security/bro, port upgrade to version 1.2.1, take over maintainership

This is an upgrade of the security/bro port to the current stable version. The port is very complex, so it needs to be tested carefully to make sure that I'm not screwing anything up or using wrong conventions. Also, I'm willing to take over maintainership of the port if it's accepted into the tree. Please note, there are several files that need to be removed from the port and quite a few that need to be added. All these files are in FILESDIR. I have provided blank patches for the files that need to be removed, so the patches will create blank files. Added IS_INTERACTIVE to the port Left original freebsd header comments in it. Next time please use one big patch-file instead of lots of little ones :-) PR: ports/114999 Submitted by: Paul Schmehl <pauls@utdallas.edu>
svn path=/head/; revision=199269
2025-01-10 07:04:03 +00:00 · 2007-09-10 13:28:12 +00:00 · 2007-09-10 13:28:12 +00:00 · 13b2aeec3d · 2021-03-31 03:12:20 +00:00
commit 13b2aeec3d
parent adbd08cb88
27 changed files with 856 additions and 251 deletions
--- a/security/bro/Makefile
+++ b/security/bro/Makefile
@ -1,62 +1,106 @@
-# ex:ts=8
 # Ports collection makefile for:  bro
-# Date created:			  Sat Feb 28, 1998
-# Whom:				  David O'Brien (obrien@FreeBSD.org)
+# Date created:			  Mon Jul 16, 2007
+# Whom:				  Paul Schmehl (pauls@utdallas.edu)
 #
 # $FreeBSD$
 #

 PORTNAME=	bro
-PORTVERSION=	0.8
-PORTREVISION=	1
+PORTVERSION=	1.2
 CATEGORIES=	security
-MASTER_SITES=	ftp://ftp.ee.lbl.gov/
-DISTNAME=	${PORTNAME}-pub-${PORTVERSION}a37
+MASTER_SITES=	ftp://bro-ids.org/
+DISTNAME=	${PORTNAME}-${PORTVERSION}-stable

-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	pauls@utdallas.edu
 COMMENT=	System for detecting Network Intruders in real-time

 BUILD_DEPENDS=	bison:${PORTSDIR}/devel/bison

-WRKSRC=		${WRKDIR}/${PORTNAME}-pub-${PORTVERSION}a37
+OPTIONS=	GPG "Support encrypted email" Off \
+		DOCS "Install documentation (not recommended)" Off

+WRKSRC=		${WRKDIR}/bro-${PORTVERSION}.1
+
+USE_LDCONFIG=	${PREFIX}/share
 GNU_CONFIGURE=	yes
 MAKE_ENV+=	CC="${CC}"
 CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
 CONFIGURE_ARGS=	--libdir=${PREFIX}/share
 USE_PERL5=	yes

+IS_INTERACTIVE=	yes	# during the install phase
+
+SUB_FILES=	pkg-deinstall pkg-install pkg-message
+SUB_LIST=	BROHOME=${BROHOME} BROSITEDIR=${BROSITEDIR} SITE_PERL=${SITE_PERL} WRKSRC=${WRKSRC}
+BROHOME=	${PREFIX}/bro
+BROSITEDIR=	${BROHOME}/site
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_GPG)
+BUILD_DEPENDS+=	gpg:${PORTSDIR}/security/gnupg
+.endif
+.if !defined(WITH_DOCS)
+NOPORTDOCS=	Yes
+.endif
+
 post-extract:
-	@cd ${WRKSRC} && ${TAR} xfz libedit.src.tar.gz
+	@cd ${WRKSRC}/src && ${TAR} xfz libedit.src.tar.gz

 post-patch:
 	@${REINPLACE_CMD} -e 's|CFLAGS+=-g -O0||g; \
 		s|CC=gcc||' \
-		${WRKSRC}/libedit/Makefile.in \
-		${WRKSRC}/libedit/Makefile
+		${WRKSRC}/src/libedit/Makefile.in \
+		${WRKSRC}/src/libedit/Makefile
 	@${REINPLACE_CMD} -e "s,tr '\[a-z\]' '\[A-Z\]',tr 'a-z' 'A-Z',g" \
-		${WRKSRC}/libedit/makelist
+		${WRKSRC}/src/libedit/makelist
 	@${REINPLACE_CMD} -E -e 's,(const char\*) const (helpstring),\1 \2,g' \
-		${WRKSRC}/DebugCmds.h
+		${WRKSRC}/src/DebugCmds.h

 pre-configure:
 	@${ECHO_CMD} "Configure libedit..."
-	@(cd ${WRKSRC}/libedit && ${MAKE_ENV} ./configure)
+	@(cd ${WRKSRC}/src/libedit && ${MAKE_ENV} ./configure)

 pre-build:
 	@${ECHO_CMD} "Building libedit..."
-	@(cd ${WRKSRC}/libedit && ${MAKE})
-
-pre-install:
-	@${MKDIR} ${DATADIR}
+	@(cd ${WRKSRC}/src/libedit && ${MAKE})

 post-install:
-	@${STRIP_CMD} ${PREFIX}/sbin/bro
-	@${INSTALL_DATA} ${WRKSRC}/policy/*.* ${DATADIR}
+	@${STRIP_CMD} ${PREFIX}/bin/bro
+	@${MKDIR} ${PREFIX}/bro/etc
+	@${MKDIR} ${SITE_PERL}/mach/Bro
+	@${MKDIR} ${SITE_PERL}/mach/Bro/Log
+	@${MKDIR} ${SITE_PERL}/mach/Bro/Report
+	${INSTALL_DATA} ${WRKSRC}/scripts/bro.cfg.example ${PREFIX}/etc
+	${INSTALL_DATA} ${WRKSRC}/scripts/local.site.bro.default ${BROSITEDIR}
+	${INSTALL_DATA} ${WRKSRC}/scripts/IP4.pm ${SITE_PERL}/mach
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Config.pm ${SITE_PERL}/mach/Bro
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log.pm ${SITE_PERL}/mach/Bro
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report.pm ${SITE_PERL}/mach/Bro
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Signature.pm ${SITE_PERL}/mach/Bro
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Alarm.pm ${SITE_PERL}/mach/Bro/Log
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Log/Conn.pm ${SITE_PERL}/mach/Bro/Log
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Alarm.pm ${SITE_PERL}/mach/Bro/Report
+	${INSTALL_DATA} ${WRKSRC}/scripts/perl/lib/Bro/Report/Conn.pm ${SITE_PERL}/mach/Bro/Report
+	${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc ${BROHOME}/scripts
+	${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro.rc-hooks.sh ${BROHOME}/scripts
+	${INSTALL_SCRIPT} ${WRKSRC}/scripts/bro_config ${BROHOME}/scripts
+	${INSTALL_SCRIPT} ${WRKSRC}/scripts/localnetMAC.pl ${BROHOME}/scripts
+	${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/edit-brorule.pl ${BROHOME}/scripts
+	${INSTALL_SCRIPT} ${WRKSRC}/scripts/perl/script/site-report.pl ${BROHOME}/scripts
+	${INSTALL_PROGRAM} ${WRKSRC}/aux/adtrace/adtrace ${PREFIX}/bin
+	${SH} ${PKGINSTALL}
+
 .if !defined(NOPORTDOCS)
+	@${ECHO_MSG} "You have chosen to install documentation"
+	@${ECHO_MSG} "but the online documentation will be much"
+	@${ECHO_MSG} "more up to date."
 	@${MKDIR} ${DOCSDIR}
-	${INSTALL_MAN} ${WRKSRC}/doc/bro-CN99.ps ${DOCSDIR}
-	@${GZIP_CMD} ${DOCSDIR}/bro-CN99.ps
+	${INSTALL_DATA} ${WRKSRC}/doc/quick-start/Bro-quick-start.pdf ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/doc/quick-start/bro-deployment.pdf ${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/doc/user-manual/Bro-user-manual.pdf ${DOCSDIR}
 .endif

-.include <bsd.port.mk>
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
--- a/security/bro/distinfo
+++ b/security/bro/distinfo
@ -1,3 +1,3 @@
-MD5 (bro-pub-0.8a37.tar.gz) = abf9ddc6e7086639130f2e792eca4ab3
-SHA256 (bro-pub-0.8a37.tar.gz) = 3bdf9c18ccb12181e8383c9d5969fd1b86d7d601a98fdf6655467c64167fb5bc
-SIZE (bro-pub-0.8a37.tar.gz) = 1696069
+MD5 (bro-1.2-stable.tar.gz) = ca4c0435da066d901c63f182faa7f540
+SHA256 (bro-1.2-stable.tar.gz) = 276da336a210d5664b483bc44fe29e3e670a02cd5b2932890050a11954afe17f
+SIZE (bro-1.2-stable.tar.gz) = 3986890
--- a/security/bro/files/patch-Conn.h
+++ b/security/bro/files/patch-Conn.h
@ -1,29 +0,0 @@
--- Conn.h.orig	Sun Aug 31 02:39:01 2003
-+++ Conn.h	Thu Dec 21 13:27:24 2006
-@@ -59,7 +59,7 @@
- 	// dst_port just have to reflect the two different sides of the
- 	// connection, neither has to be the particular source/destination
- 	// or originator/responder.
-	HashKey* ConnID::BuildConnKey() const;
-+	HashKey* BuildConnKey() const;
- };
- 
- static inline int addr_port_canon_lt(const uint32* a1, uint32 p1,
-@@ -223,6 +223,8 @@
- 		return 1;
- 		}
- 
-+	void DeleteTimer(double t);
-+
- protected:
- 	virtual void UpdateEndpointVal(RecordVal* endp, int is_orig) = 0;
- 
-@@ -235,8 +237,6 @@
- 
- 	friend class ConnectionTimer;
- 	void RemoveTimer(Timer* t);
-
-	void DeleteTimer(double t);
- 
- 	void InactivityTimer(double t);
- 
--- a/security/bro/files/patch-Makefile.in
+++ b/security/bro/files/patch-Makefile.in
@ -1,27 +1,36 @@
--- Makefile.in.orig	Sun Aug 31 04:39:14 2003
-+++ Makefile.in	Tue Oct 14 12:08:51 2003
-@@ -52,13 +52,13 @@
- LIBS = $(LIBEDIT_LIBS) @LIBS@ -lm
+--- Makefile.in.orig	Thu Dec 14 11:59:51 2006
+++ Makefile.in	Wed Jul 18 23:57:10 2007
+@@ -206,7 +206,7 @@
+ # noticed.
+ #
+ DISTCHECK_CONFIGURE_FLAGS = --disable-gtk-doc
+-versiondir = $(prefix)/etc
+versiondir = $(prefix)/bro/etc
+ dist_version_DATA = VERSION
+ chown = @CHOWN@
 
- # Purify barfs when c++ is used for $(CPLUS).
-PURIFY_CPLUS = g++
-+PURIFY_CPLUS = @CC@
- PURE_FLAGS = -chain-length=20
+@@ -658,9 +658,9 @@
+ install-brolite:
+ 	$(MAKE) install
+ 	( cd scripts && $(MAKE) install-brolite )
+-	- @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/
+	- @CHOWN@ -R `cat scripts/bro_user_id` ${prefix}/bro
+ 	@echo "*********************************************************"
+-	@echo "Please run \"${prefix}/etc/bro.rc --start\" to start bro"
+	@echo "Please run \"${prefix}/bro/scripts/bro.rc --start\" to start bro"
+ 	@echo "*********************************************************"
 
- YACC = @YACC@
- YFLAGS = -d -t -v
- LEX = @LEX@
-INSTALL = @INSTALL@ -d
-+INSTALL = @INSTALL_PROGRAM@
- INSTALL_DATA = @INSTALL_DATA@
- @SET_MAKE@
- COMPRESS = @COMPRESS@
-@@ -121,7 +121,7 @@
+ docs:
+@@ -687,9 +687,9 @@
 
- all: $(PKG)
+ # make sure all the dirs are correctly created and owned 
+ install-data-local:
+-	$(INSTALL) -d $(prefix)/logs
+-	$(INSTALL) -d $(prefix)/archive
+-	$(INSTALL) -d $(prefix)/var
+	$(INSTALL) -d $(prefix)/bro/logs
+	$(INSTALL) -d $(prefix)/bro/archive
+	$(INSTALL) -d $(prefix)/bro/var
 
-$(PKG): $(LIBEDIT_LIB) $(OBJ)
-+$(PKG): $(OBJ)
- 	$(CPLUS) -o $(EXEC) $(OBJ) $(LDFLAGS) $(LIBS)
- opt:
- 	@$(MAKE) $(MFLAGS) CCOPT="`echo $(CCOPT) | sed -e 's/-O2//;s/$$/ -O3/'`"
+ release:
+ 	./autogen.sh
--- a/security/bro/files/patch-Obj.cc
+++ b/security/bro/files/patch-Obj.cc
@ -1,11 +0,0 @@
--- Obj.cc.orig	Sun Oct  5 18:27:31 2003
-+++ Obj.cc	Sun Oct  5 18:27:44 2003
-@@ -47,7 +47,7 @@
- 	delete_data = true;
- 
- 	int tmp;
-	return s->Read(&(char*) filename, &tmp) &&
-+	return s->Read((char**) &filename, &tmp) &&
- 		s->Read(&first_line) && s->Read(&last_line) &&
- 		s->Read(&first_column) && s->Read(&last_column);
- 	}
--- a/security/bro/files/patch-Serializer.h
+++ b/security/bro/files/patch-Serializer.h
@ -1,13 +0,0 @@
--- Serializer.h.orig	Thu Dec 21 13:24:28 2006
-+++ Serializer.h	Thu Dec 21 13:24:45 2006
-@@ -82,8 +82,8 @@
- 	void StartSerialization();
- 	bool EndSerialization();
- 
-	bool Serializer::UnserializeID();
-	bool Serializer::UnserializeEvent();
-+	bool UnserializeID();
-+	bool UnserializeEvent();
- 
- 	SerializationFormat* format;
- 
--- a/security/bro/files/patch-aux-scripts-Makefile.in
+++ b/security/bro/files/patch-aux-scripts-Makefile.in
@ -0,0 +1,11 @@
+--- aux/scripts/Makefile.in.orig	Wed Jul 18 16:27:01 2007
+++ aux/scripts/Makefile.in	Wed Jul 18 16:27:41 2007
+@@ -173,7 +173,7 @@
+ target_vendor = @target_vendor@
+ 
+ # override where to stick the scripts
+-scriptdir = ${prefix}/scripts
+scriptdir = ${prefix}/bro/scripts
+ dist_script_SCRIPTS = bro-logchk.pl host-to-addrs mvlog host-grep 
+ EXTRA_DIST = hot-report mon-report ip-grep ca-create ca-issue
+ all: all-am
--- a/security/bro/files/patch-libedit::configure
+++ b/security/bro/files/patch-libedit::configure
@ -1,19 +0,0 @@
--- libedit/configure.orig	Tue Oct 14 12:30:58 2003
-+++ libedit/configure	Tue Oct 14 12:31:54 2003
-@@ -733,13 +733,13 @@
-   CFLAGS="$ac_save_CFLAGS"
- elif test $ac_cv_prog_cc_g = yes; then
-   if test "$GCC" = yes; then
-    CFLAGS="-g -O2"
-+    CFLAGS=""
-   else
-    CFLAGS="-g"
-+    CFLAGS=""
-   fi
- else
-   if test "$GCC" = yes; then
-    CFLAGS="-O2"
-+    CFLAGS=""
-   else
-     CFLAGS=
-   fi
--- a/security/bro/files/patch-patricia.c
+++ b/security/bro/files/patch-patricia.c
@ -1,22 +0,0 @@
--- patricia.c.orig	Tue Oct  7 15:06:56 2003
-+++ patricia.c	Tue Oct  7 15:07:19 2003
-@@ -52,6 +52,11 @@
- "This product includes software developed by the University of Michigan, Merit"
- "Network, Inc., and their contributors.";
- 
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+#include <arpa/inet.h>
-+
- #include <assert.h> /* assert */
- #include <ctype.h> /* isdigit */
- #include <errno.h> /* errno */
-@@ -60,7 +65,6 @@
- #include <stdio.h> /* sprintf, fprintf, stderr */
- #include <stdlib.h> /* free, atol, calloc */
- #include <string.h> /* memcpy, strchr, strlen */
-#include <arpa/inet.h> /* for inet_addr */
- 
- #include "patricia.h"
- 
--- a/security/bro/files/patch-patricia.h
+++ b/security/bro/files/patch-patricia.h
@ -1,11 +0,0 @@
--- patricia.h.orig	Sun Oct  5 18:29:52 2003
-+++ patricia.h	Sun Oct  5 18:30:05 2003
-@@ -51,6 +51,8 @@
- #ifndef _PATRICIA_H
- #define _PATRICIA_H
- 
-+#include <sys/types.h>
-+
- /* typedef unsigned int u_int; */
- typedef void (*void_fn_t)();
- /* { from defs.h */
--- a/security/bro/files/patch-policy-Makefile.in
+++ b/security/bro/files/patch-policy-Makefile.in
@ -0,0 +1,64 @@
+--- policy/Makefile.in.orig	Wed Jul 18 16:30:32 2007
+++ policy/Makefile.in	Wed Jul 18 16:31:47 2007
+@@ -190,7 +190,7 @@
+ 
+ 
+ # doesn't end in a sig
+-bropolicydir = ${prefix}/policy
+bropolicydir = ${prefix}/bro/policy
+ dist_bropolicy_DATA = bro.init adu.bro alarm.bro analy.bro \
+ 	anon.bro arp.bro backdoor.bro blaster.bro brolite.bro \
+ 	brolite-backdoor.bro brolite-sigs.bro capture-events.bro \
+@@ -542,30 +542,30 @@
+ 
+ 
+ install-data-hook:
+-	$(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/policy/
+-	$(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/policy/
+	$(INSTALL_DATA) bro.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) common-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) const.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) dns-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) event.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) finger-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) ftp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) http-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) ident-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) smtp-rw.bif.bro $(DESTDIR)${prefix}/bro/policy/
+	$(INSTALL_DATA) strings.bif.bro $(DESTDIR)${prefix}/bro/policy/
+ 
+ uninstall-local:
+-	rm -f $(DESTDIR)${prefix}/policy/bro.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/common-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/const.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/dns-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/event.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/finger-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/ftp-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/http-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/ident-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/smtp-rw.bif.bro
+-	rm -f $(DESTDIR)${prefix}/policy/strings.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/bro.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/common-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/const.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/dns-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/event.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/finger-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/ftp-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/http-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/ident-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/smtp-rw.bif.bro
+	rm -f $(DESTDIR)${prefix}/bro/policy/strings.bif.bro
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT:
--- a/security/bro/files/patch-policy-sigs-Makefile.in
+++ b/security/bro/files/patch-policy-sigs-Makefile.in
@ -0,0 +1,11 @@
+--- policy/sigs/Makefile.in.orig	Wed Jul 18 16:32:45 2007
+++ policy/sigs/Makefile.in	Wed Jul 18 16:33:13 2007
+@@ -171,7 +171,7 @@
+ target_cpu = @target_cpu@
+ target_os = @target_os@
+ target_vendor = @target_vendor@
+-sigsdir = ${prefix}/policy/sigs
+sigsdir = ${prefix}/bro/policy/sigs
+ dist_sigs_DATA = dpd.sig ex.web-rules.sig p0fsyn.osf \
+ 	snort-default.sig ssl-worm.sig worm.sig 
+ 
--- a/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in
+++ b/security/bro/files/patch-script-s2b-example-bro_files-Makefile.in
@ -0,0 +1,14 @@
+--- scripts/s2b/example_bro_files/Makefile.in.orig	Wed Jul 18 17:39:54 2007
+++ scripts/s2b/example_bro_files/Makefile.in	Wed Jul 18 17:40:29 2007
+@@ -172,9 +172,9 @@
+ target_cpu = @target_cpu@
+ target_os = @target_os@
+ target_vendor = @target_vendor@
+-actiondir = ${prefix}/policy
+actiondir = ${prefix}/bro/policy
+ dist_action_DATA = sig-action.bro
+-sigsdir = ${prefix}/site
+sigsdir = ${prefix}/bro/site
+ dist_sigs_DATA = signatures.sig
+ all: all-am
+ 
--- a/security/bro/files/patch-scripts-Makefile.in
+++ b/security/bro/files/patch-scripts-Makefile.in
@ -0,0 +1,92 @@
+--- scripts/Makefile.in.orig	Thu Dec 14 11:59:53 2006
+++ scripts/Makefile.in	Wed Jul 18 22:30:43 2007
+@@ -186,12 +186,12 @@
+ target_os = @target_os@
+ target_vendor = @target_vendor@
+ bro_bin = ${prefix}/bin
+-bro_logs = ${prefix}/logs
+bro_logs = ${prefix}/bro/logs
+ bro_etc = ${prefix}/etc
+-bro_site = ${prefix}/site
+-bro_scripts = ${prefix}/scripts
+-bro_reports = ${prefix}/reports
+-bro_perlmods = ${prefix}/perl
+bro_site = ${prefix}/bro/site
+bro_scripts = ${prefix}/bro/scripts
+bro_reports = ${prefix}/bro/reports
+bro_perlmods = ${prefix}/bro/perl
+ 
+ # where to download signatures from.
+ SIGHOST = www.bro-ids.org
+@@ -222,9 +222,9 @@
+ bin_SCRIPT = bro.rc 
+ 
+ # more files! Ugggg, will the pain ever stop?
+-scoredir = $(prefix)/etc
+scoredir = $(prefix)/bro/etc
+ dist_score_DATA = alert_scores signature_scores
+-scriptsdir = $(prefix)/scripts
+scriptsdir = $(prefix)/bro/scripts
+ dist_scripts_SCRIPTS = bro_log_compress.sh \
+    frontend-mail-reports.sh frontend-site-report.sh push_logs.sh mail_notice.sh
+ 
+@@ -596,11 +596,11 @@
+ 	rm -f $(bro_etc)/bro.rc
+ 	rm -f $(bro_etc)/bro.cfg
+ 	rm -f $(bro_etc)/bro.cfg.example
+-	rm -f $(prefix)/etc/bro.rc-hooks.sh
+	rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh
+ 	rm -f  $(prefix)/site/local.site.bro
+ 	rm -f  $(prefix)/site/${brohost}.bro
+ 	$(srcdir)/install_cron.sh uninstall
+-	-rm -f $(prefix)/etc/bro.rc-hooks.sh.new 
+	-rm -f $(prefix)/bro/scripts/bro.rc-hooks.sh.new 
+ 	-rm -f /usr/local/etc/rc.d/bro.sh
+ 
+ # install the stuff to do reports
+@@ -625,14 +625,14 @@
+ 	@if [ ! -s signatures.sig.new ] ; then \
+ 		echo "Error in download. Try again later." ; \
+ 	else \
+-		if [ ! -f $(prefix)/site/signatures.sig ] ; then  \
+		if [ ! -f $(prefix)/bro/site/signatures.sig ] ; then  \
+ 			echo "No previous version, installing new version." ; \
+-			cp signatures.sig.new $(prefix)/site/signatures.sig ; \
+			cp signatures.sig.new $(prefix)/bro/site/signatures.sig ; \
+ 		else \
+-			cp signatures.sig.new $(prefix)/site/signatures.sig.new ; \
+			cp signatures.sig.new $(prefix)/bro/site/signatures.sig.new ; \
+ 			echo "***********************************************************" ; \
+ 			echo "A new signature file (signatures.sig.new) has been placed in" ; \
+-			echo "$(prefix)/site. Please compare it to your current signatures.sig " ; \
+			echo "$(prefix)/bro/site. Please compare it to your current signatures.sig " ; \
+ 			echo "and copy it over if there are no significant differences." ; \
+ 			echo "***********************************************************" ; \
+ 		fi \
+@@ -669,20 +669,20 @@
+ 	else \
+ 		$(INSTALL_DATA) $(srcdir)/local.lite.bro $(bro_site)/${brohost}.bro.new ;   \
+ 	fi
+-	@if [ ! -f $(prefix)/etc/bro.rc-hooks.sh ] ; then              \
+-		$(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh ;   \
+	@if [ ! -f $(prefix)/bro/scripts/bro.rc-hooks.sh ] ; then              \
+		$(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh ;   \
+ 	else \
+-		$(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/etc/bro.rc-hooks.sh.new ; \
+		$(INSTALL_DATA) $(srcdir)/bro.rc-hooks.sh $(prefix)/bro/scripts/bro.rc-hooks.sh.new ; \
+ 	fi
+ 
+ # Default files that can be installed/reinstalled, not site specific
+ install_default_files:
+ 	$(INSTALL) $(srcdir)/mail_reports.sh $(bro_scripts)/mail_reports.sh
+-	$(INSTALL) bro.rc $(prefix)/etc/bro.rc
+-	$(INSTALL) bro_config  $(prefix)/scripts/bro_config
+	$(INSTALL) bro.rc $(prefix)/bro/scripts/bro.rc
+	$(INSTALL) bro_config  $(prefix)/bro/scripts/bro_config
+ 	-$(INSTALL_DATA) bro.cfg  $(bro_etc)/bro.cfg
+ 	$(INSTALL_DATA) $(srcdir)/bro.cfg.example $(bro_etc)/bro.cfg.example
+-	- $(INSTALL) bro.rc /usr/local/etc/rc.d/bro.sh
+	- $(INSTALL) bro.rc @prefix@/bro/scripts/bro.sh
+ 	(cd s2b ; $(MAKE) install)
+ 
+ # install cron file
--- a/security/bro/files/patch-scripts-bro-config.in
+++ b/security/bro/files/patch-scripts-bro-config.in
@ -0,0 +1,115 @@
+--- scripts/bro_config.in.orig	Tue Dec  5 15:58:52 2006
+++ scripts/bro_config.in	Sat Jul 14 14:38:48 2007
+@@ -6,7 +6,7 @@
+ # on the "configure" command line
+ # some machines (i.e. OSX) don't put sbin in the path by default
+ PATH=$PATH:/usr/sbin:/sbin
+-BROHOME=@prefix@
+BROHOME=@prefix@/bro
+ # Usage
+ Usage="bro_config: [-p prefix] [-d]"
+ # Debug mode? 
+@@ -39,9 +39,9 @@
+ bro_config_got_root()
+ { 
+     # make a backup of local.site.bro if it exists
+-    if [ -f local.site.bro ]; then 
+    if [ -f ${BROHOME}/site/local.site.bro ]; then 
+         echo "Detected an old local.site.bro, saving it to local.site.bro.save"
+-        cp local.site.bro local.site.bro.save
+        cp ${BROHOME}/site/local.site.bro ${BROHOME}/site/local.site.bro.save
+     fi
+ 
+     if [ `id -ur` -ne 0 ]; then 
+@@ -62,7 +62,7 @@
+ ######################################################################
+ bro_config_create_local_site_bro()
+ {
+-cat - > local.site.bro << _EOF
+cat - > ${BROHOME}/sitelocal.site.bro.default << _EOF
+ # This file should describe your network configuration.
+ # If your local network is a class C, and its network
+ # address was 192.168.1.0 and a class B network 
+@@ -263,7 +263,7 @@
+ # BRO_HOSTNAME=`hostname`
+ 
+ # Directory containing Bro binaries
+-BRO_BIN_DIR="${BRO_BIN_DIR:-${BROHOME}/bin}"
+BRO_BIN_DIR="${BRO_BIN_DIR:-@prefix@/bin}"
+ 
+ # Directory containing Bro logs
+ BROLOGS="${BROLOGS:-${BROHOME}/logs}"
+@@ -287,7 +287,7 @@
+ # BRO_PREFIX="local"
+ 
+ # Location of the Bro executable
+-BRO="${BRO:-$BRO_BIN_DIR/bro}"
+BRO="${BRO_BIN_DIR}/bro"
+ 
+ # Base command line options.
+ BRO_ADD_OPTS=" -W"
+@@ -352,7 +352,7 @@
+ BRO_EMAIL_REMOTE="${BRO_EMAIL_REMOTE}"
+ 
+ # User id to install and run Bro under
+-BRO_USER_ID="${BRO_USER_ID:-brother}"
+BRO_USER_ID="${BRO_USER_ID:-root}"
+ 
+ # Site name for reports (i.e. LBNL, FOO.COM, BAZ.ORG)
+ BRO_SITE_NAME="${BRO_SITE_NAME}"
+@@ -454,29 +454,29 @@
+         echo " done."
+         kill -INT $pid 2>&1 > /dev/null
+         echo -n "Analyzing dump file....."
+-        ./localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$  -b local.site.bro 2>&1 > /dev/null
+        ${BROHOME}/scripts/localnetMAC.pl -a 16 -r /tmp/bro_config.tcpdump.file.$$  -b ${BROHOME}/site/local.site.bro 2>&1 > /dev/null
+         rm /tmp/bro_config.tcpdump.file.$$
+         #Yes there is a spelling error in the output
+         echo " done."
+-        num=`grep "MAC adresses" local.site.bro | awk '{print $3}'`
+        num=`grep "MAC adresses" ${BROHOME}/site/local.site.bro | awk '{print $3}'`
+         if [ "$num" -gt 2 ] ; then 
+             echo "You don't appear to be running on a DMZ (found more then two (2) hardware "
+-            echo "address. Please edit local.site.bro to reflect your correct network parameters"
+-            cp local.site.bro.default local.site.bro
+            echo "address. Please edit ${BROHOME}/site/local.site.bro to reflect your correct network parameters"
+            cp ${BROHOME}/site/local.site.bro.default ${BROHOME}/site/local.site.bro
+         else
+             echo "Your network appears to contain the following networks:"
+-            for net in ` grep ",$" local.site.bro|sed 's/,//g'`; 
+            for net in ` grep ",$" ${BROHOME}/site/local.site.bro|sed 's/,//g'`; 
+             do 
+                echo $net; 
+             done
+-            echo "Edit local.site.bro by hand if this is not correct" 
+            echo "Edit ${BROHOME}/site/local.site.bro by hand if this is not correct" 
+         fi
+     else
+-        if [ -f local.site.bro ]; then
+        if [ -f ${BROHOME}/site/local.site.bro ]; then
+             echo "No previous local.site.bro found. Creating default"
+             bro_config_create_local_site_bro
+             #cp local.site.bro.default local.site.bro
+-            echo "Please edit local.site.bro so that it describes your network configuration"
+            echo "Please edit ${BROHOME}/site/local.site.bro so that it describes your network configuration"
+         fi
+     fi
+ }
+@@ -617,7 +617,7 @@
+     #  source a bro.cfg if it exists, so we know the past default values from the
+     #  last run
+ 
+-    dirs="$BROHOME/etc/bro.cfg $BROHOME/etc/bro.cfg.example `pwd`/bro.cfg"
+    dirs="@prefix@/etc/bro.cfg @prefix@/etc/bro.cfg.example `pwd`/bro.cfg"
+     cfgused=
+ 
+     for cfgfile in $dirs ; do 
+@@ -783,7 +783,7 @@
+ bro_config_site_name()
+ {
+     if [ -z $BRO_SITE_NAME ]; then
+-        BRO_SITE_NAME=`hostname|awk -F. '{print $2 $3}'`
+        BRO_SITE_NAME=`hostname|awk -F. '{print $2"."$3}'`
+         if [ -z $BRO_SITE_NAME ] ; then 
+             BRO_SITE_NAME="SOMESITE"
+         fi
--- a/security/bro/files/patch-scripts-bro.rc.in
+++ b/security/bro/files/patch-scripts-bro.rc.in
@ -0,0 +1,47 @@
+--- scripts/bro.rc.in.orig	Fri Jul 13 15:53:29 2007
+++ scripts/bro.rc.in	Fri Jul 13 15:59:26 2007
+@@ -25,7 +25,7 @@
+ # For tasks to complete before and after Bro starts please edit the following
+ # scripts to suit your needs.  For those of you familiar with dhclient this
+ # uses the same idea.
+-#  Before Bro starts $BROHOME/etc/bro.rc-hooks.sh
+#  Before Bro starts @prefix@/bin/bro.rc-hooks.sh
+ 
+ # See the bottom of this script for an explanation of how this all works.
+ # I'll try my best to be clear....
+@@ -35,14 +35,14 @@
+ RETVAL=0
+ 
+ # picked up from configure at install time
+-BROHOME="@prefix@"
+BROHOME="@prefix@/bro"
+ export BROHOME
+ 
+ # Set the environment.
+-source_config="${BROHOME}/etc/bro.cfg"
+source_config="@prefix@/etc/bro.cfg"
+ 
+ # Location of bro-hooks.sh script
+-bro_hooks="${BROHOME}/etc/bro.rc-hooks.sh"
+bro_hooks="@prefix@/bro/scripts/bro.rc-hooks.sh"
+ 
+ # Set the full path to this script as called
+ if [ `echo ${0} | grep -E "^/"` ]; then
+@@ -88,7 +88,7 @@
+ export BROLOGS
+ export BROPATH
+ export BROHOME
+-export PATH="${BROHOME}/bro/bin:${BROHOME}/bro/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" 
+export PATH="@prefix@/bin:${BROHOME}/scripts:/usr/local/bin:/usr/local/sbin:${PATH}" 
+ 
+ # Make sure that the $BRO_RUNTIME_DIR exists and is writtable
+ if [ ! -d "${BRO_RUNTIME_DIR}" ]; then
+@@ -1033,7 +1033,7 @@
+ # running instance of Bro.
+ # bro.rc logs it's actions to syslog via the logger command.
+ # bro.rc offers users an interface into the starting and stopping of a Bro
+-# process via the file $BROHOME/etc/bro.rc-hooks.rc.  This allows for
+# process via the file @prefix@/bro/scripts/bro.rc-hooks.rc.  This allows for
+ # actions to be sent to any custom monitoring or alerting programs the
+ # user may wish to use.
+ 
--- a/security/bro/files/patch-scripts-localnetMAC.pl
+++ b/security/bro/files/patch-scripts-localnetMAC.pl
@ -0,0 +1,15 @@
+--- scripts/localnetMAC.pl.in.orig	Sat Jul 14 00:01:55 2007
+++ scripts/localnetMAC.pl.in	Sat Jul 14 00:03:48 2007
+@@ -50,10 +50,10 @@
+ 
+ my $fh;
+ if ($args{r} and $args{r}=~/gz$/){
+-    open (IN, "$decomp $args{r} |../aux/adtrace/adtrace -|") or die "cannot execute $decomp $args{r} |../aux/adtrace/adtrace - : $!\n";
+    open (IN, "$decomp $args{r} |@prefix@/bin/adtrace -|") or die "cannot execute $decomp $args{r} |@prefix@/bin/adtrace - : $!\n";
+     $fh = *IN;
+ }elsif($args{r}){
+-    open (IN, "../aux/adtrace/adtrace $args{r}|") or die "cannot execute ./adtrace/adtrace $args{r}: $!\n";
+    open (IN, "@prefix@/bin/adtrace $args{r}|") or die "cannot execute @prefix@/bin/adtrace $args{r}: $!\n";
+     $fh = *IN;
+ }elsif($args{t} and $args{t}=~/gz$/){
+     open (IN, "$decomp $args{t} |") or die "cannot execute $decomp $args{t} | : $!\n";
--- a/security/bro/files/patch-scripts-perl-Makefile.PL
+++ b/security/bro/files/patch-scripts-perl-Makefile.PL
@ -0,0 +1,18 @@
+--- scripts/perl/Makefile.PL.orig	Wed Jul 18 16:40:51 2007
+++ scripts/perl/Makefile.PL	Wed Jul 18 16:47:11 2007
+@@ -43,13 +43,13 @@
+ 	}
+ 	else
+ 	{
+-		$brohome = '/usr/local/bro';
+		$brohome = $ENV{PREFIX}/bro';
+ 	}
+ }
+ 
+ if( ! $broconfig )
+ {
+-	$broconfig = "$brohome/etc/bro.cfg";
+	$broconfig = "$ENV{PREFIX}/etc/bro.cfg";
+ }
+ 
+ 
--- a/security/bro/files/patch-scripts-s2b-bin-Makefile.in
+++ b/security/bro/files/patch-scripts-s2b-bin-Makefile.in
@ -0,0 +1,11 @@
+--- scripts/s2b/bin/Makefile.in.orig	Wed Jul 18 17:33:29 2007
+++ scripts/s2b/bin/Makefile.in	Wed Jul 18 17:34:02 2007
+@@ -321,7 +321,7 @@
+ 
+ 
+ # OR we can install them on a make install 
+-#scriptsdir=$(prefix)/etc
+#scriptsdir=$(prefix)/bro/scripts
+ #dist_scripts_SCRIPTS = s2b.pl snort2bro
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in
+++ b/security/bro/files/patch-scripts-s2b-bro-include-Makefile.in
@ -0,0 +1,11 @@
+--- scripts/s2b/bro-include/Makefile.in.orig	Wed Jul 18 17:35:02 2007
+++ scripts/s2b/bro-include/Makefile.in	Wed Jul 18 17:35:25 2007
+@@ -171,7 +171,7 @@
+ target_cpu = @target_cpu@
+ target_os = @target_os@
+ target_vendor = @target_vendor@
+-includesigsdir = ${prefix}/policy
+includesigsdir = ${prefix}/bro/policy
+ dist_includesigs_DATA = sig-addendum.sig sig-functions.bro
+ all: all-am
+ 
--- a/security/bro/files/patch-scripts-s2b-etc-Makefile.in
+++ b/security/bro/files/patch-scripts-s2b-etc-Makefile.in
@ -0,0 +1,11 @@
+--- scripts/s2b/etc/Makefile.in.orig	Wed Jul 18 17:37:19 2007
+++ scripts/s2b/etc/Makefile.in	Wed Jul 18 17:37:45 2007
+@@ -321,7 +321,7 @@
+ 
+ 
+ # OR we can install them on a make install 
+-#scriptsdir=$(prefix)/etc
+#scriptsdir=$(prefix)/bro/scripts
+ #dist_scripts_SCRIPTS = s2b-augment.cfg s2b-ruleset-augment.cfg s2b-sigmap.cfg s2b.cfg
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
--- a/security/bro/files/patch-src-Makefile.in
+++ b/security/bro/files/patch-src-Makefile.in
@ -0,0 +1,11 @@
+--- src/Makefile.in.orig	Wed Jul 18 16:48:03 2007
+++ src/Makefile.in	Wed Jul 18 16:48:34 2007
+@@ -550,7 +550,7 @@
+ 		   $(DISTCLEANFILES)
+ 
+ 
+-#bropolicydir=${prefix}/policy
+#bropolicydir=${prefix}/bro/policy
+ #dist_bropolicy_DATA = $(BIF_BRO)
+ CCOPT = @V_CCOPT@ -W -Wall -Wno-unused
+ INCLS = @V_INCLS@
--- a/security/bro/files/pkg-deinstall.in
+++ b/security/bro/files/pkg-deinstall.in
@ -0,0 +1,21 @@
+#!/bin/sh
+
+# Since pkg-plist prepends PREFIX to SITE_PERL,
+# we can't remove these files in the normal way
+
+if [ "$2" != "POST-DEINSTALL" ]; then
+        exit 0
+fi
+
+/bin/rm %%SITE_PERL%%/mach/IP4.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Config.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Log.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Report.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Signature.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Log/Alarm.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Log/Conn.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Report/Alarm.pm
+/bin/rm %%SITE_PERL%%/mach/Bro/Report/Conn.pm
+/bin/rmdir %%SITE_PERL%%/mach/Bro/Report
+/bin/rmdir %%SITE_PERL%%/mach/Bro/Log
+/bin/rmdir %%SITE_PERL%%/mach/Bro
--- a/security/bro/files/pkg-install.in
+++ b/security/bro/files/pkg-install.in
@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Call the bro_config script to configure bro and, when complete,
+# copy the newly created cfg file to %%PREFIX%%/etc.
+
+echo "****************************************"
+echo "* RUNNING THE BRO CONFIGURATION SCRIPT *"
+echo "****************************************"
+echo
+
+if [ -f %%BROHOME%%/scripts/bro_config ]; then
+	/bin/sh %%BROHOME%%/scripts/bro_config
+fi
+
+if [ -f %%WRKSRC%%/../../bro.cfg ]; then
+	cp bro.cfg %%PREFIX%%/etc/bro.cfg
+fi
+
+if [ -f %%WRKSRC%%/../../bro.cfg ]; then
+	rm %%WRKSRC%%/../../bro.cfg*
+fi
+
+if [ -f %%WRKSRC%%/../../bro_user_id ]; then
+	rm %%WRKSRC%%/../../bro_user*
+fi
--- a/security/bro/files/pkg-message.in
+++ b/security/bro/files/pkg-message.in
@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Call the bro_config script to configure bro and, when complete,
+# copy the newly created cfg file to %%PREFIX%%/etc.
+
+echo "****************************************"
+echo "* RUNNING THE BRO CONFIGURATION SCRIPT *"
+echo "****************************************"
+echo
+
+if [ -f %%BROHOME%%/scripts/bro_config ]; then
+	/bin/sh %%BROHOME%%/scripts/bro_config
+fi
+
+if [ -f %%WRKSRC%%/../../bro.cfg ]; then
+	cp bro.cfg %%PREFIX%%/etc/bro.cfg
+fi
+
+if [ -f %%WRKSRC%%/../../bro.cfg ]; then
+	rm %%WRKSRC%%/../../bro.cfg*
+fi
+
+if [ -f %%WRKSRC%%/../../bro_user_id ]; then
+	rm %%WRKSRC%%/../../bro_user*
+fi
--- a/security/bro/pkg-descr
+++ b/security/bro/pkg-descr
@ -1,16 +1,16 @@
-Bro is a system for detecting Network Intruders in real-time by the guys
-that brought you tcpdump, libpcap, and flex.
-
-Bro is a stand-alone system for detecting network intruders in real-time
-by passively monitoring a network link over which the intruder's traffic
-transits.  Bro is divided into an "event engine" that reduces a
-kernel-filtered network traffic stream into a series of higher-level
-events, and a "policy script interpreter" that interprets event handlers
-written in a specialized language used to express a site's security policy.
-Event handlers can update state information, synthesize new events, record
-information to disk, and generate real-time notifications via `syslog'.
+Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS)
+that passively monitors network traffic and looks for suspicious activity.
+Bro detects intrusions by first parsing network traffic to extract is
+application-level semantics and then executing event-oriented analyzers that
+compare the activity with patterns deemed troublesome. Its analysis includes
+detection of specific attacks (including those defined by signatures, but
+also those defined in terms of events) and unusual activities (e.g., certain
+hosts connecting to certain services, or patterns of failed connection
+attempts).

 Bro is documented in the USENIX 1998 Security Conference proceedings.

-- David
-   obrien@cs.ucdavis.edu
+-- Paul
+   pauls@utdallas.edu
+
+WWW: http://bro-ids.org/
--- a/security/bro/pkg-plist
+++ b/security/bro/pkg-plist
@ -1,83 +1,238 @@
-@comment $FreeBSD$
-sbin/bro
-%%DATADIR%%/active.bro
-%%DATADIR%%/alert.bro
-%%DATADIR%%/analy.bro
-%%DATADIR%%/anon.bro
-%%DATADIR%%/backdoor.bro
-%%DATADIR%%/bro.bif.bro
-%%DATADIR%%/bro.init
-%%DATADIR%%/capture-events.bro
-%%DATADIR%%/checkpoint.bro
-%%DATADIR%%/common-rw.bif.bro
-%%DATADIR%%/conn.bro
-%%DATADIR%%/const.bif.bro
-%%DATADIR%%/contents.bro
-%%DATADIR%%/demux.bro
-%%DATADIR%%/dns.bro
-%%DATADIR%%/dns-lookup.bro
-%%DATADIR%%/drop-adapt.bro
-%%DATADIR%%/event.bif.bro
-%%DATADIR%%/finger.bro
-%%DATADIR%%/finger-rw.bif.bro
-%%DATADIR%%/flag-irc.bro
-%%DATADIR%%/flag-warez.bro
-%%DATADIR%%/frag.bro
-%%DATADIR%%/ftp.bro
-%%DATADIR%%/ftp-anonymizer.bro
-%%DATADIR%%/ftp-cmd-arg.bro
-%%DATADIR%%/ftp-rw.bif.bro
-%%DATADIR%%/ftp-safe-words.bro
-%%DATADIR%%/hot.bro
-%%DATADIR%%/hot-ids.bro
-%%DATADIR%%/http.bro
-%%DATADIR%%/http-abstract.bro
-%%DATADIR%%/http-body.bro
-%%DATADIR%%/http-entity.bro
-%%DATADIR%%/http-event.bro
-%%DATADIR%%/http-header.bro
-%%DATADIR%%/http-reply.bro
-%%DATADIR%%/http-request.bro
-%%DATADIR%%/http-rewriter.bro
-%%DATADIR%%/http-rw.bif.bro
-%%DATADIR%%/icmp.bro
-%%DATADIR%%/ident-rewriter.bro
-%%DATADIR%%/ident.bro
-%%DATADIR%%/ident-rw.bif.bro
-%%DATADIR%%/inactivity.bro
-%%DATADIR%%/interconn.bro
-%%DATADIR%%/load-level.bro
-%%DATADIR%%/log.bro
-%%DATADIR%%/login.bro
-%%DATADIR%%/mime.bro
-%%DATADIR%%/mt.bro
-%%DATADIR%%/netstats.bro
-%%DATADIR%%/ntp.bro
-%%DATADIR%%/pcap.bro
-%%DATADIR%%/port-name.bro
-%%DATADIR%%/portmapper.bro
-%%DATADIR%%/print-filter.bro
-%%DATADIR%%/print-globals.bro
-%%DATADIR%%/print-resources.bro
-%%DATADIR%%/reduce-memory.bro
-%%DATADIR%%/scan.bro
-%%DATADIR%%/signatures.bro
-%%DATADIR%%/site.bro
-%%DATADIR%%/smtp-relay.bro
-%%DATADIR%%/smtp-rewriter.bro
-%%DATADIR%%/smtp.bro
-%%DATADIR%%/smtp-rw.bif.bro
-%%DATADIR%%/software.bro
-%%DATADIR%%/ssh-stepping.bro
-%%DATADIR%%/ssh.bro
-%%DATADIR%%/ssl-worm.bro
-%%DATADIR%%/stepping.bro
-%%DATADIR%%/synflood.bro
-%%DATADIR%%/tcp.bro
-%%DATADIR%%/tftp.bro
-%%DATADIR%%/udp.bro
-%%DATADIR%%/weird.bro
-%%DATADIR%%/worm.bro
-%%PORTDOCS%%%%DOCSDIR%%/bro-CN99.ps.gz
-%%PORTDOCS%%@dirrm %%DATADIR%%
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
+bin/adtrace
+bin/bdcat
+bin/binpac
+bin/bro
+bin/broccoli-config
+bin/broconftest
+bin/broconn
+bin/broenum
+bin/brohose
+bin/broping
+bin/cf
+bin/hf
+bin/nf
+bin/pf
+bin/rst
+bro/etc/alert_scores
+bro/etc/signature_scores
+bro/etc/VERSION
+bro/policy/OS-fingerprint.bro
+bro/policy/adu.bro
+bro/policy/alarm.bro
+bro/policy/analy.bro
+bro/policy/anon.bro
+bro/policy/arp.bro
+bro/policy/backdoor.bro
+bro/policy/blaster.bro
+bro/policy/bro.bif.bro
+bro/policy/bro.init
+bro/policy/brolite-backdoor.bro
+bro/policy/brolite-sigs.bro
+bro/policy/brolite.bro
+bro/policy/capture-events.bro
+bro/policy/checkpoint.bro
+bro/policy/clear-passwords.bro
+bro/policy/common-rw.bif.bro
+bro/policy/conn-id.bro
+bro/policy/conn.bro
+bro/policy/const.bif.bro
+bro/policy/contents.bro
+bro/policy/cpu-adapt.bro
+bro/policy/demux.bro
+bro/policy/detect-protocols-http.bro
+bro/policy/detect-protocols.bro
+bro/policy/dns-anonymizer.bro
+bro/policy/dns-info.bro
+bro/policy/dns-lookup.bro
+bro/policy/dns-rw.bif.bro
+bro/policy/dns.bro
+bro/policy/dpd.bro
+bro/policy/drop-adapt.bro
+bro/policy/dyn-disable.bro
+bro/policy/event.bif.bro
+bro/policy/file-flush.bro
+bro/policy/finger-rw.bif.bro
+bro/policy/finger.bro
+bro/policy/firewall.bro
+bro/policy/flag-irc.bro
+bro/policy/flag-warez.bro
+bro/policy/frag.bro
+bro/policy/ftp-anonymizer.bro
+bro/policy/ftp-cmd-arg.bro
+bro/policy/ftp-reply-pattern.bro
+bro/policy/ftp-rw.bif.bro
+bro/policy/ftp-safe-words.bro
+bro/policy/ftp.bro
+bro/policy/gnutella.bro
+bro/policy/hand-over.bro
+bro/policy/heavy-analysis.bro
+bro/policy/heavy.http.bro
+bro/policy/heavy.irc.bro
+bro/policy/heavy.scan.bro
+bro/policy/heavy.software.bro
+bro/policy/heavy.trw.bro
+bro/policy/hot-ids.bro
+bro/policy/hot.bro
+bro/policy/http-abstract.bro
+bro/policy/http-anon-server.bro
+bro/policy/http-anon-useragent.bro
+bro/policy/http-anon-utils.bro
+bro/policy/http-anonymizer.bro
+bro/policy/http-body.bro
+bro/policy/http-entity.bro
+bro/policy/http-event.bro
+bro/policy/http-header.bro
+bro/policy/http-reply.bro
+bro/policy/http-request.bro
+bro/policy/http-rewriter.bro
+bro/policy/http-rw.bif.bro
+bro/policy/http.bro
+bro/policy/icmp.bro
+bro/policy/ident-rewriter.bro
+bro/policy/ident-rw.bif.bro
+bro/policy/ident.bro
+bro/policy/inactivity.bro
+bro/policy/interconn.bro
+bro/policy/irc-bot.bro
+bro/policy/irc.bro
+bro/policy/large-conns.bro
+bro/policy/listen-clear.bro
+bro/policy/listen-ssl.bro
+bro/policy/load-level.bro
+bro/policy/load-sample.bro
+bro/policy/log-append.bro
+bro/policy/login.bro
+bro/policy/mime-pop.bro
+bro/policy/mime.bro
+bro/policy/mt.bro
+bro/policy/netstats.bro
+bro/policy/nfs.bro
+bro/policy/notice-action-filters.bro
+bro/policy/notice-policy.bro
+bro/policy/notice.bro
+bro/policy/ntp.bro
+bro/policy/passwords.bro
+bro/policy/pcap.bro
+bro/policy/peer-status.bro
+bro/policy/pkt-profile.bro
+bro/policy/pop3.bro
+bro/policy/port-name.bro
+bro/policy/portmapper.bro
+bro/policy/print-filter.bro
+bro/policy/print-globals.bro
+bro/policy/print-resources.bro
+bro/policy/print-sig-states.bro
+bro/policy/profiling.bro
+bro/policy/proxy.bro
+bro/policy/remote-pcap.bro
+bro/policy/remote-ping.bro
+bro/policy/remote-print.bro
+bro/policy/remote-report-notices.bro
+bro/policy/remote-send-id.bro
+bro/policy/remote.bro
+bro/policy/rotate-logs.bro
+bro/policy/rsh.bro
+bro/policy/scan.bro
+bro/policy/secondary-filter.bro
+bro/policy/sensor-sshd.bro
+bro/policy/server-ports.bro
+bro/policy/service-probe.bro
+bro/policy/sig-action.bro
+bro/policy/sig-addendum.sig
+bro/policy/sig-functions.bro
+bro/policy/signatures.bro
+bro/policy/sigs/dpd.sig
+bro/policy/sigs/ex.web-rules.sig
+bro/policy/sigs/p0fsyn.osf
+bro/policy/sigs/snort-default.sig
+bro/policy/sigs/ssl-worm.sig
+bro/policy/sigs/worm.sig
+bro/policy/site.bro
+bro/policy/smtp-relay.bro
+bro/policy/smtp-rewriter.bro
+bro/policy/smtp-rw.bif.bro
+bro/policy/smtp.bro
+bro/policy/snort.bro
+bro/policy/software.bro
+bro/policy/ssh-stepping.bro
+bro/policy/ssh.bro
+bro/policy/ssl-alerts.bro
+bro/policy/ssl-ciphers.bro
+bro/policy/ssl-errors.bro
+bro/policy/ssl-worm.bro
+bro/policy/ssl.bro
+bro/policy/stats.bro
+bro/policy/stepping.bro
+bro/policy/strings.bif.bro
+bro/policy/synflood.bro
+bro/policy/tcp.bro
+bro/policy/tftp.bro
+bro/policy/trw-impl.bro
+bro/policy/trw.bro
+bro/policy/udp-common.bro
+bro/policy/udp.bro
+bro/policy/vlan.bro
+bro/policy/weird.bro
+bro/policy/worm.bro
+bro/scripts/bro-logchk.pl
+bro/scripts/bro.rc
+bro/scripts/bro.rc-hooks.sh
+bro/scripts/bro_config
+bro/scripts/bro_log_compress.sh
+bro/scripts/edit-brorule.pl
+bro/scripts/frontend-mail-reports.sh
+bro/scripts/frontend-site-report.sh
+bro/scripts/host-grep
+bro/scripts/host-to-addrs
+bro/scripts/localnetMAC.pl
+bro/scripts/mail_notice.sh
+bro/scripts/mvlog
+bro/scripts/push_logs.sh
+bro/scripts/site-report.pl
+@unexec if cmp -s %D/bro/site/local.site.bro.default %D/bro/site/local.site.bro; then rm -f %D/bro/site/local.site.bro; fi
+bro/site/local.site.bro.default
+bro/site/signatures.sig
+@unexec if cmp -s %D/etc/bro.cfg.sample %D/etc/bro.cfg; then rm -f %D/etc/bro.cfg; fi
+etc/bro.cfg.example
+etc/broccoli.conf
+include/broccoli.h
+share/broccoli/broconn.bro
+share/broccoli/broenum.bro
+share/broccoli/brohose.bro
+share/broccoli/broping-record.bro
+share/broccoli/broping.bro
+share/gtk-doc/html/broccoli/a2850.html
+share/gtk-doc/html/broccoli/api.html
+share/gtk-doc/html/broccoli/broccoli-broccoli.html
+share/gtk-doc/html/broccoli/c21.html
+share/gtk-doc/html/broccoli/c55.html
+share/gtk-doc/html/broccoli/c85.html
+share/gtk-doc/html/broccoli/images/caution.gif
+share/gtk-doc/html/broccoli/images/logo.jpg
+share/gtk-doc/html/broccoli/images/note.gif
+share/gtk-doc/html/broccoli/images/warning.gif
+share/gtk-doc/html/broccoli/index.html
+share/gtk-doc/html/broccoli/stylesheet.css
+share/libbroccoli.a
+share/libbroccoli.la
+share/libbroccoli.so
+share/libbroccoli.so.0
+@unexec if [ -f %D/%%DOCSDIR%%/bro-deployment.pdf ]; then rm -f %D/%%DOCSDIR%%/bro-deployment.pdf; fi
+@unexec if [ -f %D/%%DOCSDIR%%/Bro-quick-start.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-quick-start.pdf; fi
+@unexec if [ -f %D/%%DOCSDIR%%/Bro-user-manual.pdf ]; then rm -f %D/%%DOCSDIR%%/Bro-user-manual.pdf; fi
+@dirrmtry %%DOCSDIR%%
+@dirrm share/gtk-doc/html/broccoli/images
+@dirrm share/gtk-doc/html/broccoli
+@dirrmtry share/gtk-doc/html
+@dirrmtry share/gtk-doc
+@dirrm share/broccoli
+@dirrmtry bro/var
+@dirrmtry bro/site
+@dirrmtry bro/scripts
+@dirrmtry bro/reports
+@dirrmtry bro/policy/sigs
+@dirrmtry bro/policy
+@dirrmtry bro/logs
+@dirrmtry bro/etc
+@dirrmtry bro/archive
+@dirrmtry bro