Bug 246093 - security/suricata: update 5.0.2 -> 5.0.4
Summary: security/suricata: update 5.0.2 -> 5.0.4
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
Keywords: patch
Depends on:
Reported: 2020-05-01 13:15 UTC by Franco Fichtner
Modified: 2020-10-29 10:44 UTC (History)
3 users (show)

See Also:
fernape: merge-quarterly?

diff for 5.0.3 (1.79 KB, patch)
2020-05-01 13:15 UTC, Franco Fichtner
franco: maintainer-approval+
Details | Diff
patch-to-5.0.4 (2.67 KB, patch)
2020-10-25 16:01 UTC, Kurt Jaeger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Franco Fichtner 2020-05-01 13:15:57 UTC
Created attachment 213997 [details]
diff for 5.0.3


New version is out, see release notes for details:


Looks like quarterly material.

Comment 1 Kurt Jaeger freebsd_committer 2020-05-04 16:35:35 UTC
Comment 2 Kurt Jaeger freebsd_committer 2020-05-04 18:21:56 UTC
It fails to build on current-amd64:


It also fails on current-i386 (looks very similar, ping me for the log.
For 11.3, rust 1.43 fails to build. So it basically only builds on 12.1-amd64.
Comment 3 Franco Fichtner 2020-05-04 19:18:19 UTC
Funky, it works for us on 11.2 amd64/i386 and 12.1 amd64, but we still use Rust 1.40 for multiple reasons...

For current it looks like a temporary issue over there, someone fiddling with queue.h?

Comment 4 Franco Fichtner 2020-05-04 19:22:20 UTC
PS: If you can try 5.0.2 on current as well to confirm
Comment 5 Kurt Jaeger freebsd_committer 2020-05-05 06:26:41 UTC
5.0.2 builds fine on cur-amd64, cur-i386, 12.1-amd64, except on 11.3-amd64 (because of rust).
Comment 6 Franco Fichtner 2020-07-24 06:50:32 UTC
Looking at this latest Rust is fine with 5.0.3 on amd64 at least. I'm not sure what else to produce to make this proceed.

Comment 7 Kurt Jaeger freebsd_committer 2020-07-24 07:02:20 UTC
I'm re-running the testbuilds now.
Comment 8 Kurt Jaeger freebsd_committer 2020-08-02 18:46:02 UTC
So, I retested. On cur, /usr/include/sys/queue.h does not have 
circular queues. src/app-layer-expectation.c expects them, so suricata
brings a copy of queue.h, which is probably from openbsd or netbsd,
and which has circular queues.

Only: The queue.h file during a poudriere run seems to be the wrong one.
Outside of poudriere, it builds (!?)
Comment 9 Ulas SAYGIN 2020-08-05 18:26:29 UTC
if you look latest code from github. it tried to build but it looks pcre 8.45 version which is latest. and i think there are other dependencies need to be updated. i dont know the list. i may look and come to write later.
Comment 10 Kurt Jaeger freebsd_committer 2020-08-05 18:35:22 UTC
(In reply to Ulas SAYGIN from comment #9)
https://www.pcre.org/ does not have 8.45 ? Do you think a newer version of suricata will be released soon ?
Comment 11 Ulas SAYGIN 2020-08-15 13:13:40 UTC
sorry i made a mistake

from config.log , suricata needs 8.35 pcre but freebsd has 8.44 now. 
and i think suricata needs to be updated for latest version pcre.

from config.log

configure:16284: result: yes
configure:16284: checking for pcre.h
configure:16284: result: yes
configure:16297: checking for pcre_get_substring in -lpcre
configure:16322: cc -o conftest -g -O2 -DOS_FREEBSD -march=native  -I/usr/local/include -I/usr/local/include/libnet11  -L/usr/local/lib -L/usr/local/lib/libnet11 conftest.c -lpcre   -lz >&5
configure:16322: $? = 0
configure:16331: result: yes
configure:16360: checking for LIBPCREVERSION
configure:16367: $PKG_CONFIG --exists --print-errors "libpcre = 8.35"
Package dependency requirement 'libpcre = 8.35' could not be satisfied.
Package 'libpcre' has version '8.44', required version is '= 8.35'
configure:16370: $? = 1
configure:16384: $PKG_CONFIG --exists --print-errors "libpcre = 8.35"
Package dependency requirement 'libpcre = 8.35' could not be satisfied.
Package 'libpcre' has version '8.44', required version is '= 8.35'
configure:16387: $? = 1
configure:16401: result: no
Package dependency requirement 'libpcre = 8.35' could not be satisfied.

Comment 12 Ulas SAYGIN 2020-08-15 13:14:27 UTC
I tried to build from source on 5th agust 2020
Comment 13 Ulas SAYGIN 2020-08-23 21:48:35 UTC
is there any news? i am looking forward to hear good news soon :)
thanks in advance :)
Comment 14 Kurt Jaeger freebsd_committer 2020-10-25 16:01:43 UTC
Created attachment 219063 [details]

This patch builds on current. Testbuilds @ work
Comment 15 Kurt Jaeger freebsd_committer 2020-10-25 16:29:21 UTC
testbuilds fine on cur 121 122 114 (all amd64). Fails on i386, because I added devel/hyperscan as dependency, which only builds on amd64.
Comment 16 Franco Fichtner 2020-10-29 10:20:47 UTC
Ok except

libhs.so:devel/hyperscan \
libpcap.so:net/libpcap \

These have separate depends for their port OPTIONS already and something seems to be mixed up.
Comment 17 commit-hook freebsd_committer 2020-10-29 10:44:52 UTC
A commit references this bug:

Author: pi
Date: Thu Oct 29 10:44:37 UTC 2020
New revision: 553604
URL: https://svnweb.freebsd.org/changeset/ports/553604

  security/suricata: update 5.0.2 -> 5.0.4

  PR:		246093
  Submitted by:	Franco Fichtner <franco@opnsense.org> (maintainer)
  Relnotes:	https://suricata-ids.org/2020/04/28/suricata-5-0-3-released/
  MFH:		2020Q4