aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlli Hauer <ohauer@FreeBSD.org>2013-03-28 15:57:15 +0000
committerOlli Hauer <ohauer@FreeBSD.org>2013-03-28 15:57:15 +0000
commitef122bcbaa64d8db63c8e8b638f7f6febe497581 (patch)
treeb31cb9f7b31fc7c246060f895e6056afcba93447
parentb0533230a5dc0d2805b7e7bc9d84de5193b5f32d (diff)
downloadports-ef122bcbaa64d8db63c8e8b638f7f6febe497581.tar.gz
ports-ef122bcbaa64d8db63c8e8b638f7f6febe497581.zip
Notes
-rw-r--r--security/pulledpork/Makefile14
-rw-r--r--security/pulledpork/distinfo2
-rw-r--r--security/pulledpork/files/patch-svn-r230-rHEAD402
-rw-r--r--security/pulledpork/pkg-descr2
4 files changed, 14 insertions, 406 deletions
diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile
index 0e8620c338e1..2921a42f4f65 100644
--- a/security/pulledpork/Makefile
+++ b/security/pulledpork/Makefile
@@ -1,4 +1,4 @@
-# Create by: Olli Hauer
+# Created by: Olli Hauer
# $FreeBSD$
PORTNAME= pulledpork
@@ -7,6 +7,10 @@ PORTREVISION= 3
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE}
+PATCH_SITES= ${MASTER_SITE_LOCAL}
+PATCH_SITE_SUBDIR= ohauer
+PATCHFILES= ${PORTNAME}-${PORTVERSION}-r${PATCHREV}.diff.bz2
+
MAINTAINER= ohauer@FreeBSD.org
COMMENT= Script to update snort-2.8+ rules
@@ -16,6 +20,8 @@ RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${PORTSDIR}/security/p5-Crypt-SSLeay \
p5-LWP-Protocol-https>=6.00:${PORTSDIR}/www/p5-LWP-Protocol-https \
p5-libwww>=0:${PORTSDIR}/www/p5-libwww
+# 0.6.1 -> svn rev. 230
+PATCHREV= 230-262
NO_BUILD= yes
USE_PERL5_RUN= yes
@@ -33,7 +39,9 @@ PLIST_FILES= bin/pulledpork.pl \
SUB_FILES= pkg-message
-.if !defined(NOPORTDOCS)
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MDOCS}
PORTDOCS= LICENSE README README.CATEGORIES README.CHANGES README.RULESET README.SHAREDOBJECTS
.endif
@@ -60,7 +68,7 @@ do-install:
@${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${DATADIR}/
@${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${DATADIR}/
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${DOCSDIR}
@${INSTALL_DATA} ${WRKSRC}/LICENSE ${DOCSDIR}/
@${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}/
diff --git a/security/pulledpork/distinfo b/security/pulledpork/distinfo
index 249248cfb57e..64b0e3f9d211 100644
--- a/security/pulledpork/distinfo
+++ b/security/pulledpork/distinfo
@@ -1,2 +1,4 @@
SHA256 (pulledpork-0.6.1.tar.gz) = 28052849ce60f034f5ba348659e611562c8fe9d572b3c177a0c23e3f92638ad1
SIZE (pulledpork-0.6.1.tar.gz) = 35444
+SHA256 (pulledpork-0.6.1-r230-262.diff.bz2) = 4e331311e71d1068851397fb880f03a5947a8b7f5dd5a860d0ff9ef5cc8f59b3
+SIZE (pulledpork-0.6.1-r230-262.diff.bz2) = 14931
diff --git a/security/pulledpork/files/patch-svn-r230-rHEAD b/security/pulledpork/files/patch-svn-r230-rHEAD
deleted file mode 100644
index a0e5eb7ee3ac..000000000000
--- a/security/pulledpork/files/patch-svn-r230-rHEAD
+++ /dev/null
@@ -1,402 +0,0 @@
-Index: doc/README.CHANGES
-===================================================================
---- doc/README.CHANGES (revision 230)
-+++ doc/README.CHANGES (revision 243)
-@@ -1,5 +1,30 @@
- PulledPork Changelog
-
-+V0.6.2 the Cigar Pig
-+
-+Bug Fixes:
-+- Bug #79 - Fixed race condition that did not allow for disabled rules to be modified using modifysid
-+ These rules would then be enabled by flowbit dependency check and be unmodified
-+- Bug #77 - Adjusted chown property of archive::tar
-+- Bug #78 - Adjusted per bug report to allow for proper ignoring of preproc.rules
-+- Bug #102 - Only Enabled rules are written to sid-msg.map now when -E flag is specified
-+- Bug #99 - Doc Bug, updated docs associated with snort_version variable
-+- Bug #96 - Modified code to allow for same-line traling comments: "1:10011 #can haz disable!"
-+ Also updated the rulestate files (enable,disable,drop)
-+- Bug #82 - Modified run order to force modifysid to run before all other sid state modification routines
-+ This allows for sid changes to be made prior to automatic state determination ala automatic
-+ flowbit resolution. NOTE that this DOES NOT AND WILL NOT disable automatic flowbit
-+ resolution, this is a critical piece.
-+- Bug #81 - Updated valid SO distro pre-compiled list
-+- Bug #114 - Update Regex to allow for null search/replace in modify_sid sub
-+- Unlisted Bug - Allow for escaped ; "\;" in references
-+- Bug #121 - Update to allow for new etpro.com url and cert!
-+- Bug #119 - Fixed regex [^\\]...
-+
-+New Features / changes:
-+- Bug #105 - Removed Switch function as it is deprecated in > 5.12 perl
-+- Unlisted Bug - Include IP Reputation capability
-+
- v0.6.1 the Smoking Pig, revisited
-
- Bug Fixes:
-Index: etc/pulledpork.conf
-===================================================================
---- etc/pulledpork.conf (revision 230)
-+++ etc/pulledpork.conf (revision 243)
-@@ -10,20 +10,22 @@
- ####### snort version and subscription etc...)
- #######
-
--# The rule_url value replaces the old base_url and rule_file configuration
--# options. You can now specify one or as many rule_urls as you like, they
-+# You can specify one or as many rule_urls as you like, they
- # must appear as http://what.site.com/|rulesfile.tar.gz|1234567. You can specify
- # each on an individual line, or you can specify them in a , separated list
- # i.e. rule_url=http://x.y.z/|a.tar.gz|123,http://z.y.z/|b.tar.gz|456
- # note that the url, rule file, and oinkcode itself are separated by a pipe |
- # i.e. url|tarball|123456789,
- rule_url=https://www.snort.org/reg-rules/|snortrules-snapshot.tar.gz|<oinkcode>
-+# NEW For IP Blacklisting! Note the format is urltofile|IPBLACKLIST|<oinkcode>
-+# This format MUST be followed to let pulledpork know that this is a blacklist
-+rule_url=http://labs.snort.org/feeds/ip-filter.blf|IPBLACKLIST|open
- # get the rule docs!
- rule_url=https://www.snort.org/reg-rules/|opensource.gz|<oinkcode>
--rule_url=https://rules.emergingthreats.net/|emerging.rules.tar.gz|open
-+rule_url=https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open
- # THE FOLLOWING URL is for etpro downloads, note the tarball name change!
- # and the et oinkcode requirement!
--rule_url=https://rules.emergingthreats.net/|etpro.rules.tar.gz|<et oinkcode>
-+rule_url=https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|<et oinkcode>
- # NOTE above that the VRT snortrules-snapshot does not contain the version
- # portion of the tarball name, this is because PP now automatically populates
- # this value for you, if, however you put the version information in, PP will
-@@ -50,9 +52,6 @@
- # previous ignore line and uncomment the following!
- # ignore=deleted,experimental,local,decoder,preprocessor,sensitive-data
-
--# Define your Oinkcode - DEPRICATED, SEE RULE_URL
--# oinkcode=replacethiswithyouroinkcode
--
- # What is our temp path, be sure this path has a bit of space for rule
- # extraction and manipulation, no trailing slash
- temp_path=/tmp
-@@ -116,12 +115,15 @@
- sostub_path=/usr/local/etc/snort/rules/so_rules.rules
-
- # Define your distro, this is for the precompiled shared object libs!
--# Valid Distro Types=Debian-Lenny, Ubuntu-6.01.1, Ubuntu-8.04
--# CentOS-4.6, Centos-4-8, CentOS-5.0, Centos-5-4
--# FC-5, FC-9, FC-11, FC-12, RHEL-5.0
--# FreeBSD-6.3, FreeBSD-7-2, FreeBSD-7-3, FreeBSD-7.0, FreeBSD-8-0, FreeBSD-8-1
--# OpenSUSE-11-3
--distro=FreeBSD-8.0
-+# Valid Distro Types:
-+# Debian-5-0, Debian-6-0,
-+# Ubuntu-8.04, Ubuntu-10-4
-+# Centos-4-8, Centos-5-4
-+# FC-12, FC-14, RHEL-5-5, RHEL-6-0
-+# FreeBSD-7-3, FreeBSD-8-1
-+# OpenBSD-4-8
-+# Slackware-13-1
-+distro=FreeBSD-8.1
-
- ####### This next section is optional, but probably pretty useful to you.
- ####### Please read thoroughly!
-@@ -160,8 +162,7 @@
-
- # This defines the version of snort that you are using, for use ONLY if the
- # proper snort binary is not on the system that you are fetching the rules with
--# Defining this value will set the Textonly flag, and thus will NOT allow
--# you to use shared object rules. This value MUST contain all 4 minor version
-+# This value MUST contain all 4 minor version
- # numbers. ET rules are now also dependant on this, verify supported ET versions
- # prior to simply throwing rubbish in this variable kthx!
- # snort_version=2.9.0.0
-@@ -183,4 +184,4 @@
- ####### need to process so_rules, simply comment out the so_rule section
- ####### you can also specify -T at runtime to process only GID 1 rules.
-
--version=0.6.0
-+version=0.6.1
-Index: etc/disablesid.conf
-===================================================================
---- etc/disablesid.conf (revision 230)
-+++ etc/disablesid.conf (revision 243)
-@@ -6,6 +6,10 @@
- # Example of modifying state for rule ranges
- # 1:220-1:3264,3:13010-3:13013
-
-+# Comments are allowed in this file, and can also be on the same line
-+# As the modify state syntax, as long as it is a trailing comment
-+# 1:1011 # I Disabled this rule because I could!
-+
- # Example of modifying state for MS and cve rules, note the use of the :
- # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
- # and all MS00 and all cve 2000 related sids! These support regular expression
-Index: etc/dropsid.conf
-===================================================================
---- etc/dropsid.conf (revision 230)
-+++ etc/dropsid.conf (revision 243)
-@@ -10,6 +10,10 @@
- # Example of modifying state for rule ranges
- # 1:220-1:3264,3:13010-3:13013
-
-+# Comments are allowed in this file, and can also be on the same line
-+# As the modify state syntax, as long as it is a trailing comment
-+# 1:1011 # I Disabled this rule because I could!
-+
- # Example of modifying state for MS and cve rules, note the use of the :
- # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
- # and all MS00 and all cve 2000 related sids! These support regular expression
-Index: etc/enablesid.conf
-===================================================================
---- etc/enablesid.conf (revision 230)
-+++ etc/enablesid.conf (revision 243)
-@@ -10,6 +10,10 @@
- # Example of modifying state for rule ranges
- # 1:220-1:3264,3:13010-3:13013
-
-+# Comments are allowed in this file, and can also be on the same line
-+# As the modify state syntax, as long as it is a trailing comment
-+# 1:1011 # I Disabled this rule because I could!
-+
- # Example of modifying state for MS and cve rules, note the use of the :
- # in cve. This will modify MS09-008, cve 2009-0233, bugtraq 21301,
- # and all MS00 and all cve 2000 related sids! These support regular expression
-Index: pulledpork.pl
-===================================================================
---- pulledpork.pl (revision 230)
-+++ pulledpork.pl (revision 243)
-@@ -33,7 +33,6 @@
- use Getopt::Long qw(:config no_ignore_case bundling);
- use Archive::Tar;
- use POSIX qw(:errno_h);
--use Switch;
- use Cwd;
- use Carp;
-
-@@ -41,7 +40,7 @@
-
- # we are gonna need these!
- my ( $oinkcode, $temp_path, $rule_file, $Syslogging );
--my $VERSION = "PulledPork v0.6.1 the Smoking Pig <////~";
-+my $VERSION = "PulledPork v0.6.2dev the Cigar Pig <////~";
- my $ua = LWP::UserAgent->new;
-
- my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto );
-@@ -139,11 +138,12 @@
- -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations.
- -D What Distro are you running on, for the so_rules
- For latest supported options see http://www.snort.org/snort-rules/shared-object-rules
-- Valid Distro Types=Debian-Lenny, Ubuntu-6.01.1, Ubuntu-8.04
-- CentOS-4.6, Centos-4-8, CentOS-5.0, Centos-5-4
-- FC-5, FC-9, FC-11, FC-12, RHEL-5.0
-- FreeBSD-6.3, FreeBSD-7-2, FreeBSD-7-3, FreeBSD-7.0, FreeBSD-8-0, FreeBSD-8-1
-- OpenSUSE-11-3
-+ Valid Distro Types:
-+ Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4
-+ Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0
-+ FreeBSD-7-3, FreeBSD-8-1
-+ OpenBSD-4-8
-+ Slackware-13-1
- -e Where the enablesid config file lives.
- -E Write ONLY the enabled rules to the output files.
- -g grabonly (download tarball rule file(s) and do NOT process)
-@@ -222,6 +222,7 @@
- my $tar = Archive::Tar->new();
- $tar->read( $temp_path . $rule_file );
- $tar->setcwd( cwd() );
-+ local $Archive::Tar::CHOWN = 0;
- my @ignores = split( /,/, $ignore );
-
- foreach (@ignores) {
-@@ -233,7 +234,7 @@
- print "\tIgnoring preprocessor rules: $_\n"
- if ( $Verbose && !$Quiet );
- my $preprocfile = $_;
-- $preprocfile =~ s/preproc/rules/;
-+ $preprocfile =~ s/\.preproc/\.rules/;
- $tar->remove("preproc_rules/$preprocfile");
- }
- elsif ( $_ =~ /\.so/ ) {
-@@ -368,6 +369,10 @@
- getstore( "https://www.snort.org/reg-rules/$rule_file/$oinkcode",
- $temp_path . $rule_file );
- }
-+ elsif ($rule_file eq "IPBLACKLIST"){
-+ $getrules_rule =
-+ getstore( "http://labs.snort.org/feeds/ip-filter.blf", $temp_path . "black_list.rules")
-+ }
- else {
- $getrules_rule =
- getstore( $base_url . "/" . $rule_file, $temp_path . $rule_file );
-@@ -435,7 +440,7 @@
- getstore( "https://www.snort.org/reg-rules/$rule_file.md5/$oinkcode",
- $temp_path . $rule_file . ".md5" );
- }
-- elsif ( $base_url =~ /emergingthreats\.net/i ) {
-+ elsif ( $base_url =~ /(emergingthreats\.net|emergingthreatspro\.com)/i ) {
- $getrules_md5 = getstore(
- "$base_url/$rule_file" . ".md5",
- $temp_path . $rule_file . ".md5"
-@@ -708,17 +713,16 @@
- open( FH, "<$file" ) || carp "Unable to open $file\n";
- while (<FH>) {
- next if ( ( $_ =~ /^\s*#/ ) || ( $_ eq " " ) );
-- if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.+)"/ ) {
-+ if ( $_ =~ /([\d+|,|\*]*)\s+"(.+)"\s+"(.*)"/ ) {
- my ( $sids, $from, $to ) = ( $1, $2, $3 );
- @arry = split( /,/, $sids ) if $sids !~ /\*/;
- @arry = "*" if $sids =~ /\*/;
- foreach my $sid (@arry) {
- $sid = trim($sid);
-- if ( $sid ne "*" && exists $$href{1}{$sid} ) {
-+ if ( $sid ne "*" && defined $$href{1}{$sid}{'rule'} ) {
- print "\tModifying SID:$sid from:$from to:$to\n"
- if ( $Verbose && !$Quiet );
-- $$href{1}{$sid}{'rule'} =~ s/$from/$to/
-- if $$href{1}{$sid}{'rule'} !~ /^\s*#/;
-+ $$href{1}{$sid}{'rule'} =~ s/$from/$to/;
- }
- elsif ( $sid eq "*" ) {
- print "\tModifying ALL SIDS from:$from to:$to\n"
-@@ -739,21 +743,22 @@
- # speed ftw!
- sub modify_state {
- my ( $function, $SID_conf, $hashref, $rstate ) = @_;
-- my ( @sid_mod, $sidlist );
-+ my ( @sid_mod, $sidlist);
- print "Processing $SID_conf....\n" if !$Quiet;
- print "\tSetting rules specified in $SID_conf to their default state!\n"
- if ( !$Quiet && $function eq 'enable' && $rstate );
- if ( -f $SID_conf ) {
- open( DATA, "$SID_conf" ) or carp "unable to open $SID_conf $!";
- while (<DATA>) {
-- $sidlist = $_;
-+ next unless ($_ !~ /^\s*#/ && $_ ne "");
-+ $sidlist = (split '#',$_)[0];
- chomp($sidlist);
- $sidlist = trim($sidlist);
-- if ( ( $sidlist !~ /^\s*#/ ) && ( $sidlist ne "" ) && !(@sid_mod) )
-+ if (!@sid_mod )
- {
- @sid_mod = split( /,/, $sidlist );
- }
-- elsif ( ( $sidlist !~ /^\s*#/ ) && ( $sidlist ne "" && @sid_mod ) )
-+ elsif (@sid_mod)
- {
- push( @sid_mod, split( /,/, $sidlist ) );
- }
-@@ -861,8 +866,8 @@
- if ( $gid && $sid ) {
- $gid =~ s/:\d+//;
- $sid =~ s/\d+://;
-- switch ($function) {
-- case "enable" {
-+ if ($function) {
-+ if ($function eq "enable") {
- if ( exists $$hashref{$gid}{$sid}
- && $$hashref{$gid}{$sid}{'rule'} =~
- /^\s*#\s*(alert|drop|pass)/i
-@@ -904,7 +909,7 @@
- }
- }
- }
-- case "drop" {
-+ elsif ($function eq "drop") {
- if ( exists $$hashref{$gid}{$sid}
- && $$hashref{$gid}{$sid}{'rule'} =~
- /^\s*#*\s*alert/i )
-@@ -919,7 +924,7 @@
- $sidcount++;
- }
- }
-- case "disable" {
-+ elsif ($function eq "disable") {
- if ( exists $$hashref{$gid}{$sid}
- && $$hashref{$gid}{$sid}{'rule'} =~
- /^\s*(alert|drop|pass)/i )
-@@ -974,15 +979,16 @@
-
- ## make the sid-msg.map
- sub sid_msg {
-- my ( $ruleshash, $sidhash ) = @_;
-+ my ( $ruleshash, $sidhash, $enonly ) = @_;
- my ( $gid, $arg, $msg );
- print "Generating sid-msg.map....\n" if !$Quiet;
- foreach my $k ( sort keys %$ruleshash ) {
- foreach my $k2 ( sort keys %{ $$ruleshash{$k} } ) {
-+ next if ((defined $enonly) && $$ruleshash{$k}{$k2}{'rule'} !~ /^\s*(alert|drop|pass)/);
- ( my $header, my $options ) =
- split( /^[^"]* \(\s*/, $$ruleshash{$k}{$k2}{'rule'} )
- if defined $$ruleshash{$k}{$k2}{'rule'};
-- my @optarray = split( /;(\t|\s)?/, $options ) if $options;
-+ my @optarray = split( /[^\\];(\t|\s)?/, $options ) if $options;
- foreach my $option ( reverse(@optarray) ) {
- my ( $kw, $arg ) = split( /:/, $option ) if $option;
- if ( $kw && $arg ) {
-@@ -1460,8 +1466,8 @@
-
- if ( exists $Config_info{'version'} ) {
- croak "You are not using the current version of pulledpork.conf!\n",
-- "Please use the version that shipped with $VERSION!\n\n"
-- if $Config_info{'version'} ne "0.6.0";
-+ "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n"
-+ if $Config_info{'version'} ne "0.6.1";
- }
- else {
- croak
-@@ -1674,6 +1680,7 @@
- }
- else {
- $ENV{HTTPS_PROXY} = $proxy;
-+ $ENV{HTTP_PROXY} = $proxy;
- }
- }
- undef $proxy;
-@@ -1742,7 +1749,7 @@
- $rule_file = "snortrules-snapshot-$Snortv.tar.gz";
- }
- }
-- elsif ( $base_url =~ /emergingthreats.net/ ) {
-+ elsif ( $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/ ) {
- $prefix = "ET-";
- my $Snortv = $Snort;
- $Snortv =~ s/(?<=\d\.\d\.\d)\.\d//;
-@@ -1794,7 +1801,7 @@
- $rule_file = "snortrules-snapshot-$Snortv.tar.gz";
- }
- }
-- $prefix = "ET-" if $base_url =~ /emergingthreats.net/;
-+ $prefix = "ET-" if $base_url =~ /(emergingthreats.net|emergingthreatspro.com)/;
- croak "file $temp_path/$rule_file does not exist!\n"
- unless -f "$temp_path/$rule_file";
- rule_extract(
-@@ -1843,6 +1850,10 @@
- policy_set( $ips_policy, \%rules_hash );
- }
-
-+ if ( $sidmod{modify} && -f $sidmod{modify} ) {
-+ modify_sid( \%rules_hash, $sidmod{modify} );
-+ }
-+
- foreach (@sidact) {
- if ( $sidmod{$_} && -f $sidmod{$_} ) {
- modify_state( $_, $sidmod{$_}, \%rules_hash, $rstate );
-@@ -1852,11 +1863,7 @@
- }
- }
-
-- if ( $sidmod{modify} && -f $sidmod{modify} ) {
-- modify_sid( \%rules_hash, $sidmod{modify} );
-- }
--
-- print "Setting Flowbit State....\n"
-+ print "Setting Flowbit State....\n"
- if ( !$Quiet );
-
- my $fbits = 1;
-@@ -1878,8 +1885,7 @@
- }
-
- if ($sid_msg_map) {
--
-- sid_msg( \%rules_hash, \%sid_msg_map );
-+ sid_msg( \%rules_hash, \%sid_msg_map, $enonly );
- sid_write( \%sid_msg_map, $sid_msg_map );
- }
-
diff --git a/security/pulledpork/pkg-descr b/security/pulledpork/pkg-descr
index 5ecd224cba21..0233924b1ca9 100644
--- a/security/pulledpork/pkg-descr
+++ b/security/pulledpork/pkg-descr
@@ -1,4 +1,4 @@
-pulledpork is a Perl script which helps to update your Snort 2.8+ rules.
+pulledpork is a Perl script which helps to update your Snort 2.9+ rules.
-= Features and Capabilities =-