ETA on Suricata 7.0.6 ?

btspce · Jul 1, 2024, 4:29 PM

Suricata 7.0.6 was released on June 27 and contains fixes for several CVE's rated high and critical.

https://suricata.io/2024/06/27/suricata-7-0-6-and-6-0-20-released/

CVE-2024-37151: CRITICAL (7.0.5 and 6.0.19)
CVE-2024-38536: HIGH (7.0.5)
CVE-2024-38534: HIGH (7.0.5)
CVE-2024-38535: CRITICAL (7.0.5) / MODERATE (6.0.19)

How far off is an update to 7.0.6 ?

NRgia · Jul 5, 2024, 2:49 PM

This post is deleted!

bmeeks · Jul 7, 2024, 4:42 PM

I have posted Pull Requests containing the update for the Netgate team to review and merge:

https://github.com/pfsense/FreeBSD-ports/pull/1375
https://github.com/pfsense/FreeBSD-ports/pull/1376

You can follow the progress at the two GitHub links provided above (one is for the binary portion and the other for the GUI portion of the package).

btspce · Jul 7, 2024, 4:42 PM

@bmeeks Thanks!

btspce · Jul 17, 2024, 7:16 AM

Why has this update which contain HIGH and CRITICAL fixes in both 7.0.5 and 7.0.6 not been published to repos yet ?

NRgia · Jul 17, 2024, 4:30 PM

@btspce
Maybe you can find a hint here:

https://forum.netgate.com/topic/182134/suricata-7-0-0-package-update-for-devel-snapshots-release-notes/11?_=1721233141154

btspce · Jul 17, 2024, 5:14 PM

@NRgia Thanks. Does not sound good at all. Created a ticket with Netgate Support about this.

NRgia · Jul 17, 2024, 6:03 PM

@btspce said in ETA on Suricata 7.0.6 ?:

@NRgia Thanks. Does not sound good at all. Created a ticket with Netgate Support about this.

Please do share, at least on private, on Support's answer. I am using a pfSense+ free license, so no tickets for me. Thank you also.

bmeeks · Jul 17, 2024, 6:09 PM

The update I posted for Suricata 7.0.6 will build successfully on the Netgate package builders (at least it does for me). It's a relatively simple matter for their developers with pfSense FreeBSD-ports repo access to pull in and merge the update so the new packages will build.

Perhaps the guy that normally does the merging has been away on vacation for a bit ???

I sent him an email the same time I posted the update Pull Request notifying him of its presence.

btspce · Jul 17, 2024, 6:16 PM

@bmeeks Thanks!
I really hope there is atleast two developers who can fill in for each other at Netgate.

bmeeks · Jul 17, 2024, 6:22 PM

@btspce said in ETA on Suricata 7.0.6 ?:

I really hope there is atleast two developers who can fill in for each other at Netgate.

There are, but I think only one or maybe two guys handle the merging of the third-party volunteer package updates. Referring to the link posted earlier by @NRgia you will note in that discussion that the majority of the available pfSense packages are/were maintained by volunteers who are not affiliated with Netgate. As volunteers, they do not have "merge" permissions on the GitHub repos either.

In my time maintaining Snort and Suricata, I've worked with only three Netgate developers who merged updates I submitted. Of those three, one has not been with Netgate for many years, the second moved over to TNSR support, and so that leaves me with just the one contact whose email I currently have.

bmeeks · Jul 17, 2024, 6:25 PM

Just received a reply to my original email. They will be merging the 7.0.6 update today, so look for new packages soon.

btspce · Jul 17, 2024, 6:41 PM

@bmeeks Great and thanks for everything you do.

I really hope Netgate fixes this situation with merging and communication and realizes the importance of these packages to the end product that is pfsense.

We would not be using Netgate firewalls without them.

NRgia · Jul 17, 2024, 6:41 PM

@bmeeks said in ETA on Suricata 7.0.6 ?:

Just received a reply to my original email. They will be merging the 7.0.6 update today, so look for new packages soon.

Thank you

bmeeks · Jul 17, 2024, 11:28 PM

The updates for the binary and GUI have been merged and the new v7.0.6 package is available.