kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verisign stuff

Browse Source
This commit is contained in:
Xavier Beaudouin
2024-12-16 09:43:03 +01:00
parent 2b0788e34d
commit 17b695b587
59 changed files with 1428 additions and 3112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
net-mgmt/nagios/Makefile Normal file
View File

@ -0,0 +1,105 @@
PORTNAME= nagios
PORTVERSION= 3.5.1
PORTREVISION= 12
CATEGORIES= net-mgmt
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-3.x/${PORTNAME}-${PORTVERSION}
MAINTAINER= joneum@FreeBSD.org
COMMENT= Powerful network monitoring system
WWW= https://www.nagios.org/
LICENSE= GPLv2
LIB_DEPENDS= libltdl.so:devel/libltdl \
libgd.so:graphics/gd
PORTSCOUT= limit:^3.
USES= cpe localbase perl5 php
USE_PERL5= build
USE_RC_SUBR= nagios
CONFLICTS= nagios-[12].* nagios-devel nagios4
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --with-command-user=${NAGIOSUSER} \
--with-command-group=${WWWGRP} \
--with-nagios-user=${NAGIOSUSER} \
--with-nagios-group=${NAGIOSGROUP} \
--with-htmurl=${NAGIOSHTMURL} \
--with-cgiurl=${NAGIOSCGIURL} \
--sbindir=${PREFIX}/${NAGIOSWWWDIR}/cgi-bin \
--libexecdir=${PREFIX}/libexec/nagios \
--datadir=${PREFIX}/${NAGIOSWWWDIR} \
--sysconfdir=${PREFIX}/etc/nagios \
--localstatedir=${NAGIOSDIR} \
--with-httpd-conf=${PREFIX}/etc \
--with-checkresult-dir=${NAGIOSDIR}/checkresults \
--disable-statuswrl \
ac_cv_lib_iconv_main=no
CONFIGURE_ENV= PERL=${PERL}
MAKE_JOBS_UNSAFE= yes
INSTALL_TARGET= install install-commandmode install-config
PLIST_SUB= NAGIOSDIR=${NAGIOSDIR} \
NAGIOSWWWDIR=${NAGIOSWWWDIR} \
NAGIOSUSER=${NAGIOSUSER} \
NAGIOSGROUP=${NAGIOSGROUP} \
WWWGRP=${WWWGRP}
SUB_FILES= pkg-message
# XXX: Don't remove PREFIX from SUB_LIST here.
SUB_LIST= PREFIX=${PREFIX} \
NAGIOSHTMURL=${NAGIOSHTMURL} \
NAGIOSCGIURL=${NAGIOSCGIURL} \
${PLIST_SUB}
NAGIOSUSER?= nagios
NAGIOSGROUP?= nagios
NAGIOSDIR?= /var/spool/nagios
NAGIOSWWWDIR?= www/nagios
NAGIOSHTMURL?= /nagios
NAGIOSCGIURL?= ${NAGIOSHTMURL}/cgi-bin
USERS= ${NAGIOSUSER}
GROUPS= ${NAGIOSGROUP}
OPTIONS_DEFINE= EMBEDDED_PERL NANOSLEEP EVENT_BROKER UNHANDLED_HACK
OPTIONS_RADIO= PLUGINS
OPTIONS_RADIO_PLUGINS= MONPLUGINS NAGPLUGINS
OPTIONS_DEFAULT= NAGPLUGINS
EMBEDDED_PERL_DESC= Enable embedded Perl [requires Perl 5.8.0+]
NANOSLEEP_DESC= Use nanosleep in event timing
EVENT_BROKER_DESC= Enable event broker functionality
UNHANDLED_HACK_DESC= Display passive checks in unhandled queries
MONPLUGINS_RUN_DEPENDS= ${LOCALBASE}/libexec/nagios/check_nagios:net-mgmt/monitoring-plugins
NAGPLUGINS_RUN_DEPENDS= ${LOCALBASE}/libexec/nagios/check_nagios:net-mgmt/nagios-plugins
OPTIONS_SUB=
EMBEDDED_PERL_USE= perl5=run
EMBEDDED_PERL_CONFIGURE_ENABLE= embedded-perl
EMBEDDED_PERL_CONFIGURE_WITH= perlcache
NANOSLEEP_CONFIGURE_ENABLE= nanosleep
EVENT_BROKER_CONFIGURE_ENABLE= event-broker
post-extract:
@${MV} ${WRKDIR}/${PORTNAME} ${WRKSRC}
.include <bsd.port.options.mk>
post-patch:
@${REINPLACE_CMD} '/^INSTALL_OPTS=/d' ${WRKSRC}/configure
.if ${PORT_OPTIONS:MUNHANDLED_HACK}
@${REINPLACE_CMD} -e 's#;serviceprops=42\&#;serviceprops=10\&#g' \
-e 's#;hostprops=42\"#;hostprops=10\"#g' ${WRKSRC}/html/side.php
.endif
post-install:
@${MV} ${STAGEDIR}${PREFIX}/${NAGIOSWWWDIR}/config.inc.php ${STAGEDIR}${PREFIX}/${NAGIOSWWWDIR}/config.inc.php.sample
.include <bsd.port.mk>

2
net-mgmt/nagios/distinfo Normal file
View File

@ -0,0 +1,2 @@
SHA256 (nagios-3.5.1.tar.gz) = ca9dd68234fa090b3c35ecc8767b2c9eb743977eaf32612fa9b8341cc00a0f99
SIZE (nagios-3.5.1.tar.gz) = 1763584

100
net-mgmt/nagios/files/nagios.in Normal file
View File

@ -0,0 +1,100 @@
#!/bin/sh
# PROVIDE: nagios
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable nagios:
# nagios_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable nagios.
# nagios_precache (bool): Set to "NO" by default.
# Set it to "YES" to enable pre-caching.
# nagios_flags (str): Set to "" by default.
# nagios_configfile (str): Set to "%%PREFIX%%/etc/nagios/nagios.cfg" by default.
#
. /etc/rc.subr
name="nagios"
rcvar=nagios_enable
command="%%PREFIX%%/bin/nagios"
command_args="-d"
extra_commands="reload configtest"
pidfile="%%NAGIOSDIR%%/nagios.lock"
nagios_user="%%NAGIOSUSER%%"
start_precmd="start_precmd"
stop_postcmd="stop_postcmd"
restart_precmd="nagios_checkconfig"
reload_precmd="reload_precmd"
configtest_cmd="nagios_checkconfig"
sig_reload=HUP
load_rc_config "${name}"
[ -z "${nagios_enable}" ] && nagios_enable="NO"
[ -z "${nagios_configfile}" ] && nagios_configfile="%%PREFIX%%/etc/nagios/nagios.cfg"
[ -z "${nagios_precache}" ] && nagios_precache="NO"
required_files="${nagios_configfile}"
command_args="${command_args} ${nagios_configfile}"
nagios_cacheconfig() {
if ! checkyesno nagios_precache; then
return 0
fi
echo -n "Pre-Caching nagios configuration: "
${command} -pv ${nagios_configfile} 2>&1 >/dev/null
if [ $? != 0 ]; then
echo "FAILED"
${command} -v ${nagios_configfile}
return 1
else
command_args="-u -x ${command_args}"
echo "OK"
fi
}
nagios_checkconfig() {
echo -n "Performing sanity check of nagios configuration: "
${command} -v ${nagios_configfile} 2>&1 >/dev/null
if [ $? != 0 ]; then
echo "FAILED"
${command} -v ${nagios_configfile}
return 1
else
echo "OK"
fi
}
reload_precmd() {
if ! nagios_checkconfig; then
return 1
fi
if ! nagios_cacheconfig; then
return 1
fi
}
start_precmd() {
if ! nagios_checkconfig; then
return 1
fi
if ! nagios_cacheconfig; then
return 1
fi
su -m "${nagios_user}" -c "touch \"%%NAGIOSDIR%%/nagios.log\" \"%%NAGIOSDIR%%/status.sav\""
rm -f "%%NAGIOSDIR%%/rw/nagios.cmd"
}
stop_postcmd() {
rm -f "%%NAGIOSDIR%%/nagios.tmp" "%%NAGIOSDIR%%/rw/nagios.cmd"
}
run_rc_command "$1"

32
net-mgmt/nagios/files/patch-0007-fix_downtime_struct Normal file
View File

@ -0,0 +1,32 @@
--- ./include/downtime.h.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./include/downtime.h 2014-04-18 10:49:26.000000000 +0200
@@ -39,24 +39,26 @@
char *service_description;
time_t entry_time;
time_t start_time;
- time_t flex_downtime_start; /* Time the flexible downtime started */
time_t end_time;
int fixed;
unsigned long triggered_by;
unsigned long duration;
unsigned long downtime_id;
- int is_in_effect;
- int start_notification_sent;
char *author;
char *comment;
#ifdef NSCORE
unsigned long comment_id;
+#endif
+ int is_in_effect;
+#ifdef NSCORE
int start_flex_downtime;
int incremented_pending_downtime;
// int start_event;
// int stop_event;
#endif
struct scheduled_downtime_struct *next;
+ time_t flex_downtime_start; /* Time the flexible downtime started */
+ int start_notification_sent;
} scheduled_downtime;

66
net-mgmt/nagios/files/patch-Makefile.in Normal file
View File

@ -0,0 +1,66 @@
--- ./Makefile.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./Makefile.in 2014-01-14 13:57:06.000000000 +0100
@@ -30,8 +30,6 @@
LIBEXECDIR=@libexecdir@
HTMLDIR=@datadir@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
-COMMAND_OPTS=@COMMAND_OPTS@
HTTPD_CONF=@HTTPD_CONF@
INIT_DIR=@init_dir@
INIT_OPTS=-o root -g root
@@ -234,12 +232,12 @@
$(MAKE) install-basic
install-basic:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(LIBEXECDIR)
$(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(LOGDIR)
$(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(LOGDIR)/archives
$(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CHECKRESULTDIR)
if [ $(INSTALLPERLSTUFF) = yes ]; then \
- $(INSTALL) -m 664 $(INSTALL_OPTS) p1.pl $(DESTDIR)$(BINDIR); \
+ $(INSTALL) -m 644 $(INSTALL_OPTS) p1.pl $(DESTDIR)$(BINDIR); \
fi;
@echo ""
@@ -261,19 +259,18 @@
install-config:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)/objects
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/nagios.cfg $(DESTDIR)$(CFGDIR)/nagios.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/cgi.cfg $(DESTDIR)$(CFGDIR)/cgi.cfg
- $(INSTALL) -b -m 660 $(INSTALL_OPTS) sample-config/resource.cfg $(DESTDIR)$(CFGDIR)/resource.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/templates.cfg $(DESTDIR)$(CFGDIR)/objects/templates.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/commands.cfg $(DESTDIR)$(CFGDIR)/objects/commands.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/contacts.cfg $(DESTDIR)$(CFGDIR)/objects/contacts.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/timeperiods.cfg $(DESTDIR)$(CFGDIR)/objects/timeperiods.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/localhost.cfg $(DESTDIR)$(CFGDIR)/objects/localhost.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/windows.cfg $(DESTDIR)$(CFGDIR)/objects/windows.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/printer.cfg $(DESTDIR)$(CFGDIR)/objects/printer.cfg
- $(INSTALL) -b -m 664 $(INSTALL_OPTS) sample-config/template-object/switch.cfg $(DESTDIR)$(CFGDIR)/objects/switch.cfg
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(CFGDIR)/objects
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/nagios.cfg $(DESTDIR)$(CFGDIR)/nagios.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/cgi.cfg $(DESTDIR)$(CFGDIR)/cgi.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/resource.cfg $(DESTDIR)$(CFGDIR)/resource.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/templates.cfg $(DESTDIR)$(CFGDIR)/objects/templates.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/commands.cfg $(DESTDIR)$(CFGDIR)/objects/commands.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/contacts.cfg $(DESTDIR)$(CFGDIR)/objects/contacts.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/timeperiods.cfg $(DESTDIR)$(CFGDIR)/objects/timeperiods.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/localhost.cfg $(DESTDIR)$(CFGDIR)/objects/localhost.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/printer.cfg $(DESTDIR)$(CFGDIR)/objects/printer.cfg-sample
+ $(INSTALL) -m 644 $(INSTALL_OPTS) sample-config/template-object/switch.cfg $(DESTDIR)$(CFGDIR)/objects/switch.cfg-sample
@echo ""
@echo "*** Config files installed ***"
@@ -321,7 +318,6 @@
install-commandmode:
$(INSTALL) -m 775 $(COMMAND_OPTS) -d $(DESTDIR)$(LOGDIR)/rw
- chmod g+s $(DESTDIR)$(LOGDIR)/rw
@echo ""
@echo "*** External command directory configured ***"

24
net-mgmt/nagios/files/patch-base__Makefile.in Normal file
View File

@ -0,0 +1,24 @@
--- ./base/Makefile.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./base/Makefile.in 2014-01-14 13:57:06.000000000 +0100
@@ -39,8 +39,6 @@
CGIDIR=@sbindir@
HTMLDIR=@datarootdir@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
-COMMAND_OPTS=@COMMAND_OPTS@
STRIP=@STRIP@
CGIURL=@cgiurl@
@@ -204,9 +202,9 @@
$(MAKE) install-basic
install-basic:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 774 $(INSTALL_OPTS) @nagios_name@ $(DESTDIR)$(BINDIR)
- $(INSTALL) -m 774 $(INSTALL_OPTS) @nagiostats_name@ $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) @nagios_name@ $(DESTDIR)$(BINDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) @nagiostats_name@ $(DESTDIR)$(BINDIR)
strip-post-install:
$(STRIP) $(DESTDIR)$(BINDIR)/@nagios_name@

23
net-mgmt/nagios/files/patch-cgi__Makefile.in Normal file
View File

@ -0,0 +1,23 @@
--- ./cgi/Makefile.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./cgi/Makefile.in 2014-01-14 13:57:06.000000000 +0100
@@ -18,8 +18,6 @@
CGIDIR=@sbindir@
HTMLDIR=@datarootdir@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
-COMMAND_OPTS=@COMMAND_OPTS@
STRIP=@STRIP@
CGIEXTRAS=@CGIEXTRAS@
@@ -201,9 +199,9 @@
$(MAKE) install-basic
install-basic:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CGIDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(CGIDIR)
for file in *.cgi; do \
- $(INSTALL) -m 775 $(INSTALL_OPTS) $$file $(DESTDIR)$(CGIDIR); \
+ $(INSTALL) -m 755 $(INSTALL_OPTS) $$file $(DESTDIR)$(CGIDIR); \
done
strip-post-install:

25
net-mgmt/nagios/files/patch-contrib__Makefile.in Normal file
View File

@ -0,0 +1,25 @@
--- ./contrib/Makefile.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./contrib/Makefile.in 2014-01-14 13:57:06.000000000 +0100
@@ -16,7 +16,6 @@
# Generated automatically from configure script
SNPRINTF_O=@SNPRINTF_O@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
prefix=@prefix@
@@ -51,10 +50,10 @@
devclean: distclean
install:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(CGIDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
- for f in $(CGIS); do $(INSTALL) -m 775 $(INSTALL_OPTS) $$f $(DESTDIR)$(CGIDIR); done
- for f in $(UTILS); do $(INSTALL) -m 775 $(INSTALL_OPTS) $$f $(DESTDIR)$(BINDIR); done
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(CGIDIR)
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(BINDIR)
+ for f in $(CGIS); do $(INSTALL) -m 755 $(INSTALL_OPTS) $$f $(DESTDIR)$(CGIDIR); done
+ for f in $(UTILS); do $(INSTALL) -m 755 $(INSTALL_OPTS) $$f $(DESTDIR)$(BINDIR); done
##############################################################################
# rules and dependencies for actual target programs

175
net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866 Normal file
View File

@ -0,0 +1,175 @@
commit d97e03f32741a7d851826b03ed73ff4c9612a866
Author: Eric Stanley <estanley@nagios.com>
Date: 2013-12-20 13:14:30 -0600
CGIs: Fixed minor vulnerability where a custom query could crash the CGI.
Most CGIs previously incremented the input variable counter twice when
it encountered a long key value. This could cause the CGI to read past
the end of the list of CGI variables. This commit removes the second
increment, removing the possibility of reading past the end of the list
of CGI variables.
diff --git ./cgi/avail.c ./cgi/avail.c
index 76afd86..64eaadc 100644
--- ./cgi/avail.c
+++ ./cgi/avail.c
@@ -1096,7 +1096,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/cmd.c ./cgi/cmd.c
index fa6cf5a..50504eb 100644
--- ./cgi/cmd.c
+++ ./cgi/cmd.c
@@ -311,7 +311,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/config.c ./cgi/config.c
index f061b0f..3360e70 100644
--- ./cgi/config.c
+++ ./cgi/config.c
@@ -344,7 +344,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/extinfo.c ./cgi/extinfo.c
index 62a1b18..5113df4 100644
--- ./cgi/extinfo.c
+++ ./cgi/extinfo.c
@@ -591,7 +591,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/histogram.c ./cgi/histogram.c
index 4616541..f6934d0 100644
--- ./cgi/histogram.c
+++ ./cgi/histogram.c
@@ -1060,7 +1060,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/notifications.c ./cgi/notifications.c
index 8ba11c1..461ae84 100644
--- ./cgi/notifications.c
+++ ./cgi/notifications.c
@@ -327,7 +327,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/outages.c ./cgi/outages.c
index 426ede6..cb58dee 100644
--- ./cgi/outages.c
+++ ./cgi/outages.c
@@ -225,7 +225,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/status.c ./cgi/status.c
index 3253340..4ec1c92 100644
--- ./cgi/status.c
+++ ./cgi/status.c
@@ -567,7 +567,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/statusmap.c ./cgi/statusmap.c
index ea48368..2580ae5 100644
--- ./cgi/statusmap.c
+++ ./cgi/statusmap.c
@@ -400,7 +400,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/statuswml.c ./cgi/statuswml.c
index bd8cea2..d25abef 100644
--- ./cgi/statuswml.c
+++ ./cgi/statuswml.c
@@ -226,8 +226,13 @@ int process_cgivars(void) {
for(x = 0; variables[x] != NULL; x++) {
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+ continue;
+ }
+
/* we found the hostgroup argument */
- if(!strcmp(variables[x], "hostgroup")) {
+ else if(!strcmp(variables[x], "hostgroup")) {
display_type = DISPLAY_HOSTGROUP;
x++;
if(variables[x] == NULL) {
diff --git ./cgi/summary.c ./cgi/summary.c
index 126ce5e..749a02c 100644
--- ./cgi/summary.c
+++ ./cgi/summary.c
@@ -725,7 +725,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./cgi/trends.c ./cgi/trends.c
index b35c18e..895db01 100644
--- ./cgi/trends.c
+++ ./cgi/trends.c
@@ -1263,7 +1263,6 @@ int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
diff --git ./contrib/daemonchk.c ./contrib/daemonchk.c
index 78716e5..9bb6c4b 100644
--- ./contrib/daemonchk.c
+++ ./contrib/daemonchk.c
@@ -174,7 +174,6 @@ static int process_cgivars(void) {
/* do some basic length checking on the variable identifier to prevent buffer overflows */
if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
- x++;
continue;
}
}

97
net-mgmt/nagios/files/patch-html__Makefile.in Normal file
View File

@ -0,0 +1,97 @@
--- html/Makefile.in.orig 2013-08-30 17:46:14 UTC
+++ html/Makefile.in
@@ -10,8 +10,6 @@ BINDIR=@bindir@
CGIDIR=@sbindir@
HTMLDIR=@datadir@
INSTALL=@INSTALL@
-INSTALL_OPTS=@INSTALL_OPTS@
-COMMAND_OPTS=@COMMAND_OPTS@
CP=@CP@
@@ -34,55 +32,55 @@ distclean: clean
devclean: distclean
install:
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/media
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/stylesheets
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/contexthelp
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/docs
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/docs/images
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/js
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/images
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/images/logos
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/includes
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/includes/rss
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/includes/rss/extlib
- $(INSTALL) -m 775 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/ssi
- $(INSTALL) -m 664 $(INSTALL_OPTS) robots.txt $(DESTDIR)$(HTMLDIR)
-# $(INSTALL) -m 664 $(INSTALL_OPTS) docs/robots.txt $(DESTDIR)$(HTMLDIR)/docs
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)
+# $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/media
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/stylesheets
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/contexthelp
+# $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/docs
+# $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/docs/images
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/js
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/images
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/images/logos
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/includes
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/includes/rss
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/includes/rss/extlib
+ $(INSTALL) -m 755 $(INSTALL_OPTS) -d $(DESTDIR)$(HTMLDIR)/ssi
+ $(INSTALL) -m 644 $(INSTALL_OPTS) robots.txt $(DESTDIR)$(HTMLDIR)
+# $(INSTALL) -m 644 $(INSTALL_OPTS) docs/robots.txt $(DESTDIR)$(HTMLDIR)/docs
# Remove old HTML files (PHP files are used now)
rm -f $(DESTDIR)$(HTMLDIR)/index.html
rm -f $(DESTDIR)$(HTMLDIR)/main.html
rm -f $(DESTDIR)$(HTMLDIR)/side.html
for file in *.php; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR); done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR); done
# for file in media/*.wav; \
-# do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/media; done
+# do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/media; done
for file in stylesheets/*.css; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/stylesheets; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/stylesheets; done
for file in contexthelp/*.html; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/contexthelp; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/contexthelp; done
for file in js/*.js; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/js; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/js; done
# for file in docs/*.html; \
-# do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/docs; done
+# do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/docs; done
# for file in docs/images/*.*; \
-# do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/docs/images; done
+# do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/docs/images; done
for file in images/*.gif; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
for file in images/*.jpg; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
for file in images/*.png; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
for file in images/*.ico; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images; done
for file in images/logos/*.*; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images/logos; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/images/logos; done
for file in includes/*.*; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/includes; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/includes; done
for file in includes/rss/*.*; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/includes/rss; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/includes/rss; done
for file in includes/rss/extlib/*.*; \
- do $(INSTALL) -m 664 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/includes/rss/extlib; done
+ do $(INSTALL) -m 644 $(INSTALL_OPTS) $$file $(DESTDIR)$(HTMLDIR)/includes/rss/extlib; done
install-unstripped:
$(MAKE) install

13
net-mgmt/nagios/files/patch-html__index.php Normal file
View File

@ -0,0 +1,13 @@
--- ./html/index.php.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./html/index.php 2014-01-14 13:57:06.000000000 +0100
@@ -8,8 +8,9 @@
</head>
<?php
+include_once(dirname(__FILE__).'/includes/utils.inc.php');
// allow specifying main window URL for permalinks, etc.
-$corewindow="main.php";
+$corewindow=$cfg["cgi_base_url"]."/tac.cgi";
if(isset($_GET['corewindow'])){
// default window url may have been overridden with a permalink...

39
net-mgmt/nagios/files/patch-html__main.php Normal file
View File

@ -0,0 +1,39 @@
--- ./html/main.php.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./html/main.php 2014-01-14 13:57:06.000000000 +0100
@@ -40,36 +40,10 @@
<div class="product">Nagios<sup><span style="font-size: small;">&reg;</span></sup> Core<sup><span style="font-size: small;">&trade;</span></sup></div>
<div class="version">Version 3.5.1</div>
<div class="releasedate">August 30, 2013</div>
-<div class="checkforupdates"><a href="http://www.nagios.org/checkforupdates/?version=3.5.1&product=nagioscore" target="_blank">Check for updates</a></div>
<!--<div class="whatsnew"><a href="http://go.nagios.com/nagioscore/whatsnew">Read what's new in Nagios Core 3</a></div>-->
</div>
-<div id="updateversioninfo">
-<?php
- $updateinfo=get_update_information();
- //print_r($updateinfo);
- //$updateinfo['update_checks_enabled']=false;
- //$updateinfo['update_available']=true;
- if($updateinfo['update_checks_enabled']==false){
-?>
- <div class="updatechecksdisabled">
- <div class="warningmessage">Warning: Automatic Update Checks are Disabled!</div>
- <div class="submessage">Disabling update checks presents a possible security risk. Visit <a href="http://www.nagios.org/" target="_blank">nagios.org</a> to check for updates manually or enable update checks in your Nagios config file.</a></div>
- </div>
-<?php
- }
- else if($updateinfo['update_available']==true && $this_version!=$updateinfo['update_version']){
-?>
- <div class="updateavailable">
- <div class="updatemessage">A new version of Nagios Core is available!</div>
- <div class="submessage">Visit <a href="http://www.nagios.org/download/" target="_blank">nagios.org</a> to download Nagios <?php echo $updateinfo['update_version'];?>.</div>
- </div>
-<?php
- }
-?>
-</div>
-
<div id="splashboxes">

11
net-mgmt/nagios/files/patch-html_includes_rss_parse.inc Normal file
View File

@ -0,0 +1,11 @@
--- html/includes/rss/rss_parse.inc.orig 2017-12-21 16:55:41.032397000 +0100
+++ html/includes/rss/rss_parse.inc 2017-12-21 16:57:40.079068000 +0100
@@ -150,7 +150,7 @@
// check for a namespace, and split if found
$ns = false;
if ( strpos( $element, ':' ) ) {
- list($ns, $el) = split( ':', $element, 2);
+ list($ns, $el) = explode( ':', $element, 2);
}
if ( $ns and $ns != 'rdf' ) {
$this->current_namespace = $ns;

11
net-mgmt/nagios/files/patch-include__locations.h.in Normal file
View File

@ -0,0 +1,11 @@
--- ./include/locations.h.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./include/locations.h.in 2014-01-14 13:57:06.000000000 +0100
@@ -20,7 +20,7 @@
#define DEFAULT_TEMP_FILE "@localstatedir@/tempfile"
#define DEFAULT_TEMP_PATH "/tmp"
-#define DEFAULT_CHECK_RESULT_PATH "@localstatedir@/spool/checkresults"
+#define DEFAULT_CHECK_RESULT_PATH "@localstatedir@/checkresults"
#define DEFAULT_STATUS_FILE "@localstatedir@/status.dat"
#define DEFAULT_LOG_FILE "@localstatedir@/nagios.log"
#define DEFAULT_LOG_ARCHIVE_PATH "@localstatedir@/archives/"

11
net-mgmt/nagios/files/patch-sample-config__cgi.cfg.in Normal file
View File

@ -0,0 +1,11 @@
--- ./sample-config/cgi.cfg.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./sample-config/cgi.cfg.in 2014-01-14 13:57:06.000000000 +0100
@@ -264,7 +264,7 @@
# OS and distribution, so you may have to tweak this to
# work on your system.
-ping_syntax=/bin/ping -n -U -c 5 $HOSTADDRESS$
+ping_syntax=/sbin/ping -n -c 5 $HOSTADDRESS$

11
net-mgmt/nagios/files/patch-sample-config__nagios.cfg.in Normal file
View File

@ -0,0 +1,11 @@
--- ./sample-config/nagios.cfg.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./sample-config/nagios.cfg.in 2014-01-14 13:57:06.000000000 +0100
@@ -32,7 +32,7 @@
cfg_file=@sysconfdir@/objects/timeperiods.cfg
cfg_file=@sysconfdir@/objects/templates.cfg
-# Definitions for monitoring the local (Linux) host
+# Definitions for monitoring the local (FreeBSD) host
cfg_file=@sysconfdir@/objects/localhost.cfg
# Definitions for monitoring a Windows machine

40
net-mgmt/nagios/files/patch-sample-config__template-object__localhost.cfg.in Normal file
View File

@ -0,0 +1,40 @@
--- ./sample-config/template-object/localhost.cfg.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./sample-config/template-object/localhost.cfg.in 2014-01-14 13:57:06.000000000 +0100
@@ -5,7 +5,7 @@
#
# NOTE: This config file is intended to serve as an *extremely* simple
# example of how you can create configuration entries to monitor
-# the local (Linux) machine.
+# the local (FreeBSD) machine.
#
###############################################################################
@@ -23,9 +23,9 @@
# Define a host for the local machine
define host{
- use linux-server ; Name of host template to use
+ use freebsd-server ; Name of host template to use
; This host definition will inherit all variables that are defined
- ; in (or inherited by) the linux-server host template definition.
+ ; in (or inherited by) the freebsd-server host template definition.
host_name localhost
alias localhost
address 127.0.0.1
@@ -41,12 +41,12 @@
###############################################################################
###############################################################################
-# Define an optional hostgroup for Linux machines
+# Define an optional hostgroup for FreeBSD machines
define hostgroup{
- hostgroup_name linux-servers ; The name of the hostgroup
- alias Linux Servers ; Long name of the group
- members localhost ; Comma separated list of hosts that belong to this group
+ hostgroup_name freebsd-servers ; The name of the hostgroup
+ alias FreeBSD Servers ; Long name of the group
+ members localhost ; Comma separated list of hosts that belong to this group
}

26
net-mgmt/nagios/files/patch-sample-config__template-object__templates.cfg.in Normal file
View File

@ -0,0 +1,26 @@
--- ./sample-config/template-object/templates.cfg.in.orig 2013-08-30 19:46:14.000000000 +0200
+++ ./sample-config/template-object/templates.cfg.in 2014-01-14 13:57:06.000000000 +0100
@@ -63,17 +63,17 @@
}
-# Linux host definition template - This is NOT a real host, just a template!
+# FreeBSD host definition template - This is NOT a real host, just a template!
define host{
- name linux-server ; The name of this host template
+ name freebsd-server ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
- check_period 24x7 ; By default, Linux hosts are checked round the clock
+ check_period 24x7 ; By default, FreeBSD hosts are checked round the clock
check_interval 5 ; Actively check the host every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
- max_check_attempts 10 ; Check each Linux host 10 times (max)
- check_command check-host-alive ; Default command to check Linux hosts
- notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day
+ max_check_attempts 10 ; Check each FreeBSD host 10 times (max)
+ check_command check-host-alive ; Default command to check FreeBSD hosts
+ notification_period workhours ; FreeBSD admins hate to be woken up, so we only notify during the day
; Note that the notification_period variable is being overridden from
; the value that is inherited from the generic-host template!
notification_interval 120 ; Resend notifications every 2 hours

34
net-mgmt/nagios/files/pkg-message.in Normal file
View File

@ -0,0 +1,34 @@
[
{
message: <<EOT
Enable Nagios in /etc/rc.conf with the following line:
nagios_enable="YES"
Configuration templates are available in %%PREFIX%%/etc/nagios as
*.cfg-sample files. Copy them to *.cfg files where required and
edit to suit your needs.
If you don't already have a web server running, you will need to
install and configure one to finish off your Nagios installation.
When used with Apache, the following should be sufficient to publish
the web component of Nagios (modify the allow list to suit):
<Directory %%PREFIX%%/%%NAGIOSWWWDIR%%>
Order deny,allow
Deny from all
Allow from 127.0.0.1
php_flag engine on
php_admin_value open_basedir %%PREFIX%%/%%NAGIOSWWWDIR%%/:%%NAGIOSDIR%%/
</Directory>
<Directory %%PREFIX%%/%%NAGIOSWWWDIR%%/cgi-bin>
Options ExecCGI
</Directory>
ScriptAlias %%NAGIOSCGIURL%%/ %%PREFIX%%/%%NAGIOSWWWDIR%%/cgi-bin/
Alias %%NAGIOSHTMURL%%/ %%PREFIX%%/%%NAGIOSWWWDIR%%/
EOT
type: install
}
]

8
net-mgmt/nagios/pkg-descr Normal file
View File

@ -0,0 +1,8 @@
Nagios is a host and service monitor designed to inform you of network
problems before your clients, end-users or managers do. The monitoring
daemon runs intermittent checks on hosts and services you specify
using external "plugins" which return status information to Nagios.
When problems are encountered, the daemon can send notifications out
to administrative contacts in a variety of different ways (email,
instant message, SMS, etc.). Current status information, historical
logs, and reports can all be accessed via a web browser.

383
net-mgmt/nagios/pkg-plist Normal file
View File

@ -0,0 +1,383 @@
bin/nagios
bin/nagiostats
%%EMBEDDED_PERL%%bin/p1.pl
etc/nagios/cgi.cfg-sample
etc/nagios/nagios.cfg-sample
etc/nagios/objects/commands.cfg-sample
etc/nagios/objects/contacts.cfg-sample
etc/nagios/objects/localhost.cfg-sample
etc/nagios/objects/printer.cfg-sample
etc/nagios/objects/switch.cfg-sample
etc/nagios/objects/templates.cfg-sample
etc/nagios/objects/timeperiods.cfg-sample
etc/nagios/resource.cfg-sample
%%NAGIOSWWWDIR%%/cgi-bin/avail.cgi
%%NAGIOSWWWDIR%%/cgi-bin/cmd.cgi
%%NAGIOSWWWDIR%%/cgi-bin/config.cgi
%%NAGIOSWWWDIR%%/cgi-bin/extinfo.cgi
%%NAGIOSWWWDIR%%/cgi-bin/histogram.cgi
%%NAGIOSWWWDIR%%/cgi-bin/history.cgi
%%NAGIOSWWWDIR%%/cgi-bin/notifications.cgi
%%NAGIOSWWWDIR%%/cgi-bin/outages.cgi
%%NAGIOSWWWDIR%%/cgi-bin/showlog.cgi
%%NAGIOSWWWDIR%%/cgi-bin/status.cgi
%%NAGIOSWWWDIR%%/cgi-bin/statusmap.cgi
%%NAGIOSWWWDIR%%/cgi-bin/statuswml.cgi
%%NAGIOSWWWDIR%%/cgi-bin/summary.cgi
%%NAGIOSWWWDIR%%/cgi-bin/tac.cgi
%%NAGIOSWWWDIR%%/cgi-bin/trends.cgi
@sample %%NAGIOSWWWDIR%%/config.inc.php.sample
%%NAGIOSWWWDIR%%/contexthelp/A1.html
%%NAGIOSWWWDIR%%/contexthelp/A2.html
%%NAGIOSWWWDIR%%/contexthelp/A3.html
%%NAGIOSWWWDIR%%/contexthelp/A4.html
%%NAGIOSWWWDIR%%/contexthelp/A5.html
%%NAGIOSWWWDIR%%/contexthelp/A6.html
%%NAGIOSWWWDIR%%/contexthelp/A7.html
%%NAGIOSWWWDIR%%/contexthelp/B1.html
%%NAGIOSWWWDIR%%/contexthelp/C1.html
%%NAGIOSWWWDIR%%/contexthelp/D1.html
%%NAGIOSWWWDIR%%/contexthelp/E1.html
%%NAGIOSWWWDIR%%/contexthelp/F1.html
%%NAGIOSWWWDIR%%/contexthelp/G1.html
%%NAGIOSWWWDIR%%/contexthelp/G2.html
%%NAGIOSWWWDIR%%/contexthelp/G3.html
%%NAGIOSWWWDIR%%/contexthelp/G4.html
%%NAGIOSWWWDIR%%/contexthelp/G5.html
%%NAGIOSWWWDIR%%/contexthelp/G6.html
%%NAGIOSWWWDIR%%/contexthelp/H1.html
%%NAGIOSWWWDIR%%/contexthelp/H2.html
%%NAGIOSWWWDIR%%/contexthelp/H3.html
%%NAGIOSWWWDIR%%/contexthelp/H4.html
%%NAGIOSWWWDIR%%/contexthelp/H5.html
%%NAGIOSWWWDIR%%/contexthelp/H6.html
%%NAGIOSWWWDIR%%/contexthelp/H7.html
%%NAGIOSWWWDIR%%/contexthelp/H8.html
%%NAGIOSWWWDIR%%/contexthelp/I1.html
%%NAGIOSWWWDIR%%/contexthelp/I2.html
%%NAGIOSWWWDIR%%/contexthelp/I3.html
%%NAGIOSWWWDIR%%/contexthelp/I4.html
%%NAGIOSWWWDIR%%/contexthelp/I5.html
%%NAGIOSWWWDIR%%/contexthelp/I6.html
%%NAGIOSWWWDIR%%/contexthelp/I7.html
%%NAGIOSWWWDIR%%/contexthelp/I8.html
%%NAGIOSWWWDIR%%/contexthelp/I9.html
%%NAGIOSWWWDIR%%/contexthelp/J1.html
%%NAGIOSWWWDIR%%/contexthelp/K1.html
%%NAGIOSWWWDIR%%/contexthelp/L1.html
%%NAGIOSWWWDIR%%/contexthelp/L10.html
%%NAGIOSWWWDIR%%/contexthelp/L11.html
%%NAGIOSWWWDIR%%/contexthelp/L12.html
%%NAGIOSWWWDIR%%/contexthelp/L13.html
%%NAGIOSWWWDIR%%/contexthelp/L2.html
%%NAGIOSWWWDIR%%/contexthelp/L3.html
%%NAGIOSWWWDIR%%/contexthelp/L4.html
%%NAGIOSWWWDIR%%/contexthelp/L5.html
%%NAGIOSWWWDIR%%/contexthelp/L6.html
%%NAGIOSWWWDIR%%/contexthelp/L7.html
%%NAGIOSWWWDIR%%/contexthelp/L8.html
%%NAGIOSWWWDIR%%/contexthelp/L9.html
%%NAGIOSWWWDIR%%/contexthelp/M1.html
%%NAGIOSWWWDIR%%/contexthelp/M2.html
%%NAGIOSWWWDIR%%/contexthelp/M3.html
%%NAGIOSWWWDIR%%/contexthelp/M4.html
%%NAGIOSWWWDIR%%/contexthelp/M5.html
%%NAGIOSWWWDIR%%/contexthelp/M6.html
%%NAGIOSWWWDIR%%/contexthelp/N1.html
%%NAGIOSWWWDIR%%/contexthelp/N2.html
%%NAGIOSWWWDIR%%/contexthelp/N3.html
%%NAGIOSWWWDIR%%/contexthelp/N4.html
%%NAGIOSWWWDIR%%/contexthelp/N5.html
%%NAGIOSWWWDIR%%/contexthelp/N6.html
%%NAGIOSWWWDIR%%/contexthelp/N7.html
%%NAGIOSWWWDIR%%/images/Nagios-clearbg.png
%%NAGIOSWWWDIR%%/images/NagiosEnterprises-whitebg-112x46.png
%%NAGIOSWWWDIR%%/images/ack.gif
%%NAGIOSWWWDIR%%/images/action-graph.gif
%%NAGIOSWWWDIR%%/images/action-nagios.gif
%%NAGIOSWWWDIR%%/images/action-orig.gif
%%NAGIOSWWWDIR%%/images/action.gif
%%NAGIOSWWWDIR%%/images/b_first2.png
%%NAGIOSWWWDIR%%/images/b_last2.png
%%NAGIOSWWWDIR%%/images/b_next2.png
%%NAGIOSWWWDIR%%/images/b_prev2.png
%%NAGIOSWWWDIR%%/images/command.png
%%NAGIOSWWWDIR%%/images/comment.gif
%%NAGIOSWWWDIR%%/images/contexthelp1.gif
%%NAGIOSWWWDIR%%/images/contexthelp2.gif
%%NAGIOSWWWDIR%%/images/critical.png
%%NAGIOSWWWDIR%%/images/delay.gif
%%NAGIOSWWWDIR%%/images/delete.gif
%%NAGIOSWWWDIR%%/images/detail.gif
%%NAGIOSWWWDIR%%/images/disabled.gif
%%NAGIOSWWWDIR%%/images/down.gif
%%NAGIOSWWWDIR%%/images/downtime.gif
%%NAGIOSWWWDIR%%/images/empty.gif
%%NAGIOSWWWDIR%%/images/enabled.gif
%%NAGIOSWWWDIR%%/images/extinfo.gif
%%NAGIOSWWWDIR%%/images/favicon.ico
%%NAGIOSWWWDIR%%/images/flapping.gif
%%NAGIOSWWWDIR%%/images/globe-support-150x150.png
%%NAGIOSWWWDIR%%/images/graph.gif
%%NAGIOSWWWDIR%%/images/greendot.gif
%%NAGIOSWWWDIR%%/images/histogram.png
%%NAGIOSWWWDIR%%/images/history.gif
%%NAGIOSWWWDIR%%/images/hostevent.gif
%%NAGIOSWWWDIR%%/images/info.png
%%NAGIOSWWWDIR%%/images/left.gif
%%NAGIOSWWWDIR%%/images/logofullsize.png
%%NAGIOSWWWDIR%%/images/logos/aix.gd2
%%NAGIOSWWWDIR%%/images/logos/aix.gif
%%NAGIOSWWWDIR%%/images/logos/aix.jpg
%%NAGIOSWWWDIR%%/images/logos/aix.png
%%NAGIOSWWWDIR%%/images/logos/amiga.gd2
%%NAGIOSWWWDIR%%/images/logos/amiga.gif
%%NAGIOSWWWDIR%%/images/logos/amiga.jpg
%%NAGIOSWWWDIR%%/images/logos/amiga.png
%%NAGIOSWWWDIR%%/images/logos/apple.gd2
%%NAGIOSWWWDIR%%/images/logos/apple.gif
%%NAGIOSWWWDIR%%/images/logos/apple.jpg
%%NAGIOSWWWDIR%%/images/logos/apple.png
%%NAGIOSWWWDIR%%/images/logos/beos.gd2
%%NAGIOSWWWDIR%%/images/logos/beos.gif
%%NAGIOSWWWDIR%%/images/logos/beos.jpg
%%NAGIOSWWWDIR%%/images/logos/beos.png
%%NAGIOSWWWDIR%%/images/logos/bluetooth.png
%%NAGIOSWWWDIR%%/images/logos/caldera.gd2
%%NAGIOSWWWDIR%%/images/logos/caldera.gif
%%NAGIOSWWWDIR%%/images/logos/caldera.jpg
%%NAGIOSWWWDIR%%/images/logos/caldera.png
%%NAGIOSWWWDIR%%/images/logos/cat1900.gd2
%%NAGIOSWWWDIR%%/images/logos/cat2900.gd2
%%NAGIOSWWWDIR%%/images/logos/cat5000.gd2
%%NAGIOSWWWDIR%%/images/logos/database.gd2
%%NAGIOSWWWDIR%%/images/logos/database.gif
%%NAGIOSWWWDIR%%/images/logos/debian.gd2
%%NAGIOSWWWDIR%%/images/logos/debian.gif
%%NAGIOSWWWDIR%%/images/logos/debian.jpg
%%NAGIOSWWWDIR%%/images/logos/debian.png
%%NAGIOSWWWDIR%%/images/logos/desktop-server.gd2
%%NAGIOSWWWDIR%%/images/logos/desktop-server.gif
%%NAGIOSWWWDIR%%/images/logos/ethernet_card.png
%%NAGIOSWWWDIR%%/images/logos/fax.gd2
%%NAGIOSWWWDIR%%/images/logos/fax.gif
%%NAGIOSWWWDIR%%/images/logos/firewall.gd2
%%NAGIOSWWWDIR%%/images/logos/firewall.gif
%%NAGIOSWWWDIR%%/images/logos/freebsd40.gd2
%%NAGIOSWWWDIR%%/images/logos/freebsd40.gif
%%NAGIOSWWWDIR%%/images/logos/freebsd40.jpg
%%NAGIOSWWWDIR%%/images/logos/freebsd40.png
%%NAGIOSWWWDIR%%/images/logos/globe.png
%%NAGIOSWWWDIR%%/images/logos/graph.gif
%%NAGIOSWWWDIR%%/images/logos/hp-printer40.gd2
%%NAGIOSWWWDIR%%/images/logos/hp-printer40.gif
%%NAGIOSWWWDIR%%/images/logos/hp-printer40.jpg
%%NAGIOSWWWDIR%%/images/logos/hp-printer40.png
%%NAGIOSWWWDIR%%/images/logos/hpux.gd2
%%NAGIOSWWWDIR%%/images/logos/hpux.gif
%%NAGIOSWWWDIR%%/images/logos/hpux.jpg
%%NAGIOSWWWDIR%%/images/logos/hpux.png
%%NAGIOSWWWDIR%%/images/logos/hub.gd2
%%NAGIOSWWWDIR%%/images/logos/hub.gif
%%NAGIOSWWWDIR%%/images/logos/internet.gd2
%%NAGIOSWWWDIR%%/images/logos/internet.gif
%%NAGIOSWWWDIR%%/images/logos/internet_device.png
%%NAGIOSWWWDIR%%/images/logos/ip-pbx.gd2
%%NAGIOSWWWDIR%%/images/logos/ip-pbx.gif
%%NAGIOSWWWDIR%%/images/logos/irix.gd2
%%NAGIOSWWWDIR%%/images/logos/irix.gif
%%NAGIOSWWWDIR%%/images/logos/irix.jpg
%%NAGIOSWWWDIR%%/images/logos/irix.png
%%NAGIOSWWWDIR%%/images/logos/linux40.gd2
%%NAGIOSWWWDIR%%/images/logos/linux40.gif
%%NAGIOSWWWDIR%%/images/logos/linux40.jpg
%%NAGIOSWWWDIR%%/images/logos/linux40.png
%%NAGIOSWWWDIR%%/images/logos/logo.gd2
%%NAGIOSWWWDIR%%/images/logos/mac40.gd2
%%NAGIOSWWWDIR%%/images/logos/mac40.gif
%%NAGIOSWWWDIR%%/images/logos/mac40.jpg
%%NAGIOSWWWDIR%%/images/logos/mac40.png
%%NAGIOSWWWDIR%%/images/logos/mainframe.gd2
%%NAGIOSWWWDIR%%/images/logos/mainframe.gif
%%NAGIOSWWWDIR%%/images/logos/mandrake.gd2
%%NAGIOSWWWDIR%%/images/logos/mandrake.gif
%%NAGIOSWWWDIR%%/images/logos/mandrake.jpg
%%NAGIOSWWWDIR%%/images/logos/mandrake.png
%%NAGIOSWWWDIR%%/images/logos/monitor.png
%%NAGIOSWWWDIR%%/images/logos/nagios.gd2
%%NAGIOSWWWDIR%%/images/logos/nagios.gif
%%NAGIOSWWWDIR%%/images/logos/nagiosvrml.png
%%NAGIOSWWWDIR%%/images/logos/next.gd2
%%NAGIOSWWWDIR%%/images/logos/next.gif
%%NAGIOSWWWDIR%%/images/logos/next.jpg
%%NAGIOSWWWDIR%%/images/logos/next.png
%%NAGIOSWWWDIR%%/images/logos/ng-switch40.gd2
%%NAGIOSWWWDIR%%/images/logos/ng-switch40.gif
%%NAGIOSWWWDIR%%/images/logos/ng-switch40.jpg
%%NAGIOSWWWDIR%%/images/logos/ng-switch40.png
%%NAGIOSWWWDIR%%/images/logos/notebook.gd2
%%NAGIOSWWWDIR%%/images/logos/notebook.gif
%%NAGIOSWWWDIR%%/images/logos/novell40.gd2
%%NAGIOSWWWDIR%%/images/logos/novell40.gif
%%NAGIOSWWWDIR%%/images/logos/novell40.jpg
%%NAGIOSWWWDIR%%/images/logos/novell40.png
%%NAGIOSWWWDIR%%/images/logos/openbsd.gd2
%%NAGIOSWWWDIR%%/images/logos/openbsd.gif
%%NAGIOSWWWDIR%%/images/logos/openbsd.jpg
%%NAGIOSWWWDIR%%/images/logos/openbsd.png
%%NAGIOSWWWDIR%%/images/logos/printer.gd2
%%NAGIOSWWWDIR%%/images/logos/printer.gif
%%NAGIOSWWWDIR%%/images/logos/rack-server.gd2
%%NAGIOSWWWDIR%%/images/logos/rack-server.gif
%%NAGIOSWWWDIR%%/images/logos/redhat.gd2
%%NAGIOSWWWDIR%%/images/logos/redhat.gif
%%NAGIOSWWWDIR%%/images/logos/redhat.jpg
%%NAGIOSWWWDIR%%/images/logos/redhat.png
%%NAGIOSWWWDIR%%/images/logos/router.gd2
%%NAGIOSWWWDIR%%/images/logos/router.gif
%%NAGIOSWWWDIR%%/images/logos/router40.gd2
%%NAGIOSWWWDIR%%/images/logos/router40.gif
%%NAGIOSWWWDIR%%/images/logos/router40.jpg
%%NAGIOSWWWDIR%%/images/logos/router40.png
%%NAGIOSWWWDIR%%/images/logos/san.gd2
%%NAGIOSWWWDIR%%/images/logos/san.gif
%%NAGIOSWWWDIR%%/images/logos/satellite.png
%%NAGIOSWWWDIR%%/images/logos/server.png
%%NAGIOSWWWDIR%%/images/logos/signal.png
%%NAGIOSWWWDIR%%/images/logos/slackware.gd2
%%NAGIOSWWWDIR%%/images/logos/slackware.gif
%%NAGIOSWWWDIR%%/images/logos/slackware.jpg
%%NAGIOSWWWDIR%%/images/logos/slackware.png
%%NAGIOSWWWDIR%%/images/logos/stampede.gd2
%%NAGIOSWWWDIR%%/images/logos/stampede.gif
%%NAGIOSWWWDIR%%/images/logos/stampede.jpg
%%NAGIOSWWWDIR%%/images/logos/stampede.png
%%NAGIOSWWWDIR%%/images/logos/station.gd2
%%NAGIOSWWWDIR%%/images/logos/storm.gd2
%%NAGIOSWWWDIR%%/images/logos/storm.gif
%%NAGIOSWWWDIR%%/images/logos/storm.jpg
%%NAGIOSWWWDIR%%/images/logos/storm.png
%%NAGIOSWWWDIR%%/images/logos/sun40.gd2
%%NAGIOSWWWDIR%%/images/logos/sun40.gif
%%NAGIOSWWWDIR%%/images/logos/sun40.jpg
%%NAGIOSWWWDIR%%/images/logos/sun40.png
%%NAGIOSWWWDIR%%/images/logos/sunlogo.gd2
%%NAGIOSWWWDIR%%/images/logos/sunlogo.gif
%%NAGIOSWWWDIR%%/images/logos/sunlogo.jpg
%%NAGIOSWWWDIR%%/images/logos/sunlogo.png
%%NAGIOSWWWDIR%%/images/logos/switch.gd2
%%NAGIOSWWWDIR%%/images/logos/switch.gif
%%NAGIOSWWWDIR%%/images/logos/switch40.gd2
%%NAGIOSWWWDIR%%/images/logos/switch40.gif
%%NAGIOSWWWDIR%%/images/logos/switch40.jpg
%%NAGIOSWWWDIR%%/images/logos/switch40.png
%%NAGIOSWWWDIR%%/images/logos/thin-client.gd2
%%NAGIOSWWWDIR%%/images/logos/thin-client.gif
%%NAGIOSWWWDIR%%/images/logos/turbolinux.gd2
%%NAGIOSWWWDIR%%/images/logos/turbolinux.gif
%%NAGIOSWWWDIR%%/images/logos/turbolinux.jpg
%%NAGIOSWWWDIR%%/images/logos/turbolinux.png
%%NAGIOSWWWDIR%%/images/logos/ultrapenguin.gd2
%%NAGIOSWWWDIR%%/images/logos/ultrapenguin.gif
%%NAGIOSWWWDIR%%/images/logos/ultrapenguin.jpg
%%NAGIOSWWWDIR%%/images/logos/ultrapenguin.png
%%NAGIOSWWWDIR%%/images/logos/unicos.gd2
%%NAGIOSWWWDIR%%/images/logos/unicos.gif
%%NAGIOSWWWDIR%%/images/logos/unicos.jpg
%%NAGIOSWWWDIR%%/images/logos/unicos.png
%%NAGIOSWWWDIR%%/images/logos/unknown.gd2
%%NAGIOSWWWDIR%%/images/logos/unknown.gif
%%NAGIOSWWWDIR%%/images/logos/webcamera.png
%%NAGIOSWWWDIR%%/images/logos/wifi.gd2
%%NAGIOSWWWDIR%%/images/logos/wifi.gif
%%NAGIOSWWWDIR%%/images/logos/wifi_modem.png
%%NAGIOSWWWDIR%%/images/logos/win40.gd2
%%NAGIOSWWWDIR%%/images/logos/win40.gif
%%NAGIOSWWWDIR%%/images/logos/win40.jpg
%%NAGIOSWWWDIR%%/images/logos/win40.png
%%NAGIOSWWWDIR%%/images/logos/workstation.gd2
%%NAGIOSWWWDIR%%/images/logos/workstation.gif
%%NAGIOSWWWDIR%%/images/logos/workstation.png
%%NAGIOSWWWDIR%%/images/logos/workstation_locked.png
%%NAGIOSWWWDIR%%/images/logos/yellowdog.gd2
%%NAGIOSWWWDIR%%/images/logos/yellowdog.gif
%%NAGIOSWWWDIR%%/images/logos/yellowdog.jpg
%%NAGIOSWWWDIR%%/images/logos/yellowdog.png
%%NAGIOSWWWDIR%%/images/logrotate.png
%%NAGIOSWWWDIR%%/images/ndisabled.gif
%%NAGIOSWWWDIR%%/images/noack.gif
%%NAGIOSWWWDIR%%/images/notes.gif
%%NAGIOSWWWDIR%%/images/notify.gif
%%NAGIOSWWWDIR%%/images/orangedot.gif
%%NAGIOSWWWDIR%%/images/passiveonly.gif
%%NAGIOSWWWDIR%%/images/recovery.png
%%NAGIOSWWWDIR%%/images/redudancy.png
%%NAGIOSWWWDIR%%/images/redundancy.png
%%NAGIOSWWWDIR%%/images/restart.gif
%%NAGIOSWWWDIR%%/images/right.gif
%%NAGIOSWWWDIR%%/images/sblogo.png
%%NAGIOSWWWDIR%%/images/serviceevent.gif
%%NAGIOSWWWDIR%%/images/sflogo.png
%%NAGIOSWWWDIR%%/images/splunk1.gif
%%NAGIOSWWWDIR%%/images/splunk2.gif
%%NAGIOSWWWDIR%%/images/start.gif
%%NAGIOSWWWDIR%%/images/status.gif
%%NAGIOSWWWDIR%%/images/status2.gif
%%NAGIOSWWWDIR%%/images/status3.gif
%%NAGIOSWWWDIR%%/images/status4.gif
%%NAGIOSWWWDIR%%/images/stop.gif
%%NAGIOSWWWDIR%%/images/tacdisabled.jpg
%%NAGIOSWWWDIR%%/images/tacdisabled.png
%%NAGIOSWWWDIR%%/images/tacenabled.jpg
%%NAGIOSWWWDIR%%/images/tacenabled.png
%%NAGIOSWWWDIR%%/images/thermcrit.png
%%NAGIOSWWWDIR%%/images/thermok.png
%%NAGIOSWWWDIR%%/images/thermwarn.png
%%NAGIOSWWWDIR%%/images/trends.gif
%%NAGIOSWWWDIR%%/images/trendshost.png
%%NAGIOSWWWDIR%%/images/trendssvc.png
%%NAGIOSWWWDIR%%/images/unknown.png
%%NAGIOSWWWDIR%%/images/up.gif
%%NAGIOSWWWDIR%%/images/warning.png
%%NAGIOSWWWDIR%%/images/weblogo1.png
%%NAGIOSWWWDIR%%/images/zoom1.gif
%%NAGIOSWWWDIR%%/images/zoom2.gif
%%NAGIOSWWWDIR%%/includes/rss/extlib/Snoopy.class.inc
%%NAGIOSWWWDIR%%/includes/rss/rss_cache.inc
%%NAGIOSWWWDIR%%/includes/rss/rss_fetch.inc
%%NAGIOSWWWDIR%%/includes/rss/rss_parse.inc
%%NAGIOSWWWDIR%%/includes/rss/rss_utils.inc
%%NAGIOSWWWDIR%%/includes/jquery-1.7.1.min.js
%%NAGIOSWWWDIR%%/includes/utils.inc.php
%%NAGIOSWWWDIR%%/index.php
%%NAGIOSWWWDIR%%/js/jquery-1.7.1.min.js
%%NAGIOSWWWDIR%%/main.php
%%NAGIOSWWWDIR%%/robots.txt
%%NAGIOSWWWDIR%%/rss-corefeed.php
%%NAGIOSWWWDIR%%/rss-newsfeed.php
%%NAGIOSWWWDIR%%/side.php
%%NAGIOSWWWDIR%%/stylesheets/avail.css
%%NAGIOSWWWDIR%%/stylesheets/checksanity.css
%%NAGIOSWWWDIR%%/stylesheets/cmd.css
%%NAGIOSWWWDIR%%/stylesheets/common.css
%%NAGIOSWWWDIR%%/stylesheets/config.css
%%NAGIOSWWWDIR%%/stylesheets/extinfo.css
%%NAGIOSWWWDIR%%/stylesheets/histogram.css
%%NAGIOSWWWDIR%%/stylesheets/history.css
%%NAGIOSWWWDIR%%/stylesheets/ministatus.css
%%NAGIOSWWWDIR%%/stylesheets/notifications.css
%%NAGIOSWWWDIR%%/stylesheets/outages.css
%%NAGIOSWWWDIR%%/stylesheets/showlog.css
%%NAGIOSWWWDIR%%/stylesheets/status.css
%%NAGIOSWWWDIR%%/stylesheets/statusmap.css
%%NAGIOSWWWDIR%%/stylesheets/summary.css
%%NAGIOSWWWDIR%%/stylesheets/tac.css
%%NAGIOSWWWDIR%%/stylesheets/trends.css
@dir libexec/nagios
@dir %%NAGIOSWWWDIR%%/ssi
@dir(%%NAGIOSUSER%%,%%NAGIOSGROUP%%,775) %%NAGIOSDIR%%/archives
@dir(%%NAGIOSUSER%%,%%NAGIOSGROUP%%,775) %%NAGIOSDIR%%/checkresults
@dir(%%NAGIOSUSER%%,%%WWWGRP%%,775) %%NAGIOSDIR%%/rw
@dir(%%NAGIOSUSER%%,%%NAGIOSGROUP%%,775) %%NAGIOSDIR%%
@postunexec if [ -d %%NAGIOSDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%NAGIOSDIR%%`` to remove any files left behind."; fi
@postunexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi

72
net-mgmt/nrpe/Makefile Normal file
View File

@ -0,0 +1,72 @@
PORTNAME= nrpe
DISTVERSION= 4.1.1
DISTVERSIONPREFIX= nrpe-
CATEGORIES= net-mgmt
MAINTAINER= bofh@FreeBSD.org
COMMENT?= Nagios Remote Plugin Executor
WWW= https://www.nagios.org/
LICENSE= GPLv2+
LICENSE_FILE= ${WRKSRC}/LICENSE.md
USES= perl5
USE_GITHUB= yes
GH_ACCOUNT= NagiosEnterprises
USE_PERL5= build
USE_RC_SUBR= nrpe
GNU_CONFIGURE= yes
CONFIGURE_ARGS+=--bindir=${PREFIX}/sbin \
--libexecdir=${PREFIX}/libexec/nagios \
--sysconfdir=${PREFIX}/etc \
--with-inetd-type=inetd \
--with-nrpe-user=${NAGIOSUSER} \
--with-nrpe-group=${NAGIOSGROUP} \
--with-piddir=${NRPE_PIDDIR}
SUB_FILES= pkg-message
SUB_LIST+= PIDDIR=${NRPE_PIDDIR}
USERS= ${NAGIOSUSER}
GROUPS= ${NAGIOSGROUP}
PLIST_SUB= NAGIOSUSER=${NAGIOSUSER} \
NAGIOSGROUP=${NAGIOSGROUP} \
NRPE_PIDDIR=${NRPE_PIDDIR}
OPTIONS_DEFINE= SSL ARGS
OPTIONS_DEFAULT=NAGPLUGINS SSL
OPTIONS_RADIO= PLUGINS
OPTIONS_RADIO_PLUGINS= MONPLUGINS NAGPLUGINS
ARGS_DESC= Enable command argument processing
MONPLUGINS_DESC=Use net-mgmt/monitoring-plugins
NAGPLUGINS_DESC=Use net-mgmt/nagios-plugins
ARGS_CONFIGURE_ENABLE= command-args
MONPLUGINS_RUN_DEPENDS= ${LOCALBASE}/libexec/nagios/check_nagios:net-mgmt/monitoring-plugins
NAGPLUGINS_RUN_DEPENDS= ${LOCALBASE}/libexec/nagios/check_nagios:net-mgmt/nagios-plugins
SSL_USES= ssl
SSL_CONFIGURE_ENABLE= ssl
SSL_CONFIGURE_WITH= ssl=${OPENSSLBASE} ssl-inc=${OPENSSLINC} ssl-lib=${OPENSSLLIB}
SSL_CFLAGS= -I${OPENSSLINC}
NAGIOSUSER?= nagios
NAGIOSGROUP?= nagios
NRPE_PIDDIR?= /var/run/nrpe
post-patch:
@${REINPLACE_CMD} -e 's|/var/run/nrpe.pid|${NRPE_PIDDIR}/nrpe.pid|g' \
-e 's|/usr/lib/nagios/plugins/|${LOCALBASE}/libexec/nagios/|g' \
-e 's|/usr/bin/sudo|${LOCALBASE}/bin/sudo|g' \
${WRKSRC}/sample-config/nrpe.cfg.in
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/src/nrpe ${STAGEDIR}${PREFIX}/sbin/nrpe
${MKDIR} ${STAGEDIR}${PREFIX}/libexec/nagios
${INSTALL_PROGRAM} ${WRKSRC}/src/check_nrpe ${STAGEDIR}${PREFIX}/libexec/nagios/check_nrpe
${INSTALL_DATA} ${WRKSRC}/sample-config/nrpe.cfg ${STAGEDIR}${PREFIX}/etc/nrpe.cfg.sample
.include <bsd.port.mk>

3
net-mgmt/nrpe/distinfo Normal file
View File

@ -0,0 +1,3 @@
TIMESTAMP = 1722626850
SHA256 (NagiosEnterprises-nrpe-nrpe-4.1.1_GH0.tar.gz) = ba97734d39cf67a70a7c517d7d62c57df08395df643984cac827819b5d179dae
SIZE (NagiosEnterprises-nrpe-nrpe-4.1.1_GH0.tar.gz) = 528280

51
net-mgmt/nrpe/files/nrpe.in Normal file
View File

@ -0,0 +1,51 @@
#!/bin/sh
# PROVIDE: nrpe
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable nrpe:
# nrpe_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable nrpe.
# nrpe_flags (str): Not set by default.
# nrpe_configfile (str): Set to "%%PREFIX%%/etc/nrpe.cfg" by default.
. /etc/rc.subr
name=nrpe
rcvar=nrpe_enable
load_rc_config "${name}"
: ${nrpe_enable:=NO}
: ${nrpe_configfile:=%%PREFIX%%/etc/nrpe.cfg}
required_files="${nrpe_configfile}"
command="%%PREFIX%%/sbin/nrpe"
command_args="-c ${nrpe_configfile} -d"
extra_commands=reload
sig_reload=HUP
start_precmd=nrpe_prestart
stop_precmd=find_pidfile
find_pidfile()
{
[ -n "$nrpe_pidfile" ] &&
warn "No longer necessary to set nrpe_pidfile in rc.conf[.local]"
if get_pidfile_from_conf pid_file ${nrpe_configfile}; then
pidfile="$_pidfile_from_conf"
else
pidfile='%%PIDDIR%%/nrpe.pid'
fi
}
nrpe_prestart()
{
find_pidfile
install -d -o ${nrpe_user:-nagios} ${pidfile%/*}
}
run_rc_command "$1"

18
net-mgmt/nrpe/files/patch-include_common.h.in Normal file
View File

@ -0,0 +1,18 @@
--- include/common.h.in.orig 2022-07-18 19:27:53 UTC
+++ include/common.h.in
@@ -34,10 +34,15 @@
# define OPENSSL_NO_DEPRECATED
#endif
#include <@SSL_INC_PREFIX@@SSL_HDR@>
+#include <@SSL_INC_PREFIX@crypto.h>
# ifdef SSL_TYPE_openssl
# include <@SSL_INC_PREFIX@err.h>
# include <@SSL_INC_PREFIX@rand.h>
# include <@SSL_INC_PREFIX@engine.h>
+# include <@SSL_INC_PREFIX@crypto.h>
+# if defined (LIBRESSL_VERSION_NUMBER)
+# include <@SSL_INC_PREFIX@opensslfeatures.h>
+# endif
# endif
#endif

11
net-mgmt/nrpe/files/patch-src_check__nrpe.c Normal file
View File

@ -0,0 +1,11 @@
--- src/check_nrpe.c.orig 2022-07-18 19:27:53 UTC
+++ src/check_nrpe.c
@@ -899,7 +899,7 @@ void setup_ssl()
exit(timeout_return_code);
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_max_proto_version(ctx, 0);

11
net-mgmt/nrpe/files/patch-src_nrpe.c Normal file
View File

@ -0,0 +1,11 @@
--- src/nrpe.c.orig 2022-07-18 19:27:53 UTC
+++ src/nrpe.c
@@ -357,7 +357,7 @@ void init_ssl(void)
exit(STATE_CRITICAL);
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_set_max_proto_version(ctx, 0);

12
net-mgmt/nrpe/files/pkg-message.in Normal file
View File

@ -0,0 +1,12 @@
[
{ type: install
message: <<EOM
Enable NRPE in /etc/rc.conf with the following line:
nrpe_enable="YES"
A sample configuration is available in %%PREFIX%%/etc/nrpe.cfg.sample.
Copy to nrpe.cfg where required and edit to suit your needs.
EOM
}
]

7
net-mgmt/nrpe/pkg-descr Normal file
View File

@ -0,0 +1,7 @@
nrpe is used to execute Nagios plugins on remote hosts and report the results
to the main Nagios server. From the Nagios homepage:
Allows you to execute "local" plugins (like check_disk, check_procs, etc.) on
remote hosts. The check_nrpe plugin is called from Nagios and actually makes
the plugin requests to the remote host. Requires that nrpe be running on the
remote host (either as a standalone daemon or as a service under inetd).

3
net-mgmt/nrpe/pkg-plist Normal file
View File

@ -0,0 +1,3 @@
@sample etc/nrpe.cfg.sample
libexec/nagios/check_nrpe
sbin/nrpe

242
security/openssh-portable.OTHER/Makefile
View File

@ -1,242 +0,0 @@
PORTNAME= openssh
DISTVERSION= 9.9p1
PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
PKGNAMESUFFIX?= -portable
MAINTAINER= bdrewery@FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
WWW= https://www.openssh.com/portable.html
LICENSE= OPENSSH
LICENSE_NAME= OpenSSH Licenses
LICENSE_FILE= ${WRKSRC}/LICENCE
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel
USES= alias autoreconf compiler:c11 cpe localbase ncurses \
pkgconfig ssl
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share
CONFIGURE_ARGS= --prefix=${PREFIX} \
--without-zlib-version-check \
--with-ssl-engine \
--with-mantype=man
ETCOLD= ${PREFIX}/etc
CPE_VENDOR= openbsd
FLAVORS= default hpn gssapi
default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \
openssh-portable-x509
hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \
openssh-portable-x509
hpn_PKGNAMESUFFIX= -portable-hpn
gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
openssh-portable-x509
gssapi_PKGNAMESUFFIX= -portable-gssapi
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
HPN KERB_GSSAPI \
LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD
OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F
.if ${FLAVOR:U} == hpn
OPTIONS_DEFAULT+= HPN NONECIPHER
.endif
.if ${FLAVOR:U} == gssapi
OPTIONS_DEFAULT+= KERB_GSSAPI MIT
.endif
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
BSM_DESC= OpenBSM Auditing
KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI)
HPN_DESC= HPN-SSH patch
LDNS_DESC= SSHFP/LDNS support
HEIMDAL_DESC= Heimdal Kerberos (security/heimdal)
HEIMDAL_BASE_DESC= Heimdal Kerberos (base)
MIT_DESC= MIT Kerberos (security/krb5)
NONECIPHER_DESC= NONE Cipher support
XMSS_DESC= XMSS key support (experimental)
FIDO_U2F_DESC= FIDO/U2F support (security/libfido2)
BLACKLISTD_DESC= FreeBSD blacklistd(8) support
OPTIONS_SUB= yes
PAM_EXTRA_PATCHES= ${FILESDIR}/extra-patch-pam-sshd_config
TCP_WRAPPERS_EXTRA_PATCHES=${FILESDIR}/extra-patch-tcpwrappers
LDNS_CONFIGURE_WITH= ldns=${LOCALBASE}
LDNS_LIB_DEPENDS= libldns.so:dns/ldns
LDNS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ldns
HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5
HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal
PAM_CONFIGURE_WITH= pam
TCP_WRAPPERS_CONFIGURE_WITH= tcp-wrappers
LIBEDIT_CONFIGURE_WITH= libedit
LIBEDIT_USES= libedit
BSM_CONFIGURE_ON= --with-audit=bsm
FIDO_U2F_LIB_DEPENDS= libfido2.so:security/libfido2
FIDO_U2F_CONFIGURE_ON= --with-security-key-builtin
FIDO_U2F_CONFIGURE_OFF= --disable-security-key
BLACKLISTD_EXTRA_PATCHES= ${FILESDIR}/extra-patch-blacklistd
ETCDIR?= ${PREFIX}/etc/ssh
.include <bsd.port.pre.mk>
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
# Must add this patch before HPN due to conflicts
.if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet.
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
# Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif
# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
# pull from.
GSSAPI_DEBIAN_VERSION= 9.9p1
GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1
# - Debian does not use a versioned filename so we trick fetch to make one for
# us with the ?<anything>=/ trick.
PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
# Bump this when updating the patch location
GSSAPI_DISTVERSION= 9.9p1
PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c
.endif
.if ${PORT_OPTIONS:MBLACKLISTD}
CONFIGURE_LIBS+= -lblacklist
.endif
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
#BROKEN= HPN: Not yet updated for ${DISTVERSION} yet.
PORTDOCS+= HPN-README
HPN_VERSION= 14v15
HPN_DISTVERSION= 7.7p1
#PATCH_SITES+= SOURCEFORGE/hpnssh/HPN-SSH%20${HPN_VERSION}%20${HPN_DISTVERSION}/:hpn
#PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2
.elif !${PORT_OPTIONS:MHPN} && !${PORT_OPTIONS:MNONECIPHER}
# Apply compatibility patch
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-compat
.endif
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
# Keep this last
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently
.endif
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so)
IGNORE= you have selected HEIMDAL_BASE but do not have heimdal installed in base
.endif
.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE}
. if ${PORT_OPTIONS:MHEIMDAL_BASE}
CONFIGURE_LIBS+= -lgssapi_krb5
CONFIGURE_ARGS+= --with-kerberos5=/usr
. else
CONFIGURE_LIBS+= -lgssapi_krb5
CONFIGURE_ARGS+= --with-kerberos5=${LOCALBASE}
. endif
. if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+= --without-rpath
LDFLAGS= # empty
. endif
.else
. if ${PORT_OPTIONS:MKERB_GSSAPI}
IGNORE= KERB_GSSAPI requires one of MIT HEIMDAL or HEIMDAL_BASE
. endif
.endif
.if ${OPENSSLBASE} != "/usr"
CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
.endif
EMPTYDIR= /var/empty
USE_RC_SUBR= openssh
# After all
CONFIGURE_ARGS+= --sysconfdir=${ETCDIR} --with-privsep-path=${EMPTYDIR}
.if !empty(CONFIGURE_LIBS)
CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}'
.endif
CONFIGURE_ARGS+= --with-xauth=${LOCALBASE}/bin/xauth
RC_SCRIPT_NAME= openssh
VERSION_ADDENDUM_DEFAULT?= ${OPSYS}-${PKGNAME}
CFLAGS+= ${CFLAGS_${CHOSEN_COMPILER_TYPE}}
CFLAGS_gcc= -Wno-stringop-truncation -Wno-stringop-overflow
SSH_ASKPASS_PATH?= ${LOCALBASE}/bin/ssh-askpass
post-patch:
@${REINPLACE_CMD} \
-e 's|install: \(.*\) host-key check-config|install: \1|g' \
${WRKSRC}/Makefile.in
@${REINPLACE_CMD} \
-e 's|$$[{(]libexecdir[})]/ssh-askpass|${SSH_ASKPASS_PATH}|' \
${WRKSRC}/Makefile.in ${WRKSRC}/configure.ac
@${REINPLACE_CMD} \
-e 's|\(VersionAddendum\) none|\1 ${VERSION_ADDENDUM_DEFAULT}|' \
${WRKSRC}/sshd_config
@${REINPLACE_CMD} \
-e 's|%%SSH_VERSION_FREEBSD_PORT%%|${VERSION_ADDENDUM_DEFAULT}|' \
${WRKSRC}/sshd_config.5
@${ECHO_CMD} '#define SSH_VERSION_FREEBSD_PORT "${VERSION_ADDENDUM_DEFAULT}"' >> \
${WRKSRC}/version.h
post-configure-XMSS-on:
@${ECHO_CMD} "#define WITH_XMSS 1" >> ${WRKSRC}/config.h
post-configure-BLACKLISTD-on:
@${ECHO_CMD} "#define USE_BLACKLIST 1" >> ${WRKSRC}/config.h
post-install:
${MV} ${STAGEDIR}${ETCDIR}/moduli \
${STAGEDIR}${ETCDIR}/moduli.sample
${MV} ${STAGEDIR}${ETCDIR}/ssh_config \
${STAGEDIR}${ETCDIR}/ssh_config.sample
${MV} ${STAGEDIR}${ETCDIR}/sshd_config \
${STAGEDIR}${ETCDIR}/sshd_config.sample
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/HPN-README ${STAGEDIR}${DOCSDIR}
.endif
test: build
cd ${WRKSRC} && ${SETENV} -i \
OBJ=${WRKDIR} ${MAKE_ENV:NHOME=*} \
TEST_SHELL=${SH} \
SUDO="${SUDO}" \
LOGNAME="${LOGNAME}" \
HOME="${HOME}" \
TEST_SSH_TRACE=yes \
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} tests
.include <bsd.port.post.mk>

5
security/openssh-portable.OTHER/distinfo
View File

@ -1,5 +0,0 @@
TIMESTAMP = 1728410939
SHA256 (openssh-9.9p1.tar.gz) = b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02
SIZE (openssh-9.9p1.tar.gz) = 1964864
SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864
SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233

419
security/openssh-portable.OTHER/files/extra-patch-blacklistd
View File

@ -1,419 +0,0 @@
--- blacklist.c.orig 2021-04-28 13:37:52.679784000 -0700
+++ blacklist.c 2021-04-28 13:56:45.677805000 -0700
@@ -0,0 +1,92 @@
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * Copyright (c) 2016 The FreeBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed by Kurt Lidl
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include "ssh.h"
+#include "packet.h"
+#include "log.h"
+#include "misc.h"
+#include <blacklist.h>
+#include "blacklist_client.h"
+
+static struct blacklist *blstate = NULL;
+
+/* internal definition from bl.h */
+struct blacklist *bl_create(bool, char *, void (*)(int, const char *, va_list));
+
+/* impedence match vsyslog() to sshd's internal logging levels */
+void
+im_log(int priority, const char *message, va_list args)
+{
+ LogLevel imlevel;
+
+ switch (priority) {
+ case LOG_ERR:
+ imlevel = SYSLOG_LEVEL_ERROR;
+ break;
+ case LOG_DEBUG:
+ imlevel = SYSLOG_LEVEL_DEBUG1;
+ break;
+ case LOG_INFO:
+ imlevel = SYSLOG_LEVEL_INFO;
+ break;
+ default:
+ imlevel = SYSLOG_LEVEL_DEBUG2;
+ }
+ do_log2(imlevel, message, args);
+}
+
+void
+blacklist_init(void)
+{
+
+ blstate = bl_create(false, NULL, im_log);
+}
+
+void
+blacklist_notify(int action, struct ssh *ssh, const char *msg)
+{
+
+ if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
+ (void)blacklist_r(blstate, action,
+ ssh_packet_get_connection_in(ssh), msg);
+}
--- blacklist_client.h.orig 2020-11-16 16:45:22.823087000 -0800
+++ blacklist_client.h 2020-11-16 16:45:09.761962000 -0800
@@ -0,0 +1,61 @@
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * Copyright (c) 2016 The FreeBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed by Kurt Lidl
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BLACKLIST_CLIENT_H
+#define BLACKLIST_CLIENT_H
+
+#ifndef BLACKLIST_API_ENUM
+enum {
+ BLACKLIST_AUTH_OK = 0,
+ BLACKLIST_AUTH_FAIL,
+ BLACKLIST_ABUSIVE_BEHAVIOR,
+ BLACKLIST_BAD_USER
+};
+#endif
+
+#ifdef USE_BLACKLIST
+void blacklist_init(void);
+void blacklist_notify(int, struct ssh *, const char *);
+
+#define BLACKLIST_INIT() blacklist_init()
+#define BLACKLIST_NOTIFY(x, ssh, msg) blacklist_notify(x, ssh, msg)
+
+#else
+
+#define BLACKLIST_INIT()
+#define BLACKLIST_NOTIFY(x, ssh, msg)
+
+#endif
+
+
+#endif /* BLACKLIST_CLIENT_H */
--- servconf.c.orig 2021-04-15 20:55:25.000000000 -0700
+++ servconf.c 2021-04-28 13:36:19.591999000 -0700
@@ -172,6 +172,7 @@ initialize_server_options(ServerOptions *options)
options->max_sessions = -1;
options->banner = NULL;
options->use_dns = -1;
+ options->use_blacklist = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->num_authkeys_files = 0;
@@ -410,6 +411,8 @@ fill_default_server_options(ServerOptions *options)
options->max_sessions = DEFAULT_SESSIONS_MAX;
if (options->use_dns == -1)
options->use_dns = 0;
+ if (options->use_blacklist == -1)
+ options->use_blacklist = 0;
if (options->client_alive_interval == -1)
options->client_alive_interval = 0;
if (options->client_alive_count_max == -1)
@@ -506,6 +509,7 @@ typedef enum {
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
+ sUseBlacklist,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@@ -642,6 +646,8 @@ static struct {
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
+ { "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
+ { "useblocklist", sUseBlacklist, SSHCFG_GLOBAL } /* alias */,
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
@@ -1692,6 +1698,10 @@ process_server_config_line_depth(ServerOptions *option
intptr = &options->use_dns;
goto parse_flag;
+ case sUseBlacklist:
+ intptr = &options->use_blacklist;
+ goto parse_flag;
+
case sLogFacility:
log_facility_ptr = &options->log_facility;
arg = strdelim(&cp);
@@ -2872,6 +2882,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sCompression, o->compression);
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
dump_cfg_fmtint(sUseDNS, o->use_dns);
+ dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
--- servconf.h.orig 2020-11-16 15:51:00.752090000 -0800
+++ servconf.h 2020-11-16 15:51:02.962173000 -0800
@@ -179,6 +179,7 @@ typedef struct {
int max_sessions;
char *banner; /* SSH-2 banner message */
int use_dns;
+ int use_blacklist;
int client_alive_interval; /*
* poke the client this often to
* see if it's still there
--- auth-pam.c.orig 2020-11-16 15:52:45.816578000 -0800
+++ auth-pam.c 2020-11-16 15:54:19.796583000 -0800
@@ -105,6 +105,7 @@ extern char *__progname;
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
+#include "blacklist_client.h"
extern ServerOptions options;
extern struct sshbuf *loginmsg;
@@ -916,6 +917,10 @@ sshpam_query(void *ctx, char **name, char **info,
sshbuf_free(buffer);
return (0);
}
+ /* XXX: ssh context unavailable here, unclear if this is even needed.
+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
+ the_active_state, sshpam_authctxt->user);
+ */
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user, sshpam_rhost);
--- auth.c.orig 2020-11-16 15:52:45.824171000 -0800
+++ auth.c 2020-11-16 15:57:51.091969000 -0800
@@ -76,6 +76,7 @@
#include "ssherr.h"
#include "compat.h"
#include "channels.h"
+#include "blacklist_client.h"
/* import */
extern ServerOptions options;
@@ -331,8 +332,11 @@ auth_log(struct ssh *ssh, int authenticated, int parti
authmsg = "Postponed";
else if (partial)
authmsg = "Partial";
- else
+ else {
authmsg = authenticated ? "Accepted" : "Failed";
+ if (authenticated)
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, ssh, "ssh");
+ }
if ((extra = format_method_key(authctxt)) == NULL) {
if (authctxt->auth_method_info != NULL)
@@ -586,6 +590,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
aix_restoreauthdb();
#endif
if (pw == NULL) {
+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, user);
logit("Invalid user %.100s from %.100s port %d",
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
#ifdef CUSTOM_FAILED_LOGIN
--- auth2.c.orig 2020-11-16 17:10:36.772062000 -0800
+++ auth2.c 2020-11-16 17:12:04.852943000 -0800
@@ -58,6 +58,7 @@
#include "monitor_wrap.h"
#include "digest.h"
#include "kex.h"
+#include "blacklist_client.h"
/* import */
extern ServerOptions options;
@@ -295,6 +296,7 @@ input_userauth_request(int type, u_int32_t seq, struct
} else {
/* Invalid user, fake password information */
authctxt->pw = fakepw();
+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, "ssh");
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
#endif
@@ -448,8 +450,10 @@ userauth_finish(struct ssh *ssh, int authenticated, co
} else {
/* Allow initial try of "none" auth without failure penalty */
if (!partial && !authctxt->server_caused_failure &&
- (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
authctxt->failures++;
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh");
+ }
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
--- packet.c.orig 2020-11-16 15:52:45.839070000 -0800
+++ packet.c 2020-11-16 15:56:09.285418000 -0800
@@ -96,6 +96,7 @@
#include "packet.h"
#include "ssherr.h"
#include "sshbuf.h"
+#include "blacklist_client.h"
#ifdef PACKET_DEBUG
#define DBG(x) x
@@ -1882,6 +1883,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt,
case SSH_ERR_NO_KEX_ALG_MATCH:
case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
if (ssh->kex && ssh->kex->failed_choice) {
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh");
ssh_packet_clear_keys(ssh);
errno = oerrno;
logdie("Unable to negotiate with %s: %s. "
--- sshd.c.orig 2021-08-19 21:03:49.000000000 -0700
+++ sshd.c 2021-09-10 10:37:17.926747000 -0700
@@ -123,6 +123,7 @@
#include "version.h"
#include "ssherr.h"
#include "sk-api.h"
+#include "blacklist_client.h"
#include "srclimit.h"
#include "dh.h"
@@ -2225,6 +2228,9 @@ main(int ac, char **av)
if ((loginmsg = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
auth_debug_reset();
+
+ if (options.use_blacklist)
+ BLACKLIST_INIT();
if (use_privsep) {
if (privsep_preauth(ssh) == 1)
--- Makefile.in.orig 2022-10-03 07:51:42.000000000 -0700
+++ Makefile.in 2022-10-09 10:50:06.401377000 -0700
@@ -185,6 +185,8 @@ FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(S
FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
@UNSUPPORTED_ALGORITHMS@
+LIBSSH_OBJS+= blacklist.o
+
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
$(LIBSSH_OBJS): Makefile.in config.h
--- sshd_config.orig 2020-11-16 16:57:14.276036000 -0800
+++ sshd_config 2020-11-16 16:57:42.183846000 -0800
@@ -94,6 +94,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
+#UseBlacklist no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
--- sshd_config.5.orig 2023-12-18 15:59:50.000000000 +0100
+++ sshd_config.5 2024-01-06 16:36:17.025742000 +0100
@@ -1855,6 +1855,20 @@ This option may be useful in conjunction with
is to never expire connections for having no open channels.
This option may be useful in conjunction with
.Cm ChannelTimeout .
+.It Cm UseBlacklist
+Specifies whether
+.Xr sshd 8
+attempts to send authentication success and failure messages
+to the
+.Xr blacklistd 8
+daemon.
+The default is
+.Cm no .
+For forward compatibility with an upcoming
+.Xr blacklistd
+rename, the
+.Cm UseBlocklist
+alias can be used instead.
.It Cm UseDNS
Specifies whether
.Xr sshd 8
--- monitor.c.orig 2020-11-16 17:24:03.457283000 -0800
+++ monitor.c 2020-11-16 17:25:57.642510000 -0800
@@ -96,6 +96,7 @@
#include "match.h"
#include "ssherr.h"
#include "sk-api.h"
+#include "blacklist_client.h"
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
@@ -342,8 +343,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(ssh, authenticated, partial,
auth_method, auth_submethod);
- if (!partial && !authenticated)
+ if (!partial && !authenticated) {
authctxt->failures++;
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL,
+ ssh, "ssh");
+ }
if (authenticated || partial) {
auth2_update_session_info(authctxt,
auth_method, auth_submethod);
@@ -1228,6 +1232,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct
} else {
/* Log failed attempt */
auth_log(ssh, 0, 0, auth_method, NULL);
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh");
free(cuser);
free(chost);
}

14
security/openssh-portable.OTHER/files/extra-patch-gssapi-kexgssc.c
View File

@ -1,14 +0,0 @@
Fix prototype for DH_get0_key() in kexgssgex_client().
--- kexgssc.c.orig 2020-11-24 12:26:37.222092000 -0800
+++ kexgssc.c 2020-11-24 12:26:54.801490000 -0800
@@ -31,6 +31,9 @@
#include <openssl/crypto.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include "openbsd-compat/openssl-compat.h"
+
#include <string.h>
#include "xmalloc.h"

14
security/openssh-portable.OTHER/files/extra-patch-gssapi-kexgsss.c
View File

@ -1,14 +0,0 @@
Fix prototype for DH_get0_key() in kexgssgex_server().
--- kexgsss.c.orig 2020-11-24 12:39:25.548427000 -0800
+++ kexgsss.c 2020-11-24 12:39:47.591119000 -0800
@@ -31,6 +31,9 @@
#include <openssl/crypto.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include "openbsd-compat/openssl-compat.h"
+
#include "xmalloc.h"
#include "sshbuf.h"
#include "ssh2.h"

1300
security/openssh-portable.OTHER/files/extra-patch-hpn
View File

File diff suppressed because it is too large Load Diff

46
security/openssh-portable.OTHER/files/extra-patch-hpn-compat
View File

@ -1,46 +0,0 @@
------------------------------------------------------------------------
r294563 | des | 2016-01-22 05:13:46 -0800 (Fri, 22 Jan 2016) | 3 lines
Changed paths:
M /head/crypto/openssh/servconf.c
Instead of removing the NoneEnabled option, mark it as unsupported.
(should have done this in r291198, but didn't think of it until now)
------------------------------------------------------------------------
------------------------------------------------------------------------
r294564 | des | 2016-01-22 06:22:11 -0800 (Fri, 22 Jan 2016) | 2 lines
Changed paths:
M /head/crypto/openssh/readconf.c
r294563 was incomplete; re-add the client-side options as well.
------------------------------------------------------------------------
--- readconf.c.orig 2023-12-19 17:09:41.366788000 -0800
+++ readconf.c 2023-12-19 17:10:24.155247000 -0800
@@ -329,6 +329,12 @@
{ "enableescapecommandline", oEnableEscapeCommandline },
{ "obscurekeystroketiming", oObscureKeystrokeTiming },
{ "channeltimeout", oChannelTimeout },
+ { "hpndisabled", oDeprecated },
+ { "hpnbuffersize", oDeprecated },
+ { "tcprcvbufpoll", oDeprecated },
+ { "tcprcvbuf", oDeprecated },
+ { "noneenabled", oUnsupported },
+ { "noneswitch", oUnsupported },
{ NULL, oBadOption }
};
--- servconf.c.orig 2024-09-19 15:20:48.000000000 -0700
+++ servconf.c 2024-10-07 20:18:18.259726000 -0700
@@ -746,6 +746,10 @@ static struct {
{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
{ "sshdsessionpath", sSshdSessionPath, SSHCFG_GLOBAL },
{ "refuseconnection", sRefuseConnection, SSHCFG_ALL },
+ { "noneenabled", sUnsupported, SSHCFG_ALL },
+ { "hpndisabled", sDeprecated, SSHCFG_ALL },
+ { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
+ { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};

57
security/openssh-portable.OTHER/files/extra-patch-hpn-gss-glue
View File

@ -1,57 +0,0 @@
--- sshconnect2.c.orig 2019-07-19 11:53:14.918867000 -0700
+++ sshconnect2.c 2019-07-19 11:53:16.911086000 -0700
@@ -159,11 +159,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr
char *s, *all_key;
int r;
-#if defined(GSSAPI) && defined(WITH_OPENSSL)
- char *orig = NULL, *gss = NULL;
- char *gss_host = NULL;
-#endif
-
xxx_host = host;
xxx_hostaddr = hostaddr;
@@ -197,6 +192,9 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr
}
#if defined(GSSAPI) && defined(WITH_OPENSSL)
+ char *orig = NULL, *gss = NULL;
+ char *gss_host = NULL;
+
if (options.gss_keyex) {
/* Add the GSSAPI mechanisms currently supported on this
* client to the key exchange algorithm proposal */
--- readconf.c.orig 2019-07-19 12:13:18.000312000 -0700
+++ readconf.c 2019-07-19 12:13:29.614552000 -0700
@@ -63,11 +63,11 @@
#include "readconf.h"
#include "match.h"
#include "kex.h"
+#include "ssh-gss.h"
#include "mac.h"
#include "uidswap.h"
#include "myproposal.h"
#include "digest.h"
-#include "ssh-gss.h"
/* Format of the configuration file:
--- servconf.c.orig 2019-07-19 12:14:42.078398000 -0700
+++ servconf.c 2019-07-19 12:14:43.543687000 -0700
@@ -54,6 +54,7 @@
#include "sshkey.h"
#include "kex.h"
#include "mac.h"
+#include "ssh-gss.h"
#include "match.h"
#include "channels.h"
#include "groupaccess.h"
@@ -64,7 +65,6 @@
#include "auth.h"
#include "myproposal.h"
#include "digest.h"
-#include "ssh-gss.h"
static void add_listen_addr(ServerOptions *, const char *,
const char *, int);

51
security/openssh-portable.OTHER/files/extra-patch-ldns
View File

@ -1,51 +0,0 @@
r255461 | des | 2013-09-10 17:30:22 -0500 (Tue, 10 Sep 2013) | 7 lines
Changed paths:
M /head/crypto/openssh/readconf.c
M /head/crypto/openssh/ssh_config
M /head/crypto/openssh/ssh_config.5
Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS. With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records. If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.
--- readconf.c 2013-10-03 08:15:03.496131082 -0500
+++ readconf.c 2013-10-03 08:15:22.716134315 -0500
@@ -1414,8 +1414,14 @@ fill_default_options(Options * options)
options->rekey_limit = 0;
if (options->rekey_interval == -1)
options->rekey_interval = 0;
+#if HAVE_LDNS
+ if (options->verify_host_key_dns == -1)
+ /* automatically trust a verified SSHFP record */
+ options->verify_host_key_dns = 1;
+#else
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
+#endif
if (options->server_alive_interval == -1)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
--- ssh_config 2013-10-03 08:15:03.537131330 -0500
+++ ssh_config 2013-10-03 08:15:22.755131175 -0500
@@ -44,5 +44,6 @@
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
+# VerifyHostKeyDNS yes
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
--- ssh_config.5.orig 2016-12-18 20:59:41.000000000 -0800
+++ ssh_config.5 2017-01-11 11:24:25.573200000 -0800
@@ -1635,7 +1635,10 @@ need to confirm new host keys according
.Cm StrictHostKeyChecking
option.
The default is
-.Cm no .
+.Cm yes
+if compiled with LDNS and
+.Cm no
+otherwise.
.Pp
See also
.Sx VERIFYING HOST KEYS

31
security/openssh-portable.OTHER/files/extra-patch-pam-sshd_config
View File

@ -1,31 +0,0 @@
--- sshd_config.nopam 2022-02-11 19:19:59.515475000 +0000
+++ sshd_config 2022-02-11 19:20:45.334738000 +0000
@@ -55,8 +55,8 @@
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
+# To enable tunneled clear text passwords, change to yes here!
+#PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
@@ -72,7 +72,7 @@
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-# Set this to 'yes' to enable PAM authentication, account processing,
+# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
@@ -81,7 +81,7 @@
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
-#UsePAM no
+#UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes

151
security/openssh-portable.OTHER/files/extra-patch-tcpwrappers
View File

@ -1,151 +0,0 @@
Revert TCPWRAPPER removal -bdrewery
commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054
Author: Damien Miller <djm@mindrot.org>
Date: Sun Apr 20 13:22:18 2014 +1000
- tedu@cvs.openbsd.org 2014/03/26 19:58:37
[sshd.8 sshd.c]
remove libwrap support. ok deraadt djm mfriedl
diff --git sshd.8 sshd.8
index 289e13d..e6a900b 100644
--- sshd.8
+++ sshd.8
@@ -851,6 +851,12 @@ the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
readable by anyone else.
.Pp
+.It Pa /etc/hosts.allow
+.It Pa /etc/hosts.deny
+Access controls that should be enforced by tcp-wrappers are defined here.
+Further details are described in
+.Xr hosts_access 5 .
+.Pp
.It Pa /etc/hosts.equiv
This file is for host-based authentication (see
.Xr ssh 1 ) .
@@ -954,6 +960,7 @@ The content of this file is not sensitive; it can be world-readable.
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
+.Xr hosts_access 5 ,
.Xr login.conf 5 ,
.Xr moduli 5 ,
.Xr sshd_config 5 ,
--- sshd-session.c.orig 2024-07-01 13:26:10.677919000 -0700
+++ sshd-session.c 2024-07-01 13:26:58.873906000 -0700
@@ -110,6 +110,13 @@
#include "srclimit.h"
#include "dh.h"
+#ifdef LIBWRAP
+#include <tcpd.h>
+#include <syslog.h>
+int allow_severity;
+int deny_severity;
+#endif /* LIBWRAP */
+
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -1256,7 +1263,26 @@ main(int ac, char **av)
#endif
rdomain = ssh_packet_rdomain_in(ssh);
+
+#ifdef LIBWRAP
+ allow_severity = options.log_facility|LOG_INFO;
+ deny_severity = options.log_facility|LOG_WARNING;
+ /* Check whether logins are denied from this host. */
+ if (ssh_packet_connection_is_on_socket(ssh)) {
+ struct request_info req;
+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
+ fromhost(&req);
+
+ if (!hosts_access(&req)) {
+ debug("Connection refused by tcp wrapper");
+ refuse(&req);
+ /* NOTREACHED */
+ fatal("libwrap refuse returns");
+ }
+ }
+#endif /* LIBWRAP */
+
/* Log the connection. */
laddr = get_local_ipaddr(sock_in);
verbose("Connection from %s port %d on %s port %d%s%s%s",
--- configure.ac.orig 2022-02-23 03:31:11.000000000 -0800
+++ configure.ac 2022-03-02 12:47:49.958341000 -0800
@@ -1599,6 +1599,62 @@ else
AC_MSG_RESULT([no])
fi
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+AC_ARG_WITH([tcp-wrappers],
+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+ saved_LIBS="$LIBS"
+ saved_LDFLAGS="$LDFLAGS"
+ saved_CPPFLAGS="$CPPFLAGS"
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
+ if test -d "${withval}/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "${withval}/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+ LIBS="-lwrap $LIBS"
+ AC_MSG_CHECKING([for libwrap])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <tcpd.h>
+int deny_severity = 0, allow_severity = 0;
+ ]], [[
+ hosts_access(0);
+ ]])], [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([LIBWRAP], [1],
+ [Define if you want
+ TCP Wrappers support])
+ SSHDLIBS="$SSHDLIBS -lwrap"
+ TCPW_MSG="yes"
+ ], [
+ AC_MSG_ERROR([*** libwrap missing])
+
+ ])
+ LIBS="$saved_LIBS"
+ fi
+ ]
+)
+
# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
@@ -5593,6 +5649,7 @@ echo " PAM support: $PAM_MSG"
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " libldns support: $LDNS_MSG"
echo " Solaris process contract support: $SPC_MSG"

5
security/openssh-portable.OTHER/files/extra-patch-version-addendum
View File

@ -1,5 +0,0 @@
--- servconf.c.orig 2015-03-28 23:08:41.296700000 -0500
+++ servconf.c 2015-03-28 23:08:54.016291000 -0500
@@ -318 +318 @@
- options->version_addendum = xstrdup("");
+ options->version_addendum = xstrdup(SSH_VERSION_FREEBSD_PORT);

179
security/openssh-portable.OTHER/files/openssh.in
View File

@ -1,179 +0,0 @@
#!/bin/sh
# PROVIDE: openssh
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable openssh:
#
# openssh_enable (bool): Set it to "YES" to enable openssh.
# Default is "NO".
# openssh_flags (flags): Set extra flags to openssh.
# Default is "". see sshd(1).
# openssh_pidfile (file): Set full path to pid file.
. /etc/rc.subr
name="openssh"
rcvar=openssh_enable
load_rc_config ${name}
: ${openssh_enable:="NO"}
: ${openssh_skipportscheck="NO"}
# These only control ssh-keygen automatically generating host keys.
: ${openssh_dsa_enable="YES"}
: ${openssh_dsa_flags=""}
: ${openssh_rsa_enable="YES"}
: ${openssh_rsa_flags=""}
: ${openssh_ecdsa_enable="YES"}
: ${openssh_ecdsa_flags=""}
: ${openssh_ed25519_enable="YES"}
: ${openssh_ed25519_flags=""}
command=%%PREFIX%%/sbin/sshd
extra_commands="configtest reload keygen"
start_precmd="${name}_checks"
reload_precmd="${name}_checks"
restart_precmd="${name}_checks"
configtest_cmd="${name}_configtest"
keygen_cmd="${name}_keygen"
pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
openssh_keygen()
{
local skip_dsa= skip_rsa= skip_ecdsa= skip_ed25519=
checkyesno openssh_dsa_enable || skip_dsa=y
checkyesno openssh_rsa_enable || skip_rsa=y
checkyesno openssh_ecdsa_enable || skip_ecdsa=y
checkyesno openssh_ed25519_enable || skip_ed25519=y
if [ \( -n "$skip_dsa" -o -f %%ETCDIR%%/ssh_host_dsa_key \) -a \
\( -n "$skip_rsa" -o -f %%ETCDIR%%/ssh_host_rsa_key \) -a \
\( -n "$skip_ecdsa" -o -f %%ETCDIR%%/ssh_host_ecdsa_key \) -a \
\( -n "$skip_ed25519" -o -f %%ETCDIR%%/ssh_host_ed25519_key \) ]; then
return 0
fi
umask 022
# Can't do anything if ssh is not installed
[ -x %%PREFIX%%/bin/ssh-keygen ] ||
err 1 "%%PREFIX%%/bin/ssh-keygen does not exist."
if [ -f %%ETCDIR%%/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in %%ETCDIR%%/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
elif checkyesno openssh_dsa_enable; then
%%PREFIX%%/bin/ssh-keygen -t dsa $openssh_dsa_flags \
-f %%ETCDIR%%/ssh_host_dsa_key -N ''
fi
if [ -f %%ETCDIR%%/ssh_host_rsa_key ]; then
echo "You already have a RSA host key" \
"in %%ETCDIR%%/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
elif checkyesno openssh_rsa_enable; then
%%PREFIX%%/bin/ssh-keygen -t rsa $openssh_rsa_flags \
-f %%ETCDIR%%/ssh_host_rsa_key -N ''
fi
if [ -f %%ETCDIR%%/ssh_host_ecdsa_key ]; then
echo "You already have a Elliptic Curve DSA host key" \
"in %%ETCDIR%%/ssh_host_ecdsa_key"
echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
elif checkyesno openssh_ecdsa_enable; then
%%PREFIX%%/bin/ssh-keygen -t ecdsa $openssh_ecdsa_flags \
-f %%ETCDIR%%/ssh_host_ecdsa_key -N ''
fi
if [ -f %%ETCDIR%%/ssh_host_ed25519_key ]; then
echo "You already have a Elliptic Curve ED25519 host key" \
"in %%ETCDIR%%/ssh_host_ed25519_key"
echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
elif checkyesno openssh_ed25519_enable; then
%%PREFIX%%/bin/ssh-keygen -t ed25519 $openssh_ed22519_flags \
-f %%ETCDIR%%/ssh_host_ed25519_key -N ''
fi
}
openssh_check_same_ports(){
# check if opensshd don't use base system sshd's port
#
# openssh binds ports in priority (lowest first):
# Port from sshd_config
# -p option from command line
# ListenAddress addr:port from sshd_config
#check if opensshd-portable installed in replacement of base sshd
if [ "%%ETCDIR%%" = "/etc/ssh" ]; then
return 1
fi
self_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' %%ETCDIR%%/sshd_config)
if [ -z "$self_port" ]; then
self_port=$(echo $openssh_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$self_port" ]; then
self_port=$(awk '$1~/^Port/ {print $2}' \
%%ETCDIR%%/sshd_config)
fi
fi
# assume default 22 port
if [ -z "$self_port" ]; then
self_port=22
fi
load_rc_config "sshd"
base_sshd_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' /etc/ssh/sshd_config)
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(echo $sshd_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(awk '$1~/^Port/ {print $2}' \
/etc/ssh/sshd_config)
fi
fi
if [ -z "$base_sshd_port" ]; then
base_sshd_port=22
fi
# self_port and base_sshd_port may have multiple values. Compare them all
for sport in ${self_port}; do
for bport in ${base_sshd_port}; do
[ ${sport} -eq ${bport} ] && return 0
done
done
return 1
}
openssh_configtest()
{
echo "Performing sanity check on ${name} configuration."
eval ${command} ${openssh_flags} -t
}
openssh_checks()
{
if checkyesno sshd_enable ; then
if openssh_check_same_ports && ! checkyesno openssh_skipportscheck; then
err 1 "sshd_enable is set, but $name and /usr/sbin/sshd use the same port"
fi
fi
openssh_keygen
openssh_configtest
}
run_rc_command "$1"

10
security/openssh-portable.OTHER/files/patch-regress__test-exec.sh
View File

@ -1,10 +0,0 @@
--- regress/test-exec.sh.orig 2015-04-03 18:20:32.256126000 UTC
+++ regress/test-exec.sh 2015-04-03 18:20:41.599903000 -0500
@@ -408,6 +408,7 @@ cat << EOF > $OBJ/sshd_config
LogLevel DEBUG3
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
+ PermitRootLogin yes
Subsystem sftp $SFTPSERVER
EOF

52
security/openssh-portable.OTHER/files/patch-servconf.c
View File

@ -1,52 +0,0 @@
r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/myproposal.h
M /head/crypto/openssh/readconf.c
M /head/crypto/openssh/servconf.c
Apply FreeBSD's configuration defaults.
--- servconf.c.orig 2024-07-01 13:30:30.284417000 -0700
+++ servconf.c 2024-07-01 13:31:20.040132000 -0700
@@ -46,6 +46,7 @@
# include "openbsd-compat/glob.h"
#endif
+#include "version.h"
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
@@ -295,7 +296,11 @@ fill_default_server_options(ServerOptions *options)
/* Portable-specific options */
if (options->use_pam == -1)
- options->use_pam = 0;
+#ifdef USE_PAM
+ options->use_pam = 1;
+#else
+ options->use_pam = 0;
+#endif
if (options->pam_service_name == NULL)
options->pam_service_name = xstrdup(SSHD_PAM_SERVICE);
@@ -339,7 +344,7 @@ fill_default_server_options(ServerOptions *options)
if (options->print_lastlog == -1)
options->print_lastlog = 1;
if (options->x11_forwarding == -1)
- options->x11_forwarding = 0;
+ options->x11_forwarding = 1;
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
if (options->x11_use_localhost == -1)
@@ -381,7 +386,11 @@ fill_default_server_options(ServerOptions *options)
if (options->gss_strict_acceptor == -1)
options->gss_strict_acceptor = 1;
if (options->password_authentication == -1)
+#ifdef USE_PAM
+ options->password_authentication = 0;
+#else
options->password_authentication = 1;
+#endif
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 1;
if (options->permit_empty_passwd == -1)

78
security/openssh-portable.OTHER/files/patch-session.c
View File

@ -1,78 +0,0 @@
bdrewery:
- Refactor and simplify original commit.
- Stop setting TERM=su without a term.
------------------------------------------------------------------------
r99055 | des | 2002-06-29 04:21:58 -0700 (Sat, 29 Jun 2002) | 6 lines
Changed paths:
M /head/crypto/openssh/session.c
Make sure the environment variables set by setusercontext() are passed on
to the child process.
Reviewed by: ache
Sponsored by: DARPA, NAI Labs
--- session.c.orig 2021-04-15 20:55:25.000000000 -0700
+++ session.c 2021-04-27 13:11:13.515917000 -0700
@@ -942,7 +942,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui
}
#endif /* HAVE_ETC_DEFAULT_LOGIN */
-#if defined(USE_PAM) || defined(HAVE_CYGWIN)
+#if defined(USE_PAM) || defined(HAVE_CYGWIN) || defined(HAVE_LOGIN_CAP)
static void
copy_environment_denylist(char **source, char ***env, u_int *envsize,
const char *denylist)
@@ -1052,7 +1052,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
- if (!options.use_pam) {
+ /* FreeBSD PAM doesn't set default "MAIL" */
+ if (1 || !options.use_pam) {
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
child_set_env(&env, &envsize, "MAIL", buf);
@@ -1063,6 +1064,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+#ifdef HAVE_LOGIN_CAP
+ /* Load environment from /etc/login.conf setenv directives. */
+ {
+ extern char **environ;
+ char **senv, **var;
+
+ senv = environ;
+ environ = xmalloc(sizeof(char *));
+ *environ = NULL;
+ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV);
+ copy_environment_denylist(environ, &env, &envsize, NULL);
+ for (var = environ; *var != NULL; ++var)
+ free(*var);
+ free(environ);
+ environ = senv;
+ }
+#endif
if (s->term)
child_set_env(&env, &envsize, "TERM", s->term);
if (s->display)
@@ -1281,7 +1299,7 @@ do_nologin(struct passwd *pw)
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
return;
- nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
+ nl = (char*)login_getcapstr(lc, "nologin", def_nl, def_nl);
#else
if (pw->pw_uid == 0)
return;
@@ -1365,7 +1383,7 @@ do_setusercontext(struct passwd *pw)
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
+ (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
perror("unable to set user context");
exit(1);
}

26
security/openssh-portable.OTHER/files/patch-ssh-agent.1
View File

@ -1,26 +0,0 @@
--- UTC
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
--- ssh-agent.1.orig 2020-02-13 16:40:54.000000000 -0800
+++ ssh-agent.1 2020-03-21 17:03:22.952068000 -0700
@@ -43,7 +43,7 @@
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c | s
-.Op Fl \&Dd
+.Op Fl \&Ddx
.Op Fl a Ar bind_address
.Op Fl E Ar fingerprint_hash
.Op Fl P Ar provider_whitelist
@@ -125,6 +125,8 @@ A lifetime specified for an identity with
.Xr ssh-add 1
overrides this value.
Without this option the default maximum lifetime is forever.
+.It Fl x
+Exit after the last client has disconnected.
.It Ar command Op Ar arg ...
If a command (and optional arguments) is given,
this is executed as a subprocess of the agent.

97
security/openssh-portable.OTHER/files/patch-ssh-agent.c
View File

@ -1,97 +0,0 @@
--- UTC
r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
--- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800
+++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800
@@ -196,11 +196,28 @@
/* Refuse signing of non-SSH messages for web-origin FIDO keys */
static int restrict_websafe = 1;
+/*
+ * Client connection count; incremented in new_socket() and decremented in
+ * close_socket(). When it reaches 0, ssh-agent will exit. Since it is
+ * normally initialized to 1, it will never reach 0. However, if the -x
+ * option is specified, it is initialized to 0 in main(); in that case,
+ * ssh-agent will exit as soon as it has had at least one client but no
+ * longer has any.
+ */
+static int xcount = 1;
+
static void
close_socket(SocketEntry *e)
{
size_t i;
+ int last = 0;
+ if (e->type == AUTH_CONNECTION) {
+ debug("xcount %d -> %d", xcount, xcount - 1);
+ if (--xcount == 0)
+ last = 1;
+ }
+
close(e->fd);
sshbuf_free(e->input);
sshbuf_free(e->output);
@@ -213,6 +230,8 @@
memset(e, '\0', sizeof(*e));
e->fd = -1;
e->type = AUTH_UNUSED;
+ if (last)
+ cleanup_exit(0);
}
static void
@@ -1893,6 +1912,10 @@
debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" :
(type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN"));
+ if (type == AUTH_CONNECTION) {
+ debug("xcount %d -> %d", xcount, xcount + 1);
+ ++xcount;
+ }
set_nonblock(fd);
if (fd > max_fd)
@@ -2184,7 +2207,7 @@
usage(void)
{
fprintf(stderr,
- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
" [-O option] [-P allowed_providers] [-t life]\n"
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n"
" [-P allowed_providers] [-t life] command [arg ...]\n"
@@ -2218,6 +2241,7 @@
/* drop */
(void)setegid(getgid());
(void)setgid(getgid());
+ (void)setuid(geteuid());
platform_disable_tracing(0); /* strict=no */
@@ -2229,7 +2253,7 @@
__progname = ssh_get_progname(av[0]);
seed_rng();
- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
+ while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:x")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -2280,6 +2304,9 @@
fprintf(stderr, "Invalid lifetime\n");
usage();
}
+ break;
+ case 'x':
+ xcount = 0;
break;
default:
usage();

33
security/openssh-portable.OTHER/files/patch-ssh.c
View File

@ -1,33 +0,0 @@
--- UTC
r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/ssh.c
Canonicize the host name before looking it up in the host file.
--- ssh.c.orig 2018-04-02 05:38:28 UTC
+++ ssh.c
@@ -1281,6 +1281,23 @@ main(int ac, char **av)
ssh_digest_free(md);
conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
+ /* Find canonic host name. */
+ if (strchr(host, '.') == 0) {
+ struct addrinfo hints;
+ struct addrinfo *ai = NULL;
+ int errgai;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = options.address_family;
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_socktype = SOCK_STREAM;
+ errgai = getaddrinfo(host, NULL, &hints, &ai);
+ if (errgai == 0) {
+ if (ai->ai_canonname != NULL)
+ host = xstrdup(ai->ai_canonname);
+ freeaddrinfo(ai);
+ }
+ }
+
/*
* Expand tokens in arguments. NB. LocalCommand is expanded later,
* after port-forwarding is set up, so it may pick up any local

13
security/openssh-portable.OTHER/files/patch-ssh_config.5
View File

@ -1,13 +0,0 @@
--- UTC
--- ssh_config.5.orig 2020-11-16 11:53:55.871161000 -0800
+++ ssh_config.5 2020-11-16 12:43:41.763006000 -0800
@@ -434,6 +433,8 @@ in the process, regardless of the setting of
If the option is set to
.Cm no ,
the check will not be executed.
+The default is
+.Cm no .
.It Cm Ciphers
Specifies the ciphers allowed and their order of preference.
Multiple ciphers must be comma-separated.

26
security/openssh-portable.OTHER/files/patch-sshd.8
View File

@ -1,26 +0,0 @@
--- UTC
Document FreeBSD/port-specific paths
--- sshd.8.orig 2010-08-04 21:03:13.000000000 -0600
+++ sshd.8 2010-09-14 16:14:14.000000000 -0600
@@ -70,7 +70,7 @@
.Nm
listens for connections from clients.
It is normally started at boot from
-.Pa /etc/rc .
+.Pa /usr/local/etc/rc.d/openssh .
It forks a new
daemon for each incoming connection.
The forked daemons handle
@@ -384,8 +384,9 @@
If the login is on a tty, records login time.
.It
Checks
-.Pa /etc/nologin ;
-if it exists, prints contents and quits
+.Pa /etc/nologin and
+.Pa /var/run/nologin ;
+if one exists, it prints the contents and quits
(unless root).
.It
Changes to run with normal user privileges.

101
security/openssh-portable.OTHER/files/patch-sshd.c
View File

@ -1,101 +0,0 @@
--- UTC
r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines
Changed paths:
M /head/crypto/openssh/sshd.c
Force early initialization of the resolver library, since the resolver
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
r199804 | attilio | 2009-11-25 09:12:24 -0600 (Wed, 25 Nov 2009) | 13 lines
Changed paths:
M /head/crypto/openssh/sshd.c
M /head/usr.sbin/cron/cron/cron.c
M /head/usr.sbin/inetd/inetd.c
M /head/usr.sbin/syslogd/syslogd.c
Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
r206397 | kib | 2010-04-08 07:07:40 -0500 (Thu, 08 Apr 2010) | 8 lines
Changed paths:
M /head/crypto/openssh/sshd.c
Enhance r199804 by marking the daemonised child as immune to OOM instead
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.
--- sshd.c.orig 2024-06-30 21:36:28.000000000 -0700
+++ sshd.c 2024-07-01 13:44:05.739756000 -0700
@@ -28,6 +28,7 @@
#include <sys/types.h>
#include <sys/ioctl.h>
+#include <sys/mman.h>
#include <sys/socket.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -69,6 +70,13 @@
#include <prot.h>
#endif
+#ifdef __FreeBSD__
+#include <resolv.h>
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#endif
+
#include "xmalloc.h"
#include "ssh.h"
#include "sshpty.h"
@@ -1671,7 +1679,30 @@ main(int ac, char **av)
for (i = 0; i < options.num_log_verbose; i++)
log_verbose_add(options.log_verbose[i]);
+#ifdef __FreeBSD__
/*
+ * Initialize the resolver. This may not happen automatically
+ * before privsep chroot().
+ */
+ if ((_res.options & RES_INIT) == 0) {
+ debug("res_init()");
+ res_init();
+ }
+#ifdef GSSAPI
+ /*
+ * Force GSS-API to parse its configuration and load any
+ * mechanism plugins.
+ */
+ {
+ gss_OID_set mechs;
+ OM_uint32 minor_status;
+ gss_indicate_mechs(&minor_status, &mechs);
+ gss_release_oid_set(&minor_status, &mechs);
+ }
+#endif
+#endif
+
+ /*
* If not in debugging mode, not started from inetd and not already
* daemonized (eg re-exec via SIGHUP), disconnect from the controlling
* terminal, and fork. The original process exits.
@@ -1687,6 +1718,10 @@ main(int ac, char **av)
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ /* Avoid killing the process in high-pressure swapping environments. */
+ if (!inetd_flag && madvise(NULL, 0, MADV_PROTECT) != 0)
+ debug("madvise(): %.200s", strerror(errno));
+
/*
* Chdir to the root directory so that the current disk can be
* unmounted if desired.

34
security/openssh-portable.OTHER/files/patch-sshd_config
View File

@ -1,34 +0,0 @@
!!!
!!! Note files/extra-patch-pam-sshd_config contains more changes for default PAM option.
!!!
--- sshd_config.orig 2022-02-11 18:49:55.062881000 +0000
+++ sshd_config 2022-02-11 18:52:31.639435000 +0000
@@ -10,6 +10,9 @@
# possible, but leave them commented. Uncommented options override the
# default value.
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -37,8 +40,7 @@
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
@@ -84,7 +86,7 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

57
security/openssh-portable.OTHER/files/patch-sshd_config.5
View File

@ -1,57 +0,0 @@
--- sshd_config.5.orig 2022-02-11 18:50:00.822679000 +0000
+++ sshd_config.5 2022-02-11 19:09:05.162504000 +0000
@@ -701,7 +701,9 @@
.Qq ssh -Q HostbasedAcceptedAlgorithms .
This was formerly named HostbasedAcceptedKeyTypes.
.It Cm HostbasedAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
+Specifies whether rhosts or
+.Pa /etc/hosts.equiv
+authentication together
with successful public key client host authentication is allowed
(host-based authentication).
The default is
@@ -1416,6 +1434,13 @@
.Cm ethernet .
The default is
.Cm no .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
+.Cm yes ,
+the root user may be allowed in with its password even if
+.Cm PermitRootLogin is set to
+.Cm without-password .
.Pp
Independent of this setting, the permissions of the selected
.Xr tun 4
@@ -1774,12 +1799,19 @@
.Xr sshd 8
as a non-root user.
The default is
+.Cm yes ,
+unless
+.Nm sshd
+was built without PAM support, in which case the default is
.Cm no .
.It Cm VersionAddendum
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
-.Cm none .
+.Cm %%SSH_VERSION_FREEBSD_PORT%% .
+The value
+.Cm none
+may be used to disable this.
.It Cm X11DisplayOffset
Specifies the first display number available for
.Xr sshd 8 Ns 's
@@ -1793,7 +1825,7 @@
or
.Cm no .
The default is
-.Cm no .
+.Cm yes .
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the

13
security/openssh-portable.OTHER/pkg-descr
View File

@ -1,13 +0,0 @@
OpenBSD's OpenSSH portable version
Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems).
The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.

22
security/openssh-portable.OTHER/pkg-message
View File

@ -1,22 +0,0 @@
[
{ type: install
message: <<EOM
To enable this port, add openssh_enable="YES" in your rc.conf. To
prevent conflict with openssh in the base system add sshd_enable="NO"
in your rc.conf. Also you can configure openssh at another TCP port (via
sshd_config 'Port' and 'Listen' options or via 'openssh_flags'
variable in rc.conf) and run it in same time with base sshd.
'PermitRootLogin no' is the default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system. Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.
Users are encouraged to create single-purpose users with ssh keys, disable
Password authentication by setting 'PasswordAuthentication no' and
'ChallengeResponseAuthentication no', and to define very narrow sudo
privileges instead of using root for automated tasks.
EOM
}
]

32
security/openssh-portable.OTHER/pkg-plist
View File

@ -1,32 +0,0 @@
bin/scp
bin/sftp
bin/ssh
bin/ssh-add
bin/ssh-agent
bin/ssh-keygen
bin/ssh-keyscan
@sample %%ETCDIR%%/moduli.sample
@sample %%ETCDIR%%/ssh_config.sample
@sample %%ETCDIR%%/sshd_config.sample
@postexec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi
sbin/sshd
libexec/sftp-server
libexec/ssh-keysign
libexec/ssh-pkcs11-helper
libexec/ssh-sk-helper
libexec/sshd-session
share/man/man1/sftp.1.gz
share/man/man1/ssh-add.1.gz
share/man/man1/ssh-agent.1.gz
share/man/man1/ssh-keygen.1.gz
share/man/man1/ssh-keyscan.1.gz
share/man/man1/scp.1.gz
share/man/man1/ssh.1.gz
share/man/man5/moduli.5.gz
share/man/man5/ssh_config.5.gz
share/man/man5/sshd_config.5.gz
share/man/man8/sftp-server.8.gz
share/man/man8/ssh-keysign.8.gz
share/man/man8/ssh-pkcs11-helper.8.gz
share/man/man8/ssh-sk-helper.8.gz
share/man/man8/sshd.8.gz

2
security/sudo/Makefile
View File

@ -1,5 +1,5 @@
PORTNAME= sudo PORTNAME= sudo
PORTVERSION= 1.9.16p1 PORTVERSION= 1.9.16p2
CATEGORIES= security CATEGORIES= security
MASTER_SITES= SUDO MASTER_SITES= SUDO

6
security/sudo/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1731468346 TIMESTAMP = 1732568670
SHA256 (sudo-1.9.16p1.tar.gz) = 404994e23ae8bcf4be59ed6fd3759ad70a8cefa9bcf71640b33f176afec243b0 SHA256 (sudo-1.9.16p2.tar.gz) = 976aa56d3e3b2a75593307864288addb748c9c136e25d95a9cc699aafa77239c
SIZE (sudo-1.9.16p1.tar.gz) = 5396038 SIZE (sudo-1.9.16p2.tar.gz) = 5398419