From: "Slawek Lis" <slis@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
Date: Tue, 23 Jan 2018 09:15:41 +0000 (UTC) [thread overview]
Message-ID: <1516698919.78745195e87a1b2b6698d6600d74da6932ebcadd.slis@gentoo> (raw)
commit: 78745195e87a1b2b6698d6600d74da6932ebcadd
Author: Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 23 09:15:07 2018 +0000
Commit: Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Tue Jan 23 09:15:19 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78745195
net-analyzer/suricata: version bump to 4.0.3
This should fix security problems reported in https://bugs.gentoo.org/635662
Package-Manager: Portage-2.3.20, Repoman-2.3.6
net-analyzer/suricata/Manifest | 1 +
net-analyzer/suricata/suricata-4.0.3.ebuild | 163 ++++++++++++++++++++++++++++
2 files changed, 164 insertions(+)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index dee7b9c1e63..3115c23a894 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -3,3 +3,4 @@ DIST suricata-3.0.1.tar.gz 3315637 BLAKE2B f92e8f4b9708b265eda2476dbedaaa3a5c417
DIST suricata-3.1.3.tar.gz 3340627 BLAKE2B 6dff61a876591485fc32053912abfe8ec2ac23ff40ed63e4140d3c494adbf83b7310afae67f0b2c552f45c6ec9ed02db94635b3d90e4ac74e3da8de3a611f65b SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb
DIST suricata-3.2.1.tar.gz 11754332 BLAKE2B 1f72f9460c363aa86933a7105f0267d89e5b7e11db8668d30f2e84a545856cc53e4edc403f434533271697fc73d45fbd9ea2ce2cc4f07c245ba0724e3d0cae60 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290
DIST suricata-3.2.tar.gz 11732080 BLAKE2B e5315edc7fb42792f165ebc6b43b3bef8ca8151857305adb6ac1cd2bbf93f5f679ac9762ac48836bf94dfdfc820e4dc7fdcaa73a2b609e3128524f39cd24c741 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e
+DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b689dddd3b53892
diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild
new file mode 100644
index 00000000000..604eae665be
--- /dev/null
+++ b/net-analyzer/suricata/suricata-4.0.3.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
+
+REQUIRED_USE="lua? ( !luajit )"
+
+DEPEND="
+ >=dev-libs/jansson-2.2
+ dev-libs/libpcre
+ dev-libs/libyaml
+ net-libs/libnet:*
+ net-libs/libnfnetlink
+ dev-libs/nspr
+ dev-libs/nss
+ >=net-libs/libhtp-0.5.20
+ net-libs/libpcap
+ sys-apps/file
+ cuda? ( dev-util/nvidia-cuda-toolkit )
+ geoip? ( dev-libs/geoip )
+ lua? ( dev-lang/lua:* )
+ luajit? ( dev-lang/luajit:* )
+ nflog? ( net-libs/libnetfilter_log )
+ nfqueue? ( net-libs/libnetfilter_queue )
+ redis? ( dev-libs/hiredis )
+ logrotate? ( app-admin/logrotate )
+ sys-libs/libcap-ng
+"
+# #446814
+# prelude? ( dev-libs/libprelude )
+# pfring? ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ "--localstatedir=/var/" \
+ "--enable-non-bundled-htp" \
+ $(use_enable af-packet) \
+ $(use_enable detection) \
+ $(use_enable nfqueue) \
+ $(use_enable test coccinelle) \
+ $(use_enable test unittests) \
+ $(use_enable control-socket unix-socket)
+ )
+
+ if use cuda ; then
+ myeconfargs+=( $(use_enable cuda) )
+ fi
+ if use geoip ; then
+ myeconfargs+=( $(use_enable geoip) )
+ fi
+ if use hardened ; then
+ myeconfargs+=( $(use_enable hardened gccprotect) )
+ fi
+ if use nflog ; then
+ myeconfargs+=( $(use_enable nflog) )
+ fi
+ if use redis ; then
+ myeconfargs+=( $(use_enable redis hiredis) )
+ fi
+ # not supported yet (no pfring in portage)
+# if use pfring ; then
+# myeconfargs+=( $(use_enable pfring) )
+# fi
+ # no libprelude in portage
+# if use prelude ; then
+# myeconfargs+=( $(use_enable prelude) )
+# fi
+ if use lua ; then
+ myeconfargs+=( $(use_enable lua) )
+ fi
+ if use luajit ; then
+ myeconfargs+=( $(use_enable luajit) )
+ fi
+
+# this should be used when pf_ring use flag support will be added
+# LIBS+="-lrt -lnuma"
+
+ # avoid upstream configure script trying to add -march=native to CFLAGS
+ myeconfargs+=( --enable-gccmarch-native=no )
+
+ if use debug ; then
+ myeconfargs+=( $(use_enable debug) )
+ # so we can get a backtrace according to "reporting bugs" on upstream web site
+ CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+ else
+ econf LIBS="${LIBS}" ${myeconfargs[@]}
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ insinto "/etc/${PN}"
+ doins {classification,reference,threshold}.config suricata.yaml
+
+ if use rules ; then
+ insinto "/etc/${PN}/rules"
+ doins rules/*.rules
+ fi
+
+ dodir "/var/lib/${PN}"
+ dodir "/var/log/${PN}"
+
+ fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+ newinitd "${FILESDIR}/${P}-init" ${PN}
+ newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+ if use logrotate; then
+ insopts -m0644
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}-logrotate ${PN}
+ fi
+}
+
+pkg_postinst() {
+ elog "The ${PN} init script expects to find the path to the configuration"
+ elog "file as well as extra options in /etc/conf.d."
+ elog ""
+ elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+ elog "then create a symlink to the init script from a link called"
+ elog "${PN}.foo - like so"
+ elog " cd /etc/${PN}"
+ elog " ${EDITOR##*/} suricata-foo.yaml"
+ elog " cd /etc/init.d"
+ elog " ln -s ${PN} ${PN}.foo"
+ elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+ elog ""
+ elog "You can create as many ${PN}.foo* services as you wish."
+
+ if use logrotate; then
+ elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
+ fi
+
+ if use debug; then
+ elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+ elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+ elog "You need to also ensure the FEATURES variable in make.conf contains the"
+ elog "'nostrip' option to produce useful core dumps or back traces."
+ fi
+}
next reply other threads:[~2018-01-23 9:15 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-23 9:15 Slawek Lis [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-09 13:54 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/ Sam James
2024-04-07 1:06 Marek Szuba
2024-01-23 5:07 Ionen Wolkens
2023-11-29 21:16 Petr Vaněk
2023-10-25 22:04 Marek Szuba
2023-10-25 22:04 Marek Szuba
2023-08-16 17:08 Marek Szuba
2023-08-16 17:08 Marek Szuba
2023-06-27 21:56 Marek Szuba
2023-05-11 12:03 Marek Szuba
2023-04-16 20:03 Marek Szuba
2023-03-22 23:43 Marek Szuba
2023-03-01 23:12 Marek Szuba
2023-02-01 10:51 Marek Szuba
2023-02-01 10:51 Marek Szuba
2022-12-02 10:00 Marek Szuba
2022-11-10 0:42 Marek Szuba
2022-11-01 13:10 Marek Szuba
2022-11-01 0:36 Marek Szuba
2022-10-04 0:53 Marek Szuba
2022-09-01 12:27 Marek Szuba
2022-08-24 15:36 Marek Szuba
2022-08-24 15:36 Marek Szuba
2022-07-27 23:54 Marek Szuba
2022-07-13 15:55 Marek Szuba
2022-07-13 15:55 Marek Szuba
2022-04-25 22:57 Marek Szuba
2022-04-25 22:57 Marek Szuba
2022-03-23 1:24 Sam James
2021-11-19 14:59 Marek Szuba
2021-11-19 14:59 Marek Szuba
2021-09-25 19:08 Sam James
2021-09-03 12:15 Marek Szuba
2021-09-03 12:15 Marek Szuba
2021-08-23 21:29 Marek Szuba
2021-07-25 20:58 Marek Szuba
2021-07-01 9:47 Marek Szuba
2021-07-01 9:47 Marek Szuba
2021-06-21 16:03 Marek Szuba
2021-06-21 14:54 Marek Szuba
2021-06-21 14:54 Marek Szuba
2021-05-17 16:15 Marek Szuba
2021-04-03 19:53 Sam James
2021-03-04 14:47 Marek Szuba
2021-03-04 14:47 Marek Szuba
2021-01-25 17:38 Marek Szuba
2021-01-25 17:38 Marek Szuba
2020-12-06 22:02 Marek Szuba
2020-12-03 12:54 Marek Szuba
2020-10-14 14:44 Marek Szuba
2020-10-09 11:41 Marek Szuba
2020-07-17 20:10 Marek Szuba
2020-05-22 21:02 Marek Szuba
2020-04-23 21:11 Marek Szuba
2020-04-23 21:11 Marek Szuba
2020-03-04 9:46 Marek Szuba
2020-02-05 15:30 Marek Szuba
2019-12-20 10:18 Marek Szuba
2019-12-19 15:18 Marek Szuba
2019-12-16 16:05 Marek Szuba
2019-09-08 19:25 Slawek Lis
2018-06-11 14:04 Marek Szuba
2018-06-03 13:49 Aaron Bauman
2018-05-11 7:43 Slawek Lis
2018-03-26 19:33 Michał Górny
2018-01-24 7:00 Slawek Lis
2017-07-24 8:30 Slawek Lis
2017-01-07 10:25 Slawek Lis
2016-12-28 13:25 Slawek Lis
2016-12-15 6:19 Slawek Lis
2016-11-29 12:05 Slawek Lis
2016-10-10 19:08 Slawek Lis
2016-06-30 19:03 Slawek Lis
2016-06-29 6:44 Slawek Lis
2016-04-26 6:18 Slawek Lis
2016-02-19 20:19 Slawek Lis
2016-02-19 5:59 Slawek Lis
2016-02-19 5:32 Slawek Lis
2015-12-28 5:53 Slawek Lis
2015-12-28 5:49 Slawek Lis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516698919.78745195e87a1b2b6698d6600d74da6932ebcadd.slis@gentoo \
--to=slis@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox