-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.
It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.
With help: marcus and kwm
Pointyhat-exp: a few times by pav
Tested by: pgollucci, "Romain Tartière" <romain@blogreen.org>, and
a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by: marcus
Approved by: portmgr
- fix libprelude version
One of the config options for security/snort is WITH_PRELUDE. Last
time libprelude has changed to new version, but Makefile for snort is not
updated. This patch corrects this issue.
PointyHat to: beech (ports/127339)
PR: ports/127818
Submitted by: Krzysztof Stryjek <wtp_AT_bsdguru dot org>
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
- 2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
PR: ports/124717
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
Tested on two systems, and until works perfectly.
Changelog snort-2.7.0.1:
* etc/snort.conf:
Turn off flow since Stream5 is now enabled by default.
* src/snort.c:
Fix printing of threshold counts until after all rules are read.
This issue did not affect thresholding, only display of thresholding.
Thanks to Jeffrey Denton for reporting the problem.
* src/sfutil/ipobj.c:
Fix free of invalid pointer when using a negated IP list.
This is used by sfportscan preprocessor configuration parsing.
Thanks to Anders Ostrem for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_session.c:
Fixed issue when experimental ICMP tracking is used without using
the TCP or UDP session tracking. ICMP was attempting to lookup
TCP or UDP sessions from uninitialized session cache. Thanks to
Koji Shikata for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_tcp.c:
Fixed invalid session pointer when rule tries to use flowbits after
session ends. Thanks to rmkml for initially reporting the problem.
PR: ports/115294
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
Update includes:
- Target-based stream reassembly, including handling of TCP dataoverlaps and
anomalous TCP header flags on a per-destination basis. 11 different
target-based policies are supported. See README.stream5 for specific
configuration options for operating system targets.
- UDP session tracking
- Option to emulate Stream4 flushing behaviour
- Stream5 replaces BOTH Stream4 and Flow -- should disable both of these when
Stream5 is enabled.
- Security and memory footprint improvements
PR: ports/114806
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
was supposed to work is useless, because if we can't trust the distfile from
the remote machine, we can't trust the signature from the same machine either.
Our MD5 and SHA256 are good for checking both the sanity and the
trustiness of distfiles.
Approved by: portmgr (erwin), erwin (mentor)
- library version update of related ports
Changelog libprelude:
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
considered public and might be used by external application. Rename
error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
number as the position of the element from the low level API now allow
to position the element at the specified (reversed) index. Using the
high level API a negative index permit to address a list of element
backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
(do it for both val1 and val2. Remove assertion, and let
idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.
PR: ports/104328
Submitted by: maintainer (Robin Gruyters)
Approved by: portmgr (pav)
I have jumped in over my head with maintaining the port, both in terms of my
skills with significantly modifying a port (particularly in getting the port
from 2.4.5 to 2.6.0), not using snort enough to really test the full package,
and not enough time to improve the port.
With that said, there still is ports/99862 that is still open (re: bring
security/snort to 2.6.0) which I have it the wall on trying to get the port
to deinstall cleanly due to the optional nature of some components. I will
continue to help out with other ports that I can take on and those that I
can still take on maintainership.
PR: ports/101526
Submitted by: Linh Pham <question+fbsdports@closedsrc.org> (maintainer)
