PR#22362. Add Darwin support.

Also avoid overlapping strcpy.

Should be noted that this package needs an upgrade. There is one being
developed in pkgsrc-wip.

6 files changed, 228 insertions, 15 deletions

diff --git a/security/tripwire/MESSAGE b/security/tripwire/MESSAGE
index 44490050e0b..883c4eb55c3 100644
--- a/security/tripwire/MESSAGE
+++ b/security/tripwire/MESSAGE
@@ -1,10 +1,11 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2003/05/01 21:47:42 jmmv Exp $
+$NetBSD: MESSAGE,v 1.3 2021/02/10 13:00:05 cjep Exp $
 
-To use tripwire to protect your systems, you should first initialise
-the databases:
+To use tripwire to protect your systems, you should first tune the 
+configure in ${PKG_SYSCONFDIR} and then initialise the databases:
 
-	(cd ${PKG_SYSCONFDIR}; ${PREFIX}/sbin/tripwire -initialize)
+	cd ${PKG_SYSCONFDIR} 
+	${PREFIX}/sbin/tripwire -initialize
 
 which creates the database in the ${PKG_SYSCONFDIR}/databases
 directory.
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile
index 2a4d669ab18..8884faccd9c 100644
--- a/security/tripwire/Makefile
+++ b/security/tripwire/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.36 2015/07/12 07:22:08 dholland Exp $
+# $NetBSD: Makefile,v 1.37 2021/02/10 13:00:05 cjep Exp $
 #
 
 DISTNAME=	tripwire-1.2
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_BACKUP}
 
@@ -13,7 +13,7 @@ COMMENT=	File and directory integrity checker
 USE_TOOLS+=	pax lex yacc
 MAKE_JOBS_SAFE=	NO
 
-BROKEN_EXCEPT_ON_PLATFORM=	NetBSD-*-* FreeBSD-*-* SunOS-*-*
+BROKEN_EXCEPT_ON_PLATFORM=	NetBSD-*-* FreeBSD-*-* SunOS-*-* Darwin-*-*
 
 PKG_SYSCONFSUBDIR=	tripwire
 OWN_DIRS=		${PKG_SYSCONFDIR}/databases
diff --git a/security/tripwire/distinfo b/security/tripwire/distinfo
index 8b1102362a8..d94cd8ddd66 100644
--- a/security/tripwire/distinfo
+++ b/security/tripwire/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2015/11/04 01:18:12 agc Exp $
+$NetBSD: distinfo,v 1.15 2021/02/10 13:00:05 cjep Exp $
 
 SHA1 (tripwire-1.2.tar.gz) = 6fc91e25b3e1af3881fd5b6acf240ab6c1133e38
 RMD160 (tripwire-1.2.tar.gz) = f745db5973f14b1abbc0c2e7030f90e6fdac3257
@@ -8,7 +8,7 @@ SHA1 (patch-aa) = e131fff1f7d3e5c589a4d1f6eb9bf4da4a5b970b
 SHA1 (patch-ab) = 78a8e7050b51c05f94273581ffed8f56c89387ad
 SHA1 (patch-ac) = 35b3fe52f497e6cbbf7edfeaee398f0d24aff219
 SHA1 (patch-ad) = 4b8ad8d0cd7c17a8f3a655c5a574856670533ea5
-SHA1 (patch-ae) = 6eb1767af3d881ed4181ab83bd02c960edd0a84e
+SHA1 (patch-ae) = 5be740c8fb8b8f1c4b219f86872431d9131adaa2
 SHA1 (patch-af) = 1e4eb327ddda18ef08d4b62ca846262dfdf059a6
 SHA1 (patch-ag) = 3bfc6965782d727b6b5cf20da4dd44e45327925f
 SHA1 (patch-ah) = 97eccc44190e165dbf174f04c3acab5f1b442bc7
diff --git a/security/tripwire/files/conf-darwin.h b/security/tripwire/files/conf-darwin.h
new file mode 100644
index 00000000000..5386545db9b
--- /dev/null
+++ b/security/tripwire/files/conf-darwin.h
@@ -0,0 +1,54 @@
+/* Original Id: conf-bsd.h,v 1.2 1993/08/19 05:26:52 genek Exp */
+
+/*
+ * conf-bsd.h
+ *
+ *	Tripwire configuration file
+ *
+ * Gene Kim
+ * Purdue University
+ */
+
+/***
+ *** Operating System specifics
+ ***	
+ ***	If the answer to a question in the comment is "Yes", then
+ ***	change the corresponding "#undef" to a "#define"
+ ***/
+
+/*
+ * is your OS a System V derivitive?  if so, what version?
+ *			(e.g., define SYSV 4)
+ */
+
+#undef SYSV
+
+/* 
+ * does your system have a <malloc.h> like System V? 
+ */
+
+#undef MALLOCH 	
+
+/* 
+ * does your system have a <stdlib.h> like POSIX says you should? 
+ */
+
+#define STDLIBH
+
+/*
+ * does your system use readdir(3) that returns (struct dirent *)?
+ */
+
+#define DIRENT
+
+/*
+ * is #include <string.h> ok?  (as opposed to <strings.h>)
+ */
+
+#undef STRINGH
+ 
+/* 
+ * does your system have gethostname(2) (instead of uname(2))?
+ */
+
+#define GETHOSTNAME
diff --git a/security/tripwire/files/tw.conf.darwin b/security/tripwire/files/tw.conf.darwin
new file mode 100644
index 00000000000..b732f9ca7d4
--- /dev/null
+++ b/security/tripwire/files/tw.conf.darwin
@@ -0,0 +1,117 @@
+# $NetBSD
+# From NetBSD: tw.conf.netbsd,v 1.3 2001/11/05 14:29:23 hubertf Exp 
+#
+# tripwire.config
+# Generic version for Darwin
+# YOU SHOULD EDIT THIS TO MEET YOUR REQUIREMENTS!
+#
+# This file contains a list of files and directories that System 
+# Preener will scan.  Information collected from these files will be 
+# stored in the tripwire.database file.
+#
+# Format: 			[!|=] entry [ignore-flags]
+#
+# where:	 '!' signifies the entry is to be pruned (inclusive) from
+#				the list of files to be scanned.
+#		 '=' signifies the entry is to be added, but if it is
+#				a directory, then all its contents are pruned
+#				(useful for /tmp).
+#
+# where:	entry is the absolute pathname of a file or a directory
+#
+# where ignore-flags are in the format:
+#		[template][ [+|-][pinugsam12] ... ]
+#
+# 	- :  ignore the following atributes
+#	+ :  do not ignore the following attributes
+#
+#	p :  permission and file mode bits 	a: access timestamp
+#	i :  inode number			m: modification timestamp
+#	n :  number of links (ref count)	c: inode creation timestamp
+#	u :  user id of owner			1: signature 1
+#	g :  group id of owner			2: signature 2
+#	s :  size of file
+#
+#
+# Ex:   The following entry will scan all the files in /etc, and report
+#	any changes in mode bits, inode number, reference count, uid,
+#	gid, modification and creation timestamp, and the signatures.
+#	However, it will ignore any changes in the access timestamp.
+#
+#	/etc	+pinugsm12-a
+#
+# The following templates have been pre-defined to make these long ignore
+# mask descriptions unecessary.
+#
+# Templates: 	(default)	R :  [R]ead-only (+pinugsm12-a)
+#				L :  [L]og file (+pinug-sam12)
+#				N :  ignore [N]othing (+pinusgsamc12)
+#				E :  ignore [E]verything (-pinusgsamc12)
+#
+# By default, Tripwire uses the R template -- it ignores
+# only the access timestamp.
+#
+# You can use templates with modifiers, like:
+#	Ex:  /etc/lp	E+ug
+#
+#	Example configuration file:
+#		/etc		R	# all system files
+#		!/etc/lp	R	# ...but not those logs
+#		=/tmp		N	# just the directory, not its files
+#
+# Note the difference between pruning (via "!") and ignoring everything
+# (via "E" template):  Ignoring everything in a directory still monitors
+# for added and deleted files.  Pruning a directory will prevent Tripwire
+# from even looking in the specified directory.
+#
+#
+# Tripwire running slowly?  Modify your tripwire.config entries to
+# ignore the (signature 2) attribute when this computationally-exorbitant 
+# protection is not needed.  (See README and design document for further
+# details.)
+#
+
+#  First, root's "home"
+=/				L
+/var/root			R-2
+!/var/root/Library			# noisy
+
+# /bin and exceptions
+/bin		R-2
+
+# /dev
+/dev	 	L
+
+!/dev/fd        R	# Grumbles on Darwin
+
+# /etc and exceptions
+/etc			R-2
+/etc/master.passwd	L
+/etc/motd		L
+/etc/passwd		L
+/etc/uucp		L
+
+# Home directories
+=/Users
+
+# /sbin
+/sbin			R-2
+
+# /usr/bin
+/usr/bin		R-2
+
+/usr/lib		R-2
+
+/usr/libexec		R-2
+
+/usr/local/bin		R-2
+
+/usr/local/etc		L
+
+/usr/sbin		R-2
+
+# packages...
+=@localbase@
+=@x11base@
+
+###########################################
diff --git a/security/tripwire/patches/patch-ae b/security/tripwire/patches/patch-ae
index c11b40d78fb..ba504f89e5e 100644
--- a/security/tripwire/patches/patch-ae
+++ b/security/tripwire/patches/patch-ae
@@ -1,7 +1,10 @@
-$NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
+$NetBSD
 
---- src/config.parse.c.orig	1994-07-20 18:03:26.000000000 -0700
-+++ src/config.parse.c
+strcpy used on overlapping strings. Place in a string to avoid this.
+Fixes package on Darwin. 
+
+--- src/config.parse.c.orig	1994-07-21 02:03:26.000000000 +0100
++++ src/config.parse.c	2021-02-09 14:24:32.000000000 +0000
 @@ -55,7 +55,6 @@
  #endif
  
@@ -10,7 +13,15 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
  static void configfile_descend();
  
  #ifndef L_tmpnam
-@@ -90,6 +89,7 @@ configfile_read(pp_list, pp_entry_list)
+@@ -83,6 +82,7 @@
+ {
+     FILE 	*fpin, *fpout = (FILE *) NULL;
+     char	filename[MAXPATHLEN+512];
++    char	cpfilename[MAXPATHLEN+512];
+     char	ignorestring[1024];
+     char	s[MAXPATHLEN+1024];
+     char	configfile[MAXPATHLEN+512];
+@@ -90,6 +90,7 @@
      char	number[128];
      int		entrynum = 0;
      int		err;
@@ -18,7 +29,7 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
  
      /* to make code semi-reentrant */
      list_reset(&prune_list);
-@@ -105,8 +105,9 @@ configfile_read(pp_list, pp_entry_list)
+@@ -105,8 +106,9 @@
      };
      (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
  
@@ -30,7 +41,7 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
  	exit(1);
      }
  
-@@ -149,7 +150,7 @@ configfile_read(pp_list, pp_entry_list)
+@@ -149,7 +151,7 @@
  
      err = umask(077);  /* to protect the tempfile */
  
@@ -39,3 +50,33 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
  	sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
  	perror(s);
  	exit(1);
+@@ -221,11 +223,17 @@
+ 	switch (*filename) {
+       	case '!':
+ 	    prune_mode = PRUNE_ALL;
+-	    (void) strcpy(filename, filename+1);	/* adjust name */
++	    /* overlapping strings - undefined behaviour, at least
++	     * on Darwin 
++	     * (void) strcpy(filename, filename+1);	
++	     */
++	    (void) strcpy(cpfilename, filename+1);	/* adjust name */
++	    (void) strcpy(filename, cpfilename);	/* adjust name */
+   	    break;
+         case '=':
+ 	    prune_mode = PRUNE_ONE;
+-	    (void) strcpy(filename, filename+1);	/* adjust name */
++	    (void) strcpy(cpfilename, filename+1);	/* adjust name */
++	    (void) strcpy(filename, cpfilename);	/* adjust name */
+ 	    break;
+         default:
+ 	  continue; /* nothing */
+@@ -295,7 +303,8 @@
+ 
+ 	/* check for leading '=', prune after one recursion */
+ 	else if (*filename == '=') {
+-	    (void) strcpy(filename, filename+1);
++	    (void) strcpy(cpfilename, filename+1);	/* adjust name */
++	    (void) strcpy(filename, cpfilename);	/* adjust name */
+ 	    prunedir++;
+ 	}
+