ports/156711: [maintainer update] Update security/strongswan
Riaan Kruger
riaank at gmail.com
Fri Apr 29 08:00:19 UTC 2011
>Number: 156711
>Category: ports
>Synopsis: [maintainer update] Update security/strongswan
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 29 08:00:18 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Riaan Kruger
>Release: 8.2
>Organization:
>Environment:
>Description:
Update secuirty/strongswan port from 4.4.0 to 4.5.1
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN strongswan.bak/Makefile strongswan/Makefile
--- strongswan.bak/Makefile 2010-12-04 09:33:31.000000000 +0200
+++ strongswan/Makefile 2011-04-18 13:39:52.668276991 +0200
@@ -5,7 +5,7 @@
# $FreeBSD: ports/security/strongswan/Makefile,v 1.2 2010/12/04 07:33:31 ade Exp $
PORTNAME= strongswan
-PORTVERSION= 4.4.0
+PORTVERSION= 4.5.1
CATEGORIES= security
MASTER_SITES= http://download.strongswan.org/ \
http://download2.strongswan.org/
@@ -14,7 +14,7 @@
COMMENT= Open Source IPSec-based VPN solution
LIB_DEPENDS= vstr:${PORTSDIR}/devel/vstr \
- gmp.10:${PORTSDIR}/math/gmp
+ gmp.10:${PORTSDIR}/math/gmp
USE_BZIP2= yes
@@ -24,24 +24,25 @@
CONFIGURE_ARGS= --enable-kernel-pfkey \
--enable-kernel-pfroute \
--disable-kernel-netlink \
- --enable-vstr \
--disable-tools \
--disable-scripts \
--disable-pluto \
--with-group=wheel \
+ --enable-gmp \
+ --enable-vstr \
--with-lib-prefix=${PREFIX}
-MAN3= anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 \
- initaddr.3 initsubnet.3 keyblobtoid.3 portof.3 prng.3 \
- rangetosubnet.3 sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 \
+MAN3= anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 \
+ initaddr.3 initsubnet.3 portof.3 rangetosubnet.3 \
+ sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 \
ttosa.3 ttoul.3
-MAN5= ipsec.conf.5
-MAN8= ipsec.8 starter.8 _copyright.8 _updown.8 _updown_espmark.8
+MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
+MAN8= ipsec.8 _updown.8 _updown_espmark.8
.include <bsd.port.pre.mk>
.if ${OSVERSION} < 800000
-IGNORE= requires at least FreeBSD 8.X
+IGNORE= Requires at least FreeBSD 8.X
.endif
.include <bsd.port.post.mk>
diff -ruN strongswan.bak/distinfo strongswan/distinfo
--- strongswan.bak/distinfo 2010-08-26 15:40:11.000000000 +0200
+++ strongswan/distinfo 2011-03-24 06:05:57.211226000 +0200
@@ -1,3 +1,2 @@
-MD5 (strongswan-4.4.0.tar.bz2) = bfb0f1c8ef1344e1ae8157bdde060fed
-SHA256 (strongswan-4.4.0.tar.bz2) = df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718
-SIZE (strongswan-4.4.0.tar.bz2) = 2863754
+SHA256 (strongswan-4.5.1.tar.bz2) = 252d7369d94aa2d79e6fad078853b07ca897ea811ab1e1a2b008bcec0d1e758a
+SIZE (strongswan-4.5.1.tar.bz2) = 3254264
diff -ruN strongswan.bak/files/patch-src__libcharon__bus__listeners__sys_logger.c strongswan/files/patch-src__libcharon__bus__listeners__sys_logger.c
--- strongswan.bak/files/patch-src__libcharon__bus__listeners__sys_logger.c 1970-01-01 02:00:00.000000000 +0200
+++ strongswan/files/patch-src__libcharon__bus__listeners__sys_logger.c 2011-03-24 07:51:01.240278000 +0200
@@ -0,0 +1,19 @@
+--- srcold/libcharon/bus/listeners/sys_logger.c 2011-03-10 20:50:01.000000000 +0200
++++ src/libcharon/bus/listeners/sys_logger.c 2011-03-10 20:53:59.000000000 +0200
+@@ -79,13 +79,15 @@
+ /* do a syslog with every line */
+ while (current)
+ {
++ char tmp[8192];
+ next = strchr(current, '\n');
+ if (next)
+ {
+ *(next++) = '\0';
+ }
+- syslog(this->facility|LOG_INFO, "%.2d[%N]%s %s\n",
++ snprintf(tmp, 8192, "%.2d[%N]%s %s\n",
+ thread, debug_names, group, namestr, current);
++ syslog(this->facility|LOG_INFO, tmp);
+ current = next;
+ }
+ }
diff -ruN strongswan.bak/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c
--- strongswan.bak/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c 2010-08-26 15:40:11.000000000 +0200
+++ strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c 1970-01-01 02:00:00.000000000 +0200
@@ -1,102 +0,0 @@
-diff -u -r srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
---- srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-03-19 17:56:54.000000000 +0200
-+++ src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-05-28 15:58:12.000000000 +0200
-@@ -600,17 +600,43 @@
- }
-
- /**
-- * add a host behind a sadb_address extension
-+ * Copy a host_t as sockaddr_t to the given memory location. Ports are
-+ * reset to zero as per RFC 2367.
-+ * @returns the number of bytes copied
- */
--static void host2ext(host_t *host, struct sadb_address *ext)
-+static size_t hostcpy(void *dest, host_t *host)
- {
-- sockaddr_t *host_addr = host->get_sockaddr(host);
-+ sockaddr_t *addr = host->get_sockaddr(host), *dest_addr = dest;
- socklen_t *len = host->get_sockaddr_len(host);
-+ memcpy(dest, addr, *len);
- #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
-- host_addr->sa_len = *len;
-+ dest_addr->sa_len = *len;
- #endif
-- memcpy((char*)(ext + 1), host_addr, *len);
-- ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len);
-+ switch (dest_addr->sa_family)
-+ {
-+ case AF_INET:
-+ {
-+ struct sockaddr_in *sin = dest;
-+ sin->sin_port = 0;
-+ break;
-+ }
-+ case AF_INET6:
-+ {
-+ struct sockaddr_in6 *sin6 = dest;
-+ sin6->sin6_port = 0;
-+ break;
-+ }
-+ }
-+ return *len;
-+}
-+
-+/**
-+ * add a host behind an sadb_address extension
-+ */
-+static void host2ext(host_t *host, struct sadb_address *ext)
-+{
-+ size_t len = hostcpy(ext + 1, host);
-+ ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + len);
- }
-
- /**
-@@ -1019,6 +1045,7 @@
- }
- #endif /*SADB_X_MIGRATE*/
-
-+#ifndef __FreeBSD__
- #ifdef HAVE_NATT
- /**
- * Process a SADB_X_NAT_T_NEW_MAPPING message from the kernel
-@@ -1076,6 +1103,7 @@
- }
- }
- #endif /*HAVE_NATT*/
-+#endif /*__FreeBSD__*/
-
- /**
- * Receives events from kernel
-@@ -1137,11 +1165,13 @@
- process_migrate(this, msg);
- break;
- #endif /*SADB_X_MIGRATE*/
-+#ifndef __FreeBSD__
- #ifdef HAVE_NATT
- case SADB_X_NAT_T_NEW_MAPPING:
- process_mapping(this, msg);
- break;
- #endif /*HAVE_NATT*/
-+#endif /*__FreeBSD__*/
- default:
- break;
- }
-@@ -1679,14 +1709,10 @@
- req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE;
- if (mode == MODE_TUNNEL)
- {
-- sockaddr_t *sa;
-- socklen_t sl;
-- sa = src->get_sockaddr(src);
-- sl = *src->get_sockaddr_len(src);
-- memcpy(req + 1, sa, sl);
-- sa = dst->get_sockaddr(dst);
-- memcpy((u_int8_t*)(req + 1) + sl, sa, sl);
-- req->sadb_x_ipsecrequest_len += sl * 2;
-+ len = hostcpy(req + 1, src);
-+ req->sadb_x_ipsecrequest_len += len;
-+ len = hostcpy((char*)(req + 1) + len, dst);
-+ req->sadb_x_ipsecrequest_len += len;
- }
-
- pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len);
diff -ruN strongswan.bak/pkg-plist strongswan/pkg-plist
--- strongswan.bak/pkg-plist 2010-08-26 15:40:11.000000000 +0200
+++ strongswan/pkg-plist 2011-03-24 08:20:56.930756000 +0200
@@ -25,6 +25,9 @@
libexec/ipsec/plugins/libstrongswan-des.a
libexec/ipsec/plugins/libstrongswan-des.la
libexec/ipsec/plugins/libstrongswan-des.so
+libexec/ipsec/plugins/libstrongswan-constraints.a
+libexec/ipsec/plugins/libstrongswan-constraints.la
+libexec/ipsec/plugins/libstrongswan-constraints.so
libexec/ipsec/plugins/libstrongswan-dnskey.a
libexec/ipsec/plugins/libstrongswan-dnskey.la
libexec/ipsec/plugins/libstrongswan-dnskey.so
@@ -70,6 +73,9 @@
libexec/ipsec/plugins/libstrongswan-sha2.a
libexec/ipsec/plugins/libstrongswan-sha2.la
libexec/ipsec/plugins/libstrongswan-sha2.so
+libexec/ipsec/plugins/libstrongswan-revocation.a
+libexec/ipsec/plugins/libstrongswan-revocation.la
+libexec/ipsec/plugins/libstrongswan-revocation.so
libexec/ipsec/plugins/libstrongswan-socket-default.a
libexec/ipsec/plugins/libstrongswan-socket-default.la
libexec/ipsec/plugins/libstrongswan-socket-default.so
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list