security/suricata: Update to 2.0.6, add lots of OPTIONS

- Update to 2.0.6
- Update pkg-plist
- Add LICENSE_FILE
- Add OPTIONS for:

  * LUA scripting support
  * LUAjit scripting support
  * Suricata socket client

- Fix a reverse logic bug for JSON option
- Suricata links to nspr as a dependent of nss, add it to LIB_DEPENDS
- Create LOGS_DIR post-install
- Add patch to fix upstream issue 1353 [1]

[1] https://redmine.openinfosecfoundation.org/issues/1353

PR:		196801
Submitted by:	cheffo freebsd-bg org (with changes)

4 files changed, 77 insertions, 27 deletions

diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index 6cf6c81e205b..6d3b42ab9a94 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	suricata
-PORTVERSION=	2.0.5
+PORTVERSION=	2.0.6
 CATEGORIES=	security
 MASTER_SITES=	http://www.openinfosecfoundation.org/download/ \
 		http://mirrors.rit.edu/zi/
@@ -11,6 +11,7 @@ MAINTAINER=	koobs@FreeBSD.org
 COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine
 
 LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE
 
 LIB_DEPENDS=	libpcre.so:${PORTSDIR}/devel/pcre \
 		libnet.so:${PORTSDIR}/net/libnet \
@@ -24,18 +25,25 @@ GNU_CONFIGURE=	yes
 INSTALL_TARGET=		install-strip
 PATHFIX_MAKEFILEIN=	Makefile.am
 
-OPTIONS_DEFINE=		GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE TESTS
+OPTIONS_DEFINE=		GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE SC TESTS
 OPTIONS_DEFAULT=	HTP_PORT IPFW PRELUDE
+OPTIONS_RADIO=		SCRIPTS
+OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT
 OPTIONS_SUB=		yes
 
-GEOIP_DESC=		Enable GeoIP support
+SCRIPTS_DESC=		Scripting
+
+GEOIP_DESC=		GeoIP support
 HTP_PORT_DESC=		Use libhtp from ports
-IPFW_DESC=		Enable IPFW and IP Divert support for inline IDP
-JSON_DESC=		Enable JSON output
-NSS_DESC=		Enable file checksums and SSL/TLS fingerprinting
+IPFW_DESC=		IPFW and IP Divert support for inline IDP
+JSON_DESC=		JSON output support
+LUA_DESC=		LUA scripting support
+LUAJIT_DESC=		LuaJIT scripting support
+NSS_DESC=		File checksums and SSL/TLS fingerprinting
 PORTS_PCAP_DESC=	Use libpcap from ports
-PRELUDE_DESC=		Enable Prelude support for NIDS alerts
-TESTS_DESC=		Build Unit Tests
+PRELUDE_DESC=		Prelude support for NIDS alerts
+SC_DESC=		Suricata socket client (suricatasc)
+TESTS_DESC=		Unit tests in suricata binary
 
 GEOIP_LIB_DEPENDS=		libGeoIP.so:${PORTSDIR}/net/GeoIP
 GEOIP_CONFIGURE_ON=		--enable-geoip
@@ -59,12 +67,27 @@ PRELUDE_CONFIGURE_ENABLE=	prelude
 PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
 
 JSON_LIB_DEPENDS=		libjansson.so:${PORTSDIR}/devel/jansson
-JSON_CONFIGURE_OFF=		--with-libjansson-includes=${LOCALBASE}/include	\
+JSON_CONFIGURE_ON=		--with-libjansson-includes=${LOCALBASE}/include \
 				--with-libjansson-libraries=${LOCALBASE}/lib
 
-NSS_LIB_DEPENDS=		libnss3.so:${PORTSDIR}/security/nss
+LUA_USES=			lua:51
+LUA_CONFIGURE_ON=		--enable-lua \
+				--with-liblua-includes=${LUA_INCDIR} \
+				--with-liblua-libraries=${LUA_LIBDIR}
+
+LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:${PORTSDIR}/lang/luajit
+LUAJIT_CONFIGURE_ON=		--enable-luajit
+
+NSS_LIB_DEPENDS=		libnss3.so:${PORTSDIR}/security/nss \
+				libnspr4.so:${PORTSDIR}/devel/nspr
 NSS_CONFIGURE_ON=		--with-libnss-includes=${LOCALBASE}/include/nss/nss \
-				--with-libnss-libraries=${LOCALBASE}/lib/nss \
+				--with-libnss-libraries=${LOCALBASE}/lib \
+				--with-libnspr-libraries=${LOCALBASE}/lib \
+				--with-libnspr-includes=${LOCALBASE}/include/nspr
+
+SC_USES=			python
+SC_CONFIGURE_ENV=		ac_cv_path_HAVE_PYTHON_CONFIG=yes
+SC_CONFIGURE_ENV_OFF=		ac_cv_path_HAVE_PYTHON_CONFIG=no
 
 TESTS_CONFIGURE_ENABLE=		unittests
 
@@ -80,7 +103,6 @@ CONFIGURE_ARGS+=--enable-gccprotect \
 		--with-libhtp-includes=${LOCALBASE}/include/ \
 		--with-libhtp-libraries=${LOCALBASE}/lib \
 		--localstatedir=/var/
-CONFIGURE_ENV+=	ac_cv_path_HAVE_PYTHON_CONFIG=no
 
 LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config
 CONFIG_DIR?=	${ETCDIR}
@@ -98,19 +120,25 @@ BROKEN=		Does not compile on ia64, powerpc, or sparc64
 pre-patch:
 	${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
 
-pre-install:
-	@${REINPLACE_CMD} -e 's|/etc/suricata|${CONFIG_DIR}|g' ${WRKSRC}/suricata.yaml
-
 post-install:
 	${MKDIR} ${STAGEDIR}${CONFIG_DIR}
 	${MKDIR} ${STAGEDIR}${RULES_DIR}
+	${MKDIR} ${STAGEDIR}${LOGS_DIR}
+
 .for f in ${CONFIG_FILES}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
 .endfor
+
 .for f in ${RULES_FILES}
 	${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f}
 .endfor
 
+.if ${PORT_OPTIONS:MSC}
+	(cd ${STAGEDIR}${PREFIX} \
+	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
+	-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})
+.endif
+
 TMPDIR?=	/tmp
 TESTDIR=	${TMPDIR}/${PORTNAME}
 
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index 3e9fdb921a02..d221bef53b68 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,2 +1,2 @@
-SHA256 (suricata-2.0.5.tar.gz) = 57b1120e91bd4e348e1a4cee9eb7b197d05fc25169e062f1a11f5dd4b9322c60
-SIZE (suricata-2.0.5.tar.gz) = 3090118
+SHA256 (suricata-2.0.6.tar.gz) = e833e35ea3b6029bbdef81660af22e8f563494eac85d97618d761ce1b69c78ec
+SIZE (suricata-2.0.6.tar.gz) = 3090886
diff --git a/security/suricata/files/patch-scripts_suricatasc_suricatasc.in b/security/suricata/files/patch-scripts_suricatasc_suricatasc.in
new file mode 100644
index 000000000000..cff51d0a0894
--- /dev/null
+++ b/security/suricata/files/patch-scripts_suricatasc_suricatasc.in
@@ -0,0 +1,11 @@
+--- scripts/suricatasc/suricatasc.in.orig	2014-12-19 17:49:20.651663649 +0200
++++ scripts/suricatasc/suricatasc.in	2014-12-19 17:49:59.921665563 +0200
+@@ -24,7 +24,7 @@
+ args = parser.parse_args()
+ 
+ if args.socket != None:
+-    SOCKET_PATH = "@e_localstatedir@/" + args.socket[0]
++    SOCKET_PATH = args.socket
+ else:
+     SOCKET_PATH = "@e_localstatedir@/suricata-command.socket"
+ 
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 7e5cdad5e9a0..49d75344f565 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -1,4 +1,5 @@
 bin/suricata
+%%SC%%bin/suricatasc
 %%DOCSDIR%%/AUTHORS
 %%DOCSDIR%%/Basic_Setup.txt
 %%DOCSDIR%%/CentOS5.txt
@@ -49,14 +50,24 @@ bin/suricata
 %%NO_HTP_PORT%%lib/libhtp.a
 %%NO_HTP_PORT%%lib/libhtp.so
 %%NO_HTP_PORT%%libdata/pkgconfig/htp.pc
-@sample etc/suricata/suricata.yaml.sample
-@sample etc/suricata/classification.config.sample
-@sample etc/suricata/reference.config.sample
-etc/suricata/rules/decoder-events.rules
-etc/suricata/rules/dns-events.rules
-etc/suricata/rules/files.rules
-etc/suricata/rules/http-events.rules
-etc/suricata/rules/smtp-events.rules
-etc/suricata/rules/stream-events.rules
-etc/suricata/rules/tls-events.rules
+%%NO_HTP_PORT%%@dir include/htp
+%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc-0.9-py%%PYTHON_VER%%.egg-info
+%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
+%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
+%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.py
+%%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.pyc
+@sample %%ETCDIR%%/suricata.yaml.sample
+@sample %%ETCDIR%%/classification.config.sample
+@sample %%ETCDIR%%/reference.config.sample
+%%ETCDIR%%/rules/decoder-events.rules
+%%ETCDIR%%/rules/dns-events.rules
+%%ETCDIR%%/rules/files.rules
+%%ETCDIR%%/rules/http-events.rules
+%%ETCDIR%%/rules/smtp-events.rules
+%%ETCDIR%%/rules/stream-events.rules
+%%ETCDIR%%/rules/tls-events.rules
 @dir etc/suricata/rules
+@dir etc/suricata
+@dir(root,wheel,0700) /var/log/suricata
+@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove any configuration files left."; fi
+@dir %%DOCSDIR%%