Date: Tue, 10 Aug 2021 19:54:08 GMT From: Dan Langille <dvl@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c2a4ab17ef5e - main - security/snort: Fixes for aarch64 and armv6/7 Message-ID: <202108101954.17AJs8wS098539@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by dvl: URL: https://cgit.FreeBSD.org/ports/commit/?id=c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a commit c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a Author: Dan Langille <dvl@FreeBSD.org> AuthorDate: 2021-08-10 19:49:49 +0000 Commit: Dan Langille <dvl@FreeBSD.org> CommitDate: 2021-08-10 19:52:05 +0000 security/snort: Fixes for aarch64 and armv6/7 This patch does a few things: 1. Update depends to a newer version of net/daq, in the ports tree for a long time already, but explicitly depend on it. 2. Split out corefiles separate from debug options 3. Switch from luajit to luajit-openresty so that snort can build on aarch64 4. Fix crashing on armv7 due to misaligned memory access (from mjg@) While here, in pkg-plist change deprecated @unexec to @postunexec PR: 257747 Reported by: brd --- security/snort/Makefile | 25 ++++++++++++++++++------- security/snort/pkg-plist | 2 +- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/security/snort/Makefile b/security/snort/Makefile index 6e17d69d19c0..942d2680b20b 100644 --- a/security/snort/Makefile +++ b/security/snort/Makefile @@ -2,6 +2,7 @@ PORTNAME= snort PORTVERSION= 2.9.18 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://snort.org/downloads/snort/ \ https://snort.org/downloads/archive/snort/ @@ -14,11 +15,11 @@ COMMENT= Lightweight network intrusion detection system LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= daq>=2.0.0:net/daq +BUILD_DEPENDS= daq>=2.2.2_3:net/daq LIB_DEPENDS= libpcre.so:devel/pcre \ libdnet.so:net/libdnet \ libpcap.so:net/libpcap -RUN_DEPENDS= daq>=2.0.0:net/daq +RUN_DEPENDS= daq>=2.2.2_3:net/daq USES= bison cpe libtool pathfix shebangfix ssl USE_RC_SUBR= snort @@ -41,7 +42,7 @@ OPTIONS_DEFINE= IPV6 GRE HA NORMALIZER DOCS APPID \ OPTIONS_GROUP= ADDONS DEV OPTIONS_GROUP_ADDONS= BARNYARD PULLEDPORK -OPTIONS_GROUP_DEV= DBGSNORT +OPTIONS_GROUP_DEV= DBGSNORT COREDUMPS OPTIONS_SUB= yes OPTIONS_DEFAULT= GRE NORMALIZER BARNYARD \ PERFPROFILE SOURCEFIRE PULLEDPORK @@ -60,9 +61,11 @@ ADDONS_DESC= Depend on 3rd party addons BARNYARD_DESC= Depend on barnyard2 (supports also snortsam) PULLEDPORK_DESC= Depend on pulledpork DEV_DESC= Developer options -DBGSNORT_DESC= Enable debugging symbols+core dumps +DBGSNORT_DESC= Enable debugging symbols +COREDUMPS_DESC= Enable core dumps -DBGSNORT_CONFIGURE_ENABLE= corefiles debug +COREDUMPS_CONFIGURE_ENABLE= corefiles +DBGSNORT_CONFIGURE_ENABLE= debug DBGSNORT_MAKE_ENV= DONTSTRIP="yes" GRE_CONFIGURE_ENABLE= gre LRGPCAP_CONFIGURE_ENABLE= large-pcap @@ -76,10 +79,18 @@ FILEINSPECT_CONFIGURE_ENABLE= file-inspect BARNYARD_RUN_DEPENDS= barnyard2:security/barnyard2 PULLEDPORK_RUN_DEPENDS= pulledpork.pl:security/pulledpork -APPID_LIB_DEPENDS= libluajit-5.1.so:lang/luajit -APPID_CONFIGURE_ENV+= luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.0" \ +APPID_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty +APPID_CONFIGURE_ENV+= luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.1" \ luajit_LIBS="-L${LOCALBASE}/lib -lluajit-5.1" +# Disable SIMD on 32-bit arm. Snort has numerous arbitrarily misaligned memory +# accesses and some of them cause faults. The kludge below combined with +# patch-configure seems to work around it well enough. +# +# Note the change is more aggressive than it possibly needs to be reduce surprises. +CFLAGS_armv6= -mfpu=vfpv3 +CFLAGS_armv7= -mfpu=vfpv3 + CONFIG_FILES= classification.config gen-msg.map reference.config \ snort.conf threshold.conf unicode.map file_magic.conf diff --git a/security/snort/pkg-plist b/security/snort/pkg-plist index a000dfcfcecf..b27c0008abae 100644 --- a/security/snort/pkg-plist +++ b/security/snort/pkg-plist @@ -320,7 +320,7 @@ src/snort_dynamicsrc/stream_api.h src/snort_dynamicsrc/treenodes.h src/snort_dynamicsrc/util_unfold.c src/snort_dynamicsrc/util_unfold.h -@unexec rmdir "/var/log/snort" >/dev/null 2>&1 || : +@postunexec rmdir "/var/log/snort" >/dev/null 2>&1 || : @dir src/snort_dynamicsrc @dir src %%PORTDOCS%%@dir %%DOCSDIR%%
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108101954.17AJs8wS098539>