Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/files/, net-analyzer/snort/, profiles/arch/powerpc/ppc64/
Date: Mon, 10 Dec 2018 16:45:26
Message-Id: 1544460300.6b906ae69c91c7a4ec841182fcc484e9494aa921.whissi@gentoo
1 commit: 6b906ae69c91c7a4ec841182fcc484e9494aa921
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Mon Dec 10 16:17:04 2018 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Mon Dec 10 16:45:00 2018 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b906ae6
7
8 net-analyzer/snort: bump to v2.9.12
9
10 Closes: https://bugs.gentoo.org/550366
11 Closes: https://bugs.gentoo.org/618822
12 Package-Manager: Portage-2.3.52, Repoman-2.3.12
13 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
14
15 net-analyzer/snort/Manifest | 1 +
16 .../snort/files/snort-2.9.12-snort.pc.patch | 11 +
17 net-analyzer/snort/files/snort.tmpfiles | 1 +
18 net-analyzer/snort/files/snort_at.service | 11 +
19 net-analyzer/snort/metadata.xml | 5 +
20 net-analyzer/snort/snort-2.9.12.ebuild | 258 +++++++++++++++++++++
21 profiles/arch/powerpc/ppc64/package.use.mask | 4 +
22 7 files changed, 291 insertions(+)
23
24 diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest
25 index 391e6190d8b..4664a2116c3 100644
26 --- a/net-analyzer/snort/Manifest
27 +++ b/net-analyzer/snort/Manifest
28 @@ -1,3 +1,4 @@
29 +DIST snort-2.9.12.tar.gz 6456877 BLAKE2B af5584fe01caf9af2f2188e1362bd927a884354ddcb3026af514dddc1264b557691e1644d3c24e85c3b5b5f515dd9fccdd8d38ebc7c28d2f384fb822e27d8bb8 SHA512 6f759b321ca5496abf27c9e4f4fa003cd5167f8c8a160bf5f0b1aee1a93aa8d27de89b84bdf993a0bfb3a93c6315cb2bdbdc3fdb3b09b8d4d1d3c22b69c6783f
30 DIST snort-2.9.4.6.tar.gz 5338762 BLAKE2B d7d663028fcfeffd2f2996a4ebf81aa723b4564a0aa38158f5fef104385866164d8ddd538d920f08e4102da0b055157c8574e42f2e306187eb82283db5ad2c78 SHA512 e35e22cab3b98bbd42ffb4b88c4c4cc9b1c11e35952a9f3f4f684c02c81ca8604b45d16f42b3d0a6c792eeab86a8e319d8ebdd7b1a5215f93ec0e70b6ef53f98
31 DIST snort-2.9.7.0.tar.gz 6340553 BLAKE2B 97fc2699fd93278edd5b350db498733f60ea9a78fe8f9f755c153380be77b3b97caec3aa7cce633650dd0e5d193deab675855aa68c2efcb04dc6df04b77ccb4c SHA512 f2cbdd2cf2ad15bd4cf3f8658c2a4880ee2069589db89c11aaea637984dde270ef6242c6dd43d5e12f829ed2464388950ee791dbbfa8df796843942c415fbc2f
32 DIST snort-2.9.7.2.tar.gz 6352738 BLAKE2B c2c67395d9a214886ecf033b692f841da58284d0687ee4c219f77850246b1c2e134b874aba6dfd30dcb1f3c71d54a6c4e5dc70e613eb28a59c51f31dc9498b41 SHA512 4732014d0049671b1a81857e25a5ffbc3cbccb698be2b3406f69a45603a6b9f34343469ee14fa513199cf9b890a278cc777b42493850cff6fcb3493bb9b73dce
33
34 diff --git a/net-analyzer/snort/files/snort-2.9.12-snort.pc.patch b/net-analyzer/snort/files/snort-2.9.12-snort.pc.patch
35 new file mode 100644
36 index 00000000000..3608a71c692
37 --- /dev/null
38 +++ b/net-analyzer/snort/files/snort-2.9.12-snort.pc.patch
39 @@ -0,0 +1,11 @@
40 +--- a/snort.pc.in
41 ++++ b/snort.pc.in
42 +@@ -12,6 +12,5 @@ Name: Snort
43 + Description: Snort dynamic plugins/detection/rules
44 + URL: www.snort.org
45 + Version: @VERSION@
46 +-Libs: -L${libdir} -lcurl @LDFLAGS@ @LIBS@
47 +-Cflags: @CFLAGS@ @CPPFLAGS@
48 +-
49 ++Libs: -L${libdir} -lcurl @LIBS@
50 ++Cflags: -I${includedir} @CPPFLAGS@
51
52 diff --git a/net-analyzer/snort/files/snort.tmpfiles b/net-analyzer/snort/files/snort.tmpfiles
53 new file mode 100644
54 index 00000000000..5772f2fd1ad
55 --- /dev/null
56 +++ b/net-analyzer/snort/files/snort.tmpfiles
57 @@ -0,0 +1 @@
58 +d /run/snort 0755 snort snort -
59
60 diff --git a/net-analyzer/snort/files/snort_at.service b/net-analyzer/snort/files/snort_at.service
61 new file mode 100644
62 index 00000000000..f764015c219
63 --- /dev/null
64 +++ b/net-analyzer/snort/files/snort_at.service
65 @@ -0,0 +1,11 @@
66 +[Unit]
67 +Description=Snort IDS system listening on '%I'
68 +
69 +[Service]
70 +Type=simple
71 +ExecStartPre=/usr/sbin/ip link set up dev %I
72 +ExecStart=/usr/bin/snort --daq-dir /usr/lib/daq/ -A fast -b -p -u snort -g snort -c /etc/snort/snort.conf -i %I
73 +ExecReload=/bin/kill -HUP $MAINPID
74 +
75 +[Install]
76 +Alias=multi-user.target.wants/snort@%i.service
77
78 diff --git a/net-analyzer/snort/metadata.xml b/net-analyzer/snort/metadata.xml
79 index bfd9b69b2e8..4478a084a21 100644
80 --- a/net-analyzer/snort/metadata.xml
81 +++ b/net-analyzer/snort/metadata.xml
82 @@ -66,6 +66,11 @@
83 Enable decoding of non-ethernet protocols such as TokenRing, FDDI,
84 IPX, etc.
85 </flag>
86 + <flag name="open-appid">
87 + Enable OpenAppID, an open, application-focused detection language
88 + and processing module for Snort that enables users to create, share,
89 + and implement application detection. Requires <pkg>dev-lang/luajit</pkg>.
90 + </flag>
91 <flag name="perfprofiling">
92 Enables support for preprocessor and rule performance profiling
93 using the perfmonitor preprocessor.
94
95 diff --git a/net-analyzer/snort/snort-2.9.12.ebuild b/net-analyzer/snort/snort-2.9.12.ebuild
96 new file mode 100644
97 index 00000000000..0a355d73194
98 --- /dev/null
99 +++ b/net-analyzer/snort/snort-2.9.12.ebuild
100 @@ -0,0 +1,258 @@
101 +# Copyright 1999-2018 Gentoo Authors
102 +# Distributed under the terms of the GNU General Public License v2
103 +
104 +EAPI="6"
105 +inherit autotools user systemd tmpfiles multilib
106 +
107 +DESCRIPTION="The de facto standard for intrusion detection/prevention"
108 +HOMEPAGE="https://www.snort.org"
109 +SRC_URI="https://www.snort.org/downloads/archive/${PN}/${P}.tar.gz"
110 +LICENSE="GPL-2"
111 +SLOT="0"
112 +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
113 +IUSE="static +gre +ppm +perfprofiling
114 ++non-ether-decoders control-socket file-inspect high-availability
115 +shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
116 ++threads debug +active-response reload-error-restart open-appid
117 ++react +flexresp3 large-pcap-64bit selinux +libtirpc"
118 +
119 +DEPEND=">=net-libs/libpcap-1.3.0
120 + >=net-libs/daq-2.0.2
121 + >=dev-libs/libpcre-8.33
122 + dev-libs/libdnet
123 + net-libs/libnsl:0=
124 + sys-libs/zlib
125 + !libtirpc? ( sys-libs/glibc[rpc(-)] )
126 + libtirpc? ( net-libs/libtirpc )
127 + open-appid? ( dev-lang/luajit:= )
128 +"
129 +
130 +RDEPEND="${DEPEND}
131 + selinux? ( sec-policy/selinux-snort )"
132 +
133 +REQUIRED_USE="!kernel_linux? ( !shared-rep )"
134 +
135 +PATCHES=(
136 + "${FILESDIR}"/${PN}-2.9.8.3-no-implicit.patch
137 + "${FILESDIR}"/${PN}-2.9.8.3-rpc.patch
138 + "${FILESDIR}"/${PN}-2.9.12-snort.pc.patch
139 +)
140 +
141 +pkg_setup() {
142 + # pre_inst() is a better place to put this
143 + # but we need it here for the 'fowners' statements in src_install()
144 + enewgroup snort
145 + enewuser snort -1 -1 /dev/null snort
146 +
147 +}
148 +
149 +src_prepare() {
150 + default
151 +
152 + # Multilib fix for the sf_engine
153 + ebegin "Applying multilib fix"
154 + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
155 + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
156 + || die "sed for sf_engine failed"
157 +
158 + # Multilib fix for the curent set of dynamic-preprocessors
159 + for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do
160 + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
161 + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
162 + || die "sed for $i failed."
163 + done
164 + eend
165 +
166 + mv configure.{in,ac} || die
167 +
168 + AT_M4DIR=m4 eautoreconf
169 +}
170 +
171 +src_configure() {
172 + econf \
173 + $(use_enable !static shared) \
174 + $(use_enable static) \
175 + $(use_enable static so-with-static-lib) \
176 + $(use_enable gre) \
177 + $(use_enable control-socket) \
178 + $(use_enable file-inspect) \
179 + $(use_enable high-availability ha) \
180 + $(use_enable non-ether-decoders) \
181 + $(use_enable shared-rep) \
182 + $(use_enable side-channel) \
183 + $(use_enable sourcefire) \
184 + $(use_enable ppm) \
185 + $(use_enable perfprofiling) \
186 + $(use_enable linux-smp-stats) \
187 + $(use_enable inline-init-failopen) \
188 + $(use_enable open-appid) \
189 + $(use_enable threads pthread) \
190 + $(use_enable debug) \
191 + $(use_enable debug debug-msgs) \
192 + $(use_enable debug corefiles) \
193 + $(use_enable !debug dlclose) \
194 + $(use_enable active-response) \
195 + $(use_enable reload-error-restart) \
196 + $(use_enable react) \
197 + $(use_enable flexresp3) \
198 + $(use_enable large-pcap-64bit large-pcap) \
199 + $(use_with libtirpc) \
200 + --enable-mpls \
201 + --enable-normalizer \
202 + --enable-reload \
203 + --enable-targetbased \
204 + --disable-build-dynamic-examples \
205 + --disable-profile \
206 + --disable-ppm-test \
207 + --disable-intel-soft-cpm \
208 + --disable-static-daq
209 +}
210 +
211 +src_install() {
212 + emake DESTDIR="${D}" install
213 +
214 + keepdir /var/log/snort \
215 + /etc/snort/rules \
216 + /etc/snort/so_rules \
217 + /usr/$(get_libdir)/snort_dynamicrules
218 +
219 + # config.log and build.log are needed by Sourcefire
220 + # to trouble shoot build problems and bug reports so we are
221 + # perserving them incase the user needs upstream support.
222 + dodoc RELEASE.NOTES ChangeLog \
223 + doc/* \
224 + tools/u2boat/README.u2boat
225 +
226 + insinto /etc/snort
227 + doins etc/attribute_table.dtd \
228 + etc/classification.config \
229 + etc/gen-msg.map \
230 + etc/reference.config \
231 + etc/threshold.conf \
232 + etc/unicode.map
233 +
234 + # We use snort.conf.distrib because the config file is complicated
235 + # and the one shipped with snort can change drastically between versions.
236 + # Users should migrate setting by hand and not with etc-update.
237 + newins etc/snort.conf snort.conf.distrib
238 +
239 + # config.log and build.log are needed by Sourcefire
240 + # to troubleshoot build problems and bug reports so we are
241 + # preserving them incase the user needs upstream support.
242 + if [ -f "${WORKDIR}/${PF}/config.log" ]; then
243 + dodoc "${WORKDIR}/${PF}/config.log"
244 + fi
245 + if [ -f "${T}/build.log" ]; then
246 + dodoc "${T}/build.log"
247 + fi
248 +
249 + insinto /etc/snort/preproc_rules
250 + doins preproc_rules/decoder.rules \
251 + preproc_rules/preprocessor.rules \
252 + preproc_rules/sensitive-data.rules
253 +
254 + fowners -R snort:snort \
255 + /var/log/snort \
256 + /etc/snort
257 +
258 + newinitd "${FILESDIR}/snort.rc12" snort
259 + newconfd "${FILESDIR}/snort.confd.2" snort
260 + systemd_newunit "${FILESDIR}/snort_at.service" "snort@.service"
261 +
262 + newtmpfiles "${FILESDIR}"/snort.tmpfiles snort.conf
263 +
264 + # Sourcefire uses Makefiles to install docs causing Bug #297190.
265 + # This removes the unwanted doc directory and rogue Makefiles.
266 + rm -rf "${ED%/}"/usr/share/doc/snort || die "Failed to remove SF doc directories"
267 + rm "${ED%/}"/usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"
268 +
269 + # Remove unneeded .la files (Bug #382863)
270 + rm "${ED%/}"/usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die
271 + rm "${ED%/}"/usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"
272 +
273 + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
274 + sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \
275 + "${ED%/}/etc/snort/snort.conf.distrib" || die
276 +
277 + # Set the correct rule location in the config
278 + sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \
279 + "${ED%/}/etc/snort/snort.conf.distrib" || die
280 +
281 + # Set the correct preprocessor/decoder rule location in the config
282 + sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \
283 + "${ED%/}/etc/snort/snort.conf.distrib" || die
284 +
285 + # Enable the preprocessor/decoder rules
286 + sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \
287 + "${ED%/}/etc/snort/snort.conf.distrib" || die
288 +
289 + sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \
290 + "${ED%/}/etc/snort/snort.conf.distrib" || die
291 +
292 + # Just some clean up of trailing /'s in the config
293 + sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \
294 + "${ED%/}/etc/snort/snort.conf.distrib" || die
295 +
296 + # Make it clear in the config where these are...
297 + sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \
298 + "${ED%/}/etc/snort/snort.conf.distrib" || die
299 +
300 + sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \
301 + "${ED%/}/etc/snort/snort.conf.distrib" || die
302 +
303 + # Disable all rule files by default.
304 + sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \
305 + "${ED%}/etc/snort/snort.conf.distrib" || die
306 +
307 + # Set the configured DAQ to afpacket
308 + sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \
309 + "${ED%}/etc/snort/snort.conf.distrib" || die
310 +
311 + # Set the location of the DAQ modules
312 + sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \
313 + "${ED%}/etc/snort/snort.conf.distrib" || die
314 +
315 + # Set the DAQ mode to passive
316 + sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \
317 + "${ED%}/etc/snort/snort.conf.distrib" || die
318 +
319 + # Set snort to run as snort:snort
320 + sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \
321 + "${ED%/}/etc/snort/snort.conf.distrib" || die
322 + sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \
323 + "${ED%/}/etc/snort/snort.conf.distrib" || die
324 +
325 + # Set the default log dir
326 + sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \
327 + "${ED%/}/etc/snort/snort.conf.distrib" || die
328 +
329 + # Set the correct so_rule location in the config
330 + sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \
331 + "${ED%/}/etc/snort/snort.conf.distrib" || die
332 +}
333 +
334 +pkg_postinst() {
335 + tmpfiles_process snort.conf
336 +
337 + einfo "There have been a number of improvements and new features"
338 + einfo "added to ${P}. Please review the RELEASE.NOTES and"
339 + einfo "ChangLog located in /usr/share/doc/${PF}."
340 + einfo
341 + elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
342 + elog "users migrate their snort.conf customizations to the latest config"
343 + elog "file released by the VRT. You can find the latest version of the"
344 + elog "Snort config file in /etc/snort/snort.conf.distrib."
345 + elog
346 + elog "!! It is important that you migrate to this new snort.conf file !!"
347 + elog
348 + elog "This version of the ebuild includes an updated init.d file and"
349 + elog "conf.d file that rely on options found in the latest Snort"
350 + elog "config file provided by the VRT."
351 +
352 + if use debug; then
353 + elog "You have the 'debug' USE flag enabled. If this has been done to"
354 + elog "troubleshoot an issue by producing a core dump or a back trace,"
355 + elog "then you need to also ensure the FEATURES variable in make.conf"
356 + elog "contains the 'nostrip' option."
357 + fi
358 +}
359
360 diff --git a/profiles/arch/powerpc/ppc64/package.use.mask b/profiles/arch/powerpc/ppc64/package.use.mask
361 index b6032b13eed..dd7876246d1 100644
362 --- a/profiles/arch/powerpc/ppc64/package.use.mask
363 +++ b/profiles/arch/powerpc/ppc64/package.use.mask
364 @@ -1,6 +1,10 @@
365 # Copyright 1999-2018 Gentoo Foundation
366 # Distributed under the terms of the GNU General Public License v2
367
368 +# Thomas Deutschmann <whissi@g.o> (10 Dec 2018)
369 +# dev-lang/luajit lacks ppc64 keyword. luajit upstream does not support ppc64
370 +net-analyzer/snort open-appid
371 +
372 # Andreas Sturmlechner <asturm@g.o> (13 Mar 2018)
373 # missing keyword on media-libs/portmidi
374 media-sound/hydrogen portmidi
Report Message
Find on MARC Find on Google Groups