* [gentoo-commits] gentoo-x86 commit in net-analyzer/snort: metadata.xml ChangeLog snort-2.9.0.5.ebuild snort-2.9.2.1.ebuild snort-2.9.1.ebuild snort-2.8.6.1.ebuild snort-2.8.5.1.ebuild snort-2.9.0.4-r1.ebuild snort-2.8.6.ebuild snort-2.9.2.ebuild snort-2.8.5.3.ebuild
@ 2012-03-11 14:01 Joshua Kinard (kumba)
0 siblings, 0 replies; only message in thread
From: Joshua Kinard (kumba) @ 2012-03-11 14:01 UTC (permalink / raw
To: gentoo-commits
kumba 12/03/11 14:01:46
Modified: metadata.xml ChangeLog snort-2.9.0.5.ebuild
snort-2.9.1.ebuild
Added: snort-2.9.2.1.ebuild
Removed: snort-2.8.6.1.ebuild snort-2.8.5.1.ebuild
snort-2.9.0.4-r1.ebuild snort-2.8.6.ebuild
snort-2.9.2.ebuild snort-2.8.5.3.ebuild
Log:
Drop old versions and associated files, add 2.9.2.1, and tweak SRC_URI to use a download URL specified on the Snort website that doesn't require manual updating for each new release.
(Portage version: 2.1.10.45/cvs/Linux x86_64)
Revision Changes Path
1.17 net-analyzer/snort/metadata.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/metadata.xml?rev=1.17&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/metadata.xml?rev=1.17&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/metadata.xml?r1=1.16&r2=1.17
Index: metadata.xml
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/metadata.xml,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- metadata.xml 22 Sep 2011 17:39:51 -0000 1.16
+++ metadata.xml 11 Mar 2012 14:01:46 -0000 1.17
@@ -43,24 +43,11 @@
and rules library. This is required if you want to use shared
object (SO) snort rules.
</flag>
- <flag name='flexresp'>
- (DEPRECIATED) Original method for enabling connection tearing for
- inline deployments. Replaced with flexresp3 in Snort-2.9.0.
- </flag>
- <flag name='flexresp2'>
- (DEPRECIATED) Replaced flexresp for enabling connection tearing for
- inline deployments. Replaced with flexresp3 in Snort-2.9.0.
- </flag>
<flag name='gre'>
Enable support for inspecting and processing Generic Routing
Encapsulation (GRE) packet headders. Only needed if you are
monitoring GRE tunnels.
</flag>
- <flag name='inline'>
- (DEPRECIATED) Enables support for deploying snort inline. Uses
- <pkg>net-firewall/iptables</pkg>, via libipq, rather than
- <pkg>net-libs/libpcap</pkg>. Replaced by DAQ in Snort-2.9.0
- </flag>
<flag name='inline-init-failopen'>
Enables support to allow traffic to pass (fail-open) through
inline deployments while snort is starting and not ready to begin
@@ -97,14 +84,6 @@
for all hosts on the monitored network. This is cumbersome, but
can improve intrusion detection accuracy.
</flag>
- <flag name='timestats'>
- (DEPRECIATED) Enables support for printing packet stats on a per
- hour and per protocol breakdown. Depreciated in Snort-2.9.0.
- </flag>
- <flag name='reload'>
- Enables support for reloading a configuration without restarting
- snort.
- </flag>
<flag name='reload-error-restart'>
Enables support for completely restarting snort if an error is
detected durring a reload.
1.190 net-analyzer/snort/ChangeLog
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/ChangeLog?rev=1.190&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/ChangeLog?rev=1.190&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/ChangeLog?r1=1.189&r2=1.190
Index: ChangeLog
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -r1.189 -r1.190
--- ChangeLog 11 Mar 2012 03:46:08 -0000 1.189
+++ ChangeLog 11 Mar 2012 14:01:46 -0000 1.190
@@ -1,6 +1,18 @@
# ChangeLog for net-analyzer/snort
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.189 2012/03/11 03:46:08 radhermit Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.190 2012/03/11 14:01:46 kumba Exp $
+
+*snort-2.9.2.1 (11 Mar 2012)
+
+ 11 Mar 2012; Joshua Kinard <kumba@gentoo.org>
+ -files/snort-2.8.4-libnet.patch, -snort-2.8.5.1.ebuild,
+ -snort-2.8.5.3.ebuild, -snort-2.8.6.ebuild, -snort-2.8.6.1.ebuild,
+ -snort-2.9.0.4-r1.ebuild, snort-2.9.0.5.ebuild, snort-2.9.1.ebuild,
+ -snort-2.9.2.ebuild, +snort-2.9.2.1.ebuild, -files/pcap_memory.patch,
+ -files/snort.rc9, -files/snort.reload.rc1, metadata.xml:
+ Drop old versions and associated files, add 2.9.2.1, and tweak SRC_URI to use
+ a download URL specified on the Snort website that doesn't require manual
+ updating for each new release.
11 Mar 2012; Tim Harder <radhermit@gentoo.org> snort-2.9.2.ebuild:
Fix multilib issue (bug #403725, patch by Rick Farina).
1.5 net-analyzer/snort/snort-2.9.0.5.ebuild
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.0.5.ebuild?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.0.5.ebuild?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.0.5.ebuild?r1=1.4&r2=1.5
Index: snort-2.9.0.5.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.0.5.ebuild,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- snort-2.9.0.5.ebuild 21 Sep 2011 15:33:43 -0000 1.4
+++ snort-2.9.0.5.ebuild 11 Mar 2012 14:01:46 -0000 1.5
@@ -1,16 +1,16 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.0.5.ebuild,v 1.4 2011/09/21 15:33:43 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.0.5.ebuild,v 1.5 2012/03/11 14:01:46 kumba Exp $
EAPI="2"
inherit eutils autotools multilib
DESCRIPTION="The de facto standard for intrusion detection/prevention"
HOMEPAGE="http://www.snort.org/"
-SRC_URI="http://www.snort.org/downloads/867 -> ${P}.tar.gz"
+SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~ppc ~ppc64 ~sparc ~x86"
+KEYWORDS="~alpha amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~mips"
IUSE="static +dynamicplugin +ipv6 +zlib gre mpls targetbased +decoder-preprocessor-rules
ppm perfprofiling linux-smp-stats inline-init-failopen prelude +threads debug
active-response normalizer reload-error-restart react flexresp3
1.4 net-analyzer/snort/snort-2.9.1.ebuild
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.1.ebuild?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.1.ebuild?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.1.ebuild?r1=1.3&r2=1.4
Index: snort-2.9.1.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.1.ebuild,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- snort-2.9.1.ebuild 29 Sep 2011 06:04:55 -0000 1.3
+++ snort-2.9.1.ebuild 11 Mar 2012 14:01:46 -0000 1.4
@@ -1,16 +1,16 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.1.ebuild,v 1.3 2011/09/29 06:04:55 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.1.ebuild,v 1.4 2012/03/11 14:01:46 kumba Exp $
EAPI="2"
inherit eutils autotools multilib
DESCRIPTION="The de facto standard for intrusion detection/prevention"
HOMEPAGE="http://www.snort.org/"
-SRC_URI="http://www.snort.org/downloads/1107 -> ${P}.tar.gz"
+SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="~amd64 ~x86"
+KEYWORDS="amd64 x86 ~mips"
IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules
+ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response
+normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit
1.1 net-analyzer/snort/snort-2.9.2.1.ebuild
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.2.1.ebuild?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/snort/snort-2.9.2.1.ebuild?rev=1.1&content-type=text/plain
Index: snort-2.9.2.1.ebuild
===================================================================
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.1.ebuild,v 1.1 2012/03/11 14:01:46 kumba Exp $
EAPI="2"
inherit eutils autotools multilib
DESCRIPTION="The de facto standard for intrusion detection/prevention"
HOMEPAGE="http://www.snort.org/"
SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86 ~mips"
IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules
+ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response
+normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit
aruba mysql odbc postgres selinux"
DEPEND=">=net-libs/libpcap-1.0.0
>=net-libs/daq-0.5
>=dev-libs/libpcre-6.0
dev-libs/libdnet
postgres? ( dev-db/postgresql-base )
mysql? ( virtual/mysql )
odbc? ( dev-db/unixODBC )
zlib? ( sys-libs/zlib )"
RDEPEND="${DEPEND}
selinux? ( sec-policy/selinux-snort )"
pkg_setup() {
if use zlib && ! use dynamicplugin; then
eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag."
eerror "'zlib' requires 'dynamicplugin' be enabled."
die
fi
# pre_inst() is a better place to put this
# but we need it here for the 'fowners' statements in src_install()
enewgroup snort
enewuser snort -1 -1 /dev/null snort
}
src_prepare() {
#Multilib fix for the sf_engine
einfo "Applying multilib fix."
sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
|| die "sed for sf_engine failed"
#Multilib fix for the curent set of dynamic-preprocessors
for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do
sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
|| die "sed for $i failed."
done
AT_M4DIR=m4 eautoreconf
}
src_configure() {
econf \
$(use_enable !static shared) \
$(use_enable static) \
$(use_enable static so-with-static-lib) \
$(use_enable dynamicplugin) \
$(use_enable zlib) \
$(use_enable gre) \
$(use_enable mpls) \
$(use_enable targetbased) \
$(use_enable decoder-preprocessor-rules) \
$(use_enable ppm) \
$(use_enable perfprofiling) \
$(use_enable linux-smp-stats) \
$(use_enable inline-init-failopen) \
$(use_enable threads pthread) \
$(use_enable debug) \
$(use_enable debug debug-msgs) \
$(use_enable debug corefiles) \
$(use_enable !debug dlclose) \
$(use_enable active-response) \
$(use_enable normalizer) \
$(use_enable reload-error-restart) \
$(use_enable react) \
$(use_enable flexresp3) \
$(use_enable paf) \
$(use_enable large-pcap-64bit large-pcap) \
$(use_enable aruba) \
$(use_with mysql) \
$(use_with odbc) \
$(use_with postgres postgresql) \
--enable-ipv6 \
--enable-reload \
--disable-prelude \
--disable-build-dynamic-examples \
--disable-profile \
--disable-ppm-test \
--disable-intel-soft-cpm \
--disable-static-daq \
--disable-rzb-saac \
--without-oracle
}
src_install() {
emake DESTDIR="${D}" install || die "emake failed"
dodir /var/log/snort \
/var/run/snort \
/etc/snort/rules \
/etc/snort/so_rules \
/usr/$(get_libdir)/snort_dynamicrules \
|| die "Failed to create core directories"
# config.log and build.log are needed by Sourcefire
# to trouble shoot build problems and bug reports so we are
# perserving them incase the user needs upstream support.
dodoc RELEASE.NOTES ChangeLog \
doc/* \
tools/u2boat/README.u2boat \
schemas/* || die "Failed to install snort docs"
insinto /etc/snort
doins etc/attribute_table.dtd \
etc/classification.config \
etc/gen-msg.map \
etc/reference.config \
etc/threshold.conf \
etc/unicode.map || die "Failed to install docs in etc"
# We use snort.conf.distrib because the config file is complicated
# and the one shipped with snort can change drastically between versions.
# Users should migrate setting by hand and not with etc-update.
newins etc/snort.conf snort.conf.distrib \
|| die "Failed to add snort.conf.distrib"
# config.log and build.log are needed by Sourcefire
# to troubleshoot build problems and bug reports so we are
# perserving them incase the user needs upstream support.
# 'die' was intentionally not added here.
if [ -f "${WORKDIR}/${PF}/config.log" ]; then
dodoc "${WORKDIR}/${PF}/config.log"
fi
if [ -f "${T}/build.log" ]; then
dodoc "${T}/build.log"
fi
insinto /etc/snort/preproc_rules
doins preproc_rules/decoder.rules \
preproc_rules/preprocessor.rules \
preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files"
fowners -R snort:snort \
/var/log/snort \
/var/run/snort \
/etc/snort || die
newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script"
newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file"
# Sourcefire uses Makefiles to install docs causing Bug #297190.
# This removes the unwanted doc directory and rogue Makefiles.
rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"
rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"
#Remove unneeded .la files (Bug #382863)
rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die
rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"
# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the correct rule location in the config
sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the correct preprocessor/decoder rule location in the config
sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Enable the preprocessor/decoder rules
sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \
"${D}etc/snort/snort.conf.distrib" || die
sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Just some clean up of trailing /'s in the config
sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Make it clear in the config where these are...
sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \
"${D}etc/snort/snort.conf.distrib" || die
sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Disable all rule files by default.
sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Disable normalizer preprocessor config if normalizer USE flag not set.
if ! use normalizer; then
sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \
"${D}etc/snort/snort.conf.distrib" || die
fi
# Set the configured DAQ to afpacket
sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the location of the DAQ modules
sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the DAQ mode to passive
sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set snort to run as snort:snort
sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \
"${D}etc/snort/snort.conf.distrib" || die
sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the default log dir
sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \
"${D}etc/snort/snort.conf.distrib" || die
# Set the correct so_rule location in the config
sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \
"${D}etc/snort/snort.conf.distrib" || die
}
pkg_postinst() {
einfo "There have been a number of improvements and new features"
einfo "added to ${P}. Please review the RELEASE.NOTES and"
einfo "ChangLog located in /usr/share/doc/${PF}."
einfo
elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
elog "users migrate their snort.conf customizations to the latest config"
elog "file released by the VRT. You can find the latest version of the"
elog "Snort config file in /etc/snort/snort.conf.distrib."
elog
elog "!! It is important that you migrate to this new snort.conf file !!"
elog
elog "This version of the ebuild includes an updated init.d file and"
elog "conf.d file that rely on options found in the latest Snort"
elog "config file provided by the VRT."
if use debug; then
elog "You have the 'debug' USE flag enabled. If this has been done to"
elog "troubleshoot an issue by producing a core dump or a back trace,"
elog "then you need to also ensure the FEATURES variable in make.conf"
elog "contains the 'nostrip' option."
fi
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-03-11 14:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-11 14:01 [gentoo-commits] gentoo-x86 commit in net-analyzer/snort: metadata.xml ChangeLog snort-2.9.0.5.ebuild snort-2.9.2.1.ebuild snort-2.9.1.ebuild snort-2.8.6.1.ebuild snort-2.8.5.1.ebuild snort-2.9.0.4-r1.ebuild snort-2.8.6.ebuild snort-2.9.2.ebuild snort-2.8.5.3.ebuild Joshua Kinard (kumba)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox