public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Slawek Lis" <slis@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
Date: Tue, 23 Jan 2018 09:15:41 +0000 (UTC)	[thread overview]
Message-ID: <1516698919.78745195e87a1b2b6698d6600d74da6932ebcadd.slis@gentoo> (raw)

commit:     78745195e87a1b2b6698d6600d74da6932ebcadd
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 23 09:15:07 2018 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Tue Jan 23 09:15:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78745195

net-analyzer/suricata: version bump to 4.0.3

This should fix security problems reported in https://bugs.gentoo.org/635662

Package-Manager: Portage-2.3.20, Repoman-2.3.6

 net-analyzer/suricata/Manifest              |   1 +
 net-analyzer/suricata/suricata-4.0.3.ebuild | 163 ++++++++++++++++++++++++++++
 2 files changed, 164 insertions(+)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index dee7b9c1e63..3115c23a894 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -3,3 +3,4 @@ DIST suricata-3.0.1.tar.gz 3315637 BLAKE2B f92e8f4b9708b265eda2476dbedaaa3a5c417
 DIST suricata-3.1.3.tar.gz 3340627 BLAKE2B 6dff61a876591485fc32053912abfe8ec2ac23ff40ed63e4140d3c494adbf83b7310afae67f0b2c552f45c6ec9ed02db94635b3d90e4ac74e3da8de3a611f65b SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb
 DIST suricata-3.2.1.tar.gz 11754332 BLAKE2B 1f72f9460c363aa86933a7105f0267d89e5b7e11db8668d30f2e84a545856cc53e4edc403f434533271697fc73d45fbd9ea2ce2cc4f07c245ba0724e3d0cae60 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290
 DIST suricata-3.2.tar.gz 11732080 BLAKE2B e5315edc7fb42792f165ebc6b43b3bef8ca8151857305adb6ac1cd2bbf93f5f679ac9762ac48836bf94dfdfc820e4dc7fdcaa73a2b609e3128524f39cd24c741 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e
+DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b689dddd3b53892

diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild
new file mode 100644
index 00000000000..604eae665be
--- /dev/null
+++ b/net-analyzer/suricata/suricata-4.0.3.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
+
+REQUIRED_USE="lua? ( !luajit )"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.20
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+	redis?      ( dev-libs/hiredis )
+	logrotate?      ( app-admin/logrotate )
+	sys-libs/libcap-ng
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	if use redis ; then
+		myeconfargs+=( $(use_enable redis hiredis) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	# avoid upstream configure script trying to add -march=native to CFLAGS
+	myeconfargs+=( --enable-gccmarch-native=no )
+
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+		# so we can get a backtrace according to "reporting bugs" on upstream web site
+		CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+	else
+		econf LIBS="${LIBS}" ${myeconfargs[@]}
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+	newinitd "${FILESDIR}/${P}-init" ${PN}
+	newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+	if use logrotate; then
+		insopts -m0644
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}"/${PN}-logrotate ${PN}
+	fi
+}
+
+pkg_postinst() {
+	elog "The ${PN} init script expects to find the path to the configuration"
+	elog "file as well as extra options in /etc/conf.d."
+	elog ""
+	elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+	elog "then create a symlink to the init script from a link called"
+	elog "${PN}.foo - like so"
+	elog "   cd /etc/${PN}"
+	elog "   ${EDITOR##*/} suricata-foo.yaml"
+	elog "   cd /etc/init.d"
+	elog "   ln -s ${PN} ${PN}.foo"
+	elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+	elog ""
+	elog "You can create as many ${PN}.foo* services as you wish."
+
+	if use logrotate; then
+		elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
+	fi
+
+	if use debug; then
+		elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+		elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+		elog "You need to also ensure the FEATURES variable in make.conf contains the"
+		elog "'nostrip' option to produce useful core dumps or back traces."
+	fi
+}


             reply	other threads:[~2018-01-23  9:15 UTC|newest]

Thread overview: 81+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-23  9:15 Slawek Lis [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-11-09 13:54 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/ Sam James
2024-04-07  1:06 Marek Szuba
2024-01-23  5:07 Ionen Wolkens
2023-11-29 21:16 Petr Vaněk
2023-10-25 22:04 Marek Szuba
2023-10-25 22:04 Marek Szuba
2023-08-16 17:08 Marek Szuba
2023-08-16 17:08 Marek Szuba
2023-06-27 21:56 Marek Szuba
2023-05-11 12:03 Marek Szuba
2023-04-16 20:03 Marek Szuba
2023-03-22 23:43 Marek Szuba
2023-03-01 23:12 Marek Szuba
2023-02-01 10:51 Marek Szuba
2023-02-01 10:51 Marek Szuba
2022-12-02 10:00 Marek Szuba
2022-11-10  0:42 Marek Szuba
2022-11-01 13:10 Marek Szuba
2022-11-01  0:36 Marek Szuba
2022-10-04  0:53 Marek Szuba
2022-09-01 12:27 Marek Szuba
2022-08-24 15:36 Marek Szuba
2022-08-24 15:36 Marek Szuba
2022-07-27 23:54 Marek Szuba
2022-07-13 15:55 Marek Szuba
2022-07-13 15:55 Marek Szuba
2022-04-25 22:57 Marek Szuba
2022-04-25 22:57 Marek Szuba
2022-03-23  1:24 Sam James
2021-11-19 14:59 Marek Szuba
2021-11-19 14:59 Marek Szuba
2021-09-25 19:08 Sam James
2021-09-03 12:15 Marek Szuba
2021-09-03 12:15 Marek Szuba
2021-08-23 21:29 Marek Szuba
2021-07-25 20:58 Marek Szuba
2021-07-01  9:47 Marek Szuba
2021-07-01  9:47 Marek Szuba
2021-06-21 16:03 Marek Szuba
2021-06-21 14:54 Marek Szuba
2021-06-21 14:54 Marek Szuba
2021-05-17 16:15 Marek Szuba
2021-04-03 19:53 Sam James
2021-03-04 14:47 Marek Szuba
2021-03-04 14:47 Marek Szuba
2021-01-25 17:38 Marek Szuba
2021-01-25 17:38 Marek Szuba
2020-12-06 22:02 Marek Szuba
2020-12-03 12:54 Marek Szuba
2020-10-14 14:44 Marek Szuba
2020-10-09 11:41 Marek Szuba
2020-07-17 20:10 Marek Szuba
2020-05-22 21:02 Marek Szuba
2020-04-23 21:11 Marek Szuba
2020-04-23 21:11 Marek Szuba
2020-03-04  9:46 Marek Szuba
2020-02-05 15:30 Marek Szuba
2019-12-20 10:18 Marek Szuba
2019-12-19 15:18 Marek Szuba
2019-12-16 16:05 Marek Szuba
2019-09-08 19:25 Slawek Lis
2018-06-11 14:04 Marek Szuba
2018-06-03 13:49 Aaron Bauman
2018-05-11  7:43 Slawek Lis
2018-03-26 19:33 Michał Górny
2018-01-24  7:00 Slawek Lis
2017-07-24  8:30 Slawek Lis
2017-01-07 10:25 Slawek Lis
2016-12-28 13:25 Slawek Lis
2016-12-15  6:19 Slawek Lis
2016-11-29 12:05 Slawek Lis
2016-10-10 19:08 Slawek Lis
2016-06-30 19:03 Slawek Lis
2016-06-29  6:44 Slawek Lis
2016-04-26  6:18 Slawek Lis
2016-02-19 20:19 Slawek Lis
2016-02-19  5:59 Slawek Lis
2016-02-19  5:32 Slawek Lis
2015-12-28  5:53 Slawek Lis
2015-12-28  5:49 Slawek Lis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1516698919.78745195e87a1b2b6698d6600d74da6932ebcadd.slis@gentoo \
    --to=slis@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox