From nobody Tue Dec 14 11:19:16 2021
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7607918E3FB4;
	Tue, 14 Dec 2021 11:19:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JCwr51Bznz3mrf;
	Tue, 14 Dec 2021 11:19:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 09AA8273E3;
	Tue, 14 Dec 2021 11:19:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BEBJGc2053607;
	Tue, 14 Dec 2021 11:19:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BEBJGVT053606;
	Tue, 14 Dec 2021 11:19:16 GMT
	(envelope-from git)
Date: Tue, 14 Dec 2021 11:19:16 GMT
Message-Id: <202112141119.1BEBJGVT053606@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-branches@FreeBSD.org
From: Dries Michiels <driesm@FreeBSD.org>
Subject: git: d4f40889559c - 2021Q4 - security/suricata: Update to 6.0.4
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: driesm
X-Git-Repository: ports
X-Git-Refname: refs/heads/2021Q4
X-Git-Reftype: branch
X-Git-Commit: d4f40889559c3d9226ff4fca24ed06ade869f37d
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1639480757;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=+6PEwV6xLUPMSca7ncF0UqOlIEwibi3WHaLcZmbZeHo=;
	b=Oe3roOk6L6uejjJ5JhEHpwLfcXhwjOJOo37NpMWfX5G2diaM2wGUNm1hd1IMyuyk+XrkhJ
	k7Ym3LoFIsfTz4OYUZ1Y3XxZXKekirInvNkaq5Aq5IaTMxOiYtjjfjnY5hg06G3D3UMbU0
	NAC65bjJEUPCplP97VApiSYfvQ34fZ5pjYXfdJgBs07w2HX2mkemDovD0NqaXC30tD0GhN
	YHnybVcAa/PUkpZRakD7sz8jVjTsjctfT5YUUQzPjkxJo90sOGbdJvJVzxYvYJffsW+JXJ
	2mI60QTFPgajfDCuw5O6YwFyb10kQ2xGD23nYorIS/P2+4qpqlZbQfhactDDmg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639480757; a=rsa-sha256; cv=none;
	b=jKMlDnjmlLv5OBMCd95ICbpXq70DIhnPTSt0pLcgLuaDnj4+BKCGb9V2D2CkGK6kQXJWOO
	StXUKsAUsDC4uNQ1PvEsprnMiWquM6mIsIamt6BnSJ/0rmaGxBwz2T7lN1aA59W/TTBj0r
	qlcJK6y9uhKLQvnnSBKXcNEv0BWHSS85TX7/Lac7d9AmAn66hoYQE9U+sznKolA0ku+e88
	BwqywtM1KtiuH+5CCeTmFamvosHcpPTQU9VSEW7BMSyu8lQfqyikhqMMr5TJfn/toX+alh
	ucGPA3zb15CSwog00aFxsygfJlfZ0hhz3cwRJIUl4cHh5BMfh8vI6Thgv2i6Cw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch 2021Q4 has been updated by driesm:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d4f40889559c3d9226ff4fca24ed06ade869f37d

commit d4f40889559c3d9226ff4fca24ed06ade869f37d
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2021-12-08 14:56:50 +0000
Commit:     Dries Michiels <driesm@FreeBSD.org>
CommitDate: 2021-12-14 11:10:42 +0000

    security/suricata: Update to 6.0.4
    
    While here pet portfmt.
    
    Changes:                https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
    PR:                     260250
    Approved by:            0mp (mentor)
    MFH:                    2021Q4
    Differential Revision:  https://reviews.freebsd.org/D33335
    
    (cherry picked from commit 3571a07d68b7dbce0e19619e135fb76766c7af12)
---
 security/suricata/Makefile              | 71 +++++++++++++++---------------
 security/suricata/distinfo              |  6 +--
 security/suricata/files/patch-3c53a1601 | 78 ---------------------------------
 security/suricata/files/patch-powerpc   | 62 --------------------------
 security/suricata/pkg-plist             |  4 +-
 5 files changed, 41 insertions(+), 180 deletions(-)

diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index 18ee36286733..5a4c8d0d24df 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	suricata
-DISTVERSION=	6.0.3
-PORTREVISION=	2
+DISTVERSION=	6.0.4
 CATEGORIES=	security
 MASTER_SITES=	https://www.openinfosecfoundation.org/download/
 
@@ -12,43 +11,43 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	rustc:lang/${RUST_DEFAULT}
 LIB_DEPENDS=	libjansson.so:devel/jansson \
-		libpcre.so:devel/pcre \
-		libnet.so:net/libnet \
 		liblz4.so:archivers/liblz4 \
+		libnet.so:net/libnet \
+		libpcre.so:devel/pcre \
 		libyaml.so:textproc/libyaml
 
-USES=		autoreconf cpe gmake iconv:translit libtool localbase \
-		pathfix pkgconfig
+USES=		autoreconf cpe gmake iconv:translit libtool localbase pathfix \
+		pkgconfig
 
 CPE_VENDOR=	openinfosecfoundation
 
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	${PORTNAME}
 
-GNU_CONFIGURE=	yes
-CONFIGURE_ARGS+=--enable-gccprotect \
-		--enable-bundled-htp \
-	        --disable-gccmarch-native
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--disable-gccmarch-native \
+			--enable-bundled-htp \
+			--enable-gccprotect
 
-INSTALL_TARGET=		install-strip
-TEST_TARGET=		check
+INSTALL_TARGET=	install-strip
+TEST_TARGET=	check
 
 CONFLICTS_INSTALL=	libhtp
 
 SUB_FILES=	pkg-message
 PLIST_SUB=	PORTVERSION=${DISTVERSION:C/-/_/g}
 
-OPTIONS_DEFINE=		GEOIP IPFW NETMAP NSS PORTS_PCAP PRELUDE \
-			PYTHON REDIS TESTS
+OPTIONS_DEFINE=		GEOIP IPFW NETMAP NSS PORTS_PCAP PRELUDE PYTHON REDIS \
+			TESTS
 OPTIONS_DEFINE_amd64=	HYPERSCAN
 OPTIONS_DEFAULT=	IPFW NETMAP PYTHON
 
 OPTIONS_RADIO=		SCRIPTS
 OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT
 
-OPTIONS_SUB=		yes
+OPTIONS_SUB=	yes
 
-PRELUDE_BROKEN=		Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065
+PRELUDE_BROKEN=	Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065
 
 GEOIP_DESC=		GeoIP support
 HYPERSCAN_DESC=		Hyperscan support
@@ -64,32 +63,33 @@ REDIS_DESC=		Redis output support
 SCRIPTS_DESC=		Scripting
 TESTS_DESC=		Unit tests in suricata binary
 
-GEOIP_LIB_DEPENDS=		libmaxminddb.so:net/libmaxminddb
-GEOIP_CONFIGURE_ON=		--enable-geoip
+GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
+GEOIP_CONFIGURE_ON=	--enable-geoip
 
-HYPERSCAN_LIB_DEPENDS=		libhs.so:devel/hyperscan
+HYPERSCAN_LIB_DEPENDS=	libhs.so:devel/hyperscan
 
-IPFW_CONFIGURE_ON=		--enable-ipfw
+IPFW_CONFIGURE_ON=	--enable-ipfw
 
-LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit-openresty
-LUAJIT_CONFIGURE_ON=		--enable-luajit
+LUAJIT_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit-openresty
+LUAJIT_CONFIGURE_ON=	--enable-luajit
 
-LUA_USES=			lua:51
-LUA_CONFIGURE_ON=		--enable-lua
+LUA_USES=		lua:51
+LUA_CONFIGURE_ON=	--enable-lua
 
 NETMAP_CONFIGURE_ENABLE=	netmap
 
-NSS_LIB_DEPENDS=		libnss3.so:security/nss \
-				libnspr4.so:devel/nspr
-NSS_CONFIGURE_OFF=		--disable-nss --disable-nspr
+NSS_LIB_DEPENDS=	libnspr4.so:devel/nspr \
+			libnss3.so:security/nss
+NSS_CONFIGURE_OFF=	--disable-nspr \
+			--disable-nss
 
-PORTS_PCAP_LIB_DEPENDS=		libpcap.so.1:net/libpcap
+PORTS_PCAP_LIB_DEPENDS=	libpcap.so.1:net/libpcap
 
-PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude \
+PRELUDE_LIB_DEPENDS=		libgcrypt.so:security/libgcrypt \
 				libgnutls.so:security/gnutls \
-				libgcrypt.so:security/libgcrypt \
 				libgpg-error.so:security/libgpg-error \
-				libltdl.so:devel/libltdl
+				libltdl.so:devel/libltdl \
+				libprelude.so:security/libprelude
 PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
 PRELUDE_CONFIGURE_ENABLE=	prelude
 
@@ -99,11 +99,10 @@ PYTHON_USES=			python
 PYTHON_USE=			PYTHON=py3kplist
 PYTHON_CONFIGURE_ENABLE=	python
 
-REDIS_LIB_DEPENDS=		libhiredis.so:databases/hiredis \
-				libevent_pthreads.so:devel/libevent
-REDIS_CONFIGURE_ON=		--enable-hiredis \
-
-TESTS_CONFIGURE_ENABLE=		unittests
+REDIS_LIB_DEPENDS=	libevent_pthreads.so:devel/libevent \
+			libhiredis.so:databases/hiredis
+REDIS_CONFIGURE_ON=	--enable-hiredis
+TESTS_CONFIGURE_ENABLE=	unittests
 
 pre-patch:
 	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index 47cdde42ff52..d754df161699 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1628041281
-SHA256 (suricata-6.0.3.tar.gz) = daf134bb2d7c980035e9ae60f7aaf313323a809340009f26e48110ccde81f602
-SIZE (suricata-6.0.3.tar.gz) = 32421197
+TIMESTAMP = 1637246038
+SHA256 (suricata-6.0.4.tar.gz) = a8f197e33d1678689ebbf7bc1abe84934c465d22c504c47c2c7e9b74aa042d0d
+SIZE (suricata-6.0.4.tar.gz) = 32498036
diff --git a/security/suricata/files/patch-3c53a1601 b/security/suricata/files/patch-3c53a1601
deleted file mode 100644
index d70b3c563e5a..000000000000
--- a/security/suricata/files/patch-3c53a1601
+++ /dev/null
@@ -1,78 +0,0 @@
-From 3c53a1601b6f861f8b7f0cd0984b18e78291fe85 Mon Sep 17 00:00:00 2001
-From: Victor Julien <victor@inliniac.net>
-Date: Wed, 18 Aug 2021 20:14:48 +0200
-Subject: [PATCH] threading: don't pass locked flow between threads
-
-Previously the flow manager would share evicted flows with the workers
-while keeping the flows mutex locked. This reduced the number of unlock/
-lock cycles while there was guaranteed to be no contention.
-
-This turns out to be undefined behavior. A lock is supposed to be locked
-and unlocked from the same thread. It appears that FreeBSD is stricter on
-this than Linux.
-
-This patch addresses the issue by unlocking before handing a flow off
-to another thread, and locking again from the new thread.
-
-Issue was reported and largely analyzed by Bill Meeks.
-
-Bug: #4478
-(cherry picked from commit 9551cd05357925e8bec8e0030d5f98fd07f17839)
----
- src/flow-hash.c    | 1 +
- src/flow-manager.c | 2 +-
- src/flow-timeout.c | 1 +
- src/flow-worker.c  | 1 +
- 4 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/flow-hash.c b/src/flow-hash.c
-index ebbd836e81a..760bc53e0a8 100644
---- src/flow-hash.c
-+++ src/flow-hash.c
-@@ -669,6 +669,7 @@ static inline void MoveToWorkQueue(ThreadVars *tv, FlowLookupStruct *fls,
-         f->fb = NULL;
-         f->next = NULL;
-         FlowQueuePrivateAppendFlow(&fls->work_queue, f);
-+        FLOWLOCK_UNLOCK(f);
-     } else {
-         /* implied: TCP but our thread does not own it. So set it
-          * aside for the Flow Manager to pick it up. */
-diff --git a/src/flow-manager.c b/src/flow-manager.c
-index d58a49637d6..9228c88490c 100644
---- src/flow-manager.c
-+++ src/flow-manager.c
-@@ -333,9 +333,9 @@ static uint32_t ProcessAsideQueue(FlowManagerTimeoutThread *td, FlowTimeoutCount
-                 FlowForceReassemblyNeedReassembly(f) == 1)
-         {
-             FlowForceReassemblyForFlow(f);
-+            FLOWLOCK_UNLOCK(f);
-             /* flow ownership is passed to the worker thread */
- 
--            /* flow remains locked */
-             counters->flows_aside_needs_work++;
-             continue;
-         }
-diff --git a/src/flow-timeout.c b/src/flow-timeout.c
-index 972b35076bd..d6cca490087 100644
---- src/flow-timeout.c
-+++ src/flow-timeout.c
-@@ -401,6 +401,7 @@ static inline void FlowForceReassemblyForHash(void)
-                 RemoveFromHash(f, prev_f);
-                 f->flow_end_flags |= FLOW_END_FLAG_SHUTDOWN;
-                 FlowForceReassemblyForFlow(f);
-+                FLOWLOCK_UNLOCK(f);
-                 f = next_f;
-                 continue;
-             }
-diff --git a/src/flow-worker.c b/src/flow-worker.c
-index 69dbb6ac575..dccf3581dd5 100644
---- src/flow-worker.c
-+++ src/flow-worker.c
-@@ -168,6 +168,7 @@ static void CheckWorkQueue(ThreadVars *tv, FlowWorkerThreadData *fw,
- {
-     Flow *f;
-     while ((f = FlowQueuePrivateGetFromTop(fq)) != NULL) {
-+        FLOWLOCK_WRLOCK(f);
-         f->flow_end_flags |= FLOW_END_FLAG_TIMEOUT; //TODO emerg
- 
-         const FlowStateType state = f->flow_state;
diff --git a/security/suricata/files/patch-powerpc b/security/suricata/files/patch-powerpc
deleted file mode 100644
index e8b444747129..000000000000
--- a/security/suricata/files/patch-powerpc
+++ /dev/null
@@ -1,62 +0,0 @@
---- rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/mod.rs.orig	2020-03-17 20:35:43 UTC
-+++ rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/mod.rs
-@@ -1486,6 +1486,9 @@ cfg_if! {
-     } else if #[cfg(target_arch = "powerpc64")] {
-         mod powerpc64;
-         pub use self::powerpc64::*;
-+    } else if #[cfg(target_arch = "powerpc")] {
-+        mod powerpc;
-+        pub use self::powerpc::*;
-     } else {
-         // Unknown target_arch
-     }
---- rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/powerpc.rs.orig	2021-06-23 22:40:24 UTC
-+++ rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/powerpc.rs
-@@ -0,0 +1,47 @@
-+pub type c_char = u8;
-+pub type c_long = i32;
-+pub type c_ulong = u32;
-+pub type wchar_t = i32;
-+pub type time_t = i64;
-+pub type suseconds_t = i32;
-+pub type register_t = i32;
-+
-+s! {
-+    pub struct stat {
-+        pub st_dev: ::dev_t,
-+        pub st_ino: ::ino_t,
-+        pub st_mode: ::mode_t,
-+        pub st_nlink: ::nlink_t,
-+        pub st_uid: ::uid_t,
-+        pub st_gid: ::gid_t,
-+        pub st_rdev: ::dev_t,
-+        pub st_atime: ::time_t,
-+        pub st_atime_nsec: ::c_long,
-+        pub st_mtime: ::time_t,
-+        pub st_mtime_nsec: ::c_long,
-+        pub st_ctime: ::time_t,
-+        pub st_ctime_nsec: ::c_long,
-+        pub st_size: ::off_t,
-+        pub st_blocks: ::blkcnt_t,
-+        pub st_blksize: ::blksize_t,
-+        pub st_flags: ::fflags_t,
-+        pub st_gen: u32,
-+        pub st_lspare: i32,
-+        pub st_birthtime: ::time_t,
-+        pub st_birthtime_nsec: ::c_long,
-+    }
-+}
-+
-+// should be pub(crate), but that requires Rust 1.18.0
-+cfg_if! {
-+    if #[cfg(libc_const_size_of)] {
-+        #[doc(hidden)]
-+        pub const _ALIGNBYTES: usize = ::mem::size_of::<::c_int>() - 1;
-+    } else {
-+        #[doc(hidden)]
-+        pub const _ALIGNBYTES: usize = 4 - 1;
-+    }
-+}
-+
-+pub const MAP_32BIT: ::c_int = 0x00080000;
-+pub const MINSIGSTKSZ: ::size_t = 2048; // 512 * 4
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 5fcb57aa716a..f50fe60042d1 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -136,7 +136,7 @@ man/man1/suricata.1.gz
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/util.pyc
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/version.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata/update/version.pyc
-%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata_update-1.2.2-py%%PYTHON_VER%%.egg-info
+%%PYTHON%%%%PYTHON_SITELIBDIR%%/suricata_update-1.2.3-py%%PYTHON_VER%%.egg-info
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
 %%DATADIR%%/rules/app-layer-events.rules
@@ -146,9 +146,11 @@ man/man1/suricata.1.gz
 %%DATADIR%%/rules/dns-events.rules
 %%DATADIR%%/rules/files.rules
 %%DATADIR%%/rules/http-events.rules
+%%DATADIR%%/rules/http2-events.rules
 %%DATADIR%%/rules/ipsec-events.rules
 %%DATADIR%%/rules/kerberos-events.rules
 %%DATADIR%%/rules/modbus-events.rules
+%%DATADIR%%/rules/mqtt-events.rules
 %%DATADIR%%/rules/nfs-events.rules
 %%DATADIR%%/rules/ntp-events.rules
 %%DATADIR%%/rules/smb-events.rules