ports/88240: [maintainer update] Update security/doorman to 0.81
Lupe Christoph
lupe at lupe-christoph.de
Sun Oct 30 15:30:22 UTC 2005
>Number: 88240
>Category: ports
>Synopsis: [maintainer update] Update security/doorman to 0.81
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 30 15:30:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Lupe Christoph
>Release: FreeBSD 5.4-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD firewally.lupe-christoph.de 5.4-RELEASE-p7 FreeBSD 5.4-RELEASE-p7 #4: Tue Sep 13 20:23:52 CEST 2005 lupe at firewally.lupe-christoph.de:/usr/obj/usr/src/sys/FIREWALLY i386
>Description:
security/doorman 0.8 had a problem with WITH_BDB_VER=0.43. (see ports/88029)
This update to doorman 0.8 eliminates this problem because
doorman does not use the Berkeley DB anymore.
Minor improvements:
Provide an example configuration file that is adapted to FreeBSD.
Eliminate a non-fatal bashism in configure.ac and configure.
>How-To-Repeat:
>Fix:
--- doorman-0.81.patch begins here ---
diff -ruN /usr/ports/security/doorman/Makefile doorman-0.81/Makefile
--- /usr/ports/security/doorman/Makefile Sat Jun 4 03:11:04 2005
+++ doorman-0.81/Makefile Sun Oct 30 16:08:16 2005
@@ -6,8 +6,7 @@
#
PORTNAME= doorman
-PORTVERSION= 0.8
-PORTREVISION= 1
+PORTVERSION= 0.81
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= doorman
@@ -19,34 +18,17 @@
BUILD_DEPENDS= lsof:${PORTSDIR}/sysutils/lsof
RUN_DEPENDS= ${BUILD_DEPENDS}
-PKGMESSAGE= ${WRKDIR}/pkg-message
-PATCH_STRIP= -p1
-
-# Default to db4
-WITH_BDB_VER?= 4
-
.include <bsd.port.pre.mk>
-.if ${WITH_BDB_VER} == 2
-LIB_DEPENDS= db2.0:${PORTSDIR}/databases/db2
-.elif ${WITH_BDB_VER} == 3
-LIB_DEPENDS= db3.3:${PORTSDIR}/databases/db3
-.elif ${WITH_BDB_VER} == 4
-LIB_DEPENDS= db4.0:${PORTSDIR}/databases/db4
-.elif ${WITH_BDB_VER} == 41
-LIB_DEPENDS= db41.1:${PORTSDIR}/databases/db41
-.elif ${WITH_BDB_VER} == 42
-LIB_DEPENDS= db-4.2.2:${PORTSDIR}/databases/db42
-.else
-.error WITH_BDB_VER must be one between 2, 3, 4, 41 and 42
-.endif
-
# doormand does not work with the FreeBSD 4.x version of libpcap.
# Require the ports version.
.if ${OSVERSION} < 500000
BUILD_DEPENDS+= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap
.endif
+PKGMESSAGE= ${WRKDIR}/pkg-message
+PATCH_STRIP= -p1
+
INSTALL_TARGET= installdirs install-exec install-data
MAN1= knock.1
@@ -54,24 +36,15 @@
MAN8= doormand.8
GNU_CONFIGURE= yes
-SUB_FILES= pkg-message
+SUB_FILES= pkg-message doormand.cf.EXAMPLE
USE_RC_SUBR= doorman.sh
-pre-everything::
- @${ECHO_MSG}
- @${ECHO_MSG} " This port currently requires BerkeleyDB, has only been tested with the "
- @${ECHO_MSG} " db4.x releases, and builds with db4 by default. If you wish to use a "
- @${ECHO_MSG} " specific version please use the WITH_BDB_VER=x argument using the "
- @${ECHO_MSG} " values 2, 3, 4, 41, or 42. "
- @${ECHO_MSG}
- @${ECHO_MSG} " CURRENTLY BUILDING WITH db${WITH_BDB_VER} "
- @${ECHO_MSG}
-
post-install:
${RM} -f ${PREFIX}/etc/doormand/ipf_add
${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.atend ${PREFIX}/etc/doormand/ipf_add.atend
${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.before_block ${PREFIX}/etc/doormand/ipf_add.before_block
${INSTALL_SCRIPT} ${FILESDIR}/ipf_delete ${PREFIX}/etc/doormand/ipf_delete
+ ${INSTALL_DATA} ${WRKDIR}/doormand.cf.EXAMPLE ${PREFIX}/etc/doormand/doormand.cf.EXAMPLE
@for man in ${MAN1}; do \
${INSTALL_MAN} -C ${WRKSRC}/$$man ${PREFIX}/man/man1; \
done
diff -ruN /usr/ports/security/doorman/distinfo doorman-0.81/distinfo
--- /usr/ports/security/doorman/distinfo Thu Aug 12 19:27:31 2004
+++ doorman-0.81/distinfo Sun Oct 30 13:44:26 2005
@@ -1,2 +1,2 @@
-MD5 (doorman-0.8.tgz) = 44a495d06bf81ac9a824380612035672
-SIZE (doorman-0.8.tgz) = 139950
+MD5 (doorman-0.81.tgz) = f0f30132a541122fa46f4d6d321260d9
+SIZE (doorman-0.81.tgz) = 140643
diff -ruN /usr/ports/security/doorman/files/doormand.cf.EXAMPLE.in doorman-0.81/files/doormand.cf.EXAMPLE.in
--- /usr/ports/security/doorman/files/doormand.cf.EXAMPLE.in Thu Jan 1 01:00:00 1970
+++ doorman-0.81/files/doormand.cf.EXAMPLE.in Sun Oct 30 15:58:38 2005
@@ -0,0 +1,18 @@
+#
+# 'doormand.cf'
+# Sample configuration file for the Doorman Daemon, "doormand".
+#
+#
+interface tun0
+port 1033
+waitfor 10
+connection_delay_1 100000 # 1/10th second (delay is in microseconds)
+connection_delay_2 2
+logfile /var/log/doorman
+loglevel debug
+pidfile /var/run/doormand.pid
+guestlist %%PREFIX%%/etc/doormand/guestlist
+firewall-add %%PREFIX%%/etc/doormand/ipf_add.before_block
+firewall-del %%PREFIX%%/etc/doormand/ipf_delete
+hash-archive /var/run/doormand.hash-archive
+hash-archive-size 100000
diff -ruN /usr/ports/security/doorman/files/patch-Makefile.in doorman-0.81/files/patch-Makefile.in
--- /usr/ports/security/doorman/files/patch-Makefile.in Thu Jan 1 01:00:00 1970
+++ doorman-0.81/files/patch-Makefile.in Sun Oct 30 15:57:52 2005
@@ -0,0 +1,20 @@
+--- Makefile.in.orig Sun Jul 25 20:35:35 2004
++++ Makefile.in Sun Oct 30 15:57:06 2005
+@@ -197,8 +197,7 @@
+ man5_MANS = knockcf.5 doormand.cf.5 guestlist.5
+ man8_MANS = doormand.8
+ cfgdir = $(sysconfdir)/doormand
+-cfg_DATA = doormand.cf.EXAMPLE\
+- guestlist.EXAMPLE\
++cfg_DATA = guestlist.EXAMPLE\
+ iptables_add iptables_delete\
+ ipchains_add ipchains_delete\
+ ipf_add ipf_delete\
+@@ -864,7 +863,6 @@
+ chmod 744 $(DESTDIR)$(cfgdir)/pfctl_add
+ chmod 744 $(DESTDIR)$(cfgdir)/pfctl_delete
+ chmod 600 $(DESTDIR)$(cfgdir)/guestlist.EXAMPLE
+- chmod 644 $(DESTDIR)$(cfgdir)/doormand.cf.EXAMPLE
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT:
diff -ruN /usr/ports/security/doorman/files/patch-configure doorman-0.81/files/patch-configure
--- /usr/ports/security/doorman/files/patch-configure Thu Jan 1 01:00:00 1970
+++ doorman-0.81/files/patch-configure Sun Oct 30 14:52:52 2005
@@ -0,0 +1,11 @@
+--- configure.orig Mon Sep 5 17:07:45 2005
++++ configure Sun Oct 30 14:52:28 2005
+@@ -4893,7 +4893,7 @@
+ echo "${ECHO_T}no" >&6
+ fi
+
+-if test "$LSOF" == "no"; then
++if test "$LSOF" = "no"; then
+ echo -e "\a"
+ echo "*** Utility 'lsof' is missing; doormand cannot function properly without it."
+ echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)"
diff -ruN /usr/ports/security/doorman/files/patch-configure.ac doorman-0.81/files/patch-configure.ac
--- /usr/ports/security/doorman/files/patch-configure.ac Thu Jan 1 01:00:00 1970
+++ doorman-0.81/files/patch-configure.ac Sun Oct 30 14:53:19 2005
@@ -0,0 +1,11 @@
+--- configure.ac.orig Sun Aug 7 16:26:03 2005
++++ configure.ac Sun Oct 30 14:53:03 2005
+@@ -22,7 +22,7 @@
+
+ AC_PATH_PROG([LSOF], [lsof], [no],
+ [/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin])
+-if test "$LSOF" == "no"; then
++if test "$LSOF" = "no"; then
+ echo -e "\a"
+ echo "*** Utility 'lsof' is missing; doormand cannot function properly without it."
+ echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)"
diff -ruN /usr/ports/security/doorman/files/patch-doormand.c doorman-0.81/files/patch-doormand.c
--- /usr/ports/security/doorman/files/patch-doormand.c Mon May 30 18:31:51 2005
+++ doorman-0.81/files/patch-doormand.c Sun Oct 30 14:05:31 2005
@@ -1,165 +1,167 @@
---- doorman-0.8.orig/doormand.c Thu Jul 29 21:24:02 2004
-+++ doorman-0.8/doormand.c Sun May 29 09:05:31 2005
-@@ -397,7 +397,11 @@
- int datalink_header_lengths[] = {
- // hdr len code data link type
- // ------- --- ---------------------------
-+#ifdef __FreeBSD__
-+ 4, // 0 no link-layer encapsulation
-+#else
- 0, // 0 no link-layer encapsulation
-+#endif
- 14, // 1 Ethernet (10Mb)
- -1, // 2 Experimental Ethernet (3Mb)
- -1, // 3 Amateur Radio AX.25
-@@ -557,6 +561,14 @@
- // more readable.
- //
-
-+/*
-+// lsof on FreeBSD produces one more field.
-+// This should be rewritten to use a regular expression, anyway.
-+//
-+// And who said using C++ style comments in C was good for portability?!?
-+*/
-+
-+#ifdef __FreeBSD__
- #define LSOF()\
- sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
- \
-@@ -578,6 +590,7 @@
- if ((p1 = token (&p2, " ")) == NULL) continue ;\
- if ((p1 = token (&p2, " ")) == NULL) continue ;\
- if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
- if ((p1 = token (&p2, " :")) == NULL) continue ;\
- local_ip = inet_addr(p1) ;\
- if ((p1 = token (&p2, "-")) == NULL) continue ;\
-@@ -602,7 +615,53 @@
- }\
- }\
- pclose(f) ;
--
-+#else
-+#define LSOF()\
-+sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
-+\
-+f = popen (cmd, "r") ;\
-+if (f == NULL) {\
-+ croak (errno, "Can't execute '%s'; exiting.", cmd) ;\
-+}\
-+\
-+fgets(buffer, 254, f) ; /* throw away the first line. */ \
-+while (fgets(buffer, 254, f)) {\
-+ p2 = buffer ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ dname = p1 ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ pid = p1 ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ uname = p1 ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ if ((p1 = token (&p2, " :")) == NULL) continue ;\
-+ local_ip = inet_addr(p1) ;\
-+ if ((p1 = token (&p2, "-")) == NULL) continue ;\
-+ local_port = atoi(p1) ;\
-+ if ((p1 = token (&p2, "->:")) == NULL) continue ;\
-+ aptr = p1 ;\
-+ remote_ip = inet_addr(p1) ;\
-+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
-+ pptr = p1 ;\
-+ remote_port = atoi(p1) ;\
-+ if ((p1 = token (&p2, " ()")) == NULL) continue ;\
-+ status = p1 ;\
-+\
-+ if ((saddr == remote_ip) &&\
-+ (daddr == local_ip) &&\
-+ (sport == remote_port) &&\
-+ (dport == local_port) && \
-+ (strcmp(status, "ESTABLISHED") == 0))\
-+ {\
-+ connected = TRUE ;\
-+ break ;\
-+ }\
-+}\
-+pclose(f) ;
-+#endif
-
-
-
-@@ -647,7 +706,11 @@
- snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s",
- dport_string, src_addr, interface_ip_str) ;
- DEBUG "open a secondary pcap: '%s'", cmd) ;
-+#ifdef __FreeBSD__
-+ hdr_len = open_a_pcap (device, 1000, &cap, cmd) ;
-+#else
- hdr_len = open_a_pcap (device, 0, &cap, cmd) ;
-+#endif
-
- // set broad firewall rule
- sprintf (G_fw_broad_rule, " %s %s 0 %s %s",
-@@ -659,7 +722,22 @@
-
- for (;;) {
-
-+#ifdef __FreeBSD__
-+ {
-+ int ret = 0;
-+ struct pcap_pkthdr * packet_hdr_p;
-+
-+ while (ret == 0) {
-+ ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ;
-+ packet_hdr = *packet_hdr_p;
-+ if (ret < 0) {
-+ p = NULL;
-+ }
-+ }
-+ }
-+#else
- p = (unsigned char*)pcap_next (cap, &packet_hdr) ;
-+#endif
- if (p == NULL) {
- WARNX "manage_firewall got null from 'pcap_next'. Exiting.") ;
- exit (1) ;
-@@ -1222,9 +1300,13 @@
- croak (errno, "Can't get interface address of %s", device) ;
- }
-
-+#ifdef __FreeBSD__
-+ hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s",
-+ port, interface_ip) ;
-+#else
- hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s",
- port, interface_ip) ;
--
-+#endif
- if (G_reconfigure) {
- G_reconfigure = FALSE ;
- NOTICE "reconfigured.") ;
-@@ -1252,7 +1334,22 @@
- char src_addr_buff[16] ;
-
- errno = 0 ;
-+#ifdef __FreeBSD__
-+ {
-+ int ret = 0;
-+ struct pcap_pkthdr * packet_hdr_p;
-+
-+ while (ret == 0) {
-+ ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ;
-+ packet_hdr = *packet_hdr_p;
-+ if (ret < 0) {
-+ p = NULL;
-+ }
-+ }
-+ }
-+#else
- p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ;
-+#endif
- if (G_reconfigure) {
- if (daemonize) err_closelog() ;
- goto reconfigure ;
+--- doorman-0.81/doormand.c 2005-10-30 14:00:27.000000000 +0100
++++ doormand.c 2005-10-30 14:05:18.000000000 +0100
+@@ -387,7 +387,11 @@
+ int datalink_header_lengths[] = {
+ // hdr len code data link type
+ // ------- --- ---------------------------
++#ifdef __FreeBSD__
++ 4, // 0 no link-layer encapsulation
++#else
+ 0, // 0 no link-layer encapsulation
++#endif
+ 14, // 1 Ethernet (10Mb)
+ -1, // 2 Experimental Ethernet (3Mb)
+ -1, // 3 Amateur Radio AX.25
+@@ -614,6 +618,14 @@
+ // more readable.
+ //
+
++/*
++// lsof on FreeBSD produces one more field.
++// This should be rewritten to use a regular expression, anyway.
++//
++// And who said using C++ style comments in C was good for portability?!?
++*/
++
++#ifdef __FreeBSD__
+ #define LSOF()\
+ sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
+ \
+@@ -635,6 +647,7 @@
+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
+ if ((p1 = token (&p2, " :")) == NULL) continue ;\
+ local_ip = inet_addr(p1) ;\
+ if ((p1 = token (&p2, "-")) == NULL) continue ;\
+@@ -659,7 +672,53 @@
+ }\
+ }\
+ pclose(f) ;
+-
++#else
++#define LSOF()\
++sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
++\
++f = popen (cmd, "r") ;\
++if (f == NULL) {\
++ croak (errno, "Can't execute '%s'; exiting.", cmd) ;\
++}\
++\
++fgets(buffer, 254, f) ; /* throw away the first line. */ \
++while (fgets(buffer, 254, f)) {\
++ p2 = buffer ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ dname = p1 ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ pid = p1 ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ uname = p1 ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ if ((p1 = token (&p2, " :")) == NULL) continue ;\
++ local_ip = inet_addr(p1) ;\
++ if ((p1 = token (&p2, "-")) == NULL) continue ;\
++ local_port = atoi(p1) ;\
++ if ((p1 = token (&p2, "->:")) == NULL) continue ;\
++ aptr = p1 ;\
++ remote_ip = inet_addr(p1) ;\
++ if ((p1 = token (&p2, " ")) == NULL) continue ;\
++ pptr = p1 ;\
++ remote_port = atoi(p1) ;\
++ if ((p1 = token (&p2, " ()")) == NULL) continue ;\
++ status = p1 ;\
++\
++ if ((saddr == remote_ip) &&\
++ (daddr == local_ip) &&\
++ (sport == remote_port) &&\
++ (dport == local_port) && \
++ (strcmp(status, "ESTABLISHED") == 0))\
++ {\
++ connected = TRUE ;\
++ break ;\
++ }\
++}\
++pclose(f) ;
++#endif
+
+
+
+@@ -704,7 +763,11 @@
+ snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s",
+ dport_string, src_addr, interface_ip_str) ;
+ DEBUG "open a secondary pcap: '%s'", cmd) ;
++#ifdef __FreeBSD__
++ hdr_len = open_a_pcap (device, 1000, &cap, cmd) ;
++#else
+ hdr_len = open_a_pcap (device, 0, &cap, cmd) ;
++#endif
+
+ // set broad firewall rule
+ sprintf (G_fw_broad_rule, " %s %s 0 %s %s",
+@@ -716,7 +779,22 @@
+
+ for (;;) {
+
++#ifdef __FreeBSD__
++ {
++ int ret = 0;
++ struct pcap_pkthdr * packet_hdr_p;
++
++ while (ret == 0) {
++ ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ;
++ packet_hdr = *packet_hdr_p;
++ if (ret < 0) {
++ p = NULL;
++ }
++ }
++ }
++#else
+ p = (unsigned char*)pcap_next (cap, &packet_hdr) ;
++#endif
+ if (p == NULL) {
+ WARNX "manage_firewall got null from 'pcap_next': %s Exiting.",
+ pcap_geterr(G_cap)) ;
+@@ -1300,9 +1378,13 @@
+ croak (errno, "Can't get interface address of %s", device) ;
+ }
+
++#ifdef __FreeBSD__
++ hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s",
++ port, interface_ip) ;
++#else
+ hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s",
+ port, interface_ip) ;
+-
++#endif
+ if (G_reconfigure) {
+ G_reconfigure = FALSE ;
+ NOTICE "reconfigured.") ;
+@@ -1330,9 +1412,22 @@
+ char src_addr_buff[16] ;
+
+ errno = 0 ;
+- netdown_count = 0 ;
+-
++#ifdef __FreeBSD__
++ {
++ int ret = 0;
++ struct pcap_pkthdr * packet_hdr_p;
++
++ while (ret == 0) {
++ ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ;
++ packet_hdr = *packet_hdr_p;
++ if (ret < 0) {
++ p = NULL;
++ }
++ }
++ }
++#else
+ p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ;
++#endif
+ if (G_reconfigure) {
+ if (daemonize) err_closelog() ;
+ goto reconfigure ;
--- doorman-0.81.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list