diff options
author | abs <abs@pkgsrc.org> | 2001-06-04 16:18:21 +0000 |
---|---|---|
committer | abs <abs@pkgsrc.org> | 2001-06-04 16:18:21 +0000 |
commit | 64c787b2e18428f20504ccef4ce9350e2d2a8a03 (patch) | |
tree | 1b6d7a05917e564fdae241de070faef2cafcdd94 /sysutils/cfengine | |
parent | 972d1731b3b6e3bcfc8fa9d380031d9edc5b974e (diff) | |
download | pkgsrc-64c787b2e18428f20504ccef4ce9350e2d2a8a03.tar.gz |
Update cfengine to 1.6.3
* Expansion of $(dollar) broken in 1.6.0 - fixed
* Locking problem in cfd fixed. Problem causing access
denied while re-reading config files. MAXTRIES increased
for high volume services, was causing premature apoptosis.
dest= could not refer to a filename with spaces, fixed.
* Made recipient variables in client.c long instead of
size_t in rstat, for 64 bits. With %ld in scanf.
* Cfengine 1.6.0-1.6.3 introduces filters into processes
and files.
* 1.6.3 change from Berkeley DB2 to DB3 - not backward compatible!!!
Update Berkeley db with
cd build_unix
../dist/configure
make; make install
ln -s /usr/local/BerkeleyDB.3.2 /usr/local/BerkeleyDB
2000-06-13 David Masterson <David.Masterson@kla-tencor.com>
* 1.6.0.a2: re-released to Mark after stupid mistakes.
* src/Makefile.am (noinst_HEADERS): add cfparse.h
* Makefile.am (EXTRA_DIST): add acconfig.h
2000-06-12 David Masterson <David.Masterson@kla-tencor.com>
* 1.6.0.a2: released to Mark
* General: Attempted to convert to reincorporate all my Automake
stuff into the release.
2000-06-12 Mark Burgess <Mark.Burgess@hio.no>
* 1.6.0-alpha1: released
* General: Rewrite of DCE code by Transarc/IBM. Add elsedefine=
tag as complement to define=. CompressCommand action=compress in
files, tidy, compress=true for compressing files on the fly. Bug
in copy with size= fixed. Was ignored if file didn't exist.
Modules: in addition to setting classes, can return lines
=ENVVAR=value which sets cfengine environment variables. This
allows modules to set variables which can be inherited directly by
scripts.
2000-05-11 David Masterson <David.Masterson@kla-tencor.com>
* contrib/Makefile.am (pkgdata_SCRIPTS): change cfemacs.el to
cfengine.el in keeping with internal documentation. Also renamed
the file as well.
2000-05-08 David Masterson <David.Masterson@kla-tencor.com>
* Release: V1.6 released to Mark for verification.
* Everything: Many things have been changed and reorganized for
the shift to automake generated Makefiles. See the end of the
NEWS file for more information.
2000-04-24 David Masterson <David.Masterson@kla-tencor.com>
* ChangeLog: Created and initialized with old VERSION.DIFF
***************** Minor Version 5 ********************
KNOWN BUGS: linux, when making directories, ownership can perms can be wrong.
1.5.4
Added security message in checksum=md5 for cfengine if new files appear
Bug in class evaluation with multiple embedded groups fixed
Bug in file transfer could hang a server in special circumstances.
Bug in secure recursive copy (access denied incorrectly).
Type change, size is off_t in cfstat struct
Multiple define bug in copy: could cause endless loop
Thread counting error fixed in cfd
Required/disk suspicious warnings now cause classes to be defined
Resolver could delete substring lines
Extra measures against Denial of Service attacks on cfd, only one
instance of a host-IP may be connected at one time.
1) Multiple connections from the same host are refused by default
(before any recv())
2) A DenyConnectionsFrom list will prevent named IP adresses from connecting
(before any recv) or a general AllowConnectionsFrom mask...
3) If the thread table is full for more than five requests, cfd commits
suicide (apoptosis) to avoid resource usage by spamming.
The control variable "DenyConnectionsFrom = ( ip1 ip2 ... )" allows a list
of numerical IP masks to be specified, which cfd will deny connections from.
This can be used to prevent hanging connection attacks from malicous hosts
and other Denial of Service attacks.
e.g. cfd.conf
control:
AllowConnectionsFrom ( 128.39.89 )
DenyConnectionsFrom = ( 128.39.89.4 )
This is in addition to tcp wrapper stuff, but the TCP wrapper code cannot
protect against denial of service attacks.
typecheck=false in copy switches off error messages on type mismatch.
Diffstat (limited to 'sysutils/cfengine')
-rw-r--r-- | sysutils/cfengine/Makefile | 8 | ||||
-rw-r--r-- | sysutils/cfengine/distinfo | 18 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-aa | 57 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-ab | 27 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-ac | 45 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-ad | 60 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-ae | 28 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-af | 54 | ||||
-rw-r--r-- | sysutils/cfengine/patches/patch-ag | 46 | ||||
-rw-r--r-- | sysutils/cfengine/pkg/PLIST | 14 |
10 files changed, 133 insertions, 224 deletions
diff --git a/sysutils/cfengine/Makefile b/sysutils/cfengine/Makefile index 8ff7b517455..275b66acdf4 100644 --- a/sysutils/cfengine/Makefile +++ b/sysutils/cfengine/Makefile @@ -1,16 +1,16 @@ -# $NetBSD: Makefile,v 1.7 2001/02/17 17:42:11 wiz Exp $ +# $NetBSD: Makefile,v 1.8 2001/06/04 16:18:21 abs Exp $ # -DISTNAME= cfengine-1.5.3 -PKGNAME= cfengine-1.5.3nb3 +DISTNAME= cfengine-1.6.3 CATEGORIES= sysutils net MASTER_SITES= ftp://ftp.iu.hioslo.no/pub/cfengine/ \ ftp://ftp.cfengine.webmotion.net/pub/cfengine/ -MAINTAINER= abs@netbsd.org +MAINTAINER= packages@netbsd.org HOMEPAGE= http://www.iu.hioslo.no/cfengine/ COMMENT= Automate configuration and administration of large systems GNU_CONFIGURE= YES +CONFIGURE_ARGS= --without-pthreads .include "../../mk/bsd.pkg.mk" diff --git a/sysutils/cfengine/distinfo b/sysutils/cfengine/distinfo index 74ec0016c92..537ce1b6b62 100644 --- a/sysutils/cfengine/distinfo +++ b/sysutils/cfengine/distinfo @@ -1,11 +1,9 @@ -$NetBSD: distinfo,v 1.2 2001/04/19 11:29:00 agc Exp $ +$NetBSD: distinfo,v 1.3 2001/06/04 16:18:21 abs Exp $ -SHA1 (cfengine-1.5.3.tar.gz) = bc0a21bfc7ec42c1c0e670ea07914334c5a967c3 -Size (cfengine-1.5.3.tar.gz) = 688032 bytes -SHA1 (patch-aa) = 1d8bac1660b4ad5bb8f842e3d47f910aa58e20a2 -SHA1 (patch-ab) = a11e41ece3fd40d199683e7ae2643d6fbd4eba49 -SHA1 (patch-ac) = 24a0e33de1ed2fcd4681ce8e02e6b8ad7e02b567 -SHA1 (patch-ad) = abc7468db030405de93263d75a38295ac3367d73 -SHA1 (patch-ae) = 0a4531e51b358b5f7e57e15822f3cf7f76b31567 -SHA1 (patch-af) = 81994c772fb18edef2125ffb65ff4cb71394f5e7 -SHA1 (patch-ag) = 7332d24653510e702b06e6ab4eb914cfac186875 +SHA1 (cfengine-1.6.3.tar.gz) = 4bd3fd2e2b9b798c9a3a6e8c64a7dee2cd4ab763 +Size (cfengine-1.6.3.tar.gz) = 867265 bytes +SHA1 (patch-aa) = 0a9acfd8825be20f6739b5ec7a67fdec5376bb89 +SHA1 (patch-ab) = 4ea38815ee7a13696df545ac25b51246dcc80c42 +SHA1 (patch-ac) = 18c6f129246203d763b48f357fead560da2f5bf3 +SHA1 (patch-ad) = 0044a60597fea926bbf456862f7fe61a96f6b37d +SHA1 (patch-ae) = 99496b14f80c8605886cd78a520af4d1c6cc0475 diff --git a/sysutils/cfengine/patches/patch-aa b/sysutils/cfengine/patches/patch-aa index c77c8b9c202..8f190cef112 100644 --- a/sysutils/cfengine/patches/patch-aa +++ b/sysutils/cfengine/patches/patch-aa @@ -1,53 +1,10 @@ -$NetBSD: patch-aa,v 1.2 2000/10/02 16:43:45 abs Exp $ +$NetBSD: patch-aa,v 1.3 2001/06/04 16:18:21 abs Exp $ ---- configure.orig Mon Oct 25 09:25:53 1999 -+++ configure -@@ -1073,6 +1073,8 @@ - # It thinks the first close brace ends the variable substitution. - test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' +--- Makefile.am.orig Tue Jun 13 18:25:29 2000 ++++ Makefile.am +@@ -1,4 +1,4 @@ +-SUBDIRS = pub src bin contrib inputs doc ++SUBDIRS = pub src bin contrib inputs -+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' -+ - test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + EXTRA_DIST = SURVEY acconfig.h - -@@ -3984,6 +3986,7 @@ - - - -+if false; then - echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6 - echo "configure:3989: checking for main in -lpthread" >&5 - ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'` -@@ -4105,6 +4108,7 @@ - echo "$ac_t""no" 1>&6 - fi - done -+fi - - - echo $ac_n "checking for lchown""... $ac_c" 1>&6 -@@ -4158,6 +4162,7 @@ - echo "$ac_t""no" 1>&6 - fi - -+if false; then - echo $ac_n "checking for pthread_attr_setstacksize""... $ac_c" 1>&6 - echo "configure:4163: checking for pthread_attr_setstacksize" >&5 - if eval "test \"`echo '$''{'ac_cv_func_pthread_attr_setstacksize'+set}'`\" = set"; then -@@ -4353,6 +4358,7 @@ - fi - - fi -+fi - - - # Check whether --enable-DCE or --disable-DCE was given. -@@ -5011,6 +5017,7 @@ - s%@YACC@%$YACC%g - s%@RANLIB@%$RANLIB%g - s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g -+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g - s%@INSTALL_DATA@%$INSTALL_DATA%g - s%@PERL@%$PERL%g - s%@TEX@%$TEX%g diff --git a/sysutils/cfengine/patches/patch-ab b/sysutils/cfengine/patches/patch-ab index 2e1086400a8..4ce7f44c570 100644 --- a/sysutils/cfengine/patches/patch-ab +++ b/sysutils/cfengine/patches/patch-ab @@ -1,22 +1,13 @@ -$NetBSD: patch-ab,v 1.4 2000/10/02 16:43:45 abs Exp $ +$NetBSD: patch-ab,v 1.5 2001/06/04 16:18:21 abs Exp $ ---- contrib/Makefile.in.orig Thu Apr 10 09:19:55 1997 -+++ contrib/Makefile.in -@@ -12,7 +12,7 @@ - datadir = @datadir@ +--- Makefile.in.orig Wed Feb 21 12:17:36 2001 ++++ Makefile.in +@@ -77,7 +77,7 @@ + VERSION = @VERSION@ + YACC = @YACC@ - INSTALL = @INSTALL@ --INSTALL_PROGRAM = @INSTALL_PROGRAM@ -+INSTALL_SCRIPT = @INSTALL_SCRIPT@ +-SUBDIRS = pub src bin contrib inputs doc ++SUBDIRS = pub src bin contrib inputs - MKINSTALLDIR = @top_srcdir@/bin/mkinstalldirs + EXTRA_DIST = SURVEY acconfig.h -@@ -28,7 +28,7 @@ - ${MKINSTALLDIR} ${sbindir} - for x in $?; \ - do \ -- ${INSTALL_PROGRAM} $$x ${sbindir}; \ -+ ${INSTALL_SCRIPT} $$x ${sbindir}; \ - done - - clean: diff --git a/sysutils/cfengine/patches/patch-ac b/sysutils/cfengine/patches/patch-ac index d0f8062c5ff..1af97167ca4 100644 --- a/sysutils/cfengine/patches/patch-ac +++ b/sysutils/cfengine/patches/patch-ac @@ -1,13 +1,36 @@ -$NetBSD: patch-ac,v 1.2 2000/10/02 16:43:45 abs Exp $ +$NetBSD: patch-ac,v 1.3 2001/06/04 16:18:21 abs Exp $ ---- src/encrypt.c.orig Wed Aug 11 10:32:33 1999 -+++ src/encrypt.c -@@ -39,6 +39,8 @@ - #ifdef HAVE_LIBCRYPTO /* must be des.h from OpenSSL */ - # ifdef HAVE_OPENSSL_DES_H - # include <openssl/des.h> -+# else -+# undef HAVE_LIBCRYPTO - # endif - #endif +--- configure.orig Mon Jan 29 19:21:35 2001 ++++ configure +@@ -3856,6 +3856,7 @@ + echo "$ac_t""$rtry" 1>&6 + + ++if false; then + echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6 + echo "configure:3861: checking for main in -lpthread" >&5 + ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'` +@@ -3981,6 +3982,7 @@ + done + + fi ++fi + + echo $ac_n "checking for lchown""... $ac_c" 1>&6 + echo "configure:3987: checking for lchown" >&5 +@@ -4034,6 +4036,7 @@ + fi + + ++if false; then + echo $ac_n "checking for pthread_attr_setstacksize""... $ac_c" 1>&6 + echo "configure:4039: checking for pthread_attr_setstacksize" >&5 + if eval "test \"`echo '$''{'ac_cv_func_pthread_attr_setstacksize'+set}'`\" = set"; then +@@ -4228,6 +4231,7 @@ + echo "$ac_t""no" 1>&6 + fi + ++fi + fi + diff --git a/sysutils/cfengine/patches/patch-ad b/sysutils/cfengine/patches/patch-ad index a89a7929989..219ae54da13 100644 --- a/sysutils/cfengine/patches/patch-ad +++ b/sysutils/cfengine/patches/patch-ad @@ -1,20 +1,44 @@ -$NetBSD: patch-ad,v 1.4 2000/10/02 16:43:45 abs Exp $ +$NetBSD: patch-ad,v 1.5 2001/06/04 16:18:21 abs Exp $ ---- src/image.c.orig Tue Sep 14 09:28:09 1999 -+++ src/image.c -@@ -193,9 +193,12 @@ - DeleteItemList(namecache); - } - --DeleteCompressedArray(ip->inode_cache); -- --ip->inode_cache = NULL; -+ /* Only flush when exiting initial call to RecursiveImage() */ -+if (strcmp(from,ip->path) == 0) -+ { -+ DeleteCompressedArray(ip->inode_cache); -+ ip->inode_cache = NULL; -+ } +--- contrib/vicf.in.orig Mon Jun 4 16:46:23 2001 ++++ contrib/vicf.in +@@ -4,7 +4,7 @@ + exec_prefix=@exec_prefix@ + sbindir=@sbindir@ + EDITOR="${EDITOR-vi}" +-CFINPUTS="${CFINPUTS-"@pkgdata@"} ++CFINPUTS="${CFINPUTS-"@pkgdata@"}" + export EDITOR CFINPUTS + NOPARSE="cf.preconf|cfd.conf" - cfclosedir(dirh); - } +@@ -20,7 +20,7 @@ + echo "File not found: ${file}" + echo "Only these files are eligible for editing:" + \ls $CFINPUTS +- /usr/ucb/echo -n "Create new file? (Y/n) " ++ echo -n "Create new file? (Y/n) " + read answer + if [ "$answer" = "n" ] + then +@@ -32,10 +32,10 @@ + if [ -f ${CFINPUTS}/.${file}.lock -a "$force" = "n" ] + then + i=30 +- /usr/ucb/echo -n "File ${file} is busy -- waiting up to $i seconds..." ++ echo -n "File ${file} is busy -- waiting up to $i seconds..." + while [ -f ${CFINPUTS}/.${file}.lock ] + do +- /usr/ucb/echo -n . ++ echo -n . + i=`expr $i - 1` + if [ $i = 0 ] + then +@@ -62,7 +62,7 @@ + then + echo PARSE ERROR IN NEW INPUT-FILE: + cat /tmp/cfparse.$$ +- /usr/ucb/echo -n "Re-edit file? (Y/n) " ++ echo -n "Re-edit file? (Y/n) " + read answer + if [ "$answer" = "n" ] + then diff --git a/sysutils/cfengine/patches/patch-ae b/sysutils/cfengine/patches/patch-ae index 94a0c799a59..eb8aba33860 100644 --- a/sysutils/cfengine/patches/patch-ae +++ b/sysutils/cfengine/patches/patch-ae @@ -1,12 +1,20 @@ -$NetBSD: patch-ae,v 1.2 2000/10/02 16:43:45 abs Exp $ +$NetBSD: patch-ae,v 1.3 2001/06/04 16:18:22 abs Exp $ ---- src/install.c.orig Fri Sep 24 14:00:03 1999 -+++ src/install.c -@@ -153,6 +153,7 @@ - FatalError("Redefinition of basic system variable"); - } - strcpy(VNETMASK,value); -+ AddNetworkClass(VNETMASK); - break; - +--- src/image.c.orig Thu Feb 15 07:23:22 2001 ++++ src/image.c +@@ -206,9 +206,12 @@ + DeleteItemList(namecache); + } + +-DeleteCompressedArray(ip->inode_cache); +- +-ip->inode_cache = NULL; ++ /* Only flush when exiting initial call to RecursiveImage() */ ++if (strcmp(from,ip->path) == 0) ++ { ++ DeleteCompressedArray(ip->inode_cache); ++ ip->inode_cache = NULL; ++ } + cfclosedir(dirh); + } diff --git a/sysutils/cfengine/patches/patch-af b/sysutils/cfengine/patches/patch-af deleted file mode 100644 index b46cd10d12c..00000000000 --- a/sysutils/cfengine/patches/patch-af +++ /dev/null @@ -1,54 +0,0 @@ -$NetBSD: patch-af,v 1.2 2000/10/02 16:43:45 abs Exp $ - ---- src/log.c.orig Mon Oct 2 17:38:13 2000 -+++ src/log.c -@@ -71,12 +71,12 @@ - - if (LOGGING && (getuid() == 0)) - { -- syslog(LOG_ERR,string,VFQNAME); -+ syslog(LOG_ERR,"%s",string,VFQNAME); - - if (strlen(errstr) != 0) - { -- syslog(LOG_ERR,errstr,VFQNAME); -- syslog(LOG_ERR,strerror(errno),VFQNAME); -+ syslog(LOG_ERR,"%s",errstr,VFQNAME); -+ syslog(LOG_ERR,"%s",strerror(errno),VFQNAME); - } - } - break; -@@ -110,11 +110,11 @@ - case cflogonly: - if (LOGGING && getuid() == 0) - { -- syslog(LOG_INFO,string,VFQNAME); -+ syslog(LOG_INFO,"%s",string,VFQNAME); - - if ((errstr == NULL) || (strlen(errstr) > 0)) - { -- syslog(LOG_ERR,errstr,VFQNAME); -+ syslog(LOG_ERR,"%s",errstr,VFQNAME); - } - } - -@@ -125,7 +125,7 @@ - - if (LOGGING && (getuid() == 0)) - { -- syslog(LOG_ERR,string,VFQNAME); -+ syslog(LOG_ERR,"%s",string,VFQNAME); - } - - if (string[strlen(string)-1] != '\n') -@@ -141,8 +141,8 @@ - - if (LOGGING && (getuid() == 0)) - { -- syslog(LOG_ERR,errstr,VFQNAME); -- syslog(LOG_ERR,strerror(errno),VFQNAME); -+ syslog(LOG_ERR,"%s",errstr,VFQNAME); -+ syslog(LOG_ERR,"%s",strerror(errno),VFQNAME); - } - } - return; diff --git a/sysutils/cfengine/patches/patch-ag b/sysutils/cfengine/patches/patch-ag deleted file mode 100644 index bd8019dc206..00000000000 --- a/sysutils/cfengine/patches/patch-ag +++ /dev/null @@ -1,46 +0,0 @@ -$NetBSD: patch-ag,v 1.1 2000/10/02 16:43:45 abs Exp $ - ---- src/misc.c.orig Tue Sep 14 09:46:53 1999 -+++ src/misc.c -@@ -652,3 +652,41 @@ - - AddClassToHeap(CanonifyName(VDOMAIN)); - } -+ -+/*********************************************************************/ -+ -+AddNetworkClass(netmask) -+ -+const char *netmask; -+ -+{ -+struct in_addr ip, -+ nm; -+char *sp, -+ nmbuf[maxvarsize], -+ ipbuf[maxvarsize]; -+ -+ /* -+ * Has to differentiate between cases such as: -+ * 192.168.101.1/24 -> 192.168.101 and -+ * 192.168.101.1/26 -> 192.168.101.0 -+ * We still have the, um... 'interesting' Class C default Network Class -+ * set by GetNameInfo() -+ */ -+ -+ /* This is also a convenient method to ensure valid dotted quad */ -+if ( (nm.s_addr = inet_addr(netmask)) != -1 && -+ (ip.s_addr = inet_addr(VIPADDRESS)) != -1 ) -+ { -+ ip.s_addr &= nm.s_addr; /* Will not work with IPv6 */ -+ strcpy(ipbuf,inet_ntoa(ip)); -+ -+ strcpy(nmbuf,inet_ntoa(nm)); -+ while( (sp = strrchr(nmbuf,'.')) && strcmp(sp,".0") == 0 ) -+ { -+ *sp = 0; -+ *strrchr(ipbuf,'.') = 0; -+ } -+ AddClassToHeap(CanonifyName(ipbuf)); -+ } -+} diff --git a/sysutils/cfengine/pkg/PLIST b/sysutils/cfengine/pkg/PLIST index 672b2eb1903..2c4e43de5ac 100644 --- a/sysutils/cfengine/pkg/PLIST +++ b/sysutils/cfengine/pkg/PLIST @@ -1,9 +1,16 @@ -@comment $NetBSD: PLIST,v 1.2 2000/09/09 18:11:23 wiz Exp $ +@comment $NetBSD: PLIST,v 1.3 2001/06/04 16:18:22 abs Exp $ +sbin/cfcron sbin/cfd sbin/cfdoc sbin/cfengine sbin/cfkey +sbin/cfmail +sbin/cfmailfilter sbin/cfrun +sbin/cfwrap +sbin/vicf +share/cfengine/cf.chflags.example +share/cfengine/cf.freebsd.example share/cfengine/cf.ftp.example share/cfengine/cf.groups.example share/cfengine/cf.linux.example @@ -18,7 +25,8 @@ share/cfengine/cf.users.example share/cfengine/cfd.conf.example share/cfengine/cfdaily share/cfengine/cfengine.conf.example -share/cfengine/cfmail +share/cfengine/cfengine.el share/cfengine/cfrc.example -share/cfengine/cfwrap +share/cfengine/cfrun.hosts.example +share/cfengine/start-cfd @dirrm share/cfengine |