ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched

Bjoern A.Zeeb bzeeb+freebsd+ports at zabbadoz.net
Mon Nov 13 18:49:09 UTC 2006 

>Number:         105488
>Category:       ports
>Synopsis:       [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 13 18:40:12 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Bjoern A. Zeeb
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
Zabbadoz.NeT
>Environment:
	CURRENT that needs updating

>Description:
	ipsec-tools has a make config option to enable NAT-T support
        or leave it disabled.
	To be able to compile in NAT-T support  patched header files have to
	be installed to the system the port is build on.
	People enabling NAT-T support but not having installed the patched
	header files do not get NAT-T support and only a single line
	output from configure/autotools tells you about this so it is
	unlikely that anyone will ever notice.
	Usually people install ipsec-tools and wonder why NAT-T support
	is not working. We have already seen those problems on freebsd-net@
	for example.

>How-To-Repeat:
	turn on option NATT in make config compiling on an unpatched
	base system and look at the configure output or try to use the
	package with a patched kernel. There is no error message though
	you said "I want this to be on".

>Fix:
	If NATT is enabled in make config tell gnu configure that we really
	want it and not only optionally want it so the port will fail to
	build if no patched header files are available.

Index: Makefile
===================================================================
RCS file: /local/mirror/FreeBSD/r/pcvs/ports/security/ipsec-tools/Makefile,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile
--- Makefile    16 Jun 2006 16:02:54 -0000      1.13
+++ Makefile    13 Nov 2006 14:12:50 -0000
@@ -89,7 +89,7 @@ CONFIGURE_ARGS+=      --disable-dpd
 .endif
 
 .ifdef(WITH_NATT)
-CONFIGURE_ARGS+=       --enable-natt=kernel
+CONFIGURE_ARGS+=       --enable-natt=yes
 .else
 CONFIGURE_ARGS+=       --disable-natt
 .endif

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list