svn commit: r466193 - in head/security/suricata: . files
Yuri Victorovich
yuri at FreeBSD.org
Mon Apr 2 00:01:15 UTC 2018
Author: yuri
Date: Mon Apr 2 00:01:13 2018
New Revision: 466193
URL: https://svnweb.freebsd.org/changeset/ports/466193
Log:
security/suricata: Update 4.0.3 -> 4.0.4
Port changes:
* Change to DISTVERSION
* Removed HTP_PORT from defaultoptions
* Add NSS_CONFIGURE_OFF
* Add command silencing
I also noticed that it still links to libjansson when JSON=off.
This is because it auto-finds it.
Requested the upstream to add --disable-{option} flags:
https://redmine.openinfosecfoundation.org/issues/2473
PR: 226512
Submitted by: Franco Fichtner <franco at opnsense.org> (maintainer, original version)
Submitted by: Renato Botelho <garga at FreeBSD.org> (final version)
Approved by: Franco Fichtner <franco at opnsense.org> (maintainer)
Added:
head/security/suricata/files/patch-disable_nss_nspr (contents, props changed)
Modified:
head/security/suricata/Makefile
head/security/suricata/distinfo
Modified: head/security/suricata/Makefile
==============================================================================
--- head/security/suricata/Makefile Sun Apr 1 23:56:30 2018 (r466192)
+++ head/security/suricata/Makefile Mon Apr 2 00:01:13 2018 (r466193)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= suricata
-PORTVERSION= 4.0.3
+DISTVERSION= 4.0.4
CATEGORIES= security
MASTER_SITES= http://www.openinfosecfoundation.org/download/
@@ -30,7 +30,7 @@ TEST_TARGET= check
OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \
REDIS SC TESTS
OPTIONS_DEFINE_amd64= HYPERSCAN
-OPTIONS_DEFAULT= HTP_PORT IPFW JSON NETMAP PRELUDE
+OPTIONS_DEFAULT= IPFW JSON NETMAP PRELUDE
OPTIONS_SUB= yes
OPTIONS_RADIO= SCRIPTS
@@ -83,6 +83,7 @@ LUAJIT_CONFIGURE_ON= --enable-luajit
NSS_LIB_DEPENDS= libnss3.so:security/nss \
libnspr4.so:devel/nspr
+NSS_CONFIGURE_OFF= --disable-nss --disable-nspr
NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \
--with-libnss-libraries=${LOCALBASE}/lib \
--with-libnspr-libraries=${LOCALBASE}/lib \
@@ -136,12 +137,12 @@ RULES_FILES= app-layer-events.rules decoder-events.rul
LOGS_DIR?= /var/log/${PORTNAME}
pre-patch:
- ${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
+ @${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
post-install:
- ${MKDIR} ${STAGEDIR}${CONFIG_DIR}
- ${MKDIR} ${STAGEDIR}${RULES_DIR}
- ${MKDIR} ${STAGEDIR}${LOGS_DIR}
+ @${MKDIR} ${STAGEDIR}${CONFIG_DIR}
+ @${MKDIR} ${STAGEDIR}${RULES_DIR}
+ @${MKDIR} ${STAGEDIR}${LOGS_DIR}
.for f in ${CONFIG_FILES}
${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
.endfor
Modified: head/security/suricata/distinfo
==============================================================================
--- head/security/suricata/distinfo Sun Apr 1 23:56:30 2018 (r466192)
+++ head/security/suricata/distinfo Mon Apr 2 00:01:13 2018 (r466193)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1512569305
-SHA256 (suricata-4.0.3.tar.gz) = 81a0bcb10b5c0b00efeafb4aac3ef70bf0e36b060ac6300d867f15f3dbe0e437
-SIZE (suricata-4.0.3.tar.gz) = 12392388
+TIMESTAMP = 1522066170
+SHA256 (suricata-4.0.4.tar.gz) = 617e83b6e20b03aa7d5e05a980d3cb6d2810ec18a6f15a36bf66c81c9c0a2abb
+SIZE (suricata-4.0.4.tar.gz) = 12511121
Added: head/security/suricata/files/patch-disable_nss_nspr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/suricata/files/patch-disable_nss_nspr Mon Apr 2 00:01:13 2018 (r466193)
@@ -0,0 +1,169 @@
+From 2bd73173674843695cb3e44666f233697a64b6a0 Mon Sep 17 00:00:00 2001
+From: Renato Botelho <garga at FreeBSD.org>
+Date: Thu, 22 Mar 2018 11:02:42 -0300
+Subject: [PATCH] configure: allow to disable libnss and libnspr
+
+Let user chose to disable libnss and libnspr support even if these
+libraries are installed in the system. Default remains to enable when
+libraries are found and disable parameter were not used
+---
+ configure.ac | 122 ++++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 63 insertions(+), 59 deletions(-)
+
+diff --git configure.ac configure.ac
+index 278f408940..1e3a467406 100644
+--- configure.ac
++++ configure.ac
+@@ -1586,15 +1586,8 @@
+ fi
+
+ # libnspr
+- enable_nspr="no"
+-
+- # Try pkg-config first:
+- PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no])
+- if test "$with_pkgconfig_nspr" != "no"; then
+- CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}"
+- LIBS="${LIBS} ${libnspr_LIBS}"
+- fi
+-
++ AC_ARG_ENABLE(nspr,
++ AS_HELP_STRING([--disable-nspr],[Disable libnspr support]))
+ AC_ARG_WITH(libnspr_includes,
+ [ --with-libnspr-includes=DIR libnspr include directory],
+ [with_libnspr_includes="$withval"],[with_libnspr_includes=no])
+@@ -1602,41 +1595,43 @@
+ [ --with-libnspr-libraries=DIR libnspr library directory],
+ [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"])
+
+- if test "$with_libnspr_includes" != "no"; then
+- CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
+- fi
++ if test "$enable_nspr" != "no"; then
++ # Try pkg-config first:
++ PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no])
++ if test "$with_pkgconfig_nspr" != "no"; then
++ CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}"
++ LIBS="${LIBS} ${libnspr_LIBS}"
++ fi
+
+- AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no")
+- if test "$NSPR" = "yes"; then
+- if test "$with_libnspr_libraries" != "no"; then
+- LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}"
+- fi
++ if test "$with_libnspr_includes" != "no"; then
++ CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
++ fi
+
+- AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no")
++ AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no")
++ if test "$NSPR" = "yes"; then
++ if test "$with_libnspr_libraries" != "no"; then
++ LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}"
++ fi
+
+- if test "$NSPR" = "no"; then
+- echo
+- echo " ERROR! libnspr library not found, go get it"
+- echo " from Mozilla or your distribution:"
+- echo
+- echo " Ubuntu: apt-get install libnspr4-dev"
+- echo " Fedora: yum install nspr-devel"
+- echo
+- exit 1
+- fi
+- enable_nspr="yes"
++ AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no")
++
++ if test "$NSPR" = "no"; then
++ echo
++ echo " ERROR! libnspr library not found, go get it"
++ echo " from Mozilla or your distribution:"
++ echo
++ echo " Ubuntu: apt-get install libnspr4-dev"
++ echo " Fedora: yum install nspr-devel"
++ echo
++ exit 1
++ fi
++ enable_nspr="yes"
++ fi
+ fi
+
+ # libnss
+- enable_nss="no"
+-
+- # Try pkg-config first:
+- PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no])
+- if test "$with_pkgconfig_nss" != "no"; then
+- CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}"
+- LIBS="${LIBS} ${libnss_LIBS}"
+- fi
+-
++ AC_ARG_ENABLE(nss,
++ AS_HELP_STRING([--disable-nss],[Disable libnss support]))
+ AC_ARG_WITH(libnss_includes,
+ [ --with-libnss-includes=DIR libnss include directory],
+ [with_libnss_includes="$withval"],[with_libnss_includes=no])
+@@ -1644,31 +1639,40 @@
+ [ --with-libnss-libraries=DIR libnss library directory],
+ [with_libnss_libraries="$withval"],[with_libnss_libraries="no"])
+
+- if test "$with_libnss_includes" != "no"; then
+- CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
+- fi
++ if test "$enable_nss" != "no"; then
++ # Try pkg-config first:
++ PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no])
++ if test "$with_pkgconfig_nss" != "no"; then
++ CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}"
++ LIBS="${LIBS} ${libnss_LIBS}"
++ fi
+
+- AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no")
+- if test "$NSS" = "yes"; then
+- if test "$with_libnss_libraries" != "no"; then
+- LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}"
+- fi
++ if test "$with_libnss_includes" != "no"; then
++ CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
++ fi
+
+- AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no")
++ AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no")
++ if test "$NSS" = "yes"; then
++ if test "$with_libnss_libraries" != "no"; then
++ LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}"
++ fi
+
+- if test "$NSS" = "no"; then
+- echo
+- echo " ERROR! libnss library not found, go get it"
+- echo " from Mozilla or your distribution:"
+- echo
+- echo " Ubuntu: apt-get install libnss3-dev"
+- echo " Fedora: yum install nss-devel"
+- echo
+- exit 1
+- fi
++ AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no")
++
++ if test "$NSS" = "no"; then
++ echo
++ echo " ERROR! libnss library not found, go get it"
++ echo " from Mozilla or your distribution:"
++ echo
++ echo " Ubuntu: apt-get install libnss3-dev"
++ echo " Fedora: yum install nss-devel"
++ echo
++ exit 1
++ fi
+
+- AC_DEFINE([HAVE_NSS],[1],[libnss available for md5])
+- enable_nss="yes"
++ AC_DEFINE([HAVE_NSS],[1],[libnss available for md5])
++ enable_nss="yes"
++ fi
+ fi
+
+ # libmagic
More information about the svn-ports-all
mailing list