svn commit: r403872 - in head/security/pulledpork: . files
Olli Hauer
ohauer at FreeBSD.org
Wed Dec 16 19:17:03 UTC 2015
Author: ohauer
Date: Wed Dec 16 19:17:01 2015
New Revision: 403872
URL: https://svnweb.freebsd.org/changeset/ports/403872
Log:
- use GHL instead old GOOGLE archives plus bigger local patches
- sync pkg-descr
Deleted:
head/security/pulledpork/files/patch-etc__pulledpork.conf
Modified:
head/security/pulledpork/Makefile
head/security/pulledpork/distinfo
head/security/pulledpork/files/patch-pulledpork.pl
head/security/pulledpork/pkg-descr
Modified: head/security/pulledpork/Makefile
==============================================================================
--- head/security/pulledpork/Makefile Wed Dec 16 18:48:44 2015 (r403871)
+++ head/security/pulledpork/Makefile Wed Dec 16 19:17:01 2015 (r403872)
@@ -3,10 +3,9 @@
PORTNAME= pulledpork
PORTVERSION= 0.7.0
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= security
-MASTER_SITES= GOOGLE_CODE \
- LOCAL/ohauer
+MASTER_SITES= GHL
MAINTAINER= ohauer at FreeBSD.org
COMMENT= Script to update snort-2.8+ rules
@@ -21,15 +20,21 @@ RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:${POR
NO_BUILD= yes
USES= perl5 shebangfix
USE_PERL5= run
-SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl
+SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl
SUB_FILES= pkg-message
+USE_GITHUB= yes
+GH_ACCOUNT= shirkdog
+GH_PROJECT= ${PORTNAME}
+GH_TAGNAME= 8b9441a
+
OPTIONS_DEFINE= DOCS
.include <bsd.port.options.mk>
post-patch:
- @${REINPLACE_CMD} -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \
+ @${REINPLACE_CMD} -e 's|^distro=FreeBSD-8.1|distro=FreeBSD-10-0|' \
+ -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \
-e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \
-e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \
-e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \
@@ -51,7 +56,7 @@ do-install:
do-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
- ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}/README
${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR}
Modified: head/security/pulledpork/distinfo
==============================================================================
--- head/security/pulledpork/distinfo Wed Dec 16 18:48:44 2015 (r403871)
+++ head/security/pulledpork/distinfo Wed Dec 16 19:17:01 2015 (r403872)
@@ -1,2 +1,2 @@
-SHA256 (pulledpork-0.7.0.tar.gz) = f60c005043850bb65a72582b9d6d68a7e7d51107f30f2b3fc67e607c995aa1a8
-SIZE (pulledpork-0.7.0.tar.gz) = 39294
+SHA256 (shirkdog-pulledpork-0.7.0-8b9441a_GH0.tar.gz) = 6c82d5e78239460d054f1bcab614da913490084cb624c76a50bb5cfff3fb9aaf
+SIZE (shirkdog-pulledpork-0.7.0-8b9441a_GH0.tar.gz) = 40767
Modified: head/security/pulledpork/files/patch-pulledpork.pl
==============================================================================
--- head/security/pulledpork/files/patch-pulledpork.pl Wed Dec 16 18:48:44 2015 (r403871)
+++ head/security/pulledpork/files/patch-pulledpork.pl Wed Dec 16 19:17:01 2015 (r403872)
@@ -1,298 +1,22 @@
---- pulledpork.pl.orig 2013-09-11 21:01:05 UTC
+--- pulledpork.pl.orig 2015-12-16 18:01:13 UTC
+++ pulledpork.pl
-@@ -3,7 +3,7 @@
- ## pulledpork v(whatever it says below!)
- ## cummingsj at gmail.com
-
--# Copyright (C) 2009-2013 JJ Cummings and the PulledPork Team!
-+# Copyright (C) 2009-2015 JJ Cummings, Michael Shirk and the PulledPork Team!
-
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
-@@ -41,16 +41,51 @@ use Data::Dumper;
-
- # we are gonna need these!
- my ( $oinkcode, $temp_path, $rule_file, $Syslogging );
--my $VERSION = "PulledPork v0.7.0 - Swine Flu!";
-+my $VERSION = "PulledPork v0.7.2 - E.Coli in your water bottle!";
- my $ua = LWP::UserAgent->new;
-
-+# for certificate validation, check for the operating system
-+# and set the path to the certificate store if required.
-+my $oSystem = "$^O";
-+my $CAFile = "OS Default";
-+if ($oSystem =~ /freebsd/i) {
-+ #Check to ensure the cert file exists
-+ if ( -e "/etc/ssl/cert.pem" ) {
-+ $CAFile = "/etc/ssl/cert.pem";
-+ if ( -r $CAFile) {
-+ $ua->ssl_opts( SSL_ca_file => $CAFile );
-+ } else {
-+ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n";
-+ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n")
-+ if $Syslogging;
-+ exit(1);
-+ }
-+ #Check for the other location for the cert file
+@@ -61,8 +61,8 @@ if ($oSystem =~ /freebsd/i) {
+ exit(1);
+ }
+ #Check for the other location for the cert file
+- } elsif ( -e "/usr/local/etc/ssl/cert.pem" ) {
+- $CAFile = "/usr/local/etc/ssl/cert.pem";
+ } elsif ( -e "/usr/local/share/certs/ca-root-nss.crt" ) {
+ $CAFile = "/usr/local/share/certs/ca-root-nss.crt";
-+ if ( -r $CAFile) {
-+ $ua->ssl_opts( SSL_ca_file => $CAFile );
-+ } else {
-+ carp "ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n";
-+ syslogit( 'err|local0', "FATAL: ERROR: $CAFile is not readable by ".(getpwuid($<))[0]."\n")
-+ if $Syslogging;
-+ exit(1);
-+ }
-+ } else {
+ if ( -r $CAFile) {
+ $ua->ssl_opts( SSL_ca_file => $CAFile );
+ } else {
+@@ -72,7 +72,7 @@ if ($oSystem =~ /freebsd/i) {
+ exit(1);
+ }
+ } else {
+- carp "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/etc/ssl/cert.pem) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n";
+ carp "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/share/certs/ca-root-nss.crt) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n";
-+ syslogit( 'err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n")
-+ if $Syslogging;
-+ exit(1);
-+ }
-+}
-+
- my ( $Hash, $ALogger, $Config_file, $Sorules, $Auto );
- my ( $Output, $Distro, $Snort, $sid_changelog, $ignore_files );
- my ( $Snort_config, $Snort_path, $Textonly, $grabonly, $ips_policy, );
- my ( $pid_path, $SigHup, $NoDownload, $sid_msg_map, @base_url );
- my ( $local_rules, $arch, $docs, @records, $enonly );
- my ( $rstate, $keep_rulefiles, $rule_file_path, $prefix, $black_list );
--my ( $Process, $hmatch, $bmatch , $sid_msg_version);
-+my ( $Process, $hmatch, $bmatch , $sid_msg_version, $skipVerify);
- my $Sostubs = 1;
-
- # verbose and quiet control print()
-@@ -144,11 +179,11 @@ sub Help {
- -D What Distro are you running on, for the so_rules
- For latest supported options see http://www.snort.org/snort-rules/shared-object-rules
- Valid Distro Types:
-- Debian-5-0, Debian-6-0, Ubuntu-8.04, Ubuntu-10-4
-- Centos-4-8, Centos-5-4, FC-12, FC-14, RHEL-5-5, RHEL-6-0
-- FreeBSD-7-3, FreeBSD-8-1
-- OpenBSD-4-8
-- Slackware-13-1
-+ Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4
-+ FC-12, FC-14, RHEL-5-5, RHEL-6-0
-+ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0
-+ OpenBSD-5-2, OpenBSD-5-3
-+ OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1
- -e Where the enablesid config file lives.
- -E Write ONLY the enabled rules to the output files.
- -g grabonly (download tarball rule file(s) and do NOT process)
-@@ -176,6 +211,7 @@ sub Help {
- -V Print Version and exit
- -v Verbose mode, you know.. for troubleshooting and such nonsense.
- -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense.
-+ -w Skip the SSL verification (if there are issues pulling down rule files)
- __EOT
-
- exit(0);
-@@ -186,12 +222,12 @@ sub pulledpork {
-
- print <<__EOT;
-
-- http://code.google.com/p/pulledpork/
-+ https://github.com/shirkdog/pulledpork
- _____ ____
- `----,\\ )
- `--==\\\\ / $VERSION
- `--==\\\\/
-- .-~~~~-.Y|\\\\_ Copyright (C) 2009-2013 JJ Cummings
-+ .-~~~~-.Y|\\\\_ Copyright (C) 2009-2015 JJ Cummings
- \@_/ / 66\\_ cummingsj\@gmail.com
- | \\ \\ _(\")
- \\ /-| ||'--' Rules give me wings!
-@@ -227,7 +263,7 @@ sub rule_extract {
- $tar->read( $temp_path . $rule_file );
- $tar->setcwd( cwd() );
- local $Archive::Tar::CHOWN = 0;
-- my @ignores = split( /,/, $ignore );
-+ my @ignores = split( /,/, $ignore ) if (defined $ignore);
-
- foreach (@ignores) {
- if ( $_ =~ /\.rules/ ) {
-@@ -350,9 +386,27 @@ sub compare_md5 {
- ## mimic LWP::Simple getstore routine - Thx pkthound!
- sub getstore {
- my ( $url, $file ) = @_;
-- my $request = HTTP::Request->new( GET => $url );
-- my $response = $ua->request( $request, $file );
-- $response->code;
-+
-+ # on the first run, the file may not exist, so check.
-+ if ( -e $file) {
-+ # Check to ensure the user has write access to the file
-+ if ( -r $file && -w _) {
-+ my $request = HTTP::Request->new( GET => $url );
-+ my $response = $ua->request( $request, $file );
-+ $response->code;
-+ } else {
-+ carp "ERROR: $file is not writable by ".(getpwuid($<))[0]."\n";
-+ syslogit( 'err|local0', "FATAL: $file is not writable by ".(getpwuid($<))[0]."\n" )
-+ if $Syslogging;
-+ exit(1);
-+ }
-+ } else {
-+ # The file does not exist, any errors refer to permission issues
-+ my $request = HTTP::Request->new( GET => $url );
-+ my $response = $ua->request( $request, $file );
-+ $response->code;
-+ }
-+
- }
-
- ## time to grab the real 0xb33f
-@@ -527,9 +581,9 @@ sub read_rules {
- elsif ( $row !~ /\\$/ && $trk == 1 )
- { # last line of multiline rule here
- $record .= $row;
-- if ( $record =~ /sid:\s*\d+\s*;/i ) {
-+ if ( $record =~ /\ssid:\s*\d+\s*;/i ) {
- $sid = $&;
-- $sid =~ s/sid:\s*//;
-+ $sid =~ s/\ssid:\s*//;
- $sid =~ s/\s*;//;
- $$hashref{0}{ trim($sid) }{'rule'} = $record;
- }
-@@ -537,9 +591,9 @@ sub read_rules {
- undef $record;
- }
- else {
-- if ( $row =~ /sid:\s*\d+\s*;/i ) {
-+ if ( $row =~ /\ssid:\s*\d+\s*;/i ) {
- $sid = $&;
-- $sid =~ s/sid:\s*//;
-+ $sid =~ s/\ssid:\s*//;
- $sid =~ s/\s*;//;
- $$hashref{0}{ trim($sid) }{'rule'} = $row;
- }
-@@ -563,13 +617,13 @@ sub read_rules {
- $rule = trim($rule);
- if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) {
-
-- if ( $rule =~ /sid:\s*\d+\s*;/i ) {
-+ if ( $rule =~ /\ssid:\s*\d+\s*;/i ) {
- $sid = $&;
-- $sid =~ s/sid:\s*//;
-+ $sid =~ s/\ssid:\s*//;
- $sid =~ s/\s*;//;
-- if ( $rule =~ /gid:\s*\d+/i ) {
-+ if ( $rule =~ /\sgid:\s*\d+/i ) {
- $gid = $&;
-- $gid =~ s/gid:\s*//;
-+ $gid =~ s/\sgid:\s*//;
- }
- else { $gid = 1; }
- if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/i ) {
-@@ -616,12 +670,12 @@ sub read_rules {
-
- foreach my $rule (@elements) {
- if ( $rule =~ /^\s*#*\s*(alert|drop|pass)/i ) {
-- if ( $rule =~ /sid:\s*\d+/ ) {
-+ if ( $rule =~ /\ssid:\s*\d+/ ) {
- $sid = $&;
-- $sid =~ s/sid:\s*//;
-- if ( $rule =~ /gid:\s*\d+/i ) {
-+ $sid =~ s/\ssid:\s*//;
-+ if ( $rule =~ /\sgid:\s*\d+/i ) {
- $gid = $&;
-- $gid =~ s/gid:\s*//;
-+ $gid =~ s/\sgid:\s*//;
- }
- else { $gid = 1; }
- if ( $rule =~ /flowbits:\s*((un)?set(x)?|toggle)/ ) {
-@@ -1463,6 +1517,25 @@ sub archive_wanted {
- push( @records, $File::Find::name );
- }
-
-+## Create ignore_files from conf file
-+sub get_ignore_files {
-+ my ($ignore_conf_file) = @_;
-+ my $ignore_list;
-+
-+ print "\tReading ignore_file: $ignore_conf_file\n";
-+
-+ # Read ignore file and exclude comments/blank lines
-+ open ( FH, '<', $ignore_conf_file ) || croak "Couldn't read $ignore_conf_file $!\n";
-+ while ( <FH> ) {
-+ chomp;
-+ s/#.*//;
-+ if ( ! /^\s*$/ ) { $ignore_list .= "$_," };
-+ };
-+ close FH;
-+ $ignore_list =~ s/,\s*$//g ;
-+ return $ignore_list
-+}
-+
- ###
- ### Main here, let's get on with it already
- ###
-@@ -1507,7 +1580,8 @@ GetOptions(
- "u=s" => \@base_url,
- "V!" => sub { Version() },
- "v+" => \$Verbose,
-- "help|?" => sub { Help() }
-+ "help|?" => sub { Help() },
-+ "w" => \$skipVerify
- );
-
- ## Fly piggy fly!
-@@ -1533,7 +1607,7 @@ if ( $Verbose && !$Quiet ) {
- if ( exists $Config_info{'version'} ) {
- croak "You are not using the current version of pulledpork.conf!\n",
- "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n"
-- if $Config_info{'version'} ne "0.7.0";
-+ if $Config_info{'version'} ne "0.7.2";
- }
- else {
- croak
-@@ -1546,6 +1620,12 @@ else {
- $pid_path = ( $Config_info{'pid_path'} ) if exists $Config_info{'pid_path'};
- $ignore_files = ( $Config_info{'ignore'} ) if exists $Config_info{'ignore'};
-
-+# Allow ignores to be specified in a file, supercedes the regular ignore config option
-+if ( exists $Config_info{'ignore_file'})
-+{
-+ $ignore_files = get_ignore_files($Config_info{'ignore_file'});
-+}
-+
- if ($rule_file_path) {
- $keep_rulefiles = 1;
- }
-@@ -1658,6 +1738,8 @@ if ( $Verbose && !$Quiet ) {
- print "MISC (CLI and Autovar) Variable Debug:\n";
- if ($Process) { print "\tProcess flag specified!\n"; }
- if ($arch) { print "\tarch Def is: $arch\n"; }
-+ if ($oSystem) { print "\tOperating System is: $oSystem\n"; }
-+ if ($CAFile) { print "\tCA Certificate File is: $CAFile\n"; }
- if ($Config_file) { print "\tConfig Path is: $Config_file\n"; }
- if ($Distro) { print "\tDistro Def is: $Distro\n"; }
- if ($docs) { print "\tDocs Reference Location is: $docs\n"; }
-@@ -1700,6 +1782,8 @@ if ( $Verbose && !$Quiet ) {
- if ($Textonly) { print "\tText Rules only Flag is Set\n"; }
- if ( $Verbose == 2 ) { print "\tExtra Verbose Flag is Set\n"; }
- if ($Verbose) { print "\tVerbose Flag is Set\n"; }
-+ if ($skipVerify) { print "\tSSL Hostname Verification disabled\n"; }
-+ if ($ignore_files) { print "\tFile(s) to ignore = $ignore_files\n"; }
- if (@base_url) { print "\tBase URL is: @base_url\n"; }
- }
-
-@@ -1717,10 +1801,17 @@ if ( !-d $temp_path ) {
- # Validate sid_msg_map version
- Help("Please specify version 1 or 2 for sid_msg_version in your config file\n") unless $sid_msg_version =~ /(1|2)/;
-
-+
- # set some UserAgent and other connection configs
- $ua->agent("$VERSION");
- $ua->show_progress(1) if ( $Verbose && !$Quiet );
-
-+# check to see if SSL verfication is disabled
-+if ($skipVerify) {
-+ $ua->ssl_opts( verify_hostname => 0 )
-+}
-+
-+
- # New Settings to allow proxy connections to use proper SSL formating - Thx pkthound!
- $ua->timeout(60);
- $ua->cookie_jar( {} );
+ syslogit( 'err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n")
+ if $Syslogging;
+ exit(1);
Modified: head/security/pulledpork/pkg-descr
==============================================================================
--- head/security/pulledpork/pkg-descr Wed Dec 16 18:48:44 2015 (r403871)
+++ head/security/pulledpork/pkg-descr Wed Dec 16 19:17:01 2015 (r403872)
@@ -9,6 +9,7 @@ pulledpork is a Perl script which helps
* Capability to include your local.rules in sid-msg.map file
* Capability to pull rules tarballs from custom urls
* Complete Shared Object support
+ * Complete IP Reputation List support
* Capability to download multiple disparate rulesets at once
* Maintains accurate changelog
* Capability to HUP processes after rules download
More information about the svn-ports-head
mailing list