summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarcelo Góes <vanquirius@gentoo.org>2008-11-23 15:29:38 +0000
committerMarcelo Góes <vanquirius@gentoo.org>2008-11-23 15:29:38 +0000
commit864e0fa3ba412c8450cb0136f7d18cf2bbef730a (patch)
treef532ab47d35100029cd74384fc8e0214d77699de /net-analyzer
parentold (diff)
downloadhistorical-864e0fa3ba412c8450cb0136f7d18cf2bbef730a.tar.gz
historical-864e0fa3ba412c8450cb0136f7d18cf2bbef730a.tar.bz2
historical-864e0fa3ba412c8450cb0136f7d18cf2bbef730a.zip
2.8.3.1 version bump with many changes for bug 245752. Thanks to Jason
Wallace <jason.r.wallace at gmail dot com> and Antixrict <antixrict at inbox.lv> for the rewrite. Currently in package.mask for testing. Package-Manager: portage-2.1.4.5
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/snort/ChangeLog10
-rw-r--r--net-analyzer/snort/Manifest16
-rw-r--r--net-analyzer/snort/files/snort-2.8.3.1-libnet.patch220
-rw-r--r--net-analyzer/snort/snort-2.8.3.1.ebuild301
4 files changed, 545 insertions, 2 deletions
diff --git a/net-analyzer/snort/ChangeLog b/net-analyzer/snort/ChangeLog
index cbaf8f6913e5..a29c060da2e1 100644
--- a/net-analyzer/snort/ChangeLog
+++ b/net-analyzer/snort/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-analyzer/snort
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.134 2008/08/04 20:12:12 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/ChangeLog,v 1.135 2008/11/23 15:29:38 vanquirius Exp $
+
+*snort-2.8.3.1 (23 Nov 2008)
+
+ 23 Nov 2008; Marcelo Goes <vanquirius@gentoo.org>
+ +files/snort-2.8.3.1-libnet.patch, +snort-2.8.3.1.ebuild:
+ 2.8.3.1 version bump with many changes for bug 245752. Thanks to Jason
+ Wallace <jason.r.wallace at gmail dot com> and Antixrict <antixrict at
+ inbox.lv> for the rewrite. Currently in package.mask for testing.
04 Aug 2008; Jeroen Roovers <jer@gentoo.org> metadata.xml:
Describe local USE flags for GLEP 56.
diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest
index 2aed1c6d1cf7..1725f1498d18 100644
--- a/net-analyzer/snort/Manifest
+++ b/net-analyzer/snort/Manifest
@@ -1,22 +1,36 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
AUX snort-2.6.1.1-libnet.patch 8062 RMD160 fb42546b2efce968160afb0a0e0e96c8f0ad1471 SHA1 bcac8005327e016d8ffc1cf4b74aeb80228a2839 SHA256 ff36205cdd4554ff23c845383a82c9fdef6682a399072f3306f6aa3b74378b86
AUX snort-2.6.1.2-libdir.patch 446 RMD160 7508ad071e9cc9746f3c501c2525d82df3fdd9d0 SHA1 04cc4ddbd4570175483a33ce0729eb156473a1a5 SHA256 252743e9e5ddf4867f64cfcf22ca6127d07e6c69285635c0b7025a606a5fedc8
AUX snort-2.6.1.2-react.patch 952 RMD160 f5856ba63d63c20386af53b1e95db3d3ce758843 SHA1 b2c87c82b4c32af573b30fc39441d3f393afd284 SHA256 15cfb26179883a962612cdf54f283fd195199118328586595f001a750ad68ab1
AUX snort-2.6.1.4-libdnet-ip6.patch 482 RMD160 9d420da94d42aacf1a4c8fabb1a9637f73dff8b3 SHA1 2ff42e316d5c49201b85e78f99b1cae4449b7656 SHA256 7f24211c9295a848d1d29effaab2f7f38459823acb83e2d78da3d45019139e14
+AUX snort-2.8.3.1-libnet.patch 8954 RMD160 eb6a2eac6f6005bf8118afeeda6ea52675470156 SHA1 7370bc6c97417cf78a57f8d3f3c3bc3365ce2d56 SHA256 e3edce56ba0568d1db75accc7afb0b86d3de7034aba20daf0f61bf32770b3c2a
AUX snort.confd 423 RMD160 8312bad7b271cc20a9eeb8f08f0cba5cd330eb2f SHA1 149a377477a43ff78c7b3c73c159773e41adf892 SHA256 d504cb31ffcce9acc8fc7b68123a31a53b491444c52730339ea9a4e986521f71
AUX snort.rc7 740 RMD160 f9b799730b2699bd12bea76b23be13979121a12d SHA1 9e177163520facfdd322dc20dd5bcc89388237d1 SHA256 97314f3c7273c7ecdbaaf16cc82ee291b550ed4b1c339aa333cfaa7c7af5d991
AUX snort.rc8 764 RMD160 37ca479a48a97dfcade39f4756cadc15fa31b971 SHA1 f4b79149468ceb694526972da36bb1221c72b19d SHA256 b657ad099ce1df24cbc4c5b1f48718572bec65a14cd52c9f29b87e4f7f549693
DIST Community-Rules-2.4.tar.gz 110044 RMD160 ecfb4444cb0152545d823692eb6e5e2347151b54 SHA1 cbb5e5e8183608145642b3a47eb0be7fc06423f6 SHA256 4c82f90c960626aae5804c2375540f2d7241524c31ae3c7ab69df6c46e295c4c
+DIST Community-Rules-CURRENT.tar.gz 112052 RMD160 089916a6bf6db1fe56516d996dd7e062f5e96837 SHA1 8cd478c75e85f5da82d0fc4ebd29572e13066c7d SHA256 4f30a63d6a1cb4a8016540dffef99269c031cbee7ffeedf34d5bfbcd96cea417
DIST Community-Rules.tar.gz 11678 RMD160 a65b656e4dbf29f1c807622e865e945f509fe0c5 SHA1 de02fd44c58529795e0ab59b65aa08a608cffd95 SHA256 fd37a897455dcb4bace1f7f0af11747b5360e0e3896cd0b9649e5d19281bb2cf
DIST snort-2.4.0-genpatches.tar.bz2 6475 RMD160 9ea99c71892a2cbf409ead3514ae792210bdf3d0 SHA1 23d7ac5fb3e3fca5340a4f45ff6d64c4a4214e42 SHA256 8bf51a47b2a0db9ccad83a27105994befd9be381b41aeb02561882308f4c6dff
DIST snort-2.4.5.tar.gz 2817837 RMD160 1b697ccd84e1c10406ac20ccc0c46f79ea661e11 SHA1 3ba7dae8058aecf4e4eb1c7a816a7c8a4fb7c550 SHA256 84eb84da542d23e9f1c29b8eb319614c509fb19a745f1fa2a88d07c740645184
DIST snort-2.6.1.3.tar.gz 3700149 RMD160 0c390bd7cdbe705ba43ce8c8894bfec53c3179f6 SHA1 cb944d74ab6c254f88d356d45e4492ba560dfc3c SHA256 8cc112d6e0a55b0a7e0802428abbd1b7815e0d01a1240c84a726ecc563629a79
DIST snort-2.6.1.4.tar.gz 3716052 RMD160 b9768992698fd9967b66b89938d38555260660ab SHA1 2709f1ef0953029a8b9a23c94dea81bcd42b2906 SHA256 5f830d3c95b6fb96b8abaa5539e71c3cdcfd8df95b376c77323149436f7bbf70
DIST snort-2.7.0.1.tar.gz 3905846 RMD160 c88b71231bfa65e2c1eabd8931f4d6121e92a26a SHA1 9b751a73c611126c32e2dccd0a0e99aaff4e9653 SHA256 c9337c2acb34e34904e3fff8a2c31e1a3a92aa7776a9263454fd4dc5503721fa
+DIST snort-2.8.3.1.tar.gz 4309333 RMD160 53ab2df684ba327718d3dac1c8efa21c3ae05248 SHA1 384203f68e2000c490bbc5a5a2724b0b74d10e74 SHA256 edda7a8c3fe96623729ba0f34c2bda23c15a47a063bafdfc1e397680c2538d86
DIST snortrules-pr-2.4.tar.gz 789097 RMD160 dd2179b3ce8a55699d2e1b857426e5489191a121 SHA1 b8b59754ccb59b1dcf324d2faa399326117a60e9 SHA256 19d2545a2a150dff8b4dbcbd0def389b6865c4c70f5084172d08a7b151e1a504
DIST snortsam-20050110.tar.gz 29395 RMD160 ec80ce024ed7a013da35444ef1098ba3faa6cfc3 SHA1 46a274abeeea4e808849c65b9d510a5b5a221ba6 SHA256 dc428458f3c47684aabb89036ca7e601a6aa92864dbf23b31f33732b76c2a01e
EBUILD snort-2.4.5.ebuild 4416 RMD160 bacac50a4b25f8058772efca252d6b5e55df383e SHA1 aa6a406325a74ede990940596712573b0937e24e SHA256 02a75c07e7791fb9b67c00ab03e776bec2b08f965177b7c6e85b55e33be3f008
EBUILD snort-2.6.1.3-r1.ebuild 5890 RMD160 f81043cc4317907667817315dc425f79f49693fa SHA1 fd019204ead1468ad60d6c93cc58ecca87406ab4 SHA256 5eacf6083fc26e2ae2a1fc2b9238c146f5998851fe47f0ba650dd41e86617913
EBUILD snort-2.6.1.4.ebuild 5984 RMD160 57047f39db0979462684f75775c876b1f3e737d2 SHA1 cc4340770104cd6ffdab42165b27bd149d68103d SHA256 ada6aa994e747869846bf6bf41e8579b0a8bda56b945a1409d0af0d3c3e99eb8
EBUILD snort-2.7.0.1.ebuild 5408 RMD160 e9d46031bc510e0eb052e4d86906d549bd2265b9 SHA1 ef571fd63b0068b8aa86d5ca04360b6b66c1ec01 SHA256 194ec0bb0b17fa4bdd48451f1f7c940bed4454c88450833aa213207dc16a104e
-MISC ChangeLog 23838 RMD160 0dc9c7ceb3c135ca52bf766c5b3bb2ab115a3ff4 SHA1 759b6d5b7d4a72b990791844c54489f01eec59f1 SHA256 cccc31afacf3fb0786e29bb8656bc5accf7cd178601066c6ac70fbdecd458cd1
+EBUILD snort-2.8.3.1.ebuild 9632 RMD160 7ababc187c321e3ba27cf52b9b4e57ff68ff8c82 SHA1 0188b46c3a754c084e75cca5d658fa19e77f2a4e SHA256 83fa764e1963d1c0c2a6cae6e4fc328ae767ae1635705e4de4536bffe64d362c
+MISC ChangeLog 24202 RMD160 de30e4b16a5d0a283989602882dfd5905b68fa26 SHA1 a2f17148ff4dbf938d6f1a814433d82c69c4ddc1 SHA256 a568a31451c9a30f9653d47e4cc736a3f8d950039574959af0002031d4e0537a
MISC metadata.xml 1261 RMD160 12ca0f36e1240c80f2d6d736ffa0fa065e321446 SHA1 947c4ee84c235cdfffc54deb181f827281c8b909 SHA256 f07a876e5b8e0bd12c7b7a8a8c582608ee94566bfd56689d2b6b38559b3492eb
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.9 (GNU/Linux)
+
+iEYEARECAAYFAkkpdtQACgkQrV3T0ZYD7E6BlACfStjGynBRcNJXKUDH6DMcWe26
+LvwAn1Il/AG5/TLSfxprWI68zMZHaJqF
+=p3tZ
+-----END PGP SIGNATURE-----
diff --git a/net-analyzer/snort/files/snort-2.8.3.1-libnet.patch b/net-analyzer/snort/files/snort-2.8.3.1-libnet.patch
new file mode 100644
index 000000000000..b51b1531569f
--- /dev/null
+++ b/net-analyzer/snort/files/snort-2.8.3.1-libnet.patch
@@ -0,0 +1,220 @@
+diff -ru snort-2.8.3.1/configure.in snort-2.8.3.1_gentoo/configure.in
+--- snort-2.8.3.1/configure.in 2008-09-15 10:45:24.000000000 -0400
++++ snort-2.8.3.1_gentoo/configure.in 2008-11-03 16:34:41.000000000 -0500
+@@ -1151,19 +1151,19 @@
+ else
+ libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+- AC_MSG_CHECKING("for libnet.h version 1.0.x")
++ AC_MSG_CHECKING("for libnet-1.0.h version 1.0.x")
+ for i in $libnet_dir; do
+- if test -r "$i/libnet.h"; then
++ if test -r "$i/libnet-1.0.h"; then
+ LIBNET_INC_DIR="$i"
+ fi
+ done
+
+ if test "$LIBNET_INC_DIR" != ""; then
+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0 >/dev/null"; then
+- FAIL_MESSAGE("libnet 1.0.x (libnet.h)", $LIBNET_INC_DIR)
++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0 >/dev/null"; then
++ FAIL_MESSAGE("libnet 1.0.x (libnet-1.0.h)", $LIBNET_INC_DIR)
+ fi
+- CFLAGS="${CFLAGS} `libnet-config --defines` `libnet-config --cflags`"
+- LIBS="${LIBS} `libnet-config --libs`"
++ CFLAGS="${CFLAGS} `libnet-1.0-config --defines` `libnet-1.0-config --cflags`"
++ LIBS="${LIBS} `libnet-1.0-config --libs`"
+ CPPFLAGS="${CPPFLAGS} -I${LIBNET_INC_DIR}"
+ AC_MSG_RESULT($i)
+ else
+@@ -1185,8 +1185,8 @@
+ [ --enable-flexresp Flexible Responses on hostile connection attempts],
+ enable_flexresp="$enableval", enable_flexresp="no")
+ if test "x$enable_flexresp" = "xyes"; then
+- CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-config --defines --cflags`"
+- LDFLAGS="${LDFLAGS} `libnet-config --libs`"
++ CPPFLAGS="${CPPFLAGS} -DENABLE_RESPONSE `libnet-1.0-config --defines --cflags`"
++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`"
+ fi
+
+ if test "x$enable_flexresp" != "xno" -a "x$enable_flexresp" = "xyes"; then
+@@ -1196,21 +1196,21 @@
+ exit
+ fi
+
+- if test `libnet-config --cflags | wc -c` = "1"; then
++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then
+ CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"
+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"
+ fi
+
+- if test `libnet-config --libs | wc -c` = "1"; then
+- AC_MSG_WARN(libnet-config --libs is broken on your system. If you)
++ if test `libnet-1.0-config --libs | wc -c` = "1"; then
++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you)
+ AC_MSG_WARN(are using a precompiled package please notify the)
+ AC_MSG_WARN(maintainer.)
+ LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"
+- LIBS="${LIBS} -lnet"
++ LIBS="${LIBS} -lnet-1.0"
+ fi
+
+ LNET=""
+- AC_CHECK_HEADERS(libnet.h,, LNET="no")
++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet header not found, go get it from"
+@@ -1228,33 +1228,33 @@
+ libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ else
+- libnet_dir=`libnet-config --cflags | cut -dI -f2`
++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2`
+ fi
+
+ LIBNET_INC_DIR=""
+ for i in $libnet_dir; do
+- if test -r "$i/libnet.h"; then
++ if test -r "$i/libnet-1.0.h"; then
+ LIBNET_INC_DIR="$i"
+ fi
+ done
+
+ if test "x$LIBNET_INC_DIR" != "x"; then
+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then
++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then
+ AC_MSG_RESULT(no)
+ echo
+ echo " ERROR! Snort with --enable-flexresp will *only* work with"
+ echo " libnet version 1.0.2a, go get it from"
+ echo " http://www.packetfactory.net/projects/libnet/"
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR)
+ fi
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir)
+ fi
+
+ LNET=""
+- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no")
++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet library not found, go get it from"
+@@ -1305,8 +1305,8 @@
+ [ --enable-react Intercept and terminate offending HTTP accesses],
+ enable_react="$enableval", enable_react="no")
+ if test "x$enable_react" = "xyes"; then
+- CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-config --defines --cflags`"
+- LDFLAGS="${LDFLAGS} `libnet-config --libs`"
++ CPPFLAGS="${CPPFLAGS} -DENABLE_REACT `libnet-1.0-config --defines --cflags`"
++ LDFLAGS="${LDFLAGS} `libnet-1.0-config --libs`"
+ fi
+
+ if test "x$enable_react" != "xno" -a "x$enable_react" = "xyes"; then
+@@ -1317,13 +1317,13 @@
+ exit
+ fi
+
+- if test `libnet-config --cflags | wc -c` = "1"; then
++ if test `libnet-1.0-config --cflags | wc -c` = "1"; then
+ CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"
+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"
+ fi
+
+- if test `libnet-config --libs | wc -c` = "1"; then
+- AC_MSG_WARN(libnet-config --libs is broken on your system. If you)
++ if test `libnet-1.0-config --libs | wc -c` = "1"; then
++ AC_MSG_WARN(libnet-1.0-config --libs is broken on your system. If you)
+ AC_MSG_WARN(are using a precompiled package please notify the)
+ AC_MSG_WARN(maintainer.)
+ LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"
+@@ -1331,7 +1331,7 @@
+ fi
+
+ LNET=""
+- AC_CHECK_HEADERS(libnet.h,, LNET="no")
++ AC_CHECK_HEADERS(libnet-1.0.h,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet header not found, go get it from"
+@@ -1349,33 +1349,33 @@
+ libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ else
+- libnet_dir=`libnet-config --cflags | cut -dI -f2`
++ libnet_dir=`libnet-1.0-config --cflags | cut -dI -f2`
+ fi
+
+ LIBNET_INC_DIR=""
+ for i in $libnet_dir; do
+- if test -r "$i/libnet.h"; then
++ if test -r "$i/libnet-1.0.h"; then
+ LIBNET_INC_DIR="$i"
+ fi
+ done
+
+ if test "x$LIBNET_INC_DIR" != "x"; then
+- if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep -v 1.0.2a >/dev/null"; then
++ if eval "grep LIBNET_VERSION $LIBNET_INC_DIR/libnet-1.0.h | grep -v 1.0.2a >/dev/null"; then
+ AC_MSG_RESULT(no)
+ echo
+ echo " ERROR! Snort with --enable-react will *only* work with"
+ echo " libnet version 1.0.2a, go get it from"
+ echo " http://www.packetfactory.net/projects/libnet/"
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $LIBNET_INC_DIR)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $LIBNET_INC_DIR)
+ fi
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+- FAIL_MESSAGE("libnet 1.0.2a (libnet.h)", $libnet_dir)
++ FAIL_MESSAGE("libnet 1.0.2a (libnet-1.0.h)", $libnet_dir)
+ fi
+
+ LNET=""
+- AC_CHECK_LIB(net, libnet_build_ip,, LNET="no")
++ AC_CHECK_LIB(net-1.0, libnet_build_ip,, LNET="no")
+ if test "x$LNET" = "xno"; then
+ echo
+ echo " ERROR! Libnet library not found, go get it from"
+diff -ru snort-2.8.3.1/src/detection-plugins/sp_react.c snort-2.8.3.1_gentoo/src/detection-plugins/sp_react.c
+--- snort-2.8.3.1/src/detection-plugins/sp_react.c 2008-07-11 16:56:00.000000000 -0400
++++ snort-2.8.3.1_gentoo/src/detection-plugins/sp_react.c 2008-11-03 16:39:16.000000000 -0500
+@@ -59,7 +59,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+-#include <libnet.h>
++#include <libnet-1.0.h>
+
+ #include "rules.h"
+ #include "decode.h"
+diff -ru snort-2.8.3.1/src/detection-plugins/sp_respond.c snort-2.8.3.1_gentoo/src/detection-plugins/sp_respond.c
+--- snort-2.8.3.1/src/detection-plugins/sp_respond.c 2008-07-11 16:56:00.000000000 -0400
++++ snort-2.8.3.1_gentoo/src/detection-plugins/sp_respond.c 2008-11-03 16:38:50.000000000 -0500
+@@ -36,7 +36,7 @@
+
+
+ #if defined(ENABLE_RESPONSE) && !defined(ENABLE_RESPONSE2)
+-#include <libnet.h>
++#include <libnet-1.0.h>
+
+ #include "decode.h"
+ #include "rules.h"
+diff -ru snort-2.8.3.1/src/inline.c snort-2.8.3.1_gentoo/src/inline.c
+--- snort-2.8.3.1/src/inline.c 2008-02-25 16:34:56.000000000 -0500
++++ snort-2.8.3.1_gentoo/src/inline.c 2008-11-03 16:39:44.000000000 -0500
+@@ -20,7 +20,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <pcap.h>
+-#include <libnet.h>
++#include <libnet-1.0.h>
+
+ #include "decode.h"
+ #include "inline.h"
diff --git a/net-analyzer/snort/snort-2.8.3.1.ebuild b/net-analyzer/snort/snort-2.8.3.1.ebuild
new file mode 100644
index 000000000000..16ac79b3903d
--- /dev/null
+++ b/net-analyzer/snort/snort-2.8.3.1.ebuild
@@ -0,0 +1,301 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.8.3.1.ebuild,v 1.1 2008/11/23 15:29:38 vanquirius Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+AT_M4DIR=m4
+
+inherit eutils autotools
+
+DESCRIPTION="The de facto standard for intrusion detection/prevention"
+HOMEPAGE="http://www.snort.org/"
+SRC_URI="http://www.snort.org/dl/${P}.tar.gz
+ community-rules? ( http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-CURRENT.tar.gz )"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86"
+IUSE="static debug pthreads prelude stream4udp memory-cleanup decoder-preprocessor-rules ipv6 targetbased dynamicplugin timestats ruleperf ppm perfprofiling linux-smp-stats inline inline-init-failopen flexresp flexresp2 react aruba gre mpls pic postgres mysql odbc selinux community-rules"
+
+#flexresp, react, and inline _ONLY_ work with net-libs/libnet-1.0.2a
+DEPEND="virtual/libc
+ virtual/libpcap
+ >=sys-devel/libtool-1.4
+ >=dev-libs/libpcre-6.0
+ flexresp2? ( dev-libs/libdnet )
+ flexresp? ( ~net-libs/libnet-1.0.2a )
+ react? ( ~net-libs/libnet-1.0.2a )
+ postgres? ( || ( dev-db/postgresql dev-db/libpq ) )
+ mysql? ( virtual/mysql )
+ odbc? ( dev-db/unixODBC )
+ prelude? ( >=dev-libs/libprelude-0.9.0 )
+ inline? ( ~net-libs/libnet-1.0.2a
+ net-firewall/iptables )"
+
+RDEPEND="${DEPEND}
+ dev-lang/perl
+ selinux? ( sec-policy/selinux-snort )"
+
+pkg_setup() {
+ enewgroup snort
+ enewuser snort -1 -1 /dev/null snort
+
+ if use flexresp && use flexresp2 ; then
+ ewarn
+ ewarn
+ ewarn "You have both the 'flexresp' and 'flexresp2' USE"
+ ewarn "flags set. You can use 'flexresp' OR 'flexresp2'"
+ ewarn "but not both."
+ ewarn
+ ewarn "Defaulting to flexresp2..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+ if use memory-cleanup && ! use dynamicplugin; then
+ ewarn
+ ewarn
+ ewarn "You have enabled 'memory-cleanup' but not 'dynamicplugin'."
+ ewarn "'memory-cleanup' requires 'dynamicplugin' to compile."
+ ewarn
+ ewarn "Enabling dynamicplugin..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+ if use ruleperf && ! use dynamicplugin; then
+ ewarn
+ ewarn
+ ewarn "You have enabled 'ruleperf' but not 'dynamicplugin'."
+ ewarn "'ruleperf' requires 'dynamicplugin' to compile."
+ ewarn
+ ewarn "Enabling dynamicplugin..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+ if use inline-init-failopen && ! use inline; then
+ ewarn
+ ewarn
+ ewarn "You have enabled 'inline-init-failopen' but not 'inline'."
+ ewarn "'inline-init-failopen' is an 'inline' only function."
+ ewarn
+ ewarn "Enabling inline mode..."
+ ewarn
+ ewarn
+ epause
+ fi
+
+}
+
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ #Dont monkey with the original source if you don't need to.
+ if use flexresp || use react || use inline; then
+ epatch "${FILESDIR}/${PN}-2.8.3.1-libnet.patch"
+ fi
+
+ if use prelude ; then
+ sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in
+ fi
+
+ einfo "Regenerating autoconf/automake files"
+ eautoreconf
+}
+
+src_compile() {
+
+ local myconf
+
+ #Both shared and static are enable by defaut so we need to be specific
+ if use static; then
+ myconf="${myconf} --enable-static --disable-shared"
+ else
+ myconf="${myconf} --disable-static --enable-shared"
+ fi
+
+ #Added in ebuild version snort-2.8.3.1. Should be rechecked in updated versions.
+ #Use 'die' because ./configure will die any ways with the same error message...
+ if use ipv6 && use targetbased; then
+ die "Support for target-based and IPv6 cannot be enabled simultaneously in this version."
+ fi
+
+ #Sourcefire is often not clear about what is and is not enabled by default
+ #To avoid undesired results we should be very specific
+ if use flexresp && ! use flexresp2; then
+ myconf="${myconf} --enable-flexresp --disable-flexresp2"
+ elif use flexresp2 && ! use flexresp; then
+ myconf="${myconf} --disable-flexresp --enable-flexresp2"
+ elif use flexresp && use flexresp2; then
+ myconf="${myconf} --disable-flexresp --enable-flexresp2"
+ fi
+
+ # USE flages memory-cleanup and ruleperf require dynamicplugin
+ #Only 'dynamicplugin' is set here. 'ruleperf' and 'memory-cleanup' are set below via econf.
+ if use memory-cleanup || use ruleperf || use dynamicplugin; then
+ myconf="${myconf} --enable-dynamicplugin"
+ else
+ myconf="${myconf} --disable-dynamicplugin"
+ fi
+
+ # USE flages 'targetbased' and 'inline-init-failopen' require pthreads
+ #Only 'pthreads' is set here. 'targetbased' and 'inline-init-failopen' are set below via econf.
+ if use targetbased || use inline-init-failopen || use pthreads; then
+ myconf="${myconf} --enable-pthread"
+ else
+ myconf="${myconf} --disable-pthread"
+ fi
+
+ #Only needed if...
+ if use flexresp || use react || use inline; then
+ myconf="${myconf} --with-libipq-includes=/usr/include/libipq"
+ fi
+
+ #'inline-init-failopen' requires 'inline'
+ if use inline-init-failopen || use inline; then
+ myconf="${myconf} --enable-inline"
+ else
+ myconf="${myconf} --disable-inline"
+ fi
+
+
+#The --enable-<feature> options... 'static' 'dynamicplugin' 'pthreads' 'flexresp' 'flexresp2' 'inline'
+# are configured above due to dependancy/conflict issues.
+#All others are handled the standard ebuild way via econf
+
+ econf \
+ --without-oracle \
+ $(use_with postgres postgresql) \
+ $(use_with mysql) \
+ $(use_with odbc) \
+ $(use_with pic) \
+ --disable-ipfw \
+ --disable-profile \
+ --disable-ppm-test \
+ $(use_enable debug) \
+ $(use_enable prelude) \
+ $(use_enable stream4udp) \
+ $(use_enable memory-cleanup) \
+ $(use_enable decoder-preprocessor-rules) \
+ $(use_enable ipv6) \
+ $(use_enable targetbased) \
+ $(use_enable timestats) \
+ $(use_enable ruleperf) \
+ $(use_enable ppm) \
+ $(use_enable perfprofiling) \
+ $(use_enable linux-smp-stats) \
+ $(use_enable inline-init-failopen) \
+ $(use_enable react) \
+ $(use_enable aruba) \
+ $(use_enable gre) \
+ $(use_enable mpls) \
+ ${myconf} || die "econf failed"
+
+ # limit to single as reported by jforman on irc
+ emake -j1 || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "make install failed"
+
+ keepdir /var/log/snort/
+
+ dodoc doc/*
+ dodoc ./RELEASE.NOTES
+ docinto schemas ; dodoc schemas/*
+
+ insinto /etc/snort
+ doins etc/reference.config \
+ etc/classification.config \
+ etc/*.map \
+ etc/threshold.conf \
+ etc/attribute_table.dtd \
+ etc/unicode.map
+
+ # Make some changes to snort.conf depending on the users feature selection
+ if use memory-cleanup || use ruleperf || use dynamicplugin; then
+ sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" \
+ etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib
+ else
+ sed -e "s:^dynamic:# dynamic:g" \
+ etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib
+ fi
+
+ sed -i -e "s:RULE_PATH ../rules:RULE_PATH /etc/snort/rules:g" \
+ "${D}"/etc/snort/snort.conf.distrib
+
+ sed -i -e "s:PREPROC_RULE_PATH ../preproc_rules:PREPROC_RULE_PATH /etc/snort/preproc_rules:g" \
+ "${D}"/etc/snort/snort.conf.distrib
+
+ sed -i -e "s:^include $RULE_PATH:#include $RULE_PATH:g" \
+ "${D}"/etc/snort/snort.conf.distrib
+
+ newinitd "${FILESDIR}/snort.rc8" snort
+ newconfd "${FILESDIR}/snort.confd" snort
+
+ fowners snort:snort /var/log/snort
+ fperms 0770 /var/log/snort
+
+ # Install Community rules if enabled
+ if use community-rules; then
+ insinto /etc/snort/rules
+ doins -r "${WORKDIR}"/rules/*
+ fi
+
+ # Install preproc_rules if enabled
+ if use decoder-preprocessor-rules; then
+ insinto /etc/snort/preproc_rules
+ doins -r "${WORKDIR}"/${P}/preproc_rules/*.rules
+ fi
+}
+
+pkg_postinst() {
+ elog
+ elog "If you find that snort is using too much memory, your system"
+ elog "freezes, or snort crashes after a few minutes try adding the"
+ elog "following to your snort.conf..."
+ elog
+ elog "'config detection: search-method ac-sparsebands'"
+ elog
+ elog "To use a database backend with snort you will have to create"
+ elog "a database, a database user, and import the snort schema."
+ elog "The schema files are located in..."
+ elog
+ elog "/usr/share/doc/${PF}/schemas/"
+ elog
+ elog "Instructions for seting up your database, user, and schema imports"
+ elog "can be found in the README.database file located in..."
+ elog
+ elog "/usr/share/doc/${PF}"
+ elog
+ elog "Users using the unified output plugin and barnyard do not need to"
+ elog "compile database support into snort, but still need to set up their"
+ elog "database as documented in README.database."
+ elog
+ if use community-rules; then
+ elog
+ elog "The COMMUNITY ruleset has been installed."
+ elog
+ else
+ elog
+ elog "The COMMUNITY ruleset has NOT been installed."
+ elog
+ fi
+ elog "To learn how to manage updates to your rulesets please visit..."
+ elog
+ elog "http://oinkmaster.sourceforge.net/"
+ elog
+ elog "and then 'emerge oinkmaster'. Once oinkmaster is configured,"
+ elog "you may want to disable the 'community-rules' USE flag."
+ elog
+ elog "It is HIGHLY recomended that you also download Sourcefire's VRT"
+ elog "ruleset also. For more information on obtaining the VRT ruleset,"
+ elog "please visit... http://www.snort.org/vrt/"
+ elog
+}