Index: head/security/pulledpork/Makefile =================================================================== --- head/security/pulledpork/Makefile (revision 541041) +++ head/security/pulledpork/Makefile (revision 541042) @@ -1,63 +1,64 @@ # Created by: Olli Hauer # $FreeBSD$ PORTNAME= pulledpork PORTVERSION= 0.7.3 +PORTREVISION= 1 DISTVERSIONPREFIX= v CATEGORIES= security MASTER_SITES= GHL MAINTAINER= ohauer@FreeBSD.org COMMENT= Script to update snort-2.8+ rules LICENSE= GPLv2 RUN_DEPENDS= p5-Crypt-SSLeay>=0.57:security/p5-Crypt-SSLeay \ p5-LWP-Protocol-https>=6.00:www/p5-LWP-Protocol-https \ p5-libwww>=0:www/p5-libwww \ ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss NO_BUILD= yes USES= perl5 shebangfix USE_PERL5= run SHEBANG_FILES= ${WRKSRC}/pulledpork.pl ${WRKSRC}/contrib/oink-conv.pl SUB_FILES= pkg-message USE_GITHUB= yes GH_ACCOUNT= shirkdog OPTIONS_DEFINE= DOCS .include post-patch: @${REINPLACE_CMD} -e 's|^distro=FreeBSD-8.1|distro=FreeBSD-10-0|' \ -e 's|snort/enablesid.conf|pulledpork/enablesid.conf|g' \ -e 's|snort/dropsid.conf|pulledpork/dropsid.conf|g' \ -e 's|snort/disablesid.conf|pulledpork/disablesid.conf|g' \ -e 's|snort/modifysid.conf|pulledpork/modifysid.conf|g' \ -e "s|/usr/local/lib/snort_dynamicrules/|${PREFIX}/etc/snort/so_rules/|g" \ ${WRKSRC}/etc/pulledpork.conf do-install: ${INSTALL_SCRIPT} ${WRKSRC}/pulledpork.pl ${STAGEDIR}${PREFIX}/bin @${MKDIR} -m 750 ${STAGEDIR}${ETCDIR} # pulledpork.conf contains the snort user registration key, do not install world readable ${INSTALL} -m 640 ${WRKSRC}/etc/pulledpork.conf ${STAGEDIR}${ETCDIR}/pulledpork.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/disablesid.conf ${STAGEDIR}${ETCDIR}/disablesid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/dropsid.conf ${STAGEDIR}${ETCDIR}/dropsid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/enablesid.conf ${STAGEDIR}${ETCDIR}/enablesid.conf.sample ${INSTALL_DATA} ${WRKSRC}/etc/modifysid.conf ${STAGEDIR}${ETCDIR}/modifysid.conf.sample @${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/contrib/README.CONTRIB ${STAGEDIR}${DATADIR} ${INSTALL_SCRIPT} ${WRKSRC}/contrib/oink-conv.pl ${STAGEDIR}${DATADIR} do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}/README ${INSTALL_DATA} ${WRKSRC}/doc/README.CATEGORIES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.CHANGES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.RULESET ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/doc/README.SHAREDOBJECTS ${STAGEDIR}${DOCSDIR} .include Index: head/security/pulledpork/files/patch-README.md =================================================================== --- head/security/pulledpork/files/patch-README.md (nonexistent) +++ head/security/pulledpork/files/patch-README.md (revision 541042) @@ -0,0 +1,253 @@ +--- README.md.orig 2017-12-07 15:13:06 UTC ++++ README.md +@@ -1,13 +1,12 @@ +-pulledpork ++PulledPork + ========== + + PulledPork for Snort and Suricata rule management (from Google code) + + Find us on Freenode (IRC) [`#ppork`](https://webchat.freenode.net/?channels=ppork) + +-Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team! ++Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team! + +- + Thank you for choosing to use PulledPork! This file provides some basic + guidance on the usage of PulledPork. Please be sure to read this file + thoroughly so that you don't overlook something! +@@ -35,98 +34,75 @@ thoroughly so that you don't overlook something! + + ## Command Usage Reference + +- Usage: ./pulledpork.pl [-dEgHklnRTPVvv? -help] -c -o +- -O -s -D -S +- -p -C -t +- -h -H -I (security|connectivity|balanced) -i +- -b -e -M +- -r -K ++``` ++Usage: pulledpork.pl [-dEgHklnRTPVvv? -help] -c -o ++ -O -s -D -S ++ -p -C -t ++ -h -H -I (security|connectivity|balanced) -i ++ -b -e -M ++ -r -K + +- Options: +- +- -help/? Print this help info. +- +- -b Where the dropsid config file lives. +- +- -C Path to your snort.conf +- +- -c Where the pulledpork config file lives. +- +- -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. +- +- -D What Distro are you running on, for the so_rules +- Valid Distro Types: +- Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 +- FC-12, FC-14, RHEL-5-5, RHEL-6-0 +- FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3 +- OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 +- +- -e Where the enablesid config file lives. +- +- -E Write ONLY the enabled rules to the output files. +- +- -g grabonly (download tarball rule file(s) and do NOT process) +- +- -h path to the sid_changelog if you want to keep one? +- +- -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2) +- +- -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET) +- +- -i Where the disablesid config file lives. +- +- -k Keep the rules in separate files (using same file names as found when reading) +- +- -K Where (what directory) do you want me to put the separate rules files? +- +- -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) +- +- -L Where do you want me to read your local.rules for inclusion in sid-msg.map +- +- -m where do you want me to put the sid-msg.map file? +- +- -M where the modifysid config file lives. +- +- -n Do everything other than download of new files (disablesid, etc) +- +- -o Where do you want me to put generic rules file? +- +- -p Path to your Snort binary +- +- -P Process rules even if no new rules were downloaded +- +- -R When processing enablesid, return the rules to their ORIGINAL state +- +- -r Where do you want me to put the reference docs (xxxx.txt) +- +- -S What version of snort are you using +- +- -s Where do you want me to put the so_rules? +- +- -T Process text based rules files only, i.e. DO NOT process so_rules +- +- -u Where do you want me to pull the rules tarball from ++ Options: ++ -help/? Print this help info. ++ -b Where the dropsid config file lives. ++ -C Path to your snort.conf ++ -c Where the pulledpork config file lives. ++ -d Do not verify signature of rules tarball, i.e. downloading fron non VRT or ET locations. ++ -D What Distro are you running on, for the so_rules ++ For latest supported options see http://www.snort.org/snort-rules/shared-object-rules ++ Valid Distro Types: ++ Centos-5-4, Centos-6, Centos-7 ++ Debian-7, Debian-8, Debian-9 ++ FC-25, FC-26, FC-27, FC-30 ++ FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, FreeBSD-11, FreeBSD-12 ++ OpenBSD-5-2, OpenBSD-5-3, OpenBSD-6-2, OpenSUSE-15-0, OpenSUSE-42-3 ++ RHEL-5-5, RHEL-6, RHEL-6-0, RHEL-7 ++ Slackware-13-1, Slackware-14-2 ++ Ubuntu-14-4, Ubuntu-16-4, Ubuntu-17-10, Ubuntu-18-4 ++ -e Where the enablesid config file lives. ++ -E Write ONLY the enabled rules to the output files. ++ -g grabonly (download tarball rule file(s) and do NOT process) ++ -h path to the sid_changelog if you want to keep one? ++ -H Send signal_name to the pids listed in the config file (SIGHUP or SIGUSR2) ++ -I Specify a base ruleset( -I security,connectivity,or balanced, see README.RULESET) ++ -i Where the disablesid config file lives. ++ -k Keep the rules in separate files (using same file names as found when reading) ++ -K Where (what directory) do you want me to put the separate rules files? ++ -l Log Important Info to Syslog (Errors, Successful run etc, all items logged as WARN or higher) ++ -L Where do you want me to read your local.rules for inclusion in sid-msg.map ++ -m where do you want me to put the sid-msg.map file? ++ -M where the modifysid config file lives. ++ -n Do everything other than download of new files (disablesid, etc) ++ -o Where do you want me to put generic rules file? ++ -O Define the oinkcode on the command line (necessary for some users) ++ -p Path to your Snort binary ++ -P Process rules even if no new rules were downloaded ++ -R When processing enablesid, return the rules to their ORIGINAL state ++ -r Where do you want me to put the reference docs (xxxx.txt) ++ -S What version of snort are you using (2.8.6 or 2.9.0) are valid values ++ -s Where do you want me to put the so_rules? ++ -T Process text based rules files only, i.e. DO NOT process so_rules ++ -u Where do you want me to pull the rules tarball from + ** E.g., ET, Snort.org. See pulledpork config rule_url option for value ideas ++ -V Print Version and exit ++ -v Verbose mode, you know.. for troubleshooting and such nonsense. ++ -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. ++ -w Skip the SSL verification (if there are issues pulling down rule files) ++ -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration. ++ ``` + +- -V Print Version and exit + +- -v Verbose mode, you know.. for troubleshooting and such nonsense. +- +- -vv EXTRA Verbose mode, you know.. for in-depth troubleshooting and other such nonsense. +- +- -w Skip the SSL verification (if there are issues pulling down rule files) +- +- -W Where you want to work around the issue where some implementations of LWP do not work with pulledpork's proxy configuration. +- +- + ## Basic Usage Examples + + A simple example of how to use PulledPork would be to specify all of your configuration directives inside of the + `PulledPork.conf` file. Specifically for minimal function, i.e. NO Shared Object rule processing you must define + at a minimum the `rule_file`, `oinkcode`, `temp_path`, `tar_path`, and `rule_path` values. Below are some examples of this. + +- ./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ +- -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz -i disablesid.conf -T -H ++```bash ++./pulledpork.pl -o /usr/local/etc/snort/rules/ -O 12345667778523452344234234 \ ++ -u http://www.snort.org/reg-rules/snortrules-snapshot-2973.tar.gz \ ++ -i disablesid.conf -T -H ++``` + + The above will fetch the `snortrules-snapshot-2973.tar.gz` tarball from snort.org using the specified `oinkcode` of + `12345667778523452344234234` and put the rules files from that tarball into the output path of +@@ -134,11 +110,16 @@ The above will fetch the `snortrules-snapshot-2973.tar + `disablesid.conf` lives, and the `-T` option tells pulledpork to not process for any shared object rules and the final + `-H` option tells pulledpork to send a `Hangup` signal to the snort pid that you defined in the `pulledpork.conf`. + +- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H ++```bash ++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -T -H ++``` + + Similar to the first example but all options specified in the `pulledpork.conf` file (other than `disablesid` and `-H`)... + +- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -m /usr/local/etc/snort/sid-msg.map -Hn ++```bash ++./pulledpork.pl -c pulledpork.conf -i disablesid.conf \ ++ -m /usr/local/etc/snort/sid-msg.map -Hn ++``` + + The above will simply read the disablesid and disable as defined, then send a `Hangup` signal after generating the `sid-msg.map` + at the specified location without downloading anything. +@@ -147,25 +128,35 @@ Highly useful when tuning / making changes etc.. + Next example, snort inline with rules that we want to drop and disable, then `HUP` our daemons after creating a `sid-msg.map` + and writing change info to `sid_changes.log`! + +- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -m /usr/local/etc/snort/sid-msg.map \ +- -h /var/log/sid_changes.log -H ++```bash ++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ ++ -m /usr/local/etc/snort/sid-msg.map -h /var/log/sid_changes.log -H ++``` + + Next example, same as the previous but specifying that we want to run the default "security" based ruleset + and that we want to enable rules specified in `enablesid.conf`. + +- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ +- -h /var/log/sid_changes.log -I security -H ++```bash ++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ ++ -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ ++ -h /var/log/sid_changes.log -I security -H ++``` + + Next example, same as the previous but specifying that we want to `-K` (Keep) the originationg tarball names. + and write them to `/usr/local/etc/snort/rules/` + +- ./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ +- -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/ ++```bash ++./pulledpork.pl -c pulledpork.conf -i disablesid.conf -b dropsid.conf \ ++ -e enablesid.conf -m /usr/local/etc/snort/sid-msg.map \ ++ -h /var/log/sid_changes.log -I security -H -K /usr/local/etc/snort/rules/ ++``` + + For users of Suricata, the same steps are necessary for where your installation files reside, but all that pulledpork needs to process + rule files is the `-S` flag being set to `suricata-3.1.3` or whatever version of suricata you are using + +- ./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3 ++```bash ++./pulledpork.pl -c pulledpork.conf -S suricata-3.1.3 ++``` + + Pulledpork "should" work with Suricata and ET/ETPro rules. However there is no support for Talos rules to run on Suricata. + +@@ -173,11 +164,9 @@ Pulledpork "should" work with Suricata and ET/ETPro ru + + Please note that pulledpork runs rule modification (enable, drop, disable, modify) in that order by default.. + +-1: enable +- +-2: drop +- +-3: disable ++1. enable ++2. drop ++3. disable + + This means that disable rules will always take precedence.. thusly if you specify the same `gid:sid` + in enable and disable configuration files, then that sid will be disabled.. keep this in mind Property changes on: head/security/pulledpork/files/patch-README.md ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/pulledpork/files/patch-etc_modifysid.conf =================================================================== --- head/security/pulledpork/files/patch-etc_modifysid.conf (nonexistent) +++ head/security/pulledpork/files/patch-etc_modifysid.conf (revision 541042) @@ -0,0 +1,23 @@ +--- etc/modifysid.conf.orig 2017-12-07 15:13:06 UTC ++++ etc/modifysid.conf +@@ -2,6 +2,9 @@ + # + # Change history: + # ----------------------------------------------- ++# v1.2 2/28/2018 Scott Savarese ++# - Insert comments around using regex to match rules ++# + # v1.1 2/18/2011 Alan Ptak + # - Inserted comments around example elements that would otherwise modify rules + # +@@ -38,3 +41,10 @@ + # that it is a SNORTSAM block rule! + # 17803 "\(msg:"" "\(msg:"SNORTSAM "; + # 17803 "^\s*alert" "BLOCK"; ++ ++# A new regex formatting syntax is available: ++# regex:'PUT_REGEX_HERE' "what I'm replacing" "what I'm replacing it with" ++# This would allow users to manipulate groups of rules. This works the same ++# way as the signature based rules, but instead of matching a hardcoded set of ++# SID, it will go through all rules in GID:1 matching the regex against the ++# rule. Be sure to escape things like ( and ' Property changes on: head/security/pulledpork/files/patch-etc_modifysid.conf ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/pulledpork/files/patch-etc_pulledpork.conf =================================================================== --- head/security/pulledpork/files/patch-etc_pulledpork.conf (nonexistent) +++ head/security/pulledpork/files/patch-etc_pulledpork.conf (revision 541042) @@ -0,0 +1,34 @@ +--- etc/pulledpork.conf.orig 2017-12-07 15:13:06 UTC ++++ etc/pulledpork.conf +@@ -123,14 +123,17 @@ config_path=/usr/local/etc/snort/snort.conf + + # Define your distro, this is for the precompiled shared object libs! + # Valid Distro Types: +-# Debian-6-0, Ubuntu-10-4 +-# Ubuntu-12-04, Centos-5-4 +-# FC-12, FC-14, RHEL-5-5, RHEL-6-0 +-# FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0 +-# OpenBSD-5-2, OpenBSD-5-3 +-# OpenSUSE-11-4, OpenSUSE-12-1 +-# Slackware-13-1 +-distro=FreeBSD-8-1 ++# Alpine-3-10 ++# Centos-6 Centos-7 Centos-8 ++# Debian-8 Debian-9 Debian-10 ++# FC-27 FC-30 FC-31 ++# FreeBSD-11 FreeBSD-12 ++# OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5 ++# OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3 ++# RHEL-6 RHEL-7 RHEL-8 ++# Slackware-14-2 ++# Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10 ++distro=FreeBSD-12 + + ####### This next section is optional, but probably pretty useful to you. + ####### Please read thoroughly! +@@ -211,4 +214,4 @@ snort_control=/usr/local/bin/snort_control + ####### need to process so_rules, simply comment out the so_rule section + ####### you can also specify -T at runtime to process only GID 1 rules. + +-version=0.7.3 ++version=0.7.4 Property changes on: head/security/pulledpork/files/patch-etc_pulledpork.conf ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/pulledpork/files/patch-pulledpork.pl =================================================================== --- head/security/pulledpork/files/patch-pulledpork.pl (revision 541041) +++ head/security/pulledpork/files/patch-pulledpork.pl (revision 541042) @@ -1,28 +1,168 @@ ---- pulledpork.pl.orig 2017-12-07 15:13:06 UTC +--- pulledpork.pl.orig 2020-07-02 11:46:17 UTC +++ pulledpork.pl -@@ -90,9 +90,24 @@ if ($oSystem =~ /freebsd/i) { +@@ -2,7 +2,7 @@ + + ## pulledpork v(whatever it says below!) + +-# Copyright (C) 2009-2017 JJ Cummings, Michael Shirk and the PulledPork Team! ++# Copyright (C) 2009-2019 JJ Cummings, Michael Shirk and the PulledPork Team! + + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License +@@ -24,6 +24,7 @@ use File::Copy; + use LWP::UserAgent; + use HTTP::Request::Common; + use HTTP::Status qw (is_success); ++ + #use Crypt::SSLeay; + use Sys::Syslog; + use Digest::MD5; +@@ -41,8 +42,8 @@ use Data::Dumper; + + # we are gonna need these! + my ($oinkcode, $temp_path, $rule_file, $Syslogging); +-my $VERSION = "PulledPork v0.7.3"; +-my $HUMOR = "Making signature updates great again!"; ++my $VERSION = "PulledPork v0.7.4"; ++my $HUMOR = "Helping you protect your bitcoin wallet!"; + my $ua = LWP::UserAgent->new; + + #Read in proxy settings from the environment +@@ -90,9 +91,24 @@ if ($oSystem =~ /freebsd/i) { exit(1); } } + elsif (-e "/usr/local/share/certs/ca-root-nss.crt") { + $CAFile = "/usr/local/share/certs/ca-root-nss.crt"; + if (-r $CAFile) { + $ua->ssl_opts(SSL_ca_file => $CAFile); + } + else { + carp "ERROR: $CAFile is not readable by " + . (getpwuid($<))[0] . "\n"; + syslogit('err|local0', + "FATAL: ERROR: $CAFile is not readable by " + . (getpwuid($<))[0] . "\n") + if $Syslogging; + exit(1); + } + } else { carp - "ERROR: cert file does not exist (/etc/ssl/cert.pem or /usr/local/etc/ssl/cert.pem) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; + "ERROR: cert file does not exist (/etc/ssl/cert.pem, /usr/local/etc/ssl/cert.pem or /usr/local/share/certs/ca-root-nss.crt) Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n"; syslogit('err|local0', "FATAL: cert file does not exist. Ensure that the ca_root_nss port/pkg is installed, or use -w to skip SSL verification\n" ) if $Syslogging; +@@ -201,10 +217,16 @@ sub Help { + -D What Distro are you running on, for the so_rules + For latest supported options see http://www.snort.org/snort-rules/shared-object-rules + Valid Distro Types: +- Debian-6-0, Ubuntu-10-4, Ubuntu-12-04, Centos-5-4 +- FC-12, FC-14, RHEL-5-5, RHEL-6-0 +- FreeBSD-8-1, FreeBSD-9-0, FreeBSD-10-0, OpenBSD-5-2, OpenBSD-5-3 +- OpenSUSE-11-4, OpenSUSE-12-1, Slackware-13-1 ++ Alpine-3-10 ++ Centos-6 Centos-7 Centos-8 Debian-8 Debian-9 ++ Debian-10 ++ FC-27 FC-30 FC-31 ++ FreeBSD-11 FreeBSD-12 ++ OpenBSD-6-2 OpenBSD-6-4 OpenBSD-6-5 ++ OpenSUSE-15-0 OpenSUSE-15-1 OpenSUSE-42-3 ++ RHEL-6 RHEL-7 RHEL-8 ++ Slackware-14-2 ++ Ubuntu-14-4 Ubuntu-16-4 Ubuntu-17-10 Ubuntu-18-4 Ubuntu-19-10 + -e Where the enablesid config file lives. + -E Write ONLY the enabled rules to the output files. + -g grabonly (download tarball rule file(s) and do NOT process) +@@ -277,14 +299,27 @@ sub rule_extract { + $rule_file, $temp_path, $Distro, $arch, $Snort, + $Sorules, $ignore, $docs, $prefix + ) = @_; +- print "Prepping rules from $rule_file for work....\n" if !$Quiet; +- print "\textracting contents of $temp_path$rule_file...\n" +- if ($Verbose && !$Quiet); ++ ++ #special case to bypass file operations when -nPT are specified ++ my $BypassTar = 0; ++ if ($Textonly && $NoDownload && $Process) { ++ if ($rule_file =~ /opensource\.gz/) { ++ print "Skipping opensource.gz as -nPT was specified\n" if !$Quiet; ++ $BypassTar = 1; ++ } ++ } ++ if (!$BypassTar) { ++ print "Prepping rules from $rule_file for work....\n" if !$Quiet; ++ print "\textracting contents of $temp_path$rule_file...\n" ++ if ($Verbose && !$Quiet); ++ } + mkpath($temp_path . "tha_rules"); + mkpath($temp_path . "tha_rules/so_rules"); + my $tar = Archive::Tar->new(); +- $tar->read($temp_path . $rule_file); +- $tar->setcwd(cwd()); ++ if (!$BypassTar) { ++ $tar->read($temp_path . $rule_file); ++ $tar->setcwd(cwd()); ++ } + local $Archive::Tar::CHOWN = 0; + my @ignores = split(/,/, $ignore) if (defined $ignore); + +@@ -345,7 +380,8 @@ sub rule_extract { + } + elsif ($docs + && $filename =~ /^(doc\/signatures\/)?.*\.txt/ +- && -d $docs) ++ && -d $docs ++ && !$BypassTar) + { + $singlefile =~ s/^doc\/signatures\///; + $tar->extract_file("doc/signatures/$filename", +@@ -928,7 +964,21 @@ sub modify_sid { + } + undef @arry; + } ++ ++ # Handle use case where we want to modify multiple sids based on ++ # comment in rule (think multiple rules with same or similar comment) ++ if ( $_ =~ /^regex:'([^']+)'\s+"(.+)"\s+"(.*)"/ ) { ++ my ( $regex, $from, $to ) = ( $1, $2, $3 ); ++ # Go through each rule in gid:1 and look for matching rules ++ foreach my $sid ( sort keys( %{ $$href{1} } ) ) { ++ next unless ( $$href{1}{$sid}{'rule'} =~ /$regex/ ); ++ print "\tModifying SID:$sid from:$from to:$to\n" ++ if ( $Verbose && !$Quiet ); ++ $$href{1}{$sid}{'rule'} =~ s/$from/$to/; ++ } ++ } + } ++ + print "\tDone!\n" if !$Quiet; + close(FH); + } +@@ -1277,7 +1327,7 @@ sub rule_category_write { + ## write our blacklist and blacklist version file! + sub blacklist_write { + my ($href, $path) = @_; +- my $blv = $Config_info{'IPRVersion'} . "IPRVersion.dat"; ++ my $blv = $Config_info{'IPRVersion'} . "/IPRVersion.dat"; + my $blver = 0; + + # First lets be sure that our data is new, if not skip the rest of it! +@@ -1769,7 +1819,7 @@ if ($Verbose && !$Quiet) { + if (exists $Config_info{'version'}) { + croak "You are not using the current version of pulledpork.conf!\n", + "Please use the version of pulledpork.conf that shipped with $VERSION!\n\n" +- if $Config_info{'version'} ne "0.7.3"; ++ if $Config_info{'version'} ne "0.7.4"; + } + else { + croak +@@ -2118,6 +2168,7 @@ if (@base_url && -d $temp_path) { + } + } + elsif ($base_url =~ /emergingthreatspro.com/) { ++ $prefix = "ET-"; + + # These have to be handled separately, as emerginthreatspro will + # support a full version, but emergingthreats only supports the Index: head/security/pulledpork/files/pkg-message.in =================================================================== --- head/security/pulledpork/files/pkg-message.in (revision 541041) +++ head/security/pulledpork/files/pkg-message.in (revision 541042) @@ -1,22 +1,31 @@ [ { type: install message: < 'Subscriptions and Oinkcodes' EOM } +{ + type: upgrade + message: <