From a962fb5d6814c23c9cb6eebddaf7551c1d15e39d Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Tue, 1 Nov 2016 08:50:56 -0700 Subject: suricata: update package to 3.1.3 *Changes* Bug #1861: Suricata with multi tenancy does not start in 3.1/3.1.1 Bug #1889: Suricata doesn't error on missing semicolon Bug #1910: libhtp 0.5.23 (3.1.x) Bug #1912: http.memcap reached condition can lead to dead lock Bug #1913: af-packet fanout detection broken on Debian Jessie Bug #1933: unix-command socket created with last character missing (3.1.x) Bug #1934: make install-full does not install tls-events.rules (3.1.x) Bug #1941: Can't set fast_pattern on tls_sni content (3.1.x) Bug #1942: dns - back to back requests results in loss of response (3.1.x) Bug #1943: Check redis reply in non pipeline mode (3.1.x) Signed-off-by: Armin Kuster --- recipes-security/suricata/libhtp_0.5.20.bb | 15 -------- recipes-security/suricata/libhtp_0.5.23.bb | 15 ++++++++ recipes-security/suricata/suricata.inc | 6 +-- recipes-security/suricata/suricata_3.1.2.bb | 58 ----------------------------- recipes-security/suricata/suricata_3.1.3.bb | 58 +++++++++++++++++++++++++++++ 5 files changed, 76 insertions(+), 76 deletions(-) delete mode 100644 recipes-security/suricata/libhtp_0.5.20.bb create mode 100644 recipes-security/suricata/libhtp_0.5.23.bb delete mode 100644 recipes-security/suricata/suricata_3.1.2.bb create mode 100644 recipes-security/suricata/suricata_3.1.3.bb (limited to 'recipes-security') diff --git a/recipes-security/suricata/libhtp_0.5.20.bb b/recipes-security/suricata/libhtp_0.5.20.bb deleted file mode 100644 index 8305f70..0000000 --- a/recipes-security/suricata/libhtp_0.5.20.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces." - -require suricata.inc - -LIC_FILES_CHKSUM = "file://../LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" - -DEPENDS = "zlib" - -inherit autotools pkgconfig - -CFLAGS += "-D_DEFAULT_SOURCE" - -S = "${WORKDIR}/suricata-${VER}/${BPN}" - -RDEPENDS_${PN} += "zlib" diff --git a/recipes-security/suricata/libhtp_0.5.23.bb b/recipes-security/suricata/libhtp_0.5.23.bb new file mode 100644 index 0000000..8305f70 --- /dev/null +++ b/recipes-security/suricata/libhtp_0.5.23.bb @@ -0,0 +1,15 @@ +SUMMARY = "LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces." + +require suricata.inc + +LIC_FILES_CHKSUM = "file://../LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" + +DEPENDS = "zlib" + +inherit autotools pkgconfig + +CFLAGS += "-D_DEFAULT_SOURCE" + +S = "${WORKDIR}/suricata-${VER}/${BPN}" + +RDEPENDS_${PN} += "zlib" diff --git a/recipes-security/suricata/suricata.inc b/recipes-security/suricata/suricata.inc index 5bd9286..bf3e6ad 100644 --- a/recipes-security/suricata/suricata.inc +++ b/recipes-security/suricata/suricata.inc @@ -2,8 +2,8 @@ HOMEPAGE = "http://suricata-ids.org/" SECTION = "security Monitor/Admin" LICENSE = "GPLv2" -VER = "3.1.2" +VER = "3.1.3" SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz" -SRC_URI[md5sum] = "c58e8ef56918c83ecf292d73f4b0c051" -SRC_URI[sha256sum] = "f9e7742580849f202254e75d9fc245ba53f4d7490f47a6d30f02a7b10aacc512" +SRC_URI[md5sum] = "7242f9b2cb96d27d5e9f8ff085c5029e" +SRC_URI[sha256sum] = "bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174" diff --git a/recipes-security/suricata/suricata_3.1.2.bb b/recipes-security/suricata/suricata_3.1.2.bb deleted file mode 100644 index ead568a..0000000 --- a/recipes-security/suricata/suricata_3.1.2.bb +++ /dev/null @@ -1,58 +0,0 @@ -SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine" - -require suricata.inc - -LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" - -SRC_URI += "file://no_libhtp_build.patch \ - file://volatiles.03_suricata \ - file://suricata.yaml \ - " - -inherit autotools-brokensep pkgconfig - -CFLAGS += "-D_DEFAULT_SOURCE" - -CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes " - -EXTRA_OECONF += " --disable-debug \ - --enable-non-bundled-htp \ - --disable-gccmarch-native \ - " - -PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr" -PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp," -PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," -PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," -PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap ," -PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " -PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," -PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," - -PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" -PACKAGECONFIG[file] = ",,file, file" -PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," -PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," - -export logdir = "${localstatedir}/log" - -do_install_append () { - install -d ${D}${sysconfdir}/suricata - install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles - install -m 644 classification.config ${D}${sysconfdir}/suricata - install -m 644 reference.config ${D}${sysconfdir}/suricata - install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata - install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata -} - -pkg_postinst_${PN} () { -if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then - ${sysconfdir}/init.d/populate-volatile.sh update -fi - ${bindir}/suricata -c ${sysconfdir}/suricata.yaml -i eth0 -} - -FILES_${PN} += "${sysconfdir}/suricata ${logdir}/suricata" -FILES_${PN}-dev += "/usr/lib/python2.7/site-packages" - -RDEPENDS_${PN} += " python" diff --git a/recipes-security/suricata/suricata_3.1.3.bb b/recipes-security/suricata/suricata_3.1.3.bb new file mode 100644 index 0000000..ead568a --- /dev/null +++ b/recipes-security/suricata/suricata_3.1.3.bb @@ -0,0 +1,58 @@ +SUMMARY = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine" + +require suricata.inc + +LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548" + +SRC_URI += "file://no_libhtp_build.patch \ + file://volatiles.03_suricata \ + file://suricata.yaml \ + " + +inherit autotools-brokensep pkgconfig + +CFLAGS += "-D_DEFAULT_SOURCE" + +CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes " + +EXTRA_OECONF += " --disable-debug \ + --enable-non-bundled-htp \ + --disable-gccmarch-native \ + " + +PACKAGECONFIG ??= "htp jansson file pcre yaml pcap cap-ng net nfnetlink nss nspr" +PACKAGECONFIG[htp] = "--with-libhtp-includes=${STAGING_INCDIR} --with-libhtp-libraries=${STAGING_LIBDIR}, ,libhtp," +PACKAGECONFIG[pcre] = "--with-libpcre-includes=${STAGING_INCDIR} --with-libpcre-libraries=${STAGING_LIBDIR}, ,libpcre ," +PACKAGECONFIG[yaml] = "--with-libyaml-includes=${STAGING_INCDIR} --with-libyaml-libraries=${STAGING_LIBDIR}, ,libyaml ," +PACKAGECONFIG[pcap] = "--with-libpcap-includes=${STAGING_INCDIR} --with-libpcap-libraries=${STAGING_LIBDIR}, ,libpcap ," +PACKAGECONFIG[cap-ng] = "--with-libcap_ng-includes=${STAGING_INCDIR} --with-libcap_ng-libraries=${STAGING_LIBDIR}, ,libcap-ng , " +PACKAGECONFIG[net] = "--with-libnet-includes=${STAGING_INCDIR} --with-libnet-libraries=${STAGING_LIBDIR}, , libnet," +PACKAGECONFIG[nfnetlink] = "--with-libnfnetlink-includes=${STAGING_INCDIR} --with-libnfnetlink-libraries=${STAGING_LIBDIR}, ,libnfnetlink ," + +PACKAGECONFIG[jansson] = "--with-libjansson-includes=${STAGING_INCDIR} --with-libjansson-libraries=${STAGING_LIBDIR},,jansson, jansson" +PACKAGECONFIG[file] = ",,file, file" +PACKAGECONFIG[nss] = "--with-libnss-includes=${STAGING_INCDIR} --with-libnss-libraries=${STAGING_LIBDIR}, nss, nss," +PACKAGECONFIG[nspr] = "--with-libnspr-includes=${STAGING_INCDIR} --with-libnspr-libraries=${STAGING_LIBDIR}, nspr, nspr," + +export logdir = "${localstatedir}/log" + +do_install_append () { + install -d ${D}${sysconfdir}/suricata + install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles + install -m 644 classification.config ${D}${sysconfdir}/suricata + install -m 644 reference.config ${D}${sysconfdir}/suricata + install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata + install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata +} + +pkg_postinst_${PN} () { +if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then + ${sysconfdir}/init.d/populate-volatile.sh update +fi + ${bindir}/suricata -c ${sysconfdir}/suricata.yaml -i eth0 +} + +FILES_${PN} += "${sysconfdir}/suricata ${logdir}/suricata" +FILES_${PN}-dev += "/usr/lib/python2.7/site-packages" + +RDEPENDS_${PN} += " python" -- cgit v1.2.3-54-g00ecf