release: 8.0.5; update changelog

ChangeLog

@@ -1,3 +1,51 @@
+8.0.5 -- 2026-05-19
+
+Security #8561: defrag: fragmented encapsulated traffic with fragments can lead to deadlock (8.0.x backport)(HIGH - CVE 2026-46352)
+Security #8557: detect/lua: buffer overflow leads to sandbox escape (8.0.x backport)(HIGH - CVE 2026-45770)
+Security #8554: http2: excessive memory alloc with decompression bomb (8.0.x backport)(HIGH - CVE 2026-46387)
+Security #8547: datasets: save with load cmd can save to absolute filename (8.0.x backport)(HIGH - CVE 2026-45767)
+Security #8541: detect: use-after-free in decompress transform pipeline (8.0.x backport)(MODERATE - CVE 2026-45752)
+Security #8540: detect: heap-use-after-free in inspection-buffer transform chaining (8.0.x backport)(MODERATE - CVE 2026-45751)
+Security #8530: http1: quadratic complexity with usage of HTTPParseContentDispositionHeader (8.0.x backport)(HIGH - CVE 2026-45759)
+Security #8527: detect: case insensitivity in frames lead to buffer overflow (8.0.x backport)(LOW - CVE 2026-45761)
+Security #8511: defrag: incorrect ip fragment reuse causes remote crash (8.0.x backport)(HIGH - CVE 2026-45762)
+Security #8508: lua: sandbox alloc_limit not enforced on new allocations (8.0.x backport)(HIGH - CVE 2026-45763)
+Security #8493: http2: type confusion from protocol change (8.0.x backport)(CRITICAL - CVE 2026-45764)
+Security #8461: dnp3: unbounded reassembly (8.0.x backport)(HIGH - CVE 2026-45765)
+Security #8419: nfs: OOM on stateful structures (8.0.x backport)(CRITICAL - CVE 2026-45766)
+Security #8416: ikev2: OOM due to unbounded client_transforms (8.0.x backport)(CRITICAL - CVE 2026-45769)
+Security #8406: ldap: OOM on unbounded responses per tx (8.0.x backport)(CRITICAL - CVE 2026-45768)
+Bug #8553: reputation: useless code leads to buffer underflow (8.0.x backport)
+Bug #8522: dcerpc.iface keyword matches any interface if PFC_FIRST_FRAG is missing in the BIND request (8.0.x backport)
+Bug #8502: detect/dns: dns.*.rrname keywords do not work with "alert udp" prefix (8.0.x backport)
+Bug #8490: ftp: the "too many transactions" event isn't raised (8.0.x backport)
+Bug #8455: doh2: FN with rulesets combining dns rules and http2 rules (8.0.x backport)
+Bug #8452: http2: http.host does not match as soon as possible (8.0.x backport)
+Bug #8449: dnp3: off by one heap write in object parser (8.0.x backport)
+Bug #8439: examples/lib/live can not work
+Bug #8422: snmp: snmp-event.rules file is missing (8.0.x backport)
+Bug #8414: websocket: reassembly should restrict opcodes (8.0.x backport)
+Bug #8411: http2: response_frame_size is never set (8.0.x backport)
+Bug #8404: detect: false alerts with drop rule using geoip (8.0.x backport)
+Bug #8399: tls: encryption-handling bypass breaks dependent JA3/JA3S rules in IDS mode (8.0.x backport)
+Bug #8380: dcerpc: bind interfaces get overwritten with new requests/responses (8.0.x backport)
+Bug #8376: smb/dcerpc: use bind context_id to log the right interfaces (8.0.x backport)
+Bug #8374: dcerpc: parser does not support multiple PDUs (8.0.x backport)
+Bug #8373: dcerpc: logs not created after unhandled packet such as auth3 (8.0.x backport)
+Bug #8170: dpdk: DPDK tag inadvertently changes compile architecture (8.0.x backport)
+Bug #8162: schema: allow `http_request_body` fields (8.0.x backport)
+Feature #8562: firewall: support NTP hook states for firewall rule evaluation (8.0.x backport)
+Feature #8544: firewall: source field in alert/drop events to distinguish firewall from IDS/IPS (8.0.x backport)
+Feature #8432: firewall: support SNMP hook states for firewall rule evaluation (8.0.x backport)
+Feature #8400: output: improve flushing coverage (8.0.x backport)
+Feature #8398: firewall: mark icode as supported
+Feature #8321: dpdk: add Github CI live run tests for DPDK virtual devices (8.0.x backport)
+Task #8483: snmp: add snmp.trap_type keyword (8.0.x backport)
+Task #8476: rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand) (8.0.x backport)
+Task #8437: firewall: enable content inspect keywords for firewall mode (8.0.x backport)
+Task #8409: firewall: add tests for hot reload of firewall mode rules (8.0.x backport)
+Task #8360: rust: update psl crate (8.0.x backport)
+
 8.0.4 -- 2026-03-12
 
 Security #8364: stream: quadratic complexity in stream inspection (8.0.x backport)(HIGH - CVE 2026-31933)

configure.ac

@@ -1,4 +1,4 @@
-    AC_INIT([suricata],[8.0.5-dev])
+    AC_INIT([suricata],[8.0.5])
     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
     AC_CONFIG_HEADERS([src/autoconf.h])
     AC_CONFIG_SRCDIR([src/suricata.c])

rust/Cargo.lock.in

@@ -1512,7 +1512,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
 
 [[package]]
 name = "suricata"
-version = "8.0.5-dev"
+version = "8.0.5"
 dependencies = [
  "aes",
  "aes-gcm",
@@ -1565,7 +1565,7 @@ dependencies = [
 
 [[package]]
 name = "suricata-derive"
-version = "8.0.5-dev"
+version = "8.0.5"
 dependencies = [
  "proc-macro-crate",
  "proc-macro2",
@@ -1575,7 +1575,7 @@ dependencies = [
 
 [[package]]
 name = "suricata-htp"
-version = "8.0.5-dev"
+version = "8.0.5"
 dependencies = [
  "base64",
  "brotli",
@@ -1601,11 +1601,11 @@ dependencies = [
 
 [[package]]
 name = "suricata-sys"
-version = "8.0.5-dev"
+version = "8.0.5"
 
 [[package]]
 name = "suricatactl"
-version = "8.0.5-dev"
+version = "8.0.5"
 dependencies = [
  "clap",
  "once_cell",
@@ -1616,7 +1616,7 @@ dependencies = [
 
 [[package]]
 name = "suricatasc"
-version = "8.0.5-dev"
+version = "8.0.5"
 dependencies = [
  "clap",
  "home",

rust/sys/src/sys.rs

@@ -1,6 +1,6 @@
 // This file is automatically generated. Do not edit.
 
-pub const SC_PACKAGE_VERSION: &[u8; 10] = b"8.0.5-dev\0";
+pub const SC_PACKAGE_VERSION: &[u8; 6] = b"8.0.5\0";
 pub type __intmax_t = ::std::os::raw::c_long;
 pub type intmax_t = __intmax_t;
 #[repr(u32)]