Up to [cvs.NetBSD.org] / pkgsrc / security / pflkm
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Remove security/pflkm, it's outdated and unmaintained. Approved by agc.
Add detection for pf 4.1 and 4.2.
Whitespace cleanup, courtesy of pkglint. Patch provided by Sergey Svishchev in private mail.
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Avoid extra stat() calls by not repeatedly checking whether a file exists on the disk -- we can just check whether a variable defined by find-files.mk is "__nonexistent__" or not.
Export a publicly readable variable PFCTL that contains the path to the "pfctl" binary.
Also check for the pfvar.h file in the subdirectory 'pf', DragonFly installs it there.
Add detection for pf from OpenBSD 3.8.
Pullup ticket 561 - requested by Johnny C. Lam fix built-in detection in pflkm Revisions pulled up: - pkgsrc/security/pflkm/builtin.mk 1.5 Module Name: pkgsrc Committed By: peter Date: Thu Jun 23 19:32:43 UTC 2005 Modified Files: pkgsrc/security/pflkm: builtin.mk Log Message: BUILTIN_PKG should contain the package name, otherwise the builtin detection doesn't work properly.
BUILTIN_PKG should contain the package name, otherwise the builtin detection doesn't work properly.
Massive cleanup of buildlink3.mk and builtin.mk files in pkgsrc. Several changes are involved since they are all interrelated. These changes affect about 1000 files. The first major change is rewriting bsd.builtin.mk as well as all of the builtin.mk files to follow the new example in bsd.builtin.mk. The loop to include all of the builtin.mk files needed by the package is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk is now included by each of the individual builtin.mk files and provides some common logic for all of the builtin.mk files. Currently, this includes the computation for whether the native or pkgsrc version of the package is preferred. This causes USE_BUILTIN.* to be correctly set when one builtin.mk file includes another. The second major change is teach the builtin.mk files to consider files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most of the builtin.mk files test for the presence of built-in software by checking for the existence of certain files, e.g. <pthread.h>, and we now assume that if that file is under ${LOCALBASE}, then it must be from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The exceptions to this new check are the X11 distribution packages, which are handled specially as noted below. The third major change is providing builtin.mk and version.mk files for each of the X11 distribution packages in pkgsrc. The builtin.mk file can detect whether the native X11 distribution is the same as the one provided by pkgsrc, and the version.mk file computes the version of the X11 distribution package, whether it's built-in or not. The fourth major change is that the buildlink3.mk files for X11 packages that install parts which are part of X11 distribution packages, e.g. Xpm, Xcursor, etc., now use imake to query the X11 distribution for whether the software is already provided by the X11 distribution. This is more accurate than grepping for a symbol name in the imake config files. Using imake required sprinkling various builtin-imake.mk helper files into pkgsrc directories. These files are used as input to imake since imake can't use stdin for that purpose. The fifth major change is in how packages note that they use X11. Instead of setting USE_X11, package Makefiles should now include x11.buildlink3.mk instead. This causes the X11 package buildlink3 and builtin logic to be executed at the correct place for buildlink3.mk and builtin.mk files that previously set USE_X11, and fixes packages that relied on buildlink3.mk files to implicitly note that X11 is needed. Package buildlink3.mk should also include x11.buildlink3.mk when linking against the package libraries requires also linking against the X11 libraries. Where it was obvious, redundant inclusions of x11.buildlink3.mk have been removed.
Update to 20050511. Changes: Updated to OpenBSD 3.7 pf: * Support limiting TCP connections by establishment rate, automatically adding flooding IP addresses to tables and flushing states (max-src-conn-rate, overload <table>, flush global). * Improved functionality of tags (tag and tagged for translation rules, tagging of all packets matching state entries). * Improved diagnostics (error messages and additional counters from pfctl -si). * New keyword set skip on to skip filtering on arbitrary interfaces, like loopback. * Several bugfixes improving stability. ALTQ is now also supported by using the option 'altq', see the homepage for information about how to apply the kernel patch. Approved by: Thomas Klausner <wiz@NetBSD.org>
Remove part of the builtin version detection that doesn't work properly. It can't be fixed easily because the pflkm package uses different versioning (dates instead of 3.5, 3.6, etc). So just disable it for now until I've found a better way to handle this. Approved by wiz.
Initial import of pflkm-20041025 into the NetBSD Packages Collection. Packet Filter (from here on referred to as PF) is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic. PF was originally developed by Daniel Hartmeier and is now maintained and developed by Daniel and the rest of the OpenBSD team. This package includes a complete port (LKM and userland utilities) from OpenBSD 3.6 to NetBSD 2.0.
Initial revision