- Update to 2.0.4

- Replace SED with SUBST.*
- Improve DESCR
- ok'ed snj@/wiz@

From the Changelog:

Verison 2.0.4:
--------------
More signatures.
Improved documentation, mentions of p0f_db, etc.
[BUG] Fixed a minor problem with installation on systems w/o /usr/man/.
[BUG] Fixed a DLT_NULL problem, added a new loopback signature.
Multiple timestamp options, timestamps now read from pcap dumps.
Sync with new Windows port code.
[BUG] Fixed one-line reporting for masquerade detection.

7 files changed, 34 insertions, 69 deletions

diff --git a/security/p0f/DESCR b/security/p0f/DESCR
index dcd5c7e743d..82463ac1c9f 100644
--- a/security/p0f/DESCR
+++ b/security/p0f/DESCR
@@ -1,4 +1,14 @@
-Passive OS fingerprinting technique based on information coming
-from remote host when it establishes connection to our system. Captured
-packets contains enough information to determine OS - and, unlike
-active scanners (nmap, queSO) - without sending anything to this host.
+P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the 
+operating system on: 
+
+- machines that connect to your box (SYN mode),
+- machines you connect to (SYN+ACK mode),
+- machine you cannot connect to (RST+ mode),
+- machines whose communications you can observe. 
+
+P0f can also do many other tricks, and can detect or measure the following: 
+
+- firewall presence or masquerading (useful for policy enforcement),
+- presence of a load balancer setup,
+- the distance to the remote system and its uptime,
+- other guy's network hookup (DSL, OC3, avian carriers) and his ISP. 
diff --git a/security/p0f/Makefile b/security/p0f/Makefile
index ca0797f8f1a..1a0227ad9e2 100644
--- a/security/p0f/Makefile
+++ b/security/p0f/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.12 2004/04/25 03:36:51 snj Exp $
+# $NetBSD: Makefile,v 1.13 2004/08/14 10:09:15 adrianp Exp $
 #
 
-DISTNAME=	p0f-2.0.3
+DISTNAME=	p0f-2.0.4
 CATEGORIES=	security net
 MASTER_SITES=	http://lcamtuf.coredump.cx/p0f/
 EXTRACT_SUFX=	.tgz
@@ -14,23 +14,19 @@ WRKSRC=		${WRKDIR}/p0f
 USE_BUILDLINK3=	yes
 USE_PKGINSTALL=	yes
 
-CONF_FILES=	${PREFIX}/share/examples/p0f/p0f.fp ${PKG_SYSCONFDIR}/p0f.fp
-
 DIST_SUBDIR=	${PKGNAME}
 
 PKG_SYSCONFSUBDIR=     p0f
 
-CONF_FILES=    ${PREFIX}/share/examples/p0f/p0f.fp ${PKG_SYSCONFDIR}/p0f.fp
-CONF_FILES+=   ${PREFIX}/share/examples/p0f/p0fa.fp ${PKG_SYSCONFDIR}/p0fa.fp
-CONF_FILES+=   ${PREFIX}/share/examples/p0f/p0fr.fp ${PKG_SYSCONFDIR}/p0fr.fp
-
-pre-build:
-	@${SED} -e 's#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g' \
-		< ${WRKSRC}/config.h > ${WRKSRC}/config.h.new
-	@${SED} -e 's#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g' \
-		< ${WRKSRC}/p0f.1 > ${WRKSRC}/p0f.1.new
-	${CP} ${WRKSRC}/config.h.new ${WRKSRC}/config.h
-	${CP} ${WRKSRC}/p0f.1.new ${WRKSRC}/p0f.1
+CONF_FILES=	${PREFIX}/share/examples/p0f/p0f.fp ${PKG_SYSCONFDIR}/p0f.fp
+CONF_FILES+=	${PREFIX}/share/examples/p0f/p0fa.fp ${PKG_SYSCONFDIR}/p0fa.fp
+CONF_FILES+=	${PREFIX}/share/examples/p0f/p0fr.fp ${PKG_SYSCONFDIR}/p0fr.fp
+
+SUBST_CLASSES=		paths
+SUBST_STAGE.paths=	pre-build
+SUBST_FILES.paths=	config.h p0f.1
+SUBST_SED.paths=	-e "s|/etc/p0f|${PKG_SYSCONFDIR}|g"
+SUBST_MESSAGE.paths=	"Fixing paths."
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
diff --git a/security/p0f/distinfo b/security/p0f/distinfo
index b6b30cc5eff..e6262f5db70 100644
--- a/security/p0f/distinfo
+++ b/security/p0f/distinfo
@@ -1,8 +1,6 @@
-$NetBSD: distinfo,v 1.11 2004/08/06 16:51:39 sketch Exp $
+$NetBSD: distinfo,v 1.12 2004/08/14 10:09:15 adrianp Exp $
 
-SHA1 (p0f-2.0.3/p0f-2.0.3.tgz) = a27fc55d81289ea990af765c27e7d5b7347e6f52
-Size (p0f-2.0.3/p0f-2.0.3.tgz) = 119407 bytes
-SHA1 (patch-aa) = f05549d73409fb392582be47d15a75b00b321b44
-SHA1 (patch-ab) = 6bf3c0997a303ec8de7f25a483c830d368d5c1a2
-SHA1 (patch-ac) = 1b7e8ed5830f1e9fe53004e4347dc184037327b2
-SHA1 (patch-ad) = 353a1b725601f8a0a45582be9ab4b1978736f765
+SHA1 (p0f-2.0.4/p0f-2.0.4.tgz) = 0a9917bdf5fb8e934cc9b3104e61339b6c047a77
+Size (p0f-2.0.4/p0f-2.0.4.tgz) = 126886 bytes
+SHA1 (patch-aa) = 849aa2aaddb33ab522c9c02a6a4965684a58f03e
+SHA1 (patch-ad) = 8263ac810b25c14a41d57cd6227bf78af1604800
diff --git a/security/p0f/patches/patch-aa b/security/p0f/patches/patch-aa
index cdb353b0c5b..f23c54cf62e 100644
--- a/security/p0f/patches/patch-aa
+++ b/security/p0f/patches/patch-aa
@@ -1,9 +1,9 @@
-$NetBSD: patch-aa,v 1.6 2003/11/03 11:45:28 recht Exp $
+$NetBSD: patch-aa,v 1.7 2004/08/14 10:09:15 adrianp Exp $
 
 --- mk/NetBSD.orig	2003-09-28 23:40:07.000000000 +0200
 +++ mk/NetBSD	2003-11-03 12:27:53.000000000 +0100
 @@ -7,10 +7,8 @@
- # (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
+ # (C) Copyright 2000-2004 by Michal Zalewski <lcamtuf@coredump.cx>
  #
  
 -CC      = gcc
diff --git a/security/p0f/patches/patch-ab b/security/p0f/patches/patch-ab
deleted file mode 100644
index abd8e1d8e8d..00000000000
--- a/security/p0f/patches/patch-ab
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-ab,v 1.3 2003/10/01 23:13:13 recht Exp $
-
---- config.h.orig	2003-10-02 01:02:16.000000000 +0200
-+++ config.h	2003-10-02 01:03:03.000000000 +0200
-@@ -19,7 +19,7 @@
- #ifdef WIN32
- #  define CONFIG_DIR	"."
- #else
--#  define CONFIG_DIR	"/etc/p0f"
-+#  define CONFIG_DIR	"@PKG_SYSCONFDIR@"
- #endif /* WIN32 */
- 
- #define SYN_DB		"p0f.fp"
diff --git a/security/p0f/patches/patch-ac b/security/p0f/patches/patch-ac
deleted file mode 100644
index 4954fd2a2de..00000000000
--- a/security/p0f/patches/patch-ac
+++ /dev/null
@@ -1,26 +0,0 @@
-$NetBSD: patch-ac,v 1.2 2003/11/03 11:45:28 recht Exp $
-
---- p0f.1.orig	2003-10-10 23:39:00.000000000 +0200
-+++ p0f.1	2003-11-03 12:28:01.000000000 +0100
-@@ -32,9 +32,9 @@
- .TP
- \fB\-f\fR file
- Read fingerprints from a specified file. By default, p0f reads signatures
--from ./p0f.fp or /etc/p0f/p0f.fp for SYN (incoming connection) mode,
--./p0fa.fp and /etc/p0f/p0fa.fp for SYN+ACK (outgoing connection) mode,
--and ./p0fr.fp and /etc/p0f/p0fr.fp for RST+ mode.
-+from ./p0f.fp or @PKG_SYSCONFDIR@/p0f.fp for SYN (incoming connection) mode,
-+./p0fa.fp and @PKG_SYSCONFDIR@/p0fa.fp for SYN+ACK (outgoing connection) mode,
-+and ./p0fr.fp and @PKG_SYSCONFDIR@/p0fr.fp for RST+ mode.
- Specifying multiple -f values will NOT combine several signature files
- together.
- .TP
-@@ -199,7 +199,7 @@
- You need to consult the documentation for an up-to-date list of issues.
- .SH FILES
- .TP
--.BI /etc/p0f/p0f.fp\ /etc/p0f/p0fa.fp\ /etc/p0f/p0fr.fp
-+.BI @PKG_SYSCONFDIR@/p0f.fp\ @PKG_SYSCONFDIR@/p0fa.fp\ @PKG_SYSCONFDIR@/p0fr.fp
- default fingerprint database files
- .SH AUTHOR
- .B p0f
diff --git a/security/p0f/patches/patch-ad b/security/p0f/patches/patch-ad
index b62a69c0b65..24b8208c4ce 100644
--- a/security/p0f/patches/patch-ad
+++ b/security/p0f/patches/patch-ad
@@ -1,9 +1,9 @@
-$NetBSD: patch-ad,v 1.3 2004/08/06 16:51:39 sketch Exp $
+$NetBSD: patch-ad,v 1.4 2004/08/14 10:09:15 adrianp Exp $
 
 --- mk/SunOS.orig	2003-10-01 23:20:31.000000000 +0200
 +++ mk/SunOS	2003-11-03 12:35:15.000000000 +0100
 @@ -5,11 +5,9 @@
- # (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
+ # (C) Copyright 2000-2004 by Michal Zalewski <lcamtuf@coredump.cx>
  #
  
 -CC      = gcc