zeek: rename from bro, fix cross, update to 3.1.5

Thanks to @sgn for the cross compile fixes!
This commit is contained in:
Andrew Benson 2020-04-08 19:56:10 -05:00 committed by Andrew Benson
parent 2bc27544cb
commit 4675d9c9c4
12 changed files with 129 additions and 304 deletions

View File

@ -3627,9 +3627,11 @@ libtexpdf.so.0 libtexpdf-0.9.5_1
libupstart.so.1 libupstart-1.13.3_1
librtas.so.2 librtas-2.0.2_1
librtasevent.so.2 librtas-2.0.2_1
libbroker.so.0 bro-2.6.1_1
libcaf_core.so.0.16.2 bro-2.6.1_1
libcaf_openssl.so.0.16.2 bro-2.6.1_1
libbroker.so.2 zeek-3.1.1_1
libcaf_core.so.0.17.4 zeek-3.1.1_1
libcaf_io.so.0.17.4 zeek-3.1.1_1
libcaf_openssl.so.0.17.4 zeek-3.1.1_1
libbinpac.so.0 zeek-3.1.1_1
libllhttp.so.1 llhttp-1.0.1_1
libpinyin.so.13 libpinyin-2.2.1_1
libuhd.so.3.15.0 uhd-3.15.0.0_1

View File

@ -1 +1 @@
bro
zeek

View File

@ -1 +1 @@
bro
zeek

1
srcpkgs/bro Symbolic link
View File

@ -0,0 +1 @@
zeek

View File

@ -1,176 +0,0 @@
From fc43d06955a255bce4162b459be4a6a3a11a178d Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Mon, 7 Jan 2019 11:35:17 -0600
Subject: [PATCH] GH-227: Improve LibreSSL support
---
src/file_analysis/analyzer/x509/OCSP.cc | 16 ++++++++--------
src/file_analysis/analyzer/x509/X509.cc | 2 +-
src/file_analysis/analyzer/x509/X509.h | 11 ++++++++---
src/file_analysis/analyzer/x509/functions.bif | 6 +++---
4 files changed, 20 insertions(+), 15 deletions(-)
diff --git src/file_analysis/analyzer/x509/OCSP.cc src/file_analysis/analyzer/x509/OCSP.cc
index bea88fc747..537d194906 100644
--- src/file_analysis/analyzer/x509/OCSP.cc
+++ src/file_analysis/analyzer/x509/OCSP.cc
@@ -44,7 +44,7 @@ static Val* get_ocsp_type(RecordVal* args, const char* name)
static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp, BIO* bio)
{
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
ASN1_OCTET_STRING* key = nullptr;
X509_NAME* name = nullptr;
@@ -423,7 +423,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid)
uint64 version = 0;
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
if ( req->tbsRequest->version )
version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version);
#else
@@ -495,7 +495,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
if ( !basic_resp )
goto clean_up;
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
resp_data = basic_resp->tbsResponseData;
if ( !resp_data )
goto clean_up;
@@ -506,7 +506,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
vl->append(resp_val->Ref());
vl->append(status_val);
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
vl->append(new Val((uint64)ASN1_INTEGER_get(resp_data->version), TYPE_COUNT));
#else
vl->append(parse_basic_resp_data_version(basic_resp));
@@ -526,7 +526,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
}
// producedAt
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
produced_at = resp_data->producedAt;
#else
produced_at = OCSP_resp_get0_produced_at(basic_resp);
@@ -551,7 +551,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
// cert id
const OCSP_CERTID* cert_id = nullptr;
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
cert_id = single_resp->certId;
#else
cert_id = OCSP_SINGLERESP_get0_id(single_resp);
@@ -618,7 +618,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
}
}
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm);
len = BIO_read(bio, buf, sizeof(buf));
vl->append(new StringVal(len, buf));
@@ -635,7 +635,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType());
vl->append(certs_vector);
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
certs = basic_resp->certs;
#else
certs = OCSP_resp_get0_certs(basic_resp);
diff --git src/file_analysis/analyzer/x509/X509.cc src/file_analysis/analyzer/x509/X509.cc
index 7571915207..600b3adb52 100644
--- src/file_analysis/analyzer/x509/X509.cc
+++ src/file_analysis/analyzer/x509/X509.cc
@@ -290,7 +290,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
continue;
}
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
const char* name = (const char*) ASN1_STRING_data(gen->d.ia5);
#else
const char* name = (const char*) ASN1_STRING_get0_data(gen->d.ia5);
diff --git src/file_analysis/analyzer/x509/X509.h src/file_analysis/analyzer/x509/X509.h
index b808b676fe..91a5a7a5a1 100644
--- src/file_analysis/analyzer/x509/X509.h
+++ src/file_analysis/analyzer/x509/X509.h
@@ -8,24 +8,27 @@
#include "Val.h"
#include "X509Common.h"
-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
+#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER)
#define X509_get_signature_nid(x) OBJ_obj2nid((x)->sig_alg->algorithm)
#endif
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || LIBRESSL_VERSION_NUMBER)
+#if ( OPENSSL_VERSION_NUMBER < 0x1010000fL ) || defined(LIBRESSL_VERSION_NUMBER)
#define X509_OBJECT_new() (X509_OBJECT*)malloc(sizeof(X509_OBJECT))
#define X509_OBJECT_free(a) free(a)
-#define OCSP_SINGLERESP_get0_id(s) (s)->certId
#define OCSP_resp_get0_certs(x) (x)->certs
#define EVP_PKEY_get0_DSA(p) ((p)->pkey.dsa)
#define EVP_PKEY_get0_EC_KEY(p) ((p)->pkey.ec)
#define EVP_PKEY_get0_RSA(p) ((p)->pkey.rsa)
+#if !defined(LIBRESSL_VERSION_NUMBER) || ( LIBRESSL_VERSION_NUMBER < 0x2070000fL )
+
+#define OCSP_SINGLERESP_get0_id(s) (s)->certId
+
static X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
{
if ( a == nullptr || a->type != X509_LU_X509 )
@@ -57,6 +60,8 @@ static void RSA_get0_key(const RSA *r,
#endif
+#endif
+
namespace file_analysis {
class X509Val;
diff --git src/file_analysis/analyzer/x509/functions.bif src/file_analysis/analyzer/x509/functions.bif
index 0b18feb8fe..ec87a495b3 100644
--- src/file_analysis/analyzer/x509/functions.bif
+++ src/file_analysis/analyzer/x509/functions.bif
@@ -115,7 +115,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
const ASN1_OCTET_STRING* key = nullptr;
const X509_NAME* name = nullptr;
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId;
if ( resp_id->type == V_OCSP_RESPID_NAME )
@@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// Because we actually want to be able to give nice error messages that show why we were
// not able to verify the OCSP response - do our own verification logic first.
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
signer = x509_get_ocsp_signer(basic->certs, basic);
#else
signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic);
@@ -714,7 +714,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
uint32 cert_length;
if ( precert )
{
-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
+#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER)
x->cert_info->enc.modified = 1;
cert_length = i2d_X509_CINF(x->cert_info, &cert_out);
#else

View File

@ -1,74 +0,0 @@
https://github.com/danielguerra69/docker-bro-1
--- aux/binpac/lib/binpac.h.in.orig
+++ aux/binpac/lib/binpac.h.in
@@ -4,6 +4,7 @@
#define binpac_h
#include <sys/param.h>
+#include <sys/types.h>
#cmakedefine HOST_BIGENDIAN
#ifdef HOST_BIGENDIAN
--- src/OSFinger.h.orig
+++ src/OSFinger.h
@@ -166,3 +166,57 @@
#define MATCHFUZZY 0x2
#endif
+
+// For musl-libc
+#ifndef TCPOPT_EOL
+# define TCPOPT_EOL 0
+#endif
+
+#ifndef TCPOPT_NOP
+# define TCPOPT_NOP 1
+#endif
+
+#ifndef TCPOPT_MAXSEG
+# define TCPOPT_MAXSEG 2
+#endif
+
+#ifndef TCPOLEN_MAXSEG
+# define TCPOLEN_MAXSEG 4
+#endif
+
+#ifndef TCPOPT_WINDOW
+# define TCPOPT_WINDOW 3
+#endif
+
+#ifndef TCPOLEN_WINDOW
+# define TCPOLEN_WINDOW 3
+#endif
+
+#ifndef TCPOPT_SACK_PERMITTED
+# define TCPOPT_SACK_PERMITTED 4 /* Experimental */
+#endif
+
+#ifndef TCPOLEN_SACK_PERMITTED
+# define TCPOLEN_SACK_PERMITTED 2
+#endif
+
+#ifndef TCPOPT_SACK
+# define TCPOPT_SACK 5 /* Experimental */
+#endif
+
+#ifndef TCPOPT_TIMESTAMP
+# define TCPOPT_TIMESTAMP 8
+#endif
+
+#ifndef TCPOLEN_TIMESTAMP
+# define TCPOLEN_TIMESTAMP 10
+#endif
+
+#ifndef TCPOLEN_TSTAMP_APPA
+# define TCPOLEN_TSTAMP_APPA (TCPOLEN_TIMESTAMP+2) /* appendix A */
+#endif
+
+#ifndef TCPOPT_TSTAMP_HDR
+# define TCPOPT_TSTAMP_HDR \
+ (TCPOPT_NOP<<24|TCPOPT_NOP<<16|TCPOPT_TIMESTAMP<<8|TCPOLEN_TIMESTAMP)
+#endif

View File

@ -1,49 +0,0 @@
# Template file for 'bro'
pkgname=bro
version=2.6.4
revision=2
archs="x86_64* i686* aarch64* armv7* ppc64*"
build_style=cmake
hostmakedepends="flex pkg-config python3"
makedepends="bind-devel geoip-devel libpcap-devel libressl-devel jemalloc-devel"
short_desc="Advanced framework for network traffic analysis"
maintainer="Andrew Benson <abenson+void@gmail.com>"
license="BSD-3-Clause"
homepage="https://www.bro.org"
distfiles="https://download.zeek.org/bro-${version}.tar.gz"
checksum=a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7
nocross="Needs to build part of itself to run, can't be built separately yet."
case "$XBPS_TARGET_MACHINE" in
*-musl)
makedepends+=" musl-fts-devel"
;;
esac
pre_configure() {
case "$XBPS_TARGET_MACHINE" in
*-musl)
sed -i '/set(broxygen/i link_libraries("-lfts")' src/broxygen/CMakeLists.txt
;;
esac
}
post_install() {
vsv bro
vlicense COPYING
}
binpac_package() {
short_desc+=" - protocol parser compiler"
pkg_install() {
vmove /usr/bin/binpac
}
}
binpac-devel_package() {
short_desc+=" - protocol parser compiler library"
pkg_install() {
vmove /usr/include
vmove "/usr/lib/*.a"
}
}

1
srcpkgs/zeek-devel Symbolic link
View File

@ -0,0 +1 @@
zeek

View File

@ -0,0 +1,10 @@
#!/bin/sh
ZEEKLOGDIR="/var/log/zeek"
[ -r conf ] && . ./conf
[ -d ${ZEEKLOGDIR} ] || mkdir -p ${ZEEKLOGDIR}
cd $ZEEKLOGDIR
exec zeek -i ${INTF:=eth0} ${ZEEKPOLICY}

View File

@ -0,0 +1,37 @@
From 7e5f9b857eb78c4c17a1321a5a5a55bb4afcf2c9 Mon Sep 17 00:00:00 2001
From: Andrew Benson <abenson@gmail.com>
Date: Tue, 16 Jun 2020 17:59:44 -0500
Subject: [PATCH] cmake: Make musl support more distro agnostic
---
CMakeLists.txt | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git CMakeLists.txt CMakeLists.txt
index 9e6d5c73cb..3efae8fa6b 100644
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -334,18 +334,11 @@ include_directories(BEFORE ${OPENSSL_INCLUDE_DIR})
# Make everyone find the highwayhash includes
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/auxil/highwayhash)
-# Alpine support
-if ( ${CMAKE_SYSTEM_NAME} MATCHES Linux AND EXISTS /etc/os-release )
- execute_process(
- COMMAND grep -q alpine /etc/os-release
- RESULT_VARIABLE os_release_alpine
- )
-
- if ( os_release_alpine EQUAL 0 )
- find_package(FTS REQUIRED)
- list(APPEND OPTLIBS ${FTS_LIBRARY})
- include_directories(BEFORE ${FTS_INCLUDE_DIR})
- endif ()
+# Determine if libfts is external to libc, i.e. musl
+find_package(FTS)
+if ( FTS_FOUND )
+ list(APPEND OPTLIBS ${FTS_LIBRARY})
+ include_directories(BEFORE ${FTS_INCLUDE_DIR})
endif ()
set(zeekdeps ${zeekdeps}

73
srcpkgs/zeek/template Normal file
View File

@ -0,0 +1,73 @@
# Template file for 'zeek'
pkgname=zeek
version=3.1.5
revision=1
archs="x86_64* i686* aarch64* armv7* ppc64*"
build_style=cmake
hostmakedepends="flex pkg-config python3 libpcap-devel libressl-devel
bind-devel zlib-devel"
makedepends="bind-devel geoip-devel libpcap-devel libressl-devel zlib-devel"
short_desc="Advanced framework for network traffic analysis"
maintainer="Andrew Benson <abenson+void@gmail.com>"
license="BSD-3-Clause"
homepage="https://www.zeek.org"
distfiles="https://old.zeek.org/downloads/zeek-${version}.tar.gz"
checksum=b944e8d47ac435bf83ba61cbfb66ce49eb11ca2fbbde1dc2bae638097ae399e7
if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
makedepends+=" musl-fts-devel musl-legacy-compat"
fi
pre_configure() {
if [ "$CROSS_BUILD" ]; then
mkdir -p native
cd native
CC=$CC_FOR_BUILD CFLAGS="$CFLAGS_FOR_BUILD" \
CXX=$CXX_FOR_BUILD CXXFLAGS="$CXXFLAGS_FOR_BUILD" \
LD=$LD_FOR_BUILD LDFLAGS="$LDFLAGS_FOR_BUILD" \
cmake ..
make ${makejobs} binpac bifcl
configure_args+="
-DBIFCL_EXE_PATH:PATH=${wrksrc}/native/aux/bifcl/bifcl
-DBINPAC_EXE_PATH:PATH=${wrksrc}/native/aux/binpac/src/binpac"
cd ..
fi
}
post_install() {
vsv zeek
vsv bro
vlicense COPYING
}
zeek-devel_package() {
short_desc+=" - development files"
pkg_install() {
vmove usr/include
vmove "usr/bin/*-config"
vmove "usr/lib/*.a"
vmove "usr/lib/*.so"
vmove usr/share/zeek/cmake
}
}
bro_package() {
archs=noarch
build_style=meta
depends="${sourcepkg}>=${version}_${revision}"
short_desc+=" (transitional dummy package)"
}
binpac_package() {
short_desc+=" - protocol parser compiler (transitional)"
build_style=meta
archs=noarch
depends="${sourcepkg}>=${version}_${revision}"
}
binpac-devel_package() {
short_desc+=" - protocol parser compiler library (transitional)"
build_style=meta
archs=noarch
depends="${sourcepkg}-devel>=${version}_${revision}"
}