commit: f3fe5e0ccbcf0af56e2d7e0c2c6231a2026df2f9 Author: Marek Szuba <marecki <AT> gentoo <DOT> org> AuthorDate: Mon Dec 16 18:10:25 2019 +0000 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> CommitDate: Mon Dec 16 18:10:25 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3fe5e0c
net-analyzer/suricata: remove vulnerable 4.0.4 Bug: https://bugs.gentoo.org/690196 Bug: https://bugs.gentoo.org/686428 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> net-analyzer/suricata/Manifest | 1 - .../files/suricata-4.0.4_configure-lua-flags.patch | 16 -- .../suricata/files/suricata-4.0.4_sockios.patch | 13 -- .../{suricata-4.0.4-conf => suricata-5.0.0-conf} | 0 .../{suricata-4.0.4-init => suricata-5.0.0-init} | 0 net-analyzer/suricata/suricata-4.0.4.ebuild | 171 --------------------- net-analyzer/suricata/suricata-5.0.0.ebuild | 4 +- 7 files changed, 2 insertions(+), 203 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 72532b86510..16a7c6ae731 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1 @@ -DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e diff --git a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch deleted file mode 100644 index bad66359afa..00000000000 --- a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -1749,11 +1749,11 @@ - # liblua - AC_ARG_ENABLE(lua, - AS_HELP_STRING([--enable-lua],[Enable Lua support]), -- [ enable_lua="yes"], -+ [], - [ enable_lua="no"]) - AC_ARG_ENABLE(luajit, - AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), -- [ enable_luajit="yes"], -+ [], - [ enable_luajit="no"]) - if test "$enable_lua" = "yes"; then - if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch deleted file mode 100644 index a341d9c159f..00000000000 --- a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- src/source-af-packet.c.orig 2019-09-08 20:50:06.416466432 +0200 -+++ src/source-af-packet.c 2019-09-08 20:53:26.144471385 +0200 -@@ -70,6 +70,10 @@ - - #ifdef HAVE_AF_PACKET - -+#ifdef HAVE_LINUX_SOCKIOS_H -+#include <linux/sockios.h> -+#endif -+ - #if HAVE_SYS_IOCTL_H - #include <sys/ioctl.h> - #endif diff --git a/net-analyzer/suricata/files/suricata-4.0.4-conf b/net-analyzer/suricata/files/suricata-5.0.0-conf similarity index 100% rename from net-analyzer/suricata/files/suricata-4.0.4-conf rename to net-analyzer/suricata/files/suricata-5.0.0-conf diff --git a/net-analyzer/suricata/files/suricata-4.0.4-init b/net-analyzer/suricata/files/suricata-5.0.0-init similarity index 100% rename from net-analyzer/suricata/files/suricata-4.0.4-init rename to net-analyzer/suricata/files/suricata-5.0.0-init diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild deleted file mode 100644 index 2ea320ca46b..00000000000 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ /dev/null @@ -1,171 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit autotools eutils user - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/"; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz"; - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/jansson-2.2 - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - >=net-libs/libhtp-0.5.20 - net-libs/libpcap - sys-apps/file - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/geoip ) - lua? ( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue? ( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis ) - logrotate? ( app-admin/logrotate ) - sys-libs/libcap-ng -" -# #446814 -# prelude? ( dev-libs/libprelude ) -# pfring? ( sys-process/numactl net-libs/pf_ring) -RDEPEND="${DEPEND}" - -pkg_setup() { - enewgroup ${PN} - enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" -} - -src_prepare() { - epatch "${FILESDIR}/${P}_configure-lua-flags.patch" - epatch "${FILESDIR}/${P}_sockios.patch" - sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" - eautoreconf -} - -src_configure() { - local myeconfargs=( - "--localstatedir=/var/" \ - "--enable-non-bundled-htp" \ - $(use_enable af-packet) \ - $(use_enable detection) \ - $(use_enable nfqueue) \ - $(use_enable test coccinelle) \ - $(use_enable test unittests) \ - $(use_enable control-socket unix-socket) - ) - - if use cuda ; then - myeconfargs+=( $(use_enable cuda) ) - fi - if use geoip ; then - myeconfargs+=( $(use_enable geoip) ) - fi - if use hardened ; then - myeconfargs+=( $(use_enable hardened gccprotect) ) - fi - if use nflog ; then - myeconfargs+=( $(use_enable nflog) ) - fi - if use redis ; then - myeconfargs+=( $(use_enable redis hiredis) ) - fi - # not supported yet (no pfring in portage) -# if use pfring ; then -# myeconfargs+=( $(use_enable pfring) ) -# fi - # no libprelude in portage -# if use prelude ; theng -# myeconfargs+=( $(use_enable prelude) ) -# fi - if use lua ; then - myeconfargs+=( $(use_enable lua) ) - fi - if use luajit ; then - myeconfargs+=( $(use_enable luajit) ) - fi - if (use !lua) && (use !luajit) ; then - myeconfargs+=( - --disable-lua - --disable-luajit - ) - fi - -# this should be used when pf_ring use flag support will be added -# LIBS+="-lrt -lnuma" - - # avoid upstream configure script trying to add -march=native to CFLAGS - myeconfargs+=( --enable-gccmarch-native=no ) - - if use debug ; then - myeconfargs+=( $(use_enable debug) ) - # so we can get a backtrace according to "reporting bugs" on upstream web site - CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]} - else - econf LIBS="${LIBS}" ${myeconfargs[@]} - fi -} - -src_install() { - emake DESTDIR="${D}" install - - insinto "/etc/${PN}" - doins {classification,reference,threshold}.config suricata.yaml - - if use rules ; then - insinto "/etc/${PN}/rules" - doins rules/*.rules - fi - - keepdir "/var/lib/${PN}" - keepdir "/var/log/${PN}" - - fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - - newinitd "${FILESDIR}/${P}-init" ${PN} - newconfd "${FILESDIR}/${P}-conf" ${PN} - - if use logrotate; then - insopts -m0644 - insinto /etc/logrotate.d - newins "${FILESDIR}"/${PN}-logrotate ${PN} - fi -} - -pkg_postinst() { - elog "The ${PN} init script expects to find the path to the configuration" - elog "file as well as extra options in /etc/conf.d." - elog "" - elog "To create more than one ${PN} service, simply create a new .yaml file for it" - elog "then create a symlink to the init script from a link called" - elog "${PN}.foo - like so" - elog " cd /etc/${PN}" - elog " ${EDITOR##*/} suricata-foo.yaml" - elog " cd /etc/init.d" - elog " ln -s ${PN} ${PN}.foo" - elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." - elog "" - elog "You can create as many ${PN}.foo* services as you wish." - - if use logrotate; then - elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/." - fi - - if use debug; then - elog "You enabled the debug USE flag. Please read this link to report bugs upstream:" - elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"; - elog "You need to also ensure the FEATURES variable in make.conf contains the" - elog "'nostrip' option to produce useful core dumps or back traces." - fi -} diff --git a/net-analyzer/suricata/suricata-5.0.0.ebuild b/net-analyzer/suricata/suricata-5.0.0.ebuild index 05f328b973b..9701e036e6a 100644 --- a/net-analyzer/suricata/suricata-5.0.0.ebuild +++ b/net-analyzer/suricata/suricata-5.0.0.ebuild @@ -134,8 +134,8 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - newinitd "${FILESDIR}/${PN}-4.0.4-init" ${PN} - newconfd "${FILESDIR}/${PN}-4.0.4-conf" ${PN} + newinitd "${FILESDIR}/${PN}-5.0.0-init" ${PN} + newconfd "${FILESDIR}/${PN}-5.0.0-conf" ${PN} systemd_dounit "${FILESDIR}"/${PN}.service systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
