security/crowdsec*: update to their latest releases

security/crowdsec:
- update to version 1.2.3

security/crowdsec-firewall-bouncer:
- update to version 0.0.20
- update pkg-message

Add log rotation to both ports, and other small improvements.

PR:             260262

7 files changed, 55 insertions, 29 deletions

diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile
index 36a868801a50..6f9b4c3b9649 100644
--- a/security/crowdsec-firewall-bouncer/Makefile
+++ b/security/crowdsec-firewall-bouncer/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	crowdsec-firewall-bouncer
-PORTVERSION=	0.0.17	# NOTE: change BUILD_VERSION and BUILD_TAG as well
+PORTVERSION=	0.0.20  # NOTE: change BUILD_VERSION and BUILD_TAG as well
 DISTVERSIONPREFIX=	v
 CATEGORIES=	security
 
@@ -19,6 +19,7 @@ RUN_DEPENDS=	crowdsec>0:security/crowdsec
 USE_GITHUB=	yes
 GH_ACCOUNT=	crowdsecurity
 GH_PROJECT=	cs-firewall-bouncer
+GH_TAGNAME=	v0.0.20-freebsd
 #GH_TAGNAME is automatically set from DISTVERSION
 
 USE_RC_SUBR=	crowdsec_firewall
@@ -28,14 +29,11 @@ SUB_FILES=	pkg-message \
 
 # BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
 # BUILD_TAG=$(git rev-parse HEAD)
-MAKE_ENV=	BUILD_VERSION="v0.0.17" \
-		BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3"
+MAKE_ENV=	BUILD_VERSION="v0.0.20" \
+		BUILD_TAG="a456a4debdf3d3551c89b8490bb942f626027310"
 
 ETCDIR=		${PREFIX}/etc/crowdsec/bouncers
 
-do-patch:
-	cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3
-
 post-patch:
 	${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
 		${WRKSRC}/config/crowdsec-firewall-bouncer.yaml
@@ -56,4 +54,10 @@ do-install:
 	${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \
 		${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample
 
+	#
+	# Log rotation
+	#
+
+	${INSTALL_DATA} ${FILESDIR}/crowdsec-firewall-bouncer.conf-newsyslog ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/crowdsec-firewall-bouncer.conf.sample
+
 .include <bsd.port.mk>
diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo
index 001ca177529b..1548b93d6c60 100644
--- a/security/crowdsec-firewall-bouncer/distinfo
+++ b/security/crowdsec-firewall-bouncer/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1637702397
-SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8
-SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037
+TIMESTAMP = 1640213523
+SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 95f8abf5f44e700e7f0a41edf5367715ce06918cb0de7a5d084bdca277563171
+SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 3018717
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog b/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog
new file mode 100644
index 000000000000..b26fae25b5ce
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog
@@ -0,0 +1,2 @@
+# logfilename				[owner:group]	mode	count	size(kb)	when	flags	[/pid_file]			[sig_num]
+/var/log/crowdsec-firewall-bouncer.log	root:wheel	644  	10	5120		*	JC	/var/run/crowdsec_firewall.pid
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
index ee3dcc9f7325..6a0f96f26f8f 100755
--- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # PROVIDE: crowdsec_firewall
-# REQUIRE: LOGIN DAEMON NETWORKING
+# REQUIRE: LOGIN DAEMON NETWORKING crowdsec
 # KEYWORD: shutdown
 #
 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
@@ -41,6 +41,15 @@ crowdsec_firewall_precmd() {
             fi
         fi
     fi
+
+    # needs real tabs
+    cat <<-EOT | /sbin/pfctl -f /dev/fd/0
+	table <crowdsec-blacklists> persist
+	table <crowdsec6-blacklists> persist
+	block drop in quick from <crowdsec-blacklists> to any
+	block drop in quick from <crowdsec6-blacklists> to any
+	EOT
+
 }
 
 crowdsec_firewall_start() {
diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile
index 6d9e9a2e2f42..df450e5e1b27 100644
--- a/security/crowdsec-firewall-bouncer/files/patch-Makefile
+++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile
@@ -1,11 +1,11 @@
---- Makefile.orig	2021-12-07 09:00:17 UTC
+--- Makefile.orig	2021-12-22 22:57:23 UTC
 +++ Makefile
-@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get
- BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)"
+@@ -11,7 +11,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l
  BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')"
  BUILD_TIMESTAMP=$(shell date +%F"_"%T)
--BUILD_TAG="$(shell git rev-parse HEAD)"
-+BUILD_TAG?="$(shell git rev-parse HEAD)"
- export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
+ BUILD_TAG?="$(shell git rev-parse HEAD)"
+-export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
++export LD_OPTS=-mod vendor -modcacherw --ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
  -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \
  -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.GoVersion=$(BUILD_GOVERSION)"
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in
index 3929d468efd0..8bcdc8d1d9d6 100644
--- a/security/crowdsec-firewall-bouncer/files/pkg-message.in
+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in
@@ -11,27 +11,35 @@ configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml
 In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need
 to check if you made any changes there.
 
-If it's the first time, you need to edit your Packet Filter configuration.
-Add the following in /etc/pf.conf to create the tables:
+This package depends on the Packet Filter service.
+To make sure it's active:
 
 ----------
-# create crowdsec ipv4 table
-table <crowdsec-blacklists> persist
+# sysrc pf_enable=YES
+pf_enable: NO -> YES
+# service pf start
+Enabling pf.
+----------
 
-# create crowdsec ipv6 table
-table <crowdsec6-blacklists> persist
+Then activate the bouncer via sysrc:
 
-block drop in quick from <crowdsec-blacklists> to any
-block drop in quick from <crowdsec6-blacklists> to any
+----------
+# sysrc crowdsec_firewall_enable="YES"
+crowdsec_firewall_enable: NO -> YES
+# service crowdsec_firewall start
 ----------
 
-To apply the file:
-
-# pfctl -f /etc/pf.conf
+After a few seconds, the bouncer should have created the tables and rules:
 
-Then activate the bouncer via sysrc:
+----------
+# pfctl -s Tables
+crowdsec-blacklists
+crowdsec6-blacklists
+# pfctl -s Tables -s rules
+block drop in quick from <crowdsec-blacklists> to any
+block drop in quick from <crowdsec6-blacklists> to any
+----------
 
-# sysrc crowdsec_firewall_enable="YES"
 EOM
 }
 ]
diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist
index 6a41287c1e57..ecbf8e901981 100644
--- a/security/crowdsec-firewall-bouncer/pkg-plist
+++ b/security/crowdsec-firewall-bouncer/pkg-plist
@@ -1,4 +1,7 @@
 @mode 0755
 bin/crowdsec-firewall-bouncer
+@dir etc/newsyslog.conf.d
 @mode 0600
 @sample %%ETCDIR%%/crowdsec-firewall-bouncer.yaml.sample
+@mode 0644
+@sample etc/newsyslog.conf.d/crowdsec-firewall-bouncer.conf.sample