diff --git a/security/suricata/Makefile b/security/suricata/Makefile index e5dcf9c2aeca..e047f1fb6838 100644 --- a/security/suricata/Makefile +++ b/security/suricata/Makefile @@ -1,129 +1,134 @@ PORTNAME= suricata DISTVERSION= 6.0.2 PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://www.openinfosecfoundation.org/download/ MAINTAINER= franco@opnsense.org COMMENT= High Performance Network IDS, IPS and Security Monitoring engine LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= rustc:lang/${RUST_DEFAULT} LIB_DEPENDS= libjansson.so:devel/jansson \ libpcre.so:devel/pcre \ libnet.so:net/libnet \ liblz4.so:archivers/liblz4 \ libyaml.so:textproc/libyaml USES= autoreconf cpe gmake iconv:translit libtool localbase \ pathfix pkgconfig CPE_VENDOR= openinfosecfoundation USE_LDCONFIG= yes USE_RC_SUBR= ${PORTNAME} GNU_CONFIGURE= yes CONFIGURE_ARGS+=--enable-gccprotect \ --enable-bundled-htp \ --disable-gccmarch-native INSTALL_TARGET= install-strip TEST_TARGET= check CONFLICTS_INSTALL= libhtp SUB_FILES= pkg-message PLIST_SUB= PORTVERSION=${DISTVERSION:C/-/_/g} OPTIONS_DEFINE= GEOIP IPFW NETMAP NSS PORTS_PCAP PRELUDE \ PYTHON REDIS TESTS OPTIONS_DEFINE_amd64= HYPERSCAN OPTIONS_DEFAULT= IPFW NETMAP PYTHON OPTIONS_RADIO= SCRIPTS OPTIONS_RADIO_SCRIPTS= LUA LUAJIT OPTIONS_SUB= yes PRELUDE_BROKEN= Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065 GEOIP_DESC= GeoIP support HYPERSCAN_DESC= Hyperscan support IPFW_DESC= IPFW and IP Divert support for inline IDP LUAJIT_DESC= LuaJIT scripting support LUA_DESC= LUA scripting support NETMAP_DESC= Netmap support for inline IDP NSS_DESC= File checksums and SSL/TLS fingerprinting PORTS_PCAP_DESC= Use libpcap from ports PRELUDE_DESC= Prelude support for NIDS alerts PYTHON_DESC= Python-based update and control utilities REDIS_DESC= Redis output support SCRIPTS_DESC= Scripting TESTS_DESC= Unit tests in suricata binary GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb GEOIP_CONFIGURE_ON= --enable-geoip HYPERSCAN_LIB_DEPENDS= libhs.so:devel/hyperscan IPFW_CONFIGURE_ON= --enable-ipfw LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit LUAJIT_CONFIGURE_ON= --enable-luajit LUA_USES= lua:51 LUA_CONFIGURE_ON= --enable-lua NETMAP_CONFIGURE_ENABLE= netmap NSS_LIB_DEPENDS= libnss3.so:security/nss \ libnspr4.so:devel/nspr NSS_CONFIGURE_OFF= --disable-nss --disable-nspr PORTS_PCAP_LIB_DEPENDS= libpcap.so.1:net/libpcap PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude \ libgnutls.so:security/gnutls \ libgcrypt.so:security/libgcrypt \ libgpg-error.so:security/libgpg-error \ libltdl.so:devel/libltdl PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} PRELUDE_CONFIGURE_ENABLE= prelude PYTHON_BUILD_DEPENDS= ${PYTHON_RUN_DEPENDS} PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR} PYTHON_USES= python PYTHON_USE= PYTHON=py3kplist PYTHON_CONFIGURE_ENABLE= python REDIS_LIB_DEPENDS= libhiredis.so:databases/hiredis \ libevent_pthreads.so:devel/libevent REDIS_CONFIGURE_ON= --enable-hiredis \ TESTS_CONFIGURE_ENABLE= unittests pre-patch: @${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 +post-patch: +# Disable vendor checksums + @${REINPLACE_CMD} 's,"files":{[^}]*},"files":{},' \ + ${WRKSRC}/rust/vendor/*/.cargo-checksum.json + post-patch-PYTHON-on: @${REINPLACE_CMD} -e "/AC_PATH_PROGS.*HAVE_PYTHON/ s/python[^,]*,/${PYTHON_VERSION},/g" \ ${WRKSRC}/configure.ac post-install: @${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}/var/log/suricata .for f in classification.config reference.config @${MV} ${STAGEDIR}${DATADIR}/${f} ${STAGEDIR}${ETCDIR}/${f}.sample .endfor .for f in suricata.yaml threshold.config ${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${ETCDIR}/${f}.sample .endfor post-install-PYTHON-on: (cd ${STAGEDIR}${PREFIX} \ && ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \ -d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;}) .include diff --git a/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_bhcomp.rs b/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_bhcomp.rs new file mode 100644 index 000000000000..5ab5c0f66d7b --- /dev/null +++ b/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_bhcomp.rs @@ -0,0 +1,11 @@ +--- rust/vendor/lexical-core/src/atof/algorithm/bhcomp.rs.orig 2021-06-19 12:41:29 UTC ++++ rust/vendor/lexical-core/src/atof/algorithm/bhcomp.rs +@@ -59,7 +59,7 @@ pub(super) fn parse_mantissa<'a, Data>(data: Data, rad + let small_powers = Bigint::small_powers(radix); + let count = data.mantissa_digits(); + let bits = count / integral_binary_factor(radix).as_usize(); +- let bytes = bits / Limb::BITS; ++ let bytes = bits / ::BITS; + + // Main loop + let step = small_powers.len() - 2; diff --git a/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_bigcomp.rs b/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_bigcomp.rs new file mode 100644 index 000000000000..585f9630bbaa --- /dev/null +++ b/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_bigcomp.rs @@ -0,0 +1,39 @@ +error[E0308]: mismatched types + --> src/atof/algorithm/bigcomp.rs:242:55 + | +242 | let nlz = den.leading_zeros().wrapping_sub(wlz) & (u32::BITS - 1); + | ^^^^^^^^^^^^^^^ expected `usize`, found `u32` + +error[E0277]: no implementation for `usize & u32` + +https://github.com/Alexhuszagh/rust-lexical/commit/05f2cf96b080a81e2bee1f30ae389dc4f9cb6d00 + +--- rust/vendor/lexical-core/src/atof/algorithm/bigcomp.rs.orig 2021-03-01 16:15:39 UTC ++++ rust/vendor/lexical-core/src/atof/algorithm/bigcomp.rs +@@ -154,7 +154,7 @@ pub(super) fn make_ratio(radix: u32, sci_exp + // Scale the denominator so it has the number of bits + // in the radix as the number of leading zeros. + let wlz = integral_binary_factor(radix).as_usize(); +- let nlz = den.leading_zeros().wrapping_sub(wlz) & (u32::BITS - 1); ++ let nlz = den.leading_zeros().wrapping_sub(wlz) & (::BITS - 1); + small::ishl_bits(den.data_mut(), nlz); + den.exp -= nlz.as_i32(); + +@@ -172,7 +172,7 @@ pub(super) fn make_ratio(radix: u32, sci_exp + // denominator will be normalized. + // We need to add one to the quotient,since we're calculating the + // ceiling of the divmod. +- let (q, r) = shift.ceil_divmod(Limb::BITS); ++ let (q, r) = shift.ceil_divmod(::BITS); + // Since we're using a power from the denominator to the + // numerator, we to invert r, not add u32::BITS. + let r = -r; +@@ -180,7 +180,7 @@ pub(super) fn make_ratio(radix: u32, sci_exp + num.exp -= r; + if !q.is_zero() { + den.pad_zero_digits(q); +- den.exp -= Limb::BITS.as_i32() * q.as_i32(); ++ den.exp -= ::BITS.as_i32() * q.as_i32(); + } + } + diff --git a/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_math.rs b/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_math.rs new file mode 100644 index 000000000000..d402b44e44a5 --- /dev/null +++ b/security/suricata/files/patch-rust_vendor_lexical-core_src_atof_algorithm_math.rs @@ -0,0 +1,211 @@ +--- rust/vendor/lexical-core/src/atof/algorithm/math.rs.orig 2021-03-01 16:15:39 UTC ++++ rust/vendor/lexical-core/src/atof/algorithm/math.rs +@@ -956,7 +956,7 @@ pub fn mul(x: Limb, y: Limb, carry: Limb) + // the following is always true: + // `Wide::max_value() - (Narrow::max_value() * Narrow::max_value()) >= Narrow::max_value()` + let z: Wide = as_wide(x) * as_wide(y) + as_wide(carry); +- (as_limb(z), as_limb(z >> Limb::BITS)) ++ (as_limb(z), as_limb(z >> ::BITS)) + }} + + /// Multiply two small integers (with carry) (and return if overflow happens). +@@ -979,7 +979,7 @@ pub fn div(x: Limb, y: Limb, rem: Limb) + -> (Limb, Limb) + { + // Cannot overflow, as long as wide is 2x as wide. +- let x = as_wide(x) | (as_wide(rem) << Limb::BITS); ++ let x = as_wide(x) | (as_wide(rem) << ::BITS); + let y = as_wide(y); + (as_limb(x / y), as_limb(x % y)) + }} +@@ -1046,7 +1046,7 @@ perftools_inline!{ + pub fn trailing_zeros(x: &[Limb]) -> usize { + // Get the index of the last non-zero value + let index = trailing_zero_limbs(x); +- let mut count = index.saturating_mul(Limb::BITS); ++ let mut count = index.saturating_mul(::BITS); + if let Some(value) = x.get(index) { + count = count.saturating_add(value.trailing_zeros().as_usize()); + } +@@ -1061,7 +1061,7 @@ pub fn bit_length(x: &[Limb]) -> usize { + // Avoid overflowing, calculate via total number of bits + // minus leading zero bits. + let nlz = leading_zeros(x); +- Limb::BITS.checked_mul(x.len()) ++ ::BITS.checked_mul(x.len()) + .map(|v| v - nlz) + .unwrap_or(usize::max_value()) + }} +@@ -1080,14 +1080,14 @@ pub fn limb_length(x: &[Limb]) -> usize { + /// + /// Returns the truncated bits. + /// +-/// Assumes `n < Limb::BITS`, IE, internally shifting bits. ++/// Assumes `n < ::BITS`, IE, internally shifting bits. + perftools_inline!{ + pub fn ishr_bits(x: &mut T, n: usize) + -> Limb + where T: CloneableVecLike + { +- // Need to shift by the number of `bits % Limb::BITS`. +- let bits = Limb::BITS; ++ // Need to shift by the number of `bits % ::BITS`. ++ let bits = ::BITS; + debug_assert!(n < bits && n != 0); + + // Internally, for each item, we shift left by n, and add the previous +@@ -1134,9 +1134,9 @@ pub fn ishr(x: &mut T, n: usize) + -> bool + where T: CloneableVecLike + { +- let bits = Limb::BITS; +- // Need to pad with zeros for the number of `bits / Limb::BITS`, +- // and shift-left with carry for `bits % Limb::BITS`. ++ let bits = ::BITS; ++ // Need to pad with zeros for the number of `bits / ::BITS`, ++ // and shift-left with carry for `bits % ::BITS`. + let rem = n % bits; + let div = n / bits; + let is_zero = match div.is_zero() { +@@ -1187,13 +1187,13 @@ pub fn shr(x: &[Limb], n: usize) + + /// Shift-left bits inside a buffer. + /// +-/// Assumes `n < Limb::BITS`, IE, internally shifting bits. ++/// Assumes `n < ::BITS`, IE, internally shifting bits. + perftools_inline!{ + pub fn ishl_bits(x: &mut T, n: usize) + where T: CloneableVecLike + { +- // Need to shift by the number of `bits % Limb::BITS)`. +- let bits = Limb::BITS; ++ // Need to shift by the number of `bits % ::BITS)`. ++ let bits = ::BITS; + debug_assert!(n < bits); + if n.is_zero() { + return; +@@ -1223,7 +1223,7 @@ pub fn ishl_bits(x: &mut T, n: usize) + + /// Shift-left bits inside a buffer. + /// +-/// Assumes `n < Limb::BITS`, IE, internally shifting bits. ++/// Assumes `n < ::BITS`, IE, internally shifting bits. + perftools_inline!{ + pub fn shl_bits(x: &[Limb], n: usize) + -> T +@@ -1253,9 +1253,9 @@ perftools_inline!{ + pub fn ishl(x: &mut T, n: usize) + where T: CloneableVecLike + { +- let bits = Limb::BITS; +- // Need to pad with zeros for the number of `bits / Limb::BITS`, +- // and shift-left with carry for `bits % Limb::BITS`. ++ let bits = ::BITS; ++ // Need to pad with zeros for the number of `bits / ::BITS`, ++ // and shift-left with carry for `bits % ::BITS`. + let rem = n % bits; + let div = n / bits; + ishl_bits(x, rem); +@@ -1912,7 +1912,7 @@ pub fn mul(x: &[Limb], y: &[Limb]) + // DIVISION + + /// Constants for algorithm D. +-const ALGORITHM_D_B: Wide = 1 << Limb::BITS; ++const ALGORITHM_D_B: Wide = 1 << ::BITS; + const ALGORITHM_D_M: Wide = ALGORITHM_D_B - 1; + + /// Calculate qhat (an estimate for the quotient). +@@ -1932,7 +1932,7 @@ fn calculate_qhat(x: &[Limb], y: &[Limb], j: usize) + // rhat = (x[j+n]*B + x[j+n-1]) - qhat*y[n-1]; + let x_jn = as_wide(x[j+n]); + let x_jn1 = as_wide(x[j+n-1]); +- let num = (x_jn << Limb::BITS) + x_jn1; ++ let num = (x_jn << ::BITS) + x_jn1; + let den = as_wide(y[n-1]); + let mut qhat = num / den; + let mut rhat = num - qhat * den; +@@ -1949,7 +1949,7 @@ fn calculate_qhat(x: &[Limb], y: &[Limb], j: usize) + let y_n2 = as_wide(y[n-2]); + let y_n1 = as_wide(y[n-1]); + // This only happens when the leading bit of qhat is set. +- while qhat >= ALGORITHM_D_B || qhat * y_n2 > (rhat << Limb::BITS) + x_jn2 { ++ while qhat >= ALGORITHM_D_B || qhat * y_n2 > (rhat << ::BITS) + x_jn2 { + qhat -= 1; + rhat += y_n1; + if rhat >= ALGORITHM_D_B { +@@ -1989,7 +1989,7 @@ fn multiply_and_subtract(x: &mut T, y: &T, qhat: Wi + let p = qhat * y_i; + t = x_ij.wrapping_sub(k).wrapping_sub(as_signed_wide(p & ALGORITHM_D_M)); + x[i+j] = as_limb(t); +- k = as_signed_wide(p >> Limb::BITS) - (t >> Limb::BITS); ++ k = as_signed_wide(p >> ::BITS) - (t >> ::BITS); + } + t = as_signed_wide(x[j+n]) - k; + x[j+n] = as_limb(t); +@@ -2045,7 +2045,7 @@ fn add_back(x: &mut T, y: &T, mut t: SignedWide, j: + for i in 0..n { + t = as_signed_wide(as_wide(x[i+j]) + as_wide(y[i])) + k; + x[i+j] = as_limb(t); +- k = t >> Limb::BITS; ++ k = t >> ::BITS; + } + let x_jn = as_signed_wide(x[j+n]) + k; + x[j+n] = as_limb(x_jn); +@@ -2068,7 +2068,7 @@ fn calculate_remainder(x: &[Limb], y: &[Limb], s: u + let n = y.len(); + let mut r = T::default(); + r.reserve_exact(n); +- let rs = Limb::BITS - s; ++ let rs = ::BITS - s; + for i in 0..n-1 { + let xi = as_wide(x[i]) >> s; + let xi1 = as_wide(x[i+1]) << rs; +@@ -2205,9 +2205,9 @@ pub fn quorem(x: &mut T, y: &T) + let mut carry: Wide = 0; + for j in 0..m { + let p = as_wide(y[j]) * as_wide(q) + carry; +- carry = p >> Limb::BITS; ++ carry = p >> ::BITS; + let t = as_wide(x[j]).wrapping_sub(p & mask).wrapping_sub(borrow); +- borrow = (t >> Limb::BITS) & 1; ++ borrow = (t >> ::BITS) & 1; + x[j] = as_limb(t); + } + small::normalize(x); +@@ -2220,9 +2220,9 @@ pub fn quorem(x: &mut T, y: &T) + let mut carry: Wide = 0; + for j in 0..m { + let p = as_wide(y[j]) + carry; +- carry = p >> Limb::BITS; ++ carry = p >> ::BITS; + let t = as_wide(x[j]).wrapping_sub(p & mask).wrapping_sub(borrow); +- borrow = (t >> Limb::BITS) & 1; ++ borrow = (t >> ::BITS) & 1; + x[j] = as_limb(t); + } + small::normalize(x); +@@ -3137,18 +3137,18 @@ mod tests { + fn leading_zeros_test() { + assert_eq!(Bigint::new().leading_zeros(), 0); + +- assert_eq!(Bigint::from_u16(0xFF).leading_zeros(), Limb::BITS-8); +- assert_eq!(Bigint::from_u32(0xFF).leading_zeros(), Limb::BITS-8); ++ assert_eq!(Bigint::from_u16(0xFF).leading_zeros(), ::BITS-8); ++ assert_eq!(Bigint::from_u32(0xFF).leading_zeros(), ::BITS-8); + assert_eq!(Bigint::from_u64(0xFF00000000).leading_zeros(), 24); + assert_eq!(Bigint::from_u128(0xFF000000000000000000000000).leading_zeros(), 24); + +- assert_eq!(Bigint::from_u16(0xF).leading_zeros(), Limb::BITS-4); +- assert_eq!(Bigint::from_u32(0xF).leading_zeros(), Limb::BITS-4); ++ assert_eq!(Bigint::from_u16(0xF).leading_zeros(), ::BITS-4); ++ assert_eq!(Bigint::from_u32(0xF).leading_zeros(), ::BITS-4); + assert_eq!(Bigint::from_u64(0xF00000000).leading_zeros(), 28); + assert_eq!(Bigint::from_u128(0xF000000000000000000000000).leading_zeros(), 28); + +- assert_eq!(Bigint::from_u16(0xF0).leading_zeros(), Limb::BITS-8); +- assert_eq!(Bigint::from_u32(0xF0).leading_zeros(), Limb::BITS-8); ++ assert_eq!(Bigint::from_u16(0xF0).leading_zeros(), ::BITS-8); ++ assert_eq!(Bigint::from_u32(0xF0).leading_zeros(), ::BITS-8); + assert_eq!(Bigint::from_u64(0xF000000000).leading_zeros(), 24); + assert_eq!(Bigint::from_u128(0xF0000000000000000000000000).leading_zeros(), 24); + }