suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Issue 5259 - x509 time dependency update - v1

Open jasonish opened this issue 2 years ago • 7 comments

I dug a commit out of @chifflier 's repo then udpated x509-parser to 0.13.0. The code changes on our side seem minimal, however, SV bug-1450-02 now fails, and I'm not sure why.

@chifflier We'd also like to clear-up the audit warning on time in in 6.0.x. Any thoughts on the least behaviour changing way to do so?

jasonish avatar Apr 11 '22 17:04 jasonish

Is this related? https://github.com/OISF/suricata-verify/pull/748

victorjulien avatar Apr 11 '22 18:04 victorjulien

Is this related? OISF/suricata-verify#748

I tried it, doesn't help. Looks like that S-V test is good for current master tho.

jasonish avatar Apr 11 '22 22:04 jasonish

Information:

field test baseline %
tlpr1_stats_chk
.flow.memuse 490607488 523149568 93.78%

Pipeline 6883

suricata-qa avatar Apr 12 '22 06:04 suricata-qa

Is this related? OISF/suricata-verify#748

I tried it, doesn't help. Looks like that S-V test is good for current master tho.

Actually this is the correct SV PR for these changes. However, they also depend on the nom upgrade to 7.0 which isn't suitable for a backport to 6.

@chifflier Any thoughts on how we can get this backported? We'd like to clear the audit issues in our current release branch as well as master. It seems that the x509-parser using nom7 might be the problem as the error types don't align. Should x509-parser re-export its nom here so we can properly match on the error type?

jasonish avatar Apr 12 '22 14:04 jasonish

Information:

field test baseline %
tlpr1_stats_chk
.flow.memuse 490607488 523149568 93.78%

Pipeline 6883

suricata-qa avatar Jul 29 '22 19:07 suricata-qa

I'm looking at this. The differences in events are manageable I think. A bigger issue is that x509-parser 0.13 fails a private test I have, it just doesn't parse the cert correctly. 0.14 fixes it, but bumps MSRV to 1.53

victorjulien avatar Aug 11 '22 11:08 victorjulien

In fact, with 0.14 I get a build failure on OpenBSD 7.0 (Rust 1.55):

CARGO_HOME="/home/victor/.cargo"  CARGO_TARGET_DIR="/home/victor/builds/tUhkGdun/0/inliniac/suricata-ci/suricata/rust/target"  /usr/local/bin/cargo build --release   --features "   " 
error: failed to get `aes` as a dependency of package `suricata v7.0.0-dev (/home/victor/builds/tUhkGdun/0/inliniac/suricata-ci/suricata/rust)`
Caused by:
  failed to load source for dependency `aes`
Caused by:
  Unable to update registry `crates-io`
Caused by:
  failed to update replaced source registry `crates-io`
Caused by:
  failed to parse manifest at `/home/victor/builds/tUhkGdun/0/inliniac/suricata-ci/suricata/rust/vendor/time/Cargo.toml`
Caused by:
  feature `edition2021` is required
  The package requires the Cargo feature called `edition2021`, but that feature is not stabilized in this version of Cargo (1.55.0).
  Consider trying a newer version of Cargo (this may require the nightly release).
  See https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#edition-2021 for more information about the status of this feature.
*** Error 101 in rust (Makefile:544 'all-local')
*** Error 1 in /home/victor/builds/tUhkGdun/0/inliniac/suricata-ci/suricata (Makefile:514 'all-recursive')

victorjulien avatar Aug 11 '22 11:08 victorjulien

Merged in #7948, thanks!

victorjulien avatar Sep 29 '22 19:09 victorjulien