Update to bro-2.6.1.
This commit is contained in:
parent
23ba9b2ca1
commit
0629fbe56c
@ -1,11 +1,14 @@
|
||||
# $OpenBSD: Makefile,v 1.47 2018/09/04 12:53:16 espie Exp $
|
||||
# $OpenBSD: Makefile,v 1.48 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
COMMENT= network analysis and security monitoring framework
|
||||
|
||||
DISTNAME= bro-2.5.5
|
||||
REVISION= 0
|
||||
DISTNAME= bro-2.6.1
|
||||
|
||||
SHARED_LIBS += broccoli 5.1 # 5.1
|
||||
SHARED_LIBS += broccoli 6.0 # 5.1
|
||||
SHARED_LIBS += broker 0.0 # XXX see patch-aux_broker_CMakeLists_txt
|
||||
SHARED_LIBS += caf_core 0.0 # 0.16
|
||||
SHARED_LIBS += caf_io 0.0 # 0.16
|
||||
SHARED_LIBS += caf_openssl 0.0 # 0.16
|
||||
|
||||
CATEGORIES= net security
|
||||
|
||||
@ -16,8 +19,8 @@ MAINTAINER= Antoine Jacoutot <ajacoutot@openbsd.org>
|
||||
# BSD
|
||||
PERMIT_PACKAGE_CDROM= Yes
|
||||
|
||||
WANTLIB += GeoIP c crypto m pcap pthread ssl z
|
||||
WANTLIB += ${MODPY_WANTLIB} lib/libbind/bind ${COMPILER_LIBCXX}
|
||||
WANTLIB += c crypto m maxminddb pcap pthread ssl z
|
||||
WANTLIB += ${COMPILER_LIBCXX} ${MODPY_WANTLIB} lib/libbind/bind
|
||||
|
||||
MASTER_SITES= https://www.bro.org/downloads/
|
||||
|
||||
@ -36,11 +39,12 @@ BUILD_DEPENDS= devel/bison \
|
||||
devel/swig
|
||||
|
||||
LIB_DEPENDS= ${MODPY_LIB_DEPENDS} \
|
||||
net/GeoIP \
|
||||
net/libbind
|
||||
net/libbind \
|
||||
net/libmaxminddb
|
||||
|
||||
RUN_DEPENDS= net/GeoIP,-asn \
|
||||
net/GeoIP,-city
|
||||
RUN_DEPENDS= net/libmaxminddb,-asn \
|
||||
net/libmaxminddb,-city \
|
||||
net/libmaxminddb,-db
|
||||
|
||||
# XXX the bundled sqlite seems to pick up ICU4C if present and will error out if
|
||||
# it gets junked during the build; I could not find a proper way to disable it
|
||||
@ -73,7 +77,9 @@ CONFIGURE_ARGS= --prefix=${PREFIX} \
|
||||
SUBST_VARS= MODPY_SITEPKG
|
||||
|
||||
pre-configure:
|
||||
${SUBST_CMD} ${WRKSRC}/aux/broctl/BroControl/options.py
|
||||
${SUBST_CMD} ${WRKSRC}/aux/broctl/BroControl/options.py \
|
||||
${WRKSRC}/aux/broker/CMakeLists.txt \
|
||||
${WRKSRC}/aux/broker/3rdparty/caf/libcaf_{core,io,openssl}/CMakeLists.txt
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/examples
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (bro-2.5.5.tar.gz) = GPKusQtNk12FwRWh5Kk0ZLl1C+GbNJl89hlrKRGOc88=
|
||||
SIZE (bro-2.5.5.tar.gz) = 18525979
|
||||
SHA256 (bro-2.6.1.tar.gz) = 2XGLg/2uDHbupSVKS5RwMExNHTd4aH3ppP4LXf/qUhs=
|
||||
SIZE (bro-2.6.1.tar.gz) = 28432762
|
||||
|
@ -1,7 +1,9 @@
|
||||
$OpenBSD: patch-CMakeLists_txt,v 1.1 2016/08/27 06:39:14 ajacoutot Exp $
|
||||
--- CMakeLists.txt.orig Fri Aug 26 13:10:36 2016
|
||||
+++ CMakeLists.txt Fri Aug 26 13:10:42 2016
|
||||
@@ -17,7 +17,7 @@ endif ()
|
||||
$OpenBSD: patch-CMakeLists_txt,v 1.2 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: CMakeLists.txt
|
||||
--- CMakeLists.txt.orig
|
||||
+++ CMakeLists.txt
|
||||
@@ -29,7 +29,7 @@ endif ()
|
||||
|
||||
if (NOT BRO_MAN_INSTALL_PATH)
|
||||
# set the default Bro man page installation path (user did not specify one)
|
||||
|
@ -1,4 +1,5 @@
|
||||
$OpenBSD: patch-aux_broccoli_test_broccoli-v6addrs_c,v 1.1 2016/09/06 16:12:57 ajacoutot Exp $
|
||||
$OpenBSD: patch-aux_broccoli_test_broccoli-v6addrs_c,v 1.2 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
--- aux/broccoli/test/broccoli-v6addrs.c.orig Tue Sep 6 17:53:46 2016
|
||||
+++ aux/broccoli/test/broccoli-v6addrs.c Tue Sep 6 17:53:36 2016
|
||||
@@ -3,6 +3,7 @@
|
||||
|
@ -1,4 +1,5 @@
|
||||
$OpenBSD: patch-aux_broccoli_test_broccoli-vectors_c,v 1.1 2016/08/27 06:39:14 ajacoutot Exp $
|
||||
$OpenBSD: patch-aux_broccoli_test_broccoli-vectors_c,v 1.2 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
--- aux/broccoli/test/broccoli-vectors.c.orig Fri Aug 26 16:41:55 2016
|
||||
+++ aux/broccoli/test/broccoli-vectors.c Fri Aug 26 16:42:28 2016
|
||||
@@ -3,6 +3,7 @@
|
||||
|
@ -1,8 +1,9 @@
|
||||
$OpenBSD: patch-aux_broctl_BroControl_options_py,v 1.4 2017/06/28 09:56:09 ajacoutot Exp $
|
||||
$OpenBSD: patch-aux_broctl_BroControl_options_py,v 1.5 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broctl/BroControl/options.py
|
||||
--- aux/broctl/BroControl/options.py.orig
|
||||
+++ aux/broctl/BroControl/options.py
|
||||
@@ -187,7 +187,7 @@ options = [
|
||||
@@ -170,7 +170,7 @@ options = [
|
||||
|
||||
Option("LibDir", "${BroBase}/lib", "string", Option.AUTOMATIC, False,
|
||||
"Directory for library files."),
|
||||
|
@ -0,0 +1,16 @@
|
||||
$OpenBSD: patch-aux_broker_3rdparty_caf_libcaf_core_CMakeLists_txt,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broker/3rdparty/caf/libcaf_core/CMakeLists.txt
|
||||
--- aux/broker/3rdparty/caf/libcaf_core/CMakeLists.txt.orig
|
||||
+++ aux/broker/3rdparty/caf/libcaf_core/CMakeLists.txt
|
||||
@@ -152,8 +152,8 @@ if (NOT CAF_BUILD_STATIC_ONLY)
|
||||
)
|
||||
set_target_properties(libcaf_core_shared
|
||||
PROPERTIES
|
||||
- SOVERSION ${CAF_VERSION}
|
||||
- VERSION ${CAF_VERSION}
|
||||
+ SOVERSION ${LIBcaf_core_VERSION}
|
||||
+ VERSION ${LIBcaf_core_VERSION}
|
||||
OUTPUT_NAME caf_core
|
||||
)
|
||||
install(TARGETS libcaf_core_shared
|
@ -0,0 +1,14 @@
|
||||
$OpenBSD: patch-aux_broker_3rdparty_caf_libcaf_core_caf_config_hpp,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broker/3rdparty/caf/libcaf_core/caf/config.hpp
|
||||
--- aux/broker/3rdparty/caf/libcaf_core/caf/config.hpp.orig
|
||||
+++ aux/broker/3rdparty/caf/libcaf_core/caf/config.hpp
|
||||
@@ -207,7 +207,7 @@
|
||||
# if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,16)
|
||||
# define CAF_POLL_IMPL
|
||||
# endif
|
||||
-#elif defined(__FreeBSD__)
|
||||
+#elif defined(__FreeBSD__) || defined(__OpenBSD__)
|
||||
# define CAF_BSD
|
||||
#elif defined(__CYGWIN__)
|
||||
# define CAF_CYGWIN
|
@ -0,0 +1,16 @@
|
||||
$OpenBSD: patch-aux_broker_3rdparty_caf_libcaf_io_CMakeLists_txt,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broker/3rdparty/caf/libcaf_io/CMakeLists.txt
|
||||
--- aux/broker/3rdparty/caf/libcaf_io/CMakeLists.txt.orig
|
||||
+++ aux/broker/3rdparty/caf/libcaf_io/CMakeLists.txt
|
||||
@@ -61,8 +61,8 @@ if (NOT CAF_BUILD_STATIC_ONLY)
|
||||
)
|
||||
set_target_properties(libcaf_io_shared
|
||||
PROPERTIES
|
||||
- SOVERSION ${CAF_VERSION}
|
||||
- VERSION ${CAF_VERSION}
|
||||
+ SOVERSION ${LIBcaf_io_VERSION}
|
||||
+ VERSION ${LIBcaf_io_VERSION}
|
||||
OUTPUT_NAME caf_io)
|
||||
install(TARGETS libcaf_io_shared
|
||||
RUNTIME DESTINATION bin
|
@ -0,0 +1,16 @@
|
||||
$OpenBSD: patch-aux_broker_3rdparty_caf_libcaf_io_src_interfaces_cpp,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broker/3rdparty/caf/libcaf_io/src/interfaces.cpp
|
||||
--- aux/broker/3rdparty/caf/libcaf_io/src/interfaces.cpp.orig
|
||||
+++ aux/broker/3rdparty/caf/libcaf_io/src/interfaces.cpp
|
||||
@@ -51,6 +51,10 @@
|
||||
#include "caf/io/network/ip_endpoint.hpp"
|
||||
#include "caf/raise_error.hpp"
|
||||
|
||||
+#ifndef AI_V4MAPPED
|
||||
+# define AI_V4MAPPED 0
|
||||
+#endif
|
||||
+
|
||||
namespace caf {
|
||||
namespace io {
|
||||
namespace network {
|
@ -0,0 +1,14 @@
|
||||
$OpenBSD: patch-aux_broker_3rdparty_caf_libcaf_io_src_native_socket_cpp,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broker/3rdparty/caf/libcaf_io/src/native_socket.cpp
|
||||
--- aux/broker/3rdparty/caf/libcaf_io/src/native_socket.cpp.orig
|
||||
+++ aux/broker/3rdparty/caf/libcaf_io/src/native_socket.cpp
|
||||
@@ -93,7 +93,7 @@ namespace network {
|
||||
#endif
|
||||
|
||||
// platform-dependent SIGPIPE setup
|
||||
-#if defined(CAF_MACOS) || defined(CAF_IOS) || defined(CAF_BSD)
|
||||
+#if defined(CAF_MACOS) || defined(CAF_IOS)
|
||||
// Use the socket option but no flags to recv/send on macOS/iOS/BSD.
|
||||
const int no_sigpipe_socket_flag = SO_NOSIGPIPE;
|
||||
const int no_sigpipe_io_flag = 0;
|
@ -0,0 +1,16 @@
|
||||
$OpenBSD: patch-aux_broker_3rdparty_caf_libcaf_openssl_CMakeLists_txt,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: aux/broker/3rdparty/caf/libcaf_openssl/CMakeLists.txt
|
||||
--- aux/broker/3rdparty/caf/libcaf_openssl/CMakeLists.txt.orig
|
||||
+++ aux/broker/3rdparty/caf/libcaf_openssl/CMakeLists.txt
|
||||
@@ -32,8 +32,8 @@ if (NOT CAF_BUILD_STATIC_ONLY)
|
||||
|
||||
set_target_properties(libcaf_openssl_shared
|
||||
PROPERTIES
|
||||
- SOVERSION ${CAF_VERSION}
|
||||
- VERSION ${CAF_VERSION}
|
||||
+ SOVERSION ${LIBcaf_openssl_VERSION}
|
||||
+ VERSION ${LIBcaf_openssl_VERSION}
|
||||
OUTPUT_NAME caf_openssl)
|
||||
if (CYGWIN)
|
||||
install(TARGETS libcaf_openssl_shared RUNTIME DESTINATION bin)
|
19
net/bro/patches/patch-aux_broker_CMakeLists_txt
Normal file
19
net/bro/patches/patch-aux_broker_CMakeLists_txt
Normal file
@ -0,0 +1,19 @@
|
||||
$OpenBSD: patch-aux_broker_CMakeLists_txt,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
XXX BROKER_VERSION_MAJOR and BROKER_VERSION_MINOR are undefined
|
||||
(build ends up creating libbroker.so..)
|
||||
|
||||
Index: aux/broker/CMakeLists.txt
|
||||
--- aux/broker/CMakeLists.txt.orig
|
||||
+++ aux/broker/CMakeLists.txt
|
||||
@@ -383,8 +383,8 @@ endif ()
|
||||
if (ENABLE_SHARED)
|
||||
add_library(broker SHARED ${BROKER_SRC})
|
||||
set_target_properties(broker PROPERTIES
|
||||
- SOVERSION ${BROKER_SOVERSION}
|
||||
- VERSION ${BROKER_VERSION_MAJOR}.${BROKER_VERSION_MINOR}
|
||||
+ SOVERSION ${LIBbroker_VERSION}
|
||||
+ VERSION ${LIBbroker_VERSION}
|
||||
MACOSX_RPATH true
|
||||
OUTPUT_NAME broker)
|
||||
target_link_libraries(broker ${LINK_LIBS})
|
@ -1,7 +1,9 @@
|
||||
$OpenBSD: patch-configure,v 1.2 2016/11/19 12:02:37 ajacoutot Exp $
|
||||
--- configure.orig Wed Nov 16 23:53:44 2016
|
||||
+++ configure Thu Nov 17 07:43:54 2016
|
||||
@@ -32,6 +32,9 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
$OpenBSD: patch-configure,v 1.3 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: configure
|
||||
--- configure.orig
|
||||
+++ configure
|
||||
@@ -42,6 +42,9 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
--logdir=PATH when using BroControl, path to store log file
|
||||
[PREFIX/logs]
|
||||
--conf-files-dir=PATH config files installation directory [PREFIX/etc]
|
||||
@ -10,8 +12,8 @@ $OpenBSD: patch-configure,v 1.2 2016/11/19 12:02:37 ajacoutot Exp $
|
||||
+ [PREFIX/lib/broctl]
|
||||
|
||||
Optional Features:
|
||||
--enable-debug compile in debugging mode
|
||||
@@ -178,6 +181,9 @@ while [ $# -ne 0 ]; do
|
||||
--enable-debug compile in debugging mode (like --build-type=Debug)
|
||||
@@ -199,6 +202,9 @@ while [ $# -ne 0 ]; do
|
||||
;;
|
||||
--logdir=*)
|
||||
append_cache_entry BRO_LOG_DIR PATH $optarg
|
||||
@ -19,5 +21,5 @@ $OpenBSD: patch-configure,v 1.2 2016/11/19 12:02:37 ajacoutot Exp $
|
||||
+ --python-install-dir=*)
|
||||
+ append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg
|
||||
;;
|
||||
--enable-debug)
|
||||
append_cache_entry ENABLE_DEBUG BOOL true
|
||||
--enable-coverage)
|
||||
append_cache_entry ENABLE_COVERAGE BOOL true
|
||||
|
15
net/bro/patches/patch-src_Sessions_cc
Normal file
15
net/bro/patches/patch-src_Sessions_cc
Normal file
@ -0,0 +1,15 @@
|
||||
$OpenBSD: patch-src_Sessions_cc,v 1.3 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
warning: '__inet_makeaddr' has C-linkage specified, but returns incomplete type 'struct in_addr' which could be incompatible with C
|
||||
|
||||
Index: src/Sessions.cc
|
||||
--- src/Sessions.cc.orig
|
||||
+++ src/Sessions.cc
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
#include "bro-config.h"
|
||||
|
||||
+#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <stdlib.h>
|
15
net/bro/patches/patch-src_analyzer_protocol_dns_DNS_cc
Normal file
15
net/bro/patches/patch-src_analyzer_protocol_dns_DNS_cc
Normal file
@ -0,0 +1,15 @@
|
||||
$OpenBSD: patch-src_analyzer_protocol_dns_DNS_cc,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
warning: '__inet_makeaddr' has C-linkage specified, but returns incomplete type 'struct in_addr' which could be incompatible with C
|
||||
|
||||
Index: src/analyzer/protocol/dns/DNS.cc
|
||||
--- src/analyzer/protocol/dns/DNS.cc.orig
|
||||
+++ src/analyzer/protocol/dns/DNS.cc
|
||||
@@ -5,6 +5,7 @@
|
||||
#include <ctype.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
+#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include "NetVar.h"
|
@ -0,0 +1,77 @@
|
||||
$OpenBSD: patch-src_file_analysis_analyzer_x509_OCSP_cc,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: src/file_analysis/analyzer/x509/OCSP.cc
|
||||
--- src/file_analysis/analyzer/x509/OCSP.cc.orig
|
||||
+++ src/file_analysis/analyzer/x509/OCSP.cc
|
||||
@@ -44,7 +44,7 @@ static Val* get_ocsp_type(RecordVal* args, const char*
|
||||
|
||||
static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp, BIO* bio)
|
||||
{
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ASN1_OCTET_STRING* key = nullptr;
|
||||
X509_NAME* name = nullptr;
|
||||
|
||||
@@ -423,7 +423,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* r
|
||||
|
||||
uint64 version = 0;
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
if ( req->tbsRequest->version )
|
||||
version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version);
|
||||
#else
|
||||
@@ -495,7 +495,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *
|
||||
if ( !basic_resp )
|
||||
goto clean_up;
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
resp_data = basic_resp->tbsResponseData;
|
||||
if ( !resp_data )
|
||||
goto clean_up;
|
||||
@@ -506,7 +506,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *
|
||||
vl->append(resp_val->Ref());
|
||||
vl->append(status_val);
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
vl->append(new Val((uint64)ASN1_INTEGER_get(resp_data->version), TYPE_COUNT));
|
||||
#else
|
||||
vl->append(parse_basic_resp_data_version(basic_resp));
|
||||
@@ -526,7 +526,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *
|
||||
}
|
||||
|
||||
// producedAt
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
produced_at = resp_data->producedAt;
|
||||
#else
|
||||
produced_at = OCSP_resp_get0_produced_at(basic_resp);
|
||||
@@ -551,7 +551,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *
|
||||
// cert id
|
||||
const OCSP_CERTID* cert_id = nullptr;
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
cert_id = single_resp->certId;
|
||||
#else
|
||||
cert_id = OCSP_SINGLERESP_get0_id(single_resp);
|
||||
@@ -618,7 +618,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *
|
||||
}
|
||||
}
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm);
|
||||
len = BIO_read(bio, buf, sizeof(buf));
|
||||
vl->append(new StringVal(len, buf));
|
||||
@@ -635,7 +635,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *
|
||||
certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType());
|
||||
vl->append(certs_vector);
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
certs = basic_resp->certs;
|
||||
#else
|
||||
certs = OCSP_resp_get0_certs(basic_resp);
|
28
net/bro/patches/patch-src_file_analysis_analyzer_x509_X509_h
Normal file
28
net/bro/patches/patch-src_file_analysis_analyzer_x509_X509_h
Normal file
@ -0,0 +1,28 @@
|
||||
$OpenBSD: patch-src_file_analysis_analyzer_x509_X509_h,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: src/file_analysis/analyzer/x509/X509.h
|
||||
--- src/file_analysis/analyzer/x509/X509.h.orig
|
||||
+++ src/file_analysis/analyzer/x509/X509.h
|
||||
@@ -8,13 +8,20 @@
|
||||
#include "Val.h"
|
||||
#include "X509Common.h"
|
||||
|
||||
-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER))
|
||||
|
||||
#define X509_get_signature_nid(x) OBJ_obj2nid((x)->sig_alg->algorithm)
|
||||
|
||||
+/* not implemented in libressl yet */
|
||||
+#if defined(LIBRESSL_VERSION_NUMBER)
|
||||
+#define X509_OBJECT_new() (X509_OBJECT*)malloc(sizeof(X509_OBJECT))
|
||||
+#define X509_OBJECT_free(a) free(a)
|
||||
#endif
|
||||
|
||||
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || LIBRESSL_VERSION_NUMBER)
|
||||
+#endif
|
||||
+
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || \
|
||||
+ defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
|
||||
|
||||
#define X509_OBJECT_new() (X509_OBJECT*)malloc(sizeof(X509_OBJECT))
|
||||
#define X509_OBJECT_free(a) free(a)
|
@ -0,0 +1,44 @@
|
||||
$OpenBSD: patch-src_file_analysis_analyzer_x509_functions_bif,v 1.1 2018/12/30 14:14:14 ajacoutot Exp $
|
||||
|
||||
Index: src/file_analysis/analyzer/x509/functions.bif
|
||||
--- src/file_analysis/analyzer/x509/functions.bif.orig
|
||||
+++ src/file_analysis/analyzer/x509/functions.bif
|
||||
@@ -115,7 +115,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs
|
||||
const ASN1_OCTET_STRING* key = nullptr;
|
||||
const X509_NAME* name = nullptr;
|
||||
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId;
|
||||
|
||||
if ( resp_id->type == V_OCSP_RESPID_NAME )
|
||||
@@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector,
|
||||
|
||||
// Because we actually want to be able to give nice error messages that show why we were
|
||||
// not able to verify the OCSP response - do our own verification logic first.
|
||||
-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
signer = x509_get_ocsp_signer(basic->certs, basic);
|
||||
#else
|
||||
signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic);
|
||||
@@ -370,7 +370,11 @@ function x509_ocsp_verify%(certs: x509_opaque_vector,
|
||||
}
|
||||
|
||||
{
|
||||
+#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ auto basic_certs = basic->certs;
|
||||
+#else
|
||||
auto basic_certs = OCSP_resp_get0_certs(basic);
|
||||
+#endif
|
||||
if ( basic_certs )
|
||||
ocsp_certs = sk_X509_dup(basic_certs);
|
||||
|
||||
@@ -714,7 +718,7 @@ function sct_verify%(cert: opaque of x509, logid: stri
|
||||
uint32 cert_length;
|
||||
if ( precert )
|
||||
{
|
||||
-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
|
||||
+#if (OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER))
|
||||
x->cert_info->enc.modified = 1;
|
||||
cert_length = i2d_X509_CINF(x->cert_info, &cert_out);
|
||||
#else
|
1307
net/bro/pkg/PLIST
1307
net/bro/pkg/PLIST
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user