1) service swatch status won't always show status, which means it won't always stop, restart, etc. if swatch_x_flags is greater than 222 bytes, then you need procname=/usr/local/bin/perl if < 222, you don't. This is due to the $0 limit in perl: " http://perldoc.perl.org/perlvar.html "Note that there are platform-specific limitations on the maximum length of $0 . In the most extreme case it may be limited to the space occupied by the original $0 ." 2) swatch would LIKE to have p5-File-Tail as a dependency: (if you don't use the default tail command) "Checking if your kit is complete... Looks good Warning: prerequisite File::Tail 0 not found. Writing Makefile for swatch: Fix: 1) this patch takes the $command $swatch_x_flags and the 'suffex' (perl), two byte padding and compares it to 255 if swatch worked for you before (service swatch (status|stop|restart) then this should work. if it didn't work before, and you had lots of little swatches running, this should fix it. I asked in ports@ and perl@ and didn't really get any good answers to this ugly hack. (note: two options, instead of setting procname, you could 'err 1 swatch_${i}_flags too long' in rc. or you could patch swatch to fail if cmdarg > (too long) 2) this patch will bring in File-Tail, and allow for both smaller swatch_x_flags lens and larger ones. - patch swatch.rc to check for buffer overflow in cmdarg with long _flags lines - add p5-File-Tail dependency ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________--WI7k4k9H5eBUmKKpPYJxTwaZ1vuYDu0P5XCg7pB6mGkYfQru Content-Type: text/plain; name="swatch.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="swatch.patch" Index: Makefile =================================================================== RCS file: /home/pcvs/ports/security/swatch/Makefile,v retrieving revision 1.31 diff -u -r1.31 Makefile --- Makefile 21 Jan 2012 17:40:12 -0000 1.31 +++ Makefile 26 Jan 2012 19:55:30 -0000 @@ -7,7 +7,7 @@ PORTNAME= swatch PORTVERSION= 3.2.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security sysutils MASTER_SITES= SF @@ -17,7 +17,8 @@ BUILD_DEPENDS= \ ${SITE_PERL}/Date/Format.pm:${PORTSDIR}/devel/p5-TimeDate \ ${SITE_PERL}/Date/Manip.pm:${PORTSDIR}/devel/p5-Date-Manip \ - ${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc + ${SITE_PERL}/Date/Calc.pm:${PORTSDIR}/devel/p5-Date-Calc \ + ${SITE_PERL}/File/Tail.pm:${PORTSDIR}/devel/p5-File-Tail RUN_DEPENDS:= ${BUILD_DEPENDS} PERL_CONFIGURE= yes Index: files/swatch.in =================================================================== RCS file: /home/pcvs/ports/security/swatch/files/swatch.in,v retrieving revision 1.7 diff -u -r1.7 swatch.in --- files/swatch.in 14 Jan 2012 08:56:53 -0000 1.7 +++ files/swatch.in 26 Jan 2012 19:55:30 -0000 @@ -21,15 +21,20 @@ name=swatch rcvar=swatch_enable +# set some defaults +: ${swatch_enable="NO"} command=%%PREFIX%%/bin/swatch -procname=%%LOCALBASE%%/bin/perl load_rc_config ${name} if [ -n "${swatch_rules}" ]; then for i in ${swatch_rules}; do eval swatch_flags=\$swatch_${i}_flags + len=`echo "0${command} ${swatch_flags} (perl)0" | wc -c` + if [ $len -ge 255 ];then + procname=%%LOCALBASE%%/bin/perl + fi eval swatch_user=\$swatch_${i}_user eval swatch_chdir=\$swatch_${i}_chdir eval pidfile=\$swatch_${i}_pidfile How-To-Repeat: 1) have a very long log file name (so that swatch_1_flags is > 222 bytes), have multiple files, same 2) pkg_delete p5-File-Tail\* and reinstall swatch. look for error.
Responsible Changed From-To: freebsd-ports-bugs->scheidell Submitter has GNATS access (via the GNATS Auto Assign Tool)
Maintainer of security/swatch, Please note that PR ports/164529 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/164529 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Joseph: Have you had a chance to look at my pr yet? It should be 100% upward compatible with anyone using it now, and fixes the problem with long _flags. I checked on ports@ and their suggestion to have it fixed upstream really isn't going to work.. FreeBSD has the 255 byte limit, and any 'fix' upstream would break anyone currently using swatch with long _flags. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator
scheidell 2012-02-10 14:37:30 UTC FreeBSD ports repository Modified files: security/swatch Makefile security/swatch/files swatch.in Log: - patch swatch.rc to check for buffer overflow in cmdarg with long _flags lines - add p5-File-Tail dependency - Bump PORTREVISION PR: ports/164529 Submitted by: scheidell Approved by: joseph@randomnetworks.com (maintainer timeout, 15 days), gabor (mentor) Revision Changes Path 1.32 +3 -2 ports/security/swatch/Makefile 1.8 +11 -4 ports/security/swatch/files/swatch.in _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed.