Summary: | New Ebuild for net-analyzer/snort-2.8.4 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jason Wallace <jason.r.wallace> |
Component: | New packages | Assignee: | Patrick Lauer <patrick> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | axiator, bschnzl |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
snort-2.8.4.ebuild
pcap_memory.patch snort-2.8.4-libnet.patch spo_database_fix.patch snort.confd snort.rc9 Manifest metadata.xml snort-2.8.4-r1.ebuild metadata.xml Manifest |
Description
Jason Wallace
2009-04-15 17:48:03 UTC
Created attachment 188462 [details]
snort-2.8.4.ebuild
snort-2.8.4.ebuild
Created attachment 188464 [details, diff]
pcap_memory.patch
Patch to print the environment variable PCAP_MEMORY when snort starts. Patch has been submitted upstream.
Created attachment 188465 [details, diff]
snort-2.8.4-libnet.patch
Updated libnet patch for new source tarball
Created attachment 188467 [details, diff]
spo_database_fix.patch
Patch to fix bug in database output plugin. This was found after the stable tarball was released. The fix will be included in the next release of snort.
Created attachment 188469 [details]
snort.confd
Added PIDPATH to resolve #217937
Created attachment 188471 [details]
snort.rc9
Updated start() and stop() to work with new confd file to resolve #217937
Added sleep 15 to stop() to give snort time to fully shutdown
Created attachment 188473 [details]
Manifest
New Manifest for USE flag updates
Created attachment 188474 [details]
metadata.xml
metadata.xml
Comment on attachment 188474 [details]
metadata.xml
New Manifest for USE flag updates
Comment on attachment 188473 [details]
Manifest
Manafest is obviously not for USE flag updates. Sorry
Using this on a hardened AMD64 box (Stable) and it compiles and runs fine! x86 [stable] box running!
>>> Verifying ebuild manifests
!!! Digest verification failed:
!!! /usr/local/portage/net-analyzer/snort/metadata.xml
!!! Reason: Filesize does not match recorded size
!!! Got: 1529
!!! Expected: 1504
~ # repoman manifest
diff -au ...
--- ./Manifest 2009-04-15 14:31:13.000000000 -0400
+++ /usr/local/portage/net-analyzer/snort/Manifest 2009-04-16 19:15:28.000000000 -0400
@@ -5,5 +5,4 @@
AUX spo_database_fix.patch 597 RMD160 fdde2eeede5ea32b79fbf16c49419874e37f5a37 SHA1 ab3210b047a253de8a2b83b33a627356ac88281c SHA256 1f76a2aed7839bb49e8ec4652ad41999c54fcba2788b971264e69b7d89bb7acf
DIST snort-2.8.4.tar.gz 4603710 RMD160 3fae1b0a472a5ae73eea323f312364bc9d7e1e2a SHA1 2e400f34728613f0e285f28dc38a0ae38733ea22 SHA256 ccf182121277730b3c5dab2ddcac15d78e00a092c7741546fc2ed9d54bd3836c
EBUILD snort-2.8.4.ebuild 12031 RMD160 1f7544e368e1e3223ecfe8915d348f88dc5f7769 SHA1 c250b663530aa0308a51e4d51fb21b58e8d86ee1 SHA256 2f6f2dc4a38013db21335acda1e9920dea9d7035327bcce5c3c226fb19360064
-MISC ChangeLog 26248 RMD160 69c432abdd79799015fc3917df0ba6ee0db60622 SHA1 c591da9993f0a169358b0a64aa78bf3f2eaf96bd SHA256 69ae3c48f9d93eedc70b9b5738c06c31dcece5b7d17b6dced11b4e86edcb10da
-MISC metadata.xml 1504 RMD160 63907b3cbbfe44580cc6c67d8b80e986502e9fb9 SHA1 29fcbd71ae2eca2054d0a3b51bafcf3d03eec2e9 SHA256 dfd82fef805f1812192fea301ec92c4827c9b41302710edd8ad72ef46b6ea4f9
+MISC metadata.xml 1529 RMD160 d6f2c761d4a25ffffabef5ae29f9685c0da3105a SHA1 ba46d78bc2fcd16a31b81461b2827296c2aad8cf SHA256 02ca962eb94ecf9e15f09a5b653b92349e7158acb091dbfd9b3906b500670542
Loaded VRT Rules
Listening and logging directly to mysql over the network. BarnYard in RnD.
Let's see if we can get this into the tree soon :) Looks quite good so far. I did remove the pic useflag because it caused build failures for me and seems to be the wrong way of doing things. Trying with more useflags enabled: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/portscan -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I../../src/target-based -DENABLE_RESPONSE2 -I/usr/include -fno-strict-aliasing -O2 -pipe -Wall -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DSUP_IP6 -DDYNAMIC_PLUGIN -DPPM_MGR -DPERF_PROFILING -DLINUX_SMP -DARUBA -DMPLS -fno-strict-aliasing -c spo_alert_prelude.c spo_alert_prelude.c: In function 'packet_to_data': spo_alert_prelude.c:415: error: incompatible type for argument 1 of 'sfip_to_str' spo_alert_prelude.c: In function 'AlertPreludeSetup': spo_alert_prelude.c:801: warning: passing argument 3 of 'RegisterOutputPlugin' from incompatible pointer type make[3]: *** [spo_alert_prelude.o] Error 1 make[3]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4/work/snort-2.8.4/src/output-plugins' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4/work/snort-2.8.4/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.8.4/work/snort-2.8.4' make: *** [all] Error 2 * * ERROR: net-analyzer/snort-2.8.4 failed. [ebuild R ] net-analyzer/snort-2.8.4 USE="aruba* decoder-preprocessor-rules* dynamicplugin* flexresp2* ipv6 linux-smp-stats* mpls* perfprofiling* ppm* prelude* -debug -flexresp -gre -inline -inline-init-failopen -memory-cleanup -mysql -odbc -postgres -react (-selinux) -static -targetbased -threads -timestats" +*snort-2.8.4 (17 Apr 2009) + + 17 Apr 2009; Patrick Lauer <patrick@gentoo.org> + +files/snort-2.8.4-libnet.patch, +files/pcap_memory.patch, + files/snort.confd, +files/snort.rc9, +files/spo_database_fix.patch, + metadata.xml, +snort-2.8.4.ebuild: + Bump to 2.8.4. Reworked ebuild thanks to Jason Wallace. Lots of changes, + see bug #266288 for details. So it's in the tree, if there are no further issues I'll unmask it soon. I'll report the prelude issue upstream to the snort dev's. This looks like an issue with the spo_alert_prelude which is the output pluging for perlude. There have been some recent discussions on the snort-users mailing list about removing all the output plugins from snort except for unified and unified2, so they may decide to fix it or yank spo_alert_prelude in the next release. (In reply to comment #17) > I'll report the prelude issue upstream to the snort dev's. This looks like an > issue with the spo_alert_prelude which is the output pluging for perlude. There > have been some recent discussions on the snort-users mailing list about > removing all the output plugins from snort except for unified and unified2, so > they may decide to fix it or yank spo_alert_prelude in the next release. > Scratch that. After some testing I think this is a USE flag combination issue. Hold off on moving to stable. I'll find the conflict and post a -r1 ebuild in a little bit. thx for finding this. Created attachment 188688 [details]
snort-2.8.4-r1.ebuild
I found the conflict. spo_alert_prelude does not support ipv6. I have added logic to handle this. If both prelude and ipv6 are chosen ipv6 will be disabled and prelude will be enabled. A warning will be present to the user notifying them of this.
I also removed the pic USE flag until I can look into this.
The repoman has been paid...
# repoman full
RepoMan scours the neighborhood...
ebuild.allmasked 1
net-analyzer/snort
upstream.workaround 1
net-analyzer/snort/snort-2.8.4-r1.ebuild: Upstream parallel compilation bug (ebuild calls emake -j1 on line: 224)
Note: use --without-mask to check KEYWORDS on dependencies of masked packages
Note: use --include-dev (-d) to check dependencies for 'dev' profiles
RepoMan sez: "You're only giving me a partial QA payment?
I'll take it this time, but I'm not happy."
Created attachment 188689 [details]
metadata.xml
New metadata.xml with pic removed
Created attachment 188691 [details]
Manifest
new Manifest... Not sure if I need to submit this or not when submitting ebuilds...?
(In reply to comment #21) > Created an attachment (id=188691) [edit] > Manifest > > new Manifest... Not sure if I need to submit this or not when submitting > ebuilds...? > No :) Mask removed, ebuild is now free :) |