From 773c57f4adf0427550e7c767051eb5bfcbeb2c50 Mon Sep 17 00:00:00 2001 From: Andrew Benson Date: Wed, 8 Apr 2020 19:56:10 -0500 Subject: [PATCH] zeek: rename from bro, update to 3.1.2 --- common/shlibs | 8 +- srcpkgs/binpac | 2 +- srcpkgs/binpac-devel | 2 +- srcpkgs/bro | 1 + srcpkgs/bro/files/bro/run | 10 -- srcpkgs/bro/patches/libressl.patch | 176 ---------------------------- srcpkgs/bro/patches/musl.patch | 74 ------------ srcpkgs/bro/template | 49 -------- srcpkgs/zeek-devel | 1 + srcpkgs/zeek/files/zeek/run | 10 ++ srcpkgs/zeek/patches/fix-musl.patch | 23 ++++ srcpkgs/zeek/template | 57 +++++++++ 12 files changed, 99 insertions(+), 314 deletions(-) create mode 120000 srcpkgs/bro delete mode 100644 srcpkgs/bro/files/bro/run delete mode 100644 srcpkgs/bro/patches/libressl.patch delete mode 100644 srcpkgs/bro/patches/musl.patch delete mode 100644 srcpkgs/bro/template create mode 120000 srcpkgs/zeek-devel create mode 100644 srcpkgs/zeek/files/zeek/run create mode 100644 srcpkgs/zeek/patches/fix-musl.patch create mode 100644 srcpkgs/zeek/template diff --git a/common/shlibs b/common/shlibs index 5f1a09de8dc..81582151b94 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3537,9 +3537,11 @@ libtexpdf.so.0 libtexpdf-0.9.5_1 libupstart.so.1 libupstart-1.13.3_1 librtas.so.2 librtas-2.0.2_1 librtasevent.so.2 librtas-2.0.2_1 -libbroker.so.0 bro-2.6.1_1 -libcaf_core.so.0.16.2 bro-2.6.1_1 -libcaf_openssl.so.0.16.2 bro-2.6.1_1 +libbroker.so.2 zeek-3.1.1_1 +libcaf_core.so.0.17.4 zeek-3.1.1_1 +libcaf_io.so.0.17.4 zeek-3.1.1_1 +libcaf_openssl.so.0.17.4 zeek-3.1.1_1 +libbinpac.so.0 zeek-3.1.1_1 libllhttp.so.1 llhttp-1.0.1_1 libpinyin.so.13 libpinyin-2.2.1_1 libuhd.so.3.15.0 uhd-3.15.0.0_1 diff --git a/srcpkgs/binpac b/srcpkgs/binpac index 52815503047..bd825eaacdb 120000 --- a/srcpkgs/binpac +++ b/srcpkgs/binpac @@ -1 +1 @@ -bro \ No newline at end of file +zeek \ No newline at end of file diff --git a/srcpkgs/binpac-devel b/srcpkgs/binpac-devel index 52815503047..bd825eaacdb 120000 --- a/srcpkgs/binpac-devel +++ b/srcpkgs/binpac-devel @@ -1 +1 @@ -bro \ No newline at end of file +zeek \ No newline at end of file diff --git a/srcpkgs/bro b/srcpkgs/bro new file mode 120000 index 00000000000..bd825eaacdb --- /dev/null +++ b/srcpkgs/bro @@ -0,0 +1 @@ +zeek \ No newline at end of file diff --git a/srcpkgs/bro/files/bro/run b/srcpkgs/bro/files/bro/run deleted file mode 100644 index 90eb6a59c0c..00000000000 --- a/srcpkgs/bro/files/bro/run +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -BROLOGDIR="/var/log/bro" - -[ -r conf ] && . ./conf - -[ -d ${BROLOGDIR} ] || mkdir -p ${BROLOGDIR} - -cd /var/log/bro -exec bro -i ${INTF:=eth0} ${BROPOLICY} diff --git a/srcpkgs/bro/patches/libressl.patch b/srcpkgs/bro/patches/libressl.patch deleted file mode 100644 index 31308629063..00000000000 --- a/srcpkgs/bro/patches/libressl.patch +++ /dev/null @@ -1,176 +0,0 @@ -From fc43d06955a255bce4162b459be4a6a3a11a178d Mon Sep 17 00:00:00 2001 -From: Jon Siwek -Date: Mon, 7 Jan 2019 11:35:17 -0600 -Subject: [PATCH] GH-227: Improve LibreSSL support - ---- - src/file_analysis/analyzer/x509/OCSP.cc | 16 ++++++++-------- - src/file_analysis/analyzer/x509/X509.cc | 2 +- - src/file_analysis/analyzer/x509/X509.h | 11 ++++++++--- - src/file_analysis/analyzer/x509/functions.bif | 6 +++--- - 4 files changed, 20 insertions(+), 15 deletions(-) - -diff --git src/file_analysis/analyzer/x509/OCSP.cc src/file_analysis/analyzer/x509/OCSP.cc -index bea88fc747..537d194906 100644 ---- src/file_analysis/analyzer/x509/OCSP.cc -+++ src/file_analysis/analyzer/x509/OCSP.cc -@@ -44,7 +44,7 @@ static Val* get_ocsp_type(RecordVal* args, const char* name) - - static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp, BIO* bio) - { --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - ASN1_OCTET_STRING* key = nullptr; - X509_NAME* name = nullptr; - -@@ -423,7 +423,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid) - - uint64 version = 0; - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - if ( req->tbsRequest->version ) - version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version); - #else -@@ -495,7 +495,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) - if ( !basic_resp ) - goto clean_up; - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - resp_data = basic_resp->tbsResponseData; - if ( !resp_data ) - goto clean_up; -@@ -506,7 +506,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) - vl->append(resp_val->Ref()); - vl->append(status_val); - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - vl->append(new Val((uint64)ASN1_INTEGER_get(resp_data->version), TYPE_COUNT)); - #else - vl->append(parse_basic_resp_data_version(basic_resp)); -@@ -526,7 +526,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) - } - - // producedAt --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - produced_at = resp_data->producedAt; - #else - produced_at = OCSP_resp_get0_produced_at(basic_resp); -@@ -551,7 +551,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) - // cert id - const OCSP_CERTID* cert_id = nullptr; - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - cert_id = single_resp->certId; - #else - cert_id = OCSP_SINGLERESP_get0_id(single_resp); -@@ -618,7 +618,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) - } - } - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm); - len = BIO_read(bio, buf, sizeof(buf)); - vl->append(new StringVal(len, buf)); -@@ -635,7 +635,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid) - certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType()); - vl->append(certs_vector); - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - certs = basic_resp->certs; - #else - certs = OCSP_resp_get0_certs(basic_resp); -diff --git src/file_analysis/analyzer/x509/X509.cc src/file_analysis/analyzer/x509/X509.cc -index 7571915207..600b3adb52 100644 ---- src/file_analysis/analyzer/x509/X509.cc -+++ src/file_analysis/analyzer/x509/X509.cc -@@ -290,7 +290,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext) - continue; - } - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - const char* name = (const char*) ASN1_STRING_data(gen->d.ia5); - #else - const char* name = (const char*) ASN1_STRING_get0_data(gen->d.ia5); -diff --git src/file_analysis/analyzer/x509/X509.h src/file_analysis/analyzer/x509/X509.h -index b808b676fe..91a5a7a5a1 100644 ---- src/file_analysis/analyzer/x509/X509.h -+++ src/file_analysis/analyzer/x509/X509.h -@@ -8,24 +8,27 @@ - #include "Val.h" - #include "X509Common.h" - --#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER) -+#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER) - - #define X509_get_signature_nid(x) OBJ_obj2nid((x)->sig_alg->algorithm) - - #endif - --#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || LIBRESSL_VERSION_NUMBER) -+#if ( OPENSSL_VERSION_NUMBER < 0x1010000fL ) || defined(LIBRESSL_VERSION_NUMBER) - - #define X509_OBJECT_new() (X509_OBJECT*)malloc(sizeof(X509_OBJECT)) - #define X509_OBJECT_free(a) free(a) - --#define OCSP_SINGLERESP_get0_id(s) (s)->certId - #define OCSP_resp_get0_certs(x) (x)->certs - - #define EVP_PKEY_get0_DSA(p) ((p)->pkey.dsa) - #define EVP_PKEY_get0_EC_KEY(p) ((p)->pkey.ec) - #define EVP_PKEY_get0_RSA(p) ((p)->pkey.rsa) - -+#if !defined(LIBRESSL_VERSION_NUMBER) || ( LIBRESSL_VERSION_NUMBER < 0x2070000fL ) -+ -+#define OCSP_SINGLERESP_get0_id(s) (s)->certId -+ - static X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) - { - if ( a == nullptr || a->type != X509_LU_X509 ) -@@ -57,6 +60,8 @@ static void RSA_get0_key(const RSA *r, - - #endif - -+#endif -+ - namespace file_analysis { - - class X509Val; -diff --git src/file_analysis/analyzer/x509/functions.bif src/file_analysis/analyzer/x509/functions.bif -index 0b18feb8fe..ec87a495b3 100644 ---- src/file_analysis/analyzer/x509/functions.bif -+++ src/file_analysis/analyzer/x509/functions.bif -@@ -115,7 +115,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs, - const ASN1_OCTET_STRING* key = nullptr; - const X509_NAME* name = nullptr; - --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId; - - if ( resp_id->type == V_OCSP_RESPID_NAME ) -@@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c - - // Because we actually want to be able to give nice error messages that show why we were - // not able to verify the OCSP response - do our own verification logic first. --#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) -+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) - signer = x509_get_ocsp_signer(basic->certs, basic); - #else - signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic); -@@ -714,7 +714,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa - uint32 cert_length; - if ( precert ) - { --#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER) -+#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER) - x->cert_info->enc.modified = 1; - cert_length = i2d_X509_CINF(x->cert_info, &cert_out); - #else diff --git a/srcpkgs/bro/patches/musl.patch b/srcpkgs/bro/patches/musl.patch deleted file mode 100644 index e8a2c6da9d5..00000000000 --- a/srcpkgs/bro/patches/musl.patch +++ /dev/null @@ -1,74 +0,0 @@ -https://github.com/danielguerra69/docker-bro-1 - ---- aux/binpac/lib/binpac.h.in.orig -+++ aux/binpac/lib/binpac.h.in -@@ -4,6 +4,7 @@ - #define binpac_h - - #include -+#include - - #cmakedefine HOST_BIGENDIAN - #ifdef HOST_BIGENDIAN - ---- src/OSFinger.h.orig -+++ src/OSFinger.h -@@ -166,3 +166,57 @@ - #define MATCHFUZZY 0x2 - - #endif -+ -+// For musl-libc -+#ifndef TCPOPT_EOL -+# define TCPOPT_EOL 0 -+#endif -+ -+#ifndef TCPOPT_NOP -+# define TCPOPT_NOP 1 -+#endif -+ -+#ifndef TCPOPT_MAXSEG -+# define TCPOPT_MAXSEG 2 -+#endif -+ -+#ifndef TCPOLEN_MAXSEG -+# define TCPOLEN_MAXSEG 4 -+#endif -+ -+#ifndef TCPOPT_WINDOW -+# define TCPOPT_WINDOW 3 -+#endif -+ -+#ifndef TCPOLEN_WINDOW -+# define TCPOLEN_WINDOW 3 -+#endif -+ -+#ifndef TCPOPT_SACK_PERMITTED -+# define TCPOPT_SACK_PERMITTED 4 /* Experimental */ -+#endif -+ -+#ifndef TCPOLEN_SACK_PERMITTED -+# define TCPOLEN_SACK_PERMITTED 2 -+#endif -+ -+#ifndef TCPOPT_SACK -+# define TCPOPT_SACK 5 /* Experimental */ -+#endif -+ -+#ifndef TCPOPT_TIMESTAMP -+# define TCPOPT_TIMESTAMP 8 -+#endif -+ -+#ifndef TCPOLEN_TIMESTAMP -+# define TCPOLEN_TIMESTAMP 10 -+#endif -+ -+#ifndef TCPOLEN_TSTAMP_APPA -+# define TCPOLEN_TSTAMP_APPA (TCPOLEN_TIMESTAMP+2) /* appendix A */ -+#endif -+ -+#ifndef TCPOPT_TSTAMP_HDR -+# define TCPOPT_TSTAMP_HDR \ -+ (TCPOPT_NOP<<24|TCPOPT_NOP<<16|TCPOPT_TIMESTAMP<<8|TCPOLEN_TIMESTAMP) -+#endif - diff --git a/srcpkgs/bro/template b/srcpkgs/bro/template deleted file mode 100644 index 4d453648771..00000000000 --- a/srcpkgs/bro/template +++ /dev/null @@ -1,49 +0,0 @@ -# Template file for 'bro' -pkgname=bro -version=2.6.4 -revision=1 -archs="x86_64* i686* aarch64* armv7* ppc64*" -build_style=cmake -hostmakedepends="flex pkg-config python3" -makedepends="bind-devel geoip-devel libpcap-devel libressl-devel jemalloc-devel" -short_desc="Advanced framework for network traffic analysis" -maintainer="Andrew Benson " -license="BSD-3-Clause" -homepage="https://www.bro.org" -distfiles="https://www.bro.org/downloads/bro-${version}.tar.gz" -checksum=a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7 -nocross="Needs to build part of itself to run, can't be built separately yet." - -case "$XBPS_TARGET_MACHINE" in - *-musl) - makedepends+=" musl-fts-devel" - ;; -esac - -pre_configure() { - case "$XBPS_TARGET_MACHINE" in - *-musl) - sed -i '/set(broxygen/i link_libraries("-lfts")' src/broxygen/CMakeLists.txt - ;; - esac -} - -post_install() { - vsv bro - vlicense COPYING -} - -binpac_package() { - short_desc+=" - protocol parser compiler" - pkg_install() { - vmove /usr/bin/binpac - } -} - -binpac-devel_package() { - short_desc+=" - protocol parser compiler library" - pkg_install() { - vmove /usr/include - vmove "/usr/lib/*.a" - } -} diff --git a/srcpkgs/zeek-devel b/srcpkgs/zeek-devel new file mode 120000 index 00000000000..bd825eaacdb --- /dev/null +++ b/srcpkgs/zeek-devel @@ -0,0 +1 @@ +zeek \ No newline at end of file diff --git a/srcpkgs/zeek/files/zeek/run b/srcpkgs/zeek/files/zeek/run new file mode 100644 index 00000000000..8d3fd5e36f2 --- /dev/null +++ b/srcpkgs/zeek/files/zeek/run @@ -0,0 +1,10 @@ +#!/bin/sh + +ZEEKLOGDIR="/var/log/zeek" + +[ -r conf ] && . ./conf + +[ -d ${ZEEKLOGDIR} ] || mkdir -p ${ZEEKLOGDIR} + +cd $ZEEKLOGDIR +exec zeek -i ${INTF:=eth0} ${ZEEKPOLICY} diff --git a/srcpkgs/zeek/patches/fix-musl.patch b/srcpkgs/zeek/patches/fix-musl.patch new file mode 100644 index 00000000000..b44bcb3d165 --- /dev/null +++ b/srcpkgs/zeek/patches/fix-musl.patch @@ -0,0 +1,23 @@ +--- CMakeLists.txt.orig ++++ CMakeLists.txt +@@ -322,18 +322,11 @@ + # if one specifies --with-openssl (which may be common). + include_directories(BEFORE ${OPENSSL_INCLUDE_DIR}) + +-# Alpine support +-if ( ${CMAKE_SYSTEM_NAME} MATCHES Linux AND EXISTS /etc/os-release ) +- execute_process( +- COMMAND grep -q alpine /etc/os-release +- RESULT_VARIABLE os_release_alpine +- ) +- +- if ( os_release_alpine EQUAL 0 ) ++# Void-musl support ++if ( IS_VOID_MUSL ) + find_package(FTS REQUIRED) + list(APPEND OPTLIBS ${FTS_LIBRARY}) + include_directories(BEFORE ${FTS_INCLUDE_DIR}) +- endif () + endif () + + set(zeekdeps ${zeekdeps} diff --git a/srcpkgs/zeek/template b/srcpkgs/zeek/template new file mode 100644 index 00000000000..080980c6016 --- /dev/null +++ b/srcpkgs/zeek/template @@ -0,0 +1,57 @@ +# Template file for 'zeek' +pkgname=zeek +version=3.1.2 +revision=1 +archs="x86_64* i686* aarch64* armv7* ppc64*" +build_style=cmake +hostmakedepends="flex pkg-config python3" +makedepends="bind-devel geoip-devel libpcap-devel libressl-devel jemalloc-devel" +short_desc="Advanced framework for network traffic analysis" +maintainer="Andrew Benson " +license="BSD-3-Clause" +homepage="https://www.zeek.org" +distfiles="https://old.zeek.org/downloads/zeek-${version}.tar.gz" +checksum=1858725fd6d04a1af3c2798c341529aa0d229e838b6476f036156dc5dd254aa1 +nocross="Needs to build part of itself to run, can't be built separately yet." + +if [ "$XBPS_TARGET_LIBC" = "musl" ]; then + makedepends+=" musl-fts-devel musl-legacy-compat" + configure_args+=" -DIS_VOID_MUSL=1" +fi + +post_install() { + vsv zeek + vlicense COPYING +} + +zeek-devel_package() { + short_desc+=" - development files" + pkg_install() { + vmove usr/include + vmove "usr/bin/*-config" + vmove "usr/lib/*.a" + vmove "usr/lib/*.so" + vmove usr/share/zeek/cmake + } +} + +bro_package() { + archs=noarch + build_style=meta + depends="${sourcepkg}>=${version}_${revision}" + short_desc="Advanced framework for network traffic analysis (transitional dummy package)" +} + +binpac_package() { + short_desc+=" - protocol parser compiler (transitional)" + build_style=meta + archs=noarch + depends="${sourcepkg}>=${version}_${revision}" +} + +binpac-devel_package() { + short_desc+=" - protocol parser compiler library (transitional)" + build_style=meta + archs=noarch + depends="${sourcepkg}>=${version}_${revision}" +}