aboutsummaryrefslogtreecommitdiffstats
path: root/security/tripwire12
diff options
context:
space:
mode:
authorsteve <steve@FreeBSD.org>2000-05-29 10:27:45 +0800
committersteve <steve@FreeBSD.org>2000-05-29 10:27:45 +0800
commit5374dadbe2f9fe4de60279faa6f731be33c1efea (patch)
treed2b61092080388a76d1356df9de009c6a9ea6c88 /security/tripwire12
parent45f2d56bbe4482bf0ac6ab1cdc6a3ce962bde3c5 (diff)
downloadfreebsd-ports-gnome-5374dadbe2f9fe4de60279faa6f731be33c1efea.tar.gz
freebsd-ports-gnome-5374dadbe2f9fe4de60279faa6f731be33c1efea.tar.zst
freebsd-ports-gnome-5374dadbe2f9fe4de60279faa6f731be33c1efea.zip
- Fix some of the compiler warnings (see patches/patch-warnings)
- Fix the Makefiles to obey the CC and CFLAGS settings - Fix patches/patch-ab to be PREFIX/LOCALBASE safe - Fix the post-install to not compress the gunzip and tripwire executables that go onto a floppy -- there is no support for the gzip-ed ELF binaries at all, and even for the older AOUT ones such support was optional - Replaces the /kernel with `sysctl -n kern.bootfile` in the tw.conf as the tw.conf.freebsd2 is copied into the right place. - Replace the use of mktemp(3) with tmpfile(3) (see patches/patch-mktemp). This also caused a removal of a few buffers (of size MAXPATHLEN+256) and quite a few strcpy and sprintf invocations. PR: 18634 Submitted by: Mikhail Teterin <mi@aldan.algebra.com>
Diffstat (limited to 'security/tripwire12')
-rw-r--r--security/tripwire12/Makefile24
-rw-r--r--security/tripwire12/files/patch-ab61
-rw-r--r--security/tripwire12/files/patch-mktemp239
-rw-r--r--security/tripwire12/files/patch-warnings33
-rw-r--r--security/tripwire12/pkg-plist1
5 files changed, 329 insertions, 29 deletions
diff --git a/security/tripwire12/Makefile b/security/tripwire12/Makefile
index 070bc8b1ceb8..7c2c4ed201c3 100644
--- a/security/tripwire12/Makefile
+++ b/security/tripwire12/Makefile
@@ -20,30 +20,38 @@ NO_PACKAGE= "requires local database to be built"
RESTRICTED= "contains crypto class algorithms"
post-extract:
- @ (cd ${WRKDIR}; tar xf T1.2.tar)
+ @ (cd ${WRKDIR}; tar xpf T1.2.tar)
+
+post-patch:
+ @${PERL} -pi -e 's|/secureplace/bin|${PREFIX}/bin|g;' \
+ -e 's|/usr/man|${PREFIX}/man|g;' ${WRKSRC}/Makefile
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
- @ ${CP} ${FILESDIR}/tw.conf.freebsd2 ${WRKSRC}/configs/tw.conf.freebsd2
+ @ ${SED} s%/kernel%`sysctl -bn kern.bootfile`% \
+ < ${FILESDIR}/tw.conf.freebsd2 \
+ > ${WRKSRC}/configs/tw.conf.freebsd2
post-install:
@ ${MKDIR} /var/adm/tcheck
@ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
- @ ${ECHO} Creating tripwire database
+ # Creating tripwire database
@ (cd /var/adm/tcheck; tripwire -initialize)
.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
+ # preparing the floppy
@ disklabel -w -B /dev/rfd0c fd1440
@ newfs -u 0 -t 0 -i 196608 -m 0 -T minimum -o space /dev/rfd0c
- @ mount /dev/fd0c /mnt
- @ ${GZIP_CMD} < ${PREFIX}/bin/tripwire > /mnt/tripwire
+ mount /dev/fd0c /mnt
+ # transferring things to the floppy
@ ${CP} -p /var/adm/tcheck/tw.config /mnt/tw.config
@ ${GZIP_CMD} < /var/adm/tcheck/databases/tw.db_`hostname` \
> /mnt/tw.db_`hostname`.gz
- @ ${CP} -p ${FILESDIR}/twcheck /mnt/twcheck
- @ ${GZIP_CMD} < /usr/bin/gunzip > /mnt/gunzip
+ @ ${CP} -p ${FILESDIR}/twcheck /usr/bin/gunzip \
+ ${PREFIX}/bin/tripwire \
+ /mnt/
@ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
@ umount /mnt
- @ ${ECHO} Do not forget to remove and write-protect the floppy.
+ # Do not forget to remove and write-protect the floppy.
.endif
.include <bsd.port.mk>
diff --git a/security/tripwire12/files/patch-ab b/security/tripwire12/files/patch-ab
index b7db1c46c099..7dcf3348984f 100644
--- a/security/tripwire12/files/patch-ab
+++ b/security/tripwire12/files/patch-ab
@@ -1,28 +1,23 @@
-*** Makefile.orig Mon Jul 25 10:59:41 1994
+*** Makefile Mon Jul 25 10:59:41 1994
--- Makefile Thu Jan 2 12:04:35 1997
***************
-*** 12,21 ****
- ###
-
- # destination directory for final executables
-! DESTDIR = /secureplace/bin
-
- # destination for man pages
-! MANDIR = /usr/man
-
- # system utilities
- LEX = lex
---- 12,21 ----
- ###
-
- # destination directory for final executables
-! DESTDIR = /usr/local/bin
+*** 34,36 ****
+ # you can use ANSI C if you like, but K&R is equally fine.
+! CC = cc # common
+ #CC = gcc # also common
+--- 34,36 ----
+ # you can use ANSI C if you like, but K&R is equally fine.
+! #CC = cc # common
+ #CC = gcc # also common
+***************
+*** 38,40 ****
- # destination for man pages
-! MANDIR = /usr/local/man
+! CFLAGS = -O # common
+ #CFLAGS = -g # common
+--- 38,40 ----
- # system utilities
- LEX = lex
+! #CFLAGS = -O # common
+ #CFLAGS = -g # common
***************
*** 60,66 ****
#CPP = /lib/cpp # on older systems
@@ -41,3 +36,27 @@
#LDFLAGS= -non_shared # OSF/1
#LDFLAGS= -Bstatic # SunOS 4 (cannot statically link tripwire
# on Solaris 2.3)
+
+
+--- src/Makefile.orig Mon Jul 25 10:40:54 1994
++++ src/Makefile Sun May 28 15:52:25 2000
+@@ -3,7 +3,7 @@
+ # Tripwire build
+ #
+
+-CFLAGS = -O
++#CFLAGS = -O
+
+ OFILES = config.parse.o main.o list.o ignorevec.o dbase.build.o \
+ utils.o preen.o preen.interp.o preen.report.o \
+@@ -103,8 +103,9 @@
+ .c.o:
+ $(CC) $(CFLAGS) -c $<
+
+-install: tripwire
++install: tripwire siggen
+ $(INSTALL) tripwire $(DESTDIR)
++ $(INSTALL) siggen $(DESTDIR)
+
+ clean:
+ -rm -f $(OFILES) config.lex.c config.pre.c y.tab.c lex.yy.c help.c \
diff --git a/security/tripwire12/files/patch-mktemp b/security/tripwire12/files/patch-mktemp
new file mode 100644
index 000000000000..3e871d4b6e5b
--- /dev/null
+++ b/security/tripwire12/files/patch-mktemp
@@ -0,0 +1,239 @@
+This patches replace all uses of the (potentially insecure) mktemp(3)
+with a much safer tmpfile(3).
+
+--- src/config.parse.c Wed Jul 20 21:03:26 1994
++++ src/config.parse.c Wed May 17 17:30:22 2000
+@@ -55,7 +55,6 @@
+ #endif
+
+ /* prototypes */
+-char *mktemp();
+ static void configfile_descend();
+
+ #ifndef L_tmpnam
+@@ -86,7 +85,6 @@
+ char ignorestring[1024];
+ char s[MAXPATHLEN+1024];
+ char configfile[MAXPATHLEN+512];
+- char *tmpfilename;
+ char number[128];
+ int entrynum = 0;
+ int err;
+@@ -98,18 +96,6 @@
+ if (!printpreprocess && !quietmode)
+ fputs("### Phase 1: Reading configuration file\n", stderr);
+
+- /* generate temporary file name */
+- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
+- perror("configfile_read: malloc()");
+- exit(1);
+- };
+- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
+-
+- if ((char *) mktemp(tmpfilename) == NULL) {
+- perror("configfile_read: mktemp()");
+- exit(1);
+- }
+-
+ /* generate configuration file name */
+ if (specified_configmode != SPECIFIED_FILE)
+ sprintf(configfile, "%s/%s", config_path, config_file);
+@@ -149,25 +135,17 @@
+
+ err = umask(077); /* to protect the tempfile */
+
+- if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
+- sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
+- perror(s);
+- exit(1);
+- }
+- (void) umask(err); /* return it to its former state */
+-
+- /* The following unlink accomplishes two things:
++ /* The use of tmpfile(3) accomplishes two things:
+ * 1) if the program terminates, we won't leave a temp
+ * file sitting around with potentially sensitive names
+ * in it.
+ * 2) the file is "hidden" while we run
+ */
+- if (unlink(tmpfilename) < 0) {
+- perror("configfile_read: unlink()");
++ if ((fpout = tmpfile()) == NULL) {
++ perror("tmpfile");
+ exit(1);
+ }
+- free(tmpfilename);
+-
++ (void) umask(err); /* return it to its former state */
+
+ /*
+ * pass 0: preprocess file
+--- src/dbase.build.c Mon Jul 25 11:24:09 1994
++++ src/dbase.build.c Wed May 17 18:22:14 2000
+@@ -66,7 +66,6 @@
+ int files_scanned_num = 0;
+
+ /* prototypes */
+-char *mktemp();
+ static void database_record_write();
+
+ char backupfile[MAXPATHLEN+256];
+@@ -125,17 +124,7 @@
+
+ /* where do we write the new database? */
+ if (mode == DBASE_TEMPORARY) {
+- char *tmpfilename = (char *) malloc(strlen(TEMPFILE_TEMPLATE)+1);
+- if (tmpfilename == NULL)
+- die_with_err("malloc() failed in database_build", (char *) NULL);
+- (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
+-
+- if ((char *) mktemp(tmpfilename) == NULL)
+- die_with_err("database_build: mktemp()", (char *) NULL);
+-
+- (void) strcpy(tempdatabase_file, tmpfilename);
+- (void) strcpy(database, tempdatabase_file);
+- free(tmpfilename);
++ /* do nothing */
+ } /* end if temporary database */
+ else if (mode == DBASE_UPDATE) {
+ sprintf(database, "./databases/%s", database_file);
+@@ -224,6 +213,12 @@
+ }
+
+ /* rebuild the database */
++ if (mode == DBASE_TEMPORARY) {
++ fpw = tmpfile();
++ if (fpw == NULL)
++ die_with_err("call tmpfile(3) failed. Check your TMPDIR setting",
++ NULL);
++ } else
+ if ((fpw = fopen(database, "w")) == NULL)
+ die_with_err("Hint: Maybe the database directory '%s' doesn't exist? fopen()", database);
+
+@@ -369,6 +364,6 @@
+
+- /* we don't want to allow anyone to spoof the temporary file in /tmp */
++ /* if the database was temporary, the file was opened by tmpfile(3) --
++ as such, it can not be accessed by anything but this process */
+ if (mode == DBASE_TEMPORARY) {
+- if ((fptempdbase = freopen(database, "r", fpw)) == NULL)
+- die_with_err("temporary database file disappeared?!?", database);
++ fptempdbase = fpw;
+ rewind(fptempdbase);
+--- src/main.c Fri Aug 26 04:23:03 1994
++++ src/main.c Wed May 17 18:01:00 2000
+@@ -108,7 +108,6 @@
+ char *database_path = DATABASE_PATH;
+ char *config_path = CONFIG_PATH;
+
+-char tempdatabase_file[MAXPATHLEN+256];
+ FILE *fptempdbase;
+
+ char *defaultignore = DEFAULTIGNORE;
+--- src/preen.c Mon Jul 25 11:24:11 1994
++++ src/preen.c Wed May 17 18:22:22 2000
+@@ -37,7 +37,6 @@
+ static int numentriesread = 0; /* running count of @@contents */
+
+ /* prototypes */
+-char *mktemp();
+ static void olddbasefile_load();
+
+ char *updatemodes[] = {
+@@ -97,9 +96,6 @@
+ preen_report(interactive, ppp_updateentries);
+ if (!specified_configmode)
+ (void) fclose(fp_in);
+-
+- /* remove the temporary database file */
+- (void) unlink(tempdatabase_file);
+
+ SPDEBUG(3) printf("*** leaving update_gather()\n");
+
+--- src/siggen.c Mon Jul 25 11:24:12 1994
++++ src/siggen.c Wed May 17 18:36:51 2000
+@@ -52,7 +52,6 @@
+
+ extern int optind;
+ int debuglevel = 0;
+-char *mktemp();
+
+ int (*pf_signatures [NUM_SIGS]) () = {
+ SIG0FUNC,
+@@ -84,7 +83,6 @@
+ };
+ int verbosity = 0;
+ int quietmode = 0;
+-char *tmpfilename = NULL;
+ int readstdin = 0;
+
+
+@@ -167,19 +167,6 @@
+ FILE *fpout;
+- /* generate temporary file name */
+- if ((tmpfilename = (char *) malloc(L_tmpnam + MAXPATHLEN)) == NULL) {
+- perror("main: malloc()");
+- exit(1);
+- };
+- (void) strcpy(tmpfilename, "/tmp/twzXXXXXX");
+-
+- if ((char *) mktemp(tmpfilename) == NULL) {
+- perror("siggen: mktemp()");
+- exit(1);
+- }
+
+ /* output */
+- if (!(fpout = fopen(tmpfilename, "w"))) {
+- char err[1024];
+- sprintf(err, "main: fopen(%s)", tmpfilename);
+- perror(err);
++ if (!(fpout = tmpfile())) {
++ perror("tmpfile()");
+ exit(1);
+@@ -189,12 +176,6 @@
+ putc(c, fpout);
+- fclose(fpout);
+- if ((fd = open(tmpfilename, O_RDONLY)) < 0) {
+- perror("siggen: open");
+- exit(1);
+- }
+- if (siggen(fd) < 0)
++ rewind(fpout);
++ if (siggen(fileno(fpout)) < 0)
+ errors++;
+
+- if (fd)
+- close(fd);
++ close(fd);
+- unlink(tmpfilename);
+--- src/utils.c Mon Jul 25 12:23:16 1994
++++ src/utils.c Wed May 17 18:21:38 2000
+@@ -785,23 +785,15 @@
+ int
+ fd_tempfilename_generate()
+ {
+- char tmp[MAXPATHLEN+256];
+- int fd;
++ FILE *tmp;
+
+- (void) strcpy(tmp, TEMPFILE_TEMPLATE);
+- if ((char *) mktemp(tmp) == NULL) {
+- perror("tempfilename_generate: mktemp()");
++ tmp = tmpfile();
++ if (tmp == NULL) {
++ perror("tempfilename_generate: tmpfile()");
+ exit(1);
+ }
+
+- if ((fd = open(tmp, O_RDWR | O_CREAT, 0600)) < 0) {
+- perror("tempfilename_generate: open()");
+- exit(1);
+- }
+- /* unlink right away to make sure no one can tamper with our file */
+- unlink(tmp);
+-
+- return fd;
++ return fileno(tmp);
+ }
+
+ /*
diff --git a/security/tripwire12/files/patch-warnings b/security/tripwire12/files/patch-warnings
new file mode 100644
index 000000000000..ddd14eff68c6
--- /dev/null
+++ b/security/tripwire12/files/patch-warnings
@@ -0,0 +1,33 @@
+This patches remove some of the warnings produced by the compiler.
+
+--- src/siggen.c Mon Jul 25 11:24:12 1994
++++ src/siggen.c Wed May 17 19:15:29 2000
+@@ -15,2 +15,3 @@
+ #include "../include/config.h"
++#include <unistd.h>
+ #include <stdio.h>
+@@ -104,4 +104,6 @@
++
++/* forward declaration, to avoid compiler warnings */
++int siggen(int);
+
+ int
+ main(argc, argv)
+--- aux/byteorder.c Fri Jul 15 07:02:36 1994
++++ aux/byteorder.c Wed May 17 19:12:42 2000
+@@ -22,3 +22,3 @@
+
+-void
++int
+ main()
+@@ -34,2 +34,3 @@
+
++#warning "the shift-width warning below can be ignored"
+ if (sizeof(int32) > 4)
+--- aux/types.c Sun Dec 12 23:02:27 1993
++++ aux/types.c Wed May 17 19:23:21 2000
+@@ -24,3 +24,3 @@
+
+-void
++int
+ main(argc, argv)
diff --git a/security/tripwire12/pkg-plist b/security/tripwire12/pkg-plist
index 8d1eef3d62d7..f34115341fbe 100644
--- a/security/tripwire12/pkg-plist
+++ b/security/tripwire12/pkg-plist
@@ -1 +1,2 @@
+bin/siggen
bin/tripwire