Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
Suricata fails to download Emerging Threats rules archives in the latest pfSense DEVEL snapshots due to apparent changes in the behavior of the filter_var() function in PHP 8.1. Code that currently works fine in PHP 7.4 does not produce the same output in PHP 8.1, thus leading to the construction of an invalid URL for downloading Emerging Threats rules. The code is parsing the version string printed by the Suricata binary to pull out the only the numeric part.
A fix for this is being prepared and a pull request will be submitted for review and merge soon.
Updated by Bill Meeks about 2 months ago
Pull request 1201 has been submitted to the DEVEL branch. Details are here: https://github.com/pfsense/FreeBSD-ports/pull/1201.
Once this request is merged, this issue can be marked resolved.
Updated by Chris W about 2 months ago
I presume this was initially opened using the ETOpen rule list and not the ETPro list. ETOpen working fine on:
built on Sat Dec 10 03:22:16 UTC 2022