mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-18 00:10:04 +00:00
Code Issues Releases Activity

security/zeek: Fix build with clang 19

Browse Source 
https://github.com/zeek/zeek/issues/3994
    https://github.com/zeek/zeek/pull/3997

    Clang 19 with libc++ started failing to compile because the
    default implementation of std::char_traits was removed, making
    uses of std::char_traits<unsigned char> invalid (by consequence,
    also std::basic_string<unsigned char>).
This commit is contained in:
Craig Leres 2024-10-29 10:53:56 -07:00
parent aca7faaaee
commit bf3c4a775b
4 changed files with 145 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/zeek/Makefile
View File

@ -1,5 +1,6 @@
PORTNAME= zeek
DISTVERSION= 7.0.3
PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= https://download.zeek.org/

32
security/zeek/files/patch-src_DFA.cc Normal file
View File

@ -0,0 +1,32 @@
--- src/DFA.cc.orig 2024-10-04 22:44:09 UTC
+++ src/DFA.cc
@@ -2,8 +2,6 @@
#include "zeek/DFA.h"
-#include "zeek/zeek-config.h"
-
#include "zeek/Desc.h"
#include "zeek/EquivClass.h"
#include "zeek/Hash.h"
@@ -265,9 +263,9 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_lis
DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest) {
// We assume that state ID's don't exceed 10 digits, plus
// we allow one more character for the delimiter.
- auto id_tag_buf = std::make_unique<u_char[]>(nfas.length() * 11 + 1);
+ auto id_tag_buf = std::make_unique<char[]>(nfas.length() * 11 + 1);
auto id_tag = id_tag_buf.get();
- u_char* p = id_tag;
+ char* p = id_tag;
for ( int i = 0; i < nfas.length(); ++i ) {
NFA_State* n = nfas[i];
@@ -287,7 +285,7 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_lis
// HashKey because the data is copied into the key.
hash128_t hash;
KeyedHash::Hash128(id_tag, p - id_tag, &hash);
- *digest = DigestStr(reinterpret_cast<const unsigned char*>(hash), 16);
+ *digest = DigestStr(reinterpret_cast<const char*>(hash), 16);
auto entry = states.find(*digest);
if ( entry == states.end() ) {

29
security/zeek/files/patch-src_DFA.h Normal file
View File

@ -0,0 +1,29 @@
--- src/DFA.h.orig 2024-10-04 22:44:09 UTC
+++ src/DFA.h
@@ -2,7 +2,7 @@
#pragma once
-#include <sys/types.h> // for u_char
+#include <sys/types.h>
#include <cassert>
#include <map>
#include <string>
@@ -18,7 +18,7 @@ class DFA_Machine;
// Transitions to the uncomputed state indicate that we haven't yet
// computed the state to go to.
-#define DFA_UNCOMPUTED_STATE -2
+#define DFA_UNCOMPUTED_STATE (-2)
#define DFA_UNCOMPUTED_STATE_PTR ((DFA_State*)DFA_UNCOMPUTED_STATE)
class DFA_State : public Obj {
@@ -67,7 +67,7 @@ class DFA_State : public Obj { (protected)
DFA_State* mark;
};
-using DigestStr = std::basic_string<u_char>;
+using DigestStr = std::string;
struct DFA_State_Cache_Stats {
// Sum of all NFA states

83
security/zeek/files/patch-src_analyzer_protocol_ssl_SSL.cc Normal file
View File

@ -0,0 +1,83 @@
--- src/analyzer/protocol/ssl/SSL.cc.orig 2024-10-04 22:44:09 UTC
+++ src/analyzer/protocol/ssl/SSL.cc
@@ -5,7 +5,6 @@
#include <openssl/opensslv.h>
#include "zeek/Reporter.h"
-#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/ssl/events.bif.h"
#include "zeek/analyzer/protocol/ssl/ssl_pac.h"
#include "zeek/analyzer/protocol/ssl/tls-handshake_pac.h"
@@ -32,11 +31,11 @@ static inline T LSB(const T a) {
return (a & 0xff);
}
-static std::basic_string<unsigned char> fmt_seq(uint32_t num) {
- std::basic_string<unsigned char> out(4, '\0');
+static std::string fmt_seq(uint32_t num) {
+ std::string out(4, '\0');
out.reserve(13);
uint32_t netnum = htonl(num);
- out.append(reinterpret_cast<u_char*>(&netnum), 4);
+ out.append(reinterpret_cast<char*>(&netnum), 4);
out.append(5, '\0');
return out;
}
@@ -266,13 +265,13 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len,
// server write_key
const u_char* s_wk = keys.data() + 32;
// client IV
- const u_char* c_iv = keys.data() + 64;
+ const char* c_iv = reinterpret_cast<const char*>(keys.data()) + 64;
// server IV
- const u_char* s_iv = keys.data() + 68;
+ const char* s_iv = reinterpret_cast<const char*>(keys.data()) + 68;
// FIXME: should we change types here?
- u_char* encrypted = (u_char*)data;
- size_t encrypted_len = len;
+ char* encrypted = (char*)data;
+ int encrypted_len = len;
if ( is_orig )
c_seq++;
@@ -280,7 +279,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len,
s_seq++;
// AEAD nonce, length 12
- std::basic_string<unsigned char> s_aead_nonce;
+ std::string s_aead_nonce;
if ( is_orig )
s_aead_nonce.assign(c_iv, 4);
else
@@ -306,14 +305,14 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len,
// FIXME: aes_256_gcm should not be hardcoded here ;)
if ( is_orig )
- EVP_DecryptInit(ctx, EVP_aes_256_gcm(), c_wk, s_aead_nonce.data());
+ EVP_DecryptInit(ctx, EVP_aes_256_gcm(), c_wk, reinterpret_cast<const u_char*>(s_aead_nonce.data()));
else
- EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, s_aead_nonce.data());
+ EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, reinterpret_cast<const u_char*>(s_aead_nonce.data()));
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, encrypted + encrypted_len);
// AEAD tag
- std::basic_string<unsigned char> s_aead_tag;
+ std::string s_aead_tag;
if ( is_orig )
s_aead_tag = fmt_seq(c_seq);
else
@@ -330,8 +329,10 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len,
16); // see OpenSSL manpage - 16 is the block size for the supported cipher
int decrypted_len = 0;
- EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size());
- EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, (const u_char*)encrypted, encrypted_len);
+ EVP_DecryptUpdate(ctx, NULL, &decrypted_len, reinterpret_cast<const u_char*>(s_aead_tag.data()),
+ s_aead_tag.size());
+ EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, reinterpret_cast<const u_char*>(encrypted),
+ encrypted_len);
assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size());
decrypted.resize(decrypted_len);