Bug 154514 - security/snort update to snort
Summary: security/snort update to snort
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Cheng-Lung Sung
Depends on:
Reported: 2011-02-04 20:10 UTC by Michael Scheidell
Modified: 2011-02-09 07:00 UTC (History)
0 users

See Also:

file.diff (18.22 KB, patch)
2011-02-04 20:10 UTC, Michael Scheidell
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Scheidell 2011-02-04 20:10:10 UTC
This pr closes:

      security/snort not compiling 

      security/snort misplaced dynamic rules with snortsam

and supersedes http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/153998
      first pass at upgrading snort to Sorry, I tried to add this patch as a comment to that one, but I don't think gnats ever got my email.

this attached patch should replace the one in 153998.

this patch is against current, applies cleanly, fixes the location of the dynamic libs/rules in pr 153224, fixes pr 129321.
this patch takes the previous patch (thanks to Dean Freeman at sourcefire for getting it started) and addresses some issues with the patch.

tested on 7.3 amd64 and 8.1 amd64.  installs and deinstalls cleanly.. creates a clean ports package that can be installed and deinstalled.
adds back in snortsam support (unofficial. not supported by snort/sourcefile.  and this patch isn't the official one from snortsam.net.. yet)

snortsam patch provided by robrob2626@yahoo.com

tested on 7.3 and 8.1 amd64.
Note: have NOT yet tested new ipfw daq, but have tested snortsam/snort combination and it seems to work fine.
snort starts, and will load ipfw daq (as long as you are running root)

further, it fixes the previous patch in that
1 port revision is not bumped
 (it should not be bumped on port major version upgrade)
2 master sites set back to SF
3) options modified, some removed from version
   a flexresp (replaced by flexresp3
   b targetbased and ipv6 off by default (like was)
   c snortsam put back in (it was in, missing in original patch)
   d combined flexresp3 with flexreaction (can't have one without the other)

pre_proc rules now installed.
libnet needed for EVERYTHING, not just flexresp.  needed for DAQ, so conditionals removed.

daq dependency bumped, needs daq 0.5_1 (already in ports) if you don't have it, update your ports tree.

Added build and run depends (needed to build a ports package binary)

snortsam being hosted at secnap.com till it is available from snortsam.net

Makefile changes:

pre-configure: if ! IPV6, edit snort.conf-sample, change ipvar to var, take noamize_ip6/ipcmp6 out of sample conf.

post install: the fix for pr 153224 (I can't figure out what snortsam patch does to conf files, so I just move the affected files, pkg-plist wants them there!)
remove pkg-message-dynamicplugin (not needed.. port won't build without dynamic plugin support anyway)

snort.rc.in:  added in extra_commands reload.  port options build SIGHUP support into snort now.

pkg-plist: add in new binaries new for 286+
fix pr 153998 pkg-plist that was deleting critical files which were parts of other ports, which made portupgrade, make deinstall reinstall fail.

fix pr 153998 pkg-plist that was deleting users custom snort.conf file.
add in removal of sample or untouched preproc_rules.

I did not yet change maintainer from clsung@FreeBSD.org like was in pr 153998.  that is not up to me.

any problems, might check snort-users group, or if problems specific to port, open a pr .  

Several people already using this.

Fix: apply this patch.

Patch attached with submission follows:
How-To-Repeat: snort is a significant upgrade, adds in daq and port libpcap so you can adjust pcap buffer.
Comment 1 Edwin Groothuis freebsd_committer 2011-02-04 20:10:17 UTC
Responsible Changed
From-To: freebsd-ports-bugs->clsung

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2011-02-09 06:50:14 UTC
clsung      2011-02-09 06:50:03 UTC

  FreeBSD ports repository

  Modified files:
    security/snort       Makefile distinfo pkg-plist 
    security/snort/files snort.sh.in 
  Removed files:
    security/snort/files pkg-message-dynamicplugin 
  - Update to [1]
  - pass maintainership to William Freeman <wfreeman_AT_sourcefire dot com>
  Note: This attached patch replaces the one in ports/153998.
        Also fixes the location of the dynamic libs/rules in ports/153224.
  PR:             ports/154514 [1], ports/153998 [2]
  Submitted by:   Michael Scheidell <scheidell_AT_secnap dot net>
  Revision  Changes    Path
  1.128     +107 -67   ports/security/snort/Makefile
  1.67      +4 -6      ports/security/snort/distinfo
  1.2       +0 -12     ports/security/snort/files/pkg-message-dynamicplugin (dead)
  1.6       +2 -1      ports/security/snort/files/snort.sh.in
  1.35      +27 -21    ports/security/snort/pkg-plist
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Cheng-Lung Sung freebsd_committer 2011-02-09 06:50:39 UTC
State Changed
From-To: open->closed

Committed. Thank You.