From owner-svn-ports-all@freebsd.org Mon Apr 2 00:01:14 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9F2DF84E9E; Mon, 2 Apr 2018 00:01:14 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 775E68443B; Mon, 2 Apr 2018 00:01:14 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7085261A8; Mon, 2 Apr 2018 00:01:14 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3201ExK055733; Mon, 2 Apr 2018 00:01:14 GMT (envelope-from yuri@FreeBSD.org) Received: (from yuri@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3201ESS055730; Mon, 2 Apr 2018 00:01:14 GMT (envelope-from yuri@FreeBSD.org) Message-Id: <201804020001.w3201ESS055730@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: yuri set sender to yuri@FreeBSD.org using -f From: Yuri Victorovich Date: Mon, 2 Apr 2018 00:01:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r466193 - in head/security/suricata: . files X-SVN-Group: ports-head X-SVN-Commit-Author: yuri X-SVN-Commit-Paths: in head/security/suricata: . files X-SVN-Commit-Revision: 466193 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Apr 2018 00:01:15 -0000 Author: yuri Date: Mon Apr 2 00:01:13 2018 New Revision: 466193 URL: https://svnweb.freebsd.org/changeset/ports/466193 Log: security/suricata: Update 4.0.3 -> 4.0.4 Port changes: * Change to DISTVERSION * Removed HTP_PORT from defaultoptions * Add NSS_CONFIGURE_OFF * Add command silencing I also noticed that it still links to libjansson when JSON=off. This is because it auto-finds it. Requested the upstream to add --disable-{option} flags: https://redmine.openinfosecfoundation.org/issues/2473 PR: 226512 Submitted by: Franco Fichtner (maintainer, original version) Submitted by: Renato Botelho (final version) Approved by: Franco Fichtner (maintainer) Added: head/security/suricata/files/patch-disable_nss_nspr (contents, props changed) Modified: head/security/suricata/Makefile head/security/suricata/distinfo Modified: head/security/suricata/Makefile ============================================================================== --- head/security/suricata/Makefile Sun Apr 1 23:56:30 2018 (r466192) +++ head/security/suricata/Makefile Mon Apr 2 00:01:13 2018 (r466193) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= suricata -PORTVERSION= 4.0.3 +DISTVERSION= 4.0.4 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ @@ -30,7 +30,7 @@ TEST_TARGET= check OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \ REDIS SC TESTS OPTIONS_DEFINE_amd64= HYPERSCAN -OPTIONS_DEFAULT= HTP_PORT IPFW JSON NETMAP PRELUDE +OPTIONS_DEFAULT= IPFW JSON NETMAP PRELUDE OPTIONS_SUB= yes OPTIONS_RADIO= SCRIPTS @@ -83,6 +83,7 @@ LUAJIT_CONFIGURE_ON= --enable-luajit NSS_LIB_DEPENDS= libnss3.so:security/nss \ libnspr4.so:devel/nspr +NSS_CONFIGURE_OFF= --disable-nss --disable-nspr NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \ --with-libnss-libraries=${LOCALBASE}/lib \ --with-libnspr-libraries=${LOCALBASE}/lib \ @@ -136,12 +137,12 @@ RULES_FILES= app-layer-events.rules decoder-events.rul LOGS_DIR?= /var/log/${PORTNAME} pre-patch: - ${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 + @${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 post-install: - ${MKDIR} ${STAGEDIR}${CONFIG_DIR} - ${MKDIR} ${STAGEDIR}${RULES_DIR} - ${MKDIR} ${STAGEDIR}${LOGS_DIR} + @${MKDIR} ${STAGEDIR}${CONFIG_DIR} + @${MKDIR} ${STAGEDIR}${RULES_DIR} + @${MKDIR} ${STAGEDIR}${LOGS_DIR} .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample .endfor Modified: head/security/suricata/distinfo ============================================================================== --- head/security/suricata/distinfo Sun Apr 1 23:56:30 2018 (r466192) +++ head/security/suricata/distinfo Mon Apr 2 00:01:13 2018 (r466193) @@ -1,3 +1,3 @@ -TIMESTAMP = 1512569305 -SHA256 (suricata-4.0.3.tar.gz) = 81a0bcb10b5c0b00efeafb4aac3ef70bf0e36b060ac6300d867f15f3dbe0e437 -SIZE (suricata-4.0.3.tar.gz) = 12392388 +TIMESTAMP = 1522066170 +SHA256 (suricata-4.0.4.tar.gz) = 617e83b6e20b03aa7d5e05a980d3cb6d2810ec18a6f15a36bf66c81c9c0a2abb +SIZE (suricata-4.0.4.tar.gz) = 12511121 Added: head/security/suricata/files/patch-disable_nss_nspr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/suricata/files/patch-disable_nss_nspr Mon Apr 2 00:01:13 2018 (r466193) @@ -0,0 +1,169 @@ +From 2bd73173674843695cb3e44666f233697a64b6a0 Mon Sep 17 00:00:00 2001 +From: Renato Botelho +Date: Thu, 22 Mar 2018 11:02:42 -0300 +Subject: [PATCH] configure: allow to disable libnss and libnspr + +Let user chose to disable libnss and libnspr support even if these +libraries are installed in the system. Default remains to enable when +libraries are found and disable parameter were not used +--- + configure.ac | 122 ++++++++++++++++++++++++++++++----------------------------- + 1 file changed, 63 insertions(+), 59 deletions(-) + +diff --git configure.ac configure.ac +index 278f408940..1e3a467406 100644 +--- configure.ac ++++ configure.ac +@@ -1586,15 +1586,8 @@ + fi + + # libnspr +- enable_nspr="no" +- +- # Try pkg-config first: +- PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no]) +- if test "$with_pkgconfig_nspr" != "no"; then +- CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}" +- LIBS="${LIBS} ${libnspr_LIBS}" +- fi +- ++ AC_ARG_ENABLE(nspr, ++ AS_HELP_STRING([--disable-nspr],[Disable libnspr support])) + AC_ARG_WITH(libnspr_includes, + [ --with-libnspr-includes=DIR libnspr include directory], + [with_libnspr_includes="$withval"],[with_libnspr_includes=no]) +@@ -1602,41 +1595,43 @@ + [ --with-libnspr-libraries=DIR libnspr library directory], + [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"]) + +- if test "$with_libnspr_includes" != "no"; then +- CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}" +- fi ++ if test "$enable_nspr" != "no"; then ++ # Try pkg-config first: ++ PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no]) ++ if test "$with_pkgconfig_nspr" != "no"; then ++ CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}" ++ LIBS="${LIBS} ${libnspr_LIBS}" ++ fi + +- AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no") +- if test "$NSPR" = "yes"; then +- if test "$with_libnspr_libraries" != "no"; then +- LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}" +- fi ++ if test "$with_libnspr_includes" != "no"; then ++ CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}" ++ fi + +- AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no") ++ AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no") ++ if test "$NSPR" = "yes"; then ++ if test "$with_libnspr_libraries" != "no"; then ++ LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}" ++ fi + +- if test "$NSPR" = "no"; then +- echo +- echo " ERROR! libnspr library not found, go get it" +- echo " from Mozilla or your distribution:" +- echo +- echo " Ubuntu: apt-get install libnspr4-dev" +- echo " Fedora: yum install nspr-devel" +- echo +- exit 1 +- fi +- enable_nspr="yes" ++ AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no") ++ ++ if test "$NSPR" = "no"; then ++ echo ++ echo " ERROR! libnspr library not found, go get it" ++ echo " from Mozilla or your distribution:" ++ echo ++ echo " Ubuntu: apt-get install libnspr4-dev" ++ echo " Fedora: yum install nspr-devel" ++ echo ++ exit 1 ++ fi ++ enable_nspr="yes" ++ fi + fi + + # libnss +- enable_nss="no" +- +- # Try pkg-config first: +- PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no]) +- if test "$with_pkgconfig_nss" != "no"; then +- CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}" +- LIBS="${LIBS} ${libnss_LIBS}" +- fi +- ++ AC_ARG_ENABLE(nss, ++ AS_HELP_STRING([--disable-nss],[Disable libnss support])) + AC_ARG_WITH(libnss_includes, + [ --with-libnss-includes=DIR libnss include directory], + [with_libnss_includes="$withval"],[with_libnss_includes=no]) +@@ -1644,31 +1639,40 @@ + [ --with-libnss-libraries=DIR libnss library directory], + [with_libnss_libraries="$withval"],[with_libnss_libraries="no"]) + +- if test "$with_libnss_includes" != "no"; then +- CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}" +- fi ++ if test "$enable_nss" != "no"; then ++ # Try pkg-config first: ++ PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no]) ++ if test "$with_pkgconfig_nss" != "no"; then ++ CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}" ++ LIBS="${LIBS} ${libnss_LIBS}" ++ fi + +- AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no") +- if test "$NSS" = "yes"; then +- if test "$with_libnss_libraries" != "no"; then +- LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}" +- fi ++ if test "$with_libnss_includes" != "no"; then ++ CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}" ++ fi + +- AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no") ++ AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no") ++ if test "$NSS" = "yes"; then ++ if test "$with_libnss_libraries" != "no"; then ++ LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}" ++ fi + +- if test "$NSS" = "no"; then +- echo +- echo " ERROR! libnss library not found, go get it" +- echo " from Mozilla or your distribution:" +- echo +- echo " Ubuntu: apt-get install libnss3-dev" +- echo " Fedora: yum install nss-devel" +- echo +- exit 1 +- fi ++ AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no") ++ ++ if test "$NSS" = "no"; then ++ echo ++ echo " ERROR! libnss library not found, go get it" ++ echo " from Mozilla or your distribution:" ++ echo ++ echo " Ubuntu: apt-get install libnss3-dev" ++ echo " Fedora: yum install nss-devel" ++ echo ++ exit 1 ++ fi + +- AC_DEFINE([HAVE_NSS],[1],[libnss available for md5]) +- enable_nss="yes" ++ AC_DEFINE([HAVE_NSS],[1],[libnss available for md5]) ++ enable_nss="yes" ++ fi + fi + + # libmagic