Date: Sun, 14 Jun 2015 19:31:21 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r389648 - in head/security/pulledpork: . files Message-ID: <201506141931.t5EJVLpb084388@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Sun Jun 14 19:31:20 2015 New Revision: 389648 URL: https://svnweb.freebsd.org/changeset/ports/389648 Log: - update to upstream svn r269 - use pkg-plist Added: head/security/pulledpork/files/patch-etc__pulledpork.conf - copied, changed from r389647, head/security/pulledpork/files/patch-so_rules.diff head/security/pulledpork/files/patch-pulledpork.pl (contents, props changed) head/security/pulledpork/pkg-plist (contents, props changed) Deleted: head/security/pulledpork/files/patch-so_rules.diff Modified: head/security/pulledpork/Makefile Modified: head/security/pulledpork/Makefile ============================================================================== --- head/security/pulledpork/Makefile Sun Jun 14 18:14:35 2015 (r389647) +++ head/security/pulledpork/Makefile Sun Jun 14 19:31:20 2015 (r389648) @@ -3,6 +3,7 @@ PORTNAME= pulledpork PORTVERSION= 0.7.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= GOOGLE_CODE @@ -16,53 +17,40 @@ RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${POR p5-libwww>=0:${PORTSDIR}/www/p5-libwww NO_BUILD= yes -USES= perl5 +USES= perl5 shebangfix USE_PERL5= run - -PLIST_FILES= bin/pulledpork.pl \ - %%ETCDIR%%/disablesid.conf.sample \ - %%ETCDIR%%/dropsid.conf.sample \ - %%ETCDIR%%/enablesid.conf.sample \ - %%ETCDIR%%/modifysid.conf.sample \ - %%ETCDIR%%/pulledpork.conf.sample \ - %%DATADIR%%/README.CONTRIB \ - %%DATADIR%%/oink-conv.pl +SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl SUB_FILES= pkg-message OPTIONS_DEFINE= DOCS - .include <bsd.port.options.mk> -PORTDOCS= README README.CATEGORIES README.CHANGES README.RULESET README.SHAREDOBJECTS - post-patch: - @${REINPLACE_CMD} -e "s|/usr/bin/perl|${PERL}|" ${WRKSRC}/pulledpork.pl @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ -e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \ -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ ${WRKSRC}/etc/pulledpork.conf - @${REINPLACE_CMD} -e "s| /usr/bin/perl|${PERL}|" ${WRKSRC}/contrib/oink-conv.pl do-install: - @${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin @${MKDIR} -m 750 ${STAGEDIR}${ETCDIR} # pulledpork.conf contains the snort user registration key, do not install world readable - @${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample + ${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample @${MKDIR} ${STAGEDIR}${DATADIR} - @${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} - @${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} + ${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} @${MKDIR} ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} .include <bsd.port.mk> Copied and modified: head/security/pulledpork/files/patch-etc__pulledpork.conf (from r389647, head/security/pulledpork/files/patch-so_rules.diff) ============================================================================== --- head/security/pulledpork/files/patch-so_rules.diff Sun Jun 14 18:14:35 2015 (r389647, copy source) +++ head/security/pulledpork/files/patch-etc__pulledpork.conf Sun Jun 14 19:31:20 2015 (r389648) @@ -1,41 +1,38 @@ -Index: etc/pulledpork.conf -=================================================================== ---- etc/pulledpork.conf (revision 268) -+++ etc/pulledpork.conf (working copy) -@@ -121,12 +121,12 @@ +--- etc/pulledpork.conf.orig 2013-09-11 21:01:05 UTC ++++ etc/pulledpork.conf +@@ -121,14 +121,14 @@ config_path=/usr/local/etc/snort/snort.c # Define your distro, this is for the precompiled shared object libs! # Valid Distro Types: -# Debian-5-0, Debian-6-0, -# Ubuntu-8.04, Ubuntu-10-4 -# Centos-4-8, Centos-5-4 -+# Debian-6-0, -+# Ubuntu-10-4, Ubuntu-12-04 -+# Centos-5-4 ++# Debian-6-0, Ubuntu-10-4 ++# Ubuntu-12-04, Centos-5-4 # FC-12, FC-14, RHEL-5-5, RHEL-6-0 -# FreeBSD-7-3, FreeBSD-8-1 -# OpenBSD-4-8 -+# FreeBSD-8-1, FreeBSD-9-0 -+# OpenBSD-4-8, OpenBSD-5-2, OpenBSD-5-3 ++# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 ++# OpenBSD-5-2, OpenBSD-5-3 ++# OpenSUSE-11-4, OpenSUSE-12-1 # Slackware-13-1 - distro=FreeBSD-8.1 +-distro=FreeBSD-8.1 ++distro=FreeBSD-10-0 -Index: pulledpork.pl -=================================================================== ---- pulledpork.pl (revision 268) -+++ pulledpork.pl (working copy) -@@ -144,10 +144,10 @@ - -D What Distro are you running on, for the so_rules - For latest supported options see http://www.snort.org/snort-rules/shared-object-rules - Valid Distro Types: -- Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 -- Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-7-3, FreeBSD-8-1 -- OpenBSD-4-8 -+ Debian-6-0, Ubuntu-10-4, Ubuntu-12-04 -+ Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 -+ FreeBSD-8-1, FreeBSD-9-0 -+ OpenBSD-4-8, OpenBSD-5-2, OpenBSD-5-3 - Slackware-13-1 - -e Where the enablesid config file lives. - -E Write ONLY the enabled rules to the output files. + ####### This next section is optional, but probably pretty useful to you. + ####### Please read thoroughly! +@@ -187,7 +187,7 @@ snort_control=/usr/local/bin/snort_contr + # This value MUST contain all 4 minor version + # numbers. ET rules are now also dependant on this, verify supported ET versions + # prior to simply throwing rubbish in this variable kthx! +-# snort_version=2.9.0.0 ++# snort_version=2.9.7.3 + + # Here you can specify what rule modification files to run automatically. + # simply uncomment and specify the apt path. +@@ -206,4 +206,4 @@ snort_control=/usr/local/bin/snort_contr + ####### need to process so_rules, simply comment out the so_rule section + ####### you can also specify -T at runtime to process only GID 1 rules. + +-version=0.7.0 ++version=0.7.1 Added: head/security/pulledpork/files/patch-pulledpork.pl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pulledpork/files/patch-pulledpork.pl Sun Jun 14 19:31:20 2015 (r389648) @@ -0,0 +1,141 @@ +--- pulledpork.pl.orig 2015-06-01 19:41:36 UTC ++++ pulledpork.pl +@@ -3,7 +3,7 @@ + ## pulledpork v(whatever it says below!) + ## cummingsj@gmail.com + +-# Copyright (C) 2009-2013 JJ Cummings and the PulledPork Team! ++# Copyright (C) 2009-2014 JJ Cummings and the PulledPork Team! + + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -41,16 +41,17 @@ use Data::Dumper; + + # we are gonna need these! + my ( $oinkcode, $temp_path, $rule_file, $Syslogging ); +-my $VERSION = "PulledPork v0.7.0 - Swine Flu!"; ++my $VERSION = "PulledPork v0.7.1 - Swine Flu with a side of Ebola!"; + my $ua = LWP::UserAgent->new; + ++ + my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto ); + my ( $Output, $Distro, $Snort, $sid_changelog, $ignore_files ); + my ( $Snort_config, $Snort_path, $Textonly, $grabonly, $ips_policy, ); + my ( $pid_path, $SigHup, $NoDownload, $sid_msg_map, @base_url ); + my ( $local_rules, $arch, $docs, @records, $enonly ); + my ( $rstate, $keep_rulefiles, $rule_file_path, $prefix, $black_list ); +-my ( $Process, $hmatch, $bmatch , $sid_msg_version); ++my ( $Process, $hmatch, $bmatch , $sid_msg_version, $skipVerify); + my $Sostubs = 1; + + # verbose and quiet control print() +@@ -144,11 +145,11 @@ sub Help { + -D What Distro are you running on, for the so_rules + For latest supported options see http://www.snort.org/snort-rules/shared-object-rules + Valid Distro Types: +- Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 +- Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 +- FreeBSD-7-3, FreeBSD-8-1 +- OpenBSD-4-8 +- Slackware-13-1 ++ Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 ++ FC-12, FC-14, RHEL-5-5, RHEL-6-0 ++ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 ++ OpenBSD-5-2, OpenBSD-5-3 ++ OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 + -e Where the enablesid config file lives. + -E Write ONLY the enabled rules to the output files. + -g grabonly (download tarball rule file(s) and do NOT process) +@@ -176,6 +177,7 @@ sub Help { + -V Print Version and exit + -v Verbose mode, you know.. for troubleshooting and such nonsense. + -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. ++ -w Skip the SSL verification (if there are issues pulling down rule files) + __EOT + + exit(0); +@@ -191,7 +193,7 @@ sub pulledpork { + `----,\\ ) + `--==\\\\ / $VERSION + `--==\\\\/ +- .-~~~~-.Y|\\\\_ Copyright (C) 2009-2013 JJ Cummings ++ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2014 JJ Cummings + \@_/ / 66\\_ cummingsj\@gmail.com + | \\ \\ _(\") + \\ /-| ||'--' Rules give me wings! +@@ -350,9 +352,27 @@ sub compare_md5 { + ## mimic LWP::Simple getstore routine - Thx pkthound! + sub getstore { + my ( $url, $file ) = @_; +- my $request = HTTP::Request->new( GET => $url ); +- my $response = $ua->request( $request, $file ); +- $response->code; ++ ++ # on the first run, the file may not exist, so check. ++ if ( -e $file) { ++ # Check to ensure the user has write access to the file ++ if ( -r $file && -w _) { ++ my $request = HTTP::Request->new( GET => $url ); ++ my $response = $ua->request( $request, $file ); ++ $response->code; ++ } else { ++ carp "ERROR: $file is not writable by ".(getpwuid($<))[0]."\n"; ++ syslogit( 'err|local0', "FATAL: $file is not writable by ".(getpwuid($<))[0]."\n" ) ++ if $Syslogging; ++ exit(1); ++ } ++ } else { ++ # The file does not exist, any errors refer to permission issues ++ my $request = HTTP::Request->new( GET => $url ); ++ my $response = $ua->request( $request, $file ); ++ $response->code; ++ } ++ + } + + ## time to grab the real 0xb33f +@@ -1507,7 +1527,8 @@ GetOptions( + "u=s" => \@base_url, + "V!" => sub { Version() }, + "v+" => \$Verbose, +- "help|?" => sub { Help() } ++ "help|?" => sub { Help() }, ++ "w" => \$skipVerify + ); + + ## Fly piggy fly! +@@ -1533,7 +1554,7 @@ if ( $Verbose && !$Quiet ) { + if ( exists $Config_info{'version'} ) { + croak "You are not using the current version of pulledpork.conf!\n", + "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" +- if $Config_info{'version'} ne "0.7.0"; ++ if $Config_info{'version'} ne "0.7.1"; + } + else { + croak +@@ -1700,6 +1721,7 @@ if ( $Verbose && !$Quiet ) { + if ($Textonly) { print "\tText Rules only Flag is Set\n"; } + if ( $Verbose == 2 ) { print "\tExtra Verbose Flag is Set\n"; } + if ($Verbose) { print "\tVerbose Flag is Set\n"; } ++ if ($skipVerify) { print "\tSSL Hostname Verification disabled\n"; } + if (@base_url) { print "\tBase URL is: @base_url\n"; } + } + +@@ -1717,10 +1739,17 @@ if ( !-d $temp_path ) { + # Validate sid_msg_map version + Help("Please specify version 1 or 2 for sid_msg_version in your config file\n") unless $sid_msg_version =~ /(1|2)/; + ++ + # set some UserAgent and other connection configs + $ua->agent("$VERSION"); + $ua->show_progress(1) if ( $Verbose && !$Quiet ); + ++# check to see if SSL verfication is disabled ++if ($skipVerify) { ++ $ua->ssl_opts( verify_hostname => 0 ) ++} ++ ++ + # New Settings to allow proxy connections to use proper SSL formating - Thx pkthound! + $ua->timeout(60); + $ua->cookie_jar( {} ); Added: head/security/pulledpork/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pulledpork/pkg-plist Sun Jun 14 19:31:20 2015 (r389648) @@ -0,0 +1,14 @@ +bin/pulledpork.pl +%%ETCDIR%%/disablesid.conf.sample +%%ETCDIR%%/dropsid.conf.sample +%%ETCDIR%%/enablesid.conf.sample +%%ETCDIR%%/modifysid.conf.sample +@(,,0640) %%ETCDIR%%/pulledpork.conf.sample +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/README.CATEGORIES +%%PORTDOCS%%%%DOCSDIR%%/README.CHANGES +%%PORTDOCS%%%%DOCSDIR%%/README.RULESET +%%PORTDOCS%%%%DOCSDIR%%/README.SHAREDOBJECTS +%%DATADIR%%/README.CONTRIB +%%DATADIR%%/oink-conv.pl +@dir(,,0750) %%ETCDIR%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506141931.t5EJVLpb084388>