From d8bad3b1aa7ae1c3a19a348b1b881ca2dc5b68d0 Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivani@oisf.net>
Date: Tue, 19 Mar 2024 16:12:41 +0530
Subject: [PATCH] release: 7.0.4; update changelog

---
 ChangeLog        | 34 ++++++++++++++++++++++++++++++++++
 configure.ac     |  6 +++---
 requirements.txt |  4 ++--
 3 files changed, 39 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cf074b1c106e..69c9ce3df6c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,37 @@
+7.0.4 -- 2024-03-19
+
+Security #6868: eve: excessive ssh long banner logging (7.0.x backport)(CVE 2024-28870)
+Security #6801: ssh: quadratic complexity in overlong banner (7.0.x backport)(CVE 2024-28870)
+Security #6759: libhtp: quadratic complexity checking after request line mission protocol (7.0.x backport)(CVE 2024-28871)
+Security #6798: output/filestore: timeout because of running OutputTxLog on useless packets (7.0.x backport)
+Bug #6842: Error message from netmap when using Netmap pipes (with lb) (7.0.x backport)
+Bug #6828: dpdk: NUMA warning on non-NUMA system (7.0.x backport)
+Bug #6816: capture plugins: capture plugins unusable due to initialization order (7.0.x backport)
+Bug #6812: pfring: memory leak (7.0.x backport)
+Bug #6810: decode/pppoe: Suspicious pointer scaling (7.0.x backport)
+Bug #6791: cppcheck 2.11 errors (7.0.x backport)
+Bug #6785: detect/tls.certs: direction flag checked against wrong field (7.0.x backport)
+Bug #6784: util/mime: Memory leak at util-decode-mime.c:MimeDecInitParser (7.0.x backport)
+Bug #6768: multi-tenancy: dead lock during tenant loading (7.0.x backport)
+Bug #6765: Hugepages Error for FreeBSD when kernel NUMA build option is not enabled (7.0.x backport)
+Bug #6764: Huge increase on Suricata load time with a lot of ip-only rules and bigger HOME_NET (7.0.x backport)
+Bug #6761: Hugepages Error for ARM64 and af-packet IPS mode (7.0.x backport)
+Bug #6756: Netmap: deadlock if netmap_open fails (7.0.x backport)
+Bug #6746: Suricata 7.0.2 parent interface object in stats contains VLAN-ID as keys (7.0.x backport)
+Bug #6742: dpdk: automatic cache calculation is broken (7.0.x backport)
+Bug #6738: dpdk: property configuration can lead to integer overflow  (7.0.x backport)
+Bug #6734: tcp: tcp flow flags changing incorrectly when ruleset contains content matching (7.0.x backport)
+Bug #6622: detect/filestore: flow, to_server was broken by moving files into transactions (7.0.x backport)
+Bug #6593: mqtt: frames on TCP are not set properly when parsing multiple PDUs in one go (7.0.x backport)
+Bug #6580: ssh: no alert on packet with Message Code: New Keys (21) (7.0.x backport)
+Bug #6538: drop: assertion failed !(PKT_IS_PSEUDOPKT(p)) && !PacketCheckAction(p, ACTION_DROP) (7.0.x backport)
+Bug #6537: detect/filestore: be more explicit about the U16_MAX limit per signature group head (7.0.x backport)
+Optimization #6774: app-layer/template: no limit on txs number (7.0.x backport)
+Feature #6740: dpdk: warn the user if user-settings are adjusted to the device capabilities (7.0.x backport)
+Task #6870: libhtp 0.5.47 (7.0.x backport)
+Task #6749: doc: mention X710 RX descriptor limitation (7.0.x backport)
+Documentation #6709: userguide/payload: fix explanation about bsize ranges (7.0.x backport)
+
 7.0.3 -- 2024-02-08
 
 Security #6717: http2: evasion by splitting header fields over frames (7.0.x backport)
diff --git a/configure.ac b/configure.ac
index 04953b91bf87..72f333e6bbc1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-    AC_INIT([suricata],[7.0.4-dev])
+    AC_INIT([suricata],[7.0.4])
     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
     AC_CONFIG_HEADERS([src/autoconf.h])
     AC_CONFIG_SRCDIR([src/suricata.c])
@@ -1575,12 +1575,12 @@
             echo
             exit 1
         fi
-        PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.46],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
+        PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.47],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
         if test "$libhtp_minver_found" = "no"; then
             PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
             if test "$libhtp_devver_found" = "no"; then
                 echo
-                echo "   ERROR! libhtp was found but it is neither >= 0.5.46, nor the dev 0.5.X"
+                echo "   ERROR! libhtp was found but it is neither >= 0.5.47, nor the dev 0.5.X"
                 echo
                 exit 1
             fi
diff --git a/requirements.txt b/requirements.txt
index 6df1358f075f..4cab17d0d7eb 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,5 +3,5 @@
 # Format:
 #
 #   name {repo} {branch|tag}
-libhtp https://github.com/OISF/libhtp 0.5.x
-suricata-update https://github.com/OISF/suricata-update master
+libhtp https://github.com/OISF/libhtp 0.5.47
+suricata-update https://github.com/OISF/suricata-update 1.3.2