Date: Sun, 18 Jan 2015 07:12:37 +0000 (UTC) From: Kubilay Kocak <koobs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r377282 - in head/security/suricata: . files Message-ID: <201501180712.t0I7CbgC052161@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: koobs Date: Sun Jan 18 07:12:37 2015 New Revision: 377282 URL: https://svnweb.freebsd.org/changeset/ports/377282 QAT: https://qat.redports.org/buildarchive/r377282/ Log: security/suricata: Update to 2.0.6, add lots of OPTIONS - Update to 2.0.6 - Update pkg-plist - Add LICENSE_FILE - Add OPTIONS for: * LUA scripting support * LUAjit scripting support * Suricata socket client - Fix a reverse logic bug for JSON option - Suricata links to nspr as a dependent of nss, add it to LIB_DEPENDS - Create LOGS_DIR post-install - Add patch to fix upstream issue 1353 [1] [1] https://redmine.openinfosecfoundation.org/issues/1353 PR: 196801 Submitted by: cheffo freebsd-bg org (with changes) Added: head/security/suricata/files/patch-scripts_suricatasc_suricatasc.in (contents, props changed) Modified: head/security/suricata/Makefile head/security/suricata/distinfo head/security/suricata/pkg-plist Modified: head/security/suricata/Makefile ============================================================================== --- head/security/suricata/Makefile Sun Jan 18 01:56:39 2015 (r377281) +++ head/security/suricata/Makefile Sun Jan 18 07:12:37 2015 (r377282) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= suricata -PORTVERSION= 2.0.5 +PORTVERSION= 2.0.6 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ \ http://mirrors.rit.edu/zi/ @@ -11,6 +11,7 @@ MAINTAINER= koobs@FreeBSD.org COMMENT= High Performance Network IDS, IPS and Security Monitoring engine LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libpcre.so:${PORTSDIR}/devel/pcre \ libnet.so:${PORTSDIR}/net/libnet \ @@ -24,18 +25,25 @@ GNU_CONFIGURE= yes INSTALL_TARGET= install-strip PATHFIX_MAKEFILEIN= Makefile.am -OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE TESTS +OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE SC TESTS OPTIONS_DEFAULT= HTP_PORT IPFW PRELUDE +OPTIONS_RADIO= SCRIPTS +OPTIONS_RADIO_SCRIPTS= LUA LUAJIT OPTIONS_SUB= yes -GEOIP_DESC= Enable GeoIP support +SCRIPTS_DESC= Scripting + +GEOIP_DESC= GeoIP support HTP_PORT_DESC= Use libhtp from ports -IPFW_DESC= Enable IPFW and IP Divert support for inline IDP -JSON_DESC= Enable JSON output -NSS_DESC= Enable file checksums and SSL/TLS fingerprinting +IPFW_DESC= IPFW and IP Divert support for inline IDP +JSON_DESC= JSON output support +LUA_DESC= LUA scripting support +LUAJIT_DESC= LuaJIT scripting support +NSS_DESC= File checksums and SSL/TLS fingerprinting PORTS_PCAP_DESC= Use libpcap from ports -PRELUDE_DESC= Enable Prelude support for NIDS alerts -TESTS_DESC= Build Unit Tests +PRELUDE_DESC= Prelude support for NIDS alerts +SC_DESC= Suricata socket client (suricatasc) +TESTS_DESC= Unit tests in suricata binary GEOIP_LIB_DEPENDS= libGeoIP.so:${PORTSDIR}/net/GeoIP GEOIP_CONFIGURE_ON= --enable-geoip @@ -59,12 +67,27 @@ PRELUDE_CONFIGURE_ENABLE= prelude PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} JSON_LIB_DEPENDS= libjansson.so:${PORTSDIR}/devel/jansson -JSON_CONFIGURE_OFF= --with-libjansson-includes=${LOCALBASE}/include \ +JSON_CONFIGURE_ON= --with-libjansson-includes=${LOCALBASE}/include \ --with-libjansson-libraries=${LOCALBASE}/lib -NSS_LIB_DEPENDS= libnss3.so:${PORTSDIR}/security/nss +LUA_USES= lua:51 +LUA_CONFIGURE_ON= --enable-lua \ + --with-liblua-includes=${LUA_INCDIR} \ + --with-liblua-libraries=${LUA_LIBDIR} + +LUAJIT_LIB_DEPENDS= libluajit-5.1.so:${PORTSDIR}/lang/luajit +LUAJIT_CONFIGURE_ON= --enable-luajit + +NSS_LIB_DEPENDS= libnss3.so:${PORTSDIR}/security/nss \ + libnspr4.so:${PORTSDIR}/devel/nspr NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \ - --with-libnss-libraries=${LOCALBASE}/lib/nss \ + --with-libnss-libraries=${LOCALBASE}/lib \ + --with-libnspr-libraries=${LOCALBASE}/lib \ + --with-libnspr-includes=${LOCALBASE}/include/nspr + +SC_USES= python +SC_CONFIGURE_ENV= ac_cv_path_HAVE_PYTHON_CONFIG=yes +SC_CONFIGURE_ENV_OFF= ac_cv_path_HAVE_PYTHON_CONFIG=no TESTS_CONFIGURE_ENABLE= unittests @@ -80,7 +103,6 @@ CONFIGURE_ARGS+=--enable-gccprotect \ --with-libhtp-includes=${LOCALBASE}/include/ \ --with-libhtp-libraries=${LOCALBASE}/lib \ --localstatedir=/var/ -CONFIGURE_ENV+= ac_cv_path_HAVE_PYTHON_CONFIG=no LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config CONFIG_DIR?= ${ETCDIR} @@ -98,19 +120,25 @@ BROKEN= Does not compile on ia64, power pre-patch: ${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 -pre-install: - @${REINPLACE_CMD} -e 's|/etc/suricata|${CONFIG_DIR}|g' ${WRKSRC}/suricata.yaml - post-install: ${MKDIR} ${STAGEDIR}${CONFIG_DIR} ${MKDIR} ${STAGEDIR}${RULES_DIR} + ${MKDIR} ${STAGEDIR}${LOGS_DIR} + .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample .endfor + .for f in ${RULES_FILES} ${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f} .endfor +.if ${PORT_OPTIONS:MSC} + (cd ${STAGEDIR}${PREFIX} \ + && ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \ + -d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;}) +.endif + TMPDIR?= /tmp TESTDIR= ${TMPDIR}/${PORTNAME} Modified: head/security/suricata/distinfo ============================================================================== --- head/security/suricata/distinfo Sun Jan 18 01:56:39 2015 (r377281) +++ head/security/suricata/distinfo Sun Jan 18 07:12:37 2015 (r377282) @@ -1,2 +1,2 @@ -SHA256 (suricata-2.0.5.tar.gz) = 57b1120e91bd4e348e1a4cee9eb7b197d05fc25169e062f1a11f5dd4b9322c60 -SIZE (suricata-2.0.5.tar.gz) = 3090118 +SHA256 (suricata-2.0.6.tar.gz) = e833e35ea3b6029bbdef81660af22e8f563494eac85d97618d761ce1b69c78ec +SIZE (suricata-2.0.6.tar.gz) = 3090886 Added: head/security/suricata/files/patch-scripts_suricatasc_suricatasc.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/suricata/files/patch-scripts_suricatasc_suricatasc.in Sun Jan 18 07:12:37 2015 (r377282) @@ -0,0 +1,11 @@ +--- scripts/suricatasc/suricatasc.in.orig 2014-12-19 17:49:20.651663649 +0200 ++++ scripts/suricatasc/suricatasc.in 2014-12-19 17:49:59.921665563 +0200 +@@ -24,7 +24,7 @@ + args = parser.parse_args() + + if args.socket != None: +- SOCKET_PATH = "@e_localstatedir@/" + args.socket[0] ++ SOCKET_PATH = args.socket + else: + SOCKET_PATH = "@e_localstatedir@/suricata-command.socket" + Modified: head/security/suricata/pkg-plist ============================================================================== --- head/security/suricata/pkg-plist Sun Jan 18 01:56:39 2015 (r377281) +++ head/security/suricata/pkg-plist Sun Jan 18 07:12:37 2015 (r377282) @@ -1,4 +1,5 @@ bin/suricata +%%SC%%bin/suricatasc %%DOCSDIR%%/AUTHORS %%DOCSDIR%%/Basic_Setup.txt %%DOCSDIR%%/CentOS5.txt @@ -49,14 +50,24 @@ bin/suricata %%NO_HTP_PORT%%lib/libhtp.a %%NO_HTP_PORT%%lib/libhtp.so %%NO_HTP_PORT%%libdata/pkgconfig/htp.pc -@sample etc/suricata/suricata.yaml.sample -@sample etc/suricata/classification.config.sample -@sample etc/suricata/reference.config.sample -etc/suricata/rules/decoder-events.rules -etc/suricata/rules/dns-events.rules -etc/suricata/rules/files.rules -etc/suricata/rules/http-events.rules -etc/suricata/rules/smtp-events.rules -etc/suricata/rules/stream-events.rules -etc/suricata/rules/tls-events.rules +%%NO_HTP_PORT%%@dir include/htp +%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc-0.9-py%%PYTHON_VER%%.egg-info +%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py +%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc +%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.py +%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.pyc +@sample %%ETCDIR%%/suricata.yaml.sample +@sample %%ETCDIR%%/classification.config.sample +@sample %%ETCDIR%%/reference.config.sample +%%ETCDIR%%/rules/decoder-events.rules +%%ETCDIR%%/rules/dns-events.rules +%%ETCDIR%%/rules/files.rules +%%ETCDIR%%/rules/http-events.rules +%%ETCDIR%%/rules/smtp-events.rules +%%ETCDIR%%/rules/stream-events.rules +%%ETCDIR%%/rules/tls-events.rules @dir etc/suricata/rules +@dir etc/suricata +@dir(root,wheel,0700) /var/log/suricata +@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove any configuration files left."; fi +@dir %%DOCSDIR%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501180712.t0I7CbgC052161>