--- knockd-0.5.orig/debian/README.Debian +++ knockd-0.5/debian/README.Debian @@ -0,0 +1,2 @@ +To enable knockd edit /etc/knockd.conf and /etc/default/knockd first. + --- knockd-0.5.orig/debian/default +++ knockd-0.5/debian/default @@ -0,0 +1,15 @@ +################################################ +# +# knockd's default file, for generic sys config +# +################################################ + +# control if we start knockd at init or not +# 1 = start +# anything else = don't start +# +# PLEASE EDIT /etc/knockd.conf BEFORE ENABLING +START_KNOCKD=0 + +# command line options +#KNOCKD_OPTS="-i eth1" --- knockd-0.5.orig/debian/changelog +++ knockd-0.5/debian/changelog @@ -0,0 +1,137 @@ +knockd (0.5-3ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - Add debian/patches/manpage_fix.patch to fix path of iptables in the manpage. + + -- Alessio Treglia Wed, 25 Mar 2009 09:27:37 +0100 + +knockd (0.5-3) unstable; urgency=low + + * debian/patches/include_limits_h.patch: add explicit include for + limits.h (closes: #518882) + * debian/control: + - bump policy to 3.8.0 (no changes) + - bump debhelper build-dep to 7 + * debian/compat: bump to 7 + * debian/copyright: add version to common-licences reference + + -- Leo Costela Tue, 10 Mar 2009 00:27:42 +0100 + +knockd (0.5-2ubuntu2) gutsy; urgency=low + + * debian/control: Update maintainer fields according to debian- + maintainer-field spec. + + -- Martin Pitt Wed, 15 Aug 2007 08:06:50 +0000 + +knockd (0.5-2ubuntu1) dapper; urgency=low + + * debian/patches/manpage_fix.patch + Fixes patth of iptables in knockd.1.man. (closes: Malone #31379). + + -- Chuck Short Wed, 19 Apr 2006 12:50:10 -0400 + +knockd (0.5-2) unstable; urgency=low + + * acknoledge NMU (thanks Francesco!) + * debian/patches: + - add manpage_cmd_timeout.patch (closes: #418842) (thanks Bernd Zeimetz) + - add syslog_facility_daemon.patch to log to facility DAEMON + - change default_config.patch to use SysLog by default (closes: #299789) + * debian/logrotate: removed (see above) + * debian/control: + - add Homepage field and correct address (closes:#435568) + - update to policy 3.7.3 (no changes) + - bump dependency on debhelper to >=5 + - add build-dep on autotools-dev to update config.{sub,guess} + - remove unused misc:Depends + * debian/compat: bump to 5 + * debian/init: + - include LSB session + - overhaul and 'LSB-zation' + - fail to start gracefully, enabling upgrades in case of failure + (closes: #399662) + + -- Leo Costela Sun, 09 Dec 2007 01:54:11 +0100 + +knockd (0.5-1.1) unstable; urgency=high + + * NMU + * Fixing wrong SIGCHLD reaper with knockd.patch. It causes a lot of zombies around due to use of a simple wait(). + This patch should go upstream, too. + (closes: #373009) + + -- Francesco Paolo Lovergine Tue, 7 Nov 2006 21:16:30 +0100 + +knockd (0.5-1) unstable; urgency=low + + * New upstream release + * Fixed typo in changelog + * Included logrotate script (sorry for the stupid delay) (closes: #299789) + * Changed build system to CDBS + * Changed default permissions of config file to 640 root.root + + -- Leo Costela Wed, 06 Jul 2005 17:53:24 -0300 + +knockd (0.4-1) unstable; urgency=low + + * New upstream release + + -- Leo Costela Tue, 18 Jan 2005 09:19:20 -0300 + +knockd (0.3.1-1) unstable; urgency=low + + * New upstream release + + -- Leo Costela Fri, 17 Sep 2004 10:08:42 -0300 + +knockd (0.3-2) unstable; urgency=low + + * debian/control: add a few infos (closes: #271719) + * debian/init, debian/default: made option handling in default file more + generic (closes: #271718) + * debian/rules: corrected unpatch logic (closes: #271720) + * all of the above are thanks: Javier Fernández-Sanguino Peña + + * corrected the time zone in the changelog + + -- Leo Costela Tue, 14 Sep 2004 17:21:35 -0300 + +knockd (0.3-1) unstable; urgency=low + + * New upstream release + * Corrected config and example files to point to /sbin/iptables (closes: #247519) + * Corrected debian/rules to make propper use of CFLAGS (I could have sworn + it was working here) + * Added an INTERFACE directive to /etc/default/knockd (closes: #248022) + * Changed build-dep from libpcap-dev to libpcap0.8-dev to reflect source + changes + + -- Leo Costela Fri, 07 May 2004 17:35:46 -0300 + +knockd (0.2.1-2) unstable; urgency=low + + * Corrected init-script logic and removed extra lines + + -- Leo Costela Mon, 26 Apr 2004 08:48:06 -0300 + +knockd (0.2.1-1) unstable; urgency=low + + * New uptream version + * First Debian release (closes: #243838) + + -- Leo Costela Thu, 15 Apr 2004 22:52:05 -0300 + +knockd (0.2-1) unstable; urgency=low + + * New upstream version + * Patch incorporated into upstream + + -- Leo Costela Thu, 15 Apr 2004 22:52:05 -0300 + +knockd (0.1-1) unstable; urgency=low + + * First Debian package + + -- Leo Costela Wed, 14 Apr 2004 22:52:05 -0300 + --- knockd-0.5.orig/debian/control +++ knockd-0.5/debian/control @@ -0,0 +1,20 @@ +Source: knockd +Section: net +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Leo Costela +Build-Depends: debhelper (>= 7), cdbs (>= 0.4.10), autotools-dev, libpcap0.8-dev +Standards-Version: 3.8.0 +Homepage: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki + +Package: knockd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate +Description: small port-knock daemon + A port-knock server that listens to all traffic on a given network + interface (only Ethernet and PPP are currently supported), looking for + a special "knock" sequences of port-hits. A remote system + makes these port-hits by sending a TCP (or UDP) packet to a port on the + server. When the server detects a specific sequence of port-hits, it + runs a command defined in its configuration file. This can be used to + open up holes in a firewall for quick access. --- knockd-0.5.orig/debian/compat +++ knockd-0.5/debian/compat @@ -0,0 +1 @@ +7 --- knockd-0.5.orig/debian/docs +++ knockd-0.5/debian/docs @@ -0,0 +1 @@ +README --- knockd-0.5.orig/debian/rules +++ knockd-0.5/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +# export DH_VERBOSE=1 + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/cdbs/1/class/autotools.mk + +binary-predeb/knockd:: + chmod 640 $(CURDIR)/debian/knockd/etc/knockd.conf + --- knockd-0.5.orig/debian/copyright +++ knockd-0.5/debian/copyright @@ -0,0 +1,10 @@ +This package was originally debianized by Leo Costela on Wed, 14 Apr 2004 22:52:04 +0300. + +Original source has been downloaded from +http://www.zeroflux.org/knock/ + +Copyright: + Copyright (C) 2004 Judd Vinet + +A copy of the GNU General Public License, version 2, can be found in +/usr/share/common-licenses/GPL-2. --- knockd-0.5.orig/debian/init +++ knockd-0.5/debian/init @@ -0,0 +1,71 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: knockd +# Required-Start: $network $syslog +# Required-Stop: $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: port-knock daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/knockd +NAME=knockd +PIDFILE=/var/run/$NAME.pid +DEFAULTS_FILE=/etc/default/knockd +DESC="Port-knock daemon" +OPTIONS=" -d" + +umask 0037 + +test -f $DAEMON || exit 0 + +set -e + +[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE + +. /lib/lsb/init-functions + +[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS" + +start_if_configured() { + if [ $START_KNOCKD -ne 1 ]; then + log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE" + exit 0 + else + log_daemon_msg "Starting $DESC" "$NAME" + if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then + # don't fail the upgrade if it fails to start + echo -n " " + log_action_end_msg 1 "$START_ERROR" + exit 0 + else + log_end_msg 0 + fi + fi +} + +case "$1" in + start) + start_if_configured + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --oknodo --quiet --exec $DAEMON + log_end_msg 0 + ;; + restart|reload|force-reload) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --oknodo --quiet --exec $DAEMON + log_end_msg 0 + sleep 1 + start_if_configured + ;; + *) + log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- knockd-0.5.orig/debian/patches/manpage_fix.patch +++ knockd-0.5/debian/patches/manpage_fix.patch @@ -0,0 +1,19 @@ +diff -Naur knock-0.5.orig/doc/knockd.1.in knock-0.5/doc/knockd.1.in +--- knock-0.5.orig/doc/knockd.1.in 2005-06-29 14:45:17.000000000 -0400 ++++ knock-0.5/doc/knockd.1.in 2006-04-19 12:54:13.000000000 -0400 +@@ -60,13 +60,13 @@ + sequence = 7000,8000,9000 + seq_timeout = 10 + tcpflags = syn +- command = /usr/sbin/iptables -A INPUT -s %IP% -j ACCEPT ++ command = /sbin/iptables -A INPUT -s %IP% -j ACCEPT + + [closeSSH] + sequence = 9000,8000,7000 + seq_timeout = 10 + tcpflags = syn +- command = /usr/sbin/iptables -D INPUT -s %IP% -j ACCEPT ++ command = /sbin/iptables -D INPUT -s %IP% -j ACCEPT + + .fi + .RE --- knockd-0.5.orig/debian/patches/default_config.patch +++ knockd-0.5/debian/patches/default_config.patch @@ -0,0 +1,21 @@ +--- knockd-0.5/knockd.conf 2004-05-07 00:56:03.000000000 +0200 ++++ knockd-0.5.new/knockd.conf 2007-12-09 20:50:39.000000000 +0100 +@@ -1,15 +1,15 @@ + [options] +- logfile = /var/log/knockd.log ++ UseSyslog + + [openSSH] + sequence = 7000,8000,9000 + seq_timeout = 5 +- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT ++ command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT + tcpflags = syn + + [closeSSH] + sequence = 9000,8000,7000 + seq_timeout = 5 +- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT ++ command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT + tcpflags = syn + --- knockd-0.5.orig/debian/patches/reap_child_procs.patch +++ knockd-0.5/debian/patches/reap_child_procs.patch @@ -0,0 +1,14 @@ +--- knockd-0.5/src/knockd.c 2005-06-27 07:11:34.000000000 +0200 ++++ knockd-0.5-new/src/knockd.c 2006-11-07 21:07:46.000000000 +0100 +@@ -352,8 +352,9 @@ + + void child_exit(int signum) + { +- /* child wants to exit, let em die */ +- wait(NULL); ++ int status; ++ ++ while ( waitpid( (pid_t)-1, &status, WNOHANG ) > 0 ) continue; + return; + } + --- knockd-0.5.orig/debian/patches/syslog_facility_daemon.patch +++ knockd-0.5/debian/patches/syslog_facility_daemon.patch @@ -0,0 +1,12 @@ +diff -urN --exclude=debian knockd-0.5/src/knockd.c knockd-0.5.new/src/knockd.c +--- knockd-0.5/src/knockd.c 2005-06-27 07:11:34.000000000 +0200 ++++ knockd-0.5.new/src/knockd.c 2007-12-09 20:06:15.000000000 +0100 +@@ -183,7 +183,7 @@ + strncpy(o_int, "eth0", sizeof(o_int)); /* no explicit termination needed */ + } + if(o_usesyslog) { +- openlog("knockd", 0, LOG_USER); ++ openlog("knockd", 0, LOG_DAEMON); + } + if(strlen(o_logfile)) { + /* open the log file */ --- knockd-0.5.orig/debian/patches/manpage_cmd_timeout.patch +++ knockd-0.5/debian/patches/manpage_cmd_timeout.patch @@ -0,0 +1,14 @@ +diff -uwr doc.orig/knockd.1.in doc/knockd.1.in +--- doc.orig/knockd.1.in 2007-04-12 11:32:05.000000000 +0200 ++++ doc/knockd.1.in 2007-04-12 11:33:02.000000000 +0200 +@@ -179,8 +179,8 @@ + \fBStart_Command\fP. + .TP + .B "Cmd_Timeout = " +-Time to wait between \fBStart_Command\fP and \fBStop_Command\fP. This +-directive is optional, only required if \fBStop_Command\fP is used. ++Time to wait between \fBStart_Command\fP and \fBStop_Command\fP in seconds. ++This directive is optional, only required if \fBStop_Command\fP is used. + .TP + .B "Stop_Command = " + Specify the command to be executed when \fBCmd_Timeout\fP seconds have passed --- knockd-0.5.orig/debian/patches/include_limits_h.patch +++ knockd-0.5/debian/patches/include_limits_h.patch @@ -0,0 +1,11 @@ +diff -urN knockd-0.5/src/knockd.c knockd-0.5.new/src/knockd.c +--- knockd-0.5/src/knockd.c 2005-06-27 07:11:34.000000000 +0200 ++++ knockd-0.5.new/src/knockd.c 2009-03-10 00:24:25.000000000 +0100 +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + #include + #include