snort/daq: update

package/daq/Makefile

@@ -4,15 +4,15 @@
 include $(ADK_TOPDIR)/rules.mk
 
 PKG_NAME:=		daq
-PKG_VERSION:=		2.0.0
-PKG_RELEASE:=		4
-PKG_HASH:=		fbafc8e362a96fcadc69731f91203ef90845507aae0a4774d5c2825e9d2c1c38
+PKG_VERSION:=		2.0.6
+PKG_RELEASE:=		1
+PKG_HASH:=		d41da5f7793e66044e6927dd868c0525e7ee4ec1a3515bf74ef9a30cd9273af0
 PKG_DESCR:=		data acquisition library
 PKG_SECTION:=		libs/misc
 PKG_DEPENDS:=		libpcap libdnet
 PKG_BUILDDEP:=		libpcap libdnet
 PKG_URL:=		http://www.snort.org
-PKG_SITES:=		http://distfiles.openadk.org/
+PKG_SITES:=		https://www.snort.org/downloads/snort/
 PKG_OPTS:=		dev
 PKG_NOPARALLEL:=	1
 

package/snort/Makefile

@@ -4,15 +4,15 @@
 include ${ADK_TOPDIR}/rules.mk
 
 PKG_NAME:=		snort
-PKG_VERSION:=		2.9.5
+PKG_VERSION:=		2.9.14.1
 PKG_RELEASE:=		1
-PKG_HASH:=		1f9997716e8c086c9d608294a55c323846877c8f16acd129a90ca5fadbba1890
+PKG_HASH:=		2472989da3aace000d1ea5931ece68f8e5cc0c511e272d65182113a2481e822d
 PKG_DESCR:=		flexible network intrusion detection system
 PKG_SECTION:=		net/security
 PKG_DEPENDS:=		libnet libpcap libpcre libtirpc daq
 PKG_BUILDDEP:=		libnet libpcap pcre libtirpc daq
 PKG_URL:=		http://www.snort.org/
-PKG_SITES:=		http://distfiles.openadk.org/
+PKG_SITES:=		https://www.snort.org/downloads/snort/
 PKG_NOPARALLEL:=	1
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
@@ -23,9 +23,12 @@ include ${ADK_TOPDIR}/mk/package.mk
 
 $(eval $(call PKG_template,SNORT,snort,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
+AUTOTOOL_STYLE:=	autoreconf
 TARGET_CPPFLAGS+=	-I$(STAGING_TARGET_DIR)/usr/include/tirpc
 TARGET_LDFLAGS+=	-ltirpc
+CONFIGURE_ENV+=		have_inaddr_none=yes
 CONFIGURE_ARGS+=	--disable-static-daq \
+			--disable-open-appid \
 			--with-libpcap-includes="${STAGING_TARGET_DIR}/usr/include" \
 			--with-libpcap-libraries="${STAGING_TARGET_DIR}/usr/lib" \
 			--with-libpcre-includes="${STAGING_TARGET_DIR}/usr/include" \

package/snort/patches/patch-configure

@@ -1,6 +1,6 @@
---- snort-2.9.5.orig/configure	2013-06-04 23:21:55.000000000 +0200
-+++ snort-2.9.5/configure	2013-07-17 11:07:20.000000000 +0200
-@@ -14205,50 +14205,6 @@ _ACEOF
+--- snort-2.9.14.1.orig/configure	2019-08-02 08:33:43.000000000 +0200
++++ snort-2.9.14.1/configure	2019-10-08 14:35:23.506350397 +0200
+@@ -14408,50 +14408,6 @@ _ACEOF
  fi
  
  
@@ -51,7 +51,7 @@
  
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
  /* end confdefs.h.  */
-@@ -14578,45 +14534,6 @@ if test "x$LPCAP" = "xno"; then
+@@ -14861,45 +14817,6 @@ if test "x$LPCAP" = "xno"; then
    fi
  fi
  
@@ -97,9 +97,9 @@
  
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_lib_version" >&5
  $as_echo_n "checking for pcap_lib_version... " >&6; }
-@@ -15432,38 +15349,7 @@ fi
- done
+@@ -15830,38 +15747,7 @@ fi
  
+ fi
  
 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for daq address space ID" >&5
 -$as_echo_n "checking for daq address space ID... " >&6; }

package/snort/patches/patch-configure_in

@@ -0,0 +1,279 @@
+--- snort-2.9.14.1.orig/configure.in	2019-08-02 08:16:45.000000000 +0200
++++ snort-2.9.14.1/configure.in	2019-10-08 14:40:16.073097068 +0200
+@@ -70,8 +70,10 @@ case "$host" in
+   *-linux*)
+     linux="yes"
+     AC_DEFINE([LINUX],[1],[Define if Linux])
+-    AC_SUBST(extra_incl)
+-    extra_incl="-I/usr/include/pcap"
++    if test -z "x$with_libpcap_includes"; then
++        AC_SUBST(extra_incl)
++        extra_incl="-I/usr/include/pcap"
++    fi
+     ;;
+   *-hpux10*|*-hpux11*)
+     AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11])
+@@ -282,8 +284,8 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,i
+ AC_CHECK_TYPES([boolean])
+ 
+ # In case INADDR_NONE is not defined (like on Solaris)
++AC_CACHE_CHECK([for INADDR_NONE], [have_inaddr_none], [
+ have_inaddr_none="no"
+-AC_MSG_CHECKING([for INADDR_NONE])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+@@ -296,7 +298,7 @@ AC_RUN_IFELSE(
+     return 0;
+ ]])],
+ [have_inaddr_none="yes"],
+-[have_inaddr_none="no"])
++[have_inaddr_none="no"])])
+ AC_MSG_RESULT($have_inaddr_none)
+ if test "x$have_inaddr_none" = "xno"; then
+ 	AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
+@@ -429,7 +431,7 @@ if test "x$LPCAP" = "xno"; then
+ fi
+ 
+ AC_MSG_CHECKING([for pcap_lex_destroy])
+-AC_RUN_IFELSE(
++AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+ #include <pcap.h>
+@@ -717,17 +719,11 @@ fi
+ AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta] [daq_dp_add_dc])
+ 
+ AC_MSG_CHECKING([for daq real addresses])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_PktHdr_t hdr;
+-   hdr.n_real_dPort = 0;
+-]])],
+-[have_daq_real_addresses="yes"],
+-[have_daq_real_addresses="no"])
++
++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.n_real_dPort],
++    [have_daq_real_addresses="yes"],
++    [have_daq_real_addresses="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_real_addresses)
+ if test "x$have_daq_real_addresses" = "xyes"; then
+     AC_DEFINE([HAVE_DAQ_REAL_ADDRESSES],[1],
+@@ -771,17 +767,11 @@ if test "x$ac_cv_func_daq_dp_add_dc" = "
+ fi
+ 
+ AC_MSG_CHECKING([for daq address space ID])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_PktHdr_t hdr;
+-   hdr.address_space_id = 0;
+-]])],
+-[have_daq_address_space_id="yes"],
+-[have_daq_address_space_id="no"])
++
++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.address_space_id],
++    [have_daq_address_space_id="yes"],
++    [have_daq_address_space_id="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_address_space_id)
+ if test "x$have_daq_address_space_id" = "xyes"; then
+     AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
+@@ -789,17 +779,10 @@ if test "x$have_daq_address_space_id" =
+ fi
+ 
+ AC_MSG_CHECKING([for daq flow ID])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_PktHdr_t hdr;
+-   hdr.flow_id = 0;
+-]])],
+-[have_daq_flow_id="yes"],
+-[have_daq_flow_id="no"])
++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.flow_id],
++    [have_daq_flow_id="yes"],
++    [have_daq_flow_id="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_flow_id)
+ if test "x$have_daq_flow_id" = "xyes"; then
+     AC_DEFINE([HAVE_DAQ_FLOW_ID],[1],
+@@ -807,19 +790,10 @@ if test "x$have_daq_flow_id" = "xyes"; t
+ fi
+ 
+ AC_MSG_CHECKING([for daq extended flow modifiers])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_ModFlow_t mod;
+-   mod.type = 0;
+-   mod.length = 0;
+-   mod.value = NULL;
+-]])],
+-[have_daq_ext_modflow="yes"],
+-[have_daq_ext_modflow="no"])
++AC_CHECK_MEMBERS([DAQ_ModFlow_t mod.type, DAQ_ModFlow_t mod.length, DAQ_ModFlow_t mod.value],
++    [have_daq_ext_modflow="yes"],
++    [have_daq_ext_modflow="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_ext_modflow)
+ if test "x$have_daq_ext_modflow" = "xyes"; then
+     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_EXT_MODFLOW"
+@@ -828,19 +802,11 @@ if test "x$have_daq_ext_modflow" = "xyes
+ fi
+ 
+ AC_MSG_CHECKING([for daq query flow])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_QueryFlow_t mod;
+-   mod.type = 0;
+-   mod.length = 0;
+-   mod.value = NULL;
+-]])],
+-[have_daq_queryflow="yes"],
+-[have_daq_queryflow="no"])
++
++AC_CHECK_MEMBERS([DAQ_QueryFlow_t mod.type, DAQ_QueryFlow_t mod.length, DAQ_QueryFlow_t mod.value],
++    [have_daq_queryflow="yes"],
++    [have_daq_queryflow="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_queryflow)
+ if test "x$have_daq_queryflow" = "xyes"; then
+     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_QUERYFLOW"
+@@ -849,16 +815,11 @@ if test "x$have_daq_queryflow" = "xyes";
+ fi
+ 
+ AC_MSG_CHECKING([for daq data channel flags])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_Data_Channel_Params_t params;
+-]])],
+-[have_daq_data_channel_flags="yes"],
+-[have_daq_data_channel_flags="no"])
++
++AC_CHECK_MEMBERS([DAQ_Data_Channel_Params_t params.flags],
++    [have_daq_data_channel_flags="yes"],
++    [have_daq_data_channel_flags="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_data_channel_flags)
+ if test "x$have_daq_data_channel_flags" = "xyes"; then
+     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_PARAMS"
+@@ -867,17 +828,10 @@ if test "x$have_daq_data_channel_flags"
+ fi
+ 
+ AC_MSG_CHECKING([for separate IP versions on pinhole endpoints])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_DP_key_t dpKey;
+-   dpKey.src_af = 0;
+-]])],
+-[have_daq_data_channel_separate_ip_versions="yes"],
+-[have_daq_data_channel_separate_ip_versions="no"])
++AC_CHECK_MEMBERS([DAQ_DP_key_t dpKey.src_af],
++    [have_daq_data_channel_separate_ip_versions="yes"],
++    [have_daq_data_channel_separate_ip_versions="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_data_channel_separate_ip_versions)
+ if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then
+     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_SEPARATE_IP_VERSIONS"
+@@ -886,7 +840,7 @@ if test "x$have_daq_data_channel_separat
+ fi
+ 
+ AC_MSG_CHECKING([for DAQ_VERDICT_RETRY])
+-AC_RUN_IFELSE(
++AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+ #include <daq.h>
+@@ -904,17 +858,10 @@ if test "x$have_daq_verdict_retry" = "xy
+ fi
+ 
+ AC_MSG_CHECKING([for daq packet trace])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_PktHdr_t hdr;
+-   hdr.flags = DAQ_PKT_FLAG_TRACE_ENABLED;
+-]])],
+-[have_daq_packet_trace="yes"],
+-[have_daq_packet_trace="no"])
++AC_CHECK_MEMBERS([DAQ_PktHdr_t hdr.flags],
++    [have_daq_packet_trace="yes"],
++    [have_daq_packet_trace="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_packet_trace)
+ if test "x$have_daq_packet_trace" = "xyes"; then
+     AC_DEFINE([HAVE_DAQ_PKT_TRACE],[1],
+@@ -924,17 +871,11 @@ else
+ fi
+ 
+ AC_MSG_CHECKING([for daq verdict reason])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+-   DAQ_ModFlow_t fl;
+-   fl.type = DAQ_MODFLOW_TYPE_VER_REASON;
+-]])],
+-[have_daq_verdict_reason="yes"],
+-[have_daq_verdict_reason="no"])
++
++AC_CHECK_MEMBERS([DAQ_ModFlow_t fl.type],
++    [have_daq_verdict_reason="yes"],
++    [have_daq_verdict_reason="no"],
++    [[#include <daq.h>]])
+ AC_MSG_RESULT($have_daq_verdict_reason)
+ if test "x$have_daq_verdict_reason" = "xyes"; then
+     AC_DEFINE([HAVE_DAQ_VERDICT_REASON],[1],
+@@ -959,10 +900,8 @@ fi
+ 
+ # check for sparc %time register
+ if eval "echo $host_cpu|grep -i sparc >/dev/null"; then
+-    OLD_CFLAGS="$CFLAGS"
+-    CFLAGS="$CFLAGS -mcpu=v9 "
+     AC_MSG_CHECKING([for sparc %time register])
+-    AC_RUN_IFELSE(
++    AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM(
+     [[]],
+     [[
+@@ -974,8 +913,6 @@ if eval "echo $host_cpu|grep -i sparc >/
+     AC_MSG_RESULT($sparcv9)
+     if test "x$sparcv9" = "xyes"; then
+         AC_DEFINE([SPARCV9],[1],[For sparc v9 with %time register])
+-    else
+-        CFLAGS="$OLD_CFLAGS"
+     fi
+ fi
+ 

package/snort/patches/patch-src_dynamic-preprocessors_appid_service_plugins_service_rpc_c

@@ -0,0 +1,11 @@
+--- snort-2.9.14.1.orig/src/dynamic-preprocessors/appid/service_plugins/service_rpc.c	2019-08-02 08:16:46.000000000 +0200
++++ snort-2.9.14.1/src/dynamic-preprocessors/appid/service_plugins/service_rpc.c	2019-10-08 14:40:22.925536140 +0200
+@@ -32,7 +32,7 @@
+ #include "flow.h"
+ #include "service_api.h"
+ 
+-#if defined(FREEBSD) || defined(OPENBSD)
++#if defined(FREEBSD) || defined(OPENBSD) || (defined(LINUX) && defined(__UCLIBC__) && !defined(__UCLIBC_HAS_RPC__) || !defined(__GLIBC__))
+ #include "rpc/rpc.h"
+ #endif
+ 

package/snort/patches/patch-src_target-based_sf_attribute_table_parser_c

@@ -1,95 +0,0 @@
---- snort-2.9.5.orig/src/target-based/sf_attribute_table_parser.c	2013-06-04 23:23:12.000000000 +0200
-+++ snort-2.9.5/src/target-based/sf_attribute_table_parser.c	2013-07-17 11:10:59.000000000 +0200
-@@ -73,7 +73,6 @@ typedef int flex_int32_t;
- typedef unsigned char flex_uint8_t; 
- typedef unsigned short int flex_uint16_t;
- typedef unsigned int flex_uint32_t;
--#endif /* ! C99 */
- 
- /* Limits of integral types. */
- #ifndef INT8_MIN
-@@ -104,6 +103,8 @@ typedef unsigned int flex_uint32_t;
- #define UINT32_MAX             (4294967295U)
- #endif
- 
-+#endif /* ! C99 */
-+
- #endif /* ! FLEXINT_H */
- 
- #ifdef __cplusplus
-@@ -160,7 +161,15 @@ typedef unsigned int flex_uint32_t;
- 
- /* Size of default input buffer. */
- #ifndef YY_BUF_SIZE
-+#ifdef __ia64__
-+/* On IA-64, the buffer size is 16k, not 8k.
-+ * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case.
-+ * Ditto for the __ia64__ case accordingly.
-+ */
-+#define YY_BUF_SIZE 32768
-+#else
- #define YY_BUF_SIZE 16384
-+#endif /* __ia64__ */
- #endif
- 
- /* The state buf must be large enough to hold one state per character in the main buffer.
-@@ -6264,7 +6273,7 @@ int sfat_parse(void);
- /* Rules Section.
-  * All rules are in here prior to second "%%" seperator
-  */
--#line 6268 "sf_attribute_table_parser.c"
-+#line 6277 "sf_attribute_table_parser.c"
- 
- #define INITIAL 0
- #define waiting_for_comma_prior_to_data 1
-@@ -6345,7 +6354,12 @@ static int input (void );
- 
- /* Amount of stuff to slurp up with each read. */
- #ifndef YY_READ_BUF_SIZE
-+#ifdef __ia64__
-+/* On IA-64, the buffer size is 16k, not 8k */
-+#define YY_READ_BUF_SIZE 16384
-+#else
- #define YY_READ_BUF_SIZE 8192
-+#endif /* __ia64__ */
- #endif
- 
- /* Copy whatever the last rule matched to the standard output. */
-@@ -6364,7 +6378,7 @@ static int input (void );
- 	if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \
- 		{ \
- 		int c = '*'; \
--		unsigned n; \
-+		size_t n; \
- 		for ( n = 0; n < max_size && \
- 			     (c = getc( sfatin )) != EOF && c != '\n'; ++n ) \
- 			buf[n] = (char) c; \
-@@ -6448,7 +6462,7 @@ YY_DECL
-     
- #line 100 "sf_attribute_table_parser.l"
- 
--#line 6452 "sf_attribute_table_parser.c"
-+#line 6466 "sf_attribute_table_parser.c"
- 
- 	if ( !(yy_init) )
- 		{
-@@ -6842,7 +6856,7 @@ YY_RULE_SETUP
- #line 186 "sf_attribute_table_parser.l"
- ECHO;
- 	YY_BREAK
--#line 6846 "sf_attribute_table_parser.c"
-+#line 6860 "sf_attribute_table_parser.c"
- 
- 	case YY_END_OF_BUFFER:
- 		{
-@@ -7558,8 +7572,8 @@ YY_BUFFER_STATE sfat_scan_string (yycons
- 
- /** Setup the input buffer state to scan the given bytes. The next call to sfatlex() will
-  * scan from a @e copy of @a bytes.
-- * @param bytes the byte buffer to scan
-- * @param len the number of bytes in the buffer pointed to by @a bytes.
-+ * @param yybytes the byte buffer to scan
-+ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes.
-  * 
-  * @return the newly allocated buffer state object.
-  */

package/snort/patches/patch-tools_u2boat_Makefile_in

@@ -1,6 +1,6 @@
---- snort-2.9.5.orig/tools/u2boat/Makefile.in	2013-06-04 23:21:53.000000000 +0200
-+++ snort-2.9.5/tools/u2boat/Makefile.in	2013-07-17 11:21:52.000000000 +0200
-@@ -256,7 +256,7 @@ top_builddir = @top_builddir@
+--- snort-2.9.14.1.orig/tools/u2boat/Makefile.in	2019-08-02 08:33:42.000000000 +0200
++++ snort-2.9.14.1/tools/u2boat/Makefile.in	2019-10-08 14:35:23.514350918 +0200
+@@ -327,7 +327,7 @@ top_builddir = @top_builddir@
  top_srcdir = @top_srcdir@
  AUTOMAKE_OPTIONS = foreign
  u2boat_SOURCES = u2boat.c u2boat.h

package/snort/patches/patch-tools_u2spewfoo_Makefile_in

@@ -1,6 +1,6 @@
---- snort-2.9.5.orig/tools/u2spewfoo/Makefile.in	2013-06-04 23:21:54.000000000 +0200
-+++ snort-2.9.5/tools/u2spewfoo/Makefile.in	2013-07-17 11:24:18.000000000 +0200
-@@ -226,7 +226,7 @@ top_builddir = @top_builddir@
+--- snort-2.9.14.1.orig/tools/u2spewfoo/Makefile.in	2019-08-02 08:33:42.000000000 +0200
++++ snort-2.9.14.1/tools/u2spewfoo/Makefile.in	2019-10-08 14:35:23.526351677 +0200
+@@ -298,7 +298,7 @@ top_builddir = @top_builddir@
  top_srcdir = @top_srcdir@
  AUTOMAKE_OPTIONS = foreign
  u2spewfoo_SOURCES = u2spewfoo.c