ports/164237: [PATCH] security/suricata: overwrite files from libhtp

Geoffroy Desvernay dgeo at centrale-marseille.fr
Tue Jan 17 12:00:26 UTC 2012 

>Number:         164237
>Category:       ports
>Synopsis:       [PATCH] security/suricata: overwrite files from libhtp
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 17 12:00:22 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Geoffroy Desvernay
>Release:        FreeBSD 9.0-RELEASE amd64
>Organization:
Ecole Centrale de Marseille
>Environment:
System: FreeBSD dgeo.sysadm.ec-m.fr 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Sun Jan 15 17:00:54 CET 2012
>Description:
- suricata's port depends on devel/libhtp but does install another libhtp
- depens on net/libpcap but there is a libpcap in base system
- missing new config file reference.config
- override suricata.yaml

Proposed changes:
- depend on base system's libpcap by default, add an option to use port's one
- never install bundled libhtp (./configure --enable-non-bundled-htp)
- remove suricata.yaml and classification.config from plist (-> don't remove it on deinstall)
- add reference.config in CONFIG_FILES and reference.config-sample in plist (missing)

Port maintainer (eksffa at freebsdbrasil.com.br) is cc'd.

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
install security/suricata and see that:
- devel/libhtp's files are ovewritten in $PREFIX/(lib|include)
- net/libpcap is installed

Edit suricata.yaml, and/or classification.config

Upgrade suricata (reinstall it) and notice that your changes are lost :(

>Fix:
Attached patch seems to fix all of there bugs, but doesn't repair already installed/overwritten libhtp nor will keep ancien configs: perhaps a note in UPGRADING to inform to:
 1) copy configs
 2) uninstall suricata and libhtp (and libpcap if not needed elsewhere)
 3) reinstall suricata then config files

Or increase PORTREVISION of libhtp ? (maintainer cc'd)

--- suricata-1.1.1_1.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/suricata.orig/Makefile /usr/ports/security/suricata/Makefile
--- /usr/ports/security/suricata.orig/Makefile	2012-01-10 20:34:02.000000000 +0100
+++ /usr/ports/security/suricata/Makefile	2012-01-17 10:28:21.000000000 +0100
@@ -7,6 +7,7 @@
 
 PORTNAME=	suricata
 PORTVERSION=	1.1.1
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	http://www.openinfosecfoundation.org/download/
 
@@ -18,7 +19,6 @@
 
 LIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre \
 		yaml:${PORTSDIR}/textproc/libyaml \
-		pcap.1:${PORTSDIR}/net/libpcap \
 		htp-0.2.1:${PORTSDIR}/devel/libhtp
 
 BUILD_DEPENDS+=	${LIBNET_CONFIG}:${PORTSDIR}/net/libnet \
@@ -32,7 +32,8 @@
 
 OPTIONS=	IPFW "Enable IPFW/IPDIVERT for IPS usage" on \
 		PRELUDE "Enable Prelude NIDS integration" off \
-		DAG "Enable Endace DAG Support" off
+		DAG "Enable Endace DAG Support" off \
+		PORTPCAP "Use net/libpcap port instead of system's one" off
 
 CFLAGS+=	-I${LOCALBASE}/include -L${LOCALBASE}/lib
 
@@ -42,7 +43,8 @@
 USE_LDCONFIG=	yes
 
 CONFIG_DIR?=	${PREFIX}/etc/suricata
-CONFIG_FILES=	suricata.yaml classification.config
+CONFIG_FILES=	suricata.yaml classification.config reference.config
+CONFIGURE_ARGS+=	--enable-non-bundled-htp
 RULES_DIR=	${PREFIX}/etc/suricata/rules
 LOGS_DIR=	/var/log/suricata
 
@@ -66,6 +68,13 @@
 CONFIGURE_ARGS+=	--enable-dag
 .endif
 
+.if defined(WITH_PORTPCAP)
+LIB_DEPENDS+=	pcap.1:${PORTSDIR}/net/libpcap
+CONFIGURE_ARGS+=	--with-libpcap-includes=/usr/local/include --with-libpcap-libraries=/usr/local/lib
+.else
+CONFIGURE_ARGS+=        --with-libpcap-includes=/usr/include --with-libpcap-libraries=/usr/lib
+.endif
+
 post-patch:
 	@${REINPLACE_CMD} -Ee 's|^(install-data-am: )install-pkgconfigDATA|\1|' ${WRKSRC}/libhtp/Makefile.in
 
diff -ruN --exclude=CVS /usr/ports/security/suricata.orig/pkg-plist /usr/ports/security/suricata/pkg-plist
--- /usr/ports/security/suricata.orig/pkg-plist	2012-01-10 20:34:02.000000000 +0100
+++ /usr/ports/security/suricata/pkg-plist	2012-01-17 10:05:11.000000000 +0100
@@ -1,7 +1,6 @@
 bin/suricata
-etc/suricata/suricata.yaml
 etc/suricata/suricata.yaml-sample
 etc/suricata/classification.config-sample
-etc/suricata/classification.config
- at unexec /bin/rmdir %D/etc/suricata/rules 2>/dev/null || true
- at unexec /bin/rmdir %D/etc/suricata 2>/dev/null || true
+etc/suricata/reference.config-sample
+ at dirrmtry etc/suricata
+ at dirrmtry etc/suricata/rules
--- suricata-1.1.1_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list