Please find attached snort-184.108.40.206.ebuild and snort-2.6.0-genpatches.tar.bz2 which contains a new 2.6.0-libnet-1.0.patch.
This ebuild will update snort to the current stable version of 220.127.116.11. The 2.6.0-libnet-1.0.patch file will fix the inline and flexresp problems from
1. snortsam is broken. I tried all versions currently in portage but all of them cause snort-18.104.22.168 to fail to compile. I think this is snortsam issue. I'll work on this some more later if I get time.
2. sguil does not work with snort-22.214.171.124. I believe this problem is related to sguil not keeping pace with snort-2.6.x based on this post to the sguil list...
"Both of those patches are optional. The stream4 one has been depreciated for sancp. You can use the sfportscan processor in snort 2.6 for now. I'll put a new spp_portscan patch out for the next Sguil release." -- Bammkkkk
I added a note for people enabling sguil that they should use snort-2.4.5 until sguil catches up. I left the sguil USE flag and only commented out the sguil stuff. Should make it easer to update this ebuild when sguil catches up.
Created attachment 101949 [details]
Created attachment 101950 [details]
Created attachment 101951 [details, diff]
This is the file contained in snort-2.6.0-genpatches.tar.bz2 for anyone that wants to look at it.
Created attachment 102129 [details]
Please find attached a new snort-126.96.36.199.ebuild.
1. I have fixed the snortsam problem. There was a missing ,
in their snortpatch9 file when patching snort's plugin_enum.h file.
Should work for any current versions of snortsam now.
I sent a patch to the snortsam folks and I have added some logic
to the ebuild to check for the problem and correct it if it is
2. Added the following USE flags...
use.local.desc should be updated with the following...
net-analyzer/snort:flexresp2 - NEW Flexible Responses on hostile connection attempts (if you don't know what this is don't use it)
net-analyzer/snort:react - Intercept and terminate offending HTTP accesses (if you don't know what this is don't use it)
Also the net-analyzer/snort:flexresp entry should be changed to say..
net-analyzer/snort:flexresp - Flexible Responses on hostile connection attempts (if you don't know what this is don't use it)
3. Added checks to insure that both the 'flexresp' and 'flexresp2' USE
flags are not enabled. If both are enabled it shows a warning and
defaults to flexresp2.
4. Changed the check for inline mode to use --with-libipq-includes=/usr/include/libipq
at ./configure time instaead of using append-flags. ./configure is the
right way to do this.
5. Cleaned up the src_compile() section. There were use_with's where there should have been use_enable's
The only thing I've not tested is selinux and prelude. I don't use either of these.
Created attachment 102138 [details]
Started looking at the other snort bugs and found Bug 150796. The reporter is correct there is no ssl/openssl usage in snort as of 2003-03-27, so I have removed the ssl USE flag.
Version 188.8.131.52 in cvs