security/zeek: Update to 5.0.4

    https://github.com/zeek/zeek/releases/tag/v5.0.4

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted series of HTTP 0.9 packets can cause Zeek
   to spend large amounts of time processing the packets.

 - A specially-crafted FTP packet can cause Zeek to spend large
   amounts of time processing the command.

 - A specially-crafted IPv6 packet can cause Zeek to overflow memory
   and potentially crash.

This release fixes the following bugs:

 - Fix a potential stall in Broker’s internal data pipeline.

Reported by:	Tim Wojtulewicz
Security:	???

security/zeek: Update to 5.0.3

    https://github.com/zeek/zeek/releases/tag/v5.0.3

This release fixes the following potential DoS vulnerabilities:

 - Fix an issue where a specially-crafted FTP packet can cause Zeek
   to spend large amounts of time attempting to search for valid
   commands in the data stream.

 - Fix a possible overflow in the Zeek dictionary code that may
   lead to a memory leak.

 - Fix an issue where a specially-crafted packet can cause Zeek to
   spend large amounts of time reporting analyzer violations.

security/zeek: Update to 5.0.2

    https://github.com/zeek/zeek/releases/tag/v5.0.2

Security fixes:

 - Fix a possible overflow and crash in the ICMP analyzer when
   receiving a specially crafted packet

 - Fix a possible overflow and crash in the IRC analyzer when
   receiving a specially crafted packet

 - Fix a possible overflow and crash in the SMB analyzer when
   receiving a specially crafted packet

security/zeek: Port improvements

 - Remove useless BROKER option.

 - Remove USES=ninja (now implied by USES=cmake).

 - Make bison, flex, and swig hard dependencies.

 - Strip several installed binaries.

 - Remove some test files and directories mistakenly installed by
   spicy.

 - While we're here, run portfmt.

Thanks to @diizzy for the bulk of these changes.

PR:		266345
Reported by:	diizzy

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security/zeek: Update to 5.0.1

    https://github.com/zeek/zeek/releases/tag/v5.0.1

Security fixes since 5.0.0:

 - Fix a possible overflow and crash in the ARP analyzer when
   receiving a specially crafted packet.

 - Fix a possible overflow and crash in the Modbus analyzer when
   receiving a specially crafted packet.

 - Fix two possible crashes when converting IP headers for output
   via the raw_packet event.

security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>

security/zeek: fix build on non aarch64 / amd64 / armv? / i386

1. Enable SPICY only on aarch64 / amd64 / armv? / i386 as specified in
https://github.com/zeek/spicy/blob/d0bc60537b53c3a951a0bdcb7b1c080bbb068abf/hilti/runtime/src/fiber.cc#L252
2. Correct a parameter passed to CMake to disable Spicy.
3. Correct pkg-plist for build with disabled Spicy.

Approved by:	portmgr (blanket)

security/zeek: Update input framework patch

    https://github.com/zeek/zeek/pull/2266

This version of the patch fixes tail -F semantics when want_record=F.

security/zeek: Patch to allow building without ENABLE_ZEEK_UNIT_TESTS

5.0.0 does not build without ENABLE_ZEEK_UNIT_TESTS enabled.
Apply upstream patch which solves this:

    https://github.com/zeek/zeek/pull/2256

Obtained from:	Benjamin Bannier

security/zeek: Update to 5.0.0 (latest LTS release)

    https://github.com/zeek/zeek/releases/tag/v5.0.0

Changes incompatiable with 4.0.7:

 - The script-land ``union`` and ``timer`` types have been removed.
   They haven't had any actual semantics backing them for some time
   and shouldn't have functioned in any useable way. We opted to
   skip the deprecation cycle for these types for that reason.

 - Broker now uses a new network backend with a custom network
   protocol that is incompatible with the pre-5.0 backend. In
   practice, this means Zeek 4.x will not be able to exchange events
   with Zeek 5.x. Going forward, this new backend will allow us to
   keep the Broker protocol more stable and add new capabilities
   in a backwards compatible way.

While we're here add a comment explaining why we really need uname
-p instead of using ARCH (uname -m). Also solve a portlint nag.

Reported by:	Tim Wojtulewicz

security/zeek: Patch to provide  tail -F semantics for input framework
MODE_STREAM

This is a backport of this github pull request:

    https://github.com/zeek/zeek/pull/2097

security/zeek: Update to 4.0.7

    https://github.com/zeek/zeek/releases/tag/v4.0.7

Security fixes since 4.0.6:

 - Fix potential hang in the DNS analyzer when receiving a
   specially-crafted packet. Due to the possibility of this happening
   with packets received from the network, this is a potential DoS
   vulnerability.

Other changes:

 - Fix issue with broken libpcaps that return repeat packets, most
   notably the version provided with Myricom hardware.

Reported by:	Tim Wojtulewicz

security/zeek: Update to 4.0.6

    https://github.com/zeek/zeek/releases/tag/v4.0.6

Security fixes since 4.0.5:

 - Fix potential unbounded state growth in the FTP analyzer when
   receiving a specially-crafted stream of commands. This may lead
   to a buffer overflow and cause Zeek to crash. Due to the possibility
   of this happening with packets received from the network, this
   is a potential DoS vulnerabilty.

Other changes:

 - Empty table constructors with &default attributes may cause a
   crash.

 - Fix a bug in ZAM when a function containing a loop is inlined

 - Fix a number of bugs with robust dictionary iteration.

 - Fix missing "Reporter" entries when reporting hooks via zeek.

Reported by:    Tim Wojtulewicz

security/zeek: Update to 4.0.5

Changes since 4.0.4:

 - The highwayhash module was updated to fix a build failure on
   FreeBSD.

 - A number of fixes for various problems on the CI infrastructure.

 - Writers were not being cleaned up correctly when recreating log
   streams with the same ID as an existing stream. This could lead
   to a crash.

 - IP packets with bad/incorrect IP header lengths were not reporting
   weirds as they should be.

Reported by:	Tim Wojtulewicz

*: fix tab vs. space issues, and comments according to the guide.

cleanup: drop support for EOL FreeBSD 11.X

Search criteria used:
- 11.4
- OSREL*
- OSVER*
- *_FreeBSD_11

Input from:
- adridg: devel/qca-legacy
- jbeich: _WITH_DPRINTF, _WITH_GETLINE, GNU bfd workarounds
- sunpoet: security/p5-*OpenSSL*

Reviewed by:	doceng, kde, multimedia, perl, python, ruby, rust
Differential Revision: https://reviews.freebsd.org/D32008
Test Plan: make index

security/zeek: Update to 4.0.4

    https://github.com/zeek/zeek/releases/tag/v4.0.4

This release fixes two vulnerabilities:

 - Paths from log stream make it into system() unchecked, potentially
   leading to commands being run on the system unintentionally.
   This requires either bad scripting or a malicious package to be
   installed, and is considered low severity.

 - Fix potential unbounded state growth in the PIA analyzer when
   receiving a connection with either a large number of zero-length
   packets, or one which continues ack-ing unseen segments. It is
   possible to run Zeek out of memory in these instances and cause

security/zeek: Add CPE information

Approved by:    portmgr (blanket)

security/zeek: Add @sample for local.zeek

This github issue:

    https://github.com/zeek/zeekctl/issues/35

complained about the lack of a local.zeek file on a fresh install;
adding @sample for local.zeek solves this.

Reported by:	shadonet

security/zeek: fix build on powerpc64*

In file included from
/wrkdirs/usr/ports/security/zeek/work/zeek-4.0.3/auxil/highwayhash/highwayhash/arch_specific.cc:27:
/usr/include/sys/sysctl.h:1185:25: error: unknown type name 'u_int'
int     sysctl(const int *, u_int, void *, size_t *, const void *, size_t);

security/zeek: Unbreak build under 14.0-CURRENT

According to the cpuset(2) man page, sys/param.h must be included
before sys/cpuset.h. This was fixed in zeek (in the highwayhash
submodule) in May of 2020 and undone in August of 2020. Add a patch
that matches the pull request I just created with upstream:

    https://github.com/zeek/highwayhash/pull/1

Thanks to @pluknet for diagnosing the build failure.

Reported by:	pkg-fallout

security/zeek: Update to 4.0.3

    https://github.com/zeek/zeek/releases/tag/v4.0.3

This release fixes the following bugs:

 - Zeek now accepts unset fields in the input data only when the
   corresponding record field is &optional.

 - The version field in ssh.log is now optional and will not be set
   if we cannot determine the version that was negotiated by the
   client and server.

 - Zeekctl could crash at startup on certain compilers and platforms
   due to a memory corruption issue in the Broker python bindings.

security/zeek: Add a ZKG option to pull in py-zkg

security/zeek: Update to 4.0.2

    https://github.com/zeek/zeek/releases/tag/v4.0.2

This release fixes several potential DoS vulnerabilities:

 - Fix potential Undefined Behavior in decode_netbios_name() and
   decode_netbios_name_type() BIFs. The latter has a possibility
   of a remote heap-buffer-overread, making this a potential DoS
   vulnerability.

 - Add some extra length checking when parsing mobile ipv6 packets.
   Due to the possibility of reading invalid headers from remote
   sources, this is a potential DoS vulnerability.

security/zeek: Unbreak build when PREFIX is not /usr/local

security/zeek: Unbreak package when CMAKE_BUILD_TYPE is not Release

security/zeek: Add fine grained DEBUG options

Allow the user to pick from DEBUG, MINSIZEREL, RELEASE, and
RELWITHDEBINFO options instead of just DEBUG. Don't STRIP with DEBUG
or RELWITHDEBINFO. Make some minor whitespace changes suggested by
portfmt.

security/zeek: fix build on powerpc64le

Fix typo in systlbyname().

security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS

    https://github.com/zeek/zeek/releases/tag/v4.0.1

This release fixes the following vulnerability:

 - Fix null-pointer dereference when encountering an invalid enum
   name in a config/input file that tries to read it into a set[enum].
   For those that have such an input feed whose contents may come
   from external/remote sources, this is a potential DoS vulnerability.

Other fixes:

 - Fix mime type detection bug in IRC/FTP file_transferred event
   for file data containing null-bytes

security/zeek: Unbreak armv7 build and fix testport issue

Add a patch from upstream to fix building on armv7 (used by pfsense):

    https://github.com/zeek/zeek/issues/1496

Thanks to @garga for the pointer.

Fix a testport "left over" file @adridg reported. When zeek is run
as part of package installation, it copies some config files to
spool/installed-scripts-do-not-touch/site and local.zeek.sample
hitches a ride and needs to be removed on uninstall. But it is not
really a @sample candidate.

While we're here fix some minor portlint (env -> ${SETENV}) and
clean up some commented out directives.

Reported by:	garga adridg

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

security/zeek: fix build on powerpc64 elfv2

-mpowerp8-vector is now necessary due to use of highwayhash.

Fix typo on sysctlbyname.

Also correct typo in BROKEN entries.

security/zeek: Update to 4.0.0

This is the next Long-Term Support (LTS) major version:

    https://github.com/zeek/zeek/releases/tag/v4.0.0
    https://zeek.org/2020/12/15/zeek-4-0-release-candidate/

Support for the previous LTS (3.0.x) will end in about two months.

Reported by:	Jon Siwek

security/zeek: Update to 3.0.13

    https://github.com/zeek/zeek/releases/tag/v3.0.13

This release fixes the following vulnerability:

 - Fix ASCII Input reader's treatment of input files containing
   null-bytes. An input file containing null-bytes could lead to a
   buffer-over-read, crash Zeek, and be exploited to cause Denial
   of Service.

And fixes the following bugs:

 - MIME sub-entities overwrote top-level header values cause
   misleading SMTP log

 - Fix incorrect major_subsys_version field in pe_optional_header
   event

Reported by:	Jon Siwek

security/zeek: enable on powerpc64 head

security/zeek: Install cmake files

Unstream requested that share/zeek/cmake/* be installed as the files
are used to build zeek plugins.

While here update some pkg-plist @preunexec entries (*.bro -> *.zeek).

Reported by:	Robin Sommer, Benjamin Bannier

security/zeek: Improve the pkg upgrade experience

Don't remove %%PREFIX%%/spool/state.db otherwise when zeek is
upgraded zeekctl doesn't detect the running instance and "restart"
fails.

Split uninstall related info in pkg-message.in to a new remove
section (and fix some typos).

security/zeek: Update to 3.0.12

    https://github.com/zeek/zeek/releases/tag/v3.0.12

This release fixes the following bugs:

 - Incorrect ICMP Neighbor Discovery Option length calculation

 - Fix SMB2 response status parsing

 - Fix excessive connection_status_update events for ICMP connections

Reported by:	Jon Siwek

security/zeek: Remove deprecated security/broccoli option

Upstream confirms that support for the broccoli protocol will be
removed in a future version of zeek. And given that security/broccoli
requires python2 which will be deprecated at the end of December,
lets remove broccoli support from zeek now.

security/zeek: Fix build on armv7 and allow running as non-root user

Apply Renato Botelho's fix for the ARCH used in PLIST_SUB (with
some changes). Essentially use uname -m instead of trying to fix
up the ARCH defined by bsd.port.mk (uname -p).

While we're here:

 - Convert networks.cfg, node.cfg, and zeekctl.cfg to use @sample

 - Use @sample to avoid clobbering site.zeek (oops).

 - Remove unnecessary subshell for the post-build-NETMAP-on target.

 - Silence the annoying "use ZeekControl.plugin instead of

security/zeek: Update to 3.0.11 to fix memory leaks and potential DOS:

    https://github.com/zeek/zeek/releases/tag/v3.0.11

 - A memory leak in multipart MIME code has potential for remote
   exploitation and cause for Denial of Service via resource
   exhaustion.

Other fixes:

 - Fix incorrect RSTOS0 conn_state determinations

Reported by:	Jon Siwek
MFH:		2020Q4
Security:	769a4f60-9056-4c27-89a1-1758a59a21f8

security/zeek: Update to 3.0.10 to fix memory leaks and potential DOS:

    https://github.com/zeek/zeek/releases/tag/v3.0.10

 - Fix memory leak caused by re-entering AYIYA parsing

 - Fix memory leak caused by re-entering GTPv1 parsing

Other fixes:

 - Fix Input Framework 'change' events for 'set' destinations

 - Fix reported body-length of HTTP messages w/ sub-entities

Reported by:	Jon Siwek
MFH:		2020Q3
Security:	2c92fdd3-896c-4a5a-a0d8-52acee69182d

security/zeek: Update to 3.0.8 and address various vulnerabilities:

    https://github.com/zeek/zeek/releases/tag/v3.0.8

 - Fix potential DNS analyzer stack overflow

 - Fix potential NetbiosSSN analyzer stack overflow

Other fixes:

 - Fix DHCP Client ID Option misformat for Hardware Type 0

 - Fix/allow copying/cloning of opaque of Broker::Store

 - Fix ConnPolling memory over-use

security/zeek: fix packaging on aarch64

pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/lib/zeek/plugins/Bro_Netmap/lib/Bro-Netmap.freebsd-aarch64.so:No
such file or directory

Approved by:	portmgr (tier-2 blanket)

Move devel/swig30 to devel/swig and update to 4.0.1

- Do not silence installation message
- Update dependent ports:
  - Fix build with swig 4.0.1
  - Update *_DEPENDS
  - Remove BINARY_ALIAS

Changes:	http://www.swig.org/news.php
PR:		246613
Exp-run by:	antoine

security/zeek: Update to 3.0.7 and address various vulnerabilities:

    https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS

 - Fix potential stack overflow in NVT analyzer

 - Fix NVT analyzer memory leak from multiple telnet authn name options

 - Fix multiple content-transfer-encoding headers causing a memory leak

 - Fix potential leak of Analyzers added to tree during Analyzer::Done

 - Prevent IP fragment reassembly on packets without minimal IP header

Other fixes:

security/zeek: Fix build with PERFTOOLS which needed BUILD_DEPENDS.

While we're here sort options related.

Reported by:	James Welcher

security/zeek: Update to 3.0.6 and address multiple vulnerabilites:

    https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS

 - Fix buffer over-read in Ident analyzer

 - Fix SSL scripting error leading to uninitialized field access
   and memory leak

 - Fix POP3 analyzer global buffer over-read

 - Fix potential stack overflows due to use of Variable-Length-Arrays

Other changes since 3.0.5 include:

security/zeek: Update to 3.0.5

Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).

  
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS

 - Same as 3.0.4 but fixes compilation on various platforms with
   older compilers, for example GCC 4.8.x.

security/zeek: Update to 3.0.4 and address a remote crash vulnerability:

  
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS

 - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
   remotely via crafted packet sequence.

Other fixes:

 - Fix use-after-free in Zeek lambda functions with uninitialized
   locals

 - Fix buffer overflow due to tables/records created at parse-time
   not rebuilt on record redef

security/zeek: Fix typo in the rc.d script

(From the PR) "bro_stop" should say "zeek_stop" instead.

PR:		245612
Reported by:	bugs@codejammer.se
MFH:		2020Q2

security/zeek: Limit portscout to even long term support release versions

    https://github.com/zeek/zeek/releases

    Zeek 3.0.x is the Long-Term Support release, receiving bug fixes
    until at least October 2020 while Zeek 3.1.x is the current
    feature release, receiving bug fixes until approximately July
    2020 when the 3.2.x release series begins.

Approved by:	matthew (mentor, implicit)

security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:

   https://github.com/zeek/zeek/releases/tag/v3.0.2
   https://github.com/zeek/zeek/releases/tag/v3.0.3

 - Potential Denial of Service due to memory leak in DNS TSIG message
   parsing.

 - Potential Denial of Service due to memory leak (or assertion
   when compiling with assertions enabled) when receiving a second
   SSH KEX message after a first.

 - Potential Denial of Service due to buffer read overflow and/or
   memory leaks in Kerberos analyzer.  The buffer read overflow

security/bro: Update to 3.0.1. As announced by Jon Siwek:

    This is a bug-fix release that most notably addresses a JSON
    logging performance regression in 3.0.0, but also fixes other
    minor bugs. A list which details the changes can be found here:

    https://github.com/zeek/zeek/releases/tag/v3.0.1

Approved by:	ler (mentor, implicit)

security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D22376