add changelog entry for 0.7-1

Gbp-Dch: ignore
add watch file
2026-01-11 21:42:49 +00:00 · 2016-10-08 16:08:04 +02:00 · 2016-10-08 16:03:25 +02:00 · 2016-10-08 16:03:25 +02:00 · 2016-10-08 15:19:17 +02:00 · 2016-10-08 14:32:05 +02:00
16 changed files with 144 additions and 120 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.pc
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+knockd (0.7-1) unstable; urgency=medium
+
+  * [b2567e28] New upstream version 0.7 (closes: #761853)
+    - adds timeout to pcap_open_live (closes: #816388, #308078)
+  * [48f78ca5] bump policy to 3.9.8 (no changes)
+  * [0b63eacb] update homepage url
+  * [86381cd5] migrate to dh short notation
+  * [4a38db8d] drop patches/include_limits_h: fixed upstream
+  * [42ec7481] drop patches/manpage_cmd_timeout: fixed upstream
+  * [733d82a7] switch to source/format 3.0 (quilt)
+  * [bfc99c1f] add systemd support (closes: #729663)
+  * [197eb24d] init: add dependency on $remote_fs
+  * [848daeab] add hardening flags
+  * [5c686b87] remove knock client docs from installation
+  * [805dec71] debian/control: add VCS URL
+  * [14a9bb3f] add watch file
+
+ -- Leo Antunes <costela@debian.org>  Sat, 08 Oct 2016 16:05:00 +0200
+
 knockd (0.5-3) unstable; urgency=low

  * debian/patches/include_limits_h.patch: add explicit include for 
--- a/debian/control
+++ b/debian/control
@@ -1,14 +1,15 @@
 Source: knockd
 Section: net
 Priority: optional
-Maintainer: Leo Costela <costela@debian.org>
-Build-Depends: debhelper (>= 7), cdbs (>= 0.4.10), autotools-dev, libpcap0.8-dev
+Maintainer: Leo Antunes <costela@debian.org>
+Build-Depends: debhelper (>= 9.20160709~), autotools-dev, libpcap0.8-dev
 Standards-Version: 3.9.8
 Homepage: http://www.zeroflux.org/projects/knock
+VCS-Git: git://anonscm.debian.org/collab-maint/knockd.git

 Package: knockd
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate
+Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, lsb-base (>= 3.0-6)
 Description: small port-knock daemon
 A port-knock server that listens to all traffic on a given network
 interface (only Ethernet and PPP are currently supported), looking for 
--- a/debian/default
+++ b/debian/default
@@ -1,13 +1,6 @@
-################################################
-#
-# knockd's default file, for generic sys config
-#
-################################################
-
 # control if we start knockd at init or not
 # 1 = start
 # anything else = don't start
-#
 # PLEASE EDIT /etc/knockd.conf BEFORE ENABLING
 START_KNOCKD=0

--- a/debian/docs
+++ b/debian/docs
@@ -1 +0,0 @@
-README
--- a/debian/init
+++ b/debian/init
@@ -1,71 +0,0 @@
-#! /bin/sh
-
-### BEGIN INIT INFO
-# Provides:          knockd
-# Required-Start:    $network $syslog
-# Required-Stop:     $network $syslog
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: port-knock daemon
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/knockd
-NAME=knockd
-PIDFILE=/var/run/$NAME.pid
-DEFAULTS_FILE=/etc/default/knockd
-DESC="Port-knock daemon"
-OPTIONS=" -d"
-
-umask 0037
-
-test -f $DAEMON || exit 0
-
-set -e
-
-[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
-
-. /lib/lsb/init-functions
-
-[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
-
-start_if_configured() {
-	if [ $START_KNOCKD -ne 1 ]; then
-                log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
-                exit 0
-	else
-		log_daemon_msg "Starting $DESC" "$NAME"
-		if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
-			# don't fail the upgrade if it fails to start
-			echo -n " "
-			log_action_end_msg 1 "$START_ERROR"
-			exit 0
-		else
-			log_end_msg 0
-		fi
-        fi
-}
-
-case "$1" in
-  start)
-	start_if_configured
-	;;
-  stop)
-	log_daemon_msg "Stopping $DESC" "$NAME"
-	start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
-	log_end_msg 0
-	;;
-  restart|reload|force-reload)
-	log_daemon_msg "Stopping $DESC" "$NAME"
-	start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
-	log_end_msg 0
-	sleep 1
-	start_if_configured
-	;;
-  *)
-        log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
-	exit 1
-	;;
-esac
-
-exit 0
--- a/debian/knockd.init
+++ b/debian/knockd.init
@@ -0,0 +1,71 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          knockd
+# Required-Start:    $network $syslog $remote_fs
+# Required-Stop:     $network $syslog $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: port-knock daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/knockd
+NAME=knockd
+PIDFILE=/var/run/$NAME.pid
+DEFAULTS_FILE=/etc/default/knockd
+DESC="Port-knock daemon"
+OPTIONS=" -d"
+
+umask 0037
+
+test -f $DAEMON || exit 0
+
+set -e
+
+[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
+
+. /lib/lsb/init-functions
+
+[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
+
+start_if_configured() {
+    if [ $START_KNOCKD -ne 1 ]; then
+        log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
+        exit 0
+    else
+        log_daemon_msg "Starting $DESC" "$NAME"
+        if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
+            # don't fail the upgrade if it fails to start
+            echo -n " "
+            log_action_end_msg 1 "$START_ERROR"
+            exit 0
+        else
+            log_end_msg 0
+        fi
+    fi
+}
+
+case "$1" in
+    start)
+        start_if_configured
+        ;;
+    stop)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+        log_end_msg 0
+        ;;
+    restart|reload|force-reload)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
+        log_end_msg 0
+        sleep 1
+        start_if_configured
+        ;;
+    *)
+        log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
--- a/debian/knockd.service
+++ b/debian/knockd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Port-Knock Daemon
+After=network.target
+Documentation=man:knockd(1)
+
+[Service]
+EnvironmentFile=-/etc/default/knockd
+ExecStart=/usr/sbin/knockd $KNOCKD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+SuccessExitStatus=0 2 15
+ProtectSystem=full
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
--- a/debian/patches/include_limits_h.patch
+++ b/debian/patches/include_limits_h.patch
@@ -1,11 +0,0 @@
-diff -urN knockd-0.5/src/knockd.c knockd-0.5.new/src/knockd.c
--- knockd-0.5/src/knockd.c	2005-06-27 07:11:34.000000000 +0200
-+++ knockd-0.5.new/src/knockd.c	2009-03-10 00:24:25.000000000 +0100
-@@ -26,6 +26,7 @@
- #include <signal.h>
- #include <time.h>
- #include <ctype.h>
-+#include <limits.h>
- #include <string.h>
- #include <fcntl.h>
- #include <netinet/in.h>
--- a/debian/patches/manpage_cmd_timeout.patch
+++ b/debian/patches/manpage_cmd_timeout.patch
@@ -1,14 +0,0 @@
-diff -uwr doc.orig/knockd.1.in doc/knockd.1.in
--- doc.orig/knockd.1.in	2007-04-12 11:32:05.000000000 +0200
-+++ doc/knockd.1.in	2007-04-12 11:33:02.000000000 +0200
-@@ -179,8 +179,8 @@
- \fBStart_Command\fP.
- .TP
- .B "Cmd_Timeout = <timeout>"
-Time to wait between \fBStart_Command\fP and \fBStop_Command\fP.  This
-directive is optional, only required if \fBStop_Command\fP is used.
-+Time to wait between \fBStart_Command\fP and \fBStop_Command\fP in seconds.
-+This directive is optional, only required if \fBStop_Command\fP is used.
- .TP
- .B "Stop_Command = <command>"
- Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed 
--- a/debian/patches/reap_child_procs.patch
+++ b/debian/patches/reap_child_procs.patch
@@ -1,6 +1,8 @@
--- knockd-0.5/src/knockd.c	2005-06-27 07:11:34.000000000 +0200
-+++ knockd-0.5-new/src/knockd.c	2006-11-07 21:07:46.000000000 +0100
-@@ -352,8 +352,9 @@
+Index: repo/src/knockd.c
+===================================================================
+--- repo.orig/src/knockd.c	2016-09-28 21:42:58.417421069 +0200
+++ repo/src/knockd.c	2016-09-28 21:42:58.413421096 +0200
+@@ -366,8 +366,9 @@
 
 void child_exit(int signum)
 {
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+default_config.patch
+reap_child_procs.patch
+syslog_facility_daemon.patch
--- a/debian/patches/syslog_facility_daemon.patch
+++ b/debian/patches/syslog_facility_daemon.patch
@@ -1,7 +1,8 @@
-diff -urN --exclude=debian knockd-0.5/src/knockd.c knockd-0.5.new/src/knockd.c
--- knockd-0.5/src/knockd.c	2005-06-27 07:11:34.000000000 +0200
-+++ knockd-0.5.new/src/knockd.c	2007-12-09 20:06:15.000000000 +0100
-@@ -183,7 +183,7 @@
+Index: repo/src/knockd.c
+===================================================================
+--- repo.orig/src/knockd.c	2016-09-28 21:43:16.741293903 +0200
+++ repo/src/knockd.c	2016-09-28 21:43:16.741293903 +0200
+@@ -195,7 +195,7 @@
 		strncpy(o_int, "eth0", sizeof(o_int));	/* no explicit termination needed */
 	}
 	if(o_usesyslog) {
--- a/debian/rules
+++ b/debian/rules
@@ -1,11 +1,24 @@
 #!/usr/bin/make -f

-# export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed,--no-undefined,--no-add-needed
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk

-include /usr/share/cdbs/1/rules/debhelper.mk
-include /usr/share/cdbs/1/rules/simple-patchsys.mk
-include /usr/share/cdbs/1/class/autotools.mk
+%:
+	dh $@ --with autotools-dev --with systemd

-binary-predeb/knockd::
-	chmod 640 $(CURDIR)/debian/knockd/etc/knockd.conf
+override_dh_install:
+	dh_install
+	# original installation has duplicate docs for knock and knockd
+	rm -rf debian/knockd/usr/share/doc/knock

+# the standard config is unsafe
+override_dh_systemd_enable:
+	dh_systemd_enable --no-enable
+
+override_dh_systemd_start:
+	dh_systemd_start --no-start
+
+override_dh_installinit:
+	dh_installinit --no-start
--- a/debian/source/format
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
--- a/debian/watch
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+
+http://www.zeroflux.org/proj/knock/ files/knock@ANY_VERSION@@ARCHIVE_EXT@ debian uupdate
Author	SHA1	Message	Date
Leo Antunes	26e4c5ae8c	add changelog entry for 0.7-1 Gbp-Dch: ignore	2016-10-08 16:08:04 +02:00
Leo Antunes	14a9bb3f09	add watch file	2016-10-08 16:03:25 +02:00
Leo Antunes	805dec719b	debian/control: add VCS URL	2016-10-08 16:03:25 +02:00
Leo Antunes	5c686b87a6	remove knock client docs from installation otherwise we end up with multiple documentation copies in the single binary package	2016-10-08 15:19:17 +02:00
Leo Antunes	848daeab94	add hardening flags	2016-10-08 14:32:05 +02:00
Leo Antunes	197eb24d24	init: add dependency on $remote_fs	2016-10-08 14:32:05 +02:00
Leo Antunes	bfc99c1f23	add systemd support (closes: #729663 )	2016-10-08 14:31:50 +02:00
Leo Antunes	733d82a7cb	switch to source/format 3.0 (quilt)	2016-09-28 21:44:14 +02:00
Leo Antunes	802af55953	remove debian/docs (README deleted upstream) Gbp-Dch: ignore	2016-09-28 21:38:27 +02:00
Leo Antunes	42ec748116	drop patches/manpage_cmd_timeout: fixed upstream	2016-09-28 21:34:43 +02:00
Leo Antunes	4a38db8d9a	drop patches/include_limits_h: fixed upstream	2016-09-28 21:33:15 +02:00
Leo Antunes	86381cd502	migrate to dh short notation	2016-09-28 21:27:32 +02:00