[Midnightbsd-cvs] mports [20696] trunk/security/vpnc: fixup
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Nov 8 10:48:26 EST 2015
Revision: 20696
http://svnweb.midnightbsd.org/mports/?rev=20696
Author: laffer1
Date: 2015-11-08 10:48:26 -0500 (Sun, 08 Nov 2015)
Log Message:
-----------
fixup
Modified Paths:
--------------
trunk/security/vpnc/Makefile
trunk/security/vpnc/files/patch-Makefile
trunk/security/vpnc/files/patch-sysdep.h
trunk/security/vpnc/files/patch-vpnc-script.in
trunk/security/vpnc/files/vpnc.in
trunk/security/vpnc/pkg-plist
Added Paths:
-----------
trunk/security/vpnc/files/patch-vpnc.c
Modified: trunk/security/vpnc/Makefile
===================================================================
--- trunk/security/vpnc/Makefile 2015-11-08 15:44:46 UTC (rev 20695)
+++ trunk/security/vpnc/Makefile 2015-11-08 15:48:26 UTC (rev 20696)
@@ -2,38 +2,42 @@
PORTNAME= vpnc
PORTVERSION= 0.5.3
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ \
- CRITICAL
+ FREEBSD_LOCAL/ehaupt
MAINTAINER= ports at MidnightBSD.org
COMMENT= Client for Cisco 3000 VPN Concentrator
-LICENSE= gpl2
+LIB_DEPENDS= libgcrypt.so:${PORTSDIR}/security/libgcrypt
+RUN_DEPENDS= vpnc-script:${PORTSDIR}/sysutils/vpnc-scripts
-LIB_DEPENDS= gcrypt:${PORTSDIR}/security/libgcrypt
-
-USE_GMAKE= yes
-USE_PERL5_BUILD=yes
+USES= shebangfix gmake perl5
+USE_PERL5= build
USE_RC_SUBR= vpnc
+LEGAL_TEXT= Redistribution is not allowed if linked against OpenSSL
+
ALL_TARGET= all
+SHEBANG_FILES= makeman.pl
PORTDOCS= README TODO
-MAN1= pcf2vpnc.1
-MAN8= vpnc.8
+MANPAGE8= vpnc.8
-OPTIONS+= DECRYPT "cisco-decypt password decrypt utility" on
-OPTIONS+= SSL "OpenSSL certificate support (hybrid only)" off
-OPTIONS+= CISCOVERSION "Mask linux presentation string" off
+MAKE_ENV+= BINS="${EXTRABUILDS}"
-MAKE_ENV+= LDFLAGS="${LDFLAGS}" BINS="${EXTRABUILDS}"
+OPTIONS_DEFINE= DECRYPT SSL CISCOVERSION DOCS
-.include <bsd.port.pre.mk>
+DECRYPT_DESC= cisco-decypt password decrypt utility
+CISCOVERSION_DESC= Mask linux presentation string
-.if defined(WITH_DECRYPT)
-MAN1= cisco-decrypt.1
+OPTIONS_DEFAULT=DECRYPT
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MDECRYPT}
+MANPAGE1= cisco-decrypt.1
EXTRABUILDS+= cisco-decrypt
PLIST_SUB+= DECRYPT=""
.else
@@ -40,38 +44,41 @@
PLIST_SUB+= DECRYPT="@comment "
.endif
-.if defined(WITH_SSL)
+.if ${PORT_OPTIONS:MSSL}
+NO_PACKAGE= binary linked against OpenSSL must not be redistributed
CFLAGS+= -DOPENSSL_GPL_VIOLATION
LDFLAGS+= -lcrypto
.endif
-.if defined(WITH_CISCOVERSION)
+.if ${PORT_OPTIONS:MCISCOVERSION}
CFLAGS+= -DCISCO_PATCH_VERSION
.endif
post-patch:
+.if ${OSVERSION} >= 1100042
+ @${REINPLACE_CMD} \
+ -e 's|.*%%FREEBSD_IPLEN_FIX%%.*|#define NEED_IPLEN_FIX 1|' \
+ ${WRKSRC}/sysdep.h
+.endif
@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/config.c
@${REINPLACE_CMD} -e 's|\(/etc/vpnc\)|${PREFIX}\1|' \
- ${WRKSRC}/${MAN8}.template
+ ${WRKSRC}/${MANPAGE8}.template
do-install:
- ${INSTALL_PROGRAM} -m 751 ${WRKSRC}/vpnc ${PREFIX}/sbin/vpnc
-.if defined(WITH_DECRYPT)
- ${INSTALL_PROGRAM} ${WRKSRC}/cisco-decrypt ${PREFIX}/bin
- ${INSTALL_MAN} ${WRKSRC}/${MAN1} ${MANPREFIX}/man/man1
+ ${INSTALL_PROGRAM} -m 751 ${WRKSRC}/vpnc ${STAGEDIR}${PREFIX}/sbin/vpnc
+.if ${PORT_OPTIONS:MDECRYPT}
+ ${INSTALL_PROGRAM} ${WRKSRC}/cisco-decrypt ${STAGEDIR}${PREFIX}/bin
+ ${INSTALL_MAN} ${WRKSRC}/${MANPAGE1} ${STAGEDIR}${MANPREFIX}/man/man1
.endif
- ${INSTALL_SCRIPT} ${WRKSRC}/pcf2vpnc ${PREFIX}/bin
- ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-script ${PREFIX}/sbin/vpnc-script
- ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-disconnect ${PREFIX}/sbin/vpnc-disconnect
- ${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${PREFIX}/etc/vpnc.conf.sample
-.if !exists(${PREFIX}/etc/vpnc.conf)
- ${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${PREFIX}/etc
+ ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-disconnect \
+ ${STAGEDIR}${PREFIX}/sbin/vpnc-disconnect
+ ${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf \
+ ${STAGEDIR}${PREFIX}/etc/vpnc.conf.sample
+.if !exists(${STAGEDIR}${PREFIX}/etc/vpnc.conf)
+ ${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${STAGEDIR}${PREFIX}/etc
.endif
- ${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MANPREFIX}/man/man8
+ ${INSTALL_MAN} ${WRKSRC}/${MANPAGE8} ${STAGEDIR}${MANPREFIX}/man/man8
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}
-.if !defined(NOPORTDOCS)
- ${MKDIR} ${DOCSDIR}
- @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
-.endif
-
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Modified: trunk/security/vpnc/files/patch-Makefile
===================================================================
--- trunk/security/vpnc/files/patch-Makefile 2015-11-08 15:44:46 UTC (rev 20695)
+++ trunk/security/vpnc/files/patch-Makefile 2015-11-08 15:48:26 UTC (rev 20696)
@@ -1,7 +1,7 @@
--- Makefile.orig 2008-11-19 21:36:12.000000000 +0100
+++ Makefile 2008-11-24 01:21:22.000000000 +0100
@@ -20,15 +20,15 @@
- # $Id: patch-Makefile,v 1.2 2010-01-02 22:48:26 laffer1 Exp $
+ # $Id: Makefile 312 2008-06-15 18:09:42Z Joerg Mayer $
DESTDIR=
-PREFIX=/usr/local
Modified: trunk/security/vpnc/files/patch-sysdep.h
===================================================================
--- trunk/security/vpnc/files/patch-sysdep.h 2015-11-08 15:44:46 UTC (rev 20695)
+++ trunk/security/vpnc/files/patch-sysdep.h 2015-11-08 15:48:26 UTC (rev 20696)
@@ -1,13 +1,31 @@
---- sysdep.h.orig 2009-03-25 03:28:26.000000000 -0400
-+++ sysdep.h 2009-03-25 03:29:18.000000000 -0400
-@@ -86,6 +86,10 @@
+--- sysdep.h.orig 2008-11-19 21:36:12.000000000 +0100
++++ sysdep.h 2015-03-03 21:35:27.443313082 +0100
+@@ -75,17 +75,20 @@
+ /***************************************************************************/
+ #if defined(__FreeBSD_kernel__)
+ #define HAVE_SA_LEN 1
++/* %%FREEBSD_IPLEN_FIX%% */
+ #endif
+
+ /***************************************************************************/
+ #if defined(__FreeBSD__)
+ #define HAVE_SA_LEN 1
++/* %%FREEBSD_IPLEN_FIX%% */
+
+ #define HAVE_VASPRINTF 1
+ #define HAVE_ASPRINTF 1
#define HAVE_FGETLN 1
#define HAVE_UNSETENV 1
#define HAVE_SETENV 1
-+#include <sys/param.h>
-+#if __FreeBSD_version >= 800067
-+#define HAVE_GETLINE 1
-+#endif
++#define HAVE_GETLINE 1
#endif
/***************************************************************************/
+@@ -97,6 +100,7 @@
+ #define HAVE_FGETLN 1
+ #define HAVE_UNSETENV 1
+ #define HAVE_SETENV 1
++#define HAVE_GETLINE 1
+ #endif
+
+ /***************************************************************************/
Modified: trunk/security/vpnc/files/patch-vpnc-script.in
===================================================================
--- trunk/security/vpnc/files/patch-vpnc-script.in 2015-11-08 15:44:46 UTC (rev 20695)
+++ trunk/security/vpnc/files/patch-vpnc-script.in 2015-11-08 15:48:26 UTC (rev 20696)
@@ -1,5 +1,5 @@
---- vpnc-script.in.orig 2008-11-24 00:18:37.000000000 +0100
-+++ vpnc-script.in 2008-11-24 00:21:54.000000000 +0100
+--- vpnc-script.in.orig 2008-11-19 21:55:51.000000000 +0100
++++ vpnc-script.in 2011-11-10 22:41:12.000000000 +0100
@@ -48,8 +48,8 @@
OS="`uname -s`"
@@ -11,7 +11,18 @@
FULL_SCRIPTNAME=@PREFIX@/sbin/vpnc
SCRIPTNAME=`basename $FULL_SCRIPTNAME`
-@@ -420,11 +420,13 @@
+@@ -73,7 +73,9 @@
+ route_syntax_netmask="-netmask"
+ fi
+
+-if [ -x /sbin/resolvconf ]; then # Optional tool on Debian, Ubuntu, Gentoo
++# Optional tool on Debian, Ubuntu, Gentoo. FreeBSD 9.0-RELEASE has a different,
++# incompatible /sbin/resolvconf implementation
++if [ -x /sbin/resolvconf ] && [ "$OS" = "Linux" ]; then
+ MODIFYRESOLVCONF=modify_resolvconf_manager
+ RESTORERESOLVCONF=restore_resolvconf_manager
+ elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
+@@ -420,11 +422,13 @@
fi
fi
elif [ "$OS" = "FreeBSD" ]; then
Added: trunk/security/vpnc/files/patch-vpnc.c
===================================================================
--- trunk/security/vpnc/files/patch-vpnc.c (rev 0)
+++ trunk/security/vpnc/files/patch-vpnc.c 2015-11-08 15:48:26 UTC (rev 20696)
@@ -0,0 +1,72 @@
+--- ./vpnc.c.orig 2011-02-25 20:17:00.000000000 +0100
++++ ./vpnc.c 2011-02-25 20:18:49.000000000 +0100
+@@ -2861,28 +2861,34 @@
+ free(dh_shared_secret);
+ free_isakmp_packet(r);
+
+- if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
+- s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
+- s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
+- s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
+- } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
+- s->esp_fd = s->ike_fd;
+- } else {
++ if (s->esp_fd == 0) {
++ if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
++ s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
++ s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
++ s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
++ } else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
++ s->esp_fd = s->ike_fd;
++ } else {
+ #ifdef IP_HDRINCL
+- int hincl = 1;
++ int hincl = 1;
+ #endif
+
+- s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
+- if (s->esp_fd == -1) {
+- close_tunnel(s);
+- error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
+- }
++ s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
++ if (s->esp_fd == -1) {
++ close_tunnel(s);
++ error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
++ }
++#ifdef FD_CLOEXEC
++ /* do not pass socket to vpnc-script, etc. */
++ fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
++#endif
+ #ifdef IP_HDRINCL
+- if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
+- close_tunnel(s);
+- error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
+- }
++ if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
++ close_tunnel(s);
++ error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++ }
+ #endif
++ }
+ }
+
+ s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1;
+@@ -3224,9 +3230,14 @@
+ */
+ /* FIXME: any cleanup needed??? */
+
+- free_isakmp_packet(r);
+- do_phase2_qm(s);
+- return;
++ if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) {
++ free_isakmp_packet(r);
++ do_phase2_qm(s);
++ return;
++ } else {
++ DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n"));
++ continue;
++ }
+ }
+ /* skip ipsec-esp delete */
+ if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) {
Property changes on: trunk/security/vpnc/files/patch-vpnc.c
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Modified: trunk/security/vpnc/files/vpnc.in
===================================================================
--- trunk/security/vpnc/files/vpnc.in 2015-11-08 15:44:46 UTC (rev 20695)
+++ trunk/security/vpnc/files/vpnc.in 2015-11-08 15:48:26 UTC (rev 20696)
@@ -21,10 +21,10 @@
: ${vpnc_conf_dir="%%PREFIX%%/etc"}
: ${vpnc_record="$vpnc_pid_dir/vpnc.record"}
-. %%RC_SUBR%%
+. /etc/rc.subr
name="vpnc"
-rcvar=`set_rcvar`
+rcvar=vpnc_enable
command="%%PREFIX%%/sbin/$name"
@@ -44,8 +44,9 @@
current="$vpnc_conf_dir/$config"
# Start vpnc.
- if ! $command --local-port 0 $current $vpnc_flags; then
- status=$?
+ $command --local-port 0 $current $vpnc_flags
+ status=$?
+ if [ $status -ne 0 ]; then
# VPNC does not print a newline after an error.
echo
echo "Running 'vpnc $current --local-port 0 $vpnc_flags' failed."
Modified: trunk/security/vpnc/pkg-plist
===================================================================
--- trunk/security/vpnc/pkg-plist 2015-11-08 15:44:46 UTC (rev 20695)
+++ trunk/security/vpnc/pkg-plist 2015-11-08 15:48:26 UTC (rev 20696)
@@ -1,8 +1,6 @@
-bin/pcf2vpnc
sbin/vpnc
-sbin/vpnc-script
sbin/vpnc-disconnect
+man/man8/vpnc.8.gz
%%DECRYPT%%bin/cisco-decrypt
- at unexec if cmp -s %D/etc/vpnc.conf %D/etc/vpnc.conf.sample; then rm -f %D/etc/vpnc.conf; fi
-etc/vpnc.conf.sample
- at exec [ -f %B/vpnc.conf ] || cp %B/%f %B/vpnc.conf
+%%DECRYPT%%man/man1/cisco-decrypt.1.gz
+ at sample etc/vpnc.conf.sample
More information about the Midnightbsd-cvs
mailing list