now includes priviledge drop and does 64bit library paths in default config files.

(Portage version: 2.1.2.2)
author: Daniel Black <dragonheart@gentoo.org> 2007-04-22 05:55:08 +0000
committer: Daniel Black <dragonheart@gentoo.org> 2007-04-22 05:55:08 +0000
commit: 2170068188c1b971b9fa555dc1cd4300b5414ab9 (patch)
tree: 937546e3d96f1000ad37ea5f32e9512859242736 /net-analyzer/snort
parent: remove unused media-gfx/gimp:print use flag (diff)
download: gentoo-2-2170068188c1b971b9fa555dc1cd4300b5414ab9.tar.gz
gentoo-2-2170068188c1b971b9fa555dc1cd4300b5414ab9.tar.bz2
gentoo-2-2170068188c1b971b9fa555dc1cd4300b5414ab9.zip
7 files changed, 25 insertions, 231 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog
index 7c770e1214c5..2a2e8a9146dc 100644
--- a/net-analyzer/snort/ChangeLog
+++ b/net-analyzer/snort/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-analyzer/snort
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.127 2007/04/07 00:47:12 falco Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.128 2007/04/22 05:55:08 dragonheart Exp $
+
+*snort-2.6.1.4-r1 (22 Apr 2007)
+
+  22 Apr 2007; Daniel Black <dragonheart@gentoo.org> +snort-2.6.1.4-r1.ebuild,
+  files/snort.rc9:
+  now includes priv drop thanks to <drear> on irc. Default config file now
+  x86_64 friendly with library paths too.
 
   07 Apr 2007; Raphael Marichez <falco@gentoo.org>
   +files/snort-2.6.1.4-libdnet-ip6.patch, snort-2.6.1.4.ebuild:
diff --git a/net-analyzer/snort/files/digest-snort-2.4.5 b/net-analyzer/snort/files/digest-snort-2.4.5
deleted file mode 100644
index 24ce062cfcbd..000000000000
--- a/net-analyzer/snort/files/digest-snort-2.4.5
+++ /dev/null
@@ -1,15 +0,0 @@
-MD5 39d8250f47a33aaec4712e29c0dcd1d0 Community-Rules.tar.gz 11678
-RMD160 a65b656e4dbf29f1c807622e865e945f509fe0c5 Community-Rules.tar.gz 11678
-SHA256 fd37a897455dcb4bace1f7f0af11747b5360e0e3896cd0b9649e5d19281bb2cf Community-Rules.tar.gz 11678
-MD5 316f28cf52efeddfd899552f3b26cd8d snort-2.4.0-genpatches.tar.bz2 6475
-RMD160 9ea99c71892a2cbf409ead3514ae792210bdf3d0 snort-2.4.0-genpatches.tar.bz2 6475
-SHA256 8bf51a47b2a0db9ccad83a27105994befd9be381b41aeb02561882308f4c6dff snort-2.4.0-genpatches.tar.bz2 6475
-MD5 108b3c20dcbaf3cdb17ea9203342eaaa snort-2.4.5.tar.gz 2817837
-RMD160 1b697ccd84e1c10406ac20ccc0c46f79ea661e11 snort-2.4.5.tar.gz 2817837
-SHA256 84eb84da542d23e9f1c29b8eb319614c509fb19a745f1fa2a88d07c740645184 snort-2.4.5.tar.gz 2817837
-MD5 35d9a2486f8c0280bb493aa03c011927 snortrules-pr-2.4.tar.gz 789097
-RMD160 dd2179b3ce8a55699d2e1b857426e5489191a121 snortrules-pr-2.4.tar.gz 789097
-SHA256 19d2545a2a150dff8b4dbcbd0def389b6865c4c70f5084172d08a7b151e1a504 snortrules-pr-2.4.tar.gz 789097
-MD5 2eeef1a7a040d67c3afaf9d749905e47 snortsam-20050110.tar.gz 29395
-RMD160 ec80ce024ed7a013da35444ef1098ba3faa6cfc3 snortsam-20050110.tar.gz 29395
-SHA256 dc428458f3c47684aabb89036ca7e601a6aa92864dbf23b31f33732b76c2a01e snortsam-20050110.tar.gz 29395
diff --git a/net-analyzer/snort/files/digest-snort-2.6.1.2 b/net-analyzer/snort/files/digest-snort-2.6.1.4-r1
index 1ab41e7196dd..6976695869d4 100644
--- a/net-analyzer/snort/files/digest-snort-2.6.1.2
+++ b/net-analyzer/snort/files/digest-snort-2.6.1.4-r1
@@ -1,9 +1,9 @@
 MD5 52c0c6bc60d7123cb048e562d25bc34a Community-Rules-2.4.tar.gz 110044
 RMD160 ecfb4444cb0152545d823692eb6e5e2347151b54 Community-Rules-2.4.tar.gz 110044
 SHA256 4c82f90c960626aae5804c2375540f2d7241524c31ae3c7ab69df6c46e295c4c Community-Rules-2.4.tar.gz 110044
-MD5 22c448e25538cdf74c62abe586aeac0a snort-2.6.1.2.tar.gz 3511538
-RMD160 bd0ce3a4629a6e594a5f24723254e85d36597d04 snort-2.6.1.2.tar.gz 3511538
-SHA256 ca8bf1b1aa2fe23c9e8f8cb23482da123aac4b5842950b3cc2a40ba13da96b51 snort-2.6.1.2.tar.gz 3511538
+MD5 70e7f297c9fcf1f46d6fa3e1bb4aae49 snort-2.6.1.4.tar.gz 3716052
+RMD160 b9768992698fd9967b66b89938d38555260660ab snort-2.6.1.4.tar.gz 3716052
+SHA256 5f830d3c95b6fb96b8abaa5539e71c3cdcfd8df95b376c77323149436f7bbf70 snort-2.6.1.4.tar.gz 3716052
 MD5 35d9a2486f8c0280bb493aa03c011927 snortrules-pr-2.4.tar.gz 789097
 RMD160 dd2179b3ce8a55699d2e1b857426e5489191a121 snortrules-pr-2.4.tar.gz 789097
 SHA256 19d2545a2a150dff8b4dbcbd0def389b6865c4c70f5084172d08a7b151e1a504 snortrules-pr-2.4.tar.gz 789097
diff --git a/net-analyzer/snort/files/snort-2.6.1.1-gre.patch b/net-analyzer/snort/files/snort-2.6.1.1-gre.patch
deleted file mode 100644
index cc1f7a239e7e..000000000000
--- a/net-analyzer/snort/files/snort-2.6.1.1-gre.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff -uNr -r 2.6.1.1-orig/src/decode.c 2.6.1.1/src/decode.c
---- 2.6.1.1-orig/src/decode.c	2006-10-13 19:40:41.000000000 +0200
-+++ 2.6.1.1/src/decode.c	2007-01-14 00:35:03.000000000 +0100
-@@ -2346,7 +2346,13 @@
-      * since p->iph will be pointing to this inner IP
-      */
-     if (p->greh != NULL)
-+    {
-         p->ip_options_data = NULL;
-+        p->ip_options_len = 0;
-+        memset(&(p->ip_options[0]), 0, sizeof(p->ip_options));
-+        p->ip_lastopt_bad = 0;
-+    }
-+
- #endif
- 
-         p->ip_option_count = 0;
-@@ -2642,7 +2648,7 @@
-     u_int16_t uhlen;
-     struct pseudoheader ph;
- 
--    if(len < sizeof(UDPHdr))
-+    if(len < GRE_HEADER_LEN)
-     {
-         if(pv.verbose_flag)
-         {
-@@ -3566,9 +3572,7 @@
-         }
-     }
- 
--    payload_len = len - hlen;
--
--    if (payload_len < 0)
-+    if (hlen > len)
-     {
-         if(pv.verbose_flag)
-             ErrorMessage("GRE header length > rest of packet length");
-@@ -3589,6 +3593,8 @@
-         return;
-     }
- 
-+    payload_len = len - hlen;
-+
-     /* send to next protocol decoder */
-     /* As described in RFC 2784 the possible protocols are listed in
-      * RFC 1700 under "ETHER TYPES"
diff --git a/net-analyzer/snort/files/snort.rc7 b/net-analyzer/snort/files/snort.rc9
index 668b807af87e..6dec60ec60e3 100644
--- a/net-analyzer/snort/files/snort.rc7
+++ b/net-analyzer/snort/files/snort.rc9
@@ -1,10 +1,12 @@
 #!/sbin/runscript
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc7,v 1.1 2006/02/17 16:22:03 vanquirius Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc9,v 1.1 2007/04/22 05:55:08 dragonheart Exp $
 
 depend() {
 	need net
+	after mysql
+	after postgresql
 }
 
 checkconfig() {
@@ -20,7 +22,7 @@ start() {
 	ebegin "Starting snort"
 	start-stop-daemon --start --quiet --exec /usr/bin/snort \
 		--pidfile ${PIDFILE} \
-		-- ${SNORT_OPTS} >/dev/null 2>&1
+		-- ${SNORT_OPTS} -u snort -g snort >/dev/null 2>&1
 	eend $?
 }
 
diff --git a/net-analyzer/snort/snort-2.4.5.ebuild b/net-analyzer/snort/snort-2.4.5.ebuild
deleted file mode 100644
index 4711ebcd3048..000000000000
--- a/net-analyzer/snort/snort-2.4.5.ebuild
+++ /dev/null
@@ -1,156 +0,0 @@
-# Copyright 1999-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.4.5.ebuild,v 1.9 2006/11/25 18:18:20 cedk Exp $
-
-WANT_AUTOCONF="latest"
-WANT_AUTOMAKE="latest"
-inherit eutils flag-o-matic autotools
-
-DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS"
-HOMEPAGE="http://www.snort.org/"
-SRC_URI="http://www.snort.org/dl/current/${P}.tar.gz
-	mirror://gentoo/snort-2.4.0-genpatches.tar.bz2
-	http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
-	http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
-	snortsam? ( mirror://gentoo/snortsam-20050110.tar.gz )"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="-alpha amd64 ppc ppc64 -sparc x86"
-IUSE="ssl postgres mysql flexresp selinux snortsam odbc prelude inline sguil"
-
-DEPEND="virtual/libc
-	>=dev-libs/libpcre-4.2-r1
-	virtual/libpcap
-	flexresp? ( ~net-libs/libnet-1.0.2a )
-	postgres? ( || ( dev-db/postgresql dev-db/libpq ) )
-	mysql? ( virtual/mysql )
-	ssl? ( dev-libs/openssl )
-	prelude? ( >=dev-libs/libprelude-0.9.0 )
-	odbc? ( dev-db/unixODBC )
-	inline? (
-		~net-libs/libnet-1.0.2a
-		net-firewall/iptables
-		)"
-
-RDEPEND="${DEPEND}
-	dev-lang/perl
-	selinux? ( sec-policy/selinux-snort )
-	snortsam? ( net-analyzer/snortsam )"
-
-pkg_setup() {
-	enewgroup snort
-	enewuser snort -1 -1 /dev/null snort
-}
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-
-	if use flexresp || use inline ; then
-		epatch "${WORKDIR}/2.4.0-libnet-1.0.patch"
-	fi
-
-	sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \
-		etc/snort.conf || die "sed snort.conf failed"
-
-	if use prelude ; then
-		sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in \
-			|| die "sed configure.in failed"
-	fi
-
-	if use sguil ; then
-		epatch "${WORKDIR}/2.4.0-spp_portscan_sguil.patch"
-		epatch "${WORKDIR}/2.4.0-spp_stream4_sguil.patch"
-	fi
-
-	if use snortsam ; then
-		cd ..
-		einfo "Applying snortsam patch"
-		./patchsnort.sh "${S}" || die "snortsam patch failed"
-		cd "${S}"
-	fi
-
-	einfo "Regenerating autoconf/automake files"
-	AT_M4DIR=m4 eautoreconf
-}
-
-src_compile() {
-	local myconf
-
-	# bug #149496
-	append-flags -fno-strict-aliasing
-
-	# There is no --disable-flexresp, cannot use use_enable
-	use flexresp && myconf="${myconf} --enable-flexresp"
-
-	use inline && append-flags -I/usr/include/libipq
-
-	econf \
-		$(use_with postgres postgresql) \
-		$(use_with mysql) \
-		$(use_with ssl openssl) \
-		$(use_with odbc) \
-		--without-oracle \
-		$(use_enable prelude) \
-		$(use_with sguil) \
-		$(use_enable inline) \
-		${myconf} || die "bad ./configure"
-
-	emake || die "compile problem"
-}
-
-src_install() {
-	make DESTDIR="${D}" install || die "make install failed"
-
-	keepdir /var/log/snort/
-
-	dodoc doc/*
-	docinto schemas ; dodoc schemas/*
-
-	insinto /etc/snort
-	doins etc/reference.config etc/classification.config \
-		etc/*.map etc/threshold.conf
-	newins etc/snort.conf snort.conf
-	if use sguil ; then
-		sed -i -e "/^# output log_unified/s:# ::" \
-			-e "s:snort.log:snort_unified.log:" \
-		"${D}/etc/snort/snort.conf" || die "sed failed"
-	fi
-
-	newinitd "${FILESDIR}/snort.rc7" snort
-	newconfd "${FILESDIR}/snort.confd" snort
-	if use sguil ; then
-		sed -i -e "s:/var/log/snort:/var/lib/sguil/$(hostname):" \
-		-e "/^SNORT_OPTS/s%-u snort%-m 122 -u sguil -g sguil -A none%" \
-			"${D}/etc/conf.d/snort" || die "sed failed"
-	fi
-
-	fowners snort:snort /var/log/snort
-	fperms 0770 /var/log/snort
-
-	# install rules
-	dodir /etc/snort/rules
-	mv "${WORKDIR}"/rules/* "${D}/etc/snort/rules/"
-}
-
-pkg_postinst() {
-	if use mysql || use postgres || use odbc ; then
-		einfo "To use a database as a backend for snort you will have to"
-		einfo "import the correct tables to the database."
-		einfo "You will have to setup a database called snort first."
-		einfo
-		use mysql && \
-			einfo "  MySQL: zcat /usr/share/doc/${PF}/schemas/create_mysql.gz | mysql -p snort"
-		use postgres && \
-			einfo "  PostgreSQL: import /usr/share/doc/${PF}/schemas/create_postgresql.gz"
-		use odbc && einfo "SQL tables need to be created - look at /usr/share/doc/${PF}/schemas/"
-		einfo
-		einfo "Also, read the following Gentoo forums article:"
-		einfo '   http://forums.gentoo.org/viewtopic-t-399801.html'
-	fi
-	einfo
-	ewarn "Only a basic set of rules was installed."
-	ewarn "Please add your other sets of rules to /etc/snort/rules."
-	ewarn "For more information on rules, visit ${HOMEPAGE}."
-}
diff --git a/net-analyzer/snort/snort-2.6.1.2.ebuild b/net-analyzer/snort/snort-2.6.1.4-r1.ebuild
index 6b1e2beec1e6..055bbd164f27 100644
--- a/net-analyzer/snort/snort-2.6.1.2.ebuild
+++ b/net-analyzer/snort/snort-2.6.1.4-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.6.1.2.ebuild,v 1.7 2007/02/21 12:23:31 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.6.1.4-r1.ebuild,v 1.1 2007/04/22 05:55:08 dragonheart Exp $
 
 WANT_AUTOCONF="latest"
 WANT_AUTOMAKE="latest"
@@ -17,7 +17,7 @@ SRC_URI="http://www.snort.org/dl/current/${P}.tar.gz
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~alpha amd64 ppc ppc64 -sparc x86"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86"
 IUSE="postgres mysql flexresp selinux snortsam odbc prelude inline dynamicplugin
 timestats perfprofiling linux-smp-stats flexresp2 react sguil gre"
 
@@ -60,10 +60,10 @@ src_unpack() {
 	unpack ${A}
 	cd "${S}"
 
-	epatch "${FILESDIR}/${P}-libdir.patch"
+	epatch "${FILESDIR}/${PN}-2.6.1.2-libdir.patch"
 	epatch "${FILESDIR}/${PN}-2.6.1.1-libnet.patch"
-	use gre && epatch "${FILESDIR}/${PN}-2.6.1.1-gre.patch"
-	use react && epatch "${FILESDIR}/${P}-react.patch"
+	epatch "${FILESDIR}/${P}-libdnet-ip6.patch"
+	use react && epatch "${FILESDIR}/${PN}-2.6.1.2-react.patch"
 	sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \
 		etc/snort.conf
 
@@ -129,9 +129,11 @@ src_install() {
 	insinto /etc/snort
 	doins etc/reference.config etc/classification.config \
 		etc/*.map etc/threshold.conf
-	newins etc/snort.conf snort.conf
+	use dynamicplugin || sed -i -e 's:^dynamic:# dynamic:g' etc/snort.conf
+	sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" -e 's:/usr/local/:/usr/:g' \
+		etc/snort.conf > ${D}/etc/snort.conf
 
-	newinitd "${FILESDIR}/snort.rc8" snort
+	newinitd "${FILESDIR}/snort.rc9" snort
 	newconfd "${FILESDIR}/snort.confd" snort
 
 	fowners snort:snort /var/log/snort
@@ -163,7 +165,7 @@ pkg_postinst() {
 	ewarn "lower cost to memory. For more information on the new features"
 	ewarn "in snort 2.6, please take a look at the release notes located in..."
 	ewarn
-	ewarn "  /usr/share/doc/${PF}/RELEASE.NOTES.gz"
+	ewarn "  /usr/share/doc/${PF}/RELEASE.NOTES.bz2"
 	ewarn
 	einfo "To use a database as a backend for snort you will have to"
 	einfo "import the correct tables to the database."
author	Daniel Black <dragonheart@gentoo.org>	2007-04-22 05:55:08 +0000
committer	Daniel Black <dragonheart@gentoo.org>	2007-04-22 05:55:08 +0000
commit	2170068188c1b971b9fa555dc1cd4300b5414ab9 (patch)
tree	937546e3d96f1000ad37ea5f32e9512859242736 /net-analyzer/snort
parent	remove unused media-gfx/gimp:print use flag (diff)
download	gentoo-2-2170068188c1b971b9fa555dc1cd4300b5414ab9.tar.gz gentoo-2-2170068188c1b971b9fa555dc1cd4300b5414ab9.tar.bz2 gentoo-2-2170068188c1b971b9fa555dc1cd4300b5414ab9.zip