svn commit: r341405 - head/security/strongswan
Renato Botelho
garga at FreeBSD.org
Wed Feb 12 12:06:55 UTC 2014
On 27-01-2014 11:35, Bernhard Froehlich wrote:
> Author: decke
> Date: Mon Jan 27 13:35:40 2014
> New Revision: 341405
> URL: http://svnweb.freebsd.org/changeset/ports/341405
> QAT: https://qat.redports.org/buildarchive/r341405/
>
> Log:
> - Update to 5.1.1
> - Added EAP dynamic proxy module
> - Added EAP Radius proxy authentication
> - Added DNSSEC/unbound support
> - Added kernel libipsec plugin
> - Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
> - Convert to new options format
>
> PR: ports/185535
> Submitted by: Francois ten Krooden <strongswan at nanoteq.com> (maintainer)
> Security: CVE-2013-5018
> Security: CVE-2013-6075
> Security: CVE-2013-6076
>
> Modified:
> head/security/strongswan/Makefile
> head/security/strongswan/distinfo
> head/security/strongswan/pkg-plist
>
> Modified: head/security/strongswan/Makefile
> ==============================================================================
> --- head/security/strongswan/Makefile Mon Jan 27 13:35:10 2014 (r341404)
> +++ head/security/strongswan/Makefile Mon Jan 27 13:35:40 2014 (r341405)
> @@ -2,8 +2,7 @@
> # $FreeBSD$
>
> PORTNAME= strongswan
> -PORTVERSION= 5.0.4
> -PORTREVISION= 1
> +PORTVERSION= 5.1.1
> CATEGORIES= security
> MASTER_SITES= http://download.strongswan.org/ \
> http://download2.strongswan.org/
> @@ -37,6 +36,7 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \
> --enable-blowfish \
> --enable-addrblock \
> --enable-whitelist \
> + --enable-cmd \
> --with-group=wheel \
> --with-lib-prefix=${PREFIX}
>
> @@ -44,38 +44,47 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \
> MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
> MAN8= ipsec.8 _updown.8 _updown_espmark.8
>
> -OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE
> +OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKEv1 \
> + IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \
> + TESTVECTOR UNBOUND XAUTH
> +OPTIONS_SUB= ${OPTIONS_DEFINE}
> CURL_DESC= Enable CURL to fetch CRL/OCSP
> EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend
> +EAPDYNAMIC_DESC= Enable EAP dynamic proxy module
> +EAPRADIUS_DESC= Enable EAP Radius proxy authentication
> EAPSIMFILE_DESC= Enable EAP SIM with file backend
> -IKEv1_DESC= Enable IKEv1 support (Experimental)
> -
> -NO_STAGE= yes
> -.include <bsd.port.options.mk>
> +IKEv1_DESC= Enable IKEv1 support
> +IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
> +KERNELLIBIPSEC_DESC= Enable IPSec userland backend
> +LOADTESTER_DESC= Enable load testing plugin
> +TESTVECTOR_DESC= Enable crypto test vectors
> +UNBOUND_DESC= Enable DNSSEC-enabled resolver
> +XAUTH_DESC= Enable XAuth password verification
>
> # Extra options
> -.if ${PORT_OPTIONS:MCURL}
> -CONFIGURE_ARGS+= --enable-curl
> -LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl
> -PLIST_SUB+= CURL=""
> -.else
> -PLIST_SUB+= CURL="@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MEAPSIMFILE}
> -CONFIGURE_ARGS+= --enable-eap-sim --enable-eap-sim-file
> -PLIST_SUB+= EAPSIMFILE=""
> -.else
> -PLIST_SUB+= EAPSIMFILE="@comment "
> -.endif
> +CURL_CONFIGURE_ON= --enable-curl
> +CURL_LIB_DEPENDS= curl:${PORTSDIR}/ftp/curl
> +EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2
> +EAPAKA3GPP2_LIB_DEPENDS=gmp:${PORTSDIR}/math/gmp
> +EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
> +EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
> +EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
> +IKEv1_CONFIGURE_OFF= --disable-ikev1
> +IPSECKEY_CONFIGURE_ON= --enable-ipseckey
> +KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec
> +LOADTESTER_CONFIGURE_ON=--enable-load-tester
> +LDAP_CONFIGURE_ON= --enable-ldap
> +LDAP_USE= USE_OPENLDAP=yes
> +MYSQL_CONFIGURE_ON= --enable-mysql
> +MYSQL_USE= USE_MYSQL=yes
> +SQLITE_CONFIGURE_ON= --enable-sqlite
> +SQLITE_LIB_DEPENDS= sqlite3:${PORTSDIR}/databases/sqlite3
> +TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
> +UNBOUND_CONFIGURE_ON= --enable-unbound
> +UNBOUND_LIB_DEPENDS= unbound:${PORTSDIR}/dns/unbound
> +XAUTH_CONFIGURE_ON= --enable-xauth-eap --enable-xauth-generic
>
> -.if ${PORT_OPTIONS:MEAPAKA3GPP2}
> -CONFIGURE_ARGS+= --enable-eap-aka --enable-eap-aka-3gpp2
> -LIB_DEPENDS+= gmp:${PORTSDIR}/math/gmp
> -PLIST_SUB+= EAPAKA3GPP2=""
> -.else
> -PLIST_SUB+= EAPAKA3GPP2="@comment "
> -.endif
> +.include <bsd.port.options.mk>
>
> .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
> PLIST_SUB+=SIMAKA=""
> @@ -83,37 +92,6 @@ PLIST_SUB+=SIMAKA=""
> PLIST_SUB+=SIMAKA="@comment "
> .endif
>
> -.if ${PORT_OPTIONS:MIKEv1}
> -PLIST_SUB+= IKEv1=""
> -.else
> -CONFIGURE_ARGS+= --disable-ikev1
> -PLIST_SUB+= IKEv1="@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MLDAP}
> -USE_OPENLDAP= yes
> -CONFIGURE_ARGS+= --enable-ldap
> -PLIST_SUB+= LDAP=""
> -.else
> -PLIST_SUB+= LDAP="@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MMYSQL}
> -CONFIGURE_ARGS+= --enable-mysql
> -USE_MYSQL= yes
> -PLIST_SUB+= MYSQL=""
> -.else
> -PLIST_SUB+= MYSQL="@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MSQLITE}
> -CONFIGURE_ARGS+= --enable-sqlite
> -LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3
> -PLIST_SUB+= SQLITE=""
> -.else
> -PLIST_SUB+= SQLITE="@comment "
> -.endif
> -
> .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
> CONFIGURE_ARGS+= --enable-attr-sql --enable-sql
> PLIST_SUB+= SQL=""
> @@ -121,11 +99,9 @@ PLIST_SUB+= SQL=""
> PLIST_SUB+= SQL="@comment "
> .endif
>
> -.include <bsd.port.pre.mk>
> -
> -# Requires FreeBSD 8 and above to work
> -.if ${OSVERSION} < 800000
> -IGNORE= requires at least FreeBSD 8.X
> -.endif
> +post-install:
> + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
> + ${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESDIR}
> + ${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR}
Just one more thing that I noted, it would be better to use
${INSTALL_DATA} here instead of ${MV}
--
Renato Botelho <garga @ FreeBSD.org>
<garga.bsd @ gmail.com>
GnuPG Key: http://www.FreeBSD.org/~garga/pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 924 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20140212/475c3354/attachment.sig>
More information about the svn-ports-head
mailing list