diff options
author | Olli Hauer <ohauer@FreeBSD.org> | 2015-06-14 19:31:20 +0000 |
---|---|---|
committer | Olli Hauer <ohauer@FreeBSD.org> | 2015-06-14 19:31:20 +0000 |
commit | b32814820fe77140acdcb53a3ed7df0f90c46fc3 (patch) | |
tree | 0b82bb6136bccfebc669795c928633bb7a3ee4c9 /security/pulledpork | |
parent | 164737fbd1c958f44ebfbbb15b7ba89b2ae52c96 (diff) | |
download | ports-b32814820fe77140acdcb53a3ed7df0f90c46fc3.tar.gz ports-b32814820fe77140acdcb53a3ed7df0f90c46fc3.zip |
- update to upstream svn r269
- use pkg-plist
Notes
Notes:
svn path=/head/; revision=389648
Diffstat (limited to 'security/pulledpork')
-rw-r--r-- | security/pulledpork/Makefile | 44 | ||||
-rw-r--r-- | security/pulledpork/files/patch-etc__pulledpork.conf | 38 | ||||
-rw-r--r-- | security/pulledpork/files/patch-pulledpork.pl | 141 | ||||
-rw-r--r-- | security/pulledpork/files/patch-so_rules.diff | 41 | ||||
-rw-r--r-- | security/pulledpork/pkg-plist | 14 |
5 files changed, 209 insertions, 69 deletions
diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile index 6257d09ed122..f3977028ed1a 100644 --- a/security/pulledpork/Makefile +++ b/security/pulledpork/Makefile @@ -3,6 +3,7 @@ PORTNAME= pulledpork PORTVERSION= 0.7.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= GOOGLE_CODE @@ -16,53 +17,40 @@ RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \ p5-libwww>=0:${PORTSDIR}/www/p5-libwww NO_BUILD= yes -USES= perl5 +USES= perl5 shebangfix USE_PERL5= run - -PLIST_FILES= bin/pulledpork.pl \ - %%ETCDIR%%/disablesid.conf.sample \ - %%ETCDIR%%/dropsid.conf.sample \ - %%ETCDIR%%/enablesid.conf.sample \ - %%ETCDIR%%/modifysid.conf.sample \ - %%ETCDIR%%/pulledpork.conf.sample \ - %%DATADIR%%/README.CONTRIB \ - %%DATADIR%%/oink-conv.pl +SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl SUB_FILES= pkg-message OPTIONS_DEFINE= DOCS - .include <bsd.port.options.mk> -PORTDOCS= README README.CATEGORIES README.CHANGES README.RULESET README.SHAREDOBJECTS - post-patch: - @${REINPLACE_CMD} -e "s|/usr/bin/perl|${PERL}|" ${WRKSRC}/pulledpork.pl @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ -e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \ -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ ${WRKSRC}/etc/pulledpork.conf - @${REINPLACE_CMD} -e "s| /usr/bin/perl|${PERL}|" ${WRKSRC}/contrib/oink-conv.pl do-install: - @${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin @${MKDIR} -m 750 ${STAGEDIR}${ETCDIR} # pulledpork.conf contains the snort user registration key, do not install world readable - @${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample - @${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample + ${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample + ${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample @${MKDIR} ${STAGEDIR}${DATADIR} - @${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} - @${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} + ${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} + ${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} @${MKDIR} ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} .include <bsd.port.mk> diff --git a/security/pulledpork/files/patch-etc__pulledpork.conf b/security/pulledpork/files/patch-etc__pulledpork.conf new file mode 100644 index 000000000000..82ad130c0fb4 --- /dev/null +++ b/security/pulledpork/files/patch-etc__pulledpork.conf @@ -0,0 +1,38 @@ +--- etc/pulledpork.conf.orig 2013-09-11 21:01:05 UTC ++++ etc/pulledpork.conf +@@ -121,14 +121,14 @@ config_path=/usr/local/etc/snort/snort.c + + # Define your distro, this is for the precompiled shared object libs! + # Valid Distro Types: +-# Debian-5-0, Debian-6-0, +-# Ubuntu-8.04, Ubuntu-10-4 +-# Centos-4-8, Centos-5-4 ++# Debian-6-0, Ubuntu-10-4 ++# Ubuntu-12-04, Centos-5-4 + # FC-12, FC-14, RHEL-5-5, RHEL-6-0 +-# FreeBSD-7-3, FreeBSD-8-1 +-# OpenBSD-4-8 ++# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 ++# OpenBSD-5-2, OpenBSD-5-3 ++# OpenSUSE-11-4, OpenSUSE-12-1 + # Slackware-13-1 +-distro=FreeBSD-8.1 ++distro=FreeBSD-10-0 + + ####### This next section is optional, but probably pretty useful to you. + ####### Please read thoroughly! +@@ -187,7 +187,7 @@ snort_control=/usr/local/bin/snort_contr + # This value MUST contain all 4 minor version + # numbers. ET rules are now also dependant on this, verify supported ET versions + # prior to simply throwing rubbish in this variable kthx! +-# snort_version=2.9.0.0 ++# snort_version=2.9.7.3 + + # Here you can specify what rule modification files to run automatically. + # simply uncomment and specify the apt path. +@@ -206,4 +206,4 @@ snort_control=/usr/local/bin/snort_contr + ####### need to process so_rules, simply comment out the so_rule section + ####### you can also specify -T at runtime to process only GID 1 rules. + +-version=0.7.0 ++version=0.7.1 diff --git a/security/pulledpork/files/patch-pulledpork.pl b/security/pulledpork/files/patch-pulledpork.pl new file mode 100644 index 000000000000..a80564f5ef57 --- /dev/null +++ b/security/pulledpork/files/patch-pulledpork.pl @@ -0,0 +1,141 @@ +--- pulledpork.pl.orig 2015-06-01 19:41:36 UTC ++++ pulledpork.pl +@@ -3,7 +3,7 @@ + ## pulledpork v(whatever it says below!) + ## cummingsj@gmail.com + +-# Copyright (C) 2009-2013 JJ Cummings and the PulledPork Team! ++# Copyright (C) 2009-2014 JJ Cummings and the PulledPork Team! + + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -41,16 +41,17 @@ use Data::Dumper; + + # we are gonna need these! + my ( $oinkcode, $temp_path, $rule_file, $Syslogging ); +-my $VERSION = "PulledPork v0.7.0 - Swine Flu!"; ++my $VERSION = "PulledPork v0.7.1 - Swine Flu with a side of Ebola!"; + my $ua = LWP::UserAgent->new; + ++ + my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto ); + my ( $Output, $Distro, $Snort, $sid_changelog, $ignore_files ); + my ( $Snort_config, $Snort_path, $Textonly, $grabonly, $ips_policy, ); + my ( $pid_path, $SigHup, $NoDownload, $sid_msg_map, @base_url ); + my ( $local_rules, $arch, $docs, @records, $enonly ); + my ( $rstate, $keep_rulefiles, $rule_file_path, $prefix, $black_list ); +-my ( $Process, $hmatch, $bmatch , $sid_msg_version); ++my ( $Process, $hmatch, $bmatch , $sid_msg_version, $skipVerify); + my $Sostubs = 1; + + # verbose and quiet control print() +@@ -144,11 +145,11 @@ sub Help { + -D What Distro are you running on, for the so_rules + For latest supported options see http://www.snort.org/snort-rules/shared-object-rules + Valid Distro Types: +- Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 +- Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 +- FreeBSD-7-3, FreeBSD-8-1 +- OpenBSD-4-8 +- Slackware-13-1 ++ Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 ++ FC-12, FC-14, RHEL-5-5, RHEL-6-0 ++ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 ++ OpenBSD-5-2, OpenBSD-5-3 ++ OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 + -e Where the enablesid config file lives. + -E Write ONLY the enabled rules to the output files. + -g grabonly (download tarball rule file(s) and do NOT process) +@@ -176,6 +177,7 @@ sub Help { + -V Print Version and exit + -v Verbose mode, you know.. for troubleshooting and such nonsense. + -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. ++ -w Skip the SSL verification (if there are issues pulling down rule files) + __EOT + + exit(0); +@@ -191,7 +193,7 @@ sub pulledpork { + `----,\\ ) + `--==\\\\ / $VERSION + `--==\\\\/ +- .-~~~~-.Y|\\\\_ Copyright (C) 2009-2013 JJ Cummings ++ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2014 JJ Cummings + \@_/ / 66\\_ cummingsj\@gmail.com + | \\ \\ _(\") + \\ /-| ||'--' Rules give me wings! +@@ -350,9 +352,27 @@ sub compare_md5 { + ## mimic LWP::Simple getstore routine - Thx pkthound! + sub getstore { + my ( $url, $file ) = @_; +- my $request = HTTP::Request->new( GET => $url ); +- my $response = $ua->request( $request, $file ); +- $response->code; ++ ++ # on the first run, the file may not exist, so check. ++ if ( -e $file) { ++ # Check to ensure the user has write access to the file ++ if ( -r $file && -w _) { ++ my $request = HTTP::Request->new( GET => $url ); ++ my $response = $ua->request( $request, $file ); ++ $response->code; ++ } else { ++ carp "ERROR: $file is not writable by ".(getpwuid($<))[0]."\n"; ++ syslogit( 'err|local0', "FATAL: $file is not writable by ".(getpwuid($<))[0]."\n" ) ++ if $Syslogging; ++ exit(1); ++ } ++ } else { ++ # The file does not exist, any errors refer to permission issues ++ my $request = HTTP::Request->new( GET => $url ); ++ my $response = $ua->request( $request, $file ); ++ $response->code; ++ } ++ + } + + ## time to grab the real 0xb33f +@@ -1507,7 +1527,8 @@ GetOptions( + "u=s" => \@base_url, + "V!" => sub { Version() }, + "v+" => \$Verbose, +- "help|?" => sub { Help() } ++ "help|?" => sub { Help() }, ++ "w" => \$skipVerify + ); + + ## Fly piggy fly! +@@ -1533,7 +1554,7 @@ if ( $Verbose && !$Quiet ) { + if ( exists $Config_info{'version'} ) { + croak "You are not using the current version of pulledpork.conf!\n", + "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" +- if $Config_info{'version'} ne "0.7.0"; ++ if $Config_info{'version'} ne "0.7.1"; + } + else { + croak +@@ -1700,6 +1721,7 @@ if ( $Verbose && !$Quiet ) { + if ($Textonly) { print "\tText Rules only Flag is Set\n"; } + if ( $Verbose == 2 ) { print "\tExtra Verbose Flag is Set\n"; } + if ($Verbose) { print "\tVerbose Flag is Set\n"; } ++ if ($skipVerify) { print "\tSSL Hostname Verification disabled\n"; } + if (@base_url) { print "\tBase URL is: @base_url\n"; } + } + +@@ -1717,10 +1739,17 @@ if ( !-d $temp_path ) { + # Validate sid_msg_map version + Help("Please specify version 1 or 2 for sid_msg_version in your config file\n") unless $sid_msg_version =~ /(1|2)/; + ++ + # set some UserAgent and other connection configs + $ua->agent("$VERSION"); + $ua->show_progress(1) if ( $Verbose && !$Quiet ); + ++# check to see if SSL verfication is disabled ++if ($skipVerify) { ++ $ua->ssl_opts( verify_hostname => 0 ) ++} ++ ++ + # New Settings to allow proxy connections to use proper SSL formating - Thx pkthound! + $ua->timeout(60); + $ua->cookie_jar( {} ); diff --git a/security/pulledpork/files/patch-so_rules.diff b/security/pulledpork/files/patch-so_rules.diff deleted file mode 100644 index 8c873f44bbed..000000000000 --- a/security/pulledpork/files/patch-so_rules.diff +++ /dev/null @@ -1,41 +0,0 @@ -Index: etc/pulledpork.conf -=================================================================== ---- etc/pulledpork.conf (revision 268) -+++ etc/pulledpork.conf (working copy) -@@ -121,12 +121,12 @@ - - # Define your distro, this is for the precompiled shared object libs! - # Valid Distro Types: --# Debian-5-0, Debian-6-0, --# Ubuntu-8.04, Ubuntu-10-4 --# Centos-4-8, Centos-5-4 -+# Debian-6-0, -+# Ubuntu-10-4, Ubuntu-12-04 -+# Centos-5-4 - # FC-12, FC-14, RHEL-5-5, RHEL-6-0 --# FreeBSD-7-3, FreeBSD-8-1 --# OpenBSD-4-8 -+# FreeBSD-8-1, FreeBSD-9-0 -+# OpenBSD-4-8, OpenBSD-5-2, OpenBSD-5-3 - # Slackware-13-1 - distro=FreeBSD-8.1 - -Index: pulledpork.pl -=================================================================== ---- pulledpork.pl (revision 268) -+++ pulledpork.pl (working copy) -@@ -144,10 +144,10 @@ - -D What Distro are you running on, for the so_rules - For latest supported options see http://www.snort.org/snort-rules/shared-object-rules - Valid Distro Types: -- Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4 -- Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-7-3, FreeBSD-8-1 -- OpenBSD-4-8 -+ Debian-6-0, Ubuntu-10-4, Ubuntu-12-04 -+ Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0 -+ FreeBSD-8-1, FreeBSD-9-0 -+ OpenBSD-4-8, OpenBSD-5-2, OpenBSD-5-3 - Slackware-13-1 - -e Where the enablesid config file lives. - -E Write ONLY the enabled rules to the output files. diff --git a/security/pulledpork/pkg-plist b/security/pulledpork/pkg-plist new file mode 100644 index 000000000000..d917a57b3da8 --- /dev/null +++ b/security/pulledpork/pkg-plist @@ -0,0 +1,14 @@ +bin/pulledpork.pl +%%ETCDIR%%/disablesid.conf.sample +%%ETCDIR%%/dropsid.conf.sample +%%ETCDIR%%/enablesid.conf.sample +%%ETCDIR%%/modifysid.conf.sample +@(,,0640) %%ETCDIR%%/pulledpork.conf.sample +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/README.CATEGORIES +%%PORTDOCS%%%%DOCSDIR%%/README.CHANGES +%%PORTDOCS%%%%DOCSDIR%%/README.RULESET +%%PORTDOCS%%%%DOCSDIR%%/README.SHAREDOBJECTS +%%DATADIR%%/README.CONTRIB +%%DATADIR%%/oink-conv.pl +@dir(,,0750) %%ETCDIR%% |