1 |
patrick 09/11/02 17:24:38 |
2 |
|
3 |
Modified: metadata.xml ChangeLog |
4 |
Added: snort-2.8.5.1.ebuild |
5 |
Log: |
6 |
Bump, thanks to Jason Wallace. Fixes #291558 #291604 #291357 |
7 |
(Portage version: 2.2_rc48/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.10 net-analyzer/snort/metadata.xml |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/metadata.xml?rev=1.10&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/metadata.xml?rev=1.10&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/metadata.xml?r1=1.9&r2=1.10 |
15 |
|
16 |
Index: metadata.xml |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/metadata.xml,v |
19 |
retrieving revision 1.9 |
20 |
retrieving revision 1.10 |
21 |
diff -u -r1.9 -r1.10 |
22 |
--- metadata.xml 31 May 2009 22:39:54 -0000 1.9 |
23 |
+++ metadata.xml 2 Nov 2009 17:24:37 -0000 1.10 |
24 |
@@ -31,5 +31,7 @@ |
25 |
<flag name='react'>Enable interception and termination of offending HTTP accesses</flag> |
26 |
<flag name='targetbased'>Enable targetbased support</flag> |
27 |
<flag name='timestats'>Enable TimeStats functionality</flag> |
28 |
+<flag name='reload'>Enable reloading a configuration without restarting</flag> |
29 |
+<flag name='reload-error-restart'>Enable restarting on reload error</flag> |
30 |
</use> |
31 |
</pkgmetadata> |
32 |
|
33 |
|
34 |
|
35 |
1.154 net-analyzer/snort/ChangeLog |
36 |
|
37 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/ChangeLog?rev=1.154&view=markup |
38 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/ChangeLog?rev=1.154&content-type=text/plain |
39 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/ChangeLog?r1=1.153&r2=1.154 |
40 |
|
41 |
Index: ChangeLog |
42 |
=================================================================== |
43 |
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v |
44 |
retrieving revision 1.153 |
45 |
retrieving revision 1.154 |
46 |
diff -u -r1.153 -r1.154 |
47 |
--- ChangeLog 12 Sep 2009 03:01:27 -0000 1.153 |
48 |
+++ ChangeLog 2 Nov 2009 17:24:37 -0000 1.154 |
49 |
@@ -1,6 +1,12 @@ |
50 |
# ChangeLog for net-analyzer/snort |
51 |
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 |
52 |
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.153 2009/09/12 03:01:27 vostorga Exp $ |
53 |
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.154 2009/11/02 17:24:37 patrick Exp $ |
54 |
+ |
55 |
+*snort-2.8.5.1 (02 Nov 2009) |
56 |
+ |
57 |
+ 02 Nov 2009; Patrick Lauer <patrick@g.o> +snort-2.8.5.1.ebuild, |
58 |
+ +files/snort.reload.rc1, metadata.xml: |
59 |
+ Bump, thanks to Jason Wallace. Fixes #291558 #291604 #291357 |
60 |
|
61 |
12 Sep 2009; VĂctor Ostorga <vostorga@g.o> |
62 |
-files/snort-2.6.1.1-libnet.patch, -files/snort-2.6.1.2-libdir.patch, |
63 |
|
64 |
|
65 |
|
66 |
1.1 net-analyzer/snort/snort-2.8.5.1.ebuild |
67 |
|
68 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/snort-2.8.5.1.ebuild?rev=1.1&view=markup |
69 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/snort-2.8.5.1.ebuild?rev=1.1&content-type=text/plain |
70 |
|
71 |
Index: snort-2.8.5.1.ebuild |
72 |
=================================================================== |
73 |
# Copyright 1999-2009 Gentoo Foundation |
74 |
# Distributed under the terms of the GNU General Public License v2 |
75 |
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.5.1.ebuild,v 1.1 2009/11/02 17:24:37 patrick Exp $ |
76 |
|
77 |
inherit eutils autotools multilib |
78 |
|
79 |
DESCRIPTION="The de facto standard for intrusion detection/prevention" |
80 |
HOMEPAGE="http://www.snort.org/" |
81 |
SRC_URI="http://dl.snort.org/snort-current/${P}.tar.gz" |
82 |
LICENSE="GPL-2" |
83 |
SLOT="0" |
84 |
KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86" |
85 |
IUSE="static dynamicplugin ipv6 gre mpls targetbased decoder-preprocessor-rules ppm timestats perfprofiling linux-smp-stats inline inline-init-failopen prelude threads debug reload reload-error-restart flexresp flexresp2 react aruba mysql odbc postgres selinux" |
86 |
|
87 |
#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a |
88 |
DEPEND="virtual/libpcap |
89 |
>=dev-libs/libpcre-6.0 |
90 |
flexresp2? ( dev-libs/libdnet ) |
91 |
flexresp? ( ~net-libs/libnet-1.0.2a ) |
92 |
react? ( ~net-libs/libnet-1.0.2a ) |
93 |
postgres? ( virtual/postgresql-base ) |
94 |
mysql? ( virtual/mysql ) |
95 |
odbc? ( dev-db/unixODBC ) |
96 |
prelude? ( >=dev-libs/libprelude-0.9.0 ) |
97 |
inline? ( ~net-libs/libnet-1.0.2a net-firewall/iptables )" |
98 |
|
99 |
RDEPEND="${DEPEND} |
100 |
dev-lang/perl |
101 |
selinux? ( sec-policy/selinux-snort )" |
102 |
|
103 |
pkg_setup() { |
104 |
|
105 |
if use flexresp && use flexresp2; then |
106 |
eerror |
107 |
eerror "You have both the 'flexresp' and 'flexresp2' USE flags set." |
108 |
eerror "You can use 'flexresp' OR 'flexresp2' but not both." |
109 |
eerror "flexresp2 is recommended." |
110 |
die |
111 |
elif use flexresp && use react; then |
112 |
eerror |
113 |
eerror "You have both the 'react' and 'flexresp' USE flags set." |
114 |
eerror "'react' is enabled automaticly when the 'flexresp'" |
115 |
eerror "USE flag is set, but ./configure will fail if both are enabled." |
116 |
eerror |
117 |
eerror "This is an upstream issue and not a problem with this ebuild." |
118 |
eerror |
119 |
eerror "To enable both 'flexresp' and 'react' set USE="flexresp -react"" |
120 |
die |
121 |
elif use flexresp2 && use react; then |
122 |
eerror |
123 |
eerror "You have both the 'react' and 'flexresp2' USE flags set." |
124 |
eerror "You can use 'react' OR 'flexresp2' but not both." |
125 |
die |
126 |
elif use inline-init-failopen && ! use inline; then |
127 |
eerror |
128 |
eerror "You have enabled the 'inline-init-failopen' USE flag" |
129 |
eerror "but not the 'inline' USE flag." |
130 |
eerror "'inline-init-failopen' requires 'inline' be enabled." |
131 |
die |
132 |
elif use ipv6 && use prelude; then |
133 |
eerror |
134 |
eerror "You have both the 'prelude' and 'ipv6' USE flags set." |
135 |
eerror "The Prelude output plugin does not currently support IPv6." |
136 |
die |
137 |
elif use reload-error-restart && ! use reload; then |
138 |
eerror |
139 |
eerror "You have enabled the 'reload-error-restart' USE flag" |
140 |
eerror "but not the 'reload' USE flag." |
141 |
eerror "'reload-error-restart' requires 'reload' be enabled." |
142 |
die |
143 |
fi |
144 |
|
145 |
# pre_inst() is a better place to put this |
146 |
# but we need it here for the 'fowners' statements in src_install() |
147 |
enewgroup snort |
148 |
enewuser snort -1 -1 /dev/null snort |
149 |
|
150 |
} |
151 |
|
152 |
src_unpack() { |
153 |
|
154 |
unpack ${A} |
155 |
cd "${S}" |
156 |
|
157 |
# Fix to allow parallel building. |
158 |
# Thanks to Natanael Copa #291558 |
159 |
einfo "Applying parallel building fix." |
160 |
sed -i -e 's/^all-local:.*/all-local: $(LTLIBRARIES)/' \ |
161 |
src/dynamic-preprocessors/*/Makefile.am \ |
162 |
|| die "parallel builds fix Failed" |
163 |
|
164 |
#Replaces the libnet-1.0 patch for inline, flexresp, and react |
165 |
if use flexresp || use react || use inline; then |
166 |
|
167 |
einfo "Applying libnet-1.0 fix." |
168 |
sed -i -e 's:libnet.h:libnet-1.0.h:g' \ |
169 |
"${WORKDIR}/${P}/configure.in" \ |
170 |
"${WORKDIR}/${P}/src/detection-plugins/sp_react.c" \ |
171 |
"${WORKDIR}/${P}/src/detection-plugins/sp_respond.c" \ |
172 |
"${WORKDIR}/${P}/src/inline.c" || die "sed for libnet-1.0.h failed" |
173 |
|
174 |
sed -i -e 's:libnet-config:libnet-1.0-config:g' \ |
175 |
"${WORKDIR}/${P}/configure.in" || die "sed for libnet-1.0-config failed" |
176 |
|
177 |
sed -i -e 's:-lnet:-lnet-1.0:g' \ |
178 |
"${WORKDIR}/${P}/configure.in" || die "sed for -lnet-1.0 failed" |
179 |
|
180 |
sed -i -e 's:AC_CHECK_LIB(net:AC_CHECK_LIB(net-1.0:g' \ |
181 |
"${WORKDIR}/${P}/configure.in" || die "sed for net-1.0 failed" |
182 |
|
183 |
fi |
184 |
|
185 |
#Multilib fix for the sf_engine |
186 |
einfo "Applying multilib fix." |
187 |
sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ |
188 |
"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ |
189 |
|| die "sed for sf_engine failed" |
190 |
|
191 |
#Multilib fix for the curent set of dynamic-preprocessors |
192 |
for i in ftptelnet smtp ssh dcerpc dns ssl dcerpc2; do |
193 |
sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ |
194 |
"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ |
195 |
|| die "sed for $i failed." |
196 |
done |
197 |
|
198 |
#This sed will prevent the example dynamic code from being compiled/installed |
199 |
einfo "Disabling sample code." |
200 |
sed -i -e 's:$(EXAMPLES_DIR)::g' "${WORKDIR}/${P}/src/Makefile.am" |
201 |
|
202 |
if use prelude; then |
203 |
einfo "Applying prelude fix." |
204 |
sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in |
205 |
fi |
206 |
|
207 |
AT_M4DIR=m4 eautoreconf |
208 |
} |
209 |
|
210 |
src_compile() { |
211 |
|
212 |
local myconf |
213 |
|
214 |
#targetbased and inline-init-failopen automaticly enable pthread |
215 |
if use threads || use targetbased || use inline-init-failopen; then |
216 |
myconf="${myconf} --enable-pthread" |
217 |
fi |
218 |
|
219 |
#Tell flexresp, react, and inline where libipq is |
220 |
if use flexresp || use react || use inline; then |
221 |
myconf="${myconf} --with-libipq-includes=/usr/include/libipq" |
222 |
fi |
223 |
|
224 |
econf \ |
225 |
$(use_enable !static shared) \ |
226 |
$(use_enable static) \ |
227 |
$(use_enable dynamicplugin) \ |
228 |
$(use_enable ipv6) \ |
229 |
$(use_enable gre) \ |
230 |
$(use_enable mpls) \ |
231 |
$(use_enable targetbased) \ |
232 |
$(use_enable decoder-preprocessor-rules) \ |
233 |
$(use_enable ppm) \ |
234 |
$(use_enable timestats) \ |
235 |
$(use_enable perfprofiling) \ |
236 |
$(use_enable linux-smp-stats) \ |
237 |
$(use_enable inline) \ |
238 |
$(use_enable inline-init-failopen) \ |
239 |
$(use_enable prelude) \ |
240 |
$(use_enable debug) \ |
241 |
$(use_enable reload) \ |
242 |
$(use_enable reload-error-restart) \ |
243 |
$(use_enable flexresp) \ |
244 |
$(use_enable flexresp2) \ |
245 |
$(use_enable react) \ |
246 |
$(use_enable aruba) \ |
247 |
$(use_with mysql) \ |
248 |
$(use_with odbc) \ |
249 |
$(use_with postgres postgresql) \ |
250 |
--disable-ipfw \ |
251 |
--disable-profile \ |
252 |
--disable-ppm-test \ |
253 |
--without-oracle \ |
254 |
${myconf} |
255 |
|
256 |
emake || die "make failed" |
257 |
|
258 |
} |
259 |
|
260 |
src_install() { |
261 |
|
262 |
emake DESTDIR="${D}" install || die "make install failed" |
263 |
|
264 |
keepdir /var/log/snort/ |
265 |
fowners snort:snort /var/log/snort |
266 |
|
267 |
keepdir /var/run/snort/ |
268 |
fowners snort:snort /var/run/snort/ |
269 |
|
270 |
dodoc doc/* |
271 |
dodoc ./RELEASE.NOTES |
272 |
docinto schemas |
273 |
dodoc schemas/* |
274 |
|
275 |
insinto /etc/snort |
276 |
doins etc/attribute_table.dtd \ |
277 |
etc/classification.config \ |
278 |
etc/gen-msg.map \ |
279 |
etc/reference.config \ |
280 |
etc/sid-msg.map \ |
281 |
etc/threshold.conf \ |
282 |
etc/unicode.map \ |
283 |
|| die "Failed to add files in /etc/snort" |
284 |
|
285 |
newins etc/snort.conf snort.conf.distrib |
286 |
|
287 |
insinto /etc/snort/preproc_rules |
288 |
doins preproc_rules/decoder.rules \ |
289 |
preproc_rules/preprocessor.rules \ |
290 |
|| die "Failed to add files in /etc/snort/preproc_rules" |
291 |
|
292 |
keepdir /etc/snort/rules/ |
293 |
|
294 |
keepdir /usr/$(get_libdir)/snort_dynamicrule |
295 |
|
296 |
fowners -R snort:snort /etc/snort/ |
297 |
|
298 |
if use reload; then |
299 |
newinitd "${FILESDIR}/snort.reload.rc1" snort \ |
300 |
|| die "Failed to add snort.reload.rc1" |
301 |
else |
302 |
newinitd "${FILESDIR}/snort.rc9" snort || die "Failed to add snort.rc9" |
303 |
fi |
304 |
|
305 |
newconfd "${FILESDIR}/snort.confd" snort || die "Failed to add snort.confd" |
306 |
|
307 |
# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection |
308 |
sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \ |
309 |
"${D}etc/snort/snort.conf.distrib" |
310 |
|
311 |
#Set the correct rule location in the config |
312 |
sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \ |
313 |
"${D}etc/snort/snort.conf.distrib" |
314 |
|
315 |
#Set the correct preprocessor/decoder rule location in the config |
316 |
sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \ |
317 |
"${D}etc/snort/snort.conf.distrib" |
318 |
|
319 |
#Enable the preprocessor/decoder rules |
320 |
sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \ |
321 |
"${D}etc/snort/snort.conf.distrib" |
322 |
sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \ |
323 |
"${D}etc/snort/snort.conf.distrib" |
324 |
|
325 |
#Just some clean up of trailing /'s in the config |
326 |
sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \ |
327 |
"${D}etc/snort/snort.conf.distrib" |
328 |
sed -i -e 's:snort_dynamicrule/$:snort_dynamicrule:g' \ |
329 |
"${D}etc/snort/snort.conf.distrib" |
330 |
|
331 |
#Make it clear in the config where these are... |
332 |
sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \ |
333 |
"${D}etc/snort/snort.conf.distrib" |
334 |
sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \ |
335 |
"${D}etc/snort/snort.conf.distrib" |
336 |
|
337 |
#Disable all rule files by default. |
338 |
#Users need to choose what they want enabled. |
339 |
sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \ |
340 |
"${D}etc/snort/snort.conf.distrib" |
341 |
|
342 |
} |
343 |
|
344 |
pkg_postinst() { |
345 |
einfo |
346 |
einfo "Snort is a libpcap based packet capture tool which can be used in" |
347 |
einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion" |
348 |
einfo "Detection/Prevention System Mode." |
349 |
einfo |
350 |
einfo "To learn more about these modes review the Snort User Manual at..." |
351 |
einfo |
352 |
einfo "http://www.snort.org/docs/" |
353 |
einfo |
354 |
einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for" |
355 |
einfo "information on configuring snort." |
356 |
einfo |
357 |
einfo "Joining the Snort-Users and Snort-Sigs mailing list is highly" |
358 |
einfo "recommended for all users..." |
359 |
einfo |
360 |
einfo "http://www.snort.org/community/mailing-lists/" |
361 |
einfo |
362 |
einfo "To download rules for use with Snort please, see the following" |
363 |
einfo |
364 |
einfo "Sourcefire's VRT Rules and older Community Rules:" |
365 |
einfo "http://www.snort.org/pub-bin/downloads.cgi" |
366 |
einfo |
367 |
einfo "Emerging Threats Rules:" |
368 |
einfo "http://www.emergingthreats.net/" |
369 |
einfo |
370 |
einfo "To manage updates to your rules please visit..." |
371 |
einfo |
372 |
einfo "http://oinkmaster.sourceforge.net/" |
373 |
einfo |
374 |
einfo "and then 'emerge oinkmaster'." |
375 |
elog |
376 |
elog "Snort-2.8.5.1 Notes:" |
377 |
elog |
378 |
elog "Ebuild Notes" |
379 |
elog "The 'memory-cleanup' USE flag has been removed." |
380 |
elog "Snort will now always clean memory now at exit." |
381 |
elog |
382 |
elog "Snort Release Notes:" |
383 |
elog "http://dl.snort.org/snort-current/release_notes_285.txt" |
384 |
elog "http://dl.snort.org/snort-current/release_notes_2851.txt" |
385 |
elog |
386 |
elog "Make sure to check snort.conf.distrib for new features/options." |
387 |
elog |
388 |
} |