From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Pending patches for upcoming Core Update(s) Date: Fri, 19 Feb 2021 11:02:16 +0000 Message-ID: In-Reply-To: <26ED4C79-E8AE-466C-A6B0-35E0F44BA17A@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6323474942883115878==" List-Id: --===============6323474942883115878== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > On 19 Feb 2021, at 10:59, Michael Tremer wrot= e: >=20 > Hi, >=20 >> On 19 Feb 2021, at 09:02, Matthias Fischer = wrote: >>=20 >> Hi, >>=20 >> FYI and to avoid redundancies, I got one of the 64bit-'Devels' working on: >>=20 >> tar =3D> 1.34 >> bind =3D> 9.11.28 >> nettle =3D> 3.7.1 >> libgcrypt =3D> 1.9.2 >> krb5 =3D> 1.19.1 >=20 > These all sound fine :) >=20 > It looks like Bind had another security issue, and Python might have one th= at affects us, too. >=20 >> And, because it "just came my way": >> rust =3D> 1.50 (under x86-64, this is huge - about ~1.2GB sources) >>=20 >> Opinions for this update(s)? >=20 > Good question. I am currently working on a riscv64 port for IPFire 2, and R= ust isn=E2=80=99t available at all for this architecture. >=20 > Rust is indeed becoming such a pain to package and I do not expect any solu= tions to that in the near future. I assume that 1.2GB is the extracted size b= ecause the download is about 140 MB.=20 Stupid me. I looked at the source tarball, but rust cannot be built from scra= tch that easily. >> I'm just not so sure with the latter - do we want this? >> As I see it, 'suricata' must then also be at least shipped or even updated. >=20 > Yes, and since this is security relevant, I would say we should update rust= c regardless of the size of the source tarball. >=20 >> Besides, 'suricata 6.0.1' is still running here with the 'usleep >> (5000)'-patch. So far, without - seen! - problems. Any news on this? If >> wanted, I could provide a patchset so "someone" else could test this!? >=20 > I don=E2=80=99t doubt that it will run. The question is how does it behave = under high load or other more challenging constraints? I must say that I am v= ery disappointed that the suricata devs do not really care much about a probl= em many people ran into. >=20 >> Best, >> Matthias >=20 > -Michael --===============6323474942883115878==--