diff --git a/net/snort/patches/001-automake-compat.patch b/net/snort/patches/001-automake-compat.patch new file mode 100644 index 000000000..023c510c1 --- /dev/null +++ b/net/snort/patches/001-automake-compat.patch @@ -0,0 +1,4 @@ +--- /dev/null ++++ b/acinclude.m4 +@@ -0,0 +1 @@ ++sinclude(m4/libprelude.m4) diff --git a/net/snort/patches/002-automake-cross.patch b/net/snort/patches/002-automake-cross.patch new file mode 100644 index 000000000..5671c2388 --- /dev/null +++ b/net/snort/patches/002-automake-cross.patch @@ -0,0 +1,214 @@ +--- a/configure.in ++++ b/configure.in +@@ -163,28 +163,6 @@ else + AC_MSG_RESULT(no) + fi + +-# check for sparc %time register +-if eval "echo $host_cpu|grep -i sparc >/dev/null"; then +- OLD_CFLAGS="$CFLAGS" +- CFLAGS="$CFLAGS -mcpu=v9 " +- AC_MSG_CHECKING([for sparc %time register]) +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[]], +- [[ +- int val; +- __asm__ __volatile__("rd %%tick, %0" : "=r"(val)); +- ]])], +- [sparcv9="yes"], +- [sparcv9="no"]) +- AC_MSG_RESULT($sparcv9) +- if test "x$sparcv9" = "xyes"; then +- AC_DEFINE([SPARCV9], [], [For sparc v9 with %time register]) +- else +- CFLAGS="$OLD_CFLAGS" +- fi +-fi +- + dnl checking headers + AC_CHECK_HEADERS(strings.h) + AC_CHECK_HEADERS(string.h) +@@ -282,22 +260,12 @@ AC_CHECK_FUNCS(vswprintf) + AC_CHECK_FUNCS(wprintf) + + AC_MSG_CHECKING([for sizeof(unsigned long)]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[], +-[[ +- if (sizeof(unsigned long) == 8) +- return 0; +- +- return 1; +-]])], +-[ulong_is_64_bit="yes"], +-[ulong_is_64_bit="no"]) +-if test "x$ulong_is_64_bit" = "xyes"; then +- AC_MSG_RESULT([64 bits]) +- AC_DEFINE([ULONGIS64BIT], [], [If unsigned long is 64 bits]) ++AC_CHECK_SIZEOF([unsigned long]) ++if test $ac_cv_sizeof_unsigned_long = 8; then ++ AC_MSG_RESULT([64 bits]) ++ AC_DEFINE([ULONGIS64BIT], [], [If unsigned long is 64 bits]) + else +- AC_MSG_RESULT([32 bits]) ++ AC_MSG_RESULT([32 bits]) + fi + + AC_TRY_COMPILE([ +@@ -412,88 +380,7 @@ if test "x$LPCAP" = "xno"; then + fi + + +-# This is to determine which pcap library version is being used. The reason being +-# that versions < 0.9 do not accumulate packet statistics whereas >= 0.9 do accumulate. +-# This is Linux only. The check is done after pcre because the code below uses pcre. +-# It seems Phil Wood's pcap does not accumulate - 0.9x +-pcap_version_check="yes" +-if test "x$linux" = "xyes"; then +- if test "x$pcap_version_check" = "xyes"; then +- AC_MSG_CHECKING([for libpcap version >= 0.9]) +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- #include +- extern char pcap_version[]; +- ]], +- [[ +- if (strcmp(pcap_version, "0.9x") == 0) +- return 1; +- +- if (strcmp(pcap_version, "0.9.0") < 0) +- return 1; +- ]])], +- [libpcap_version_09="yes"], +- [libpcap_version_09="no"]) +- AC_MSG_RESULT($libpcap_version_09) +- if test "x$libpcap_version_09" = "xyes"; then +- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) +- fi +- else +- libpcap_version_09="no" +- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) +- fi +- +- # there is a bug in the Linux code in 0.9.0 - 0.9.4 where the pcap +- # stats are doubled. +- if test "x$libpcap_version_09" = "xyes"; then +- AC_MSG_CHECKING(for libpcap version 0.9.0 - 0.9.4) +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- #include +- extern char pcap_version[]; +- ]], +- [[ +- if (strcmp(pcap_version, "0.9.5") < 0) +- return 1; +- ]])], +- [libpcap_version_09_bug="no"], +- [libpcap_version_09_bug="yes"]) +- AC_MSG_RESULT($libpcap_version_09_bug) +- else +- libpcap_version_09_bug="no" +- fi +- +- if test "x$libpcap_version_09_bug" = "xyes"; then +- AC_DEFINE([LINUX_LIBPCAP_DOUBLES_STATS], [], [For Linux libpcap versions 0.9.0 to 0.9.4]) +- fi +-else +- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) +-fi +- +-# In case INADDR_NONE is not defined (like on Solaris) +-have_inaddr_none="no" +-AC_MSG_CHECKING([for INADDR_NONE]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include +-#include +-]], +-[[ +- if (inet_addr("10,5,2") == INADDR_NONE); +-]])], +-[have_inaddr_none="yes"], +-[have_inaddr_none="no"]) +-AC_MSG_RESULT($have_inaddr_none) +-if test "x$have_inaddr_none" = "xno"; then +- AC_DEFINE([INADDR_NONE], [-1], [For INADDR_NONE definition]) +-fi +- +-default_directory="/usr /usr/local" ++AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats]) + + AC_DEFUN([FAIL_MESSAGE],[ + echo +@@ -745,64 +632,6 @@ if test "x$with_mysql" != "xno"; then + LIBS="-lmysqlclient ${LIBS}" + fi + fi +- +- AC_MSG_CHECKING([for mysql default client reconnect]) +- +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- ]], +- [[ +- if (mysql_get_client_version() < 50003) +- return 1; +- ]])], +- [mysql_default_reconnect="no"], +- [mysql_default_reconnect="yes"]) +- +- AC_MSG_RESULT($mysql_default_reconnect) +- +- if test "x$mysql_default_reconnect" = "xno"; then +- AC_MSG_CHECKING([for mysql reconnect option]) +- +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- ]], +- [[ +- if (mysql_get_client_version() < 50013) +- return 1; +- ]])], +- [mysql_has_reconnect="yes"], +- [mysql_has_reconnect="no"]) +- +- AC_MSG_RESULT($mysql_has_reconnect) +- +- if test "x$mysql_has_reconnect" = "xyes"; then +- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT], [], [For MySQL versions 5.0.13 and greater]) +- +- AC_MSG_CHECKING([for mysql setting of reconnect option before connect bug]) +- +- AC_RUN_IFELSE( +- [AC_LANG_PROGRAM( +- [[ +- #include +- ]], +- [[ +- if (mysql_get_client_version() < 50019) +- return 1; +- ]])], +- [mysql_has_reconnect_bug="no"], +- [mysql_has_reconnect_bug="yes"]) +- +- AC_MSG_RESULT($mysql_has_reconnect_bug) +- +- if test "x$mysql_has_reconnect_bug" = "xyes"; then +- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT_BUG], [], [For MySQL versions 5.0.13 to 5.0.18]) +- fi +- fi +- fi + fi + + AC_ARG_WITH(odbc, diff --git a/net/snort/patches/003-automake-no-hostpaths.patch b/net/snort/patches/003-automake-no-hostpaths.patch new file mode 100644 index 000000000..b7fc1f616 --- /dev/null +++ b/net/snort/patches/003-automake-no-hostpaths.patch @@ -0,0 +1,86 @@ +--- a/configure.in ++++ b/configure.in +@@ -115,7 +115,6 @@ case "$host" in + # libpcap doesn't even LOOK at the timeout you give it under Linux + AC_DEFINE(PCAP_TIMEOUT_IGNORED,,[Define if PCAP_TIMEOUT_IGNORED]) + AC_SUBST(extra_incl) +- extra_incl=-I/usr/include/pcap + ;; + *-hpux10*|*-hpux11*) + AC_DEFINE(HPUX,,[Define if HPUX]) +@@ -719,13 +718,13 @@ AC_ARG_WITH(pgsql_includes, + + if test "x$with_postgresql" != "xno"; then + if test "x$with_postgresql" = "xyes"; then +- postgresql_directory="$default_directory /usr/local/pgsql /usr/pgsql /usr/local" ++ postgresql_directory="$default_directory" + postgresql_fail="yes" + elif test -d $withval; then +- postgresql_directory="$withval $default_directory /usr/local/pgsql /usr/pgsql" ++ postgresql_directory="$withval $default_directory" + postgresql_fail="yes" + elif test "$with_postgresql" = ""; then +- postgresql_directory="$default_directory /usr/local/pgsql /usr/pgsql" ++ postgresql_directory="$default_directory" + postgresql_fail="no" + fi + +@@ -1040,8 +1039,6 @@ if test "$enable_inline" != "no"; then + LIBNET_INC_DIR="" + if test -n "$with_libnet_includes" -a "$with_libnet_includes" != "no"; then + libnet_dir="${with_libnet_includes}" +- else +- libnet_dir="/usr/include /usr/local/include /sw/include" + fi + AC_MSG_CHECKING("for libnet.h version 1.0.x") + for i in $libnet_dir; do +@@ -1089,7 +1086,6 @@ if test "x$enable_flexresp" != "xno" -a + fi + + if test `libnet-config --cflags | wc -c` = "1"; then +- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" + LIBNET_CONFIG_BROKEN_CFLAGS="yes" + fi + +@@ -1097,7 +1093,6 @@ if test "x$enable_flexresp" != "xno" -a + AC_MSG_WARN(libnet-config --libs is broken on your system. If you) + AC_MSG_WARN(are using a precompiled package please notify the) + AC_MSG_WARN(maintainer.) +- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" + LIBS="${LIBS} -lnet" + fi + +@@ -1116,8 +1111,6 @@ if test "x$enable_flexresp" != "xno" -a + if test "x${LIBNET_CONFIG_BROKEN_CFLAGS}" = "xyes"; then + if test -n "$with_libnet_includes" -a "x$with_libnet_includes" != "xno"; then + libnet_dir="${with_libnet_includes}" +- else +- libnet_dir="/usr/include /usr/local/include /sw/include" + fi + else + libnet_dir=`libnet-config --cflags | cut -dI -f2` +@@ -1210,7 +1203,6 @@ if test "x$enable_react" != "xno" -a "x$ + fi + + if test `libnet-config --cflags | wc -c` = "1"; then +- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include" + LIBNET_CONFIG_BROKEN_CFLAGS="yes" + fi + +@@ -1218,7 +1210,6 @@ if test "x$enable_react" != "xno" -a "x$ + AC_MSG_WARN(libnet-config --libs is broken on your system. If you) + AC_MSG_WARN(are using a precompiled package please notify the) + AC_MSG_WARN(maintainer.) +- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib" + LIBS="${LIBS} -lnet" + fi + +@@ -1237,8 +1228,6 @@ if test "x$enable_react" != "xno" -a "x$ + if test "x${LIBNET_CONFIG_BROKEN_CFLAGS}" = "xyes"; then + if test -n "$with_libnet_includes" -a "x$with_libnet_includes" != "xno"; then + libnet_dir="${with_libnet_includes}" +- else +- libnet_dir="/usr/include /usr/local/include /sw/include" + fi + else + libnet_dir=`libnet-config --cflags | cut -dI -f2` diff --git a/net/snort/patches/010-dont-add-host-paths.patch b/net/snort/patches/010-dont-add-host-paths.patch index c51c69cc3..9a899c13e 100644 --- a/net/snort/patches/010-dont-add-host-paths.patch +++ b/net/snort/patches/010-dont-add-host-paths.patch @@ -1,5 +1,3 @@ -diff --git a/configure b/configure -index 205be9c..df159e3 100755 --- a/configure +++ b/configure @@ -20668,8 +20668,6 @@ cat >>confdefs.h <<\_ACEOF @@ -11,7 +9,7 @@ index 205be9c..df159e3 100755 ;; *-hpux10*|*-hpux11*) -@@ -26209,7 +26207,6 @@ if test "x$enable_flexresp" != "xno" -a "x$enable_flexresp" = "xyes"; then +@@ -26218,7 +26216,6 @@ if test "x$enable_flexresp" != "xno" -a fi if test `libnet-config --cflags | wc -c` = "1"; then @@ -19,7 +17,7 @@ index 205be9c..df159e3 100755 LIBNET_CONFIG_BROKEN_CFLAGS="yes" fi -@@ -26220,7 +26217,6 @@ echo "$as_me: WARNING: libnet-config --libs is broken on your system. If you" > +@@ -26229,7 +26226,6 @@ echo "$as_me: WARNING: libnet-config --l echo "$as_me: WARNING: are using a precompiled package please notify the" >&2;} { echo "$as_me:$LINENO: WARNING: maintainer." >&5 echo "$as_me: WARNING: maintainer." >&2;} @@ -27,7 +25,7 @@ index 205be9c..df159e3 100755 LIBS="${LIBS} -lnet" fi -@@ -26795,7 +26791,6 @@ if test "x$enable_react" != "xno" -a "x$enable_react" = "xyes"; then +@@ -26804,7 +26800,6 @@ if test "x$enable_react" != "xno" -a "x$ fi if test `libnet-config --cflags | wc -c` = "1"; then @@ -35,7 +33,7 @@ index 205be9c..df159e3 100755 LIBNET_CONFIG_BROKEN_CFLAGS="yes" fi -@@ -26806,7 +26801,6 @@ echo "$as_me: WARNING: libnet-config --libs is broken on your system. If you" > +@@ -26815,7 +26810,6 @@ echo "$as_me: WARNING: libnet-config --l echo "$as_me: WARNING: are using a precompiled package please notify the" >&2;} { echo "$as_me:$LINENO: WARNING: maintainer." >&5 echo "$as_me: WARNING: maintainer." >&2;} diff --git a/net/snort/patches/100-cross-compile.patch b/net/snort/patches/100-cross-compile.patch index 285a422ed..57fde4705 100644 --- a/net/snort/patches/100-cross-compile.patch +++ b/net/snort/patches/100-cross-compile.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -20770,8 +20770,7 @@ +@@ -20768,8 +20768,7 @@ echo $ECHO_N "checking for sparc %time r { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling @@ -10,7 +10,7 @@ else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ -@@ -22981,8 +22980,7 @@ +@@ -22979,8 +22978,7 @@ if test "$cross_compiling" = yes; then { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling @@ -20,7 +20,7 @@ else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ -@@ -23766,8 +23764,7 @@ +@@ -23764,8 +23762,7 @@ echo $ECHO_N "checking for libpcap versi { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling @@ -30,7 +30,7 @@ else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ -@@ -23854,8 +23851,7 @@ +@@ -23852,8 +23849,7 @@ echo $ECHO_N "checking for libpcap versi { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling @@ -40,10 +40,7 @@ else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ -diff -urN snort-2.8.4.1/configure snort-2.8.4.1.new/configure ---- snort-2.8.4.1/configure 2009-04-21 21:39:16.000000000 +0200 -+++ snort-2.8.4.1.new/configure 2009-07-12 19:59:26.000000000 +0200 -@@ -23766,8 +23766,7 @@ +@@ -23939,8 +23935,7 @@ if test "$cross_compiling" = yes; then { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling @@ -53,9 +50,7 @@ diff -urN snort-2.8.4.1/configure snort-2.8.4.1.new/configure else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ ---- snort-2.8.4.1/configure 2009-07-12 20:33:36.000000000 +0200 -+++ snort-2.8.4.1.new/configure 2009-07-12 20:34:10.000000000 +0200 -@@ -24651,8 +24651,7 @@ +@@ -24654,8 +24649,7 @@ echo $ECHO_N "checking for mysql default { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling @@ -65,7 +60,7 @@ diff -urN snort-2.8.4.1/configure snort-2.8.4.1.new/configure else cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ -@@ -24719,8 +24718,7 @@ +@@ -24722,8 +24716,7 @@ echo $ECHO_N "checking for mysql reconne { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling See \`config.log' for more details." >&5 echo "$as_me: error: cannot run test program while cross compiling diff --git a/net/snort/patches/500-no-config-search.patch b/net/snort/patches/500-no-config-search.patch index f00ae2653..bc8dd6074 100644 --- a/net/snort/patches/500-no-config-search.patch +++ b/net/snort/patches/500-no-config-search.patch @@ -1,6 +1,6 @@ --- a/src/snort.c +++ b/src/snort.c -@@ -4140,7 +4140,7 @@ +@@ -4198,7 +4198,7 @@ static char *ConfigFileSearch(void) { struct stat st; int i; @@ -9,7 +9,7 @@ char *fname = NULL; char *rval = NULL; -@@ -4159,30 +4159,6 @@ +@@ -4217,30 +4217,6 @@ static char *ConfigFileSearch(void) i++; } diff --git a/net/snort/patches/750-lightweight-config.patch b/net/snort/patches/750-lightweight-config.patch index 440f43624..1116202ec 100644 --- a/net/snort/patches/750-lightweight-config.patch +++ b/net/snort/patches/750-lightweight-config.patch @@ -1,7 +1,5 @@ -Index: snort-2.8.4.1/etc/snort.conf -=================================================================== ---- snort-2.8.4.1.orig/etc/snort.conf 2009-04-21 21:39:51.000000000 +0200 -+++ snort-2.8.4.1/etc/snort.conf 2009-07-12 19:54:47.000000000 +0200 +--- a/etc/snort.conf ++++ b/etc/snort.conf @@ -6,6 +6,7 @@ # ################################################### @@ -23,7 +21,7 @@ Index: snort-2.8.4.1/etc/snort.conf # Configure your server lists. This allows snort to only look for attacks to # systems that have a service up. Why look for HTTP attacks if you are not -@@ -107,8 +108,8 @@ +@@ -107,8 +108,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28. # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules @@ -34,7 +32,7 @@ Index: snort-2.8.4.1/etc/snort.conf # Configure the snort decoder # ============================ -@@ -307,11 +308,11 @@ +@@ -307,11 +308,11 @@ preprocessor stream5_tcp: policy first, # lots of options available here. See doc/README.http_inspect. # unicode.map should be wherever your snort.conf lives, or given # a full path to where snort can find it. @@ -50,7 +48,7 @@ Index: snort-2.8.4.1/etc/snort.conf # # Example unique server configuration -@@ -345,7 +346,7 @@ +@@ -345,7 +346,7 @@ preprocessor http_inspect_server: server # no_alert_incomplete - don't alert when a single segment # exceeds the current packet size @@ -59,7 +57,7 @@ Index: snort-2.8.4.1/etc/snort.conf # bo: Back Orifice detector # ------------------------- -@@ -368,7 +369,7 @@ +@@ -368,7 +369,7 @@ preprocessor rpc_decode: 111 32771 # 3 Back Orifice Server Traffic Detected # 4 Back Orifice Snort Buffer Attack @@ -68,7 +66,7 @@ Index: snort-2.8.4.1/etc/snort.conf # ftp_telnet: FTP & Telnet normalizer, protocol enforcement and buff overflow # --------------------------------------------------------------------------- -@@ -391,32 +392,32 @@ +@@ -391,32 +392,32 @@ preprocessor bo # or use commandline option # --dynamic-preprocessor-lib @@ -121,7 +119,7 @@ Index: snort-2.8.4.1/etc/snort.conf # smtp: SMTP normalizer, protocol enforcement and buffer overflow # --------------------------------------------------------------------------- -@@ -434,15 +435,15 @@ +@@ -434,15 +435,15 @@ preprocessor ftp_telnet_protocol: ftp cl # or use commandline option # --dynamic-preprocessor-lib @@ -146,7 +144,7 @@ Index: snort-2.8.4.1/etc/snort.conf # sfPortscan # ---------- -@@ -498,9 +499,9 @@ +@@ -498,9 +499,9 @@ preprocessor smtp: \ # false alerts, especially under heavy load with dropped packets; which is why # the option is off by default. # @@ -159,7 +157,7 @@ Index: snort-2.8.4.1/etc/snort.conf # arpspoof #---------------------------------------- -@@ -623,9 +624,9 @@ +@@ -623,9 +624,9 @@ preprocessor dcerpc2_server: default # or use commandline option # --dynamic-preprocessor-lib @@ -172,7 +170,7 @@ Index: snort-2.8.4.1/etc/snort.conf # SSL #---------------------------------------- -@@ -649,7 +650,7 @@ +@@ -649,7 +650,7 @@ preprocessor dns: \ # To add reassembly on port 443 to Stream5, use 'port both 443' in the # Stream5 configuration. @@ -181,7 +179,7 @@ Index: snort-2.8.4.1/etc/snort.conf #################################################################### -@@ -811,41 +812,41 @@ +@@ -811,41 +812,41 @@ include $RULE_PATH/local.rules include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules @@ -257,7 +255,7 @@ Index: snort-2.8.4.1/etc/snort.conf # include $RULE_PATH/web-attacks.rules # include $RULE_PATH/backdoor.rules # include $RULE_PATH/shellcode.rules -@@ -859,7 +860,7 @@ +@@ -859,7 +860,7 @@ include $RULE_PATH/other-ids.rules # include $RULE_PATH/p2p.rules # include $RULE_PATH/spyware-put.rules # include $RULE_PATH/specific-threats.rules