From ohauer@gmx.de  Wed Nov 25 23:41:15 2009
Return-Path: <ohauer@gmx.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B61391065679
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 25 Nov 2009 23:41:15 +0000 (UTC)
	(envelope-from ohauer@gmx.de)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id C69908FC08
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 25 Nov 2009 23:41:14 +0000 (UTC)
Received: (qmail invoked by alias); 25 Nov 2009 23:41:12 -0000
Received: from u18-124.dsl.vianetworks.de (EHLO u18-124.dsl.vianetworks.de) [194.231.39.124]
  by mail.gmx.net (mp002) with SMTP; 26 Nov 2009 00:41:12 +0100
Received: by u18-124.dsl.vianetworks.de (Postfix, from userid 1100)
	id 149AD26145; Thu, 26 Nov 2009 00:41:05 +0100 (CET)
Message-Id: <20091125234106.149AD26145@u18-124.dsl.vianetworks.de>
Date: Thu, 26 Nov 2009 00:41:05 +0100 (CET)
From: olli hauer <ohauer@gmx.de>
Reply-To: olli hauer <ohauer@gmx.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: ohauer@gmx.de
Subject: [patch] port security/snortsam update to version 2.68
X-Send-Pr-Version: 3.113
X-GNATS-Notify: urisso@bsd.com.br

>Number:         140881
>Category:       ports
>Synopsis:       [patch] port security/snortsam update to version 2.68
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 25 23:50:01 UTC 2009
>Closed-Date:    Thu Dec 31 20:18:38 UTC 2009
>Last-Modified:  Thu Dec 31 20:20:04 UTC 2009
>Originator:     olli hauer <ohauer@gmx.de>
>Release:        FreeBSD 8.0-RELEASE amd64
>Organization:
>Environment:


>Description:
Update snortsam to version 2.68

Additional:
 use the Makefile instead makesnortsam.sh
 patches to make the pf2 plugin even more proof (will be included in next official release)
 some small patches to correct the pf2 documentation
 some small other patches we will see in the next release 

For more information see http://snortsam.net/news.html

If this patch is committed PR ports/139460 can be closed
Since PR ports/139460 is now open since 6 weeks I will be happy to take maintainership
if the old maintainer does not respond or has no time.
In this case please remove http://www.freebsdbrasil.com.br/~urisso/files/snortsam/
from MASTER_SITES.


I've made build and function test (mostly pf2 plugin) on this platforms
 FreeBSD 6.4 7.1 7.2 8.0 9.0 i386
 FreeBSD 7.2 8.0 amd64
 OpenBSD 4.5 4.6 i386
 NetBSD  5.0 (i386)

If the diff is mangled somewhere (~750 lines) contact me direct, I will send
the whole port or the patch as tar/gz .

--
olli hauer

>How-To-Repeat:
>Fix:
--- patch_snortsam-2.68.txt begins here ---
diff -Nru snortsam/Makefile snortsam/Makefile
--- snortsam/Makefile	2008-09-04 01:02:16.000000000 +0200
+++ snortsam/Makefile	2009-11-25 23:44:51.000000000 +0100
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	snortsam
-PORTVERSION=	2.60
+PORTVERSION=	2.68
 CATEGORIES=	security
 MASTER_SITES=	http://www.snortsam.net/files/snortsam/ \
 		http://www.freebsdbrasil.com.br/~urisso/files/snortsam/
@@ -15,53 +15,76 @@
 MAINTAINER=	urisso@bsd.com.br
 COMMENT=	SnortSam is a output plugin for Snort
 
-WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
+OPTIONS=	IPFW	"checks if configured tables are available" on \
+		SAMTOOL "install samtool" on \
+		DEBUG	"build with verbose messages" off
+
+.include <bsd.port.pre.mk>
 
+USE_RC_SUBR=	snortsam.sh
+SUB_FILES=	pkg-message
 HAS_CONFIGURE=	yes
 NO_BUILD=	yes
+CONFIGURE_SCRIPT=	src/Makefile
+WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
 
-SYSCONFDIR=	${PREFIX}/etc/snortsam
-
-CONFIGURE_SCRIPT=	makesnortsam.sh
-
-USE_RC_SUBR=	snortsam.sh
+CONFIG_DIR?=	${PREFIX}/etc/snortsam
 
 PLIST_DIRS=	etc/snortsam
-PLIST_FILES=	etc/snortsam/rootservers.cfg etc/snortsam/snortsam.conf.sample sbin/snortsam sbin/snortsam-debug
-PORTDOCS=	INSTALL README README.conf README.snmp_interface_down
+PLIST_FILES=	sbin/snortsam \
+		etc/snortsam/snortsam.conf.sample \
+		etc/snortsam/country-rootservers.conf.sample \
+		etc/snortsam/opsec.conf.sample \
+		etc/snortsam/rootservers.cfg.sample
 
-OPTIONS=	IPFW	"Enable IPFW table checking if it set deny rules" on
+.if defined(WITH_SAMTOOL)
+PLIST_FILES+=	sbin/samtool
+.endif
 
-.include <bsd.port.pre.mk>
+PORTDOCS=	AUTHORS BUGS CREDITS FAQ INSTALL LICENSE README README.ciscoacl \
+		README.conf README.iptables README.netscreen README.pf README.pf2 \
+		README.rules README.slackware README.snmp_interface_down README.wgrd \
+		README_8signs.rtf TODO
 
 .if defined(WITHOUT_IPFW)
-PATCH_SITES+=http://www.freebsdbrasil.com.br/~urisso/files/snortsam/:ipfw
-PATCHFILES+=ssp_ipfw2.c.diff:ipfw
+EXTRA_PATCHES+=	${FILESDIR}/ssp_ipfw2_no_table_check.patch
 .endif
 
-post-extract:
-	@${CAT} ${PATCHDIR}/pkg-message-snortsam
-	@sleep 5
+.if defined(WITH_DEBUG)
+DEBUG=-DDEBUG
+.endif
 
 pre-configure:
-	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/conf/snortsam.conf.sample
-	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/docs/README.conf
-	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/src/snortsam.c
-	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/contrib/snortsam-state.c
-	${CHMOD} +x ${WRKSRC}/makesnortsam.sh
+	@${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam/snortsam.conf|g' ${WRKSRC}/conf/snortsam.conf.sample
+	@${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam/snortsam.conf|g' ${WRKSRC}/docs/README.conf
+	@${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam/snortsam.conf|g' ${WRKSRC}/src/snortsam.h
+	@${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam/snortsam.conf|g' ${WRKSRC}/contrib/snortsam-state.c
+	@${CHMOD} +x ${WRKSRC}/makesnortsam.sh
+
+do-configure:
+	@cd ${WRKSRC}/src && ${MAKE} ${DEBUG}
+	@cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG}
 
+# no access to snortsam.conf and samtool for non root users!
 do-install:
-	${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
-	${INSTALL_PROGRAM} ${WRKSRC}/snortsam-debug ${PREFIX}/sbin
-	${MKDIR} ${SYSCONFDIR}
-	${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${SYSCONFDIR}/snortsam.conf.sample
-	${INSTALL_DATA} ${WRKSRC}/conf/*rootservers.cfg ${SYSCONFDIR}/
+	@${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
+.if defined(WITH_SAMTOOL)
+	@${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin
+.endif
+	@${MKDIR} ${CONFIG_DIR}
+	@${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample
+	@${INSTALL_DATA} ${WRKSRC}/conf/opsec.conf ${CONFIG_DIR}/opsec.conf.sample
+	@${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample
+	@${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample
 
 .if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
 .for f in ${PORTDOCS}
-	${MKDIR} ${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
+	@${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
 .endfor
 .endif
 
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
 .include <bsd.port.post.mk>
diff -Nru snortsam/distinfo snortsam/distinfo
--- snortsam/distinfo	2008-09-04 01:02:16.000000000 +0200
+++ snortsam/distinfo	2009-11-17 22:28:39.000000000 +0100
@@ -1,6 +1,3 @@
-MD5 (snortsam-src-2.60.tar.gz) = 5fdc69b18938237ac943beeb7f6c105a
-SHA256 (snortsam-src-2.60.tar.gz) = 65c44a91487f533f66291b1dd41f06237d21ba7c9e43a27d8784e2915c2771f4
-SIZE (snortsam-src-2.60.tar.gz) = 1982833
-MD5 (ssp_ipfw2.c.diff) = bcc60c6d27805db5d96c284189cefee8
-SHA256 (ssp_ipfw2.c.diff) = 29355590da907bb4c9f3e259c460c1c29d7a0e6cb201290ffc904c246c8ef3e4
-SIZE (ssp_ipfw2.c.diff) = 1193
+MD5 (snortsam-src-2.68.tar.gz) = b01996727132d61dec8d95416d8f9f00
+SHA256 (snortsam-src-2.68.tar.gz) = 19719455d1b84ea3354a9362ae8d812a2241a623150ae10a2c2df13596340e98
+SIZE (snortsam-src-2.68.tar.gz) = 1971299
diff -Nru snortsam/files/patch-conf__snortsam.conf.sample snortsam/files/patch-conf__snortsam.conf.sample
--- snortsam/files/patch-conf__snortsam.conf.sample	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-conf__snortsam.conf.sample	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,18 @@
+--- ./conf/snortsam.conf.sample.orig	2009-11-08 23:34:43.000000000 +0100
++++ ./conf/snortsam.conf.sample	2009-11-11 19:49:45.000000000 +0100
+@@ -629,13 +629,13 @@
+ # 
+ # 
+ # 
+-# pf2 <anchor> <table> <kill> <log>
++# pf2 <anchor> <table> <kill>
+ #
+ #   This plugin will use an ioctl syscall to control the pf device in order to
+ #   block the host by adding the IP into a pf table. Additional active pf
+ #   states to/from the host will be killed.
+ #
+-#   Example: pf2 anchor=snortsam table=block kill=all log=1
++#   Example: pf2 anchor=snortsam table=block kill=all
+ #
+ #
+ #
diff -Nru snortsam/files/patch-docs__README.conf snortsam/files/patch-docs__README.conf
--- snortsam/files/patch-docs__README.conf	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-docs__README.conf	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,18 @@
+--- ./docs/README.conf.orig	2009-11-08 23:34:05.000000000 +0100
++++ ./docs/README.conf	2009-11-10 09:49:27.000000000 +0100
+@@ -629,13 +629,13 @@
+ 
+ 
+ 
+-pf2 <anchor> <table> <kill> <log>
++pf2 <anchor> <table> <kill>
+ 
+    This plugin will use an ioctl syscall to control the pf device in order to
+    block the host by adding the host IP into a pf table. Additional active pf
+    states to/from the host will be killed.
+ 
+-   Example: pf2 anchor=snortsam table=block kill=all log=1
++   Example: pf2 anchor=snortsam table=block kill=all
+ 
+ 
+ 
diff -Nru snortsam/files/patch-docs__README.pf2 snortsam/files/patch-docs__README.pf2
--- snortsam/files/patch-docs__README.pf2	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-docs__README.pf2	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,50 @@
+--- ./docs/README.pf2.orig	2009-11-08 23:34:23.000000000 +0100
++++ ./docs/README.pf2	2009-11-11 22:28:15.000000000 +0100
+@@ -19,7 +19,7 @@
+ 
+ OpenBSD > 4.0
+ FreeBSD > 6.0 with pf support (as module or compiled into the kernel)
+-NetBSD ? with pf support
++NetBSD ? with pf support (tested on NetBSD 5.0 i386)
+ 
+ 
+ 3. Options.
+@@ -42,35 +42,26 @@
+ kill=[string] default: kill=all
+ 
+  Kill the pf states from/to the IP address we receive to block,
+- else existing connections stay alive. If log is enabled, the
+- number of killed states will be logged.
++ else existing connections stay alive.
+  Valid options are:
+    all : kill all states to/from the IP address
+    dir : kill only states alerted with the direction
+    no  : kill no states, (keep existing connections open)
+ 
+ 
+-log=0/1 default: log=0
+-
+- If a IP is added/removed from a table snortsam will log a message in the
+- file given with the logfile statement configured in snortsam.conf.
+-
+-
+ Example pf2 config lines in snortsam.cfg:
+ ------------------------------------------
+-1) pf2 anchor=snortsam table=block log=1
++1) pf2 anchor=snortsam table=block
+    - the tables blockin and blockout inside the anchor snortsam will be used.
+    - kill all existing pf states from/to the IP address.
+-   - log event to the file specified as logfile in snortsam config.
+ 
+ 2) pf2 anchor=notused table=badguy kill=dir
+    - the tables badguyin and badguyout outside any anchor will be used.
+    - kill only existing pf states in the received direction.
+ 
+-3) pf2 log=1 anchor=none kill=no
++3) pf2 anchor=none kill=no
+    - tables blockin and blockout outside any anchor will be used.
+    - no pf states will be killed.
+-   - log event to the file specified as logfile in snortsam config.
+ 
+ 
+ pf.conf for examples above:
diff -Nru snortsam/files/patch-makesnortsam.sh snortsam/files/patch-makesnortsam.sh
--- snortsam/files/patch-makesnortsam.sh	2008-09-04 01:02:16.000000000 +0200
+++ snortsam/files/patch-makesnortsam.sh	1970-01-01 01:00:00.000000000 +0100
@@ -1,13 +0,0 @@
---- makesnortsam.sh.old	2008-08-03 00:04:24.000000000 -0300
-+++ makesnortsam.sh	2008-08-03 00:04:57.000000000 -0300
-@@ -11,8 +11,8 @@
- #        Under Solaris, the OPSEC stuff is linked dynamically.
- #        On other platforms, statically.
- 
--BSDTHREADLIB='-lc_r'
--#BSDTHREADLIB='-lpthread'
-+#BSDTHREADLIB='-lc_r'
-+BSDTHREADLIB='-lpthread'
- 
- systype=`uname`
- 
diff -Nru snortsam/files/patch-snortsam.h snortsam/files/patch-snortsam.h
--- snortsam/files/patch-snortsam.h	2008-09-04 01:02:16.000000000 +0200
+++ snortsam/files/patch-snortsam.h	1970-01-01 01:00:00.000000000 +0100
@@ -1,16 +0,0 @@
---- src/snortsam.h.old	2008-08-03 00:08:34.000000000 -0300
-+++ src/snortsam.h	2008-08-03 00:10:58.000000000 -0300
-@@ -178,10 +178,10 @@
- #define safecopy(dst,src)		_safecp(dst,sizeof(dst),src)
- 
- #ifdef WIN32
--#define FWSAMCONFIGFILE			"snortsam.cfg"
--#define FWSAMHISTORYFILE			"snortsam.sta"
-+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.cfg"
-+#define FWSAMHISTORYFILE			"/var/db/snortsam.sta"
- #else
--#define FWSAMCONFIGFILE			"/etc/snortsam.conf"
-+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.conf"
- #define FWSAMHISTORYFILE			"/var/db/snortsam.state"  
- #endif
- 
diff -Nru snortsam/files/patch-src__Makefile snortsam/files/patch-src__Makefile
--- snortsam/files/patch-src__Makefile	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__Makefile	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,35 @@
+--- ./src/Makefile.orig	2009-10-14 02:33:45.000000000 +0200
++++ ./src/Makefile	2009-11-17 21:57:30.000000000 +0100
+@@ -16,6 +16,14 @@
+ # uncomment for OPSEC support
+ #OPSEC  = -opsec
+ 
++# OpenBSD only: Default is now the new pf2 plugin.
++# To build the old pf plugin uncomment PFPLUGIN
++#PFPLUGIN = -DUSE_SSP_PF
++
++.if defined(DEBUG)
++DEBUG = -DFWSAMDEBUG
++.endif
++
+ # generic plugins for all builds
+ SSP_GENERIC = ssp_fwexec.o ssp_ciscoacl.o ssp_cisco_nullroute.o ssp_email.o \
+ 	      ssp_opsec.o ssp_fwsam.o ssp_pix.o ssp_netscreen.o ssp_wgrd.o \
+@@ -38,7 +46,7 @@
+ SYSTYPE = `uname`
+ 
+ # OS specific flags
+-OBSD_CFLAGS   = -DBSD
++OBSD_CFLAGS   = -DBSD ${PFPLUGIN}
+ OBSD_LDFLAGS  = -lpthread
+ BSD_CFLAGS    = -DBSD
+ BSD_LDFLAGS   = -lpthread
+@@ -150,7 +158,7 @@
+ 	$(CC) $(LDFLAGS) -o ../$(PROG) $(OBJS)
+ 
+ clean:
+-	rm -f ../$(PROG) *.o
++	rm -f ../$(PROG) ../${SAMTOOL} *.o
+ 
+ $(SAMTOOL): samtool.o twofish.o
+ 	case "$(SYSTYPE)" in \
diff -Nru snortsam/files/patch-src__plugins.h snortsam/files/patch-src__plugins.h
--- snortsam/files/patch-src__plugins.h	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__plugins.h	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,30 @@
+--- ./src/plugins.h.orig	2009-11-08 23:52:16.000000000 +0100
++++ ./src/plugins.h	2009-11-15 22:19:21.000000000 +0100
+@@ -279,7 +279,8 @@
+ },
+ #endif
+ /* ------------------------------------------------------------ */
+-#if defined(OpenBSD)
++#ifdef USE_SSP_PF	
++#if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD)
+ /* PF Plugin */
+ {	NULL,
+ 	PFParse,
+@@ -294,7 +295,9 @@
+  	"3.5"
+ },
+ #endif
++#endif /* USE_SSP_PF */
+ /* ------------------------------------------------------------ */
++#ifndef USE_SSP_PF
+ #if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD)
+ /* PF2 Plugin */
+ {     NULL,
+@@ -310,6 +313,7 @@
+       "3.2"
+ },
+ #endif
++#endif  /* !USE_SSP_PF */
+ /* ------------------------------------------------------------ */
+ #ifdef FreeBSD
+ /* IPFW2 Plugin */
diff -Nru snortsam/files/patch-src__ssp_cisco_nullroute2.h snortsam/files/patch-src__ssp_cisco_nullroute2.h
--- snortsam/files/patch-src__ssp_cisco_nullroute2.h	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__ssp_cisco_nullroute2.h	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,16 @@
+--- ./src/ssp_cisco_nullroute2.h.orig	2009-10-14 02:33:45.000000000 +0200
++++ ./src/ssp_cisco_nullroute2.h	2009-11-15 23:51:34.000000000 +0100
+@@ -48,10 +48,9 @@
+ 
+ #define CNRPWLEN		50			/* Maximum password length */
+ #define CNRNETWAIT		20			/* Network timeout in sec */
+-#define RTAGVAL_LEN		10			/* Maximum length for route-tag */
+-#define RTAGVAL_MIN		1			/* Minimum value for route-tag */
+-#define RTAGVAL_MAX		4294967295		/* Maximum value for route-tag */
+-
++#define RTAGVAL_LEN		10UL			/* Maximum length for route-tag */
++#define RTAGVAL_MIN		1UL			/* Minimum value for route-tag */
++#define RTAGVAL_MAX		4294967295UL		/* Maximum value for route-tag */
+ 
+ typedef struct _cnr2data				/* List of Routers */
+ {	struct in_addr	ip;
diff -Nru snortsam/files/patch-src__ssp_pf.c snortsam/files/patch-src__ssp_pf.c
--- snortsam/files/patch-src__ssp_pf.c	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__ssp_pf.c	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,25 @@
+--- ./src/ssp_pf.c.orig	2009-11-08 23:38:48.000000000 +0100
++++ ./src/ssp_pf.c	2009-11-15 22:20:11.000000000 +0100
+@@ -34,10 +34,12 @@
+  * SnortSam will expire the blocks itself since PF does not have
+  * automatic time-out functionality.
+  *
+- * It Works on OpenBSD3_0, 3_1, 3_2, 3_3, 3_4 and FreeBSD-5.1.
++ * It Works on OpenBSD >= 3_3, and for FreeBSD >= 5.1.
++ * For newer *BSD versions use the PF2 plugin.
+  */
+ 
+-#ifdef OpenBSD
++#ifndef USE_SSP_PF
++#if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD)
+ 
+ #ifndef		__SSP_PF_C__
+ #define		__SSP_PF_C__
+@@ -636,5 +638,6 @@
+ 
+ #endif				/* __SSP_PF_C__ */
+ 
+-#endif                         /* OpenBSD */
++#endif                         /* OpenBSD || FreeBSD || NetBSD */
++#endif /* USE_SSP_PF */
+ 
diff -Nru snortsam/files/patch-src__ssp_pf.h snortsam/files/patch-src__ssp_pf.h
--- snortsam/files/patch-src__ssp_pf.h	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__ssp_pf.h	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,30 @@
+--- ./src/ssp_pf.h.orig	2009-11-08 23:38:48.000000000 +0100
++++ ./src/ssp_pf.h	2009-11-15 22:18:07.000000000 +0100
+@@ -35,7 +35,8 @@
+ */
+ 
+ 
+-#ifdef OpenBSD
++#ifndef USE_SSP_PF
++#if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD)
+ 
+ #ifndef		__SSP_PF_H__
+ #define		__SSP_PF_H__
+@@ -47,9 +48,6 @@
+ #include <net/pfvar.h>
+ #include <sys/param.h>
+ 
+-/* Making New Code the default now. Please remove define on OpenBSD older
+-   than 3_3. */
+-#define USENEWCODE
+ 
+ typedef struct _pfdata
+ {
+@@ -84,5 +82,5 @@
+ 
+ #endif /* __SSP_PF_H__ */
+ 
+-#endif /* OpenBSD */
+-
++#endif /* OpenBSD || FreeBSD || NetBSD */
++#endif /* USE_SSP_PF */
diff -Nru snortsam/files/patch-src__ssp_pf2.c snortsam/files/patch-src__ssp_pf2.c
--- snortsam/files/patch-src__ssp_pf2.c	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__ssp_pf2.c	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,258 @@
+--- ./src/ssp_pf2.c.orig	2009-11-08 23:38:48.000000000 +0100
++++ ./src/ssp_pf2.c	2009-11-15 22:17:50.000000000 +0100
+@@ -40,6 +40,7 @@
+  * simplify it and make it portable.
+  */
+ 
++#ifndef USE_SSP_PF
+ #if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD)
+ 
+ #ifndef		__SSP_PF2_C__
+@@ -107,6 +108,7 @@
+    PF2DATA        *pfp = NULL;
+    char           msg[STRBUFSIZE + 2];
+    char           tbuf[PF_TABLE_NAME_SIZE];
++   int            pfdev;
+    opt_pf2        options[3]={
+ 	{"anchor", "", 1},
+ 	{"table",  "", 1},
+@@ -119,12 +121,12 @@
+ 
+     PF2val_count += 1;
+     if (PF2val_count > 1) {
+-	snprintf(msg, sizeof(msg) - 1, "Error: [%s: %lu] line ignored ! More than one pf2 statements configured.", file, line);
++	snprintf(msg, sizeof(msg) - 1, "Info: [%s: %lu] line ignored ! More than one pf2 statements configured.", file, line);
+ 	logmessage(1, msg, "pf2", 0);
+ 	return;
+     }
+ 
+-   if (*val)
++   if (val != NULL && *val)
+      {
+ 	if(parse_opts(val, options, " \t", "=", (sizeof(options)/sizeof(opt_pf2)))<0)
+ 	  {
+@@ -157,8 +159,11 @@
+ 	     safecopy(pfp->anchorname, options[PF2_OPT_ANCHOR].v.value_s);	/* save anchorname */
+ 	     /* if PF2use_anchor == FALSE then tables from the main pf section will be used */
+ 	     if ((strncmp(options[PF2_OPT_ANCHOR].v.value_s, "notused", MAX_OPT_VALUE)==0) ||
+-		(strncmp(options[PF2_OPT_ANCHOR].v.value_s, "none", MAX_OPT_VALUE)==0))
++		(strncmp(options[PF2_OPT_ANCHOR].v.value_s, "none", MAX_OPT_VALUE)==0)) {
+ 		 PF2use_anchor = FALSE;
++		 /* If anchor is not used, wipe none/notused with zeros */
++		 bzero(&(pfp->anchorname), sizeof(pfp->anchorname));
++	     }
+ 	  }
+ 
+ 	/* Check Table */
+@@ -202,6 +207,30 @@
+ 	logmessage(1, msg, "pf2", 0);
+     }
+ 
++
++    /* check if we can open PFDEV, else disable the plugin */
++    pfdev = open(PFDEV, O_RDWR);
++    if (pfdev == -1) {
++	snprintf(msg, sizeof(msg) - 1, "Error: cannot open device \"%s\" ! PF2 Plugin disabled.", PFDEV);
++	logmessage(1, msg, "pf2", 0);
++	free(pfp);
++	plugindatalist->data=NULL;
++	return;
++    }
++
++    /*
++     * check if anchor and tables exist.
++     * We could disable the plugin if anchor/tables do not exist, but we will throw an error
++     * showing what is missing at start time and for every block/unblock request.
++     */
++    if(PF2use_anchor)
++	lookup_anchor(pfdev, pfp->anchorname);
++    lookup_table(pfdev, pfp->tablein,  pfp->anchorname);
++    lookup_table(pfdev, pfp->tableout, pfp->anchorname);
++
++    if(pfdev)
++	close(pfdev);
++
+ #ifdef FWSAMDEBUG
+     printf("Debug: [pf2] Adding PF: \n");
+     printf("\tanchor=%s\n\ttables=%s,%s\n\tkill=%s\n",
+@@ -258,7 +287,8 @@
+ 	/* open the pf device */
+ 	pfdev = open(PFDEV, O_RDWR);
+ 	if (pfdev == -1) {
+-		logmessage(1, "Error: cannot open packet filter device", "pf2", 0);
++		snprintf(msg, sizeof(msg) - 1, "Error: cannot open device %s", PFDEV);
++		logmessage(1, msg, "pf2", 0);
+ 		return;
+ 	}
+ 
+@@ -267,7 +297,7 @@
+ 	    return;
+ 	}
+ 
+-	if(!status.running) {
++	if (!status.running) {
+ 	    /* even pf is not enabled, we can add IP's to pf tables if they exist */
+ 	    logmessage(1, "Info: pf is not enabled", "pf2", 0);
+ 	}
+@@ -279,9 +309,11 @@
+ 		logmessage(3, msg, "pf2", 0);
+ 
+ 		if (tin)
++		    if ( lookup_table(pfdev, pfp->tablein, pfp->anchorname)==0 )
+ 			change_table(pfdev, 1, pfp->tablein, pfp->anchorname, ipsrc);
+ 
+ 		if (tout)
++		    if ( lookup_table(pfdev, pfp->tableout, pfp->anchorname)==0 )
+ 			change_table(pfdev, 1, pfp->tableout, pfp->anchorname, ipsrc);
+ 		
+ 		/* kill PF states after IP is placed in table */
+@@ -294,9 +326,11 @@
+ 		logmessage(3, msg, "pf2", 0);
+ 
+ 		if (tin)
++		    if ( lookup_table(pfdev, pfp->tablein, pfp->anchorname)==0 )
+ 			change_table(pfdev, 0, pfp->tablein, pfp->anchorname, ipsrc);
+ 
+ 		if (tout)
++		    if ( lookup_table(pfdev, pfp->tableout, pfp->anchorname)==0 )
+ 			change_table(pfdev, 0, pfp->tableout, pfp->anchorname, ipsrc);
+ 	}
+ 	close(pfdev);
+@@ -348,6 +382,7 @@
+ 	return (0);
+ }
+ 
++
+ /* Kill ipsrc state(s) from PF statefull table, so we can catch the IP with the
+  * configured tables. If states are not killed existing connections stay open as
+  * long they have a valid entry in the PF state.
+@@ -360,7 +395,7 @@
+     struct pf_addr pfa;
+     struct pfioc_state_kill psk;
+     sa_family_t saf;        /* stafe AF_INET family */
+-    int killed=0, killed_src=0, killed_dst=0;
++    unsigned long killed=0, killed_src=0, killed_dst=0;
+ 
+     bzero(&pfa, sizeof(pfa));
+     bzero(&psk, sizeof(psk));
+@@ -387,9 +422,13 @@
+ 	    logmessage(1, msg, "pf2", 0);
+ 	}
+ 	else {
++#if OpenBSD >= 200811 /* since OpenBSD4_4 killed states returned in psk_killed */
++	    killed_src += psk.psk_killed;
++#else
+ 	    killed_src += psk.psk_af;
++#endif
+ #ifdef FWSAMDEBUG
+-	    printf("Debug: [pf2] killed %d (tin) states for host %s\n", psk.psk_af, ipsrc);
++	    printf("Debug: [pf2] killed %lu (tin) states for host %s\n", killed_src, ipsrc);
+ #endif
+ 	}
+     psk.psk_af = saf; /* restore AF_INET */
+@@ -397,7 +436,7 @@
+ 
+     /* Kill all states to pfa */
+     if (tout || PF2_KILL_STATE_ALL) {
+-	bzero(&psk.psk_src, sizeof(psk.psk_src));  /* clear source address field set before for incomming */
++	bzero(&psk.psk_src, sizeof(psk.psk_src));  /* clear source address field (set before for incomming) */
+ 	memcpy(&psk.psk_dst.addr.v.a.addr, &pfa, sizeof(psk.psk_dst.addr.v.a.addr));
+ 	memset(&psk.psk_dst.addr.v.a.mask, 0xff, sizeof(psk.psk_dst.addr.v.a.mask));
+ 	if (ioctl(pfdev, DIOCKILLSTATES, &psk)) {
+@@ -405,22 +444,90 @@
+ 	    logmessage(1, msg, "pf2", 0);
+ 	}
+ 	else {
++#if OpenBSD >= 200811 /* since OpenBSD4_4 killed states returned in psk_killed */
++	    killed_dst += psk.psk_killed;
++#else
+ 	    killed_dst += psk.psk_af;
++#endif
+ #ifdef FWSAMDEBUG
+-	    printf("Debug: [pf2] killed %d (tout) states for host %s\n", psk.psk_af, ipsrc);
++	    printf("Debug: [pf2] killed %lu (tout) states for host %s\n", killed_dst, ipsrc);
+ #endif
+ 	}
+     }
+-    snprintf(msg, sizeof(msg) - 1, "Info: Blocking ip %s", ipsrc);
+-    logmessage(3, msg, "pf2", 0);
+ 
+-    snprintf(msg, sizeof(msg) - 1, "Info: Killed %d PF state(s) (in: %d, out: %d) for host %s",
+-	killed_src + killed_dst, killed_src, killed_dst, ipsrc);
+-    logmessage(3, msg, "pf2", 0);
++    if ((killed_src + killed_dst)>0) {
++	    snprintf(msg, sizeof(msg) - 1, "Info: Killed %lu PF state(s) (in: %lu, out: %lu) for host %s",
++		killed_src + killed_dst, killed_src, killed_dst, ipsrc);
++	    logmessage(3, msg, "pf2", 0);
++    }
+     return(0);
+ } /* pf2_kill_states */
+ 
++
++/* check if anchor exist */
++int
++lookup_anchor(int dev, const char *anchorname)
++{
++    struct pfioc_ruleset pr;
++    char   msg[STRBUFSIZE + 2];
++
++    bzero(&pr, sizeof(pr));
++    strlcpy(pr.path, anchorname, sizeof(pr.path));
++    if (ioctl(dev, DIOCGETRULESETS, &pr)) {
++        if (errno == EINVAL){
++            snprintf(msg, sizeof(msg) - 1, "Error: anchor \"%s\" not found", anchorname);
++            logmessage(1, msg, "pf2", 0);
++            return (-1);
++        }
++    }
++#ifdef FWSAMDEBUG
++    printf("Debug: [pf2] lookup_anchor: found anchor %s\n", anchorname);
++#endif
++    return (0);
++}
++
++
++/* check if table exist */
++int
++lookup_table(int dev, const char *tablename, const char *anchorname)
++{
++    struct pfioc_table io;
++    struct pfr_table table;
++    struct pfr_addr pfa;
++    char   msg[STRBUFSIZE + 2];
++
++    if (strlen(tablename) == 0)
++        return(-1);
++
++    bzero(&io, sizeof(io));
++    bzero(&table, sizeof(table));
++    bzero(&pfa, sizeof(pfa));
++
++    strlcpy(table.pfrt_anchor, anchorname, sizeof(table.pfrt_anchor));
++    strlcpy(table.pfrt_name, tablename, sizeof(table.pfrt_name));
++
++    io.pfrio_table = table;
++    io.pfrio_esize = sizeof(pfa);
++
++#ifdef FWSAMDEBUG
++    printf("Debug: [pf2] lookup_table: anchor=%s table=%s\n", io.pfrio_table.pfrt_anchor, io.pfrio_table.pfrt_name);
++#endif
++
++    if (ioctl(dev, DIOCRGETADDRS, &io)) {
++        snprintf(msg, sizeof(msg) - 1, "Error: table \"%s\" not found, anchor=%s table=%s",
++            io.pfrio_table.pfrt_name, io.pfrio_table.pfrt_anchor, io.pfrio_table.pfrt_name);
++        logmessage(1, msg, "pf2", 0);
++        return(-1);
++    }
++
++#ifdef FWSAMDEBUG
++    printf("Debug: [pf2] table \"%s\" contains [%d] entries\n", io.pfrio_table.pfrt_name, io.pfrio_size);
++#endif
++    return(0);
++}
++
+ #endif				/* __SSP_PF2_C__ */
+ 
+ #endif /* OpenBSD || FreeBSD || NetBSD */
++#endif /* !USE_SSP_PF */
+ /* vim: set ts=8 sw=4: */
diff -Nru snortsam/files/patch-src__ssp_pf2.h snortsam/files/patch-src__ssp_pf2.h
--- snortsam/files/patch-src__ssp_pf2.h	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/patch-src__ssp_pf2.h	2009-11-17 22:14:19.000000000 +0100
@@ -0,0 +1,24 @@
+--- ./src/ssp_pf2.h.orig	2009-11-08 23:38:48.000000000 +0100
++++ ./src/ssp_pf2.h	2009-11-15 22:18:34.000000000 +0100
+@@ -35,6 +35,7 @@
+  *
+  */
+ 
++#ifndef USE_SSP_PF
+ #if defined(OpenBSD) || defined(FreeBSD) || defined(NetBSD)
+ 
+ #ifndef		__SSP_PF2_H__
+@@ -77,9 +78,11 @@
+ 
+ void PF2Parse(char *,char *,unsigned long,DATALIST *);
+ void PF2Block(BLOCKINFO *, void *,unsigned long);
+-int pf2_kill_states(int, const char *, int, int );
++int pf2_kill_states(int, const char *, int, int);
++int lookup_anchor(int, const char *);
++int lookup_table(int, const char *, const char *);
+ 
+ #endif /* __SSP_PF2_H__ */
+ 
+ #endif /* OpenBSD || FreeBSD || NetBSD */
+-
++#endif /* !USE_SSP_PF */
diff -Nru snortsam/files/pkg-message-snortsam snortsam/files/pkg-message-snortsam
--- snortsam/files/pkg-message-snortsam	2008-09-04 01:02:16.000000000 +0200
+++ snortsam/files/pkg-message-snortsam	1970-01-01 01:00:00.000000000 +0100
@@ -1,10 +0,0 @@
-
-============================================================
-NOTE:	Make sure that your SNORT installation it is defined
-	output plugin SNORTSAM for don't cause errors while
-	building SNORTSAM system. If exists some OLD SNORT
-	installation WITHOUT supports for interaction between
-	SNORT and SNORTSAM. PLEASE reconfigure WITH that this
-	feature and rebuild a new installation.
-=============================================================
-
diff -Nru snortsam/files/pkg-message.in snortsam/files/pkg-message.in
--- snortsam/files/pkg-message.in	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/pkg-message.in	2009-11-25 23:03:27.000000000 +0100
@@ -0,0 +1,16 @@
+================================================================
+NOTE:   SNORT have to be build with OPTION SNORTSAM.
+
+	To enable snortsam as output plugin for snort a config
+	line like the follwing shoud be present in snort.conf
+
+	  output alert_fwsam: <snortsambox>:<port>/<password>
+
+	With samtool it is possible to send alerts to snortsam,
+	this way you can adjust and test your FW rules.
+
+        For more information read the INSTALL, FAQ and
+        README files in %%DOCSDIR%%
+
+==============================================================
+
diff -Nru snortsam/files/ssp_ipfw2_no_table_check.patch snortsam/files/ssp_ipfw2_no_table_check.patch
--- snortsam/files/ssp_ipfw2_no_table_check.patch	1970-01-01 01:00:00.000000000 +0100
+++ snortsam/files/ssp_ipfw2_no_table_check.patch	2009-11-25 20:43:36.000000000 +0100
@@ -0,0 +1,18 @@
+--- src/ssp_ipfw2.c.orig	2008-04-26 21:53:21.000000000 +0200
++++ src/ssp_ipfw2.c	2009-11-14 22:03:41.000000000 +0100
+@@ -91,6 +91,7 @@
+ 				}
+ 			}
+ 		}
++#if defined(ENABLE_IPFW_TABLE_CHECK)
+ 		/* Check if inbound table exists */
+ 		snprintf(chk,sizeof(chk)-1,"/sbin/ipfw show | grep -q \"deny ip from any to table(%u) via %s\"",ipfw2p->in_table,ipfw2p->interface);
+ 		if(system(chk))
+@@ -110,6 +111,7 @@
+ 			}
+ 		}
+ 				
++#endif	/* ENABLE_IPFW_TABLE_CHECK */
+ #ifdef FWSAMDEBUG
+ 		if(plugindatalist->data)
+ 			printf("Debug: [ipfw2] Adding IPFW2: i/f '%s', tables %u (in) and %u (out)\n", ipfw2p->interface, ipfw2p->in_table,ipfw2p->out_table);
diff -Nru snortsam/pkg-descr snortsam/pkg-descr
--- snortsam/pkg-descr	2008-09-04 01:02:16.000000000 +0200
+++ snortsam/pkg-descr	2009-11-25 21:22:51.000000000 +0100
@@ -1,5 +1,6 @@
-SnortSam is a plugin for Snort, an open-source light-weight
-Intrusion Detection System (IDS). The plugin allows for
-automated blocking of IP addresses on many firewalls.
+SnortSam is an intelligent agent that allows the popular
+open-source Intrusion Detection System called Snort to block
+intruding connections by reconfiguration of many firewalls
+and Cisco devices.
 
 WWW: http://www.snortsam.net
--- patch_snortsam-2.68.txt ends here ---
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Wed Nov 25 23:50:12 UTC 2009 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140881 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: urisso@bsd.com.br
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/140881: [patch] port security/snortsam update to version 2.68
Date: Wed, 25 Nov 2009 23:50:10 UT

 Maintainer of security/snortsam,
 
 Please note that PR ports/140881 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/140881
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: olli hauer <ohauer@gmx.de>
To: bug-followup@FreeBSD.org, ohauer@gmx.de
Cc: ohauer@gmx.de
Subject: Re: ports/140881: [patch] port security/snortsam update to version 2.68
Date: Fri, 27 Nov 2009 16:37:09 +0100 (CET)

 Snortsam was updated with my patches, so please use this
 version instead.
 
 The new patch updates snortsam to version 2.69
 
 
 --
 olli hauer
 
 --- patch_snortsam-2.69.txt begins here ---
 --- snortsam/Makefile	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/Makefile	2009-11-27 15:18:21.000000000 +0100
 @@ -6,7 +6,7 @@
  #
  
  PORTNAME=	snortsam
 -PORTVERSION=	2.60
 +PORTVERSION=	2.69
  CATEGORIES=	security
  MASTER_SITES=	http://www.snortsam.net/files/snortsam/ \
  		http://www.freebsdbrasil.com.br/~urisso/files/snortsam/
 @@ -15,53 +15,76 @@
  MAINTAINER=	urisso@bsd.com.br
  COMMENT=	SnortSam is a output plugin for Snort
  
 -WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
 +OPTIONS=	IPFW	"checks if configured tables are available" on \
 +		SAMTOOL "install samtool" on \
 +		DEBUG	"build with verbose messages" off
 +
 +.include <bsd.port.pre.mk>
  
 +USE_RC_SUBR=	snortsam.sh
 +SUB_FILES=	pkg-message
  HAS_CONFIGURE=	yes
  NO_BUILD=	yes
 +CONFIGURE_SCRIPT=	src/Makefile
 +WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
  
 -SYSCONFDIR=	${PREFIX}/etc/snortsam
 -
 -CONFIGURE_SCRIPT=	makesnortsam.sh
 -
 -USE_RC_SUBR=	snortsam.sh
 +CONFIG_DIR?=	${PREFIX}/etc/snortsam
  
  PLIST_DIRS=	etc/snortsam
 -PLIST_FILES=	etc/snortsam/rootservers.cfg etc/snortsam/snortsam.conf.sample sbin/snortsam sbin/snortsam-debug
 -PORTDOCS=	INSTALL README README.conf README.snmp_interface_down
 +PLIST_FILES=	sbin/snortsam \
 +		etc/snortsam/snortsam.conf.sample \
 +		etc/snortsam/country-rootservers.conf.sample \
 +		etc/snortsam/opsec.conf.sample \
 +		etc/snortsam/rootservers.cfg.sample
  
 -OPTIONS=	IPFW	"Enable IPFW table checking if it set deny rules" on
 +.if defined(WITH_SAMTOOL)
 +PLIST_FILES+=	sbin/samtool
 +.endif
  
 -.include <bsd.port.pre.mk>
 +PORTDOCS=	AUTHORS BUGS CREDITS FAQ INSTALL LICENSE README README.ciscoacl \
 +		README.conf README.iptables README.netscreen README.pf README.pf2 \
 +		README.rules README.slackware README.snmp_interface_down README.wgrd \
 +		README_8signs.rtf TODO
  
  .if defined(WITHOUT_IPFW)
 -PATCH_SITES+=http://www.freebsdbrasil.com.br/~urisso/files/snortsam/:ipfw
 -PATCHFILES+=ssp_ipfw2.c.diff:ipfw
 +EXTRA_PATCHES+=	${FILESDIR}/ssp_ipfw2_no_table_check.patch
  .endif
  
 -post-extract:
 -	@${CAT} ${PATCHDIR}/pkg-message-snortsam
 -	@sleep 5
 +.if defined(WITH_DEBUG)
 +DEBUG=-DDEBUG
 +.endif
  
  pre-configure:
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/conf/snortsam.conf.sample
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/docs/README.conf
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/src/snortsam.c
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/contrib/snortsam-state.c
 -	${CHMOD} +x ${WRKSRC}/makesnortsam.sh
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c
 +	@${CHMOD} +x ${WRKSRC}/makesnortsam.sh
 +
 +do-configure:
 +	@cd ${WRKSRC}/src && ${MAKE} ${DEBUG}
 +	@cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG}
  
 +# no access to snortsam.conf and samtool for non root users!
  do-install:
 -	${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
 -	${INSTALL_PROGRAM} ${WRKSRC}/snortsam-debug ${PREFIX}/sbin
 -	${MKDIR} ${SYSCONFDIR}
 -	${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${SYSCONFDIR}/snortsam.conf.sample
 -	${INSTALL_DATA} ${WRKSRC}/conf/*rootservers.cfg ${SYSCONFDIR}/
 +	@${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
 +.if defined(WITH_SAMTOOL)
 +	@${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin
 +.endif
 +	@${MKDIR} ${CONFIG_DIR}
 +	@${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/opsec.conf ${CONFIG_DIR}/opsec.conf.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample
  
  .if !defined(NOPORTDOCS)
 +	@${MKDIR} ${DOCSDIR}
  .for f in ${PORTDOCS}
 -	${MKDIR} ${DOCSDIR}
 -	${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
 +	@${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
  .endfor
  .endif
  
 +post-install:
 +	@${CAT} ${PKGMESSAGE}
 +
  .include <bsd.port.post.mk>
 --- snortsam/distinfo	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/distinfo	2009-11-27 15:19:59.000000000 +0100
 @@ -1,6 +1,3 @@
 -MD5 (snortsam-src-2.60.tar.gz) = 5fdc69b18938237ac943beeb7f6c105a
 -SHA256 (snortsam-src-2.60.tar.gz) = 65c44a91487f533f66291b1dd41f06237d21ba7c9e43a27d8784e2915c2771f4
 -SIZE (snortsam-src-2.60.tar.gz) = 1982833
 -MD5 (ssp_ipfw2.c.diff) = bcc60c6d27805db5d96c284189cefee8
 -SHA256 (ssp_ipfw2.c.diff) = 29355590da907bb4c9f3e259c460c1c29d7a0e6cb201290ffc904c246c8ef3e4
 -SIZE (ssp_ipfw2.c.diff) = 1193
 +MD5 (snortsam-src-2.69.tar.gz) = 7663ce82956a97c5f725028716d66140
 +SHA256 (snortsam-src-2.69.tar.gz) = eb0dc0ebd65b6d15e3adabd7be2720221005683eefb7ca5986b9ca0284d55f92
 +SIZE (snortsam-src-2.69.tar.gz) = 1971579
 --- snortsam/files/patch-makesnortsam.sh	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/files/patch-makesnortsam.sh	1970-01-01 01:00:00.000000000 +0100
 @@ -1,13 +0,0 @@
 ---- makesnortsam.sh.old	2008-08-03 00:04:24.000000000 -0300
 -+++ makesnortsam.sh	2008-08-03 00:04:57.000000000 -0300
 -@@ -11,8 +11,8 @@
 - #        Under Solaris, the OPSEC stuff is linked dynamically.
 - #        On other platforms, statically.
 - 
 --BSDTHREADLIB='-lc_r'
 --#BSDTHREADLIB='-lpthread'
 -+#BSDTHREADLIB='-lc_r'
 -+BSDTHREADLIB='-lpthread'
 - 
 - systype=`uname`
 - 
 --- snortsam/files/patch-snortsam.h	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/files/patch-snortsam.h	1970-01-01 01:00:00.000000000 +0100
 @@ -1,16 +0,0 @@
 ---- src/snortsam.h.old	2008-08-03 00:08:34.000000000 -0300
 -+++ src/snortsam.h	2008-08-03 00:10:58.000000000 -0300
 -@@ -178,10 +178,10 @@
 - #define safecopy(dst,src)		_safecp(dst,sizeof(dst),src)
 - 
 - #ifdef WIN32
 --#define FWSAMCONFIGFILE			"snortsam.cfg"
 --#define FWSAMHISTORYFILE			"snortsam.sta"
 -+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.cfg"
 -+#define FWSAMHISTORYFILE			"/var/db/snortsam.sta"
 - #else
 --#define FWSAMCONFIGFILE			"/etc/snortsam.conf"
 -+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.conf"
 - #define FWSAMHISTORYFILE			"/var/db/snortsam.state"  
 - #endif
 - 
 --- snortsam/files/pkg-message-snortsam	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/files/pkg-message-snortsam	1970-01-01 01:00:00.000000000 +0100
 @@ -1,10 +0,0 @@
 -
 -============================================================
 -NOTE:	Make sure that your SNORT installation it is defined
 -	output plugin SNORTSAM for don't cause errors while
 -	building SNORTSAM system. If exists some OLD SNORT
 -	installation WITHOUT supports for interaction between
 -	SNORT and SNORTSAM. PLEASE reconfigure WITH that this
 -	feature and rebuild a new installation.
 -=============================================================
 -
 --- snortsam/files/pkg-message.in	1970-01-01 01:00:00.000000000 +0100
 +++ snortsam/files/pkg-message.in	2009-11-27 15:33:53.000000000 +0100
 @@ -0,0 +1,18 @@
 +================================================================
 +NOTE:   SNORT have to be build with OPTION SNORTSAM.
 +
 +	To enable snortsam as output plugin for snort a config
 +	line like the following should be present in snort.conf
 +
 +	  output alert_fwsam: <snortsambox>:<port>/<password>
 +
 +	With samtool it is possible to send alerts to snortsam,
 +	this way you can test and adjust your FW rules.
 +
 +        For more information read the INSTALL, FAQ, README 
 +        files in %%DOCSDIR%%
 +
 +        Additional consolidate http://snortsam.net
 +
 +==============================================================
 +
 --- snortsam/files/ssp_ipfw2_no_table_check.patch	1970-01-01 01:00:00.000000000 +0100
 +++ snortsam/files/ssp_ipfw2_no_table_check.patch	2009-11-25 23:53:50.000000000 +0100
 @@ -0,0 +1,18 @@
 +--- src/ssp_ipfw2.c.orig	2008-04-26 21:53:21.000000000 +0200
 ++++ src/ssp_ipfw2.c	2009-11-14 22:03:41.000000000 +0100
 +@@ -91,6 +91,7 @@
 + 				}
 + 			}
 + 		}
 ++#if defined(ENABLE_IPFW_TABLE_CHECK)
 + 		/* Check if inbound table exists */
 + 		snprintf(chk,sizeof(chk)-1,"/sbin/ipfw show | grep -q \"deny ip from any to table(%u) via %s\"",ipfw2p->in_table,ipfw2p->interface);
 + 		if(system(chk))
 +@@ -110,6 +111,7 @@
 + 			}
 + 		}
 + 				
 ++#endif	/* ENABLE_IPFW_TABLE_CHECK */
 + #ifdef FWSAMDEBUG
 + 		if(plugindatalist->data)
 + 			printf("Debug: [ipfw2] Adding IPFW2: i/f '%s', tables %u (in) and %u (out)\n", ipfw2p->interface, ipfw2p->in_table,ipfw2p->out_table);
 --- snortsam/pkg-descr	2008-09-04 01:02:16.000000000 +0200
 +++ snortsam/pkg-descr	2009-11-25 23:53:50.000000000 +0100
 @@ -1,5 +1,6 @@
 -SnortSam is a plugin for Snort, an open-source light-weight
 -Intrusion Detection System (IDS). The plugin allows for
 -automated blocking of IP addresses on many firewalls.
 +SnortSam is an intelligent agent that allows the popular
 +open-source Intrusion Detection System called Snort to block
 +intruding connections by reconfiguration of many firewalls
 +and Cisco devices.
  
  WWW: http://www.snortsam.net
 --- patch_snortsam-2.69.txt ends here ---

From: olli hauer <ohauer@gmx.de>
To: bug-followup@FreeBSD.org, ohauer@gmx.de
Cc: ohauer@gmx.de
Subject: Re: ports/140881: [patch] port security/snortsam update to version 2.68
Date: Fri, 25 Dec 2009 22:20:43 +0100 (CET)

 This patch updates snortsam from version 2.63 to version 2.69
 
 Since the snortsam config files/directory contains sensitive
 data like passwords for FW/routers ... the config file is moved
 to a own config directory and the mode of this directory is set 
 to 700 with owner root:wheel
 
 If the Maintainer times out I will be happy to take over the port,
 since I rewrote the ssp_pf(2) modules and buildscripts (upstream).
 
 --
 olli hauer
 
 --- patch_snortsam-2.69_v2.txt begins here ---
 --- snortsam/Makefile
 +++ snortsam/Makefile
 @@ -6,62 +6,85 @@
  #
  
  PORTNAME=	snortsam
 -PORTVERSION=	2.63
 +PORTVERSION=	2.69
  CATEGORIES=	security
 -MASTER_SITES=	http://www.snortsam.net/files/snortsam/ \
 -		http://www.freebsdbrasil.com.br/~urisso/files/snortsam/
 +MASTER_SITES=	http://www.snortsam.net/files/snortsam/
  DISTNAME=	${PORTNAME}-src-${PORTVERSION}
  
  MAINTAINER=	urisso@bsd.com.br
  COMMENT=	SnortSam is a output plugin for Snort
  
 -WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
 +OPTIONS=	IPFW	"checks if configured tables are available" on \
 +		SAMTOOL "install samtool" on \
 +		DEBUG	"build with verbose messages" off
  
 -HAS_CONFIGURE=	yes
 -NO_BUILD=	yes
 +.include <bsd.port.pre.mk>
  
 -SYSCONFDIR=	${PREFIX}/etc/snortsam
 +USE_RC_SUBR=	snortsam.sh
 +SUB_FILES=	pkg-message \
 +		pkg-install
  
 -CONFIGURE_SCRIPT=	makesnortsam.sh
 +HAS_CONFIGURE=	yes
 +NO_BUILD=	yes
 +CONFIGURE_SCRIPT=	src/Makefile
 +WRKSRC=		${WRKDIR}/${PKGNAMEPREFIX}${PORTNAME}
  
 -USE_RC_SUBR=	snortsam.sh
 +CONFIG_DIR?=	${PREFIX}/etc/snortsam
  
  PLIST_DIRS=	etc/snortsam
 -PLIST_FILES=	etc/snortsam/rootservers.cfg etc/snortsam/snortsam.conf.sample sbin/snortsam sbin/snortsam-debug
 -PORTDOCS=	INSTALL README README.conf README.snmp_interface_down
 +PLIST_FILES=	sbin/snortsam \
 +		etc/snortsam/snortsam.conf.sample \
 +		etc/snortsam/country-rootservers.conf.sample \
 +		etc/snortsam/rootservers.cfg.sample
  
 -OPTIONS=	IPFW	"Enable IPFW table checking if it set deny rules" on
 +.if defined(WITH_SAMTOOL)
 +PLIST_FILES+=	sbin/samtool
 +.endif
  
 -.include <bsd.port.pre.mk>
 +PORTDOCS=	AUTHORS BUGS CREDITS FAQ INSTALL LICENSE README README.ciscoacl \
 +		README.conf README.iptables README.netscreen README.pf README.pf2 \
 +		README.rules README.slackware README.snmp_interface_down README.wgrd \
 +		README_8signs.rtf TODO
  
  .if defined(WITHOUT_IPFW)
 -PATCH_SITES+=http://www.freebsdbrasil.com.br/~urisso/files/snortsam/:ipfw
 -PATCHFILES+=ssp_ipfw2.c.diff:ipfw
 +EXTRA_PATCHES+=	${FILESDIR}/ssp_ipfw2_no_table_check.patch
  .endif
  
 -post-extract:
 -	@${CAT} ${PATCHDIR}/pkg-message-snortsam
 -	@sleep 5
 +.if defined(WITH_DEBUG)
 +DEBUG=-DDEBUG
 +.endif
  
  pre-configure:
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/conf/snortsam.conf.sample
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/docs/README.conf
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/src/snortsam.c
 -	${REINPLACE_CMD} -e 's|/etc/snortsam.conf|/usr/local/etc/snortsam.conf|g' ${WRKSRC}/contrib/snortsam-state.c
 -	${CHMOD} +x ${WRKSRC}/makesnortsam.sh
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h
 +	@${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c
 +	@${CHMOD} +x ${WRKSRC}/makesnortsam.sh
 +
 +do-configure:
 +	@cd ${WRKSRC}/src && ${MAKE} ${DEBUG}
 +	@cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG}
  
 +# no access to snortsam.conf and samtool for non root users!
  do-install:
 -	${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
 -	${INSTALL_PROGRAM} ${WRKSRC}/snortsam-debug ${PREFIX}/sbin
 -	${MKDIR} ${SYSCONFDIR}
 -	${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${SYSCONFDIR}/snortsam.conf.sample
 -	${INSTALL_DATA} ${WRKSRC}/conf/*rootservers.cfg ${SYSCONFDIR}/
 +	@${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin
 +.if defined(WITH_SAMTOOL)
 +	@${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin
 +.endif
 +	@${MKDIR} -m 700 ${CONFIG_DIR}
 +	@${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample
 +	@${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample
  
  .if !defined(NOPORTDOCS)
 +	@${MKDIR} ${DOCSDIR}
  .for f in ${PORTDOCS}
 -	${MKDIR} ${DOCSDIR}
 -	${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
 +	@${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR}
  .endfor
  .endif
  
 +post-install:
 +	@${SH} ${PKGINSTALL} ${DISTNAME} POST-INSTALL
 +	@${CAT} ${PKGMESSAGE}
 +
  .include <bsd.port.post.mk>
 --- snortsam/distinfo
 +++ snortsam/distinfo
 @@ -1,3 +1,3 @@
 -MD5 (snortsam-src-2.63.tar.gz) = d74f5e744358bc9da85ad9d4fb393f76
 -SHA256 (snortsam-src-2.63.tar.gz) = f56208e2cba56c55bb97c09582b71e3d9c1c05c551df2cc59f493910e9f403a3
 -SIZE (snortsam-src-2.63.tar.gz) = 1967776
 +MD5 (snortsam-src-2.69.tar.gz) = 7663ce82956a97c5f725028716d66140
 +SHA256 (snortsam-src-2.69.tar.gz) = eb0dc0ebd65b6d15e3adabd7be2720221005683eefb7ca5986b9ca0284d55f92
 +SIZE (snortsam-src-2.69.tar.gz) = 1971579
 --- snortsam/files/patch-snortsam.h
 +++ snortsam/files/patch-snortsam.h
 @@ -1,16 +0,0 @@
 ---- src/snortsam.h.old	2008-08-03 00:08:34.000000000 -0300
 -+++ src/snortsam.h	2008-08-03 00:10:58.000000000 -0300
 -@@ -178,10 +178,10 @@
 - #define safecopy(dst,src)		_safecp(dst,sizeof(dst),src)
 - 
 - #ifdef WIN32
 --#define FWSAMCONFIGFILE			"snortsam.cfg"
 --#define FWSAMHISTORYFILE			"snortsam.sta"
 -+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.cfg"
 -+#define FWSAMHISTORYFILE			"/var/db/snortsam.sta"
 - #else
 --#define FWSAMCONFIGFILE			"/etc/snortsam.conf"
 -+#define FWSAMCONFIGFILE			"/usr/local/etc/snortsam.conf"
 - #define FWSAMHISTORYFILE			"/var/db/snortsam.state"  
 - #endif
 - 
 --- snortsam/files/pkg-install.in
 +++ snortsam/files/pkg-install.in
 @@ -0,0 +1,17 @@
 +#!/bin/sh
 +#
 +# $FreeBSD$
 +
 +ETCDIR=${ETCDIR:=%%ETCDIR%%}
 +
 +# snortsam config file contain sensitive data like 
 +# passwords needed to block IP's on the firewalls.
 +# Set permission of the config dir to 700 so only
 +# root:wheel can access this directory.
 +if [ "$2" = "POST-INSTALL" ]; then
 +    if [ -d ${ETCDIR} ]; then
 +        /usr/sbin/chown root:wheel ${ETCDIR}
 +        /bin/chmod 700 ${ETCDIR}
 +    fi
 +fi
 +
 --- snortsam/files/pkg-message-snortsam
 +++ snortsam/files/pkg-message-snortsam
 @@ -1,10 +0,0 @@
 -
 -============================================================
 -NOTE:	Make sure that your SNORT installation it is defined
 -	output plugin SNORTSAM for don't cause errors while
 -	building SNORTSAM system. If exists some OLD SNORT
 -	installation WITHOUT supports for interaction between
 -	SNORT and SNORTSAM. PLEASE reconfigure WITH that this
 -	feature and rebuild a new installation.
 -=============================================================
 -
 --- snortsam/files/pkg-message.in
 +++ snortsam/files/pkg-message.in
 @@ -0,0 +1,18 @@
 +================================================================
 +NOTE:   SNORT have to be build with OPTION SNORTSAM.
 +
 +	To enable snortsam as output plugin for snort a config
 +	line like the following should be present in snort.conf
 +
 +	  output alert_fwsam: <snortsambox>:<port>/<password>
 +
 +	With samtool it is possible to send alerts to snortsam,
 +	this way you can test and adjust your FW rules.
 +
 +        For more information read the INSTALL, FAQ, README 
 +        files in %%DOCSDIR%%
 +
 +        Additional consolidate http://snortsam.net
 +
 +==============================================================
 +
 --- snortsam/files/snortsam.sh.in
 +++ snortsam/files/snortsam.sh.in
 @@ -1,31 +1,30 @@
  #!/bin/sh
 -# $FreeBSD:
 +# $FreeBSD$
  
  # PROVIDE: snortsam
  # REQUIRE: DAEMON
 -# BEFORE: LOGIN
 +# BEFORE:  LOGIN
  # KEYWORD: shutdown
  
 -# Add the following lines to /etc/rc.conf to enable snortsam:
 -# snortsam_enable (bool):		Set to YES to enable snortsam
 -# 				Default: NO
 -# snortsam_flags (str):		Extra flags passed to snortsam
 -#				Default: ""
 -# snortsam_conf (str):		Snortsam configuration file
 -#				Default: ${PREFIX}/etc/snortsam/snortsam.conf
  #
 -
 +# Add the following line to /etc/rc.conf to enable snortsam:
 +#
 +#  snortsam_enable="YES"
 +#
 +#  # optional Snortsam configuration file:
 +#  snortsam_conf="%%ETCDIR%%/snortsam.conf"
 +#
 +# DO NOT CHANGE THE DEFAULT VALUES HERE
 +#
  . %%RC_SUBR%%
  
  name="snortsam"
  rcvar=`set_rcvar`
 +load_rc_config snortsam
  
 +# defaults
  command="%%PREFIX%%/sbin/snortsam"
 -
 -load_rc_config $name
 -
 -[ -z "$snortsam_enable" ]    && snortsam_enable="NO"
 -[ -z "$snortsam_conf" ]      && snortsam_conf="%%PREFIX%%/etc/snortsam/snortsam.conf"
 -[ -n "$snortsam_conf" ]      && snortsam_flags="$snortsam_flags $snortsam_conf"
 +snortsam_enable=${snortsam_enable:-"NO"}
 +snortsam_flags=${snortsam_conf:-"%%ETCDIR%%/snortsam.conf"}
  
  run_rc_command "$1"
 --- snortsam/files/ssp_ipfw2_no_table_check.patch
 +++ snortsam/files/ssp_ipfw2_no_table_check.patch
 @@ -0,0 +1,18 @@
 +--- src/ssp_ipfw2.c.orig	2008-04-26 21:53:21.000000000 +0200
 ++++ src/ssp_ipfw2.c	2009-11-14 22:03:41.000000000 +0100
 +@@ -91,6 +91,7 @@
 + 				}
 + 			}
 + 		}
 ++#if defined(ENABLE_IPFW_TABLE_CHECK)
 + 		/* Check if inbound table exists */
 + 		snprintf(chk,sizeof(chk)-1,"/sbin/ipfw show | grep -q \"deny ip from any to table(%u) via %s\"",ipfw2p->in_table,ipfw2p->interface);
 + 		if(system(chk))
 +@@ -110,6 +111,7 @@
 + 			}
 + 		}
 + 				
 ++#endif	/* ENABLE_IPFW_TABLE_CHECK */
 + #ifdef FWSAMDEBUG
 + 		if(plugindatalist->data)
 + 			printf("Debug: [ipfw2] Adding IPFW2: i/f '%s', tables %u (in) and %u (out)\n", ipfw2p->interface, ipfw2p->in_table,ipfw2p->out_table);
 --- snortsam/pkg-descr
 +++ snortsam/pkg-descr
 @@ -1,5 +1,6 @@
 -SnortSam is a plugin for Snort, an open-source light-weight
 -Intrusion Detection System (IDS). The plugin allows for
 -automated blocking of IP addresses on many firewalls.
 +SnortSam is an intelligent agent that allows the popular
 +open-source Intrusion Detection System called Snort to block
 +intruding connections by reconfiguration of many firewalls
 +and Cisco devices.
  
  WWW: http://www.snortsam.net
 --- patch_snortsam-2.69_v2.txt ends here ---
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Sat Dec 26 00:03:14 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140881 
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Thu Dec 31 20:18:37 UTC 2009 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140881 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/140881: commit references a PR
Date: Thu, 31 Dec 2009 20:18:41 +0000 (UTC)

 miwi        2009-12-31 20:18:29 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/snortsam    Makefile distinfo pkg-descr 
     security/snortsam/files snortsam.sh.in 
   Added files:
     security/snortsam/files pkg-install.in pkg-message.in 
                             ssp_ipfw2_no_table_check.patch 
   Removed files:
     security/snortsam/files patch-snortsam.h pkg-message-snortsam 
   Log:
   - Update to 2.69
   
   Changelog:
           http://snortsam.net/news.html
   
   PR:             140881
   Submitted by:   olli hauer <ohauer@gmx.de>
   Approved by:    maintainer timeout
   
   Revision  Changes    Path
   1.3       +53 -30    ports/security/snortsam/Makefile
   1.3       +3 -3      ports/security/snortsam/distinfo
   1.2       +0 -16     ports/security/snortsam/files/patch-snortsam.h (dead)
   1.1       +17 -0     ports/security/snortsam/files/pkg-install.in (new)
   1.2       +0 -10     ports/security/snortsam/files/pkg-message-snortsam (dead)
   1.1       +18 -0     ports/security/snortsam/files/pkg-message.in (new)
   1.3       +15 -16    ports/security/snortsam/files/snortsam.sh.in
   1.1       +18 -0     ports/security/snortsam/files/ssp_ipfw2_no_table_check.patch (new)
   1.2       +4 -3      ports/security/snortsam/pkg-descr
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
