Please find attached snort-2.6.0.2.ebuild and snort-2.6.0-genpatches.tar.bz2 which contains a new 2.6.0-libnet-1.0.patch. This ebuild will update snort to the current stable version of 2.6.0.2. The 2.6.0-libnet-1.0.patch file will fix the inline and flexresp problems from http://bugs.gentoo.org/show_bug.cgi?id=143998 Known Issues: 1. snortsam is broken. I tried all versions currently in portage but all of them cause snort-2.6.0.2 to fail to compile. I think this is snortsam issue. I'll work on this some more later if I get time. 2. sguil does not work with snort-2.6.0.2. I believe this problem is related to sguil not keeping pace with snort-2.6.x based on this post to the sguil list... "Both of those patches are optional. The stream4 one has been depreciated for sancp. You can use the sfportscan processor in snort 2.6 for now. I'll put a new spp_portscan patch out for the next Sguil release." -- Bammkkkk http://article.gmane.org/gmane.comp.security.sguil.general/942 I added a note for people enabling sguil that they should use snort-2.4.5 until sguil catches up. I left the sguil USE flag and only commented out the sguil stuff. Should make it easer to update this ebuild when sguil catches up. --Wallace
Created attachment 101949 [details] snort-2.6.0.2.ebuild
Created attachment 101950 [details] snort-2.6.0-genpatches.tar.bz2
Created attachment 101951 [details, diff] 2.6.0-libnet-1.0.patch This is the file contained in snort-2.6.0-genpatches.tar.bz2 for anyone that wants to look at it.
Created attachment 102129 [details] snort-2.6.0.2.ebuild Please find attached a new snort-2.6.0.2.ebuild. Changes: 1. I have fixed the snortsam problem. There was a missing , in their snortpatch9 file when patching snort's plugin_enum.h file. Should work for any current versions of snortsam now. I sent a patch to the snortsam folks and I have added some logic to the ebuild to check for the problem and correct it if it is present. 2. Added the following USE flags... flexresp2 react use.local.desc should be updated with the following... net-analyzer/snort:flexresp2 - NEW Flexible Responses on hostile connection attempts (if you don't know what this is don't use it) net-analyzer/snort:react - Intercept and terminate offending HTTP accesses (if you don't know what this is don't use it) Also the net-analyzer/snort:flexresp entry should be changed to say.. net-analyzer/snort:flexresp - Flexible Responses on hostile connection attempts (if you don't know what this is don't use it) 3. Added checks to insure that both the 'flexresp' and 'flexresp2' USE flags are not enabled. If both are enabled it shows a warning and defaults to flexresp2. 4. Changed the check for inline mode to use --with-libipq-includes=/usr/include/libipq at ./configure time instaead of using append-flags. ./configure is the right way to do this. 5. Cleaned up the src_compile() section. There were use_with's where there should have been use_enable's The only thing I've not tested is selinux and prelude. I don't use either of these. --Wallace
Created attachment 102138 [details] snort-2.6.0.2.ebuild Started looking at the other snort bugs and found Bug 150796. The reporter is correct there is no ssl/openssl usage in snort as of 2003-03-27, so I have removed the ssl USE flag. --Wallace
Version 2.6.1.1 in cvs
