diff options
| author | Olli Hauer <ohauer@FreeBSD.org> | 2020-09-27 10:50:22 +0000 |
|---|---|---|
| committer | Olli Hauer <ohauer@FreeBSD.org> | 2020-09-27 10:50:22 +0000 |
| commit | c36356645f6d987fdfae3fc6ab5f02609c0f443e (patch) | |
| tree | 7a7431af48891d75c8f53fa11e31fff87b0ba66f | |
| parent | e779ccecac6914a73e75246683177460c2a07465 (diff) | |
Notes
| -rw-r--r-- | security/pulledpork/Makefile | 8 | ||||
| -rw-r--r-- | security/pulledpork/distinfo | 6 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-README.md | 253 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-etc_modifysid.conf | 23 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-etc_pulledpork.conf | 34 | ||||
| -rw-r--r-- | security/pulledpork/files/patch-pulledpork.pl | 144 | ||||
| -rw-r--r-- | security/pulledpork/files/pkg-message.in | 6 | ||||
| -rw-r--r-- | security/pulledpork/pkg-plist | 4 |
8 files changed, 16 insertions, 462 deletions
diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile index af2969f68ae6..c4f4c78757d4 100644 --- a/security/pulledpork/Makefile +++ b/security/pulledpork/Makefile @@ -2,9 +2,9 @@ # $FreeBSD$ PORTNAME= pulledpork -PORTVERSION= 0.7.3 +PORTVERSION= 0.7.4 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= GHL @@ -55,7 +55,9 @@ do-install: do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}/README + ${INSTALL_DATA} ${WRKSRC}/CONTRIBUTING.md ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/SECURITY.md ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} diff --git a/security/pulledpork/distinfo b/security/pulledpork/distinfo index a97049db098d..d9f06392d88e 100644 --- a/security/pulledpork/distinfo +++ b/security/pulledpork/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1512908815 -SHA256 (shirkdog-pulledpork-v0.7.3_GH0.tar.gz) = 48c66dc9abb7545186d4fba497263c1d1b247c0ea7f0953db4d515e7898461a2 -SIZE (shirkdog-pulledpork-v0.7.3_GH0.tar.gz) = 43167 +TIMESTAMP = 1600924961 +SHA256 (shirkdog-pulledpork-v0.7.4_GH0.tar.gz) = f0149eb6f723b622024295e0ee00e1acade93fae464b9fdc323fdf15e99c388c +SIZE (shirkdog-pulledpork-v0.7.4_GH0.tar.gz) = 44122 diff --git a/security/pulledpork/files/patch-README.md b/security/pulledpork/files/patch-README.md deleted file mode 100644 index 8c2b7e8ba11b..000000000000 --- a/security/pulledpork/files/patch-README.md +++ /dev/null @@ -1,253 +0,0 @@ ---- README.md.orig 2017-12-07 15:13:06 UTC -+++ README.md -@@ -1,13 +1,12 @@ --pulledpork -+PulledPork - ========== - - PulledPork for Snort and Suricata rule management (from Google code) - - Find us on Freenode (IRC) [`#ppork`](https://webchat.freenode.net/?channels=ppork) - --Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team! -+Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team! - -- - Thank you for choosing to use PulledPork! This file provides some basic - guidance on the usage of PulledPork. Please be sure to read this file - thoroughly so that you don't overlook something! -@@ -35,98 +34,75 @@ thoroughly so that you don't overlook something! - - ## Command Usage Reference - -- Usage: ./pulledpork.pl [-dEgHklnRTPVvv? -help] -c <config filename> -o <rule output path> -- -O <oinkcode> -s <so_rule output directory> -D <Distro> -S <SnortVer> -- -p <path to your snort binary> -C <path to your snort.conf> -t <sostub output path> -- -h <changelog path> -H <signal_name> -I (security|connectivity|balanced) -i <path to disablesid.conf> -- -b <path to dropsid.conf> -e <path to enablesid.conf> -M <path to modifysid.conf> -- -r <path to docs folder> -K <directory for separate rules files> -+``` -+Usage: pulledpork.pl [-dEgHklnRTPVvv? -help] -c <config filename> -o <rule output path> -+ -O <oinkcode> -s <so_rule output directory> -D <Distro> -S <SnortVer> -+ -p <path to your snort binary> -C <path to your snort.conf> -t <sostub output path> -+ -h <changelog path> -H <signal_name> -I (security|connectivity|balanced) -i <path to disablesid.conf> -+ -b <path to dropsid.conf> -e <path to enablesid.conf> -M <path to modifysid.conf> -+ -r <path to docs folder> -K <directory for separate rules files> - -- Options: -- -- -help/? Print this help info. -- -- -b Where the dropsid config file lives. -- -- -C Path to your snort.conf -- -- -c Where the pulledpork config file lives. -- -- -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. -- -- -D What Distro are you running on, for the so_rules -- Valid Distro Types: -- Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 -- FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3 -- OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 -- -- -e Where the enablesid config file lives. -- -- -E Write ONLY the enabled rules to the output files. -- -- -g grabonly (download tarball rule file(s) and do NOT process) -- -- -h path to the sid_changelog if you want to keep one? -- -- -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2) -- -- -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET) -- -- -i Where the disablesid config file lives. -- -- -k Keep the rules in separate files (using same file names as found when reading) -- -- -K Where (what directory) do you want me to put the separate rules files? -- -- -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) -- -- -L Where do you want me to read your local.rules for inclusion in sid-msg.map -- -- -m where do you want me to put the sid-msg.map file? -- -- -M where the modifysid config file lives. -- -- -n Do everything other than download of new files (disablesid, etc) -- -- -o Where do you want me to put generic rules file? -- -- -p Path to your Snort binary -- -- -P Process rules even if no new rules were downloaded -- -- -R When processing enablesid, return the rules to their ORIGINAL state -- -- -r Where do you want me to put the reference docs (xxxx.txt) -- -- -S What version of snort are you using -- -- -s Where do you want me to put the so_rules? -- -- -T Process text based rules files only, i.e. DO NOT process so_rules -- -- -u Where do you want me to pull the rules tarball from -+ Options: -+ -help/? Print this help info. -+ -b Where the dropsid config file lives. -+ -C Path to your snort.conf -+ -c Where the pulledpork config file lives. -+ -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. -+ -D What Distro are you running on, for the so_rules -+ For latest supported options see http://www.snort.org/snort-rules/shared-object-rules -+ Valid Distro Types: -+ Centos-5-4, Centos-6, Centos-7 -+ Debian-7, Debian-8, Debian-9 -+ FC-25, FC-26, FC-27, FC-30 -+ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, FreeBSD-11, FreeBSD-12 -+ OpenBSD-5-2, OpenBSD-5-3, OpenBSD-6-2, OpenSUSE-15-0, OpenSUSE-42-3 -+ RHEL-5-5, RHEL-6, RHEL-6-0, RHEL-7 -+ Slackware-13-1, Slackware-14-2 -+ Ubuntu-14-4, Ubuntu-16-4, Ubuntu-17-10, Ubuntu-18-4 -+ -e Where the enablesid config file lives. -+ -E Write ONLY the enabled rules to the output files. -+ -g grabonly (download tarball rule file(s) and do NOT process) -+ -h path to the sid_changelog if you want to keep one? -+ -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2) -+ -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET) -+ -i Where the disablesid config file lives. -+ -k Keep the rules in separate files (using same file names as found when reading) -+ -K Where (what directory) do you want me to put the separate rules files? -+ -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) -+ -L Where do you want me to read your local.rules for inclusion in sid-msg.map -+ -m where do you want me to put the sid-msg.map file? -+ -M where the modifysid config file lives. -+ -n Do everything other than download of new files (disablesid, etc) -+ -o Where do you want me to put generic rules file? -+ -O Define the oinkcode on the command line (necessary for some users) -+ -p Path to your Snort binary -+ -P Process rules even if no new rules were downloaded -+ -R When processing enablesid, return the rules to their ORIGINAL state -+ -r Where do you want me to put the reference docs (xxxx.txt) -+ -S What version of snort are you using (2.8.6 or 2.9.0) are valid values -+ -s Where do you want me to put the so_rules? -+ -T Process text based rules files only, i.e. DO NOT process so_rules -+ -u Where do you want me to pull the rules tarball from - ** E.g., ET, Snort.org. See pulledpork config rule_url option for value ideas -+ -V Print Version and exit -+ -v Verbose mode, you know.. for troubleshooting and such nonsense. -+ -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. -+ -w Skip the SSL verification (if there are issues pulling down rule files) -+ -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration. -+ ``` - -- -V Print Version and exit - -- -v Verbose mode, you know.. for troubleshooting and such nonsense. -- -- -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. -- -- -w Skip the SSL verification (if there are issues pulling down rule files) -- -- -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration. -- -- - ## Basic Usage Examples - - A simple example of how to use PulledPork would be to specify all of your configuration directives inside of the - `PulledPork.conf` file. Specifically for minimal function, i.e. NO Shared Object rule processing you must define - at a minimum the `rule_file`, `oinkcode`, `temp_path`, `tar_path`, and `rule_path` values. Below are some examples of this. - -- ./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ -- -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz -i disablesid.conf -T -H -+```bash -+./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ -+ -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz \ -+ -i disablesid.conf -T -H -+``` - - The above will fetch the `snortrules-snapshot-2973.tar.gz` tarball from snort.org using the specified `oinkcode` of - `12345667778523452344234234` and put the rules files from that tarball into the output path of -@@ -134,11 +110,16 @@ The above will fetch the `snortrules-snapshot-2973.tar - `disablesid.conf` lives, and the `-T` option tells pulledpork to not process for any shared object rules and the final - `-H` option tells pulledpork to send a `Hangup` signal to the snort pid that you defined in the `pulledpork.conf`. - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H -+``` - - Similar to the first example but all options specified in the `pulledpork.conf` file (other than `disablesid` and `-H`)... - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -m /usr/local/etc/snort/sid-msg.map -Hn -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf \ -+ -m /usr/local/etc/snort/sid-msg.map -Hn -+``` - - The above will simply read the disablesid and disable as defined, then send a `Hangup` signal after generating the `sid-msg.map` - at the specified location without downloading anything. -@@ -147,25 +128,35 @@ Highly useful when tuning / making changes etc.. - Next example, snort inline with rules that we want to drop and disable, then `HUP` our daemons after creating a `sid-msg.map` - and writing change info to `sid_changes.log`! - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \ -- -h /var/log/sid_changes.log -H -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ -+ -m /usr/local/etc/snort/sid-msg.map -h /var/log/sid_changes.log -H -+``` - - Next example, same as the previous but specifying that we want to run the default "security" based ruleset - and that we want to enable rules specified in `enablesid.conf`. - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -- -h /var/log/sid_changes.log -I security -H -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ -+ -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -+ -h /var/log/sid_changes.log -I security -H -+``` - - Next example, same as the previous but specifying that we want to `-K` (Keep) the originationg tarball names. - and write them to `/usr/local/etc/snort/rules/` - -- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -- -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/ -+```bash -+./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ -+ -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ -+ -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/ -+``` - - For users of Suricata, the same steps are necessary for where your installation files reside, but all that pulledpork needs to process - rule files is the `-S` flag being set to `suricata-3.1.3` or whatever version of suricata you are using - -- ./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3 -+```bash -+./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3 -+``` - - Pulledpork "should" work with Suricata and ET/ETPro rules. However there is no support for Talos rules to run on Suricata. - -@@ -173,11 +164,9 @@ Pulledpork "should" work with Suricata and ET/ETPro ru - - Please note that pulledpork runs rule modification (enable, drop, disable, modify) in that order by default.. - --1: enable -- --2: drop -- --3: disable -+1. enable -+2. drop -+3. disable - - This means that disable rules will always take precedence.. thusly if you specify the same `gid:sid` - in enable and disable configuration files, then that sid will be disabled.. keep this in mind diff --git a/security/pulledpork/files/patch-etc_modifysid.conf b/security/pulledpork/files/patch-etc_modifysid.conf deleted file mode 100644 index 241094840f27..000000000000 --- a/security/pulledpork/files/patch-etc_modifysid.conf +++ /dev/null @@ -1,23 +0,0 @@ ---- etc/modifysid.conf.orig 2017-12-07 15:13:06 UTC -+++ etc/modifysid.conf -@@ -2,6 +2,9 @@ - # - # Change history: - # ----------------------------------------------- -+# v1.2 2/28/2018 Scott Savarese -+# - Insert comments around using regex to match rules -+# - # v1.1 2/18/2011 Alan Ptak - # - Inserted comments around example elements that would otherwise modify rules - # -@@ -38,3 +41,10 @@ - # that it is a SNORTSAM block rule! - # 17803 "\(msg:"" "\(msg:"SNORTSAM "; - # 17803 "^\s*alert" "BLOCK"; -+ -+# A new regex formatting syntax is available: -+# regex:'PUT_REGEX_HERE' "what I'm replacing" "what I'm replacing it with" -+# This would allow users to manipulate groups of rules. This works the same -+# way as the signature based rules, but instead of matching a hardcoded set of -+# SID, it will go through all rules in GID:1 matching the regex against the -+# rule. Be sure to escape things like ( and ' diff --git a/security/pulledpork/files/patch-etc_pulledpork.conf b/security/pulledpork/files/patch-etc_pulledpork.conf deleted file mode 100644 index aab326666913..000000000000 --- a/security/pulledpork/files/patch-etc_pulledpork.conf +++ /dev/null @@ -1,34 +0,0 @@ ---- etc/pulledpork.conf.orig 2017-12-07 15:13:06 UTC -+++ etc/pulledpork.conf -@@ -123,14 +123,17 @@ config_path=/usr/local/etc/snort/snort.conf - - # Define your distro, this is for the precompiled shared object libs! - # Valid Distro Types: --# Debian-6-0, Ubuntu-10-4 --# Ubuntu-12-04, Centos-5-4 --# FC-12, FC-14, RHEL-5-5, RHEL-6-0 --# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 --# OpenBSD-5-2, OpenBSD-5-3 --# OpenSUSE-11-4, OpenSUSE-12-1 --# Slackware-13-1 --distro=FreeBSD-8-1 -+# Alpine-3-10 -+# Centos-6 Centos-7 Centos-8 -+# Debian-8 Debian-9 Debian-10 -+# FC-27 FC-30 FC-31 -+# FreeBSD-11 FreeBSD-12 -+# OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5 -+# OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3 -+# RHEL-6 RHEL-7 RHEL-8 -+# Slackware-14-2 -+# Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10 -+distro=FreeBSD-12 - - ####### This next section is optional, but probably pretty useful to you. - ####### Please read thoroughly! -@@ -211,4 +214,4 @@ snort_control=/usr/local/bin/snort_control - ####### need to process so_rules, simply comment out the so_rule section - ####### you can also specify -T at runtime to process only GID 1 rules. - --version=0.7.3 -+version=0.7.4 diff --git a/security/pulledpork/files/patch-pulledpork.pl b/security/pulledpork/files/patch-pulledpork.pl index 1f5884389803..4581d5db7a43 100644 --- a/security/pulledpork/files/patch-pulledpork.pl +++ b/security/pulledpork/files/patch-pulledpork.pl @@ -1,34 +1,6 @@ ---- pulledpork.pl.orig 2020-07-02 11:46:17 UTC +--- pulledpork.pl.orig 2020-09-01 15:08:32 UTC +++ pulledpork.pl -@@ -2,7 +2,7 @@ - - ## pulledpork v(whatever it says below!) - --# Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team! -+# Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team! - - # This program is free software; you can redistribute it and/or - # modify it under the terms of the GNU General Public License -@@ -24,6 +24,7 @@ use File::Copy; - use LWP::UserAgent; - use HTTP::Request::Common; - use HTTP::Status qw (is_success); -+ - #use Crypt::SSLeay; - use Sys::Syslog; - use Digest::MD5; -@@ -41,8 +42,8 @@ use Data::Dumper; - - # we are gonna need these! - my ($oinkcode, $temp_path, $rule_file, $Syslogging); --my $VERSION = "PulledPork v0.7.3"; --my $HUMOR = "Making signature updates great again!"; -+my $VERSION = "PulledPork v0.7.4"; -+my $HUMOR = "Helping you protect your bitcoin wallet!"; - my $ua = LWP::UserAgent->new; - - #Read in proxy settings from the environment -@@ -90,9 +91,24 @@ if ($oSystem =~ /freebsd/i) { +@@ -91,9 +91,24 @@ if ($oSystem =~ /freebsd/i) { exit(1); } } @@ -54,115 +26,3 @@ syslogit('err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n" ) if $Syslogging; -@@ -201,10 +217,16 @@ sub Help { - -D What Distro are you running on, for the so_rules - For latest supported options see http://www.snort.org/snort-rules/shared-object-rules - Valid Distro Types: -- Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 -- FC-12, FC-14, RHEL-5-5, RHEL-6-0 -- FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3 -- OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 -+ Alpine-3-10 -+ Centos-6 Centos-7 Centos-8 Debian-8 Debian-9 -+ Debian-10 -+ FC-27 FC-30 FC-31 -+ FreeBSD-11 FreeBSD-12 -+ OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5 -+ OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3 -+ RHEL-6 RHEL-7 RHEL-8 -+ Slackware-14-2 -+ Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10 - -e Where the enablesid config file lives. - -E Write ONLY the enabled rules to the output files. - -g grabonly (download tarball rule file(s) and do NOT process) -@@ -277,14 +299,27 @@ sub rule_extract { - $rule_file, $temp_path, $Distro, $arch, $Snort, - $Sorules, $ignore, $docs, $prefix - ) = @_; -- print "Prepping rules from $rule_file for work....\n" if !$Quiet; -- print "\textracting contents of $temp_path$rule_file...\n" -- if ($Verbose && !$Quiet); -+ -+ #special case to bypass file operations when -nPT are specified -+ my $BypassTar = 0; -+ if ($Textonly && $NoDownload && $Process) { -+ if ($rule_file =~ /opensource\.gz/) { -+ print "Skipping opensource.gz as -nPT was specified\n" if !$Quiet; -+ $BypassTar = 1; -+ } -+ } -+ if (!$BypassTar) { -+ print "Prepping rules from $rule_file for work....\n" if !$Quiet; -+ print "\textracting contents of $temp_path$rule_file...\n" -+ if ($Verbose && !$Quiet); -+ } - mkpath($temp_path . "tha_rules"); - mkpath($temp_path . "tha_rules/so_rules"); - my $tar = Archive::Tar->new(); -- $tar->read($temp_path . $rule_file); -- $tar->setcwd(cwd()); -+ if (!$BypassTar) { -+ $tar->read($temp_path . $rule_file); -+ $tar->setcwd(cwd()); -+ } - local $Archive::Tar::CHOWN = 0; - my @ignores = split(/,/, $ignore) if (defined $ignore); - -@@ -345,7 +380,8 @@ sub rule_extract { - } - elsif ($docs - && $filename =~ /^(doc\/signatures\/)?.*\.txt/ -- && -d $docs) -+ && -d $docs -+ && !$BypassTar) - { - $singlefile =~ s/^doc\/signatures\///; - $tar->extract_file("doc/signatures/$filename", -@@ -928,7 +964,21 @@ sub modify_sid { - } - undef @arry; - } -+ -+ # Handle use case where we want to modify multiple sids based on -+ # comment in rule (think multiple rules with same or similar comment) -+ if ( $_ =~ /^regex:'([^']+)'\s+"(.+)"\s+"(.*)"/ ) { -+ my ( $regex, $from, $to ) = ( $1, $2, $3 ); -+ # Go through each rule in gid:1 and look for matching rules -+ foreach my $sid ( sort keys( %{ $$href{1} } ) ) { -+ next unless ( $$href{1}{$sid}{'rule'} =~ /$regex/ ); -+ print "\tModifying SID:$sid from:$from to:$to\n" -+ if ( $Verbose && !$Quiet ); -+ $$href{1}{$sid}{'rule'} =~ s/$from/$to/; -+ } -+ } - } -+ - print "\tDone!\n" if !$Quiet; - close(FH); - } -@@ -1277,7 +1327,7 @@ sub rule_category_write { - ## write our blacklist and blacklist version file! - sub blacklist_write { - my ($href, $path) = @_; -- my $blv = $Config_info{'IPRVersion'} . "IPRVersion.dat"; -+ my $blv = $Config_info{'IPRVersion'} . "/IPRVersion.dat"; - my $blver = 0; - - # First lets be sure that our data is new, if not skip the rest of it! -@@ -1769,7 +1819,7 @@ if ($Verbose && !$Quiet) { - if (exists $Config_info{'version'}) { - croak "You are not using the current version of pulledpork.conf!\n", - "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" -- if $Config_info{'version'} ne "0.7.3"; -+ if $Config_info{'version'} ne "0.7.4"; - } - else { - croak -@@ -2118,6 +2168,7 @@ if (@base_url && -d $temp_path) { - } - } - elsif ($base_url =~ /emergingthreatspro.com/) { -+ $prefix = "ET-"; - - # These have to be handled separately, as emerginthreatspro will - # support a full version, but emergingthreats only supports the diff --git a/security/pulledpork/files/pkg-message.in b/security/pulledpork/files/pkg-message.in index ca9765f0624d..0a67658fb4af 100644 --- a/security/pulledpork/files/pkg-message.in +++ b/security/pulledpork/files/pkg-message.in @@ -22,10 +22,10 @@ EOM { type: upgrade message: <<EOM -Please compare existing files under %%ETCDIR%% -with the new *.sample files and if required adjust -the line 'version=' +In release 0.7.4 blacklist was renamed to blocklist. +Please compare existing files under %%ETCDIR%% +with the new *.sample files adjust them if required. EOM } ] diff --git a/security/pulledpork/pkg-plist b/security/pulledpork/pkg-plist index d917a57b3da8..5c9e2f9b32e3 100644 --- a/security/pulledpork/pkg-plist +++ b/security/pulledpork/pkg-plist @@ -4,11 +4,13 @@ bin/pulledpork.pl %%ETCDIR%%/enablesid.conf.sample %%ETCDIR%%/modifysid.conf.sample @(,,0640) %%ETCDIR%%/pulledpork.conf.sample -%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTING.md %%PORTDOCS%%%%DOCSDIR%%/README.CATEGORIES %%PORTDOCS%%%%DOCSDIR%%/README.CHANGES %%PORTDOCS%%%%DOCSDIR%%/README.RULESET %%PORTDOCS%%%%DOCSDIR%%/README.SHAREDOBJECTS +%%PORTDOCS%%%%DOCSDIR%%/README.md +%%PORTDOCS%%%%DOCSDIR%%/SECURITY.md %%DATADIR%%/README.CONTRIB %%DATADIR%%/oink-conv.pl @dir(,,0750) %%ETCDIR%% |