pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Update zeek to version 4.0.4
Module Name: pkgsrc-wip
Committed By: Niclas Rosenvik <nros%pkgsrc.org@localhost>
Pushed By: nros
Date: Wed Jan 5 13:02:18 2022 +0100
Changeset: c17e6a17ef3f58442162094c2cd28adcec689063
Modified Files:
zeek/Makefile
zeek/PLIST
zeek/TODO
zeek/distinfo
zeek/patches/patch-CMakeLists.txt
Added Files:
zeek/patches/patch-auxil_broker_CMakeLists.txt
zeek/patches/patch-auxil_highwayhash_highwayhash_os__specific.cc
zeek/patches/patch-auxil_zeek-archiver_zeek-archiver.cc
zeek/patches/patch-src_CMakeLists.txt
zeek/patches/patch-src_input_readers_sqlite_SQLite.h
zeek/patches/patch-src_logging_writers_sqlite_SQLite.h
zeek/patches/patch-src_packet__analysis_protocol_arp_ARP.h
zeek/patches/patch-src_zeek-setup.cc
Log Message:
Update zeek to version 4.0.4
Update zeek to version 4.0.4 .
Pkgsrc changes:
Don't use the configure script,
use CMake directly.
Use pkgsrc CAF(actor-frework) and sqlite3.
Add maxminddb dependency.
Changes from changelog:
4.0.4 | 2021-09-21 16:04:07 -0700
* Sanitize log files names before they go into system(). (Robin Sommer, Corelight)
In principle, an attacker who's controlling the Zeek scripts being
loaded could have set log paths to include non-safe characters leading
to arbitrary command execution during log rotation. This fix avoids that
be sanitizing the file names / command lines.
Note, though, that this isn't a problem that we can really solve:
somebody controlling scripts can just as well inject custom
`system()` calls to begin with.
* PIA - switch size to int64_t (Johanna Amann, Corelight)
This brings the PIA size counter in line with the actual datatype used
on the scripting layer - both now use an int64_t.
* Introduce dpd_max_packets (Johanna Amann, Corelight)
dpd_max_packets is an additional setting that limits the maximum amount
of packets that dpd will cache; before dpd was only limited by buffer
size (but could cache a limitless amount of data-less packets).
* Ensure table/set HashKey buffer reservation and writes happen in same order (Christian Kreibich, Corelight)
(cherry picked from commit 5fc8d898975814dccd66ed80c77be7be20012a21)
* Update HMAC key used for benchmarking service (Tim Wojtulewicz, Corelight)
(cherry picked from commit 2fda808302dae017c6987b9265b61cba368bea06)
* Fix ignore_checksums_net with more than a single subnet not working (Tim Wojtulewicz, Corelight)
(cherry picked from commit 802dfd80c13c9c882a68dd9c41e67e8451c59031)
* Fix addr/string type confusion in Broker::peers() (Christian Kreibich, Corelight)
(cherry picked from commit 2bcaa33563ef51881fbd7caf512d7475460a830b)
* Fix some HTTP evasions. Now HTTP packets are correctly parsed, when CRLF is missing on a multipart
boundary / at packet boundaries. Fixes GH-1598 (jerome Grandvalet)
(cherry picked from commit 8b506ca113928334b6dadf4ff5f721ab093083d4)
* Under certain circumstances, Zeek processes could get into an infinite looping state inside RotationTimer.
This is fixed by handling special cases of rotation happening exactly on the time boundary, and fixing
a special case of timer expiration. Fixes GH-1689. (Sowmya Ramapatruni, Corelight)
(cherry picked from commit ec6b954499dedad6808b7343aee9a19ebd50de1d)
* GH-1684: Ensure that the time gets updated every pass if we're reading live traffic (Tim Wojtulewicz, Corelight)
This is necessary for e.g. packet sources that don't have a selectable
file descriptor. They'll always be ready on a very short timeout, but
won't necessarily have a packet to process. In these case, sometimes
the time won't get updated for a long time and timers don't function
correctly.
(cherry picked from 36972ba9e1b4ce63c29622a7a31e2c07e465c6cb)
* Bump highwayhash to pull in FreeBSD 14 fix (Christian Kreibich, Corelight)
(cherry picked from commit ca2c3cdc99b082fac27deee02a79c3c0f0a09a63)
4.0.3 | 2021-07-06 12:20:34 -0700
* Skip input framework entries with missing but non-optional fields (Christian Kreibich, Corelight)
* Fix segfault in input framework when reading unset fields (Christian Kreibich, Corelight)
(cherry picked from commit 181063634df7081a907a09bc0bf277209104dce0)
* Bump Highwayhash submodule to pull in fix for FreeBSD (Christian Kreibich, Corelight)
(cherry picked from commit a82fe94bcca06252d846239372da578605bae35e)
* Change the port used on the benchmark host, per request by Cirrus (Tim Wojtulewicz, Corelight)
* Deprecate stepping-stone analyzer events. (Johanna Amann, Corelight)
The analyzer will be removed for 4.1.
Relates to GH-1573
* Bump Broker submodule to get fix for memory corruption crash with python bindings (Dominik Charousset, Corelight)
(cherry picked from commit 7dd18ec90623db97861e986de202264515966dfd)
4.0.2 | 2021-06-02 10:25:30 -0700
* Replace toupper() usages in netbios decoding BIFs
This avoids potential for locale-dependent results of toupper() by
instead using a function that simply maps ASCII characters a-z to A-Z.
(cherry picked from commit cdab601223f978dbba580c16e7ec9f2e13f2eff4) (Jon Siwek, Corelight)
* Add some extra length checking when parsing mobile ipv6 packets
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34263
(Link to details becomes public 30 days after patch release)
(cherry picked from commit 54271657a838fc0ed822e2c75e0c1f5593877cef) (Tim Wojtulewicz, Corelight)
* GH-1296: fix type-checks related to list-type equality
List-types as used in composite table/set indices, for example,
previously had incorrect same_type() comparisons due to flattening
of the list-type into a single type without checking whether the
number and kind of types all match.
This patch simply removes the flatten_type() call from same_type() since
it was already contradicting/preventing a subsequent full-comparison
between elements of two TYPE_LISTs.
There was also a superfluous special-case of the `in` operator's
type-checking for testing whether a record is in a table/set. It's
superfluous because the general case will already do the type-checking
from MatchesIndex() after first wrapping the record operand in a
ListExpr. The previous logic was incorrectly relying on the
flatten_type() for testing equality of a record-type against a
list-type, whereas the general case correctly normalizes to testing
equality of two list-types.
The special-cased type-checking logic for assigning a record value to a
table index during its initialization similarly needed minor
re-organization in order to maintain the same error messages as before.
(cherry picked from commit 8c64ba6907d8c2cd8b204a9cf0ac3a73f4034487) (Jon Siwek, Corelight)
* Fix reading `vector of enum` types from config files (Jon Siwek, Corelight)
* Fix reading empty set[enum] values from config files (Jon Siwek, Corelight)
* Fixes to `decode_netbios_name` and `decode_netbios_name_type` BIFs
Fixes to `decode_netbios_name`:
* Improve validation that input string is a NetBIOS encoding
(32 bytes, with characters ranging from 'A' to 'P'). This helps
prevent Undefined Behavior of left-shifting negative values.
Invalid encodings now cause a return-value of an empty string.
* More liberal in what decoded characters are allowed. Namely,
spaces are now allowed (but any trailing null-bytes and spaces
are trimmed, similar to before).
Fixes to `decode_netbios_name_type`:
* Improve validation that input string is a NetBIOS encoding
(32 bytes, with characters ranging from 'A' to 'P'). This helps
prevent Undefined Behavior of left-shifting negative values and
a heap-buffer-overread when the input string is too small.
Invalid encodings now cause a return-value of 256.
(cherry picked from commit 76fb1e7fd0ef2057b05fbe8cddc2479019de78b8) (Jon Siwek, Corelight)
* Add missing zeek/ to header includes
Related to https://github.com/zeek/zeek/pull/1377 (Jon Siwek, Corelight)
* Fix using clear_table() within an &expire_func
This previously crashed since clear_table()/TableVal::RemoveAll() left
behind a stale iterator to the old table causing a heap-use-after-free
when resuming table expiry iteration in TableVal::DoExpire().
(cherry picked from commit d51bd4bc4675d4d7234da0d11e31dbede5efe17c) (Jon Siwek, Corelight)
* Add a fatal error condition for invalid Dictionary insertion distances
When choosing poor/aggressive values for `table_expire_interval`,
`table_expire_delay`, and/or `table_incremental_step` that tend to
leave tables in state of constant table-expiry-iteration, the underlying
Dictionary is never allowed the chance to complete remapping operations
which re-position entries to more ideal locations (e.g. after
reallocating the table to be able to store more entries).
That situation not only leads to the Dictionary generally having a less
efficient structure, but eventually, the lack of re-positioning may
cause an insertion to calculate the new entry's
distance-from-ideal-position to be a value requiring a full 16-bits or
more (>=65535), but an entry only allows storing 16-bit distance values,
with 65535 being a sentinel value that is supposed to indicate an empty
entry. Dictionary operations may start misbehaving if that's allowed to
happen.
(cherry picked from commit 292e3e18a3691d835b2d52ab8462a90ae47b0ae7) (Jon Siwek, Corelight)
4.0.1 | 2021-04-21 10:48:26 -0700
* Release 4.0.1.
* Fix copy()/cloning vectors that have holes (indices w/ null values) (Jon Siwek, Corelight)
* Fix crash on reading invalid set[enum] from config/input file (Tim Wojtulewicz, Corelight)
Attempting to read an invalid enum name into a set[enum] from a
config-file or input-file causes a null-pointer dereference.
* Allow/fix CRLF line-endings in Zeek scripts and signature files (Jon Siwek, Corelight)
* GH-1450: Improve printing/logging of large double/interval/time values (Jon Siwek, Corelight)
The modp_dtoa/modp_dtoa2 functions aren't capable of handling double
values larger than INT_MAX and fallback on using sprintf() in that
situation. Previously, the format string to that sprintf() was "%e",
defaulting to a precision of 6, which is already too few digits to
represent a number known to be larger than INT_MAX. Now, an sprintf()
is still performed for values larger than INT_MAX and still uses a
scientific notation format, but in a way that uses as many decimal
digits as needed to preserve information.
* GH-1507: Tolerate junk data before SIP requests (Jon Siwek, Corelight)
This allows for data that won't match a SIP request method to precede an
actual request and generates a new 'sip_junk_before_request' weird when
encountering such a situation.
* Fix indexing of set/table types with a vector (Jon Siwek, Corelight)
Previously, these caused an internal-error/crash.
* GH-1506: Fix Broker unserialization of set/table function indices (Jon Siwek, Corelight)
* GH-1496: Fix build on armv7 architecture (Jon Siwek, Corelight)
* Add a check for null packet data in pcap IOSource (Jon Siwek, Corelight)
Some libpcaps (observed in Myricom's) may claim to have read a packet,
but either did not really read a packet or at least provide no way
to access its contents, so this adds a check for null-data to
handle those cases.
* GH-1493: Fix build with -DENABLE_MOBILE_IPV6 (Tim Wojtulewicz, Corelight)
* Prevent use of LeakSanitizer on FreeBSD (Jon Siwek, Corelight)
* Fix potential for missing timestamps in SMB logs (Seth Hall, Corelight)
* Fix musl (Void/Alpine) build due to incomplete-type for struct timeval (Andrew Benson)
* GH-960: Fix include order of bundled header files (Jon Siwek, Corelight)
Previously, a system-wide installation of any bundled auxil/ software
(like CAF) may get found/included rather than the bundled version and
possibly break the build.
* Fix missing user_agent existence check in smtp/software.zeek (Michael Dopheide)
This causes reporter.log error noise, but no functional difference
* GH-1454: Heartbleed: fix substraction order. (Johanna Amann)
Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests notices
where number of server heartbeats is greater than number of client
heartbeats.
The larger number was substracted from the smaller one leading to an
integer overflow. However, no information was lost due to everything
also being present in the notice message.
* Fix parsing of ERSPAN Type I (Gorka Olalde Mendia)
Co-authored-by: Markel Elorza Alvarez <melorzaalvarez%gmail.com@localhost>
Co-authored-by: Ivan Arrizabalaga Cupido <ivanarrcup%gmail.com@localhost>
* Fix INSTALL symlink (Jon Siwek, Corelight)
* CI: Add OpenSUSE Leap 15.2 (Johanna Amann, Corelight)
* Fix potential mime type detection bug in IRC/FTP file_transferred event (Johanna Amann, Corelight)
The files framework uses strncpy to copy data into the buffer that is
used for IRC/FTP mime type detection. From all I can tell that means
that, in these cases, currently mime type detection will be messed up if
the data being passed in contains zero bytes.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=c17e6a17ef3f58442162094c2cd28adcec689063
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
zeek/Makefile | 49 +-
zeek/PLIST | 533 +--------------------
zeek/TODO | 6 +
zeek/distinfo | 16 +-
zeek/patches/patch-CMakeLists.txt | 16 +-
zeek/patches/patch-auxil_broker_CMakeLists.txt | 22 +
...h-auxil_highwayhash_highwayhash_os__specific.cc | 42 ++
.../patch-auxil_zeek-archiver_zeek-archiver.cc | 13 +
zeek/patches/patch-src_CMakeLists.txt | 45 ++
.../patch-src_input_readers_sqlite_SQLite.h | 15 +
.../patch-src_logging_writers_sqlite_SQLite.h | 15 +
.../patch-src_packet__analysis_protocol_arp_ARP.h | 14 +
zeek/patches/patch-src_zeek-setup.cc | 15 +
13 files changed, 257 insertions(+), 544 deletions(-)
diffs:
diff --git a/zeek/Makefile b/zeek/Makefile
index 6cfbf7bc43..6509f7d803 100644
--- a/zeek/Makefile
+++ b/zeek/Makefile
@@ -1,6 +1,6 @@
# $NetBSD$
-DISTNAME= zeek-4.0.0
+DISTNAME= zeek-4.0.4
CATEGORIES= net security
MASTER_SITES= ${MASTER_SITE_GITHUB:=zeek/}
GITHUB_RELEASE= v${PKGVERSION_NOREV}
@@ -14,23 +14,23 @@ DEPENDS+= ${PYPKGPREFIX}-sqlite3-[0-9]*:../../databases/py-sqlite3
GCC_REQD+= 7
USE_LANGUAGES= c c++17
-USE_TOOLS+= bash:run bison cmake flex pkg-config
+USE_CMAKE= yes
+USE_TOOLS+= bash:run bison flex pkg-config
BUILD_DEFS+= VARBASE
-CONFIGURE_ARGS+= --prefix=${PREFIX}
-CONFIGURE_ARGS+= --mandir=${PREFIX}/${PKGMANDIR}
-CONFIGURE_ARGS+= --logdir=${VARBASE}/log/${PKGBASE}
-CONFIGURE_ARGS+= --spooldir=${VARBASE}/spool/${PKGBASE}
-CONFIGURE_ARGS+= --conf-files-dir=${PKG_SYSCONFDIR}
-HAS_CONFIGURE= yes
PKG_SYSCONFSUBDIR= ${PKGBASE}
-PKGCONFIG_OVERRIDE+= auxil/libkqueue/libkqueue.pc.in
-PKGCONFIG_OVERRIDE+= auxil/rapidjson/RapidJSON.pc.in
-PKGCONFIG_OVERRIDE+= auxil/rapidjson/thirdparty/gtest/googlemock/cmake/gmock.pc.in
-PKGCONFIG_OVERRIDE+= auxil/rapidjson/thirdparty/gtest/googlemock/cmake/gmock_main.pc.in
-PKGCONFIG_OVERRIDE+= auxil/rapidjson/thirdparty/gtest/googletest/cmake/gtest.pc.in
-PKGCONFIG_OVERRIDE+= auxil/rapidjson/thirdparty/gtest/googletest/cmake/gtest_main.pc.in
+CONFIGURE_DIRS= build
+CMAKE_ARGS+= -DINSTALL_ZEEK_ARCHIVER:BOOL=ON
+CMAKE_ARGS+= -DINSTALL_ZEEKCTL:BOOL=ON
+CMAKE_ARGS+= -DINSTALL_ZKG:BOOL=ON
+CMAKE_ARGS+= -DZEEK_ETC_INSTALL_DIR:PATH=${PKG_SYSCONFDIR}
+CMAKE_ARGS+= -DZEEK_MAN_INSTALL_PATH:PATH=${PREFIX}/${PKGMANDIR}
+CMAKE_ARGS+= -DCAF_ROOT:BOOL=ON # use pkgsrc CAF(actors-framework)
+CMAKE_ARG_PATH= ..
+
+pre-configure:
+ ${RUN} mkdir ${WRKSRC}/build
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
CONF_FILES= ${EGDIR}/networks.cfg ${PKG_SYSCONFDIR}/networks.cfg
@@ -79,6 +79,20 @@ REPLACE_PYTHON+= auxil/btest/btest-setsid
REPLACE_PYTHON+= auxil/package-manager/zkg
REPLACE_PYTHON+= auxil/zeekctl/bin/stats-to-csv
REPLACE_PYTHON+= auxil/zeekctl/bin/zeekctl.in
+#REPLACE_BASH+= testing/scripts/diff-canonifier
+#REPLACE_BASH+= testing/scripts/diff-canonifier-external
+#REPLACE_BASH+= testing/scripts/diff-remove-abspath
+#REPLACE_BASH+= testing/scripts/diff-remove-fields
+#REPLACE_BASH+= testing/scripts/diff-remove-file-ids
+#REPLACE_BASH+= testing/scripts/diff-remove-fractions
+#REPLACE_BASH+= testing/scripts/diff-remove-openclose-timestamps
+#REPLACE_BASH+= testing/scripts/diff-remove-timestamps
+#REPLACE_BASH+= testing/scripts/diff-remove-uids
+#REPLACE_BASH+= testing/scripts/diff-remove-x509-key-info
+#REPLACE_BASH+= testing/scripts/diff-remove-x509-names
+#REPLACE_BASH+= testing/scripts/diff-sort
+#REPLACE_BASH+= testing/scripts/diff-sort-conn-service
+#REPLACE_BASH+= testing/scripts/diff-sort-set-elements
INSTALLATION_DIRS+= ${EGDIR}
@@ -113,9 +127,14 @@ fix-darwin-install-name:
done
.endif
-.include "../../devel/swig3/buildlink3.mk"
+.include "../../databases/sqlite3/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
+.include "../../geography/libmaxminddb/buildlink3.mk"
.include "../../lang/python/application.mk"
+.include "../../lang/python/tool.mk"
.include "../../net/libpcap/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
+.include "../../textproc/rapidjson/buildlink3.mk"
+.include "../../wip/actor-framework/buildlink3.mk"
+.include "../../wip/swig4/tool.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/zeek/PLIST b/zeek/PLIST
index 2c93c2a2c4..b8b6ee8378 100644
--- a/zeek/PLIST
+++ b/zeek/PLIST
@@ -3,29 +3,15 @@ bin/bifcl
bin/binpac
bin/bro
bin/bro-config
-bin/bro-cut
bin/broctl
bin/broker-benchmark
bin/broker-cluster-benchmark
-bin/btest
-bin/btest-ask-update
-bin/btest-bg-run
-bin/btest-bg-run-helper
-bin/btest-bg-wait
-bin/btest-diff
-bin/btest-diff-rst
-bin/btest-progress
-bin/btest-rst-cmd
-bin/btest-rst-include
-bin/btest-rst-pipe
-bin/btest-setsid
bin/capstats
bin/paraglob-test
bin/trace-summary
bin/zeek
bin/zeek-archiver
bin/zeek-config
-bin/zeek-cut
bin/zeek-wrapper
bin/zeekctl
bin/zkg
@@ -131,492 +117,6 @@ include/broker/timeout.hh
include/broker/topic.hh
include/broker/version.hh
include/broker/zeek.hh
-include/caf/abstract_actor.hpp
-include/caf/abstract_channel.hpp
-include/caf/abstract_group.hpp
-include/caf/actor.hpp
-include/caf/actor_addr.hpp
-include/caf/actor_cast.hpp
-include/caf/actor_clock.hpp
-include/caf/actor_companion.hpp
-include/caf/actor_config.hpp
-include/caf/actor_control_block.hpp
-include/caf/actor_factory.hpp
-include/caf/actor_ostream.hpp
-include/caf/actor_pool.hpp
-include/caf/actor_profiler.hpp
-include/caf/actor_proxy.hpp
-include/caf/actor_registry.hpp
-include/caf/actor_storage.hpp
-include/caf/actor_system.hpp
-include/caf/actor_system_config.hpp
-include/caf/actor_traits.hpp
-include/caf/after.hpp
-include/caf/all.hpp
-include/caf/allowed_unsafe_message_type.hpp
-include/caf/atom.hpp
-include/caf/attach_continuous_stream_source.hpp
-include/caf/attach_continuous_stream_stage.hpp
-include/caf/attach_stream_sink.hpp
-include/caf/attach_stream_source.hpp
-include/caf/attach_stream_stage.hpp
-include/caf/attachable.hpp
-include/caf/behavior.hpp
-include/caf/behavior_policy.hpp
-include/caf/binary_deserializer.hpp
-include/caf/binary_serializer.hpp
-include/caf/blocking_actor.hpp
-include/caf/broadcast_downstream_manager.hpp
-include/caf/buffered_downstream_manager.hpp
-include/caf/byte.hpp
-include/caf/byte_address.hpp
-include/caf/byte_buffer.hpp
-include/caf/byte_span.hpp
-include/caf/caf_main.hpp
-include/caf/callback.hpp
-include/caf/catch_all.hpp
-include/caf/check_typed_input.hpp
-include/caf/composed_type.hpp
-include/caf/config.hpp
-include/caf/config_option.hpp
-include/caf/config_option_adder.hpp
-include/caf/config_option_set.hpp
-include/caf/config_value.hpp
-include/caf/config_value_reader.hpp
-include/caf/config_value_writer.hpp
-include/caf/const_typed_message_view.hpp
-include/caf/cow_tuple.hpp
-include/caf/credit_controller.hpp
-include/caf/decorator/sequencer.hpp
-include/caf/decorator/splitter.hpp
-include/caf/deduce_mpi.hpp
-include/caf/deep_to_string.hpp
-include/caf/default_attachable.hpp
-include/caf/default_downstream_manager.hpp
-include/caf/default_enum_inspect.hpp
-include/caf/default_sum_type_access.hpp
-include/caf/defaults.hpp
-include/caf/delegated.hpp
-include/caf/deserializer.hpp
-include/caf/detail/abstract_worker.hpp
-include/caf/detail/abstract_worker_hub.hpp
-include/caf/detail/algorithms.hpp
-include/caf/detail/append_hex.hpp
-include/caf/detail/append_percent_encoded.hpp
-include/caf/detail/apply_args.hpp
-include/caf/detail/arg_wrapper.hpp
-include/caf/detail/as_mutable_ref.hpp
-include/caf/detail/assign_inspector_try_result.hpp
-include/caf/detail/behavior_impl.hpp
-include/caf/detail/behavior_stack.hpp
-include/caf/detail/blocking_behavior.hpp
-include/caf/detail/bounds_checker.hpp
-include/caf/detail/build_config.hpp
-include/caf/detail/call_cfun.hpp
-include/caf/detail/cas_weak.hpp
-include/caf/detail/comparable.hpp
-include/caf/detail/config_consumer.hpp
-include/caf/detail/consumer.hpp
-include/caf/detail/core_export.hpp
-include/caf/detail/default_invoke_result_visitor.hpp
-include/caf/detail/delegate_serialize.hpp
-include/caf/detail/double_ended_queue.hpp
-include/caf/detail/encode_base64.hpp
-include/caf/detail/enqueue_result.hpp
-include/caf/detail/functor_attachable.hpp
-include/caf/detail/gcd.hpp
-include/caf/detail/get_mac_addresses.hpp
-include/caf/detail/get_process_id.hpp
-include/caf/detail/get_root_uuid.hpp
-include/caf/detail/glob_match.hpp
-include/caf/detail/group_tunnel.hpp
-include/caf/detail/ieee_754.hpp
-include/caf/detail/implicit_conversions.hpp
-include/caf/detail/init_fun_factory.hpp
-include/caf/detail/int_list.hpp
-include/caf/detail/invoke_result_visitor.hpp
-include/caf/detail/io_export.hpp
-include/caf/detail/is_complete.hpp
-include/caf/detail/is_one_of.hpp
-include/caf/detail/limited_vector.hpp
-include/caf/detail/local_group_module.hpp
-include/caf/detail/log_level.hpp
-include/caf/detail/make_meta_object.hpp
-include/caf/detail/make_unique.hpp
-include/caf/detail/mask_bits.hpp
-include/caf/detail/message_builder_element.hpp
-include/caf/detail/message_data.hpp
-include/caf/detail/meta_object.hpp
-include/caf/detail/move_if_not_ptr.hpp
-include/caf/detail/network_order.hpp
-include/caf/detail/offset_at.hpp
-include/caf/detail/openssl_export.hpp
-include/caf/detail/optional_message_visitor.hpp
-include/caf/detail/overload.hpp
-include/caf/detail/padded_size.hpp
-include/caf/detail/parse.hpp
-include/caf/detail/parser/add_ascii.hpp
-include/caf/detail/parser/ascii_to_int.hpp
-include/caf/detail/parser/chars.hpp
-include/caf/detail/parser/fsm.hpp
-include/caf/detail/parser/fsm_undef.hpp
-include/caf/detail/parser/is_char.hpp
-include/caf/detail/parser/is_digit.hpp
-include/caf/detail/parser/read_bool.hpp
-include/caf/detail/parser/read_config.hpp
-include/caf/detail/parser/read_floating_point.hpp
-include/caf/detail/parser/read_ipv4_address.hpp
-include/caf/detail/parser/read_ipv6_address.hpp
-include/caf/detail/parser/read_number.hpp
-include/caf/detail/parser/read_number_or_timespan.hpp
-include/caf/detail/parser/read_signed_integer.hpp
-include/caf/detail/parser/read_string.hpp
-include/caf/detail/parser/read_timespan.hpp
-include/caf/detail/parser/read_unsigned_integer.hpp
-include/caf/detail/parser/read_uri.hpp
-include/caf/detail/parser/sub_ascii.hpp
-include/caf/detail/path_state.hpp
-include/caf/detail/pp.hpp
-include/caf/detail/pretty_type_name.hpp
-include/caf/detail/print.hpp
-include/caf/detail/private_thread.hpp
-include/caf/detail/private_thread_pool.hpp
-include/caf/detail/profiled_send.hpp
-include/caf/detail/prometheus_broker.hpp
-include/caf/detail/pseudo_tuple.hpp
-include/caf/detail/raw_access.hpp
-include/caf/detail/remote_group_module.hpp
-include/caf/detail/ringbuffer.hpp
-include/caf/detail/ripemd_160.hpp
-include/caf/detail/safe_equal.hpp
-include/caf/detail/scope_guard.hpp
-include/caf/detail/select_all.hpp
-include/caf/detail/select_integer_type.hpp
-include/caf/detail/serialized_size.hpp
-include/caf/detail/set_thread_name.hpp
-include/caf/detail/shared_spinlock.hpp
-include/caf/detail/simple_actor_clock.hpp
-include/caf/detail/size_based_credit_controller.hpp
-include/caf/detail/socket_guard.hpp
-include/caf/detail/spawn_fwd.hpp
-include/caf/detail/spawnable.hpp
-include/caf/detail/split_join.hpp
-include/caf/detail/squashed_int.hpp
-include/caf/detail/stream_distribution_tree.hpp
-include/caf/detail/stream_sink_driver_impl.hpp
-include/caf/detail/stream_sink_impl.hpp
-include/caf/detail/stream_source_driver_impl.hpp
-include/caf/detail/stream_source_impl.hpp
-include/caf/detail/stream_stage_driver_impl.hpp
-include/caf/detail/stream_stage_impl.hpp
-include/caf/detail/stringification_inspector.hpp
-include/caf/detail/sync_request_bouncer.hpp
-include/caf/detail/tail_argument_token.hpp
-include/caf/detail/tbind.hpp
-include/caf/detail/test_actor_clock.hpp
-include/caf/detail/thread_safe_actor_clock.hpp
-include/caf/detail/tick_emitter.hpp
-include/caf/detail/token_based_credit_controller.hpp
-include/caf/detail/try_serialize.hpp
-include/caf/detail/type_id_list_builder.hpp
-include/caf/detail/type_list.hpp
-include/caf/detail/type_pair.hpp
-include/caf/detail/type_traits.hpp
-include/caf/detail/typed_actor_util.hpp
-include/caf/detail/unique_function.hpp
-include/caf/detail/unordered_flat_map.hpp
-include/caf/detail/variant_data.hpp
-include/caf/detail/worker_hub.hpp
-include/caf/dictionary.hpp
-include/caf/downstream.hpp
-include/caf/downstream_manager.hpp
-include/caf/downstream_manager_base.hpp
-include/caf/downstream_msg.hpp
-include/caf/error.hpp
-include/caf/error_code.hpp
-include/caf/event_based_actor.hpp
-include/caf/exec_main.hpp
-include/caf/execution_unit.hpp
-include/caf/exit_reason.hpp
-include/caf/expected.hpp
-include/caf/extend.hpp
-include/caf/forwarding_actor_proxy.hpp
-include/caf/function_view.hpp
-include/caf/fused_downstream_manager.hpp
-include/caf/fwd.hpp
-include/caf/group.hpp
-include/caf/group_manager.hpp
-include/caf/group_module.hpp
-include/caf/hash/fnv.hpp
-include/caf/hash/sha1.hpp
-include/caf/illegal_message_element.hpp
-include/caf/inbound_path.hpp
-include/caf/infer_handle.hpp
-include/caf/init_global_meta_objects.hpp
-include/caf/input_range.hpp
-include/caf/inspector_access.hpp
-include/caf/inspector_access_base.hpp
-include/caf/inspector_access_type.hpp
-include/caf/interface_mismatch.hpp
-include/caf/intrusive/drr_cached_queue.hpp
-include/caf/intrusive/drr_queue.hpp
-include/caf/intrusive/fifo_inbox.hpp
-include/caf/intrusive/forward_iterator.hpp
-include/caf/intrusive/inbox_result.hpp
-include/caf/intrusive/lifo_inbox.hpp
-include/caf/intrusive/new_round_result.hpp
-include/caf/intrusive/singly_linked.hpp
-include/caf/intrusive/task_queue.hpp
-include/caf/intrusive/task_result.hpp
-include/caf/intrusive/wdrr_dynamic_multiplexed_queue.hpp
-include/caf/intrusive/wdrr_fixed_multiplexed_queue.hpp
-include/caf/intrusive_cow_ptr.hpp
-include/caf/intrusive_ptr.hpp
-include/caf/invalid_stream.hpp
-include/caf/invoke_message_result.hpp
-include/caf/io/abstract_broker.hpp
-include/caf/io/accept_handle.hpp
-include/caf/io/all.hpp
-include/caf/io/basp/all.hpp
-include/caf/io/basp/connection_state.hpp
-include/caf/io/basp/endpoint_context.hpp
-include/caf/io/basp/fwd.hpp
-include/caf/io/basp/header.hpp
-include/caf/io/basp/instance.hpp
-include/caf/io/basp/message_queue.hpp
-include/caf/io/basp/message_type.hpp
-include/caf/io/basp/remote_message_handler.hpp
-include/caf/io/basp/routing_table.hpp
-include/caf/io/basp/version.hpp
-include/caf/io/basp/worker.hpp
-include/caf/io/basp_broker.hpp
-include/caf/io/broker.hpp
-include/caf/io/broker_servant.hpp
-include/caf/io/close.hpp
-include/caf/io/connect.hpp
-include/caf/io/connection_handle.hpp
-include/caf/io/connection_helper.hpp
-include/caf/io/datagram_handle.hpp
-include/caf/io/datagram_servant.hpp
-include/caf/io/doorman.hpp
-include/caf/io/fwd.hpp
-include/caf/io/handle.hpp
-include/caf/io/middleman.hpp
-include/caf/io/middleman_actor.hpp
-include/caf/io/middleman_actor_impl.hpp
-include/caf/io/network/acceptor.hpp
-include/caf/io/network/acceptor_impl.hpp
-include/caf/io/network/acceptor_manager.hpp
-include/caf/io/network/datagram_handler.hpp
-include/caf/io/network/datagram_handler_impl.hpp
-include/caf/io/network/datagram_manager.hpp
-include/caf/io/network/datagram_servant_impl.hpp
-include/caf/io/network/default_multiplexer.hpp
-include/caf/io/network/doorman_impl.hpp
-include/caf/io/network/event_handler.hpp
-include/caf/io/network/interfaces.hpp
-include/caf/io/network/ip_endpoint.hpp
-include/caf/io/network/manager.hpp
-include/caf/io/network/multiplexer.hpp
-include/caf/io/network/native_socket.hpp
-include/caf/io/network/operation.hpp
-include/caf/io/network/pipe_reader.hpp
-include/caf/io/network/protocol.hpp
-include/caf/io/network/receive_buffer.hpp
-include/caf/io/network/rw_state.hpp
-include/caf/io/network/scribe_impl.hpp
-include/caf/io/network/stream.hpp
-include/caf/io/network/stream_impl.hpp
-include/caf/io/network/stream_manager.hpp
-include/caf/io/network/test_multiplexer.hpp
-include/caf/io/open.hpp
-include/caf/io/publish.hpp
-include/caf/io/publish_local_groups.hpp
-include/caf/io/receive_policy.hpp
-include/caf/io/remote_actor.hpp
-include/caf/io/remote_group.hpp
-include/caf/io/scribe.hpp
-include/caf/io/system_messages.hpp
-include/caf/io/typed_broker.hpp
-include/caf/io/unpublish.hpp
-include/caf/ip_address.hpp
-include/caf/ip_endpoint.hpp
-include/caf/ip_subnet.hpp
-include/caf/ipv4_address.hpp
-include/caf/ipv4_endpoint.hpp
-include/caf/ipv4_subnet.hpp
-include/caf/ipv6_address.hpp
-include/caf/ipv6_endpoint.hpp
-include/caf/ipv6_subnet.hpp
-include/caf/is_actor_handle.hpp
-include/caf/is_error_code_enum.hpp
-include/caf/is_message_sink.hpp
-include/caf/is_timeout_or_catch_all.hpp
-include/caf/is_typed_actor.hpp
-include/caf/load_inspector.hpp
-include/caf/load_inspector_base.hpp
-include/caf/local_actor.hpp
-include/caf/locks.hpp
-include/caf/logger.hpp
-include/caf/mailbox_element.hpp
-include/caf/make_actor.hpp
-include/caf/make_config_option.hpp
-include/caf/make_copy_on_write.hpp
-include/caf/make_counted.hpp
-include/caf/make_message.hpp
-include/caf/make_sink_result.hpp
-include/caf/make_source_result.hpp
-include/caf/make_stage_result.hpp
-include/caf/may_have_timeout.hpp
-include/caf/memory_managed.hpp
-include/caf/message.hpp
-include/caf/message_builder.hpp
-include/caf/message_handler.hpp
-include/caf/message_id.hpp
-include/caf/message_priority.hpp
-include/caf/meta/annotation.hpp
-include/caf/meta/hex_formatted.hpp
-include/caf/meta/load_callback.hpp
-include/caf/meta/omittable.hpp
-include/caf/meta/omittable_if_empty.hpp
-include/caf/meta/omittable_if_none.hpp
-include/caf/meta/save_callback.hpp
-include/caf/meta/type_name.hpp
-include/caf/mixin/actor_widget.hpp
-include/caf/mixin/behavior_changer.hpp
-include/caf/mixin/requester.hpp
-include/caf/mixin/sender.hpp
-include/caf/mixin/subscriber.hpp
-include/caf/monitorable_actor.hpp
-include/caf/no_stages.hpp
-include/caf/node_id.hpp
-include/caf/none.hpp
-include/caf/openssl/all.hpp
-include/caf/openssl/manager.hpp
-include/caf/openssl/middleman_actor.hpp
-include/caf/openssl/publish.hpp
-include/caf/openssl/remote_actor.hpp
-include/caf/openssl/session.hpp
-include/caf/openssl/unpublish.hpp
-include/caf/optional.hpp
-include/caf/others.hpp
-include/caf/outbound_path.hpp
-include/caf/parser_state.hpp
-include/caf/pec.hpp
-include/caf/policy/arg.hpp
-include/caf/policy/categorized.hpp
-include/caf/policy/downstream_messages.hpp
-include/caf/policy/normal_messages.hpp
-include/caf/policy/scheduler_policy.hpp
-include/caf/policy/select_all.hpp
-include/caf/policy/select_any.hpp
-include/caf/policy/single_response.hpp
-include/caf/policy/tcp.hpp
-include/caf/policy/udp.hpp
-include/caf/policy/unprofiled.hpp
-include/caf/policy/upstream_messages.hpp
-include/caf/policy/urgent_messages.hpp
-include/caf/policy/work_sharing.hpp
-include/caf/policy/work_stealing.hpp
-include/caf/prohibit_top_level_spawn_marker.hpp
-include/caf/proxy_registry.hpp
-include/caf/raise_error.hpp
-include/caf/ref_counted.hpp
-include/caf/replies_to.hpp
-include/caf/response_handle.hpp
-include/caf/response_promise.hpp
-include/caf/response_type.hpp
-include/caf/result.hpp
-include/caf/resumable.hpp
-include/caf/save_inspector.hpp
-include/caf/save_inspector_base.hpp
-include/caf/scheduled_actor.hpp
-include/caf/scheduler.hpp
-include/caf/scheduler/abstract_coordinator.hpp
-include/caf/scheduler/coordinator.hpp
-include/caf/scheduler/profiled_coordinator.hpp
-include/caf/scheduler/test_coordinator.hpp
-include/caf/scheduler/worker.hpp
-include/caf/scoped_actor.hpp
-include/caf/scoped_execution_unit.hpp
-include/caf/sec.hpp
-include/caf/send.hpp
-include/caf/serializer.hpp
-include/caf/settings.hpp
-include/caf/skip.hpp
-include/caf/span.hpp
-include/caf/spawn_options.hpp
-include/caf/stateful_actor.hpp
-include/caf/static_visitor.hpp
-include/caf/stream.hpp
-include/caf/stream_aborter.hpp
-include/caf/stream_finalize_trait.hpp
-include/caf/stream_manager.hpp
-include/caf/stream_priority.hpp
-include/caf/stream_sink.hpp
-include/caf/stream_sink_driver.hpp
-include/caf/stream_sink_trait.hpp
-include/caf/stream_slot.hpp
-include/caf/stream_source.hpp
-include/caf/stream_source_driver.hpp
-include/caf/stream_source_trait.hpp
-include/caf/stream_stage.hpp
-include/caf/stream_stage_driver.hpp
-include/caf/stream_stage_trait.hpp
-include/caf/string_algorithms.hpp
-include/caf/string_view.hpp
-include/caf/sum_type.hpp
-include/caf/sum_type_access.hpp
-include/caf/sum_type_token.hpp
-include/caf/system_messages.hpp
-include/caf/tag/boxing_type.hpp
-include/caf/telemetry/collector/prometheus.hpp
-include/caf/telemetry/counter.hpp
-include/caf/telemetry/dbl_gauge.hpp
-include/caf/telemetry/gauge.hpp
-include/caf/telemetry/histogram.hpp
-include/caf/telemetry/int_gauge.hpp
-include/caf/telemetry/label.hpp
-include/caf/telemetry/label_view.hpp
-include/caf/telemetry/metric.hpp
-include/caf/telemetry/metric_family.hpp
-include/caf/telemetry/metric_family_impl.hpp
-include/caf/telemetry/metric_impl.hpp
-include/caf/telemetry/metric_registry.hpp
-include/caf/telemetry/metric_type.hpp
-include/caf/telemetry/timer.hpp
-include/caf/term.hpp
-include/caf/test/bdd_dsl.hpp
-include/caf/test/dsl.hpp
-include/caf/test/io_dsl.hpp
-include/caf/test/unit_test.hpp
-include/caf/test/unit_test_impl.hpp
-include/caf/thread_hook.hpp
-include/caf/timeout_definition.hpp
-include/caf/timespan.hpp
-include/caf/timestamp.hpp
-include/caf/tracing_data.hpp
-include/caf/tracing_data_factory.hpp
-include/caf/type_erased_value.hpp
-include/caf/type_id.hpp
-include/caf/type_id_list.hpp
-include/caf/typed_actor.hpp
-include/caf/typed_actor_pointer.hpp
-include/caf/typed_actor_view.hpp
-include/caf/typed_actor_view_base.hpp
-include/caf/typed_behavior.hpp
-include/caf/typed_event_based_actor.hpp
-include/caf/typed_message_view.hpp
-include/caf/typed_response_promise.hpp
-include/caf/unifyn.hpp
-include/caf/unit.hpp
-include/caf/unsafe_behavior_init.hpp
-include/caf/upstream_msg.hpp
-include/caf/uri.hpp
-include/caf/uri_builder.hpp
-include/caf/uuid.hpp
-include/caf/variant.hpp
-include/caf/weak_intrusive_ptr.hpp
include/paraglob/exceptions.h
include/paraglob/node.h
include/paraglob/paraglob.h
@@ -658,7 +158,6 @@ include/zeek/3rdparty/rapidjson/include/rapidjson/schema.h
include/zeek/3rdparty/rapidjson/include/rapidjson/stream.h
include/zeek/3rdparty/rapidjson/include/rapidjson/stringbuffer.h
include/zeek/3rdparty/rapidjson/include/rapidjson/writer.h
-include/zeek/3rdparty/sqlite3.h
include/zeek/Anon.h
include/zeek/Attr.h
include/zeek/Base64.h
@@ -1265,22 +764,12 @@ include/zeek/zeekygen/Target.h
include/zeek/zeekygen/utils.h
include/zeek/zeekygen/zeekygen.bif.h
lib/broctl
-lib/cmake/CAF/CAFConfig.cmake
-lib/cmake/CAF/CAFConfigVersion.cmake
-lib/cmake/CAF/CAFTargets-relwithdebinfo.cmake
-lib/cmake/CAF/CAFTargets.cmake
-lib/libbinpac.0.57.dylib
-lib/libbinpac.0.dylib
-lib/libbinpac.dylib
-lib/libbroker.2.0.dylib
-lib/libbroker.2.dylib
-lib/libbroker.dylib
-lib/libcaf_core.0.18.0.dylib
-lib/libcaf_core.dylib
-lib/libcaf_io.0.18.0.dylib
-lib/libcaf_io.dylib
-lib/libcaf_openssl.0.18.0.dylib
-lib/libcaf_openssl.dylib
+lib/libbinpac.so
+lib/libbinpac.so.0
+lib/libbinpac.so.0.57
+lib/libbroker.so
+lib/libbroker.so.2.0
+lib/libbroker.so.3
lib/libparaglob.a
lib/zeek/python/SubnetTree.py
lib/zeek/python/_SubnetTree.so
@@ -1288,7 +777,6 @@ lib/zeek/python/broker/__init__.py
lib/zeek/python/broker/_broker.so
lib/zeek/python/broker/bro.py
lib/zeek/python/broker/zeek.py
-lib/zeek/python/btest-sphinx.py
lib/zeek/python/zeekctl/BroControl/__init__.py
lib/zeek/python/zeekctl/BroControl/cmdresult.py
lib/zeek/python/zeekctl/BroControl/config.py
@@ -1327,7 +815,6 @@ lib/zeek/python/zeekpkg/manager.py
lib/zeek/python/zeekpkg/package.py
lib/zeek/python/zeekpkg/source.py
man/man1/trace-summary.1
-man/man1/zeek-cut.1
man/man1/zkg.1
man/man8/zeek.8
man/man8/zeekctl.8
@@ -1992,9 +1479,9 @@ share/zeekctl/scripts/send-mail
share/zeekctl/scripts/set-zeek-path
share/zeekctl/scripts/stats-to-csv
share/zeekctl/scripts/zeekctl-config.sh
-var/spool/zeek/zeekctl-config.sh
-@pkgdir var/spool/zeek/tmp
-@pkgdir var/spool/zeek/brokerstore
-@pkgdir var/log/zeek
+spool/zeekctl-config.sh
@pkgdir var/lib/zkg
+@pkgdir spool/tmp
+@pkgdir spool/brokerstore
+@pkgdir logs
@pkgdir lib/zeek/plugins
diff --git a/zeek/TODO b/zeek/TODO
index 835ba47585..ce9ba18108 100644
--- a/zeek/TODO
+++ b/zeek/TODO
@@ -1,2 +1,8 @@
This package has known vulnerabilities, please investigate and fix if possible:
CVE-2021-41732
+
+nros: CVE-2021-41732 seems to be nothing according to the zeek developers:
+ see: https://github.com/zeek/zeek/issues/1798
+
+nros: how to get the package to find the python version that is
+ PYTHON_VERSION_DEFAULT without adding lang/python/tool.mk ?
diff --git a/zeek/distinfo b/zeek/distinfo
index 8f057340f8..8c650787ba 100644
--- a/zeek/distinfo
+++ b/zeek/distinfo
@@ -1,7 +1,15 @@
$NetBSD$
-RMD160 (zeek-4.0.0.tar.gz) = 2b1d815cccfeda88b59886d87ac6e3a43b29a808
-SHA512 (zeek-4.0.0.tar.gz) = 072ec9ca541f60619e9e214594bef3fdacb546140cdf7f80e85aa69cc783c9dd4a7b54af85be713645419522a453cc4a32bc3d29579d15156f625d239ce66c5b
-Size (zeek-4.0.0.tar.gz) = 29441929 bytes
-SHA1 (patch-CMakeLists.txt) = 57c7903177fed5f6d20d4ddfbbc17e062f7314a9
+BLAKE2s (zeek-4.0.4.tar.gz) = 1820666af6f43f6c3bb6d7513669410451f9f32f6fb9d8bb339c69e0f526c870
+SHA512 (zeek-4.0.4.tar.gz) = 5baed8a24d45896db44e09eda8b95c85364e96806d31d0317d0c88ae52be9b7e282a78feb9054c9a7627ac9dad156b159976467d1b665dd3a7b7921e91fc78b2
+Size (zeek-4.0.4.tar.gz) = 30981125 bytes
+SHA1 (patch-CMakeLists.txt) = e8cb31fb6e29285cec6a9ae74e81e9e8ef3fdf39
+SHA1 (patch-auxil_broker_CMakeLists.txt) = 5891d583346ce4258487f807a2899ded5a126df2
+SHA1 (patch-auxil_highwayhash_highwayhash_os__specific.cc) = 79599ccdf1aa373ed15fc452086c20412d6d46f6
+SHA1 (patch-auxil_zeek-archiver_zeek-archiver.cc) = cba258b276a6c70984b61d37e949b3c359307194
SHA1 (patch-auxil_zeekctl_CMakeLists.txt) = 2c900f6b6dbea0d8662e92fdb30463fcf82ebdec
+SHA1 (patch-src_CMakeLists.txt) = 0a4c4f95eeebd67e3cf75fcff230dcb34aad58ea
+SHA1 (patch-src_input_readers_sqlite_SQLite.h) = 78138183b06b05c0128a20f8f4b0d0d92d1a10b0
+SHA1 (patch-src_logging_writers_sqlite_SQLite.h) = 6fb73dde9b160e5979e27dd30d3d83e3a5d11283
+SHA1 (patch-src_packet__analysis_protocol_arp_ARP.h) = 6a1543d8b648958d955f71e403d322d8b9b50fe1
+SHA1 (patch-src_zeek-setup.cc) = aaf56756b1e13639592e0f95e6e14ecb5e0290e5
diff --git a/zeek/patches/patch-CMakeLists.txt b/zeek/patches/patch-CMakeLists.txt
index d36e42a04a..b1aa383666 100644
--- a/zeek/patches/patch-CMakeLists.txt
+++ b/zeek/patches/patch-CMakeLists.txt
@@ -1,10 +1,22 @@
$NetBSD$
+use pkgsrc sqlite3
+
Install configuration files under share/examples.
---- CMakeLists.txt.orig 2021-03-01 20:17:26.000000000 +0000
+--- CMakeLists.txt.orig 2021-09-22 16:48:14.000000000 +0000
+++ CMakeLists.txt
-@@ -556,7 +556,7 @@ if ( INSTALL_ZKG )
+@@ -253,6 +253,9 @@ FindRequiredPackage(PCAP)
+ FindRequiredPackage(OpenSSL)
+ FindRequiredPackage(BIND)
+ FindRequiredPackage(ZLIB)
++FindRequiredPackage(PkgConfig)
++
++pkg_check_modules(SQLITE3 REQUIRED IMPORTED_TARGET sqlite3)
+
+ # Installation directory for the distribution's Python modules. An
+ # override via configure's --python-dir wins, specifying a directory
+@@ -570,7 +573,7 @@ if ( INSTALL_ZKG )
install(DIRECTORY DESTINATION var/lib/zkg)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config
diff --git a/zeek/patches/patch-auxil_broker_CMakeLists.txt b/zeek/patches/patch-auxil_broker_CMakeLists.txt
new file mode 100644
index 0000000000..af34056129
--- /dev/null
+++ b/zeek/patches/patch-auxil_broker_CMakeLists.txt
@@ -0,0 +1,22 @@
+$NetBSD$
+
+Use pkgsrc sqlite3
+
+--- auxil/broker/CMakeLists.txt.orig 2021-09-22 16:48:27.000000000 +0000
++++ auxil/broker/CMakeLists.txt
+@@ -272,13 +272,13 @@ configure_file(${CMAKE_CURRENT_SOURCE_DI
+ ${CMAKE_CURRENT_BINARY_DIR}/include/broker/config.hh)
+ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/include/broker/config.hh DESTINATION include/broker)
+
+-if (NOT BROKER_EXTERNAL_SQLITE_TARGET)
++if (NOT TARGET PkgConfig::SQLITE3)
+ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty)
+ set_source_files_properties(3rdparty/sqlite3.c PROPERTIES COMPILE_FLAGS
+ -DSQLITE_OMIT_LOAD_EXTENSION)
+ list(APPEND OPTIONAL_SRC 3rdparty/sqlite3.c)
+ else()
+- list(APPEND LINK_LIBS ${BROKER_EXTERNAL_SQLITE_TARGET})
++ list(APPEND LINK_LIBS PkgConfig::SQLITE3)
+ endif()
+
+ set(BROKER_SRC
diff --git a/zeek/patches/patch-auxil_highwayhash_highwayhash_os__specific.cc b/zeek/patches/patch-auxil_highwayhash_highwayhash_os__specific.cc
new file mode 100644
index 0000000000..10e25c28bf
--- /dev/null
+++ b/zeek/patches/patch-auxil_highwayhash_highwayhash_os__specific.cc
@@ -0,0 +1,42 @@
+$NetBSD$
+
+* quick fix, don't set or get affinity on unsupported platforms
+
+--- auxil/highwayhash/highwayhash/os_specific.cc.orig 2021-09-22 16:48:30.000000000 +0000
++++ auxil/highwayhash/highwayhash/os_specific.cc
+@@ -108,7 +108,7 @@ void RaiseThreadPriority() {
+ // lead to 2-3x runtime and higher variability!
+ #elif OS_FREEBSD || OS_MAC
+ #else
+-#error "port"
++
+ #endif
+ }
+
+@@ -177,7 +177,7 @@ void SetThreadAffinity(ThreadAffinity* a
+ const int err = mac_setaffinity(&affinity->set);
+ CHECK(err == 0);
+ #else
+-#error "port"
++
+ #endif
+ }
+
+@@ -210,7 +210,7 @@ std::vector<int> AvailableCPUs() {
+ }
+ }
+ #else
+-#error "port"
++
+ #endif
+ return cpus;
+ }
+@@ -229,7 +229,7 @@ void PinThreadToCPU(const int cpu) {
+ CPU_ZERO(&affinity.set);
+ CPU_SET(cpu, &affinity.set);
+ #else
+-#error "port"
++
+ #endif
+ SetThreadAffinity(&affinity);
+ }
diff --git a/zeek/patches/patch-auxil_zeek-archiver_zeek-archiver.cc b/zeek/patches/patch-auxil_zeek-archiver_zeek-archiver.cc
new file mode 100644
index 0000000000..dc51e63015
--- /dev/null
+++ b/zeek/patches/patch-auxil_zeek-archiver_zeek-archiver.cc
@@ -0,0 +1,13 @@
+$NetBSD$
+
+Fix build on NetBSD, ::snprintf is not visible when _XOPEN_SOURCE is set
+
+--- auxil/zeek-archiver/zeek-archiver.cc.orig 2021-03-01 20:17:26.000000000 +0000
++++ auxil/zeek-archiver/zeek-archiver.cc
+@@ -1,4 +1,6 @@
++#ifndef __NetBSD__
+ #define _XOPEN_SOURCE
++#endif
+ #include <time.h>
+
+ #include <sys/time.h>
diff --git a/zeek/patches/patch-src_CMakeLists.txt b/zeek/patches/patch-src_CMakeLists.txt
new file mode 100644
index 0000000000..adfade90b9
--- /dev/null
+++ b/zeek/patches/patch-src_CMakeLists.txt
@@ -0,0 +1,45 @@
+$NetBSD$
+
+Use pkgsrc sqlite3
+
+--- src/CMakeLists.txt.orig 2021-09-22 16:48:14.000000000 +0000
++++ src/CMakeLists.txt
+@@ -398,10 +398,6 @@ set(MAIN_SRCS
+ digest.h
+ )
+
+-set(THIRD_PARTY_SRCS
+- 3rdparty/sqlite3.c
+-)
+-
+ # Highwayhash. Highwayhash is a bit special since it has architecture dependent code...
+
+ set(HH_SRCS
+@@ -468,7 +464,6 @@ set(zeek_SRCS
+ ${FLEX_Scanner_INPUT}
+ ${BISON_Parser_INPUT}
+ ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
+- ${THIRD_PARTY_SRCS}
+ ${HH_SRCS}
+ ${MAIN_SRCS}
+ )
+@@ -483,7 +478,7 @@ add_executable(zeek main.cc
+ ${bro_SUBDIR_LIBS}
+ ${bro_PLUGIN_LIBS}
+ )
+-target_link_libraries(zeek ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS})
++target_link_libraries(zeek ${zeekdeps} ${CMAKE_THREAD_LIBS_INIT} ${CMAKE_DL_LIBS} PkgConfig::SQLITE3)
+ # Export symbols from zeek executable for use by plugins
+ set_target_properties(zeek PROPERTIES ENABLE_EXPORTS TRUE)
+
+@@ -568,10 +563,6 @@ install(DIRECTORY ${CMAKE_CURRENT_BINARY
+ PATTERN "CMakeFiles" EXCLUDE
+ )
+
+-install(FILES
+- ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sqlite3.h
+- DESTINATION include/zeek/3rdparty
+-)
+
+ ########################################################################
+ ## Clang-tidy target now that we have all of the sources
diff --git a/zeek/patches/patch-src_input_readers_sqlite_SQLite.h b/zeek/patches/patch-src_input_readers_sqlite_SQLite.h
new file mode 100644
index 0000000000..0c561f89b6
--- /dev/null
+++ b/zeek/patches/patch-src_input_readers_sqlite_SQLite.h
@@ -0,0 +1,15 @@
+$NetBSD$
+
+Use pkgsrc sqlite3
+
+--- src/input/readers/sqlite/SQLite.h.orig 2021-09-22 16:48:15.000000000 +0000
++++ src/input/readers/sqlite/SQLite.h
+@@ -6,7 +6,7 @@
+
+ #include <iostream>
+ #include <vector>
+-#include "zeek/3rdparty/sqlite3.h"
++#include <sqlite3.h>
+
+ #include "zeek/input/ReaderBackend.h"
+ #include "zeek/threading/formatters/Ascii.h"
diff --git a/zeek/patches/patch-src_logging_writers_sqlite_SQLite.h b/zeek/patches/patch-src_logging_writers_sqlite_SQLite.h
new file mode 100644
index 0000000000..70548d3788
--- /dev/null
+++ b/zeek/patches/patch-src_logging_writers_sqlite_SQLite.h
@@ -0,0 +1,15 @@
+$NetBSD$
+
+Use pkgsrc sqlite3
+
+--- src/logging/writers/sqlite/SQLite.h.orig 2021-09-22 16:48:15.000000000 +0000
++++ src/logging/writers/sqlite/SQLite.h
+@@ -8,7 +8,7 @@
+
+ #include "zeek/logging/WriterBackend.h"
+ #include "zeek/threading/formatters/Ascii.h"
+-#include "zeek/3rdparty/sqlite3.h"
++#include <sqlite3.h>
+ #include "zeek/Desc.h"
+
+ namespace zeek::logging::writer::detail {
diff --git a/zeek/patches/patch-src_packet__analysis_protocol_arp_ARP.h b/zeek/patches/patch-src_packet__analysis_protocol_arp_ARP.h
new file mode 100644
index 0000000000..1816e076f1
--- /dev/null
+++ b/zeek/patches/patch-src_packet__analysis_protocol_arp_ARP.h
@@ -0,0 +1,14 @@
+$NetBSD$
+
+Fix build on NetBSD, net/if_arp.h uses NULL but does not have includes for it
+
+--- src/packet_analysis/protocol/arp/ARP.h.orig 2021-09-22 16:48:15.000000000 +0000
++++ src/packet_analysis/protocol/arp/ARP.h
+@@ -4,6 +4,7 @@
+
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#include <stddef.h>
+ #include <net/if_arp.h>
+
+ #include "zeek/packet_analysis/Analyzer.h"
diff --git a/zeek/patches/patch-src_zeek-setup.cc b/zeek/patches/patch-src_zeek-setup.cc
new file mode 100644
index 0000000000..cab85fffff
--- /dev/null
+++ b/zeek/patches/patch-src_zeek-setup.cc
@@ -0,0 +1,15 @@
+$NetBSD$
+
+Use pkgsrc sqlite3
+
+--- src/zeek-setup.cc.orig 2021-09-22 16:48:15.000000000 +0000
++++ src/zeek-setup.cc
+@@ -15,7 +15,7 @@
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+
+-#include "zeek/3rdparty/sqlite3.h"
++#include <sqlite3.h>
+
+ #define DOCTEST_CONFIG_IMPLEMENT
+ #include "zeek/3rdparty/doctest.h"
Home |
Main Index |
Thread Index |
Old Index