From nobody Tue Mar 19 14:23:54 2024 X-Original-To: dev-commits-ports-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TzYqv0SzNz5FRby; Tue, 19 Mar 2024 14:23:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TzYqt6bkkz49rq; Tue, 19 Mar 2024 14:23:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710858234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wo9SukKMhE9qBV6XhkCpLNlcJn3CoYClZHu5Ngd9IDI=; b=hbpiAFt4uEVBL5vBGkya8oKhCsDSRJ5qw7ljS2iwkwwaSlMv96st/tMYtmrEJJpjDMQov+ fwRP64Jib3JuIJDQ/f2Z33d1T22UcK/9qKA6whImuXxiu6DSabkHXX0eF7TgbcygZfmJf+ C1GVfjr2MTL8WtZ5a0sHnX6IKGJ4H52ScmlVgijpq2J44rci2V+c+mTYxGdcm5rEgtOsPh yJNW/uJmQ6Mf58NokLDjRgeOifcZsF1lr/oERfQBGHp46UFPao2QeMIFrLNJpOM8rBeX20 mHlVxxG94ctvFVdSXZi+RjtNupnsDWqHZsHd6lGRYZ28eCoShvT1gGGE6+hsIw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1710858234; a=rsa-sha256; cv=none; b=JRb0f4MNJeMOHV3Ccgl9t1DJtXhTIHvnDRp0/g3+z99qLlfLXZEp3d0zLxkMwu7+hii7Xa tZox3SjKd08dphQI9FVSfVu3uCH8VWSCP8DOkH9VhlCji7pbzWohRvAi8iAlM5MjuTD7TO 0jZSs4B9tUVGGIh/StIwjD714J/V8nW0xgUzCGO965qiFBZJ9BnaYjBT8OXFU1JgLw3rbu YrM5uzLz2NIJxAwXloLvepfaGBVyxY3l0glLlKgwfmLHvpVElXdZUsBnUlHf6edbOZsOX7 ZtIijruaXE3qSwwP9B8H6viMR+s4GjKBug863mx6tT57W4S4PbUtebEvtCwVoQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1710858234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wo9SukKMhE9qBV6XhkCpLNlcJn3CoYClZHu5Ngd9IDI=; b=aUK9V3hQKT42q/sPldTiieY5qS5eHh8mZ/hUGIoD4x5popDifZLE5tmShZ1NhAoCPUB86w jeR7ESKvWNTQmGz9h3jAO/l+AbSBzYCB07x8QOpytoPvmFgXYSCqAkqrC1vuDDrmNaq1c9 A3xByeJm11r0QxGtjK4UwwgtDWguE+t0o+cGbbTGM1QXAB6FRQmwBJ7nk+A8qfoDRAyD+T q2P0+ovRYACWUap0pzGcz09RzaQ9GijlyRSVLKCMOHJNJCp7wcYr9TTvz9IJkCkkwZKkxd y4MpEAwwBUcWfvc4o5jpSZpD4oiqRBpwQgwWndSYHPJvh3af7WIE+Z5/2r/hgQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TzYqt6C5xz194F; Tue, 19 Mar 2024 14:23:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42JENsno083925; Tue, 19 Mar 2024 14:23:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42JENsNx083922; Tue, 19 Mar 2024 14:23:54 GMT (envelope-from git) Date: Tue, 19 Mar 2024 14:23:54 GMT Message-Id: <202403191423.42JENsNx083922@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Robert Clausecker Subject: git: 5ee0dd0975c3 - 2024Q1 - security/crowdsec-firewall-bouncer: fix file quoting List-Id: Commits to the quarterly branches of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-branches@freebsd.org X-BeenThere: dev-commits-ports-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fuz X-Git-Repository: ports X-Git-Refname: refs/heads/2024Q1 X-Git-Reftype: branch X-Git-Commit: 5ee0dd0975c31e9b0a705766c030d4741ca5c47c Auto-Submitted: auto-generated The branch 2024Q1 has been updated by fuz: URL: https://cgit.FreeBSD.org/ports/commit/?id=5ee0dd0975c31e9b0a705766c030d4741ca5c47c commit 5ee0dd0975c31e9b0a705766c030d4741ca5c47c Author: marco AuthorDate: 2024-01-03 12:03:52 +0000 Commit: Robert Clausecker CommitDate: 2024-03-19 14:23:29 +0000 security/crowdsec-firewall-bouncer: fix file quoting When the api key contains a '/' character, if the yaml field is not quoted it will include the comment as well. fix: quote the field and remove the comment with the bouncer name. PR: 276096 MFH: 2024Q1 (cherry picked from commit 7873631186c85b4d5bdcffa307f9dd49155c36c0) --- security/crowdsec-firewall-bouncer/Makefile | 2 +- security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index 1c8190e6538d..021a2a0f7078 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -1,5 +1,5 @@ PORTNAME= crowdsec-firewall-bouncer -PORTREVISION= 2 +PORTREVISION= 4 DISTVERSIONPREFIX= v DISTVERSION= 0.0.28 CATEGORIES= security diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in index 78fed46c27f2..47c4c25cfae1 100644 --- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in +++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in @@ -49,7 +49,7 @@ crowdsec_firewall_precmd() { # THEN, register it to the local API API_KEY=$($CSCLI bouncers add "${crowdsec_firewall_name}" -o raw) if [ -n "$API_KEY" ]; then - sed -i "" "s|^${orig_line}|api_key: ${API_KEY} # ${crowdsec_firewall_name}|" "${crowdsec_firewall_config}" + sed -i "" "s|^${orig_line}|api_key: '${API_KEY}'|" "${crowdsec_firewall_config}" echo "Registered: ${crowdsec_firewall_name}" fi fi @@ -85,6 +85,7 @@ crowdsec_firewall_stop() crowdsec_firewall_start() { # ensure we have a backend if the config file was not patched export BACKEND=pf + # shellcheck disable=SC2086 /usr/sbin/daemon -f -p "$pidfile" -t "$desc" -- \ "$command" -c "$crowdsec_firewall_config" ${crowdsec_firewall_flags} }