security/wazuh-manager: Improve port

- Fix issue when agent/manager connection use TCP instead of UDP.
  (Thanks to dtxdf) [1]
- wazuh-manager settings use TCP by default
- FreeBSD sca,decoders and rules files were updated to fix some conflict
  issues.
- Bump PORTREVISION

PR:		291040
Reported by:	Paweł Krawczyk <p+freebsd at krvtz.net> [1]

7 files changed, 96 insertions, 32 deletions

diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile
index 1228d1c1cd22..1478ab9416b3 100644
--- a/security/wazuh-manager/Makefile
+++ b/security/wazuh-manager/Makefile
@@ -1,7 +1,7 @@
 PORTNAME=	wazuh
 DISTVERSIONPREFIX=	v
 DISTVERSION=	4.14.1
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security
 MASTER_SITES=	https://packages.wazuh.com/deps/47/libraries/sources/:wazuh_sources \
 		LOCAL/acm/${PORTNAME}/:wazuh_cache
@@ -44,12 +44,12 @@ MAKE_ARGS+=	TARGET=server INSTALLDIR=${WAZUHPREFIX} INSTALL_SHARED="${INSTALL_LI
 
 DOS2UNIX_FILES=	${WRKSRC}/api/api/configuration/api.yaml
 
-# WITH_CCACHE_BUILD=	yes
-# CCACHE_DIR=		/zdata/ccache
+#WITH_CCACHE_BUILD=	yes
+#CCACHE_DIR=		/zdata/ccache
 
 WAZUH_CACHEFILE=	${PORTNAME}-cache-any-${DISTVERSION}${EXTRACT_SUFX}
 WAZUH_EXTRAFILE=	alonsobsd-${PORTNAME}-freebsd-${WAZUH_EXTRAFILE_TAGNAME}_GH0${EXTRACT_SUFX}
-WAZUH_EXTRAFILE_TAGNAME=2f1307c
+WAZUH_EXTRAFILE_TAGNAME=830a911
 
 EXTERNAL_DISTFILES=	audit-userspace.tar.gz:wazuh_sources \
 			benchmark.tar.gz:wazuh_sources \
diff --git a/security/wazuh-manager/distinfo b/security/wazuh-manager/distinfo
index bc128ecdc8dc..652a4f92e381 100644
--- a/security/wazuh-manager/distinfo
+++ b/security/wazuh-manager/distinfo
@@ -75,5 +75,5 @@ SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 03e92ad3b8cc1d06f
 SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653557
 SHA256 (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
 SIZE (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = 19810038
-SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = a955c569217122779ab5b6b58bdfabbfa1cd452b4719cc35c791f7047b1f364f
-SIZE (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = 221983
+SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-830a911_GH0.tar.gz) = 4babef38a076f8be886d7190e18f6432f72671753ec96aaedc7e8d25b5c90259
+SIZE (wazuh-4.14.1/alonsobsd-wazuh-freebsd-830a911_GH0.tar.gz) = 221974
diff --git a/security/wazuh-manager/files/patch-etc_ossec-server.conf b/security/wazuh-manager/files/patch-etc_ossec-server.conf
index 2000faef3d49..0be34b3bdcff 100644
--- a/security/wazuh-manager/files/patch-etc_ossec-server.conf
+++ b/security/wazuh-manager/files/patch-etc_ossec-server.conf
@@ -1,5 +1,5 @@
---- etc/ossec-server.conf	2025-09-23 06:59:40.000000000 -0700
-+++ etc/ossec-server.conf	2025-10-16 17:18:34.635446000 -0700
+--- etc/ossec-server.conf	2025-11-07 00:46:03.000000000 -0800
++++ etc/ossec-server.conf	2026-01-10 15:58:20.321540000 -0800
 @@ -20,6 +20,26 @@
      <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
    </global>
@@ -27,12 +27,10 @@
    <alerts>
      <log_alert_level>3</log_alert_level>
      <email_alert_level>12</email_alert_level>
-@@ -28,7 +48,8 @@
-   <remote>
+@@ -29,6 +49,7 @@
      <connection>secure</connection>
      <port>1514</port>
--    <protocol>tcp</protocol>
-+    <protocol>udp</protocol>
+     <protocol>tcp</protocol>
 +    <queue_size>131072</queue_size>
    </remote>
  
diff --git a/security/wazuh-manager/files/patch-src-headers_notify_op.h b/security/wazuh-manager/files/patch-src-headers_notify_op.h
new file mode 100644
index 000000000000..3c3958219d35
--- /dev/null
+++ b/security/wazuh-manager/files/patch-src-headers_notify_op.h
@@ -0,0 +1,29 @@
+--- src/headers/notify_op.h	2026-01-10 15:12:30.071325000 -0800
++++ src/headers/notify_op.h	2026-01-10 15:21:09.287593000 -0800
+@@ -24,7 +24,7 @@
+     WE_WRITE = 2
+ } wevent_t;
+ 
+-#if defined(__linux__)
++#if defined(__linux__) || defined(__FreeBSD__)
+ 
+ #include <sys/epoll.h>
+ 
+@@ -43,7 +43,7 @@
+     return notify->events[index].data.fd;
+ }
+ 
+-#elif defined(__MACH__) || defined(__FreeBSD__) || defined(__OpenBSD__)
++#elif defined(__MACH__) || defined(__OpenBSD__)
+ 
+ #include <sys/types.h>
+ #include <sys/event.h>
+@@ -64,7 +64,7 @@
+     return notify->events[index].ident;
+ }
+ 
+-#endif /* __linux__ */
++#endif /* __linux__ || __FreeBSD__ */
+ 
+ #if defined(__linux__) || defined(__MACH__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+ 
diff --git a/security/wazuh-manager/files/patch-src-shared_notify_op.c b/security/wazuh-manager/files/patch-src-shared_notify_op.c
new file mode 100644
index 000000000000..7145314f3106
--- /dev/null
+++ b/security/wazuh-manager/files/patch-src-shared_notify_op.c
@@ -0,0 +1,29 @@
+--- src/shared/notify_op.c	2026-01-10 15:21:56.099810000 -0800
++++ src/shared/notify_op.c	2026-01-10 15:22:40.484172000 -0800
+@@ -11,7 +11,7 @@
+ 
+ #include <shared.h>
+ 
+-#if defined(__linux__)
++#if defined(__linux__) || defined(__FreeBSD__)
+ 
+ wnotify_t * wnotify_init(int size) {
+     wnotify_t * notify;
+@@ -54,7 +54,7 @@
+     return epoll_wait(notify->fd, notify->events, notify->size, timeout);
+ }
+ 
+-#elif defined(__MACH__) || defined(__FreeBSD__) || defined(__OpenBSD__)
++#elif defined(__MACH__) || defined(__OpenBSD__)
+ 
+ wnotify_t * wnotify_init(int size) {
+     wnotify_t * notify;
+@@ -99,7 +99,7 @@
+     return kevent(notify->fd, NULL, 0, notify->events, notify->size, timeout >= 0 ? &ts : NULL);
+ }
+ 
+-#endif /* __linux__ */
++#endif /* __linux__ || __FreeBSD__ */
+ 
+ #if defined(__linux__) || defined(__MACH__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+ 
diff --git a/security/wazuh-manager/files/patch-src_Makefile b/security/wazuh-manager/files/patch-src_Makefile
index a45608e5dff6..725318d7ad25 100644
--- a/security/wazuh-manager/files/patch-src_Makefile
+++ b/security/wazuh-manager/files/patch-src_Makefile
@@ -1,5 +1,5 @@
---- src/Makefile	2025-09-23 06:59:40.000000000 -0700
-+++ src/Makefile	2025-10-12 08:02:29.393309000 -0700
+--- src/Makefile	2025-11-07 00:46:03.000000000 -0800
++++ src/Makefile	2026-01-10 15:39:06.768699000 -0800
 @@ -49,9 +49,11 @@
  
  HAS_CHECKMODULE = $(shell command -v checkmodule > /dev/null && echo YES)
@@ -12,7 +12,7 @@
  
  ARCH_FLAGS =
  
-@@ -112,7 +114,7 @@
+@@ -113,7 +115,7 @@
  USE_PRELUDE?=no
  USE_ZEROMQ?=no
  USE_GEOIP?=no
@@ -21,25 +21,25 @@
  USE_BIG_ENDIAN=no
  USE_AUDIT=no
  MINGW_HOST=unknown
-@@ -177,6 +179,8 @@
+@@ -178,6 +180,8 @@
  DEFINES+=-DUSER=\"${WAZUH_USER}\"
  DEFINES+=-DGROUPGLOBAL=\"${WAZUH_GROUP}\"
  
-+OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include  -I${SYSINFO}include  -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I${INVENTORY_HARVESTER}include -I./shared_modules/
++OSSEC_CFLAGS+=-I./ -I./headers/ -I${EXTERNAL_OPENSSL}include -I$(EXTERNAL_JSON) -I${EXTERNAL_LIBYAML}include -I${EXTERNAL_CURL}include -I${EXTERNAL_MSGPACK}include -I${EXTERNAL_BZIP2} -I${SHARED_MODULES}common -I${DBSYNC}include -I${RSYNC}include -I${SYSCOLLECTOR}include  -I${SYSINFO}include  -I${EXTERNAL_LIBPCRE2}include -I${EXTERNAL_RPM}/builddir/output/include -I${SYSCHECK}include -I${ROUTER}include -I${CONTENT_MANAGER}include -I${VULNERABILITY_SCANNER}include -I${INVENTORY_HARVESTER}include -I./shared_modules/ -I${LOCALBASE}/include/libepoll-shim
 +
  ifneq (${TARGET},winagent)
  		DEFINES+=-D${uname_S}
  ifeq (${uname_S},Linux)
-@@ -271,13 +275,14 @@
+@@ -272,13 +276,14 @@
  ifeq (${uname_S},FreeBSD)
  		DEFINES+=-DFreeBSD
  		OSSEC_CFLAGS+=-pthread -I/usr/local/include
 -		OSSEC_LDFLAGS+=-pthread
-+		OSSEC_LDFLAGS+=-pthread -lnghttp2
++		OSSEC_LDFLAGS+=-pthread -lnghttp2 -lepoll-shim
  		OSSEC_LDFLAGS+=-L/usr/local/lib
  		OSSEC_LDFLAGS+='-Wl,-rpath,$$ORIGIN/../lib'
 -		AR_LDFLAGS+=-pthread
-+		AR_LDFLAGS+=-pthread -lnghttp2
++		AR_LDFLAGS+=-pthread -lnghttp2 -lepoll-shim
  		AR_LDFLAGS+=-L/usr/local/lib
  		AR_LDFLAGS+='-Wl,-rpath,$$ORIGIN/../../lib'
  		PRECOMPILED_OS:=freebsd
@@ -47,7 +47,7 @@
  else
  ifeq (${uname_S},NetBSD)
  		DEFINES+=-DNetBSD
-@@ -436,7 +441,6 @@
+@@ -437,7 +442,6 @@
  
  OSSEC_CFLAGS+=${DEFINES}
  OSSEC_CFLAGS+=-pipe -Wall -Wextra -std=gnu99
@@ -55,7 +55,7 @@
  
  OSSEC_CFLAGS += ${CFLAGS}
  OSSEC_LDFLAGS += ${LDFLAGS}
-@@ -533,8 +537,8 @@
+@@ -534,8 +538,8 @@
  ifneq (,$(filter ${USE_INOTIFY},YES auto yes y Y 1))
  	DEFINES+=-DINOTIFY_ENABLED
  	ifeq (${uname_S},FreeBSD)
@@ -66,7 +66,7 @@
  		OSSEC_CFLAGS+=-I/usr/local/include
  	endif
  endif
-@@ -960,6 +964,8 @@
+@@ -962,6 +966,8 @@
  	EXTERNAL_LIBS += $(LIBCURL_LIB)
  else ifeq (${uname_S},Linux)
  	EXTERNAL_LIBS += $(LIBCURL_LIB)
@@ -75,7 +75,7 @@
  else ifeq (${uname_S},Darwin)
  	EXTERNAL_LIBS += $(LIBCURL_LIB)
  endif
-@@ -1193,9 +1199,13 @@
+@@ -1196,9 +1202,13 @@
  	cd $(EXTERNAL_CURL) && CPPFLAGS="-fPIC -I${ROUTE_PATH}/${EXTERNAL_OPENSSL}include" LDFLAGS="-L${ROUTE_PATH}/${EXTERNAL_OPENSSL}" LIBS="-ldl -lpthread" ./configure --with-openssl="${ROUTE_PATH}/${EXTERNAL_OPENSSL}" --disable-ldap --without-libidn2 --without-libpsl --without-brotli --without-nghttp2 --without-zstd
  endif
  else
@@ -89,7 +89,7 @@
  
  
  #### procps #########
-@@ -2308,7 +2318,7 @@
+@@ -2307,7 +2317,7 @@
  #### FIM ######
  
  wazuh-syscheckd: librootcheck.a libwazuh.a ${WAZUHEXT_LIB} build_shared_modules
@@ -98,7 +98,7 @@
  
  #### Monitor #######
  
-@@ -2340,13 +2350,13 @@
+@@ -2339,13 +2349,13 @@
  os_auth_o := $(os_auth_c:.c=.o)
  
  os_auth/%.o: os_auth/%.c
@@ -114,7 +114,7 @@
  
  #### integratord #####
  
-@@ -2486,7 +2496,7 @@
+@@ -2485,7 +2495,7 @@
  WPYTHON_DIR := ${INSTALLDIR}/framework/python
  OPTIMIZE_CPYTHON?=no
  WPYTHON_TAR=cpython.tar.gz
@@ -123,7 +123,7 @@
  
  ifneq (,$(filter ${OPTIMIZE_CPYTHON},YES yes y Y 1))
  CPYTHON_FLAGS=--enable-optimizations
-@@ -2500,22 +2510,45 @@
+@@ -2499,22 +2509,45 @@
  endif
  
  ifeq (,$(wildcard ${EXTERNAL_CPYTHON}/python))
@@ -171,7 +171,7 @@
  install_dependencies: install_python
  ifneq (,$(wildcard ${EXTERNAL_CPYTHON}))
  	${WPYTHON_DIR}/bin/python3 -m pip install --upgrade pip --index-url=file://${ROUTE_PATH}/${EXTERNAL_CPYTHON}/Dependencies/simple
-@@ -2532,6 +2565,7 @@
+@@ -2531,6 +2564,7 @@
  
  install_mitre: install_python
  	cd ../tools/mitre && ${WPYTHON_DIR}/bin/python3 mitredb.py -d ${INSTALLDIR}/var/db/mitre.db
diff --git a/security/wazuh-manager/files/patch-src_syscheckd_src_db_CMakeLists.txt b/security/wazuh-manager/files/patch-src_syscheckd_src_db_CMakeLists.txt
index 461f3beeb586..8cd1e6d8d6ab 100644
--- a/security/wazuh-manager/files/patch-src_syscheckd_src_db_CMakeLists.txt
+++ b/security/wazuh-manager/files/patch-src_syscheckd_src_db_CMakeLists.txt
@@ -1,6 +1,14 @@
---- src/syscheckd/src/db/CMakeLists.txt	2025-05-11 01:12:38.188450000 -0700
-+++ src/syscheckd/src/db/CMakeLists.txt	2025-05-11 01:13:28.349743000 -0700
-@@ -64,7 +64,7 @@
+--- src/syscheckd/src/db/CMakeLists.txt	2025-11-07 00:46:03.000000000 -0800
++++ src/syscheckd/src/db/CMakeLists.txt	2026-01-10 15:42:49.547479000 -0800
+@@ -9,6 +9,7 @@
+ include_directories(${SRC_FOLDER}/shared_modules/rsync/include/)
+ include_directories(${SRC_FOLDER}/syscheckd)
+ include_directories(${SRC_FOLDER}/syscheckd/src/db/src)
++include_directories($ENV{LOCALBASE}/include/libepoll-shim)
+ 
+ if(CMAKE_SYSTEM_NAME STREQUAL "HP-UX")
+   link_directories(${INSTALL_PREFIX}/lib)
+@@ -64,7 +65,7 @@
  endif(CMAKE_SYSTEM_NAME STREQUAL "Windows")
  
  if(NOT CMAKE_SYSTEM_NAME STREQUAL "AIX")