Import Debian patch 0.5-3

debian/README.Debian

@@ -0,0 +1,2 @@
+To enable knockd edit /etc/knockd.conf and /etc/default/knockd first.
+

debian/changelog

@@ -0,0 +1,116 @@
+knockd (0.5-3) unstable; urgency=low
+
+  * debian/patches/include_limits_h.patch: add explicit include for 
+    limits.h (closes: #518882)
+  * debian/control: 
+      - bump policy to 3.8.0 (no changes)
+      - bump debhelper build-dep to 7
+  * debian/compat: bump to 7
+  * debian/copyright: add version to common-licences reference
+
+ -- Leo Costela <costela@debian.org>  Tue, 10 Mar 2009 00:27:42 +0100
+
+knockd (0.5-2) unstable; urgency=low
+
+  * acknoledge NMU (thanks Francesco!)
+  * debian/patches:
+    - add manpage_cmd_timeout.patch (closes: #418842) (thanks Bernd Zeimetz)
+    - add syslog_facility_daemon.patch to log to facility DAEMON
+    - change default_config.patch to use SysLog by default (closes: #299789)
+  * debian/logrotate: removed (see above)
+  * debian/control:
+    - add Homepage field and correct address (closes:#435568)
+    - update to policy 3.7.3 (no changes)
+    - bump dependency on debhelper to >=5
+    - add build-dep on autotools-dev to update config.{sub,guess}
+    - remove unused misc:Depends
+  * debian/compat: bump to 5
+  * debian/init:
+    - include LSB session
+    - overhaul and 'LSB-zation'
+    - fail to start gracefully, enabling upgrades in case of failure 
+      (closes: #399662)
+
+ -- Leo Costela <costela@debian.org>  Sun, 09 Dec 2007 01:54:11 +0100
+
+knockd (0.5-1.1) unstable; urgency=high
+
+  * NMU
+  * Fixing wrong SIGCHLD reaper with knockd.patch. It causes a lot of zombies around due to use of a simple wait().
+    This patch should go upstream, too.
+    (closes: #373009)
+
+ -- Francesco Paolo Lovergine <frankie@debian.org>  Tue,  7 Nov 2006 21:16:30 +0100
+
+knockd (0.5-1) unstable; urgency=low
+
+  * New upstream release
+  * Fixed typo in changelog
+  * Included logrotate script (sorry for the stupid delay) (closes: #299789)
+  * Changed build system to CDBS
+  * Changed default permissions of config file to 640 root.root
+
+ -- Leo Costela <costela@debian.org>  Wed, 06 Jul 2005 17:53:24 -0300
+
+knockd (0.4-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Leo Costela <costela@debian.org>  Tue, 18 Jan 2005 09:19:20 -0300
+
+knockd (0.3.1-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Leo Costela <costela@debian.org>  Fri, 17 Sep 2004 10:08:42 -0300
+
+knockd (0.3-2) unstable; urgency=low
+
+  * debian/control: add a few infos (closes: #271719)
+  * debian/init, debian/default: made option handling in default file more
+    generic (closes: #271718)
+  * debian/rules: corrected unpatch logic (closes: #271720)
+  * all of the above are thanks: Javier Fernández-Sanguino Peña
+    <jfs@computer.org>
+  * corrected the time zone in the changelog
+
+ -- Leo Costela <costela@debian.org>  Tue, 14 Sep 2004 17:21:35 -0300
+
+knockd (0.3-1) unstable; urgency=low
+
+  * New upstream release
+  * Corrected config and example files to point to /sbin/iptables (closes: #247519)
+  * Corrected debian/rules to make propper use of CFLAGS (I could have sworn
+    it was working here)
+  * Added an INTERFACE directive to /etc/default/knockd (closes: #248022)
+  * Changed build-dep from libpcap-dev to libpcap0.8-dev to reflect source
+    changes
+
+ -- Leo Costela <costela@debian.org>  Fri, 07 May 2004 17:35:46 -0300
+
+knockd (0.2.1-2) unstable; urgency=low
+
+  * Corrected init-script logic and removed extra lines
+
+ -- Leo Costela <costela@debian.org>  Mon, 26 Apr 2004 08:48:06 -0300
+
+knockd (0.2.1-1) unstable; urgency=low
+
+  * New uptream version
+  * First Debian release (closes: #243838)
+
+ -- Leo Costela <costela@debian.org>  Thu, 15 Apr 2004 22:52:05 -0300
+
+knockd (0.2-1) unstable; urgency=low
+
+  * New upstream version
+  * Patch incorporated into upstream
+
+ -- Leo Costela <costela@debian.org>  Thu, 15 Apr 2004 22:52:05 -0300
+ 
+knockd (0.1-1) unstable; urgency=low
+
+  * First Debian package
+
+ -- Leo Costela <costela@debian.org>  Wed, 14 Apr 2004 22:52:05 -0300
+

debian/compat

@@ -0,0 +1 @@
+7

debian/control

@@ -0,0 +1,19 @@
+Source: knockd
+Section: net
+Priority: optional
+Maintainer: Leo Costela <costela@debian.org>
+Build-Depends: debhelper (>= 7), cdbs (>= 0.4.10), autotools-dev, libpcap0.8-dev
+Standards-Version: 3.8.0
+Homepage: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
+
+Package: knockd
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate
+Description: small port-knock daemon
+ A port-knock server that listens to all traffic on a given network
+ interface (only Ethernet and PPP are currently supported), looking for 
+ a special "knock" sequences of port-hits. A remote system 
+ makes these port-hits by sending a TCP (or UDP) packet to a port on the
+ server. When the server detects a specific sequence of port-hits, it
+ runs a command defined in its configuration file. This can be used to
+ open up holes in a firewall for quick access.

debian/copyright

@@ -0,0 +1,10 @@
+This package was originally debianized by Leo Costela <costela@debian.org> on Wed, 14 Apr 2004 22:52:04 +0300.
+
+Original source has been downloaded from
+http://www.zeroflux.org/knock/
+
+Copyright:
+ Copyright (C) 2004 Judd Vinet <jvinet@zeroflux.org>
+
+A copy of the GNU General Public License, version 2, can be found in
+/usr/share/common-licenses/GPL-2.

debian/default

@@ -0,0 +1,15 @@
+################################################
+#
+# knockd's default file, for generic sys config
+#
+################################################
+
+# control if we start knockd at init or not
+# 1 = start
+# anything else = don't start
+#
+# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
+START_KNOCKD=0
+
+# command line options
+#KNOCKD_OPTS="-i eth1"

debian/docs

@@ -0,0 +1 @@
+README

debian/init

@@ -0,0 +1,71 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          knockd
+# Required-Start:    $network $syslog
+# Required-Stop:     $network $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: port-knock daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/knockd
+NAME=knockd
+PIDFILE=/var/run/$NAME.pid
+DEFAULTS_FILE=/etc/default/knockd
+DESC="Port-knock daemon"
+OPTIONS=" -d"
+
+umask 0037
+
+test -f $DAEMON || exit 0
+
+set -e
+
+[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
+
+. /lib/lsb/init-functions
+
+[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
+
+start_if_configured() {
+	if [ $START_KNOCKD -ne 1 ]; then
+                log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
+                exit 0
+	else
+		log_daemon_msg "Starting $DESC" "$NAME"
+		if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
+			# don't fail the upgrade if it fails to start
+			echo -n " "
+			log_action_end_msg 1 "$START_ERROR"
+			exit 0
+		else
+			log_end_msg 0
+		fi
+        fi
+}
+
+case "$1" in
+  start)
+	start_if_configured
+	;;
+  stop)
+	log_daemon_msg "Stopping $DESC" "$NAME"
+	start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+	log_end_msg 0
+	;;
+  restart|reload|force-reload)
+	log_daemon_msg "Stopping $DESC" "$NAME"
+	start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+	log_end_msg 0
+	sleep 1
+	start_if_configured
+	;;
+  *)
+        log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0

debian/patches/default_config.patch

@@ -0,0 +1,21 @@
+--- knockd-0.5/knockd.conf	2004-05-07 00:56:03.000000000 +0200
++++ knockd-0.5.new/knockd.conf	2007-12-09 20:50:39.000000000 +0100
+@@ -1,15 +1,15 @@
+ [options]
+-	logfile = /var/log/knockd.log
++	UseSyslog
+ 
+ [openSSH]
+ 	sequence    = 7000,8000,9000
+ 	seq_timeout = 5
+-	command     = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
++	command     = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+ 	tcpflags    = syn
+ 
+ [closeSSH]
+ 	sequence    = 9000,8000,7000
+ 	seq_timeout = 5
+-	command     = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
++	command     = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+ 	tcpflags    = syn
+ 

debian/patches/include_limits_h.patch

@@ -0,0 +1,11 @@
+diff -urN knockd-0.5/src/knockd.c knockd-0.5.new/src/knockd.c
+--- knockd-0.5/src/knockd.c	2005-06-27 07:11:34.000000000 +0200
++++ knockd-0.5.new/src/knockd.c	2009-03-10 00:24:25.000000000 +0100
+@@ -26,6 +26,7 @@
+ #include <signal.h>
+ #include <time.h>
+ #include <ctype.h>
++#include <limits.h>
+ #include <string.h>
+ #include <fcntl.h>
+ #include <netinet/in.h>

debian/patches/manpage_cmd_timeout.patch

@@ -0,0 +1,14 @@
+diff -uwr doc.orig/knockd.1.in doc/knockd.1.in
+--- doc.orig/knockd.1.in	2007-04-12 11:32:05.000000000 +0200
++++ doc/knockd.1.in	2007-04-12 11:33:02.000000000 +0200
+@@ -179,8 +179,8 @@
+ \fBStart_Command\fP.
+ .TP
+ .B "Cmd_Timeout = <timeout>"
+-Time to wait between \fBStart_Command\fP and \fBStop_Command\fP.  This
+-directive is optional, only required if \fBStop_Command\fP is used.
++Time to wait between \fBStart_Command\fP and \fBStop_Command\fP in seconds.
++This directive is optional, only required if \fBStop_Command\fP is used.
+ .TP
+ .B "Stop_Command = <command>"
+ Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed 

debian/patches/reap_child_procs.patch

@@ -0,0 +1,14 @@
+--- knockd-0.5/src/knockd.c	2005-06-27 07:11:34.000000000 +0200
++++ knockd-0.5-new/src/knockd.c	2006-11-07 21:07:46.000000000 +0100
+@@ -352,8 +352,9 @@
+ 
+ void child_exit(int signum)
+ {
+-	/* child wants to exit, let em die */
+-	wait(NULL);
++	int status;
++
++	while ( waitpid( (pid_t)-1, &status, WNOHANG ) > 0 ) continue;
+ 	return;
+ }
+ 

debian/patches/syslog_facility_daemon.patch

@@ -0,0 +1,12 @@
+diff -urN --exclude=debian knockd-0.5/src/knockd.c knockd-0.5.new/src/knockd.c
+--- knockd-0.5/src/knockd.c	2005-06-27 07:11:34.000000000 +0200
++++ knockd-0.5.new/src/knockd.c	2007-12-09 20:06:15.000000000 +0100
+@@ -183,7 +183,7 @@
+ 		strncpy(o_int, "eth0", sizeof(o_int));	/* no explicit termination needed */
+ 	}
+ 	if(o_usesyslog) {
+-		openlog("knockd", 0, LOG_USER);
++		openlog("knockd", 0, LOG_DAEMON);
+ 	}
+ 	if(strlen(o_logfile)) {
+ 		/* open the log file */

debian/rules

@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+# export DH_VERBOSE=1
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/rules/simple-patchsys.mk
+include /usr/share/cdbs/1/class/autotools.mk
+
+binary-predeb/knockd::
+	chmod 640 $(CURDIR)/debian/knockd/etc/knockd.conf
+