Date: Tue, 17 Jan 2012 12:40:11 +0100 (CET) From: Geoffroy Desvernay <dgeo@centrale-marseille.fr> To: FreeBSD-gnats-submit@FreeBSD.org Cc: eksffa@freebsdbrasil.com.br, wxs@FreeBSD.org, dgeo@centrale-marseille.fr Subject: ports/164237: [PATCH] security/suricata: overwrite files from libhtp Message-ID: <20120117114011.5A37D1CD2B@dgeo.sysadm.ec-m.fr> Resent-Message-ID: <201201171200.q0HC0Ndi076503@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 164237 >Category: ports >Synopsis: [PATCH] security/suricata: overwrite files from libhtp >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 17 12:00:22 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Geoffroy Desvernay >Release: FreeBSD 9.0-RELEASE amd64 >Organization: Ecole Centrale de Marseille >Environment: System: FreeBSD dgeo.sysadm.ec-m.fr 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Sun Jan 15 17:00:54 CET 2012 >Description: - suricata's port depends on devel/libhtp but does install another libhtp - depens on net/libpcap but there is a libpcap in base system - missing new config file reference.config - override suricata.yaml Proposed changes: - depend on base system's libpcap by default, add an option to use port's one - never install bundled libhtp (./configure --enable-non-bundled-htp) - remove suricata.yaml and classification.config from plist (-> don't remove it on deinstall) - add reference.config in CONFIG_FILES and reference.config-sample in plist (missing) Port maintainer (eksffa@freebsdbrasil.com.br) is cc'd. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: install security/suricata and see that: - devel/libhtp's files are ovewritten in $PREFIX/(lib|include) - net/libpcap is installed Edit suricata.yaml, and/or classification.config Upgrade suricata (reinstall it) and notice that your changes are lost :( >Fix: Attached patch seems to fix all of there bugs, but doesn't repair already installed/overwritten libhtp nor will keep ancien configs: perhaps a note in UPGRADING to inform to: 1) copy configs 2) uninstall suricata and libhtp (and libpcap if not needed elsewhere) 3) reinstall suricata then config files Or increase PORTREVISION of libhtp ? (maintainer cc'd) --- suricata-1.1.1_1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/suricata.orig/Makefile /usr/ports/security/suricata/Makefile --- /usr/ports/security/suricata.orig/Makefile 2012-01-10 20:34:02.000000000 +0100 +++ /usr/ports/security/suricata/Makefile 2012-01-17 10:28:21.000000000 +0100 @@ -7,6 +7,7 @@ PORTNAME= suricata PORTVERSION= 1.1.1 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ @@ -18,7 +19,6 @@ LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre \ yaml:${PORTSDIR}/textproc/libyaml \ - pcap.1:${PORTSDIR}/net/libpcap \ htp-0.2.1:${PORTSDIR}/devel/libhtp BUILD_DEPENDS+= ${LIBNET_CONFIG}:${PORTSDIR}/net/libnet \ @@ -32,7 +32,8 @@ OPTIONS= IPFW "Enable IPFW/IPDIVERT for IPS usage" on \ PRELUDE "Enable Prelude NIDS integration" off \ - DAG "Enable Endace DAG Support" off + DAG "Enable Endace DAG Support" off \ + PORTPCAP "Use net/libpcap port instead of system's one" off CFLAGS+= -I${LOCALBASE}/include -L${LOCALBASE}/lib @@ -42,7 +43,8 @@ USE_LDCONFIG= yes CONFIG_DIR?= ${PREFIX}/etc/suricata -CONFIG_FILES= suricata.yaml classification.config +CONFIG_FILES= suricata.yaml classification.config reference.config +CONFIGURE_ARGS+= --enable-non-bundled-htp RULES_DIR= ${PREFIX}/etc/suricata/rules LOGS_DIR= /var/log/suricata @@ -66,6 +68,13 @@ CONFIGURE_ARGS+= --enable-dag .endif +.if defined(WITH_PORTPCAP) +LIB_DEPENDS+= pcap.1:${PORTSDIR}/net/libpcap +CONFIGURE_ARGS+= --with-libpcap-includes=/usr/local/include --with-libpcap-libraries=/usr/local/lib +.else +CONFIGURE_ARGS+= --with-libpcap-includes=/usr/include --with-libpcap-libraries=/usr/lib +.endif + post-patch: @${REINPLACE_CMD} -Ee 's|^(install-data-am: )install-pkgconfigDATA|\1|' ${WRKSRC}/libhtp/Makefile.in diff -ruN --exclude=CVS /usr/ports/security/suricata.orig/pkg-plist /usr/ports/security/suricata/pkg-plist --- /usr/ports/security/suricata.orig/pkg-plist 2012-01-10 20:34:02.000000000 +0100 +++ /usr/ports/security/suricata/pkg-plist 2012-01-17 10:05:11.000000000 +0100 @@ -1,7 +1,6 @@ bin/suricata -etc/suricata/suricata.yaml etc/suricata/suricata.yaml-sample etc/suricata/classification.config-sample -etc/suricata/classification.config -@unexec /bin/rmdir %D/etc/suricata/rules 2>/dev/null || true -@unexec /bin/rmdir %D/etc/suricata 2>/dev/null || true +etc/suricata/reference.config-sample +@dirrmtry etc/suricata +@dirrmtry etc/suricata/rules --- suricata-1.1.1_1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120117114011.5A37D1CD2B>