kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/snort/options.mk
nils 7f6f1b132f Updated net/snort to version 2.9.16.1. 
Upstream changelog from 2.9.15.1 to 2.9.16 :
* src/preprocessors/Stream6/snort_stream_tcp.c :
  Addressed an issue when out-of-order FIN is received by dropping it.

* src/output-plugins/spo_unified2.c,
  src/preprocessors/Stream6/snort_stream_tcp.c :
  Fixed an issue in which xtradata is not added to the alert in unified file.

* src/reload.c,
  src/snort.c :
  Fixed potential race condition between reload and exit path (main thread).

* etc/file_magic.conf :
  Updated the file magic to detect ALZ file types.

* src/sfutil/sf_ip.h :
  Added support for gcc version 9.2.1.

* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
  Fixed an issue in which APPID returns no match.

* src/dynamic-preprocessors/dcerpc2/sf_dce2.vcxproj,
  src/dynamic-preprocessors/dnp3/sf_dnp3.vcxproj,
  src/dynamic-preprocessors/dns/sf_dns.vcxproj,
  src/dynamic-preprocessors/dynamic_preprocessors.vcxproj,
  src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.vcxproj,
  src/dynamic-preprocessors/gtp/sf_gtp.vcxproj,
  src/dynamic-preprocessors/imap/sf_imap.vcxproj,
  src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.vcxproj,
  src/dynamic-preprocessors/modbus/sf_modbus.vcxproj,
  src/dynamic-preprocessors/pop/sf_pop.vcxproj,
  src/dynamic-preprocessors/reputation/sf_reputation.vcxproj,
  src/dynamic-preprocessors/sdf/sf_sdf.vcxproj,
  src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.vcxproj,
  src/dynamic-preprocessors/sip/sf_sip.vcxproj,
  src/dynamic-preprocessors/smtp/sf_smtp.vcxproj,
  src/dynamic-preprocessors/ssh/sf_ssh.vcxproj,
  src/dynamic-preprocessors/ssl/sf_ssl.vcxproj,
  src/win32/WIN32-Prj/build_all.vcxproj,
  src/win32/WIN32-Prj/sf_engine.vcxproj,
  src/win32/WIN32-Prj/sf_engine_initialize.vcxproj,
  src/win32/WIN32-Prj/snort.vcxproj,
  src/win32/WIN32-Prj/snort_initialize.vcxproj,
  src/win32/WIN32-Prj/snort_installer_x64.nsi,
  src/win32/WIN32-Prj/snort_x64.dsw,
  src/win64/WIN64-Libraries/Packet.lib,
  src/win64/WIN64-Libraries/libdnet/dnet.lib,
  src/win64/WIN64-Libraries/pcre.lib,
  src/win64/WIN64-Libraries/wpcap.lib,
  src/win64/WIN64-Libraries/zlib.lib,
  tools/u2spewfoo/u2spewfoo.vcxproj :
  Added 64-bit support for Windows 10 operating system.

* src/dynamic-preprocessors/pop/snort_pop.c :
  Fixed an issue where POP preprocessor was not generating alert in some cases.

* src/dynamic-preprocessors/gtp/gtp_parser.c :
  Fixed the alerting logic for GTP v2 with missing TEID.

* src/preprocessors/HttpInspect/utils/hi_paf.c :
  Fixed file policy not working with character prefix in chunk size.

* configure.in,
  src/reload.c,
  src/side-channel/sidechannel.c,
  src/snort.c,
  src/target-based/sftarget_reader.c,
  src/util.h :
  Added support for glibc version 2.30.

* src/decode.h,
  src/dynamic-plugins/sf_engine/sf_snort_packet.h,
  src/preprocessors/HttpInspect/utils/hi_paf.c,
  src/preprocessors/Stream6/snort_stream_tcp.c,
  src/preprocessors/Stream6/stream_paf.c,
  src/preprocessors/snort_httpinspect.c,
  src/preprocessors/snort_httpinspect.h,
  src/preprocessors/stream_api.h :
  Added support for early inspection of HTTP payload before flushing in pre-ack mode.

* src/file-process/file_api.h,
  src/file-process/file_service.c,
  src/preprocessors/HttpInspect/include/hi_norm.h,
  src/preprocessors/HttpInspect/include/hi_ui_config.h,
  src/preprocessors/HttpInspect/server/hi_server_norm.c,
  src/preprocessors/snort_httpinspect.c :
  Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8.

Upstream changelog from 2.9.16 to 2.9.16.1 :

* src/dynamic-preprocessors/appid/appIdConfig.h,
  src/dynamic-preprocessors/appid/appInfoTable.c,
  src/dynamic-preprocessors/appid/flow.h,
  src/dynamic-preprocessors/appid/fw_appid.c :
  Added packet counters to make sure flows with one-way data don't pend forever.

* src/detection-plugins/sp_flowbits.c,
  src/snort.c :
  Fixed potential race condition between reload and exit path.

* src/detection-plugins/sp_session.c,
  src/preprocessors/Stream6/stream_paf.h,
  src/sfutil/util_jsnorm.c :
  Added support for GCC version 10.1.1.

Pkgsrc changes :
* added patch for NetBSD to get the definition for endrpcent(), which fixes compilation
* snort now depends on bash since a bundled tool is a bash shell script
* some pkglint compliance changes in Makefile and options.mk
2020-10-01 19:45:02 +00:00

106 lines
2.6 KiB
Makefile
Raw Blame History

# $NetBSD: options.mk,v 1.10 2020/10/01 19:45:02 nils Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.snort
PKG_SUPPORTED_OPTIONS= debug snort-prelude ssl snmp snort-gre
PKG_SUPPORTED_OPTIONS+= snort-dynamicplugin snort-timestats
PKG_SUPPORTED_OPTIONS+= snort-rulestate
PKG_OPTIONS_OPTIONAL_GROUPS= flex
PKG_OPTIONS_GROUP.flex= snort-flexresp snort-flexresp2
.include "../../mk/bsd.options.mk"
###
### Please note that a large number of these options remain un-tested
### for this package.
###
###
### Enable dynamically loadable preprocessors, detection engine
### and rules libraries.
###
.if !empty(PKG_OPTIONS:Msnort-dynamicplugin)
CONFIGURE_ARGS+= --enable-dynamicplugin
.endif
###
### Enable rule state configuration feature
###
.if !empty(PKG_OPTIONS:Msnort-rulestate)
CONFIGURE_ARGS+= --enable-rulestate
.endif
###
### Enable real-time performance statistics
###
.if !empty(PKG_OPTIONS:Msnort-timestats)
CONFIGURE_ARGS+= --enable-timestats
.endif
###
### Enable debug support
###
.if !empty(PKG_OPTIONS:Mdebug)
CONFIGURE_ARGS+= --enable-debug
.endif
###
### Support for openssl (used by the XML output plugin)
###
.if !empty(PKG_OPTIONS:Mssl)
CONFIGURE_ARGS+= --with-openssl
.endif
###
### Enable GRE decoder
###
.if !empty(PKG_OPTIONS:Msnort-gre)
CONFIGURE_ARGS+= --enable-gre
.endif
###
### Enable SNMP alerting code
###
.if !empty(PKG_OPTIONS:Msnmp)
CONFIGURE_ARGS+= --with-snmp
.endif
###
### Enable Prelude support (untested)
###
.if !empty(PKG_OPTIONS:Msnort-prelude)
.include "../../security/libprelude/buildlink3.mk"
CONFIGURE_ARGS+= --enable-prelude
.endif
###
### Flexible Responses on hostile connection attempts (untested)
###
.if !empty(PKG_OPTIONS:Msnort-flexresp)
.include "../../devel/libnet10/buildlink3.mk"
CONFIGURE_ARGS+= --enable-flexresp
CONFIGURE_ARGS+= --with-libnet-includes=${BUILDLINK_PREFIX.libnet10}/include/libnet10
CONFIGURE_ARGS+= --with-libnet-libraries=${BUILDLINK_PREFIX.libnet10}/lib/libnet10
SUBST_CLASSES+= conf
SUBST_STAGE.conf= pre-configure
SUBST_FILES.conf= configure
SUBST_SED.conf= -e "s|libnet-config|libnet10-config|g"
SUBST_MESSAGE.conf= Fixing configuration script.
.endif
###
### NEW Flexible Responses on hostile connection attempts (untested)
###
.if !empty(PKG_OPTIONS:Msnort-flexresp2)
.include "../../devel/libnet11/buildlink3.mk"
CONFIGURE_ARGS+= --with-libnet-includes=${BUILDLINK_PREFIX.libnet11}/include/libnet11
CONFIGURE_ARGS+= --with-libnet-libraries=${BUILDLINK_PREFIX.libnet11}/lib/libnet11
CONFIGURE_ARGS+= --enable-flexresp2
SUBST_CLASSES+= conf
SUBST_STAGE.conf= pre-configure
SUBST_FILES.conf= configure
SUBST_SED.conf= -e "s|libnet-config|libnet11-config|g"
SUBST_MESSAGE.conf= Fixing configuration script.
.endif
Reference in a new issue View git blame Copy permalink