ports/183688: [maintainer update] security/strongswan 5.0.4 -> 5.1.1
Francois ten Krooden
strongswan at nanoteq.com
Tue Nov 5 17:50:01 UTC 2013
>Number: 183688
>Category: ports
>Synopsis: [maintainer update] security/strongswan 5.0.4 -> 5.1.1
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 05 17:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Francois ten Krooden
>Release: FreeBSD 9.2
>Organization:
Nanoteq
>Environment:
>Description:
Update port security/strongswan 5.0.4 -> 5.1.1
- Added EAP dynamic proxy module
- Added EAP Radius proxy authentication
- Added DNSSEC/unbound support
- Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: Makefile
===================================================================
--- Makefile (revision 332396)
+++ Makefile (working copy)
@@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= strongswan
-PORTVERSION= 5.0.4
-PORTREVISION= 1
+PORTVERSION= 5.1.1
+PORTREVISION= 0
CATEGORIES= security
MASTER_SITES= http://download.strongswan.org/ \
http://download2.strongswan.org/
@@ -37,6 +37,7 @@
--enable-blowfish \
--enable-addrblock \
--enable-whitelist \
+ --enable-cmd \
--with-group=wheel \
--with-lib-prefix=${PREFIX}
@@ -44,13 +45,21 @@
MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
MAN8= ipsec.8 _updown.8 _updown_espmark.8
-OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE
+OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE
+OPTIONS_DEFINE+= HA IKEv1 IPSECKEY LOADTESTER LDAP MYSQL SQLITE TESTVECTOR UNBOUND XAUTH
CURL_DESC= Enable CURL to fetch CRL/OCSP
EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend
+EAPDYNAMIC_DESC= Enable EAP dynamic proxy module
+EAPRADIUS_DESC= Enable EAP Radius proxy authentication
EAPSIMFILE_DESC= Enable EAP SIM with file backend
+HA_DESC= Enable high availability cluster
IKEv1_DESC= Enable IKEv1 support (Experimental)
+IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
+LOADTESTER_DESC= Enable load testing plugin
+TESTVECTOR_DESC= Enable crypto test vectors
+UNBOUND_DESC= Enable DNSSEC-enabled resolver
+XAUTH_DESC= Enable XAuth password verification
-NO_STAGE= yes
.include <bsd.port.options.mk>
# Extra options
@@ -83,6 +92,29 @@
PLIST_SUB+=SIMAKA="@comment "
.endif
+.if ${PORT_OPTIONS:MEAPDYNAMIC}
+CONFIGURE_ARGS+= --enable-eap-dynamic
+PLIST_SUB+= EAPDYNAMIC=""
+.else
+PLIST_SUB+= EAPDYNAMIC="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MEAPRADIUS}
+CONFIGURE_ARGS+= --enable-eap-radius
+PLIST_SUB+= EAPRADIUS=""
+PLIST_SUB+= RADIUS=""
+.else
+PLIST_SUB+= EAPRADIUS="@comment "
+PLIST_SUB+= RADIUS="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MHA}
+CONFIGURE_ARGS+= --enable-ha
+PLIST_SUB+= HA=""
+.else
+PLIST_SUB+= HA="@comment "
+.endif
+
.if ${PORT_OPTIONS:MIKEv1}
PLIST_SUB+= IKEv1=""
.else
@@ -98,6 +130,20 @@
PLIST_SUB+= LDAP="@comment "
.endif
+.if ${PORT_OPTIONS:MLOADTESTER}
+CONFIGURE_ARGS+= --enable-load-tester
+PLIST_SUB+= LOADTESTER=""
+.else
+PLIST_SUB+= LOADTESTER="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MIPSECKEY}
+CONFIGURE_ARGS+= --enable-ipseckey
+PLIST_SUB+= IPSECKEY=""
+.else
+PLIST_SUB+= IPSECKEY="@comment "
+.endif
+
.if ${PORT_OPTIONS:MMYSQL}
CONFIGURE_ARGS+= --enable-mysql
USE_MYSQL= yes
@@ -121,11 +167,31 @@
PLIST_SUB+= SQL="@comment "
.endif
-.include <bsd.port.pre.mk>
+.if ${PORT_OPTIONS:MUNBOUND}
+CONFIGURE_ARGS+= --enable-unbound
+LIB_DEPENDS+= unbound:${PORTSDIR}/dns/unbound
+PLIST_SUB+= UNBOUND=""
+.else
+PLIST_SUB+= UNBOUND="@comment "
+.endif
+.if ${PORT_OPTIONS:MTESTVECTOR}
+CONFIGURE_ARGS+= --enable-test-vectors
+PLIST_SUB+= TESTVECTOR=""
+.else
+PLIST_SUB+= TESTVECTOR="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MXAUTH}
+CONFIGURE_ARGS+= --enable-xauth-eap --enable-xauth-generic
+PLIST_SUB+= XAUTH=""
+.else
+PLIST_SUB+= XAUTH="@comment "
+.endif
+
# Requires FreeBSD 8 and above to work
.if ${OSVERSION} < 800000
IGNORE= requires at least FreeBSD 8.X
.endif
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Index: distinfo
===================================================================
--- distinfo (revision 332396)
+++ distinfo (working copy)
@@ -1,2 +1,2 @@
-SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
-SIZE (strongswan-5.0.4.tar.bz2) = 3412930
+SHA256 (strongswan-5.1.1.tar.bz2) = fbf2a668221fc4a36a34bdeac2dfeda25b96f572d551df022585177953622406
+SIZE (strongswan-5.1.1.tar.bz2) = 3673200
Index: files/patch-src__Makefile.am
===================================================================
--- files/patch-src__Makefile.am (revision 0)
+++ files/patch-src__Makefile.am (working copy)
@@ -0,0 +1,8 @@
+--- src.old/Makefile.am 2013-11-01 19:26:37.000000000 +0200
++++ src/Makefile.am 2013-11-01 20:37:18.000000000 +0200
+@@ -120,4 +120,4 @@
+
+ install-exec-local :
+ test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
+- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
++ test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf.sample" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf.sample || true
Property changes on: files/patch-src__Makefile.am
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: files/patch-src__Makefile.in
===================================================================
--- files/patch-src__Makefile.in (revision 0)
+++ files/patch-src__Makefile.in (working copy)
@@ -0,0 +1,11 @@
+--- src.old/Makefile.in 2013-11-01 19:26:37.000000000 +0200
++++ src/Makefile.in 2013-11-01 20:37:58.000000000 +0200
+@@ -737,7 +737,7 @@
+
+ install-exec-local :
+ test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
+- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
++ test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf.sample" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf.sample || true
+
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
Property changes on: files/patch-src__Makefile.in
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Index: files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in
===================================================================
--- files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in (revision 0)
+++ files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in (working copy)
@@ -0,0 +1,13 @@
+--- src.old/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2013-11-01 19:26:36.000000000 +0200
++++ src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2013-11-01 19:32:17.000000000 +0200
+@@ -790,6 +790,9 @@
+ /* {ENCR_DES_IV64, 0 }, */
+ {ENCR_DES, SADB_EALG_DESCBC },
+ {ENCR_3DES, SADB_EALG_3DESCBC },
++#ifdef SADB_X_EALG_CAMELLIACBC
++ {ENCR_CAMELLIA_CBC, SADB_X_EALG_CAMELLIACBC },
++#endif
+ /* {ENCR_RC5, 0 }, */
+ /* {ENCR_IDEA, 0 }, */
+ {ENCR_CAST, SADB_X_EALG_CASTCBC },
+
Property changes on: files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: files/patch-src__starter__Makefile.am
===================================================================
--- files/patch-src__starter__Makefile.am (revision 0)
+++ files/patch-src__starter__Makefile.am (working copy)
@@ -0,0 +1,8 @@
+--- src.old/starter/Makefile.am 2013-11-01 19:26:36.000000000 +0200
++++ src/starter/Makefile.am 2013-11-01 20:38:39.000000000 +0200
+@@ -54,4 +54,4 @@
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
++ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf.sample" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true
Property changes on: files/patch-src__starter__Makefile.am
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: files/patch-src__starter__Makefile.in
===================================================================
--- files/patch-src__starter__Makefile.in (revision 0)
+++ files/patch-src__starter__Makefile.in (working copy)
@@ -0,0 +1,11 @@
+--- src.old/starter/Makefile.in 2013-11-01 19:26:36.000000000 +0200
++++ src/starter/Makefile.in 2013-11-01 20:39:02.000000000 +0200
+@@ -794,7 +794,7 @@
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
++ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf.sample" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true
+
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
Property changes on: files/patch-src__starter__Makefile.in
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: pkg-plist
===================================================================
--- pkg-plist (revision 332396)
+++ pkg-plist (working copy)
@@ -1,5 +1,5 @@
-etc/ipsec.conf
-etc/strongswan.conf
+etc/ipsec.conf.sample
+etc/strongswan.conf.sample
lib/ipsec/libcharon.a
lib/ipsec/libcharon.la
lib/ipsec/libcharon.so
@@ -97,6 +97,9 @@
lib/ipsec/plugins/libstrongswan-pkcs8.a
lib/ipsec/plugins/libstrongswan-pkcs8.la
lib/ipsec/plugins/libstrongswan-pkcs8.so
+lib/ipsec/plugins/libstrongswan-pkcs12.a
+lib/ipsec/plugins/libstrongswan-pkcs12.la
+lib/ipsec/plugins/libstrongswan-pkcs12.so
lib/ipsec/plugins/libstrongswan-pubkey.a
lib/ipsec/plugins/libstrongswan-pubkey.la
lib/ipsec/plugins/libstrongswan-pubkey.so
@@ -103,6 +106,9 @@
lib/ipsec/plugins/libstrongswan-random.a
lib/ipsec/plugins/libstrongswan-random.la
lib/ipsec/plugins/libstrongswan-random.so
+lib/ipsec/plugins/libstrongswan-rc2.a
+lib/ipsec/plugins/libstrongswan-rc2.la
+lib/ipsec/plugins/libstrongswan-rc2.so
lib/ipsec/plugins/libstrongswan-resolve.a
lib/ipsec/plugins/libstrongswan-resolve.la
lib/ipsec/plugins/libstrongswan-resolve.so
@@ -118,6 +124,9 @@
lib/ipsec/plugins/libstrongswan-socket-default.a
lib/ipsec/plugins/libstrongswan-socket-default.la
lib/ipsec/plugins/libstrongswan-socket-default.so
+lib/ipsec/plugins/libstrongswan-sshkey.a
+lib/ipsec/plugins/libstrongswan-sshkey.la
+lib/ipsec/plugins/libstrongswan-sshkey.so
lib/ipsec/plugins/libstrongswan-stroke.a
lib/ipsec/plugins/libstrongswan-stroke.la
lib/ipsec/plugins/libstrongswan-stroke.so
@@ -141,6 +150,11 @@
libexec/ipsec/stroke
libexec/ipsec/whitelist
sbin/ipsec
+sbin/charon-cmd
+%%RADIUS%%lib/ipsec/libradius.a
+%%RADIUS%%lib/ipsec/libradius.la
+%%RADIUS%%lib/ipsec/libradius.so
+%%RADIUS%%lib/ipsec/libradius.so.0
%%SIMAKA%%lib/ipsec/libsimaka.a
%%SIMAKA%%lib/ipsec/libsimaka.la
%%SIMAKA%%lib/ipsec/libsimaka.so
@@ -154,6 +168,12 @@
%%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.a
%%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.la
%%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.so
+%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.a
+%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.la
+%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.so
+%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.a
+%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.la
+%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.so
%%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.a
%%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.la
%%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.so
@@ -163,9 +183,19 @@
%%CURL%%lib/ipsec/plugins/libstrongswan-curl.a
%%CURL%%lib/ipsec/plugins/libstrongswan-curl.la
%%CURL%%lib/ipsec/plugins/libstrongswan-curl.so
+%%HA%%lib/ipsec/plugins/libstrongswan-ha.a
+%%HA%%lib/ipsec/plugins/libstrongswan-ha.la
+%%HA%%lib/ipsec/plugins/libstrongswan-ha.so
%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a
%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la
%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so
+%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.a
+%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.la
+%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.so
+%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.a
+%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.la
+%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.so
+%%LOADTESTER%%libexec/ipsec/load-tester
%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a
%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la
%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so
@@ -182,6 +212,15 @@
%%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.a
%%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.la
%%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.so
+%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.a
+%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.la
+%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.so
+%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.a
+%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.la
+%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.so
+%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.a
+%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.la
+%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.so
@dirrm libexec/ipsec
@dirrm lib/ipsec/plugins
@dirrm lib/ipsec
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list