pfsense · bmeeks8 · Jan 2, 2019 · Jan 7, 2019 · Jan 7, 2019
diff --git a/security/suricata/Makefile b/security/suricata/Makefile
@@ -1,8 +1,8 @@
 # Created by: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
-# $FreeBSD$
+# $FreeBSD: head/security/suricata/Makefile 488865 2019-01-01 11:17:53Z joneum $
 
 PORTNAME=	suricata
-DISTVERSION=	4.0.6
+DISTVERSION=	4.1.2
 CATEGORIES=	security
 MASTER_SITES=	https://www.openinfosecfoundation.org/download/
 
@@ -14,9 +14,13 @@ LICENSE_FILE=	${WRKSRC}/LICENSE
 
 LIB_DEPENDS=	libpcre.so:devel/pcre \
 		libnet.so:net/libnet \
+		liblz4.so:archivers/liblz4 \
 		libyaml.so:textproc/libyaml
 
-USES=		autoreconf cpe gmake libtool pathfix pkgconfig
+USES=		autoreconf cpe gmake iconv:translit libtool pathfix pkgconfig
+
+CONFLICTS_INSTALL=libhtp
+
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	${PORTNAME}
 
@@ -27,10 +31,10 @@ CPE_VENDOR=	openinfosecfoundation
 INSTALL_TARGET=		install-strip
 TEST_TARGET=		check
 
-OPTIONS_DEFINE=		GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \
-			REDIS SC TESTS
+OPTIONS_DEFINE=		GEOIP IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \
+			PYTHON REDIS RUST TESTS
 OPTIONS_DEFINE_amd64=	HYPERSCAN
-OPTIONS_DEFAULT=	IPFW JSON NETMAP PRELUDE
+OPTIONS_DEFAULT=	IPFW JSON NETMAP PYTHON RUST
 OPTIONS_SUB=		yes
 
 OPTIONS_RADIO=		SCRIPTS
@@ -40,29 +44,22 @@ SCRIPTS_DESC=		Scripting
 
 GEOIP_DESC=		GeoIP support
 HYPERSCAN_DESC=		Hyperscan support
-HTP_PORT_DESC=		Use libhtp from ports
 IPFW_DESC=		IPFW and IP Divert support for inline IDP
 JSON_DESC=		JSON output support
-LUA_DESC=		LUA scripting support
 LUAJIT_DESC=		LuaJIT scripting support
+LUA_DESC=		LUA scripting support
 NETMAP_DESC=		Netmap support for inline IDP
 NSS_DESC=		File checksums and SSL/TLS fingerprinting
 PORTS_PCAP_DESC=	Use libpcap from ports
 PRELUDE_DESC=		Prelude support for NIDS alerts
+PYTHON_DESC=		Python-based update and control utilities
 REDIS_DESC=		Redis output support
-SC_DESC=		Suricata socket client (suricatasc)
+RUST_DESC=		Rust parser support
 TESTS_DESC=		Unit tests in suricata binary
 
-GEOIP_LIB_DEPENDS=		libGeoIP.so:net/GeoIP
+GEOIP_LIB_DEPENDS=		libmaxminddb.so:net/libmaxminddb
 GEOIP_CONFIGURE_ON=		--enable-geoip
 
-HTP_PORT_BUILD_DEPENDS=		libhtp>=0.5.27:devel/libhtp
-HTP_PORT_LIB_DEPENDS=		libhtp.so:devel/libhtp
-HTP_PORT_CONFIGURE_ON=		--enable-non-bundled-htp
-HTP_PORT_CONFIGURE_OFF=		--enable-bundled-htp
-HTP_PORT_CONFLICTS_INSTALL_OFF=	libhtp
-HTP_PORT_USES_OFF=		iconv:translit
-
 HYPERSCAN_LIB_DEPENDS=		libhs.so:devel/hyperscan
 HYPERSCAN_CONFIGURE_ON=		--with-libhs-includes=${LOCALBASE}/include \
 				--with-libhs-libraries=${LOCALBASE}/lib
@@ -78,7 +75,7 @@ LUA_CONFIGURE_ON=		--enable-lua \
 				--with-liblua-includes=${LUA_INCDIR} \
 				--with-liblua-libraries=${LUA_LIBDIR}
 
-LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit21
+LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit
 LUAJIT_CONFIGURE_ON=		--enable-luajit
 
 NSS_LIB_DEPENDS=		libnss3.so:security/nss \
@@ -105,19 +102,25 @@ PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude \
 PRELUDE_CONFIGURE_ENABLE=	prelude
 PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
 
+PYTHON_USES=			python:2.7
+PYTHON_CONFIGURE_ENABLE=	python
+PYTHON_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
+PYTHON_BUILD_DEPENDS=		${PYTHON_RUN_DEPENDS}
+
 REDIS_LIB_DEPENDS=		libhiredis.so:databases/hiredis
 REDIS_CONFIGURE_ON=		--enable-hiredis \
 				--with-libhiredis-includes=${LOCALBASE}/include \
 				--with-libhiredis-libraries=${LOCALBASE}/lib
 
-SC_USES=			python:2.7
-SC_CONFIGURE_ENABLE=		python
+RUST_BUILD_DEPENDS=		rustc:lang/rust
+RUST_CONFIGURE_ENABLE=		rust
 
 TESTS_CONFIGURE_ENABLE=		unittests
 
 SUB_FILES=	pkg-message
 
 CONFIGURE_ARGS+=--enable-gccprotect \
+		--enable-bundled-htp \
 		--with-libpcre-includes=${LOCALBASE}/include \
 		--with-libpcre-libraries=${LOCALBASE}/lib \
 		--with-libyaml-includes=${LOCALBASE}/include \
@@ -130,27 +133,19 @@ CONFIGURE_ARGS+=--enable-gccprotect \
 
 CONFIG_DIR?=	${ETCDIR}
 CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
-RULES_DIR=	${CONFIG_DIR}/rules
-RULES_FILES=	app-layer-events.rules decoder-events.rules dns-events.rules files.rules \
-		http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \
-		tls-events.rules
 LOGS_DIR?=	/var/log/${PORTNAME}
 
 pre-patch:
 	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
 
 post-install:
 	@${MKDIR} ${STAGEDIR}${CONFIG_DIR}
-	@${MKDIR} ${STAGEDIR}${RULES_DIR}
 	@${MKDIR} ${STAGEDIR}${LOGS_DIR}
 .for f in ${CONFIG_FILES}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
 .endfor
-.for f in ${RULES_FILES}
-	${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f}
-.endfor
 
-post-install-SC-on:
+post-install-PYTHON-on:
 	(cd ${STAGEDIR}${PREFIX} \
 	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
 	-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})

diff --git a/security/suricata/distinfo b/security/suricata/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1541507025
-SHA256 (suricata-4.0.6.tar.gz) = cbab847b33fc625b7a92241fdce2e1ca47b8bb415c9114de70819394229679a4
-SIZE (suricata-4.0.6.tar.gz) = 12575428
+TIMESTAMP = 1545441125
+SHA256 (suricata-4.1.2.tar.gz) = 73575b041a50cc48a2a53f6503ab4d355166d7acbd4997cd04045f848f8bea96
+SIZE (suricata-4.1.2.tar.gz) = 15602689
diff --git a/security/suricata/files/patch-alert-pf.diff b/security/suricata/files/patch-alert-pf.diff
@@ -1,17 +1,17 @@
-diff -ruN ./suricata-4.0.6.orig/src/Makefile.am ./suricata-4.0.6/src/Makefile.am
---- ./suricata-4.0.6.orig/src/Makefile.am	2018-11-06 04:01:46.000000000 -0500
-+++ ./src/Makefile.am	2018-11-12 21:32:50.000000000 -0500
-@@ -9,6 +9,7 @@
+diff -ruN ./suricata-4.1.2.orig/src/Makefile.am ./suricata-4.1.2/src/Makefile.am
+--- ./suricata-4.1.2.orig/src/Makefile.am	2018-12-21 09:43:33.000000000 -0500
++++ ./src//Makefile.am	2019-01-02 16:20:51.000000000 -0500
+@@ -10,6 +10,7 @@
  suricata_SOURCES = \
  alert-debuglog.c alert-debuglog.h \
  alert-fastlog.c alert-fastlog.h \
 +alert-pf.c alert-pf.h \
  alert-prelude.c alert-prelude.h \
  alert-syslog.c alert-syslog.h \
  alert-unified2-alert.c alert-unified2-alert.h \
-diff -ruN ./suricata-4.0.6.orig/src/Makefile.in ./suricata-4.0.6/src/Makefile.in
---- ./suricata-4.0.6.orig/src/Makefile.in	2018-11-06 04:02:00.000000000 -0500
-+++ ./src/Makefile.in	2018-11-12 21:37:04.000000000 -0500
+diff -ruN ./suricata-4.1.2.orig/src/Makefile.in ./suricata-4.1.2/src/Makefile.in
+--- ./suricata-4.1.2.orig/src/Makefile.in	2018-12-21 09:43:49.000000000 -0500
++++ ./src//Makefile.in	2019-01-02 16:21:55.000000000 -0500
 @@ -112,7 +112,7 @@
  am__installdirs = "$(DESTDIR)$(bindir)"
  PROGRAMS = $(bin_PROGRAMS)
@@ -21,19 +21,11 @@ diff -ruN ./suricata-4.0.6.orig/src/Makefile.in ./suricata-4.0.6/src/Makefile.in
  	alert-unified2-alert.$(OBJEXT) app-layer.$(OBJEXT) \
  	app-layer-dcerpc.$(OBJEXT) app-layer-dcerpc-udp.$(OBJEXT) \
  	app-layer-detect-proto.$(OBJEXT) app-layer-dnp3.$(OBJEXT) \
-@@ -628,6 +628,7 @@
- suricata_SOURCES = \
- alert-debuglog.c alert-debuglog.h \
- alert-fastlog.c alert-fastlog.h \
-+alert-pf.c alert-pf.h \
- alert-prelude.c alert-prelude.h \
- alert-syslog.c alert-syslog.h \
- alert-unified2-alert.c alert-unified2-alert.h \
-diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
---- ./suricata-4.0.6.orig/src/alert-pf.c	1969-12-31 19:00:00.000000000 -0500
-+++ ./src/alert-pf.c	2018-03-23 13:51:57.000000000 -0400
-@@ -0,0 +1,1074 @@
-+/* Copyright (C) 2007-2017 Open Information Security Foundation
+diff -ruN ./suricata-4.1.2.orig/src/alert-pf.c ./suricata-4.1.2/src/alert-pf.c
+--- ./suricata-4.1.2.orig/src/alert-pf.c	1969-12-31 19:00:00.000000000 -0500
++++ ./src//alert-pf.c	2018-12-18 21:07:46.000000000 -0500
+@@ -0,0 +1,1077 @@
++/* Copyright (C) 2007-2018 Open Information Security Foundation
 + *
 + * You can copy, redistribute or modify this Program under the terms of
 + * the GNU General Public License version 2 as published by the Free
@@ -455,13 +447,13 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
 +                    case AF_INET:
 +			PrintInet(AF_INET, (const void *)&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr, tmp, sizeof(tmp));
 +			SCLogInfo("alert-pf -> adding firewall interface %s IPv4 address %s to automatic interface IP Pass List.", ifa->ifa_name, tmp);
-+			SCRadixAddKeyIPV4(&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr, ctx->tree, 0);
++			SCRadixAddKeyIPV4((uint8_t *)(&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr), ctx->tree, 0);
 +			break;
 +
 +		    case AF_INET6:
 +			PrintInet(AF_INET6, (const void *)&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr.s6_addr, tmp, sizeof(tmp));
 +			SCLogInfo("alert-pf -> adding firewall interface %s IPv6 address %s to automatic interface IP Pass List.", ifa->ifa_name, tmp);
-+			SCRadixAddKeyIPV6(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr.s6_addr, ctx->tree, 0);
++			SCRadixAddKeyIPV6((uint8_t *)(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr.s6_addr), ctx->tree, 0);
 +			break;
 +
 +		    default:
@@ -739,9 +731,10 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
 + *  \param *conf pointer to module's ConfNode structure
 + * \return A newly allocated AlertPfCtx structure, or NULL
 + */
-+OutputCtx *AlertPfInitCtx(ConfNode *conf)
++OutputInitResult AlertPfInitCtx(ConfNode *conf)
 +{
 +    AlertPfCtx *ctx;
++    OutputInitResult result = { NULL, false };
 +    LogFileCtx *logfile_ctx;
 +    const char *pass_list_name;
 +    const char *kill_state;
@@ -783,14 +776,14 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
 +    if (logfile_ctx == NULL) {
 +        SCLogDebug("AlertPfInitCtx: Could not create new LogFileCtx");
 +        SCFree(ctx);
-+        return NULL;
++        return result;
 +    }
 +
 +    if (SCConfLogOpenGeneric(conf, logfile_ctx, DEFAULT_LOG_FILENAME, 0) < 0) {
 +        LogFileFreeCtx(logfile_ctx);
 +        SCLogDebug("AlertPfInitCtx: Could not create new LogFileCtx");
 +        SCFree(ctx);
-+        return NULL;
++        return result;
 +    }
 +
 +    ctx->file_ctx = logfile_ctx;
@@ -833,7 +826,7 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
 +        exit(EXIT_FAILURE);
 +    }
 +
-+    output_ctx = SCMalloc(sizeof(OutputCtx));
++    output_ctx = SCCalloc(1, sizeof(OutputCtx));
 +    if (unlikely(output_ctx == NULL)) {
 +        LogFileFreeCtx(logfile_ctx);
 +        SCFree(ctx);
@@ -868,7 +861,9 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
 +
 +    SCLogInfo("alert-pf output initialized, pf-table=%s  block-ip=%s  kill-state=%s  block-drops-only=%s", ctx->pftable, block, state, drops);
 +
-+    return output_ctx;
++    result.ctx = output_ctx;
++    result.ok = true;
++    return result;
 +}
 +
 +/** \brief This releases the memory used by the global
@@ -1107,9 +1102,9 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.c ./suricata-4.0.6/src/alert-pf.c
 +    return TM_ECODE_OK;
 +}
 +
-diff -ruN ./suricata-4.0.6.orig/src/alert-pf.h ./suricata-4.0.6/src/alert-pf.h
---- ./suricata-4.0.6.orig/src/alert-pf.h	1969-12-31 19:00:00.000000000 -0500
-+++ ./src/alert-pf.h	2018-03-23 14:28:57.000000000 -0400
+diff -ruN ./suricata-4.1.2.orig/src/alert-pf.h ./suricata-4.1.2/src/alert-pf.h
+--- ./suricata-4.1.2.orig/src/alert-pf.h	1969-12-31 19:00:00.000000000 -0500
++++ ./src//alert-pf.h	2018-12-18 20:22:46.000000000 -0500
 @@ -0,0 +1,59 @@
 +/* Copyright (C) 2007-2010 Open Information Security Foundation
 + *
@@ -1166,13 +1161,13 @@ diff -ruN ./suricata-4.0.6.orig/src/alert-pf.h ./suricata-4.0.6/src/alert-pf.h
 +}
 +
 +void AlertPfRegister (void);
-+OutputCtx *AlertPfInitCtx(ConfNode *);
++OutputInitResult AlertPfInitCtx(ConfNode *);
 +
 +#endif /* __ALERT_PF_H__ */
 +
-diff -ruN ./suricata-4.0.6.orig/src/output.c ./suricata-4.0.6/src/output.c
---- ./suricata-4.0.6.orig/src/output.c	2018-11-06 04:01:46.000000000 -0500
-+++ ./src/output.c	2018-11-12 21:39:15.000000000 -0500
+diff -ruN ./suricata-4.1.2.orig/src/output.c ./suricata-4.1.2/src/output.c
+--- ./suricata-4.1.2.orig/src/output.c	2018-12-21 09:43:34.000000000 -0500
++++ ./src//output.c	2019-01-02 16:24:38.000000000 -0500
 @@ -45,6 +45,7 @@
  #include "alert-debuglog.h"
  #include "alert-prelude.h"
@@ -1181,7 +1176,7 @@ diff -ruN ./suricata-4.0.6.orig/src/output.c ./suricata-4.0.6/src/output.c
  #include "output-json-alert.h"
  #include "output-json-flow.h"
  #include "output-json-netflow.h"
-@@ -1042,6 +1043,8 @@
+@@ -1049,6 +1050,8 @@
      AlertPreludeRegister();
      /* syslog log */
      AlertSyslogRegister();
@@ -1190,14 +1185,14 @@ diff -ruN ./suricata-4.0.6.orig/src/output.c ./suricata-4.0.6/src/output.c
      /* unified2 log */
      Unified2AlertRegister();
      /* drop log */
-diff -ruN ./suricata-4.0.6.orig/src/suricata-common.h ./suricata-4.0.6/src/suricata-common.h
---- ./suricata-4.0.6.orig/src/suricata-common.h	2018-11-06 04:01:46.000000000 -0500
-+++ ./src/suricata-common.h	2018-11-12 21:40:32.000000000 -0500
-@@ -418,6 +418,7 @@
+diff -ruN ./suricata-4.1.2.orig/src/suricata-common.h ./suricata-4.1.2/src/suricata-common.h
+--- ./suricata-4.1.2.orig/src/suricata-common.h	2018-12-21 09:43:34.000000000 -0500
++++ ./src//suricata-common.h	2019-01-02 16:25:44.000000000 -0500
+@@ -439,6 +439,7 @@
      LOGGER_JSON_STATS,
      LOGGER_PRELUDE,
      LOGGER_PCAP,
 +    LOGGER_ALERT_PF,
-     LOGGER_JSON_DNP3,
-     LOGGER_JSON_VARS,
+     LOGGER_JSON_METADATA,
      LOGGER_SIZE,
+ } LoggerId;