svn commit: r341405 - head/security/strongswan
Bernhard Fröhlich
decke at FreeBSD.org
Fri Feb 14 14:38:04 UTC 2014
On Wed, Feb 12, 2014 at 1:06 PM, Renato Botelho <garga at freebsd.org> wrote:
> On 27-01-2014 11:35, Bernhard Froehlich wrote:
>> Author: decke
>> Date: Mon Jan 27 13:35:40 2014
>> New Revision: 341405
>> URL: http://svnweb.freebsd.org/changeset/ports/341405
>> QAT: https://qat.redports.org/buildarchive/r341405/
>>
>> Log:
>> - Update to 5.1.1
>> - Added EAP dynamic proxy module
>> - Added EAP Radius proxy authentication
>> - Added DNSSEC/unbound support
>> - Added kernel libipsec plugin
>> - Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
>> - Convert to new options format
>>
>> PR: ports/185535
>> Submitted by: Francois ten Krooden <strongswan at nanoteq.com> (maintainer)
>> Security: CVE-2013-5018
>> Security: CVE-2013-6075
>> Security: CVE-2013-6076
>>
>> Modified:
>> head/security/strongswan/Makefile
>> head/security/strongswan/distinfo
>> head/security/strongswan/pkg-plist
>>
>> Modified: head/security/strongswan/Makefile
>> ==============================================================================
>> --- head/security/strongswan/Makefile Mon Jan 27 13:35:10 2014 (r341404)
>> +++ head/security/strongswan/Makefile Mon Jan 27 13:35:40 2014 (r341405)
>> @@ -2,8 +2,7 @@
>> # $FreeBSD$
>>
>> PORTNAME= strongswan
>> -PORTVERSION= 5.0.4
>> -PORTREVISION= 1
>> +PORTVERSION= 5.1.1
>> CATEGORIES= security
>> MASTER_SITES= http://download.strongswan.org/ \
>> http://download2.strongswan.org/
>> @@ -37,6 +36,7 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \
>> --enable-blowfish \
>> --enable-addrblock \
>> --enable-whitelist \
>> + --enable-cmd \
>> --with-group=wheel \
>> --with-lib-prefix=${PREFIX}
>>
>> @@ -44,38 +44,47 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \
>> MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
>> MAN8= ipsec.8 _updown.8 _updown_espmark.8
>>
>> -OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE
>> +OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKEv1 \
>> + IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \
>> + TESTVECTOR UNBOUND XAUTH
>> +OPTIONS_SUB= ${OPTIONS_DEFINE}
>> CURL_DESC= Enable CURL to fetch CRL/OCSP
>> EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend
>> +EAPDYNAMIC_DESC= Enable EAP dynamic proxy module
>> +EAPRADIUS_DESC= Enable EAP Radius proxy authentication
>> EAPSIMFILE_DESC= Enable EAP SIM with file backend
>> -IKEv1_DESC= Enable IKEv1 support (Experimental)
>> -
>> -NO_STAGE= yes
>> -.include <bsd.port.options.mk>
>> +IKEv1_DESC= Enable IKEv1 support
>> +IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
>> +KERNELLIBIPSEC_DESC= Enable IPSec userland backend
>> +LOADTESTER_DESC= Enable load testing plugin
>> +TESTVECTOR_DESC= Enable crypto test vectors
>> +UNBOUND_DESC= Enable DNSSEC-enabled resolver
>> +XAUTH_DESC= Enable XAuth password verification
>>
>> # Extra options
>> -.if ${PORT_OPTIONS:MCURL}
>> -CONFIGURE_ARGS+= --enable-curl
>> -LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl
>> -PLIST_SUB+= CURL=""
>> -.else
>> -PLIST_SUB+= CURL="@comment "
>> -.endif
>> -
>> -.if ${PORT_OPTIONS:MEAPSIMFILE}
>> -CONFIGURE_ARGS+= --enable-eap-sim --enable-eap-sim-file
>> -PLIST_SUB+= EAPSIMFILE=""
>> -.else
>> -PLIST_SUB+= EAPSIMFILE="@comment "
>> -.endif
>> +CURL_CONFIGURE_ON= --enable-curl
>> +CURL_LIB_DEPENDS= curl:${PORTSDIR}/ftp/curl
>> +EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2
>> +EAPAKA3GPP2_LIB_DEPENDS=gmp:${PORTSDIR}/math/gmp
>> +EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
>> +EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
>> +EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
>> +IKEv1_CONFIGURE_OFF= --disable-ikev1
>> +IPSECKEY_CONFIGURE_ON= --enable-ipseckey
>> +KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec
>> +LOADTESTER_CONFIGURE_ON=--enable-load-tester
>> +LDAP_CONFIGURE_ON= --enable-ldap
>> +LDAP_USE= USE_OPENLDAP=yes
>> +MYSQL_CONFIGURE_ON= --enable-mysql
>> +MYSQL_USE= USE_MYSQL=yes
>> +SQLITE_CONFIGURE_ON= --enable-sqlite
>> +SQLITE_LIB_DEPENDS= sqlite3:${PORTSDIR}/databases/sqlite3
>> +TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
>> +UNBOUND_CONFIGURE_ON= --enable-unbound
>> +UNBOUND_LIB_DEPENDS= unbound:${PORTSDIR}/dns/unbound
>> +XAUTH_CONFIGURE_ON= --enable-xauth-eap --enable-xauth-generic
>>
>> -.if ${PORT_OPTIONS:MEAPAKA3GPP2}
>> -CONFIGURE_ARGS+= --enable-eap-aka --enable-eap-aka-3gpp2
>> -LIB_DEPENDS+= gmp:${PORTSDIR}/math/gmp
>> -PLIST_SUB+= EAPAKA3GPP2=""
>> -.else
>> -PLIST_SUB+= EAPAKA3GPP2="@comment "
>> -.endif
>> +.include <bsd.port.options.mk>
>>
>> .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
>> PLIST_SUB+=SIMAKA=""
>> @@ -83,37 +92,6 @@ PLIST_SUB+=SIMAKA=""
>> PLIST_SUB+=SIMAKA="@comment "
>> .endif
>>
>> -.if ${PORT_OPTIONS:MIKEv1}
>> -PLIST_SUB+= IKEv1=""
>> -.else
>> -CONFIGURE_ARGS+= --disable-ikev1
>> -PLIST_SUB+= IKEv1="@comment "
>> -.endif
>> -
>> -.if ${PORT_OPTIONS:MLDAP}
>> -USE_OPENLDAP= yes
>> -CONFIGURE_ARGS+= --enable-ldap
>> -PLIST_SUB+= LDAP=""
>> -.else
>> -PLIST_SUB+= LDAP="@comment "
>> -.endif
>> -
>> -.if ${PORT_OPTIONS:MMYSQL}
>> -CONFIGURE_ARGS+= --enable-mysql
>> -USE_MYSQL= yes
>> -PLIST_SUB+= MYSQL=""
>> -.else
>> -PLIST_SUB+= MYSQL="@comment "
>> -.endif
>> -
>> -.if ${PORT_OPTIONS:MSQLITE}
>> -CONFIGURE_ARGS+= --enable-sqlite
>> -LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3
>> -PLIST_SUB+= SQLITE=""
>> -.else
>> -PLIST_SUB+= SQLITE="@comment "
>> -.endif
>> -
>> .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
>> CONFIGURE_ARGS+= --enable-attr-sql --enable-sql
>> PLIST_SUB+= SQL=""
>> @@ -121,11 +99,9 @@ PLIST_SUB+= SQL=""
>> PLIST_SUB+= SQL="@comment "
>> .endif
>>
>> -.include <bsd.port.pre.mk>
>> -
>> -# Requires FreeBSD 8 and above to work
>> -.if ${OSVERSION} < 800000
>> -IGNORE= requires at least FreeBSD 8.X
>> -.endif
>> +post-install:
>> + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
>> + ${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESDIR}
>> + ${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR}
>
> Just one more thing that I noted, it would be better to use
> ${INSTALL_DATA} here instead of ${MV}
Thanks, I've fixed both in r344214.
--
Bernhard Froehlich
http://www.bluelife.at/
More information about the svn-ports-all
mailing list