From nobody Tue Oct 29 17:54:19 2024
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XdHvJ0Cm5z5bkMv;
	Tue, 29 Oct 2024 17:54:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XdHvH6L4Wz4v9C;
	Tue, 29 Oct 2024 17:54:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1730224459;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=+Xko2LmMxkndd5XuxTdR8nLvCD2QfgG+C5zMJdE13o0=;
	b=ZD8ln9a+inC+bdhOZhXm/MIO4gJR2NROemS2G2LtHW5+3t4bn/i+IMGhRRJoQyyrt2ctk2
	zoFz6xbfAqwAC2Co0fiNdN9wHBuVyjMiFMkX4CHjMcu8QgvNAMmJOZGIepAXgo8yixoj2A
	EVK65tgkmJFNkwGOtvu0ydgt3ianxPsswA46VJZ8h2QPTUcYj80DaYqkO2DeaH5BiUYCZL
	4Q/YyBOSNhQUnJyrV+kHLpMlNid6f8Tbcm0R9bLp3YAaExeEuDvkcHrH/DWhU4dYgfSOEo
	AYRwj4WIk/rV50gTIcBRBOEELTy7Bw7dUKTM8wxs8HtkD/M6Fo6YiLSoFFvItg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1730224459;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=+Xko2LmMxkndd5XuxTdR8nLvCD2QfgG+C5zMJdE13o0=;
	b=pF2KKTrgutbgiMH75l/kgBnCkCqho6NRDeQ1fEkWbkxWA63i7++3F0QHo5JlbZpjCdstF6
	3z+vFmJcpNOv0Be454j8vVMrP+nfckPCjpCyQjy0cyJNxK/NoHvs3Z2UKUuytIij+rvrpV
	u764NjwBzIdHK0ZmRfQ5Z8sMI/WBCxr9MzLIE92a46kH/0Ub4SUEcYVa6CKHVuzDExwUde
	qrri/m8sMEXRxOR4LV1cGBOP/AocMZIcvmvx5GDdQy6VPRxChIwW1gngM6xpOOl03kWhxg
	uz68Ee30CAacAvVn85Qqu6xBuw5JOdAY4bZ5+4iBYqPTj2k/hI00mswURJ+25A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730224459; a=rsa-sha256; cv=none;
	b=CKXcBOgWeE8+pEK0vAwyxA5I4xRwNhJrt4dJvQONgvZcQHvDzZxjIUvuQzEZxge2Nen9Ww
	YXecVX7OIFBNjncQVjRf8gQ4PDhBlF0XN4XwQ4FwHvbWReiRiglhKm6DTrw1aJdo17b4HK
	xmMpD83jcKM6FzHdxr4ouIToMNynvcM/cS2tGuMS7sk74TZUmwE2MS6UhJUewlvw8Q2MGU
	nSX1zmpdb9DAvzTApkPt+DbgN8CNDKKlWP4UHYbAI37pm95hAEjqWvOhTcAdx877l6msSc
	PTjA+KIF6BBLMApbec0c9ZuuRbgFf6/U2XKAXMwQyrLUE+Q5nR5R20IPE4uXeQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XdHvH5wFbzYsY;
	Tue, 29 Oct 2024 17:54:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49THsJHI022806;
	Tue, 29 Oct 2024 17:54:19 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49THsJM8022803;
	Tue, 29 Oct 2024 17:54:19 GMT
	(envelope-from git)
Date: Tue, 29 Oct 2024 17:54:19 GMT
Message-Id: <202410291754.49THsJM8022803@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Craig Leres <leres@FreeBSD.org>
Subject: git: bf3c4a775bda - main - security/zeek: Fix build with
  clang 19
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: leres
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: bf3c4a775bda4953b48221234a6e7047cc94b554
Auto-Submitted: auto-generated

The branch main has been updated by leres:

URL: https://cgit.FreeBSD.org/ports/commit/?id=bf3c4a775bda4953b48221234a6e7047cc94b554

commit bf3c4a775bda4953b48221234a6e7047cc94b554
Author:     Craig Leres <leres@FreeBSD.org>
AuthorDate: 2024-10-29 17:53:56 +0000
Commit:     Craig Leres <leres@FreeBSD.org>
CommitDate: 2024-10-29 17:53:56 +0000

    security/zeek: Fix build with clang 19
    
        https://github.com/zeek/zeek/issues/3994
        https://github.com/zeek/zeek/pull/3997
    
        Clang 19 with libc++ started failing to compile because the
        default implementation of std::char_traits was removed, making
        uses of std::char_traits<unsigned char> invalid (by consequence,
        also std::basic_string<unsigned char>).
---
 security/zeek/Makefile                             |  1 +
 security/zeek/files/patch-src_DFA.cc               | 32 +++++++++
 security/zeek/files/patch-src_DFA.h                | 29 ++++++++
 .../files/patch-src_analyzer_protocol_ssl_SSL.cc   | 83 ++++++++++++++++++++++
 4 files changed, 145 insertions(+)

diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index 927e5cb64d40..7a33bf518fa0 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	zeek
 DISTVERSION=	7.0.3
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	https://download.zeek.org/
 
diff --git a/security/zeek/files/patch-src_DFA.cc b/security/zeek/files/patch-src_DFA.cc
new file mode 100644
index 000000000000..e02f84c79790
--- /dev/null
+++ b/security/zeek/files/patch-src_DFA.cc
@@ -0,0 +1,32 @@
+--- src/DFA.cc.orig	2024-10-04 22:44:09 UTC
++++ src/DFA.cc
+@@ -2,8 +2,6 @@
+ 
+ #include "zeek/DFA.h"
+ 
+-#include "zeek/zeek-config.h"
+-
+ #include "zeek/Desc.h"
+ #include "zeek/EquivClass.h"
+ #include "zeek/Hash.h"
+@@ -265,9 +263,9 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_lis
+ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest) {
+     // We assume that state ID's don't exceed 10 digits, plus
+     // we allow one more character for the delimiter.
+-    auto id_tag_buf = std::make_unique<u_char[]>(nfas.length() * 11 + 1);
++    auto id_tag_buf = std::make_unique<char[]>(nfas.length() * 11 + 1);
+     auto id_tag = id_tag_buf.get();
+-    u_char* p = id_tag;
++    char* p = id_tag;
+ 
+     for ( int i = 0; i < nfas.length(); ++i ) {
+         NFA_State* n = nfas[i];
+@@ -287,7 +285,7 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_lis
+     // HashKey because the data is copied into the key.
+     hash128_t hash;
+     KeyedHash::Hash128(id_tag, p - id_tag, &hash);
+-    *digest = DigestStr(reinterpret_cast<const unsigned char*>(hash), 16);
++    *digest = DigestStr(reinterpret_cast<const char*>(hash), 16);
+ 
+     auto entry = states.find(*digest);
+     if ( entry == states.end() ) {
diff --git a/security/zeek/files/patch-src_DFA.h b/security/zeek/files/patch-src_DFA.h
new file mode 100644
index 000000000000..54ee7706a457
--- /dev/null
+++ b/security/zeek/files/patch-src_DFA.h
@@ -0,0 +1,29 @@
+--- src/DFA.h.orig	2024-10-04 22:44:09 UTC
++++ src/DFA.h
+@@ -2,7 +2,7 @@
+ 
+ #pragma once
+ 
+-#include <sys/types.h> // for u_char
++#include <sys/types.h>
+ #include <cassert>
+ #include <map>
+ #include <string>
+@@ -18,7 +18,7 @@ class DFA_Machine;
+ 
+ // Transitions to the uncomputed state indicate that we haven't yet
+ // computed the state to go to.
+-#define DFA_UNCOMPUTED_STATE -2
++#define DFA_UNCOMPUTED_STATE (-2)
+ #define DFA_UNCOMPUTED_STATE_PTR ((DFA_State*)DFA_UNCOMPUTED_STATE)
+ 
+ class DFA_State : public Obj {
+@@ -67,7 +67,7 @@ class DFA_State : public Obj { (protected)
+     DFA_State* mark;
+ };
+ 
+-using DigestStr = std::basic_string<u_char>;
++using DigestStr = std::string;
+ 
+ struct DFA_State_Cache_Stats {
+     // Sum of all NFA states
diff --git a/security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc b/security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc
new file mode 100644
index 000000000000..c451c310b38d
--- /dev/null
+++ b/security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc
@@ -0,0 +1,83 @@
+--- src/analyzer/protocol/ssl/SSL.cc.orig	2024-10-04 22:44:09 UTC
++++ src/analyzer/protocol/ssl/SSL.cc
+@@ -5,7 +5,6 @@
+ #include <openssl/opensslv.h>
+ 
+ #include "zeek/Reporter.h"
+-#include "zeek/analyzer/Manager.h"
+ #include "zeek/analyzer/protocol/ssl/events.bif.h"
+ #include "zeek/analyzer/protocol/ssl/ssl_pac.h"
+ #include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h"
+@@ -32,11 +31,11 @@ static inline T LSB(const T a) {
+     return (a & 0xff);
+ }
+ 
+-static std::basic_string<unsigned char> fmt_seq(uint32_t num) {
+-    std::basic_string<unsigned char> out(4, '\0');
++static std::string fmt_seq(uint32_t num) {
++    std::string out(4, '\0');
+     out.reserve(13);
+     uint32_t netnum = htonl(num);
+-    out.append(reinterpret_cast<u_char*>(&netnum), 4);
++    out.append(reinterpret_cast<char*>(&netnum), 4);
+     out.append(5, '\0');
+     return out;
+ }
+@@ -266,13 +265,13 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, 
+         // server write_key
+         const u_char* s_wk = keys.data() + 32;
+         // client IV
+-        const u_char* c_iv = keys.data() + 64;
++        const char* c_iv = reinterpret_cast<const char*>(keys.data()) + 64;
+         // server IV
+-        const u_char* s_iv = keys.data() + 68;
++        const char* s_iv = reinterpret_cast<const char*>(keys.data()) + 68;
+ 
+         // FIXME: should we change types here?
+-        u_char* encrypted = (u_char*)data;
+-        size_t encrypted_len = len;
++        char* encrypted = (char*)data;
++        int encrypted_len = len;
+ 
+         if ( is_orig )
+             c_seq++;
+@@ -280,7 +279,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, 
+             s_seq++;
+ 
+         // AEAD nonce, length 12
+-        std::basic_string<unsigned char> s_aead_nonce;
++        std::string s_aead_nonce;
+         if ( is_orig )
+             s_aead_nonce.assign(c_iv, 4);
+         else
+@@ -306,14 +305,14 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, 
+ 
+         // FIXME: aes_256_gcm should not be hardcoded here ;)
+         if ( is_orig )
+-            EVP_DecryptInit(ctx, EVP_aes_256_gcm(), c_wk, s_aead_nonce.data());
++            EVP_DecryptInit(ctx, EVP_aes_256_gcm(), c_wk, reinterpret_cast<const u_char*>(s_aead_nonce.data()));
+         else
+-            EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, s_aead_nonce.data());
++            EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, reinterpret_cast<const u_char*>(s_aead_nonce.data()));
+ 
+         EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, encrypted + encrypted_len);
+ 
+         // AEAD tag
+-        std::basic_string<unsigned char> s_aead_tag;
++        std::string s_aead_tag;
+         if ( is_orig )
+             s_aead_tag = fmt_seq(c_seq);
+         else
+@@ -330,8 +329,10 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, 
+                                              16); // see OpenSSL manpage - 16 is the block size for the supported cipher
+         int decrypted_len = 0;
+ 
+-        EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size());
+-        EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, (const u_char*)encrypted, encrypted_len);
++        EVP_DecryptUpdate(ctx, NULL, &decrypted_len, reinterpret_cast<const u_char*>(s_aead_tag.data()),
++                          s_aead_tag.size());
++        EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, reinterpret_cast<const u_char*>(encrypted),
++                          encrypted_len);
+         assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size());
+         decrypted.resize(decrypted_len);
+