portsentry: add update candidate for security/portsentry

[Thomas Klausner (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Thomas Klausner <wiz%NetBSD.org@localhost>
Pushed By:	wiz
Date:		Tue Jun 24 09:57:35 2025 +0200
Changeset:	37b62aa9cb265f079868fae815a1c147a69c001d

Modified Files:
	Makefile
Added Files:
	portsentry/DESCR
	portsentry/Makefile
	portsentry/PLIST
	portsentry/TODO
	portsentry/distinfo
	portsentry/patches/patch-CMakeLists.txt

Log Message:
portsentry: add update candidate for security/portsentry

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=37b62aa9cb265f079868fae815a1c147a69c001d

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 Makefile                                |  1 +
 portsentry/DESCR                        | 22 +++++++++++++++++
 portsentry/Makefile                     | 42 +++++++++++++++++++++++++++++++++
 portsentry/PLIST                        |  4 ++++
 portsentry/TODO                         |  1 +
 portsentry/distinfo                     |  6 +++++
 portsentry/patches/patch-CMakeLists.txt | 15 ++++++++++++
 7 files changed, 91 insertions(+)

diffs:
diff --git a/Makefile b/Makefile
index 9632804502..24e7adfe15 100644
--- a/Makefile
+++ b/Makefile
@@ -3274,6 +3274,7 @@ SUBDIR+=	portaudio
 SUBDIR+=	portfwd
 SUBDIR+=	portmidi
 SUBDIR+=	portscout
+SUBDIR+=	portsentry
 SUBDIR+=	posh
 SUBDIR+=	postal2-mpdemo-bin
 SUBDIR+=	postfix-logwatch
diff --git a/portsentry/DESCR b/portsentry/DESCR
new file mode 100644
index 0000000000..a64fba11c2
--- /dev/null
+++ b/portsentry/DESCR
@@ -0,0 +1,22 @@
+PortSentry is designed to detect and respond to port scans against a
+target host in real-time.  Some of the more useful features include:
+
++ Runs on TCP and UDP sockets to detect port scans against your
+system.  PortSentry is configurable to run on multiple sockets at the
+same time so you only need to start one copy to cover dozens of
+tripwired services.
++ PortSentry will react to a port scan attempt by blocking the host in
+real-time.  This is done through configured options of either dropping
+the local route back to the attacker, using the Linux ipfwadm/ipchains
+command, *BSD ipfw command, and/or dropping the attacker host IP into
+a TCP Wrappers hosts.deny file automatically.
++ PortSentry has an internal state engine to remember hosts that
+connected previously.  This allows the setting of a trigger value to
+prevent false alarms and detect "random" port probing.
++ PortSentry will report all violations to the local or remote syslog
+daemons indicating the system name, time of attack, attacking host IP
+and the TCP or UDP port a connection attempt was made to.  When used
+in conjunction with Logcheck it will provide an alert to
+administrators through e-mail.
++ Once a scan is detected your system will turn into a blackhole and
+disappear from the attacker.  This feature stops most attacks cold.
diff --git a/portsentry/Makefile b/portsentry/Makefile
new file mode 100644
index 0000000000..62bbd7e96c
--- /dev/null
+++ b/portsentry/Makefile
@@ -0,0 +1,42 @@
+# $NetBSD: Makefile,v 1.21 2017/08/16 20:21:14 wiz Exp $
+
+DISTNAME=	portsentry-2.0.1-src
+PKGNAME=	${DISTNAME:S/-src//}
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_GITHUB:=portsentry/}
+GITHUB_RELEASE=	v${PKGVERSION_NOREV}
+EXTRACT_SUFX=	.tar.xz
+
+MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=	https://github.com/portsentry/portsentry
+COMMENT=	Detects and respond to port scans against a target host in real-time
+LICENSE=	cpl-1.0
+
+USE_LANGUAGES=	c c++
+
+CMAKE_CONFIGURE_ARGS+=		-DCONFIG_FILE=\"${PKG_SYSCONFDIR}/portsentry.conf\"
+CMAKE_CONFIGURE_ARGS+=		-DWRAPPER_HOSTS_DENY=\"/etc/hosts.deny\"
+# ".." because this package sets PKG_SYSCONFSUBDIR
+CMAKE_CONFIGURE_ARGS.SunOS+=	-DWRAPPER_HOSTS_DENY=\"${PKG_SYSCONFDIR}/../hosts.deny\"
+
+EGDIR=		${PREFIX}/share/examples/portsentry
+CONF_FILES=	${EGDIR}/portsentry.conf ${PKG_SYSCONFDIR}/portsentry.conf
+CONF_FILES+=	${EGDIR}/portsentry.ignore ${PKG_SYSCONFDIR}/portsentry.ignore
+
+MAKE_DIRS+=	${PKG_SYSCONFDIR}/${PKG_SYSCONFSUBDIR}
+
+PKG_SYSCONFSUBDIR=	portsentry
+
+INSTALLATION_DIRS+=	${EGDIR}
+
+SUBST_CLASSES+=		prefix
+SUBST_SED.prefix+=	-e "s,/etc/portsentry,${PKG_SYSCONFDIR},"
+SUBST_FILES.prefix+=	examples/portsentry.conf
+SUBST_MESSAGE.prefix=	Fixing path to config file.
+SUBST_STAGE.prefix=	post-build
+
+post-install:
+	${MV} ${DESTDIR}${PKG_SYSCONFDIR}/portsentry.* ${DESTDIR}${EGDIR}
+
+.include "../../devel/cmake/build.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/portsentry/PLIST b/portsentry/PLIST
new file mode 100644
index 0000000000..55feb64012
--- /dev/null
+++ b/portsentry/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.4 2009/06/14 18:13:36 joerg Exp $
+sbin/portsentry
+share/examples/portsentry/portsentry.conf
+share/examples/portsentry/portsentry.ignore
diff --git a/portsentry/TODO b/portsentry/TODO
new file mode 100644
index 0000000000..8c1ff050c4
--- /dev/null
+++ b/portsentry/TODO
@@ -0,0 +1 @@
+When this survives testing, replace security/portsentry with this.
diff --git a/portsentry/distinfo b/portsentry/distinfo
new file mode 100644
index 0000000000..5f1c3a08a8
--- /dev/null
+++ b/portsentry/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.11 2021/10/26 11:17:39 nia Exp $
+
+BLAKE2s (portsentry-2.0.1-src.tar.xz) = 502358ee2ffc0fcb48803b051f7072da6d1b01c0280f60576d5efd0034da8153
+SHA512 (portsentry-2.0.1-src.tar.xz) = f94e1aba250104c4513ea0964c0470b60d3b761069342835bd521a1e2ebefdfe48d01acfee832da20a9c56e6b3610146c0c37eae357ca5ed1aa61d19f640f037
+Size (portsentry-2.0.1-src.tar.xz) = 138376 bytes
+SHA1 (patch-CMakeLists.txt) = 2d29551c44e78ea319aa82cf68d05002525d0cf3
diff --git a/portsentry/patches/patch-CMakeLists.txt b/portsentry/patches/patch-CMakeLists.txt
new file mode 100644
index 0000000000..a91ed81fea
--- /dev/null
+++ b/portsentry/patches/patch-CMakeLists.txt
@@ -0,0 +1,15 @@
+$NetBSD$
+
+${PREFIX} (/usr) is default, don't add it.
+
+--- CMakeLists.txt.orig	2025-06-24 07:38:52.887363491 +0000
++++ CMakeLists.txt
+@@ -63,7 +63,7 @@ if (USE_PCAP)
+ endif()
+ 
+ # INSTALL TARGETS for portsentry program
+-install(TARGETS portsentry DESTINATION usr/sbin)
++install(TARGETS portsentry DESTINATION sbin)
+ install(FILES examples/portsentry.conf DESTINATION etc/portsentry)
+ install(FILES examples/portsentry.ignore DESTINATION etc/portsentry)
+