diff options
| author |   Patrick Lauer <patrick@gentoo.org> | 2012-04-04 09:39:53 +0000 |
|---|---|---|
| committer | Patrick Lauer <patrick@gentoo.org> | 2012-04-04 09:39:53 +0000 |
| commit | 58e4c4873d3dbd51ecd301d62007fa30cd72b5e1 (patch) | |
| tree | 3562463c756d8f437256675147a34fc3fe020946 /net-analyzer/snort | |
| parent | Move ~ppc,~ppc64 keywords forward to latest version. (diff) | |
| download | historical-58e4c4873d3dbd51ecd301d62007fa30cd72b5e1.tar.gz historical-58e4c4873d3dbd51ecd301d62007fa30cd72b5e1.tar.bz2 historical-58e4c4873d3dbd51ecd301d62007fa30cd72b5e1.zip | |
Bump
Package-Manager: portage-2.2.0_alpha98/cvs/Linux x86_64
Diffstat (limited to 'net-analyzer/snort')
| -rw-r--r-- | net-analyzer/snort/ChangeLog | 7 | ||||
| -rw-r--r-- | net-analyzer/snort/Manifest | 24 | ||||
| -rw-r--r-- | net-analyzer/snort/snort-2.9.2.2.ebuild | 264 |
3 files changed, 273 insertions, 22 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog index 65ad965a5361..22390209bfe3 100644 --- a/net-analyzer/snort/ChangeLog +++ b/net-analyzer/snort/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-analyzer/snort # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.191 2012/03/11 14:23:21 kumba Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.192 2012/04/04 09:39:53 patrick Exp $ + +*snort-2.9.2.2 (04 Apr 2012) + + 04 Apr 2012; Patrick Lauer <patrick@gentoo.org> +snort-2.9.2.2.ebuild: + Bump 11 Mar 2012; Joshua Kinard <kumba@gentoo.org> snort-2.9.1.ebuild, snort-2.9.2.1.ebuild: diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest index 5f6095cabe62..dd59f7513ee5 100644 --- a/net-analyzer/snort/Manifest +++ b/net-analyzer/snort/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX disabledynamic.patch 4189 RMD160 e24db349742b5885206466ee0254457f69a18272 SHA1 63388be21fefb841740a2dd0df7684ad24f2dc40 SHA256 018cec1ffab83b65506478e33c51f26aeaddab3152a1c5c1d5b4f0952ac00fd4 AUX snort.confd 442 RMD160 439e885d43aacc474c41eeed5217a498b2917aac SHA1 87a3de61e218367b2239540b94c564b2c6729300 SHA256 40adf5e7b918d1feae6728c1445e879d4cc478f81d13e9f32a2de1be1345413a AUX snort.confd.2 420 RMD160 66bead70bfb5752d7f9779803453bdecf2694fee SHA1 d4917da66def50d09430a0dff4b2e86103a4834a SHA256 337378f098e0cd59fb5c28a26b5b74b32168cf48596064469e6a5ba04fe3a36f @@ -9,25 +6,10 @@ AUX snort.rc11 1473 RMD160 f9d1a9bfbe88b0bcb5dbecbab3ee3fc647f0a9ff SHA1 cf97f12 DIST snort-2.9.0.5.tar.gz 5867934 RMD160 668c586c8cfab905c18af08ca6b61b96dddb398a SHA1 b4565d3a8387f6b5e7aceb3aee80803ceabf80f2 SHA256 f997fddbbd1a5f7ccdd4153610b0916fcbe105ea3316d4ed3487fd0054287e94 DIST snort-2.9.1.tar.gz 6217639 RMD160 81070dd6b18f106368473c396d82261e7db1dc3d SHA1 b1ae80bbfd9145cae89c6249f4b5176fbccbf90d SHA256 1e69de95c8956191b26d19138a2fb7b6f2faf519f601aa3c7d779593c48830c2 DIST snort-2.9.2.1.tar.gz 6522229 RMD160 1a2b40980552092b4dfad6664e6facccba9d0ecf SHA1 1ae18ffc7cafe6f2590e06441d15a1b1519f8483 SHA256 4ec549fc2b0df5e89b2dc0453eabf3499f7da2fa88cd004a084ffa1109cbffa5 +DIST snort-2.9.2.2.tar.gz 6529966 RMD160 2c5f3d9d28de860f906c6f229721833b856705c8 SHA1 5b1e9bd527ecba7e42c007ae1a62ff51a4adb2c6 SHA256 63f4eeee24d79e4a4e4b573e085d0d2fd78fcf3b7ea730c37eab7b47fcd9b954 EBUILD snort-2.9.0.5.ebuild 10182 RMD160 c27c1ba991d7208be2d3d8f68a6c87d7d262d05e SHA1 ba00424bb9d72f099e8d11a4decdd081932f4747 SHA256 b8c1d0e547acb33e24fee1e44d23277168e575404f3c63357b117e769f72624e EBUILD snort-2.9.1.ebuild 9308 RMD160 62590d5d697d6729daf8394aa64470c8e0a520cd SHA1 6f4d786f58c39b87ff1aac89f643db1cb0a2a020 SHA256 813b4a6028cab1fff3f13ae4d3e6a6ff33fbfdf985e8219b2481a0d2213fa4f5 EBUILD snort-2.9.2.1.ebuild 9328 RMD160 45143ab1b9b28a5bc3fe70ca53abc03c7a2f80d8 SHA1 d4ebe5e8769f663dbc5c23cc23cd4ea87c3319b8 SHA256 de963768b8c2224792868bf2e17807e74e815703a5194d30c08e45dd91b043fa -MISC ChangeLog 33511 RMD160 763492a5b83ee353337364c385966a19ecfed5c6 SHA1 c23ac6f3e124133d35f373a28a356117535492b2 SHA256 8d31800001c7a4bb3392ec3cce4e56ef562bdcf79ed074c7e85afe1377704c75 +EBUILD snort-2.9.2.2.ebuild 9330 RMD160 dbfa40d18f97a4089d133c6d8ec2a91f5a5379f9 SHA1 e9888afb7d1922d83015f7accbf1bdfd5479ea81 SHA256 a7c96f8f3a542adb7d724a4b1314d45d51472ab6e097ea8f3c92e077b022576d +MISC ChangeLog 33624 RMD160 a39244fe968467d72330e62b4e54aaae363a650f SHA1 767a852c3f3a1e3905406ebed2da5b138ff0b543 SHA256 b9d25fcbc4f88b0aa35f78dfd776fa1a673461f4e20fa19a2245e0ac703b0f25 MISC metadata.xml 4663 RMD160 2187b0202dd685045a9e4d81f3b0800660b6ee0b SHA1 2b419f3ef46fb8c4fd40f69b976e3d4dff6bf878 SHA256 40d07671b44a9025df3eec2c8554358e1f7b5d967b32f2e306d38f3ae171a56d ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (GNU/Linux) - -iQIcBAEBAgAGBQJPXH09AAoJENsjoH7SXZXjJesP/29LVVRE8mn1kWyqj15gw5Iw -Xp8LuCSuKI1qB5oEVQeZYhaJewHjZz+DBmceKmqgnz5IdRJJZi5pEiN8v3qn2Lep -R3IAjsSzGbwAdnqAReQwgOpGDCTBU19g4JdoEhWAEWOhCVHiN2JJHD8+JxxcIZWe -RdYaGWLtteIwlv19KfVcuvUCAtXAeWUa/JuVo2fLrnYeUd7iVDK9tU1qgTazM+M7 -Ecy2zsYFzO/6Soshbi7ZbYEITIIO8oullF3BZlDRi1Ihkwe2DcXUmlsnCHKUqqOJ -j1PW0RMQCeOe4RZpgGCiRP31QWmfO9ciWLpQ6StV3AlSjMKxya/E9JU8HhtdTWDu -LsKEKOLxG/lRNvOz1TrNCNre/BeVaXepb7KSl343qY9uw5fXhqpBAeEzcBmxYfrl -O8YzTScn6+z4HiZZv1bEog5fiw2Vrptk4cauVtGWsQk+V1qLYUxdL48LrYLRGlh4 -9ndWZmkQkLA40ISx/IyWN3Kwuxu3o+JPTYRUbmsP8qqwDUrg9h7BP36wQpGo21SC -HaAqjXQmlTeDijW2BMHdbQTYJy0MIuAb6g63MfwmPzwZt21POPrx/u3oek8kJ2tt -MjQH3Ld10gOiWkgW+E8BC4t5CHYmWGIlkq8uzVqFPrV+ZiKWrTEWcfAxF73hY2ic -24EITxsgVtZ13Lx53wlb -=cP9g ------END PGP SIGNATURE----- diff --git a/net-analyzer/snort/snort-2.9.2.2.ebuild b/net-analyzer/snort/snort-2.9.2.2.ebuild new file mode 100644 index 000000000000..e7811a426c02 --- /dev/null +++ b/net-analyzer/snort/snort-2.9.2.2.ebuild @@ -0,0 +1,264 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.2.ebuild,v 1.1 2012/04/04 09:39:53 patrick Exp $ + +EAPI="2" +inherit eutils autotools multilib + +DESCRIPTION="The de facto standard for intrusion detection/prevention" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86 ~mips" +IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules ++ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response ++normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit +aruba mysql odbc postgres selinux" + +DEPEND=">=net-libs/libpcap-1.0.0 + >=net-libs/daq-0.6 + >=dev-libs/libpcre-6.0 + dev-libs/libdnet + postgres? ( dev-db/postgresql-base ) + mysql? ( virtual/mysql ) + odbc? ( dev-db/unixODBC ) + zlib? ( sys-libs/zlib )" + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-snort )" + +pkg_setup() { + + if use zlib && ! use dynamicplugin; then + eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag." + eerror "'zlib' requires 'dynamicplugin' be enabled." + die + fi + + # pre_inst() is a better place to put this + # but we need it here for the 'fowners' statements in src_install() + enewgroup snort + enewuser snort -1 -1 /dev/null snort + +} + +src_prepare() { + + #Multilib fix for the sf_engine + einfo "Applying multilib fix." + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ + || die "sed for sf_engine failed" + + #Multilib fix for the curent set of dynamic-preprocessors + for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ + || die "sed for $i failed." + done + + AT_M4DIR=m4 eautoreconf +} + +src_configure() { + + econf \ + $(use_enable !static shared) \ + $(use_enable static) \ + $(use_enable static so-with-static-lib) \ + $(use_enable dynamicplugin) \ + $(use_enable zlib) \ + $(use_enable gre) \ + $(use_enable mpls) \ + $(use_enable targetbased) \ + $(use_enable decoder-preprocessor-rules) \ + $(use_enable ppm) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + $(use_enable inline-init-failopen) \ + $(use_enable threads pthread) \ + $(use_enable debug) \ + $(use_enable debug debug-msgs) \ + $(use_enable debug corefiles) \ + $(use_enable !debug dlclose) \ + $(use_enable active-response) \ + $(use_enable normalizer) \ + $(use_enable reload-error-restart) \ + $(use_enable react) \ + $(use_enable flexresp3) \ + $(use_enable paf) \ + $(use_enable large-pcap-64bit large-pcap) \ + $(use_enable aruba) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_with postgres postgresql) \ + --enable-ipv6 \ + --enable-reload \ + --disable-prelude \ + --disable-build-dynamic-examples \ + --disable-profile \ + --disable-ppm-test \ + --disable-intel-soft-cpm \ + --disable-static-daq \ + --disable-rzb-saac \ + --without-oracle +} + +src_install() { + + emake DESTDIR="${D}" install || die "emake failed" + + dodir /var/log/snort \ + /var/run/snort \ + /etc/snort/rules \ + /etc/snort/so_rules \ + /usr/$(get_libdir)/snort_dynamicrules \ + || die "Failed to create core directories" + + # config.log and build.log are needed by Sourcefire + # to trouble shoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + dodoc RELEASE.NOTES ChangeLog \ + doc/* \ + tools/u2boat/README.u2boat \ + schemas/* || die "Failed to install snort docs" + + insinto /etc/snort + doins etc/attribute_table.dtd \ + etc/classification.config \ + etc/gen-msg.map \ + etc/reference.config \ + etc/threshold.conf \ + etc/unicode.map || die "Failed to install docs in etc" + + # We use snort.conf.distrib because the config file is complicated + # and the one shipped with snort can change drastically between versions. + # Users should migrate setting by hand and not with etc-update. + newins etc/snort.conf snort.conf.distrib \ + || die "Failed to add snort.conf.distrib" + + # config.log and build.log are needed by Sourcefire + # to troubleshoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + # 'die' was intentionally not added here. + if [ -f "${WORKDIR}/${PF}/config.log" ]; then + dodoc "${WORKDIR}/${PF}/config.log" + fi + if [ -f "${T}/build.log" ]; then + dodoc "${T}/build.log" + fi + + insinto /etc/snort/preproc_rules + doins preproc_rules/decoder.rules \ + preproc_rules/preprocessor.rules \ + preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files" + + fowners -R snort:snort \ + /var/log/snort \ + /var/run/snort \ + /etc/snort || die + + newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script" + newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file" + + # Sourcefire uses Makefiles to install docs causing Bug #297190. + # This removes the unwanted doc directory and rogue Makefiles. + rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories" + rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files" + + #Remove unneeded .la files (Bug #382863) + rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die + rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la" + + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection + sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct rule location in the config + sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct preprocessor/decoder rule location in the config + sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Enable the preprocessor/decoder rules + sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Just some clean up of trailing /'s in the config + sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Make it clear in the config where these are... + sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable all rule files by default. + sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable normalizer preprocessor config if normalizer USE flag not set. + if ! use normalizer; then + sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \ + "${D}etc/snort/snort.conf.distrib" || die + fi + + # Set the configured DAQ to afpacket + sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the location of the DAQ modules + sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the DAQ mode to passive + sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set snort to run as snort:snort + sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the default log dir + sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct so_rule location in the config + sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die +} + +pkg_postinst() { + + einfo "There have been a number of improvements and new features" + einfo "added to ${P}. Please review the RELEASE.NOTES and" + einfo "ChangLog located in /usr/share/doc/${PF}." + einfo + elog "The Sourcefire Vulnerability Research Team (VRT) recommends that" + elog "users migrate their snort.conf customizations to the latest config" + elog "file released by the VRT. You can find the latest version of the" + elog "Snort config file in /etc/snort/snort.conf.distrib." + elog + elog "!! It is important that you migrate to this new snort.conf file !!" + elog + elog "This version of the ebuild includes an updated init.d file and" + elog "conf.d file that rely on options found in the latest Snort" + elog "config file provided by the VRT." + + if use debug; then + elog "You have the 'debug' USE flag enabled. If this has been done to" + elog "troubleshoot an issue by producing a core dump or a back trace," + elog "then you need to also ensure the FEATURES variable in make.conf" + elog "contains the 'nostrip' option." + fi +} |