From 957571a90d4daa7f567c3d69f3e3a0184cbbb367 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 31 Oct 2005 14:53:37 +0000 Subject: [PATCH] - Update to 0.81 PR: ports/88240 Submitted by: maintainer --- security/doorman/Makefile | 49 +++++++------------ security/doorman/distinfo | 4 +- security/doorman/files/doormand.cf.EXAMPLE.in | 18 +++++++ security/doorman/files/patch-Makefile.in | 20 ++++++++ security/doorman/files/patch-configure | 11 +++++ security/doorman/files/patch-configure.ac | 11 +++++ security/doorman/files/patch-doormand.c | 26 +++++----- 7 files changed, 93 insertions(+), 46 deletions(-) create mode 100644 security/doorman/files/doormand.cf.EXAMPLE.in create mode 100644 security/doorman/files/patch-Makefile.in create mode 100644 security/doorman/files/patch-configure create mode 100644 security/doorman/files/patch-configure.ac diff --git a/security/doorman/Makefile b/security/doorman/Makefile index 02ff48321ec6..756236b5687a 100644 --- a/security/doorman/Makefile +++ b/security/doorman/Makefile @@ -6,8 +6,7 @@ # PORTNAME= doorman -PORTVERSION= 0.8 -PORTREVISION= 1 +PORTVERSION= 0.81 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= doorman @@ -19,59 +18,45 @@ COMMENT= A Port Knocking implementation, both daemon and client BUILD_DEPENDS= lsof:${PORTSDIR}/sysutils/lsof RUN_DEPENDS= ${BUILD_DEPENDS} -PKGMESSAGE= ${WRKDIR}/pkg-message -PATCH_STRIP= -p1 - -# Default to db4 -WITH_BDB_VER?= 4 - .include -.if ${WITH_BDB_VER} == 2 -LIB_DEPENDS= db2.0:${PORTSDIR}/databases/db2 -.elif ${WITH_BDB_VER} == 3 -LIB_DEPENDS= db3.3:${PORTSDIR}/databases/db3 -.elif ${WITH_BDB_VER} == 4 -LIB_DEPENDS= db4.0:${PORTSDIR}/databases/db4 -.elif ${WITH_BDB_VER} == 41 -LIB_DEPENDS= db41.1:${PORTSDIR}/databases/db41 -.elif ${WITH_BDB_VER} == 42 -LIB_DEPENDS= db-4.2.2:${PORTSDIR}/databases/db42 -.else -.error WITH_BDB_VER must be one between 2, 3, 4, 41 and 42 -.endif - # doormand does not work with the FreeBSD 4.x version of libpcap. # Require the ports version. .if ${OSVERSION} < 500000 BUILD_DEPENDS+= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap .endif +PKGMESSAGE= ${WRKDIR}/pkg-message +PATCH_STRIP= -p1 + INSTALL_TARGET= installdirs install-exec install-data MAN1= knock.1 MAN5= knockcf.5 doormand.cf.5 guestlist.5 MAN8= doormand.8 +CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} GNU_CONFIGURE= yes -SUB_FILES= pkg-message +SUB_FILES= pkg-message doormand.cf.EXAMPLE USE_RC_SUBR= doorman.sh +USE_REINPLACE= yes -pre-everything:: - @${ECHO_MSG} - @${ECHO_MSG} " This port currently requires BerkeleyDB, has only been tested with the " - @${ECHO_MSG} " db4.x releases, and builds with db4 by default. If you wish to use a " - @${ECHO_MSG} " specific version please use the WITH_BDB_VER=x argument using the " - @${ECHO_MSG} " values 2, 3, 4, 41, or 42. " - @${ECHO_MSG} - @${ECHO_MSG} " CURRENTLY BUILDING WITH db${WITH_BDB_VER} " - @${ECHO_MSG} +pre-patch: + @${REINPLACE_CMD} -e 's/[[:cntrl:]]*$$//' \ + ${WRKSRC}/doormand.c + +post-configure: +.if ${OSVERSION} < 500000 + @${REINPLACE_CMD} -e 's,-lpcap,-L${LOCALBASE}/lib/libpcap.a,' \ + ${WRKSRC}/Makefile +.endif post-install: ${RM} -f ${PREFIX}/etc/doormand/ipf_add ${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.atend ${PREFIX}/etc/doormand/ipf_add.atend ${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.before_block ${PREFIX}/etc/doormand/ipf_add.before_block ${INSTALL_SCRIPT} ${FILESDIR}/ipf_delete ${PREFIX}/etc/doormand/ipf_delete + ${INSTALL_DATA} ${WRKDIR}/doormand.cf.EXAMPLE ${PREFIX}/etc/doormand/doormand.cf.EXAMPLE @for man in ${MAN1}; do \ ${INSTALL_MAN} -C ${WRKSRC}/$$man ${PREFIX}/man/man1; \ done diff --git a/security/doorman/distinfo b/security/doorman/distinfo index f0c6b71d5e6e..f80415239873 100644 --- a/security/doorman/distinfo +++ b/security/doorman/distinfo @@ -1,2 +1,2 @@ -MD5 (doorman-0.8.tgz) = 44a495d06bf81ac9a824380612035672 -SIZE (doorman-0.8.tgz) = 139950 +MD5 (doorman-0.81.tgz) = f0f30132a541122fa46f4d6d321260d9 +SIZE (doorman-0.81.tgz) = 140643 diff --git a/security/doorman/files/doormand.cf.EXAMPLE.in b/security/doorman/files/doormand.cf.EXAMPLE.in new file mode 100644 index 000000000000..8d412b58fbab --- /dev/null +++ b/security/doorman/files/doormand.cf.EXAMPLE.in @@ -0,0 +1,18 @@ +# +# 'doormand.cf' +# Sample configuration file for the Doorman Daemon, "doormand". +# +# +interface tun0 +port 1033 +waitfor 10 +connection_delay_1 100000 # 1/10th second (delay is in microseconds) +connection_delay_2 2 +logfile /var/log/doorman +loglevel debug +pidfile /var/run/doormand.pid +guestlist %%PREFIX%%/etc/doormand/guestlist +firewall-add %%PREFIX%%/etc/doormand/ipf_add.before_block +firewall-del %%PREFIX%%/etc/doormand/ipf_delete +hash-archive /var/run/doormand.hash-archive +hash-archive-size 100000 diff --git a/security/doorman/files/patch-Makefile.in b/security/doorman/files/patch-Makefile.in new file mode 100644 index 000000000000..e452f37d68b7 --- /dev/null +++ b/security/doorman/files/patch-Makefile.in @@ -0,0 +1,20 @@ +--- Makefile.in.orig Sun Jul 25 20:35:35 2004 ++++ Makefile.in Sun Oct 30 15:57:06 2005 +@@ -197,8 +197,7 @@ + man5_MANS = knockcf.5 doormand.cf.5 guestlist.5 + man8_MANS = doormand.8 + cfgdir = $(sysconfdir)/doormand +-cfg_DATA = doormand.cf.EXAMPLE\ +- guestlist.EXAMPLE\ ++cfg_DATA = guestlist.EXAMPLE\ + iptables_add iptables_delete\ + ipchains_add ipchains_delete\ + ipf_add ipf_delete\ +@@ -864,7 +863,6 @@ + chmod 744 $(DESTDIR)$(cfgdir)/pfctl_add + chmod 744 $(DESTDIR)$(cfgdir)/pfctl_delete + chmod 600 $(DESTDIR)$(cfgdir)/guestlist.EXAMPLE +- chmod 644 $(DESTDIR)$(cfgdir)/doormand.cf.EXAMPLE + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: diff --git a/security/doorman/files/patch-configure b/security/doorman/files/patch-configure new file mode 100644 index 000000000000..ec2975e957fd --- /dev/null +++ b/security/doorman/files/patch-configure @@ -0,0 +1,11 @@ +--- configure.orig Mon Sep 5 17:07:45 2005 ++++ configure Sun Oct 30 14:52:28 2005 +@@ -4893,7 +4893,7 @@ + echo "${ECHO_T}no" >&6 + fi + +-if test "$LSOF" == "no"; then ++if test "$LSOF" = "no"; then + echo -e "\a" + echo "*** Utility 'lsof' is missing; doormand cannot function properly without it." + echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)" diff --git a/security/doorman/files/patch-configure.ac b/security/doorman/files/patch-configure.ac new file mode 100644 index 000000000000..da49e679bd9e --- /dev/null +++ b/security/doorman/files/patch-configure.ac @@ -0,0 +1,11 @@ +--- configure.ac.orig Sun Aug 7 16:26:03 2005 ++++ configure.ac Sun Oct 30 14:53:03 2005 +@@ -22,7 +22,7 @@ + + AC_PATH_PROG([LSOF], [lsof], [no], + [/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin]) +-if test "$LSOF" == "no"; then ++if test "$LSOF" = "no"; then + echo -e "\a" + echo "*** Utility 'lsof' is missing; doormand cannot function properly without it." + echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)" diff --git a/security/doorman/files/patch-doormand.c b/security/doorman/files/patch-doormand.c index 2ee4e4cbeaff..a9563fd826cd 100644 --- a/security/doorman/files/patch-doormand.c +++ b/security/doorman/files/patch-doormand.c @@ -1,6 +1,6 @@ ---- doorman-0.8.orig/doormand.c Thu Jul 29 21:24:02 2004 -+++ doorman-0.8/doormand.c Sun May 29 09:05:31 2005 -@@ -397,7 +397,11 @@ +--- doorman-0.81/doormand.c 2005-10-30 14:00:27.000000000 +0100 ++++ doormand.c 2005-10-30 14:05:18.000000000 +0100 +@@ -387,7 +387,11 @@ int datalink_header_lengths[] = { // hdr len code data link type // ------- --- --------------------------- @@ -12,7 +12,7 @@ 14, // 1 Ethernet (10Mb) -1, // 2 Experimental Ethernet (3Mb) -1, // 3 Amateur Radio AX.25 -@@ -557,6 +561,14 @@ +@@ -614,6 +618,14 @@ // more readable. // @@ -27,7 +27,7 @@ #define LSOF()\ sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\ \ -@@ -578,6 +590,7 @@ +@@ -635,6 +647,7 @@ if ((p1 = token (&p2, " ")) == NULL) continue ;\ if ((p1 = token (&p2, " ")) == NULL) continue ;\ if ((p1 = token (&p2, " ")) == NULL) continue ;\ @@ -35,7 +35,7 @@ if ((p1 = token (&p2, " :")) == NULL) continue ;\ local_ip = inet_addr(p1) ;\ if ((p1 = token (&p2, "-")) == NULL) continue ;\ -@@ -602,7 +615,53 @@ +@@ -659,7 +672,53 @@ }\ }\ pclose(f) ; @@ -90,7 +90,7 @@ -@@ -647,7 +706,11 @@ +@@ -704,7 +763,11 @@ snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s", dport_string, src_addr, interface_ip_str) ; DEBUG "open a secondary pcap: '%s'", cmd) ; @@ -102,7 +102,7 @@ // set broad firewall rule sprintf (G_fw_broad_rule, " %s %s 0 %s %s", -@@ -659,7 +722,22 @@ +@@ -716,7 +779,22 @@ for (;;) { @@ -123,9 +123,9 @@ p = (unsigned char*)pcap_next (cap, &packet_hdr) ; +#endif if (p == NULL) { - WARNX "manage_firewall got null from 'pcap_next'. Exiting.") ; - exit (1) ; -@@ -1222,9 +1300,13 @@ + WARNX "manage_firewall got null from 'pcap_next': %s Exiting.", + pcap_geterr(G_cap)) ; +@@ -1300,9 +1378,13 @@ croak (errno, "Can't get interface address of %s", device) ; } @@ -140,10 +140,12 @@ if (G_reconfigure) { G_reconfigure = FALSE ; NOTICE "reconfigured.") ; -@@ -1252,7 +1334,22 @@ +@@ -1330,9 +1412,22 @@ char src_addr_buff[16] ; errno = 0 ; +- netdown_count = 0 ; +- +#ifdef __FreeBSD__ + { + int ret = 0;