1 |
patrick 09/04/30 11:26:06 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: snort-2.8.4-r2.ebuild |
5 |
Removed: snort-2.8.4.ebuild snort-2.8.4-r1.ebuild |
6 |
Log: |
7 |
Lots of small fixes thanks to Jason Wallace. Fixes #266930. |
8 |
(Portage version: 2.2_rc31/cvs/Linux x86_64) |
9 |
|
10 |
Revision Changes Path |
11 |
1.142 net-analyzer/snort/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/ChangeLog?rev=1.142&view=markup |
14 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/ChangeLog?rev=1.142&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/ChangeLog?r1=1.141&r2=1.142 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v |
20 |
retrieving revision 1.141 |
21 |
retrieving revision 1.142 |
22 |
diff -u -r1.141 -r1.142 |
23 |
--- ChangeLog 18 Apr 2009 14:40:43 -0000 1.141 |
24 |
+++ ChangeLog 30 Apr 2009 11:26:06 -0000 1.142 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for net-analyzer/snort |
27 |
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.141 2009/04/18 14:40:43 patrick Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.142 2009/04/30 11:26:06 patrick Exp $ |
30 |
+ |
31 |
+*snort-2.8.4-r2 (30 Apr 2009) |
32 |
+ |
33 |
+ 30 Apr 2009; Patrick Lauer <patrick@g.o> -snort-2.8.4.ebuild, |
34 |
+ -snort-2.8.4-r1.ebuild, +snort-2.8.4-r2.ebuild: |
35 |
+ Lots of small fixes thanks to Jason Wallace. Fixes #266930. |
36 |
|
37 |
*snort-2.8.4-r1 (18 Apr 2009) |
38 |
|
39 |
|
40 |
|
41 |
|
42 |
1.1 net-analyzer/snort/snort-2.8.4-r2.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/snort-2.8.4-r2.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/snort/snort-2.8.4-r2.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: snort-2.8.4-r2.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2009 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.4-r2.ebuild,v 1.1 2009/04/30 11:26:06 patrick Exp $ |
52 |
|
53 |
inherit eutils autotools multilib |
54 |
|
55 |
DESCRIPTION="The de facto standard for intrusion detection/prevention" |
56 |
HOMEPAGE="http://www.snort.org/" |
57 |
SRC_URI="http://www.snort.org/dl/${P}.tar.gz" |
58 |
LICENSE="GPL-2" |
59 |
SLOT="0" |
60 |
KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86" |
61 |
IUSE="static debug threads prelude memory-cleanup dynamicplugin decoder-preprocessor-rules ipv6 targetbased timestats ppm perfprofiling linux-smp-stats inline inline-init-failopen flexresp flexresp2 react aruba gre mpls postgres mysql odbc selinux" |
62 |
|
63 |
#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a |
64 |
DEPEND="virtual/libpcap |
65 |
>=dev-libs/libpcre-6.0 |
66 |
flexresp2? ( dev-libs/libdnet ) |
67 |
flexresp? ( ~net-libs/libnet-1.0.2a ) |
68 |
react? ( ~net-libs/libnet-1.0.2a ) |
69 |
postgres? ( virtual/postgresql-base ) |
70 |
mysql? ( virtual/mysql ) |
71 |
odbc? ( dev-db/unixODBC ) |
72 |
prelude? ( >=dev-libs/libprelude-0.9.0 ) |
73 |
inline? ( ~net-libs/libnet-1.0.2a net-firewall/iptables )" |
74 |
|
75 |
RDEPEND="${DEPEND} |
76 |
dev-lang/perl |
77 |
selinux? ( sec-policy/selinux-snort )" |
78 |
|
79 |
pkg_setup() { |
80 |
|
81 |
if use flexresp && use flexresp2 ; then |
82 |
ewarn |
83 |
ewarn |
84 |
ewarn "You have both the 'flexresp' and 'flexresp2' USE" |
85 |
ewarn "flags set. You can use 'flexresp' OR 'flexresp2'" |
86 |
ewarn "but not both." |
87 |
ewarn |
88 |
ewarn "Defaulting to flexresp2..." |
89 |
ewarn |
90 |
ewarn |
91 |
epause |
92 |
fi |
93 |
|
94 |
if use memory-cleanup && ! use dynamicplugin; then |
95 |
ewarn |
96 |
ewarn |
97 |
ewarn "You have enabled 'memory-cleanup' but not 'dynamicplugin'." |
98 |
ewarn "'memory-cleanup' requires 'dynamicplugin' to compile." |
99 |
ewarn |
100 |
ewarn "Enabling dynamicplugin..." |
101 |
ewarn |
102 |
ewarn |
103 |
epause |
104 |
fi |
105 |
|
106 |
if use inline-init-failopen && ! use inline; then |
107 |
ewarn |
108 |
ewarn |
109 |
ewarn "You have enabled 'inline-init-failopen' but not 'inline'." |
110 |
ewarn "'inline-init-failopen' is an 'inline' only function." |
111 |
ewarn |
112 |
ewarn "Enabling inline mode..." |
113 |
ewarn |
114 |
ewarn |
115 |
epause |
116 |
fi |
117 |
|
118 |
if use ipv6 && use prelude; then |
119 |
ewarn |
120 |
ewarn |
121 |
ewarn "You have enabled 'prelude' and 'ipv6'." |
122 |
ewarn "The Prelude output plugin does not support ipv6." |
123 |
ewarn |
124 |
ewarn "Disabling ipv6 support..." |
125 |
ewarn |
126 |
ewarn |
127 |
epause |
128 |
fi |
129 |
|
130 |
# pre_inst() is a better place but we need it here for the |
131 |
#'fowners' statements in src_install() |
132 |
enewgroup snort |
133 |
enewuser snort -1 -1 /dev/null snort |
134 |
|
135 |
} |
136 |
|
137 |
src_unpack() { |
138 |
unpack ${A} |
139 |
cd "${S}" |
140 |
|
141 |
#Dont monkey with the original source if you don't need to. |
142 |
if use flexresp || use react || use inline || use inline-init-failopen; then |
143 |
epatch "${FILESDIR}/${PN}-2.8.4-libnet.patch" |
144 |
fi |
145 |
|
146 |
#Added patch to print the value of PCAP_MEMORY |
147 |
epatch "${FILESDIR}/pcap_memory.patch" |
148 |
|
149 |
#Added patch to fix problem with the DB output plugin |
150 |
#This will be included upstream in the next version released |
151 |
epatch "${FILESDIR}/spo_database_fix.patch" |
152 |
|
153 |
#Multilib fix for the sf_engine |
154 |
sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ |
155 |
"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ |
156 |
|| die "sed for sf_engine failed" |
157 |
|
158 |
#Multilib fix for the curent set of dynamic-preprocessors |
159 |
for i in ftptelnet smtp ssh dcerpc dns ssl dcerpc2; do |
160 |
sed -i -e 's:${exec_prefix}/lib:${exec_prefix}/'$(get_libdir)':g' \ |
161 |
"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ |
162 |
|| die "sed for $i failed." |
163 |
done |
164 |
|
165 |
#This sed will prevent the example dynamic code from being compiled/installed |
166 |
sed -i -e 's:$(EXAMPLES_DIR)::g' "${WORKDIR}/${P}/src/Makefile.am" |
167 |
|
168 |
if use prelude ; then |
169 |
sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in |
170 |
fi |
171 |
|
172 |
AT_M4DIR=m4 eautoreconf |
173 |
} |
174 |
|
175 |
src_compile() { |
176 |
local myconf |
177 |
|
178 |
#Both shared and static are enable by defaut so we need to be specific |
179 |
if use static; then |
180 |
myconf="${myconf} --enable-static --disable-shared" |
181 |
else |
182 |
myconf="${myconf} --disable-static --enable-shared" |
183 |
fi |
184 |
|
185 |
#Added in ebuild version snort-2.8.3.1. Should be rechecked in updated versions. |
186 |
#Use 'die' because ./configure will die any ways with the same error message... |
187 |
if use ipv6 && use targetbased; then |
188 |
die "Support for target-based and IPv6 cannot be enabled simultaneously in this version." |
189 |
fi |
190 |
|
191 |
#Sourcefire is often not clear about what is and is not enabled by default |
192 |
#To avoid undesired results we should be very specific |
193 |
#Also, See the next 'if' for "react" |
194 |
if ! use react && use flexresp && ! use flexresp2; then |
195 |
myconf="${myconf} --enable-flexresp --disable-flexresp2" |
196 |
elif ! use react && ! use flexresp && use flexresp2; then |
197 |
myconf="${myconf} --disable-flexresp --enable-flexresp2" |
198 |
elif ! use react && use flexresp && use flexresp2; then |
199 |
myconf="${myconf} --disable-flexresp --enable-flexresp2" |
200 |
elif ! use react && ! use flexresp && ! use flexresp2; then |
201 |
myconf="${myconf} --disable-flexresp --disable-flexresp2" |
202 |
fi |
203 |
|
204 |
#We need to do this becaue 'react' automaticly enables 'flexresp' |
205 |
#but ./configure fails if both --enable-react and --enable-flexresp |
206 |
#are used. Here is the error... |
207 |
#ERROR! --enable-react cannot be used with --enable-flexresp |
208 |
#because it is AUTOMATICALLY enabled with --enable-flexresp |
209 |
#Given that --enable-flexresp is enable we know that |
210 |
#--disable-flexresp2 should be used |
211 |
if use react; then |
212 |
myconf="${myconf} --enable-react --disable-flexresp2" |
213 |
fi |
214 |
|
215 |
#USE flag memory-cleanup requires dynamicplugin |
216 |
#Only 'dynamicplugin' is set here, 'memory-cleanup' is set below via econf. |
217 |
if use memory-cleanup || use dynamicplugin; then |
218 |
myconf="${myconf} --enable-dynamicplugin" |
219 |
else |
220 |
myconf="${myconf} --disable-dynamicplugin" |
221 |
fi |
222 |
|
223 |
|
224 |
# USE flages 'targetbased' and 'inline-init-failopen' require threads |
225 |
#Only 'threads' is set here. 'targetbased' and 'inline-init-failopen' are set below via econf. |
226 |
if use targetbased || use inline-init-failopen || use threads; then |
227 |
myconf="${myconf} --enable-pthread" |
228 |
else |
229 |
myconf="${myconf} --disable-pthread" |
230 |
fi |
231 |
|
232 |
#Only needed if... |
233 |
if use flexresp || use react || use inline; then |
234 |
myconf="${myconf} --with-libipq-includes=/usr/include/libipq" |
235 |
fi |
236 |
|
237 |
#'inline-init-failopen' requires 'inline' |
238 |
if use inline-init-failopen || use inline; then |
239 |
myconf="${myconf} --enable-inline" |
240 |
else |
241 |
myconf="${myconf} --disable-inline" |
242 |
fi |
243 |
|
244 |
#'prelude' does not support 'ipv6' |
245 |
if use ipv6 && use prelude; then |
246 |
myconf="${myconf} --enable-prelude --disable-ipv6" |
247 |
elif use ipv6 && ! use prelude; then |
248 |
myconf="${myconf} --enable-ipv6" |
249 |
elif use prelude && ! use ipv6; then |
250 |
myconf="${myconf} --enable-prelude" |
251 |
elif ! use prelude && ! use ipv6; then |
252 |
myconf="${myconf} --disable-prelude --disable-ipv6" |
253 |
fi |
254 |
|
255 |
|
256 |
#The --enable-<feature> options... |
257 |
#'static' 'threads' 'react' 'flexresp' 'flexresp2' 'inline' 'dynamicplugin' |
258 |
# are configured above due to dependancy/conflict issues. |
259 |
|
260 |
#All others are handled the standard ebuild way via econf |
261 |
|
262 |
econf \ |
263 |
--without-oracle \ |
264 |
$(use_with postgres postgresql) \ |
265 |
$(use_with mysql) \ |
266 |
$(use_with odbc) \ |
267 |
--disable-ipfw \ |
268 |
--disable-profile \ |
269 |
--disable-ppm-test \ |
270 |
$(use_enable debug) \ |
271 |
$(use_enable memory-cleanup) \ |
272 |
$(use_enable decoder-preprocessor-rules) \ |
273 |
$(use_enable targetbased) \ |
274 |
$(use_enable timestats) \ |
275 |
$(use_enable ppm) \ |
276 |
$(use_enable perfprofiling) \ |
277 |
$(use_enable linux-smp-stats) \ |
278 |
$(use_enable inline-init-failopen) \ |
279 |
$(use_enable aruba) \ |
280 |
$(use_enable gre) \ |
281 |
$(use_enable mpls) \ |
282 |
${myconf} || die "econf failed" |
283 |
|
284 |
# limit to single as reported by jforman on irc |
285 |
emake -j1 |
286 |
|
287 |
} |
288 |
|
289 |
src_install() { |
290 |
emake DESTDIR="${D}" install || die "make install failed" |
291 |
|
292 |
keepdir /var/log/snort/ |
293 |
fowners snort:snort /var/log/snort |
294 |
|
295 |
keepdir /var/run/snort/ |
296 |
fowners snort:snort /var/run/snort/ |
297 |
|
298 |
dodoc doc/* |
299 |
dodoc ./RELEASE.NOTES |
300 |
docinto schemas |
301 |
dodoc schemas/* |
302 |
|
303 |
insinto /etc/snort |
304 |
doins etc/attribute_table.dtd \ |
305 |
etc/classification.config \ |
306 |
etc/gen-msg.map \ |
307 |
etc/reference.config \ |
308 |
etc/sid-msg.map \ |
309 |
etc/threshold.conf \ |
310 |
etc/unicode.map \ |
311 |
|| die "Failed to add files in /etc/snort" |
312 |
|
313 |
newins etc/snort.conf snort.conf.distrib |
314 |
|
315 |
insinto /etc/snort/preproc_rules |
316 |
doins preproc_rules/decoder.rules \ |
317 |
preproc_rules/preprocessor.rules \ |
318 |
|| die "Failed to add files in /etc/snort/preproc_rules" |
319 |
|
320 |
keepdir /etc/snort/rules/ |
321 |
|
322 |
fowners -R snort:snort /etc/snort/ |
323 |
|
324 |
newinitd "${FILESDIR}/snort.rc9" snort || die "Failed to add snort.rc9" |
325 |
newconfd "${FILESDIR}/snort.confd" snort || die "Failed to add snort.confd" |
326 |
|
327 |
|
328 |
# Make some changes to snort.conf.distrib |
329 |
|
330 |
# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection |
331 |
sed -i -e 's:/usr/local/lib:/usr/'$(get_libdir)':g' \ |
332 |
"${D}etc/snort/snort.conf.distrib" |
333 |
|
334 |
#Set the correct rule location in the config |
335 |
sed -i -e 's:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g' \ |
336 |
"${D}etc/snort/snort.conf.distrib" |
337 |
|
338 |
#Set the correct preprocessor/decoder rule location in the config |
339 |
sed -i -e 's:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g' \ |
340 |
"${D}etc/snort/snort.conf.distrib" |
341 |
|
342 |
#Enable the preprocessor/decoder rules |
343 |
sed -i -e 's:^# include $PREPROC_RULE_PATH:include $PREPROC_RULE_PATH:g' \ |
344 |
"${D}etc/snort/snort.conf.distrib" |
345 |
sed -i -e 's:^# dynamicdetection directory:dynamicdetection directory:g' \ |
346 |
"${D}etc/snort/snort.conf.distrib" |
347 |
|
348 |
#Just some clean up of trailing /'s in the config |
349 |
sed -i -e 's:snort_dynamicpreprocessor/$:snort_dynamicpreprocessor:g' \ |
350 |
"${D}etc/snort/snort.conf.distrib" |
351 |
sed -i -e 's:snort_dynamicrule/$:snort_dynamicrules:g' \ |
352 |
"${D}etc/snort/snort.conf.distrib" |
353 |
|
354 |
#Make it clear in the config where these are... |
355 |
sed -i -e 's:^include classification.config:include /etc/snort/classification.config:g' \ |
356 |
"${D}etc/snort/snort.conf.distrib" |
357 |
sed -i -e 's:^include reference.config:include /etc/snort/reference.config:g' \ |
358 |
"${D}etc/snort/snort.conf.distrib" |
359 |
|
360 |
#Disable all rule files by default. |
361 |
#Users need to chose what they want enabled. |
362 |
sed -i -e 's:^include $RULE_PATH:# include $RULE_PATH:g' \ |
363 |
"${D}etc/snort/snort.conf.distrib" |
364 |
|
365 |
} |
366 |
|
367 |
pkg_postinst() { |
368 |
einfo |
369 |
einfo "Snort is a libpcap based packet capture tool which can be used in" |
370 |
einfo "three modes Sniffer Mode, Packet Logger Mode, or Network Intrusion" |
371 |
einfo "Detection System Mode." |
372 |
einfo |
373 |
einfo "To learn more about these modes review the Snort User Manual at..." |
374 |
einfo |
375 |
einfo "http://www.snort.org/docs/" |
376 |
einfo |
377 |
einfo "See /usr/share/doc/${PF} and /etc/snort/snort.conf.distrib for" |
378 |
einfo "information on configuring snort." |
379 |
einfo |
380 |
einfo "Joining the Snort Users and Snort Sigs mailing list is highly" |
381 |
einfo "recommended for all users..." |
382 |
einfo |
383 |
einfo "http://www.snort.org/community/lists.html" |
384 |
einfo |
385 |
elog "Snort-2.8.4-r1 Notes:" |
386 |
elog "The 'ruleperf' USE flag has been removed. The Snort Dev's have" |
387 |
elog "included it in the build by default now." |
388 |
elog |
389 |
elog "The 'stream4udp' USE flag has been removed. It is no" |
390 |
elog "longer a valid compile time option." |
391 |
elog "If you are still using Stream4, you should switch to using Stream5." |
392 |
elog |
393 |
elog "/etc/init.d/snort and /etc/conf.d/snort have been updated to" |
394 |
elog "resolve some bugs with starting and stopping snort." |
395 |
elog "It is important that you update these when you run 'etc-update'" |
396 |
elog |
397 |
elog "The 'community-rules' USE flag has been removed." |
398 |
elog |
399 |
elog "We are no longer distributing rule files via the snort ebuild." |
400 |
elog "There are a couple of reasons for this change..." |
401 |
elog |
402 |
elog "1. Rule files are not versioned making it impossible to use" |
403 |
elog " portage to update them properly." |
404 |
elog "2. Although some of the rules are still useful, the" |
405 |
elog " Community Rules are quite old (RELEASED: 2007-04-27) and" |
406 |
elog " should only be used to supplement the VRT rule set." |
407 |
elog "3. Sourcefire's VRT rule set requires users to register (for free)" |
408 |
elog " to download them." |
409 |
elog "4. Certain versions of Snort require specific rule set versions" |
410 |
elog " for proper detection and to prevent Snort from breaking." |
411 |
elog " (See below.)" |
412 |
elog |
413 |
elog "To download rules for use with Snort please, see the following" |
414 |
elog |
415 |
elog "Sourcefire's VRT Rules and older Community Rules:" |
416 |
elog "http://www.snort.org/pub-bin/downloads.cgi" |
417 |
elog |
418 |
elog "Emerging Threats Rules:" |
419 |
elog "http://www.emergingthreats.net/" |
420 |
elog |
421 |
elog "A good place to put your downloaded rules would be..." |
422 |
elog "/etc/snort/rules" |
423 |
elog |
424 |
elog "To manage updates to your rules please visit..." |
425 |
elog |
426 |
elog "http://oinkmaster.sourceforge.net/" |
427 |
elog |
428 |
elog "and then 'emerge oinkmaster'." |
429 |
elog |
430 |
elog "!!!IMPORTANT!!!" |
431 |
elog "Users upgrading from versions prior to Snort-2.8.4 and are using" |
432 |
elog "the dcerpc or dcerpc2 preprocessor in your snort.conf file" |
433 |
elog "with the netbios rules should be aware of the following" |
434 |
elog "announcements..." |
435 |
elog |
436 |
elog "http://vrt-sourcefire.blogspot.com/2009/04/snort-284-is-nigh.html" |
437 |
elog "http://vrt-sourcefire.blogspot.com/2009/02/important-snort-rule-changes-and-new.html" |
438 |
elog |
439 |
} |