From owner-svn-ports-all@FreeBSD.ORG Sat Nov 3 13:14:06 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A47A3F85; Sat, 3 Nov 2012 13:14:06 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 81A0B8FC12; Sat, 3 Nov 2012 13:14:06 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id qA3DE6N1070929; Sat, 3 Nov 2012 13:14:06 GMT (envelope-from ohauer@svn.freebsd.org) Received: (from ohauer@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id qA3DE61k070926; Sat, 3 Nov 2012 13:14:06 GMT (envelope-from ohauer@svn.freebsd.org) Message-Id: <201211031314.qA3DE61k070926@svn.freebsd.org> From: Olli Hauer Date: Sat, 3 Nov 2012 13:14:06 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r306914 - in head/security/pulledpork: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Nov 2012 13:14:06 -0000 Author: ohauer Date: Sat Nov 3 13:14:06 2012 New Revision: 306914 URL: http://svn.freebsd.org/changeset/ports/306914 Log: - update to svn revision 243 Changes: http://code.google.com/p/pulledpork/source/detail?r=243 - Bug #121 - Update to allow for new etpro.com url and cert! - Bug #119 - Fixed regex [^\\]... - Unlisted Bug - Allow for escaped ; "\;" in references Feature safe: yes Added: head/security/pulledpork/files/patch-svn-r230-rHEAD - copied, changed from r306912, head/security/pulledpork/files/patch-svn-r230-r241 Deleted: head/security/pulledpork/files/patch-svn-r230-r241 Modified: head/security/pulledpork/Makefile Modified: head/security/pulledpork/Makefile ============================================================================== --- head/security/pulledpork/Makefile Sat Nov 3 13:13:22 2012 (r306913) +++ head/security/pulledpork/Makefile Sat Nov 3 13:14:06 2012 (r306914) @@ -1,13 +1,9 @@ -# New ports collection makefile for: pulledpork -# Date created: 01 Mai 2010 -# Whom: Olli Hauer -# +# Create by: Olli Hauer # $FreeBSD$ -# PORTNAME= pulledpork PORTVERSION= 0.6.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE} @@ -50,9 +46,6 @@ post-patch: -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ ${WRKSRC}/etc/pulledpork.conf @${REINPLACE_CMD} -e "s| /usr/bin/perl|${PERL}|" ${WRKSRC}/contrib/oink-conv.pl -# pulledpork bug id:110 - @${REINPLACE_CMD} -e 's|distro=FreeBSD-8.0|distro=FreeBSD-8-1|g' \ - ${WRKSRC}/etc/pulledpork.conf do-install: @${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${PREFIX}/bin Copied and modified: head/security/pulledpork/files/patch-svn-r230-rHEAD (from r306912, head/security/pulledpork/files/patch-svn-r230-r241) ============================================================================== --- head/security/pulledpork/files/patch-svn-r230-r241 Sat Nov 3 12:48:07 2012 (r306912, copy source) +++ head/security/pulledpork/files/patch-svn-r230-rHEAD Sat Nov 3 13:14:06 2012 (r306914) @@ -1,8 +1,8 @@ Index: doc/README.CHANGES =================================================================== --- doc/README.CHANGES (revision 230) -+++ doc/README.CHANGES (working copy) -@@ -1,5 +1,25 @@ ++++ doc/README.CHANGES (revision 243) +@@ -1,5 +1,30 @@ PulledPork Changelog +V0.6.2 the Cigar Pig @@ -21,9 +21,14 @@ Index: doc/README.CHANGES + flowbit resolution. NOTE that this DOES NOT AND WILL NOT disable automatic flowbit + resolution, this is a critical piece. +- Bug #81 - Updated valid SO distro pre-compiled list ++- Bug #114 - Update Regex to allow for null search/replace in modify_sid sub ++- Unlisted Bug - Allow for escaped ; "\;" in references ++- Bug #121 - Update to allow for new etpro.com url and cert! ++- Bug #119 - Fixed regex [^\\]... + +New Features / changes: +- Bug #105 - Removed Switch function as it is deprecated in > 5.12 perl ++- Unlisted Bug - Include IP Reputation capability + v0.6.1 the Smoking Pig, revisited @@ -31,8 +36,45 @@ Index: doc/README.CHANGES Index: etc/pulledpork.conf =================================================================== --- etc/pulledpork.conf (revision 230) -+++ etc/pulledpork.conf (working copy) -@@ -116,12 +116,15 @@ ++++ etc/pulledpork.conf (revision 243) +@@ -10,20 +10,22 @@ + ####### snort version and subscription etc...) + ####### + +-# The rule_url value replaces the old base_url and rule_file configuration +-# options. You can now specify one or as many rule_urls as you like, they ++# You can specify one or as many rule_urls as you like, they + # must appear as http://what.site.com/|rulesfile.tar.gz|1234567. You can specify + # each on an individual line, or you can specify them in a , separated list + # i.e. rule_url=http://x.y.z/|a.tar.gz|123,http://z.y.z/|b.tar.gz|456 + # note that the url, rule file, and oinkcode itself are separated by a pipe | + # i.e. url|tarball|123456789, + rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz| ++# NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST| ++# This format MUST be followed to let pulledpork know that this is a blacklist ++rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open + # get the rule docs! + rule_url=https://www.snort.org/reg-rules/|opensource.gz| +-rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open ++rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open + # THE FOLLOWING URL is for etpro downloads, note the tarball name change! + # and the et oinkcode requirement! +-rule_url=https://rules.emergingthreats.net/|etpro.rules.tar.gz| ++rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz| + # NOTE above that the VRT snortrules-snapshot does not contain the version + # portion of the tarball name, this is because PP now automatically populates + # this value for you, if, however you put the version information in, PP will +@@ -50,9 +52,6 @@ + # previous ignore line and uncomment the following! + # ignore=deleted,experimental,local,decoder,preprocessor,sensitive-data + +-# Define your Oinkcode - DEPRICATED, SEE RULE_URL +-# oinkcode=replacethiswithyouroinkcode +- + # What is our temp path, be sure this path has a bit of space for rule + # extraction and manipulation, no trailing slash + temp_path=/tmp +@@ -116,12 +115,15 @@ sostub_path=/usr/local/etc/snort/rules/so_rules.rules # Define your distro, this is for the precompiled shared object libs! @@ -54,7 +96,7 @@ Index: etc/pulledpork.conf ####### This next section is optional, but probably pretty useful to you. ####### Please read thoroughly! -@@ -160,8 +163,7 @@ +@@ -160,8 +162,7 @@ # This defines the version of snort that you are using, for use ONLY if the # proper snort binary is not on the system that you are fetching the rules with @@ -64,10 +106,16 @@ Index: etc/pulledpork.conf # numbers. ET rules are now also dependant on this, verify supported ET versions # prior to simply throwing rubbish in this variable kthx! # snort_version=2.9.0.0 +@@ -183,4 +184,4 @@ + ####### need to process so_rules, simply comment out the so_rule section + ####### you can also specify -T at runtime to process only GID 1 rules. + +-version=0.6.0 ++version=0.6.1 Index: etc/disablesid.conf =================================================================== --- etc/disablesid.conf (revision 230) -+++ etc/disablesid.conf (working copy) ++++ etc/disablesid.conf (revision 243) @@ -6,6 +6,10 @@ # Example of modifying state for rule ranges # 1:220-1:3264,3:13010-3:13013 @@ -82,7 +130,7 @@ Index: etc/disablesid.conf Index: etc/dropsid.conf =================================================================== --- etc/dropsid.conf (revision 230) -+++ etc/dropsid.conf (working copy) ++++ etc/dropsid.conf (revision 243) @@ -10,6 +10,10 @@ # Example of modifying state for rule ranges # 1:220-1:3264,3:13010-3:13013 @@ -97,7 +145,7 @@ Index: etc/dropsid.conf Index: etc/enablesid.conf =================================================================== --- etc/enablesid.conf (revision 230) -+++ etc/enablesid.conf (working copy) ++++ etc/enablesid.conf (revision 243) @@ -10,6 +10,10 @@ # Example of modifying state for rule ranges # 1:220-1:3264,3:13010-3:13013 @@ -112,7 +160,7 @@ Index: etc/enablesid.conf Index: pulledpork.pl =================================================================== --- pulledpork.pl (revision 230) -+++ pulledpork.pl (working copy) ++++ pulledpork.pl (revision 243) @@ -33,7 +33,6 @@ use Getopt::Long qw(:config no_ignore_case bundling); use Archive::Tar; @@ -165,7 +213,34 @@ Index: pulledpork.pl $tar->remove("preproc_rules/$preprocfile"); } elsif ( $_ =~ /\.so/ ) { -@@ -714,11 +715,10 @@ +@@ -368,6 +369,10 @@ + getstore( "https://www.snort.org/reg-rules/$rule_file/$oinkcode", + $temp_path . $rule_file ); + } ++ elsif ($rule_file eq "IPBLACKLIST"){ ++ $getrules_rule = ++ getstore( "http://labs.snort.org/feeds/ip-filter.blf", $temp_path . "black_list.rules") ++ } + else { + $getrules_rule = + getstore( $base_url . "/" . $rule_file, $temp_path . $rule_file ); +@@ -435,7 +440,7 @@ + getstore( "https://www.snort.org/reg-rules/$rule_file.md5/$oinkcode", + $temp_path . $rule_file . ".md5" ); + } +- elsif ( $base_url =~ /emergingthreats\.net/i ) { ++ elsif ( $base_url =~ /(emergingthreats\.net|emergingthreatspro\.com)/i ) { + $getrules_md5 = getstore( + "$base_url/$rule_file" . ".md5", + $temp_path . $rule_file . ".md5" +@@ -708,17 +713,16 @@ + open( FH, "<$file" ) || carp "Unable to open $file\n"; + while () { + next if ( ( $_ =~ /^\s*#/ ) || ( $_ eq " " ) ); +- if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.+)"/ ) { ++ if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.*)"/ ) { + my ( $sids, $from, $to ) = ( $1, $2, $3 ); + @arry = split( /,/, $sids ) if $sids !~ /\*/; @arry = "*" if $sids =~ /\*/; foreach my $sid (@arry) { $sid = trim($sid); @@ -179,7 +254,7 @@ Index: pulledpork.pl } elsif ( $sid eq "*" ) { print "\tModifying ALL SIDS from:$from to:$to\n" -@@ -739,21 +739,22 @@ +@@ -739,21 +743,22 @@ # speed ftw! sub modify_state { my ( $function, $SID_conf, $hashref, $rstate ) = @_; @@ -206,7 +281,7 @@ Index: pulledpork.pl { push( @sid_mod, split( /,/, $sidlist ) ); } -@@ -861,8 +862,8 @@ +@@ -861,8 +866,8 @@ if ( $gid && $sid ) { $gid =~ s/:\d+//; $sid =~ s/\d+://; @@ -217,7 +292,7 @@ Index: pulledpork.pl if ( exists $$hashref{$gid}{$sid} && $$hashref{$gid}{$sid}{'rule'} =~ /^\s*#\s*(alert|drop|pass)/i -@@ -904,7 +905,7 @@ +@@ -904,7 +909,7 @@ } } } @@ -226,7 +301,7 @@ Index: pulledpork.pl if ( exists $$hashref{$gid}{$sid} && $$hashref{$gid}{$sid}{'rule'} =~ /^\s*#*\s*alert/i ) -@@ -919,7 +920,7 @@ +@@ -919,7 +924,7 @@ $sidcount++; } } @@ -235,7 +310,7 @@ Index: pulledpork.pl if ( exists $$hashref{$gid}{$sid} && $$hashref{$gid}{$sid}{'rule'} =~ /^\s*(alert|drop|pass)/i ) -@@ -974,11 +975,12 @@ +@@ -974,15 +979,16 @@ ## make the sid-msg.map sub sid_msg { @@ -249,7 +324,49 @@ Index: pulledpork.pl ( my $header, my $options ) = split( /^[^"]* \(\s*/, $$ruleshash{$k}{$k2}{'rule'} ) if defined $$ruleshash{$k}{$k2}{'rule'}; -@@ -1843,6 +1845,10 @@ +- my @optarray = split( /;(\t|\s)?/, $options ) if $options; ++ my @optarray = split( /[^\\];(\t|\s)?/, $options ) if $options; + foreach my $option ( reverse(@optarray) ) { + my ( $kw, $arg ) = split( /:/, $option ) if $option; + if ( $kw && $arg ) { +@@ -1460,8 +1466,8 @@ + + if ( exists $Config_info{'version'} ) { + croak "You are not using the current version of pulledpork.conf!\n", +- "Please use the version that shipped with $VERSION!\n\n" +- if $Config_info{'version'} ne "0.6.0"; ++ "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" ++ if $Config_info{'version'} ne "0.6.1"; + } + else { + croak +@@ -1674,6 +1680,7 @@ + } + else { + $ENV{HTTPS_PROXY} = $proxy; ++ $ENV{HTTP_PROXY} = $proxy; + } + } + undef $proxy; +@@ -1742,7 +1749,7 @@ + $rule_file = "snortrules-snapshot-$Snortv.tar.gz"; + } + } +- elsif ( $base_url =~ /emergingthreats.net/ ) { ++ elsif ( $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/ ) { + $prefix = "ET-"; + my $Snortv = $Snort; + $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//; +@@ -1794,7 +1801,7 @@ + $rule_file = "snortrules-snapshot-$Snortv.tar.gz"; + } + } +- $prefix = "ET-" if $base_url =~ /emergingthreats.net/; ++ $prefix = "ET-" if $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/; + croak "file $temp_path/$rule_file does not exist!\n" + unless -f "$temp_path/$rule_file"; + rule_extract( +@@ -1843,6 +1850,10 @@ policy_set( $ips_policy, \%rules_hash ); } @@ -260,7 +377,7 @@ Index: pulledpork.pl foreach (@sidact) { if ( $sidmod{$_} && -f $sidmod{$_} ) { modify_state( $_, $sidmod{$_}, \%rules_hash, $rstate ); -@@ -1852,11 +1858,7 @@ +@@ -1852,11 +1863,7 @@ } } @@ -273,7 +390,7 @@ Index: pulledpork.pl if ( !$Quiet ); my $fbits = 1; -@@ -1878,8 +1880,7 @@ +@@ -1878,8 +1885,7 @@ } if ($sid_msg_map) {