git: 62bc0aebb143 - main - security/suricata: Update to 7.0.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 10 Sep 2023 19:18:03 UTC
The branch main has been updated by eduardo:
URL: https://cgit.FreeBSD.org/ports/commit/?id=62bc0aebb14376ceb0637656997eb0beb57a35d2
commit 62bc0aebb14376ceb0637656997eb0beb57a35d2
Author: Franco Fichtner <franco@opnsense.org>
AuthorDate: 2023-09-10 19:13:33 +0000
Commit: Nuno Teixeira <eduardo@FreeBSD.org>
CommitDate: 2023-09-10 19:17:51 +0000
security/suricata: Update to 7.0.0
* The (broken) Prelude support was removed upstream.
* Netmap API support requires version 14 now. Otherwise it has to be
disabled to build.
* Caveats may still apply as no stable release was published yet.
OPNsense users are reporting instability issues with Netmap compared to
version 6.0.13, but as these things move quite slowly and demand is high
the update shall go in since it is an official release.
ChangeLog: https://suricata.io/2023/07/18/suricata-7-0-0-released/
PR: 267688
---
security/suricata/Makefile | 21 ++++-----------------
security/suricata/distinfo | 6 +++---
security/suricata/files/patch-configure.ac | 24 ------------------------
security/suricata/pkg-plist | 4 +++-
4 files changed, 10 insertions(+), 45 deletions(-)
diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index 660fc29b8328..92e6efcdd785 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -1,6 +1,5 @@
PORTNAME= suricata
-DISTVERSION= 6.0.13
-PORTREVISION= 3
+DISTVERSION= 7.0.0
CATEGORIES= security
MASTER_SITES= https://www.openinfosecfoundation.org/download/
@@ -15,7 +14,7 @@ BUILD_DEPENDS= rustc:lang/${RUST_DEFAULT}
LIB_DEPENDS= libjansson.so:devel/jansson \
liblz4.so:archivers/liblz4 \
libnet.so:net/libnet \
- libpcre.so:devel/pcre \
+ libpcre2-8.so:devel/pcre2 \
libyaml.so:textproc/libyaml
USES= autoreconf cpe gmake iconv:translit libtool localbase pathfix \
@@ -40,8 +39,7 @@ CONFLICTS_INSTALL= libhtp
SUB_FILES= pkg-message
-OPTIONS_DEFINE= GEOIP IPFW NETMAP NSS PORTS_PCAP PRELUDE PYTHON REDIS \
- TESTS
+OPTIONS_DEFINE= GEOIP IPFW NETMAP NSS PORTS_PCAP PYTHON REDIS TESTS
OPTIONS_DEFINE_amd64= HYPERSCAN
OPTIONS_DEFAULT= IPFW NETMAP PYTHON
@@ -50,8 +48,6 @@ OPTIONS_RADIO_SCRIPTS= LUA LUAJIT
OPTIONS_SUB= yes
-PRELUDE_BROKEN= Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065
-
GEOIP_DESC= GeoIP support
HYPERSCAN_DESC= Hyperscan support
IPFW_DESC= IPFW and IP Divert support for inline IDP
@@ -60,7 +56,6 @@ LUA_DESC= LUA scripting support
NETMAP_DESC= Netmap support for inline IDP
NSS_DESC= File checksums and SSL/TLS fingerprinting
PORTS_PCAP_DESC= Use libpcap from ports
-PRELUDE_DESC= Prelude support for NIDS alerts
PYTHON_DESC= Python-based update and control utilities
REDIS_DESC= Redis output support
SCRIPTS_DESC= Scripting
@@ -79,7 +74,7 @@ LUAJIT_CONFIGURE_ON= --enable-luajit
LUA_USES= lua:51
LUA_CONFIGURE_ON= --enable-lua
-NETMAP_CONFIGURE_ENABLE= netmap # netmap-v14
+NETMAP_CONFIGURE_ENABLE= netmap
NSS_LIB_DEPENDS= libnspr4.so:devel/nspr \
libnss3.so:security/nss
@@ -88,14 +83,6 @@ NSS_CONFIGURE_OFF= --disable-nspr \
PORTS_PCAP_LIB_DEPENDS= libpcap.so.1:net/libpcap
-PRELUDE_LIB_DEPENDS= libgcrypt.so:security/libgcrypt \
- libgnutls.so:security/gnutls \
- libgpg-error.so:security/libgpg-error \
- libltdl.so:devel/libltdl \
- libprelude.so:security/libprelude
-PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE}
-PRELUDE_CONFIGURE_ENABLE= prelude
-
PYTHON_BUILD_DEPENDS= ${PYTHON_RUN_DEPENDS}
PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
PYTHON_USES= python
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index e5e8e5bc46e5..5f09fca589d9 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1686896524
-SHA256 (suricata-6.0.13.tar.gz) = e09f2f800d0e0cd2f97f21c505950ccc3dbb9ce5cfe808df9567b6d849a31055
-SIZE (suricata-6.0.13.tar.gz) = 27411308
+TIMESTAMP = 1689683356
+SHA256 (suricata-7.0.0.tar.gz) = 7bcd1313118366451465dc3f8385a3f6aadd084ffe44dd257dda8105863bb769
+SIZE (suricata-7.0.0.tar.gz) = 23426302
diff --git a/security/suricata/files/patch-configure.ac b/security/suricata/files/patch-configure.ac
deleted file mode 100644
index b1eece593d90..000000000000
--- a/security/suricata/files/patch-configure.ac
+++ /dev/null
@@ -1,24 +0,0 @@
---- configure.ac.orig 2021-03-01 16:13:22 UTC
-+++ configure.ac
-@@ -706,8 +706,6 @@
- # unittests when jit is enabled.
- pcre_jit_available="no, pcre 8.39/8.40 jit disabled for powerpc64"
- fi
-- # hack: use libatomic
-- LIBS="${LIBS} -latomic"
- ;;
- *)
- # bug 1693, libpcre 8.35 is broken and debian jessie is still using that
-@@ -1186,8 +1184,10 @@
- AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),[enable_prelude=$enableval],[enable_prelude=no])
- # Prelude doesn't work with -Werror
- STORECFLAGS="${CFLAGS}"
-- CFLAGS="${CFLAGS} -Wno-error=unused-result"
--
-+ AX_CHECK_COMPILE_FLAG([-Wno-error=unused-result],
-+ [CFLAGS="${CFLAGS} -Wno-error=unused-result"],
-+ [])
-+
- AS_IF([test "x$enable_prelude" = "xyes"], [
- AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
- if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 4a9c881fcc8f..2edbf8f69623 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -20,7 +20,6 @@ include/htp/htp_utf8_decoder.h
include/htp/htp_version.h
include/htp/lzma/7zTypes.h
include/htp/lzma/LzmaDec.h
-include/suricata-plugin.h
lib/libhtp.a
lib/libhtp.so
lib/libhtp.so.2
@@ -141,6 +140,7 @@ man/man1/suricata.1.gz
%%DATADIR%%/rules/dnp3-events.rules
%%DATADIR%%/rules/dns-events.rules
%%DATADIR%%/rules/files.rules
+%%DATADIR%%/rules/ftp-events.rules
%%DATADIR%%/rules/http-events.rules
%%DATADIR%%/rules/http2-events.rules
%%DATADIR%%/rules/ipsec-events.rules
@@ -149,6 +149,8 @@ man/man1/suricata.1.gz
%%DATADIR%%/rules/mqtt-events.rules
%%DATADIR%%/rules/nfs-events.rules
%%DATADIR%%/rules/ntp-events.rules
+%%DATADIR%%/rules/quic-events.rules
+%%DATADIR%%/rules/rfb-events.rules
%%DATADIR%%/rules/smb-events.rules
%%DATADIR%%/rules/smtp-events.rules
%%DATADIR%%/rules/ssh-events.rules