Date: Sat, 23 Aug 2014 12:08:16 +0000 (UTC) From: Kubilay Kocak <koobs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r365723 - in head/security/suricata: . files Message-ID: <201408231208.s7NC8GJv079086@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: koobs Date: Sat Aug 23 12:08:16 2014 New Revision: 365723 URL: http://svnweb.freebsd.org/changeset/ports/365723 QAT: https://qat.redports.org/buildarchive/r365723/ Log: security/suricata: Update to 2.0.3, Modernize Now that libprelude is safe from EXPIRE and has been staged [1], and devel/libhtp now *actually* links against libiconv even though autoconf detection was fine [2] ... Have fun! - Update to 2.0.3 - Switch libhtp to the upstream version port (devel/libhtp) - Use USES=libtool - Use OPTIONS helpers and other OPTIONS_* goodies - Sort USE(S)* section - Deprecate USE_AUTOTOOLS (USES instead) - Deprecate AUTOMAKE_ARGS, ACLOCAL_ARGS (no longer necessary) - Update COMMENT - Add m4 macro for checking compiler flags and add relevent check to configure.ac. Our GCC doesn't like -Wno-error=unused-result and upstreams configure bits arent as portable as they could be. [1] http://svnweb.freebsd.org/changeset/ports/365562 [2] http://svnweb.freebsd.org/changeset/ports/364955 Requested by: many Added: head/security/suricata/files/ax_check_compile_flag.m4 (contents, props changed) head/security/suricata/files/patch-configure.ac (contents, props changed) Modified: head/security/suricata/Makefile head/security/suricata/distinfo Modified: head/security/suricata/Makefile ============================================================================== --- head/security/suricata/Makefile Sat Aug 23 11:49:45 2014 (r365722) +++ head/security/suricata/Makefile Sat Aug 23 12:08:16 2014 (r365723) @@ -2,49 +2,59 @@ # $FreeBSD$ PORTNAME= suricata -PORTVERSION= 1.4.6 -PORTREVISION= 3 +PORTVERSION= 2.0.3 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ \ http://mirrors.rit.edu/zi/ MAINTAINER= koobs@FreeBSD.org -COMMENT= Open Source next generation IDS/IPS engine by OISF +COMMENT= High Performance Network IDS, IPS and Security Monitoring engine LICENSE= GPLv2 -LIB_DEPENDS= libpcre.so:${PORTSDIR}/devel/pcre \ - libhtp.so:${PORTSDIR}/www/libhtp-suricata \ - libnet.so:${PORTSDIR}/net/libnet \ +LIB_DEPENDS= libpcre.so:${PORTSDIR}/devel/pcre \ + libhtp.so:${PORTSDIR}/devel/libhtp \ + libnet.so:${PORTSDIR}/net/libnet \ libyaml.so:${PORTSDIR}/textproc/libyaml OPTIONS_DEFINE= IPFW PRELUDE PORTS_PCAP TESTS -OPTIONS_DEFAULT=IPFW +OPTIONS_DEFAULT=IPFW PRELUDE +OPTIONS_SUB= yes IPFW_DESC= Enable IPFW and IP Divert support for inline IDP PRELUDE_DESC= Enable Prelude support for NIDS alerts PORTS_PCAP_DESC=Use libpcap from ports TESTS_DESC= Enable unit tests in suricata binary -USE_AUTOTOOLS= autoconf libtool +USES= gmake pkgconfig libtool +USE_AUTOTOOLS= aclocal autoconf automake USE_LDCONFIG= yes USE_RC_SUBR= ${PORTNAME} -USES= gmake pkgconfig + GNU_CONFIGURE= yes -.include <bsd.port.options.mk> +IPFW_CONFIGURE_ON= --enable-ipfw +PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \ + --with-libpcap-libraries=${LOCALBASE}/lib +PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \ + --with-libpcap-libraries=/usr/lib +PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap +PRELUDE_LIB_DEPENDS= libprelude.so:${PORTSDIR}/security/libprelude +PRELUDE_CONFIGURE_ENABLE= prelude +PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} +TESTS_CONFIGURE_ENABLE= unittests SUB_FILES= pkg-message -CONFIGURE_ARGS+=--enable-non-bundled-htp --enable-gccprotect \ - --with-libpcre-includes=${LOCALBASE}/include \ - --with-libpcre-libraries=${LOCALBASE}/lib \ - --with-libyaml-includes=${LOCALBASE}/include \ - --with-libyaml-libraries=${LOCALBASE}/lib \ - --with-libnet-includes=${LOCALBASE}/include/libnet11 \ - --with-libnet-libraries=${LOCALBASE}/lib/libnet11 \ - --with-libhtp-includes=${LOCALBASE}/include/ \ - --with-libhtp-libraries=${LOCALBASE}/lib \ +CONFIGURE_ARGS+=--enable-non-bundled-htp --enable-gccprotect \ + --with-libpcre-includes=${LOCALBASE}/include \ + --with-libpcre-libraries=${LOCALBASE}/lib \ + --with-libyaml-includes=${LOCALBASE}/include \ + --with-libyaml-libraries=${LOCALBASE}/lib \ + --with-libnet-includes=${LOCALBASE}/include/libnet11 \ + --with-libnet-libraries=${LOCALBASE}/lib/libnet11 \ + --with-libhtp-includes=${LOCALBASE}/include/ \ + --with-libhtp-libraries=${LOCALBASE}/lib \ --localstatedir=/var/ CONFIGURE_ENV+= ac_cv_path_HAVE_PYTHON_CONFIG=no @@ -60,31 +70,8 @@ LOGS_DIR?= /var/log/${PORTNAME} BROKEN= Does not compile on ia64, powerpc, or sparc64 .endif -.if ${PORT_OPTIONS:MPRELUDE} -LIB_DEPENDS+= libprelude.so:${PORTSDIR}/security/libprelude -CONFIGURE_ARGS+= --enable-prelude \ - --with-libprelude-prefix=${LOCALBASE} -PLIST_SUB+= PRELUDE="" -.endif - -.if ${PORT_OPTIONS:MIPFW} -CONFIGURE_ARGS+= --enable-ipfw -.endif - -.if ${PORT_OPTIONS:MPORTS_PCAP} -LIB_DEPENDS+= libpcap.so:${PORTSDIR}/net/libpcap -CONFIGURE_ARGS+= --with-libpcap-includes=${LOCALBASE}/include \ - --with-libpcap-libraries=${LOCALBASE}/lib -.else -CONFIGURE_ARGS+= --with-libpcap-includes=/usr/include \ - --with-libpcap-libraries=/usr/lib -.endif - -.if ${PORT_OPTIONS:MTESTS} -CONFIGURE_ARGS+= --enable-unittests -.else -CONFIGURE_ARGS+= --disable-unittests -.endif +pre-patch: + ${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 pre-install: @${REINPLACE_CMD} -e 's|/etc/suricata|${CONFIG_DIR}|g' ${WRKSRC}/suricata.yaml Modified: head/security/suricata/distinfo ============================================================================== --- head/security/suricata/distinfo Sat Aug 23 11:49:45 2014 (r365722) +++ head/security/suricata/distinfo Sat Aug 23 12:08:16 2014 (r365723) @@ -1,2 +1,2 @@ -SHA256 (suricata-1.4.6.tar.gz) = 5cf5d76dd63d06b993912301edc8afa06f886d0b68740239cc7df49b00800f8e -SIZE (suricata-1.4.6.tar.gz) = 2508956 +SHA256 (suricata-2.0.3.tar.gz) = b6e554cbacb925bbcf88dd4554c9222b51b21796c39e198cdf5b0b9cdc1ed383 +SIZE (suricata-2.0.3.tar.gz) = 3083891 Added: head/security/suricata/files/ax_check_compile_flag.m4 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/suricata/files/ax_check_compile_flag.m4 Sat Aug 23 12:08:16 2014 (r365723) @@ -0,0 +1,74 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +# +# DESCRIPTION +# +# Check whether the given FLAG works with the current language's compiler +# or gives an error. (Warnings, however, are ignored) +# +# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +# success/failure. +# +# If EXTRA-FLAGS is defined, it is added to the current language's default +# flags (e.g. CFLAGS) when the check is done. The check is thus made with +# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +# force the compiler to issue an error when a bad flag is given. +# +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de> +# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com> +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 3 + +AC_DEFUN([AX_CHECK_COMPILE_FLAG], +[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX +AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ + ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], + [AS_VAR_SET(CACHEVAR,[yes])], + [AS_VAR_SET(CACHEVAR,[no])]) + _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], + [m4_default([$2], :)], + [m4_default([$3], :)]) +AS_VAR_POPDEF([CACHEVAR])dnl +])dnl AX_CHECK_COMPILE_FLAGS Added: head/security/suricata/files/patch-configure.ac ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/suricata/files/patch-configure.ac Sat Aug 23 12:08:16 2014 (r365723) @@ -0,0 +1,15 @@ +--- ./configure.ac.orig 2014-08-15 21:08:21.104727122 +1000 ++++ ./configure.ac 2014-08-15 21:17:58.786571386 +1000 +@@ -816,8 +816,10 @@ + AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),,[enable_prelude=no]) + # Prelude doesn't work with -Werror + STORECFLAGS="${CFLAGS}" +- CFLAGS="${CFLAGS} -Wno-error=unused-result" +- ++ AX_CHECK_COMPILE_FLAG([-Wno-error=unused-result], ++ [CFLAGS="${CFLAGS} -Wno-error=unused-result"], ++ []) ++ + AS_IF([test "x$enable_prelude" = "xyes"], [ + AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no) + if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408231208.s7NC8GJv079086>