From 2d702b0153e64cde645779149b58272c258dc67b Mon Sep 17 00:00:00 2001
From: ajacoutot <ajacoutot@openbsd.org>
Date: Wed, 11 May 2011 08:24:40 +0000
Subject: [PATCH] Sanitize some @unexec/@extraunexec calls to rm: move them up
 in the PLIST and delete everything under the @sample'd directory instead of
 the directory itself to prevent a warning from pkg_delete(1) trying to remove
 a non existing directory and to help preventing left-over files and
 directories.

---
 security/clamav/Makefile              |  4 +++-
 security/clamav/pkg/PLIST             |  9 +++++----
 security/cyrus-sasl2/Makefile         |  4 ++--
 security/cyrus-sasl2/pkg/PLIST        |  4 ++--
 security/ipguard/Makefile             |  4 ++--
 security/ipguard/pkg/PLIST            |  4 ++--
 security/logsentry/Makefile           |  4 ++--
 security/logsentry/pkg/PLIST          |  4 ++--
 security/nessus/core/Makefile         |  4 ++--
 security/nessus/core/pkg/PLIST        |  8 ++++----
 security/nessus/libnasl/Makefile      |  4 ++--
 security/nessus/libnasl/pkg/PLIST     |  4 ++--
 security/openct/Makefile              |  3 ++-
 security/openct/pkg/PLIST             |  4 ++--
 security/prelude/libprelude/Makefile  |  4 ++--
 security/prelude/libprelude/pkg/PLIST |  8 ++++----
 security/prelude/lml/Makefile         |  4 ++--
 security/prelude/lml/pkg/PLIST        |  6 +++---
 security/prelude/manager/Makefile     |  4 ++--
 security/prelude/manager/pkg/PLIST    | 10 ++++++----
 security/stunnel/Makefile             |  4 +++-
 security/stunnel/pkg/PLIST            |  4 ++--
 22 files changed, 58 insertions(+), 50 deletions(-)

diff --git a/security/clamav/Makefile b/security/clamav/Makefile
index ae7516b19f8..f9801af4186 100644
--- a/security/clamav/Makefile
+++ b/security/clamav/Makefile
@@ -1,8 +1,10 @@
-# $OpenBSD: Makefile,v 1.66 2011/03/02 14:36:49 sthen Exp $
+# $OpenBSD: Makefile,v 1.67 2011/05/11 08:24:40 ajacoutot Exp $
 
 COMMENT=		virus scanner
 DISTNAME=		clamav-0.97
 
+REVISION=		0
+
 CATEGORIES=		security
 SHARED_LIBS=		clamav 18.0 \
 			clamunrar 2.0 \
diff --git a/security/clamav/pkg/PLIST b/security/clamav/pkg/PLIST
index e4ea4c0b474..3247e69107d 100644
--- a/security/clamav/pkg/PLIST
+++ b/security/clamav/pkg/PLIST
@@ -1,6 +1,10 @@
-@comment $OpenBSD: PLIST,v 1.17 2011/01/05 06:06:49 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.18 2011/05/11 08:24:40 ajacoutot Exp $
 @newgroup _clamav:539
 @newuser _clamav:539:539:daemon:Clam AntiVirus:/nonexistent:/sbin/nologin
+@extraunexec rm -fr /var/db/clamav/*
+@extraunexec rm -fr /var/spool/clamav/*
+@extraunexec rm -fr /var/clamav/quarantine/*
+@extraunexec rm -fr /var/clamav/tmp/*
 bin/clamav-config
 @bin bin/clambc
 @bin bin/clamconf
@@ -48,9 +52,6 @@ share/examples/clamav/clamav-milter.conf
 @mode 0700
 @sample /var/clamav/quarantine/
 @sample /var/clamav/tmp/
-@extraunexec rm -fr /var/db/clamav/*
-@extraunexec rm -fr /var/spool/clamav/*
-@extraunexec rm -fr /var/clamav/*
 @mode
 @owner
 @group
diff --git a/security/cyrus-sasl2/Makefile b/security/cyrus-sasl2/Makefile
index 55684b23059..e12948d6e47 100644
--- a/security/cyrus-sasl2/Makefile
+++ b/security/cyrus-sasl2/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.57 2010/12/27 14:50:23 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.58 2011/05/11 08:24:40 ajacoutot Exp $
 
 COMMENT=	RFC 2222 SASL (Simple Authentication and Security Layer)
 
 DISTNAME=	cyrus-sasl-2.1.23
-REVISION=	5
+REVISION=	6
 
 SHARED_LIBS=	anonymous	2.22 \
 		crammd5		2.22 \
diff --git a/security/cyrus-sasl2/pkg/PLIST b/security/cyrus-sasl2/pkg/PLIST
index bdd728c14be..e8840786023 100644
--- a/security/cyrus-sasl2/pkg/PLIST
+++ b/security/cyrus-sasl2/pkg/PLIST
@@ -1,5 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.19 2010/10/28 11:21:05 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.20 2011/05/11 08:24:40 ajacoutot Exp $
 @conflict cyrus-sasl-*
+@extraunexec rm -rf /var/sasl2/*
 include/sasl/
 include/sasl/hmac-md5.h
 include/sasl/md5.h
@@ -127,5 +128,4 @@ share/examples/sasl2/
 %%sql%%
 %%SHARED%%
 @sample /var/sasl2/
-@extraunexec rm -rf /var/sasl2/*
 @rcscript ${RCDIR}/saslauthd
diff --git a/security/ipguard/Makefile b/security/ipguard/Makefile
index 3d85d117242..01ad6f18793 100644
--- a/security/ipguard/Makefile
+++ b/security/ipguard/Makefile
@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.9 2011/03/08 06:44:55 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.10 2011/05/11 08:24:40 ajacoutot Exp $
 
 COMMENT =	protect LAN IP address space by ARP spoofing
 
 DISTNAME =	ipguard-1.02
 CATEGORIES =	security
-REVISION =	0
+REVISION =	1
 
 HOMEPAGE =	http://ipguard.deep.perm.ru/
 MASTER_SITES =	${HOMEPAGE}files/
diff --git a/security/ipguard/pkg/PLIST b/security/ipguard/pkg/PLIST
index 3a52671d2ac..1e8a25e7c8a 100644
--- a/security/ipguard/pkg/PLIST
+++ b/security/ipguard/pkg/PLIST
@@ -1,8 +1,8 @@
-@comment $OpenBSD: PLIST,v 1.4 2008/12/05 22:07:07 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.5 2011/05/11 08:24:40 ajacoutot Exp $
 @newgroup _ipguard:612
 @newuser _ipguard:612:612:daemon:IPguard User:/var/empty:/sbin/nologin
 @man man/man8/ipguard.8
 @bin sbin/ipguard
-@extraunexec rm -rf /var/log/ipguard
+@extraunexec rm -rf /var/log/ipguard/*
 @group _ipguard
 @sample /var/log/ipguard/
diff --git a/security/logsentry/Makefile b/security/logsentry/Makefile
index 8aed244e967..8a224d872d0 100644
--- a/security/logsentry/Makefile
+++ b/security/logsentry/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.6 2010/11/20 17:22:44 espie Exp $
+# $OpenBSD: Makefile,v 1.7 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	logfile auditing tool
 
 DISTNAME=	logsentry-1.1.1
-REVISION =	2
+REVISION =	3
 CATEGORIES=	security
 
 MAINTAINER=	Srebrenko Sehic <haver@insecure.dk>
diff --git a/security/logsentry/pkg/PLIST b/security/logsentry/pkg/PLIST
index 0a9633bb493..c9aba0e2fe7 100644
--- a/security/logsentry/pkg/PLIST
+++ b/security/logsentry/pkg/PLIST
@@ -1,5 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.7 2004/12/02 21:18:37 alek Exp $
+@comment $OpenBSD: PLIST,v 1.8 2011/05/11 08:24:41 ajacoutot Exp $
 @conflict logcheck-1.1.1
+@extraunexec rm -rf /var/tmp/logsentry/*
 bin/logtail
 share/doc/logsentry/
 share/doc/logsentry/CREDITS
@@ -31,4 +32,3 @@ share/examples/logsentry/logsentry.violations.ignore
 @mode 600
 @sample ${SYSCONFDIR}/logsentry/logsentry.violations.ignore
 @sample /var/tmp/logsentry/
-@extraunexec rm -rf /var/tmp/logsentry
diff --git a/security/nessus/core/Makefile b/security/nessus/core/Makefile
index 0c43a8cf90f..f2ff742e48c 100644
--- a/security/nessus/core/Makefile
+++ b/security/nessus/core/Makefile
@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.27 2010/11/20 17:22:44 espie Exp $
+# $OpenBSD: Makefile,v 1.28 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	network security scanner
 DISTNAME=	nessus-core-${V}
-REVISION=	7
+REVISION=	8
 
 FLAVORS=	no_x11
 FLAVOR?=
diff --git a/security/nessus/core/pkg/PLIST b/security/nessus/core/pkg/PLIST
index a21580d29d8..802b150ed2e 100644
--- a/security/nessus/core/pkg/PLIST
+++ b/security/nessus/core/pkg/PLIST
@@ -1,5 +1,8 @@
-@comment $OpenBSD: PLIST,v 1.5 2006/09/23 08:45:04 aanriot Exp $
+@comment $OpenBSD: PLIST,v 1.6 2011/05/11 08:24:41 ajacoutot Exp $
 @conflict nessus-<2.2.4
+@extraunexec rm -fr ${SYSCONFDIR}/nessus/*
+@extraunexec rm -fr /var/nessus/logs/*
+@extraunexec rm -fr /var/nessus/users/*
 bin/nessus
 bin/nessus-fetch
 bin/nessus-mkcert-client
@@ -36,6 +39,3 @@ share/examples/nessus/nessus-services
 @sample /var/nessus/nessus-services
 @sample ${SYSCONFDIR}/nessus/
 @extra lib/nessus/plugins/.desc
-@extraunexec rm -fr ${SYSCONFDIR}/nessus/*
-@extraunexec rm -fr /var/nessus/logs/*
-@extraunexec rm -fr /var/nessus/users/*
diff --git a/security/nessus/libnasl/Makefile b/security/nessus/libnasl/Makefile
index 88e48dcd132..de5f084387f 100644
--- a/security/nessus/libnasl/Makefile
+++ b/security/nessus/libnasl/Makefile
@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.16 2010/11/20 17:22:44 espie Exp $
+# $OpenBSD: Makefile,v 1.17 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	Nessus Attack Scripting Language
 DISTNAME=	libnasl-${V}
-REVISION =	1
+REVISION =	2
 
 SHARED_LIBS=	nasl	4.7
 
diff --git a/security/nessus/libnasl/pkg/PLIST b/security/nessus/libnasl/pkg/PLIST
index d96989002ca..aa8e146e342 100644
--- a/security/nessus/libnasl/pkg/PLIST
+++ b/security/nessus/libnasl/pkg/PLIST
@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.5 2006/06/01 05:16:32 aanriot Exp $
+@comment $OpenBSD: PLIST,v 1.6 2011/05/11 08:24:41 ajacoutot Exp $
 @conflict nessus-<2.2.4
 %%SHARED%%
 bin/nasl
@@ -13,4 +13,4 @@ share/examples/nessus/
 share/examples/nessus/nessus_org.pem
 @sample /var/nessus/
 @sample /var/nessus/nessus_org.pem
-@extraunexec rm -rf /var/nessus/*
+@extra /var/nessus/nessus_org.pem
diff --git a/security/openct/Makefile b/security/openct/Makefile
index 282fb535e47..035dc10c37f 100644
--- a/security/openct/Makefile
+++ b/security/openct/Makefile
@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.17 2010/11/20 17:22:44 espie Exp $
+# $OpenBSD: Makefile,v 1.18 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	drivers for several smart card readers
 
 DISTNAME=	openct-0.6.20
 CATEGORIES=	security
 SHARED_LIBS=	openct	1.1
+REVISION=	0
 
 HOMEPAGE=	http://www.opensc-project.org/openct/
 
diff --git a/security/openct/pkg/PLIST b/security/openct/pkg/PLIST
index c5abac43235..6ca0bc65266 100644
--- a/security/openct/pkg/PLIST
+++ b/security/openct/pkg/PLIST
@@ -1,6 +1,7 @@
-@comment $OpenBSD: PLIST,v 1.3 2008/12/23 19:09:32 jasper Exp $
+@comment $OpenBSD: PLIST,v 1.4 2011/05/11 08:24:41 ajacoutot Exp $
 @newgroup _openct:614
 @newuser _openct:614:_openct:daemon:OpenCT:/nonexistent:/sbin/nologin
+@extraunexec rm -rf /var/run/openct/*
 %%SHARED%%
 @bin bin/openct-tool
 include/openct/
@@ -40,4 +41,3 @@ share/examples/openct/openct.conf
 @sample ${SYSCONFDIR}/openct.conf
 @mode 755
 @sample /var/run/openct/
-@extraunexec rm -rf /var/run/openct/*
diff --git a/security/prelude/libprelude/Makefile b/security/prelude/libprelude/Makefile
index fa5de3cc1d5..549b2e966df 100644
--- a/security/prelude/libprelude/Makefile
+++ b/security/prelude/libprelude/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.29 2011/04/15 16:10:38 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.30 2011/05/11 08:24:41 ajacoutot Exp $
 
 # XXX fails to build if not using the bundled libtool
 
@@ -8,7 +8,7 @@ MODPY_EGG_VERSION=0.9.24.1
 DISTNAME=	libprelude-${MODPY_EGG_VERSION}
 PKGNAME=	prelude-${DISTNAME}
 
-REVISION=	3
+REVISION=	4
 
 MASTER_SITES=	http://www.prelude-ids.com/download/releases/libprelude/
 
diff --git a/security/prelude/libprelude/pkg/PLIST b/security/prelude/libprelude/pkg/PLIST
index 3bae312516c..59f956c57ee 100644
--- a/security/prelude/libprelude/pkg/PLIST
+++ b/security/prelude/libprelude/pkg/PLIST
@@ -1,6 +1,9 @@
-@comment $OpenBSD: PLIST,v 1.9 2009/08/30 20:37:16 rui Exp $
+@comment $OpenBSD: PLIST,v 1.10 2011/05/11 08:24:41 ajacoutot Exp $
 @newgroup _prelude:564
 @newuser _prelude:564:564:daemon:Prelude IDS:/var/empty:/sbin/nologin
+@extraunexec rm -rf ${SYSCONFDIR}/prelude/profile/*
+@extraunexec rm -rf /var/prelude/*
+@extraunexec rm -rf /var/spool/prelude/*
 %%SHARED%%
 bin/libprelude-config
 bin/prelude-adduser
@@ -140,6 +143,3 @@ share/gtk-doc/html/libprelude/pt04.html
 share/gtk-doc/html/libprelude/right.png
 share/gtk-doc/html/libprelude/style.css
 share/gtk-doc/html/libprelude/up.png
-@extraunexec rm -rf ${SYSCONFDIR}/prelude/*
-@extraunexec rm -rf /var/prelude/*
-@extraunexec rm -rf /var/spool/prelude/*
diff --git a/security/prelude/lml/Makefile b/security/prelude/lml/Makefile
index dfce6bdb41b..1a6bb68afb9 100644
--- a/security/prelude/lml/Makefile
+++ b/security/prelude/lml/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.20 2011/04/15 16:10:38 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.21 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	Prelude log analyzer
 
 DISTNAME=	prelude-lml-0.9.15
-REVISION=	3
+REVISION=	4
 
 WANTLIB += c gcrypt gnutls gpg-error m tasn1 z pcre prelude
 WANTLIB += gmp hogweed nettle pthread
diff --git a/security/prelude/lml/pkg/PLIST b/security/prelude/lml/pkg/PLIST
index 492e76662e5..a11e36c29b4 100644
--- a/security/prelude/lml/pkg/PLIST
+++ b/security/prelude/lml/pkg/PLIST
@@ -1,4 +1,6 @@
-@comment $OpenBSD: PLIST,v 1.9 2010/11/16 10:11:51 jasper Exp $
+@comment $OpenBSD: PLIST,v 1.10 2011/05/11 08:24:41 ajacoutot Exp $
+@extraunexec rm -rf /var/prelude-lml/*
+@extraunexec rm -rf /var/spool/prelude-lml/*
 %%SHARED%%
 @bin bin/prelude-lml
 include/prelude-lml/
@@ -136,5 +138,3 @@ share/examples/prelude-lml/ruleset/wu-ftp.rules
 @sample ${SYSCONFDIR}/prelude-lml/ruleset/wu-ftp.rules
 @sample /var/prelude-lml/
 @sample /var/spool/prelude-lml/
-@extraunexec rm -rf /var/prelude-lml/*
-@extraunexec rm -rf /var/spool/prelude-lml/*
diff --git a/security/prelude/manager/Makefile b/security/prelude/manager/Makefile
index a9652d62ef6..bd323e8b706 100644
--- a/security/prelude/manager/Makefile
+++ b/security/prelude/manager/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.24 2011/04/15 16:10:38 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.25 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	Prelude manager
 
 DISTNAME=	prelude-manager-0.9.15
-REVISION=	2
+REVISION=	3
 
 MASTER_SITES=	http://www.prelude-ids.com/download/releases/prelude-manager/
 
diff --git a/security/prelude/manager/pkg/PLIST b/security/prelude/manager/pkg/PLIST
index 46ac80c06a1..9fc3dbffc46 100644
--- a/security/prelude/manager/pkg/PLIST
+++ b/security/prelude/manager/pkg/PLIST
@@ -1,4 +1,8 @@
-@comment $OpenBSD: PLIST,v 1.10 2010/11/16 10:11:51 jasper Exp $
+@comment $OpenBSD: PLIST,v 1.11 2011/05/11 08:24:41 ajacoutot Exp $
+@extraunexec rm -rf /var/prelude/manager/*
+@extraunexec rm -rf /var/spool/prelude/prelude-manager/*
+@extraunexec rm -rf /var/spool/prelude-manager/failover/*
+@extraunexec rm -rf /var/spool/prelude-manager/scheduler/*
 %%SHARED%%
 @bin bin/prelude-manager
 include/prelude-manager/
@@ -39,6 +43,4 @@ share/prelude-manager/xmlmod/idmef-message.dtd
 @sample /var/spool/prelude-manager/
 @sample /var/spool/prelude-manager/failover/
 @sample /var/spool/prelude-manager/scheduler/
-@extraunexec rm -rf /var/prelude/manager/*
-@extraunexec rm -rf /var/run/prelude-manager/*
-@extraunexec rm -rf /var/spool/prelude/prelude-manager/*
+@extraunexec rm -rf /var/run/prelude-manager/
diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
index 208ed8d81c7..af9283804cd 100644
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.55 2010/11/20 17:22:45 espie Exp $
+# $OpenBSD: Makefile,v 1.56 2011/05/11 08:24:41 ajacoutot Exp $
 
 COMMENT=	SSL encryption wrapper for standard network daemons
 
@@ -6,6 +6,8 @@ VERSION=	4.28
 DISTNAME=	stunnel-${VERSION}
 CATEGORIES=	security
 
+REVISION=	0
+
 MAINTAINER=     Jakob Schlyter <jakob@openbsd.org>
 
 # GPL
diff --git a/security/stunnel/pkg/PLIST b/security/stunnel/pkg/PLIST
index 27f21e9ce6a..595b1fc6f0d 100644
--- a/security/stunnel/pkg/PLIST
+++ b/security/stunnel/pkg/PLIST
@@ -1,6 +1,7 @@
-@comment $OpenBSD: PLIST,v 1.9 2009/05/28 18:08:49 jakob Exp $
+@comment $OpenBSD: PLIST,v 1.10 2011/05/11 08:24:41 ajacoutot Exp $
 @newgroup _stunnel:528
 @newuser _stunnel:528:_stunnel:daemon:stunnel account:/var/stunnel:/sbin/nologin
+@extraunexec rm -rf /var/stunnel/*
 @man man/man8/stunnel.8
 @bin sbin/stunnel
 share/examples/stunnel/
@@ -8,5 +9,4 @@ share/examples/stunnel/
 share/examples/stunnel/stunnel.conf-sample
 @sample ${SYSCONFDIR}/stunnel/stunnel.conf
 @sample /var/stunnel/
-@extraunexec rm -rf /var/stunnel
 @extra /var/run/stunnel.pid