There are several defines in src/fwalls/command_ipfilter.h which
utilize system mktemp using backticks. They erroneously supply
5 Xs instead of the minimum 6 required for the template.
affected defines:
COMMAND_BLOCK
COMMAND_RELEASE
COMMAND_FLUSH
The following patch addresses these defines, but not the associated
comments which supply examples of their output. I have only tested
that the package will still build. I have not performed any runtime
tests. Is there anyone who uses this port and would like to test?
Index: patches/patch-src_fwalls_command_ipfilter_h
===================================================================
RCS file: patches/patch-src_fwalls_command_ipfilter_h
diff -N patches/patch-src_fwalls_command_ipfilter_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_fwalls_command_ipfilter_h 13 Jun 2014 21:50:27 -0000
@@ -0,0 +1,23 @@
+$OpenBSD$
+--- src/fwalls/command_ipfilter.h.orig Fri Jun 13 14:32:26 2014
++++ src/fwalls/command_ipfilter.h Fri Jun 13 14:36:31 2014
+@@ -37,16 +37,16 @@
+ /* expanded, it runs something like
+ * if test $SSHG_ADDRKIND != 4; then exit 1 ; fi ; TMP=`mktemp
/tmp/ipfconf.XXXXX` && awk '1 ; /^##sshguard-begin##$/ { print \"block in quick
proto tcp from '\"$SSHG_ADDR\"' to any\" }' < /etc/ipfilter.conf > $TMP && mv
$TMP /etc/ipfilter.conf && /sbin/ipf -Fa && /sbin/ipf -f /etc/ipfilter.conf
+ */
+-#define COMMAND_BLOCK "if test $SSHG_ADDRKIND != 4; then exit 1 ; fi ;
TMP=`mktemp /tmp/ipfconf.XXXXX` && " QUOTEME(AWK) " '1 ; /^##sshguard-begin##$/
{ print \"block in quick proto tcp from '\"$SSHG_ADDR\"' to any\" }' <"
IPFILTER_CONFFILE " > $TMP && mv $TMP " IPFILTER_CONFFILE " && " IPFPATH "/ipf
-Fa && " IPFPATH "/ipf -f " IPFILTER_CONFFILE
++#define COMMAND_BLOCK "if test $SSHG_ADDRKIND != 4; then exit 1 ; fi ;
TMP=`mktemp /tmp/ipfconf.XXXXXX` && " QUOTEME(AWK) " '1 ;
/^##sshguard-begin##$/ { print \"block in quick proto tcp from '\"$SSHG_ADDR\"'
to any\" }' <" IPFILTER_CONFFILE " > $TMP && mv $TMP " IPFILTER_CONFFILE " && "
IPFPATH "/ipf -Fa && " IPFPATH "/ipf -f " IPFILTER_CONFFILE
+
+ /* expanded, it runs something like
+ * if test $SSHG_ADDRKIND != 4; then exit 1 ; fi ; TMP=`mktemp
/tmp/ipfconf.XXXXX` && awk 'BEGIN { copy = 1 } copy ; /^##sshguard-begin##$/
{ copy = 0 ; next } !copy { if ($0 !~ /'\"$SSHG_ADDR\"'.* /) print $0 }
/^##sshguard-end##$/ { copy = 1 }' < /etc/ipfilter.conf >$TMP && mv $TMP
/etc/ipfilter.conf && /sbin/ipf -Fa && /sbin/ipf -f /etc/ipfilter.conf
+ */
+-#define COMMAND_RELEASE "if test $SSHG_ADDRKIND != 4; then exit 1 ; fi ;
TMP=`mktemp /tmp/ipfconf.XXXXX` && " QUOTEME(AWK) " 'BEGIN { copy = 1 } copy ;
/^##sshguard-begin##$/ { copy = 0 ; next } !copy { if ($0 !~
/'\"$SSHG_ADDR\"'.*/) print $0 } /^##sshguard-end##$/ { copy = 1 }' <"
IPFILTER_CONFFILE " >$TMP && mv $TMP " IPFILTER_CONFFILE " && " IPFPATH "/ipf
-Fa && " IPFPATH "/ipf -f " IPFILTER_CONFFILE
++#define COMMAND_RELEASE "if test $SSHG_ADDRKIND != 4; then exit 1 ; fi ;
TMP=`mktemp /tmp/ipfconf.XXXXXX` && " QUOTEME(AWK) " 'BEGIN { copy = 1 } copy ;
/^##sshguard-begin##$/ { copy = 0 ; next } !copy { if ($0 !~
/'\"$SSHG_ADDR\"'.*/) print $0 } /^##sshguard-end##$/ { copy = 1 }' <"
IPFILTER_CONFFILE " >$TMP && mv $TMP " IPFILTER_CONFFILE " && " IPFPATH "/ipf
-Fa && " IPFPATH "/ipf -f " IPFILTER_CONFFILE
+
+ /* expanded, it runs something like
+ * TMP=`mktemp /tmp/ipfconf.XXXXX` && awk 'BEGIN { copy = 1 }
/^##sshguard-begin##$/ { print $0 ; copy = 0 } /^##sshguard-end##$/ { copy = 1
} copy' </etc/ipfilter.conf >$TMP ; mv $TMP /etc/ipfilter.conf ; /sbin/ipf -Fa
&& /sbin/ipf -f /etc/ipfilter.conf
+ */
+-#define COMMAND_FLUSH "TMP=`mktemp /tmp/ipfconf.XXXXX` && " QUOTEME(AWK)
" 'BEGIN { copy = 1 } /^##sshguard-begin##$/ { print $0 ; copy = 0 }
/^##sshguard-end##$/ { copy = 1 } copy' <" IPFILTER_CONFFILE " >$TMP ; mv $TMP
" IPFILTER_CONFFILE " ; " IPFPATH "/ipf -Fa && " IPFPATH "/ipf -f "
IPFILTER_CONFFILE
++#define COMMAND_FLUSH "TMP=`mktemp /tmp/ipfconf.XXXXXX` && "
QUOTEME(AWK) " 'BEGIN { copy = 1 } /^##sshguard-begin##$/ { print $0 ; copy = 0
} /^##sshguard-end##$/ { copy = 1 } copy' <" IPFILTER_CONFFILE " >$TMP ; mv
$TMP " IPFILTER_CONFFILE " ; " IPFPATH "/ipf -Fa && " IPFPATH "/ipf -f "
IPFILTER_CONFFILE
+
+ #endif
