security/zeek: Update to 5.0.0 (latest LTS release)

    https://github.com/zeek/zeek/releases/tag/v5.0.0

Changes incompatiable with 4.0.7:

 - The script-land ``union`` and ``timer`` types have been removed.
   They haven't had any actual semantics backing them for some time
   and shouldn't have functioned in any useable way. We opted to
   skip the deprecation cycle for these types for that reason.

 - Broker now uses a new network backend with a custom network
   protocol that is incompatible with the pre-5.0 backend. In
   practice, this means Zeek 4.x will not be able to exchange events
   with Zeek 5.x. Going forward, this new backend will allow us to
   keep the Broker protocol more stable and add new capabilities
   in a backwards compatible way.

While we're here add a comment explaining why we really need uname
-p instead of using ARCH (uname -m). Also solve a portlint nag.

Reported by:	Tim Wojtulewicz

security/zeek/Makefile

@@ -1,8 +1,7 @@
 # Created by: David O'Brien <obrien@FreeBSD.org>
 
 PORTNAME=	zeek
-PORTVERSION=	4.0.7
-PORTREVISION=	1
+PORTVERSION=	5.0.0
 CATEGORIES=	security
 MASTER_SITES=	https://download.zeek.org/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
@@ -12,35 +11,41 @@ COMMENT=	System for detecting network intruders in real-time
 
 LICENSE=	BSD3CLAUSE
 
-BROKEN_FreeBSD_12_powerpc64=	Does not build: error: zero-size array 'names'
+BROKEN_FreeBSD_12_powerpc64=	does not build: error: zero-size array 'names'
 
-USES=		bison cmake compiler:c++11-lang cpe gettext-runtime \
+BUILD_DEPENDS=	cmake>=3.15.0:devel/cmake
+
+USES=		bison cmake compiler cpe gettext-runtime \
 		ninja perl5 python shebangfix ssl
+
 USE_LDCONFIG=	yes
 
+BINARY_ALIAS=	python3=${PYTHON_CMD}
+
 PORTSCOUT=	limit:0,even
 
 CXXFLAGS_powerpc64=	-mpower8-vector
-CMAKE_ARGS+=		-DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
 
 SHEBANG_FILES=	auxil/zeekctl/auxil/trace-summary/trace-summary
 
 SUB_FILES=	pkg-message
 NO_MTREE=	yes
 
 CMAKE_ARGS+=	-GNinja \
+		-D BUILD_SHARED_LIBS:BOOL=true \
+		-D BUILD_STATIC_BROKER:BOOL=true \
+		-D BinPAC_SKIP_INSTALL:BOOL=true \
+		-D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}" \
 		-D CMAKE_INSTALL_PREFIX:PATH=${PREFIX} \
-		-D ZEEK_ROOT_DIR:PATH=${PREFIX} \
+		-D ENABLE_PERFTOOLS_DEBUG:BOOL=false \
+		-D ENABLE_ZEEK_UNIT_TESTS:BOOL=true \
+		-D INSTALL_AUX_TOOLS:BOOL=true \
+		-D PYTHON_EXECUTABLE:PATH=${PYTHON_CMD} \
 		-D PY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \
-		-D ZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \
 		-D ZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \
 		-D ZEEK_MAN_INSTALL_PATH=${MANPREFIX}/man \
-		-D ENABLE_PERFTOOLS_DEBUG:BOOL=false \
-		-D BinPAC_SKIP_INSTALL:BOOL=true \
-		-D INSTALL_AUX_TOOLS:BOOL=true \
-		-D BUILD_SHARED_LIBS:BOOL=true \
-		-D BUILD_STATIC_BROKER:BOOL=true \
-		-D CMAKE_EXE_LINKER_FLAGS="${OPENSSL_LDFLAGS}"
+		-D ZEEK_ROOT_DIR:PATH=${PREFIX} \
+		-D ZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek
 
 ZEEKUSER?=	zeek
 ZEEKGROUP?=	zeek
@@ -53,13 +58,13 @@ USERS=		${ZEEKUSER}
 GROUPS=		${ZEEKGROUP}
 
 OPTIONS_DEFINE=	BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP PERFTOOLS \
-		ZEEKCTL ZKG
+		SPICY ZEEKCTL ZKG
 
 OPTIONS_SINGLE=			BUILD_TYPE
 OPTIONS_SINGLE_BUILD_TYPE=	DEBUG MINSIZEREL RELEASE RELWITHDEBINFO
 
 OPTIONS_DEFAULT=	BROKER GEOIP2 IPSUMDUMP LBL_CF LBL_HF NETMAP RELEASE \
-			ZEEKCTL ZKG
+			SPICY ZEEKCTL ZKG
 OPTIONS_SUB=		yes
 
 BROKER_DESC=		Enable the Broker communication library
@@ -73,6 +78,7 @@ NETMAP_DESC=		Native Netmap Packet IOSource for Zeek
 PERFTOOLS_DESC=		Use Perftools to improve memory & CPU usage
 RELEASE_DESC=		Optimizations on, debug symbols/flags off
 RELWITHDEBINFO_DESC=	Optimizations/debug symbols on, debug flags off
+SPICY_DESC=		Enable the Spicy parser generator
 ZEEKCTL_DESC=		ZeekControl support (implies BROKER and IPSUMDUMP)
 ZKG_DESC=		Zeek package manager support
 
@@ -91,6 +97,9 @@ PERFTOOLS_BUILD_DEPENDS=${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
 PERFTOOLS_CMAKE_BOOL=	ENABLE_PERFTOOLS
 PERFTOOLS_RUN_DEPENDS=${LOCALBASE}/bin/perftools-pprof:devel/google-perftools
 PYTHON_BUILD_DEPENDS=	swig:devel/swig
+SPICY_ENABLE=		spicy
+SPICY_BUILD_DEPENDS=	bison>=3.3:devel/bison \
+			flex>=2.6:textproc/flex
 ZEEKCTL_BUILD_DEPENDS=	${LOCALBASE}/bin/bash:shells/bash \
 			${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} \
 			swig:devel/swig
@@ -152,6 +161,7 @@ post-install-NETMAP-on:
 
 .include <bsd.port.pre.mk>
 
+# Would like to use ARCH (uname -p) but it's not always correct (e.g. arm64)
 UNAME_M!=	${UNAME} -m
 
 .include <bsd.port.post.mk>

security/zeek/distinfo

@@ -1,5 +1,5 @@
-TIMESTAMP = 1654276667
-SHA256 (zeek-4.0.7.tar.gz) = e9ee7c6fcf676473419c40dbb5aff2b4e25853f710a5d45c0029683bab09727e
-SIZE (zeek-4.0.7.tar.gz) = 32888207
+TIMESTAMP = 1657055374
+SHA256 (zeek-5.0.0.tar.gz) = d0d300fd8d9a1a485a0198c52e9773db7c532820faaea797e4c63aafac63fd7e
+SIZE (zeek-5.0.0.tar.gz) = 42662089
 SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75
 SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100

security/zeek/files/patch-src_input_readers_raw_Raw.cc

@@ -1,17 +1,17 @@
---- src/input/readers/raw/Raw.cc.orig	2022-07-01 19:51:26 UTC
+--- src/input/readers/raw/Raw.cc.orig	2022-07-05 21:26:56 UTC
 +++ src/input/readers/raw/Raw.cc
-@@ -34,6 +34,7 @@ Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(fro
+@@ -36,6 +36,7 @@ Raw::Raw(ReaderFrontend* frontend)
  	firstrun = true;
  	mtime = 0;
  	ino = 0;
 +	dev = 0;
  	forcekill = false;
  	offset = 0;
- 	separator.assign( (const char*) BifConst::InputRaw::record_separator->Bytes(),
-@@ -278,12 +279,32 @@ bool Raw::OpenInput()
+ 	separator.assign((const char*)BifConst::InputRaw::record_separator->Bytes(),
+@@ -280,12 +281,31 @@ bool Raw::OpenInput()
  	else
  		{
- 		file = std::unique_ptr<FILE, int(*)(FILE*)>(fopen(fname.c_str(), "r"), fclose);
+ 		file = std::unique_ptr<FILE, int (*)(FILE*)>(fopen(fname.c_str(), "r"), fclose);
 +		if ( ! file && Info().mode == MODE_STREAM )
 +			{
 +			// Watch /dev/null until the file appears
@@ -36,42 +36,41 @@
 +			ino = sb.st_ino;
 +			dev = sb.st_dev;
 +			}
-+
 +
  		if ( ! SetFDFlags(fileno(file.get()), F_SETFD, FD_CLOEXEC) )
  			Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str()));
  		}
-@@ -345,6 +366,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field
+@@ -346,6 +366,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field
  	fname = info.source;
  	mtime = 0;
  	ino = 0;
 +	dev = 0;
  	execute = false;
  	firstrun = true;
  	int want_fields = 1;
-@@ -565,24 +587,58 @@ bool Raw::DoUpdate()
+@@ -574,23 +595,57 @@ bool Raw::DoUpdate()
 
- 			mtime = sb.st_mtime;
- 			ino = sb.st_ino;
-+			dev = sb.st_dev;
- 			// file changed. reread.
- 			//
- 			// fallthrough
- 			}
+ 				mtime = sb.st_mtime;
+ 				ino = sb.st_ino;
++				dev = sb.st_dev;
+ 				// file changed. reread.
+ 				//
+ 				// fallthrough
+ 				}
 
- 		case MODE_MANUAL:
--		case MODE_STREAM:
--			if ( Info().mode == MODE_STREAM && file )
--				{
--				clearerr(file.get());  // remove end of file evil bits
--				break;
--				}
+ 			case MODE_MANUAL:
+-			case MODE_STREAM:
+-				if ( Info().mode == MODE_STREAM && file )
+-					{
+-					clearerr(file.get()); // remove end of file evil bits
+-					break;
+-					}
 -
- 			CloseInput();
- 			if ( ! OpenInput() )
- 				return false;
+ 				CloseInput();
+ 				if ( ! OpenInput() )
+ 					return false;
 
- 			break;
++				break;
 +
 +			case MODE_STREAM:
 +				// Clear possible EOF condition
@@ -111,7 +110,6 @@
 +				dev = sb.st_dev;
 +				offset = 0;
 +				bufpos = 0;
-+ 				break;
+ 				break;
 
- 		default:
- 			assert(false);
+ 			default:

security/zeek/files/patch-src_input_readers_raw_Raw.h

@@ -1,6 +1,6 @@
---- src/input/readers/raw/Raw.h.orig	2022-07-01 20:33:23 UTC
+--- src/input/readers/raw/Raw.h.orig	2022-07-05 21:28:35 UTC
 +++ src/input/readers/raw/Raw.h
-@@ -52,6 +52,7 @@ class Raw : public ReaderBackend { (private)
+@@ -55,6 +55,7 @@ class Raw : public ReaderBackend (private)
  	bool firstrun;
  	time_t mtime;
  	ino_t ino;