From owner-freebsd-ports-bugs@FreeBSD.ORG  Sat Nov 27 01:00:34 2010
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 681741065674
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat, 27 Nov 2010 01:00:34 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2600D8FC0C
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sat, 27 Nov 2010 01:00:34 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oAR10Yj6014355
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sat, 27 Nov 2010 01:00:34 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oAR10XhF014332;
	Sat, 27 Nov 2010 01:00:33 GMT (envelope-from gnats)
Resent-Date: Sat, 27 Nov 2010 01:00:33 GMT
Resent-Message-Id: <201011270100.oAR10XhF014332@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Sofian Brabez <sbrabez@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BCEE0106564A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 27 Nov 2010 00:58:56 +0000 (UTC)
	(envelope-from sbrabez@gmail.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 476908FC12
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sat, 27 Nov 2010 00:58:55 +0000 (UTC)
Received: by wwb39 with SMTP id 39so4844wwb.31
	for <FreeBSD-gnats-submit@freebsd.org>;
	Fri, 26 Nov 2010 16:58:55 -0800 (PST)
Received: by 10.216.156.21 with SMTP id l21mr484336wek.0.1290819534399;
	Fri, 26 Nov 2010 16:58:54 -0800 (PST)
Received: from localhost (mna75-2-81-57-226-6.fbx.proxad.net [81.57.226.6])
	by mx.google.com with ESMTPS id x15sm1205035weq.31.2010.11.26.16.58.53
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Fri, 26 Nov 2010 16:58:53 -0800 (PST)
Message-Id: <4cf057cd.0fedd80a.75e0.709d@mx.google.com>
Date: Fri, 26 Nov 2010 16:58:53 -0800 (PST)
From: Sofian Brabez <sbrabez@gmail.com>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: jadawin@FreeBSD.org
Subject: ports/152607: [patch] security/rkhunter: update to 1.3.8
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Nov 2010 01:00:34 -0000


>Number:         152607
>Category:       ports
>Synopsis:       [patch] security/rkhunter: update to 1.3.8
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 27 01:00:33 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Sofian Brabez
>Release:        FreeBSD 8.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD freebsd81 8.1-STABLE FreeBSD 8.1-STABLE #1: Tue Aug 31 22:46:46 CEST 2010
>Description:
- Update to 1.3.8

Added file(s):
- files/patch-files__rkhunter.conf

Removed file(s):
- files/patch-rkhunter
- files/patch-rkhunter.conf

Port maintainer (jadawin@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:

--- rkhunter-1.3.8.patch begins here ---
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/Makefile /tmp/rkhunter/Makefile
--- /usr/ports/security/rkhunter/Makefile	2010-01-25 09:34:48.000000000 +0100
+++ /tmp/rkhunter/Makefile	2010-11-25 02:01:44.000000000 +0100
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	rkhunter
-PORTVERSION=	1.3.6
+PORTVERSION=	1.3.8
 CATEGORIES=	security
 MASTER_SITES=	SF
 
@@ -21,12 +21,11 @@
 
 USE_PERL5=	yes
 NO_BUILD=	yes
-SUB_FILES=	415.rkhunter
+SUB_FILES=	415.${PORTNAME}
 
-MAN8=		rkhunter.8
+MAN8=		${PORTNAME}.8
 MANCOMPRESSED=	no
 
-DOCSDIR=	${PREFIX}/share/doc/${PORTNAME}-${PORTVERSION}
 PORTDOCS=	ACKNOWLEDGMENTS CHANGELOG FAQ LICENSE README
 
 .include <bsd.port.pre.mk>
@@ -45,10 +44,10 @@
 
 do-install:
 	cd ${WRKSRC} && ./installer.sh --layout custom ${PREFIX} --install
-	${INSTALL_MAN} ${WRKSRC}/files/rkhunter.8 \
+	${INSTALL_MAN} ${WRKSRC}/files/${PORTNAME}.8 \
 		${MAN8PREFIX}/man/man8
 	@${MKDIR} ${PREFIX}/etc/periodic/security
-	${INSTALL_SCRIPT} ${WRKDIR}/415.rkhunter ${PREFIX}/etc/periodic/security
+	${INSTALL_SCRIPT} ${WRKDIR}/415.${PORTNAME} ${PREFIX}/etc/periodic/security
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/files/|} ${DOCSDIR}
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/distinfo /tmp/rkhunter/distinfo
--- /usr/ports/security/rkhunter/distinfo	2010-01-25 09:34:48.000000000 +0100
+++ /tmp/rkhunter/distinfo	2010-11-25 00:12:05.000000000 +0100
@@ -1,3 +1,2 @@
-MD5 (rkhunter-1.3.6.tar.gz) = 41bd92b1ea0803401c4a45215c8293a2
-SHA256 (rkhunter-1.3.6.tar.gz) = e3f5e21307e4876da4bc4a1521a86f1cda93ad22d4c77366876d7c170dcefc10
-SIZE (rkhunter-1.3.6.tar.gz) = 217691
+SHA256 (rkhunter-1.3.8.tar.gz) = fb1fb8bac53bab476142b5556140c59d589bc0f45d3dc058f400f2edada77a33
+SIZE (rkhunter-1.3.8.tar.gz) = 241551
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/415.rkhunter.in /tmp/rkhunter/files/415.rkhunter.in
--- /usr/ports/security/rkhunter/files/415.rkhunter.in	2008-01-07 19:50:36.000000000 +0100
+++ /tmp/rkhunter/files/415.rkhunter.in	2010-11-25 03:19:26.000000000 +0100
@@ -5,7 +5,9 @@
 # This is a maintenance shell script for the rkhunter security tool.
 # You can enable this script in /etc/periodic.conf file by putting these lines into it:
 #	daily_rkhunter_update_enable="YES"
+#	daily_rkhunter_update_flags="--update --nocolors"
 #	daily_rkhunter_check_enable="YES"
+#	daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
 #
 # Written by: Gabor Kovesdan <gabor@FreeBSD.org>
 
@@ -14,12 +16,15 @@
    source_periodic_confs
 fi
 
+: ${daily_rkhunter_update_flags="--update --nocolors"}
+: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"}
+
 case "$daily_rkhunter_update_enable" in
   [Yy][Ee][Ss])
 
 	echo ""
 	echo "Updating the rkhunter database..."
-	%%PREFIX%%/bin/rkhunter --update --nocolors
+	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags}
 	;;
 esac
 
@@ -28,6 +33,6 @@
 
 	echo ""
 	echo "Running rkhunter..."
-	%%PREFIX%%/bin/rkhunter --checkall --nocolors --skip-keypress
+	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags}
 	;;
 esac
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-files__rkhunter.conf /tmp/rkhunter/files/patch-files__rkhunter.conf
--- /usr/ports/security/rkhunter/files/patch-files__rkhunter.conf	1970-01-01 01:00:00.000000000 +0100
+++ /tmp/rkhunter/files/patch-files__rkhunter.conf	2010-11-27 02:40:12.000000000 +0100
@@ -0,0 +1,62 @@
+--- ./files/rkhunter.conf.orig	2010-11-13 21:25:22.000000000 +0100
++++ ./files/rkhunter.conf	2010-11-27 02:39:40.000000000 +0100
+@@ -93,7 +93,7 @@
+ # important files will be written to this directory, so be
+ # sure that the directory permissions are tight.
+ #
+-#TMPDIR=/var/lib/rkhunter/tmp
++TMPDIR=/root
+ 
+ #
+ # Specify the database directory to use.
+@@ -213,7 +213,8 @@
+ # file, then a value here of 'unset' can be used to avoid warning messages.
+ # This option has a default value of 'no'.
+ #
+-ALLOW_SSH_ROOT_USER=no
++#ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=unset
+ 
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -224,7 +225,8 @@
+ # configuration file, then a value of '2' may be set here in order to
+ # suppress a warning message. This option has a default value of '0'.
+ #
+-ALLOW_SSH_PROT_V1=0
++#ALLOW_SSH_PROT_V1=0
++ALLOW_SSH_PROT_V1=2
+ 
+ #
+ # This setting tells rkhunter the directory containing the SSH configuration
+@@ -466,6 +468,10 @@
+ #
+ #SCRIPTWHITELIST="/sbin/ifup /sbin/ifdown"
+ #SCRIPTWHITELIST="/usr/bin/groups"
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/sbin/adduser
++SCRIPTWHITELIST=/usr/local/bin/GET
++SCRIPTWHITELIST=/usr/local/sbin/pkgdb
+ 
+ #
+ # Allow the specified commands to have the immutable attribute set.
+@@ -475,6 +481,10 @@
+ # characters.
+ #
+ #IMMUTWHITELIST="/sbin/ifup /sbin/ifdown"
++IMMUTWHITELIST=/usr/bin/login
++IMMUTWHITELIST=/usr/bin/passwd
++IMMUTWHITELIST=/usr/bin/su
++IMMUTWHITELIST=/sbin/init
+ 
+ #
+ # If this option is set to 1, then the immutable-bit test is
+@@ -665,7 +675,7 @@
+ # NOTE: For *BSD systems you will probably need to use this option
+ # for the 'toor' account.
+ #
+-#UID0_ACCOUNTS="toor rooty"
++UID0_ACCOUNTS="toor"
+ 
+ #
+ # Allow the following accounts to have no password. NIS/YP entries do
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-installer.sh /tmp/rkhunter/files/patch-installer.sh
--- /usr/ports/security/rkhunter/files/patch-installer.sh	2010-01-25 09:34:48.000000000 +0100
+++ /tmp/rkhunter/files/patch-installer.sh	2010-11-27 02:40:12.000000000 +0100
@@ -1,26 +1,38 @@
---- installer.sh.orig	2010-01-23 12:14:34.000000000 +0000
-+++ installer.sh	2010-01-23 12:14:51.000000000 +0000
-@@ -657,22 +657,7 @@
+--- ./installer.sh.orig	2010-11-16 22:34:48.000000000 +0100
++++ ./installer.sh	2010-11-27 02:40:03.000000000 +0100
+@@ -366,10 +366,10 @@
+ 	else
+ 		RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
+ 		RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
+-		RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}-${APPVERSION}"
++		RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}"
+ 	fi
+ 
+-	RKHINST_MAN_DIR="${SHAREDIR}/man/man8"
++	RKHINST_MAN_DIR="${PREFIX}/man/man8"
+ 	RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"
+ 
+ 	RKHINST_ETC_FILE="${APPNAME}.conf"
+@@ -765,22 +765,6 @@
  		esac
  	done
  
 -
 -	# Application documents
 -	for FILE in ${RKHINST_DOC_FILES}; do
--		cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}"
+-		cp -f ./files/"${FILE}" "${RKHINST_DOC_DIR}" >/dev/null 2>&1
 -		ERRCODE=$?
 -
 -		if [ $ERRCODE -eq 0 ]; then
 -			echo " Installing ${FILE}: OK"
 -			chmod "${RKHINST_MODE_RWR}" "${RKHINST_DOC_DIR}/${FILE}"
 -		else
--			echo " Installing ${FILE}: FAILED: Code $ERRCODE: exiting."
+-			echo " Installing ${FILE}: FAILED: Code $ERRCODE"
 -			exit 1
 -		fi
 -	done
 -
 -
-+	
  	# Language support files
  	ERRCODE=0
  
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-rkhunter /tmp/rkhunter/files/patch-rkhunter
--- /usr/ports/security/rkhunter/files/patch-rkhunter	2009-03-16 23:01:34.000000000 +0100
+++ /tmp/rkhunter/files/patch-rkhunter	1970-01-01 01:00:00.000000000 +0100
@@ -1,13 +0,0 @@
---- files/rkhunter.orig	2009-02-17 14:24:32.000000000 -0500
-+++ files/rkhunter	2009-02-17 14:25:25.000000000 -0500
-@@ -8448,8 +8448,8 @@
- 	SOCKSTAT_CMD=`find_cmd sockstat`
- 
- 	if [ -n "${SOCKSTAT_CMD}" -a -n "${NETSTAT_CMD}" -a -n "${SORT_CMD}" -a -n "${UNIQ_CMD}" ]; then
--		SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} -n | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}`
--		NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c24-32 | grep -v '\*' | tr -d ' ' | tr -d '\t' | ${SORT_CMD} | ${UNIQ_CMD}`
-+		SOCKSTAT_OUTPUT=`${SOCKSTAT_CMD} | grep '\*[:.]\*' | cut -c1-55 | grep '\*[:.]' | cut -c39-47 | grep -v '\*' | tr -d ' ' | ${SORT_CMD} | ${UNIQ_CMD}`
-+		NETSTAT_OUTPUT=`${NETSTAT_CMD} -an | egrep -v 'TIME_WAIT|ESTABLISHED|SYN_SENT|CLOSE_WAIT|LAST_ACK|SYN_RECV|CLOSING' | cut -c1-44 | grep '\*\.' | cut -c23-31 | grep -v '\*' | tr -d ' ' | tr -d '\t' | tr -d '.' | ${SORT_CMD} | ${UNIQ_CMD}`
- 
- 		if [ "${SOCKSTAT_OUTPUT}" = "${NETSTAT_OUTPUT}" ]; then
- 			display --to SCREEN+LOG --type PLAIN --result OK --color GREEN --log-indent 2 --screen-indent 4 ROOTKIT_OS_BSD_SOCKNET
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/files/patch-rkhunter.conf /tmp/rkhunter/files/patch-rkhunter.conf
--- /usr/ports/security/rkhunter/files/patch-rkhunter.conf	2008-04-29 13:51:34.000000000 +0200
+++ /tmp/rkhunter/files/patch-rkhunter.conf	1970-01-01 01:00:00.000000000 +0100
@@ -1,59 +0,0 @@
---- files/rkhunter.conf.orig	2008-03-14 10:19:30.000000000 +0100
-+++ files/rkhunter.conf	2008-03-14 10:21:43.000000000 +0100
-@@ -76,6 +76,7 @@
- # sure that the directory permissions are tight.
- #
- #TMPDIR=/var/lib/rkhunter/tmp
-+TMPDIR=/root
- 
- #
- # Specify the database directory to use.
-@@ -154,7 +155,8 @@
- # file, then a value here of 'yes' or 'unset' will not cause a warning.
- # This option has a default value of 'no'.
- #
--ALLOW_SSH_ROOT_USER=no
-+#ALLOW_SSH_ROOT_USER=no
-+ALLOW_SSH_ROOT_USER=unset
- 
- #
- # Set this option to '1' to allow the use of the SSH-1 protocol, but note
-@@ -165,7 +167,8 @@
- # configuration file, then a value of '2' may be set here in order to
- # suppress a warning message. This option has a default value of '0'.
- #
--ALLOW_SSH_PROT_V1=0
-+#ALLOW_SSH_PROT_V1=0
-+ALLOW_SSH_PROT_V1=2
- 
- #
- # This setting tells rkhunter the directory containing the SSH configuration
-@@ -278,12 +281,20 @@
- #SCRIPTWHITELIST=/sbin/ifup
- #SCRIPTWHITELIST=/sbin/ifdown
- #SCRIPTWHITELIST=/usr/bin/groups
-+SCRIPTWHITELIST=/usr/bin/whatis
-+SCRIPTWHITELIST=/usr/sbin/adduser
-+SCRIPTWHITELIST=/usr/local/bin/GET
-+SCRIPTWHITELIST=/usr/local/sbin/pkgdb
- 
- #
- # Allow the specified commands to have the immutable attribute set.
- # One command per line (use multiple IMMUTWHITELIST lines).
- #
- #IMMUTWHITELIST=/sbin/ifup
-+IMMUTWHITELIST=/usr/bin/login
-+IMMUTWHITELIST=/usr/bin/passwd
-+IMMUTWHITELIST=/usr/bin/su
-+IMMUTWHITELIST=/sbin/init
- 
- #
- # Allow the specified hidden directories.
-@@ -434,6 +445,7 @@
- # Note: For *BSD systems you may need to enable this for the 'toor' account.
- #
- #UID0_ACCOUNTS="toor rooty"
-+UID0_ACCOUNTS="toor"
- 
- #
- # Allow the following accounts to have no password. This option is a
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/pkg-message /tmp/rkhunter/pkg-message
--- /usr/ports/security/rkhunter/pkg-message	2006-09-10 17:40:17.000000000 +0200
+++ /tmp/rkhunter/pkg-message	2010-11-25 03:23:29.000000000 +0100
@@ -5,10 +5,12 @@
 This can be done automatically by putting this line to /etc/periodic.conf:
 
 daily_rkhunter_update_enable="YES"
+daily_rkhunter_update_flags="--update --nocolors"
 
 Also, you can run rkhunter as a part of the daily security check by
 putting this line to /etc/periodic.conf:
 
 daily_rkhunter_check_enable="YES"
+daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
 
 ******************************************************************************
diff -ruN --exclude=CVS /usr/ports/security/rkhunter/pkg-plist /tmp/rkhunter/pkg-plist
--- /usr/ports/security/rkhunter/pkg-plist	2010-01-25 09:34:48.000000000 +0100
+++ /tmp/rkhunter/pkg-plist	2010-11-27 02:50:54.000000000 +0100
@@ -1,10 +1,9 @@
+@comment $FreeBSD$
 bin/rkhunter
 etc/periodic/security/415.rkhunter
 etc/rkhunter.conf
 lib/rkhunter/scripts/check_modules.pl
-lib/rkhunter/scripts/filehashmd5.pl
 lib/rkhunter/scripts/filehashsha.pl
-lib/rkhunter/scripts/filehashsha1.pl
 lib/rkhunter/scripts/readlink.sh
 lib/rkhunter/scripts/stat.pl
 var/lib/rkhunter/db/backdoorports.dat
@@ -16,16 +15,17 @@
 var/lib/rkhunter/db/mirrors.dat
 var/lib/rkhunter/db/programs_bad.dat
 var/lib/rkhunter/db/suspscan.dat
+@unexec rm -f %D/var/lib/rkhunter/db/rkhunter_prop_list.dat 2> /dev/null || true
 var/lib/rkhunter/tmp/group
 var/lib/rkhunter/tmp/passwd
-@dirrm var/lib/rkhunter/tmp
-@dirrm var/lib/rkhunter/db/i18n
 @dirrmtry etc/periodic/security
 @dirrmtry etc/periodic
+@dirrmtry share/doc/rkhunter
+@dirrm var/lib/rkhunter/tmp
+@dirrm var/lib/rkhunter/db/i18n
 @dirrm var/lib/rkhunter/db
 @dirrm var/lib/rkhunter
 @dirrm var/lib
 @dirrm var
-@dirrm share/doc/rkhunter-1.3.6
 @dirrm lib/rkhunter/scripts
 @dirrm lib/rkhunter
--- rkhunter-1.3.8.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: