security/samhain: Moved man to share/man

Approved by:    portmgr (blanket)

security/samhain: fix build on big-endian

x_sh_checksum.c:471:15: error: incompatible pointer to integer conversion
passing 'sha2_word32[8]' (aka 'unsigned int[8]') to parameter of type 'int'
[-Wint-conversion]
    memset(d, context->state, SHA256_DIGEST_LENGTH);
              ^~~~~~~~~~~~~~

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>

security/samhain: fix build on powerpc64

x_sh_dbIO.c:229:36: error: initializer element is not a compile-time constant
      static unsigned short ooop = *iptr;

Remove # $FreeBSD$ from Makefiles.

Mark ports that are BROKEN due to sbrk on aarch64, also BROKEN on riscv64
where appropriate.

While here, pet portlint (Makevar order; whitespace).

Approved by:	portmgr (tier-2 blanket)

security/samhain: Update to 4.4.3

ChangeLog: https://www.la-samhna.de/samhain/index.html

PR:	251735
Submitted by:	freebsd@gregv.net (maintainer)

security/samhain: housekeeping

- The port comes in three flavors, standalone, -server, and -client.
  All three use one or more files under /var/lib.  Remove the logic
  that only includes that dir in plist for some of those flavors,
  and include it for all.
- Get rid of .sh extensions on rc scripts.
- Use INSTALL_SCRIPT instead of CP to ensure the rc scripts have
  useful permissions.
- Patch the rc script source so they properly respect settings in rc.conf.
- Use @postunexec in plist instead of the deprecated @unexec.

PR:		249433
Submitted by:	Greg Veldman <freebsd@gregv.net> (maintainer)

Fixup qat.

security/samhain: update to 4.4.2

PR:		249113
Submitted by:	Greg Veldman <freebsd@gregv.net> (maintainer)

Add the missing patch from last commit

PR:		244648
Reported by:	Greg Veldman <freebsd@gregv.net> (maintainer)

Update to 4.4.1

PR:		244648
Submitted by:	Greg Veldman <freebsd@gregv.net> (maintainer)
Reported by:	Nikola Kolev <koue@chaosophia.net>

Pass maintainership to the submitter

PR:		248143
Submitted by:	Greg Veldman <freebsd@gregv.net>

Drop MAINTAINER'ship per maintainer request

PR:		247919, 247920, 247921, 247922, 247923, 247924, 247916
Submitted by:	Nikola Kolev <koue@chaosophia.net>
Event:		July 2020 Bugathon

security/samhain: Fix PRELUDE_LIB_DEPENDS

security/samhain: update to 4.3.3

PR:		241044
Submitted by:	Nikola Kolev <koue@chaosophia.net> (maintainer)

security/samhain: Spell *_CONFIGURE_ON correctly

While here

- Put database options in a radio group since only one can be on
  at a time
- Move implied options to *_IMPLIES
- ODBC implies XML_LOGS too

Convert to UCL & cleanup pkg-message (categories s)

Update to 4.3.2

Changelog:
 * fix compile failure on OpenBSD (reported by Mithrond)

PR:		234933
Submitted by:	Nikola Kolev <koue@chaosophia.net> (maintainer)
Sponsored by:	Netzkommune GmbH

security/samhain: update to 4.3.1

PR:		231941
Submitted by:	Nikola Kolev <koue@chaosophia.net> (maintainer)

Do not abuse INSTALL_MAN when installing documentation, examples, and
other miscellaneous files which are not actually manual pages.

Remove support for variables that have been deprecated for a while.

variables                  deprecation       revision
WITHOUT_NLS                2013-12-13        r336337
WITH_/WITHOUT_             2014-02-24        r345870
NOPORT(DOC|EXAMPLE)S       2014-04-19        r351587
WITH_BDB_VER               2016-05-02        r414444
OVERRIDE_LINUX_BASE_PORT   2016-09-05        r421387
WITH_OPENSSL_(BASE|PORT)   2016-06-16        r416965

While there, add an ERROR variable that works like DEV_ERROR, but for
user facing errors, and move NOPORTDOCS,
NOPORTEXAMPLES and WITHOUT_NLS to it.

Cleanup bsd.sanity.mk a bit.

Fix fallout.

PR:		224613
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D13490

- Update to 4.2.4

PR:		224991
Submitted by:	koue@chaosophia.net(maintainer)

security/samhain: update 4.2.1 -> 4.2.3

PR:		223444
Submitted by:	Nikola Kolev <koue@chaosophia.net> (maintainer)

Remove post-stage: and merge into existing post-install:

- Add missing OPTIONS_DEFINE=DOCS
- Convert to options target helper

Approved by:	portmgr (blanket)

Fix OPTIONS_DEFAULT: remove IPV6 which is added by framework

Approved by:	portmgr (blanket)

- Update to 4.2.1

PR:		218537
Submitted by:	Nikola Kolev
Approved by:	maintainer timeout

Mark some ports failing on aarch64, and, in a few cases, other tier-2
archs.

While here, pet portlint.

Approved by:	portmgr (tier-2 blanket)

Regular ${PORTSDIR}/ removal from dependencies.

Sponsored by:	Absolight

add ports for Samhain Intrusion Detection System

Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).

Samhain can optionally be used as client/server system to provide
centralized monitoring for multiple host. Logging to a (MySQL or
PostgreSQL) database is supported.

PR:		214623
Submitted by:	Nikola Kolev <koue@chaosophia.net>

Remove non staged ports without pending PR from s*

security/libprelude: Take MAINTAINER'ship, STAGE & Modernize

- Take Maintainership
- Enable STAGE support
- Tweak MASTER_SITES https -> http (portlint)
- Add LICENSE and LICENSE_FILE
- Deprecate USE_AUTOTOOLS for libtool (-> USES)
- Sort USES and OPTIONS
- Use OPTIONS helpers as much as possible for now [1]
- Add --enable-static to CONFIGURE_ARGS to retain the static lib
- Assign and Use ETCDIR rather than hardcoding
- Use the install-strip install target
- Update pkg-plist, use @sample and other goodies

While I'm here, bump dependent ports since our SHLIB major version has
changed

[1] https://reviews.freebsd.org/D665

Approved by: portmgr (implicit, bump unstaged port)

Fix some non default LIB_DEPENDS

With hat:	portmgr

Resetting maintainership on ports that have not been staged and without any
pending PR (related to stage)

With hat:	portmgr

Fix properties on pkg-plist

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

Update to 3.0.13. Fixes a regression in the GrowingLogFiles policy.

Convert to new options framework

Update to 3.0.12. Changes:

- A bug has been fixed that could cause a slow and steady increase of memory
  usage

- Negated conditionals in the config file are handled correctly now

Update to 3.0.11. Changes:

 -  Log rotation is handled more gracefully now under favourable
    conditions (logfile is moved so inode is kept, and it does not get
    compressed immediately).

 -  An option IgnoreModified has been added to cover transient files that
    not only get added/deleted but also modified during their lifetime.

 -  An option KernelCheckProc has been added to suppress the kernel /proc test.

 -  Large groups are handled better now.

 -  Reconnecting to a temporarily unavailable Oracle database has been fixed.

Feature safe: yes

Update to 3.0.9.

Bump ports affected by security/libprelude update

Update to 3.0.8, unbreak with utmpx.

Feature safe: Yes

Update to 3.0.3, a bugfix release.

Feature safe:   yes

Update to 3.0.2 - minor bugfixes.

Update to 3.0.1.

Feature safe:   yes

Update to 3.0.0a.

Update to 2.8.6.

Update to 2.8.5.

Update to 2.8.4.

Update to 2.8.3a.

Update to 2.8.1. Bugfixes, IPv6.

Update to 2.7.2.

- Exclude from amd64/8 builds on pointyhat, where it mysteriously fails to link

Unbreak on 8.x, it builds just fine on amd64 here. If someone has a
specific OS version on which it will not, please let me know.

Update to 2.7.1.

Feature safe:   yes

Update to 2.7.0.

Update to 2.6.4.

- Mark BROKEN on HEAD: fails to build with new utmpx

Reported by:    pointyhat

Update to 2.6.1. From changelog:

 -  Logfile monitoring has been enhanced with three new features:
    (1) reporting on bursts of very similar/repeated messages
    (2) reporting on expected yet missing messages (e.g. heartbeat messages)
    (3) reporting on correlated events (e.g. event A is followed by event B
        within X seconds)

 -  Better caching of UIDs/GIDs to reduce lookups

 -  Hostnames of clients are matched case-insensitively now

Update to 2.6.0.

Update to 2.5.10, a bugfix release.

Feature safe:   yes

Update to 2.5.9.

Feature safe: yes

- Chase libprelude update

Feature safe:   yes

- Mark BROKEN on amd64/8

Reported by:    pointyhat

Update to 2.5.7, a bugfix release.

Update to 2.5.4, a security bugfix release. This resolves a problem
where an unauthorized client could download configuration and database
files from the server.

Full changes since 2.5.2:

 - email logging has been rewritten for enhanced functionality. It's
   now possible to filter messages different for each recipient, and
   regular expressions can be used now for filtering

 - new option SetMailPort allows to set a custom SMTP port

 - in the configuration file, option values can now be set by evaluating
   shell commands: Key = $( command )

 - PortCheckInterface now allows a list as value

 - new option SetConnectionTimeout allows to configure the client/server
   connection timeout

 - new option SetThrottle allows to configure throughput throttling for
   the database download to the client

- Chase security/libprelude shlib version bump

PR:             131286, 131585 (partial)
Submitted by:   Vladimir Korkodinov <viper at perm dot raid dot ru>

Update to 2.5.2.

Changes:

 -  On request, there is now a global option LooseDirCheck ([false]/true) to
    drop reports on directories with changes of size/mtime/ctime (resulting
    from changes within the directory)

 -  An option to improve hidden process detection from within an OpenVZ
    container has been added

 -  Port check now reports process pid, reporting to prelude is more
    complete now

 -  A bug has been fixed whereby for files larger than 2GB, a filesize of
    exactly 2GB could be inserted into the RDBMS (if logging to one)

Update to 2.5.1, which should really fix the amd64 build problems.

- Chase libprelude update

Forgotten by:   beech
Reported by:    pointyhat

Update to 2.5.0. Includes a new module for log file analysis, and should fix
build issues on 64 bit platforms.

- Mark BROKEN on amd64

Use -fPIC on amd64.

Submitted by:   QA Tindy

Update to 2.4.5. Only notable change on fbsd is the introduction of
the dnmalloc allocator.

Update dependency on libprelude.

PR:             123660
Submitted by:   Robin Gruyters <r.gruyters@yirdis.nl>

Update to 2.4.4. Fixes some bugs, and adds the ability to store full
file content for small files in the signature database itself.

Update to 2.4.2. This fixes a security issue where checksumming of the gpg
binary before execution did not function correctly.

Update to 2.4.1. Also fix a rather silly uninstall message, reported
by brd@.

Upgrade to 2.3.7, which fixes a Prelude integration bug.

Update to 2.3.6.

Chase libprelude version bump.

PR:             ports/116112
Submitted by:   Robin Gruyters <r.gruyters@yirdis.nl>
Approved by:    lx

- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
  supports them.  This is determined by running ``configure --help'' in
  do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
  which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
  Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
  PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
  subdirectory detection.

PR:             ports/111470
Approved by:    portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by:      pointyhat exp run

Update to 2.3.5.

- Update libprelude to 0.9.14.
- Update dependent ports accordingly.
- Bump PORTVERSION to force rebuild.

PR:             ports/112703
Submitted by:   Marcelo Araujo <araujo@FreeBSD.org>
Approved by:    stas (mentor)

Update to 2.3.4. This fixes a reliablility problem in the process check
module. If you are a user of this module, upgrading is recommended.

Approved by:    edwin (mentor)

Updating to 2.3.3.

Approved by:    edwin (mentor)

Update to 2.3.2, which fixes a regression in "stealth mode".

Approved by:    edwin (mentor)

Updating to 2.3.1.

Approved by:    edwin (mentor)

- update Prelude version
- bump PORTREVISION

PR:             ports/107985
Submitted by:   Robin Gruyters <r.gruyters at yirdis.nl>
Approved by:    edwin (mentor)

- Update to 0.9.11
- library version update of related ports

Changelog libprelude:
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
  considered public and might be used by external application. Rename
  error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
  number as the position of the element from the low level API now allow
  to position the element at the specified (reversed) index. Using the
  high level API a negative index permit to address a list of element
  backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
  (do it for both val1 and val2. Remove assertion, and let
  idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
  path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.

PR:             ports/104328
Submitted by:   maintainer (Robin Gruyters)
Approved by:    portmgr (pav)

- Update to 2.3.0

PR:             ports/105159
Submitted by:   David Thiel (maintainer)

- Update to 2.2.4

PR:             ports/102915
Submitted by:   David Thiel <lx at redundancy.redundancy.org> (maintainer)

Updating the Samhain HIDS to 2.2.1. This is a minor release which fixes
some issues with the Prelude IDS system and compilation on x86_64.

PR:             ports/99114
Submitted by:   maintainer

Fix build on 4.x

Reported by:    krismail

- Chase libprelude version
- Bump PORTREVISION

PR:             ports/96758, ports/96759, ports/96760
Submitted by:   maintainer

Updating the Samhain HIDS to 2.2.0. Changes since last version:
-  For files under the 'GrowingLogfiles' policy, the checksum is now
   verified up to the previous size.
-  Server-to-server relay is possible.
-  More user policies are available now.

PR:             ports/96643
Submitted by:   maintainer (David Thiel)

When yule is installed, add the yule user and group as well.  This is
especially useful for package users since they couldn't run the install-user
target.

PR:             ports/90305 (based on)
Submitted by:   David Thiel <lx@redundancy.redundancy.org> (maintainer)
Approved by:    maintainer timeout on feedback (3 months)
Committed from: Sydney Linux User Group codefest at UTS