This diff brings Snort to 2.7.0.1. It also fixes compatibility with
security/prelude by adding the _snort user to the _prelude group for the prelude
FLAVOR. I've tested it successfully on i386 and alpha, and hope to test it on
my ppc soon.
There are problems with sparc64 crashing. I should be picking up a sparc64
system tomorrow for local testing.
Index: ports/net/snort/Makefile
===================================================================
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.50
diff -u -p -r1.50 Makefile
--- ports/net/snort/Makefile 2006/11/25 05:33:28 1.50
+++ ports/net/snort/Makefile 2007/09/04 20:45:57
@@ -2,8 +2,8 @@
COMMENT= "highly flexible sniffer/NIDS"
-DISTNAME= snort-2.6.0.2
-PKGNAME= ${DISTNAME}p1
+DISTNAME= snort-2.7.0.1
+PKGNAME= ${DISTNAME}
CATEGORIES= net security
MASTER_SITES= ${HOMEPAGE}/dl/current/
@@ -17,9 +17,11 @@ PERMIT_DISTFILES_FTP= Yes
WANTLIB= c m pcap
SHARED_LIBS= sf_engine 0.0 \
+ sf_dcerpc_preproc 0.0 \
sf_dns_preproc 0.0 \
sf_ftptelnet_preproc 0.0 \
- sf_smtp_preproc 0.0
+ sf_smtp_preproc 0.0 \
+ sf_ssh_preproc 0.0
USE_LIBTOOL= Yes
Index: ports/net/snort/distinfo
===================================================================
RCS file: /cvs/ports/net/snort/distinfo,v
retrieving revision 1.15
diff -u -p -r1.15 distinfo
--- ports/net/snort/distinfo 2007/04/05 16:20:15 1.15
+++ ports/net/snort/distinfo 2007/09/04 20:45:57
@@ -1,5 +1,5 @@
-MD5 (snort-2.6.0.2.tar.gz) = XAlP9tgtuEWl8CPkpJIQPg==
-RMD160 (snort-2.6.0.2.tar.gz) = cG1j24O30DesinHIEEMk2bdZTrU=
-SHA1 (snort-2.6.0.2.tar.gz) = Gms/sZqC+Dvw/OWo226xJ3xyN5s=
-SHA256 (snort-2.6.0.2.tar.gz) = B716x7ZF0TgKzmWzPAZO1Y2dwhvXNrH3a8V13CLhpeI=
-SIZE (snort-2.6.0.2.tar.gz) = 3350277
+MD5 (snort-2.7.0.1.tar.gz) = 06d3fa0b326dcdca59a19811f32b013a
+RMD160 (snort-2.7.0.1.tar.gz) = c88b71231bfa65e2c1eabd8931f4d6121e92a26a
+SHA1 (snort-2.7.0.1.tar.gz) = 9b751a73c611126c32e2dccd0a0e99aaff4e9653
+SHA256 (snort-2.7.0.1.tar.gz) =
c9337c2acb34e34904e3fff8a2c31e1a3a92aa7776a9263454fd4dc5503721fa
+SIZE (snort-2.7.0.1.tar.gz) = 3905846
Index: ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in
===================================================================
RCS file:
/cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v
retrieving revision 1.1
diff -u -p -r1.1 patch-src_dynamic-preprocessors_Makefile_in
--- ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in
2006/10/10 13:33:17 1.1
+++ ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in
2007/09/04 20:45:57
@@ -1,16 +1,16 @@
-$OpenBSD: patch-src_dynamic-preprocessors_Makefile_in,v 1.1 2006/10/10
13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/Makefile.in.orig Wed Sep 13 21:40:06 2006
-+++ src/dynamic-preprocessors/Makefile.in Sun Oct 1 17:38:17 2006
-@@ -480,7 +480,7 @@ maintainer-clean-generic:
+--- src/dynamic-preprocessors/Makefile.in.orig Mon Aug 27 15:10:58 2007
++++ src/dynamic-preprocessors/Makefile.in Mon Aug 27 15:17:09 2007
+@@ -500,8 +500,7 @@
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
[EMAIL PROTECTED]@uninstall-local:
[EMAIL PROTECTED]@install-data-local:
+install-data-local:
clean: clean-recursive
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
-@@ -608,13 +608,6 @@ include/str_search.h: $(srcdir)/../prepr
+@@ -636,20 +635,6 @@
clean-local:
rm -rf include build
@@ -20,6 +20,13 @@ $OpenBSD: patch-src_dynamic-preprocessor
[EMAIL PROTECTED]@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
[EMAIL PROTECTED]@ if test -f $(srcdir)/$$f; then p=$(srcdir)/$$f;
else p=$$f; fi; \
[EMAIL PROTECTED]@ $(INSTALL_DATA) $$p
$(DESTDIR)$(srcinstdir)/$$truefile; \
[EMAIL PROTECTED]@ done
+-
[EMAIL PROTECTED]@uninstall-local:
[EMAIL PROTECTED]@ @for f in $(exported_files); do \
[EMAIL PROTECTED]@ truefile=`echo $$f | sed -e "s/.*\///"`; \
[EMAIL PROTECTED]@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
[EMAIL PROTECTED]@ $(RM) -f $(DESTDIR)$(srcinstdir)/$$truefile; \
[EMAIL PROTECTED]@ done
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
Index:
ports/net/snort/patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
===================================================================
RCS file: patch-src_dynamic-preprocessors_dcerpc_Makefile_in
diff -N patch-src_dynamic-preprocessors_dcerpc_Makefile_in
--- /dev/null Sat Aug 30 18:16:59 1997
+++ patch-src_dynamic-preprocessors_dcerpc_Makefile_in Tue Sep 4 20:45:57 2007
@@ -0,0 +1,11 @@
+--- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Tue Oct 10 12:22:55 2006
++++ src/dynamic-preprocessors/dcerpc/Makefile.in Tue Oct 10 12:23:59 2006
+@@ -373,7 +373,7 @@ distdir: $(DISTFILES)
+ check-am: all-am
+ check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+-all-am: Makefile $(LTLIBRARIES) all-local
++all-am: Makefile $(LTLIBRARIES)
+ installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
Index: ports/net/snort/patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
===================================================================
RCS file: patch-src_dynamic-preprocessors_ssh_Makefile_in
diff -N patch-src_dynamic-preprocessors_ssh_Makefile_in
--- /dev/null Sat Aug 30 18:16:59 1997
+++ patch-src_dynamic-preprocessors_ssh_Makefile_in Tue Sep 4 20:45:57 2007
@@ -0,0 +1,11 @@
+--- src/dynamic-preprocessors/ssh/Makefile.in.orig Tue Oct 10 12:22:47 2006
++++ src/dynamic-preprocessors/ssh/Makefile.in Tue Oct 10 12:23:13 2006
+@@ -387,7 +387,7 @@ distdir: $(DISTFILES)
+ check-am: all-am
+ check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+-all-am: Makefile $(LTLIBRARIES) all-local
++all-am: Makefile $(LTLIBRARIES)
+ installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
Index: ports/net/snort/patches/patch-src_event_h
===================================================================
RCS file: patch-src_event_h
diff -N patch-src_event_h
--- /tmp/cvsDAAa005_P Tue Sep 4 20:45:57 2007
+++ /dev/null Sat Aug 30 18:16:59 1997
@@ -1,21 +0,0 @@
-$OpenBSD: patch-src_event_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
---- src/event.h.orig Tue Aug 23 18:52:22 2005
-+++ src/event.h Tue Nov 7 20:28:12 2006
-@@ -34,6 +34,8 @@
- #include <sys/time.h>
- #endif
-
-+#include "snort_packet_header.h"
-+
- typedef struct _Event
- {
- u_int32_t sig_generator; /* which part of snort generated the alert? */
-@@ -45,7 +47,7 @@ typedef struct _Event
- u_int32_t event_reference; /* reference to other events that have gone
off,
- * such as in the case of tagged packets...
- */
-- struct timeval ref_time; /* reference time for the event reference */
-+ struct pcap_timeval ref_time; /* reference time for the event reference
*/
-
- /* Don't add to this structure because this is the serialized data
- * struct for unified logging.
Index: ports/net/snort/patches/patch-src_output-plugins_spo_unified_c
===================================================================
RCS file: patch-src_output-plugins_spo_unified_c
diff -N patch-src_output-plugins_spo_unified_c
--- /tmp/cvsEAAa005_P Tue Sep 4 20:45:57 2007
+++ /dev/null Sat Aug 30 18:16:59 1997
@@ -1,38 +0,0 @@
-$OpenBSD: patch-src_output-plugins_spo_unified_c,v 1.1 2006/11/25 05:33:28
pvalchev Exp $
---- src/output-plugins/spo_unified.c.orig Fri May 12 20:19:56 2006
-+++ src/output-plugins/spo_unified.c Tue Nov 7 20:28:12 2006
-@@ -126,7 +126,7 @@ typedef struct _UnifiedLog
- typedef struct _UnifiedAlert
- {
- Event event;
-- struct timeval ts; /* event timestamp */
-+ struct pcap_timeval ts; /* event timestamp */
- u_int32_t sip; /* src ip */
- u_int32_t dip; /* dest ip */
- u_int16_t sp; /* src port */
-@@ -551,7 +551,11 @@ void RealUnifiedLogPacketAlert(Packet *p
- * this will have to be fixed when we transition to the pa_engine
- * code (p->pkth is libpcap specific)
- */
-- memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
-+ logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
-+ logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
-+ logheader.pkth.caplen = p->pkth->caplen;
-+ logheader.pkth.pktlen = p->pkth->len;
-+
- }
- else
- {
-@@ -1260,7 +1264,11 @@ void OldUnifiedLogPacketAlert(Packet *p,
- {
- logheader.flags = p->packet_flags;
-
-- memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
-+ logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
-+ logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
-+ logheader.pkth.caplen = p->pkth->caplen;
-+ logheader.pkth.pktlen = p->pkth->len;
-+
-
- #ifdef GIDS
- /*
Index: ports/net/snort/patches/patch-src_snort_packet_header_h
===================================================================
RCS file: patch-src_snort_packet_header_h
diff -N patch-src_snort_packet_header_h
--- /tmp/cvsFAAa005_P Tue Sep 4 20:45:57 2007
+++ /dev/null Sat Aug 30 18:16:59 1997
@@ -1,25 +0,0 @@
-$OpenBSD: patch-src_snort_packet_header_h,v 1.1 2006/11/25 05:33:28 pvalchev
Exp $
---- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006
-+++ src/snort_packet_header.h Tue Nov 7 20:28:12 2006
-@@ -16,12 +16,20 @@
- #include <sys/types.h>
-
-
-+/* we must use fixed size of 32 bits, because on-disk
-+ * format of savefiles uses 32-bit tv_sec (and tv_usec)
-+ */
-+struct pcap_timeval {
-+ u_int32_t tv_sec; /* seconds */
-+ u_int32_t tv_usec; /* microseconds */
-+};
-+
- /* this is equivalent to the pcap pkthdr struct, but we need one for
- * portability once we introduce the pa_engine code
- */
- typedef struct _SnortPktHeader
- {
-- struct timeval ts; /* packet timestamp */
-+ struct pcap_timeval ts;/* packet timestamp */
- u_int32_t caplen; /* packet capture length */
- u_int32_t pktlen; /* packet "real" length */
- } SnortPktHeader;
Index: ports/net/snort/pkg/PFRAG.prelude
===================================================================
RCS file: PFRAG.prelude
diff -N PFRAG.prelude
--- /dev/null Sat Aug 30 18:16:59 1997
+++ PFRAG.prelude Tue Sep 4 20:45:57 2007
@@ -0,0 +1 @@
[EMAIL PROTECTED] usermod -G _prelude _snort
Index: ports/net/snort/pkg/PFRAG.shared
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PFRAG.shared,v
retrieving revision 1.1
diff -u -p -r1.1 PFRAG.shared
--- ports/net/snort/pkg/PFRAG.shared 2006/10/10 13:33:17 1.1
+++ ports/net/snort/pkg/PFRAG.shared 2007/09/04 20:45:57
@@ -1,5 +1,7 @@
@comment $OpenBSD: PFRAG.shared,v 1.1 2006/10/10 13:33:17 aanriot Exp $
@lib lib/snort_dynamicengine/libsf_engine.so.${LIBsf_engine_VERSION}
[EMAIL PROTECTED]
lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.${LIBsf_dcerpc_preproc_VERSION}
@lib
lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.${LIBsf_dns_preproc_VERSION}
@lib
lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.${LIBsf_ftptelnet_preproc_VERSION}
@lib
lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.${LIBsf_smtp_preproc_VERSION}
[EMAIL PROTECTED]
lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.${LIBsf_ssh_preproc_VERSION}
Index: ports/net/snort/pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PLIST,v
retrieving revision 1.15
diff -u -p -r1.15 PLIST
--- ports/net/snort/pkg/PLIST 2006/10/10 13:33:17 1.15
+++ ports/net/snort/pkg/PLIST 2007/09/04 20:45:57
@@ -1,22 +1,28 @@
@comment $OpenBSD: PLIST,v 1.15 2006/10/10 13:33:17 aanriot Exp $
@newgroup _snort:557
@newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin
+%%prelude%%
%%SHARED%%
bin/snort
lib/snort_dynamicengine/
lib/snort_dynamicengine/libsf_engine.a
@comment lib/snort_dynamicengine/libsf_engine.la
lib/snort_dynamicpreprocessor/
+lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
[EMAIL PROTECTED] lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
@comment lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
@comment lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
@comment lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
+lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
[EMAIL PROTECTED] lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
@man man/man8/snort.8
share/doc/snort/
share/doc/snort/AUTHORS
share/doc/snort/CREDITS
+share/doc/snort/README.ARUBA
share/doc/snort/README.FLEXRESP
share/doc/snort/README.FLEXRESP2
share/doc/snort/README.INLINE
@@ -29,6 +35,7 @@ share/doc/snort/README.alert_order
share/doc/snort/README.asn1
share/doc/snort/README.csv
share/doc/snort/README.database
+share/doc/snort/README.dcerpc
share/doc/snort/README.dns
share/doc/snort/README.event_queue
share/doc/snort/README.flow
@@ -38,6 +45,9 @@ share/doc/snort/README.frag3
share/doc/snort/README.ftptelnet
share/doc/snort/README.http_inspect
share/doc/snort/README.sfportscan
+share/doc/snort/README.ssh
+share/doc/snort/README.stream4
+share/doc/snort/README.stream5
share/doc/snort/README.thresholding
share/doc/snort/README.wireless
share/doc/snort/faq.pdf
