Where do I begin... There are a lot of changes in Snort-2.9. 1) DAQ The bigest change is the introduction the DAQ, or Data Acquisition library, for packet I/O. The DAQ replaces direct calls to PCAP functions with an abstraction layer that facilitates operation on a variety of hardware and software interfaces without requiring changes to Snort. Snort-2.9.0 requires these libraries now to compile, so Bug 341009 needs to be approved before this ebuild. 2) Flexresp and Flexresp2 (and their USE flags) have been removed and replaced with Flexresp3. - This allowed a number of 'if/die' statements to be removed from pkg_setup() 3) The 'timestats' USE flag is no longer needed and has been removed. 4) The 'inline' USE flag has been removed due to the use of DAQ. - This allowed an 'if/die' statement to be removed from pkg_setup() - Added 'normalizer' and 'active-response' USE flags to support these new inline functions. 5) The DCRPC preprocessor has been removed and replaced with DCRPC2. - Removed decrpc from the 'if/sed' for the multilib fix in src_prepare() 6) Now nothing in Snort requires libnet. - Removed the libnet statements from DEPEND - This allowed the removal of --with-libipq-includes=/usr/include/libipq from myconf. - Also allowed removal of 4 sed's in src_prepare() 7) The current supported DAQs also do not use iptables, so this dependancy was removed from DEPEND 8) Added some dodoc statements to handel some new docs, and some rm's to remove some that were being installed my the Makefile 9) Removed etc/sid-msg.map from doins. This is not shipped with snort anymore. 10) Reordered USE and econf to match the order of snorts "./configure --help" (just for my own sanity). 11) Removed pthread 'if' statement and placed this in econf. 12) Sourcefire added some options to ./configure to give more debug info. Added the following to acomodate this: $(use_enable debug debug-msgs) $(use_enable debug corefiles) 13) Added the following to econf because these are not supported/required by the ebuild: --disable-dlclose --disable-intel-soft-cpm --disable-static-daq 14) Added a lot of elog information to ensure end users are aware of the major changes. Reproducible: Always Steps to Reproduce: And of course, the repoman was paid... snort # repoman full RepoMan scours the neighborhood... ebuild.allmasked 1 net-analyzer/snort Note: use --include-dev (-d) to check dependencies for 'dev' profiles RepoMan sez: "You're only giving me a partial QA payment? I'll take it this time, but I'm not happy."
Created attachment 250595 [details] snort-2.9.0.ebuild Version bump for Snort
Created attachment 250601 [details] metadata.xml metadata.xml with new USE flags
Created attachment 251953 [details] snort-2.9.0.ebuild Updated ebuild that incorporates feedback from Dev. PVA
Created attachment 251955 [details] metadata.xml Updated metadata.xml Reformatted file for easier reading and also made USE flag descriptions more meaningful/informative.
Please add the following information to this package's ChangLog when committing it to portage. + Updated SRC_URI to new download location - Removed the deprecated 'flexresp' and 'flexresp2' USE flags. + Added 'flexresp3' USE flag. - Removed the deprecated 'timestats' USE flag - Removed deprecated 'inline' USE flag. This has been replaced by DAQ. + Added 'normalizer' USE flag + Added 'active-response' USE flag + Reordered USE and econf to match the order of snorts "./configure --help" - Removed comment above DEPEND + Changed virtual/libpcap to >=net-libs/libpcap-1.0.0 in DEPEND + Added unconditional DEPEND for net-libs/daq + Added unconditional DEPEND for dev-libs/libdnet - Removed 'flexresp', 'flexresp2', and 'inline' USE flag tests from DEPEND - Remoevd 'react' dependency of net-libs/libnet in DEPEND - Removed if/die test for 'flexresp' with 'flexresp2' from pkg_setup() - Removed if/die test for 'flexresp' with 'react' from pkg_setup() - Removed if/die test for 'flexresp2' with 'react' from pkg_setup() - Removed if/die test for 'inline-init-failopen' without 'inline' from pkg_setup() - Removed sed statements for libnet and 'flexresp', 'flexresp2', and 'inline' from src_prepare() - Removed deprecated 'dcerpc' from multilib fix for sf_engine in src_prepare() + Moved 'threads' from if/then to econf in src_configure() - Removed if/then for --with-libipq-includes from src_configure() - Removed 'timestats', 'inline', 'flexresp', 'flexresp2' from econf + --enable-debug-msgs and --enable-corefiles are now enabled with 'debug' USE flag in econf + Added 'active-response' and 'normalizer' to econf + Added 'flexresp3' to econf + Added --disable-dlclose, --disable-intel-soft-cpm, --disable-static-daq to econf + Added README.u2boat to docs + Moved dodoc's to a single statement + Added rm statements to clean up Makefiles in docs directory + Added rm statement to clean up useless snort docs directory created by Makefiles - Removed sid-msg.map from doins. This is now user generated. + Changed keepdir for snort_dynamicrule to snort_dynamicrules (plural) + Updated einfo, elog, and ewarn information. + Added || die to newins for snort.conf.distrib - Removed default src_unpack - Removed default src_compile - Removed unused $myconf + copyed snort.reload.rc1 to snort.rc10 to support using a single init script - Removed 'reload' USE flag. There is no reason to not enable this functionality - Removed if/die statement related to the 'reload' USE flag - Removed if/then that depened on the 'reload' USE flag + Updated newinit to install snort.rc10 + Added --enable-reload to econf + Collapsed dodoc's to one line + Added || die statements to sed expressions that cleanup snort.conf.distrib + Added 'normalizer' USE flage to support packet normalization in inline mode + Added 'active-response' USE flag to support sending TCP RST packets and ICMP unreachable messages in inline deployments. + Updated all USE flag information to be more useful and informative + Added 'flexresp3' USE flag. Replaces flexresp and flexresp2. - Removed KEWORDS ~alpha ~arm ~ppc ~ppc64 ~sparc Snort-2.9.0 requires the new DAQ libraries which have not yet been tested (in Gentoo) on these platforms. + Cleaned up metadata.xml to make it easier to deal with and read. + Updated elog information to be more current + Added MYDATE variable and if/then check to determine if displaying the SO rule warning is still needed based on the current date.
Created attachment 251957 [details] snort.rc10 New rc script to to use going forward.
Created attachment 252921 [details] snort-2.9.0.1.ebuild Updated ebuild for 2.9.0.1. No functionality difference between 2.9.0 and 2.9.0.1. just some bug fixes. ChangeLog + Updated SRC_URI to point to new download location
+ 02 Nov 2010; Patrick Lauer <patrick@gentoo.org> +snort-2.9.0.1.ebuild, + +files/snort.rc10, metadata.xml: + Bump for #341013, many ebuild improvements by Jason Wallace and pva
