Commit graph

31 commits

Author SHA1 Message Date
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
wiz
9d27f90a6f opencdk shlib major changed; bump ABI depends and PKGREVISIONs of
affected packages.
2007-06-05 05:36:59 +00:00
shannonjr
43de302502 Update to 0.9.14. Changes:
- Implement TCP keepalive settings on platform that support it,
  check client.conf for details.
- When reading prelude-adduser password from a file, remove
  newline at the end of the string (fix #221).
- When we fail to read an IDMEF message, provide more information
  about the place where the error happened.
- Fix an issue with idmef_path_get() on empty path (pointing to the
  root message).
- Various bug fixes and minor API improvements.
2007-05-15 22:40:19 +00:00
shannonjr
8b44742330 Update to 0.9.13.2. Changes:
- Improve error reporting with the central option interface.
- Fix a bug when comparing IDMEF object with optional fields.
- Fix a problem with the logger, where large log entry wouldn't be
logged.
2007-04-09 12:46:48 +00:00
shannonjr
a106f6a657 Update to 0.9.13. Changes:
- Fix a crash with Python bindings upon signal reception (Fix #200).
- New --with-system-ltdl configure switch. The default is now to use the
  system wide ltdl library if it is available, unless specified otherwise
  (Fix #199).
- Prevent NULL pointer dereference if no permission is specified after the
  permission type (Fix #197).
- Upon IDMEFCriteria parsing error, recover from broken parser stater (Fix #195).
- Detailed error reporting on IDMEFCriteria parsing error.
- Fix string and possible criteria leak on IDMEFCriteria syntax error.
- Prefer anonymous authentication rather than SRP. We do this because there
  are compatibility issue with SRP between different GnuTLS version
  (Should fix #187).
- When dumping AdditionalData of type byte-string to string, encode the data using base64.
2007-02-20 15:13:02 +00:00
shannonjr
6fdf599c60 Update to 0.9.11. Changes:
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
  considered public and might be used by external application. Rename
  error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
  number as the position of the element from the low level API now allow
  to position the element at the specified (reversed) index. Using the
  high level API a negative index permit to address a list of element
  backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
  (do it for both val1 and val2. Remove assertion, and let
  idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
  path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.
2006-10-11 14:46:10 +00:00
rillig
9b5c8ba117 Replaced GENERATE_PLIST with PLIST_SRC, as suggested by wiz. 2006-08-31 18:02:41 +00:00
rillig
e2b089accc Fixed a few pkglint warnings. 2006-08-31 13:11:23 +00:00
rillig
a32b5110cb Fixed the PLISTs according to Krister's latest bulk build on NetBSD 3.0.
Made the "perl" option work and tested all four option combinations.
2006-08-31 13:04:54 +00:00
wiz
e773592447 Add master site entry for times when pkgsrc doesn't have the completely
latest version.
2006-08-23 18:51:56 +00:00
shannonjr
76f2c55f8d 1) Added PLIST.perl for perl option
2) Bumped PKGREVISION
2006-08-23 11:34:59 +00:00
shannonjr
5c585d04b1 1) Fixed problem where 64-bit minimums are set using 32-bit arithmetic
2) PLIST correction
2006-08-23 10:51:25 +00:00
shannonjr
5ae116d696 Update to 0.9.10.1. Changes:
- Fix checking for swig/perl/python when full path to the
  application is specified.
- Fix OpenBSD getaddrinfo() AI_ADDRCONFIG issue (apply to
  some other system as well).
- Fix workaround for system with broken libtool,
  that prevented the use of plugin (#168).
2006-08-17 11:31:40 +00:00
jlam
c16221a4db Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.

For example, "make show-buildlink3" in fonts/Xft2 displays:

	zlib
	fontconfig
	    iconv
	    zlib
	    freetype2
	    expat
	freetype2
	Xrender
	    renderproto
2006-07-08 23:10:35 +00:00
jlam
9430e49307 Track information in a new variable BUILDLINK_ORDER that informs us
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
2006-07-08 22:38:58 +00:00
shannonjr
94b0b5b82d Removed temporary code that should not have been committed in my last
update.
2006-06-08 22:07:24 +00:00
shannonjr
c1bcede8ad Update to libprelude 0.9.9. Changes:
- Correct IDMEF v16 checksum algorithms letter case.
- Detailed, verbose error reporting when failing to read IDMEF message.
- Detailed, verbose error reporting for unsupported value operation.
2006-06-06 12:19:30 +00:00
shannonjr
dd9afe4bfc Updated to libprelude 0.9.8. Changes:
- Improve idmef-path error reporting.
- Rework configure script so that it use --with[out] in
  place of --(en|dis)able where we deal with external dependencies.
- Rework configure script so that --with[out] work as expected (enabling and
  disabling the feature, explicit error if "with" feature is explicitly
  specified but the feature it is unavailable, etc).
- Rework SNMPService class for IDMEF draft 16 compliance.
- Make sure we set alert CreateTime if the caller did not do it for us.
- Fix handling of \r\n terminated line.
- Ignore character that are part of the option value when comparing
  option specified using --option=value. Fix handling of parent option.
2006-05-04 13:13:17 +00:00
shannonjr
1f001e809d Update to 0.9.7.2. This is a bugfix release. 2006-04-24 10:19:20 +00:00
jlam
802ce74fcb Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 00:12:35 +00:00
joerg
fd43603386 Use configuration file framework. Bump revision. 2006-04-12 19:40:51 +00:00
rillig
96fc47c14f Aligned the last line of the buildlink3.mk files with the first line, so
that they look nicer.
2006-04-12 10:26:59 +00:00
reed
5abef9be14 Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).
2006-04-06 06:21:32 +00:00
shannonjr
a157089097 Update to 0.9.7.
Changes:

- Fix an issue with system using both IP v4 and v6 interfaces which
  doesn't allow binding both 0.0.0.0 and :: .

- Add autoconf detection for libgcrypt: this fix a build issue for
  distribution shipping with broken libgnutls-config script.

- Generate Perl and Python bindings for the prelude-timer API.

- Fix for upcoming plugin that doesn't provide an activation option.

- Various bug fixes.
2006-03-10 22:19:29 +00:00
wiz
35af66a196 Belatedly bump PKGREVISION for all libtasn1 dependencies, since
libtasn1 had a shlib major bump.
Also update dependencies in bl3.mk files.

Addresses PR 32998 by Robert Elz.
2006-03-06 00:18:10 +00:00
shannonjr
688a149f12 Update to 0.9.6.1.
Changes:

* libprelude-0.9.6.1:

- Flex generated file build fix for FreeBSD / NetBSD.

* libprelude-0.9.6:

- Implement workaround for buggy libtool that will fail
  looking up symbol with preopening enabled in case the
  libtool archive is missing. Lot of distribution package
  seem to suffer from this.

- idmef-path API improvement, allow user to specify negative
  index to address the list in reverse. Developer are now
  supposed to use IDMEF_LIST_APPEND (in place of index -1) and
  IDMEF_LIST_PREPEND (in place of 0) on listed object operation.

- idmef-path API improvement: support for (<<) and (>>) listed
  object index, meaning to prepend the object / to append it,
  as well as (*) meaning to retrieve all object from a list. This
  deprecate the usage of (-1) previously used for appending.

- Fix deconnection problem in client reading mode.

- Improve option parsing: option value can now be provided using
  --option=value. This format is now a requirement for option that
  use an optional argument. Provide arguments information in the
  option help.

- Fix deadlock on asynchronous prelude-client destruction.

- Definitely fix the problem where prelude-adduser will, on some system,
  listen to Ipv6 IP address as the default: we now bind every address
  returned by getaddrinfo().

- Fix crash in case of successive call to prelude_init(), prelude_deinit(),
  then prelude_init() again.

- Introduce --passwd and --passwd-file option for prelude-adduser
  register and registration-server mode, allowing to specify one shot
  password on the command line, from a file, or from stdin.

- Verbose error handling for prelude-adduser.

- Fix perl bindings, make them more robust by adding type checking, and fix
  memory leak.

- Fix parsing of string based broken down time criterion.

- Handle configuration file containing \r.

- Fix prelude_read_multiline2() return value (fix Prelude-Manager
  idmef-criteria-filter plugin).

- Fix a bug in per thread error handling code which resulted in NULL
  error to be returned in case an application thread exited.

- Various bug fixes.
2006-03-04 12:35:31 +00:00
shannonjr
422f3dd3aa Update to 0.9.5. Changes:
- More TLS cleanup.
- Application can now report error without using specific prelude_client
  error reporting function.
- More work and improved verbose error reporting.
- Fix compilation problem with prelude_error_is_verbose() (#130).
Compilation problem on NetBSD 1.6 and OpenBSD has been fixed so patch-ad
is deleted.
2006-02-08 09:58:46 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
shannonjr
64282fe5d3 Fix build problem on NetBSD 1.6, and possibly other operating systems, where
ENOTSUP is not defined.
2006-02-05 13:23:14 +00:00
shannonjr
aa2cd422bc Update to 0.9.4. Changes:
- Some useful API addition.
- Much improved, verbose error reporting.
- Cleaned up TLS handling, various bugfix.
- In case an error occur when verifying the peer certificate,
  notify the peer about the failure.

The Prelude Library is the glue that binds all aspects of Prelude
together. It is a library which enables Prelude components to
communicate with the Prelude Manager. It also makes it easy for third
party software to be made 'Prelude Aware' (able to communicate with
Prelude components). It provide common, useful features used by every
sensor.
2006-01-31 10:44:45 +00:00
shannonjr
33cbcbfe63 Prelude is a hybrid IDS consisting of multiple
sensors, managers, and a display console. LibPrelude
is the glue that binds all aspects of Prelude together.
LibPrelude is a library which enables Prelude
components to communicate in a standard IDMEF method.

This is one of several new packages in the Prelude family.
2006-01-29 15:54:04 +00:00