;
-+                        }
-+
-+                        goto insert;
-                     }
-+
-+                    /* If the end of this fragment overlaps the start
-+                     * of the previous fragment, then trim up the
-+                     * start of previous fragment so this fragment is
-+                     * used.
-+                     *
-+                     * See:
-+                     * DefragBsdSubsequentOverlapsStartOfOriginal.
-+                     */
-+                    if (frag_offset <= prev->offset && frag_end > prev->offset + prev->ltrim) {
-+                        uint16_t prev_ltrim = frag_end - prev->offset;
-+                        if (prev_ltrim > prev->ltrim) {
-+                            prev->ltrim = prev_ltrim;
-+                        }
-+                    }
-+
-                     if ((next != NULL) && (frag_end > next->offset)) {
-                         next->ltrim = frag_end - next->offset;
-                     }
--                    if ((frag_offset < prev->offset) &&
--                        (frag_end >= prev->offset + prev->data_len)) {
--                        prev->skip = 1;
--                    }
-+
-                     goto insert;
-                 }
-                 break;
-@@ -1199,6 +1228,77 @@ error:
-     return NULL;
- }
- 
-+/**
-+ * Allocate a test packet, much like BuildIpv4TestPacket, but with
-+ * the full content provided by the caller.
-+ */
-+static Packet *BuildIpv4TestPacketWithContent(
-+        uint8_t proto, uint16_t id, uint16_t off, int mf, const uint8_t *content, int content_len)
-+{
-+    Packet *p = NULL;
-+    int hlen = 20;
-+    int ttl = 64;
-+    IPV4Hdr ip4h;
-+
-+    p = SCCalloc(1, sizeof(*p) + default_packet_size);
-+    if (unlikely(p == NULL))
-+        return NULL;
-+
-+    PacketInit(p);
-+
-+    struct timeval tval;
-+    gettimeofday(&tval, NULL);
-+    p->ts = SCTIME_FROM_TIMEVAL(&tval);
-+    ip4h.ip_verhl = 4 << 4;
-+    ip4h.ip_verhl |= hlen >> 2;
-+    ip4h.ip_len = htons(hlen + content_len);
-+    ip4h.ip_id = htons(id);
-+    if (mf)
-+        ip4h.ip_off = htons(IP_MF | off);
-+    else
-+        ip4h.ip_off = htons(off);
-+    ip4h.ip_ttl = ttl;
-+    ip4h.ip_proto = proto;
-+
-+    ip4h.s_ip_src.s_addr = 0x01010101; /* 1.1.1.1 */
-+    ip4h.s_ip_dst.s_addr = 0x02020202; /* 2.2.2.2 */
-+
-+    /* copy content_len crap, we need full length */
-+    PacketCopyData(p, (uint8_t *)&ip4h, sizeof(ip4h));
-+    p->ip4h = (IPV4Hdr *)GET_PKT_DATA(p);
-+    SET_IPV4_SRC_ADDR(p, &p->src);
-+    SET_IPV4_DST_ADDR(p, &p->dst);
-+
-+    PacketCopyDataOffset(p, hlen, content, content_len);
-+    SET_PKT_LEN(p, hlen + content_len);
-+
-+    p->ip4h->ip_csum = IPV4Checksum((uint16_t *)GET_PKT_DATA(p), hlen, 0);
-+
-+    /* Self test. */
-+    if (IPV4_GET_VER(p) != 4)
-+        goto error;
-+    if (IPV4_GET_HLEN(p) != hlen)
-+        goto error;
-+    if (IPV4_GET_IPLEN(p) != hlen + content_len)
-+        goto error;
-+    if (IPV4_GET_IPID(p) != id)
-+        goto error;
-+    if (IPV4_GET_IPOFFSET(p) != off)
-+        goto error;
-+    if (IPV4_GET_MF(p) != mf)
-+        goto error;
-+    if (IPV4_GET_IPTTL(p) != ttl)
-+        goto error;
-+    if (IPV4_GET_IPPROTO(p) != proto)
-+        goto error;
-+
-+    return p;
-+error:
-+    if (p != NULL)
-+        SCFree(p);
-+    return NULL;
-+}
-+
- static Packet *BuildIpv6TestPacket(
-         uint8_t proto, uint32_t id, uint16_t off, int mf, const char content, int content_len)
- {
-@@ -1270,6 +1370,71 @@ error:
-     return NULL;
- }
- 
-+static Packet *BuildIpv6TestPacketWithContent(
-+        uint8_t proto, uint32_t id, uint16_t off, int mf, const uint8_t *content, int content_len)
-+{
-+    Packet *p = NULL;
-+    IPV6Hdr ip6h;
-+
-+    p = SCCalloc(1, sizeof(*p) + default_packet_size);
-+    if (unlikely(p == NULL))
-+        return NULL;
-+
-+    PacketInit(p);
-+
-+    struct timeval tval;
-+    gettimeofday(&tval, NULL);
-+    p->ts = SCTIME_FROM_TIMEVAL(&tval);
-+
-+    ip6h.s_ip6_nxt = 44;
-+    ip6h.s_ip6_hlim = 2;
-+
-+    /* Source and dest address - very bogus addresses. */
-+    ip6h.s_ip6_src[0] = 0x01010101;
-+    ip6h.s_ip6_src[1] = 0x01010101;
-+    ip6h.s_ip6_src[2] = 0x01010101;
-+    ip6h.s_ip6_src[3] = 0x01010101;
-+    ip6h.s_ip6_dst[0] = 0x02020202;
-+    ip6h.s_ip6_dst[1] = 0x02020202;
-+    ip6h.s_ip6_dst[2] = 0x02020202;
-+    ip6h.s_ip6_dst[3] = 0x02020202;
-+
-+    /* copy content_len crap, we need full length */
-+    PacketCopyData(p, (uint8_t *)&ip6h, sizeof(IPV6Hdr));
-+
-+    p->ip6h = (IPV6Hdr *)GET_PKT_DATA(p);
-+    IPV6_SET_RAW_VER(p->ip6h, 6);
-+    /* Fragmentation header. */
-+    IPV6FragHdr *fh = (IPV6FragHdr *)(GET_PKT_DATA(p) + sizeof(IPV6Hdr));
-+    fh->ip6fh_nxt = proto;
-+    fh->ip6fh_ident = htonl(id);
-+    fh->ip6fh_offlg = htons((off << 3) | mf);
-+
-+    DecodeIPV6FragHeader(p, (uint8_t *)fh, 8, 8 + content_len, 0);
-+
-+    PacketCopyDataOffset(p, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr), content, content_len);
-+    SET_PKT_LEN(p, sizeof(IPV6Hdr) + sizeof(IPV6FragHdr) + content_len);
-+
-+    p->ip6h->s_ip6_plen = htons(sizeof(IPV6FragHdr) + content_len);
-+
-+    SET_IPV6_SRC_ADDR(p, &p->src);
-+    SET_IPV6_DST_ADDR(p, &p->dst);
-+
-+    /* Self test. */
-+    if (IPV6_GET_VER(p) != 6)
-+        goto error;
-+    if (IPV6_GET_NH(p) != 44)
-+        goto error;
-+    if (IPV6_GET_PLEN(p) != sizeof(IPV6FragHdr) + content_len)
-+        goto error;
-+
-+    return p;
-+error:
-+    if (p != NULL)
-+        SCFree(p);
-+    return NULL;
-+}
-+
- /**
-  * Test the simplest possible re-assembly scenario.  All packet in
-  * order and no overlaps.
-@@ -1575,7 +1740,13 @@ static int DefragDoSturgesNovakTest(int policy, u_char *expected,
-     FAIL_IF(IPV4_GET_HLEN(reassembled) != 20);
-     FAIL_IF(IPV4_GET_IPLEN(reassembled) != 20 + 192);
- 
--    FAIL_IF(memcmp(GET_PKT_DATA(reassembled) + 20, expected, expected_len) != 0);
-+    if (memcmp(expected, GET_PKT_DATA(reassembled) + 20, expected_len) != 0) {
-+        printf("Expected:\n");
-+        PrintRawDataFp(stdout, expected, expected_len);
-+        printf("Got:\n");
-+        PrintRawDataFp(stdout, GET_PKT_DATA(reassembled) + 20, GET_PKT_LEN(reassembled) - 20);
-+        FAIL;
-+    }
-     SCFree(reassembled);
- 
-     /* Make sure all frags were returned back to the pool. */
-@@ -2543,6 +2714,16 @@ static int DefragTestJeremyLinux(void)
-     PASS;
- }
- 
-+/**
-+ * | 0        | 8        | 16       | 24       | 32       |
-+ * |----------|----------|----------|----------|----------|
-+ * |                                  AAAAAAAA | AAAAAAAA |
-+ * |          | BBBBBBBB | BBBBBBBB |          |          |
-+ * |          |          | CCCCCCCC | CCCCCCCC |          |
-+ * | DDDDDDDD |          |          |          |          |
-+ *
-+ * | DDDDDDDD | BBBBBBBB | BBBBBBBB | CCCCCCCC | AAAAAAAA |
-+ */
- static int DefragBsdFragmentAfterNoMfIpv4Test(void)
- {
-     DefragInit();
-@@ -2633,6 +2814,192 @@ static int DefragBsdFragmentAfterNoMfIpv6Test(void)
-     PASS;
- }
- 
-+static int DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[4];
-+
-+    /* Packet 1: off=16, mf=1 */
-+    packets[0] = BuildIpv4TestPacketWithContent(
-+            IPPROTO_ICMP, 6, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
-+
-+    /* Packet 2: off=8, mf=1 */
-+    packets[1] = BuildIpv4TestPacketWithContent(
-+            IPPROTO_ICMP, 6, 8 >> 3, 1, (uint8_t *)"AACCBBDDAACCDDBB", 16);
-+
-+    /* Packet 3: off=0, mf=1: IP and ICMP header. */
-+    packets[2] = BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 6, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
-+
-+    /* Packet 4: off=8, mf=1 */
-+    packets[3] =
-+            BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 6, 32 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[2]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[3]);
-+    FAIL_IF_NULL(r);
-+
-+    // clang-format off
-+    const uint8_t expected[] = {
-+	// AACCBBDD
-+	// AACCDDBB
-+	// AABBDDCC
-+	// DDCCBBAA
-+	'A', 'A', 'C', 'C', 'B', 'B', 'D', 'D',
-+	'A', 'A', 'C', 'C', 'D', 'D', 'B', 'B',
-+	'A', 'A', 'B', 'B', 'D', 'D', 'C', 'C',
-+	'D', 'D', 'C', 'C', 'B', 'B', 'A', 'A',
-+    };
-+    // clang-format on
-+
-+    FAIL_IF(memcmp(expected, GET_PKT_DATA(r) + 20 + 8, sizeof(expected)) != 0);
-+
-+    DefragDestroy();
-+    PASS;
-+}
-+
-+static int DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[4];
-+
-+    /* Packet 1: off=16, mf=1 */
-+    packets[0] = BuildIpv6TestPacketWithContent(
-+            IPPROTO_ICMP, 6, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
-+
-+    /* Packet 2: off=8, mf=1 */
-+    packets[1] = BuildIpv6TestPacketWithContent(
-+            IPPROTO_ICMP, 6, 8 >> 3, 1, (uint8_t *)"AACCBBDDAACCDDBB", 16);
-+
-+    /* Packet 3: off=0, mf=1: IP and ICMP header. */
-+    packets[2] = BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 6, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
-+
-+    /* Packet 4: off=8, mf=1 */
-+    packets[3] =
-+            BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 6, 32 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[2]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[3]);
-+    FAIL_IF_NULL(r);
-+
-+    // clang-format off
-+    const uint8_t expected[] = {
-+	// AACCBBDD
-+	// AACCDDBB
-+	// AABBDDCC
-+	// DDCCBBAA
-+	'A', 'A', 'C', 'C', 'B', 'B', 'D', 'D',
-+	'A', 'A', 'C', 'C', 'D', 'D', 'B', 'B',
-+	'A', 'A', 'B', 'B', 'D', 'D', 'C', 'C',
-+	'D', 'D', 'C', 'C', 'B', 'B', 'A', 'A',
-+    };
-+    // clang-format on
-+
-+    FAIL_IF(memcmp(expected, GET_PKT_DATA(r) + 40 + 8, sizeof(expected)) != 0);
-+
-+    DefragDestroy();
-+    PASS;
-+}
-+
-+/**
-+ * #### Input
-+ *
-+ * | 96 (0)   | 104 (8)  | 112 (16) | 120 (24) |
-+ * |----------|----------|----------|----------|
-+ * |          | EEEEEEEE | EEEEEEEE | EEEEEEEE |
-+ * | MMMMMMMM | MMMMMMMM | MMMMMMMM |          |
-+ *
-+ * #### Expected Output
-+ *
-+ * | MMMMMMMM | MMMMMMMM | MMMMMMMM | EEEEEEEE |
-+ */
-+static int DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[2];
-+
-+    packets[0] = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 8 >> 3, 0, 'E', 24);
-+    packets[1] = BuildIpv4TestPacket(IPPROTO_ICMP, 1, 0, 1, 'M', 24);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NULL(r);
-+
-+    // clang-format off
-+    const uint8_t expected[] = {
-+	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
-+	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
-+	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
-+	'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E',
-+    };
-+    // clang-format on
-+
-+    if (memcmp(expected, GET_PKT_DATA(r) + 20, sizeof(expected)) != 0) {
-+        printf("Expected:\n");
-+        PrintRawDataFp(stdout, expected, sizeof(expected));
-+        printf("Got:\n");
-+        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 20, GET_PKT_LEN(r) - 20);
-+        FAIL;
-+    }
-+
-+    PASS;
-+}
-+
-+static int DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[2];
-+
-+    packets[0] = BuildIpv6TestPacket(IPPROTO_ICMP, 1, 8 >> 3, 0, 'E', 24);
-+    packets[1] = BuildIpv6TestPacket(IPPROTO_ICMP, 1, 0, 1, 'M', 24);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NULL(r);
-+
-+    // clang-format off
-+    const uint8_t expected[] = {
-+	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
-+	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
-+	'M', 'M', 'M', 'M', 'M', 'M', 'M', 'M',
-+	'E', 'E', 'E', 'E', 'E', 'E', 'E', 'E',
-+    };
-+    // clang-format on
-+
-+    if (memcmp(expected, GET_PKT_DATA(r) + 40, sizeof(expected)) != 0) {
-+        printf("Expected:\n");
-+        PrintRawDataFp(stdout, expected, sizeof(expected));
-+        printf("Got:\n");
-+        PrintRawDataFp(stdout, GET_PKT_DATA(r) + 40, GET_PKT_LEN(r) - 40);
-+        FAIL;
-+    }
-+
-+    PASS;
-+}
-+
- #endif /* UNITTESTS */
- 
- void DefragRegisterTests(void)
-@@ -2675,5 +3042,11 @@ void DefragRegisterTests(void)
- 
-     UtRegisterTest("DefragBsdFragmentAfterNoMfIpv4Test", DefragBsdFragmentAfterNoMfIpv4Test);
-     UtRegisterTest("DefragBsdFragmentAfterNoMfIpv6Test", DefragBsdFragmentAfterNoMfIpv6Test);
-+    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test",
-+            DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test);
-+    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test",
-+            DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test);
-+    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2);
-+    UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2);
- #endif /* UNITTESTS */
- }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-32867-004.patch b/recipes-ids/suricata/files/CVE-2024-32867-004.patch
deleted file mode 100644
index 7edb3b3..0000000
--- a/recipes-ids/suricata/files/CVE-2024-32867-004.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From e6267758ed5da27f804f0c1c07f9423bdf4d72b8 Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Fri, 12 Jan 2024 11:09:59 -0600
-Subject: [PATCH] defrag: fix check for complete packet
-
-The list of fragments may still contain overlaps, so adding up the
-fragment lengths is flawed. Instead track the largest size of
-contiguous data that can be re-assembled.
-
-Bug: #6675
-(cherry picked from commit d226d0a3fce8837936e1bdfaee496c80d417e0a5)
-
-CVE: CVE-2024-32867
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/e6267758ed5da27f804f0c1c07f9423bdf4d72b8]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/defrag.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 114 insertions(+), 2 deletions(-)
-
-diff --git a/src/defrag.c b/src/defrag.c
-index 28d085d..fc46411 100644
---- a/src/defrag.c
-+++ b/src/defrag.c
-@@ -276,7 +276,8 @@ Defrag4Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
-             goto done;
-         }
-         else {
--            len += frag->data_len;
-+            /* Update the packet length to the largest known data offset. */
-+            len = MAX(len, frag->offset + frag->data_len);
-         }
-     }
- 
-@@ -434,7 +435,7 @@ Defrag6Reassemble(ThreadVars *tv, DefragTracker *tracker, Packet *p)
-                 goto done;
-             }
-             else {
--                len += frag->data_len;
-+                len = MAX(len, frag->offset + frag->data_len);
-             }
-         }
-     }
-@@ -3000,6 +3001,115 @@ static int DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test(void)
-     PASS;
- }
- 
-+/**
-+ * Reassembly should fail.
-+ *
-+ * |0       |8       |16      |24      |32      |40      |48      |
-+ * |========|========|========|========|========|========|========|
-+ * |        |        |AABBCCDD|AABBDDCC|        |        |        |
-+ * |        |        |        |        |        |AACCBBDD|        |
-+ * |        |AACCDDBB|AADDBBCC|        |        |        |        |
-+ * |ZZZZZZZZ|        |        |        |        |        |        |
-+ * |        |        |        |        |        |        |DDCCBBAA|
-+ */
-+static int DefragBsdMissingFragmentIpv4Test(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[5];
-+
-+    packets[0] = BuildIpv4TestPacketWithContent(
-+            IPPROTO_ICMP, 189, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
-+
-+    packets[1] =
-+            BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 189, 40 >> 3, 1, (uint8_t *)"AACCBBDD", 8);
-+
-+    packets[2] = BuildIpv4TestPacketWithContent(
-+            IPPROTO_ICMP, 189, 8 >> 3, 1, (uint8_t *)"AACCDDBBAADDBBCC", 16);
-+
-+    /* ICMP header. */
-+    packets[3] = BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 189, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
-+
-+    packets[4] =
-+            BuildIpv4TestPacketWithContent(IPPROTO_ICMP, 189, 48 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[2]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[3]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[4]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+#if 0
-+    PrintRawDataFp(stdout, GET_PKT_DATA(r) + 20, GET_PKT_LEN(r) - 20);
-+#endif
-+
-+    for (int i = 0; i < 5; i++) {
-+        SCFree(packets[i]);
-+    }
-+
-+    DefragDestroy();
-+
-+    PASS;
-+}
-+
-+static int DefragBsdMissingFragmentIpv6Test(void)
-+{
-+    DefragInit();
-+    default_policy = DEFRAG_POLICY_BSD;
-+    Packet *packets[5];
-+
-+    packets[0] = BuildIpv6TestPacketWithContent(
-+            IPPROTO_ICMP, 189, 16 >> 3, 1, (uint8_t *)"AABBCCDDAABBDDCC", 16);
-+
-+    packets[1] =
-+            BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 189, 40 >> 3, 1, (uint8_t *)"AACCBBDD", 8);
-+
-+    packets[2] = BuildIpv6TestPacketWithContent(
-+            IPPROTO_ICMP, 189, 8 >> 3, 1, (uint8_t *)"AACCDDBBAADDBBCC", 16);
-+
-+    /* ICMP header. */
-+    packets[3] = BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 189, 0, 1, (uint8_t *)"ZZZZZZZZ", 8);
-+
-+    packets[4] =
-+            BuildIpv6TestPacketWithContent(IPPROTO_ICMP, 189, 48 >> 3, 0, (uint8_t *)"DDCCBBAA", 8);
-+
-+    Packet *r = Defrag(NULL, NULL, packets[0]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[1]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[2]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[3]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+    r = Defrag(NULL, NULL, packets[4]);
-+    FAIL_IF_NOT_NULL(r);
-+
-+#if 0
-+    PrintRawDataFp(stdout, GET_PKT_DATA(r) + 40, GET_PKT_LEN(r) - 40);
-+#endif
-+
-+    for (int i = 0; i < 5; i++) {
-+        SCFree(packets[i]);
-+    }
-+
-+    DefragDestroy();
-+
-+    PASS;
-+}
-+
- #endif /* UNITTESTS */
- 
- void DefragRegisterTests(void)
-@@ -3048,5 +3158,7 @@ void DefragRegisterTests(void)
-             DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test);
-     UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv4Test_2);
-     UtRegisterTest("DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2", DefragBsdSubsequentOverlapsStartOfOriginalIpv6Test_2);
-+    UtRegisterTest("DefragBsdMissingFragmentIpv4Test", DefragBsdMissingFragmentIpv4Test);
-+    UtRegisterTest("DefragBsdMissingFragmentIpv6Test", DefragBsdMissingFragmentIpv6Test);
- #endif /* UNITTESTS */
- }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-45795.patch b/recipes-ids/suricata/files/CVE-2024-45795.patch
deleted file mode 100644
index 10363c5..0000000
--- a/recipes-ids/suricata/files/CVE-2024-45795.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 72456d359bf3064306b62024c809bb30b162f18c Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Mon, 12 Aug 2024 09:54:43 +0200
-Subject: [PATCH] detect/datasets: implement unset command
-
-Ticket: 7195
-
-Otherwise, Suricata aborted on such a rule
-
-(cherry picked from commit e47598110a557bb9f87ea498d85ba91a45bb0cb6)
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/72456d359bf3064306b62024c809bb30b162f18c && https://github.com/OISF/suricata/commit/96d5c81aed01f2bc0cd3e2e60057d0deb38caa99]
-CVE: CVE-2024-45795
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- doc/userguide/rules/datasets.rst |  2 +-
- src/datasets.c                   | 20 ++++++++++++++++++++
- src/datasets.h                   |  1 +
- src/detect-dataset.c             | 11 +++++++++++
- src/detect-dataset.h             |  5 -----
- 5 files changed, 33 insertions(+), 6 deletions(-)
-
-diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst
-index 647b12e..dd9ecd2 100644
---- a/doc/userguide/rules/datasets.rst
-+++ b/doc/userguide/rules/datasets.rst
-@@ -78,7 +78,7 @@ Syntax::
- 
-     dataset:<cmd>,<name>,<options>;
- 
--    dataset:<set|isset|isnotset>,<name> \
-+    dataset:<set|unset|isset|isnotset>,<name> \
-         [, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
- 
- type <type>
-diff --git a/src/datasets.c b/src/datasets.c
-index d89ed8d..32bcf6e 100644
---- a/src/datasets.c
-+++ b/src/datasets.c
-@@ -1741,3 +1741,23 @@ int DatasetRemoveSerialized(Dataset *set, const char *string)
-     return DatasetOpSerialized(set, string, DatasetRemoveString, DatasetRemoveMd5,
-             DatasetRemoveSha256, DatasetRemoveIPv4, DatasetRemoveIPv6);
- }
-+
-+int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len)
-+{
-+    if (set == NULL)
-+        return -1;
-+
-+    switch (set->type) {
-+        case DATASET_TYPE_STRING:
-+            return DatasetRemoveString(set, data, data_len);
-+        case DATASET_TYPE_MD5:
-+            return DatasetRemoveMd5(set, data, data_len);
-+        case DATASET_TYPE_SHA256:
-+            return DatasetRemoveSha256(set, data, data_len);
-+        case DATASET_TYPE_IPV4:
-+            return DatasetRemoveIPv4(set, data, data_len);
-+        case DATASET_TYPE_IPV6:
-+            return DatasetRemoveIPv6(set, data, data_len);
-+    }
-+    return -1;
-+}
-diff --git a/src/datasets.h b/src/datasets.h
-index af4fc17..0f28a9f 100644
---- a/src/datasets.h
-+++ b/src/datasets.h
-@@ -56,6 +56,7 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type);
- Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
-         uint64_t memcap, uint32_t hashsize);
- int DatasetAdd(Dataset *set, const uint8_t *data, const uint32_t data_len);
-+int DatasetRemove(Dataset *set, const uint8_t *data, const uint32_t data_len);
- int DatasetLookup(Dataset *set, const uint8_t *data, const uint32_t data_len);
- DataRepResultType DatasetLookupwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
-         const DataRepType *rep);
-diff --git a/src/detect-dataset.c b/src/detect-dataset.c
-index 3d29646..aad5cf0 100644
---- a/src/detect-dataset.c
-+++ b/src/detect-dataset.c
-@@ -41,6 +41,11 @@
- #include "util-path.h"
- #include "util-conf.h"
- 
-+#define DETECT_DATASET_CMD_SET      0
-+#define DETECT_DATASET_CMD_UNSET    1
-+#define DETECT_DATASET_CMD_ISNOTSET 2
-+#define DETECT_DATASET_CMD_ISSET    3
-+
- int DetectDatasetMatch (ThreadVars *, DetectEngineThreadCtx *, Packet *,
-         const Signature *, const SigMatchCtx *);
- static int DetectDatasetSetup (DetectEngineCtx *, Signature *, const char *);
-@@ -91,6 +96,12 @@ int DetectDatasetBufferMatch(DetectEngineThreadCtx *det_ctx,
-                 return 1;
-             break;
-         }
-+        case DETECT_DATASET_CMD_UNSET: {
-+            int r = DatasetRemove(sd->set, data, data_len);
-+            if (r == 1)
-+                return 1;
-+            break;
-+        }
-         default:
-             abort();
-     }
-diff --git a/src/detect-dataset.h b/src/detect-dataset.h
-index ca83267..d243552 100644
---- a/src/detect-dataset.h
-+++ b/src/detect-dataset.h
-@@ -26,11 +26,6 @@
- 
- #include "datasets.h"
- 
--#define DETECT_DATASET_CMD_SET      0
--#define DETECT_DATASET_CMD_UNSET    1
--#define DETECT_DATASET_CMD_ISNOTSET 2
--#define DETECT_DATASET_CMD_ISSET    3
--
- typedef struct DetectDatasetData_ {
-     Dataset *set;
-     uint8_t cmd;
--- 
-2.25.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-45796.patch b/recipes-ids/suricata/files/CVE-2024-45796.patch
deleted file mode 100644
index ae00a5f..0000000
--- a/recipes-ids/suricata/files/CVE-2024-45796.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 9203656496c4081260817cce018a0d8fd57869b5 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Mon, 15 Jul 2024 09:52:00 +0200
-Subject: [PATCH] defrag: fix off by one
-
-Ticket: 7067
-
-This off by one could lead to an empty fragment being inserted
-in the rb tree, which led to integer underflow.
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/9203656496c4081260817cce018a0d8fd57869b5]
-CVE: CVE-2024-45796
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/defrag.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/defrag.c b/src/defrag.c
-index 71cf420..38704c9 100644
---- a/src/defrag.c
-+++ b/src/defrag.c
-@@ -808,7 +808,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
-         }
-     }
- 
--    if (ltrim > data_len) {
-+    if (ltrim >= data_len) {
-         /* Full packet has been trimmed due to the overlap policy. Overlap
-          * already set. */
-         goto done;
--- 
-2.25.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-45797.patch b/recipes-ids/suricata/files/CVE-2024-45797.patch
deleted file mode 100644
index 3db4625..0000000
--- a/recipes-ids/suricata/files/CVE-2024-45797.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From 0d550de551b91d5e57ba23e2b1e2c6430fad6818 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <contact@catenacyber.fr>
-Date: Mon, 12 Aug 2024 14:06:40 +0200
-Subject: [PATCH] headers: put a configurable limit on their numbers
-
-So as to avoid quadratic complexity
-
-Ticket: 7191
-
-Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/0d550de551b91d5e57ba23e2b1e2c6430fad6818]
-CVE: CVE-2024-45797
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- htp/htp_config.c           |  8 ++++++++
- htp/htp_config.h           |  8 ++++++++
- htp/htp_config_private.h   |  6 ++++++
- htp/htp_core.h             |  1 +
- htp/htp_request_generic.c  | 11 +++++++++++
- htp/htp_response_generic.c | 10 ++++++++++
- 6 files changed, 44 insertions(+)
-
-diff --git a/htp/htp_config.c b/htp/htp_config.c
-index 767458f..9e0eee3 100644
---- a/htp/htp_config.c
-+++ b/htp/htp_config.c
-@@ -145,6 +145,8 @@ static unsigned char bestfit_1252[] = {
-     0xff, 0x5d, 0x7d, 0xff, 0x5e, 0x7e, 0x00, 0x00, 0x00
- };
- 
-+#define HTP_HEADERS_LIMIT 1024
-+
- htp_cfg_t *htp_config_create(void) {
-     htp_cfg_t *cfg = calloc(1, sizeof (htp_cfg_t));
-     if (cfg == NULL) return NULL;
-@@ -163,6 +165,7 @@ htp_cfg_t *htp_config_create(void) {
-     cfg->response_lzma_layer_limit = 1; // default is only one layer
-     cfg->compression_bomb_limit = HTP_COMPRESSION_BOMB_LIMIT;
-     cfg->compression_time_limit = HTP_COMPRESSION_TIME_LIMIT_USEC;
-+    cfg->number_headers_limit = HTP_HEADERS_LIMIT;
-     cfg->allow_space_uri = 0;
- 
-     // Default settings for URL-encoded data.
-@@ -542,6 +545,11 @@ void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit) {
-     }
- }
- 
-+void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit) {
-+    if (cfg == NULL) return;
-+    cfg->number_headers_limit = limit;
-+}
-+
- void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level) {
-     if (cfg == NULL) return;
-     cfg->log_level = log_level;
-diff --git a/htp/htp_config.h b/htp/htp_config.h
-index d1365dc..ed0eaeb 100644
---- a/htp/htp_config.h
-+++ b/htp/htp_config.h
-@@ -466,6 +466,14 @@ void htp_config_set_compression_time_limit(htp_cfg_t *cfg, size_t useclimit);
-  */
- void htp_config_set_log_level(htp_cfg_t *cfg, enum htp_log_level_t log_level);
- 
-+/**
-+ * Configures the maximum number of headers LibHTP will accept per request or response.
-+ *
-+ * @param[in] cfg
-+ * @param[in] limit
-+ */
-+void htp_config_set_number_headers_limit(htp_cfg_t *cfg, uint32_t limit);
-+
- /**
-  * Configures how the server reacts to encoded NUL bytes. Some servers will stop at
-  * at NUL, while some will respond with 400 or 404. When the termination option is not
-diff --git a/htp/htp_config_private.h b/htp/htp_config_private.h
-index 5f1d60d..ecc8717 100644
---- a/htp/htp_config_private.h
-+++ b/htp/htp_config_private.h
-@@ -360,6 +360,12 @@ struct htp_cfg_t {
- 
-     /** Whether to decompress compressed request bodies. */
-     int request_decompression_enabled;
-+
-+    /** Maximum number of transactions. */
-+    uint32_t max_tx;
-+
-+    /** Maximum number of headers. */
-+    uint32_t number_headers_limit;
- };
- 
- #ifdef	__cplusplus
-diff --git a/htp/htp_core.h b/htp/htp_core.h
-index e4c933e..7c23212 100644
---- a/htp/htp_core.h
-+++ b/htp/htp_core.h
-@@ -235,6 +235,7 @@ enum htp_file_source_t {
- #define HTP_REQUEST_INVALID                0x100000000ULL
- #define HTP_REQUEST_INVALID_C_L            0x200000000ULL
- #define HTP_AUTH_INVALID                   0x400000000ULL
-+#define HTP_HEADERS_TOO_MANY               0x800000000ULL
- 
- #define HTP_MAX_HEADERS_REPETITIONS 64
- 
-diff --git a/htp/htp_request_generic.c b/htp/htp_request_generic.c
-index 435cf0a..1350e57 100644
---- a/htp/htp_request_generic.c
-+++ b/htp/htp_request_generic.c
-@@ -120,6 +120,17 @@ htp_status_t htp_process_request_header_generic(htp_connp_t *connp, unsigned cha
-         bstr_free(h->value);
-         free(h);
-     } else {
-+        if (htp_table_size(connp->in_tx->request_headers) > connp->cfg->number_headers_limit) {
-+            if (!(connp->in_tx->flags & HTP_HEADERS_TOO_MANY)) {
-+                connp->in_tx->flags |= HTP_HEADERS_TOO_MANY;
-+                htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Too many request headers");
-+            }
-+            bstr_free(h->name);
-+            bstr_free(h->value);
-+            free(h);
-+            // give up on what comes next
-+            return HTP_ERROR;
-+        }
-         // Add as a new header.
-         if (htp_table_add(connp->in_tx->request_headers, h->name, h) != HTP_OK) {
-             bstr_free(h->name);
-diff --git a/htp/htp_response_generic.c b/htp/htp_response_generic.c
-index f5fa59e..69da625 100644
---- a/htp/htp_response_generic.c
-+++ b/htp/htp_response_generic.c
-@@ -321,6 +321,16 @@ htp_status_t htp_process_response_header_generic(htp_connp_t *connp, unsigned ch
-         bstr_free(h->value);
-         free(h);       
-     } else {
-+        if (htp_table_size(connp->out_tx->response_headers) > connp->cfg->number_headers_limit) {
-+            if (!(connp->out_tx->flags & HTP_HEADERS_TOO_MANY)) {
-+                connp->out_tx->flags |= HTP_HEADERS_TOO_MANY;
-+                htp_log(connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "Too many response headers");
-+            }
-+            bstr_free(h->name);
-+            bstr_free(h->value);
-+            free(h);
-+            return HTP_ERROR;
-+        }
-         // Add as a new header.
-         if (htp_table_add(connp->out_tx->response_headers, h->name, h) != HTP_OK) {
-             bstr_free(h->name);
--- 
-2.25.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55605.patch b/recipes-ids/suricata/files/CVE-2024-55605.patch
deleted file mode 100644
index c8bfead..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55605.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From f80ebd5a30b02db5915f749f0c067c7adefbbe76 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Thu, 7 Nov 2024 17:49:45 +0100
-Subject: [PATCH] detect/transforms: write directly in inspect buffer
-
-instead of writing to a temporary buffer and then copying,
-to save the cost of copying.
-
-Ticket: 7229
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76 && https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba]
-CVE: CVE-2024-55605
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/detect-engine.c                        | 23 ++++++++++++++++++++--
- src/detect-engine.h                        |  3 ++-
- src/detect-transform-compress-whitespace.c |  8 ++++++--
- src/detect-transform-dotprefix.c           | 10 +++++++---
- src/detect-transform-strip-whitespace.c    |  8 ++++++--
- src/detect-transform-urldecode.c           |  8 ++++++--
- src/detect-transform-xor.c                 |  7 +++++--
- 7 files changed, 53 insertions(+), 14 deletions(-)
-
-diff --git a/src/detect-engine.c b/src/detect-engine.c
-index 141b48a..cdb24d8 100644
---- a/src/detect-engine.c
-+++ b/src/detect-engine.c
-@@ -1647,11 +1647,13 @@ void InspectionBufferFree(InspectionBuffer *buffer)
- /**
-  * \brief make sure that the buffer has at least 'min_size' bytes
-  * Expand the buffer if necessary
-+ *
-+ * \retval pointer to inner buffer to use, or NULL if realloc failed
-  */
--void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
-+uint8_t *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
- {
-     if (likely(buffer->size >= min_size))
--        return;
-+        return buffer->buf;
- 
-     uint32_t new_size = (buffer->size == 0) ? 4096 : buffer->size;
-     while (new_size < min_size) {
-@@ -1662,7 +1664,24 @@ void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
-     if (ptr != NULL) {
-         buffer->buf = ptr;
-         buffer->size = new_size;
-+    } else {
-+        return NULL;
-     }
-+    return buffer->buf;
-+}
-+
-+/**
-+ * \brief set inspect length of inspect buffer
-+ * The inspect buffer may have been overallocated (by strip_whitespace for example)
-+ * so, this sets the final length
-+ */
-+void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len)
-+{
-+    DEBUG_VALIDATE_BUG_ON(buffer->buf == NULL);
-+    DEBUG_VALIDATE_BUG_ON(buf_len > buffer->size);
-+    buffer->inspect = buffer->buf;
-+    buffer->inspect_len = buf_len;
-+    buffer->initialized = true;
- }
- 
- void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len)
-diff --git a/src/detect-engine.h b/src/detect-engine.h
-index 7617e66..04713a7 100644
---- a/src/detect-engine.h
-+++ b/src/detect-engine.h
-@@ -31,7 +31,8 @@ void InspectionBufferInit(InspectionBuffer *buffer, uint32_t initial_size);
- void InspectionBufferSetup(DetectEngineThreadCtx *det_ctx, const int list_id,
-         InspectionBuffer *buffer, const uint8_t *data, const uint32_t data_len);
- void InspectionBufferFree(InspectionBuffer *buffer);
--void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
-+uint8_t *InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size);
-+void InspectionBufferTruncate(InspectionBuffer *buffer, uint32_t buf_len);
- void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
- void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
-         const DetectEngineTransforms *transforms);
-diff --git a/src/detect-transform-compress-whitespace.c b/src/detect-transform-compress-whitespace.c
-index 5cbf0fd..cc78c7e 100644
---- a/src/detect-transform-compress-whitespace.c
-+++ b/src/detect-transform-compress-whitespace.c
-@@ -111,7 +111,11 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
-         return;
-     }
- 
--    uint8_t output[input_len]; // we can only shrink
-+    // we can only shrink
-+    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
-+    if (output == NULL) {
-+        return;
-+    }
-     uint8_t *oi = output, *os = output;
- 
-     //PrintRawDataFp(stdout, input, input_len);
-@@ -132,7 +136,7 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
-     uint32_t output_size = oi - os;
-     //PrintRawDataFp(stdout, output, output_size);
- 
--    InspectionBufferCopy(buffer, os, output_size);
-+    InspectionBufferTruncate(buffer, output_size);
- }
- 
- #ifdef UNITTESTS
-diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c
-index 52a2633..d58e1d4 100644
---- a/src/detect-transform-dotprefix.c
-+++ b/src/detect-transform-dotprefix.c
-@@ -110,11 +110,15 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
-     const size_t input_len = buffer->inspect_len;
- 
-     if (input_len) {
--        uint8_t output[input_len + 1]; // For the leading '.'
-+        // For the leading '.'
-+        uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len + 1);
-+        if (output == NULL) {
-+            return;
-+        }
- 
-+        memmove(&output[1], buffer->inspect, input_len);
-         output[0] = '.';
--        memcpy(&output[1], buffer->inspect, input_len);
--        InspectionBufferCopy(buffer, output, input_len + 1);
-+        InspectionBufferTruncate(buffer, input_len + 1);
-     }
- }
- 
-diff --git a/src/detect-transform-strip-whitespace.c b/src/detect-transform-strip-whitespace.c
-index 32fb96f..6040592 100644
---- a/src/detect-transform-strip-whitespace.c
-+++ b/src/detect-transform-strip-whitespace.c
-@@ -106,7 +106,11 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
-     if (input_len == 0) {
-         return;
-     }
--    uint8_t output[input_len]; // we can only shrink
-+    // we can only shrink
-+    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
-+    if (output == NULL) {
-+        return;
-+    }
-     uint8_t *oi = output, *os = output;
- 
-     //PrintRawDataFp(stdout, input, input_len);
-@@ -119,7 +123,7 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
-     uint32_t output_size = oi - os;
-     //PrintRawDataFp(stdout, output, output_size);
- 
--    InspectionBufferCopy(buffer, os, output_size);
-+    InspectionBufferTruncate(buffer, output_size);
- }
- 
- #ifdef UNITTESTS
-diff --git a/src/detect-transform-urldecode.c b/src/detect-transform-urldecode.c
-index 13ef033..a4e9655 100644
---- a/src/detect-transform-urldecode.c
-+++ b/src/detect-transform-urldecode.c
-@@ -125,12 +125,16 @@ static void TransformUrlDecode(InspectionBuffer *buffer, void *options)
-     if (input_len == 0) {
-         return;
-     }
--    uint8_t output[input_len]; // we can only shrink
-+    // we can only shrink
-+    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
-+    if (output == NULL) {
-+        return;
-+    }
- 
-     changed = BufferUrlDecode(input, input_len, output, &output_size);
- 
-     if (changed) {
--        InspectionBufferCopy(buffer, output, output_size);
-+        InspectionBufferTruncate(buffer, output_size);
-     }
- }
- 
-diff --git a/src/detect-transform-xor.c b/src/detect-transform-xor.c
-index e42700f..18f96df 100644
---- a/src/detect-transform-xor.c
-+++ b/src/detect-transform-xor.c
-@@ -133,12 +133,15 @@ static void DetectTransformXor(InspectionBuffer *buffer, void *options)
-     if (input_len == 0) {
-         return;
-     }
--    uint8_t output[input_len];
-+    uint8_t *output = InspectionBufferCheckAndExpand(buffer, input_len);
-+    if (output == NULL) {
-+        return;
-+    }
- 
-     for (uint32_t i = 0; i < input_len; i++) {
-         output[i] = input[i] ^ pxd->key[i % pxd->length];
-     }
--    InspectionBufferCopy(buffer, output, input_len);
-+    InspectionBufferTruncate(buffer, input_len);
- }
- 
- #ifdef UNITTESTS
--- 
-2.25.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55627-001.patch b/recipes-ids/suricata/files/CVE-2024-55627-001.patch
deleted file mode 100644
index 50b4f06..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55627-001.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Thu, 21 Nov 2024 14:55:32 +0100
-Subject: [PATCH] util/streaming-buffer: fix regions intersection
-
-This was not a problem for current callers in Suricata,
-as RegionsIntersect is only called through StreamingBufferInsertAt
-which is only used by TCP...
-
-And TCP uses default region gap = 256kb, and only calls
-StreamingBufferInsertAt with a u16, so TCP never inserts a new
-data that will strictly contain an existing region augmented
-with region gap, which was the only case where RegionsIntersect
-returned the wrong result, which could later lead to a
-buffer overflow.
-
-Ticket: 7393
-(cherry picked from commit 282509f70c4ce805098e59535af445362e3e9ebd)
-
-CVE: CVE-2024-55627
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/0dc364aef2dec122fc0e7ee4c190864f4cc5f1bd]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/util-streaming-buffer.c | 19 ++++++++-----------
- 1 file changed, 8 insertions(+), 11 deletions(-)
-
-diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
-index 7608b50..d1d20e8 100644
---- a/src/util-streaming-buffer.c
-+++ b/src/util-streaming-buffer.c
-@@ -133,17 +133,14 @@ static inline bool RegionsIntersect(const StreamingBuffer *sb, const StreamingBu
-     SCLogDebug("r %p: %" PRIu64 "/%" PRIu64 " - adjusted %" PRIu64 "/%" PRIu64, r, r->stream_offset,
-             r->stream_offset + r->buf_size, reg_o, reg_re);
-     /* check if data range intersects with region range */
--    if (offset >= reg_o && offset <= reg_re) {
--        SCLogDebug("r %p is in-scope", r);
--        return true;
--    }
--    if (re >= reg_o && re <= reg_re) {
--        SCLogDebug("r %p is in-scope: %" PRIu64 " >= %" PRIu64 " && %" PRIu64 " <= %" PRIu64, r, re,
--                reg_o, re, reg_re);
--        return true;
--    }
--    SCLogDebug("r %p is out of scope: %" PRIu64 "/%" PRIu64, r, offset, re);
--    return false;
-+    /* [offset:re] and [reg_o:reg_re] do not intersect if and only if
-+     * re < reg_o or if reg_re < offset (one segment is strictly before the other)
-+     * trusting that offset<=re and reg_o<=reg_re
-+     */
-+    if (re < reg_o || reg_re < offset) {
-+        return false;
-+    }
-+    return true;
- }
- 
- /** \internal
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55627-002.patch b/recipes-ids/suricata/files/CVE-2024-55627-002.patch
deleted file mode 100644
index 8e2ca6b..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55627-002.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 949bfeca0e5f92212dc3d79f4a87c7c482d376aa Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Thu, 21 Nov 2024 15:17:21 +0100
-Subject: [PATCH] util/streaming-buffer: check need to grow region
-
-Ticket: 7393
-
-As it was possible before earlier patches to get here
-with mem_size lesser than start->buf_size,
-which caused then an unsigned underflow and a buffer overflow.
-
-(cherry picked from commit 8900041405dbb5f9584edae994af2100733fb4be)
-
-CVE: CVE-2024-55627
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/949bfeca0e5f92212dc3d79f4a87c7c482d376aa]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/util-streaming-buffer.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
-index d1d20e8..2625e49 100644
---- a/src/util-streaming-buffer.c
-+++ b/src/util-streaming-buffer.c
-@@ -931,9 +931,13 @@ static inline void StreamingBufferSlideToOffsetWithRegions(
-                     goto done;
-                 } else {
-                     /* using "main", expand to include "next" */
--                    if (GrowRegionToSize(sb, cfg, start, mem_size) != 0) {
--                        new_mem_size = new_data_size;
--                        goto just_main;
-+                    if (mem_size > start->buf_size) {
-+                        // Check that start->buf_size is actually not big enough
-+                        // As mem_size computation and earlier checks do not make it clear.
-+                        if (GrowRegionToSize(sb, cfg, start, mem_size) != 0) {
-+                            new_mem_size = new_data_size;
-+                            goto just_main;
-+                        }
-                     }
-                     SCLogDebug("start->buf now size %u", mem_size);
- 
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55627-003.patch b/recipes-ids/suricata/files/CVE-2024-55627-003.patch
deleted file mode 100644
index 63d5016..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55627-003.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Thu, 21 Nov 2024 15:20:44 +0100
-Subject: [PATCH] util/streaming-buffer: add extra safety check
-
-Ticket: 7393
-
-Check if GrowRegionToSize is called with an argument
-trying to shrink the region size, and if so do nothing,
-ie do not try to shrink, and just return ok.
-
-This way, we avoid a buffer overflow from memeset using an
-unsigned having underflowed.
-
-(cherry picked from commit 9a53ec43b13f0039a083950511a18bf6f408e432)
-
-CVE: CVE-2024-55627
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/7d47fcf7f7fefacd2b0d8f482534a83b35a3c45e]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/util-streaming-buffer.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
-index 2625e49..077f8af 100644
---- a/src/util-streaming-buffer.c
-+++ b/src/util-streaming-buffer.c
-@@ -715,6 +715,10 @@ static inline int WARN_UNUSED GrowRegionToSize(StreamingBuffer *sb,
-     /* try to grow in multiples of cfg->buf_size */
-     const uint32_t grow = ToNextMultipleOf(size, cfg->buf_size);
-     SCLogDebug("grow %u", grow);
-+    if (grow <= region->buf_size) {
-+        // do not try to shrink, and do not memset with diff having unsigned underflow
-+        return SC_OK;
-+    }
- 
-     void *ptr = REALLOC(cfg, region->buf, region->buf_size, grow);
-     if (ptr == NULL) {
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-001.patch b/recipes-ids/suricata/files/CVE-2024-55628-001.patch
deleted file mode 100644
index 6371729..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55628-001.patch
+++ /dev/null
@@ -1,738 +0,0 @@
-From 58c41a7fa99f62d9a8688e970ab1a9b09c79723a Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Thu, 31 Oct 2024 15:40:40 -0600
-Subject: [PATCH] dns: truncate names larger than 1025 characters
-
-Once a name has gone over 1025 chars it will be truncated to 1025
-chars and no more labels will be added to it, however the name will
-continue to be parsed up to the label limit in attempt to find the end
-so parsing can continue.
-
-This introduces a new struct, DNSName which contains the name and any
-flags which indicate any name parsing errors which should not error
-out parsing the complete message, for example, infinite recursion
-after some labels are parsed can continue, or truncation of name where
-compression was used so we know the start of the next data to be
-parsed.
-
-This limits the logged DNS messages from being over our maximum size
-of 10Mb in the case of really long names.
-
-Ticket: #7280
-
-CVE: CVE-2024-55628
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/58c41a7fa99f62d9a8688e970ab1a9b09c79723a]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- rust/src/dns/dns.rs    |  41 +++++---
- rust/src/dns/log.rs    |  41 ++++----
- rust/src/dns/lua.rs    |  36 ++++---
- rust/src/dns/parser.rs | 231 ++++++++++++++++++++++++++++++++++++-----
- 4 files changed, 277 insertions(+), 72 deletions(-)
-
-diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
-index 382c76a..680bf7e 100644
---- a/rust/src/dns/dns.rs
-+++ b/rust/src/dns/dns.rs
-@@ -144,7 +144,7 @@ pub struct DNSHeader {
- 
- #[derive(Debug)]
- pub struct DNSQueryEntry {
--    pub name: Vec<u8>,
-+    pub name: DNSName,
-     pub rrtype: u16,
-     pub rrclass: u16,
- }
-@@ -152,9 +152,9 @@ pub struct DNSQueryEntry {
- #[derive(Debug, PartialEq, Eq)]
- pub struct DNSRDataSOA {
-     /// Primary name server for this zone
--    pub mname: Vec<u8>,
-+    pub mname: DNSName,
-     /// Authority's mailbox
--    pub rname: Vec<u8>,
-+    pub rname: DNSName,
-     /// Serial version number
-     pub serial: u32,
-     /// Refresh interval (seconds)
-@@ -186,7 +186,22 @@ pub struct DNSRDataSRV {
-     /// Port
-     pub port: u16,
-     /// Target
--    pub target: Vec<u8>,
-+    pub target: DNSName,
-+}
-+
-+bitflags! {
-+    #[derive(Default)]
-+    pub struct DNSNameFlags: u8 {
-+        const INFINITE_LOOP = 0b0000_0001;
-+        const TRUNCATED     = 0b0000_0010;
-+        const LABEL_LIMIT   = 0b0000_0100;
-+    }
-+}
-+
-+#[derive(Debug, Clone, PartialEq, Eq)]
-+pub struct DNSName {
-+    pub value: Vec<u8>,
-+    pub flags: DNSNameFlags,
- }
- 
- /// Represents RData of various formats
-@@ -196,10 +211,10 @@ pub enum DNSRData {
-     A(Vec<u8>),
-     AAAA(Vec<u8>),
-     // RData is a domain name
--    CNAME(Vec<u8>),
--    PTR(Vec<u8>),
--    MX(Vec<u8>),
--    NS(Vec<u8>),
-+    CNAME(DNSName),
-+    PTR(DNSName),
-+    MX(DNSName),
-+    NS(DNSName),
-     // RData is text
-     TXT(Vec<u8>),
-     NULL(Vec<u8>),
-@@ -213,7 +228,7 @@ pub enum DNSRData {
- 
- #[derive(Debug, PartialEq, Eq)]
- pub struct DNSAnswerEntry {
--    pub name: Vec<u8>,
-+    pub name: DNSName,
-     pub rrtype: u16,
-     pub rrclass: u16,
-     pub ttl: u32,
-@@ -871,9 +886,9 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name(
-     if let Some(request) = &tx.request {
-         if (i as usize) < request.queries.len() {
-             let query = &request.queries[i as usize];
--            if !query.name.is_empty() {
--                *len = query.name.len() as u32;
--                *buf = query.name.as_ptr();
-+            if !query.name.value.is_empty() {
-+                *len = query.name.value.len() as u32;
-+                *buf = query.name.value.as_ptr();
-                 return 1;
-             }
-         }
-@@ -904,7 +919,7 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_rrtype(
-     if let Some(request) = &tx.request {
-         if (i as usize) < request.queries.len() {
-             let query = &request.queries[i as usize];
--            if !query.name.is_empty() {
-+            if !query.name.value.is_empty() {
-                 *rrtype = query.rrtype;
-                 return 1;
-             }
-diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
-index 5212b1a..6bf9589 100644
---- a/rust/src/dns/log.rs
-+++ b/rust/src/dns/log.rs
-@@ -398,8 +398,8 @@ pub fn dns_print_addr(addr: &Vec<u8>) -> std::string::String {
- fn dns_log_soa(soa: &DNSRDataSOA) -> Result<JsonBuilder, JsonError> {
-     let mut js = JsonBuilder::try_new_object()?;
- 
--    js.set_string_from_bytes("mname", &soa.mname)?;
--    js.set_string_from_bytes("rname", &soa.rname)?;
-+    js.set_string_from_bytes("mname", &soa.mname.value)?;
-+    js.set_string_from_bytes("rname", &soa.rname.value)?;
-     js.set_uint("serial", soa.serial as u64)?;
-     js.set_uint("refresh", soa.refresh as u64)?;
-     js.set_uint("retry", soa.retry as u64)?;
-@@ -434,7 +434,7 @@ fn dns_log_srv(srv: &DNSRDataSRV) -> Result<JsonBuilder, JsonError> {
-     js.set_uint("priority", srv.priority as u64)?;
-     js.set_uint("weight", srv.weight as u64)?;
-     js.set_uint("port", srv.port as u64)?;
--    js.set_string_from_bytes("name", &srv.target)?;
-+    js.set_string_from_bytes("name", &srv.target.value)?;
- 
-     js.close()?;
-     return Ok(js);
-@@ -443,7 +443,7 @@ fn dns_log_srv(srv: &DNSRDataSRV) -> Result<JsonBuilder, JsonError> {
- fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, JsonError> {
-     let mut jsa = JsonBuilder::try_new_object()?;
- 
--    jsa.set_string_from_bytes("rrname", &answer.name)?;
-+    jsa.set_string_from_bytes("rrname", &answer.name.value)?;
-     jsa.set_string("rrtype", &dns_rrtype_string(answer.rrtype))?;
-     jsa.set_uint("ttl", answer.ttl as u64)?;
- 
-@@ -451,12 +451,10 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, Js
-         DNSRData::A(addr) | DNSRData::AAAA(addr) => {
-             jsa.set_string("rdata", &dns_print_addr(addr))?;
-         }
--        DNSRData::CNAME(bytes)
--        | DNSRData::MX(bytes)
--        | DNSRData::NS(bytes)
--        | DNSRData::TXT(bytes)
--        | DNSRData::NULL(bytes)
--        | DNSRData::PTR(bytes) => {
-+        DNSRData::CNAME(name) | DNSRData::MX(name) | DNSRData::NS(name) | DNSRData::PTR(name) => {
-+            jsa.set_string_from_bytes("rdata", &name.value)?;
-+        }
-+        DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => {
-             jsa.set_string_from_bytes("rdata", bytes)?;
-         }
-         DNSRData::SOA(soa) => {
-@@ -507,7 +505,7 @@ fn dns_log_json_answer(
-     js.set_uint("opcode", opcode as u64)?;
- 
-     if let Some(query) = response.queries.first() {
--        js.set_string_from_bytes("rrname", &query.name)?;
-+        js.set_string_from_bytes("rrname", &query.name.value)?;
-         js.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
-     }
-     js.set_string("rcode", &dns_rcode_string(header.flags))?;
-@@ -530,12 +528,19 @@ fn dns_log_json_answer(
-                             a.append_string(&dns_print_addr(addr))?;
-                         }
-                     }
--                    DNSRData::CNAME(bytes)
--                    | DNSRData::MX(bytes)
--                    | DNSRData::NS(bytes)
--                    | DNSRData::TXT(bytes)
--                    | DNSRData::NULL(bytes)
--                    | DNSRData::PTR(bytes) => {
-+                    DNSRData::CNAME(name)
-+                    | DNSRData::MX(name)
-+                    | DNSRData::NS(name)
-+                    | DNSRData::PTR(name) => {
-+                        if !answer_types.contains_key(&type_string) {
-+                            answer_types
-+                                .insert(type_string.to_string(), JsonBuilder::try_new_array()?);
-+                        }
-+                        if let Some(a) = answer_types.get_mut(&type_string) {
-+                            a.append_string_from_bytes(&name.value)?;
-+                        }
-+                    }
-+                    DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => {
-                         if !answer_types.contains_key(&type_string) {
-                             answer_types.insert(type_string.to_string(), JsonBuilder::try_new_array()?);
-                         }
-@@ -614,7 +619,7 @@ fn dns_log_query(
-             if dns_log_rrtype_enabled(query.rrtype, flags) {
-                 jb.set_string("type", "query")?;
-                 jb.set_uint("id", request.header.tx_id as u64)?;
--                jb.set_string_from_bytes("rrname", &query.name)?;
-+                jb.set_string_from_bytes("rrname", &query.name.value)?;
-                 jb.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
-                 jb.set_uint("tx_id", tx.id - 1)?;
-                 if request.header.flags & 0x0040 != 0 {
-diff --git a/rust/src/dns/lua.rs b/rust/src/dns/lua.rs
-index b9935f8..f7b0c15 100644
---- a/rust/src/dns/lua.rs
-+++ b/rust/src/dns/lua.rs
-@@ -34,12 +34,12 @@ pub extern "C" fn rs_dns_lua_get_rrname(clua: &mut CLuaState, tx: &mut DNSTransa
- 
-     if let Some(request) = &tx.request {
-         if let Some(query) = request.queries.first() {
--            lua.pushstring(&String::from_utf8_lossy(&query.name));
-+            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
-             return 1;
-         }
-     } else if let Some(response) = &tx.response {
-         if let Some(query) = response.queries.first() {
--            lua.pushstring(&String::from_utf8_lossy(&query.name));
-+            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
-             return 1;
-         }
-     }
-@@ -86,7 +86,7 @@ pub extern "C" fn rs_dns_lua_get_query_table(
-             lua.settable(-3);
- 
-             lua.pushstring("rrname");
--            lua.pushstring(&String::from_utf8_lossy(&query.name));
-+            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
-             lua.settable(-3);
- 
-             lua.settable(-3);
-@@ -103,7 +103,7 @@ pub extern "C" fn rs_dns_lua_get_query_table(
-             lua.settable(-3);
- 
-             lua.pushstring("rrname");
--            lua.pushstring(&String::from_utf8_lossy(&query.name));
-+            lua.pushstring(&String::from_utf8_lossy(&query.name.value));
-             lua.settable(-3);
- 
-             lua.settable(-3);
-@@ -142,11 +142,11 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
-             lua.settable(-3);
- 
-             lua.pushstring("rrname");
--            lua.pushstring(&String::from_utf8_lossy(&answer.name));
-+            lua.pushstring(&String::from_utf8_lossy(&answer.name.value));
-             lua.settable(-3);
- 
-             // All rdata types are pushed to "addr" for backwards compatibility
--            match answer.data {
-+            match &answer.data {
-                 DNSRData::A(ref bytes) | DNSRData::AAAA(ref bytes) => {
-                     if !bytes.is_empty() {
-                         lua.pushstring("addr");
-@@ -154,12 +154,18 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
-                         lua.settable(-3);
-                     }
-                 }
--                DNSRData::CNAME(ref bytes)
--                | DNSRData::MX(ref bytes)
--                | DNSRData::NS(ref bytes)
--                | DNSRData::TXT(ref bytes)
-+                DNSRData::CNAME(name)
-+                | DNSRData::MX(name)
-+                | DNSRData::NS(name)
-+                | DNSRData::PTR(name) => {
-+                    if !name.value.is_empty() {
-+                        lua.pushstring("addr");
-+                        lua.pushstring(&String::from_utf8_lossy(&name.value));
-+                        lua.settable(-3);
-+                    }
-+                }
-+                DNSRData::TXT(ref bytes)
-                 | DNSRData::NULL(ref bytes)
--                | DNSRData::PTR(ref bytes)
-                 | DNSRData::Unknown(ref bytes) => {
-                     if !bytes.is_empty() {
-                         lua.pushstring("addr");
-@@ -168,9 +174,9 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
-                     }
-                 }
-                 DNSRData::SOA(ref soa) => {
--                    if !soa.mname.is_empty() {
-+                    if !soa.mname.value.is_empty() {
-                         lua.pushstring("addr");
--                        lua.pushstring(&String::from_utf8_lossy(&soa.mname));
-+                        lua.pushstring(&String::from_utf8_lossy(&soa.mname.value));
-                         lua.settable(-3);
-                     }
-                 }
-@@ -181,7 +187,7 @@ pub extern "C" fn rs_dns_lua_get_answer_table(
-                 }
-                 DNSRData::SRV(ref srv) => {
-                     lua.pushstring("addr");
--                    lua.pushstring(&String::from_utf8_lossy(&srv.target));
-+                    lua.pushstring(&String::from_utf8_lossy(&srv.target.value));
-                     lua.settable(-3);
-                 }
-             }
-@@ -221,7 +227,7 @@ pub extern "C" fn rs_dns_lua_get_authority_table(
-             lua.settable(-3);
- 
-             lua.pushstring("rrname");
--            lua.pushstring(&String::from_utf8_lossy(&answer.name));
-+            lua.pushstring(&String::from_utf8_lossy(&answer.name.value));
-             lua.settable(-3);
- 
-             lua.settable(-3);
-diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs
-index a1d97a5..12929bc 100644
---- a/rust/src/dns/parser.rs
-+++ b/rust/src/dns/parser.rs
-@@ -45,16 +45,48 @@ pub fn dns_parse_header(i: &[u8]) -> IResult<&[u8], DNSHeader> {
-     ))
- }
- 
-+// Set a maximum assembled hostname length of 1025, this value was
-+// chosen as its what DNSMasq uses, a popular DNS server, even if most
-+// tooling limits names to 256 chars without special options.
-+static MAX_NAME_LEN: usize = 1025;
-+
- /// Parse a DNS name.
- ///
-+/// Names are parsed with the following restrictions:
-+///
-+/// - Only 255 segments will be processed, if more the parser may
-+///   error out. This is also our safeguard against an infinite loop. If
-+///   a pointer had been followed a truncated name will be
-+///   returned. However if pointer has been processed we error out as we
-+///   don't know where the next data point starts without more
-+///   iterations.
-+///
-+/// - The maximum name parsed in representation format is MAX_NAME_LEN
-+///   characters. Once larger, the truncated name will be returned with
-+///   a flag specifying the name was truncated. Note that parsing
-+///   continues if no pointer has been used as we still need to find the
-+///   start of the next protocol unit.
-+///
-+/// As some error in parsing the name are recoverable, a DNSName
-+/// object is returned with flags signifying a recoverable
-+/// error. These errors include:
-+///
-+/// - infinite loop: as we know the end of the name in the input
-+///   stream, we can return what we've parsed with the remain data.
-+///
-+/// - maximum number of segments/labels parsed
-+///
-+/// - truncation of name when too long
-+///
- /// Parameters:
- ///   start: the start of the name
- ///   message: the complete message that start is a part of with the DNS header
--pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], Vec<u8>> {
-+pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], DNSName> {
-     let mut pos = start;
-     let mut pivot = start;
-     let mut name: Vec<u8> = Vec::with_capacity(32);
-     let mut count = 0;
-+    let mut flags = DNSNameFlags::default();
- 
-     loop {
-         if pos.is_empty() {
-@@ -68,10 +100,12 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
-             break;
-         } else if len & 0b1100_0000 == 0 {
-             let (rem, label) = length_data(be_u8)(pos)?;
--            if !name.is_empty() {
--                name.push(b'.');
-+            if !flags.contains(DNSNameFlags::TRUNCATED) {
-+                if !name.is_empty() {
-+                    name.push(b'.');
-+                }
-+                name.extend(label);
-             }
--            name.extend(label);
-             pos = rem;
-         } else if len & 0b1100_0000 == 0b1100_0000 {
-             let (rem, leader) = be_u16(pos)?;
-@@ -79,6 +113,21 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
-             if offset > message.len() {
-                 return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit)));
-             }
-+
-+            if &message[offset..] == pos {
-+                // Self reference, immedate infinite loop.
-+                flags.insert(DNSNameFlags::INFINITE_LOOP);
-+
-+                // If we have followed a pointer, we can just break as
-+                // we've already found the end of the input. But if we
-+                // have not followed a pointer yet return a parse
-+                // error.
-+                if pivot != start {
-+                    break;
-+                }
-+                return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit)));
-+            }
-+
-             pos = &message[offset..];
-             if pivot == start {
-                 pivot = rem;
-@@ -89,19 +138,43 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
- 
-         // Return error if we've looped a certain number of times.
-         count += 1;
-+
-         if count > 255 {
-+            flags.insert(DNSNameFlags::LABEL_LIMIT);
-+
-+            // Our segment limit has been reached, if we have hit a
-+            // pointer we can just return the truncated name. If we
-+            // have not hit a pointer, we need to bail with an error.
-+            if pivot != start {
-+                flags.insert(DNSNameFlags::TRUNCATED);
-+                break;
-+            }
-             return Err(Err::Error(error_position!(pos, ErrorKind::OctDigit)));
-         }
-+
-+        if name.len() > MAX_NAME_LEN {
-+            name.truncate(MAX_NAME_LEN);
-+            flags.insert(DNSNameFlags::TRUNCATED);
-+
-+            // If we have pivoted due to a pointer we know where the
-+            // end of the data is, so we can break early. Otherwise
-+            // we'll keep parsing in hopes to find the end of the name
-+            // so parsing can continue.
-+            if pivot != start {
-+                break;
-+            }
-+        }
-     }
- 
-     // If we followed a pointer we return the position after the first
-     // pointer followed. Is there a better way to see if these slices
-     // diverged from each other?  A straight up comparison would
-     // actually check the contents.
--    if pivot.len() != start.len() {
--        return Ok((pivot, name));
-+    if pivot != start {
-+        Ok((pivot, DNSName { value: name, flags }))
-+    } else {
-+        Ok((pos, DNSName { value: name, flags }))
-     }
--    return Ok((pos, name));
- }
- 
- /// Parse answer entries.
-@@ -121,7 +194,7 @@ fn dns_parse_answer<'a>(
-     let mut input = slice;
- 
-     struct Answer<'a> {
--        name: Vec<u8>,
-+        name: DNSName,
-         rrtype: u16,
-         rrclass: u16,
-         ttl: u32,
-@@ -375,7 +448,7 @@ mod tests {
-         ];
-         let expected_remainder: &[u8] = &[0x00, 0x01, 0x00];
-         let (remainder, name) = dns_parse_name(buf, buf).unwrap();
--        assert_eq!("client-cf.dropbox.com".as_bytes(), &name[..]);
-+        assert_eq!("client-cf.dropbox.com".as_bytes(), &name.value[..]);
-         assert_eq!(remainder, expected_remainder);
-     }
- 
-@@ -411,7 +484,13 @@ mod tests {
-         let res1 = dns_parse_name(start1, message);
-         assert_eq!(
-             res1,
--            Ok((&start1[22..], "www.suricata-ids.org".as_bytes().to_vec()))
-+            Ok((
-+                &start1[22..],
-+                DNSName {
-+                    value: "www.suricata-ids.org".as_bytes().to_vec(),
-+                    flags: DNSNameFlags::default(),
-+                }
-+            ))
-         );
- 
-         // The second name starts at offset 80, but is just a pointer
-@@ -420,7 +499,13 @@ mod tests {
-         let res2 = dns_parse_name(start2, message);
-         assert_eq!(
-             res2,
--            Ok((&start2[2..], "www.suricata-ids.org".as_bytes().to_vec()))
-+            Ok((
-+                &start2[2..],
-+                DNSName {
-+                    value: "www.suricata-ids.org".as_bytes().to_vec(),
-+                    flags: DNSNameFlags::default()
-+                }
-+            ))
-         );
- 
-         // The third name starts at offset 94, but is a pointer to a
-@@ -429,7 +514,13 @@ mod tests {
-         let res3 = dns_parse_name(start3, message);
-         assert_eq!(
-             res3,
--            Ok((&start3[2..], "suricata-ids.org".as_bytes().to_vec()))
-+            Ok((
-+                &start3[2..],
-+                DNSName {
-+                    value: "suricata-ids.org".as_bytes().to_vec(),
-+                    flags: DNSNameFlags::default()
-+                }
-+            ))
-         );
- 
-         // The fourth name starts at offset 110, but is a pointer to a
-@@ -438,7 +529,13 @@ mod tests {
-         let res4 = dns_parse_name(start4, message);
-         assert_eq!(
-             res4,
--            Ok((&start4[2..], "suricata-ids.org".as_bytes().to_vec()))
-+            Ok((
-+                &start4[2..],
-+                DNSName {
-+                    value: "suricata-ids.org".as_bytes().to_vec(),
-+                    flags: DNSNameFlags::default()
-+                }
-+            ))
-         );
-     }
- 
-@@ -473,7 +570,13 @@ mod tests {
-         let res = dns_parse_name(start, message);
-         assert_eq!(
-             res,
--            Ok((&start[2..], "block.g1.dropbox.com".as_bytes().to_vec()))
-+            Ok((
-+                &start[2..],
-+                DNSName {
-+                    value: "block.g1.dropbox.com".as_bytes().to_vec(),
-+                    flags: DNSNameFlags::default()
-+                }
-+            ))
-         );
-     }
- 
-@@ -512,7 +615,7 @@ mod tests {
-                 assert_eq!(request.queries.len(), 1);
- 
-                 let query = &request.queries[0];
--                assert_eq!(query.name, "www.suricata-ids.org".as_bytes().to_vec());
-+                assert_eq!(query.name.value, "www.suricata-ids.org".as_bytes().to_vec());
-                 assert_eq!(query.rrtype, 1);
-                 assert_eq!(query.rrclass, 1);
-             }
-@@ -569,20 +672,26 @@ mod tests {
-                 assert_eq!(response.answers.len(), 3);
- 
-                 let answer1 = &response.answers[0];
--                assert_eq!(answer1.name, "www.suricata-ids.org".as_bytes().to_vec());
-+                assert_eq!(answer1.name.value, "www.suricata-ids.org".as_bytes().to_vec());
-                 assert_eq!(answer1.rrtype, 5);
-                 assert_eq!(answer1.rrclass, 1);
-                 assert_eq!(answer1.ttl, 3544);
-                 assert_eq!(
-                     answer1.data,
--                    DNSRData::CNAME("suricata-ids.org".as_bytes().to_vec())
-+                    DNSRData::CNAME(DNSName {
-+                        value: "suricata-ids.org".as_bytes().to_vec(),
-+                        flags: Default::default(),
-+                    })
-                 );
- 
-                 let answer2 = &response.answers[1];
-                 assert_eq!(
-                     answer2,
-                     &DNSAnswerEntry {
--                        name: "suricata-ids.org".as_bytes().to_vec(),
-+                        name: DNSName {
-+                            value: "suricata-ids.org".as_bytes().to_vec(),
-+                            flags: Default::default(),
-+                        },
-                         rrtype: 1,
-                         rrclass: 1,
-                         ttl: 244,
-@@ -594,7 +703,10 @@ mod tests {
-                 assert_eq!(
-                     answer3,
-                     &DNSAnswerEntry {
--                        name: "suricata-ids.org".as_bytes().to_vec(),
-+                        name: DNSName {
-+                            value: "suricata-ids.org".as_bytes().to_vec(),
-+                            flags: Default::default(),
-+                        },
-                         rrtype: 1,
-                         rrclass: 1,
-                         ttl: 244,
-@@ -653,15 +765,21 @@ mod tests {
-                 assert_eq!(response.authorities.len(), 1);
- 
-                 let authority = &response.authorities[0];
--                assert_eq!(authority.name, "oisf.net".as_bytes().to_vec());
-+                assert_eq!(authority.name.value, "oisf.net".as_bytes().to_vec());
-                 assert_eq!(authority.rrtype, 6);
-                 assert_eq!(authority.rrclass, 1);
-                 assert_eq!(authority.ttl, 899);
-                 assert_eq!(
-                     authority.data,
-                     DNSRData::SOA(DNSRDataSOA {
--                        mname: "ns-110.awsdns-13.com".as_bytes().to_vec(),
--                        rname: "awsdns-hostmaster.amazon.com".as_bytes().to_vec(),
-+                        mname: DNSName {
-+                            value: "ns-110.awsdns-13.com".as_bytes().to_vec(),
-+                            flags: DNSNameFlags::default()
-+                        },
-+                        rname: DNSName {
-+                            value: "awsdns-hostmaster.amazon.com".as_bytes().to_vec(),
-+                            flags: DNSNameFlags::default()
-+                        },
-                         serial: 1,
-                         refresh: 7200,
-                         retry: 900,
-@@ -712,14 +830,14 @@ mod tests {
- 
-                 assert_eq!(response.queries.len(), 1);
-                 let query = &response.queries[0];
--                assert_eq!(query.name, "vaaaakardli.pirate.sea".as_bytes().to_vec());
-+                assert_eq!(query.name.value, "vaaaakardli.pirate.sea".as_bytes().to_vec());
-                 assert_eq!(query.rrtype, DNS_RECORD_TYPE_NULL);
-                 assert_eq!(query.rrclass, 1);
- 
-                 assert_eq!(response.answers.len(), 1);
- 
-                 let answer = &response.answers[0];
--                assert_eq!(answer.name, "vaaaakardli.pirate.sea".as_bytes().to_vec());
-+                assert_eq!(answer.name.value, "vaaaakardli.pirate.sea".as_bytes().to_vec());
-                 assert_eq!(answer.rrtype, DNS_RECORD_TYPE_NULL);
-                 assert_eq!(answer.rrclass, 1);
-                 assert_eq!(answer.ttl, 0);
-@@ -819,7 +937,7 @@ mod tests {
-                         assert_eq!(srv.weight, 1);
-                         assert_eq!(srv.port, 5060);
-                         assert_eq!(
--                            srv.target,
-+                            srv.target.value,
-                             "sip-anycast-2.voice.google.com".as_bytes().to_vec()
-                         );
-                     }
-@@ -834,7 +952,7 @@ mod tests {
-                         assert_eq!(srv.weight, 1);
-                         assert_eq!(srv.port, 5060);
-                         assert_eq!(
--                            srv.target,
-+                            srv.target.value,
-                             "sip-anycast-1.voice.google.com".as_bytes().to_vec()
-                         );
-                     }
-@@ -848,4 +966,65 @@ mod tests {
-             }
-         }
-     }
-+
-+    #[test]
-+    fn test_dns_parse_name_truncated() {
-+        // Generate a non-compressed hostname over our maximum of 1024.
-+        let mut buf: Vec<u8> = vec![];
-+        for _ in 0..17 {
-+            buf.push(0b0011_1111);
-+            for _ in 0..63 {
-+                buf.push(b'a');
-+            }
-+        }
-+
-+        let (rem, name) = dns_parse_name(&buf, &buf).unwrap();
-+        assert_eq!(name.value.len(), MAX_NAME_LEN);
-+        assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
-+        assert!(rem.is_empty());
-+    }
-+
-+    #[test]
-+    fn test_dns_parse_name_truncated_max_segments_no_pointer() {
-+        let mut buf: Vec<u8> = vec![];
-+        for _ in 0..256 {
-+            buf.push(0b0000_0001);
-+            buf.push(b'a');
-+        }
-+
-+        // This should fail as we've hit the segment limit without a
-+        // pointer, we'd need to keep parsing more segments to figure
-+        // out where the next data point lies.
-+        assert!(dns_parse_name(&buf, &buf).is_err());
-+    }
-+
-+    #[test]
-+    fn test_dns_parse_name_truncated_max_segments_with_pointer() {
-+        let mut buf: Vec<u8> = vec![];
-+
-+        // "a" at the beginning of the buffer.
-+        buf.push(0b0000_0001);
-+        buf.push(b'a');
-+
-+        // Followed by a pointer back to the beginning.
-+        buf.push(0b1100_0000);
-+        buf.push(0b0000_0000);
-+
-+        // The start of the name, which is pointer to the beginning of
-+        // the buffer.
-+        buf.push(0b1100_0000);
-+        buf.push(0b000_0000);
-+
-+        let (_rem, name) = dns_parse_name(&buf[4..], &buf).unwrap();
-+        assert_eq!(name.value.len(), 255);
-+        assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
-+    }
-+
-+    #[test]
-+    fn test_dns_parse_name_self_reference() {
-+        let mut buf = vec![];
-+        buf.push(0b1100_0000);
-+        buf.push(0b0000_0000);
-+        assert!(dns_parse_name(&buf, &buf).is_err());
-+    }
- }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-002.patch b/recipes-ids/suricata/files/CVE-2024-55628-002.patch
deleted file mode 100644
index 7bade5d..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55628-002.patch
+++ /dev/null
@@ -1,4877 +0,0 @@
-From 284ad462fcb2e47f1518a1abc19e27ca84c6972e Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <contact@catenacyber.fr>
-Date: Thu, 12 May 2022 20:31:25 +0200
-Subject: [PATCH] output: adds schema.json
-
-Ticket: #1369
-
-CVE: CVE-2024-55628
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/284ad462fcb2e47f1518a1abc19e27ca84c6972e]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- etc/schema.json | 4853 +++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 4853 insertions(+)
- create mode 100644 etc/schema.json
-
-diff --git a/etc/schema.json b/etc/schema.json
-new file mode 100644
-index 0000000..99f419f
---- /dev/null
-+++ b/etc/schema.json
-@@ -0,0 +1,4853 @@
-+{
-+    "type": "object",
-+    "properties": {
-+        "app_proto": {
-+            "type": "string",
-+            "optional": true
-+        },
-+        "app_proto_expected": {
-+            "type": "string"
-+        },
-+        "app_proto_orig": {
-+            "type": "string"
-+        },
-+        "app_proto_tc": {
-+            "type": "string"
-+        },
-+        "app_proto_ts": {
-+            "type": "string"
-+        },
-+        "community_id": {
-+            "type": "string"
-+        },
-+        "dest_ip": {
-+            "type": "string",
-+            "optional": true
-+        },
-+        "dest_port": {
-+            "type": "integer",
-+            "optional": true
-+        },
-+        "event_type": {
-+            "type": "string",
-+            "optional": false
-+        },
-+        "flow_id": {
-+            "type": "integer",
-+            "optional": true
-+        },
-+        "icmp_code": {
-+            "type": "integer"
-+        },
-+        "icmp_type": {
-+            "type": "integer"
-+        },
-+        "log_level": {
-+            "type": "string"
-+        },
-+        "packet": {
-+            "type": "string"
-+        },
-+        "parent_id": {
-+            "type": "integer"
-+        },
-+        "payload": {
-+            "type": "string"
-+        },
-+        "payload_printable": {
-+            "type": "string"
-+        },
-+        "pcap_cnt": {
-+            "type": "integer",
-+            "optional": true
-+        },
-+        "pkt_src": {
-+            "type": "string"
-+        },
-+        "proto": {
-+            "type": "string",
-+            "optional": true
-+        },
-+        "response_icmp_code": {
-+            "type": "integer"
-+        },
-+        "response_icmp_type": {
-+            "type": "integer"
-+        },
-+        "spi": {
-+            "type": "integer"
-+        },
-+        "src_ip": {
-+            "type": "string",
-+            "optional": true
-+        },
-+        "src_port": {
-+            "type": "integer",
-+            "optional": true
-+        },
-+        "stream": {
-+            "type": "integer"
-+        },
-+        "timestamp": {
-+            "type": "string",
-+            "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[+\\-]\\d+$",
-+            "optional": false
-+        },
-+        "tx_id": {
-+            "type": "integer",
-+            "optional": true
-+        },
-+        "files": {
-+            "type": "array",
-+            "items": {
-+                "type": "object",
-+                "optional": true,
-+                "properties": {
-+                    "end": {
-+                        "type": "integer"
-+                    },
-+                    "filename": {
-+                        "type": "string"
-+                    },
-+                    "gaps": {
-+                        "type": "boolean"
-+                    },
-+                    "md5": {
-+                        "type": "string"
-+                    },
-+                    "sha1": {
-+                        "type": "string"
-+                    },
-+                    "sha256": {
-+                        "type": "string"
-+                    },
-+                    "size": {
-+                        "type": "integer"
-+                    },
-+                    "start": {
-+                        "type": "integer"
-+                    },
-+                    "state": {
-+                        "type": "string"
-+                    },
-+                    "stored": {
-+                        "type": "boolean"
-+                    },
-+                    "tx_id": {
-+                        "type": "integer"
-+                    },
-+                    "sid": {
-+                        "type": "array",
-+                        "items": {
-+                            "type": "integer"
-+                        }
-+                    }
-+                },
-+                "additionalProperties": false
-+            }
-+        },
-+        "vlan": {
-+            "type": "array",
-+            "items": {
-+                "type": "number"
-+            }
-+        },
-+        "alert": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "action": {
-+                    "type": "string"
-+                },
-+                "category": {
-+                    "type": "string"
-+                },
-+                "gid": {
-+                    "type": "integer"
-+                },
-+                "rev": {
-+                    "type": "integer"
-+                },
-+                "rule": {
-+                    "type": "string"
-+                },
-+                "severity": {
-+                    "type": "integer"
-+                },
-+                "signature": {
-+                    "type": "string"
-+                },
-+                "signature_id": {
-+                    "type": "integer"
-+                },
-+                "xff": {
-+                    "type": "string"
-+                },
-+                "metadata": {
-+                    "type": "object",
-+                    "properties": {
-+                        "affected_product": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "attack_target": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "created_at": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "deployment": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "signature_severity": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "tag": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "updated_at": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "source": {
-+                    "type": "object",
-+                    "properties": {
-+                        "ip": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "target": {
-+                    "type": "object",
-+                    "properties": {
-+                        "ip": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "anomaly": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "app_proto": {
-+                    "type": "string"
-+                },
-+                "event": {
-+                    "type": "string"
-+                },
-+                "layer": {
-+                    "type": "string"
-+                },
-+                "type": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "dcerpc": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "activityuuid": {
-+                    "type": "string"
-+                },
-+                "call_id": {
-+                    "type": "integer"
-+                },
-+                "request": {
-+                    "type": "string"
-+                },
-+                "response": {
-+                    "type": "string"
-+                },
-+                "rpc_version": {
-+                    "type": "string"
-+                },
-+                "seqnum": {
-+                    "type": "integer"
-+                },
-+                "interfaces": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "ack_result": {
-+                                "type": "integer"
-+                            },
-+                            "uuid": {
-+                                "type": "string"
-+                            },
-+                            "version": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "req": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "frag_cnt": {
-+                            "type": "integer"
-+                        },
-+                        "opnum": {
-+                            "type": "integer"
-+                        },
-+                        "stub_data_size": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "res": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "frag_cnt": {
-+                            "type": "integer"
-+                        },
-+                        "stub_data_size": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "dhcp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "assigned_ip": {
-+                    "type": "string"
-+                },
-+                "client_id": {
-+                    "type": "string"
-+                },
-+                "client_ip": {
-+                    "type": "string"
-+                },
-+                "client_mac": {
-+                    "type": "string"
-+                },
-+                "dhcp_type": {
-+                    "type": "string"
-+                },
-+                "hostname": {
-+                    "type": "string"
-+                },
-+                "id": {
-+                    "type": "integer"
-+                },
-+                "lease_time": {
-+                    "type": "integer"
-+                },
-+                "next_server_ip": {
-+                    "type": "string"
-+                },
-+                "rebinding_time": {
-+                    "type": "integer"
-+                },
-+                "relay_ip": {
-+                    "type": "string"
-+                },
-+                "renewal_time": {
-+                    "type": "integer"
-+                },
-+                "subnet_mask": {
-+                    "type": "string"
-+                },
-+                "type": {
-+                    "type": "string"
-+                },
-+                "dns_servers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "params": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "routers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "dnp3": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "dst": {
-+                    "type": "integer"
-+                },
-+                "src": {
-+                    "type": "integer"
-+                },
-+                "type": {
-+                    "type": "string"
-+                },
-+                "application": {
-+                    "type": "object",
-+                    "properties": {
-+                        "complete": {
-+                            "type": "boolean"
-+                        },
-+                        "function_code": {
-+                            "type": "integer"
-+                        },
-+                        "objects": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "object",
-+                                "properties": {
-+                                    "count": {
-+                                        "type": "integer"
-+                                    },
-+                                    "group": {
-+                                        "type": "integer"
-+                                    },
-+                                    "prefix_code": {
-+                                        "type": "integer"
-+                                    },
-+                                    "qualifier": {
-+                                        "type": "integer"
-+                                    },
-+                                    "range_code": {
-+                                        "type": "integer"
-+                                    },
-+                                    "start": {
-+                                        "type": "integer"
-+                                    },
-+                                    "stop": {
-+                                        "type": "integer"
-+                                    },
-+                                    "variation": {
-+                                        "type": "integer"
-+                                    },
-+                                    "points": {
-+                                        "type": "array",
-+                                        "items": {
-+                                            "type": "object",
-+                                            "additionalProperties": true
-+                                        }
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        },
-+                        "control": {
-+                            "type": "object",
-+                            "properties": {
-+                                "con": {
-+                                    "type": "boolean"
-+                                },
-+                                "fin": {
-+                                    "type": "boolean"
-+                                },
-+                                "fir": {
-+                                    "type": "boolean"
-+                                },
-+                                "sequence": {
-+                                    "type": "integer"
-+                                },
-+                                "uns": {
-+                                    "type": "boolean"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "control": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dir": {
-+                            "type": "boolean"
-+                        },
-+                        "fcb": {
-+                            "type": "boolean"
-+                        },
-+                        "fcv": {
-+                            "type": "boolean"
-+                        },
-+                        "function_code": {
-+                            "type": "integer"
-+                        },
-+                        "pri": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "iin": {
-+                    "type": "object",
-+                    "properties": {
-+                        "indicators": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "request": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dst": {
-+                            "type": "integer"
-+                        },
-+                        "src": {
-+                            "type": "integer"
-+                        },
-+                        "type": {
-+                            "type": "string"
-+                        },
-+                        "application": {
-+                            "type": "object",
-+                            "properties": {
-+                                "complete": {
-+                                    "type": "boolean"
-+                                },
-+                                "function_code": {
-+                                    "type": "integer"
-+                                },
-+                                "objects": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "object",
-+                                        "properties": {
-+                                            "count": {
-+                                                "type": "integer"
-+                                            },
-+                                            "group": {
-+                                                "type": "integer"
-+                                            },
-+                                            "prefix_code": {
-+                                                "type": "integer"
-+                                            },
-+                                            "qualifier": {
-+                                                "type": "integer"
-+                                            },
-+                                            "range_code": {
-+                                                "type": "integer"
-+                                            },
-+                                            "start": {
-+                                                "type": "integer"
-+                                            },
-+                                            "stop": {
-+                                                "type": "integer"
-+                                            },
-+                                            "variation": {
-+                                                "type": "integer"
-+                                            },
-+                                            "points": {
-+                                                "type": "array",
-+                                                "items": {
-+                                                    "type": "object",
-+                                                    "additionalProperties": true
-+                                                }
-+                                            }
-+                                        },
-+                                        "additionalProperties": false
-+                                    }
-+                                },
-+                                "control": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "con": {
-+                                            "type": "boolean"
-+                                        },
-+                                        "fin": {
-+                                            "type": "boolean"
-+                                        },
-+                                        "fir": {
-+                                            "type": "boolean"
-+                                        },
-+                                        "sequence": {
-+                                            "type": "integer"
-+                                        },
-+                                        "uns": {
-+                                            "type": "boolean"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "control": {
-+                            "type": "object",
-+                            "properties": {
-+                                "dir": {
-+                                    "type": "boolean"
-+                                },
-+                                "fcb": {
-+                                    "type": "boolean"
-+                                },
-+                                "fcv": {
-+                                    "type": "boolean"
-+                                },
-+                                "function_code": {
-+                                    "type": "integer"
-+                                },
-+                                "pri": {
-+                                    "type": "boolean"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "response": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dst": {
-+                            "type": "integer"
-+                        },
-+                        "src": {
-+                            "type": "integer"
-+                        },
-+                        "type": {
-+                            "type": "string"
-+                        },
-+                        "application": {
-+                            "type": "object",
-+                            "properties": {
-+                                "complete": {
-+                                    "type": "boolean"
-+                                },
-+                                "function_code": {
-+                                    "type": "integer"
-+                                },
-+                                "objects": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "object",
-+                                        "properties": {
-+                                            "count": {
-+                                                "type": "integer"
-+                                            },
-+                                            "group": {
-+                                                "type": "integer"
-+                                            },
-+                                            "prefix_code": {
-+                                                "type": "integer"
-+                                            },
-+                                            "qualifier": {
-+                                                "type": "integer"
-+                                            },
-+                                            "range_code": {
-+                                                "type": "integer"
-+                                            },
-+                                            "start": {
-+                                                "type": "integer"
-+                                            },
-+                                            "stop": {
-+                                                "type": "integer"
-+                                            },
-+                                            "variation": {
-+                                                "type": "integer"
-+                                            },
-+                                            "points": {
-+                                                "type": "array",
-+                                                "items": {
-+                                                    "type": "object",
-+                                                    "additionalProperties": true
-+                                                }
-+                                            }
-+                                        },
-+                                        "additionalProperties": false
-+                                    }
-+                                },
-+                                "control": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "con": {
-+                                            "type": "boolean"
-+                                        },
-+                                        "fin": {
-+                                            "type": "boolean"
-+                                        },
-+                                        "fir": {
-+                                            "type": "boolean"
-+                                        },
-+                                        "sequence": {
-+                                            "type": "integer"
-+                                        },
-+                                        "uns": {
-+                                            "type": "boolean"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "control": {
-+                            "type": "object",
-+                            "properties": {
-+                                "dir": {
-+                                    "type": "boolean"
-+                                },
-+                                "fcb": {
-+                                    "type": "boolean"
-+                                },
-+                                "fcv": {
-+                                    "type": "boolean"
-+                                },
-+                                "function_code": {
-+                                    "type": "integer"
-+                                },
-+                                "pri": {
-+                                    "type": "boolean"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "iin": {
-+                            "type": "object",
-+                            "properties": {
-+                                "indicators": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "string"
-+                                    }
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "dns": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "aa": {
-+                    "type": "boolean"
-+                },
-+                "flags": {
-+                    "type": "string"
-+                },
-+                "id": {
-+                    "type": "integer"
-+                },
-+                "qr": {
-+                    "type": "boolean"
-+                },
-+                "ra": {
-+                    "type": "boolean"
-+                },
-+                "rcode": {
-+                    "type": "string"
-+                },
-+                "rd": {
-+                    "type": "boolean"
-+                },
-+                "rrname": {
-+                    "type": "string"
-+                },
-+                "rrtype": {
-+                    "type": "string"
-+                },
-+                "tx_id": {
-+                    "type": "integer"
-+                },
-+                "type": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "integer"
-+                },
-+                "answers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "optional": true,
-+                        "properties": {
-+                            "rdata": {
-+                                "type": "string"
-+                            },
-+                            "rrname": {
-+                                "type": "string"
-+                            },
-+                            "rrtype": {
-+                                "type": "string"
-+                            },
-+                            "ttl": {
-+                                "type": "integer"
-+                            },
-+                            "srv": {
-+                                "type": "object",
-+                                "optional": true,
-+                                "properties": {
-+                                    "name": {
-+                                        "type": "string"
-+                                    },
-+                                    "port": {
-+                                        "type": "integer"
-+                                    },
-+                                    "priority": {
-+                                        "type": "integer"
-+                                    },
-+                                    "weight": {
-+                                        "type": "integer"
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "authorities": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "optional": true,
-+                        "properties": {
-+                            "rdata": {
-+                                "type": "string"
-+                            },
-+                            "rrname": {
-+                                "type": "string"
-+                            },
-+                            "rrtype": {
-+                                "type": "string"
-+                            },
-+                            "ttl": {
-+                                "type": "integer"
-+                            },
-+                            "soa": {
-+                                "type": "object",
-+                                "optional": true,
-+                                "properties": {
-+                                    "expire": {
-+                                        "type": "integer"
-+                                    },
-+                                    "minimum": {
-+                                        "type": "integer"
-+                                    },
-+                                    "mname": {
-+                                        "type": "string"
-+                                    },
-+                                    "refresh": {
-+                                        "type": "integer"
-+                                    },
-+                                    "retry": {
-+                                        "type": "integer"
-+                                    },
-+                                    "rname": {
-+                                        "type": "string"
-+                                    },
-+                                    "serial": {
-+                                        "type": "integer"
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "query": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "optional": true,
-+                        "properties": {
-+                            "id": {
-+                                "type": "integer"
-+                            },
-+                            "rrname": {
-+                                "type": "string"
-+                            },
-+                            "rrtype": {
-+                                "type": "string"
-+                            },
-+                            "tx_id": {
-+                                "type": "integer"
-+                            },
-+                            "type": {
-+                                "type": "string"
-+                            },
-+                            "z": {
-+                                "type": "boolean"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "answer": {
-+                    "type": "object",
-+                    "properties": {
-+                        "flags": {
-+                            "type": "string"
-+                        },
-+                        "id": {
-+                            "type": "integer"
-+                        },
-+                        "qr": {
-+                            "type": "boolean"
-+                        },
-+                        "ra": {
-+                            "type": "boolean"
-+                        },
-+                        "rcode": {
-+                            "type": "string"
-+                        },
-+                        "rd": {
-+                            "type": "boolean"
-+                        },
-+                        "rrname": {
-+                            "type": "string"
-+                        },
-+                        "rrtype": {
-+                            "type": "string"
-+                        },
-+                        "type": {
-+                            "type": "string"
-+                        },
-+                        "version": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "grouped": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "A": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "AAAA": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "CNAME": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "MX": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "NULL": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "PTR": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "SRV": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "object",
-+                                "optional": true,
-+                                "properties": {
-+                                    "name": {
-+                                        "type": "string"
-+                                    },
-+                                    "port": {
-+                                        "type": "integer"
-+                                    },
-+                                    "priority": {
-+                                        "type": "integer"
-+                                    },
-+                                    "weight": {
-+                                        "type": "integer"
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        },
-+                        "TXT": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "z": {
-+                    "type": "boolean"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "drop": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "ack": {
-+                    "type": "boolean"
-+                },
-+                "fin": {
-+                    "type": "boolean"
-+                },
-+                "icmp_id": {
-+                    "type": "integer"
-+                },
-+                "icmp_seq": {
-+                    "type": "integer"
-+                },
-+                "ipid": {
-+                    "type": "integer"
-+                },
-+                "len": {
-+                    "type": "integer"
-+                },
-+                "psh": {
-+                    "type": "boolean"
-+                },
-+                "rst": {
-+                    "type": "boolean"
-+                },
-+                "syn": {
-+                    "type": "boolean"
-+                },
-+                "tcpack": {
-+                    "type": "integer"
-+                },
-+                "tcpres": {
-+                    "type": "integer"
-+                },
-+                "tcpseq": {
-+                    "type": "integer"
-+                },
-+                "tcpurgp": {
-+                    "type": "integer"
-+                },
-+                "tcpwin": {
-+                    "type": "integer"
-+                },
-+                "tos": {
-+                    "type": "integer"
-+                },
-+                "ttl": {
-+                    "type": "integer"
-+                },
-+                "urg": {
-+                    "type": "boolean"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "email": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "body_md5": {
-+                    "type": "string"
-+                },
-+                "from": {
-+                    "type": "string"
-+                },
-+                "status": {
-+                    "type": "string"
-+                },
-+                "subject": {
-+                    "type": "string"
-+                },
-+                "subject_md5": {
-+                    "type": "string"
-+                },
-+                "url": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "attachment": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "to": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "engine": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "error": {
-+                    "type": "string"
-+                },
-+                "error_code": {
-+                    "type": "integer"
-+                },
-+                "message": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "ether": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "dest_mac": {
-+                    "type": "string"
-+                },
-+                "src_mac": {
-+                    "type": "string"
-+                },
-+                "dest_macs": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "src_macs": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "fileinfo": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "end": {
-+                    "type": "integer"
-+                },
-+                "file_id": {
-+                    "type": "integer"
-+                },
-+                "filename": {
-+                    "type": "string"
-+                },
-+                "gaps": {
-+                    "type": "boolean"
-+                },
-+                "magic": {
-+                    "type": "string"
-+                },
-+                "md5": {
-+                    "type": "string"
-+                },
-+                "sha1": {
-+                    "type": "string"
-+                },
-+                "sha256": {
-+                    "type": "string"
-+                },
-+                "size": {
-+                    "type": "integer"
-+                },
-+                "start": {
-+                    "type": "integer"
-+                },
-+                "state": {
-+                    "type": "string"
-+                },
-+                "stored": {
-+                    "type": "boolean"
-+                },
-+                "tx_id": {
-+                    "type": "integer"
-+                },
-+                "sid": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "integer"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "flow": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "action": {
-+                    "type": "string"
-+                },
-+                "age": {
-+                    "type": "integer"
-+                },
-+                "alerted": {
-+                    "type": "boolean"
-+                },
-+                "bypass": {
-+                    "type": "string"
-+                },
-+                "bypassed": {
-+                    "type": "object",
-+                    "optional": false,
-+                    "properties": {
-+                        "pkts_toserver": {
-+                            "type": "integer"
-+                        },
-+                        "pkts_toclient": {
-+                            "type": "integer"
-+                        },
-+                        "bytes_toserver": {
-+                            "type": "integer"
-+                        },
-+                        "bytes_toclient": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperites": false
-+                },
-+                "bytes_toclient": {
-+                    "type": "integer"
-+                },
-+                "bytes_toserver": {
-+                    "type": "integer"
-+                },
-+                "end": {
-+                    "type": "string"
-+                },
-+                "pkts_toclient": {
-+                    "type": "integer"
-+                },
-+                "pkts_toserver": {
-+                    "type": "integer"
-+                },
-+                "reason": {
-+                    "type": "string"
-+                },
-+                "start": {
-+                    "type": "string"
-+                },
-+                "state": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "frame": {
-+            "type": "object",
-+            "properties": {
-+                "type": {
-+                    "type": "string"
-+                },
-+                "id": {
-+                    "type": "integer"
-+                },
-+                "direction": {
-+                    "type": "string"
-+                },
-+                "stream_offset": {
-+                    "type": "integer"
-+                },
-+                "length": {
-+                    "type": "integer"
-+                },
-+                "complete": {
-+                    "type": "boolean"
-+                },
-+                "payload": {
-+                    "type": "string"
-+                },
-+                "payload_printable": {
-+                    "type": "string"
-+                },
-+                "tx_id": {
-+                    "type": "integer"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "ftp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "command": {
-+                    "type": "string"
-+                },
-+                "command_data": {
-+                    "type": "string"
-+                },
-+                "command_truncated": {
-+                    "type": "boolean"
-+                },
-+                "dynamic_port": {
-+                    "type": "integer"
-+                },
-+                "mode": {
-+                    "type": "string"
-+                },
-+                "reply_received": {
-+                    "type": "string"
-+                },
-+                "reply_truncated": {
-+                    "type": "boolean"
-+                },
-+                "completion_code": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "reply": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "ftp_data": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "command": {
-+                    "type": "string"
-+                },
-+                "filename": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "http": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "hostname": {
-+                    "type": "string"
-+                },
-+                "http_content_type": {
-+                    "type": "string"
-+                },
-+                "http_method": {
-+                    "type": "string"
-+                },
-+                "http_port": {
-+                    "type": "integer"
-+                },
-+                "http_refer": {
-+                    "type": "string"
-+                },
-+                "http_user_agent": {
-+                    "type": "string"
-+                },
-+                "length": {
-+                    "type": "integer"
-+                },
-+                "protocol": {
-+                    "type": "string"
-+                },
-+                "redirect": {
-+                    "type": "string"
-+                },
-+                "status": {
-+                    "type": "integer"
-+                },
-+                "url": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "string"
-+                },
-+                "xff": {
-+                    "type": "string"
-+                },
-+                "request_headers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "name": {
-+                                "type": "string"
-+                            },
-+                            "table_size_update": {
-+                                "type": "integer"
-+                            },
-+                            "value": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "response_headers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "name": {
-+                                "type": "string"
-+                            },
-+                            "table_size_update": {
-+                                "type": "integer"
-+                            },
-+                            "value": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "content_range": {
-+                    "type": "object",
-+                    "properties": {
-+                        "end": {
-+                            "type": "integer"
-+                        },
-+                        "raw": {
-+                            "type": "string"
-+                        },
-+                        "size": {
-+                            "type": "integer"
-+                        },
-+                        "start": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "http2": {
-+                    "type": "object",
-+                    "properties": {
-+                        "stream_id": {
-+                            "type": "integer"
-+                        },
-+                        "request": {
-+                            "type": "object",
-+                            "properties": {
-+                                "error_code": {
-+                                    "type": "string"
-+                                },
-+                                "priority": {
-+                                    "type": "integer"
-+                                },
-+                                "settings": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "object",
-+                                        "properties": {
-+                                            "settings_id": {
-+                                                "type": "string"
-+                                            },
-+                                            "settings_value": {
-+                                                "type": "integer"
-+                                            }
-+                                        },
-+                                        "additionalProperties": false
-+                                    }
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "response": {
-+                            "type": "object",
-+                            "properties": {
-+                                "error_code": {
-+                                    "type": "string"
-+                                },
-+                                "settings": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "object",
-+                                        "properties": {
-+                                            "settings_id": {
-+                                                "type": "string"
-+                                            },
-+                                            "settings_value": {
-+                                                "type": "integer"
-+                                            }
-+                                        },
-+                                        "additionalProperties": false
-+                                    }
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "http2": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "http_method": {
-+                    "type": "string"
-+                },
-+                "http_user_agent": {
-+                    "type": "string"
-+                },
-+                "length": {
-+                    "type": "integer"
-+                },
-+                "status": {
-+                    "type": "integer"
-+                },
-+                "url": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "string"
-+                },
-+                "request_headers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "name": {
-+                                "type": "string"
-+                            },
-+                            "table_size_update": {
-+                                "type": "integer"
-+                            },
-+                            "value": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "response_headers": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "name": {
-+                                "type": "string"
-+                            },
-+                            "table_size_update": {
-+                                "type": "integer"
-+                            },
-+                            "value": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "http2": {
-+                    "type": "object",
-+                    "properties": {
-+                        "stream_id": {
-+                            "type": "integer"
-+                        },
-+                        "request": {
-+                            "type": "object",
-+                            "properties": {
-+                                "priority": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "response": {
-+                            "type": "object",
-+                            "properties": {
-+                                "error_code": {
-+                                    "type": "string"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "ike": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "alg_auth": {
-+                    "type": "string"
-+                },
-+                "alg_auth_raw": {
-+                    "type": "integer"
-+                },
-+                "alg_dh": {
-+                    "type": "string"
-+                },
-+                "alg_dh_raw": {
-+                    "type": "integer"
-+                },
-+                "alg_enc": {
-+                    "type": "string"
-+                },
-+                "alg_enc_raw": {
-+                    "type": "integer"
-+                },
-+                "alg_hash": {
-+                    "type": "string"
-+                },
-+                "alg_hash_raw": {
-+                    "type": "integer"
-+                },
-+                "exchange_type": {
-+                    "type": "integer"
-+                },
-+                "exchange_type_verbose": {
-+                    "type": "string"
-+                },
-+                "init_spi": {
-+                    "type": "string"
-+                },
-+                "message_id": {
-+                    "type": "integer"
-+                },
-+                "resp_spi": {
-+                    "type": "string"
-+                },
-+                "role": {
-+                    "type": "string"
-+                },
-+                "sa_key_length": {
-+                    "type": "string"
-+                },
-+                "sa_key_length_raw": {
-+                    "type": "integer"
-+                },
-+                "sa_life_duration": {
-+                    "type": "string"
-+                },
-+                "sa_life_duration_raw": {
-+                    "type": "integer"
-+                },
-+                "sa_life_type": {
-+                    "type": "string"
-+                },
-+                "sa_life_type_raw": {
-+                    "type": "integer"
-+                },
-+                "version_major": {
-+                    "type": "integer"
-+                },
-+                "version_minor": {
-+                    "type": "integer"
-+                },
-+                "payload": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "ikev1": {
-+                    "type": "object",
-+                    "properties": {
-+                        "doi": {
-+                            "type": "integer"
-+                        },
-+                        "encrypted_payloads": {
-+                            "type": "boolean"
-+                        },
-+                        "vendor_ids": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "client": {
-+                            "type": "object",
-+                            "properties": {
-+                                "key_exchange_payload": {
-+                                    "type": "string"
-+                                },
-+                                "key_exchange_payload_length": {
-+                                    "type": "integer"
-+                                },
-+                                "nonce_payload": {
-+                                    "type": "string"
-+                                },
-+                                "nonce_payload_length": {
-+                                    "type": "integer"
-+                                },
-+                                "proposals": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "object",
-+                                        "properties": {
-+                                            "alg_auth": {
-+                                                "type": "string"
-+                                            },
-+                                            "alg_auth_raw": {
-+                                                "type": "integer"
-+                                            },
-+                                            "alg_dh": {
-+                                                "type": "string"
-+                                            },
-+                                            "alg_dh_raw": {
-+                                                "type": "integer"
-+                                            },
-+                                            "alg_enc": {
-+                                                "type": "string"
-+                                            },
-+                                            "alg_enc_raw": {
-+                                                "type": "integer"
-+                                            },
-+                                            "alg_hash": {
-+                                                "type": "string"
-+                                            },
-+                                            "alg_hash_raw": {
-+                                                "type": "integer"
-+                                            },
-+                                            "sa_key_length": {
-+                                                "type": "string"
-+                                            },
-+                                            "sa_key_length_raw": {
-+                                                "type": "integer"
-+                                            },
-+                                            "sa_life_duration": {
-+                                                "type": "string"
-+                                            },
-+                                            "sa_life_duration_raw": {
-+                                                "type": "integer"
-+                                            },
-+                                            "sa_life_type": {
-+                                                "type": "string"
-+                                            },
-+                                            "sa_life_type_raw": {
-+                                                "type": "integer"
-+                                            }
-+                                        },
-+                                        "additionalProperties": false
-+                                    }
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "server": {
-+                            "type": "object",
-+                            "properties": {
-+                                "key_exchange_payload": {
-+                                    "type": "string"
-+                                },
-+                                "key_exchange_payload_length": {
-+                                    "type": "integer"
-+                                },
-+                                "nonce_payload": {
-+                                    "type": "string"
-+                                },
-+                                "nonce_payload_length": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "ikev2": {
-+                    "type": "object",
-+                    "properties": {
-+                        "errors": {
-+                            "type": "integer"
-+                        },
-+                        "notify": {
-+                            "type": "array"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "krb5": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "cname": {
-+                    "type": "string"
-+                },
-+                "encryption": {
-+                    "type": "string"
-+                },
-+                "error_code": {
-+                    "type": "string"
-+                },
-+                "failed_request": {
-+                    "type": "string"
-+                },
-+                "msg_type": {
-+                    "type": "string"
-+                },
-+                "realm": {
-+                    "type": "string"
-+                },
-+                "sname": {
-+                    "type": "string"
-+                },
-+                "weak_encryption": {
-+                    "type": "boolean"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "metadata": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "flowbits": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "flowvars": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "gid": {
-+                                "type": "string"
-+                            },
-+                            "key": {
-+                                "type": "string"
-+                            },
-+                            "value": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": true
-+                    }
-+                },
-+                "pktvars": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "uid": {
-+                                "type": "string"
-+                            },
-+                            "username": {
-+                                "type": "string"
-+                            }
-+                        },
-+                        "additionalProperties": false
-+                    }
-+                },
-+                "flowints": {
-+                    "type": "object",
-+                    "additionalProperties": true
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "modbus": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "id": {
-+                    "type": "integer"
-+                },
-+                "request": {
-+                    "type": "object",
-+                    "properties": {
-+                        "access_type": {
-+                            "type": "string"
-+                        },
-+                        "category": {
-+                            "type": "string"
-+                        },
-+                        "data": {
-+                            "type": "string"
-+                        },
-+                        "error_flags": {
-+                            "type": "string"
-+                        },
-+                        "function_code": {
-+                            "type": "string"
-+                        },
-+                        "function_raw": {
-+                            "type": "integer"
-+                        },
-+                        "protocol_id": {
-+                            "type": "integer"
-+                        },
-+                        "transaction_id": {
-+                            "type": "integer"
-+                        },
-+                        "unit_id": {
-+                            "type": "integer"
-+                        },
-+                        "diagnostic": {
-+                            "type": "object",
-+                            "properties": {
-+                                "code": {
-+                                    "type": "string"
-+                                },
-+                                "data": {
-+                                    "type": "string"
-+                                },
-+                                "raw": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "mei": {
-+                            "type": "object",
-+                            "properties": {
-+                                "code": {
-+                                    "type": "string"
-+                                },
-+                                "data": {
-+                                    "type": "string"
-+                                },
-+                                "raw": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "read": {
-+                            "type": "object",
-+                            "properties": {
-+                                "address": {
-+                                    "type": "integer"
-+                                },
-+                                "quantity": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "write": {
-+                            "type": "object",
-+                            "properties": {
-+                                "address": {
-+                                    "type": "integer"
-+                                },
-+                                "data": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "response": {
-+                    "type": "object",
-+                    "properties": {
-+                        "access_type": {
-+                            "type": "string"
-+                        },
-+                        "category": {
-+                            "type": "string"
-+                        },
-+                        "data": {
-+                            "type": "string"
-+                        },
-+                        "error_flags": {
-+                            "type": "string"
-+                        },
-+                        "function_code": {
-+                            "type": "string"
-+                        },
-+                        "function_raw": {
-+                            "type": "integer"
-+                        },
-+                        "protocol_id": {
-+                            "type": "integer"
-+                        },
-+                        "transaction_id": {
-+                            "type": "integer"
-+                        },
-+                        "unit_id": {
-+                            "type": "integer"
-+                        },
-+                        "diagnostic": {
-+                            "type": "object",
-+                            "properties": {
-+                                "code": {
-+                                    "type": "string"
-+                                },
-+                                "data": {
-+                                    "type": "string"
-+                                },
-+                                "raw": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "exception": {
-+                            "type": "object",
-+                            "properties": {
-+                                "code": {
-+                                    "type": "string"
-+                                },
-+                                "raw": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "read": {
-+                            "type": "object",
-+                            "properties": {
-+                                "data": {
-+                                    "type": "string"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "write": {
-+                            "type": "object",
-+                            "properties": {
-+                                "address": {
-+                                    "type": "integer"
-+                                },
-+                                "data": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "mqtt": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "connack": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "return_code": {
-+                            "type": "integer"
-+                        },
-+                        "session_present": {
-+                            "type": "boolean"
-+                        },
-+                        "properties": {
-+                            "type": "object",
-+                            "additionalProperties": true
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "connect": {
-+                    "type": "object",
-+                    "properties": {
-+                        "client_id": {
-+                            "type": "string"
-+                        },
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "password": {
-+                            "type": "string"
-+                        },
-+                        "protocol_string": {
-+                            "type": "string"
-+                        },
-+                        "protocol_version": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "username": {
-+                            "type": "string"
-+                        },
-+                        "flags": {
-+                            "type": "object",
-+                            "properties": {
-+                                "clean_session": {
-+                                    "type": "boolean"
-+                                },
-+                                "password": {
-+                                    "type": "boolean"
-+                                },
-+                                "username": {
-+                                    "type": "boolean"
-+                                },
-+                                "will": {
-+                                    "type": "boolean"
-+                                },
-+                                "will_retain": {
-+                                    "type": "boolean"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "properties": {
-+                            "type": "object",
-+                            "additionalProperties": true
-+                        },
-+                        "will": {
-+                            "type": "object",
-+                            "properties": {
-+                                "message": {
-+                                    "type": "string"
-+                                },
-+                                "topic": {
-+                                    "type": "string"
-+                                },
-+                                "properties": {
-+                                    "type": "object",
-+                                    "additionalProperties": true
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "disconnect": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "reason_code": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "properties": {
-+                            "type": "object",
-+                            "additionalProperties": true
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "pingreq": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "pingresp": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "puback": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "reason_code": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "pubcomp": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "reason_code": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "publish": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message": {
-+                            "type": "string"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "skipped_length": {
-+                            "type": "integer"
-+                        },
-+                        "topic": {
-+                            "type": "string"
-+                        },
-+                        "truncated": {
-+                            "type": "boolean"
-+                        },
-+                        "properties": {
-+                            "type": "object",
-+                            "additionalProperties": true
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "pubrec": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "reason_code": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "pubrel": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "reason_code": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "suback": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "qos_granted": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "integer"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "subscribe": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "topics": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "object",
-+                                "properties": {
-+                                    "qos": {
-+                                        "type": "integer"
-+                                    },
-+                                    "topic": {
-+                                        "type": "string"
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "unsuback": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "reason_codes": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "integer"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "unsubscribe": {
-+                    "type": "object",
-+                    "properties": {
-+                        "dup": {
-+                            "type": "boolean"
-+                        },
-+                        "message_id": {
-+                            "type": "integer"
-+                        },
-+                        "qos": {
-+                            "type": "integer"
-+                        },
-+                        "retain": {
-+                            "type": "boolean"
-+                        },
-+                        "topics": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "netflow": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "age": {
-+                    "type": "integer"
-+                },
-+                "bytes": {
-+                    "type": "integer"
-+                },
-+                "end": {
-+                    "type": "string"
-+                },
-+                "max_ttl": {
-+                    "type": "integer"
-+                },
-+                "min_ttl": {
-+                    "type": "integer"
-+                },
-+                "pkts": {
-+                    "type": "integer"
-+                },
-+                "start": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "nfs": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "file_tx": {
-+                    "type": "boolean"
-+                },
-+                "filename": {
-+                    "type": "string"
-+                },
-+                "hhash": {
-+                    "type": "string"
-+                },
-+                "id": {
-+                    "type": "integer"
-+                },
-+                "procedure": {
-+                    "type": "string"
-+                },
-+                "status": {
-+                    "type": "string"
-+                },
-+                "type": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "integer"
-+                },
-+                "read": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "chunks": {
-+                            "type": "integer"
-+                        },
-+                        "first": {
-+                            "type": "boolean"
-+                        },
-+                        "last": {
-+                            "type": "boolean"
-+                        },
-+                        "last_xid": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "rename": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "from": {
-+                            "type": "string"
-+                        },
-+                        "to": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "write": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "chunks": {
-+                            "type": "integer"
-+                        },
-+                        "first": {
-+                            "type": "boolean"
-+                        },
-+                        "last": {
-+                            "type": "boolean"
-+                        },
-+                        "last_xid": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "packet_info": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "linktype": {
-+                    "type": "integer"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "pgsql": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "request": {
-+                    "type": "object",
-+                    "properties": {
-+                        "message": {
-+                            "type": "string"
-+                        },
-+                        "password": {
-+                            "type": "string"
-+                        },
-+                        "password_message": {
-+                            "type": "string"
-+                        },
-+                        "protocol_version": {
-+                            "type": "string"
-+                        },
-+                        "sasl_authentication_mechanism": {
-+                            "type": "string"
-+                        },
-+                        "sasl_param": {
-+                            "type": "string"
-+                        },
-+                        "sasl_response": {
-+                            "type": "string"
-+                        },
-+                        "simple_query": {
-+                            "type": "string"
-+                        },
-+                        "startup_parameters": {
-+                            "type": "object",
-+                            "properties": {
-+                                "database": {
-+                                    "type": "string"
-+                                },
-+                                "optional_parameters": {
-+                                    "type": "array",
-+                                    "items": {
-+                                        "type": "object",
-+                                        "properties": {
-+                                            "application_name": {
-+                                                "type": "string"
-+                                            },
-+                                            "client_encoding": {
-+                                                "type": "string"
-+                                            },
-+                                            "replication": {
-+                                                "type": "string"
-+                                            }
-+                                        },
-+                                        "additionalProperties": false
-+                                    }
-+                                },
-+                                "user": {
-+                                    "type": "string"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "response": {
-+                    "type": "object",
-+                    "properties": {
-+                        "authentication_md5_password": {
-+                            "type": "string"
-+                        },
-+                        "authentication_sasl_final": {
-+                            "type": "string"
-+                        },
-+                        "code": {
-+                            "type": "string"
-+                        },
-+                        "command_completed": {
-+                            "type": "string"
-+                        },
-+                        "data_rows": {
-+                            "type": "integer"
-+                        },
-+                        "data_size": {
-+                            "type": "integer"
-+                        },
-+                        "field_count": {
-+                            "type": "integer"
-+                        },
-+                        "file": {
-+                            "type": "string"
-+                        },
-+                        "line": {
-+                            "type": "string"
-+                        },
-+                        "message": {
-+                            "type": "string"
-+                        },
-+                        "parameter_status": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "object",
-+                                "properties": {
-+                                    "application_name": {
-+                                        "type": "string"
-+                                    },
-+                                    "client_encoding": {
-+                                        "type": "string"
-+                                    },
-+                                    "date_style": {
-+                                        "type": "string"
-+                                    },
-+                                    "integer_datetimes": {
-+                                        "type": "string"
-+                                    },
-+                                    "interval_style": {
-+                                        "type": "string"
-+                                    },
-+                                    "is_superuser": {
-+                                        "type": "string"
-+                                    },
-+                                    "server_encoding": {
-+                                        "type": "string"
-+                                    },
-+                                    "server_version": {
-+                                        "type": "string"
-+                                    },
-+                                    "session_authorization": {
-+                                        "type": "string"
-+                                    },
-+                                    "standard_conforming_strings": {
-+                                        "type": "string"
-+                                    },
-+                                    "time_zone": {
-+                                        "type": "string"
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        },
-+                        "process_id": {
-+                            "type": "integer"
-+                        },
-+                        "routine": {
-+                            "type": "string"
-+                        },
-+                        "secret_key": {
-+                            "type": "integer"
-+                        },
-+                        "severity_localizable": {
-+                            "type": "string"
-+                        },
-+                        "severity_non_localizable": {
-+                            "type": "string"
-+                        },
-+                        "ssl_accepted": {
-+                            "type": "boolean"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "tx_id": {
-+                    "type": "integer"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "quic": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "cyu": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "object",
-+                        "properties": {
-+                            "hash": {
-+                                "type": "string"
-+                            },
-+                            "string": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "sni": {
-+                    "type": "string"
-+                },
-+                "ua": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "rdp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "cookie": {
-+                    "type": "string"
-+                },
-+                "event_type": {
-+                    "type": "string"
-+                },
-+                "tx_id": {
-+                    "type": "integer"
-+                },
-+                "channels": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "client": {
-+                    "type": "object",
-+                    "properties": {
-+                        "build": {
-+                            "type": "string"
-+                        },
-+                        "client_name": {
-+                            "type": "string"
-+                        },
-+                        "color_depth": {
-+                            "type": "integer"
-+                        },
-+                        "desktop_height": {
-+                            "type": "integer"
-+                        },
-+                        "desktop_width": {
-+                            "type": "integer"
-+                        },
-+                        "function_keys": {
-+                            "type": "integer"
-+                        },
-+                        "id": {
-+                            "type": "string"
-+                        },
-+                        "keyboard_layout": {
-+                            "type": "string"
-+                        },
-+                        "keyboard_type": {
-+                            "type": "string"
-+                        },
-+                        "product_id": {
-+                            "type": "integer"
-+                        },
-+                        "version": {
-+                            "type": "string"
-+                        },
-+                        "capabilities": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "rfb": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "screen_shared": {
-+                    "type": "boolean"
-+                },
-+                "authentication": {
-+                    "type": "object",
-+                    "properties": {
-+                        "security_result": {
-+                            "type": "string"
-+                        },
-+                        "security_type": {
-+                            "type": "integer"
-+                        },
-+                        "vnc": {
-+                            "type": "object",
-+                            "properties": {
-+                                "challenge": {
-+                                    "type": "string"
-+                                },
-+                                "response": {
-+                                    "type": "string"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "client_protocol_version": {
-+                    "type": "object",
-+                    "properties": {
-+                        "major": {
-+                            "type": "string"
-+                        },
-+                        "minor": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "framebuffer": {
-+                    "type": "object",
-+                    "properties": {
-+                        "height": {
-+                            "type": "integer"
-+                        },
-+                        "name": {
-+                            "type": "string"
-+                        },
-+                        "width": {
-+                            "type": "integer"
-+                        },
-+                        "pixel_format": {
-+                            "type": "object",
-+                            "properties": {
-+                                "big_endian": {
-+                                    "type": "boolean"
-+                                },
-+                                "bits_per_pixel": {
-+                                    "type": "integer"
-+                                },
-+                                "blue_max": {
-+                                    "type": "integer"
-+                                },
-+                                "blue_shift": {
-+                                    "type": "integer"
-+                                },
-+                                "depth": {
-+                                    "type": "integer"
-+                                },
-+                                "green_max": {
-+                                    "type": "integer"
-+                                },
-+                                "green_shift": {
-+                                    "type": "integer"
-+                                },
-+                                "red_max": {
-+                                    "type": "integer"
-+                                },
-+                                "red_shift": {
-+                                    "type": "integer"
-+                                },
-+                                "true_color": {
-+                                    "type": "boolean"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "server_protocol_version": {
-+                    "type": "object",
-+                    "properties": {
-+                        "major": {
-+                            "type": "string"
-+                        },
-+                        "minor": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "rpc": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "auth_type": {
-+                    "type": "string"
-+                },
-+                "status": {
-+                    "type": "string"
-+                },
-+                "xid": {
-+                    "type": "integer"
-+                },
-+                "creds": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "gid": {
-+                            "type": "integer"
-+                        },
-+                        "machine_name": {
-+                            "type": "string"
-+                        },
-+                        "uid": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "sip": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "code": {
-+                    "type": "string"
-+                },
-+                "method": {
-+                    "type": "string"
-+                },
-+                "reason": {
-+                    "type": "string"
-+                },
-+                "request_line": {
-+                    "type": "string"
-+                },
-+                "response_line": {
-+                    "type": "string"
-+                },
-+                "uri": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "smb": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "access": {
-+                    "type": "string"
-+                },
-+                "accessed": {
-+                    "type": "integer"
-+                },
-+                "changed": {
-+                    "type": "integer"
-+                },
-+                "client_guid": {
-+                    "type": "string"
-+                },
-+                "command": {
-+                    "type": "string"
-+                },
-+                "created": {
-+                    "type": "integer"
-+                },
-+                "dialect": {
-+                    "type": "string"
-+                },
-+                "directory": {
-+                    "type": "string"
-+                },
-+                "disposition": {
-+                    "type": "string"
-+                },
-+                "filename": {
-+                    "type": "string"
-+                },
-+                "fuid": {
-+                    "type": "string"
-+                },
-+                "function": {
-+                    "type": "string"
-+                },
-+                "id": {
-+                    "type": "integer"
-+                },
-+                "max_read_size": {
-+                    "type": "integer"
-+                },
-+                "max_write_size": {
-+                    "type": "integer"
-+                },
-+                "modified": {
-+                    "type": "integer"
-+                },
-+                "named_pipe": {
-+                    "type": "string"
-+                },
-+                "request_done": {
-+                    "type": "boolean"
-+                },
-+                "response_done": {
-+                    "type": "boolean"
-+                },
-+                "server_guid": {
-+                    "type": "string"
-+                },
-+                "session_id": {
-+                    "type": "integer"
-+                },
-+                "share": {
-+                    "type": "string"
-+                },
-+                "share_type": {
-+                    "type": "string"
-+                },
-+                "size": {
-+                    "type": "integer"
-+                },
-+                "status": {
-+                    "type": "string"
-+                },
-+                "status_code": {
-+                    "type": "string"
-+                },
-+                "tree_id": {
-+                    "type": "integer"
-+                },
-+                "client_dialects": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "dcerpc": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "call_id": {
-+                            "type": "integer"
-+                        },
-+                        "opnum": {
-+                            "type": "integer"
-+                        },
-+                        "request": {
-+                            "type": "string"
-+                        },
-+                        "response": {
-+                            "type": "string"
-+                        },
-+                        "interfaces": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "object",
-+                                "optional": true,
-+                                "properties": {
-+                                    "ack_reason": {
-+                                        "type": "integer"
-+                                    },
-+                                    "ack_result": {
-+                                        "type": "integer"
-+                                    },
-+                                    "uuid": {
-+                                        "type": "string"
-+                                    },
-+                                    "version": {
-+                                        "type": "string"
-+                                    }
-+                                },
-+                                "additionalProperties": false
-+                            }
-+                        },
-+                        "req": {
-+                            "type": "object",
-+                            "optional": true,
-+                            "properties": {
-+                                "frag_cnt": {
-+                                    "type": "integer"
-+                                },
-+                                "stub_data_size": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "res": {
-+                            "type": "object",
-+                            "optional": true,
-+                            "properties": {
-+                                "frag_cnt": {
-+                                    "type": "integer"
-+                                },
-+                                "stub_data_size": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "kerberos": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "realm": {
-+                            "type": "string"
-+                        },
-+                        "snames": {
-+                            "type": "array",
-+                            "items": {
-+                                "type": "string"
-+                            }
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "ntlmssp": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "domain": {
-+                            "type": "string"
-+                        },
-+                        "host": {
-+                            "type": "string"
-+                        },
-+                        "user": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "request": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "native_lm": {
-+                            "type": "string"
-+                        },
-+                        "native_os": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "response": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "native_lm": {
-+                            "type": "string"
-+                        },
-+                        "native_os": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "service": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "request": {
-+                            "type": "string"
-+                        },
-+                        "response": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "smtp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "helo": {
-+                    "type": "string"
-+                },
-+                "mail_from": {
-+                    "type": "string"
-+                },
-+                "rcpt_to": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "snmp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "community": {
-+                    "type": "string"
-+                },
-+                "pdu_type": {
-+                    "type": "string"
-+                },
-+                "usm": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "integer"
-+                },
-+                "vars": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "ssh": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "client": {
-+                    "type": "object",
-+                    "properties": {
-+                        "proto_version": {
-+                            "type": "string"
-+                        },
-+                        "software_version": {
-+                            "type": "string"
-+                        },
-+                        "hassh": {
-+                            "type": "object",
-+                            "properties": {
-+                                "hash": {
-+                                    "type": "string"
-+                                },
-+                                "string": {
-+                                    "type": "string"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "server": {
-+                    "type": "object",
-+                    "properties": {
-+                        "proto_version": {
-+                            "type": "string"
-+                        },
-+                        "software_version": {
-+                            "type": "string"
-+                        },
-+                        "hassh": {
-+                            "type": "object",
-+                            "properties": {
-+                                "hash": {
-+                                    "type": "string"
-+                                },
-+                                "string": {
-+                                    "type": "string"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "stats": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "uptime": {
-+                    "type": "integer"
-+                },
-+                "app_layer": {
-+                    "type": "object",
-+                    "properties": {
-+                        "expectations": {
-+                            "type": "integer"
-+                        },
-+                        "error": {
-+                            "type": "object",
-+                            "properties": {
-+                                "dcerpc_tcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "dcerpc_udp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "dhcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "dnp3": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "dns_tcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "dns_udp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "enip_tcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "enip_udp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "failed_tcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "ftp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "ftp-data": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "http": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "http2": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "ike": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "imap": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "krb5_tcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "krb5_udp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "mqtt": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "nfs_tcp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "nfs_udp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "ntp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "pgsql": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "quic": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "rdp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "rfb": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "sip": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "smb": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "smtp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "snmp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "ssh": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "telnet": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "tftp": { "$ref": "#/$defs/stats_applayer_error" },
-+                                "tls": { "$ref": "#/$defs/stats_applayer_error" }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "flow": {
-+                            "type": "object",
-+                            "properties": {
-+                                "dcerpc_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "dcerpc_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "dhcp": {
-+                                    "type": "integer"
-+                                },
-+                                "dnp3": {
-+                                    "type": "integer"
-+                                },
-+                                "dns_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "dns_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "enip_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "enip_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "failed_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "failed_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "ftp": {
-+                                    "type": "integer"
-+                                },
-+                                "ftp-data": {
-+                                    "type": "integer"
-+                                },
-+                                "http": {
-+                                    "type": "integer"
-+                                },
-+                                "http2": {
-+                                    "type": "integer"
-+                                },
-+                                "ike": {
-+                                    "type": "integer"
-+                                },
-+                                "ikev2": {
-+                                    "type": "integer"
-+                                },
-+                                "imap": {
-+                                    "type": "integer"
-+                                },
-+                                "krb5_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "krb5_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "modbus": {
-+                                    "type": "integer"
-+                                },
-+                                "mqtt": {
-+                                    "type": "integer"
-+                                },
-+                                "nfs_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "nfs_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "ntp": {
-+                                    "type": "integer"
-+                                },
-+                                "pgsql": {
-+                                    "type": "integer"
-+                                },
-+                                "quic": {
-+                                    "type": "integer"
-+                                },
-+                                "rdp": {
-+                                    "type": "integer"
-+                                },
-+                                "rfb": {
-+                                    "type": "integer"
-+                                },
-+                                "sip": {
-+                                    "type": "integer"
-+                                },
-+                                "smb": {
-+                                    "type": "integer"
-+                                },
-+                                "smtp": {
-+                                    "type": "integer"
-+                                },
-+                                "snmp": {
-+                                    "type": "integer"
-+                                },
-+                                "ssh": {
-+                                    "type": "integer"
-+                                },
-+                                "telnet": {
-+                                    "type": "integer"
-+                                },
-+                                "tftp": {
-+                                    "type": "integer"
-+                                },
-+                                "tls": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "tx": {
-+                            "type": "object",
-+                            "properties": {
-+                                "dcerpc_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "dcerpc_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "dhcp": {
-+                                    "type": "integer"
-+                                },
-+                                "dnp3": {
-+                                    "type": "integer"
-+                                },
-+                                "dns_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "dns_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "enip_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "enip_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "ftp": {
-+                                    "type": "integer"
-+                                },
-+                                "ftp-data": {
-+                                    "type": "integer"
-+                                },
-+                                "http": {
-+                                    "type": "integer"
-+                                },
-+                                "http2": {
-+                                    "type": "integer"
-+                                },
-+                                "ike": {
-+                                    "type": "integer"
-+                                },
-+                                "ikev2": {
-+                                    "type": "integer"
-+                                },
-+                                "imap": {
-+                                    "type": "integer"
-+                                },
-+                                "krb5_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "krb5_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "modbus": {
-+                                    "type": "integer"
-+                                },
-+                                "mqtt": {
-+                                    "type": "integer"
-+                                },
-+                                "nfs_tcp": {
-+                                    "type": "integer"
-+                                },
-+                                "nfs_udp": {
-+                                    "type": "integer"
-+                                },
-+                                "ntp": {
-+                                    "type": "integer"
-+                                },
-+                                "pgsql": {
-+                                    "type": "integer"
-+                                },
-+                                "quic": {
-+                                    "type": "integer"
-+                                },
-+                                "rdp": {
-+                                    "type": "integer"
-+                                },
-+                                "rfb": {
-+                                    "type": "integer"
-+                                },
-+                                "sip": {
-+                                    "type": "integer"
-+                                },
-+                                "smb": {
-+                                    "type": "integer"
-+                                },
-+                                "smtp": {
-+                                    "type": "integer"
-+                                },
-+                                "snmp": {
-+                                    "type": "integer"
-+                                },
-+                                "ssh": {
-+                                    "type": "integer"
-+                                },
-+                                "telnet": {
-+                                    "type": "integer"
-+                                },
-+                                "tftp": {
-+                                    "type": "integer"
-+                                },
-+                                "tls": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "decoder": {
-+                    "type": "object",
-+                    "properties": {
-+                        "avg_pkt_size": {
-+                            "type": "integer"
-+                        },
-+                        "bytes": {
-+                            "type": "integer"
-+                        },
-+                        "chdlc": {
-+                            "type": "integer"
-+                        },
-+                        "erspan": {
-+                            "type": "integer"
-+                        },
-+                        "esp": {
-+                            "type": "integer"
-+                        },
-+                        "ethernet": {
-+                            "type": "integer"
-+                        },
-+                        "geneve": {
-+                            "type": "integer"
-+                        },
-+                        "gre": {
-+                            "type": "integer"
-+                        },
-+                        "icmpv4": {
-+                            "type": "integer"
-+                        },
-+                        "icmpv6": {
-+                            "type": "integer"
-+                        },
-+                        "ieee8021ah": {
-+                            "type": "integer"
-+                        },
-+                        "invalid": {
-+                            "type": "integer"
-+                        },
-+                        "ipv4": {
-+                            "type": "integer"
-+                        },
-+                        "ipv4_in_ipv6": {
-+                            "type": "integer"
-+                        },
-+                        "ipv6": {
-+                            "type": "integer"
-+                        },
-+                        "ipv6_in_ipv6": {
-+                            "type": "integer"
-+                        },
-+                        "max_mac_addrs_dst": {
-+                            "type": "integer"
-+                        },
-+                        "max_mac_addrs_src": {
-+                            "type": "integer"
-+                        },
-+                        "max_pkt_size": {
-+                            "type": "integer"
-+                        },
-+                        "mpls": {
-+                            "type": "integer"
-+                        },
-+                        "nsh": {
-+                            "type": "integer"
-+                        },
-+                        "null": {
-+                            "type": "integer"
-+                        },
-+                        "pkts": {
-+                            "type": "integer"
-+                        },
-+                        "ppp": {
-+                            "type": "integer"
-+                        },
-+                        "pppoe": {
-+                            "type": "integer"
-+                        },
-+                        "raw": {
-+                            "type": "integer"
-+                        },
-+                        "sctp": {
-+                            "type": "integer"
-+                        },
-+                        "sll": {
-+                            "type": "integer"
-+                        },
-+                        "tcp": {
-+                            "type": "integer"
-+                        },
-+                        "teredo": {
-+                            "type": "integer"
-+                        },
-+                        "too_many_layers": {
-+                            "type": "integer"
-+                        },
-+                        "udp": {
-+                            "type": "integer"
-+                        },
-+                        "vlan": {
-+                            "type": "integer"
-+                        },
-+                        "vlan_qinq": {
-+                            "type": "integer"
-+                        },
-+                        "vntag": {
-+                            "type": "integer"
-+                        },
-+                        "vxlan": {
-+                            "type": "integer"
-+                        },
-+                        "event": {
-+                            "type": "object",
-+                            "properties": {
-+                                "chdlc": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "dce": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "erspan": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "header_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "too_many_vlan_layers": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unsupported_version": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "esp": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ethernet": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "geneve": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "unknown_payload_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "gre": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version0_flags": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version0_hdr_too_big": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version0_malformed_sre_hdr": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version0_recur": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_chksum": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_flags": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_hdr_too_big": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_malformed_sre_hdr": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_no_key": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_recur": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_route": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_ssr": {
-+                                            "type": "integer"
-+                                        },
-+                                        "version1_wrong_protocol": {
-+                                            "type": "integer"
-+                                        },
-+                                        "wrong_version": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "icmpv4": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "ipv4_trunc_pkt": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv4_unknown_ver": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_code": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "icmpv6": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "experimentation_type": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv6_trunc_pkt": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv6_unknown_version": {
-+                                            "type": "integer"
-+                                        },
-+                                        "mld_message_with_invalid_hl": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unassigned_type": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_code": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ieee8021ah": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "header_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ipraw": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "invalid_ip_version": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ipv4": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "frag_ignored": {
-+                                            "type": "integer"
-+                                        },
-+                                        "frag_overlap": {
-+                                            "type": "integer"
-+                                        },
-+                                        "frag_pkt_too_large": {
-+                                            "type": "integer"
-+                                        },
-+                                        "hlen_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "icmpv6": {
-+                                            "type": "integer"
-+                                        },
-+                                        "iplen_smaller_than_hlen": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_duplicate": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_eol_required": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_invalid": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_invalid_len": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_malformed": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_pad_required": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_unknown": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "trunc_pkt": {
-+                                            "type": "integer"
-+                                        },
-+                                        "wrong_ip_version": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ipv6": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "data_after_none_header": {
-+                                            "type": "integer"
-+                                        },
-+                                        "dstopts_only_padding": {
-+                                            "type": "integer"
-+                                        },
-+                                        "dstopts_unknown_opt": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_ah_res_not_null": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_dupl_ah": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_dupl_dh": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_dupl_eh": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_dupl_fh": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_dupl_hh": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_dupl_rh": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_invalid_optlen": {
-+                                            "type": "integer"
-+                                        },
-+                                        "exthdr_useless_fh": {
-+                                            "type": "integer"
-+                                        },
-+                                        "fh_non_zero_reserved_field": {
-+                                            "type": "integer"
-+                                        },
-+                                        "frag_ignored": {
-+                                            "type": "integer"
-+                                        },
-+                                        "frag_invalid_length": {
-+                                            "type": "integer"
-+                                        },
-+                                        "frag_overlap": {
-+                                            "type": "integer"
-+                                        },
-+                                        "frag_pkt_too_large": {
-+                                            "type": "integer"
-+                                        },
-+                                        "hopopts_only_padding": {
-+                                            "type": "integer"
-+                                        },
-+                                        "hopopts_unknown_opt": {
-+                                            "type": "integer"
-+                                        },
-+                                        "icmpv4": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv4_in_ipv6_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv4_in_ipv6_wrong_version": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv6_in_ipv6_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ipv6_in_ipv6_wrong_version": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "rh_type_0": {
-+                                            "type": "integer"
-+                                        },
-+                                        "trunc_exthdr": {
-+                                            "type": "integer"
-+                                        },
-+                                        "trunc_pkt": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_next_header": {
-+                                            "type": "integer"
-+                                        },
-+                                        "wrong_ip_version": {
-+                                            "type": "integer"
-+                                        },
-+                                        "zero_len_padn": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ltnull": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unsupported_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "mpls": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "bad_label_implicit_null": {
-+                                            "type": "integer"
-+                                        },
-+                                        "bad_label_reserved": {
-+                                            "type": "integer"
-+                                        },
-+                                        "bad_label_router_alert": {
-+                                            "type": "integer"
-+                                        },
-+                                        "header_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_payload_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "nsh": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "bad_header_length": {
-+                                            "type": "integer"
-+                                        },
-+                                        "header_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "reserved_type": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_payload": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unsupported_type": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unsupported_version": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "ppp": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "ip4_pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "ip6_pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unsup_proto": {
-+                                            "type": "integer"
-+                                        },
-+                                        "vju_pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "wrong_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "pppoe": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "malformed_tags": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "wrong_code": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "sctp": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "sll": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "tcp": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "hlen_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "invalid_optlen": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_duplicate": {
-+                                            "type": "integer"
-+                                        },
-+                                        "opt_invalid_len": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "udp": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "hlen_invalid": {
-+                                            "type": "integer"
-+                                        },
-+                                        "hlen_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "pkt_too_small": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "vlan": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "header_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "too_many_layers": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "vntag": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "header_too_small": {
-+                                            "type": "integer"
-+                                        },
-+                                        "unknown_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                },
-+                                "vxlan": {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "unknown_payload_type": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "defrag": {
-+                    "type": "object",
-+                    "properties": {
-+                        "max_frag_hits": {
-+                            "type": "integer"
-+                        },
-+                        "ipv4": {
-+                            "type": "object",
-+                            "properties": {
-+                                "fragments": {
-+                                    "type": "integer"
-+                                },
-+                                "reassembled": {
-+                                    "type": "integer"
-+                                },
-+                                "timeouts": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "ipv6": {
-+                            "type": "object",
-+                            "properties": {
-+                                "fragments": {
-+                                    "type": "integer"
-+                                },
-+                                "reassembled": {
-+                                    "type": "integer"
-+                                },
-+                                "timeouts": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "detect": {
-+                    "type": "object",
-+                    "properties": {
-+                        "alert": {
-+                            "type": "integer"
-+                        },
-+                        "alert_queue_overflow": {
-+                            "type": "integer"
-+                        },
-+                        "alerts_suppressed": {
-+                            "type": "integer"
-+                        },
-+                        "engines": {
-+                            "type": "array",
-+                            "items": [
-+                                {
-+                                    "type": "object",
-+                                    "properties": {
-+                                        "id": {
-+                                            "type": "integer"
-+                                        },
-+                                        "last_reload": {
-+                                            "type": "string"
-+                                        },
-+                                        "rules_loaded": {
-+                                            "type": "integer"
-+                                        },
-+                                        "rules_failed": {
-+                                            "type": "integer"
-+                                        }
-+                                    },
-+                                    "additionalProperties": false
-+                                }
-+                            ]
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "file_store": {
-+                    "type": "object",
-+                    "properties": {
-+                        "fs_errors": {
-+                            "type": "integer"
-+                        },
-+                        "open_files": {
-+                            "type": "integer"
-+                        },
-+                        "open_files_max_hit": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "flow": {
-+                    "type": "object",
-+                    "properties": {
-+                        "emerg_mode_entered": {
-+                            "type": "integer"
-+                        },
-+                        "emerg_mode_over": {
-+                            "type": "integer"
-+                        },
-+                        "get_used": {
-+                            "type": "integer"
-+                        },
-+                        "get_used_eval": {
-+                            "type": "integer"
-+                        },
-+                        "get_used_eval_busy": {
-+                            "type": "integer"
-+                        },
-+                        "get_used_eval_reject": {
-+                            "type": "integer"
-+                        },
-+                        "get_used_failed": {
-+                            "type": "integer"
-+                        },
-+                        "icmpv4": {
-+                            "type": "integer"
-+                        },
-+                        "icmpv6": {
-+                            "type": "integer"
-+                        },
-+                        "memcap": {
-+                            "type": "integer"
-+                        },
-+                        "memuse": {
-+                            "type": "integer"
-+                        },
-+                        "spare": {
-+                            "type": "integer"
-+                        },
-+                        "tcp": {
-+                            "type": "integer"
-+                        },
-+                        "tcp_reuse": {
-+                            "type": "integer"
-+                        },
-+                        "udp": {
-+                            "type": "integer"
-+                        },
-+                        "mgr": {
-+                            "type": "object",
-+                            "properties": {
-+                                "bypassed_pruned": {
-+                                    "type": "integer"
-+                                },
-+                                "closed_pruned": {
-+                                    "type": "integer"
-+                                },
-+                                "est_pruned": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_checked": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_evicted": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_evicted_needs_work": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_notimeout": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_timeout": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_timeout_inuse": {
-+                                    "type": "integer"
-+                                },
-+                                "full_hash_pass": {
-+                                    "type": "integer"
-+                                },
-+                                "new_pruned": {
-+                                    "type": "integer"
-+                                },
-+                                "rows_maxlen": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        },
-+                        "wrk": {
-+                            "type": "object",
-+                            "properties": {
-+                                "flows_evicted": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_evicted_needs_work": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_evicted_pkt_inject": {
-+                                    "type": "integer"
-+                                },
-+                                "flows_injected": {
-+                                    "type": "integer"
-+                                },
-+                                "spare_sync": {
-+                                    "type": "integer"
-+                                },
-+                                "spare_sync_avg": {
-+                                    "type": "integer"
-+                                },
-+                                "spare_sync_empty": {
-+                                    "type": "integer"
-+                                },
-+                                "spare_sync_incomplete": {
-+                                    "type": "integer"
-+                                }
-+                            },
-+                            "additionalProperties": false
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "flow_bypassed": {
-+                    "type": "object",
-+                    "properties": {
-+                        "bytes": {
-+                            "type": "integer"
-+                        },
-+                        "closed": {
-+                            "type": "integer"
-+                        },
-+                        "local_bytes": {
-+                            "type": "integer"
-+                        },
-+                        "local_capture_bytes": {
-+                            "type": "integer"
-+                        },
-+                        "local_capture_pkts": {
-+                            "type": "integer"
-+                        },
-+                        "local_pkts": {
-+                            "type": "integer"
-+                        },
-+                        "pkts": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "flow_mgr": {
-+                    "type": "object",
-+                    "properties": {
-+                        "bypassed_pruned": {
-+                            "type": "integer"
-+                        },
-+                        "closed_pruned": {
-+                            "type": "integer"
-+                        },
-+                        "est_pruned": {
-+                            "type": "integer"
-+                        },
-+                        "flows_checked": {
-+                            "type": "integer"
-+                        },
-+                        "flows_notimeout": {
-+                            "type": "integer"
-+                        },
-+                        "flows_removed": {
-+                            "type": "integer"
-+                        },
-+                        "flows_timeout": {
-+                            "type": "integer"
-+                        },
-+                        "flows_timeout_inuse": {
-+                            "type": "integer"
-+                        },
-+                        "new_pruned": {
-+                            "type": "integer"
-+                        },
-+                        "rows_busy": {
-+                            "type": "integer"
-+                        },
-+                        "rows_checked": {
-+                            "type": "integer"
-+                        },
-+                        "rows_empty": {
-+                            "type": "integer"
-+                        },
-+                        "rows_maxlen": {
-+                            "type": "integer"
-+                        },
-+                        "rows_skipped": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "ftp": {
-+                    "type": "object",
-+                    "properties": {
-+                        "memcap": {
-+                            "type": "integer"
-+                        },
-+                        "memuse": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "http": {
-+                    "type": "object",
-+                    "properties": {
-+                        "memcap": {
-+                            "type": "integer"
-+                        },
-+                        "memuse": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "tcp": {
-+                    "type": "object",
-+                    "properties": {
-+                        "insert_data_normal_fail": {
-+                            "type": "integer"
-+                        },
-+                        "insert_data_overlap_fail": {
-+                            "type": "integer"
-+                        },
-+                        "insert_list_fail": {
-+                            "type": "integer"
-+                        },
-+                        "invalid_checksum": {
-+                            "type": "integer"
-+                        },
-+                        "memuse": {
-+                            "type": "integer"
-+                        },
-+                        "midstream_pickups": {
-+                            "type": "integer"
-+                        },
-+                        "no_flow": {
-+                            "type": "integer"
-+                        },
-+                        "overlap": {
-+                            "type": "integer"
-+                        },
-+                        "overlap_diff_data": {
-+                            "type": "integer"
-+                        },
-+                        "pkt_on_wrong_thread": {
-+                            "type": "integer"
-+                        },
-+                        "pseudo": {
-+                            "type": "integer"
-+                        },
-+                        "pseudo_failed": {
-+                            "type": "integer"
-+                        },
-+                        "reassembly_gap": {
-+                            "type": "integer"
-+                        },
-+                        "reassembly_memuse": {
-+                            "type": "integer"
-+                        },
-+                        "rst": {
-+                            "type": "integer"
-+                        },
-+                        "segment_memcap_drop": {
-+                            "type": "integer"
-+                        },
-+                        "sessions": {
-+                            "type": "integer"
-+                        },
-+                        "ssn_memcap_drop": {
-+                            "type": "integer"
-+                        },
-+                        "stream_depth_reached": {
-+                            "type": "integer"
-+                        },
-+                        "syn": {
-+                            "type": "integer"
-+                        },
-+                        "synack": {
-+                            "type": "integer"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "tcp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "ack": {
-+                    "type": "boolean"
-+                },
-+                "cwr": {
-+                    "type": "boolean"
-+                },
-+                "ecn": {
-+                    "type": "boolean"
-+                },
-+                "fin": {
-+                    "type": "boolean"
-+                },
-+                "psh": {
-+                    "type": "boolean"
-+                },
-+                "rst": {
-+                    "type": "boolean"
-+                },
-+                "state": {
-+                    "type": "string"
-+                },
-+                "syn": {
-+                    "type": "boolean"
-+                },
-+                "tcp_flags": {
-+                    "type": "string"
-+                },
-+                "tcp_flags_tc": {
-+                    "type": "string"
-+                },
-+                "tcp_flags_ts": {
-+                    "type": "string"
-+                },
-+                "urg": {
-+                    "type": "boolean"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "template": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "request": {
-+                    "type": "string"
-+                },
-+                "response": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "tftp": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "file": {
-+                    "type": "string"
-+                },
-+                "mode": {
-+                    "type": "string"
-+                },
-+                "packet": {
-+                    "type": "string"
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "tls": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "fingerprint": {
-+                    "type": "string"
-+                },
-+                "from_proto": {
-+                    "type": "string"
-+                },
-+                "issuerdn": {
-+                    "type": "string"
-+                },
-+                "notafter": {
-+                    "type": "string"
-+                },
-+                "notbefore": {
-+                    "type": "string"
-+                },
-+                "serial": {
-+                    "type": "string"
-+                },
-+                "session_resumed": {
-+                    "type": "boolean"
-+                },
-+                "sni": {
-+                    "type": "string"
-+                },
-+                "subject": {
-+                    "type": "string"
-+                },
-+                "version": {
-+                    "type": "string"
-+                },
-+                "ja3": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "hash": {
-+                            "type": "string"
-+                        },
-+                        "string": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                },
-+                "ja3s": {
-+                    "type": "object",
-+                    "optional": true,
-+                    "properties": {
-+                        "hash": {
-+                            "type": "string"
-+                        },
-+                        "string": {
-+                            "type": "string"
-+                        }
-+                    },
-+                    "additionalProperties": false
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "traffic": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "id": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                },
-+                "label": {
-+                    "type": "array",
-+                    "items": {
-+                        "type": "string"
-+                    }
-+                }
-+            },
-+            "additionalProperties": false
-+        },
-+        "tunnel": {
-+            "type": "object",
-+            "optional": true,
-+            "properties": {
-+                "depth": {
-+                    "type": "integer"
-+                },
-+                "dest_ip": {
-+                    "type": "string"
-+                },
-+                "dest_port": {
-+                    "type": "integer"
-+                },
-+                "pcap_cnt": {
-+                    "type": "integer"
-+                },
-+                "pkt_src": {
-+                    "type": "string"
-+                },
-+                "proto": {
-+                    "type": "string"
-+                },
-+                "src_ip": {
-+                    "type": "string"
-+                },
-+                "src_port": {
-+                    "type": "integer"
-+                }
-+            },
-+            "additionalProperties": false
-+        }
-+    },
-+    "additionalProperties": false,
-+    "$defs": {
-+        "stats_applayer_error": {
-+            "type": "object",
-+            "properties": {
-+                "gap": {
-+                    "type": "integer"
-+                },
-+                "alloc": {
-+                    "type": "integer"
-+                },
-+                "parser": {
-+                    "type": "integer"
-+                },
-+                "internal": {
-+                    "type": "integer"
-+                }
-+            },
-+            "additionalProperties": false
-+        }
-+    }
-+}
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-003.patch b/recipes-ids/suricata/files/CVE-2024-55628-003.patch
deleted file mode 100644
index c498a6b..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55628-003.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 5edb84fe234f47a0fedfbf9b10b49699152fe8cb Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Thu, 31 Oct 2024 15:46:35 -0600
-Subject: [PATCH] eve/dns: add truncation flags for fields that are truncated
-
-If rrname, rdata or mname are truncated, set a flag field like
-'rrname_truncated: true' to indicate that the name is truncated.
-
-Ticket: #7280
-
-(cherry picked from commit 37f4c52b22fcdde4adf9b479cb5700f89d00768d)
-
-CVE: CVE-2024-55628
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/5edb84fe234f47a0fedfbf9b10b49699152fe8cb]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- etc/schema.json     |  7 +++++++
- rust/src/dns/log.rs | 19 +++++++++++++++++++
- 2 files changed, 26 insertions(+)
-
-diff --git a/etc/schema.json b/etc/schema.json
-index 99f419f..422d77c 100644
---- a/etc/schema.json
-+++ b/etc/schema.json
-@@ -790,6 +790,9 @@
-                 "rrname": {
-                     "type": "string"
-                 },
-+		"rrname_truncated": {
-+		    "type": "boolean"
-+		},
-                 "rrtype": {
-                     "type": "string"
-                 },
-@@ -2365,6 +2368,10 @@
-                             "type": "array",
-                             "items": {
-                                 "type": "integer"
-+                            },
-+                            "rrname_truncated": {
-+                                "description": "Set to true if the rrname was too long and truncated by Suricata",
-+                                "type": "boolean"
-                             }
-                         }
-                     },
-diff --git a/rust/src/dns/log.rs b/rust/src/dns/log.rs
-index 6bf9589..d0e468d 100644
---- a/rust/src/dns/log.rs
-+++ b/rust/src/dns/log.rs
-@@ -399,7 +399,13 @@ fn dns_log_soa(soa: &DNSRDataSOA) -> Result<JsonBuilder, JsonError> {
-     let mut js = JsonBuilder::try_new_object()?;
- 
-     js.set_string_from_bytes("mname", &soa.mname.value)?;
-+    if soa.mname.flags.contains(DNSNameFlags::TRUNCATED) {
-+        js.set_bool("mname_truncated", true)?;
-+    }
-     js.set_string_from_bytes("rname", &soa.rname.value)?;
-+    if soa.rname.flags.contains(DNSNameFlags::TRUNCATED) {
-+        js.set_bool("rname_truncated", true)?;
-+    }
-     js.set_uint("serial", soa.serial as u64)?;
-     js.set_uint("refresh", soa.refresh as u64)?;
-     js.set_uint("retry", soa.retry as u64)?;
-@@ -444,6 +450,9 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, Js
-     let mut jsa = JsonBuilder::try_new_object()?;
- 
-     jsa.set_string_from_bytes("rrname", &answer.name.value)?;
-+    if answer.name.flags.contains(DNSNameFlags::TRUNCATED) {
-+        jsa.set_bool("rrname_truncated", true)?;
-+    }
-     jsa.set_string("rrtype", &dns_rrtype_string(answer.rrtype))?;
-     jsa.set_uint("ttl", answer.ttl as u64)?;
- 
-@@ -453,6 +462,9 @@ fn dns_log_json_answer_detail(answer: &DNSAnswerEntry) -> Result<JsonBuilder, Js
-         }
-         DNSRData::CNAME(name) | DNSRData::MX(name) | DNSRData::NS(name) | DNSRData::PTR(name) => {
-             jsa.set_string_from_bytes("rdata", &name.value)?;
-+            if name.flags.contains(DNSNameFlags::TRUNCATED) {
-+                jsa.set_bool("rdata_truncated", true)?;
-+            }
-         }
-         DNSRData::TXT(bytes) | DNSRData::NULL(bytes) => {
-             jsa.set_string_from_bytes("rdata", bytes)?;
-@@ -506,6 +518,9 @@ fn dns_log_json_answer(
- 
-     if let Some(query) = response.queries.first() {
-         js.set_string_from_bytes("rrname", &query.name.value)?;
-+        if query.name.flags.contains(DNSNameFlags::TRUNCATED) {
-+            js.set_bool("rrname_truncated", true)?;
-+        }
-         js.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
-     }
-     js.set_string("rcode", &dns_rcode_string(header.flags))?;
-@@ -532,6 +547,7 @@ fn dns_log_json_answer(
-                     | DNSRData::MX(name)
-                     | DNSRData::NS(name)
-                     | DNSRData::PTR(name) => {
-+                        // Flags like truncated not logged here as it would break the schema.
-                         if !answer_types.contains_key(&type_string) {
-                             answer_types
-                                 .insert(type_string.to_string(), JsonBuilder::try_new_array()?);
-@@ -620,6 +636,9 @@ fn dns_log_query(
-                 jb.set_string("type", "query")?;
-                 jb.set_uint("id", request.header.tx_id as u64)?;
-                 jb.set_string_from_bytes("rrname", &query.name.value)?;
-+                if query.name.flags.contains(DNSNameFlags::TRUNCATED) {
-+                    jb.set_bool("rrname_truncated", true)?;
-+                }
-                 jb.set_string("rrtype", &dns_rrtype_string(query.rrtype))?;
-                 jb.set_uint("tx_id", tx.id - 1)?;
-                 if request.header.flags & 0x0040 != 0 {
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2024-55628-004.patch b/recipes-ids/suricata/files/CVE-2024-55628-004.patch
deleted file mode 100644
index 5a2bcf6..0000000
--- a/recipes-ids/suricata/files/CVE-2024-55628-004.patch
+++ /dev/null
@@ -1,510 +0,0 @@
-From 71212b78bd1b7b841c9d9a907d0b3eea71a54060 Mon Sep 17 00:00:00 2001
-From: Jason Ish <jason.ish@oisf.net>
-Date: Fri, 1 Nov 2024 11:39:23 -0600
-Subject: [PATCH] dns: provide events for recoverable parse errors
-
-Add events for the following resource name parsing issues:
-
-- name truncated as its too long
-- maximum number of labels reached
-- infinite loop
-
-Currently these events are only registered when encountered, but
-recoverable. That is where we are able to return some of the name,
-usually in a truncated state.
-
-As name parsing has many code paths, we pass in a pointer to a flag
-field that can be updated by the name parser, this is done in
-addition to the flags being set on a specific name as when logging we
-want to designate which fields are truncated, etc. But for alerts, we
-just care that something happened during the parse. It also reduces
-errors as it won't be forgotten to check for the flags and set the
-event if some new parser is written that also parses names.
-
-Ticket: #7280
-
-(cherry picked from commit 19cf0f81335d9f787d587450f7105ad95a648951)
-
-CVE: CVE-2024-55628
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- rules/dns-events.rules |   9 +++
- rust/src/dns/dns.rs    |  36 ++++++++++-
- rust/src/dns/parser.rs | 136 +++++++++++++++++++++++++----------------
- 3 files changed, 124 insertions(+), 57 deletions(-)
-
-diff --git a/rules/dns-events.rules b/rules/dns-events.rules
-index d4c02b5..cc43629 100644
---- a/rules/dns-events.rules
-+++ b/rules/dns-events.rules
-@@ -8,3 +8,12 @@ alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client;
- # Z flag (reserved) not 0
- alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; classtype:protocol-command-decode; sid:2240006; rev:2;)
- alert dns any any -> any any (msg:"SURICATA DNS Invalid opcode"; app-layer-event:dns.invalid_opcode; classtype:protocol-command-decode; sid:2240007; rev:1;)
-+
-+# A resource name was too long (over 1025 chars)
-+alert dns any any -> any any (msg:"SURICATA DNS Name too long"; app-layer-event:dns.name_too_long; classtype:protocol-command-decode; sid:224008; rev:1;)
-+
-+# An infinite loop was found while decoding a DNS resource name.
-+alert dns any any -> any any (msg:"SURICATA DNS Infinite loop"; app-layer-event:dns.infinite_loop; classtype:protocol-command-decode; sid:224009; rev:1;)
-+
-+# Suricata's maximum number of DNS name labels was reached while parsing a resource name.
-+alert dns any any -> any any (msg:"SURICATA DNS Too many labels"; app-layer-event:dns.too_many_labels; classtype:protocol-command-decode; sid:224010; rev:1;)
-diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
-index 680bf7e..34406dc 100644
---- a/rust/src/dns/dns.rs
-+++ b/rust/src/dns/dns.rs
-@@ -129,6 +129,12 @@ pub enum DNSEvent {
-     NotResponse,
-     ZFlagSet,
-     InvalidOpcode,
-+    /// A DNS resource name was exessively long and was truncated.
-+    NameTooLong,
-+    /// An infinite loop was found while parsing a name.
-+    InfiniteLoop,
-+    /// Too many labels were found.
-+    TooManyLabels,
- }
- 
- #[derive(Debug, PartialEq, Eq)]
-@@ -418,7 +424,7 @@ impl DNSState {
-         };
- 
-         match parser::dns_parse_request_body(body, input, header) {
--            Ok((_, request)) => {
-+            Ok((_, (request, parse_flags))) => {
-                 if request.header.flags & 0x8000 != 0 {
-                     SCLogDebug!("DNS message is not a request");
-                     self.set_event(DNSEvent::NotRequest);
-@@ -441,6 +447,18 @@ impl DNSState {
-                     self.set_event(DNSEvent::InvalidOpcode);
-                 }
- 
-+                if parse_flags.contains(DNSNameFlags::TRUNCATED) {
-+                    self.set_event(DNSEvent::NameTooLong);
-+                }
-+                
-+                if parse_flags.contains(DNSNameFlags::INFINITE_LOOP) {
-+                    self.set_event(DNSEvent::InfiniteLoop);
-+                }
-+                
-+                if parse_flags.contains(DNSNameFlags::LABEL_LIMIT) {
-+                    self.set_event(DNSEvent::TooManyLabels);
-+                }
-+
-                 return true;
-             }
-             Err(Err::Incomplete(_)) => {
-@@ -490,7 +508,7 @@ impl DNSState {
-         };
- 
-         match parser::dns_parse_response_body(body, input, header) {
--            Ok((_, response)) => {
-+            Ok((_, (response, parse_flags))) => {
-                 SCLogDebug!("Response header flags: {}", response.header.flags);
- 
-                 if response.header.flags & 0x8000 == 0 {
-@@ -519,6 +537,18 @@ impl DNSState {
-                     self.set_event(DNSEvent::InvalidOpcode);
-                 }
- 
-+                if parse_flags.contains(DNSNameFlags::TRUNCATED) {
-+                    self.set_event(DNSEvent::NameTooLong);
-+                }
-+                
-+                if parse_flags.contains(DNSNameFlags::INFINITE_LOOP) {
-+                    self.set_event(DNSEvent::InfiniteLoop);
-+                }
-+                
-+                if parse_flags.contains(DNSNameFlags::LABEL_LIMIT) {
-+                    self.set_event(DNSEvent::TooManyLabels);
-+                }
-+
-                 return true;
-             }
-             Err(Err::Incomplete(_)) => {
-@@ -718,7 +748,7 @@ fn probe(input: &[u8], dlen: usize) -> (bool, bool, bool) {
-     }
- 
-     match parser::dns_parse_request(input) {
--        Ok((_, request)) => {
-+        Ok((_, (request, _))) => {
-             return probe_header_validity(&request.header, dlen);
-         }
-         Err(Err::Incomplete(_)) => match parser::dns_parse_header(input) {
-diff --git a/rust/src/dns/parser.rs b/rust/src/dns/parser.rs
-index 12929bc..c98ba05 100644
---- a/rust/src/dns/parser.rs
-+++ b/rust/src/dns/parser.rs
-@@ -81,7 +81,7 @@ static MAX_NAME_LEN: usize = 1025;
- /// Parameters:
- ///   start: the start of the name
- ///   message: the complete message that start is a part of with the DNS header
--pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8], DNSName> {
-+pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8], parse_flags: &mut DNSNameFlags) -> IResult<&'b [u8], DNSName> {
-     let mut pos = start;
-     let mut pivot = start;
-     let mut name: Vec<u8> = Vec::with_capacity(32);
-@@ -166,6 +166,8 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
-         }
-     }
- 
-+    parse_flags.insert(flags);
-+
-     // If we followed a pointer we return the position after the first
-     // pointer followed. Is there a better way to see if these slices
-     // diverged from each other?  A straight up comparison would
-@@ -188,7 +190,7 @@ pub fn dns_parse_name<'b>(start: &'b [u8], message: &'b [u8]) -> IResult<&'b [u8
- /// multi-string TXT entry as a single quote string, similar to the
- /// output of dig. Something to consider for a future version.
- fn dns_parse_answer<'a>(
--    slice: &'a [u8], message: &'a [u8], count: usize,
-+    slice: &'a [u8], message: &'a [u8], count: usize, flags: &mut DNSNameFlags,
- ) -> IResult<&'a [u8], Vec<DNSAnswerEntry>> {
-     let mut answers = Vec::new();
-     let mut input = slice;
-@@ -201,8 +203,10 @@ fn dns_parse_answer<'a>(
-         data: &'a [u8],
-     }
- 
--    fn subparser<'a>(i: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], Answer<'a>> {
--        let (i, name) = dns_parse_name(i, message)?;
-+    fn subparser<'a>(
-+        i: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+    ) -> IResult<&'a [u8], Answer<'a>> {
-+        let (i, name) = dns_parse_name(i, message, flags)?;
-         let (i, rrtype) = be_u16(i)?;
-         let (i, rrclass) = be_u16(i)?;
-         let (i, ttl) = be_u32(i)?;
-@@ -218,7 +222,7 @@ fn dns_parse_answer<'a>(
-     }
- 
-     for _ in 0..count {
--        match subparser(input, message) {
-+        match subparser(input, message, flags) {
-             Ok((rem, val)) => {
-                 let n = match val.rrtype {
-                     DNS_RECORD_TYPE_TXT => {
-@@ -236,7 +240,7 @@ fn dns_parse_answer<'a>(
-                     }
-                 };
-                 let result: IResult<&'a [u8], Vec<DNSRData>> =
--                    many_m_n(1, n, complete(|b| dns_parse_rdata(b, message, val.rrtype)))(val.data);
-+                    many_m_n(1, n, complete(|b| dns_parse_rdata(b, message, val.rrtype, flags)))(val.data);
-                 match result {
-                     Ok((_, rdatas)) => {
-                         for rdata in rdatas {
-@@ -266,18 +270,19 @@ fn dns_parse_answer<'a>(
- 
- pub fn dns_parse_response_body<'a>(
-     i: &'a [u8], message: &'a [u8], header: DNSHeader,
--) -> IResult<&'a [u8], DNSResponse> {
--    let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?;
--    let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize)?;
--    let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize)?;
-+) -> IResult<&'a [u8], (DNSResponse, DNSNameFlags)> {
-+    let mut flags = DNSNameFlags::default();
-+    let (i, queries) = count(|b| dns_parse_query(b, message, &mut flags), header.questions as usize)(i)?;
-+    let (i, answers) = dns_parse_answer(i, message, header.answer_rr as usize, &mut flags)?;
-+    let (i, authorities) = dns_parse_answer(i, message, header.authority_rr as usize, &mut flags)?;
-     Ok((
-         i,
--        DNSResponse {
-+        (DNSResponse {
-             header,
-             queries,
-             answers,
-             authorities,
--        },
-+        }, flags),
-     ))
- }
- 
-@@ -286,9 +291,9 @@ pub fn dns_parse_response_body<'a>(
- /// Arguments are suitable for using with call!:
- ///
- ///    call!(complete_dns_message_buffer)
--pub fn dns_parse_query<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSQueryEntry> {
-+pub fn dns_parse_query<'a>(input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags) -> IResult<&'a [u8], DNSQueryEntry> {
-     let i = input;
--    let (i, name) = dns_parse_name(i, message)?;
-+    let (i, name) = dns_parse_name(i, message, flags)?;
-     let (i, rrtype) = be_u16(i)?;
-     let (i, rrclass) = be_u16(i)?;
-     Ok((
-@@ -309,22 +314,30 @@ fn dns_parse_rdata_aaaa(input: &[u8]) -> IResult<&[u8], DNSRData> {
-     rest(input).map(|(input, data)| (input, DNSRData::AAAA(data.to_vec())))
- }
- 
--fn dns_parse_rdata_cname<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
--    dns_parse_name(input, message).map(|(input, name)| (input, DNSRData::CNAME(name)))
-+fn dns_parse_rdata_cname<'a>(
-+    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+) -> IResult<&'a [u8], DNSRData> {
-+    dns_parse_name(input, message, flags).map(|(input, name)| (input, DNSRData::CNAME(name)))
- }
- 
--fn dns_parse_rdata_ns<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
--    dns_parse_name(input, message).map(|(input, name)| (input, DNSRData::NS(name)))
-+fn dns_parse_rdata_ns<'a>(
-+    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+) -> IResult<&'a [u8], DNSRData> {
-+    dns_parse_name(input, message, flags).map(|(input, name)| (input, DNSRData::NS(name)))
- }
- 
--fn dns_parse_rdata_ptr<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
--    dns_parse_name(input, message).map(|(input, name)| (input, DNSRData::PTR(name)))
-+fn dns_parse_rdata_ptr<'a>(
-+    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+) -> IResult<&'a [u8], DNSRData> {
-+    dns_parse_name(input, message, flags).map(|(input, name)| (input, DNSRData::PTR(name)))
- }
- 
--fn dns_parse_rdata_soa<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
-+fn dns_parse_rdata_soa<'a>(
-+    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+) -> IResult<&'a [u8], DNSRData> {
-     let i = input;
--    let (i, mname) = dns_parse_name(i, message)?;
--    let (i, rname) = dns_parse_name(i, message)?;
-+    let (i, mname) = dns_parse_name(i, message, flags)?;
-+    let (i, rname) = dns_parse_name(i, message, flags)?;
-     let (i, serial) = be_u32(i)?;
-     let (i, refresh) = be_u32(i)?;
-     let (i, retry) = be_u32(i)?;
-@@ -344,20 +357,24 @@ fn dns_parse_rdata_soa<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u
-     ))
- }
- 
--fn dns_parse_rdata_mx<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
-+fn dns_parse_rdata_mx<'a>(
-+    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+) -> IResult<&'a [u8], DNSRData> {
-     // For MX we skip over the preference field before
-     // parsing out the name.
-     let (i, _) = be_u16(input)?;
--    let (i, name) = dns_parse_name(i, message)?;
-+    let (i, name) = dns_parse_name(i, message, flags)?;
-     Ok((i, DNSRData::MX(name)))
- }
- 
--fn dns_parse_rdata_srv<'a>(input: &'a [u8], message: &'a [u8]) -> IResult<&'a [u8], DNSRData> {
-+fn dns_parse_rdata_srv<'a>(
-+    input: &'a [u8], message: &'a [u8], flags: &mut DNSNameFlags,
-+) -> IResult<&'a [u8], DNSRData> {
-     let i = input;
-     let (i, priority) = be_u16(i)?;
-     let (i, weight) = be_u16(i)?;
-     let (i, port) = be_u16(i)?;
--    let (i, target) = dns_parse_name(i, message)?;
-+    let (i, target) = dns_parse_name(i, message, flags)?;
-     Ok((
-         i,
-         DNSRData::SRV(DNSRDataSRV {
-@@ -398,26 +415,26 @@ fn dns_parse_rdata_unknown(input: &[u8]) -> IResult<&[u8], DNSRData> {
- }
- 
- pub fn dns_parse_rdata<'a>(
--    input: &'a [u8], message: &'a [u8], rrtype: u16,
-+    input: &'a [u8], message: &'a [u8], rrtype: u16, flags: &mut DNSNameFlags
- ) -> IResult<&'a [u8], DNSRData> {
-     match rrtype {
-         DNS_RECORD_TYPE_A => dns_parse_rdata_a(input),
-         DNS_RECORD_TYPE_AAAA => dns_parse_rdata_aaaa(input),
--        DNS_RECORD_TYPE_CNAME => dns_parse_rdata_cname(input, message),
--        DNS_RECORD_TYPE_PTR => dns_parse_rdata_ptr(input, message),
--        DNS_RECORD_TYPE_SOA => dns_parse_rdata_soa(input, message),
--        DNS_RECORD_TYPE_MX => dns_parse_rdata_mx(input, message),
--        DNS_RECORD_TYPE_NS => dns_parse_rdata_ns(input, message),
-+        DNS_RECORD_TYPE_CNAME => dns_parse_rdata_cname(input, message, flags),
-+        DNS_RECORD_TYPE_PTR => dns_parse_rdata_ptr(input, message, flags),
-+        DNS_RECORD_TYPE_SOA => dns_parse_rdata_soa(input, message, flags),
-+        DNS_RECORD_TYPE_MX => dns_parse_rdata_mx(input, message, flags),
-+        DNS_RECORD_TYPE_NS => dns_parse_rdata_ns(input, message, flags),
-         DNS_RECORD_TYPE_TXT => dns_parse_rdata_txt(input),
-         DNS_RECORD_TYPE_NULL => dns_parse_rdata_null(input),
-         DNS_RECORD_TYPE_SSHFP => dns_parse_rdata_sshfp(input),
--        DNS_RECORD_TYPE_SRV => dns_parse_rdata_srv(input, message),
-+        DNS_RECORD_TYPE_SRV => dns_parse_rdata_srv(input, message, flags),
-         _ => dns_parse_rdata_unknown(input),
-     }
- }
- 
- /// Parse a DNS request.
--pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], DNSRequest> {
-+pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], (DNSRequest, DNSNameFlags)> {
-     let i = input;
-     let (i, header) = dns_parse_header(i)?;
-     dns_parse_request_body(i, input, header)
-@@ -425,10 +442,11 @@ pub fn dns_parse_request(input: &[u8]) -> IResult<&[u8], DNSRequest> {
- 
- pub fn dns_parse_request_body<'a>(
-     input: &'a [u8], message: &'a [u8], header: DNSHeader,
--) -> IResult<&'a [u8], DNSRequest> {
-+) -> IResult<&'a [u8], (DNSRequest, DNSNameFlags)> {
-+    let mut flags = DNSNameFlags::default();
-     let i = input;
--    let (i, queries) = count(|b| dns_parse_query(b, message), header.questions as usize)(i)?;
--    Ok((i, DNSRequest { header, queries }))
-+    let (i, queries) = count(|b| dns_parse_query(b, message, &mut flags), header.questions as usize)(i)?;
-+    Ok((i, (DNSRequest { header, queries }, flags)))
- }
- 
- #[cfg(test)]
-@@ -447,7 +465,8 @@ mod tests {
-             0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, /* .com.... */
-         ];
-         let expected_remainder: &[u8] = &[0x00, 0x01, 0x00];
--        let (remainder, name) = dns_parse_name(buf, buf).unwrap();
-+        let mut flags = DNSNameFlags::default();
-+        let (remainder, name) = dns_parse_name(buf, buf, &mut flags).unwrap();
-         assert_eq!("client-cf.dropbox.com".as_bytes(), &name.value[..]);
-         assert_eq!(remainder, expected_remainder);
-     }
-@@ -481,7 +500,8 @@ mod tests {
- 
-         // The name at offset 54 is the complete name.
-         let start1 = &buf[54..];
--        let res1 = dns_parse_name(start1, message);
-+        let mut flags = DNSNameFlags::default();
-+        let res1 = dns_parse_name(start1, message, &mut flags);
-         assert_eq!(
-             res1,
-             Ok((
-@@ -496,7 +516,8 @@ mod tests {
-         // The second name starts at offset 80, but is just a pointer
-         // to the first.
-         let start2 = &buf[80..];
--        let res2 = dns_parse_name(start2, message);
-+        let mut flags = DNSNameFlags::default();
-+        let res2 = dns_parse_name(start2, message, &mut flags);
-         assert_eq!(
-             res2,
-             Ok((
-@@ -511,7 +532,8 @@ mod tests {
-         // The third name starts at offset 94, but is a pointer to a
-         // portion of the first.
-         let start3 = &buf[94..];
--        let res3 = dns_parse_name(start3, message);
-+        let mut flags = DNSNameFlags::default();
-+        let res3 = dns_parse_name(start3, message, &mut flags);
-         assert_eq!(
-             res3,
-             Ok((
-@@ -526,7 +548,8 @@ mod tests {
-         // The fourth name starts at offset 110, but is a pointer to a
-         // portion of the first.
-         let start4 = &buf[110..];
--        let res4 = dns_parse_name(start4, message);
-+        let mut flags = DNSNameFlags::default();
-+        let res4 = dns_parse_name(start4, message, &mut flags);
-         assert_eq!(
-             res4,
-             Ok((
-@@ -567,7 +590,8 @@ mod tests {
-         // packet).
-         let start: &[u8] = &buf[100..];
- 
--        let res = dns_parse_name(start, message);
-+        let mut flags = DNSNameFlags::default();
-+        let res = dns_parse_name(start, message, &mut flags);
-         assert_eq!(
-             res,
-             Ok((
-@@ -595,7 +619,7 @@ mod tests {
- 
-         let res = dns_parse_request(pkt);
-         match res {
--            Ok((rem, request)) => {
-+            Ok((rem, (request, _flags))) => {
-                 // For now we have some remainder data as there is an
-                 // additional record type we don't parse yet.
-                 assert!(!rem.is_empty());
-@@ -626,7 +650,7 @@ mod tests {
-     }
- 
-     /// Parse a DNS response.
--    fn dns_parse_response(message: &[u8]) -> IResult<&[u8], DNSResponse> {
-+    fn dns_parse_response(message: &[u8]) -> IResult<&[u8], (DNSResponse, DNSNameFlags)> {
-         let i = message;
-         let (i, header) = dns_parse_header(i)?;
-         dns_parse_response_body(i, message, header)
-@@ -653,7 +677,7 @@ mod tests {
- 
-         let res = dns_parse_response(pkt);
-         match res {
--            Ok((rem, response)) => {
-+            Ok((rem, (response, _flags))) => {
-                 // The response should be full parsed.
-                 assert_eq!(rem.len(), 0);
- 
-@@ -745,7 +769,7 @@ mod tests {
- 
-         let res = dns_parse_response(pkt);
-         match res {
--            Ok((rem, response)) => {
-+            Ok((rem, (response, _flags))) => {
-                 // For now we have some remainder data as there is an
-                 // additional record type we don't parse yet.
-                 assert!(!rem.is_empty());
-@@ -812,7 +836,7 @@ mod tests {
- 
-         let res = dns_parse_response(pkt);
-         match res {
--            Ok((rem, response)) => {
-+            Ok((rem, (response, _flags))) => {
-                 // The response should be fully parsed.
-                 assert_eq!(rem.len(), 0);
- 
-@@ -924,7 +948,7 @@ mod tests {
- 
-         let res = dns_parse_response(pkt);
-         match res {
--            Ok((rem, response)) => {
-+            Ok((rem, (response, _flags))) => {
-                 // The data should be fully parsed.
-                 assert_eq!(rem.len(), 0);
- 
-@@ -978,7 +1002,8 @@ mod tests {
-             }
-         }
- 
--        let (rem, name) = dns_parse_name(&buf, &buf).unwrap();
-+        let mut flags = DNSNameFlags::default();
-+        let (rem, name) = dns_parse_name(&buf, &buf, &mut flags).unwrap();
-         assert_eq!(name.value.len(), MAX_NAME_LEN);
-         assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
-         assert!(rem.is_empty());
-@@ -995,7 +1020,8 @@ mod tests {
-         // This should fail as we've hit the segment limit without a
-         // pointer, we'd need to keep parsing more segments to figure
-         // out where the next data point lies.
--        assert!(dns_parse_name(&buf, &buf).is_err());
-+        let mut flags = DNSNameFlags::default();
-+        assert!(dns_parse_name(&buf, &buf, &mut flags).is_err());
-     }
- 
-     #[test]
-@@ -1015,7 +1041,8 @@ mod tests {
-         buf.push(0b1100_0000);
-         buf.push(0b000_0000);
- 
--        let (_rem, name) = dns_parse_name(&buf[4..], &buf).unwrap();
-+        let mut flags = DNSNameFlags::default();
-+        let (_rem, name) = dns_parse_name(&buf[4..], &buf, &mut flags).unwrap();
-         assert_eq!(name.value.len(), 255);
-         assert!(name.flags.contains(DNSNameFlags::TRUNCATED));
-     }
-@@ -1025,6 +1052,7 @@ mod tests {
-         let mut buf = vec![];
-         buf.push(0b1100_0000);
-         buf.push(0b0000_0000);
--        assert!(dns_parse_name(&buf, &buf).is_err());
-+        let mut flags = DNSNameFlags::default();
-+        assert!(dns_parse_name(&buf, &buf, &mut flags).is_err());
-     }
- }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2025-29916-01.patch b/recipes-ids/suricata/files/CVE-2025-29916-01.patch
deleted file mode 100644
index ae020e2..0000000
--- a/recipes-ids/suricata/files/CVE-2025-29916-01.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From 2f432c99a9734ea3a75c9218f35060e11a7a39ad Mon Sep 17 00:00:00 2001
-From: Victor Julien <vjulien@oisf.net>
-Date: Tue, 18 Mar 2025 10:55:39 +0100
-Subject: [PATCH] datasets: improve default hashsize handling
-
-Make hashsize default local to dataset code, instead of relying on the
-thash code.
-
-Use the same default value as before.
-
-(cherry picked from commit d32a39ca4b53d7f659f4f0a2a5c162ef97dc4797)
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/2f432c99a9734ea3a75c9218f35060e11a7a39ad]
-CVE: CVE-2025-29916
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/datasets.c | 37 +++++++++++++++++++++++--------------
- 1 file changed, 23 insertions(+), 14 deletions(-)
-
-diff --git a/src/datasets.c b/src/datasets.c
-index 32bcf6e..89e7899 100644
---- a/src/datasets.c
-+++ b/src/datasets.c
-@@ -677,6 +677,11 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
-         }
-     }
- 
-+    GetDefaultMemcap(&default_memcap, &default_hashsize);
-+    if (hashsize == 0) {
-+        hashsize = default_hashsize;
-+    }
-+
-     set = DatasetAlloc(name);
-     if (set == NULL) {
-         goto out_err;
-@@ -696,12 +701,11 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
-     char cnf_name[128];
-     snprintf(cnf_name, sizeof(cnf_name), "datasets.%s.hash", name);
- 
--    GetDefaultMemcap(&default_memcap, &default_hashsize);
-     switch (type) {
-         case DATASET_TYPE_MD5:
-             set->hash = THashInit(cnf_name, sizeof(Md5Type), Md5StrSet, Md5StrFree, Md5StrHash,
-                     Md5StrCompare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
--                    hashsize > 0 ? hashsize : default_hashsize);
-+                    hashsize);
-             if (set->hash == NULL)
-                 goto out_err;
-             if (DatasetLoadMd5(set) < 0)
-@@ -710,7 +714,7 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
-         case DATASET_TYPE_STRING:
-             set->hash = THashInit(cnf_name, sizeof(StringType), StringSet, StringFree, StringHash,
-                     StringCompare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
--                    hashsize > 0 ? hashsize : default_hashsize);
-+                    hashsize);
-             if (set->hash == NULL)
-                 goto out_err;
-             if (DatasetLoadString(set) < 0)
-@@ -719,26 +723,25 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
-         case DATASET_TYPE_SHA256:
-             set->hash = THashInit(cnf_name, sizeof(Sha256Type), Sha256StrSet, Sha256StrFree,
-                     Sha256StrHash, Sha256StrCompare, load != NULL ? 1 : 0,
--                    memcap > 0 ? memcap : default_memcap,
--                    hashsize > 0 ? hashsize : default_hashsize);
-+                    memcap > 0 ? memcap : default_memcap, hashsize);
-             if (set->hash == NULL)
-                 goto out_err;
-             if (DatasetLoadSha256(set) < 0)
-                 goto out_err;
-             break;
-         case DATASET_TYPE_IPV4:
--            set->hash = THashInit(cnf_name, sizeof(IPv4Type), IPv4Set, IPv4Free, IPv4Hash,
--                    IPv4Compare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
--                    hashsize > 0 ? hashsize : default_hashsize);
-+            set->hash =
-+                    THashInit(cnf_name, sizeof(IPv4Type), IPv4Set, IPv4Free, IPv4Hash, IPv4Compare,
-+                            load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap, hashsize);
-             if (set->hash == NULL)
-                 goto out_err;
-             if (DatasetLoadIPv4(set) < 0)
-                 goto out_err;
-             break;
-         case DATASET_TYPE_IPV6:
--            set->hash = THashInit(cnf_name, sizeof(IPv6Type), IPv6Set, IPv6Free, IPv6Hash,
--                    IPv6Compare, load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap,
--                    hashsize > 0 ? hashsize : default_hashsize);
-+            set->hash =
-+                    THashInit(cnf_name, sizeof(IPv6Type), IPv6Set, IPv6Free, IPv6Hash, IPv6Compare,
-+                            load != NULL ? 1 : 0, memcap > 0 ? memcap : default_memcap, hashsize);
-             if (set->hash == NULL)
-                 goto out_err;
-             if (DatasetLoadIPv6(set) < 0)
-@@ -825,6 +828,10 @@ void DatasetPostReloadCleanup(void)
-     SCMutexUnlock(&sets_lock);
- }
- 
-+/* Value reflects THASH_DEFAULT_HASHSIZE which is what the default was earlier,
-+ * despite 2048 commented out in the default yaml. */
-+#define DATASETS_HASHSIZE_DEFAULT 4096
-+
- static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
- {
-     const char *str = NULL;
-@@ -836,12 +843,14 @@ static void GetDefaultMemcap(uint64_t *memcap, uint32_t *hashsize)
-             *memcap = 0;
-         }
-     }
-+
-+    *hashsize = (uint32_t)DATASETS_HASHSIZE_DEFAULT;
-     if (ConfGet("datasets.defaults.hashsize", &str) == 1) {
-         if (ParseSizeStringU32(str, hashsize) < 0) {
-+            *hashsize = (uint32_t)DATASETS_HASHSIZE_DEFAULT;
-             SCLogWarning("hashsize value cannot be deduced: %s,"
--                         " resetting to default",
--                    str);
--            *hashsize = 0;
-+                         " resetting to default: %u",
-+                    str, *hashsize);
-         }
-     }
- }
--- 
-2.49.0
-
diff --git a/recipes-ids/suricata/files/CVE-2025-29916-02.patch b/recipes-ids/suricata/files/CVE-2025-29916-02.patch
deleted file mode 100644
index fbaaabc..0000000
--- a/recipes-ids/suricata/files/CVE-2025-29916-02.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From e28c8c655a324a18932655a2c2b8f0d5aa1c55d7 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Tue, 18 Mar 2025 10:55:39 +0100
-Subject: [PATCH] detect: add configurable limits for datasets
-
-Ticket: 7615
-
-Avoids signatures setting extreme hash sizes, which would lead to very
-high memory use.
-
-Default to allowing:
-- 65536 per dataset
-- 16777216 total
-
-To override these built-in defaults:
-
-```yaml
-datasets:
-  # Limits for per rule dataset instances to avoid rules using too many
-  # resources.
-  limits:
-    # Max value for per dataset `hashsize` setting
-    #single-hashsize: 65536
-    # Max combined hashsize values for all datasets.
-    #total-hashsizes: 16777216
-```
-
-(cherry picked from commit a7713db709b8a0be5fc5e5809ab58e9b14a16e85)
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/e28c8c655a324a18932655a2c2b8f0d5aa1c55d7]
-CVE: CVE-2025-29916
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/datasets.c   | 65 ++++++++++++++++++++++++++++++++++++++++++++++++
- src/util-thash.c |  5 ----
- suricata.yaml.in |  8 ++++++
- 3 files changed, 73 insertions(+), 5 deletions(-)
-
-diff --git a/src/datasets.c b/src/datasets.c
-index 89e7899..0729894 100644
---- a/src/datasets.c
-+++ b/src/datasets.c
-@@ -39,11 +39,16 @@
- #include "util-misc.h"
- #include "util-path.h"
- #include "util-debug.h"
-+#include "util-validate.h"
- 
- SCMutex sets_lock = SCMUTEX_INITIALIZER;
- static Dataset *sets = NULL;
- static uint32_t set_ids = 0;
- 
-+uint32_t dataset_max_one_hashsize = 65536;
-+uint32_t dataset_max_total_hashsize = 16777216;
-+uint32_t dataset_used_hashsize = 0;
-+
- static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
-         DataRepType *rep);
- 
-@@ -629,6 +634,34 @@ Dataset *DatasetFind(const char *name, enum DatasetTypes type)
-     return set;
- }
- 
-+static bool DatasetCheckHashsize(const char *name, uint32_t hash_size)
-+{
-+    if (dataset_max_one_hashsize > 0 && hash_size > dataset_max_one_hashsize) {
-+        SCLogError("hashsize %u in dataset '%s' exceeds configured 'single-hashsize' limit (%u)",
-+                hash_size, name, dataset_max_one_hashsize);
-+        return false;
-+    }
-+    // we cannot underflow as we know from conf loading that
-+    // dataset_max_total_hashsize >= dataset_max_one_hashsize if dataset_max_total_hashsize > 0
-+    if (dataset_max_total_hashsize > 0 &&
-+            dataset_max_total_hashsize - hash_size < dataset_used_hashsize) {
-+        SCLogError("hashsize %u in dataset '%s' exceeds configured 'total-hashsizes' limit (%u, in "
-+                   "use %u)",
-+                hash_size, name, dataset_max_total_hashsize, dataset_used_hashsize);
-+        return false;
-+    }
-+
-+    return true;
-+}
-+
-+static void DatasetUpdateHashsize(const char *name, uint32_t hash_size)
-+{
-+    if (dataset_max_total_hashsize > 0) {
-+        dataset_used_hashsize += hash_size;
-+        SCLogDebug("set %s adding with hash_size %u", name, hash_size);
-+    }
-+}
-+
- Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save, const char *load,
-         uint64_t memcap, uint32_t hashsize)
- {
-@@ -682,6 +715,10 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
-         hashsize = default_hashsize;
-     }
- 
-+    if (!DatasetCheckHashsize(name, hashsize)) {
-+        goto out_err;
-+    }
-+
-     set = DatasetAlloc(name);
-     if (set == NULL) {
-         goto out_err;
-@@ -755,6 +792,10 @@ Dataset *DatasetGet(const char *name, enum DatasetTypes type, const char *save,
-     set->next = sets;
-     sets = set;
- 
-+    /* hash size accounting */
-+    DEBUG_VALIDATE_BUG_ON(set->hash->config.hash_size != hashsize);
-+    DatasetUpdateHashsize(set->name, set->hash->config.hash_size);
-+
-     SCMutexUnlock(&sets_lock);
-     return set;
- out_err:
-@@ -796,6 +837,9 @@ void DatasetReload(void)
-             continue;
-         }
-         set->hidden = true;
-+        if (dataset_max_total_hashsize > 0) {
-+            dataset_used_hashsize -= set->hash->config.hash_size;
-+        }
-         SCLogDebug("Set %s at %p hidden successfully", set->name, set);
-         set = set->next;
-     }
-@@ -863,6 +907,27 @@ int DatasetsInit(void)
-     uint32_t default_hashsize = 0;
-     GetDefaultMemcap(&default_memcap, &default_hashsize);
-     if (datasets != NULL) {
-+        const char *str = NULL;
-+        if (ConfGet("datasets.limits.total-hashsizes", &str) == 1) {
-+            if (ParseSizeStringU32(str, &dataset_max_total_hashsize) < 0) {
-+                FatalError("failed to parse datasets.limits.total-hashsizes value: %s", str);
-+            }
-+        }
-+        if (ConfGet("datasets.limits.single-hashsize", &str) == 1) {
-+            if (ParseSizeStringU32(str, &dataset_max_one_hashsize) < 0) {
-+                FatalError("failed to parse datasets.limits.single-hashsize value: %s", str);
-+            }
-+        }
-+        if (dataset_max_total_hashsize > 0 &&
-+                dataset_max_total_hashsize < dataset_max_one_hashsize) {
-+            FatalError("total-hashsizes (%u) cannot be smaller than single-hashsize (%u)",
-+                    dataset_max_total_hashsize, dataset_max_one_hashsize);
-+        }
-+        if (dataset_max_total_hashsize > 0 && dataset_max_one_hashsize == 0) {
-+            // the total limit also applies for single limit
-+            dataset_max_one_hashsize = dataset_max_total_hashsize;
-+        }
-+
-         int list_pos = 0;
-         ConfNode *iter = NULL;
-         TAILQ_FOREACH(iter, &datasets->head, next) {
-diff --git a/src/util-thash.c b/src/util-thash.c
-index 6443990..3fba3ef 100644
---- a/src/util-thash.c
-+++ b/src/util-thash.c
-@@ -310,16 +310,11 @@ THashTableContext *THashInit(const char *cnf_prefix, size_t data_size,
-     ctx->config.hash_size = hashsize > 0 ? hashsize : THASH_DEFAULT_HASHSIZE;
-     /* Reset memcap in case of loading from file to the highest possible value
-      unless defined by the rule keyword */
--#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
--    // limit memcap size to default when fuzzing
--    ctx->config.memcap = THASH_DEFAULT_MEMCAP;
--#else
-     if (memcap > 0) {
-         ctx->config.memcap = memcap;
-     } else {
-         ctx->config.memcap = reset_memcap ? UINT64_MAX : THASH_DEFAULT_MEMCAP;
-     }
--#endif
-     ctx->config.prealloc = THASH_DEFAULT_PREALLOC;
- 
-     SC_ATOMIC_INIT(ctx->counter);
-diff --git a/suricata.yaml.in b/suricata.yaml.in
-index 6303991..b218515 100644
---- a/suricata.yaml.in
-+++ b/suricata.yaml.in
-@@ -1167,6 +1167,14 @@ datasets:
-     #memcap: 100mb
-     #hashsize: 2048
- 
-+  # Limits for per rule dataset instances to avoid rules using too many
-+  # resources.
-+  limits:
-+    # Max value for per dataset `hashsize` setting
-+    #single-hashsize: 65536
-+    # Max combined hashsize values for all datasets.
-+    #total-hashsizes: 16777216
-+
-   rules:
-     # Set to true to allow absolute filenames and filenames that use
-     # ".." components to reference parent directories in rules that specify
--- 
-2.49.0
-
diff --git a/recipes-ids/suricata/files/CVE-2025-29916-03.patch b/recipes-ids/suricata/files/CVE-2025-29916-03.patch
deleted file mode 100644
index 73e66a2..0000000
--- a/recipes-ids/suricata/files/CVE-2025-29916-03.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From d86c5f9f0c75736d4fce93e27c0773fcb27e1047 Mon Sep 17 00:00:00 2001
-From: Victor Julien <vjulien@oisf.net>
-Date: Mon, 17 Mar 2025 21:19:13 +0100
-Subject: [PATCH] datasets: set higher hashsize limits
-
-To avoid possible upgrade issues, allow higher defaults than in the
-master branch. Add some upgrade guidance and a note that defaults will
-probably be further reduced.
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/d86c5f9f0c75736d4fce93e27c0773fcb27e1047]
-CVE: CVE-2025-29916
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/datasets.c   | 5 +++--
- suricata.yaml.in | 5 +++--
- 2 files changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/src/datasets.c b/src/datasets.c
-index 0729894..f99f63c 100644
---- a/src/datasets.c
-+++ b/src/datasets.c
-@@ -45,8 +45,9 @@ SCMutex sets_lock = SCMUTEX_INITIALIZER;
- static Dataset *sets = NULL;
- static uint32_t set_ids = 0;
- 
--uint32_t dataset_max_one_hashsize = 65536;
--uint32_t dataset_max_total_hashsize = 16777216;
-+/* 4x what we set in master to allow a smoother upgrade path */
-+uint32_t dataset_max_one_hashsize = 262144;
-+uint32_t dataset_max_total_hashsize = 67108864;
- uint32_t dataset_used_hashsize = 0;
- 
- static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
-diff --git a/suricata.yaml.in b/suricata.yaml.in
-index b218515..59db9ef 100644
---- a/suricata.yaml.in
-+++ b/suricata.yaml.in
-@@ -1169,11 +1169,12 @@ datasets:
- 
-   # Limits for per rule dataset instances to avoid rules using too many
-   # resources.
-+  # Note: in Suricata 8 the built-in default will be set to lower values.
-   limits:
-     # Max value for per dataset `hashsize` setting
--    #single-hashsize: 65536
-+    #single-hashsize: 262144
-     # Max combined hashsize values for all datasets.
--    #total-hashsizes: 16777216
-+    #total-hashsizes: 67108864
- 
-   rules:
-     # Set to true to allow absolute filenames and filenames that use
--- 
-2.49.0
-
diff --git a/recipes-ids/suricata/files/CVE-2025-29917.patch b/recipes-ids/suricata/files/CVE-2025-29917.patch
deleted file mode 100644
index 8b30dbf..0000000
--- a/recipes-ids/suricata/files/CVE-2025-29917.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From bab716776ba3561cfbfd1a57fc18ff1f6859f019 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Tue, 17 Dec 2024 15:06:25 +0100
-Subject: [PATCH] detect: limit base64_decode `bytes` to 64KiB
-
-Ticket: 7613
-
-Avoids potential large per-thread memory allocation. A buffer with the
-size of the largest decode_base64 buffer size setting would be allocated
-per thread. As this was a u32, it could mean a per-thread 4GiB memory
-allocation.
-
-64KiB was already the built-in default for cases where bytes size wasn't
-specified.
-
-(cherry picked from commit 32d0bd2bbb4d486623dec85a94952fde2515f2f0)
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/bab716776ba3561cfbfd1a57fc18ff1f6859f019]
-CVE: CVE-2025-29917
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- doc/userguide/rules/base64-keywords.rst |  1 +
- src/detect-base64-decode.c              | 15 ++++++---------
- src/detect.h                            |  2 +-
- 3 files changed, 8 insertions(+), 10 deletions(-)
-
-diff --git a/doc/userguide/rules/base64-keywords.rst b/doc/userguide/rules/base64-keywords.rst
-index 7daf0c2..cf4e679 100644
---- a/doc/userguide/rules/base64-keywords.rst
-+++ b/doc/userguide/rules/base64-keywords.rst
-@@ -15,6 +15,7 @@ Syntax::
-     base64_decode:bytes <value>, offset <value>, relative;
- 
- The ``bytes`` option specifies how many bytes Suricata should decode and make available for base64_data.
-+This number is limited to 64KiB.
- The decoding will stop at the end of the buffer.
- 
- The ``offset`` option specifies how many bytes Suricata should skip before decoding.
-diff --git a/src/detect-base64-decode.c b/src/detect-base64-decode.c
-index 25fdf10..5ae38c5 100644
---- a/src/detect-base64-decode.c
-+++ b/src/detect-base64-decode.c
-@@ -28,7 +28,7 @@
- #define BASE64_DECODE_MAX 65535
- 
- typedef struct DetectBase64Decode_ {
--    uint32_t bytes;
-+    uint16_t bytes;
-     uint32_t offset;
-     uint8_t relative;
- } DetectBase64Decode;
-@@ -111,8 +111,8 @@ int DetectBase64DecodeDoMatch(DetectEngineThreadCtx *det_ctx, const Signature *s
-     return det_ctx->base64_decoded_len > 0;
- }
- 
--static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
--    uint32_t *offset, uint8_t *relative)
-+static int DetectBase64DecodeParse(
-+        const char *str, uint16_t *bytes, uint32_t *offset, uint8_t *relative)
- {
-     const char *bytes_str = NULL;
-     const char *offset_str = NULL;
-@@ -132,7 +132,7 @@ static int DetectBase64DecodeParse(const char *str, uint32_t *bytes,
- 
-     if (pcre_rc >= 3) {
-         if (pcre2_substring_get_bynumber(match, 2, (PCRE2_UCHAR8 **)&bytes_str, &pcre2_len) == 0) {
--            if (StringParseUint32(bytes, 10, 0, bytes_str) <= 0) {
-+            if (StringParseUint16(bytes, 10, 0, bytes_str) <= 0) {
-                 SCLogError("Bad value for bytes: \"%s\"", bytes_str);
-                 goto error;
-             }
-@@ -186,7 +186,7 @@ error:
- static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s,
-     const char *str)
- {
--    uint32_t bytes = 0;
-+    uint16_t bytes = 0;
-     uint32_t offset = 0;
-     uint8_t relative = 0;
-     DetectBase64Decode *data = NULL;
-@@ -238,9 +238,6 @@ static int DetectBase64DecodeSetup(DetectEngineCtx *de_ctx, Signature *s,
-         data->bytes = BASE64_DECODE_MAX;
-     }
-     if (data->bytes > de_ctx->base64_decode_max_len) {
--#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
--        data->bytes = BASE64_DECODE_MAX;
--#endif
-         de_ctx->base64_decode_max_len = data->bytes;
-     }
- 
-@@ -272,7 +269,7 @@ static int g_http_header_buffer_id = 0;
- static int DetectBase64TestDecodeParse(void)
- {
-     int retval = 0;
--    uint32_t bytes = 0;
-+    uint16_t bytes = 0;
-     uint32_t offset = 0;
-     uint8_t relative = 0;
- 
-diff --git a/src/detect.h b/src/detect.h
-index 2760dda..fd938a1 100644
---- a/src/detect.h
-+++ b/src/detect.h
-@@ -910,7 +910,7 @@ typedef struct DetectEngineCtx_ {
-     struct SigGroupHead_ *decoder_event_sgh;
- 
-     /* Maximum size of the buffer for decoded base64 data. */
--    uint32_t base64_decode_max_len;
-+    uint16_t base64_decode_max_len;
- 
-     /** Store rule file and line so that parsers can use them in errors. */
-     int rule_line;
--- 
-2.49.0
-
diff --git a/recipes-ids/suricata/files/CVE-2025-29918.patch b/recipes-ids/suricata/files/CVE-2025-29918.patch
deleted file mode 100644
index da9d680..0000000
--- a/recipes-ids/suricata/files/CVE-2025-29918.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <pantoine@oisf.net>
-Date: Tue, 28 Jan 2025 15:02:45 +0100
-Subject: [PATCH] detect/pcre: avoid infinite loop after negated pcre
-
-Ticket: 7526
-
-The usage of negated pcre, followed by other relative payload
-content keywords could lead to an infinite loop.
-
-This is because regular (not negated) pcre can test multiple
-occurences, but negated pcre should be tried only once.
-
-(cherry picked from commit b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b)
-
-Upstream-Status: Backport [https://github.com/OISF/suricata/commit/f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6]
-CVE: CVE-2025-29918
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- src/detect-engine-content-inspection.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
-index 77ebb3f..2a789c9 100644
---- a/src/detect-engine-content-inspection.c
-+++ b/src/detect-engine-content-inspection.c
-@@ -450,7 +450,6 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
-             if (r == 0) {
-                 goto no_match;
-             }
--
-             if (!(pe->flags & DETECT_PCRE_RELATIVE_NEXT)) {
-                 SCLogDebug("no relative match coming up, so this is a match");
-                 goto match;
-@@ -473,6 +472,11 @@ uint8_t DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThrea
-             if (det_ctx->discontinue_matching)
-                 goto no_match;
- 
-+            if (prev_offset == 0) {
-+                // This happens for negated PCRE
-+                // We do not search for another occurrence of this pcre
-+                SCReturnInt(0);
-+            }
-             det_ctx->buffer_offset = prev_buffer_offset;
-             det_ctx->pcre_match_start_offset = prev_offset;
-         } while (1);
--- 
-2.49.0
-
diff --git a/recipes-ids/suricata/files/CVE-2025-53537-001.patch b/recipes-ids/suricata/files/CVE-2025-53537-001.patch
deleted file mode 100644
index e16a59a..0000000
--- a/recipes-ids/suricata/files/CVE-2025-53537-001.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 226580d502ae98c148aaecc4846f78694b5e253c Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <contact@catenacyber.fr>
-Date: Tue, 11 Mar 2025 16:45:35 +0100
-Subject: [PATCH] decompressors: do not take data after end
-
-
-CVE: CVE-2025-53537
-Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- htp/htp_core.h          |  5 ++++-
- htp/htp_decompressors.c | 21 ++++++++++++---------
- 2 files changed, 16 insertions(+), 10 deletions(-)
-
-diff --git a/htp/htp_core.h b/htp/htp_core.h
-index 7c23212..fb142c9 100644
---- a/htp/htp_core.h
-+++ b/htp/htp_core.h
-@@ -161,7 +161,10 @@ enum htp_content_encoding_t {
-     HTP_COMPRESSION_DEFLATE = 3,
- 
-     /** LZMA compression. */
--    HTP_COMPRESSION_LZMA = 4
-+    HTP_COMPRESSION_LZMA = 4,
-+
-+    /** No more data. */
-+    HTP_COMPRESSION_OVER = 5
- };
- 
- /**
-diff --git a/htp/htp_decompressors.c b/htp/htp_decompressors.c
-index 19950df..0d94c30 100644
---- a/htp/htp_decompressors.c
-+++ b/htp/htp_decompressors.c
-@@ -203,6 +203,8 @@ htp_status_t htp_gzip_decompressor_decompress(htp_decompressor_t *drec1, htp_tx_
-         }
- 
-         return HTP_OK;
-+    } else if (drec->zlib_initialized == HTP_COMPRESSION_OVER) {
-+        return HTP_ERROR;
-     }
- 
-     if (d->data == NULL) {
-@@ -316,15 +318,9 @@ restart:
-             // no initialization means previous error on stream
-             return HTP_ERROR;
-         }
--        if (GZIP_BUF_SIZE > drec->stream.avail_out) {
--            if (rc == Z_DATA_ERROR) {
--                // There is data even if there is an error
--                // So use this data and log a warning
--                htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
--                rc = Z_STREAM_END;
--            }
--        }
--        if (rc == Z_STREAM_END) {
-+
-+	int error_after_data = (rc == Z_DATA_ERROR && drec->restart == 0 && GZIP_BUF_SIZE > drec->stream.avail_out);
-+        if (rc == Z_STREAM_END || error_after_data) {
-             // How many bytes do we have?
-             size_t len = GZIP_BUF_SIZE - drec->stream.avail_out;
- 
-@@ -351,6 +347,13 @@ restart:
-             drec->stream.next_out = drec->buffer;
-             // TODO Handle trailer.
- 
-+            if (error_after_data) {
-+                // There is data even if there is an error
-+                // So use this data and log a warning
-+                htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
-+                drec->zlib_initialized = HTP_COMPRESSION_OVER;
-+                return HTP_ERROR;
-+            }
-             return HTP_OK;
-         }
-         else if (rc != Z_OK) {
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/CVE-2025-53537-002.patch b/recipes-ids/suricata/files/CVE-2025-53537-002.patch
deleted file mode 100644
index ff4f1a0..0000000
--- a/recipes-ids/suricata/files/CVE-2025-53537-002.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7 Mon Sep 17 00:00:00 2001
-From: Philippe Antoine <contact@catenacyber.fr>
-Date: Tue, 17 Jun 2025 10:12:47 +0200
-Subject: [PATCH] decompressors: fix leak in lzma error case
-
-Ticket: 7766
-
-CVE: CVE-2025-53537
-Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7]
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- htp/htp_decompressors.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/htp/htp_decompressors.c b/htp/htp_decompressors.c
-index 0d94c30..ce6cfe1 100644
---- a/htp/htp_decompressors.c
-+++ b/htp/htp_decompressors.c
-@@ -351,6 +351,9 @@ restart:
-                 // There is data even if there is an error
-                 // So use this data and log a warning
-                 htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
-+                if (drec->zlib_initialized == HTP_COMPRESSION_LZMA) {
-+                    LzmaDec_Free(&drec->state, &lzma_Alloc);
-+                }
-                 drec->zlib_initialized = HTP_COMPRESSION_OVER;
-                 return HTP_ERROR;
-             }
--- 
-2.50.1
-
diff --git a/recipes-ids/suricata/files/fixup.patch b/recipes-ids/suricata/files/fixup.patch
deleted file mode 100644
index 0b2ae7c..0000000
--- a/recipes-ids/suricata/files/fixup.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Skip pkg Makefile from using its own rust steps
-
-Upstream-Status: Inappropriate [OE Specific]
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: suricata-7.0.0/Makefile.in
-===================================================================
---- suricata-7.0.0.orig/Makefile.in
-+++ suricata-7.0.0/Makefile.in
-@@ -424,7 +424,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE s
- 	     acsite.m4 \
- 	     scripts/generate-images.sh
- 
--SUBDIRS = $(HTP_DIR) rust src qa rules doc contrib etc python ebpf \
-+SUBDIRS = $(HTP_DIR) src qa rules doc contrib etc python ebpf \
-           $(SURICATA_UPDATE_DIR)
- 
- CLEANFILES = stamp-h[0-9]*
-Index: suricata-7.0.0/Makefile.am
-===================================================================
---- suricata-7.0.0.orig/Makefile.am
-+++ suricata-7.0.0/Makefile.am
-@@ -8,7 +8,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE s
- 	     lua \
- 	     acsite.m4 \
- 	     scripts/generate-images.sh
--SUBDIRS = $(HTP_DIR) rust src qa rules doc contrib etc python ebpf \
-+SUBDIRS = $(HTP_DIR) src qa rules doc contrib etc python ebpf \
-           $(SURICATA_UPDATE_DIR)
- 
- CLEANFILES = stamp-h[0-9]*
diff --git a/recipes-ids/suricata/libhtp_0.5.45.bb b/recipes-ids/suricata/libhtp_0.5.52.bb
similarity index 72%
rename from recipes-ids/suricata/libhtp_0.5.45.bb
rename to recipes-ids/suricata/libhtp_0.5.52.bb
index b87db35..d849e8f 100644
--- a/recipes-ids/suricata/libhtp_0.5.45.bb
+++ b/recipes-ids/suricata/libhtp_0.5.52.bb
@@ -4,12 +4,8 @@ require suricata.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843"
 
-SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x \
-           file://CVE-2024-45797.patch \
-           file://CVE-2025-53537-001.patch \
-           file://CVE-2025-53537-002.patch \
-          "
-SRCREV = "8bdfe7b9d04e5e948c8fbaa7472e14d884cc00af"
+SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x"
+SRCREV = "314ca7360e141a1e40be58707b3abeefe32258c9"
 
 DEPENDS = "zlib"
 
diff --git a/recipes-ids/suricata/suricata-crates.inc b/recipes-ids/suricata/suricata-crates.inc
index 386d8d1..0755302 100644
--- a/recipes-ids/suricata/suricata-crates.inc
+++ b/recipes-ids/suricata/suricata-crates.inc
@@ -1,128 +1,547 @@
 # Autogenerated with 'bitbake -c update_crates suricata'
 
 # from rust/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/adler/1.0.2 \
-    crate://crates.io/aead/0.4.3 \
-    crate://crates.io/aes/0.7.5 \
-    crate://crates.io/aes-gcm/0.9.4 \
-    crate://crates.io/aho-corasick/0.7.20 \
-    crate://crates.io/alloc-no-stdlib/2.0.4 \
-    crate://crates.io/alloc-stdlib/0.2.2 \
-    crate://crates.io/asn1-rs/0.5.2 \
-    crate://crates.io/asn1-rs-derive/0.4.0 \
-    crate://crates.io/asn1-rs-impl/0.1.0 \
-    crate://crates.io/autocfg/1.1.0 \
-    crate://crates.io/base64/0.13.1 \
-    crate://crates.io/bendy/0.3.3 \
-    crate://crates.io/bitflags/1.2.1 \
-    crate://crates.io/block-buffer/0.10.4 \
-    crate://crates.io/brotli/3.3.4 \
-    crate://crates.io/brotli-decompressor/2.3.4 \
-    crate://crates.io/build_const/0.2.2 \
-    crate://crates.io/byteorder/1.4.3 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/cipher/0.3.0 \
-    crate://crates.io/cpufeatures/0.2.9 \
-    crate://crates.io/crc/1.8.1 \
-    crate://crates.io/crc32fast/1.3.2 \
-    crate://crates.io/crypto-common/0.1.6 \
-    crate://crates.io/ctr/0.8.0 \
-    crate://crates.io/data-encoding/2.4.0 \
-    crate://crates.io/der-oid-macro/0.5.0 \
-    crate://crates.io/der-parser/6.0.1 \
-    crate://crates.io/der-parser/8.2.0 \
-    crate://crates.io/digest/0.10.7 \
-    crate://crates.io/displaydoc/0.2.4 \
-    crate://crates.io/enum_primitive/0.1.1 \
-    crate://crates.io/failure/0.1.8 \
-    crate://crates.io/failure_derive/0.1.8 \
-    crate://crates.io/flate2/1.0.26 \
-    crate://crates.io/generic-array/0.14.7 \
-    crate://crates.io/getrandom/0.2.10 \
-    crate://crates.io/ghash/0.4.4 \
-    crate://crates.io/hex/0.4.3 \
-    crate://crates.io/hkdf/0.12.3 \
-    crate://crates.io/hmac/0.12.1 \
-    crate://crates.io/ipsec-parser/0.7.0 \
-    crate://crates.io/itoa/1.0.8 \
-    crate://crates.io/kerberos-parser/0.7.1 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.147 \
-    crate://crates.io/lzma-rs/0.2.0 \
-    crate://crates.io/md-5/0.10.5 \
-    crate://crates.io/memchr/2.4.1 \
-    crate://crates.io/minimal-lexical/0.2.1 \
-    crate://crates.io/miniz_oxide/0.7.1 \
-    crate://crates.io/nom/7.1.3 \
-    crate://crates.io/nom-derive/0.10.1 \
-    crate://crates.io/nom-derive-impl/0.10.1 \
-    crate://crates.io/ntp-parser/0.6.0 \
-    crate://crates.io/num/0.2.1 \
-    crate://crates.io/num-bigint/0.2.6 \
-    crate://crates.io/num-bigint/0.4.3 \
-    crate://crates.io/num-complex/0.2.4 \
-    crate://crates.io/num-derive/0.2.5 \
-    crate://crates.io/num-integer/0.1.45 \
-    crate://crates.io/num-iter/0.1.43 \
-    crate://crates.io/num-rational/0.2.4 \
-    crate://crates.io/num-traits/0.1.43 \
-    crate://crates.io/num-traits/0.2.15 \
-    crate://crates.io/num_enum/0.5.11 \
-    crate://crates.io/num_enum_derive/0.5.11 \
-    crate://crates.io/num_threads/0.1.6 \
-    crate://crates.io/oid-registry/0.6.1 \
-    crate://crates.io/opaque-debug/0.3.0 \
-    crate://crates.io/phf/0.10.1 \
-    crate://crates.io/phf_codegen/0.10.0 \
-    crate://crates.io/phf_generator/0.10.0 \
-    crate://crates.io/phf_shared/0.10.0 \
-    crate://crates.io/polyval/0.5.3 \
-    crate://crates.io/ppv-lite86/0.2.17 \
-    crate://crates.io/proc-macro-crate/1.1.0 \
-    crate://crates.io/proc-macro2/0.4.30 \
-    crate://crates.io/proc-macro2/1.0.64 \
-    crate://crates.io/quote/0.6.13 \
-    crate://crates.io/quote/1.0.29 \
-    crate://crates.io/rand/0.8.5 \
-    crate://crates.io/rand_chacha/0.3.1 \
-    crate://crates.io/rand_core/0.6.4 \
-    crate://crates.io/regex/1.5.6 \
-    crate://crates.io/regex-syntax/0.6.29 \
-    crate://crates.io/rusticata-macros/4.1.0 \
-    crate://crates.io/rustversion/1.0.13 \
-    crate://crates.io/sawp/0.12.1 \
-    crate://crates.io/sawp-flags/0.12.1 \
-    crate://crates.io/sawp-flags-derive/0.12.1 \
-    crate://crates.io/sawp-modbus/0.12.1 \
-    crate://crates.io/serde/1.0.171 \
-    crate://crates.io/sha1/0.10.5 \
-    crate://crates.io/sha2/0.10.7 \
-    crate://crates.io/siphasher/0.3.10 \
-    crate://crates.io/snmp-parser/0.9.0 \
-    crate://crates.io/subtle/2.4.1 \
-    crate://crates.io/syn/0.15.44 \
-    crate://crates.io/syn/1.0.109 \
-    crate://crates.io/syn/2.0.25 \
-    crate://crates.io/synstructure/0.12.6 \
-    crate://crates.io/test-case/1.1.0 \
-    crate://crates.io/thiserror/1.0.43 \
-    crate://crates.io/thiserror-impl/1.0.43 \
-    crate://crates.io/time/0.3.13 \
-    crate://crates.io/time-macros/0.2.4 \
-    crate://crates.io/tls-parser/0.11.0 \
-    crate://crates.io/toml/0.5.11 \
-    crate://crates.io/typenum/1.16.0 \
-    crate://crates.io/unicode-ident/1.0.10 \
-    crate://crates.io/unicode-xid/0.1.0 \
-    crate://crates.io/unicode-xid/0.2.4 \
-    crate://crates.io/universal-hash/0.4.1 \
-    crate://crates.io/uuid/0.8.2 \
-    crate://crates.io/version_check/0.9.4 \
-    crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \
-    crate://crates.io/widestring/0.4.3 \
-    crate://crates.io/x509-parser/0.15.0 \
-"
+SRC_URI += "crate://crates.io/adler/1.0.2 \
+           crate://crates.io/aead/0.4.3 \
+           crate://crates.io/aes/0.7.5 \
+           crate://crates.io/aes-gcm/0.9.4 \
+           crate://crates.io/aho-corasick/0.7.20 \
+           crate://crates.io/alloc-no-stdlib/2.0.4 \
+           crate://crates.io/alloc-stdlib/0.2.2 \
+           crate://crates.io/asn1-rs/0.5.2 \
+           crate://crates.io/asn1-rs-derive/0.4.0 \
+           crate://crates.io/asn1-rs-impl/0.1.0 \
+           crate://crates.io/autocfg/1.1.0 \
+           crate://crates.io/base64/0.13.1 \
+           crate://crates.io/bendy/0.3.3 \
+           crate://crates.io/bitflags/1.2.1 \
+           crate://crates.io/block-buffer/0.10.4 \
+           crate://crates.io/brotli/8.0.1 \
+           crate://crates.io/brotli-decompressor/5.0.0 \
+           crate://crates.io/build_const/0.2.2 \
+           crate://crates.io/byteorder/1.4.3 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/cipher/0.3.0 \
+           crate://crates.io/cpufeatures/0.2.11 \
+           crate://crates.io/crc/1.8.1 \
+           crate://crates.io/crc32fast/1.3.2 \
+           crate://crates.io/crypto-common/0.1.6 \
+           crate://crates.io/ctr/0.8.0 \
+           crate://crates.io/data-encoding/2.4.0 \
+           crate://crates.io/der-oid-macro/0.5.0 \
+           crate://crates.io/der-parser/6.0.1 \
+           crate://crates.io/der-parser/8.2.0 \
+           crate://crates.io/digest/0.10.7 \
+           crate://crates.io/displaydoc/0.2.4 \
+           crate://crates.io/enum_primitive/0.1.1 \
+           crate://crates.io/failure/0.1.8 \
+           crate://crates.io/failure_derive/0.1.8 \
+           crate://crates.io/flate2/1.0.28 \
+           crate://crates.io/generic-array/0.14.7 \
+           crate://crates.io/getrandom/0.2.11 \
+           crate://crates.io/ghash/0.4.4 \
+           crate://crates.io/hex/0.4.3 \
+           crate://crates.io/hkdf/0.12.3 \
+           crate://crates.io/hmac/0.12.1 \
+           crate://crates.io/ipsec-parser/0.7.0 \
+           crate://crates.io/itoa/1.0.9 \
+           crate://crates.io/kerberos-parser/0.7.1 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.150 \
+           crate://crates.io/lzma-rs/0.2.0 \
+           crate://crates.io/md-5/0.10.6 \
+           crate://crates.io/memchr/2.4.1 \
+           crate://crates.io/minimal-lexical/0.2.1 \
+           crate://crates.io/miniz_oxide/0.7.1 \
+           crate://crates.io/nom/7.1.3 \
+           crate://crates.io/nom-derive/0.10.1 \
+           crate://crates.io/nom-derive-impl/0.10.1 \
+           crate://crates.io/ntp-parser/0.6.0 \
+           crate://crates.io/num/0.2.1 \
+           crate://crates.io/num-bigint/0.2.6 \
+           crate://crates.io/num-bigint/0.4.4 \
+           crate://crates.io/num-complex/0.2.4 \
+           crate://crates.io/num-derive/0.4.2 \
+           crate://crates.io/num-integer/0.1.45 \
+           crate://crates.io/num-iter/0.1.43 \
+           crate://crates.io/num-rational/0.2.4 \
+           crate://crates.io/num-traits/0.1.43 \
+           crate://crates.io/num-traits/0.2.17 \
+           crate://crates.io/num_enum/0.5.11 \
+           crate://crates.io/num_enum_derive/0.5.11 \
+           crate://crates.io/num_threads/0.1.6 \
+           crate://crates.io/oid-registry/0.6.1 \
+           crate://crates.io/opaque-debug/0.3.0 \
+           crate://crates.io/phf/0.10.1 \
+           crate://crates.io/phf_codegen/0.10.0 \
+           crate://crates.io/phf_generator/0.10.0 \
+           crate://crates.io/phf_shared/0.10.0 \
+           crate://crates.io/polyval/0.5.3 \
+           crate://crates.io/ppv-lite86/0.2.17 \
+           crate://crates.io/proc-macro-crate/1.1.0 \
+           crate://crates.io/proc-macro2/1.0.69 \
+           crate://crates.io/quote/1.0.33 \
+           crate://crates.io/rand/0.8.5 \
+           crate://crates.io/rand_chacha/0.3.1 \
+           crate://crates.io/rand_core/0.6.4 \
+           crate://crates.io/regex/1.5.6 \
+           crate://crates.io/regex-syntax/0.6.29 \
+           crate://crates.io/rusticata-macros/4.1.0 \
+           crate://crates.io/rustversion/1.0.14 \
+           crate://crates.io/sawp/0.12.1 \
+           crate://crates.io/sawp-flags/0.12.1 \
+           crate://crates.io/sawp-flags-derive/0.12.1 \
+           crate://crates.io/sawp-modbus/0.12.1 \
+           crate://crates.io/serde/1.0.192 \
+           crate://crates.io/serde_derive/1.0.192 \
+           crate://crates.io/sha1/0.10.6 \
+           crate://crates.io/sha2/0.10.8 \
+           crate://crates.io/siphasher/0.3.11 \
+           crate://crates.io/snmp-parser/0.9.0 \
+           crate://crates.io/subtle/2.4.1 \
+           crate://crates.io/syn/1.0.109 \
+           crate://crates.io/syn/2.0.39 \
+           crate://crates.io/synstructure/0.12.6 \
+           crate://crates.io/test-case/1.1.0 \
+           crate://crates.io/thiserror/1.0.50 \
+           crate://crates.io/thiserror-impl/1.0.50 \
+           crate://crates.io/time/0.3.13 \
+           crate://crates.io/time-macros/0.2.4 \
+           crate://crates.io/tls-parser/0.11.0 \
+           crate://crates.io/toml/0.5.11 \
+           crate://crates.io/typenum/1.17.0 \
+           crate://crates.io/unicode-ident/1.0.12 \
+           crate://crates.io/unicode-xid/0.2.4 \
+           crate://crates.io/universal-hash/0.4.1 \
+           crate://crates.io/uuid/0.8.2 \
+           crate://crates.io/version_check/0.9.4 \
+           crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \
+           crate://crates.io/widestring/0.4.3 \
+           crate://crates.io/x509-parser/0.15.1 \
+           crate://crates.io/ansi_term/0.12.1 \
+           crate://crates.io/atty/0.2.14 \
+           crate://crates.io/autocfg/0.1.8 \
+           crate://crates.io/autocfg/1.1.0 \
+           crate://crates.io/bitflags/1.3.2 \
+           crate://crates.io/bstr/0.2.17 \
+           crate://crates.io/bumpalo/3.11.1 \
+           crate://crates.io/cast/0.2.7 \
+           crate://crates.io/cast/0.3.0 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/clap/2.34.0 \
+           crate://crates.io/cloudabi/0.0.3 \
+           crate://crates.io/criterion/0.3.2 \
+           crate://crates.io/criterion-plot/0.4.5 \
+           crate://crates.io/crossbeam-channel/0.5.6 \
+           crate://crates.io/crossbeam-deque/0.8.2 \
+           crate://crates.io/crossbeam-epoch/0.9.11 \
+           crate://crates.io/crossbeam-utils/0.8.12 \
+           crate://crates.io/csv/1.1.6 \
+           crate://crates.io/csv-core/0.1.10 \
+           crate://crates.io/either/1.8.0 \
+           crate://crates.io/fuchsia-cprng/0.1.1 \
+           crate://crates.io/heck/0.3.3 \
+           crate://crates.io/hermit-abi/0.1.19 \
+           crate://crates.io/itertools/0.9.0 \
+           crate://crates.io/itertools/0.10.5 \
+           crate://crates.io/itoa/0.4.8 \
+           crate://crates.io/itoa/1.0.4 \
+           crate://crates.io/js-sys/0.3.60 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.135 \
+           crate://crates.io/log/0.4.17 \
+           crate://crates.io/memchr/2.5.0 \
+           crate://crates.io/memoffset/0.6.5 \
+           crate://crates.io/num-traits/0.2.15 \
+           crate://crates.io/num_cpus/1.13.1 \
+           crate://crates.io/once_cell/1.15.0 \
+           crate://crates.io/oorandom/11.1.3 \
+           crate://crates.io/plotters/0.2.15 \
+           crate://crates.io/proc-macro-error/1.0.4 \
+           crate://crates.io/proc-macro-error-attr/1.0.4 \
+           crate://crates.io/proc-macro2/1.0.47 \
+           crate://crates.io/quote/1.0.21 \
+           crate://crates.io/rand/0.6.5 \
+           crate://crates.io/rand_chacha/0.1.1 \
+           crate://crates.io/rand_core/0.3.1 \
+           crate://crates.io/rand_core/0.4.2 \
+           crate://crates.io/rand_hc/0.1.0 \
+           crate://crates.io/rand_isaac/0.1.1 \
+           crate://crates.io/rand_jitter/0.1.4 \
+           crate://crates.io/rand_os/0.1.3 \
+           crate://crates.io/rand_pcg/0.1.2 \
+           crate://crates.io/rand_xorshift/0.1.1 \
+           crate://crates.io/rayon/1.5.3 \
+           crate://crates.io/rayon-core/1.9.3 \
+           crate://crates.io/rdrand/0.4.0 \
+           crate://crates.io/regex/1.6.0 \
+           crate://crates.io/regex-automata/0.1.10 \
+           crate://crates.io/regex-syntax/0.6.27 \
+           crate://crates.io/rustc_version/0.4.0 \
+           crate://crates.io/ryu/1.0.11 \
+           crate://crates.io/same-file/1.0.6 \
+           crate://crates.io/scopeguard/1.1.0 \
+           crate://crates.io/semver/1.0.14 \
+           crate://crates.io/serde/1.0.146 \
+           crate://crates.io/serde_derive/1.0.146 \
+           crate://crates.io/serde_json/1.0.87 \
+           crate://crates.io/strsim/0.8.0 \
+           crate://crates.io/structopt/0.3.26 \
+           crate://crates.io/structopt-derive/0.4.18 \
+           crate://crates.io/syn/1.0.103 \
+           crate://crates.io/textwrap/0.11.0 \
+           crate://crates.io/tinytemplate/1.2.1 \
+           crate://crates.io/unicode-ident/1.0.5 \
+           crate://crates.io/unicode-segmentation/1.10.0 \
+           crate://crates.io/unicode-width/0.1.10 \
+           crate://crates.io/vec_map/0.8.2 \
+           crate://crates.io/version_check/0.9.4 \
+           crate://crates.io/walkdir/2.3.2 \
+           crate://crates.io/wasm-bindgen/0.2.83 \
+           crate://crates.io/wasm-bindgen-backend/0.2.83 \
+           crate://crates.io/wasm-bindgen-macro/0.2.83 \
+           crate://crates.io/wasm-bindgen-macro-support/0.2.83 \
+           crate://crates.io/wasm-bindgen-shared/0.2.83 \
+           crate://crates.io/web-sys/0.3.60 \
+           crate://crates.io/winapi/0.3.9 \
+           crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+           crate://crates.io/winapi-util/0.1.5 \
+           crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+           crate://crates.io/backtrace/0.3.46 \
+           crate://crates.io/backtrace-sys/0.1.37 \
+           crate://crates.io/cc/1.0.52 \
+           crate://crates.io/cfg-if/0.1.10 \
+           crate://crates.io/failure_derive/0.1.7 \
+           crate://crates.io/libc/0.2.69 \
+           crate://crates.io/proc-macro2/1.0.12 \
+           crate://crates.io/quote/1.0.4 \
+           crate://crates.io/rustc-demangle/0.1.16 \
+           crate://crates.io/syn/1.0.18 \
+           crate://crates.io/synstructure/0.12.3 \
+           crate://crates.io/unicode-xid/0.2.0 \
+           crate://crates.io/autocfg/1.1.0 \
+           crate://crates.io/hashbrown/0.12.3 \
+           crate://crates.io/indexmap/1.9.2 \
+           crate://crates.io/itoa/1.0.5 \
+           crate://crates.io/proc-macro2/1.0.50 \
+           crate://crates.io/quote/1.0.23 \
+           crate://crates.io/ryu/1.0.12 \
+           crate://crates.io/serde/1.0.152 \
+           crate://crates.io/serde_derive/1.0.152 \
+           crate://crates.io/serde_json/1.0.91 \
+           crate://crates.io/syn/1.0.107 \
+           crate://crates.io/unicode-ident/1.0.6 \
+           crate://crates.io/autocfg/1.0.1 \
+           crate://crates.io/bit-set/0.5.2 \
+           crate://crates.io/bit-vec/0.6.3 \
+           crate://crates.io/bitflags/1.3.2 \
+           crate://crates.io/byteorder/1.4.3 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/doc-comment/0.3.3 \
+           crate://crates.io/fnv/1.0.7 \
+           crate://crates.io/getrandom/0.2.3 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.106 \
+           crate://crates.io/memchr/2.4.1 \
+           crate://crates.io/minimal-lexical/0.2.1 \
+           crate://crates.io/num-traits/0.2.14 \
+           crate://crates.io/ppv-lite86/0.2.15 \
+           crate://crates.io/proptest/1.0.0 \
+           crate://crates.io/quick-error/1.2.3 \
+           crate://crates.io/quick-error/2.0.1 \
+           crate://crates.io/rand/0.8.4 \
+           crate://crates.io/rand_chacha/0.3.1 \
+           crate://crates.io/rand_core/0.6.3 \
+           crate://crates.io/rand_hc/0.3.1 \
+           crate://crates.io/rand_xorshift/0.3.0 \
+           crate://crates.io/redox_syscall/0.2.10 \
+           crate://crates.io/regex-syntax/0.6.25 \
+           crate://crates.io/remove_dir_all/0.5.3 \
+           crate://crates.io/rusty-fork/0.3.0 \
+           crate://crates.io/tempfile/3.2.0 \
+           crate://crates.io/wait-timeout/0.2.0 \
+           crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+           crate://crates.io/winapi/0.3.9 \
+           crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+           crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+           crate://crates.io/alloc-no-stdlib/2.0.4 \
+           crate://crates.io/alloc-stdlib/0.2.2 \
+           crate://crates.io/ansi_term/0.11.0 \
+           crate://crates.io/basic-toml/0.1.2 \
+           crate://crates.io/ctor/0.1.26 \
+           crate://crates.io/difference/2.0.0 \
+           crate://crates.io/glob/0.3.1 \
+           crate://crates.io/itoa/1.0.6 \
+           crate://crates.io/libc/0.2.142 \
+           crate://crates.io/once_cell/1.17.1 \
+           crate://crates.io/output_vt100/0.1.3 \
+           crate://crates.io/pretty_assertions/0.6.1 \
+           crate://crates.io/proc-macro2/1.0.56 \
+           crate://crates.io/quote/1.0.26 \
+           crate://crates.io/rustversion/1.0.12 \
+           crate://crates.io/ryu/1.0.13 \
+           crate://crates.io/serde/1.0.160 \
+           crate://crates.io/serde_derive/1.0.160 \
+           crate://crates.io/serde_json/1.0.96 \
+           crate://crates.io/static_assertions/1.1.0 \
+           crate://crates.io/syn/1.0.109 \
+           crate://crates.io/syn/2.0.15 \
+           crate://crates.io/termcolor/1.2.0 \
+           crate://crates.io/thiserror/1.0.40 \
+           crate://crates.io/thiserror-impl/1.0.40 \
+           crate://crates.io/trybuild/1.0.80 \
+           crate://crates.io/unicode-ident/1.0.8 \
+           crate://crates.io/winapi/0.3.9 \
+           crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+           crate://crates.io/winapi-util/0.1.5 \
+           crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+           crate://crates.io/asn1-rs/0.5.1 \
+           crate://crates.io/asn1-rs-derive/0.4.0 \
+           crate://crates.io/asn1-rs-impl/0.1.0 \
+           crate://crates.io/atty/0.2.14 \
+           crate://crates.io/autocfg/1.1.0 \
+           crate://crates.io/base64/0.13.1 \
+           crate://crates.io/basic-toml/0.1.2 \
+           crate://crates.io/bitvec/1.0.1 \
+           crate://crates.io/colored/2.0.0 \
+           crate://crates.io/cookie-factory/0.3.2 \
+           crate://crates.io/displaydoc/0.2.3 \
+           crate://crates.io/funty/2.0.0 \
+           crate://crates.io/glob/0.3.1 \
+           crate://crates.io/hermit-abi/0.1.19 \
+           crate://crates.io/hex-literal/0.3.4 \
+           crate://crates.io/itoa/1.0.6 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.139 \
+           crate://crates.io/memchr/2.5.0 \
+           crate://crates.io/minimal-lexical/0.2.1 \
+           crate://crates.io/nom/7.1.3 \
+           crate://crates.io/num-bigint/0.4.3 \
+           crate://crates.io/num-integer/0.1.45 \
+           crate://crates.io/num-traits/0.2.15 \
+           crate://crates.io/oid-registry/0.6.1 \
+           crate://crates.io/once_cell/1.17.1 \
+           crate://crates.io/pem/1.1.1 \
+           crate://crates.io/proc-macro2/1.0.51 \
+           crate://crates.io/quote/1.0.23 \
+           crate://crates.io/radium/0.7.0 \
+           crate://crates.io/rusticata-macros/4.1.0 \
+           crate://crates.io/ryu/1.0.13 \
+           crate://crates.io/serde/1.0.152 \
+           crate://crates.io/serde_derive/1.0.152 \
+           crate://crates.io/serde_json/1.0.94 \
+           crate://crates.io/syn/1.0.109 \
+           crate://crates.io/synstructure/0.12.6 \
+           crate://crates.io/tap/1.0.1 \
+           crate://crates.io/termcolor/1.2.0 \
+           crate://crates.io/thiserror/1.0.39 \
+           crate://crates.io/thiserror-impl/1.0.39 \
+           crate://crates.io/time/0.3.20 \
+           crate://crates.io/time-core/0.1.0 \
+           crate://crates.io/time-macros/0.2.8 \
+           crate://crates.io/trybuild/1.0.79 \
+           crate://crates.io/unicode-ident/1.0.8 \
+           crate://crates.io/unicode-xid/0.2.4 \
+           crate://crates.io/winapi/0.3.9 \
+           crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+           crate://crates.io/winapi-util/0.1.5 \
+           crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+           crate://crates.io/wyz/0.5.1 \
+           crate://crates.io/alloc-no-stdlib/2.0.4 \
+           crate://crates.io/alloc-stdlib/0.2.2 \
+           crate://crates.io/block-buffer/0.10.4 \
+           crate://crates.io/brotli-decompressor/5.0.0 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/cpufeatures/0.2.17 \
+           crate://crates.io/crypto-common/0.1.6 \
+           crate://crates.io/digest/0.10.7 \
+           crate://crates.io/generic-array/0.14.7 \
+           crate://crates.io/libc/0.2.172 \
+           crate://crates.io/sha2/0.10.9 \
+           crate://crates.io/typenum/1.18.0 \
+           crate://crates.io/version_check/0.9.5 \
+           crate://crates.io/atty/0.2.14 \
+           crate://crates.io/autocfg/1.0.1 \
+           crate://crates.io/bitflags/1.2.1 \
+           crate://crates.io/bstr/0.2.16 \
+           crate://crates.io/bumpalo/3.7.0 \
+           crate://crates.io/cast/0.2.7 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/clap/2.33.3 \
+           crate://crates.io/criterion/0.3.4 \
+           crate://crates.io/criterion-plot/0.4.4 \
+           crate://crates.io/crossbeam-channel/0.5.1 \
+           crate://crates.io/crossbeam-deque/0.8.1 \
+           crate://crates.io/crossbeam-epoch/0.9.5 \
+           crate://crates.io/crossbeam-utils/0.8.5 \
+           crate://crates.io/csv/1.1.6 \
+           crate://crates.io/csv-core/0.1.10 \
+           crate://crates.io/either/1.6.1 \
+           crate://crates.io/getrandom/0.2.3 \
+           crate://crates.io/half/1.7.1 \
+           crate://crates.io/hermit-abi/0.1.19 \
+           crate://crates.io/itertools/0.10.1 \
+           crate://crates.io/itoa/0.4.7 \
+           crate://crates.io/js-sys/0.3.52 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.99 \
+           crate://crates.io/log/0.4.14 \
+           crate://crates.io/memchr/2.4.0 \
+           crate://crates.io/memoffset/0.6.4 \
+           crate://crates.io/num-traits/0.2.14 \
+           crate://crates.io/num_cpus/1.13.0 \
+           crate://crates.io/oorandom/11.1.3 \
+           crate://crates.io/phf_shared/0.10.0 \
+           crate://crates.io/plotters/0.3.1 \
+           crate://crates.io/plotters-backend/0.3.2 \
+           crate://crates.io/plotters-svg/0.3.1 \
+           crate://crates.io/ppv-lite86/0.2.10 \
+           crate://crates.io/proc-macro2/1.0.28 \
+           crate://crates.io/quote/1.0.9 \
+           crate://crates.io/rand/0.8.4 \
+           crate://crates.io/rand_chacha/0.3.1 \
+           crate://crates.io/rand_core/0.6.3 \
+           crate://crates.io/rand_hc/0.3.1 \
+           crate://crates.io/rayon/1.5.1 \
+           crate://crates.io/rayon-core/1.9.1 \
+           crate://crates.io/regex/1.5.4 \
+           crate://crates.io/regex-automata/0.1.10 \
+           crate://crates.io/regex-syntax/0.6.25 \
+           crate://crates.io/rustc_version/0.4.0 \
+           crate://crates.io/ryu/1.0.5 \
+           crate://crates.io/same-file/1.0.6 \
+           crate://crates.io/scopeguard/1.1.0 \
+           crate://crates.io/semver/1.0.4 \
+           crate://crates.io/serde/1.0.127 \
+           crate://crates.io/serde_cbor/0.11.1 \
+           crate://crates.io/serde_derive/1.0.127 \
+           crate://crates.io/serde_json/1.0.66 \
+           crate://crates.io/siphasher/0.3.6 \
+           crate://crates.io/syn/1.0.74 \
+           crate://crates.io/textwrap/0.11.0 \
+           crate://crates.io/tinytemplate/1.2.1 \
+           crate://crates.io/unicode-width/0.1.8 \
+           crate://crates.io/unicode-xid/0.2.2 \
+           crate://crates.io/walkdir/2.3.2 \
+           crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+           crate://crates.io/wasm-bindgen/0.2.75 \
+           crate://crates.io/wasm-bindgen-backend/0.2.75 \
+           crate://crates.io/wasm-bindgen-macro/0.2.75 \
+           crate://crates.io/wasm-bindgen-macro-support/0.2.75 \
+           crate://crates.io/wasm-bindgen-shared/0.2.75 \
+           crate://crates.io/web-sys/0.3.52 \
+           crate://crates.io/winapi/0.3.9 \
+           crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+           crate://crates.io/winapi-util/0.1.5 \
+           crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+           crate://crates.io/alloc-no-stdlib/2.0.4 \
+           crate://crates.io/asn1-rs/0.5.2 \
+           crate://crates.io/asn1-rs-derive/0.4.0 \
+           crate://crates.io/asn1-rs-impl/0.1.0 \
+           crate://crates.io/autocfg/1.1.0 \
+           crate://crates.io/bumpalo/3.13.0 \
+           crate://crates.io/cc/1.0.81 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/data-encoding/2.4.0 \
+           crate://crates.io/der-parser/8.2.0 \
+           crate://crates.io/deranged/0.3.7 \
+           crate://crates.io/displaydoc/0.2.4 \
+           crate://crates.io/itoa/1.0.9 \
+           crate://crates.io/js-sys/0.3.64 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.147 \
+           crate://crates.io/log/0.4.19 \
+           crate://crates.io/memchr/2.5.0 \
+           crate://crates.io/minimal-lexical/0.2.1 \
+           crate://crates.io/nom/7.1.3 \
+           crate://crates.io/num-bigint/0.4.3 \
+           crate://crates.io/num-integer/0.1.45 \
+           crate://crates.io/num-traits/0.2.16 \
+           crate://crates.io/oid-registry/0.6.1 \
+           crate://crates.io/once_cell/1.18.0 \
+           crate://crates.io/proc-macro2/1.0.66 \
+           crate://crates.io/quote/1.0.32 \
+           crate://crates.io/ring/0.16.20 \
+           crate://crates.io/rusticata-macros/4.1.0 \
+           crate://crates.io/serde/1.0.180 \
+           crate://crates.io/spin/0.5.2 \
+           crate://crates.io/syn/1.0.109 \
+           crate://crates.io/syn/2.0.28 \
+           crate://crates.io/synstructure/0.12.6 \
+           crate://crates.io/thiserror/1.0.44 \
+           crate://crates.io/thiserror-impl/1.0.44 \
+           crate://crates.io/time/0.3.25 \
+           crate://crates.io/time-core/0.1.1 \
+           crate://crates.io/time-macros/0.2.11 \
+           crate://crates.io/unicode-ident/1.0.11 \
+           crate://crates.io/unicode-xid/0.2.4 \
+           crate://crates.io/untrusted/0.7.1 \
+           crate://crates.io/wasm-bindgen/0.2.87 \
+           crate://crates.io/wasm-bindgen-backend/0.2.87 \
+           crate://crates.io/wasm-bindgen-macro/0.2.87 \
+           crate://crates.io/wasm-bindgen-macro-support/0.2.87 \
+           crate://crates.io/wasm-bindgen-shared/0.2.87 \
+           crate://crates.io/web-sys/0.3.64 \
+           crate://crates.io/winapi/0.3.9 \
+           crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
+           crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
+           crate://crates.io/aho-corasick/0.7.18 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/getrandom/0.2.6 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.125 \
+           crate://crates.io/memchr/2.5.0 \
+           crate://crates.io/quickcheck/1.0.3 \
+           crate://crates.io/rand/0.8.5 \
+           crate://crates.io/rand_core/0.6.3 \
+           crate://crates.io/regex-syntax/0.6.26 \
+           crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
+           crate://crates.io/addr2line/0.14.0 \
+           crate://crates.io/adler/0.2.3 \
+           crate://crates.io/aho-corasick/0.7.15 \
+           crate://crates.io/autocfg/1.0.1 \
+           crate://crates.io/backtrace/0.3.54 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/failure/0.1.8 \
+           crate://crates.io/failure_derive/0.1.8 \
+           crate://crates.io/gimli/0.23.0 \
+           crate://crates.io/lazy_static/1.4.0 \
+           crate://crates.io/libc/0.2.80 \
+           crate://crates.io/memchr/2.3.4 \
+           crate://crates.io/miniz_oxide/0.4.3 \
+           crate://crates.io/object/0.22.0 \
+           crate://crates.io/proc-macro2/1.0.24 \
+           crate://crates.io/quote/1.0.7 \
+           crate://crates.io/regex/1.4.2 \
+           crate://crates.io/regex-syntax/0.6.21 \
+           crate://crates.io/rustc-demangle/0.1.18 \
+           crate://crates.io/serde/1.0.117 \
+           crate://crates.io/serde_bytes/0.11.5 \
+           crate://crates.io/serde_derive/1.0.117 \
+           crate://crates.io/syn/1.0.48 \
+           crate://crates.io/synstructure/0.12.4 \
+           crate://crates.io/thread_local/1.0.1 \
+           crate://crates.io/unicode-xid/0.2.1 \
+           crate://crates.io/adler/1.0.2 \
+           crate://crates.io/cc/1.0.79 \
+           crate://crates.io/cfg-if/1.0.0 \
+           crate://crates.io/cloudflare-zlib-sys/0.3.0 \
+           crate://crates.io/cmake/0.1.50 \
+           crate://crates.io/crc32fast/1.3.2 \
+           crate://crates.io/getrandom/0.2.9 \
+           crate://crates.io/libc/0.2.144 \
+           crate://crates.io/libz-ng-sys/1.1.10 \
+           crate://crates.io/libz-sys/1.1.10 \
+           crate://crates.io/miniz_oxide/0.7.1 \
+           crate://crates.io/pkg-config/0.3.27 \
+           crate://crates.io/ppv-lite86/0.2.17 \
+           crate://crates.io/quickcheck/1.0.3 \
+           crate://crates.io/rand/0.8.5 \
+           crate://crates.io/rand_chacha/0.3.1 \
+           crate://crates.io/rand_core/0.6.4 \
+           crate://crates.io/vcpkg/0.2.15 \
+           crate://crates.io/wasi/0.11.0+wasi-snapshot-preview1 \
+           "
 
 SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 SRC_URI[aead-0.4.3.sha256sum] = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877"
@@ -139,13 +558,13 @@ SRC_URI[base64-0.13.1.sha256sum] = "9e1b586273c5702936fe7b7d6896644d8be71e6314cf
 SRC_URI[bendy-0.3.3.sha256sum] = "8133e404c8bec821e531f347dab1247bf64f60882826e7228f8ffeb33a35a658"
 SRC_URI[bitflags-1.2.1.sha256sum] = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
 SRC_URI[block-buffer-0.10.4.sha256sum] = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
-SRC_URI[brotli-3.3.4.sha256sum] = "a1a0b1dbcc8ae29329621f8d4f0d835787c1c38bb1401979b49d13b0b305ff68"
-SRC_URI[brotli-decompressor-2.3.4.sha256sum] = "4b6561fd3f895a11e8f72af2cb7d22e08366bebc2b6b57f7744c4bda27034744"
+SRC_URI[brotli-8.0.1.sha256sum] = "9991eea70ea4f293524138648e41ee89b0b2b12ddef3b255effa43c8056e0e0d"
+SRC_URI[brotli-decompressor-5.0.0.sha256sum] = "874bb8112abecc98cbd6d81ea4fa7e94fb9449648c93cc89aa40c81c24d7de03"
 SRC_URI[build_const-0.2.2.sha256sum] = "b4ae4235e6dac0694637c763029ecea1a2ec9e4e06ec2729bd21ba4d9c863eb7"
 SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
 SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 SRC_URI[cipher-0.3.0.sha256sum] = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7"
-SRC_URI[cpufeatures-0.2.9.sha256sum] = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1"
+SRC_URI[cpufeatures-0.2.11.sha256sum] = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0"
 SRC_URI[crc-1.8.1.sha256sum] = "d663548de7f5cca343f1e0a48d14dcfb0e9eb4e079ec58883b7251539fa10aeb"
 SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
 SRC_URI[crypto-common-0.1.6.sha256sum] = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
@@ -159,20 +578,20 @@ SRC_URI[displaydoc-0.2.4.sha256sum] = "487585f4d0c6655fe74905e2504d8ad6908e4db67
 SRC_URI[enum_primitive-0.1.1.sha256sum] = "be4551092f4d519593039259a9ed8daedf0da12e5109c5280338073eaeb81180"
 SRC_URI[failure-0.1.8.sha256sum] = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86"
 SRC_URI[failure_derive-0.1.8.sha256sum] = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
-SRC_URI[flate2-1.0.26.sha256sum] = "3b9429470923de8e8cbd4d2dc513535400b4b3fef0319fb5c4e1f520a7bef743"
+SRC_URI[flate2-1.0.28.sha256sum] = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
 SRC_URI[generic-array-0.14.7.sha256sum] = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
-SRC_URI[getrandom-0.2.10.sha256sum] = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427"
+SRC_URI[getrandom-0.2.11.sha256sum] = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f"
 SRC_URI[ghash-0.4.4.sha256sum] = "1583cc1656d7839fd3732b80cf4f38850336cdb9b8ded1cd399ca62958de3c99"
 SRC_URI[hex-0.4.3.sha256sum] = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 SRC_URI[hkdf-0.12.3.sha256sum] = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437"
 SRC_URI[hmac-0.12.1.sha256sum] = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 SRC_URI[ipsec-parser-0.7.0.sha256sum] = "2cf8413e5de78bcbc51880ff71f4b64105719abe6efb8b4b877d3c7dc494ddd1"
-SRC_URI[itoa-1.0.8.sha256sum] = "62b02a5381cc465bd3041d84623d0fa3b66738b52b8e2fc3bab8ad63ab032f4a"
+SRC_URI[itoa-1.0.9.sha256sum] = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
 SRC_URI[kerberos-parser-0.7.1.sha256sum] = "c10e7cfd4759cbce37ea65e2f48caebd695c246196a38e97ba4f731da48996da"
 SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.147.sha256sum] = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"
+SRC_URI[libc-0.2.150.sha256sum] = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"
 SRC_URI[lzma-rs-0.2.0.sha256sum] = "aba8ecb0450dfabce4ad72085eed0a75dffe8f21f7ada05638564ea9db2d7fb1"
-SRC_URI[md-5-0.10.5.sha256sum] = "6365506850d44bff6e2fbcb5176cf63650e48bd45ef2fe2665ae1570e0f4b9ca"
+SRC_URI[md-5-0.10.6.sha256sum] = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
 SRC_URI[memchr-2.4.1.sha256sum] = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
 SRC_URI[minimal-lexical-0.2.1.sha256sum] = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 SRC_URI[miniz_oxide-0.7.1.sha256sum] = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
@@ -182,14 +601,14 @@ SRC_URI[nom-derive-impl-0.10.1.sha256sum] = "cd0b9a93a84b0d3ec3e70e02d332dc33ac6
 SRC_URI[ntp-parser-0.6.0.sha256sum] = "76084be9bf432d487336dd4e39b31ad93f94aecb14b81f08724f4a37b9abb7a5"
 SRC_URI[num-0.2.1.sha256sum] = "b8536030f9fea7127f841b45bb6243b27255787fb4eb83958aa1ef9d2fdc0c36"
 SRC_URI[num-bigint-0.2.6.sha256sum] = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304"
-SRC_URI[num-bigint-0.4.3.sha256sum] = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
+SRC_URI[num-bigint-0.4.4.sha256sum] = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0"
 SRC_URI[num-complex-0.2.4.sha256sum] = "b6b19411a9719e753aff12e5187b74d60d3dc449ec3f4dc21e3989c3f554bc95"
-SRC_URI[num-derive-0.2.5.sha256sum] = "eafd0b45c5537c3ba526f79d3e75120036502bebacbb3f3220914067ce39dbf2"
+SRC_URI[num-derive-0.4.2.sha256sum] = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202"
 SRC_URI[num-integer-0.1.45.sha256sum] = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
 SRC_URI[num-iter-0.1.43.sha256sum] = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
 SRC_URI[num-rational-0.2.4.sha256sum] = "5c000134b5dbf44adc5cb772486d335293351644b801551abe8f75c84cfa4aef"
 SRC_URI[num-traits-0.1.43.sha256sum] = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31"
-SRC_URI[num-traits-0.2.15.sha256sum] = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
+SRC_URI[num-traits-0.2.17.sha256sum] = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c"
 SRC_URI[num_enum-0.5.11.sha256sum] = "1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9"
 SRC_URI[num_enum_derive-0.5.11.sha256sum] = "dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799"
 SRC_URI[num_threads-0.1.6.sha256sum] = "2819ce041d2ee131036f4fc9d6ae7ae125a3a40e97ba64d04fe799ad9dabbb44"
@@ -202,140 +621,46 @@ SRC_URI[phf_shared-0.10.0.sha256sum] = "b6796ad771acdc0123d2a88dc428b5e38ef24456
 SRC_URI[polyval-0.5.3.sha256sum] = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1"
 SRC_URI[ppv-lite86-0.2.17.sha256sum] = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 SRC_URI[proc-macro-crate-1.1.0.sha256sum] = "1ebace6889caf889b4d3f76becee12e90353f2b8c7d875534a71e5742f8f6f83"
-SRC_URI[proc-macro2-0.4.30.sha256sum] = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759"
-SRC_URI[proc-macro2-1.0.64.sha256sum] = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da"
-SRC_URI[quote-0.6.13.sha256sum] = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1"
-SRC_URI[quote-1.0.29.sha256sum] = "573015e8ab27661678357f27dc26460738fd2b6c86e46f386fde94cb5d913105"
+SRC_URI[proc-macro2-1.0.69.sha256sum] = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da"
+SRC_URI[quote-1.0.33.sha256sum] = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae"
 SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 SRC_URI[rand_chacha-0.3.1.sha256sum] = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 SRC_URI[rand_core-0.6.4.sha256sum] = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
 SRC_URI[regex-1.5.6.sha256sum] = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1"
 SRC_URI[regex-syntax-0.6.29.sha256sum] = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
 SRC_URI[rusticata-macros-4.1.0.sha256sum] = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
-SRC_URI[rustversion-1.0.13.sha256sum] = "dc31bd9b61a32c31f9650d18add92aa83a49ba979c143eefd27fe7177b05bd5f"
+SRC_URI[rustversion-1.0.14.sha256sum] = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4"
 SRC_URI[sawp-0.12.1.sha256sum] = "7e74f84d736420afcba72f689a494d275c97cf4775c3fe248f937e9d3bf83e30"
 SRC_URI[sawp-flags-0.12.1.sha256sum] = "1f2b22023d224b5314d51e53bfb2dbca53dc2cf90a4435aa4feb78172799dad0"
 SRC_URI[sawp-flags-derive-0.12.1.sha256sum] = "49a585d3c22887d23bb06dd602b8ce96c2a716e1fa89beec8bfb49e466f2d643"
 SRC_URI[sawp-modbus-0.12.1.sha256sum] = "2cbad9b003999a0f3016fb3603da113ff86f06279ccf6aacb577058168c0568d"
-SRC_URI[serde-1.0.171.sha256sum] = "30e27d1e4fd7659406c492fd6cfaf2066ba8773de45ca75e855590f856dc34a9"
-SRC_URI[sha1-0.10.5.sha256sum] = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3"
-SRC_URI[sha2-0.10.7.sha256sum] = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8"
-SRC_URI[siphasher-0.3.10.sha256sum] = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de"
+SRC_URI[serde-1.0.192.sha256sum] = "bca2a08484b285dcb282d0f67b26cadc0df8b19f8c12502c13d966bf9482f001"
+SRC_URI[serde_derive-1.0.192.sha256sum] = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1"
+SRC_URI[sha1-0.10.6.sha256sum] = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
+SRC_URI[sha2-0.10.8.sha256sum] = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
+SRC_URI[siphasher-0.3.11.sha256sum] = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d"
 SRC_URI[snmp-parser-0.9.0.sha256sum] = "773a26ad6742636f4259e7cc32262efb31feabd56bc34f0b2f28de9801aa24b3"
 SRC_URI[subtle-2.4.1.sha256sum] = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
-SRC_URI[syn-0.15.44.sha256sum] = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5"
 SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
-SRC_URI[syn-2.0.25.sha256sum] = "15e3fc8c0c74267e2df136e5e5fb656a464158aa57624053375eb9c8c6e25ae2"
+SRC_URI[syn-2.0.39.sha256sum] = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
 SRC_URI[synstructure-0.12.6.sha256sum] = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
 SRC_URI[test-case-1.1.0.sha256sum] = "956044ef122917dde830c19dec5f76d0670329fde4104836d62ebcb14f4865f1"
-SRC_URI[thiserror-1.0.43.sha256sum] = "a35fc5b8971143ca348fa6df4f024d4d55264f3468c71ad1c2f365b0a4d58c42"
-SRC_URI[thiserror-impl-1.0.43.sha256sum] = "463fe12d7993d3b327787537ce8dd4dfa058de32fc2b195ef3cde03dc4771e8f"
+SRC_URI[thiserror-1.0.50.sha256sum] = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2"
+SRC_URI[thiserror-impl-1.0.50.sha256sum] = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8"
 SRC_URI[time-0.3.13.sha256sum] = "db76ff9fa4b1458b3c7f077f3ff9887394058460d21e634355b273aaf11eea45"
 SRC_URI[time-macros-0.2.4.sha256sum] = "42657b1a6f4d817cda8e7a0ace261fe0cc946cf3a80314390b22cc61ae080792"
 SRC_URI[tls-parser-0.11.0.sha256sum] = "409206e2de64edbf7ea99a44ac31680daf9ef1a57895fb3c5bd738a903691be0"
 SRC_URI[toml-0.5.11.sha256sum] = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
-SRC_URI[typenum-1.16.0.sha256sum] = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
-SRC_URI[unicode-ident-1.0.10.sha256sum] = "22049a19f4a68748a168c0fc439f9516686aa045927ff767eca0a85101fb6e73"
-SRC_URI[unicode-xid-0.1.0.sha256sum] = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"
+SRC_URI[typenum-1.17.0.sha256sum] = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
+SRC_URI[unicode-ident-1.0.12.sha256sum] = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 SRC_URI[unicode-xid-0.2.4.sha256sum] = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
 SRC_URI[universal-hash-0.4.1.sha256sum] = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05"
 SRC_URI[uuid-0.8.2.sha256sum] = "bc5cf98d8186244414c848017f0e2676b3fcb46807f6668a97dfe67359a3c4b7"
 SRC_URI[version_check-0.9.4.sha256sum] = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
 SRC_URI[wasi-0.11.0+wasi-snapshot-preview1.sha256sum] = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 SRC_URI[widestring-0.4.3.sha256sum] = "c168940144dd21fd8046987c16a46a33d5fc84eec29ef9dcddc2ac9e31526b7c"
-SRC_URI[x509-parser-0.15.0.sha256sum] = "bab0c2f54ae1d92f4fcb99c0b7ccf0b1e3451cbd395e5f115ccbdbcb18d4f634"
+SRC_URI[x509-parser-0.15.1.sha256sum] = "7069fba5b66b9193bd2c5d3d4ff12b839118f6bcbef5328efafafb5395cf63da"
 # from rust/vendor/base64/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/ansi_term/0.12.1 \
-    crate://crates.io/atty/0.2.14 \
-    crate://crates.io/autocfg/0.1.8 \
-    crate://crates.io/autocfg/1.1.0 \
-    crate://crates.io/bitflags/1.3.2 \
-    crate://crates.io/bstr/0.2.17 \
-    crate://crates.io/bumpalo/3.11.1 \
-    crate://crates.io/cast/0.2.7 \
-    crate://crates.io/cast/0.3.0 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/clap/2.34.0 \
-    crate://crates.io/cloudabi/0.0.3 \
-    crate://crates.io/criterion/0.3.2 \
-    crate://crates.io/criterion-plot/0.4.5 \
-    crate://crates.io/crossbeam-channel/0.5.6 \
-    crate://crates.io/crossbeam-deque/0.8.2 \
-    crate://crates.io/crossbeam-epoch/0.9.11 \
-    crate://crates.io/crossbeam-utils/0.8.12 \
-    crate://crates.io/csv/1.1.6 \
-    crate://crates.io/csv-core/0.1.10 \
-    crate://crates.io/either/1.8.0 \
-    crate://crates.io/fuchsia-cprng/0.1.1 \
-    crate://crates.io/heck/0.3.3 \
-    crate://crates.io/hermit-abi/0.1.19 \
-    crate://crates.io/itertools/0.9.0 \
-    crate://crates.io/itertools/0.10.5 \
-    crate://crates.io/itoa/0.4.8 \
-    crate://crates.io/itoa/1.0.4 \
-    crate://crates.io/js-sys/0.3.60 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.135 \
-    crate://crates.io/log/0.4.17 \
-    crate://crates.io/memchr/2.5.0 \
-    crate://crates.io/memoffset/0.6.5 \
-    crate://crates.io/num-traits/0.2.15 \
-    crate://crates.io/num_cpus/1.13.1 \
-    crate://crates.io/once_cell/1.15.0 \
-    crate://crates.io/oorandom/11.1.3 \
-    crate://crates.io/plotters/0.2.15 \
-    crate://crates.io/proc-macro-error/1.0.4 \
-    crate://crates.io/proc-macro-error-attr/1.0.4 \
-    crate://crates.io/proc-macro2/1.0.47 \
-    crate://crates.io/quote/1.0.21 \
-    crate://crates.io/rand/0.6.5 \
-    crate://crates.io/rand_chacha/0.1.1 \
-    crate://crates.io/rand_core/0.3.1 \
-    crate://crates.io/rand_core/0.4.2 \
-    crate://crates.io/rand_hc/0.1.0 \
-    crate://crates.io/rand_isaac/0.1.1 \
-    crate://crates.io/rand_jitter/0.1.4 \
-    crate://crates.io/rand_os/0.1.3 \
-    crate://crates.io/rand_pcg/0.1.2 \
-    crate://crates.io/rand_xorshift/0.1.1 \
-    crate://crates.io/rayon/1.5.3 \
-    crate://crates.io/rayon-core/1.9.3 \
-    crate://crates.io/rdrand/0.4.0 \
-    crate://crates.io/regex/1.6.0 \
-    crate://crates.io/regex-automata/0.1.10 \
-    crate://crates.io/regex-syntax/0.6.27 \
-    crate://crates.io/rustc_version/0.4.0 \
-    crate://crates.io/ryu/1.0.11 \
-    crate://crates.io/same-file/1.0.6 \
-    crate://crates.io/scopeguard/1.1.0 \
-    crate://crates.io/semver/1.0.14 \
-    crate://crates.io/serde/1.0.146 \
-    crate://crates.io/serde_derive/1.0.146 \
-    crate://crates.io/serde_json/1.0.87 \
-    crate://crates.io/strsim/0.8.0 \
-    crate://crates.io/structopt/0.3.26 \
-    crate://crates.io/structopt-derive/0.4.18 \
-    crate://crates.io/syn/1.0.103 \
-    crate://crates.io/textwrap/0.11.0 \
-    crate://crates.io/tinytemplate/1.2.1 \
-    crate://crates.io/unicode-ident/1.0.5 \
-    crate://crates.io/unicode-segmentation/1.10.0 \
-    crate://crates.io/unicode-width/0.1.10 \
-    crate://crates.io/vec_map/0.8.2 \
-    crate://crates.io/version_check/0.9.4 \
-    crate://crates.io/walkdir/2.3.2 \
-    crate://crates.io/wasm-bindgen/0.2.83 \
-    crate://crates.io/wasm-bindgen-backend/0.2.83 \
-    crate://crates.io/wasm-bindgen-macro/0.2.83 \
-    crate://crates.io/wasm-bindgen-macro-support/0.2.83 \
-    crate://crates.io/wasm-bindgen-shared/0.2.83 \
-    crate://crates.io/web-sys/0.3.60 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-util/0.1.5 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-"
 
 SRC_URI[ansi_term-0.12.1.sha256sum] = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2"
 SRC_URI[atty-0.2.14.sha256sum] = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
@@ -426,38 +751,74 @@ SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761
 SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
 SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+# from rust/vendor/failure/Cargo.lock
+
+SRC_URI[backtrace-0.3.46.sha256sum] = "b1e692897359247cc6bb902933361652380af0f1b7651ae5c5013407f30e109e"
+SRC_URI[backtrace-sys-0.1.37.sha256sum] = "18fbebbe1c9d1f383a9cc7e8ccdb471b91c8d024ee9c2ca5b5346121fe8b4399"
+SRC_URI[cc-1.0.52.sha256sum] = "c3d87b23d6a92cd03af510a5ade527033f6aa6fa92161e2d5863a907d4c5e31d"
+SRC_URI[cfg-if-0.1.10.sha256sum] = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
+SRC_URI[failure_derive-0.1.7.sha256sum] = "030a733c8287d6213886dd487564ff5c8f6aae10278b3588ed177f9d18f8d231"
+SRC_URI[libc-0.2.69.sha256sum] = "99e85c08494b21a9054e7fe1374a732aeadaff3980b6990b94bfd3a70f690005"
+SRC_URI[proc-macro2-1.0.12.sha256sum] = "8872cf6f48eee44265156c111456a700ab3483686b3f96df4cf5481c89157319"
+SRC_URI[quote-1.0.4.sha256sum] = "4c1f4b0efa5fc5e8ceb705136bfee52cfdb6a4e3509f770b478cd6ed434232a7"
+SRC_URI[rustc-demangle-0.1.16.sha256sum] = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783"
+SRC_URI[syn-1.0.18.sha256sum] = "410a7488c0a728c7ceb4ad59b9567eb4053d02e8cc7f5c0e0eeeb39518369213"
+SRC_URI[synstructure-0.12.3.sha256sum] = "67656ea1dc1b41b1451851562ea232ec2e5a80242139f7e679ceccfb5d61f545"
+SRC_URI[unicode-xid-0.2.0.sha256sum] = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c"
+# from rust/vendor/toml/Cargo.lock
+
+SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
+SRC_URI[hashbrown-0.12.3.sha256sum] = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+SRC_URI[indexmap-1.9.2.sha256sum] = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
+SRC_URI[itoa-1.0.5.sha256sum] = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"
+SRC_URI[proc-macro2-1.0.50.sha256sum] = "6ef7d57beacfaf2d8aee5937dab7b7f28de3cb8b1828479bb5de2a7106f2bae2"
+SRC_URI[quote-1.0.23.sha256sum] = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
+SRC_URI[ryu-1.0.12.sha256sum] = "7b4b9743ed687d4b4bcedf9ff5eaa7398495ae14e61cba0a295704edbc7decde"
+SRC_URI[serde-1.0.152.sha256sum] = "bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb"
+SRC_URI[serde_derive-1.0.152.sha256sum] = "af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e"
+SRC_URI[serde_json-1.0.91.sha256sum] = "877c235533714907a8c2464236f5c4b2a17262ef1bd71f38f35ea592c8da6883"
+SRC_URI[syn-1.0.107.sha256sum] = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
+SRC_URI[unicode-ident-1.0.6.sha256sum] = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
+# from rust/vendor/nom/Cargo.lock
+
+SRC_URI[autocfg-1.0.1.sha256sum] = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
+SRC_URI[bit-set-0.5.2.sha256sum] = "6e11e16035ea35e4e5997b393eacbf6f63983188f7a2ad25bfb13465f5ad59de"
+SRC_URI[bit-vec-0.6.3.sha256sum] = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
+SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+SRC_URI[doc-comment-0.3.3.sha256sum] = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
+SRC_URI[fnv-1.0.7.sha256sum] = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+SRC_URI[getrandom-0.2.3.sha256sum] = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
+SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+SRC_URI[libc-0.2.106.sha256sum] = "a60553f9a9e039a333b4e9b20573b9e9b9c0bb3a11e201ccc48ef4283456d673"
+SRC_URI[memchr-2.4.1.sha256sum] = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
+SRC_URI[minimal-lexical-0.2.1.sha256sum] = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+SRC_URI[num-traits-0.2.14.sha256sum] = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
+SRC_URI[ppv-lite86-0.2.15.sha256sum] = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba"
+SRC_URI[proptest-1.0.0.sha256sum] = "1e0d9cc07f18492d879586c92b485def06bc850da3118075cd45d50e9c95b0e5"
+SRC_URI[quick-error-1.2.3.sha256sum] = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
+SRC_URI[quick-error-2.0.1.sha256sum] = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
+SRC_URI[rand-0.8.4.sha256sum] = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8"
+SRC_URI[rand_chacha-0.3.1.sha256sum] = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+SRC_URI[rand_core-0.6.3.sha256sum] = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
+SRC_URI[rand_hc-0.3.1.sha256sum] = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7"
+SRC_URI[rand_xorshift-0.3.0.sha256sum] = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f"
+SRC_URI[redox_syscall-0.2.10.sha256sum] = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff"
+SRC_URI[regex-syntax-0.6.25.sha256sum] = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
+SRC_URI[remove_dir_all-0.5.3.sha256sum] = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
+SRC_URI[rusty-fork-0.3.0.sha256sum] = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
+SRC_URI[tempfile-3.2.0.sha256sum] = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
+SRC_URI[wait-timeout-0.2.0.sha256sum] = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6"
+SRC_URI[wasi-0.10.2+wasi-snapshot-preview1.sha256sum] = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
+SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+# from rust/vendor/brotli-decompressor/Cargo.lock
+
+SRC_URI[alloc-no-stdlib-2.0.4.sha256sum] = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3"
+SRC_URI[alloc-stdlib-0.2.2.sha256sum] = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece"
 # from rust/vendor/displaydoc/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/ansi_term/0.11.0 \
-    crate://crates.io/basic-toml/0.1.2 \
-    crate://crates.io/ctor/0.1.26 \
-    crate://crates.io/difference/2.0.0 \
-    crate://crates.io/glob/0.3.1 \
-    crate://crates.io/itoa/1.0.6 \
-    crate://crates.io/libc/0.2.142 \
-    crate://crates.io/once_cell/1.17.1 \
-    crate://crates.io/output_vt100/0.1.3 \
-    crate://crates.io/pretty_assertions/0.6.1 \
-    crate://crates.io/proc-macro2/1.0.56 \
-    crate://crates.io/quote/1.0.26 \
-    crate://crates.io/rustversion/1.0.12 \
-    crate://crates.io/ryu/1.0.13 \
-    crate://crates.io/serde/1.0.160 \
-    crate://crates.io/serde_derive/1.0.160 \
-    crate://crates.io/serde_json/1.0.96 \
-    crate://crates.io/static_assertions/1.1.0 \
-    crate://crates.io/syn/1.0.109 \
-    crate://crates.io/syn/2.0.15 \
-    crate://crates.io/termcolor/1.2.0 \
-    crate://crates.io/thiserror/1.0.40 \
-    crate://crates.io/thiserror-impl/1.0.40 \
-    crate://crates.io/trybuild/1.0.80 \
-    crate://crates.io/unicode-ident/1.0.8 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-util/0.1.5 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-"
 
 SRC_URI[ansi_term-0.11.0.sha256sum] = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b"
 SRC_URI[basic-toml-0.1.2.sha256sum] = "5c0de75129aa8d0cceaf750b89013f0e08804d6ec61416da787b35ad0d7cddf1"
@@ -489,60 +850,6 @@ SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5c
 SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
 SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 # from rust/vendor/asn1-rs/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/asn1-rs/0.5.1 \
-    crate://crates.io/asn1-rs-derive/0.4.0 \
-    crate://crates.io/asn1-rs-impl/0.1.0 \
-    crate://crates.io/atty/0.2.14 \
-    crate://crates.io/autocfg/1.1.0 \
-    crate://crates.io/base64/0.13.1 \
-    crate://crates.io/basic-toml/0.1.2 \
-    crate://crates.io/bitvec/1.0.1 \
-    crate://crates.io/colored/2.0.0 \
-    crate://crates.io/cookie-factory/0.3.2 \
-    crate://crates.io/displaydoc/0.2.3 \
-    crate://crates.io/funty/2.0.0 \
-    crate://crates.io/glob/0.3.1 \
-    crate://crates.io/hermit-abi/0.1.19 \
-    crate://crates.io/hex-literal/0.3.4 \
-    crate://crates.io/itoa/1.0.6 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.139 \
-    crate://crates.io/memchr/2.5.0 \
-    crate://crates.io/minimal-lexical/0.2.1 \
-    crate://crates.io/nom/7.1.3 \
-    crate://crates.io/num-bigint/0.4.3 \
-    crate://crates.io/num-integer/0.1.45 \
-    crate://crates.io/num-traits/0.2.15 \
-    crate://crates.io/oid-registry/0.6.1 \
-    crate://crates.io/once_cell/1.17.1 \
-    crate://crates.io/pem/1.1.1 \
-    crate://crates.io/proc-macro2/1.0.51 \
-    crate://crates.io/quote/1.0.23 \
-    crate://crates.io/radium/0.7.0 \
-    crate://crates.io/rusticata-macros/4.1.0 \
-    crate://crates.io/ryu/1.0.13 \
-    crate://crates.io/serde/1.0.152 \
-    crate://crates.io/serde_derive/1.0.152 \
-    crate://crates.io/serde_json/1.0.94 \
-    crate://crates.io/syn/1.0.109 \
-    crate://crates.io/synstructure/0.12.6 \
-    crate://crates.io/tap/1.0.1 \
-    crate://crates.io/termcolor/1.2.0 \
-    crate://crates.io/thiserror/1.0.39 \
-    crate://crates.io/thiserror-impl/1.0.39 \
-    crate://crates.io/time/0.3.20 \
-    crate://crates.io/time-core/0.1.0 \
-    crate://crates.io/time-macros/0.2.8 \
-    crate://crates.io/trybuild/1.0.79 \
-    crate://crates.io/unicode-ident/1.0.8 \
-    crate://crates.io/unicode-xid/0.2.4 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-util/0.1.5 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-    crate://crates.io/wyz/0.5.1 \
-"
 
 SRC_URI[asn1-rs-0.5.1.sha256sum] = "cf6690c370453db30743b373a60ba498fc0d6d83b11f4abfd87a84a075db5dd4"
 SRC_URI[asn1-rs-derive-0.4.0.sha256sum] = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
@@ -596,383 +903,22 @@ SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5c
 SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
 SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 SRC_URI[wyz-0.5.1.sha256sum] = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed"
-# from rust/vendor/flate2/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/adler/1.0.2 \
-    crate://crates.io/cc/1.0.73 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/cloudflare-zlib-sys/0.3.0 \
-    crate://crates.io/cmake/0.1.48 \
-    crate://crates.io/crc32fast/1.3.2 \
-    crate://crates.io/getrandom/0.2.6 \
-    crate://crates.io/libc/0.2.124 \
-    crate://crates.io/libz-ng-sys/1.1.8 \
-    crate://crates.io/libz-sys/1.1.8 \
-    crate://crates.io/miniz_oxide/0.7.1 \
-    crate://crates.io/pkg-config/0.3.25 \
-    crate://crates.io/ppv-lite86/0.2.16 \
-    crate://crates.io/quickcheck/1.0.3 \
-    crate://crates.io/rand/0.8.5 \
-    crate://crates.io/rand_chacha/0.3.1 \
-    crate://crates.io/rand_core/0.6.3 \
-    crate://crates.io/vcpkg/0.2.15 \
-    crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
-"
-
-SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
-SRC_URI[cc-1.0.73.sha256sum] = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
-SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[cloudflare-zlib-sys-0.3.0.sha256sum] = "2040b6d1edfee6d75f172d81e2d2a7807534f3f294ce18184c70e7bb0105cd6f"
-SRC_URI[cmake-0.1.48.sha256sum] = "e8ad8cef104ac57b68b89df3208164d228503abbdce70f6880ffa3d970e7443a"
-SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
-SRC_URI[getrandom-0.2.6.sha256sum] = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad"
-SRC_URI[libc-0.2.124.sha256sum] = "21a41fed9d98f27ab1c6d161da622a4fa35e8a54a8adc24bbf3ddd0ef70b0e50"
-SRC_URI[libz-ng-sys-1.1.8.sha256sum] = "4399ae96a9966bf581e726de86969f803a81b7ce795fcd5480e640589457e0f2"
-SRC_URI[libz-sys-1.1.8.sha256sum] = "9702761c3935f8cc2f101793272e202c72b99da8f4224a19ddcf1279a6450bbf"
-SRC_URI[miniz_oxide-0.7.1.sha256sum] = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
-SRC_URI[pkg-config-0.3.25.sha256sum] = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae"
-SRC_URI[ppv-lite86-0.2.16.sha256sum] = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872"
-SRC_URI[quickcheck-1.0.3.sha256sum] = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6"
-SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
-SRC_URI[rand_chacha-0.3.1.sha256sum] = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-SRC_URI[rand_core-0.6.3.sha256sum] = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
-SRC_URI[vcpkg-0.2.15.sha256sum] = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-SRC_URI[wasi-0.10.2+wasi-snapshot-preview1.sha256sum] = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
-# from rust/vendor/toml/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/autocfg/1.1.0 \
-    crate://crates.io/hashbrown/0.12.3 \
-    crate://crates.io/indexmap/1.9.2 \
-    crate://crates.io/itoa/1.0.5 \
-    crate://crates.io/proc-macro2/1.0.50 \
-    crate://crates.io/quote/1.0.23 \
-    crate://crates.io/ryu/1.0.12 \
-    crate://crates.io/serde/1.0.152 \
-    crate://crates.io/serde_derive/1.0.152 \
-    crate://crates.io/serde_json/1.0.91 \
-    crate://crates.io/syn/1.0.107 \
-    crate://crates.io/unicode-ident/1.0.6 \
-"
-
-SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-SRC_URI[hashbrown-0.12.3.sha256sum] = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
-SRC_URI[indexmap-1.9.2.sha256sum] = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
-SRC_URI[itoa-1.0.5.sha256sum] = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"
-SRC_URI[proc-macro2-1.0.50.sha256sum] = "6ef7d57beacfaf2d8aee5937dab7b7f28de3cb8b1828479bb5de2a7106f2bae2"
-SRC_URI[quote-1.0.23.sha256sum] = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
-SRC_URI[ryu-1.0.12.sha256sum] = "7b4b9743ed687d4b4bcedf9ff5eaa7398495ae14e61cba0a295704edbc7decde"
-SRC_URI[serde-1.0.152.sha256sum] = "bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb"
-SRC_URI[serde_derive-1.0.152.sha256sum] = "af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e"
-SRC_URI[serde_json-1.0.91.sha256sum] = "877c235533714907a8c2464236f5c4b2a17262ef1bd71f38f35ea592c8da6883"
-SRC_URI[syn-1.0.107.sha256sum] = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
-SRC_URI[unicode-ident-1.0.6.sha256sum] = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
-# from rust/vendor/nom/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/autocfg/1.0.1 \
-    crate://crates.io/bit-set/0.5.2 \
-    crate://crates.io/bit-vec/0.6.3 \
-    crate://crates.io/bitflags/1.3.2 \
-    crate://crates.io/byteorder/1.4.3 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/doc-comment/0.3.3 \
-    crate://crates.io/fnv/1.0.7 \
-    crate://crates.io/getrandom/0.2.3 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.106 \
-    crate://crates.io/memchr/2.4.1 \
-    crate://crates.io/minimal-lexical/0.2.1 \
-    crate://crates.io/num-traits/0.2.14 \
-    crate://crates.io/ppv-lite86/0.2.15 \
-    crate://crates.io/proptest/1.0.0 \
-    crate://crates.io/quick-error/1.2.3 \
-    crate://crates.io/quick-error/2.0.1 \
-    crate://crates.io/rand/0.8.4 \
-    crate://crates.io/rand_chacha/0.3.1 \
-    crate://crates.io/rand_core/0.6.3 \
-    crate://crates.io/rand_hc/0.3.1 \
-    crate://crates.io/rand_xorshift/0.3.0 \
-    crate://crates.io/redox_syscall/0.2.10 \
-    crate://crates.io/regex-syntax/0.6.25 \
-    crate://crates.io/remove_dir_all/0.5.3 \
-    crate://crates.io/rusty-fork/0.3.0 \
-    crate://crates.io/tempfile/3.2.0 \
-    crate://crates.io/wait-timeout/0.2.0 \
-    crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-"
-
-SRC_URI[autocfg-1.0.1.sha256sum] = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
-SRC_URI[bit-set-0.5.2.sha256sum] = "6e11e16035ea35e4e5997b393eacbf6f63983188f7a2ad25bfb13465f5ad59de"
-SRC_URI[bit-vec-0.6.3.sha256sum] = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
-SRC_URI[bitflags-1.3.2.sha256sum] = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
-SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[doc-comment-0.3.3.sha256sum] = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
-SRC_URI[fnv-1.0.7.sha256sum] = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
-SRC_URI[getrandom-0.2.3.sha256sum] = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753"
-SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.106.sha256sum] = "a60553f9a9e039a333b4e9b20573b9e9b9c0bb3a11e201ccc48ef4283456d673"
-SRC_URI[memchr-2.4.1.sha256sum] = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a"
-SRC_URI[minimal-lexical-0.2.1.sha256sum] = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
-SRC_URI[num-traits-0.2.14.sha256sum] = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
-SRC_URI[ppv-lite86-0.2.15.sha256sum] = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba"
-SRC_URI[proptest-1.0.0.sha256sum] = "1e0d9cc07f18492d879586c92b485def06bc850da3118075cd45d50e9c95b0e5"
-SRC_URI[quick-error-1.2.3.sha256sum] = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
-SRC_URI[quick-error-2.0.1.sha256sum] = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
-SRC_URI[rand-0.8.4.sha256sum] = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8"
-SRC_URI[rand_chacha-0.3.1.sha256sum] = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-SRC_URI[rand_core-0.6.3.sha256sum] = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
-SRC_URI[rand_hc-0.3.1.sha256sum] = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7"
-SRC_URI[rand_xorshift-0.3.0.sha256sum] = "d25bf25ec5ae4a3f1b92f929810509a2f53d7dca2f50b794ff57e3face536c8f"
-SRC_URI[redox_syscall-0.2.10.sha256sum] = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff"
-SRC_URI[regex-syntax-0.6.25.sha256sum] = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
-SRC_URI[remove_dir_all-0.5.3.sha256sum] = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
-SRC_URI[rusty-fork-0.3.0.sha256sum] = "cb3dcc6e454c328bb824492db107ab7c0ae8fcffe4ad210136ef014458c1bc4f"
-SRC_URI[tempfile-3.2.0.sha256sum] = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
-SRC_URI[wait-timeout-0.2.0.sha256sum] = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6"
-SRC_URI[wasi-0.10.2+wasi-snapshot-preview1.sha256sum] = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
-SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 # from rust/vendor/brotli/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/alloc-no-stdlib/2.0.3 \
-    crate://crates.io/alloc-stdlib/0.2.1 \
-    crate://crates.io/block-buffer/0.7.3 \
-    crate://crates.io/block-padding/0.1.5 \
-    crate://crates.io/brotli-decompressor/2.3.2 \
-    crate://crates.io/byte-tools/0.3.1 \
-    crate://crates.io/byteorder/1.4.3 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/digest/0.8.1 \
-    crate://crates.io/fake-simd/0.1.2 \
-    crate://crates.io/generic-array/0.12.4 \
-    crate://crates.io/libm/0.1.4 \
-    crate://crates.io/opaque-debug/0.2.3 \
-    crate://crates.io/packed_simd_2/0.3.7 \
-    crate://crates.io/sha2/0.8.2 \
-    crate://crates.io/typenum/1.15.0 \
-"
-
-SRC_URI[alloc-no-stdlib-2.0.3.sha256sum] = "35ef4730490ad1c4eae5c4325b2a95f521d023e5c885853ff7aca0a6a1631db3"
-SRC_URI[alloc-stdlib-0.2.1.sha256sum] = "697ed7edc0f1711de49ce108c541623a0af97c6c60b2f6e2b65229847ac843c2"
-SRC_URI[block-buffer-0.7.3.sha256sum] = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b"
-SRC_URI[block-padding-0.1.5.sha256sum] = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5"
-SRC_URI[brotli-decompressor-2.3.2.sha256sum] = "59ad2d4653bf5ca36ae797b1f4bb4dbddb60ce49ca4aed8a2ce4829f60425b80"
-SRC_URI[byte-tools-0.3.1.sha256sum] = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7"
-SRC_URI[byteorder-1.4.3.sha256sum] = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
-SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[digest-0.8.1.sha256sum] = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5"
-SRC_URI[fake-simd-0.1.2.sha256sum] = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed"
-SRC_URI[generic-array-0.12.4.sha256sum] = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd"
-SRC_URI[libm-0.1.4.sha256sum] = "7fc7aa29613bd6a620df431842069224d8bc9011086b1db4c0e0cd47fa03ec9a"
-SRC_URI[opaque-debug-0.2.3.sha256sum] = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c"
-SRC_URI[packed_simd_2-0.3.7.sha256sum] = "defdcfef86dcc44ad208f71d9ff4ce28df6537a4e0d6b0e8e845cb8ca10059a6"
-SRC_URI[sha2-0.8.2.sha256sum] = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69"
-SRC_URI[typenum-1.15.0.sha256sum] = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987"
-# from rust/vendor/failure/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/backtrace/0.3.46 \
-    crate://crates.io/backtrace-sys/0.1.37 \
-    crate://crates.io/cc/1.0.52 \
-    crate://crates.io/cfg-if/0.1.10 \
-    crate://crates.io/failure_derive/0.1.7 \
-    crate://crates.io/libc/0.2.69 \
-    crate://crates.io/proc-macro2/1.0.12 \
-    crate://crates.io/quote/1.0.4 \
-    crate://crates.io/rustc-demangle/0.1.16 \
-    crate://crates.io/syn/1.0.18 \
-    crate://crates.io/synstructure/0.12.3 \
-    crate://crates.io/unicode-xid/0.2.0 \
-"
-
-SRC_URI[backtrace-0.3.46.sha256sum] = "b1e692897359247cc6bb902933361652380af0f1b7651ae5c5013407f30e109e"
-SRC_URI[backtrace-sys-0.1.37.sha256sum] = "18fbebbe1c9d1f383a9cc7e8ccdb471b91c8d024ee9c2ca5b5346121fe8b4399"
-SRC_URI[cc-1.0.52.sha256sum] = "c3d87b23d6a92cd03af510a5ade527033f6aa6fa92161e2d5863a907d4c5e31d"
-SRC_URI[cfg-if-0.1.10.sha256sum] = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
-SRC_URI[failure_derive-0.1.7.sha256sum] = "030a733c8287d6213886dd487564ff5c8f6aae10278b3588ed177f9d18f8d231"
-SRC_URI[libc-0.2.69.sha256sum] = "99e85c08494b21a9054e7fe1374a732aeadaff3980b6990b94bfd3a70f690005"
-SRC_URI[proc-macro2-1.0.12.sha256sum] = "8872cf6f48eee44265156c111456a700ab3483686b3f96df4cf5481c89157319"
-SRC_URI[quote-1.0.4.sha256sum] = "4c1f4b0efa5fc5e8ceb705136bfee52cfdb6a4e3509f770b478cd6ed434232a7"
-SRC_URI[rustc-demangle-0.1.16.sha256sum] = "4c691c0e608126e00913e33f0ccf3727d5fc84573623b8d65b2df340b5201783"
-SRC_URI[syn-1.0.18.sha256sum] = "410a7488c0a728c7ceb4ad59b9567eb4053d02e8cc7f5c0e0eeeb39518369213"
-SRC_URI[synstructure-0.12.3.sha256sum] = "67656ea1dc1b41b1451851562ea232ec2e5a80242139f7e679ceccfb5d61f545"
-SRC_URI[unicode-xid-0.2.0.sha256sum] = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c"
-# from rust/vendor/alloc-stdlib/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/alloc-no-stdlib/2.0.4 \
-"
-
-SRC_URI[alloc-no-stdlib-2.0.4.sha256sum] = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3"
-# from rust/vendor/bendy/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/addr2line/0.14.0 \
-    crate://crates.io/adler/0.2.3 \
-    crate://crates.io/aho-corasick/0.7.15 \
-    crate://crates.io/autocfg/1.0.1 \
-    crate://crates.io/backtrace/0.3.54 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/failure/0.1.8 \
-    crate://crates.io/failure_derive/0.1.8 \
-    crate://crates.io/gimli/0.23.0 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.80 \
-    crate://crates.io/memchr/2.3.4 \
-    crate://crates.io/miniz_oxide/0.4.3 \
-    crate://crates.io/object/0.22.0 \
-    crate://crates.io/proc-macro2/1.0.24 \
-    crate://crates.io/quote/1.0.7 \
-    crate://crates.io/regex/1.4.2 \
-    crate://crates.io/regex-syntax/0.6.21 \
-    crate://crates.io/rustc-demangle/0.1.18 \
-    crate://crates.io/serde/1.0.117 \
-    crate://crates.io/serde_bytes/0.11.5 \
-    crate://crates.io/serde_derive/1.0.117 \
-    crate://crates.io/syn/1.0.48 \
-    crate://crates.io/synstructure/0.12.4 \
-    crate://crates.io/thread_local/1.0.1 \
-    crate://crates.io/unicode-xid/0.2.1 \
-"
-
-SRC_URI[addr2line-0.14.0.sha256sum] = "7c0929d69e78dd9bf5408269919fcbcaeb2e35e5d43e5815517cdc6a8e11a423"
-SRC_URI[adler-0.2.3.sha256sum] = "ee2a4ec343196209d6594e19543ae87a39f96d5534d7174822a3ad825dd6ed7e"
-SRC_URI[aho-corasick-0.7.15.sha256sum] = "7404febffaa47dac81aa44dba71523c9d069b1bdc50a77db41195149e17f68e5"
-SRC_URI[autocfg-1.0.1.sha256sum] = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
-SRC_URI[backtrace-0.3.54.sha256sum] = "2baad346b2d4e94a24347adeee9c7a93f412ee94b9cc26e5b59dea23848e9f28"
-SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[failure-0.1.8.sha256sum] = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86"
-SRC_URI[failure_derive-0.1.8.sha256sum] = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
-SRC_URI[gimli-0.23.0.sha256sum] = "f6503fe142514ca4799d4c26297c4248239fe8838d827db6bd6065c6ed29a6ce"
-SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.80.sha256sum] = "4d58d1b70b004888f764dfbf6a26a3b0342a1632d33968e4a179d8011c760614"
-SRC_URI[memchr-2.3.4.sha256sum] = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
-SRC_URI[miniz_oxide-0.4.3.sha256sum] = "0f2d26ec3309788e423cfbf68ad1800f061638098d76a83681af979dc4eda19d"
-SRC_URI[object-0.22.0.sha256sum] = "8d3b63360ec3cb337817c2dbd47ab4a0f170d285d8e5a2064600f3def1402397"
-SRC_URI[proc-macro2-1.0.24.sha256sum] = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
-SRC_URI[quote-1.0.7.sha256sum] = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
-SRC_URI[regex-1.4.2.sha256sum] = "38cf2c13ed4745de91a5eb834e11c00bcc3709e773173b2ce4c56c9fbde04b9c"
-SRC_URI[regex-syntax-0.6.21.sha256sum] = "3b181ba2dcf07aaccad5448e8ead58db5b742cf85dfe035e2227f137a539a189"
-SRC_URI[rustc-demangle-0.1.18.sha256sum] = "6e3bad0ee36814ca07d7968269dd4b7ec89ec2da10c4bb613928d3077083c232"
-SRC_URI[serde-1.0.117.sha256sum] = "b88fa983de7720629c9387e9f517353ed404164b1e482c970a90c1a4aaf7dc1a"
-SRC_URI[serde_bytes-0.11.5.sha256sum] = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9"
-SRC_URI[serde_derive-1.0.117.sha256sum] = "cbd1ae72adb44aab48f325a02444a5fc079349a8d804c1fc922aed3f7454c74e"
-SRC_URI[syn-1.0.48.sha256sum] = "cc371affeffc477f42a221a1e4297aedcea33d47d19b61455588bd9d8f6b19ac"
-SRC_URI[synstructure-0.12.4.sha256sum] = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701"
-SRC_URI[thread_local-1.0.1.sha256sum] = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14"
-SRC_URI[unicode-xid-0.2.1.sha256sum] = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
-# from rust/vendor/regex/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/aho-corasick/0.7.18 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/getrandom/0.2.6 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.125 \
-    crate://crates.io/memchr/2.5.0 \
-    crate://crates.io/quickcheck/1.0.3 \
-    crate://crates.io/rand/0.8.5 \
-    crate://crates.io/rand_core/0.6.3 \
-    crate://crates.io/regex-syntax/0.6.26 \
-    crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
-"
-
-SRC_URI[aho-corasick-0.7.18.sha256sum] = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
-SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[getrandom-0.2.6.sha256sum] = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad"
-SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.125.sha256sum] = "5916d2ae698f6de9bfb891ad7a8d65c09d232dc58cc4ac433c7da3b2fd84bc2b"
-SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
-SRC_URI[quickcheck-1.0.3.sha256sum] = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6"
-SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
-SRC_URI[rand_core-0.6.3.sha256sum] = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
-SRC_URI[regex-syntax-0.6.26.sha256sum] = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64"
-SRC_URI[wasi-0.10.2+wasi-snapshot-preview1.sha256sum] = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
-# from rust/vendor/brotli-decompressor/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/alloc-no-stdlib/2.0.4 \
-    crate://crates.io/alloc-stdlib/0.2.2 \
-"
 
 SRC_URI[alloc-no-stdlib-2.0.4.sha256sum] = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3"
 SRC_URI[alloc-stdlib-0.2.2.sha256sum] = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece"
+SRC_URI[block-buffer-0.10.4.sha256sum] = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+SRC_URI[brotli-decompressor-5.0.0.sha256sum] = "874bb8112abecc98cbd6d81ea4fa7e94fb9449648c93cc89aa40c81c24d7de03"
+SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+SRC_URI[cpufeatures-0.2.17.sha256sum] = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+SRC_URI[crypto-common-0.1.6.sha256sum] = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+SRC_URI[digest-0.10.7.sha256sum] = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+SRC_URI[generic-array-0.14.7.sha256sum] = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+SRC_URI[libc-0.2.172.sha256sum] = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
+SRC_URI[sha2-0.10.9.sha256sum] = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+SRC_URI[typenum-1.18.0.sha256sum] = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
+SRC_URI[version_check-0.9.5.sha256sum] = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 # from rust/vendor/phf_generator/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/atty/0.2.14 \
-    crate://crates.io/autocfg/1.0.1 \
-    crate://crates.io/bitflags/1.2.1 \
-    crate://crates.io/bstr/0.2.16 \
-    crate://crates.io/bumpalo/3.7.0 \
-    crate://crates.io/cast/0.2.7 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/clap/2.33.3 \
-    crate://crates.io/criterion/0.3.4 \
-    crate://crates.io/criterion-plot/0.4.4 \
-    crate://crates.io/crossbeam-channel/0.5.1 \
-    crate://crates.io/crossbeam-deque/0.8.1 \
-    crate://crates.io/crossbeam-epoch/0.9.5 \
-    crate://crates.io/crossbeam-utils/0.8.5 \
-    crate://crates.io/csv/1.1.6 \
-    crate://crates.io/csv-core/0.1.10 \
-    crate://crates.io/either/1.6.1 \
-    crate://crates.io/getrandom/0.2.3 \
-    crate://crates.io/half/1.7.1 \
-    crate://crates.io/hermit-abi/0.1.19 \
-    crate://crates.io/itertools/0.10.1 \
-    crate://crates.io/itoa/0.4.7 \
-    crate://crates.io/js-sys/0.3.52 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.99 \
-    crate://crates.io/log/0.4.14 \
-    crate://crates.io/memchr/2.4.0 \
-    crate://crates.io/memoffset/0.6.4 \
-    crate://crates.io/num-traits/0.2.14 \
-    crate://crates.io/num_cpus/1.13.0 \
-    crate://crates.io/oorandom/11.1.3 \
-    crate://crates.io/phf_shared/0.10.0 \
-    crate://crates.io/plotters/0.3.1 \
-    crate://crates.io/plotters-backend/0.3.2 \
-    crate://crates.io/plotters-svg/0.3.1 \
-    crate://crates.io/ppv-lite86/0.2.10 \
-    crate://crates.io/proc-macro2/1.0.28 \
-    crate://crates.io/quote/1.0.9 \
-    crate://crates.io/rand/0.8.4 \
-    crate://crates.io/rand_chacha/0.3.1 \
-    crate://crates.io/rand_core/0.6.3 \
-    crate://crates.io/rand_hc/0.3.1 \
-    crate://crates.io/rayon/1.5.1 \
-    crate://crates.io/rayon-core/1.9.1 \
-    crate://crates.io/regex/1.5.4 \
-    crate://crates.io/regex-automata/0.1.10 \
-    crate://crates.io/regex-syntax/0.6.25 \
-    crate://crates.io/rustc_version/0.4.0 \
-    crate://crates.io/ryu/1.0.5 \
-    crate://crates.io/same-file/1.0.6 \
-    crate://crates.io/scopeguard/1.1.0 \
-    crate://crates.io/semver/1.0.4 \
-    crate://crates.io/serde/1.0.127 \
-    crate://crates.io/serde_cbor/0.11.1 \
-    crate://crates.io/serde_derive/1.0.127 \
-    crate://crates.io/serde_json/1.0.66 \
-    crate://crates.io/siphasher/0.3.6 \
-    crate://crates.io/syn/1.0.74 \
-    crate://crates.io/textwrap/0.11.0 \
-    crate://crates.io/tinytemplate/1.2.1 \
-    crate://crates.io/unicode-width/0.1.8 \
-    crate://crates.io/unicode-xid/0.2.2 \
-    crate://crates.io/walkdir/2.3.2 \
-    crate://crates.io/wasi/0.10.2+wasi-snapshot-preview1 \
-    crate://crates.io/wasm-bindgen/0.2.75 \
-    crate://crates.io/wasm-bindgen-backend/0.2.75 \
-    crate://crates.io/wasm-bindgen-macro/0.2.75 \
-    crate://crates.io/wasm-bindgen-macro-support/0.2.75 \
-    crate://crates.io/wasm-bindgen-shared/0.2.75 \
-    crate://crates.io/web-sys/0.3.52 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-util/0.1.5 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-"
 
 SRC_URI[atty-0.2.14.sha256sum] = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
 SRC_URI[autocfg-1.0.1.sha256sum] = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
@@ -1048,103 +994,120 @@ SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761
 SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 SRC_URI[winapi-util-0.1.5.sha256sum] = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
 SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+# from rust/vendor/alloc-stdlib/Cargo.lock
+
+SRC_URI[alloc-no-stdlib-2.0.4.sha256sum] = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3"
 # from rust/vendor/x509-parser/Cargo.lock
-SRC_URI += " \
-    crate://crates.io/asn1-rs/0.5.2 \
-    crate://crates.io/asn1-rs-derive/0.4.0 \
-    crate://crates.io/asn1-rs-impl/0.1.0 \
-    crate://crates.io/autocfg/1.1.0 \
-    crate://crates.io/bumpalo/3.12.0 \
-    crate://crates.io/cc/1.0.79 \
-    crate://crates.io/cfg-if/1.0.0 \
-    crate://crates.io/data-encoding/2.3.3 \
-    crate://crates.io/der-parser/8.2.0 \
-    crate://crates.io/displaydoc/0.2.3 \
-    crate://crates.io/itoa/1.0.6 \
-    crate://crates.io/js-sys/0.3.61 \
-    crate://crates.io/lazy_static/1.4.0 \
-    crate://crates.io/libc/0.2.140 \
-    crate://crates.io/log/0.4.17 \
-    crate://crates.io/memchr/2.5.0 \
-    crate://crates.io/minimal-lexical/0.2.1 \
-    crate://crates.io/nom/7.1.3 \
-    crate://crates.io/num-bigint/0.4.3 \
-    crate://crates.io/num-integer/0.1.45 \
-    crate://crates.io/num-traits/0.2.15 \
-    crate://crates.io/oid-registry/0.6.1 \
-    crate://crates.io/once_cell/1.17.1 \
-    crate://crates.io/proc-macro2/1.0.52 \
-    crate://crates.io/quote/1.0.26 \
-    crate://crates.io/ring/0.16.20 \
-    crate://crates.io/rusticata-macros/4.1.0 \
-    crate://crates.io/serde/1.0.156 \
-    crate://crates.io/spin/0.5.2 \
-    crate://crates.io/syn/1.0.109 \
-    crate://crates.io/synstructure/0.12.6 \
-    crate://crates.io/thiserror/1.0.39 \
-    crate://crates.io/thiserror-impl/1.0.39 \
-    crate://crates.io/time/0.3.20 \
-    crate://crates.io/time-core/0.1.0 \
-    crate://crates.io/time-macros/0.2.8 \
-    crate://crates.io/unicode-ident/1.0.8 \
-    crate://crates.io/unicode-xid/0.2.4 \
-    crate://crates.io/untrusted/0.7.1 \
-    crate://crates.io/wasm-bindgen/0.2.84 \
-    crate://crates.io/wasm-bindgen-backend/0.2.84 \
-    crate://crates.io/wasm-bindgen-macro/0.2.84 \
-    crate://crates.io/wasm-bindgen-macro-support/0.2.84 \
-    crate://crates.io/wasm-bindgen-shared/0.2.84 \
-    crate://crates.io/web-sys/0.3.61 \
-    crate://crates.io/winapi/0.3.9 \
-    crate://crates.io/winapi-i686-pc-windows-gnu/0.4.0 \
-    crate://crates.io/winapi-x86_64-pc-windows-gnu/0.4.0 \
-"
 
 SRC_URI[asn1-rs-0.5.2.sha256sum] = "7f6fd5ddaf0351dff5b8da21b2fb4ff8e08ddd02857f0bf69c47639106c0fff0"
 SRC_URI[asn1-rs-derive-0.4.0.sha256sum] = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
 SRC_URI[asn1-rs-impl-0.1.0.sha256sum] = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
 SRC_URI[autocfg-1.1.0.sha256sum] = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-SRC_URI[bumpalo-3.12.0.sha256sum] = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
-SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+SRC_URI[bumpalo-3.13.0.sha256sum] = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
+SRC_URI[cc-1.0.81.sha256sum] = "6c6b2562119bf28c3439f7f02db99faf0aa1a8cdfe5772a2ee155d32227239f0"
 SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
-SRC_URI[data-encoding-2.3.3.sha256sum] = "23d8666cb01533c39dde32bcbab8e227b4ed6679b2c925eba05feabea39508fb"
+SRC_URI[data-encoding-2.4.0.sha256sum] = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308"
 SRC_URI[der-parser-8.2.0.sha256sum] = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e"
-SRC_URI[displaydoc-0.2.3.sha256sum] = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886"
-SRC_URI[itoa-1.0.6.sha256sum] = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"
-SRC_URI[js-sys-0.3.61.sha256sum] = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+SRC_URI[deranged-0.3.7.sha256sum] = "7684a49fb1af197853ef7b2ee694bc1f5b4179556f1e5710e1760c5db6f5e929"
+SRC_URI[displaydoc-0.2.4.sha256sum] = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
+SRC_URI[itoa-1.0.9.sha256sum] = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
+SRC_URI[js-sys-0.3.64.sha256sum] = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a"
 SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-SRC_URI[libc-0.2.140.sha256sum] = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
-SRC_URI[log-0.4.17.sha256sum] = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+SRC_URI[libc-0.2.147.sha256sum] = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"
+SRC_URI[log-0.4.19.sha256sum] = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
 SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
 SRC_URI[minimal-lexical-0.2.1.sha256sum] = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 SRC_URI[nom-7.1.3.sha256sum] = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
 SRC_URI[num-bigint-0.4.3.sha256sum] = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f"
 SRC_URI[num-integer-0.1.45.sha256sum] = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
-SRC_URI[num-traits-0.2.15.sha256sum] = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
+SRC_URI[num-traits-0.2.16.sha256sum] = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2"
 SRC_URI[oid-registry-0.6.1.sha256sum] = "9bedf36ffb6ba96c2eb7144ef6270557b52e54b20c0a8e1eb2ff99a6c6959bff"
-SRC_URI[once_cell-1.17.1.sha256sum] = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
-SRC_URI[proc-macro2-1.0.52.sha256sum] = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224"
-SRC_URI[quote-1.0.26.sha256sum] = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+SRC_URI[once_cell-1.18.0.sha256sum] = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"
+SRC_URI[proc-macro2-1.0.66.sha256sum] = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9"
+SRC_URI[quote-1.0.32.sha256sum] = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965"
 SRC_URI[ring-0.16.20.sha256sum] = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
 SRC_URI[rusticata-macros-4.1.0.sha256sum] = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
-SRC_URI[serde-1.0.156.sha256sum] = "314b5b092c0ade17c00142951e50ced110ec27cea304b1037c6969246c2469a4"
+SRC_URI[serde-1.0.180.sha256sum] = "0ea67f183f058fe88a4e3ec6e2788e003840893b91bac4559cabedd00863b3ed"
 SRC_URI[spin-0.5.2.sha256sum] = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 SRC_URI[syn-1.0.109.sha256sum] = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+SRC_URI[syn-2.0.28.sha256sum] = "04361975b3f5e348b2189d8dc55bc942f278b2d482a6a0365de5bdd62d351567"
 SRC_URI[synstructure-0.12.6.sha256sum] = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
-SRC_URI[thiserror-1.0.39.sha256sum] = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c"
-SRC_URI[thiserror-impl-1.0.39.sha256sum] = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e"
-SRC_URI[time-0.3.20.sha256sum] = "cd0cbfecb4d19b5ea75bb31ad904eb5b9fa13f21079c3b92017ebdf4999a5890"
-SRC_URI[time-core-0.1.0.sha256sum] = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd"
-SRC_URI[time-macros-0.2.8.sha256sum] = "fd80a657e71da814b8e5d60d3374fc6d35045062245d80224748ae522dd76f36"
-SRC_URI[unicode-ident-1.0.8.sha256sum] = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4"
+SRC_URI[thiserror-1.0.44.sha256sum] = "611040a08a0439f8248d1990b111c95baa9c704c805fa1f62104b39655fd7f90"
+SRC_URI[thiserror-impl-1.0.44.sha256sum] = "090198534930841fab3a5d1bb637cde49e339654e606195f8d9c76eeb081dc96"
+SRC_URI[time-0.3.25.sha256sum] = "b0fdd63d58b18d663fbdf70e049f00a22c8e42be082203be7f26589213cd75ea"
+SRC_URI[time-core-0.1.1.sha256sum] = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
+SRC_URI[time-macros-0.2.11.sha256sum] = "eb71511c991639bb078fd5bf97757e03914361c48100d52878b8e52b46fb92cd"
+SRC_URI[unicode-ident-1.0.11.sha256sum] = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c"
 SRC_URI[unicode-xid-0.2.4.sha256sum] = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
 SRC_URI[untrusted-0.7.1.sha256sum] = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
-SRC_URI[wasm-bindgen-0.2.84.sha256sum] = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
-SRC_URI[wasm-bindgen-backend-0.2.84.sha256sum] = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
-SRC_URI[wasm-bindgen-macro-0.2.84.sha256sum] = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
-SRC_URI[wasm-bindgen-macro-support-0.2.84.sha256sum] = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
-SRC_URI[wasm-bindgen-shared-0.2.84.sha256sum] = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
-SRC_URI[web-sys-0.3.61.sha256sum] = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
+SRC_URI[wasm-bindgen-0.2.87.sha256sum] = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342"
+SRC_URI[wasm-bindgen-backend-0.2.87.sha256sum] = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd"
+SRC_URI[wasm-bindgen-macro-0.2.87.sha256sum] = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d"
+SRC_URI[wasm-bindgen-macro-support-0.2.87.sha256sum] = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
+SRC_URI[wasm-bindgen-shared-0.2.87.sha256sum] = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1"
+SRC_URI[web-sys-0.3.64.sha256sum] = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b"
 SRC_URI[winapi-0.3.9.sha256sum] = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
 SRC_URI[winapi-i686-pc-windows-gnu-0.4.0.sha256sum] = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 SRC_URI[winapi-x86_64-pc-windows-gnu-0.4.0.sha256sum] = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+# from rust/vendor/regex/Cargo.lock
+
+SRC_URI[aho-corasick-0.7.18.sha256sum] = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f"
+SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+SRC_URI[getrandom-0.2.6.sha256sum] = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad"
+SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+SRC_URI[libc-0.2.125.sha256sum] = "5916d2ae698f6de9bfb891ad7a8d65c09d232dc58cc4ac433c7da3b2fd84bc2b"
+SRC_URI[memchr-2.5.0.sha256sum] = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+SRC_URI[quickcheck-1.0.3.sha256sum] = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6"
+SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+SRC_URI[rand_core-0.6.3.sha256sum] = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7"
+SRC_URI[regex-syntax-0.6.26.sha256sum] = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64"
+SRC_URI[wasi-0.10.2+wasi-snapshot-preview1.sha256sum] = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6"
+# from rust/vendor/bendy/Cargo.lock
+
+SRC_URI[addr2line-0.14.0.sha256sum] = "7c0929d69e78dd9bf5408269919fcbcaeb2e35e5d43e5815517cdc6a8e11a423"
+SRC_URI[adler-0.2.3.sha256sum] = "ee2a4ec343196209d6594e19543ae87a39f96d5534d7174822a3ad825dd6ed7e"
+SRC_URI[aho-corasick-0.7.15.sha256sum] = "7404febffaa47dac81aa44dba71523c9d069b1bdc50a77db41195149e17f68e5"
+SRC_URI[autocfg-1.0.1.sha256sum] = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
+SRC_URI[backtrace-0.3.54.sha256sum] = "2baad346b2d4e94a24347adeee9c7a93f412ee94b9cc26e5b59dea23848e9f28"
+SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+SRC_URI[failure-0.1.8.sha256sum] = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86"
+SRC_URI[failure_derive-0.1.8.sha256sum] = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
+SRC_URI[gimli-0.23.0.sha256sum] = "f6503fe142514ca4799d4c26297c4248239fe8838d827db6bd6065c6ed29a6ce"
+SRC_URI[lazy_static-1.4.0.sha256sum] = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+SRC_URI[libc-0.2.80.sha256sum] = "4d58d1b70b004888f764dfbf6a26a3b0342a1632d33968e4a179d8011c760614"
+SRC_URI[memchr-2.3.4.sha256sum] = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
+SRC_URI[miniz_oxide-0.4.3.sha256sum] = "0f2d26ec3309788e423cfbf68ad1800f061638098d76a83681af979dc4eda19d"
+SRC_URI[object-0.22.0.sha256sum] = "8d3b63360ec3cb337817c2dbd47ab4a0f170d285d8e5a2064600f3def1402397"
+SRC_URI[proc-macro2-1.0.24.sha256sum] = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71"
+SRC_URI[quote-1.0.7.sha256sum] = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
+SRC_URI[regex-1.4.2.sha256sum] = "38cf2c13ed4745de91a5eb834e11c00bcc3709e773173b2ce4c56c9fbde04b9c"
+SRC_URI[regex-syntax-0.6.21.sha256sum] = "3b181ba2dcf07aaccad5448e8ead58db5b742cf85dfe035e2227f137a539a189"
+SRC_URI[rustc-demangle-0.1.18.sha256sum] = "6e3bad0ee36814ca07d7968269dd4b7ec89ec2da10c4bb613928d3077083c232"
+SRC_URI[serde-1.0.117.sha256sum] = "b88fa983de7720629c9387e9f517353ed404164b1e482c970a90c1a4aaf7dc1a"
+SRC_URI[serde_bytes-0.11.5.sha256sum] = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9"
+SRC_URI[serde_derive-1.0.117.sha256sum] = "cbd1ae72adb44aab48f325a02444a5fc079349a8d804c1fc922aed3f7454c74e"
+SRC_URI[syn-1.0.48.sha256sum] = "cc371affeffc477f42a221a1e4297aedcea33d47d19b61455588bd9d8f6b19ac"
+SRC_URI[synstructure-0.12.4.sha256sum] = "b834f2d66f734cb897113e34aaff2f1ab4719ca946f9a7358dba8f8064148701"
+SRC_URI[thread_local-1.0.1.sha256sum] = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14"
+SRC_URI[unicode-xid-0.2.1.sha256sum] = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
+# from rust/vendor/flate2/Cargo.lock
+
+SRC_URI[adler-1.0.2.sha256sum] = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+SRC_URI[cc-1.0.79.sha256sum] = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+SRC_URI[cfg-if-1.0.0.sha256sum] = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+SRC_URI[cloudflare-zlib-sys-0.3.0.sha256sum] = "2040b6d1edfee6d75f172d81e2d2a7807534f3f294ce18184c70e7bb0105cd6f"
+SRC_URI[cmake-0.1.50.sha256sum] = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130"
+SRC_URI[crc32fast-1.3.2.sha256sum] = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
+SRC_URI[getrandom-0.2.9.sha256sum] = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4"
+SRC_URI[libc-0.2.144.sha256sum] = "2b00cc1c228a6782d0f076e7b232802e0c5689d41bb5df366f2a6b6621cfdfe1"
+SRC_URI[libz-ng-sys-1.1.10.sha256sum] = "425fb6808068335c8c7c69d1cff0a7d1ed8f681e9ac040272f160a89e6f43b8b"
+SRC_URI[libz-sys-1.1.10.sha256sum] = "24e6ab01971eb092ffe6a7d42f49f9ff42662f17604681e2843ad65077ba47dc"
+SRC_URI[miniz_oxide-0.7.1.sha256sum] = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
+SRC_URI[pkg-config-0.3.27.sha256sum] = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
+SRC_URI[ppv-lite86-0.2.17.sha256sum] = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
+SRC_URI[quickcheck-1.0.3.sha256sum] = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6"
+SRC_URI[rand-0.8.5.sha256sum] = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+SRC_URI[rand_chacha-0.3.1.sha256sum] = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+SRC_URI[rand_core-0.6.4.sha256sum] = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+SRC_URI[vcpkg-0.2.15.sha256sum] = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+SRC_URI[wasi-0.11.0+wasi-snapshot-preview1.sha256sum] = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
diff --git a/recipes-ids/suricata/suricata_7.0.0.bb b/recipes-ids/suricata/suricata_7.0.12.bb
similarity index 86%
rename from recipes-ids/suricata/suricata_7.0.0.bb
rename to recipes-ids/suricata/suricata_7.0.12.bb
index 62baa35..ff022e0 100644
--- a/recipes-ids/suricata/suricata_7.0.0.bb
+++ b/recipes-ids/suricata/suricata_7.0.12.bb
@@ -5,7 +5,7 @@ require suricata.inc
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"
 
 SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz"
-SRC_URI[sha256sum] = "7bcd1313118366451465dc3f8385a3f6aadd084ffe44dd257dda8105863bb769"
+SRC_URI[sha256sum] = "da5a591c749fed2bd986fc3b3cac25d9cfd3b453f57becf14610746999d3c5dd"
 
 DEPENDS = "lz4 libhtp"
 
@@ -15,29 +15,7 @@ SRC_URI += " \
     file://suricata.yaml \
     file://suricata.service \
     file://run-ptest \
-    file://fixup.patch \
-    file://CVE-2024-45795.patch \
-    file://CVE-2024-45796.patch \
-    file://CVE-2024-55605.patch \
-    file://CVE-2025-29916-01.patch \
-    file://CVE-2025-29916-02.patch \
-    file://CVE-2025-29916-03.patch \
-    file://CVE-2025-29917.patch \
-    file://CVE-2025-29918.patch \
-    file://CVE-2024-32663-001.patch \
-    file://CVE-2024-32663-002.patch \
-    file://CVE-2024-32664.patch \
-    file://CVE-2024-32867-001.patch \
-    file://CVE-2024-32867-002.patch \
-    file://CVE-2024-32867-003.patch \
-    file://CVE-2024-32867-004.patch \
-    file://CVE-2024-55627-001.patch \
-    file://CVE-2024-55627-002.patch \
-    file://CVE-2024-55627-003.patch \
-    file://CVE-2024-55628-001.patch \
-    file://CVE-2024-55628-002.patch \
-    file://CVE-2024-55628-003.patch \
-    file://CVE-2024-55628-004.patch \
+    file://0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch \
     "
 
 inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
-- 
2.47.3

Re: [yocto-patches] [meta-security][scarthgap][PATCH 04/32] scap-security-guide: fix fetch

[Clayton Casciato]

> From: Marta Rybczynska <marta.rybczynska@ygreky.com>
>@
> The project does not keep releases in branches, instead they tag them. The stable branch
> does not contain releases, so we use the revision only.
>@
> See upstream issue [1] for details.
>@
> [1] https://github.com/ComplianceAsCode/content/issues/13543
>@
> Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
> --- 
>  .../scap-security-guide/scap-security-guide_0.1.71.bb           | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>@
> diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
> index 5e45332..e277ccf 100644
> --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
> +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
> @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820"
>  LICENSE = "BSD-3-Clause"
>@@
>  SRCREV = "459f0abf2ac08d36e5fc4a2619bc75cff7000da9"
> -SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \
> +SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \
>             file://run_eval.sh \
>             file://run-ptest \
>             "   
Hi, Scott

I would suggest instead updating the SRCREV to
879672a39577a8b8c9413641c9e6b8a0bd4f12bc.

See https://lists.yoctoproject.org/g/yocto-patches/topic/116289037

--
Clayton Casciato

Re: [yocto-patches] [meta-security][scarthgap][PATCH 00/32] Roll up outstanding fixes

[Clayton Casciato]

> - There are still some other outstanding CVEs for firejail and clamav.
>   firejail is potentially upgradeable, but clamav is problematic since
>   I believe 0.104.x was already unsupported when scarthgap shipped.
>   If you care about clamav support for scarthgap, plus provide some
>   input on if an upgrade to one of the LTS branches (1.0 or 1.4) is
>   something you would like to see / would be able to help test.
Hi, Scott

I would like to see clamav updated (1.4 preferred).

--
Clayton Casciato

Re: [meta-security][scarthgap][PATCH 00/32] Roll up outstanding fixes

[Hemant Jadhav]

[-- Attachment #1: Type: text/plain, Size: 336 bytes --]

Hi Clayton,

The ClamAV 1.4.3 recipe patch submitted for master is also tested on scarthgap.
It can be ported to the scarthgap branch with minimal changes:
Required Changes for Scarthgap:
- add S = "${WORKDIR}/git"
- Replace all `${UNPACKDIR}` with `${WORKDIR}`

That's it! Everything else remains identical.

Thanks
Hemant

[-- Attachment #2: Type: text/html, Size: 483 bytes --]

Re: [yocto-patches] [meta-security][scarthgap][PATCH 04/32] scap-security-guide: fix fetch

[Scott Murray]

On Mon, 24 Nov 2025, Clayton Casciato wrote:

> > From: Marta Rybczynska <marta.rybczynska@ygreky.com>
> >@
> > The project does not keep releases in branches, instead they tag them. The stable branch
> > does not contain releases, so we use the revision only.
> >@
> > See upstream issue [1] for details.
> >@
> > [1] https://github.com/ComplianceAsCode/content/issues/13543
> >@
> > Signed-off-by: Marta Rybczynska <marta.rybczynska@ygreky.com>
> > ---
> >  .../scap-security-guide/scap-security-guide_0.1.71.bb           | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >@
> > diff --git a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
> > index 5e45332..e277ccf 100644
> > --- a/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
> > +++ b/recipes-compliance/scap-security-guide/scap-security-guide_0.1.71.bb
> > @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=9bfa86579213cb4c6adaffface6b2820"
> >  LICENSE = "BSD-3-Clause"
> >@@
> >  SRCREV = "459f0abf2ac08d36e5fc4a2619bc75cff7000da9"
> > -SRC_URI = "git://github.com/ComplianceAsCode/content.git;branch=stable;protocol=https \
> > +SRC_URI = "git://github.com/ComplianceAsCode/content.git;nobranch=1;protocol=https \
> >             file://run_eval.sh \
> >             file://run-ptest \
> >             "
> Hi, Scott
>
> I would suggest instead updating the SRCREV to
> 879672a39577a8b8c9413641c9e6b8a0bd4f12bc.
>
> See https://lists.yoctoproject.org/g/yocto-patches/topic/116289037

459f0abf2ac08d36e5fc4a2619bc75cff7000da9 is the commit that the
v0.1.71 tag points at, so it is what should be used in order to avoid
confusion.  Now it is indeed the case that since this change was made
upstream have reworked their stable branch by merging all the dangling
release branches into it, so we can potentially drop this for scarthgap,
I'll try a sanity test build.  The upgrade to v0.1.78 is queued on
master-next, my plan is to take it as is, then we can drop a one-liner
on to change the branch, then backport to scarthgap in the next pass.

Thanks,

Scott