misc/135274: New port: security/openconnect

Damian Gerow dgerow at afflictions.org
Fri Jun 5 04:30:05 UTC 2009 

>Number:         135274
>Category:       misc
>Synopsis:       New port: security/openconnect
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 05 04:30:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Damian Gerow
>Release:        8.0-CURRENT 800087
>Organization:
>Environment:
FreeBSD plebeian.afflictions.org 8.0-CURRENT FreeBSD 8.0-CURRENT #1: Tue May 19 21:10:28 EDT 2009     dgerow at plebeian.afflictions.org:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
A new port for OpenConnect, an open-source client for Cisco's AnyConnect SSL VPN.  Very similar to vpnc.

The only thing worth noting is the lack of DTLS support noted in pkg-message (and README.DTLS).
>How-To-Repeat:

>Fix:
See attached file 

Patch attached with submission follows:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	security/openconnect
#	security/openconnect/pkg-plist
#	security/openconnect/pkg-message
#	security/openconnect/pkg-descr
#	security/openconnect/Makefile
#	security/openconnect/distinfo
#
echo c - security/openconnect
mkdir -p security/openconnect > /dev/null 2>&1
echo x - security/openconnect/pkg-plist
sed 's/^X//' >security/openconnect/pkg-plist << '0685a92e1a8ecdffddd609a225763f6f'
Xbin/openconnect
X%%WITH_GUI%%libexec/nm-openconnect-auth-dialog
0685a92e1a8ecdffddd609a225763f6f
echo x - security/openconnect/pkg-message
sed 's/^X//' >security/openconnect/pkg-message << '216930bad5354752061aa706ed3cef97'
XCisco's implementation of the DTLS protocol unfortunately does not
Xcomply with the relevant standards.  OpenSSL must be patched to
Xprovide full compliance with their implementation, and due to the
Xolder release of OpenSSL in the FreeBSD base, there are additional
Xpatches that must be applied to achieve the same goal.  Though
XOpenConnect will still function, all traffic will be passed over
Xan HTTPS connection.  Should there be any packet loss on your
Xlink, your VPN connection will suffer greatly.
X
XMore information is included in README.DTLS.
216930bad5354752061aa706ed3cef97
echo x - security/openconnect/pkg-descr
sed 's/^X//' >security/openconnect/pkg-descr << '7bf82393a86585290984571f8fec4a99'
XOpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
Xsupported by IOS 12.4(9)T or later on Cisco SR500, 870, 880,
X1800, 2800, 3800, 7200 Series and Cisco 7301 Routers.
X
XLike vpnc, OpenConnect is not officially supported by, or
Xassociated in any way with, Cisco Systems. It just happens to
Xinteroperate with their equipment.
X
XWWW: http://www.infradead.org/openconnect.html
7bf82393a86585290984571f8fec4a99
echo x - security/openconnect/Makefile
sed 's/^X//' >security/openconnect/Makefile << '0acce8dae2cc43ab31a5f34c9ca58fe3'
X# New ports collection makefile for:	openconnect
X# Date created:				03 June 2009
X# Whom:					Damian Gerow
X#
X# $FreeBSD$
X#
X
XPORTNAME=	openconnect
XPORTVERSION=	2.00
XCATEGORIES=	security
XMASTER_SITES=	ftp://ftp.infradead.org/pub/openconnect/ \
X		CRITICAL
X
XMAINTAINER=	dgerow at afflictions.org
XCOMMENT=	A client for Cisco\'s AnyConnect SSL VPN
X
XLIB_DEPENDS=	xml2.5:${PORTSDIR}/textproc/libxml2
X
XUSE_GMAKE=	yes
XMAKE_JOBS_SAFE=	yes
XUSE_OPENSSL=	yes
XOPENSSL=	${OPENSSLBASE}
X
XMAN8=		openconnect.8
XPORTDOCS=	README.*
X
X.include <bsd.port.options.mk>
X
XOPTIONS+=	GUI      "Enable the OpenConnect configuration GUI"   off
X
X.include <bsd.port.pre.mk>
X
X.if !defined(WITHOUT_GUI)
XLIB_DEPENDS+=	gtk-x11-2.0.0:${PORTSDIR}/x11-toolkits/gtk20
XLIB_DEPENDS+=	gconf-2.4:${PORTSDIR}/devel/gconf2
XPLIST_SUB+=	WITH_GUI=""
X.else
XPLIST_SUB+=	WITH_GUI="@comment "
X.endif
X
Xdo-install:
X	${INSTALL_PROGRAM} -m 751 ${WRKSRC}/openconnect ${PREFIX}/bin/openconnect
X.if !defined(WITHOUT_GUI)
X	${INSTALL_PROGRAM} ${WRKSRC}/nm-openconnect-auth-dialog ${PREFIX}/libexec
X.endif
X	${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MANPREFIX}/man/man8
X
Xpost-install:
X.if !defined(NOPORTDOCS)
X	${MKDIR} ${DOCSDIR}
X	${INSTALL_MAN} ${WRKSRC}/README.DTLS ${DOCSDIR}
X	${INSTALL_MAN} ${WRKSRC}/README.SecurID ${DOCSDIR}
X.endif
X
X.include <bsd.port.post.mk>
0acce8dae2cc43ab31a5f34c9ca58fe3
echo x - security/openconnect/distinfo
sed 's/^X//' >security/openconnect/distinfo << 'fc2faf3dbe131c1b5252978507b19c0f'
XMD5 (openconnect-2.00.tar.gz) = a51aa4b05d0cc14b1d1c35b8f57f04fa
XSHA256 (openconnect-2.00.tar.gz) = 6089ace2f290f52fd680f4ccd20b17c970ac4849ba7d03ded22903efb56c50bb
XSIZE (openconnect-2.00.tar.gz) = 59993
fc2faf3dbe131c1b5252978507b19c0f
exit



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list