From owner-svn-ports-head@FreeBSD.ORG Mon Dec 22 15:11:56 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2D16B835; Mon, 22 Dec 2014 15:11:56 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0DB9A997; Mon, 22 Dec 2014 15:11:56 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sBMFBtTE087824; Mon, 22 Dec 2014 15:11:55 GMT (envelope-from koobs@FreeBSD.org) Received: (from koobs@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sBMFBtOO087821; Mon, 22 Dec 2014 15:11:55 GMT (envelope-from koobs@FreeBSD.org) Message-Id: <201412221511.sBMFBtOO087821@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: koobs set sender to koobs@FreeBSD.org using -f From: Kubilay Kocak Date: Mon, 22 Dec 2014 15:11:55 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r375243 - head/security/suricata X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Dec 2014 15:11:56 -0000 Author: koobs Date: Mon Dec 22 15:11:54 2014 New Revision: 375243 URL: https://svnweb.freebsd.org/changeset/ports/375243 QAT: https://qat.redports.org/buildarchive/r375243/ Log: security/suricata: Update to 2.0.5, Add NSS support - Update to 2.0.5 - Add NSS option for file checksum and fingerprint support [1] - Add default rules files [1] - Add USES=autoreconf, remove USE_AUTOTOOLS and friends - Override PATHFIX_MAKEFILEIN - Use the install-strip target - Fix HTP_PORT_CONFLICT_OFF typo (CONFLICT*S*) - USES=iconv when using the bundled HTP version - Cleanup and fix OPTION descriptions - Sort OPTIONS and helpers - Use the existing NO_HTP_PORT variable in pkg-plist (OPTIONS_SUB), remove MHTP_PORT conditional accordingly PR: 194953 [1] Submitted by: Bill Meeks [1] Modified: head/security/suricata/Makefile head/security/suricata/distinfo head/security/suricata/pkg-plist Modified: head/security/suricata/Makefile ============================================================================== --- head/security/suricata/Makefile Mon Dec 22 15:07:53 2014 (r375242) +++ head/security/suricata/Makefile Mon Dec 22 15:11:54 2014 (r375243) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= suricata -PORTVERSION= 2.0.4 +PORTVERSION= 2.0.5 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ \ http://mirrors.rit.edu/zi/ @@ -16,43 +16,57 @@ LIB_DEPENDS= libpcre.so:${PORTSDIR}/deve libnet.so:${PORTSDIR}/net/libnet \ libyaml.so:${PORTSDIR}/textproc/libyaml -OPTIONS_DEFINE= IPFW PRELUDE PORTS_PCAP TESTS JSON GEOIP HTP_PORT -OPTIONS_DEFAULT=IPFW PRELUDE HTP_PORT -OPTIONS_SUB= yes - -IPFW_DESC= Enable IPFW and IP Divert support for inline IDP -PRELUDE_DESC= Enable Prelude support for NIDS alerts -PORTS_PCAP_DESC=Use libpcap from ports -TESTS_DESC= Enable unit tests in suricata binary -JSON_DESC= Enable Suricata JSON output -GEOIP_DESC= Enable GeoIP support for Suricata -HTP_PORT_DESC= Use libhtp from ports instead of bundled - -USES= gmake pkgconfig libtool pathfix -USE_AUTOTOOLS= aclocal autoconf automake +USES= autoreconf gmake pkgconfig libtool pathfix USE_LDCONFIG= yes USE_RC_SUBR= ${PORTNAME} - GNU_CONFIGURE= yes +INSTALL_TARGET= install-strip +PATHFIX_MAKEFILEIN= Makefile.am + +OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE TESTS +OPTIONS_DEFAULT= HTP_PORT IPFW PRELUDE +OPTIONS_SUB= yes + +GEOIP_DESC= Enable GeoIP support +HTP_PORT_DESC= Use libhtp from ports +IPFW_DESC= Enable IPFW and IP Divert support for inline IDP +JSON_DESC= Enable JSON output +NSS_DESC= Enable file checksums and SSL/TLS fingerprinting +PORTS_PCAP_DESC= Use libpcap from ports +PRELUDE_DESC= Enable Prelude support for NIDS alerts +TESTS_DESC= Build Unit Tests + +GEOIP_LIB_DEPENDS= libGeoIP.so:${PORTSDIR}/net/GeoIP +GEOIP_CONFIGURE_ON= --enable-geoip + +HTP_PORT_LIB_DEPENDS= libhtp.so:${PORTSDIR}/devel/libhtp +HTP_PORT_CONFIGURE_ON= --enable-non-bundled-htp +HTP_PORT_CONFIGURE_OFF= --enable-bundled-htp +HTP_PORT_CONFLICTS_INSTALL_OFF= libhtp-[0-9]* libhtp-suricata +HTP_PORT_USES_OFF= iconv + IPFW_CONFIGURE_ON= --enable-ipfw + +PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \ --with-libpcap-libraries=${LOCALBASE}/lib PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \ --with-libpcap-libraries=/usr/lib -PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap + PRELUDE_LIB_DEPENDS= libprelude.so:${PORTSDIR}/security/libprelude PRELUDE_CONFIGURE_ENABLE= prelude PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} -TESTS_CONFIGURE_ENABLE= unittests + +JSON_LIB_DEPENDS= libjansson.so:${PORTSDIR}/devel/jansson JSON_CONFIGURE_OFF= --with-libjansson-includes=${LOCALBASE}/include \ --with-libjansson-libraries=${LOCALBASE}/lib -JSON_LIB_DEPENDS= libjansson.so:${PORTSDIR}/devel/jansson -GEOIP_CONFIGURE_ON= --enable-geoip -GEOIP_LIB_DEPENDS= libGeoIP.so:${PORTSDIR}/net/GeoIP -HTP_PORT_CONFIGURE_ON= --enable-non-bundled-htp -HTP_PORT_LIB_DEPENDS= libhtp.so:${PORTSDIR}/devel/libhtp -HTP_PORT_CONFLICT_OFF= libhtp-[0-9]* libhtp-suricata + +NSS_LIB_DEPENDS= libnss3.so:${PORTSDIR}/security/nss +NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \ + --with-libnss-libraries=${LOCALBASE}/lib/nss \ + +TESTS_CONFIGURE_ENABLE= unittests SUB_FILES= pkg-message @@ -72,16 +86,11 @@ LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet1 CONFIG_DIR?= ${ETCDIR} CONFIG_FILES= suricata.yaml classification.config reference.config RULES_DIR= ${CONFIG_DIR}/rules +RULES_FILES= decoder-events.rules dns-events.rules files.rules http-events.rules smtp-events.rules stream-events.rules tls-events.rules LOGS_DIR?= /var/log/${PORTNAME} .include -.if ${PORT_OPTIONS:MHTP_PORT} -PLIST_SUB+= HTPPORT="@comment " -.else -PLIST_SUB+= HTPPORT="" -.endif - .if ${ARCH} == "ia64" || ${ARCH} == "powerpc" || ${ARCH} == "sparc64" BROKEN= Does not compile on ia64, powerpc, or sparc64 .endif @@ -98,6 +107,9 @@ post-install: .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample .endfor +.for f in ${RULES_FILES} + ${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f} +.endfor TMPDIR?= /tmp TESTDIR= ${TMPDIR}/${PORTNAME} Modified: head/security/suricata/distinfo ============================================================================== --- head/security/suricata/distinfo Mon Dec 22 15:07:53 2014 (r375242) +++ head/security/suricata/distinfo Mon Dec 22 15:11:54 2014 (r375243) @@ -1,2 +1,2 @@ -SHA256 (suricata-2.0.4.tar.gz) = 677d97a829d9e05f664c82eb0372e870d5f6e9501ccee20130dfde4014bd5084 -SIZE (suricata-2.0.4.tar.gz) = 3085919 +SHA256 (suricata-2.0.5.tar.gz) = 57b1120e91bd4e348e1a4cee9eb7b197d05fc25169e062f1a11f5dd4b9322c60 +SIZE (suricata-2.0.5.tar.gz) = 3090118 Modified: head/security/suricata/pkg-plist ============================================================================== --- head/security/suricata/pkg-plist Mon Dec 22 15:07:53 2014 (r375242) +++ head/security/suricata/pkg-plist Mon Dec 22 15:11:54 2014 (r375243) @@ -28,28 +28,35 @@ bin/suricata %%DOCSDIR%%/Ubuntu_Installation.txt %%DOCSDIR%%/Ubuntu_Installation_from_GIT.txt %%DOCSDIR%%/Windows.txt -%%HTPPORT%%include/htp/bstr.h -%%HTPPORT%%include/htp/bstr_builder.h -%%HTPPORT%%include/htp/htp.h -%%HTPPORT%%include/htp/htp_base64.h -%%HTPPORT%%include/htp/htp_config.h -%%HTPPORT%%include/htp/htp_connection_parser.h -%%HTPPORT%%include/htp/htp_core.h -%%HTPPORT%%include/htp/htp_decompressors.h -%%HTPPORT%%include/htp/htp_hooks.h -%%HTPPORT%%include/htp/htp_list.h -%%HTPPORT%%include/htp/htp_multipart.h -%%HTPPORT%%include/htp/htp_table.h -%%HTPPORT%%include/htp/htp_transaction.h -%%HTPPORT%%include/htp/htp_urlencoded.h -%%HTPPORT%%include/htp/htp_utf8_decoder.h -%%HTPPORT%%include/htp/htp_version.h -%%HTPPORT%%lib/libhtp-0.5.15.so.1 -%%HTPPORT%%lib/libhtp-0.5.15.so.1.0.0 -%%HTPPORT%%lib/libhtp.a -%%HTPPORT%%lib/libhtp.so -%%HTPPORT%%libdata/pkgconfig/htp.pc +%%NO_HTP_PORT%%include/htp/bstr.h +%%NO_HTP_PORT%%include/htp/bstr_builder.h +%%NO_HTP_PORT%%include/htp/htp.h +%%NO_HTP_PORT%%include/htp/htp_base64.h +%%NO_HTP_PORT%%include/htp/htp_config.h +%%NO_HTP_PORT%%include/htp/htp_connection_parser.h +%%NO_HTP_PORT%%include/htp/htp_core.h +%%NO_HTP_PORT%%include/htp/htp_decompressors.h +%%NO_HTP_PORT%%include/htp/htp_hooks.h +%%NO_HTP_PORT%%include/htp/htp_list.h +%%NO_HTP_PORT%%include/htp/htp_multipart.h +%%NO_HTP_PORT%%include/htp/htp_table.h +%%NO_HTP_PORT%%include/htp/htp_transaction.h +%%NO_HTP_PORT%%include/htp/htp_urlencoded.h +%%NO_HTP_PORT%%include/htp/htp_utf8_decoder.h +%%NO_HTP_PORT%%include/htp/htp_version.h +%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1 +%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1.0.0 +%%NO_HTP_PORT%%lib/libhtp.a +%%NO_HTP_PORT%%lib/libhtp.so +%%NO_HTP_PORT%%libdata/pkgconfig/htp.pc @sample etc/suricata/suricata.yaml.sample @sample etc/suricata/classification.config.sample @sample etc/suricata/reference.config.sample +etc/suricata/rules/decoder-events.rules +etc/suricata/rules/dns-events.rules +etc/suricata/rules/files.rules +etc/suricata/rules/http-events.rules +etc/suricata/rules/smtp-events.rules +etc/suricata/rules/stream-events.rules +etc/suricata/rules/tls-events.rules @dir etc/suricata/rules