svn commit: r421972 - in head/security/bro: . files
John Marino
marino at FreeBSD.org
Tue Sep 13 02:58:05 UTC 2016
Author: marino
Date: Tue Sep 13 02:58:03 2016
New Revision: 421972
URL: https://svnweb.freebsd.org/changeset/ports/421972
Log:
securty/bro: Modernize options, remove Ports SSL option, support LibreSSL
The "build with Ports SSL" option is no longer valid. The SSL library is
selected through the SSL_DEFAULT value. While removing the PORTS_SSL
option, modernize the entire set of options under the general
infrastructure blanket. The SSL work, including the support for LibreSSL
was done under the SSL blanket.
Added:
head/security/bro/files/patch-aux_broccoli_src_bro__openssl.c (contents, props changed)
head/security/bro/files/patch-src_ChunkedIO.cc (contents, props changed)
Modified:
head/security/bro/Makefile
Modified: head/security/bro/Makefile
==============================================================================
--- head/security/bro/Makefile Tue Sep 13 02:28:28 2016 (r421971)
+++ head/security/bro/Makefile Tue Sep 13 02:58:03 2016 (r421972)
@@ -3,6 +3,7 @@
PORTNAME= bro
PORTVERSION= 2.4.1
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://www.bro.org/downloads/release/
@@ -17,7 +18,7 @@ BUILD_DEPENDS= ${LOCALBASE}/bin/bison:de
${LOCALBASE}/bin/swig:devel/swig13
LIB_DEPENDS= libGeoIP.so:net/GeoIP
-USES= cmake:outsource compiler:c++11-lang perl5 python
+USES= cmake:outsource compiler:c++11-lang perl5 python ssl
CMAKE_ARGS+= -D PYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
CXXFLAGS+= -std=c++11 -Wextra -Wall -pedantic
@@ -41,7 +42,8 @@ CMAKE_ARGS+= -D CMAKE_INSTALL_PREFIX:PAT
-D ENABLE_PERFTOOLS_DEBUG:BOOL=false \
-D BinPAC_SKIP_INSTALL:BOOL=true \
-D INSTALL_AUX_TOOLS:BOOL=true \
- -D BUILD_SHARED_LIBS:BOOL=true
+ -D BUILD_SHARED_LIBS:BOOL=true \
+ -D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
BROUSER?= bro
BROGROUP?= bro
@@ -51,100 +53,48 @@ PLIST_SUB+= BROUSER=${BROUSER} \
USERS= ${BROUSER}
GROUPS= ${BROGROUP}
-USE_OPENSSL= yes
-
-OPTIONS_DEFINE= BROCCOLI BROCTL BROKER DEBUG IPSUMDUMP LBL_CF LBL_HF PERFTOOLS PORTS_SSL
-OPTIONS_DEFAULT=BROCCOLI BROCTL IPSUMDUMP LBL_CF LBL_HF PORTS_SSL
+OPTIONS_DEFINE= BROCCOLI BROCTL BROKER DEBUG IPSUMDUMP LBL_CF LBL_HF PERFTOOLS
+OPTIONS_DEFAULT=BROCCOLI BROCTL IPSUMDUMP LBL_CF LBL_HF
+OPTIONS_SUB= yes
BROCCOLI_DESC= Build support for libbroccoli communications
-BROCTL_DESC= Build BroControl support (requires BROCCOLI)
+BROCTL_DESC= BroControl support (implies BROCCOLI and IPSUMDUMP)
BROKER_DESC= Enable the Broker communication library
DEBUG_DESC= Compile in debugging mode
IPSUMDUMP_DESC= Enables traffic summaries
LBL_CF_DESC= Unix time to formated time/date filter support
LBL_HF_DESC= Address to hostname filter support
PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage
-PORTS_SSL_DESC= Build with OpenSSL from ports (instead of base system)
-
-OPTIONS_EXCLUDE=NLS DOCS
-PORTS_SSL_VARS= WITH_OPENSSL_PORT=yes
+BROCTL_IMPLIES= BROCCOLI IPSUMDUMP
-.include <bsd.port.pre.mk>
-
-.if ${PORT_OPTIONS:MBROCCOLI}
-LIB_DEPENDS+= libbroccoli.so:security/broccoli
-.endif
+BROCCOLI_LIB_DEPENDS= libbroccoli.so:security/broccoli
+BROCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
+ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3
+BROCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
+ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3
+BROCTL_CMAKE_BOOL= INSTALL_BROCTL
+BROCTL_USE= LDCONFIG=yes
+IPSUMDUMP_BUILD_DEPENDS=ipsumdump:net/ipsumdump
+IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump
+BROKER_CMAKE_BOOL= ENABLE_BROKER
+BROKER_BUILD_DEPENDS= caf>=0.14.1:devel/caf
+DEBUG_CMAKE_BOOL= ENABLE_DEBUG
+LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
+LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
+PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS
+PERFTOOLS_RUN_DEPENDS= ${LOCALBASE}/bin/pprof:devel/google-perftools
-.if ${PORT_OPTIONS:MBROCTL}
-.if empty(PORT_OPTIONS:MBROCCOLI)
-IGNORE= the BROCTL option requires BROCCOLI
-.endif
-.if empty(PORT_OPTIONS:MIPSUMDUMP)
-IGNORE= the BROCTL option requires IPSUMDUMP
-.endif
-BUILD_DEPENDS+= ${LOCALBASE}/bin/bash:shells/bash \
- ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3
-RUN_DEPENDS+= ${LOCALBASE}/bin/bash:shells/bash \
- ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3
-PLIST_SUB+= BROCTL=""
-USE_LDCONFIG= yes
-CMAKE_ARGS+= -D INSTALL_BROCTL:BOOL=true
-.else
-CMAKE_ARGS+= -D INSTALL_BROCTL:BOOL=false
-PLIST_SUB+= BROCTL="@comment "
-.endif
+.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MBROKER}
-CMAKE_ARGS+= -D ENABLE_BROKER:BOOL=true
-BUILD_DEPENDS+= caf>=0.14.1:devel/caf
-PLIST_SUB+= BROKER=""
-
-.if ${OSVERSION} < 1001000
+. if ${OPSYS} == FreeBSD && ${OSVERSION} < 1001000
# Bro 2.4 with BROKER requires caf, clang and libc++
BUILD_DEPENDS+= ${LOCALBASE}/bin/clang++34:lang/clang34 \
${LOCALBASE}/lib/c++/libstdc++.so:devel/libc++
-
CXXFLAGS+= -stdlib=libc++ -I${LOCALBASE}/include/c++/v1 -L${LOCALBASE}/lib
CXX= ${LOCALBASE}/bin/clang++34
-.endif
-.else
-CMAKE_ARGS+= -D ENABLE_BROKER:BOOL=false
-PLIST_SUB+= BROKER="@comment "
-.endif
-
-.if ${PORT_OPTIONS:MDEBUG}
-CMAKE_ARGS+= -D ENABLE_DEBUG:BOOL=true
-.else
-CMAKE_ARGS+= -D ENABLE_DEBUG:BOOL=false
-.endif
-
-.if ${PORT_OPTIONS:MLBL_HF}
-RUN_DEPENDS+= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
-.endif
-
-.if ${PORT_OPTIONS:MLBL_CF}
-RUN_DEPENDS+= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
-.endif
-
-.if ${PORT_OPTIONS:MPERFTOOLS}
-CMAKE_ARGS+= -D ENABLE_PERFTOOLS:BOOL=true
-RUN_DEPENDS+= ${LOCALBASE}/bin/pprof:devel/google-perftools
-.else
-CMAKE_ARGS+= -D ENABLE_PERFTOOLS:BOOL=false
-.endif
-
-.if ${PORT_OPTIONS:MPORTS_SSL}
-CMAKE_ARGS+= -D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
-.else
-.if ${SSL_DEFAULT} != base
-IGNORE= the SSL option is requred when using SSL from ports
-.endif
-.endif
-
-.if ${PORT_OPTIONS:MIPSUMDUMP}
-BUILD_DEPENDS+= ipsumdump:net/ipsumdump
-RUN_DEPENDS+= ipsumdump:net/ipsumdump
+. endif
.endif
post-install-BROCTL-on:
@@ -156,4 +106,4 @@ post-install-BROCTL-on:
@${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.example
.endfor
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Added: head/security/bro/files/patch-aux_broccoli_src_bro__openssl.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/bro/files/patch-aux_broccoli_src_bro__openssl.c Tue Sep 13 02:58:03 2016 (r421972)
@@ -0,0 +1,14 @@
+--- aux/broccoli/src/bro_openssl.c.orig 2015-09-06 19:43:23 UTC
++++ aux/broccoli/src/bro_openssl.c
+@@ -302,7 +302,11 @@ __bro_openssl_init(void)
+ * to set up an SSL connection now and abort if this fails in any way.
+ */
+
++#ifndef OPENSSL_NO_SSL3
+ if (! (ctx = SSL_CTX_new(SSLv3_method())))
++#else
++ if (! (ctx = SSL_CTX_new(SSLv23_method())))
++#endif
+ D_RETURN_(FALSE);
+
+ /* We expect things to be stored in PEM format, which means that we
Added: head/security/bro/files/patch-src_ChunkedIO.cc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/bro/files/patch-src_ChunkedIO.cc Tue Sep 13 02:58:03 2016 (r421972)
@@ -0,0 +1,14 @@
+--- src/ChunkedIO.cc.orig 2015-09-06 19:43:16 UTC
++++ src/ChunkedIO.cc
+@@ -709,7 +709,11 @@ bool ChunkedIOSSL::Init()
+ {
+ SSL_load_error_strings();
+
++#ifndef OPENSSL_NO_SSL3
+ ctx = SSL_CTX_new(SSLv3_method());
++#else
++ ctx = SSL_CTX_new(SSLv23_method());
++#endif
+ if ( ! ctx )
+ {
+ Log("can't create SSL context");
More information about the svn-ports-all
mailing list