summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcjep <cjep@pkgsrc.org>2021-02-10 13:00:05 +0000
committercjep <cjep@pkgsrc.org>2021-02-10 13:00:05 +0000
commit6af67d0dbba255eaf5aa292df531938b3fef2657 (patch)
tree216681f3dfcc5d7df565703b4cd441244d449aba
parent44eb16e657b79d2964b402520239bf06be2a95e5 (diff)
downloadpkgsrc-6af67d0dbba255eaf5aa292df531938b3fef2657.tar.gz
PR#22362. Add Darwin support.
Also avoid overlapping strcpy. Should be noted that this package needs an upgrade. There is one being developed in pkgsrc-wip.
-rw-r--r--security/tripwire/MESSAGE9
-rw-r--r--security/tripwire/Makefile6
-rw-r--r--security/tripwire/distinfo4
-rw-r--r--security/tripwire/files/conf-darwin.h54
-rw-r--r--security/tripwire/files/tw.conf.darwin117
-rw-r--r--security/tripwire/patches/patch-ae53
6 files changed, 228 insertions, 15 deletions
diff --git a/security/tripwire/MESSAGE b/security/tripwire/MESSAGE
index 44490050e0b..883c4eb55c3 100644
--- a/security/tripwire/MESSAGE
+++ b/security/tripwire/MESSAGE
@@ -1,10 +1,11 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.2 2003/05/01 21:47:42 jmmv Exp $
+$NetBSD: MESSAGE,v 1.3 2021/02/10 13:00:05 cjep Exp $
-To use tripwire to protect your systems, you should first initialise
-the databases:
+To use tripwire to protect your systems, you should first tune the
+configure in ${PKG_SYSCONFDIR} and then initialise the databases:
- (cd ${PKG_SYSCONFDIR}; ${PREFIX}/sbin/tripwire -initialize)
+ cd ${PKG_SYSCONFDIR}
+ ${PREFIX}/sbin/tripwire -initialize
which creates the database in the ${PKG_SYSCONFDIR}/databases
directory.
diff --git a/security/tripwire/Makefile b/security/tripwire/Makefile
index 2a4d669ab18..8884faccd9c 100644
--- a/security/tripwire/Makefile
+++ b/security/tripwire/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.36 2015/07/12 07:22:08 dholland Exp $
+# $NetBSD: Makefile,v 1.37 2021/02/10 13:00:05 cjep Exp $
#
DISTNAME= tripwire-1.2
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_BACKUP}
@@ -13,7 +13,7 @@ COMMENT= File and directory integrity checker
USE_TOOLS+= pax lex yacc
MAKE_JOBS_SAFE= NO
-BROKEN_EXCEPT_ON_PLATFORM= NetBSD-*-* FreeBSD-*-* SunOS-*-*
+BROKEN_EXCEPT_ON_PLATFORM= NetBSD-*-* FreeBSD-*-* SunOS-*-* Darwin-*-*
PKG_SYSCONFSUBDIR= tripwire
OWN_DIRS= ${PKG_SYSCONFDIR}/databases
diff --git a/security/tripwire/distinfo b/security/tripwire/distinfo
index 8b1102362a8..d94cd8ddd66 100644
--- a/security/tripwire/distinfo
+++ b/security/tripwire/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2015/11/04 01:18:12 agc Exp $
+$NetBSD: distinfo,v 1.15 2021/02/10 13:00:05 cjep Exp $
SHA1 (tripwire-1.2.tar.gz) = 6fc91e25b3e1af3881fd5b6acf240ab6c1133e38
RMD160 (tripwire-1.2.tar.gz) = f745db5973f14b1abbc0c2e7030f90e6fdac3257
@@ -8,7 +8,7 @@ SHA1 (patch-aa) = e131fff1f7d3e5c589a4d1f6eb9bf4da4a5b970b
SHA1 (patch-ab) = 78a8e7050b51c05f94273581ffed8f56c89387ad
SHA1 (patch-ac) = 35b3fe52f497e6cbbf7edfeaee398f0d24aff219
SHA1 (patch-ad) = 4b8ad8d0cd7c17a8f3a655c5a574856670533ea5
-SHA1 (patch-ae) = 6eb1767af3d881ed4181ab83bd02c960edd0a84e
+SHA1 (patch-ae) = 5be740c8fb8b8f1c4b219f86872431d9131adaa2
SHA1 (patch-af) = 1e4eb327ddda18ef08d4b62ca846262dfdf059a6
SHA1 (patch-ag) = 3bfc6965782d727b6b5cf20da4dd44e45327925f
SHA1 (patch-ah) = 97eccc44190e165dbf174f04c3acab5f1b442bc7
diff --git a/security/tripwire/files/conf-darwin.h b/security/tripwire/files/conf-darwin.h
new file mode 100644
index 00000000000..5386545db9b
--- /dev/null
+++ b/security/tripwire/files/conf-darwin.h
@@ -0,0 +1,54 @@
+/* Original Id: conf-bsd.h,v 1.2 1993/08/19 05:26:52 genek Exp */
+
+/*
+ * conf-bsd.h
+ *
+ * Tripwire configuration file
+ *
+ * Gene Kim
+ * Purdue University
+ */
+
+/***
+ *** Operating System specifics
+ ***
+ *** If the answer to a question in the comment is "Yes", then
+ *** change the corresponding "#undef" to a "#define"
+ ***/
+
+/*
+ * is your OS a System V derivitive? if so, what version?
+ * (e.g., define SYSV 4)
+ */
+
+#undef SYSV
+
+/*
+ * does your system have a <malloc.h> like System V?
+ */
+
+#undef MALLOCH
+
+/*
+ * does your system have a <stdlib.h> like POSIX says you should?
+ */
+
+#define STDLIBH
+
+/*
+ * does your system use readdir(3) that returns (struct dirent *)?
+ */
+
+#define DIRENT
+
+/*
+ * is #include <string.h> ok? (as opposed to <strings.h>)
+ */
+
+#undef STRINGH
+
+/*
+ * does your system have gethostname(2) (instead of uname(2))?
+ */
+
+#define GETHOSTNAME
diff --git a/security/tripwire/files/tw.conf.darwin b/security/tripwire/files/tw.conf.darwin
new file mode 100644
index 00000000000..b732f9ca7d4
--- /dev/null
+++ b/security/tripwire/files/tw.conf.darwin
@@ -0,0 +1,117 @@
+# $NetBSD
+# From NetBSD: tw.conf.netbsd,v 1.3 2001/11/05 14:29:23 hubertf Exp
+#
+# tripwire.config
+# Generic version for Darwin
+# YOU SHOULD EDIT THIS TO MEET YOUR REQUIREMENTS!
+#
+# This file contains a list of files and directories that System
+# Preener will scan. Information collected from these files will be
+# stored in the tripwire.database file.
+#
+# Format: [!|=] entry [ignore-flags]
+#
+# where: '!' signifies the entry is to be pruned (inclusive) from
+# the list of files to be scanned.
+# '=' signifies the entry is to be added, but if it is
+# a directory, then all its contents are pruned
+# (useful for /tmp).
+#
+# where: entry is the absolute pathname of a file or a directory
+#
+# where ignore-flags are in the format:
+# [template][ [+|-][pinugsam12] ... ]
+#
+# - : ignore the following atributes
+# + : do not ignore the following attributes
+#
+# p : permission and file mode bits a: access timestamp
+# i : inode number m: modification timestamp
+# n : number of links (ref count) c: inode creation timestamp
+# u : user id of owner 1: signature 1
+# g : group id of owner 2: signature 2
+# s : size of file
+#
+#
+# Ex: The following entry will scan all the files in /etc, and report
+# any changes in mode bits, inode number, reference count, uid,
+# gid, modification and creation timestamp, and the signatures.
+# However, it will ignore any changes in the access timestamp.
+#
+# /etc +pinugsm12-a
+#
+# The following templates have been pre-defined to make these long ignore
+# mask descriptions unecessary.
+#
+# Templates: (default) R : [R]ead-only (+pinugsm12-a)
+# L : [L]og file (+pinug-sam12)
+# N : ignore [N]othing (+pinusgsamc12)
+# E : ignore [E]verything (-pinusgsamc12)
+#
+# By default, Tripwire uses the R template -- it ignores
+# only the access timestamp.
+#
+# You can use templates with modifiers, like:
+# Ex: /etc/lp E+ug
+#
+# Example configuration file:
+# /etc R # all system files
+# !/etc/lp R # ...but not those logs
+# =/tmp N # just the directory, not its files
+#
+# Note the difference between pruning (via "!") and ignoring everything
+# (via "E" template): Ignoring everything in a directory still monitors
+# for added and deleted files. Pruning a directory will prevent Tripwire
+# from even looking in the specified directory.
+#
+#
+# Tripwire running slowly? Modify your tripwire.config entries to
+# ignore the (signature 2) attribute when this computationally-exorbitant
+# protection is not needed. (See README and design document for further
+# details.)
+#
+
+# First, root's "home"
+=/ L
+/var/root R-2
+!/var/root/Library # noisy
+
+# /bin and exceptions
+/bin R-2
+
+# /dev
+/dev L
+
+!/dev/fd R # Grumbles on Darwin
+
+# /etc and exceptions
+/etc R-2
+/etc/master.passwd L
+/etc/motd L
+/etc/passwd L
+/etc/uucp L
+
+# Home directories
+=/Users
+
+# /sbin
+/sbin R-2
+
+# /usr/bin
+/usr/bin R-2
+
+/usr/lib R-2
+
+/usr/libexec R-2
+
+/usr/local/bin R-2
+
+/usr/local/etc L
+
+/usr/sbin R-2
+
+# packages...
+=@localbase@
+=@x11base@
+
+###########################################
diff --git a/security/tripwire/patches/patch-ae b/security/tripwire/patches/patch-ae
index c11b40d78fb..ba504f89e5e 100644
--- a/security/tripwire/patches/patch-ae
+++ b/security/tripwire/patches/patch-ae
@@ -1,7 +1,10 @@
-$NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
+$NetBSD
---- src/config.parse.c.orig 1994-07-20 18:03:26.000000000 -0700
-+++ src/config.parse.c
+strcpy used on overlapping strings. Place in a string to avoid this.
+Fixes package on Darwin.
+
+--- src/config.parse.c.orig 1994-07-21 02:03:26.000000000 +0100
++++ src/config.parse.c 2021-02-09 14:24:32.000000000 +0000
@@ -55,7 +55,6 @@
#endif
@@ -10,7 +13,15 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
static void configfile_descend();
#ifndef L_tmpnam
-@@ -90,6 +89,7 @@ configfile_read(pp_list, pp_entry_list)
+@@ -83,6 +82,7 @@
+ {
+ FILE *fpin, *fpout = (FILE *) NULL;
+ char filename[MAXPATHLEN+512];
++ char cpfilename[MAXPATHLEN+512];
+ char ignorestring[1024];
+ char s[MAXPATHLEN+1024];
+ char configfile[MAXPATHLEN+512];
+@@ -90,6 +90,7 @@
char number[128];
int entrynum = 0;
int err;
@@ -18,7 +29,7 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
/* to make code semi-reentrant */
list_reset(&prune_list);
-@@ -105,8 +105,9 @@ configfile_read(pp_list, pp_entry_list)
+@@ -105,8 +106,9 @@
};
(void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
@@ -30,7 +41,7 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
exit(1);
}
-@@ -149,7 +150,7 @@ configfile_read(pp_list, pp_entry_list)
+@@ -149,7 +151,7 @@
err = umask(077); /* to protect the tempfile */
@@ -39,3 +50,33 @@ $NetBSD: patch-ae,v 1.2 2005/12/05 20:50:58 rillig Exp $
sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
perror(s);
exit(1);
+@@ -221,11 +223,17 @@
+ switch (*filename) {
+ case '!':
+ prune_mode = PRUNE_ALL;
+- (void) strcpy(filename, filename+1); /* adjust name */
++ /* overlapping strings - undefined behaviour, at least
++ * on Darwin
++ * (void) strcpy(filename, filename+1);
++ */
++ (void) strcpy(cpfilename, filename+1); /* adjust name */
++ (void) strcpy(filename, cpfilename); /* adjust name */
+ break;
+ case '=':
+ prune_mode = PRUNE_ONE;
+- (void) strcpy(filename, filename+1); /* adjust name */
++ (void) strcpy(cpfilename, filename+1); /* adjust name */
++ (void) strcpy(filename, cpfilename); /* adjust name */
+ break;
+ default:
+ continue; /* nothing */
+@@ -295,7 +303,8 @@
+
+ /* check for leading '=', prune after one recursion */
+ else if (*filename == '=') {
+- (void) strcpy(filename, filename+1);
++ (void) strcpy(cpfilename, filename+1); /* adjust name */
++ (void) strcpy(filename, cpfilename); /* adjust name */
+ prunedir++;
+ }
+