[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: 2befe2774f886be18f6897f2b4ff63094fdd9126 Author: Marek Szuba gentoo org> AuthorDate: Wed Apr 24 12:37:24 2024 + Commit: Marek Szuba gentoo org> CommitDate: Wed Apr 24 12:38:20 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2befe277 net-analyzer/suricata: add 7.0.5, drop 7.0.4 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 4 +-- .../suricata-7.0.3_fix-build-with-gcc14.patch | 39 -- .../suricata-7.0.5_configure-fortify_source.patch | 18 ++ ...suricata-7.0.4.ebuild => suricata-7.0.5.ebuild} | 4 +-- 4 files changed, 22 insertions(+), 43 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index f41fad6e6ffa..fdaacd396d1e 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-7.0.4.tar.gz 23610769 BLAKE2B 6c85ee7134548261a5a766ee3e7c0ce095ef478e9323342f17bb48eb0abc74035a66212c7f7e6ba45bd2efd552d82ad6d218d4b09279877f60526f8f79de9764 SHA512 098364a5f0b2c14bf3a0c8895ec9c94a23edd990468f618fa35181c54405be6db012a6e97981e0024140864342764df97101be73308c835d6fabf6cd98a7ffc3 -DIST suricata-7.0.4.tar.gz.sig 566 BLAKE2B 56a8d3ba556a233b0f27a992c20e2654a44f5205bfd731662e96f1a6cf5e925d00014f2d379458c917527415c5c3020f897528fb35e6681bcbddde670567e6f0 SHA512 f2694f9a6cc4d644bb629ae49deef22517a970a78fa500384b51b3ed9119fdfa4ff4a4524de55d3b02bf16dc36c52419bc0424f65dd02b0b56349c5d2fc00a52 +DIST suricata-7.0.5.tar.gz 23612189 BLAKE2B 9a44e4561edcc8909853b88779aa520a79b684ca9114479a95b2b34f8e34b6a0f5887d4b332dddb9da225335d7642089345e7f245a1ebce68f42f38126eb4b58 SHA512 4eae28a78e1e9595c7f37215e9cccdf417235eadf3c8a9dc4cb531d7dc3fb353c903154ee745df7a44620d28b84f15d6db95e5f0562744ff7cbaac398d34 +DIST suricata-7.0.5.tar.gz.sig 566 BLAKE2B f1e4885f92d13e3168ae44b2fd2b134e1eee9a71f4d92ee8e60df65af3558f4dfa64919955dc60d597d0ef6c6a92b505ab5974fc2f07cd8dc8b4d889eaa4b4c2 SHA512 5f6c2904441c0cb414990a89a2c5a640da9ef25b572512cb2dbb607c7e469186982299acc98414067f8119c8e7c2d433f1b8cf38d1a3c95235a493311230bfc7 diff --git a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch deleted file mode 100644 index 7ebacf76852c.. --- a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch +++ /dev/null @@ -1,39 +0,0 @@ -Bug: From b5280929c58559c178415ce199157b5c87171258 Mon Sep 17 00:00:00 2001 -From: Brahmajit Das -Date: Tue, 20 Feb 2024 12:05:57 +0530 -Subject: [PATCH 1/1] Fix passing incompatible pointer type with GCC 14 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -GCC 14 (and newer compilers like Clang 16) enables --Wincompatible-pointer-types by default, along with some other flags. -Thus resulting in build errors such as - -util-host-info.c: In function ‘SCKernelVersionIsAtLeast’: -util-host-info.c:94:31: error: passing argument 1 of ‘pcre2_substring_list_free_8’ from incompatible pointer type [-Wincompatible-pointer-types] - 94 | pcre2_substring_list_free((PCRE2_SPTR *)list); - | ^~ - | | - | const PCRE2_UCHAR8 ** {aka const unsigned char **} - -Removing the casting make suricata build with GCC 14. - -First discovered on Gentoo Linux with GCC 14 - -Bug: https://bugs.gentoo.org/925011 -Signed-off-by: Brahmajit Das a/src/util-host-info.c -+++ b/src/util-host-info.c -@@ -91,7 +91,7 @@ int SCKernelVersionIsAtLeast(int major, int minor) - err = true; - } - --pcre2_substring_list_free((PCRE2_SPTR *)list); -+pcre2_substring_list_free(list); - pcre2_match_data_free(version_regex_match); - pcre2_code_free(version_regex); - --- -2.43.2 - diff --git a/net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch b/net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch new file mode 100644 index ..302f9bb382f3 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch @@ -0,0 +1,18 @@ +--- a/configure.ac b/configure.ac +@@ -339,15 +339,6 @@ + [AC_MSG_RESULT(no)]) + CFLAGS="${TMPCFLAGS}" + +-#compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions +-AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2) +-TMPCFLAGS="${CFLAGS}" +-CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2" +-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2" +-AC_MSG_RESULT(yes)], +-[AC_MSG_RESULT(no)]) +-CFLAGS="${TMPCFLAGS}" +- + #compile-time warnings about misuse of format strings + AC_MSG_CHECKING(for -Wformat -Wformat-security) +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: e186e58718acb87a9f12802b237ace95d8a7d906 Author: Marek Szuba gentoo org> AuthorDate: Sun Apr 7 00:01:37 2024 + Commit: Marek Szuba gentoo org> CommitDate: Sun Apr 7 01:04:00 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e186e587 net-analyzer/suricata: add 7.0.4, drop 7.0.3 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 4 ++-- .../suricata/{suricata-7.0.3.ebuild => suricata-7.0.4.ebuild} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 9e0bba5db148..f41fad6e6ffa 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-7.0.3.tar.gz 23599903 BLAKE2B b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb SHA512 5a19a00118b86cd9c9b8a4b8399d8deda23beb19a6a6ed49e82240a1a5d4549490f3ce72743f5990c200850e8a64e3a51f45b8c1b8088bdd16aa12341dbf64aa -DIST suricata-7.0.3.tar.gz.sig 566 BLAKE2B 3befe75463a26493b660dc21721e2628a4889d5397d0ada6aa51bd9c748487130dfb56f3fa25b5514411adeaf0b385ee7e9d664ab0af9b6b0a2bef719bdc904f SHA512 a08274708f3aee891b018da613fa60cf66ca09b41f70ed1e89b57d5e778bf97058d71c6ad8c529926783287ddd0f20337957e03ff59b3500c207a4ef7936bfdf +DIST suricata-7.0.4.tar.gz 23610769 BLAKE2B 6c85ee7134548261a5a766ee3e7c0ce095ef478e9323342f17bb48eb0abc74035a66212c7f7e6ba45bd2efd552d82ad6d218d4b09279877f60526f8f79de9764 SHA512 098364a5f0b2c14bf3a0c8895ec9c94a23edd990468f618fa35181c54405be6db012a6e97981e0024140864342764df97101be73308c835d6fabf6cd98a7ffc3 +DIST suricata-7.0.4.tar.gz.sig 566 BLAKE2B 56a8d3ba556a233b0f27a992c20e2654a44f5205bfd731662e96f1a6cf5e925d00014f2d379458c917527415c5c3020f897528fb35e6681bcbddde670567e6f0 SHA512 f2694f9a6cc4d644bb629ae49deef22517a970a78fa500384b51b3ed9119fdfa4ff4a4524de55d3b02bf16dc36c52419bc0424f65dd02b0b56349c5d2fc00a52 diff --git a/net-analyzer/suricata/suricata-7.0.3.ebuild b/net-analyzer/suricata/suricata-7.0.4.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-7.0.3.ebuild rename to net-analyzer/suricata/suricata-7.0.4.ebuild index 31a877d45e4f..60817c7c0306 100644 --- a/net-analyzer/suricata/suricata-7.0.3.ebuild +++ b/net-analyzer/suricata/suricata-7.0.4.ebuild @@ -39,7 +39,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.46 + >=net-libs/libhtp-0.5.47 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 07e1f3e359b3cfe01d8ef3a1e263af2f8acc23b4 Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 28 21:34:39 2024 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 28 21:46:10 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07e1f3e3 net-analyzer/suricata: drop 6.0.15 No versions affected by the latest batch of CVEs left in the tree. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 - 6_configure-no-sphinx-pdflatex-automagic.patch | 26 --- net-analyzer/suricata/suricata-6.0.15.ebuild | 212 - 3 files changed, 240 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 241154b314b8..9e0bba5db148 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,2 @@ -DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 -DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 DIST suricata-7.0.3.tar.gz 23599903 BLAKE2B b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb SHA512 5a19a00118b86cd9c9b8a4b8399d8deda23beb19a6a6ed49e82240a1a5d4549490f3ce72743f5990c200850e8a64e3a51f45b8c1b8088bdd16aa12341dbf64aa DIST suricata-7.0.3.tar.gz.sig 566 BLAKE2B 3befe75463a26493b660dc21721e2628a4889d5397d0ada6aa51bd9c748487130dfb56f3fa25b5514411adeaf0b385ee7e9d664ab0af9b6b0a2bef719bdc904f SHA512 a08274708f3aee891b018da613fa60cf66ca09b41f70ed1e89b57d5e778bf97058d71c6ad8c529926783287ddd0f20337957e03ff59b3500c207a4ef7936bfdf diff --git a/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch deleted file mode 100644 index be5805e67f87.. --- a/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch +++ /dev/null @@ -1,26 +0,0 @@ -No configure options to disable looking for these, redundant for releases -because the tarballs already contain both PDF documentation and man pages, -and as of 2021-05-11 doc generation is not compatible with sphinx-4.0.0+ -due to conf.py calling long-deprecated app.add_stylesheet() rather -than app.add_css_file(). - a/configure.ac -+++ b/configure.ac -@@ -2423,7 +2423,7 @@ - fi - - # sphinx for documentation --AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no") -+HAVE_SPHINXBUILD="no" - if test "$HAVE_SPHINXBUILD" = "no"; then -enable_sphinxbuild=no -if test -e "$srcdir/doc/userguide/suricata.1"; then -@@ -2434,7 +2434,7 @@ - AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"]) - - # pdflatex for the pdf version of the user manual --AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no") -+HAVE_PDFLATEX="no" - if test "$HAVE_PDFLATEX" = "no"; then -enable_pdflatex=no - fi diff --git a/net-analyzer/suricata/suricata-6.0.15.ebuild b/net-analyzer/suricata/suricata-6.0.15.ebuild deleted file mode 100644 index 045ebbc38788.. --- a/net-analyzer/suricata/suricata-6.0.15.ebuild +++ /dev/null @@ -1,212 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{10..12} ) - -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz - verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" - -LICENSE="GPL-2" -SLOT="0/6" -KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" -VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/openinfosecfoundation.org.asc" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' -
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 4c54d76e8fab4063a74490103bace21d972a4d9d Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 28 21:25:33 2024 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 28 21:46:09 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c54d76e net-analyzer/suricata: add 7.0.3, remove 7.0.2 and 7.0.2-r1 Includes Brahmajit's patch for the gcc-14 issue, as it is yet to be fixed upstream. Closes: https://bugs.gentoo.org/925011 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 4 +- .../suricata-7.0.3_fix-build-with-gcc14.patch | 39 net-analyzer/suricata/suricata-7.0.2.ebuild| 221 - ...icata-7.0.2-r1.ebuild => suricata-7.0.3.ebuild} | 3 +- 4 files changed, 43 insertions(+), 224 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index adabc7aa76bc..241154b314b8 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,4 @@ DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 -DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95 -DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B 8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f SHA512 0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056 +DIST suricata-7.0.3.tar.gz 23599903 BLAKE2B b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb SHA512 5a19a00118b86cd9c9b8a4b8399d8deda23beb19a6a6ed49e82240a1a5d4549490f3ce72743f5990c200850e8a64e3a51f45b8c1b8088bdd16aa12341dbf64aa +DIST suricata-7.0.3.tar.gz.sig 566 BLAKE2B 3befe75463a26493b660dc21721e2628a4889d5397d0ada6aa51bd9c748487130dfb56f3fa25b5514411adeaf0b385ee7e9d664ab0af9b6b0a2bef719bdc904f SHA512 a08274708f3aee891b018da613fa60cf66ca09b41f70ed1e89b57d5e778bf97058d71c6ad8c529926783287ddd0f20337957e03ff59b3500c207a4ef7936bfdf diff --git a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch new file mode 100644 index ..7ebacf76852c --- /dev/null +++ b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch @@ -0,0 +1,39 @@ +Bug: From b5280929c58559c178415ce199157b5c87171258 Mon Sep 17 00:00:00 2001 +From: Brahmajit Das +Date: Tue, 20 Feb 2024 12:05:57 +0530 +Subject: [PATCH 1/1] Fix passing incompatible pointer type with GCC 14 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 14 (and newer compilers like Clang 16) enables +-Wincompatible-pointer-types by default, along with some other flags. +Thus resulting in build errors such as + +util-host-info.c: In function ‘SCKernelVersionIsAtLeast’: +util-host-info.c:94:31: error: passing argument 1 of ‘pcre2_substring_list_free_8’ from incompatible pointer type [-Wincompatible-pointer-types] + 94 | pcre2_substring_list_free((PCRE2_SPTR *)list); + | ^~ + | | + | const PCRE2_UCHAR8 ** {aka const unsigned char **} + +Removing the casting make suricata build with GCC 14. + +First discovered on Gentoo Linux with GCC 14 + +Bug: https://bugs.gentoo.org/925011 +Signed-off-by: Brahmajit Das +--- a/src/util-host-info.c b/src/util-host-info.c +@@ -91,7 +91,7 @@ int SCKernelVersionIsAtLeast(int major, int minor) + err = true; + } + +-pcre2_substring_list_free((PCRE2_SPTR *)list); ++pcre2_substring_list_free(list); + pcre2_match_data_free(version_regex_match); + pcre2_code_free(version_regex); + +-- +2.43.2 + diff --git a/net-analyzer/suricata/suricata-7.0.2.ebuild b/net-analyzer/suricata/suricata-7.0.2.ebuild deleted file mode 100644 index 93fe2558be37.. --- a/net-analyzer/suricata/suricata-7.0.2.ebuild +++ /dev/null @@ -1,221 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: befc4ee3450687083e60cd85b490902af4eac91a Author: Matoro Mahri matoro tk> AuthorDate: Mon Jan 22 17:39:39 2024 + Commit: Ionen Wolkens gentoo org> CommitDate: Tue Jan 23 05:04:44 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=befc4ee3 net-analyzer/suricata: Keyword 7.0.2-r1 x86, #918871 Signed-off-by: Matoro Mahri matoro.tk> Signed-off-by: Ionen Wolkens gentoo.org> net-analyzer/suricata/suricata-7.0.2-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-7.0.2-r1.ebuild b/net-analyzer/suricata/suricata-7.0.2-r1.ebuild index 9f79f08d97d4..897087d2c82d 100644 --- a/net-analyzer/suricata/suricata-7.0.2-r1.ebuild +++ b/net-analyzer/suricata/suricata-7.0.2-r1.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz LICENSE="GPL-2" SLOT="0/7" -KEYWORDS="~amd64 ~riscv" +KEYWORDS="~amd64 ~riscv ~x86" IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/openinfosecfoundation.org.asc"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: ea846f743f1a3f7d6874f22353479121f153bb1f Author: Petr Vaněk gentoo org> AuthorDate: Wed Nov 29 09:23:32 2023 + Commit: Petr Vaněk gentoo org> CommitDate: Wed Nov 29 21:12:17 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea846f74 net-analyzer/suricata: switch to dev-libs/vectorscan Signed-off-by: Petr Vaněk gentoo.org> net-analyzer/suricata/suricata-7.0.2-r1.ebuild | 221 + 1 file changed, 221 insertions(+) diff --git a/net-analyzer/suricata/suricata-7.0.2-r1.ebuild b/net-analyzer/suricata/suricata-7.0.2-r1.ebuild new file mode 100644 index ..67cffa1955a5 --- /dev/null +++ b/net-analyzer/suricata/suricata-7.0.2-r1.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" + +LICENSE="GPL-2" +SLOT="0/7" +KEYWORDS="~amd64 ~riscv" +IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/openinfosecfoundation.org.asc" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + af-xdp? ( bpf ) + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre2 + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.45 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + af-xdp? ( net-libs/xdp-tools ) + bpf?( dev-libs/libbpf ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb:= ) + hyperscan? ( dev-libs/vectorscan:= ) + lua?( ${LUA_DEPS} ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis:= )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" +BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-oisf-20200807 )" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" + "${FILESDIR}/${PN}-6.0.0_default-config.patch" + "${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch" +) + +pkg_pretend() { + if use af-xdp && use kernel_linux; then + if kernel_is -lt 4 18; then + ewarn "Kernel 4.18 or newer is required for AF_XDP" + fi + fi + + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die + eautoreconf +} + +src_configure() { + # Bug #861242 + filter-lto + + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ + "--enable-gccmarch-native=no" \ + "--enable-python" \ + $(use_enable af-packet) \ + $(use_enable af-xdp) \ + $(use_enable bpf ebpf) \ + $(use_enable control-socket unix-socket) \ + $(use_enable cuda) \ + $(use_enable detection) \ + $(use_enable geoip) \ + $(use_enable hardened gccprotect) \ + $(use_enable hardened pie) \ + $(use_enable hyperscan) \ + $(use_enable lz4) \ + $(use_enable nflog) \ + $(use_enable nfqueue) \ + $(use_enable redis hiredis) \ + $(use_enable test unittests) \ + "--disable-coccinelle" + ) +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 0b6d8739571b574f8d417331c2acfc15e16f2514 Author: Marek Szuba gentoo org> AuthorDate: Wed Oct 25 22:01:27 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Oct 25 22:04:29 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b6d8739 net-analyzer/suricata: add 6.0.15 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 + net-analyzer/suricata/suricata-6.0.15.ebuild | 212 +++ 2 files changed, 214 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 60f9530b2507..1f871c0b4c9e 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,5 +1,7 @@ DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 SHA512 7b7ea4b01b6ec4662db1e875e940d667b0aa71b7b91dccf72d32b644c6291814c3fde0c69c96c138d2f1e2412c92456fede823d61c3b7ba63f4bae0edc2dbb0d DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65 +DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 +DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b SHA512 b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d DIST suricata-7.0.0.tar.gz.sig 566 BLAKE2B 11033671642c953282fbb0dda0647d12ee143b16e1ee6202f0cc9bcee94eb123139e075ea860002851c2d37f3c9c7e90b72ef22c6cd0ea82dbf63d2bad852068 SHA512 216463c103c5f5fed3cb83190e78939b1efb6fcfe3f6bb8a023ff8a8df85fd7ad024fcc1d9720f196c6dbe3a3c80285a3689bf6e575ff51253a1e5df1a142fcb DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95 diff --git a/net-analyzer/suricata/suricata-6.0.15.ebuild b/net-analyzer/suricata/suricata-6.0.15.ebuild new file mode 100644 index ..df6ba0f72b6f --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.15.ebuild @@ -0,0 +1,212 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" + +LICENSE="GPL-2" +SLOT="0/6" +KEYWORDS="~amd64 ~riscv ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.45 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html; + fi + + if use debug; then + elog + elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs; +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: fa6a92286aa5b09aa5cfc106758c45d69be4bf76 Author: Marek Szuba gentoo org> AuthorDate: Wed Oct 25 22:01:39 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Oct 25 22:04:30 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa6a9228 net-analyzer/suricata: drop 6.0.13, 7.0.0 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 4 - net-analyzer/suricata/suricata-6.0.13.ebuild | 212 - net-analyzer/suricata/suricata-7.0.0.ebuild | 221 --- 3 files changed, 437 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 1f871c0b4c9e..adabc7aa76bc 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,8 +1,4 @@ -DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 SHA512 7b7ea4b01b6ec4662db1e875e940d667b0aa71b7b91dccf72d32b644c6291814c3fde0c69c96c138d2f1e2412c92456fede823d61c3b7ba63f4bae0edc2dbb0d -DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65 DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 -DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b SHA512 b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d -DIST suricata-7.0.0.tar.gz.sig 566 BLAKE2B 11033671642c953282fbb0dda0647d12ee143b16e1ee6202f0cc9bcee94eb123139e075ea860002851c2d37f3c9c7e90b72ef22c6cd0ea82dbf63d2bad852068 SHA512 216463c103c5f5fed3cb83190e78939b1efb6fcfe3f6bb8a023ff8a8df85fd7ad024fcc1d9720f196c6dbe3a3c80285a3689bf6e575ff51253a1e5df1a142fcb DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95 DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B 8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f SHA512 0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056 diff --git a/net-analyzer/suricata/suricata-6.0.13.ebuild b/net-analyzer/suricata/suricata-6.0.13.ebuild deleted file mode 100644 index 4ea91dc87cfe.. --- a/net-analyzer/suricata/suricata-6.0.13.ebuild +++ /dev/null @@ -1,212 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{9..11} ) - -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz - verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" - -LICENSE="GPL-2" -SLOT="0/6" -KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_USEDEP}] - ') - >=net-libs/libhtp-0.5.44 - net-libs/libpcap - sys-apps/file
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: f9c0cfde624dc27b32b3681e678fdf8f19af04aa Author: Marek Szuba gentoo org> AuthorDate: Wed Oct 25 21:56:36 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Oct 25 22:04:28 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9c0cfde net-analyzer/suricata: add 7.0.2 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 + 2_configure-no-sphinx-pdflatex-automagic.patch | 20 ++ net-analyzer/suricata/suricata-7.0.2.ebuild| 221 + 3 files changed, 243 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 1fff5793c937..60f9530b2507 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -2,3 +2,5 @@ DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110 DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65 DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b SHA512 b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d DIST suricata-7.0.0.tar.gz.sig 566 BLAKE2B 11033671642c953282fbb0dda0647d12ee143b16e1ee6202f0cc9bcee94eb123139e075ea860002851c2d37f3c9c7e90b72ef22c6cd0ea82dbf63d2bad852068 SHA512 216463c103c5f5fed3cb83190e78939b1efb6fcfe3f6bb8a023ff8a8df85fd7ad024fcc1d9720f196c6dbe3a3c80285a3689bf6e575ff51253a1e5df1a142fcb +DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95 +DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B 8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f SHA512 0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056 diff --git a/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch b/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch new file mode 100644 index ..07fddac0a6d2 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch @@ -0,0 +1,20 @@ +--- a/configure.ac b/configure.ac +@@ -2231,7 +2231,7 @@ + fi + + # sphinx-build for documentation, and also check for a new enough version +-AC_PATH_PROG([SPHINX_BUILD], [sphinx-build], [no]) ++SPHINX_BUILD="no" + if test "$SPHINX_BUILD" != "no"; then + MIN_SPHINX_BUILD_VERSION="3.4.3" + sphinx_build_version=$($SPHINX_BUILD --version 2>&1 | cut -d' ' -f2-) +@@ -2257,7 +2257,7 @@ + AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"]) + + # pdflatex for the pdf version of the user manual +-AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no") ++HAVE_PDFLATEX="no" + if test "$HAVE_PDFLATEX" = "no"; then +enable_pdflatex=no + fi diff --git a/net-analyzer/suricata/suricata-7.0.2.ebuild b/net-analyzer/suricata/suricata-7.0.2.ebuild new file mode 100644 index ..a5ec879adeaf --- /dev/null +++ b/net-analyzer/suricata/suricata-7.0.2.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" + +LICENSE="GPL-2" +SLOT="0/7" +KEYWORDS="~amd64 ~riscv ~x86" +IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + af-xdp? ( bpf ) + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre2 + dev-libs/libyaml + net-libs/libnet:* +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 042427cddd54f9811988dc61798ee7c7288ecd3f Author: Marek Szuba gentoo org> AuthorDate: Wed Aug 16 17:06:10 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Aug 16 17:08:40 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=042427cd net-analyzer/suricata: drop 6.0.12 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 - net-analyzer/suricata/suricata-6.0.12.ebuild | 212 --- 2 files changed, 214 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index d3bafea16736..1fff5793c937 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,5 +1,3 @@ -DIST suricata-6.0.12.tar.gz 27388535 BLAKE2B 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6 SHA512 aa8a51e0c6b04640a9df3ca46d736c23f213561a0f47e9022f0bd10cf4652b6912ff576fb6db0b663fcae5ab5a80ef5048da3a323326fb2b6d56d8ef7c0c -DIST suricata-6.0.12.tar.gz.sig 566 BLAKE2B 50102891a3efec7a52e16bf7c3842cbdf3e9feb0f9a1fe34ab714ea1b5f01c02aafec74c7252b1bb0b0da0242c4f4eb1771c74aef06f356672f6e5bcc405b1a8 SHA512 b3cfb4791599e9c48a46cd39e28d74022ac2aa7b6cb04ceff70ae66a5e4b1e166caa48a47869c37cffd82e6eae1f65744ca3d84521f8808f90210039f31b DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 SHA512 7b7ea4b01b6ec4662db1e875e940d667b0aa71b7b91dccf72d32b644c6291814c3fde0c69c96c138d2f1e2412c92456fede823d61c3b7ba63f4bae0edc2dbb0d DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65 DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b SHA512 b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d diff --git a/net-analyzer/suricata/suricata-6.0.12.ebuild b/net-analyzer/suricata/suricata-6.0.12.ebuild deleted file mode 100644 index 9b453e9fdbc6.. --- a/net-analyzer/suricata/suricata-6.0.12.ebuild +++ /dev/null @@ -1,212 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{9..11} ) - -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz - verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" - -LICENSE="GPL-2" -SLOT="0/6" -KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_USEDEP}] - ') - >=net-libs/libhtp-0.5.43 - net-libs/libpcap - sys-apps/file - sys-libs/libcap-ng - bpf?( https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html; - fi - - if use debug; then - elog - elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" - elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs; - elog "You need to also ensure the FEATURES variable in make.conf contains the" - elog "'nostrip' option to produce useful core dumps or back traces." - fi - - elog - if [[ -z "${REPLACING_VERSIONS}" ]]; then - elog "To download and install an initial set of rules, run:" - elog "suricata-update" - fi - elog -}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 6d239f1820f40bccbc6bee23e88c2ac5a2b1dc52 Author: Stijn Tintel linux-ipv6 be> AuthorDate: Thu Jul 27 13:27:03 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Aug 16 17:08:39 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d239f18 net-analyzer/suricata: add 7.0.0 Closes: https://bugs.gentoo.org/911313 Signed-off-by: Stijn Tintel linux-ipv6.be> Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 + net-analyzer/suricata/metadata.xml | 1 + net-analyzer/suricata/suricata-7.0.0.ebuild | 221 3 files changed, 224 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 85d27e588a21..d3bafea16736 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -2,3 +2,5 @@ DIST suricata-6.0.12.tar.gz 27388535 BLAKE2B 3cd16072014e814ec116bbde6649a023020 DIST suricata-6.0.12.tar.gz.sig 566 BLAKE2B 50102891a3efec7a52e16bf7c3842cbdf3e9feb0f9a1fe34ab714ea1b5f01c02aafec74c7252b1bb0b0da0242c4f4eb1771c74aef06f356672f6e5bcc405b1a8 SHA512 b3cfb4791599e9c48a46cd39e28d74022ac2aa7b6cb04ceff70ae66a5e4b1e166caa48a47869c37cffd82e6eae1f65744ca3d84521f8808f90210039f31b DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 SHA512 7b7ea4b01b6ec4662db1e875e940d667b0aa71b7b91dccf72d32b644c6291814c3fde0c69c96c138d2f1e2412c92456fede823d61c3b7ba63f4bae0edc2dbb0d DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65 +DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b SHA512 b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d +DIST suricata-7.0.0.tar.gz.sig 566 BLAKE2B 11033671642c953282fbb0dda0647d12ee143b16e1ee6202f0cc9bcee94eb123139e075ea860002851c2d37f3c9c7e90b72ef22c6cd0ea82dbf63d2bad852068 SHA512 216463c103c5f5fed3cb83190e78939b1efb6fcfe3f6bb8a023ff8a8df85fd7ad024fcc1d9720f196c6dbe3a3c80285a3689bf6e575ff51253a1e5df1a142fcb diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index f55796e7f1ed..ab8f1004e969 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -7,6 +7,7 @@ Enable AF_PACKET support +Enable AF_XDP support Enable support for eBPF (as well as XDP if supported by the kernel and the NIC driver) for low-level, high-speed packet processing Enable unix socket diff --git a/net-analyzer/suricata/suricata-7.0.0.ebuild b/net-analyzer/suricata/suricata-7.0.0.ebuild new file mode 100644 index ..f66b8fc5a628 --- /dev/null +++ b/net-analyzer/suricata/suricata-7.0.0.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{10..12} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" + +LICENSE="GPL-2" +SLOT="0/7" +KEYWORDS="~amd64 ~riscv ~x86" +IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + af-xdp? ( bpf ) + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre2 + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.45 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + af-xdp? ( net-libs/xdp-tools ) + bpf?( dev-libs/libbpf ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb:= ) + hyperscan? ( dev-libs/hyperscan ) + lua?( ${LUA_DEPS} ) + lz4?(
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 777280c0f9eb5db9ca0e0098c0a690c2506ff50f Author: Marek Szuba gentoo org> AuthorDate: Tue Jun 27 20:45:30 2023 + Commit: Marek Szuba gentoo org> CommitDate: Tue Jun 27 21:56:22 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=777280c0 net-analyzer/suricata: add 6.0.13, drop 6.0.11 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 4 ++-- .../suricata/{suricata-6.0.11.ebuild => suricata-6.0.13.ebuild} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 549fe68db0a7..85d27e588a21 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,4 @@ -DIST suricata-6.0.11.tar.gz 27408130 BLAKE2B 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4 SHA512 b9b23aa9f71e9ce9c15312d14624133f772a0df82059a7c911cfb028ff00ba0eb39c7c263cb7f4612d2199c262cef1682c06f8b416a36e37dfb4277f12cb2ce9 -DIST suricata-6.0.11.tar.gz.sig 566 BLAKE2B fb6854b4bade28d4ff5850dace2e71955d587a3a0346bd158796564a3d3440940b90edc85be330ca8f8f903b35c9a7abf01dc2a570f7a74f492ca0bda70b SHA512 4ab0b2823d0260cbb17c1dc25dcf1511b772fd5369555b6f1db9db1cc5bbb66092f1b6c4e4b6f01ee76a6003c51444b44e8529ea6f994a554c42e267295e8dc3 DIST suricata-6.0.12.tar.gz 27388535 BLAKE2B 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6 SHA512 aa8a51e0c6b04640a9df3ca46d736c23f213561a0f47e9022f0bd10cf4652b6912ff576fb6db0b663fcae5ab5a80ef5048da3a323326fb2b6d56d8ef7c0c DIST suricata-6.0.12.tar.gz.sig 566 BLAKE2B 50102891a3efec7a52e16bf7c3842cbdf3e9feb0f9a1fe34ab714ea1b5f01c02aafec74c7252b1bb0b0da0242c4f4eb1771c74aef06f356672f6e5bcc405b1a8 SHA512 b3cfb4791599e9c48a46cd39e28d74022ac2aa7b6cb04ceff70ae66a5e4b1e166caa48a47869c37cffd82e6eae1f65744ca3d84521f8808f90210039f31b +DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110f62bca148871d86509b76ac0c2a873b9fbb9fc981e65897d6443032c27c9f9eeb0fae524f4e56306ed01fe6e32b01 SHA512 7b7ea4b01b6ec4662db1e875e940d667b0aa71b7b91dccf72d32b644c6291814c3fde0c69c96c138d2f1e2412c92456fede823d61c3b7ba63f4bae0edc2dbb0d +DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65 diff --git a/net-analyzer/suricata/suricata-6.0.11.ebuild b/net-analyzer/suricata/suricata-6.0.13.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-6.0.11.ebuild rename to net-analyzer/suricata/suricata-6.0.13.ebuild index 9b453e9fdbc6..4ea91dc87cfe 100644 --- a/net-analyzer/suricata/suricata-6.0.11.ebuild +++ b/net-analyzer/suricata/suricata-6.0.13.ebuild @@ -38,7 +38,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.43 + >=net-libs/libhtp-0.5.44 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: bde43f80ec498f0ecd941ffd08fe5a7141f6ce09 Author: Marek Szuba gentoo org> AuthorDate: Thu May 11 11:40:23 2023 + Commit: Marek Szuba gentoo org> CommitDate: Thu May 11 11:59:32 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bde43f80 net-analyzer/suricata: add 6.0.12, drop 6.0.10 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 4 ++-- .../suricata/{suricata-6.0.10.ebuild => suricata-6.0.12.ebuild} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 6d54b18e09db..549fe68db0a7 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,4 @@ -DIST suricata-6.0.10.tar.gz 27374715 BLAKE2B a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 SHA512 3e49d491cf1fb56a6773308380cae826016041018c18753d18529572712a6ffa415df2798805bffdf8482312fdb69c3f2e05f38870a5b725d333f928b840e1e2 -DIST suricata-6.0.10.tar.gz.sig 566 BLAKE2B 911c3587911dd6b8fbf0932608b2eb80928223d5ed6636abfd9355fcdf6fcb2ff0e3d064d472d2c89417679c68d496ee105dd0cee1f3e8c33de9cd6c90290d9d SHA512 5c6ab8937d82472b0bccae00c94094ee503ac423884d958947f276a4f2d7e9a88646e5ca8deb4b03cb4d035238774a6cd20ddbea9a08a6c5b45b646c1458dca8 DIST suricata-6.0.11.tar.gz 27408130 BLAKE2B 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4 SHA512 b9b23aa9f71e9ce9c15312d14624133f772a0df82059a7c911cfb028ff00ba0eb39c7c263cb7f4612d2199c262cef1682c06f8b416a36e37dfb4277f12cb2ce9 DIST suricata-6.0.11.tar.gz.sig 566 BLAKE2B fb6854b4bade28d4ff5850dace2e71955d587a3a0346bd158796564a3d3440940b90edc85be330ca8f8f903b35c9a7abf01dc2a570f7a74f492ca0bda70b SHA512 4ab0b2823d0260cbb17c1dc25dcf1511b772fd5369555b6f1db9db1cc5bbb66092f1b6c4e4b6f01ee76a6003c51444b44e8529ea6f994a554c42e267295e8dc3 +DIST suricata-6.0.12.tar.gz 27388535 BLAKE2B 3cd16072014e814ec116bbde6649a0230200e447884028fef0440cbbc38a36b28c1edb39098e4089ee966890464bcd2573ea82d3e35e6d034ad465ac20c4c0b6 SHA512 aa8a51e0c6b04640a9df3ca46d736c23f213561a0f47e9022f0bd10cf4652b6912ff576fb6db0b663fcae5ab5a80ef5048da3a323326fb2b6d56d8ef7c0c +DIST suricata-6.0.12.tar.gz.sig 566 BLAKE2B 50102891a3efec7a52e16bf7c3842cbdf3e9feb0f9a1fe34ab714ea1b5f01c02aafec74c7252b1bb0b0da0242c4f4eb1771c74aef06f356672f6e5bcc405b1a8 SHA512 b3cfb4791599e9c48a46cd39e28d74022ac2aa7b6cb04ceff70ae66a5e4b1e166caa48a47869c37cffd82e6eae1f65744ca3d84521f8808f90210039f31b diff --git a/net-analyzer/suricata/suricata-6.0.10.ebuild b/net-analyzer/suricata/suricata-6.0.12.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-6.0.10.ebuild rename to net-analyzer/suricata/suricata-6.0.12.ebuild index bcc930edadc3..9b453e9fdbc6 100644 --- a/net-analyzer/suricata/suricata-6.0.10.ebuild +++ b/net-analyzer/suricata/suricata-6.0.12.ebuild @@ -38,7 +38,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.42 + >=net-libs/libhtp-0.5.43 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 15ad928b7ee2e7463637cdc1d40411a4145b1b35 Author: Marek Szuba gentoo org> AuthorDate: Sun Apr 16 20:02:40 2023 + Commit: Marek Szuba gentoo org> CommitDate: Sun Apr 16 20:03:02 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15ad928b net-analyzer/suricata: add 6.0.11, drop 6.0.9 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 4 ++-- .../{suricata-6.0.9.ebuild => suricata-6.0.11.ebuild} | 13 + 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index d74a829df4e1..6d54b18e09db 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,4 @@ DIST suricata-6.0.10.tar.gz 27374715 BLAKE2B a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 SHA512 3e49d491cf1fb56a6773308380cae826016041018c18753d18529572712a6ffa415df2798805bffdf8482312fdb69c3f2e05f38870a5b725d333f928b840e1e2 DIST suricata-6.0.10.tar.gz.sig 566 BLAKE2B 911c3587911dd6b8fbf0932608b2eb80928223d5ed6636abfd9355fcdf6fcb2ff0e3d064d472d2c89417679c68d496ee105dd0cee1f3e8c33de9cd6c90290d9d SHA512 5c6ab8937d82472b0bccae00c94094ee503ac423884d958947f276a4f2d7e9a88646e5ca8deb4b03cb4d035238774a6cd20ddbea9a08a6c5b45b646c1458dca8 -DIST suricata-6.0.9.tar.gz 27352128 BLAKE2B 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 SHA512 09a24a90db11e74da2d584904987c2d751243a95cf237d13a8b57cdffc6659281c9d572404caea657e637d7eed01ecfe40bdfcfc79c09e1ca8eb26637dddbb6c -DIST suricata-6.0.9.tar.gz.sig 566 BLAKE2B 1ac1bb67caef5e5827127befd269de03ec697a351e80575d1f0f729c491be3601cc2e9372e87f762aefcb8c15403f94f122e3d626061e2215b8edcda38c46f37 SHA512 0df7d1f83bd1adb4e87b0afeada99c64b2aa50fdfb9eda5d44043f4447bceda50a057e78db2397f882efbe7440ba7e3f5db9e610f679938e5ed461f175d70c6f +DIST suricata-6.0.11.tar.gz 27408130 BLAKE2B 41b37168e6c50b32971ad8c0541f3bc1981152c8360bbfc261a9abab5dc229425bef92fe19db5d0ec7cf32abff71acca62934c411aea79f5c8f9b38bd6422ee4 SHA512 b9b23aa9f71e9ce9c15312d14624133f772a0df82059a7c911cfb028ff00ba0eb39c7c263cb7f4612d2199c262cef1682c06f8b416a36e37dfb4277f12cb2ce9 +DIST suricata-6.0.11.tar.gz.sig 566 BLAKE2B fb6854b4bade28d4ff5850dace2e71955d587a3a0346bd158796564a3d3440940b90edc85be330ca8f8f903b35c9a7abf01dc2a570f7a74f492ca0bda70b SHA512 4ab0b2823d0260cbb17c1dc25dcf1511b772fd5369555b6f1db9db1cc5bbb66092f1b6c4e4b6f01ee76a6003c51444b44e8529ea6f994a554c42e267295e8dc3 diff --git a/net-analyzer/suricata/suricata-6.0.9.ebuild b/net-analyzer/suricata/suricata-6.0.11.ebuild similarity index 96% rename from net-analyzer/suricata/suricata-6.0.9.ebuild rename to net-analyzer/suricata/suricata-6.0.11.ebuild index 7f150ca4dc8d..9b453e9fdbc6 100644 --- a/net-analyzer/suricata/suricata-6.0.9.ebuild +++ b/net-analyzer/suricata/suricata-6.0.11.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -38,7 +38,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.42 + >=net-libs/libhtp-0.5.43 net-libs/libpcap sys-apps/file sys-libs/libcap-ng @@ -119,6 +119,7 @@ src_configure() { if use debug; then myeconfargs+=( $(use_enable debug) ) # so we can get a backtrace according to "reporting bugs" on upstream web site + QA_FLAGS_IGNORED="usr/bin/${PN}" CFLAGS="-ggdb -O0" econf ${myeconfargs[@]} else econf ${myeconfargs[@]} @@ -145,7 +146,7 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 2750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" + fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" newinitd "${FILESDIR}/${PN}.initd" ${PN} newconfd "${FILESDIR}/${PN}.confd" ${PN} @@ -205,11 +206,7 @@ pkg_postinst() { elog if [[ -z "${REPLACING_VERSIONS}" ]]; then elog "To download and install an initial set of rules, run:" - elog "emerge --config =${CATEGORY}/${PF}" + elog "suricata-update" fi elog } - -pkg_config() { - suricata-update -}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 8532e51714ce99ea6db20cfedde4d976291e70d3 Author: Marek Szuba gentoo org> AuthorDate: Wed Mar 22 23:02:00 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Mar 22 23:43:34 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8532e517 net-analyzer/suricata: make rule-file and update dirs setuid suricata So that it is possible to run suricata-update as root (which according to upstream documentation is still very much allowed) but have suricata itself drop its privileges, without having to manually change the ownership of downloaded files. In the long run it would be nice for suricata-update to drop privileges as well - but that's something for upstream to take care of, and setuid suricata on the relevant directories appears to work fine. Closes: https://bugs.gentoo.org/900627 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.10.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.10.ebuild b/net-analyzer/suricata/suricata-6.0.10.ebuild index 697b19988894..bcc930edadc3 100644 --- a/net-analyzer/suricata/suricata-6.0.10.ebuild +++ b/net-analyzer/suricata/suricata-6.0.10.ebuild @@ -146,7 +146,7 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 2750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" + fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" newinitd "${FILESDIR}/${PN}.initd" ${PN} newconfd "${FILESDIR}/${PN}.confd" ${PN}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: b17adffd47e3d9b107b7c25fb1f17a2edf3df605 Author: Marek Szuba gentoo org> AuthorDate: Wed Mar 1 22:29:51 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Mar 1 23:11:58 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b17adffd net-analyzer/suricata: allow ignoring CFLAGS for USE=debug We set specific compiler flags when Suricata is built in debug mode in order to confirm with upstream bug-reporting policy. Closes: https://bugs.gentoo.org/889748 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.10.ebuild | 1 + 1 file changed, 1 insertion(+) diff --git a/net-analyzer/suricata/suricata-6.0.10.ebuild b/net-analyzer/suricata/suricata-6.0.10.ebuild index 69445880fb19..697b19988894 100644 --- a/net-analyzer/suricata/suricata-6.0.10.ebuild +++ b/net-analyzer/suricata/suricata-6.0.10.ebuild @@ -119,6 +119,7 @@ src_configure() { if use debug; then myeconfargs+=( $(use_enable debug) ) # so we can get a backtrace according to "reporting bugs" on upstream web site + QA_FLAGS_IGNORED="usr/bin/${PN}" CFLAGS="-ggdb -O0" econf ${myeconfargs[@]} else econf ${myeconfargs[@]}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 8b6d65a2f8918e747d3801e689c9349f9de02140 Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 1 10:47:06 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 1 10:50:37 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b6d65a2 net-analyzer/suricata: add 6.0.10 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 + net-analyzer/suricata/suricata-6.0.10.ebuild | 211 +++ 2 files changed, 213 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 2314e0a6d360..d2780384de9a 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,3 +1,5 @@ +DIST suricata-6.0.10.tar.gz 27374715 BLAKE2B a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 SHA512 3e49d491cf1fb56a6773308380cae826016041018c18753d18529572712a6ffa415df2798805bffdf8482312fdb69c3f2e05f38870a5b725d333f928b840e1e2 +DIST suricata-6.0.10.tar.gz.sig 566 BLAKE2B 911c3587911dd6b8fbf0932608b2eb80928223d5ed6636abfd9355fcdf6fcb2ff0e3d064d472d2c89417679c68d496ee105dd0cee1f3e8c33de9cd6c90290d9d SHA512 5c6ab8937d82472b0bccae00c94094ee503ac423884d958947f276a4f2d7e9a88646e5ca8deb4b03cb4d035238774a6cd20ddbea9a08a6c5b45b646c1458dca8 DIST suricata-6.0.8.tar.gz 32697425 BLAKE2B 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba SHA512 ab1eceedde70179e4a447297039e64132e0a2361e8424ad42c9037273a3f6eaf4c8d5d0306af6f26c8b373636b621ac1d7d505952306d9170c6a87e6fb863b61 DIST suricata-6.0.8.tar.gz.sig 566 BLAKE2B 817756401d628e49fb0f54faca05d87131711946aa641d0f0a5957fa2f5d6378e1b5cafeaf67b176b66cb0be0afd790aea1312042a195535e57571276aef1edc SHA512 d0d354b6fca3ef088e2371d6262f4bd45fb06747fcc32519510e690ced933d828fc1acf64d8d1b17d0360ce280905e5bf4b1c9fb8016d82cdee57a432bded884 DIST suricata-6.0.9.tar.gz 27352128 BLAKE2B 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 SHA512 09a24a90db11e74da2d584904987c2d751243a95cf237d13a8b57cdffc6659281c9d572404caea657e637d7eed01ecfe40bdfcfc79c09e1ca8eb26637dddbb6c diff --git a/net-analyzer/suricata/suricata-6.0.10.ebuild b/net-analyzer/suricata/suricata-6.0.10.ebuild new file mode 100644 index ..69445880fb19 --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.10.ebuild @@ -0,0 +1,211 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{9..11} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" + +LICENSE="GPL-2" +SLOT="0/6" +KEYWORDS="~amd64 ~riscv ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.42 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html; + fi + + if use debug; then + elog + elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs; + elog "You need to also ensure the FEATURES variable in make.conf contains the" + elog "'nostrip' option to produce useful core dumps or back traces." + fi + + elog + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "To download and install an initial set of rules, run:" + elog "suricata-update" + fi + elog +}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: d84c3680afade906ec0cfcb2822c7cb2e75ad785 Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 1 10:47:34 2023 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 1 10:50:38 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d84c3680 net-analyzer/suricata: drop 6.0.8-r1 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 - net-analyzer/suricata/suricata-6.0.8-r1.ebuild | 215 - 2 files changed, 217 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index d2780384de9a..d74a829df4e1 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,6 +1,4 @@ DIST suricata-6.0.10.tar.gz 27374715 BLAKE2B a2b334c0139ead0b914ba6039c116ebad30dd3b5c0d4bb751f608af83e1487a67b96224ffe61635468dc49a9e44f03a76facf2af66582ba18e364f233029b532 SHA512 3e49d491cf1fb56a6773308380cae826016041018c18753d18529572712a6ffa415df2798805bffdf8482312fdb69c3f2e05f38870a5b725d333f928b840e1e2 DIST suricata-6.0.10.tar.gz.sig 566 BLAKE2B 911c3587911dd6b8fbf0932608b2eb80928223d5ed6636abfd9355fcdf6fcb2ff0e3d064d472d2c89417679c68d496ee105dd0cee1f3e8c33de9cd6c90290d9d SHA512 5c6ab8937d82472b0bccae00c94094ee503ac423884d958947f276a4f2d7e9a88646e5ca8deb4b03cb4d035238774a6cd20ddbea9a08a6c5b45b646c1458dca8 -DIST suricata-6.0.8.tar.gz 32697425 BLAKE2B 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba SHA512 ab1eceedde70179e4a447297039e64132e0a2361e8424ad42c9037273a3f6eaf4c8d5d0306af6f26c8b373636b621ac1d7d505952306d9170c6a87e6fb863b61 -DIST suricata-6.0.8.tar.gz.sig 566 BLAKE2B 817756401d628e49fb0f54faca05d87131711946aa641d0f0a5957fa2f5d6378e1b5cafeaf67b176b66cb0be0afd790aea1312042a195535e57571276aef1edc SHA512 d0d354b6fca3ef088e2371d6262f4bd45fb06747fcc32519510e690ced933d828fc1acf64d8d1b17d0360ce280905e5bf4b1c9fb8016d82cdee57a432bded884 DIST suricata-6.0.9.tar.gz 27352128 BLAKE2B 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 SHA512 09a24a90db11e74da2d584904987c2d751243a95cf237d13a8b57cdffc6659281c9d572404caea657e637d7eed01ecfe40bdfcfc79c09e1ca8eb26637dddbb6c DIST suricata-6.0.9.tar.gz.sig 566 BLAKE2B 1ac1bb67caef5e5827127befd269de03ec697a351e80575d1f0f729c491be3601cc2e9372e87f762aefcb8c15403f94f122e3d626061e2215b8edcda38c46f37 SHA512 0df7d1f83bd1adb4e87b0afeada99c64b2aa50fdfb9eda5d44043f4447bceda50a057e78db2397f882efbe7440ba7e3f5db9e610f679938e5ed461f175d70c6f diff --git a/net-analyzer/suricata/suricata-6.0.8-r1.ebuild b/net-analyzer/suricata/suricata-6.0.8-r1.ebuild deleted file mode 100644 index f43461cd5001.. --- a/net-analyzer/suricata/suricata-6.0.8-r1.ebuild +++ /dev/null @@ -1,215 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{9..11} ) - -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz - verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" - -LICENSE="GPL-2" -SLOT="0/6" -KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" -VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_USEDEP}] - ') - >=net-libs/libhtp-0.5.41 - net-libs/libpcap - sys-apps/file - sys-libs/libcap-ng - bpf?( https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html; - fi - - if use debug; then - elog - elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" - elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs; - elog "You need to also ensure the FEATURES variable in make.conf contains the" - elog "'nostrip' option to produce useful core dumps or back traces." - fi - - elog - if [[ -z "${REPLACING_VERSIONS}" ]]; then - elog "To download and install an
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 56123cf7a6c8f01ae24fe2b8cd958201e95c816f Author: Marek Szuba gentoo org> AuthorDate: Fri Dec 2 09:46:02 2022 + Commit: Marek Szuba gentoo org> CommitDate: Fri Dec 2 10:00:06 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56123cf7 net-analyzer/suricata: add 6.0.9 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 + net-analyzer/suricata/suricata-6.0.9.ebuild | 215 2 files changed, 217 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 3be5cf6b3c89..2314e0a6d360 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,4 @@ DIST suricata-6.0.8.tar.gz 32697425 BLAKE2B 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba SHA512 ab1eceedde70179e4a447297039e64132e0a2361e8424ad42c9037273a3f6eaf4c8d5d0306af6f26c8b373636b621ac1d7d505952306d9170c6a87e6fb863b61 DIST suricata-6.0.8.tar.gz.sig 566 BLAKE2B 817756401d628e49fb0f54faca05d87131711946aa641d0f0a5957fa2f5d6378e1b5cafeaf67b176b66cb0be0afd790aea1312042a195535e57571276aef1edc SHA512 d0d354b6fca3ef088e2371d6262f4bd45fb06747fcc32519510e690ced933d828fc1acf64d8d1b17d0360ce280905e5bf4b1c9fb8016d82cdee57a432bded884 +DIST suricata-6.0.9.tar.gz 27352128 BLAKE2B 966657eeff216894f6357989f0317b7c5eed82602ca2381269446cbe4c015be449f5598726b2f58924f20aca30c4e130ecafe642ea4ce39f1671f46093292551 SHA512 09a24a90db11e74da2d584904987c2d751243a95cf237d13a8b57cdffc6659281c9d572404caea657e637d7eed01ecfe40bdfcfc79c09e1ca8eb26637dddbb6c +DIST suricata-6.0.9.tar.gz.sig 566 BLAKE2B 1ac1bb67caef5e5827127befd269de03ec697a351e80575d1f0f729c491be3601cc2e9372e87f762aefcb8c15403f94f122e3d626061e2215b8edcda38c46f37 SHA512 0df7d1f83bd1adb4e87b0afeada99c64b2aa50fdfb9eda5d44043f4447bceda50a057e78db2397f882efbe7440ba7e3f5db9e610f679938e5ed461f175d70c6f diff --git a/net-analyzer/suricata/suricata-6.0.9.ebuild b/net-analyzer/suricata/suricata-6.0.9.ebuild new file mode 100644 index ..7f150ca4dc8d --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.9.ebuild @@ -0,0 +1,215 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{9..11} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" + +LICENSE="GPL-2" +SLOT="0/6" +KEYWORDS="~amd64 ~riscv ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.42 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html; + fi + + if use debug; then + elog + elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs; + elog "You need to also ensure the FEATURES variable in make.conf contains the" + elog "'nostrip' option to produce useful core dumps or back traces." + fi + + elog + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "To download and install an initial set of rules, run:" + elog "emerge --config =${CATEGORY}/${PF}" + fi + elog +} + +pkg_config() { + suricata-update +}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: fa455e775b038a6b8e1c0fe57df3ed0d39882955 Author: Marek Szuba gentoo org> AuthorDate: Wed Nov 9 22:59:42 2022 + Commit: Marek Szuba gentoo org> CommitDate: Thu Nov 10 00:42:08 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa455e77 net-analyzer/suricata: do not mention version 5 any more Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.8-r1.ebuild | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net-analyzer/suricata/suricata-6.0.8-r1.ebuild b/net-analyzer/suricata/suricata-6.0.8-r1.ebuild index 9b39a338afc0..1caffbd09a2c 100644 --- a/net-analyzer/suricata/suricata-6.0.8-r1.ebuild +++ b/net-analyzer/suricata/suricata-6.0.8-r1.ebuild @@ -203,11 +203,7 @@ pkg_postinst() { fi elog - if [[ -n "${REPLACING_VERSIONS}" ]]; then - ewarn "Since version 6.0.0 Suricata no longer supports the unified2 output format commonly used" - ewarn "in legacy, Snort-compatible IDS solutions, e.g. ones based on net-analyzer/barnyard2." - ewarn "If you need unified2 support, please continue to use suricata-5." - else + if [[ -z "${REPLACING_VERSIONS}" ]]; then elog "To download and install an initial set of rules, run:" elog "emerge --config =${CATEGORY}/${PF}" fi
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 4cc4a0c4fc45b09318bd4a9a73032270f30748b5 Author: Marek Szuba gentoo org> AuthorDate: Tue Nov 1 12:58:35 2022 + Commit: Marek Szuba gentoo org> CommitDate: Tue Nov 1 13:10:33 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4cc4a0c4 net-analyzer/suricata: revbump for Python shebang change Was going to make some additional potentially revbump-requiring tweaking but have run out of time for now. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/{suricata-6.0.8.ebuild => suricata-6.0.8-r1.ebuild} | 0 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/net-analyzer/suricata/suricata-6.0.8.ebuild b/net-analyzer/suricata/suricata-6.0.8-r1.ebuild similarity index 100% rename from net-analyzer/suricata/suricata-6.0.8.ebuild rename to net-analyzer/suricata/suricata-6.0.8-r1.ebuild
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: ccd5c182f09cb41b255b1c1ba6c2226e6158de5e Author: Marek Szuba gentoo org> AuthorDate: Tue Nov 1 00:27:56 2022 + Commit: Marek Szuba gentoo org> CommitDate: Tue Nov 1 00:36:30 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccd5c182 net-analyzer/suricata: fix shebangs in installed Python scripts Closes: https://bugs.gentoo.org/878855 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.8.ebuild | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net-analyzer/suricata/suricata-6.0.8.ebuild b/net-analyzer/suricata/suricata-6.0.8.ebuild index 5176b2844776..9b39a338afc0 100644 --- a/net-analyzer/suricata/suricata-6.0.8.ebuild +++ b/net-analyzer/suricata/suricata-6.0.8.ebuild @@ -128,6 +128,8 @@ src_configure() { src_install() { emake DESTDIR="${D}" install python_optimize + # Bug #878855 + python_fix_shebang "${ED}"/usr/bin/ if use bpf; then rm -f ebpf/Makefile.{am,in} || die
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 9da636ee58895a292c2eabc921b986b6cf1993f7 Author: Marek Szuba gentoo org> AuthorDate: Tue Oct 4 00:34:18 2022 + Commit: Marek Szuba gentoo org> CommitDate: Tue Oct 4 00:52:51 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9da636ee net-analyzer/suricata: add 6.0.8, drop 6.0.6-r1 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 4 ++-- .../suricata/{suricata-6.0.6-r1.ebuild => suricata-6.0.8.ebuild} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 0d0da5219528..3be5cf6b3c89 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-6.0.6.tar.gz 32651139 BLAKE2B de0a73c618c1e2777019de6b29be5224db1885840cba8d05ad4a83fc082408e5d8b16d2c6055701f5d279852a99bea5dea01bed58ad0148afd76c1158e693f16 SHA512 184e5a2f3a68de33198f6f0e681710b3f04ed083081ef989dba77d1afb78922c5afdcdaa18ca92c6ed79b98134a3c42b13e1f3e91d20ea10ca74a692f93c5101 -DIST suricata-6.0.6.tar.gz.sig 566 BLAKE2B 07a1d3ccf434eb0bff36009d36b449ed3295e78ca217efc3bfb722169f80e513621878077e5d2e6a5085db6dff3dfcb0d37ca3d125b590b4ba56a6135293377b SHA512 8dc242af8d176699c710c27ec4ebc37c1363ebed1601de9a6f5a81a393079eff4680e6912674872861d905cfe85dfa610c2a66a9a79980603868bb9d515ffe29 +DIST suricata-6.0.8.tar.gz 32697425 BLAKE2B 1e445885f3a672081cbb8f17de9fb0fa21a2c618b80ea8d3d9362c0475149d833986cac047ad90b1c1a5b5b19025ff501a695e0f197c00457859b3858f51ecba SHA512 ab1eceedde70179e4a447297039e64132e0a2361e8424ad42c9037273a3f6eaf4c8d5d0306af6f26c8b373636b621ac1d7d505952306d9170c6a87e6fb863b61 +DIST suricata-6.0.8.tar.gz.sig 566 BLAKE2B 817756401d628e49fb0f54faca05d87131711946aa641d0f0a5957fa2f5d6378e1b5cafeaf67b176b66cb0be0afd790aea1312042a195535e57571276aef1edc SHA512 d0d354b6fca3ef088e2371d6262f4bd45fb06747fcc32519510e690ced933d828fc1acf64d8d1b17d0360ce280905e5bf4b1c9fb8016d82cdee57a432bded884 diff --git a/net-analyzer/suricata/suricata-6.0.6-r1.ebuild b/net-analyzer/suricata/suricata-6.0.8.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-6.0.6-r1.ebuild rename to net-analyzer/suricata/suricata-6.0.8.ebuild index eb585ca69101..5176b2844776 100644 --- a/net-analyzer/suricata/suricata-6.0.6-r1.ebuild +++ b/net-analyzer/suricata/suricata-6.0.8.ebuild @@ -38,7 +38,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.40 + >=net-libs/libhtp-0.5.41 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 748cdd7b6cc6c2c5b3fd4ab2796e12054b8d666a Author: Marek Szuba gentoo org> AuthorDate: Thu Sep 1 11:59:55 2022 + Commit: Marek Szuba gentoo org> CommitDate: Thu Sep 1 11:59:55 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=748cdd7b net-analyzer/suricata: require () APIs were deprecated since libbpf-0.8.0 and have been removed before 1.0 release; see https://lore.kernel.org/bpf/Yrwhi2VWtxF+QJk6@boxer/T/ Closes: https://bugs.gentoo.org/867757 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.6-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.6-r1.ebuild b/net-analyzer/suricata/suricata-6.0.6-r1.ebuild index aa3162a55d94..eb585ca69101 100644 --- a/net-analyzer/suricata/suricata-6.0.6-r1.ebuild +++ b/net-analyzer/suricata/suricata-6.0.6-r1.ebuild @@ -42,7 +42,7 @@ RDEPEND="${PYTHON_DEPS} net-libs/libpcap sys-apps/file sys-libs/libcap-ng - bpf?( >=dev-libs/libbpf-0.1.0 ) + bpf?(
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, profiles/, net-analyzer/suricata/
commit: 0d7e04faf5b1c641c4cc783fd4f156fee1bde66b Author: Marek Szuba gentoo org> AuthorDate: Wed Aug 31 15:31:52 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Aug 31 15:33:40 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d7e04fa net-analyzer/suricata: drop EOLed major version 5 Closes: https://bugs.gentoo.org/862813 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 - net-analyzer/suricata/files/suricata-5.0.1-conf| 62 -- net-analyzer/suricata/files/suricata-5.0.1-init| 147 -- .../files/suricata-5.0.1_default-config.patch | 27 --- net-analyzer/suricata/suricata-5.0.10.ebuild | 211 - profiles/package.mask | 5 - 6 files changed, 453 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 4c10e0066966..0d0da5219528 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,3 +1,2 @@ -DIST suricata-5.0.10.tar.gz 29391642 BLAKE2B b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467 SHA512 c59719d42a236ac7421e0bcf6894f113c8f7518e2b5dde558cbe57c12b68b86ef700bae3f4047c6b2677a784061951fc9d058e9f59b11846279da06e9649ac56 DIST suricata-6.0.6.tar.gz 32651139 BLAKE2B de0a73c618c1e2777019de6b29be5224db1885840cba8d05ad4a83fc082408e5d8b16d2c6055701f5d279852a99bea5dea01bed58ad0148afd76c1158e693f16 SHA512 184e5a2f3a68de33198f6f0e681710b3f04ed083081ef989dba77d1afb78922c5afdcdaa18ca92c6ed79b98134a3c42b13e1f3e91d20ea10ca74a692f93c5101 DIST suricata-6.0.6.tar.gz.sig 566 BLAKE2B 07a1d3ccf434eb0bff36009d36b449ed3295e78ca217efc3bfb722169f80e513621878077e5d2e6a5085db6dff3dfcb0d37ca3d125b590b4ba56a6135293377b SHA512 8dc242af8d176699c710c27ec4ebc37c1363ebed1601de9a6f5a81a393079eff4680e6912674872861d905cfe85dfa610c2a66a9a79980603868bb9d515ffe29 diff --git a/net-analyzer/suricata/files/suricata-5.0.1-conf b/net-analyzer/suricata/files/suricata-5.0.1-conf deleted file mode 100644 index 7f22113dbf0d.. --- a/net-analyzer/suricata/files/suricata-5.0.1-conf +++ /dev/null @@ -1,62 +0,0 @@ -# Config file for /etc/init.d/suricata* - -# Where config files are stored. Default: - -# SURICATA_DIR="/etc/suricata" - -# Pass options to each suricata service. -# -# You can launch more than one service at the same time with different options. -# This can be useful in a multi-queue gateway, for example. -# You can expand on the Suricata inline example found at: -# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html -# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" -# on several queues. You can then have a Suricata instance processing traffic for each queue. -# This should help improve performance on the gateway/firewall. -# -# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: -# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 -# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 -# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml -# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml -# -# Edit both suricata-q{0,1}.yaml files and set values accordingly. -# You can override these yaml config file names with SURICATA_CONF* below (optional). -# This allows you to use the same yaml config file for multiple instances as long as you override -# sensible options such as the log file paths. -# SURICATA_CONF_q0="suricata-queues.yaml" -# SURICATA_CONF_q1="suricata-queues.yaml" -# SURICATA_CONF="suricata.yaml" - -# You can define the options here: -# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. - -# SURICATA_OPTS_q0="-q 0" -# SURICATA_OPTS_q1="-q 1" - -# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata -# then you can set: - -SURICATA_OPTS="--af-packet" - -# Log paths listed here will be created by the init script and will override the log path -# set in the yaml file, if present. -# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" -# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" -# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" - -# Run as user/group. -# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). -# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. -# SURICATA_USER_q0="suricata" -# SURICATA_GROUP_q0="suricata" -# SURICATA_USER_q1="suricata" -# SURICATA_GROUP_q1="suricata" -# SURICATA_USER="suricata" -# SURICATA_GROUP="suricata" - -# Suricata processes can take a long time to shut down. -# If necessary, adjust timeout in seconds to be used when calling stop from
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 273a7f92150be905787cd14cb7896bc844fed7e1 Author: Marek Szuba gentoo org> AuthorDate: Wed Aug 24 15:16:23 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Aug 24 15:36:16 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=273a7f92 net-analyzer/suricata: enable py3.11 Builds, tests and installs fine with this Python version. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.6.ebuild b/net-analyzer/suricata/suricata-6.0.6.ebuild index 751a280a7b5d..a3816e04eee7 100644 --- a/net-analyzer/suricata/suricata-6.0.6.ebuild +++ b/net-analyzer/suricata/suricata-6.0.6.ebuild @@ -4,7 +4,7 @@ EAPI=8 LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{8..10} ) +PYTHON_COMPAT=( python3_{8..11} ) inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: cfb2e41c5dff7fa16debdb27c58fcdfb66f3c5b8 Author: Marek Szuba gentoo org> AuthorDate: Wed Aug 24 15:34:28 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Aug 24 15:36:18 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfb2e41c net-analyzer/suricata: remove bashisms from the init script Closes: https://bugs.gentoo.org/840945 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/files/suricata.confd | 62 + net-analyzer/suricata/files/suricata.initd | 147 + ...icata-6.0.6.ebuild => suricata-6.0.6-r1.ebuild} | 4 +- 3 files changed, 211 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/files/suricata.confd b/net-analyzer/suricata/files/suricata.confd new file mode 100644 index ..7f22113dbf0d --- /dev/null +++ b/net-analyzer/suricata/files/suricata.confd @@ -0,0 +1,62 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# +# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# +# Edit both suricata-q{0,1}.yaml files and set values accordingly. +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. + +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +SURICATA_OPTS="--af-packet" + +# Log paths listed here will be created by the init script and will override the log path +# set in the yaml file, if present. +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" + +# Suricata processes can take a long time to shut down. +# If necessary, adjust timeout in seconds to be used when calling stop from the init script. +# Examples: +# SURICATA_MAX_WAIT_ON_STOP="300" +# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30" diff --git a/net-analyzer/suricata/files/suricata.initd b/net-analyzer/suricata/files/suricata.initd new file mode 100644 index ..154636ef828e --- /dev/null +++ b/net-analyzer/suricata/files/suricata.initd @@ -0,0 +1,147 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +SURICATA_BIN=/usr/bin/suricata +SURICATA_DIR=${SURICATA_DIR:-/etc/suricata} +SURICATA=${SVCNAME#*.} +SURICATAID=$(shell_var "${SURICATA}") +if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then +eval SURICATACONF=\$SURICATA_CONF_${SURICATAID} +[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" +SURICATAPID="/run/suricata/suricata.${SURICATA}.pid" +eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} +eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} +eval SURICATAUSER=\$SURICATA_USER_${SURICATAID} +eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID} +else +SURICATACONF=${SURICATA_CONF} +[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 4e48545f46682625aa2fae6ffe25e86096c583a5 Author: Marek Szuba gentoo org> AuthorDate: Wed Aug 24 15:17:08 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Aug 24 15:36:16 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e48545f net-analyzer/suricata: add USE=verify-sig support Suggested-by: Jonathan Davies protonmail.com> Closes: https://github.com/gentoo/gentoo/pull/24615 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/suricata-6.0.6.ebuild | 7 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 57121c96f9d8..4c10e0066966 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,3 @@ DIST suricata-5.0.10.tar.gz 29391642 BLAKE2B b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467 SHA512 c59719d42a236ac7421e0bcf6894f113c8f7518e2b5dde558cbe57c12b68b86ef700bae3f4047c6b2677a784061951fc9d058e9f59b11846279da06e9649ac56 DIST suricata-6.0.6.tar.gz 32651139 BLAKE2B de0a73c618c1e2777019de6b29be5224db1885840cba8d05ad4a83fc082408e5d8b16d2c6055701f5d279852a99bea5dea01bed58ad0148afd76c1158e693f16 SHA512 184e5a2f3a68de33198f6f0e681710b3f04ed083081ef989dba77d1afb78922c5afdcdaa18ca92c6ed79b98134a3c42b13e1f3e91d20ea10ca74a692f93c5101 +DIST suricata-6.0.6.tar.gz.sig 566 BLAKE2B 07a1d3ccf434eb0bff36009d36b449ed3295e78ca217efc3bfb722169f80e513621878077e5d2e6a5085db6dff3dfcb0d37ca3d125b590b4ba56a6135293377b SHA512 8dc242af8d176699c710c27ec4ebc37c1363ebed1601de9a6f5a81a393079eff4680e6912674872861d905cfe85dfa610c2a66a9a79980603868bb9d515ffe29 diff --git a/net-analyzer/suricata/suricata-6.0.6.ebuild b/net-analyzer/suricata/suricata-6.0.6.ebuild index a3816e04eee7..054eb7c52431 100644 --- a/net-analyzer/suricata/suricata-6.0.6.ebuild +++ b/net-analyzer/suricata/suricata-6.0.6.ebuild @@ -6,16 +6,18 @@ EAPI=8 LUA_COMPAT=( lua5-1 luajit ) PYTHON_COMPAT=( python3_{8..11} ) -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" HOMEPAGE="https://suricata.io/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz + verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" LICENSE="GPL-2" SLOT="0/6" KEYWORDS="~amd64 ~riscv ~x86" IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc" RESTRICT="!test? ( test )" @@ -52,6 +54,7 @@ RDEPEND="${PYTHON_DEPS} DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" +BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-oisf-20200807 )" PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 7f4e93388771731395d5848538531f6419f843f3 Author: Marek Szuba gentoo org> AuthorDate: Wed Jul 27 23:43:33 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Jul 27 23:43:33 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f4e9338 net-analyzer/suricata: filter out LTO flags Triggers type mismatches as demonstrated in the linked bug. Don't bother doing the same with suricata-5, it is mere days away from its end of life. Closes: https://bugs.gentoo.org/861242 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.6.ebuild | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.6.ebuild b/net-analyzer/suricata/suricata-6.0.6.ebuild index 1170a44de6b0..751a280a7b5d 100644 --- a/net-analyzer/suricata/suricata-6.0.6.ebuild +++ b/net-analyzer/suricata/suricata-6.0.6.ebuild @@ -6,7 +6,7 @@ EAPI=8 LUA_COMPAT=( lua5-1 luajit ) PYTHON_COMPAT=( python3_{8..10} ) -inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" HOMEPAGE="https://suricata.io/; @@ -80,6 +80,9 @@ src_prepare() { } src_configure() { + # Bug #861242 + filter-lto + local myeconfargs=( "--localstatedir=/var" \ "--runstatedir=/run" \
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 6174a0f40918932e75a92b8892e7f2884ad493b0 Author: Marek Szuba gentoo org> AuthorDate: Wed Jul 13 13:40:31 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Jul 13 15:55:24 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6174a0f4 net-analyzer/suricata: drop 5.0.8-r1, 6.0.4-r1 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 - net-analyzer/suricata/suricata-5.0.8-r1.ebuild | 207 net-analyzer/suricata/suricata-6.0.4-r1.ebuild | 211 - 3 files changed, 420 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 835e03888260..b2e75432ae3d 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,2 @@ -DIST suricata-5.0.8.tar.gz 29272209 BLAKE2B 5c13aea176b477c620d1ed294310ee84ec706abbc740a23d66722297c09b61f253bbe17700cd58f8ce439987c9b13f312aba37d911b6522e4848e7c1b0cd SHA512 a3b355f158f72ed7b43304069ed81b1ebcb331a9fc3e7cfd2e4d04e33369cec1f654f80a2d3df86af74b631235c49068ff992c8715fe868e5ae6b5aff5642891 DIST suricata-5.0.9.tar.gz 29365601 BLAKE2B 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6 SHA512 5097bb0d62df05343628579a880eb57182c36c757f707ecaa6c2a8f54e759d8e42357f55630f33bb84e8cd98b783745e1525bdf08ef370754860a3b6aecf2fa4 -DIST suricata-6.0.4.tar.gz 32498036 BLAKE2B 083c08ab0878352c425e18184c07866640e5cbe4838749eeb934857bfb486e4b78e7f9ac724289e8ea30b33fe637484cc6da7bc78231e5419b747e22e5a9b6dc SHA512 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0 DIST suricata-6.0.5.tar.gz 32605145 BLAKE2B 6fb85eee9a9e5d97eeed5b55f72230261a5cc9c28f0f6ea0cb39f795e1b0ea9655d7bcc3016812f42adc8a9a18e7234c371e05e907686c54214b29a506b38494 SHA512 8b15a8756846faed4120eef75641a6595d06ec9282a934f4d740bba6d01f08b4e876bf6c53559ab571aba5fab70dcc70d891c82978d6b60ab86ab0ae9660368e diff --git a/net-analyzer/suricata/suricata-5.0.8-r1.ebuild b/net-analyzer/suricata/suricata-5.0.8-r1.ebuild deleted file mode 100644 index d2ee545bc674.. --- a/net-analyzer/suricata/suricata-5.0.8-r1.ebuild +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{8..10} ) - -inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; - -LICENSE="GPL-2" -SLOT="0/5" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_USEDEP}] - ') - >=net-libs/libhtp-0.5.39 - net-libs/libpcap - sys-apps/file - sys-libs/libcap-ng - bpf?( >=dev-libs/libbpf-0.1.0 ) - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/libmaxminddb ) - hyperscan? ( dev-libs/hyperscan ) - lua?( ${LUA_DEPS} ) - lz4?( app-arch/lz4 ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue?( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis:= )" -DEPEND="${RDEPEND} - >=sys-devel/autoconf-2.69-r5 - virtual/rust" - -PATCHES=( - "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" - "${FILESDIR}/${PN}-5.0.1_default-config.patch" - "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" - "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" -) - -pkg_pretend() { - if use bpf && use kernel_linux; then - if kernel_is -lt 4 15; then - ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" - fi - - CONFIG_CHECK="~XDP_SOCKETS" - ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " - ERROR_XDP_SOCKETS+="Other eBPF features should work normally." - check_extra_config - fi -} - -src_prepare() { - default - sed -ie 's/docdir =.*/docdir =
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 26370f71e40abad8193f8447c471b5c2d93a6d29 Author: Marek Szuba gentoo org> AuthorDate: Wed Jul 13 13:57:13 2022 + Commit: Marek Szuba gentoo org> CommitDate: Wed Jul 13 15:55:26 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26370f71 net-analyzer/suricata: add 6.0.6 and 5.0.10, remove old Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 4 ++-- .../suricata/{suricata-5.0.9.ebuild => suricata-5.0.10.ebuild}| 4 .../suricata/{suricata-6.0.5.ebuild => suricata-6.0.6.ebuild} | 0 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index b2e75432ae3d..57121c96f9d8 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-5.0.9.tar.gz 29365601 BLAKE2B 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6 SHA512 5097bb0d62df05343628579a880eb57182c36c757f707ecaa6c2a8f54e759d8e42357f55630f33bb84e8cd98b783745e1525bdf08ef370754860a3b6aecf2fa4 -DIST suricata-6.0.5.tar.gz 32605145 BLAKE2B 6fb85eee9a9e5d97eeed5b55f72230261a5cc9c28f0f6ea0cb39f795e1b0ea9655d7bcc3016812f42adc8a9a18e7234c371e05e907686c54214b29a506b38494 SHA512 8b15a8756846faed4120eef75641a6595d06ec9282a934f4d740bba6d01f08b4e876bf6c53559ab571aba5fab70dcc70d891c82978d6b60ab86ab0ae9660368e +DIST suricata-5.0.10.tar.gz 29391642 BLAKE2B b5c83b9882e89894c3dedb7f536d584a20bbeab24236752e528171db6589a6308422c8b0be4f433fc63b8cfc227aa0b67935a4aece943b10f4577398ea9ed467 SHA512 c59719d42a236ac7421e0bcf6894f113c8f7518e2b5dde558cbe57c12b68b86ef700bae3f4047c6b2677a784061951fc9d058e9f59b11846279da06e9649ac56 +DIST suricata-6.0.6.tar.gz 32651139 BLAKE2B de0a73c618c1e2777019de6b29be5224db1885840cba8d05ad4a83fc082408e5d8b16d2c6055701f5d279852a99bea5dea01bed58ad0148afd76c1158e693f16 SHA512 184e5a2f3a68de33198f6f0e681710b3f04ed083081ef989dba77d1afb78922c5afdcdaa18ca92c6ed79b98134a3c42b13e1f3e91d20ea10ca74a692f93c5101 diff --git a/net-analyzer/suricata/suricata-5.0.9.ebuild b/net-analyzer/suricata/suricata-5.0.10.ebuild similarity index 97% rename from net-analyzer/suricata/suricata-5.0.9.ebuild rename to net-analyzer/suricata/suricata-5.0.10.ebuild index 585a9b6114bd..bcc45a9635c7 100644 --- a/net-analyzer/suricata/suricata-5.0.9.ebuild +++ b/net-analyzer/suricata/suricata-5.0.10.ebuild @@ -152,6 +152,10 @@ src_install() { pkg_postinst() { tmpfiles_process ${PN}.conf + ewarn + ewarn "The 5.0 branch of ${PN} will reach the end of life (EOL) on 2022-08-01, after which date upstream will no longer produce or release fixes for this branch." + ewarn + elog if use systemd; then elog "Suricata requires either the mode of operation (e.g. --af-packet) or the interface to listen on (e.g. -i eth0)" diff --git a/net-analyzer/suricata/suricata-6.0.5.ebuild b/net-analyzer/suricata/suricata-6.0.6.ebuild similarity index 100% rename from net-analyzer/suricata/suricata-6.0.5.ebuild rename to net-analyzer/suricata/suricata-6.0.6.ebuild
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 724b39f227f162ab77bd1f53aab0b1f306311bd6 Author: Marek Szuba gentoo org> AuthorDate: Mon Apr 25 22:33:37 2022 + Commit: Marek Szuba gentoo org> CommitDate: Mon Apr 25 22:57:12 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=724b39f2 net-analyzer/suricata: add 5.0.9 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/suricata-5.0.9.ebuild | 207 2 files changed, 208 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index f72537a77d01..a1800d4a5d4a 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,3 @@ DIST suricata-5.0.8.tar.gz 29272209 BLAKE2B 5c13aea176b477c620d1ed294310ee84ec706abbc740a23d66722297c09b61f253bbe17700cd58f8ce439987c9b13f312aba37d911b6522e4848e7c1b0cd SHA512 a3b355f158f72ed7b43304069ed81b1ebcb331a9fc3e7cfd2e4d04e33369cec1f654f80a2d3df86af74b631235c49068ff992c8715fe868e5ae6b5aff5642891 +DIST suricata-5.0.9.tar.gz 29365601 BLAKE2B 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6 SHA512 5097bb0d62df05343628579a880eb57182c36c757f707ecaa6c2a8f54e759d8e42357f55630f33bb84e8cd98b783745e1525bdf08ef370754860a3b6aecf2fa4 DIST suricata-6.0.4.tar.gz 32498036 BLAKE2B 083c08ab0878352c425e18184c07866640e5cbe4838749eeb934857bfb486e4b78e7f9ac724289e8ea30b33fe637484cc6da7bc78231e5419b747e22e5a9b6dc SHA512 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0 diff --git a/net-analyzer/suricata/suricata-5.0.9.ebuild b/net-analyzer/suricata/suricata-5.0.9.ebuild new file mode 100644 index ..585a9b6114bd --- /dev/null +++ b/net-analyzer/suricata/suricata-5.0.9.ebuild @@ -0,0 +1,207 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{8..10} ) + +inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0/5" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.40 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + hyperscan? ( dev-libs/hyperscan ) + lua?( ${LUA_DEPS} ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis:= )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.1_default-config.patch" + "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" + "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ + "--enable-gccmarch-native=no" \ + "--enable-python" \ + $(use_enable af-packet) \ + $(use_enable bpf ebpf) \ +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 80d4d1209925988ef4495aaea68516cf18f07b9d Author: Marek Szuba gentoo org> AuthorDate: Mon Apr 25 22:46:00 2022 + Commit: Marek Szuba gentoo org> CommitDate: Mon Apr 25 22:57:13 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80d4d120 net-analyzer/suricata: add 6.0.5 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/suricata-6.0.5.ebuild | 211 2 files changed, 212 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index a1800d4a5d4a..835e03888260 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,3 +1,4 @@ DIST suricata-5.0.8.tar.gz 29272209 BLAKE2B 5c13aea176b477c620d1ed294310ee84ec706abbc740a23d66722297c09b61f253bbe17700cd58f8ce439987c9b13f312aba37d911b6522e4848e7c1b0cd SHA512 a3b355f158f72ed7b43304069ed81b1ebcb331a9fc3e7cfd2e4d04e33369cec1f654f80a2d3df86af74b631235c49068ff992c8715fe868e5ae6b5aff5642891 DIST suricata-5.0.9.tar.gz 29365601 BLAKE2B 02ab99585233a47b1577e55060ba1141c339718e5bd39b6f4d38bb9384fd459aae353f313083048128507f9023a8bcfea3e5a5bcc9ea0c75cfc9c288ca9db6b6 SHA512 5097bb0d62df05343628579a880eb57182c36c757f707ecaa6c2a8f54e759d8e42357f55630f33bb84e8cd98b783745e1525bdf08ef370754860a3b6aecf2fa4 DIST suricata-6.0.4.tar.gz 32498036 BLAKE2B 083c08ab0878352c425e18184c07866640e5cbe4838749eeb934857bfb486e4b78e7f9ac724289e8ea30b33fe637484cc6da7bc78231e5419b747e22e5a9b6dc SHA512 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0 +DIST suricata-6.0.5.tar.gz 32605145 BLAKE2B 6fb85eee9a9e5d97eeed5b55f72230261a5cc9c28f0f6ea0cb39f795e1b0ea9655d7bcc3016812f42adc8a9a18e7234c371e05e907686c54214b29a506b38494 SHA512 8b15a8756846faed4120eef75641a6595d06ec9282a934f4d740bba6d01f08b4e876bf6c53559ab571aba5fab70dcc70d891c82978d6b60ab86ab0ae9660368e diff --git a/net-analyzer/suricata/suricata-6.0.5.ebuild b/net-analyzer/suricata/suricata-6.0.5.ebuild new file mode 100644 index ..1170a44de6b0 --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.5.ebuild @@ -0,0 +1,211 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{8..10} ) + +inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata.io/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0/6" +KEYWORDS="~amd64 ~riscv ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson:= + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.40 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb:= ) + hyperscan? ( dev-libs/hyperscan ) + lua?( ${LUA_DEPS} ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis:= )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" + "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" + "${FILESDIR}/${PN}-6.0.0_default-config.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die + eautoreconf +} + +src_configure() { + local
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 494e977970384142327ea2dfd7bd0b9bf79e2d23 Author: Sam James gentoo org> AuthorDate: Wed Mar 23 01:21:47 2022 + Commit: Sam James gentoo org> CommitDate: Wed Mar 23 01:21:47 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=494e9779 net-analyzer/suricata: add subslot dep on hiredis They break ABI liberally. Signed-off-by: Sam James gentoo.org> .../suricata/{suricata-5.0.8.ebuild => suricata-5.0.8-r1.ebuild}| 4 ++-- .../suricata/{suricata-6.0.4.ebuild => suricata-6.0.4-r1.ebuild}| 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.8.ebuild b/net-analyzer/suricata/suricata-5.0.8-r1.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-5.0.8.ebuild rename to net-analyzer/suricata/suricata-5.0.8-r1.ebuild index ed531092db95..d2ee545bc674 100644 --- a/net-analyzer/suricata/suricata-5.0.8.ebuild +++ b/net-analyzer/suricata/suricata-5.0.8-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -48,7 +48,7 @@ RDEPEND="${PYTHON_DEPS} lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) nfqueue?( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis )" + redis? ( dev-libs/hiredis:= )" DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" diff --git a/net-analyzer/suricata/suricata-6.0.4.ebuild b/net-analyzer/suricata/suricata-6.0.4-r1.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-6.0.4.ebuild rename to net-analyzer/suricata/suricata-6.0.4-r1.ebuild index 398159ce0adf..4404a037f1c3 100644 --- a/net-analyzer/suricata/suricata-6.0.4.ebuild +++ b/net-analyzer/suricata/suricata-6.0.4-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -42,13 +42,13 @@ RDEPEND="${PYTHON_DEPS} sys-libs/libcap-ng bpf?( >=dev-libs/libbpf-0.1.0 ) cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/libmaxminddb ) + geoip? ( dev-libs/libmaxminddb:= ) hyperscan? ( dev-libs/hyperscan ) lua?( ${LUA_DEPS} ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) nfqueue?( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis )" + redis? ( dev-libs/hiredis:= )" DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: b056aee1282fd05f028ff9133fdd2f80dd353d4f Author: Marek Szuba gentoo org> AuthorDate: Fri Nov 19 11:56:38 2021 + Commit: Marek Szuba gentoo org> CommitDate: Fri Nov 19 14:58:49 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b056aee1 net-analyzer/suricata: add 5.0.8, drop 5.0.7-r2 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 +- .../suricata/{suricata-5.0.7-r2.ebuild => suricata-5.0.8.ebuild}| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index b50527fd8c9f..f369f3fa3c53 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-5.0.7.tar.gz 29211384 BLAKE2B 939e672d9df61863c7adcc4bf52f5620e3760f0d6178362828474b1a72c4e3a69bf1ab52a3220c0069ae5a545c56307553c2796166af488a72a2568782a8 SHA512 dce3929c796e04778eb9437bd4c7203aa9dae56be0baa4b7d986d3eedff3bfc71aa2886ecdeed9d87ec3d88cd3060ff8ef01540d15eb857698a2c4696da5899c +DIST suricata-5.0.8.tar.gz 29272209 BLAKE2B 5c13aea176b477c620d1ed294310ee84ec706abbc740a23d66722297c09b61f253bbe17700cd58f8ce439987c9b13f312aba37d911b6522e4848e7c1b0cd SHA512 a3b355f158f72ed7b43304069ed81b1ebcb331a9fc3e7cfd2e4d04e33369cec1f654f80a2d3df86af74b631235c49068ff992c8715fe868e5ae6b5aff5642891 DIST suricata-6.0.3.tar.gz 32421197 BLAKE2B c1b339823f2caab73aeb82f96fb703834cd3ca9f0f60662cf340cbc36734aea47106d49869bd70cf3acb419e954ca37bcd22ad1b2d789597bf36f8fe7ceebe11 SHA512 186b871959988ca7cbd0d69e725aed18af915f93363c7ecc0ffa20d8ad8f50a326be08452d085772b1df84ef25258ef0dd6b35d41b0988cb1c653e60aeb103a2 diff --git a/net-analyzer/suricata/suricata-5.0.7-r2.ebuild b/net-analyzer/suricata/suricata-5.0.8.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-5.0.7-r2.ebuild rename to net-analyzer/suricata/suricata-5.0.8.ebuild index 8fb9132b46eb..ed531092db95 100644 --- a/net-analyzer/suricata/suricata-5.0.7-r2.ebuild +++ b/net-analyzer/suricata/suricata-5.0.8.ebuild @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.38 + >=net-libs/libhtp-0.5.39 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 499df2554ab088ec1b6cc98a74f1efeb2fa77248 Author: Marek Szuba gentoo org> AuthorDate: Fri Nov 19 11:59:49 2021 + Commit: Marek Szuba gentoo org> CommitDate: Fri Nov 19 14:58:50 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=499df255 net-analyzer/suricata: add 6.0.4, drop 6.0.3-r2 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 +- .../suricata/{suricata-6.0.3-r2.ebuild => suricata-6.0.4.ebuild}| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index f369f3fa3c53..f72537a77d01 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ DIST suricata-5.0.8.tar.gz 29272209 BLAKE2B 5c13aea176b477c620d1ed294310ee84ec706abbc740a23d66722297c09b61f253bbe17700cd58f8ce439987c9b13f312aba37d911b6522e4848e7c1b0cd SHA512 a3b355f158f72ed7b43304069ed81b1ebcb331a9fc3e7cfd2e4d04e33369cec1f654f80a2d3df86af74b631235c49068ff992c8715fe868e5ae6b5aff5642891 -DIST suricata-6.0.3.tar.gz 32421197 BLAKE2B c1b339823f2caab73aeb82f96fb703834cd3ca9f0f60662cf340cbc36734aea47106d49869bd70cf3acb419e954ca37bcd22ad1b2d789597bf36f8fe7ceebe11 SHA512 186b871959988ca7cbd0d69e725aed18af915f93363c7ecc0ffa20d8ad8f50a326be08452d085772b1df84ef25258ef0dd6b35d41b0988cb1c653e60aeb103a2 +DIST suricata-6.0.4.tar.gz 32498036 BLAKE2B 083c08ab0878352c425e18184c07866640e5cbe4838749eeb934857bfb486e4b78e7f9ac724289e8ea30b33fe637484cc6da7bc78231e5419b747e22e5a9b6dc SHA512 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0 diff --git a/net-analyzer/suricata/suricata-6.0.3-r2.ebuild b/net-analyzer/suricata/suricata-6.0.4.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-6.0.3-r2.ebuild rename to net-analyzer/suricata/suricata-6.0.4.ebuild index d8e374f6afc6..398159ce0adf 100644 --- a/net-analyzer/suricata/suricata-6.0.3-r2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.4.ebuild @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.38 + >=net-libs/libhtp-0.5.39 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 6f982349b5961e2e0b4ca96d4db20e92645a62a6 Author: Sam James gentoo org> AuthorDate: Sat Sep 25 19:03:22 2021 + Commit: Sam James gentoo org> CommitDate: Sat Sep 25 19:08:11 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f982349 net-analyzer/suricata: add libjansson subslot dep Earlier versions of libjansson lacked symbol versioning, causing crashes. Bug: https://bugs.gentoo.org/812119 Signed-off-by: Sam James gentoo.org> .../suricata/{suricata-5.0.7-r1.ebuild => suricata-5.0.7-r2.ebuild} | 2 +- .../suricata/{suricata-6.0.3-r1.ebuild => suricata-6.0.3-r2.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild b/net-analyzer/suricata/suricata-5.0.7-r2.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-5.0.7-r1.ebuild rename to net-analyzer/suricata/suricata-5.0.7-r2.ebuild index 58594b6169a..8fb9132b46e 100644 --- a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.7-r2.ebuild @@ -26,7 +26,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} RDEPEND="${PYTHON_DEPS} acct-group/suricata acct-user/suricata - dev-libs/jansson + dev-libs/jansson:= dev-libs/libpcre dev-libs/libyaml net-libs/libnet:* diff --git a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild b/net-analyzer/suricata/suricata-6.0.3-r2.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-6.0.3-r1.ebuild rename to net-analyzer/suricata/suricata-6.0.3-r2.ebuild index 29b2cdff3c0..d8e374f6afc 100644 --- a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3-r2.ebuild @@ -26,7 +26,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} RDEPEND="${PYTHON_DEPS} acct-group/suricata acct-user/suricata - dev-libs/jansson + dev-libs/jansson:= dev-libs/libpcre dev-libs/libyaml net-libs/libnet:*
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: 006177dd01fe7fa3b6dbe378189b0cba1e9e69ee Author: Marek Szuba gentoo org> AuthorDate: Fri Sep 3 12:28:57 2021 + Commit: Marek Szuba gentoo org> CommitDate: Fri Sep 3 12:28:57 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=006177dd net-analyzer/suricata: get rid of dev-libs/hyperscan automagic Signed-off-by: Marek Szuba gentoo.org> ...ta-5.0.7_configure-no-hyperscan-automagic.patch | 24 ++ net-analyzer/suricata/suricata-5.0.7-r1.ebuild | 3 ++- net-analyzer/suricata/suricata-6.0.3-r1.ebuild | 3 ++- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch new file mode 100644 index 000..69a857408ee --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch @@ -0,0 +1,24 @@ +--- a/configure.ac b/configure.ac +@@ -729,8 +729,11 @@ + fi + + # libhs +-enable_hyperscan="no" +- ++AC_ARG_ENABLE(hyperscan, ++ AS_HELP_STRING([--enable-hyperscan], [Enable high-performance regex matching with hyperscan]), ++ [enable_hyperscan=$enableval], ++ [enable_hyperscan=no]) ++if test "x$enable_hyperscan" != "xno"; then + # Try pkg-config first: + PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no]) + if test "$with_pkgconfig_libhs" != "no"; then +@@ -765,6 +768,7 @@ + enable_hyperscan="no" + fi + fi ++fi + AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])]) + + # libyaml diff --git a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild index 8d11af4dcc5..58594b6169a 100644 --- a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild @@ -53,11 +53,11 @@ DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" -# TODO: get rid of hyperscan automagic as well PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" "${FILESDIR}/${PN}-5.0.1_default-config.patch" "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" + "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" ) pkg_pretend() { @@ -94,6 +94,7 @@ src_configure() { $(use_enable geoip) \ $(use_enable hardened gccprotect) \ $(use_enable hardened pie) \ + $(use_enable hyperscan) \ $(use_enable lz4) \ $(use_enable nflog) \ $(use_enable nfqueue) \ diff --git a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild index 64dd427cc0d..29b2cdff3c0 100644 --- a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild @@ -53,10 +53,10 @@ DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" -# TODO: get rid of hyperscan automagic as well PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" + "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch" "${FILESDIR}/${PN}-6.0.0_default-config.patch" ) @@ -94,6 +94,7 @@ src_configure() { $(use_enable geoip) \ $(use_enable hardened gccprotect) \ $(use_enable hardened pie) \ + $(use_enable hyperscan) \ $(use_enable lz4) \ $(use_enable nflog) \ $(use_enable nfqueue) \
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: a8a3cbd2d2b367b5cae15ce5545c1041b7e7a6c9 Author: Marek Szuba gentoo org> AuthorDate: Fri Sep 3 12:13:38 2021 + Commit: Marek Szuba gentoo org> CommitDate: Fri Sep 3 12:15:30 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8a3cbd2 net-analyzer/suricata: add TODO note about hyperscan automagic Even with USE=-hyperscan, if dev-libs/hyperscan is present at configure time it is pulled in. Same deal as with lz4 earlier. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.7-r1.ebuild | 1 + net-analyzer/suricata/suricata-6.0.3-r1.ebuild | 1 + 2 files changed, 2 insertions(+) diff --git a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild index eed3b8e26ae..8d11af4dcc5 100644 --- a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild @@ -53,6 +53,7 @@ DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" +# TODO: get rid of hyperscan automagic as well PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" "${FILESDIR}/${PN}-5.0.1_default-config.patch" diff --git a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild index fae8b5b7a3f..64dd427cc0d 100644 --- a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild @@ -53,6 +53,7 @@ DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" +# TODO: get rid of hyperscan automagic as well PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 0c78c2e5256c800d5e1538aec8891dfdbcb31b7f Author: Jonathan Davies protonmail com> AuthorDate: Fri Sep 3 00:00:02 2021 + Commit: Marek Szuba gentoo org> CommitDate: Fri Sep 3 12:15:28 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c78c2e5 net-analyzer/suricata: Add hyperscan USE flag. Signed-off-by: Jonathan Davies protonmail.com> Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/metadata.xml | 1 + .../suricata/{suricata-5.0.7.ebuild => suricata-5.0.7-r1.ebuild} | 3 ++- .../suricata/{suricata-6.0.3.ebuild => suricata-6.0.3-r1.ebuild} | 3 ++- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index 87689ee5189..36501eaa4f5 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -12,6 +12,7 @@ Enable unix socket Enable NVIDIA Cuda computations support Enable detection modules +Enable high-performance regex matching with Hyperscan Enable support for compressed pcap logging using the LZ4 algorithm Enable libnetfilter_log support Enable NFQUEUE support for inline IDP diff --git a/net-analyzer/suricata/suricata-5.0.7.ebuild b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-5.0.7.ebuild rename to net-analyzer/suricata/suricata-5.0.7-r1.ebuild index b2e2f7e436d..eed3b8e26ae 100644 --- a/net-analyzer/suricata/suricata-5.0.7.ebuild +++ b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0/5" KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened lua lz4 nflog +nfqueue redis systemd test" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" RESTRICT="!test? ( test )" @@ -43,6 +43,7 @@ RDEPEND="${PYTHON_DEPS} bpf?( >=dev-libs/libbpf-0.1.0 ) cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) + hyperscan? ( dev-libs/hyperscan ) lua?( ${LUA_DEPS} ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) diff --git a/net-analyzer/suricata/suricata-6.0.3.ebuild b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-6.0.3.ebuild rename to net-analyzer/suricata/suricata-6.0.3-r1.ebuild index 7e48fc1c6d5..fae8b5b7a3f 100644 --- a/net-analyzer/suricata/suricata-6.0.3.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0/6" KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened lua lz4 nflog +nfqueue redis systemd test" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" RESTRICT="!test? ( test )" @@ -43,6 +43,7 @@ RDEPEND="${PYTHON_DEPS} bpf?( >=dev-libs/libbpf-0.1.0 ) cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) + hyperscan? ( dev-libs/hyperscan ) lua?( ${LUA_DEPS} ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log )
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 3534f1f4d94222a87764e9da0dfeecd7af1ebc02 Author: Marek Szuba gentoo org> AuthorDate: Mon Aug 23 21:28:43 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon Aug 23 21:29:09 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3534f1f4 net-analyzer/suricata: keyword 6.0.3 for ~riscv Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.3.ebuild b/net-analyzer/suricata/suricata-6.0.3.ebuild index 6b5b71ffe43..7e48fc1c6d5 100644 --- a/net-analyzer/suricata/suricata-6.0.3.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3.ebuild @@ -14,7 +14,7 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0/6" -KEYWORDS="~amd64 ~x86" +KEYWORDS="~amd64 ~riscv ~x86" IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened lua lz4 nflog +nfqueue redis systemd test" RESTRICT="!test? ( test )"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 54b4acb81dc95c75a9ed8c521dfed50bd9cefa12 Author: Marek Szuba gentoo org> AuthorDate: Sun Jul 25 20:54:56 2021 + Commit: Marek Szuba gentoo org> CommitDate: Sun Jul 25 20:58:41 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54b4acb8 net-analyzer/suricata: install logrotate files unconditionally No revbump in order to avoid forcing everyone to reinstall. Suggested-by: Sam James gentoo.org> Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/metadata.xml | 1 - net-analyzer/suricata/suricata-5.0.7.ebuild | 11 --- net-analyzer/suricata/suricata-6.0.3.ebuild | 11 --- 3 files changed, 8 insertions(+), 15 deletions(-) diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index 457a2fbd2e8..87689ee5189 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -12,7 +12,6 @@ Enable unix socket Enable NVIDIA Cuda computations support Enable detection modules -Install logrotate rule Enable support for compressed pcap logging using the LZ4 algorithm Enable libnetfilter_log support Enable NFQUEUE support for inline IDP diff --git a/net-analyzer/suricata/suricata-5.0.7.ebuild b/net-analyzer/suricata/suricata-5.0.7.ebuild index d8e5826ae3a..50b8ba84db3 100644 --- a/net-analyzer/suricata/suricata-5.0.7.ebuild +++ b/net-analyzer/suricata/suricata-5.0.7.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0/5" KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened lua lz4 nflog +nfqueue redis systemd test" RESTRICT="!test? ( test )" @@ -43,7 +43,6 @@ RDEPEND="${PYTHON_DEPS} bpf?( >=dev-libs/libbpf-0.1.0 ) cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) - logrotate? ( app-admin/logrotate ) lua?( ${LUA_DEPS} ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) @@ -142,11 +141,9 @@ src_install() { systemd_dounit "${FILESDIR}"/${PN}.service newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf - if use logrotate; then - insopts -m0644 - insinto /etc/logrotate.d - newins etc/${PN}.logrotate ${PN} - fi + insopts -m0644 + insinto /etc/logrotate.d + newins etc/${PN}.logrotate ${PN} } pkg_postinst() { diff --git a/net-analyzer/suricata/suricata-6.0.3.ebuild b/net-analyzer/suricata/suricata-6.0.3.ebuild index da57e2c8b34..c6dfbc4f14b 100644 --- a/net-analyzer/suricata/suricata-6.0.3.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0/6" KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened lua lz4 nflog +nfqueue redis systemd test" RESTRICT="!test? ( test )" @@ -43,7 +43,6 @@ RDEPEND="${PYTHON_DEPS} bpf?( >=dev-libs/libbpf-0.1.0 ) cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) - logrotate? ( app-admin/logrotate ) lua?( ${LUA_DEPS} ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) @@ -142,11 +141,9 @@ src_install() { systemd_dounit "${FILESDIR}"/${PN}.service newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf - if use logrotate; then - insopts -m0644 - insinto /etc/logrotate.d - newins etc/${PN}.logrotate ${PN} - fi + insopts -m0644 + insinto /etc/logrotate.d + newins etc/${PN}.logrotate ${PN} } pkg_postinst() {
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 8d163145761f32befd627eb7dbeafa75fe577be7 Author: Marek Szuba gentoo org> AuthorDate: Thu Jul 1 09:41:25 2021 + Commit: Marek Szuba gentoo org> CommitDate: Thu Jul 1 09:41:25 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d163145 net-analyzer/suricata: add 5.0.7, drop 5.0.6 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 2 +- .../suricata/{suricata-5.0.6.ebuild => suricata-5.0.7.ebuild} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 24be5f65d70..80b973ee171 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-5.0.6.tar.gz 29136659 BLAKE2B 97d95cadd54d44bd82424322c08ad04be2122cdae5763995f7aefe4a75872091dd7d289e89e47a5ad9fbce570964f11331d848db7fe7ec4c2be9a0f8b62fadff SHA512 73580721683f929a90b6b59673842c051fe44ee7b8d8d890106aad09952d5b8a8f3716f168c41b33feb5c32e0106f5926125313cc11b27bc5a9c65e90b21888f +DIST suricata-5.0.7.tar.gz 29211384 BLAKE2B 939e672d9df61863c7adcc4bf52f5620e3760f0d6178362828474b1a72c4e3a69bf1ab52a3220c0069ae5a545c56307553c2796166af488a72a2568782a8 SHA512 dce3929c796e04778eb9437bd4c7203aa9dae56be0baa4b7d986d3eedff3bfc71aa2886ecdeed9d87ec3d88cd3060ff8ef01540d15eb857698a2c4696da5899c DIST suricata-6.0.2.tar.gz 30514801 BLAKE2B 20604fa3332a9d99a1a30db55a0ccd689af0e08e686cd6739d6c4390456acc28d34702704f7e25537463b0c23600d123de361a227f9ef2420ee5c2b11df2866a SHA512 230a74a5442cfa066c56528036b64c173702238c5075161119eaad08d320e528d3510c51095297f120030177fed9c84076d00f567f7a3a4cbdb23d382966cf00 diff --git a/net-analyzer/suricata/suricata-5.0.6.ebuild b/net-analyzer/suricata/suricata-5.0.7.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-5.0.6.ebuild rename to net-analyzer/suricata/suricata-5.0.7.ebuild index a48eacb1a1e..d8e5826ae3a 100644 --- a/net-analyzer/suricata/suricata-5.0.6.ebuild +++ b/net-analyzer/suricata/suricata-5.0.7.ebuild @@ -4,7 +4,7 @@ EAPI=7 LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{7..10} ) +PYTHON_COMPAT=( python3_{8..10} ) inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.37 + >=net-libs/libhtp-0.5.38 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 506079cafa0b3a1417ba678192df931c24d98c41 Author: Marek Szuba gentoo org> AuthorDate: Thu Jul 1 09:46:04 2021 + Commit: Marek Szuba gentoo org> CommitDate: Thu Jul 1 09:46:11 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=506079ca net-analyzer/suricata: add 6.0.3, drop 6.0.2 Now with rust-1.53 compatibility and without CVE-2021-35063. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 +- .../{suricata-6.0.2.ebuild => suricata-6.0.3.ebuild} | 18 +++--- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 80b973ee171..b50527fd8c9 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ DIST suricata-5.0.7.tar.gz 29211384 BLAKE2B 939e672d9df61863c7adcc4bf52f5620e3760f0d6178362828474b1a72c4e3a69bf1ab52a3220c0069ae5a545c56307553c2796166af488a72a2568782a8 SHA512 dce3929c796e04778eb9437bd4c7203aa9dae56be0baa4b7d986d3eedff3bfc71aa2886ecdeed9d87ec3d88cd3060ff8ef01540d15eb857698a2c4696da5899c -DIST suricata-6.0.2.tar.gz 30514801 BLAKE2B 20604fa3332a9d99a1a30db55a0ccd689af0e08e686cd6739d6c4390456acc28d34702704f7e25537463b0c23600d123de361a227f9ef2420ee5c2b11df2866a SHA512 230a74a5442cfa066c56528036b64c173702238c5075161119eaad08d320e528d3510c51095297f120030177fed9c84076d00f567f7a3a4cbdb23d382966cf00 +DIST suricata-6.0.3.tar.gz 32421197 BLAKE2B c1b339823f2caab73aeb82f96fb703834cd3ca9f0f60662cf340cbc36734aea47106d49869bd70cf3acb419e954ca37bcd22ad1b2d789597bf36f8fe7ceebe11 SHA512 186b871959988ca7cbd0d69e725aed18af915f93363c7ecc0ffa20d8ad8f50a326be08452d085772b1df84ef25258ef0dd6b35d41b0988cb1c653e60aeb103a2 diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.3.ebuild similarity index 88% rename from net-analyzer/suricata/suricata-6.0.2.ebuild rename to net-analyzer/suricata/suricata-6.0.3.ebuild index 5a9b9a7ab1a..da57e2c8b34 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.3.ebuild @@ -4,7 +4,7 @@ EAPI=7 LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{7..10} ) +PYTHON_COMPAT=( python3_{8..10} ) inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.37 + >=net-libs/libhtp-0.5.38 net-libs/libpcap sys-apps/file sys-libs/libcap-ng @@ -51,7 +51,7 @@ RDEPEND="${PYTHON_DEPS} redis? ( dev-libs/hiredis )" DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 - /dev/null | grep -F -- 'release:' | awk '{ print $2 }') - [[ -z ${version_rust} ]] && die "Failed to read version from rustc!" - if ver_test "${version_rust}" -ge "1.53.0"; then - eerror "This version of ${PN} does not support Rust 1.53.0+. Please switch to an older version using" - eerror "eselect rust" - eerror "before emerging ${PN}." - die "Unsupported version of Rust selected" - fi - if use bpf && use kernel_linux; then if kernel_is -lt 4 15; then ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 7a2e9ee518178d40409d8d27384ac0c84b2b3ae9 Author: Marek Szuba gentoo org> AuthorDate: Mon Jun 21 15:59:50 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jun 21 16:03:38 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a2e9ee5 net-analyzer/suricata: limit version of currently selected rust While simply limiting the version of virtual/rust in dependencies is likely enough for most users at present, if someone has got both rust and rust-bin emerged the virtual will only affect the version of one of them - and it is possible that the version currently set as active by "eselect rust" is not a supported one. Closes: https://bugs.gentoo.org/797370 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.2.ebuild | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild index 739d881823d..5a9b9a7ab1a 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -51,7 +51,7 @@ RDEPEND="${PYTHON_DEPS} redis? ( dev-libs/hiredis )" DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 - /dev/null | grep -F -- 'release:' | awk '{ print $2 }') + [[ -z ${version_rust} ]] && die "Failed to read version from rustc!" + if ver_test "${version_rust}" -ge "1.53.0"; then + eerror "This version of ${PN} does not support Rust 1.53.0+. Please switch to an older version using" + eerror "eselect rust" + eerror "before emerging ${PN}." + die "Unsupported version of Rust selected" + fi + if use bpf && use kernel_linux; then if kernel_is -lt 4 15; then ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 0ba3e306a8c728ad5eaf3e2577859e57820bd28e Author: Marek Szuba gentoo org> AuthorDate: Mon Jun 21 14:41:53 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jun 21 14:54:16 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba3e306 net-analyzer/suricata-6.0.2: restrict Rust version The bundled lexical-core-0.6.7 is not compatible with rust-1.53 due to stabilisation of ::BITS, see https://github.com/rust-lang/rust/issues/81654 . Already fixed by lexical-core upstream (in version 0.7.5) but I haven't had much luck backporting this to 0.6.7. Suricata-5 is not affected because it doesn't use this Rust module. Closes: https://bugs.gentoo.org/797370 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild index ac72587b971..0ffe354ceb0 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -51,7 +51,7 @@ RDEPEND="${PYTHON_DEPS} redis? ( dev-libs/hiredis )" DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 - virtual/rust" +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 7eabf62a749bd0028ddeb4774030d5c738025f50 Author: Marek Szuba gentoo org> AuthorDate: Mon Jun 21 14:53:48 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jun 21 14:54:20 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7eabf62a net-analyzer/suricata: update HOMEPAGE Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.6.ebuild | 2 +- net-analyzer/suricata/suricata-6.0.2.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.6.ebuild b/net-analyzer/suricata/suricata-5.0.6.ebuild index ac0387dc315..a48eacb1a1e 100644 --- a/net-analyzer/suricata/suricata-5.0.6.ebuild +++ b/net-analyzer/suricata/suricata-5.0.6.ebuild @@ -9,7 +9,7 @@ PYTHON_COMPAT=( python3_{7..10} ) inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/; +HOMEPAGE="https://suricata.io/; SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild index 0ffe354ceb0..739d881823d 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -9,7 +9,7 @@ PYTHON_COMPAT=( python3_{7..10} ) inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/; +HOMEPAGE="https://suricata.io/; SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 1c381489bdc4603c9447884f1b5748994792b2b9 Author: Marek Szuba gentoo org> AuthorDate: Mon May 17 16:12:56 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon May 17 16:15:16 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c381489 net-analyzer/suricata: support python3_10 Build, test and install fine, Python tools such as suricatactl or suricata-update appear to function properly too. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.6.ebuild | 2 +- net-analyzer/suricata/suricata-6.0.2.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.6.ebuild b/net-analyzer/suricata/suricata-5.0.6.ebuild index defd0c6f7f8..ac0387dc315 100644 --- a/net-analyzer/suricata/suricata-5.0.6.ebuild +++ b/net-analyzer/suricata/suricata-5.0.6.ebuild @@ -4,7 +4,7 @@ EAPI=7 LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{7..9} ) +PYTHON_COMPAT=( python3_{7..10} ) inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild index 061242b9a52..ac72587b971 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -4,7 +4,7 @@ EAPI=7 LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{7..9} ) +PYTHON_COMPAT=( python3_{7..10} ) inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: b4dd6303339ca68635747819b7fb67fb34390c61 Author: Marek Szuba gentoo org> AuthorDate: Tue May 11 22:00:57 2021 + Commit: Marek Szuba gentoo org> CommitDate: Tue May 11 22:07:18 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4dd6303 net-analyzer/suricata: leave sphinx-build and pdflatex alone Upstream build scripts look for the two and if they are present, attempt to generate documentation. Automagic aside, this presently only works with Sphinx versions older than 4.0.0 - and in any case release tarballs include both PDF guides and man pages. Closes: https://bugs.gentoo.org/789528 Signed-off-by: Marek Szuba gentoo.org> 6_configure-no-sphinx-pdflatex-automagic.patch | 26 ++ net-analyzer/suricata/suricata-5.0.6.ebuild| 1 + net-analyzer/suricata/suricata-6.0.2.ebuild| 1 + 3 files changed, 28 insertions(+) diff --git a/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch new file mode 100644 index 000..be5805e67f8 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch @@ -0,0 +1,26 @@ +No configure options to disable looking for these, redundant for releases +because the tarballs already contain both PDF documentation and man pages, +and as of 2021-05-11 doc generation is not compatible with sphinx-4.0.0+ +due to conf.py calling long-deprecated app.add_stylesheet() rather +than app.add_css_file(). + +--- a/configure.ac b/configure.ac +@@ -2423,7 +2423,7 @@ + fi + + # sphinx for documentation +-AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no") ++HAVE_SPHINXBUILD="no" + if test "$HAVE_SPHINXBUILD" = "no"; then +enable_sphinxbuild=no +if test -e "$srcdir/doc/userguide/suricata.1"; then +@@ -2434,7 +2434,7 @@ + AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"]) + + # pdflatex for the pdf version of the user manual +-AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no") ++HAVE_PDFLATEX="no" + if test "$HAVE_PDFLATEX" = "no"; then +enable_pdflatex=no + fi diff --git a/net-analyzer/suricata/suricata-5.0.6.ebuild b/net-analyzer/suricata/suricata-5.0.6.ebuild index 46d1458df40..defd0c6f7f8 100644 --- a/net-analyzer/suricata/suricata-5.0.6.ebuild +++ b/net-analyzer/suricata/suricata-5.0.6.ebuild @@ -56,6 +56,7 @@ DEPEND="${RDEPEND} PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" "${FILESDIR}/${PN}-5.0.1_default-config.patch" + "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" ) pkg_pretend() { diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild index 7171dc94415..061242b9a52 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -55,6 +55,7 @@ DEPEND="${RDEPEND} PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch" "${FILESDIR}/${PN}-6.0.0_default-config.patch" )
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 3859b4a949038ff5d333dc68b1d2c49b11cefffe Author: Sam James gentoo org> AuthorDate: Sat Apr 3 19:20:03 2021 + Commit: Sam James gentoo org> CommitDate: Sat Apr 3 19:52:57 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3859b4a9 net-analyzer/suricata: flag-o-matic--, missing die Signed-off-by: Sam James gentoo.org> net-analyzer/suricata/suricata-5.0.6.ebuild | 4 ++-- net-analyzer/suricata/suricata-6.0.2.ebuild | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.6.ebuild b/net-analyzer/suricata/suricata-5.0.6.ebuild index b3efab9fb84..46d1458df40 100644 --- a/net-analyzer/suricata/suricata-5.0.6.ebuild +++ b/net-analyzer/suricata/suricata-5.0.6.ebuild @@ -6,7 +6,7 @@ EAPI=7 LUA_COMPAT=( lua5-1 luajit ) PYTHON_COMPAT=( python3_{7..9} ) -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles +inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" HOMEPAGE="https://suricata-ids.org/; @@ -121,7 +121,7 @@ src_install() { python_optimize if use bpf; then - rm -f ebpf/Makefile.{am,in} + rm -f ebpf/Makefile.{am,in} || die dodoc -r ebpf/ keepdir /usr/libexec/suricata/ebpf fi diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild index 18b52aaae03..7171dc94415 100644 --- a/net-analyzer/suricata/suricata-6.0.2.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -6,7 +6,7 @@ EAPI=7 LUA_COMPAT=( lua5-1 luajit ) PYTHON_COMPAT=( python3_{7..9} ) -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles +inherit autotools linux-info lua-single python-single-r1 systemd tmpfiles DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" HOMEPAGE="https://suricata-ids.org/; @@ -121,7 +121,7 @@ src_install() { python_optimize if use bpf; then - rm -f ebpf/Makefile.{am,in} + rm -f ebpf/Makefile.{am,in} || die dodoc -r ebpf/ keepdir /usr/libexec/suricata/ebpf fi
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 42768b1b5f4c1873cf7c13af37d4cf79dbc2ff7a Author: Marek Szuba gentoo org> AuthorDate: Thu Mar 4 14:12:03 2021 + Commit: Marek Szuba gentoo org> CommitDate: Thu Mar 4 14:47:15 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42768b1b net-analyzer/suricata: bump v6 to 6.0.2 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 +- .../suricata/{suricata-6.0.1-r100.ebuild => suricata-6.0.2.ebuild} | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 9cc78dd7d9a..24be5f65d70 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ DIST suricata-5.0.6.tar.gz 29136659 BLAKE2B 97d95cadd54d44bd82424322c08ad04be2122cdae5763995f7aefe4a75872091dd7d289e89e47a5ad9fbce570964f11331d848db7fe7ec4c2be9a0f8b62fadff SHA512 73580721683f929a90b6b59673842c051fe44ee7b8d8d890106aad09952d5b8a8f3716f168c41b33feb5c32e0106f5926125313cc11b27bc5a9c65e90b21888f -DIST suricata-6.0.1.tar.gz 30460439 BLAKE2B 55a24fa2f653a0a80f51e1ab102bb7046bd1f67d60c64c139b485086f4d8e0f5db58906bc33a7b5bdb76ba37b8206ded99b08034c4c292cf16d595bcafc7acc0 SHA512 be57150afc238b6627731e4463297e67469b66241779f5af3d1bd93bfad4fde41a5371298b54a06c7c3ea324e5642753ca57900173989ac738d663a85e9c33f4 +DIST suricata-6.0.2.tar.gz 30514801 BLAKE2B 20604fa3332a9d99a1a30db55a0ccd689af0e08e686cd6739d6c4390456acc28d34702704f7e25537463b0c23600d123de361a227f9ef2420ee5c2b11df2866a SHA512 230a74a5442cfa066c56528036b64c173702238c5075161119eaad08d320e528d3510c51095297f120030177fed9c84076d00f567f7a3a4cbdb23d382966cf00 diff --git a/net-analyzer/suricata/suricata-6.0.1-r100.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-6.0.1-r100.ebuild rename to net-analyzer/suricata/suricata-6.0.2.ebuild index 64ce2211725..028ea37b43e 100644 --- a/net-analyzer/suricata/suricata-6.0.1-r100.ebuild +++ b/net-analyzer/suricata/suricata-6.0.2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -13,7 +13,7 @@ HOMEPAGE="https://suricata-ids.org/; SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" -SLOT="0" +SLOT="0/6" KEYWORDS="~amd64 ~x86" IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.36 + >=net-libs/libhtp-0.5.37 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 234bc1ebf74a9163253407cbfa4a89c9e8807efb Author: Marek Szuba gentoo org> AuthorDate: Thu Mar 4 14:10:58 2021 + Commit: Marek Szuba gentoo org> CommitDate: Thu Mar 4 14:47:11 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=234bc1eb net-analyzer/suricata: bump v5 to 5.0.6 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 2 +- .../suricata/{suricata-5.0.5-r1.ebuild => suricata-5.0.6.ebuild} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 5a442b0ea2e..9cc78dd7d9a 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,2 @@ -DIST suricata-5.0.5.tar.gz 29094537 BLAKE2B c2a5897836117abe9ca39b3a03de36c4d5667d3e64dc1befd77a7b777e4191439a497e3042e6d00b80ae31c8c4f18347cb2e6833e8db5f64b31c8ab1cf557ac5 SHA512 5f26731e0a0134fdecc8e76a68a69584bacb614ba4fd56b74f27abe62ab7d80135908eeaae38c9a03101f069d83597b3c7c69000bdd2a2e6bfe87f7a98de4e16 +DIST suricata-5.0.6.tar.gz 29136659 BLAKE2B 97d95cadd54d44bd82424322c08ad04be2122cdae5763995f7aefe4a75872091dd7d289e89e47a5ad9fbce570964f11331d848db7fe7ec4c2be9a0f8b62fadff SHA512 73580721683f929a90b6b59673842c051fe44ee7b8d8d890106aad09952d5b8a8f3716f168c41b33feb5c32e0106f5926125313cc11b27bc5a9c65e90b21888f DIST suricata-6.0.1.tar.gz 30460439 BLAKE2B 55a24fa2f653a0a80f51e1ab102bb7046bd1f67d60c64c139b485086f4d8e0f5db58906bc33a7b5bdb76ba37b8206ded99b08034c4c292cf16d595bcafc7acc0 SHA512 be57150afc238b6627731e4463297e67469b66241779f5af3d1bd93bfad4fde41a5371298b54a06c7c3ea324e5642753ca57900173989ac738d663a85e9c33f4 diff --git a/net-analyzer/suricata/suricata-5.0.5-r1.ebuild b/net-analyzer/suricata/suricata-5.0.6.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-5.0.5-r1.ebuild rename to net-analyzer/suricata/suricata-5.0.6.ebuild index a87e7c8fa16..ef4c372ec11 100644 --- a/net-analyzer/suricata/suricata-5.0.5-r1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.6.ebuild @@ -13,7 +13,7 @@ HOMEPAGE="https://suricata-ids.org/; SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" -SLOT="0" +SLOT="0/5" KEYWORDS="~amd64 ~x86" IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.36 + >=net-libs/libhtp-0.5.37 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: f77e3d5c7199873514045c900961f6f24e747283 Author: Marek Szuba gentoo org> AuthorDate: Mon Jan 25 14:20:10 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jan 25 17:37:26 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f77e3d5c net-analyzer/suricata: migrate v5 to lua-single.eclass as well Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.5-r1.ebuild | 204 + 1 file changed, 204 insertions(+) diff --git a/net-analyzer/suricata/suricata-5.0.5-r1.ebuild b/net-analyzer/suricata/suricata-5.0.5-r1.ebuild new file mode 100644 index 000..9fd6cb85894 --- /dev/null +++ b/net-analyzer/suricata/suricata-5.0.5-r1.ebuild @@ -0,0 +1,204 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{6..9} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.36 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua?( ${LUA_DEPS} ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.1_default-config.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ + "--enable-gccmarch-native=no" \ + "--enable-python" \ + $(use_enable af-packet) \ + $(use_enable bpf ebpf) \ + $(use_enable control-socket unix-socket) \ + $(use_enable cuda) \ + $(use_enable detection) \ + $(use_enable geoip) \ + $(use_enable hardened gccprotect) \ + $(use_enable hardened pie) \ + $(use_enable lz4) \ + $(use_enable nflog) \ + $(use_enable nfqueue) \ + $(use_enable redis hiredis) \ + $(use_enable test unittests) \ + "--disable-coccinelle" + ) + if use lua; then + if use lua_single_target_luajit; then + myeconfargs+=( --enable-luajit ) + else + myeconfargs+=( --enable-lua ) + fi + fi + + if use debug; then + myeconfargs+=( $(use_enable debug) ) + # so we can get a backtrace according to "reporting bugs" on upstream web site + CFLAGS="-ggdb -O0" econf ${myeconfargs[@]} + else + econf ${myeconfargs[@]} + fi +} + +src_install() { + emake DESTDIR="${D}" install + python_optimize + + if use bpf; then + rm -f ebpf/Makefile.{am,in} + dodoc -r ebpf/ + keepdir /usr/libexec/suricata/ebpf + fi + +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: b094a228961abc4f94be9b1bb783753fa779d947 Author: Marek Szuba gentoo org> AuthorDate: Mon Jan 25 14:19:54 2021 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jan 25 17:37:29 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b094a228 net-analyzer/suricata: remove old Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 - net-analyzer/suricata/suricata-5.0.4.ebuild | 197 --- net-analyzer/suricata/suricata-5.0.5.ebuild | 197 --- net-analyzer/suricata/suricata-6.0.0.ebuild | 203 net-analyzer/suricata/suricata-6.0.1.ebuild | 203 5 files changed, 802 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 4393b479fd5..5a442b0ea2e 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,2 @@ -DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b SHA512 e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6 DIST suricata-5.0.5.tar.gz 29094537 BLAKE2B c2a5897836117abe9ca39b3a03de36c4d5667d3e64dc1befd77a7b777e4191439a497e3042e6d00b80ae31c8c4f18347cb2e6833e8db5f64b31c8ab1cf557ac5 SHA512 5f26731e0a0134fdecc8e76a68a69584bacb614ba4fd56b74f27abe62ab7d80135908eeaae38c9a03101f069d83597b3c7c69000bdd2a2e6bfe87f7a98de4e16 -DIST suricata-6.0.0.tar.gz 30832555 BLAKE2B 9cea05b07520924706e961efed6a45b9ba73388a25777f43c1a90497aa00ec200bad15863b7b17b84e622c79309365596853423776da9c3d103c2a8c1126a0d2 SHA512 3c30f6f57c0e8a24992ff2b4ce8ce166d3c0d4b28c8f5e79434d04de9f2016773be01a1689fedfc9e54ff1c8bc9838206bc28f3ff2e47d60102a7016f1062ec3 DIST suricata-6.0.1.tar.gz 30460439 BLAKE2B 55a24fa2f653a0a80f51e1ab102bb7046bd1f67d60c64c139b485086f4d8e0f5db58906bc33a7b5bdb76ba37b8206ded99b08034c4c292cf16d595bcafc7acc0 SHA512 be57150afc238b6627731e4463297e67469b66241779f5af3d1bd93bfad4fde41a5371298b54a06c7c3ea324e5642753ca57900173989ac738d663a85e9c33f4 diff --git a/net-analyzer/suricata/suricata-5.0.4.ebuild b/net-analyzer/suricata/suricata-5.0.4.ebuild deleted file mode 100644 index 077c14ece6d..000 --- a/net-analyzer/suricata/suricata-5.0.4.ebuild +++ /dev/null @@ -1,197 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..9} ) - -inherit autotools flag-o-matic linux-info python-single-r1 systemd - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - ?? ( lua luajit ) - bpf? ( af-packet )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_USEDEP}] - ') - >=net-libs/libhtp-0.5.35 - net-libs/libpcap - sys-apps/file - sys-libs/libcap-ng - bpf?( >=dev-libs/libbpf-0.1.0 ) - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/libmaxminddb ) - logrotate? ( app-admin/logrotate ) - lua?( dev-lang/lua:0= ) - luajit? ( dev-lang/luajit:* ) - lz4?( app-arch/lz4 ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue?( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis )" -DEPEND="${RDEPEND} - >=sys-devel/autoconf-2.69-r5 - virtual/rust" - -PATCHES=( - "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" - "${FILESDIR}/${PN}-5.0.1_default-config.patch" -) - -pkg_pretend() { - if use bpf && use kernel_linux; then - if kernel_is -lt 4 15; then - ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" - fi - - CONFIG_CHECK="~XDP_SOCKETS" - ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " - ERROR_XDP_SOCKETS+="Other eBPF features should work normally." - check_extra_config - fi -} - -src_prepare() { - default - sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//'
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, profiles/
commit: afe7a2be12b92b58850bb4381217043ca72be03d Author: Marek Szuba gentoo org> AuthorDate: Sun Dec 6 22:00:54 2020 + Commit: Marek Szuba gentoo org> CommitDate: Sun Dec 6 22:02:38 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afe7a2be net-analyzer/suricata: bump to 6.0.1 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + 0.0-r100.ebuild => suricata-6.0.1-r100.ebuild} | 2 +- ...ata-6.0.0-r100.ebuild => suricata-6.0.1.ebuild} | 23 +- profiles/package.mask | 2 +- 4 files changed, 12 insertions(+), 16 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index fde179dd2cb..ea206e75187 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1,3 @@ DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b SHA512 e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6 DIST suricata-6.0.0.tar.gz 30832555 BLAKE2B 9cea05b07520924706e961efed6a45b9ba73388a25777f43c1a90497aa00ec200bad15863b7b17b84e622c79309365596853423776da9c3d103c2a8c1126a0d2 SHA512 3c30f6f57c0e8a24992ff2b4ce8ce166d3c0d4b28c8f5e79434d04de9f2016773be01a1689fedfc9e54ff1c8bc9838206bc28f3ff2e47d60102a7016f1062ec3 +DIST suricata-6.0.1.tar.gz 30460439 BLAKE2B 55a24fa2f653a0a80f51e1ab102bb7046bd1f67d60c64c139b485086f4d8e0f5db58906bc33a7b5bdb76ba37b8206ded99b08034c4c292cf16d595bcafc7acc0 SHA512 be57150afc238b6627731e4463297e67469b66241779f5af3d1bd93bfad4fde41a5371298b54a06c7c3ea324e5642753ca57900173989ac738d663a85e9c33f4 diff --git a/net-analyzer/suricata/suricata-6.0.0-r100.ebuild b/net-analyzer/suricata/suricata-6.0.1-r100.ebuild similarity index 99% copy from net-analyzer/suricata/suricata-6.0.0-r100.ebuild copy to net-analyzer/suricata/suricata-6.0.1-r100.ebuild index 872fafeef3a..3d6679536b4 100644 --- a/net-analyzer/suricata/suricata-6.0.0-r100.ebuild +++ b/net-analyzer/suricata/suricata-6.0.1-r100.ebuild @@ -36,7 +36,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.35 + >=net-libs/libhtp-0.5.36 net-libs/libpcap sys-apps/file sys-libs/libcap-ng diff --git a/net-analyzer/suricata/suricata-6.0.0-r100.ebuild b/net-analyzer/suricata/suricata-6.0.1.ebuild similarity index 93% rename from net-analyzer/suricata/suricata-6.0.0-r100.ebuild rename to net-analyzer/suricata/suricata-6.0.1.ebuild index 872fafeef3a..6602a4b80ad 100644 --- a/net-analyzer/suricata/suricata-6.0.0-r100.ebuild +++ b/net-analyzer/suricata/suricata-6.0.1.ebuild @@ -3,10 +3,9 @@ EAPI=7 -LUA_COMPAT=( lua5-1 luajit ) PYTHON_COMPAT=( python3_{6..9} ) -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd +inherit autotools flag-o-matic linux-info python-single-r1 systemd DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" HOMEPAGE="https://suricata-ids.org/; @@ -15,13 +14,13 @@ SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" RESTRICT="!test? ( test )" REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" + ?? ( lua luajit ) + bpf? ( af-packet )" RDEPEND="${PYTHON_DEPS} acct-group/suricata @@ -36,7 +35,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.35 + >=net-libs/libhtp-0.5.36 net-libs/libpcap sys-apps/file sys-libs/libcap-ng @@ -44,7 +43,8 @@ RDEPEND="${PYTHON_DEPS} cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) logrotate? ( app-admin/logrotate ) - lua?( ${LUA_DEPS} ) + lua?( dev-lang/lua:0= ) + luajit? ( dev-lang/luajit:* ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) nfqueue?( net-libs/libnetfilter_queue ) @@ -92,6 +92,8 @@ src_configure() { $(use_enable geoip) \ $(use_enable hardened gccprotect) \ $(use_enable hardened pie) \ + $(use_enable lua) \ + $(use_enable luajit) \ $(use_enable lz4) \ $(use_enable nflog) \ $(use_enable nfqueue) \ @@ -99,13
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 57724f05b683513e331b327d9bc589a099d335b6 Author: Marek Szuba gentoo org> AuthorDate: Sun Dec 6 22:01:39 2020 + Commit: Marek Szuba gentoo org> CommitDate: Sun Dec 6 22:02:41 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57724f05 net-analyzer/suricata: bump the old stable branch to 5.0.5 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/suricata-5.0.5.ebuild | 197 2 files changed, 198 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index ea206e75187..4393b479fd5 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,3 +1,4 @@ DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b SHA512 e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6 +DIST suricata-5.0.5.tar.gz 29094537 BLAKE2B c2a5897836117abe9ca39b3a03de36c4d5667d3e64dc1befd77a7b777e4191439a497e3042e6d00b80ae31c8c4f18347cb2e6833e8db5f64b31c8ab1cf557ac5 SHA512 5f26731e0a0134fdecc8e76a68a69584bacb614ba4fd56b74f27abe62ab7d80135908eeaae38c9a03101f069d83597b3c7c69000bdd2a2e6bfe87f7a98de4e16 DIST suricata-6.0.0.tar.gz 30832555 BLAKE2B 9cea05b07520924706e961efed6a45b9ba73388a25777f43c1a90497aa00ec200bad15863b7b17b84e622c79309365596853423776da9c3d103c2a8c1126a0d2 SHA512 3c30f6f57c0e8a24992ff2b4ce8ce166d3c0d4b28c8f5e79434d04de9f2016773be01a1689fedfc9e54ff1c8bc9838206bc28f3ff2e47d60102a7016f1062ec3 DIST suricata-6.0.1.tar.gz 30460439 BLAKE2B 55a24fa2f653a0a80f51e1ab102bb7046bd1f67d60c64c139b485086f4d8e0f5db58906bc33a7b5bdb76ba37b8206ded99b08034c4c292cf16d595bcafc7acc0 SHA512 be57150afc238b6627731e4463297e67469b66241779f5af3d1bd93bfad4fde41a5371298b54a06c7c3ea324e5642753ca57900173989ac738d663a85e9c33f4 diff --git a/net-analyzer/suricata/suricata-5.0.5.ebuild b/net-analyzer/suricata/suricata-5.0.5.ebuild new file mode 100644 index 000..db9ee04aadb --- /dev/null +++ b/net-analyzer/suricata/suricata-5.0.5.ebuild @@ -0,0 +1,197 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..9} ) + +inherit autotools flag-o-matic linux-info python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + ?? ( lua luajit ) + bpf? ( af-packet )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.36 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua?( dev-lang/lua:0= ) + luajit? ( dev-lang/luajit:* ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.1_default-config.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 7c476fc8e3073f2bb277ff3775b14aff3505ee1c Author: Marek Szuba gentoo org> AuthorDate: Thu Dec 3 12:39:22 2020 + Commit: Marek Szuba gentoo org> CommitDate: Thu Dec 3 12:54:11 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c476fc8 net-analyzer/suricata: limit unmigrated ebuilds to dev-lang/lua:0 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.4.ebuild | 2 +- net-analyzer/suricata/suricata-6.0.0.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.4.ebuild b/net-analyzer/suricata/suricata-5.0.4.ebuild index e618aa1e0bc..077c14ece6d 100644 --- a/net-analyzer/suricata/suricata-5.0.4.ebuild +++ b/net-analyzer/suricata/suricata-5.0.4.ebuild @@ -43,7 +43,7 @@ RDEPEND="${PYTHON_DEPS} cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) logrotate? ( app-admin/logrotate ) - lua?( dev-lang/lua:* ) + lua?( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:* ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log ) diff --git a/net-analyzer/suricata/suricata-6.0.0.ebuild b/net-analyzer/suricata/suricata-6.0.0.ebuild index 5f5d14e3eec..6a00d0c18c9 100644 --- a/net-analyzer/suricata/suricata-6.0.0.ebuild +++ b/net-analyzer/suricata/suricata-6.0.0.ebuild @@ -43,7 +43,7 @@ RDEPEND="${PYTHON_DEPS} cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) logrotate? ( app-admin/logrotate ) - lua?( dev-lang/lua:* ) + lua?( dev-lang/lua:0= ) luajit? ( dev-lang/luajit:* ) lz4?( app-arch/lz4 ) nflog? ( net-libs/libnetfilter_log )
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: b9b248bc69259902555d6c2a622a3d2e97a45355 Author: Marek Szuba gentoo org> AuthorDate: Wed Oct 14 13:55:12 2020 + Commit: Marek Szuba gentoo org> CommitDate: Wed Oct 14 14:42:31 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9b248bc net-analyzer/suricata: migrate to lua-single.eclass Both the documentation and the autoconf script only mention luajit and lua5.1 so limit compatibility to these two. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-6.0.0-r100.ebuild | 208 +++ 1 file changed, 208 insertions(+) diff --git a/net-analyzer/suricata/suricata-6.0.0-r100.ebuild b/net-analyzer/suricata/suricata-6.0.0-r100.ebuild new file mode 100644 index 000..872fafeef3a --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.0-r100.ebuild @@ -0,0 +1,208 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +LUA_COMPAT=( lua5-1 luajit ) +PYTHON_COMPAT=( python3_{6..9} ) + +inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + bpf? ( af-packet ) + lua? ( ${LUA_REQUIRED_USE} )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.35 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua?( ${LUA_DEPS} ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-6.0.0_default-config.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ + "--enable-gccmarch-native=no" \ + "--enable-python" \ + $(use_enable af-packet) \ + $(use_enable bpf ebpf) \ + $(use_enable control-socket unix-socket) \ + $(use_enable cuda) \ + $(use_enable detection) \ + $(use_enable geoip) \ + $(use_enable hardened gccprotect) \ + $(use_enable hardened pie) \ + $(use_enable lz4) \ + $(use_enable nflog) \ + $(use_enable nfqueue) \ + $(use_enable redis hiredis) \ + $(use_enable test unittests) \ + "--disable-coccinelle" + ) + if use lua; then + if use lua_single_target_luajit; then + myeconfargs+=( --enable-luajit ) + else + myeconfargs+=( --enable-lua ) + fi + fi + + if use debug; then + myeconfargs+=( $(use_enable debug) ) + # so we can get a backtrace according to "reporting bugs" on upstream web site + CFLAGS="-ggdb -O0" econf ${myeconfargs[@]} + else + econf ${myeconfargs[@]} + fi +} + +src_install() { + emake DESTDIR="${D}" install + python_optimize + + if use bpf; then + rm -f
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: a8e82003db4b6ef62cf260263bafc1cc32f33acc Author: Marek Szuba gentoo org> AuthorDate: Fri Oct 9 12:09:22 2020 + Commit: Marek Szuba gentoo org> CommitDate: Fri Oct 9 12:14:16 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8e82003 net-analyzer/suricata: bump to 6.0.0 Okay, this has turned out to be easier than I thought it might be. Note to self: since suricata-6 no longer supports unified2 output and suricata-5 is still supported upstream (even 4 will only reach end of life on 2020-12-31), keep the latter around for at least a bit longer. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + .../files/suricata-6.0.0_default-config.patch | 27 +++ net-analyzer/suricata/suricata-6.0.0.ebuild| 203 + 3 files changed, 231 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 06edb9b7cc8..fde179dd2cb 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b SHA512 e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6 +DIST suricata-6.0.0.tar.gz 30832555 BLAKE2B 9cea05b07520924706e961efed6a45b9ba73388a25777f43c1a90497aa00ec200bad15863b7b17b84e622c79309365596853423776da9c3d103c2a8c1126a0d2 SHA512 3c30f6f57c0e8a24992ff2b4ce8ce166d3c0d4b28c8f5e79434d04de9f2016773be01a1689fedfc9e54ff1c8bc9838206bc28f3ff2e47d60102a7016f1062ec3 diff --git a/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch b/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch new file mode 100644 index 000..03e0f1cda94 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch @@ -0,0 +1,27 @@ +--- a/suricata.yaml.in b/suricata.yaml.in +@@ -209,8 +209,9 @@ + # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format + + # As of Suricata 5.0, version 2 of the eve dns output +-# format is the default. +-#version: 2 ++# format is the default - but the daemon produces a warning to that effect ++# at start-up if this isn't explicitly set. ++version: 2 + + # Enable/disable this logger. Default: enabled. + #enabled: yes +@@ -988,9 +989,9 @@ + ## + + # Run Suricata with a specific user-id and group-id: +-#run-as: +-# user: suri +-# group: suri ++run-as: ++ user: suricata ++ group: suricata + + # Some logging modules will use that name in event as identifier. The default + # value is the hostname diff --git a/net-analyzer/suricata/suricata-6.0.0.ebuild b/net-analyzer/suricata/suricata-6.0.0.ebuild new file mode 100644 index 000..5f5d14e3eec --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.0.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..9} ) + +inherit autotools flag-o-matic linux-info python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + ?? ( lua luajit ) + bpf? ( af-packet )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.35 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-6.0.0_default-config.patch" +) + +pkg_pretend() { +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 6b0add7f82cb3990a9b95d3931ce94981884dca4 Author: Marek Szuba gentoo org> AuthorDate: Fri Oct 9 11:34:30 2020 + Commit: Marek Szuba gentoo org> CommitDate: Fri Oct 9 11:40:52 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b0add7f net-analyzer/suricata: bump to 5.0.4 6.0.0 is out now too but it may or may not take time to package, and 5.0.4 fixes some potential security issues detected by Oss-Fuzz. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest| 2 +- .../suricata/{suricata-5.0.3.ebuild => suricata-5.0.4.ebuild} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index b4800d771b4..06edb9b7cc8 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1 @@ -DIST suricata-5.0.3.tar.gz 23744731 BLAKE2B 51dfd6fb8a1208e499f178f679f2b3cf6a2632a659fb5b58baa747da64fb37a1c9345b51b2bb3f5c33f9a3fc9208ab52cb6e8dc6ddb38b7c19124f7345ca SHA512 4e0ad2ae33537cb074d549b3cc162c5ed115605cb142a96cbf66d1341799eaad96b307fd6ad4679e344e51d00065b3573bfb26bd60468f12addb144b112e4f72 +DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b SHA512 e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6 diff --git a/net-analyzer/suricata/suricata-5.0.3.ebuild b/net-analyzer/suricata/suricata-5.0.4.ebuild similarity index 98% rename from net-analyzer/suricata/suricata-5.0.3.ebuild rename to net-analyzer/suricata/suricata-5.0.4.ebuild index d159cf584da..e618aa1e0bc 100644 --- a/net-analyzer/suricata/suricata-5.0.3.ebuild +++ b/net-analyzer/suricata/suricata-5.0.4.ebuild @@ -35,11 +35,11 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.33 + >=net-libs/libhtp-0.5.35 net-libs/libpcap sys-apps/file sys-libs/libcap-ng - bpf?( >=dev-libs/libbpf-0.0.6 ) + bpf?( >=dev-libs/libbpf-0.1.0 ) cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/libmaxminddb ) logrotate? ( app-admin/logrotate )
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 2fa67aeb1448e023feb007a4f83003c759013924 Author: Marek Szuba gentoo org> AuthorDate: Fri Jul 17 19:30:28 2020 + Commit: Marek Szuba gentoo org> CommitDate: Fri Jul 17 20:09:59 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fa67aeb net-analyzer/suricata: support python3_9 Builds, tests and installs fine, and at least suricata-update works without problems. Tested pypy3 support as well and it needs work, somehow Python modules for this implementation end up in /usr/site-packages. Tools work fine once the modules have been manually moved to the right directory, though. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.3.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.3.ebuild b/net-analyzer/suricata/suricata-5.0.3.ebuild index c1f707b1342..d159cf584da 100644 --- a/net-analyzer/suricata/suricata-5.0.3.ebuild +++ b/net-analyzer/suricata/suricata-5.0.3.ebuild @@ -3,7 +3,7 @@ EAPI=7 -PYTHON_COMPAT=( python3_{6,7,8} ) +PYTHON_COMPAT=( python3_{6..9} ) inherit autotools flag-o-matic linux-info python-single-r1 systemd @@ -65,7 +65,7 @@ pkg_pretend() { fi CONFIG_CHECK="~XDP_SOCKETS" - ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata will to load XDP programs. " + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. " ERROR_XDP_SOCKETS+="Other eBPF features should work normally." check_extra_config fi
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 00b295187723410950b9e6fed2b221a68bdacb5b Author: Marek Szuba gentoo org> AuthorDate: Fri May 22 20:58:25 2020 + Commit: Marek Szuba gentoo org> CommitDate: Fri May 22 21:01:55 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00b29518 net-analyzer/suricata: bump to 5.0.3 + remove 5.0.2 Bug: https://bugs.gentoo.org/724536 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 +- net-analyzer/suricata/{suricata-5.0.2.ebuild => suricata-5.0.3.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 0d9c0caa06c..b4800d771b4 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1 @@ -DIST suricata-5.0.2.tar.gz 23735393 BLAKE2B 3fd9bac597cda59cbeb3d902eccf15e4b873b56b44967a1cad9e99e041f06778ffd4f8ea1378f0df3fa84f2cabd6ac13eda7a2cb233e80a75c27bf7c4e5f7cd0 SHA512 e288f6aee9f8fafb8fa811d2c83a89a29434edc24e05542e172852dc139b9d0bb474d35ddbdc4723df04e7a8b4e70e181c822a4fb1315ba2879c3c7a5c16ef16 +DIST suricata-5.0.3.tar.gz 23744731 BLAKE2B 51dfd6fb8a1208e499f178f679f2b3cf6a2632a659fb5b58baa747da64fb37a1c9345b51b2bb3f5c33f9a3fc9208ab52cb6e8dc6ddb38b7c19124f7345ca SHA512 4e0ad2ae33537cb074d549b3cc162c5ed115605cb142a96cbf66d1341799eaad96b307fd6ad4679e344e51d00065b3573bfb26bd60468f12addb144b112e4f72 diff --git a/net-analyzer/suricata/suricata-5.0.2.ebuild b/net-analyzer/suricata/suricata-5.0.3.ebuild similarity index 99% rename from net-analyzer/suricata/suricata-5.0.2.ebuild rename to net-analyzer/suricata/suricata-5.0.3.ebuild index b2dc6c2e8b0..c1f707b1342 100644 --- a/net-analyzer/suricata/suricata-5.0.2.ebuild +++ b/net-analyzer/suricata/suricata-5.0.3.ebuild @@ -35,7 +35,7 @@ RDEPEND="${PYTHON_DEPS} $(python_gen_cond_dep ' dev-python/pyyaml[${PYTHON_USEDEP}] ') - >=net-libs/libhtp-0.5.32 + >=net-libs/libhtp-0.5.33 net-libs/libpcap sys-apps/file sys-libs/libcap-ng
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 3af306d8750b3693dd04e3bed2c6a40a5258718a Author: Marek Szuba gentoo org> AuthorDate: Thu Apr 23 21:10:21 2020 + Commit: Marek Szuba gentoo org> CommitDate: Thu Apr 23 21:10:54 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3af306d8 net-analyzer/suricata: remove old Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 - net-analyzer/suricata/suricata-5.0.1-r1.ebuild | 201 - 2 files changed, 202 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 15bad1cad76..0d9c0caa06c 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1 @@ -DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6 DIST suricata-5.0.2.tar.gz 23735393 BLAKE2B 3fd9bac597cda59cbeb3d902eccf15e4b873b56b44967a1cad9e99e041f06778ffd4f8ea1378f0df3fa84f2cabd6ac13eda7a2cb233e80a75c27bf7c4e5f7cd0 SHA512 e288f6aee9f8fafb8fa811d2c83a89a29434edc24e05542e172852dc139b9d0bb474d35ddbdc4723df04e7a8b4e70e181c822a4fb1315ba2879c3c7a5c16ef16 diff --git a/net-analyzer/suricata/suricata-5.0.1-r1.ebuild b/net-analyzer/suricata/suricata-5.0.1-r1.ebuild deleted file mode 100644 index e74f32fee51..000 --- a/net-analyzer/suricata/suricata-5.0.1-r1.ebuild +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6,7,8} ) - -inherit autotools flag-o-matic linux-info python-single-r1 systemd - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - ?? ( lua luajit ) - bpf? ( af-packet )" - -CDEPEND="acct-group/suricata - acct-user/suricata - dev-libs/jansson - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_MULTI_USEDEP}] - ') - >=net-libs/libhtp-0.5.32 - net-libs/libpcap - sys-apps/file - sys-libs/libcap-ng - bpf?( >=dev-libs/libbpf-0.0.6 ) - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/libmaxminddb ) - logrotate? ( app-admin/logrotate ) - lua?( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) - lz4?( app-arch/lz4 ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue?( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis )" -DEPEND="${CDEPEND} - >=sys-devel/autoconf-2.69-r5 - virtual/rust" -RDEPEND="${CDEPEND} - ${PYTHON_DEPS}" - -PATCHES=( - "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" - "${FILESDIR}/${PN}-5.0.1_default-config.patch" -) - -pkg_pretend() { - if use bpf && use kernel_linux; then - if kernel_is -lt 4 15; then - ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" - fi - - CONFIG_CHECK="~XDP_SOCKETS" - ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata will to load XDP programs. " - ERROR_XDP_SOCKETS+="Other eBPF features should work normally." - check_extra_config - fi -} - -src_prepare() { - # Bug #707204 - append-cflags $(test-flags-CC -fcommon) - - default - sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" - eautoreconf -} - -src_configure() { - local myeconfargs=( - "--localstatedir=/var" \ - "--runstatedir=/run" \ - "--enable-non-bundled-htp" \ - "--enable-gccmarch-native=no" \ - "--enable-python" \ - $(use_enable af-packet) \ - $(use_enable bpf ebpf) \ - $(use_enable control-socket unix-socket) \ - $(use_enable cuda) \ - $(use_enable detection) \ - $(use_enable geoip) \ - $(use_enable hardened gccprotect) \ - $(use_enable hardened pie) \ - $(use_enable lua) \ - $(use_enable luajit) \ -
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: a061032bd203f7986591189957a1008aecc9268a Author: Marek Szuba gentoo org> AuthorDate: Thu Apr 23 20:59:56 2020 + Commit: Marek Szuba gentoo org> CommitDate: Thu Apr 23 21:10:48 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a061032b net-analyzer/suricata: add missing "|| die" guard to sed call Also, some cosmetic changes to dependencies. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.2.ebuild | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.2.ebuild b/net-analyzer/suricata/suricata-5.0.2.ebuild index 19940f3c9fb..b2dc6c2e8b0 100644 --- a/net-analyzer/suricata/suricata-5.0.2.ebuild +++ b/net-analyzer/suricata/suricata-5.0.2.ebuild @@ -22,7 +22,8 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} ?? ( lua luajit ) bpf? ( af-packet )" -CDEPEND="acct-group/suricata +RDEPEND="${PYTHON_DEPS} + acct-group/suricata acct-user/suricata dev-libs/jansson dev-libs/libpcre @@ -32,7 +33,7 @@ CDEPEND="acct-group/suricata dev-libs/nspr dev-libs/nss $(python_gen_cond_dep ' - dev-python/pyyaml[${PYTHON_MULTI_USEDEP}] + dev-python/pyyaml[${PYTHON_USEDEP}] ') >=net-libs/libhtp-0.5.32 net-libs/libpcap @@ -48,11 +49,9 @@ CDEPEND="acct-group/suricata nflog? ( net-libs/libnetfilter_log ) nfqueue?( net-libs/libnetfilter_queue ) redis? ( dev-libs/hiredis )" -DEPEND="${CDEPEND} +DEPEND="${RDEPEND} >=sys-devel/autoconf-2.69-r5 virtual/rust" -RDEPEND="${CDEPEND} - ${PYTHON_DEPS}" PATCHES=( "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" @@ -74,7 +73,7 @@ pkg_pretend() { src_prepare() { default - sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die eautoreconf }
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: a4873f5bac8cb283f0827abfca1d44e99c383fae Author: Marek Szuba gentoo org> AuthorDate: Wed Mar 4 09:44:09 2020 + Commit: Marek Szuba gentoo org> CommitDate: Wed Mar 4 09:44:09 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4873f5b net-analyzer/suricata: bump to 5.0.2 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/suricata-5.0.2.ebuild | 198 2 files changed, 199 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index ac5ea56c85b..15bad1cad76 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6 +DIST suricata-5.0.2.tar.gz 23735393 BLAKE2B 3fd9bac597cda59cbeb3d902eccf15e4b873b56b44967a1cad9e99e041f06778ffd4f8ea1378f0df3fa84f2cabd6ac13eda7a2cb233e80a75c27bf7c4e5f7cd0 SHA512 e288f6aee9f8fafb8fa811d2c83a89a29434edc24e05542e172852dc139b9d0bb474d35ddbdc4723df04e7a8b4e70e181c822a4fb1315ba2879c3c7a5c16ef16 diff --git a/net-analyzer/suricata/suricata-5.0.2.ebuild b/net-analyzer/suricata/suricata-5.0.2.ebuild new file mode 100644 index 000..19940f3c9fb --- /dev/null +++ b/net-analyzer/suricata/suricata-5.0.2.ebuild @@ -0,0 +1,198 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6,7,8} ) + +inherit autotools flag-o-matic linux-info python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + ?? ( lua luajit ) + bpf? ( af-packet )" + +CDEPEND="acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_MULTI_USEDEP}] + ') + >=net-libs/libhtp-0.5.32 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.0.6 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${CDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" +RDEPEND="${CDEPEND} + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.1_default-config.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata will to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ + "--enable-gccmarch-native=no" \ + "--enable-python" \ + $(use_enable af-packet) \ + $(use_enable bpf ebpf) \ + $(use_enable control-socket unix-socket) \ + $(use_enable cuda) \ + $(use_enable detection) \ + $(use_enable geoip) \ + $(use_enable hardened gccprotect) \ + $(use_enable hardened pie) \ + $(use_enable lua) \ + $(use_enable luajit) \ + $(use_enable lz4) \ + $(use_enable nflog) \ + $(use_enable
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: e079e3cc9126887c71f1cd7130157e17c1ea31ac Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 5 15:29:31 2020 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 5 15:30:35 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e079e3cc net-analyzer/suricata: build with -fno-common / gcc-10 Tried fixing the code but it turns out it would require a non-trivial amount of changes so let's just force -fcommon. Tested using gcc-9 with -fno-common included in CFLAGS. Closes: https://bugs.gentoo.org/707204 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.1.ebuild | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-5.0.1.ebuild b/net-analyzer/suricata/suricata-5.0.1.ebuild index 67694740597..d09d4b1a984 100644 --- a/net-analyzer/suricata/suricata-5.0.1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.1.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 PYTHON_COMPAT=( python3_{6,7,8} ) -inherit autotools linux-info python-single-r1 systemd +inherit autotools flag-o-matic linux-info python-single-r1 systemd DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" HOMEPAGE="https://suricata-ids.org/; @@ -71,6 +71,9 @@ pkg_pretend() { } src_prepare() { + # Bug #707204 + append-cflags $(test-flags-CC -fcommon) + default sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" eautoreconf
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 4b9cd1de4a4962f4d2df2b65ff31f0ec1a97de2d Author: Marek Szuba gentoo org> AuthorDate: Wed Jan 22 11:48:28 2020 + Commit: Marek Szuba gentoo org> CommitDate: Wed Jan 22 11:50:58 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b9cd1de net-analyzer/suricata: remove custom logrotate config Recent versions of suricata come with official logrotate configuration and older versions have since been removed from the tree. Suggested-by: Michael Mair-Keimberger gmail.com> Closes: https://github.com/gentoo/gentoo/pull/14404 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/files/suricata-logrotate | 10 -- 1 file changed, 10 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate deleted file mode 100644 index 7b22283ec7c..000 --- a/net-analyzer/suricata/files/suricata-logrotate +++ /dev/null @@ -1,10 +0,0 @@ -/var/log/suricata/*.log /var/log/suricata/*.json { - rotate 3 - missingok - nocompress - create - sharedscripts - postrotate - /etc/init.d/suricata relog - endscript -}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 225a6a736d4c216d370d510a6a40c8a4f7622adf Author: Marek Szuba gentoo org> AuthorDate: Fri Dec 20 10:17:43 2019 + Commit: Marek Szuba gentoo org> CommitDate: Fri Dec 20 10:18:03 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=225a6a73 net-analyzer/suricata: depend on virtual/rust, not dev-lang/rust In other words, do not force users to build Rust from source. Closes: https://bugs.gentoo.org/703346 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-5.0.1.ebuild b/net-analyzer/suricata/suricata-5.0.1.ebuild index 1618cee4705..67694740597 100644 --- a/net-analyzer/suricata/suricata-5.0.1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.1.ebuild @@ -48,7 +48,7 @@ CDEPEND="acct-group/suricata redis? ( dev-libs/hiredis )" DEPEND="${CDEPEND} >=sys-devel/autoconf-2.69-r5 - dev-lang/rust" + virtual/rust" RDEPEND="${CDEPEND} ${PYTHON_DEPS}"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: c8ecb922ecf5a2685f265df3d0a0536aba0ce5bf Author: Marek Szuba gentoo org> AuthorDate: Thu Dec 19 14:59:17 2019 + Commit: Marek Szuba gentoo org> CommitDate: Thu Dec 19 15:17:15 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8ecb922 net-analyzer/suricata: fix typo in postinst messages Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/suricata-5.0.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-analyzer/suricata/suricata-5.0.1.ebuild b/net-analyzer/suricata/suricata-5.0.1.ebuild index ecb34b71784..1618cee4705 100644 --- a/net-analyzer/suricata/suricata-5.0.1.ebuild +++ b/net-analyzer/suricata/suricata-5.0.1.ebuild @@ -147,7 +147,7 @@ pkg_postinst() { if use systemd; then elog "Suricata requires either the mode of operation (e.g. --af-packet) or the interface to listen on (e.g. -i eth0)" elog "to be specified on the command line. The provided systemd unit launches Suricata in af-packet mode and relies" - elog "on file configuration to specify interfaces, should you prefer to run it different you will have to customise" + elog "on file configuration to specify interfaces, should you prefer to run it differently you will have to customise" elog "said unit. The simplest way of doing it is to override the Environment=OPTIONS='...' line using a .conf file" elog "placed in the directory ${EPREFIX}/etc/systemd/system/suricata.service.d/ ." elog "For details, see the section on drop-in directories in systemd.unit(5)."
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 4bbf99b0dbf76f352c0b123cba32cfbd90080fb3 Author: Marek Szuba gentoo org> AuthorDate: Wed Dec 18 14:17:32 2019 + Commit: Marek Szuba gentoo org> CommitDate: Wed Dec 18 14:21:49 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bbf99b0 net-analyzer/suricata: bump to 5.0.1 Further clean-up of old ebuilds, tools are no longer optional, there is now a config phase to download an initial rule set using suricata-update. Closes: https://bugs.gentoo.org/703184 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/files/suricata-5.0.1-conf| 62 +++ net-analyzer/suricata/files/suricata-5.0.1-init| 147 ...suricata-5.0.1_configure-no-lz4-automagic.patch | 23 +++ .../files/suricata-5.0.1_default-config.patch | 27 +++ net-analyzer/suricata/files/suricata.service | 2 +- net-analyzer/suricata/files/suricata.tmpfiles | 2 +- net-analyzer/suricata/suricata-5.0.1.ebuild| 196 + 8 files changed, 458 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 16a7c6ae731..9247b853f30 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e +DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6 diff --git a/net-analyzer/suricata/files/suricata-5.0.1-conf b/net-analyzer/suricata/files/suricata-5.0.1-conf new file mode 100644 index 000..7f22113dbf0 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.1-conf @@ -0,0 +1,62 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# +# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# +# Edit both suricata-q{0,1}.yaml files and set values accordingly. +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. + +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +SURICATA_OPTS="--af-packet" + +# Log paths listed here will be created by the init script and will override the log path +# set in the yaml file, if present. +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" + +# Suricata processes can take a long time to shut down. +# If necessary, adjust timeout in seconds to be used when calling stop from
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: eab781daa429d8d9cb5cd1a1d8baefcae4afbffc Author: Marek Szuba gentoo org> AuthorDate: Wed Dec 18 14:20:18 2019 + Commit: Marek Szuba gentoo org> CommitDate: Wed Dec 18 14:21:52 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eab781da net-analyzer/suricata: remove old Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 - net-analyzer/suricata/files/suricata-5.0.0-conf| 62 --- net-analyzer/suricata/files/suricata-5.0.0-init| 147 .../files/suricata-5.0.0_configure-lua-flags.patch | 16 -- ...suricata-5.0.0_configure-no-lz4-automagic.patch | 23 --- .../files/suricata-5.0.0_default-config.patch | 61 --- net-analyzer/suricata/metadata.xml | 2 - net-analyzer/suricata/suricata-5.0.0.ebuild| 185 - 8 files changed, 497 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 9247b853f30..ac5ea56c85b 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1 @@ -DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6 diff --git a/net-analyzer/suricata/files/suricata-5.0.0-conf b/net-analyzer/suricata/files/suricata-5.0.0-conf deleted file mode 100644 index 655b947fdd9..000 --- a/net-analyzer/suricata/files/suricata-5.0.0-conf +++ /dev/null @@ -1,62 +0,0 @@ -# Config file for /etc/init.d/suricata* - -# Where config files are stored. Default: - -# SURICATA_DIR="/etc/suricata" - -# Pass options to each suricata service. -# -# You can launch more than one service at the same time with different options. -# This can be useful in a multi-queue gateway, for example. -# You can expand on the Suricata inline example found at: -# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html -# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" -# on several queues. You can then have a Suricata instance processing traffic for each queue. -# This should help improve performance on the gateway/firewall. -# -# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: -# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 -# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 -# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml -# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml -# -# Edit both suricata-q{0,1}.yaml files and set values accordingly. -# You can override these yaml config file names with SURICATA_CONF* below (optional). -# This allows you to use the same yaml config file for multiple instances as long as you override -# sensible options such as the log file paths. -# SURICATA_CONF_q0="suricata-queues.yaml" -# SURICATA_CONF_q1="suricata-queues.yaml" -# SURICATA_CONF="suricata.yaml" - -# You can define the options here: -# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. - -# SURICATA_OPTS_q0="-q 0" -# SURICATA_OPTS_q1="-q 1" - -# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata -# then you can set: - -SURICATA_OPTS="-i eth0" - -# Log paths listed here will be created by the init script and will override the log path -# set in the yaml file, if present. -# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" -# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" -# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" - -# Run as user/group. -# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). -# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. -# SURICATA_USER_q0="suricata" -# SURICATA_GROUP_q0="suricata" -# SURICATA_USER_q1="suricata" -# SURICATA_GROUP_q1="suricata" -# SURICATA_USER="suricata" -# SURICATA_GROUP="suricata" - -# Suricata processes can take a long time to shut down. -# If necessary, adjust timeout in seconds to be used when calling stop from the init script. -# Examples: -# SURICATA_MAX_WAIT_ON_STOP="300" -# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30" diff --git a/net-analyzer/suricata/files/suricata-5.0.0-init
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 53159693f527b217acadfb345933d9fd16c46e2c Author: Marek Szuba gentoo org> AuthorDate: Tue Dec 17 00:16:19 2019 + Commit: Marek Szuba gentoo org> CommitDate: Tue Dec 17 00:16:19 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53159693 net-analyzer/suricata: tweak the systemd unit a bit Some of the ideas I picked up from https://gist.github.com/stupidpupil/4edcbe2046b3b22c81c606efee0492d7 do not quite work at present, namely: - limiting capabilities to CAP_NET_ADMIN causes problems e.g. when switching to an unprivileged user or while trying to load eBPF files. Just get rid of it; - suricata can now be launched just fine without Type=forking. Moreover, /run is now used instead of /var/run in the unit file so that systemd doesn't complain about the use of legacy paths. No revbump because even the updated unit does not run out of the box due to specifying neither an interface nor a mode of operations on the command line. Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/files/suricata.service | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/net-analyzer/suricata/files/suricata.service b/net-analyzer/suricata/files/suricata.service index 5e617388018..294ec637348 100644 --- a/net-analyzer/suricata/files/suricata.service +++ b/net-analyzer/suricata/files/suricata.service @@ -6,11 +6,9 @@ Documentation=man:suricata(8) man:suricatasc(8) Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki [Service] -Type=forking -Environment=OPTIONS='-c /etc/suricata/suricata.yaml' -CapabilityBoundingSet=CAP_NET_ADMIN -PIDFile=/var/run/suricata/suricata.pid -ExecStart=/usr/bin/suricata --pidfile /var/run/suricata/suricata.pid $OPTIONS +Environment=OPTIONS='-c /etc/suricata/suricata.yaml --af-packet' +PIDFile=/run/suricata/suricata.pid +ExecStart=/usr/bin/suricata --pidfile /run/suricata/suricata.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID ExecStop=/bin/kill $MAINPID PrivateTmp=yes
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: f3fe5e0ccbcf0af56e2d7e0c2c6231a2026df2f9 Author: Marek Szuba gentoo org> AuthorDate: Mon Dec 16 18:10:25 2019 + Commit: Marek Szuba gentoo org> CommitDate: Mon Dec 16 18:10:25 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3fe5e0c net-analyzer/suricata: remove vulnerable 4.0.4 Bug: https://bugs.gentoo.org/690196 Bug: https://bugs.gentoo.org/686428 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 - .../files/suricata-4.0.4_configure-lua-flags.patch | 16 -- .../suricata/files/suricata-4.0.4_sockios.patch| 13 -- .../{suricata-4.0.4-conf => suricata-5.0.0-conf} | 0 .../{suricata-4.0.4-init => suricata-5.0.0-init} | 0 net-analyzer/suricata/suricata-4.0.4.ebuild| 171 - net-analyzer/suricata/suricata-5.0.0.ebuild| 4 +- 7 files changed, 2 insertions(+), 203 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 72532b86510..16a7c6ae731 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1 @@ -DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e diff --git a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch deleted file mode 100644 index bad66359afa..000 --- a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch +++ /dev/null @@ -1,16 +0,0 @@ a/configure.ac -+++ b/configure.ac -@@ -1749,11 +1749,11 @@ - # liblua - AC_ARG_ENABLE(lua, - AS_HELP_STRING([--enable-lua],[Enable Lua support]), -- [ enable_lua="yes"], -+ [], - [ enable_lua="no"]) - AC_ARG_ENABLE(luajit, - AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), -- [ enable_luajit="yes"], -+ [], - [ enable_luajit="no"]) - if test "$enable_lua" = "yes"; then - if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch deleted file mode 100644 index a341d9c159f..000 --- a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch +++ /dev/null @@ -1,13 +0,0 @@ src/source-af-packet.c.orig2019-09-08 20:50:06.416466432 +0200 -+++ src/source-af-packet.c 2019-09-08 20:53:26.144471385 +0200 -@@ -70,6 +70,10 @@ - - #ifdef HAVE_AF_PACKET - -+#ifdef HAVE_LINUX_SOCKIOS_H -+#include -+#endif -+ - #if HAVE_SYS_IOCTL_H - #include - #endif diff --git a/net-analyzer/suricata/files/suricata-4.0.4-conf b/net-analyzer/suricata/files/suricata-5.0.0-conf similarity index 100% rename from net-analyzer/suricata/files/suricata-4.0.4-conf rename to net-analyzer/suricata/files/suricata-5.0.0-conf diff --git a/net-analyzer/suricata/files/suricata-4.0.4-init b/net-analyzer/suricata/files/suricata-5.0.0-init similarity index 100% rename from net-analyzer/suricata/files/suricata-4.0.4-init rename to net-analyzer/suricata/files/suricata-5.0.0-init diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild deleted file mode 100644 index 2ea320ca46b..000 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ /dev/null @@ -1,171 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit autotools eutils user - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/jansson-2.2 - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - >=net-libs/libhtp-0.5.20 - net-libs/libpcap - sys-apps/file - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/geoip ) - lua?( dev-lang/lua:* ) - luajit? (
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: c1210bc476d8126c337aa416fb8018377e8a0490 Author: Marek Szuba gentoo org> AuthorDate: Mon Dec 16 15:58:12 2019 + Commit: Marek Szuba gentoo org> CommitDate: Mon Dec 16 16:05:09 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1210bc4 net-analyzer/suricata: add self to the list of maintainers Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/metadata.xml | 4 1 file changed, 4 insertions(+) diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index bc25d72f088..cc49d0aa09f 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -4,6 +4,10 @@ s...@gentoo.org + +mare...@gentoo.org +Marek Szuba + Enable AF_PACKET support Enable support for eBPF (as well as XDP if supported by the kernel and the NIC driver)
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: da28437322994c655e77d94dcd82d01d575fce58 Author: Marek Szuba gentoo org> AuthorDate: Mon Dec 16 15:56:33 2019 + Commit: Marek Szuba gentoo org> CommitDate: Mon Dec 16 16:05:06 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da284373 net-analyzer/suricata: bump to 5.0.0 and EAPI 7 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + .../files/suricata-5.0.0_configure-lua-flags.patch | 16 ++ ...suricata-5.0.0_configure-no-lz4-automagic.patch | 23 +++ .../files/suricata-5.0.0_default-config.patch | 61 +++ net-analyzer/suricata/files/suricata.service | 21 +++ net-analyzer/suricata/files/suricata.tmpfiles | 1 + net-analyzer/suricata/metadata.xml | 6 +- net-analyzer/suricata/suricata-5.0.0.ebuild| 185 + 8 files changed, 313 insertions(+), 1 deletion(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index fe67675774d..72532b86510 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e +DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e diff --git a/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch new file mode 100644 index 000..be956fd94d4 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch @@ -0,0 +1,16 @@ +--- a/configure.ac b/configure.ac +@@ -1749,11 +1749,11 @@ + # liblua + AC_ARG_ENABLE(lua, + AS_HELP_STRING([--enable-lua],[Enable Lua support]), +- [ enable_lua="$enableval"], ++ [], + [ enable_lua="no"]) + AC_ARG_ENABLE(luajit, + AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), +- [ enable_luajit="$enableval"], ++ [], + [ enable_luajit="no"]) + if test "$enable_lua" = "yes"; then + if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch new file mode 100644 index 000..5efce46f6d9 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch @@ -0,0 +1,23 @@ +--- a/configure.ac b/configure.ac +@@ -2292,7 +2292,11 @@ + fi + + # Check for lz4 +-enable_liblz4="yes" ++AC_ARG_ENABLE(lz4, ++ AS_HELP_STRING([--enable-lz4], [Enable compressed pcap logging using liblz4]), ++ [enable_liblz4=$enableval], ++ [enable_liblz4=yes]) ++if test "x$enable_liblz4" != "xno"; then + AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no") + + if test "$enable_liblz4" = "no"; then +@@ -2306,6 +2310,7 @@ + echo " yum install lz4-devel" + echo + fi ++fi + + # get cache line size + AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") diff --git a/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch new file mode 100644 index 000..07a45c9a574 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch @@ -0,0 +1,61 @@ +--- a/suricata.yaml.in b/suricata.yaml.in +@@ -203,8 +203,9 @@ + # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format + + # As of Suricata 5.0, version 2 of the eve dns output +-# format is the default. +-#version: 2 ++# format is the default - but the daemon produces a warning to that effect ++# at start-up if this isn't explicitly set. ++version: 2 + + # Enable/disable this logger. Default: enabled. + #enabled: yes +@@ -978,9 +979,9 @@ + ## + + # Run suricata as user and group. +-#run-as: +-# user: suri +-# group: suri ++run-as: ++ user: suricata ++ group: suricata + + # Some logging module will use that name in event as identifier. The default + # value is the hostname +@@ -1806,16 +1807,28 @@ + hashmode: hash5tuplesorted + + ## +-## Configure Suricata to load Suricata-Update managed rules. +-## +-## If this section is completely commented out move
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: bbf4c30078e27adf7f6af90223cf03a333b2eb28 Author: Slawomir Lis gentoo org> AuthorDate: Sun Sep 8 19:02:22 2019 + Commit: Slawek Lis gentoo org> CommitDate: Sun Sep 8 19:24:41 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbf4c300 net-analyzer/suricata: Updated init.d and conf.d default pathes Package-Manager: Portage-2.3.75, Repoman-2.3.17 Signed-off-by: Slawek Lis gentoo.org> .../suricata/files/{suricata-4.0.3-conf => suricata-4.0.4-conf} | 0 .../suricata/files/{suricata-4.0.3-init => suricata-4.0.4-init} | 2 +- net-analyzer/suricata/suricata-4.0.4.ebuild | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-4.0.3-conf b/net-analyzer/suricata/files/suricata-4.0.4-conf similarity index 100% rename from net-analyzer/suricata/files/suricata-4.0.3-conf rename to net-analyzer/suricata/files/suricata-4.0.4-conf diff --git a/net-analyzer/suricata/files/suricata-4.0.3-init b/net-analyzer/suricata/files/suricata-4.0.4-init similarity index 99% rename from net-analyzer/suricata/files/suricata-4.0.3-init rename to net-analyzer/suricata/files/suricata-4.0.4-init index f54ba3a5e23..1db8137f31a 100644 --- a/net-analyzer/suricata/files/suricata-4.0.3-init +++ b/net-analyzer/suricata/files/suricata-4.0.4-init @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 SURICATA_BIN=/usr/bin/suricata diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild index f476bfe2ae2..eea47cd01bd 100644 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ b/net-analyzer/suricata/suricata-4.0.4.ebuild @@ -131,8 +131,8 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - newinitd "${FILESDIR}/${PN}-4.0.3-init" ${PN} - newconfd "${FILESDIR}/${PN}-4.0.3-conf" ${PN} + newinitd "${FILESDIR}/${P}-init" ${PN} + newconfd "${FILESDIR}/${P}-conf" ${PN} if use logrotate; then insopts -m0644
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 31be0335f7697f18ac28a8364636f1b0c0635f44 Author: Slawomir Lis gentoo org> AuthorDate: Sun Sep 8 19:20:10 2019 + Commit: Slawek Lis gentoo org> CommitDate: Sun Sep 8 19:24:42 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31be0335 net-analyzer/suricata: fixed installations warnings Package-Manager: Portage-2.3.75, Repoman-2.3.17 Signed-off-by: Slawek Lis gentoo.org> net-analyzer/suricata/suricata-4.0.4.ebuild | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild index eea47cd01bd..98ed94d5b7d 100644 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ b/net-analyzer/suricata/suricata-4.0.4.ebuild @@ -48,6 +48,7 @@ pkg_setup() { src_prepare() { epatch "${FILESDIR}/${P}_configure-lua-flags.patch" epatch "${FILESDIR}/${P}_sockios.patch" + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" eautoreconf } @@ -125,8 +126,8 @@ src_install() { doins rules/*.rules fi - dodir "/var/lib/${PN}" - dodir "/var/log/${PN}" + keepdir "/var/lib/${PN}" + keepdir "/var/log/${PN}" fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: dc1b127212527643b0346fe711558136bfc25ad0 Author: Slawomir Lis gentoo org> AuthorDate: Sun Sep 8 18:58:59 2019 + Commit: Slawek Lis gentoo org> CommitDate: Sun Sep 8 19:24:40 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc1b1272 net-analyzer/suricata: fixed build error related with SIOCGSTAMP Closes: https://bugs.gentoo.org/692546 Package-Manager: Portage-2.3.75, Repoman-2.3.17 Signed-off-by: Slawek Lis gentoo.org> net-analyzer/suricata/files/suricata-4.0.4_sockios.patch | 13 + net-analyzer/suricata/suricata-4.0.4.ebuild | 5 +++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch new file mode 100644 index 000..a341d9c159f --- /dev/null +++ b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch @@ -0,0 +1,13 @@ +--- src/source-af-packet.c.orig2019-09-08 20:50:06.416466432 +0200 src/source-af-packet.c 2019-09-08 20:53:26.144471385 +0200 +@@ -70,6 +70,10 @@ + + #ifdef HAVE_AF_PACKET + ++#ifdef HAVE_LINUX_SOCKIOS_H ++#include ++#endif ++ + #if HAVE_SYS_IOCTL_H + #include + #endif diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild index 2622dccdb3b..f476bfe2ae2 100644 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ b/net-analyzer/suricata/suricata-4.0.4.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=5 @@ -46,7 +46,8 @@ pkg_setup() { } src_prepare() { - epatch "${FILESDIR}"/${P}_configure-lua-flags.patch + epatch "${FILESDIR}/${P}_configure-lua-flags.patch" + epatch "${FILESDIR}/${P}_sockios.patch" eautoreconf }
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 5073a26b023b9b579b550c2d92fe949d9dbda2a5 Author: Marek Szuba gentoo org> AuthorDate: Mon Jun 11 14:03:15 2018 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jun 11 14:04:06 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5073a26b net-analyzer/suricata: remove vulnerable 4.0.3 Bug: https://bugs.gentoo.org/647664 Package-Manager: Portage-2.3.40, Repoman-2.3.9 net-analyzer/suricata/Manifest | 1 - net-analyzer/suricata/suricata-4.0.3.ebuild | 167 2 files changed, 168 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index cc70d0f7283..fe67675774d 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,2 +1 @@ -DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b6893b53892 DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild deleted file mode 100644 index 501a7c7a03a..000 --- a/net-analyzer/suricata/suricata-4.0.3.ebuild +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit autotools eutils user - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" - -DEPEND=" - >=dev-libs/jansson-2.2 - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - >=net-libs/libhtp-0.5.20 - net-libs/libpcap - sys-apps/file - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/geoip ) - lua?( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue?( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis ) - logrotate? ( app-admin/logrotate ) - sys-libs/libcap-ng -" -# #446814 -# prelude?( dev-libs/libprelude ) -# pfring? ( sys-process/numactl net-libs/pf_ring) -RDEPEND="${DEPEND}" - -pkg_setup() { - enewgroup ${PN} - enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" -} - -src_prepare() { - eautoreconf -} - -src_configure() { - local myeconfargs=( - "--localstatedir=/var/" \ - "--enable-non-bundled-htp" \ - $(use_enable af-packet) \ - $(use_enable detection) \ - $(use_enable nfqueue) \ - $(use_enable test coccinelle) \ - $(use_enable test unittests) \ - $(use_enable control-socket unix-socket) - ) - - if use cuda ; then - myeconfargs+=( $(use_enable cuda) ) - fi - if use geoip ; then - myeconfargs+=( $(use_enable geoip) ) - fi - if use hardened ; then - myeconfargs+=( $(use_enable hardened gccprotect) ) - fi - if use nflog ; then - myeconfargs+=( $(use_enable nflog) ) - fi - if use redis ; then - myeconfargs+=( $(use_enable redis hiredis) ) - fi - # not supported yet (no pfring in portage) -# if use pfring ; then -# myeconfargs+=( $(use_enable pfring) ) -# fi - # no libprelude in portage -# if use prelude ; theng -# myeconfargs+=( $(use_enable prelude) ) -# fi - if use lua ; then - myeconfargs+=( $(use_enable lua) ) - fi - if use luajit ; then - myeconfargs+=( $(use_enable luajit) ) - fi - if (use !lua) && (use !luajit) ; then - myeconfargs+=( - --disable-lua - --disable-luajit - ) - fi - -# this should be used when pf_ring use flag support will be added -# LIBS+="-lrt -lnuma" - - # avoid upstream configure script trying to add -march=native to CFLAGS - myeconfargs+=( --enable-gccmarch-native=no ) - - if use debug ; then - myeconfargs+=( $(use_enable debug) )
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: c35f490c5944f47bdcc633d70056ee8f433c3a44 Author: Marek Szuba gentoo org> AuthorDate: Mon Jun 11 14:02:10 2018 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jun 11 14:04:06 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c35f490c net-analyzer/suricata: bump to 4.0.4 + fix Lua USE flags Invoking maintainer timeout on both issues. Closes: https://bugs.gentoo.org/652344 Package-Manager: Portage-2.3.40, Repoman-2.3.9 net-analyzer/suricata/Manifest | 1 + .../files/suricata-4.0.4_configure-lua-flags.patch | 16 ++ net-analyzer/suricata/suricata-4.0.4.ebuild| 168 + 3 files changed, 185 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index b3ab446f9d9..cc70d0f7283 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b6893b53892 +DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e diff --git a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch new file mode 100644 index 000..bad66359afa --- /dev/null +++ b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch @@ -0,0 +1,16 @@ +--- a/configure.ac b/configure.ac +@@ -1749,11 +1749,11 @@ + # liblua + AC_ARG_ENABLE(lua, + AS_HELP_STRING([--enable-lua],[Enable Lua support]), +- [ enable_lua="yes"], ++ [], + [ enable_lua="no"]) + AC_ARG_ENABLE(luajit, + AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), +- [ enable_luajit="yes"], ++ [], + [ enable_luajit="no"]) + if test "$enable_lua" = "yes"; then + if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild new file mode 100644 index 000..2622dccdb3b --- /dev/null +++ b/net-analyzer/suricata/suricata-4.0.4.ebuild @@ -0,0 +1,168 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + >=net-libs/libhtp-0.5.20 + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis ) + logrotate? ( app-admin/logrotate ) + sys-libs/libcap-ng +" +# #446814 +# prelude?( dev-libs/libprelude ) +# pfring? ( sys-process/numactl net-libs/pf_ring) +RDEPEND="${DEPEND}" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" +} + +src_prepare() { + epatch "${FILESDIR}"/${P}_configure-lua-flags.patch + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var/" \ + "--enable-non-bundled-htp" \ + $(use_enable af-packet) \ + $(use_enable detection) \ + $(use_enable nfqueue) \ + $(use_enable test coccinelle) \ + $(use_enable test unittests) \ + $(use_enable control-socket unix-socket) + ) + + if use cuda ; then + myeconfargs+=( $(use_enable cuda) ) + fi + if use geoip ; then + myeconfargs+=( $(use_enable geoip) ) + fi + if use hardened ; then + myeconfargs+=( $(use_enable hardened gccprotect) ) + fi + if use nflog ; then + myeconfargs+=( $(use_enable nflog) ) + fi +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 0cd38eeec9f055befc5e16d1b714252905eb387c Author: Michael Mair-Keimberger gmail com> AuthorDate: Sun Jun 3 09:27:21 2018 + Commit: Aaron Bauman gentoo org> CommitDate: Sun Jun 3 13:48:19 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cd38eee net-analyzer/suricata: use HTTPs net-analyzer/suricata/suricata-4.0.3.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild index 19c4e17ebb2..501a7c7a03a 100644 --- a/net-analyzer/suricata/suricata-4.0.3.ebuild +++ b/net-analyzer/suricata/suricata-4.0.3.ebuild @@ -6,8 +6,8 @@ EAPI=5 inherit autotools eutils user DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="http://suricata-ids.org/; -SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz; +HOMEPAGE="https://suricata-ids.org/; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz; LICENSE="GPL-2" SLOT="0"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 2e6b7a4b972c110a62877daf862231eb99c08c1f Author: Slawomir Lis gentoo org> AuthorDate: Fri May 11 07:40:16 2018 + Commit: Slawek Lis gentoo org> CommitDate: Fri May 11 07:43:27 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e6b7a4b net-analyzer/suricata: fixed problems with compilation Fixed problems with compilation using lua and luajit Package-Manager: Portage-2.3.36, Repoman-2.3.9 net-analyzer/suricata/suricata-4.0.3.ebuild | 19 +-- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild index e501c9c775b..19c4e17ebb2 100644 --- a/net-analyzer/suricata/suricata-4.0.3.ebuild +++ b/net-analyzer/suricata/suricata-4.0.3.ebuild @@ -27,10 +27,8 @@ DEPEND=" sys-apps/file cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/geoip ) - lua? ( - !luajit? ( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) - ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) nflog? ( net-libs/libnetfilter_log ) nfqueue?( net-libs/libnetfilter_queue ) redis? ( dev-libs/hiredis ) @@ -83,15 +81,16 @@ src_configure() { # myeconfargs+=( $(use_enable pfring) ) # fi # no libprelude in portage -# if use prelude ; then +# if use prelude ; theng # myeconfargs+=( $(use_enable prelude) ) # fi if use lua ; then - myeconfargs+=( - $(use_enable !luajit lua) - $(use_enable luajit) - ) - else + myeconfargs+=( $(use_enable lua) ) + fi + if use luajit ; then + myeconfargs+=( $(use_enable luajit) ) + fi + if (use !lua) && (use !luajit) ; then myeconfargs+=( --disable-lua --disable-luajit
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: d4e40e0eb9740bbeec133addc8ccfff64cde699b Author: Michał Górny gentoo org> AuthorDate: Mon Feb 26 22:17:25 2018 + Commit: Michał Górny gentoo org> CommitDate: Mon Mar 26 19:33:10 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4e40e0e net-analyzer/suricata: [QA] Use standard meaning of USE=luajit Fix the package to use standard meaning for USE=luajit instead of making it exclusive with USE=lua. net-analyzer/suricata/metadata.xml | 1 - net-analyzer/suricata/suricata-4.0.3.ebuild | 21 + 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index 58878c64f05..0afee5625d1 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -9,7 +9,6 @@ Enable unix socket Enable NVIDIA Cuda computations support Enable detection modules -Enable Luajit support Enable libnetfilter_log support Enable NFQUEUE support for inline IDP Enable Redis support diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild index 604eae665be..e501c9c775b 100644 --- a/net-analyzer/suricata/suricata-4.0.3.ebuild +++ b/net-analyzer/suricata/suricata-4.0.3.ebuild @@ -14,8 +14,6 @@ SLOT="0" KEYWORDS="~amd64 ~x86" IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" -REQUIRED_USE="lua? ( !luajit )" - DEPEND=" >=dev-libs/jansson-2.2 dev-libs/libpcre @@ -29,8 +27,10 @@ DEPEND=" sys-apps/file cuda? ( dev-util/nvidia-cuda-toolkit ) geoip? ( dev-libs/geoip ) - lua?( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) + lua? ( + !luajit? ( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + ) nflog? ( net-libs/libnetfilter_log ) nfqueue?( net-libs/libnetfilter_queue ) redis? ( dev-libs/hiredis ) @@ -87,10 +87,15 @@ src_configure() { # myeconfargs+=( $(use_enable prelude) ) # fi if use lua ; then - myeconfargs+=( $(use_enable lua) ) - fi - if use luajit ; then - myeconfargs+=( $(use_enable luajit) ) + myeconfargs+=( + $(use_enable !luajit lua) + $(use_enable luajit) + ) + else + myeconfargs+=( + --disable-lua + --disable-luajit + ) fi # this should be used when pf_ring use flag support will be added
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 7d77530345a974246cf27c24e66233448b4ae7dd Author: Slawomir Lis gentoo org> AuthorDate: Wed Jan 24 07:25:41 2018 + Commit: Slawek Lis gentoo org> CommitDate: Wed Jan 24 07:26:04 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d775303 net-analyzer/suricata: cleaned unneeded patch files Package-Manager: Portage-2.3.20, Repoman-2.3.6 .../suricata/files/fortify_source-numeric.patch| 11 -- net-analyzer/suricata/files/json.patch | 10 -- net-analyzer/suricata/files/magic-location.patch | 13 -- net-analyzer/suricata/files/suricata-3.2-conf | 62 - net-analyzer/suricata/files/suricata-3.2-init | 147 - net-analyzer/suricata/files/suricata-3.2.1-conf| 62 - net-analyzer/suricata/files/suricata-3.2.1-init| 147 - 7 files changed, 452 deletions(-) diff --git a/net-analyzer/suricata/files/fortify_source-numeric.patch b/net-analyzer/suricata/files/fortify_source-numeric.patch deleted file mode 100644 index 0a7f4827ea0..000 --- a/net-analyzer/suricata/files/fortify_source-numeric.patch +++ /dev/null @@ -1,11 +0,0 @@ a/src/suricata.c 2015-10-02 00:21:55.634213646 +0200 -+++ b/src/suricata.c 2015-10-02 00:22:39.143940007 +0200 -@@ -774,7 +774,7 @@ - printf("compiled with -fstack-protector-all\n"); - #endif - #ifdef _FORTIFY_SOURCE --printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE); -+printf("compiled with _FORTIFY_SOURCE\n"); - #endif - #ifdef CLS - printf("L1 cache line size (CLS)=%d\n", CLS); diff --git a/net-analyzer/suricata/files/json.patch b/net-analyzer/suricata/files/json.patch deleted file mode 100644 index a542f351640..000 --- a/net-analyzer/suricata/files/json.patch +++ /dev/null @@ -1,10 +0,0 @@ src/output-json.h.orig 2015-11-21 21:56:24.996289587 +0100 -+++ src/output-json.h 2015-11-21 21:57:11.419622642 +0100 -@@ -28,6 +28,7 @@ - - #ifdef HAVE_LIBJANSSON - -+#include - #include "suricata-common.h" - #include "util-buffer.h" - #include "util-logopenfile.h" diff --git a/net-analyzer/suricata/files/magic-location.patch b/net-analyzer/suricata/files/magic-location.patch deleted file mode 100644 index 02681f934b0..000 --- a/net-analyzer/suricata/files/magic-location.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 8b41eb0..3cdf0e7 100644 a/configure.ac -+++ b/configure.ac -@@ -182,7 +182,7 @@ - fi - echo -n "installation for $host OS... " - --e_magic_file="/usr/share/file/magic" -+e_magic_file="/usr/share/misc/magic.mgc" - case "$host" in - *-*-*freebsd*) - LUA_PC_NAME="lua-5.1" diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf deleted file mode 100644 index 655b947fdd9..000 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ /dev/null @@ -1,62 +0,0 @@ -# Config file for /etc/init.d/suricata* - -# Where config files are stored. Default: - -# SURICATA_DIR="/etc/suricata" - -# Pass options to each suricata service. -# -# You can launch more than one service at the same time with different options. -# This can be useful in a multi-queue gateway, for example. -# You can expand on the Suricata inline example found at: -# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html -# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" -# on several queues. You can then have a Suricata instance processing traffic for each queue. -# This should help improve performance on the gateway/firewall. -# -# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: -# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 -# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 -# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml -# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml -# -# Edit both suricata-q{0,1}.yaml files and set values accordingly. -# You can override these yaml config file names with SURICATA_CONF* below (optional). -# This allows you to use the same yaml config file for multiple instances as long as you override -# sensible options such as the log file paths. -# SURICATA_CONF_q0="suricata-queues.yaml" -# SURICATA_CONF_q1="suricata-queues.yaml" -# SURICATA_CONF="suricata.yaml" - -# You can define the options here: -# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. - -# SURICATA_OPTS_q0="-q 0" -# SURICATA_OPTS_q1="-q 1" - -# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata -# then you can set: - -SURICATA_OPTS="-i eth0" - -# Log paths listed here will be created by the init script and will override the log path -# set in the yaml file, if present. -#
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 9a69b3e675e006bd67b9a95d7cc043982b0c253a Author: Slawomir Lis gentoo org> AuthorDate: Wed Jan 24 07:00:02 2018 + Commit: Slawek Lis gentoo org> CommitDate: Wed Jan 24 07:00:02 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a69b3e6 net-analyzer/suricata: removed old version To fix vulnerability reported in bug https://bugs.gentoo.org/635662 Dropped versions: 2.0.11, 3.0.1, 3.1.3, 3.2-r1, 3.2.1, 3.2 Package-Manager: Portage-2.3.20, Repoman-2.3.6 net-analyzer/suricata/Manifest | 5 - net-analyzer/suricata/suricata-2.0.11.ebuild | 116 --- net-analyzer/suricata/suricata-3.0.1.ebuild | 112 -- net-analyzer/suricata/suricata-3.1.3.ebuild | 116 --- net-analyzer/suricata/suricata-3.2-r1.ebuild | 163 --- net-analyzer/suricata/suricata-3.2.1.ebuild | 161 -- net-analyzer/suricata/suricata-3.2.ebuild| 147 7 files changed, 820 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 3115c23a894..b3ab446f9d9 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,6 +1 @@ -DIST suricata-2.0.11.tar.gz 3091124 BLAKE2B 5cc99982d2041f0fd405ae1aee01c3955f8780a49148b64cd98061f60dbba9ced5d56e57247883480dfb06f587b231c4527eb59052d9e4c1341a8dafe6f20b90 SHA512 659e893fef3cdcca8440f2af7596d5cc58b142d3350b9ea5ba57d855c6759a00adafeb15a1dfe91dd55eca1437487eb4e842b4e2913d12417f0b906ca3d54ec9 -DIST suricata-3.0.1.tar.gz 3315637 BLAKE2B f92e8f4b9708b265eda2476dbedaaa3a5c417561befc4d4c0bca15669545f07cd681a6e4e60f9290c97072dffb9ced473ca5fbbd4250d1df002353f1de87b759 SHA512 cd10f5b19dd7b6ccbed668263b54d93738842191e71391b040aa7fc2049ac597feb38cd333f07b15d30ebeaf778f6abe18b72215e609891608dca094531c7fd8 -DIST suricata-3.1.3.tar.gz 3340627 BLAKE2B 6dff61a876591485fc32053912abfe8ec2ac23ff40ed63e4140d3c494adbf83b7310afae67f0b2c552f45c6ec9ed02db94635b3d90e4ac74e3da8de3a611f65b SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb -DIST suricata-3.2.1.tar.gz 11754332 BLAKE2B 1f72f9460c363aa86933a7105f0267d89e5b7e11db8668d30f2e84a545856cc53e4edc403f434533271697fc73d45fbd9ea2ce2cc4f07c245ba0724e3d0cae60 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290 -DIST suricata-3.2.tar.gz 11732080 BLAKE2B e5315edc7fb42792f165ebc6b43b3bef8ca8151857305adb6ac1cd2bbf93f5f679ac9762ac48836bf94dfdfc820e4dc7fdcaa73a2b609e3128524f39cd24c741 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b6893b53892 diff --git a/net-analyzer/suricata/suricata-2.0.11.ebuild b/net-analyzer/suricata/suricata-2.0.11.ebuild deleted file mode 100644 index cebe46b654e..000 --- a/net-analyzer/suricata/suricata-2.0.11.ebuild +++ /dev/null @@ -1,116 +0,0 @@ -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit autotools eutils user - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="http://suricata-ids.org/; -SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz; - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue +rules test" - -DEPEND=" - >=dev-libs/jansson-2.2 - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - >=net-libs/libhtp-0.5.18 - net-libs/libpcap - sys-apps/file - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/geoip ) - lua?( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue?( net-libs/libnetfilter_queue ) -" -# #446814 -# prelude?( dev-libs/libprelude ) -# pfring? ( sys-process/numactl net-libs/pf_ring) -RDEPEND="${DEPEND}" - -pkg_setup() { - enewgroup ${PN} - enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" -} - -src_prepare() { - epatch "${FILESDIR}/fortify_source-numeric.patch" - epatch "${FILESDIR}/magic-location.patch" - epatch "${FILESDIR}/json.patch" - - eautoreconf -} - -src_configure() { - local myeconfargs=( - "--localstatedir=/var/" \ - "--enable-non-bundled-htp" \ -
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 8a31f163e2cf8cc4e5f003a984ad06e070fefe17 Author: Slawomir Lis gentoo org> AuthorDate: Tue Jan 23 18:56:59 2018 + Commit: Slawek Lis gentoo org> CommitDate: Tue Jan 23 18:57:14 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a31f163 net-analyzer/suricata: added missed conf.d and init.d files Closes: https://bugs.gentoo.org/645484 Package-Manager: Portage-2.3.20, Repoman-2.3.6 net-analyzer/suricata/files/suricata-4.0.3-conf | 62 ++ net-analyzer/suricata/files/suricata-4.0.3-init | 147 2 files changed, 209 insertions(+) diff --git a/net-analyzer/suricata/files/suricata-4.0.3-conf b/net-analyzer/suricata/files/suricata-4.0.3-conf new file mode 100644 index 000..655b947fdd9 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-4.0.3-conf @@ -0,0 +1,62 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# +# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# +# Edit both suricata-q{0,1}.yaml files and set values accordingly. +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. + +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +SURICATA_OPTS="-i eth0" + +# Log paths listed here will be created by the init script and will override the log path +# set in the yaml file, if present. +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" + +# Suricata processes can take a long time to shut down. +# If necessary, adjust timeout in seconds to be used when calling stop from the init script. +# Examples: +# SURICATA_MAX_WAIT_ON_STOP="300" +# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30" diff --git a/net-analyzer/suricata/files/suricata-4.0.3-init b/net-analyzer/suricata/files/suricata-4.0.3-init new file mode 100644 index 000..f54ba3a5e23 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-4.0.3-init @@ -0,0 +1,147 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +SURICATA_BIN=/usr/bin/suricata +SURICATA_DIR=${SURICATA_DIR:-/etc/suricata} +SURICATA=${SVCNAME#*.} +SURICATAID=$(shell_var "${SURICATA}") +if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then +eval SURICATACONF=\$SURICATA_CONF_${SURICATAID} +[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" +SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" +eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} +eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} +eval SURICATAUSER=\$SURICATA_USER_${SURICATAID} +eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID} +else +SURICATACONF=${SURICATA_CONF} +[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" +SURICATAPID="/var/run/suricata/suricata.pid" +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 78745195e87a1b2b6698d6600d74da6932ebcadd Author: Slawomir Lis gentoo org> AuthorDate: Tue Jan 23 09:15:07 2018 + Commit: Slawek Lis gentoo org> CommitDate: Tue Jan 23 09:15:19 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78745195 net-analyzer/suricata: version bump to 4.0.3 This should fix security problems reported in https://bugs.gentoo.org/635662 Package-Manager: Portage-2.3.20, Repoman-2.3.6 net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/suricata-4.0.3.ebuild | 163 2 files changed, 164 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index dee7b9c1e63..3115c23a894 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -3,3 +3,4 @@ DIST suricata-3.0.1.tar.gz 3315637 BLAKE2B f92e8f4b9708b265eda2476dbedaaa3a5c417 DIST suricata-3.1.3.tar.gz 3340627 BLAKE2B 6dff61a876591485fc32053912abfe8ec2ac23ff40ed63e4140d3c494adbf83b7310afae67f0b2c552f45c6ec9ed02db94635b3d90e4ac74e3da8de3a611f65b SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb DIST suricata-3.2.1.tar.gz 11754332 BLAKE2B 1f72f9460c363aa86933a7105f0267d89e5b7e11db8668d30f2e84a545856cc53e4edc403f434533271697fc73d45fbd9ea2ce2cc4f07c245ba0724e3d0cae60 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290 DIST suricata-3.2.tar.gz 11732080 BLAKE2B e5315edc7fb42792f165ebc6b43b3bef8ca8151857305adb6ac1cd2bbf93f5f679ac9762ac48836bf94dfdfc820e4dc7fdcaa73a2b609e3128524f39cd24c741 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e +DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b6893b53892 diff --git a/net-analyzer/suricata/suricata-4.0.3.ebuild b/net-analyzer/suricata/suricata-4.0.3.ebuild new file mode 100644 index 000..604eae665be --- /dev/null +++ b/net-analyzer/suricata/suricata-4.0.3.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="http://suricata-ids.org/; +SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" + +REQUIRED_USE="lua? ( !luajit )" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + >=net-libs/libhtp-0.5.20 + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis ) + logrotate? ( app-admin/logrotate ) + sys-libs/libcap-ng +" +# #446814 +# prelude?( dev-libs/libprelude ) +# pfring? ( sys-process/numactl net-libs/pf_ring) +RDEPEND="${DEPEND}" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" +} + +src_prepare() { + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var/" \ + "--enable-non-bundled-htp" \ + $(use_enable af-packet) \ + $(use_enable detection) \ + $(use_enable nfqueue) \ + $(use_enable test coccinelle) \ + $(use_enable test unittests) \ + $(use_enable control-socket unix-socket) + ) + + if use cuda ; then + myeconfargs+=( $(use_enable cuda) ) + fi + if use geoip ; then + myeconfargs+=( $(use_enable geoip) ) + fi + if use hardened ; then + myeconfargs+=( $(use_enable hardened gccprotect) ) + fi + if use nflog ; then + myeconfargs+=( $(use_enable nflog) ) + fi + if use redis ; then + myeconfargs+=( $(use_enable redis hiredis) ) + fi + # not supported yet (no pfring in portage) +# if use pfring ; then +# myeconfargs+=( $(use_enable pfring) ) +# fi + # no libprelude in portage
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: 8610c416bfc5e5fb30a1925c6d5dbbce5537baab Author: Slawomir Lis gentoo org> AuthorDate: Mon Jul 24 08:29:45 2017 + Commit: Slawek Lis gentoo org> CommitDate: Mon Jul 24 08:30:03 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8610c416 net-analyzer/suricata: Solved conflicting use flags Use flags LUA and LUAJIT cannot be set at the same time. Reported in bug 625814 Reported-By: deference null.net Package-Manager: Portage-2.3.6, Repoman-2.3.3 net-analyzer/suricata/suricata-3.2-r1.ebuild | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild index 419c56ac26d..f6aa21dbcc4 100644 --- a/net-analyzer/suricata/suricata-3.2-r1.ebuild +++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild @@ -14,6 +14,8 @@ SLOT="0" KEYWORDS="~amd64 ~x86" IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" +REQUIRED_USE="lua? ( !luajit )" + DEPEND=" >=dev-libs/jansson-2.2 dev-libs/libpcre
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
commit: 8613b63b558801c7a1c904358505b65b5906d1a3 Author: Slawomir Lis gentoo org> AuthorDate: Fri Feb 17 05:39:45 2017 + Commit: Slawek Lis gentoo org> CommitDate: Fri Feb 17 05:39:45 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8613b63b net-analyzer/suricata: version bump to 3.2.1 Reported in #609426 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/files/suricata-3.2.1-conf | 62 + net-analyzer/suricata/files/suricata-3.2.1-init | 148 ++ net-analyzer/suricata/suricata-3.2.1.ebuild | 162 4 files changed, 373 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 4730f83276..06c2f94487 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,5 @@ DIST suricata-2.0.11.tar.gz 3091124 SHA256 c607f1e18e5636830f42a83f7c67e1466f07db82853f3a9dba4ab8c6c3bc656e SHA512 659e893fef3cdcca8440f2af7596d5cc58b142d3350b9ea5ba57d855c6759a00adafeb15a1dfe91dd55eca1437487eb4e842b4e2913d12417f0b906ca3d54ec9 WHIRLPOOL 5cfa55abd90284a0a3441853af9db18075a23fa5661d89448b409b8fdd1031ad348d76d455b7dfe7b2688e69633f5bbb65dc060cc2426af017ab1bcb824c9ac5 DIST suricata-3.0.1.tar.gz 3315637 SHA256 74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26 SHA512 cd10f5b19dd7b6ccbed668263b54d93738842191e71391b040aa7fc2049ac597feb38cd333f07b15d30ebeaf778f6abe18b72215e609891608dca094531c7fd8 WHIRLPOOL a1f6c8ee760cac9e3daa3358e89d30b4a24441fb975214ae2fe165fcb697b4292e035007323041febdc0d8f09b1515aba76f60f1e437d865193db3deb25d DIST suricata-3.1.3.tar.gz 3340627 SHA256 bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174 SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb WHIRLPOOL 720f668480bfa05e7e6c32bb63f09af6d38e46b909ab4d0d9879cd069436215eb3b4bb1778147de82344b6879a1b3e04da0af2e14084bb1b74472ecc727c4ebe +DIST suricata-3.2.1.tar.gz 11754332 SHA256 0e0b0cf49016804bb2fb1fc4327341617e76a67902f4e03e0ef6d16c1d7d3994 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290 WHIRLPOOL 6469191d11f8bd3cf4fab80650d4fbf380c74e3502867e446f57fd297d3f8bbd9b23e452dcb2c559496e8f64f9e9822c5f0303a6351ec13a32fd172a39d3ca05 DIST suricata-3.2.tar.gz 11732080 SHA256 41cbe19c6fd6bd51ebcbc29063f558e2fbba4a2450e5809fee2e461f16a4ed68 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e WHIRLPOOL b6d4c2c08e34da2b4dee4087831a0a9dcad836737489e2599938d74b74c624e455d0f1299ef7c4e70df038ac13dcd29344c2117b44310f8dc42d9f0fad0c3e15 diff --git a/net-analyzer/suricata/files/suricata-3.2.1-conf b/net-analyzer/suricata/files/suricata-3.2.1-conf new file mode 100644 index 00..655b947fdd --- /dev/null +++ b/net-analyzer/suricata/files/suricata-3.2.1-conf @@ -0,0 +1,62 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# +# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# +# Edit both suricata-q{0,1}.yaml files and set values accordingly. +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. + +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +SURICATA_OPTS="-i eth0" + +# Log paths
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 52c57d2e8707113c2b019013c83706b584b59bc7 Author: Slawomir Lis gentoo org> AuthorDate: Mon Jan 16 12:27:54 2017 + Commit: Slawek Lis gentoo org> CommitDate: Mon Jan 16 12:27:54 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52c57d2e net-analyzer/suricata: updated config file Bug report: #605754 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 6 ++ 1 file changed, 6 insertions(+) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index d8466b4..655b947 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -54,3 +54,9 @@ SURICATA_OPTS="-i eth0" # SURICATA_GROUP_q1="suricata" # SURICATA_USER="suricata" # SURICATA_GROUP="suricata" + +# Suricata processes can take a long time to shut down. +# If necessary, adjust timeout in seconds to be used when calling stop from the init script. +# Examples: +# SURICATA_MAX_WAIT_ON_STOP="300" +# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 33f785f6d2650b7bd8556bb58c95468b4d3a0ac1 Author: Slawomir Lis gentoo org> AuthorDate: Mon Jan 16 12:25:22 2017 + Commit: Slawek Lis gentoo org> CommitDate: Mon Jan 16 12:25:22 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33f785f6 net-analyzer/suricata: updated init script As reported in bug #605754, updated init script stop() function to take correct method of stopping long-running suricata shutdown Reported-by: Vieri yahoo.com> Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-init | 36 +++ 1 file changed, 4 insertions(+), 32 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 9ffedf4..05f05dd 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ @@ -27,6 +27,7 @@ fi SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}} SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}} [ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}" +[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}" description="Suricata IDS/IPS" extra_commands="checkconfig dump" @@ -111,37 +112,8 @@ start() { stop() { ebegin "Stopping ${SVCNAME}" - initpidinfo - start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 - einfo "Waiting for ${SVCNAME} to shut down. This can take a while..." - # max wait: 5 minutes as it can take quite a while on some systems with heavy traffic - local cnt=300 - while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do - cnt=$(expr $cnt - 1) - sleep 1 - echo -ne "$cnt seconds left before we give up checking the PID file...\r" - done - # under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed - # max wait for process to terminate: 1 minute - if [ ${#SUR_PID} -gt 0 ]; then - cnt=60 - SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" - if [ $((SUR_PID_CHECK)) -ne 0 ]; then - einfo "The PID file ${SURICATAPID} is gone but the ${SVCNAME} PID ${SUR_PID} is still running." - einfo "Waiting for process to shut down on its own. This can take a while..." - fi - while [ $((SUR_PID_CHECK)) -ne 0 ]; do - cnt=$(expr $cnt - 1) - if [ $cnt -lt 1 ] ; then - eend 1 "Failed. You might need to kill PID ${SUR_PID} or find out why it can't be stopped." - break - fi - sleep 1 - echo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r" - SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" - done - fi - eend 0 + start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 + eend $? } reload() {
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 0ec42d4b8fe37e81b2d54a51ce2463ca1ba31080 Author: Slawomir Lis gentoo org> AuthorDate: Mon Jan 9 07:21:33 2017 + Commit: Slawek Lis gentoo org> CommitDate: Mon Jan 9 07:21:49 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ec42d4b net-analyzer/suricata: fixed logrotate file Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-logrotate | 25 ++--- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate index a8edcc6..7b22283 100644 --- a/net-analyzer/suricata/files/suricata-logrotate +++ b/net-analyzer/suricata/files/suricata-logrotate @@ -1,15 +1,10 @@ /usr/portage/net-analyzer/suricata/files/suricata-logrotate 2016-12-28 10:34:11.0 +0100 -+++ /usr/local/portage/net-analyzer/suricata/files/suricata-logrotate 2016-12-29 08:59:51.390256659 +0100 -@@ -1,6 +1,10 @@ --/var/log/suricata/* { -+/var/log/suricata/*.log /var/log/suricata/*.json { -+ rotate 3 - missingok -+ nocompress -+ create -+ sharedscripts - postrotate -- /etc/init.d/suricata reload -+ /etc/init.d/suricata relog - endscript - } +/var/log/suricata/*.log /var/log/suricata/*.json { + rotate 3 + missingok + nocompress + create + sharedscripts + postrotate + /etc/init.d/suricata relog + endscript +}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: cb5cefc064378a810126ac76a888ff668ae3015b Author: Slawomir Lis gentoo org> AuthorDate: Sat Jan 7 10:27:20 2017 + Commit: Slawek Lis gentoo org> CommitDate: Sat Jan 7 10:25:42 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb5cefc0 net-analyzer/suricata: fixing error with logrotate file As reported in bug 604904 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/suricata-3.2-r1.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild index 0d4739e..9d39b83 100644 --- a/net-analyzer/suricata/suricata-3.2-r1.ebuild +++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2016 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ @@ -130,7 +130,7 @@ src_install() { if use logrotate; then insopts -m0644 insinto /etc/logrotate.d - newins "${FILESDIR}"/${PN}.logrotate ${PN} + newins "${FILESDIR}"/${PN}-logrotate ${PN} fi }
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 4b0a9ae167be4dc0cc9db385c84fd705a1b64301 Author: Slawomir Lis gentoo org> AuthorDate: Fri Dec 30 07:53:42 2016 + Commit: Slawek Lis gentoo org> CommitDate: Fri Dec 30 07:53:42 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b0a9ae1 net-analyzer/suricata: updated logrotate config file Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-logrotate | 21 +++-- 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate index 0dc145b..a8edcc6 100644 --- a/net-analyzer/suricata/files/suricata-logrotate +++ b/net-analyzer/suricata/files/suricata-logrotate @@ -1,6 +1,15 @@ -/var/log/suricata/* { - missingok - postrotate - /etc/init.d/suricata reload - endscript -} +--- /usr/portage/net-analyzer/suricata/files/suricata-logrotate 2016-12-28 10:34:11.0 +0100 /usr/local/portage/net-analyzer/suricata/files/suricata-logrotate 2016-12-29 08:59:51.390256659 +0100 +@@ -1,6 +1,10 @@ +-/var/log/suricata/* { ++/var/log/suricata/*.log /var/log/suricata/*.json { ++ rotate 3 + missingok ++ nocompress ++ create ++ sharedscripts + postrotate +- /etc/init.d/suricata reload ++ /etc/init.d/suricata relog + endscript + }
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: f3eaaf161bf666f9c10b6e333bfaaf1a55a81a0b Author: Slawomir Lis gentoo org> AuthorDate: Thu Dec 29 06:23:33 2016 + Commit: Slawek Lis gentoo org> CommitDate: Thu Dec 29 06:23:33 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3eaaf16 net-analyzer/suricata: fix in init script Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-init | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index b276f49..9ffedf4 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -26,7 +26,7 @@ else fi SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}} SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}} -[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" +[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}" description="Suricata IDS/IPS" extra_commands="checkconfig dump" @@ -47,7 +47,7 @@ checkconfig() { checkpath -d /var/run/suricata fi if [ ${#SURICATALOGPATH} -gt 0 ]; then - SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} ) + SURICATALOGFILE=$( basename ${SURICATALOGPATH} ) SURICATALOGFILE=${SURICATALOGFILE:-suricata.log} SURICATALOGPATH=$( dirname ${SURICATALOGPATH} ) if [ ! -d "${SURICATALOGPATH}" ] ; then
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/
commit: d6a9c58d4a29fb0fdb4e78e976a34cb0bd18f08d Author: Slawomir Lis gentoo org> AuthorDate: Wed Dec 28 13:25:09 2016 + Commit: Slawek Lis gentoo org> CommitDate: Wed Dec 28 13:25:36 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6a9c58d net-analyzer/suricata: postinst log message fix Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/suricata-3.2-r1.ebuild | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild index ee724a5..0d4739e 100644 --- a/net-analyzer/suricata/suricata-3.2-r1.ebuild +++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild @@ -156,5 +156,7 @@ pkg_postinst() { if use debug; then elog "You enabled the debug USE flag. Please read this link to report bugs upstream:" elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs; + elog "You need to also ensure the FEATURES variable in make.conf contains the" + elog "'nostrip' option to produce useful core dumps or back traces." fi }
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 2c174cb604c2c99f9d9e8ac4fab438d0aedf7ab1 Author: Slawomir Lis gentoo org> AuthorDate: Wed Dec 28 12:59:11 2016 + Commit: Slawek Lis gentoo org> CommitDate: Wed Dec 28 12:59:11 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c174cb6 net-analyzer/suricata: Dropping user privs in init script Bug #602590 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 12 - net-analyzer/suricata/files/suricata-3.2-init | 39 --- net-analyzer/suricata/suricata-3.2-r1.ebuild | 5 ++-- 3 files changed, 43 insertions(+), 13 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index fc6885d..d8466b4 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -29,7 +29,7 @@ # SURICATA_CONF="suricata.yaml" # You can define the options here: -# NB: avoid using -l, -c and setting logging.outputs.1.file.filename as the init script will try to set them for you. +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. # SURICATA_OPTS_q0="-q 0" # SURICATA_OPTS_q1="-q 1" @@ -44,3 +44,13 @@ SURICATA_OPTS="-i eth0" # SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" # SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" # SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 1717dbb..b276f49 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -13,13 +13,19 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} +eval SURICATAUSER=\$SURICATA_USER_${SURICATAID} +eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID} else SURICATACONF=${SURICATA_CONF} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} SURICATALOGPATH=${SURICATA_LOG_FILE} +SURICATAUSER=${SURICATA_USER} +SURICATAGROUP=${SURICATA_GROUP} fi +SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}} +SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}} [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" description="Suricata IDS/IPS" @@ -37,11 +43,6 @@ depend() { } checkconfig() { - if [ ! -e ${SURICATACONF} ] ; then - einfo "The configuration file ${SURICATACONF} was not found." - einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." - einfo "Take a look at the suricata arguments --set and --dump-config." - fi if [ ! -d "/var/run/suricata" ] ; then checkpath -d /var/run/suricata fi @@ -52,9 +53,22 @@ checkconfig() { if [ ! -d "${SURICATALOGPATH}" ] ; then checkpath -d "${SURICATALOGPATH}" fi + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then + chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1 + chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1 + fi SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" SURICATALOGPATH="-l ${SURICATALOGPATH}" fi + if [ ! -e ${SURICATACONF} ] ; then + einfo "The configuration file ${SURICATACONF} was not found." + einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." + einfo "Take a look at the suricata arguments --set and --dump-config." + fi + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then + einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}." + SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}" + fi } initpidinfo() { @@ -77,8 +91,7 @@ checkpidinfo() {
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: a382935f837f6a18529793813228cb2731e9d36f Author: Slawomir Lis gentoo org> AuthorDate: Wed Dec 28 09:34:11 2016 + Commit: Slawek Lis gentoo org> CommitDate: Wed Dec 28 09:34:11 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f net-analyzer/suricata: Updated suricata logging and added logrotate file I've also bumped revision number, as there are many changes, and those fixes should finally close bug 602590. Thanks to Vieri yahoo.com> for support. Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 11 +- net-analyzer/suricata/files/suricata-3.2-init | 28 +++-- net-analyzer/suricata/files/suricata-logrotate | 6 + net-analyzer/suricata/metadata.xml | 1 + net-analyzer/suricata/suricata-3.2-r1.ebuild | 161 + 5 files changed, 189 insertions(+), 18 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index d900ade..fc6885d 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0" # Log paths listed here will be created by the init script and will override the log path # set in the yaml file, if present. -# SURICATA_LOG_PATH_q0="/var/log/suricata/q0" -# SURICATA_LOG_PATH_q1="/var/log/suricata/q1" -# SURICATA_LOG_PATH="/var/log/suricata" -# SURICATA_LOG_FILE="suricata.log" - -# You can view all the available options you can set with --set -# and check the full config settings in an easily parsable format. -# SURICATA_DUMP=1 +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 3ec6afd..1717dbb 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} -eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID} +eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} else SURICATACONF=${SURICATA_CONF} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} -SURICATALOGPATH=${SURICATA_LOG_PATH} +SURICATALOGPATH=${SURICATA_LOG_FILE} fi [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" -extra_commands="checkconfig" +description="Suricata IDS/IPS" +extra_commands="checkconfig dump" +description_checkconfig="Check config for ${SVCNAME}" +description_dump="List all config values that can be used with --set" extra_started_commands="reload relog" +description_reload="Live rule and config reload" +description_relog="Close and re-open all log files" depend() { need net @@ -41,10 +46,12 @@ checkconfig() { checkpath -d /var/run/suricata fi if [ ${#SURICATALOGPATH} -gt 0 ]; then + SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} ) + SURICATALOGFILE=${SURICATALOGFILE:-suricata.log} + SURICATALOGPATH=$( dirname ${SURICATALOGPATH} ) if [ ! -d "${SURICATALOGPATH}" ] ; then checkpath -d "${SURICATALOGPATH}" fi - SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log} SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" SURICATALOGPATH="-l ${SURICATALOGPATH}" fi @@ -77,12 +84,6 @@ checkpidinfo() { start() { checkconfig || return 1 - if [ $((SURICATA_DUMP)) -eq 1 ]; then - einfo "Dumping ${SVCNAME} config values and quitting." - ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} - einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}." - return 1 - fi ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1 @@ -145,3 +146,10 @@ relog() { start-stop-daemon --signal HUP --pidfile ${SURICATAPID} eend $? } + +dump() { + checkconfig || return 1 + ebegin "Dumping ${SVCNAME} config values and quitting." + ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/
commit: 46b93f31143ddd9e2c0d2d45332a0feeefc3df84 Author: Slawomir Lis gentoo org> AuthorDate: Tue Dec 27 10:43:03 2016 + Commit: Slawek Lis gentoo org> CommitDate: Tue Dec 27 10:43:03 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46b93f31 net-analyzer/suricata: Updated init script Now it's able to override config filename and point to log directory. Related to #602590 Thanks to Vieri yahoo.com> Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 23 ++-- net-analyzer/suricata/files/suricata-3.2-init | 30 +-- 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index 61715ba..d900ade 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -19,9 +19,17 @@ # ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 # cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml # cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# # Edit both suricata-q{0,1}.yaml files and set values accordingly. -# -# You can then define the following options here: +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c and setting logging.outputs.1.file.filename as the init script will try to set them for you. # SURICATA_OPTS_q0="-q 0" # SURICATA_OPTS_q1="-q 1" @@ -30,3 +38,14 @@ # then you can set: SURICATA_OPTS="-i eth0" + +# Log paths listed here will be created by the init script and will override the log path +# set in the yaml file, if present. +# SURICATA_LOG_PATH_q0="/var/log/suricata/q0" +# SURICATA_LOG_PATH_q1="/var/log/suricata/q1" +# SURICATA_LOG_PATH="/var/log/suricata" +# SURICATA_LOG_FILE="suricata.log" + +# You can view all the available options you can set with --set +# and check the full config settings in an easily parsable format. +# SURICATA_DUMP=1 diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index d612815..3ec6afd 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -8,13 +8,17 @@ SURICATA_DIR=${SURICATA_DIR:-/etc/suricata} SURICATA=${SVCNAME#*.} SURICATAID=$(shell_var "${SURICATA}") if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then -SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" +eval SURICATACONF=\$SURICATA_CONF_${SURICATAID} +[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} +eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID} else -SURICATACONF="${SURICATA_DIR}/suricata.yaml" +SURICATACONF=${SURICATA_CONF} +[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} +SURICATALOGPATH=${SURICATA_LOG_PATH} fi [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" @@ -36,6 +40,14 @@ checkconfig() { if [ ! -d "/var/run/suricata" ] ; then checkpath -d /var/run/suricata fi + if [ ${#SURICATALOGPATH} -gt 0 ]; then + if [ ! -d "${SURICATALOGPATH}" ] ; then + checkpath -d "${SURICATALOGPATH}" + fi + SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log} + SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" + SURICATALOGPATH="-l ${SURICATALOGPATH}" + fi } initpidinfo() { @@ -65,13 +77,19 @@ checkpidinfo() { start() { checkconfig || return 1 + if [ $((SURICATA_DUMP)) -eq 1 ]; then + einfo "Dumping ${SVCNAME} config values and quitting." + ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} + einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}." + return 1 + fi ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ - -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1 + -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1 local SUR_EXIT=$? if [
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: a43050c1456321619ef97dfdeb5a158593fef58d Author: Slawomir Lis gentoo org> AuthorDate: Tue Dec 27 07:33:10 2016 + Commit: Slawek Lis gentoo org> CommitDate: Tue Dec 27 07:33:10 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a43050c1 net-analyzer/suricata: updated init script and config file Updated way the script starts suricata, it allows to define config values inline now. Details in bug 602590. Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 4 ++-- net-analyzer/suricata/files/suricata-3.2-init | 26 -- net-analyzer/suricata/suricata-3.2.ebuild | 2 -- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index bc6e281..61715ba 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -23,8 +23,8 @@ # # You can then define the following options here: -# SURICATA_OPTS_q0="-i eth0" -# SURICATA_OPTS_q1="-i eth1" +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" # If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata # then you can set: diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 3a9c356..d612815 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -16,6 +16,7 @@ else SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} fi +[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" extra_commands="checkconfig" extra_started_commands="reload relog" @@ -28,8 +29,9 @@ depend() { checkconfig() { if [ ! -e ${SURICATACONF} ] ; then - eerror "You need to create ${SURICATACONF} to run ${SVCNAME}." - return 1 + einfo "The configuration file ${SURICATACONF} was not found." + einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." + einfo "Take a look at the suricata arguments --set and --dump-config." fi if [ ! -d "/var/run/suricata" ] ; then checkpath -d /var/run/suricata @@ -37,7 +39,7 @@ checkconfig() { } initpidinfo() { - [ -f ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" + [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" if [ ${#SUR_PID} -gt 0 ]; then SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)" @@ -46,7 +48,7 @@ initpidinfo() { checkpidinfo() { initpidinfo -if [ ! -f ${SURICATAPID} ]; then +if [ ! -e ${SURICATAPID} ]; then eerror "${SVCNAME} isn't running" return 1 elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then @@ -65,12 +67,11 @@ start() { checkconfig || return 1 ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ - -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \ --c ${SURICATACONF} >/dev/null 2>&1 + -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1 local SUR_EXIT=$? if [ $((SUR_EXIT)) -ne 0 ]; then einfo "Could not start ${SURICATA_BIN} with:" - einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} -c ${SURICATACONF}" + einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS}" einfo "Exit code ${SUR_EXIT}" fi eend ${SUR_EXIT} @@ -80,14 +81,13 @@ stop() { ebegin "Stopping ${SVCNAME}" initpidinfo start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 - einfon "Waiting for ${SVCNAME} to shut down. This can take a while..." - echo + einfo "Waiting for ${SVCNAME} to shut down. This can take a while..." # max wait: 5 minutes as it can take quite a while on some systems with heavy traffic local cnt=300 - while [ -f ${SURICATAPID} ] && [ $cnt -gt 0 ]; do + while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do cnt=$(expr $cnt - 1) sleep 1 - echo -ne "$cnt seconds left before we give up checking the PID file...\r" + einfo -ne "$cnt seconds left before we give up checking the PID file...\r" done # under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed # max wait for process to terminate: 1 minute @@ -95,19 +95,17 @@ stop() { cnt=60 SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" if [ $((SUR_PID_CHECK)) -ne 0 ]; then - echo einfo "The PID file ${SURICATAPID} is