FreeBSD Bugzilla – Attachment 58575 Details for
Bug 88240
[maintainer update] Update security/doorman to 0.81
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
doorman-0.81.patch
doorman-0.81.patch (text/plain), 16.11 KB, created by
Lupe Christoph
on 2005-10-30 15:30:20 UTC
(
hide
)
Description:
doorman-0.81.patch
Filename:
MIME Type:
Creator:
Lupe Christoph
Created:
2005-10-30 15:30:20 UTC
Size:
16.11 KB
patch
obsolete
>diff -ruN /usr/ports/security/doorman/Makefile doorman-0.81/Makefile >--- /usr/ports/security/doorman/Makefile Sat Jun 4 03:11:04 2005 >+++ doorman-0.81/Makefile Sun Oct 30 16:08:16 2005 >@@ -6,8 +6,7 @@ > # > > PORTNAME= doorman >-PORTVERSION= 0.8 >-PORTREVISION= 1 >+PORTVERSION= 0.81 > CATEGORIES= security > MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} > MASTER_SITE_SUBDIR= doorman >@@ -19,34 +18,17 @@ > BUILD_DEPENDS= lsof:${PORTSDIR}/sysutils/lsof > RUN_DEPENDS= ${BUILD_DEPENDS} > >-PKGMESSAGE= ${WRKDIR}/pkg-message >-PATCH_STRIP= -p1 >- >-# Default to db4 >-WITH_BDB_VER?= 4 >- > .include <bsd.port.pre.mk> > >-.if ${WITH_BDB_VER} == 2 >-LIB_DEPENDS= db2.0:${PORTSDIR}/databases/db2 >-.elif ${WITH_BDB_VER} == 3 >-LIB_DEPENDS= db3.3:${PORTSDIR}/databases/db3 >-.elif ${WITH_BDB_VER} == 4 >-LIB_DEPENDS= db4.0:${PORTSDIR}/databases/db4 >-.elif ${WITH_BDB_VER} == 41 >-LIB_DEPENDS= db41.1:${PORTSDIR}/databases/db41 >-.elif ${WITH_BDB_VER} == 42 >-LIB_DEPENDS= db-4.2.2:${PORTSDIR}/databases/db42 >-.else >-.error WITH_BDB_VER must be one between 2, 3, 4, 41 and 42 >-.endif >- > # doormand does not work with the FreeBSD 4.x version of libpcap. > # Require the ports version. > .if ${OSVERSION} < 500000 > BUILD_DEPENDS+= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap > .endif > >+PKGMESSAGE= ${WRKDIR}/pkg-message >+PATCH_STRIP= -p1 >+ > INSTALL_TARGET= installdirs install-exec install-data > > MAN1= knock.1 >@@ -54,24 +36,15 @@ > MAN8= doormand.8 > > GNU_CONFIGURE= yes >-SUB_FILES= pkg-message >+SUB_FILES= pkg-message doormand.cf.EXAMPLE > USE_RC_SUBR= doorman.sh > >-pre-everything:: >- @${ECHO_MSG} >- @${ECHO_MSG} " This port currently requires BerkeleyDB, has only been tested with the " >- @${ECHO_MSG} " db4.x releases, and builds with db4 by default. If you wish to use a " >- @${ECHO_MSG} " specific version please use the WITH_BDB_VER=x argument using the " >- @${ECHO_MSG} " values 2, 3, 4, 41, or 42. " >- @${ECHO_MSG} >- @${ECHO_MSG} " CURRENTLY BUILDING WITH db${WITH_BDB_VER} " >- @${ECHO_MSG} >- > post-install: > ${RM} -f ${PREFIX}/etc/doormand/ipf_add > ${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.atend ${PREFIX}/etc/doormand/ipf_add.atend > ${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.before_block ${PREFIX}/etc/doormand/ipf_add.before_block > ${INSTALL_SCRIPT} ${FILESDIR}/ipf_delete ${PREFIX}/etc/doormand/ipf_delete >+ ${INSTALL_DATA} ${WRKDIR}/doormand.cf.EXAMPLE ${PREFIX}/etc/doormand/doormand.cf.EXAMPLE > @for man in ${MAN1}; do \ > ${INSTALL_MAN} -C ${WRKSRC}/$$man ${PREFIX}/man/man1; \ > done >diff -ruN /usr/ports/security/doorman/distinfo doorman-0.81/distinfo >--- /usr/ports/security/doorman/distinfo Thu Aug 12 19:27:31 2004 >+++ doorman-0.81/distinfo Sun Oct 30 13:44:26 2005 >@@ -1,2 +1,2 @@ >-MD5 (doorman-0.8.tgz) = 44a495d06bf81ac9a824380612035672 >-SIZE (doorman-0.8.tgz) = 139950 >+MD5 (doorman-0.81.tgz) = f0f30132a541122fa46f4d6d321260d9 >+SIZE (doorman-0.81.tgz) = 140643 >diff -ruN /usr/ports/security/doorman/files/doormand.cf.EXAMPLE.in doorman-0.81/files/doormand.cf.EXAMPLE.in >--- /usr/ports/security/doorman/files/doormand.cf.EXAMPLE.in Thu Jan 1 01:00:00 1970 >+++ doorman-0.81/files/doormand.cf.EXAMPLE.in Sun Oct 30 15:58:38 2005 >@@ -0,0 +1,18 @@ >+# >+# 'doormand.cf' >+# Sample configuration file for the Doorman Daemon, "doormand". >+# >+# >+interface tun0 >+port 1033 >+waitfor 10 >+connection_delay_1 100000 # 1/10th second (delay is in microseconds) >+connection_delay_2 2 >+logfile /var/log/doorman >+loglevel debug >+pidfile /var/run/doormand.pid >+guestlist %%PREFIX%%/etc/doormand/guestlist >+firewall-add %%PREFIX%%/etc/doormand/ipf_add.before_block >+firewall-del %%PREFIX%%/etc/doormand/ipf_delete >+hash-archive /var/run/doormand.hash-archive >+hash-archive-size 100000 >diff -ruN /usr/ports/security/doorman/files/patch-Makefile.in doorman-0.81/files/patch-Makefile.in >--- /usr/ports/security/doorman/files/patch-Makefile.in Thu Jan 1 01:00:00 1970 >+++ doorman-0.81/files/patch-Makefile.in Sun Oct 30 15:57:52 2005 >@@ -0,0 +1,20 @@ >+--- Makefile.in.orig Sun Jul 25 20:35:35 2004 >++++ Makefile.in Sun Oct 30 15:57:06 2005 >+@@ -197,8 +197,7 @@ >+ man5_MANS = knockcf.5 doormand.cf.5 guestlist.5 >+ man8_MANS = doormand.8 >+ cfgdir = $(sysconfdir)/doormand >+-cfg_DATA = doormand.cf.EXAMPLE\ >+- guestlist.EXAMPLE\ >++cfg_DATA = guestlist.EXAMPLE\ >+ iptables_add iptables_delete\ >+ ipchains_add ipchains_delete\ >+ ipf_add ipf_delete\ >+@@ -864,7 +863,6 @@ >+ chmod 744 $(DESTDIR)$(cfgdir)/pfctl_add >+ chmod 744 $(DESTDIR)$(cfgdir)/pfctl_delete >+ chmod 600 $(DESTDIR)$(cfgdir)/guestlist.EXAMPLE >+- chmod 644 $(DESTDIR)$(cfgdir)/doormand.cf.EXAMPLE >+ # Tell versions [3.59,3.63) of GNU make to not export all variables. >+ # Otherwise a system limit (for SysV at least) may be exceeded. >+ .NOEXPORT: >diff -ruN /usr/ports/security/doorman/files/patch-configure doorman-0.81/files/patch-configure >--- /usr/ports/security/doorman/files/patch-configure Thu Jan 1 01:00:00 1970 >+++ doorman-0.81/files/patch-configure Sun Oct 30 14:52:52 2005 >@@ -0,0 +1,11 @@ >+--- configure.orig Mon Sep 5 17:07:45 2005 >++++ configure Sun Oct 30 14:52:28 2005 >+@@ -4893,7 +4893,7 @@ >+ echo "${ECHO_T}no" >&6 >+ fi >+ >+-if test "$LSOF" == "no"; then >++if test "$LSOF" = "no"; then >+ echo -e "\a" >+ echo "*** Utility 'lsof' is missing; doormand cannot function properly without it." >+ echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)" >diff -ruN /usr/ports/security/doorman/files/patch-configure.ac doorman-0.81/files/patch-configure.ac >--- /usr/ports/security/doorman/files/patch-configure.ac Thu Jan 1 01:00:00 1970 >+++ doorman-0.81/files/patch-configure.ac Sun Oct 30 14:53:19 2005 >@@ -0,0 +1,11 @@ >+--- configure.ac.orig Sun Aug 7 16:26:03 2005 >++++ configure.ac Sun Oct 30 14:53:03 2005 >+@@ -22,7 +22,7 @@ >+ >+ AC_PATH_PROG([LSOF], [lsof], [no], >+ [/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin]) >+-if test "$LSOF" == "no"; then >++if test "$LSOF" = "no"; then >+ echo -e "\a" >+ echo "*** Utility 'lsof' is missing; doormand cannot function properly without it." >+ echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)" >diff -ruN /usr/ports/security/doorman/files/patch-doormand.c doorman-0.81/files/patch-doormand.c >--- /usr/ports/security/doorman/files/patch-doormand.c Mon May 30 18:31:51 2005 >+++ doorman-0.81/files/patch-doormand.c Sun Oct 30 14:05:31 2005 >@@ -1,165 +1,167 @@ >---- doorman-0.8.orig/doormand.c Thu Jul 29 21:24:02 2004 >-+++ doorman-0.8/doormand.c Sun May 29 09:05:31 2005 >-@@ -397,7 +397,11 @@ >- int datalink_header_lengths[] = { >- // hdr len code data link type >- // ------- --- --------------------------- >-+#ifdef __FreeBSD__ >-+ 4, // 0 no link-layer encapsulation >-+#else >- 0, // 0 no link-layer encapsulation >-+#endif >- 14, // 1 Ethernet (10Mb) >- -1, // 2 Experimental Ethernet (3Mb) >- -1, // 3 Amateur Radio AX.25 >-@@ -557,6 +561,14 @@ >- // more readable. >- // >- >-+/* >-+// lsof on FreeBSD produces one more field. >-+// This should be rewritten to use a regular expression, anyway. >-+// >-+// And who said using C++ style comments in C was good for portability?!? >-+*/ >-+ >-+#ifdef __FreeBSD__ >- #define LSOF()\ >- sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\ >- \ >-@@ -578,6 +590,7 @@ >- if ((p1 = token (&p2, " ")) == NULL) continue ;\ >- if ((p1 = token (&p2, " ")) == NULL) continue ;\ >- if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >- if ((p1 = token (&p2, " :")) == NULL) continue ;\ >- local_ip = inet_addr(p1) ;\ >- if ((p1 = token (&p2, "-")) == NULL) continue ;\ >-@@ -602,7 +615,53 @@ >- }\ >- }\ >- pclose(f) ; >-- >-+#else >-+#define LSOF()\ >-+sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\ >-+\ >-+f = popen (cmd, "r") ;\ >-+if (f == NULL) {\ >-+ croak (errno, "Can't execute '%s'; exiting.", cmd) ;\ >-+}\ >-+\ >-+fgets(buffer, 254, f) ; /* throw away the first line. */ \ >-+while (fgets(buffer, 254, f)) {\ >-+ p2 = buffer ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ dname = p1 ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ pid = p1 ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ uname = p1 ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ if ((p1 = token (&p2, " :")) == NULL) continue ;\ >-+ local_ip = inet_addr(p1) ;\ >-+ if ((p1 = token (&p2, "-")) == NULL) continue ;\ >-+ local_port = atoi(p1) ;\ >-+ if ((p1 = token (&p2, "->:")) == NULL) continue ;\ >-+ aptr = p1 ;\ >-+ remote_ip = inet_addr(p1) ;\ >-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >-+ pptr = p1 ;\ >-+ remote_port = atoi(p1) ;\ >-+ if ((p1 = token (&p2, " ()")) == NULL) continue ;\ >-+ status = p1 ;\ >-+\ >-+ if ((saddr == remote_ip) &&\ >-+ (daddr == local_ip) &&\ >-+ (sport == remote_port) &&\ >-+ (dport == local_port) && \ >-+ (strcmp(status, "ESTABLISHED") == 0))\ >-+ {\ >-+ connected = TRUE ;\ >-+ break ;\ >-+ }\ >-+}\ >-+pclose(f) ; >-+#endif >- >- >- >-@@ -647,7 +706,11 @@ >- snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s", >- dport_string, src_addr, interface_ip_str) ; >- DEBUG "open a secondary pcap: '%s'", cmd) ; >-+#ifdef __FreeBSD__ >-+ hdr_len = open_a_pcap (device, 1000, &cap, cmd) ; >-+#else >- hdr_len = open_a_pcap (device, 0, &cap, cmd) ; >-+#endif >- >- // set broad firewall rule >- sprintf (G_fw_broad_rule, " %s %s 0 %s %s", >-@@ -659,7 +722,22 @@ >- >- for (;;) { >- >-+#ifdef __FreeBSD__ >-+ { >-+ int ret = 0; >-+ struct pcap_pkthdr * packet_hdr_p; >-+ >-+ while (ret == 0) { >-+ ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ; >-+ packet_hdr = *packet_hdr_p; >-+ if (ret < 0) { >-+ p = NULL; >-+ } >-+ } >-+ } >-+#else >- p = (unsigned char*)pcap_next (cap, &packet_hdr) ; >-+#endif >- if (p == NULL) { >- WARNX "manage_firewall got null from 'pcap_next'. Exiting.") ; >- exit (1) ; >-@@ -1222,9 +1300,13 @@ >- croak (errno, "Can't get interface address of %s", device) ; >- } >- >-+#ifdef __FreeBSD__ >-+ hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s", >-+ port, interface_ip) ; >-+#else >- hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s", >- port, interface_ip) ; >-- >-+#endif >- if (G_reconfigure) { >- G_reconfigure = FALSE ; >- NOTICE "reconfigured.") ; >-@@ -1252,7 +1334,22 @@ >- char src_addr_buff[16] ; >- >- errno = 0 ; >-+#ifdef __FreeBSD__ >-+ { >-+ int ret = 0; >-+ struct pcap_pkthdr * packet_hdr_p; >-+ >-+ while (ret == 0) { >-+ ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ; >-+ packet_hdr = *packet_hdr_p; >-+ if (ret < 0) { >-+ p = NULL; >-+ } >-+ } >-+ } >-+#else >- p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ; >-+#endif >- if (G_reconfigure) { >- if (daemonize) err_closelog() ; >- goto reconfigure ; >+--- doorman-0.81/doormand.c 2005-10-30 14:00:27.000000000 +0100 >++++ doormand.c 2005-10-30 14:05:18.000000000 +0100 >+@@ -387,7 +387,11 @@ >+ int datalink_header_lengths[] = { >+ // hdr len code data link type >+ // ------- --- --------------------------- >++#ifdef __FreeBSD__ >++ 4, // 0 no link-layer encapsulation >++#else >+ 0, // 0 no link-layer encapsulation >++#endif >+ 14, // 1 Ethernet (10Mb) >+ -1, // 2 Experimental Ethernet (3Mb) >+ -1, // 3 Amateur Radio AX.25 >+@@ -614,6 +618,14 @@ >+ // more readable. >+ // >+ >++/* >++// lsof on FreeBSD produces one more field. >++// This should be rewritten to use a regular expression, anyway. >++// >++// And who said using C++ style comments in C was good for portability?!? >++*/ >++ >++#ifdef __FreeBSD__ >+ #define LSOF()\ >+ sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\ >+ \ >+@@ -635,6 +647,7 @@ >+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >+ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >+ if ((p1 = token (&p2, " :")) == NULL) continue ;\ >+ local_ip = inet_addr(p1) ;\ >+ if ((p1 = token (&p2, "-")) == NULL) continue ;\ >+@@ -659,7 +672,53 @@ >+ }\ >+ }\ >+ pclose(f) ; >+- >++#else >++#define LSOF()\ >++sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\ >++\ >++f = popen (cmd, "r") ;\ >++if (f == NULL) {\ >++ croak (errno, "Can't execute '%s'; exiting.", cmd) ;\ >++}\ >++\ >++fgets(buffer, 254, f) ; /* throw away the first line. */ \ >++while (fgets(buffer, 254, f)) {\ >++ p2 = buffer ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ dname = p1 ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ pid = p1 ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ uname = p1 ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ if ((p1 = token (&p2, " :")) == NULL) continue ;\ >++ local_ip = inet_addr(p1) ;\ >++ if ((p1 = token (&p2, "-")) == NULL) continue ;\ >++ local_port = atoi(p1) ;\ >++ if ((p1 = token (&p2, "->:")) == NULL) continue ;\ >++ aptr = p1 ;\ >++ remote_ip = inet_addr(p1) ;\ >++ if ((p1 = token (&p2, " ")) == NULL) continue ;\ >++ pptr = p1 ;\ >++ remote_port = atoi(p1) ;\ >++ if ((p1 = token (&p2, " ()")) == NULL) continue ;\ >++ status = p1 ;\ >++\ >++ if ((saddr == remote_ip) &&\ >++ (daddr == local_ip) &&\ >++ (sport == remote_port) &&\ >++ (dport == local_port) && \ >++ (strcmp(status, "ESTABLISHED") == 0))\ >++ {\ >++ connected = TRUE ;\ >++ break ;\ >++ }\ >++}\ >++pclose(f) ; >++#endif >+ >+ >+ >+@@ -704,7 +763,11 @@ >+ snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s", >+ dport_string, src_addr, interface_ip_str) ; >+ DEBUG "open a secondary pcap: '%s'", cmd) ; >++#ifdef __FreeBSD__ >++ hdr_len = open_a_pcap (device, 1000, &cap, cmd) ; >++#else >+ hdr_len = open_a_pcap (device, 0, &cap, cmd) ; >++#endif >+ >+ // set broad firewall rule >+ sprintf (G_fw_broad_rule, " %s %s 0 %s %s", >+@@ -716,7 +779,22 @@ >+ >+ for (;;) { >+ >++#ifdef __FreeBSD__ >++ { >++ int ret = 0; >++ struct pcap_pkthdr * packet_hdr_p; >++ >++ while (ret == 0) { >++ ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ; >++ packet_hdr = *packet_hdr_p; >++ if (ret < 0) { >++ p = NULL; >++ } >++ } >++ } >++#else >+ p = (unsigned char*)pcap_next (cap, &packet_hdr) ; >++#endif >+ if (p == NULL) { >+ WARNX "manage_firewall got null from 'pcap_next': %s Exiting.", >+ pcap_geterr(G_cap)) ; >+@@ -1300,9 +1378,13 @@ >+ croak (errno, "Can't get interface address of %s", device) ; >+ } >+ >++#ifdef __FreeBSD__ >++ hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s", >++ port, interface_ip) ; >++#else >+ hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s", >+ port, interface_ip) ; >+- >++#endif >+ if (G_reconfigure) { >+ G_reconfigure = FALSE ; >+ NOTICE "reconfigured.") ; >+@@ -1330,9 +1412,22 @@ >+ char src_addr_buff[16] ; >+ >+ errno = 0 ; >+- netdown_count = 0 ; >+- >++#ifdef __FreeBSD__ >++ { >++ int ret = 0; >++ struct pcap_pkthdr * packet_hdr_p; >++ >++ while (ret == 0) { >++ ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ; >++ packet_hdr = *packet_hdr_p; >++ if (ret < 0) { >++ p = NULL; >++ } >++ } >++ } >++#else >+ p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ; >++#endif >+ if (G_reconfigure) { >+ if (daemonize) err_closelog() ; >+ goto reconfigure ;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=58575">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 88240
: 58575