[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/

Tue, 23 Jan 2018 01:15:56 -0800 

commit:     78745195e87a1b2b6698d6600d74da6932ebcadd
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 23 09:15:07 2018 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Tue Jan 23 09:15:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78745195

net-analyzer/suricata: version bump to 4.0.3

This should fix security problems reported in https://bugs.gentoo.org/635662

Package-Manager: Portage-2.3.20, Repoman-2.3.6

 net-analyzer/suricata/Manifest              |   1 +
 net-analyzer/suricata/suricata-4.0.3.ebuild | 163 ++++++++++++++++++++++++++++
 2 files changed, 164 insertions(+)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index dee7b9c1e63..3115c23a894 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -3,3 +3,4 @@ DIST suricata-3.0.1.tar.gz 3315637 BLAKE2B 
f92e8f4b9708b265eda2476dbedaaa3a5c417
 DIST suricata-3.1.3.tar.gz 3340627 BLAKE2B 
6dff61a876591485fc32053912abfe8ec2ac23ff40ed63e4140d3c494adbf83b7310afae67f0b2c552f45c6ec9ed02db94635b3d90e4ac74e3da8de3a611f65b
 SHA512 
d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb
 DIST suricata-3.2.1.tar.gz 11754332 BLAKE2B 
1f72f9460c363aa86933a7105f0267d89e5b7e11db8668d30f2e84a545856cc53e4edc403f434533271697fc73d45fbd9ea2ce2cc4f07c245ba0724e3d0cae60
 SHA512 
6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290
 DIST suricata-3.2.tar.gz 11732080 BLAKE2B 
e5315edc7fb42792f165ebc6b43b3bef8ca8151857305adb6ac1cd2bbf93f5f679ac9762ac48836bf94dfdfc820e4dc7fdcaa73a2b609e3128524f39cd24c741
 SHA512 
327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e
+DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 
9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf
 SHA512 
aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b689dddd3b53892

diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild 
b/net-analyzer/suricata/suricata-4.0.3.ebuild
new file mode 100644
index 00000000000..604eae665be
--- /dev/null
+++ b/net-analyzer/suricata/suricata-4.0.3.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring 
engine"
+HOMEPAGE="http://suricata-ids.org/";
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz";
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate 
lua luajit nflog +nfqueue redis +rules test"
+
+REQUIRED_USE="lua? ( !luajit )"
+
+DEPEND="
+       >=dev-libs/jansson-2.2
+       dev-libs/libpcre
+       dev-libs/libyaml
+       net-libs/libnet:*
+       net-libs/libnfnetlink
+       dev-libs/nspr
+       dev-libs/nss
+       >=net-libs/libhtp-0.5.20
+       net-libs/libpcap
+       sys-apps/file
+       cuda?       ( dev-util/nvidia-cuda-toolkit )
+       geoip?      ( dev-libs/geoip )
+       lua?        ( dev-lang/lua:* )
+       luajit?     ( dev-lang/luajit:* )
+       nflog?      ( net-libs/libnetfilter_log )
+       nfqueue?    ( net-libs/libnetfilter_queue )
+       redis?      ( dev-libs/hiredis )
+       logrotate?      ( app-admin/logrotate )
+       sys-libs/libcap-ng
+"
+# #446814
+#      prelude?    ( dev-libs/libprelude )
+#      pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+       enewgroup ${PN}
+       enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+       eautoreconf
+}
+
+src_configure() {
+       local myeconfargs=(
+               "--localstatedir=/var/" \
+               "--enable-non-bundled-htp" \
+               $(use_enable af-packet) \
+               $(use_enable detection) \
+               $(use_enable nfqueue) \
+               $(use_enable test coccinelle) \
+               $(use_enable test unittests) \
+               $(use_enable control-socket unix-socket)
+       )
+
+       if use cuda ; then
+               myeconfargs+=( $(use_enable cuda) )
+       fi
+       if use geoip ; then
+               myeconfargs+=( $(use_enable geoip) )
+       fi
+       if use hardened ; then
+               myeconfargs+=( $(use_enable hardened gccprotect) )
+       fi
+       if use nflog ; then
+               myeconfargs+=( $(use_enable nflog) )
+       fi
+       if use redis ; then
+               myeconfargs+=( $(use_enable redis hiredis) )
+       fi
+       # not supported yet (no pfring in portage)
+#      if use pfring ; then
+#              myeconfargs+=( $(use_enable pfring) )
+#      fi
+       # no libprelude in portage
+#      if use prelude ; then
+#              myeconfargs+=( $(use_enable prelude) )
+#      fi
+       if use lua ; then
+               myeconfargs+=( $(use_enable lua) )
+       fi
+       if use luajit ; then
+               myeconfargs+=( $(use_enable luajit) )
+       fi
+
+# this should be used when pf_ring use flag support will be added
+#      LIBS+="-lrt -lnuma"
+
+       # avoid upstream configure script trying to add -march=native to CFLAGS
+       myeconfargs+=( --enable-gccmarch-native=no )
+
+       if use debug ; then
+               myeconfargs+=( $(use_enable debug) )
+               # so we can get a backtrace according to "reporting bugs" on 
upstream web site
+               CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+       else
+               econf LIBS="${LIBS}" ${myeconfargs[@]}
+       fi
+}
+
+src_install() {
+       emake DESTDIR="${D}" install
+
+       insinto "/etc/${PN}"
+       doins {classification,reference,threshold}.config suricata.yaml
+
+       if use rules ; then
+               insinto "/etc/${PN}/rules"
+               doins rules/*.rules
+       fi
+
+       dodir "/var/lib/${PN}"
+       dodir "/var/log/${PN}"
+
+       fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+       fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+       newinitd "${FILESDIR}/${P}-init" ${PN}
+       newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+       if use logrotate; then
+               insopts -m0644
+               insinto /etc/logrotate.d
+               newins "${FILESDIR}"/${PN}-logrotate ${PN}
+       fi
+}
+
+pkg_postinst() {
+       elog "The ${PN} init script expects to find the path to the 
configuration"
+       elog "file as well as extra options in /etc/conf.d."
+       elog ""
+       elog "To create more than one ${PN} service, simply create a new .yaml 
file for it"
+       elog "then create a symlink to the init script from a link called"
+       elog "${PN}.foo - like so"
+       elog "   cd /etc/${PN}"
+       elog "   ${EDITOR##*/} suricata-foo.yaml"
+       elog "   cd /etc/init.d"
+       elog "   ln -s ${PN} ${PN}.foo"
+       elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible 
options for foo."
+       elog ""
+       elog "You can create as many ${PN}.foo* services as you wish."
+
+       if use logrotate; then
+               elog "You enabled the logrotate USE flag. Please make sure you 
correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
+       fi
+
+       if use debug; then
+               elog "You enabled the debug USE flag. Please read this link to 
report bugs upstream:"
+               elog 
"https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs";
+               elog "You need to also ensure the FEATURES variable in 
make.conf contains the"
+               elog "'nostrip' option to produce useful core dumps or back 
traces."
+       fi
+}

Reply via email to