cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0d25d9117f
freebsd-ports/security/zeek/Makefile
Craig Leres a940eea46e security/zeek: Update to 5.0.4 
https://github.com/zeek/zeek/releases/tag/v5.0.4

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted series of HTTP 0.9 packets can cause Zeek
   to spend large amounts of time processing the packets.

 - A specially-crafted FTP packet can cause Zeek to spend large
   amounts of time processing the command.

 - A specially-crafted IPv6 packet can cause Zeek to overflow memory
   and potentially crash.

This release fixes the following bugs:

 - Fix a potential stall in Broker’s internal data pipeline.

Reported by:	Tim Wojtulewicz
Security:	???
2022-11-24 10:29:18 -08:00

181 lines
6.3 KiB
Makefile
Raw Blame History

PORTNAME= zeek
DISTVERSION= 5.0.4
CATEGORIES= security
MASTER_SITES= https://download.zeek.org/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
MAINTAINER= leres@FreeBSD.org
COMMENT= System for detecting network intruders in real-time
WWW= https://www.zeek.org/
LICENSE= BSD3CLAUSE
BROKEN_FreeBSD_12_powerpc64= does not build: error: zero-size array 'names'
BUILD_DEPENDS= bison>=3.3:devel/bison \
cmake>=3.15.0:devel/cmake \
flex>=2.6:textproc/flex \
swig>=4.0.2:devel/swig
LIB_DEPENDS= libcares.so:dns/c-ares
RUN_DEPENDS= c-ares>=1.18.1:dns/c-ares
USES= bison cmake compiler:c++17-lang cpe gettext-runtime perl5 \
python shebangfix ssl
USE_LDCONFIG= yes
BINARY_ALIAS= python3=${PYTHON_CMD}
PORTSCOUT= limit:0,even
CXXFLAGS_powerpc64= -mpower8-vector
SHEBANG_FILES= auxil/zeekctl/auxil/trace-summary/trace-summary
SUB_FILES= pkg-message
NO_MTREE= yes
CMAKE_ON= BROKER_DISABLE_DOC_EXAMPLES BROKER_DISABLE_TESTS \
BUILD_SHARED_LIBS BUILD_STATIC_BROKER INSTALL_AUX_TOOLS
CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \
-DCMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" \
-DPY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \
-DZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \
-DZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \
-DZEEK_ROOT_DIR:PATH=${PREFIX} \
-DZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek
ZEEKUSER?= zeek
ZEEKGROUP?= zeek
PLIST_SUB+= ARCH=${UNAME_M} \
LCASE_OPSYS=${OPSYS:tl} \
ZEEKGROUP=${ZEEKGROUP} \
ZEEKUSER=${ZEEKUSER}
USERS= ${ZEEKUSER}
GROUPS= ${ZEEKGROUP}
OPTIONS_DEFINE= GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP PERFTOOLS SPICY ZEEKCTL \
ZKG
OPTIONS_SINGLE= BUILD_TYPE
OPTIONS_SINGLE_BUILD_TYPE= DEBUG MINSIZEREL RELEASE RELWITHDEBINFO
OPTIONS_DEFAULT= GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP RELEASE ZEEKCTL \
ZKG
OPTIONS_DEFAULT_aarch64= SPICY
OPTIONS_DEFAULT_amd64= SPICY
OPTIONS_DEFAULT_armv6= SPICY
OPTIONS_DEFAULT_armv7= SPICY
OPTIONS_DEFAULT_i386= SPICY
OPTIONS_SUB= yes
DEBUG_DESC= Optimizations off, debug symbols/flags on
GEOIP2_DESC= Build with GeoIP2 (MaxMindDB) support
IPSUMDUMP_DESC= Enables traffic summaries
LBL_CF_DESC= Unix time to formated time/date filter support
LBL_HF_DESC= Address to hostname filter support
MINSIZEREL_DESC= Optimizations on, debug symbols/flags off
NETMAP_DESC= Native Netmap Packet IOSource for Zeek
PERFTOOLS_DESC= Use Perftools to improve memory & CPU usage
RELEASE_DESC= Optimizations on, debug symbols/flags off
RELWITHDEBINFO_DESC= Optimizations/debug symbols on, debug flags off
SPICY_DESC= Enable the Spicy parser generator
ZEEKCTL_DESC= ZeekControl support (implies IPSUMDUMP)
ZKG_DESC= Zeek package manager support
ZEEKCTL_IMPLIES= IPSUMDUMP
GEOIP2_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb
IPSUMDUMP_BUILD_DEPENDS= ipsumdump:net/ipsumdump
IPSUMDUMP_RUN_DEPENDS= ipsumdump:net/ipsumdump
LBL_CF_RUN_DEPENDS= ${LOCALBASE}/bin/cf:sysutils/lbl-cf
LBL_HF_RUN_DEPENDS= ${LOCALBASE}/bin/hf:sysutils/lbl-hf
NETMAP_GH_TUPLE= zeek:zeek-netmap:v2.0.0:zeek_netmap
NETMAP_USE= GITHUB=nodefault
PERFTOOLS_BUILD_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
PERFTOOLS_CMAKE_BOOL= ENABLE_PERFTOOLS
PERFTOOLS_RUN_DEPENDS= ${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
SPICY_CMAKE_OFF= -DDISABLE_SPICY=ON
ZEEKCTL_BUILD_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR}
ZEEKCTL_CMAKE_BOOL= INSTALL_ZEEKCTL
ZEEKCTL_RUN_DEPENDS= ${LOCALBASE}/bin/bash:shells/bash \
${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR}
ZKG_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}zkg>=2.7.1:security/py-zkg@${PY_FLAVOR}
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MDEBUG}
CMAKE_BUILD_TYPE= Debug
STRIP=
.elif ${PORT_OPTIONS:MMINSIZEREL}
CMAKE_BUILD_TYPE= MinSizeRel
.elif ${PORT_OPTIONS:MRELEASE}
CMAKE_BUILD_TYPE= Release
.elif ${PORT_OPTIONS:MRELWITHDEBINFO}
CMAKE_BUILD_TYPE= RelWithDebInfo
STRIP=
.endif
.if ${PORT_OPTIONS:MZEEKCTL}
USE_RC_SUBR= zeek
.endif
post-extract:
@${RM} -rf ${WRKSRC}/auxil/c-ares
post-patch:
${REINPLACE_CMD} -e '\|/usr/local/|s|$$| ${STAGEDIR}${PREFIX}/|' \
${WRKSRC_zeek_netmap}/cmake/FindNetmap.cmake
post-install-ZEEKCTL-on:
${MKDIR} ${STAGEDIR}${PREFIX}/logs
${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp
${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto
${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site
.for F in zeekctl.cfg networks.cfg node.cfg
${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.sample
.endfor
${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
${LN} -s ../../../spool/zeekctl-config.sh \
${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh
post-install:
${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \
${STAGEDIR}${DATADIR}/site/local.zeek.sample
@${RM} -rf ${STAGEDIR}${PREFIX}/var
@${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/zeek-cut
post-install-SPICY-on:
@${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Archive
@${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Test
@${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/bin
@${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/cmake
@${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/include
@${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/spicy
@${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/src
@${RM} -rf ${STAGEDIR}${PREFIX}/include/zeek/builtin-plugins/spicy-plugin/tests
@${RMDIR} ${STAGEDIR}${PREFIX}/include/zeek/script_opt/CPP/maint
@${RMDIR} ${STAGEDIR}${PREFIX}/lib/zeek-spicy/modules
pre-install-ZEEKCTL-on:
${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
post-install-NETMAP-on:
${MKDIR} ${WRKDIR}/zeek-bin
${CP} ${STAGEDIR}${PREFIX}/bin/zeek-config ${WRKDIR}/zeek-bin
${REINPLACE_CMD} -e 's|${PREFIX}|${STAGEDIR}${PREFIX}|g' \
${WRKDIR}/zeek-bin/zeek-config
cd ${WRKSRC_zeek_netmap} && ${SETENV} PATH=${WRKDIR}/zeek-bin:${PATH} \
./configure --with-netmap=/usr \
--install-root=${STAGEDIR}${PREFIX}/lib/zeek/plugins
cd ${WRKSRC_zeek_netmap}/build && make && make install
@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/zeek/plugins/Zeek_Netmap/lib/Zeek-Netmap.freebsd-${UNAME_M}.so
.include <bsd.port.pre.mk>
# Would like to use ARCH (uname -p) but it's not always correct (e.g. arm64)
UNAME_M!= ${UNAME} -m
.include <bsd.port.post.mk>
Reference in New Issue View Git Blame Copy Permalink