- update with patches to current github version

  (there is no new release and code change since long time,
   so use patches to reflect current github version)
- additionally update supported OS for pre compiled so files
- add updating hint to pkg-message

6 files changed, 462 insertions, 2 deletions

diff --git a/security/pulledpork/Makefile b/security/pulledpork/Makefile
index 1fcc82adf6e2..19a5e7247bcd 100644
--- a/security/pulledpork/Makefile
+++ b/security/pulledpork/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	pulledpork
 PORTVERSION=	0.7.3
+PORTREVISION=	1
 DISTVERSIONPREFIX=	v
 CATEGORIES=	security
 MASTER_SITES=	GHL
diff --git a/security/pulledpork/files/patch-README.md b/security/pulledpork/files/patch-README.md
new file mode 100644
index 000000000000..8c2b7e8ba11b
--- /dev/null
+++ b/security/pulledpork/files/patch-README.md
@@ -0,0 +1,253 @@
+--- README.md.orig	2017-12-07 15:13:06 UTC
++++ README.md
+@@ -1,13 +1,12 @@
+-pulledpork
++PulledPork
+ ==========
+ 
+ PulledPork for Snort and Suricata rule management (from Google code)
+ 
+ Find us on Freenode (IRC) [`#ppork`](https://webchat.freenode.net/?channels=ppork)
+ 
+-Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team!
++Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team!
+ 
+-
+ Thank you for choosing to use PulledPork!  This file provides some basic
+ guidance on the usage of PulledPork.  Please be sure to read this file
+ thoroughly so that you don't overlook something!
+@@ -35,98 +34,75 @@ thoroughly so that you don't overlook something!
+ 
+ ## Command Usage Reference
+ 
+-    Usage: ./pulledpork.pl [-dEgHklnRTPVvv? -help] -c <config filename> -o <rule output path>
+-       -O <oinkcode> -s <so_rule output directory> -D <Distro> -S <SnortVer>
+-       -p <path to your snort binary> -C <path to your snort.conf> -t <sostub output path>
+-       -h <changelog path> -H <signal_name> -I (security|connectivity|balanced) -i <path to disablesid.conf>
+-       -b <path to dropsid.conf> -e <path to enablesid.conf> -M <path to modifysid.conf>
+-       -r <path to docs folder> -K <directory for separate rules files>
++```
++Usage: pulledpork.pl [-dEgHklnRTPVvv? -help] -c <config filename> -o <rule output path>
++ -O <oinkcode> -s <so_rule output directory> -D <Distro> -S <SnortVer>
++ -p <path to your snort binary> -C <path to your snort.conf> -t <sostub output path>
++ -h <changelog path> -H <signal_name> -I (security|connectivity|balanced) -i <path to disablesid.conf>
++ -b <path to dropsid.conf> -e <path to enablesid.conf> -M <path to modifysid.conf>
++ -r <path to docs folder> -K <directory for separate rules files>
+ 
+-    Options:
+-
+-    -help/? Print this help info.
+-
+-    -b Where the dropsid config file lives.
+-
+-    -C Path to your snort.conf
+-
+-    -c Where the pulledpork config file lives.
+-
+-    -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations.
+-
+-    -D What Distro are you running on, for the so_rules
+-       Valid Distro Types:
+-         Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4
+-         FC-12, FC-14, RHEL-5-5, RHEL-6-0
+-         FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3
+-         OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1	
+-
+-    -e Where the enablesid config file lives.
+-
+-    -E Write ONLY the enabled rules to the output files.
+-
+-    -g grabonly (download tarball rule file(s) and do NOT process)
+-
+-    -h path to the sid_changelog if you want to keep one?
+-
+-    -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2)
+-
+-    -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET)
+-
+-    -i Where the disablesid config file lives.
+-
+-    -k Keep the rules in separate files (using same file names as found when reading)
+-
+-    -K Where (what directory) do you want me to put the separate rules files?
+-
+-    -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) 
+-
+-    -L Where do you want me to read your local.rules for inclusion in sid-msg.map
+-
+-    -m where do you want me to put the sid-msg.map file?
+-
+-    -M where the modifysid config file lives.
+-
+-    -n Do everything other than download of new files (disablesid, etc)
+-
+-    -o Where do you want me to put generic rules file?
+-
+-    -p Path to your Snort binary
+-
+-    -P Process rules even if no new rules were downloaded
+-
+-    -R When processing enablesid, return the rules to their ORIGINAL state
+-
+-    -r Where do you want me to put the reference docs (xxxx.txt)
+-
+-    -S What version of snort are you using
+-
+-    -s Where do you want me to put the so_rules?
+-
+-    -T Process text based rules files only, i.e. DO NOT process so_rules
+-
+-    -u Where do you want me to pull the rules tarball from
++ Options:
++ -help/? Print this help info.
++ -b Where the dropsid config file lives.
++ -C Path to your snort.conf
++ -c Where the pulledpork config file lives.
++ -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations.
++ -D What Distro are you running on, for the so_rules
++    For latest supported options see http://www.snort.org/snort-rules/shared-object-rules
++    Valid Distro Types:
++      Centos-5-4, Centos-6, Centos-7
++      Debian-7, Debian-8, Debian-9
++      FC-25, FC-26, FC-27, FC-30
++      FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, FreeBSD-11, FreeBSD-12
++      OpenBSD-5-2, OpenBSD-5-3, OpenBSD-6-2, OpenSUSE-15-0, OpenSUSE-42-3
++      RHEL-5-5, RHEL-6, RHEL-6-0, RHEL-7
++      Slackware-13-1, Slackware-14-2
++      Ubuntu-14-4, Ubuntu-16-4, Ubuntu-17-10, Ubuntu-18-4
++ -e Where the enablesid config file lives.
++ -E Write ONLY the enabled rules to the output files.
++ -g grabonly (download tarball rule file(s) and do NOT process)
++ -h path to the sid_changelog if you want to keep one?
++ -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2)
++ -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET)
++ -i Where the disablesid config file lives.
++ -k Keep the rules in separate files (using same file names as found when reading)
++ -K Where (what directory) do you want me to put the separate rules files?
++ -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher)
++ -L Where do you want me to read your local.rules for inclusion in sid-msg.map
++ -m where do you want me to put the sid-msg.map file?
++ -M where the modifysid config file lives.
++ -n Do everything other than download of new files (disablesid, etc)
++ -o Where do you want me to put generic rules file?
++ -O Define the oinkcode on the command line (necessary for some users)
++ -p Path to your Snort binary
++ -P Process rules even if no new rules were downloaded
++ -R When processing enablesid, return the rules to their ORIGINAL state
++ -r Where do you want me to put the reference docs (xxxx.txt)
++ -S What version of snort are you using (2.8.6 or 2.9.0) are valid values
++ -s Where do you want me to put the so_rules?
++ -T Process text based rules files only, i.e. DO NOT process so_rules
++ -u Where do you want me to pull the rules tarball from
+     ** E.g., ET, Snort.org. See pulledpork config rule_url option for value ideas
++ -V Print Version and exit
++ -v Verbose mode, you know.. for troubleshooting and such nonsense.
++ -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense.
++ -w Skip the SSL verification (if there are issues pulling down rule files)
++ -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration.
++ ```
+ 
+-    -V Print Version and exit
+ 
+-    -v Verbose mode, you know.. for troubleshooting and such nonsense.
+-
+-    -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense.
+-
+-    -w Skip the SSL verification (if there are issues pulling down rule files)
+-
+-    -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration.
+-
+-
+ ## Basic Usage Examples
+ 
+ A simple example of how to use PulledPork would be to specify all of your configuration directives inside of the
+ `PulledPork.conf` file.  Specifically for minimal function, i.e. NO Shared Object rule processing you must define 
+ at a minimum the `rule_file`, `oinkcode`, `temp_path`, `tar_path`, and `rule_path` values.  Below are some examples of this.
+ 
+-    ./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234  \
+-      -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz -i disablesid.conf -T -H
++```bash
++./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \
++  -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz \
++  -i disablesid.conf -T -H
++```
+ 
+ The above will fetch the `snortrules-snapshot-2973.tar.gz` tarball from snort.org using the specified `oinkcode` of 
+ `12345667778523452344234234` and put the rules files from that tarball into the output path of 
+@@ -134,11 +110,16 @@ The above will fetch the `snortrules-snapshot-2973.tar
+ `disablesid.conf` lives, and the `-T` option tells pulledpork to not process for any shared object rules and the final
+ `-H` option tells pulledpork to send a `Hangup` signal to the snort pid that you defined in the `pulledpork.conf`.
+ 
+-    ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H
++```bash
++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H
++```
+ 
+ Similar to the first example but all options specified in the `pulledpork.conf` file (other than `disablesid` and `-H`)...
+ 
+-    ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -m /usr/local/etc/snort/sid-msg.map -Hn
++```bash
++./pulledpork.pl -c pulledpork.conf -i disablesid.conf \
++  -m /usr/local/etc/snort/sid-msg.map -Hn
++```
+ 
+ The above will simply read the disablesid and disable as defined, then send a `Hangup` signal after generating the `sid-msg.map`
+ at the specified location without downloading anything.
+@@ -147,25 +128,35 @@ Highly useful when tuning / making changes etc..
+ Next example, snort inline with rules that we want to drop and disable, then `HUP` our daemons after creating a `sid-msg.map`
+ and writing change info to `sid_changes.log`!
+ 
+-    ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \
+-      -h /var/log/sid_changes.log -H
++```bash
++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \
++  -m /usr/local/etc/snort/sid-msg.map -h /var/log/sid_changes.log -H
++```
+ 
+ Next example, same as the previous but specifying that we want to run the default "security" based ruleset
+ and that we want to enable rules specified in `enablesid.conf`.
+ 
+-    ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \
+-      -h /var/log/sid_changes.log -I security -H
++```bash
++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \
++  -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \
++  -h /var/log/sid_changes.log -I security -H
++```
+ 
+ Next example, same as the previous but specifying that we want to `-K` (Keep) the originationg tarball names.
+ and write them to `/usr/local/etc/snort/rules/`
+ 
+-    ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \
+-      -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/
++```bash
++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \
++  -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \
++  -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/
++```
+ 
+ For users of Suricata, the same steps are necessary for where your installation files reside, but all that pulledpork needs to process
+ rule files is the `-S` flag being set to `suricata-3.1.3` or whatever version of suricata you are using
+ 
+-    ./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3
++```bash
++./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3
++```
+ 
+ Pulledpork "should" work with Suricata and ET/ETPro rules. However there is no support for Talos rules to run on Suricata.
+ 
+@@ -173,11 +164,9 @@ Pulledpork "should" work with Suricata and ET/ETPro ru
+ 
+ Please note that pulledpork runs rule modification (enable, drop, disable, modify) in that order by default..
+ 
+-1: enable
+-
+-2: drop
+-
+-3: disable
++1. enable
++2. drop
++3. disable
+ 
+ This means that disable rules will always take precedence.. thusly if you specify the same `gid:sid` 
+ in enable and disable configuration files, then that sid will be disabled.. keep this in mind 
diff --git a/security/pulledpork/files/patch-etc_modifysid.conf b/security/pulledpork/files/patch-etc_modifysid.conf
new file mode 100644
index 000000000000..241094840f27
--- /dev/null
+++ b/security/pulledpork/files/patch-etc_modifysid.conf
@@ -0,0 +1,23 @@
+--- etc/modifysid.conf.orig	2017-12-07 15:13:06 UTC
++++ etc/modifysid.conf
+@@ -2,6 +2,9 @@
+ #
+ # Change history:
+ # -----------------------------------------------
++# v1.2 2/28/2018 Scott Savarese
++# - Insert comments around using regex to match rules
++#
+ # v1.1 2/18/2011  Alan Ptak
+ # - Inserted comments around example elements that would otherwise modify rules
+ #
+@@ -38,3 +41,10 @@
+ # that it is a SNORTSAM block rule!
+ # 17803 "\(msg:"" "\(msg:"SNORTSAM ";
+ # 17803 "^\s*alert" "BLOCK";
++
++# A new regex formatting syntax is available:
++# regex:'PUT_REGEX_HERE' "what I'm replacing" "what I'm replacing it with"
++# This would allow users to manipulate groups of rules. This works the same
++# way as the signature based rules, but instead of matching a hardcoded set of
++# SID, it will go through all rules in GID:1 matching the regex against the
++# rule. Be sure to escape things like ( and '
diff --git a/security/pulledpork/files/patch-etc_pulledpork.conf b/security/pulledpork/files/patch-etc_pulledpork.conf
new file mode 100644
index 000000000000..aab326666913
--- /dev/null
+++ b/security/pulledpork/files/patch-etc_pulledpork.conf
@@ -0,0 +1,34 @@
+--- etc/pulledpork.conf.orig	2017-12-07 15:13:06 UTC
++++ etc/pulledpork.conf
+@@ -123,14 +123,17 @@ config_path=/usr/local/etc/snort/snort.conf
+ 
+ # Define your distro, this is for the precompiled shared object libs!
+ # Valid Distro Types:
+-# Debian-6-0, Ubuntu-10-4
+-# Ubuntu-12-04, Centos-5-4
+-# FC-12, FC-14, RHEL-5-5, RHEL-6-0
+-# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0
+-# OpenBSD-5-2, OpenBSD-5-3
+-# OpenSUSE-11-4, OpenSUSE-12-1
+-# Slackware-13-1
+-distro=FreeBSD-8-1
++# Alpine-3-10
++# Centos-6 Centos-7 Centos-8
++# Debian-8 Debian-9 Debian-10
++# FC-27 FC-30 FC-31
++# FreeBSD-11 FreeBSD-12
++# OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5
++# OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3
++# RHEL-6 RHEL-7 RHEL-8
++# Slackware-14-2
++# Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10
++distro=FreeBSD-12
+ 
+ #######  This next section is optional, but probably pretty useful to you.
+ #######  Please read thoroughly!
+@@ -211,4 +214,4 @@ snort_control=/usr/local/bin/snort_control
+ ####### need to process so_rules, simply comment out the so_rule section
+ ####### you can also specify -T at runtime to process only GID 1 rules.
+ 
+-version=0.7.3
++version=0.7.4
diff --git a/security/pulledpork/files/patch-pulledpork.pl b/security/pulledpork/files/patch-pulledpork.pl
index 14abd0fbaa9c..1f5884389803 100644
--- a/security/pulledpork/files/patch-pulledpork.pl
+++ b/security/pulledpork/files/patch-pulledpork.pl
@@ -1,6 +1,34 @@
---- pulledpork.pl.orig	2017-12-07 15:13:06 UTC
+--- pulledpork.pl.orig	2020-07-02 11:46:17 UTC
 +++ pulledpork.pl
-@@ -90,9 +90,24 @@ if ($oSystem =~ /freebsd/i) {
+@@ -2,7 +2,7 @@
+ 
+ ## pulledpork v(whatever it says below!)
+ 
+-# Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team!
++# Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team!
+ 
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of the GNU General Public License
+@@ -24,6 +24,7 @@ use File::Copy;
+ use LWP::UserAgent;
+ use HTTP::Request::Common;
+ use HTTP::Status qw (is_success);
++
+ #use Crypt::SSLeay;
+ use Sys::Syslog;
+ use Digest::MD5;
+@@ -41,8 +42,8 @@ use Data::Dumper;
+ 
+ # we are gonna need these!
+ my ($oinkcode, $temp_path, $rule_file, $Syslogging);
+-my $VERSION = "PulledPork v0.7.3";
+-my $HUMOR   = "Making signature updates great again!";
++my $VERSION = "PulledPork v0.7.4";
++my $HUMOR   = "Helping you protect your bitcoin wallet!";
+ my $ua      = LWP::UserAgent->new;
+ 
+ #Read in proxy settings from the environment
+@@ -90,9 +91,24 @@ if ($oSystem =~ /freebsd/i) {
              exit(1);
          }
      }
@@ -26,3 +54,115 @@
          syslogit('err|local0',
              "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"
          ) if $Syslogging;
+@@ -201,10 +217,16 @@ sub Help {
+    -D What Distro are you running on, for the so_rules
+       For latest supported options see http://www.snort.org/snort-rules/shared-object-rules
+       Valid Distro Types:
+-        Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4
+-        FC-12, FC-14, RHEL-5-5, RHEL-6-0
+-        FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3
+-        OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1
++	Alpine-3-10
++	Centos-6 Centos-7 Centos-8 Debian-8 Debian-9
++	Debian-10
++	FC-27 FC-30 FC-31
++	FreeBSD-11 FreeBSD-12
++	OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5
++	OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3
++	RHEL-6 RHEL-7 RHEL-8
++	Slackware-14-2
++	Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10
+    -e Where the enablesid config file lives.
+    -E Write ONLY the enabled rules to the output files.
+    -g grabonly (download tarball rule file(s) and do NOT process)
+@@ -277,14 +299,27 @@ sub rule_extract {
+         $rule_file, $temp_path, $Distro, $arch, $Snort,
+         $Sorules,   $ignore,    $docs,   $prefix
+     ) = @_;
+-    print "Prepping rules from $rule_file for work....\n" if !$Quiet;
+-    print "\textracting contents of $temp_path$rule_file...\n"
+-        if ($Verbose && !$Quiet);
++
++    #special case to bypass file operations when -nPT are specified
++    my $BypassTar = 0;
++    if ($Textonly && $NoDownload && $Process) {
++        if ($rule_file =~ /opensource\.gz/) {
++            print "Skipping opensource.gz as -nPT was specified\n" if !$Quiet;
++            $BypassTar = 1;
++        }
++    }
++    if (!$BypassTar) {
++        print "Prepping rules from $rule_file for work....\n" if !$Quiet;
++        print "\textracting contents of $temp_path$rule_file...\n"
++            if ($Verbose && !$Quiet);
++    }
+     mkpath($temp_path . "tha_rules");
+     mkpath($temp_path . "tha_rules/so_rules");
+     my $tar = Archive::Tar->new();
+-    $tar->read($temp_path . $rule_file);
+-    $tar->setcwd(cwd());
++    if (!$BypassTar) {
++        $tar->read($temp_path . $rule_file);
++        $tar->setcwd(cwd());
++    }
+     local $Archive::Tar::CHOWN = 0;
+     my @ignores = split(/,/, $ignore) if (defined $ignore);
+ 
+@@ -345,7 +380,8 @@ sub rule_extract {
+         }
+         elsif ($docs
+             && $filename =~ /^(doc\/signatures\/)?.*\.txt/
+-            && -d $docs)
++            && -d $docs
++            && !$BypassTar)
+         {
+             $singlefile =~ s/^doc\/signatures\///;
+             $tar->extract_file("doc/signatures/$filename",
+@@ -928,7 +964,21 @@ sub modify_sid {
+             }
+             undef @arry;
+         }
++
++        # Handle use case where we want to modify multiple sids based on
++        # comment in rule (think multiple rules with same or similar comment)
++        if ( $_ =~ /^regex:'([^']+)'\s+"(.+)"\s+"(.*)"/ ) {
++            my ( $regex, $from, $to ) = ( $1, $2, $3 );
++            # Go through each rule in gid:1 and look for matching rules
++            foreach my $sid ( sort keys( %{ $$href{1} } ) ) {
++                next unless ( $$href{1}{$sid}{'rule'} =~ /$regex/ );
++                print "\tModifying SID:$sid from:$from to:$to\n"
++                  if ( $Verbose && !$Quiet );
++                $$href{1}{$sid}{'rule'} =~ s/$from/$to/;
++            }
++        }
+     }
++
+     print "\tDone!\n" if !$Quiet;
+     close(FH);
+ }
+@@ -1277,7 +1327,7 @@ sub rule_category_write {
+ ## write our blacklist and blacklist version file!
+ sub blacklist_write {
+     my ($href, $path) = @_;
+-    my $blv   = $Config_info{'IPRVersion'} . "IPRVersion.dat";
++    my $blv   = $Config_info{'IPRVersion'} . "/IPRVersion.dat";
+     my $blver = 0;
+ 
+     # First lets be sure that our data is new, if not skip the rest of it!
+@@ -1769,7 +1819,7 @@ if ($Verbose && !$Quiet) {
+ if (exists $Config_info{'version'}) {
+     croak "You are not using the current version of pulledpork.conf!\n",
+         "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n"
+-        if $Config_info{'version'} ne "0.7.3";
++        if $Config_info{'version'} ne "0.7.4";
+ }
+ else {
+     croak
+@@ -2118,6 +2168,7 @@ if (@base_url && -d $temp_path) {
+                 }
+             }
+             elsif ($base_url =~ /emergingthreatspro.com/) {
++                $prefix = "ET-";
+ 
+                 # These have to be handled separately, as emerginthreatspro will
+                 # support a full version, but emergingthreats only supports the
diff --git a/security/pulledpork/files/pkg-message.in b/security/pulledpork/files/pkg-message.in
index 92ba0a01d6d6..ca9765f0624d 100644
--- a/security/pulledpork/files/pkg-message.in
+++ b/security/pulledpork/files/pkg-message.in
@@ -19,4 +19,13 @@ file name. To get the new download naming schema visit snort.org,
 and look at 'My Account' -> 'Subscriptions and Oinkcodes'
 EOM
 }
+{
+  type: upgrade
+  message: <<EOM
+Please compare existing files under %%ETCDIR%%
+with the new *.sample files and if required adjust 
+the line 'version='
+
+EOM
+}
 ]