diff options
author | Steve Wills <swills@FreeBSD.org> | 2019-12-16 16:28:32 +0000 |
---|---|---|
committer | Steve Wills <swills@FreeBSD.org> | 2019-12-16 16:28:32 +0000 |
commit | 39dddfb1cf235647806a7ccb04e71e8d9d284cd0 (patch) | |
tree | 4234f01c5a9532f29e8cda40c966c35f92543484 /security | |
parent | 23ca1fa35f6103b6816d7351f4d6096203778b80 (diff) | |
download | ports-39dddfb1cf235647806a7ccb04e71e8d9d284cd0.tar.gz ports-39dddfb1cf235647806a7ccb04e71e8d9d284cd0.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vpnc/Makefile | 12 | ||||
-rw-r--r-- | security/vpnc/files/patch-Makefile | 8 | ||||
-rw-r--r-- | security/vpnc/files/patch-config.c | 10 | ||||
-rw-r--r-- | security/vpnc/files/patch-sysdep.c | 23 | ||||
-rw-r--r-- | security/vpnc/files/patch-sysdep.h | 20 | ||||
-rw-r--r-- | security/vpnc/files/patch-tunip.c | 10 | ||||
-rw-r--r-- | security/vpnc/files/patch-vpnc-script.in | 10 | ||||
-rw-r--r-- | security/vpnc/files/patch-vpnc.c | 12 |
8 files changed, 73 insertions, 32 deletions
diff --git a/security/vpnc/Makefile b/security/vpnc/Makefile index cd762b843c21..3267f7ea0bf2 100644 --- a/security/vpnc/Makefile +++ b/security/vpnc/Makefile @@ -3,7 +3,7 @@ PORTNAME= vpnc PORTVERSION= 0.5.3 -PORTREVISION= 13 +PORTREVISION= 14 CATEGORIES= security net-vpn MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ \ LOCAL/ehaupt @@ -11,7 +11,7 @@ MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ \ MAINTAINER= ports@FreeBSD.org COMMENT= Client for Cisco 3000 VPN Concentrator -LICENSE= GPLv2+ BSD2CLAUSE +LICENSE= BSD2CLAUSE GPLv2+ LICENSE_COMB= multi LICENSE_FILE= ${WRKSRC}/COPYING @@ -19,7 +19,7 @@ LIB_DEPENDS= libgcrypt.so:security/libgcrypt \ libgpg-error.so:security/libgpg-error RUN_DEPENDS= vpnc-script:sysutils/vpnc-scripts -USES= shebangfix gmake perl5 +USES= gmake perl5 shebangfix USE_PERL5= build USE_RC_SUBR= vpnc @@ -32,9 +32,9 @@ PORTDOCS= README TODO MAKE_ENV= BINS="${EXTRABUILDS}" -OPTIONS_DEFINE= DECRYPT SSL CISCOVERSION DOCS -OPTIONS_DEFAULT=DECRYPT -OPTIONS_SUB= yes +OPTIONS_DEFINE= CISCOVERSION DECRYPT DOCS SSL +OPTIONS_DEFAULT= DECRYPT +OPTIONS_SUB= yes CISCOVERSION_DESC= Mask linux presentation string CISCOVERSION_CFLAGS= -DCISCO_PATCH_VERSION diff --git a/security/vpnc/files/patch-Makefile b/security/vpnc/files/patch-Makefile index e95c48774770..0f743be4af5e 100644 --- a/security/vpnc/files/patch-Makefile +++ b/security/vpnc/files/patch-Makefile @@ -1,5 +1,5 @@ ---- Makefile.orig 2008-11-19 21:36:12.000000000 +0100 -+++ Makefile 2008-11-24 01:21:22.000000000 +0100 +--- Makefile.orig 2008-11-19 20:36:12 UTC ++++ Makefile @@ -20,15 +20,15 @@ # $Id: Makefile 312 2008-06-15 18:09:42Z Joerg Mayer $ @@ -19,7 +19,7 @@ OBJS = $(addsuffix .o,$(basename $(SRCS))) BINOBJS = $(addsuffix .o,$(BINS)) BINSRCS = $(addsuffix .c,$(BINS)) -@@ -50,9 +50,7 @@ +@@ -50,9 +50,7 @@ RELEASE_VERSION := $(shell cat VERSION) #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION #OPENSSLLIBS = -lcrypto @@ -30,7 +30,7 @@ CFLAGS += $(shell libgcrypt-config --cflags) CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION) LDFLAGS ?= -g -@@ -78,7 +76,7 @@ +@@ -78,7 +76,7 @@ vpnc-script : vpnc-script.in sed -e 's,@''PREFIX''@,$(PREFIX),g' $< > $@ && chmod 755 $@ cisco-decrypt : cisco-decrypt.o decrypt-utils.o diff --git a/security/vpnc/files/patch-config.c b/security/vpnc/files/patch-config.c index 890536b9b17c..98778a45d57b 100644 --- a/security/vpnc/files/patch-config.c +++ b/security/vpnc/files/patch-config.c @@ -1,6 +1,6 @@ ---- config.c.orig 2008-03-06 17:03:57.000000000 +0100 -+++ config.c 2008-03-06 17:14:29.000000000 +0100 -@@ -257,17 +257,36 @@ +--- config.c.orig 2008-11-19 20:36:12 UTC ++++ config.c +@@ -163,17 +163,36 @@ static const char *config_def_auth_mode(void) static const char *config_def_app_version(void) { @@ -43,7 +43,7 @@ } static const char *config_def_pid_file(void) -@@ -538,7 +557,7 @@ +@@ -456,7 +475,7 @@ static char *get_config_filename(const char *name, int { char *realname; @@ -52,7 +52,7 @@ return realname; } -@@ -757,8 +776,8 @@ +@@ -675,8 +694,8 @@ void do_config(int argc, char **argv) } if (!got_conffile) { diff --git a/security/vpnc/files/patch-sysdep.c b/security/vpnc/files/patch-sysdep.c new file mode 100644 index 000000000000..1cccfaea1d3f --- /dev/null +++ b/security/vpnc/files/patch-sysdep.c @@ -0,0 +1,23 @@ +--- sysdep.c.orig 2019-10-03 14:54:58 UTC ++++ sysdep.c +@@ -91,6 +91,20 @@ typedef enum { + } search_if_en; + #endif + ++#ifdef TUNSIFPID ++void tun_claim(int fd) ++{ ++ ++ ioctl(fd, TUNSIFPID, 0); ++} ++#else ++/* Nop; no protocol for doing this */ ++void tun_claim(int fd) ++{ ++ ++} ++#endif ++ + /* + * Allocate TUN/TAP device, returns opened fd. + * Stores dev name in the first arg(must be large enough). diff --git a/security/vpnc/files/patch-sysdep.h b/security/vpnc/files/patch-sysdep.h index 66ef9172bfa3..b76e7ebb0368 100644 --- a/security/vpnc/files/patch-sysdep.h +++ b/security/vpnc/files/patch-sysdep.h @@ -1,16 +1,24 @@ ---- sysdep.h.orig 2008-11-19 21:36:12.000000000 +0100 -+++ sysdep.h 2015-03-03 21:35:27.443313082 +0100 -@@ -75,17 +75,20 @@ +--- sysdep.h.orig 2008-11-19 20:36:12 UTC ++++ sysdep.h +@@ -34,6 +34,7 @@ int tun_open(char *dev, enum if_mode_enum mode); + int tun_close(int fd, char *dev); + int tun_write(int fd, unsigned char *buf, int len); + int tun_read(int fd, unsigned char *buf, int len); ++void tun_claim(int fd); + int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr); + + /***************************************************************************/ +@@ -75,17 +76,20 @@ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr) /***************************************************************************/ #if defined(__FreeBSD_kernel__) #define HAVE_SA_LEN 1 -+/* %%FREEBSD_IPLEN_FIX%% */ ++#define NEED_IPLEN_FIX 1 #endif /***************************************************************************/ #if defined(__FreeBSD__) #define HAVE_SA_LEN 1 -+/* %%FREEBSD_IPLEN_FIX%% */ ++#define NEED_IPLEN_FIX 1 #define HAVE_VASPRINTF 1 #define HAVE_ASPRINTF 1 @@ -21,7 +29,7 @@ #endif /***************************************************************************/ -@@ -97,6 +100,7 @@ +@@ -97,6 +101,7 @@ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr) #define HAVE_FGETLN 1 #define HAVE_UNSETENV 1 #define HAVE_SETENV 1 diff --git a/security/vpnc/files/patch-tunip.c b/security/vpnc/files/patch-tunip.c new file mode 100644 index 000000000000..e23dbc0dc2d2 --- /dev/null +++ b/security/vpnc/files/patch-tunip.c @@ -0,0 +1,10 @@ +--- tunip.c.orig 2019-10-03 14:52:47 UTC ++++ tunip.c +@@ -1058,6 +1058,7 @@ void vpnc_doit(struct sa_block *s) + } else { + printf("VPNC started in foreground...\n"); + } ++ tun_claim(s->tun_fd); + openlog("vpnc", LOG_PID | LOG_PERROR, LOG_DAEMON); + write_pidfile(pidfile); + diff --git a/security/vpnc/files/patch-vpnc-script.in b/security/vpnc/files/patch-vpnc-script.in index cda79a3241a4..5a6b1ccdf813 100644 --- a/security/vpnc/files/patch-vpnc-script.in +++ b/security/vpnc/files/patch-vpnc-script.in @@ -1,6 +1,6 @@ ---- vpnc-script.in.orig 2008-11-19 21:55:51.000000000 +0100 -+++ vpnc-script.in 2011-11-10 22:41:12.000000000 +0100 -@@ -48,8 +48,8 @@ +--- vpnc-script.in.orig 2008-11-19 20:55:51 UTC ++++ vpnc-script.in +@@ -48,8 +48,8 @@ PATH=/sbin:/usr/sbin:$PATH OS="`uname -s`" @@ -11,7 +11,7 @@ FULL_SCRIPTNAME=@PREFIX@/sbin/vpnc SCRIPTNAME=`basename $FULL_SCRIPTNAME` -@@ -73,7 +73,9 @@ +@@ -73,7 +73,9 @@ else route_syntax_netmask="-netmask" fi @@ -22,7 +22,7 @@ MODIFYRESOLVCONF=modify_resolvconf_manager RESTORERESOLVCONF=restore_resolvconf_manager elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1 -@@ -420,11 +422,13 @@ +@@ -420,11 +422,13 @@ do_pre_init() { fi fi elif [ "$OS" = "FreeBSD" ]; then diff --git a/security/vpnc/files/patch-vpnc.c b/security/vpnc/files/patch-vpnc.c index 5cf6a41ef88a..93024ecd86c4 100644 --- a/security/vpnc/files/patch-vpnc.c +++ b/security/vpnc/files/patch-vpnc.c @@ -1,6 +1,6 @@ ---- vpnc.c.orig 2008-11-19 21:55:51.000000000 +0100 -+++ vpnc.c 2017-11-10 13:09:32.996639000 +0100 -@@ -1160,8 +1160,11 @@ +--- vpnc.c.orig 2008-11-19 20:55:51 UTC ++++ vpnc.c +@@ -1160,8 +1160,11 @@ static void lifetime_ike_process(struct sa_block *s, s value = a->next->u.attr_16; else if (a->next->af == isakmp_attr_lots && a->next->u.lots.length == 4) value = ntohl(*((uint32_t *) a->next->u.lots.data)); @@ -14,7 +14,7 @@ DEBUG(2, printf("got ike lifetime attributes: %d %s\n", value, (a->u.attr_16 == IKE_LIFE_TYPE_SECONDS) ? "seconds" : "kilobyte")); -@@ -1578,6 +1581,19 @@ +@@ -1578,6 +1581,19 @@ static void do_phase1_am(const char *key_id, const cha seen_natd_them = 1; } break; @@ -34,7 +34,7 @@ default: DEBUG(1, printf("rejecting invalid payload type %d\n", rp->type)); reject = ISAKMP_N_INVALID_PAYLOAD_TYPE; -@@ -2861,28 +2877,34 @@ +@@ -2861,28 +2877,34 @@ static void do_phase2_qm(struct sa_block *s) free(dh_shared_secret); free_isakmp_packet(r); @@ -86,7 +86,7 @@ } s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1; -@@ -3224,9 +3246,14 @@ +@@ -3224,9 +3246,14 @@ void process_late_ike(struct sa_block *s, uint8_t *r_p */ /* FIXME: any cleanup needed??? */ |