From nobody@FreeBSD.org  Thu Dec 16 17:47:44 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8525A1065672
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Dec 2010 17:47:44 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (unknown [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 72F638FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Dec 2010 17:47:44 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id oBGHliTG073992
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 16 Dec 2010 17:47:44 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id oBGHliap073991;
	Thu, 16 Dec 2010 17:47:44 GMT
	(envelope-from nobody)
Message-Id: <201012161747.oBGHliap073991@red.freebsd.org>
Date: Thu, 16 Dec 2010 17:47:44 GMT
From: Michael Scheidell <michael.scheidell@secnap.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/snort misplaces dynamic rules is you select snortsam.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         153224
>Category:       ports
>Synopsis:       security/snort misplaces dynamic rules is you select snortsam.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    clsung
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 16 17:50:12 UTC 2010
>Closed-Date:    Wed Feb 09 06:51:10 UTC 2011
>Last-Modified:  Wed Feb 09 06:51:10 UTC 2011
>Originator:     Michael Scheidell
>Release:        7.3 amd
>Organization:
SECNAP Network Security
>Environment:
FreeBSD success-ca.hackertrap.net 7.3-RELEASE-p1 FreeBSD 7.3-RELEASE-p1 #4: Fri Jun 11 17:17:14 UTC 2010     root@ht-amd-ghost.hackertrap.net:/usr/obj/usr/src/sys/ENTHACKER  amd64

>Description:
building snort version 2.8.6.1 WITHOUT snortsam installs, deinstalls, runs, creates packages correctly. brand new portstree (as of 10am dec 16, est)


however, building it with both dynamic rules AND snortsam, with put the dynamic rules in the wrong directory, makeing packages impossible to build, deinstall doesn't know where things are, and the sample snort.conf is wrong also.

example:
building WITH DYNAMIC RULES and without SNORT SAM, the dynamic pre-processor rules are installed in:
/usr/local/lib/snort/

but, if you select BOTH DYNAMIC RULES and SNORTSAM, they are put here:

cd /usr/local/lib
ls -ltd snort*
drwxr-xr-x  2 root  wheel  1536 Dec 16 09:26 snort_dynamicpreprocessor
drwxr-xr-x  2 root  wheel   512 Dec 16 09:26 snort_dynamicengine

(notice the _ maybe should be a /?  
)

and, since pkg_plist is looking in /usr/local/lib/snort/dynamic*, packages wont' build, and deinstall doesn't remove them.

clearly in source, if you build with/without snortsam, and do a grep -R, you can see it builds the source differently.



>How-To-Repeat:
cd /usr/ports/security/snort
select defaults (dynamic rules, flexresp, perfprofile) and add 'snortsam'

make clean deinstall reinstall

 grep -R snort_dynamic ./

(yep, lots of links to snort_dynamic, and NOT snort/dynamic.. confusing)

cd /usr/local/lib/snort

(not there
cd /usr/local/lib/snort_dynamicengine

make package fails:

tar: lib/snort/dynamicengine/libsf_engine.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicengine/libsf_engine.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_dns_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so.0: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.la: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so: Cannot stat: No such file or directory
tar: lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so.0: Cannot stat: No such file or directory
tar: libdata/pkgconfig/snort.pc: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors.



>Fix:
find the 'thing' that somehow breaks where snort dynamic rules go.
workaround:

cd /usr/ports/security/snort
make config (select dynamic,flex,perf and snortsam)
make clean
make install
cp -p ./work/snort-2.8.6.1/snort.pc /usr/local/libdata/pkgconfig/

/usr/local/lib
ls -ltd snort*
drwxr-xr-x  2 root  wheel   512 Dec 16 09:38 snort_dynamicengine
drwxr-xr-x  2 root  wheel  1536 Dec 16 09:38 snort_dynamicpreprocessor
mkdir snort
mkdir snort/dynamicengine
mkdir snort/dynamicpreprocessor
mv snort_dynamicengine/* snort/dynamicengine/
mv snort_dynamicpreprocessor/* snort/dynamicpreprocessor/




>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->clsung 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Dec 16 17:50:43 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=153224 

From: Michael Scheidell <scheidell@secnap.net>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: ports/153224: security/snort misplaces dynamic rules is you select
 snortsam.
Date: Thu, 3 Feb 2011 09:52:55 -0500

 maintainer:
 please close  fixed in 153998
 
 
 
 ______________________________________________________________________
 This email has been scanned and certified safe by SpammerTrap(r). 
 For Information please see http://www.secnap.com/products/spammertrap/
 ______________________________________________________________________  

From: Michael Scheidell <scheidell@secnap.net>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: ports/153224: security/snort misplaces dynamic rules is you select
 snortsam.
Date: Thu, 3 Feb 2011 10:09:18 -0500

 --------------070209040905010009060602
 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
 Content-Transfer-Encoding: 7bit
 
 this attached patch should replace the previous one.
 this patch is against current 2.8.6.1, applies cleanly, fixes the 
 location of the dynamic libs/rules in pr 153224, fixes pr 129321.
 this patch takes the previous patch (thanks DEAN!) and addresses some 
 issues with the patch.
 
 tested on 7.3 amd64 and 8.1 amd64.  installs and deinstalls cleanly.. 
 creates a clean ports package that can be installed and deinstalled.
 adds back in snortsam support (unofficial. not supported by 
 snort/sourcefile.  and this patch isn't the official one from 
 snortsam.net.. yet)
 
 tested on 7.3 and 8.1 amd64.
 Note: have NOT yet tested new ipfw daq, but have tested snortsam/snort 
 combination and it seems to work fine.
 
 
 further, it fixes the previous patch in that
 1 port revision is not bumped (it should not be bumped on port major 
 version upgrade)
 2 master sites back to SF
 3) options modified, some removed from 286:
     a flexresp (replaced by flexresp3)
     b targetbased and ipv6 off by default (like 286 was)
     c snortsam put back in (it was in 286, missing in above patch)
     d combined flexresp3 with flexreaction (can't have one without the 
 other)
 
 pre_proc rules now installed.
 libnet needed for EVERYTHING, not just flexresp.  needed for DAQ.
 
 daq dependency bumped, needs daq 0.5_1
 added build and run depends (needed to build a ports package binary)
 snortsam being hosted at secnap.com till it is available from snortsam.net
 pre-configure: if ! IPV6, edit snort.conf-sample, change ipvar to var, 
 take noamize_ip6/ipcmp6 out of sample conf.
 post install: the fix for pr 153224 (I can't figure out what snortsam 
 patch does to conf files, so I just move the affected files, pkg-plist 
 wants them there!)
 remove pkg-message-dynamicplugin (not needed.. port won't build without 
 dynamic plugin support anyway)
 
 snort.rc.in:  added in extra_commands reload.  port options build SIGHUP 
 support into snort now.
 
 pkg-plist: add in new binaries new for 286+
 fix 2903 pkg-plist that was deleting critical files which were parts of 
 other ports
 fix 2903 pkg-plist that was deleting users custom snort.conf file.
 add in removal of sample or untouched preproc_rules.
 
 I did not yet change maintainer from clsung@FreeBSD.org as that does not 
 seem to be finalized yet.
 
 any problems, might check snort-users group, or if problems specific to 
 port, open a pr .
 
 
 ______________________________________________________________________
 This email has been scanned and certified safe by SpammerTrap(r). 
 For Information please see http://www.secnap.com/products/spammertrap/
 ______________________________________________________________________  
 --------------070209040905010009060602
 Content-Type: text/plain; name="patchup296.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename="patchup296.txt"
 
 diff -bBru /var/tmp/snort2861/Makefile snort/Makefile
 --- /var/tmp/snort2861/Makefile	2010-12-08 20:36:35.000000000 -0500
 +++ snort/Makefile	2011-02-03 09:45:20.000000000 -0500
 @@ -6,86 +6,78 @@
  #
  
  PORTNAME=	snort
 -PORTVERSION=	2.8.6.1
 +PORTVERSION=	2.9.0.3
  CATEGORIES=	security
 -MASTER_SITES=	LOCAL
 -MASTER_SITE_SUBDIR=     clsung
 +MASTER_SITES=	SF/snort/snort
 +
 +PATCH_DIST_STRIP=	-p1
  
  MAINTAINER=	clsung@FreeBSD.org
  COMMENT=	Lightweight network intrusion detection system
  
  LIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre
 -
 -CONFLICTS?=	snort-1.* snort-2.[0-7].*
 -
 -OPTIONS=	DYNAMIC "Enable dynamic plugin support" on \
 -		FLEXRESP "Flexible response to events" off \
 -		FLEXRESP2 "Flexible response to events (version 2)" off \
 +BUILD_DEPENDS=	daq>=0.5_1:${PORTSDIR}/net/daq \
 +		${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet
 +RUN_DEPENDS=	daq>=0.5_1:${PORTSDIR}/net/daq \
 +		${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet \
 +
 +CONFLICTS?=	snort-1.* snort-2.[0-8].*
 +
 +OPTIONS=	IPV6 "Enable IPv6 support" off \
 +		MPLS "Enable MPLS support" on \
 +		GRE "Enable GRE support" on \
 +		TARGETBASED "Enable Targetbased support" off \
 +		DECODERPRE "Enable Decoded-Preprocessor-Rules" on \
 +		ZLIB "Enable GZIP support" on \
 +		NORMALIZER "Enable Normalizer" on \
 +		REACT "Enable React" on \
 +		PERFPROFILE "Enable Performance Profiling" on \
 +		FLEXRESP3 "Flexible response to events (version 3)" on \
  		MYSQL "Enable MySQL support" off \
  		ODBC "Enable ODBC support" off \
  		POSTGRESQL "Enable PostgreSQL support" off \
  		PRELUDE "Enable Prelude NIDS integration" off \
 -		PERPROFILE "Enable Performance Profiling" off \
 -		SNORTSAM "Enable output plugin to SnortSam" off \
 -		IPV6 "Enable IPv6 support" off
 +		SNORTSAM "Unofficial Snortsam Patch" off
 +
 +.include <bsd.port.options.mk>
  
  USE_RC_SUBR=	snort.sh
  SUB_FILES=	pkg-message
  GNU_CONFIGURE=	yes
  CONFIGURE_ENV=	LDFLAGS="${LDFLAGS}"
 -PATCH_DIST_STRIP=	-p1
  MAKE_JOBS_UNSAFE=	yes
  
  CONFIG_DIR?=	${PREFIX}/etc/snort
  CONFIG_FILES=	classification.config gen-msg.map reference.config \
 -		sid-msg.map snort.conf threshold.conf unicode.map
 +		snort.conf threshold.conf unicode.map
  RULES_DIR=	${PREFIX}/etc/snort/rules
  LOGS_DIR=	/var/log/snort
  
  MAN8=		snort.8
  DOCS=		RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \
  		doc/README* doc/USAGE doc/*.pdf
 +PREPROC_RULE_DIR=	${RULES_DIR}/../preproc_rules
 +PREPROC_RULES=		decoder.rules preprocessor.rules sensitive-data.rules
  
 -.include <bsd.port.pre.mk>
 -
 -.if defined(WITH_FLEXRESP)
 -LIBNET_CONFIG?=		${LOCALBASE}/bin/libnet10-config
 -.elif defined(WITH_FLEXRESP2)
 +USE_AUTOTOOLS=	libtool
 +USE_LDCONFIG=	yes
  LIBNET_CONFIG?=		${LOCALBASE}/bin/libnet11-config
 -.endif
 -
 -.if exists(${LIBNET_CONFIG})
  LIBNET_CFLAGS!=	${LIBNET_CONFIG} --cflags
  LIBNET_LIBS!=	${LIBNET_CONFIG} --libs
  LIBNET_INCDIR=	${LIBNET_CFLAGS:M-I*:S/-I//}
  LIBNET_LIBDIR=	${LIBNET_LIBS:M-L*:S/-L//}
 -.endif
  
 -.if !defined(WITHOUT_DYNAMIC)
 -USE_AUTOTOOLS=	libtool
 -USE_LDCONFIG=	yes
 -CONFIGURE_ARGS+=	--enable-dynamicplugin
 -PLIST_SUB+=	DYNAMIC=""
 -.else
 -PLIST_SUB+=	DYNAMIC="@comment "
 -.endif
 +CONFIGURE_ARGS+=	--enable-dynamicplugin --enable-build-dynamic-examples \
 +			--enable-reload --enable-reload-restart \
 +			--disable-corefiles \
 +			--with-dnet-includes=${LIBNET_INCDIR} \
 +			--with-dnet-libraries=${LIBNET_LIBDIR}
  
 -.if defined(WITH_FLEXRESP)
 -.if defined(WITH_FLEXRESP2)
 -IGNORE=			options FLEXRESP and FLEXRESP2 are mutually exclusive
 -.endif
 -BUILD_DEPENDS+=		${LIBNET_CONFIG}:${PORTSDIR}/net/libnet10
 -CONFIGURE_ARGS+=	--enable-flexresp \
 -			--with-libnet-includes=${LIBNET_INCDIR} \
 -			--with-libnet-libraries=${LIBNET_LIBDIR}
 -.endif
 +PLIST_SUB+=	DYNAMIC=""
  
 -.if defined(WITH_FLEXRESP2)
 -LIB_DEPENDS+=		dnet.1:${PORTSDIR}/net/libdnet
 -BUILD_DEPENDS+=		${LIBNET_CONFIG}:${PORTSDIR}/net/libnet
 -CONFIGURE_ARGS+=	--enable-flexresp2 \
 -			--with-libnet-includes=${LIBNET_INCDIR} \
 -			--with-libnet-libraries=${LIBNET_LIBDIR}
 +.if defined(WITH_FLEXRESP3)
 +CONFIGURE_ARGS+=	--enable-flexresp3 \
 +			--enable-active-response
  .endif
  
  .if defined(WITH_MYSQL)
 @@ -122,43 +114,74 @@
  PLIST_SUB+=		PRELUDE="@comment "
  .endif
  
 -.if defined(WITH_PERPROFILE)
 -CONFIGURE_ARGS+=	--enable-perfprofiling
 -.endif
 -
 -.if defined(WITH_SNORTSAM)
 -USE_AUTOTOOLS+=	automake
 -PATCH_SITES+=http://www.snortsam.net/files/snort-plugin/:snortsam
 -PATCHFILES+=snortsam-2.8.6.diff.gz:snortsam
 +.if defined(WITH_PERFPROFILE)
 +CONFIGURE_ARGS+=	--enable-perfprofiling --enable-ppm
  .endif
  
  .if defined(WITH_IPV6)
  CONFIGURE_ARGS+=	--enable-ipv6
  .endif
  
 +.if defined(WITH_GRE)
 +CONFIGURE_ARGS+=	--enable-gre
 +.endif
 +
 +.if defined(WITH_MPLS)
 +CONFIGURE_ARGS+=	--enable-mpls
 +.endif
 +
 +.if defined(WITH_TARGETBASED)
 +CONFIGURE_ARGS+=	--enable-targetbased
 +.endif
 +
 +.if defined(WITH_DECODERPRE)
 +CONFIGURE_ARGS+=	--enable-decoder-preprocessor-rules
 +.endif
 +
 +.if defined(WITH_ZLIB)
 +CONFIGURE_ARGS+=	--enable-zlib
 +.endif
 +
 +.if defined(WITH_NORMALIZER)
 +CONFIGURE_ARGS+=	--enable-normalizer
 +.endif
 +
 +.if defined(WITH_REACT)
 +CONFIGURE_ARGS+=	--enable-react
 +.endif
 +
 +.if defined(WITH_SNORTSAM)
 +USE_AUTOTOOLS+= automake
 +PATCH_SITES+=	http://www.snortsam.net/files/snort-plugin/:snortsam \
 +		http://www.secnap.com/downloads/:snortsam
 +PATCHFILES+=	snortsam-2.9.0.3.diff.gz:snortsam
 +.endif
 +
  post-patch:
  .if defined(NOPORTDOCS)
  	@${REINPLACE_CMD} '/SUBDIRS = /s/doc//' ${WRKSRC}/Makefile.in
  .endif
  
  pre-configure:
 -.if defined(WITH_SNORTSAM)
 -	@cd ${WRKSRC} && ${SH} ${WRKSRC}/autojunk.sh
 -.endif
  	${FIND} ${WRKSRC} -name 'Makefile.in' | ${XARGS} ${REINPLACE_CMD} -e \
  	    's|lib/snort_|lib/snort/|g'
  	${REINPLACE_CMD} "s,/etc/snort.conf,${CONFIG_DIR}/snort.conf," \
  		${WRKSRC}/src/snort.c ${WRKSRC}/snort.8
  	${REINPLACE_CMD} -e 's|lib/snort_|lib/snort/|g' ${WRKSRC}/etc/snort.conf
 +	${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' ${WRKSRC}/etc/snort.conf
 +	${REINPLACE_CMD} -e '/var HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' ${WRKSRC}/etc/snort.conf
  	${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in
 -.if defined(WITH_FLEXRESP) || defined(WITH_FLEXRESP2)
  	${REINPLACE_CMD} -e 's|libnet-config|${LIBNET_CONFIG}|g' ${WRKSRC}/configure
 +.if !defined(WITH_IPV6)
 +	${REINPLACE_CMD} -e 's|^ipvar |var |' ${WRKSRC}/etc/snort.conf
 +	${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/'  ${WRKSRC}/etc/snort.conf
 +	${REINPLACE_CMD} -e '/normalize_icmp6/s/^preprocessor/#preprocessor/'  ${WRKSRC}/etc/snort.conf
  .endif
 -.if defined(WITHOUT_DYNAMIC)
 -	${REINPLACE_CMD} -e "s,-am: install-libLTLIBRARIES,-am:," \
 -		${WRKSRC}/src/dynamic-plugins/sf_engine/Makefile.in
 -	@${CAT} ${PATCHDIR}/pkg-message-dynamicplugin
 -	@sleep 5
 +.if defined(WITH_DECODERPRE)
 +	${REINPLACE_CMD} -e '/^# include .PREPROC_RULE/s/# include/include/' ${WRKSRC}/etc/snort.conf
 +.endif
 +.if defined(WITH_SNORTSAM)
 +	@cd ${WRKSRC} && ${SH} ${WRKSRC}/autojunk.sh
  .endif
  
  pre-install:
 @@ -170,9 +193,19 @@
  .endif
  
  post-install:
 -.if !defined(WITHOUT_DYNAMIC)
 -	@${LIBTOOL} --finish ${LOCALBASE}/snort/dynamicpreprocessor
 +.if defined(WITH_SNORTSAM)
 +	# mss: only doing this because snortsam patch/autojunk messes up paths
 +	# life is too short to figure out why.
 +	@${MKDIR} ${LOCALBASE}/lib/snort/dynamicrules
 +	@cd ${LOCALBASE}/lib && ${MKDIR} snort/dynamicrules &&  ${MKDIR} snort/dynamicengine &&  ${MKDIR} snort/dynamicpreprocessor
 +	@cd ${LOCALBASE}/lib && ${MV} snort_dynamicrules/* snort/dynamicrules
 +	@cd ${LOCALBASE}/lib && ${MV} snort_dynamicengine/* snort/dynamicengine
 +	@cd ${LOCALBASE}/lib && ${MV} snort_dynamicpreprocessor/* snort/dynamicpreprocessor
 +	@cd ${LOCALBASE}/lib && ${${RMDIR} snort_dynamic*
 +	@${MKDIR} ${LOCALBASE}/libdata/pkgconfig/ && ${MV} ${LOCALBASE}/lib/pkgconfig/snort.pc ${LOCALBASE}/libdata/pkgconfig/snort.pc
 +	@${RMDIR} ${LOCALBASE}/lib/pkgconfig
  .endif
 +	@${LIBTOOL} --finish ${LOCALBASE}/snort/dynamicpreprocessor
  	[ -d ${CONFIG_DIR} ] || ${MKDIR} ${CONFIG_DIR}
  	[ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR}
  	[ -d ${RULES_DIR} ] || ${MKDIR} ${RULES_DIR}
 @@ -189,6 +222,15 @@
  	@${MKDIR} ${DOCSDIR}
  	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
  .endif
 +.if defined(WITH_DECODERPRE)
 +	@${MKDIR} ${PREPROC_RULE_DIR}
 +.for f in ${PREPROC_RULES}
 +	${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${PREPROC_RULE_DIR}/${f}-sample
 +	@if [ ! -f ${PREPROC_RULE_DIR}/${f} ]; then \
 +		${CP} -p ${PREPROC_RULE_DIR}/${f}-sample ${PREPROC_RULE_DIR}/${f} ; \
 +	fi
 +.endfor
 +.endif
  	@${CAT} ${PKGMESSAGE}
  
 -.include <bsd.port.post.mk>
 +.include <bsd.port.mk>
 diff -bBru /var/tmp/snort2861/distinfo snort/distinfo
 --- /var/tmp/snort2861/distinfo	2010-07-28 03:21:12.000000000 -0400
 +++ snort/distinfo	2011-01-31 09:25:37.000000000 -0500
 @@ -1,6 +1,4 @@
 -MD5 (snort-2.8.6.1.tar.gz) = b1119396a32e9df0d80404e4b6c49166
 -SHA256 (snort-2.8.6.1.tar.gz) = 7a948ef235c59b193ca0883b04a0d3ef4cc5250f933cafc4d06feed57150ae23
 -SIZE (snort-2.8.6.1.tar.gz) = 4939019
 -MD5 (snortsam-2.8.6.diff.gz) = 35fe432a8061dc3155f3530ff54f4ebf
 -SHA256 (snortsam-2.8.6.diff.gz) = 24253b7f1dac99edc4527ac9a4da1c30d340c0eeaf6f754495e4078bf1b88955
 -SIZE (snortsam-2.8.6.diff.gz) = 28755
 +SHA256 (snort-2.9.0.3.tar.gz) = 382768dc7a47bbf4e1a85cd765d8bf4f245643be2acfc740fda1cd3d24e32a48
 +SIZE (snort-2.9.0.3.tar.gz) = 5791144
 +SHA256 (snortsam-2.9.0.3.diff.gz) = f32baf0408e80c7aed3560ce46229d936d71b8e7a4180efdba04f8e0021e70bc
 +SIZE (snortsam-2.9.0.3.diff.gz) = 28890
 diff -bBru /var/tmp/snort2861/files/pkg-message-dynamicplugin snort/files/pkg-message-dynamicplugin
 --- /var/tmp/snort2861/files/pkg-message-dynamicplugin	2006-08-30 00:26:54.000000000 -0400
 +++ snort/files/pkg-message-dynamicplugin	2011-01-29 15:43:38.000000000 -0500
 @@ -1,12 +0,0 @@
 -=========================================================================
 -NOTE: The port has been configured without support for dynamic plugins.
 -      It is recommended that you enable dynamic plugins by pressing
 -      Ctrl-C now, run 'make config' and enable the DYNAMIC option.
 -
 -      If you choose not to enable dynamic plugins, the default Snort
 -      configuration file may reference some dynamic plugins and
 -      preprocessors that may cause Snort to not work properly or throw
 -      errors. Please read the Snort documentation for more information
 -      regarding dynamic plugins and which configuration directives
 -      are affected.
 -=========================================================================
 diff -bBru /var/tmp/snort2861/files/snort.sh.in snort/files/snort.sh.in
 --- /var/tmp/snort2861/files/snort.sh.in	2010-03-26 20:14:48.000000000 -0400
 +++ snort/files/snort.sh.in	2011-01-29 15:21:01.000000000 -0500
 @@ -27,6 +27,7 @@
  
  name="snort"
  rcvar=`set_rcvar`
 +extra_commands=reload
  
  command="%%PREFIX%%/bin/snort"
  
 diff -bBru /var/tmp/snort2861/pkg-plist snort/pkg-plist
 --- /var/tmp/snort2861/pkg-plist	2010-07-09 08:57:30.000000000 -0400
 +++ snort/pkg-plist	2011-01-29 16:48:13.000000000 -0500
 @@ -1,5 +1,7 @@
  @comment $FreeBSD: ports/security/snort/pkg-plist,v 1.34 2010/07/09 12:57:30 clsung Exp $
  bin/snort
 +bin/u2boat
 +bin/u2spewfoo
  @unexec if cmp  -s %D/etc/snort/classification.config-sample %D/etc/snort/classification.config; then rm -f %D/etc/snort/classification.config; fi
  etc/snort/classification.config-sample
  @exec if [ ! -f %D/etc/snort/classification.config ] ; then cp -p %D/%F %B/classification.config; fi
 @@ -9,8 +11,6 @@
  @unexec if cmp  -s %D/etc/snort/reference.config-sample %D/etc/snort/reference.config; then rm -f %D/etc/snort/reference.config; fi
  etc/snort/reference.config-sample
  @exec if [ ! -f %D/etc/snort/reference.config ] ; then cp -p %D/%F %B/reference.config; fi
 -@unexec if cmp  -s %D/etc/snort/sid-msg.map-sample %D/etc/snort/sid-msg.map; then rm -f %D/etc/snort/sid-msg.map; fi
 -etc/snort/sid-msg.map-sample
  @exec if [ ! -f %D/etc/snort/sid-msg.map ] ; then cp -p %D/%F %B/sid-msg.map; fi
  @unexec if cmp  -s %D/etc/snort/snort.conf-sample %D/etc/snort/snort.conf; then rm -f %D/etc/snort/snort.conf; fi
  etc/snort/snort.conf-sample
 @@ -22,6 +22,16 @@
  etc/snort/unicode.map-sample
  @exec if [ ! -f %D/etc/snort/unicode.map ] ; then cp -p %D/%F %B/unicode.map; fi
  @dirrmtry etc/snort/rules
 +@unexec if cmp  -s %D/etc/snort/preproc_rules/decoder.rules %D/etc/snort/preproc_rules/decoder.rules; then rm -f %D/etc/snort/preproc_rules/decoder.rules;fi
 +etc/snort/preproc_rules/decoder.rules-sample
 +@exec if [ ! -f %D/etc/snort/preproc_rules/decoder.rules ] ; then cp -p %D/%F %B/decoder.rules; fi
 +@unexec if cmp  -s %D/etc/snort/preproc_rules/preprocessor.rules %D/etc/snort/preproc_rules/preprocessor.rules; then rm -f %D/etc/snort/preproc_rules/preprocessor.rules;fi
 +etc/snort/preproc_rules/preprocessor.rules-sample
 +@exec if [ ! -f %D/etc/snort/preproc_rules/preprocessor.rules ] ; then cp -p %D/%F %B/preprocessor.rules; fi
 +@unexec if cmp  -s %D/etc/snort/preproc_rules/sensitive-data.rules %D/etc/snort/preproc_rules/sensitive-data.rules; then rm -f %D/etc/snort/preproc_rules/sensitive-data.rules;fi
 +etc/snort/preproc_rules/sensitive-data.rules-sample
 +@exec if [ ! -f %D/etc/snort/preproc_rules/decoder.rules ] ; then cp -p %D/%F %B/; fi
 +@dirrmtry etc/snort/preproc_rules
  @dirrmtry etc/snort
  %%DYNAMIC%%src/snort_dynamicsrc/bitop.h
  %%DYNAMIC%%src/snort_dynamicsrc/debug.h
 @@ -34,6 +44,8 @@
  %%DYNAMIC%%src/snort_dynamicsrc/rule_option_types.h
  %%DYNAMIC%%src/snort_dynamicsrc/sfPolicyUserData.c
  %%DYNAMIC%%src/snort_dynamicsrc/sfPolicyUserData.h
 +%%DYNAMIC%%src/snort_dynamicsrc/sf_base64decode.c
 +%%DYNAMIC%%src/snort_dynamicsrc/sf_base64decode.h
  %%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_common.h
  %%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_define.h
  %%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_engine.h
 @@ -58,41 +70,37 @@
  %%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.so
  %%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.so.0
  %%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.la
 -%%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.a
  %%DYNAMIC%%@dirrmtry lib/snort/dynamicengine
 +%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.a
 +%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.la
 +%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0
 +%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
  %%DYNAMIC%%@dirrmtry lib/snort/dynamicrules
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.a
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.la
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so.0
 -%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.la
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
  %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so.0
 +%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
 +%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
 +%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0
 +%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
  %%DYNAMIC%%@dirrmtry lib/snort/dynamicpreprocessor
  %%DYNAMIC%%@dirrmtry lib/snort
  %%EXAMPLESDIR%%/classification.config-sample
 @@ -103,7 +111,6 @@
  %%EXAMPLESDIR%%/create_postgresql
  %%EXAMPLESDIR%%/gen-msg.map-sample
  %%EXAMPLESDIR%%/reference.config-sample
 -%%EXAMPLESDIR%%/sid-msg.map-sample
  %%EXAMPLESDIR%%/snort.conf-sample
  %%EXAMPLESDIR%%/threshold.conf-sample
  %%EXAMPLESDIR%%/unicode.map-sample
 @@ -116,19 +123,17 @@
  %%PORTDOCS%%%%DOCSDIR%%/PROBLEMS
  %%PORTDOCS%%%%DOCSDIR%%/README
  %%PORTDOCS%%%%DOCSDIR%%/README.ARUBA
 -%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP
 -%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP2
 -%%PORTDOCS%%%%DOCSDIR%%/README.INLINE
  %%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS
  %%PORTDOCS%%%%DOCSDIR%%/README.PerfProfiling
  %%PORTDOCS%%%%DOCSDIR%%/README.SMTP
  %%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK
  %%PORTDOCS%%%%DOCSDIR%%/README.WIN32
 +%%PORTDOCS%%%%DOCSDIR%%/README.active
  %%PORTDOCS%%%%DOCSDIR%%/README.alert_order
  %%PORTDOCS%%%%DOCSDIR%%/README.asn1
  %%PORTDOCS%%%%DOCSDIR%%/README.csv
  %%PORTDOCS%%%%DOCSDIR%%/README.database
 -%%PORTDOCS%%%%DOCSDIR%%/README.dcerpc
 +%%PORTDOCS%%%%DOCSDIR%%/README.daq
  %%PORTDOCS%%%%DOCSDIR%%/README.dcerpc2
  %%PORTDOCS%%%%DOCSDIR%%/README.decode
  %%PORTDOCS%%%%DOCSDIR%%/README.decoder_preproc_rules
 @@ -143,6 +148,7 @@
  %%PORTDOCS%%%%DOCSDIR%%/README.ipip
  %%PORTDOCS%%%%DOCSDIR%%/README.ipv6
  %%PORTDOCS%%%%DOCSDIR%%/README.multipleconfigs
 +%%PORTDOCS%%%%DOCSDIR%%/README.normalize
  %%PORTDOCS%%%%DOCSDIR%%/README.pcap_readmode
  %%PORTDOCS%%%%DOCSDIR%%/README.ppm
  %%PORTDOCS%%%%DOCSDIR%%/README.reload
 @@ -153,8 +159,8 @@
  %%PORTDOCS%%%%DOCSDIR%%/README.stream5
  %%PORTDOCS%%%%DOCSDIR%%/README.tag
  %%PORTDOCS%%%%DOCSDIR%%/README.thresholding
 +%%PORTDOCS%%%%DOCSDIR%%/README.u2boat
  %%PORTDOCS%%%%DOCSDIR%%/README.variables
 -%%PORTDOCS%%%%DOCSDIR%%/README.wireless
  %%PORTDOCS%%%%DOCSDIR%%/RELEASE.NOTES
  %%PORTDOCS%%%%DOCSDIR%%/TODO
  %%PORTDOCS%%%%DOCSDIR%%/USAGE
 
 --------------070209040905010009060602--
State-Changed-From-To: open->closed 
State-Changed-By: clsung 
State-Changed-When: Wed Feb 9 06:50:49 UTC 2011 
State-Changed-Why:  
Closed by ports/154514. Thank you. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=153224 
>Unformatted:
