Hello,
Update for Suricata to 7.0.1:
https://github.com/OISF/suricata/releases/tag/suricata-7.0.1
OK? Comments?
Cheers.-
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/suricata/Makefile,v
retrieving revision 1.60
diff -u -p -r1.60 Makefile
--- Makefile 27 Sep 2023 16:34:37 -0000 1.60
+++ Makefile 18 Oct 2023 14:14:00 -0000
@@ -3,7 +3,7 @@ NOT_FOR_ARCHS = powerpc64 riscv64
COMMENT = high performance network IDS, IPS and security monitoring
-SURICATA_V = 6.0.12
+SURICATA_V = 7.0.1
SUPDATE_V = 1.2.7
DISTNAME = suricata-${SURICATA_V}
@@ -20,9 +20,8 @@ PERMIT_PACKAGE= Yes
SITES = https://www.openinfosecfoundation.org/download/
# uses pledge()
-WANTLIB += ${COMPILER_LIBCXX} c iconv jansson lz4 lzma m magic
-WANTLIB += maxminddb net nspr4 nss3 nssutil3 pcap pcre plc4 plds4
-WANTLIB += smime3 ssl3 yaml-0 z
+WANTLIB += ${COMPILER_LIBCXX} c elf iconv m pcap yaml-0 z
+WANTLIB += jansson lz4 magic maxminddb net pcre2-8
MODULES = lang/python
@@ -40,7 +39,7 @@ LIB_DEPENDS = archivers/lz4 \
devel/nspr \
devel/libyaml \
devel/libmagic \
- devel/pcre \
+ devel/pcre2 \
net/libnet/1.1 \
net/libmaxminddb \
security/nss
@@ -49,7 +48,7 @@ COMPILER = base-clang ports-gcc
DEBUG_PACKAGES = ${BUILD_PACKAGES}
CONFIGURE_STYLE = autoconf
-AUTOCONF_VERSION = 2.69
+AUTOCONF_VERSION = 2.71
AUTOMAKE_VERSION = 1.15
CONFIGURE_ENV = ac_cv_path_HAVE_PDFLATEX= \
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/suricata/distinfo,v
retrieving revision 1.20
diff -u -p -r1.20 distinfo
--- distinfo 3 Jul 2023 08:22:31 -0000 1.20
+++ distinfo 18 Oct 2023 14:14:00 -0000
@@ -1,2 +1,2 @@
-SHA256 (suricata-6.0.12.tar.gz) = BLIxYJNbAxl7CFwszJ2Ah1oz8RVYMFTRRgqw+2bYNLM=
-SIZE (suricata-6.0.12.tar.gz) = 27388535
+SHA256 (suricata-7.0.1.tar.gz) = YEfHX555qbDMbWx2MgJKQSaBK8IS9SrPXTyBPMfJ+ws=
+SIZE (suricata-7.0.1.tar.gz) = 23439262
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/security/suricata/patches/patch-configure_ac,v
retrieving revision 1.11
diff -u -p -r1.11 patch-configure_ac
--- patches/patch-configure_ac 3 Jul 2023 08:22:31 -0000 1.11
+++ patches/patch-configure_ac 18 Oct 2023 14:14:00 -0000
@@ -3,7 +3,7 @@ To remove the pid file, its directory mu
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
-@@ -2764,7 +2764,7 @@ if test "$WINDOWS_PATH" = "yes"; then
+@@ -2559,7 +2559,7 @@ if test "$WINDOWS_PATH" = "yes"; then
fi
else
EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/")
Index: patches/patch-doc_userguide_Makefile_in
===================================================================
RCS file: /cvs/ports/security/suricata/patches/patch-doc_userguide_Makefile_in,v
retrieving revision 1.6
diff -u -p -r1.6 patch-doc_userguide_Makefile_in
--- patches/patch-doc_userguide_Makefile_in 3 Jul 2023 08:22:31 -0000
1.6
+++ patches/patch-doc_userguide_Makefile_in 18 Oct 2023 14:14:00 -0000
@@ -3,32 +3,6 @@ Index: doc/userguide/Makefile.in
+++ doc/userguide/Makefile.in
@@ -1,3 +1,4 @@
+
- # Makefile.in generated by automake 1.16.1 from Makefile.am.
+ # Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-
-@@ -623,14 +624,14 @@ uninstall-man: uninstall-man1
- @HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \
- @HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \
- @HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \
--@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -W -b html -d
_build/doctrees \
-+@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -b html -d
_build/doctrees \
- @HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/html
-
- @HAVE_SPHINXBUILD_TRUE@_build/latex/Suricata.pdf:
- @HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \
- @HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \
- @HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \
--@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -W -b latex -d
_build/doctrees \
-+@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -b latex -d
_build/doctrees \
- @HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/latex
- # The Sphinx generated Makefile is GNU Make specific, so just do what
- # it does here - yes, multiple passes of pdflatex is required.
-@@ -650,7 +651,7 @@ uninstall-man: uninstall-man1
- @HAVE_SPHINXBUILD_TRUE@ sysconfdir=$(sysconfdir) \
- @HAVE_SPHINXBUILD_TRUE@ localstatedir=$(localstatedir) \
- @HAVE_SPHINXBUILD_TRUE@ version=$(PACKAGE_VERSION) \
--@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -W -b man -d
_build/doctrees \
-+@HAVE_SPHINXBUILD_TRUE@ $(SPHINX_BUILD) -b man -d
_build/doctrees \
- @HAVE_SPHINXBUILD_TRUE@ $(top_srcdir)/doc/userguide _build/man
- @HAVE_SPHINXBUILD_TRUE@ touch _build/man
Index: patches/patch-suricata-update_suricata_update_parsers_py
===================================================================
RCS file:
/cvs/ports/security/suricata/patches/patch-suricata-update_suricata_update_parsers_py,v
retrieving revision 1.2
diff -u -p -r1.2 patch-suricata-update_suricata_update_parsers_py
--- patches/patch-suricata-update_suricata_update_parsers_py 11 Mar 2022
19:54:07 -0000 1.2
+++ patches/patch-suricata-update_suricata_update_parsers_py 18 Oct 2023
14:14:00 -0000
@@ -1,7 +1,7 @@
Index: suricata-update/suricata/update/parsers.py
--- suricata-update/suricata/update/parsers.py.orig
+++ suricata-update/suricata/update/parsers.py
-@@ -41,7 +41,7 @@ global_arg = [
+@@ -46,7 +46,7 @@ global_arg = [
'help': "Be quiet, warning and error messages only"}),
(("-D", "--data-dir"),
{'metavar': '<directory>', 'dest': 'data_dir',
Index: patches/patch-suricata_yaml_in
===================================================================
RCS file: /cvs/ports/security/suricata/patches/patch-suricata_yaml_in,v
retrieving revision 1.17
diff -u -p -r1.17 patch-suricata_yaml_in
--- patches/patch-suricata_yaml_in 3 Jul 2023 08:22:31 -0000 1.17
+++ patches/patch-suricata_yaml_in 18 Oct 2023 14:14:00 -0000
@@ -9,7 +9,7 @@ about downloading rules.
Index: suricata.yaml.in
--- suricata.yaml.in.orig
+++ suricata.yaml.in
-@@ -80,6 +80,7 @@ outputs:
+@@ -84,6 +84,7 @@ outputs:
- fast:
enabled: yes
filename: fast.log
@@ -17,15 +17,15 @@ Index: suricata.yaml.in
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
-@@ -88,6 +89,7 @@ outputs:
+@@ -92,6 +93,7 @@ outputs:
enabled: @e_enable_evelog@
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: eve.json
+ filemode: 664
# Enable for multi-threaded eve.json output; output files are amended
with
- # with an identifier, e.g., eve.9.json
+ # an identifier, e.g., eve.9.json
#threaded: false
-@@ -307,6 +309,7 @@ outputs:
+@@ -334,6 +336,7 @@ outputs:
- http-log:
enabled: no
filename: http.log
@@ -33,7 +33,7 @@ Index: suricata.yaml.in
append: yes
#extended: yes # enable this for extended logging information
#custom: yes # enable the custom logging format (defined by
customformat)
-@@ -317,6 +320,7 @@ outputs:
+@@ -344,6 +347,7 @@ outputs:
- tls-log:
enabled: no # Log TLS connections.
filename: tls.log # File to store TLS logs.
@@ -41,7 +41,7 @@ Index: suricata.yaml.in
append: yes
#extended: yes # Log extended information like fingerprint
#custom: yes # enabled the custom logging format (defined by
customformat)
-@@ -364,6 +368,7 @@ outputs:
+@@ -391,6 +395,7 @@ outputs:
- pcap-log:
enabled: no
filename: log.pcap
@@ -49,7 +49,7 @@ Index: suricata.yaml.in
# File size limit. Can be specified in kb, mb, gb. Just a number
# is parsed as bytes.
-@@ -399,6 +404,7 @@ outputs:
+@@ -429,6 +434,7 @@ outputs:
- alert-debug:
enabled: no
filename: alert-debug.log
@@ -57,7 +57,7 @@ Index: suricata.yaml.in
append: yes
#filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'
-@@ -414,6 +420,7 @@ outputs:
+@@ -436,6 +442,7 @@ outputs:
- stats:
enabled: yes
filename: stats.log
@@ -65,7 +65,7 @@ Index: suricata.yaml.in
append: yes # append to file (yes) or overwrite it (no)
totals: yes # stats for all threads merged together
threads: no # per thread stats
-@@ -507,6 +514,7 @@ outputs:
+@@ -529,6 +536,7 @@ outputs:
enabled: no
type: file
filename: tcp-data.log
@@ -73,7 +73,7 @@ Index: suricata.yaml.in
# Log HTTP body data after normalization, de-chunking and unzipping.
# Two types: file or dir.
-@@ -520,6 +528,7 @@ outputs:
+@@ -542,6 +550,7 @@ outputs:
enabled: no
type: file
filename: http-data.log
@@ -81,22 +81,7 @@ Index: suricata.yaml.in
# Lua Output Support - execute lua script to generate alert and event
# output.
-@@ -566,12 +575,12 @@ logging:
- enabled: yes
- # type: json
- - file:
-- enabled: yes
-+ enabled: no
- level: info
- filename: suricata.log
- # type: json
- - syslog:
-- enabled: no
-+ enabled: yes
- facility: local5
- format: "[%i] <%d> -- "
- # type: json
-@@ -1010,9 +1019,9 @@ asn1-max-frames: 256
+@@ -1189,9 +1198,9 @@ datasets:
##
# Run Suricata with a specific user-id and group-id:
@@ -107,9 +92,9 @@ Index: suricata.yaml.in
+ user: _suricata
+ group: _suricata
- # Some logging modules will use that name in event as identifier. The default
- # value is the hostname
-@@ -1021,7 +1030,7 @@ asn1-max-frames: 256
+ security:
+ # if true, prevents process creation from Suricata by calling
+@@ -1221,7 +1230,7 @@ security:
# Default location of the pid file. The pid file is only used in
# daemon mode (start Suricata with -D). If not running in daemon mode
# the --pidfile command line option must be used to create a pid file.
@@ -118,7 +103,7 @@ Index: suricata.yaml.in
# Daemon working directory
# Suricata will change directory to this one if provided
-@@ -1920,14 +1929,38 @@ napatech:
+@@ -2137,14 +2146,38 @@ napatech:
#
hashmode: hash5tuplesorted
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/suricata/pkg/PLIST,v
retrieving revision 1.24
diff -u -p -r1.24 PLIST
--- pkg/PLIST 14 Feb 2023 21:14:14 -0000 1.24
+++ pkg/PLIST 18 Oct 2023 14:14:01 -0000
@@ -27,7 +27,6 @@ include/htp/htp_version.h
include/htp/lzma/
include/htp/lzma/7zTypes.h
include/htp/lzma/LzmaDec.h
-include/suricata-plugin.h
@static-lib lib/libhtp.a
lib/libhtp.la
@lib lib/libhtp.so.${LIBhtp_VERSION}
@@ -119,6 +118,12 @@ lib/suricata/python/suricata/update/conf
lib/suricata/python/suricata/update/configs/__init__.py
${MODPY_COMMENT}lib/suricata/python/suricata/update/configs/${MODPY_PYCACHE}/
lib/suricata/python/suricata/update/configs/${MODPY_PYCACHE}__init__.${MODPY_PYC_MAGIC_TAG}pyc
+lib/suricata/python/suricata/update/configs/disable.conf
+lib/suricata/python/suricata/update/configs/drop.conf
+lib/suricata/python/suricata/update/configs/enable.conf
+lib/suricata/python/suricata/update/configs/modify.conf
+lib/suricata/python/suricata/update/configs/threshold.in
+lib/suricata/python/suricata/update/configs/update.yaml
lib/suricata/python/suricata/update/data/
lib/suricata/python/suricata/update/data/__init__.py
${MODPY_COMMENT}lib/suricata/python/suricata/update/data/${MODPY_PYCACHE}/
@@ -176,6 +181,7 @@ share/suricata/rules/dns-events.rules
@sample ${SYSCONFDIR}/suricata/rules/dns-events.rules
share/suricata/rules/files.rules
@sample ${SYSCONFDIR}/suricata/rules/files.rules
+share/suricata/rules/ftp-events.rules
share/suricata/rules/http-events.rules
@sample ${SYSCONFDIR}/suricata/rules/http-events.rules
share/suricata/rules/http2-events.rules
@@ -190,6 +196,8 @@ share/suricata/rules/nfs-events.rules
@sample ${SYSCONFDIR}/suricata/rules/nfs-events.rules
share/suricata/rules/ntp-events.rules
@sample ${SYSCONFDIR}/suricata/rules/ntp-events.rules
+share/suricata/rules/quic-events.rules
+share/suricata/rules/rfb-events.rules
share/suricata/rules/smb-events.rules
@sample ${SYSCONFDIR}/suricata/rules/smb-events.rules
share/suricata/rules/smtp-events.rules