author: Volker Stolz <vs@FreeBSD.org> 2004-11-18 12:22:50 +0000
committer: Volker Stolz <vs@FreeBSD.org> 2004-11-18 12:22:50 +0000
commit: 7b7c507c614caf371b89ec608c8a87d4426df271 (patch)
tree: 21f476044df409268d2ee58945cb0b69acf26629 /security/vpnc
parent: 6124812a40d5040c8662e4d299c7794c864a861c (diff)
7 files changed, 185 insertions, 83 deletions
diff --git a/security/vpnc/Makefile b/security/vpnc/Makefile
index ebc82d3eae2f..15529ab9a5d2 100644
--- a/security/vpnc/Makefile
+++ b/security/vpnc/Makefile
@@ -6,12 +6,10 @@
 #
 
 PORTNAME=	vpnc
-PORTVERSION=	0.2
-PORTREVISION=	8
+PORTVERSION=	0.3.1
 CATEGORIES=	security
 MASTER_SITES=	http://www.unix-ag.uni-kl.de/~massar/vpnc/:source \
 	http://dragon.roe.ch/mirrors/distfiles/vpnc/:script
-DISTNAME=	${PORTNAME}-${PORTVERSION}-rm+zomb.1
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}:source ${STARTSCRIPT}:script
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
@@ -35,7 +33,7 @@ IGNORE=		"Crashes on startup"
 
 post-patch:
 	@${REINPLACE_CMD} -e \
-		's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/vpnc.c
+		's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/config.c
 	@${REINPLACE_CMD} -e \
 		's|%%CC%%|${CC}|;s|%%CFLAGS%%|${CFLAGS}|' \
 			${WRKSRC}/Makefile
diff --git a/security/vpnc/distinfo b/security/vpnc/distinfo
index c729191eee54..d1b420b4becc 100644
--- a/security/vpnc/distinfo
+++ b/security/vpnc/distinfo
@@ -1,4 +1,4 @@
-MD5 (vpnc-0.2-rm+zomb.1.tar.gz) = ded67de747874c4245ed8405146dc94a
-SIZE (vpnc-0.2-rm+zomb.1.tar.gz) = 54166
+MD5 (vpnc-0.3.1.tar.gz) = 02b814ee7bd5ff3f5a5535eff4e3387d
+SIZE (vpnc-0.3.1.tar.gz) = 56007
 MD5 (vpnc-wrapper-1.10) = 32c11fe4de7f0cda2fdfcc7dd2a40271
 SIZE (vpnc-wrapper-1.10) = 6414
diff --git a/security/vpnc/files/patch-config.c b/security/vpnc/files/patch-config.c
new file mode 100644
index 000000000000..3c88084fde07
--- /dev/null
+++ b/security/vpnc/files/patch-config.c
@@ -0,0 +1,13 @@
+--- config.c.dist	Wed Nov 17 15:07:24 2004
++++ config.c	Wed Nov 17 15:07:33 2004
+@@ -479,8 +479,8 @@
+ 		}
+ 	}
+ 
+-	read_config_file("/etc/vpnc/default.conf", config, 1);
+-	read_config_file("/etc/vpnc.conf", config, 1);
++	read_config_file("%%PREFIX%%/etc/vpnc/default.conf", config, 1);
++	read_config_file("%%PREFIX%%/etc/vpnc.conf", config, 1);
+ 
+ 	if (!print_config) {
+ 		for (i = 0; config_names[i].name != NULL; i++)
diff --git a/security/vpnc/files/patch-sysdep.h b/security/vpnc/files/patch-sysdep.h
new file mode 100644
index 000000000000..b5b236b1d777
--- /dev/null
+++ b/security/vpnc/files/patch-sysdep.h
@@ -0,0 +1,10 @@
+--- sysdep.h.dist	Wed Nov 17 16:37:52 2004
++++ sysdep.h	Wed Nov 17 16:37:37 2004
+@@ -1,6 +1,7 @@
+ #ifndef __SYSDEP_H__
+ #define __SYSDEP_H__
+ 
++#include <sys/types.h>
+ #include <netinet/in.h>
+
+ int tun_open(char *dev);
diff --git a/security/vpnc/files/patch-tunip.c b/security/vpnc/files/patch-tunip.c
new file mode 100644
index 000000000000..20cf33701117
--- /dev/null
+++ b/security/vpnc/files/patch-tunip.c
@@ -0,0 +1,26 @@
+Index: tunip.c
+===================================================================
+--- tunip.c	(revision 35)
++++ tunip.c	(working copy)
+@@ -596,10 +596,6 @@
+ 	/* Fill non-mutable fields */
+ 	ip->ip_v = IPVERSION;
+ 	ip->ip_hl = 5;
+-	ip->ip_len = encap->buflen + (peer->remote_sa->md_algo? 12 :0);
+-#ifdef NEED_IPLEN_FIX
+-	ip->ip_len = htons(ip->ip_len);
+-#endif
+ 	/*gcry_md_get_algo_dlen(md_algo); see RFC .. only use 96 bit */
+ 	ip->ip_id = htons(ip_id++);
+ 	ip->ip_p = IPPROTO_ESP;
+@@ -614,6 +610,10 @@
+ 
+ 	encap_esp_encapsulate(encap, peer);
+ 
++	ip->ip_len = encap->buflen;
++#ifdef NEED_IPLEN_FIX
++	ip->ip_len = htons(ip->ip_len);
++#endif
+ 	ip->ip_sum = in_cksum((u_short *) encap->buf, sizeof(struct ip));
+ 
+ 	sent = sendto(encap->fd, encap->buf, encap->buflen, 0,
diff --git a/security/vpnc/files/patch-vpnc.8 b/security/vpnc/files/patch-vpnc.8
index d288151b0c5d..091df862922e 100644
--- a/security/vpnc/files/patch-vpnc.8
+++ b/security/vpnc/files/patch-vpnc.8
@@ -1,13 +1,49 @@
---- vpnc.8.orig	Fri May 14 00:27:57 2004
-+++ vpnc.8	Fri May 14 00:53:08 2004
-@@ -1,4 +1,5 @@
+--- vpnc.8.dist	Wed Nov 17 15:19:42 2004
++++ vpnc.8	Wed Nov 17 15:20:40 2004
+@@ -1,18 +1,45 @@
 -.TH "VPNC" "8" "13 Mai 2004" "Debian" "vpnc"
 +.\" groff -man -Tascii vpnc.8
 +.TH "VPNC" "8" "Mai 2004" "FreeBSD" "vpnc"
  
  .SH NAME
- vpnc \- client for cisco3000 VPN Concentrator
-@@ -36,10 +37,6 @@
+-vpnc \- client for Cisco VPN3000 Concentrator, IOS and PIX
++vpnc \- client for cisco3000 VPN Concentrator
+ .SH SYNOPSIS
+ 
+-see
+-.B vpnc  \-\-long\-help
++.B vpnc  [ \-\-gateway 
++.I <IP or hostname>
++.B ] [ \-\-id
++.I <IPSec group Id>
++.B ] [ \-\-username
++.I <user name>
++.B ] [ \-\-script 
++.I <command>
++.B ] [ \-\-domain
++.I <domain name>
++.B ] [ \-\-dh
++.I <dh1/dh2/dh5>
++.B ] [ \-\-pfs
++.I <nopfs/dh1/dh2/dh5/server>
++.B ] [ \-\-enable-1des 
++.B ] [ \-\-application-version 
++.I <version string>
++.B ] [ \-\-ifname 
++.I <interface>
++.B ] [ \-\-debug
++.I <0/1/2/3/99>
++.B ] [ \-\-no-detach 
++.B ] [ \-\-pid-file 
++.I <filename>
++.B ] [ \-\-local-port
++.I <0-65535>
++.B ] [ \-\-non-inter 
++.B ] [ \-\-udp
++.B ] [ \-\-udp-port <0-65535>
++.B ] [ \-\-disable-natt
++.B ]
++
  
  .SH "DESCRIPTION"
  .PP
@@ -18,7 +54,16 @@
  \fBvpnc\fR is a 
  VPN client for the Cisco 3000 VPN  Concentrator,  creating  a IPSec-like
  connection as a tunneling network device for the local system. It uses
-@@ -57,26 +54,17 @@
+@@ -20,7 +47,7 @@
+ on BSD. The created connection is presented as a tunneling network
+ device to the local system.
+ .PP
+-The vpnc daemon by it self does not set any routes, the user (or
++The vpnc daemon by itself does not set any routes, the user (or
+ the connect script, see below) has to do it on its own, e.g. for a full
+ tunnel with IP routing under Linux. Further, the user must care about
+ setting a minimal route to the gateway to not cut the essential
+@@ -30,26 +57,17 @@
  command (see \-\-script) to configure the interface and care about the
  route setup. By default, only a simple ifconfig command is executed.
  .PP
@@ -50,26 +95,20 @@
  .IP "- prompting the user if not found above"
  
  .PP
-@@ -104,66 +92,66 @@
- IP or host name of your IPSec gateway
+@@ -73,18 +91,87 @@
+ for security reasons) or be stored in a configuration file.
+ 
  
- .IP "\-\-id <ASCII string>"
-- Your group name in <ASCII string>
++.IP "\-\-gateway <ip/hostname>"
++IP or host name of your IPSec gateway
++
++.IP "\-\-id <ASCII string>"
 +Your group name in <ASCII string>
-       
- .IP "\-\-username <ASCII string>"
--  Your username
++      
++.IP "\-\-username <ASCII string>"
 +Your username
- 
- .IP "\-\-script <command>"
--  The <command> specified here is executed when the connection has been
--  established, in order to configure the interface, routing and so on.
--  Device name, IP, etc. are passed using enviroment variables, see
--  README. This script is executed right after ISAKMP is done, but befor
--  tunneling is enabled. Some environment variables are set and can be
--  used for the detail configuration. Default command: ifconfig $TUNDEV
--  inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask
--  255.255.255.255 mtu 1412 up
++
++.IP "\-\-script <command>"
 +The <command> specified here is executed when the connection has been
 +established, in order to configure the interface, routing and so on.
 +Device name, IP, etc. are passed using enviroment variables, see
@@ -78,62 +117,67 @@
 +are set and can be used for the detail configuration. Default command: ifconfig
 +$TUNDEV inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask
 +255.255.255.255 mtu 1412 up.
- 
- .IP "\-\-domain <ASCII string>"
--  Domain name for authentication, sometimes needed for authentification
--  against Windows NT domains.
++
++.IP "\-\-domain <ASCII string>"
 +Domain name for authentication, sometimes needed for authentification
 +against Windows NT domains.
- 
- .IP "\-\-dh <dh1/dh2/dh5>"
--  Name of the IKE DH Group (default: dh2)
++
++.IP "\-\-dh <dh1/dh2/dh5>"
 +Name of the IKE DH Group (default: dh2).
- 
- .IP "\-\-pfs <nopfs/dh1/dh2/dh5/server>"
--  Diffie-Hellman group to use for PFS, one of nopfs, dh1, dh2, dh5 or
--  server (default: server).
++
++.IP "\-\-pfs <nopfs/dh1/dh2/dh5/server>"
 +Diffie-Hellman group to use for PFS, one of nopfs, dh1, dh2, dh5 or
 +server (default: server).
- 
- .IP "\-\-enable\-1des"
-- Enables weak Single DES encryption
++
++.IP "\-\-enable\-1des"
 +Enables weak Single DES encryption.
- 
- .IP "\-\-application\-version <ASCII string>"
-- Application Version to report to the server when identifying ourself
-- (default: Cisco Systems VPN Client <vpnc-version>)
++
++.IP "\-\-application\-version <ASCII string>"
 +Application Version to report to the server when identifying ourself
 +(default: Cisco Systems VPN Client <vpnc-version>).
- 
- .IP "\-\-ifname <ASCII string>"
-- The virtual name of the Linux network interface assigned to the tunnel
-- endpoint
++
++.IP "\-\-ifname <ASCII string>"
 +The virtual name of the network interface assigned to the tunnel
-+endpoint (default: first available tunX).
- 
- .IP "\-\-debug <0/1/2/3/99>"
--  Show verbose debug messages with different verbosity levels
++endpoint (default: first available tunX). [Linux only]
++
++.IP "\-\-debug <0/1/2/3/99>"
 +Show verbose debug messages with different verbosity levels.
- 
- .IP "\-\-no\-detach"
-- Don't detach from the console (go to background) after login
++A level 99 transscript contains username and password, so
++do NEVER give those files away (use debug 3 instead).
++
++.IP "\-\-no\-detach"
 +Don't detach from the console (go to background) after login.
- 
- .IP "\-\-pid\-file <filename>"
-- Store the pid of background process in a file
++
++.IP "\-\-pid\-file <filename>"
 +Store the pid of background process in a file.
- 
- .IP "\-\-local-port <0-65535>"
--  Local ISAKMP port number to use (0 == use random port, 500 is default)
++
++.IP "\-\-local-port <0-65535>"
 +Local ISAKMP port number to use (0 == use random port, 500 is default).
- 
- .IP "\-\-non-inter"
-- Don't ask anything, exit on missing options
++
++.IP "\-\-non-inter"
 +Don't ask anything, exit on missing options.
- 
++
  .IP "\-\-print\-config"
 - Prints your configuration; output can be used as vpnc.conf
 +Prints your configuration; output can be used as vpnc.conf.
++
++.IP "\-\-udp"
++Use Cisco-UDP encapsulation of IPSEC traffic.
++
++.IP "\-\-udp-port"
++Local UDP Encapsulation Port number to use (0 == use random port)
++
++.IP "\-\-disable-natt"
++Disable use of NAT-T
++
++.IP "\-\-xauth-inter"
++Enable interactive extended authentification (for challenge
++response auth).
++
+ 
+-See output of
+-.B vpnc \-\-long\-help
+-for a complete description
  
  .SH FILES
 -.I /etc/vpnc.conf
@@ -145,7 +189,7 @@
  .B IPSec secret
  and
  .B Xauth password
-@@ -175,7 +163,7 @@
+@@ -96,7 +183,7 @@
  for further details.
  .RE
  
@@ -154,7 +198,31 @@
  .RS
  The vpnc\-connect will read configuration files in this directory when
  the config script name (without .conf) is specified on the command line.
-@@ -234,8 +222,8 @@
+@@ -129,7 +216,7 @@
+ See also the
+ .B \-\-print\-config
+ option to generate a config file, and the example file in the package
+-documentation directory where more advanced usage is demonstrated.
++documentation directory where more advanced usage is described.
+ 
+ Advanced features like manual setting of multiple target routes is
+ documented in the example files of the vpnc package.
+@@ -143,18 +230,17 @@
+ 
+ .SH AUTHOR
+ This man-page has been written by Eduard Bloch <blade(at)debian.org> and
+-Christian Lackas <delta(at)lackas.net>, based on vpnc README by
+-Maurice Massar <vpnc(at)unix\-ag.uni\-kl.de>.
+-Permission is
+-granted to copy, distribute and/or modify this document under
+-the terms of the GNU General Public License, Version 2 any 
+-later version published by the Free Software Foundation.
++Christian Lackas <delta(at)lackas.net>, based on the vpnc README by
++Maurice Massar <vpnc(at)unix\-ag.uni\-kl.de> and his source code.
++Permission is granted to copy, distribute and/or modify this document
++under the terms of the GNU General Public License, Version 2 any later
++version published by the Free Software Foundation.
+ .PP
  On Debian systems, the complete text of the GNU General Public
  License can be found in /usr/share/common\-licenses/GPL.
  .SH "SEE ALSO"
diff --git a/security/vpnc/files/patch-vpnc.c b/security/vpnc/files/patch-vpnc.c
deleted file mode 100644
index be304a82e0cc..000000000000
--- a/security/vpnc/files/patch-vpnc.c
+++ /dev/null
@@ -1,13 +0,0 @@
---- vpnc.c.dist	Mon May  3 14:13:05 2004
-+++ vpnc.c	Mon May  3 14:13:41 2004
-@@ -2162,8 +2162,8 @@
-     else
-       read_config_file (argv[i], config, 0);
- 
--  read_config_file ("/etc/vpnc/default.conf", config, 1);
--  read_config_file ("/etc/vpnc.conf", config, 1);
-+  read_config_file ("%%PREFIX%%/etc/vpnc/default.conf", config, 1);
-+  read_config_file ("%%PREFIX%%/etc/vpnc.conf", config, 1);
- 
-   if (!print_config) {
-     if (!config[CONFIG_IKE_DH])
author	Volker Stolz <vs@FreeBSD.org>	2004-11-18 12:22:50 +0000
committer	Volker Stolz <vs@FreeBSD.org>	2004-11-18 12:22:50 +0000
commit	7b7c507c614caf371b89ec608c8a87d4426df271 (patch)
tree	21f476044df409268d2ee58945cb0b69acf26629 /security/vpnc
parent	6124812a40d5040c8662e4d299c7794c864a861c (diff)