From nobody@FreeBSD.org  Fri Feb  4 20:04:36 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 919081065672
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  4 Feb 2011 20:04:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 7FA398FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  4 Feb 2011 20:04:36 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p14K4akc062288
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 4 Feb 2011 20:04:36 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p14K4aDj062287;
	Fri, 4 Feb 2011 20:04:36 GMT
	(envelope-from nobody)
Message-Id: <201102042004.p14K4aDj062287@red.freebsd.org>
Date: Fri, 4 Feb 2011 20:04:36 GMT
From: Michael Scheidell <scheidell@secnap.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/snort update to snort 2.9.0.3
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         154514
>Category:       ports
>Synopsis:       security/snort update to snort 2.9.0.3
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    clsung
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 04 20:10:10 UTC 2011
>Closed-Date:    Wed Feb 09 06:50:41 UTC 2011
>Last-Modified:  Wed Feb  9 07:00:21 UTC 2011
>Originator:     Michael Scheidell
>Release:        7.3 amd and 8.1 amd
>Organization:
SECNAP Network Security
>Environment:
many.
>Description:
This pr closes:

http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/139321
      security/snort 2.8.4.1_1 not compiling 

http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/153224
      security/snort misplaced dynamic rules with snortsam

and supersedes http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/153998
      first pass at upgrading snort to 2.9.0.3. Sorry, I tried to add this patch as a comment to that one, but I don't think gnats ever got my email.

this attached patch should replace the one in 153998.

this patch is against current 2.8.6.1, applies cleanly, fixes the location of the dynamic libs/rules in pr 153224, fixes pr 129321.
this patch takes the previous patch (thanks to Dean Freeman at sourcefire for getting it started) and addresses some issues with the patch.

tested on 7.3 amd64 and 8.1 amd64.  installs and deinstalls cleanly.. creates a clean ports package that can be installed and deinstalled.
adds back in snortsam support (unofficial. not supported by snort/sourcefile.  and this patch isn't the official one from snortsam.net.. yet)

snortsam patch provided by robrob2626@yahoo.com

tested on 7.3 and 8.1 amd64.
Note: have NOT yet tested new ipfw daq, but have tested snortsam/snort combination and it seems to work fine.
snort starts, and will load ipfw daq (as long as you are running root)

further, it fixes the previous patch in that
1 port revision is not bumped
 (it should not be bumped on port major version upgrade)
2 master sites set back to SF
3) options modified, some removed from version 2.8.6.1:
   a flexresp (replaced by flexresp3
   b targetbased and ipv6 off by default (like 2.8.6.1 was)
   c snortsam put back in (it was in 2.8.6.1, missing in original patch)
   d combined flexresp3 with flexreaction (can't have one without the other)

pre_proc rules now installed.
libnet needed for EVERYTHING, not just flexresp.  needed for DAQ, so conditionals removed.

daq dependency bumped, needs daq 0.5_1 (already in ports) if you don't have it, update your ports tree.

Added build and run depends (needed to build a ports package binary)

snortsam being hosted at secnap.com till it is available from snortsam.net

Makefile changes:

pre-configure: if ! IPV6, edit snort.conf-sample, change ipvar to var, take noamize_ip6/ipcmp6 out of sample conf.

post install: the fix for pr 153224 (I can't figure out what snortsam patch does to conf files, so I just move the affected files, pkg-plist wants them there!)
remove pkg-message-dynamicplugin (not needed.. port won't build without dynamic plugin support anyway)

snort.rc.in:  added in extra_commands reload.  port options build SIGHUP support into snort now.

pkg-plist: add in new binaries new for 286+
fix pr 153998 pkg-plist that was deleting critical files which were parts of other ports, which made portupgrade, make deinstall reinstall fail.

fix pr 153998 pkg-plist that was deleting users custom snort.conf file.
add in removal of sample or untouched preproc_rules.

I did not yet change maintainer from clsung@FreeBSD.org like was in pr 153998.  that is not up to me.

any problems, might check snort-users group, or if problems specific to port, open a pr .  

Several people already using this.

>How-To-Repeat:
snort 2.9.0.3 is a significant upgrade, adds in daq and port libpcap so you can adjust pcap buffer.  


>Fix:
apply this patch.



Patch attached with submission follows:

diff -bBru /var/tmp/snort2861/Makefile snort/Makefile
--- /var/tmp/snort2861/Makefile	2010-12-08 20:36:35.000000000 -0500
+++ snort/Makefile	2011-02-03 09:45:20.000000000 -0500
@@ -6,86 +6,78 @@
 #
 
 PORTNAME=	snort
-PORTVERSION=	2.8.6.1
+PORTVERSION=	2.9.0.3
 CATEGORIES=	security
-MASTER_SITES=	LOCAL
-MASTER_SITE_SUBDIR=     clsung
+MASTER_SITES=	SF/snort/snort
+
+PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	clsung@FreeBSD.org
 COMMENT=	Lightweight network intrusion detection system
 
 LIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre
-
-CONFLICTS?=	snort-1.* snort-2.[0-7].*
-
-OPTIONS=	DYNAMIC "Enable dynamic plugin support" on \
-		FLEXRESP "Flexible response to events" off \
-		FLEXRESP2 "Flexible response to events (version 2)" off \
+BUILD_DEPENDS=	daq>=0.5_1:${PORTSDIR}/net/daq \
+		${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet
+RUN_DEPENDS=	daq>=0.5_1:${PORTSDIR}/net/daq \
+		${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet \
+
+CONFLICTS?=	snort-1.* snort-2.[0-8].*
+
+OPTIONS=	IPV6 "Enable IPv6 support" off \
+		MPLS "Enable MPLS support" on \
+		GRE "Enable GRE support" on \
+		TARGETBASED "Enable Targetbased support" off \
+		DECODERPRE "Enable Decoded-Preprocessor-Rules" on \
+		ZLIB "Enable GZIP support" on \
+		NORMALIZER "Enable Normalizer" on \
+		REACT "Enable React" on \
+		PERFPROFILE "Enable Performance Profiling" on \
+		FLEXRESP3 "Flexible response to events (version 3)" on \
 		MYSQL "Enable MySQL support" off \
 		ODBC "Enable ODBC support" off \
 		POSTGRESQL "Enable PostgreSQL support" off \
 		PRELUDE "Enable Prelude NIDS integration" off \
-		PERPROFILE "Enable Performance Profiling" off \
-		SNORTSAM "Enable output plugin to SnortSam" off \
-		IPV6 "Enable IPv6 support" off
+		SNORTSAM "Unofficial Snortsam Patch" off
+
+.include <bsd.port.options.mk>
 
 USE_RC_SUBR=	snort.sh
 SUB_FILES=	pkg-message
 GNU_CONFIGURE=	yes
 CONFIGURE_ENV=	LDFLAGS="${LDFLAGS}"
-PATCH_DIST_STRIP=	-p1
 MAKE_JOBS_UNSAFE=	yes
 
 CONFIG_DIR?=	${PREFIX}/etc/snort
 CONFIG_FILES=	classification.config gen-msg.map reference.config \
-		sid-msg.map snort.conf threshold.conf unicode.map
+		snort.conf threshold.conf unicode.map
 RULES_DIR=	${PREFIX}/etc/snort/rules
 LOGS_DIR=	/var/log/snort
 
 MAN8=		snort.8
 DOCS=		RELEASE.NOTES doc/AUTHORS doc/BUGS doc/CREDITS \
 		doc/README* doc/USAGE doc/*.pdf
+PREPROC_RULE_DIR=	${RULES_DIR}/../preproc_rules
+PREPROC_RULES=		decoder.rules preprocessor.rules sensitive-data.rules
 
-.include <bsd.port.pre.mk>
-
-.if defined(WITH_FLEXRESP)
-LIBNET_CONFIG?=		${LOCALBASE}/bin/libnet10-config
-.elif defined(WITH_FLEXRESP2)
+USE_AUTOTOOLS=	libtool
+USE_LDCONFIG=	yes
 LIBNET_CONFIG?=		${LOCALBASE}/bin/libnet11-config
-.endif
-
-.if exists(${LIBNET_CONFIG})
 LIBNET_CFLAGS!=	${LIBNET_CONFIG} --cflags
 LIBNET_LIBS!=	${LIBNET_CONFIG} --libs
 LIBNET_INCDIR=	${LIBNET_CFLAGS:M-I*:S/-I//}
 LIBNET_LIBDIR=	${LIBNET_LIBS:M-L*:S/-L//}
-.endif
 
-.if !defined(WITHOUT_DYNAMIC)
-USE_AUTOTOOLS=	libtool
-USE_LDCONFIG=	yes
-CONFIGURE_ARGS+=	--enable-dynamicplugin
-PLIST_SUB+=	DYNAMIC=""
-.else
-PLIST_SUB+=	DYNAMIC="@comment "
-.endif
+CONFIGURE_ARGS+=	--enable-dynamicplugin --enable-build-dynamic-examples \
+			--enable-reload --enable-reload-restart \
+			--disable-corefiles \
+			--with-dnet-includes=${LIBNET_INCDIR} \
+			--with-dnet-libraries=${LIBNET_LIBDIR}
 
-.if defined(WITH_FLEXRESP)
-.if defined(WITH_FLEXRESP2)
-IGNORE=			options FLEXRESP and FLEXRESP2 are mutually exclusive
-.endif
-BUILD_DEPENDS+=		${LIBNET_CONFIG}:${PORTSDIR}/net/libnet10
-CONFIGURE_ARGS+=	--enable-flexresp \
-			--with-libnet-includes=${LIBNET_INCDIR} \
-			--with-libnet-libraries=${LIBNET_LIBDIR}
-.endif
+PLIST_SUB+=	DYNAMIC=""
 
-.if defined(WITH_FLEXRESP2)
-LIB_DEPENDS+=		dnet.1:${PORTSDIR}/net/libdnet
-BUILD_DEPENDS+=		${LIBNET_CONFIG}:${PORTSDIR}/net/libnet
-CONFIGURE_ARGS+=	--enable-flexresp2 \
-			--with-libnet-includes=${LIBNET_INCDIR} \
-			--with-libnet-libraries=${LIBNET_LIBDIR}
+.if defined(WITH_FLEXRESP3)
+CONFIGURE_ARGS+=	--enable-flexresp3 \
+			--enable-active-response
 .endif
 
 .if defined(WITH_MYSQL)
@@ -122,43 +114,74 @@
 PLIST_SUB+=		PRELUDE="@comment "
 .endif
 
-.if defined(WITH_PERPROFILE)
-CONFIGURE_ARGS+=	--enable-perfprofiling
-.endif
-
-.if defined(WITH_SNORTSAM)
-USE_AUTOTOOLS+=	automake
-PATCH_SITES+=http://www.snortsam.net/files/snort-plugin/:snortsam
-PATCHFILES+=snortsam-2.8.6.diff.gz:snortsam
+.if defined(WITH_PERFPROFILE)
+CONFIGURE_ARGS+=	--enable-perfprofiling --enable-ppm
 .endif
 
 .if defined(WITH_IPV6)
 CONFIGURE_ARGS+=	--enable-ipv6
 .endif
 
+.if defined(WITH_GRE)
+CONFIGURE_ARGS+=	--enable-gre
+.endif
+
+.if defined(WITH_MPLS)
+CONFIGURE_ARGS+=	--enable-mpls
+.endif
+
+.if defined(WITH_TARGETBASED)
+CONFIGURE_ARGS+=	--enable-targetbased
+.endif
+
+.if defined(WITH_DECODERPRE)
+CONFIGURE_ARGS+=	--enable-decoder-preprocessor-rules
+.endif
+
+.if defined(WITH_ZLIB)
+CONFIGURE_ARGS+=	--enable-zlib
+.endif
+
+.if defined(WITH_NORMALIZER)
+CONFIGURE_ARGS+=	--enable-normalizer
+.endif
+
+.if defined(WITH_REACT)
+CONFIGURE_ARGS+=	--enable-react
+.endif
+
+.if defined(WITH_SNORTSAM)
+USE_AUTOTOOLS+= automake
+PATCH_SITES+=	http://www.snortsam.net/files/snort-plugin/:snortsam \
+		http://www.secnap.com/downloads/:snortsam
+PATCHFILES+=	snortsam-2.9.0.3.diff.gz:snortsam
+.endif
+
 post-patch:
 .if defined(NOPORTDOCS)
 	@${REINPLACE_CMD} '/SUBDIRS = /s/doc//' ${WRKSRC}/Makefile.in
 .endif
 
 pre-configure:
-.if defined(WITH_SNORTSAM)
-	@cd ${WRKSRC} && ${SH} ${WRKSRC}/autojunk.sh
-.endif
 	${FIND} ${WRKSRC} -name 'Makefile.in' | ${XARGS} ${REINPLACE_CMD} -e \
 	    's|lib/snort_|lib/snort/|g'
 	${REINPLACE_CMD} "s,/etc/snort.conf,${CONFIG_DIR}/snort.conf," \
 		${WRKSRC}/src/snort.c ${WRKSRC}/snort.8
 	${REINPLACE_CMD} -e 's|lib/snort_|lib/snort/|g' ${WRKSRC}/etc/snort.conf
+	${REINPLACE_CMD} -e 's|^dynamicdetection|#dynamicdetection|' ${WRKSRC}/etc/snort.conf
+	${REINPLACE_CMD} -e '/var HOME_NET/s/any/[YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]/' ${WRKSRC}/etc/snort.conf
 	${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in
-.if defined(WITH_FLEXRESP) || defined(WITH_FLEXRESP2)
 	${REINPLACE_CMD} -e 's|libnet-config|${LIBNET_CONFIG}|g' ${WRKSRC}/configure
+.if !defined(WITH_IPV6)
+	${REINPLACE_CMD} -e 's|^ipvar |var |' ${WRKSRC}/etc/snort.conf
+	${REINPLACE_CMD} -e '/normalize_ip6/s/^preprocessor/#preprocessor/'  ${WRKSRC}/etc/snort.conf
+	${REINPLACE_CMD} -e '/normalize_icmp6/s/^preprocessor/#preprocessor/'  ${WRKSRC}/etc/snort.conf
 .endif
-.if defined(WITHOUT_DYNAMIC)
-	${REINPLACE_CMD} -e "s,-am: install-libLTLIBRARIES,-am:," \
-		${WRKSRC}/src/dynamic-plugins/sf_engine/Makefile.in
-	@${CAT} ${PATCHDIR}/pkg-message-dynamicplugin
-	@sleep 5
+.if defined(WITH_DECODERPRE)
+	${REINPLACE_CMD} -e '/^# include .PREPROC_RULE/s/# include/include/' ${WRKSRC}/etc/snort.conf
+.endif
+.if defined(WITH_SNORTSAM)
+	@cd ${WRKSRC} && ${SH} ${WRKSRC}/autojunk.sh
 .endif
 
 pre-install:
@@ -170,9 +193,19 @@
 .endif
 
 post-install:
-.if !defined(WITHOUT_DYNAMIC)
-	@${LIBTOOL} --finish ${LOCALBASE}/snort/dynamicpreprocessor
+.if defined(WITH_SNORTSAM)
+	# mss: only doing this because snortsam patch/autojunk messes up paths
+	# life is too short to figure out why.
+	@${MKDIR} ${LOCALBASE}/lib/snort/dynamicrules
+	@cd ${LOCALBASE}/lib && ${MKDIR} snort/dynamicrules &&  ${MKDIR} snort/dynamicengine &&  ${MKDIR} snort/dynamicpreprocessor
+	@cd ${LOCALBASE}/lib && ${MV} snort_dynamicrules/* snort/dynamicrules
+	@cd ${LOCALBASE}/lib && ${MV} snort_dynamicengine/* snort/dynamicengine
+	@cd ${LOCALBASE}/lib && ${MV} snort_dynamicpreprocessor/* snort/dynamicpreprocessor
+	@cd ${LOCALBASE}/lib && ${${RMDIR} snort_dynamic*
+	@${MKDIR} ${LOCALBASE}/libdata/pkgconfig/ && ${MV} ${LOCALBASE}/lib/pkgconfig/snort.pc ${LOCALBASE}/libdata/pkgconfig/snort.pc
+	@${RMDIR} ${LOCALBASE}/lib/pkgconfig
 .endif
+	@${LIBTOOL} --finish ${LOCALBASE}/snort/dynamicpreprocessor
 	[ -d ${CONFIG_DIR} ] || ${MKDIR} ${CONFIG_DIR}
 	[ -d ${EXAMPLESDIR} ] || ${MKDIR} ${EXAMPLESDIR}
 	[ -d ${RULES_DIR} ] || ${MKDIR} ${RULES_DIR}
@@ -189,6 +222,15 @@
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
 .endif
+.if defined(WITH_DECODERPRE)
+	@${MKDIR} ${PREPROC_RULE_DIR}
+.for f in ${PREPROC_RULES}
+	${INSTALL_DATA} ${WRKSRC}/preproc_rules/${f} ${PREPROC_RULE_DIR}/${f}-sample
+	@if [ ! -f ${PREPROC_RULE_DIR}/${f} ]; then \
+		${CP} -p ${PREPROC_RULE_DIR}/${f}-sample ${PREPROC_RULE_DIR}/${f} ; \
+	fi
+.endfor
+.endif
 	@${CAT} ${PKGMESSAGE}
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff -bBru /var/tmp/snort2861/distinfo snort/distinfo
--- /var/tmp/snort2861/distinfo	2010-07-28 03:21:12.000000000 -0400
+++ snort/distinfo	2011-01-31 09:25:37.000000000 -0500
@@ -1,6 +1,4 @@
-MD5 (snort-2.8.6.1.tar.gz) = b1119396a32e9df0d80404e4b6c49166
-SHA256 (snort-2.8.6.1.tar.gz) = 7a948ef235c59b193ca0883b04a0d3ef4cc5250f933cafc4d06feed57150ae23
-SIZE (snort-2.8.6.1.tar.gz) = 4939019
-MD5 (snortsam-2.8.6.diff.gz) = 35fe432a8061dc3155f3530ff54f4ebf
-SHA256 (snortsam-2.8.6.diff.gz) = 24253b7f1dac99edc4527ac9a4da1c30d340c0eeaf6f754495e4078bf1b88955
-SIZE (snortsam-2.8.6.diff.gz) = 28755
+SHA256 (snort-2.9.0.3.tar.gz) = 382768dc7a47bbf4e1a85cd765d8bf4f245643be2acfc740fda1cd3d24e32a48
+SIZE (snort-2.9.0.3.tar.gz) = 5791144
+SHA256 (snortsam-2.9.0.3.diff.gz) = f32baf0408e80c7aed3560ce46229d936d71b8e7a4180efdba04f8e0021e70bc
+SIZE (snortsam-2.9.0.3.diff.gz) = 28890
diff -bBru /var/tmp/snort2861/files/pkg-message-dynamicplugin snort/files/pkg-message-dynamicplugin
--- /var/tmp/snort2861/files/pkg-message-dynamicplugin	2006-08-30 00:26:54.000000000 -0400
+++ snort/files/pkg-message-dynamicplugin	2011-01-29 15:43:38.000000000 -0500
@@ -1,12 +0,0 @@
-=========================================================================
-NOTE: The port has been configured without support for dynamic plugins.
-      It is recommended that you enable dynamic plugins by pressing
-      Ctrl-C now, run 'make config' and enable the DYNAMIC option.
-
-      If you choose not to enable dynamic plugins, the default Snort
-      configuration file may reference some dynamic plugins and
-      preprocessors that may cause Snort to not work properly or throw
-      errors. Please read the Snort documentation for more information
-      regarding dynamic plugins and which configuration directives
-      are affected.
-=========================================================================
diff -bBru /var/tmp/snort2861/files/snort.sh.in snort/files/snort.sh.in
--- /var/tmp/snort2861/files/snort.sh.in	2010-03-26 20:14:48.000000000 -0400
+++ snort/files/snort.sh.in	2011-01-29 15:21:01.000000000 -0500
@@ -27,6 +27,7 @@
 
 name="snort"
 rcvar=`set_rcvar`
+extra_commands=reload
 
 command="%%PREFIX%%/bin/snort"
 
diff -bBru /var/tmp/snort2861/pkg-plist snort/pkg-plist
--- /var/tmp/snort2861/pkg-plist	2010-07-09 08:57:30.000000000 -0400
+++ snort/pkg-plist	2011-01-29 16:48:13.000000000 -0500
@@ -1,5 +1,7 @@
 @comment $FreeBSD: ports/security/snort/pkg-plist,v 1.34 2010/07/09 12:57:30 clsung Exp $
 bin/snort
+bin/u2boat
+bin/u2spewfoo
 @unexec if cmp  -s %D/etc/snort/classification.config-sample %D/etc/snort/classification.config; then rm -f %D/etc/snort/classification.config; fi
 etc/snort/classification.config-sample
 @exec if [ ! -f %D/etc/snort/classification.config ] ; then cp -p %D/%F %B/classification.config; fi
@@ -9,8 +11,6 @@
 @unexec if cmp  -s %D/etc/snort/reference.config-sample %D/etc/snort/reference.config; then rm -f %D/etc/snort/reference.config; fi
 etc/snort/reference.config-sample
 @exec if [ ! -f %D/etc/snort/reference.config ] ; then cp -p %D/%F %B/reference.config; fi
-@unexec if cmp  -s %D/etc/snort/sid-msg.map-sample %D/etc/snort/sid-msg.map; then rm -f %D/etc/snort/sid-msg.map; fi
-etc/snort/sid-msg.map-sample
 @exec if [ ! -f %D/etc/snort/sid-msg.map ] ; then cp -p %D/%F %B/sid-msg.map; fi
 @unexec if cmp  -s %D/etc/snort/snort.conf-sample %D/etc/snort/snort.conf; then rm -f %D/etc/snort/snort.conf; fi
 etc/snort/snort.conf-sample
@@ -22,6 +22,16 @@
 etc/snort/unicode.map-sample
 @exec if [ ! -f %D/etc/snort/unicode.map ] ; then cp -p %D/%F %B/unicode.map; fi
 @dirrmtry etc/snort/rules
+@unexec if cmp  -s %D/etc/snort/preproc_rules/decoder.rules %D/etc/snort/preproc_rules/decoder.rules; then rm -f %D/etc/snort/preproc_rules/decoder.rules;fi
+etc/snort/preproc_rules/decoder.rules-sample
+@exec if [ ! -f %D/etc/snort/preproc_rules/decoder.rules ] ; then cp -p %D/%F %B/decoder.rules; fi
+@unexec if cmp  -s %D/etc/snort/preproc_rules/preprocessor.rules %D/etc/snort/preproc_rules/preprocessor.rules; then rm -f %D/etc/snort/preproc_rules/preprocessor.rules;fi
+etc/snort/preproc_rules/preprocessor.rules-sample
+@exec if [ ! -f %D/etc/snort/preproc_rules/preprocessor.rules ] ; then cp -p %D/%F %B/preprocessor.rules; fi
+@unexec if cmp  -s %D/etc/snort/preproc_rules/sensitive-data.rules %D/etc/snort/preproc_rules/sensitive-data.rules; then rm -f %D/etc/snort/preproc_rules/sensitive-data.rules;fi
+etc/snort/preproc_rules/sensitive-data.rules-sample
+@exec if [ ! -f %D/etc/snort/preproc_rules/decoder.rules ] ; then cp -p %D/%F %B/; fi
+@dirrmtry etc/snort/preproc_rules
 @dirrmtry etc/snort
 %%DYNAMIC%%src/snort_dynamicsrc/bitop.h
 %%DYNAMIC%%src/snort_dynamicsrc/debug.h
@@ -34,6 +44,8 @@
 %%DYNAMIC%%src/snort_dynamicsrc/rule_option_types.h
 %%DYNAMIC%%src/snort_dynamicsrc/sfPolicyUserData.c
 %%DYNAMIC%%src/snort_dynamicsrc/sfPolicyUserData.h
+%%DYNAMIC%%src/snort_dynamicsrc/sf_base64decode.c
+%%DYNAMIC%%src/snort_dynamicsrc/sf_base64decode.h
 %%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_common.h
 %%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_define.h
 %%DYNAMIC%%src/snort_dynamicsrc/sf_dynamic_engine.h
@@ -58,41 +70,37 @@
 %%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.so
 %%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.so.0
 %%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.la
-%%DYNAMIC%%lib/snort/dynamicengine/libsf_engine.a
 %%DYNAMIC%%@dirrmtry lib/snort/dynamicengine
+%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.a
+%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.la
+%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.so.0
+%%DYNAMIC%%lib/snort/dynamicrules/lib_sfdynamic_example_rule.so
 %%DYNAMIC%%@dirrmtry lib/snort/dynamicrules
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.a
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.la
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dce2_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_dns_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so.0
-%%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.la
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
 %%DYNAMIC%%lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so.0
+%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
+%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
+%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0
+%%DYNAMIC%%lib/snort/dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
 %%DYNAMIC%%@dirrmtry lib/snort/dynamicpreprocessor
 %%DYNAMIC%%@dirrmtry lib/snort
 %%EXAMPLESDIR%%/classification.config-sample
@@ -103,7 +111,6 @@
 %%EXAMPLESDIR%%/create_postgresql
 %%EXAMPLESDIR%%/gen-msg.map-sample
 %%EXAMPLESDIR%%/reference.config-sample
-%%EXAMPLESDIR%%/sid-msg.map-sample
 %%EXAMPLESDIR%%/snort.conf-sample
 %%EXAMPLESDIR%%/threshold.conf-sample
 %%EXAMPLESDIR%%/unicode.map-sample
@@ -116,19 +123,17 @@
 %%PORTDOCS%%%%DOCSDIR%%/PROBLEMS
 %%PORTDOCS%%%%DOCSDIR%%/README
 %%PORTDOCS%%%%DOCSDIR%%/README.ARUBA
-%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP
-%%PORTDOCS%%%%DOCSDIR%%/README.FLEXRESP2
-%%PORTDOCS%%%%DOCSDIR%%/README.INLINE
 %%PORTDOCS%%%%DOCSDIR%%/README.PLUGINS
 %%PORTDOCS%%%%DOCSDIR%%/README.PerfProfiling
 %%PORTDOCS%%%%DOCSDIR%%/README.SMTP
 %%PORTDOCS%%%%DOCSDIR%%/README.UNSOCK
 %%PORTDOCS%%%%DOCSDIR%%/README.WIN32
+%%PORTDOCS%%%%DOCSDIR%%/README.active
 %%PORTDOCS%%%%DOCSDIR%%/README.alert_order
 %%PORTDOCS%%%%DOCSDIR%%/README.asn1
 %%PORTDOCS%%%%DOCSDIR%%/README.csv
 %%PORTDOCS%%%%DOCSDIR%%/README.database
-%%PORTDOCS%%%%DOCSDIR%%/README.dcerpc
+%%PORTDOCS%%%%DOCSDIR%%/README.daq
 %%PORTDOCS%%%%DOCSDIR%%/README.dcerpc2
 %%PORTDOCS%%%%DOCSDIR%%/README.decode
 %%PORTDOCS%%%%DOCSDIR%%/README.decoder_preproc_rules
@@ -143,6 +148,7 @@
 %%PORTDOCS%%%%DOCSDIR%%/README.ipip
 %%PORTDOCS%%%%DOCSDIR%%/README.ipv6
 %%PORTDOCS%%%%DOCSDIR%%/README.multipleconfigs
+%%PORTDOCS%%%%DOCSDIR%%/README.normalize
 %%PORTDOCS%%%%DOCSDIR%%/README.pcap_readmode
 %%PORTDOCS%%%%DOCSDIR%%/README.ppm
 %%PORTDOCS%%%%DOCSDIR%%/README.reload
@@ -153,8 +159,8 @@
 %%PORTDOCS%%%%DOCSDIR%%/README.stream5
 %%PORTDOCS%%%%DOCSDIR%%/README.tag
 %%PORTDOCS%%%%DOCSDIR%%/README.thresholding
+%%PORTDOCS%%%%DOCSDIR%%/README.u2boat
 %%PORTDOCS%%%%DOCSDIR%%/README.variables
-%%PORTDOCS%%%%DOCSDIR%%/README.wireless
 %%PORTDOCS%%%%DOCSDIR%%/RELEASE.NOTES
 %%PORTDOCS%%%%DOCSDIR%%/TODO
 %%PORTDOCS%%%%DOCSDIR%%/USAGE


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->clsung 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Fri Feb 4 20:10:17 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154514 
State-Changed-From-To: open->closed 
State-Changed-By: clsung 
State-Changed-When: Wed Feb 9 06:50:39 UTC 2011 
State-Changed-Why:  
Committed. Thank You. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154514 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/154514: commit references a PR
Date: Wed,  9 Feb 2011 06:50:14 +0000 (UTC)

 clsung      2011-02-09 06:50:03 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/snort       Makefile distinfo pkg-plist 
     security/snort/files snort.sh.in 
   Removed files:
     security/snort/files pkg-message-dynamicplugin 
   Log:
   - Update to 2.9.0.3 [1]
   - pass maintainership to William Freeman <wfreeman_AT_sourcefire dot com>
   
   Note: This attached patch replaces the one in ports/153998.
         Also fixes the location of the dynamic libs/rules in ports/153224.
   PR:             ports/154514 [1], ports/153998 [2]
   Submitted by:   Michael Scheidell <scheidell_AT_secnap dot net>
   
   Revision  Changes    Path
   1.128     +107 -67   ports/security/snort/Makefile
   1.67      +4 -6      ports/security/snort/distinfo
   1.2       +0 -12     ports/security/snort/files/pkg-message-dynamicplugin (dead)
   1.6       +2 -1      ports/security/snort/files/snort.sh.in
   1.35      +27 -21    ports/security/snort/pkg-plist
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
