security/suricata: Update to 2.0.5, Add NSS support

- Update to 2.0.5
- Add NSS option for file checksum and fingerprint support [1]
- Add default rules files [1]
- Add USES=autoreconf, remove USE_AUTOTOOLS and friends
- Override PATHFIX_MAKEFILEIN
- Use the install-strip target
- Fix HTP_PORT_CONFLICT_OFF typo (CONFLICT*S*)
- USES=iconv when using the bundled HTP version
- Cleanup and fix OPTION descriptions
- Sort OPTIONS and helpers
- Use the existing NO_HTP_PORT variable in pkg-plist (OPTIONS_SUB), remove
  MHTP_PORT conditional accordingly

PR:		194953 [1]
Submitted by:	Bill Meeks <bmeeks8 bellsouth net> [1]

3 files changed, 72 insertions, 53 deletions

diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index 69de9c946238..6cf6c81e205b 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	suricata
-PORTVERSION=	2.0.4
+PORTVERSION=	2.0.5
 CATEGORIES=	security
 MASTER_SITES=	http://www.openinfosecfoundation.org/download/ \
 		http://mirrors.rit.edu/zi/
@@ -16,43 +16,57 @@ LIB_DEPENDS=	libpcre.so:${PORTSDIR}/devel/pcre \
 		libnet.so:${PORTSDIR}/net/libnet \
 		libyaml.so:${PORTSDIR}/textproc/libyaml
 
-OPTIONS_DEFINE=	IPFW PRELUDE PORTS_PCAP TESTS JSON GEOIP HTP_PORT
-OPTIONS_DEFAULT=IPFW PRELUDE HTP_PORT
-OPTIONS_SUB=	yes
-
-IPFW_DESC=	Enable IPFW and IP Divert support for inline IDP
-PRELUDE_DESC=	Enable Prelude support for NIDS alerts
-PORTS_PCAP_DESC=Use libpcap from ports
-TESTS_DESC=	Enable unit tests in suricata binary
-JSON_DESC=	Enable Suricata JSON output
-GEOIP_DESC=	Enable GeoIP support for Suricata
-HTP_PORT_DESC=	Use libhtp from ports instead of bundled
-
-USES=		gmake pkgconfig libtool pathfix
-USE_AUTOTOOLS=	aclocal autoconf automake
+USES=		autoreconf gmake pkgconfig libtool pathfix
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	${PORTNAME}
-
 GNU_CONFIGURE=	yes
 
+INSTALL_TARGET=		install-strip
+PATHFIX_MAKEFILEIN=	Makefile.am
+
+OPTIONS_DEFINE=		GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE TESTS
+OPTIONS_DEFAULT=	HTP_PORT IPFW PRELUDE
+OPTIONS_SUB=		yes
+
+GEOIP_DESC=		Enable GeoIP support
+HTP_PORT_DESC=		Use libhtp from ports
+IPFW_DESC=		Enable IPFW and IP Divert support for inline IDP
+JSON_DESC=		Enable JSON output
+NSS_DESC=		Enable file checksums and SSL/TLS fingerprinting
+PORTS_PCAP_DESC=	Use libpcap from ports
+PRELUDE_DESC=		Enable Prelude support for NIDS alerts
+TESTS_DESC=		Build Unit Tests
+
+GEOIP_LIB_DEPENDS=		libGeoIP.so:${PORTSDIR}/net/GeoIP
+GEOIP_CONFIGURE_ON=		--enable-geoip
+
+HTP_PORT_LIB_DEPENDS=		libhtp.so:${PORTSDIR}/devel/libhtp
+HTP_PORT_CONFIGURE_ON=		--enable-non-bundled-htp
+HTP_PORT_CONFIGURE_OFF=		--enable-bundled-htp
+HTP_PORT_CONFLICTS_INSTALL_OFF=	libhtp-[0-9]* libhtp-suricata
+HTP_PORT_USES_OFF=		iconv
+
 IPFW_CONFIGURE_ON=		--enable-ipfw
+
+PORTS_PCAP_LIB_DEPENDS=		libpcap.so:${PORTSDIR}/net/libpcap
 PORTS_PCAP_CONFIGURE_ON=	--with-libpcap-includes=${LOCALBASE}/include \
 				--with-libpcap-libraries=${LOCALBASE}/lib
 PORTS_PCAP_CONFIGURE_OFF=	--with-libpcap-includes=/usr/include \
 				--with-libpcap-libraries=/usr/lib
-PORTS_PCAP_LIB_DEPENDS=		libpcap.so:${PORTSDIR}/net/libpcap
+
 PRELUDE_LIB_DEPENDS=		libprelude.so:${PORTSDIR}/security/libprelude
 PRELUDE_CONFIGURE_ENABLE=	prelude
 PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
-TESTS_CONFIGURE_ENABLE=		unittests
+
+JSON_LIB_DEPENDS=		libjansson.so:${PORTSDIR}/devel/jansson
 JSON_CONFIGURE_OFF=		--with-libjansson-includes=${LOCALBASE}/include	\
 				--with-libjansson-libraries=${LOCALBASE}/lib
-JSON_LIB_DEPENDS=		libjansson.so:${PORTSDIR}/devel/jansson
-GEOIP_CONFIGURE_ON=		--enable-geoip
-GEOIP_LIB_DEPENDS=		libGeoIP.so:${PORTSDIR}/net/GeoIP
-HTP_PORT_CONFIGURE_ON=		--enable-non-bundled-htp
-HTP_PORT_LIB_DEPENDS=		libhtp.so:${PORTSDIR}/devel/libhtp
-HTP_PORT_CONFLICT_OFF=		libhtp-[0-9]* libhtp-suricata
+
+NSS_LIB_DEPENDS=		libnss3.so:${PORTSDIR}/security/nss
+NSS_CONFIGURE_ON=		--with-libnss-includes=${LOCALBASE}/include/nss/nss \
+				--with-libnss-libraries=${LOCALBASE}/lib/nss \
+
+TESTS_CONFIGURE_ENABLE=		unittests
 
 SUB_FILES=	pkg-message
 
@@ -72,16 +86,11 @@ LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config
 CONFIG_DIR?=	${ETCDIR}
 CONFIG_FILES=	suricata.yaml classification.config reference.config
 RULES_DIR=	${CONFIG_DIR}/rules
+RULES_FILES=	decoder-events.rules dns-events.rules files.rules http-events.rules smtp-events.rules stream-events.rules tls-events.rules
 LOGS_DIR?=	/var/log/${PORTNAME}
 
 .include <bsd.port.pre.mk>
 
-.if ${PORT_OPTIONS:MHTP_PORT}
-PLIST_SUB+=	HTPPORT="@comment "
-.else
-PLIST_SUB+=	HTPPORT=""
-.endif
-
 .if ${ARCH} == "ia64" || ${ARCH} == "powerpc" || ${ARCH} == "sparc64"
 BROKEN=		Does not compile on ia64, powerpc, or sparc64
 .endif
@@ -98,6 +107,9 @@ post-install:
 .for f in ${CONFIG_FILES}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
 .endfor
+.for f in ${RULES_FILES}
+	${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f}
+.endfor
 
 TMPDIR?=	/tmp
 TESTDIR=	${TMPDIR}/${PORTNAME}
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index 941ac43fd124..3e9fdb921a02 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,2 +1,2 @@
-SHA256 (suricata-2.0.4.tar.gz) = 677d97a829d9e05f664c82eb0372e870d5f6e9501ccee20130dfde4014bd5084
-SIZE (suricata-2.0.4.tar.gz) = 3085919
+SHA256 (suricata-2.0.5.tar.gz) = 57b1120e91bd4e348e1a4cee9eb7b197d05fc25169e062f1a11f5dd4b9322c60
+SIZE (suricata-2.0.5.tar.gz) = 3090118
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index ac2eb6ffd4ed..7e5cdad5e9a0 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -28,28 +28,35 @@ bin/suricata
 %%DOCSDIR%%/Ubuntu_Installation.txt
 %%DOCSDIR%%/Ubuntu_Installation_from_GIT.txt
 %%DOCSDIR%%/Windows.txt
-%%HTPPORT%%include/htp/bstr.h
-%%HTPPORT%%include/htp/bstr_builder.h
-%%HTPPORT%%include/htp/htp.h
-%%HTPPORT%%include/htp/htp_base64.h
-%%HTPPORT%%include/htp/htp_config.h
-%%HTPPORT%%include/htp/htp_connection_parser.h
-%%HTPPORT%%include/htp/htp_core.h
-%%HTPPORT%%include/htp/htp_decompressors.h
-%%HTPPORT%%include/htp/htp_hooks.h
-%%HTPPORT%%include/htp/htp_list.h
-%%HTPPORT%%include/htp/htp_multipart.h
-%%HTPPORT%%include/htp/htp_table.h
-%%HTPPORT%%include/htp/htp_transaction.h
-%%HTPPORT%%include/htp/htp_urlencoded.h
-%%HTPPORT%%include/htp/htp_utf8_decoder.h
-%%HTPPORT%%include/htp/htp_version.h
-%%HTPPORT%%lib/libhtp-0.5.15.so.1
-%%HTPPORT%%lib/libhtp-0.5.15.so.1.0.0
-%%HTPPORT%%lib/libhtp.a
-%%HTPPORT%%lib/libhtp.so
-%%HTPPORT%%libdata/pkgconfig/htp.pc
+%%NO_HTP_PORT%%include/htp/bstr.h
+%%NO_HTP_PORT%%include/htp/bstr_builder.h
+%%NO_HTP_PORT%%include/htp/htp.h
+%%NO_HTP_PORT%%include/htp/htp_base64.h
+%%NO_HTP_PORT%%include/htp/htp_config.h
+%%NO_HTP_PORT%%include/htp/htp_connection_parser.h
+%%NO_HTP_PORT%%include/htp/htp_core.h
+%%NO_HTP_PORT%%include/htp/htp_decompressors.h
+%%NO_HTP_PORT%%include/htp/htp_hooks.h
+%%NO_HTP_PORT%%include/htp/htp_list.h
+%%NO_HTP_PORT%%include/htp/htp_multipart.h
+%%NO_HTP_PORT%%include/htp/htp_table.h
+%%NO_HTP_PORT%%include/htp/htp_transaction.h
+%%NO_HTP_PORT%%include/htp/htp_urlencoded.h
+%%NO_HTP_PORT%%include/htp/htp_utf8_decoder.h
+%%NO_HTP_PORT%%include/htp/htp_version.h
+%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1
+%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1.0.0
+%%NO_HTP_PORT%%lib/libhtp.a
+%%NO_HTP_PORT%%lib/libhtp.so
+%%NO_HTP_PORT%%libdata/pkgconfig/htp.pc
 @sample etc/suricata/suricata.yaml.sample
 @sample etc/suricata/classification.config.sample
 @sample etc/suricata/reference.config.sample
+etc/suricata/rules/decoder-events.rules
+etc/suricata/rules/dns-events.rules
+etc/suricata/rules/files.rules
+etc/suricata/rules/http-events.rules
+etc/suricata/rules/smtp-events.rules
+etc/suricata/rules/stream-events.rules
+etc/suricata/rules/tls-events.rules
 @dir etc/suricata/rules