Update to 2.5.4 which fixes multiple memory allocation issues:

 - Multiple fixes and improvements to BinPAC generated code
   related to array parsing, with potential impact to all Bro's
   BinPAC-generated analyzers in the form of buffer over-reads
   or other invalid memory accesses depending on whether a
   particular analyzer incorrectly assumed that the
   evaulated-array-length expression is actually the number of
   elements that were parsed out from the input.

 - The NCP analyzer (not enabled by default and also updated
   to actually work with newer Bro APIs in the release) performed
   a memory allocation based directly on a field in the input
   packet and using signed integer storage. This could result
   in a signed integer overflow and memory allocations of
   negative or very large size, leading to a crash or memory
   exhaustion. The new NCP::max_frame_size tuning option now
   limits the maximum amount of memory that can be allocated.

Other fixes:

 - A memory leak in the SMBv1 analyzer.

 - The MySQL analyzer was generally not working as intended,
   for example, it now is able to parse responses that contain
   multiple results/rows.

Add gettext-runtime to USES to address a poudriere testport
warning.

Reviewed by:	matthew (mentor)
Approved by:	matthew (mentor)
MFH:		2018Q2
Security:	2f4fd3aa-32f8-4116-92f2-68f05398348e
Differential Revision:	https://reviews.freebsd.org/D15678

3 files changed, 6 insertions, 5 deletions

diff --git a/security/bro/Makefile b/security/bro/Makefile
index 6d8ad61b760b..f518ff88d98a 100644
--- a/security/bro/Makefile
+++ b/security/bro/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	bro
-PORTVERSION=	2.5.3
+PORTVERSION=	2.5.4
 CATEGORIES=	security
 MASTER_SITES=	https://www.bro.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
@@ -16,7 +16,7 @@ BROKEN_powerpc64=	Does not build: error: zero-size array 'names'
 
 LIB_DEPENDS=	libGeoIP.so:net/GeoIP
 
-USES=		bison cmake:outsource compiler:c++11-lang ninja perl5 python shebangfix ssl
+USES=		bison cmake:outsource compiler:c++11-lang gettext-runtime ninja perl5 python shebangfix ssl
 
 CMAKE_ARGS+=	-DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
 CXXFLAGS+=	-std=c++11 -Wall
diff --git a/security/bro/distinfo b/security/bro/distinfo
index 5327498eae77..30d9bb99f7ef 100644
--- a/security/bro/distinfo
+++ b/security/bro/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1518744511
-SHA256 (bro-2.5.3.tar.gz) = 7384fa14e6cebc86488040877fc0bfd50868e969f0fa05178cef0116e4116225
-SIZE (bro-2.5.3.tar.gz) = 18514905
+TIMESTAMP = 1528300945
+SHA256 (bro-2.5.4.tar.gz) = 80daea433fa654f2602cf67b19b9121ff6ad57761bad73cc29020c4f490c5f1f
+SIZE (bro-2.5.4.tar.gz) = 18520847
 SHA256 (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = cbc2033896fe41e42604de2f74673971718a40684996650157484485755f7720
 SIZE (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = 1239451
 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
diff --git a/security/bro/pkg-plist b/security/bro/pkg-plist
index e547c95c60ed..bf9d4dbd5ae4 100644
--- a/security/bro/pkg-plist
+++ b/security/bro/pkg-plist
@@ -188,6 +188,7 @@ man/man8/bro.8.gz
 %%DATADIR%%/base/bif/plugins/Bro_MIME.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_Modbus.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_MySQL.events.bif.bro
+%%DATADIR%%/base/bif/plugins/Bro_NCP.consts.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_NCP.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_NTLM.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_NTLM.types.bif.bro