Bug#999952: marked as done (suricata: depends on obsolete pcre3 library)

Fri, 21 Jul 2023 01:12:16 -0700 

Your message dated Fri, 21 Jul 2023 10:03:35 +0200
with message-id <8b8969c5-13a9-74d2-8bef-99437a02d...@debian.org>
and subject line Re: Bug#999952: suricata: depends on obsolete pcre3 library
has caused the Debian Bug report #999952,
regarding suricata: depends on obsolete pcre3 library
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
999952: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999952
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: suricata
Severity: important
User: matthew-pcre...@debian.org
Usertags: obsolete-pcre3

Dear maintainer,

Your package still depends on the old, obsolete PCRE3[0] libraries
(i.e. libpcre3-dev). This has been end of life for a while now, and
upstream do not intend to fix any further bugs in it. Accordingly, I
would like to remove the pcre3 libraries from Debian, preferably in
time for the release of Bookworm.

The newer PCRE2 library was first released in 2015, and has been in
Debian since stretch. Upstream's documentation for PCRE2 is available
here: https://pcre.org/current/doc/html/

Many large projects that use PCRE have made the switch now (e.g. git,
php); it does involve some work, but we are now at the stage where
PCRE3 should not be used, particularly if it might ever be exposed to
untrusted input.

This mass bug filing was discussed on debian-devel@ in
https://lists.debian.org/debian-devel/2021/11/msg00176.html

Regards,

Matthew [0] Historical reasons mean that old PCRE is packaged as
pcre3 in Debian

--- End Message ---
--- Begin Message --- 
Hi,


Your package still depends on the old, obsolete PCRE3[0] libraries
(i.e. libpcre3-dev). This has been end of life for a while now, and
upstream do not intend to fix any further bugs in it. Accordingly, I
would like to remove the pcre3 libraries from Debian, preferably in
time for the release of Bookworm.

[...]
Suricata upstream have moved to pcre2 and also released Suricata 7.0 which contains this change. I just packaged and uploaded 7.0. Hence the version currently in unstable does no longer depend on pcre3 in Debian. 
Closing this issue.

Thanks
Sascha

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---

Reply via email to