security/suricata: Update to 2.0.3, Modernize

Now that libprelude is safe from EXPIRE and has been staged [1], and devel/libhtp
now *actually* links against libiconv even though autoconf detection was fine
[2] ... Have fun!

- Update to 2.0.3
- Switch libhtp to the upstream version port (devel/libhtp)
- Use USES=libtool
- Use OPTIONS helpers and other OPTIONS_* goodies
- Sort USE(S)* section
- Deprecate USE_AUTOTOOLS (USES instead)
- Deprecate AUTOMAKE_ARGS, ACLOCAL_ARGS (no longer necessary)
- Update COMMENT
- Add m4 macro for checking compiler flags and add relevent
  check to configure.ac. Our GCC doesn't like
  -Wno-error=unused-result and upstreams configure bits arent as
  portable as they could be.

[1] http://svnweb.freebsd.org/changeset/ports/365562
[2] http://svnweb.freebsd.org/changeset/ports/364955

Requested by:	many

4 files changed, 122 insertions, 46 deletions

diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index 83d4114465ee..c417fa002156 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -2,49 +2,59 @@
 # $FreeBSD$
 
 PORTNAME=	suricata
-PORTVERSION=	1.4.6
-PORTREVISION=	3
+PORTVERSION=	2.0.3
 CATEGORIES=	security
 MASTER_SITES=	http://www.openinfosecfoundation.org/download/ \
 		http://mirrors.rit.edu/zi/
 
 MAINTAINER=	koobs@FreeBSD.org
-COMMENT=	Open Source next generation IDS/IPS engine by OISF
+COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine
 
 LICENSE=	GPLv2
 
-LIB_DEPENDS=	libpcre.so:${PORTSDIR}/devel/pcre		\
-		libhtp.so:${PORTSDIR}/www/libhtp-suricata	\
-		libnet.so:${PORTSDIR}/net/libnet                \
+LIB_DEPENDS=	libpcre.so:${PORTSDIR}/devel/pcre \
+		libhtp.so:${PORTSDIR}/devel/libhtp \
+		libnet.so:${PORTSDIR}/net/libnet \
 		libyaml.so:${PORTSDIR}/textproc/libyaml
 
 OPTIONS_DEFINE=	IPFW PRELUDE PORTS_PCAP TESTS
-OPTIONS_DEFAULT=IPFW
+OPTIONS_DEFAULT=IPFW PRELUDE
+OPTIONS_SUB=	yes
 
 IPFW_DESC=	Enable IPFW and IP Divert support for inline IDP
 PRELUDE_DESC=	Enable Prelude support for NIDS alerts
 PORTS_PCAP_DESC=Use libpcap from ports
 TESTS_DESC=	Enable unit tests in suricata binary
 
-USE_AUTOTOOLS=	autoconf libtool
+USES=		gmake pkgconfig libtool
+USE_AUTOTOOLS=	aclocal autoconf automake
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	${PORTNAME}
-USES=		gmake pkgconfig
+
 GNU_CONFIGURE=	yes
 
-.include <bsd.port.options.mk>
+IPFW_CONFIGURE_ON=		--enable-ipfw
+PORTS_PCAP_CONFIGURE_ON=	--with-libpcap-includes=${LOCALBASE}/include \
+				--with-libpcap-libraries=${LOCALBASE}/lib
+PORTS_PCAP_CONFIGURE_OFF=	--with-libpcap-includes=/usr/include \
+				--with-libpcap-libraries=/usr/lib
+PORTS_PCAP_LIB_DEPENDS=		libpcap.so:${PORTSDIR}/net/libpcap
+PRELUDE_LIB_DEPENDS=		libprelude.so:${PORTSDIR}/security/libprelude
+PRELUDE_CONFIGURE_ENABLE=	prelude
+PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
+TESTS_CONFIGURE_ENABLE=		unittests
 
 SUB_FILES=	pkg-message
 
-CONFIGURE_ARGS+=--enable-non-bundled-htp --enable-gccprotect		\
-		--with-libpcre-includes=${LOCALBASE}/include		\
-		--with-libpcre-libraries=${LOCALBASE}/lib		\
-		--with-libyaml-includes=${LOCALBASE}/include		\
-		--with-libyaml-libraries=${LOCALBASE}/lib		\
-		--with-libnet-includes=${LOCALBASE}/include/libnet11	\
-		--with-libnet-libraries=${LOCALBASE}/lib/libnet11	\
-		--with-libhtp-includes=${LOCALBASE}/include/		\
-		--with-libhtp-libraries=${LOCALBASE}/lib		\
+CONFIGURE_ARGS+=--enable-non-bundled-htp --enable-gccprotect \
+		--with-libpcre-includes=${LOCALBASE}/include \
+		--with-libpcre-libraries=${LOCALBASE}/lib \
+		--with-libyaml-includes=${LOCALBASE}/include \
+		--with-libyaml-libraries=${LOCALBASE}/lib \
+		--with-libnet-includes=${LOCALBASE}/include/libnet11 \
+		--with-libnet-libraries=${LOCALBASE}/lib/libnet11 \
+		--with-libhtp-includes=${LOCALBASE}/include/ \
+		--with-libhtp-libraries=${LOCALBASE}/lib \
 		--localstatedir=/var/
 CONFIGURE_ENV+=	ac_cv_path_HAVE_PYTHON_CONFIG=no
 
@@ -60,31 +70,8 @@ LOGS_DIR?=	/var/log/${PORTNAME}
 BROKEN=		Does not compile on ia64, powerpc, or sparc64
 .endif
 
-.if ${PORT_OPTIONS:MPRELUDE}
-LIB_DEPENDS+=		libprelude.so:${PORTSDIR}/security/libprelude
-CONFIGURE_ARGS+=	--enable-prelude \
-			--with-libprelude-prefix=${LOCALBASE}
-PLIST_SUB+=		PRELUDE=""
-.endif
-
-.if ${PORT_OPTIONS:MIPFW}
-CONFIGURE_ARGS+=	--enable-ipfw
-.endif
-
-.if ${PORT_OPTIONS:MPORTS_PCAP}
-LIB_DEPENDS+=		libpcap.so:${PORTSDIR}/net/libpcap
-CONFIGURE_ARGS+=	--with-libpcap-includes=${LOCALBASE}/include \
-			--with-libpcap-libraries=${LOCALBASE}/lib
-.else
-CONFIGURE_ARGS+=	--with-libpcap-includes=/usr/include \
-			--with-libpcap-libraries=/usr/lib
-.endif
-
-.if ${PORT_OPTIONS:MTESTS}
-CONFIGURE_ARGS+=	--enable-unittests
-.else
-CONFIGURE_ARGS+=	--disable-unittests
-.endif
+pre-patch:
+	${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
 
 pre-install:
 	@${REINPLACE_CMD} -e 's|/etc/suricata|${CONFIG_DIR}|g' ${WRKSRC}/suricata.yaml
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index 35862f95f9fd..c245148e01a7 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,2 +1,2 @@
-SHA256 (suricata-1.4.6.tar.gz) = 5cf5d76dd63d06b993912301edc8afa06f886d0b68740239cc7df49b00800f8e
-SIZE (suricata-1.4.6.tar.gz) = 2508956
+SHA256 (suricata-2.0.3.tar.gz) = b6e554cbacb925bbcf88dd4554c9222b51b21796c39e198cdf5b0b9cdc1ed383
+SIZE (suricata-2.0.3.tar.gz) = 3083891
diff --git a/security/suricata/files/ax_check_compile_flag.m4 b/security/suricata/files/ax_check_compile_flag.m4
new file mode 100644
index 000000000000..51df0c09a7a8
--- /dev/null
+++ b/security/suricata/files/ax_check_compile_flag.m4
@@ -0,0 +1,74 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 3
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
diff --git a/security/suricata/files/patch-configure.ac b/security/suricata/files/patch-configure.ac
new file mode 100644
index 000000000000..bbb62a0132f2
--- /dev/null
+++ b/security/suricata/files/patch-configure.ac
@@ -0,0 +1,15 @@
+--- ./configure.ac.orig	2014-08-15 21:08:21.104727122 +1000
++++ ./configure.ac	2014-08-15 21:17:58.786571386 +1000
+@@ -816,8 +816,10 @@
+             AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),,[enable_prelude=no])
+     # Prelude doesn't work with -Werror
+     STORECFLAGS="${CFLAGS}"
+-    CFLAGS="${CFLAGS} -Wno-error=unused-result"
+-
++    AX_CHECK_COMPILE_FLAG([-Wno-error=unused-result], 
++        [CFLAGS="${CFLAGS} -Wno-error=unused-result"],
++        [])
++       
+     AS_IF([test "x$enable_prelude" = "xyes"], [
+         AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
+         if test "x${LIBPRELUDE_CFLAGS}" != "x"; then