- update to 1.0-r1

- default to dropping to _ipguard user - add installation instructions including directory setup needed for dropped privileges - explicitly depend on the fixed version of libnet, this software doesn't work correctly without it maintainer ok
2008-11-21 13:57:31 +00:00 · 2008-11-21 13:57:31 +00:00 · a469c20e9f
commit a469c20e9f
parent 320a3e5c60
8 changed files with 85 additions and 13 deletions
--- a/security/ipguard/Makefile
+++ b/security/ipguard/Makefile
@ -2,8 +2,8 @@

 COMMENT =	protect LAN IP adress space by ARP spoofing

-DISTNAME =	ipguard-1.00
-PKGNAME =	${DISTNAME}p0
+DISTNAME =	ipguard-1.00-r1
+PKGNAME =	${DISTNAME:S/-r/./}
 CATEGORIES =	security

 HOMEPAGE =	http://ipguard.deep.perm.ru/
@ -19,7 +19,7 @@ PERMIT_DISTFILES_FTP =	Yes

 WANTLIB =	c pcap

-LIB_DEPENDS =	lib/libnet-1.1/net.=11:libnet-1.1*:net/libnet/1.1
+LIB_DEPENDS =	lib/libnet-1.1/net.=11:libnet->=1.1.2.1p0,<1.2:net/libnet/1.1

 NO_REGRESS =	Yes

--- a/security/ipguard/distinfo
+++ b/security/ipguard/distinfo
@ -1,5 +1,5 @@
-MD5 (ipguard-1.00.tar.gz) = 4BZC1ZCj40mREA4XlzKmhg==
-RMD160 (ipguard-1.00.tar.gz) = h3qHaZ8uYdraUORjvIw+EExUH2Q=
-SHA1 (ipguard-1.00.tar.gz) = HHuVxpDEJQnjM/co0o94qdTgLKc=
-SHA256 (ipguard-1.00.tar.gz) = ObqTW2ZKSsIi9Jz8HoIIQFn7KQY85/QdWL6A7tDTWz8=
-SIZE (ipguard-1.00.tar.gz) = 25484
+MD5 (ipguard-1.00-r1.tar.gz) = XOBmmcPvDugu1/2TqE2BJQ==
+RMD160 (ipguard-1.00-r1.tar.gz) = c1oQw0F/SU80s1ny6mw5kVmNpf4=
+SHA1 (ipguard-1.00-r1.tar.gz) = 4Z3TVjTwJCP3z32NXt7+C0qGgk4=
+SHA256 (ipguard-1.00-r1.tar.gz) = MMvasXfdcVGo5NB6L5ccGv1O4fxW0cHDay8oJqsnK5w=
+SIZE (ipguard-1.00-r1.tar.gz) = 24819
--- a/security/ipguard/patches/patch-Makefile
+++ b/security/ipguard/patches/patch-Makefile
@ -1,8 +1,8 @@
-$OpenBSD: patch-Makefile,v 1.1.1.1 2008/10/30 19:34:24 sthen Exp $
--- Makefile.orig	Thu Oct 30 12:09:30 2008
-+++ Makefile	Thu Oct 30 12:09:47 2008
+$OpenBSD: patch-Makefile,v 1.2 2008/11/21 13:57:31 sthen Exp $
+--- Makefile.orig	Thu Nov 20 06:07:30 2008
+++ Makefile	Thu Nov 20 09:38:39 2008
@@ -10,12 +10,12 @@ NAME=ipguard
- VERSION=1.00
+ VERSION=1.00-r1
 
 ## FreeBSD
 -LOCALBASE=/usr/local
--- a/security/ipguard/patches/patch-doc_ipguard_8
+++ b/security/ipguard/patches/patch-doc_ipguard_8
@ -0,0 +1,34 @@
+$OpenBSD: patch-doc_ipguard_8,v 1.1 2008/11/21 13:57:31 sthen Exp $
+--- doc/ipguard.8.orig	Thu Nov 20 09:55:57 2008
+++ doc/ipguard.8	Thu Nov 20 09:56:48 2008
+@@ -60,10 +60,10 @@ in local ethernet segment.
+ Ethers file. Format of `ethers' file described in `ethers.sample' and ethers(5). Default `/etc/ethers'.
+ .TP
+ .B \-l " \fIlog\fP"
+-Log file. Default `/var/log/ipguard_<iface>.log'.
+Log file. Default `/var/log/ipguard/ipguard_<iface>.log'.
+ .TP
+ .B \-p " \fIpid\fP"
+-Pid file. Default `/var/run/ipguard_<iface>.pid'.
+Pid file. Default `/var/run/ipguard/ipguard_<iface>.pid'.
+ .TP
+ .B \-m " \fImac\fP"
+ Fake MAC address. Will be sent in ARP reply as MAC of unlisted computer. Default `de:ad:xx:xx:xx:xx', `x' == random hex number.
+@@ -176,7 +176,7 @@ MAC-IP pairs list
+ .B /var/log/ipguard/ipguard_<iface>.log
+ log file
+ .TP
+-.B /var/run/ipguard_<iface>.pid
+.B /var/run/ipguard/ipguard_<iface>.pid
+ pid file
+ 
+ .SH SEE ALSO
+@@ -186,8 +186,6 @@ RFC 826, ethers(5), tcpdump(1), pcap(3), libnet
+ .SH BUGS
+ .PP
+ Do not use wildcard IP 0.0.0.0 in `ethers' with -x option. Legal clients will be banned. Discovered by irix.
+-.PP
+-Strange bug with libnet_get_hwaddr() isnt working on OpenBSD 4.0 discovered by irix. Use -j option.
+ .PP
+ ipguard will not prevent changing MAC address along with IP by pirate.
+ .PP
--- a/security/ipguard/patches/patch-ipguard_c
+++ b/security/ipguard/patches/patch-ipguard_c
@ -0,0 +1,11 @@
+$OpenBSD: patch-ipguard_c,v 1.1 2008/11/21 13:57:31 sthen Exp $
+--- ipguard.c.orig	Thu Nov 13 21:12:51 2008
+++ ipguard.c	Thu Nov 20 10:13:27 2008
+@@ -74,6 +74,7 @@ int main(int argc, char *argv[]) {
+     srand((unsigned int) getpid());
+ 
+     iface[0] = fmac[0] = log_name[0] = pid_name[0] = suser[0] = '\0';
+    strlcpy(suser, "_ipguard", MAXLOGNAME);
+     strncpy(ethers_name, ETHERSFILE, PATH_MAX);
+     strncpy(fmac, FAKEMAC, 18);
+     ethers_update = ETHERSTO;
--- a/security/ipguard/patches/patch-ipguard_h
+++ b/security/ipguard/patches/patch-ipguard_h
@ -0,0 +1,12 @@
+$OpenBSD: patch-ipguard_h,v 1.1 2008/11/21 13:57:31 sthen Exp $
+--- ipguard.h.orig	Thu Nov 20 09:49:55 2008
+++ ipguard.h	Thu Nov 20 09:50:05 2008
+@@ -51,7 +51,7 @@
+ 
+ #define ETHERSFILE      ETHERS
+ #define LOGNAME         "/var/log/ipguard/ipguard"
+-#define PIDNAME         "/var/run/ipguard"
+#define PIDNAME         "/var/run/ipguard/ipguard"
+ #define FAKEMAC         "de:ad:xx:xx:xx:xx"
+ #define PCAP_FILTER     "arp"
+ 
--- a/security/ipguard/pkg/MESSAGE
+++ b/security/ipguard/pkg/MESSAGE
@ -0,0 +1,12 @@
+To have ipguard start at boot time, add the following line
+to /etc/rc.conf.local, substituting the flags as needed:
+
+ipguard_flags="<interface>"
+
+and to /etc/rc.local:
+
+if [ "${ipguard_flags}" != "NO" -a -x ${PREFIX}/sbin/ipguard ]; then
+	install -d -o _ipguard /var/run/ipguard
+	${PREFIX}/sbin/ipguard ${ipguard_flags}
+	echo -n ' ipguard'
+fi
--- a/security/ipguard/pkg/PLIST
+++ b/security/ipguard/pkg/PLIST
@ -1,5 +1,8 @@
-@comment $OpenBSD: PLIST,v 1.2 2008/11/18 22:31:09 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.3 2008/11/21 13:57:31 sthen Exp $
@newgroup _ipguard:612
@newuser _ipguard:612:612:daemon:IPguard User:/var/empty:/sbin/nologin
@man man/man8/ipguard.8
@bin sbin/ipguard
+@group _ipguard
+@extraunexec rm -rf /var/log/ipguard
+@sample /var/log/ipguard/