[pkgsrc/trunk]: pkgsrc/net/snort Updated net/snort to version 2.9.16.1.

[nils <nils%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bf9fa21044d2
branches:  trunk
changeset: 440020:bf9fa21044d2
user:      nils <nils%pkgsrc.org@localhost>
date:      Thu Oct 01 19:45:02 2020 +0000

description:
Updated net/snort to version 2.9.16.1.

Upstream changelog from 2.9.15.1 to 2.9.16 :
* src/preprocessors/Stream6/snort_stream_tcp.c :
  Addressed an issue when out-of-order FIN is received by dropping it.

* src/output-plugins/spo_unified2.c,
  src/preprocessors/Stream6/snort_stream_tcp.c :
  Fixed an issue in which xtradata is not added to the alert in unified file.

* src/reload.c,
  src/snort.c :
  Fixed potential race condition between reload and exit path (main thread).

* etc/file_magic.conf :
  Updated the file magic to detect ALZ file types.

* src/sfutil/sf_ip.h :
  Added support for gcc version 9.2.1.

* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
  Fixed an issue in which APPID returns no match.

* src/dynamic-preprocessors/dcerpc2/sf_dce2.vcxproj,
  src/dynamic-preprocessors/dnp3/sf_dnp3.vcxproj,
  src/dynamic-preprocessors/dns/sf_dns.vcxproj,
  src/dynamic-preprocessors/dynamic_preprocessors.vcxproj,
  src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.vcxproj,
  src/dynamic-preprocessors/gtp/sf_gtp.vcxproj,
  src/dynamic-preprocessors/imap/sf_imap.vcxproj,
  src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.vcxproj,
  src/dynamic-preprocessors/modbus/sf_modbus.vcxproj,
  src/dynamic-preprocessors/pop/sf_pop.vcxproj,
  src/dynamic-preprocessors/reputation/sf_reputation.vcxproj,
  src/dynamic-preprocessors/sdf/sf_sdf.vcxproj,
  src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.vcxproj,
  src/dynamic-preprocessors/sip/sf_sip.vcxproj,
  src/dynamic-preprocessors/smtp/sf_smtp.vcxproj,
  src/dynamic-preprocessors/ssh/sf_ssh.vcxproj,
  src/dynamic-preprocessors/ssl/sf_ssl.vcxproj,
  src/win32/WIN32-Prj/build_all.vcxproj,
  src/win32/WIN32-Prj/sf_engine.vcxproj,
  src/win32/WIN32-Prj/sf_engine_initialize.vcxproj,
  src/win32/WIN32-Prj/snort.vcxproj,
  src/win32/WIN32-Prj/snort_initialize.vcxproj,
  src/win32/WIN32-Prj/snort_installer_x64.nsi,
  src/win32/WIN32-Prj/snort_x64.dsw,
  src/win64/WIN64-Libraries/Packet.lib,
  src/win64/WIN64-Libraries/libdnet/dnet.lib,
  src/win64/WIN64-Libraries/pcre.lib,
  src/win64/WIN64-Libraries/wpcap.lib,
  src/win64/WIN64-Libraries/zlib.lib,
  tools/u2spewfoo/u2spewfoo.vcxproj :
  Added 64-bit support for Windows 10 operating system.

* src/dynamic-preprocessors/pop/snort_pop.c :
  Fixed an issue where POP preprocessor was not generating alert in some cases.

* src/dynamic-preprocessors/gtp/gtp_parser.c :
  Fixed the alerting logic for GTP v2 with missing TEID.

* src/preprocessors/HttpInspect/utils/hi_paf.c :
  Fixed file policy not working with character prefix in chunk size.

* configure.in,
  src/reload.c,
  src/side-channel/sidechannel.c,
  src/snort.c,
  src/target-based/sftarget_reader.c,
  src/util.h :
  Added support for glibc version 2.30.

* src/decode.h,
  src/dynamic-plugins/sf_engine/sf_snort_packet.h,
  src/preprocessors/HttpInspect/utils/hi_paf.c,
  src/preprocessors/Stream6/snort_stream_tcp.c,
  src/preprocessors/Stream6/stream_paf.c,
  src/preprocessors/snort_httpinspect.c,
  src/preprocessors/snort_httpinspect.h,
  src/preprocessors/stream_api.h :
  Added support for early inspection of HTTP payload before flushing in pre-ack mode.

* src/file-process/file_api.h,
  src/file-process/file_service.c,
  src/preprocessors/HttpInspect/include/hi_norm.h,
  src/preprocessors/HttpInspect/include/hi_ui_config.h,
  src/preprocessors/HttpInspect/server/hi_server_norm.c,
  src/preprocessors/snort_httpinspect.c :
  Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8.

Upstream changelog from 2.9.16 to 2.9.16.1 :

* src/dynamic-preprocessors/appid/appIdConfig.h,
  src/dynamic-preprocessors/appid/appInfoTable.c,
  src/dynamic-preprocessors/appid/flow.h,
  src/dynamic-preprocessors/appid/fw_appid.c :
  Added packet counters to make sure flows with one-way data don't pend forever.

* src/detection-plugins/sp_flowbits.c,
  src/snort.c :
  Fixed potential race condition between reload and exit path.

* src/detection-plugins/sp_session.c,
  src/preprocessors/Stream6/stream_paf.h,
  src/sfutil/util_jsnorm.c :
  Added support for GCC version 10.1.1.

Pkgsrc changes :
* added patch for NetBSD to get the definition for endrpcent(), which fixes compilation
* snort now depends on bash since a bundled tool is a bash shell script
* some pkglint compliance changes in Makefile and options.mk

diffstat:

 net/snort/Makefile                                                                      |  14 ++++---
 net/snort/distinfo                                                                      |  11 +++--
 net/snort/options.mk                                                                    |   3 +-
 net/snort/patches/patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c |  17 ++++++++++
 4 files changed, 32 insertions(+), 13 deletions(-)

diffs (104 lines):

diff -r 53be47b5db76 -r bf9fa21044d2 net/snort/Makefile
--- a/net/snort/Makefile        Thu Oct 01 19:35:53 2020 +0000
+++ b/net/snort/Makefile        Thu Oct 01 19:45:02 2020 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2020/05/22 10:56:31 adam Exp $
+# $NetBSD: Makefile,v 1.66 2020/10/01 19:45:02 nils Exp $
 #
 
-DISTNAME=              snort-2.9.15.1
-PKGREVISION=           3
+DISTNAME=              snort-2.9.16.1
 CATEGORIES=            net security
 MASTER_SITES=          https://www.snort.org/downloads/archive/snort/
 
@@ -21,7 +20,8 @@
 
 GNU_CONFIGURE=         YES
 USE_LIBTOOL=           YES
-USE_TOOLS+=            pkg-config
+USE_TOOLS+=            pkg-config
+USE_TOOLS+=            bash
 PKG_SYSCONFSUBDIR=     snort
 RCD_SCRIPTS=           snort
 SNORT_USER?=           snort
@@ -33,13 +33,13 @@
 PKG_USERS_VARS=                SNORT_USER
 FILES_SUBST+=          SNORT_USER=${SNORT_USER} SNORT_GROUP=${SNORT_GROUP}
 BUILD_DEFS+=           VARBASE
-MAKE_JOBS_SAFE=                NO
+MAKE_JOBS_SAFE=                NO # could not compile it on a multi-core system
 OWN_DIRS_PERMS=                ${VARBASE}/log/snort ${SNORT_USER} ${SNORT_GROUP} 700
 DOC_FILES=             BUGS INSTALL NEWS PROBLEMS README TODO USAGE WISHLIST
 OWN_DIRS=              ${PKG_SYSCONFDIR} ${PKG_SYSCONFDIR}/rules
 OWN_DIRS+=             ${PKG_SYSCONFDIR}/so_rules ${PKG_SYSCONFDIR}/preproc_rules
 OWN_DIRS+=             ${PREFIX}/lib ${PREFIX}/lib/snort_dynamicrules
-INSTALLATION_DIRS+=    ${EGDIR}/rules 
+INSTALLATION_DIRS+=    ${EGDIR}/rules
 AUTO_MKDIRS=           yes
 
 CONF_FILES=            ${EGDIR}/attribute_table.dtd \
@@ -65,6 +65,8 @@
 CONF_FILES+=           ${EGDIR}/rules/white_list.rules \
                        ${PKG_SYSCONFDIR}/rules/white_list.rules
 
+REPLACE_BASH+=         tools/appid_detector_builder.sh
+
 SUBST_CLASSES+=                paths
 SUBST_STAGE.paths=     pre-configure
 SUBST_FILES.paths=     etc/snort.conf
diff -r 53be47b5db76 -r bf9fa21044d2 net/snort/distinfo
--- a/net/snort/distinfo        Thu Oct 01 19:35:53 2020 +0000
+++ b/net/snort/distinfo        Thu Oct 01 19:45:02 2020 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.51 2020/02/18 23:00:26 sevan Exp $
+$NetBSD: distinfo,v 1.52 2020/10/01 19:45:02 nils Exp $
 
-SHA1 (snort-2.9.15.1.tar.gz) = dc8c89125c27153ffd69f27fbd60b95b9d1cbfe0
-RMD160 (snort-2.9.15.1.tar.gz) = 10ed066819c6021367245f59598509aeaeaef197
-SHA512 (snort-2.9.15.1.tar.gz) = 9940f5bcdcf04823f9cb5c3f8efda72f98f6a47bce9f40399dec9ec41d23a386c7f7e44861d82368de31546123b920f9fc617197bbf9c5e750724bf8b9e19590
-Size (snort-2.9.15.1.tar.gz) = 6618999 bytes
+SHA1 (snort-2.9.16.1.tar.gz) = cbee25cd793f40eddb72ff7b2cf4d2025a7df43d
+RMD160 (snort-2.9.16.1.tar.gz) = 0716e9647d86d56d82761b0ffc6e491dcd4985a0
+SHA512 (snort-2.9.16.1.tar.gz) = 9462bd38a032c96298a6b6abea8502dadbab53f6f5163b90abb9ae247262c0e76afdeef31748a6bbd216a7c9d65d14e18b7096865135d88087ea27cc32596155
+Size (snort-2.9.16.1.tar.gz) = 6947960 bytes
+SHA1 (patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c) = 73ba0e37d37cc919957d4bb5b660a581bc6af9a2
 SHA1 (patch-src_target-based_sftarget__reader.c) = 60f053d990af6329e48a1a26c89d9c4a59a0ffce
diff -r 53be47b5db76 -r bf9fa21044d2 net/snort/options.mk
--- a/net/snort/options.mk      Thu Oct 01 19:35:53 2020 +0000
+++ b/net/snort/options.mk      Thu Oct 01 19:45:02 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.9 2020/02/18 23:00:26 sevan Exp $
+# $NetBSD: options.mk,v 1.10 2020/10/01 19:45:02 nils Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.snort
 
@@ -95,7 +95,6 @@
 ###
 .if !empty(PKG_OPTIONS:Msnort-flexresp2)
 .include "../../devel/libnet11/buildlink3.mk"
-.include "../../net/libdnet/buildlink3.mk"
 CONFIGURE_ARGS+=       --with-libnet-includes=${BUILDLINK_PREFIX.libnet11}/include/libnet11
 CONFIGURE_ARGS+=       --with-libnet-libraries=${BUILDLINK_PREFIX.libnet11}/lib/libnet11
 CONFIGURE_ARGS+=       --enable-flexresp2
diff -r 53be47b5db76 -r bf9fa21044d2 net/snort/patches/patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/snort/patches/patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c   Thu Oct 01 19:45:02 2020 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c,v 1.1 2020/10/01 19:45:02 nils Exp $
+
+endrpcent() is defined in /usr/include/rpc/rpcent.h in NetBSD.
+
+--- src/dynamic-preprocessors/appid/service_plugins/service_rpc.c.orig 2020-07-10 11:28:23.000000000 +0000
++++ src/dynamic-preprocessors/appid/service_plugins/service_rpc.c
+@@ -36,6 +36,10 @@
+ #include "rpc/rpc.h"
+ #endif
+ 
++#if defined(__NetBSD__)
++#include "rpc/rpcent.h"
++#endif
++
+ /*#define RNA_DEBUG_RPC   1 */
+ 
+ typedef enum