diff options
| author |   Patrick Lauer <patrick@gentoo.org> | 2009-03-01 19:16:21 +0000 |
|---|---|---|
| committer | Patrick Lauer <patrick@gentoo.org> | 2009-03-01 19:16:21 +0000 |
| commit | 8db8f87f9fa5ac362a445f86ca7a49976a4315bc (patch) | |
| tree | 6fbc10ccf6af0119ab5f8b910fb66dc9bf324d50 /net-analyzer/snort | |
| parent | Added fix for _FORTIFY_SOURCE=2, thank loki_val to point to a patch from Fedo... (diff) | |
| download | historical-8db8f87f9fa5ac362a445f86ca7a49976a4315bc.tar.gz historical-8db8f87f9fa5ac362a445f86ca7a49976a4315bc.tar.bz2 historical-8db8f87f9fa5ac362a445f86ca7a49976a4315bc.zip | |
Fixing snort 2.6.1.4 for gcc 4.3.3 / foritfy_sources. Fixes #258487. Patch by Attila Fazekas.
Package-Manager: portage-2.2_rc23/cvs/Linux x86_64
Diffstat (limited to 'net-analyzer/snort')
| -rw-r--r-- | net-analyzer/snort/ChangeLog | 9 | ||||
| -rw-r--r-- | net-analyzer/snort/Manifest | 14 | ||||
| -rw-r--r-- | net-analyzer/snort/files/snort-2.6.1.4-server_stats.patch | 11 | ||||
| -rw-r--r-- | net-analyzer/snort/snort-2.6.1.4-r1.ebuild | 193 |
4 files changed, 215 insertions, 12 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog index 097be109b207..c53b8051632d 100644 --- a/net-analyzer/snort/ChangeLog +++ b/net-analyzer/snort/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-analyzer/snort # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.138 2009/01/26 18:37:26 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.139 2009/03/01 19:16:21 patrick Exp $ + +*snort-2.6.1.4-r1 (01 Mar 2009) + + 01 Mar 2009; Patrick Lauer <patrick@gentoo.org> + +files/snort-2.6.1.4-server_stats.patch, +snort-2.6.1.4-r1.ebuild: + Fixing snort 2.6.1.4 for gcc 4.3.3 / foritfy_sources. Fixes #258487. Patch + by Attila Fazekas. 26 Jan 2009; Mike Frysinger <vapier@gentoo.org> snort-2.8.3.1.ebuild: Drop usage of USE=pic here. diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest index 894b75deb73f..3964bfdce07f 100644 --- a/net-analyzer/snort/Manifest +++ b/net-analyzer/snort/Manifest @@ -1,10 +1,8 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX snort-2.6.1.1-libnet.patch 8062 RMD160 fb42546b2efce968160afb0a0e0e96c8f0ad1471 SHA1 bcac8005327e016d8ffc1cf4b74aeb80228a2839 SHA256 ff36205cdd4554ff23c845383a82c9fdef6682a399072f3306f6aa3b74378b86 AUX snort-2.6.1.2-libdir.patch 446 RMD160 7508ad071e9cc9746f3c501c2525d82df3fdd9d0 SHA1 04cc4ddbd4570175483a33ce0729eb156473a1a5 SHA256 252743e9e5ddf4867f64cfcf22ca6127d07e6c69285635c0b7025a606a5fedc8 AUX snort-2.6.1.2-react.patch 952 RMD160 f5856ba63d63c20386af53b1e95db3d3ce758843 SHA1 b2c87c82b4c32af573b30fc39441d3f393afd284 SHA256 15cfb26179883a962612cdf54f283fd195199118328586595f001a750ad68ab1 AUX snort-2.6.1.4-libdnet-ip6.patch 482 RMD160 9d420da94d42aacf1a4c8fabb1a9637f73dff8b3 SHA1 2ff42e316d5c49201b85e78f99b1cae4449b7656 SHA256 7f24211c9295a848d1d29effaab2f7f38459823acb83e2d78da3d45019139e14 +AUX snort-2.6.1.4-server_stats.patch 525 RMD160 8639c175a992090c4cbadc22b8a8b64624013e2f SHA1 39c6a95436707e58b2fc6cb22476405ef996692b SHA256 e2d012e25dca6de507e8b3fd019cb904b2a194a73ba5ffed210902a8960916fd AUX snort-2.8.3.1-libnet.patch 8954 RMD160 eb6a2eac6f6005bf8118afeeda6ea52675470156 SHA1 7370bc6c97417cf78a57f8d3f3c3bc3365ce2d56 SHA256 e3edce56ba0568d1db75accc7afb0b86d3de7034aba20daf0f61bf32770b3c2a AUX snort.confd 423 RMD160 8312bad7b271cc20a9eeb8f08f0cba5cd330eb2f SHA1 149a377477a43ff78c7b3c73c159773e41adf892 SHA256 d504cb31ffcce9acc8fc7b68123a31a53b491444c52730339ea9a4e986521f71 AUX snort.rc7 740 RMD160 f9b799730b2699bd12bea76b23be13979121a12d SHA1 9e177163520facfdd322dc20dd5bcc89388237d1 SHA256 97314f3c7273c7ecdbaaf16cc82ee291b550ed4b1c339aa333cfaa7c7af5d991 @@ -22,15 +20,9 @@ DIST snortrules-pr-2.4.tar.gz 789097 RMD160 dd2179b3ce8a55699d2e1b857426e5489191 DIST snortsam-20050110.tar.gz 29395 RMD160 ec80ce024ed7a013da35444ef1098ba3faa6cfc3 SHA1 46a274abeeea4e808849c65b9d510a5b5a221ba6 SHA256 dc428458f3c47684aabb89036ca7e601a6aa92864dbf23b31f33732b76c2a01e EBUILD snort-2.4.5.ebuild 4416 RMD160 bacac50a4b25f8058772efca252d6b5e55df383e SHA1 aa6a406325a74ede990940596712573b0937e24e SHA256 02a75c07e7791fb9b67c00ab03e776bec2b08f965177b7c6e85b55e33be3f008 EBUILD snort-2.6.1.3-r1.ebuild 5890 RMD160 f81043cc4317907667817315dc425f79f49693fa SHA1 fd019204ead1468ad60d6c93cc58ecca87406ab4 SHA256 5eacf6083fc26e2ae2a1fc2b9238c146f5998851fe47f0ba650dd41e86617913 +EBUILD snort-2.6.1.4-r1.ebuild 6032 RMD160 4e04385e15ac0da60eb33b6decef9ef75bee2663 SHA1 0bedfba77442ea44e10376e8f8062eda69abbdd3 SHA256 be1bbc9e98f1f0b0a84ea3cd2c5c6d61b34829809b4580a09523767dc9248756 EBUILD snort-2.6.1.4.ebuild 5984 RMD160 57047f39db0979462684f75775c876b1f3e737d2 SHA1 cc4340770104cd6ffdab42165b27bd149d68103d SHA256 ada6aa994e747869846bf6bf41e8579b0a8bda56b945a1409d0af0d3c3e99eb8 EBUILD snort-2.7.0.1.ebuild 5408 RMD160 e9d46031bc510e0eb052e4d86906d549bd2265b9 SHA1 ef571fd63b0068b8aa86d5ca04360b6b66c1ec01 SHA256 194ec0bb0b17fa4bdd48451f1f7c940bed4454c88450833aa213207dc16a104e EBUILD snort-2.8.3.1.ebuild 8974 RMD160 6ef2f46e1c73fb775bd5bdff90260a364e1a0d4e SHA1 57f21974a405eb88146877dd0fa477150c568bde SHA256 82f8cb84bb3bbf6cab5715f3c0dd3fa6066ee5b1905f4200a9c31af4790613b5 -MISC ChangeLog 24716 RMD160 905bee3d1e63349814df70409943f1da1696aaab SHA1 5200d84ab45ca18fec1247aaf1f098c72ee20ede SHA256 0840f0292ca8cfd69df17138369be8e764346ac961df0be1c534de1937739fa9 +MISC ChangeLog 24968 RMD160 bd4b24886d88ca6bb7b2d49987d6a877218eae75 SHA1 8f90605fe9764e83fdc22471dfa40a24b18e1e09 SHA256 f3662d85ee62e15c92ccc51c68e94d87d70dbee6b3daf24957c4d12a9e39fe92 MISC metadata.xml 1828 RMD160 939d3c643196173d5641e61f8fb12e264fa8c893 SHA1 5b2e23c4e4e83586ae45308a10f472c1c9d61a08 SHA256 e66e252ca16a7c44077b1f60772e55a2e3ae93eb85c6addd1f8997326a6bd16c ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.9 (GNU/Linux) - -iEYEARECAAYFAkl+Au0ACgkQn/5bYzqsSmGzewCePrlHBXga35p2oTjNgQLnJS9l -lPcAnROK1zJmiSOSOCeO4dOxMUQx0KH4 -=uNuP ------END PGP SIGNATURE----- diff --git a/net-analyzer/snort/files/snort-2.6.1.4-server_stats.patch b/net-analyzer/snort/files/snort-2.6.1.4-server_stats.patch new file mode 100644 index 000000000000..752b24fc4592 --- /dev/null +++ b/net-analyzer/snort/files/snort-2.6.1.4-server_stats.patch @@ -0,0 +1,11 @@ +--- snort-2.6.1.4/src/preprocessors/flow/portscan/server_stats.c.orig 2006-05-24 18:06:57.000000000 +0200 ++++ snort-2.6.1.4/src/preprocessors/flow/portscan/server_stats.c 2009-03-01 07:57:10.000000000 +0100 +@@ -325,7 +325,7 @@ + + /* open this description, create it if necessary, always wait on + * sync to disk w/ every write, only write */ +- fd = open(filename, O_CREAT|O_TRUNC|O_SYNC|O_WRONLY); ++ fd = open(filename, O_CREAT|O_TRUNC|O_SYNC|O_WRONLY,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); + + if(fd < 0) + { diff --git a/net-analyzer/snort/snort-2.6.1.4-r1.ebuild b/net-analyzer/snort/snort-2.6.1.4-r1.ebuild new file mode 100644 index 000000000000..ae014ccfc7b5 --- /dev/null +++ b/net-analyzer/snort/snort-2.6.1.4-r1.ebuild @@ -0,0 +1,193 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.6.1.4-r1.ebuild,v 1.3 2009/03/01 19:16:21 patrick Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" +AT_M4DIR=m4 + +inherit eutils autotools + +DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/current/${P}.tar.gz + http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz + http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz + snortsam? ( mirror://gentoo/snortsam-20050110.tar.gz )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="postgres mysql flexresp selinux snortsam odbc prelude inline dynamicplugin +timestats perfprofiling linux-smp-stats flexresp2 react sguil gre" + +DEPEND="virtual/libc + >=dev-libs/libpcre-4.2-r1 + virtual/libpcap + flexresp? ( ~net-libs/libnet-1.0.2a ) + flexresp2? ( dev-libs/libdnet ) + react? ( ~net-libs/libnet-1.0.2a ) + postgres? ( virtual/postgresql-base ) + mysql? ( virtual/mysql ) + prelude? ( >=dev-libs/libprelude-0.9.0 ) + odbc? ( dev-db/unixODBC ) + >=sys-devel/libtool-1.4 + inline? ( + ~net-libs/libnet-1.0.2a + net-firewall/iptables + )" + +RDEPEND="${DEPEND} + dev-lang/perl + selinux? ( sec-policy/selinux-snort ) + snortsam? ( net-analyzer/snortsam )" + +pkg_setup() { + enewgroup snort + enewuser snort -1 -1 /dev/null snort + + if use flexresp && use flexresp2 ; then + ewarn + ewarn "You have both the 'flexresp' and 'flexresp2' USE" + ewarn "flags set. You can use 'flexresp' or 'flexresp2'" + ewarn "but not both." + ewarn + ewarn "Defaulting to flexresp2..." + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${PN}-2.6.1.2-libdir.patch" + epatch "${FILESDIR}/${PN}-2.6.1.1-libnet.patch" + epatch "${FILESDIR}/${P}-libdnet-ip6.patch" + epatch "${FILESDIR}/${P}-server_stats.patch" + use react && epatch "${FILESDIR}/${PN}-2.6.1.2-react.patch" + sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \ + etc/snort.conf + + if use prelude ; then + sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in + fi + + if use snortsam ; then + cd .. + einfo "Applying snortsam patch" + sed -i "s/PLUGIN_FWSAM/PLUGIN_FWSAM,/" snortpatch9 || die "sed failed" + ./patchsnort.sh "${S}" || die "snortsam patch failed" + cd "${S}" + fi + + einfo "Regenerating autoconf/automake files" + eautoreconf +} + +src_compile() { + local myconf + + if use flexresp2; then + myconf="${myconf} --enable-flexresp2" + elif use flexresp; then + myconf="${myconf} --enable-flexresp" + fi + + if use react && ! use flexresp; then + myconf="${myconf} --enable-react" + fi + + use gre && myconf="${myconf} --enable-gre" + + myconf="${myconf} --with-libipq-includes=/usr/include/libipq" + + econf \ + --without-oracle \ + $(use_with postgres postgresql) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_enable prelude) \ + $(use_enable inline) \ + $(use_enable dynamicplugin) \ + $(use_enable timestats) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + ${myconf} || die "econf failed" + + # limit to single as reported by jforman on irc + emake -j1 || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + + keepdir /var/log/snort/ + + dodoc doc/* + dodoc ./RELEASE.NOTES + docinto schemas ; dodoc schemas/* + + insinto /etc/snort + doins etc/reference.config etc/classification.config \ + etc/*.map etc/threshold.conf + use dynamicplugin || sed -i -e 's:^dynamic:# dynamic:g' etc/snort.conf + sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" -e 's:/usr/local/:/usr/:g' \ + etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib + + newinitd "${FILESDIR}/snort.rc8" snort + newconfd "${FILESDIR}/snort.confd" snort + + fowners snort:snort /var/log/snort + fperms 0770 /var/log/snort + + # install rules + insinto /etc/snort/rules + doins -r "${WORKDIR}"/rules/* +} + +pkg_postinst() { + ewarn + ewarn "Users upgrading from snort 2.4.x should take care when updating" + ewarn "their snort.conf. A number of significant changes have been" + ewarn "have been added to snort 2.6 including the addition of" + ewarn "dynamically loadable preprocessors, detection engine and rules." + ewarn "Snort 2.6 also includes the addition of performance profiling" + ewarn "for rules & preprocessors and uses a new default pattern matcher" + ewarn "which provides faster matching at the expense of being very" + ewarn "memory intensive." + ewarn + ewarn "If you find that snort is using too much memory, your system" + ewarn "freezes, or snort crashes after a few minutes try adding the" + ewarn "following to your snort.conf..." + ewarn + ewarn "'config detection: search-method ac-sparsebands'" + ewarn + ewarn "This will provide high pattern matching performance at a much" + ewarn "lower cost to memory. For more information on the new features" + ewarn "in snort 2.6, please take a look at the release notes located in..." + ewarn + ewarn " /usr/share/doc/${PF}/RELEASE.NOTES.bz2" + ewarn + einfo "To use a database as a backend for snort you will have to" + einfo "import the correct tables to the database." + einfo "You will have to setup a database called snort before doing the" + einfo "following..." + einfo + einfo " MySQL: zcat /usr/share/doc/${PF}/schemas/create_mysql.gz | mysql -p snort" + einfo + einfo " PostgreSQL: import /usr/share/doc/${PF}/schemas/create_postgresql.gz" + einfo + einfo " ODBC: look at /usr/share/doc/${PF}/schemas/" + einfo + einfo "Users using the unified output plugin and barnyard do not need to" + einfo "compile database support into snort, but still need to set up their" + einfo "database as shown above." + einfo + ewarn "Only a basic set of rules was installed." + ewarn "Please add your other sets of rules to /etc/snort/rules." + ewarn "For more information on rules, visit ${HOMEPAGE}." + if use sguil ; then + elog "SGUIL needs to catch up with snort 2.6.x. If you plan on using SGUIL" + elog "you should unmerge ${P} and emerge snort-2.4.x" + fi +} |