rpms/snort/F-7 snort-2.7.0.1-glibc.patch, NONE, 1.1 snort.spec, 1.23, 1.24 sources, 1.8, 1.9
Dennis Gilmore (ausil)
fedora-extras-commits at redhat.com
Sat Sep 1 16:55:17 UTC 2007
Author: ausil
Update of /cvs/extras/rpms/snort/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22262
Modified Files:
snort.spec sources
Added Files:
snort-2.7.0.1-glibc.patch
Log Message:
update to 2.7.0.1 includes move to alternatives. needs lots of testing
snort-2.7.0.1-glibc.patch:
--- NEW FILE snort-2.7.0.1-glibc.patch ---
diff -ur snort-2.7.0.1-orig/src/preprocessors/flow/portscan/server_stats.c snort-2.7.0.1/src/preprocessors/flow/portscan/server_stats.c
--- snort-2.7.0.1-orig/src/preprocessors/flow/portscan/server_stats.c 2007-07-03 15:41:53.000000000 -0500
+++ snort-2.7.0.1/src/preprocessors/flow/portscan/server_stats.c 2007-08-31 23:37:33.000000000 -0500
@@ -346,7 +346,7 @@
/* open this description, create it if necessary, always wait on
* sync to disk w/ every write, only write */
- fd = open(filename, O_CREAT|O_TRUNC|O_SYNC|O_WRONLY);
+ fd = open(filename, O_CREAT, 0660|O_TRUNC|O_SYNC|O_WRONLY);
if(fd < 0)
{
diff -ur snort-2.7.0.1-orig/src/util.c snort-2.7.0.1/src/util.c
--- snort-2.7.0.1-orig/src/util.c 2007-07-03 15:41:31.000000000 -0500
+++ snort-2.7.0.1/src/util.c 2007-08-31 23:37:41.000000000 -0500
@@ -1841,7 +1841,7 @@
close(2);
#ifdef DEBUG
- open("/tmp/snort.debug", O_CREAT | O_RDWR);
+ open("/tmp/snort.debug", O_CREAT, 0660 | O_RDWR);
#else
open("/dev/null", O_RDWR);
#endif
Index: snort.spec
===================================================================
RCS file: /cvs/extras/rpms/snort/F-7/snort.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- snort.spec 19 Feb 2007 21:36:01 -0000 1.23
+++ snort.spec 1 Sep 2007 16:54:38 -0000 1.24
@@ -1,24 +1,20 @@
Summary: Intrusion detection system
Name: snort
-Version: 2.6.1.3
-Release: 1%{?dist}
-License: GPL
+Version: 2.7.0.1
+Release: 3%{?dist}
+License: GPLv2
Group: Applications/Internet
Source0: http://www.snort.org/dl/current/snort-%{version}.tar.gz
Source1: snortd
-Source2: README.fedora
-Patch0: snort-2.4.3-configure64.patch
+Source2: README.fedora
+Patch0: snort-2.7.0.1-glibc.patch
Url: http://www.snort.org
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-Prefix: /usr
Requires: libpcap >= 0.4
-%if "%{?fedora}" <= "5"
-BuildRequires: libpcap >= 0.4
-%else
BuildRequires: libpcap-devel >= 0.4
-%endif
BuildRequires: perl
BuildRequires: pcre-devel
+BuildRequires: sed
%package plain+flexresp
Summary: Snort with Flexible Response
@@ -86,7 +82,7 @@
attacks and probes, such as buffer overflows, stealth port scans,
CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has a real-time alerting capabilty, with alerts being sent to syslog,
-a seperate "alert" file, or as a WinPopup message via Samba's smbclient
+a separate "alert" file, or as a WinPopup message via Samba's smbclient
Edit %{_sysconfdir}/snort.conf to configure snort and use snort.d to start snort
@@ -147,14 +143,14 @@
%prep
%setup -q
-%patch0 -p1 -b .config
+%patch0 -p1 -b .glibc
cp %{SOURCE2} doc/
+sed -i -e 's|libnet-config|libnet-config-1.0|g' configure
+sed -i -e 's|\-lnet|\-lnet-1.0|g' configure
%build
-SNORT_BASE_CONFIG="--prefix=%{_prefix} \
- --sysconfdir=%{_sysconfdir} \
- --with-libpcap-includes=/usr/include/pcap \
+SNORT_BASE_CONFIG="--with-libpcap-includes=/usr/include/pcap \
--enable-dynamicplugin"
export LDFLAGS=-L/usr/lib64/mysql
# there are some strange configure errors
@@ -188,6 +184,7 @@
# mysql+flexresp
{
%configure $SNORT_BASE_CONFIG --with-mysql=yes \
+ --with-mysql-libraries=%{_libdir}/mysql \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no \
@@ -200,6 +197,7 @@
# mysql
{
%configure $SNORT_BASE_CONFIG --with-mysql=yes \
+ --with-mysql-libraries=%{_libdir}/mysql \
--with-postgresql=no \
--with-oracle=no \
--with-odbc=no
@@ -265,6 +263,7 @@
# bloat
{
%configure $SNORT_BASE_CONFIG --with-mysql=yes \
+ --with-mysql-libraries=%{_libdir}/mysql \
--with-postgresql=yes \
--with-oracle=no \
--with-odbc=no \
@@ -281,7 +280,7 @@
%install
if [ -d %{buildroot} ]; then
- rm -rf %{buildroot}
+ rm -rf %{buildroot}
fi
mkdir -p %{buildroot}%{_sysconfdir}/snort
@@ -307,24 +306,17 @@
install libsf_engine.so.0 %{buildroot}%{_libdir}/snort/dynamicengine
install libsf_engine.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicengine
-install snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-install snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-install snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-
-
-install snort_dynamicpreprocessor/libsf_smtp_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-install snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-install snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-
-install snort_dynamicpreprocessor/libsf_dns_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-install snort_dynamicpreprocessor/libsf_dns_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
-install snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
+for i in 'dcerpc' 'ssh' 'ftptelnet' 'smtp' 'dns'; do
+ install snort_dynamicpreprocessor/libsf_${i}_preproc.so %{buildroot}%{_libdir}/snort/dynamicpreprocessor
+ install snort_dynamicpreprocessor/libsf_${i}_preproc.so.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
+ install snort_dynamicpreprocessor/libsf_${i}_preproc.so.0.0.0 %{buildroot}%{_libdir}/snort/dynamicpreprocessor
+done
}
install snort.8 %{buildroot}%{_mandir}/man8
install etc/generators etc/gen-msg.map etc/sid etc/sid-msg.map etc/threshold.conf etc/unicode.map etc/reference.config etc/classification.config etc/snort.conf %{buildroot}%{_sysconfdir}/snort
-install %{SOURCE1} %{buildroot}/etc/rc.d/init.d
+install -p -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d
perl -pi -e 's!var RULE_PATH ../rules!var RULE_PATH %{_sysconfdir}!' %{buildroot}%{_sysconfdir}/snort/snort.conf
perl -pi -e 's!dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/!dynamicpreprocessor directory %{_libdir}/snort/dynamicpreprocessor/!' %{buildroot}%{_sysconfdir}/snort/snort.conf
@@ -332,55 +324,121 @@
%clean
if [ -d %{buildroot} ]; then
- rm -rf %{buildroot}
+ rm -rf %{buildroot}
fi
%post
-# make a symlink if there is no link
-ln -sf %{_sbindir}/snort-plain %{_sbindir}/snort
/sbin/chkconfig --add snortd
/sbin/ldconfig
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-plain 10
+fi
%preun
/etc/rc.d/init.d/snortd stop
if [ $1 = 0 ] ; then
/sbin/chkconfig --del snortd
- if [ -L %{_sbindir}/snort ]; then rm %{_sbindir}/snort; fi
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-plain
fi
%post plain+flexresp
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-plain+flexresp %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-plain+flexresp 20
+fi
+
+%postun plain+flexresp
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-plain+flexresp
+fi
%post mysql
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-mysql %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-mysql 30
+fi
+
+%postun mysql
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-mysql
+fi
%post mysql+flexresp
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-mysql+flexresp %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-mysql+flexresp 40
+fi
+
+%postun mysql+flexresp
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-mysql+flexresp
+fi
%post postgresql
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-postgresql %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-postgresql 50
+fi
+
+%postun postgresql
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-postgresql
+fi
%post postgresql+flexresp
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-postgresql+flexresp %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-postgresql+flexresp 60
+fi
+
+%postun postgresql+flexresp
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-postgresql+flexresp
+fi
%post snmp
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-snmp %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-snmp 60
+fi
+
+%postun snmp
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-snmp
+fi
%post snmp+flexresp
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-snmp+flexresp %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-snmp+flexresp 70
+fi
+
+%postun snmp+flexresp
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-snmp+flexresp
+fi
%post bloat
-if [ -L %{_sbindir}/snort ] || [ ! -e %{_sbindir}/snort ] ; then ln -sf %{_sbindir}/snort-bloat %{_sbindir}/snort; fi
+if [ $1 -eq 1 ] ; then
+ %{_sbindir}/update-alternatives --install %{_bindir}/snort \
+ snort %{_bindir}/snort-bloat 80
+fi
+
+%postun bloat
+if [ $1 -eq 0 ] ; then
+ %{_sbindir}/update-alternatives --remove snort %{_bindir}/snort-bloat
+fi
%files
@@ -421,6 +479,22 @@
%changelog
+* Fri Aug 31 2007 Dennis Gilmore <dennis at ausil.us> - 2.7.0.1-3
+- fix for glibc open
+
+* Fri Aug 31 2007 Dennis Gilmore <dennis at ausil.us> - 2.7.0.1-2
+- fix detection of mysql and libnet10
+
+* Mon Aug 27 2007 Dennis Gilmore <dennis at ausil.us> - 2.7.0.1-1
+- update to 2.7.0.1
+
+* Thu Jun 14 2007 Dennis Gilmore <dennis at ausil.us> - 2.6.1.4-2
+- remove the release conditionals
+
+* Sun May 06 2007 Dennis Gilmore <dennis at ausil.us> - 2.6.1.4-1
+- update to 2.6.1.4
+- use alternatives
+
* Mon Feb 19 2007 Dennis Gilmore <dennis at ausil.us> - 2.6.1.3-1
- update to 2.6.1.3 which fixes CVE-2006-5276
@@ -510,7 +584,7 @@
- moved /var/snort/dev/null creation to install time
* Tue Nov 21 2000 Chris Green <cmg at uab.edu>
-- changed to %{SnortPrefix}
+- changed to %%{SnortPrefix}
- upgrade to patch2
* Mon Jul 31 2000 Wim Vandersmissen <wim at bofh.st>
@@ -523,9 +597,9 @@
* Sat Jul 22 2000 Wim Vandersmissen <wim at bofh.st>
- Updated to version 1.6.3
-- Fixed the user/group stuff (moved to %post)
-- Added userdel/groupdel to %postun
-- Automagically adds the right IP, nameservers to %{_sysconfdir}/rules.base
+- Fixed the user/group stuff (moved to %%post)
+- Added userdel/groupdel to %%postun
+- Automagically adds the right IP, nameservers to %%{_sysconfdir}/rules.base
* Sat Jul 08 2000 Dave Wreski <dave at linuxsecurity.com>
- Updated to version 1.6.2
@@ -543,7 +617,7 @@
- Fixed permissions on /var/log/snort
- Created /var/log/snort/archive for archival of snort logs
- Added post/preun to add/remove snortd to/from rc?.d directories
-- Defined configuration files as %config
+- Defined configuration files as %%config
* Tue Mar 28 2000 William Stearns <wstearns at pobox.com>
- Quick update to 1.6.
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/snort/F-7/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sources 19 Feb 2007 21:36:01 -0000 1.8
+++ sources 1 Sep 2007 16:54:38 -0000 1.9
@@ -1 +1 @@
-8b46997afd728fbdaafdc9b1d0278b07 snort-2.6.1.3.tar.gz
+06d3fa0b326dcdca59a19811f32b013a snort-2.7.0.1.tar.gz
More information about the scm-commits
mailing list