bro: update to 2.6.1

common/shlibs

@@ -3377,3 +3377,6 @@ libtexpdf.so.0 libtexpdf-0.9.5_1
 libupstart.so.1 libupstart-1.13.3_1
 librtas.so.2 librtas-2.0.2_1
 librtasevent.so.2 librtas-2.0.2_1
+libbroker.so.0 bro-2.6.1_1
+libcaf_core.so.0.16.2 bro-2.6.1_1
+libcaf_openssl.so.0.16.2 bro-2.6.1_1

srcpkgs/bro/patches/libressl.patch

@@ -0,0 +1,176 @@
+From fc43d06955a255bce4162b459be4a6a3a11a178d Mon Sep 17 00:00:00 2001
+From: Jon Siwek <jsiwek@corelight.com>
+Date: Mon, 7 Jan 2019 11:35:17 -0600
+Subject: [PATCH] GH-227: Improve LibreSSL support
+
+---
+ src/file_analysis/analyzer/x509/OCSP.cc       | 16 ++++++++--------
+ src/file_analysis/analyzer/x509/X509.cc       |  2 +-
+ src/file_analysis/analyzer/x509/X509.h        | 11 ++++++++---
+ src/file_analysis/analyzer/x509/functions.bif |  6 +++---
+ 4 files changed, 20 insertions(+), 15 deletions(-)
+
+diff --git src/file_analysis/analyzer/x509/OCSP.cc src/file_analysis/analyzer/x509/OCSP.cc
+index bea88fc747..537d194906 100644
+--- src/file_analysis/analyzer/x509/OCSP.cc
++++ src/file_analysis/analyzer/x509/OCSP.cc
+@@ -44,7 +44,7 @@ static Val* get_ocsp_type(RecordVal* args, const char* name)
+ 
+ static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp, BIO* bio)
+ 	{
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	ASN1_OCTET_STRING* key  = nullptr;
+ 	X509_NAME*         name = nullptr;
+ 
+@@ -423,7 +423,7 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req, const char* fid)
+ 
+ 	uint64 version = 0;
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	if ( req->tbsRequest->version )
+ 		version = (uint64)ASN1_INTEGER_get(req->tbsRequest->version);
+ #else
+@@ -495,7 +495,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
+ 	if ( !basic_resp )
+ 		goto clean_up;
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	resp_data = basic_resp->tbsResponseData;
+ 	if ( !resp_data )
+ 		goto clean_up;
+@@ -506,7 +506,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
+ 	vl->append(resp_val->Ref());
+ 	vl->append(status_val);
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	vl->append(new Val((uint64)ASN1_INTEGER_get(resp_data->version), TYPE_COUNT));
+ #else
+ 	vl->append(parse_basic_resp_data_version(basic_resp));
+@@ -526,7 +526,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
+ 		}
+ 
+ 	// producedAt
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	produced_at = resp_data->producedAt;
+ #else
+ 	produced_at = OCSP_resp_get0_produced_at(basic_resp);
+@@ -551,7 +551,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
+ 		// cert id
+ 		const OCSP_CERTID* cert_id = nullptr;
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 		cert_id = single_resp->certId;
+ #else
+ 		cert_id = OCSP_SINGLERESP_get0_id(single_resp);
+@@ -618,7 +618,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
+ 			}
+ 		}
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	i2a_ASN1_OBJECT(bio, basic_resp->signatureAlgorithm->algorithm);
+ 	len = BIO_read(bio, buf, sizeof(buf));
+ 	vl->append(new StringVal(len, buf));
+@@ -635,7 +635,7 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val, const char* fid)
+ 	certs_vector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType());
+ 	vl->append(certs_vector);
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	certs = basic_resp->certs;
+ #else
+ 	certs = OCSP_resp_get0_certs(basic_resp);
+diff --git src/file_analysis/analyzer/x509/X509.cc src/file_analysis/analyzer/x509/X509.cc
+index 7571915207..600b3adb52 100644
+--- src/file_analysis/analyzer/x509/X509.cc
++++ src/file_analysis/analyzer/x509/X509.cc
+@@ -290,7 +290,7 @@ void file_analysis::X509::ParseSAN(X509_EXTENSION* ext)
+ 				continue;
+ 				}
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 			const char* name = (const char*) ASN1_STRING_data(gen->d.ia5);
+ #else
+ 			const char* name = (const char*) ASN1_STRING_get0_data(gen->d.ia5);
+diff --git src/file_analysis/analyzer/x509/X509.h src/file_analysis/analyzer/x509/X509.h
+index b808b676fe..91a5a7a5a1 100644
+--- src/file_analysis/analyzer/x509/X509.h
++++ src/file_analysis/analyzer/x509/X509.h
+@@ -8,24 +8,27 @@
+ #include "Val.h"
+ #include "X509Common.h"
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
++#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #define X509_get_signature_nid(x) OBJ_obj2nid((x)->sig_alg->algorithm)
+ 
+ #endif
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL || LIBRESSL_VERSION_NUMBER)
++#if ( OPENSSL_VERSION_NUMBER < 0x1010000fL ) || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #define X509_OBJECT_new()   (X509_OBJECT*)malloc(sizeof(X509_OBJECT))
+ #define X509_OBJECT_free(a) free(a)
+ 
+-#define OCSP_SINGLERESP_get0_id(s) (s)->certId
+ #define OCSP_resp_get0_certs(x)    (x)->certs
+ 
+ #define EVP_PKEY_get0_DSA(p)    ((p)->pkey.dsa)
+ #define EVP_PKEY_get0_EC_KEY(p) ((p)->pkey.ec)
+ #define EVP_PKEY_get0_RSA(p)    ((p)->pkey.rsa)
+ 
++#if !defined(LIBRESSL_VERSION_NUMBER) || ( LIBRESSL_VERSION_NUMBER < 0x2070000fL )
++
++#define OCSP_SINGLERESP_get0_id(s) (s)->certId
++
+ static X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
+ {
+ 	if ( a == nullptr || a->type != X509_LU_X509 )
+@@ -57,6 +60,8 @@ static void RSA_get0_key(const RSA *r,
+ 
+ #endif
+ 
++#endif
++
+ namespace file_analysis {
+ 
+ class X509Val;
+diff --git src/file_analysis/analyzer/x509/functions.bif src/file_analysis/analyzer/x509/functions.bif
+index 0b18feb8fe..ec87a495b3 100644
+--- src/file_analysis/analyzer/x509/functions.bif
++++ src/file_analysis/analyzer/x509/functions.bif
+@@ -115,7 +115,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
+ 	const ASN1_OCTET_STRING* key  = nullptr;
+ 	const X509_NAME*         name = nullptr;
+ 
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	OCSP_RESPID* resp_id = basic_resp->tbsResponseData->responderId;
+ 
+ 	if ( resp_id->type == V_OCSP_RESPID_NAME )
+@@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
+ 
+ 	// Because we actually want to be able to give nice error messages that show why we were
+ 	// not able to verify the OCSP response - do our own verification logic first.
+-#if ( OPENSSL_VERSION_NUMBER < 0x10100000L )
++#if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 	signer = x509_get_ocsp_signer(basic->certs, basic);
+ #else
+ 	signer = x509_get_ocsp_signer(OCSP_resp_get0_certs(basic), basic);
+@@ -714,7 +714,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
+ 	uint32 cert_length;
+ 	if ( precert )
+ 		{
+-#if (OPENSSL_VERSION_NUMBER < 0x10002000L || LIBRESSL_VERSION_NUMBER)
++#if ( OPENSSL_VERSION_NUMBER < 0x10002000L ) || defined(LIBRESSL_VERSION_NUMBER)
+ 		x->cert_info->enc.modified = 1;
+ 		cert_length = i2d_X509_CINF(x->cert_info, &cert_out);
+ #else

srcpkgs/bro/template

@@ -1,9 +1,8 @@
 # Template file for 'bro'
 pkgname=bro
-version=2.5.5
-revision=2
+version=2.6.1
+revision=1
 build_style=cmake
-nocross="Needs to build part of itself to run, can't be built separately yet."
 hostmakedepends="flex pkg-config python3"
 makedepends="bind-devel geoip-devel libpcap-devel libressl-devel jemalloc-devel"
 short_desc="Advanced framework for network traffic analysis"
@@ -11,7 +10,8 @@ maintainer="Andrew Benson <abenson+void@gmail.com>"
 license="BSD-3-Clause"
 homepage="https://www.bro.org"
 distfiles="https://www.bro.org/downloads/bro-${version}.tar.gz"
-checksum=18f2aeb10b4d935d85c115a1e4a93464b9750be19b34997cf6196b29118e73cf
+checksum=d9718b83fdae0c76eea5254a4b9470304c4d1d3778687de9a4fe0b5dffea521b
+nocross="Needs to build part of itself to run, can't be built separately yet."
 
 case "$XBPS_TARGET_MACHINE" in
 	*-musl)