aboutsummaryrefslogtreecommitdiff
path: root/security/ipsec-tools
Commit message (Collapse)AuthorAgeFilesLines
* all: Remove all other $FreeBSD keywords.Mathieu Arnold2021-04-061-2/+0
|
* Remove # $FreeBSD$ from Makefiles.Mathieu Arnold2021-04-061-1/+0
|
* security/ipsec-tool: minor port cleanupEugene Grosbein2020-11-131-9/+4
| | | | | | | | | Remove non-existing configure options --enable-debug and --with-pkgversion. Remove option NATTF that changed --enable-natt=yes to --enable-natt=kernel that is exactly same for FreeBSD releases since 8.0-RELEASE. Notes: svn path=/head/; revision=555023
* Update devel/automake to 1.16.2.Tijl Coosemans2020-04-263-55/+12
| | | | | | | | | | | | mail/bogofilter security/ipsec-tools: Patch Makefile.in instead of Makefile.am so automake is not required. PR: 245599 Approved by: portmgr (antoine) Exp-run by: antoine Notes: svn path=/head/; revision=532998
* Clean up support for FreeBSD 11.2.Rene Ladan2019-11-071-2/+2
| | | | | | | | | | | | | | While here, modernize some comments in Mk/bsd.*.mk. Note that graphics/drm-fbsd11.2-kmod is not renamed yet, this was somewhat under discussion. Submitted by: rene Reviewed by: antoine, jbeich, mat, zeising Differential Revision: https://reviews.freebsd.org/D21974 Notes: svn path=/head/; revision=516983
* security/ipsec-tools: unbreak racoon_create_dirsEugene Grosbein2019-10-102-4/+4
| | | | | | | | | | | | | | | Specifying required_dirs and creating it at prestart stage does not work because required_dirs is checked before running prestart these days. So it fails to start for mfs-based /var even if racoon_create_dirs=YES Unbreak this by replacing "required_dirs" and "mkdir -p" in the racoon_prestart with "install -d" that returns error in case of failure and does nothing if the directory already exists. Reported by: Cybil Courraud <freebsd@cyb.fr> Notes: svn path=/head/; revision=514225
* security/ipsec-tools: fix aggressive mode tunnels with wildcard-psk configEugene Grosbein2019-07-012-2/+24
| | | | | | | | | | | | Wilcard patch exposures existing bug where agressive tunnels using ip addresses for identification were not matching the entry in the PSK file, due to the identifier not being cast to a 'xxx.xxx.xxx.xxx' notation. PR: 203308 Submitted by: andywhite@gmail.com (based on) Notes: svn path=/head/; revision=505537
* security/ipsec-tools: autoload ipsec.ko if possibleEugene Grosbein2019-05-122-5/+9
| | | | | | | | | Check for IPSEC support in kernel and auto-load ipsec.ko if needed while starting racoon except of 11.0-RELEASE that had not IPSEC as a module. Notes: svn path=/head/; revision=501380
* security/ipsec-tools: small correction NATT patchEugene Grosbein2019-03-272-3/+5
| | | | | | | | | This change fixes rare case for "site to site" IPSec tunnel mode when remote peer is behind NAT and has its own LAN behind. Now this works too (previously NATT worked only for single host behind NAT). Notes: svn path=/head/; revision=496938
* Fix build on 12-stable when using OpenSSL from port.Olivier Cochard2019-02-031-3/+3
| | | | | | | | PR: 232169 Submitted by: Michael Grimm <trashcan@ellael.org> Notes: svn path=/head/; revision=492078
* security/ipsec-tools: Only append to BUILD_DEPENDS after bsd.port.pre.mkTobias Kortkamp2019-01-311-1/+1
| | | | Notes: svn path=/head/; revision=491745
* Fix openssl 1.1.1 breakageOlivier Cochard2018-11-253-4/+1090
| | | | | | | | | PR: 232169 Submitted by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at> Obtained from: https://bugs.archlinux.org/task/59734 Notes: svn path=/head/; revision=485900
* security/ipsec-tools: make binary package more usefulEugene Grosbein2018-10-031-3/+3
| | | | | | | | | - enable options ADMINPORT and WCPSKEY by default; - polish NATT_DESC a bit as we have releases past 11.0-STABLE; - bump PORTREVISION. Notes: svn path=/head/; revision=481154
* security/ipsec-tools: add support for multiple if_ipsec(4) interfacesEugene Grosbein2018-08-102-2/+178
| | | | | | | | | | | | | - added patch introducing racoon compatibility with multiple if_ipsec(4) interfaces (*); - MAINTAINER reset due to nearly 3 years maintainer inactivity; - bump PORTREVISION. Submitted by: ae (*) Approved by: vanhu (implicitly) Notes: svn path=/head/; revision=476825
* Fix phase 1 initiation in the racoon daemon after base system change r285204Eugene Grosbein2018-04-292-1/+65
| | | | | | | | | PR: 192774, 222065 Submitted by: Andreas Longwitz <longwitz@incore.de> Approved by: VANHULLEBUS Yvan (maintainer, implicitly) Notes: svn path=/head/; revision=468617
* security/ipsec-tools: fix CVE-2016-10396Eugene Grosbein2018-04-145-1/+228
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. The fix obtained from NetBSD CVS head with a command: cvs diff -D 2017-01-24 -D 2017-09-01 \ src/racoon/handler.h \ src/racoon/isakmp.c \ src/racoon/isakmp_frag.c \ src/racoon/isakmp_inf.c While here, add LICENSE. PR: 225066 Approved by: VANHULLEBUS Yvan (maintainer timeout, 3 months) Obtained from: NetBSD MFH: 2018Q1 Security: CVE-2016-10396 Notes: svn path=/head/; revision=467313
* This patch adds NATT_EXTRA_PATCHES=natt.diff and enables only UDP ↵Eugene Grosbein2017-04-182-3/+157
| | | | | | | | | | | | | | | | | | encapsulation defined in RFC3948. The natt.diff patch contains the following changes: * added support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages; * used NAT address instead of original for SAs created by racoon; * NAT-T keep-alives now sends only by NATed host. Tested with 11.0-STABLE after projects/ipsec merge. PR: 217131 Submitted by: Andrey V. Elsukov Approved by: VANHULLEBUS Yvan (maintainer timeout, 2 months), vsevolod (mentor) Notes: svn path=/head/; revision=438782
* Remove all USE_OPENSSL occurrences.Mathieu Arnold2017-03-151-2/+1
| | | | | | | Sponsored by: Absolight Notes: svn path=/head/; revision=436247
* ${RM} already has -f.Mathieu Arnold2016-10-211-1/+1
| | | | | | | | | | PR: 213570 Submitted by: mat Exp-run by: antoine Sponsored by: Absolight Notes: svn path=/head/; revision=424411
* - Switch to options helpersDmitry Marakasov2015-10-112-177/+29
| | | | | | | | | - Drop 8.x support Approved by: portmgr blanket Notes: svn path=/head/; revision=399091
* Update ipsec-tools with a patch from NetBSD to fix a memory leak.Brad Davis2015-05-192-0/+15
| | | | | | | | | | PR: 200334 (reported in) Submitted by: brd Approved by: bdrewery (mentor, portmgr) MFH: 2015Q2 Notes: svn path=/head/; revision=386793
* security/ipsec-tools: 0.8.1 -> 0.8.2Kurt Jaeger2015-02-065-19/+50
| | | | | | | | | | | | | | | | | | | From ChangeLog: - Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev) - Fix source port selection regression from version 0.8.1 - Various logging improvements - Additional compliance and build fixes From submitter: - extra patch to adding wildcard psk option PR: 196930 Submitted by: Harald Schmalzbauer <bugzilla.freebsd@omnilan.de>, Ed Schouten <ed@80368.nl> Approved by: vanhu (maintainer) Notes: svn path=/head/; revision=378554
* Simplify plistBaptiste Daroussin2014-09-232-13/+3
| | | | | | | Modernize a bit Notes: svn path=/head/; revision=369008
* net/openldap24-*:Tijl Coosemans2014-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Convert to USES=libtool and bump dependent ports - Avoid USE_AUTOTOOLS - Don't use PTHREAD_LIBS - Use MAKE_CMD databases/glom: - Drop :keepla - Add INSTALL_TARGET=install-strip databases/libgda4* databases/libgda5*: - Convert to USES=libtool and bump dependent ports - USES=tar:xz - Use INSTALL_TARGET=install-strip - Use @sample databases/libgdamm: - Drop :keepla - USES=tar:bzip2 - Use INSTALL_TARGET=install-strip databases/libgdamm5: - Add INSTALL_TARGET=install-strip - Drop --enable-static (inherited from old repocopy) devel/anjuta x11-toolkits/py-gnome-extras: - Drop :keepla dns/powerdns dns/powerdns-devel: - Convert to USES=libtool - Add INSTALL_TARGET=install-strip - Disable static modules - Stop creating library symlinks with .0 suffix, not needed for dynamically opened modules mail/dovecot2: - Add USES=libtool mail/dovecot2-pigeonhole: - Drop CONFIGURE_TARGET (incorrect for Dragonfly) - Add USES=libtool and INSTALL_TARGET=install-strip math/gnumeric: - USES=libtool tar:xz Approved by: portmgr (implicit, bump unstaged ports) Notes: svn path=/head/; revision=362835
* - Drop .la files, no dependees require themDmitry Marakasov2014-06-052-4/+2
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=356692
* When linking a library libA with a library libB using libtool, if libB.laTijl Coosemans2014-04-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | exists, libtool will add all libraries libB.la refers to (dependency_libs field) to the linker command line and store them in the dependency_libs field of libA.la. So everything that subsequently links with libA will also link to these extra libraries. This causes too much overlinking. This commit modifies Mk/Uses/libtool.mk so it empties the dependency_libs field in .la libraries during staging. However, because .la libraries have very limited use when dependency_libs is empty it makes sense to completely remove them during staging. So with this commit USES=libtool is modified to remove .la libraries and a new form (USES=libtool:keepla) is introduced in case they need to be kept (dependency_libs is still emptied). PORTREVISION is bumped on all ports with USES=libtool that install .la libraries. Most ports are also changed to add :keepla because .la libraries have to be kept around as long as there are dependent ports with .la libraries that refer to them in their dependency_libs field. In most cases :keepla can be removed again as soon as all dependent ports that install .la libraries have some form of USES=libtool added to their Makefile. PR: ports/188759 Exp-run: bdrewery Approved by: portmgr (bdrewery) Notes: svn path=/head/; revision=351936
* Restore vanhu as maintainer: bounce was due to mail configuration error.Mark Linimon2014-04-221-1/+1
| | | | Notes: svn path=/head/; revision=351846
* Reset vanhu@netasq.com: email bounces.Mark Linimon2014-04-221-1/+1
| | | | Notes: svn path=/head/; revision=351747
* Fix build with clang 3.4Baptiste Daroussin2014-02-171-1/+1
| | | | Notes: svn path=/head/; revision=344766
* Remove CFLAGS unsupported by ancient gcc and just remove -Werror to have the ↵Baptiste Daroussin2014-02-111-3/+3
| | | | | | | | | code build with clang Reported by: olgeni Notes: svn path=/head/; revision=343733
* Fix build with clang,Baptiste Daroussin2014-02-102-3/+9
| | | | | | | | Convert to USES=libtool Strip binaries Notes: svn path=/head/; revision=343652
* security/ipsec-tools: update to 0.8.1William Grzybowski2013-10-293-28/+16
| | | | | | | | | | | | - Update to 0.8.1 [1] - Allow staging [1] - Remove FreeBSD < 8.x message PR: ports/182758 [1] Submitted by: Kurt Jaeger <fbsd-ports opsec.eu> Notes: svn path=/head/; revision=331989
* Add NO_STAGE all over the place in preparation for the staging support (cat: ↵Baptiste Daroussin2013-09-201-0/+1
| | | | | | | security) Notes: svn path=/head/; revision=327769
* - Fix a typo in PORT_OPTIONS conversionAntoine Brodin2013-06-132-1/+3
| | | | | | | - Create configuration directory we try to remove on uninstall Notes: svn path=/head/; revision=320838
* - Convert USE_ICONV=yes to USES=iconvMarcus von Appen2013-04-271-1/+1
| | | | | | | | - Change USE_GNOME=pkgconfig|gnomehack to USES=pathfix|pkgconfig and USE_GETTEXT=yes to USES=gettext while here Notes: svn path=/head/; revision=316683
* Convert vanhu@ ports to new options frameworkBaptiste Daroussin2013-01-091-38/+36
| | | | | | | | | Removed optionnal dependency on the deprecated py-visual for net/scapy Approved by: maintainer (vanhu) Notes: svn path=/head/; revision=310136
* Move the rc.d scripts of the form *.sh.in to *.inDoug Barton2012-08-052-1/+1
| | | | | | | | | Where necessary add $FreeBSD$ to the file No PORTREVISION bump necessary because this is a no-op Notes: svn path=/head/; revision=302141
* Apply utmp patch from ${FILESDIR} (not files) if OSVERSION < 900007Jason Helfman2012-01-251-2/+2
| | | | | | | | Spotted by: Jason Hellenthal <jhell at DataIX.net> Approved by: crees,rene (mentors,implicit) Notes: svn path=/head/; revision=289764
* In the rc.d scripts, change assignments to rcvar to use theDoug Barton2012-01-141-1/+1
| | | | | | | | | | | | | | literal name_enable wherever possible, and ${name}_enable when it's not, to prepare for the demise of set_rcvar(). In cases where I had to hand-edit unusual instances also modify formatting slightly to be more uniform (and in some cases, correct). This includes adding some $FreeBSD$ tags, and most importantly moving rcvar= to right after name= so it's clear that one is derived from the other. Notes: svn path=/head/; revision=289156
* Fix the rc.d script to avoid unconditional code execution,Doug Barton2011-07-212-18/+26
| | | | | | | and various other cleanups. Notes: svn path=/head/; revision=278070
* - Fix startup script rc.d/racoon.Stephen Montgomery-Smith2011-07-192-2/+3
| | | | | | | | | | | - Bump portrevision. PR: ports/148605 Submitted by: John Hein <jhein@symmetricom.com> Approved by: maho (mentor) and vanhu@netasq.com (maintainer) Notes: svn path=/head/; revision=277930
* - update to 0.8.0Florian Smeets2011-03-234-85/+78
| | | | | | | | PR: ports/155883 Submitted by: vanhu (maintainer) Notes: svn path=/head/; revision=271556
* Sync to new bsd.autotools.mkAde Lovett2010-12-041-1/+1
| | | | Notes: svn path=/head/; revision=265663
* Begin the process of deprecating sysutils/rc_subr byDoug Barton2010-03-271-1/+1
| | | | | | | s#. %%RC_SUBR%%#. /etc/rc.subr# Notes: svn path=/head/; revision=251553
* - Mark BROKEN on HEAD: fails to build with new utmpxMartin Wilke2010-03-201-0/+4
| | | | | | | Reported by: pointyhat Notes: svn path=/head/; revision=251275
* - Update to 0.7.3Martin Wilke2009-08-262-4/+4
| | | | | | | | PR: 137966 Submitted by: VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer) Notes: svn path=/head/; revision=240359
* -Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.Jeremy Messenger2009-08-021-1/+1
| | | | | | | | | | | | | | | | | | | | | -Update libtool and libltdl to 2.2.6a. -Remove devel/libtool15 and devel/libltdl15. -Fix ports build with libtool22/libltdl22. -Bump ports that depend on libltdl22 due to shared library version change. -Explain what to do update in the UPDATING. It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop and applications in the runtime. With help: marcus and kwm Pointyhat-exp: a few times by pav Tested by: pgollucci, "Romain Tartière" <romain@blogreen.org>, and a few MarcusCom CVS users. Also, I might have missed a few. Repocopy by: marcus Approved by: portmgr Notes: svn path=/head/; revision=238781
* Fix a few "bad example" problems in the rc.d scripts that have beenDoug Barton2009-07-151-9/+2
| | | | | | | | | | | | | | | | | | | | | | | propogated by copy and paste. 1. Primarily the "empty variable" default assignment, which is mostly ${name}_flags="", but fix a few others as well. 2. Where they are not already documented, add the existence of the _flags (or other deleted empties) option to the comments, and in some cases add comments from scratch. 3. Replace things that look like: prefix=%%PREFIX%% command=${prefix}/sbin/foo to just use %%PREFIX%%. In many cases the $prefix variable is only used once, and in some cases it is not used at all. 4. In a few cases remove ${name}_flags from command_args 5. Remove a long-stale comment about putting the port's rc.d script in /etc/rc.d (which is no longer necessary). No PORTREVISION bumps because all of these changes are noops. Notes: svn path=/head/; revision=237892
* - Update to 0.7.2. This release fixes a remote DoS bug with IKEWesley Shields2009-04-232-4/+4
| | | | | | | | | | fragmentation reassembly. PR: ports/133922 Submitted by: VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer) Notes: svn path=/head/; revision=232588
* Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.Rong-En Fan2008-08-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically, newer autoconf (> 2.13) has different semantic of the configure target. In short, one should use --build=CONFIGURE_TARGET instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning and the old semantic may be removed in later autoconf releases. To workaround this issue, many ports hack the CONFIGURE_TARGET variable so that it contains the ``--build='' prefix. To solve this issue, under the fact that some ports still have configure script generated by the old autoconf, we use runtime detection in the do-configure target so that the proper argument can be used. Changes to Mk/*: - Add runtime detection magic in bsd.port.mk - Remove CONFIGURE_TARGET hack in various bsd.*.mk - USE_GNOME=gnometarget is now an no-op Changes to individual ports, other than removing the CONFIGURE_TARGET hack: = pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables) - comms/gnuradio - science/abinit - science/elmer-fem - science/elmer-matc - science/elmer-meshgen2d - science/elmerfront - science/elmerpost = use x86_64 as ARCH - devel/g-wrap = other changes - print/magicfilter GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf Total # of ports modified: 1,027 Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes) PR: 126524 (obsoletes 52917) Submitted by: rafan Tested on: two pointyhat 7-amd64 exp runs (by pav) Approved by: portmgr (pav) Notes: svn path=/head/; revision=218938
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 22:27:27 +0000