From 8ee2ac9ef394b2e66e154e9cbc4f5d06d9458427 Mon Sep 17 00:00:00 2001
From: Max Laier <mlaier@FreeBSD.org>
Date: Wed, 23 Jun 2004 01:32:28 +0000
Subject: [PATCH] Add "privsep" user/group _pflogd:_pflogd (64:64) to make
 pflogd(8) work again. This user/group is not required for install* targets,
 hence do not add them to CHECK_UIDS/CHECK_GIDS in Makefile.inc1 (no need to
 annoy people).

Discussed-on:	-current
---
 UPDATING          | 6 ++++++
 etc/group         | 1 +
 etc/master.passwd | 1 +
 3 files changed, 8 insertions(+)

diff --git a/UPDATING b/UPDATING
index db4e23fdd699..401e4903c1de 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 5.x IS SLOW:
 	developers choose to disable these features on build machines
 	to maximize performance.
 
+20040623:
+	pf was updated to OpenBSD-stable 3.5 and pflogd(8) is priviledge
+	separated now. It uses the newly created "_pflogd" user/group
+	combination. If you plan to use pflogd(8) make sure to run
+	mergemaster -p or install the "_pflogd" user and group manually.
+
 20040622:
 	Network interface cloning has been overhauled.  This change will
 	require a recompile of modules using cloning and modification of
diff --git a/etc/group b/etc/group
index e2672a32298c..9337ab7f4adb 100644
--- a/etc/group
+++ b/etc/group
@@ -19,6 +19,7 @@ guest:*:31:
 bind:*:53:
 proxy:*:62:
 authpf:*:63:
+_pflogd:*:64:
 uucp:*:66:
 dialer:*:68:
 network:*:69:
diff --git a/etc/master.passwd b/etc/master.passwd
index 0511b910f87d..f9b869ccad44 100644
--- a/etc/master.passwd
+++ b/etc/master.passwd
@@ -15,6 +15,7 @@ smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/no
 mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
 bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
 proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
+_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/sbin/nologin
 uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
 pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
 www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin