Index: head/security/suricata/Makefile =================================================================== --- head/security/suricata/Makefile (revision 466192) +++ head/security/suricata/Makefile (revision 466193) @@ -1,157 +1,158 @@ # Created by: Patrick Tracanelli # $FreeBSD$ PORTNAME= suricata -PORTVERSION= 4.0.3 +DISTVERSION= 4.0.4 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ MAINTAINER= franco@opnsense.org COMMENT= High Performance Network IDS, IPS and Security Monitoring engine LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libpcre.so:devel/pcre \ libnet.so:net/libnet \ libyaml.so:textproc/libyaml USES= autoreconf cpe gmake libtool pathfix pkgconfig USE_LDCONFIG= yes USE_RC_SUBR= ${PORTNAME} GNU_CONFIGURE= yes CPE_VENDOR= openinfosecfoundation INSTALL_TARGET= install-strip TEST_TARGET= check OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \ REDIS SC TESTS OPTIONS_DEFINE_amd64= HYPERSCAN -OPTIONS_DEFAULT= HTP_PORT IPFW JSON NETMAP PRELUDE +OPTIONS_DEFAULT= IPFW JSON NETMAP PRELUDE OPTIONS_SUB= yes OPTIONS_RADIO= SCRIPTS OPTIONS_RADIO_SCRIPTS= LUA LUAJIT SCRIPTS_DESC= Scripting GEOIP_DESC= GeoIP support HYPERSCAN_DESC= Hyperscan support HTP_PORT_DESC= Use libhtp from ports IPFW_DESC= IPFW and IP Divert support for inline IDP JSON_DESC= JSON output support LUA_DESC= LUA scripting support LUAJIT_DESC= LuaJIT scripting support NETMAP_DESC= Netmap support for inline IDP NSS_DESC= File checksums and SSL/TLS fingerprinting PORTS_PCAP_DESC= Use libpcap from ports PRELUDE_DESC= Prelude support for NIDS alerts REDIS_DESC= Redis output support SC_DESC= Suricata socket client (suricatasc) TESTS_DESC= Unit tests in suricata binary GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP GEOIP_CONFIGURE_ON= --enable-geoip HTP_PORT_BUILD_DEPENDS= libhtp>=0.5.24:devel/libhtp HTP_PORT_LIB_DEPENDS= libhtp.so:devel/libhtp HTP_PORT_CONFIGURE_ON= --enable-non-bundled-htp HTP_PORT_CONFIGURE_OFF= --enable-bundled-htp HTP_PORT_CONFLICTS_INSTALL_OFF= libhtp HTP_PORT_USES_OFF= iconv:translit HYPERSCAN_LIB_DEPENDS= libhs.so:devel/hyperscan HYPERSCAN_CONFIGURE_ON= --with-libhs-includes=${LOCALBASE}/include \ --with-libhs-libraries=${LOCALBASE}/lib IPFW_CONFIGURE_ON= --enable-ipfw JSON_LIB_DEPENDS= libjansson.so:devel/jansson JSON_CONFIGURE_ON= --with-libjansson-includes=${LOCALBASE}/include \ --with-libjansson-libraries=${LOCALBASE}/lib LUA_USES= lua:51 LUA_CONFIGURE_ON= --enable-lua \ --with-liblua-includes=${LUA_INCDIR} \ --with-liblua-libraries=${LUA_LIBDIR} LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit LUAJIT_CONFIGURE_ON= --enable-luajit NSS_LIB_DEPENDS= libnss3.so:security/nss \ libnspr4.so:devel/nspr +NSS_CONFIGURE_OFF= --disable-nss --disable-nspr NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \ --with-libnss-libraries=${LOCALBASE}/lib \ --with-libnspr-libraries=${LOCALBASE}/lib \ --with-libnspr-includes=${LOCALBASE}/include/nspr NETMAP_CONFIGURE_ENABLE= netmap PORTS_PCAP_LIB_DEPENDS= libpcap.so.1:net/libpcap PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \ --with-libpcap-libraries=${LOCALBASE}/lib PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \ --with-libpcap-libraries=/usr/lib PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude \ libgnutls.so:security/gnutls \ libgcrypt.so:security/libgcrypt \ libgpg-error.so:security/libgpg-error \ libltdl.so:devel/libltdl PRELUDE_CONFIGURE_ENABLE= prelude PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} REDIS_LIB_DEPENDS= libhiredis.so:databases/hiredis REDIS_CONFIGURE_ON= --enable-hiredis \ --with-libhiredis-includes=${LOCALBASE}/include \ --with-libhiredis-libraries=${LOCALBASE}/lib SC_USES= python:2.7 SC_CONFIGURE_ENABLE= python TESTS_CONFIGURE_ENABLE= unittests SUB_FILES= pkg-message CONFIGURE_ARGS+=--enable-gccprotect \ --with-libpcre-includes=${LOCALBASE}/include \ --with-libpcre-libraries=${LOCALBASE}/lib \ --with-libyaml-includes=${LOCALBASE}/include \ --with-libyaml-libraries=${LOCALBASE}/lib \ --with-libnet-includes=${LOCALBASE}/include \ --with-libnet-libraries=${LOCALBASE}/lib \ --with-libhtp-includes=${LOCALBASE}/include/ \ --with-libhtp-libraries=${LOCALBASE}/lib \ --disable-gccmarch-native CONFIG_DIR?= ${ETCDIR} CONFIG_FILES= suricata.yaml classification.config reference.config threshold.config RULES_DIR= ${CONFIG_DIR}/rules RULES_FILES= app-layer-events.rules decoder-events.rules dns-events.rules files.rules \ http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \ tls-events.rules LOGS_DIR?= /var/log/${PORTNAME} pre-patch: - ${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 + @${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 post-install: - ${MKDIR} ${STAGEDIR}${CONFIG_DIR} - ${MKDIR} ${STAGEDIR}${RULES_DIR} - ${MKDIR} ${STAGEDIR}${LOGS_DIR} + @${MKDIR} ${STAGEDIR}${CONFIG_DIR} + @${MKDIR} ${STAGEDIR}${RULES_DIR} + @${MKDIR} ${STAGEDIR}${LOGS_DIR} .for f in ${CONFIG_FILES} ${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample .endfor .for f in ${RULES_FILES} ${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f} .endfor post-install-SC-on: (cd ${STAGEDIR}${PREFIX} \ && ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \ -d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;}) .include Index: head/security/suricata/distinfo =================================================================== --- head/security/suricata/distinfo (revision 466192) +++ head/security/suricata/distinfo (revision 466193) @@ -1,3 +1,3 @@ -TIMESTAMP = 1512569305 -SHA256 (suricata-4.0.3.tar.gz) = 81a0bcb10b5c0b00efeafb4aac3ef70bf0e36b060ac6300d867f15f3dbe0e437 -SIZE (suricata-4.0.3.tar.gz) = 12392388 +TIMESTAMP = 1522066170 +SHA256 (suricata-4.0.4.tar.gz) = 617e83b6e20b03aa7d5e05a980d3cb6d2810ec18a6f15a36bf66c81c9c0a2abb +SIZE (suricata-4.0.4.tar.gz) = 12511121 Index: head/security/suricata/files/patch-disable_nss_nspr =================================================================== --- head/security/suricata/files/patch-disable_nss_nspr (nonexistent) +++ head/security/suricata/files/patch-disable_nss_nspr (revision 466193) @@ -0,0 +1,169 @@ +From 2bd73173674843695cb3e44666f233697a64b6a0 Mon Sep 17 00:00:00 2001 +From: Renato Botelho +Date: Thu, 22 Mar 2018 11:02:42 -0300 +Subject: [PATCH] configure: allow to disable libnss and libnspr + +Let user chose to disable libnss and libnspr support even if these +libraries are installed in the system. Default remains to enable when +libraries are found and disable parameter were not used +--- + configure.ac | 122 ++++++++++++++++++++++++++++++----------------------------- + 1 file changed, 63 insertions(+), 59 deletions(-) + +diff --git configure.ac configure.ac +index 278f408940..1e3a467406 100644 +--- configure.ac ++++ configure.ac +@@ -1586,15 +1586,8 @@ + fi + + # libnspr +- enable_nspr="no" +- +- # Try pkg-config first: +- PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no]) +- if test "$with_pkgconfig_nspr" != "no"; then +- CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}" +- LIBS="${LIBS} ${libnspr_LIBS}" +- fi +- ++ AC_ARG_ENABLE(nspr, ++ AS_HELP_STRING([--disable-nspr],[Disable libnspr support])) + AC_ARG_WITH(libnspr_includes, + [ --with-libnspr-includes=DIR libnspr include directory], + [with_libnspr_includes="$withval"],[with_libnspr_includes=no]) +@@ -1602,41 +1595,43 @@ + [ --with-libnspr-libraries=DIR libnspr library directory], + [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"]) + +- if test "$with_libnspr_includes" != "no"; then +- CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}" +- fi ++ if test "$enable_nspr" != "no"; then ++ # Try pkg-config first: ++ PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no]) ++ if test "$with_pkgconfig_nspr" != "no"; then ++ CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}" ++ LIBS="${LIBS} ${libnspr_LIBS}" ++ fi + +- AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no") +- if test "$NSPR" = "yes"; then +- if test "$with_libnspr_libraries" != "no"; then +- LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}" +- fi ++ if test "$with_libnspr_includes" != "no"; then ++ CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}" ++ fi + +- AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no") ++ AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no") ++ if test "$NSPR" = "yes"; then ++ if test "$with_libnspr_libraries" != "no"; then ++ LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}" ++ fi + +- if test "$NSPR" = "no"; then +- echo +- echo " ERROR! libnspr library not found, go get it" +- echo " from Mozilla or your distribution:" +- echo +- echo " Ubuntu: apt-get install libnspr4-dev" +- echo " Fedora: yum install nspr-devel" +- echo +- exit 1 +- fi +- enable_nspr="yes" ++ AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no") ++ ++ if test "$NSPR" = "no"; then ++ echo ++ echo " ERROR! libnspr library not found, go get it" ++ echo " from Mozilla or your distribution:" ++ echo ++ echo " Ubuntu: apt-get install libnspr4-dev" ++ echo " Fedora: yum install nspr-devel" ++ echo ++ exit 1 ++ fi ++ enable_nspr="yes" ++ fi + fi + + # libnss +- enable_nss="no" +- +- # Try pkg-config first: +- PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no]) +- if test "$with_pkgconfig_nss" != "no"; then +- CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}" +- LIBS="${LIBS} ${libnss_LIBS}" +- fi +- ++ AC_ARG_ENABLE(nss, ++ AS_HELP_STRING([--disable-nss],[Disable libnss support])) + AC_ARG_WITH(libnss_includes, + [ --with-libnss-includes=DIR libnss include directory], + [with_libnss_includes="$withval"],[with_libnss_includes=no]) +@@ -1644,31 +1639,40 @@ + [ --with-libnss-libraries=DIR libnss library directory], + [with_libnss_libraries="$withval"],[with_libnss_libraries="no"]) + +- if test "$with_libnss_includes" != "no"; then +- CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}" +- fi ++ if test "$enable_nss" != "no"; then ++ # Try pkg-config first: ++ PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no]) ++ if test "$with_pkgconfig_nss" != "no"; then ++ CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}" ++ LIBS="${LIBS} ${libnss_LIBS}" ++ fi + +- AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no") +- if test "$NSS" = "yes"; then +- if test "$with_libnss_libraries" != "no"; then +- LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}" +- fi ++ if test "$with_libnss_includes" != "no"; then ++ CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}" ++ fi + +- AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no") ++ AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no") ++ if test "$NSS" = "yes"; then ++ if test "$with_libnss_libraries" != "no"; then ++ LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}" ++ fi + +- if test "$NSS" = "no"; then +- echo +- echo " ERROR! libnss library not found, go get it" +- echo " from Mozilla or your distribution:" +- echo +- echo " Ubuntu: apt-get install libnss3-dev" +- echo " Fedora: yum install nss-devel" +- echo +- exit 1 +- fi ++ AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no") ++ ++ if test "$NSS" = "no"; then ++ echo ++ echo " ERROR! libnss library not found, go get it" ++ echo " from Mozilla or your distribution:" ++ echo ++ echo " Ubuntu: apt-get install libnss3-dev" ++ echo " Fedora: yum install nss-devel" ++ echo ++ exit 1 ++ fi + +- AC_DEFINE([HAVE_NSS],[1],[libnss available for md5]) +- enable_nss="yes" ++ AC_DEFINE([HAVE_NSS],[1],[libnss available for md5]) ++ enable_nss="yes" ++ fi + fi + + # libmagic Property changes on: head/security/suricata/files/patch-disable_nss_nspr ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property