Created attachment 146629 [details] patch for the port suricata 2.0.3 This patch add knobs so administrators can build suricata with 1) JSON support 2) GeoIP support 3) Bundled libhtp The patch does not change default settings.
Pending review
portlint output: WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}". WARN: Makefile: possible use of absolute pathname "/tmp". 0 fatal errors and 2 warnings found. (same as original port) FATAL: /usr/local/poudriere/data/build/10amd64-default/ref/usr/ports/local/suricata/pkg-plist: [51]: installing pkg-config files into lib/pkgconfig. All pkg-config files must be installed into libdata/pkgconfig for them to be found by pkg-config. WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}". WARN: Makefile: possible use of absolute pathname "/tmp". FATAL: Makefile: category "local" must be listed first 2 fatal errors and 2 warnings found. Hm I'm not sure from where this pkg issue come, but will look into it.
FYI: Second issue is: FATAL: Makefile: category "local" must be listed first But this is because of my environment e.g. I keep modified ports in local/
Created attachment 146636 [details] new patch This patch resolves the fatal issue reported from poudriere testport.
Great job! If you could enumerate your changes (like a proposed "commit log") so I (and others) can understand the changes and their intent, that would be great ... Eg: cat/port: Change summary - Did this because blah - Did that that because blah (portlint) - Add FOO, BAR and BAZ support - Make blah optional It's also great practice for your future contributions
Will something like this work: security/suricata: Change summary - Added JSON knob - this allows Suricata to be compiled with JSON output support - Added GEOIP knob - this allows Suricata to support rules with geoip word - Added HTP_PORT knob - this make the use of www/libhtp-suricata optional. E.g. user can choose between build-in and port version. Default behavior is not changed.
Created attachment 147629 [details] Patch to bring suricata to version 2.0.4 security/suricata Upgrade Suricata-IDS to version 2.0.4 Bugfixes: Bug #1276: ipv6 defrag issue with routing headers Bug #1278: ssh banner parser issue Bug #1254: sig parsing crash on malformed rev keyword Bug #1267: issue with ipv6 logging Bug #1273: Lua – http.request_line not working Bug #1284: AF_PACKET IPS mode not logging drops and stream inline issue Security: CVE-2014-6603 portlint output: WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}". WARN: Makefile: possible use of absolute pathname "/tmp". poudrirere testport suricata-2.0.4.portlint.log output: WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}". WARN: Makefile: possible use of absolute pathname "/tmp". 0 fatal error and 2 warnings found.
Created attachment 148029 [details] poudriere testport output Attached poudriere testport log. I guess you need this to continue?
oops - looks like I hit some bug. Please do not commit. Sorry. I'm going to investigate first whether something change in my environment or the patch introduced a bug.
False alarm :) It looks like I messed up with my local environment. The port is working as expected. Please commit if you are happy with the patch and the test results. suricata --build-info This is Suricata version 2.0.4 RELEASE Features: IPFW PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 HAVE_PACKET_FANOUT LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT SIMD support: none Atomic intrisics: 1 2 4 8 byte(s) 64-bits, Little-endian architecture GCC version 4.2.1 Compatible FreeBSD Clang 3.3 (tags/RELEASE_33/final 183502), C version 199901 compiled with -fstack-protector compiled with _FORTIFY_SOURCE=2 L1 cache line size (CLS)=64 compiled with LibHTP v0.5.15, linked against LibHTP v0.5.15 Suricata Configuration: AF_PACKET support: no PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: yes DAG enabled: no Napatech enabled: no Unix socket enabled: no Detection enabled: yes libnss support: no libnspr support: no libjansson support: no Prelude support: yes PCRE jit: yes LUA support: no libluajit: no libgeoip: no Non-bundled htp: yes Old barnyard2 support: no CUDA enabled: no Suricatasc install: no Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: no Profiling locks enabled: no Coccinelle / spatch: no Generic build parameters: Installation prefix (--prefix): /usr/local Configuration directory (--sysconfdir): /usr/local/etc/suricata/ Log directory (--localstatedir) : /var/log/suricata/ Host: amd64-portbld-freebsd10.0 GCC binary: cc GCC Protect enabled: yes GCC march native enabled: yes GCC Profile enabled: no
FYI: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6603
Greetings, Here are redports logs: https://redports.org/~cheffo/20141111124201-60113-254423/suricata-2.0.4.log https://redports.org/~cheffo/20141111124201-60113-254420/suricata-2.0.4.log https://redports.org/buildarchive/20141111124201-60113/
A commit references this bug: Author: garga Date: Tue Nov 11 15:57:54 UTC 2014 New revision: 372453 URL: https://svnweb.freebsd.org/changeset/ports/372453 Log: - Update suricata to 2.0.4 [1] - Added JSON knob - this allows Suricata to be compiled with JSON output support - Added GEOIP knob - this allows Suricata to support rules with geoip word - Added HTP_PORT knob - this make the use of www/libhtp-suricata optional. E.g. user can choose between build-in and port version. - Unbreak PLIST renaming sample files from -sample to .sample PR: 193220 [1] Submitted by: cheffo [1] Approved by: maintainer timeout (> 2 months) Security: CVE-2014-6603 Changes: head/security/suricata/Makefile head/security/suricata/distinfo head/security/suricata/pkg-plist
Thanks Renato!