git: bf3c4a775bda - main - security/zeek: Fix build with clang 19
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 29 Oct 2024 17:54:19 UTC
The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=bf3c4a775bda4953b48221234a6e7047cc94b554 commit bf3c4a775bda4953b48221234a6e7047cc94b554 Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2024-10-29 17:53:56 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2024-10-29 17:53:56 +0000 security/zeek: Fix build with clang 19 https://github.com/zeek/zeek/issues/3994 https://github.com/zeek/zeek/pull/3997 Clang 19 with libc++ started failing to compile because the default implementation of std::char_traits was removed, making uses of std::char_traits<unsigned char> invalid (by consequence, also std::basic_string<unsigned char>). --- security/zeek/Makefile | 1 + security/zeek/files/patch-src_DFA.cc | 32 +++++++++ security/zeek/files/patch-src_DFA.h | 29 ++++++++ .../files/patch-src_analyzer_protocol_ssl_SSL.cc | 83 ++++++++++++++++++++++ 4 files changed, 145 insertions(+) diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 927e5cb64d40..7a33bf518fa0 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,5 +1,6 @@ PORTNAME= zeek DISTVERSION= 7.0.3 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ diff --git a/security/zeek/files/patch-src_DFA.cc b/security/zeek/files/patch-src_DFA.cc new file mode 100644 index 000000000000..e02f84c79790 --- /dev/null +++ b/security/zeek/files/patch-src_DFA.cc @@ -0,0 +1,32 @@ +--- src/DFA.cc.orig 2024-10-04 22:44:09 UTC ++++ src/DFA.cc +@@ -2,8 +2,6 @@ + + #include "zeek/DFA.h" + +-#include "zeek/zeek-config.h" +- + #include "zeek/Desc.h" + #include "zeek/EquivClass.h" + #include "zeek/Hash.h" +@@ -265,9 +263,9 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_lis + DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest) { + // We assume that state ID's don't exceed 10 digits, plus + // we allow one more character for the delimiter. +- auto id_tag_buf = std::make_unique<u_char[]>(nfas.length() * 11 + 1); ++ auto id_tag_buf = std::make_unique<char[]>(nfas.length() * 11 + 1); + auto id_tag = id_tag_buf.get(); +- u_char* p = id_tag; ++ char* p = id_tag; + + for ( int i = 0; i < nfas.length(); ++i ) { + NFA_State* n = nfas[i]; +@@ -287,7 +285,7 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_lis + // HashKey because the data is copied into the key. + hash128_t hash; + KeyedHash::Hash128(id_tag, p - id_tag, &hash); +- *digest = DigestStr(reinterpret_cast<const unsigned char*>(hash), 16); ++ *digest = DigestStr(reinterpret_cast<const char*>(hash), 16); + + auto entry = states.find(*digest); + if ( entry == states.end() ) { diff --git a/security/zeek/files/patch-src_DFA.h b/security/zeek/files/patch-src_DFA.h new file mode 100644 index 000000000000..54ee7706a457 --- /dev/null +++ b/security/zeek/files/patch-src_DFA.h @@ -0,0 +1,29 @@ +--- src/DFA.h.orig 2024-10-04 22:44:09 UTC ++++ src/DFA.h +@@ -2,7 +2,7 @@ + + #pragma once + +-#include <sys/types.h> // for u_char ++#include <sys/types.h> + #include <cassert> + #include <map> + #include <string> +@@ -18,7 +18,7 @@ class DFA_Machine; + + // Transitions to the uncomputed state indicate that we haven't yet + // computed the state to go to. +-#define DFA_UNCOMPUTED_STATE -2 ++#define DFA_UNCOMPUTED_STATE (-2) + #define DFA_UNCOMPUTED_STATE_PTR ((DFA_State*)DFA_UNCOMPUTED_STATE) + + class DFA_State : public Obj { +@@ -67,7 +67,7 @@ class DFA_State : public Obj { (protected) + DFA_State* mark; + }; + +-using DigestStr = std::basic_string<u_char>; ++using DigestStr = std::string; + + struct DFA_State_Cache_Stats { + // Sum of all NFA states diff --git a/security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc b/security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc new file mode 100644 index 000000000000..c451c310b38d --- /dev/null +++ b/security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc @@ -0,0 +1,83 @@ +--- src/analyzer/protocol/ssl/SSL.cc.orig 2024-10-04 22:44:09 UTC ++++ src/analyzer/protocol/ssl/SSL.cc +@@ -5,7 +5,6 @@ + #include <openssl/opensslv.h> + + #include "zeek/Reporter.h" +-#include "zeek/analyzer/Manager.h" + #include "zeek/analyzer/protocol/ssl/events.bif.h" + #include "zeek/analyzer/protocol/ssl/ssl_pac.h" + #include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h" +@@ -32,11 +31,11 @@ static inline T LSB(const T a) { + return (a & 0xff); + } + +-static std::basic_string<unsigned char> fmt_seq(uint32_t num) { +- std::basic_string<unsigned char> out(4, '\0'); ++static std::string fmt_seq(uint32_t num) { ++ std::string out(4, '\0'); + out.reserve(13); + uint32_t netnum = htonl(num); +- out.append(reinterpret_cast<u_char*>(&netnum), 4); ++ out.append(reinterpret_cast<char*>(&netnum), 4); + out.append(5, '\0'); + return out; + } +@@ -266,13 +265,13 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, + // server write_key + const u_char* s_wk = keys.data() + 32; + // client IV +- const u_char* c_iv = keys.data() + 64; ++ const char* c_iv = reinterpret_cast<const char*>(keys.data()) + 64; + // server IV +- const u_char* s_iv = keys.data() + 68; ++ const char* s_iv = reinterpret_cast<const char*>(keys.data()) + 68; + + // FIXME: should we change types here? +- u_char* encrypted = (u_char*)data; +- size_t encrypted_len = len; ++ char* encrypted = (char*)data; ++ int encrypted_len = len; + + if ( is_orig ) + c_seq++; +@@ -280,7 +279,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, + s_seq++; + + // AEAD nonce, length 12 +- std::basic_string<unsigned char> s_aead_nonce; ++ std::string s_aead_nonce; + if ( is_orig ) + s_aead_nonce.assign(c_iv, 4); + else +@@ -306,14 +305,14 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, + + // FIXME: aes_256_gcm should not be hardcoded here ;) + if ( is_orig ) +- EVP_DecryptInit(ctx, EVP_aes_256_gcm(), c_wk, s_aead_nonce.data()); ++ EVP_DecryptInit(ctx, EVP_aes_256_gcm(), c_wk, reinterpret_cast<const u_char*>(s_aead_nonce.data())); + else +- EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, s_aead_nonce.data()); ++ EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, reinterpret_cast<const u_char*>(s_aead_nonce.data())); + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, encrypted + encrypted_len); + + // AEAD tag +- std::basic_string<unsigned char> s_aead_tag; ++ std::string s_aead_tag; + if ( is_orig ) + s_aead_tag = fmt_seq(c_seq); + else +@@ -330,8 +329,10 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, + 16); // see OpenSSL manpage - 16 is the block size for the supported cipher + int decrypted_len = 0; + +- EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size()); +- EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, (const u_char*)encrypted, encrypted_len); ++ EVP_DecryptUpdate(ctx, NULL, &decrypted_len, reinterpret_cast<const u_char*>(s_aead_tag.data()), ++ s_aead_tag.size()); ++ EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, reinterpret_cast<const u_char*>(encrypted), ++ encrypted_len); + assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size()); + decrypted.resize(decrypted_len); +