Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suricata: 4.1.4 -> 4.1.5 #70801

Merged
merged 2 commits into from
Oct 15, 2019
Merged

suricata: 4.1.4 -> 4.1.5 #70801

merged 2 commits into from
Oct 15, 2019
+5 −3

Conversation

r-ryantm
Copy link
Contributor

@r-ryantm r-ryantm commented Oct 8, 2019

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/suricata/versions.

meta.description for suricata is: '"A free and open source, mature, fast and robust network threat detection engine"'.

meta.homepage for suricata is: '"https://suricata-ids.org"

Checks done (click to expand)
Rebuild report (if merged into master) (click to expand)

3 total rebuild path(s)

1 package rebuild(s)

1 x86_64-linux rebuild(s)
1 i686-linux rebuild(s)
0 x86_64-darwin rebuild(s)
1 aarch64-linux rebuild(s)

First fifty rebuilds by attrpath
suricata

Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/4brqf8d1pvvj3b1w30684dh31bh52wq1-suricata-4.1.5 \
  --option binary-caches 'https://cache.nixos.org/ https://r-ryantm.cachix.org/' \
  --option trusted-public-keys '
  r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(r-ryantm's Cachix cache is only trusted for this store-path realization.)

Or, build yourself:

nix-build -A suricata https://github.com/r-ryantm/nixpkgs/archive/83a92c7c9750d1e45fa4b54d196b33f4b2bdeed5.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/4brqf8d1pvvj3b1w30684dh31bh52wq1-suricata-4.1.5
ls -la /nix/store/4brqf8d1pvvj3b1w30684dh31bh52wq1-suricata-4.1.5/bin

Experimental: CVE security report (click to expand)

CVEs resolved by this update:

CVEs introduced by this update:
none

CVEs present in both versions:
none


cc @magenbluten for testing.

@r-ryantm
suricata: 4.1.4 -> 4.1.5

Verified

This commit was signed with the committer’s verified signature.
makefu Felix Richter
GPG key ID: 36F7711F3FC0F225
Verified
Learn about vigilant mode
83a92c7 
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/suricata/versions
@ofborg ofborg bot requested a review from magenbluten October 8, 2019 22:44
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Oct 8, 2019
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nixpkgs-update-partners-with-serokell-and-nlnet-to-add-cve-reporting/3577/7

@c0bw3b c0bw3b added 1.severity: security Issues which raise a security issue, or PRs that fix one 9.needs: port to stable A PR needs a backport to the stable release. labels Oct 15, 2019
@c0bw3b
Copy link
Contributor

c0bw3b commented Oct 15, 2019

Changes:
https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/

c0bw3b
c0bw3b approved these changes Oct 15, 2019
View reviewed changes
Copy link
Contributor

@c0bw3b c0bw3b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Result of nix-review pr 70801 1

1 package were build:
  • suricata
$ ./results/suricata/bin/suricata -V
This is Suricata version 4.1.5 RELEASE

c0bw3b
c0bw3b reviewed Oct 15, 2019
View reviewed changes
Copy link
Contributor

@c0bw3b c0bw3b left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact, don't merge yet. I'm noticing a few problems with finding some dependencies. It was already there in v4.1.4 but still. I'll try and fix the first two:

checking for LZ4F_createCompressionContext in -llz4... no

  Compressed pcap logging is not available without liblz4.
  If you want to enable compression, you need to install it.

And on amd64 even though we pass --with-libhs-includes and --with-libhs-libraries

checking for libhs... no
checking hs.h usability... no
checking hs.h presence... no
checking for hs.h... no
[...]
Hyperscan support:                       no

Also missing some python deps for suricata-update but this one is maybe less of an issue

checking for ./suricata-update/setup.py... yes

    Warning: suricata-update will not be installed as the
        depedency python-yaml is not installed.

@c0bw3b
suricata: fix Hyperscan includes location

Verified

This commit was signed with the committer’s verified signature.
makefu Felix Richter
GPG key ID: 36F7711F3FC0F225
Verified
Learn about vigilant mode
f933757 
+ add lz4 to build inputs for compressed pcap
@ofborg ofborg bot requested a review from magenbluten October 15, 2019 13:10
c0bw3b
c0bw3b approved these changes Oct 15, 2019
View reviewed changes
Copy link
Contributor

@c0bw3b c0bw3b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok now, hyperscan is properly detected on x86

@c0bw3b c0bw3b merged commit 6d84700 into NixOS:master Oct 15, 2019
c0bw3b pushed a commit that referenced this pull request Oct 15, 2019
@r-ryantm @c0bw3b
suricata: 4.1.4 -> 4.1.5 (#70801)

Verified

This commit was signed with the committer’s verified signature.
makefu Felix Richter
GPG key ID: 36F7711F3FC0F225
Verified
Learn about vigilant mode
a93d0e2 
* suricata: 4.1.4 -> 4.1.5

Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/suricata/versions

* suricata: fix Hyperscan includes location

+ add lz4 to build inputs for compressed pcap

(cherry picked from commit 6d84700)
@c0bw3b c0bw3b added the 8.has: port to stable A PR already has a backport to the stable release. label Oct 16, 2019
@r-ryantm r-ryantm deleted the auto-update/suricata branch October 20, 2019 13:33
@c0bw3b c0bw3b removed the 9.needs: port to stable A PR needs a backport to the stable release. label Nov 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c0bw3b c0bw3b

@magenbluten magenbluten

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@r-ryantm @nixos-discourse @c0bw3b @magenbluten