Update to 2.6.1:
- Update the embedded SQLite library from 3.18.0 to 3.26.0 to
address a remote code execution vulnerability ("Magellan").
- Uses a bundled version of the actor-framework (caf) library so
we can remove the port-local build for caf.
Replace broctl-config.sh absolute symlink with a relative one.
Approved by: ler (mentor, implicit)
MFH: 2018Q4
Security: b80f039d-579e-4b82-95ad-b534a709f220
This commit is contained in:
Craig Leres
parent
b6218164f5
commit
dca411da1e
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=487823
5 changed files with 1109 additions and 255 deletions
|
|
@ -2,8 +2,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= bro
|
||||
PORTVERSION= 2.5.5
|
||||
PORTREVISION= 1
|
||||
PORTVERSION= 2.6.1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= https://www.bro.org/downloads/
|
||||
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
|
||||
|
|
@ -22,8 +21,6 @@ USES= bison cmake:outsource compiler:c++11-lang gettext-runtime ninja perl5 pyt
|
|||
CMAKE_ARGS+= -DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
|
||||
CXXFLAGS+= -std=c++11 -Wall
|
||||
|
||||
STAGEDIR2= ${STAGEDIR}-caf
|
||||
|
||||
SHEBANG_FILES= aux/broctl/aux/trace-summary/trace-summary
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
|
|
@ -41,6 +38,7 @@ CMAKE_ARGS+= -GNinja \
|
|||
-D BinPAC_SKIP_INSTALL:BOOL=true \
|
||||
-D INSTALL_AUX_TOOLS:BOOL=true \
|
||||
-D BUILD_SHARED_LIBS:BOOL=true \
|
||||
-D BUILD_STATIC_BROKER:BOOL=true \
|
||||
-D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
|
||||
|
||||
BROUSER?= bro
|
||||
|
|
@ -64,7 +62,7 @@ BROKER_DESC= Enable the Broker communication library
|
|||
IPSUMDUMP_DESC= Enables traffic summaries
|
||||
LBL_CF_DESC= Unix time to formated time/date filter support
|
||||
LBL_HF_DESC= Address to hostname filter support
|
||||
NETMAP_DESC= Native Netmap Packet IOSource for Bro
|
||||
NETMAP_DESC= Native Netmap Packet IOSource for Bro
|
||||
PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage
|
||||
|
||||
BROCTL_IMPLIES= BROCCOLI IPSUMDUMP
|
||||
|
|
@ -76,14 +74,10 @@ BROCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
|
|||
BROCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
|
||||
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR}
|
||||
BROCTL_CMAKE_BOOL= INSTALL_BROCTL
|
||||
BROCTL_USE= LDCONFIG=yes
|
||||
IPSUMDUMP_BUILD_DEPENDS=ipsumdump:net/ipsumdump
|
||||
IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump
|
||||
BROKER_BUILD_DEPENDS= swig3.0:devel/swig30
|
||||
BROKER_CMAKE_BOOL= ENABLE_BROKER
|
||||
BROKER_CMAKE_ON+= -DCAF_ROOT_DIR=${STAGEDIR2}${PREFIX}
|
||||
BROKER_GH_TUPLE= actor-framework:actor-framework:0.14.6:actor_framework
|
||||
BROKER_USE= GITHUB=nodefault
|
||||
DEBUG_CMAKE_BOOL= ENABLE_DEBUG
|
||||
LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
|
||||
LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
|
||||
|
|
@ -99,31 +93,6 @@ PYTHON_BUILD_DEPENDS= swig3.0:devel/swig30
|
|||
USE_RC_SUBR= bro
|
||||
.endif
|
||||
|
||||
CMAKE_ARGS2= -GNinja \
|
||||
-D CMAKE_INSTALL_PREFIX:PATH=${STAGEDIR2}${PREFIX} \
|
||||
-D CAF_BUILD_STATIC_ONLY:BOOL=yes \
|
||||
-D CAF_LOG_LEVEL:STRING=0 \
|
||||
-D CAF_NO_EXAMPLES:BOOL=yes \
|
||||
-D CAF_NO_OPENCL:BOOL=yes \
|
||||
-D CAF_NO_UNIT_TESTS:BOOL=yes
|
||||
|
||||
CONFIGURE_WRKSRC2= ${WRKDIR}/.build-caf
|
||||
BUILD_WRKSRC2= ${CONFIGURE_WRKSRC2}
|
||||
INSTALL_WRKSRC2= ${CONFIGURE_WRKSRC2}
|
||||
|
||||
# Build the version of caf this version of bro requires
|
||||
pre-configure-BROKER-on:
|
||||
${MKDIR} ${CONFIGURE_WRKSRC2}
|
||||
(cd ${CONFIGURE_WRKSRC2} && \
|
||||
${SETENV} ${CONFIGURE_ENV} \
|
||||
${CMAKE_BIN} ${CMAKE_ARGS2} ${WRKSRC_actor_framework})
|
||||
${MKDIR} ${STAGEDIR2}
|
||||
(cd ${BUILD_WRKSRC2} && \
|
||||
${SETENV} ${MAKE_ENV:NDESTDIR=*} \
|
||||
${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} install)
|
||||
${LN} -s libcaf_core_static.a ${STAGEDIR2}${PREFIX}/lib/libcaf_core.a
|
||||
${LN} -s libcaf_io_static.a ${STAGEDIR2}${PREFIX}/lib/libcaf_io.a
|
||||
|
||||
post-install-BROCTL-on:
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/logs
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp
|
||||
|
|
@ -132,6 +101,12 @@ post-install-BROCTL-on:
|
|||
.for F in broctl.cfg networks.cfg node.cfg
|
||||
${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.example
|
||||
.endfor
|
||||
${RM} ${STAGEDIR}${PREFIX}/share/broctl/scripts/broctl-config.sh
|
||||
${LN} -s ../../../spool/broctl-config.sh \
|
||||
${STAGEDIR}${PREFIX}/share/broctl/scripts/broctl-config.sh
|
||||
|
||||
post-install:
|
||||
${RM} -r ${STAGEDIR}${PREFIX}/share/bro/cmake
|
||||
|
||||
pre-install-BROCTL-on:
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
|
||||
|
|
@ -142,18 +117,4 @@ post-build-NETMAP-on:
|
|||
--install-root=${STAGEDIR}${PREFIX}/lib/bro/plugins && \
|
||||
make && make install)
|
||||
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1200000
|
||||
BUILD_DEPENDS+= ${NONEXISTENT}:security/openssl:stage
|
||||
CXXFLAGS+= -I${WRKDIR}/openssl/include
|
||||
OPENSSL_LDFLAGS+= -L${WRKDIR}/openssl/lib
|
||||
|
||||
# Don't use COPYTREE_SHARE here as it hard links files, and the original files
|
||||
# are owned by root, which creates problems of its own.
|
||||
pre-configure:
|
||||
@cd `${MAKE} -V STAGEDIR -C ${PORTSDIR}/security/openssl`${PREFIX} \
|
||||
&& ${FIND} -E . ! -name *.so* | ${CPIO} -dump ${WRKDIR}/openssl >/dev/null 2>&1
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
|
|
|||
|
|
@ -1,7 +1,5 @@
|
|||
TIMESTAMP = 1535578356
|
||||
SHA256 (bro-2.5.5.tar.gz) = 18f2aeb10b4d935d85c115a1e4a93464b9750be19b34997cf6196b29118e73cf
|
||||
SIZE (bro-2.5.5.tar.gz) = 18525979
|
||||
SHA256 (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = cbc2033896fe41e42604de2f74673971718a40684996650157484485755f7720
|
||||
SIZE (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = 1239451
|
||||
TIMESTAMP = 1545247794
|
||||
SHA256 (bro-2.6.1.tar.gz) = d9718b83fdae0c76eea5254a4b9470304c4d1d3778687de9a4fe0b5dffea521b
|
||||
SIZE (bro-2.6.1.tar.gz) = 28432762
|
||||
SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
|
||||
SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630
|
||||
|
|
|
|||
|
|
@ -1,85 +0,0 @@
|
|||
--- aux/broker/CMakeLists.txt.orig 2016-11-16 22:53:56 UTC
|
||||
+++ aux/broker/CMakeLists.txt
|
||||
@@ -2,7 +2,32 @@ project(broker C CXX)
|
||||
cmake_minimum_required(VERSION 2.8)
|
||||
include(cmake/CommonCMakeConfig.cmake)
|
||||
|
||||
-find_package(CAF COMPONENTS core io REQUIRED)
|
||||
+set(ENABLE_SHARED true)
|
||||
+
|
||||
+if ( ENABLE_STATIC_ONLY )
|
||||
+ set(ENABLE_STATIC true)
|
||||
+ set(ENABLE_SHARED false)
|
||||
+endif ()
|
||||
+
|
||||
+if ( ENABLE_STATIC )
|
||||
+ set(CAF_STATIC_ONLY true)
|
||||
+ find_package(CAF COMPONENTS core io REQUIRED)
|
||||
+ set(LINK_CAF_STATIC ${CAF_LIBRARIES})
|
||||
+endif ()
|
||||
+if ( ENABLE_SHARED )
|
||||
+ unset(CAF_STATIC_ONLY CACHE)
|
||||
+ unset(CAF_FOUND CACHE)
|
||||
+ unset(CAF_LIBRARIES CACHE)
|
||||
+ unset(CAF_LIBRARY_CORE CACHE)
|
||||
+ unset(CAF_STATIC_ONLY)
|
||||
+ unset(CAF_FOUND)
|
||||
+ unset(CAF_LIBRARIES)
|
||||
+ unset(CAF_LIBRARY_CORE)
|
||||
+ unset(CAF_LIBRARY_IO)
|
||||
+unset(CAF_LIBRARY_IO CACHE)
|
||||
+ find_package(CAF COMPONENTS core io REQUIRED)
|
||||
+ set(LINK_CAF_SHARED ${CAF_LIBRARIES})
|
||||
+endif ()
|
||||
|
||||
# Check for required CAF version.
|
||||
set(CAF_VERSION_REQUIRED 0.14)
|
||||
@@ -23,7 +48,6 @@ if ( ( CAF_VERSION VERSION_LESS ${CAF_VE
|
||||
endif ()
|
||||
|
||||
include_directories(BEFORE ${CAF_INCLUDE_DIRS})
|
||||
-set(LINK_LIBS ${LINK_LIBS} ${CAF_LIBRARIES})
|
||||
|
||||
find_package(RocksDB)
|
||||
|
||||
@@ -50,12 +74,6 @@ set(BROKER_VERSION
|
||||
${BROKER_VERSION_MAJOR}.${BROKER_VERSION_MINOR}.${BROKER_VERSION_PATCH})
|
||||
# The SO number shall increase only if binary interface changes.
|
||||
set(BROKER_SOVERSION 0)
|
||||
-set(ENABLE_SHARED true)
|
||||
-
|
||||
-if ( ENABLE_STATIC_ONLY )
|
||||
- set(ENABLE_STATIC true)
|
||||
- set(ENABLE_SHARED false)
|
||||
-endif ()
|
||||
|
||||
include(RequireCXX11)
|
||||
|
||||
@@ -147,21 +165,23 @@ if ( ENABLE_SHARED )
|
||||
# MACOSX_RPATH).
|
||||
INSTALL_NAME_DIR "@rpath"
|
||||
OUTPUT_NAME broker)
|
||||
- target_link_libraries(broker ${LINK_LIBS})
|
||||
+ target_link_libraries(broker ${LINK_LIBS} ${LINK_CAF_SHARED})
|
||||
install(TARGETS broker DESTINATION ${INSTALL_LIB_DIR})
|
||||
endif ()
|
||||
|
||||
if ( ENABLE_STATIC )
|
||||
add_library(brokerStatic STATIC ${BROKER_SRC})
|
||||
set_target_properties(brokerStatic PROPERTIES OUTPUT_NAME broker)
|
||||
- target_link_libraries(brokerStatic ${LINK_LIBS})
|
||||
+ target_link_libraries(brokerStatic ${LINK_LIBS} ${LINK_CAF_STATIC})
|
||||
install(TARGETS brokerStatic DESTINATION ${INSTALL_LIB_DIR})
|
||||
endif ()
|
||||
|
||||
add_subdirectory(bindings)
|
||||
|
||||
-enable_testing()
|
||||
-add_subdirectory(tests)
|
||||
+if ( !ENABLE_SHARED )
|
||||
+ enable_testing()
|
||||
+ add_subdirectory(tests)
|
||||
+endif ()
|
||||
|
||||
string(TOUPPER ${CMAKE_BUILD_TYPE} BuildType)
|
||||
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
--- aux/broker/cmake/FindCAF.cmake.orig 2016-11-16 22:53:56 UTC
|
||||
+++ aux/broker/cmake/FindCAF.cmake
|
||||
@@ -10,6 +10,8 @@
|
||||
# CAF_ROOT_DIR Set this variable either to an installation prefix or to wa
|
||||
# CAF build directory where to look for the CAF libraries.
|
||||
#
|
||||
+# CAF_STATIC_ONLY Find the static libraries of caf only.
|
||||
+#
|
||||
# Variables defined by this module:
|
||||
#
|
||||
# CAF_FOUND System has CAF headers and library
|
||||
@@ -34,11 +36,18 @@ foreach (comp ${CAF_FIND_COMPONENTS})
|
||||
"${CAF_ROOT_DIR}/include"
|
||||
"${CAF_ROOT_DIR}/../libcaf_${comp}")
|
||||
endif ()
|
||||
+ # give CAF_ROOT_DIR priority...
|
||||
+ find_path(CAF_INCLUDE_DIR_${UPPERCOMP}
|
||||
+ NAMES
|
||||
+ ${HDRNAME}
|
||||
+ HINTS
|
||||
+ ${header_hints}
|
||||
+ NO_DEFAULT_PATH)
|
||||
+ # ...then look in default locations if not found yet
|
||||
find_path(CAF_INCLUDE_DIR_${UPPERCOMP}
|
||||
NAMES
|
||||
${HDRNAME}
|
||||
HINTS
|
||||
- ${header_hints}
|
||||
/usr/include
|
||||
/usr/local/include
|
||||
/opt/local/include
|
||||
@@ -65,11 +74,24 @@ foreach (comp ${CAF_FIND_COMPONENTS})
|
||||
if (CAF_ROOT_DIR)
|
||||
set(library_hints "${CAF_ROOT_DIR}/lib")
|
||||
endif ()
|
||||
+ # Find dynamic or static library
|
||||
+ if (CAF_STATIC_ONLY)
|
||||
+ set(library_name "caf_${comp}_static")
|
||||
+ else ()
|
||||
+ set(library_name "caf_${comp}")
|
||||
+ endif ()
|
||||
+ # give CAF_ROOT_DIR priority...
|
||||
find_library(CAF_LIBRARY_${UPPERCOMP}
|
||||
NAMES
|
||||
- "caf_${comp}"
|
||||
+ ${library_name}
|
||||
HINTS
|
||||
${library_hints}
|
||||
+ NO_DEFAULT_PATH)
|
||||
+ # ...then look in default locations if not found yet
|
||||
+ find_library(CAF_LIBRARY_${UPPERCOMP}
|
||||
+ NAMES
|
||||
+ ${library_name}
|
||||
+ HINTS
|
||||
/usr/lib
|
||||
/usr/local/lib
|
||||
/opt/local/lib
|
||||
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue