Update oinkmaster.conf to use HTTPS for the sample snort.org URLs to

protect the oinkcode from being exposed.  Also update the Snort version
in the URLs to 2.9.4.0 to match the current version of our Snort port.

Tweak the regexp that oinkmaster uses to validate HTTPS URLs so that it
won't treat a bad URL that starts with httpsssss:// as valid (this
regexp tweak was jointly worked on by me and maintainer).

regexp feedback zhuk@
OK Markus Lude (maintainer), earlier version OK sthen@

net/oinkmaster/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.18 2012/10/13 02:56:15 lteo Exp $
+# $OpenBSD: Makefile,v 1.19 2013/03/04 04:30:35 lteo Exp $
 
 COMMENT=	update your Snort rules
 
 DISTNAME=	oinkmaster-2.0
-REVISION=	1
+REVISION=	2
 CATEGORIES=	net security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=oinkmaster/}
 

net/oinkmaster/patches/patch-oinkmaster_conf

@@ -1,6 +1,6 @@
-$OpenBSD: patch-oinkmaster_conf,v 1.7 2012/10/13 02:56:15 lteo Exp $
---- oinkmaster.conf.orig	Sat Feb 18 07:35:21 2006
-+++ oinkmaster.conf	Sun Oct  7 21:38:12 2012
+$OpenBSD: patch-oinkmaster_conf,v 1.8 2013/03/04 04:30:35 lteo Exp $
+--- oinkmaster.conf.orig	Sat Feb 18 13:35:21 2006
++++ oinkmaster.conf	Thu Feb  7 22:15:47 2013
 @@ -27,7 +27,7 @@
  #
  # The location of the official Snort rules you should use depends
@@ -21,10 +21,10 @@ $OpenBSD: patch-oinkmaster_conf,v 1.7 2012/10/13 02:56:15 lteo Exp $
 -# 5a081649c06a277e1022e1284bdc8fabda70e2a4/snortrules-snapshot-2.4.tar.gz
 -# See the Oinkmaster FAQ Q1 and http://www.snort.org/rules/ for
 -# more information.
-+# http://www.snort.org/reg-rules/<filename>/<oinkcode>
++# https://www.snort.org/reg-rules/<filename>/<oinkcode>
 +# For example, if your code is 5a081649c06a277e1022e1284bdc8fabda70e2a4
-+# and you use Snort 2.9.3.1, the url to use would be (without the wrap):
-+# http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/
++# and you use Snort 2.9.4.0, the url to use would be (without the wrap):
++# https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/
 +# 5a081649c06a277e1022e1284bdc8fabda70e2a4
 +# See http://www.snort.org/snort-rules/cli for more information.
  
@@ -34,19 +34,19 @@ $OpenBSD: patch-oinkmaster_conf,v 1.7 2012/10/13 02:56:15 lteo Exp $
  
 -# Example for Snort 2.4
 -# url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2.4.tar.gz
-+# Example for Snort 2.9.3.1 registered user release
-+# url = http://www.snort.org/reg-rules/snortrules-snapshot-2931.tar.gz/<oinkcode>
++# Example for Snort 2.9.4.0 registered user release
++# url = https://www.snort.org/reg-rules/snortrules-snapshot-2940.tar.gz/<oinkcode>
  
 -# Example for Snort-current ("current" means cvs snapshots).
 -# url = http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-CURRENT.tar.gz
-+# Example for Snort 2.9.3.1 subscriber release
-+# url = http://www.snort.org/sub-rules/snortrules-snapshot-2931.tar.gz/<oinkcode>
++# Example for Snort 2.9.4.0 subscriber release
++# url = https://www.snort.org/sub-rules/snortrules-snapshot-2940.tar.gz/<oinkcode>
  
 -# Example for Community rules
 -# url = http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules.tar.gz
 +# Example for Snort edge rulepack (latest versioned rulepack)
 +# See http://www.snort.org/snort-rules/cli for details
-+# url = http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<oinkcode>
++# url = https://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/<oinkcode>
  
 -# Example for rules from the Bleeding Snort project
 -# url = http://www.bleedingsnort.com/bleeding.rules.tar.gz

net/oinkmaster/patches/patch-oinkmaster_pl

@@ -1,11 +1,40 @@
-$OpenBSD: patch-oinkmaster_pl,v 1.1 2012/10/13 02:56:15 lteo Exp $
---- oinkmaster.pl.orig	Sat Feb 18 07:35:21 2006
-+++ oinkmaster.pl	Sun Oct  7 21:54:11 2012
-@@ -771,6 +771,7 @@ sub sanity_check()
+$OpenBSD: patch-oinkmaster_pl,v 1.2 2013/03/04 04:30:35 lteo Exp $
+--- oinkmaster.pl.orig	Sat Feb 18 13:35:21 2006
++++ oinkmaster.pl	Thu Feb  7 22:16:27 2013
+@@ -770,7 +770,8 @@ sub sanity_check()
+     $#{$config{url}} = -1;
      foreach my $url (@urls) {
          clean_exit("incorrect URL: \"$url\"")
-           unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/
-+            || $url =~ /^((?:https*):\/\/www\.snort\.org\/(sub|reg)-rules\/.+\.tar\.gz\/[0-9a-f]{40})$/
+-          unless ($url =~ /^((?:https*|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/
++          unless ($url =~ /^((?:https?|ftp|file|scp):\/\/.+\.(?:tar\.gz|tgz))$/
++            || $url =~ /^((?:https?):\/\/www\.snort\.org\/(sub|reg)-rules\/.+\.tar\.gz\/[0-9a-f]{40})$/
              || $url =~ /^(dir:\/\/.+)/);
          my $ok_url = $1;
  
+@@ -791,7 +792,7 @@ sub sanity_check()
+   # Wget must be found if url is http[s]:// or ftp://.
+     if ($config{use_external_bins}) {
+         clean_exit("wget not found in PATH ($ENV{PATH}).")
+-          if ($config{'url'} =~ /^(https*|ftp):/ && !is_in_path("wget"));
++          if ($config{'url'} =~ /^(https?|ftp):/ && !is_in_path("wget"));
+     }
+ 
+   # scp must be found if scp://...
+@@ -895,7 +896,7 @@ sub download_file($ $)
+     @user_agent_opt = ("-U", $config{user_agent}) if (exists($config{user_agent}));
+ 
+   # Use wget if URL starts with "http[s]" or "ftp" and we use external binaries.
+-    if ($config{use_external_bins} && $url =~ /^(?:https*|ftp)/) {
++    if ($config{use_external_bins} && $url =~ /^(?:https?|ftp)/) {
+         print STDERR "Downloading file from $obfuscated_url... "
+           unless ($config{quiet});
+ 
+@@ -925,7 +926,7 @@ sub download_file($ $)
+         }
+ 
+   # Use LWP if URL starts with "http[s]" or "ftp" and use_external_bins=0.
+-    } elsif (!$config{use_external_bins} && $url =~ /^(?:https*|ftp)/) {
++    } elsif (!$config{use_external_bins} && $url =~ /^(?:https?|ftp)/) {
+         print STDERR "Downloading file from $obfuscated_url... "
+           unless ($config{quiet});
+