release: 7.0.6; update changelog

Author: inashivb

ChangeLog

@@ -1,3 +1,40 @@
+7.0.6 -- 2024-06-26
+
+Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CVE 2024-37151)
+Security #7105: http2: oom from duplicate headers (7.0.x backport)
+Security #7033: http/range: segv when http.memcap is reached (7.0.x backport)
+Security #6988: modbus: txs without responses are never freed (7.0.x backport)
+Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport)
+Bug #7064: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node (7.0.x backport)
+Bug #7063: smtp/mime: data command rejected by pipelining server does not reset data mode (7.0.x backport)
+Bug #7060: smtp: split name logged as 2 names (7.0.x backport)
+Bug #7050: af-packet: failure to start up on many threads plus high load (7.0.x backport)
+Bug #7043: Crasher in HTTP chunked / StreamingBuffer (7.0.x backport)
+Bug #7038: pcap/log: MacOS rotates file well before limit is reached (7.0.x backport)
+Bug #7035: time: in offline mode, time can stay behind at pcap start (7.0.x backport)
+Bug #7023: unix-socket: iface-bypassed-stat crash (7.0.x backport)
+Bug #7021: unix-socket: hostbit commands don't properly release host (7.0.x backport)
+Bug #7015: rust: build with rust 1.78 with slice::from_raw_parts now requiring the pointer to be non-null (7.0.x backport)
+Bug #6990: tls.random buffers don't work as expected (7.0.x backport)
+Bug #6986: iprep: rule with '=,0' can't match (7.0.x backport)
+Bug #6975: detect: log relevant frames app-layer metdata (7.0.x backport)
+Bug #6950: decode/ppp: decoder.event.ppp.wrong_type on valid packet (7.0.x backport)
+Bug #6897: detect/port: upper boundary ports are not correctly handled (7.0.x backport)
+Bug #6895: detect/port: port grouping does not happen correctly if gap between a single and range port (7.0.x backport)
+Bug #6862: Lightweight rules profiling: crash when profiling ends (7.0.x backport)
+Bug #6848: alerts: wrongly using tx id 0 when there is no tx (7.0.x backport)
+Bug #6845: coverity: warning in port grouping code (7.0.x backport)
+Bug #6844: detect/port: port ranges are incorrect when a port is single as well as a part of range (7.0.x backport)
+Bug #6690: Ethernet src should match src ip (7.0.x backport)
+Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)
+Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport)
+Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport)
+Feature #7010: JA4 support for TLS and QUIC (7.0.x backport)
+Feature #6557: Capability to have rules profiling on pcap run (7.0.x backport)
+Documentation #6910: userguide: document how to verify tar.gz signature (7.0.x backport)
+Documentation #6687: docs: port userguide build instruction changes from master-6.0.x (7.0.x backport)
+Documentation #6601: docs: update eBPF installation instructions (7.0.x backport)
+
 7.0.5 -- 2024-04-23
 
 Security #6905: base64: off-by-three overflow in DecodeBase64() (7.0.x backport)(CVE 2024-32664)

configure.ac

@@ -1,4 +1,4 @@
-    AC_INIT([suricata],[7.0.6-dev])
+    AC_INIT([suricata],[7.0.6])
     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
     AC_CONFIG_HEADERS([src/autoconf.h])
     AC_CONFIG_SRCDIR([src/suricata.c])

requirements.txt

@@ -3,5 +3,5 @@
 # Format:
 #
 #   name {repo} {branch|tag}
-libhtp https://github.com/OISF/libhtp 0.5.x
-suricata-update https://github.com/OISF/suricata-update master
+libhtp https://github.com/OISF/libhtp 0.5.48
+suricata-update https://github.com/OISF/suricata-update 1.3.3