- Update to version 2.0.99.r2 which is only a release candidate, but there

has been a "massive public demand" that this port be unFORBIDDEN.
- Remove FORBIDDEN.
- Add a PKGMESSAGE to explain new post-install procedure, and to warn the
  user that this port/package is likely to have future security issues.
- Install startup script mode 444, forcing the user to change this explicitly
  to run ntop at system startup.  Document this in PKGMESSAGE.

net/ntop/Makefile

@@ -6,36 +6,36 @@
 #
 
 PORTNAME=	ntop
-PORTVERSION=	2.0
-PORTREVISION=	2
+PORTVERSION=	2.0.99.r2
 CATEGORIES=	net
-MASTER_SITES=	ftp://ftp.ntop.org/pub/local/ntop/source/ \
-		ftp://ftp.us.ntop.org/pub/ntop/source/ \
-		ftp://ftp.au.ntop.org/pub/ntop/source/ \
-		ftp://ftp.de.ntop.org/pub/ntop/source/ \
-		ftp://ftp.fr.ntop.org/mirrors/networking/ntop/source/ \
-		ftp://ftp.jp.ntop.org/pub/ntop/source/
-DISTNAME=	${PORTNAME}-${PORTVERSION}-src
+MASTER_SITES=	http://luca.ntop.org/ \
+		${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	${PORTNAME}
+DISTNAME=	${PORTNAME}-${PORTVERSION:S|.r|-rc|}
 EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	wjv@FreeBSD.org
 
-FORBIDDEN=	Remote exploit published and no official patch available
-
 # Besides the required dependencies listed here, this port can optionally
 # make use of sysutils/lsof and security/nmap if installed.
 BUILD_DEPENDS=	${LOCALBASE}/lib/libgdchart.a:${PORTSDIR}/graphics/gdchart
 RUN_DEPENDS=	${LOCALBASE}/lib/libgdchart.a:${PORTSDIR}/graphics/gdchart
 LIB_DEPENDS=	gdbm.2:${PORTSDIR}/databases/gdbm
 
-# ntop will store its database files in ${DBDIR}/ntop/
+# ntop will store its runtime database files in ${DBDIR}/ntop/
 DBDIR?=		/var/db
 
-WRKSRC=		${WRKDIR}/${PORTNAME}
+# The default startup script in ${LOCALBASE}/etc/rc.d will invoke
+# with a flag to force it to log to ${LOGDIR}
+LOGDIR?=	/var/log
+
+WRKSRC=		${WRKDIR}/RC2/${PORTNAME}
 USE_AUTOMAKE=	yes
 USE_GMAKE=	yes
 USE_LIBTOOL=	yes
 INSTALLS_SHLIB=	yes
+PLIST_SUB+=	DBDIR=${DBDIR}
+PKGMESSAGE=	${WRKDIR}/pkg-message
 CONFIGURE_ARGS=	--localstatedir=${DBDIR} \
 		--with-gdbm-root=${LOCALBASE} \
 		--with-gdchart-root=${LOCALBASE}
@@ -51,18 +51,26 @@ CONFIGURE_ARGS+=	--with-ossl-root=${LOCALBASE}
 .endif
 
 MAN1=		intop.1
-MAN8=		ntop.8 ntop-rules.8
+MAN8=		ntop.8
 
 # Remove included dependencies as a precaution against polluting the
 # configuration.  Not strictly necessary.
 pre-configure:
-	@ ${RM} -rf ${WRKDIR}/gdchart*
+	@ ${RM} -rf ${WRKDIR}/RC2/gdchart*
+
+post-configure:
+	@ ${SED} -e 's#%%LOCALBASE%%#${LOCALBASE}#g' \
+	  pkg-message > ${PKGMESSAGE}
 
 post-install:
 	@ ${MKDIR} ${DBDIR}/ntop
 	@ ${MKDIR} ${PREFIX}/etc/rc.d
-	@ ${SED} -e "s#%%PREFIX%%#${PREFIX}#g" ${FILESDIR}/ntop.sh > \
+	@ ${SED} -e "s#%%PREFIX%%#${PREFIX}#g" \
+	  -e "s#%%LOGDIR%%#${LOGDIR}#g" ${FILESDIR}/ntop.sh > \
 	  ${WRKDIR}/ntop.sh
-	@ ${INSTALL_SCRIPT} ${WRKDIR}/ntop.sh ${PREFIX}/etc/rc.d
+	@ ${INSTALL_DATA} ${WRKDIR}/ntop.sh ${PREFIX}/etc/rc.d
+.if !defined(BATCH)
+	@ ${CAT} ${PKGMESSAGE}
+.endif
 
 .include <bsd.port.post.mk>

net/ntop/distinfo

@@ -1 +1 @@
-MD5 (ntop-2.0-src.tgz) = e528f29de05924852ff4222509e2f9a4
+MD5 (ntop-2.0.99-rc2.tgz) = d2eebe53b21c954abd44f8b96483bf8c

net/ntop/files/ntop.sh

@@ -19,7 +19,7 @@ http_port='3000'
 https_port='3001'
 
 # Directory for ntop.access.log
-logdir='/var/log'
+logdir='%%LOGDIR%%/ntop.access.log'
 
 # Specify any additional arguments here - see ntop(8)
 additional_args='-E'
@@ -42,7 +42,7 @@ start)
   [ -d $logdir ] && touch ${logdir}/ntop.access.log \
     && chown $userid ${logdir}/ntop.access.log
   [ -d %%PREFIX%%/share/ntop ] && cd %%PREFIX%%/share/ntop
-  [ -x %%PREFIX%%/bin/ntop ] && %%PREFIX%%/bin/ntop $args \
+  [ -x %%PREFIX%%/bin/ntop ] && %%PREFIX%%/bin/ntop $args >/dev/null 2>&1 \
     && echo -n ' ntop'
   ;;
 stop)

net/ntop/files/patch-Makefile.am

@@ -1,23 +1,14 @@
---- Makefile.am.orig	Thu Dec 27 18:00:25 2001
-+++ Makefile.am	Tue Jan  8 14:31:14 2002
-@@ -145,7 +145,7 @@
- libntopreport_la_LIBADD       = $(MORELIBS)
- libntopreport_la_LDFLAGS      = -version-info @NTOP_VERSION_INFO@ -release @NTOP_RELEASE@ -export-dynamic @DYN_FLAGS@
- 
--man_MANS = ntop.8 intop/intop.1
-+man_MANS = ntop.8 ntop-rules.8
- 
- .PHONY: snapshot
- 
-@@ -219,10 +219,10 @@
+--- Makefile.am.orig	Tue May 14 20:12:55 2002
++++ Makefile.am	Mon Jun 24 14:42:42 2002
+@@ -218,10 +218,10 @@
  	/bin/rm -f privkey.pem cert.pem
  
  install-data-local:
--	@cp -p ntop-cert.pem $(bindir)/ntop-cert.pem
+-	@cp -p ntop-cert.pem $(DESTDIR)$(bindir)/ntop-cert.pem
  	@$(top_srcdir)/mkinstalldirs $(DESTDIR)/$(libdir)/plugins;
  	@$(top_srcdir)/mkinstalldirs $(DESTDIR)/$(datadir)/ntop;
  	@$(top_srcdir)/mkinstalldirs $(DESTDIR)/$(datadir)/ntop/html;
-+	@cp -p ntop-cert.pem $(datadir)/ntop/ntop-cert.pem
++	@cp -p ntop-cert.pem $(DESTDIR)/$(datadir)/ntop/ntop-cert.pem
  	@for file in $(NTOPHTML); do \
            if test -d $$file; then \
               $(top_srcdir)/mkinstalldirs $(DESTDIR)/$(datadir)/ntop/$$file; \

net/ntop/files/patch-configure.in

@@ -1,6 +1,6 @@
---- configure.in.orig	Thu Dec 27 19:40:55 2001
-+++ configure.in	Thu Jan 24 11:02:57 2002
-@@ -799,12 +799,10 @@
+--- configure.in.orig	Fri May 31 12:09:35 2002
++++ configure.in	Mon Jun 24 14:25:15 2002
+@@ -826,12 +826,10 @@
  
  if test ".${GDBM_ROOT}" != .; then
    AC_MSG_CHECKING([for the GNU Database Manager Library gdbm (required package)])
@@ -11,12 +11,12 @@
         GDBM_ROOT=`cd ${GDBM_ROOT} && pwd`
 -       CORELIBS="${CORELIBS} -L$GDBM_ROOT -lgdbm"
 -       INCS="${INCS} -I$GDBM_ROOT"
-+       CORELIBS="${CORELIBS} -L$GDBM_ROOT/lib -lgdbm"
-+       INCS="${INCS} -I$GDBM_ROOT/include"
++       CORELIBS="${CORELIBS} -L${GDBM_ROOT}/lib -lgdbm"
++       INCS="${INCS} -I${GDBM_ROOT}/include"
         AC_DEFINE(HAVE_GDBM_H)
         AC_MSG_RESULT([found in $GDBM_ROOT])
    else
-@@ -873,16 +871,11 @@
+@@ -907,16 +905,11 @@
  dnl>
  dnl> user defined directory passed as option at configuration time
  dnl>
@@ -26,18 +26,18 @@
 -       test -r $GDCHART_ROOT/gdc.h &&
 -       test -r $GDCHART_ROOT/gd-1.8.3/libgd.a &&
 -       test -r $GDCHART_ROOT/gd-1.8.3/gd.h &&
--       test -r $GDCHART_ROOT/zlib-1.1.3/libz.a; then
+-       test -r $GDCHART_ROOT/zlib-1.1.4/libz.a; then
 +  if test 1; then
 +    if test -d $GDCHART_ROOT; then
           GDCHART_ROOT=`cd ${GDCHART_ROOT} && pwd`
--         MORELIBS="${MORELIBS} -L$GDCHART_ROOT -lgdchart -L$GDCHART_ROOT/gd-1.8.3 -lgd -L$GDCHART_ROOT/gd-1.8.3/libpng-1.0.8 -lpng -L$GDCHART_ROOT/zlib-1.1.3 -lz"
--         INCS="${INCS} -I$GDCHART_ROOT"
+-         MORELIBS="${MORELIBS} -L$GDCHART_ROOT -lgdchart -L$GDCHART_ROOT/gd-1.8.3 -lgd -L$GDCHART_ROOT/gd-1.8.3/libpng-1.2.1 -lpng -L$GDCHART_ROOT/zlib-1.1.4 -lz"
+-         INCS="${INCS} -I$GDCHART_ROOT -I$GDCHART_ROOT/zlib-1.1.4"
 +         MORELIBS="${MORELIBS} -L${prefix}/lib -lgdchart -lgd -lpng -lz"
 +         INCS="${INCS} -I${prefix}/include/gd"
           AC_DEFINE(HAVE_GDCHART)
+ 	 AC_DEFINE(HAVE_ZLIB)
           AC_MSG_RESULT([found in $GDCHART_ROOT])
-     else
-@@ -936,12 +929,10 @@
+@@ -971,12 +964,10 @@
  if test ".$ac_disable_openssl" = ".no"; then
    AC_MSG_CHECKING([for OpenSSL Library by Open SLL Project (optional package)])
    if test ".${OSSL_ROOT}" != .; then
@@ -48,8 +48,8 @@
           OSSL_ROOT=`cd ${OSSL_ROOT} && pwd`
 -         MORELIBS="${MORELIBS} -L$OSSL_ROOT -lssl"
 -         INCS="${INCS} -I$OSSL_ROOT"
-+         MORELIBS="${MORELIBS} -L$OSSL_ROOT/crypto -lssl"
-+         INCS="${INCS} -I$OSSL_ROOT/include"
++         MORELIBS="${MORELIBS} -L${OSSL_ROOT}/crypto -lssl"
++         INCS="${INCS} -I${OSSL_ROOT}/include"
           AC_DEFINE(HAVE_OPENSSL)
           AC_MSG_RESULT([found in $OSSL_ROOT])
      elif test -d $OSSL_ROOT &&

net/ntop/files/patch-main.c

@@ -1,11 +0,0 @@
---- main.c.orig	Tue Nov 13 13:44:26 2001
-+++ main.c	Tue Dec  4 17:00:15 2001
-@@ -400,7 +400,7 @@
-   }  
- 
-   snprintf(accessLogPath, sizeof(accessLogPath), "%s/%s",
--	   dbPath, DETAIL_ACCESS_LOG_FILE_PATH);
-+	   accessLogPath, DETAIL_ACCESS_LOG_FILE_PATH);
- 
-   initLogger(); /* Do not call this function before dbPath
- 		   is initialized */

net/ntop/pkg-message

@@ -0,0 +1,29 @@
+----------------------------------------------------------------------------
+ntop has been installed, but is not quite ready to be used yet!
+
+You need to set an administrator password for ntop before it may be used.
+As root, execute the following command to set this password:
+
+  # ntop -A
+
+ntop may now be started.  The recommended method to do so is via the
+installed startup script.  As root, execute the following command:
+
+  # sh %%LOCALBASE%%/etc/rc.d/ntop.sh
+
+The recommended way to change startup flags for ntop is to edit this
+startup script.
+
+Note that the installed startup script will NOT be execute at system
+startup by default.  If you wish ntop to start when your system boots,
+you should make this script executable:
+
+  # chmod 555 %%LOCALBASE%%/etc/rc/ntop.sh
+
+			       NB!! NB!! NB!!
+In the past, ntop has been the subject of repeated security vulner-
+abilities, particularly relating to its web interface.  It is strongly
+suggested that you protect your ntop web interface via packet filters
+or TCP wrappers.
+
+----------------------------------------------------------------------------

net/ntop/pkg-plist

@@ -1,25 +1,38 @@
+@exec mkdir -p %%DBDIR%%/ntop
 bin/intop
 bin/ntop
 bin/ntop-config
 etc/rc.d/ntop.sh
 lib/libicmpPlugin.a
 lib/libicmpPlugin.so
-lib/libicmpPlugin.so.0
+lib/libicmpPlugin.so.99
 lib/liblastSeenPlugin.a
 lib/liblastSeenPlugin.so
-lib/liblastSeenPlugin.so.0
+lib/liblastSeenPlugin.so.99
+lib/libnetflowPlugin.a
+lib/libnetflowPlugin.so
+lib/libnetflowPlugin.so.99
 lib/libnfsPlugin.a
 lib/libnfsPlugin.so
-lib/libnfsPlugin.so.0
-lib/libntop-2.0.so.0
+lib/libnfsPlugin.so.99
+lib/libntop-2.0.so.99
 lib/libntop.a
 lib/libntop.so
-lib/libntopreport-2.0.so.0
+lib/libntopreport-2.0.so.99
 lib/libntopreport.a
 lib/libntopreport.so
+lib/libpdaPlugin.a
+lib/libpdaPlugin.so
+lib/libpdaPlugin.so.99
+lib/libsflowPlugin.a
+lib/libsflowPlugin.so
+lib/libsflowPlugin.so.99
 lib/ntop/plugins/icmpPlugin.so
 lib/ntop/plugins/lastSeenPlugin.so
+lib/ntop/plugins/netflowPlugin.so
 lib/ntop/plugins/nfsPlugin.so
+lib/ntop/plugins/pdaPlugin.so
+lib/ntop/plugins/sflowPlugin.so
 share/ntop/html/About.html
 share/ntop/html/Admin.html
 share/ntop/html/Copyright.html
@@ -33,8 +46,10 @@ share/ntop/html/Risk_low.gif
 share/ntop/html/Risk_medium.gif
 share/ntop/html/Risk_unknown.gif
 share/ntop/html/Stats.html
+share/ntop/html/antenna.gif
 share/ntop/html/arrow_down.gif
 share/ntop/html/arrow_up.gif
+share/ntop/html/back.gif
 share/ntop/html/bar.gif
 share/ntop/html/bg_line.gif
 share/ntop/html/black.gif
@@ -45,22 +60,37 @@ share/ntop/html/child.gif
 share/ntop/html/clear.gif
 share/ntop/html/collapsed.gif
 share/ntop/html/copyright.gif
+share/ntop/html/corner.gif
 share/ntop/html/deleteURL.gif
 share/ntop/html/deleteUser.gif
 share/ntop/html/dns.gif
 share/ntop/html/error.gif
 share/ntop/html/expanded.gif
+share/ntop/html/favicon.ico
+share/ntop/html/fback.gif
+share/ntop/html/fforward.gif
+share/ntop/html/forward.gif
 share/ntop/html/gauge.jpg
 share/ntop/html/gray_bg.gif
 share/ntop/html/help.html
 share/ntop/html/index.html
 share/ntop/html/index_inner.html
+share/ntop/html/index_inner_w3c.html
 share/ntop/html/index_left.html
+share/ntop/html/index_left_w3c.html
 share/ntop/html/index_top.html
+share/ntop/html/index_top_w3c.html
+share/ntop/html/index_w3c.html
 share/ntop/html/info.gif
+share/ntop/html/j_DataRcvd.html
+share/ntop/html/j_DataSent.html
+share/ntop/html/j_Stats.html
+share/ntop/html/j_home.html
+share/ntop/html/j_index_top.html
 share/ntop/html/mail.gif
 share/ntop/html/major.gif
 share/ntop/html/menubar.png
+share/ntop/html/menubar_j.png
 share/ntop/html/menuline.png
 share/ntop/html/minor.gif
 share/ntop/html/modifyUser.gif
@@ -307,6 +337,5 @@ share/ntop/ntop-cert.pem
 @dirrm share/ntop/html/statsicons
 @dirrm share/ntop/html
 @dirrm share/ntop
-@dirrm lib/plugins
 @dirrm lib/ntop/plugins
 @dirrm lib/ntop