git: c2a4ab17ef5e - main - security/snort: Fixes for aarch64 and armv6/7
Dan Langille
dvl at FreeBSD.org
Tue Aug 10 19:54:09 UTC 2021
The branch main has been updated by dvl:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a
commit c2a4ab17ef5e44424f2b2e97e30a2fde437dcd8a
Author: Dan Langille <dvl at FreeBSD.org>
AuthorDate: 2021-08-10 19:49:49 +0000
Commit: Dan Langille <dvl at FreeBSD.org>
CommitDate: 2021-08-10 19:52:05 +0000
security/snort: Fixes for aarch64 and armv6/7
This patch does a few things:
1. Update depends to a newer version of net/daq, in the ports tree for a
long time already, but explicitly depend on it.
2. Split out corefiles separate from debug options
3. Switch from luajit to luajit-openresty so that snort can build on
aarch64
4. Fix crashing on armv7 due to misaligned memory access (from mjg@)
While here, in pkg-plist change deprecated @unexec to @postunexec
PR: 257747
Reported by: brd
---
security/snort/Makefile | 25 ++++++++++++++++++-------
security/snort/pkg-plist | 2 +-
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/security/snort/Makefile b/security/snort/Makefile
index 6e17d69d19c0..942d2680b20b 100644
--- a/security/snort/Makefile
+++ b/security/snort/Makefile
@@ -2,6 +2,7 @@
PORTNAME= snort
PORTVERSION= 2.9.18
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= https://snort.org/downloads/snort/ \
https://snort.org/downloads/archive/snort/
@@ -14,11 +15,11 @@ COMMENT= Lightweight network intrusion detection system
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/LICENSE
-BUILD_DEPENDS= daq>=2.0.0:net/daq
+BUILD_DEPENDS= daq>=2.2.2_3:net/daq
LIB_DEPENDS= libpcre.so:devel/pcre \
libdnet.so:net/libdnet \
libpcap.so:net/libpcap
-RUN_DEPENDS= daq>=2.0.0:net/daq
+RUN_DEPENDS= daq>=2.2.2_3:net/daq
USES= bison cpe libtool pathfix shebangfix ssl
USE_RC_SUBR= snort
@@ -41,7 +42,7 @@ OPTIONS_DEFINE= IPV6 GRE HA NORMALIZER DOCS APPID \
OPTIONS_GROUP= ADDONS DEV
OPTIONS_GROUP_ADDONS= BARNYARD PULLEDPORK
-OPTIONS_GROUP_DEV= DBGSNORT
+OPTIONS_GROUP_DEV= DBGSNORT COREDUMPS
OPTIONS_SUB= yes
OPTIONS_DEFAULT= GRE NORMALIZER BARNYARD \
PERFPROFILE SOURCEFIRE PULLEDPORK
@@ -60,9 +61,11 @@ ADDONS_DESC= Depend on 3rd party addons
BARNYARD_DESC= Depend on barnyard2 (supports also snortsam)
PULLEDPORK_DESC= Depend on pulledpork
DEV_DESC= Developer options
-DBGSNORT_DESC= Enable debugging symbols+core dumps
+DBGSNORT_DESC= Enable debugging symbols
+COREDUMPS_DESC= Enable core dumps
-DBGSNORT_CONFIGURE_ENABLE= corefiles debug
+COREDUMPS_CONFIGURE_ENABLE= corefiles
+DBGSNORT_CONFIGURE_ENABLE= debug
DBGSNORT_MAKE_ENV= DONTSTRIP="yes"
GRE_CONFIGURE_ENABLE= gre
LRGPCAP_CONFIGURE_ENABLE= large-pcap
@@ -76,10 +79,18 @@ FILEINSPECT_CONFIGURE_ENABLE= file-inspect
BARNYARD_RUN_DEPENDS= barnyard2:security/barnyard2
PULLEDPORK_RUN_DEPENDS= pulledpork.pl:security/pulledpork
-APPID_LIB_DEPENDS= libluajit-5.1.so:lang/luajit
-APPID_CONFIGURE_ENV+= luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.0" \
+APPID_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty
+APPID_CONFIGURE_ENV+= luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.1" \
luajit_LIBS="-L${LOCALBASE}/lib -lluajit-5.1"
+# Disable SIMD on 32-bit arm. Snort has numerous arbitrarily misaligned memory
+# accesses and some of them cause faults. The kludge below combined with
+# patch-configure seems to work around it well enough.
+#
+# Note the change is more aggressive than it possibly needs to be reduce surprises.
+CFLAGS_armv6= -mfpu=vfpv3
+CFLAGS_armv7= -mfpu=vfpv3
+
CONFIG_FILES= classification.config gen-msg.map reference.config \
snort.conf threshold.conf unicode.map file_magic.conf
diff --git a/security/snort/pkg-plist b/security/snort/pkg-plist
index a000dfcfcecf..b27c0008abae 100644
--- a/security/snort/pkg-plist
+++ b/security/snort/pkg-plist
@@ -320,7 +320,7 @@ src/snort_dynamicsrc/stream_api.h
src/snort_dynamicsrc/treenodes.h
src/snort_dynamicsrc/util_unfold.c
src/snort_dynamicsrc/util_unfold.h
- at unexec rmdir "/var/log/snort" >/dev/null 2>&1 || :
+ at postunexec rmdir "/var/log/snort" >/dev/null 2>&1 || :
@dir src/snort_dynamicsrc
@dir src
%%PORTDOCS%%@dir %%DOCSDIR%%
More information about the dev-commits-ports-all
mailing list