Created attachment 191389 [details] patch against head Hi, This updates Suricata to 4.0.4. While here, disable libhtp port usage by default as the latest version is always shipped with Suricata. Changelog: https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/ Cheers, Franco
This package is broken. It still links with libnss when it is disabled. Error: /usr/local/bin/suricata is linked to /usr/local/lib/libnspr4.so from devel/nspr but it is not declared as a dependency Warning: you need LIB_DEPENDS+=libnspr4.so:devel/nspr
Created attachment 191432 [details] Updated patch
Hi Yuri, No that's not quite right as it only links to libnspr if nss is installed locally, which is not the case with poudriere. Cheers, Franco
(In reply to Franco Fichtner from comment #3) If user chose to disable NSS option, it must be respected. There are users that still build their own packages locally. Yuri's fix seems a good way to go while upstream is not fixed.
Fine, preparing a new patch. I just want to remind everyone what trivial cleanups did last time and avoid more iterations for the sake of shipping a perfectly good update. ;) Also waiting for Victor to verify the distfile checksum shift on the new mirror...
https://twitter.com/inliniac/status/977238626357694464 4.0.4 briefly extracted as 4.0.0.... back to the proper distfile now. @yuri approving changes now... thanks for the additions!
(In reply to Franco Fichtner from comment #6) > @yuri approving changes now... thanks for the additions! Thank you!
For the record, I've submitted a fix upstream adding --disable-nss and --disable-nspr to configure options. https://github.com/OISF/suricata/pull/3309
When all options are "off", 'stage-qa' fails: Warning: you need LIB_DEPENDS+=libplds4.so:devel/nspr Error: /usr/local/bin/suricata is linked to /usr/local/lib/libplc4.so from devel/nspr but it is not declared as a dependency Warning: you need LIB_DEPENDS+=libplc4.so:devel/nspr Error: /usr/local/bin/suricata is linked to /usr/local/lib/libnspr4.so from devel/nspr but it is not declared as a dependency Warning: you need LIB_DEPENDS+=libnspr4.so:devel/nspr You need to build and do 'make stage-qa' run with all options "off", with all options "on", and only individual options "on", and make sure there are no stage-qa failures in any cases.
Created attachment 191841 [details] Updated patch This new patch adds the new configure options I've submitted upstream at https://github.com/OISF/suricata/pull/3309 I passess stage-qa with all or none options selected
Renato, bugzilla won't let me ACK your patch but it looks good, thank you! Yuri, please commit Renato's version of the patch. Cheers, Franco
A commit references this bug: Author: yuri Date: Mon Apr 2 00:01:14 UTC 2018 New revision: 466193 URL: https://svnweb.freebsd.org/changeset/ports/466193 Log: security/suricata: Update 4.0.3 -> 4.0.4 Port changes: * Change to DISTVERSION * Removed HTP_PORT from defaultoptions * Add NSS_CONFIGURE_OFF * Add command silencing I also noticed that it still links to libjansson when JSON=off. This is because it auto-finds it. Requested the upstream to add --disable-{option} flags: https://redmine.openinfosecfoundation.org/issues/2473 PR: 226512 Submitted by: Franco Fichtner <franco@opnsense.org> (maintainer, original version) Submitted by: Renato Botelho <garga@FreeBSD.org> (final version) Approved by: Franco Fichtner <franco@opnsense.org> (maintainer) Changes: head/security/suricata/Makefile head/security/suricata/distinfo head/security/suricata/files/patch-disable_nss_nspr
Committed. Thank you for the update!