suricata: update 7.0.13 -> 8.0.4

8.0.0 [1]: Increased Rust use (including libhtp, suricatactl, and suricatasc) More protocols Lua sandboxed and available by default 8.0.4 [2]: security, performance, accuracy, and stability fixes Resolve startup warning [3]: W: af-packet: eth0: AF_PACKET tpacket-v3 is recommended for non-inline operation Add "ja4" option for fingerprinting TLS and QUIC clients [4] CFLAGS modification for (see [5]): do_package_qa: QA Issue: File /usr/bin/.debug/suricata in package suricata-dbg contains reference to TMPDIR [buildpaths] SURICATA_LUA_SYS_HEADER_DST [6] [1] https://suricata.io/2025/07/08/suricata-8-0-0-released/ [2] https://suricata.io/2026/03/17/suricata-8-0-4-and-7-0-15-released/ [3] https://docs.suricata.io/en/suricata-8.0.4/upgrade.html#id1 [4] https://github.com/OISF/suricata/pull/10836 [5] https://git.openembedded.org/openembedded-core/commit/?id=3239961e35434592c06ec2cae2885ab464d35744 [6] https://github.com/OISF/suricata/commit/3a7eef812198118fa0b96059e70074bec5a8cdbe Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com> (added musl libunwind fix) Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2026-05-08 17:19:34 +00:00 · 2026-04-22 21:40:48 -06:00
parent 731c5fc0b8
commit 1dcf90fa42
4 changed files with 2690 additions and 700 deletions
@@ -1,6 +1,6 @@
-From a59708a9300df8116867ac77f7829f7fd647325e Mon Sep 17 00:00:00 2001
+From 28ab6ce1da3d095fdcdd66621329d2a204b4fc2e Mon Sep 17 00:00:00 2001
 From: Clayton Casciato <ccasciato@21sw.us>
-Date: Mon, 3 Nov 2025 10:30:26 -0700
+Date: Thu, 19 Mar 2026 21:24:50 -0600
 Subject: [PATCH] Skip pkg Makefile from using its own rust steps

 Upstream-Status: Inappropriate [OE Specific]
@@ -13,28 +13,28 @@ Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
 2 files changed, 2 insertions(+), 2 deletions(-)

 diff --git a/Makefile.am b/Makefile.am
-index d0d3d09..a572912 100644
+index e99cea8..23e4d08 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -10,7 +10,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
- 	     scripts/generate-images.sh \
- 	     scripts/docs-almalinux9-minimal-build.sh \
- 	     scripts/docs-ubuntu-debian-minimal-build.sh
-SUBDIRS = $(HTP_DIR) rust src qa rules doc contrib etc python ebpf \
-+SUBDIRS = $(HTP_DIR) src qa rules doc contrib etc python ebpf \
+@@ -12,7 +12,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
+ 	     scripts/docs-ubuntu-debian-minimal-build.sh \
+        scripts/evedoc.py \
+ 	     examples/plugins
+-SUBDIRS = rust src plugins qa rules doc etc python ebpf \
+SUBDIRS = src plugins qa rules doc etc python ebpf \
           $(SURICATA_UPDATE_DIR)
- 
- CLEANFILES = stamp-h[0-9]*
+ DIST_SUBDIRS = $(SUBDIRS) examples/lib/simple examples/lib/custom \
+ 		examples/lib/live
 diff --git a/Makefile.in b/Makefile.in
-index 7a89353..3864613 100644
+index a27d8b7..4bd2fc8 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -428,7 +428,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
- 	     scripts/docs-almalinux9-minimal-build.sh \
- 	     scripts/docs-ubuntu-debian-minimal-build.sh
+@@ -430,7 +430,7 @@ EXTRA_DIST = ChangeLog COPYING LICENSE suricata.yaml.in \
+        scripts/evedoc.py \
+ 	     examples/plugins
 
-SUBDIRS = $(HTP_DIR) rust src qa rules doc contrib etc python ebpf \
-+SUBDIRS = $(HTP_DIR) src qa rules doc contrib etc python ebpf \
+-SUBDIRS = rust src plugins qa rules doc etc python ebpf \
+SUBDIRS = src plugins qa rules doc etc python ebpf \
           $(SURICATA_UPDATE_DIR)
 
- CLEANFILES = stamp-h[0-9]*
+ DIST_SUBDIRS = $(SUBDIRS) examples/lib/simple examples/lib/custom \
@@ -1,23 +0,0 @@
-SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces."
-
-require suricata.inc
-
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=596ab7963a1a0e5198e5a1c4aa621843"
-
-SRC_URI = "git://github.com/OISF/libhtp.git;protocol=https;branch=0.5.x"
-SRCREV = "314ca7360e141a1e40be58707b3abeefe32258c9"
-
-DEPENDS = "zlib"
-
-inherit autotools-brokensep pkgconfig
-
-CFLAGS += "-D_DEFAULT_SOURCE"
-
-do_configure () {
-    cd ${S}
-    ./autogen.sh
-    oe_runconf
-}
-
-RDEPENDS:${PN} += "zlib"
-
@@ -5,9 +5,10 @@ require suricata.inc
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"

 SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz"
-SRC_URI[sha256sum] = "bbc94cf0a297f4560c64569ed72867c799287defdaf6e6572ce769f48dd2559b"
+SRC_URI[sha256sum] = "81cee7bae69848a9751b2ce0867620eefa52b192e79c20b5eac897600b28b191"

-DEPENDS = "jansson lz4 libhtp"
+DEPENDS = "jansson lz4"
+DEPENDS:append:libc-musl = " libunwind"

 SRC_URI += " \
    file://volatiles.03_suricata \
@@ -18,22 +19,23 @@ SRC_URI += " \
    file://0001-Skip-pkg-Makefile-from-using-its-own-rust-steps.patch \
    "

-inherit autotools pkgconfig python3native systemd ptest cargo cargo-update-recipe-crates
+inherit autotools pkgconfig python3native systemd ptest rust cargo cargo-update-recipe-crates

 require  ${BPN}-crates.inc

 EXTRA_OECONF += " --disable-debug \
    --disable-gccmarch-native \
-    --enable-non-bundled-htp \
    --disable-suricata-update \
-    --with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR} \
    --with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR} \
    "

 CARGO_SRC_DIR = "rust"

 CARGO_BUILD_FLAGS:remove = "--frozen"
-CARGO_BUILD_FLAGS:append = " --offline"
+CARGO_BUILD_FLAGS:append = " \
+    --offline \
+    ${@bb.utils.contains('PACKAGECONFIG', 'ja4', '--features ja4', '', d)} \
+    "

 B = "${S}"

@@ -54,6 +56,7 @@ PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-
 PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap"
 PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , "
 PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet,"
+PACKAGECONFIG[ja4] = "--enable-ja4, --disable-ja4"
 PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ,"
 PACKAGECONFIG[nfq] = "--enable-nfqueue, --disable-nfqueue,libnetfilter-queue,"

@@ -75,7 +78,9 @@ do_configure:prepend () {
    autotools_do_configure
 }

-CFLAGS += "-Wno-error=incompatible-pointer-types"
+CFLAGS += "-Wno-error=incompatible-pointer-types \
+    -ffile-prefix-map=${CARGO_HOME}=${TARGET_DBGSRC_DIR} \
+    "

 # Commit 7a2b9acef2 cargo: pass PACKAGECONFIG_CONFARGS to cargo build
 # breaks building this recipe. Providing a copy of the original function
@@ -90,6 +95,9 @@ oe_cargo_build () {
 }

 do_compile () {
+    mkdir -p ${S}/${CARGO_SRC_DIR}/gen
+    export SURICATA_LUA_SYS_HEADER_DST='${S}/${CARGO_SRC_DIR}/gen'
+
    # we do this to bypass the make provided by this pkg
    # patches Makefile to skip the subdir
    cargo_do_compile
@@ -104,6 +112,9 @@ do_install () {

    oe_runmake install DESTDIR=${D}

+    install -m 0755 '${B}/${CARGO_SRC_DIR}/target/${CARGO_TARGET_SUBDIR}/suricatasc' '${D}${bindir}'
+    install -m 0755 '${B}/${CARGO_SRC_DIR}/target/${CARGO_TARGET_SUBDIR}/suricatactl' '${D}${bindir}'
+
    install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
    install -m 0644 ${UNPACKDIR}/volatiles.03_suricata  ${D}${sysconfdir}/default/volatiles/03_suricata

@@ -132,10 +143,6 @@ do_install () {

    # Remove /var/run as it is created on startup
    rm -rf ${D}${localstatedir}/run
-
-    sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${bindir}/suricatasc
-    sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${bindir}/suricatactl
-    sed -i -e "s:#!.*$:#!${USRBINPATH}/env python3:g" ${D}${libdir}/suricata/python/suricata/sc/suricatasc.py
 }

 pkg_postinst_ontarget:${PN} () {
@@ -147,9 +154,7 @@ fi
 SYSTEMD_PACKAGES = "${PN}"
 SYSTEMD_SERVICE:${PN} = "${BPN}.service"

-PACKAGES =+ "${PN}-python"
 FILES:${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
-FILES:${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"

 RDEPENDS:${PN} += "jansson"