Project

General

Profile

Actions

Bug #13730

closed

Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1

Added by Bill Meeks about 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Category:
Suricata
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
23.01
Affected Architecture:
All

Description

Suricata fails to download Emerging Threats rules archives in the latest pfSense DEVEL snapshots due to apparent changes in the behavior of the filter_var() function in PHP 8.1. Code that currently works fine in PHP 7.4 does not produce the same output in PHP 8.1, thus leading to the construction of an invalid URL for downloading Emerging Threats rules. The code is parsing the version string printed by the Suricata binary to pull out the only the numeric part.

A fix for this is being prepared and a pull request will be submitted for review and merge soon.


Files

Actions #1

Updated by Bill Meeks about 2 months ago

Pull request 1201 has been submitted to the DEVEL branch. Details are here: https://github.com/pfsense/FreeBSD-ports/pull/1201.

Once this request is merged, this issue can be marked resolved.

Actions #2

Updated by Reid Linnemann about 2 months ago

  • Assignee set to Reid Linnemann
Actions #3

Updated by Reid Linnemann about 2 months ago

  • Status changed from New to Feedback

Merged to CE as of 71bfc136

Actions #4

Updated by Chris W about 2 months ago

I presume this was initially opened using the ETOpen rule list and not the ETPro list. ETOpen working fine on:

23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 UTC 2022
FreeBSD 14.0-CURRENT

Actions #5

Updated by Bill Meeks about 2 months ago

I tested using both the Emerging Threats Open rules and the Emerging Threats Pro rules in a 2.7.0-DEVEL CE virtual machine. Both downloaded and installed correctly after this fix.

Actions #6

Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF