Index: head/security/pulledpork/Makefile =================================================================== --- head/security/pulledpork/Makefile (revision 550263) +++ head/security/pulledpork/Makefile (revision 550264) @@ -1,64 +1,66 @@ # Created by: Olli Hauer # $FreeBSD$ PORTNAME= pulledpork -PORTVERSION= 0.7.3 +PORTVERSION= 0.7.4 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= GHL MAINTAINER= ohauer@FreeBSD.org COMMENT= Script to update snort-2.8+ rules LICENSE= GPLv2 RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:security/p5-Crypt-SSLeay \ p5-LWP-Protocol-https>=6.00:www/p5-LWP-Protocol-https \ p5-libwww>=0:www/p5-libwww \ ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss NO_BUILD= yes USES= perl5 shebangfix USE_PERL5= run SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl SUB_FILES= pkg-message USE_GITHUB= yes GH_ACCOUNT= shirkdog OPTIONS_DEFINE= DOCS .include post-patch: @${REINPLACE_CMD} -e 's|^distro=FreeBSD-8.1|distro=FreeBSD-10-0|' \ -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ -e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \ -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ ${WRKSRC}/etc/pulledpork.conf do-install: ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin @${MKDIR} -m 750 ${STAGEDIR}${ETCDIR} # pulledpork.conf contains the snort user registration key, do not install world readable ${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample @${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} ${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}/README + ${INSTALL_DATA} ${WRKSRC}/CONTRIBUTING.md ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/SECURITY.md ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} .include Index: head/security/pulledpork/distinfo =================================================================== --- head/security/pulledpork/distinfo (revision 550263) +++ head/security/pulledpork/distinfo (revision 550264) @@ -1,3 +1,3 @@ -TIMESTAMP = 1512908815 -SHA256 (shirkdog-pulledpork-v0.7.3_GH0.tar.gz) = 48c66dc9abb7545186d4fba497263c1d1b247c0ea7f0953db4d515e7898461a2 -SIZE (shirkdog-pulledpork-v0.7.3_GH0.tar.gz) = 43167 +TIMESTAMP = 1600924961 +SHA256 (shirkdog-pulledpork-v0.7.4_GH0.tar.gz) = f0149eb6f723b622024295e0ee00e1acade93fae464b9fdc323fdf15e99c388c +SIZE (shirkdog-pulledpork-v0.7.4_GH0.tar.gz) = 44122 Index: head/security/pulledpork/files/patch-README.md =================================================================== --- head/security/pulledpork/files/patch-README.md (revision 550263) +++ head/security/pulledpork/files/patch-README.md (nonexistent) @@ -1,253 +0,0 @@ ---- README.md.orig 2017-12-07 15:13:06 UTC -+++ README.md -@@ -1,13 +1,12 @@ --pulledpork -+PulledPork - ========== - - PulledPork for Snort and Suricata rule management (from Google code) - - Find us on Freenode (IRC) [`#ppork`](https://webchat.freenode.net/?channels=ppork) - --Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team! -+Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team! - -- - Thank you for choosing to use PulledPork! This file provides some basic - guidance on the usage of PulledPork. Please be sure to read this file - thoroughly so that you don't overlook something! -@@ -35,98 +34,75 @@ thoroughly so that you don't overlook something! - - ## Command Usage Reference - -- Usage: ./pulledpork.pl [-dEgHklnRTPVvv? -help] -c -o -- -O -s -D -S -- -p -C -t -- -h -H -I (security|connectivity|balanced) -i -- -b -e -M -- -r -K -+``` -+Usage: pulledpork.pl [-dEgHklnRTPVvv? -help] -c -o -+ -O -s -D -S -+ -p -C -t -+ -h -H -I (security|connectivity|balanced) -i -+ -b -e -M -+ -r -K - -- Options: -- -- -help/? Print this help info. -- -- -b Where the dropsid config file lives. -- -- -C Path to your snort.conf -- -- -c Where the pulledpork config file lives. -- -- -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. -- -- -D What Distro are you running on, for the so_rules -- Valid Distro Types: -- Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 -- FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3 -- OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 -- -- -e Where the enablesid config file lives. -- -- -E Write ONLY the enabled rules to the output files. -- -- -g grabonly (download tarball rule file(s) and do NOT process) -- -- -h path to the sid_changelog if you want to keep one? -- -- -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2) -- -- -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET) -- -- -i Where the disablesid config file lives. -- -- -k Keep the rules in separate files (using same file names as found when reading) -- -- -K Where (what directory) do you want me to put the separate rules files? -- -- -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) -- -- -L Where do you want me to read your local.rules for inclusion in sid-msg.map -- -- -m where do you want me to put the sid-msg.map file? -- -- -M where the modifysid config file lives. -- -- -n Do everything other than download of new files (disablesid, etc) -- -- -o Where do you want me to put generic rules file? -- -- -p Path to your Snort binary -- -- -P Process rules even if no new rules were downloaded -- -- -R When processing enablesid, return the rules to their ORIGINAL state -- -- -r Where do you want me to put the reference docs (xxxx.txt) -- -- -S What version of snort are you using -- -- -s Where do you want me to put the so_rules? -- -- -T Process text based rules files only, i.e. DO NOT process so_rules -- -- -u Where do you want me to pull the rules tarball from -+ Options: -+ -help/? Print this help info. -+ -b Where the dropsid config file lives. -+ -C Path to your snort.conf -+ -c Where the pulledpork config file lives. -+ -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. -+ -D What Distro are you running on, for the so_rules -+ For latest supported options see http://www.snort.org/snort-rules/shared-object-rules -+ Valid Distro Types: -+ Centos-5-4, Centos-6, Centos-7 -+ Debian-7, Debian-8, Debian-9 -+ FC-25, FC-26, FC-27, FC-30 -+ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, FreeBSD-11, FreeBSD-12 -+ OpenBSD-5-2, OpenBSD-5-3, OpenBSD-6-2, OpenSUSE-15-0, OpenSUSE-42-3 -+ RHEL-5-5, RHEL-6, RHEL-6-0, RHEL-7 -+ Slackware-13-1, Slackware-14-2 -+ Ubuntu-14-4, Ubuntu-16-4, Ubuntu-17-10, Ubuntu-18-4 -+ -e Where the enablesid config file lives. -+ -E Write ONLY the enabled rules to the output files. -+ -g grabonly (download tarball rule file(s) and do NOT process) -+ -h path to the sid_changelog if you want to keep one? -+ -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2) -+ -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET) -+ -i Where the disablesid config file lives. -+ -k Keep the rules in separate files (using same file names as found when reading) -+ -K Where (what directory) do you want me to put the separate rules files? -+ -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) -+ -L Where do you want me to read your local.rules for inclusion in sid-msg.map -+ -m where do you want me to put the sid-msg.map file? -+ -M where the modifysid config file lives. -+ -n Do everything other than download of new files (disablesid, etc) -+ -o Where do you want me to put generic rules file? -+ -O Define the oinkcode on the command line (necessary for some users) -+ -p Path to your Snort binary -+ -P Process rules even if no new rules were downloaded -+ -R When processing enablesid, return the rules to their ORIGINAL state -+ -r Where do you want me to put the reference docs (xxxx.txt) -+ -S What version of snort are you using (2.8.6 or 2.9.0) are valid values -+ -s Where do you want me to put the so_rules? -+ -T Process text based rules files only, i.e. DO NOT process so_rules -+ -u Where do you want me to pull the rules tarball from - ** E.g., ET, Snort.org. See pulledpork config rule_url option for value ideas -+ -V Print Version and exit -+ -v Verbose mode, you know.. for troubleshooting and such nonsense. -+ -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. -+ -w Skip the SSL verification (if there are issues pulling down rule files) -+ -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration. -+ ``` - -- -V Print Version and exit - -- -v Verbose mode, you know.. for troubleshooting and such nonsense. -- -- -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. -- -- -w Skip the SSL verification (if there are issues pulling down rule files) -- -- -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration. -- -- - ## Basic Usage Examples - - A simple example of how to use PulledPork would be to specify all of your configuration directives inside of the - `PulledPork.conf` file. Specifically for minimal function, i.e. NO Shared Object rule processing you must define - at a minimum the `rule_file`, `oinkcode`, `temp_path`, `tar_path`, and `rule_path` values. Below are some examples of this. - -- ./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ -- -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz -i disablesid.conf -T -H -+```bash -+./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ -+ -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz \ -+ -i disablesid.conf -T -H -+``` - - The above will fetch the `snortrules-snapshot-2973.tar.gz` tarball from snort.org using the specified `oinkcode` of - `12345667778523452344234234` and put the rules files from that tarball into the output path of -@@ -134,11 +110,16 @@ The above will fetch the `snortrules-snapshot-2973.tar - `disablesid.conf` lives, and the `-T` option tells pulledpork to not process for any shared object rules and the final - `-H` option tells pulledpork to send a `Hangup` signal to the snort pid that you defined in the `pulledpork.conf`. - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H -+``` - - Similar to the first example but all options specified in the `pulledpork.conf` file (other than `disablesid` and `-H`)... - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -m /usr/local/etc/snort/sid-msg.map -Hn -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf \ -+ -m /usr/local/etc/snort/sid-msg.map -Hn -+``` - - The above will simply read the disablesid and disable as defined, then send a `Hangup` signal after generating the `sid-msg.map` - at the specified location without downloading anything. -@@ -147,25 +128,35 @@ Highly useful when tuning / making changes etc.. - Next example, snort inline with rules that we want to drop and disable, then `HUP` our daemons after creating a `sid-msg.map` - and writing change info to `sid_changes.log`! - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \ -- -h /var/log/sid_changes.log -H -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ -+ -m /usr/local/etc/snort/sid-msg.map -h /var/log/sid_changes.log -H -+``` - - Next example, same as the previous but specifying that we want to run the default "security" based ruleset - and that we want to enable rules specified in `enablesid.conf`. - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -- -h /var/log/sid_changes.log -I security -H -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ -+ -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -+ -h /var/log/sid_changes.log -I security -H -+``` - - Next example, same as the previous but specifying that we want to `-K` (Keep) the originationg tarball names. - and write them to `/usr/local/etc/snort/rules/` - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -- -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/ -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ -+ -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -+ -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/ -+``` - - For users of Suricata, the same steps are necessary for where your installation files reside, but all that pulledpork needs to process - rule files is the `-S` flag being set to `suricata-3.1.3` or whatever version of suricata you are using - -- ./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3 -+```bash -+./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3 -+``` - - Pulledpork "should" work with Suricata and ET/ETPro rules. However there is no support for Talos rules to run on Suricata. - -@@ -173,11 +164,9 @@ Pulledpork "should" work with Suricata and ET/ETPro ru - - Please note that pulledpork runs rule modification (enable, drop, disable, modify) in that order by default.. - --1: enable -- --2: drop -- --3: disable -+1. enable -+2. drop -+3. disable - - This means that disable rules will always take precedence.. thusly if you specify the same `gid:sid` - in enable and disable configuration files, then that sid will be disabled.. keep this in mind Property changes on: head/security/pulledpork/files/patch-README.md ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/pulledpork/files/patch-etc_pulledpork.conf =================================================================== --- head/security/pulledpork/files/patch-etc_pulledpork.conf (revision 550263) +++ head/security/pulledpork/files/patch-etc_pulledpork.conf (nonexistent) @@ -1,34 +0,0 @@ ---- etc/pulledpork.conf.orig 2017-12-07 15:13:06 UTC -+++ etc/pulledpork.conf -@@ -123,14 +123,17 @@ config_path=/usr/local/etc/snort/snort.conf - - # Define your distro, this is for the precompiled shared object libs! - # Valid Distro Types: --# Debian-6-0, Ubuntu-10-4 --# Ubuntu-12-04, Centos-5-4 --# FC-12, FC-14, RHEL-5-5, RHEL-6-0 --# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 --# OpenBSD-5-2, OpenBSD-5-3 --# OpenSUSE-11-4, OpenSUSE-12-1 --# Slackware-13-1 --distro=FreeBSD-8-1 -+# Alpine-3-10 -+# Centos-6 Centos-7 Centos-8 -+# Debian-8 Debian-9 Debian-10 -+# FC-27 FC-30 FC-31 -+# FreeBSD-11 FreeBSD-12 -+# OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5 -+# OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3 -+# RHEL-6 RHEL-7 RHEL-8 -+# Slackware-14-2 -+# Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10 -+distro=FreeBSD-12 - - ####### This next section is optional, but probably pretty useful to you. - ####### Please read thoroughly! -@@ -211,4 +214,4 @@ snort_control=/usr/local/bin/snort_control - ####### need to process so_rules, simply comment out the so_rule section - ####### you can also specify -T at runtime to process only GID 1 rules. - --version=0.7.3 -+version=0.7.4 Property changes on: head/security/pulledpork/files/patch-etc_pulledpork.conf ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/pulledpork/files/patch-etc_modifysid.conf =================================================================== --- head/security/pulledpork/files/patch-etc_modifysid.conf (revision 550263) +++ head/security/pulledpork/files/patch-etc_modifysid.conf (nonexistent) @@ -1,23 +0,0 @@ ---- etc/modifysid.conf.orig 2017-12-07 15:13:06 UTC -+++ etc/modifysid.conf -@@ -2,6 +2,9 @@ - # - # Change history: - # ----------------------------------------------- -+# v1.2 2/28/2018 Scott Savarese -+# - Insert comments around using regex to match rules -+# - # v1.1 2/18/2011 Alan Ptak - # - Inserted comments around example elements that would otherwise modify rules - # -@@ -38,3 +41,10 @@ - # that it is a SNORTSAM block rule! - # 17803 "\(msg:"" "\(msg:"SNORTSAM "; - # 17803 "^\s*alert" "BLOCK"; -+ -+# A new regex formatting syntax is available: -+# regex:'PUT_REGEX_HERE' "what I'm replacing" "what I'm replacing it with" -+# This would allow users to manipulate groups of rules. This works the same -+# way as the signature based rules, but instead of matching a hardcoded set of -+# SID, it will go through all rules in GID:1 matching the regex against the -+# rule. Be sure to escape things like ( and ' Property changes on: head/security/pulledpork/files/patch-etc_modifysid.conf ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/pulledpork/files/patch-pulledpork.pl =================================================================== --- head/security/pulledpork/files/patch-pulledpork.pl (revision 550263) +++ head/security/pulledpork/files/patch-pulledpork.pl (revision 550264) @@ -1,168 +1,28 @@ ---- pulledpork.pl.orig 2020-07-02 11:46:17 UTC +--- pulledpork.pl.orig 2020-09-01 15:08:32 UTC +++ pulledpork.pl -@@ -2,7 +2,7 @@ - - ## pulledpork v(whatever it says below!) - --# Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team! -+# Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team! - - # This program is free software; you can redistribute it and/or - # modify it under the terms of the GNU General Public License -@@ -24,6 +24,7 @@ use File::Copy; - use LWP::UserAgent; - use HTTP::Request::Common; - use HTTP::Status qw (is_success); -+ - #use Crypt::SSLeay; - use Sys::Syslog; - use Digest::MD5; -@@ -41,8 +42,8 @@ use Data::Dumper; - - # we are gonna need these! - my ($oinkcode, $temp_path, $rule_file, $Syslogging); --my $VERSION = "PulledPork v0.7.3"; --my $HUMOR = "Making signature updates great again!"; -+my $VERSION = "PulledPork v0.7.4"; -+my $HUMOR = "Helping you protect your bitcoin wallet!"; - my $ua = LWP::UserAgent->new; - - #Read in proxy settings from the environment -@@ -90,9 +91,24 @@ if ($oSystem =~ /freebsd/i) { +@@ -91,9 +91,24 @@ if ($oSystem =~ /freebsd/i) { exit(1); } } + elsif (-e "/usr/local/share/certs/ca-root-nss.crt") { + $CAFile = "/usr/local/share/certs/ca-root-nss.crt"; + if (-r $CAFile) { + $ua->ssl_opts(SSL_ca_file => $CAFile); + } + else { + carp "ERROR: $CAFile is not readable by " + . (getpwuid($<))[0] . "\n"; + syslogit('err|local0', + "FATAL: ERROR: $CAFile is not readable by " + . (getpwuid($<))[0] . "\n") + if $Syslogging; + exit(1); + } + } else { carp - "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/etc/ssl/cert.pem) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; + "ERROR: cert file does not exist (/etc/ssl/cert.pem, /usr/local/etc/ssl/cert.pem or /usr/local/share/certs/ca-root-nss.crt) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; syslogit('err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n" ) if $Syslogging; -@@ -201,10 +217,16 @@ sub Help { - -D What Distro are you running on, for the so_rules - For latest supported options see http://www.snort.org/snort-rules/shared-object-rules - Valid Distro Types: -- Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 -- FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3 -- OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 -+ Alpine-3-10 -+ Centos-6 Centos-7 Centos-8 Debian-8 Debian-9 -+ Debian-10 -+ FC-27 FC-30 FC-31 -+ FreeBSD-11 FreeBSD-12 -+ OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5 -+ OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3 -+ RHEL-6 RHEL-7 RHEL-8 -+ Slackware-14-2 -+ Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10 - -e Where the enablesid config file lives. - -E Write ONLY the enabled rules to the output files. - -g grabonly (download tarball rule file(s) and do NOT process) -@@ -277,14 +299,27 @@ sub rule_extract { - $rule_file, $temp_path, $Distro, $arch, $Snort, - $Sorules, $ignore, $docs, $prefix - ) = @_; -- print "Prepping rules from $rule_file for work....\n" if !$Quiet; -- print "\textracting contents of $temp_path$rule_file...\n" -- if ($Verbose && !$Quiet); -+ -+ #special case to bypass file operations when -nPT are specified -+ my $BypassTar = 0; -+ if ($Textonly && $NoDownload && $Process) { -+ if ($rule_file =~ /opensource\.gz/) { -+ print "Skipping opensource.gz as -nPT was specified\n" if !$Quiet; -+ $BypassTar = 1; -+ } -+ } -+ if (!$BypassTar) { -+ print "Prepping rules from $rule_file for work....\n" if !$Quiet; -+ print "\textracting contents of $temp_path$rule_file...\n" -+ if ($Verbose && !$Quiet); -+ } - mkpath($temp_path . "tha_rules"); - mkpath($temp_path . "tha_rules/so_rules"); - my $tar = Archive::Tar->new(); -- $tar->read($temp_path . $rule_file); -- $tar->setcwd(cwd()); -+ if (!$BypassTar) { -+ $tar->read($temp_path . $rule_file); -+ $tar->setcwd(cwd()); -+ } - local $Archive::Tar::CHOWN = 0; - my @ignores = split(/,/, $ignore) if (defined $ignore); - -@@ -345,7 +380,8 @@ sub rule_extract { - } - elsif ($docs - && $filename =~ /^(doc\/signatures\/)?.*\.txt/ -- && -d $docs) -+ && -d $docs -+ && !$BypassTar) - { - $singlefile =~ s/^doc\/signatures\///; - $tar->extract_file("doc/signatures/$filename", -@@ -928,7 +964,21 @@ sub modify_sid { - } - undef @arry; - } -+ -+ # Handle use case where we want to modify multiple sids based on -+ # comment in rule (think multiple rules with same or similar comment) -+ if ( $_ =~ /^regex:'([^']+)'\s+"(.+)"\s+"(.*)"/ ) { -+ my ( $regex, $from, $to ) = ( $1, $2, $3 ); -+ # Go through each rule in gid:1 and look for matching rules -+ foreach my $sid ( sort keys( %{ $$href{1} } ) ) { -+ next unless ( $$href{1}{$sid}{'rule'} =~ /$regex/ ); -+ print "\tModifying SID:$sid from:$from to:$to\n" -+ if ( $Verbose && !$Quiet ); -+ $$href{1}{$sid}{'rule'} =~ s/$from/$to/; -+ } -+ } - } -+ - print "\tDone!\n" if !$Quiet; - close(FH); - } -@@ -1277,7 +1327,7 @@ sub rule_category_write { - ## write our blacklist and blacklist version file! - sub blacklist_write { - my ($href, $path) = @_; -- my $blv = $Config_info{'IPRVersion'} . "IPRVersion.dat"; -+ my $blv = $Config_info{'IPRVersion'} . "/IPRVersion.dat"; - my $blver = 0; - - # First lets be sure that our data is new, if not skip the rest of it! -@@ -1769,7 +1819,7 @@ if ($Verbose && !$Quiet) { - if (exists $Config_info{'version'}) { - croak "You are not using the current version of pulledpork.conf!\n", - "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" -- if $Config_info{'version'} ne "0.7.3"; -+ if $Config_info{'version'} ne "0.7.4"; - } - else { - croak -@@ -2118,6 +2168,7 @@ if (@base_url && -d $temp_path) { - } - } - elsif ($base_url =~ /emergingthreatspro.com/) { -+ $prefix = "ET-"; - - # These have to be handled separately, as emerginthreatspro will - # support a full version, but emergingthreats only supports the Index: head/security/pulledpork/files/pkg-message.in =================================================================== --- head/security/pulledpork/files/pkg-message.in (revision 550263) +++ head/security/pulledpork/files/pkg-message.in (revision 550264) @@ -1,31 +1,31 @@ [ { type: install message: < 'Subscriptions and Oinkcodes' EOM } { type: upgrade message: <