4 files changed, 14 insertions, 406 deletions

diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile
index 0e8620c338e1..2921a42f4f65 100644
--- a/security/pulledpork/Makefile
+++ b/security/pulledpork/Makefile
@@ -1,4 +1,4 @@
-# Create by: Olli Hauer
+# Created by: Olli Hauer
 # $FreeBSD$
 
 PORTNAME=	pulledpork
@@ -7,6 +7,10 @@ PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GOOGLE_CODE}
 
+PATCH_SITES=	${MASTER_SITE_LOCAL}
+PATCH_SITE_SUBDIR=	ohauer
+PATCHFILES=	${PORTNAME}-${PORTVERSION}-r${PATCHREV}.diff.bz2
+
 MAINTAINER=	ohauer@FreeBSD.org
 COMMENT=	Script to update snort-2.8+ rules
 
@@ -16,6 +20,8 @@ RUN_DEPENDS=	p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \
 		p5-LWP-Protocol-https>=6.00:${PORTSDIR}/www/p5-LWP-Protocol-https \
 		p5-libwww>=0:${PORTSDIR}/www/p5-libwww
 
+# 0.6.1 -> svn rev. 230
+PATCHREV=	230-262
 NO_BUILD=	yes
 USE_PERL5_RUN=	yes
 
@@ -33,7 +39,9 @@ PLIST_FILES=	bin/pulledpork.pl \
 
 SUB_FILES=	pkg-message
 
-.if !defined(NOPORTDOCS)
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MDOCS}
 PORTDOCS=	LICENSE README README.CATEGORIES README.CHANGES README.RULESET README.SHAREDOBJECTS
 .endif
 
@@ -60,7 +68,7 @@ do-install:
 	@${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${DATADIR}/
 	@${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${DATADIR}/
 
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${DOCSDIR}
 	@${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}/
 	@${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/
diff --git a/security/pulledpork/distinfo b/security/pulledpork/distinfo
index 249248cfb57e..64b0e3f9d211 100644
--- a/security/pulledpork/distinfo
+++ b/security/pulledpork/distinfo
@@ -1,2 +1,4 @@
 SHA256 (pulledpork-0.6.1.tar.gz) = 28052849ce60f034f5ba348659e611562c8fe9d572b3c177a0c23e3f92638ad1
 SIZE (pulledpork-0.6.1.tar.gz) = 35444
+SHA256 (pulledpork-0.6.1-r230-262.diff.bz2) = 4e331311e71d1068851397fb880f03a5947a8b7f5dd5a860d0ff9ef5cc8f59b3
+SIZE (pulledpork-0.6.1-r230-262.diff.bz2) = 14931
diff --git a/security/pulledpork/files/patch-svn-r230-rHEAD b/security/pulledpork/files/patch-svn-r230-rHEAD
deleted file mode 100644
index a0e5eb7ee3ac..000000000000
--- a/security/pulledpork/files/patch-svn-r230-rHEAD
+++ /dev/null
@@ -1,402 +0,0 @@
-Index: doc/README.CHANGES
-===================================================================
---- doc/README.CHANGES	(revision 230)
-+++ doc/README.CHANGES	(revision 243)
-@@ -1,5 +1,30 @@
- PulledPork Changelog
- 
-+V0.6.2 the Cigar Pig
-+
-+Bug Fixes:
-+- Bug #79 - Fixed race condition that did not allow for disabled rules to be modified using modifysid
-+	These rules would then be enabled by flowbit dependency check and be unmodified
-+- Bug #77 - Adjusted chown property of archive::tar
-+- Bug #78 - Adjusted per bug report to allow for proper ignoring of preproc.rules 
-+- Bug #102 - Only Enabled rules are written to sid-msg.map now when -E flag is specified
-+- Bug #99 - Doc Bug, updated docs associated with snort_version variable
-+- Bug #96 - Modified code to allow for same-line traling comments: "1:10011 #can haz disable!"
-+		Also updated the rulestate files (enable,disable,drop)
-+- Bug #82 - Modified run order to force modifysid to run before all other sid state modification routines
-+		This allows for sid changes to be made prior to automatic state determination ala automatic
-+		flowbit resolution.  NOTE that this DOES NOT AND WILL NOT disable automatic flowbit
-+		resolution, this is a critical piece.
-+- Bug #81 - Updated valid SO distro pre-compiled list
-+- Bug #114 - Update Regex to allow for null search/replace in modify_sid sub
-+- Unlisted Bug - Allow for escaped ; "\;" in references
-+- Bug #121 - Update to allow for new etpro.com url and cert!
-+- Bug #119 - Fixed regex [^\\]...
-+
-+New Features / changes:
-+- Bug #105 - Removed Switch function as it is deprecated in > 5.12 perl
-+- Unlisted Bug - Include IP Reputation capability
-+
- v0.6.1 the Smoking Pig, revisited
- 
- Bug Fixes:
-Index: etc/pulledpork.conf
-===================================================================
---- etc/pulledpork.conf	(revision 230)
-+++ etc/pulledpork.conf	(revision 243)
-@@ -10,20 +10,22 @@
- #######  snort version and subscription etc...)
- ####### 
- 
--# The rule_url value replaces the old base_url and rule_file configuration
--# options.  You can now specify one or as many rule_urls as you like, they 
-+# You can specify one or as many rule_urls as you like, they 
- # must appear as http://what.site.com/|rulesfile.tar.gz|1234567.  You can specify
- # each on an individual line, or you can specify them in a , separated list
- # i.e. rule_url=http://x.y.z/|a.tar.gz|123,http://z.y.z/|b.tar.gz|456
- # note that the url, rule file, and oinkcode itself are separated by a pipe |
- # i.e. url|tarball|123456789, 
- rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
-+# NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode>
-+# This format MUST be followed to let pulledpork know that this is a blacklist
-+rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
- # get the rule docs!
- rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>
--rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
-+rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
- # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
- # and the et oinkcode requirement!
--rule_url=https://rules.emergingthreats.net/|etpro.rules.tar.gz|<et oinkcode>
-+rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>
- # NOTE above that the VRT snortrules-snapshot does not contain the version
- # portion of the tarball name, this is because PP now automatically populates
- # this value for you, if, however you put the version information in, PP will
-@@ -50,9 +52,6 @@
- # previous ignore line and uncomment the following!
- # ignore=deleted,experimental,local,decoder,preprocessor,sensitive-data
- 
--# Define your Oinkcode - DEPRICATED, SEE RULE_URL
--# oinkcode=replacethiswithyouroinkcode
--
- # What is our temp path, be sure this path has a bit of space for rule 
- # extraction and manipulation, no trailing slash
- temp_path=/tmp
-@@ -116,12 +115,15 @@
- sostub_path=/usr/local/etc/snort/rules/so_rules.rules
- 
- # Define your distro, this is for the precompiled shared object libs!
--# Valid Distro Types=Debian-Lenny, Ubuntu-6.01.1, Ubuntu-8.04
--# CentOS-4.6, Centos-4-8, CentOS-5.0, Centos-5-4
--# FC-5, FC-9, FC-11, FC-12, RHEL-5.0
--# FreeBSD-6.3, FreeBSD-7-2, FreeBSD-7-3, FreeBSD-7.0, FreeBSD-8-0, FreeBSD-8-1
--# OpenSUSE-11-3
--distro=FreeBSD-8.0
-+# Valid Distro Types:
-+# Debian-5-0, Debian-6-0,
-+# Ubuntu-8.04, Ubuntu-10-4
-+# Centos-4-8, Centos-5-4
-+# FC-12, FC-14, RHEL-5-5, RHEL-6-0
-+# FreeBSD-7-3, FreeBSD-8-1
-+# OpenBSD-4-8
-+# Slackware-13-1
-+distro=FreeBSD-8.1
- 
- #######  This next section is optional, but probably pretty useful to you.
- #######  Please read thoroughly!
-@@ -160,8 +162,7 @@
- 
- # This defines the version of snort that you are using, for use ONLY if the 
- # proper snort binary is not on the system that you are fetching the rules with
--# Defining this value will set the Textonly flag, and thus will NOT allow
--# you to use shared object rules.  This value MUST contain all 4 minor version
-+# This value MUST contain all 4 minor version
- # numbers. ET rules are now also dependant on this, verify supported ET versions
- # prior to simply throwing rubbish in this variable kthx!
- # snort_version=2.9.0.0
-@@ -183,4 +184,4 @@
- ####### need to process so_rules, simply comment out the so_rule section
- ####### you can also specify -T at runtime to process only GID 1 rules.
- 
--version=0.6.0
-+version=0.6.1
-Index: etc/disablesid.conf
-===================================================================
---- etc/disablesid.conf	(revision 230)
-+++ etc/disablesid.conf	(revision 243)
-@@ -6,6 +6,10 @@
- # Example of modifying state for rule ranges
- # 1:220-1:3264,3:13010-3:13013
- 
-+# Comments are allowed in this file, and can also be on the same line
-+# As the modify state syntax, as long as it is a trailing comment
-+# 1:1011 # I Disabled this rule because I could!
-+
- # Example of modifying state for MS and cve rules, note the use of the : 
- # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
- # and all MS00 and all cve 2000 related sids!  These support regular expression
-Index: etc/dropsid.conf
-===================================================================
---- etc/dropsid.conf	(revision 230)
-+++ etc/dropsid.conf	(revision 243)
-@@ -10,6 +10,10 @@
- # Example of modifying state for rule ranges
- # 1:220-1:3264,3:13010-3:13013
- 
-+# Comments are allowed in this file, and can also be on the same line
-+# As the modify state syntax, as long as it is a trailing comment
-+# 1:1011 # I Disabled this rule because I could!
-+
- # Example of modifying state for MS and cve rules, note the use of the : 
- # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
- # and all MS00 and all cve 2000 related sids!  These support regular expression
-Index: etc/enablesid.conf
-===================================================================
---- etc/enablesid.conf	(revision 230)
-+++ etc/enablesid.conf	(revision 243)
-@@ -10,6 +10,10 @@
- # Example of modifying state for rule ranges
- # 1:220-1:3264,3:13010-3:13013
- 
-+# Comments are allowed in this file, and can also be on the same line
-+# As the modify state syntax, as long as it is a trailing comment
-+# 1:1011 # I Disabled this rule because I could!
-+
- # Example of modifying state for MS and cve rules, note the use of the : 
- # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
- # and all MS00 and all cve 2000 related sids!  These support regular expression
-Index: pulledpork.pl
-===================================================================
---- pulledpork.pl	(revision 230)
-+++ pulledpork.pl	(revision 243)
-@@ -33,7 +33,6 @@
- use Getopt::Long qw(:config no_ignore_case bundling);
- use Archive::Tar;
- use POSIX qw(:errno_h);
--use Switch;
- use Cwd;
- use Carp;
- 
-@@ -41,7 +40,7 @@
- 
- # we are gonna need these!
- my ( $oinkcode, $temp_path, $rule_file, $Syslogging );
--my $VERSION = "PulledPork v0.6.1 the Smoking Pig <////~";
-+my $VERSION = "PulledPork v0.6.2dev the Cigar Pig <////~";
- my $ua      = LWP::UserAgent->new;
- 
- my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto );
-@@ -139,11 +138,12 @@
-    -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations.
-    -D What Distro are you running on, for the so_rules
-       For latest supported options see http://www.snort.org/snort-rules/shared-object-rules
--      Valid Distro Types=Debian-Lenny, Ubuntu-6.01.1, Ubuntu-8.04
--		CentOS-4.6, Centos-4-8, CentOS-5.0, Centos-5-4
--		FC-5, FC-9, FC-11, FC-12, RHEL-5.0
--		FreeBSD-6.3, FreeBSD-7-2, FreeBSD-7-3, FreeBSD-7.0, FreeBSD-8-0, FreeBSD-8-1
--		OpenSUSE-11-3
-+      Valid Distro Types:
-+		Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4
-+		Centos-4-8, Centos-5-4,	FC-12, FC-14, RHEL-5-5, RHEL-6-0
-+		FreeBSD-7-3, FreeBSD-8-1
-+		OpenBSD-4-8
-+		Slackware-13-1
-    -e Where the enablesid config file lives.
-    -E Write ONLY the enabled rules to the output files.
-    -g grabonly (download tarball rule file(s) and do NOT process)
-@@ -222,6 +222,7 @@
-     my $tar = Archive::Tar->new();
-     $tar->read( $temp_path . $rule_file );
-     $tar->setcwd( cwd() );
-+    local $Archive::Tar::CHOWN = 0; 
-     my @ignores = split( /,/, $ignore );
- 
-     foreach (@ignores) {
-@@ -233,7 +234,7 @@
-             print "\tIgnoring preprocessor rules: $_\n"
-               if ( $Verbose && !$Quiet );
-             my $preprocfile = $_;
--            $preprocfile =~ s/preproc/rules/;
-+            $preprocfile =~ s/\.preproc/\.rules/;
-             $tar->remove("preproc_rules/$preprocfile");
-         }
-         elsif ( $_ =~ /\.so/ ) {
-@@ -368,6 +369,10 @@
-           getstore( "https://www.snort.org/reg-rules/$rule_file/$oinkcode",
-             $temp_path . $rule_file );
-     }
-+    elsif ($rule_file eq "IPBLACKLIST"){
-+	$getrules_rule =
-+	  getstore( "http://labs.snort.org/feeds/ip-filter.blf", $temp_path . "black_list.rules")
-+    }
-     else {
-         $getrules_rule =
-           getstore( $base_url . "/" . $rule_file, $temp_path . $rule_file );
-@@ -435,7 +440,7 @@
-           getstore( "https://www.snort.org/reg-rules/$rule_file.md5/$oinkcode",
-             $temp_path . $rule_file . ".md5" );
-     }
--    elsif ( $base_url =~ /emergingthreats\.net/i ) {
-+    elsif ( $base_url =~ /(emergingthreats\.net|emergingthreatspro\.com)/i ) {
-         $getrules_md5 = getstore(
-             "$base_url/$rule_file" . ".md5",
-             $temp_path . $rule_file . ".md5"
-@@ -708,17 +713,16 @@
-     open( FH, "<$file" ) || carp "Unable to open $file\n";
-     while (<FH>) {
-         next if ( ( $_ =~ /^\s*#/ ) || ( $_ eq " " ) );
--        if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.+)"/ ) {
-+        if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.*)"/ ) {
-             my ( $sids, $from, $to ) = ( $1, $2, $3 );
-             @arry = split( /,/, $sids ) if $sids !~ /\*/;
-             @arry = "*" if $sids =~ /\*/;
-             foreach my $sid (@arry) {
-                 $sid = trim($sid);
--                if ( $sid ne "*" && exists $$href{1}{$sid} ) {
-+                if ( $sid ne "*" && defined $$href{1}{$sid}{'rule'} ) {
-                     print "\tModifying SID:$sid from:$from to:$to\n"
-                       if ( $Verbose && !$Quiet );
--                    $$href{1}{$sid}{'rule'} =~ s/$from/$to/
--                      if $$href{1}{$sid}{'rule'} !~ /^\s*#/;
-+                    $$href{1}{$sid}{'rule'} =~ s/$from/$to/;
-                 }
-                 elsif ( $sid eq "*" ) {
-                     print "\tModifying ALL SIDS from:$from to:$to\n"
-@@ -739,21 +743,22 @@
- # speed ftw!
- sub modify_state {
-     my ( $function, $SID_conf, $hashref, $rstate ) = @_;
--    my ( @sid_mod, $sidlist );
-+    my ( @sid_mod, $sidlist);
-     print "Processing $SID_conf....\n" if !$Quiet;
-     print "\tSetting rules specified in $SID_conf to their default state!\n"
-       if ( !$Quiet && $function eq 'enable' && $rstate );
-     if ( -f $SID_conf ) {
-         open( DATA, "$SID_conf" ) or carp "unable to open $SID_conf $!";
-         while (<DATA>) {
--            $sidlist = $_;
-+	    next unless ($_ !~ /^\s*#/ && $_ ne "");
-+	    $sidlist = (split '#',$_)[0];
-             chomp($sidlist);
-             $sidlist = trim($sidlist);
--            if ( ( $sidlist !~ /^\s*#/ ) && ( $sidlist ne "" ) && !(@sid_mod) )
-+            if (!@sid_mod )
-             {
-                 @sid_mod = split( /,/, $sidlist );
-             }
--            elsif ( ( $sidlist !~ /^\s*#/ ) && ( $sidlist ne "" && @sid_mod ) )
-+            elsif (@sid_mod)
-             {
-                 push( @sid_mod, split( /,/, $sidlist ) );
-             }
-@@ -861,8 +866,8 @@
-                     if ( $gid && $sid ) {
-                         $gid =~ s/:\d+//;
-                         $sid =~ s/\d+://;
--                        switch ($function) {
--                            case "enable" {
-+                        if ($function) {
-+                            if ($function eq "enable") {
-                                 if ( exists $$hashref{$gid}{$sid}
-                                     && $$hashref{$gid}{$sid}{'rule'} =~
-                                     /^\s*#\s*(alert|drop|pass)/i
-@@ -904,7 +909,7 @@
-                                     }
-                                 }
-                             }
--                            case "drop" {
-+                            elsif ($function eq "drop") {
-                                 if ( exists $$hashref{$gid}{$sid}
-                                     && $$hashref{$gid}{$sid}{'rule'} =~
-                                     /^\s*#*\s*alert/i )
-@@ -919,7 +924,7 @@
-                                     $sidcount++;
-                                 }
-                             }
--                            case "disable" {
-+                            elsif ($function eq "disable") {
-                                 if ( exists $$hashref{$gid}{$sid}
-                                     && $$hashref{$gid}{$sid}{'rule'} =~
-                                     /^\s*(alert|drop|pass)/i )
-@@ -974,15 +979,16 @@
- 
- ## make the sid-msg.map
- sub sid_msg {
--    my ( $ruleshash, $sidhash ) = @_;
-+    my ( $ruleshash, $sidhash, $enonly ) = @_;
-     my ( $gid, $arg, $msg );
-     print "Generating sid-msg.map....\n" if !$Quiet;
-     foreach my $k ( sort keys %$ruleshash ) {
-         foreach my $k2 ( sort keys %{ $$ruleshash{$k} } ) {
-+	    next if ((defined $enonly) && $$ruleshash{$k}{$k2}{'rule'} !~ /^\s*(alert|drop|pass)/);
-             ( my $header, my $options ) =
-               split( /^[^"]* \(\s*/, $$ruleshash{$k}{$k2}{'rule'} )
-               if defined $$ruleshash{$k}{$k2}{'rule'};
--            my @optarray = split( /;(\t|\s)?/, $options ) if $options;
-+            my @optarray = split( /[^\\];(\t|\s)?/, $options ) if $options;
-             foreach my $option ( reverse(@optarray) ) {
-                 my ( $kw, $arg ) = split( /:/, $option ) if $option;
-                 if ( $kw && $arg ) {
-@@ -1460,8 +1466,8 @@
- 
- if ( exists $Config_info{'version'} ) {
-     croak "You are not using the current version of pulledpork.conf!\n",
--      "Please use the version that shipped with $VERSION!\n\n"
--      if $Config_info{'version'} ne "0.6.0";
-+      "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n"
-+      if $Config_info{'version'} ne "0.6.1";
- }
- else {
-     croak
-@@ -1674,6 +1680,7 @@
-     }
-     else {
-         $ENV{HTTPS_PROXY} = $proxy;
-+	$ENV{HTTP_PROXY} = $proxy;
-     }
- }
- undef $proxy;
-@@ -1742,7 +1749,7 @@
-                     $rule_file = "snortrules-snapshot-$Snortv.tar.gz";
-                 }
-             }
--            elsif ( $base_url =~ /emergingthreats.net/ ) {
-+            elsif ( $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/ ) {
-                 $prefix = "ET-";
-                 my $Snortv = $Snort;
-                 $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//;
-@@ -1794,7 +1801,7 @@
-                     $rule_file = "snortrules-snapshot-$Snortv.tar.gz";
-                 }
-             }
--            $prefix = "ET-" if $base_url =~ /emergingthreats.net/;
-+            $prefix = "ET-" if $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/;
-             croak "file $temp_path/$rule_file does not exist!\n"
-               unless -f "$temp_path/$rule_file";
-             rule_extract(
-@@ -1843,6 +1850,10 @@
-         policy_set( $ips_policy, \%rules_hash );
-     }
- 
-+    if ( $sidmod{modify} && -f $sidmod{modify} ) {
-+        modify_sid( \%rules_hash, $sidmod{modify} );
-+    }
-+    
-     foreach (@sidact) {
-         if ( $sidmod{$_} && -f $sidmod{$_} ) {
-             modify_state( $_, $sidmod{$_}, \%rules_hash, $rstate );
-@@ -1852,11 +1863,7 @@
-         }
-     }
- 
--    if ( $sidmod{modify} && -f $sidmod{modify} ) {
--        modify_sid( \%rules_hash, $sidmod{modify} );
--    }
--
--    print "Setting Flowbit State....\n"
-+   print "Setting Flowbit State....\n"
-       if ( !$Quiet );
- 
-     my $fbits = 1;
-@@ -1878,8 +1885,7 @@
-     }
- 
-     if ($sid_msg_map) {
--
--        sid_msg( \%rules_hash, \%sid_msg_map );
-+        sid_msg( \%rules_hash, \%sid_msg_map, $enonly );
-         sid_write( \%sid_msg_map, $sid_msg_map );
-     }
- 
diff --git a/security/pulledpork/pkg-descr b/security/pulledpork/pkg-descr
index 5ecd224cba21..0233924b1ca9 100644
--- a/security/pulledpork/pkg-descr
+++ b/security/pulledpork/pkg-descr
@@ -1,4 +1,4 @@
-pulledpork is a Perl script which helps to update your Snort 2.8+ rules.
+pulledpork is a Perl script which helps to update your Snort 2.9+ rules.
 
 -= Features and Capabilities =-