commit: 4c54d76e8fab4063a74490103bace21d972a4d9d Author: Marek Szuba <marecki <AT> gentoo <DOT> org> AuthorDate: Wed Feb 28 21:25:33 2024 +0000 Commit: Marek Szuba <marecki <AT> gentoo <DOT> org> CommitDate: Wed Feb 28 21:46:09 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c54d76e
net-analyzer/suricata: add 7.0.3, remove 7.0.2 and 7.0.2-r1 Includes Brahmajit's patch for the gcc-14 issue, as it is yet to be fixed upstream. Closes: https://bugs.gentoo.org/925011 Signed-off-by: Marek Szuba <marecki <AT> gentoo.org> net-analyzer/suricata/Manifest | 4 +- .../suricata-7.0.3_fix-build-with-gcc14.patch | 39 ++++ net-analyzer/suricata/suricata-7.0.2.ebuild | 221 --------------------- ...icata-7.0.2-r1.ebuild => suricata-7.0.3.ebuild} | 3 +- 4 files changed, 43 insertions(+), 224 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index adabc7aa76bc..241154b314b8 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,4 @@ DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 -DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95 -DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B 8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f SHA512 0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056 +DIST suricata-7.0.3.tar.gz 23599903 BLAKE2B b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb SHA512 5a19a00118b86cd9c9b8a4b8399d8deda23beb19a6a6ed49e82240a1a5d4549490f3ce72743f5990c200850e8a64e3a51f45b8c1b8088bdd16aa12341dbf64aa +DIST suricata-7.0.3.tar.gz.sig 566 BLAKE2B 3befe75463a26493b660dc21721e2628a4889d5397d0ada6aa51bd9c748487130dfb56f3fa25b5514411adeaf0b385ee7e9d664ab0af9b6b0a2bef719bdc904f SHA512 a08274708f3aee891b018da613fa60cf66ca09b41f70ed1e89b57d5e778bf97058d71c6ad8c529926783287ddd0f20337957e03ff59b3500c207a4ef7936bfdf diff --git a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch new file mode 100644 index 000000000000..7ebacf76852c --- /dev/null +++ b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch @@ -0,0 +1,39 @@ +Bug: From b5280929c58559c178415ce199157b5c87171258 Mon Sep 17 00:00:00 2001 +From: Brahmajit Das <[email protected]> +Date: Tue, 20 Feb 2024 12:05:57 +0530 +Subject: [PATCH 1/1] Fix passing incompatible pointer type with GCC 14 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 14 (and newer compilers like Clang 16) enables +-Wincompatible-pointer-types by default, along with some other flags. +Thus resulting in build errors such as + +util-host-info.c: In function ‘SCKernelVersionIsAtLeast’: +util-host-info.c:94:31: error: passing argument 1 of ‘pcre2_substring_list_free_8’ from incompatible pointer type [-Wincompatible-pointer-types] + 94 | pcre2_substring_list_free((PCRE2_SPTR *)list); + | ^~~~~~~~~~~~~~~~~~ + | | + | const PCRE2_UCHAR8 ** {aka const unsigned char **} + +Removing the casting make suricata build with GCC 14. + +First discovered on Gentoo Linux with GCC 14 + +Bug: https://bugs.gentoo.org/925011 +Signed-off-by: Brahmajit Das <[email protected]> +--- a/src/util-host-info.c ++++ b/src/util-host-info.c +@@ -91,7 +91,7 @@ int SCKernelVersionIsAtLeast(int major, int minor) + err = true; + } + +- pcre2_substring_list_free((PCRE2_SPTR *)list); ++ pcre2_substring_list_free(list); + pcre2_match_data_free(version_regex_match); + pcre2_code_free(version_regex); + +-- +2.43.2 + diff --git a/net-analyzer/suricata/suricata-7.0.2.ebuild b/net-analyzer/suricata/suricata-7.0.2.ebuild deleted file mode 100644 index 93fe2558be37..000000000000 --- a/net-analyzer/suricata/suricata-7.0.2.ebuild +++ /dev/null @@ -1,221 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{10..12} ) - -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/"; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz - verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" - -LICENSE="GPL-2" -SLOT="0/7" -KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" -VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/openinfosecfoundation.org.asc" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - af-xdp? ( bpf ) - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre2 - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_USEDEP}] - ') - >=net-libs/libhtp-0.5.45 - net-libs/libpcap - sys-apps/file - sys-libs/libcap-ng - af-xdp? ( net-libs/xdp-tools ) - bpf? ( dev-libs/libbpf ) - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/libmaxminddb:= ) - hyperscan? ( dev-libs/hyperscan ) - lua? ( ${LUA_DEPS} ) - lz4? ( app-arch/lz4 ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue? ( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis:= )" -DEPEND="${RDEPEND} - >=dev-build/autoconf-2.69-r5 - virtual/rust" -BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-oisf-20200807 )" - -PATCHES=( - "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" - "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" - "${FILESDIR}/${PN}-6.0.0_default-config.patch" - "${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch" -) - -pkg_pretend() { - if use af-xdp && use kernel_linux; then - if kernel_is -lt 4 18; then - ewarn "Kernel 4.18 or newer is required for AF_XDP" - fi - fi - - if use bpf && use kernel_linux; then - if kernel_is -lt 4 15; then - ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" - fi - - CONFIG_CHECK="~XDP_SOCKETS" - ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " - ERROR_XDP_SOCKETS+="Other eBPF features should work normally." - check_extra_config - fi -} - -src_prepare() { - default - sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die - eautoreconf -} - -src_configure() { - # Bug #861242 - filter-lto - - local myeconfargs=( - "--localstatedir=/var" \ - "--runstatedir=/run" \ - "--enable-non-bundled-htp" \ - "--enable-gccmarch-native=no" \ - "--enable-python" \ - $(use_enable af-packet) \ - $(use_enable af-xdp) \ - $(use_enable bpf ebpf) \ - $(use_enable control-socket unix-socket) \ - $(use_enable cuda) \ - $(use_enable detection) \ - $(use_enable geoip) \ - $(use_enable hardened gccprotect) \ - $(use_enable hardened pie) \ - $(use_enable hyperscan) \ - $(use_enable lz4) \ - $(use_enable nflog) \ - $(use_enable nfqueue) \ - $(use_enable redis hiredis) \ - $(use_enable test unittests) \ - "--disable-coccinelle" - ) - if use lua; then - if use lua_single_target_luajit; then - myeconfargs+=( --enable-luajit ) - else - myeconfargs+=( --enable-lua ) - fi - fi - - if use debug; then - myeconfargs+=( $(use_enable debug) ) - # so we can get a backtrace according to "reporting bugs" on upstream web site - QA_FLAGS_IGNORED="usr/bin/${PN}" - CFLAGS="-ggdb -O0" econf ${myeconfargs[@]} - else - econf ${myeconfargs[@]} - fi -} - -src_install() { - emake DESTDIR="${D}" install - python_optimize - # Bug #878855 - python_fix_shebang "${ED}"/usr/bin/ - - if use bpf; then - rm -f ebpf/Makefile.{am,in} || die - dodoc -r ebpf/ - keepdir /usr/libexec/suricata/ebpf - fi - - insinto "/etc/${PN}" - doins etc/{classification,reference}.config threshold.config suricata.yaml - - keepdir "/var/lib/${PN}/rules" "/var/lib/${PN}/update" - keepdir "/var/log/${PN}" - - fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" - - newinitd "${FILESDIR}/${PN}.initd" ${PN} - newconfd "${FILESDIR}/${PN}.confd" ${PN} - systemd_dounit "${FILESDIR}"/${PN}.service - newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf - - insopts -m0644 - insinto /etc/logrotate.d - newins etc/${PN}.logrotate ${PN} -} - -pkg_postinst() { - tmpfiles_process ${PN}.conf - - elog - if use systemd; then - elog "Suricata requires either the mode of operation (e.g. --af-packet) or the interface to listen on (e.g. -i eth0)" - elog "to be specified on the command line. The provided systemd unit launches Suricata in af-packet mode and relies" - elog "on file configuration to specify interfaces, should you prefer to run it differently you will have to customise" - elog "said unit. The simplest way of doing it is to override the Environment=OPTIONS='...' line using a .conf file" - elog "placed in the directory ${EPREFIX}/etc/systemd/system/suricata.service.d/ ." - elog "For details, see the section on drop-in directories in systemd.unit(5)." - else - elog "The ${PN} init script expects to find the path to the configuration" - elog "file as well as extra options in /etc/conf.d." - elog - elog "To create more than one ${PN} service, simply create a new .yaml file for it" - elog "then create a symlink to the init script from a link called" - elog "${PN}.foo - like so" - elog " cd /etc/${PN}" - elog " ${EDITOR##*/} suricata-foo.yaml" - elog " cd /etc/init.d" - elog " ln -s ${PN} ${PN}.foo" - elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." - elog - elog "You can create as many ${PN}.foo* services as you wish." - fi - - if use bpf; then - elog - elog "eBPF/XDP files must be compiled (using sys-devel/clang[llvm_targets_BPF]) before use" - elog "because their configuration is hard-coded. You can find the default ones in" - elog " ${EPREFIX}/usr/share/doc/${PF}/ebpf" - elog "and the common location for eBPF bytecode is" - elog " ${EPREFIX}/usr/libexec/${PN}" - elog "For more information, see https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html"; - fi - - if use debug; then - elog - elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" - elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"; - elog "You need to also ensure the FEATURES variable in make.conf contains the" - elog "'nostrip' option to produce useful core dumps or back traces." - fi - - elog - if [[ -z "${REPLACING_VERSIONS}" ]]; then - elog "To download and install an initial set of rules, run:" - elog " suricata-update" - fi - elog -} diff --git a/net-analyzer/suricata/suricata-7.0.2-r1.ebuild b/net-analyzer/suricata/suricata-7.0.3.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-7.0.2-r1.ebuild rename to net-analyzer/suricata/suricata-7.0.3.ebuild index 897087d2c82d..31a877d45e4f 100644 --- a/net-analyzer/suricata/suricata-7.0.2-r1.ebuild +++ b/net-analyzer/suricata/suricata-7.0.3.ebuild @@ -39,7 +39,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.45 + >=net-libs/libhtp-0.5.46 net-libs/libpcap sys-apps/file sys-libs/libcap-ng @@ -63,6 +63,7 @@ PATCHES=( "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" "${FILESDIR}/${PN}-6.0.0_default-config.patch" "${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch" + "${FILESDIR}/${PN}-7.0.3_fix-build-with-gcc14.patch" ) pkg_pretend() {
