diff options
author | Waldemar Brodkorb <wbx@openadk.org> | 2019-10-09 09:02:42 +0200 |
---|---|---|
committer | Waldemar Brodkorb <wbx@openadk.org> | 2019-10-09 10:31:33 +0200 |
commit | 8c1f85475b812061d442b7f599f6f5166186648d (patch) | |
tree | 6a171aa3a78fe31a380cd816cc347262792ff280 /package/snort/patches | |
parent | e18aa6ff00f17abbf594560f769989b4a240d471 (diff) |
snort/daq: update
Diffstat (limited to 'package/snort/patches')
6 files changed, 302 insertions, 107 deletions
diff --git a/package/snort/patches/patch-configure b/package/snort/patches/patch-configure index 3b197b010..915650ed6 100644 --- a/package/snort/patches/patch-configure +++ b/package/snort/patches/patch-configure @@ -1,6 +1,6 @@ ---- snort-2.9.5.orig/configure 2013-06-04 23:21:55.000000000 +0200 -+++ snort-2.9.5/configure 2013-07-17 11:07:20.000000000 +0200 -@@ -14205,50 +14205,6 @@ _ACEOF +--- snort-2.9.14.1.orig/configure 2019-08-02 08:33:43.000000000 +0200 ++++ snort-2.9.14.1/configure 2019-10-08 14:35:23.506350397 +0200 +@@ -14408,50 +14408,6 @@ _ACEOF fi @@ -51,7 +51,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -@@ -14578,45 +14534,6 @@ if test "x$LPCAP" = "xno"; then +@@ -14861,45 +14817,6 @@ if test "x$LPCAP" = "xno"; then fi fi @@ -97,9 +97,9 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_lib_version" >&5 $as_echo_n "checking for pcap_lib_version... " >&6; } -@@ -15432,38 +15349,7 @@ fi - done +@@ -15830,38 +15747,7 @@ fi + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for daq address space ID" >&5 -$as_echo_n "checking for daq address space ID... " >&6; } diff --git a/package/snort/patches/patch-configure_in b/package/snort/patches/patch-configure_in new file mode 100644 index 000000000..5ed8dc9f1 --- /dev/null +++ b/package/snort/patches/patch-configure_in @@ -0,0 +1,279 @@ +--- snort-2.9.14.1.orig/configure.in 2019-08-02 08:16:45.000000000 +0200 ++++ snort-2.9.14.1/configure.in 2019-10-08 14:40:16.073097068 +0200 +@@ -70,8 +70,10 @@ case "$host" in + *-linux*) + linux="yes" + AC_DEFINE([LINUX],[1],[Define if Linux]) +- AC_SUBST(extra_incl) +- extra_incl="-I/usr/include/pcap" ++ if test -z "x$with_libpcap_includes"; then ++ AC_SUBST(extra_incl) ++ extra_incl="-I/usr/include/pcap" ++ fi + ;; + *-hpux10*|*-hpux11*) + AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11]) +@@ -282,8 +284,8 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,i + AC_CHECK_TYPES([boolean]) + + # In case INADDR_NONE is not defined (like on Solaris) ++AC_CACHE_CHECK([for INADDR_NONE], [have_inaddr_none], [ + have_inaddr_none="no" +-AC_MSG_CHECKING([for INADDR_NONE]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ +@@ -296,7 +298,7 @@ AC_RUN_IFELSE( + return 0; + ]])], + [have_inaddr_none="yes"], +-[have_inaddr_none="no"]) ++[have_inaddr_none="no"])]) + AC_MSG_RESULT($have_inaddr_none) + if test "x$have_inaddr_none" = "xno"; then + AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) +@@ -429,7 +431,7 @@ if test "x$LPCAP" = "xno"; then + fi + + AC_MSG_CHECKING([for pcap_lex_destroy]) +-AC_RUN_IFELSE( ++AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include <pcap.h> +@@ -717,17 +719,11 @@ fi + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta] [daq_dp_add_dc]) + + AC_MSG_CHECKING([for daq real addresses]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.n_real_dPort = 0; +-]])], +-[have_daq_real_addresses="yes"], +-[have_daq_real_addresses="no"]) ++ ++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.n_real_dPort], ++ [have_daq_real_addresses="yes"], ++ [have_daq_real_addresses="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_real_addresses) + if test "x$have_daq_real_addresses" = "xyes"; then + AC_DEFINE([HAVE_DAQ_REAL_ADDRESSES],[1], +@@ -771,17 +767,11 @@ if test "x$ac_cv_func_daq_dp_add_dc" = " + fi + + AC_MSG_CHECKING([for daq address space ID]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.address_space_id = 0; +-]])], +-[have_daq_address_space_id="yes"], +-[have_daq_address_space_id="no"]) ++ ++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.address_space_id], ++ [have_daq_address_space_id="yes"], ++ [have_daq_address_space_id="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_address_space_id) + if test "x$have_daq_address_space_id" = "xyes"; then + AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], +@@ -789,17 +779,10 @@ if test "x$have_daq_address_space_id" = + fi + + AC_MSG_CHECKING([for daq flow ID]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.flow_id = 0; +-]])], +-[have_daq_flow_id="yes"], +-[have_daq_flow_id="no"]) ++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.flow_id], ++ [have_daq_flow_id="yes"], ++ [have_daq_flow_id="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_flow_id) + if test "x$have_daq_flow_id" = "xyes"; then + AC_DEFINE([HAVE_DAQ_FLOW_ID],[1], +@@ -807,19 +790,10 @@ if test "x$have_daq_flow_id" = "xyes"; t + fi + + AC_MSG_CHECKING([for daq extended flow modifiers]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_ModFlow_t mod; +- mod.type = 0; +- mod.length = 0; +- mod.value = NULL; +-]])], +-[have_daq_ext_modflow="yes"], +-[have_daq_ext_modflow="no"]) ++AC_CHECK_MEMBERS([DAQ_ModFlow_t mod.type, DAQ_ModFlow_t mod.length, DAQ_ModFlow_t mod.value], ++ [have_daq_ext_modflow="yes"], ++ [have_daq_ext_modflow="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_ext_modflow) + if test "x$have_daq_ext_modflow" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_EXT_MODFLOW" +@@ -828,19 +802,11 @@ if test "x$have_daq_ext_modflow" = "xyes + fi + + AC_MSG_CHECKING([for daq query flow]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_QueryFlow_t mod; +- mod.type = 0; +- mod.length = 0; +- mod.value = NULL; +-]])], +-[have_daq_queryflow="yes"], +-[have_daq_queryflow="no"]) ++ ++AC_CHECK_MEMBERS([DAQ_QueryFlow_t mod.type, DAQ_QueryFlow_t mod.length, DAQ_QueryFlow_t mod.value], ++ [have_daq_queryflow="yes"], ++ [have_daq_queryflow="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_queryflow) + if test "x$have_daq_queryflow" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_QUERYFLOW" +@@ -849,16 +815,11 @@ if test "x$have_daq_queryflow" = "xyes"; + fi + + AC_MSG_CHECKING([for daq data channel flags]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_Data_Channel_Params_t params; +-]])], +-[have_daq_data_channel_flags="yes"], +-[have_daq_data_channel_flags="no"]) ++ ++AC_CHECK_MEMBERS([DAQ_Data_Channel_Params_t params.flags], ++ [have_daq_data_channel_flags="yes"], ++ [have_daq_data_channel_flags="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_data_channel_flags) + if test "x$have_daq_data_channel_flags" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_PARAMS" +@@ -867,17 +828,10 @@ if test "x$have_daq_data_channel_flags" + fi + + AC_MSG_CHECKING([for separate IP versions on pinhole endpoints]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_DP_key_t dpKey; +- dpKey.src_af = 0; +-]])], +-[have_daq_data_channel_separate_ip_versions="yes"], +-[have_daq_data_channel_separate_ip_versions="no"]) ++AC_CHECK_MEMBERS([DAQ_DP_key_t dpKey.src_af], ++ [have_daq_data_channel_separate_ip_versions="yes"], ++ [have_daq_data_channel_separate_ip_versions="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_data_channel_separate_ip_versions) + if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_SEPARATE_IP_VERSIONS" +@@ -886,7 +840,7 @@ if test "x$have_daq_data_channel_separat + fi + + AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) +-AC_RUN_IFELSE( ++AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include <daq.h> +@@ -904,17 +858,10 @@ if test "x$have_daq_verdict_retry" = "xy + fi + + AC_MSG_CHECKING([for daq packet trace]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.flags = DAQ_PKT_FLAG_TRACE_ENABLED; +-]])], +-[have_daq_packet_trace="yes"], +-[have_daq_packet_trace="no"]) ++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.flags], ++ [have_daq_packet_trace="yes"], ++ [have_daq_packet_trace="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_packet_trace) + if test "x$have_daq_packet_trace" = "xyes"; then + AC_DEFINE([HAVE_DAQ_PKT_TRACE],[1], +@@ -924,17 +871,11 @@ else + fi + + AC_MSG_CHECKING([for daq verdict reason]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_ModFlow_t fl; +- fl.type = DAQ_MODFLOW_TYPE_VER_REASON; +-]])], +-[have_daq_verdict_reason="yes"], +-[have_daq_verdict_reason="no"]) ++ ++AC_CHECK_MEMBERS([DAQ_ModFlow_t fl.type], ++ [have_daq_verdict_reason="yes"], ++ [have_daq_verdict_reason="no"], ++ [[#include <daq.h>]]) + AC_MSG_RESULT($have_daq_verdict_reason) + if test "x$have_daq_verdict_reason" = "xyes"; then + AC_DEFINE([HAVE_DAQ_VERDICT_REASON],[1], +@@ -959,10 +900,8 @@ fi + + # check for sparc %time register + if eval "echo $host_cpu|grep -i sparc >/dev/null"; then +- OLD_CFLAGS="$CFLAGS" +- CFLAGS="$CFLAGS -mcpu=v9 " + AC_MSG_CHECKING([for sparc %time register]) +- AC_RUN_IFELSE( ++ AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[]], + [[ +@@ -974,8 +913,6 @@ if eval "echo $host_cpu|grep -i sparc >/ + AC_MSG_RESULT($sparcv9) + if test "x$sparcv9" = "xyes"; then + AC_DEFINE([SPARCV9],[1],[For sparc v9 with %time register]) +- else +- CFLAGS="$OLD_CFLAGS" + fi + fi + diff --git a/package/snort/patches/patch-src_dynamic-preprocessors_appid_service_plugins_service_rpc_c b/package/snort/patches/patch-src_dynamic-preprocessors_appid_service_plugins_service_rpc_c new file mode 100644 index 000000000..fee10a196 --- /dev/null +++ b/package/snort/patches/patch-src_dynamic-preprocessors_appid_service_plugins_service_rpc_c @@ -0,0 +1,11 @@ +--- snort-2.9.14.1.orig/src/dynamic-preprocessors/appid/service_plugins/service_rpc.c 2019-08-02 08:16:46.000000000 +0200 ++++ snort-2.9.14.1/src/dynamic-preprocessors/appid/service_plugins/service_rpc.c 2019-10-08 14:40:22.925536140 +0200 +@@ -32,7 +32,7 @@ + #include "flow.h" + #include "service_api.h" + +-#if defined(FREEBSD) || defined(OPENBSD) ++#if defined(FREEBSD) || defined(OPENBSD) || (defined(LINUX) && defined(__UCLIBC__) && !defined(__UCLIBC_HAS_RPC__) || !defined(__GLIBC__)) + #include "rpc/rpc.h" + #endif + diff --git a/package/snort/patches/patch-src_target-based_sf_attribute_table_parser_c b/package/snort/patches/patch-src_target-based_sf_attribute_table_parser_c deleted file mode 100644 index 4279b4a72..000000000 --- a/package/snort/patches/patch-src_target-based_sf_attribute_table_parser_c +++ /dev/null @@ -1,95 +0,0 @@ ---- snort-2.9.5.orig/src/target-based/sf_attribute_table_parser.c 2013-06-04 23:23:12.000000000 +0200 -+++ snort-2.9.5/src/target-based/sf_attribute_table_parser.c 2013-07-17 11:10:59.000000000 +0200 -@@ -73,7 +73,6 @@ typedef int flex_int32_t; - typedef unsigned char flex_uint8_t; - typedef unsigned short int flex_uint16_t; - typedef unsigned int flex_uint32_t; --#endif /* ! C99 */ - - /* Limits of integral types. */ - #ifndef INT8_MIN -@@ -104,6 +103,8 @@ typedef unsigned int flex_uint32_t; - #define UINT32_MAX (4294967295U) - #endif - -+#endif /* ! C99 */ -+ - #endif /* ! FLEXINT_H */ - - #ifdef __cplusplus -@@ -160,7 +161,15 @@ typedef unsigned int flex_uint32_t; - - /* Size of default input buffer. */ - #ifndef YY_BUF_SIZE -+#ifdef __ia64__ -+/* On IA-64, the buffer size is 16k, not 8k. -+ * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. -+ * Ditto for the __ia64__ case accordingly. -+ */ -+#define YY_BUF_SIZE 32768 -+#else - #define YY_BUF_SIZE 16384 -+#endif /* __ia64__ */ - #endif - - /* The state buf must be large enough to hold one state per character in the main buffer. -@@ -6264,7 +6273,7 @@ int sfat_parse(void); - /* Rules Section. - * All rules are in here prior to second "%%" seperator - */ --#line 6268 "sf_attribute_table_parser.c" -+#line 6277 "sf_attribute_table_parser.c" - - #define INITIAL 0 - #define waiting_for_comma_prior_to_data 1 -@@ -6345,7 +6354,12 @@ static int input (void ); - - /* Amount of stuff to slurp up with each read. */ - #ifndef YY_READ_BUF_SIZE -+#ifdef __ia64__ -+/* On IA-64, the buffer size is 16k, not 8k */ -+#define YY_READ_BUF_SIZE 16384 -+#else - #define YY_READ_BUF_SIZE 8192 -+#endif /* __ia64__ */ - #endif - - /* Copy whatever the last rule matched to the standard output. */ -@@ -6364,7 +6378,7 @@ static int input (void ); - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ -- unsigned n; \ -+ size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( sfatin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ -@@ -6448,7 +6462,7 @@ YY_DECL - - #line 100 "sf_attribute_table_parser.l" - --#line 6452 "sf_attribute_table_parser.c" -+#line 6466 "sf_attribute_table_parser.c" - - if ( !(yy_init) ) - { -@@ -6842,7 +6856,7 @@ YY_RULE_SETUP - #line 186 "sf_attribute_table_parser.l" - ECHO; - YY_BREAK --#line 6846 "sf_attribute_table_parser.c" -+#line 6860 "sf_attribute_table_parser.c" - - case YY_END_OF_BUFFER: - { -@@ -7558,8 +7572,8 @@ YY_BUFFER_STATE sfat_scan_string (yycons - - /** Setup the input buffer state to scan the given bytes. The next call to sfatlex() will - * scan from a @e copy of @a bytes. -- * @param bytes the byte buffer to scan -- * @param len the number of bytes in the buffer pointed to by @a bytes. -+ * @param yybytes the byte buffer to scan -+ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ diff --git a/package/snort/patches/patch-tools_u2boat_Makefile_in b/package/snort/patches/patch-tools_u2boat_Makefile_in index 495fab6c8..24fec7746 100644 --- a/package/snort/patches/patch-tools_u2boat_Makefile_in +++ b/package/snort/patches/patch-tools_u2boat_Makefile_in @@ -1,6 +1,6 @@ ---- snort-2.9.5.orig/tools/u2boat/Makefile.in 2013-06-04 23:21:53.000000000 +0200 -+++ snort-2.9.5/tools/u2boat/Makefile.in 2013-07-17 11:21:52.000000000 +0200 -@@ -256,7 +256,7 @@ top_builddir = @top_builddir@ +--- snort-2.9.14.1.orig/tools/u2boat/Makefile.in 2019-08-02 08:33:42.000000000 +0200 ++++ snort-2.9.14.1/tools/u2boat/Makefile.in 2019-10-08 14:35:23.514350918 +0200 +@@ -327,7 +327,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign u2boat_SOURCES = u2boat.c u2boat.h diff --git a/package/snort/patches/patch-tools_u2spewfoo_Makefile_in b/package/snort/patches/patch-tools_u2spewfoo_Makefile_in index a8f36785d..8583bebb6 100644 --- a/package/snort/patches/patch-tools_u2spewfoo_Makefile_in +++ b/package/snort/patches/patch-tools_u2spewfoo_Makefile_in @@ -1,6 +1,6 @@ ---- snort-2.9.5.orig/tools/u2spewfoo/Makefile.in 2013-06-04 23:21:54.000000000 +0200 -+++ snort-2.9.5/tools/u2spewfoo/Makefile.in 2013-07-17 11:24:18.000000000 +0200 -@@ -226,7 +226,7 @@ top_builddir = @top_builddir@ +--- snort-2.9.14.1.orig/tools/u2spewfoo/Makefile.in 2019-08-02 08:33:42.000000000 +0200 ++++ snort-2.9.14.1/tools/u2spewfoo/Makefile.in 2019-10-08 14:35:23.526351677 +0200 +@@ -298,7 +298,7 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign u2spewfoo_SOURCES = u2spewfoo.c |