From owner-svn-ports-all@freebsd.org Sat Apr 4 12:44:36 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EDEEF2ABDDA; Sat, 4 Apr 2020 12:44:35 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48vc293ky6z3K1x; Sat, 4 Apr 2020 12:44:33 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2FF22212E4; Sat, 4 Apr 2020 12:44:05 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 034Ci46Y046460; Sat, 4 Apr 2020 12:44:04 GMT (envelope-from bofh@FreeBSD.org) Received: (from bofh@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 034Ci3b1046452; Sat, 4 Apr 2020 12:44:03 GMT (envelope-from bofh@FreeBSD.org) Message-Id: <202004041244.034Ci3b1046452@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bofh set sender to bofh@FreeBSD.org using -f From: Muhammad Moinur Rahman Date: Sat, 4 Apr 2020 12:44:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r530653 - in head: net/libdaq security/snort3 security/snort3/files X-SVN-Group: ports-head X-SVN-Commit-Author: bofh X-SVN-Commit-Paths: in head: net/libdaq security/snort3 security/snort3/files X-SVN-Commit-Revision: 530653 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2020 12:44:36 -0000 Author: bofh Date: Sat Apr 4 12:44:03 2020 New Revision: 530653 URL: https://svnweb.freebsd.org/changeset/ports/530653 Log: security/snort3: UNBREAK - Update version 3.0.0-258=>3.0.0-270 - Remove BUILD_DEPENDS and RUN_DEPENDS into LIB_DEPENDS - Change compiler to use c++14-lang - Make HYPERSCAN default for amd64 - Remove DEBUG_DESC and DOCS_DESC for the defaults DESC net/libdaq: Update version 3.0.0-alpha3=>3.0.0-alpha4 Submitted by: dvl MFH: 2020Q2 (buildtime fix) Differential Revision: https://reviews.freebsd.org/D24263 Added: head/security/snort3/files/patch-src_host__tracker_host__cache__allocator.cc (contents, props changed) head/security/snort3/files/patch-src_host__tracker_host__cache__allocator.h (contents, props changed) Deleted: head/security/snort3/files/patch-src_flow_ha.cc Modified: head/net/libdaq/Makefile head/net/libdaq/distinfo head/security/snort3/Makefile head/security/snort3/distinfo head/security/snort3/files/patch-src_file__api_file__cache.cc head/security/snort3/files/patch-src_main_analyzer.cc head/security/snort3/pkg-plist Modified: head/net/libdaq/Makefile ============================================================================== --- head/net/libdaq/Makefile Sat Apr 4 12:27:31 2020 (r530652) +++ head/net/libdaq/Makefile Sat Apr 4 12:44:03 2020 (r530653) @@ -3,7 +3,7 @@ PORTNAME= libdaq DISTVERSIONPREFIX= v -DISTVERSION= 3.0.0-alpha3 +DISTVERSION= 3.0.0-alpha4 CATEGORIES= net MAINTAINER= bofh@FreeBSD.org Modified: head/net/libdaq/distinfo ============================================================================== --- head/net/libdaq/distinfo Sat Apr 4 12:27:31 2020 (r530652) +++ head/net/libdaq/distinfo Sat Apr 4 12:44:03 2020 (r530653) @@ -1,3 +1,3 @@ -TIMESTAMP = 1572019559 -SHA256 (snort3-libdaq-v3.0.0-alpha3_GH0.tar.gz) = 5a54e804d57b4fa4e31bff331af3d5b96edcd6d45156805843275f6725097e40 -SIZE (snort3-libdaq-v3.0.0-alpha3_GH0.tar.gz) = 154109 +TIMESTAMP = 1585510481 +SHA256 (snort3-libdaq-v3.0.0-alpha4_GH0.tar.gz) = 7e5bb5487b774324156770b3505a9aa932c3fcf03d4a9aa905d286d2a71f996a +SIZE (snort3-libdaq-v3.0.0-alpha4_GH0.tar.gz) = 154832 Modified: head/security/snort3/Makefile ============================================================================== --- head/security/snort3/Makefile Sat Apr 4 12:27:31 2020 (r530652) +++ head/security/snort3/Makefile Sat Apr 4 12:44:03 2020 (r530653) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= snort -DISTVERSION= 3.0.0-258 +DISTVERSION= 3.0.0-270 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 @@ -13,20 +13,17 @@ COMMENT= Lightweight network intrusion detection syste LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE -BROKEN= fails to build - -BUILD_DEPENDS= libdaq>=0:net/libdaq \ - bash>0:shells/bash LIB_DEPENDS= libpcre.so:devel/pcre \ libdnet.so:net/libdnet \ libpcap.so:net/libpcap \ libluajit-5.1.so:lang/luajit \ - libhwloc.so:devel/hwloc -RUN_DEPENDS= libdaq>=0:net/libdaq + libhwloc.so:devel/hwloc \ + libuuid.so:misc/e2fsprogs-libuuid \ + libdaq.so:net/libdaq -USES= cmake compiler:c++11-lang cpe libtool localbase pathfix pkgconfig shebangfix ssl iconv - +USES= cmake compiler:c++14-lang cpe localbase pathfix pkgconfig shebangfix ssl iconv USE_GITHUB= yes + GH_ACCOUNT= snort3 GH_PROJECT= snort3 @@ -35,10 +32,9 @@ SHEBANG_FILES= tools/appid_detector_builder.sh OPTIONS_DEFINE= ADDRESSSANITIZER DEBUG DOCS FLATBUFFERS LARGEPCAP PIE THREADSANITIZER STATICDAQ OPTIONS_DEFINE_amd64= HYPERSCAN TSC OPTIONS_DEFAULT= STATICDAQ +OPTIONS_DEFAULT_amd64= HYPERSCAN ADDRESSSANITIZER_DESC= Enable address sanitizer -DEBUG_DESC= Enable debug -DOCS_DESC= Enable documentation FLATBUFFERS_DESC= Enable flatbuffers support HYPERSCAN_DESC= Enable high-performance regular expression lib LARGEPCAP_DESC= Enable support for pcaps larger than 2 GB @@ -56,9 +52,21 @@ STATICDAQ_CMAKE_BOOL= ENABLE_STATIC_DAQ THREADSANITIZER_CMAKE_BOOL= ENABLE_THREAD_SANITIZER TSC_CMAKE_BOOL= ENABLE_TSC_CLOCK -FLATBUFFERS_LIB_DEPENDS= libflatbuffers.so:devel/flatbuffers +FLATBUFFERS_LIB_DEPENDS=libflatbuffers.so:devel/flatbuffers HYPERSCAN_LIB_DEPENDS= libhs.so:devel/hyperscan CONFLICTS= snort-2* + +.include + +.if ${PORT_OPTIONS:MHYPERSCAN} +PLIST_SUB+= HYPERSCAN="" +.else +PLIST_SUB+= HYPERSCAN="@comment " +.endif + +post-patch: + ${REINPLACE_CMD} -e 's|_LIBDIR}/pkgconfig|_PREFIX}/libdata/pkgconfig|g' \ + ${WRKSRC}/cmake/create_pkg_config.cmake .include Modified: head/security/snort3/distinfo ============================================================================== --- head/security/snort3/distinfo Sat Apr 4 12:27:31 2020 (r530652) +++ head/security/snort3/distinfo Sat Apr 4 12:44:03 2020 (r530653) @@ -1,3 +1,3 @@ -TIMESTAMP = 1563993608 -SHA256 (snort3-snort3-3.0.0-258_GH0.tar.gz) = 93db0d36d18c22dd78caf46c6fdfb7121886784167b5e5b3e6fcbddddc2cdfe2 -SIZE (snort3-snort3-3.0.0-258_GH0.tar.gz) = 6361952 +TIMESTAMP = 1585861636 +SHA256 (snort3-snort3-3.0.0-270_GH0.tar.gz) = 06e127240c9c234b17f9ff22469dd21651374fac0fec8fceea9849a108bb3499 +SIZE (snort3-snort3-3.0.0-270_GH0.tar.gz) = 6537334 Modified: head/security/snort3/files/patch-src_file__api_file__cache.cc ============================================================================== --- head/security/snort3/files/patch-src_file__api_file__cache.cc Sat Apr 4 12:27:31 2020 (r530652) +++ head/security/snort3/files/patch-src_file__api_file__cache.cc Sat Apr 4 12:44:03 2020 (r530653) @@ -1,6 +1,6 @@ ---- src/file_api/file_cache.cc.orig 2019-04-10 20:51:55 UTC +--- src/file_api/file_cache.cc.orig 2020-03-25 14:13:20 UTC +++ src/file_api/file_cache.cc -@@ -134,7 +134,7 @@ FileContext* FileCache::add(const FileHashKey& hashKey +@@ -133,7 +133,7 @@ FileContext* FileCache::add(const FileHashKey& hashKey struct timeval now; packet_gettimeofday(&now); @@ -9,7 +9,7 @@ timeradd(&now, &time_to_add, &new_node.cache_expire_time); new_node.file = new FileContext; -@@ -187,7 +187,7 @@ FileContext* FileCache::find(const FileHashKey& hashKe +@@ -183,7 +183,7 @@ FileContext* FileCache::find(const FileHashKey& hashKe } struct timeval next_expire_time; @@ -18,7 +18,7 @@ timeradd(&now, &time_to_add, &next_expire_time); // Refresh the timer on the cache. -@@ -314,7 +314,7 @@ bool FileCache::apply_verdict(Packet* p, FileContext* +@@ -311,7 +311,7 @@ bool FileCache::apply_verdict(Packet* p, FileContext* if (!timerisset(&file_ctx->pending_expire_time)) { Added: head/security/snort3/files/patch-src_host__tracker_host__cache__allocator.cc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort3/files/patch-src_host__tracker_host__cache__allocator.cc Sat Apr 4 12:44:03 2020 (r530653) @@ -0,0 +1,26 @@ +--- src/host_tracker/host_cache_allocator.cc.orig 2020-04-04 01:57:20 UTC ++++ src/host_tracker/host_cache_allocator.cc +@@ -24,23 +24,6 @@ + #include "host_cache.h" + + template +-T* HostCacheAlloc::allocate(std::size_t n) +-{ +- size_t sz=n*sizeof(T); +- T* out=std::allocator::allocate(n); +- lru->update(sz); +- return out; +-} +- +-template +-void HostCacheAlloc::deallocate(T* p, std::size_t n) noexcept +-{ +- size_t sz = n*sizeof(T); +- std::allocator::deallocate(p, n); +- lru->update( -(int) sz); +-} +- +-template + HostCacheAllocIp::HostCacheAllocIp() + { + lru = &host_cache; Added: head/security/snort3/files/patch-src_host__tracker_host__cache__allocator.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/snort3/files/patch-src_host__tracker_host__cache__allocator.h Sat Apr 4 12:44:03 2020 (r530653) @@ -0,0 +1,25 @@ +--- src/host_tracker/host_cache_allocator.h.orig 2020-04-04 02:00:30 UTC ++++ src/host_tracker/host_cache_allocator.h +@@ -44,6 +44,22 @@ class HostCacheAlloc : public std::allocator (prote + HostCacheInterface* lru = 0; + }; + ++template ++T* HostCacheAlloc::allocate(std::size_t n) ++{ ++ size_t sz = n * sizeof(T); ++ T* out = std::allocator::allocate(n); ++ lru->update(sz); ++ return out; ++} ++ ++template ++void HostCacheAlloc::deallocate(T* p, std::size_t n) noexcept ++{ ++ size_t sz = n * sizeof(T); ++ std::allocator::deallocate(p, n); ++ lru->update(-(int) sz); ++} + + // Trivial derived allocator, pointing to their own host cache. + // HostCacheAllocIp has a HostCacheInterface* pointing to an lru cache Modified: head/security/snort3/files/patch-src_main_analyzer.cc ============================================================================== --- head/security/snort3/files/patch-src_main_analyzer.cc Sat Apr 4 12:27:31 2020 (r530652) +++ head/security/snort3/files/patch-src_main_analyzer.cc Sat Apr 4 12:44:03 2020 (r530653) @@ -1,11 +1,20 @@ ---- src/main/analyzer.cc.orig 2019-07-31 10:41:21 UTC +--- src/main/analyzer.cc.orig 2020-03-25 14:13:20 UTC +++ src/main/analyzer.cc -@@ -94,7 +94,7 @@ class RetryQueue (public) +@@ -95,7 +95,7 @@ class RetryQueue (public) RetryQueue(unsigned interval_ms) { assert(interval_ms > 0); -- interval = { interval_ms / 1000, (interval_ms % 1000) * 1000 }; +- interval = { interval_ms / 1000, static_cast((interval_ms % 1000) * 1000) }; + interval = { static_cast(interval_ms / 1000), static_cast( (interval_ms % 1000) * 1000 )}; } ~RetryQueue() +@@ -546,7 +546,7 @@ void Analyzer::idle() + struct timeval now, increment; + unsigned int timeout = SnortConfig::get_conf()->daq_config->timeout; + packet_gettimeofday(&now); +- increment = { timeout / 1000, static_cast((timeout % 1000) * 1000) }; ++ increment = { static_cast(timeout / 1000), static_cast((timeout % 1000) * 1000) }; + timeradd(&now, &increment, &now); + packet_time_update(&now); + Modified: head/security/snort3/pkg-plist ============================================================================== --- head/security/snort3/pkg-plist Sat Apr 4 12:27:31 2020 (r530652) +++ head/security/snort3/pkg-plist Sat Apr 4 12:44:03 2020 (r530653) @@ -3,8 +3,12 @@ bin/snort bin/snort2lua bin/u2boat bin/u2spewfoo +%%ETCDIR%%/balanced.lua +%%ETCDIR%%/connectivity.lua %%ETCDIR%%/file_magic.lua %%ETCDIR%%/inline.lua +%%ETCDIR%%/max_detect.lua +%%ETCDIR%%/security.lua %%ETCDIR%%/snort.lua %%ETCDIR%%/snort_defaults.lua %%ETCDIR%%/talos.lua @@ -66,11 +70,21 @@ include/snort/framework/range.h include/snort/framework/so_rule.h include/snort/framework/value.h include/snort/hash/ghash.h +include/snort/hash/hash_defs.h +include/snort/hash/hash_key_operations.h include/snort/hash/hashes.h -include/snort/hash/hashfcn.h +%%HYPERSCAN%%include/snort/helpers/hyper_scratch_allocator.h +%%HYPERSCAN%%include/snort/helpers/hyper_search.h include/snort/hash/lru_cache_shared.h include/snort/hash/xhash.h include/snort/helpers/base64_encoder.h +include/snort/helpers/boyer_moore_search.h +include/snort/helpers/literal_search.h +include/snort/helpers/scratch_allocator.h +include/snort/host_tracker/host_cache.h +include/snort/host_tracker/host_cache_allocator.h +include/snort/host_tracker/host_cache_interface.h +include/snort/host_tracker/host_tracker.h include/snort/log/log.h include/snort/log/log_text.h include/snort/log/messages.h @@ -103,7 +117,12 @@ include/snort/network_inspectors/appid/appid_session_a include/snort/network_inspectors/appid/appid_types.h include/snort/network_inspectors/appid/application_ids.h include/snort/network_inspectors/appid/http_xff_fields.h +include/snort/network_inspectors/appid/tp_appid_module_api.h +include/snort/network_inspectors/appid/tp_appid_session_api.h +include/snort/network_inspectors/appid/tp_appid_types.h include/snort/network_inspectors/packet_tracer/packet_tracer.h +include/snort/network_inspectors/reputation/reputation_common.h +include/snort/network_inspectors/rna/rna_logger.h include/snort/packet_io/active.h include/snort/packet_io/sfdaq.h include/snort/packet_io/sfdaq_instance.h @@ -115,6 +134,7 @@ include/snort/profiler/profiler_defs.h include/snort/profiler/rule_profiler_defs.h include/snort/profiler/time_profiler_defs.h include/snort/protocols/arp.h +include/snort/protocols/cisco_meta_data.h include/snort/protocols/eapol.h include/snort/protocols/eth.h include/snort/protocols/gre.h @@ -139,6 +159,9 @@ include/snort/protocols/udp.h include/snort/protocols/vlan.h include/snort/protocols/wlan.h include/snort/pub_sub/appid_events.h +include/snort/pub_sub/cip_events.h +include/snort/pub_sub/daq_message_event.h +include/snort/pub_sub/data_decrypt_event.h include/snort/pub_sub/expect_events.h include/snort/pub_sub/finalize_packet_event.h include/snort/pub_sub/http_events.h @@ -155,18 +178,19 @@ include/snort/target_based/snort_protocols.h include/snort/time/clock_defs.h include/snort/time/packet_time.h include/snort/time/stopwatch.h -include/snort/time/tsc_clock.h include/snort/utils/bitop.h +include/snort/utils/boyer_moore.h include/snort/utils/cpp_macros.h include/snort/utils/endian.h include/snort/utils/event_gen.h include/snort/utils/infractions.h include/snort/utils/kmap.h +include/snort/utils/memcap_allocator.h +include/snort/utils/util_ber.h include/snort/utils/primed_allocator.h include/snort/utils/safec.h include/snort/utils/segment_mem.h include/snort/utils/sflsq.h -include/snort/utils/sfmemcap.h include/snort/utils/stats.h include/snort/utils/util.h include/snort/utils/util_cstring.h