security/snort: Fixes for aarch64 and armv6/7

This patch does a few things:

1. Update depends to a newer version of net/daq, in the ports tree for a
   long time already, but explicitly depend on it.
2. Split out corefiles separate from debug options
3. Switch from luajit to luajit-openresty so that snort can build on
   aarch64
4. Fix crashing on armv7 due to misaligned memory access (from mjg@)

While here, in pkg-plist change deprecated @unexec to @postunexec

PR:		257747
Reported by:	brd

2 files changed, 19 insertions, 8 deletions

diff --git a/security/snort/Makefile b/security/snort/Makefile
index 6e17d69d19c0..942d2680b20b 100644
--- a/security/snort/Makefile
+++ b/security/snort/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	snort
 PORTVERSION=	2.9.18
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	https://snort.org/downloads/snort/ \
 		https://snort.org/downloads/archive/snort/
@@ -14,11 +15,11 @@ COMMENT=	Lightweight network intrusion detection system
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-BUILD_DEPENDS=	daq>=2.0.0:net/daq
+BUILD_DEPENDS=	daq>=2.2.2_3:net/daq
 LIB_DEPENDS=	libpcre.so:devel/pcre \
 		libdnet.so:net/libdnet \
 		libpcap.so:net/libpcap
-RUN_DEPENDS=	daq>=2.0.0:net/daq
+RUN_DEPENDS=	daq>=2.2.2_3:net/daq
 
 USES=			bison cpe libtool pathfix shebangfix ssl
 USE_RC_SUBR=		snort
@@ -41,7 +42,7 @@ OPTIONS_DEFINE=		IPV6 GRE HA NORMALIZER DOCS APPID \
 
 OPTIONS_GROUP=		ADDONS DEV
 OPTIONS_GROUP_ADDONS=	BARNYARD PULLEDPORK
-OPTIONS_GROUP_DEV=	DBGSNORT
+OPTIONS_GROUP_DEV=	DBGSNORT COREDUMPS
 OPTIONS_SUB=		yes
 OPTIONS_DEFAULT=	GRE NORMALIZER BARNYARD \
 			PERFPROFILE SOURCEFIRE PULLEDPORK
@@ -60,9 +61,11 @@ ADDONS_DESC=		Depend on 3rd party addons
 BARNYARD_DESC=		Depend on barnyard2 (supports also snortsam)
 PULLEDPORK_DESC=	Depend on pulledpork
 DEV_DESC=		Developer options
-DBGSNORT_DESC=		Enable debugging symbols+core dumps
+DBGSNORT_DESC=		Enable debugging symbols
+COREDUMPS_DESC=		Enable core dumps
 
-DBGSNORT_CONFIGURE_ENABLE=	corefiles debug
+COREDUMPS_CONFIGURE_ENABLE=	corefiles
+DBGSNORT_CONFIGURE_ENABLE=	debug
 DBGSNORT_MAKE_ENV=		DONTSTRIP="yes"
 GRE_CONFIGURE_ENABLE=		gre
 LRGPCAP_CONFIGURE_ENABLE=	large-pcap
@@ -76,10 +79,18 @@ FILEINSPECT_CONFIGURE_ENABLE=	file-inspect
 
 BARNYARD_RUN_DEPENDS=	barnyard2:security/barnyard2
 PULLEDPORK_RUN_DEPENDS=	pulledpork.pl:security/pulledpork
-APPID_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit
-APPID_CONFIGURE_ENV+=	luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.0" \
+APPID_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit-openresty
+APPID_CONFIGURE_ENV+=	luajit_CFLAGS="-I${LOCALBASE}/include/luajit-2.1" \
 			luajit_LIBS="-L${LOCALBASE}/lib -lluajit-5.1"
 
+# Disable SIMD on 32-bit arm. Snort has numerous arbitrarily misaligned memory
+# accesses and some of them cause faults. The kludge below combined with
+# patch-configure seems to work around it well enough.
+#
+# Note the change is more aggressive than it possibly needs to be reduce surprises.
+CFLAGS_armv6=	-mfpu=vfpv3
+CFLAGS_armv7=	-mfpu=vfpv3
+
 CONFIG_FILES=	classification.config gen-msg.map reference.config \
 		snort.conf threshold.conf unicode.map file_magic.conf
 
diff --git a/security/snort/pkg-plist b/security/snort/pkg-plist
index a000dfcfcecf..b27c0008abae 100644
--- a/security/snort/pkg-plist
+++ b/security/snort/pkg-plist
@@ -320,7 +320,7 @@ src/snort_dynamicsrc/stream_api.h
 src/snort_dynamicsrc/treenodes.h
 src/snort_dynamicsrc/util_unfold.c
 src/snort_dynamicsrc/util_unfold.h
-@unexec rmdir "/var/log/snort" >/dev/null 2>&1 || :
+@postunexec rmdir "/var/log/snort" >/dev/null 2>&1 || :
 @dir src/snort_dynamicsrc
 @dir src
 %%PORTDOCS%%@dir %%DOCSDIR%%